openRuyi-tutorials/buildroot
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/systemd: bump to 258.3

Browse Source 
Removed patch that fixed building with libseccomp and old kernel headers
as systemd has fixed that upstream now.

Notable changes:
  - Add -Dlibmount=enabled to host and target build. Disabling this
    option disables building most of systemd's tools apart from
    libsystemd.

  - remove gcrypt and gnutls from dependencies and build options.
    openssl is the only supported crypto library now.

  - Disable nspawn build for host variant and add a Config.in option
    for the target variant.

  - systemd now requires kernel >= 5.4 while the recommended kernel
    version moved to >=5.7. This make systemd depend on
    BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_4, removing various dependencies
    on older kernel header versions from sub options.

  - The sha256sum of LICENSES/README.md changed due to various
    license clarification, removal of some vendored files as well as
    changing some file paths. Licensing did not actually change.

For changelog, see:
https://github.com/systemd/systemd/blob/v258.3/NEWS

Tested with `./support/testing/run-tests tests.init.test_systemd`
All tests passed

One of the tests now needs a bigger rootfs size.

Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
[Peter: fix check-package warnings]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Marcus Hoffmann
2026-02-03 14:44:56 +01:00
committed by Peter Korsgaard
parent 41eb6620f4
commit c38d7326e0
6 changed files with 39 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
package/systemd/0001-nspawn-seccomp-only-add-bpf-syscall-to-seccomp-allow.patch
View File

@@ -1,46 +0,0 @@
From e6ab723c96b91e7c4c495fcef0654102fac26570 Mon Sep 17 00:00:00 2001
From: Marcus Hoffmann <bubu@bubu1.eu>
Date: Mon, 2 Feb 2026 18:26:19 +0100
Subject: [PATCH] nspawn-seccomp: only add bpf syscall to seccomp allowlist if
headers define CAP_BPF
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When building systemd with kernel headers < 5.8 (which added CAP_BPF) it fails with:
../src/nspawn/nspawn-seccomp.c: In function add_syscall_filters:
../src/nspawn/nspawn-seccomp.c:114:19: error: CAP_BPF undeclared (first use in this function)
114 | { CAP_BPF, "bpf", },
| ^~~~~~~
../src/nspawn/nspawn-seccomp.c:114:19: note: each undeclared identifier is reported only once for each function it appears in
If the kernel headers don't define CAP_BPF, it's likely that the running
kernel doesn't know about this capability either, so we can assume that
we'd never allow this syscall anyway.
So if CAP_BPF isn't defined, just skip this allow_list entry entirely.
Signed-off-by: Marcus Hoffmann <bubu@bubu1.eu>
Upstream: N/A - fixed in systemd >= 258 by introducing vendored kernel headers for this use-casea
---
src/nspawn/nspawn-seccomp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c
index 6956689ab5..aaac6085b6 100644
--- a/src/nspawn/nspawn-seccomp.c
+++ b/src/nspawn/nspawn-seccomp.c
@@ -108,7 +108,9 @@ static int add_syscall_filters(
{ CAP_SYS_BOOT, "reboot" },
{ CAP_SYSLOG, "syslog" },
{ CAP_SYS_TTY_CONFIG, "vhangup" },
+#ifdef CAP_BPF
{ CAP_BPF, "bpf", },
+# endif
/*
* The following syscalls and groups are knowingly excluded:
--
2.52.0

