mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-18 02:16:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

sys-apps/systemd: Apply Flatcar patches

Browse Source 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
This commit is contained in:
Sayan Chowdhury 2021-09-02 09:04:56 +00:00 committed by Sayan Chowdhury
parent ff243aa613
commit 043ef47f5b
10 changed files with 484 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-wait-online-set-any-by-default.patch vendored Normal file
View File

@ -0,0 +1,32 @@
From eb00b0bf1014fd9da26fc1ed2612c579cbcf09ce Mon Sep 17 00:00:00 2001
From: David Michael <dm0@redhat.com>
Date: Tue, 16 Apr 2019 02:44:51 +0000
Subject: [PATCH 1/5] wait-online: set --any by default
The systemd-networkd-wait-online command would normally continue
waiting after a network interface is usable if other interfaces are
still configuring. There is a new flag --any to change this.
Preserve previous Container Linux behavior for compatibility by
setting the --any flag by default. See patches from v241 (or
earlier) for the original implementation.
---
src/network/wait-online/wait-online.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/network/wait-online/wait-online.c b/src/network/wait-online/wait-online.c
index 1b24b6f1a6..dedbd50725 100644
--- a/src/network/wait-online/wait-online.c
+++ b/src/network/wait-online/wait-online.c
@@ -20,7 +20,7 @@ static Hashmap *arg_interfaces = NULL;
static char **arg_ignore = NULL;
static LinkOperationalStateRange arg_required_operstate = { _LINK_OPERSTATE_INVALID, _LINK_OPERSTATE_INVALID };
static AddressFamily arg_required_family = ADDRESS_FAMILY_NO;
-static bool arg_any = false;
+static bool arg_any = true;
STATIC_DESTRUCTOR_REGISTER(arg_interfaces, hashmap_free_free_freep);
STATIC_DESTRUCTOR_REGISTER(arg_ignore, strv_freep);
--
2.30.2

24
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-networkd-default-to-kernel-IPForwarding-setting.patch vendored Normal file
View File

@ -0,0 +1,24 @@
From 9acb14187bacd1d716adaed491813ea1cde12237 Mon Sep 17 00:00:00 2001
From: Nick Owens <nick.owens@coreos.com>
Date: Tue, 2 Jun 2015 18:22:32 -0700
Subject: [PATCH 2/5] networkd: default to "kernel" IPForwarding setting
---
src/network/networkd-network.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index 850b4f449e..951c2d0815 100644
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -398,6 +398,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi
.ipv6ll_address_gen_mode = _IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_INVALID,
.ipv4_accept_local = -1,
+ .ip_forward = _ADDRESS_FAMILY_INVALID,
.ipv4_route_localnet = -1,
.ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO,
.ipv6_accept_ra = -1,
--
2.30.2

58
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-needs-update-don-t-require-strictly-newer-usr.patch vendored Normal file
View File

