mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-11-06 19:22:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

overlay sys-apps/systemd: Some cleanups and diff minimization

Browse Source 
- Drop unused systemd-256.9 ebuild.

- Drop unused patches and regenerate the rest.

- Pull in a patch from Gentoo.

- Drop Flatcar modifications related to split-usr. We kept those
  because SDK used to use split-dir.

- Drop meson options related to quota utilities - the values we
  specified were the same as systemd's defaults.

- Disable LLMNR and DNSSEC by default - we are disabling it with
  drop-ins in the init repo. We probably could just drop them.

- Preserved keepdir for directories inside /usr and /var. For the
  latter, dropped the related entries from our tmpfiles - we are
  generating tmpfiles for directories inside /var during image build.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
This commit is contained in:
Krzesimir Nowak 2025-10-17 11:32:42 +02:00
parent 2aaa758cc9
commit 2596960fa2
17 changed files with 167 additions and 2589 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest vendored
View File

@ -1,2 +1 @@
DIST systemd-256.9.tar.gz 15774953 BLAKE2B caeff33d0906583094a44ab89fe9a9c1832a665f8cc768f86c55c5100bdd5c2b1500b2cd65e9519ef21d79bff92d1da3e84240793099a0e0c508afba3669c46e SHA512 aba7a0f7149fe3d28d9f930f244d5b997c28721e93e6f0768b0f0f1c918c87a0e8b7b347cffb2faa4740ca3ee3b04984454e85757365090a2cf32aba09f70681
DIST systemd-257.7.tar.gz 16327096 BLAKE2B 59a28ce9b355b98f718f26489400640f3d732bbf73c00ea0571302dfc6dfb3585bf07ec56af06d74c5aa033b06a6220c3c839af6dba5ab7f8bde1aef4b58f0f6 SHA512 fdc7c0153432b261ad8018c869dc714ce1d6d2a8428bdec46f7c5f120b196d3a553a375ae433f0c166c57b6e8b3c56549f585349b7b6ff83c2a86a32982d8411

10
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-wait-online-set-any-by-default.patch vendored
View File

@ -1,7 +1,7 @@
From 98cbd0a4576464478f0f9fcd2066efc08bef9491 Mon Sep 17 00:00:00 2001
From e228bd8a939e77f4ebc37aa029f8a89e8b9d4807 Mon Sep 17 00:00:00 2001
From: David Michael <dm0@redhat.com>
Date: Tue, 16 Apr 2019 02:44:51 +0000
Subject: [PATCH 1/8] wait-online: set --any by default
Subject: [PATCH 1/7] wait-online: set --any by default
The systemd-networkd-wait-online command would normally continue
waiting after a network interface is usable if other interfaces are
@ -15,12 +15,12 @@ earlier) for the original implementation.
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/network/wait-online/wait-online.c b/src/network/wait-online/wait-online.c
index 5328bba2d8..95294df607 100644
index 6f5aef903a..0acb3e76b9 100644
--- a/src/network/wait-online/wait-online.c
+++ b/src/network/wait-online/wait-online.c
@@ -21,7 +21,7 @@ static Hashmap *arg_interfaces = NULL;
static char **arg_ignore = NULL;
static LinkOperationalStateRange arg_required_operstate = { _LINK_OPERSTATE_INVALID, _LINK_OPERSTATE_INVALID };
static LinkOperationalStateRange arg_required_operstate = LINK_OPERSTATE_RANGE_INVALID;
static AddressFamily arg_required_family = ADDRESS_FAMILY_NO;
-static bool arg_any = false;
+static bool arg_any = true;
@ -28,5 +28,5 @@ index 5328bba2d8..95294df607 100644
STATIC_DESTRUCTOR_REGISTER(arg_interfaces, hashmap_free_free_freep);
STATIC_DESTRUCTOR_REGISTER(arg_ignore, strv_freep);
--
2.34.1
2.51.0

16
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0003-needs-update-don-t-require-strictly-newer-usr.patch → sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-needs-update-don-t-require-strictly-newer-usr.patch vendored
View File

@ -1,7 +1,7 @@
From 0be1b5367c24427e3285d33fb87aa4acdf3c4dce Mon Sep 17 00:00:00 2001
From b8139561768e6745405461e1a765b262ece8f959 Mon Sep 17 00:00:00 2001
From: Alex Crawford <alex.crawford@coreos.com>
Date: Wed, 2 Mar 2016 10:46:33 -0800
Subject: [PATCH 3/8] needs-update: don't require strictly newer usr
Subject: [PATCH 2/7] needs-update: don't require strictly newer usr
Updates should be triggered whenever usr changes, not only when it is newer.
---
@ -10,7 +10,7 @@ Updates should be triggered whenever usr changes, not only when it is newer.
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/man/systemd-update-done.service.xml b/man/systemd-update-done.service.xml
index 3393010ff6..5478baca25 100644
index 6b863ecff3..c166c5e7ab 100644
--- a/man/systemd-update-done.service.xml
+++ b/man/systemd-update-done.service.xml
@@ -50,7 +50,7 @@
@ -23,10 +23,10 @@ index 3393010ff6..5478baca25 100644
This requires that updates to <filename>/usr/</filename> are always
followed by an update of the modification time of
diff --git a/src/shared/condition.c b/src/shared/condition.c
index d3446e8a9d..3f7cc9ea58 100644
index 1a03fdbe37..8577c35fa0 100644
--- a/src/shared/condition.c
+++ b/src/shared/condition.c
@@ -793,7 +793,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
@@ -796,7 +796,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
* First, compare seconds as they are always accurate...
*/
if (usr.st_mtim.tv_sec != other.st_mtim.tv_sec)
@ -35,7 +35,7 @@ index d3446e8a9d..3f7cc9ea58 100644
/*
* ...then compare nanoseconds.
@@ -804,7 +804,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
@@ -807,7 +807,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
* (otherwise the filesystem supports nsec timestamps, see stat(2)).
*/
if (usr.st_mtim.tv_nsec == 0 || other.st_mtim.tv_nsec > 0)
@ -44,7 +44,7 @@ index d3446e8a9d..3f7cc9ea58 100644
_cleanup_free_ char *timestamp_str = NULL;
r = parse_env_file(NULL, p, "TIMESTAMP_NSEC", &timestamp_str);
@@ -824,7 +824,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
@@ -827,7 +827,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
return true;
}
@ -54,5 +54,5 @@ index d3446e8a9d..3f7cc9ea58 100644
static bool in_first_boot(void) {
--
2.34.1
2.51.0

18
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-core-use-max-for-DefaultTasksMax.patch → sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0003-core-use-max-for-DefaultTasksMax.patch vendored
View File

@ -1,7 +1,7 @@
From d21ebfcf17ffc1dba635389193f10d2b93eba730 Mon Sep 17 00:00:00 2001
From f5635c6b5153d894cf1bf6dca92219150d4252d5 Mon Sep 17 00:00:00 2001
From: Adrian Vladu <avladu@cloudbasesolutions.com>
Date: Fri, 16 Feb 2024 11:22:08 +0000
Subject: [PATCH 4/8] core: use max for DefaultTasksMax
Subject: [PATCH 3/7] core: use max for DefaultTasksMax
Since systemd v228, systemd has a DefaultTasksMax which defaulted
to 512, later 15% of the system's maximum number of PIDs. This
@ -21,10 +21,10 @@ Signed-off-by: Adrian Vladu <avladu@cloudbasesolutions.com>
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
index 3c06b65f93..71f38692b6 100644
index f7b414da5c..9c07e235ab 100644
--- a/man/systemd-system.conf.xml
+++ b/man/systemd-system.conf.xml
@@ -501,7 +501,7 @@
@@ -230,7 +230,7 @@
<listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for details. This setting applies to all unit types that support resource control settings, with the exception
@ -34,10 +34,10 @@ index 3c06b65f93..71f38692b6 100644
Kernel has a default value for <varname>kernel.pid_max=</varname> and an algorithm of counting in case of more than 32 cores.
For example, with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 4915,
diff --git a/src/core/manager.c b/src/core/manager.c
index 88eebfc626..8992c8c3e3 100644
index 4ccaba9054..3ab59c5bb3 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -114,7 +114,7 @@
@@ -117,7 +117,7 @@
/* How many units and jobs to process of the bus queue before returning to the event loop. */
#define MANAGER_BUS_MESSAGE_BUDGET 100U
@ -47,10 +47,10 @@ index 88eebfc626..8992c8c3e3 100644
static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
index 05eb681270..94d0365244 100644
index 1c08aa4d22..2faea3605e 100644
--- a/src/core/system.conf.in
+++ b/src/core/system.conf.in
@@ -58,7 +58,7 @@
@@ -59,7 +59,7 @@
#DefaultIPAccounting=no
#DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }}
#DefaultTasksAccounting=yes
@ -60,5 +60,5 @@ index 05eb681270..94d0365244 100644
#DefaultLimitFSIZE=
#DefaultLimitDATA=
--
2.34.1
2.51.0

