diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use index e2690ee99f..7de235cf76 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use @@ -144,3 +144,6 @@ net-firewall/iptables nftables # Install `perl` with a minimal set of dependencies dev-lang/perl minimal + +# Disable cgroup-hybrid as we use the unified mode +sys-apps/systemd -cgroup-hybrid diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild index 5de14d7d0d..72c9986e90 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild @@ -9,7 +9,7 @@ CROS_WORKON_REPO="git://github.com" if [[ "${PV}" == 9999 ]]; then KEYWORDS="~amd64 ~arm ~arm64 ~x86" else - CROS_WORKON_COMMIT="02af6a455750d698d3af3397d55595adf63c1217" # flatcar-master + CROS_WORKON_COMMIT="8b127fd75007c9f3571f017dd0be6e1dff5d36ae" # flatcar-master KEYWORDS="amd64 arm arm64 x86" fi diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest index 898251c412..1beb0c7be1 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest @@ -1 +1 @@ -DIST systemd-stable-247.9.tar.gz 9915803 BLAKE2B cca6a40dac78d48eb0f7752e96b19894baff1cd462b8a3001e121820ca792a4752c03d725e13d91f238ce26980c62b1830b49e56ae7bfdc7b48b838508810163 SHA512 61cd36bec931a3550c9d25abd86d12b031d55cebf3c31eb08805947484aa93d215e3d12227cd41131a26c2a6024a74b1fef5cd4929e6240f916279bfbfc67116 +DIST systemd-stable-249.3.tar.gz 10592081 BLAKE2B e780ffeedbe916c8c633937475b14586023f80e438f9afcdce264ae97e34443567af2c35cba16e19f8456f40e5a16ce71e6cdd61b1d7995cb99fbfbdb4700aac SHA512 06cf03e448f0a311cca5faa2c3e75087355441514dc3d7d6d7f0924b27cdd21867d0dbb33ff2e9451e2ae90eb6fb206c77539805f30c7e54f6a1e7b6800c0120 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/README b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/README deleted file mode 100644 index 6449bb5dbb..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/README +++ /dev/null @@ -1,13 +0,0 @@ -= CoreOS systemd packages - -The systemd git repo lives in src/third_party/systemd and is normally -checked out to the 'master' branch by repo and the live ebuild, -systemd-9999, will build the master branch. Release ebuilds must -specify a specific git commit to build which may be the upstream tagged -commit (e.g. v218) or a commit on one of the CoreOS release branches -(e.g. v218-coreos). If you want to use cros-workon and the live ebuild -to test new changes to a release branch it is up to you to check out -that branch in src/third_party/systemd and be warned: a repo sync will -always switch back to master. I don't have a particularly good -recommendation for dealing with this, repo thinks it should be -authoritative when in fact it is the ebuilds that are authoritative. diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-wait-online-set-any-by-default.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-wait-online-set-any-by-default.patch index 23670cd96f..2e3d001c64 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-wait-online-set-any-by-default.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-wait-online-set-any-by-default.patch @@ -15,18 +15,18 @@ earlier) for the original implementation. 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/network/wait-online/wait-online.c b/src/network/wait-online/wait-online.c -index cfd9093f1a..3c67e3a379 100644 +index 1b24b6f1a6..dedbd50725 100644 --- a/src/network/wait-online/wait-online.c +++ b/src/network/wait-online/wait-online.c -@@ -19,7 +19,7 @@ static usec_t arg_timeout = 120 * USEC_PER_SEC; - static Hashmap *arg_interfaces = NULL; +@@ -20,7 +20,7 @@ static Hashmap *arg_interfaces = NULL; static char **arg_ignore = NULL; static LinkOperationalStateRange arg_required_operstate = { _LINK_OPERSTATE_INVALID, _LINK_OPERSTATE_INVALID }; + static AddressFamily arg_required_family = ADDRESS_FAMILY_NO; -static bool arg_any = false; +static bool arg_any = true; - + STATIC_DESTRUCTOR_REGISTER(arg_interfaces, hashmap_free_free_freep); STATIC_DESTRUCTOR_REGISTER(arg_ignore, strv_freep); --- -2.26.2 +-- +2.30.