mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-11-09 20:52:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3409 from flatcar/krnowak/systemd-cleanups

Browse Source 
overlay sys-apps/systemd: Move to portage-stable
This commit is contained in:
Krzesimir Nowak 2025-11-07 09:20:45 +01:00 committed by GitHub
commit 4202d87358
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
43 changed files with 1782 additions and 2825 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/portage-stable-packages-list vendored
View File

@ -625,6 +625,7 @@ sys-apps/sed
sys-apps/semodule-utils sys-apps/semodule-utils
sys-apps/shadow sys-apps/shadow
sys-apps/smartmontools sys-apps/smartmontools
sys-apps/systemd
sys-apps/texinfo sys-apps/texinfo
sys-apps/usbutils sys-apps/usbutils
sys-apps/util-linux sys-apps/util-linux

1
changelog/updates/2025-10-29-systemd-update.md Normal file
View File

@ -0,0 +1 @@
- systemd (257.9)

178
sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/systemd vendored
View File

@ -1,20 +1,177 @@
cros_post_src_install_timesync() { flatcar_systemd_meson_args_array=(
local dir="${D}$(systemd_get_systemunitdir)/systemd-timesyncd.service.d" # Point to our user mailing list.
mkdir -p "${dir}" -Dsupport-url='https://groups.google.com/forum/#!forum/flatcar-linux-user'
pushd "${dir}"
cat <<EOF >flatcar.conf || die # Use our ntp servers.
-Dntp-servers="0.flatcar.pool.ntp.org 1.flatcar.pool.ntp.org 2.flatcar.pool.ntp.org 3.flatcar.pool.ntp.org"
# Specify this, or meson breaks due to no /etc/login.defs.
-Dsystem-gid-max=999
-Dsystem-uid-max=999
# PAM config directory.
-Dpamconfdir="${EPREFIX}/usr/share/pam.d"
# The CoreOS epoch, Mon Jul 1 00:00:00 UTC 2013. Used by timesyncd
# as a sanity check for the minimum acceptable time. Explicitly
# set to avoid using the current build time.
-Dtime-epoch=1372636800
# No default name servers.
-Ddns-servers=
# Disable the "First Boot Wizard", it isn't very applicable to us.
-Dfirstboot=false
# Set latest network interface naming scheme for
# https://github.com/flatcar/Flatcar/issues/36
-Ddefault-net-naming-scheme=latest
# Combined log format: name plus description
-Dstatus-unit-format-default=combined
# Disable multicast-dns, Link-Local Multicast Name Resolution and
# dnssec
-Ddefault-mdns=no
-Ddefault-llmnr=no
-Ddefault-dnssec=no
)
export MYMESONARGS="${flatcar_systemd_meson_args_array[*]@Q}"
unset 'flatcar_systemd_meson_args_array'
# Save the original path to systemctl command, so we can use it for
# presetting, even after stubbing systemctl out below.
if [[ -z ${flatcar_hacked_systemctl} ]]; then
flatcar_hacked_systemctl=$(command -v systemctl) || die "systemctl not found"
fi
# Stubbed out completely - it is being invoked in the pkg_postinst to
# enable getty service and do some reexecs/reloads. None of these are
# necessary for us.
systemctl() {
:
}
flatcar_systemctl_preset() {
local scope=${1}
local systemctl_scope_arg
case ${scope} in
system) systemctl_scope_arg=--system;;
user) systemctl_scope_arg=--global;; # don't ask, using --user
# results in an "invalid
# argument" error
*) die "wrong scope ${scope@Q}, ought to be either system or user";;
esac
"${flatcar_hacked_systemctl}" --root="${ED}" "${systemctl_scope_arg}" --preset-mode=enable-only preset-all || die
local escaped_path
escaped_path=$(printf '%s' "${ED}/etc/systemd/" | sed -e 's/[#\&]/\\&/g') || die
# make symlinks relative
find "${ED}/etc/systemd/${scope}" -type l -lname "/usr/lib/systemd/${scope}/*" -printf "%l\0%p\0" | \
sed -z -e "s#^/usr/lib/systemd/#${escaped_path}#" | \
xargs -0 -n2 ln -sfTr || die
# This will print an error like:
#
# tar: <PATH TO /etc/systemd/${scope}: Cannot rmdir: Directory not empty
#
# It's fine, ignore it. We excluded .keep file from putting into
# tarball, so we can preserve the toplevel directory. Avoiding the
# warning only results in stupid complexity.
tar --create --exclude='.keep*' --remove-files --directory "${ED}/etc/systemd/${scope}" . | \
tar --extract --directory "${ED}/usr/lib/systemd/${scope}"
}
cros_post_src_install_flatcar_stuff() {
# We provide our own systemd-user config file in baselayout.
#
# This one is installed by systemd build system regardless of
# USE=pam (the ebuild ought to pass -Dpamconfdir=no to disable the
# installation).
rm "${ED}/usr/share/pam.d/systemd-user" || die
# This one is installed by Gentoo's systemd ebuild only if USE=pam
# is enabled.
if use pam; then
rm "${ED}/etc/pam.d/systemd-user" || die
fi
# Ensure journal directory has correct ownership/mode in inital
# image. This is fixed by systemd-tmpfiles *but* journald starts
# before that and will create the journal if the filesystem is
# already read-write. Conveniently the systemd build system sets
# this up completely wrong.
keepdir /var/log/journal
fowners root:systemd-journal /var/log/journal
fperms 2755 /var/log/journal
keepdir /var/log/journal/remote
fowners systemd-journal-remote:systemd-journal-remote /var/log/journal/remote
(
insopts -m 0644
insinto /usr/lib/tmpfiles.d
# Add tmpfiles rule for resolv.conf. This path has changed
# after v213 so it must be handled here instead of baselayout
# now.
newins - systemd-resolv.conf <<'EOF'
d /run/systemd/network - - - - -
L /run/systemd/network/resolv.conf - - - - ../resolve/resolv.conf
EOF
)
# Don't set any extra environment variables by default.
rm "${ED}/usr/lib/environment.d/99-environment.conf" || die
# enable system units
flatcar_systemctl_preset system
# enable user units
flatcar_systemctl_preset user
# Use an empty preset file, because systemctl preset-all puts
# symlinks in /etc, not in /usr. We don't use /etc, because it is
# not autoupdated. We do the "preset" above.
rm "${ED}/usr/lib/systemd/system-preset/90-systemd.preset" || die
rm "${ED}/usr/lib/systemd/user-preset/90-systemd.preset" || die
(
insinto /usr/lib/systemd/system-preset
newins - 99-default.preset <<'EOF'
# Do not enable any services if /etc is detected as empty.
disable *
EOF
insinto /usr/lib/systemd/user-preset
newins - 99-default.preset <<'EOF'
# Do not enable any services if /etc is detected as empty.
disable *
EOF
)
# Do not ship distro-specific files (nsswitch.conf pam.d). This
# conflicts with our own configuration provided by baselayout.
rm -r "${ED}"/usr/share/factory || die
sed -i "${ED}"/usr/lib/tmpfiles.d/etc.conf \
-e '/^C!* \/etc\/nsswitch\.conf/d' \
-e '/^C!* \/etc\/pam\.d/d' \
-e '/^C!* \/etc\/issue/d' || die
(
# Some OEMs prefer chronyd, so allow them to replace
# systemd-timesyncd with it.
insinto "$(systemd_get_systemunitdir)/systemd-timesyncd.service.d"
newins - flatcar.conf <<'EOF'
# Allow sysexts to ship timesyncd replacements which can have # Allow sysexts to ship timesyncd replacements which can have
# a Conflicts=systemd-timesyncd directive that would result # a Conflicts=systemd-timesyncd directive that would result
# in systemd-timesyncd not being started. # in systemd-timesyncd not being started.
[Unit] [Unit]
After=ensure-sysext.service After=ensure-sysext.service
EOF EOF
popd )
}
cros_post_src_install_udev() { (
insinto "$(systemd_get_systemunitdir)/systemd-udevd.service.d" # Allow @mount syscalls for systemd-udevd.service
newins - flatcar.conf <<EOF insinto "$(systemd_get_systemunitdir)/systemd-udevd.service.d"
newins - flatcar.conf <<'EOF'
# In Flatcar we are using modprobe helpers that run depmod in temporary # In Flatcar we are using modprobe helpers that run depmod in temporary
# overlay. systemd-udevd.service may try to load drivers for some block devices # overlay. systemd-udevd.service may try to load drivers for some block devices
# (e.g. ZFS), which ends up calling our helpers, which invoke mount command. # (e.g. ZFS), which ends up calling our helpers, which invoke mount command.
@ -23,4 +180,5 @@ cros_post_src_install_udev() {
[Service] [Service]
SystemCallFilter=@mount SystemCallFilter=@mount
EOF EOF
)
} }

8
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-wait-online-set-any-by-default.patch → sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-apps/systemd/0001-wait-online-set-any-by-default.patch vendored
View File

@ -1,4 +1,4 @@
From 98cbd0a4576464478f0f9fcd2066efc08bef9491 Mon Sep 17 00:00:00 2001 From 83043596b6cc74b6f049999fa660afd983dc493a Mon Sep 17 00:00:00 2001
From: David Michael <dm0@redhat.com> From: David Michael <dm0@redhat.com>
Date: Tue, 16 Apr 2019 02:44:51 +0000 Date: Tue, 16 Apr 2019 02:44:51 +0000
Subject: [PATCH 1/8] wait-online: set --any by default Subject: [PATCH 1/8] wait-online: set --any by default
@ -15,12 +15,12 @@ earlier) for the original implementation.
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/network/wait-online/wait-online.c b/src/network/wait-online/wait-online.c diff --git a/src/network/wait-online/wait-online.c b/src/network/wait-online/wait-online.c
index 5328bba2d8..95294df607 100644 index 6f5aef903a..0acb3e76b9 100644
--- a/src/network/wait-online/wait-online.c --- a/src/network/wait-online/wait-online.c
+++ b/src/network/wait-online/wait-online.c +++ b/src/network/wait-online/wait-online.c
@@ -21,7 +21,7 @@ static Hashmap *arg_interfaces = NULL; @@ -21,7 +21,7 @@ static Hashmap *arg_interfaces = NULL;
static char **arg_ignore = NULL; static char **arg_ignore = NULL;
static LinkOperationalStateRange arg_required_operstate = { _LINK_OPERSTATE_INVALID, _LINK_OPERSTATE_INVALID }; static LinkOperationalStateRange arg_required_operstate = LINK_OPERSTATE_RANGE_INVALID;
static AddressFamily arg_required_family = ADDRESS_FAMILY_NO; static AddressFamily arg_required_family = ADDRESS_FAMILY_NO;
-static bool arg_any = false; -static bool arg_any = false;
+static bool arg_any = true; +static bool arg_any = true;
@ -28,5 +28,5 @@ index 5328bba2d8..95294df607 100644
STATIC_DESTRUCTOR_REGISTER(arg_interfaces, hashmap_free_free_freep); STATIC_DESTRUCTOR_REGISTER(arg_interfaces, hashmap_free_free_freep);
STATIC_DESTRUCTOR_REGISTER(arg_ignore, strv_freep); STATIC_DESTRUCTOR_REGISTER(arg_ignore, strv_freep);
-- --
2.34.1 2.51.0

16
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0003-needs-update-don-t-require-strictly-newer-usr.patch → sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-apps/systemd/0002-needs-update-don-t-require-strictly-newer-usr.patch vendored
View File

@ -1,7 +1,7 @@
From 0be1b5367c24427e3285d33fb87aa4acdf3c4dce Mon Sep 17 00:00:00 2001 From 3d6bfde35c8ce5c21ca55104852a319246a92bb8 Mon Sep 17 00:00:00 2001
From: Alex Crawford <alex.crawford@coreos.com> From: Alex Crawford <alex.crawford@coreos.com>
Date: Wed, 2 Mar 2016 10:46:33 -0800 Date: Wed, 2 Mar 2016 10:46:33 -0800
Subject: [PATCH 3/8] needs-update: don't require strictly newer usr Subject: [PATCH 2/8] needs-update: don't require strictly newer usr
Updates should be triggered whenever usr changes, not only when it is newer. Updates should be triggered whenever usr changes, not only when it is newer.
--- ---
@ -10,7 +10,7 @@ Updates should be triggered whenever usr changes, not only when it is newer.
2 files changed, 4 insertions(+), 4 deletions(-) 2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/man/systemd-update-done.service.xml b/man/systemd-update-done.service.xml diff --git a/man/systemd-update-done.service.xml b/man/systemd-update-done.service.xml
index 3393010ff6..5478baca25 100644 index 6b863ecff3..c166c5e7ab 100644
--- a/man/systemd-update-done.service.xml --- a/man/systemd-update-done.service.xml
+++ b/man/systemd-update-done.service.xml +++ b/man/systemd-update-done.service.xml
@@ -50,7 +50,7 @@ @@ -50,7 +50,7 @@
@ -23,10 +23,10 @@ index 3393010ff6..5478baca25 100644
This requires that updates to <filename>/usr/</filename> are always This requires that updates to <filename>/usr/</filename> are always
followed by an update of the modification time of followed by an update of the modification time of
diff --git a/src/shared/condition.c b/src/shared/condition.c diff --git a/src/shared/condition.c b/src/shared/condition.c
index d3446e8a9d..3f7cc9ea58 100644 index 1a03fdbe37..8577c35fa0 100644
--- a/src/shared/condition.c --- a/src/shared/condition.c
+++ b/src/shared/condition.c +++ b/src/shared/condition.c
@@ -793,7 +793,7 @@ static int condition_test_needs_update(Condition *c, char **env) { @@ -796,7 +796,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
* First, compare seconds as they are always accurate... * First, compare seconds as they are always accurate...
*/ */
if (usr.st_mtim.tv_sec != other.st_mtim.tv_sec) if (usr.st_mtim.tv_sec != other.st_mtim.tv_sec)
@ -35,7 +35,7 @@ index d3446e8a9d..3f7cc9ea58 100644
/* /*
* ...then compare nanoseconds. * ...then compare nanoseconds.
@@ -804,7 +804,7 @@ static int condition_test_needs_update(Condition *c, char **env) { @@ -807,7 +807,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
* (otherwise the filesystem supports nsec timestamps, see stat(2)). * (otherwise the filesystem supports nsec timestamps, see stat(2)).
*/ */
if (usr.st_mtim.tv_nsec == 0 || other.st_mtim.tv_nsec > 0) if (usr.st_mtim.tv_nsec == 0 || other.st_mtim.tv_nsec > 0)
@ -44,7 +44,7 @@ index d3446e8a9d..3f7cc9ea58 100644
_cleanup_free_ char *timestamp_str = NULL; _cleanup_free_ char *timestamp_str = NULL;
r = parse_env_file(NULL, p, "TIMESTAMP_NSEC", &timestamp_str); r = parse_env_file(NULL, p, "TIMESTAMP_NSEC", &timestamp_str);
@@ -824,7 +824,7 @@ static int condition_test_needs_update(Condition *c, char **env) { @@ -827,7 +827,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
return true; return true;
} }
@ -54,5 +54,5 @@ index d3446e8a9d..3f7cc9ea58 100644
static bool in_first_boot(void) { static bool in_first_boot(void) {
-- --
2.34.1 2.51.0

18
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-core-use-max-for-DefaultTasksMax.patch → sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-apps/systemd/0003-core-use-max-for-DefaultTasksMax.patch vendored
View File

@ -1,7 +1,7 @@
From d21ebfcf17ffc1dba635389193f10d2b93eba730 Mon Sep 17 00:00:00 2001 From 6f691278df570cc87cb863a98fe320a1997c6dad Mon Sep 17 00:00:00 2001
From: Adrian Vladu <avladu@cloudbasesolutions.com> From: Adrian Vladu <avladu@cloudbasesolutions.com>
Date: Fri, 16 Feb 2024 11:22:08 +0000 Date: Fri, 16 Feb 2024 11:22:08 +0000
Subject: [PATCH 4/8] core: use max for DefaultTasksMax Subject: [PATCH 3/8] core: use max for DefaultTasksMax
Since systemd v228, systemd has a DefaultTasksMax which defaulted Since systemd v228, systemd has a DefaultTasksMax which defaulted
to 512, later 15% of the system's maximum number of PIDs. This to 512, later 15% of the system's maximum number of PIDs. This
@ -21,10 +21,10 @@ Signed-off-by: Adrian Vladu <avladu@cloudbasesolutions.com>
3 files changed, 3 insertions(+), 3 deletions(-) 3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
index 3c06b65f93..71f38692b6 100644 index f7b414da5c..9c07e235ab 100644
--- a/man/systemd-system.conf.xml --- a/man/systemd-system.conf.xml
+++ b/man/systemd-system.conf.xml +++ b/man/systemd-system.conf.xml
@@ -501,7 +501,7 @@ @@ -230,7 +230,7 @@
<listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See <listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for details. This setting applies to all unit types that support resource control settings, with the exception for details. This setting applies to all unit types that support resource control settings, with the exception
@ -34,10 +34,10 @@ index 3c06b65f93..71f38692b6 100644
Kernel has a default value for <varname>kernel.pid_max=</varname> and an algorithm of counting in case of more than 32 cores. Kernel has a default value for <varname>kernel.pid_max=</varname> and an algorithm of counting in case of more than 32 cores.
For example, with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 4915, For example, with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 4915,
diff --git a/src/core/manager.c b/src/core/manager.c diff --git a/src/core/manager.c b/src/core/manager.c
index 88eebfc626..8992c8c3e3 100644 index 4ccaba9054..3ab59c5bb3 100644
--- a/src/core/manager.c --- a/src/core/manager.c
+++ b/src/core/manager.c +++ b/src/core/manager.c
@@ -114,7 +114,7 @@ @@ -117,7 +117,7 @@
/* How many units and jobs to process of the bus queue before returning to the event loop. */ /* How many units and jobs to process of the bus queue before returning to the event loop. */
#define MANAGER_BUS_MESSAGE_BUDGET 100U #define MANAGER_BUS_MESSAGE_BUDGET 100U
@ -47,10 +47,10 @@ index 88eebfc626..8992c8c3e3 100644
static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata); static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata); static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
diff --git a/src/core/system.conf.in b/src/core/system.conf.in diff --git a/src/core/system.conf.in b/src/core/system.conf.in
index 05eb681270..94d0365244 100644 index 1c08aa4d22..2faea3605e 100644
--- a/src/core/system.conf.in --- a/src/core/system.conf.in
+++ b/src/core/system.conf.in +++ b/src/core/system.conf.in
@@ -58,7 +58,7 @@ @@ -59,7 +59,7 @@
#DefaultIPAccounting=no #DefaultIPAccounting=no
#DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }} #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }}
#DefaultTasksAccounting=yes #DefaultTasksAccounting=yes
@ -60,5 +60,5 @@ index 05eb681270..94d0365244 100644
#DefaultLimitFSIZE= #DefaultLimitFSIZE=
#DefaultLimitDATA= #DefaultLimitDATA=
-- --
2.34.1 2.51.0

