systemd: Apply a bunch of upstream fixes

For all changes relative to v203, see https://github.com/edolstra/systemd/tree/nixos-v203. Fixes #1072.
2013-10-14 11:53:17 +02:00 · 2013-10-14 11:53:17 +02:00 · d55b8a10ee
commit d55b8a10ee
parent 3ae18ebcad
15 changed files with 762 additions and 528 deletions
--- a/pkgs/os-specific/linux/systemd/0001-Make-systemctl-daemon-reexec-do-the-right-thing-on-N.patch
+++ b/pkgs/os-specific/linux/systemd/0001-Make-systemctl-daemon-reexec-do-the-right-thing-on-N.patch
@ -1,26 +0,0 @@
-From 8f861550827e750fb56954c3f91a2f565abb42bb Mon Sep 17 00:00:00 2001
-From: Eelco Dolstra <eelco.dolstra@logicblox.com>
-Date: Tue, 8 Jan 2013 15:44:33 +0100
-Subject: [PATCH 01/11] Make "systemctl daemon-reexec" do the right thing on
- NixOS
-
---
- src/core/main.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/core/main.c b/src/core/main.c
-index 7fc06be..7575223 100644
--- a/src/core/main.c
-+++ b/src/core/main.c
-@@ -1857,7 +1857,7 @@ finish:
-                         char_array_0(sfd);
- 
-                         i = 0;
-                        args[i++] = SYSTEMD_BINARY_PATH;
-+                        args[i++] = "/run/current-system/systemd/lib/systemd/systemd";
-                         if (switch_root_dir)
-                                 args[i++] = "--switched-root";
-                         args[i++] = arg_running_as == SYSTEMD_SYSTEM ? "--system" : "--user";
-- 
-1.8.3.4
-
--- a/pkgs/os-specific/linux/systemd/0002-Ignore-duplicate-paths-in-systemctl-start.patch
+++ b/pkgs/os-specific/linux/systemd/0002-Ignore-duplicate-paths-in-systemctl-start.patch
@ -1,25 +0,0 @@
-From 2afcee0b4da066fb5f8fc00b749d88f5bd9df3d3 Mon Sep 17 00:00:00 2001
-From: Eelco Dolstra <eelco.dolstra@logicblox.com>
-Date: Tue, 8 Jan 2013 15:45:01 +0100
-Subject: [PATCH 02/11] Ignore duplicate paths in "systemctl start"
-
---
- src/systemctl/systemctl.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
-index 3cca861..16791a2 100644
--- a/src/systemctl/systemctl.c
-+++ b/src/systemctl/systemctl.c
-@@ -1867,7 +1867,7 @@ static int start_unit_one(
-                         return log_oom();
- 
-                 r = set_consume(s, p);
-                if (r < 0) {
-+                if (r < 0 && r != -EEXIST) {
-                         log_error("Failed to add path to set.");
-                         return r;
-                 }
-- 
-1.8.3.4
-
--- a/pkgs/os-specific/linux/systemd/0003-Start-device-units-for-uninitialised-encrypted-devic.patch
+++ b/pkgs/os-specific/linux/systemd/0003-Start-device-units-for-uninitialised-encrypted-devic.patch
@ -1,32 +0,0 @@
-From b288ca7d376e3a78368a2b59529ebe5ba812babf Mon Sep 17 00:00:00 2001
-From: Eelco Dolstra <eelco.dolstra@logicblox.com>
-Date: Tue, 8 Jan 2013 15:46:30 +0100
-Subject: [PATCH 03/11] Start device units for uninitialised encrypted devices
-
-This is necessary because the NixOS service that initialises the
-filesystem depends on the appearance of the device unit.  Also, this
-makes more sense to me: the device is ready; it's the filesystem
-that's not, but taking care of that is the responsibility of the mount
-unit.  (However, this ignores the fsck unit, so it's not perfect...)
---
- rules/99-systemd.rules.in | 4 ----
- 1 file changed, 4 deletions(-)
-
-diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in
-index d17bdd9..040b10e 100644
--- a/rules/99-systemd.rules.in
-+++ b/rules/99-systemd.rules.in
-@@ -14,10 +14,6 @@ KERNEL=="vport*", TAG+="systemd"
- SUBSYSTEM=="block", KERNEL!="ram*|loop*", TAG+="systemd"
- SUBSYSTEM=="block", KERNEL!="ram*|loop*", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0"
- 
-# Ignore encrypted devices with no identified superblock on it, since
-# we are probably still calling mke2fs or mkswap on it.
-SUBSYSTEM=="block", KERNEL!="ram*|loop*", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0"
-
- # Ignore raid devices that are not yet assembled and started
- SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", TEST!="md/array_state", ENV{SYSTEMD_READY}="0"
- SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", ATTR{md/array_state}=="|clear|inactive", ENV{SYSTEMD_READY}="0"
-- 
-1.8.3.4
-
--- a/pkgs/os-specific/linux/systemd/0004-Set-switch-to-configuration-hints-for-some-units.patch
+++ b/pkgs/os-specific/linux/systemd/0004-Set-switch-to-configuration-hints-for-some-units.patch
@ -1,74 +0,0 @@
-From 7a498e661f3d111fa09700a6cfa62cfd6733b1cc Mon Sep 17 00:00:00 2001
-From: Eelco Dolstra <eelco.dolstra@logicblox.com>
-Date: Tue, 8 Jan 2013 15:48:19 +0100
-Subject: [PATCH 04/11] Set switch-to-configuration hints for some units
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Target units like local-fs.target need ‘X-StopOnReconfiguration=yes’
-to ensure dependencies *on* that target properly take into account the
-dependencies *of* the target.
-
-‘X-RestartIfChanged=no’ is necessary for systemd-journald.service
-because restarting it causes services connected to journald to stop
-logging.
-
-‘X-RestartIfChanged=no’ is necessary for systemd-user-sessions.service
-to prevent all user sessions from being killed when this unit changes.
---
- units/local-fs.target                  | 2 ++
- units/remote-fs.target                 | 2 ++
- units/systemd-journald.service.in      | 5 +++++
- units/systemd-user-sessions.service.in | 3 +++
- 4 files changed, 12 insertions(+)
-
-diff --git a/units/local-fs.target b/units/local-fs.target
-index 18c3d74..a09054c 100644
--- a/units/local-fs.target
-+++ b/units/local-fs.target
-@@ -11,3 +11,5 @@ Documentation=man:systemd.special(7)
- After=local-fs-pre.target
- OnFailure=emergency.target
- OnFailureIsolate=no
-+
-+X-StopOnReconfiguration=yes
-diff --git a/units/remote-fs.target b/units/remote-fs.target
-index 09213e8..47b4cf5 100644
--- a/units/remote-fs.target
-+++ b/units/remote-fs.target
-@@ -10,5 +10,7 @@ Description=Remote File Systems
- Documentation=man:systemd.special(7)
- After=remote-fs-pre.target
- 
-+X-StopOnReconfiguration=yes
-+
- [Install]
- WantedBy=multi-user.target
-diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
-index ab2e50c..9563a7d 100644
--- a/units/systemd-journald.service.in
-+++ b/units/systemd-journald.service.in
-@@ -24,3 +24,8 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG C
- # Increase the default a bit in order to allow many simultaneous
- # services being run since we keep one fd open per service.
- LimitNOFILE=16384
-+
-+# Don't restart journald, since that causes services connected to
-+# journald to stop logging (see
-+# https://bugs.freedesktop.org/show_bug.cgi?id=56043).
