From 6ad086ff60cb54d9d72aa9a11d76566c881330c4 Mon Sep 17 00:00:00 2001
From: David Michael <david.michael@coreos.com>
Date: Wed, 7 Mar 2018 17:57:16 -0500
Subject: [PATCH 1/2] profiles: Bump libseccomp to 2.3.3

---
 .../profiles/coreos/base/package.accept_keywords              | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
index e8f914d942..e72788566e 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
@@ -43,8 +43,8 @@ dev-util/checkbashisms
 # xfsprogs 4.5.0 has install conflicts, and versions in between fail to link
 =sys-fs/xfsprogs-4.9.0 **
 
-# systemd v233 requires libseccomp 2.3.1
-=sys-libs/libseccomp-2.3.1 **
+# systemd v238 requires libseccomp 2.3.3
+=sys-libs/libseccomp-2.3.3 **
 
 # All versions are ~amd64 and not enabled on arm64
 =sys-apps/nvme-cli-1.1 **

From e4fd6d02b552894a610d9fcab386d6aa8223beae Mon Sep 17 00:00:00 2001
From: David Michael <david.michael@coreos.com>
Date: Wed, 7 Mar 2018 18:56:51 -0500
Subject: [PATCH 2/2] sys-apps/systemd: Sync and bump to 238

Note systemd itself only depends on libseccomp 2.3.1, but Gentoo's
ebuild is using 2.3.3 at minimum, so this uses that instead.
---
 ...stemd-237-r1.ebuild => systemd-238.ebuild} |  0
 .../sys-apps/systemd/systemd-9999.ebuild      | 24 +++++++++----------
 2 files changed, 11 insertions(+), 13 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/{systemd-237-r1.ebuild => systemd-238.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-237-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-238.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-237-r1.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-238.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
index 3ac349ca29..bc60fe748d 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
@@ -10,7 +10,7 @@ if [[ ${PV} == 9999 ]]; then
 	# Use ~arch instead of empty keywords for compatibility with cros-workon
 	KEYWORDS="~amd64 ~arm64 ~arm ~x86"
 else
-	CROS_WORKON_COMMIT="26a2f8c6f74d2b12b0b31610c35f48148c3e4264" # v237-coreos
+	CROS_WORKON_COMMIT="dd42d3d148eef87f65666199c85905308a95bc53" # v238-coreos
 	KEYWORDS="~alpha amd64 ~arm arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86"
 fi
 
@@ -64,7 +64,7 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
 	pam? ( virtual/pam:=[${MULTILIB_USEDEP}] )
 	pcre? ( dev-libs/libpcre2 )
 	qrcode? ( media-gfx/qrencode:0= )
-	seccomp? ( >=sys-libs/libseccomp-2.3.1:0= )
+	seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
 	selinux? ( sys-libs/libselinux:0= )
 	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
 	abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
@@ -232,7 +232,7 @@ multilib_src_configure() {
 		-Ddbus=$(meson_multilib_native_use test)
 		-Dxkbcommon=$(meson_multilib_native_use xkb)
 		# hardcode a few paths to spare some deps
-		-Dpath-kill=/bin/kill
+		-Dkill-path=/bin/kill
 		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
 		# Breaks screen, tmux, etc.
 		-Ddefault-kill-user-processes=false
@@ -261,6 +261,9 @@ multilib_src_configure() {
 
 		### CoreOS options
 
+		# Upstream systemd recommends distros explicitly set this
+		-Dsplit-bin=true
+
 		# Specify this, or meson breaks due to no /etc/login.defs
 		-Dsystem-gid-max=999
 		-Dsystem-uid-max=999
@@ -327,17 +330,12 @@ multilib_src_install_all() {
 
 	einstalldocs
 
-	if use sysv-utils; then
-		local app
-		for app in halt poweroff reboot runlevel shutdown telinit; do
-			dosym ../bin/systemctl /sbin/${app}
-		done
-		dosym ../lib/systemd/systemd /sbin/init
-	else
-		# we just keep sysvinit tools, so no need for the mans
-		rm "${ED%/}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
-			|| die
+	if ! use sysv-utils; then
+		local rootprefix=$(usex usrmerge /usr '')
+		rm "${ED%/}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
+		rmdir "${ED%/}${rootprefix}"/sbin || die
 		rm "${ED%/}"/usr/share/man/man1/init.1 || die
+		rm "${ED%/}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
 	fi
 
 	local udevdir=/lib/udev