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-networkd-default-to-kernel-IPForwarding-setting.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-networkd-default-to-kernel-IPForwarding-setting.patch index 053617f485..ac52e2cf5b 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-networkd-default-to-kernel-IPForwarding-setting.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-networkd-default-to-kernel-IPForwarding-setting.patch @@ -8,17 +8,17 @@ Subject: [PATCH 2/5] networkd: default to "kernel" IPForwarding setting 1 file changed, 1 insertion(+) diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c -index 3254641461..4f34daa919 100644 +index 850b4f449e..951c2d0815 100644 --- a/src/network/networkd-network.c +++ b/src/network/networkd-network.c -@@ -410,6 +410,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi +@@ -398,6 +398,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi .ipv6ll_address_gen_mode = _IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_INVALID, .ipv4_accept_local = -1, + .ip_forward = _ADDRESS_FAMILY_INVALID, + .ipv4_route_localnet = -1, .ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO, .ipv6_accept_ra = -1, - .ipv6_dad_transmits = -1, -- -2.26.2 +2.30.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0009-core-handle-lookup-paths-being-symlinks.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0009-core-handle-lookup-paths-being-symlinks.patch new file mode 100644 index 0000000000..6bed0f164b --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0009-core-handle-lookup-paths-being-symlinks.patch @@ -0,0 +1,84 @@ +From 67d9962aa637401a1332069b6c8ad99a54e2b451 Mon Sep 17 00:00:00 2001 +From: Sayan Chowdhury +Date: Wed, 8 Sep 2021 12:10:35 +0530 +Subject: [PATCH] core: handle lookup paths being symlinks + +With a recent change paths leaving the statically known lookup paths +would be treated differently then those that remained within those. That +was done (AFAIK) to consistently handle alias names. Unfortunately that +means that on some distributions, especially those where /etc/ consists +mostly of symlinks, would trigger that new detection for every single +unit in /etc/systemd/system. The reason for that is that the units +directory itself is already a symlink. + +Original Patch from: https://github.com/systemd/systemd/pull/20479 + +Signed-off-by: Sayan Chowdhury +--- + src/basic/unit-file.c | 33 +++++++++++++++++++++++++++++++-- + 1 file changed, 31 insertions(+), 2 deletions(-) + +diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c +index 884a0674a9..3ae2a115d0 100644 +--- a/src/basic/unit-file.c ++++ b/src/basic/unit-file.c +@@ -254,6 +254,7 @@ int unit_file_build_name_map( + + _cleanup_hashmap_free_ Hashmap *ids = NULL, *names = NULL; + _cleanup_set_free_free_ Set *paths = NULL; ++ _cleanup_strv_free_ char **expanded_search_paths = NULL; + uint64_t timestamp_hash; + char **dir; + int r; +@@ -273,6 +274,34 @@ int unit_file_build_name_map( + return log_oom(); + } + ++ /* Go over all our search paths, chase their symlinks and store the ++ * result in the expanded_search_paths list. ++ * ++ * This is important for cases where any of the unit directories itself ++ * are symlinks into other directories and would therefore cause all of ++ * the unit files to be recognized as linked units. ++ * ++ * This is important for distributions such as NixOS where most paths ++ * in /etc/ are symlinks to some other location on the filesystem (e.g. ++ * into /nix/store/). ++ */ ++ STRV_FOREACH(dir, (char**) lp->search_path) { ++ _cleanup_free_ char *resolved_dir = NULL; ++ r = strv_extend(&expanded_search_paths, *dir); ++ if (r < 0) ++ return log_oom(); ++ ++ r = chase_symlinks(*dir, NULL, 0, &resolved_dir, NULL); ++ if (r < 0) { ++ if (r != -ENOENT) ++ log_warning_errno(r, "Failed to resolve symlink %s, ignoring: %m", *dir); ++ continue; ++ } ++ ++ if (strv_consume(&expanded_search_paths, TAKE_PTR(resolved_dir)) < 0) ++ return log_oom(); ++ } ++ + STRV_FOREACH(dir, (char**) lp->search_path) { + struct dirent *de; + _cleanup_closedir_ DIR *d = NULL; +@@ -351,11 +380,11 @@ int unit_file_build_name_map( + continue; + } + +- /* Check if the symlink goes outside of our search path. ++ /* Check if the symlink goes outside of our (expanded) search path. + * If yes, it's a linked unit file or mask, and we don't care about the target name. + * Let's just store the link source directly. + * If not, let's verify that it's a good symlink. */ +- char *tail = path_startswith_strv(simplified, lp->search_path); ++ char *tail = path_startswith_strv(simplified, expanded_search_paths); + if (!tail) { + log_debug("%s: linked unit file: %s → %s", + __func__, filename, simplified); +-- +2.30.2 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/249-libudev-static.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/249-libudev-static.patch new file mode 100644 index 0000000000..73375b716e --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/249-libudev-static.patch @@ -0,0 +1,26 @@ +From f2c57d4f3805775e0ffdc80ce578eaa737017d31 Mon Sep 17 00:00:00 2001 +From: Mike Gilbert +Date: Fri, 9 Jul 2021 13:05:23 -0400 +Subject: [PATCH] libudev: add "Libs.private: -lrt -pthread" to libudev.pc + +This resolves a failure when linking cryptsetup.static against libudev.a. + +``` +libtool: link: x86_64-pc-linux-gnu-gcc -Wall -O2 -pipe -march=amdfam10 -static -O2 -o cryptsetup.static lib/utils_crypt.o lib/utils_loop.o lib/utils_io.o lib/utils_blkid.o src/utils_tools.o src/utils_password.o src/utils_luks2.o src/utils_blockdev.o src/cryptsetup.o -pthread -pthread -Wl,--as-needed ./.libs/libcryptsetup.a -largon2 -lrt -ljson-c -lpopt -luuid -lblkid -lssl -lcrypto -lz -ldl -ldevmapper -lm -lpthread -ludev -pthread +/usr/lib/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../x86_64-pc-linux-gnu/bin/ld: /usr/lib/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../lib64/libudev.a(src_libsystemd_sd-daemon_sd-daemon.c.o): in function `sd_is_mq': +(.text.sd_is_mq+0x3a): undefined reference to `mq_getattr' +``` +--- + src/libudev/libudev.pc.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/libudev/libudev.pc.in b/src/libudev/libudev.pc.in +index 89028aaa6bf2..1d6487fa4084 100644 +--- a/src/libudev/libudev.pc.in ++++ b/src/libudev/libudev.pc.in +@@ -16,4 +16,5 @@ Name: libudev + Description: Library to access udev device information + Version: {{PROJECT_VERSION}} + Libs: -L${libdir} -ludev ++Libs.private: -lrt -pthread + Cflags: -I${includedir} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf index 013c8e1634..17587de5aa 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf @@ -1,4 +1,5 @@ d /etc/binfmt.d - - - - - +d /etc/kernel/install.d - - - - - d /etc/modules-load.d - - - - - d /etc/sysctl.d - - - - - d /etc/systemd - - - - - @@ -7,4 +8,7 @@ d /etc/systemd/system - - - - - d /etc/systemd/user - - - - - d /etc/tmpfiles.d - - - - - d /etc/sysusers.d - - - - - +d /etc/udev/hwdb.d - - - - - +d /etc/udev/rules.d - - - - - +d /var/lib/systemd - - - - - d /var/log/journal/remote - systemd-journal-remote systemd-journal-remote - - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-user.pam b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-user.pam new file mode 100644 index 0000000000..38ae3211f8 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-user.pam @@ -0,0 +1,5 @@ +account include system-auth + +session required pam_loginuid.so +session include system-auth +session optional pam_systemd.so diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml index ad89da6658..cb86e5b1d2 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml @@ -11,21 +11,27 @@ Enable AppArmor support Enable support for sys-process/audit + Default to hybrid (legacy) cgroup hierarchy instead of unified (modern). Enable support