mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2026-02-05 07:41:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1158 from flatcar/t-lo/experimental-prefix-support

Browse Source 
Flatcar SDK: add experimental prefix builds
This commit is contained in:
Thilo Fromm 2023-09-30 12:38:33 +02:00 committed by GitHub
commit 455645c2e0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
57 changed files with 6477 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/portage-stable-packages-list vendored
View File

@ -378,6 +378,7 @@ sec-policy/selinux-unconfined
sys-apps/acl
sys-apps/attr
sys-apps/bubblewrap
sys-apps/checkpolicy
sys-apps/config-site
sys-apps/coreutils
@ -508,6 +509,7 @@ virtual/perl-IO
virtual/pkgconfig
virtual/service-manager
virtual/ssh
virtual/tmpfiles
x11-base/xorg-proto

98
PREFIX.md Normal file
View File

@ -0,0 +1,98 @@
# Prefix - build portable, distro-independent apps
**!!! NOTE: Prefix support in the Flatcar SDK is EXPERIMENTAL at this time !!!**
## Path to stabilisation TODO list
Before prefix build support are considered stable, the below must be implemented:
1. Integrate `cb-bootstrap` with the Flatcar SDK.
Currently, `setup_prefix` uses cross-boss' `cb-bootstrap` to set up the prefix environment.
Bootstrapping must be fully integrated with the Flatcar SDK before prefix builds are considered stable.
2. Integrate prefix builds with `/build/<board>` environment and use board cross toolchain.
Prefix builds currently use the SDK cross toolchains (`/usr/<arch>-gnu/`) instead of board toolchains in `/build/<board>`.
Prefix builds must be integrated with the board toolchains and stop using `cb-emerge` before considered stable.
3. Add prefix wrappers for all portage tools (similar to board wrappers), not just `emerge`.
4. Add test cases for prefix builds to [mantle/kola](https://github.com/flatcar/mantle/tree/flatcar-master/kola).
## About
Prefix builds let you build and ship applications and all their dependencies in a custom directory.
This custom directory is self-contained, all dependencies are included, and binaries are only linked against libraries in the custom directory.
The applications' root will be `/` - i.e. there's no need to `chroot` into the custom directory.
For example, applications built with the prefix `/usr/local/my-app` will ship
* binaries in `/usr/local/my-app/bin`, `/usr/local/my-app/usr/bin`
* libraries in `/usr/local/my-app/lib[64]`, `/usr/local/my-app/usr/lib[64]`
These binaries can be called directly, e.g. `/usr/local/my-app/usr/bin/myprog`.
`myprog` will only use libraries from `/usr/local/my-app/lib` etc., not from `/`.
A good use case example for prefix builds is to create distro independent, portable [system extensions](https://www.flatcar.org/docs/latest/provisioning/sysext/).
## How does it do that?
Prefix uses a _staging environment_ to build binary packages, then installs these to a _final environment_.
The _staging environment_ contains toolchains and all build tools required to create binary packages (a full `@system`).
The _final environment_ only contains run-time dependencies.
Packages are built from ebuilds in coreos-overlay, portage-stable, and prefix-overlay.
A QoL `emerge` wrapper is included to install packages to the prefix.
## Prerequisites
Prefix utilises the [cross-boss](https://github.com/chewi/cross-boss) project to bootstrap prefixes and to build packages.
For the time being the user is expected to provide cross-boss manually.
By default, a `cross-boss` sub-directory is expected in the scripts repository root.
Cross-boss location can be customised via the `--cross_boss_root` option to `setup_prefix`.
* Run `git clone https://github.com/chewi/cross-boss` in the scripts directory.
## Quick-start guide
For working with a prefix, you will need to agree on:
1. A name for the prefix. Should be a single word and is used for generating protage wrappers.
2. A prefix directory where applications and libraries will live on the target system.
For use with systemd-sysext this should be a path below `/usr` or `/opt`.
For the purpose of the example below we'll use
* `my-prefix` as the prefix name, and
* `/usr/local/my-stuff` as prefix directory.
**TL;DR**
* `./setup_prefix my-prefix /usr/local/my-stuff`
* `emerge-prefix-my-stuff-amd64-usr python`
will create a portable python installation in `__prefix__/amd64-usr/my-stuff/root`.
**Step by step**
First we'll create the prefix.
This will create "staging" and "final" roots and cross-compile a staging environment into "staging".
* In the SDK container, run `./setup_prefix my-prefix /usr/local/my-stuff`
* Go fetch a coffee, bootstrapping may take some 20-ish minutes to complete.
`setup_prefix` will default to `amd64-usr` architecture and will use
* `/build/prefix-<arch>/my-stuff` for the staging environment
* `__prefix__/<arch>/my-stuff` in the scripts directory as install root (aka "final")
* It will also create an emerge wrapper `emerge-prefix-my-stuff-<arch>` to install packages.
Time to use the wrapper! Let's build a portable python sysext.
* `emerge-prefix-my-stuff-amd64-usr python`
Now we'll use [bake.sh](https://raw.githubusercontent.com/flatcar/sysext-bakery/main/bake.sh) from Flatcar's [sysext-bakery](https://github.com/flatcar/sysext-bakery) to create a python sysext.
```shell
wget https://raw.githubusercontent.com/flatcar/sysext-bakery/main/bake.sh
chmod 755 bake.sh
cd __prefix__/amd64-usr/my-stuff
sudo cp -R root python
sudo ../../../bake.sh python
```
On a Flatcar instance, we now copy the resulting `python.raw` to `/etc/extensions`.
We merge with `systemd-sysext refresh`.
Then we can run:
* `/usr/local/my-stuff/usr/bin/python`
Note that this sysext can be used on any Linux distro that ships `systemd-sysext`.
It is self-contained, there are no user space dependencies.

220
build_library/prefix_util.sh Normal file
View File

@ -0,0 +1,220 @@
# Copyright (c) 2023 The Flatcar Maintainers. All rights reserved.
# Use of this source code is governed by the Apache 2.0 license.
DEFAULT_STAGING_ROOT="/build/"
function lineprepend() {
awk -v msg="$*" '{ print msg ": " $0}'
}
# --
function set_prefix_vars() {
local name="${1}"
local prefix="${2}"
EPREFIX="${prefix}"
PREFIXNAME="${name}"
STAGINGDIR="${FLAGS_staging_dir}"
STAGINGROOT="${STAGINGDIR}/root"
FINALDIR="${FLAGS_final_dir}"
FINALROOT="${FINALDIR}/root"
CB_ROOT="${FLAGS_cross_boss_root}"
# the prefix profile enables unstable via MAKE_DEFAULTS; we don't want those.
PREFIX_BOARD="${FLAGS_board}"
case "${PREFIX_BOARD}" in
amd64-usr)
PREFIX_CHOST="x86_64-cros-linux-gnu"
PREFIX_KEYWORDS="amd64 -~amd64"
;;
arm64-usr)
PREFIX_CHOST="aarch64-cros-linux-gnu"
PREFIX_KEYWORDS="arm64 -~arm64"
;;
esac
export EPREFIX PREFIXNAME STAGINGDIR STAGINGROOT FINALDIR FINALROOT CB_ROOT \
PREFIX_CHOST PREFIX_KEYWORDS PREFIX_BOARD
}
# --
function install_prereqs() {
# Make sure cross-boss prerequisites are installed in the SDK
local prefix_repo="${1}"
sudo emerge --newuse sys-apps/bubblewrap
sudo emerge --newuse -1 ">=dev-python/gpep517-15"
# HACK ALERT: needed for cb-bootstrap to build the initial toolchain in staging.
# cb-bootstrap should be ported to use the prefix repos.conf instead.
sudo cp -r "${prefix_repo}/skel/etc/portage/repos.conf" /usr/x86_64-cros-linux-gnu/etc/portage/
sudo cp -r "${prefix_repo}/skel/etc/portage/repos.conf" /usr/aarch64-cros-linux-gnu/etc/portage/
}
# --
function setup_prefix_dirs() {
local prefix_repo="${1}"
sudo mkdir -v -p \
"${STAGINGDIR}/logs" \
"${STAGINGDIR}/pkgs" \
"${STAGINGDIR}/tmp" \
"${STAGINGROOT}${EPREFIX}/etc" \
"${FINALDIR}/logs" \
"${FINALDIR}/tmp" \
"${FINALROOT}${EPREFIX}/etc"
sudo cp -vR "${prefix_repo}/skel/etc/portage" "${STAGINGROOT}${EPREFIX}/etc/"
sudo cp -vR "${prefix_repo}/skel/etc/portage" "${FINALROOT}${EPREFIX}/etc/"
local profile="/mnt/host/source/src/third_party/portage-stable/profiles/default/linux"
case "${PREFIX_BOARD}" in
amd64-usr) profile="${profile}/amd64/17.1/no-multilib/prefix/kernel-3.2+";;
arm64-usr) profile="${profile}/arm64/17.0/prefix/kernel-3.2+";;
esac
sudo ln -s "${profile}" "${STAGINGROOT}${EPREFIX}/etc/portage/make.profile"
sudo ln -s "${profile}" "${FINALROOT}${EPREFIX}/etc/portage/make.profile"
}
# --
function extract_gcc_libs() {
# GCC libs aren't available in a separate package but a full GCC install would make final too big
# TODO: the below is effectively a copy of build_library/prod_image_util.sh::extract_prod_gcc()
# and should eventually be reconciled.
gcc_ver="$(sudo -E PORTAGE_CONFIGROOT="${STAGINGROOT}${EPREFIX}" \
portageq best_visible "${STAGINGROOT}${EPREFIX}" installed sys-devel/gcc)"
pkgdir="$(sudo -E PORTAGE_CONFIGROOT="${STAGINGROOT}${EPREFIX}" portageq pkgdir)"
qtbz2 -O -t "$pkgdir/$gcc_ver".tbz2 \
| sudo tar -v -C "${FINALROOT}" -xj \
--transform "s#.${EPREFIX}/usr/lib/.*/#.${EPREFIX}/usr/lib64/#" \
--wildcards ".${EPREFIX}/usr/lib/gcc/*.so*"
}
# --
function create_make_conf() {
local which="${1}" \
filepath \
dir \
portage_profile \
emerge_opts
case "${which}" in
staging)
filepath="${STAGINGROOT}${EPREFIX}/etc/portage/make.conf"
dir="${STAGINGDIR}"
emerge_opts="--buildpkg"
;;
final)
filepath="${FINALROOT}${EPREFIX}/etc/portage/make.conf"
dir="${FINALDIR}"
emerge_opts="--root-deps=rdeps --usepkgonly"
;;
esac
sudo_clobber "${filepath}" <<EOF
DISTDIR="/mnt/host/source/.cache/distfiles"
PKGDIR=${STAGINGDIR@Q}/pkgs
PORT_LOGDIR=${dir@Q}/logs
PORTAGE_TMPDIR=${dir@Q}/tmp
PORTAGE_BINHOST=""
PORTAGE_USERNAME="sdk"
MAKEOPTS="--jobs=4"
CHOST=${PREFIX_CHOST@Q}
ACCEPT_KEYWORDS=${PREFIX_KEYWORDS@Q}
EMERGE_DEFAULT_OPTS=${emerge_opts@Q}
USE="
-desktop
-ensurepip
-installkernel
-llvm
-nls
-openmp
-udev
-wayland
-X
"
EOF
}
# --
function emerge_name() {
local path=""
if [ "${1:-}" = "with-path" ] ; then
path="/usr/local/bin/"
fi
echo "${path}emerge-prefix-${PREFIXNAME}-${PREFIX_BOARD}"
}
# --
function create_emerge_wrapper() {
local filename="$(emerge_name with-path)"
sudo_clobber "${filename}" <<EOF
#!/bin/bash
# emerge comfort wrapper for emerging prefix packages.
# The wrapper will build packages and dependencies in staging
# and then install binpkgs in prefix.
set -euo pipefail
PREFIXNAME=${PREFIXNAME@Q}
EPREFIX=${EPREFIX@Q}
STAGINGROOT=${STAGINGROOT@Q}
FINALROOT=${FINALROOT@Q}
CB_ROOT=${CB_ROOT@Q}
EOF
sudo_append "${filename}" <<'EOF'
if [ "${1}" = "--help" ] ; then
echo "$0 : emerge prefix wrapper for prefix '${PREFIXNAME}'"
echo "Usage:"
echo " $0 [--install|--stage] <emerge-opts>"
echo " Builds packages in prefix' staging and installs w/ runtime dependencies"
echo " to prefix' final root."
echo " --stage Build binpkg in staging but don't install."
echo " --install Skip build, just install. Binpkg must exist in staging."
echo
echo " Prefix configuration:"
echo " PREFIXNAME=${PREFIXNAME@Q}"
echo " EPREFIX=${EPREFIX@Q}"
echo " STAGINGROOT=${STAGINGROOT@Q}"
echo " FINALROOT=${FINALROOT@Q}"
echo " CB_ROOT=${CB_ROOT@Q}"
exit
fi
skip_build="false"
skip_install="false"
case "${1}" in
--install) skip_build="true"; shift;;
--stage) skip_install="true"; shift;;
esac
if [ "${skip_build}" = "true" ] ; then
echo "Skipping build into staging as requested."
echo "NOTE that install into final will fail if binpkgs are missing."
else
echo "Building in staging..."
sudo -E EPREFIX="${EPREFIX}" "${CB_ROOT}/bin/cb-emerge" "${STAGINGROOT}" "$@"
fi
if [ "${skip_install}" = "true" ] ; then
echo "Skipping install into final as requested."
else
echo "Installing..."
sudo -E EPREFIX="${EPREFIX}" \
ROOT="${FINALROOT}" \
PORTAGE_CONFIGROOT="${FINALROOT}${EPREFIX}" emerge "$@"
fi
EOF
sudo chmod 755 "${filename}"
}
# --

1
changelog/changes/2023-09-20-experimental-prefix-builds.md Normal file
View File

@ -0,0 +1 @@
- SDK: Experimental support for [prefix builds](https://github.com/flatcar/scripts/blob/main/PREFIX.md) to create distro independent, portable, self-contained applications w/ all dependencies included. With contributions from [chewi](https://github.com/chewi) and [HappyTobi](https://github.com/HappyTobi).