40
package/systemd/Config.in
View File

@@ -21,7 +21,7 @@ menuconfig BR2_PACKAGE_SYSTEMD
depends on !BR2_STATIC_LIBS # kmod depends on !BR2_STATIC_LIBS # kmod
depends on BR2_TOOLCHAIN_USES_GLIBC depends on BR2_TOOLCHAIN_USES_GLIBC
depends on BR2_TOOLCHAIN_HAS_SSP depends on BR2_TOOLCHAIN_HAS_SSP
depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_15 depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_4
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_8 depends on BR2_TOOLCHAIN_GCC_AT_LEAST_8
depends on BR2_HOST_GCC_AT_LEAST_8 # host-systemd depends on BR2_HOST_GCC_AT_LEAST_8 # host-systemd
select BR2_ROOTFS_MERGED_USR select BR2_ROOTFS_MERGED_USR
@@ -54,13 +54,11 @@ menuconfig BR2_PACKAGE_SYSTEMD
an elaborate transactional dependency-based service control an elaborate transactional dependency-based service control
logic. It can work as a drop-in replacement for sysvinit. logic. It can work as a drop-in replacement for sysvinit.
Kernel versions below 5.4 ("recommended baseline") have Kernel versions below 5.7 ("recommended baseline") have
significant gaps in functionality and are not recommended significant gaps in functionality and are not recommended
for use with this version of systemd. (e.g. lack race-free for use with this version of systemd.
process tracking by pidfd, systemd-networkd, and new mount
API support).
Systemd requires a Linux kernel >= 3.15 with the following Systemd requires a Linux kernel >= 5.4 with the following
options enabled: options enabled:
- CONFIG_DEVTMPFS - CONFIG_DEVTMPFS
@@ -94,10 +92,10 @@ menuconfig BR2_PACKAGE_SYSTEMD
The selection of other packages will enable some features: The selection of other packages will enable some features:
- acl package will add support for multi-seat. - acl package will add support for multi-seat.
- xz and/or l4 packages will add compression support in - bzip, lz4, xz,and/or zstd packages will add compression
journal and coredump. support in journal and coredump.
- libcurl package will add support for systemd-journal-upload. - libcurl package will add support for systemd-journal-upload.
- libgcrypt package will add support for journal sealing and - openssl package will add support for journal sealing and
DNSSEC verification in resolved. DNSSEC verification in resolved.
Notice that systemd selects the fsck wrapper from util-linux Notice that systemd selects the fsck wrapper from util-linux
@@ -246,7 +244,6 @@ config BR2_PACKAGE_SYSTEMD_HOMED
depends on BR2_USE_MMU # cryptsetup -> lvm2 depends on BR2_USE_MMU # cryptsetup -> lvm2
depends on !BR2_STATIC_LIBS # cryptsetup -> lvm2 depends on !BR2_STATIC_LIBS # cryptsetup -> lvm2
depends on BR2_TOOLCHAIN_HAS_SYNC_4 # cryptsetup -> json-c depends on BR2_TOOLCHAIN_HAS_SYNC_4 # cryptsetup -> json-c
depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_12 # fscrypt_key
select BR2_PACKAGE_CRYPTSETUP select BR2_PACKAGE_CRYPTSETUP
select BR2_PACKAGE_OPENSSL select BR2_PACKAGE_OPENSSL
select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL
@@ -257,11 +254,11 @@ config BR2_PACKAGE_SYSTEMD_HOMED
https://www.freedesktop.org/software/systemd/man/systemd-homed.service.html https://www.freedesktop.org/software/systemd/man/systemd-homed.service.html
comment "homed support needs a toolchain w/ threads, dynamic library, kernel headers >= 4.12" comment "homed support needs a toolchain w/ threads, dynamic library"
depends on BR2_USE_MMU depends on BR2_USE_MMU
depends on BR2_TOOLCHAIN_HAS_SYNC_4 depends on BR2_TOOLCHAIN_HAS_SYNC_4
depends on !BR2_TOOLCHAIN_HAS_THREADS || \ depends on !BR2_TOOLCHAIN_HAS_THREADS || \
BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_12 BR2_STATIC_LIBS
config BR2_PACKAGE_SYSTEMD_HOSTNAMED config BR2_PACKAGE_SYSTEMD_HOSTNAMED
bool "enable hostname daemon" bool "enable hostname daemon"
@@ -285,9 +282,8 @@ config BR2_PACKAGE_SYSTEMD_HWDB
config BR2_PACKAGE_SYSTEMD_IMPORTD config BR2_PACKAGE_SYSTEMD_IMPORTD
bool "enable import daemon" bool "enable import daemon"
depends on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS # libgcrypt
select BR2_PACKAGE_LIBCURL select BR2_PACKAGE_LIBCURL
select BR2_PACKAGE_LIBGCRYPT select BR2_PACKAGE_OPENSSL
select BR2_PACKAGE_XZ select BR2_PACKAGE_XZ
select BR2_PACKAGE_ZLIB select BR2_PACKAGE_ZLIB
help help
@@ -336,6 +332,14 @@ config BR2_PACKAGE_SYSTEMD_MACHINED
https://www.freedesktop.org/software/systemd/man/systemd-machined.service.html https://www.freedesktop.org/software/systemd/man/systemd-machined.service.html
config BR2_PACKAGE_SYSTEMD_NSPAWN
bool "enable nspawn"
help
systemd-nspawn is a tool to spawn a command or OS in
a lightweight container.
https://www.freedesktop.org/software/systemd/man/latest/systemd-nspawn.html
config BR2_PACKAGE_SYSTEMD_NSRESOURCED config BR2_PACKAGE_SYSTEMD_NSRESOURCED
bool "enable nsresourced" bool "enable nsresourced"
help help
@@ -358,8 +362,7 @@ config BR2_PACKAGE_SYSTEMD_MYHOSTNAME
config BR2_PACKAGE_SYSTEMD_NETWORKD config BR2_PACKAGE_SYSTEMD_NETWORKD
bool "enable network manager" bool "enable network manager"
default y if BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_4 default y
depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_4
help help
systemd-networkd is a system service that manages networks. systemd-networkd is a system service that manages networks.
It detects and configures network devices as they appear, as It detects and configures network devices as they appear, as
@@ -370,9 +373,6 @@ config BR2_PACKAGE_SYSTEMD_NETWORKD
https://www.freedesktop.org/software/systemd/man/systemd-networkd.html https://www.freedesktop.org/software/systemd/man/systemd-networkd.html
comment "systemd-networkd needs a toolchain with kernel headers >= 5.4"
depends on !BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_4
config BR2_PACKAGE_SYSTEMD_OOMD config BR2_PACKAGE_SYSTEMD_OOMD
bool "enable out-of-memory killer" bool "enable out-of-memory killer"
help help
@@ -481,8 +481,6 @@ config BR2_PACKAGE_SYSTEMD_SMACK_SUPPORT
Control Kernel, a minimal approach to Access Control Control Kernel, a minimal approach to Access Control
implemented as a kernel LSM. implemented as a kernel LSM.
This feature requires a kernel >= 3.8.
When this feature is enabled, Systemd mounts smackfs and When this feature is enabled, Systemd mounts smackfs and
manages security labels for sockets. manages security labels for sockets.

