This ensures /lib/udev/hwdb.bin gets the correct SELinux context. Having
double slashes in the path makes selabel_lookup_raw() return the wrong
context.
Closes: #851933
This fixes a bug which allowed a remote DoS (daemon crash) via a crafted
DNS response with an empty question section.
Closes: #863277
Fixes: CVE-2017-9217
Drop --with autoreconf and --parallel as those are now enabled by
default.
The systemd sequence is now also enabled by default. We don't strictly
need the additional complexity that comes with init-system-helpers, as
we can just rely on systemctl being available. So use --without systemd
for the time being.
Gbp-Dch: Short
The internet is broken, and debugging the internet with Ubuntu is not
helpful. Too many websites are incorrectly signed with dnssec, and there are
many outstanding bugs upstream and newly reported in Ubuntu as soon as artful
landed with dnssec re-enabled. Ubuntu devel releases are used on day to day
basis and are not experimental enough to break developers'
networking. Re-enabling dnssec should only be considered once existing upstream
and launchpad dnssec bugs are resolved.
LP: #1690605
Gbp-Dch: Short
With this, what we test will be much closer to what we will actually
merge. It also avoids older PRs to now suddenly fail because they are
based against an older HEAD without the meson patches.
systemctl daemon-reload is a quite a heavy operation, it will re-parse
all configuration and re-run all generators. This should only be done
when strictly needed.
The init-function helpers try to cope with an lsb init script being
called *before* the sysv generator has run. Unfortunately that always got
triggered when other script sourced the helpers as there won't be a
service matching them.
Resolve this by only potentially reloading the daemon when preparing to
redirect.
Closes: #861158
Native journal messages (_TRANSPORT=journal) typically don't have a
syslog facility attached to it. As a result when forwarding the
messages to syslog they ended up with facility 0 (LOG_KERN).
Apply syslog_fixup_facility() so we use LOG_USER instead.
Closes: #837893
Since v183, udev no longer supports RUN+="socket:". This feature is
still used by hal, but now generates vast amounts of errors in the
journal. Thus force the removal of hal by adding a Conflicts to the udev
package. This is safe, as hal is long dead and no longer useful.
Both Debian stretch and Ubuntu zesty are close to releasing, switch to
DNSSEC=off by default for those. Users can still turn it back on with
DNSSEC=allow-downgrade (or even "yes").
This delays opening the mdns and llmnr sockets until a network has enabled them.
This silences annoying messages when networkd receives such packets without
expecting them:
Got mDNS UDP packet on unknown scope.
Ideally, plymouth should only be referenced via dependencies, not
ExecStartPre. This at least avoids the confusing error message on
minimal installations that do not carry plymouth.
Compiling against the dm-ioctl.h header as provided by the Linux kernel
will embed the DM interface version number. Running an older kernel can
lead to errors on shutdown when trying to detach DM devices.
As a workaround, build against a local copy of dm-ioctl.h based on 3.13,
which is the minimum required version to support DM_DEFERRED_REMOVE.
Closes: #856337
https://github.com/systemd/systemd/pull/5555 will introduce a version
check to determine whether we build for a polkit version which only
supoprts *.pkla files. Make polkit-gobject-1.pc available during build
to ensure that we continue to ship the *.pkla policies.
It has its own autopkgtest and needs some special preparation. At some
point that should be merged into root-unittests, but let's quickfix this
to unbreak upstream CI.
Stop testing for specific versions. This is no longer necessary as even
the versions in jessie satisfy those requirements.
Also, run the code on upgrades only. Trying to do that on new installs
(even if there is state from a removed but not purged systemd package)
is rather pointless, as systemctl will not be available at this point.
Instead run the code only on new installations. There might still be
cases where users migrate from sysvinit to systemd, so we don't want to
drop it yet.
