diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest index c55454b6bc..3ab21e1dc8 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest @@ -1 +1,2 @@ -DIST unifont-8.0.01.hex.gz 938016 SHA256 f67cffeb5e8a0ce5ad2c19a6f289a4e7c8caa0b8c624368adaf8571994c3ec1c SHA512 23aa0228da186b2f6575c1f06101f58713dfb98193ad3772405668d4e3e18d4c1e0fea40639b237dd3a5f4dee6dea90aed85fea3c28165fdfeeace79a2059e6f WHIRLPOOL 23069b019ca1aa9e33df4ce7a728d399090670b85e37029d45f9a0125d13f965039c7e5b9cd6bc633ef259780286f0e6a596b410c1fc144f1f1205e69e36c5cb +DIST systemd-233-man.tar.gz 31386 SHA256 825e62eb82c4e23997061fc8f56f7ec9bb1e6ac1111d279c76c926cc2bfbf1dc SHA512 cc5215d3590ffc3c9203a64c14d6adeb0148c421c1396b8c1e43dcb58763b687ce99bdee327dd8a00abab7198171e73b22109a3f2032e4cec6adf2dcc85acf40 WHIRLPOOL ff1f36beff377f675047271df38503e8b71d615ea73c5fdfebf465edaf1fe29b4f89e3194d65cdf84eec9b7c3156de597627fdaffa4b86018520aaa127a7a159 +DIST systemd-233.tar.gz 4660737 SHA256 8b3e99da3d4164b66581830a7f2436c0c8fe697b5fbdc3927bdb960646be0083 SHA512 5ad5329ea116d973cf67096f7e7ad28e9ea0905696e9451291f1d25e5064f4a9bfcfae87e912996c6a38397e9f4a148d4ccecfa9b70f7ecdf04deadb61784c8e WHIRLPOOL ce19f6a546b8f899cfa952e49d47f063fd29186be4a53391bc30ea2c487eb2c140a74ad843a1dc499bb61bba3e9ca055613852291e38b85af5d79c59409dc176 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-Dont-enable-audit-by-default.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-Dont-enable-audit-by-default.patch new file mode 100644 index 0000000000..f44b4be85d --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-Dont-enable-audit-by-default.patch @@ -0,0 +1,30 @@ +From: Martin Pitt +Date: Sun, 28 Dec 2014 12:49:35 +0100 +Subject: Don't enable audit by default + +It causes flooding of dmesg and syslog, suppressing actually important +messages. + +Don't enable it for now, until a better solution is found: +http://lists.freedesktop.org/archives/systemd-devel/2014-December/026591.html + +Bug-Debian: https://bugs.debian.org/773528 +--- + src/journal/journald-audit.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/src/journal/journald-audit.c b/src/journal/journald-audit.c +index 69742fa..25ef743 100644 +--- a/src/journal/journald-audit.c ++++ b/src/journal/journald-audit.c +@@ -542,10 +542,5 @@ int server_open_audit(Server *s) { + if (r < 0) + return log_error_errno(r, "Failed to add audit fd to event loop: %m"); + +- /* We are listening now, try to enable audit */ +- r = enable_audit(s->audit_fd, true); +- if (r < 0) +- log_warning_errno(r, "Failed to issue audit enable call: %m"); +- + return 0; + } diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/228-noclean-tmp.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/228-noclean-tmp.patch new file mode 100644 index 0000000000..769aa04ccf --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/228-noclean-tmp.patch @@ -0,0 +1,28 @@ +From b23c098d5787e06770872b19f83fffa14d8a7d14 Mon Sep 17 00:00:00 2001 +From: Mike Gilbert +Date: Fri, 25 Sep 2015 10:26:18 -0400 +Subject: [PATCH] tmpfiles: Disable cleaning of /tmp and /var/tmp + +Bug: https://bugs.gentoo.org/490676 +--- + tmpfiles.d/tmp.conf | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tmpfiles.d/tmp.conf b/tmpfiles.d/tmp.conf +index 6bbd1aa..a361062 100644 +--- a/tmpfiles.d/tmp.conf ++++ b/tmpfiles.d/tmp.conf +@@ -8,8 +8,8 @@ + # See tmpfiles.d(5) for details + + # Clear tmp directories separately, to make them easier to override +-q /tmp 1777 root root 10d +-q /var/tmp 1777 root root 30d ++q /tmp 1777 root root ++q /var/tmp 1777 root root + + # Exclude namespace mountpoints created with PrivateTmp=yes + x /tmp/systemd-private-%b-* +-- +2.4.10 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/233-systemd-user-pam.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/233-systemd-user-pam.patch new file mode 100644 index 0000000000..eb2223e52f --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/233-systemd-user-pam.patch @@ -0,0 +1,16 @@ +--- a/src/login/systemd-user.m4 ++++ b/src/login/systemd-user.m4 +@@ -2,11 +2,7 @@ + # + # Used by systemd --user instances. + +-account required pam_unix.so +-m4_ifdef(`HAVE_SELINUX', +-session required pam_selinux.so close +-session required pam_selinux.so nottys open +-)m4_dnl +-session required pam_loginuid.so ++account include system-auth ++session include system-auth + session optional pam_keyinit.so force revoke + session optional pam_systemd.so diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/nsswitch.conf b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/nsswitch.conf new file mode 100644 index 0000000000..00667c0c08 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/nsswitch.conf @@ -0,0 +1,27 @@ +# Sample nss configuration for systemd + +# systemd-specific modules +# See the manual pages fore further information. +# nss-myhostname - host resolution for the local hostname +# nss-mymachines - host, user, group resolution for containers +# nss-resolve - host resolution using resolved +# nss-systemd - dynamic user/group resolution (DynamicUser in unit files) + +passwd: compat mymachines systemd +shadow: compat +group: compat mymachines systemd +gshadow: files + +hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname +networks: files + +services: db files +protocols: db files +rpc: db files +ethers: db files +netmasks: files +netgroup: files +bootparams: files + +automount: files +aliases: files diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml index 1e6a5da4a4..9970bd1925 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml @@ -1,22 +1,24 @@ - + systemd@gentoo.org Gentoo systemd team + + Incremented for ABI breaks in libudev or libsystemd + Enable AppArmor support Enable support for sys-process/audit Enable support for uploading journals; required to build systemd-import/systemd-pull Enable cryptsetup tools (includes unit generator for crypttab) - Enable user-space firmware loader (for kernels prior to 3.8) + Generate systemd.index.7 and systemd.directives.7 Enable EFI boot manager and stub loader (built using sys-boot/gnu-efi) Enable coredump stacktraces in the journal Enable sealing of journal files using gcrypt; required to build systemd-import/systemd-pull - enable libudev gobject interface Enable embedded HTTP server in journald Enable import daemon Connect to kernel dbus (KDBUS) instead of userspace dbus if available @@ -25,7 +27,6 @@ Enable support for network address translation in networkd Enable qrcode output support in journal Install sysvinit compatibility symlinks and manpages for init, telinit, halt, poweroff, reboot, runlevel, and shutdown - Enable experimental userspace virtual terminal support Disable Gentoo-specific behavior and compatibility quirks Validate XKB keymap in logind diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-225-r14.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-225-r14.ebuild deleted file mode 100644 index 33135bdd6d..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-225-r14.ebuild +++ /dev/null @@ -1,520 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/systemd-9999.ebuild,v 1.184 2015/08/01 15:10:12 floppym Exp $ - -EAPI=5 - -AUTOTOOLS_AUTORECONF=yes -AUTOTOOLS_PRUNE_LIBTOOL_FILES=all -CROS_WORKON_PROJECT="coreos/systemd" -CROS_WORKON_REPO="git://github.com" - -if [[ ${PV} == 9999 ]]; then - # Use ~arch instead of empty keywords for compatibility with cros-workon - KEYWORDS="~amd64 ~arm64 ~arm ~x86" -else - CROS_WORKON_COMMIT="b5b5968e593d6acfe5630cf28a129d94c8081e0f" # v225-coreos - KEYWORDS="amd64 arm64 ~arm ~x86" -fi - -# cros-workon must be imported first, in cases where cros-workon and -# another eclass exports the same function (say src_compile) we want -# the later eclass's version to win. Only need src_unpack from workon. -inherit cros-workon - -inherit autotools-utils bash-completion-r1 linux-info multilib \ - multilib-minimal pam systemd toolchain-funcs udev user - -DESCRIPTION="System and service manager for Linux" -HOMEPAGE="http://www.freedesktop.org/wiki/Software/systemd" - -LICENSE="GPL-2 LGPL-2.1 MIT public-domain" -SLOT="0/2" -IUSE="acl apparmor audit cryptsetup curl elfutils gcrypt gnuefi http - idn importd +kdbus +kmod +lz4 lzma nat pam policykit - qrcode +seccomp selinux ssl sysv-utils test vanilla xkb" - -# CoreOS specific use flags -IUSE+=" man symlink-usr" - -REQUIRED_USE="importd? ( curl gcrypt lzma )" - -MINKV="3.8" - -COMMON_DEPEND=">=sys-apps/util-linux-2.26:0=[${MULTILIB_USEDEP}] - sys-libs/libcap:0=[${MULTILIB_USEDEP}] - !