4
package/systemd/systemd.hash
View File

@@ -1,5 +1,5 @@
# sha256 locally computed # sha256 locally computed
sha256 5a2f477e6268630f6e2829c7bb3e442017549798a4122635817934eaa0c6ac10 systemd-257.10.tar.gz sha256 a800facc2effb509bff67700ce1224da96a36fb658e29e03c843fb74fa1edbdc systemd-258.3.tar.gz
sha256 ac4985facb553559981f507982444d779115e3e3a4c8b7847ae956198490c1b3 LICENSE.GPL2 sha256 ac4985facb553559981f507982444d779115e3e3a4c8b7847ae956198490c1b3 LICENSE.GPL2
sha256 6d9bb3b7fc818a8facc4cc296060a0883fef8710d6498f86165335846e82ee9d LICENSE.LGPL2.1 sha256 6d9bb3b7fc818a8facc4cc296060a0883fef8710d6498f86165335846e82ee9d LICENSE.LGPL2.1
sha256 c9e7bf5b7c243c719b8b43c36158effb9b54c5e80abc9d82e4b2d4b2a4aa64ad LICENSES/alg-sha1-public-domain.txt sha256 c9e7bf5b7c243c719b8b43c36158effb9b54c5e80abc9d82e4b2d4b2a4aa64ad LICENSES/alg-sha1-public-domain.txt
@@ -13,4 +13,4 @@ sha256 8a6fc0879cecc0b96bf4c08159b9d733bf0f15fcf32879aec98c4ffd05424554 LICENS
sha256 b85dcd3e453d05982552c52b5fc9e0bdd6d23c6f8e844b984a88af32570b0cc0 LICENSES/MIT.txt sha256 b85dcd3e453d05982552c52b5fc9e0bdd6d23c6f8e844b984a88af32570b0cc0 LICENSES/MIT.txt
sha256 2a98749f6bec00dfaed86fa9c1edea871aaae4f11ee4d100b671aaf4ce353a73 LICENSES/murmurhash2-public-domain.txt sha256 2a98749f6bec00dfaed86fa9c1edea871aaae4f11ee4d100b671aaf4ce353a73 LICENSES/murmurhash2-public-domain.txt
sha256 1a7adaa2c86cedfd6c7f5c0c7c72fd6d3e02cd0c9593f21fdb53c89bb2b130ec LICENSES/OFL-1.1.txt sha256 1a7adaa2c86cedfd6c7f5c0c7c72fd6d3e02cd0c9593f21fdb53c89bb2b130ec LICENSES/OFL-1.1.txt
sha256 768ecb25cb1e6e41672fc655571f45ba46a3f03fcbc6ab56c7a09ac5928eb37b LICENSES/README.md sha256 bce1d2e9bad517b493168b37604c5d02a7fb638b4d1b9fc730adafa06c603456 LICENSES/README.md

