From b9ada9e0febc68e20431aa168d4b5603aa260764 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Thu, 31 Jul 2014 16:16:07 -0700
Subject: [PATCH 1/8] baselayout: add polkitd user

---
 .../{baselayout-3.0.7.ebuild => baselayout-3.0.8.ebuild}        | 0
 .../coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild   | 2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/{baselayout-3.0.7.ebuild => baselayout-3.0.8.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-3.0.7.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-3.0.8.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-3.0.7.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-3.0.8.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild
index b27102a3e9..6129ca8230 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild
@@ -9,7 +9,7 @@ CROS_WORKON_REPO="git://github.com"
 if [[ "${PV}" == 9999 ]]; then
 	KEYWORDS="~amd64 ~arm ~x86"
 else
-	CROS_WORKON_COMMIT="ae1f7e3185508dd48b43c3cad03fcf83003f32cc"
+	CROS_WORKON_COMMIT="39e4ccfce6aae080fafb4619007899fbf381a667"
 	KEYWORDS="amd64 arm x86"
 fi
 

From dcdc58f2eef893b121edb9693a1feb8e226e21de Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Thu, 31 Jul 2014 16:56:22 -0700
Subject: [PATCH 2/8] polkit: pull in current upstream ebuild

---
 .../coreos-overlay/sys-auth/polkit/Manifest   |   1 +
 .../sys-auth/polkit/polkit-0.112-r2.ebuild    | 113 ++++++++++++++++++
 2 files changed, 114 insertions(+)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/Manifest
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.112-r2.ebuild

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/Manifest
new file mode 100644
index 0000000000..c877f69c8f
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/Manifest
@@ -0,0 +1 @@
+DIST polkit-0.112.tar.gz 1429240 SHA256 d695f43cba4748a822fbe864dd32c4887c5da1c71694a47693ace5e88fcf6af6 SHA512 e4ad1bd287b38e5650cb94b1897a959b2ceaa6c19b4478ba872eacb13b58758fd42f6ab1718976162d823d850cd5c99b3ccadf1b57d75dea7790101422029d5f WHIRLPOOL af5dd0a17b7356302b0319e80565d6ac916128dfc85b6e2711147f3de86651f11fe8d08f3d6067d7abd24e263be92403f9d8f46935ba93db571e386a603a038a
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.112-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.112-r2.ebuild
new file mode 100644
index 0000000000..09d57d81cf
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.112-r2.ebuild
@@ -0,0 +1,113 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/polkit/polkit-0.112-r2.ebuild,v 1.2 2014/04/06 15:39:36 pacho Exp $
+
+EAPI=5
+inherit eutils multilib pam pax-utils systemd user
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="http://www.freedesktop.org/wiki/Software/polkit"
+SRC_URI="http://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="examples gtk +introspection jit kde nls pam selinux systemd"
+
+RDEPEND="ia64? ( =dev-lang/spidermonkey-1.8.5*[-debug] )
+	mips? ( =dev-lang/spidermonkey-1.8.5*[-debug] )
+	!ia64? ( !mips? ( dev-lang/spidermonkey:17[-debug,jit=] ) )
+	>=dev-libs/glib-2.32
+	>=dev-libs/expat-2:=
+	introspection? ( >=dev-libs/gobject-introspection-1 )
+	pam? (
+		sys-auth/pambase
+		virtual/pam
+		)
+	selinux? ( sec-policy/selinux-policykit )
+	systemd? ( sys-apps/systemd:0= )"
+DEPEND="${RDEPEND}
+	app-text/docbook-xml-dtd:4.1.2
+	app-text/docbook-xsl-stylesheets
+	dev-libs/libxslt
+	dev-util/intltool
+	virtual/pkgconfig"
+PDEPEND="
+	gtk? ( || (
+		>=gnome-extra/polkit-gnome-0.105
+		lxde-base/lxpolkit
+		) )
+	kde? ( sys-auth/polkit-kde-agent )
+	!systemd? ( sys-auth/consolekit[policykit] )"
+
+QA_MULTILIB_PATHS="
+	usr/lib/polkit-1/polkit-agent-helper-1
+	usr/lib/polkit-1/polkitd"
+
+pkg_setup() {
+	local u=polkitd
+	local g=polkitd
+	local h=/var/lib/polkit-1
+
+	enewgroup ${g}
+	enewuser ${u} -1 -1 ${h} ${g}
+	esethome ${u} ${h}
+}
+
+src_prepare() {
+	sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+}
+
+src_configure() {
+	econf \
+		--localstatedir="${EPREFIX}"/var \
+		--disable-static \
+		--enable-man-pages \
+		--disable-gtk-doc \
+		$(use_enable systemd libsystemd-login) \
+		$(use_enable introspection) \
+		--disable-examples \
+		$(use_enable nls) \
+		$(if use ia64 || use mips; then echo --with-mozjs=mozjs185; else echo --with-mozjs=mozjs-17.0; fi) \
+		"$(systemd_with_unitdir)" \
+		--with-authfw=$(usex pam pam shadow) \
+		$(use pam && echo --with-pam-module-dir="$(getpam_mod_dir)") \
+		--with-os-type=gentoo
+}
+
+src_compile() {
+	default
+
+	# Required for polkitd on hardened/PaX due to spidermonkey's JIT
+	local f='src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest'
+	local m=''
+	# Only used when USE="jit" is enabled for 'dev-lang/spidermonkey:17' wrt #485910
+	has_version 'dev-lang/spidermonkey:17[jit]' && m='m'
+	# ia64 and mips uses spidermonkey-1.8.5 which requires different pax-mark flags
+	use ia64 && m='mr'
+	use mips && m='mr'
+	pax-mark ${m} ${f}
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	dodoc docs/TODO HACKING NEWS README
+
+	fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+
+	diropts -m0700 -o polkitd -g polkitd
+	keepdir /var/lib/polkit-1
+
+	if use examples; then
+		insinto /usr/share/doc/${PF}/examples
+		doins src/examples/{*.c,*.policy*}
+	fi
+
+	prune_libtool_files
+}
+
+pkg_postinst() {
+	chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+	chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
+}

From ad0e30302dbd9e522e27329e84455d5077067d8c Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Thu, 31 Jul 2014 17:17:38 -0700
Subject: [PATCH 3/8] polkit: fix compiling in an alternate sysroot

---
 .../sys-auth/polkit/polkit-0.112-r2.ebuild    | 24 ++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.112-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.112-r2.ebuild
index 09d57d81cf..bc4ed206cf 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.112-r2.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.112-r2.ebuild
@@ -3,7 +3,7 @@
 # $Header: /var/cvsroot/gentoo-x86/sys-auth/polkit/polkit-0.112-r2.ebuild,v 1.2 2014/04/06 15:39:36 pacho Exp $
 
 EAPI=5
-inherit eutils multilib pam pax-utils systemd user
+inherit eutils multilib pam pax-utils systemd toolchain-funcs user
 