-+X-RestartIfChanged=no
-diff --git a/units/systemd-user-sessions.service.in b/units/systemd-user-sessions.service.in
-index 0869e73..b6ed958 100644
--- a/units/systemd-user-sessions.service.in
-+++ b/units/systemd-user-sessions.service.in
-@@ -15,3 +15,6 @@ Type=oneshot
- RemainAfterExit=yes
- ExecStart=@rootlibexecdir@/systemd-user-sessions start
- ExecStop=@rootlibexecdir@/systemd-user-sessions stop
-+
-+# Restart kills all active sessions.
-+X-RestartIfChanged=no
-- 
-1.8.3.4
-
--- a/pkgs/os-specific/linux/systemd/0005-sysinit.target-Drop-the-dependency-on-local-fs.targe.patch
+++ b/pkgs/os-specific/linux/systemd/0005-sysinit.target-Drop-the-dependency-on-local-fs.targe.patch
@ -1,33 +0,0 @@
-From e6bbe5fa858bd8196c8e1f264904679e6bda426d Mon Sep 17 00:00:00 2001
-From: Eelco Dolstra <eelco.dolstra@logicblox.com>
-Date: Tue, 8 Jan 2013 15:56:03 +0100
-Subject: [PATCH 05/11] sysinit.target: Drop the dependency on local-fs.target
- and swap.target
-
-Having all services with DefaultDependencies=yes depend on
-local-fs.target is annoying, because some of those services might be
-necessary to mount local filesystems.  For instance, Charon's
-send-keys feature requires sshd to be running in order to receive LUKS
-encryption keys, which in turn requires dhcpcd, and so on.  So we drop
-this dependency (and swap.target as well for consistency).  If
-services require a specific mount, they should use RequiresMountsFor
-in any case.
---
- units/sysinit.target | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/units/sysinit.target b/units/sysinit.target
-index 8f4fb8f..e0f0147 100644
--- a/units/sysinit.target
-+++ b/units/sysinit.target
-@@ -9,6 +9,5 @@
- Description=System Initialization
- Documentation=man:systemd.special(7)
- Conflicts=emergency.service emergency.target
-Wants=local-fs.target swap.target
-After=local-fs.target swap.target emergency.service emergency.target
-+After=emergency.service emergency.target
- RefuseManualStart=yes
-- 
-1.8.3.4
-
--- a/pkgs/os-specific/linux/systemd/0006-Don-t-call-plymouth-quit.patch
+++ b/pkgs/os-specific/linux/systemd/0006-Don-t-call-plymouth-quit.patch
@ -1,38 +0,0 @@
-From 4731a9074538e9e24d2b81fc737917b064e194e6 Mon Sep 17 00:00:00 2001
-From: Eelco Dolstra <eelco.dolstra@logicblox.com>
-Date: Tue, 8 Jan 2013 18:36:28 +0100
-Subject: [PATCH 06/11] Don't call "plymouth quit"
-
-NixOS doesn't use Plymouth (yet).
---
- units/emergency.service.in | 1 -
- units/rescue.service.m4.in | 1 -
- 2 files changed, 2 deletions(-)
-
-diff --git a/units/emergency.service.in b/units/emergency.service.in
-index 442f0e0..6b7eafd 100644
--- a/units/emergency.service.in
-+++ b/units/emergency.service.in
-@@ -15,7 +15,6 @@ Before=shutdown.target
- [Service]
- Environment=HOME=/root
- WorkingDirectory=/root
-ExecStartPre=-/bin/plymouth quit
- ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type "journalctl -xb" to view\\nsystem logs, "systemctl reboot" to reboot, "systemctl default" to try again\\nto boot into default mode.'
- ExecStart=-/sbin/sulogin
- ExecStopPost=@SYSTEMCTL@ --fail --no-block default
-diff --git a/units/rescue.service.m4.in b/units/rescue.service.m4.in
-index 269797a..2c640f4 100644
--- a/units/rescue.service.m4.in
-+++ b/units/rescue.service.m4.in
-@@ -16,7 +16,6 @@ Before=shutdown.target
- [Service]
- Environment=HOME=/root
- WorkingDirectory=/root
-ExecStartPre=-/bin/plymouth quit
- ExecStartPre=-/bin/echo -e 'Welcome to rescue mode! Type "systemctl default" or ^D to enter default mode.\\nType "journalctl -xb" to view system logs. Type "systemctl reboot" to reboot.'
- ExecStart=-/sbin/sulogin
- ExecStopPost=-@SYSTEMCTL@ --fail --no-block default
-- 
-1.8.3.4
-
--- a/pkgs/os-specific/linux/systemd/0007-Ignore-IPv6-link-local-addresses.patch
+++ b/pkgs/os-specific/linux/systemd/0007-Ignore-IPv6-link-local-addresses.patch
@ -1,37 +0,0 @@
-From f0c362873860526579bf9bda216005fd5a0936dd Mon Sep 17 00:00:00 2001
-From: Eelco Dolstra <eelco.dolstra@logicblox.com>
-Date: Mon, 4 Feb 2013 12:41:14 +0100
-Subject: [PATCH 07/11] Ignore IPv6 link-local addresses
-
-Returning IPv6 link-local addresses is a bad idea, because they only
-work if an application connects specifically over the corresponding
-interface.  So you get errors like:
-
-  $ curl -6 http://my-machine/
-  curl: (7) Failed to connect to fe80::d6be:d9ff:fe1b:8477: Invalid argument
-
-To prevent this, this patch filters out link-local addresses.  So if
-you don't have a routable IPv6 address, nss-myhostname will fall back
-to returning ::1.
---
- src/nss-myhostname/netlink.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/nss-myhostname/netlink.c b/src/nss-myhostname/netlink.c
-index b1ef912..4f2ab5c 100644
--- a/src/nss-myhostname/netlink.c
-+++ b/src/nss-myhostname/netlink.c
-@@ -113,6 +113,10 @@ static int read_reply(int fd, struct address **list, unsigned *n_list) {
-                     ifaddrmsg->ifa_scope == RT_SCOPE_NOWHERE)
-                         continue;
- 
-+                if (ifaddrmsg->ifa_family == AF_INET6 &&
-+                    ifaddrmsg->ifa_scope == RT_SCOPE_LINK)
-+                        continue;
-+
-                 if (ifaddrmsg->ifa_flags & IFA_F_DEPRECATED)
-                         continue;
- 
-- 
-1.8.3.4
-
--- a/pkgs/os-specific/linux/systemd/0008-Don-t-try-to-unmount-nix-or-nix-store.patch
+++ b/pkgs/os-specific/linux/systemd/0008-Don-t-try-to-unmount-nix-or-nix-store.patch
@ -1,28 +0,0 @@
-From 0112df74e576dd683c132ec33861b7099dc94454 Mon Sep 17 00:00:00 2001
-From: Eelco Dolstra <eelco.dolstra@logicblox.com>
-Date: Fri, 12 Apr 2013 13:16:57 +0200
-Subject: [PATCH 08/11] Don't try to unmount /nix or /nix/store
-
-They'll still be remounted read-only.
-
-https://github.com/NixOS/nixos/issues/126
---
- src/core/umount.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/core/umount.c b/src/core/umount.c
-index 1e95ad7..9f0e471 100644
--- a/src/core/umount.c
-+++ b/src/core/umount.c
-@@ -435,6 +435,8 @@ static int mount_points_list_umount(MountPoint **head, bool *changed, bool log_e
-                  * anyway, since we are running from it. They have
-                  * already been remounted ro. */
-                 if (path_equal(m->path, "/")
-+                    || path_equal(m->path, "/nix")
-+                    || path_equal(m->path, "/nix/store")
- #ifndef HAVE_SPLIT_USR
-                     || path_equal(m->path, "/usr")
- #endif
-- 
-1.8.3.4
-
--- a/pkgs/os-specific/linux/systemd/0009-Start-ctrl-alt-del.target-irreversibly.patch
+++ b/pkgs/os-specific/linux/systemd/0009-Start-ctrl-alt-del.target-irreversibly.patch
@ -1,27 +0,0 @@
-From ed7c22c76e1399861ec8e0216f08a7f9419eea50 Mon Sep 17 00:00:00 2001
-From: Eelco Dolstra <eelco.dolstra@logicblox.com>
-Date: Tue, 7 May 2013 14:03:13 +0200
-Subject: [PATCH 09/11] Start ctrl-alt-del.target irreversibly
-
-This makes ctrl-alt-del reboots more robust, just like "systemctl
-reboot".