33
package/systemd/systemd.mk
View File

@@ -19,7 +19,7 @@
# - Diff sysusers.d with the previous version # - Diff sysusers.d with the previous version
# - Diff factory/etc/nsswitch.conf with the previous version # - Diff factory/etc/nsswitch.conf with the previous version
# (details are often sprinkled around in README and manpages) # (details are often sprinkled around in README and manpages)
SYSTEMD_VERSION = 257.10 SYSTEMD_VERSION = 258.3
SYSTEMD_SITE = $(call github,systemd,systemd,v$(SYSTEMD_VERSION)) SYSTEMD_SITE = $(call github,systemd,systemd,v$(SYSTEMD_VERSION))
SYSTEMD_LICENSE = \ SYSTEMD_LICENSE = \
LGPL-2.1+, \ LGPL-2.1+, \
@@ -107,7 +107,8 @@ SYSTEMD_CONF_OPTS += \
-Dbpf-framework=disabled \ -Dbpf-framework=disabled \
-Dvmlinux-h=disabled \ -Dvmlinux-h=disabled \
-Dumount-path=/usr/bin/umount \ -Dumount-path=/usr/bin/umount \
-Dxenctrl=disabled -Dxenctrl=disabled \
-Dlibmount=enabled
SYSTEMD_CFLAGS = $(TARGET_CFLAGS) SYSTEMD_CFLAGS = $(TARGET_CFLAGS)
ifeq ($(BR2_OPTIMIZE_FAST),y) ifeq ($(BR2_OPTIMIZE_FAST),y)
@@ -267,13 +268,6 @@ else
SYSTEMD_CONF_OPTS += -Dlibcurl=disabled SYSTEMD_CONF_OPTS += -Dlibcurl=disabled
endif endif
ifeq ($(BR2_PACKAGE_LIBGCRYPT),y)
SYSTEMD_DEPENDENCIES += libgcrypt
SYSTEMD_CONF_OPTS += -Dgcrypt=enabled
else
SYSTEMD_CONF_OPTS += -Dgcrypt=disabled
endif
ifeq ($(BR2_PACKAGE_P11_KIT),y) ifeq ($(BR2_PACKAGE_P11_KIT),y)
SYSTEMD_DEPENDENCIES += p11-kit SYSTEMD_DEPENDENCIES += p11-kit
SYSTEMD_CONF_OPTS += -Dp11kit=enabled SYSTEMD_CONF_OPTS += -Dp11kit=enabled
@@ -567,6 +561,12 @@ else
SYSTEMD_CONF_OPTS += -Dsysupdate=disabled SYSTEMD_CONF_OPTS += -Dsysupdate=disabled
endif endif
ifeq ($(BR2_PACKAGE_SYSTEMD_NSPAWN),y)
SYSTEMD_CONF_OPTS += -Dnspawn=enabled
else
SYSTEMD_CONF_OPTS += -Dnspawn=disabled
endif
ifeq ($(BR2_PACKAGE_SYSTEMD_NETWORKD),y) ifeq ($(BR2_PACKAGE_SYSTEMD_NETWORKD),y)
SYSTEMD_CONF_OPTS += -Dnetworkd=true SYSTEMD_CONF_OPTS += -Dnetworkd=true
SYSTEMD_NETWORKD_USER = systemd-network -1 systemd-network -1 * - - - systemd Network Management SYSTEMD_NETWORKD_USER = systemd-network -1 systemd-network -1 * - - - systemd Network Management
@@ -595,22 +595,11 @@ endif
ifeq ($(BR2_PACKAGE_LIBOPENSSL),y) ifeq ($(BR2_PACKAGE_LIBOPENSSL),y)
SYSTEMD_CONF_OPTS += \ SYSTEMD_CONF_OPTS += \
-Dgnutls=disabled \
-Dopenssl=enabled \
-Ddns-over-tls=openssl \ -Ddns-over-tls=openssl \
-Ddefault-dns-over-tls=opportunistic -Ddefault-dns-over-tls=opportunistic
SYSTEMD_DEPENDENCIES += openssl SYSTEMD_DEPENDENCIES += openssl
else ifeq ($(BR2_PACKAGE_GNUTLS),y)
SYSTEMD_CONF_OPTS += \
-Dgnutls=enabled \
-Dopenssl=disabled \
-Ddns-over-tls=gnutls \
-Ddefault-dns-over-tls=opportunistic
SYSTEMD_DEPENDENCIES += gnutls
else else
SYSTEMD_CONF_OPTS += \ SYSTEMD_CONF_OPTS += \
-Dgnutls=disabled \
-Dopenssl=disabled \
-Ddns-over-tls=false \ -Ddns-over-tls=false \
-Ddefault-dns-over-tls=no -Ddefault-dns-over-tls=no
endif endif
@@ -1015,7 +1004,9 @@ HOST_SYSTEMD_CONF_OPTS = \
-Dp11kit=disabled \ -Dp11kit=disabled \
-Dlibfido2=disabled \ -Dlibfido2=disabled \
-Dpcre2=disabled \ -Dpcre2=disabled \
-Dsysupdated=disabled -Dsysupdated=disabled \
-Dnspawn=disabled \
-Dlibmount=enabled
HOST_SYSTEMD_DEPENDENCIES = \ HOST_SYSTEMD_DEPENDENCIES = \
$(BR2_COREUTILS_HOST_DEPENDENCY) \ $(BR2_COREUTILS_HOST_DEPENDENCY) \