8
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-systemd-Disable-SELinux-permissions-checks.patch → sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-apps/systemd/0004-systemd-Disable-SELinux-permissions-checks.patch vendored
View File

@ -1,7 +1,7 @@
From 374cca5b2f9aea1c506352cf58b09db5c216a0d3 Mon Sep 17 00:00:00 2001 From 78b2d8b1a6df073003d64cffa532c3a320e96ad4 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com> From: Matthew Garrett <mjg59@coreos.com>
Date: Tue, 20 Dec 2016 16:43:22 +0000 Date: Tue, 20 Dec 2016 16:43:22 +0000
Subject: [PATCH 5/8] systemd: Disable SELinux permissions checks Subject: [PATCH 4/8] systemd: Disable SELinux permissions checks
We don't care about the interaction between systemd and SELinux policy, so We don't care about the interaction between systemd and SELinux policy, so
let's just disable these checks rather than having to incorporate policy let's just disable these checks rather than having to incorporate policy
@ -12,7 +12,7 @@ to limit containers and not anything running directly on the host.
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
index 62181a6309..448f9211d6 100644 index a67a520a3b..3365b920eb 100644
--- a/src/core/selinux-access.c --- a/src/core/selinux-access.c
+++ b/src/core/selinux-access.c +++ b/src/core/selinux-access.c
@@ -2,7 +2,7 @@ @@ -2,7 +2,7 @@
@ -25,5 +25,5 @@ index 62181a6309..448f9211d6 100644
#include <errno.h> #include <errno.h>
#include <selinux/avc.h> #include <selinux/avc.h>
-- --
2.34.1 2.51.0

7
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin-257.patch → sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-apps/systemd/0005-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch vendored
View File

@ -1,7 +1,7 @@
From bffb2a48796a2736d7fb7328d2a88b1cbb812b12 Mon Sep 17 00:00:00 2001 From 8064e1544a2b89f8389c0469ed4879a287a045a7 Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <schowdhury@microsoft.com> From: Sayan Chowdhury <schowdhury@microsoft.com>
Date: Fri, 16 Dec 2022 16:28:26 +0530 Date: Fri, 16 Dec 2022 16:28:26 +0530
Subject: [PATCH 6/8] Revert "getty: Pass tty to use by agetty via stdin" Subject: [PATCH 5/8] Revert "getty: Pass tty to use by agetty via stdin"
This reverts commit b4bf9007cbee7dc0b1356897344ae2a7890df84c. This reverts commit b4bf9007cbee7dc0b1356897344ae2a7890df84c.
@ -90,3 +90,6 @@ index 20a5eb2754..ba4cbc0edb 100644
TTYPath=/dev/%I TTYPath=/dev/%I
TTYReset=yes TTYReset=yes
TTYVHangup=yes TTYVHangup=yes
--
2.51.0

16
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-units-Keep-using-old-journal-file-format.patch → sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-apps/systemd/0006-units-Keep-using-old-journal-file-format.patch vendored
View File

@ -1,7 +1,7 @@
From 6a4c6f97742afc9ca5de40335b2d041095990aa2 Mon Sep 17 00:00:00 2001 From c2924cc57c9e4aa836021ec2567c0fdbebecf944 Mon Sep 17 00:00:00 2001
From: Adrian Vladu <avladu@cloudbasesolutions.com> From: Adrian Vladu <avladu@cloudbasesolutions.com>
Date: Fri, 16 Feb 2024 11:29:04 +0000 Date: Fri, 16 Feb 2024 11:29:04 +0000
Subject: [PATCH 7/8] units: Keep using old journal file format Subject: [PATCH 6/8] units: Keep using old journal file format
Systemd 252 made an incompatible change in journal file format. Temporarily Systemd 252 made an incompatible change in journal file format. Temporarily
force journald to use the old journal format to give logging containers more force journald to use the old journal format to give logging containers more
@ -14,22 +14,22 @@ Signed-off-by: Adrian Vladu <avladu@cloudbasesolutions.com>
2 files changed, 2 insertions(+) 2 files changed, 2 insertions(+)
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index 37eeabc510..e5030a81bd 100644 index 4404af963b..323af7cfb0 100644
--- a/units/systemd-journald.service.in --- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in +++ b/units/systemd-journald.service.in
@@ -27,6 +27,7 @@ IgnoreOnIsolate=yes @@ -30,6 +30,7 @@ IgnoreOnIsolate=yes
[Service] [Service]
DeviceAllow=char-* rw DeviceAllow=char-* rw
+Environment=SYSTEMD_JOURNAL_COMPACT=0 +Environment=SYSTEMD_JOURNAL_COMPACT=0
ExecStart={{LIBEXECDIR}}/systemd-journald ExecStart={{LIBEXECDIR}}/systemd-journald
FileDescriptorStoreMax=4224 FileDescriptorStoreMax=4224
IPAddressDeny=any # Ensure services using StandardOutput=journal do not break when journald is stopped
diff --git a/units/systemd-journald@.service.in b/units/systemd-journald@.service.in diff --git a/units/systemd-journald@.service.in b/units/systemd-journald@.service.in
index c3bcb08533..8780783cf6 100644 index b705ce08ff..874701dac4 100644
--- a/units/systemd-journald@.service.in --- a/units/systemd-journald@.service.in
+++ b/units/systemd-journald@.service.in +++ b/units/systemd-journald@.service.in
@@ -21,6 +21,7 @@ Conflicts=soft-reboot.target @@ -16,6 +16,7 @@ After=systemd-journald@%i.socket systemd-journald-varlink@%i.socket
[Service] [Service]
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
DevicePolicy=closed DevicePolicy=closed
@ -38,5 +38,5 @@ index c3bcb08533..8780783cf6 100644
FileDescriptorStoreMax=4224 FileDescriptorStoreMax=4224
Group=systemd-journal Group=systemd-journal
-- --
2.34.1 2.51.0

36
sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-apps/systemd/0007-tmpfiles.d-Fix-DNS-issues-with-default-k8s-configura.patch vendored Normal file
View File

@ -0,0 +1,36 @@
From 7ee314dc08ea65e6951c7007a5f872fd32f0399a Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Wed, 22 Oct 2025 10:39:42 +0200
Subject: [PATCH 7/8] tmpfiles.d: Fix DNS issues with default k8s configuration
The Kubelet takes /etc/resolv.conf for, e.g., CoreDNS which has dnsPolicy
"default", but unless the kubelet `--resolv-conf` flag is set to point to
`/run/systemd/resolve/resolv.conf` this won't work with `/etc/resolv.conf`
pointing to `/run/systemd/resolve/stub-resolv.conf` which configures
`127.0.0.53`. See:
https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/#known-issues
This means that users who need split DNS to work should point
`/etc/resolv.conf` back to `/run/systemd/resolve/stub-resolv.conf` (and if
using K8s configure the kubelet `resolvConf` variable/`--resolv-conf` flag to
`/run/systemd/resolve/resolv.conf`).
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
---
tmpfiles.d/systemd-resolve.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tmpfiles.d/systemd-resolve.conf b/tmpfiles.d/systemd-resolve.conf
index be5edc98e0..bea686682a 100644
--- a/tmpfiles.d/systemd-resolve.conf
+++ b/tmpfiles.d/systemd-resolve.conf
@@ -7,4 +7,4 @@
# See tmpfiles.d(5) for details.
-L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf
+L! /etc/resolv.conf - - - - ../run/systemd/resolve/resolv.conf
--
2.51.0

35
sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-apps/systemd/0008-units-Make-multi-user.target-the-default-target.patch vendored Normal file
View File

@ -0,0 +1,35 @@
From f0ab1c6c59056afe1650f749d1af6ecc6ee8f5ec Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Fri, 24 Oct 2025 11:06:57 +0200
Subject: [PATCH 8/8] units: Make multi-user.target the default target
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
---
units/meson.build | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/units/meson.build b/units/meson.build
index ef18dcae4a..887231840f 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -46,7 +46,7 @@ units = [
},
{
'file' : 'graphical.target',
- 'symlinks' : ['default.target'] + (with_runlevels ? ['runlevel5.target'] : []),
+ 'symlinks' : with_runlevels ? ['runlevel5.target'] : [],
},
{ 'file' : 'halt.target' },
{
@@ -140,7 +140,7 @@ units = [
{ 'file' : 'modprobe@.service' },
{
'file' : 'multi-user.target',
- 'symlinks' : with_runlevels ? ['runlevel2.target', 'runlevel3.target', 'runlevel4.target'] : [],
+ 'symlinks' : ['default.target'] + (with_runlevels ? ['runlevel2.target', 'runlevel3.target', 'runlevel4.target'] : []),
},
{ 'file' : 'network-online.target' },
{ 'file' : 'network-pre.target' },
--
2.51.0

20
sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-apps/systemd/README.md vendored Normal file
View File

@ -0,0 +1,20 @@
Most of these patches are not really upstreamable.
- `0001-wait-online-set-any-by-default.patch`
- backward compat stuff
- `0002-needs-update-don-t-require-strictly-newer-usr.patch`
- trigger updates only when /usr changes
- `0003-core-use-max-for-DefaultTasksMax.patch`
- increase the too-low limits
- `0004-systemd-Disable-SELinux-permissions-checks.patch`
- disable interactions between systemd and SELinux policies
- this will be dropped when we increase SELinux coverage also to a host system
- `0005-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch`
- SELinux denial workaround
- this will be dropped when we increase SELinux coverage also to a host system
- `0006-units-Keep-using-old-journal-file-format.patch`
- backward compat stuff
- `0007-tmpfiles.d-Fix-DNS-issues-with-default-k8s-configura.patch`
- workaround for issues with default k8s coredns config
- `0008-units-Make-multi-user.target-the-default-target.patch`
- change default.target to a suitable symlink for Flatcar

3
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords vendored
View File

@ -99,9 +99,6 @@ dev-cpp/azure-security-keyvault-keys
# latest version of the package with the unstable keywords. # latest version of the package with the unstable keywords.
sys-apps/azure-vm-utils sys-apps/azure-vm-utils
# Bump systemd v257 from SDK to base.
=sys-apps/systemd-257.7 ~amd64 ~arm64
# Keep versions on both arches in sync. # Keep versions on both arches in sync.
=sys-apps/zram-generator-1.2.1 ~arm64 =sys-apps/zram-generator-1.2.1 ~arm64
=sys-auth/sssd-2.9.7 ~arm64 =sys-auth/sssd-2.9.7 ~arm64

5
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.provided vendored
View File

@ -18,3 +18,8 @@ sys-devel/bpf-toolchain-14.2.0_p1
# Pulled by app-crypt/sbsigntools - we never needed it and it pulls a # Pulled by app-crypt/sbsigntools - we never needed it and it pulls a
# ton of other packages. # ton of other packages.
dev-perl/Locale-gettext-1.70.0_p20181130 dev-perl/Locale-gettext-1.70.0_p20181130
# Pulled in by sys-apps/systemd, breaks the build - the image stage
# fails with "Failed to resolve typeattributeset statement at
# /var/lib/selinux/mcs/tmp/modules/400/ntp/cil:120"
sec-policy/selinux-ntp-2.20250618-r1

2
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest vendored
View File

@ -1,2 +0,0 @@
DIST systemd-256.9.tar.gz 15774953 BLAKE2B caeff33d0906583094a44ab89fe9a9c1832a665f8cc768f86c55c5100bdd5c2b1500b2cd65e9519ef21d79bff92d1da3e84240793099a0e0c508afba3669c46e SHA512 aba7a0f7149fe3d28d9f930f244d5b997c28721e93e6f0768b0f0f1c918c87a0e8b7b347cffb2faa4740ca3ee3b04984454e85757365090a2cf32aba09f70681
DIST systemd-257.7.tar.gz 16327096 BLAKE2B 59a28ce9b355b98f718f26489400640f3d732bbf73c00ea0571302dfc6dfb3585bf07ec56af06d74c5aa033b06a6220c3c839af6dba5ab7f8bde1aef4b58f0f6 SHA512 fdc7c0153432b261ad8018c869dc714ce1d6d2a8428bdec46f7c5f120b196d3a553a375ae433f0c166c57b6e8b3c56549f585349b7b6ff83c2a86a32982d8411

95
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch vendored
View File

@ -1,95 +0,0 @@
From bffb2a48796a2736d7fb7328d2a88b1cbb812b12 Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <schowdhury@microsoft.com>
Date: Fri, 16 Dec 2022 16:28:26 +0530
Subject: [PATCH 6/8] Revert "getty: Pass tty to use by agetty via stdin"
This reverts commit b4bf9007cbee7dc0b1356897344ae2a7890df84c.
This is to work around a SELinux denial that happens when setting up standard
input for serial consoles (which is used for SSH connections).
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
---
units/console-getty.service.in | 4 +---
units/container-getty@.service.in | 4 +---
units/getty@.service.in | 4 +---
units/serial-getty@.service.in | 4 +---
4 files changed, 4 insertions(+), 12 deletions(-)
diff --git a/units/console-getty.service.in b/units/console-getty.service.in
index d64112be5e..b908708d8c 100644
--- a/units/console-getty.service.in
+++ b/units/console-getty.service.in
@@ -22,12 +22,10 @@ ConditionPathExists=/dev/console
[Service]
# The '-o' option value tells agetty to replace 'login' arguments with an option to preserve environment (-p),
# followed by '--' for safety, and then the entered username.
-ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud - 115200,38400,9600 $TERM
+ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud console 115200,38400,9600 $TERM
Type=idle
Restart=always
UtmpIdentifier=cons
-StandardInput=tty
-StandardOutput=tty
TTYPath=/dev/console
TTYReset=yes
TTYVHangup=yes
diff --git a/units/container-getty@.service.in b/units/container-getty@.service.in
index 8847d735fb..8be25663f5 100644
--- a/units/container-getty@.service.in
+++ b/units/container-getty@.service.in
@@ -27,13 +27,11 @@ Before=rescue.service
[Service]
# The '-o' option value tells agetty to replace 'login' arguments with an option to preserve environment (-p),
# followed by '--' for safety, and then the entered username.
-ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear - $TERM
+ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud pts/%I 115200,38400,9600 $TERM
Type=idle
Restart=always
RestartSec=0
UtmpIdentifier=pts/%I
-StandardInput=tty
-StandardOutput=tty
TTYPath=/dev/pts/%I
TTYReset=yes
TTYVHangup=yes
diff --git a/units/getty@.service.in b/units/getty@.service.in
index 80b8f3e922..b57666c123 100644
--- a/units/getty@.service.in
+++ b/units/getty@.service.in
@@ -38,13 +38,11 @@ ConditionPathExists=/dev/tty0
# The '-o' option value tells agetty to replace 'login' arguments with an
# option to preserve environment (-p), followed by '--' for safety, and then
# the entered username.
-ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear - $TERM
+ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear %I $TERM
Type=idle
Restart=always
RestartSec=0
UtmpIdentifier=%I
-StandardInput=tty
-StandardOutput=tty
TTYPath=/dev/%I
TTYReset=yes
TTYVHangup=yes
diff --git a/units/serial-getty@.service.in b/units/serial-getty@.service.in
index 6bf101eac9..479b8759a9 100644
--- a/units/serial-getty@.service.in
+++ b/units/serial-getty@.service.in
@@ -33,12 +33,10 @@ Before=rescue.service
# The '-o' option value tells agetty to replace 'login' arguments with an
# option to preserve environment (-p), followed by '--' for safety, and then
# the entered username.
-ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,57600,38400,9600 - $TERM
+ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,57600,38400,9600 %I $TERM
Type=idle
Restart=always
UtmpIdentifier=%I
-StandardInput=tty
-StandardOutput=tty
TTYPath=/dev/%I
TTYReset=yes
TTYVHangup=yes
--
2.34.1

1310
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0008-sysext-Mutable-overlays.patch vendored
View File

File diff suppressed because it is too large Load Diff

29
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0009-initrd-parse-etc.service.patch vendored
View File

@ -1,29 +0,0 @@
From 65e3f4e837001f6f00359a779b6c5801566aa750 Mon Sep 17 00:00:00 2001
From: Adrian Vladu <avladu@cloudbasesolutions.com>
Date: Wed, 25 Sep 2024 15:51:02 +0000
Subject: [PATCH] Revert "Revert "initrd-parse-etc: override argv[0] to avoid
dracut issue""
This reverts commit 1c585a4ccda3258088d7bc27b27a314e7ed8be80.
---
units/initrd-parse-etc.service.in | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/units/initrd-parse-etc.service.in b/units/initrd-parse-etc.service.in
index 1eef2bd9be..3dadab1123 100644
--- a/units/initrd-parse-etc.service.in
+++ b/units/initrd-parse-etc.service.in
@@ -23,7 +23,9 @@ OnFailureJobMode=replace-irreversibly
[Service]
Type=oneshot
-ExecStart={{LIBEXECDIR}}/systemd-sysroot-fstab-check
+# FIXME: once dracut is patched to install the symlink, change to:
+# ExecStart={{LIBEXECDIR}}/systemd-sysroot-fstab-check
+ExecStart=@{{SYSTEM_GENERATOR_DIR}}/systemd-fstab-generator systemd-sysroot-fstab-check
# We want to enqueue initrd-cleanup.service/start after we finished the part
# above. It can't be part of the initial transaction, because non-oneshot units
--
2.34.1