0
sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1-r45.ebuild → sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1-r46.ebuild vendored
View File

5
sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1.ebuild vendored
View File

@ -61,4 +61,9 @@ DEPEND="${DEPEND}
)
sys-devel/m4"
DEPEND="${DEPEND}
sys-apps/bubblewrap
>=dev-python/gpep517-15
"
RDEPEND="${DEPEND}"

4
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.37-r5.ebuild vendored
View File

@ -447,6 +447,10 @@ setup_flags() {
# https://sourceware.org/PR27837
filter-ldflags '-Wl,--relax'
# Flag added for cross-prefix, but causes ldconfig to segfault. Not needed
# anyway because glibc already handles this by itself.
filter-ldflags '-Wl,--dynamic-linker=*'
# some weird software relies on sysv hashes in glibc, bug 863863, bug 864100
# we have to do that here already so mips can filter it out again :P
if use hash-sysv-compat ; then

2
sdk_container/src/third_party/portage-stable/dev-python/gpep517/gpep517-15.ebuild vendored
View File

@ -21,7 +21,7 @@ SRC_URI="
LICENSE="MIT"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
RDEPEND="
>=dev-python/installer-0.5.0[${PYTHON_USEDEP}]

1
sdk_container/src/third_party/portage-stable/sys-apps/bubblewrap/Manifest vendored Normal file
View File

@ -0,0 +1 @@
DIST bubblewrap-0.8.0.tar.xz 149088 BLAKE2B 5853cf42a7ab653540ec5134866c6f2459aa101e9eea724a4f283405cbcae2beb3551b7c1a7aa93d82016d4eb0d12f9c97c47df53a6d9b589db40483696253de SHA512 1cbc33f3c834ff83f4c1808d3ec2555921277d495f903ad152cbd5065a6e100c5420b4b5c62386bb2d303eb1734e074b09625013e55e3bd8631cfb3582d70e1c

58
sdk_container/src/third_party/portage-stable/sys-apps/bubblewrap/bubblewrap-0.8.0.ebuild vendored Normal file
View File

@ -0,0 +1,58 @@
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit linux-info meson
DESCRIPTION="Unprivileged sandboxing tool, namespaces-powered chroot-like solution"
HOMEPAGE="https://github.com/containers/bubblewrap/"
SRC_URI="https://github.com/containers/${PN}/releases/download/v${PV}/${P}.tar.xz"
LICENSE="LGPL-2+"
SLOT="0"
KEYWORDS="amd64 arm arm64 ~loong ppc ppc64 ~riscv x86"
IUSE="selinux suid"
RDEPEND="
sys-libs/libseccomp
sys-libs/libcap
selinux? ( >=sys-libs/libselinux-2.1.9 )
"
DEPEND="${RDEPEND}"
BDEPEND="
app-text/docbook-xml-dtd:4.3
app-text/docbook-xsl-stylesheets
dev-libs/libxslt
virtual/pkgconfig
"
# tests require root privileges
RESTRICT="test"
pkg_setup() {
if [[ ${MERGE_TYPE} != buildonly ]]; then
CONFIG_CHECK="~UTS_NS ~IPC_NS ~USER_NS ~PID_NS ~NET_NS"
linux-info_pkg_setup
fi
}
src_configure() {
local emesonargs=(
-Dbash_completion=enabled
-Dman=enabled
-Dtests=false
-Dzsh_completion=enabled
$(meson_feature selinux)
)
meson_src_configure
}
src_install() {
meson_src_install
if use suid; then
chmod u+s "${ED}"/usr/bin/bwrap
fi
}

11
sdk_container/src/third_party/portage-stable/sys-apps/bubblewrap/metadata.xml vendored Normal file
View File

@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>gnome@gentoo.org</email>
<name>Gentoo GNOME Desktop</name>
</maintainer>
<upstream>
<remote-id type="github">containers/bubblewrap</remote-id>
</upstream>
</pkgmetadata>

17
sdk_container/src/third_party/portage-stable/virtual/tmpfiles/tmpfiles-0-r1.ebuild vendored
View File

@ -1,17 +0,0 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
DESCRIPTION="Virtual to select between different tmpfiles.d handlers"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
RDEPEND="
!prefix-guest? (
|| (
sys-apps/systemd-tmpfiles
sys-apps/opentmpfiles
sys-apps/systemd
)
)"

16
sdk_container/src/third_party/portage-stable/virtual/tmpfiles/tmpfiles-0-r5.ebuild vendored Normal file
View File

@ -0,0 +1,16 @@
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
DESCRIPTION="Virtual to select between different tmpfiles.d handlers"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
IUSE="systemd"
RDEPEND="
!prefix-guest? (
systemd? ( sys-apps/systemd )
!systemd? ( sys-apps/systemd-utils[tmpfiles] )
)
"

3
sdk_container/src/third_party/prefix-overlay/app-misc/ca-certificates/Manifest vendored Normal file
View File

@ -0,0 +1,3 @@
DIST ca-certificates_20230311.tar.xz 257772 BLAKE2B b807a6415126afdc11896efea8e6509d7ad58b26bc8562b276e93176e80bb8b467a5bd2ba948d3dbbeaf0e4477d93f3ea2b99d3186e856fb47d1033cb779d560 SHA512 00571bdc87897813fd7dbe024f3a186cfc9f0d4f55e92545a90888c9e5282f99cb8d75b5932c034731b911bf27a9b38fd7d062dd511eb1152acf8b2811490fa7
DIST nss-3.93.tar.gz 72281331 BLAKE2B 99e50f450a451f2b0bc0aad9b0fba405c987d88546d4aad6c490cb43dc274f23eb99d03d5fa8cf7ef16585abebfdae942fe1092d3f1c86816ba35e16ed3d490f SHA512 d96f13a70e825b39efadfe7c973c24c1e5ad43319bd813599010383e2b8434181f53489672f68fe79e2cb0c4d4ea0088499e588c3524eccf9298aafc57b94951
DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

206
sdk_container/src/third_party/prefix-overlay/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild vendored Normal file
View File

@ -0,0 +1,206 @@
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# The Debian ca-certificates package merely takes the CA database as it exists
# in the nss package and repackages it for use by openssl.
#
# The issue with using the compiled debs directly is two fold:
# - they do not update frequently enough for us to rely on them
# - they pull the CA database from nss tip of tree rather than the release
#
# So we take the Debian source tools and combine them with the latest nss
# release to produce (largely) the same end result. The difference is that
# now we know our cert database is kept in sync with nss and, if need be,
# can be sync with nss tip of tree more frequently to respond to bugs.
# Where possible, bump to stable/LTS releases of NSS for the last part
# of the version (when not using a pure Debian release).
# When triaging user reports, refer to our wiki for tips:
# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
EAPI=8
PYTHON_COMPAT=( python3_{10..12} )
inherit python-any-r1
if [[ ${PV} == *.* ]] ; then
# Compile from source ourselves.
PRECOMPILED=false
DEB_VER=$(ver_cut 1)
NSS_VER=$(ver_cut 2-)
RTM_NAME="NSS_${NSS_VER//./_}_RTM"
else
# Debian precompiled version.
PRECOMPILED=true
inherit unpacker
fi
DESCRIPTION="Common CA Certificates PEM files"
HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
NMU_PR=""
if ${PRECOMPILED} ; then
SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
else
SRC_URI="
mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
cacert? (
https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
)
"
fi
LICENSE="MPL-1.1"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
IUSE=""
${PRECOMPILED} || IUSE+=" cacert"
# c_rehash: we run `c_rehash`
# debianutils: we run `run-parts`
CDEPEND="
sys-apps/debianutils"
BDEPEND="${CDEPEND}"
if ! ${PRECOMPILED} ; then
BDEPEND+=" ${PYTHON_DEPS}"
fi
DEPEND=""
if ${PRECOMPILED} ; then
DEPEND+=" !<sys-apps/portage-2.1.10.41"
fi
RDEPEND="${CDEPEND}
${DEPEND}"
S="${WORKDIR}"
pkg_setup() {
# For the conversion to having it in CONFIG_PROTECT_MASK,
# we need to tell users about it once manually first.
[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
|| ewarn "You should run update-ca-certificates manually after etc-update"
if ! ${PRECOMPILED} ; then
python-any-r1_pkg_setup
fi
}
src_unpack() {
if ! ${PRECOMPILED} ; then
default
# Initial 20200601 deb release had bad naming inside the debian source tarball.
DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
DEB_BAD_S="${WORKDIR}/work"
if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
mv "${DEB_BAD_S}" "${DEB_S}"
fi
fi
# Do all the work in the image subdir to avoid conflicting with source
# dirs in ${WORKDIR}. Need to perform everything in the offset #381937
mkdir -p "image/${EPREFIX}" || die
cd "image/${EPREFIX}" || die
${PRECOMPILED} && unpacker_src_unpack
}
src_prepare() {
cd "image/${EPREFIX}" || die
if ! ${PRECOMPILED} ; then
mkdir -p usr/sbin || die
cp -p "${S}"/${PN}/sbin/update-ca-certificates \
usr/sbin/ || die
if use cacert ; then
pushd "${S}"/nss-${NSS_VER} >/dev/null || die
eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
popd >/dev/null || die
fi
fi
default
eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
pushd "${S}/${PN}" >/dev/null || die
# We patch out the dep on cryptography as it's not particularly useful
# for us. Please see the discussion in bug #821706. Not to be removed lightly!
eapply "${FILESDIR}"/${PN}-20230311.3.89-no-cryptography.patch
popd >/dev/null || die
local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
sed -i \
-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
usr/sbin/update-ca-certificates || die
}
src_compile() {
cd "image/${EPREFIX}" || die
if ! ${PRECOMPILED} ; then
local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
# Grab the database from the nss sources.
cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
emake -C "${d}"
# Now move the files to the same places that the precompiled would.
mkdir -p etc/ssl/certs \
etc/ca-certificates/update.d \
"${c}"/mozilla \
|| die
if use cacert ; then
mkdir -p "${c}"/cacert.org || die
mv "${d}"/CA_Cert_Signing_Authority.crt \
"${c}"/cacert.org/cacert.org_class1.crt || die
mv "${d}"/CAcert_Class_3_Root.crt \
"${c}"/cacert.org/cacert.org_class3.crt || die
fi
mv "${d}"/*.crt "${c}"/mozilla/ || die
else
mv usr/share/doc/{ca-certificates,${PF}} || die
fi
(
echo "# Automatically generated by ${CATEGORY}/${PF}"
echo "# $(date -u)"
echo "# Do not edit."
cd "${c}" || die
find * -name '*.crt' | LC_ALL=C sort
) > etc/ca-certificates.conf
sh usr/sbin/update-ca-certificates --root "${S}/image" || die
}
src_install() {
cp -pPR image/* "${D}"/ || die
if ! ${PRECOMPILED} ; then
cd ${PN} || die
doman sbin/*.8
dodoc debian/README.* examples/ca-certificates-local/README
fi
echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates || die
doenvd 98ca-certificates
}
pkg_postinst() {
if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
# If the user has local certs, we need to rebuild again
# to include their stuff in the db.
# However it's too overzealous when the user has custom certs in place.
# --fresh is to clean up dangling symlinks
"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
fi
if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
ewarn "Removing the following broken symlinks:"
ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
fi
}

49
sdk_container/src/third_party/prefix-overlay/app-misc/ca-certificates/files/ca-certificates-20150426-root.patch vendored Normal file
View File

