From 12509babed91cf2960470f8b715b3bbfd7c15e80 Mon Sep 17 00:00:00 2001
From: Alex Crawford <alex.crawford@coreos.com>
Date: Tue, 10 May 2016 15:18:05 -0700
Subject: [PATCH] app-emulation/google-compute-daemon: bump to 1.3.2

---
 .../google-compute-daemon/Manifest            |  2 +-
 ...dd-users-to-docker-group-by-default.patch} | 21 ++++----
 ...xes-authorized_keys-file-permissions.patch | 40 ---------------
 ...google-daemon-use-for-the-passwd-not.patch | 29 -----------
 ... => 0002-Use-ens4v1-instead-of-eth0.patch} | 51 ++++++++-----------
 ...ild => google-compute-daemon-1.3.2.ebuild} | 10 ++--
 6 files changed, 35 insertions(+), 118 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/{0001-feat-accounts-add-users-to-the-sudo-and-docker-group.patch => 0001-Add-users-to-docker-group-by-default.patch} (55%)
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-Fixes-authorized_keys-file-permissions.patch
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-fix-google-daemon-use-for-the-passwd-not.patch
 rename sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/{0001-hack-address_manager-use-CoreOS-names-and-locations.patch => 0002-Use-ens4v1-instead-of-eth0.patch} (61%)
 rename sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/{google-compute-daemon-1.1.1-r4.ebuild => google-compute-daemon-1.3.2.ebuild} (52%)

diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/Manifest b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/Manifest
index 915244a147..b66fc42cf1 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/Manifest
@@ -1 +1 @@
-DIST google-daemon-1.1.1.tar.gz 15770 SHA256 05a5be0bb4ef8b339d51c8b32dda3a8bd60b5fc9aeac453c26207443a6712703 SHA512 583f60865716fa36e2eb55a6d73137e151e8560ce7c91aa4b03de62466494e3c0e9878bc1356f03eb592df67de3bf250e970a5a9b86a6382fc3013bcc5cd7501 WHIRLPOOL 541774e01b96409f0e517f7a66a7a9d233e753280bd6a16e303baac2a00af896653a8491f4484bf753e41ad83acabd320cf7d4e9b10e5ac3b6418f583fe32770
+DIST google-daemon-1.3.2.tar.gz 18551 SHA256 f2d9476e8fb9134e6d5774838d6dacc4bff9495f29804e2dba7fdee574248d29 SHA512 26e691227d55f85cbac853a0b07d6e7d2cc4c6722987afe243170775bb7ee6db1b904a5996c97a152d5352c2d08b856a2389cb281ee47ee3fdc49508120404dc WHIRLPOOL c43b733d63ae026f8e9895a63f2548ecddab33f7fc399f853db5180f1ead343432aa923e0e0b0fff278064ac5ad3ce4dfc7b7a064197e762fad6bc6cc49092b6
diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-feat-accounts-add-users-to-the-sudo-and-docker-group.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-Add-users-to-docker-group-by-default.patch
similarity index 55%
rename from sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-feat-accounts-add-users-to-the-sudo-and-docker-group.patch
rename to sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-Add-users-to-docker-group-by-default.patch
index d5f4dd39a3..debf5f3a93 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-feat-accounts-add-users-to-the-sudo-and-docker-group.patch
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-Add-users-to-docker-group-by-default.patch
@@ -1,29 +1,26 @@
-From dbe7826e27c8f82afbd7acf902812f4d9c8317d6 Mon Sep 17 00:00:00 2001
-From: Brandon Philips <brandon@ifup.co>
-Date: Fri, 4 Apr 2014 12:12:00 -0700
-Subject: [PATCH] feat(accounts): add users to the sudo and docker groups by
- default
+From dba9b86ed013b0520fbd731239c5d93769a6a9f4 Mon Sep 17 00:00:00 2001
+From: Alex Crawford <alex.crawford@coreos.com>
+Date: Tue, 10 May 2016 14:40:32 -0700
+Subject: [PATCH 1/3] Add users to docker group by default
 