=sys-process/audit-2:0= ) - cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= ) - curl? ( net-misc/curl:0= ) - elfutils? ( >=dev-libs/elfutils-0.158:0= ) - gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) - http? ( - >=net-libs/libmicrohttpd-0.9.33:0= - ssl? ( >=net-libs/gnutls-3.1.4:0= ) - ) - idn? ( net-dns/libidn:0= ) - importd? ( - app-arch/bzip2:0= - sys-libs/zlib:0= - ) - kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-0_p119:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - nat? ( net-firewall/iptables:0= ) - pam? ( virtual/pam:= ) - qrcode? ( media-gfx/qrencode:0= ) - seccomp? ( sys-libs/libseccomp:0= ) - selinux? ( sys-libs/libselinux:0= ) - sysv-utils? ( - !sys-apps/systemd-sysv-utils - !sys-apps/sysvinit ) - xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) - abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )" - -# baselayout-2.2 has /run -RDEPEND="${COMMON_DEPEND} - >=sys-apps/baselayout-2.2 - !sys-auth/nss-myhostname - !sys-fs/eudev - !sys-fs/udev" - -# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -PDEPEND=">=sys-apps/dbus-1.6.8-r1:0[systemd] - >=sys-apps/hwids-20150417[udev] - policykit? ( sys-auth/polkit ) - !vanilla? ( sys-apps/gentoo-systemd-integration )" - -# Newer linux-headers needed by ia64, bug #480218 -DEPEND="${COMMON_DEPEND} - app-arch/xz-utils:0 - dev-util/gperf - >=dev-util/intltool-0.50 - >=sys-apps/coreutils-8.16 - >=sys-devel/binutils-2.23.1 - >=sys-devel/gcc-4.6 - >=sys-kernel/linux-headers-${MINKV} - ia64? ( >=sys-kernel/linux-headers-3.9 ) - virtual/pkgconfig - gnuefi? ( >=sys-boot/gnu-efi-3.0.2 ) - test? ( >=sys-apps/dbus-1.6.8-r1:0 )" - -# Not required when building from unpatched tarballs, but we build from git. -DEPEND+=" - man? ( app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0 ) - >=dev-libs/libgcrypt-1.4.5:0" - -pkg_pretend() { - local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS - ~DEVPTS_MULTIPLE_INSTANCES ~DEVTMPFS ~DMIID ~EPOLL ~FANOTIFY ~FHANDLE - ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SECCOMP ~SIGNALFD ~SYSFS - ~TIMERFD ~TMPFS_XATTR - ~!FW_LOADER_USER_HELPER ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED - ~!SYSFS_DEPRECATED_V2" - - use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" - kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG" - - if linux_config_exists; then - local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) - if [ -n "${uevent_helper_path}" ] && [ "${uevent_helper_path}" != '""' ]; then - ewarn "It's recommended to set an empty value to the following kernel config option:" - ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" - fi - fi - - if [[ ${MERGE_TYPE} != binary ]]; then - if [[ $(gcc-major-version) -lt 4 - || ( $(gcc-major-version) -eq 4 && $(gcc-minor-version) -lt 6 ) ]] - then - eerror "systemd requires at least gcc 4.6 to build. Please switch the active" - eerror "gcc version using gcc-config." - die "systemd requires at least gcc 4.6" - fi - fi - - if [[ ${MERGE_TYPE} != buildonly ]]; then - if kernel_is -lt ${MINKV//./ }; then - ewarn "Kernel version at least ${MINKV} required" - fi - - check_extra_config - fi -} - -pkg_setup() { - : -} - -src_unpack() { - default - cros-workon_src_unpack -} - -src_prepare() { - # Bug 463376 - sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die - - autotools-utils_src_prepare -} - -src_configure() { - # Keep using the one where the rules were installed. - MY_UDEVDIR=$(get_udevdir) - # Fix systems broken by bug #509454. - [[ ${MY_UDEVDIR} ]] || MY_UDEVDIR=/lib/udev - - multilib-minimal_src_configure -} - -multilib_src_configure() { - local myeconfargs=( - --with-pamconfdir=/usr/share/pam.d - - # Workaround for gcc-4.7, bug 554454. - cc_cv_CFLAGS__Werror_shadow=no - - # Workaround for bug 516346 - --enable-dependency-tracking - - --disable-maintainer-mode - --localstatedir=/var - --with-pamlibdir=$(getpam_mod_dir) - # avoid bash-completion dep - --with-bashcompletiondir="$(get_bashcompdir)" - # make sure we get /bin:/sbin in $PATH - --enable-split-usr - # For testing. - --with-rootprefix="${ROOTPREFIX-/usr}" - --with-rootlibdir="${ROOTPREFIX-/usr}/$(get_libdir)" - # disable sysv compatibility - --with-sysvinit-path= - --with-sysvrcnd-path= - # no deps - --enable-efi - --enable-ima - --without-python - - # Optional components/dependencies - $(multilib_native_use_enable acl) - $(multilib_native_use_enable apparmor) - $(multilib_native_use_enable audit) - $(multilib_native_use_enable cryptsetup libcryptsetup) - $(multilib_native_use_enable curl libcurl) - $(multilib_native_use_enable elfutils) - $(use_enable gcrypt) - $(multilib_native_use_enable gnuefi) - $(multilib_native_use_enable http microhttpd) - $(usex http $(multilib_native_use_enable ssl gnutls) --disable-gnutls) - $(multilib_native_use_enable idn libidn) - $(multilib_native_use_enable importd) - $(multilib_native_use_enable importd bzip2) - $(multilib_native_use_enable importd zlib) - $(use_enable kdbus) - $(multilib_native_use_enable kmod) - $(use_enable lz4) - $(use_enable lzma xz) - $(multilib_native_use_enable man manpages) - $(multilib_native_use_enable nat libiptc) - $(multilib_native_use_enable pam) - $(multilib_native_use_enable policykit polkit) - $(multilib_native_use_enable qrcode qrencode) - $(multilib_native_use_enable seccomp) - $(multilib_native_use_enable selinux) - $(multilib_native_use_enable test tests) - $(multilib_native_use_enable test dbus) - $(multilib_native_use_enable xkb xkbcommon) - - # hardcode a few paths to spare some deps - QUOTAON=/usr/sbin/quotaon - QUOTACHECK=/usr/sbin/quotacheck - - # TODO: we may need to restrict this to gcc - EFI_CC="$(tc-getCC)" - - # dbus paths - --with-dbuspolicydir="${EPREFIX}/usr/share/dbus-1/system.d" - --with-dbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services" - --with-dbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services" - - --with-ntp-servers="0.coreos.pool.ntp.org 1.coreos.pool.ntp.org 2.coreos.pool.ntp.org 3.coreos.pool.ntp.org" - - # The CoreOS epoch, Mon Jul 1 00:00:00 UTC 2013. Used by timesyncd - # as a sanity check for the minimum acceptable time. Explicitly set - # to avoid using the current build time. - --with-time-epoch=1372636800 - - # no default name servers - --with-dns-servers= - ) - - # Work around bug 463846. - tc-export CC - - autotools-utils_src_configure -} - -multilib_src_compile() { - local mymakeopts=( - udevlibexecdir="${MY_UDEVDIR}" - ) - - if multilib_is_native_abi; then - emake "${mymakeopts[@]}" - else - echo 'gentoo: $(BUILT_SOURCES)' | \ - emake "${mymakeopts[@]}" -f Makefile -f - gentoo - echo 'gentoo: $(lib_LTLIBRARIES) $(pkgconfiglib_DATA)' | \ - emake "${mymakeopts[@]}" -f Makefile -f - gentoo - fi -} - -multilib_src_test() { - multilib_is_native_abi || continue - - default -} - -multilib_src_install() { - local mymakeopts=( - # automake fails with parallel libtool relinking - # https://bugs.gentoo.org/show_bug.cgi?id=491398 - -j1 - - udevlibexecdir="${MY_UDEVDIR}" - dist_udevhwdb_DATA= - DESTDIR="${D}" - ) - - if multilib_is_native_abi; then - emake "${mymakeopts[@]}" install - else - mymakeopts+=( - install-libLTLIBRARIES - install-pkgconfiglibDATA - install-includeHEADERS - # safe to call unconditionally, 'installs' empty list - install-pkgincludeHEADERS - ) - - emake "${mymakeopts[@]}" - fi - - # install compat pkg-config files - # Change dbus to >=sys-apps/dbus-1.8.8 if/when this is dropped. - local pcfiles=( src/compat-libs/libsystemd-{daemon,id128,journal,login}.pc ) - emake "${mymakeopts[@]}" install-pkgconfiglibDATA \ - pkgconfiglib_DATA="${pcfiles[*]}" -} - -multilib_src_install_all() { - local unitdir=$(systemd_get_unitdir) - - prune_libtool_files --modules - einstalldocs - - if use sysv-utils; then - local prefix - use symlink-usr && prefix=/usr - for app in halt poweroff reboot runlevel shutdown telinit; do - dosym "${ROOTPREFIX-/usr}/bin/systemctl" ${prefix}/sbin/${app} - done - dosym "${ROOTPREFIX-/usr}/lib/systemd/systemd" ${prefix}/sbin/init - elif use man; then - # we just keep sysvinit tools, so no need for the mans - rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \ - || die - rm "${D}"/usr/share/man/man1/init.1 || die - fi - - # Ensure journal directory has correct ownership/mode in inital image. - # This is fixed by systemd-tmpfiles *but* journald starts before that - # and will create the journal if the filesystem is already read-write. - # Conveniently the systemd Makefile sets this up completely wrong. - dodir /var/log/journal - fowners root:systemd-journal /var/log/journal - fperms 2755 /var/log/journal - - systemd_dotmpfilesd "${FILESDIR}"/systemd-coreos.conf - systemd_dotmpfilesd "${FILESDIR}"/systemd-resolv.conf - - # Don't default to graphical.target - rm "${D}${unitdir}"/default.target || die - dosym multi-user.target "${unitdir}"/default.target - - # Move a few services enabled in /etc to /usr, delete files individually - # so builds fail if systemd adds any new unexpected stuff to /etc - local f - for f in \ - getty.target.wants/getty@tty1.service \ - multi-user.target.wants/remote-fs.target \ - multi-user.target.wants/systemd-networkd.service \ - multi-user.target.wants/systemd-resolved.service \ - network-online.target.wants/systemd-networkd-wait-online.service \ - sockets.target.wants/systemd-networkd.socket \ - sysinit.target.wants/systemd-timesyncd.service - do - local s="${f#*/}" t="${f%/*}" - local u="${s/@*.service/@.service}" - - # systemd_enable_service doesn't understand template units - einfo "Enabling ${s} via ${t}" - dodir "${unitdir}/${t}" - dosym "../${u}" "${unitdir}/${t}/${s}" - - rm "${D}/etc/systemd/system/${f}" || die - done - rmdir "${D}"/etc/systemd/system/*.wants || die - - # Grant networkd access to set the transient host name - insinto /usr/share/polkit-1/rules.d - doins "${FILESDIR}"/99-org.freedesktop.hostname1.rules - - # Do not enable random services if /etc was detected as empty!!! - rm "${D}"/usr/lib/systemd/system-preset/90-systemd.preset - insinto /usr/lib/systemd/system-preset - doins "${FILESDIR}"/99-default.preset - - # Disable the "First Boot Wizard" by default, it isn't very applicable to CoreOS - rm "${D}${unitdir}"/sysinit.target.wants/systemd-firstboot.service - - # Do not ship distro-specific files (nsswitch.conf pam.d) - rm -rf "${D}"/usr/share/factory - sed -i "${D}"/usr/lib/tmpfiles.d/etc.conf \ - -e '/^C \/etc\/nsswitch\.conf/d' \ - -e '/^C \/etc\/pam\.d/d' -} - -migrate_locale() { - local envd_locale_def="${EROOT%/}/etc/env.d/02locale" - local envd_locale=( "${EROOT%/}"/etc/env.d/??locale ) - local locale_conf="${EROOT%/}/etc/locale.conf" - - if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then - # If locale.conf does not exist... - if [[ -e ${envd_locale} ]]; then - # ...either copy env.d/??locale if there's one - ebegin "Moving ${envd_locale} to ${locale_conf}" - mv "${envd_locale}" "${locale_conf}" - eend ${?