119
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0010-network-netdev-also-check-ifindex-iftype-and-kind-wh.patch vendored
View File

@ -1,119 +0,0 @@
From 7136aa7db4423432392a0fe6055c48a922a4aad4 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 10 Sep 2024 00:12:41 +0900
Subject: [PATCH] network/netdev: also check ifindex, iftype, and kind when
assigning NetDev to Link
Even when a NetDev object with the same name found, its iftype or kind
may be different. For safety, let's also check them.
(cherry picked from commit 1788c3462853e8bb955ff656007e20f402dd9af2)
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
---
src/network/netdev/netdev.c | 37 +++++++++++++++++++++++++++++++++++++
src/network/netdev/netdev.h | 1 +
src/network/networkd-link.c | 10 ++--------
3 files changed, 40 insertions(+), 8 deletions(-)
diff --git a/src/network/netdev/netdev.c b/src/network/netdev/netdev.c
index 2b411425ba..9a528137ea 100644
--- a/src/network/netdev/netdev.c
+++ b/src/network/netdev/netdev.c
@@ -265,6 +265,43 @@ int netdev_get(Manager *manager, const char *name, NetDev **ret) {
return 0;
}
+void link_assign_netdev(Link *link) {
+ _unused_ _cleanup_(netdev_unrefp) NetDev *old = NULL;
+ NetDev *netdev;
+
+ assert(link);
+ assert(link->manager);
+ assert(link->ifname);
+
+ old = TAKE_PTR(link->netdev);
+
+ if (netdev_get(link->manager, link->ifname, &netdev) < 0)
+ return;
+
+ if (netdev->ifindex != link->ifindex)
+ return;
+
+ if (NETDEV_VTABLE(netdev)->iftype != link->iftype)
+ return;
+
+ if (!NETDEV_VTABLE(netdev)->skip_netdev_kind_check) {
+ const char *kind;
+
+ if (netdev->kind == NETDEV_KIND_TAP)
+ kind = "tun"; /* the kernel does not distinguish between tun and tap */
+ else
+ kind = netdev_kind_to_string(netdev->kind);
+
+ if (!streq_ptr(kind, link->kind))
+ return;
+ }
+
+ link->netdev = netdev_ref(netdev);
+
+ if (netdev != old)
+ log_link_debug(link, "Found matching .netdev file: %s", netdev->filename);
+}
+
void netdev_enter_failed(NetDev *netdev) {
netdev->state = NETDEV_STATE_FAILED;
}
diff --git a/src/network/netdev/netdev.h b/src/network/netdev/netdev.h
index cb8cc8c6a9..1a03a9b592 100644
--- a/src/network/netdev/netdev.h
+++ b/src/network/netdev/netdev.h
@@ -206,6 +206,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(NetDev*, netdev_unref);
bool netdev_is_managed(NetDev *netdev);
int netdev_get(Manager *manager, const char *name, NetDev **ret);
+void link_assign_netdev(Link *link);
int netdev_set_ifindex(NetDev *netdev, sd_netlink_message *newlink);
int netdev_generate_hw_addr(NetDev *netdev, Link *link, const char *name,
const struct hw_addr_data *hw_addr, struct hw_addr_data *ret);
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index 8f21504d92..c3a5dc1f0d 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -1317,7 +1317,6 @@ static int link_get_network(Link *link, Network **ret) {
int link_reconfigure_impl(Link *link, bool force) {
Network *network = NULL;
- NetDev *netdev = NULL;
int r;
assert(link);
@@ -1326,13 +1325,11 @@ int link_reconfigure_impl(Link *link, bool force) {
if (link->manager->state != MANAGER_RUNNING)
return 0;
+ link_assign_netdev(link);
+
if (IN_SET(link->state, LINK_STATE_PENDING, LINK_STATE_LINGER))
return 0;
- r = netdev_get(link->manager, link->ifname, &netdev);
- if (r < 0 && r != -ENOENT)
- return r;
-
r = link_get_network(link, &network);
if (r < 0 && r != -ENOENT)
return r;
@@ -1397,9 +1394,6 @@ int link_reconfigure_impl(Link *link, bool force) {
link_free_engines(link);
link->network = network_unref(link->network);
- netdev_unref(link->netdev);
- link->netdev = netdev_ref(netdev);
-
if (!network) {
link_set_state(link, LINK_STATE_UNMANAGED);
return 0;
--
2.39.5

146
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0011-network-also-check-ID_NET_MANAGED_BY-property-on-rec.patch vendored
View File

@ -1,146 +0,0 @@
From 916523aabc7fcb3b5b9362100a5e3417aae00cb2 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 11 Jun 2025 18:05:46 +0900
Subject: [PATCH] network: also check ID_NET_MANAGED_BY property on
reconfigure
Previously, the property was checked only when an uevent is received,
so even if an interface has ID_NET_MANAGED_BY property, the interface
will be configured by networkd when reconfiguration is triggered e.g.
when interface state is changed.
Follow-up for ba87a61d05d637be9f0b21707f7fe3b0a74c5a05.
Fixes #36997.
(cherry picked from commit 78f8d5ed71ecc16ad36d1c215d2d57433d127679)
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
---
src/network/networkd-link.c | 44 ++++++++++++++-----
.../test-network/conf/11-dummy-unmanaged.link | 8 ++++
test/test-network/systemd-networkd-tests.py | 11 +++++
3 files changed, 53 insertions(+), 10 deletions(-)
create mode 100644 test/test-network/conf/11-dummy-unmanaged.link
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index c3a5dc1f0d..3ed1584807 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -1315,6 +1315,32 @@ static int link_get_network(Link *link, Network **ret) {
return -ENOENT;
}
+static int link_managed_by_us(Link *link) {
+ int r;
+
+ assert(link);
+
+ if (!link->dev)
+ return true;
+
+ const char *s;
+ r = sd_device_get_property_value(link->dev, "ID_NET_MANAGED_BY", &s);
+ if (r == -ENOENT)
+ return true;
+ if (r < 0)
+ return log_link_warning_errno(link, r, "Failed to get ID_NET_MANAGED_BY udev property: %m");
+
+ if (streq(s, "io.systemd.Network"))
+ return true;
+
+ if (link->state == LINK_STATE_UNMANAGED)
+ return false; /* Already in unmanaged state */
+
+ log_link_debug(link, "Interface is requested to be managed by '%s', unmanaging the interface.", s);
+ link_set_state(link, LINK_STATE_UNMANAGED);
+ return false;
+}
+
int link_reconfigure_impl(Link *link, bool force) {
Network *network = NULL;
int r;
@@ -1330,6 +1356,10 @@ int link_reconfigure_impl(Link *link, bool force) {
if (IN_SET(link->state, LINK_STATE_PENDING, LINK_STATE_LINGER))
return 0;
+ r = link_managed_by_us(link);
+ if (r <= 0)
+ return r;
+
r = link_get_network(link, &network);
if (r < 0 && r != -ENOENT)
return r;
@@ -1584,6 +1614,10 @@ static int link_initialized(Link *link, sd_device *device) {
* or sysattrs) may be outdated. */
device_unref_and_replace(link->dev, device);
+ r = link_managed_by_us(link);
+ if (r <= 0)
+ return r;
+
if (link->dhcp_client) {
r = sd_dhcp_client_attach_device(link->dhcp_client, link->dev);
if (r < 0)
@@ -1651,7 +1685,6 @@ static int link_check_initialized(Link *link) {
int manager_udev_process_link(Manager *m, sd_device *device, sd_device_action_t action) {
int r, ifindex;
- const char *s;
Link *link;
assert(m);
@@ -1686,15 +1719,6 @@ int manager_udev_process_link(Manager *m, sd_device *device, sd_device_action_t
return 0;
}
- r = sd_device_get_property_value(device, "ID_NET_MANAGED_BY", &s);
- if (r < 0 && r != -ENOENT)
- log_device_debug_errno(device, r, "Failed to get ID_NET_MANAGED_BY udev property, ignoring: %m");
- if (r >= 0 && !streq(s, "io.systemd.Network")) {
- log_device_debug(device, "Interface is requested to be managed by '%s', not managing the interface.", s);
- link_set_state(link, LINK_STATE_UNMANAGED);
- return 0;
- }
-
r = link_initialized(link, device);
if (r < 0)
link_enter_failed(link);
diff --git a/test/test-network/conf/11-dummy-unmanaged.link b/test/test-network/conf/11-dummy-unmanaged.link
new file mode 100644
index 0000000000..99c07a72ce
--- /dev/null
+++ b/test/test-network/conf/11-dummy-unmanaged.link
@@ -0,0 +1,8 @@
+# SPDX-License-Identifier: MIT-0
+[Match]
+Kind=dummy
+OriginalName=test1
+
+[Link]
+NamePolicy=keep
+Property=ID_NET_MANAGED_BY=hoge
diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py
index d8acf538f0..391d219de8 100755
--- a/test/test-network/systemd-networkd-tests.py
+++ b/test/test-network/systemd-networkd-tests.py
@@ -2735,6 +2735,17 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
def tearDown(self):
tear_down_common()
+ def test_ID_NET_MANAGED_BY(self):
+ copy_network_unit('11-dummy.netdev', '11-dummy-unmanaged.link', '11-dummy.network')
+ start_networkd()
+ self.wait_online('test1:off', setup_state='unmanaged')
+
+ check_output('ip link set dev test1 up')
+ self.wait_online('test1:degraded', setup_state='unmanaged')
+
+ check_output('ip link set dev test1 down')
+ self.wait_online('test1:off', setup_state='unmanaged')
+
def verify_address_static(
self,
label1: str,
--
2.39.5

26
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/256-bpf-gcc.patch vendored
View File

@ -1,26 +0,0 @@
https://github.com/systemd/systemd/commit/dde6f1d7456db7aa72d24b1d6956b419b6f9945c
From dde6f1d7456db7aa72d24b1d6956b419b6f9945c Mon Sep 17 00:00:00 2001
From: Sam James <sam@gentoo.org>
Date: Sat, 24 Aug 2024 13:09:47 +0100
Subject: [PATCH] meson: search for 'bpf-unknown-none' too
We currently search for 'bpf-gcc' and 'bpf-none-gcc'. Gentoo's
sys-devel/bpf-toolchain package uses 'bpf-unknown-none-gcc', as does Fedora's
cross-binutils. Search for this name too.
---
meson.build | 1 +
1 file changed, 1 insertion(+)
diff --git a/meson.build b/meson.build
index 5e0b666c64b17..fbc2bbdf2f22f 100644
--- a/meson.build
+++ b/meson.build
@@ -1109,6 +1109,7 @@ else
elif bpf_compiler == 'gcc'
bpf_gcc = find_program('bpf-gcc',
'bpf-none-gcc',
+ 'bpf-unknown-none-gcc',
required : true,
version : '>= 13.1.0')
bpf_gcc_found = bpf_gcc.found()

2
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-default.preset vendored
View File

@ -1,2 +0,0 @@
# Do not enable any services if /etc is detected as empty.
disable *

10
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf vendored
View File

@ -1,10 +0,0 @@
# The list of directories is taken from Gentoo ebuild, where they use
# keepdir. The list isn't sorted, but tries to preserve the order of
# keepdir lines from Gentoo ebuild for easier comparisons. We skip the
# directories in /usr, though.
d /var/lib/systemd - - - - -
d /var/log/journal - - - - -
d /etc/sysctl.d - - - - -
# This seems to be our own addition.
d /var/log/journal/remote - systemd-journal-remote systemd-journal-remote - -

2
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-resolv.conf vendored
View File

@ -1,2 +0,0 @@
d /run/systemd/network - - - - -
L /run/systemd/network/resolv.conf - - - - ../resolve/resolv.conf

773
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9-r2.ebuild vendored
View File