---
- src/core/manager.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/core/manager.c b/src/core/manager.c
-index c7f8f20..0508628 100644
--- a/src/core/manager.c
-+++ b/src/core/manager.c
-@@ -1372,7 +1372,7 @@ static int manager_process_signal_fd(Manager *m) {
- 
-                 case SIGINT:
-                         if (m->running_as == SYSTEMD_SYSTEM) {
-                                manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE);
-+                                manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE_IRREVERSIBLY);
-                                 break;
-                         }
- 
-- 
-1.8.3.4
-
--- a/pkgs/os-specific/linux/systemd/0010-Fix-CPUShares-configuration-option.patch
+++ b/pkgs/os-specific/linux/systemd/0010-Fix-CPUShares-configuration-option.patch
@ -1,27 +0,0 @@
-From 687e657cd320cb4d4ae442e3529ae9571108bb6e Mon Sep 17 00:00:00 2001
-From: Eelco Dolstra <eelco.dolstra@logicblox.com>
-Date: Fri, 24 May 2013 13:34:53 -0400
-Subject: [PATCH 10/11] Fix CPUShares configuration option
-
-This fixes the error message "Unknown or unsupported cgroup attribute
-CPUShares".
---
- src/core/cgroup-semantics.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/core/cgroup-semantics.c b/src/core/cgroup-semantics.c
-index 82b02bb..7df9d01 100644
--- a/src/core/cgroup-semantics.c
-+++ b/src/core/cgroup-semantics.c
-@@ -255,7 +255,7 @@ static int map_blkio(const CGroupSemantics *s, const char *value, char **ret) {
- }
- 
- static const CGroupSemantics semantics[] = {
-        { "cpu",     "cpu.shares",                 "CPUShare",              false, parse_cpu_shares,          NULL,       NULL },
-+        { "cpu",     "cpu.shares",                 "CPUShares",             false, parse_cpu_shares,          NULL,       NULL },
-         { "memory",  "memory.soft_limit_in_bytes", "MemorySoftLimit",       false, parse_memory_limit,        NULL,       NULL },
-         { "memory",  "memory.limit_in_bytes",      "MemoryLimit",           false, parse_memory_limit,        NULL,       NULL },
-         { "devices", "devices.allow",              "DeviceAllow",           true,  parse_device,              map_device, NULL },
-- 
-1.8.3.4
-
--- a/pkgs/os-specific/linux/systemd/0011-polkit-Avoid-race-condition-in-scraping-proc.patch
+++ b/pkgs/os-specific/linux/systemd/0011-polkit-Avoid-race-condition-in-scraping-proc.patch
@ -1,75 +0,0 @@
-From ab7707b4a9b1b7615bfe2e30e4a2bc9cb5261766 Mon Sep 17 00:00:00 2001
-From: Colin Walters <walters@verbum.org>
-Date: Thu, 22 Aug 2013 13:55:21 -0400
-Subject: [PATCH 11/11] polkit: Avoid race condition in scraping /proc
-
-If a calling process execve()s a setuid program, it can appear to be
-uid 0.  Since we're receiving requests over DBus, avoid this by simply
-passing system-bus-name as a subject.
---
- src/shared/polkit.c | 31 +++++--------------------------
- 1 file changed, 5 insertions(+), 26 deletions(-)
-
-diff --git a/src/shared/polkit.c b/src/shared/polkit.c
-index cea7074..1c5e9e3 100644
--- a/src/shared/polkit.c
-+++ b/src/shared/polkit.c
-@@ -38,12 +38,8 @@ int verify_polkit(
- 
- #ifdef ENABLE_POLKIT
-         DBusMessage *m = NULL, *reply = NULL;
-        const char *unix_process = "unix-process", *pid = "pid", *starttime = "start-time", *cancel_id = "";
-+        const char *system_bus_name = "system-bus-name", *name = "name", *cancel_id = "";
-         uint32_t flags = interactive ? 1 : 0;
-        pid_t pid_raw;
-        uint32_t pid_u32;
-        unsigned long long starttime_raw;
-        uint64_t starttime_u64;
-         DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
-         int r;
-         dbus_bool_t authorized = FALSE, challenge = FALSE;
-@@ -68,14 +64,6 @@ int verify_polkit(
- 
- #ifdef ENABLE_POLKIT
- 
-        pid_raw = bus_get_unix_process_id(c, sender, error);
-        if (pid_raw == 0)
-                return -EINVAL;
-
-        r = get_starttime_of_pid(pid_raw, &starttime_raw);
-        if (r < 0)
-                return r;
-
-         m = dbus_message_new_method_call(
-                         "org.freedesktop.PolicyKit1",
-                         "/org/freedesktop/PolicyKit1/Authority",
-@@ -86,22 +74,13 @@ int verify_polkit(
- 
-         dbus_message_iter_init_append(m, &iter_msg);
- 
-        pid_u32 = (uint32_t) pid_raw;
-        starttime_u64 = (uint64_t) starttime_raw;
-
-         if (!dbus_message_iter_open_container(&iter_msg, DBUS_TYPE_STRUCT, NULL, &iter_struct) ||
-            !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &unix_process) ||
-+            !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &system_bus_name) ||
-             !dbus_message_iter_open_container(&iter_struct, DBUS_TYPE_ARRAY, "{sv}", &iter_array) ||
-             !dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) ||
-            !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &pid) ||
-            !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant) ||
-            !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &pid_u32) ||
-            !dbus_message_iter_close_container(&iter_dict, &iter_variant) ||
-            !dbus_message_iter_close_container(&iter_array, &iter_dict) ||
-            !dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) ||
-            !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &starttime) ||
-            !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "t", &iter_variant) ||
-            !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT64, &starttime_u64) ||
-+            !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &name) ||
-+            !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "s", &iter_variant) ||
-+            !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_STRING, &sender) ||
-             !dbus_message_iter_close_container(&iter_dict, &iter_variant) ||
-             !dbus_message_iter_close_container(&iter_array, &iter_dict) ||
-             !dbus_message_iter_close_container(&iter_struct, &iter_array) ||
-- 
-1.8.3.4
-
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@ -16,18 +16,11 @@ stdenv.mkDerivation rec {
  };

  patches =
-    [ ./0001-Make-systemctl-daemon-reexec-do-the-right-thing-on-N.patch
-      ./0002-Ignore-duplicate-paths-in-systemctl-start.patch
-      ./0003-Start-device-units-for-uninitialised-encrypted-devic.patch
-      ./0004-Set-switch-to-configuration-hints-for-some-units.patch
-      ./0005-sysinit.target-Drop-the-dependency-on-local-fs.targe.patch
-      ./0006-Don-t-call-plymouth-quit.patch
-      ./0007-Ignore-IPv6-link-local-addresses.patch
-      ./0008-Don-t-try-to-unmount-nix-or-nix-store.patch
-      ./0009-Start-ctrl-alt-del.target-irreversibly.patch
-      ./0010-Fix-CPUShares-configuration-option.patch
-      ./0011-polkit-Avoid-race-condition-in-scraping-proc.patch
-    ] ++ stdenv.lib.optional stdenv.isArm ./libc-bug-accept4-arm.patch;
+    [ # These are all changes between upstream and
+      # https://github.com/edolstra/systemd/tree/nixos-v203.