} || FAIL=1 - else - # ...or create a dummy default - ebegin "Creating ${locale_conf}" - cat > "${locale_conf}" <<-EOF - # This file has been created by the sys-apps/systemd ebuild. - # See locale.conf(5) and localectl(1). - - # LANG=${LANG} - EOF - eend ${?} || FAIL=1 - fi - fi - - if [[ ! -L ${envd_locale} ]]; then - # now, if env.d/??locale is not a symlink (to locale.conf)... - if [[ -e ${envd_locale} ]]; then - # ...warn the user that he has duplicate locale settings - ewarn - ewarn "To ensure consistent behavior, you should replace ${envd_locale}" - ewarn "with a symlink to ${locale_conf}. Please migrate your settings" - ewarn "and create the symlink with the following command:" - ewarn "ln -s -n -f ../locale.conf ${envd_locale}" - ewarn - else - # ...or just create the symlink if there's nothing here - ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" - ln -n -s ../locale.conf "${envd_locale_def}" - eend ${?} || FAIL=1 - fi - fi -} - -migrate_net_name_slot() { - # If user has disabled 80-net-name-slot.rules using a empty file or a symlink to /dev/null, - # do the same for 80-net-setup-link.rules to keep the old behavior - local net_move=no - local net_name_slot_sym=no - local net_rules_path="${EROOT%/}"/etc/udev/rules.d - local net_name_slot="${net_rules_path}"/80-net-name-slot.rules - local net_setup_link="${net_rules_path}"/80-net-setup-link.rules - if [[ -e ${net_setup_link} ]]; then - net_move=no - elif [[ -f ${net_name_slot} && $(sed -e "/^#/d" -e "/^\W*$/d" ${net_name_slot} | wc -l) == 0 ]]; then - net_move=yes - elif [[ -L ${net_name_slot} && $(readlink ${net_name_slot}) == /dev/null ]]; then - net_move=yes - net_name_slot_sym=yes - fi - if [[ ${net_move} == yes ]]; then - ebegin "Copying ${net_name_slot} to ${net_setup_link}" - - if [[ ${net_name_slot_sym} == yes ]]; then - ln -nfs /dev/null "${net_setup_link}" - else - cp "${net_name_slot}" "${net_setup_link}" - fi - eend $? || FAIL=1 - fi -} - -pkg_postinst() { - newusergroup() { - enewgroup "$1" - enewuser "$1" -1 -1 -1 "$1" - } - - enewgroup input - enewgroup systemd-journal - newusergroup systemd-bus-proxy - newusergroup systemd-journal-gateway - newusergroup systemd-journal-remote - newusergroup systemd-journal-upload - newusergroup systemd-network - newusergroup systemd-resolve - newusergroup systemd-timesync - use http && newusergroup systemd-journal-gateway - - systemd_update_catalog - - # Keep this here in case the database format changes so it gets updated - # when required. Despite that this file is owned by sys-apps/hwids. - if has_version "sys-apps/hwids[udev]"; then - udevadm hwdb --update --root="${ROOT%/}" - fi - - udev_reload || FAIL=1 - - # Bug 465468, make sure locales are respect, and ensure consistency - # between OpenRC & systemd - migrate_locale - - # Migrate 80-net-name-slot.rules -> 80-net-setup-link.rules - migrate_net_name_slot - - if [[ ${FAIL} ]]; then - eerror "One of the postinst commands failed. Please check the postinst output" - eerror "for errors. You may need to clean up your system and/or try installing" - eerror "systemd again." - eerror - fi - - if [[ $(readlink "${ROOT}"/etc/resolv.conf) == */run/systemd/network/resolv.conf ]]; then - ewarn "resolv.conf is now generated by systemd-resolved. To use it, enable" - ewarn "systemd-resolved.service, and create a symlink from /etc/resolv.conf" - ewarn "to /run/systemd/resolve/resolv.conf" - ewarn - fi -} - -pkg_prerm() { - # If removing systemd completely, remove the catalog database. - if [[ ! ${REPLACED_BY_VERSION} ]]; then - rm -f -v "${EROOT}"/var/lib/systemd/catalog/database - fi -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-229-r108.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-229-r108.ebuild deleted file mode 100644 index 7e758cd74a..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-229-r108.ebuild +++ /dev/null @@ -1,550 +0,0 @@ -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=6 - -CROS_WORKON_PROJECT="coreos/systemd" -CROS_WORKON_REPO="git://github.com" - -if [[ ${PV} == 9999 ]]; then - # Use ~arch instead of empty keywords for compatibility with cros-workon - KEYWORDS="~amd64 ~arm64 ~arm ~x86" -else - CROS_WORKON_COMMIT="e9fa78159bf392f12347c9d7709053ff2146e88c" # v229-coreos - KEYWORDS="amd64 arm64 ~arm ~x86" -fi - -# cros-workon must be imported first, in cases where cros-workon and -# another eclass exports the same function (say src_compile) we want -# the later eclass's version to win. Only need src_unpack from workon. -inherit cros-workon - -inherit autotools bash-completion-r1 linux-info multilib \ - multilib-minimal pam systemd toolchain-funcs udev user - -DESCRIPTION="System and service manager for Linux" -HOMEPAGE="http://www.freedesktop.org/wiki/Software/systemd" - -LICENSE="GPL-2 LGPL-2.1 MIT public-domain" -SLOT="0/2" -IUSE="acl apparmor audit cryptsetup curl elfutils gcrypt gnuefi http - idn importd +kdbus +kmod +lz4 lzma nat pam policykit - qrcode +seccomp selinux ssl sysv-utils test vanilla xkb" - -# CoreOS specific use flags -IUSE+=" man symlink-usr" - -REQUIRED_USE="importd? ( curl gcrypt lzma )" - -MINKV="3.11" - -COMMON_DEPEND=">=sys-apps/util-linux-2.27.1:0=[${MULTILIB_USEDEP}] - sys-libs/libcap:0=[${MULTILIB_USEDEP}] - !=sys-process/audit-2:0= ) - cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= ) - curl? ( net-misc/curl:0= ) - elfutils? ( >=dev-libs/elfutils-0.158:0= ) - gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) - http? ( - >=net-libs/libmicrohttpd-0.9.33:0= - ssl? ( >=net-libs/gnutls-3.1.4:0= ) - ) - idn? ( net-dns/libidn:0= ) - importd? ( - app-arch/bzip2:0= - sys-libs/zlib:0= - ) - kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - nat? ( net-firewall/iptables:0= ) - pam? ( virtual/pam:= ) - qrcode? ( media-gfx/qrencode:0= ) - seccomp? ( sys-libs/libseccomp:0= ) - selinux? ( sys-libs/libselinux:0= ) - sysv-utils? ( - !sys-apps/systemd-sysv-utils - !sys-apps/sysvinit ) - xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) - abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )" - -# baselayout-2.2 has /run -# laptop-mode-tools: https://github.com/systemd/systemd/issues/2684 -RDEPEND="${COMMON_DEPEND} - >=sys-apps/baselayout-2.2 - !sys-auth/nss-myhostname - !sys-fs/eudev - !sys-fs/udev - !app-laptop/laptop-mode-tools" - -# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -PDEPEND=">=sys-apps/dbus-1.6.8-r1:0[systemd] - >=sys-apps/hwids-20150417[udev] - policykit? ( sys-auth/polkit ) - !vanilla? ( sys-apps/gentoo-systemd-integration )" - -# Newer linux-headers needed by ia64, bug #480218 -DEPEND="${COMMON_DEPEND} - app-arch/xz-utils:0 - dev-util/gperf - >=dev-util/intltool-0.50 - >=sys-apps/coreutils-8.16 - >=sys-devel/binutils-2.23.1 - >=sys-devel/gcc-4.6 - >=sys-kernel/linux-headers-${MINKV} - virtual/pkgconfig - gnuefi? ( >=sys-boot/gnu-efi-3.0.2 ) - test? ( >=sys-apps/dbus-1.6.8-r1:0 )" - -# Not required when building from unpatched tarballs, but we build from git. -DEPEND+=" - man? ( app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0 )" - -pkg_pretend() { - local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS - ~DEVPTS_MULTIPLE_INSTANCES ~DEVTMPFS ~DMIID ~EPOLL ~FANOTIFY ~FHANDLE - ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SECCOMP ~SIGNALFD ~SYSFS - ~TIMERFD ~TMPFS_XATTR - ~!FW_LOADER_USER_HELPER ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED - ~!SYSFS_DEPRECATED_V2" - - use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" - kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG" - - if linux_config_exists; then - local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) - if [ -n "${uevent_helper_path}" ] && [ "${uevent_helper_path}" != '""' ]; then - ewarn "It's recommended to set an empty value to the following kernel config option:" - ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" - fi - fi - - if [[ ${MERGE_TYPE} != binary ]]; then - if [[ $(gcc-major-version) -lt 4 - || ( $(gcc-major-version) -eq 4 && $(gcc-minor-version) -lt 6 ) ]] - then - eerror "systemd requires at least gcc 4.6 to build. Please switch the active" - eerror "gcc version using gcc-config." - die "systemd requires at least gcc 4.6" - fi - fi - - if [[ ${MERGE_TYPE} != buildonly ]]; then - if kernel_is -lt ${MINKV//./ }; then - ewarn "Kernel version at least ${MINKV} required" - fi - - check_extra_config - fi -} - -pkg_setup() { - : -} - -src_unpack() { - default - cros-workon_src_unpack -} - -src_prepare() { - # Bug 463376 - sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die - - [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches ) - - default - - eautoreconf -} - -src_configure() { - # Keep using the one where the rules were installed. - MY_UDEVDIR=$(get_udevdir) - # Fix systems broken by bug #509454. - [[ ${MY_UDEVDIR} ]] || MY_UDEVDIR=/lib/udev - - # Prevent conflicts with i686 cross toolchain, bug 559726 - tc-export AR CC NM OBJCOPY RANLIB - - multilib-minimal_src_configure -} - -multilib_src_configure() { - local myeconfargs=( - # disable -flto since it is an optimization flag - # and makes distcc less effective - cc_cv_CFLAGS__flto=no - # disable -fuse-ld=gold since Gentoo supports explicit linker - # choice and forcing gold is undesired, #539998 - # ld.gold may collide with user's LDFLAGS, #545168 - # ld.gold breaks sparc, #573874 - cc_cv_LDFLAGS__Wl__fuse_ld_gold=no - - # Workaround for gcc-4.7, bug 554454. - cc_cv_CFLAGS__Werror_shadow=no - - --with-pamconfdir=/usr/share/pam.d - - # Workaround for bug 516346 - --enable-dependency-tracking - - --disable-maintainer-mode - --localstatedir=/var - --with-pamlibdir=$(getpam_mod_dir) - # avoid bash-completion dep - --with-bashcompletiondir="$(get_bashcompdir)" - # make sure we get /bin:/sbin in $PATH - --enable-split-usr - # For testing. - --with-rootprefix="${ROOTPREFIX-/usr}" - --with-rootlibdir="${ROOTPREFIX-/usr}/$(get_libdir)" - # disable sysv compatibility - --with-sysvinit-path= - --with-sysvrcnd-path= - # no deps - --enable-efi - --enable-ima - --without-python - - # Optional components/dependencies - $(multilib_native_use_enable acl) - $(multilib_native_use_enable apparmor) - $(multilib_native_use_enable audit) - $(multilib_native_use_enable cryptsetup libcryptsetup) - $(multilib_native_use_enable curl libcurl) - $(multilib_native_use_enable elfutils) - $(use_enable gcrypt) - $(multilib_native_use_enable gnuefi) - $(multilib_native_use_enable http microhttpd) - $(usex http $(multilib_native_use_enable ssl gnutls) --disable-gnutls) - $(multilib_native_use_enable idn libidn) - $(multilib_native_use_enable importd) - $(multilib_native_use_enable importd bzip2) - $(multilib_native_use_enable importd zlib) - $(use_enable kdbus) - $(multilib_native_use_enable kmod) - $(use_enable lz4) - $(use_enable lzma xz) - $(multilib_native_use_enable man manpages) - $(multilib_native_use_enable nat libiptc) - $(multilib_native_use_enable pam) - $(multilib_native_use_enable policykit polkit) - $(multilib_native_use_enable qrcode qrencode) - $(multilib_native_use_enable seccomp) - $(multilib_native_use_enable selinux) - $(multilib_native_use_enable test tests) - $(multilib_native_use_enable test dbus) - $(multilib_native_use_enable xkb xkbcommon) - - # hardcode a few paths to spare some deps - QUOTAON=/usr/sbin/quotaon - QUOTACHECK=/usr/sbin/quotacheck - - # TODO: we may need to restrict this to gcc - EFI_CC="$(tc-getCC)" - - # dbus paths - --with-dbuspolicydir="${EPREFIX}/usr/share/dbus-1/system.d" - --with-dbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services" - --with-dbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services" - - --with-ntp-servers="0.coreos.pool.ntp.org 1.coreos.pool.ntp.org 2.coreos.pool.ntp.org 3.coreos.pool.ntp.org" - - # The CoreOS epoch, Mon Jul 1 00:00:00 UTC 2013. Used by timesyncd - # as a sanity check for the minimum acceptable time. Explicitly set - # to avoid using the current build time. - --with-time-epoch=1372636800 - - # no default name servers - --with-dns-servers= - ) - - # Work around bug 463846. - tc-export CC - - ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" -} - -multilib_src_compile() { - local mymakeopts=( - udevlibexecdir="${MY_UDEVDIR}" - ) - - if multilib_is_native_abi; then - emake "${mymakeopts[@]}" - else - echo 'gentoo: $(BUILT_SOURCES)' | \ - emake "${mymakeopts[@]}" -f Makefile -f - gentoo - echo 'gentoo: $(lib_LTLIBRARIES) $(pkgconfiglib_DATA)' | \ - emake "${mymakeopts[@]}" -f Makefile -f - gentoo - fi -} - -multilib_src_test() { - multilib_is_native_abi || continue - - # Needed for bus-related tests - local -x SANDBOX_WRITE=${SANDBOX_WRITE} - addwrite /sys/fs/kdbus - - default -} - -multilib_src_install() { - local mymakeopts=( - # automake fails with parallel libtool relinking - # https://bugs.gentoo.org/show_bug.cgi?id=491398 - -j1 - - udevlibexecdir="${MY_UDEVDIR}" - dist_udevhwdb_DATA= - DESTDIR="${D}" - ) - - if multilib_is_native_abi; then - emake "${mymakeopts[@]}" install - else - mymakeopts+=( - install-libLTLIBRARIES - install-pkgconfiglibDATA - install-includeHEADERS - # safe to call unconditionally, 'installs' empty list - install-pkgincludeHEADERS - ) - - emake "${mymakeopts[@]}" - fi - - # install compat pkg-config files - # Change dbus to >=sys-apps/dbus-1.8.8 if/when this is dropped. - local pcfiles=( src/compat-libs/libsystemd-{daemon,id128,journal,login}.pc ) - emake "${mymakeopts[@]}" install-pkgconfiglibDATA \ - pkgconfiglib_DATA="${pcfiles[*]}" -} - -multilib_src_install_all() { - local unitdir=$(systemd_get_systemunitdir) - - prune_libtool_files --modules - einstalldocs - - if use sysv-utils; then - local prefix - use symlink-usr && prefix=/usr - for app in halt poweroff reboot runlevel shutdown telinit; do - dosym "${ROOTPREFIX-/usr}/bin/systemctl" ${prefix}/sbin/${app} - done - dosym "${ROOTPREFIX-/usr}/lib/systemd/systemd" ${prefix}/sbin/init - elif use man; then - # we just keep sysvinit tools, so no need for the mans - rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \ - || die - rm "${D}"/usr/share/man/man1/init.1 || die - fi - - # Ensure journal directory has correct ownership/mode in inital image. - # This is fixed by systemd-tmpfiles *but* journald starts before that - # and will create the journal if the filesystem is already read-write. - # Conveniently the systemd Makefile sets this up completely wrong. - dodir /var/log/journal - fowners root:systemd-journal /var/log/journal - fperms 2755 /var/log/journal - - systemd_dotmpfilesd "${FILESDIR}"/systemd-coreos.conf - systemd_dotmpfilesd "${FILESDIR}"/systemd-resolv.conf - - # Don't default to graphical.target - rm "${D}${unitdir}"/default.target || die - dosym multi-user.target "${unitdir}"/default.target - - # Move a few services enabled in /etc to /usr, delete files individually - # so builds fail if systemd adds any new unexpected stuff to /etc - local f - for f in \ - getty.target.wants/getty@tty1.service \ - multi-user.target.wants/remote-fs.target \ - multi-user.target.wants/systemd-networkd.service \ - multi-user.target.wants/systemd-resolved.service \ - network-online.target.wants/systemd-networkd-wait-online.service \ - sockets.target.wants/systemd-networkd.socket \ - sysinit.target.wants/systemd-timesyncd.service - do - local s="${f#*/}" t="${f%/*}" - local u="${s/@*.service/@.service}" - - # systemd_enable_service doesn't understand template units - einfo "Enabling ${s} via ${t}" - dodir "${unitdir}/${t}" - dosym "../${u}" "${unitdir}/${t}/${s}" - - rm "${D}/etc/systemd/system/${f}" || die - done - rmdir "${D}"/etc/systemd/system/*.wants || die - - # Grant networkd access to set the transient host name - insinto /usr/share/polkit-1/rules.d - doins "${FILESDIR}"/99-org.freedesktop.hostname1.rules - - # Do not enable random services if /etc was detected as empty!!! - rm "${D}"/usr/lib/systemd/system-preset/90-systemd.preset - insinto /usr/lib/systemd/system-preset - doins "${FILESDIR}"/99-default.preset - - # Disable the "First Boot Wizard" by default, it isn't very applicable to CoreOS - rm "${D}${unitdir}"/sysinit.target.wants/systemd-firstboot.service - - # Do not ship distro-specific files (nsswitch.conf pam.d) - rm -rf "${D}"/usr/share/factory - sed -i "${D}"/usr/lib/tmpfiles.d/etc.conf \ - -e '/^C \/etc\/nsswitch\.conf/d' \ - -e '/^C \/etc\/pam\.d/d' -} - -migrate_locale() { - local envd_locale_def="${EROOT%/}/etc/env.d/02locale" - local envd_locale=( "${EROOT%/}"/etc/env.d/??locale ) - local locale_conf="${EROOT%/}/etc/locale.conf" - - if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then - # If locale.conf does not exist... - if [[ -e ${envd_locale} ]]; then - # ...either copy env.d/??locale if there's one - ebegin "Moving ${envd_locale} to ${locale_conf}" - mv "${envd_locale}" "${locale_conf}" - eend ${?} || FAIL=1 - else - # ...or create a dummy default - ebegin "Creating ${locale_conf}" - cat > "${locale_conf}" <<-EOF - # This file has been created by the sys-apps/systemd ebuild. - # See locale.conf(5) and localectl(1). - - # LANG=${LANG} - EOF - eend ${?