@ -1,773 +0,0 @@
# Copyright 2011-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{10..13} )
# Avoid QA warnings
TMPFILES_OPTIONAL=1
UDEV_OPTIONAL=1
QA_PKGCONFIG_VERSION=$(ver_cut 1)
if [[ ${PV} == 9999 ]]; then
EGIT_REPO_URI="https://github.com/systemd/systemd.git"
inherit git-r3
else
MY_PV=${PV/_/-}
MY_P=${PN}-${MY_PV}
S=${WORKDIR}/${MY_P}
SRC_URI="https://github.com/systemd/${PN}/archive/refs/tags/v${MY_PV}.tar.gz -> ${MY_P}.tar.gz"
if [[ ${PV} != *rc* ]] ; then
# Flatcar: mark as stable
KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
fi
fi
inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1
inherit secureboot systemd tmpfiles toolchain-funcs udev
DESCRIPTION="System and service manager for Linux"
HOMEPAGE="https://systemd.io/"
LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
SLOT="0/2"
IUSE="
acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod
+lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
+resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
"
REQUIRED_USE="
${PYTHON_REQUIRED_USE}
dns-over-tls? ( || ( gnutls openssl ) )
fido2? ( cryptsetup openssl )
homed? ( cryptsetup pam openssl )
importd? ( curl lzma || ( gcrypt openssl ) )
pwquality? ( homed )
boot? ( kernel-install )
ukify? ( boot )
"
RESTRICT="!test? ( test )"
MINKV="4.15"
COMMON_DEPEND="
>=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}]
sys-libs/libcap:0=[${MULTILIB_USEDEP}]
virtual/libcrypt:=[${MULTILIB_USEDEP}]
acl? ( sys-apps/acl:0= )
apparmor? ( >=sys-libs/libapparmor-2.13:0= )
audit? ( >=sys-process/audit-2:0= )
bpf? ( >=dev-libs/libbpf-1.4.0:0= )
cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
curl? ( >=net-misc/curl-7.32.0:0= )
elfutils? ( >=dev-libs/elfutils-0.158:0= )
fido2? ( dev-libs/libfido2:0= )
gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
gnutls? ( >=net-libs/gnutls-3.6.0:0= )
http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
idn? ( net-dns/libidn2:= )
importd? (
app-arch/bzip2:0=
sys-libs/zlib:0=
)
kmod? ( >=sys-apps/kmod-15:0= )
lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
iptables? ( net-firewall/iptables:0= )
openssl? ( >=dev-libs/openssl-1.1.0:0= )
pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= )
pcre? ( dev-libs/libpcre2 )
pwquality? ( >=dev-libs/libpwquality-1.4.1:0= )
qrcode? ( >=media-gfx/qrencode-3:0= )
seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
selinux? ( >=sys-libs/libselinux-2.1.9:0= )
tpm? ( app-crypt/tpm2-tss:0= )
xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
"
# Newer linux-headers needed by ia64, bug #480218
DEPEND="${COMMON_DEPEND}
>=sys-kernel/linux-headers-${MINKV}
"
PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
# baselayout-2.2 has /run
#
# Flatcar: Drop sec-policy/selinux-ntp from deps (under selinux use
# flag). The image stage fails with "Failed to resolve
# typeattributeset statement at
# /var/lib/selinux/mcs/tmp/modules/400/ntp/cil:120"
#
# Flatcar: Added a dep on sys-apps/kbd. It provides a loadkeys binary
# needed by dracut's systemd-vconsole-setup module.
RDEPEND="${COMMON_DEPEND}
>=acct-group/adm-0-r1
>=acct-group/wheel-0-r1
>=acct-group/kmem-0-r1
>=acct-group/tty-0-r1
>=acct-group/utmp-0-r1
>=acct-group/audio-0-r1
>=acct-group/cdrom-0-r1
>=acct-group/dialout-0-r1
>=acct-group/disk-0-r1
>=acct-group/input-0-r1
>=acct-group/kvm-0-r1
>=acct-group/lp-0-r1
>=acct-group/render-0-r1
acct-group/sgx
>=acct-group/tape-0-r1
acct-group/users
>=acct-group/video-0-r1
>=acct-group/systemd-journal-0-r1
>=acct-user/root-0-r1
acct-user/nobody
>=acct-user/systemd-journal-remote-0-r1
>=acct-user/systemd-coredump-0-r1
>=acct-user/systemd-network-0-r1
acct-user/systemd-oom
>=acct-user/systemd-resolve-0-r1
>=acct-user/systemd-timesync-0-r1
>=sys-apps/baselayout-2.2
sys-apps/kbd
ukify? (
${PYTHON_DEPS}
$(python_gen_cond_dep "${PEFILE_DEPEND}")
)
selinux? (
sec-policy/selinux-base-policy[systemd]
)
sysv-utils? (
!sys-apps/openrc[sysv-utils(-)]
!sys-apps/openrc-navi[sysv-utils(-)]
!sys-apps/sysvinit
)
!sysv-utils? ( sys-apps/sysvinit )
resolvconf? ( !net-dns/openresolv )
!sys-auth/nss-myhostname
!sys-fs/eudev
!sys-fs/udev
"
# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
>=sys-fs/udev-init-scripts-34
policykit? ( sys-auth/polkit )
!vanilla? ( sys-apps/gentoo-systemd-integration )"
BDEPEND="
app-arch/xz-utils:0
dev-util/gperf
>=dev-build/meson-0.46
>=sys-apps/coreutils-8.16
sys-devel/gettext
virtual/pkgconfig
bpf? (
dev-util/bpftool
sys-devel/bpf-toolchain
)
test? (
app-text/tree
dev-lang/perl
sys-apps/dbus
)
app-text/docbook-xml-dtd:4.2
app-text/docbook-xml-dtd:4.5
app-text/docbook-xsl-stylesheets
dev-libs/libxslt:0
${PYTHON_DEPS}
$(python_gen_cond_dep "
dev-python/jinja2[\${PYTHON_USEDEP}]
dev-python/lxml[\${PYTHON_USEDEP}]
boot? (
>=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}]
test? ( ${PEFILE_DEPEND} )
)
")
"
QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
pkg_pretend() {
# Flatcar: We keep using split-usr for SDK.
# if use split-usr; then
# eerror "Please complete the migration to merged-usr."
# eerror "https://wiki.gentoo.org/wiki/Merge-usr"
# die "systemd no longer supports split-usr"
# fi
if [[ ${MERGE_TYPE} != buildonly ]]; then
local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
~!SYSFS_DEPRECATED_V2"
use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
use bpf && CONFIG_CHECK+=" ~BPF ~BPF_SYSCALL ~BPF_LSM ~DEBUG_INFO_BTF"
use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
if kernel_is -ge 5 10 20; then
CONFIG_CHECK+=" ~KCMP"
else
CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
fi
if kernel_is -ge 4 18; then
CONFIG_CHECK+=" ~AUTOFS_FS"
else
CONFIG_CHECK+=" ~AUTOFS4_FS"
fi
if linux_config_exists; then
local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
ewarn "It's recommended to set an empty value to the following kernel config option:"
ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
fi
if linux_chkconfig_present X86; then
CONFIG_CHECK+=" ~DMIID"
fi
fi
if kernel_is -lt ${MINKV//./ }; then
ewarn "Kernel version at least ${MINKV} required"
fi
check_extra_config
fi
}
pkg_setup() {
use boot && secureboot_pkg_setup
}
src_unpack() {
default
[[ ${PV} != 9999 ]] || git-r3_src_unpack
}
src_prepare() {
local PATCHES=(
"${FILESDIR}/systemd-test-process-util.patch"
"${FILESDIR}/256-bpf-gcc.patch"
# Flatcar: Adding our own patches here.
"${FILESDIR}/0001-wait-online-set-any-by-default.patch"
"${FILESDIR}/0003-needs-update-don-t-require-strictly-newer-usr.patch"
"${FILESDIR}/0004-core-use-max-for-DefaultTasksMax.patch"
"${FILESDIR}/0005-systemd-Disable-SELinux-permissions-checks.patch"
"${FILESDIR}/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch"
"${FILESDIR}/0007-units-Keep-using-old-journal-file-format.patch"
"${FILESDIR}/0009-initrd-parse-etc.service.patch"
"${FILESDIR}/0010-network-netdev-also-check-ifindex-iftype-and-kind-wh.patch"
"${FILESDIR}/0011-network-also-check-ID_NET_MANAGED_BY-property-on-rec.patch"
)
if ! use vanilla; then
PATCHES+=(
"${FILESDIR}/gentoo-journald-audit-r1.patch"
)
fi
# Fails with split-usr.
sed -i -e '2i exit 77' test/test-rpm-macros.sh || die
# Flatcar: The Kubelet takes /etc/resolv.conf for, e.g.,
# CoreDNS which has dnsPolicy "default", but unless the
# kubelet --resolv-conf flag is set to point to
# /run/systemd/resolve/resolv.conf this won't work with
# /etc/resolv.conf pointing to
# /run/systemd/resolve/stub-resolv.conf which configures
# 127.0.0.53. See
# https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/#known-issues
# This means that users who need split DNS to work should
# point /etc/resolv.conf back to
# /run/systemd/resolve/stub-resolv.conf (and if using K8s
# configure the kubelet resolvConf variable/--resolv-conf flag
# to /run/systemd/resolve/resolv.conf).
sed -i -e 's,/run/systemd/resolve/stub-resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/systemd-resolve.conf || die
default
}
src_configure() {
# Prevent conflicts with i686 cross toolchain, bug 559726
tc-export AR CC NM OBJCOPY RANLIB
python_setup
multilib-minimal_src_configure
}
# Flatcar: Our function, we use it in some places below.
get_rootprefix() {
usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr"
}
multilib_src_configure() {
local myconf=(
--localstatedir="${EPREFIX}/var"
# default is developer, bug 918671
-Dmode=release
# Flatcar: Point to our user mailing list.
-Dsupport-url="https://groups.google.com/forum/#!forum/flatcar-linux-user"
-Dpamlibdir="$(getpam_mod_dir)"
# avoid bash-completion dep
-Dbashcompletiondir="$(get_bashcompdir)"
# Flatcar: We keep using split-usr in SDK.
$(meson_use split-usr)
# Flatcar: Always set split-bin to true, we always
# have separate bin and sbin directories
-Dsplit-bin=true
# Flatcar: Use get_rootprefix. No functional change
# from upstream, just refactoring the common code used
# in some places.
#
# TODO: Drop -Drootprefix and -Drootlibdir we get rid
# of split-usr in SDK
-Drootprefix="$(get_rootprefix)"
-Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
# Disable compatibility with sysvinit
-Dsysvinit-path=
-Dsysvrcnd-path=
# no deps
-Dima=true
# Match /etc/shells, bug 919749
-Ddebug-shell="${EPREFIX}/bin/sh"
-Ddefault-user-shell="${EPREFIX}/bin/bash"
# Optional components/dependencies
$(meson_native_use_bool acl)
$(meson_native_use_bool apparmor)
$(meson_native_use_bool audit)
$(meson_native_use_bool boot bootloader)
$(meson_native_use_bool bpf bpf-framework)
-Dbpf-compiler=gcc
$(meson_native_use_bool cryptsetup libcryptsetup)
$(meson_native_use_bool curl libcurl)
$(meson_native_use_bool dns-over-tls dns-over-tls)
$(meson_native_use_bool elfutils)
$(meson_native_use_bool fido2 libfido2)
$(meson_use gcrypt)
$(meson_native_use_bool gnutls)
$(meson_native_use_bool homed)
$(meson_native_use_bool http microhttpd)
$(meson_native_use_bool idn)
$(meson_native_use_bool importd)
$(meson_native_use_bool importd bzip2)
$(meson_native_use_bool importd zlib)
$(meson_native_use_bool kernel-install)
$(meson_native_use_bool kmod)
$(meson_use lz4)
$(meson_use lzma xz)
$(meson_use test tests)
$(meson_use zstd)
$(meson_native_use_bool iptables libiptc)
$(meson_native_use_bool openssl)
$(meson_use pam)
$(meson_native_use_bool pkcs11 p11kit)
$(meson_native_use_bool pcre pcre2)
$(meson_native_use_bool policykit polkit)
$(meson_native_use_bool pwquality)
$(meson_native_use_bool qrcode qrencode)
$(meson_native_use_bool seccomp)
$(meson_native_use_bool selinux)
$(meson_native_use_bool tpm tpm2)
$(meson_native_use_bool test dbus)
$(meson_native_use_bool ukify)
$(meson_native_use_bool xkb xkbcommon)
# Flatcar: Use our ntp servers.
-Dntp-servers="0.flatcar.pool.ntp.org 1.flatcar.pool.ntp.org 2.flatcar.pool.ntp.org 3.flatcar.pool.ntp.org"
# Breaks screen, tmux, etc.
-Ddefault-kill-user-processes=false
# Flatcar: TODO: Investigate if we want this.
-Dcreate-log-dirs=false
# multilib options
$(meson_native_true backlight)
$(meson_native_true binfmt)
$(meson_native_true coredump)
$(meson_native_true environment-d)
$(meson_native_true firstboot)
$(meson_native_true hibernate)
$(meson_native_true hostnamed)
$(meson_native_true ldconfig)
$(meson_native_true localed)
$(meson_native_true man)
$(meson_native_true networkd)
$(meson_native_true quotacheck)
$(meson_native_true randomseed)
$(meson_native_true rfkill)
$(meson_native_true sysusers)
$(meson_native_true timedated)
$(meson_native_true timesyncd)
$(meson_native_true tmpfiles)
$(meson_native_true vconsole)
$(meson_native_enabled vmspawn)
# Flatcar: Specify this, or meson breaks due to no
# /etc/login.defs.
-Dsystem-gid-max=999
-Dsystem-uid-max=999
# Flatcar: DBus paths.
-Ddbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services"
-Ddbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services"
# Flatcar: PAM config directory.
-Dpamconfdir=/usr/share/pam.d
# Flatcar: The CoreOS epoch, Mon Jul 1 00:00:00 UTC
# 2013. Used by timesyncd as a sanity check for the
# minimum acceptable time. Explicitly set to avoid
# using the current build time.
-Dtime-epoch=1372636800
# Flatcar: No default name servers.
-Ddns-servers=
# Flatcar: Disable the "First Boot Wizard", it isn't
# very applicable to us.
-Dfirstboot=false
# Flatcar: Set latest network interface naming scheme
# for https://github.com/flatcar/Flatcar/issues/36
-Ddefault-net-naming-scheme=latest
# Flatcar: Combined log format: name plus description
-Dstatus-unit-format-default=combined
# Flatcar: Unported options, still needed?
-Dquotaon-path=/usr/sbin/quotaon
-Dquotacheck-path=/usr/sbin/quotacheck
-Ddefault-mdns=no
)
case $(tc-arch) in
amd64|arm|arm64|ppc|ppc64|s390|x86)
# src/vmspawn/vmspawn-util.h: QEMU_MACHINE_TYPE
myconf+=( $(meson_native_enabled vmspawn) ) ;;
*)
myconf+=( -Dvmspawn=disabled ) ;;
esac
meson_src_configure "${myconf[@]}"
}
multilib_src_test() {
(
unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
export COLUMNS=80
addpredict /dev
addpredict /proc
addpredict /run
addpredict /sys/fs/cgroup
meson_src_test --timeout-multiplier=10
) || die
}
multilib_src_install_all() {
# meson doesn't know about docdir
mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
einstalldocs
# Flatcar: Do not install sample nsswitch.conf, we don't
# provide it.
# dodoc "${FILESDIR}"/nsswitch.conf
insinto /usr/lib/tmpfiles.d
doins "${FILESDIR}"/legacy.conf
if ! use resolvconf; then
rm -f "${ED}"/usr/bin/resolvconf || die
fi
if ! use sysv-utils; then
rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die
rm "${ED}"/usr/share/man/man1/init.1 || die
rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
fi
# https://bugs.gentoo.org/761763
rm -r "${ED}"/usr/lib/sysusers.d || die
# Flatcar: Upstream uses keepdir commands to keep some empty
# directories. We use tmpfiles.
# Preserve empty dirs in /etc & /var, bug #437008
keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
keepdir /etc/kernel/install.d
keepdir /etc/systemd/{network,system,user}
keepdir /etc/udev/rules.d
keepdir /etc/udev/hwdb.d
# keepdir /usr/lib/systemd/{system-sleep,system-shutdown}
# keepdir /usr/lib/{binfmt.d,modules-load.d}
# keepdir /usr/lib/systemd/user-generators
# keepdir /var/lib/systemd
# keepdir /var/log/journal
# if use pam; then
# if use selinux; then
# newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
# else
# newpamd "${FILESDIR}"/systemd-user.pam systemd-user
# fi
# fi
if use kernel-install; then
# Dummy config, remove to make room for sys-kernel/installkernel
rm "${ED}/usr/lib/kernel/install.conf" || die
fi
# Flatcar: Ensure journal directory has correct ownership/mode
# in inital image. This is fixed by systemd-tmpfiles *but*
# journald starts before that and will create the journal if
# the filesystem is already read-write. Conveniently the
# systemd Makefile sets this up completely wrong.
#
# Flatcar: TODO: Is this still a problem?
dodir /var/log/journal
fowners root:systemd-journal /var/log/journal
fperms 2755 /var/log/journal
# Flatcar: Don't prune systemd dirs.
dotmpfiles "${FILESDIR}"/systemd-flatcar.conf
# Flatcar: Add tmpfiles rule for resolv.conf. This path has
# changed after v213 so it must be handled here instead of
# baselayout now.
dotmpfiles "${FILESDIR}"/systemd-resolv.conf
# Flatcar: Don't default to graphical.target.
local unitdir=$(builddir_systemd_get_systemunitdir)
dosym multi-user.target "${unitdir}"/default.target
# Flatcar: Don't set any extra environment variables by default.
rm "${ED}/usr/lib/environment.d/99-environment.conf" || die
# Flatcar: These lines more or less follow the systemd's
# preset file (90-systemd.preset). We do it that way, to avoid
# putting symlinks in /etc. Please keep the lines in the same
# order as the "enable" lines appear in the preset file. For a
# single enable line in preset, there may be more lines if the
# unit file had Also: clause which has units we enable here
# too.
# Flatcar: enable remote-fs.target
builddir_systemd_enable_service multi-user.target remote-fs.target
# Flatcar: enable remote-cryptsetup.target
if use cryptsetup; then
builddir_systemd_enable_service multi-user.target remote-cryptsetup.target
fi
# Flatcar: enable machines.target
builddir_systemd_enable_service multi-user.target machines.target
# Flatcar: enable getty@.service
dodir "${unitdir}/getty.target.wants"
dosym ../getty@.service "${unitdir}/getty.target.wants/getty@tty1.service"
# Flatcar: enable systemd-timesyncd.service
builddir_systemd_enable_service sysinit.target systemd-timesyncd.service
# Flatcar: enable systemd-networkd.service (Also: systemd-networkd.socket, systemd-networkd-wait-online.service)
builddir_systemd_enable_service multi-user.target systemd-networkd.service
builddir_systemd_enable_service sockets.target systemd-networkd.socket
builddir_systemd_enable_service network-online.target systemd-networkd-wait-online.service
# Flatcar: enable systemd-network-generator.service
builddir_systemd_enable_service sysinit.target systemd-network-generator.service
# Flatcar: enable systemd-resolved.service
builddir_systemd_enable_service multi-user.target systemd-resolved.service
# Flatcar: enable systemd-homed.service (Also: systemd-userdbd.service [not enabled - has no WantedBy entry])
if use homed; then
builddir_systemd_enable_service multi-user.target systemd-homed.target
fi
# Flatcar: enable systemd-userdbd.socket
builddir_systemd_enable_service sockets.target systemd-userdbd.socket
# Flatcar: enable systemd-pstore.service
builddir_systemd_enable_service sysinit.target systemd-pstore.service
# Flatcar: enable systemd-boot-update.service
if use boot; then
builddir_systemd_enable_service sysinit.target systemd-boot-update.service
fi
# Flatcar: enable reboot.target (not enabled - has no WantedBy
# entry)
# Flatcar: enable systemd-sysext.service by default
builddir_systemd_enable_service sysinit.target systemd-sysext.service
# Flatcar: Use an empty preset file, because systemctl
# preset-all puts symlinks in /etc, not in /usr. We don't use
# /etc, because it is not autoupdated. We do the "preset" above.
rm "${ED}/usr/lib/systemd/system-preset/90-systemd.preset" || die
insinto /usr/lib/systemd/system-preset
doins "${FILESDIR}"/99-default.preset
# Flatcar: Do not ship distro-specific files (nsswitch.conf
# pam.d). This conflicts with our own configuration provided
# by baselayout.
rm -rf "${ED}"/usr/share/factory
sed -i "${ED}"/usr/lib/tmpfiles.d/etc.conf \
-e '/^C!* \/etc\/nsswitch\.conf/d' \
-e '/^C!* \/etc\/pam\.d/d' \
-e '/^C!* \/etc\/issue/d'
use ukify && python_fix_shebang "${ED}"
use boot && secureboot_auto_sign
}
# Flatcar: Our own version of systemd_get_systemunitdir, that returns
# a path inside /usr, not /etc.
builddir_systemd_get_systemunitdir() {
echo "$(get_rootprefix)/lib/systemd/system"
}
# Flatcar: Our own version of systemd_enable_service, that does
# operations inside /usr, not /etc.
builddir_systemd_enable_service() {
local target=${1}
local service=${2}
local ud=$(builddir_systemd_get_systemunitdir)
local destname=${service##*/}
dodir "${ud}"/"${target}".wants && \
dosym ../"${service}" "${ud}"/"${target}".wants/"${destname}"
if use boot; then
python_fix_shebang "${ED}"
secureboot_auto_sign
fi
}
migrate_locale() {
local envd_locale_def="${EROOT}/etc/env.d/02locale"
local envd_locale=( "${EROOT}"/etc/env.d/??locale )
local locale_conf="${EROOT}/etc/locale.conf"
if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
# If locale.conf does not exist...
if [[ -e ${envd_locale} ]]; then
# ...either copy env.d/??locale if there's one
ebegin "Moving ${envd_locale} to ${locale_conf}"
mv "${envd_locale}" "${locale_conf}"
eend ${?} || FAIL=1
else
# ...or create a dummy default
ebegin "Creating ${locale_conf}"
cat > "${locale_conf}" <<-EOF
# This file has been created by the sys-apps/systemd ebuild.
# See locale.conf(5) and localectl(1).
# LANG=${LANG}
EOF
eend ${?} || FAIL=1
fi
fi
if [[ ! -L ${envd_locale} ]]; then
# now, if env.d/??locale is not a symlink (to locale.conf)...
if [[ -e ${envd_locale} ]]; then
# ...warn the user that he has duplicate locale settings
ewarn
ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
ewarn "and create the symlink with the following command:"
ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
ewarn
else
# ...or just create the symlink if there's nothing here
ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
ln -n -s ../locale.conf "${envd_locale_def}"
eend ${?} || FAIL=1
fi
fi
}
pkg_preinst() {
if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
# Symlink /etc/sysctl.conf for easy migration.
dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
fi
# Flatcar: This used to be in upstream ebuild, but now it's
# gone. We should drop it once we get rid of split-usr in SDK.
if ! use split-usr; then
local dir
# Flatcar: We still use separate bin and sbin, so drop usr/sbin from the list.
for dir in bin sbin lib; do
if [[ ! -L ${EROOT}/${dir} ]]; then
eerror "'${EROOT}/${dir}' is not a symbolic link."
FAIL=1
fi
done
if [[ ${FAIL} ]]; then
eerror "Migration to system layout with merged directories must be performed before"
eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
die "System layout with split directories still used"
fi
fi
if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
fi
}
pkg_postinst() {
systemd_update_catalog
# Keep this here in case the database format changes so it gets updated
# when required.
systemd-hwdb --root="${ROOT}" update
udev_reload || FAIL=1
# Bug 465468, make sure locales are respected, and ensure consistency
# between OpenRC & systemd
migrate_locale
# Flatcar: We enable getty and remote-fs targets in /usr
# ourselves above.
# if [[ -z ${REPLACING_VERSIONS} ]]; then
# if type systemctl &>/dev/null; then
# systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
# fi
# elog "To enable a useful set of services, run the following:"
# elog " systemctl preset-all --preset-mode=enable-only"
# fi
if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
rm "${EROOT}/var/lib/systemd/timesync"
fi
if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
ebegin "Reexecuting system manager (systemd)"
systemctl daemon-reexec
eend $? || FAIL=1
# https://lists.freedesktop.org/archives/systemd-devel/2024-June/050466.html
ebegin "Signaling user managers to reexec"
systemctl kill --kill-whom='main' --signal='SIGRTMIN+25' 'user@*.service'
eend $?
fi
if [[ ${FAIL} ]]; then
eerror "One of the postinst commands failed. Please check the postinst output"
eerror "for errors. You may need to clean up your system and/or try installing"
eerror "systemd again."
eerror
fi
if use boot; then
optfeature "installing kernels in systemd-boot's native layout and update loader entries" \
"sys-kernel/installkernel[systemd-boot]"
fi
if use ukify; then
optfeature "generating unified kernel image on each kernel installation" \
"sys-kernel/installkernel[ukify]"
fi
}
pkg_prerm() {
# If removing systemd completely, remove the catalog database.
if [[ ! ${REPLACED_BY_VERSION} ]]; then
rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
fi
}