 DESCRIPTION="Policy framework for controlling privileges for system-wide services"
 HOMEPAGE="http://www.freedesktop.org/wiki/Software/polkit"
@@ -11,7 +11,7 @@ SRC_URI="http://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
 
 LICENSE="LGPL-2"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+KEYWORDS="~alpha amd64 ~arm ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
 IUSE="examples gtk +introspection jit kde nls pam selinux systemd"
 
 RDEPEND="ia64? ( =dev-lang/spidermonkey-1.8.5*[-debug] )
@@ -59,6 +59,24 @@ src_prepare() {
 }
 
 src_configure() {
+	local mozjs
+	if use ia64 || use mips; then 
+		mozjs=mozjs185
+	else
+		mozjs=mozjs-17.0
+	fi
+
+	# pkg-config doesn't properly apply SYSROOT to -include
+	local sysroot="${PKG_CONFIG_SYSROOT_DIR:-${SYSROOT:-/}}"
+	if [[ "${sysroot}" != / ]]; then
+		local pkgconf=$(tc-getPKG_CONFIG)
+		LIBJS_CFLAGS=$($pkgconf --cflags "${mozjs}") || die
+		LIBJS_LIBS=$($pkgconf --libs "${mozjs}") || die
+		LIBJS_CFLAGS=$(echo "${LIBJS_CFLAGS}" | \
+			sed -e "s%-include /usr/%-include ${sysroot}/usr/%") || die
+		export LIBJS_CFLAGS LIBJS_LIBS
+	fi
+
 	econf \
 		--localstatedir="${EPREFIX}"/var \
 		--disable-static \
@@ -68,7 +86,7 @@ src_configure() {
 		$(use_enable introspection) \
 		--disable-examples \
 		$(use_enable nls) \
-		$(if use ia64 || use mips; then echo --with-mozjs=mozjs185; else echo --with-mozjs=mozjs-17.0; fi) \
+		--with-mozjs="${mozjs}" \
 		"$(systemd_with_unitdir)" \
 		--with-authfw=$(usex pam pam shadow) \
 		$(use pam && echo --with-pam-module-dir="$(getpam_mod_dir)") \

From fc957fe69256a1baeaf87e14f6f572fb70732248 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Fri, 1 Aug 2014 11:43:38 -0700
Subject: [PATCH 4/8] systemd: add nls use flag

When enabling policy kit there appears to be a build race condition in
the generation of updating translations in policy files. There is a nls
configure flag in systemd now, we don't need translations.
---
 .../systemd/{systemd-215-r8.ebuild => systemd-215-r9.ebuild}   | 3 ++-
 .../coreos-overlay/sys-apps/systemd/systemd-9999.ebuild        | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/{systemd-215-r8.ebuild => systemd-215-r9.ebuild} (99%)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r8.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r9.ebuild
similarity index 99%
rename from sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r8.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r9.ebuild
index 2984be93d3..8861ca885e 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r8.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r9.ebuild
@@ -35,7 +35,7 @@ SLOT="0/2"
 KEYWORDS="~alpha amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86"
 IUSE="acl audit cryptsetup doc +firmware-loader gcrypt gudev http introspection
 	kdbus +kmod lzma pam policykit python qrcode +seccomp selinux ssl
-	test"
+	nls test"
 
 MINKV="3.10"
 
@@ -214,6 +214,7 @@ multilib_src_configure() {
 		$(use_enable kdbus)
 		$(use_enable kmod)
 		$(use_enable lzma xz)
+		$(use_enable nls)
 		$(use_enable pam)
 		$(use_enable policykit polkit)
 		$(use_with python)
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
index 6b380504fe..1db1d29f58 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
@@ -35,7 +35,7 @@ SLOT="0/2"
 KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86"
 IUSE="acl audit cryptsetup doc +firmware-loader gcrypt gudev http introspection
 	kdbus +kmod lzma pam policykit python qrcode +seccomp selinux ssl
-	test"
+	nls test"
 
 MINKV="3.10"
 
@@ -209,6 +209,7 @@ multilib_src_configure() {
 		$(use_enable kdbus)
 		$(use_enable kmod)
 		$(use_enable lzma xz)
+		$(use_enable nls)
 		$(use_enable pam)
 		$(use_enable policykit polkit)
 		$(use_with python)

From 31baa96f499cdfdedae11f46e39932ccdf35db33 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Fri, 1 Aug 2014 14:48:59 -0700
Subject: [PATCH 5/8] polkit: fix config install paths, use systemd-tmpfiles

All configs should be installed to /usr and tmpfiles should be used to
create and fix directory permissions instead of the ebuild's postinst.
---
 .../sys-auth/polkit/files/polkit.conf              |  3 +++
 ...lkit-0.112-r2.ebuild => polkit-0.112-r3.ebuild} | 14 +++++++-------
 2 files changed, 10 insertions(+), 7 deletions(-)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/files/polkit.conf
 rename sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/{polkit-0.112-r2.ebuild => polkit-0.112-r3.ebuild} (90%)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/files/polkit.conf b/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/files/polkit.conf
new file mode 100644
index 0000000000..9734ff4ba6
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/files/polkit.conf
@@ -0,0 +1,3 @@
+d   /etc/polkit-1           -       -       -       -   -
+d   /etc/polkit-1/rules.d   0700    polkitd root    -   -
+d   /var/lib/polkit-1       0700    polkitd polkitd -   -
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.112-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.112-r3.ebuild
similarity index 90%
rename from sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.112-r2.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.112-r3.ebuild
index bc4ed206cf..45fc92b868 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.112-r2.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-0.112-r3.ebuild
@@ -112,10 +112,15 @@ src_install() {
 
 	dodoc docs/TODO HACKING NEWS README
 
-	fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+	# relocate default configs from /etc to /usr
+	dodir /usr/share/dbus-1/system.d
+	mv "${D}"/{etc,usr/share}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf || die
+	mv "${D}"/{etc,usr/share}/polkit-1/rules.d/50-default.rules || die
+	rmdir "${D}"/etc/dbus-1/system.d "${D}"/etc/dbus-1 || die
 
+	systemd_dotmpfilesd "${FILESDIR}/polkit.conf"
 	diropts -m0700 -o polkitd -g polkitd
-	keepdir /var/lib/polkit-1
+	dodir /var/lib/polkit-1
 
 	if use examples; then
 		insinto /usr/share/doc/${PF}/examples
@@ -124,8 +129,3 @@ src_install() {
 
 	prune_libtool_files
 }
-
-pkg_postinst() {
-	chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-	chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
-}

From 019485e5a6fab2095d6abb15d7f1ec46b4bff687 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Fri, 1 Aug 2014 14:54:16 -0700
Subject: [PATCH 6/8] profiles: enable polkit