} || FAIL=1 - fi - fi - - if [[ ! -L ${envd_locale} ]]; then - # now, if env.d/??locale is not a symlink (to locale.conf)... - if [[ -e ${envd_locale} ]]; then - # ...warn the user that he has duplicate locale settings - ewarn - ewarn "To ensure consistent behavior, you should replace ${envd_locale}" - ewarn "with a symlink to ${locale_conf}. Please migrate your settings" - ewarn "and create the symlink with the following command:" - ewarn "ln -s -n -f ../locale.conf ${envd_locale}" - ewarn - else - # ...or just create the symlink if there's nothing here - ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" - ln -n -s ../locale.conf "${envd_locale_def}" - eend ${?} || FAIL=1 - fi - fi -} - -migrate_net_name_slot() { - # If user has disabled 80-net-name-slot.rules using a empty file or a symlink to /dev/null, - # do the same for 80-net-setup-link.rules to keep the old behavior - local net_move=no - local net_name_slot_sym=no - local net_rules_path="${EROOT%/}"/etc/udev/rules.d - local net_name_slot="${net_rules_path}"/80-net-name-slot.rules - local net_setup_link="${net_rules_path}"/80-net-setup-link.rules - if [[ -e ${net_setup_link} ]]; then - net_move=no - elif [[ -f ${net_name_slot} && $(sed -e "/^#/d" -e "/^\W*$/d" ${net_name_slot} | wc -l) == 0 ]]; then - net_move=yes - elif [[ -L ${net_name_slot} && $(readlink ${net_name_slot}) == /dev/null ]]; then - net_move=yes - net_name_slot_sym=yes - fi - if [[ ${net_move} == yes ]]; then - ebegin "Copying ${net_name_slot} to ${net_setup_link}" - - if [[ ${net_name_slot_sym} == yes ]]; then - ln -nfs /dev/null "${net_setup_link}" - else - cp "${net_name_slot}" "${net_setup_link}" - fi - eend $? || FAIL=1 - fi -} - -reenable_unit() { - if systemctl is-enabled --root="${ROOT}" "$1" &> /dev/null; then - ebegin "Re-enabling $1" - systemctl reenable --root="${ROOT}" "$1" - eend $? || FAIL=1 - fi -} - -pkg_postinst() { - newusergroup() { - enewgroup "$1" - enewuser "$1" -1 -1 -1 "$1" - } - - enewgroup input - enewgroup systemd-journal - newusergroup systemd-bus-proxy - newusergroup systemd-coredump - newusergroup systemd-journal-gateway - newusergroup systemd-journal-remote - newusergroup systemd-journal-upload - newusergroup systemd-network - newusergroup systemd-resolve - newusergroup systemd-timesync - use http && newusergroup systemd-journal-gateway - - systemd_update_catalog - - # Keep this here in case the database format changes so it gets updated - # when required. Despite that this file is owned by sys-apps/hwids. - if has_version "sys-apps/hwids[udev]"; then - udevadm hwdb --update --root="${ROOT%/}" - fi - - udev_reload || FAIL=1 - - # Bug 465468, make sure locales are respect, and ensure consistency - # between OpenRC & systemd - migrate_locale - - # Migrate 80-net-name-slot.rules -> 80-net-setup-link.rules - migrate_net_name_slot - - # Re-enable systemd-networkd for socket activation - reenable_unit systemd-networkd.service - - if [[ ${FAIL} ]]; then - eerror "One of the postinst commands failed. Please check the postinst output" - eerror "for errors. You may need to clean up your system and/or try installing" - eerror "systemd again." - eerror - fi - - if [[ $(readlink "${ROOT}"/etc/resolv.conf) == */run/systemd/network/resolv.conf ]]; then - ewarn "resolv.conf is now generated by systemd-resolved. To use it, enable" - ewarn "systemd-resolved.service, and create a symlink from /etc/resolv.conf" - ewarn "to /run/systemd/resolve/resolv.conf" - ewarn - fi -} - -pkg_prerm() { - # If removing systemd completely, remove the catalog database. - if [[ ! ${REPLACED_BY_VERSION} ]]; then - rm -f -v "${EROOT}"/var/lib/systemd/catalog/database - fi -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-231-r12.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-231-r12.ebuild deleted file mode 120000 index 8da16946bc..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-231-r12.ebuild +++ /dev/null @@ -1 +0,0 @@ -systemd-9999.ebuild \ No newline at end of file diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-231-r12.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-231-r12.ebuild new file mode 100644 index 0000000000..1f16dd23f1 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-231-r12.ebuild @@ -0,0 +1,550 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 + +CROS_WORKON_PROJECT="coreos/systemd" +CROS_WORKON_REPO="git://github.com" + +if [[ ${PV} == 9999 ]]; then + # Use ~arch instead of empty keywords for compatibility with cros-workon + KEYWORDS="~amd64 ~arm64 ~arm ~x86" +else + CROS_WORKON_COMMIT="88e69092b73c24569d2010f09029ae1f14df0454" # v231-coreos + KEYWORDS="amd64 arm64 ~arm ~x86" +fi + +# cros-workon must be imported first, in cases where cros-workon and +# another eclass exports the same function (say src_compile) we want +# the later eclass's version to win. Only need src_unpack from workon. +inherit cros-workon + +inherit autotools bash-completion-r1 linux-info multilib \ + multilib-minimal pam systemd toolchain-funcs udev user + +DESCRIPTION="System and service manager for Linux" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd" + +LICENSE="GPL-2 LGPL-2.1 MIT public-domain" +SLOT="0/2" +IUSE="acl apparmor audit cryptsetup curl elfutils gcrypt gnuefi http + idn importd +kdbus +kmod +lz4 lzma nat pam policykit + qrcode +seccomp selinux ssl sysv-utils test vanilla xkb" + +# CoreOS specific use flags +IUSE+=" man symlink-usr" + +REQUIRED_USE="importd? ( curl gcrypt lzma )" + +MINKV="3.11" + +COMMON_DEPEND=">=sys-apps/util-linux-2.27.1:0=[${MULTILIB_USEDEP}] + sys-libs/libcap:0=[${MULTILIB_USEDEP}] + !=sys-process/audit-2:0= ) + cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= ) + curl? ( net-misc/curl:0= ) + elfutils? ( >=dev-libs/elfutils-0.158:0= ) + gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) + http? ( + >=net-libs/libmicrohttpd-0.9.33:0= + ssl? ( >=net-libs/gnutls-3.1.4:0= ) + ) + idn? ( net-dns/libidn:0= ) + importd? ( + app-arch/bzip2:0= + sys-libs/zlib:0= + ) + kmod? ( >=sys-apps/kmod-15:0= ) + lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) + nat? ( net-firewall/iptables:0= ) + pam? ( virtual/pam:= ) + qrcode? ( media-gfx/qrencode:0= ) + seccomp? ( sys-libs/libseccomp:0= ) + selinux? ( sys-libs/libselinux:0= ) + sysv-utils? ( + !sys-apps/systemd-sysv-utils + !sys-apps/sysvinit ) + xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) + abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )" + +# baselayout-2.2 has /run +RDEPEND="${COMMON_DEPEND} + >=sys-apps/baselayout-2.2 + !sys-auth/nss-myhostname + !sys-fs/eudev + !sys-fs/udev" + +# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) +PDEPEND=">=sys-apps/dbus-1.8.8:0[systemd] + >=sys-apps/hwids-20150417[udev] + policykit? ( sys-auth/polkit ) + !vanilla? ( sys-apps/gentoo-systemd-integration )" + +# Newer linux-headers needed by ia64, bug #480218 +DEPEND="${COMMON_DEPEND} + app-arch/xz-utils:0 + dev-util/gperf + >=dev-util/intltool-0.50 + >=sys-apps/coreutils-8.16 + >=sys-devel/binutils-2.23.1 + >=sys-devel/gcc-4.6 + >=sys-kernel/linux-headers-${MINKV} + virtual/pkgconfig + gnuefi? ( >=sys-boot/gnu-efi-3.0.2 ) + test? ( >=sys-apps/dbus-1.6.8-r1:0 ) +" + +# Not required when building from unpatched tarballs, but we build from git. +DEPEND+=" + man? ( app-text/docbook-xml-dtd:4.2 + app-text/docbook-xml-dtd:4.5 + app-text/docbook-xsl-stylesheets + dev-libs/libxslt:0 )" + +pkg_pretend() { + local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS + ~DEVPTS_MULTIPLE_INSTANCES ~DEVTMPFS ~DMIID ~EPOLL ~FANOTIFY ~FHANDLE + ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SECCOMP ~SIGNALFD ~SYSFS + ~TIMERFD ~TMPFS_XATTR ~UNIX + ~!FW_LOADER_USER_HELPER ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED + ~!SYSFS_DEPRECATED_V2" + + use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" + kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG" + + if linux_config_exists; then + local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) + if [ -n "${uevent_helper_path}" ] && [ "${uevent_helper_path}" != '""' ]; then + ewarn "It's recommended to set an empty value to the following kernel config option:" + ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" + fi + fi + + if [[ ${MERGE_TYPE} != binary ]]; then + if [[ $(gcc-major-version) -lt 4 + || ( $(gcc-major-version) -eq 4 && $(gcc-minor-version) -lt 6 ) ]] + then + eerror "systemd requires at least gcc 4.6 to build. Please switch the active" + eerror "gcc version using gcc-config." + die "systemd requires at least gcc 4.6" + fi + fi + + if [[ ${MERGE_TYPE} != buildonly ]]; then + if kernel_is -lt ${MINKV//./ }; then + ewarn "Kernel version at least ${MINKV} required" + fi + + check_extra_config + fi +} + +pkg_setup() { + : +} + +src_unpack() { + default + cros-workon_src_unpack +} + +src_prepare() { + # Bug 463376 + sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die + # Bug https://github.com/systemd/systemd/issues/3826 + sed -i -e 's,/usr/lib/systemd/resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/etc.conf.m4 || die + + [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches ) + + default + + eautoreconf +} + +src_configure() { + # Keep using the one where the rules were installed. + MY_UDEVDIR=$(get_udevdir) + # Fix systems broken by bug #509454. + [[ ${MY_UDEVDIR} ]] || MY_UDEVDIR=/lib/udev + + # Prevent conflicts with i686 cross toolchain, bug 559726 + tc-export AR CC NM OBJCOPY