poky: subtree update:9294bc4bb4..488e39b623
Alejandro Hernandez Samaniego (1):
sstate.bbclass: Split sstate summary into locally and network found artifacts
Alexander Kanavin (1):
selftest/reproducible: track unusued entries in the exclusion list
Andrei Gherzan (1):
oe/recipeutils: Fix copying patches when BBLAYERS entries are not normalised
Anthony Bagwell (1):
kernel-fitimage: fix dtbo support for fit images
Anuj Mittal (38):
git: upgrade 2.30.0 -> 2.30.1
glib-2.0: upgrade 2.66.4 -> 2.66.7
help2man: upgrade 1.47.16 -> 1.48.1
libevdev: upgrade 1.10.1 -> 1.11.0
stress-ng: upgrade 0.12.02 -> 0.12.03
vte: upgrade 0.62.1 -> 0.62.2
x264: upgrade to latest revision
createrepo-c: upgrade 0.16.2 -> 0.17.0
libuv: upgrade 1.40.0 -> 1.41.0
piglit: upgrade to latest revision
pigz: upgrade 2.4 -> 2.6
python3-git: upgrade 3.1.12 -> 3.1.13
sysstat: upgrade 12.4.2 -> 12.4.3
python3-hypothesis: upgrade 6.0.2 -> 6.2.0
python3-more-itertools: upgrade 8.6.0 -> 8.7.0
python3-numpy: upgrade 1.20.0 -> 1.20.1
python3-pygments: upgrade 2.7.4 -> 2.8.0
python3-pytest: upgrade 6.2.1 -> 6.2.2
python3-setuptools: upgrade 52.0.0 -> 53.0.0
psmisc: upgrade 23.3 -> 23.4
gtk+3: upgrade 3.24.24 -> 3.24.25
lighttpd: upgrade 1.4.58 -> 1.4.59
libwebp: upgrade 1.1.0 -> 1.2.0
libcap: upgrade 2.47 -> 2.48
libxt: upgrade 1.2.0 -> 1.2.1
sysklogd: upgrade 2.1.2 -> 2.2.1
cmake: upgrade 3.19.3 -> 3.19.5
curl: upgrade 7.74.0 -> 7.75.0
diffoscope: upgrade 164 -> 166
libfm-extra: upgrade 1.3.1 -> 1.3.2
pcmanfm: upgrade 1.3.1 -> 1.3.2
json-glib: upgrade 1.6.0 -> 1.6.2
mesa: upgrade 20.3.2 -> 20.3.4
kmscube: upgrade to latest revision
btrfs-tools: upgrade 5.10 -> 5.10.1
man-db: upgrade 2.9.3 -> 2.9.4
asciidoc: fix upstream check
linux-yocto: update genericx86* to v5.4.94
Bruce Ashfield (6):
linux-yocto-rt/5.10: update to -rt25
linux-yocto/5.10: update to v5.10.14
linux-yocto/5.4: update to v5.4.96
linux-yocto/5.10: update to v5.10.16
linux-yocto/5.4: update to v5.4.98
linux-yocto-dev: bump version to v5.11+
Jan-Simon Möller (2):
oe-selftests: add rpm to reproducible build selftest
package_rpm: Enable use_source_date_epoch_as_buildtime in package_rpm class
Jose Quaresma (5):
spirv-tools: disable tests
spirv-tools: build all libaries as shared
glslang: generate glslang pkg-config
glslang: add comment about unversioned libraries
shaderc: remove the receipe configure hack and use a patch for that
Joshua Watt (7):
libomxil: Fix up commercial license flag
weston: remoting backend requires GStreamer base plugins
oeqa: reproducible: Fix SSTATE_MIRRORS variable
oeqa: reproducible: Add more logging
bitbake: contrib: Add Dockerfile for building hash server
bison: Fix up file name mapping
acpica: Fix reproducibility issues
Khem Raj (8):
tcf-agent: Fix build on riscv32
security_flags.inc: Add same O<level> as in SELECTED_OPTIMIZATION
autoconf: Add missing perl modules to rdeps
gdb: Drop SIGRTMIN definition patch
musl: Update to latest master