@ -0,0 +1,49 @@
add a --root option so we can generate with DESTDIR installs
--- a/image/usr/sbin/update-ca-certificates
+++ b/image/usr/sbin/update-ca-certificates
@@ -30,6 +30,8 @@ LOCALCERTSDIR=/usr/local/share/ca-certificates
CERTBUNDLE=ca-certificates.crt
ETCCERTSDIR=/etc/ssl/certs
HOOKSDIR=/etc/ca-certificates/update.d
+ROOT=""
+RELPATH=""
while [ $# -gt 0 ];
do
@@ -59,13 +61,25 @@ do
--hooksdir)
shift
HOOKSDIR="$1";;
+ --root|-r)
+ shift
+ # Needed as c_rehash wants to read the files directly.
+ # This gets us from $CERTSCONF to $CERTSDIR.
+ RELPATH="../../.."
+ ROOT=$(readlink -f "$1");;
--help|-h|*)
- echo "$0: [--verbose] [--fresh]"
+ echo "$0: [--verbose] [--fresh] [--root <dir>]"
exit;;
esac
shift
done
+CERTSCONF="$ROOT$CERTSCONF"
+CERTSDIR="$ROOT$CERTSDIR"
+LOCALCERTSDIR="$ROOT$LOCALCERTSDIR"
+ETCCERTSDIR="$ROOT$ETCCERTSDIR"
+HOOKSDIR="$ROOT$HOOKSDIR"
+
if [ ! -s "$CERTSCONF" ]
then
fresh=1
@@ -94,7 +107,7 @@ add() {
-e 's/,/_/g').pem"
if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
then
- ln -sf "$CERT" "$PEM"
+ ln -sf "${RELPATH}${CERT#$ROOT}" "$PEM"
echo "+$PEM" >> "$ADDED"
fi
# Add trailing newline to certificate, if it is missing (#635570)

25
sdk_container/src/third_party/prefix-overlay/app-misc/ca-certificates/files/ca-certificates-20230311.3.89-no-cryptography.patch vendored Normal file
View File

@ -0,0 +1,25 @@
Remove the dependency on non-portable dev-python/cryptography.
https://bugs.gentoo.org/821706#c4 by Alex Xu
--- a/mozilla/certdata2pem.py
+++ b/mozilla/certdata2pem.py
@@ -28,7 +28,6 @@ import sys
import textwrap
import io
-from cryptography import x509
objects = []
@@ -122,12 +121,6 @@ for obj in objects:
if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
continue
- cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
- if cert.not_valid_after < datetime.datetime.utcnow():
- print('!'*74)
- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
- print('!'*74)
-
bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
.replace(' ', '_')\
.replace('(', '=')\

13
sdk_container/src/third_party/prefix-overlay/app-misc/ca-certificates/metadata.xml vendored Normal file
View File

@ -0,0 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>base-system@gentoo.org</email>
<name>Gentoo Base System</name>
</maintainer>
<use>
<flag name="cacert">
Include root/class3 certs from CAcert (https://www.cacert.org/)
</flag>
</use>
</pkgmetadata>

2
sdk_container/src/third_party/prefix-overlay/dev-libs/libgpg-error/Manifest vendored Normal file
View File

@ -0,0 +1,2 @@
DIST libgpg-error-1.47.tar.bz2 1020862 BLAKE2B bc04efa0686b1b7d7cdce045fc080c090c1abec60349b673c2e1ce27900483aea090eb6ebcb3fb49a4eed36f18156a12413d5446f739475632f4ed2a2481ff27 SHA512 bbb4b15dae75856ee5b1253568674b56ad155524ae29a075cb5b0a7e74c4af685131775c3ea2226fff2f84ef80855e77aa661645d002b490a795c7ae57b66a30
DIST libgpg-error-1.47.tar.bz2.sig 119 BLAKE2B d23ea6c38621407c8f9f0c6bde71abd0e50c136d2e5de9a6cef64627f5d398c344a3438995a2405c4ef148ad8638ef7125f34670819957acd7d597370f1630e5 SHA512 09343016eaf7fcc455f8ce533847153a8a9b7c36f375a8ebe71ef5fc2923edf7b70842f834f52c51874e427869487b74a2286ea0112cffad0d72f79cb6d4eceb

22
sdk_container/src/third_party/prefix-overlay/dev-libs/libgpg-error/files/libgpg-error-1.44-remove_broken_check.patch vendored Normal file
View File

@ -0,0 +1,22 @@
This breaks our multilib builds:
Confirm gpg-error-config works... no
*** Please report to <https://bugs.gnupg.org> with gpg-error-config-test.log
--- libgpg-error-1.44/src/Makefile.am
+++ libgpg-error-1.44/src/Makefile.am
@@ -347,14 +347,6 @@
cp gpg-error.h gpgrt.h
gpg-error-config: gpgrt-config gpg-error-config-old gpg-error-config-test.sh
- @echo $(ECHO_N) "Confirm gpg-error-config works... $(ECHO_C)"
- @if ./gpg-error-config-test.sh --old-new; then \
- echo "good"; \
- else \
- echo "no"; \
- echo "*** Please report to <https://bugs.gnupg.org> with gpg-error-config-test.log"; \
- exit 1; \
- fi
cp gpg-error-config-old $@
install-data-local:

88
sdk_container/src/third_party/prefix-overlay/dev-libs/libgpg-error/libgpg-error-1.47.ebuild vendored Normal file
View File

@ -0,0 +1,88 @@
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
# Maintainers should:
# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
# (find the one for the current release then subscribe to it +
# any subsequent ones linked within so you're covered for a while.)
VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
inherit autotools multilib-minimal toolchain-funcs prefix verify-sig
DESCRIPTION="Contains error handling functions used by GnuPG software"
HOMEPAGE="https://www.gnupg.org/related_software/libgpg-error"
SRC_URI="mirror://gnupg/${PN}/${P}.tar.bz2"
SRC_URI+=" verify-sig? ( mirror://gnupg/${PN}/${P}.tar.bz2.sig )"
LICENSE="GPL-2 LGPL-2.1"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
IUSE="common-lisp nls static-libs test"
RESTRICT="!test? ( test )"
RDEPEND="nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )"
DEPEND="${RDEPEND}"
BDEPEND="
nls? ( sys-devel/gettext )
verify-sig? ( sec-keys/openpgp-keys-gnupg )
"
MULTILIB_WRAPPED_HEADERS=(
/usr/include/gpg-error.h
/usr/include/gpgrt.h
)
MULTILIB_CHOST_TOOLS=(
/usr/bin/gpg-error-config
/usr/bin/gpgrt-config
)
PATCHES=(
"${FILESDIR}/${PN}-1.44-remove_broken_check.patch"
)
src_prepare() {
default
if use prefix ; then
# don't hardcode /usr/xpg4/bin/sh as shell on Solaris
sed -i -e 's/solaris\*/disabled/' configure.ac || die
fi
# only necessary for as long as we run eautoreconf, configure.ac
# uses ./autogen.sh to generate PACKAGE_VERSION, but autogen.sh is
# not a pure /bin/sh script, so it fails on some hosts
# Flatcar / t-lo 2023-09-27: pull in upstream fix https://github.com/gentoo/gentoo/pull/33010
# for prefix builds.
sed -i -e "1s:.*:#\!${BASH}:" autogen.sh || die
eautoreconf
}
multilib_src_configure() {
local myeconfargs=(
$(multilib_is_native_abi || echo --disable-languages)
$(use_enable common-lisp languages)
$(use_enable nls)
# required for sys-power/suspend[crypt], bug 751568
$(use_enable static-libs static)
$(use_enable test tests)
# See bug #699206 and its duplicates wrt gpgme-config
# Upstream no longer install this by default and we should
# seek to disable it at some point.
--enable-install-gpg-error-config
--enable-threads
CC_FOR_BUILD="$(tc-getBUILD_CC)"
$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
)
ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
}
multilib_src_install_all() {
einstalldocs
find "${ED}" -type f -name '*.la' -delete || die
}

14
sdk_container/src/third_party/prefix-overlay/dev-libs/libgpg-error/metadata.xml vendored Normal file
View File

@ -0,0 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>base-system@gentoo.org</email>
<name>Gentoo Base System</name>
</maintainer>
<use>
<flag name="common-lisp">Install common-lisp files</flag>
</use>
<upstream>
<remote-id type="cpe">cpe:/a:gnupg:libgpg-error</remote-id>
</upstream>
</pkgmetadata>

2202
sdk_container/src/third_party/prefix-overlay/eclass/distutils-r1.eclass vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1485
sdk_container/src/third_party/prefix-overlay/eclass/python-utils-r1.eclass vendored Normal file
View File

File diff suppressed because it is too large Load Diff

5
sdk_container/src/third_party/prefix-overlay/metadata/layout.conf vendored Normal file
View File

@ -0,0 +1,5 @@
masters = portage-stable
thin-manifests = true
use-manifests = strict
cache-format = md5-dict
profile-formats = portage-2

8
sdk_container/src/third_party/prefix-overlay/prefix/prefix-final/metadata.xml vendored Normal file
View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<herd>flatcar</herd>
<longdescription>Flatcar distro-independent prefix "final" packages.</longdescription>
<use>
</use>
</pkgmetadata>

1
sdk_container/src/third_party/prefix-overlay/prefix/prefix-final/prefix-final-0.0.1-r1.ebuild vendored Symbolic link
View File

@ -0,0 +1 @@
prefix-final-0.0.1.ebuild

16
sdk_container/src/third_party/prefix-overlay/prefix/prefix-final/prefix-final-0.0.1.ebuild vendored Normal file
View File

@ -0,0 +1,16 @@
# Copyright (c) 2032 the Flatcar maintainers.
# Distributed under the terms of the Apache 2.0 license.
EAPI=7
DESCRIPTION="Prefix final layer base dependencies"
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="amd64 arm64"
# These should be the absolute minimum runtime dependencies of the "final" prefix.
# "Staging" has @system so it is pretty heavyweight.
RDEPEND="
virtual/libc
"

1
sdk_container/src/third_party/prefix-overlay/profiles/categories vendored Normal file
View File

@ -0,0 +1 @@
prefix

1
sdk_container/src/third_party/prefix-overlay/profiles/repo_name vendored Normal file
View File

@ -0,0 +1 @@
prefix

1
sdk_container/src/third_party/prefix-overlay/skel/etc/group vendored Symbolic link
View File

@ -0,0 +1 @@
/etc/group

1
sdk_container/src/third_party/prefix-overlay/skel/etc/passwd vendored Symbolic link
View File

@ -0,0 +1 @@
/etc/passwd

1
sdk_container/src/third_party/prefix-overlay/skel/etc/portage/package.accept_keywords/portage vendored Normal file
View File

@ -0,0 +1 @@
sys-apps/portage ~amd64

2
sdk_container/src/third_party/prefix-overlay/skel/etc/portage/package.accept_keywords/prefix vendored Normal file
View File

@ -0,0 +1,2 @@
=app-misc/ca-certificates-20230311.3.93 ~*
=sys-apps/systemd-utils-254.3 ~*

2
sdk_container/src/third_party/prefix-overlay/skel/etc/portage/package.mask/coreos vendored Normal file
View File

@ -0,0 +1,2 @@
app-misc/ca-certificates::coreos # coreos ca-certificates doesn't support prefix
sys-apps/baselayout::coreos # coreos baselayout depends on systemd

1
sdk_container/src/third_party/prefix-overlay/skel/etc/portage/package.mask/cross vendored Normal file
View File

@ -0,0 +1 @@
>=sys-devel/gcc-13 # FIXME: Cannot cross-compile gcc 13+ using older version

8
sdk_container/src/third_party/prefix-overlay/skel/etc/portage/repos.conf/coreos.conf vendored Normal file
View File

@ -0,0 +1,8 @@
[DEFAULT]
main-repo = portage-stable
[coreos]
location = /mnt/host/source/src/third_party/coreos-overlay
[portage-stable]
location = /mnt/host/source/src/third_party/portage-stable

2
sdk_container/src/third_party/prefix-overlay/skel/etc/portage/repos.conf/crossdev.conf vendored Normal file
View File

@ -0,0 +1,2 @@
[x-crossdev]
location = /usr/local/portage/crossdev

3
sdk_container/src/third_party/prefix-overlay/skel/etc/portage/repos.conf/prefix.conf vendored Normal file
View File

@ -0,0 +1,3 @@
[prefix]
location = /mnt/host/source/src/third_party/prefix-overlay
priority = 1000

1
sdk_container/src/third_party/prefix-overlay/sys-apps/baselayout/Manifest vendored Normal file
View File

@ -0,0 +1 @@
DIST baselayout-2.14.tar.bz2 30182 BLAKE2B c5f67795233e565c2c75c97a55c000aec98e901bb0a25f1aeb52b01b44d7c09bfc6e67813234629ca71ff32d603e82ada8e66e5ab6007fa0664b95367256320d SHA512 bffd118f5e92975b9247d854fc5683a311dbcd03efa37a13dfd05d04e92a6e784858d3a55aa689f782229afc5985e829eb332c08a79eed081bf0a47720ca7e8a

350
sdk_container/src/third_party/prefix-overlay/sys-apps/baselayout/baselayout-2.14.ebuild vendored Normal file
View File

