diff --git a/.github/workflows/portage-stable-packages-list b/.github/workflows/portage-stable-packages-list index d1e46114fa..ad752096fa 100644 --- a/.github/workflows/portage-stable-packages-list +++ b/.github/workflows/portage-stable-packages-list @@ -66,6 +66,7 @@ acct-user/systemd-timesync acct-user/tss app-admin/eselect +app-admin/logrotate app-admin/perl-cleaner app-admin/sudo @@ -117,6 +118,7 @@ app-containers/docker-cli app-containers/netavark app-containers/podman app-containers/runc +app-containers/syft app-crypt/adcli app-crypt/argon2 @@ -129,8 +131,10 @@ app-crypt/mit-krb5 app-crypt/p11-kit app-crypt/pinentry app-crypt/rhash +app-crypt/sbsigntools app-crypt/tpm2-tools app-crypt/tpm2-tss +app-crypt/trousers app-doc/eclass-manpages @@ -222,6 +226,7 @@ dev-lang/yasm dev-libs/cJSON dev-libs/cyrus-sasl +dev-libs/dbus-glib dev-libs/ding-libs dev-libs/elfutils dev-libs/expat @@ -352,6 +357,7 @@ dev-python/urllib3 dev-python/wheel dev-util/bpftool +dev-util/bsdiff dev-util/catalyst dev-util/gdbus-codegen dev-util/glib-utils @@ -498,9 +504,14 @@ net-dns/dnsmasq net-dns/libidn2 net-firewall/conntrack-tools +net-firewall/ebtables net-firewall/ipset +net-firewall/iptables +net-firewall/nftables net-fs/cifs-utils +net-fs/nfs-utils +net-fs/samba net-libs/gnutls net-libs/libmicrohttpd @@ -515,6 +526,7 @@ net-libs/libnsl net-libs/libpcap net-libs/libpsl net-libs/libslirp +net-libs/libtirpc net-libs/nghttp2 net-libs/rpcsvc-proto @@ -558,6 +570,7 @@ sys-apps/bubblewrap sys-apps/checkpolicy sys-apps/config-site sys-apps/coreutils +sys-apps/dbus sys-apps/debianutils sys-apps/diffutils sys-apps/dtc @@ -576,6 +589,7 @@ sys-apps/iproute2 sys-apps/iucode_tool sys-apps/kbd sys-apps/kexec-tools +sys-apps/keyutils sys-apps/kmod sys-apps/less sys-apps/locale-gen @@ -594,6 +608,7 @@ sys-apps/pv sys-apps/sandbox sys-apps/sed sys-apps/semodule-utils +sys-apps/shadow sys-apps/smartmontools sys-apps/texinfo sys-apps/usbutils @@ -601,6 +616,7 @@ sys-apps/util-linux sys-apps/which sys-apps/zram-generator +sys-auth/polkit sys-auth/sssd sys-block/open-iscsi @@ -640,6 +656,8 @@ sys-fs/fuse sys-fs/fuse-common sys-fs/fuse-overlayfs sys-fs/lsscsi +sys-fs/lvm2 +sys-fs/mdadm sys-fs/mtools sys-fs/multipath-tools sys-fs/quota @@ -672,6 +690,7 @@ sys-libs/readline sys-libs/talloc sys-libs/tdb sys-libs/tevent +sys-libs/timezone-data sys-libs/zlib sys-power/acpid diff --git a/build_library/build_image_util.sh b/build_library/build_image_util.sh index 225e0c864c..6d7dbfc165 100755 --- a/build_library/build_image_util.sh +++ b/build_library/build_image_util.sh @@ -277,7 +277,7 @@ write_packages() { # Generate an SPDX SBOM using syft write_sbom() { info "Writing ${2##*/}" - sudo syft packages "${1}" -o spdx-json="$2" + sudo syft scan "${1}" -o spdx-json="$2" } # Get metadata $key for package $pkg installed under $prefix diff --git a/changelog/updates/2025-04-08-move-stuff-over.md b/changelog/updates/2025-04-08-move-stuff-over.md new file mode 100644 index 0000000000..85ba633780 --- /dev/null +++ b/changelog/updates/2025-04-08-move-stuff-over.md @@ -0,0 +1,12 @@ +- base, dev: logrotate ([3.22.0](https://github.com/logrotate/logrotate/releases/tag/3.22.0) (includes [3.21.0](https://github.com/logrotate/logrotate/releases/tag/3.21.0))) +- base, dev: trousers ([0.3.15](https://sourceforge.net/p/trousers/trousers/ci/TROUSERS_0_3_15/tree/ChangeLog)) +- base, dev: iptables ([1.8.11](https://netfilter.org/projects/iptables/files/changes-iptables-1.8.11.txt) (includes [1.8.10](https://netfilter.org/projects/iptables/files/changes-iptables-1.8.10.txt), [1.8.9](https://netfilter.org/projects/iptables/files/changes-iptables-1.8.9.txt))) +- base, dev: nftables ([1.1.1](https://netfilter.org/projects/nftables/files/changes-nftables-1.1.1.txt) (includes [1.1.0](https://netfilter.org/projects/nftables/files/changes-nftables-1.1.0.txt), [1.0.9](https://netfilter.org/projects/nftables/files/changes-nftables-1.0.9.txt), [1.0.8](https://netfilter.org/projects/nftables/files/changes-nftables-1.0.8.txt), [1.0.7](https://netfilter.org/projects/nftables/files/changes-nftables-1.0.7.txt), [1.0.6](https://netfilter.org/projects/nftables/files/changes-nftables-1.0.6.txt), [1.0.5](https://netfilter.org/projects/nftables/files/changes-nftables-1.0.5.txt), [1.0.4](https://netfilter.org/projects/nftables/files/changes-nftables-1.0.4.txt), [1.0.3](https://netfilter.org/projects/nftables/files/changes-nftables-1.0.3.txt), [1.0.2](https://netfilter.org/projects/nftables/files/changes-nftables-1.0.2.txt), [1.0.1](https://netfilter.org/projects/nftables/files/changes-nftables-1.0.1.txt), [1.0.0](https://netfilter.org/projects/nftables/files/changes-nftables-1.0.0.txt))) +- base, dev: nfs-utils ([2.7.1](https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=log;h=refs/tags/nfs-utils-2-7-1) (includes [2.6.4](https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=log;h=refs/tags/nfs-utils-2-6-4), [2.6.3](https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=log;h=refs/tags/nfs-utils-2-6-3), [2.6.2](https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=log;h=refs/tags/nfs-utils-2-6-2), [2.6.1](https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=log;h=refs/tags/nfs-utils-2-6-1))) +- base, dev: libtirpc ([1.3.6](https://git.linux-nfs.org/?p=steved/libtirpc.git;a=log;h=refs/tags/libtirpc-1-3-6) (includes [1.3.5](https://git.linux-nfs.org/?p=steved/libtirpc.git;a=log;h=refs/tags/libtirpc-1-3-5))) +- base, dev: dbus ([1.16.2](https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-1.16.2/NEWS) (includes [1.16.0](https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-1.16.0/NEWS), [1.14.8](https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-1.14.8/NEWS), [1.14.6](https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-1.14.6/NEWS))) +- base, dev: shadow ([4.14.8](https://github.com/shadow-maint/shadow/releases/tag/4.14.8) (includes [4.14.7](https://github.com/shadow-maint/shadow/releases/tag/4.14.7), [4.14.6](https://github.com/shadow-maint/shadow/releases/tag/4.14.6), [4.14.5](https://github.com/shadow-maint/shadow/releases/tag/4.14.5), [4.14.4](https://github.com/shadow-maint/shadow/releases/tag/4.14.4), [4.14.3](https://github.com/shadow-maint/shadow/releases/tag/4.14.3), [4.14.2](https://github.com/shadow-maint/shadow/releases/tag/4.14.2), [4.14.1](https://github.com/shadow-maint/shadow/releases/tag/4.14.1), [4.14.0](https://github.com/shadow-maint/shadow/releases/tag/4.14.0))) +- base, dev: polkit ([125](https://github.com/polkit-org/polkit/blob/125/NEWS.md) (includes [124](https://github.com/polkit-org/polkit/blob/124/NEWS.md), [123](https://github.com/polkit-org/polkit/blob/123/NEWS.md), [122](https://github.com/polkit-org/polkit/blob/122/NEWS.md))) +- base, dev: lvm2 ([2.03.22] (includes [2.03.21](https://gitlab.com/lvmteam/lvm2/-/tags/v2_03_21), [2.03.20](https://gitlab.com/lvmteam/lvm2/-/tags/v2_03_20), [2.03.19](https://gitlab.com/lvmteam/lvm2/-/tags/v2_03_19), [2.03.18](https://gitlab.com/lvmteam/lvm2/-/tags/v2_03_18), [2.03.17](https://gitlab.com/lvmteam/lvm2/-/tags/v2_03_17), [2.03.16](https://gitlab.com/lvmteam/lvm2/-/tags/v2_03_16), [2.03.15](https://gitlab.com/lvmteam/lvm2/-/tags/v2_03_15), [2.03.14](https://gitlab.com/lvmteam/lvm2/-/tags/v2_03_14), [2.03.13](https://gitlab.com/lvmteam/lvm2/-/tags/v2_03_13), [2.03.12](https://gitlab.com/lvmteam/lvm2/-/tags/v2_03_12), [2.03.11](https://gitlab.com/lvmteam/lvm2/-/tags/v2_03_11), [2.03.10](https://gitlab.com/lvmteam/lvm2/-/tags/v2_03_10), [2.03.09](https://gitlab.com/lvmteam/lvm2/-/tags/v2_03_09), [2.03.08](https://gitlab.com/lvmteam/lvm2/-/tags/v2_03_08), [2.03.07](https://gitlab.com/lvmteam/lvm2/-/tags/v2_03_07), [2.03.06](https://gitlab.com/lvmteam/lvm2/-/tags/v2_03_06), [2.03.05](https://gitlab.com/lvmteam/lvm2/-/tags/v2_03_05), [2.03.04](https://gitlab.com/lvmteam/lvm2/-/tags/v2_03_04), [2.03.03](https://gitlab.com/lvmteam/lvm2/-/tags/v2_03_03), [2.03.02](https://gitlab.com/lvmteam/lvm2/-/tags/v2_03_02), [2.03.01](https://gitlab.com/lvmteam/lvm2/-/tags/v2_03_01), [2.03.00](https://gitlab.com/lvmteam/lvm2/-/tags/v2_03_00))) +- base, dev: mdadm ([4.4](https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/tree/CHANGELOG.md?h=mdadm-4.4) (includes [4.3](https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/tree/CHANGELOG.md?h=mdadm-4.4#n36))) +- base, dev: timezone-data ([2025a](https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/MWII7R3HMCEDNUCIYQKSSTYYR7UWK4OQ/) (includes [2024b](https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/IZ7AO6WRE3W3TWBL5IR6PMQUL433BQIE/), [2024a](https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/UXFL4DEZCXJVZW6E24Y2HLSXVB2ILFVE/), [2023d](https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/WSF4TA5RFP7ECRKUKQFRHYN724HDMRTO/), [2023c](https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/NPQOFZRXK5QKUW7F4CC24W52OTZ7YOOT/), [2023b](https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/YXCVU55LIUZTZREUUH4VPMC75GYKKPE7/), [2023a](https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/HLUTNGHZ5QPNOPZTZFS6F2QVMGQWEDMC/), [2022g](https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/XIK47NMDAHCVOWE4MZIB7F44HFU3J2OB/), [2022f](https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/65JMZVURDDM3XOABROYJX5ZN4N6TATZ5/), [2022e](https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/CTWT3RFQXZHROH4VJKXAVQ77FYMF7BHY/), [2022d](https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/TCLVCAIDB64WNEVHJV2ITDHFRUHVB7BN/), [2022c](https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/GFXHZWBRVLDVX5QQUI4UCY5B4O2FRV5Z/), [2022b](https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/IB5UMSJYN42GOMKHHWU5UCHD3WYRCVQ4/), [2022a](https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/CU52CSKQNZRRZPRBDY4GKCCFWKZD4HAJ/), [2021e](https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/ANTPUKJNFDF6ZA3NSIJEOZGDHUNJ4HL2/), [2021d](https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/YPPIPGO3PLSMDNSVX6VOMASHRDL4GQWB/), [2021c](https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/MFS2QPRANAWSPV2DKU46NQKDDPLMXH2H/), [2021b](https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/422GNGI6F26NIV2JNHI726UO2TDTO2MD/))) diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/logrotate/Manifest b/sdk_container/src/third_party/coreos-overlay/app-admin/logrotate/Manifest deleted file mode 100644 index 5c4851c7dd..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-admin/logrotate/Manifest +++ /dev/null @@ -1,2 +0,0 @@ -DIST logrotate-3.20.1.tar.xz 166712 BLAKE2B 8481e0d746c6bcbe10f2686a921334c6f957c8d92520927de7bc8fb0b7631a444fedaa80f35bc2de7961b3d5833ce4ab885b1298b235b7f8b33cc3ae05438da6 SHA512 a9ed5796ab254f511d0029a8f29ef7557f62e12e3ea9af24e30b5b9f348b1c1a16df26d44314b78299916fb3b5000b9cd9eed7cee2cee8df11cfd8e40c79b092 -DIST logrotate-3.20.1.tar.xz.asc 833 BLAKE2B afc02177335bcd580e0617af8c50846b371c2d00ecd8fe329c2e298dc8c48823137625f455cea3d983a0d9971733297fa2c4d98ba3c6f72d2c07f8f21108cfe4 SHA512 2dd207feec431b223ff12f09f6cce14409d45e5bb3abaf2275dd773c7ee7c59ed7d32395e5869bfed70c970be4158fd299e6e269838378843dcb63ca5ebfa029 diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/logrotate/files/logrotate-3.20.1-log-changes.patch b/sdk_container/src/third_party/coreos-overlay/app-admin/logrotate/files/logrotate-3.20.1-log-changes.patch deleted file mode 100644 index b7c4bb5275..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-admin/logrotate/files/logrotate-3.20.1-log-changes.patch +++ /dev/null @@ -1,147 +0,0 @@ -https://bugs.gentoo.org/847382#c3 -https://github.com/logrotate/logrotate/commit/31cf1099ab8514dfcae5a980bc77352edd5292f8 -https://github.com/logrotate/logrotate/commit/7b1fa328bf70eb8434166f151bd075cd1440d0dc - -From 31cf1099ab8514dfcae5a980bc77352edd5292f8 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Fri, 27 May 2022 09:56:07 +0200 -Subject: [PATCH] lockState: do not print `error:` when exit code is unaffected - -Closes: https://github.com/logrotate/logrotate/pull/448 ---- a/logrotate.c -+++ b/logrotate.c -@@ -3050,8 +3050,8 @@ static int lockState(const char *stateFilename, int skip_state_lock) - } - - if (sb.st_mode & S_IROTH) { -- message(MESS_ERROR, "state file %s is world-readable and thus can" -- " be locked from other unprivileged users." -+ message(MESS_NORMAL, "warning: state file %s is world-readable" -+ " and thus can be locked from other unprivileged users." - " Skipping lock acquisition...