---
 .../profiles/coreos/targets/generic/make.defaults               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults
index aa9ac1421e..48a93350cf 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults
@@ -1,7 +1,7 @@
 # Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
 # Distributed under the terms of the GNU General Public License v2
 
-USE="cros-debug acpi usb symlink-usr cryptsetup -pam"
+USE="cros-debug acpi usb symlink-usr cryptsetup policykit -pam"
 USE="${USE} -cros_host -expat -pic -pie -cairo -X"
 USE="${USE} -acl -cracklib -gpm -openmp -python -sha512"
 USE="${USE} -fortran -abiword -perl -cups -poppler-data -nls"

From c4a5c1f80240620f8753b8e78035932b352fa959 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Fri, 1 Aug 2014 15:02:15 -0700
Subject: [PATCH 7/8] systemd: prune old systemd 212 ebuild

---
 .../coreos-overlay/sys-apps/systemd/Manifest  |   1 -
 .../sys-apps/systemd/files/211-tmpfiles.patch |  12 -
 .../212-0001-sd-rtnl-fix-off-by-one.patch     |  32 --
 ...g-jobs-to-run-queue-in-unit_coldplug.patch |  35 --
 ...aiting-jobs-to-run-queue-during-cold.patch |  39 --
 ...sure-to-serialize-jobs-for-all-units.patch | 118 ----
 ...ntly-ignore-sections-starting-with-X.patch |  73 ---
 ...w-setting-macaddress-in-netdev-files.patch |  74 ---
 .../systemd/files/213-systemd-resolv.conf     |   1 -
 .../sys-apps/systemd/systemd-212-r10.ebuild   | 506 ------------------
 10 files changed, 891 deletions(-)
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/211-tmpfiles.patch
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0001-sd-rtnl-fix-off-by-one.patch
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0002-job-add-waiting-jobs-to-run-queue-in-unit_coldplug.patch
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0003-job-always-add-waiting-jobs-to-run-queue-during-cold.patch
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0004-core-make-sure-to-serialize-jobs-for-all-units.patch
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0005-conf-parser-silently-ignore-sections-starting-with-X.patch
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0006-networkd-netdev-allow-setting-macaddress-in-netdev-files.patch
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/213-systemd-resolv.conf
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-212-r10.ebuild