-On CoreOS the sudo group gets passwordless sudo. Add users to this
-group. Docker is used to provide access to gcloud tools, give users
-access so docker just works for them.
+This allows users to use Docker without needing sudo.
 ---
  google-daemon/usr/share/google/google_daemon/accounts.py | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/google-daemon/usr/share/google/google_daemon/accounts.py b/google-daemon/usr/share/google/google_daemon/accounts.py
-index 4c572ca..ae00e1b 100755
+index e14f5c0..31241f9 100755
 --- a/google-daemon/usr/share/google/google_daemon/accounts.py
 +++ b/google-daemon/usr/share/google/google_daemon/accounts.py
 @@ -76,7 +76,7 @@ class Accounts(object):
      self.urllib2 = urllib2_module
  
      self.default_user_groups = self.GroupsThatExist(
--        ['adm', 'video', 'dip', 'plugdev'])
+-        ['adm', 'video', 'dip', 'plugdev', 'sudo'])
 +        ['adm', 'video', 'dip', 'plugdev', 'sudo', 'docker'])
  
-   def CreateUser(self, username, ssh_keys):
+   def UpdateUser(self, username, ssh_keys):
      """Create username on the system, with authorized ssh_keys."""
 -- 
-1.8.5.5
+2.7.3
 
diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-Fixes-authorized_keys-file-permissions.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-Fixes-authorized_keys-file-permissions.patch
deleted file mode 100644
index 1289643af2..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-Fixes-authorized_keys-file-permissions.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 6b9c8b8ae50dd3530c80fdd26fbeef7fc9ae8dff Mon Sep 17 00:00:00 2001
-From: Ferran Rodenas <frodenas@gmail.com>
-Date: Tue, 18 Feb 2014 00:21:17 -0800
-Subject: [PATCH] Fixes authorized_keys file permissions
-
-Owner and group id are not inherit when calling shutil move. This commit
-moves setting permissions logic for the authorized_keys file to be sure
-that the final destination file has the proper permissions.
----
- google-daemon/usr/share/google/google_daemon/accounts.py | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/google-daemon/usr/share/google/google_daemon/accounts.py b/google-daemon/usr/share/google/google_daemon/accounts.py
-index 4c572ca..6f970c4 100755
---- a/google-daemon/usr/share/google/google_daemon/accounts.py
-+++ b/google-daemon/usr/share/google/google_daemon/accounts.py
-@@ -378,10 +378,6 @@ class Accounts(object):
-       user_lines = [
-           lines[i] for i in range(len(lines)) if i not in google_added_ixs]
- 
--      # Make sure the keys_file has the right perms (u+rw).
--      self.os.fchmod(keys_file.fileno(), 0600)
--      self.os.fchown(keys_file.fileno(), uid, gid)
--
-       # First write user's entries.
-       for user_line in user_lines:
-         keys_file.write(EnsureTrailingNewline(user_line))
-@@ -394,5 +390,9 @@ class Accounts(object):
-     # Override the old authorized keys file with the new one.
-     self.system.MoveFile(new_keys_path, authorized_keys_file)
- 
-+    # Make sure the authorized_keys_file has the right perms (u+rw).
-+    self.os.chmod(authorized_keys_file, 0600)
-+    self.os.chown(authorized_keys_file, uid, gid)
-+
-     # Set SELinux context, if applicable to this system
-     self.SetSELinuxContext(authorized_keys_file)
--- 
-1.8.5.2 (Apple Git-48)
-
diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-fix-google-daemon-use-for-the-passwd-not.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-fix-google-daemon-use-for-the-passwd-not.patch
deleted file mode 100644
index 45aad642b9..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-fix-google-daemon-use-for-the-passwd-not.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 0243ab89cd941f15344ef03b63c96f3f0e1ffa45 Mon Sep 17 00:00:00 2001
-From: Brandon Philips <brandon@ifup.co>
-Date: Tue, 1 Apr 2014 11:51:13 -0700
-Subject: [PATCH] fix(google-daemon): use * for the passwd not !
-
-useradd defaults to using ! as the "locked" password marker.
-Unfortunatly, openssh interprets this to mean that it shouldn't let the
-user in via ssh if PAM is missing. Work around this by using the *
-marker which also means locked but is allowed by openssh.
----
- google-daemon/usr/share/google/google_daemon/utils.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/google-daemon/usr/share/google/google_daemon/utils.py b/google-daemon/usr/share/google/google_daemon/utils.py
-index 0f17f34..371034d 100755
---- a/google-daemon/usr/share/google/google_daemon/utils.py
-+++ b/google-daemon/usr/share/google/google_daemon/utils.py
-@@ -69,7 +69,7 @@ class System(object):
-   def UserAdd(self, user, groups):
-     logging.info('Creating account %s', user)
-     result = self.RunCommand([
--        '/usr/sbin/useradd', user, '-m', '-s', '/bin/bash', '-G',
-+        '/usr/sbin/useradd', user, '-m', '-s', '/bin/bash', '-p', '*', '-G',
-         ','.join(groups)])
-     if self.RunCommandFailed(result, 'Could not create user %s', user):
-       return False
--- 
-1.8.5.2 (Apple Git-48)
-
diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-hack-address_manager-use-CoreOS-names-and-locations.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0002-Use-ens4v1-instead-of-eth0.patch
similarity index 61%
rename from sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-hack-address_manager-use-CoreOS-names-and-locations.patch
rename to sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0002-Use-ens4v1-instead-of-eth0.patch
index adafdf9769..7015e7c1e5 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0001-hack-address_manager-use-CoreOS-names-and-locations.patch
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/files/0002-Use-ens4v1-instead-of-eth0.patch
@@ -1,16 +1,16 @@
-From 265f951bc8d55bfb988050dda6332511b58e72e8 Mon Sep 17 00:00:00 2001
-From: Brandon Philips <brandon@ifup.co>
-Date: Tue, 1 Apr 2014 15:18:20 -0700
-Subject: [PATCH] hack(address_manager): use CoreOS names and locations
+From 1eff70fe7f0083d7aee76e18c89e92fce278a57a Mon Sep 17 00:00:00 2001
+From: Alex Crawford <alex.crawford@coreos.com>
+Date: Tue, 10 May 2016 14:45:16 -0700
+Subject: [PATCH 2/3] Use ens4v1 instead of eth0
 