+      ./fixes.patch
+    ]
+    ++ stdenv.lib.optional stdenv.isArm ./libc-bug-accept4-arm.patch;

  buildInputs =
    [ pkgconfig intltool gperf libcap dbus.libs kmod xz pam acl
--- a/pkgs/os-specific/linux/systemd/fix-tests-1.patch
+++ b/pkgs/os-specific/linux/systemd/fix-tests-1.patch
@ -1,68 +0,0 @@
-Signed-off-by: Ramkumar Ramachandra <artag...@gmail.com>
---
- Ramkumar Ramachandra wrote:
- > $ ./test-id128
- > random: a08ea8ed34594d4bbd953dd182ec86f9
- > Assertion 'sd_id128_get_machine(&id) == 0' failed at
- > src/test/test-id128.c:41, function main(). Aborting.
- > [1]    8017 abort (core dumped)  ./test-id128
- 
- Okay, this test fails because I don't have a /etc/machine-id -- I
- thought systemd is supposed to create it?  However, from the logic in
- src/core/machine-id-setup.c, it looks like although open() is called
- with O_CREAT on /etc/machine-id, systemd barfs if the file isn't
- present.  How about changing this?
-
- src/core/machine-id-setup.c |   12 +++++-------
- src/test/test-id128.c       |    6 ++++--
- 2 files changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/src/core/machine-id-setup.c b/src/core/machine-id-setup.c
-index 7f4c23b..3f21d58 100644
--- a/src/core/machine-id-setup.c
-+++ b/src/core/machine-id-setup.c
-@@ -168,12 +168,8 @@ int machine_id_setup(void) {
-                 writable = true;
-         else {
-                 fd = open("/etc/machine-id", O_RDONLY|O_CLOEXEC|O_NOCTTY);
-                if (fd < 0) {
-                        umask(m);
-                        log_error("Cannot open /etc/machine-id: %m");
-                        return -errno;
-                }
-
-+                if (fd < 0)
-+                        goto generate;
-                 writable = false;
-         }
- 
-@@ -192,7 +188,9 @@ int machine_id_setup(void) {
-                 }
-         }
- 
-        /* Hmm, so, the id currently stored is not useful, then let's
-+generate:
-+        /* Hmm, so, either /etc/machine-id doesn't exist, the id
-+         * currently stored is not useful, then let's
-          * generate one */
- 
-         r = generate(id);
-diff --git a/src/test/test-id128.c b/src/test/test-id128.c
-index bfd743e..60902d0 100644
--- a/src/test/test-id128.c
-+++ b/src/test/test-id128.c
-@@ -38,8 +38,10 @@ int main(int argc, char *argv[]) {
-         assert_se(sd_id128_from_string(t, &id2) == 0);
-         assert_se(sd_id128_equal(id, id2));
- 
-        assert_se(sd_id128_get_machine(&id) == 0);
-        printf("machine: %s\n", sd_id128_to_string(id, t));
-+        if (sd_id128_get_machine(&id) < 0)
-+                printf("machine: run systemd-machine-id-setup first\n");
-+        else
-+                printf("machine: %s\n", sd_id128_to_string(id, t));
- 
-         assert_se(sd_id128_get_boot(&id) == 0);
-         printf("boot: %s\n", sd_id128_to_string(id, t));
-- 
-1.7.8.1.362.g5d6df.dirty
--- a/pkgs/os-specific/linux/systemd/fixes.patch
+++ b/pkgs/os-specific/linux/systemd/fixes.patch
@ -0,0 +1,757 @@
+diff --git a/man/systemd.special.xml b/man/systemd.special.xml
+index 7164b1e..29401eb 100644
+--- a/man/systemd.special.xml
+++ b/man/systemd.special.xml
+@@ -381,7 +381,7 @@
+                                         this unit during
+                                         installation. This is best
+                                         configured via
+-                                        <varname>WantedBy=multi-uer.target</varname>
+                                        <varname>WantedBy=multi-user.target</varname>
+                                         in the unit's
+                                         <literal>[Install]</literal>
+                                         section.</para>
+diff --git a/rules/80-net-name-slot.rules b/rules/80-net-name-slot.rules
+index 15b5bc4..c5f1b38 100644
+--- a/rules/80-net-name-slot.rules
+++ b/rules/80-net-name-slot.rules
+@@ -1,6 +1,6 @@
+ # do not edit this file, it will be overwritten on update
+ 
+-ACTION=="remove", GOTO="net_name_slot_end"
+ACTION!="add", GOTO="net_name_slot_end"
+ SUBSYSTEM!="net", GOTO="net_name_slot_end"
+ NAME!="", GOTO="net_name_slot_end"
+ 
+diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in
+index d17bdd9..040b10e 100644
+--- a/rules/99-systemd.rules.in
+++ b/rules/99-systemd.rules.in
+@@ -14,10 +14,6 @@ KERNEL=="vport*", TAG+="systemd"
+ SUBSYSTEM=="block", KERNEL!="ram*|loop*", TAG+="systemd"
+ SUBSYSTEM=="block", KERNEL!="ram*|loop*", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0"
+ 
+-# Ignore encrypted devices with no identified superblock on it, since
+-# we are probably still calling mke2fs or mkswap on it.
+-SUBSYSTEM=="block", KERNEL!="ram*|loop*", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0"
+-
+ # Ignore raid devices that are not yet assembled and started
+ SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", TEST!="md/array_state", ENV{SYSTEMD_READY}="0"
+ SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", ATTR{md/array_state}=="|clear|inactive", ENV{SYSTEMD_READY}="0"
+diff --git a/src/core/cgroup-semantics.c b/src/core/cgroup-semantics.c
+index 82b02bb..7df9d01 100644
+--- a/src/core/cgroup-semantics.c
+++ b/src/core/cgroup-semantics.c
+@@ -255,7 +255,7 @@ static int map_blkio(const CGroupSemantics *s, const char *value, char **ret) {
+ }
+ 
+ static const CGroupSemantics semantics[] = {
+-        { "cpu",     "cpu.shares",                 "CPUShare",              false, parse_cpu_shares,          NULL,       NULL },
+        { "cpu",     "cpu.shares",                 "CPUShares",             false, parse_cpu_shares,          NULL,       NULL },
+         { "memory",  "memory.soft_limit_in_bytes", "MemorySoftLimit",       false, parse_memory_limit,        NULL,       NULL },
+         { "memory",  "memory.limit_in_bytes",      "MemoryLimit",           false, parse_memory_limit,        NULL,       NULL },
+         { "devices", "devices.allow",              "DeviceAllow",           true,  parse_device,              map_device, NULL },
+diff --git a/src/core/dbus-execute.h b/src/core/dbus-execute.h
+index 91d70e5..698102f 100644
+--- a/src/core/dbus-execute.h
+++ b/src/core/dbus-execute.h
+@@ -63,7 +63,7 @@
+         "  <property name=\"CPUSchedulingPolicy\" type=\"i\" access=\"read\"/>\n" \
+         "  <property name=\"CPUSchedulingPriority\" type=\"i\" access=\"read\"/>\n" \
+         "  <property name=\"CPUAffinity\" type=\"ay\" access=\"read\"/>\n" \
+-        "  <property name=\"TimerSlackNS\" type=\"t\" access=\"read\"/>\n" \
+        "  <property name=\"TimerSlackNSec\" type=\"t\" access=\"read\"/>\n" \
+         "  <property name=\"CPUSchedulingResetOnFork\" type=\"b\" access=\"read\"/>\n" \
+         "  <property name=\"NonBlocking\" type=\"b\" access=\"read\"/>\n" \
+         "  <property name=\"StandardInput\" type=\"s\" access=\"read\"/>\n" \
+diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
+index 56b02a1..2b6d799 100644
+--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
+@@ -1550,7 +1550,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
+                 _cleanup_strv_free_ char **l = NULL;
+                 char **e = NULL;
+ 
+-                SELINUX_ACCESS_CHECK(connection, message, "reboot");
+                SELINUX_ACCESS_CHECK(connection, message, "reload");
+ 
+                 r = bus_parse_strv(message, &l);
+                 if (r == -ENOMEM)
+@@ -1577,7 +1577,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