5
sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.12.54.ebuild vendored
View File

@ -9,7 +9,10 @@ DESCRIPTION="CoreOS Linux kernel"
KEYWORDS="amd64 arm64" KEYWORDS="amd64 arm64"
RESTRICT="userpriv" # dracut (via bootengine) needs root RESTRICT="userpriv" # dracut (via bootengine) needs root
RDEPEND="=sys-kernel/coreos-modules-${PVR}" RDEPEND="
=sys-kernel/coreos-modules-${PVR}
sys-apps/kbd
"
BDEPEND=" BDEPEND="
sys-kernel/dracut sys-kernel/dracut
" "

2
sdk_container/src/third_party/portage-stable/sys-apps/systemd/Manifest vendored Normal file
View File

@ -0,0 +1,2 @@
DIST systemd-257.9.tar.gz 16401765 BLAKE2B c3ad528d37b89de8f82548807e950b59aab43f875a533ad983169eb539594e5e8230b6b562caee5297dcec4572e27df0e53ebee04f79e85f429f47862031592e SHA512 23b3d2764e0f990d8373068ccb41177793413bc193f7bd34e38b03d6fc3cd32d07c86e9dcbf07e32904075bb5eeca208f65beab04d628ac0e0b81ba87a975c1b
DIST systemd-258.tar.gz 16976853 BLAKE2B c63bc09bff11ba4cf6e87bef689250a6b354bf8f5bfb5af6d2a173fa1e1838aa457a8a7db66f7aad20dae25b7a0defddcb052d53f18a688a2dd6d5f323d4692a SHA512 c488354da1c170ad02e10926f561d1985c3c3393fec878562f295ef764fdf3a1b2877c3b2549253f19bf23e357be6e443a50b937f60f4677f286d3402d611b85

0
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/gentoo-generator-path-r2.patch → sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/gentoo-generator-path-r2.patch vendored
View File

0
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/gentoo-journald-audit-r1.patch → sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/gentoo-journald-audit-r1.patch vendored
View File

51
sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/gentoo-journald-audit-r2.patch vendored Normal file
View File

@ -0,0 +1,51 @@
From 7b9ee7375ca9a1521ff36dd9ceb8a26e59572a6e Mon Sep 17 00:00:00 2001
From: Mike Gilbert <floppym@gentoo.org>
Date: Wed, 17 Sep 2025 15:40:57 -0400
Subject: [PATCH] journald: do not change the kernel audit setting by default
Bug: https://bugs.gentoo.org/736910
---
man/journald.conf.xml | 2 +-
src/journal/journald-config.c | 2 +-
src/journal/journald.conf | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/journald.conf.xml b/man/journald.conf.xml
index 1a68ba8698..a9a77a51d1 100644
--- a/man/journald.conf.xml
+++ b/man/journald.conf.xml
@@ -482,7 +482,7 @@
kernel auditing on start-up. If disabled it will turn it off. If unset it will neither enable nor
disable it, leaving the previous state unchanged. This means if another tool turns on auditing even
if <command>systemd-journald</command> left it off, it will still collect the generated
- messages. Defaults to on in the default journal namespace, and unset otherwise.</para>
+ messages.</para>
<para>Note that this option does not control whether <command>systemd-journald</command> collects
generated audit records, it just controls whether it tells the kernel to generate them. If you need
diff --git a/src/journal/journald-config.c b/src/journal/journald-config.c
index dd2e29e296..4160fa2ab9 100644
--- a/src/journal/journald-config.c
+++ b/src/journal/journald-config.c
@@ -122,7 +122,7 @@ void manager_merge_configs(Manager *m) {
MERGE_NON_NEGATIVE(read_kmsg, !m->namespace);
/* By default, kernel auditing is enabled by the main namespace instance, and not controlled by
* non-default namespace instances. */
- MERGE_NON_NEGATIVE(set_audit, m->namespace ? -1 : true);
+ MERGE_NON_NEGATIVE(set_audit, -1);
MERGE_NON_ZERO(sync_interval_usec, DEFAULT_SYNC_INTERVAL_USEC);
/* TODO: also merge them when comdline or credentials support to configure them. */
diff --git a/src/journal/journald.conf b/src/journal/journald.conf
index 9a12ca7657..e42efbcf84 100644
--- a/src/journal/journald.conf
+++ b/src/journal/journald.conf
@@ -47,4 +47,4 @@
#MaxLevelSocket=debug
#LineMax=48K
#ReadKMsg=yes
-#Audit=yes
+#Audit=
--
2.51.0

0
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/legacy.conf → sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/legacy.conf vendored
View File

27
sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/nsswitch.conf vendored Normal file
View File

@ -0,0 +1,27 @@
# Sample nss configuration for systemd
# systemd-specific modules
# See the manual pages fore further information.
# nss-myhostname - host resolution for the local hostname
# nss-mymachines - host, user, group resolution for containers
# nss-resolve - host resolution using resolved
# nss-systemd - dynamic user/group resolution (DynamicUser in unit files)
passwd: files mymachines systemd
shadow: files
group: files mymachines systemd
gshadow: files
hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
networks: files
services: db files
protocols: db files
rpc: db files
ethers: db files
netmasks: files
netgroup: files
bootparams: files
automount: files
aliases: files

69
sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-257-cred-util-tpm2.patch vendored Normal file
View File

@ -0,0 +1,69 @@
https://bugs.gentoo.org/956681
https://github.com/systemd/systemd/pull/37017
From fd9c4b4f49990f0656092035464b85256a0ba6e3 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Fri, 4 Apr 2025 21:40:41 -0700
Subject: [PATCH] shared/cred-util: Ensure TPM code is used with HAVE_TPM2
guards
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Building with no TPM2 we end up with following error
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:29:10: note: in a call to built-in function __builtin___memcpy_chk
In function memcpy,
inlined from encrypt_credential_and_warn at ../git/src/shared/creds-util.c:1091:17:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:29:10: error: argument 2 null where non-null expected [-Werror=nonnull]
29 | return __builtin___memcpy_chk (__dest, __src, __len,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
30 | __glibc_objsize0 (__dest));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:29:10: note: in a call to built-in function __builtin___memcpy_chk
cc1: some warnings being treated as errors 29 | return __builtin___memcpy_chk (__dest, __src, __len,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
30 | __glibc_objsize0 (__dest));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~
This is because code referencing tpm2 data structures is still used while the
initialization of the function has been compiled out since its conditional on HAVE_TPM2
We add needed guards in places where it is missing to fix this problem
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
src/shared/creds-util.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c
index ca8e15d4c9d1e..e074c8b24680a 100644
--- a/src/shared/creds-util.c
+++ b/src/shared/creds-util.c
@@ -804,7 +804,9 @@ int encrypt_credential_and_warn(
_cleanup_(iovec_done_erase) struct iovec tpm2_key = {}, output = {}, host_key = {};
_cleanup_(EVP_CIPHER_CTX_freep) EVP_CIPHER_CTX *context = NULL;
_cleanup_free_ struct metadata_credential_header *m = NULL;
+#if HAVE_TPM2
uint16_t tpm2_pcr_bank = 0, tpm2_primary_alg = 0;
+#endif
struct encrypted_credential_header *h;
int ksz, bsz, ivsz, tsz, added, r;
uint8_t md[SHA256_DIGEST_LENGTH];
@@ -1078,6 +1080,7 @@ int encrypt_credential_and_warn(
p = ALIGN8(offsetof(struct encrypted_credential_header, iv) + ivsz);
+#if HAVE_TPM2
if (iovec_is_set(&tpm2_key)) {
struct tpm2_credential_header *t;
@@ -1092,7 +1095,7 @@ int encrypt_credential_and_warn(
p += ALIGN8(offsetof(struct tpm2_credential_header, policy_hash_and_blob) + tpm2_blob.iov_len + tpm2_policy_hash.iov_len);
}
-
+#endif
if (iovec_is_set(&pubkey)) {
struct tpm2_public_key_credential_header *z;

38
sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-258-curl-warnings.patch vendored Normal file
View File

@ -0,0 +1,38 @@
https://bugs.gentoo.org/963528
From 1403faeb152e24ef74230891cc6bf1875292324f Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 19 Sep 2025 11:29:36 +0200
Subject: [PATCH] tree-wide: Fix two curl warnings
---
src/import/pull-job.c | 2 +-
src/journal-remote/journal-upload.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/import/pull-job.c b/src/import/pull-job.c
index a0b0ef54061b9..b457c39ed1800 100644
--- a/src/import/pull-job.c
+++ b/src/import/pull-job.c
@@ -759,7 +759,7 @@ int pull_job_begin(PullJob *j) {
if (curl_easy_setopt(j->curl, CURLOPT_XFERINFODATA, j) != CURLE_OK)
return -EIO;
- if (curl_easy_setopt(j->curl, CURLOPT_NOPROGRESS, 0) != CURLE_OK)
+ if (curl_easy_setopt(j->curl, CURLOPT_NOPROGRESS, 0L) != CURLE_OK)
return -EIO;
r = curl_glue_add(j->glue, j->curl);
diff --git a/src/journal-remote/journal-upload.c b/src/journal-remote/journal-upload.c
index d669d27274f6a..05f0dad038449 100644
--- a/src/journal-remote/journal-upload.c
+++ b/src/journal-remote/journal-upload.c
@@ -308,7 +308,7 @@ int start_upload(Uploader *u,
}
if (STRPTR_IN_SET(arg_trust, "-", "all"))
- easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0,
+ easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L,
LOG_ERR, return -EUCLEAN);
else if (arg_trust || startswith(u->url, "https://"))
easy_setopt(curl, CURLOPT_CAINFO, arg_trust ?: TRUST_FILE,

31
sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-258-resolve-undo-change-to-return-code.patch vendored Normal file
View File

@ -0,0 +1,31 @@
https://bugs.gentoo.org/963560
https://github.com/systemd/systemd/pull/39119
From 6cae201ca1b0bf4a136bdf1002b4bc7983f0ceee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mantas=20Mikul=C4=97nas?= <grawity@gmail.com>
Date: Thu, 25 Sep 2025 22:52:18 +0300
Subject: [PATCH] resolve: undo change to return code of next_search_domain()
(#39119)
This caused resolved to only consider the 1st search domain of every
interface and ignore the rest.
Fixes a regression caused by 81ae2237c1792943a1ec712ae2e630bcc592175b (v258).
Fixes #39118.
---
src/resolve/resolved-dns-query.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c
index 8ad7bff398d85..4e11ad87bf545 100644
--- a/src/resolve/resolved-dns-query.c
+++ b/src/resolve/resolved-dns-query.c
@@ -147,7 +147,7 @@ static int dns_query_candidate_next_search_domain(DnsQueryCandidate *c) {
dns_search_domain_unref(c->search_domain);
c->search_domain = dns_search_domain_ref(next);
- return 0;
+ return 1;
}
static int dns_query_candidate_add_transaction(

24
sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-258-shared-add-missing-alloc-util.patch vendored Normal file
View File

@ -0,0 +1,24 @@
https://bugs.gentoo.org/963481
https://github.com/systemd/systemd/pull/39149
From 3df39cedda01dec35e49f1ab5632cf9f325e5320 Mon Sep 17 00:00:00 2001
From: Xarblu <xarblu@protonmail.com>
Date: Fri, 26 Sep 2025 21:40:50 +0200
Subject: [PATCH] shared: add missing alloc-util.h include
Needed for _cleanup_free_
---
src/shared/password-quality-util-passwdqc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/shared/password-quality-util-passwdqc.c b/src/shared/password-quality-util-passwdqc.c
index d74e0fb7f2370..844068a4d64a3 100644
--- a/src/shared/password-quality-util-passwdqc.c
+++ b/src/shared/password-quality-util-passwdqc.c
@@ -1,5 +1,6 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#include "alloc-util.h"
#include "dlfcn-util.h"
#include "errno-util.h"
#include "log.h"

0
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-test-process-util.patch → sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-test-process-util.patch vendored
View File

7
sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-user-selinux.pam vendored Normal file
View File

@ -0,0 +1,7 @@
account include system-auth
session required pam_selinux.so close
session required pam_selinux.so nottys open
session required pam_loginuid.so
session include system-auth
session optional pam_systemd.so

5
sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-user.pam vendored Normal file
View File

@ -0,0 +1,5 @@
account include system-auth
session required pam_loginuid.so
session include system-auth
session optional pam_systemd.so

4
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml → sdk_container/src/third_party/portage-stable/sys-apps/systemd/metadata.xml vendored
View File

@ -11,6 +11,7 @@
<use> <use>
<flag name="audit">Enable support for <pkg>sys-process/audit</pkg></flag> <flag name="audit">Enable support for <pkg>sys-process/audit</pkg></flag>
<flag name="boot">Enable EFI boot manager and stub loader</flag> <flag name="boot">Enable EFI boot manager and stub loader</flag>
<flag name="bpf">Enable BPF support for sandboxing and firewalling.</flag>
<flag name="cgroup-hybrid">Default to hybrid (legacy) cgroup hierarchy instead of unified (modern).</flag> <flag name="cgroup-hybrid">Default to hybrid (legacy) cgroup hierarchy instead of unified (modern).</flag>
<flag name="curl">Enable support for uploading journals</flag> <flag name="curl">Enable support for uploading journals</flag>
<flag name="cryptsetup">Enable cryptsetup tools (includes unit generator for crypttab)</flag> <flag name="cryptsetup">Enable cryptsetup tools (includes unit generator for crypttab)</flag>
@ -26,8 +27,9 @@
<flag name="kmod">Enable kernel module loading via <pkg>sys-apps/kmod</pkg></flag> <flag name="kmod">Enable kernel module loading via <pkg>sys-apps/kmod</pkg></flag>
<flag name="lz4">Enable lz4 compression for the journal</flag> <flag name="lz4">Enable lz4 compression for the journal</flag>
<flag name="openssl">Enable use of <pkg>dev-libs/openssl</pkg> for various features</flag> <flag name="openssl">Enable use of <pkg>dev-libs/openssl</pkg> for various features</flag>
<flag name="passwdqc">Use <pkg>sys-auth/passwdqc</pkg> for password checking in homed</flag>
<flag name="pkcs11">Enable PKCS#11 support for cryptsetup and homed</flag> <flag name="pkcs11">Enable PKCS#11 support for cryptsetup and homed</flag>
<flag name="pwquality">Enable password quality checking in homed</flag> <flag name="pwquality">Use <pkg>dev-libs/libpwquality</pkg> for password checking in homed</flag>
<flag name="qrcode">Enable qrcode output support in journal</flag> <flag name="qrcode">Enable qrcode output support in journal</flag>
<flag name="resolvconf">Install resolvconf symlink for systemd-resolve</flag> <flag name="resolvconf">Install resolvconf symlink for systemd-resolve</flag>
<flag name="sysv-utils">Install sysvinit compatibility symlinks and manpages for init, telinit, halt, poweroff, reboot, runlevel, and shutdown</flag> <flag name="sysv-utils">Install sysvinit compatibility symlinks and manpages for init, telinit, halt, poweroff, reboot, runlevel, and shutdown</flag>

323
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-257.7-r1.ebuild → sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-257.9.ebuild vendored
View File

