diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.1.2.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.1.2-r1.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.1.2.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.1.2-r1.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild index 4feafd179b..97cab15380 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild @@ -26,30 +26,29 @@ inherit bash-completion-r1 linux-info systemd udev user cros-workon LICENSE="Apache-2.0" SLOT="0" -IUSE="aufs btrfs +device-mapper doc lxc vim-syntax zsh-completion symlink-usr" +IUSE="aufs +btrfs contrib +device-mapper doc lxc vim-syntax zsh-completion" -# TODO work with upstream to allow us to build without lvm2 installed if we have -device-mapper CDEPEND=" >=dev-db/sqlite-3.7.9:3 - sys-fs/lvm2[thin] + device-mapper? ( + sys-fs/lvm2[thin] + ) " DEPEND=" ${CDEPEND} >=dev-lang/go-1.2 - >=sys-fs/btrfs-progs-0.20 + btrfs? ( + >=sys-fs/btrfs-progs-0.20 + ) dev-vcs/git dev-vcs/mercurial - doc? ( - dev-python/sphinx - dev-python/sphinxcontrib-httpdomain - ) " RDEPEND=" ${CDEPEND} !app-emulation/docker-bin >=net-firewall/iptables-1.4 lxc? ( - >=app-emulation/lxc-0.8 + >=app-emulation/lxc-1.0 ) >=dev-vcs/git-1.7 >=app-arch/xz-utils-4.9 @@ -61,14 +60,21 @@ RDEPEND=" ) " -RESTRICT="strip" +RESTRICT="installsources strip" pkg_setup() { + if kernel_is lt 3 8; then + ewarn "" + ewarn "Using Docker with kernels older than 3.8 is unstable and unsupported." + ewarn "" + fi + # many of these were borrowed from the app-emulation/lxc ebuild CONFIG_CHECK+=" ~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE + ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG_SWAP @@ -144,13 +150,29 @@ src_compile() { export CGO_CFLAGS="-I${ROOT}/usr/include" export CGO_LDFLAGS="-L${ROOT}/usr/lib" + # if we're building from a zip, we need the GITCOMMIT value [ "$DOCKER_GITCOMMIT" ] && export DOCKER_GITCOMMIT + + if gcc-specs-pie; then + sed -i "s/EXTLDFLAGS_STATIC='/EXTLDFLAGS_STATIC='-fno-PIC /" hack/make.sh || die + grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed' + + sed -i 's/LDFLAGS_STATIC_DOCKER="/LDFLAGS_STATIC_DOCKER="-extldflags -fno-PIC /' hack/make/dynbinary || die + grep -q -- '-fno-PIC' hack/make/dynbinary || die 'hardened sed failed' + fi + + # let's set up some optional features :) + export DOCKER_BUILDTAGS='' + for gd in aufs btrfs device-mapper; do + if ! use $gd; then + DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}" + fi + done + # time to build! ./hack/make.sh dynbinary || die - if use doc; then - emake -C docs docs man || die - fi + # TODO pandoc the man pages using docs/man/md2man-all.sh } src_install() { @@ -172,8 +194,11 @@ src_install() { dodoc AUTHORS CONTRIBUTING.md CHANGELOG.md NOTICE README.md if use doc; then - dohtml -r docs/_build/html/* - doman docs/_build/man/* + # TODO doman contrib/man/man*/* + + docompress -x /usr/share/doc/${PF}/md + docinto md + dodoc -r docs/sources/* fi dobashcomp contrib/completion/bash/* @@ -189,9 +214,10 @@ src_install() { doins -r contrib/syntax/vim/syntax fi - insinto /usr/share/${P}/contrib - doins contrib/README - cp -R "${S}/contrib"/* "${D}/usr/share/${P}/contrib/" + if use contrib; then + mkdir -p "${D}/usr/share/${PN}/contrib" + cp -R contrib/* "${D}/usr/share/${PN}/contrib" + fi } pkg_postinst() { diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/google-breakpad/files/chromeos-version.sh b/sdk_container/src/third_party/coreos-overlay/coreos-base/google-breakpad/files/chromeos-version.sh deleted file mode 100755 index fa970952bd..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/google-breakpad/files/chromeos-version.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2013 The Chromium OS Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. -# -# This script is given one argument: the base of the source directory of -# the package, and it prints a string on stdout with the numerical version -# number for said repo. - -"$1"/configure --version | awk '{print $NF; exit}' diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/google-breakpad/google-breakpad-1084-r52.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/google-breakpad/google-breakpad-1084-r52.ebuild deleted file mode 100644 index 533d53704f..