@ -0,0 +1,58 @@
From e073ce40241db173d160d5d9986129820a98270a Mon Sep 17 00:00:00 2001
From: Alex Crawford <alex.crawford@coreos.com>
Date: Wed, 2 Mar 2016 10:46:33 -0800
Subject: [PATCH 3/5] needs-update: don't require strictly newer usr
Updates should be triggered whenever usr changes, not only when it is newer.
---
man/systemd-update-done.service.xml | 2 +-
src/shared/condition.c | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/man/systemd-update-done.service.xml b/man/systemd-update-done.service.xml
index 3393010ff6..5478baca25 100644
--- a/man/systemd-update-done.service.xml
+++ b/man/systemd-update-done.service.xml
@@ -50,7 +50,7 @@
<varname>ConditionNeedsUpdate=</varname> (see
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
condition to make sure to run when <filename>/etc/</filename> or
- <filename>/var/</filename> are older than <filename>/usr/</filename>
+ <filename>/var/</filename> aren't the same age as <filename>/usr/</filename>
according to the modification times of the files described above.
This requires that updates to <filename>/usr/</filename> are always
followed by an update of the modification time of
diff --git a/src/shared/condition.c b/src/shared/condition.c
index b2ec690bc3..4cf6523b90 100644
--- a/src/shared/condition.c
+++ b/src/shared/condition.c
@@ -593,7 +593,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
* First, compare seconds as they are always accurate...
*/
if (usr.st_mtim.tv_sec != other.st_mtim.tv_sec)
- return usr.st_mtim.tv_sec > other.st_mtim.tv_sec;
+ return true;
/*
* ...then compare nanoseconds.
@@ -604,7 +604,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
* (otherwise the filesystem supports nsec timestamps, see stat(2)).
*/
if (usr.st_mtim.tv_nsec == 0 || other.st_mtim.tv_nsec > 0)
- return usr.st_mtim.tv_nsec > other.st_mtim.tv_nsec;
+ return usr.st_mtim.tv_nsec != other.st_mtim.tv_nsec;
_cleanup_free_ char *timestamp_str = NULL;
r = parse_env_file(NULL, p, "TIMESTAMP_NSEC", &timestamp_str);
@@ -623,7 +623,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
return true;
}
- return timespec_load_nsec(&usr.st_mtim) > timestamp;
+ return timespec_load_nsec(&usr.st_mtim) != timestamp;
}
static int condition_test_first_boot(Condition *c, char **env) {
--
2.26.2

65
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-core-use-max-for-DefaultTasksMax.patch vendored Normal file
View File

@ -0,0 +1,65 @@
From 3acaafc6fcd34b272e5249c49e498ff7facb564e Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <sayan@kinvolk.io>
Date: Thu, 22 Apr 2021 20:08:33 +0530
Subject: [PATCH] core: use max for DefaultTasksMax
Since systemd v228, systemd has a DefaultTasksMax which defaulted
to 512, later 15% of the system's maximum number of PIDs. This
limit is low and a change in behavior that people running services
in containers will hit frequently, so revert to previous behavior.
Though later the TasksMax was changed in the a dynamic property to
accommodate stale values.
This change is built on previous patch by David Michael(dm0-).
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
---
man/systemd-system.conf.xml | 2 +-
src/core/main.c | 2 +-
src/core/system.conf.in | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
index d39928ec23..4d89a68b16 100644
--- a/man/systemd-system.conf.xml
+++ b/man/systemd-system.conf.xml
@@ -376,7 +376,7 @@
<listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for details. This setting applies to all unit types that support resource control settings, with the exception
- of slice units. Defaults to 15% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
+ of slice units. Defaults to 100% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
and root cgroup <varname>pids.max</varname>.
Kernel has a default value for <varname>kernel.pid_max=</varname> and an algorithm of counting in case of more than 32 cores.
For example with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 4915,
diff --git a/src/core/main.c b/src/core/main.c
index 0ddd629851..5e25a1b4b7 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -91,7 +91,7 @@
#include <sanitizer/lsan_interface.h>
#endif
-#define DEFAULT_TASKS_MAX ((TasksMax) { 15U, 100U }) /* 15% */
+#define DEFAULT_TASKS_MAX ((TasksMax) { 100U, 100U }) /* 100% */
static enum {
ACTION_RUN,
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
index fa6fb690c7..1e6df17d94 100644
--- a/src/core/system.conf.in
+++ b/src/core/system.conf.in
@@ -55,7 +55,7 @@
#DefaultBlockIOAccounting=no
#DefaultMemoryAccounting=@MEMORY_ACCOUNTING_DEFAULT@
#DefaultTasksAccounting=yes
-#DefaultTasksMax=15%
+#DefaultTasksMax=100%
#DefaultLimitCPU=
#DefaultLimitFSIZE=
#DefaultLimitDATA=
--
2.30.2