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest
index 46ea656074..c1558af84b 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest
@@ -1,2 +1 @@
-DIST systemd-212.tar.xz 2722692 SHA256 652906b43704fe705cb47757ea9bbbf3c1ab4a1d55ea38b0013a6f2d0863f2c2 SHA512 3e6dac77785cb2f928886886f92cdd11ed00a4db1453699e0102d3ecffa03d1795f44df10239105e4b2b039f0e3e4b5d44c9f876f25c10a6dc4f7e1fbf87c333 WHIRLPOOL 31d1a967435963155c60ca5016f207aa105e9ddcb7d73e9fcde20f7e1fb66701384b81ee01134bf4d75dfa1ea0d412bb352ff11ac6f8c05e836135baf94bbe37
 DIST systemd-215.tar.xz 2888652 SHA256 ce76a3c05e7d4adc806a3446a5510c0c9b76a33f19adc32754b69a0945124505 SHA512 58de0bf7c43c309c2f8e4b7af16b46608a4ea39cbb280496fe5d43d76ea25545484f4ef62efce18be487c69134e4a038d8787f2c262484f92f7fc6feb3ae2f11 WHIRLPOOL 07389822b9f09cd91f360f3cbdcd0b5bf46ba1750dd1a4ad44fd2813436ef40b447b954d33582ffe83aebde618ecbeac4d2f3231d8afbf3975caf84f52b1053a
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/211-tmpfiles.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/211-tmpfiles.patch
deleted file mode 100644
index 888fa572a7..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/211-tmpfiles.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf
-index 7c6d6b9099b9..1aeb5e40f1ee 100644
---- a/tmpfiles.d/systemd.conf
-+++ b/tmpfiles.d/systemd.conf
-@@ -24,5 +24,7 @@ d /run/systemd/shutdown 0755 root root -
- 
- m /var/log/journal 2755 root systemd-journal - -
- m /var/log/journal/%m 2755 root systemd-journal - -
-+m /var/log/journal/%m/system.journal 2755 root systemd-journal - -
- m /run/log/journal 2755 root systemd-journal - -
- m /run/log/journal/%m 2755 root systemd-journal - -
-+m /run/log/journal/%m/system.journal 2755 root systemd-journal - -
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0001-sd-rtnl-fix-off-by-one.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0001-sd-rtnl-fix-off-by-one.patch
deleted file mode 100644
index 780a171850..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0001-sd-rtnl-fix-off-by-one.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From ef1a79119cc9cdeef03af17795e6a05459a0f3af Mon Sep 17 00:00:00 2001
-From: Steven Siloti <ssiloti@gmail.com>
-Date: Sun, 30 Mar 2014 21:20:26 -0700
-Subject: [PATCH] sd-rtnl: fix off-by-one
-To: systemd-devel@lists.freedesktop.org
-
-Also fix type parameter passed to new0
----
- src/libsystemd/sd-rtnl/rtnl-message.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/libsystemd/sd-rtnl/rtnl-message.c b/src/libsystemd/sd-rtnl/rtnl-message.c
-index 84a8ffa..97ace2a 100644
---- a/src/libsystemd/sd-rtnl/rtnl-message.c
-+++ b/src/libsystemd/sd-rtnl/rtnl-message.c
-@@ -1073,11 +1073,11 @@ int rtnl_message_parse(sd_rtnl_message *m,
-         unsigned short type;
-         size_t *tb;
- 
--        tb = (size_t *) new0(size_t *, max);
-+        tb = new0(size_t, max + 1);
-         if(!tb)
-                 return -ENOMEM;
- 
--        *rta_tb_size = max;
-+        *rta_tb_size = max + 1;
- 
-         for (; RTA_OK(rta, rt_len); rta = RTA_NEXT(rta, rt_len)) {
-                 type = rta->rta_type;
--- 
-1.9.1
-
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0002-job-add-waiting-jobs-to-run-queue-in-unit_coldplug.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0002-job-add-waiting-jobs-to-run-queue-in-unit_coldplug.patch
deleted file mode 100644
index 04307bffdc..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0002-job-add-waiting-jobs-to-run-queue-in-unit_coldplug.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From ff790a30ceae4e64249544f9719f78c385308f67 Mon Sep 17 00:00:00 2001
-From: Brandon Philips <brandon@ifup.co>
-Date: Fri, 25 Apr 2014 09:31:59 -0600
-Subject: [PATCH 2/4] job: add waiting jobs to run queue in unit_coldplug
-
-When we have job installed and added to run queue for service which is
-still in dead state and systemd initiates reload then after reload we
-never add deserialized job to the run queue again. This is caused by
-check in service_coldplug() where we check if deserialized state is
-something else than dead state, which is not the case thus we never call
-service_set_state() and finally unit_notify() where we would have added
-job to the run queue.
-
-Thanks to Michal Sekletar <msekleta@redhat.com> for the original patch.
----
- src/core/job.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/core/job.c b/src/core/job.c
-index 35a9de6..835cfe1 100644
---- a/src/core/job.c
-+++ b/src/core/job.c
-@@ -1066,6 +1066,9 @@ int job_coldplug(Job *j) {
-         if (j->timer_event_source)
-                 j->timer_event_source = sd_event_source_unref(j->timer_event_source);
- 
-+        if (j->state == JOB_WAITING)
-+                job_add_to_run_queue(j);
-+
-         r = sd_event_add_time(
-                         j->manager->event,
-                         &j->timer_event_source,
--- 
-1.8.5.5
-
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0003-job-always-add-waiting-jobs-to-run-queue-during-cold.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0003-job-always-add-waiting-jobs-to-run-queue-during-cold.patch
deleted file mode 100644
index ea0e62f488..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0003-job-always-add-waiting-jobs-to-run-queue-during-cold.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 05728416aba07cf66e6933e65c5c076643a1d62b Mon Sep 17 00:00:00 2001
-From: Michael Marineau <michael.marineau@coreos.com>
-Date: Mon, 12 May 2014 09:26:16 +0200
-Subject: [PATCH 3/4] job: always add waiting jobs to run queue during coldplug
-
-commit 20a83d7bf was not equivalent to the original bug fix proposed by
-Michal Sekletar <msekleta@redhat.com>. The committed version only added
-the job to the run queue if the job had a timeout, which most jobs do
-not have. Just re-ordering the code gets us the intended functionality
----
- src/core/job.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/core/job.c b/src/core/job.c
-index 835cfe1..dc4f441 100644
---- a/src/core/job.c
-+++ b/src/core/job.c
-@@ -1060,15 +1060,15 @@ int job_coldplug(Job *j) {
-         if (r < 0)
-                 return r;
- 
-+        if (j->state == JOB_WAITING)
-+                job_add_to_run_queue(j);
-+
-         if (j->begin_usec == 0 || j->unit->job_timeout == 0)
-                 return 0;
- 
-         if (j->timer_event_source)
-                 j->timer_event_source = sd_event_source_unref(j->timer_event_source);
- 
--        if (j->state == JOB_WAITING)
--                job_add_to_run_queue(j);
--
-         r = sd_event_add_time(
-                         j->manager->event,
-                         &j->timer_event_source,
--- 
-1.8.5.5
-
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0004-core-make-sure-to-serialize-jobs-for-all-units.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0004-core-make-sure-to-serialize-jobs-for-all-units.patch
deleted file mode 100644
index 33c7215853..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0004-core-make-sure-to-serialize-jobs-for-all-units.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From fb7fe351e092bb591a6fc24c76fd4a8effec644d Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Fri, 16 May 2014 01:15:03 +0200
-Subject: [PATCH 4/4] core: make sure to serialize jobs for all units
-
-Previously we wouldn't serialize jobs for units that themselves have
-nothing to serialize.
-
-http://lists.freedesktop.org/archives/systemd-devel/2014-May/019051.html
----
- src/core/manager.c |  3 ---
- src/core/unit.c    | 43 +++++++++++++++++++++----------------------
- 2 files changed, 21 insertions(+), 25 deletions(-)
-
-diff --git a/src/core/manager.c b/src/core/manager.c
-index 224106c..0b91db3 100644
---- a/src/core/manager.c
-+++ b/src/core/manager.c
-@@ -2129,9 +2129,6 @@ int manager_serialize(Manager *m, FILE *f, FDSet *fds, bool switching_root) {
-                 if (u->id != t)
-                         continue;
- 
--                if (!unit_can_serialize(u))
--                        continue;
--
-                 /* Start marker */
-                 fputs(u->id, f);
-                 fputc('\n', f);
-diff --git a/src/core/unit.c b/src/core/unit.c
-index 153b79b..9147686 100644
---- a/src/core/unit.c
-+++ b/src/core/unit.c
-@@ -2287,25 +2287,25 @@ bool unit_can_serialize(Unit *u) {
- }
- 
- int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool serialize_jobs) {
--        ExecRuntime *rt;
-         int r;
- 