@ -0,0 +1,350 @@
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit multilib prefix
DESCRIPTION="Filesystem baselayout and init scripts"
HOMEPAGE="https://wiki.gentoo.org/wiki/No_homepage"
if [[ ${PV} = 9999 ]]; then
EGIT_REPO_URI="https://anongit.gentoo.org/git/proj/${PN}.git"
inherit git-r3
else
SRC_URI="https://gitweb.gentoo.org/proj/${PN}.git/snapshot/${P}.tar.bz2"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
fi
LICENSE="GPL-2"
SLOT="0"
IUSE="build +split-usr"
RDEPEND="!sys-apps/baselayout-prefix"
riscv_compat_symlink() {
# Here we apply some special sauce for riscv.
# Two multilib layouts exist for now:
# 1) one level libdirs, (32bit) "lib" and (64bit) "lib64"
# these are chosen by us to closely resemble other arches
# 2) two level libdirs, "lib64/lp64d" "lib64/lp64" "lib32/ilp32d" ...
# this is the glibc/gcc default
# Unfortunately, the default has only one fallback, which is "lib"
# for both 32bit and 64bit. So things do not break in 1), we need
# to provide compatibility symlinks...
# This function has exactly two parameters:
# - the default libdir, to determine if 1) or 2) applies
# - the location of the symlink (which points to ".")
# Note: we call this only in the ${SYMLINK_LIB} = no codepath, since
# there never was a ${SYMLINK_LIB} = yes riscv profile.
case ${CHOST} in
riscv*)
# are we on a one level libdir profile? is there no symlink yet?
if [[ ${1} != */* && ! -L ${2} ]] ; then
ln -s . $2 || die "Unable to make $2 riscv compatibility symlink"
fi
;;
esac
}
# Create our multilib dirs - the Makefile has no knowledge of this
multilib_layout() {
local dir def_libdir libdir libdirs
local prefix prefix_lst
def_libdir=$(get_abi_LIBDIR $DEFAULT_ABI)
libdirs=$(get_all_libdirs)
if [[ -z "${SYMLINK_LIB}" || ${SYMLINK_LIB} = no ]] ; then
prefix_lst=( "${EROOT}"/{,usr/,usr/local/} )
for prefix in "${prefix_lst[@]}"; do
for libdir in ${libdirs}; do
dir="${prefix}${libdir}"
if [[ -e "${dir}" ]]; then
[[ ! -d "${dir}" ]] &&
die "${dir} exists but is not a directory"
continue
fi
if ! use split-usr && [[ ${prefix} = ${EROOT}/ ]]; then
libdir="${libdir%%/*}"
dir="${prefix}${libdir}"
einfo "symlinking ${dir} to usr/${libdir}"
ln -s usr/${libdir} ${dir} ||
die "Unable to make ${dir} symlink"
else
einfo "creating directory ${dir}"
mkdir -p "${dir}" ||
die "Unable to create ${dir} directory"
fi
done
[[ -d "${prefix}${def_libdir}" ]] && riscv_compat_symlink "${def_libdir}" "${prefix}${def_libdir}/${DEFAULT_ABI}"
done
return 0
fi
[ -z "${def_libdir}" ] &&
die "your DEFAULT_ABI=$DEFAULT_ABI appears to be invalid"
# figure out which paths should be symlinks and which should be directories
local dirs syms exp d
for libdir in ${libdirs} ; do
if use split-usr ; then
exp=( {,usr/,usr/local/}${libdir} )
else
exp=( {usr/,usr/local/}${libdir} )
fi
for d in "${exp[@]}" ; do
# most things should be dirs
if [ "${SYMLINK_LIB}" = "yes" ] && [ "${libdir}" = "lib" ] ; then
[ ! -h "${d}" ] && [ -e "${d}" ] && dirs+=" ${d}"
else
[ -h "${d}" ] && syms+=" ${d}"
fi
done
done
if [ -n "${syms}${dirs}" ] ; then
ewarn "Your system profile has SYMLINK_LIB=${SYMLINK_LIB:-no}, so that means you need to"
ewarn "have these paths configured as follows:"
[ -n "${dirs}" ] && ewarn "symlinks to '${def_libdir}':${dirs}"
[ -n "${syms}" ] && ewarn "directories:${syms}"
ewarn "The ebuild will attempt to fix these, but only for trivial conversions."
ewarn "If things fail, you will need to manually create/move the directories."
echo
fi
# setup symlinks and dirs where we expect them to be; do not migrate
# data ... just fall over in that case.
if use split-usr ; then
prefix_lst=( "${EROOT}"/{,usr/,usr/local/} )
else
prefix_lst=( "${EROOT}"/{usr/,usr/local/} )
fi
for prefix in "${prefix_lst[@]}"; do
if [ "${SYMLINK_LIB}" = yes ] ; then
# we need to make sure "lib" points to the native libdir
if [ -h "${prefix}lib" ] ; then
# it's already a symlink! assume it's pointing to right place ...
continue
elif [ -d "${prefix}lib" ] ; then
# "lib" is a dir, so need to convert to a symlink
ewarn "Converting ${prefix}lib from a dir to a symlink"
rm -f "${prefix}lib"/.keep || die
if rmdir "${prefix}lib" 2>/dev/null ; then
ln -s ${def_libdir} "${prefix}lib" || die
else
die "non-empty dir found where we needed a symlink: ${prefix}lib"
fi
else
# nothing exists, so just set it up sanely
ewarn "Initializing ${prefix}lib as a symlink"
mkdir -p "${prefix}" || die
rm -f "${prefix}lib" || die
ln -s ${def_libdir} "${prefix}lib" || die
mkdir -p "${prefix}${def_libdir}" || die #423571
fi
else
# we need to make sure "lib" is a dir
if [ -h "${prefix}lib" ] ; then
# "lib" is a symlink, so need to convert to a dir
ewarn "Converting ${prefix}lib from a symlink to a dir"
rm -f "${prefix}lib" || die
if [ -d "${prefix}lib32" ] ; then
ewarn "Migrating ${prefix}lib32 to ${prefix}lib"
mv "${prefix}lib32" "${prefix}lib" || die
else
mkdir -p "${prefix}lib" || die
fi
elif [ -d "${prefix}lib" ] && ! has lib32 ${libdirs} ; then
# make sure the old "lib" ABI location does not exist; we
# only symlinked the lib dir on systems where we moved it
# to "lib32" ...
case ${CHOST} in
i?86*|x86_64*|powerpc*|sparc*|s390*)
if [[ -d ${prefix}lib32 && ! -h ${prefix}lib32 ]] ; then
rm -f "${prefix}lib32"/.keep || die
if ! rmdir "${prefix}lib32" 2>/dev/null ; then
ewarn "You need to merge ${prefix}lib32 into ${prefix}lib"
die "non-empty dir found where there should be none: ${prefix}lib32"
fi
fi
;;
esac
else
# nothing exists, so just set it up sanely
ewarn "Initializing ${prefix}lib as a dir"
mkdir -p "${prefix}lib" || die
fi
fi
done
if ! use split-usr ; then
for libdir in ${libdirs}; do
if [[ ! -e "${EROOT}${libdir}" ]]; then
ln -s usr/"${libdir}" "${EROOT}${libdir}" ||
die "Unable to make ${EROOT}${libdir} symlink"
fi
done
fi
}
pkg_setup() {
multilib_layout
}
src_prepare() {
default
# don't want symlinked directories in PATH on systems with usr-merge
if ! use split-usr && ! use prefix-guest; then
sed \
-e 's|:/usr/sbin:|:|g' \
-e 's|:/sbin:|:|g' \
-e 's|:/bin:|:|g' \
-i etc/env.d/50baselayout || die
fi
if use prefix; then
hprefixify -e "/EUID/s,0,${EUID}," -q '"' etc/profile
hprefixify etc/shells share/passwd
hprefixify -w '/PATH=/' etc/env.d/50baselayout
hprefixify -w 1 etc/env.d/50baselayout
echo PATH=/usr/sbin:/sbin:/usr/bin:/bin >> etc/env.d/99host
# change branding
sed -i \
-e '/gentoo-release/s/Gentoo Base/Gentoo Prefix Base/' \
-e '/make_os_release/s/${OS}/Prefix/' \
Makefile || die
fi
# handle multilib paths. do it here because we want this behavior
# regardless of the C library that you're using. we do explicitly
# list paths which the native ldconfig searches, but this isn't
# problematic as it doesn't change the resulting ld.so.cache or
# take longer to generate. similarly, listing both the native
# path and the symlinked path doesn't change the resulting cache.
local libdir ldpaths
for libdir in $(get_all_libdirs) ; do
if use split-usr || use prefix-guest; then
ldpaths+=":${EPREFIX}/${libdir}"
fi
ldpaths+=":${EPREFIX}/usr/${libdir}"
ldpaths+=":${EPREFIX}/usr/local/${libdir}"
done
echo "LDPATH='${ldpaths#:}'" >> etc/env.d/50baselayout
}
src_install() {
emake \
DESTDIR="${ED}" \
install
if [[ ${CHOST} == *-darwin* ]] ; then
# add SDK path which contains development manpages
echo "MANPATH=${EPREFIX}/MacOSX.sdk/usr/share/man" \
> "${ED}"/etc/env.d/98macos-sdk
fi
# need the makefile in pkg_preinst
insinto /usr/share/${PN}
doins Makefile
dodoc ChangeLog
# bug 858596
if use prefix-guest ; then
dodir sbin
cat > "${ED}"/sbin/runscript <<- EOF
#!/usr/bin/env sh
source "${EPREFIX}/lib/gentoo/functions.sh"
eerror "runscript/openrc-run not supported by Gentoo Prefix Base System release ${PV}" 1>&2
exit 1
EOF
chmod 755 "${ED}"/sbin/runscript || die
cp "${ED}"/sbin/{runscript,openrc-run} || die
fi
}
pkg_preinst() {
# We need to install directories and maybe some dev nodes when building
# stages, but they cannot be in CONTENTS.
# Also, we cannot reference $S as binpkg will break so we do this.
multilib_layout
if use build ; then
if use split-usr ; then
emake -C "${ED}/usr/share/${PN}" DESTDIR="${EROOT}" layout
else
emake -C "${ED}/usr/share/${PN}" DESTDIR="${EROOT}" layout-usrmerge
fi
fi
rm -f "${ED}"/usr/share/${PN}/Makefile || die
# Create symlinks in pkg_preinst to avoid Portage collision check.
# Create the symlinks in ${ED} via dosym so that we own it.
# Only create the symlinks if it wont cause a conflict in ${EROOT}.
if [[ -L ${EROOT}/var/lock || ! -e ${EROOT}/var/lock ]]; then
dosym ../run/lock /var/lock
fi
if [[ -L ${EROOT}/var/run || ! -e ${EROOT}/var/run ]]; then
dosym ../run /var/run
fi
}
pkg_postinst() {
local x
# We installed some files to /usr/share/baselayout instead of /etc to stop
# (1) overwriting the user's settings
# (2) screwing things up when attempting to merge files
# (3) accidentally packaging up personal files with quickpkg
# If they don't exist then we install them
for x in master.passwd passwd shadow group fstab ; do
[ -e "${EROOT}/etc/${x}" ] && continue
[ -e "${EROOT}/usr/share/baselayout/${x}" ] || continue
cp -p "${EROOT}/usr/share/baselayout/${x}" "${EROOT}"/etc || die
done
# Force shadow permissions to not be world-readable #260993
for x in shadow ; do
if [ -e "${EROOT}/etc/${x}" ] ; then
chmod o-rwx "${EROOT}/etc/${x}" || die
fi
done
# whine about users that lack passwords #193541
if [[ -e "${EROOT}"/etc/shadow ]] ; then
local bad_users=$(sed -n '/^[^:]*::/s|^\([^:]*\)::.*|\1|p' "${EROOT}"/etc/shadow)
if [[ -n ${bad_users} ]] ; then
echo
ewarn "The following users lack passwords!"
ewarn ${bad_users}
fi
fi
# whine about users with invalid shells #215698
if [[ -e "${EROOT}"/etc/passwd ]] ; then
local bad_shells=$(awk -F: 'system("test -e ${ROOT}" $7) { print $1 " - " $7}' "${EROOT}"/etc/passwd | sort)
if [[ -n ${bad_shells} ]] ; then
echo
ewarn "The following users have non-existent shells!"
ewarn "${bad_shells}"
fi
fi
# https://bugs.gentoo.org/361349
if use kernel_linux; then
mkdir -p "${EROOT}"/run || die
local found fstype mountpoint
while read -r _ mountpoint fstype _; do
[[ ${mountpoint} = /run ]] && [[ ${fstype} = tmpfs ]] && found=1
done < "${ROOT}"/proc/mounts
[[ -z ${found} ]] &&
ewarn "You should reboot now to get /run mounted with tmpfs!"
fi
if [[ -e "${EROOT}"/etc/env.d/00basic ]]; then
ewarn "${EROOT}/etc/env.d/00basic is now ${EROOT}/etc/env.d/50baselayout"
ewarn "Please migrate your changes."
fi
}

350
sdk_container/src/third_party/prefix-overlay/sys-apps/baselayout/baselayout-9999.ebuild vendored Normal file
View File