@ -2,7 +2,7 @@
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
EAPI=8 EAPI=8
PYTHON_COMPAT=( python3_{10..13} ) PYTHON_COMPAT=( python3_{11..13} )
# Avoid QA warnings # Avoid QA warnings
TMPFILES_OPTIONAL=1 TMPFILES_OPTIONAL=1
@ -20,13 +20,12 @@ else
SRC_URI="https://github.com/systemd/${PN}/archive/refs/tags/v${MY_PV}.tar.gz -> ${MY_P}.tar.gz" SRC_URI="https://github.com/systemd/${PN}/archive/refs/tags/v${MY_PV}.tar.gz -> ${MY_P}.tar.gz"
if [[ ${PV} != *rc* ]] ; then if [[ ${PV} != *rc* ]] ; then
# Flatcar: mark as stable KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
fi fi
fi fi
inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1 inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1
inherit secureboot systemd tmpfiles toolchain-funcs udev inherit secureboot systemd toolchain-funcs udev
DESCRIPTION="System and service manager for Linux" DESCRIPTION="System and service manager for Linux"
HOMEPAGE="https://systemd.io/" HOMEPAGE="https://systemd.io/"
@ -98,14 +97,6 @@ DEPEND="${COMMON_DEPEND}
PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
# baselayout-2.2 has /run # baselayout-2.2 has /run
#
# Flatcar: Drop sec-policy/selinux-ntp from deps (under selinux use
# flag). The image stage fails with "Failed to resolve
# typeattributeset statement at
# /var/lib/selinux/mcs/tmp/modules/400/ntp/cil:120"
#
# Flatcar: Added a dep on sys-apps/kbd. It provides a loadkeys binary
# needed by dracut's systemd-vconsole-setup module.
RDEPEND="${COMMON_DEPEND} RDEPEND="${COMMON_DEPEND}
>=acct-group/adm-0-r1 >=acct-group/adm-0-r1
>=acct-group/wheel-0-r1 >=acct-group/wheel-0-r1
@ -134,21 +125,21 @@ RDEPEND="${COMMON_DEPEND}
>=acct-user/systemd-resolve-0-r1 >=acct-user/systemd-resolve-0-r1
>=acct-user/systemd-timesync-0-r1 >=acct-user/systemd-timesync-0-r1
>=sys-apps/baselayout-2.2 >=sys-apps/baselayout-2.2
sys-apps/kbd
ukify? ( ukify? (
${PYTHON_DEPS} ${PYTHON_DEPS}
$(python_gen_cond_dep "${PEFILE_DEPEND}") $(python_gen_cond_dep "${PEFILE_DEPEND}")
) )
selinux? ( selinux? (
sec-policy/selinux-base-policy[systemd] sec-policy/selinux-base-policy[systemd]
sec-policy/selinux-ntp
) )
sysv-utils? ( sysv-utils? (
!sys-apps/openrc[sysv-utils(-)] !sys-apps/openrc[sysv-utils(-)]
!sys-apps/openrc-navi[sysv-utils(-)]
!sys-apps/sysvinit !sys-apps/sysvinit
) )
!sysv-utils? ( sys-apps/sysvinit ) !sysv-utils? ( sys-apps/sysvinit )
resolvconf? ( !net-dns/openresolv ) resolvconf? ( !net-dns/openresolv )
!sys-apps/hwids[udev]
!sys-auth/nss-myhostname !sys-auth/nss-myhostname
!sys-fs/eudev !sys-fs/eudev
!sys-fs/udev !sys-fs/udev
@ -168,7 +159,7 @@ BDEPEND="
sys-devel/gettext sys-devel/gettext
virtual/pkgconfig virtual/pkgconfig
bpf? ( bpf? (
dev-util/bpftool >=dev-util/bpftool-7.0.0
sys-devel/bpf-toolchain sys-devel/bpf-toolchain
) )
test? ( test? (
@ -194,13 +185,38 @@ BDEPEND="
QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
QA_EXECSTACK="usr/lib/systemd/boot/efi/*" QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
check_cgroup_layout() {
# https://bugs.gentoo.org/935261
[[ ${MERGE_TYPE} != buildonly ]] || return
[[ -z ${ROOT} ]] || return
[[ -e /sys/fs/cgroup/unified ]] || return
grep -q 'SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1' /proc/cmdline && return
eerror "This system appears to be booted with the 'hybrid' cgroup layout."
eerror "This layout obsolete and is disabled in systemd."
if grep -qF 'systemd.unified_cgroup_hierarchy'; then
eerror "Remove the systemd.unified_cgroup_hierarchy option"
eerror "from the kernel command line and reboot."
die "hybrid cgroup layout detected"
fi
}
pkg_pretend() { pkg_pretend() {
# Flatcar: We keep using split-usr for SDK. if use split-usr; then
# if use split-usr; then eerror "Please complete the migration to merged-usr."
# eerror "Please complete the migration to merged-usr." eerror "https://wiki.gentoo.org/wiki/Merge-usr"
# eerror "https://wiki.gentoo.org/wiki/Merge-usr" die "systemd no longer supports split-usr"
# die "systemd no longer supports split-usr" fi
# fi
check_cgroup_layout
if use cgroup-hybrid; then
eerror "Disable the 'cgroup-hybrid' USE flag."
eerror "Rebuild any initramfs images after rebuilding systemd."
die "cgroup-hybrid is no longer supported"
fi
if [[ ${MERGE_TYPE} != buildonly ]]; then if [[ ${MERGE_TYPE} != buildonly ]]; then
local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
@ -256,14 +272,7 @@ src_unpack() {
src_prepare() { src_prepare() {
local PATCHES=( local PATCHES=(
# Flatcar: Adding our own patches here. "${FILESDIR}"/systemd-257-cred-util-tpm2.patch
"${FILESDIR}/0001-wait-online-set-any-by-default.patch"
"${FILESDIR}/0003-needs-update-don-t-require-strictly-newer-usr.patch"
"${FILESDIR}/0004-core-use-max-for-DefaultTasksMax.patch"
"${FILESDIR}/0005-systemd-Disable-SELinux-permissions-checks.patch"
"${FILESDIR}/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin-257.patch"
"${FILESDIR}/0007-units-Keep-using-old-journal-file-format.patch"
"${FILESDIR}/0009-initrd-parse-etc.service.patch"
) )
if ! use vanilla; then if ! use vanilla; then
@ -272,23 +281,6 @@ src_prepare() {
) )
fi fi
# Fails with split-usr.
sed -i -e '2i exit 77' test/test-rpm-macros.sh || die
# Flatcar: The Kubelet takes /etc/resolv.conf for, e.g.,
# CoreDNS which has dnsPolicy "default", but unless the
# kubelet --resolv-conf flag is set to point to
# /run/systemd/resolve/resolv.conf this won't work with
# /etc/resolv.conf pointing to
# /run/systemd/resolve/stub-resolv.conf which configures
# 127.0.0.53. See
# https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/#known-issues
# This means that users who need split DNS to work should
# point /etc/resolv.conf back to
# /run/systemd/resolve/stub-resolv.conf (and if using K8s
# configure the kubelet resolvConf variable/--resolv-conf flag
# to /run/systemd/resolve/resolv.conf).
sed -i -e 's,/run/systemd/resolve/stub-resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/systemd-resolve.conf || die
default default
} }
@ -301,34 +293,17 @@ src_configure() {
multilib-minimal_src_configure multilib-minimal_src_configure
} }
# Flatcar: Our function, we use it in some places below.
get_rootprefix() {
usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr"
}
multilib_src_configure() { multilib_src_configure() {
local myconf=( local myconf=(
--localstatedir="${EPREFIX}/var" --localstatedir="${EPREFIX}/var"
-Ddocdir="share/doc/${PF}"
# default is developer, bug 918671 # default is developer, bug 918671
-Dmode=release -Dmode=release
# Flatcar: Point to our user mailing list. -Dsupport-url="https://gentoo.org/support/"
-Dsupport-url="https://groups.google.com/forum/#!forum/flatcar-linux-user"
-Dpamlibdir="$(getpam_mod_dir)" -Dpamlibdir="$(getpam_mod_dir)"
# avoid bash-completion dep # avoid bash-completion dep
-Dbashcompletiondir="$(get_bashcompdir)" -Dbashcompletiondir="$(get_bashcompdir)"
# Flatcar: We keep using split-usr in SDK. -Dsplit-bin=false
$(meson_use split-usr)
# Flatcar: Always set split-bin to true, we always
# have separate bin and sbin directories
-Dsplit-bin=true
# Flatcar: Use get_rootprefix. No functional change
# from upstream, just refactoring the common code used
# in some places.
#
# TODO: Drop -Drootprefix and -Drootlibdir we get rid
# of split-usr in SDK
-Drootprefix="$(get_rootprefix)"
-Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
# Disable compatibility with sysvinit # Disable compatibility with sysvinit
-Dsysvinit-path= -Dsysvinit-path=
-Dsysvrcnd-path= -Dsysvrcnd-path=
@ -377,11 +352,9 @@ multilib_src_configure() {
$(meson_native_use_feature test dbus) $(meson_native_use_feature test dbus)
$(meson_native_use_feature ukify) $(meson_native_use_feature ukify)
$(meson_native_use_feature xkb xkbcommon) $(meson_native_use_feature xkb xkbcommon)
# Flatcar: Use our ntp servers. -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
-Dntp-servers="0.flatcar.pool.ntp.org 1.flatcar.pool.ntp.org 2.flatcar.pool.ntp.org 3.flatcar.pool.ntp.org"
# Breaks screen, tmux, etc. # Breaks screen, tmux, etc.
-Ddefault-kill-user-processes=false -Ddefault-kill-user-processes=false
# Flatcar: TODO: Investigate if we want this.
-Dcreate-log-dirs=false -Dcreate-log-dirs=false
# multilib options # multilib options
@ -404,43 +377,6 @@ multilib_src_configure() {
$(meson_native_true timesyncd) $(meson_native_true timesyncd)
$(meson_native_true tmpfiles) $(meson_native_true tmpfiles)
$(meson_native_true vconsole) $(meson_native_true vconsole)
$(meson_native_enabled vmspawn)
# Flatcar: Specify this, or meson breaks due to no
# /etc/login.defs.
-Dsystem-gid-max=999
-Dsystem-uid-max=999
# Flatcar: DBus paths.
-Ddbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services"
-Ddbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services"
# Flatcar: PAM config directory.
-Dpamconfdir=/usr/share/pam.d
# Flatcar: The CoreOS epoch, Mon Jul 1 00:00:00 UTC
# 2013. Used by timesyncd as a sanity check for the
# minimum acceptable time. Explicitly set to avoid
# using the current build time.
-Dtime-epoch=1372636800
# Flatcar: No default name servers.
-Ddns-servers=
# Flatcar: Disable the "First Boot Wizard", it isn't
# very applicable to us.
-Dfirstboot=false
# Flatcar: Set latest network interface naming scheme
# for https://github.com/flatcar/Flatcar/issues/36
-Ddefault-net-naming-scheme=latest
# Flatcar: Combined log format: name plus description
-Dstatus-unit-format-default=combined
# Flatcar: Unported options, still needed?
-Dquotaon-path=/usr/sbin/quotaon
-Dquotacheck-path=/usr/sbin/quotacheck
-Ddefault-mdns=no
) )
case $(tc-arch) in case $(tc-arch) in
@ -467,13 +403,8 @@ multilib_src_test() {
} }
multilib_src_install_all() { multilib_src_install_all() {
# meson doesn't know about docdir
mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
einstalldocs einstalldocs
# Flatcar: Do not install sample nsswitch.conf, we don't dodoc "${FILESDIR}"/nsswitch.conf
# provide it.
# dodoc "${FILESDIR}"/nsswitch.conf
insinto /usr/lib/tmpfiles.d insinto /usr/lib/tmpfiles.d
doins "${FILESDIR}"/legacy.conf doins "${FILESDIR}"/legacy.conf
@ -491,8 +422,6 @@ multilib_src_install_all() {
# https://bugs.gentoo.org/761763 # https://bugs.gentoo.org/761763
rm -r "${ED}"/usr/lib/sysusers.d || die rm -r "${ED}"/usr/lib/sysusers.d || die
# Flatcar: Upstream uses keepdir commands to keep some empty
# directories. We use tmpfiles.
# Preserve empty dirs in /etc & /var, bug #437008 # Preserve empty dirs in /etc & /var, bug #437008
keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
keepdir /etc/kernel/install.d keepdir /etc/kernel/install.d
@ -501,138 +430,29 @@ multilib_src_install_all() {
keepdir /etc/udev/hwdb.d keepdir /etc/udev/hwdb.d
# keepdir /usr/lib/systemd/{system-sleep,system-shutdown} keepdir /usr/lib/systemd/{system-sleep,system-shutdown}
# keepdir /usr/lib/{binfmt.d,modules-load.d} keepdir /usr/lib/{binfmt.d,modules-load.d}
# keepdir /usr/lib/systemd/user-generators keepdir /usr/lib/systemd/user-generators
# keepdir /var/lib/systemd keepdir /var/lib/systemd
# keepdir /var/log/journal keepdir /var/log/journal
# if use pam; then if use pam; then
# if use selinux; then if use selinux; then
# newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
# else else
# newpamd "${FILESDIR}"/systemd-user.pam systemd-user newpamd "${FILESDIR}"/systemd-user.pam systemd-user
# fi fi
# fi fi
if use kernel-install; then if use kernel-install; then
# Dummy config, remove to make room for sys-kernel/installkernel # Dummy config, remove to make room for sys-kernel/installkernel
rm "${ED}/usr/lib/kernel/install.conf" || die rm "${ED}/usr/lib/kernel/install.conf" || die
fi fi
# Flatcar: Ensure journal directory has correct ownership/mode
# in inital image. This is fixed by systemd-tmpfiles *but*
# journald starts before that and will create the journal if
# the filesystem is already read-write. Conveniently the
# systemd Makefile sets this up completely wrong.
#
# Flatcar: TODO: Is this still a problem?
dodir /var/log/journal
fowners root:systemd-journal /var/log/journal
fperms 2755 /var/log/journal
# Flatcar: Don't prune systemd dirs.
dotmpfiles "${FILESDIR}"/systemd-flatcar.conf
# Flatcar: Add tmpfiles rule for resolv.conf. This path has
# changed after v213 so it must be handled here instead of
# baselayout now.
dotmpfiles "${FILESDIR}"/systemd-resolv.conf
# Flatcar: Don't default to graphical.target.
local unitdir=$(builddir_systemd_get_systemunitdir)
dosym multi-user.target "${unitdir}"/default.target
# Flatcar: Don't set any extra environment variables by default.
rm "${ED}/usr/lib/environment.d/99-environment.conf" || die
# Flatcar: These lines more or less follow the systemd's
# preset file (90-systemd.preset). We do it that way, to avoid
# putting symlinks in /etc. Please keep the lines in the same
# order as the "enable" lines appear in the preset file. For a
# single enable line in preset, there may be more lines if the
# unit file had Also: clause which has units we enable here
# too.
# Flatcar: enable remote-fs.target
builddir_systemd_enable_service multi-user.target remote-fs.target
# Flatcar: enable remote-cryptsetup.target
if use cryptsetup; then
builddir_systemd_enable_service multi-user.target remote-cryptsetup.target
fi
# Flatcar: enable machines.target
builddir_systemd_enable_service multi-user.target machines.target
# Flatcar: enable getty@.service
dodir "${unitdir}/getty.target.wants"
dosym ../getty@.service "${unitdir}/getty.target.wants/getty@tty1.service"
# Flatcar: enable systemd-timesyncd.service
builddir_systemd_enable_service sysinit.target systemd-timesyncd.service
# Flatcar: enable systemd-networkd.service (Also: systemd-networkd.socket, systemd-networkd-wait-online.service)
builddir_systemd_enable_service multi-user.target systemd-networkd.service
builddir_systemd_enable_service sockets.target systemd-networkd.socket
builddir_systemd_enable_service network-online.target systemd-networkd-wait-online.service
# Flatcar: enable systemd-network-generator.service
builddir_systemd_enable_service sysinit.target systemd-network-generator.service
# Flatcar: enable systemd-resolved.service
builddir_systemd_enable_service multi-user.target systemd-resolved.service
# Flatcar: enable systemd-homed.service (Also: systemd-userdbd.service [not enabled - has no WantedBy entry])
if use homed; then
builddir_systemd_enable_service multi-user.target systemd-homed.target
fi
# Flatcar: enable systemd-userdbd.socket
builddir_systemd_enable_service sockets.target systemd-userdbd.socket
# Flatcar: enable systemd-pstore.service
builddir_systemd_enable_service sysinit.target systemd-pstore.service
# Flatcar: enable systemd-boot-update.service
if use boot; then
builddir_systemd_enable_service sysinit.target systemd-boot-update.service
fi
# Flatcar: enable reboot.target (not enabled - has no WantedBy
# entry)
# Flatcar: enable systemd-sysext.service by default
builddir_systemd_enable_service sysinit.target systemd-sysext.service
# Flatcar: Use an empty preset file, because systemctl
# preset-all puts symlinks in /etc, not in /usr. We don't use
# /etc, because it is not autoupdated. We do the "preset" above.
rm "${ED}/usr/lib/systemd/system-preset/90-systemd.preset" || die
insinto /usr/lib/systemd/system-preset
doins "${FILESDIR}"/99-default.preset
# Flatcar: Do not ship distro-specific files (nsswitch.conf
# pam.d). This conflicts with our own configuration provided
# by baselayout.
rm -rf "${ED}"/usr/share/factory
sed -i "${ED}"/usr/lib/tmpfiles.d/etc.conf \
-e '/^C!* \/etc\/nsswitch\.conf/d' \
-e '/^C!* \/etc\/pam\.d/d' \
-e '/^C!* \/etc\/issue/d'
use ukify && python_fix_shebang "${ED}" use ukify && python_fix_shebang "${ED}"
use boot && secureboot_auto_sign use boot && secureboot_auto_sign
} }
# Flatcar: Our own version of systemd_get_systemunitdir, that returns
# a path inside /usr, not /etc.
builddir_systemd_get_systemunitdir() {
echo "$(get_rootprefix)/lib/systemd/system"
}
# Flatcar: Our own version of systemd_enable_service, that does
# operations inside /usr, not /etc.
builddir_systemd_enable_service() {
local target=${1}
local service=${2}
local ud=$(builddir_systemd_get_systemunitdir)
local destname=${service##*/}
dodir "${ud}"/"${target}".wants && \
dosym ../"${service}" "${ud}"/"${target}".wants/"${destname}"
if use boot; then
python_fix_shebang "${ED}"
secureboot_auto_sign
fi
}
migrate_locale() { migrate_locale() {
local envd_locale_def="${EROOT}/etc/env.d/02locale" local envd_locale_def="${EROOT}/etc/env.d/02locale"
local envd_locale=( "${EROOT}"/etc/env.d/??locale ) local envd_locale=( "${EROOT}"/etc/env.d/??locale )
@ -683,23 +503,6 @@ pkg_preinst() {
dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
fi fi
# Flatcar: This used to be in upstream ebuild, but now it's
# gone. We should drop it once we get rid of split-usr in SDK.
if ! use split-usr; then
local dir
# Flatcar: We still use separate bin and sbin, so drop usr/sbin from the list.
for dir in bin sbin lib; do
if [[ ! -L ${EROOT}/${dir} ]]; then
eerror "'${EROOT}/${dir}' is not a symbolic link."
FAIL=1
fi
done
if [[ ${FAIL} ]]; then
eerror "Migration to system layout with merged directories must be performed before"
eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
die "System layout with split directories still used"
fi
fi
if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
ewarn "The 'gnuefi' USE flag has been renamed to 'boot'." ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot." ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
@ -719,15 +522,13 @@ pkg_postinst() {
# between OpenRC & systemd # between OpenRC & systemd
migrate_locale migrate_locale
# Flatcar: We enable getty and remote-fs targets in /usr if [[ -z ${REPLACING_VERSIONS} ]]; then
# ourselves above. if type systemctl &>/dev/null; then
# if [[ -z ${REPLACING_VERSIONS} ]]; then systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
# if type systemctl &>/dev/null; then fi
# systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 elog "To enable a useful set of services, run the following:"
# fi elog " systemctl preset-all --preset-mode=enable-only"
# elog "To enable a useful set of services, run the following:" fi
# elog " systemctl preset-all --preset-mode=enable-only"
# fi
if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
rm "${EROOT}/var/lib/systemd/timesync" rm "${EROOT}/var/lib/systemd/timesync"