RANLIB + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myeconfargs=( + # disable -flto since it is an optimization flag + # and makes distcc less effective + cc_cv_CFLAGS__flto=no + # disable -fuse-ld=gold since Gentoo supports explicit linker + # choice and forcing gold is undesired, #539998 + # ld.gold may collide with user's LDFLAGS, #545168 + # ld.gold breaks sparc, #573874 + cc_cv_LDFLAGS__Wl__fuse_ld_gold=no + + # Workaround for gcc-4.7, bug 554454. + cc_cv_CFLAGS__Werror_shadow=no + + --with-pamconfdir=/usr/share/pam.d + + # Workaround for bug 516346 + --enable-dependency-tracking + + --disable-maintainer-mode + --localstatedir=/var + --with-pamlibdir=$(getpam_mod_dir) + # avoid bash-completion dep + --with-bashcompletiondir="$(get_bashcompdir)" + # make sure we get /bin:/sbin in $PATH + --enable-split-usr + # For testing. + --with-rootprefix="${ROOTPREFIX-/usr}" + --with-rootlibdir="${ROOTPREFIX-/usr}/$(get_libdir)" + # disable sysv compatibility + --with-sysvinit-path= + --with-sysvrcnd-path= + # no deps + --enable-efi + --enable-ima + --without-python + + # Optional components/dependencies + $(multilib_native_use_enable acl) + $(multilib_native_use_enable apparmor) + $(multilib_native_use_enable audit) + $(multilib_native_use_enable cryptsetup libcryptsetup) + $(multilib_native_use_enable curl libcurl) + $(multilib_native_use_enable elfutils) + $(use_enable gcrypt) + $(multilib_native_use_enable gnuefi) + $(multilib_native_use_enable http microhttpd) + $(usex http $(multilib_native_use_enable ssl gnutls) --disable-gnutls) + $(multilib_native_use_enable idn libidn) + $(multilib_native_use_enable importd) + $(multilib_native_use_enable importd bzip2) + $(multilib_native_use_enable importd zlib) + $(use_enable kdbus) + $(multilib_native_use_enable kmod) + $(use_enable lz4) + $(use_enable lzma xz) + $(multilib_native_use_enable man manpages) + $(multilib_native_use_enable nat libiptc) + $(multilib_native_use_enable pam) + $(multilib_native_use_enable policykit polkit) + $(multilib_native_use_enable qrcode qrencode) + $(multilib_native_use_enable seccomp) + $(multilib_native_use_enable selinux) + $(multilib_native_use_enable test tests) + $(multilib_native_use_enable test dbus) + $(multilib_native_use_enable xkb xkbcommon) + + # hardcode a few paths to spare some deps + KILL=/bin/kill + QUOTAON=/usr/sbin/quotaon + QUOTACHECK=/usr/sbin/quotacheck + + # TODO: we may need to restrict this to gcc + EFI_CC="$(tc-getCC)" + + # dbus paths + --with-dbuspolicydir="${EPREFIX}/usr/share/dbus-1/system.d" + --with-dbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services" + --with-dbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services" + + --with-ntp-servers="0.coreos.pool.ntp.org 1.coreos.pool.ntp.org 2.coreos.pool.ntp.org 3.coreos.pool.ntp.org" + + # The CoreOS epoch, Mon Jul 1 00:00:00 UTC 2013. Used by timesyncd + # as a sanity check for the minimum acceptable time. Explicitly set + # to avoid using the current build time. + --with-time-epoch=1372636800 + + # no default name servers + --with-dns-servers= + + # Breaks screen, tmux, etc. + --without-kill-user-processes + ) + + # Work around bug 463846. + tc-export CC + + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" +} + +multilib_src_compile() { + local mymakeopts=( + udevlibexecdir="${MY_UDEVDIR}" + ) + + if multilib_is_native_abi; then + emake "${mymakeopts[@]}" + else + echo 'gentoo: $(BUILT_SOURCES)' | \ + emake "${mymakeopts[@]}" -f Makefile -f - gentoo + echo 'gentoo: $(lib_LTLIBRARIES) $(pkgconfiglib_DATA)' | \ + emake "${mymakeopts[@]}" -f Makefile -f - gentoo + fi +} + +multilib_src_test() { + multilib_is_native_abi || continue + + # Needed for bus-related tests + local -x SANDBOX_WRITE=${SANDBOX_WRITE} + addwrite /sys/fs/kdbus + + default +} + +multilib_src_install() { + local mymakeopts=( + # automake fails with parallel libtool relinking + # https://bugs.gentoo.org/show_bug.cgi?id=491398 + -j1 + + udevlibexecdir="${MY_UDEVDIR}" + dist_udevhwdb_DATA= + DESTDIR="${D}" + ) + + if multilib_is_native_abi; then + emake "${mymakeopts[@]}" install + else + mymakeopts+=( + install-libLTLIBRARIES + install-pkgconfiglibDATA + install-includeHEADERS + # safe to call unconditionally, 'installs' empty list + install-pkgincludeHEADERS + ) + + emake "${mymakeopts[@]}" + fi +} + +multilib_src_install_all() { + local unitdir=$(systemd_get_systemunitdir) + + prune_libtool_files --modules + einstalldocs + + if use sysv-utils; then + local prefix + use symlink-usr && prefix=/usr + for app in halt poweroff reboot runlevel shutdown telinit; do + dosym "${ROOTPREFIX-/usr}/bin/systemctl" ${prefix}/sbin/${app} + done + dosym "${ROOTPREFIX-/usr}/lib/systemd/systemd" ${prefix}/sbin/init + elif use man; then + # we just keep sysvinit tools, so no need for the mans + rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \ + || die + rm "${D}"/usr/share/man/man1/init.1 || die + fi + + # Ensure journal directory has correct ownership/mode in inital image. + # This is fixed by systemd-tmpfiles *but* journald starts before that + # and will create the journal if the filesystem is already read-write. + # Conveniently the systemd Makefile sets this up completely wrong. + dodir /var/log/journal + fowners root:systemd-journal /var/log/journal + fperms 2755 /var/log/journal + + systemd_dotmpfilesd "${FILESDIR}"/systemd-coreos.conf + systemd_dotmpfilesd "${FILESDIR}"/systemd-resolv.conf + + # Don't default to graphical.target + rm "${D}${unitdir}"/default.target || die + dosym multi-user.target "${unitdir}"/default.target + + # Move a few services enabled in /etc to /usr, delete files individually + # so builds fail if systemd adds any new unexpected stuff to /etc + local f + for f in \ + getty.target.wants/getty@tty1.service \ + multi-user.target.wants/remote-fs.target \ + multi-user.target.wants/systemd-networkd.service \ + multi-user.target.wants/systemd-resolved.service \ + network-online.target.wants/systemd-networkd-wait-online.service \ + sockets.target.wants/systemd-networkd.socket \ + sysinit.target.wants/systemd-timesyncd.service + do + local s="${f#*/}" t="${f%/*}" + local u="${s/@*.service/@.service}" + + # systemd_enable_service doesn't understand template units + einfo "Enabling ${s} via ${t}" + dodir "${unitdir}/${t}" + dosym "../${u}" "${unitdir}/${t}/${s}" + + rm "${D}/etc/systemd/system/${f}" || die + done + rmdir "${D}"/etc/systemd/system/*.wants || die + + # Grant networkd access to set the transient host name + # TODO: Check if this can be removed in the next release. + # See https://github.com/systemd/systemd/pull/4710 + insinto /usr/share/polkit-1/rules.d + doins "${FILESDIR}"/99-org.freedesktop.hostname1.rules + + # Do not enable random services if /etc was detected as empty!!! + rm "${D}"/usr/lib/systemd/system-preset/90-systemd.preset + insinto /usr/lib/systemd/system-preset + doins "${FILESDIR}"/99-default.preset + + # Disable the "First Boot Wizard" by default, it isn't very applicable to CoreOS + rm "${D}${unitdir}"/sysinit.target.wants/systemd-firstboot.service + + # Do not ship distro-specific files (nsswitch.conf pam.d) + rm -rf "${D}"/usr/share/factory + sed -i "${D}"/usr/lib/tmpfiles.d/etc.conf \ + -e '/^C \/etc\/nsswitch\.conf/d' \ + -e '/^C \/etc\/pam\.d/d' +} + +migrate_locale() { + local envd_locale_def="${EROOT%/}/etc/env.d/02locale" + local envd_locale=( "${EROOT%/}"/etc/env.d/??locale ) + local locale_conf="${EROOT%/}/etc/locale.conf" + + if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then + # If locale.conf does not exist... + if [[ -e ${envd_locale} ]]; then + # ...either copy env.d/??locale if there's one + ebegin "Moving ${envd_locale} to ${locale_conf}" + mv "${envd_locale}" "${locale_conf}" + eend ${?} || FAIL=1 + else + # ...or create a dummy default + ebegin "Creating ${locale_conf}" + cat > "${locale_conf}" <<-EOF + # This file has been created by the sys-apps/systemd ebuild. + # See locale.conf(5) and localectl(1). + + # LANG=${LANG} + EOF + eend ${?} || FAIL=1 + fi + fi + + if [[ ! -L ${envd_locale} ]]; then + # now, if env.d/??locale is not a symlink (to locale.conf)... + if [[ -e ${envd_locale} ]]; then + # ...warn the user that he has duplicate locale settings + ewarn + ewarn "To ensure consistent behavior, you should replace ${envd_locale}" + ewarn "with a symlink to ${locale_conf}. Please migrate your settings" + ewarn "and create the symlink with the following command:" + ewarn "ln -s -n -f ../locale.conf ${envd_locale}" + ewarn + else + # ...or just create the symlink if there's nothing here + ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" + ln -n -s ../locale.conf "${envd_locale_def}" + eend ${?