8
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-systemd-Disable-SELinux-permissions-checks.patch → sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-systemd-Disable-SELinux-permissions-checks.patch vendored
View File

@ -1,7 +1,7 @@
From 374cca5b2f9aea1c506352cf58b09db5c216a0d3 Mon Sep 17 00:00:00 2001
From f55e6415307ce77b3376a2bf9cc96b924c6ec52e Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Tue, 20 Dec 2016 16:43:22 +0000
Subject: [PATCH 5/8] systemd: Disable SELinux permissions checks
Subject: [PATCH 4/7] systemd: Disable SELinux permissions checks
We don't care about the interaction between systemd and SELinux policy, so
let's just disable these checks rather than having to incorporate policy
@ -12,7 +12,7 @@ to limit containers and not anything running directly on the host.
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
index 62181a6309..448f9211d6 100644
index a67a520a3b..3365b920eb 100644
--- a/src/core/selinux-access.c
+++ b/src/core/selinux-access.c
@@ -2,7 +2,7 @@
@ -25,5 +25,5 @@ index 62181a6309..448f9211d6 100644
#include <errno.h>
#include <selinux/avc.h>
--
2.34.1
2.51.0

7
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin-257.patch → sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch vendored
View File

@ -1,7 +1,7 @@
From bffb2a48796a2736d7fb7328d2a88b1cbb812b12 Mon Sep 17 00:00:00 2001
From cf500f14557926259b58ee641fffb38b707494d6 Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <schowdhury@microsoft.com>
Date: Fri, 16 Dec 2022 16:28:26 +0530
Subject: [PATCH 6/8] Revert "getty: Pass tty to use by agetty via stdin"
Subject: [PATCH 5/7] Revert "getty: Pass tty to use by agetty via stdin"
This reverts commit b4bf9007cbee7dc0b1356897344ae2a7890df84c.
@ -90,3 +90,6 @@ index 20a5eb2754..ba4cbc0edb 100644
TTYPath=/dev/%I
TTYReset=yes
TTYVHangup=yes
--
2.51.0

95
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch vendored
View File

@ -1,95 +0,0 @@
From bffb2a48796a2736d7fb7328d2a88b1cbb812b12 Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <schowdhury@microsoft.com>
Date: Fri, 16 Dec 2022 16:28:26 +0530
Subject: [PATCH 6/8] Revert "getty: Pass tty to use by agetty via stdin"
This reverts commit b4bf9007cbee7dc0b1356897344ae2a7890df84c.
This is to work around a SELinux denial that happens when setting up standard
input for serial consoles (which is used for SSH connections).
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
---
units/console-getty.service.in | 4 +---
units/container-getty@.service.in | 4 +---
units/getty@.service.in | 4 +---
units/serial-getty@.service.in | 4 +---
4 files changed, 4 insertions(+), 12 deletions(-)
diff --git a/units/console-getty.service.in b/units/console-getty.service.in
index d64112be5e..b908708d8c 100644
--- a/units/console-getty.service.in
+++ b/units/console-getty.service.in
@@ -22,12 +22,10 @@ ConditionPathExists=/dev/console
[Service]
# The '-o' option value tells agetty to replace 'login' arguments with an option to preserve environment (-p),
# followed by '--' for safety, and then the entered username.
-ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud - 115200,38400,9600 $TERM
+ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud console 115200,38400,9600 $TERM
Type=idle
Restart=always
UtmpIdentifier=cons
-StandardInput=tty
-StandardOutput=tty
TTYPath=/dev/console
TTYReset=yes
TTYVHangup=yes
diff --git a/units/container-getty@.service.in b/units/container-getty@.service.in
index 8847d735fb..8be25663f5 100644
--- a/units/container-getty@.service.in
+++ b/units/container-getty@.service.in
@@ -27,13 +27,11 @@ Before=rescue.service
[Service]
# The '-o' option value tells agetty to replace 'login' arguments with an option to preserve environment (-p),
# followed by '--' for safety, and then the entered username.
-ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear - $TERM
+ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud pts/%I 115200,38400,9600 $TERM
Type=idle
Restart=always
RestartSec=0
UtmpIdentifier=pts/%I
-StandardInput=tty
-StandardOutput=tty
TTYPath=/dev/pts/%I
TTYReset=yes
TTYVHangup=yes
diff --git a/units/getty@.service.in b/units/getty@.service.in
index 80b8f3e922..b57666c123 100644
--- a/units/getty@.service.in
+++ b/units/getty@.service.in
@@ -38,13 +38,11 @@ ConditionPathExists=/dev/tty0
# The '-o' option value tells agetty to replace 'login' arguments with an
# option to preserve environment (-p), followed by '--' for safety, and then
# the entered username.
-ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear - $TERM
+ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear %I $TERM
Type=idle
Restart=always
RestartSec=0
UtmpIdentifier=%I
-StandardInput=tty
-StandardOutput=tty
TTYPath=/dev/%I
TTYReset=yes
TTYVHangup=yes
diff --git a/units/serial-getty@.service.in b/units/serial-getty@.service.in
index 6bf101eac9..479b8759a9 100644
--- a/units/serial-getty@.service.in
+++ b/units/serial-getty@.service.in
@@ -33,12 +33,10 @@ Before=rescue.service
# The '-o' option value tells agetty to replace 'login' arguments with an
# option to preserve environment (-p), followed by '--' for safety, and then
# the entered username.
-ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,57600,38400,9600 - $TERM
+ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,57600,38400,9600 %I $TERM
Type=idle
Restart=always
UtmpIdentifier=%I
-StandardInput=tty
-StandardOutput=tty
TTYPath=/dev/%I
TTYReset=yes
TTYVHangup=yes
--
2.34.1

16
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-units-Keep-using-old-journal-file-format.patch → sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-units-Keep-using-old-journal-file-format.patch vendored
View File

@ -1,7 +1,7 @@
From 6a4c6f97742afc9ca5de40335b2d041095990aa2 Mon Sep 17 00:00:00 2001
From 1bf0301376df8e82593efccb80cd4e43638666c0 Mon Sep 17 00:00:00 2001
From: Adrian Vladu <avladu@cloudbasesolutions.com>
Date: Fri, 16 Feb 2024 11:29:04 +0000
Subject: [PATCH 7/8] units: Keep using old journal file format
Subject: [PATCH 6/7] units: Keep using old journal file format
Systemd 252 made an incompatible change in journal file format. Temporarily
force journald to use the old journal format to give logging containers more
@ -14,22 +14,22 @@ Signed-off-by: Adrian Vladu <avladu@cloudbasesolutions.com>
2 files changed, 2 insertions(+)
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index 37eeabc510..e5030a81bd 100644
index 4404af963b..323af7cfb0 100644
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@@ -27,6 +27,7 @@ IgnoreOnIsolate=yes
@@ -30,6 +30,7 @@ IgnoreOnIsolate=yes
[Service]
DeviceAllow=char-* rw
+Environment=SYSTEMD_JOURNAL_COMPACT=0
ExecStart={{LIBEXECDIR}}/systemd-journald
FileDescriptorStoreMax=4224
IPAddressDeny=any
# Ensure services using StandardOutput=journal do not break when journald is stopped
diff --git a/units/systemd-journald@.service.in b/units/systemd-journald@.service.in
index c3bcb08533..8780783cf6 100644
index b705ce08ff..874701dac4 100644
--- a/units/systemd-journald@.service.in
+++ b/units/systemd-journald@.service.in
@@ -21,6 +21,7 @@ Conflicts=soft-reboot.target
@@ -16,6 +16,7 @@ After=systemd-journald@%i.socket systemd-journald-varlink@%i.socket
[Service]
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
DevicePolicy=closed
@ -38,5 +38,5 @@ index c3bcb08533..8780783cf6 100644
FileDescriptorStoreMax=4224
Group=systemd-journal
--
2.34.1
2.51.0

8
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0009-initrd-parse-etc.service.patch → sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-Revert-Revert-initrd-parse-etc-override-argv-0-to-av.patch vendored
View File

