From c04efd7f221d01516fb9ac351937d96853db0a7b Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <sayan@kinvolk.io>
Date: Mon, 7 Sep 2020 18:57:28 +0530
Subject: [PATCH 1/5] sys-apps/systemd: Bump to v246.6

Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
Signed-off-by: Krzesimir Nowak <krzesimir@kinvolk.io>
---
 ...stemd-245-r3.ebuild => systemd-246.ebuild} |  0
 .../sys-apps/systemd/systemd-9999.ebuild      | 33 ++++++++++++++-----
 2 files changed, 24 insertions(+), 9 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/{systemd-245-r3.ebuild => systemd-246.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-245-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-246.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-245-r3.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-246.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
index 1c85c33a2d..aefba443c4 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
@@ -1,8 +1,9 @@
 # Copyright 2011-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-# Flatcar: Based on systemd-245.5.ebuild from commit
-# 960277ffec44c6245e1ae16b3b36fed9d76496b1 in gentoo repo.
+# Flatcar: Based on systemd-246-r1.ebuild from commit
+# 431a568d06963207495c099b5a64f85442017507 in gentoo repo (see
+# https://gitweb.gentoo.org/repo/gentoo.git/plain/sys-apps/systemd/systemd-246-r1.ebuild?id=431a568d06963207495c099b5a64f85442017507).
 
 EAPI=7
 
@@ -16,8 +17,8 @@ if [[ ${PV} == 9999 ]]; then
 	KEYWORDS="~amd64 ~arm64 ~arm ~x86"
 else
 	# Flatcar: Use cros setup
-	CROS_WORKON_COMMIT="d5568ff804c2bda9a3869aa249bb6300aa3be7dd" # v245-flatcar
-	KEYWORDS="~alpha amd64 ~arm arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+	CROS_WORKON_COMMIT="5b1ed0e98a8a8225dc3f662483287a380643ab96" # v246-flatcar
+	KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
 fi
 
 # Flatcar: We still have python 3.5, and have no python3.8 yet.
@@ -39,7 +40,7 @@ SLOT="0/2"
 # Flatcar: Dropped cgroup-hybrid. We use legacy hierarchy by default
 # to keep docker working. Dropped static-libs, we don't care about
 # static libraries.
-IUSE="acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux +split-usr ssl +sysv-utils test vanilla xkb"
+IUSE="acl apparmor audit build cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux +split-usr ssl +sysv-utils test vanilla xkb"
 
 REQUIRED_USE="
 	homed? ( cryptsetup )
@@ -58,6 +59,7 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
 	audit? ( >=sys-process/audit-2:0= )
 	cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
 	curl? ( net-misc/curl:0= )
+	dns-over-tls? ( >=net-libs/gnutls-3.6.0:0= )
 	elfutils? ( >=dev-libs/elfutils-0.158:0= )
 	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
 	homed? ( ${OPENSSL_DEP} )
@@ -135,7 +137,7 @@ pkg_pretend() {
 		local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
 			~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
 			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
-			~TIMERFD ~TMPFS_XATTR ~UNIX
+			~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
 			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
 			~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
 			~!SYSFS_DEPRECATED_V2"
@@ -179,6 +181,10 @@ src_prepare() {
 	# Flatcar: We don't have separate patches, so no patching code here.
 	#
 	# Flatcar: Use the resolv.conf managed by systemd-resolved.
+	# This shouldn't be necessary anymore. Added because of a bug
+	# https://github.com/systemd/systemd/issues/3826, which is
+	# apparently resolved in
+	# https://github.com/systemd/systemd/pull/5276.
 	sed -i -e 's,/run/systemd/resolve/stub-resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/etc.conf.m4 || die
 
 	default
@@ -433,16 +439,25 @@ multilib_src_install_all() {
 	# Flatcar: getty@.service is enabled manually below.
 	systemd_enable_service sysinit.target systemd-timesyncd.service
 	systemd_enable_service multi-user.target systemd-networkd.service
-	# For systemd-networkd.service, it has it in Also, which also
+	# Flatcar: For systemd-networkd.service, it has it in Also, which also
 	# needs to be enabled
 	systemd_enable_service sockets.target systemd-networkd.socket
-	# For systemd-networkd.service, it has it in Also, which also
+	# Flatcar: For systemd-networkd.service, it has it in Also, which also
 	# needs to be enabled
 	systemd_enable_service network-online.target systemd-networkd-wait-online.service
 	systemd_enable_service multi-user.target systemd-resolved.service
+	if use homed; then
+		systemd_enable_service multi-user.target systemd-homed.target
+		# Flatcar: systemd-homed.target has
+		# Also=systemd-userdbd.service, but the service has no
+		# WantedBy entry. It's likely going to be executed through
+		# systemd-userdbd.socket, which is enabled in upstream's
+		# presets file.
+		systemd_enable_service sockets.target systemd-userdbd.socket
+	fi
+	systemd_enable_service sysinit.target systemd-pstore.service
 	# Flatcar: not enabling reboot.target - it has no WantedBy
 	# entry.
-	systemd_enable_service remount-fs.target systemd-pstore.service
 
 	# Flatcar: Enable getty manually.
 	mkdir --parents "${ED}/usr/lib/systemd/system/getty.target.wants"

From 4e86e2c3aac1578220eb677e78a9c75e30287b14 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <krzesimir@kinvolk.io>
Date: Mon, 28 Sep 2020 17:46:31 +0200
Subject: [PATCH 2/5] sys-apps/systemd: Drop the resolv.conf workaround

