mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-10-02 19:11:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1579 from flatcar-linux/krnowak/systemd-250

Browse Source 
sys-apps/systemd: Update to 250.3
This commit is contained in:
Krzesimir Nowak 2022-02-15 17:46:03 +01:00 committed by GitHub
commit 26f624cb8d
28 changed files with 477 additions and 197 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sdk_container/src/third_party/coreos-overlay/changelog/security/2022-01-24-systemd-250.md vendored Normal file
View File

@ -0,0 +1 @@
- systemd ([CVE-2021-3997](https://nvd.nist.gov/vuln/detail/CVE-2021-3997))

1
sdk_container/src/third_party/coreos-overlay/changelog/updates/2022-01-24-systemd-250-update.md vendored Normal file
View File

@ -0,0 +1 @@
- systemd ([250.3](https://github.com/systemd/systemd-stable/releases/tag/v250.3))

2
sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.use.force vendored
View File

@ -1,5 +1,3 @@
sys-apps/systemd -introspection
# Matt Turner <mattst88@gentoo.org> (2020-03-28) # Matt Turner <mattst88@gentoo.org> (2020-03-28)
# wget is the default FETCHCOMMAND, and most distfiles are distributed via # wget is the default FETCHCOMMAND, and most distfiles are distributed via
# HTTPS. Bug #611072 # HTTPS. Bug #611072

3
sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.use.mask vendored
View File

@ -1,5 +1,2 @@
# This fails from -Werror=implicit-fallthrough, and it's disabled in the SDK. # This fails from -Werror=implicit-fallthrough, and it's disabled in the SDK.
sys-devel/gcc sanitize sys-devel/gcc sanitize
# Undo Gentoo masking all this on arm64.
sys-apps/systemd -cryptsetup -http -policykit -qrcode -xkb

10
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use vendored
View File

@ -28,8 +28,10 @@ net-analyzer/nmap ncat -system-lua
# removes mta dependencies # removes mta dependencies
app-admin/sudo -sendmail app-admin/sudo -sendmail
# use lzma which is the default on non-gentoo systems, avoid pulling in gnutls # use lzma which is the default on non-gentoo systems, use gnuefi for
sys-apps/systemd build curl gcrypt idn libidn2 lzma -ssl # bootctl, enable selinux, disable hybrid cgroup as we use the unified
# mode now
sys-apps/systemd build curl idn lzma gnuefi selinux -cgroup-hybrid
net-libs/libmicrohttpd -ssl net-libs/libmicrohttpd -ssl
# disable kernel config detection and module building # disable kernel config detection and module building
@ -85,7 +87,6 @@ sys-fs/btrfs-progs -zstd
# Enable SELinux for all targets # Enable SELinux for all targets
coreos-base/coreos selinux coreos-base/coreos selinux
sys-apps/dbus selinux sys-apps/dbus selinux
sys-apps/systemd selinux
# Enable SELinux for coreutils # Enable SELinux for coreutils
sys-apps/coreutils selinux sys-apps/coreutils selinux
@ -127,9 +128,6 @@ net-firewall/iptables nftables
# Install `perl` with a minimal set of dependencies # Install `perl` with a minimal set of dependencies
dev-lang/perl minimal dev-lang/perl minimal
# Disable cgroup-hybrid as we use the unified mode
sys-apps/systemd -cgroup-hybrid
# Remove support for GObject introspection # Remove support for GObject introspection
sys-auth/polkit -introspection sys-auth/polkit -introspection

23
sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults vendored
View File

@ -73,3 +73,26 @@ INSTALL_MASK="${INSTALL_MASK}
INSTALL_MASK="${INSTALL_MASK} INSTALL_MASK="${INSTALL_MASK}
/usr/bin/cvtsudoers /usr/bin/cvtsudoers
" "
# Override UIDs and GIDs where ours differ from Gentoo defaults.
ACCT_GROUP_DIALOUT_ID=249
ACCT_GROUP_INPUT_ID=28
ACCT_GROUP_MESSAGEBUS_ID=201
ACCT_USER_MESSAGEBUS_ID=201
ACCT_GROUP_NTP_ID=203
ACCT_USER_NTP_ID=203
ACCT_GROUP_POLKITD_ID=235
ACCT_USER_POLKITD_ID=235
ACCT_GROUP_RENDER_ID=30
ACCT_GROUP_SSHD_ID=204
ACCT_USER_SSHD_ID=204
ACCT_GROUP_SYSTEMD_JOURNAL_ID=248
ACCT_GROUP_SYSTEMD_JOURNAL_REMOTE_ID=242
ACCT_USER_SYSTEMD_JOURNAL_REMOTE_ID=242
ACCT_GROUP_SYSTEMD_NETWORK_ID=244
ACCT_USER_SYSTEMD_NETWORK_ID=244
ACCT_GROUP_SYSTEMD_RESOLVE_ID=245
ACCT_USER_SYSTEMD_RESOLVE_ID=245
# tss seems to be one of those users with a mismatching UID/GID
ACCT_GROUP_TSS_ID=252
ACCT_USER_TSS_ID=236

0
sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-3.6.8-r4.ebuild → sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-3.6.8-r5.ebuild vendored
View File

2
sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild vendored
View File

@ -9,7 +9,7 @@ CROS_WORKON_REPO="https://github.com"
if [[ "${PV}" == 9999 ]]; then if [[ "${PV}" == 9999 ]]; then
KEYWORDS="~amd64 ~arm ~arm64 ~x86" KEYWORDS="~amd64 ~arm ~arm64 ~x86"
else else
CROS_WORKON_COMMIT="cc1be682dbd539eb4d39569531bfe548bdfb3809" # flatcar-master CROS_WORKON_COMMIT="c0871373412a3efb3c94b03825b64025f4f0c0fc" # flatcar-master
KEYWORDS="amd64 arm arm64 x86" KEYWORDS="amd64 arm arm64 x86"
fi fi

2
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest vendored
View File

@ -1 +1 @@
DIST systemd-stable-249.7.tar.gz 10608252 BLAKE2B a5597c4973b24c962779622cae47dbf8351af49f8cd898d9c16a967c6f3600c6feb293e9b03eab0423b860eef5b04b287185fb9827cb323429d0ab9fc6d809b2 SHA512 4daf8570621fdcda5c94d982908c64eddfeef989005f4fd79a10f199dbc6f366354177bb59dff34bcb14764fb4423a870ffabac1163849ec53592e29760105fc DIST systemd-stable-250.3.tar.gz 11125151 BLAKE2B 659c39994e76f94407dd9079e28fc644981d3475a0ed440b9895e8f201c3ce1fc47aa8c4d599ad85ed89ddfb6ca8e514aee2a739e93640745cf46647f99efe56 SHA512 81847fb088ff271138b1ea318995a2ca2ee5d4c5d839c9dd81f0210d366198049199d59c49b25ef8783df2c6b8dd9fcdf2d916777788b1a6d42deec9da8e9da5

6
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/00-hostnamed-network-user.conf vendored Normal file
View File

@ -0,0 +1,6 @@
[Service]
# By running with these options instead of root, networkd is allowed to request
# a hostname change via DBUS when policykit is not present
User=systemd-network
Group=systemd-hostname
AmbientCapabilities=CAP_SYS_ADMIN

8
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-wait-online-set-any-by-default.patch → sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-wait-online-set-any-by-default.patch vendored
View File