@ -0,0 +1,350 @@
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit multilib prefix
DESCRIPTION="Filesystem baselayout and init scripts"
HOMEPAGE="https://wiki.gentoo.org/wiki/No_homepage"
if [[ ${PV} = 9999 ]]; then
EGIT_REPO_URI="https://anongit.gentoo.org/git/proj/${PN}.git"
inherit git-r3
else
SRC_URI="https://gitweb.gentoo.org/proj/${PN}.git/snapshot/${P}.tar.bz2"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
fi
LICENSE="GPL-2"
SLOT="0"
IUSE="build +split-usr"
RDEPEND="!sys-apps/baselayout-prefix"
riscv_compat_symlink() {
# Here we apply some special sauce for riscv.
# Two multilib layouts exist for now:
# 1) one level libdirs, (32bit) "lib" and (64bit) "lib64"
# these are chosen by us to closely resemble other arches
# 2) two level libdirs, "lib64/lp64d" "lib64/lp64" "lib32/ilp32d" ...
# this is the glibc/gcc default
# Unfortunately, the default has only one fallback, which is "lib"
# for both 32bit and 64bit. So things do not break in 1), we need
# to provide compatibility symlinks...
# This function has exactly two parameters:
# - the default libdir, to determine if 1) or 2) applies
# - the location of the symlink (which points to ".")
# Note: we call this only in the ${SYMLINK_LIB} = no codepath, since
# there never was a ${SYMLINK_LIB} = yes riscv profile.
case ${CHOST} in
riscv*)
# are we on a one level libdir profile? is there no symlink yet?
if [[ ${1} != */* && ! -L ${2} ]] ; then
ln -s . $2 || die "Unable to make $2 riscv compatibility symlink"
fi
;;
esac
}
# Create our multilib dirs - the Makefile has no knowledge of this
multilib_layout() {
local dir def_libdir libdir libdirs
local prefix prefix_lst
def_libdir=$(get_abi_LIBDIR $DEFAULT_ABI)
libdirs=$(get_all_libdirs)
if [[ -z "${SYMLINK_LIB}" || ${SYMLINK_LIB} = no ]] ; then
prefix_lst=( "${EROOT}"/{,usr/,usr/local/} )
for prefix in "${prefix_lst[@]}"; do
for libdir in ${libdirs}; do
dir="${prefix}${libdir}"
if [[ -e "${dir}" ]]; then
[[ ! -d "${dir}" ]] &&
die "${dir} exists but is not a directory"
continue
fi
if ! use split-usr && [[ ${prefix} = ${EROOT}/ ]]; then
libdir="${libdir%%/*}"
dir="${prefix}${libdir}"
einfo "symlinking ${dir} to usr/${libdir}"
ln -s usr/${libdir} ${dir} ||
die "Unable to make ${dir} symlink"
else
einfo "creating directory ${dir}"
mkdir -p "${dir}" ||
die "Unable to create ${dir} directory"
fi
done
[[ -d "${prefix}${def_libdir}" ]] && riscv_compat_symlink "${def_libdir}" "${prefix}${def_libdir}/${DEFAULT_ABI}"
done
return 0
fi
[ -z "${def_libdir}" ] &&
die "your DEFAULT_ABI=$DEFAULT_ABI appears to be invalid"
# figure out which paths should be symlinks and which should be directories
local dirs syms exp d
for libdir in ${libdirs} ; do
if use split-usr ; then
exp=( {,usr/,usr/local/}${libdir} )
else
exp=( {usr/,usr/local/}${libdir} )
fi
for d in "${exp[@]}" ; do
# most things should be dirs
if [ "${SYMLINK_LIB}" = "yes" ] && [ "${libdir}" = "lib" ] ; then
[ ! -h "${d}" ] && [ -e "${d}" ] && dirs+=" ${d}"
else
[ -h "${d}" ] && syms+=" ${d}"
fi
done
done
if [ -n "${syms}${dirs}" ] ; then
ewarn "Your system profile has SYMLINK_LIB=${SYMLINK_LIB:-no}, so that means you need to"
ewarn "have these paths configured as follows:"
[ -n "${dirs}" ] && ewarn "symlinks to '${def_libdir}':${dirs}"
[ -n "${syms}" ] && ewarn "directories:${syms}"
ewarn "The ebuild will attempt to fix these, but only for trivial conversions."
ewarn "If things fail, you will need to manually create/move the directories."
echo
fi
# setup symlinks and dirs where we expect them to be; do not migrate
# data ... just fall over in that case.
if use split-usr ; then
prefix_lst=( "${EROOT}"/{,usr/,usr/local/} )
else
prefix_lst=( "${EROOT}"/{usr/,usr/local/} )
fi
for prefix in "${prefix_lst[@]}"; do
if [ "${SYMLINK_LIB}" = yes ] ; then
# we need to make sure "lib" points to the native libdir
if [ -h "${prefix}lib" ] ; then
# it's already a symlink! assume it's pointing to right place ...
continue
elif [ -d "${prefix}lib" ] ; then
# "lib" is a dir, so need to convert to a symlink
ewarn "Converting ${prefix}lib from a dir to a symlink"
rm -f "${prefix}lib"/.keep || die
if rmdir "${prefix}lib" 2>/dev/null ; then
ln -s ${def_libdir} "${prefix}lib" || die
else
die "non-empty dir found where we needed a symlink: ${prefix}lib"
fi
else
# nothing exists, so just set it up sanely
ewarn "Initializing ${prefix}lib as a symlink"
mkdir -p "${prefix}" || die
rm -f "${prefix}lib" || die
ln -s ${def_libdir} "${prefix}lib" || die
mkdir -p "${prefix}${def_libdir}" || die #423571
fi
else
# we need to make sure "lib" is a dir
if [ -h "${prefix}lib" ] ; then
# "lib" is a symlink, so need to convert to a dir
ewarn "Converting ${prefix}lib from a symlink to a dir"
rm -f "${prefix}lib" || die
if [ -d "${prefix}lib32" ] ; then
ewarn "Migrating ${prefix}lib32 to ${prefix}lib"
mv "${prefix}lib32" "${prefix}lib" || die
else
mkdir -p "${prefix}lib" || die
fi
elif [ -d "${prefix}lib" ] && ! has lib32 ${libdirs} ; then
# make sure the old "lib" ABI location does not exist; we
# only symlinked the lib dir on systems where we moved it
# to "lib32" ...
case ${CHOST} in
i?86*|x86_64*|powerpc*|sparc*|s390*)
if [[ -d ${prefix}lib32 && ! -h ${prefix}lib32 ]] ; then
rm -f "${prefix}lib32"/.keep || die
if ! rmdir "${prefix}lib32" 2>/dev/null ; then
ewarn "You need to merge ${prefix}lib32 into ${prefix}lib"
die "non-empty dir found where there should be none: ${prefix}lib32"
fi
fi
;;
esac
else
# nothing exists, so just set it up sanely
ewarn "Initializing ${prefix}lib as a dir"
mkdir -p "${prefix}lib" || die
fi
fi
done
if ! use split-usr ; then
for libdir in ${libdirs}; do
if [[ ! -e "${EROOT}${libdir}" ]]; then
ln -s usr/"${libdir}" "${EROOT}${libdir}" ||
die "Unable to make ${EROOT}${libdir} symlink"
fi
done
fi
}
pkg_setup() {
multilib_layout
}
src_prepare() {
default
# don't want symlinked directories in PATH on systems with usr-merge
if ! use split-usr && ! use prefix-guest; then
sed \
-e 's|:/usr/sbin:|:|g' \
-e 's|:/sbin:|:|g' \
-e 's|:/bin:|:|g' \
-i etc/env.d/50baselayout || die
fi
if use prefix; then
hprefixify -e "/EUID/s,0,${EUID}," -q '"' etc/profile
hprefixify etc/shells share/passwd
hprefixify -w '/PATH=/' etc/env.d/50baselayout
hprefixify -w 1 etc/env.d/50baselayout
echo PATH=/usr/sbin:/sbin:/usr/bin:/bin >> etc/env.d/99host
# change branding
sed -i \
-e '/gentoo-release/s/Gentoo Base/Gentoo Prefix Base/' \
-e '/make_os_release/s/${OS}/Prefix/' \
Makefile || die
fi
# handle multilib paths. do it here because we want this behavior
# regardless of the C library that you're using. we do explicitly
# list paths which the native ldconfig searches, but this isn't
# problematic as it doesn't change the resulting ld.so.cache or
# take longer to generate. similarly, listing both the native
# path and the symlinked path doesn't change the resulting cache.
local libdir ldpaths
for libdir in $(get_all_libdirs) ; do
if use split-usr || use prefix-guest; then
ldpaths+=":${EPREFIX}/${libdir}"
fi
ldpaths+=":${EPREFIX}/usr/${libdir}"
ldpaths+=":${EPREFIX}/usr/local/${libdir}"
done
echo "LDPATH='${ldpaths#:}'" >> etc/env.d/50baselayout
}
src_install() {
emake \
DESTDIR="${ED}" \
install
if [[ ${CHOST} == *-darwin* ]] ; then
# add SDK path which contains development manpages
echo "MANPATH=${EPREFIX}/MacOSX.sdk/usr/share/man" \
> "${ED}"/etc/env.d/98macos-sdk
fi
# need the makefile in pkg_preinst
insinto /usr/share/${PN}
doins Makefile
dodoc ChangeLog
# bug 858596
if use prefix-guest ; then
dodir sbin
cat > "${ED}"/sbin/runscript <<- EOF
#!/usr/bin/env sh
source "${EPREFIX}/lib/gentoo/functions.sh"
eerror "runscript/openrc-run not supported by Gentoo Prefix Base System release ${PV}" 1>&2
exit 1
EOF
chmod 755 "${ED}"/sbin/runscript || die
cp "${ED}"/sbin/{runscript,openrc-run} || die
fi
}
pkg_preinst() {
# We need to install directories and maybe some dev nodes when building
# stages, but they cannot be in CONTENTS.
# Also, we cannot reference $S as binpkg will break so we do this.
multilib_layout
if use build ; then
if use split-usr ; then
emake -C "${ED}/usr/share/${PN}" DESTDIR="${EROOT}" layout
else
emake -C "${ED}/usr/share/${PN}" DESTDIR="${EROOT}" layout-usrmerge
fi
fi
rm -f "${ED}"/usr/share/${PN}/Makefile || die
# Create symlinks in pkg_preinst to avoid Portage collision check.
# Create the symlinks in ${ED} via dosym so that we own it.
# Only create the symlinks if it wont cause a conflict in ${EROOT}.
if [[ -L ${EROOT}/var/lock || ! -e ${EROOT}/var/lock ]]; then
dosym ../run/lock /var/lock
fi
if [[ -L ${EROOT}/var/run || ! -e ${EROOT}/var/run ]]; then
dosym ../run /var/run
fi
}
pkg_postinst() {
local x
# We installed some files to /usr/share/baselayout instead of /etc to stop
# (1) overwriting the user's settings
# (2) screwing things up when attempting to merge files
# (3) accidentally packaging up personal files with quickpkg
# If they don't exist then we install them
for x in master.passwd passwd shadow group fstab ; do
[ -e "${EROOT}/etc/${x}" ] && continue
[ -e "${EROOT}/usr/share/baselayout/${x}" ] || continue
cp -p "${EROOT}/usr/share/baselayout/${x}" "${EROOT}"/etc || die
done
# Force shadow permissions to not be world-readable #260993
for x in shadow ; do
if [ -e "${EROOT}/etc/${x}" ] ; then
chmod o-rwx "${EROOT}/etc/${x}" || die
fi
done
# whine about users that lack passwords #193541
if [[ -e "${EROOT}"/etc/shadow ]] ; then
local bad_users=$(sed -n '/^[^:]*::/s|^\([^:]*\)::.*|\1|p' "${EROOT}"/etc/shadow)
if [[ -n ${bad_users} ]] ; then
echo
ewarn "The following users lack passwords!"
ewarn ${bad_users}
fi
fi
# whine about users with invalid shells #215698
if [[ -e "${EROOT}"/etc/passwd ]] ; then
local bad_shells=$(awk -F: 'system("test -e ${ROOT}" $7) { print $1 " - " $7}' "${EROOT}"/etc/passwd | sort)
if [[ -n ${bad_shells} ]] ; then
echo
ewarn "The following users have non-existent shells!"
ewarn "${bad_shells}"
fi
fi
# https://bugs.gentoo.org/361349
if use kernel_linux; then
mkdir -p "${EROOT}"/run || die
local found fstype mountpoint
while read -r _ mountpoint fstype _; do
[[ ${mountpoint} = /run ]] && [[ ${fstype} = tmpfs ]] && found=1
done < "${ROOT}"/proc/mounts
[[ -z ${found} ]] &&
ewarn "You should reboot now to get /run mounted with tmpfs!"
fi
if [[ -e "${EROOT}"/etc/env.d/00basic ]]; then
ewarn "${EROOT}/etc/env.d/00basic is now ${EROOT}/etc/env.d/50baselayout"
ewarn "Please migrate your changes."
fi
}

17
sdk_container/src/third_party/prefix-overlay/sys-apps/baselayout/metadata.xml vendored Normal file
View File

@ -0,0 +1,17 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>williamh@gentoo.org</email>
<name>William Hubbs</name>
</maintainer>
<maintainer type="project">
<email>base-system@gentoo.org</email>
<name>Gentoo Base System</name>
</maintainer>
<stabilize-allarches/>
<upstream>
<remote-id type="gentoo">proj/baselayout</remote-id>
<remote-id type="github">gentoo/baselayout</remote-id>
</upstream>
</pkgmetadata>

2
sdk_container/src/third_party/prefix-overlay/sys-apps/systemd-utils/Manifest vendored Normal file
View File

