--- configure.ac	2023-05-15 17:58:52.236000000 +0000
+++ configure.ac	2023-05-15 17:58:41.884000000 +0000
@@ -185,6 +185,10 @@ AC_ARG_ENABLE([booth-enable-authfile-uns
 	      [AS_HELP_STRING([--enable-booth-enable-authfile-unset], [Enable support for removing enable-authfile booth option])],
 	      [booth_enable_authfile_unset="yes"])

+AC_ARG_ENABLE([install-embedded],
+	      [AS_HELP_STRING([--enable-install-embedded], [Install embedded gems (default: auto)])],
+	      [install_embedded="auto"])
+
 # this will catch both ID and ID_LIKE from os-release
 AC_ARG_WITH([distro],
 	    [AS_HELP_STRING([--with-distro=DIR], [Set defaults to specified distro. Default: autodetected])],
@@ -370,12 +370,6 @@ AC_DEFUN([PCS_BUNDLE_GEM_NO_CACHE], [
 
 AC_DEFUN([PCS_BUNDLE_GEM], [
 	echo "gem '$1'" >> Gemfile
-	if test "x$cache_only" = "xyes"; then
-		src=`ls $PCSD_BUNDLED_CACHE_DIR/$1-*`
-		if test "x$src" = "x"; then
-			AC_MSG_ERROR([cache only build required but no source detected in $PCSD_BUNDLED_CACHE_DIR])
-		fi
-	fi
 ])
 
 # PCS_CHECK_GEM([module], [version])
@@ -374,7 +374,7 @@ AC_DEFUN([PCS_BUNDLE_GEM], [
 # PCS_CHECK_GEM([module], [version])
 AC_DEFUN([PCS_CHECK_GEM], [
 	if test "x$local_build" = "xyes"; then
-		AC_RUBY_GEM([$1], [$2], [], [PCS_BUNDLE_GEM([$1])])
+		AC_RUBY_GEM([$1], [$2], [PCS_BUNDLE_GEM([$1])], [PCS_BUNDLE_GEM([$1])])
 	else
 		AC_RUBY_GEM([$1], [$2], [], [AC_MSG_ERROR([ruby gem $1 not found])])
 	fi
@@ -417,7 +417,7 @@ AC_SUBST([BUNDLE])
 AC_SUBST([GEM])
 AC_SUBST([GEM_HOME])
 AC_SUBST([SYSTEMD_GEM_HOME])
-AM_CONDITIONAL([INSTALL_EMBEDDED_GEMS], [test -n "$GEM_HOME"])
+AM_CONDITIONAL([INSTALL_EMBEDDED_GEMS], [test -n "$GEM_HOME" -a "x$install_embedded" = "xauto" -o "x$install_embedded" = "xyes"])
 
 AM_CONDITIONAL([ENABLE_DOWNLOAD], [test "x$cache_only" != "xyes"])
 
diff --git a/pcsd/conf/pcsd b/pcsd/conf/pcsd
index a968f459..ca1e1436 100644
--- pcsd/conf/pcsd
+++ pcsd/conf/pcsd
@@ -31,6 +31,11 @@ PCSD_SESSION_LIFETIME=3600
 #PCSD_SSL_OPTIONS='OP_NO_COMPRESSION,OP_CIPHER_SERVER_PREFERENCE,OP_SINGLE_DH_USE,OP_SINGLE_ECDH_USE,OP_NO_SSLv2,OP_NO_SSLv3,OP_NO_TLSv1,OP_NO_TLSv1_1,OP_NO_RENEGOTIATION'
 # set SSL ciphers
 #PCSD_SSL_CIPHERS='DEFAULT:!RC4:!3DES:@STRENGTH'
+# Reject client initiated SSL/TLS renegotiation. Set this to true to make pcsd
+# close a connection when a client requests a renegotiation. For more details
+# about the renegotiation see
+# http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html
+#PCSD_REJECT_SSL_RENEG=false
 
 # Proxy settings for pcsd node to node communication
 # See ENVIRONMENT section in curl(1) man page for more details.
--- pcsd/pcsd.service.in
+++ pcsd/pcsd.service.in
@@ -9,6 +9,8 @@ After=pcsd-ruby.service
 
 [Service]
 EnvironmentFile=@CONF_DIR@/pcsd
+Environment=RUBYLIB=/usr/lib/ruby/site_ruby/pcsd/
+PIDFile=/run/pcsd.pid
 ExecStart=@SBINDIR@/pcsd
 Type=notify