+                 _cleanup_strv_free_ char **l = NULL;
+                 char **e = NULL;
+ 
+-                SELINUX_ACCESS_CHECK(connection, message, "reboot");
+                SELINUX_ACCESS_CHECK(connection, message, "reload");
+ 
+                 r = bus_parse_strv(message, &l);
+                 if (r == -ENOMEM)
+@@ -1605,7 +1605,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
+                 char **f = NULL;
+                 DBusMessageIter iter;
+ 
+-                SELINUX_ACCESS_CHECK(connection, message, "reboot");
+                SELINUX_ACCESS_CHECK(connection, message, "reload");
+ 
+                 if (!dbus_message_iter_init(message, &iter))
+                         goto oom;
+diff --git a/src/core/dbus-swap.c b/src/core/dbus-swap.c
+index 2e99fba..e72749a 100644
+--- a/src/core/dbus-swap.c
+++ b/src/core/dbus-swap.c
+@@ -93,6 +93,7 @@ static DEFINE_BUS_PROPERTY_APPEND_ENUM(bus_swap_append_swap_result, swap_result,
+ static const BusProperty bus_swap_properties[] = {
+         { "What",       bus_property_append_string, "s", offsetof(Swap, what),  true },
+         { "Priority",   bus_swap_append_priority,   "i", 0 },
+        { "TimeoutUSec",bus_property_append_usec,   "t", offsetof(Swap, timeout_usec)},
+         BUS_EXEC_COMMAND_PROPERTY("ExecActivate",   offsetof(Swap, exec_command[SWAP_EXEC_ACTIVATE]),   false),
+         BUS_EXEC_COMMAND_PROPERTY("ExecDeactivate", offsetof(Swap, exec_command[SWAP_EXEC_DEACTIVATE]), false),
+         { "ControlPID", bus_property_append_pid,    "u", offsetof(Swap, control_pid) },
+diff --git a/src/core/main.c b/src/core/main.c
+index 7fc06be..101ce79 100644
+--- a/src/core/main.c
+++ b/src/core/main.c
+@@ -1590,14 +1590,14 @@ int main(int argc, char *argv[]) {
+                         log_error("Failed to adjust timer slack: %m");
+ 
+         if (arg_capability_bounding_set_drop) {
+-                r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true);
+                r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
+                 if (r < 0) {
+-                        log_error("Failed to drop capability bounding set: %s", strerror(-r));
+                        log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
+                         goto finish;
+                 }
+-                r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
+                r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true);
+                 if (r < 0) {
+-                        log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
+                        log_error("Failed to drop capability bounding set: %s", strerror(-r));
+                         goto finish;
+                 }
+         }
+@@ -1650,6 +1650,7 @@ int main(int argc, char *argv[]) {
+         /* This will close all file descriptors that were opened, but
+          * not claimed by any unit. */
+         fdset_free(fds);
+        fds = NULL;
+ 
+         if (serialization) {
+                 fclose(serialization);
+@@ -1857,7 +1858,7 @@ finish:
+                         char_array_0(sfd);
+ 
+                         i = 0;
+-                        args[i++] = SYSTEMD_BINARY_PATH;
+                        args[i++] = "/run/current-system/systemd/lib/systemd/systemd";
+                         if (switch_root_dir)
+                                 args[i++] = "--switched-root";
+                         args[i++] = arg_running_as == SYSTEMD_SYSTEM ? "--system" : "--user";
+diff --git a/src/core/manager.c b/src/core/manager.c
+index c7f8f20..0508628 100644
+--- a/src/core/manager.c
+++ b/src/core/manager.c
+@@ -1372,7 +1372,7 @@ static int manager_process_signal_fd(Manager *m) {
+ 
+                 case SIGINT:
+                         if (m->running_as == SYSTEMD_SYSTEM) {
+-                                manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE);
+                                manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE_IRREVERSIBLY);
+                                 break;
+                         }
+ 
+diff --git a/src/core/service.c b/src/core/service.c
+index 3617c24..4d0e2ad 100644
+--- a/src/core/service.c
+++ b/src/core/service.c
+@@ -2642,6 +2642,9 @@ static int service_serialize(Unit *u, FILE *f, FDSet *fds) {
+         if (s->exec_context.var_tmp_dir)
+                 unit_serialize_item(u, f, "var-tmp-dir", s->exec_context.var_tmp_dir);
+ 
+        if (s->forbid_restart)
+                unit_serialize_item(u, f, "forbid-restart", yes_no(s->forbid_restart));
+
+         return 0;
+ }
+ 
+@@ -2776,6 +2779,14 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
+                         return log_oom();
+ 
+                 s->exec_context.var_tmp_dir = t;
+        } else if (streq(key, "forbid-restart")) {
+                int b;
+
+                b = parse_boolean(value);
+                if (b < 0)
+                        log_debug_unit(u->id, "Failed to parse forbid-restart value %s", value);
+                else
+                        s->forbid_restart = b;
+         } else
+                 log_debug_unit(u->id, "Unknown serialization key '%s'", key);
+ 
+diff --git a/src/core/snapshot.c b/src/core/snapshot.c
+index a63eccd..a6807eb 100644
+--- a/src/core/snapshot.c
+++ b/src/core/snapshot.c
+@@ -217,8 +217,10 @@ int snapshot_create(Manager *m, const char *name, bool cleanup, DBusError *e, Sn
+                         if (asprintf(&n, "snapshot-%u.snapshot", ++ m->n_snapshots) < 0)
+                                 return -ENOMEM;
+ 
+-                        if (!manager_get_unit(m, n))
+                        if (!manager_get_unit(m, n)) {
+                                name = n;
+                                 break;
+                        }
+ 
+                         free(n);
+                 }
+diff --git a/src/core/umount.c b/src/core/umount.c
+index 1e95ad7..9f0e471 100644
+--- a/src/core/umount.c
+++ b/src/core/umount.c
+@@ -435,6 +435,8 @@ static int mount_points_list_umount(MountPoint **head, bool *changed, bool log_e
+                  * anyway, since we are running from it. They have
+                  * already been remounted ro. */
+                 if (path_equal(m->path, "/")
+                    || path_equal(m->path, "/nix")
+                    || path_equal(m->path, "/nix/store")
+ #ifndef HAVE_SPLIT_USR
+                     || path_equal(m->path, "/usr")
+ #endif
+diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
+index 81b7708..edd0b40 100644
+--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
+@@ -111,6 +111,7 @@ static int create_disk(
+                 "Conflicts=umount.target\n"
+                 "DefaultDependencies=no\n"
+                 "BindsTo=dev-mapper-%i.device\n"
+                "IgnoreOnIsolate=true\n"
+                 "After=systemd-readahead-collect.service systemd-readahead-replay.service\n",
+                 f);
+ 
+diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
+index c17299f..6b3e67e 100644
+--- a/src/fstab-generator/fstab-generator.c
+++ b/src/fstab-generator/fstab-generator.c
+@@ -351,7 +351,7 @@ static int add_mount(
+ 
+         if (automount && !path_equal(where, "/")) {
+                 automount_name = unit_name_from_path(where, ".automount");
+-                if (!name)
+                if (!automount_name)
+                         return log_oom();
+ 
+                 automount_unit = strjoin(arg_dest, "/", automount_name, NULL);