for uploading journals Enable cryptsetup tools (includes unit generator for crypttab) + Enable DNS-over-TLS support Enable EFI boot manager and stub loader (built using sys-boot/gnu-efi) Enable coredump stacktraces in the journal Enable sealing of journal files using gcrypt + Enable portable home directories Enable embedded HTTP server in journald + Enable support for the hardware database Enable import daemon Enable kernel module loading via sys-apps/kmod - If IDN support is enabled, use net-dns/libidn2 instead of net-dns/libidn Enable lz4 compression for the journal Enable support for network address translation in networkd + Enable PKCS#11 support for cryptsetup and homed + Enable password quality checking in homed + Enable support for growing/adding partitions Enable qrcode output support in journal Install resolvconf symlink for systemd-resolve Install sysvinit compatibility symlinks and manpages for init, telinit, halt, poweroff, reboot, runlevel, and shutdown - Enable this if /bin and /usr/bin are separate directories + Enable TPM support Disable Gentoo-specific behavior and compatibility quirks Depend on x11-libs/libxkbcommon to allow logind to control the X11 keymap diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-247.9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-249.3.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-247.9.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-249.3.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild index 50f08d2885..e2fb46fa05 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild @@ -1,11 +1,9 @@ -# Copyright 2011-2020 Gentoo Authors +# Copyright 2011-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -# Flatcar: Based on systemd-246-r2.ebuild from commit -# 4bf7b81548f70cbf7ce5ae377e85fd21ae259ce7 in gentoo repo (see -# https://gitweb.gentoo.org/repo/gentoo.git/plain/sys-apps/systemd/systemd-246-r2.ebuild?id=4bf7b81548f70cbf7ce5ae377e85fd21ae259ce7). - EAPI=7 +# Flatcar: We still have python 3.6. +PYTHON_COMPAT=( python3_{5,6,7} ) if [[ ${PV} == 9999 ]]; then EGIT_REPO_URI="https://github.com/systemd/systemd.git" @@ -20,27 +18,24 @@ else MY_P=${MY_PN}-${MY_PV} S=${WORKDIR}/${MY_P} SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 sparc x86" + KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~riscv sparc x86" fi -# Flatcar: We still have python 3.5, and have no python3.8 yet. -PYTHON_COMPAT=( python3_{5,6,7} ) - -inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev user +# Flatcar: We don't use gen_usr_ldscript so dropping usr-ldscript +inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev user DESCRIPTION="System and service manager for Linux" HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd" LICENSE="GPL-2 LGPL-2.1 MIT public-domain" SLOT="0/2" -# Flatcar: Dropped cgroup-hybrid. We use legacy hierarchy by default -# to keep docker working. Dropped static-libs, we don't care about -# static libraries. -IUSE="acl apparmor audit build cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux +split-usr ssl +sysv-utils test vanilla xkb +zstd" +# Flatcar: Dropped static-libs, we don't care about static libraries. +IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd" REQUIRED_USE=" - homed? ( cryptsetup ) + homed? ( cryptsetup pam ) importd? ( curl gcrypt lzma ) + pwquality? ( homed ) " RESTRICT="!test? ( test )" @@ -50,6 +45,7 @@ OPENSSL_DEP=">=dev-libs/openssl-1.1.0:0=" COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] sys-libs/libcap:0=[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] acl? ( sys-apps/acl:0= ) apparmor? ( sys-libs/libapparmor:0= ) audit? ( >=sys-process/audit-2:0= ) @@ -60,8 +56,8 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) homed? ( ${OPENSSL_DEP} ) http? ( - >=net-libs/libmicrohttpd-0.9.33:0= - ssl? ( >=net-libs/gnutls-3.1.4:0= ) + >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] + >=net-libs/gnutls-3.1.4:0= ) idn? ( net-dns/libidn2:= ) importd? ( @@ -69,7 +65,7 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] sys-libs/zlib:0= ) kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-1.9.3-r1:0=[${MULTILIB_USEDEP}] ) + lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) nat? ( net-firewall/iptables:0= ) pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) @@ -80,12 +76,38 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] repart? ( ${OPENSSL_DEP} ) seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) selinux? ( sys-libs/libselinux:0= ) + tpm? ( app-crypt/tpm2-tss:0= ) xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) " +# Newer linux-headers needed by ia64, bug #480218 +DEPEND="${COMMON_DEPEND} + >=sys-kernel/linux-headers-${MINKV} + gnuefi? ( >=sys-boot/gnu-efi-3.0.2 ) +" + +# Flatcar: We drop a few of the acct-group and acct-user as the gid provided by +# the upstream does not match with the ones we carry in baselayout. RDEPEND="${COMMON_DEPEND} - sysv-utils? ( !sys-apps/sysvinit ) + >=acct-group/adm-0-r1 + >=acct-group/wheel-0-r1 + >=acct-group/kmem-0-r1 + >=acct-group/tty-0-r1 + >=acct-group/utmp-0-r1 + >=acct-group/kvm-0-r1 + acct-group/sgx + acct-group/users + >=acct-user/root-0-r1 + acct-user/nobody + >=acct-user/systemd-coredump-0-r1 + acct-user/systemd-oom + >=acct-user/systemd-timesync-0-r1 + selinux? ( sec-policy/selinux-base-policy[systemd] ) + sysv-utils? ( + !sys-apps/openrc[sysv-utils(-)] + !sys-apps/sysvinit + ) !sysv-utils? ( sys-apps/sysvinit ) resolvconf? ( !net-dns/openresolv ) !build? ( || ( @@ -95,13 +117,14 @@ RDEPEND="${COMMON_DEPEND} ) ) !sys-auth/nss-myhostname !sys-fs/eudev + !sys-fs/udev " # sys-apps/dbus: the daemon only (+ build-time lib dep for tests) # -# Flatcar: We don't have sys-fs/udev-init-scripts-25, so it's dropped. +# Flatcar: We don't have sys-fs/udev-init-scripts-34, so it's dropped. PDEPEND=">=sys-apps/dbus-1.9.8[systemd] - hwdb? ( >=sys-apps/hwids-20150417[udev] ) + hwdb? ( sys-apps/hwids[systemd(+),udev] ) policykit? ( sys-auth/polkit ) !vanilla? ( sys-apps/gentoo-systemd-integration )" @@ -109,22 +132,30 @@ BDEPEND=" app-arch/xz-utils:0 dev-util/gperf >=dev-util/meson-0.46 - >=dev-util/intltool-0.50 >=sys-apps/coreutils-8.16 - sys-devel/m4 + sys-devel/gettext virtual/pkgconfig - test? ( sys-apps/dbus ) + test? ( + app-text/tree + dev-lang/perl + sys-apps/dbus + ) app-text/docbook-xml-dtd:4.2 app-text/docbook-xml-dtd:4.5 app-text/docbook-xsl-stylesheets dev-libs/libxslt:0 + $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]') $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') " python_check_deps() { + has_version -b "dev-python/jinja[${PYTHON_USEDEP}]" && has_version -b "dev-python/lxml[${PYTHON_USEDEP}]" } +QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" +QA_EXECSTACK="usr/lib/systemd/boot/efi/*" + pkg_pretend() { if [[ ${MERGE_TYPE} != buildonly ]]; then if use test && has pid-sandbox ${FEATURES}; then @@ -183,11 +214,13 @@ src_prepare() { # Add local patches here PATCHES+=( # Flatcar: Adding our own patches here. + "${FILESDIR}/249-libudev-static.patch" "${FILESDIR}/0004-wait-online-set-any-by-default.patch" "${FILESDIR}/0005-networkd-default-to-kernel-IPForwarding-setting.patch" "${FILESDIR}/0006-needs-update-don-t-require-strictly-newer-usr.patch" "${FILESDIR}/0007-core-use-max-for-DefaultTasksMax.patch" "${FILESDIR}/0008-systemd-Disable-SELinux-permissions-checks.patch" + "${FILESDIR}/0009-core-handle-lookup-paths-being-symlinks.patch" ) # Flatcar: We carry our own patches, we don't use the ones @@ -200,7 +233,7 @@ src_prepare() { # See https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/#known-issues # This means that users who need split DNS to work should point /etc/resolv.conf back to /run/systemd/resolve/stub-resolv.conf # (and if using K8s configure the kubelet resolvConf variable/--resolv-conf flag to /run/systemd/resolve/resolv.conf). - sed -i -e 's,/run/systemd/resolve/stub-resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/etc.conf.m4 || die + sed -i -e 's,/run/systemd/resolve/stub-resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/etc.conf.in || die default } @@ -214,26 +247,6 @@ src_configure() { multilib-minimal_src_configure } -meson_use() { - usex "$1" true false -} - -meson_multilib() { - if multilib_is_native_abi; then - echo true - else - echo false - fi -} - -meson_multilib_native_use() { - if multilib_is_native_abi && use "$1"; then - echo true - else - echo false - fi -} - multilib_src_configure() { local myconf=( --localstatedir="${EPREFIX}/var" @@ -243,54 +256,51 @@ multilib_src_configure() { # avoid bash-completion dep -Dbashcompletiondir="$(get_bashcompdir)" # make sure we get /bin:/sbin in PATH - -Dsplit-usr=$(usex split-usr true false) + $(meson_use split-usr) -Dsplit-bin=true -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" # Avoid infinite exec recursion, bug 642724 -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" - # no deps - # - # Flatcar: TODO: We have no clue why this was dropped - # from upstream, so we keep it until we understand - # more. - -Defi=$(meson_multilib) -Dima=true - # Flatcar: Use unified hierarchy now that docker-20.10 is available - -Ddefault-hierarchy=unified + -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) # Optional components/dependencies - -Dacl=$(meson_multilib_native_use acl) - -Dapparmor=$(meson_multilib_native_use apparmor) - -Daudit=$(meson_multilib_native_use audit) - -Dlibcryptsetup=$(meson_multilib_native_use cryptsetup) - -Dlibcurl=$(meson_multilib_native_use curl) - -Delfutils=$(meson_multilib_native_use elfutils) - -Dgcrypt=$(meson_use gcrypt) - -Dgnu-efi=$(meson_multilib_native_use gnuefi) + $(meson_native_use_bool acl) + $(meson_native_use_bool apparmor) + $(meson_native_use_bool audit) + $(meson_native_use_bool cryptsetup libcryptsetup) + $(meson_native_use_bool curl libcurl) + $(meson_native_use_bool dns-over-tls dns-over-tls) + $(meson_native_use_bool elfutils) + $(meson_use gcrypt) + $(meson_native_use_bool gnuefi gnu-efi) + -Defi-includedir="${ESYSROOT}/usr/include/efi" + -Defi-ld="$(tc-getLD)" -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)" - -Dhomed=$(meson_multilib_native_use homed) - -Dhwdb=$(meson_multilib_native_use hwdb) - -Dmicrohttpd=$(meson_multilib_native_use http) - -Didn=$(meson_multilib_native_use idn) - -Dimportd=$(meson_multilib_native_use importd) - -Dbzip2=$(meson_multilib_native_use importd) - -Dzlib=$(meson_multilib_native_use importd) - -Dkmod=$(meson_multilib_native_use kmod) - -Dlz4=$(meson_use lz4) - -Dxz=$(meson_use lzma) - -Dzstd=$(meson_use zstd) - -Dlibiptc=$(meson_multilib_native_use nat) - -Dpam=$(meson_use pam) - -Dp11kit=$(meson_multilib_native_use pkcs11) - -Dpcre2=$(meson_multilib_native_use pcre) - -Dpolkit=$(meson_multilib_native_use policykit) - -Dpwquality=$(meson_multilib_native_use pwquality) - -Dqrencode=$(meson_multilib_native_use qrcode) - -Drepart=$(meson_multilib_native_use repart) - -Dseccomp=$(meson_multilib_native_use seccomp) - -Dselinux=$(meson_multilib_native_use selinux) - -Ddbus=$(meson_multilib_native_use test) - -Dxkbcommon=$(meson_multilib_native_use xkb) + $(meson_native_use_bool homed) + $(meson_native_use_bool hwdb) + $(meson_native_use_bool http microhttpd) + $(meson_native_use_bool idn) + $(meson_native_use_bool importd) + $(meson_native_use_bool importd bzip2) + $(meson_native_use_bool importd zlib) + $(meson_native_use_bool kmod) + $(meson_use lz4) + $(meson_use lzma xz) + $(meson_use zstd) + $(meson_native_use_bool nat libiptc) + $(meson_use pam) + $(meson_native_use_bool pkcs11 p11kit) + $(meson_native_use_bool pcre pcre2) + $(meson_native_use_bool policykit polkit) + $(meson_native_use_bool pwquality) + $(meson_native_use_bool qrcode qrencode) + $(meson_native_use_bool repart) + $(meson_native_use_bool