29
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0008-systemd-Disable-SELinux-permissions-checks.patch vendored Normal file
View File

@ -0,0 +1,29 @@
From f83a1a190139d6f7752e0d7c86396330f845b261 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Tue, 20 Dec 2016 16:43:22 +0000
Subject: [PATCH 5/5] systemd: Disable SELinux permissions checks
We don't care about the interaction between systemd and SELinux policy, so
let's just disable these checks rather than having to incorporate policy
support. This has no impact on our SELinux use-case, which is purely intended
to limit containers and not anything running directly on the host.
---
src/core/selinux-access.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
index 1d52b5ff04..1653d241f6 100644
--- a/src/core/selinux-access.c
+++ b/src/core/selinux-access.c
@@ -2,7 +2,7 @@
#include "selinux-access.h"
-#if HAVE_SELINUX
+#if 0
#include <errno.h>
#include <selinux/avc.h>
--
2.26.2

84
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0009-core-handle-lookup-paths-being-symlinks.patch vendored Normal file
View File

@ -0,0 +1,84 @@
From 67d9962aa637401a1332069b6c8ad99a54e2b451 Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <sayan@kinvolk.io>
Date: Wed, 8 Sep 2021 12:10:35 +0530
Subject: [PATCH] core: handle lookup paths being symlinks
With a recent change paths leaving the statically known lookup paths
would be treated differently then those that remained within those. That
was done (AFAIK) to consistently handle alias names. Unfortunately that
means that on some distributions, especially those where /etc/ consists
mostly of symlinks, would trigger that new detection for every single
unit in /etc/systemd/system. The reason for that is that the units
directory itself is already a symlink.
Original Patch from: https://github.com/systemd/systemd/pull/20479
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
---
src/basic/unit-file.c | 33 +++++++++++++++++++++++++++++++--
1 file changed, 31 insertions(+), 2 deletions(-)
diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c
index 884a0674a9..3ae2a115d0 100644
--- a/src/basic/unit-file.c
+++ b/src/basic/unit-file.c
@@ -254,6 +254,7 @@ int unit_file_build_name_map(
_cleanup_hashmap_free_ Hashmap *ids = NULL, *names = NULL;
_cleanup_set_free_free_ Set *paths = NULL;
+ _cleanup_strv_free_ char **expanded_search_paths = NULL;
uint64_t timestamp_hash;
char **dir;
int r;
@@ -273,6 +274,34 @@ int unit_file_build_name_map(
return log_oom();
}
+ /* Go over all our search paths, chase their symlinks and store the
+ * result in the expanded_search_paths list.
+ *
+ * This is important for cases where any of the unit directories itself
+ * are symlinks into other directories and would therefore cause all of
+ * the unit files to be recognized as linked units.
+ *
+ * This is important for distributions such as NixOS where most paths
+ * in /etc/ are symlinks to some other location on the filesystem (e.g.
+ * into /nix/store/).
+ */
+ STRV_FOREACH(dir, (char**) lp->search_path) {
+ _cleanup_free_ char *resolved_dir = NULL;
+ r = strv_extend(&expanded_search_paths, *dir);
+ if (r < 0)
+ return log_oom();
+
+ r = chase_symlinks(*dir, NULL, 0, &resolved_dir, NULL);
+ if (r < 0) {
+ if (r != -ENOENT)
+ log_warning_errno(r, "Failed to resolve symlink %s, ignoring: %m", *dir);
+ continue;
+ }
+
+ if (strv_consume(&expanded_search_paths, TAKE_PTR(resolved_dir)) < 0)
+ return log_oom();
+ }
+
STRV_FOREACH(dir, (char**) lp->search_path) {
struct dirent *de;
_cleanup_closedir_ DIR *d = NULL;
@@ -351,11 +380,11 @@ int unit_file_build_name_map(
continue;
}
- /* Check if the symlink goes outside of our search path.
+ /* Check if the symlink goes outside of our (expanded) search path.
* If yes, it's a linked unit file or mask, and we don't care about the target name.
* Let's just store the link source directly.
* If not, let's verify that it's a good symlink. */
- char *tail = path_startswith_strv(simplified, lp->search_path);
+ char *tail = path_startswith_strv(simplified, expanded_search_paths);
if (!tail) {
log_debug("%s: linked unit file: %s → %s",
__func__, filename, simplified);
--
2.30.2