@ -1,7 +1,7 @@
From eb00b0bf1014fd9da26fc1ed2612c579cbcf09ce Mon Sep 17 00:00:00 2001 From d13deba6bad21e796829b83b00dce03085b0ab14 Mon Sep 17 00:00:00 2001
From: David Michael <dm0@redhat.com> From: David Michael <dm0@redhat.com>
Date: Tue, 16 Apr 2019 02:44:51 +0000 Date: Tue, 16 Apr 2019 02:44:51 +0000
Subject: [PATCH 1/5] wait-online: set --any by default Subject: [PATCH 1/8] wait-online: set --any by default
The systemd-networkd-wait-online command would normally continue The systemd-networkd-wait-online command would normally continue
waiting after a network interface is usable if other interfaces are waiting after a network interface is usable if other interfaces are
@ -15,7 +15,7 @@ earlier) for the original implementation.
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/network/wait-online/wait-online.c b/src/network/wait-online/wait-online.c diff --git a/src/network/wait-online/wait-online.c b/src/network/wait-online/wait-online.c
index 1b24b6f1a6..dedbd50725 100644 index a679b858fa..3b6dad8d1d 100644
--- a/src/network/wait-online/wait-online.c --- a/src/network/wait-online/wait-online.c
+++ b/src/network/wait-online/wait-online.c +++ b/src/network/wait-online/wait-online.c
@@ -20,7 +20,7 @@ static Hashmap *arg_interfaces = NULL; @@ -20,7 +20,7 @@ static Hashmap *arg_interfaces = NULL;
@ -28,5 +28,5 @@ index 1b24b6f1a6..dedbd50725 100644
STATIC_DESTRUCTOR_REGISTER(arg_interfaces, hashmap_free_free_freep); STATIC_DESTRUCTOR_REGISTER(arg_interfaces, hashmap_free_free_freep);
STATIC_DESTRUCTOR_REGISTER(arg_ignore, strv_freep); STATIC_DESTRUCTOR_REGISTER(arg_ignore, strv_freep);
-- --
2.30.2 2.35.1

14
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-networkd-default-to-kernel-IPForwarding-setting.patch → sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-networkd-default-to-kernel-IPForwarding-setting.patch vendored
View File

@ -1,24 +1,24 @@
From 9acb14187bacd1d716adaed491813ea1cde12237 Mon Sep 17 00:00:00 2001 From 2a8f5356c608e6f4512ade1b3ce2176f4491bce1 Mon Sep 17 00:00:00 2001
From: Nick Owens <nick.owens@coreos.com> From: Nick Owens <nick.owens@coreos.com>
Date: Tue, 2 Jun 2015 18:22:32 -0700 Date: Tue, 2 Jun 2015 18:22:32 -0700
Subject: [PATCH 2/5] networkd: default to "kernel" IPForwarding setting Subject: [PATCH 2/8] networkd: default to "kernel" IPForwarding setting
--- ---
src/network/networkd-network.c | 1 + src/network/networkd-network.c | 1 +
1 file changed, 1 insertion(+) 1 file changed, 1 insertion(+)
diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index 850b4f449e..951c2d0815 100644 index 873ad2e703..4395dce4e2 100644
--- a/src/network/networkd-network.c --- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c +++ b/src/network/networkd-network.c
@@ -398,6 +398,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi @@ -458,6 +458,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi
.link_local = _ADDRESS_FAMILY_INVALID,
.ipv6ll_address_gen_mode = _IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_INVALID, .ipv6ll_address_gen_mode = _IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_INVALID,
.ipv4_accept_local = -1,
+ .ip_forward = _ADDRESS_FAMILY_INVALID, + .ip_forward = _ADDRESS_FAMILY_INVALID,
.ipv4_accept_local = -1,
.ipv4_route_localnet = -1, .ipv4_route_localnet = -1,
.ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO, .ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO,
.ipv6_accept_ra = -1,
-- --
2.30.2 2.35.1

14
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-needs-update-don-t-require-strictly-newer-usr.patch → sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0003-needs-update-don-t-require-strictly-newer-usr.patch vendored
View File

@ -1,7 +1,7 @@
From e073ce40241db173d160d5d9986129820a98270a Mon Sep 17 00:00:00 2001 From 5ba2f094ba91f8f52a4b3c0aca83e2fe344594d8 Mon Sep 17 00:00:00 2001
From: Alex Crawford <alex.crawford@coreos.com> From: Alex Crawford <alex.crawford@coreos.com>
Date: Wed, 2 Mar 2016 10:46:33 -0800 Date: Wed, 2 Mar 2016 10:46:33 -0800
Subject: [PATCH 3/5] needs-update: don't require strictly newer usr Subject: [PATCH 3/8] needs-update: don't require strictly newer usr
Updates should be triggered whenever usr changes, not only when it is newer. Updates should be triggered whenever usr changes, not only when it is newer.
--- ---
@ -23,10 +23,10 @@ index 3393010ff6..5478baca25 100644
This requires that updates to <filename>/usr/</filename> are always This requires that updates to <filename>/usr/</filename> are always
followed by an update of the modification time of followed by an update of the modification time of
diff --git a/src/shared/condition.c b/src/shared/condition.c diff --git a/src/shared/condition.c b/src/shared/condition.c
index b2ec690bc3..4cf6523b90 100644 index 68fbbf643a..306089cd26 100644
--- a/src/shared/condition.c --- a/src/shared/condition.c
+++ b/src/shared/condition.c +++ b/src/shared/condition.c
@@ -593,7 +593,7 @@ static int condition_test_needs_update(Condition *c, char **env) { @@ -769,7 +769,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
* First, compare seconds as they are always accurate... * First, compare seconds as they are always accurate...
*/ */
if (usr.st_mtim.tv_sec != other.st_mtim.tv_sec) if (usr.st_mtim.tv_sec != other.st_mtim.tv_sec)
@ -35,7 +35,7 @@ index b2ec690bc3..4cf6523b90 100644
/* /*
* ...then compare nanoseconds. * ...then compare nanoseconds.
@@ -604,7 +604,7 @@ static int condition_test_needs_update(Condition *c, char **env) { @@ -780,7 +780,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
* (otherwise the filesystem supports nsec timestamps, see stat(2)). * (otherwise the filesystem supports nsec timestamps, see stat(2)).
*/ */
if (usr.st_mtim.tv_nsec == 0 || other.st_mtim.tv_nsec > 0) if (usr.st_mtim.tv_nsec == 0 || other.st_mtim.tv_nsec > 0)
@ -44,7 +44,7 @@ index b2ec690bc3..4cf6523b90 100644
_cleanup_free_ char *timestamp_str = NULL; _cleanup_free_ char *timestamp_str = NULL;
r = parse_env_file(NULL, p, "TIMESTAMP_NSEC", &timestamp_str); r = parse_env_file(NULL, p, "TIMESTAMP_NSEC", &timestamp_str);
@@ -623,7 +623,7 @@ static int condition_test_needs_update(Condition *c, char **env) { @@ -799,7 +799,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
return true; return true;
} }
@ -54,5 +54,5 @@ index b2ec690bc3..4cf6523b90 100644
static int condition_test_first_boot(Condition *c, char **env) { static int condition_test_first_boot(Condition *c, char **env) {
-- --
2.26.2 2.35.1

21
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-core-use-max-for-DefaultTasksMax.patch → sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-core-use-max-for-DefaultTasksMax.patch vendored
View File