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/google-breakpad/google-breakpad-1084-r52.ebuild +++ /dev/null @@ -1,93 +0,0 @@ -# Copyright (c) 2011 The Chromium OS Authors. All rights reserved. -# Distributed under the terms of the GNU General Public License v2 - -EAPI=4 -CROS_WORKON_COMMIT="232fb3ad52342305e55b3a1d51632a9bd52d18cc" -CROS_WORKON_TREE="cc72c3a2e2d1746bb31faf70937fc427ad6a57aa" -CROS_WORKON_PROJECT="chromiumos/platform/google-breakpad" - -inherit autotools cros-debug cros-workon toolchain-funcs - -DESCRIPTION="Google crash reporting" -HOMEPAGE="http://code.google.com/p/google-breakpad" -SRC_URI="" -LICENSE="BSD" -SLOT="0" -KEYWORDS="amd64 x86 arm" -IUSE="" - -RDEPEND="net-misc/curl" -DEPEND="${RDEPEND}" - -src_prepare() { - eautoreconf - if ! tc-is-cross-compiler; then - einfo "Creating a separate 32b src directory" - mkdir ../work32 - cp -a . ../work32 - mv ../work32 . - fi -} - -src_configure() { - #TODO(raymes): Uprev breakpad so this isn't necessary. See - # (crosbug.com/14275). - [ "$ARCH" = "arm" ] && append-cflags "-marm" && append-cxxflags "-marm" - - # We purposefully disable optimizations due to optimizations causing - # src/processor code to crash (minidump_stackwalk) as well as tests - # to fail. See - # http://code.google.com/p/google-breakpad/issues/detail?id=400. - append-flags "-O0" - - tc-export CC CXX LD PKG_CONFIG - - econf - - if ! tc-is-cross-compiler; then - einfo "Running 32b configuration" - cd work32 || die "chdir failed" - append-flags "-m32" - econf - filter-flags "-m32" - fi -} - -src_compile() { - tc-export CC CXX PKG_CONFIG - emake - - if ! tc-is-cross-compiler; then - cd work32 || die "chdir failed" - einfo "Building dump_syms and minidump-2-core with -m32" - emake src/tools/linux/dump_syms/dump_syms \ - src/tools/linux/md2core/minidump-2-core - fi -} - -src_test() { - emake check -} - -src_install() { - tc-export CXX PKG_CONFIG - emake DESTDIR="${D}" install - insinto /usr/include/google-breakpad/client/linux/handler - doins src/client/linux/handler/*.h - insinto /usr/include/google-breakpad/client/linux/crash_generation - doins src/client/linux/crash_generation/*.h - insinto /usr/include/google-breakpad/common/linux - doins src/common/linux/*.h - insinto /usr/include/google-breakpad/processor - doins src/processor/*.h - dobin src/tools/linux/core2md/core2md \ - src/tools/linux/md2core/minidump-2-core \ - src/tools/linux/dump_syms/dump_syms \ - src/tools/linux/symupload/sym_upload \ - src/tools/linux/symupload/minidump_upload - if ! tc-is-cross-compiler; then - newbin work32/src/tools/linux/dump_syms/dump_syms dump_syms.32 - newbin work32/src/tools/linux/md2core/minidump-2-core \ - minidump-2-core.32 - fi -} diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/google-breakpad/google-breakpad-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/google-breakpad/google-breakpad-9999.ebuild deleted file mode 100644 index 67afc9f4ce..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/google-breakpad/google-breakpad-9999.ebuild +++ /dev/null @@ -1,91 +0,0 @@ -# Copyright (c) 2011 The Chromium OS Authors. All rights reserved. -# Distributed under the terms of the GNU General Public License v2 - -EAPI=4 -CROS_WORKON_PROJECT="chromiumos/platform/google-breakpad" - -inherit autotools cros-debug cros-workon toolchain-funcs - -DESCRIPTION="Google crash reporting" -HOMEPAGE="http://code.google.com/p/google-breakpad" -SRC_URI="" -LICENSE="BSD" -SLOT="0" -KEYWORDS="~amd64 ~x86 ~arm" -IUSE="" - -RDEPEND="net-misc/curl" -DEPEND="${RDEPEND}" - -src_prepare() { - eautoreconf - if ! tc-is-cross-compiler; then - einfo "Creating a separate 32b src directory" - mkdir ../work32 - cp -a . ../work32 - mv ../work32 . - fi -} - -src_configure() { - #TODO(raymes): Uprev breakpad so this isn't necessary. See - # (crosbug.com/14275). - [ "$ARCH" = "arm" ] && append-cflags "-marm" && append-cxxflags "-marm" - - # We purposefully disable optimizations due to optimizations causing - # src/processor code to crash (minidump_stackwalk) as well as tests - # to fail. See - # http://code.google.com/p/google-breakpad/issues/detail?id=400. - append-flags "-O0" - - tc-export CC CXX LD PKG_CONFIG - - econf - - if ! tc-is-cross-compiler; then - einfo "Running 32b configuration" - cd work32 || die "chdir failed" - append-flags "-m32" - econf - filter-flags "-m32" - fi -} - -src_compile() { - tc-export CC CXX PKG_CONFIG - emake - - if ! tc-is-cross-compiler; then - cd work32 || die "chdir failed" - einfo "Building dump_syms and minidump-2-core with -m32" - emake src/tools/linux/dump_syms/dump_syms \ - src/tools/linux/md2core/minidump-2-core - fi -} - -src_test() { - emake check -} - -src_install() { - tc-export CXX PKG_CONFIG - emake DESTDIR="${D}" install - insinto /usr/include/google-breakpad/client/linux/handler - doins src/client/linux/handler/*.h - insinto /usr/include/google-breakpad/client/linux/crash_generation - doins src/client/linux/crash_generation/*.h - insinto /usr/include/google-breakpad/common/linux - doins src/common/linux/*.h - insinto /usr/include/google-breakpad/processor - doins src/processor/*.h - dobin src/tools/linux/core2md/core2md \ - src/tools/linux/md2core/minidump-2-core \ - src/tools/linux/dump_syms/dump_syms \ - src/tools/linux/symupload/sym_upload \ - src/tools/linux/symupload/minidump_upload - if ! tc-is-cross-compiler; then - newbin work32/src/tools/linux/dump_syms/dump_syms dump_syms.32 - newbin work32/src/tools/linux/md2core/minidump-2-core \ - minidump-2-core.32 - fi -} diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/hard-host-depends/hard-host-depends-0.0.1-r165.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/hard-host-depends/hard-host-depends-0.0.1-r166.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/hard-host-depends/hard-host-depends-0.0.1-r165.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/hard-host-depends/hard-host-depends-0.0.1-r166.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/hard-host-depends/hard-host-depends-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/hard-host-depends/hard-host-depends-0.0.1.ebuild index e8e51c1167..a2c10b924d 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/hard-host-depends/hard-host-depends-0.0.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/hard-host-depends/hard-host-depends-0.0.1.ebuild @@ -37,7 +37,6 @@ RDEPEND="${RDEPEND} app-arch/unzip app-emulation/qemu app-text/texi2html - coreos-base/google-breakpad coreos-base/cros-devutils[cros_host] coreos-base/cros-testutils coreos-base/vboot_reference @@ -187,4 +186,5 @@ RDEPEND="${RDEPEND} # Uninstall these packages. RDEPEND="${RDEPEND} !net-misc/dhcpcd + !coreos-base/google-breakpad " diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/parent b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/parent index 6fe462edfa..767f085901 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/parent +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/parent @@ -1,4 +1,2 @@ .. -portage-stable:arch/amd64/no-multilib -portage-stable:features/64bit-native :coreos/targets/generic diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/use.force b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/use.force deleted file mode 100644 index 330bf8920a..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/use.force +++ /dev/null @@ -1,2 +0,0 @@ -# We don't do multilib. --multilib diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/make.defaults b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/make.defaults new file mode 100644 index 0000000000..8793dcad02 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/make.defaults @@ -0,0 +1,5 @@ +# Disable PAX use flags, we don't use grsec kernels +# Don't favor /dev/urandom over /dev/random, not sure why this flag +# is enabled in hardened, the default profiles do not enable it. +BOOTSTRAP_USE="${BOOTSTRAP_USE} -pax_kernel -xtpax" +USE="-pax_kernel -urandom -xtpax" diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/package.use.force b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/package.use.force new file mode 100644 index 0000000000..aafa196b0c --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/package.use.force @@ -0,0 +1,2 @@ +# Do not force this flag, we don't need XATTR_PAX +sys-apps/portage -xattr diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/packages b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/packages new file mode 100644 index 0000000000..511adccb20 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/packages @@ -0,0 +1,3 @@ +# Disable PAX utilities, we don't use grsec kernels +-*sys-apps/paxctl +-*sys-apps/elfix diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/parent b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/parent index 09dff0fee8..e939d1587c 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/parent +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/parent @@ -1,5 +1,2 @@ -portage-stable:base -portage-stable:default/linux -portage-stable:arch/amd64 -portage-stable:releases/10.0 +portage-stable:hardened/linux/amd64/no-multilib :coreos/base diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults index 623d494da7..7c7f8c84d3 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults @@ -10,7 +10,7 @@ USE_EXPAND="${USE_EXPAND} BOARD_USE CROS_WORKON_TREE TESTS U_BOOT_CONFIG_USE U_B USE_EXPAND_HIDDEN="${USE_EXPAND_HIDDEN} CROS_WORKON_TREE" # Extra use flags for CoreOS SDK -USE="${USE} hardened cros_host pic pie expat -introspection -cups -tcpd -pcre -berkdb" +USE="${USE} cros_host pic pie expat -introspection -cups -tcpd -pcre -berkdb" # Enable bindist for both SDK and targets USE="${USE} bindist" diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use index d63a0dcc2e..e51504f3a2 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use @@ -21,54 +21,16 @@ media-libs/gd png media-libs/libmtp -crypt # We don't want any driver/hw rendering on the host media-sound/alsa-utils -libsamplerate minimal -net-misc/curl ares static-libs sci-geosciences/gpsd -cxx -# verity and other packages link statically with libuuid. -sys-apps/util-linux -perl static-libs -sys-boot/grub grub_platforms_pc grub_platforms_efi-64 grub_platforms_coreboot static sys-devel/gettext -git -# Build emulation statically so that we can execute it within a chroot and -# still find the shared libraries. -net-misc/dhcpcd -crash -# Building qemu-kvm with static libraries and X/sdl does not work right now, -# with the likely problem in libsdl-1.2.13-r1 from upstream. Previously, -# this comment was here: -# build kvm with X and sdl so we have an option of running it with local -# display without VNC app-emulation/qemu aio caps curl jpeg ncurses png python seccomp threads uuid vhost-net virtfs vnc xattr qemu_softmmu_targets_x86_64 -dev-libs/libaio static-libs -cross-armv7a-cros-linux-gnueabi/gcc hardfp -cross-armv6j-cros-linux-gnueabi/gcc hardfp -thumb -# pciutils is required by flashrom / mosys which is required to be statically -# compiled to reduce dependency during auto update. -sys-apps/pciutils static-libs -# xz-utils includes liblzma, which is picked by bmpblk_utility (vboot_reference) -# and may be executed outside chroot. -app-arch/xz-utils static-libs -app-emulation/xen-tools -ocaml -hvm -xend -pygrub -qemu -flask -screen -doc amd64 - -=sys-libs/gdbm-1.8.3-r4 berkdb ->=sys-libs/libseccomp-1.0.1 static-libs -=app-text/ghostscript-gpl-9.05-r1 cups -=coreos-base/cros-devutils-0.0.1-r516 cros_host -=sys-libs/libcap-ng-0.6.6 static-libs ->=sys-libs/ncurses-5.9-r2 static-libs ->=media-libs/libjpeg-turbo-1.2.1 static-libs ->=dev-libs/openssl-1.0.1c static-libs -=x11-libs/cairo-1.10.2-r3 X -=media-libs/libpng-1.5.13-r1 static-libs ->=virtual/jpeg-0 static-libs ->=media-libs/libjpeg-turbo-1.2.0-r1 static-libs sys-apps/gptfdisk -icu # for profile migration dev-libs/apr-util -gdbm sys-libs/gdbm berkdb -# TODO: disable most static things -sys-libs/zlib static-libs - dev-vcs/git -perl -iconv net-analyzer/nmap ncat -lua diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/parent b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/parent index 5ec03dee4d..e00b432785 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/parent +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/parent @@ -1 +1,2 @@ +portage-stable:targets/systemd :features/systemd diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use index 2738000830..0f5b66f60e 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use @@ -19,11 +19,10 @@ sys-apps/busybox -pam -selinux sys-apps/dbus -X -systemd sys-apps/smartmontools minimal sys-block/parted device-mapper -sys-fs/lvm2 -lvm1 -readline -static +sys-fs/lvm2 -lvm1 -readline sys-fs/squashfs lzo sys-libs/ncurses minimal sys-libs/pam -berkdb -sys-libs/zlib static-libs sys-libs/gdbm berkdb diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use.mask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use.mask deleted file mode 100644 index 7de6ed2169..