diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-sysctl.d-50-default.conf-remove-.all-source-route-se.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-sysctl.d-50-default.conf-remove-.all-source-route-se.patch new file mode 100644 index 0000000000..82feee1111 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-sysctl.d-50-default.conf-remove-.all-source-route-se.patch @@ -0,0 +1,57 @@ +From 25b772a9ec9b4f36e9cd97948c6bafb7765d5113 Mon Sep 17 00:00:00 2001 +From: Thilo Fromm +Date: Thu, 10 Sep 2020 11:16:01 +0200 +Subject: [PATCH 1/3] sysctl.d/50-default.conf: remove *, .all source route + settings + +The rules were added in systemd-245 and break cluster +networking, e.g. cilium. Please see +https://github.com/flatcar-linux/Flatcar/issues/181 +for details. + +Signed-off-by: Thilo Fromm +--- + sysctl.d/50-default.conf | 21 +++++++++++++++------ + 1 file changed, 15 insertions(+), 6 deletions(-) + +diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf +index 14378b24af..82cc49587b 100644 +--- a/sysctl.d/50-default.conf ++++ b/sysctl.d/50-default.conf +@@ -23,18 +23,27 @@ kernel.core_uses_pid = 1 + + # Source route verification + net.ipv4.conf.default.rp_filter = 2 +-net.ipv4.conf.*.rp_filter = 2 +--net.ipv4.conf.all.rp_filter ++# the below deviates from upstream systemd-245 (and later) since the default ++# rule causes a regression with cluster networking (e.g. cilium; see ++# https://github.com/flatcar-linux/Flatcar/issues/181) ++#net.ipv4.conf.*.rp_filter = 2 ++#-net.ipv4.conf.all.rp_filter + + # Do not accept source routing + net.ipv4.conf.default.accept_source_route = 0 +-net.ipv4.conf.*.accept_source_route = 0 +--net.ipv4.conf.all.accept_source_route ++# the below deviates from upstream systemd-245 (and later) since the default ++# rule causes a regression with cluster networking (e.g. cilium; see ++# https://github.com/flatcar-linux/Flatcar/issues/181) ++#net.ipv4.conf.*.accept_source_route = 0 ++#-net.ipv4.conf.all.accept_source_route + + # Promote secondary addresses when the primary address is removed + net.ipv4.conf.default.promote_secondaries = 1 +-net.ipv4.conf.*.promote_secondaries = 1 +--net.ipv4.conf.all.promote_secondaries ++# the below deviates from upstream systemd-245 (and later) since the default ++# rule causes a regression with cluster networking (e.g. cilium; see ++# https://github.com/flatcar-linux/Flatcar/issues/181) ++#net.ipv4.conf.*.promote_secondaries = 1 ++#-net.ipv4.conf.all.promote_secondaries + + # ping(8) without CAP_NET_ADMIN and CAP_NET_RAW + # The upper limit is set to 2^31-1. Values greater than that get rejected by +-- +2.26.2 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-sysctl.d-50-default-better-comments-re-activate-prom.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-sysctl.d-50-default-better-comments-re-activate-prom.patch new file mode 100644 index 0000000000..6bd574055d --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-sysctl.d-50-default-better-comments-re-activate-prom.patch @@ -0,0 +1,58 @@ +From 1e608a8f47e0472e910c08d06014d1ef9ddd0cfc Mon Sep 17 00:00:00 2001 +From: Thilo Fromm +Date: Thu, 10 Sep 2020 11:47:53 +0200 +Subject: [PATCH 2/3] sysctl.d/50-default: better comments, re-activate + promote_secondaries + +This change updates comments as well as re-activates the +promote_secondaries wildcard since networkd's DHCP relies on this +(see https://github.com/systemd/systemd/issues/7163) + +Signed-off-by: Thilo Fromm +--- + sysctl.d/50-default.conf | 19 ++++++++----------- + 1 file changed, 8 insertions(+), 11 deletions(-) + +diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf +index 82cc49587b..8457fb38aa 100644 +--- a/sysctl.d/50-default.conf ++++ b/sysctl.d/50-default.conf +@@ -23,27 +23,24 @@ kernel.core_uses_pid = 1 + + # Source route verification + net.ipv4.conf.default.rp_filter = 2 +-# the below deviates from upstream systemd-245 (and later) since the default +-# rule causes a regression with cluster networking (e.g. cilium; see +-# https://github.com/flatcar-linux/Flatcar/issues/181) ++# We deviate from upstream systemd-245 (and later) since the new default ++# rp_filter wildcard rule causes a regression with cluster networking ++# (e.g. cilium; see https://github.com/flatcar-linux/Flatcar/issues/181) + #net.ipv4.conf.*.rp_filter = 2 + #-net.ipv4.conf.all.rp_filter + + # Do not accept source routing + net.ipv4.conf.default.accept_source_route = 0 +-# the below deviates from upstream systemd-245 (and later) since the default +-# rule causes a regression with cluster networking (e.g. cilium; see +-# https://github.com/flatcar-linux/Flatcar/issues/181) ++# We deviate from upstream systemd-245 (and later) since the new default ++# source route wildcard rule causes a regression with cluster networking ++# (e.g. cilium; see https://github.com/flatcar-linux/Flatcar/issues/181) + #net.ipv4.conf.