@ -1,7 +1,7 @@
From 3acaafc6fcd34b272e5249c49e498ff7facb564e Mon Sep 17 00:00:00 2001 From 75c683b81fcdb47eaa9aa6c4355ed96296d6d547 Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <sayan@kinvolk.io> From: Sayan Chowdhury <sayan@kinvolk.io>
Date: Thu, 22 Apr 2021 20:08:33 +0530 Date: Thu, 22 Apr 2021 20:08:33 +0530
Subject: [PATCH] core: use max for DefaultTasksMax Subject: [PATCH 4/8] core: use max for DefaultTasksMax
Since systemd v228, systemd has a DefaultTasksMax which defaulted Since systemd v228, systemd has a DefaultTasksMax which defaulted
to 512, later 15% of the system's maximum number of PIDs. This to 512, later 15% of the system's maximum number of PIDs. This
@ -21,10 +21,10 @@ Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
3 files changed, 3 insertions(+), 3 deletions(-) 3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
index d39928ec23..4d89a68b16 100644 index 3805a010e2..48d9061d16 100644
--- a/man/systemd-system.conf.xml --- a/man/systemd-system.conf.xml
+++ b/man/systemd-system.conf.xml +++ b/man/systemd-system.conf.xml
@@ -376,7 +376,7 @@ @@ -404,7 +404,7 @@
<listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See <listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for details. This setting applies to all unit types that support resource control settings, with the exception for details. This setting applies to all unit types that support resource control settings, with the exception
@ -34,10 +34,10 @@ index d39928ec23..4d89a68b16 100644
Kernel has a default value for <varname>kernel.pid_max=</varname> and an algorithm of counting in case of more than 32 cores. Kernel has a default value for <varname>kernel.pid_max=</varname> and an algorithm of counting in case of more than 32 cores.
For example with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 4915, For example with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 4915,
diff --git a/src/core/main.c b/src/core/main.c diff --git a/src/core/main.c b/src/core/main.c
index 0ddd629851..5e25a1b4b7 100644 index 57aedb9b93..a8859478a9 100644
--- a/src/core/main.c --- a/src/core/main.c
+++ b/src/core/main.c +++ b/src/core/main.c
@@ -91,7 +91,7 @@ @@ -98,7 +98,7 @@
#include <sanitizer/lsan_interface.h> #include <sanitizer/lsan_interface.h>
#endif #endif
@ -47,12 +47,12 @@ index 0ddd629851..5e25a1b4b7 100644
static enum { static enum {
ACTION_RUN, ACTION_RUN,
diff --git a/src/core/system.conf.in b/src/core/system.conf.in diff --git a/src/core/system.conf.in b/src/core/system.conf.in
index fa6fb690c7..1e6df17d94 100644 index 96fb64d2c1..7a71efbb0a 100644
--- a/src/core/system.conf.in --- a/src/core/system.conf.in
+++ b/src/core/system.conf.in +++ b/src/core/system.conf.in
@@ -55,7 +55,7 @@ @@ -54,7 +54,7 @@
#DefaultBlockIOAccounting=no #DefaultBlockIOAccounting=no
#DefaultMemoryAccounting=@MEMORY_ACCOUNTING_DEFAULT@ #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }}
#DefaultTasksAccounting=yes #DefaultTasksAccounting=yes
-#DefaultTasksMax=15% -#DefaultTasksMax=15%
+#DefaultTasksMax=100% +#DefaultTasksMax=100%
@ -60,6 +60,5 @@ index fa6fb690c7..1e6df17d94 100644
#DefaultLimitFSIZE= #DefaultLimitFSIZE=
#DefaultLimitDATA= #DefaultLimitDATA=
-- --
2.30.2 2.35.1

8
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0008-systemd-Disable-SELinux-permissions-checks.patch → sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-systemd-Disable-SELinux-permissions-checks.patch vendored
View File

@ -1,7 +1,7 @@
From f83a1a190139d6f7752e0d7c86396330f845b261 Mon Sep 17 00:00:00 2001 From 170a29c01603c8815edf019bdc0ddc29c986e1a2 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com> From: Matthew Garrett <mjg59@coreos.com>
Date: Tue, 20 Dec 2016 16:43:22 +0000 Date: Tue, 20 Dec 2016 16:43:22 +0000
Subject: [PATCH 5/5] systemd: Disable SELinux permissions checks Subject: [PATCH 5/8] systemd: Disable SELinux permissions checks
We don't care about the interaction between systemd and SELinux policy, so We don't care about the interaction between systemd and SELinux policy, so
let's just disable these checks rather than having to incorporate policy let's just disable these checks rather than having to incorporate policy
@ -12,7 +12,7 @@ to limit containers and not anything running directly on the host.
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
index 1d52b5ff04..1653d241f6 100644 index ad098e99df..8b341184a2 100644
--- a/src/core/selinux-access.c --- a/src/core/selinux-access.c
+++ b/src/core/selinux-access.c +++ b/src/core/selinux-access.c
@@ -2,7 +2,7 @@ @@ -2,7 +2,7 @@
@ -25,5 +25,5 @@ index 1d52b5ff04..1653d241f6 100644
#include <errno.h> #include <errno.h>
#include <selinux/avc.h> #include <selinux/avc.h>
-- --
2.26.2 2.35.1

16
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0009-core-handle-lookup-paths-being-symlinks.patch → sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-core-handle-lookup-paths-being-symlinks.patch vendored
View File

@ -1,7 +1,7 @@
From 67d9962aa637401a1332069b6c8ad99a54e2b451 Mon Sep 17 00:00:00 2001 From 8f007876ee3ac88087a8b24c252e9187e754c880 Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <sayan@kinvolk.io> From: Sayan Chowdhury <sayan@kinvolk.io>
Date: Wed, 8 Sep 2021 12:10:35 +0530 Date: Wed, 8 Sep 2021 12:10:35 +0530
Subject: [PATCH] core: handle lookup paths being symlinks Subject: [PATCH 6/8] core: handle lookup paths being symlinks
With a recent change paths leaving the statically known lookup paths With a recent change paths leaving the statically known lookup paths
would be treated differently then those that remained within those. That would be treated differently then those that remained within those. That
@ -19,10 +19,10 @@ Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
1 file changed, 31 insertions(+), 2 deletions(-) 1 file changed, 31 insertions(+), 2 deletions(-)
diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c
index 884a0674a9..3ae2a115d0 100644 index faea92f66d..b024df21a9 100644
--- a/src/basic/unit-file.c --- a/src/basic/unit-file.c
+++ b/src/basic/unit-file.c +++ b/src/basic/unit-file.c
@@ -254,6 +254,7 @@ int unit_file_build_name_map( @@ -280,6 +280,7 @@ int unit_file_build_name_map(
_cleanup_hashmap_free_ Hashmap *ids = NULL, *names = NULL; _cleanup_hashmap_free_ Hashmap *ids = NULL, *names = NULL;
_cleanup_set_free_free_ Set *paths = NULL; _cleanup_set_free_free_ Set *paths = NULL;
@ -30,7 +30,7 @@ index 884a0674a9..3ae2a115d0 100644
uint64_t timestamp_hash; uint64_t timestamp_hash;
char **dir; char **dir;
int r; int r;
@@ -273,6 +274,34 @@ int unit_file_build_name_map( @@ -299,6 +300,34 @@ int unit_file_build_name_map(
return log_oom(); return log_oom();
} }
@ -63,9 +63,9 @@ index 884a0674a9..3ae2a115d0 100644
+ } + }
+ +
STRV_FOREACH(dir, (char**) lp->search_path) { STRV_FOREACH(dir, (char**) lp->search_path) {
struct dirent *de;
_cleanup_closedir_ DIR *d = NULL; _cleanup_closedir_ DIR *d = NULL;
@@ -351,11 +380,11 @@ int unit_file_build_name_map(
@@ -424,11 +453,11 @@ int unit_file_build_name_map(
continue; continue;
} }
@ -80,5 +80,5 @@ index 884a0674a9..3ae2a115d0 100644
log_debug("%s: linked unit file: %s → %s", log_debug("%s: linked unit file: %s → %s",
__func__, filename, simplified); __func__, filename, simplified);
-- --
2.30.2 2.35.1

93
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch vendored Normal file
View File