+@@ -596,9 +596,9 @@ static int parse_proc_cmdline(void) {
+                 } else if (startswith(word, "rd.fstab=")) {
+ 
+                         if (in_initrd()) {
+-                                r = parse_boolean(word + 6);
+                                r = parse_boolean(word + 9);
+                                 if (r < 0)
+-                                        log_warning("Failed to parse fstab switch %s. Ignoring.", word + 6);
+                                        log_warning("Failed to parse fstab switch %s. Ignoring.", word + 9);
+                                 else
+                                         arg_enabled = r;
+                         }
+diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
+index 38499a6..bb80905 100644
+--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
+@@ -907,6 +907,8 @@ static int journal_file_append_field(
+ 
+         osize = offsetof(Object, field.payload) + size;
+         r = journal_file_append_object(f, OBJECT_FIELD, osize, &o, &p);
+        if (r < 0)
+                return r;
+ 
+         o->field.hash = htole64(hash);
+         memcpy(o->field.payload, field, size);
+diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
+index 88163c0..e09ba4c 100644
+--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
+@@ -333,8 +333,10 @@ void server_rotate(Server *s) {
+                 if (r < 0)
+                         if (f)
+                                 log_error("Failed to rotate %s: %s", f->path, strerror(-r));
+-                        else
+                        else {
+                                 log_error("Failed to create user journal: %s", strerror(-r));
+                                hashmap_remove(s->user_journals, k);
+                        }
+                 else {
+                         hashmap_replace(s->user_journals, k, f);
+                         server_fix_perms(s, f, PTR_TO_UINT32(k));
+@@ -975,7 +977,8 @@ int process_event(Server *s, struct epoll_event *ev) {
+                 ssize_t n;
+ 
+                 if (ev->events != EPOLLIN) {
+-                        log_error("Got invalid event from epoll.");
+                        log_error("Got invalid event from epoll for %s: %"PRIx32,
+                                  "signal fd", ev->events);
+                         return -EIO;
+                 }
+ 
+@@ -1024,8 +1027,12 @@ int process_event(Server *s, struct epoll_event *ev) {
+         } else if (ev->data.fd == s->dev_kmsg_fd) {
+                 int r;
+ 
+-                if (ev->events != EPOLLIN) {
+-                        log_error("Got invalid event from epoll.");
+                if (ev->events & EPOLLERR)
+                        log_warning("/dev/kmsg buffer overrun, some messages lost.");
+
+                if (!(ev->events & EPOLLIN)) {
+                        log_error("Got invalid event from epoll for %s: %"PRIx32,
+                                  "/dev/kmsg", ev->events);
+                         return -EIO;
+                 }
+ 
+@@ -1039,7 +1046,9 @@ int process_event(Server *s, struct epoll_event *ev) {
+                    ev->data.fd == s->syslog_fd) {
+ 
+                 if (ev->events != EPOLLIN) {
+-                        log_error("Got invalid event from epoll.");
+                        log_error("Got invalid event from epoll for %s: %"PRIx32,
+                                  ev->data.fd == s->native_fd ? "native fd" : "syslog fd",
+                                  ev->events);
+                         return -EIO;
+                 }
+ 
+@@ -1140,12 +1149,7 @@ int process_event(Server *s, struct epoll_event *ev) {
+                                 char *e;
+ 
+                                 if (n > 0 && n_fds == 0) {
+-                                        e = memchr(s->buffer, '\n', n);
+-                                        if (e)
+-                                                *e = 0;
+-                                        else
+-                                                s->buffer[n] = 0;
+-
+                                        s->buffer[n] = 0;
+                                         server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
+                                 } else if (n_fds > 0)
+                                         log_warning("Got file descriptors via syslog socket. Ignoring.");
+@@ -1167,7 +1171,8 @@ int process_event(Server *s, struct epoll_event *ev) {
+         } else if (ev->data.fd == s->stdout_fd) {
+ 
+                 if (ev->events != EPOLLIN) {
+-                        log_error("Got invalid event from epoll.");
+                        log_error("Got invalid event from epoll for %s: %"PRIx32,
+                                  "stdout fd", ev->events);
+                         return -EIO;
+                 }
+ 
+@@ -1178,6 +1183,8 @@ int process_event(Server *s, struct epoll_event *ev) {
+                 StdoutStream *stream;
+ 
+                 if ((ev->events|EPOLLIN|EPOLLHUP) != (EPOLLIN|EPOLLHUP)) {
+                        log_error("Got invalid event from epoll for %s: %"PRIx32,
+                                  "stdout stream", ev->events);
+                         log_error("Got invalid event from epoll.");
+                         return -EIO;
+                 }
+diff --git a/src/journal/mmap-cache.c b/src/journal/mmap-cache.c
+index 54bf114..bd197d0 100644
+--- a/src/journal/mmap-cache.c
+++ b/src/journal/mmap-cache.c
+@@ -308,9 +308,13 @@ static void mmap_cache_free(MMapCache *m) {
+         while ((c = hashmap_first(m->contexts)))
+                 context_free(c);
+ 
+        hashmap_free(m->contexts);
+
+         while ((f = hashmap_first(m->fds)))
+                 fd_free(f);
+ 
+        hashmap_free(m->fds);
+
+         while (m->unused)
+                 window_free(m->unused);
+ 
+diff --git a/src/libsystemd-bus/bus-internal.c b/src/libsystemd-bus/bus-internal.c
+index 0e66f3d..cac948e 100644
+--- a/src/libsystemd-bus/bus-internal.c
+++ b/src/libsystemd-bus/bus-internal.c
+@@ -63,7 +63,7 @@ bool object_path_is_valid(const char *p) {
+ 
+ bool interface_name_is_valid(const char *p) {
+         const char *q;
+-        bool dot, found_dot;
+        bool dot, found_dot = false;
+ 
+         if (isempty(p))
+                 return false;
+@@ -103,7 +103,7 @@ bool interface_name_is_valid(const char *p) {
+ 
+ bool service_name_is_valid(const char *p) {
+         const char *q;
+-        bool dot, found_dot, unique;
+        bool dot, found_dot = false, unique;
+ 
+         if (isempty(p))
+                 return false;
+diff --git a/src/libsystemd-bus/sd-bus.c b/src/libsystemd-bus/sd-bus.c
+index 7d6d848..b0eb2f1 100644
+--- a/src/libsystemd-bus/sd-bus.c
+++ b/src/libsystemd-bus/sd-bus.c
+@@ -1088,11 +1088,11 @@ static int dispatch_rqueue(sd_bus *bus, sd_bus_message **m) {
+                 if (r == 0)
+                         return ret;
+ 
+-                r = 1;
+                ret = 1;
+         } while (!z);
+ 
+         *m = z;
+-        return 1;
+        return ret;
+ }
+ 
+ int sd_bus_send(sd_bus *bus, sd_bus_message *m, uint64_t *serial) {
+diff --git a/src/libudev/libudev-enumerate.c b/src/libudev/libudev-enumerate.c
+index 5ccaabd..100c1fb 100644
+--- a/src/libudev/libudev-enumerate.c
+++ b/src/libudev/libudev-enumerate.c
+@@ -299,7 +299,7 @@ _public_ struct udev_list_entry *udev_enumerate_get_list_entry(struct udev_enume