\n", - stateFilename); - close(lockFd); - -From 7b1fa328bf70eb8434166f151bd075cd1440d0dc Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Fri, 27 May 2022 16:02:57 +0200 -Subject: [PATCH] log: unify handling of log levels - -Use MESS_WARN instead of MESS_NORMAL and make it always use -the `warning:` prefix. MESS_WARN is now mapped to LOG_WARNING -for syslog. - -Also drop MESS_VERBOSE, which was not set anywhere. - -Closes: https://github.com/logrotate/logrotate/pull/239 -Closes: https://github.com/logrotate/logrotate/pull/449 ---- a/config.c -+++ b/config.c -@@ -643,7 +643,7 @@ static void set_criterium(enum criterium *pDst, enum criterium src, int *pSet) - { - if (*pSet && (*pDst != src)) { - /* we are overriding a previously set criterium */ -- message(MESS_VERBOSE, "warning: '%s' overrides previously specified '%s'\n", -+ message(MESS_DEBUG, "note: '%s' overrides previously specified '%s'\n", - crit_to_string(src), crit_to_string(*pDst)); - } - *pDst = src; -@@ -1021,7 +1021,7 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig) - - if (getuid() == ROOT_UID) { - if ((sb_config.st_mode & 07533) != 0400) { -- message(MESS_NORMAL, -+ message(MESS_WARN, - "Potentially dangerous mode on %s: 0%o\n", - configFile, (unsigned) (sb_config.st_mode & 07777)); - } -@@ -1386,7 +1386,7 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig) - RAISE_ERROR(); - } - } else if (!strcmp(key, "errors")) { -- message(MESS_NORMAL, -+ message(MESS_WARN, - "%s: %d: the errors directive is deprecated and no longer used.\n", - configFile, lineNum); - } else if (!strcmp(key, "mail")) { ---- a/log.c -+++ b/log.c -@@ -40,9 +40,12 @@ static void log_once(FILE *where, int level, const char *format, va_list args) - { - switch (level) { - case MESS_DEBUG: -- case MESS_NORMAL: -- case MESS_VERBOSE: - break; -+ -+ case MESS_WARN: -+ fprintf(where, "warning: "); -+ break; -+ - default: - fprintf(where, "error: "); - break; -@@ -78,10 +81,11 @@ void message(int level, const char *format, ...) - priority |= LOG_DEBUG; - break; - case MESS_DEBUG: -- case MESS_VERBOSE: -- case MESS_NORMAL: - priority |= LOG_INFO; - break; -+ case MESS_WARN: -+ priority |= LOG_WARNING; -+ break; - case MESS_ERROR: - priority |= LOG_ERR; - break; ---- a/log.h -+++ b/log.h -@@ -5,8 +5,7 @@ - - #define MESS_REALDEBUG 1 - #define MESS_DEBUG 2 --#define MESS_VERBOSE 3 --#define MESS_NORMAL 4 -+#define MESS_WARN 4 - #define MESS_ERROR 5 - #define MESS_FATAL 6 - ---- a/logrotate.c -+++ b/logrotate.c -@@ -3050,7 +3050,7 @@ static int lockState(const char *stateFilename, int skip_state_lock) - } - - if (sb.st_mode & S_IROTH) { -- message(MESS_NORMAL, "warning: state file %s is world-readable" -+ message(MESS_WARN, "state file %s is world-readable" - " and thus can be locked from other unprivileged users." - " Skipping lock acquisition...\n", - stateFilename); -@@ -3106,7 +3106,7 @@ int main(int argc, const char **argv) - POPT_AUTOHELP { NULL, 0, 0, NULL, 0, NULL, NULL } - }; - -- logSetLevel(MESS_NORMAL); -+ logSetLevel(MESS_WARN); - setlocale (LC_ALL, ""); - - optCon = poptGetContext("logrotate", argc, argv, options, 0); -@@ -3117,7 +3117,7 @@ int main(int argc, const char **argv) - switch (arg) { - case 'd': - debug = 1; -- message(MESS_NORMAL, "WARNING: logrotate in debug mode does nothing" -+ message(MESS_WARN, "logrotate in debug mode does nothing" - " except printing debug messages! Consider using verbose" - " mode (-v) instead if this is not what you want.\n\n"); - /* fallthrough */ ---- a/test/test-0080.sh -+++ b/test/test-0080.sh -@@ -10,4 +10,4 @@ cleanup 80 - preptest test.log 80 1 0 - - $RLR -d test-config.80 2>&1 | \ -- grep -q "warning: 'daily' overrides previously specified 'size'" -+ grep -q "note: 'daily' overrides previously specified 'size'" - diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/logrotate/files/logrotate.service b/sdk_container/src/third_party/coreos-overlay/app-admin/logrotate/files/logrotate.service deleted file mode 100644 index 92dcd0368e..