Changes in chapter08/systemd.xml [ffecb9e:7152faa]

File:

• chapter08/systemd.xml (modified) (7 diffs)

chapter08/systemd.xml

@@ -1 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
+<?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
@@ -48 +48 @@
  <screen><userinput remap="pre">sed -i -e 's/GROUP="render"/GROUP="video"/' \
        -e 's/GROUP="sgx", //' rules.d/50-udev-default.rules.in</userinput></screen>
+
+    <!-- https://github.com/systemd/systemd/pull/30549 -->
+    <para>Now fix a security vulnerability in the DNSSEC verification of
+    <command>systemd-resolved</command>:</para>
+
+<screen><userinput remap='pre'>sed -e '/return FLAGS_SET.*AUTHENTICATED/s/(t/(dt/' \
+    -i src/resolve/resolved-dns-transaction.c</userinput></screen>
 
     <para>Prepare systemd for compilation:</para>
@@ -63 +70 @@
       -Dsysusers=false              \
       -Drpmmacrosdir=no             \
-      -Dhomed=false                 \
+      -Dhomed=disabled              \
       -Duserdb=false                \
-      -Dman=false                   \
+      -Dman=disabled                \
       -Dmode=release                \
       -Dpamconfdir=no               \
       -Ddev-kvm-mode=0660           \
       -Dnobody-group=nogroup        \
+      -Dsysupdate=disabled          \
+      -Dukify=disabled              \
       -Ddocdir=/usr/share/doc/systemd-&systemd-version; \
       ..</userinput></screen>
@@ -140 +149 @@
 
       <varlistentry>
-        <term><parameter>-D{userdb,homed}=false</parameter></term>
+        <term><parameter>-Dhomed=disabled</parameter> and
+        <parameter>-Duserdb=false</parameter></term>
         <listitem>
           <para>Remove two daemons with dependencies that do not fit
@@ -148 +158 @@
 
       <varlistentry>
-        <term><parameter>-Dman=false</parameter></term>
+        <term><parameter>-Dman=disabled</parameter></term>
         <listitem>
           <para>Prevent the generation of man pages to avoid extra
@@ -188 +198 @@
         </listitem>
       </varlistentry>
+
+      <varlistentry>
+        <term><parameter>-Dsysupdate=disabled</parameter></term>
+        <listitem>
+          <para>Do not install the <command>systemd-sysupdate</command>
+          tool.  It's designed for automatically upgrading binary distros,
+          so it's useless for a basic Linux system built from source.
+          And it will report errors on boot if it's enabled but not properly
+          configured.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><parameter>-Dukify=disabled</parameter></term>
+        <listitem>
+          <para>Do not install the <command>systemd-ukify</command> script.
+          At runtime this script requires the
+          <application>pefile</application> Python module that neither LFS
+          nor BLFS provides.</para>
+        </listitem>
+      </varlistentry>
+
     </variablelist>
 
@@ -214 +246 @@
 
 <screen><userinput remap="adjust">systemctl preset-all</userinput></screen>
-
-    <para>Disable two services for upgrading binary distros.  They are useless for
-    a basic Linux system built from source, and each one will report an error if
-    it's enabled but not configured:</para>
-
-<screen><userinput remap="adjust">systemctl disable systemd-sysupdate{,-reboot}</userinput></screen>
 
 <!-- dev: 50-pid-max.conf is not removed in BLFS, so I commented the following out.