-         assert(u);
-         assert(f);
-         assert(fds);
- 
--        if (!unit_can_serialize(u))
--                return 0;
--
--        r = UNIT_VTABLE(u)->serialize(u, f, fds);
--        if (r < 0)
--                return r;
-+        if (unit_can_serialize(u)) {
-+                ExecRuntime *rt;
- 
--        rt = unit_get_exec_runtime(u);
--        if (rt) {
--                r = exec_runtime_serialize(rt, u, f, fds);
-+                r = UNIT_VTABLE(u)->serialize(u, f, fds);
-                 if (r < 0)
-                         return r;
-+
-+                rt = unit_get_exec_runtime(u);
-+                if (rt) {
-+                        r = exec_runtime_serialize(rt, u, f, fds);
-+                        if (r < 0)
-+                                return r;
-+                }
-         }
- 
-         dual_timestamp_serialize(f, "inactive-exit-timestamp", &u->inactive_exit_timestamp);
-@@ -2367,17 +2367,14 @@ void unit_serialize_item(Unit *u, FILE *f, const char *key, const char *value) {
- }
- 
- int unit_deserialize(Unit *u, FILE *f, FDSet *fds) {
--        size_t offset;
-         ExecRuntime **rt = NULL;
-+        size_t offset;
-         int r;
- 
-         assert(u);
-         assert(f);
-         assert(fds);
- 
--        if (!unit_can_serialize(u))
--                return 0;
--
-         offset = UNIT_VTABLE(u)->exec_runtime_offset;
-         if (offset > 0)
-                 rt = (ExecRuntime**) ((uint8_t*) u + offset);
-@@ -2494,17 +2491,19 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) {
-                         continue;
-                 }
- 
--                if (rt) {
--                        r = exec_runtime_deserialize_item(rt, u, l, v, fds);
-+                if (unit_can_serialize(u)) {
-+                        if (rt) {
-+                                r = exec_runtime_deserialize_item(rt, u, l, v, fds);
-+                                if (r < 0)
-+                                        return r;
-+                                if (r > 0)
-+                                        continue;
-+                        }
-+
-+                        r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds);
-                         if (r < 0)
-                                 return r;
--                        if (r > 0)
--                                continue;
-                 }
--
--                r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds);
--                if (r < 0)
--                        return r;
-         }
- }
- 
--- 
-1.8.5.5
-
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0005-conf-parser-silently-ignore-sections-starting-with-X.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0005-conf-parser-silently-ignore-sections-starting-with-X.patch
deleted file mode 100644
index c2d877e1e8..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0005-conf-parser-silently-ignore-sections-starting-with-X.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From 92b626e34454aa14b51a9b21a1e885806c10d2fb Mon Sep 17 00:00:00 2001
-From: Michael Marineau <michael.marineau@coreos.com>
-Date: Fri, 16 May 2014 16:03:38 -0700
-Subject: [PATCH 5/5] conf-parser: silently ignore sections starting with "X-"
-
-This allows external tools to keep additional unit information in a
-separate section without scaring users with a big warning.
----
- src/shared/conf-parser.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c
-index d27b1b7..062b15b 100644
---- a/src/shared/conf-parser.c
-+++ b/src/shared/conf-parser.c
-@@ -204,6 +204,7 @@ static int parse_line(const char* unit,
-                       bool allow_include,
-                       char **section,
-                       unsigned *section_line,
-+                      bool *section_ignored,
-                       char *l,
-                       void *userdata) {
- 
-@@ -266,7 +267,7 @@ static int parse_line(const char* unit,
- 
-                 if (sections && !nulstr_contains(sections, n)) {
- 
--                        if (!relaxed)
-+                        if (!relaxed && !startswith(n, "X-"))
-                                 log_syntax(unit, LOG_WARNING, filename, line, EINVAL,
-                                            "Unknown section '%s'. Ignoring.", n);
- 
-@@ -274,10 +275,12 @@ static int parse_line(const char* unit,
-                         free(*section);
-                         *section = NULL;
-                         *section_line = 0;
-+                        *section_ignored = true;
-                 } else {
-                         free(*section);
-                         *section = n;
-                         *section_line = line;
-+                        *section_ignored = false;
-                 }
- 
-                 return 0;
-@@ -285,7 +288,7 @@ static int parse_line(const char* unit,
- 
-         if (sections && !*section) {
- 
--                if (!relaxed)
-+                if (!relaxed && !*section_ignored)
-                         log_syntax(unit, LOG_WARNING, filename, line, EINVAL,
-                                    "Assignment outside of section. Ignoring.");
- 
-@@ -328,6 +331,7 @@ int config_parse(const char *unit,
-         _cleanup_free_ char *section = NULL, *continuation = NULL;
-         _cleanup_fclose_ FILE *ours = NULL;
-         unsigned line = 0, section_line = 0;
-+        bool section_ignored = false;
-         int r;
- 
-         assert(filename);
-@@ -399,6 +403,7 @@ int config_parse(const char *unit,
-                                allow_include,
-                                &section,
-                                &section_line,
-+                               &section_ignored,
-                                p,
-                                userdata);
-                 free(c);
--- 
-1.8.5.5
-
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0006-networkd-netdev-allow-setting-macaddress-in-netdev-files.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0006-networkd-netdev-allow-setting-macaddress-in-netdev-files.patch
deleted file mode 100644
index 0b6fc05f71..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0006-networkd-netdev-allow-setting-macaddress-in-netdev-files.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From e846210989367233171151ae3528d65b63a9e5a8 Mon Sep 17 00:00:00 2001
-From: Tom Gundersen <teg@jklm.no>
-Date: Sat, 14 Jun 2014 15:38:35 +0200
-Subject: [PATCH] networkd: netdev - allow setting MACAddress in .netdev files
-
-It may sometimes be necessary to specify the MAC address of a netdev.
-Let us set the correct one from the get-go, rather than having the
-kernel generate a random one, and then change it after.
-
-Conflicts:
-	src/network/networkd-netdev-gperf.gperf
-	src/network/networkd-netdev.c
-	src/network/networkd-tunnel.c
-	src/network/networkd-veth.c
-	src/network/networkd.h
----
- src/network/networkd-netdev-gperf.gperf |  1 +
- src/network/networkd-netdev.c           | 11 +++++++++++
- src/network/networkd.h                  |  1 +
- 3 files changed, 13 insertions(+)
-
-diff --git a/src/network/networkd-netdev-gperf.gperf b/src/network/networkd-netdev-gperf.gperf
-index ea7ba57..30b9333 100644
---- a/src/network/networkd-netdev-gperf.gperf
-+++ b/src/network/networkd-netdev-gperf.gperf
-@@ -24,3 +24,4 @@ NetDev.Name,             config_parse_ifname,                0,
- NetDev.Kind,             config_parse_netdev_kind,           0,                             offsetof(NetDev, kind)
- VLAN.Id,                 config_parse_uint64,                0,                             offsetof(NetDev, vlanid)
- MACVLAN.Mode,            config_parse_macvlan_mode,          0,                             offsetof(NetDev, macvlan_mode)
-+NetDev.MACAddress,       config_parse_hwaddr,                0,                             offsetof(NetDev, mac)
-diff --git a/src/network/networkd-netdev.c b/src/network/networkd-netdev.c
-index e333c47..07a0878 100644
---- a/src/network/networkd-netdev.c
-+++ b/src/network/networkd-netdev.c
-@@ -66,6 +66,7 @@ void netdev_free(NetDev *netdev) {
- 
-         free(netdev->description);
-         free(netdev->name);
-+        free(netdev->mac);
- 
-         condition_free_list(netdev->match_host);
-         condition_free_list(netdev->match_virt);
-@@ -277,6 +278,16 @@ static int netdev_create(NetDev *netdev, Link *link, sd_rtnl_message_handler_t c
-                 return r;
-         }
- 