seccomp) + $(meson_native_use_bool selinux) + $(meson_native_use_bool tpm tpm2) + $(meson_native_use_bool test dbus) + $(meson_native_use_bool xkb xkbcommon) # Flatcar: Use our ntp servers. -Dntp-servers="0.flatcar.pool.ntp.org 1.flatcar.pool.ntp.org 2.flatcar.pool.ntp.org 3.flatcar.pool.ntp.org" # Breaks screen, tmux, etc. @@ -299,25 +309,25 @@ multilib_src_configure() { -Dcreate-log-dirs=false # multilib options - -Dbacklight=$(meson_multilib) - -Dbinfmt=$(meson_multilib) - -Dcoredump=$(meson_multilib) - -Denvironment-d=$(meson_multilib) - -Dfirstboot=$(meson_multilib) - -Dhibernate=$(meson_multilib) - -Dhostnamed=$(meson_multilib) - -Dldconfig=$(meson_multilib) - -Dlocaled=$(meson_multilib) - -Dman=$(meson_multilib) - -Dnetworkd=$(meson_multilib) - -Dquotacheck=$(meson_multilib) - -Drandomseed=$(meson_multilib) - -Drfkill=$(meson_multilib) - -Dsysusers=$(meson_multilib) - -Dtimedated=$(meson_multilib) - -Dtimesyncd=$(meson_multilib) - -Dtmpfiles=$(meson_multilib) - -Dvconsole=$(meson_multilib) + $(meson_native_true backlight) + $(meson_native_true binfmt) + $(meson_native_true coredump) + $(meson_native_true environment-d) + $(meson_native_true firstboot) + $(meson_native_true hibernate) + $(meson_native_true hostnamed) + $(meson_native_true ldconfig) + $(meson_native_true localed) + $(meson_native_true man) + $(meson_native_true networkd) + $(meson_native_true quotacheck) + $(meson_native_true randomseed) + $(meson_native_true rfkill) + $(meson_native_true sysusers) + $(meson_native_true timedated) + $(meson_native_true timesyncd) + $(meson_native_true tmpfiles) + $(meson_native_true vconsole) # Flatcar: Specify this, or meson breaks due to no # /etc/login.defs. @@ -360,19 +370,11 @@ multilib_src_configure() { meson_src_configure "${myconf[@]}" } -multilib_src_compile() { - eninja -} - multilib_src_test() { unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR meson_src_test } -multilib_src_install() { - DESTDIR="${D}" eninja install -} - multilib_src_install_all() { local rootprefix=$(usex split-usr '' /usr) @@ -556,15 +558,7 @@ migrate_locale() { fi } -# Flatcar: save_enabled_units function is dropped, because it's -# unused. When building releases, we assume that there was no systemd -# previously, so there are no units to remember. - pkg_preinst() { - # Flatcar: When building releases, we assume that there was no - # systemd previously, so there are no units to remember, so - # there is no point in calling save_enabled_units. - if ! use split-usr; then local dir for dir in bin sbin lib; do @@ -583,45 +577,20 @@ pkg_preinst() { } pkg_postinst() { - newusergroup() { - enewgroup "$1" - enewuser "$1" -1 -1 -1 "$1" - } - - enewgroup input - enewgroup kvm 78 - enewgroup render 30 - enewgroup systemd-journal - newusergroup systemd-coredump - newusergroup systemd-journal-remote - newusergroup systemd-network - newusergroup systemd-resolve - newusergroup systemd-timesync - newusergroup systemd-oom - - systemd_update_catalog # Keep this here in case the database format changes so it gets updated - # when required. Despite that this file is owned by sys-apps/hwids. - if has_version "sys-apps/hwids[udev]"; then - udevadm hwdb --update --root="${EROOT}" + # when required. + if use hwdb; then + systemd-hwdb --root="${ROOT}" update fi udev_reload || FAIL=1 - # Bug 465468, make sure locales are respect, and ensure consistency + # Bug 465468, make sure locales are respected, and ensure consistency # between OpenRC & systemd migrate_locale - # Flatcar: Dropping the reenabling, since there earlier there - # was no systemd (we are building the release from scratch - # here). The function checks if the unit is enabled before - # running reenable, which in our case results in no action at - # all (because no service is enabled). - - # Flatcar: Dropping handling of ENABLED_UNITS. - # Flatcar: We enable getty and remote-fs targets in /usr # ourselves above.