100 lines
		
	
	
		
			2.2 KiB
		
	
	
	
		
			Bash
		
	
	
	
			
		
		
	
	
			100 lines
		
	
	
		
			2.2 KiB
		
	
	
	
		
			Bash
		
	
	
	
| #!/bin/bash
 | |
| 
 | |
| sd_booted() {
 | |
|   [[ -d run/systemd/system && ! -L run/systemd/system ]]
 | |
| }
 | |
| 
 | |
| add_journal_acls() {
 | |
|   # ignore errors, since the filesystem might not support ACLs
 | |
|   setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx var/log/journal/ 2>/dev/null
 | |
|   :
 | |
| }
 | |
| 
 | |
| post_common() {
 | |
|   systemd-sysusers
 | |
|   journalctl --update-catalog
 | |
| }
 | |
| 
 | |
| _216_2_changes() {
 | |
|   echo ':: Coredumps are handled by systemd by default. Collection behavior can be'
 | |
|   echo '   tuned in /etc/systemd/coredump.conf.'
 | |
| }
 | |
| 
 | |
| _219_2_changes() {
 | |
|   if mkdir -m2755 var/log/journal/remote 2>/dev/null; then
 | |
|     chgrp systemd-journal-remote var/log/journal/remote
 | |
|   fi
 | |
| }
 | |
| 
 | |
| _219_4_changes() {
 | |
|   if ! systemctl is-enabled -q remote-fs.target; then
 | |
|     systemctl enable -q remote-fs.target
 | |
|   fi
 | |
| }
 | |
| 
 | |
| _230_1_changes() {
 | |
|   echo ':: systemd-bootchart is no longer included with systemd'
 | |
| }
 | |
| 
 | |
| _232_8_changes() {
 | |
|   # paper over possible effects of CVE-2016-10156
 | |
|   local stamps=(/var/lib/systemd/timers/*.timer)
 | |
| 
 | |
|   if [[ -f ${stamps[0]} ]]; then
 | |
|     chmod 0644 "${stamps[@]}"
 | |
|   fi
 | |
| }
 | |
| 
 | |
| _233_75_3_changes() {
 | |
|   # upstream installs services to /etc, which we remove
 | |
|   # to keep bus activation we re-enable systemd-resolved
 | |
|   if systemctl is-enabled -q systemd-resolved.service; then
 | |
|     systemctl reenable systemd-resolved.service 2>/dev/null
 | |
|   fi
 | |
| }
 | |
| 
 | |
| post_install() {
 | |
|   systemd-machine-id-setup
 | |
| 
 | |
|   post_common "$@"
 | |
| 
 | |
|   add_journal_acls
 | |
| 
 | |
|   # enable some services by default, but don't track them
 | |
|   systemctl enable getty@tty1.service remote-fs.target
 | |
| 
 | |
|   echo ":: Append 'init=/usr/lib/systemd/systemd' to your kernel command line in your"
 | |
|   echo "   bootloader to replace sysvinit with systemd, or install systemd-sysvcompat"
 | |
| 
 | |
|   # group 'systemd-journal-remote' is created by systemd-sysusers
 | |
|   mkdir -m2755 var/log/journal/remote
 | |
|   chgrp systemd-journal-remote var/log/journal/remote
 | |
| }
 | |
| 
 | |
| post_upgrade() {
 | |
|   post_common "$@"
 | |
| 
 | |
|   # don't reexec if the old version is 231-1 or 231-2.
 | |
|   # https://github.com/systemd/systemd/commit/bd64d82c1c
 | |
|   if [[ $1 != 231-[12] ]] && sd_booted; then
 | |
|     systemctl --system daemon-reexec
 | |
|   fi
 | |
| 
 | |
|   local v upgrades=(
 | |
|     216-2
 | |
|     219-2
 | |
|     219-4
 | |
|     230-1
 | |
|     232-8
 | |
|     233.75-3
 | |
|   )
 | |
| 
 | |
|   for v in "${upgrades[@]}"; do
 | |
|     if [[ $(vercmp "$v" "$2") -eq 1 ]]; then
 | |
|       "_${v//[.-]/_}_changes"
 | |
|     fi
 | |
|   done
 | |
| }
 | |
| 
 | |
| # vim:set ts=2 sw=2 et:
 |