@ -0,0 +1,93 @@
From 925d668d820d728ec58e470fd64cdff1504d8e04 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Fri, 21 Jan 2022 19:17:11 +0100
Subject: [PATCH 7/8] Revert "getty: Pass tty to use by agetty via stdin"
This reverts commit b4bf9007cbee7dc0b1356897344ae2a7890df84c.
This is to work around a SELinux denial that happens when setting up standard
input for serial consoles (which is used for SSH connections).
---
units/console-getty.service.in | 4 +---
units/container-getty@.service.in | 4 +---
units/getty@.service.in | 4 +---
units/serial-getty@.service.in | 4 +---
4 files changed, 4 insertions(+), 12 deletions(-)
diff --git a/units/console-getty.service.in b/units/console-getty.service.in
index 73871d6f50..bb67541dce 100644
--- a/units/console-getty.service.in
+++ b/units/console-getty.service.in
@@ -23,12 +23,10 @@ ConditionPathExists=/dev/console
# The '-o' option value tells agetty to replace 'login' arguments with an
# option to preserve environment (-p), followed by '--' for safety, and then
# the entered username.
-ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud - 115200,38400,9600 $TERM
+ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud console 115200,38400,9600 $TERM
Type=idle
Restart=always
UtmpIdentifier=cons
-StandardInput=tty
-StandardOutput=tty
TTYPath=/dev/console
TTYReset=yes
TTYVHangup=yes
diff --git a/units/container-getty@.service.in b/units/container-getty@.service.in
index a6e3f94e2a..ed1eb7bde1 100644
--- a/units/container-getty@.service.in
+++ b/units/container-getty@.service.in
@@ -28,13 +28,11 @@ Before=rescue.service
# The '-o' option value tells agetty to replace 'login' arguments with an
# option to preserve environment (-p), followed by '--' for safety, and then
# the entered username.
-ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud - 115200,38400,9600 $TERM
+ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud pts/%I 115200,38400,9600 $TERM
Type=idle
Restart=always
RestartSec=0
UtmpIdentifier=pts/%I
-StandardInput=tty
-StandardOutput=tty
TTYPath=/dev/pts/%I
TTYReset=yes
TTYVHangup=yes
diff --git a/units/getty@.service.in b/units/getty@.service.in
index 21d66f9367..78deb7cffe 100644
--- a/units/getty@.service.in
+++ b/units/getty@.service.in
@@ -38,13 +38,11 @@ ConditionPathExists=/dev/tty0
# The '-o' option value tells agetty to replace 'login' arguments with an
# option to preserve environment (-p), followed by '--' for safety, and then
# the entered username.
-ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear - $TERM
+ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear %I $TERM
Type=idle
Restart=always
RestartSec=0
UtmpIdentifier=%I
-StandardInput=tty
-StandardOutput=tty
TTYPath=/dev/%I
TTYReset=yes
TTYVHangup=yes
diff --git a/units/serial-getty@.service.in b/units/serial-getty@.service.in
index 2433124c55..bb7af3105d 100644
--- a/units/serial-getty@.service.in
+++ b/units/serial-getty@.service.in
@@ -33,12 +33,10 @@ Before=rescue.service
# The '-o' option value tells agetty to replace 'login' arguments with an
# option to preserve environment (-p), followed by '--' for safety, and then
# the entered username.
-ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,57600,38400,9600 - $TERM
+ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,57600,38400,9600 %I $TERM
Type=idle
Restart=always
UtmpIdentifier=%I
-StandardInput=tty
-StandardOutput=tty
TTYPath=/dev/%I
TTYReset=yes
TTYVHangup=yes
--
2.35.1

11
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-networkd-disable-managing-of-foreign-routes-rules-by-default.patch → sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0008-networkd-disable-managing-of-foreign-routes-rules-by.patch vendored
View File

@ -1,7 +1,8 @@
From 513429b47f0852d17ba721ad5d55baa985f48ddb Mon Sep 17 00:00:00 2001 From c8d3f9b0f4964115c518eb009b17f026ad356ade Mon Sep 17 00:00:00 2001
From: Kai Lueke <kailuke@microsoft.com> From: Kai Lueke <kailuke@microsoft.com>
Date: Mon, 7 Feb 2022 17:39:23 +0100 Date: Mon, 7 Feb 2022 17:39:23 +0100
Subject: [PATCH] networkd: disable managing of foreign routes/rules by default Subject: [PATCH 8/8] networkd: disable managing of foreign routes/rules by
default
While systemd-networkd follows the principle of a declarative network While systemd-networkd follows the principle of a declarative network
configuration and thus needs a way to ensure that unwanted routes or configuration and thus needs a way to ensure that unwanted routes or
@ -29,11 +30,11 @@ https://github.com/flatcar-linux/Flatcar/issues/620
2 files changed, 4 insertions(+), 4 deletions(-) 2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c
index 374d27bef3..deb46e4a15 100644 index 7e89366ae8..714ee5c226 100644
--- a/src/network/networkd-manager.c --- a/src/network/networkd-manager.c
+++ b/src/network/networkd-manager.c +++ b/src/network/networkd-manager.c
@@ -383,8 +383,8 @@ int manager_new(Manager **ret) { @@ -471,8 +471,8 @@ int manager_new(Manager **ret, bool test_mode) {
*m = (Manager) { .test_mode = test_mode,
.speed_meter_interval_usec = SPEED_METER_DEFAULT_TIME_INTERVAL, .speed_meter_interval_usec = SPEED_METER_DEFAULT_TIME_INTERVAL,
.online_state = _LINK_ONLINE_STATE_INVALID, .online_state = _LINK_ONLINE_STATE_INVALID,
- .manage_foreign_routes = true, - .manage_foreign_routes = true,

26
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/249-libudev-static.patch vendored
View File

@ -1,26 +0,0 @@
From f2c57d4f3805775e0ffdc80ce578eaa737017d31 Mon Sep 17 00:00:00 2001
From: Mike Gilbert <floppym@gentoo.org>
Date: Fri, 9 Jul 2021 13:05:23 -0400
Subject: [PATCH] libudev: add "Libs.private: -lrt -pthread" to libudev.pc
This resolves a failure when linking cryptsetup.static against libudev.a.
```
libtool: link: x86_64-pc-linux-gnu-gcc -Wall -O2 -pipe -march=amdfam10 -static -O2 -o cryptsetup.static lib/utils_crypt.o lib/utils_loop.o lib/utils_io.o lib/utils_blkid.o src/utils_tools.o src/utils_password.o src/utils_luks2.o src/utils_blockdev.o src/cryptsetup.o -pthread -pthread -Wl,--as-needed ./.libs/libcryptsetup.a -largon2 -lrt -ljson-c -lpopt -luuid -lblkid -lssl -lcrypto -lz -ldl -ldevmapper -lm -lpthread -ludev -pthread
/usr/lib/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../x86_64-pc-linux-gnu/bin/ld: /usr/lib/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../lib64/libudev.a(src_libsystemd_sd-daemon_sd-daemon.c.o): in function `sd_is_mq':
(.text.sd_is_mq+0x3a): undefined reference to `mq_getattr'
```
---
src/libudev/libudev.pc.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/libudev/libudev.pc.in b/src/libudev/libudev.pc.in
index 89028aaa6bf2..1d6487fa4084 100644
--- a/src/libudev/libudev.pc.in
+++ b/src/libudev/libudev.pc.in
@@ -16,4 +16,5 @@ Name: libudev
Description: Library to access udev device information
Version: {{PROJECT_VERSION}}
Libs: -L${libdir} -ludev
+Libs.private: -lrt -pthread
Cflags: -I${includedir}

26
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/gentoo-generator-path-r2.patch vendored Normal file
View File

@ -0,0 +1,26 @@
From 91182cc273d2dd8325d856fd683d2d8e038abd91 Mon Sep 17 00:00:00 2001
From: Mike Gilbert <floppym@gentoo.org>
Date: Tue, 25 Dec 2018 22:52:50 -0500
Subject: [PATCH] path-lookup: look for generators in
/usr/lib/systemd/system-generators
Bug: https://bugs.gentoo.org/625402
---
src/basic/path-lookup.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/basic/path-lookup.c b/src/basic/path-lookup.c
index 52968dee34..0cb10b1116 100644
--- a/src/basic/path-lookup.c
+++ b/src/basic/path-lookup.c
@@ -798,6 +798,7 @@ char **generator_binary_paths(UnitFileScope scope) {
add = strv_new("/run/systemd/system-generators",
"/etc/systemd/system-generators",
"/usr/local/lib/systemd/system-generators",
+ "/usr/lib/systemd/system-generators",
SYSTEM_GENERATOR_DIR);
break;
--
2.26.1