2
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-default.preset vendored Normal file
View File

@ -0,0 +1,2 @@
# Do not enable any services if /etc is detected as empty.
disable *

14
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf vendored Normal file
View File

@ -0,0 +1,14 @@
d /etc/binfmt.d - - - - -
d /etc/kernel/install.d - - - - -
d /etc/modules-load.d - - - - -
d /etc/sysctl.d - - - - -
d /etc/systemd - - - - -
d /etc/systemd/network - - - - -
d /etc/systemd/system - - - - -
d /etc/systemd/user - - - - -
d /etc/tmpfiles.d - - - - -
d /etc/sysusers.d - - - - -
d /etc/udev/hwdb.d - - - - -
d /etc/udev/rules.d - - - - -
d /var/lib/systemd - - - - -
d /var/log/journal/remote - systemd-journal-remote systemd-journal-remote - -

2
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-resolv.conf vendored Normal file
View File

@ -0,0 +1,2 @@
d /run/systemd/network - - - - -
L /run/systemd/network/resolv.conf - - - - ../resolve/resolv.conf

240
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild vendored
View File

@ -2,7 +2,8 @@
# Distributed under the terms of the GNU General Public License v2
EAPI=7
PYTHON_COMPAT=( python3_{8..10} )
# Flatcar: We still have python 3.6.
PYTHON_COMPAT=( python3_{5,6,7} )
if [[ ${PV} == 9999 ]]; then
EGIT_REPO_URI="https://github.com/systemd/systemd.git"
@ -17,17 +18,19 @@ else
MY_P=${MY_PN}-${MY_PV}
S=${WORKDIR}/${MY_P}
SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~riscv sparc x86"
fi
inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev usr-ldscript
# Flatcar: We don't use gen_usr_ldscript so dropping usr-ldscript
inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev user
DESCRIPTION="System and service manager for Linux"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
SLOT="0/2"
IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr static-libs +sysv-utils test tpm vanilla xkb +zstd"
# Flatcar: Dropped static-libs, we don't care about static libraries.
IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd"
REQUIRED_USE="
homed? ( cryptsetup pam )
@ -84,35 +87,22 @@ DEPEND="${COMMON_DEPEND}
gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
"
# baselayout-2.2 has /run
# Flatcar: We drop a few of the acct-group and acct-user as the gid provided by
# the upstream does not match with the ones we carry in baselayout.
RDEPEND="${COMMON_DEPEND}
>=acct-group/adm-0-r1
>=acct-group/wheel-0-r1
>=acct-group/kmem-0-r1
>=acct-group/tty-0-r1
>=acct-group/utmp-0-r1
>=acct-group/audio-0-r1
>=acct-group/cdrom-0-r1
>=acct-group/dialout-0-r1
>=acct-group/disk-0-r1
>=acct-group/input-0-r1
>=acct-group/kvm-0-r1
>=acct-group/lp-0-r1
>=acct-group/render-0-r1
acct-group/sgx
>=acct-group/tape-0-r1
acct-group/users
>=acct-group/video-0-r1
>=acct-group/systemd-journal-0-r1
>=acct-user/root-0-r1
acct-user/nobody
>=acct-user/systemd-journal-remote-0-r1
>=acct-user/systemd-coredump-0-r1
>=acct-user/systemd-network-0-r1
acct-user/systemd-oom
>=acct-user/systemd-resolve-0-r1
>=acct-user/systemd-timesync-0-r1
>=sys-apps/baselayout-2.2
selinux? ( sec-policy/selinux-base-policy[systemd] )
sysv-utils? (
!sys-apps/openrc[sysv-utils(-)]
@ -131,9 +121,10 @@ RDEPEND="${COMMON_DEPEND}
"
# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
#
# Flatcar: We don't have sys-fs/udev-init-scripts-34, so it's dropped.
PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