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use.mask +++ /dev/null @@ -1,5 +0,0 @@ -# Copyright (c) 2010 The Chromium OS Authors. All rights reserved. -# Distributed under the terms of the GNU General Public License v2 - -# Allow hardened glibc on the target. -sys-libs/glibc -hardened diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.use index 25c20a0b33..6a1aa5217e 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.use @@ -1,9 +1,3 @@ -# TODO: remove static stuff -app-arch/bzip2 static-libs -app-arch/pbzip2 static -app-arch/pigz static -dev-libs/glib static-libs - coreos-base/update_engine delta_generator sys-apps/flashrom dediprog ft2232_spi serprog diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-hack-testing-Wl-fuse-ld-gold-does-not-work-correctly.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-hack-testing-Wl-fuse-ld-gold-does-not-work-correctly.patch new file mode 100644 index 0000000000..c8d5a52ae3 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-hack-testing-Wl-fuse-ld-gold-does-not-work-correctly.patch @@ -0,0 +1,47 @@ +From 00197239142c519270e44f94b1126a45e7f65511 Mon Sep 17 00:00:00 2001 +From: Michael Marineau +Date: Sat, 2 Aug 2014 17:45:00 -0700 +Subject: [PATCH] hack: testing -Wl,-fuse-ld=gold does not work correctly on + hardened + +Not sure why this test falsely passes with the hardened compiler when it +normally will report the following error: + + ld: -f may not be used without -shared + +But apparently the default options hardened uses makes interpreting the +option as -f valid usage. For reference the option is: + + -f name + --auxiliary=name + When creating an ELF shared object, set the internal DT_AUXILIARY + field to the specified name. This tells the dynamic linker that + the symbol table of the shared object should be used as an + auxiliary filter on the symbol table of the shared object name. + +This in turn causes a stray library to show up in ldd output: + + use-ld=gold => not found + +Which seems mostly harmless but does cause some confusion. +--- + configure.ac | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index ae88382..85966b9 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -216,8 +216,7 @@ CC_CHECK_FLAGS_APPEND([with_ldflags], [LDFLAGS], [\ + -Wl,--gc-sections \ + -Wl,-z,relro \ + -Wl,-z,now \ +- -pie \ +- -Wl,-fuse-ld=gold]) ++ -pie]) + AC_SUBST([OUR_LDFLAGS], "$with_ldflags $sanitizer_ldflags") + + AC_CHECK_SIZEOF(pid_t) +-- +1.8.5.5 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r10.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r11.ebuild similarity index 99% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r10.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r11.ebuild index a1feadf44f..51ea10f3e3 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r10.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r11.ebuild @@ -20,6 +20,7 @@ EGIT_BRANCH=v${PV%%.*}-stable inherit git-r3 fi +AUTOTOOLS_AUTORECONF=yes AUTOTOOLS_PRUNE_LIBTOOL_FILES=all PYTHON_COMPAT=( python{2_7,3_2,3_3} ) inherit autotools-utils bash-completion-r1 fcaps linux-info multilib \ @@ -116,6 +117,9 @@ fi # backports from master epatch "${FILESDIR}"/215-*.patch + # remove -Wl,-fuse-ld=gold + epatch "${FILESDIR}"/0001-hack-testing-Wl-fuse-ld-gold-does-not-work-correctly.patch + # Bug 463376 sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild index 1db1d29f58..7d2351bc22 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild @@ -110,6 +110,8 @@ if [[ ${PV} == *9999 ]]; then echo 'EXTRA_DIST =' > docs/gtk-doc.make fi fi + # remove -Wl,-fuse-ld=gold + epatch "${FILESDIR}"/0001-hack-testing-Wl-fuse-ld-gold-does-not-work-correctly.patch # Bug 463376 sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die