@ -1,8 +1,8 @@
From 65e3f4e837001f6f00359a779b6c5801566aa750 Mon Sep 17 00:00:00 2001
From 93775241c5f873a5862c2e7b06532bd3969341a0 Mon Sep 17 00:00:00 2001
From: Adrian Vladu <avladu@cloudbasesolutions.com>
Date: Wed, 25 Sep 2024 15:51:02 +0000
Subject: [PATCH] Revert "Revert "initrd-parse-etc: override argv[0] to avoid
dracut issue""
Subject: [PATCH 7/7] Revert "Revert "initrd-parse-etc: override argv[0] to
avoid dracut issue""
This reverts commit 1c585a4ccda3258088d7bc27b27a314e7ed8be80.
---
@ -25,5 +25,5 @@ index 1eef2bd9be..3dadab1123 100644
# We want to enqueue initrd-cleanup.service/start after we finished the part
# above. It can't be part of the initial transaction, because non-oneshot units
--
2.34.1
2.51.0

1310
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0008-sysext-Mutable-overlays.patch vendored
View File

File diff suppressed because it is too large Load Diff

119
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0010-network-netdev-also-check-ifindex-iftype-and-kind-wh.patch vendored
View File

@ -1,119 +0,0 @@
From 7136aa7db4423432392a0fe6055c48a922a4aad4 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 10 Sep 2024 00:12:41 +0900
Subject: [PATCH] network/netdev: also check ifindex, iftype, and kind when
assigning NetDev to Link
Even when a NetDev object with the same name found, its iftype or kind
may be different. For safety, let's also check them.
(cherry picked from commit 1788c3462853e8bb955ff656007e20f402dd9af2)
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
---
src/network/netdev/netdev.c | 37 +++++++++++++++++++++++++++++++++++++
src/network/netdev/netdev.h | 1 +
src/network/networkd-link.c | 10 ++--------
3 files changed, 40 insertions(+), 8 deletions(-)
diff --git a/src/network/netdev/netdev.c b/src/network/netdev/netdev.c
index 2b411425ba..9a528137ea 100644
--- a/src/network/netdev/netdev.c
+++ b/src/network/netdev/netdev.c
@@ -265,6 +265,43 @@ int netdev_get(Manager *manager, const char *name, NetDev **ret) {
return 0;
}
+void link_assign_netdev(Link *link) {
+ _unused_ _cleanup_(netdev_unrefp) NetDev *old = NULL;
+ NetDev *netdev;
+
+ assert(link);
+ assert(link->manager);
+ assert(link->ifname);
+
+ old = TAKE_PTR(link->netdev);
+
+ if (netdev_get(link->manager, link->ifname, &netdev) < 0)
+ return;
+
+ if (netdev->ifindex != link->ifindex)
+ return;
+
+ if (NETDEV_VTABLE(netdev)->iftype != link->iftype)
+ return;
+
+ if (!NETDEV_VTABLE(netdev)->skip_netdev_kind_check) {
+ const char *kind;
+
+ if (netdev->kind == NETDEV_KIND_TAP)
+ kind = "tun"; /* the kernel does not distinguish between tun and tap */
+ else
+ kind = netdev_kind_to_string(netdev->kind);
+
+ if (!streq_ptr(kind, link->kind))
+ return;
+ }
+
+ link->netdev = netdev_ref(netdev);
+
+ if (netdev != old)
+ log_link_debug(link, "Found matching .netdev file: %s", netdev->filename);
+}
+
void netdev_enter_failed(NetDev *netdev) {
netdev->state = NETDEV_STATE_FAILED;
}
diff --git a/src/network/netdev/netdev.h b/src/network/netdev/netdev.h
index cb8cc8c6a9..1a03a9b592 100644
--- a/src/network/netdev/netdev.h
+++ b/src/network/netdev/netdev.h
@@ -206,6 +206,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(NetDev*, netdev_unref);
bool netdev_is_managed(NetDev *netdev);
int netdev_get(Manager *manager, const char *name, NetDev **ret);
+void link_assign_netdev(Link *link);
int netdev_set_ifindex(NetDev *netdev, sd_netlink_message *newlink);
int netdev_generate_hw_addr(NetDev *netdev, Link *link, const char *name,
const struct hw_addr_data *hw_addr, struct hw_addr_data *ret);
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index 8f21504d92..c3a5dc1f0d 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -1317,7 +1317,6 @@ static int link_get_network(Link *link, Network **ret) {
int link_reconfigure_impl(Link *link, bool force) {
Network *network = NULL;
- NetDev *netdev = NULL;
int r;
assert(link);
@@ -1326,13 +1325,11 @@ int link_reconfigure_impl(Link *link, bool force) {
if (link->manager->state != MANAGER_RUNNING)
return 0;
+ link_assign_netdev(link);
+
if (IN_SET(link->state, LINK_STATE_PENDING, LINK_STATE_LINGER))
return 0;
- r = netdev_get(link->manager, link->ifname, &netdev);
- if (r < 0 && r != -ENOENT)
- return r;
-
r = link_get_network(link, &network);
if (r < 0 && r != -ENOENT)
return r;
@@ -1397,9 +1394,6 @@ int link_reconfigure_impl(Link *link, bool force) {
link_free_engines(link);
link->network = network_unref(link->network);
- netdev_unref(link->netdev);
- link->netdev = netdev_ref(netdev);
-
if (!network) {
link_set_state(link, LINK_STATE_UNMANAGED);
return 0;
--
2.39.5

146
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0011-network-also-check-ID_NET_MANAGED_BY-property-on-rec.patch vendored
View File

@ -1,146 +0,0 @@
From 916523aabc7fcb3b5b9362100a5e3417aae00cb2 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 11 Jun 2025 18:05:46 +0900
Subject: [PATCH] network: also check ID_NET_MANAGED_BY property on
reconfigure
Previously, the property was checked only when an uevent is received,
so even if an interface has ID_NET_MANAGED_BY property, the interface
will be configured by networkd when reconfiguration is triggered e.g.
when interface state is changed.
Follow-up for ba87a61d05d637be9f0b21707f7fe3b0a74c5a05.
Fixes #36997.
(cherry picked from commit 78f8d5ed71ecc16ad36d1c215d2d57433d127679)
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
---
src/network/networkd-link.c | 44 ++++++++++++++-----
.../test-network/conf/11-dummy-unmanaged.link | 8 ++++
test/test-network/systemd-networkd-tests.py | 11 +++++
3 files changed, 53 insertions(+), 10 deletions(-)
create mode 100644 test/test-network/conf/11-dummy-unmanaged.link
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index c3a5dc1f0d..3ed1584807 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -1315,6 +1315,32 @@ static int link_get_network(Link *link, Network **ret) {
return -ENOENT;
}
+static int link_managed_by_us(Link *link) {
+ int r;
+
+ assert(link);
+
+ if (!link->dev)
+ return true;
+
+ const char *s;
+ r = sd_device_get_property_value(link->dev, "ID_NET_MANAGED_BY", &s);
+ if (r == -ENOENT)
+ return true;
+ if (r < 0)
+ return log_link_warning_errno(link, r, "Failed to get ID_NET_MANAGED_BY udev property: %m");
+
+ if (streq(s, "io.systemd.Network"))
+ return true;
+
+ if (link->state == LINK_STATE_UNMANAGED)
+ return false; /* Already in unmanaged state */
+
+ log_link_debug(link, "Interface is requested to be managed by '%s', unmanaging the interface.", s);
+ link_set_state(link, LINK_STATE_UNMANAGED);
+ return false;
+}
+
int link_reconfigure_impl(Link *link, bool force) {
Network *network = NULL;
int r;
@@ -1330,6 +1356,10 @@ int link_reconfigure_impl(Link *link, bool force) {
if (IN_SET(link->state, LINK_STATE_PENDING, LINK_STATE_LINGER))
return 0;
+ r = link_managed_by_us(link);
+ if (r <= 0)
+ return r;
+
r = link_get_network(link, &network);
if (r < 0 && r != -ENOENT)
return r;
@@ -1584,6 +1614,10 @@ static int link_initialized(Link *link, sd_device *device) {
* or sysattrs) may be outdated. */
device_unref_and_replace(link->dev, device);
+ r = link_managed_by_us(link);
+ if (r <= 0)
+ return r;
+
if (link->dhcp_client) {
r = sd_dhcp_client_attach_device(link->dhcp_client, link->dev);
if (r < 0)
@@ -1651,7 +1685,6 @@ static int link_check_initialized(Link *link) {
int manager_udev_process_link(Manager *m, sd_device *device, sd_device_action_t action) {
int r, ifindex;
- const char *s;
Link *link;
assert(m);
@@ -1686,15 +1719,6 @@ int manager_udev_process_link(Manager *m, sd_device *device, sd_device_action_t
return 0;
}
- r = sd_device_get_property_value(device, "ID_NET_MANAGED_BY", &s);
- if (r < 0 && r != -ENOENT)
- log_device_debug_errno(device, r, "Failed to get ID_NET_MANAGED_BY udev property, ignoring: %m");
- if (r >= 0 && !streq(s, "io.systemd.Network")) {
- log_device_debug(device, "Interface is requested to be managed by '%s', not managing the interface.", s);
- link_set_state(link, LINK_STATE_UNMANAGED);
- return 0;
- }
-
r = link_initialized(link, device);
if (r < 0)
link_enter_failed(link);
diff --git a/test/test-network/conf/11-dummy-unmanaged.link b/test/test-network/conf/11-dummy-unmanaged.link
new file mode 100644
index 0000000000..99c07a72ce
--- /dev/null
+++ b/test/test-network/conf/11-dummy-unmanaged.link
@@ -0,0 +1,8 @@
+# SPDX-License-Identifier: MIT-0
+[Match]
+Kind=dummy
+OriginalName=test1
+
+[Link]
+NamePolicy=keep
+Property=ID_NET_MANAGED_BY=hoge
diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py
index d8acf538f0..391d219de8 100755
--- a/test/test-network/systemd-networkd-tests.py
+++ b/test/test-network/systemd-networkd-tests.py
@@ -2735,6 +2735,17 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
def tearDown(self):
tear_down_common()
+ def test_ID_NET_MANAGED_BY(self):
+ copy_network_unit('11-dummy.netdev', '11-dummy-unmanaged.link', '11-dummy.network')
+ start_networkd()
+ self.wait_online('test1:off', setup_state='unmanaged')
+
+ check_output('ip link set dev test1 up')
+ self.wait_online('test1:degraded', setup_state='unmanaged')
+
+ check_output('ip link set dev test1 down')
+ self.wait_online('test1:off', setup_state='unmanaged')
+
def verify_address_static(
self,
label1: str,
--
2.39.5