40
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/gentoo-journald-audit.patch vendored Normal file
View File

@ -0,0 +1,40 @@
From 593db1c78011ddce551051ce17eda6feac079b3d Mon Sep 17 00:00:00 2001
From: Mike Gilbert <floppym@gentoo.org>
Date: Fri, 21 Aug 2020 13:16:17 -0400
Subject: [PATCH] journald: do not change the kernel audit setting by default
Bug: https://bugs.gentoo.org/736910
---
man/journald.conf.xml | 2 +-
src/journal/journald-server.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/man/journald.conf.xml b/man/journald.conf.xml
index bfd359a903..7e93d4050e 100644
--- a/man/journald.conf.xml
+++ b/man/journald.conf.xml
@@ -411,7 +411,7 @@
<command>systemd-journald</command> collects generated audit records, it just controls whether it
tells the kernel to generate them. This means if another tool turns on auditing even if
<command>systemd-journald</command> left it off, it will still collect the generated
- messages. Defaults to on.</para></listitem>
+ messages.</para></listitem>
</varlistentry>
<varlistentry>
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index 5865bf9809..163be685a8 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -2208,7 +2208,7 @@ int server_init(Server *s, const char *namespace) {
.compress.threshold_bytes = (uint64_t) -1,
.seal = true,
- .set_audit = true,
+ .set_audit = -1,
.watchdog_usec = USEC_INFINITY,
--
2.28.0

25
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync-r1.patch vendored Normal file
View File

@ -0,0 +1,25 @@
From d9059d2ef1b0d6034267cc8ff44871d0f82f840f Mon Sep 17 00:00:00 2001
From: Mike Gilbert <floppym@gentoo.org>
Date: Sun, 8 Nov 2020 12:34:11 -0500
Subject: [PATCH] systemctl: disable synchronizaion of sysv init scripts
---
src/systemctl/systemctl-sysv-compat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/systemctl/systemctl-sysv-compat.c b/src/systemctl/systemctl-sysv-compat.c
index 2dca9e480f..5dcf13ba17 100644
--- a/src/systemctl/systemctl-sysv-compat.c
+++ b/src/systemctl/systemctl-sysv-compat.c
@@ -111,7 +111,7 @@ int parse_shutdown_time_spec(const char *t, usec_t *ret) {
int enable_sysv_units(const char *verb, char **args) {
int r = 0;
-#if HAVE_SYSV_COMPAT
+#if 0
_cleanup_(lookup_paths_free) LookupPaths paths = {};
unsigned f = 0;
--
2.29.0

11
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf vendored Normal file
View File

@ -0,0 +1,11 @@
<?xml version="1.0"?> <!--*-nxml-*-->
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy group="systemd-hostname">
<allow own="org.freedesktop.hostname1"/>
<allow send_destination="org.freedesktop.hostname1"/>
<allow receive_sender="org.freedesktop.hostname1"/>
</policy>
</busconfig>

17
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf vendored
View File

@ -1,14 +1,19 @@
# The list of directories is taken from Gentoo ebuild, where they use
# keepdir. The list isn't sorted, but tries to preserve the order of
# keepdir lines from Gentoo ebuild for easier comparisons. We skip the
# directories in /usr, though.
d /etc/binfmt.d - - - - - d /etc/binfmt.d - - - - -
d /etc/kernel/install.d - - - - -
d /etc/modules-load.d - - - - - d /etc/modules-load.d - - - - -
d /etc/sysctl.d - - - - - d /etc/tmpfiles.d - - - - -
d /etc/systemd - - - - - d /etc/kernel/install.d - - - - -
d /etc/systemd/network - - - - - d /etc/systemd/network - - - - -
d /etc/systemd/system - - - - - d /etc/systemd/system - - - - -
d /etc/systemd/user - - - - - d /etc/systemd/user - - - - -
d /etc/tmpfiles.d - - - - -
d /etc/sysusers.d - - - - -
d /etc/udev/hwdb.d - - - - -
d /etc/udev/rules.d - - - - - d /etc/udev/rules.d - - - - -
d /etc/udev/hwdb.d - - - - -
d /var/lib/systemd - - - - - d /var/lib/systemd - - - - -
d /var/log/journal - - - - -
d /etc/sysctl.d - - - - -
# This seems to be our own addition.
d /var/log/journal/remote - systemd-journal-remote systemd-journal-remote - - d /var/log/journal/remote - systemd-journal-remote systemd-journal-remote - -

5
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-user.pam vendored
View File

@ -1,5 +0,0 @@
account include system-auth
session required pam_loginuid.so
session include system-auth
session optional pam_systemd.so

6
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml vendored
View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata> <pkgmetadata>
<maintainer type="project"> <maintainer type="project">
<email>systemd@gentoo.org</email> <email>systemd@gentoo.org</email>
@ -17,14 +17,16 @@
<flag name="dns-over-tls">Enable DNS-over-TLS support</flag> <flag name="dns-over-tls">Enable DNS-over-TLS support</flag>
<flag name="gnuefi">Enable EFI boot manager and stub loader (built using <pkg>sys-boot/gnu-efi</pkg>)</flag> <flag name="gnuefi">Enable EFI boot manager and stub loader (built using <pkg>sys-boot/gnu-efi</pkg>)</flag>
<flag name="elfutils">Enable coredump stacktraces in the journal</flag> <flag name="elfutils">Enable coredump stacktraces in the journal</flag>
<flag name="fido2">Enable FIDO2 support</flag>
<flag name="gcrypt">Enable sealing of journal files using gcrypt</flag> <flag name="gcrypt">Enable sealing of journal files using gcrypt</flag>
<flag name="homed">Enable portable home directories</flag> <flag name="homed">Enable portable home directories</flag>
<flag name="hostnamed-fallback">Enable setting hostname with networkd/hostnamed without polkit (requires running <pkg>sys-apps/dbus-broker</pkg>)</flag>
<flag name="http">Enable embedded HTTP server in journald</flag> <flag name="http">Enable embedded HTTP server in journald</flag>
<flag name="hwdb">Enable support for the hardware database</flag>
<flag name="importd">Enable import daemon</flag> <flag name="importd">Enable import daemon</flag>
<flag name="kmod">Enable kernel module loading via <pkg>sys-apps/kmod</pkg></flag> <flag name="kmod">Enable kernel module loading via <pkg>sys-apps/kmod</pkg></flag>
<flag name="lz4">Enable lz4 compression for the journal</flag> <flag name="lz4">Enable lz4 compression for the journal</flag>
<flag name="nat">Enable support for network address translation in networkd</flag> <flag name="nat">Enable support for network address translation in networkd</flag>
<flag name="openssl">Enable use of <pkg>dev-libs/openssl</pkg></flag>
<flag name="pkcs11">Enable PKCS#11 support for cryptsetup and homed</flag> <flag name="pkcs11">Enable PKCS#11 support for cryptsetup and homed</flag>
<flag name="pwquality">Enable password quality checking in homed</flag> <flag name="pwquality">Enable password quality checking in homed</flag>
<flag name="repart">Enable support for growing/adding partitions</flag> <flag name="repart">Enable support for growing/adding partitions</flag>

1
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-249.7-r1.ebuild vendored
View File

@ -1 +0,0 @@
systemd-9999.ebuild

264
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild → sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.3.ebuild vendored
View File