+                         /* skip to be delayed devices, and move the to
+                          * the point where the prefix changes. We can
+                          * only move one item at a time. */
+-                        if (!move_later) {
+                        if (move_later == -1) {
+                                 move_later_prefix = devices_delay_later(udev_enumerate->udev, entry->syspath);
+ 
+                                 if (move_later_prefix > 0) {
+@@ -718,6 +718,8 @@ static bool match_subsystem(struct udev_enumerate *udev_enumerate, const char *s
+ {
+         struct udev_list_entry *list_entry;
+ 
+        subsystem = subsystem ? : "";
+
+         udev_list_entry_foreach(list_entry, udev_list_get_entry(&udev_enumerate->subsystem_nomatch_list)) {
+                 if (fnmatch(udev_list_entry_get_name(list_entry), subsystem, 0) == 0)
+                         return false;
+@@ -826,23 +828,27 @@ nomatch:
+ static int parent_add_child(struct udev_enumerate *enumerate, const char *path)
+ {
+         struct udev_device *dev;
+        int r = 0;
+ 
+         dev = udev_device_new_from_syspath(enumerate->udev, path);
+         if (dev == NULL)
+                 return -ENODEV;
+ 
+         if (!match_subsystem(enumerate, udev_device_get_subsystem(dev)))
+-                return 0;
+                goto nomatch;
+         if (!match_sysname(enumerate, udev_device_get_sysname(dev)))
+-                return 0;
+                goto nomatch;
+         if (!match_property(enumerate, dev))
+-                return 0;
+                goto nomatch;
+         if (!match_sysattr(enumerate, dev))
+-                return 0;
+                goto nomatch;
+ 
+         syspath_add(enumerate, udev_device_get_syspath(dev));
+        r = 1;
+
+nomatch:
+         udev_device_unref(dev);
+-        return 1;
+        return r;
+ }
+ 
+ static int parent_crawl_children(struct udev_enumerate *enumerate, const char *path, int maxdepth)
+diff --git a/src/libudev/libudev.sym b/src/libudev/libudev.sym
+index 8e09430..1e6f885 100644
+--- a/src/libudev/libudev.sym
+++ b/src/libudev/libudev.sym
+@@ -109,5 +109,6 @@ global:
+ } LIBUDEV_189;
+ 
+ LIBUDEV_199 {
+global:
+         udev_device_set_sysattr_value;
+ } LIBUDEV_196;
+diff --git a/src/modules-load/modules-load.c b/src/modules-load/modules-load.c
+index 7b19ee0..49ee420 100644
+--- a/src/modules-load/modules-load.c
+++ b/src/modules-load/modules-load.c
+@@ -302,8 +302,8 @@ int main(int argc, char *argv[]) {
+ 
+                 STRV_FOREACH(i, arg_proc_cmdline_modules) {
+                         k = load_module(ctx, *i);
+-                        if (k < 0)
+-                                r = EXIT_FAILURE;
+                        if (k < 0 && r == 0)
+                                r = k;
+                 }
+ 
+                 r = conf_files_list_nulstr(&files, ".conf", NULL, conf_file_dirs);
+diff --git a/src/nss-myhostname/netlink.c b/src/nss-myhostname/netlink.c
+index b1ef912..4f2ab5c 100644
+--- a/src/nss-myhostname/netlink.c
+++ b/src/nss-myhostname/netlink.c
+@@ -113,6 +113,10 @@ static int read_reply(int fd, struct address **list, unsigned *n_list) {
+                     ifaddrmsg->ifa_scope == RT_SCOPE_NOWHERE)
+                         continue;
+ 
+                if (ifaddrmsg->ifa_family == AF_INET6 &&
+                    ifaddrmsg->ifa_scope == RT_SCOPE_LINK)
+                        continue;
+
+                 if (ifaddrmsg->ifa_flags & IFA_F_DEPRECATED)
+                         continue;
+ 
+diff --git a/src/shared/efivars.c b/src/shared/efivars.c
+index 8d004ba..99340c9 100644
+--- a/src/shared/efivars.c
+++ b/src/shared/efivars.c
+@@ -383,7 +383,8 @@ int efi_get_boot_options(uint16_t **options) {
+                 list[count ++] = id;
+         }
+ 
+-        qsort(list, count, sizeof(uint16_t), cmp_uint16);
+        if (list)
+                qsort(list, count, sizeof(uint16_t), cmp_uint16);
+ 
+         *options = list;
+         return count;
+diff --git a/src/shared/env-util.c b/src/shared/env-util.c
+index 6a52fb9..598222c 100644
+--- a/src/shared/env-util.c
+++ b/src/shared/env-util.c
+@@ -406,7 +406,9 @@ char **strv_env_clean_log(char **e, const char *message) {
+                 e[k++] = *p;
+         }
+ 
+-        e[k] = NULL;
+        if (e)
+                e[k] = NULL;
+
+         return e;
+ }
+ 
+diff --git a/src/shared/log.c b/src/shared/log.c
+index 27317f7..8f4995a 100644
+--- a/src/shared/log.c
+++ b/src/shared/log.c
+@@ -115,16 +115,20 @@ void log_close_syslog(void) {
+ 
+ static int create_log_socket(int type) {
+         int fd;
+        struct timeval tv;
+ 
+-        /* All output to the syslog/journal fds we do asynchronously,
+-         * and if the buffers are full we just drop the messages */
+-
+-        fd = socket(AF_UNIX, type|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
+        fd = socket(AF_UNIX, type|SOCK_CLOEXEC, 0);
+         if (fd < 0)
+                 return -errno;
+ 
+         fd_inc_sndbuf(fd, SNDBUF_SIZE);
+ 
+        /* We need a blocking fd here since we'd otherwise lose
+        messages way too early. However, let's not hang forever in the
+        unlikely case of a deadlock. */
+        timeval_store(&tv, 1*USEC_PER_MINUTE);
+        setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv));
+
+         return fd;
+ }
+ 
+diff --git a/src/shared/polkit.c b/src/shared/polkit.c
+index cea7074..1c5e9e3 100644
+--- a/src/shared/polkit.c
+++ b/src/shared/polkit.c
+@@ -38,12 +38,8 @@ int verify_polkit(
+ 
+ #ifdef ENABLE_POLKIT
+         DBusMessage *m = NULL, *reply = NULL;
+-        const char *unix_process = "unix-process", *pid = "pid", *starttime = "start-time", *cancel_id = "";
+        const char *system_bus_name = "system-bus-name", *name = "name", *cancel_id = "";
+         uint32_t flags = interactive ? 1 : 0;
+-        pid_t pid_raw;
+-        uint32_t pid_u32;
+-        unsigned long long starttime_raw;
+-        uint64_t starttime_u64;
+         DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
+         int r;
+         dbus_bool_t authorized = FALSE, challenge = FALSE;
+@@ -68,14 +64,6 @@ int verify_polkit(
+ 
+ #ifdef ENABLE_POLKIT
+ 
+-        pid_raw = bus_get_unix_process_id(c, sender, error);
+-        if (pid_raw == 0)
+-                return -EINVAL;
+-
+-        r = get_starttime_of_pid(pid_raw, &starttime_raw);
+-        if (r < 0)
+-                return r;
+-
+         m = dbus_message_new_method_call(
+                         "org.freedesktop.PolicyKit1",
+                         "/org/freedesktop/PolicyKit1/Authority",
+@@ -86,22 +74,13 @@ int verify_polkit(
+ 
+         dbus_message_iter_init_append(m, &iter_msg);
+ 
+-        pid_u32 = (uint32_t) pid_raw;
+-        starttime_u64 = (uint64_t) starttime_raw;
+-
+         if (!dbus_message_iter_open_container(&iter_msg, DBUS_TYPE_STRUCT, NULL, &iter_struct) ||
+-            !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &unix_process) ||
+            !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &system_bus_name) ||
+             !dbus_message_iter_open_container(&iter_struct, DBUS_TYPE_ARRAY, "{sv}", &iter_array) ||
+             !dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) ||
+-            !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &pid) ||
+-            !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant) ||
+-            !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &pid_u32) ||