26
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/256-bpf-gcc.patch vendored
View File

@ -1,26 +0,0 @@
https://github.com/systemd/systemd/commit/dde6f1d7456db7aa72d24b1d6956b419b6f9945c
From dde6f1d7456db7aa72d24b1d6956b419b6f9945c Mon Sep 17 00:00:00 2001
From: Sam James <sam@gentoo.org>
Date: Sat, 24 Aug 2024 13:09:47 +0100
Subject: [PATCH] meson: search for 'bpf-unknown-none' too
We currently search for 'bpf-gcc' and 'bpf-none-gcc'. Gentoo's
sys-devel/bpf-toolchain package uses 'bpf-unknown-none-gcc', as does Fedora's
cross-binutils. Search for this name too.
---
meson.build | 1 +
1 file changed, 1 insertion(+)
diff --git a/meson.build b/meson.build
index 5e0b666c64b17..fbc2bbdf2f22f 100644
--- a/meson.build
+++ b/meson.build
@@ -1109,6 +1109,7 @@ else
elif bpf_compiler == 'gcc'
bpf_gcc = find_program('bpf-gcc',
'bpf-none-gcc',
+ 'bpf-unknown-none-gcc',
required : true,
version : '>= 13.1.0')
bpf_gcc_found = bpf_gcc.found()

69
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-257-cred-util-tpm2.patch vendored Normal file
View File

@ -0,0 +1,69 @@
https://bugs.gentoo.org/956681
https://github.com/systemd/systemd/pull/37017
From fd9c4b4f49990f0656092035464b85256a0ba6e3 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Fri, 4 Apr 2025 21:40:41 -0700
Subject: [PATCH] shared/cred-util: Ensure TPM code is used with HAVE_TPM2
guards
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Building with no TPM2 we end up with following error
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:29:10: note: in a call to built-in function __builtin___memcpy_chk
In function memcpy,
inlined from encrypt_credential_and_warn at ../git/src/shared/creds-util.c:1091:17:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:29:10: error: argument 2 null where non-null expected [-Werror=nonnull]
29 | return __builtin___memcpy_chk (__dest, __src, __len,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
30 | __glibc_objsize0 (__dest));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:29:10: note: in a call to built-in function __builtin___memcpy_chk
cc1: some warnings being treated as errors 29 | return __builtin___memcpy_chk (__dest, __src, __len,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
30 | __glibc_objsize0 (__dest));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~
This is because code referencing tpm2 data structures is still used while the
initialization of the function has been compiled out since its conditional on HAVE_TPM2
We add needed guards in places where it is missing to fix this problem
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
src/shared/creds-util.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c
index ca8e15d4c9d1e..e074c8b24680a 100644
--- a/src/shared/creds-util.c
+++ b/src/shared/creds-util.c
@@ -804,7 +804,9 @@ int encrypt_credential_and_warn(
_cleanup_(iovec_done_erase) struct iovec tpm2_key = {}, output = {}, host_key = {};
_cleanup_(EVP_CIPHER_CTX_freep) EVP_CIPHER_CTX *context = NULL;
_cleanup_free_ struct metadata_credential_header *m = NULL;
+#if HAVE_TPM2
uint16_t tpm2_pcr_bank = 0, tpm2_primary_alg = 0;
+#endif
struct encrypted_credential_header *h;
int ksz, bsz, ivsz, tsz, added, r;
uint8_t md[SHA256_DIGEST_LENGTH];
@@ -1078,6 +1080,7 @@ int encrypt_credential_and_warn(
p = ALIGN8(offsetof(struct encrypted_credential_header, iv) + ivsz);
+#if HAVE_TPM2
if (iovec_is_set(&tpm2_key)) {
struct tpm2_credential_header *t;
@@ -1092,7 +1095,7 @@ int encrypt_credential_and_warn(
p += ALIGN8(offsetof(struct tpm2_credential_header, policy_hash_and_blob) + tpm2_blob.iov_len + tpm2_policy_hash.iov_len);
}
-
+#endif
if (iovec_is_set(&pubkey)) {
struct tpm2_public_key_credential_header *z;

8
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf vendored
View File

@ -1,10 +1,2 @@
# The list of directories is taken from Gentoo ebuild, where they use
# keepdir. The list isn't sorted, but tries to preserve the order of
# keepdir lines from Gentoo ebuild for easier comparisons. We skip the
# directories in /usr, though.
d /var/lib/systemd - - - - -
d /var/log/journal - - - - -
d /etc/sysctl.d - - - - -
# This seems to be our own addition.
d /var/log/journal/remote - systemd-journal-remote systemd-journal-remote - -

773
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9-r2.ebuild vendored
View File