@ -0,0 +1,2 @@
DIST systemd-musl-patches-254.3.tar.gz 28640 BLAKE2B 54837f49cdb8cf025e367ad13bab0d0509c2e11ad84d29724bb6baa226c54e0ab97a91035361f66009dd9b1a22f7b3e82f90b1c14adf4aa20d576b9410589d38 SHA512 07d028a57025b2626471d6f48507f2dfc50658db24efaac93bafae9a1d4cdc3ec82e80da426d2a6280c32af2d813565609dab7df5538260ba809b63309a0ffed
DIST systemd-stable-254.3.tar.gz 14329148 BLAKE2B 10b947e04a4ef9ccaeb7adaa67ac0f391927fb172c0750ffb93d4df69d970fd91f26b052f8bfdfb4f81ae69566d0a3459cbc87cc86b624014cfb8781a2914121 SHA512 a0c361c993ac9a121823bdd58e29ef7bd25ccfd206ae0c3e1eed9833b3ddf24f53afe6f669eb9fbff5078977403236b0e4ef5a5f6fde56c504caed1d411e71fe

3
sdk_container/src/third_party/prefix-overlay/sys-apps/systemd-utils/files/40-gentoo.rules vendored Normal file
View File

@ -0,0 +1,3 @@
# Gentoo specific groups
ACTION=="add", SUBSYSTEM=="block", KERNEL=="fd[0-9]", GROUP="floppy"
ACTION=="add", SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", GROUP="usb"

3
sdk_container/src/third_party/prefix-overlay/sys-apps/systemd-utils/files/legacy.conf vendored Normal file
View File

@ -0,0 +1,3 @@
# Based on legacy.conf from systemd
d /run/lock
L /var/lock - - - - ../run/lock

2
sdk_container/src/third_party/prefix-overlay/sys-apps/systemd-utils/files/systemd-tmpfiles-clean vendored Normal file
View File

@ -0,0 +1,2 @@
#!/bin/sh
exec ionice -c idle -t systemd-tmpfiles --clean

18
sdk_container/src/third_party/prefix-overlay/sys-apps/systemd-utils/files/systemd-tmpfiles-setup vendored Normal file
View File

@ -0,0 +1,18 @@
#!/sbin/openrc-run
# Copyright 2022 Gentoo Authors
# Released under the 2-clause BSD license.
description="Create Volatile Files and Directories"
depend()
{
provide tmpfiles-setup tmpfiles.setup
need localmount
}
start()
{
ebegin "${description}"
systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev
eend $?
}

20
sdk_container/src/third_party/prefix-overlay/sys-apps/systemd-utils/files/systemd-tmpfiles-setup-dev vendored Normal file
View File

@ -0,0 +1,20 @@
#!/sbin/openrc-run
# Copyright 2022 Gentoo Authors
# Released under the 2-clause BSD license.
description="Create Static Devices Nodes in /dev"
depend()
{
provide tmpfiles-dev tmpfiles.dev
use dev-mount
before dev
keyword -prefix -vserver
}
start()
{
ebegin "${description}"
systemd-tmpfiles --prefix=/dev --create --boot
eend $?
}

58
sdk_container/src/third_party/prefix-overlay/sys-apps/systemd-utils/files/systemd-utils-254.3-add-link-kernel-install-shared-option.patch vendored Normal file
View File

@ -0,0 +1,58 @@
From 5973e4b237e7b50dca1c9f3157db459ef1ee6da5 Mon Sep 17 00:00:00 2001
From: Violet Purcell <vimproved@inventati.org>
Date: Sat, 9 Sep 2023 13:22:54 -0400
Subject: [PATCH] meson: add link-kernel-install-shared option
Signed-off-by: Violet Purcell <vimproved@inventati.org>
---
meson.build | 9 ++++++++-
meson_options.txt | 2 ++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/meson.build b/meson.build
index 053e772567..003a34574a 100644
--- a/meson.build
+++ b/meson.build
@@ -4420,11 +4420,17 @@ executable(
install : true,
install_dir : rootlibexecdir)
+if get_option('link-kernel-install-shared')
+ kernel_install_link_with = [libshared]
+else
+ kernel_install_link_with = [libsystemd_static, libshared_static]
+endif
+
kernel_install = executable(
'kernel-install',
'src/kernel-install/kernel-install.c',
include_directories : includes,
- link_with : [libshared],
+ link_with : kernel_install_link_with,
dependencies : [userspace,
versiondep],
install_rpath : rootpkglibdir,
@@ -5059,6 +5065,7 @@ foreach tuple : [
['link-timesyncd-shared', get_option('link-timesyncd-shared')],
['link-journalctl-shared', get_option('link-journalctl-shared')],
['link-boot-shared', get_option('link-boot-shared')],
+ ['link-kernel-install-shared', get_option('link-kernel-install-shared')],
['link-portabled-shared', get_option('link-portabled-shared')],
['first-boot-full-preset'],
['fexecve'],
diff --git a/meson_options.txt b/meson_options.txt
index 1909323850..36794e6d98 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -29,6 +29,8 @@ option('link-journalctl-shared', type: 'boolean',
description : 'link journalctl against libsystemd-shared.so')
option('link-boot-shared', type: 'boolean',
description : 'link bootctl and systemd-bless-boot against libsystemd-shared.so')
+option('link-kernel-install-shared', type: 'boolean',
+ description : 'link kernel-install against libsystemd-shared.so')
option('link-portabled-shared', type: 'boolean',
description : 'link systemd-portabled and its helpers to libsystemd-shared.so')
option('first-boot-full-preset', type: 'boolean', value: false,
--
2.42.0

18
sdk_container/src/third_party/prefix-overlay/sys-apps/systemd-utils/metadata.xml vendored Normal file
View File

@ -0,0 +1,18 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>systemd@gentoo.org</email>
</maintainer>
<use>
<flag name="boot">Enable systemd-boot (UEFI boot manager)</flag>
<flag name="kmod">Enable kernel module loading via <pkg>sys-apps/kmod</pkg></flag>
<flag name="sysusers">Enable systemd-sysusers</flag>
<flag name="tmpfiles">Enable systemd-tmpfiles</flag>
<flag name="udev">Enable systemd-udev (userspace device manager)</flag>
</use>
<upstream>
<remote-id type="github">systemd/systemd</remote-id>
<remote-id type="github">systemd/systemd-stable</remote-id>
</upstream>
</pkgmetadata>

537
sdk_container/src/third_party/prefix-overlay/sys-apps/systemd-utils/systemd-utils-254.3.ebuild vendored Normal file
View File

