Remove ldap in initial nsswitch conf, will be added after udev started up

Update to systemd 204
Remove some systemd services that don't make sense in our setup
Add own sysctl defaults

5 files changed, 90 insertions, 23 deletions

diff --git a/remote/modules/pam/data/etc/nsswitch.conf b/remote/modules/pam/data/etc/nsswitch.conf
index 1aa825e6..d270cbac 100644
--- a/remote/modules/pam/data/etc/nsswitch.conf
+++ b/remote/modules/pam/data/etc/nsswitch.conf
@@ -4,8 +4,8 @@
 # If you have the `glibc-doc-reference' and `info' packages installed, try:
 # `info libc "Name Service Switch"' for information about this file.
 
-passwd: files ldap
-group: files ldap
+passwd:		files
+group:		files
 shadow:         files
 
 hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
diff --git a/remote/modules/systemd/data/usr/lib/sysctl.d/50-default.conf b/remote/modules/systemd/data/usr/lib/sysctl.d/50-default.conf
new file mode 100644
index 00000000..6ece04ce
--- /dev/null
+++ b/remote/modules/systemd/data/usr/lib/sysctl.d/50-default.conf
@@ -0,0 +1,39 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+# See sysctl.d(5) and core(5) for for details.
+
+# System Request functionality of the kernel (SYNC)
+kernel.sysrq = 1
+
+# Append the PID to the core filename
+kernel.core_uses_pid = 1
+
+# Source route verification
+net.ipv4.conf.all.rp_filter = 1
+# Do not accept source routing
+net.ipv4.conf.all.accept_source_route = 0
+# protection from the SYN flood attack
+net.ipv4.tcp_syncookies = 1
+# timestamps add a little overhead but are recommended for gbit links
+net.ipv4.tcp_timestamps = 1
+# ignore echo broadcast requests to prevent being part of smurf attacks
+net.ipv4.icmp_echo_ignore_broadcasts = 1
+# ignore bogus icmp errors
+net.ipv4.icmp_ignore_bogus_error_responses = 1
+# send redirects (not a router, disable it)
+net.ipv4.conf.all.send_redirects = 0
+# ICMP routing redirects (only secure)
+net.ipv4.conf.all.accept_redirects = 0
+net.ipv4.conf.all.secure_redirects = 1
+
+# Enable hard and soft link protection
+fs.protected_hardlinks = 1
+fs.protected_symlinks = 1
+
+# A little extra security for local exploits
+kernel.kptr_restrict = 1
diff --git a/remote/modules/systemd/systemd.build b/remote/modules/systemd/systemd.build
index fb56f231..48bd68d1 100644
--- a/remote/modules/systemd/systemd.build
+++ b/remote/modules/systemd/systemd.build
@@ -1,27 +1,35 @@
 #tool/distro specific functions for fetching, building and installing dependencies
 
 fetch_source () {
-	download_untar "$URL" "src/"
-	download_untar "$LIBKMOD_URL" "src/"
+	download_untar "$REQUIRED_URL" "src/"
+	download_untar "$REQUIRED_LIBKMOD_URL" "src/"
 }	
 
 build () {
 	#build libkmod
-	cd "${MODULE_DIR}/src/$LIBKMOD_VERSION"
+	pinfo "Building libkmod"
+	cd "${MODULE_DIR}/src/$REQUIRED_LIBKMOD_VERSION"
 	./configure || perror "./configure kmod failed."
 	make || perror "kmod make failed."
 	make install || perror "kmod make install failed."
 	cd - &> /dev/null
 
