diff options
Diffstat (limited to 'meta/recipes-core/systemd/systemd_250.5.bb')
| -rw-r--r-- | meta/recipes-core/systemd/systemd_250.5.bb | 36 |
1 files changed, 26 insertions, 10 deletions
diff --git a/meta/recipes-core/systemd/systemd_250.5.bb b/meta/recipes-core/systemd/systemd_250.5.bb index 006b2f86ea..4d520c85f3 100644 --- a/meta/recipes-core/systemd/systemd_250.5.bb +++ b/meta/recipes-core/systemd/systemd_250.5.bb @@ -25,6 +25,15 @@ SRC_URI += "file://touchscreen.rules \ file://0003-implment-systemd-sysv-install-for-OE.patch \ file://0001-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch \ file://0001-resolve-Use-sockaddr-pointer-type-for-bind.patch \ + file://CVE-2022-3821.patch \ + file://CVE-2022-45873.patch \ + file://0001-shared-json-allow-json_variant_dump-to-return-an-err.patch \ + file://CVE-2022-4415-1.patch \ + file://CVE-2022-4415-2.patch \ + file://0001-network-remove-only-managed-configs-on-reconfigure-o.patch \ + file://0001-nspawn-make-sure-host-root-can-write-to-the-uidmappe.patch \ + file://CVE-2023-7008.patch \ + file://fix-vlan-qos-mapping.patch \ " # patches needed by musl @@ -165,6 +174,7 @@ PACKAGECONFIG[manpages] = "-Dman=true,-Dman=false,libxslt-native xmlto-native do PACKAGECONFIG[microhttpd] = "-Dmicrohttpd=true,-Dmicrohttpd=false,libmicrohttpd" PACKAGECONFIG[myhostname] = "-Dnss-myhostname=true,-Dnss-myhostname=false,,libnss-myhostname" PACKAGECONFIG[networkd] = "-Dnetworkd=true,-Dnetworkd=false" +PACKAGECONFIG[no-dns-fallback] = "-Ddns-servers=" PACKAGECONFIG[nss] = "-Dnss-systemd=true,-Dnss-systemd=false" PACKAGECONFIG[nss-mymachines] = "-Dnss-mymachines=true,-Dnss-mymachines=false" PACKAGECONFIG[nss-resolve] = "-Dnss-resolve=true,-Dnss-resolve=false" @@ -217,7 +227,7 @@ rootlibdir ?= "${base_libdir}" rootlibexecdir = "${rootprefix}/lib" EXTRA_OEMESON += "-Dnobody-user=nobody \ - -Dnobody-group=nobody \ + -Dnobody-group=nogroup \ -Drootlibdir=${rootlibdir} \ -Drootprefix=${rootprefix} \ -Ddefault-locale=C \ @@ -387,11 +397,13 @@ SYSTEMD_PACKAGES = "${@bb.utils.contains('PACKAGECONFIG', 'binfmt', '${PN}-binfm SYSTEMD_SERVICE:${PN}-binfmt = "systemd-binfmt.service" USERADD_PACKAGES = "${PN} ${PN}-extra-utils \ + udev \ ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-gatewayd', '', d)} \ ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-remote', '', d)} \ ${@bb.utils.contains('PACKAGECONFIG', 'journal-upload', '${PN}-journal-upload', '', d)} \ " GROUPADD_PARAM:${PN} = "-r systemd-journal;" +GROUPADD_PARAM:udev = "-r render;-r sgx;" GROUPADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', '-r systemd-hostname;', '', d)}" USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /sbin/nologin systemd-coredump;', '', d)}" USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '--system -d / -M --shell /sbin/nologin systemd-network;', '', d)}" @@ -429,9 +441,9 @@ FILES:${PN}-binfmt = "${sysconfdir}/binfmt.d/ \ ${rootlibexecdir}/systemd/systemd-binfmt \ ${systemd_system_unitdir}/proc-sys-fs-binfmt_misc.* \ ${systemd_system_unitdir}/systemd-binfmt.service" -RRECOMMENDS:${PN}-binfmt = "kernel-module-binfmt-misc" +RRECOMMENDS:${PN}-binfmt = "${@bb.utils.contains('PACKAGECONFIG', 'binfmt', 'kernel-module-binfmt-misc', '', d)}" -RRECOMMENDS:${PN}-vconsole-setup = "kbd kbd-consolefonts kbd-keymaps" +RRECOMMENDS:${PN}-vconsole-setup = "${@bb.utils.contains('PACKAGECONFIG', 'vconsole', 'kbd kbd-consolefonts kbd-keymaps', '', d)}" FILES:${PN}-journal-gatewayd = "${rootlibexecdir}/systemd/systemd-journal-gatewayd \ @@ -765,21 +777,25 @@ ALTERNATIVE_LINK_NAME[runlevel] = "${base_sbindir}/runlevel" ALTERNATIVE_PRIORITY[runlevel] ?= "300" pkg_postinst:${PN}:libc-glibc () { - sed -e '/^hosts:/s/\s*\<myhostname\>//' \ - -e 's/\(^hosts:.*\)\(\<files\>\)\(.*\)\(\<dns\>\)\(.*\)/\1\2 myhostname \3\4\5/' \ - -i $D${sysconfdir}/nsswitch.conf + if ${@bb.utils.contains('PACKAGECONFIG', 'myhostname', 'true', 'false', d)}; then + sed -e '/^hosts:/s/\s*\<myhostname\>//' \ + -e 's/\(^hosts:.*\)\(\<files\>\)\(.*\)\(\<dns\>\)\(.*\)/\1\2 myhostname \3\4\5/' \ + -i $D${sysconfdir}/nsswitch.conf + fi } pkg_prerm:${PN}:libc-glibc () { - sed -e '/^hosts:/s/\s*\<myhostname\>//' \ - -e '/^hosts:/s/\s*myhostname//' \ - -i $D${sysconfdir}/nsswitch.conf + if ${@bb.utils.contains('PACKAGECONFIG', 'myhostname', 'true', 'false', d)}; then + sed -e '/^hosts:/s/\s*\<myhostname\>//' \ + -e '/^hosts:/s/\s*myhostname//' \ + -i $D${sysconfdir}/nsswitch.conf + fi } PACKAGE_WRITE_DEPS += "qemu-native" pkg_postinst:udev-hwdb () { if test -n "$D"; then - $INTERCEPT_DIR/postinst_intercept update_udev_hwdb ${PKG} mlprefix=${MLPREFIX} binprefix=${MLPREFIX} rootlibexecdir="${rootlibexecdir}" PREFERRED_PROVIDER_udev="${PREFERRED_PROVIDER_udev}" + $INTERCEPT_DIR/postinst_intercept update_udev_hwdb ${PKG} mlprefix=${MLPREFIX} binprefix=${MLPREFIX} rootlibexecdir="${rootlibexecdir}" PREFERRED_PROVIDER_udev="${PREFERRED_PROVIDER_udev}" base_bindir="${base_bindir}" else udevadm hwdb --update fi |