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-admin/logrotate/files/logrotate.service +++ /dev/null @@ -1,5 +0,0 @@ -[Unit] -Description=Rotate and Compress System Logs - -[Service] -ExecStart=/usr/bin/logrotate /usr/share/logrotate/logrotate.conf diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/logrotate/files/logrotate.tmpfiles b/sdk_container/src/third_party/coreos-overlay/app-admin/logrotate/files/logrotate.tmpfiles deleted file mode 100644 index e0c2f7c293..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-admin/logrotate/files/logrotate.tmpfiles +++ /dev/null @@ -1,2 +0,0 @@ -d /var/lib/misc -d /etc/logrotate.d - - - - - diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/syft/Manifest b/sdk_container/src/third_party/coreos-overlay/app-containers/syft/Manifest deleted file mode 100644 index 351ff57f43..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-containers/syft/Manifest +++ /dev/null @@ -1,2 +0,0 @@ -DIST syft-0.51.0-deps.tar.xz 632084588 BLAKE2B f9b3e4e41521c25b6e338f2b8f3bba0be08e7608d95de7dba6f5f104e22b8de8a4b419e574e19634099a3bbc55556f83949c68abd5ae52d14b5e97cb9306bf22 SHA512 819236c275762cc42c60339ee2d6886f0998f34609ab0bbef3150b23fbcf3cecaea63d92f6e2e161bf3ec30edae00ef467755900fd1c98389db2f9cd8113fbf4 -DIST syft-0.51.0.tar.gz 3727474 BLAKE2B ae9f54f421faa530aabbbadd985071f603ccaa32c6cd5f0dd400ea9163a218e8ddd5e7035042a7eda6cd06910ce96ae0f42b7422c932992fad812431a42ac059 SHA512 fb844a76d3f3f303e781cea40ac6fb573927f6465a39da10fe9cffeb08ce7b1e8b8ed4acb219206e53159f802eaa12dce73ce5bc3b868f6f4270a30498b6b767 diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/syft/metadata.xml b/sdk_container/src/third_party/coreos-overlay/app-containers/syft/metadata.xml deleted file mode 100644 index 3b2a9c5910..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-containers/syft/metadata.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - -williamh@gentoo.org -William Hubbs - - diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/syft/syft-0.51.0.ebuild b/sdk_container/src/third_party/coreos-overlay/app-containers/syft/syft-0.51.0.ebuild deleted file mode 100644 index 7f44b825c0..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-containers/syft/syft-0.51.0.ebuild +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright 2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 -inherit go-module - -DESCRIPTION="Generate a Software Bill of Materials from container images and filesystems" -HOMEPAGE="https://www.anchore.com" -SRC_URI="https://github.com/anchore/syft/archive/v${PV}.tar.gz -> ${P}.tar.gz" -SRC_URI+=" https://dev.gentoo.org/~williamh/dist/${P}-deps.tar.xz" - -LICENSE="Apache-2.0" -SLOT="0" -# Flatcar: keyword for arm64 and amd64 -KEYWORDS="amd64 arm64" - -src_compile() { - # Flatcar: add ldflags to set version - ego build -o bin/syft -ldflags "-X github.com/anchore/syft/internal/version.version=${PV}" ./cmd/syft -} - -src_install() { - dobin bin/* -} diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntools/files/openssl-3-compat.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntools/files/openssl-3-compat.patch deleted file mode 100644 index 2304bd432a..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntools/files/openssl-3-compat.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/src/idc.c b/src/idc.c -index 6d87bd4..0a82218 100644 ---- a/src/idc.c -+++ b/src/idc.c -@@ -189,7 +189,7 @@ int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image *image) - - idc->data->type = OBJ_nid2obj(peid_nid); - idc->data->value = ASN1_TYPE_new(); -- type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it); -+ type_set_sequence(image, idc->data->value, peid, ASN1_ITEM_rptr(IDC_PEID)); - - idc->digest->alg->parameter = ASN1_TYPE_new(); - idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256); --- -2.25.1 diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/Manifest b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/Manifest deleted file mode 100644 index bbdd682524..