@ -1,8 +1,11 @@
# Copyright 2011-2021 Gentoo Authors # Copyright 2011-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
EAPI=7 EAPI=7
PYTHON_COMPAT=( python3_{6..10} ) PYTHON_COMPAT=( python3_{8..10} )
# Avoid QA warnings
TMPFILES_OPTIONAL=1
if [[ ${PV} == 9999 ]]; then if [[ ${PV} == 9999 ]]; then
EGIT_REPO_URI="https://github.com/systemd/systemd.git" EGIT_REPO_URI="https://github.com/systemd/systemd.git"
@ -17,33 +20,38 @@ else
MY_P=${MY_PN}-${MY_PV} MY_P=${MY_PN}-${MY_PV}
S=${WORKDIR}/${MY_P} S=${WORKDIR}/${MY_P}
SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~riscv sparc x86" # Flatcar: Stabilize for amd64 and arm64.
KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
fi fi
# Flatcar: We don't use gen_usr_ldscript so dropping usr-ldscript # Flatcar: We don't use gen_usr_ldscript so dropping usr-ldscript.
TMPFILES_OPTIONAL=1 # Adding tmpfiles, since we use it for installing some files.
inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev user tmpfiles inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev tmpfiles
DESCRIPTION="System and service manager for Linux" DESCRIPTION="System and service manager for Linux"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd" HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
LICENSE="GPL-2 LGPL-2.1 MIT public-domain" LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
SLOT="0/2" SLOT="0/2"
# Flatcar: Dropped static-libs, we don't care about static libraries. IUSE="
IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi homed http idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd" acl apparmor audit build cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
fido2 +gcrypt gnuefi gnutls homed hostnamed-fallback http idn importd +kmod
+lz4 lzma nat +openssl pam pcre pkcs11 policykit pwquality qrcode
+resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd
"
REQUIRED_USE=" REQUIRED_USE="
homed? ( cryptsetup pam ) dns-over-tls? ( || ( gnutls openssl ) )
importd? ( curl gcrypt lzma ) homed? ( cryptsetup pam openssl )
importd? ( curl lzma || ( gcrypt openssl ) )
policykit? ( !hostnamed-fallback )
pwquality? ( homed ) pwquality? ( homed )
" "
RESTRICT="!test? ( test )" RESTRICT="!test? ( test )"
MINKV="3.11" MINKV="3.11"
OPENSSL_DEP=">=dev-libs/openssl-1.1.0:0=" COMMON_DEPEND="
>=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
sys-libs/libcap:0=[${MULTILIB_USEDEP}] sys-libs/libcap:0=[${MULTILIB_USEDEP}]
virtual/libcrypt:=[${MULTILIB_USEDEP}] virtual/libcrypt:=[${MULTILIB_USEDEP}]
acl? ( sys-apps/acl:0= ) acl? ( sys-apps/acl:0= )
@ -51,14 +59,11 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
audit? ( >=sys-process/audit-2:0= ) audit? ( >=sys-process/audit-2:0= )
cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
curl? ( net-misc/curl:0= ) curl? ( net-misc/curl:0= )
dns-over-tls? ( >=net-libs/gnutls-3.6.0:0= )
elfutils? ( >=dev-libs/elfutils-0.158:0= ) elfutils? ( >=dev-libs/elfutils-0.158:0= )
fido2? ( dev-libs/libfido2:0= )
gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
homed? ( ${OPENSSL_DEP} ) gnutls? ( >=net-libs/gnutls-3.6.0:0= )
http? ( http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
>=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)]
>=net-libs/gnutls-3.1.4:0=
)
idn? ( net-dns/libidn2:= ) idn? ( net-dns/libidn2:= )
importd? ( importd? (
app-arch/bzip2:0= app-arch/bzip2:0=
@ -68,12 +73,12 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
nat? ( net-firewall/iptables:0= ) nat? ( net-firewall/iptables:0= )
openssl? ( >=dev-libs/openssl-1.1.0:0= )
pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
pkcs11? ( app-crypt/p11-kit:0= ) pkcs11? ( app-crypt/p11-kit:0= )
pcre? ( dev-libs/libpcre2 ) pcre? ( dev-libs/libpcre2 )
pwquality? ( dev-libs/libpwquality:0= ) pwquality? ( dev-libs/libpwquality:0= )
qrcode? ( media-gfx/qrencode:0= ) qrcode? ( media-gfx/qrencode:0= )
repart? ( ${OPENSSL_DEP} )
seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
selinux? ( sys-libs/libselinux:0= ) selinux? ( sys-libs/libselinux:0= )
tpm? ( app-crypt/tpm2-tss:0= ) tpm? ( app-crypt/tpm2-tss:0= )
@ -87,22 +92,39 @@ DEPEND="${COMMON_DEPEND}
gnuefi? ( >=sys-boot/gnu-efi-3.0.2 ) gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
" "
# Flatcar: We drop a few of the acct-group and acct-user as the gid provided by # baselayout-2.2 has /run
# the upstream does not match with the ones we carry in baselayout.
RDEPEND="${COMMON_DEPEND} RDEPEND="${COMMON_DEPEND}
>=acct-group/adm-0-r1 >=acct-group/adm-0-r1
>=acct-group/wheel-0-r1 >=acct-group/wheel-0-r1
>=acct-group/kmem-0-r1 >=acct-group/kmem-0-r1
>=acct-group/tty-0-r1 >=acct-group/tty-0-r1
>=acct-group/utmp-0-r1 >=acct-group/utmp-0-r1
>=acct-group/audio-0-r1
>=acct-group/cdrom-0-r1
>=acct-group/dialout-0-r1
>=acct-group/disk-0-r1
>=acct-group/input-0-r1
>=acct-group/kvm-0-r1 >=acct-group/kvm-0-r1
>=acct-group/lp-0-r1
>=acct-group/render-0-r1
acct-group/sgx acct-group/sgx
>=acct-group/tape-0-r1
acct-group/users acct-group/users
>=acct-group/video-0-r1
>=acct-group/systemd-journal-0-r1
>=acct-user/root-0-r1 >=acct-user/root-0-r1
acct-user/nobody acct-user/nobody
>=acct-user/systemd-journal-remote-0-r1
>=acct-user/systemd-coredump-0-r1 >=acct-user/systemd-coredump-0-r1
>=acct-user/systemd-network-0-r1
acct-user/systemd-oom acct-user/systemd-oom
>=acct-user/systemd-resolve-0-r1
>=acct-user/systemd-timesync-0-r1 >=acct-user/systemd-timesync-0-r1
>=sys-apps/baselayout-2.2
hostnamed-fallback? (
acct-group/systemd-hostname
sys-apps/dbus-broker
)
selinux? ( sec-policy/selinux-base-policy[systemd] ) selinux? ( sec-policy/selinux-base-policy[systemd] )
sysv-utils? ( sysv-utils? (
!sys-apps/openrc[sysv-utils(-)] !sys-apps/openrc[sysv-utils(-)]
@ -163,8 +185,8 @@ pkg_pretend() {
ewarn "See https://bugs.gentoo.org/674458." ewarn "See https://bugs.gentoo.org/674458."
fi fi
local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS local CONFIG_CHECK="~AUTOFS4_FS ~BINFMT_MISC ~BLK_DEV_BSG ~CGROUPS
~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
@ -177,6 +199,12 @@ pkg_pretend() {
kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES" kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF" kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
if kernel_is -lt 5 10 20; then
CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
else
CONFIG_CHECK+=" ~KCMP"
fi
if linux_config_exists; then if linux_config_exists; then
local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
@ -214,26 +242,37 @@ src_prepare() {
# Add local patches here # Add local patches here
PATCHES+=( PATCHES+=(
# Flatcar: Adding our own patches here. # Flatcar: Adding our own patches here.
"${FILESDIR}/249-libudev-static.patch" "${FILESDIR}/0001-wait-online-set-any-by-default.patch"
"${FILESDIR}/0001-networkd-disable-managing-of-foreign-routes-rules-by-default.patch" "${FILESDIR}/0002-networkd-default-to-kernel-IPForwarding-setting.patch"
"${FILESDIR}/0004-wait-online-set-any-by-default.patch" "${FILESDIR}/0003-needs-update-don-t-require-strictly-newer-usr.patch"
"${FILESDIR}/0005-networkd-default-to-kernel-IPForwarding-setting.patch" "${FILESDIR}/0004-core-use-max-for-DefaultTasksMax.patch"
"${FILESDIR}/0006-needs-update-don-t-require-strictly-newer-usr.patch" "${FILESDIR}/0005-systemd-Disable-SELinux-permissions-checks.patch"