-+        if (netdev->mac) {
-+                r = sd_rtnl_message_append_ether_addr(req, IFLA_ADDRESS, netdev->mac);
-+                if (r < 0) {
-+                        log_error_netdev(netdev,
-+                                         "Colud not append IFLA_ADDRESS attribute: %s",
-+                                         strerror(-r));
-+                    return r;
-+                }
-+        }
-+
-         r = sd_rtnl_message_open_container(req, IFLA_LINKINFO);
-         if (r < 0) {
-                 log_error_netdev(netdev,
-diff --git a/src/network/networkd.h b/src/network/networkd.h
-index 8144031..877ac83 100644
---- a/src/network/networkd.h
-+++ b/src/network/networkd.h
-@@ -90,6 +90,7 @@ struct NetDev {
- 
-         char *description;
-         char *name;
-+        struct ether_addr *mac;
-         NetDevKind kind;
- 
-         uint64_t vlanid;
--- 
-1.9.3
-
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/213-systemd-resolv.conf b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/213-systemd-resolv.conf
deleted file mode 100644
index 82a3113589..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/213-systemd-resolv.conf
+++ /dev/null
@@ -1 +0,0 @@
-L   /etc/resolv.conf    -   -   -   -   /run/systemd/network/resolv.conf
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-212-r10.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-212-r10.ebuild
deleted file mode 100644
index 8064ae118a..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-212-r10.ebuild
+++ /dev/null
@@ -1,506 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/systemd-9999.ebuild,v 1.103 2014/03/31 19:01:25 floppym Exp $
-
-EAPI=5
-
-if [[ ${PV} == 9999 ]]; then
-AUTOTOOLS_AUTORECONF=yes
-EGIT_REPO_URI="git://anongit.freedesktop.org/${PN}/${PN}
-	http://cgit.freedesktop.org/${PN}/${PN}/"
-
-inherit git-r3
-
-elif [[ ${PV} == *9999 ]]; then
-AUTOTOOLS_AUTORECONF=yes
-EGIT_REPO_URI="git://anongit.freedesktop.org/${PN}/${PN}-stable
-	http://cgit.freedesktop.org/${PN}/${PN}-stable/"
-EGIT_BRANCH=v${PV%%.*}-stable
-
-inherit git-r3
-fi
-
-AUTOTOOLS_PRUNE_LIBTOOL_FILES=all
-PYTHON_COMPAT=( python{2_7,3_2,3_3} )
-inherit autotools-utils bash-completion-r1 fcaps linux-info multilib \
-	multilib-minimal pam python-single-r1 systemd toolchain-funcs udev \
-	user
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="http://www.freedesktop.org/wiki/Software/systemd"
-SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-KEYWORDS="~alpha amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86"
-IUSE="acl audit cryptsetup doc +firmware-loader gcrypt gudev http introspection
-	kdbus +kmod lzma pam policykit python qrcode +seccomp selinux ssl
-	test xattr"
-
-MINKV="3.0"
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.20:0=
-	sys-libs/libcap:0=
-	acl? ( sys-apps/acl:0= )
-	audit? ( >=sys-process/audit-2:0= )
-	cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
-	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0= )
-	gudev? ( dev-libs/glib:2=[${MULTILIB_USEDEP}] )
-	http? ( >=net-libs/libmicrohttpd-0.9.33:0= )
-	introspection? ( >=dev-libs/gobject-introspection-1.31.1:0= )
-	kmod? ( >=sys-apps/kmod-15:0= )
-	lzma? ( app-arch/xz-utils:0=[${MULTILIB_USEDEP}] )
-	pam? ( virtual/pam:= )
-	python? ( ${PYTHON_DEPS} )
-	qrcode? ( media-gfx/qrencode:0= )
-	seccomp? ( >=sys-libs/libseccomp-2.1:0= )
-	selinux? ( sys-libs/libselinux:0= )
-	ssl? ( >=net-libs/gnutls-3.1.4:0= )
-	xattr? ( sys-apps/attr:0= )
-	abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
-	>=sys-apps/baselayout-2.2
-	|| (
-		>=sys-apps/util-linux-2.22
-		<sys-apps/sysvinit-2.88-r4
-	)
-	!sys-auth/nss-myhostname
-	!<sys-libs/glibc-2.14
-	!sys-fs/udev"
-
-# sys-apps/daemon: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.6.8-r1:0
-	>=sys-apps/hwids-20130717-r1[udev]
-	policykit? ( sys-auth/polkit )"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
-	app-arch/xz-utils:0
-	dev-util/gperf
-	>=dev-util/intltool-0.50
-	>=sys-devel/binutils-2.23.1
-	>=sys-devel/gcc-4.6
-	>=sys-kernel/linux-headers-${MINKV}
-	ia64? ( >=sys-kernel/linux-headers-3.9 )
-	virtual/pkgconfig
-	doc? ( >=dev-util/gtk-doc-1.18 )
-	python? ( dev-python/lxml[${PYTHON_USEDEP}] )
-	test? ( >=sys-apps/dbus-1.6.8-r1:0 )"
-
-if [[ ${PV} == *9999 ]]; then
-DEPEND="${DEPEND}
-	app-text/docbook-xml-dtd:4.2
-	app-text/docbook-xml-dtd:4.5
-	app-text/docbook-xsl-stylesheets
-	dev-libs/libxslt:0
-	dev-libs/gobject-introspection
-	>=dev-libs/libgcrypt-1.4.5:0"
-
-SRC_URI=
-KEYWORDS=
-fi
-
-src_prepare() {
-if [[ ${PV} == *9999 ]]; then
-	if use doc; then
-		gtkdocize --docdir docs/ || die
-	else
-		echo 'EXTRA_DIST =' > docs/gtk-doc.make
-	fi
-fi
-	# fix networkd crash, https://bugs.gentoo.org/show_bug.cgi?id=507044
-	epatch "${FILESDIR}"/212-0001-sd-rtnl-fix-off-by-one.patch
-
-	# fix stuck jobs after daemon-reload
-	epatch "${FILESDIR}"/212-0002-job-add-waiting-jobs-to-run-queue-in-unit_coldplug.patch
-	epatch "${FILESDIR}"/212-0003-job-always-add-waiting-jobs-to-run-queue-during-cold.patch
-
-	# fix broken device dependencies after daemon-reload
-	epatch "${FILESDIR}"/212-0004-core-make-sure-to-serialize-jobs-for-all-units.patch
-
-	# stop scaring all our users with warnings about "X-Fleet"
-	epatch "${FILESDIR}"/212-0005-conf-parser-silently-ignore-sections-starting-with-X.patch
-
-	# networkd: netdev - allow setting MACAddress in .netdev files
-	epatch "${FILESDIR}"/212-0006-networkd-netdev-allow-setting-macaddress-in-netdev-files.patch
-
-	# patch to make journald work at first boot
-	epatch "${FILESDIR}"/211-tmpfiles.patch
-
-	# Bug 463376
-	sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
-
-	autotools-utils_src_prepare
-}
-
-pkg_pretend() {
-	local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS ~DEVTMPFS ~DMIID
-		~EPOLL ~FANOTIFY ~FHANDLE ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS
-		~SECCOMP ~SIGNALFD ~SYSFS ~TIMERFD
-		~!IDE ~!SYSFS_DEPRECATED ~!SYSFS_DEPRECATED_V2
-		~!GRKERNSEC_PROC"
-
-	use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
-	use pam && CONFIG_CHECK+=" ~AUDITSYSCALL"
-	use xattr && CONFIG_CHECK+=" ~TMPFS_XATTR"
-	kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
-	use firmware-loader || CONFIG_CHECK+=" ~!FW_LOADER_USER_HELPER"
-
-	if linux_config_exists; then
-		local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
-			if [ -n "${uevent_helper_path}" ] && [ "${uevent_helper_path}" != '""' ]; then
-				ewarn "It's recommended to set an empty value to the following kernel config option:"
-				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
-			fi
-	fi
-
-	if [[ ${MERGE_TYPE} != binary ]]; then
-		if [[ $(gcc-major-version) -lt 4
-			|| ( $(gcc-major-version) -eq 4 && $(gcc-minor-version) -lt 6 ) ]]
-		then
-			eerror "systemd requires at least gcc 4.6 to build. Please switch the active"
-			eerror "gcc version using gcc-config."
-			die "systemd requires at least gcc 4.6"
-		fi
-	fi
-
-	if [[ ${MERGE_TYPE} != buildonly ]]; then
-		if kernel_is -lt ${MINKV//./ }; then
-			ewarn "Kernel version at least ${MINKV} required"
-		fi
-
-		if ! use firmware-loader && kernel_is -lt 3 8; then
-			ewarn "You seem to be using kernel older than 3.8. Those kernel versions"
-			ewarn "require systemd with USE=firmware-loader to support loading"
-			ewarn "firmware. Missing this flag may cause some hardware not to work."
-		fi
-
-		check_extra_config
-	fi
-}
-
-pkg_setup() {
-	use python && python-single-r1_pkg_setup
-}
-
-multilib_src_configure() {
-	local myeconfargs=(
-		# disable -flto since it is an optimization flag
-		# and makes distcc less effective
-		cc_cv_CFLAGS__flto=no
-
-		--with-pamconfdir=/usr/share/pam.d
-		--with-dbuspolicydir=/usr/share/dbus-1/system.d
-		--disable-maintainer-mode
-		--localstatedir=/var
-		--with-pamlibdir=$(getpam_mod_dir)
-		# avoid bash-completion dep
-		--with-bashcompletiondir="$(get_bashcompdir)"
-		# make sure we get /bin:/sbin in $PATH
-		--enable-split-usr
-		# disable sysv compatibility
-		--with-sysvinit-path=
-		--with-sysvrcnd-path=
-		# no deps
-		--enable-efi
-		--enable-ima
-		# optional components/dependencies
-		$(use_enable acl)
-		$(use_enable audit)
-		$(use_enable cryptsetup libcryptsetup)
-		$(use_enable doc gtk-doc)
-		$(use_enable gcrypt)
-		$(use_enable gudev)
-		$(use_enable http microhttpd)
-		$(use_enable introspection)
-		$(use_enable kdbus)
-		$(use_enable kmod)
-		$(use_enable lzma xz)
-		$(use_enable pam)