*.accept_source_route = 0 + #-net.ipv4.conf.all.accept_source_route + + # Promote secondary addresses when the primary address is removed + net.ipv4.conf.default.promote_secondaries = 1 +-# the below deviates from upstream systemd-245 (and later) since the default +-# rule causes a regression with cluster networking (e.g. cilium; see +-# https://github.com/flatcar-linux/Flatcar/issues/181) +-#net.ipv4.conf.*.promote_secondaries = 1 +-#-net.ipv4.conf.all.promote_secondaries ++net.ipv4.conf.*.promote_secondaries = 1 ++-net.ipv4.conf.all.promote_secondaries + + # ping(8) without CAP_NET_ADMIN and CAP_NET_RAW + # The upper limit is set to 2^31-1. Values greater than that get rejected by +-- +2.26.2 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0003-sysctl.d-50-default.conf-re-activate-default-accept_.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0003-sysctl.d-50-default.conf-re-activate-default-accept_.patch new file mode 100644 index 0000000000..4a87ad1f01 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0003-sysctl.d-50-default.conf-re-activate-default-accept_.patch @@ -0,0 +1,32 @@ +From 5b1ed0e98a8a8225dc3f662483287a380643ab96 Mon Sep 17 00:00:00 2001 +From: Thilo Fromm +Date: Thu, 10 Sep 2020 13:39:14 +0200 +Subject: [PATCH 3/3] sysctl.d/50-default.conf: re-activate default + accept_source_route + +Signed-off-by: Thilo Fromm +--- + sysctl.d/50-default.conf | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf +index 8457fb38aa..b7dd7c7ef3 100644 +--- a/sysctl.d/50-default.conf ++++ b/sysctl.d/50-default.conf +@@ -31,11 +31,8 @@ net.ipv4.conf.default.rp_filter = 2 + + # Do not accept source routing + net.ipv4.conf.default.accept_source_route = 0 +-# We deviate from upstream systemd-245 (and later) since the new default +-# source route wildcard rule causes a regression with cluster networking +-# (e.g. cilium; see https://github.com/flatcar-linux/Flatcar/issues/181) +-#net.ipv4.conf.*.accept_source_route = 0 +-#-net.ipv4.conf.all.accept_source_route ++net.ipv4.conf.*.accept_source_route = 0 ++-net.ipv4.conf.all.accept_source_route + + # Promote secondary addresses when the primary address is removed + net.ipv4.conf.default.promote_secondaries = 1 +-- +2.26.2 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild index f725612faf..9589b9e66b 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild @@ -7,29 +7,25 @@ EAPI=7 -# Flatcar: Use cros setup -CROS_WORKON_PROJECT="flatcar-linux/systemd" -CROS_WORKON_REPO="git://github.com" - if [[ ${PV} == 9999 ]]; then - # Flatcar: Use cros setup - # Use ~arch instead of empty keywords for compatibility with cros-workon - KEYWORDS="~amd64 ~arm64 ~arm ~x86" + EGIT_REPO_URI="https://github.com/systemd/systemd.git" + inherit git-r3 else - # Flatcar: Use cros setup - CROS_WORKON_COMMIT="5b1ed0e98a8a8225dc3f662483287a380643ab96" # v246-flatcar - KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" + if [[ ${PV} == *.* ]]; then + MY_PN=systemd-stable + else + MY_PN=systemd + fi + MY_PV=${PV/_/-} + MY_P=${MY_PN}-${MY_PV} + S=${WORKDIR}/${MY_P} + SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" + KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 sparc x86" fi # Flatcar: We still have python 3.5, and have no python3.8 yet. PYTHON_COMPAT=( python3_{5,6,7} ) -# Flatcar: cros-workon must be imported first, in cases where -# cros-workon and another eclass exports the same function (say -# src_compile) we want the later eclass's version to win. Only need -# src_unpack from workon. -inherit cros-workon - inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev user DESCRIPTION="System and service manager for Linux" @@ -175,12 +171,26 @@ pkg_setup() { src_unpack() { default - # Flatcar: Use cros setup. - cros-workon_src_unpack + [[ ${PV} != 9999 ]] || git-r3_src_unpack } src_prepare() { - # Flatcar: We don't have separate patches, so no patching code here. + # Do NOT add patches here + local PATCHES=() + + [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches ) + + # Add local patches here + PATCHES+=( + # Flatcar: Adding our own patches here. + "${FILESDIR}/0001-sysctl.d-50-default.conf-remove-.all-source-route-se.patch" + "${FILESDIR}/0002-sysctl.d-50-default-better-comments-re-activate-prom.patch" + "${FILESDIR}/0003-sysctl.d-50-default.conf-re-activate-default-accept_.patch" + ) + + # Flatcar: We carry our own patches, we don't use the ones + # from Gentoo. Thus we dropped the `if ! use vanilla` code + # here. # # Flatcar: Use the resolv.conf managed by systemd-resolved. # This shouldn't be necessary anymore. Added because of a bug