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST trousers-0.3.14.tar.gz 1378438 BLAKE2B 3dc2824fa2ca1b1f1181f98d59e85276e7d38af4bfc07ee8246431d9ccb300a8e0820b318643d4cf5d757d2a49492c8686e2fe9de03484263d2189d4bbaa32d0 SHA512 bf87f00329cf1d76a12cf6b6181fa22f90e76af3c5786e6e2db98438d2d3f0c0e05364374664173f45e3a2f6c0e2364948d0b958a7845cb23fcb340150cd9b21 diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/system.data b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/system.data deleted file mode 100644 index b498fd495d..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/system.data +++ /dev/null @@ -1 +0,0 @@ -/ diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tcsd.confd b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tcsd.confd deleted file mode 100644 index 78bedb9fda..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tcsd.confd +++ /dev/null @@ -1,9 +0,0 @@ -# /etc/conf.d/tscd - -# Configuration file for the TrouSerS' TCS daemon (tcsd) init script -# Have a look on /etc/tcsd.conf too, there is more to configure there. - -# TPM_MODULES: name of the module(s) that should be loaded. You only need to -# set this if your driver is not compiled in kernel and is not already loaded -# on boot. (default: unset) -#TPM_MODULES="tpm_atmel" diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tcsd.initd b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tcsd.initd deleted file mode 100644 index c9c050cb06..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tcsd.initd +++ /dev/null @@ -1,38 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -depend() { - use logger - need net -} - -checkconfig() { - local mod - if [ -n "${TPM_MODULES}" ] ; then - for mod in ${TPM_MODULES} ; do - lsmod | grep -q "^${mod}\b" \ - || modprobe ${mod} &>/dev/null \ - || ewarn "Failed to load module ${mod}" - done - # Should we sleep or something to wait for device creation? - fi - if [ ! -c /dev/tpm ] && [ ! -c /dev/tpm0 ] ; then - eerror "No TPM device found!" - return 1 - fi - return 0 -} - -start() { - ebegin "Starting TrouSerS' TCS daemon (tcsd)" - checkconfig || eend $? - start-stop-daemon --start --user tss --exec /usr/sbin/tcsd - eend $? -} - -stop() { - ebegin "Stopping TrouSerS' TCS daemon (tcsd)" - start-stop-daemon --stop --quiet --exec /usr/sbin/tcsd --user tss - eend $? -} diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tcsd.service b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tcsd.service deleted file mode 100644 index c4dc803dfc..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tcsd.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=TCG Core Services Daemon -ConditionPathExists=/dev/tpm0 -ConditionSecurity=!tpm2 - -[Service] -User=tss -ExecCondition=/bin/bash -c "/usr/bin/test $(cat /sys/class/tpm/*/tpm_version_major | grep -m 1 1 || echo 0) -eq 1" -ExecStart=/usr/sbin/tcsd -f - -[Install] -WantedBy=multi-user.target - diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tmpfiles.d/trousers.conf b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tmpfiles.d/trousers.conf deleted file mode 100644 index ad2171ad3d..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tmpfiles.d/trousers.conf +++ /dev/null @@ -1,3 +0,0 @@ -d /var/lib/tpm 0755 tss tss - - -C /etc/tcsd.conf 0640 root tss - /usr/share/trousers/tcsd.conf -C /var/lib/tpm/system.data 0600 tss tss - /usr/share/trousers/system.data diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-CVE-2020-24330_CVE-2020-24331_CVE-2020-24332.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-CVE-2020-24330_CVE-2020-24331_CVE-2020-24332.patch deleted file mode 100644 index 10031e0882..