The upstream default, DNSSEC=allow-downgrade can lead to compatibility
issues with certain network access points. Previously, DNSSEC support
was only turned off when built for a stable Debian release, but it is
safer and more consistent to just generally change the default to
DNSSEC=no.
Closes: #959996
The new systemd-timesyncd package conflicting with other NTP-related
packages resolves the problems arising when installing systemd-timesyncd
and other NTP servers on the same system.
Co-authored-by: Michael Biebl <biebl@debian.org>
LP: #1849156Closes: #805927, #947936
Since v243, the new upstream default is unified, but this still causes
regressions in important packages, like LXC or Docker, so switch the
default back to hybrid for now.
By default this var is empty and so will have no effect, but adding it
to the deb/udeb configure line allows upstream tests to pass custom meson
params, and since it's passed last in the line of different CONFFLAGS_*
its values will override any previously set params.
This can be used either by Ubuntu CI, or by Semaphore CI, to pass custom
meson params without having to sed-edit the rules file.
Upstream CI was switched to use the experimental branch, so let's revert
this commit in master to keep the changes for buster minimal.
This reverts commit 0a67c4bc15.
Gbp-Dch: Ignore
When removing duplicate directories from the systemd package, sort the
list of directories in reverse order so we properly delete nested
directories.
Running debdiff shows the following result:
Files in first .deb but not in second
-------------------------------------
drwxr-xr-x root/root /etc/udev/
drwxr-xr-x root/root /usr/lib/systemd/tests/
drwxr-xr-x root/root /usr/lib/systemd/tests/testdata/
Those empty directories clearly do not belong into systemd package.
Setting -fPIE globally can lead to miscompilations on certain
architectures. Instead use the b_pie=true build option, which was
introduced in meson 0.49. Bump the Build-Depends accordingly.
Closes: #909396
In v240, systemd bumped fs.nr_open in PID 1 to the highest possible
value. Processes that are spawned directly by systemd, will have
RLIMIT_NOFILE be set to 512K (hard).
pam_limits in Debian defaults to "set_all", i.e. for limits which are
not explicitly configured in /etc/security/limits.conf, the value from
PID 1 is taken, which means for login sessions, RLIMIT_NOFILE is set to
the highest possible value instead of 512K. Not every software is able
to deal with such an RLIMIT_NOFILE properly.
While this is arguably a questionable default in Debian's pam_limit,
work around this problem by not bumping fs.nr_open in PID 1.
Closes: #917167
Support both PACKAGE_VERSION and PROJECT_VERSION for now.
PACKAGE_VERSION and the tr mangling can be dropped when a version with
this change lands in Debian.
See https://github.com/systemd/systemd/pull/11230
Gbp-Dch: Ignore
The buildds for the riscv64 arch used at the moment are slow, so increase the
timeouts for this arch by a factor of 10, for good measure.
Closes: #906429
Upstream developers of meson recommend to run it in this way, because "ninja
test" just calls "meson test", and by using meson directly and using extra
command line arguments it is possible to control aspects of how the tests are
run.
For example, it is possible to increase the timeouts depending on the
architecture (for slow buildds), which otherwise it is not possible without
resorting to patch upstream's build files.
For more details, see:
- https://bugs.debian.org/906429
- https://github.com/mesonbuild/meson/issues/2037
"make check" requires a UTF-8 locale to pass the test suite reliably,
e.g. it fails with the C locale. Since we are overriding dh_auto_test we
need to keep setting LC_ALL=UTF.8 ourselves.
This reverts commit 77ad6f3c85.
Upstream PR #8623 introduces resolvectl. Install it (if present) to keep
the upstream tests happy. Once 239 gets released and packaged, this can
be removed again and replaced with adding these to
debian/systemd.install. dh_missing will remind us of that (as it will
fail the build downstream).
Add a helper script debian/extra/make-sysusers-basic which generates a
sysusers.d(5) file from Debian's static master passwd/group files.
systemd 238 now supports specifying different uid and gid and a
non-default login shell, so this is possible now.
Closes: #888126
Use the existing upstream build system instead of a manual call to
`intltool-update` and `xgettext` to build systemd.pot. Remove the now
obsolete intltool build dependency, but still explicitly keep gettext.
- State the gettext package domain "systemd" explicitly, as with the
move to meson it ended up as "untitled.pot"
- Call xgettext to extract strings from polkit *.policy.in files, which
intltool-update ignores.
LP: #1707898
systemd (234-2.2) unstable; urgency=high
* Non-maintainer upload.
* Switch to gcc-6 on all architectures, working around an FTBFS on mips64el,
apparently due to a gcc-7 bug (See: #871514):
- Add gcc-6 to Build-Depends in debian/control
- Export CC = gcc-6 in debian/rules
https://github.com/systemd/systemd/pull/6467 drops
tmpfiles.d/systemd-remote.conf, so it will be gone from 235 on and for upstream
CI. Move this file from dh_install to manual installation when present.
Otherwise meson will be pretty unhappy when trying to process files with
unicode characters. Use C.UTF-8 as this locale is pretty much guaranteed
to be available everywhere.
Drop --with autoreconf and --parallel as those are now enabled by
default.
The systemd sequence is now also enabled by default. We don't strictly
need the additional complexity that comes with init-system-helpers, as
we can just rely on systemctl being available. So use --without systemd
for the time being.
Gbp-Dch: Short
The internet is broken, and debugging the internet with Ubuntu is not
helpful. Too many websites are incorrectly signed with dnssec, and there are
many outstanding bugs upstream and newly reported in Ubuntu as soon as artful
landed with dnssec re-enabled. Ubuntu devel releases are used on day to day
basis and are not experimental enough to break developers'
networking. Re-enabling dnssec should only be considered once existing upstream
and launchpad dnssec bugs are resolved.
LP: #1690605
Gbp-Dch: Short
Both Debian stretch and Ubuntu zesty are close to releasing, switch to
DNSSEC=off by default for those. Users can still turn it back on with
DNSSEC=allow-downgrade (or even "yes").
This requires dbus >= 1.9.18.
Both Debian stretch and Ubuntu 16.04 LTS ship a new enough version so we
shouldn't need a versioned Depends (or versioned Breaks in case of
systemd).
Gbp-Dch: Short
This installs the necessary test data along with the programs and thus
we can greatly reduce the blacklist in debian/tests/root-unittests and
also simplify debian/rules.
Since "init" and thus "systemd" are not part of debootstrap any more,
some buildd chroots don't have an /etc/machine-id any more. Port the old
Add-env-variable-for-machine-ID-path.patch to the current code, use a
local machine-id again, and always make test suite failures fatal.
Closes: #851445
The gold linker is currently producing broken libraries on mips*
resulting in segfaults for users of libsystemd. Switch to bfd until
binutils has been fixed.
Closes: #851412
Backport upstream fix for setting up seccomp filters to fix
RestrictAddressFamilies= on non-amd64 architectures. Drop the hack from
debian/rules to remove this property from unit files.
See #843160
This PR is supposed to fix the issue, so re-enable using seccomp on all
architectures for this PR only. Once that lands and we backport the fix,
that entire hack can be dropped.
Gbp-Dch: Ignore