"${FILESDIR}/0007-core-use-max-for-DefaultTasksMax.patch" "${FILESDIR}/0006-core-handle-lookup-paths-being-symlinks.patch"
"${FILESDIR}/0008-systemd-Disable-SELinux-permissions-checks.patch" "${FILESDIR}/0007-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch"
"${FILESDIR}/0009-core-handle-lookup-paths-being-symlinks.patch" "${FILESDIR}/0008-networkd-disable-managing-of-foreign-routes-rules-by.patch"
) )
# Flatcar: We carry our own patches, we don't use the ones if ! use vanilla; then
# from Gentoo. Thus we dropped the `if ! use vanilla` code PATCHES+=(
# here. "${FILESDIR}/gentoo-generator-path-r2.patch"
"${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
"${FILESDIR}/gentoo-journald-audit.patch"
)
fi
# Flatcar: The Kubelet takes /etc/resolv.conf for, e.g., CoreDNS which has dnsPolicy "default", but unless # Flatcar: The Kubelet takes /etc/resolv.conf for, e.g.,
# the kubelet --resolv-conf flag is set to point to /run/systemd/resolve/resolv.conf this won't work with # CoreDNS which has dnsPolicy "default", but unless the
# /etc/resolv.conf pointing to /run/systemd/resolve/stub-resolv.conf which configures 127.0.0.53. # kubelet --resolv-conf flag is set to point to
# See https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/#known-issues # /run/systemd/resolve/resolv.conf this won't work with
# This means that users who need split DNS to work should point /etc/resolv.conf back to /run/systemd/resolve/stub-resolv.conf # /etc/resolv.conf pointing to
# (and if using K8s configure the kubelet resolvConf variable/--resolv-conf flag to /run/systemd/resolve/resolv.conf). # /run/systemd/resolve/stub-resolv.conf which configures
# 127.0.0.53. See
# https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/#known-issues
# This means that users who need split DNS to work should
# point /etc/resolv.conf back to
# /run/systemd/resolve/stub-resolv.conf (and if using K8s
# configure the kubelet resolvConf variable/--resolv-conf flag
# to /run/systemd/resolve/resolv.conf).
sed -i -e 's,/run/systemd/resolve/stub-resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/etc.conf.in || die sed -i -e 's,/run/systemd/resolve/stub-resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/etc.conf.in || die
default default
@ -248,6 +287,7 @@ src_configure() {
multilib-minimal_src_configure multilib-minimal_src_configure
} }
# Flatcar: Our function, we use it in some places below.
get_rootprefix() { get_rootprefix() {
usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr" usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr"
} }
@ -267,6 +307,7 @@ multilib_src_configure() {
-Drootlibdir="${EPREFIX}/usr/$(get_libdir)" -Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
# Avoid infinite exec recursion, bug 642724 # Avoid infinite exec recursion, bug 642724
-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
# no deps
-Dima=true -Dima=true
-Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
# Optional components/dependencies # Optional components/dependencies
@ -277,10 +318,11 @@ multilib_src_configure() {
$(meson_native_use_bool curl libcurl) $(meson_native_use_bool curl libcurl)
$(meson_native_use_bool dns-over-tls dns-over-tls) $(meson_native_use_bool dns-over-tls dns-over-tls)
$(meson_native_use_bool elfutils) $(meson_native_use_bool elfutils)
$(meson_native_use_bool fido2 libfido2)
$(meson_use gcrypt) $(meson_use gcrypt)
$(meson_native_use_bool gnuefi gnu-efi) $(meson_native_use_bool gnuefi gnu-efi)
$(meson_native_use_bool gnutls)
-Defi-includedir="${ESYSROOT}/usr/include/efi" -Defi-includedir="${ESYSROOT}/usr/include/efi"
-Defi-ld="$(tc-getLD)"
-Defi-libdir="${ESYSROOT}/usr/$(get_libdir)" -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)"
$(meson_native_use_bool homed) $(meson_native_use_bool homed)
$(meson_native_use_bool http microhttpd) $(meson_native_use_bool http microhttpd)
@ -293,13 +335,13 @@ multilib_src_configure() {
$(meson_use lzma xz) $(meson_use lzma xz)
$(meson_use zstd) $(meson_use zstd)
$(meson_native_use_bool nat libiptc) $(meson_native_use_bool nat libiptc)
$(meson_native_use_bool openssl)
$(meson_use pam) $(meson_use pam)
$(meson_native_use_bool pkcs11 p11kit) $(meson_native_use_bool pkcs11 p11kit)
$(meson_native_use_bool pcre pcre2) $(meson_native_use_bool pcre pcre2)
$(meson_native_use_bool policykit polkit) $(meson_native_use_bool policykit polkit)
$(meson_native_use_bool pwquality) $(meson_native_use_bool pwquality)
$(meson_native_use_bool qrcode qrencode) $(meson_native_use_bool qrcode qrencode)
$(meson_native_use_bool repart)
$(meson_native_use_bool seccomp) $(meson_native_use_bool seccomp)
$(meson_native_use_bool selinux) $(meson_native_use_bool selinux)
$(meson_native_use_bool tpm tpm2) $(meson_native_use_bool tpm tpm2)
@ -367,8 +409,6 @@ multilib_src_configure() {
-Defi-cc="$(tc-getCC)" -Defi-cc="$(tc-getCC)"
-Dquotaon-path=/usr/sbin/quotaon -Dquotaon-path=/usr/sbin/quotaon
-Dquotacheck-path=/usr/sbin/quotacheck -Dquotacheck-path=/usr/sbin/quotacheck
# Flatcar: No static libs.
) )
meson_src_configure "${myconf[@]}" meson_src_configure "${myconf[@]}"
@ -388,6 +428,7 @@ multilib_src_install_all() {
einstalldocs einstalldocs
# Flatcar: Do not install sample nsswitch.conf, we don't # Flatcar: Do not install sample nsswitch.conf, we don't
# provide it. # provide it.
# dodoc "${FILESDIR}"/nsswitch.conf
if ! use resolvconf; then if ! use resolvconf; then
rm -f "${ED}${rootprefix}"/sbin/resolvconf || die rm -f "${ED}${rootprefix}"/sbin/resolvconf || die
@ -406,11 +447,33 @@ multilib_src_install_all() {
rmdir "${ED}${rootprefix}"/sbin || die rmdir "${ED}${rootprefix}"/sbin || die
fi fi
# https://bugs.gentoo.org/761763
rm -r "${ED}"/usr/lib/sysusers.d || die
# Flatcar: Upstream uses keepdir commands to keep some empty # Flatcar: Upstream uses keepdir commands to keep some empty
# directories. # directories. We use tmpfiles.
# # Preserve empty dirs in /etc & /var, bug #437008
# keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
# keepdir /etc/kernel/install.d
# keepdir /etc/systemd/{network,system,user}
# keepdir /etc/udev/rules.d
# #
# Flatcar: TODO: Consider using that instead of # keepdir /etc/udev/hwdb.d
# dotmpfiles "${FILESDIR}"/systemd-flatcar.conf below. #
# keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
# keepdir /usr/lib/{binfmt.d,modules-load.d}
# keepdir /usr/lib/systemd/user-generators
# keepdir /var/lib/systemd
# keepdir /var/log/journal
# Flatcar: No migrations happening here.
# # Symlink /etc/sysctl.conf for easy migration.
# dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
# Flatcar: Do not install a pam policy, we have our own.
# if use pam; then
# newpamd "${FILESDIR}"/systemd-user.pam systemd-user
# fi
if use split-usr; then if use split-usr; then
# Avoid breaking boot/reboot # Avoid breaking boot/reboot
@ -418,6 +481,20 @@ multilib_src_install_all() {
dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
fi fi
# workaround for https://github.com/systemd/systemd/issues/13501
if use hostnamed-fallback; then
# this file requires dbus-broker
insinto /usr/share/dbus-1/system.d/
doins "${FILESDIR}/org.freedesktop.hostname1_no_polkit.conf"
insinto "${rootprefix}/lib/systemd/system/systemd-hostnamed.service.d/"
doins "${FILESDIR}/00-hostnamed-network-user.conf"