@ -1,773 +0,0 @@
# Copyright 2011-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{10..13} )
# Avoid QA warnings
TMPFILES_OPTIONAL=1
UDEV_OPTIONAL=1
QA_PKGCONFIG_VERSION=$(ver_cut 1)
if [[ ${PV} == 9999 ]]; then
EGIT_REPO_URI="https://github.com/systemd/systemd.git"
inherit git-r3
else
MY_PV=${PV/_/-}
MY_P=${PN}-${MY_PV}
S=${WORKDIR}/${MY_P}
SRC_URI="https://github.com/systemd/${PN}/archive/refs/tags/v${MY_PV}.tar.gz -> ${MY_P}.tar.gz"
if [[ ${PV} != *rc* ]] ; then
# Flatcar: mark as stable
KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
fi
fi
inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1
inherit secureboot systemd tmpfiles toolchain-funcs udev
DESCRIPTION="System and service manager for Linux"
HOMEPAGE="https://systemd.io/"
LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
SLOT="0/2"
IUSE="
acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod
+lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
+resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
"
REQUIRED_USE="
${PYTHON_REQUIRED_USE}
dns-over-tls? ( || ( gnutls openssl ) )
fido2? ( cryptsetup openssl )
homed? ( cryptsetup pam openssl )
importd? ( curl lzma || ( gcrypt openssl ) )
pwquality? ( homed )
boot? ( kernel-install )
ukify? ( boot )
"
RESTRICT="!test? ( test )"
MINKV="4.15"
COMMON_DEPEND="
>=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}]
sys-libs/libcap:0=[${MULTILIB_USEDEP}]
virtual/libcrypt:=[${MULTILIB_USEDEP}]
acl? ( sys-apps/acl:0= )
apparmor? ( >=sys-libs/libapparmor-2.13:0= )
audit? ( >=sys-process/audit-2:0= )
bpf? ( >=dev-libs/libbpf-1.4.0:0= )
cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
curl? ( >=net-misc/curl-7.32.0:0= )
elfutils? ( >=dev-libs/elfutils-0.158:0= )
fido2? ( dev-libs/libfido2:0= )
gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
gnutls? ( >=net-libs/gnutls-3.6.0:0= )
http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
idn? ( net-dns/libidn2:= )
importd? (
app-arch/bzip2:0=
sys-libs/zlib:0=
)
kmod? ( >=sys-apps/kmod-15:0= )
lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
iptables? ( net-firewall/iptables:0= )
openssl? ( >=dev-libs/openssl-1.1.0:0= )
pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= )
pcre? ( dev-libs/libpcre2 )
pwquality? ( >=dev-libs/libpwquality-1.4.1:0= )
qrcode? ( >=media-gfx/qrencode-3:0= )
seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
selinux? ( >=sys-libs/libselinux-2.1.9:0= )
tpm? ( app-crypt/tpm2-tss:0= )
xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
"
# Newer linux-headers needed by ia64, bug #480218
DEPEND="${COMMON_DEPEND}
>=sys-kernel/linux-headers-${MINKV}
"
PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
# baselayout-2.2 has /run
#
# Flatcar: Drop sec-policy/selinux-ntp from deps (under selinux use
# flag). The image stage fails with "Failed to resolve
# typeattributeset statement at
# /var/lib/selinux/mcs/tmp/modules/400/ntp/cil:120"
#
# Flatcar: Added a dep on sys-apps/kbd. It provides a loadkeys binary
# needed by dracut's systemd-vconsole-setup module.
RDEPEND="${COMMON_DEPEND}
>=acct-group/adm-0-r1
>=acct-group/wheel-0-r1
>=acct-group/kmem-0-r1
>=acct-group/tty-0-r1
>=acct-group/utmp-0-r1
>=acct-group/audio-0-r1
>=acct-group/cdrom-0-r1
>=acct-group/dialout-0-r1
>=acct-group/disk-0-r1
>=acct-group/input-0-r1
>=acct-group/kvm-0-r1
>=acct-group/lp-0-r1
>=acct-group/render-0-r1
acct-group/sgx
>=acct-group/tape-0-r1
acct-group/users
>=acct-group/video-0-r1
>=acct-group/systemd-journal-0-r1
>=acct-user/root-0-r1
acct-user/nobody
>=acct-user/systemd-journal-remote-0-r1
>=acct-user/systemd-coredump-0-r1
>=acct-user/systemd-network-0-r1
acct-user/systemd-oom
>=acct-user/systemd-resolve-0-r1
>=acct-user/systemd-timesync-0-r1
>=sys-apps/baselayout-2.2
sys-apps/kbd
ukify? (
${PYTHON_DEPS}
$(python_gen_cond_dep "${PEFILE_DEPEND}")
)
selinux? (
sec-policy/selinux-base-policy[systemd]
)
sysv-utils? (
!sys-apps/openrc[sysv-utils(-)]
!sys-apps/openrc-navi[sysv-utils(-)]
!sys-apps/sysvinit
)
!sysv-utils? ( sys-apps/sysvinit )
resolvconf? ( !net-dns/openresolv )
!sys-auth/nss-myhostname
!sys-fs/eudev
!sys-fs/udev
"
# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
>=sys-fs/udev-init-scripts-34
policykit? ( sys-auth/polkit )
!vanilla? ( sys-apps/gentoo-systemd-integration )"
BDEPEND="
app-arch/xz-utils:0
dev-util/gperf
>=dev-build/meson-0.46
>=sys-apps/coreutils-8.16
sys-devel/gettext
virtual/pkgconfig
bpf? (
dev-util/bpftool
sys-devel/bpf-toolchain
)
test? (
app-text/tree
dev-lang/perl
sys-apps/dbus
)
app-text/docbook-xml-dtd:4.2
app-text/docbook-xml-dtd:4.5
app-text/docbook-xsl-stylesheets
dev-libs/libxslt:0
${PYTHON_DEPS}
$(python_gen_cond_dep "
dev-python/jinja2[\${PYTHON_USEDEP}]
dev-python/lxml[\${PYTHON_USEDEP}]
boot? (
>=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}]
test? ( ${PEFILE_DEPEND} )
)
")
"
QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
pkg_pretend() {
# Flatcar: We keep using split-usr for SDK.
# if use split-usr; then
# eerror "Please complete the migration to merged-usr."
# eerror "https://wiki.gentoo.org/wiki/Merge-usr"
# die "systemd no longer supports split-usr"
# fi
if [[ ${MERGE_TYPE} != buildonly ]]; then
local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
~!SYSFS_DEPRECATED_V2"
use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
use bpf && CONFIG_CHECK+=" ~BPF ~BPF_SYSCALL ~BPF_LSM ~DEBUG_INFO_BTF"
use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
if kernel_is -ge 5 10 20; then
CONFIG_CHECK+=" ~KCMP"
else
CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
fi
if kernel_is -ge 4 18; then
CONFIG_CHECK+=" ~AUTOFS_FS"
else
CONFIG_CHECK+=" ~AUTOFS4_FS"
fi
if linux_config_exists; then
local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
ewarn "It's recommended to set an empty value to the following kernel config option:"
ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
fi
if linux_chkconfig_present X86; then
CONFIG_CHECK+=" ~DMIID"
fi
fi
if kernel_is -lt ${MINKV//./ }; then
ewarn "Kernel version at least ${MINKV} required"
fi
check_extra_config
fi
}
pkg_setup() {
use boot && secureboot_pkg_setup
}
src_unpack() {
default
[[ ${PV} != 9999 ]] || git-r3_src_unpack
}
src_prepare() {
local PATCHES=(
"${FILESDIR}/systemd-test-process-util.patch"
"${FILESDIR}/256-bpf-gcc.patch"
# Flatcar: Adding our own patches here.
"${FILESDIR}/0001-wait-online-set-any-by-default.patch"
"${FILESDIR}/0003-needs-update-don-t-require-strictly-newer-usr.patch"
"${FILESDIR}/0004-core-use-max-for-DefaultTasksMax.patch"
"${FILESDIR}/0005-systemd-Disable-SELinux-permissions-checks.patch"
"${FILESDIR}/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch"
"${FILESDIR}/0007-units-Keep-using-old-journal-file-format.patch"
"${FILESDIR}/0009-initrd-parse-etc.service.patch"
"${FILESDIR}/0010-network-netdev-also-check-ifindex-iftype-and-kind-wh.patch"
"${FILESDIR}/0011-network-also-check-ID_NET_MANAGED_BY-property-on-rec.patch"
)
if ! use vanilla; then
PATCHES+=(
"${FILESDIR}/gentoo-journald-audit-r1.patch"
)
fi
# Fails with split-usr.
sed -i -e '2i exit 77' test/test-rpm-macros.sh || die
# Flatcar: The Kubelet takes /etc/resolv.conf for, e.g.,
# CoreDNS which has dnsPolicy "default", but unless the
# kubelet --resolv-conf flag is set to point to
# /run/systemd/resolve/resolv.conf this won't work with
# /etc/resolv.conf pointing to
# /run/systemd/resolve/stub-resolv.conf which configures
# 127.0.0.53. See
# https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/#known-issues
# This means that users who need split DNS to work should
# point /etc/resolv.conf back to
# /run/systemd/resolve/stub-resolv.conf (and if using K8s
# configure the kubelet resolvConf variable/--resolv-conf flag
# to /run/systemd/resolve/resolv.conf).
sed -i -e 's,/run/systemd/resolve/stub-resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/systemd-resolve.conf || die
