libarchive-dev
libblkid-dev
libbpf-dev
- libcap-dev
libcurl4-gnutls-dev
libfdisk-dev
libfido2-dev
glibc >= 2.31
libxcrypt or glibc (<= 2.38 built with --enable-crypt)
- libcap
libmount >= 2.30 (from util-linux)
(util-linux *must* be built without --enable-libmount-support-mtab)
libseccomp >= 2.3.1 (optional)
work for ECDSA keys since their signatures contain a random component, but
will work for RSA and Ed25519 keys.
-* drop dependency on libcap, replace by direct syscalls based on
- CapabilityQuintet we already have. (This likely allows us to drop libcap
- dep in the base OS image)
-
* userdbd: implement an additional varlink service socket that provides the
host user db in restricted form, then allow this to be bind mounted into
sandboxed environments that want the host database in minimal form. All
For example: if all you want is the tmpfiles tool, then build systemd normally, and list only /usr/bin/systemd-tmpfiles in the .spec file for your RPM package.
This is simple to do, allows you to pick exactly what you need, but requires a larger number of build dependencies (but not runtime dependencies).
-2. If you want to reduce the build time dependencies (though only dbus and libcap are needed as build time deps) and you know the specific component you are interested in doesn't need it, then create a dummy .pc file for that dependency (i.e. basically empty), and configure systemd with PKG_CONFIG_PATH set to the path of these dummy .pc files. Then, build only the few bits you need with "make foobar", where foobar is the file you need.
+2. If you want to reduce the build time dependencies (though only dbus is needed as build time deps) and you know the specific component you are interested in doesn't need it, then create a dummy .pc file for that dependency (i.e. basically empty), and configure systemd with PKG_CONFIG_PATH set to the path of these dummy .pc files. Then, build only the few bits you need with "make foobar", where foobar is the file you need.
We are open to merging patches for the build system that make more "fringe" components of systemd optional. However, please be aware that in order to keep the complexity of our build system small and its readability high, and to make our lives easier, we will not accept patches that make the minimal core components optional, i.e. systemd itself, journald and udevd.
-
-Note that the .pc file trick mentioned above currently doesn't work for libcap, since libcap doesn't provide a .pc file. We invite you to go ahead and post a patch to libcap upstream to get this corrected. We'll happily change our build system to look for that .pc file then. (a .pc file has been sent to upstream by Bryan Kadzban).
foreach header : [
'crypt.h',
- 'sys/capability.h',
]
if not cc.has_header(header)
librt = cc.find_library('rt')
libm = cc.find_library('m')
libdl = cc.find_library('dl')
-libcap = dependency('libcap')
# On some architectures, libatomic is required. But on some installations,
# it is found, but actual linking fails. So let's try to use it opportunistically.
install_tag: 'libsystemd',
install_dir : libdir,
pic : static_libsystemd_pic,
- dependencies : [libcap,
- libdl,
+ dependencies : [libdl,
libgcrypt_cflags,
liblz4_cflags,
libm,
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
-#include <sys/capability.h> /* IWYU pragma: export */
+#include <linux/capability.h> /* IWYU pragma: export */
#include "basic-forward.h"
int drop_capability(unsigned cap);
int keep_capability(unsigned cap);
-DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(cap_t, cap_free, NULL);
-#define _cleanup_cap_free_ _cleanup_(cap_freep)
-
static inline uint64_t all_capabilities(void) {
return UINT64_MAX >> (63 - cap_last_cap());
}
fundamental_sources,
include_directories : basic_includes,
implicit_include_directories : false,
- dependencies : [libcap,
- libdl,
+ dependencies : [libdl,
libgcrypt_cflags,
liblz4_cflags,
libm,
Version: {{PROJECT_VERSION}}
Libs: -L${libdir} -lsystemd
Cflags: -I${includedir}
-Requires.private: libcap
Libs: -L${libdir} -ludev
Libs.private: -lrt -pthread
Cflags: -I${includedir}
-Requires.private: libcap
libacl_cflags,
libaudit_cflags,
libblkid_cflags,
- libcap,
libcrypt,
libdl,
libgcrypt_cflags,
'extract' : systemctl_extract_sources,
'link_with' : systemctl_link_with,
'dependencies' : [
- libcap,
liblz4_cflags,
libxz_cflags,
libzstd_cflags,
'test-bus-unit-util.c',
'test-bus-util.c',
'test-calendarspec.c',
+ 'test-capability-list.c',
+ 'test-capability-util.c',
'test-cgroup-setup.c',
'test-cgroup-util.c',
'test-chase.c',
'sources' : files('test-btrfs-physical-offset.c'),
'type' : 'manual',
},
- test_template + {
- 'sources' : files('test-capability-list.c'),
- 'dependencies' : libcap,
- },
- test_template + {
- 'sources' : files('test-capability-util.c'),
- 'dependencies' : libcap,
- },
test_template + {
'sources' : files('test-chase-manual.c'),
'type' : 'manual',
#include "strv.h"
#include "tests.h"
-static inline void cap_free_charpp(char **p) {
- if (*p)
- cap_free(*p);
-}
-
/* verify the capability parser */
TEST(cap_list) {
assert_se(!capability_to_name(-1));
assert_se(capability_from_name("63") == -EINVAL);
assert_se(capability_from_name("64") == -EINVAL);
assert_se(capability_from_name("-1") == -EINVAL);
-
- for (unsigned i = 0; i < capability_list_length(); i++) {
- _cleanup_(cap_free_charpp) char *a = NULL;
- const char *b;
- unsigned u;
-
- assert_se(a = cap_to_name(i));
-
- /* quit the loop as soon as libcap starts returning
- * numeric ids, formatted as strings */
- if (safe_atou(a, &u) >= 0)
- break;
-
- assert_se(b = capability_to_name(i));
-
- printf("%s vs. %s\n", a, b);
-
- assert_se(strcasecmp(a, b) == 0);
- }
}
static void test_capability_set_one(uint64_t c, const char *t) {
apt-get update
apt-get install -y gperf m4 gettext python3-pip \
- libcap-dev libmount-dev \
+ libmount-dev \
pkg-config wget python3-jinja2 zipmerge zstd
if [[ "$ARCHITECTURE" == i386 ]]; then
- apt-get install -y pkg-config:i386 libcap-dev:i386 libmount-dev:i386
+ apt-get install -y pkg-config:i386 libmount-dev:i386
fi
pip3 install -r .github/workflows/requirements.txt --require-hashes
projects / thirdparty / systemd.git / commitdiff
