Merge pull request #783 from marineam/updates

Prepare for updating portage-stable and some cleanups

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild

@@ -26,30 +26,29 @@ inherit bash-completion-r1 linux-info systemd udev user cros-workon
 
 LICENSE="Apache-2.0"
 SLOT="0"
-IUSE="aufs btrfs +device-mapper doc lxc vim-syntax zsh-completion symlink-usr"
+IUSE="aufs +btrfs contrib +device-mapper doc lxc vim-syntax zsh-completion"
 
-# TODO work with upstream to allow us to build without lvm2 installed if we have -device-mapper
 CDEPEND="
 	>=dev-db/sqlite-3.7.9:3
-	sys-fs/lvm2[thin]
+	device-mapper? (
+		sys-fs/lvm2[thin]
+	)
 "
 DEPEND="
 	${CDEPEND}
 	>=dev-lang/go-1.2
-	>=sys-fs/btrfs-progs-0.20
+	btrfs? (
+		>=sys-fs/btrfs-progs-0.20
+	)
 	dev-vcs/git
 	dev-vcs/mercurial
-	doc? (
-		dev-python/sphinx
-		dev-python/sphinxcontrib-httpdomain
-	)
 "
 RDEPEND="
 	${CDEPEND}
 	!app-emulation/docker-bin
 	>=net-firewall/iptables-1.4
 	lxc? (
-		>=app-emulation/lxc-0.8
+		>=app-emulation/lxc-1.0
 	)
 	>=dev-vcs/git-1.7
 	>=app-arch/xz-utils-4.9
@@ -61,14 +60,21 @@ RDEPEND="
 	)
 "
 
-RESTRICT="strip"
+RESTRICT="installsources strip"
 
 pkg_setup() {
+	if kernel_is lt 3 8; then
+		ewarn ""
+		ewarn "Using Docker with kernels older than 3.8 is unstable and unsupported."
+		ewarn ""
+	fi
+
 	# many of these were borrowed from the app-emulation/lxc ebuild
 	CONFIG_CHECK+="
 		~CGROUPS
 		~CGROUP_CPUACCT
 		~CGROUP_DEVICE
+		~CGROUP_FREEZER
 		~CGROUP_SCHED
 		~CPUSETS
 		~MEMCG_SWAP
@@ -144,13 +150,29 @@ src_compile() {
 	export CGO_CFLAGS="-I${ROOT}/usr/include"
 	export CGO_LDFLAGS="-L${ROOT}/usr/lib"
 
+	# if we're building from a zip, we need the GITCOMMIT value
 	[ "$DOCKER_GITCOMMIT" ] && export DOCKER_GITCOMMIT
+
+	if gcc-specs-pie; then
+		sed -i "s/EXTLDFLAGS_STATIC='/EXTLDFLAGS_STATIC='-fno-PIC /" hack/make.sh || die
+		grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed'
+
+		sed -i 's/LDFLAGS_STATIC_DOCKER="/LDFLAGS_STATIC_DOCKER="-extldflags -fno-PIC /' hack/make/dynbinary || die
+		grep -q -- '-fno-PIC' hack/make/dynbinary || die 'hardened sed failed'
+	fi
+
+	# let's set up some optional features :)
+	export DOCKER_BUILDTAGS=''
+	for gd in aufs btrfs device-mapper; do
+		if ! use $gd; then
+			DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}"
+		fi
+	done
+
 	# time to build!
 	./hack/make.sh dynbinary || die
 
-	if use doc; then
-		emake -C docs docs man || die
-	fi
+	# TODO pandoc the man pages using docs/man/md2man-all.sh
 }
 
 src_install() {
@@ -172,8 +194,11 @@ src_install() {
 
 	dodoc AUTHORS CONTRIBUTING.md CHANGELOG.md NOTICE README.md
 	if use doc; then
-		dohtml -r docs/_build/html/*
-		doman docs/_build/man/*
+		# TODO doman contrib/man/man*/*
+
+		docompress -x /usr/share/doc/${PF}/md
+		docinto md
+		dodoc -r docs/sources/*
 	fi
 
 	dobashcomp contrib/completion/bash/*
@@ -189,9 +214,10 @@ src_install() {
 		doins -r contrib/syntax/vim/syntax
 	fi
 