go: Update to 1.15.8
ruby: Do not use ucontext implementation for coroutines on musl/riscv
libunwind: Disable for riscv
Konrad Weihmann (1):
cmake: set CMAKE_EXPORT_NO_PACKAGE_REGISTRY
Luca Boccassi (1):
systemd: add hostname fallback when polkit is not available
Marek Vasut (1):
weston-init: Fix weston-keyboard path in weston.ini
Michael Halstead (1):
yocto-uninative.inc: version 3.0 incorporate seccomp filter workaround
Oleksandr Kravchuk (2):
cryptodev: upgrade to 1.12
tar: update to 1.34
Richard Purdie (31):
pseudo: Update for rename and faccessat fixes
nativesdk-buildtools-perl-dummy: Add new autoconf dependencies
selftest/reproducible: Sort the unused exclusion list
selftest/reproducible: Remove no longer needed exclusions
pseudo: Update to include fixes for glibc 2.33
bitbake: bitbake-worker/runqueue: Add support for BB_DEFAULT_UMASK
bitbake: bitbake: Bump version to 1.49.2
systemd: Simplify mount error patch
bitbake.conf: Set as default task umask of 022
classes: Drop now unneeded umask flags
cwautomacros: Ensure version is set deterministically
vim: Improve determinism
vim: Fix a race over creation of the desktop files
package_manager/deb: Fix image generation with package removal
quilt: Be determnistic about column presence
buildtools-extended-tarball: Add glibc-gconvs needed for build
watchdog: Fix determinism issue from sendmail host path
watchdog: Avoid reproducibility failures after fixing build
xorg-fonts-minimal: Fix reproducibility
xmlto: Fix reproducibility
selftest/reproducible: Update exclusions
distutils3-base: Fix after native packaging changes
subversion: upgrade 1.14.0 -> 1.14.1
python3-jinja2: upgrade 2.11.2 -> 2.11.3
systemd: Drop unneeded musl patches
qemu: Refresh mmap fixes patch status/content
Revert "oe-selftests: add rpm to reproducible build selftest"
local.conf.sample.extended: Bring back into sync with OE-Core
xorg-minimal-fonts: Really fix determinism
git: Fix determinism issue
groff: Fix determinism issue
Ross Burton (2):
glibc: add workaround for faccessat2 being blocked by seccomp filters
rootfs_deb: handle aarch64 SDK_ARCH
Suji Velupillai (1):
ffmpeg: move ffmpeg config into packageconfig
Teoh Jay Shen (1):
oeqa/runlevel : add test for runlevels
Thomas Viehweger (1):
mtd-utils: Remove duplicate assignments to alternative link names
Tomasz Dziendzielski (1):
bitbake: event: Prevent bitbake from executing event handler for wrong multiconfig target
Vivien Didelot (2):
local.conf.sample.extended: fix double 'of' typo
local.conf.sample.extended: prefer INIT_MANAGER
Wes Lindauer (1):
df.py: Add feature check for read-only-rootfs
Yi Fan Yu (2):
valgrind: Disable ptest nlcontrolc for x86-64
valgrind: Remove reference to non-existent ptests
Yoann Congal (1):
npm.bbclass: avoid building target nodejs for native npm recipes
akuster (1):
connman: update to 1.39
Revert "libpam: remove unused code"
This reverts commit e5b5c38a76bbf3f56353954bdc65fa8736ed76bf.