579
sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-258-r1.ebuild vendored Normal file
View File

@ -0,0 +1,579 @@
# Copyright 2011-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{11..13} )
# Avoid QA warnings
TMPFILES_OPTIONAL=1
UDEV_OPTIONAL=1
QA_PKGCONFIG_VERSION=$(ver_cut 1)
if [[ ${PV} == 9999 ]]; then
EGIT_REPO_URI="https://github.com/systemd/systemd.git"
inherit git-r3
else
MY_PV=${PV/_/-}
MY_P=${PN}-${MY_PV}
S=${WORKDIR}/${MY_P}
SRC_URI="https://github.com/systemd/${PN}/archive/refs/tags/v${MY_PV}.tar.gz -> ${MY_P}.tar.gz"
if [[ ${PV} != *rc* ]] ; then
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
fi
fi
inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1
inherit secureboot systemd toolchain-funcs udev
DESCRIPTION="System and service manager for Linux"
HOMEPAGE="https://systemd.io/"
LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
SLOT="0/2"
IUSE="
acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod
+lz4 lzma +openssl pam passwdqc pcre pkcs11 policykit pwquality qrcode
+resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
"
REQUIRED_USE="
${PYTHON_REQUIRED_USE}
dns-over-tls? ( openssl )
fido2? ( cryptsetup openssl )
homed? ( cryptsetup pam openssl )
importd? ( curl lzma openssl )
?? ( passwdqc pwquality )
passwdqc? ( homed )
pwquality? ( homed )
boot? ( kernel-install )
ukify? ( boot )
"
RESTRICT="!test? ( test )"
MINKV="4.15"
COMMON_DEPEND="
>=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}]
sys-libs/libcap:0=[${MULTILIB_USEDEP}]
virtual/libcrypt:=[${MULTILIB_USEDEP}]
acl? ( sys-apps/acl:0= )
apparmor? ( >=sys-libs/libapparmor-2.13:0= )
audit? ( >=sys-process/audit-2:0= )
bpf? ( >=dev-libs/libbpf-1.4.0:0= )
cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
curl? ( >=net-misc/curl-7.32.0:0= )
elfutils? ( >=dev-libs/elfutils-0.158:0= )
fido2? (
dev-libs/libfido2:0=
)
gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
gnutls? ( >=net-libs/gnutls-3.6.0:0= )
http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
idn? ( net-dns/libidn2:= )
importd? (
app-arch/bzip2:0=
sys-libs/zlib:0=
)
kmod? ( >=sys-apps/kmod-15:0= )
lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
iptables? ( net-firewall/iptables:0= )
openssl? ( >=dev-libs/openssl-1.1.0:0= )
pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
passwdqc? ( sys-auth/passwdqc:0= )
pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= )
pcre? ( dev-libs/libpcre2 )
pwquality? ( >=dev-libs/libpwquality-1.4.1:0= )
qrcode? ( >=media-gfx/qrencode-3:0= )
seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
selinux? ( >=sys-libs/libselinux-2.1.9:0= )
tpm? ( app-crypt/tpm2-tss:0= )
xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
"
# Newer linux-headers needed by ia64, bug #480218
DEPEND="${COMMON_DEPEND}
>=sys-kernel/linux-headers-${MINKV}
"
PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
# baselayout-2.2 has /run
RDEPEND="${COMMON_DEPEND}
>=acct-group/adm-0-r1
>=acct-group/wheel-0-r1
>=acct-group/kmem-0-r1
>=acct-group/tty-0-r1
>=acct-group/utmp-0-r1
>=acct-group/audio-0-r1
>=acct-group/cdrom-0-r1
acct-group/clock
>=acct-group/dialout-0-r1
>=acct-group/disk-0-r1
>=acct-group/input-0-r1
>=acct-group/kvm-0-r1
>=acct-group/lp-0-r1
>=acct-group/render-0-r1
acct-group/sgx
>=acct-group/tape-0-r1
acct-group/users
>=acct-group/video-0-r1
>=acct-group/systemd-journal-0-r1
>=acct-user/root-0-r1
acct-user/nobody
>=acct-user/systemd-journal-remote-0-r1
>=acct-user/systemd-coredump-0-r1
>=acct-user/systemd-network-0-r1
acct-user/systemd-oom
>=acct-user/systemd-resolve-0-r1
>=acct-user/systemd-timesync-0-r1
>=sys-apps/baselayout-2.2
ukify? (
${PYTHON_DEPS}
$(python_gen_cond_dep "${PEFILE_DEPEND}")
)
selinux? (
sec-policy/selinux-base-policy[systemd]
sec-policy/selinux-ntp
)
sysv-utils? (
!sys-apps/openrc[sysv-utils(-)]
!sys-apps/sysvinit
)
!sysv-utils? ( sys-apps/sysvinit )
resolvconf? ( !net-dns/openresolv )
!sys-apps/hwids[udev]
!sys-auth/nss-myhostname
!sys-fs/eudev
!sys-fs/udev
"
# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
>=sys-fs/udev-init-scripts-34
policykit? ( sys-auth/polkit )
!vanilla? ( sys-apps/gentoo-systemd-integration )"
BDEPEND="
app-arch/xz-utils:0
dev-util/gperf
>=dev-build/meson-0.46
>=sys-apps/coreutils-8.16
sys-devel/gettext
virtual/pkgconfig
bpf? (
>=dev-util/bpftool-7.0.0
sys-devel/bpf-toolchain
)
test? (
app-text/tree
dev-lang/perl
sys-apps/dbus
)
app-text/docbook-xml-dtd:4.2
app-text/docbook-xml-dtd:4.5
app-text/docbook-xsl-stylesheets
dev-libs/libxslt:0
${PYTHON_DEPS}
$(python_gen_cond_dep "
dev-python/jinja2[\${PYTHON_USEDEP}]
dev-python/lxml[\${PYTHON_USEDEP}]
boot? (
>=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}]
test? ( ${PEFILE_DEPEND} )
)
")
"
QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
check_cgroup_layout() {
# https://bugs.gentoo.org/935261
[[ ${MERGE_TYPE} != buildonly ]] || return
[[ -z ${ROOT} ]] || return
[[ -e /sys/fs/cgroup/unified ]] || return
grep -q 'SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1' /proc/cmdline && return
eerror "This system appears to be booted with the 'hybrid' cgroup layout."
eerror "This layout obsolete and is disabled in systemd."
if grep -qF 'systemd.unified_cgroup_hierarchy'; then
eerror "Remove the systemd.unified_cgroup_hierarchy option"
eerror "from the kernel command line and reboot."
die "hybrid cgroup layout detected"
fi
}
pkg_pretend() {
if use split-usr; then
eerror "Please complete the migration to merged-usr."
eerror "https://wiki.gentoo.org/wiki/Merge-usr"
die "systemd no longer supports split-usr"
fi
check_cgroup_layout
if use cgroup-hybrid; then
eerror "Disable the 'cgroup-hybrid' USE flag."
eerror "Rebuild any initramfs images after rebuilding systemd."
die "cgroup-hybrid is no longer supported"
fi
if [[ ${MERGE_TYPE} != buildonly ]]; then
local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
~!SYSFS_DEPRECATED_V2"
use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
use bpf && CONFIG_CHECK+=" ~BPF ~BPF_SYSCALL ~BPF_LSM ~DEBUG_INFO_BTF"
use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
if kernel_is -ge 5 10 20; then
CONFIG_CHECK+=" ~KCMP"
else
CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
fi
if kernel_is -ge 4 18; then
CONFIG_CHECK+=" ~AUTOFS_FS"
else
CONFIG_CHECK+=" ~AUTOFS4_FS"
fi
if linux_config_exists; then
local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
ewarn "It's recommended to set an empty value to the following kernel config option:"
ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
fi
if linux_chkconfig_present X86; then
CONFIG_CHECK+=" ~DMIID"
fi
fi
if kernel_is -lt ${MINKV//./ }; then
ewarn "Kernel version at least ${MINKV} required"
fi
check_extra_config
fi
}
pkg_setup() {
use boot && secureboot_pkg_setup
}
src_unpack() {
default
[[ ${PV} != 9999 ]] || git-r3_src_unpack
}
src_prepare() {
local PATCHES=(
"${FILESDIR}/systemd-258-shared-add-missing-alloc-util.patch"
"${FILESDIR}/systemd-258-resolve-undo-change-to-return-code.patch"
"${FILESDIR}/systemd-258-curl-warnings.patch"
)
if ! use vanilla; then
PATCHES+=(
"${FILESDIR}/gentoo-journald-audit-r2.patch"
)
fi
default
}
src_configure() {
# Prevent conflicts with i686 cross toolchain, bug 559726
tc-export AR CC NM OBJCOPY RANLIB
python_setup
multilib-minimal_src_configure
}
multilib_src_configure() {
local myconf=(
--localstatedir="${EPREFIX}/var"
-Ddocdir="share/doc/${PF}"
# default is developer, bug 918671
-Dmode=release
-Dsupport-url="https://gentoo.org/support/"
-Dpamlibdir="$(getpam_mod_dir)"
# avoid bash-completion dep
-Dbashcompletiondir="$(get_bashcompdir)"
-Dsplit-bin=false
# Disable compatibility with sysvinit
-Dsysvinit-path=
-Dsysvrcnd-path=
# no deps
-Dima=true
# Match /etc/shells, bug 919749
-Ddebug-shell="${EPREFIX}/bin/sh"
-Ddefault-user-shell="${EPREFIX}/bin/bash"
# Optional components/dependencies
$(meson_native_use_feature acl)
$(meson_native_use_feature apparmor)
$(meson_native_use_feature audit)
$(meson_native_use_feature boot bootloader)
$(meson_native_use_feature bpf bpf-framework)
-Dbpf-compiler=gcc
$(meson_native_use_feature cryptsetup libcryptsetup)
$(meson_native_use_feature curl libcurl)
$(meson_native_use_bool dns-over-tls dns-over-tls)
$(meson_native_use_feature elfutils)
$(meson_native_use_feature fido2 libfido2)
$(meson_feature gcrypt)
$(meson_native_use_feature gnutls)
$(meson_native_use_feature homed)
$(meson_native_use_feature http microhttpd)
$(meson_native_use_bool idn)
$(meson_native_use_feature importd)
$(meson_native_use_feature importd bzip2)
$(meson_native_use_feature importd zlib)
$(meson_native_use_bool kernel-install)
$(meson_native_use_feature kmod)
$(meson_feature lz4)
$(meson_feature lzma xz)
$(meson_use test tests)
$(meson_feature zstd)
$(meson_native_use_feature iptables libiptc)
$(meson_native_use_feature openssl)
$(meson_feature pam)
$(meson_native_use_feature passwdqc)
$(meson_native_use_feature pkcs11 p11kit)
$(meson_native_use_feature pcre pcre2)
$(meson_native_use_feature policykit polkit)
$(meson_native_use_feature pwquality)
$(meson_native_use_feature qrcode qrencode)
$(meson_native_use_feature seccomp)
$(meson_native_use_feature selinux)
$(meson_native_use_feature tpm tpm2)
$(meson_native_use_feature test dbus)
$(meson_native_use_feature ukify)
$(meson_native_use_feature xkb xkbcommon)
-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
# Breaks screen, tmux, etc.
-Ddefault-kill-user-processes=false
-Dcreate-log-dirs=false
# multilib options
$(meson_native_true backlight)
$(meson_native_true binfmt)
$(meson_native_true coredump)
$(meson_native_true environment-d)
$(meson_native_true firstboot)
$(meson_native_true hibernate)
$(meson_native_true hostnamed)
$(meson_native_true ldconfig)
$(meson_native_true localed)
$(meson_native_enabled man)
$(meson_native_true networkd)
$(meson_native_true quotacheck)
$(meson_native_true randomseed)
$(meson_native_true rfkill)
$(meson_native_true sysusers)
$(meson_native_true timedated)
$(meson_native_true timesyncd)
$(meson_native_true tmpfiles)
$(meson_native_true vconsole)
)
case $(tc-arch) in
amd64|arm|arm64|loong|ppc|ppc64|riscv|s390|x86)
# src/vmspawn/vmspawn-util.h: QEMU_MACHINE_TYPE
myconf+=( $(meson_native_enabled vmspawn) ) ;;
*)
myconf+=( -Dvmspawn=disabled ) ;;
esac
meson_src_configure "${myconf[@]}"
}
multilib_src_test() {
(
unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
export COLUMNS=80
addpredict /dev
addpredict /proc
addpredict /run
addpredict /sys/fs/cgroup
meson_src_test --timeout-multiplier=10
) || die
}
multilib_src_install_all() {
einstalldocs
dodoc "${FILESDIR}"/nsswitch.conf
insinto /usr/lib/tmpfiles.d
doins "${FILESDIR}"/legacy.conf
if ! use resolvconf; then
rm -f "${ED}"/usr/bin/resolvconf || die
fi
if ! use sysv-utils; then
rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die
rm "${ED}"/usr/share/man/man1/init.1 || die
rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
fi
# https://bugs.gentoo.org/761763
rm -r "${ED}"/usr/lib/sysusers.d || die
# Preserve empty dirs in /etc & /var, bug #437008
keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
keepdir /etc/kernel/install.d
keepdir /etc/systemd/{network,system,user}
keepdir /etc/udev/rules.d
keepdir /etc/udev/hwdb.d
keepdir /usr/lib/systemd/{system-sleep,system-shutdown}
keepdir /usr/lib/{binfmt.d,modules-load.d}
keepdir /usr/lib/systemd/user-generators
keepdir /var/lib/systemd
keepdir /var/log/journal
if use pam; then
if use selinux; then
newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
else
newpamd "${FILESDIR}"/systemd-user.pam systemd-user
fi
fi
if use kernel-install; then
# Dummy config, remove to make room for sys-kernel/installkernel
rm "${ED}/usr/lib/kernel/install.conf" || die
fi
use ukify && python_fix_shebang "${ED}"
use boot && secureboot_auto_sign
}
migrate_locale() {
local envd_locale_def="${EROOT}/etc/env.d/02locale"
local envd_locale=( "${EROOT}"/etc/env.d/??locale )
local locale_conf="${EROOT}/etc/locale.conf"
if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
# If locale.conf does not exist...
if [[ -e ${envd_locale} ]]; then
# ...either copy env.d/??locale if there's one
ebegin "Moving ${envd_locale} to ${locale_conf}"
mv "${envd_locale}" "${locale_conf}"
eend ${?} || FAIL=1
else
# ...or create a dummy default
ebegin "Creating ${locale_conf}"
cat > "${locale_conf}" <<-EOF
# This file has been created by the sys-apps/systemd ebuild.
# See locale.conf(5) and localectl(1).
# LANG=${LANG}
EOF
eend ${?} || FAIL=1
fi
fi
if [[ ! -L ${envd_locale} ]]; then
# now, if env.d/??locale is not a symlink (to locale.conf)...
if [[ -e ${envd_locale} ]]; then
# ...warn the user that he has duplicate locale settings
ewarn
ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
ewarn "and create the symlink with the following command:"
ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
ewarn
else
# ...or just create the symlink if there's nothing here
ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
ln -n -s ../locale.conf "${envd_locale_def}"
eend ${?} || FAIL=1
fi
fi
}
pkg_preinst() {
if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
# Symlink /etc/sysctl.conf for easy migration.
dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
fi
if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
fi
}
pkg_postinst() {
systemd_update_catalog
# Keep this here in case the database format changes so it gets updated
# when required.
systemd-hwdb --root="${ROOT}" update
udev_reload || FAIL=1
# Bug 465468, make sure locales are respected, and ensure consistency
# between OpenRC & systemd
migrate_locale
if [[ -z ${REPLACING_VERSIONS} ]]; then
if type systemctl &>/dev/null; then
systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
fi
elog "To enable a useful set of services, run the following:"
elog " systemctl preset-all --preset-mode=enable-only"
fi
if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
rm "${EROOT}/var/lib/systemd/timesync"
fi
if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
ebegin "Reexecuting system manager (systemd)"
systemctl daemon-reexec
eend $? || FAIL=1
# https://lists.freedesktop.org/archives/systemd-devel/2024-June/050466.html
ebegin "Signaling user managers to reexec"
systemctl kill --kill-whom='main' --signal='SIGRTMIN+25' 'user@*.service'
eend $?
fi
if [[ ${FAIL} ]]; then
eerror "One of the postinst commands failed. Please check the postinst output"
eerror "for errors. You may need to clean up your system and/or try installing"
eerror "systemd again."
eerror
fi
if use boot; then
optfeature "installing kernels in systemd-boot's native layout and update loader entries" \
"sys-kernel/installkernel[systemd-boot]"
fi
if use ukify; then
optfeature "generating unified kernel image on each kernel installation" \
"sys-kernel/installkernel[ukify]"
fi
}
pkg_prerm() {
# If removing systemd completely, remove the catalog database.
if [[ ! ${REPLACED_BY_VERSION} ]]; then
rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
fi
}