hwdb? ( sys-apps/hwids[systemd(+),udev] )
>=sys-fs/udev-init-scripts-34
policykit? ( sys-auth/polkit )
!vanilla? ( sys-apps/gentoo-systemd-integration )"
@ -222,15 +213,27 @@ src_prepare() {
# Add local patches here
PATCHES+=(
# Flatcar: Adding our own patches here.
"${FILESDIR}/249-libudev-static.patch"
"${FILESDIR}/0004-wait-online-set-any-by-default.patch"
"${FILESDIR}/0005-networkd-default-to-kernel-IPForwarding-setting.patch"
"${FILESDIR}/0006-needs-update-don-t-require-strictly-newer-usr.patch"
"${FILESDIR}/0007-core-use-max-for-DefaultTasksMax.patch"
"${FILESDIR}/0008-systemd-Disable-SELinux-permissions-checks.patch"
"${FILESDIR}/0009-core-handle-lookup-paths-being-symlinks.patch"
)
if ! use vanilla; then
PATCHES+=(
"${FILESDIR}/gentoo-generator-path-r2.patch"
"${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
"${FILESDIR}/gentoo-journald-audit.patch"
)
fi
# Flatcar: We carry our own patches, we don't use the ones
# from Gentoo. Thus we dropped the `if ! use vanilla` code
# here.
# Flatcar: The Kubelet takes /etc/resolv.conf for, e.g., CoreDNS which has dnsPolicy "default", but unless
# the kubelet --resolv-conf flag is set to point to /run/systemd/resolve/resolv.conf this won't work with
# /etc/resolv.conf pointing to /run/systemd/resolve/stub-resolv.conf which configures 127.0.0.53.
# See https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/#known-issues
# This means that users who need split DNS to work should point /etc/resolv.conf back to /run/systemd/resolve/stub-resolv.conf
# (and if using K8s configure the kubelet resolvConf variable/--resolv-conf flag to /run/systemd/resolve/resolv.conf).
sed -i -e 's,/run/systemd/resolve/stub-resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/etc.conf.in || die
default
}
@ -247,7 +250,8 @@ src_configure() {
multilib_src_configure() {
local myconf=(
--localstatedir="${EPREFIX}/var"
-Dsupport-url="https://gentoo.org/support/"
# Flatcar: Point to our user mailing list.
-Dsupport-url="https://groups.google.com/forum/#!forum/flatcar-linux-user"
-Dpamlibdir="$(getpam_mod_dir)"
# avoid bash-completion dep
-Dbashcompletiondir="$(get_bashcompdir)"
@ -258,7 +262,6 @@ multilib_src_configure() {
-Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
# Avoid infinite exec recursion, bug 642724
-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
# no deps
-Dima=true
-Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
# Optional components/dependencies
@ -298,9 +301,11 @@ multilib_src_configure() {
$(meson_native_use_bool tpm tpm2)
$(meson_native_use_bool test dbus)
$(meson_native_use_bool xkb xkbcommon)
-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
# Flatcar: Use our ntp servers.
-Dntp-servers="0.flatcar.pool.ntp.org 1.flatcar.pool.ntp.org 2.flatcar.pool.ntp.org 3.flatcar.pool.ntp.org"
# Breaks screen, tmux, etc.
-Ddefault-kill-user-processes=false
# Flatcar: TODO: Investigate if we want this.
-Dcreate-log-dirs=false
# multilib options
@ -324,8 +329,42 @@ multilib_src_configure() {
$(meson_native_true tmpfiles)
$(meson_native_true vconsole)
# static-libs
$(meson_use static-libs static-libudev)
# Flatcar: Specify this, or meson breaks due to no
# /etc/login.defs.
-Dsystem-gid-max=999
-Dsystem-uid-max=999
# Flatcar: DBus paths.
-Ddbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services"
-Ddbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services"
# Flatcar: PAM config directory.
-Dpamconfdir=/usr/share/pam.d
# Flatcar: The CoreOS epoch, Mon Jul 1 00:00:00 UTC
# 2013. Used by timesyncd as a sanity check for the
# minimum acceptable time. Explicitly set to avoid
# using the current build time.
-Dtime-epoch=1372636800
# Flatcar: No default name servers.
-Ddns-servers=
# Flatcar: Disable the "First Boot Wizard", it isn't
# very applicable to us.
-Dfirstboot=false
# Flatcar: Set latest network interface naming scheme
# for
# https://github.com/flatcar-linux/Flatcar/issues/36
-Ddefault-net-naming-scheme=latest
# Flatcar: Unported options, still needed?
-Defi-cc="$(tc-getCC)"
-Dquotaon-path=/usr/sbin/quotaon
-Dquotacheck-path=/usr/sbin/quotacheck
# Flatcar: No static libs.
)
meson_src_configure "${myconf[@]}"
@ -343,7 +382,8 @@ multilib_src_install_all() {
mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
einstalldocs
dodoc "${FILESDIR}"/nsswitch.conf
# Flatcar: Do not install sample nsswitch.conf, we don't
# provide it.
if ! use resolvconf; then
rm -f "${ED}${rootprefix}"/sbin/resolvconf || die
@ -362,31 +402,11 @@ multilib_src_install_all() {
rmdir "${ED}${rootprefix}"/sbin || die
fi
# https://bugs.gentoo.org/761763
rm -r "${ED}"/usr/lib/sysusers.d || die
# Preserve empty dirs in /etc & /var, bug #437008
keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
keepdir /etc/kernel/install.d
keepdir /etc/systemd/{network,system,user}
keepdir /etc/udev/rules.d
if use hwdb; then
keepdir /etc/udev/hwdb.d
fi
keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
keepdir /usr/lib/{binfmt.d,modules-load.d}
keepdir /usr/lib/systemd/user-generators
keepdir /var/lib/systemd
keepdir /var/log/journal
# Symlink /etc/sysctl.conf for easy migration.
dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
if use pam; then
newpamd "${FILESDIR}"/systemd-user.pam systemd-user
fi
# Flatcar: Upstream uses keepdir commands to keep some empty
# directories.
#
# Flatcar: TODO: Consider using that instead of
# systemd_dotmpfilesd "${FILESDIR}"/systemd-flatcar.conf below.
if use hwdb; then
rm -r "${ED}${rootprefix}"/lib/udev/hwdb.d || die
@ -398,7 +418,100 @@ multilib_src_install_all() {
dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
fi
gen_usr_ldscript -a systemd udev
# Flatcar: Ensure journal directory has correct ownership/mode
# in inital image. This is fixed by systemd-tmpfiles *but*
# journald starts before that and will create the journal if
# the filesystem is already read-write. Conveniently the
# systemd Makefile sets this up completely wrong.
#
# Flatcar: TODO: Is this still a problem?
dodir /var/log/journal
fowners root:systemd-journal /var/log/journal
fperms 2755 /var/log/journal
# Flatcar: Don't prune systemd dirs.
#
# Flatcar: TODO: Upstream probably fixed it in different way -
# it's using some keepdir commands.
systemd_dotmpfilesd "${FILESDIR}"/systemd-flatcar.conf
# Flatcar: Add tmpfiles rule for resolv.conf. This path has
# changed after v213 so it must be handled here instead of
# baselayout now.
systemd_dotmpfilesd "${FILESDIR}"/systemd-resolv.conf
# Flatcar: Don't default to graphical.target.
local unitdir=$(builddir_systemd_get_systemunitdir)
dosym multi-user.target "${unitdir}"/default.target