} || FAIL=1 + fi + fi +} + +migrate_net_name_slot() { + # If user has disabled 80-net-name-slot.rules using a empty file or a symlink to /dev/null, + # do the same for 80-net-setup-link.rules to keep the old behavior + local net_move=no + local net_name_slot_sym=no + local net_rules_path="${EROOT%/}"/etc/udev/rules.d + local net_name_slot="${net_rules_path}"/80-net-name-slot.rules + local net_setup_link="${net_rules_path}"/80-net-setup-link.rules + if [[ -e ${net_setup_link} ]]; then + net_move=no + elif [[ -f ${net_name_slot} && $(sed -e "/^#/d" -e "/^\W*$/d" ${net_name_slot} | wc -l) == 0 ]]; then + net_move=yes + elif [[ -L ${net_name_slot} && $(readlink ${net_name_slot}) == /dev/null ]]; then + net_move=yes + net_name_slot_sym=yes + fi + if [[ ${net_move} == yes ]]; then + ebegin "Copying ${net_name_slot} to ${net_setup_link}" + + if [[ ${net_name_slot_sym} == yes ]]; then + ln -nfs /dev/null "${net_setup_link}" + else + cp "${net_name_slot}" "${net_setup_link}" + fi + eend $? || FAIL=1 + fi +} + +reenable_unit() { + if systemctl is-enabled --root="${ROOT}" "$1" &> /dev/null; then + ebegin "Re-enabling $1" + systemctl reenable --root="${ROOT}" "$1" + eend $? || FAIL=1 + fi +} + +pkg_postinst() { + newusergroup() { + enewgroup "$1" + enewuser "$1" -1 -1 -1 "$1" + } + + enewgroup input + enewgroup systemd-journal + newusergroup systemd-bus-proxy + newusergroup systemd-coredump + newusergroup systemd-journal-gateway + newusergroup systemd-journal-remote + newusergroup systemd-journal-upload + newusergroup systemd-network + newusergroup systemd-resolve + newusergroup systemd-timesync + + systemd_update_catalog + + # Keep this here in case the database format changes so it gets updated + # when required. Despite that this file is owned by sys-apps/hwids. + if has_version "sys-apps/hwids[udev]"; then + udevadm hwdb --update --root="${ROOT%/}" + fi + + udev_reload || FAIL=1 + + # Bug 465468, make sure locales are respect, and ensure consistency + # between OpenRC & systemd + migrate_locale + + # Migrate 80-net-name-slot.rules -> 80-net-setup-link.rules + migrate_net_name_slot + + # Re-enable systemd-networkd for socket activation + reenable_unit systemd-networkd.service + + if [[ ${FAIL} ]]; then + eerror "One of the postinst commands failed. Please check the postinst output" + eerror "for errors. You may need to clean up your system and/or try installing" + eerror "systemd again." + eerror + fi + + if [[ $(readlink "${ROOT}"/etc/resolv.conf) == */run/systemd/network/resolv.conf ]]; then + ewarn "resolv.conf is now generated by systemd-resolved. To use it, enable" + ewarn "systemd-resolved.service, and create a symlink from /etc/resolv.conf" + ewarn "to /run/systemd/resolve/resolv.conf" + ewarn + fi +} + +pkg_prerm() { + # If removing systemd completely, remove the catalog database. + if [[ ! ${REPLACED_BY_VERSION} ]]; then + rm -f -v "${EROOT}"/var/lib/systemd/catalog/database + fi +} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-233.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-233.ebuild new file mode 120000 index 0000000000..8da16946bc --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-233.ebuild @@ -0,0 +1 @@ +systemd-9999.ebuild \ No newline at end of file diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild index 1f16dd23f1..76a3dd24f6 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild @@ -1,40 +1,30 @@ -# Copyright 1999-2016 Gentoo Foundation +# Copyright 1999-2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Id$ EAPI=6 -CROS_WORKON_PROJECT="coreos/systemd" -CROS_WORKON_REPO="git://github.com" - if [[ ${PV} == 9999 ]]; then - # Use ~arch instead of empty keywords for compatibility with cros-workon - KEYWORDS="~amd64 ~arm64 ~arm ~x86" + EGIT_REPO_URI="https://github.com/systemd/systemd.git" + inherit git-r3 else - CROS_WORKON_COMMIT="88e69092b73c24569d2010f09029ae1f14df0454" # v231-coreos - KEYWORDS="amd64 arm64 ~arm ~x86" + SRC_URI="https://github.com/systemd/systemd/archive/v${PV}.tar.gz -> ${P}.tar.gz + !doc? ( https://dev.gentoo.org/~floppym/dist/${P}-man.tar.gz )" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86" fi -# cros-workon must be imported first, in cases where cros-workon and -# another eclass exports the same function (say src_compile) we want -# the later eclass's version to win. Only need src_unpack from workon. -inherit cros-workon +PYTHON_COMPAT=( python{3_4,3_5,3_6} ) -inherit autotools bash-completion-r1 linux-info multilib \ - multilib-minimal pam systemd toolchain-funcs udev user +inherit autotools bash-completion-r1 linux-info multilib-minimal pam python-any-r1 systemd toolchain-funcs udev user DESCRIPTION="System and service manager for Linux" HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd" LICENSE="GPL-2 LGPL-2.1 MIT public-domain" SLOT="0/2" -IUSE="acl apparmor audit cryptsetup curl elfutils gcrypt gnuefi http - idn importd +kdbus +kmod +lz4 lzma nat pam policykit +IUSE="acl apparmor audit build cryptsetup curl doc elfutils +gcrypt gnuefi http + idn importd +kmod +lz4 lzma nat pam policykit qrcode +seccomp selinux ssl sysv-utils test vanilla xkb" -# CoreOS specific use flags -IUSE+=" man symlink-usr" - REQUIRED_USE="importd? ( curl gcrypt lzma )" MINKV="3.11" @@ -62,9 +52,9 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.27.1:0=[${MULTILIB_USEDEP}] lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) nat? ( net-firewall/iptables:0= ) - pam? ( virtual/pam:= ) + pam? ( virtual/pam:=[${MULTILIB_USEDEP}] ) qrcode? ( media-gfx/qrencode:0= ) - seccomp? ( sys-libs/libseccomp:0= ) + seccomp? ( >=sys-libs/libseccomp-2.3.1:0= ) selinux? ( sys-libs/libselinux:0= ) sysv-utils? ( !sys-apps/systemd-sysv-utils @@ -76,13 +66,21 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.27.1:0=[${MULTILIB_USEDEP}] # baselayout-2.2 has /run RDEPEND="${COMMON_DEPEND} >=sys-apps/baselayout-2.2 + selinux? ( sec-policy/selinux-base-policy[systemd] ) + !build? ( || ( + sys-apps/util-linux[kill(-)] + sys-process/procps[kill(+)] + sys-apps/coreutils[kill(-)] + ) ) !sys-auth/nss-myhostname + !=sys-apps/dbus-1.9.8[systemd] >=sys-apps/hwids-20150417[udev] + >=sys-fs/udev-init-scripts-25 policykit? ( sys-auth/polkit ) !vanilla? ( sys-apps/gentoo-systemd-integration )" @@ -92,31 +90,34 @@ DEPEND="${COMMON_DEPEND} dev-util/gperf >=dev-util/intltool-0.50 >=sys-apps/coreutils-8.16 - >=sys-devel/binutils-2.23.1 - >=sys-devel/gcc-4.6 >=sys-kernel/linux-headers-${MINKV} virtual/pkgconfig gnuefi? ( >=sys-boot/gnu-efi-3.0.2 ) - test? ( >=sys-apps/dbus-1.6.8-r1:0 ) + test? ( sys-apps/dbus ) + app-text/docbook-xml-dtd:4.2 + app-text/docbook-xml-dtd:4.5 + app-text/docbook-xsl-stylesheets + dev-libs/libxslt:0 + doc? ( $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') ) " -# Not required when building from unpatched tarballs, but we build from git. -DEPEND+=" - man? ( app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0 )" +python_check_deps() { + has_version --host-root "dev-python/lxml[${PYTHON_USEDEP}]" +} pkg_pretend() { local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS - ~DEVPTS_MULTIPLE_INSTANCES ~DEVTMPFS ~DMIID ~EPOLL ~FANOTIFY ~FHANDLE - ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SECCOMP ~SIGNALFD ~SYSFS + ~CHECKPOINT_RESTORE ~DEVTMPFS ~DMIID ~EPOLL ~FANOTIFY ~FHANDLE + ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS ~TIMERFD ~TMPFS_XATTR ~UNIX + ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH ~!FW_LOADER_USER_HELPER ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED ~!SYSFS_DEPRECATED_V2" use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" + use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG" + kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES" if linux_config_exists; then local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) @@ -126,16 +127,6 @@ pkg_pretend() { fi fi - if [[ ${MERGE_TYPE} != binary ]]; then - if [[ $(gcc-major-version) -lt 4 - || ( $(gcc-major-version) -eq 4 && $(gcc-minor-version) -lt 6 ) ]] - then - eerror "systemd requires at least gcc 4.6 to build. Please switch the active" - eerror "gcc version using gcc-config." - die "systemd requires at least gcc 4.6" - fi - fi - if [[ ${MERGE_TYPE} != buildonly ]]; then if kernel_is -lt ${MINKV//./ }; then ewarn "Kernel version at least ${MINKV} required" @@ -151,14 +142,23 @@ pkg_setup() { src_unpack() { default - cros-workon_src_unpack + [[ ${PV} != 9999 ]] || git-r3_src_unpack } src_prepare() { # Bug 463376 sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die - # Bug https://github.com/systemd/systemd/issues/3826 - sed -i -e 's,/usr/lib/systemd/resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/etc.conf.m4 || die + + local PATCHES=( + ) + + if ! use vanilla; then + PATCHES+=( + "${FILESDIR}/218-Dont-enable-audit-by-default.patch" + "${FILESDIR}/228-noclean-tmp.patch" + "${FILESDIR}/233-systemd-user-pam.patch" + ) + fi [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches ) @@ -176,6 +176,8 @@ src_configure() { # Prevent conflicts with i686 cross toolchain, bug 559726 tc-export AR CC NM OBJCOPY RANLIB + use doc && python_setup + multilib-minimal_src_configure } @@ -193,8 +195,6 @@ multilib_src_configure() { # Workaround for gcc-4.7, bug 554454. cc_cv_CFLAGS__Werror_shadow=no - --with-pamconfdir=/usr/share/pam.d - # Workaround for bug 516346 --enable-dependency-tracking @@ -214,7 +214,6 @@ multilib_src_configure() { # no deps --enable-efi --enable-ima - --without-python # Optional components/dependencies $(multilib_native_use_enable acl) @@ -225,19 +224,18 @@ multilib_src_configure() { $(multilib_native_use_enable elfutils) $(use_enable gcrypt) $(multilib_native_use_enable