@ -0,0 +1,537 @@
# Copyright 2022-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{10..11} )
QA_PKGCONFIG_VERSION=$(ver_cut 1)
inherit bash-completion-r1 flag-o-matic linux-info meson-multilib python-single-r1
inherit secureboot toolchain-funcs udev usr-ldscript
DESCRIPTION="Utilities split out from systemd for OpenRC users"
HOMEPAGE="https://systemd.io/"
if [[ ${PV} == *.* ]]; then
MY_P="systemd-stable-${PV}"
S="${WORKDIR}/${MY_P}"
SRC_URI="https://github.com/systemd/systemd-stable/archive/refs/tags/v${PV}.tar.gz -> ${MY_P}.tar.gz"
else
MY_P="systemd-${PV}"
S="${WORKDIR}/${MY_P}"
SRC_URI="https://github.com/systemd/systemd/archive/refs/tags/v${PV}.tar.gz -> ${MY_P}.tar.gz"
fi
MUSL_PATCHSET="systemd-musl-patches-254.3"
SRC_URI+=" elibc_musl? ( https://dev.gentoo.org/~floppym/dist/${MUSL_PATCHSET}.tar.gz )"
LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
IUSE="+acl boot +kmod selinux split-usr sysusers +tmpfiles test +udev"
REQUIRED_USE="
|| ( boot tmpfiles sysusers udev )
${PYTHON_REQUIRED_USE}
"
RESTRICT="!test? ( test )"
COMMON_DEPEND="
elibc_musl? ( >=sys-libs/musl-1.2.3 )
selinux? ( sys-libs/libselinux:0= )
tmpfiles? (
acl? ( sys-apps/acl:0= )
)
udev? (
>=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
sys-libs/libcap:0=[${MULTILIB_USEDEP}]
virtual/libcrypt:=[${MULTILIB_USEDEP}]
acl? ( sys-apps/acl:0= )
kmod? ( >=sys-apps/kmod-15:0= )
)
!udev? (
>=sys-apps/util-linux-2.30:0=
sys-libs/libcap:0=
virtual/libcrypt:=
)
"
DEPEND="${COMMON_DEPEND}
>=sys-kernel/linux-headers-3.11
"
PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
RDEPEND="${COMMON_DEPEND}
boot? (
!<sys-boot/systemd-boot-250
${PYTHON_DEPS}
$(python_gen_cond_dep "${PEFILE_DEPEND}")
)
tmpfiles? ( !<sys-apps/systemd-tmpfiles-250 )
udev? (
acct-group/audio
acct-group/cdrom
acct-group/dialout
acct-group/disk
acct-group/floppy
acct-group/input
acct-group/kmem
acct-group/kvm
acct-group/lp
acct-group/render
acct-group/sgx
acct-group/tape
acct-group/tty
acct-group/usb
acct-group/video
!sys-apps/gentoo-systemd-integration
!sys-apps/hwids[udev]
!<sys-fs/udev-250
!sys-fs/eudev
)
!sys-apps/systemd
"
PDEPEND="
udev? ( >=sys-fs/udev-init-scripts-34 )
"
BDEPEND="
app-text/docbook-xml-dtd:4.2
app-text/docbook-xml-dtd:4.5
app-text/docbook-xsl-stylesheets
dev-libs/libxslt
dev-util/gperf
>=sys-apps/coreutils-8.16
sys-devel/gettext
virtual/pkgconfig
$(python_gen_cond_dep "
dev-python/jinja[\${PYTHON_USEDEP}]
dev-python/lxml[\${PYTHON_USEDEP}]
boot? (
>=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}]
test? ( ${PEFILE_DEPEND} )
)
")
"
TMPFILES_OPTIONAL=1
UDEV_OPTIONAL=1
QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
CONFIG_CHECK="~BLK_DEV_BSG ~DEVTMPFS ~!IDE ~INOTIFY_USER ~!SYSFS_DEPRECATED
~!SYSFS_DEPRECATED_V2 ~SIGNALFD ~EPOLL ~FHANDLE ~NET ~UNIX"
pkg_setup() {
if [[ ${MERGE_TYPE} != buildonly ]] && use udev; then
linux-info_pkg_setup
fi
use boot && secureboot_pkg_setup
}
src_prepare() {
local PATCHES=(
"${FILESDIR}/${PN}-254.3-add-link-kernel-install-shared-option.patch"
)
if use elibc_musl; then
PATCHES+=(
"${WORKDIR}/${MUSL_PATCHSET}"
)
fi
default
# Remove install_rpath; we link statically
local rpath_pattern="install_rpath : rootpkglibdir,"
grep -q -e "${rpath_pattern}" meson.build || die
sed -i -e "/${rpath_pattern}/d" meson.build || die
}
src_configure() {
python_setup
meson-multilib_src_configure
}
multilib_src_configure() {
local emesonargs=(
$(meson_use split-usr)
$(meson_use split-usr split-bin)
-Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
-Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
-Dsysvinit-path=
$(meson_native_use_bool boot bootloader)
$(meson_native_use_bool selinux)
$(meson_native_use_bool sysusers)
$(meson_use test tests)
$(meson_native_use_bool tmpfiles)
$(meson_use udev hwdb)
# Link staticly with libsystemd-shared
-Dlink-boot-shared=false
-Dlink-kernel-install-shared=false
-Dlink-udev-shared=false
# systemd-tmpfiles has a separate "systemd-tmpfiles.standalone" target
-Dstandalone-binaries=true
# Disable all optional features
-Dadm-group=false
-Danalyze=false
-Dapparmor=false
-Daudit=false
-Dbacklight=false
-Dbinfmt=false
-Dbpf-framework=false
-Dbzip2=false
-Dcoredump=false
-Ddbus=false
-Delfutils=false
-Denvironment-d=false
-Dfdisk=false
-Dgcrypt=false
-Dglib=false
-Dgshadow=false
-Dgnutls=false
-Dhibernate=false
-Dhostnamed=false
-Didn=false
-Dima=false
-Dinitrd=false
-Dfirstboot=false
-Dldconfig=false
-Dlibcryptsetup=false
-Dlibcurl=false
-Dlibfido2=false
-Dlibidn=false
-Dlibidn2=false
-Dlibiptc=false
-Dlocaled=false
-Dlogind=false
-Dlz4=false
-Dmachined=false
-Dmicrohttpd=false
-Dnetworkd=false
-Dnscd=false
-Dnss-myhostname=false
-Dnss-resolve=false
-Dnss-systemd=false
-Doomd=false
-Dopenssl=false
-Dp11kit=false
-Dpam=false
-Dpcre2=false
-Dpolkit=false
-Dportabled=false
-Dpstore=false
-Dpwquality=false
-Drandomseed=false
-Dresolve=false
-Drfkill=false
-Dseccomp=false
-Dsmack=false
-Dsysext=false
-Dtimedated=false
-Dtimesyncd=false
-Dtpm=false
-Dqrencode=false
-Dquotacheck=false
-Duserdb=false
-Dutmp=false
-Dvconsole=false
-Dwheel-group=false
-Dxdg-autostart=false
-Dxkbcommon=false
-Dxz=false
-Dzlib=false
-Dzstd=false
)
if use tmpfiles || use udev; then
emesonargs+=( $(meson_native_use_bool acl) )
else
emesonargs+=( -Dacl=false )
fi
if use udev; then
emesonargs+=( $(meson_native_use_bool kmod) )
else
emesonargs+=( -Dkmod=false )
fi
if use elibc_musl; then
# Avoid redefinition of struct ethhdr.
append-cppflags -D__UAPI_DEF_ETHHDR=0
fi
if multilib_is_native_abi || use udev; then
meson_src_configure
fi
}
efi_arch() {
case "$(tc-arch)" in
amd64) echo x64 ;;
arm) echo arm ;;
arm64) echo aa64 ;;
x86) echo x86 ;;
esac
}
multilib_src_compile() {
local targets=()
if multilib_is_native_abi; then
if use boot; then
targets+=(
bootctl
kernel-install
man/bootctl.1
man/kernel-install.8
90-loaderentry.install
src/boot/efi/linux$(efi_arch).efi.stub
src/boot/efi/systemd-boot$(efi_arch).efi
)
fi
if use sysusers; then
targets+=(
systemd-sysusers.standalone
man/sysusers.d.5
man/systemd-sysusers.8
)
if use test; then
targets+=(
systemd-runtest.env
)
fi
fi
if use tmpfiles; then
targets+=(
systemd-tmpfiles.standalone
man/tmpfiles.d.5
man/systemd-tmpfiles.8
tmpfiles.d/{etc,static-nodes-permissions,var}.conf
)
if use test; then
targets+=( test-tmpfile-util )
fi
fi
if use udev; then
targets+=(
udevadm
systemd-hwdb
src/udev/ata_id
src/udev/cdrom_id
src/udev/fido_id
src/udev/mtd_probe
src/udev/scsi_id
src/udev/udev.pc
src/udev/v4l_id
man/udev.conf.5
man/systemd.link.5
man/hwdb.7
man/udev.7
man/systemd-hwdb.8
man/systemd-udevd.service.8
man/udevadm.8
hwdb.d/60-autosuspend-chromiumos.hwdb
rules.d/50-udev-default.rules
rules.d/60-persistent-storage.rules
rules.d/64-btrfs.rules
)
if use test; then
targets+=(
test-fido-id-desc
test-udev-builtin
test-udev-event
test-udev-node
test-udev-util
udev-rule-runner
)
fi
fi
fi
if use udev; then
targets+=(
udev:shared_library
src/libudev/libudev.pc
)
if use test; then
targets+=(
test-libudev
test-libudev-sym
test-udev-device-thread
)
fi
fi
if multilib_is_native_abi || use udev; then
meson_src_compile "${targets[@]}"
fi
}
multilib_src_test() {
local tests=()
if multilib_is_native_abi; then
if use sysusers; then
tests+=(
test-sysusers.standalone
)
fi
if use tmpfiles; then
tests+=(
test-systemd-tmpfiles.standalone
test-tmpfile-util
)
fi
if use udev; then
tests+=(
rule-syntax-check
test-fido-id-desc
test-udev
test-udev-builtin
test-udev-event
test-udev-node
test-udev-util
)
fi
fi
if use udev; then
tests+=(
test-libudev
test-libudev-sym
test-udev-device-thread
)
fi
if [[ ${#tests[@]} -ne 0 ]]; then
meson_src_test "${tests[@]}"
fi
}
src_install() {
local rootprefix="$(usex split-usr '' /usr)"
meson-multilib_src_install
}
multilib_src_install() {
if multilib_is_native_abi; then
if use boot; then
into /usr
dobin bootctl kernel-install
doman man/{bootctl.1,kernel-install.8}
# 90-loaderentry.install is generated from 90-loaderentry.install.in
exeinto usr/lib/kernel/install.d
doexe src/kernel-install/*.install
insinto usr/lib/systemd/boot/efi
doins src/boot/efi/{linux$(efi_arch).{efi,elf}.stub,systemd-boot$(efi_arch).efi}
fi
if use sysusers; then
into "${rootprefix:-/}"
newbin systemd-sysusers{.standalone,}
doman man/{systemd-sysusers.8,sysusers.d.5}
fi
if use tmpfiles; then
into "${rootprefix:-/}"
newbin systemd-tmpfiles{.standalone,}
doman man/{systemd-tmpfiles.8,tmpfiles.d.5}
insinto /usr/lib/tmpfiles.d
doins tmpfiles.d/{etc,static-nodes-permissions,var}.conf
fi
if use udev; then
into "${rootprefix:-/}"
dobin udevadm systemd-hwdb
dosym ../../bin/udevadm "${rootprefix}"/lib/systemd/systemd-udevd
exeinto "${rootprefix}"/lib/udev
doexe src/udev/{ata_id,cdrom_id,fido_id,mtd_probe,scsi_id,v4l_id}
rm -f rules.d/99-systemd.rules
insinto "${rootprefix}"/lib/udev/rules.d
doins rules.d/*.rules
insinto "${rootprefix}"/lib/udev/hwdb.d
doins hwdb.d/*.hwdb
insinto /usr/share/pkgconfig
doins src/udev/udev.pc
doman man/{udev.conf.5,systemd.link.5,hwdb.7,systemd-hwdb.8,udev.7,udevadm.8}
newman man/systemd-udevd.service.8 systemd-udevd.8
fi
fi
if use udev; then
meson_install --no-rebuild --tags libudev
gen_usr_ldscript -a udev
insinto "/usr/$(get_libdir)/pkgconfig"
doins src/libudev/libudev.pc
fi
}
multilib_src_install_all() {
einstalldocs
if use boot; then
into /usr
exeinto usr/lib/kernel/install.d
doexe src/kernel-install/*.install
dobashcomp shell-completion/bash/bootctl
insinto /usr/share/zsh/site-functions
doins shell-completion/zsh/{_bootctl,_kernel-install}
fi
if use tmpfiles; then
doinitd "${FILESDIR}"/systemd-tmpfiles-setup
doinitd "${FILESDIR}"/systemd-tmpfiles-setup-dev
exeinto /etc/cron.daily
doexe "${FILESDIR}"/systemd-tmpfiles-clean
insinto /usr/share/zsh/site-functions
doins shell-completion/zsh/_systemd-tmpfiles
insinto /usr/lib/tmpfiles.d
doins tmpfiles.d/{tmp,x11}.conf
doins "${FILESDIR}"/legacy.conf
fi
if use udev; then
doheader src/libudev/libudev.h
insinto /etc/udev
doins src/udev/udev.conf
keepdir /etc/udev/{hwdb.d,rules.d}
insinto "${rootprefix}"/lib/systemd/network
doins network/99-default.link
# Remove to avoid conflict with elogind
# https://bugs.gentoo.org/856433
rm rules.d/70-power-switch.rules || die
insinto "${rootprefix}"/lib/udev/rules.d
doins rules.d/*.rules
doins "${FILESDIR}"/40-gentoo.rules
insinto "${rootprefix}"/lib/udev/hwdb.d
doins hwdb.d/*.hwdb
dobashcomp shell-completion/bash/udevadm
insinto /usr/share/zsh/site-functions
doins shell-completion/zsh/_udevadm
fi
use boot && secureboot_auto_sign
}
add_service() {
local initd=$1
local runlevel=$2
ebegin "Adding '${initd}' service to the '${runlevel}' runlevel"
mkdir -p "${EROOT}/etc/runlevels/${runlevel}" &&
ln -snf "${EPREFIX}/etc/init.d/${initd}" "${EROOT}/etc/runlevels/${runlevel}/${initd}"
eend $?
}
pkg_postinst() {
if [[ -z ${REPLACING_VERSIONS} ]]; then
add_service systemd-tmpfiles-setup-dev sysinit
add_service systemd-tmpfiles-setup boot
fi
if use udev; then
ebegin "Updating hwdb"
systemd-hwdb --root="${ROOT}" update
eend $?
udev_reload
fi
}

1
sdk_container/src/third_party/prefix-overlay/sys-libs/libxcrypt/Manifest vendored Normal file
View File

@ -0,0 +1 @@
DIST libxcrypt-4.4.36-autotools.tar.xz 624660 BLAKE2B 8dc3d0f354baf8c64dc011e95e7df10d48b0dfe428503936ffd55edf2745de04003c7efe231ed5d9a14cea7f682ba377b7e00f0463b4060c50c9c29f555b790f SHA512 fb8391ecb89622eb0d74d13c5fc1369718e83c47671449044ca0c2f78a236d7b06177a60bf8cda47694caa840c68eaaf0b23690e8975fa5d64b734c8eb246d10

14
sdk_container/src/third_party/prefix-overlay/sys-libs/libxcrypt/files/libxcrypt-4.4.19-multibuild.patch vendored Normal file
View File

@ -0,0 +1,14 @@
diff --git a/Makefile.am b/Makefile.am
index d0cca1d..4a5d4a1 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -86,9 +86,7 @@ noinst_HEADERS = \
test/des-cases.h \
test/ka-table.inc
-if ENABLE_XCRYPT_COMPAT_FILES
nodist_include_HEADERS += xcrypt.h
-endif
noinst_PROGRAMS = \
lib/gen-des-tables

340
sdk_container/src/third_party/prefix-overlay/sys-libs/libxcrypt/libxcrypt-4.4.36.ebuild vendored Normal file
View File