-		$(use_enable policykit polkit)
-		$(use_with python)
-		$(use_enable python python-devel)
-		$(use_enable qrcode qrencode)
-		$(use_enable seccomp)
-		$(use_enable selinux)
-		$(use_enable ssl gnutls)
-		$(use_enable test tests)
-		$(use_enable xattr)
-
-		# not supported (avoid automagic deps in the future)
-		--disable-chkconfig
-
-		# hardcode a few paths to spare some deps
-		QUOTAON=/usr/sbin/quotaon
-		QUOTACHECK=/usr/sbin/quotacheck
-	)
-
-	# Keep using the one where the rules were installed.
-	MY_UDEVDIR=$(get_udevdir)
-
-	if use firmware-loader; then
-		myeconfargs+=(
-			--with-firmware-path="/lib/firmware/updates:/lib/firmware"
-		)
-	fi
-
-	# Added for testing; this is UNSUPPORTED by the Gentoo systemd team!
-	if [[ -n ${ROOTPREFIX+set} ]]; then
-		myeconfargs+=(
-			--with-rootprefix="${ROOTPREFIX}"
-			--with-rootlibdir="${ROOTPREFIX}/$(get_libdir)"
-		)
-	fi
-
-	if ! multilib_is_native_abi; then
-		myeconfargs+=(
-			ac_cv_search_cap_init=
-			ac_cv_header_sys_capability_h=yes
-			DBUS_CFLAGS=' '
-			DBUS_LIBS=' '
-
-			--disable-acl
-			--disable-audit
-			--disable-gcrypt
-			--disable-gnutls
-			--disable-gtk-doc
-			--disable-introspection
-			--disable-kmod
-			--disable-libcryptsetup
-			--disable-microhttpd
-			--disable-networkd
-			--disable-pam
-			--disable-polkit
-			--disable-qrencode
-			--disable-seccomp
-			--disable-selinux
-			--disable-tests
-			--disable-xattr
-			--disable-xz
-			--disable-python-devel
-		)
-	fi
-
-	# Work around bug 463846.
-	tc-export CC
-
-	autotools-utils_src_configure
-}
-
-multilib_src_compile() {
-	local mymakeopts=(
-		udevlibexecdir="${MY_UDEVDIR}"
-	)
-
-	if multilib_is_native_abi; then
-		emake "${mymakeopts[@]}"
-	else
-		# prerequisites for gudev
-		use gudev && emake src/gudev/gudev{enumtypes,marshal}.{c,h}
-
-		echo 'gentoo: $(BUILT_SOURCES)' | \
-		emake "${mymakeopts[@]}" -f Makefile -f - gentoo
-		echo 'gentoo: $(lib_LTLIBRARIES) $(pkgconfiglib_DATA)' | \
-		emake "${mymakeopts[@]}" -f Makefile -f - gentoo
-	fi
-}
-
-multilib_src_test() {
-	multilib_is_native_abi || continue
-
-	default
-}
-
-multilib_src_install() {
-	local mymakeopts=(
-		# automake fails with parallel libtool relinking
-		# https://bugs.gentoo.org/show_bug.cgi?id=491398
-		-j1
-
-		udevlibexecdir="${MY_UDEVDIR}"
-		dist_udevhwdb_DATA=
-		DESTDIR="${D}"
-	)
-
-	if multilib_is_native_abi; then
-		emake "${mymakeopts[@]}" install
-	else
-		mymakeopts+=(
-			install-libLTLIBRARIES
-			install-pkgconfiglibDATA
-			install-includeHEADERS
-			# safe to call unconditionally, 'installs' empty list
-			install-libgudev_includeHEADERS
-			install-pkgincludeHEADERS
-		)
-
-		emake "${mymakeopts[@]}"
-	fi
-
-	# install compat pkg-config files
-	local pcfiles=( src/compat-libs/libsystemd-{daemon,id128,journal,login}.pc )
-	emake "${mymakeopts[@]}" install-pkgconfiglibDATA \
-		pkgconfiglib_DATA="${pcfiles[*]}"
-}
-
-multilib_src_install_all() {
-	prune_libtool_files --modules
-	einstalldocs
-
-	# we just keep sysvinit tools, so no need for the mans
-	rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
-		|| die
-	rm "${D}"/usr/share/man/man1/init.1 || die
-
-	# Disable storing coredumps in journald, bug #433457
-	mv "${D}"/usr/lib/sysctl.d/50-coredump.conf{,.disabled} || die
-
-	systemd_dotmpfilesd "${FILESDIR}"/systemd-coreos.conf
-	systemd_newtmpfilesd "${FILESDIR}"/213-systemd-resolv.conf systemd-resolv.conf
-
-	# Don't default to graphical.target
-	rm "${D}"/usr/lib/systemd/system/default.target || die
-	dosym multi-user.target /usr/lib/systemd/system/default.target
-
-	# Move a few services enabled in /etc to /usr
-	rm "${D}"/etc/systemd/system/getty.target.wants/getty@tty1.service || die
-	rmdir "${D}"/etc/systemd/system/getty.target.wants || die
-	dosym ../getty@.service /usr/lib/systemd/system/getty.target.wants/getty@tty1.service
-
-	rm "${D}"/etc/systemd/system/multi-user.target.wants/remote-fs.target \
-		"${D}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service \
-		|| die
-	rmdir "${D}"/etc/systemd/system/multi-user.target.wants || die
-	systemd_enable_service multi-user.target remote-fs.target
-	systemd_enable_service multi-user.target systemd-networkd.service
-}
-
-migrate_locale() {
-	local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
-	local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
-	local locale_conf="${EROOT%/}/etc/locale.conf"
-
-	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
-		# If locale.conf does not exist...
-		if [[ -e ${envd_locale} ]]; then
-			# ...either copy env.d/??locale if there's one
-			ebegin "Moving ${envd_locale} to ${locale_conf}"
-			mv "${envd_locale}" "${locale_conf}"
-			eend ${?} || FAIL=1
-		else
-			# ...or create a dummy default
-			ebegin "Creating ${locale_conf}"
-			cat > "${locale_conf}" <<-EOF
-				# This file has been created by the sys-apps/systemd ebuild.
-				# See locale.conf(5) and localectl(1).
-
-				# LANG=${LANG}
-			EOF
-			eend ${?} || FAIL=1
-		fi
-	fi
-
-	if [[ ! -L ${envd_locale} ]]; then
-		# now, if env.d/??locale is not a symlink (to locale.conf)...
-		if [[ -e ${envd_locale} ]]; then
-			# ...warn the user that he has duplicate locale settings
-			ewarn
-			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
-			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
-			ewarn "and create the symlink with the following command:"
-			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
-			ewarn
-		else
-			# ...or just create the symlink if there's nothing here
-			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
-			ln -n -s ../locale.conf "${envd_locale_def}"
-			eend ${?} || FAIL=1
-		fi
-	fi
-}
-
-migrate_net_name_slot() {
-	# If user has disabled 80-net-name-slot.rules using a empty file or a symlink to /dev/null,
-	# do the same for 80-net-setup-link.rules to keep the old behavior
-	local net_move=no
-	local net_name_slot_sym=no
-	local net_rules_path="${EROOT%/}"/etc/udev/rules.d
-	local net_name_slot="${net_rules_path}"/80-net-name-slot.rules
-	local net_setup_link="${net_rules_path}"/80-net-setup-link.rules
-	if [[ -e ${net_setup_link} ]]; then
-		net_move=no
-	elif [[ -f ${net_name_slot} && $(sed -e "/^#/d" -e "/^\W*$/d" ${net_name_slot} | wc -l) == 0 ]]; then
-		net_move=yes
-	elif [[ -L ${net_name_slot} && $(readlink ${net_name_slot}) == /dev/null ]]; then
-		net_move=yes
-		net_name_slot_sym=yes
-	fi
-	if [[ ${net_move} == yes ]]; then
-		ebegin "Copying ${net_name_slot} to ${net_setup_link}"
-
-		if [[ ${net_name_slot_sym} == yes ]]; then
-			ln -nfs /dev/null "${net_setup_link}"
-		else
-			cp "${net_name_slot}" "${net_setup_link}"
-		fi
-		eend $? || FAIL=1
-	fi
-}
-
-pkg_postinst() {
-	enewgroup systemd-journal
-	if use http; then
-		enewgroup systemd-journal-gateway
-		enewuser systemd-journal-gateway -1 -1 -1 systemd-journal-gateway
-	fi
-	systemd_update_catalog
-
-	# Keep this here in case the database format changes so it gets updated
-	# when required. Despite that this file is owned by sys-apps/hwids.
-	if has_version "sys-apps/hwids[udev]"; then
-		udevadm hwdb --update --root="${ROOT%/}"
-	fi
-
-	udev_reload || FAIL=1
-
-	# Bug 468876
-	fcaps cap_dac_override,cap_sys_ptrace=ep usr/bin/systemd-detect-virt
-
-	# Bug 465468, make sure locales are respect, and ensure consistency
-	# between OpenRC & systemd
-	migrate_locale
-
-	# Migrate 80-net-name-slot.rules -> 80-net-setup-link.rules
-	migrate_net_name_slot
-
-	if [[ ${FAIL} ]]; then
-		eerror "One of the postinst commands failed. Please check the postinst output"
-		eerror "for errors. You may need to clean up your system and/or try installing"
-		eerror "systemd again."
-		eerror
-	fi
-
-	if [[ ! -L "${ROOT}"/etc/mtab ]]; then
-		ewarn "Upstream mandates the /etc/mtab file should be a symlink to /proc/mounts."
-		ewarn "Not having it is not supported by upstream and will cause tools like 'df'"
-		ewarn "and 'mount' to not work properly. Please run:"
-		ewarn "	# ln -sf '${ROOT}proc/self/mounts' '${ROOT}etc/mtab'"
-		ewarn
-	fi
-
-	if ! has_version sys-apps/systemd-ui; then
-		elog "To get additional features, a number of optional runtime dependencies may"
-		elog "be installed:"
-		elog "- sys-apps/systemd-ui: for GTK+ systemadm UI and gnome-ask-password-agent"
-	fi
-}
-
-pkg_prerm() {
-	# If removing systemd completely, remove the catalog database.
-	if [[ ! ${REPLACED_BY_VERSION} ]]; then
-		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
-	fi
-}