-	insinto /usr/share/${P}/contrib
-	doins contrib/README
-	cp -R "${S}/contrib"/* "${D}/usr/share/${P}/contrib/"
+	if use contrib; then
+		mkdir -p "${D}/usr/share/${PN}/contrib"
+		cp -R contrib/* "${D}/usr/share/${PN}/contrib"
+	fi
 }
 
 pkg_postinst() {

sdk_container/src/third_party/coreos-overlay/coreos-base/google-breakpad/files/chromeos-version.sh

@@ -1,11 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-#
-# This script is given one argument: the base of the source directory of
-# the package, and it prints a string on stdout with the numerical version
-# number for said repo.
-
-"$1"/configure --version | awk '{print $NF; exit}'

sdk_container/src/third_party/coreos-overlay/coreos-base/google-breakpad/google-breakpad-1084-r52.ebuild

@@ -1,93 +0,0 @@
-# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=4
-CROS_WORKON_COMMIT="232fb3ad52342305e55b3a1d51632a9bd52d18cc"
-CROS_WORKON_TREE="cc72c3a2e2d1746bb31faf70937fc427ad6a57aa"
-CROS_WORKON_PROJECT="chromiumos/platform/google-breakpad"
-
-inherit autotools cros-debug cros-workon toolchain-funcs
-
-DESCRIPTION="Google crash reporting"
-HOMEPAGE="http://code.google.com/p/google-breakpad"
-SRC_URI=""
-LICENSE="BSD"
-SLOT="0"
-KEYWORDS="amd64 x86 arm"
-IUSE=""
-
-RDEPEND="net-misc/curl"
-DEPEND="${RDEPEND}"
-
-src_prepare() {
-	eautoreconf
-	if ! tc-is-cross-compiler; then
-		einfo "Creating a separate 32b src directory"
-		mkdir ../work32
-		cp -a . ../work32
-		mv ../work32 .
-	fi
-}
-
-src_configure() {
-	#TODO(raymes): Uprev breakpad so this isn't necessary. See
-	# (crosbug.com/14275).
-	[ "$ARCH" = "arm" ] && append-cflags "-marm" && append-cxxflags "-marm"
-
-	# We purposefully disable optimizations due to optimizations causing
-	# src/processor code to crash (minidump_stackwalk) as well as tests
-	# to fail.  See
-	# http://code.google.com/p/google-breakpad/issues/detail?id=400.
-	append-flags "-O0"
-
-	tc-export CC CXX LD PKG_CONFIG
-
-	econf
-
-	if ! tc-is-cross-compiler; then
-	        einfo "Running 32b configuration"
-		cd work32 || die "chdir failed"
-		append-flags "-m32"
-		econf
-		filter-flags "-m32"
-	fi
-}
-
-src_compile() {
-	tc-export CC CXX PKG_CONFIG
-	emake
-
-	if ! tc-is-cross-compiler; then
-		cd work32 || die "chdir failed"
-		einfo "Building dump_syms and minidump-2-core with -m32"
-		emake src/tools/linux/dump_syms/dump_syms \
-		      src/tools/linux/md2core/minidump-2-core
-	fi
-}
-
-src_test() {
-	emake check
-}
-
-src_install() {
-	tc-export CXX PKG_CONFIG
-	emake DESTDIR="${D}" install
-	insinto /usr/include/google-breakpad/client/linux/handler
-	doins src/client/linux/handler/*.h
-	insinto /usr/include/google-breakpad/client/linux/crash_generation
-	doins src/client/linux/crash_generation/*.h
-	insinto /usr/include/google-breakpad/common/linux
-	doins src/common/linux/*.h
-	insinto /usr/include/google-breakpad/processor
-	doins src/processor/*.h
-	dobin src/tools/linux/core2md/core2md \
-	      src/tools/linux/md2core/minidump-2-core \
-	      src/tools/linux/dump_syms/dump_syms \
-	      src/tools/linux/symupload/sym_upload \
-	      src/tools/linux/symupload/minidump_upload
-	if ! tc-is-cross-compiler; then
-		newbin work32/src/tools/linux/dump_syms/dump_syms dump_syms.32
-		newbin work32/src/tools/linux/md2core/minidump-2-core \
-		       minidump-2-core.32
-	fi
-}

sdk_container/src/third_party/coreos-overlay/coreos-base/google-breakpad/google-breakpad-9999.ebuild