@ -0,0 +1,340 @@
# Copyright 2004-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{10..11} )
# NEED_BOOTSTRAP is for developers to quickly generate a tarball
# for publishing to the tree.
NEED_BOOTSTRAP="no"
inherit multibuild multilib python-any-r1 flag-o-matic toolchain-funcs multilib-minimal
DESCRIPTION="Extended crypt library for descrypt, md5crypt, bcrypt, and others"
HOMEPAGE="https://github.com/besser82/libxcrypt"
if [[ ${NEED_BOOTSTRAP} == "yes" ]] ; then
inherit autotools
SRC_URI="https://github.com/besser82/libxcrypt/releases/download/v${PV}/${P}.tar.xz"
else
SRC_URI="https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-autotools.tar.xz"
fi
LICENSE="LGPL-2.1+ public-domain BSD BSD-2"
SLOT="0/1"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86"
IUSE="+compat split-usr static-libs +system test headers-only"
REQUIRED_USE="split-usr? ( system )"
RESTRICT="!test? ( test )"
export CTARGET=${CTARGET:-${CHOST}}
if [[ ${CTARGET} == ${CHOST} ]] ; then
if [[ ${CATEGORY/cross-} != ${CATEGORY} ]] ; then
export CTARGET=${CATEGORY/cross-}
fi
fi
is_cross() {
local enabled_abis=( $(multilib_get_enabled_abis) )
[[ "${#enabled_abis[@]}" -le 1 ]] && [[ ${CHOST} != ${CTARGET} ]]
}
DEPEND="
system? (
elibc_glibc? (
${CATEGORY}/glibc[-crypt(+)]
!${CATEGORY}/glibc[crypt(+)]
)
elibc_musl? (
${CATEGORY}/musl[-crypt(+)]
!${CATEGORY}/musl[crypt(+)]
)
)
"
RDEPEND="${DEPEND}"
BDEPEND="
dev-lang/perl
test? ( $(python_gen_any_dep 'dev-python/passlib[${PYTHON_USEDEP}]') )
"
python_check_deps() {
python_has_version "dev-python/passlib[${PYTHON_USEDEP}]"
}
pkg_pretend() {
if has "distcc" ${FEATURES} ; then
ewarn "Please verify all distcc nodes are using the same versions of GCC (>= 10) and Binutils!"
ewarn "Older/mismatched versions of GCC may lead to a misbehaving library: bug #823179."
if [[ ${BUILD_TYPE} != "binary" ]] && tc-is-gcc && [[ $(gcc-major-version) -lt 10 ]] ; then
die "libxcrypt is known to fail to build or be broken at runtime with < GCC 10 (bug #823179)!"
fi
fi
}
pkg_setup() {
MULTIBUILD_VARIANTS=(
$(usev compat 'xcrypt_compat')
xcrypt_nocompat
)
use test && python-any-r1_pkg_setup
}
src_prepare() {
default
# WARNING: Please read on bumping or applying patches!
#
# There are two circular dependencies to be aware of:
# 1)
# if we're bootstrapping configure and makefiles:
# libxcrypt -> automake -> perl -> libxcrypt
#
# mitigation:
# toolchain@ manually runs `make dist` after running autoconf + `./configure`
# and the ebuild uses that.
# (Don't include the pre-generated Perl artefacts.)
#
# solution for future:
# Upstream are working on producing `make dist` tarballs.
# https://github.com/besser82/libxcrypt/issues/134#issuecomment-871833573
#
# 2)
# configure *unconditionally* needs Perl at build time to generate
# a list of enabled algorithms based on the set passed to `configure`:
# libxcrypt -> perl -> libxcrypt
#
# mitigation:
# None at the moment.
#
# solution for future:
# Not possible right now. Upstream intend on depending on Perl for further
# configuration options.
# https://github.com/besser82/libxcrypt/issues/134#issuecomment-871833573
#
# Therefore, on changes (inc. bumps):
# * You must check whether upstream have started providing tarballs with bootstrapped
# auto{conf,make};
#
# * diff the build system changes!
#
if [[ ${NEED_BOOTSTRAP} == "yes" ]] ; then
# Facilitate our split variant build for compat + non-compat
eapply "${FILESDIR}"/${PN}-4.4.19-multibuild.patch
eautoreconf
fi
}
src_configure() {
# Avoid possible "illegal instruction" errors with gold
# bug #821496
tc-ld-disable-gold
# Doesn't work with LTO: bug #852917.
# https://github.com/besser82/libxcrypt/issues/24
filter-lto
# ideally we want !tc-ld-is-bfd for best future-proofing, but it needs
# https://github.com/gentoo/gentoo/pull/28355
# mold needs this too but right now tc-ld-is-mold is also not available
if tc-ld-is-lld; then
append-ldflags -Wl,--undefined-version
fi
multibuild_foreach_variant multilib-minimal_src_configure
}
get_xcprefix() {
if is_cross; then
echo "${EPREFIX}/usr/${CTARGET}"
else
echo "${EPREFIX}"
fi
}
get_xclibdir() {
printf -- "%s/%s/%s/%s\n" \
"$(get_xcprefix)" \
"$(usev !split-usr '/usr')" \
"$(get_libdir)" \
"$(usev !system 'xcrypt')"
}
get_xcincludedir() {
printf -- "%s/usr/include/%s\n" \
"$(get_xcprefix)" \
"$(usev !system 'xcrypt')"
}
get_xcmandir() {
printf -- "%s/usr/share/man\n" \
"$(get_xcprefix)"
}
get_xcpkgconfigdir() {
printf -- "%s/usr/%s/pkgconfig\n" \
"$(get_xcprefix)" \
"$(get_libdir)"
}
multilib_src_configure() {
local -a myconf=(
--host=${CTARGET}
--disable-werror
--libdir=$(get_xclibdir)
--with-pkgconfigdir=$(get_xcpkgconfigdir)
--includedir=$(get_xcincludedir)
--mandir="$(get_xcmandir)"
)
tc-export PKG_CONFIG
if is_cross; then
if tc-is-clang; then
export CC="${CTARGET}-clang"
else
export CC="${CTARGET}-gcc"
fi
fi
case "${MULTIBUILD_ID}" in
xcrypt_compat-*)
myconf+=(
--disable-static
--disable-xcrypt-compat-files
--enable-obsolete-api=yes
)
;;
xcrypt_nocompat-*)
myconf+=(
--enable-obsolete-api=no
$(use_enable static-libs static)
)
;;
*) die "Unexpected MULTIBUILD_ID: ${MULTIBUILD_ID}";;
esac
if use headers-only; then
# Nothing is compiled here which would affect the headers for the target.
# So forcing CC is sane.
headers_only_flags="CC=$(tc-getBUILD_CC)"
fi
ECONF_SOURCE="${S}" econf "${myconf[@]}" "${headers_only_flags}"
}
src_compile() {
use headers-only && return
multibuild_foreach_variant multilib-minimal_src_compile
}
multilib_src_test() {
emake check
}
src_test() {
multibuild_foreach_variant multilib-minimal_src_test
}
src_install() {
multibuild_foreach_variant multilib-minimal_src_install
use headers-only || \
(
shopt -s failglob || die "failglob failed"
# Make sure our man pages do not collide with glibc or man-pages.
for manpage in "${D}$(get_xcmandir)"/man3/crypt{,_r}.?*; do
mv -n "${manpage}" "$(dirname "${manpage}")/xcrypt_$(basename "${manpage}")" \
|| die "mv failed"
done
) || die "failglob error"
# Remove useless stuff from installation
find "${ED}"/usr/share/doc/${PF} -type l -delete || die
find "${ED}" -name '*.la' -delete || die
# workaround broken upstream cross-* --docdir by installing files in proper locations
if is_cross; then
insinto "$(get_xcprefix)"/usr/share
doins -r "${ED}"/usr/share/doc
rm -r "${ED}"/usr/share/doc || die
fi
}
multilib_src_install() {
if use headers-only; then
emake DESTDIR="${D}" install-nodist_includeHEADERS
return
fi
emake DESTDIR="${D}" install
# Don't install the libcrypt.so symlink for the "compat" version
case "${MULTIBUILD_ID}" in
xcrypt_compat-*)
rm "${D}"$(get_xclibdir)/libcrypt$(get_libname) \
|| die "failed to remove extra compat libraries"
;;
xcrypt_nocompat-*)
if use split-usr; then
(
if use static-libs; then
# .a files are installed to /$(get_libdir) by default
# Move static libraries to /usr prefix or portage will abort
shopt -s nullglob || die "failglob failed"
static_libs=( "${D}"/$(get_xclibdir)/*.a )
if [[ -n ${static_libs[*]} ]]; then
dodir "/usr/$(get_xclibdir)"
mv "${static_libs[@]}" "${ED}/usr/$(get_xclibdir)" \
|| die "Moving static libs failed"
fi
fi
if use system; then
# Move versionless .so symlinks from /$(get_libdir) to /usr/$(get_libdir)
# to allow linker to correctly find shared libraries.
shopt -s failglob || die "failglob failed"
for lib_file in "${D}"$(get_xclibdir)/*$(get_libname); do
lib_file_basename="$(basename "${lib_file}")"
lib_file_target="$(basename "$(readlink -f "${lib_file}")")"
# We already know we're in split-usr (checked above)
# See bug #843209 (also worth keeping in mind bug #802222 too)
local libdir_no_prefix=$(get_xclibdir)
libdir_no_prefix=${libdir_no_prefix#${EPREFIX}}
libdir_no_prefix=${libdir_no_prefix%/usr}
dosym -r "/$(get_libdir)/${lib_file_target}" "/usr/${libdir_no_prefix}/${lib_file_basename}"
done
rm "${D}"$(get_xclibdir)/*$(get_libname) || die "Removing symlinks in incorrect location failed"
fi
)
fi
;;
*) die "Unexpected MULTIBUILD_ID: ${MULTIBUILD_ID}";;
esac
}
pkg_preinst() {
# Verify we're not in a bad case like bug #843209 with broken symlinks.
# This can be dropped when, if ever, the split-usr && system && compat case
# is cleaned up in *_src_install.
local broken_symlinks=()
mapfile -d '' broken_symlinks < <(
find "${ED}" -xtype l -print0
)
if [[ ${#broken_symlinks[@]} -gt 0 ]]; then
eerror "Broken symlinks found before merging!"
local symlink target resolved
for symlink in "${broken_symlinks[@]}" ; do
target="$(readlink "${symlink}")"
resolved="$(readlink -f "${symlink}")"
eerror " '${symlink}' -> '${target}' (${resolved})"
done
die "Broken symlinks found! Aborting to avoid damaging system. Please report a bug."
fi
}

21
sdk_container/src/third_party/prefix-overlay/sys-libs/libxcrypt/metadata.xml vendored Normal file
View File

@ -0,0 +1,21 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>toolchain@gentoo.org</email>
<name>Gentoo Toolchain Project</name>
</maintainer>
<longdescription>
Crypt library for DES, MD5, and blowfish. Libxcrypt is a replacement for
libcrypt, which comes with the GNU C Library. It supports DES crypt,
MD5, and passwords with blowfish encryption.
</longdescription>
<use>
<flag name="compat">Build with compatibility interfaces for other crypt implementations</flag>
<flag name="system">Install as system libcrypt.so rather than to an alternate directory (will collide with <pkg>sys-libs/glibc</pkg>'s version)</flag>
<flag name="headers-only">Build and install only the headers.</flag>
</use>
<upstream>
<remote-id type="github">besser82/libxcrypt</remote-id>
</upstream>
</pkgmetadata>

143
setup_prefix Executable file
View File

@ -0,0 +1,143 @@
#!/bin/bash
. "$(dirname "$0")/common.sh" || exit 1
. "${BUILD_LIBRARY_DIR}/prefix_util.sh" || exit 1
assert_inside_chroot
assert_not_root_user
staging_dir_opt_placeholder="${DEFAULT_STAGING_ROOT}prefix-<board>/<prefix-name>"
final_dir_opt_placeholder="${SCRIPTS_DIR}/__prefix__/<board>/<prefix-name>"
DEFINE_string board "${DEFAULT_BOARD}" \
"Board (architecture) to build for in prefix."
DEFINE_string staging_dir "${staging_dir_opt_placeholder}" \
"Staging (build) directory for this prefix."
DEFINE_string final_dir "${final_dir_opt_placeholder}" \
"Local directory to install the final prefixed binaries and runtime dependencies to.
'<final-dir>/root' will contain the FS root to e.g. create a sysext from."
DEFINE_boolean force "${FLAGS_FALSE}" \
"Force re-creating a prefix that already exists. THIS WILL REMOVE THE OLD PREFIX ENTIRELY."
DEFINE_boolean uninstall "${FLAGS_FALSE}" \
"Uninstall an existing prefix, removing all directories and wrapper scripts associated with it.
If set, <prefix path> can be omitted."
DEFINE_string cross_boss_root "${SCRIPTS_DIR}/cross-boss" \
"Custom cross-boss scripts root."
# TODO: implement
#DEFINE_string custom_ebuild_overlays "" \
# "Comma-separated list of additional ebuild overlays to add to the prefix."
FLAGS_HELP="usage: setup_prefix [flags] <prefix name> <prefix path>
setup_prefix creates a new prefix as well as an emerge wrapper.
<prefix name> - Common name of the prefix. Will be used for naming portage wrappers.
<prefix path> - Absolute library / executables path to use for this prefix, e.g. '/usr/local/mystuff'.
Binaries and libraries will live below <prefix>; binaries will be
linked against <prefix>/lib etc. Should start with /usr or /opt if you
want to use the installation directory to create a sysext.
Please refer to PREFIX.md for general information on prefixes.
"
show_help_if_requested "$@"
FLAGS "$@" || exit 1
eval set -- "${FLAGS_ARGV}"
switch_to_strict_mode -uo pipefail
name="${1:-}"
prefix="${2:-}"
if [ "${FLAGS_uninstall}" = "${FLAGS_TRUE}" ] ; then
# We don't really care about prefix when uninstalling.
# Make sure it is set so we don't need to set it on the uninstall command line.
prefix="ignored"
fi
if [[ ! ${name} || ! ${prefix} ]] ; then
error "Missing mandatory positional parameter."
flags_help
exit 1
fi
if [ "${FLAGS_staging_dir}" = "${staging_dir_opt_placeholder}" ] ; then
FLAGS_staging_dir="${DEFAULT_STAGING_ROOT}prefix-${FLAGS_board}/${name}"
fi
if [ "${FLAGS_final_dir}" = "${final_dir_opt_placeholder}" ] ; then
FLAGS_final_dir="${SCRIPTS_DIR}/__prefix__/${FLAGS_board}/${name}"
fi
#
# Helper functions
#
function check_force_dirs() {
local what="${1}"
local dir="${2}"
if [ -e "${dir}" ] ; then
if [ "${FLAGS_force}" = "${FLAGS_FALSE}" ] ; then
error "${what} directory '${dir}' already exists! Use --force to remove and to re-create prefix."
exit 1
else
warn "Removing ${what} directory '${dir}' as requested ('--force' option)."
sudo rm -rf "${dir}"
fi
fi
}
# --
#
# Main
#
set_prefix_vars "${name}" "${prefix}"
prefix_repo="$(dirname "$(EPREFIX="" portageq get_repo_path / portage-stable)")/prefix-overlay"
if [ "${FLAGS_uninstall}" = "${FLAGS_TRUE}" ] ; then
warn "Removing prefix '${name}' and all associated direcroties and wrappers."
sudo rm -vrf "${STAGINGDIR}" "${FINALDIR}"
# TODO: cover all portage tools, not just emerge
sudo rm -vf "$(emerge_name with-path)"
exit
fi
if [ ! -e "${CB_ROOT}/bin/cb-bootstrap" ] ; then
error "Cross-boss not found at '${CB_ROOT}'"
error "Please make sure cross-boss is available (i.e. git clone https://github.com/chewi/cross-boss)."
error "See PREFIX.md for more information."
exit 1
fi
info "Installing SDK prerequisites and creating prefix directories"
check_force_dirs "staging" "${STAGINGDIR}"
check_force_dirs "installation" "${FINALDIR}"
setup_prefix_dirs "${prefix_repo}" 2>&1 | lineprepend "Prefix directories"
create_make_conf "staging"
create_make_conf "final"
install_prereqs "${prefix_repo}" 2>&1 | lineprepend "SDK prereqs"
# --
info "Bootstrapping staging environment in '${STAGINGROOT}'".
sudo env EPREFIX="${EPREFIX}" "${CB_ROOT}"/bin/cb-bootstrap "${STAGINGROOT}" 2>&1 | lineprepend "cb-bootstrap"
info "Extracting GCC libraries to installation root / final."
extract_gcc_libs 2>&1 | lineprepend "GCC libs for final"
# TODO: cover all portage tools, not just emerge
info "Creating wrappers"
create_emerge_wrapper
info "Emerging installation root foundational dependencies."
$(emerge_name) prefix/prefix-final | lineprepend "final init"
info "Done. Use '$(emerge_name)' to emerge packages into the prefix."