gnuefi) + --with-efi-libdir="/usr/$(get_libdir)" $(multilib_native_use_enable http microhttpd) $(usex http $(multilib_native_use_enable ssl gnutls) --disable-gnutls) $(multilib_native_use_enable idn libidn) $(multilib_native_use_enable importd) $(multilib_native_use_enable importd bzip2) $(multilib_native_use_enable importd zlib) - $(use_enable kdbus) $(multilib_native_use_enable kmod) $(use_enable lz4) $(use_enable lzma xz) - $(multilib_native_use_enable man manpages) $(multilib_native_use_enable nat libiptc) - $(multilib_native_use_enable pam) + $(use_enable pam) $(multilib_native_use_enable policykit polkit) $(multilib_native_use_enable qrcode qrencode) $(multilib_native_use_enable seccomp) @@ -245,6 +243,7 @@ multilib_src_configure() { $(multilib_native_use_enable test tests) $(multilib_native_use_enable test dbus) $(multilib_native_use_enable xkb xkbcommon) + $(multilib_native_use_with doc python) # hardcode a few paths to spare some deps KILL=/bin/kill @@ -255,19 +254,11 @@ multilib_src_configure() { EFI_CC="$(tc-getCC)" # dbus paths - --with-dbuspolicydir="${EPREFIX}/usr/share/dbus-1/system.d" + --with-dbuspolicydir="${EPREFIX}/etc/dbus-1/system.d" --with-dbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services" --with-dbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services" - --with-ntp-servers="0.coreos.pool.ntp.org 1.coreos.pool.ntp.org 2.coreos.pool.ntp.org 3.coreos.pool.ntp.org" - - # The CoreOS epoch, Mon Jul 1 00:00:00 UTC 2013. Used by timesyncd - # as a sanity check for the minimum acceptable time. Explicitly set - # to avoid using the current build time. - --with-time-epoch=1372636800 - - # no default name servers - --with-dns-servers= + --with-ntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" # Breaks screen, tmux, etc. --without-kill-user-processes @@ -287,20 +278,19 @@ multilib_src_compile() { if multilib_is_native_abi; then emake "${mymakeopts[@]}" else - echo 'gentoo: $(BUILT_SOURCES)' | \ - emake "${mymakeopts[@]}" -f Makefile -f - gentoo - echo 'gentoo: $(lib_LTLIBRARIES) $(pkgconfiglib_DATA)' | \ - emake "${mymakeopts[@]}" -f Makefile -f - gentoo + emake built-sources + local targets=( + '$(rootlib_LTLIBRARIES)' + '$(lib_LTLIBRARIES)' + '$(pamlib_LTLIBRARIES)' + '$(pkgconfiglib_DATA)' + ) + echo "gentoo: ${targets[*]}" | emake "${mymakeopts[@]}" -f Makefile -f - gentoo fi } multilib_src_test() { - multilib_is_native_abi || continue - - # Needed for bus-related tests - local -x SANDBOX_WRITE=${SANDBOX_WRITE} - addwrite /sys/fs/kdbus - + multilib_is_native_abi || return 0 default } @@ -319,10 +309,11 @@ multilib_src_install() { emake "${mymakeopts[@]}" install else mymakeopts+=( + install-rootlibLTLIBRARIES install-libLTLIBRARIES + install-pamlibLTLIBRARIES install-pkgconfiglibDATA install-includeHEADERS - # safe to call unconditionally, 'installs' empty list install-pkgincludeHEADERS ) @@ -331,83 +322,41 @@ multilib_src_install() { } multilib_src_install_all() { - local unitdir=$(systemd_get_systemunitdir) - prune_libtool_files --modules einstalldocs + dodoc "${FILESDIR}"/nsswitch.conf + + if [[ ${PV} != 9999 ]]; then + use doc || doman "${WORKDIR}"/man/systemd.{directives,index}.7 + fi if use sysv-utils; then - local prefix - use symlink-usr && prefix=/usr for app in halt poweroff reboot runlevel shutdown telinit; do - dosym "${ROOTPREFIX-/usr}/bin/systemctl" ${prefix}/sbin/${app} + dosym "..${ROOTPREFIX-/usr}/bin/systemctl" /sbin/${app} done - dosym "${ROOTPREFIX-/usr}/lib/systemd/systemd" ${prefix}/sbin/init - elif use man; then + dosym "..${ROOTPREFIX-/usr}/lib/systemd/systemd" /sbin/init + else # we just keep sysvinit tools, so no need for the mans rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \ || die rm "${D}"/usr/share/man/man1/init.1 || die fi - # Ensure journal directory has correct ownership/mode in inital image. - # This is fixed by systemd-tmpfiles *but* journald starts before that - # and will create the journal if the filesystem is already read-write. - # Conveniently the systemd Makefile sets this up completely wrong. - dodir /var/log/journal - fowners root:systemd-journal /var/log/journal - fperms 2755 /var/log/journal + # Preserve empty dirs in /etc & /var, bug #437008 + keepdir /etc/binfmt.d /etc/modules-load.d /etc/tmpfiles.d \ + /etc/systemd/ntp-units.d /etc/systemd/user /var/lib/systemd \ + /var/log/journal/remote - systemd_dotmpfilesd "${FILESDIR}"/systemd-coreos.conf - systemd_dotmpfilesd "${FILESDIR}"/systemd-resolv.conf + # Symlink /etc/sysctl.conf for easy migration. + dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf - # Don't default to graphical.target - rm "${D}${unitdir}"/default.target || die - dosym multi-user.target "${unitdir}"/default.target - - # Move a few services enabled in /etc to /usr, delete files individually - # so builds fail if systemd adds any new unexpected stuff to /etc - local f - for f in \ - getty.target.wants/getty@tty1.service \ - multi-user.target.wants/remote-fs.target \ - multi-user.target.wants/systemd-networkd.service \ - multi-user.target.wants/systemd-resolved.service \ - network-online.target.wants/systemd-networkd-wait-online.service \ - sockets.target.wants/systemd-networkd.socket \ - sysinit.target.wants/systemd-timesyncd.service - do - local s="${f#*/}" t="${f%/*}" - local u="${s/@*.service/@.service}" - - # systemd_enable_service doesn't understand template units - einfo "Enabling ${s} via ${t}" - dodir "${unitdir}/${t}" - dosym "../${u}" "${unitdir}/${t}/${s}" - - rm "${D}/etc/systemd/system/${f}" || die - done - rmdir "${D}"/etc/systemd/system/*.wants || die - - # Grant networkd access to set the transient host name - # TODO: Check if this can be removed in the next release. - # See https://github.com/systemd/systemd/pull/4710 - insinto /usr/share/polkit-1/rules.d - doins "${FILESDIR}"/99-org.freedesktop.hostname1.rules - - # Do not enable random services if /etc was detected as empty!!! - rm "${D}"/usr/lib/systemd/system-preset/90-systemd.preset - insinto /usr/lib/systemd/system-preset - doins "${FILESDIR}"/99-default.preset - - # Disable the "First Boot Wizard" by default, it isn't very applicable to CoreOS - rm "${D}${unitdir}"/sysinit.target.wants/systemd-firstboot.service - - # Do not ship distro-specific files (nsswitch.conf pam.d) - rm -rf "${D}"/usr/share/factory - sed -i "${D}"/usr/lib/tmpfiles.d/etc.conf \ - -e '/^C \/etc\/nsswitch\.conf/d' \ - -e '/^C \/etc\/pam\.d/d' + # If we install these symlinks, there is no way for the sysadmin to remove them + # permanently. + rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die + rm -f "${D}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die + rm -r "${D}"/etc/systemd/system/network-online.target.wants || die + rm -r "${D}"/etc/systemd/system/sockets.target.wants || die + rm -r "${D}"/etc/systemd/system/sysinit.target.wants || die } migrate_locale() { @@ -454,42 +403,6 @@ migrate_locale() { fi } -migrate_net_name_slot() { - # If user has disabled 80-net-name-slot.rules using a empty file or a symlink to /dev/null, - # do the same for 80-net-setup-link.rules to keep the old behavior - local net_move=no - local net_name_slot_sym=no - local net_rules_path="${EROOT%/}"/etc/udev/rules.d - local net_name_slot="${net_rules_path}"/80-net-name-slot.rules - local net_setup_link="${net_rules_path}"/80-net-setup-link.rules - if [[ -e ${net_setup_link} ]]; then - net_move=no - elif [[ -f ${net_name_slot} && $(sed -e "/^#/d" -e "/^\W*$/d" ${net_name_slot} | wc -l) == 0 ]]; then - net_move=yes - elif [[ -L ${net_name_slot} && $(readlink ${net_name_slot}) == /dev/null ]]; then - net_move=yes - net_name_slot_sym=yes - fi - if [[ ${net_move} == yes ]]; then - ebegin "Copying ${net_name_slot} to ${net_setup_link}" - - if [[ ${net_name_slot_sym} == yes ]]; then - ln -nfs /dev/null "${net_setup_link}" - else - cp "${net_name_slot}" "${net_setup_link}" - fi - eend $? || FAIL=1 - fi -} - -reenable_unit() { - if systemctl is-enabled --root="${ROOT}" "$1" &> /dev/null; then - ebegin "Re-enabling $1" - systemctl reenable --root="${ROOT}" "$1" - eend $? || FAIL=1 - fi -} - pkg_postinst() { newusergroup() { enewgroup "$1" @@ -521,12 +434,6 @@ pkg_postinst() { # between OpenRC & systemd migrate_locale - # Migrate 80-net-name-slot.rules -> 80-net-setup-link.rules - migrate_net_name_slot - - # Re-enable systemd-networkd for socket activation - reenable_unit systemd-networkd.service - if [[ ${FAIL} ]]; then eerror "One of the postinst commands failed. Please check the postinst output" eerror "for errors. You may need to clean up your system and/or try installing" @@ -534,11 +441,9 @@ pkg_postinst() { eerror fi - if [[ $(readlink "${ROOT}"/etc/resolv.conf) == */run/systemd/network/resolv.conf ]]; then - ewarn "resolv.conf is now generated by systemd-resolved. To use it, enable" - ewarn "systemd-resolved.service, and create a symlink from /etc/resolv.conf" - ewarn "to /run/systemd/resolve/resolv.conf" - ewarn + if [[ $(readlink "${ROOT}"etc/resolv.conf) == */run/systemd/* ]]; then + ewarn "You should replace the resolv.conf symlink:" + ewarn "ln -snf ${ROOTPREFIX-/usr}/lib/systemd/resolv.conf ${ROOT}etc/resolv.conf" fi }