fi
# Flatcar: gen_usr_ldscript is likely for static libs, so we
# dropped it.
# gen_usr_ldscript -a systemd udev
# Flatcar: Ensure journal directory has correct ownership/mode # Flatcar: Ensure journal directory has correct ownership/mode
# in inital image. This is fixed by systemd-tmpfiles *but* # in inital image. This is fixed by systemd-tmpfiles *but*
# journald starts before that and will create the journal if # journald starts before that and will create the journal if
@ -430,9 +507,6 @@ multilib_src_install_all() {
fperms 2755 /var/log/journal fperms 2755 /var/log/journal
# Flatcar: Don't prune systemd dirs. # Flatcar: Don't prune systemd dirs.
#
# Flatcar: TODO: Upstream probably fixed it in different way -
# it's using some keepdir commands.
dotmpfiles "${FILESDIR}"/systemd-flatcar.conf dotmpfiles "${FILESDIR}"/systemd-flatcar.conf
# Flatcar: Add tmpfiles rule for resolv.conf. This path has # Flatcar: Add tmpfiles rule for resolv.conf. This path has
# changed after v213 so it must be handled here instead of # changed after v213 so it must be handled here instead of
@ -448,37 +522,47 @@ multilib_src_install_all() {
# Flatcar: These lines more or less follow the systemd's # Flatcar: These lines more or less follow the systemd's
# preset file (90-systemd.preset). We do it that way, to avoid # preset file (90-systemd.preset). We do it that way, to avoid
# putting symlink in /etc. Please keep the lines in the same # putting symlinks in /etc. Please keep the lines in the same
# order as the "enable" lines appear in the preset file. # order as the "enable" lines appear in the preset file. For a
builddir_systemd_enable_service multi-user.target remote-fs.target # single enable line in preset, there may be more lines if the
builddir_systemd_enable_service multi-user.target remote-cryptsetup.target # unit file had Also: clause which has units we enable here
builddir_systemd_enable_service multi-user.target machines.target # too.
# Flatcar: getty@.service is enabled manually below.
builddir_systemd_enable_service sysinit.target systemd-timesyncd.service
builddir_systemd_enable_service multi-user.target systemd-networkd.service
# Flatcar: For systemd-networkd.service, it has it in Also, which also
# needs to be enabled
builddir_systemd_enable_service sockets.target systemd-networkd.socket
# Flatcar: For systemd-networkd.service, it has it in Also, which also
# needs to be enabled
builddir_systemd_enable_service network-online.target systemd-networkd-wait-online.service
builddir_systemd_enable_service multi-user.target systemd-resolved.service
if use homed; then
builddir_systemd_enable_service multi-user.target systemd-homed.target
# Flatcar: systemd-homed.target has
# Also=systemd-userdbd.service, but the service has no
# WantedBy entry. It's likely going to be executed through
# systemd-userdbd.socket, which is enabled in upstream's
# presets file.
builddir_systemd_enable_service sockets.target systemd-userdbd.socket
fi
builddir_systemd_enable_service sysinit.target systemd-pstore.service
# Flatcar: not enabling reboot.target - it has no WantedBy
# entry.
# Flatcar: Enable getty manually. # Flatcar: enable remote-fs.target
builddir_systemd_enable_service multi-user.target remote-fs.target
# Flatcar: enable remote-cryptsetup.target
if use cryptsetup; then
builddir_systemd_enable_service multi-user.target remote-cryptsetup.target
fi
# Flatcar: enable machines.target
builddir_systemd_enable_service multi-user.target machines.target
# Flatcar: enable getty@.service
dodir "${unitdir}/getty.target.wants" dodir "${unitdir}/getty.target.wants"
dosym ../getty@.service "${unitdir}/getty.target.wants/getty@tty1.service" dosym ../getty@.service "${unitdir}/getty.target.wants/getty@tty1.service"
# Flatcar: enable systemd-timesyncd.service
builddir_systemd_enable_service sysinit.target systemd-timesyncd.service
# Flatcar: enable systemd-networkd.service (Also: systemd-networkd.socket, systemd-networkd-wait-online.service)
builddir_systemd_enable_service multi-user.target systemd-networkd.service
builddir_systemd_enable_service sockets.target systemd-networkd.socket
builddir_systemd_enable_service network-online.target systemd-networkd-wait-online.service
# Flatcar: enable systemd-network-generator.service
builddir_systemd_enable_service sysinit.target systemd-network-generator.service
# Flatcar: enable systemd-resolved.service
builddir_systemd_enable_service multi-user.target systemd-resolved.service
# Flatcar: enable systemd-homed.service (Also: systemd-userdbd.service [not enabled - has no WantedBy entry])
if use homed; then
builddir_systemd_enable_service multi-user.target systemd-homed.target
fi
# Flatcar: enable systemd-userdbd.socket
builddir_systemd_enable_service sockets.target systemd-userdbd.socket
# Flatcar: enable systemd-pstore.service
builddir_systemd_enable_service sysinit.target systemd-pstore.service
# Flatcar: enable systemd-boot-update.service
if use gnuefi; then
builddir_systemd_enable_service sysinit.target systemd-boot-update.service
fi
# Flatcar: enable reboot.target (not enabled - has no WantedBy
# entry)
# Flatcar: Use an empty preset file, because systemctl # Flatcar: Use an empty preset file, because systemctl
# preset-all puts symlinks in /etc, not in /usr. We don't use # preset-all puts symlinks in /etc, not in /usr. We don't use
@ -495,15 +579,16 @@ multilib_src_install_all() {
-e '/^C!* \/etc\/nsswitch\.conf/d' \ -e '/^C!* \/etc\/nsswitch\.conf/d' \
-e '/^C!* \/etc\/pam\.d/d' \ -e '/^C!* \/etc\/pam\.d/d' \
-e '/^C!* \/etc\/issue/d' -e '/^C!* \/etc\/issue/d'
# Flatcar: gen_usr_ldscript is likely for static libs, so we
# dropped it.
} }
# Flatcar: Our own version of systemd_get_systemunitdir, that returns
# a path inside /usr, not /etc.
builddir_systemd_get_systemunitdir() { builddir_systemd_get_systemunitdir() {
echo "$(get_rootprefix)/lib/systemd/system" echo "$(get_rootprefix)/lib/systemd/system"
} }
# Flatcar: Our own version of systemd_enable_service, that does
# operations inside /usr, not /etc.
builddir_systemd_enable_service() { builddir_systemd_enable_service() {
local target=${1} local target=${1}
local service=${2} local service=${2}
@ -591,17 +676,18 @@ pkg_postinst() {
# Flatcar: We enable getty and remote-fs targets in /usr # Flatcar: We enable getty and remote-fs targets in /usr
# ourselves above. # ourselves above.
# if [[ -z ${REPLACING_VERSIONS} ]]; then
# if type systemctl &>/dev/null; then
# systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
# fi
# elog "To enable a useful set of services, run the following:"
# elog " systemctl preset-all --preset-mode=enable-only"
# fi
if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
rm "${EROOT}/var/lib/systemd/timesync" rm "${EROOT}/var/lib/systemd/timesync"
fi fi
if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
ebegin "Reexecuting system manager"
systemctl daemon-reexec
eend $?
fi
if [[ ${FAIL} ]]; then if [[ ${FAIL} ]]; then
eerror "One of the postinst commands failed. Please check the postinst output" eerror "One of the postinst commands failed. Please check the postinst output"
eerror "for errors. You may need to clean up your system and/or try installing" eerror "for errors. You may need to clean up your system and/or try installing"