@@ -1,91 +0,0 @@
-# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=4
-CROS_WORKON_PROJECT="chromiumos/platform/google-breakpad"
-
-inherit autotools cros-debug cros-workon toolchain-funcs
-
-DESCRIPTION="Google crash reporting"
-HOMEPAGE="http://code.google.com/p/google-breakpad"
-SRC_URI=""
-LICENSE="BSD"
-SLOT="0"
-KEYWORDS="~amd64 ~x86 ~arm"
-IUSE=""
-
-RDEPEND="net-misc/curl"
-DEPEND="${RDEPEND}"
-
-src_prepare() {
-	eautoreconf
-	if ! tc-is-cross-compiler; then
-		einfo "Creating a separate 32b src directory"
-		mkdir ../work32
-		cp -a . ../work32
-		mv ../work32 .
-	fi
-}
-
-src_configure() {
-	#TODO(raymes): Uprev breakpad so this isn't necessary. See
-	# (crosbug.com/14275).
-	[ "$ARCH" = "arm" ] && append-cflags "-marm" && append-cxxflags "-marm"
-
-	# We purposefully disable optimizations due to optimizations causing
-	# src/processor code to crash (minidump_stackwalk) as well as tests
-	# to fail.  See
-	# http://code.google.com/p/google-breakpad/issues/detail?id=400.
-	append-flags "-O0"
-
-	tc-export CC CXX LD PKG_CONFIG
-
-	econf
-
-	if ! tc-is-cross-compiler; then
-	        einfo "Running 32b configuration"
-		cd work32 || die "chdir failed"
-		append-flags "-m32"
-		econf
-		filter-flags "-m32"
-	fi
-}
-
-src_compile() {
-	tc-export CC CXX PKG_CONFIG
-	emake
-
-	if ! tc-is-cross-compiler; then
-		cd work32 || die "chdir failed"
-		einfo "Building dump_syms and minidump-2-core with -m32"
-		emake src/tools/linux/dump_syms/dump_syms \
-		      src/tools/linux/md2core/minidump-2-core
-	fi
-}
-
-src_test() {
-	emake check
-}
-
-src_install() {
-	tc-export CXX PKG_CONFIG
-	emake DESTDIR="${D}" install
-	insinto /usr/include/google-breakpad/client/linux/handler
-	doins src/client/linux/handler/*.h
-	insinto /usr/include/google-breakpad/client/linux/crash_generation
-	doins src/client/linux/crash_generation/*.h
-	insinto /usr/include/google-breakpad/common/linux
-	doins src/common/linux/*.h
-	insinto /usr/include/google-breakpad/processor
-	doins src/processor/*.h
-	dobin src/tools/linux/core2md/core2md \
-	      src/tools/linux/md2core/minidump-2-core \
-	      src/tools/linux/dump_syms/dump_syms \
-	      src/tools/linux/symupload/sym_upload \
-	      src/tools/linux/symupload/minidump_upload
-	if ! tc-is-cross-compiler; then
-		newbin work32/src/tools/linux/dump_syms/dump_syms dump_syms.32
-		newbin work32/src/tools/linux/md2core/minidump-2-core \
-		       minidump-2-core.32
-	fi
-}

sdk_container/src/third_party/coreos-overlay/coreos-base/hard-host-depends/hard-host-depends-0.0.1.ebuild

@@ -37,7 +37,6 @@ RDEPEND="${RDEPEND}
 	app-arch/unzip
 	app-emulation/qemu
 	app-text/texi2html
-	coreos-base/google-breakpad
 	coreos-base/cros-devutils[cros_host]
 	coreos-base/cros-testutils
 	coreos-base/vboot_reference
@@ -187,4 +186,5 @@ RDEPEND="${RDEPEND}
 # Uninstall these packages.
 RDEPEND="${RDEPEND}
 	!net-misc/dhcpcd
+	!coreos-base/google-breakpad
 	"

sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/parent

@@ -1,4 +1,2 @@
 ..
-portage-stable:arch/amd64/no-multilib
-portage-stable:features/64bit-native
 :coreos/targets/generic

sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/use.force

@@ -1,2 +0,0 @@
-# We don't do multilib.
--multilib

sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/make.defaults

@@ -0,0 +1,5 @@
+# Disable PAX use flags, we don't use grsec kernels
+# Don't favor /dev/urandom over /dev/random, not sure why this flag
+# is enabled in hardened, the default profiles do not enable it.
+BOOTSTRAP_USE="${BOOTSTRAP_USE} -pax_kernel -xtpax"
+USE="-pax_kernel -urandom -xtpax"

sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/package.use.force

@@ -0,0 +1,2 @@
+# Do not force this flag, we don't need XATTR_PAX
+sys-apps/portage -xattr

sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/packages

@@ -0,0 +1,3 @@
+# Disable PAX utilities, we don't use grsec kernels
+-*sys-apps/paxctl
+-*sys-apps/elfix

sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/parent

@@ -1,5 +1,2 @@
-portage-stable:base
-portage-stable:default/linux
-portage-stable:arch/amd64
-portage-stable:releases/10.0
+portage-stable:hardened/linux/amd64/no-multilib
 :coreos/base

sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults

@@ -10,7 +10,7 @@ USE_EXPAND="${USE_EXPAND} BOARD_USE CROS_WORKON_TREE TESTS U_BOOT_CONFIG_USE U_B
 USE_EXPAND_HIDDEN="${USE_EXPAND_HIDDEN} CROS_WORKON_TREE"
 
 # Extra use flags for CoreOS SDK
-USE="${USE} hardened cros_host pic pie expat -introspection -cups -tcpd -pcre -berkdb"
+USE="${USE} cros_host pic pie expat -introspection -cups -tcpd -pcre -berkdb"
 
 # Enable bindist for both SDK and targets
 USE="${USE} bindist"

sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use

@@ -21,54 +21,16 @@ media-libs/gd           png
 media-libs/libmtp       -crypt
 # We don't want any driver/hw rendering on the host
 media-sound/alsa-utils	-libsamplerate minimal
-net-misc/curl		ares static-libs
 sci-geosciences/gpsd	-cxx
-# verity and other packages link statically with libuuid.
-sys-apps/util-linux	-perl static-libs
-sys-boot/grub       grub_platforms_pc grub_platforms_efi-64 grub_platforms_coreboot static
 sys-devel/gettext	-git
-# Build emulation statically so that we can execute it within a chroot and
-# still find the shared libraries.
-net-misc/dhcpcd -crash
-# Building qemu-kvm with static libraries and X/sdl does not work right now,
-# with the likely problem in libsdl-1.2.13-r1 from upstream.  Previously,
-# this comment was here:
-# build kvm with X and sdl so we have an option of running it with local
-# display without VNC
 app-emulation/qemu	aio caps curl jpeg ncurses png python seccomp threads uuid vhost-net virtfs vnc xattr qemu_softmmu_targets_x86_64
-dev-libs/libaio		static-libs
-cross-armv7a-cros-linux-gnueabi/gcc   hardfp
-cross-armv6j-cros-linux-gnueabi/gcc   hardfp -thumb
-# pciutils is required by flashrom / mosys which is required to be statically
-# compiled to reduce dependency during auto update.
-sys-apps/pciutils	static-libs
-# xz-utils includes liblzma, which is picked by bmpblk_utility (vboot_reference)
-# and may be executed outside chroot.
-app-arch/xz-utils	static-libs
 
-app-emulation/xen-tools -ocaml -hvm -xend -pygrub -qemu -flask -screen -doc amd64
-
-=sys-libs/gdbm-1.8.3-r4 berkdb
->=sys-libs/libseccomp-1.0.1 static-libs
-=app-text/ghostscript-gpl-9.05-r1 cups
-=coreos-base/cros-devutils-0.0.1-r516 cros_host
-=sys-libs/libcap-ng-0.6.6 static-libs
->=sys-libs/ncurses-5.9-r2 static-libs
->=media-libs/libjpeg-turbo-1.2.1 static-libs
->=dev-libs/openssl-1.0.1c static-libs
-=x11-libs/cairo-1.10.2-r3 X
-=media-libs/libpng-1.5.13-r1 static-libs
->=virtual/jpeg-0 static-libs
->=media-libs/libjpeg-turbo-1.2.0-r1 static-libs
 sys-apps/gptfdisk -icu
 