+-            !dbus_message_iter_close_container(&iter_dict, &iter_variant) ||
+-            !dbus_message_iter_close_container(&iter_array, &iter_dict) ||
+-            !dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) ||
+-            !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &starttime) ||
+-            !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "t", &iter_variant) ||
+-            !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT64, &starttime_u64) ||
+            !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &name) ||
+            !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "s", &iter_variant) ||
+            !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_STRING, &sender) ||
+             !dbus_message_iter_close_container(&iter_dict, &iter_variant) ||
+             !dbus_message_iter_close_container(&iter_array, &iter_dict) ||
+             !dbus_message_iter_close_container(&iter_struct, &iter_array) ||
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index 3cca861..f6052dd 100644
+--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
+@@ -1482,7 +1482,7 @@ static DBusHandlerResult wait_filter(DBusConnection *connection, DBusMessage *me
+ 
+         } else if (dbus_message_is_signal(message, "org.freedesktop.systemd1.Manager", "JobRemoved")) {
+                 uint32_t id;
+-                const char *path, *result, *unit;
+                const char *path, *result, *unit, *r;
+ 
+                 if (dbus_message_get_args(message, &error,
+                                           DBUS_TYPE_UINT32, &id,
+@@ -1491,7 +1491,11 @@ static DBusHandlerResult wait_filter(DBusConnection *connection, DBusMessage *me
+                                           DBUS_TYPE_STRING, &result,
+                                           DBUS_TYPE_INVALID)) {
+ 
+-                        free(set_remove(d->set, (char*) path));
+                        r = set_remove(d->set, (char*) path);
+                        if (!r)
+                                return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
+
+                        free(r);
+ 
+                         if (!isempty(result))
+                                 d->result = strdup(result);
+@@ -1511,7 +1515,11 @@ static DBusHandlerResult wait_filter(DBusConnection *connection, DBusMessage *me
+                         /* Compatibility with older systemd versions <
+                          * 183 during upgrades. This should be dropped
+                          * one day. */
+-                        free(set_remove(d->set, (char*) path));
+                        r = set_remove(d->set, (char*) path);
+                        if (!r)
+                                return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
+
+                        free(r);
+ 
+                         if (*result)
+                                 d->result = strdup(result);
+@@ -1867,7 +1875,7 @@ static int start_unit_one(
+                         return log_oom();
+ 
+                 r = set_consume(s, p);
+-                if (r < 0) {
+                if (r < 0 && r != -EEXIST) {
+                         log_error("Failed to add path to set.");
+                         return r;
+                 }
+diff --git a/units/emergency.service.in b/units/emergency.service.in
+index 442f0e0..6b7eafd 100644
+--- a/units/emergency.service.in
+++ b/units/emergency.service.in
+@@ -15,7 +15,6 @@ Before=shutdown.target
+ [Service]
+ Environment=HOME=/root
+ WorkingDirectory=/root
+-ExecStartPre=-/bin/plymouth quit
+ ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type "journalctl -xb" to view\\nsystem logs, "systemctl reboot" to reboot, "systemctl default" to try again\\nto boot into default mode.'
+ ExecStart=-/sbin/sulogin
+ ExecStopPost=@SYSTEMCTL@ --fail --no-block default
+diff --git a/units/local-fs.target b/units/local-fs.target
+index 18c3d74..a09054c 100644
+--- a/units/local-fs.target
+++ b/units/local-fs.target
+@@ -11,3 +11,5 @@ Documentation=man:systemd.special(7)
+ After=local-fs-pre.target
+ OnFailure=emergency.target
+ OnFailureIsolate=no
+
+X-StopOnReconfiguration=yes
+diff --git a/units/remote-fs.target b/units/remote-fs.target
+index 09213e8..47b4cf5 100644
+--- a/units/remote-fs.target
+++ b/units/remote-fs.target
+@@ -10,5 +10,7 @@ Description=Remote File Systems
+ Documentation=man:systemd.special(7)
+ After=remote-fs-pre.target
+ 
+X-StopOnReconfiguration=yes
+
+ [Install]
+ WantedBy=multi-user.target
+diff --git a/units/rescue.service.m4.in b/units/rescue.service.m4.in
+index 269797a..2c640f4 100644
+--- a/units/rescue.service.m4.in
+++ b/units/rescue.service.m4.in
+@@ -16,7 +16,6 @@ Before=shutdown.target
+ [Service]
+ Environment=HOME=/root
+ WorkingDirectory=/root
+-ExecStartPre=-/bin/plymouth quit
+ ExecStartPre=-/bin/echo -e 'Welcome to rescue mode! Type "systemctl default" or ^D to enter default mode.\\nType "journalctl -xb" to view system logs. Type "systemctl reboot" to reboot.'
+ ExecStart=-/sbin/sulogin
+ ExecStopPost=-@SYSTEMCTL@ --fail --no-block default
+diff --git a/units/sysinit.target b/units/sysinit.target
+index 8f4fb8f..e0f0147 100644
+--- a/units/sysinit.target
+++ b/units/sysinit.target
+@@ -9,6 +9,5 @@
+ Description=System Initialization
+ Documentation=man:systemd.special(7)
+ Conflicts=emergency.service emergency.target
+-Wants=local-fs.target swap.target
+-After=local-fs.target swap.target emergency.service emergency.target
+After=emergency.service emergency.target
+ RefuseManualStart=yes
+diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
+index ab2e50c..9563a7d 100644
+--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
+@@ -24,3 +24,8 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG C
+ # Increase the default a bit in order to allow many simultaneous
+ # services being run since we keep one fd open per service.
+ LimitNOFILE=16384
+
+# Don't restart journald, since that causes services connected to
+# journald to stop logging (see
+# https://bugs.freedesktop.org/show_bug.cgi?id=56043).
+X-RestartIfChanged=no
+diff --git a/units/systemd-user-sessions.service.in b/units/systemd-user-sessions.service.in
+index 0869e73..b6ed958 100644
+--- a/units/systemd-user-sessions.service.in
+++ b/units/systemd-user-sessions.service.in
+@@ -15,3 +15,6 @@ Type=oneshot
+ RemainAfterExit=yes
+ ExecStart=@rootlibexecdir@/systemd-user-sessions start
+ ExecStop=@rootlibexecdir@/systemd-user-sessions stop
+
+# Restart kills all active sessions.
+X-RestartIfChanged=no
--- a/pkgs/os-specific/linux/systemd/no-global-install.patch
+++ b/pkgs/os-specific/linux/systemd/no-global-install.patch
@ -1,26 +0,0 @@
-diff --git a/Makefile.am b/Makefile.am
-index 05bf582..aa16a7c 100644
--- a/Makefile.am
-+++ b/Makefile.am
-@@ -2568,11 +2568,6 @@ endif
- # "adm" and "wheel".
- libsystemd-journal-install-hook:
- 	libname=libsystemd-journal.so && $(move-to-rootlibdir)
-	$(MKDIR_P) $(DESTDIR)/var/log/journal
-	-chown 0:0 $(DESTDIR)/var/log/journal
-	-chmod 755 $(DESTDIR)/var/log/journal
-	-setfacl -nm g:adm:rx,d:g:adm:rx $(DESTDIR)/var/log/journal/
-	-setfacl -nm g:wheel:rx,d:g:wheel:rx $(DESTDIR)/var/log/journal/
- 
- libsystemd-journal-uninstall-hook:
- 	rm -f $(DESTDIR)$(rootlibdir)/libsystemd-journal.so*
-@@ -3676,9 +3671,6 @@ if HAVE_SYSV_COMPAT
- sysvinit_DATA = \
- 	docs/sysvinit/README
- 
-varlog_DATA = \
-	docs/var-log/README
-
- docs/sysvinit/README: docs/sysvinit/README.in
- 	$(SED_PROCESS)
-