default
}
src_configure() {
# Prevent conflicts with i686 cross toolchain, bug 559726
tc-export AR CC NM OBJCOPY RANLIB
python_setup
multilib-minimal_src_configure
}
# Flatcar: Our function, we use it in some places below.
get_rootprefix() {
usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr"
}
multilib_src_configure() {
local myconf=(
--localstatedir="${EPREFIX}/var"
# default is developer, bug 918671
-Dmode=release
# Flatcar: Point to our user mailing list.
-Dsupport-url="https://groups.google.com/forum/#!forum/flatcar-linux-user"
-Dpamlibdir="$(getpam_mod_dir)"
# avoid bash-completion dep
-Dbashcompletiondir="$(get_bashcompdir)"
# Flatcar: We keep using split-usr in SDK.
$(meson_use split-usr)
# Flatcar: Always set split-bin to true, we always
# have separate bin and sbin directories
-Dsplit-bin=true
# Flatcar: Use get_rootprefix. No functional change
# from upstream, just refactoring the common code used
# in some places.
#
# TODO: Drop -Drootprefix and -Drootlibdir we get rid
# of split-usr in SDK
-Drootprefix="$(get_rootprefix)"
-Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
# Disable compatibility with sysvinit
-Dsysvinit-path=
-Dsysvrcnd-path=
# no deps
-Dima=true
# Match /etc/shells, bug 919749
-Ddebug-shell="${EPREFIX}/bin/sh"
-Ddefault-user-shell="${EPREFIX}/bin/bash"
# Optional components/dependencies
$(meson_native_use_bool acl)
$(meson_native_use_bool apparmor)
$(meson_native_use_bool audit)
$(meson_native_use_bool boot bootloader)
$(meson_native_use_bool bpf bpf-framework)
-Dbpf-compiler=gcc
$(meson_native_use_bool cryptsetup libcryptsetup)
$(meson_native_use_bool curl libcurl)
$(meson_native_use_bool dns-over-tls dns-over-tls)
$(meson_native_use_bool elfutils)
$(meson_native_use_bool fido2 libfido2)
$(meson_use gcrypt)
$(meson_native_use_bool gnutls)
$(meson_native_use_bool homed)
$(meson_native_use_bool http microhttpd)
$(meson_native_use_bool idn)
$(meson_native_use_bool importd)
$(meson_native_use_bool importd bzip2)
$(meson_native_use_bool importd zlib)
$(meson_native_use_bool kernel-install)
$(meson_native_use_bool kmod)
$(meson_use lz4)
$(meson_use lzma xz)
$(meson_use test tests)
$(meson_use zstd)
$(meson_native_use_bool iptables libiptc)
$(meson_native_use_bool openssl)
$(meson_use pam)
$(meson_native_use_bool pkcs11 p11kit)
$(meson_native_use_bool pcre pcre2)
$(meson_native_use_bool policykit polkit)
$(meson_native_use_bool pwquality)
$(meson_native_use_bool qrcode qrencode)
$(meson_native_use_bool seccomp)
$(meson_native_use_bool selinux)
$(meson_native_use_bool tpm tpm2)
$(meson_native_use_bool test dbus)
$(meson_native_use_bool ukify)
$(meson_native_use_bool xkb xkbcommon)
# Flatcar: Use our ntp servers.
-Dntp-servers="0.flatcar.pool.ntp.org 1.flatcar.pool.ntp.org 2.flatcar.pool.ntp.org 3.flatcar.pool.ntp.org"
# Breaks screen, tmux, etc.
-Ddefault-kill-user-processes=false
# Flatcar: TODO: Investigate if we want this.
-Dcreate-log-dirs=false
# multilib options
$(meson_native_true backlight)
$(meson_native_true binfmt)
$(meson_native_true coredump)
$(meson_native_true environment-d)
$(meson_native_true firstboot)
$(meson_native_true hibernate)
$(meson_native_true hostnamed)
$(meson_native_true ldconfig)
$(meson_native_true localed)
$(meson_native_true man)
$(meson_native_true networkd)
$(meson_native_true quotacheck)
$(meson_native_true randomseed)
$(meson_native_true rfkill)
$(meson_native_true sysusers)
$(meson_native_true timedated)
$(meson_native_true timesyncd)
$(meson_native_true tmpfiles)
$(meson_native_true vconsole)
$(meson_native_enabled vmspawn)
# Flatcar: Specify this, or meson breaks due to no
# /etc/login.defs.
-Dsystem-gid-max=999
-Dsystem-uid-max=999
# Flatcar: DBus paths.
-Ddbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services"
-Ddbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services"
# Flatcar: PAM config directory.
-Dpamconfdir=/usr/share/pam.d
# Flatcar: The CoreOS epoch, Mon Jul 1 00:00:00 UTC
# 2013. Used by timesyncd as a sanity check for the
# minimum acceptable time. Explicitly set to avoid
# using the current build time.
-Dtime-epoch=1372636800
# Flatcar: No default name servers.
-Ddns-servers=
# Flatcar: Disable the "First Boot Wizard", it isn't
# very applicable to us.
-Dfirstboot=false
# Flatcar: Set latest network interface naming scheme
# for https://github.com/flatcar/Flatcar/issues/36
-Ddefault-net-naming-scheme=latest
# Flatcar: Combined log format: name plus description
-Dstatus-unit-format-default=combined
# Flatcar: Unported options, still needed?
-Dquotaon-path=/usr/sbin/quotaon
-Dquotacheck-path=/usr/sbin/quotacheck
-Ddefault-mdns=no
)
case $(tc-arch) in
amd64|arm|arm64|ppc|ppc64|s390|x86)
# src/vmspawn/vmspawn-util.h: QEMU_MACHINE_TYPE
myconf+=( $(meson_native_enabled vmspawn) ) ;;
*)
myconf+=( -Dvmspawn=disabled ) ;;
esac
meson_src_configure "${myconf[@]}"
}
multilib_src_test() {
(
unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
export COLUMNS=80
addpredict /dev
addpredict /proc
addpredict /run
addpredict /sys/fs/cgroup
meson_src_test --timeout-multiplier=10
) || die
}
multilib_src_install_all() {
# meson doesn't know about docdir
mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
einstalldocs
# Flatcar: Do not install sample nsswitch.conf, we don't
# provide it.
# dodoc "${FILESDIR}"/nsswitch.conf
insinto /usr/lib/tmpfiles.d
doins "${FILESDIR}"/legacy.conf
if ! use resolvconf; then
rm -f "${ED}"/usr/bin/resolvconf || die
fi
if ! use sysv-utils; then
rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die
rm "${ED}"/usr/share/man/man1/init.1 || die
rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
fi
# https://bugs.gentoo.org/761763
rm -r "${ED}"/usr/lib/sysusers.d || die
# Flatcar: Upstream uses keepdir commands to keep some empty
# directories. We use tmpfiles.
# Preserve empty dirs in /etc & /var, bug #437008
keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
keepdir /etc/kernel/install.d
keepdir /etc/systemd/{network,system,user}
keepdir /etc/udev/rules.d
keepdir /etc/udev/hwdb.d
# keepdir /usr/lib/systemd/{system-sleep,system-shutdown}
# keepdir /usr/lib/{binfmt.d,modules-load.d}
# keepdir /usr/lib/systemd/user-generators
# keepdir /var/lib/systemd
# keepdir /var/log/journal
# if use pam; then
# if use selinux; then
# newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
# else
# newpamd "${FILESDIR}"/systemd-user.pam systemd-user
# fi
# fi
if use kernel-install; then
# Dummy config, remove to make room for sys-kernel/installkernel
rm "${ED}/usr/lib/kernel/install.conf" || die
fi
# Flatcar: Ensure journal directory has correct ownership/mode
# in inital image. This is fixed by systemd-tmpfiles *but*
# journald starts before that and will create the journal if
# the filesystem is already read-write. Conveniently the
# systemd Makefile sets this up completely wrong.
#
# Flatcar: TODO: Is this still a problem?
dodir /var/log/journal
fowners root:systemd-journal /var/log/journal
fperms 2755 /var/log/journal
# Flatcar: Don't prune systemd dirs.
dotmpfiles "${FILESDIR}"/systemd-flatcar.conf
# Flatcar: Add tmpfiles rule for resolv.conf. This path has
# changed after v213 so it must be handled here instead of
# baselayout now.
dotmpfiles "${FILESDIR}"/systemd-resolv.conf
# Flatcar: Don't default to graphical.target.
local unitdir=$(builddir_systemd_get_systemunitdir)
dosym multi-user.target "${unitdir}"/default.target