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-CVE-2020-24330_CVE-2020-24331_CVE-2020-24332.patch +++ /dev/null @@ -1,58 +0,0 @@ -Index: trousers-0.3.14/src/tcs/ps/tcsps.c -=================================================================== ---- trousers-0.3.14.orig/src/tcs/ps/tcsps.c -+++ trousers-0.3.14/src/tcs/ps/tcsps.c -@@ -72,7 +72,7 @@ get_file() - } - - /* open and lock the file */ -- system_ps_fd = open(tcsd_options.system_ps_file, O_CREAT|O_RDWR, 0600); -+ system_ps_fd = open(tcsd_options.system_ps_file, O_CREAT|O_RDWR|O_NOFOLLOW, 0600); - if (system_ps_fd < 0) { - LogError("system PS: open() of %s failed: %s", - tcsd_options.system_ps_file, strerror(errno)); -Index: trousers-0.3.14/src/tcsd/svrside.c -=================================================================== ---- trousers-0.3.14.orig/src/tcsd/svrside.c -+++ trousers-0.3.14/src/tcsd/svrside.c -@@ -473,6 +473,7 @@ main(int argc, char **argv) - } - return TCSERR(TSS_E_INTERNAL_ERROR); - } -+ setgid(pwd->pw_gid); - setuid(pwd->pw_uid); - #endif - #endif -Index: trousers-0.3.14/src/tcsd/tcsd_conf.c -=================================================================== ---- trousers-0.3.14.orig/src/tcsd/tcsd_conf.c -+++ trousers-0.3.14/src/tcsd/tcsd_conf.c -@@ -743,7 +743,7 @@ conf_file_init(struct tcsd_config *conf) - #ifndef SOLARIS - struct group *grp; - struct passwd *pw; -- mode_t mode = (S_IRUSR|S_IWUSR); -+ mode_t mode = (S_IRUSR|S_IWUSR|S_IRGRP); - #endif /* SOLARIS */ - TSS_RESULT result; - -@@ -798,15 +798,15 @@ conf_file_init(struct tcsd_config *conf) - } - - /* make sure user/group TSS owns the conf file */ -- if (pw->pw_uid != stat_buf.st_uid || grp->gr_gid != stat_buf.st_gid) { -+ if (stat_buf.st_uid != 0 || grp->gr_gid != stat_buf.st_gid) { - LogError("TCSD config file (%s) must be user/group %s/%s", tcsd_config_file, -- TSS_USER_NAME, TSS_GROUP_NAME); -+ "root", TSS_GROUP_NAME); - return TCSERR(TSS_E_INTERNAL_ERROR); - } - -- /* make sure only the tss user can manipulate the config file */ -+ /* make sure only the tss user can read (but not manipulate) the config file */ - if (((stat_buf.st_mode & 0777) ^ mode) != 0) { -- LogError("TCSD config file (%s) must be mode 0600", tcsd_config_file); -+ LogError("TCSD config file (%s) must be mode 0640", tcsd_config_file); - return TCSERR(TSS_E_INTERNAL_ERROR); - } - #endif /* SOLARIS */ diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-fno-common.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-fno-common.patch deleted file mode 100644 index 5046bc7088..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-fno-common.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/src/include/tcsd.h b/src/include/tcsd.h -index 5b9462b..05bae97 100644 ---- a/src/include/tcsd.h -+++ b/src/include/tcsd.h -@@ -166,8 +166,8 @@ void thread_signal_init(); - - /* signal handling */ - #ifndef __APPLE__ --struct sigaction tcsd_sa_int; --struct sigaction tcsd_sa_chld; -+extern struct sigaction tcsd_sa_int; -+extern struct sigaction tcsd_sa_chld; - #endif - - #endif diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-libressl.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-libressl.patch deleted file mode 100644 index 9ee7c167e2..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-libressl.patch +++ /dev/null @@ -1,28 +0,0 @@ -From b8b1cda430270f03dc556cf9cf7d2fd478101525 Mon Sep 17 00:00:00 2001 -From: Alon Bar-Lev -Date: Wed, 7 Dec 2016 09:36:34 +0200 -Subject: [PATCH] tspi: support libressl - -Bug: https://sourceforge.net/p/trousers/bugs/222/ - -Signed-off-by: Alon Bar-Lev ---- - src/trspi/crypto/openssl/rsa.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/trspi/crypto/openssl/rsa.c b/src/trspi/crypto/openssl/rsa.c -index 2b1205f..3e56015 100644 ---- a/src/trspi/crypto/openssl/rsa.c -+++ b/src/trspi/crypto/openssl/rsa.c -@@ -38,7 +38,7 @@ - #define DEBUG_print_openssl_errors() - #endif - --#if OPENSSL_VERSION_NUMBER < 0x10100001L -+#if OPENSSL_VERSION_NUMBER < 0x10100001L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) - static int - RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) - { --- -2.7.3 - diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/trousers-0.3.14-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/trousers-0.3.14-r2.ebuild deleted file mode 100644 index b00c14f14c..