-ip is in /usr/bin/ip and the network interface is ens4v1 via
-http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
+The network interface under systemd is ens4v1
+(http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/).
 ---
- .../share/google/google_daemon/address_manager.py  | 24 +++++++++++-----------
- 1 file changed, 12 insertions(+), 12 deletions(-)
+ .../share/google/google_daemon/address_manager.py  | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
 
 diff --git a/google-daemon/usr/share/google/google_daemon/address_manager.py b/google-daemon/usr/share/google/google_daemon/address_manager.py
-index 1b3997c..568720d 100644
+index 7a0e911..ba3be6e 100644
 --- a/google-daemon/usr/share/google/google_daemon/address_manager.py
 +++ b/google-daemon/usr/share/google/google_daemon/address_manager.py
 @@ -15,16 +15,16 @@
@@ -33,18 +33,18 @@ index 1b3997c..568720d 100644
  """
  
  
-@@ -103,8 +103,8 @@ class AddressManager(object):
+@@ -106,8 +106,8 @@ class AddressManager(object):
      return self.ParseIPAddrs(addrs_data)
  
    def ReadLocalConfiguredAddrs(self):
 -    """Fetch list of addresses we've configured on eth0 already."""
--    cmd = ('/sbin/ip route ls table local type local dev eth0 scope host ' +
+-    cmd = ('{0} route ls table local type local dev eth0 scope host ' +
 +    """Fetch list of addresses we've configured on ens4v1 already."""
-+    cmd = ('/usr/bin/ip route ls table local type local dev ens4v1 scope host ' +
-            'proto %d' % GOOGLE_PROTO_ID)
++    cmd = ('{0} route ls table local type local dev ens4v1 scope host ' +
+            'proto {1:d}').format(self.ip_path, GOOGLE_PROTO_ID)
      result = self.system.RunCommand(cmd.split())
      if self.IPCommandFailed(result, cmd):
-@@ -132,27 +132,27 @@ class AddressManager(object):
+@@ -135,27 +135,27 @@ class AddressManager(object):
              to_remove or None))
  