# Flatcar: Don't set any extra environment variables by default.
rm "${ED}/usr/lib/environment.d/99-environment.conf" || die
# Flatcar: These lines more or less follow the systemd's
# preset file (90-systemd.preset). We do it that way, to avoid
# putting symlinks in /etc. Please keep the lines in the same
# order as the "enable" lines appear in the preset file. For a
# single enable line in preset, there may be more lines if the
# unit file had Also: clause which has units we enable here
# too.
# Flatcar: enable remote-fs.target
builddir_systemd_enable_service multi-user.target remote-fs.target
# Flatcar: enable remote-cryptsetup.target
if use cryptsetup; then
builddir_systemd_enable_service multi-user.target remote-cryptsetup.target
fi
# Flatcar: enable machines.target
builddir_systemd_enable_service multi-user.target machines.target
# Flatcar: enable getty@.service
dodir "${unitdir}/getty.target.wants"
dosym ../getty@.service "${unitdir}/getty.target.wants/getty@tty1.service"
# Flatcar: enable systemd-timesyncd.service
builddir_systemd_enable_service sysinit.target systemd-timesyncd.service
# Flatcar: enable systemd-networkd.service (Also: systemd-networkd.socket, systemd-networkd-wait-online.service)
builddir_systemd_enable_service multi-user.target systemd-networkd.service
builddir_systemd_enable_service sockets.target systemd-networkd.socket
builddir_systemd_enable_service network-online.target systemd-networkd-wait-online.service
# Flatcar: enable systemd-network-generator.service
builddir_systemd_enable_service sysinit.target systemd-network-generator.service
# Flatcar: enable systemd-resolved.service
builddir_systemd_enable_service multi-user.target systemd-resolved.service
# Flatcar: enable systemd-homed.service (Also: systemd-userdbd.service [not enabled - has no WantedBy entry])
if use homed; then
builddir_systemd_enable_service multi-user.target systemd-homed.target
fi
# Flatcar: enable systemd-userdbd.socket
builddir_systemd_enable_service sockets.target systemd-userdbd.socket
# Flatcar: enable systemd-pstore.service
builddir_systemd_enable_service sysinit.target systemd-pstore.service
# Flatcar: enable systemd-boot-update.service
if use boot; then
builddir_systemd_enable_service sysinit.target systemd-boot-update.service
fi
# Flatcar: enable reboot.target (not enabled - has no WantedBy
# entry)
# Flatcar: enable systemd-sysext.service by default
builddir_systemd_enable_service sysinit.target systemd-sysext.service
# Flatcar: Use an empty preset file, because systemctl
# preset-all puts symlinks in /etc, not in /usr. We don't use
# /etc, because it is not autoupdated. We do the "preset" above.
rm "${ED}/usr/lib/systemd/system-preset/90-systemd.preset" || die
insinto /usr/lib/systemd/system-preset
doins "${FILESDIR}"/99-default.preset
# Flatcar: Do not ship distro-specific files (nsswitch.conf
# pam.d). This conflicts with our own configuration provided
# by baselayout.
rm -rf "${ED}"/usr/share/factory
sed -i "${ED}"/usr/lib/tmpfiles.d/etc.conf \
-e '/^C!* \/etc\/nsswitch\.conf/d' \
-e '/^C!* \/etc\/pam\.d/d' \
-e '/^C!* \/etc\/issue/d'
use ukify && python_fix_shebang "${ED}"
use boot && secureboot_auto_sign
}
# Flatcar: Our own version of systemd_get_systemunitdir, that returns
# a path inside /usr, not /etc.
builddir_systemd_get_systemunitdir() {
echo "$(get_rootprefix)/lib/systemd/system"
}
# Flatcar: Our own version of systemd_enable_service, that does
# operations inside /usr, not /etc.
builddir_systemd_enable_service() {
local target=${1}
local service=${2}
local ud=$(builddir_systemd_get_systemunitdir)
local destname=${service##*/}
dodir "${ud}"/"${target}".wants && \
dosym ../"${service}" "${ud}"/"${target}".wants/"${destname}"
if use boot; then
python_fix_shebang "${ED}"
secureboot_auto_sign
fi
}
migrate_locale() {
local envd_locale_def="${EROOT}/etc/env.d/02locale"
local envd_locale=( "${EROOT}"/etc/env.d/??locale )
local locale_conf="${EROOT}/etc/locale.conf"
if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
# If locale.conf does not exist...
if [[ -e ${envd_locale} ]]; then
# ...either copy env.d/??locale if there's one
ebegin "Moving ${envd_locale} to ${locale_conf}"
mv "${envd_locale}" "${locale_conf}"
eend ${?} || FAIL=1
else
# ...or create a dummy default
ebegin "Creating ${locale_conf}"
cat > "${locale_conf}" <<-EOF
# This file has been created by the sys-apps/systemd ebuild.
# See locale.conf(5) and localectl(1).
# LANG=${LANG}
EOF
eend ${?} || FAIL=1
fi
fi
if [[ ! -L ${envd_locale} ]]; then
# now, if env.d/??locale is not a symlink (to locale.conf)...
if [[ -e ${envd_locale} ]]; then
# ...warn the user that he has duplicate locale settings
ewarn
ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
ewarn "and create the symlink with the following command:"
ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
ewarn
else
# ...or just create the symlink if there's nothing here
ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
ln -n -s ../locale.conf "${envd_locale_def}"
eend ${?} || FAIL=1
fi
fi
}
pkg_preinst() {
if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
# Symlink /etc/sysctl.conf for easy migration.
dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
fi
# Flatcar: This used to be in upstream ebuild, but now it's
# gone. We should drop it once we get rid of split-usr in SDK.
if ! use split-usr; then
local dir
# Flatcar: We still use separate bin and sbin, so drop usr/sbin from the list.
for dir in bin sbin lib; do
if [[ ! -L ${EROOT}/${dir} ]]; then
eerror "'${EROOT}/${dir}' is not a symbolic link."
FAIL=1
fi
done
if [[ ${FAIL} ]]; then
eerror "Migration to system layout with merged directories must be performed before"
eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
die "System layout with split directories still used"
fi
fi
if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
fi
}
pkg_postinst() {
systemd_update_catalog
# Keep this here in case the database format changes so it gets updated
# when required.
systemd-hwdb --root="${ROOT}" update
udev_reload || FAIL=1
# Bug 465468, make sure locales are respected, and ensure consistency
# between OpenRC & systemd
migrate_locale
# Flatcar: We enable getty and remote-fs targets in /usr
# ourselves above.
# if [[ -z ${REPLACING_VERSIONS} ]]; then
# if type systemctl &>/dev/null; then
# systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
# fi
# elog "To enable a useful set of services, run the following:"
# elog " systemctl preset-all --preset-mode=enable-only"
# fi
if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
rm "${EROOT}/var/lib/systemd/timesync"
fi
if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
ebegin "Reexecuting system manager (systemd)"
systemctl daemon-reexec
eend $? || FAIL=1
# https://lists.freedesktop.org/archives/systemd-devel/2024-June/050466.html
ebegin "Signaling user managers to reexec"
systemctl kill --kill-whom='main' --signal='SIGRTMIN+25' 'user@*.service'
eend $?
fi
if [[ ${FAIL} ]]; then
eerror "One of the postinst commands failed. Please check the postinst output"
eerror "for errors. You may need to clean up your system and/or try installing"
eerror "systemd again."
eerror
fi
if use boot; then
optfeature "installing kernels in systemd-boot's native layout and update loader entries" \
"sys-kernel/installkernel[systemd-boot]"
fi
if use ukify; then
optfeature "generating unified kernel image on each kernel installation" \
"sys-kernel/installkernel[ukify]"
fi
}
pkg_prerm() {
# If removing systemd completely, remove the catalog database.
if [[ ! ${REPLACED_BY_VERSION} ]]; then
rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
fi
}