1
support/testing/tests/init/test_systemd.py
View File

@@ -210,6 +210,7 @@ class TestInitSystemSystemdRwFull(InitSystemSystemdBase):
BR2_PACKAGE_SYSTEMD_SYSUSERS=y BR2_PACKAGE_SYSTEMD_SYSUSERS=y
BR2_PACKAGE_SYSTEMD_VCONSOLE=y BR2_PACKAGE_SYSTEMD_VCONSOLE=y
BR2_TARGET_ROOTFS_EXT2=y BR2_TARGET_ROOTFS_EXT2=y
BR2_TARGET_ROOTFS_EXT2_SIZE="120M"
""" """
def test_run(self): def test_run(self):

10
system/Config.in
View File

@@ -123,24 +123,24 @@ config BR2_INIT_SYSTEMD
depends on BR2_TOOLCHAIN_USES_GLIBC depends on BR2_TOOLCHAIN_USES_GLIBC
depends on BR2_TOOLCHAIN_HAS_SSP depends on BR2_TOOLCHAIN_HAS_SSP
depends on BR2_TOOLCHAIN_HAS_THREADS depends on BR2_TOOLCHAIN_HAS_THREADS
depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_15 depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_4
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_8 depends on BR2_TOOLCHAIN_GCC_AT_LEAST_8
depends on BR2_HOST_GCC_AT_LEAST_8 depends on BR2_HOST_GCC_AT_LEAST_8
select BR2_PACKAGE_SYSTEMD select BR2_PACKAGE_SYSTEMD
select BR2_PACKAGE_SKELETON_INIT_SYSTEMD if BR2_ROOTFS_SKELETON_DEFAULT select BR2_PACKAGE_SKELETON_INIT_SYSTEMD if BR2_ROOTFS_SKELETON_DEFAULT
comment "systemd needs a glibc toolchain w/ SSP, headers >= 3.15, host and target gcc >= 8" comment "systemd needs a glibc toolchain w/ SSP, headers >= 5.4, host and target gcc >= 8"
depends on BR2_PACKAGE_SYSTEMD_ARCH_SUPPORTS depends on BR2_PACKAGE_SYSTEMD_ARCH_SUPPORTS
depends on BR2_USE_MMU depends on BR2_USE_MMU
depends on !BR2_TOOLCHAIN_USES_GLIBC || \ depends on !BR2_TOOLCHAIN_USES_GLIBC || \
!BR2_TOOLCHAIN_HAS_SSP || \ !BR2_TOOLCHAIN_HAS_SSP || \
!BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_15 || \ !BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_4 || \
!BR2_TOOLCHAIN_GCC_AT_LEAST_8 || \ !BR2_TOOLCHAIN_GCC_AT_LEAST_8 || \
!BR2_HOST_GCC_AT_LEAST_8 !BR2_HOST_GCC_AT_LEAST_8
comment "systemd highly recommends Linux >= 4.15" comment "systemd highly recommends Linux >= 5.7"
depends on BR2_INIT_SYSTEMD depends on BR2_INIT_SYSTEMD
depends on !BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_15 depends on !BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_7
comment "Special purpose (read help)" comment "Special purpose (read help)"