    def AddAddresses(self, to_add):
@@ -55,10 +55,10 @@ index 1b3997c..568720d 100644
  
    def AddOneAddress(self, addr):
 -    """Configure one address on eth0."""
--    cmd = '/sbin/ip route add to local %s/32 dev eth0 proto %d' % (
+-    cmd = '%s route add to local %s/32 dev eth0 proto %d' % (
 +    """Configure one address on ens4v1."""
-+    cmd = '/usr/bin/ip route add to local %s/32 dev ens4v1 proto %d' % (
-         addr, GOOGLE_PROTO_ID)
++    cmd = '%s route add to local %s/32 dev ens4v1 proto %d' % (
+         self.ip_path, addr, GOOGLE_PROTO_ID)
      result = self.system.RunCommand(cmd.split())
      self.IPCommandFailed(result, cmd)  # Ignore return code
  
@@ -73,20 +73,11 @@ index 1b3997c..568720d 100644
 +    """Delete one address from ens4v1."""
      # This will fail if it doesn't match exactly the specs listed.
      # That'll help ensure we don't remove one added by someone else.
--    cmd = '/sbin/ip route delete to local %s/32 dev eth0 proto %d' % (
-+    cmd = '/usr/bin/ip route delete to local %s/32 dev ens4v1 proto %d' % (
-         addr, GOOGLE_PROTO_ID)
+-    cmd = '%s route delete to local %s/32 dev eth0 proto %d' % (
++    cmd = '%s route delete to local %s/32 dev ens4v1 proto %d' % (
+         self.ip_path, addr, GOOGLE_PROTO_ID)
      result = self.system.RunCommand(cmd.split())
      self.IPCommandFailed(result, cmd)  # Ignore return code
-@@ -168,7 +168,7 @@ class AddressManager(object):
-     return addrs
- 
-   def IPCommandFailed(self, result, cmd):
--    """If an /sbin/ip command failed, log and return True."""
-+    """If an /usr/bin/ip command failed, log and return True."""
-     if self.system.RunCommandFailed(
-         result, 'Non-zero exit status from: "%s"' % cmd):
-       return True
 -- 
-1.8.5.2 (Apple Git-48)
+2.7.3
 
diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/google-compute-daemon-1.1.1-r4.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/google-compute-daemon-1.3.2.ebuild
similarity index 52%
rename from sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/google-compute-daemon-1.1.1-r4.ebuild
rename to sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/google-compute-daemon-1.3.2.ebuild
index 5aed0446a6..140efa6526 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/google-compute-daemon-1.1.1-r4.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-daemon/google-compute-daemon-1.3.2.ebuild
@@ -19,13 +19,11 @@ RDEPEND="dev-lang/python-oem"
 S="${WORKDIR}"
 
 src_prepare() {
-	epatch "${FILESDIR}"/0001-Fixes-authorized_keys-file-permissions.patch
-	epatch "${FILESDIR}"/0001-fix-google-daemon-use-for-the-passwd-not.patch
-	epatch "${FILESDIR}"/0001-hack-address_manager-use-CoreOS-names-and-locations.patch
-	epatch "${FILESDIR}"/0001-feat-accounts-add-users-to-the-sudo-and-docker-group.patch
+	epatch "${FILESDIR}/0001-Add-users-to-docker-group-by-default.patch"
+	epatch "${FILESDIR}/0002-Use-ens4v1-instead-of-eth0.patch"
 }
 
 src_install() {
-	mkdir -p ${D}/usr/share/oem/google-compute-daemon/
-	cp -Ra ${WORKDIR}/usr/share/google/google_daemon/. ${D}/usr/share/oem/google-compute-daemon/ || die
+	insinto "/usr/share/oem/google-compute-daemon/"
+	doins -r "${S}/usr/share/google/google_daemon/."
 }