126
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-257.7-r1.ebuild vendored
View File

@ -2,7 +2,7 @@
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{10..13} )
PYTHON_COMPAT=( python3_{11..13} )
# Avoid QA warnings
TMPFILES_OPTIONAL=1
@ -20,12 +20,12 @@ else
SRC_URI="https://github.com/systemd/${PN}/archive/refs/tags/v${MY_PV}.tar.gz -> ${MY_P}.tar.gz"
if [[ ${PV} != *rc* ]] ; then
# Flatcar: mark as stable
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86"
fi
fi
inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1
# Flatcar: Inherited tmpfiles
inherit secureboot systemd tmpfiles toolchain-funcs udev
DESCRIPTION="System and service manager for Linux"
@ -144,11 +144,11 @@ RDEPEND="${COMMON_DEPEND}
)
sysv-utils? (
!sys-apps/openrc[sysv-utils(-)]
!sys-apps/openrc-navi[sysv-utils(-)]
!sys-apps/sysvinit
)
!sysv-utils? ( sys-apps/sysvinit )
resolvconf? ( !net-dns/openresolv )
!sys-apps/hwids[udev]
!sys-auth/nss-myhostname
!sys-fs/eudev
!sys-fs/udev
@ -168,7 +168,7 @@ BDEPEND="
sys-devel/gettext
virtual/pkgconfig
bpf? (
dev-util/bpftool
>=dev-util/bpftool-7.0.0
sys-devel/bpf-toolchain
)
test? (
@ -194,13 +194,38 @@ BDEPEND="
QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
check_cgroup_layout() {
# https://bugs.gentoo.org/935261
[[ ${MERGE_TYPE} != buildonly ]] || return
[[ -z ${ROOT} ]] || return
[[ -e /sys/fs/cgroup/unified ]] || return
grep -q 'SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1' /proc/cmdline && return
eerror "This system appears to be booted with the 'hybrid' cgroup layout."
eerror "This layout obsolete and is disabled in systemd."
if grep -qF 'systemd.unified_cgroup_hierarchy'; then
eerror "Remove the systemd.unified_cgroup_hierarchy option"
eerror "from the kernel command line and reboot."
die "hybrid cgroup layout detected"
fi
}
pkg_pretend() {
# Flatcar: We keep using split-usr for SDK.
# if use split-usr; then
# eerror "Please complete the migration to merged-usr."
# eerror "https://wiki.gentoo.org/wiki/Merge-usr"
# die "systemd no longer supports split-usr"
# fi
if use split-usr; then
eerror "Please complete the migration to merged-usr."
eerror "https://wiki.gentoo.org/wiki/Merge-usr"
die "systemd no longer supports split-usr"
fi
check_cgroup_layout
if use cgroup-hybrid; then
eerror "Disable the 'cgroup-hybrid' USE flag."
eerror "Rebuild any initramfs images after rebuilding systemd."
die "cgroup-hybrid is no longer supported"
fi
if [[ ${MERGE_TYPE} != buildonly ]]; then
local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
@ -256,14 +281,15 @@ src_unpack() {
src_prepare() {
local PATCHES=(
"${FILESDIR}"/systemd-257-cred-util-tpm2.patch
# Flatcar: Adding our own patches here.
"${FILESDIR}/0001-wait-online-set-any-by-default.patch"
"${FILESDIR}/0003-needs-update-don-t-require-strictly-newer-usr.patch"
"${FILESDIR}/0004-core-use-max-for-DefaultTasksMax.patch"
"${FILESDIR}/0005-systemd-Disable-SELinux-permissions-checks.patch"
"${FILESDIR}/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin-257.patch"
"${FILESDIR}/0007-units-Keep-using-old-journal-file-format.patch"
"${FILESDIR}/0009-initrd-parse-etc.service.patch"
"${FILESDIR}/0002-needs-update-don-t-require-strictly-newer-usr.patch"
"${FILESDIR}/0003-core-use-max-for-DefaultTasksMax.patch"
"${FILESDIR}/0004-systemd-Disable-SELinux-permissions-checks.patch"
"${FILESDIR}/0005-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch"
"${FILESDIR}/0006-units-Keep-using-old-journal-file-format.patch"
"${FILESDIR}/0007-Revert-Revert-initrd-parse-etc-override-argv-0-to-av.patch"
)
if ! use vanilla; then
@ -272,9 +298,6 @@ src_prepare() {
)
fi
# Fails with split-usr.
sed -i -e '2i exit 77' test/test-rpm-macros.sh || die
# Flatcar: The Kubelet takes /etc/resolv.conf for, e.g.,
# CoreDNS which has dnsPolicy "default", but unless the
# kubelet --resolv-conf flag is set to point to
@ -301,14 +324,10 @@ src_configure() {
multilib-minimal_src_configure
}
# Flatcar: Our function, we use it in some places below.
get_rootprefix() {
usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr"
}
multilib_src_configure() {
local myconf=(
--localstatedir="${EPREFIX}/var"
-Ddocdir="share/doc/${PF}"
# default is developer, bug 918671
-Dmode=release
# Flatcar: Point to our user mailing list.
@ -316,19 +335,7 @@ multilib_src_configure() {
-Dpamlibdir="$(getpam_mod_dir)"
# avoid bash-completion dep
-Dbashcompletiondir="$(get_bashcompdir)"
# Flatcar: We keep using split-usr in SDK.
$(meson_use split-usr)
# Flatcar: Always set split-bin to true, we always
# have separate bin and sbin directories
-Dsplit-bin=true
# Flatcar: Use get_rootprefix. No functional change
# from upstream, just refactoring the common code used
# in some places.
#
# TODO: Drop -Drootprefix and -Drootlibdir we get rid
# of split-usr in SDK
-Drootprefix="$(get_rootprefix)"
-Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
-Dsplit-bin=false
# Disable compatibility with sysvinit
-Dsysvinit-path=
-Dsysvrcnd-path=
@ -381,7 +388,6 @@ multilib_src_configure() {
-Dntp-servers="0.flatcar.pool.ntp.org 1.flatcar.pool.ntp.org 2.flatcar.pool.ntp.org 3.flatcar.pool.ntp.org"
# Breaks screen, tmux, etc.
-Ddefault-kill-user-processes=false
# Flatcar: TODO: Investigate if we want this.
-Dcreate-log-dirs=false
# multilib options
@ -404,7 +410,6 @@ multilib_src_configure() {
$(meson_native_true timesyncd)
$(meson_native_true tmpfiles)
$(meson_native_true vconsole)
$(meson_native_enabled vmspawn)
# Flatcar: Specify this, or meson breaks due to no
# /etc/login.defs.
-Dsystem-gid-max=999
@ -437,10 +442,10 @@ multilib_src_configure() {
# Flatcar: Combined log format: name plus description
-Dstatus-unit-format-default=combined
# Flatcar: Unported options, still needed?
-Dquotaon-path=/usr/sbin/quotaon
-Dquotacheck-path=/usr/sbin/quotacheck
# Flatcar: Disable multicast-dns, Link-Local Multicast Name Resolution and dnssec
-Ddefault-mdns=no
-Ddefault-llmnr=no
-Ddefault-dnssec=no
)
case $(tc-arch) in
@ -467,9 +472,6 @@ multilib_src_test() {
}
multilib_src_install_all() {
# meson doesn't know about docdir
mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
einstalldocs
# Flatcar: Do not install sample nsswitch.conf, we don't
# provide it.
@ -491,8 +493,6 @@ multilib_src_install_all() {
# https://bugs.gentoo.org/761763
rm -r "${ED}"/usr/lib/sysusers.d || die
# Flatcar: Upstream uses keepdir commands to keep some empty
# directories. We use tmpfiles.
# Preserve empty dirs in /etc & /var, bug #437008
keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
keepdir /etc/kernel/install.d
@ -501,12 +501,13 @@ multilib_src_install_all() {
keepdir /etc/udev/hwdb.d
# keepdir /usr/lib/systemd/{system-sleep,system-shutdown}
# keepdir /usr/lib/{binfmt.d,modules-load.d}
# keepdir /usr/lib/systemd/user-generators
# keepdir /var/lib/systemd
# keepdir /var/log/journal
keepdir /usr/lib/systemd/{system-sleep,system-shutdown}
keepdir /usr/lib/{binfmt.d,modules-load.d}
keepdir /usr/lib/systemd/user-generators
keepdir /var/lib/systemd
keepdir /var/log/journal
# Flatcar: We provide our own systemd-user config file in baselayout.
# if use pam; then
# if use selinux; then
# newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
@ -614,7 +615,7 @@ multilib_src_install_all() {
# Flatcar: Our own version of systemd_get_systemunitdir, that returns
# a path inside /usr, not /etc.
builddir_systemd_get_systemunitdir() {
echo "$(get_rootprefix)/lib/systemd/system"
echo "${EPREFIX}/usr/lib/systemd/system"
}
# Flatcar: Our own version of systemd_enable_service, that does
@ -683,23 +684,6 @@ pkg_preinst() {
dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
fi
# Flatcar: This used to be in upstream ebuild, but now it's
# gone. We should drop it once we get rid of split-usr in SDK.
if ! use split-usr; then
local dir
# Flatcar: We still use separate bin and sbin, so drop usr/sbin from the list.
for dir in bin sbin lib; do
if [[ ! -L ${EROOT}/${dir} ]]; then
eerror "'${EROOT}/${dir}' is not a symbolic link."
FAIL=1
fi
done
if [[ ${FAIL} ]]; then
eerror "Migration to system layout with merged directories must be performed before"
eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
die "System layout with split directories still used"
fi
fi
if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."