 	#build systemd
-	cd "${MODULE_DIR}/src/$VERSION"
+	pinfo "Building systemd"
+	cd "${MODULE_DIR}/src/$REQUIRED_VERSION"
 	pinfo "calling configure"
-	./configure --disable-manpages --enable-split-usr --sysconfdir="/etc" --enable-gtk-doc-html=no || perror "configure failed."
+	./configure --disable-manpages --enable-split-usr --sysconfdir="/etc" --enable-gtk-doc-html=no --disable-nls --disable-microhttpd --disable-bootchart --disable-quotacheck --disable-logind --disable-hostnamed --disable-timedated --disable-localed --disable-coredump --disable-keymap --without-python || perror "configure failed."
 	pinfo "calling make"
 	make || perror "make failed."
 	pinfo "calling make install"
 	DESTDIR="${MODULE_BUILD_DIR}" make install || perror "make install failed."
 	cd - &> /dev/null
+	# Delete unneeded services
+	pinfo "Deleting unneeded services"
+	local SERVICE=
+	for SERVICE in $REQUIRED_DISABLED_SERVICES; do
+		find "${MODULE_BUILD_DIR}" -name "$SERVICE" -delete
+	done
 }
 
 post_copy() {
diff --git a/remote/modules/systemd/systemd.conf b/remote/modules/systemd/systemd.conf
index b5e8370d..7f469be6 100644
--- a/remote/modules/systemd/systemd.conf
+++ b/remote/modules/systemd/systemd.conf
@@ -1,7 +1,29 @@
-VERSION=systemd-197
-URL=http://www.freedesktop.org/software/systemd/${VERSION}.tar.xz
-LIBKMOD_VERSION="kmod-12"
-LIBKMOD_URL="http://www.kernel.org/pub/linux/utils/kernel/kmod/${LIBKMOD_VERSION}.tar.gz"
+REQUIRED_VERSION="systemd-204"
+REQUIRED_URL="http://www.freedesktop.org/software/systemd/${REQUIRED_VERSION}.tar.xz"
+REQUIRED_LIBKMOD_VERSION="kmod-12"
+REQUIRED_LIBKMOD_URL="http://www.kernel.org/pub/linux/utils/kernel/kmod/${REQUIRED_LIBKMOD_VERSION}.tar.gz"
+REQUIRED_DISABLED_SERVICES="
+	tmp.mount
+	time-sync.target
+	systemd-random-seed-save.service
+	systemd-random-seed-load.service
+	local-fs-pre.target
+	local-fs.target
+	local-fs.target.wants
+	systemd-remount-fs.service
+	remote-fs.target
+	remote-fs-pre.target
+	initrd-root-fs.target
+	initrd-fs.target
+	systemd-fsck-root.service
+	systemd-fsck@.service
+	sys-kernel-debug.mount
+	nss-lookup.target
+	nss-user-lookup.target
+	systemd-initctl.service
+	systemd-initctl.socket
+	swap.target
+"
 REQUIRED_INSTALLED_PACKAGES="	intltool
 			gperf
 			dbus
@@ -73,13 +95,13 @@ REQUIRED_BINARIES="	hostnamectl
 			mtd_probe
 			scsi_id
 			v4l_id"
-REQUIRED_DIRECTORIES="	/etc
-			/usr/lib
-			/usr/include
-			/usr/share/dbus-1
-			/usr/share/polkit-1
-			/usr/lib/udev/rules.d"
-REQUIRED_FILES="	/usr/bin/systemd-analyze
-			/usr/share/systemd/kbd-model-map
-			/usr/lib/udev/findkeyboards
-			/usr/lib/udev/keyboard-force-release.sh"
+REQUIRED_DIRECTORIES="
+	/etc
+	/usr/include
+	/usr/share/dbus-1
+	/usr/share/polkit-1
+	/usr/lib/udev
+	/usr/lib/systemd
+	/usr/lib/tmpfiles.d
+"
+
diff --git a/remote/modules/systemd/systemd.conf.zypper b/remote/modules/systemd/systemd.conf.zypper
index de89399e..60038937 100644
--- a/remote/modules/systemd/systemd.conf.zypper
+++ b/remote/modules/systemd/systemd.conf.zypper
@@ -1,5 +1,3 @@
-VERSION=systemd-201
-URL=http://www.freedesktop.org/software/systemd/${VERSION}.tar.xz
 REQUIRED_INSTALLED_PACKAGES="	intltool
 			gperf
 			pkg-config