# Flatcar: Don't set any extra environment variables by default.
rm "${ED}/usr/lib/environment.d/99-environment.conf" || die
# Flatcar: These lines more or less follow the systemd's
# preset file (90-systemd.preset). We do it that way, to avoid
# putting symlink in /etc. Please keep the lines in the same
# order as the "enable" lines appear in the preset file.
builddir_systemd_enable_service multi-user.target remote-fs.target
builddir_systemd_enable_service multi-user.target remote-cryptsetup.target
builddir_systemd_enable_service multi-user.target machines.target
# Flatcar: getty@.service is enabled manually below.
builddir_systemd_enable_service sysinit.target systemd-timesyncd.service
builddir_systemd_enable_service multi-user.target systemd-networkd.service
# Flatcar: For systemd-networkd.service, it has it in Also, which also
# needs to be enabled
builddir_systemd_enable_service sockets.target systemd-networkd.socket
# Flatcar: For systemd-networkd.service, it has it in Also, which also
# needs to be enabled
builddir_systemd_enable_service network-online.target systemd-networkd-wait-online.service
builddir_systemd_enable_service multi-user.target systemd-resolved.service
if use homed; then
builddir_systemd_enable_service multi-user.target systemd-homed.target
# Flatcar: systemd-homed.target has
# Also=systemd-userdbd.service, but the service has no
# WantedBy entry. It's likely going to be executed through
# systemd-userdbd.socket, which is enabled in upstream's
# presets file.
builddir_systemd_enable_service sockets.target systemd-userdbd.socket
fi
builddir_systemd_enable_service sysinit.target systemd-pstore.service
# Flatcar: not enabling reboot.target - it has no WantedBy
# entry.
# Flatcar: Enable getty manually.
dodir "${unitdir}/getty.target.wants"
dosym ../getty@.service "${unitdir}/getty.target.wants/getty@tty1.service"
# Flatcar: Use an empty preset file, because systemctl
# preset-all puts symlinks in /etc, not in /usr. We don't use
# /etc, because it is not autoupdated. We do the "preset" above.
rm "${ED}$(usex split-usr '' /usr)/lib/systemd/system-preset/90-systemd.preset" || die
insinto $(usex split-usr '' /usr)/lib/systemd/system-preset
doins "${FILESDIR}"/99-default.preset
# Flatcar: Do not ship distro-specific files (nsswitch.conf
# pam.d). This conflicts with our own configuration provided
# by baselayout.
rm -rf "${ED}"/usr/share/factory
sed -i "${ED}"/usr/lib/tmpfiles.d/etc.conf \
-e '/^C!* \/etc\/nsswitch\.conf/d' \
-e '/^C!* \/etc\/pam\.d/d' \
-e '/^C!* \/etc\/issue/d'
# Flatcar: gen_usr_ldscript is likely for static libs, so we
# dropped it.
}
builddir_systemd_enable_service() {
(
export SYSROOT="${ED}"
systemd_enable_service "$@"
)
}
builddir_systemd_get_systemunitdir() {
(
export SYSROOT="${ED}"
systemd_get_systemunitdir
)
}
migrate_locale() {
@ -478,13 +591,8 @@ pkg_postinst() {
# between OpenRC & systemd
migrate_locale
if [[ -z ${REPLACING_VERSIONS} ]]; then
if type systemctl &>/dev/null; then
systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
fi
elog "To enable a useful set of services, run the following:"
elog " systemctl preset-all --preset-mode=enable-only"
fi
# Flatcar: We enable getty and remote-fs targets in /usr
# ourselves above.
if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
rm "${EROOT}/var/lib/systemd/timesync"