This is needed for the backported libpam support
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ia802c1f09ccbd2967e01098edb059e72ee670ad8
diff --git a/poky/meta/recipes-core/systemd/systemd_247.3.bb b/poky/meta/recipes-core/systemd/systemd_247.3.bb
index b1a38ba..59e000f 100644
--- a/poky/meta/recipes-core/systemd/systemd_247.3.bb
+++ b/poky/meta/recipes-core/systemd/systemd_247.3.bb
@@ -16,6 +16,8 @@
SRC_URI += "file://touchscreen.rules \
file://00-create-volatile.conf \
+ ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'file://org.freedesktop.hostname1_no_polkit.conf', '', d)} \
+ ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'file://00-hostnamed-network-user.conf', '', d)} \
file://init \
file://99-default.preset \
file://systemd-pager.sh \
@@ -51,8 +53,6 @@
file://0020-Fix-incompatible-pointer-type-struct-sockaddr_un.patch \
file://0021-test-json.c-define-M_PIl.patch \
file://0022-do-not-disable-buffer-in-writing-files.patch \
- file://0023-Include-sys-wait.h.patch \
- file://0024-Include-signal.h.patch \
file://0025-Handle-__cpu_mask-usage.patch \
file://0026-Handle-missing-gshadow.patch \
"
@@ -166,6 +166,10 @@
PACKAGECONFIG[pam] = "-Dpam=true,-Dpam=false,libpam,${PAM_PLUGINS}"
PACKAGECONFIG[pcre2] = "-Dpcre2=true,-Dpcre2=false,libpcre2"
PACKAGECONFIG[polkit] = "-Dpolkit=true,-Dpolkit=false"
+# If polkit is disabled and networkd+hostnamed are in use, enabling this option and
+# using dbus-broker will allow networkd to be authorized to change the
+# hostname without acquiring additional privileges
+PACKAGECONFIG[polkit_hostnamed_fallback] = ",,,,dbus-broker,polkit"
PACKAGECONFIG[portabled] = "-Dportabled=true,-Dportabled=false"
PACKAGECONFIG[qrencode] = "-Dqrencode=true,-Dqrencode=false,qrencode,,qrencode"
PACKAGECONFIG[quotacheck] = "-Dquotacheck=true,-Dquotacheck=false"
@@ -308,6 +312,15 @@
fi
fi
+ # If polkit is not available and a fallback was requested, install a drop-in that allows networkd to
+ # request hostname changes via DBUS without elevating its privileges
+ if ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'true', 'false', d)}; then
+ install -d ${D}${systemd_unitdir}/system/systemd-hostnamed.service.d/
+ install -m 0644 ${WORKDIR}/00-hostnamed-network-user.conf ${D}${systemd_unitdir}/system/systemd-hostnamed.service.d/
+ install -d ${D}${datadir}/dbus-1/system.d/
+ install -m 0644 ${WORKDIR}/org.freedesktop.hostname1_no_polkit.conf ${D}${datadir}/dbus-1/system.d/
+ fi
+
# create link for existing udev rules
ln -s ${base_bindir}/udevadm ${D}${base_sbindir}/udevadm
@@ -372,7 +385,8 @@
${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-remote', '', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'journal-upload', '${PN}-journal-upload', '', d)} \
"
-GROUPADD_PARAM_${PN} = "-r systemd-journal"
+GROUPADD_PARAM_${PN} = "-r systemd-journal;"
+GROUPADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', '-r systemd-hostname;', '', d)}"
USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /sbin/nologin systemd-coredump;', '', d)}"
USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '--system -d / -M --shell /sbin/nologin systemd-network;', '', d)}"
USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit', '--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd;', '', d)}"
@@ -591,6 +605,7 @@
${datadir}/dbus-1/system.d/org.freedesktop.network1.conf \
${datadir}/dbus-1/system.d/org.freedesktop.resolve1.conf \
${datadir}/dbus-1/system.d/org.freedesktop.systemd1.conf \
+ ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', '${datadir}/dbus-1/system.d/org.freedesktop.hostname1_no_polkit.conf', '', d)} \
${datadir}/dbus-1/system.d/org.freedesktop.hostname1.conf \
${datadir}/dbus-1/system.d/org.freedesktop.login1.conf \
${datadir}/dbus-1/system.d/org.freedesktop.timesync1.conf \