On aarch64 we "leak" a reference to $out/lib/systemd/catalog in the lib
output. The result of that is a dependency cycle between $out and $lib.
Thus nix (rightfully) marks the build as failed. That reference
originates from an array of strings (catalog_file_dirs) in systemd
(src/src/journal/catalog.{c,h}). The only consumer (as of v242) of the
symbol is the main function of journalctl. Still libsystemd.so contains
the VALUE but not the symbol. Systemd seems to be properly using
function & data sections together with the linker flags to garbage
collect unused sections (-Wl,--gc-sections). For unknown reasons those
flags do not eliminate the unused string constants, in this case on
aarch64-linux. The hacky way is to just remove the reference after we
finished compiling. Since it can not be used (there is no symbol to
actually refer to it) there should not be any harm. It is a bit odd and
I really do not like starting these kind of hacks but there doesn't seem
to be a straight forward way at this point in time.
The reference will be replaced by the same reference the usual nukeRefs
tooling uses. The standard tooling can not / should not be uesd since
it is a bit too excessive and could potentially do us some (more) harm.
We are currently not running any tests but building them takes
signitifcant amounts of time since they account to about 40% of all the
compilation targets.
Somewhen between systemd v239 and v242 upstream decided to no longer run
a few system services with `DyanmicUser=1` but failed to provide a
migration path for all the state those services left behind.
For the case of systemd-timesync the state has to be moved from
/var/lib/private/systemd/timesync to /var/lib/systemd/timesync if
/var/lib/systemd/timesync is currently a symlink.
We only do this if the stateVersion is still below 19.09 to avoid
starting to have an ever growing activation script for (then) ancient
systemd migrations that are no longer required.
See https://github.com/systemd/systemd/issues/12131 for details about
the missing migration path and related discussion.
With systemd v242 using the `Gateway` attribute of the `[Network]`
section will lead to "onlink" routes on all the device that are matched
by the default configuration (typically all devices) causing multiple
default routes (even on localhost).
We can only avoid that - while keeping our default route option - when
we mark the route as explicitly not on link. Only gateways that are
within a subnet of one of the assigned interface addresses will be
installed into the routing table.
With the systemd update to v242 five lines are not longer sufficient to
verify that the storage was verified. In order to reduce future test
failures increasing it to 10 lines sounds like a sane amount.
The udev rules we are shipping no longer work with systemd v242 and were
remove upstream some time ago. It seems like the entire renaming is now
done in C and not in the udev rules.
Changelog:
https://cryptography.io/en/latest/changelog/#v2-7
Important changes:
- BACKWARDS INCOMPATIBLE: We no longer distribute 32-bit manylinux1
wheels. Continuing to produce them was a maintenance burden.
- BACKWARDS INCOMPATIBLE: Removed the
cryptography.hazmat.primitives.mac.MACContext interface.
The CMAC and HMAC APIs have not changed, but they are no longer
registered as MACContext instances.