overlay coreos/config: Various small fixes

Mostly making sure that doing replacements is safe for repeated
sourcing of the hook file, so we won't end up with a situation where a
function foo is calling itself infinitely.

Other than that, making sure that install masks are also added to
PKG_INSTALL_MASK for binary packages.

Also fixed redefining strip function in sys-libs/glibc.

Moved one function from profile.bashrc to sys-apps/policycoreutils, so
it isn't executed for every package.

sdk_container/src/third_party/coreos-overlay/coreos/config/env/dev-libs/openssl

@@ -1,5 +1,7 @@
 # A hack to avoid rehashing certs in a nonexistent directory.
-flatcar_hacked_openssl=$(command -v openssl)
+if [[ -z ${flatcar_hacked_openssl:-} ]]; then
+    flatcar_hacked_openssl=$(command -v openssl)
+fi
 openssl() {
     if [[ ${#} -gt 0 && ${1} = 'rehash' ]]; then
         return;

sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-dns/bind

@@ -22,12 +22,14 @@ unset ndb_install_mask
 # only files that this happens for are files that we have put into
 # {PKG_,}INSTALL_MASK. This will help us avoid installing
 # acct-user/named and acct-user/group.
-fowners_script=$(command -v fowners)
+if [[ -z ${flatcar_hacked_fowners:-} ]]; then
+    flatcar_hacked_fowners=$(command -v fowners)
+fi
 fowners() {
     if [[ ${#} -gt 0 && ( ${1} = named:* || ${1} = *:named ) ]]; then
         return 0
     fi
-    "${fowners_script}" "${@}"
+    "${flatcar_hacked_fowners}" "${@}"
 }
 
 # The pkg_postinst phase function wants to generate an rndc.key file

sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-misc/ntp

@@ -1,9 +1,15 @@
+ntp_install_mask=''
 # Do not install ntpdate or sntp systemd files in /etc.
-INSTALL_MASK+=" /etc/systemd"
+ntp_install_mask+=" /etc/systemd"
 # Do not install the default ntp.conf, we provide our own in
 # coreos-base/misc-files.
-INSTALL_MASK+=" /etc/ntp.conf"
+ntp_install_mask+=" /etc/ntp.conf"
 # Do not install perl scripts to /usr/bin.
-INSTALL_MASK+=" /usr/bin/calc_tickadj /usr/bin/ntp-wait /usr/bin/ntptrace /usr/bin/update-leap"
+ntp_install_mask+=" /usr/bin/calc_tickadj /usr/bin/ntp-wait /usr/bin/ntptrace /usr/bin/update-leap"
 # Do not install perl package to /usr/share/ntp.
-INSTALL_MASK+=" /usr/share/ntp"
+ntp_install_mask+=" /usr/share/ntp"
+
+ntp_install_mask+=' '
+INSTALL_MASK+=${ntp_install_mask}
+PKG_INSTALL_MASK+=${ntp_install_mask}
+unset ntp_install_mask

sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-misc/openssh

@@ -3,8 +3,8 @@
 # Do not install the config snippet that defines a subsystem. We have
 # our own definition in coreos-init.
 if [[ $(cros_target) != "cros_host" ]] ; then
-	openssh_mask="/usr/lib*/misc/ssh-keysign /etc/ssh/sshd_config.d/*gentoo-subsystem.conf"
-	PKG_INSTALL_MASK+=" ${openssh_mask}"
-	INSTALL_MASK+=" ${openssh_mask}"
+	openssh_mask=" /usr/lib*/misc/ssh-keysign /etc/ssh/sshd_config.d/*gentoo-subsystem.conf "
+	PKG_INSTALL_MASK+="${openssh_mask}"
+	INSTALL_MASK+="${openssh_mask}"
 	unset openssh_mask
 fi

sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/lsb-release

@@ -1 +1,4 @@
-INSTALL_MASK+=" /etc/lsb-release"
+lsb_release_install_mask=" /etc/lsb-release "
+INSTALL_MASK+="${lsb_release_install_mask}"
+PKG_INSTALL_MASK+="${lsb_release_install_mask}"
+unset lsb_release_install_mask

sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/policycoreutils

@@ -0,0 +1,16 @@
+# sys-apps/policycoreutils creates /var/lib/selinux directory in
+# src_install and then needs it to be available when running
+# pkg_postinst, because it does a policy module rebuild there. We
+# initially have put /var/lib/selinux into INSTALL_MASK and told
+# coreos-base/misc-files to install the directory at
+# /usr/lib/selinux/policy together with a symlink at /var/lib/selinux
+# pointing to the directory. But this is done too late - at
+# sys-apps/policycoreutils' pkg_postinst time, /var/lib/selinux does
+# not exist, because coreos-base/misc-files was not yet emerged. So we
+# need to fall back to this hack, where we set up /var/lib/selinux and
+# /usr/lib/selinux/policy the way we want.
+cros_post_src_install_set_up_var_lib_selinux() {
+    dodir /usr/lib/selinux
+    mv "${ED}/var/lib/selinux" "${ED}/usr/lib/selinux/policy"
+    dosym -r /usr/lib/selinux/policy /var/lib/selinux
+}

sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-boot/grub

@@ -50,5 +50,7 @@ cros_post_src_install_sbat() {
 
 # Flatcar does not use grub-install or grub-mkconfig. All the files under /etc
 # relate to grub-mkconfig.
-INSTALL_MASK+=" ${EPREFIX}/etc/ *grub-install* *mkconfig*"
-PKG_INSTALL_MASK+=" ${EPREFIX}/etc/ *grub-install* *mkconfig*"
+grub_install_mask=" ${EPREFIX}/etc/ *grub-install* *mkconfig* "
+INSTALL_MASK+="${grub_install_mask}"
+PKG_INSTALL_MASK+="${grub_install_mask}"
+unset grub_install_mask

sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-libs/glibc

@@ -1,7 +1,9 @@
 # A terrible hack to actually strip our binaries. We want to make
 # "dostrip -x /" a no-op, otherwise pass everything to the original
 # dostrip.
-eval "$(echo 'flatcar_hacked_dostrip()'; declare -pf dostrip | tail -n + 2)"
+if ! declare -pf flatcar_hacked_dostrip >/dev/null 2>&1; then
+    eval "$(echo 'flatcar_hacked_dostrip()'; declare -pf dostrip | tail -n +2)"
+fi
 dostrip() {
     if [[ ${#} = 2 && ${1} = '-x' && ${2} = '/' ]]; then
         return

sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-process/audit

@@ -1,11 +1,7 @@
 # Do not install Gentoo-provided audit rules, we will install our own
 # in coreos-base/misc-files. Also skip installing legacy initscripts
 # stuff in /usr/libexec.
-INSTALL_MASK+="
-/etc/audit/audit.rules*
-/usr/libexec
-"
-PKG_INSTALL_MASK+="
-/etc/audit/audit.rules*
-/usr/libexec
-"
+audit_install_mask=" /etc/audit/audit.rules* /usr/libexec "
+INSTALL_MASK+="${audit_install_mask}"
+PKG_INSTALL_MASK+="${audit_install_mask}"
+unset audit_install_mask

sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/profile.bashrc

@@ -87,26 +87,6 @@ cros_pre_pkg_postinst_no_modifications_of_users() {
     export ACCT_USER_NO_MODIFY=x
 }
 
-# sys-apps/policycoreutils creates /var/lib/selinux directory in
-# src_install and then needs it to be available when running
-# pkg_postinst, because it does a policy module rebuild there. We
-# initially have put /var/lib/selinux into INSTALL_MASK and told
-# coreos-base/misc-files to install the directory at
-# /usr/lib/selinux/policy together with a symlink at /var/lib/selinux
-# pointing to the directory. But this is done too late - at
-# sys-apps/policycoreutils' pkg_postinst time, /var/lib/selinux does
-# not exist, because coreos-base/misc-files was not yet emerged. So we
-# need to fall back to this hack, where we set up /var/lib/selinux and
-# /usr/lib/selinux/policy the way we want.
-cros_post_src_install_set_up_var_lib_selinux() {
-    if [[ ${CATEGORY} != 'sys-apps' ]] || [[ ${PN} != 'policycoreutils' ]]; then
-        return 0;
-    fi
-    dodir /usr/lib/selinux
-    mv "${ED}/var/lib/selinux" "${ED}/usr/lib/selinux/policy"
-    dosym ../../usr/lib/selinux/policy /var/lib/selinux
-}
-
 # Source hooks for SLSA build provenance report generation
 source "${BASH_SOURCE[0]}.slsa-provenance"