 # for profile migration
 dev-libs/apr-util -gdbm
 sys-libs/gdbm berkdb
 
-# TODO: disable most static things
-sys-libs/zlib static-libs
-
 dev-vcs/git -perl -iconv
 
 net-analyzer/nmap ncat -lua

sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/parent

@@ -1 +1,2 @@
+portage-stable:targets/systemd
 :features/systemd

sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use

@@ -19,11 +19,10 @@ sys-apps/busybox	-pam -selinux
 sys-apps/dbus		-X -systemd
 sys-apps/smartmontools	minimal
 sys-block/parted        device-mapper
-sys-fs/lvm2		-lvm1 -readline -static
+sys-fs/lvm2		-lvm1 -readline
 sys-fs/squashfs         lzo
 sys-libs/ncurses	minimal
 sys-libs/pam        -berkdb
-sys-libs/zlib		static-libs
 sys-libs/gdbm		berkdb
 
 

sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use.mask

@@ -1,5 +0,0 @@
-# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
-# Distributed under the terms of the GNU General Public License v2
-
-# Allow hardened glibc on the target.
-sys-libs/glibc -hardened

sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.use

@@ -1,9 +1,3 @@
-# TODO: remove static stuff
-app-arch/bzip2 static-libs
-app-arch/pbzip2 static
-app-arch/pigz static
-dev-libs/glib static-libs
-
 coreos-base/update_engine delta_generator
 sys-apps/flashrom dediprog ft2232_spi serprog
 

sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-hack-testing-Wl-fuse-ld-gold-does-not-work-correctly.patch

@@ -0,0 +1,47 @@
+From 00197239142c519270e44f94b1126a45e7f65511 Mon Sep 17 00:00:00 2001
+From: Michael Marineau <michael.marineau@coreos.com>
+Date: Sat, 2 Aug 2014 17:45:00 -0700
+Subject: [PATCH] hack: testing -Wl,-fuse-ld=gold does not work correctly on
+ hardened
+
+Not sure why this test falsely passes with the hardened compiler when it
+normally will report the following error:
+
+    ld: -f may not be used without -shared
+
+But apparently the default options hardened uses makes interpreting the
+option as -f valid usage. For reference the option is:
+
+    -f name
+    --auxiliary=name
+        When creating an ELF shared object, set the internal DT_AUXILIARY
+        field to the specified name.  This tells the dynamic linker that
+        the symbol table of the shared object should be used as an
+        auxiliary filter on the symbol table of the shared object name.
+
+This in turn causes a stray library to show up in ldd output:
+
+    use-ld=gold => not found
+
+Which seems mostly harmless but does cause some confusion.
+---
+ configure.ac | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index ae88382..85966b9 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -216,8 +216,7 @@ CC_CHECK_FLAGS_APPEND([with_ldflags], [LDFLAGS], [\
+         -Wl,--gc-sections \
+         -Wl,-z,relro \
+         -Wl,-z,now \
+-        -pie \
+-        -Wl,-fuse-ld=gold])
++        -pie])
+ AC_SUBST([OUR_LDFLAGS], "$with_ldflags $sanitizer_ldflags")
+ 
+ AC_CHECK_SIZEOF(pid_t)
+-- 
+1.8.5.5
+

sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r11.ebuild

@@ -20,6 +20,7 @@ EGIT_BRANCH=v${PV%%.*}-stable
 inherit git-r3
 fi
 
+AUTOTOOLS_AUTORECONF=yes
 AUTOTOOLS_PRUNE_LIBTOOL_FILES=all
 PYTHON_COMPAT=( python{2_7,3_2,3_3} )
 inherit autotools-utils bash-completion-r1 fcaps linux-info multilib \
@@ -116,6 +117,9 @@ fi
 	# backports from master
 	epatch "${FILESDIR}"/215-*.patch
 
+	# remove -Wl,-fuse-ld=gold
+	epatch "${FILESDIR}"/0001-hack-testing-Wl-fuse-ld-gold-does-not-work-correctly.patch
+
 	# Bug 463376
 	sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
 

sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild

@@ -110,6 +110,8 @@ if [[ ${PV} == *9999 ]]; then
 		echo 'EXTRA_DIST =' > docs/gtk-doc.make
 	fi
 fi
+	# remove -Wl,-fuse-ld=gold
+	epatch "${FILESDIR}"/0001-hack-testing-Wl-fuse-ld-gold-does-not-work-correctly.patch
 
 	# Bug 463376
 	sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die