From 9fe02d0460e4e8a52643b5bcbb006d34d09f2d1b Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Fri, 1 Aug 2014 15:44:36 -0700
Subject: [PATCH 8/8] systemd: grant networkd access to set transient host name

---
 .../systemd/files/99-org.freedesktop.hostname1.rules        | 6 ++++++
 .../{systemd-215-r9.ebuild => systemd-215-r10.ebuild}       | 4 ++++
 2 files changed, 10 insertions(+)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-org.freedesktop.hostname1.rules
 rename sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/{systemd-215-r9.ebuild => systemd-215-r10.ebuild} (99%)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-org.freedesktop.hostname1.rules b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-org.freedesktop.hostname1.rules
new file mode 100644
index 0000000000..70bec0f868
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-org.freedesktop.hostname1.rules
@@ -0,0 +1,6 @@
+polkit.addRule(function(action, subject) {
+        if (action.id == "org.freedesktop.hostname1.set-hostname" &&
+            subject.user == "systemd-network") {
+                return polkit.Result.YES;
+        }
+});
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r10.ebuild
similarity index 99%
rename from sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r9.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r10.ebuild
index 8861ca885e..a1feadf44f 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r9.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r10.ebuild
@@ -383,6 +383,10 @@ multilib_src_install_all() {
 	systemd_enable_service multi-user.target systemd-networkd.service
 	systemd_enable_service multi-user.target systemd-resolved.service
 	systemd_enable_service network-online.target systemd-networkd-wait-online.service
+
+	# Grant networkd access to set the transient host name
+	insinto /usr/share/polkit-1/rules.d
+	doins "${FILESDIR}"/99-org.freedesktop.hostname1.rules
 }
 
 migrate_locale() {