576
sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-9999.ebuild vendored Normal file
View File

@ -0,0 +1,576 @@
# Copyright 2011-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{11..13} )
# Avoid QA warnings
TMPFILES_OPTIONAL=1
UDEV_OPTIONAL=1
QA_PKGCONFIG_VERSION=$(ver_cut 1)
if [[ ${PV} == 9999 ]]; then
EGIT_REPO_URI="https://github.com/systemd/systemd.git"
inherit git-r3
else
MY_PV=${PV/_/-}
MY_P=${PN}-${MY_PV}
S=${WORKDIR}/${MY_P}
SRC_URI="https://github.com/systemd/${PN}/archive/refs/tags/v${MY_PV}.tar.gz -> ${MY_P}.tar.gz"
if [[ ${PV} != *rc* ]] ; then
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
fi
fi
inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1
inherit secureboot systemd toolchain-funcs udev
DESCRIPTION="System and service manager for Linux"
HOMEPAGE="https://systemd.io/"
LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
SLOT="0/2"
IUSE="
acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod
+lz4 lzma +openssl pam passwdqc pcre pkcs11 policykit pwquality qrcode
+resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
"
REQUIRED_USE="
${PYTHON_REQUIRED_USE}
dns-over-tls? ( openssl )
fido2? ( cryptsetup openssl )
homed? ( cryptsetup pam openssl )
importd? ( curl lzma openssl )
?? ( passwdqc pwquality )
passwdqc? ( homed )
pwquality? ( homed )
boot? ( kernel-install )
ukify? ( boot )
"
RESTRICT="!test? ( test )"
MINKV="4.15"
COMMON_DEPEND="
>=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}]
sys-libs/libcap:0=[${MULTILIB_USEDEP}]
virtual/libcrypt:=[${MULTILIB_USEDEP}]
acl? ( sys-apps/acl:0= )
apparmor? ( >=sys-libs/libapparmor-2.13:0= )
audit? ( >=sys-process/audit-2:0= )
bpf? ( >=dev-libs/libbpf-1.4.0:0= )
cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
curl? ( >=net-misc/curl-7.32.0:0= )
elfutils? ( >=dev-libs/elfutils-0.158:0= )
fido2? (
dev-libs/libfido2:0=
)
gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
gnutls? ( >=net-libs/gnutls-3.6.0:0= )
http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
idn? ( net-dns/libidn2:= )
importd? (
app-arch/bzip2:0=
sys-libs/zlib:0=
)
kmod? ( >=sys-apps/kmod-15:0= )
lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
iptables? ( net-firewall/iptables:0= )
openssl? ( >=dev-libs/openssl-1.1.0:0= )
pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
passwdqc? ( sys-auth/passwdqc:0= )
pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= )
pcre? ( dev-libs/libpcre2 )
pwquality? ( >=dev-libs/libpwquality-1.4.1:0= )
qrcode? ( >=media-gfx/qrencode-3:0= )
seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
selinux? ( >=sys-libs/libselinux-2.1.9:0= )
tpm? ( app-crypt/tpm2-tss:0= )
xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
"
# Newer linux-headers needed by ia64, bug #480218
DEPEND="${COMMON_DEPEND}
>=sys-kernel/linux-headers-${MINKV}
"
PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
# baselayout-2.2 has /run
RDEPEND="${COMMON_DEPEND}
>=acct-group/adm-0-r1
>=acct-group/wheel-0-r1
>=acct-group/kmem-0-r1
>=acct-group/tty-0-r1
>=acct-group/utmp-0-r1
>=acct-group/audio-0-r1
>=acct-group/cdrom-0-r1
acct-group/clock
>=acct-group/dialout-0-r1
>=acct-group/disk-0-r1
>=acct-group/input-0-r1
>=acct-group/kvm-0-r1
>=acct-group/lp-0-r1
>=acct-group/render-0-r1
acct-group/sgx
>=acct-group/tape-0-r1
acct-group/users
>=acct-group/video-0-r1
>=acct-group/systemd-journal-0-r1
>=acct-user/root-0-r1
acct-user/nobody
>=acct-user/systemd-journal-remote-0-r1
>=acct-user/systemd-coredump-0-r1
>=acct-user/systemd-network-0-r1
acct-user/systemd-oom
>=acct-user/systemd-resolve-0-r1
>=acct-user/systemd-timesync-0-r1
>=sys-apps/baselayout-2.2
ukify? (
${PYTHON_DEPS}
$(python_gen_cond_dep "${PEFILE_DEPEND}")
)
selinux? (
sec-policy/selinux-base-policy[systemd]
sec-policy/selinux-ntp
)
sysv-utils? (
!sys-apps/openrc[sysv-utils(-)]
!sys-apps/sysvinit
)
!sysv-utils? ( sys-apps/sysvinit )
resolvconf? ( !net-dns/openresolv )
!sys-apps/hwids[udev]
!sys-auth/nss-myhostname
!sys-fs/eudev
!sys-fs/udev
"
# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
>=sys-fs/udev-init-scripts-34
policykit? ( sys-auth/polkit )
!vanilla? ( sys-apps/gentoo-systemd-integration )"
BDEPEND="
app-arch/xz-utils:0
dev-util/gperf
>=dev-build/meson-0.46
>=sys-apps/coreutils-8.16
sys-devel/gettext
virtual/pkgconfig
bpf? (
>=dev-util/bpftool-7.0.0
sys-devel/bpf-toolchain
)
test? (
app-text/tree
dev-lang/perl
sys-apps/dbus
)
app-text/docbook-xml-dtd:4.2
app-text/docbook-xml-dtd:4.5
app-text/docbook-xsl-stylesheets
dev-libs/libxslt:0
${PYTHON_DEPS}
$(python_gen_cond_dep "
dev-python/jinja2[\${PYTHON_USEDEP}]
dev-python/lxml[\${PYTHON_USEDEP}]
boot? (
>=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}]
test? ( ${PEFILE_DEPEND} )
)
")
"
QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
check_cgroup_layout() {
# https://bugs.gentoo.org/935261
[[ ${MERGE_TYPE} != buildonly ]] || return
[[ -z ${ROOT} ]] || return
[[ -e /sys/fs/cgroup/unified ]] || return
grep -q 'SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1' /proc/cmdline && return
eerror "This system appears to be booted with the 'hybrid' cgroup layout."
eerror "This layout obsolete and is disabled in systemd."
if grep -qF 'systemd.unified_cgroup_hierarchy'; then
eerror "Remove the systemd.unified_cgroup_hierarchy option"
eerror "from the kernel command line and reboot."
die "hybrid cgroup layout detected"
fi
}
pkg_pretend() {
if use split-usr; then
eerror "Please complete the migration to merged-usr."
eerror "https://wiki.gentoo.org/wiki/Merge-usr"
die "systemd no longer supports split-usr"
fi
check_cgroup_layout
if use cgroup-hybrid; then
eerror "Disable the 'cgroup-hybrid' USE flag."
eerror "Rebuild any initramfs images after rebuilding systemd."
die "cgroup-hybrid is no longer supported"
fi
if [[ ${MERGE_TYPE} != buildonly ]]; then
local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
~!SYSFS_DEPRECATED_V2"
use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
use bpf && CONFIG_CHECK+=" ~BPF ~BPF_SYSCALL ~BPF_LSM ~DEBUG_INFO_BTF"
use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
if kernel_is -ge 5 10 20; then
CONFIG_CHECK+=" ~KCMP"
else
CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
fi
if kernel_is -ge 4 18; then
CONFIG_CHECK+=" ~AUTOFS_FS"
else
CONFIG_CHECK+=" ~AUTOFS4_FS"
fi
if linux_config_exists; then
local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
ewarn "It's recommended to set an empty value to the following kernel config option:"
ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
fi
if linux_chkconfig_present X86; then
CONFIG_CHECK+=" ~DMIID"
fi
fi
if kernel_is -lt ${MINKV//./ }; then
ewarn "Kernel version at least ${MINKV} required"
fi
check_extra_config
fi
}
pkg_setup() {
use boot && secureboot_pkg_setup
}
src_unpack() {
default
[[ ${PV} != 9999 ]] || git-r3_src_unpack
}
src_prepare() {
local PATCHES=(
)
if ! use vanilla; then
PATCHES+=(
"${FILESDIR}/gentoo-journald-audit-r2.patch"
)
fi
default
}
src_configure() {
# Prevent conflicts with i686 cross toolchain, bug 559726
tc-export AR CC NM OBJCOPY RANLIB
python_setup
multilib-minimal_src_configure
}
multilib_src_configure() {
local myconf=(
--localstatedir="${EPREFIX}/var"
-Ddocdir="share/doc/${PF}"
# default is developer, bug 918671
-Dmode=release
-Dsupport-url="https://gentoo.org/support/"
-Dpamlibdir="$(getpam_mod_dir)"
# avoid bash-completion dep
-Dbashcompletiondir="$(get_bashcompdir)"
-Dsplit-bin=false
# Disable compatibility with sysvinit
-Dsysvinit-path=
-Dsysvrcnd-path=
# no deps
-Dima=true
# Match /etc/shells, bug 919749
-Ddebug-shell="${EPREFIX}/bin/sh"
-Ddefault-user-shell="${EPREFIX}/bin/bash"
# Optional components/dependencies
$(meson_native_use_feature acl)
$(meson_native_use_feature apparmor)
$(meson_native_use_feature audit)
$(meson_native_use_feature boot bootloader)
$(meson_native_use_feature bpf bpf-framework)
-Dbpf-compiler=gcc
$(meson_native_use_feature cryptsetup libcryptsetup)
$(meson_native_use_feature curl libcurl)
$(meson_native_use_bool dns-over-tls dns-over-tls)
$(meson_native_use_feature elfutils)
$(meson_native_use_feature fido2 libfido2)
$(meson_feature gcrypt)
$(meson_native_use_feature gnutls)
$(meson_native_use_feature homed)
$(meson_native_use_feature http microhttpd)
$(meson_native_use_bool idn)
$(meson_native_use_feature importd)
$(meson_native_use_feature importd bzip2)
$(meson_native_use_feature importd zlib)
$(meson_native_use_bool kernel-install)
$(meson_native_use_feature kmod)
$(meson_feature lz4)
$(meson_feature lzma xz)
$(meson_use test tests)
$(meson_feature zstd)
$(meson_native_use_feature iptables libiptc)
$(meson_native_use_feature openssl)
$(meson_feature pam)
$(meson_native_use_feature passwdqc)
$(meson_native_use_feature pkcs11 p11kit)
$(meson_native_use_feature pcre pcre2)
$(meson_native_use_feature policykit polkit)
$(meson_native_use_feature pwquality)
$(meson_native_use_feature qrcode qrencode)
$(meson_native_use_feature seccomp)
$(meson_native_use_feature selinux)
$(meson_native_use_feature tpm tpm2)
$(meson_native_use_feature test dbus)
$(meson_native_use_feature ukify)
$(meson_native_use_feature xkb xkbcommon)
-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
# Breaks screen, tmux, etc.
-Ddefault-kill-user-processes=false
-Dcreate-log-dirs=false
# multilib options
$(meson_native_true backlight)
$(meson_native_true binfmt)
$(meson_native_true coredump)
$(meson_native_true environment-d)
$(meson_native_true firstboot)
$(meson_native_true hibernate)
$(meson_native_true hostnamed)
$(meson_native_true ldconfig)
$(meson_native_true localed)
$(meson_native_enabled man)
$(meson_native_true networkd)
$(meson_native_true quotacheck)
$(meson_native_true randomseed)
$(meson_native_true rfkill)
$(meson_native_true sysusers)
$(meson_native_true timedated)
$(meson_native_true timesyncd)
$(meson_native_true tmpfiles)
$(meson_native_true vconsole)
)
case $(tc-arch) in
amd64|arm|arm64|loong|ppc|ppc64|riscv|s390|x86)
# src/vmspawn/vmspawn-util.h: QEMU_MACHINE_TYPE
myconf+=( $(meson_native_enabled vmspawn) ) ;;
*)
myconf+=( -Dvmspawn=disabled ) ;;
esac
meson_src_configure "${myconf[@]}"
}
multilib_src_test() {
(
unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
export COLUMNS=80
addpredict /dev
addpredict /proc
addpredict /run
addpredict /sys/fs/cgroup
meson_src_test --timeout-multiplier=10
) || die
}
multilib_src_install_all() {
einstalldocs
dodoc "${FILESDIR}"/nsswitch.conf
insinto /usr/lib/tmpfiles.d
doins "${FILESDIR}"/legacy.conf
if ! use resolvconf; then
rm -f "${ED}"/usr/bin/resolvconf || die
fi
if ! use sysv-utils; then
rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die
rm "${ED}"/usr/share/man/man1/init.1 || die
rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
fi
# https://bugs.gentoo.org/761763
rm -r "${ED}"/usr/lib/sysusers.d || die
# Preserve empty dirs in /etc & /var, bug #437008
keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
keepdir /etc/kernel/install.d
keepdir /etc/systemd/{network,system,user}
keepdir /etc/udev/rules.d
keepdir /etc/udev/hwdb.d
keepdir /usr/lib/systemd/{system-sleep,system-shutdown}
keepdir /usr/lib/{binfmt.d,modules-load.d}
keepdir /usr/lib/systemd/user-generators
keepdir /var/lib/systemd
keepdir /var/log/journal
if use pam; then
if use selinux; then
newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
else
newpamd "${FILESDIR}"/systemd-user.pam systemd-user
fi
fi
if use kernel-install; then
# Dummy config, remove to make room for sys-kernel/installkernel
rm "${ED}/usr/lib/kernel/install.conf" || die
fi
use ukify && python_fix_shebang "${ED}"
use boot && secureboot_auto_sign
}
migrate_locale() {
local envd_locale_def="${EROOT}/etc/env.d/02locale"
local envd_locale=( "${EROOT}"/etc/env.d/??locale )
local locale_conf="${EROOT}/etc/locale.conf"
if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
# If locale.conf does not exist...
if [[ -e ${envd_locale} ]]; then
# ...either copy env.d/??locale if there's one
ebegin "Moving ${envd_locale} to ${locale_conf}"
mv "${envd_locale}" "${locale_conf}"
eend ${?} || FAIL=1
else
# ...or create a dummy default
ebegin "Creating ${locale_conf}"
cat > "${locale_conf}" <<-EOF
# This file has been created by the sys-apps/systemd ebuild.
# See locale.conf(5) and localectl(1).
# LANG=${LANG}
EOF
eend ${?} || FAIL=1
fi
fi
if [[ ! -L ${envd_locale} ]]; then
# now, if env.d/??locale is not a symlink (to locale.conf)...
if [[ -e ${envd_locale} ]]; then
# ...warn the user that he has duplicate locale settings
ewarn
ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
ewarn "and create the symlink with the following command:"
ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
ewarn
else
# ...or just create the symlink if there's nothing here
ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
ln -n -s ../locale.conf "${envd_locale_def}"
eend ${?} || FAIL=1
fi
fi
}
pkg_preinst() {
if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
# Symlink /etc/sysctl.conf for easy migration.
dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
fi
if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
fi
}
pkg_postinst() {
systemd_update_catalog
# Keep this here in case the database format changes so it gets updated
# when required.
systemd-hwdb --root="${ROOT}" update
udev_reload || FAIL=1
# Bug 465468, make sure locales are respected, and ensure consistency
# between OpenRC & systemd
migrate_locale
if [[ -z ${REPLACING_VERSIONS} ]]; then
if type systemctl &>/dev/null; then
systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
fi
elog "To enable a useful set of services, run the following:"
elog " systemctl preset-all --preset-mode=enable-only"
fi
if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
rm "${EROOT}/var/lib/systemd/timesync"
fi
if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
ebegin "Reexecuting system manager (systemd)"
systemctl daemon-reexec
eend $? || FAIL=1
# https://lists.freedesktop.org/archives/systemd-devel/2024-June/050466.html
ebegin "Signaling user managers to reexec"
systemctl kill --kill-whom='main' --signal='SIGRTMIN+25' 'user@*.service'
eend $?
fi
if [[ ${FAIL} ]]; then
eerror "One of the postinst commands failed. Please check the postinst output"
eerror "for errors. You may need to clean up your system and/or try installing"
eerror "systemd again."
eerror
fi
if use boot; then
optfeature "installing kernels in systemd-boot's native layout and update loader entries" \
"sys-kernel/installkernel[systemd-boot]"
fi
if use ukify; then
optfeature "generating unified kernel image on each kernel installation" \
"sys-kernel/installkernel[ukify]"
fi
}
pkg_prerm() {
# If removing systemd completely, remove the catalog database.
if [[ ! ${REPLACED_BY_VERSION} ]]; then
rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
fi
}