This was to work around an issue
https://github.com/systemd/systemd/issues/3826, which is now resolved
in https://github.com/systemd/systemd/pull/5276.
---
 .../coreos-overlay/sys-apps/systemd/systemd-9999.ebuild   | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
index aefba443c4..4b2315117e 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
@@ -179,14 +179,6 @@ src_unpack() {
 
 src_prepare() {
 	# Flatcar: We don't have separate patches, so no patching code here.
-	#
-	# Flatcar: Use the resolv.conf managed by systemd-resolved.
-	# This shouldn't be necessary anymore. Added because of a bug
-	# https://github.com/systemd/systemd/issues/3826, which is
-	# apparently resolved in
-	# https://github.com/systemd/systemd/pull/5276.
-	sed -i -e 's,/run/systemd/resolve/stub-resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/etc.conf.m4 || die
-
 	default
 }
 

From 0d1f86c398c90a7abe5222b8984674ddb8acd521 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <krzesimir@kinvolk.io>
Date: Fri, 11 Sep 2020 22:09:36 +0200
Subject: [PATCH 3/5] sys-apps/baselayout: Initialize the user/group database
 earlier

systemd-tmpfiles in systemd v246 requires the user/group databases in
the custom root if it gets passed with --root flag. This requires a
new version of baselayout to be pulled, so do so.
---
 ...layout-3.6.7.ebuild => baselayout-3.6.8.ebuild} |  0
 .../sys-apps/baselayout/baselayout-9999.ebuild     | 14 ++++++++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/{baselayout-3.6.7.ebuild => baselayout-3.6.8.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-3.6.7.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-3.6.8.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-3.6.7.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-3.6.8.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild
index 69c609204a..9f8077bb4d 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild
@@ -9,7 +9,7 @@ CROS_WORKON_REPO="git://github.com"
 if [[ "${PV}" == 9999 ]]; then
 	KEYWORDS="~amd64 ~arm ~arm64 ~x86"
 else
-	CROS_WORKON_COMMIT="b67c163348c69b7c02dac1bb087b1a15cf21afa7"  # flatcar-master
+	CROS_WORKON_COMMIT="df037edbeab79c38caed61f48dec7a00e764e20e" # flatcar-master
 	KEYWORDS="amd64 arm arm64 x86"
 fi
 
@@ -113,6 +113,17 @@ src_install() {
 	for sym in "${!LIB_SYMS[@]}" ; do
 		dosym "${LIB_SYMS[$sym]}" "${sym}"
 	done
+
+	if use cros_host; then
+		# We assume that SDK already has the user and group database.
+		:
+	else
+		# Initialize /etc/passwd, group, and friends now, so
+		# systemd-tmpfiles can resolve user information in ${D}
+		# rootfs.
+		bash "scripts/flatcar-tmpfiles" "${D}" "${S}/baselayout" || die
+	fi
+
 	if use symlink-usr; then
 		systemd_dotmpfilesd "${T}/baselayout-usr.conf"
 		systemd-tmpfiles --root="${D}" --create
@@ -181,7 +192,6 @@ src_install() {
 			"${D}"/usr/lib/tmpfiles.d/baselayout-etc.conf || die
 
 		# Initialize /etc/passwd, group, and friends on boot.
-		bash "scripts/flatcar-tmpfiles" "${D}" || die
 		dosbin "scripts/flatcar-tmpfiles"
 		systemd_dounit "scripts/flatcar-tmpfiles.service"
 		systemd_enable_service sysinit.target flatcar-tmpfiles.service

From fee62916abcd889925f72ca038b869f4191e33f2 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <krzesimir@kinvolk.io>
Date: Fri, 11 Sep 2020 22:10:52 +0200
Subject: [PATCH 4/5] sys-kernel/bootengine: Bump to include the fix for
 systemd v246 change in tmpfiles

---
 ...{bootengine-0.0.38-r7.ebuild => bootengine-0.0.38-r8.ebuild} | 0
 .../coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild | 2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/{bootengine-0.0.38-r7.ebuild => bootengine-0.0.38-r8.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r7.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r8.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r7.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r8.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild
index 42851e19bc..cad7262d85 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild
@@ -10,7 +10,7 @@ CROS_WORKON_REPO="git://github.com"
 if [[ "${PV}" == 9999 ]]; then
 	KEYWORDS="~amd64 ~arm ~arm64 ~x86"
 else
-	CROS_WORKON_COMMIT="45a62e85b7c40e322bd814ce324e5c330e654ce0"  # flatcar-master
+	CROS_WORKON_COMMIT="acfe1b9b78c5596a00693a57ddaafb9d13e1019e" # flatcar-master
 	KEYWORDS="amd64 arm arm64 x86"
 fi
 

From e927458503f4a600db5c941a65fcc64d3b88008f Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <krzesimir@kinvolk.io>
Date: Tue, 29 Sep 2020 12:28:14 +0200
Subject: [PATCH 5/5] sys-apps/baselayout: Drop the compatibility hack

This change was introduced over 6 years ago. No one should be using
such old SDKs now.
---
 .../coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild  | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild
index 9f8077bb4d..bee39d7ea3 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild
@@ -173,9 +173,6 @@ src_install() {
 		mv "${D}"/usr/lib/modprobe.d "${D}"/lib/modprobe.d || die
 	fi
 
-	# For compatibility with older SDKs which use 1000 for the core user.
-	fowners -R 500:500 /home/core || die
-
 	if use arm64; then
 		sed -i 's/ sss//' "${D}"/usr/share/baselayout/nsswitch.conf || die
 	fi