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/trousers-0.3.14-r2.ebuild +++ /dev/null @@ -1,91 +0,0 @@ -# Flatcar modifications: -# - added "Flatcar:" customizations -# - added condition to files/tcsd.service -# - created files/tmpfiles.d/trousers.conf -# - created files/system.data -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -TMPFILES_OPTIONAL=1 -inherit autotools linux-info readme.gentoo-r1 systemd tmpfiles udev - -DESCRIPTION="An open-source TCG Software Stack (TSS) v1.1 implementation" -HOMEPAGE="http://trousers.sf.net" -SRC_URI="mirror://sourceforge/trousers/${PN}/${P}.tar.gz" - -LICENSE="CPL-1.0 GPL-2" -SLOT="0" -KEYWORDS="amd64 arm arm64 ~m68k ~ppc ppc64 ~s390 x86" -IUSE="doc libressl selinux" # gtk - -# gtk support presently does NOT compile. -# gtk? ( >=x11-libs/gtk+-2 ) - -DEPEND="acct-group/tss - acct-user/tss - >=dev-libs/glib-2 - !libressl? ( >=dev-libs/openssl-0.9.7:0= ) - libressl? ( dev-libs/libressl:0= )" -RDEPEND="${DEPEND} - selinux? ( sec-policy/selinux-tcsd )" -BDEPEND="virtual/pkgconfig" - -PATCHES=( - "${FILESDIR}/${PN}-0.3.13-nouseradd.patch" - "${FILESDIR}/${P}-libressl.patch" - "${FILESDIR}/${P}-fno-common.patch" - "${FILESDIR}/${P}-Makefile.am-Mark-tddl.a-nodist.patch" - "${FILESDIR}/${P}-CVE-2020-24330_CVE-2020-24331_CVE-2020-24332.patch" -) - -DOCS="AUTHORS ChangeLog NICETOHAVES README TODO" - -DOC_CONTENTS=" - If you have problems starting tcsd, please check permissions and - ownership on /dev/tpm* and ~tss/system.data -" -S="${WORKDIR}" - -CONFIG_CHECK="~TCG_TPM" - -src_prepare() { - default - eautoreconf -} - -src_configure() { - # econf --with-gui=$(usex gtk gtk openssl) - econf --with-gui=openssl -} - -src_install() { - default - find "${D}" -name '*.la' -delete || die - - keepdir /var/lib/tpm - use doc && dodoc doc/* - # Flatcar: Comment out the openrc stuff. - # newinitd "${FILESDIR}"/tcsd.initd tcsd - # newconfd "${FILESDIR}"/tcsd.confd tcsd - fowners root:tss /etc/tcsd.conf - - systemd_dounit "${FILESDIR}"/tcsd.service - - # Flatcar: - systemd_enable_service multi-user.target tcsd.service - - udev_dorules "${FILESDIR}"/61-trousers.rules - fowners tss:tss /var/lib/tpm - readme.gentoo_create_doc - - # Flatcar: - insinto /usr/share/trousers/ - doins "${FILESDIR}"/system.data - # stash a copy of the config so we can restore it from tmpfiles - doins "${D}"/etc/tcsd.conf - fowners tss:tss /usr/share/trousers/system.data - fowners root:tss /usr/share/trousers/tcsd.conf - dotmpfiles "${FILESDIR}"/tmpfiles.d/trousers.conf -} diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1-r198.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1-r199.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1-r198.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1-r199.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild index 1a692de5d9..8099d715ca 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild @@ -8,7 +8,7 @@ EGIT_REPO_URI="https://github.com/flatcar/init.git" if [[ "${PV}" == 9999 ]]; then KEYWORDS="~amd64 ~arm ~arm64 ~x86" else - EGIT_COMMIT="c818ad2c1923ff6fad2c01895f635e172990a48c" # flatcar-master + EGIT_COMMIT="ac4adc6903e060d49afd7a527ed1b555e94847f8" # flatcar-master KEYWORDS="amd64 arm arm64 x86" fi diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/app-admin/logrotate b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/app-admin/logrotate new file mode 100644 index 0000000000..00cf37a35e --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/app-admin/logrotate @@ -0,0 +1,45 @@ +cros_post_src_install_logrotate_flatcar_modifications() { + insinto /etc + newins - logrotate.conf <<'EOF' +# keep only the most recent old log. +rotate 1 + +# create new (empty) log files after rotating old ones. +create + +# use date as a suffix of the rotated file. +dateext + +# compress rotated log files. +compress + +# if a file to rotate is missing, don't log an error. +missingok +notifempty +nomail +noolddir + +# packages can drop log rotation information into this directory. +include /etc/logrotate.d + +# no packages own wtmp and btmp -- we'll rotate them here. +# must match creation rules in /usr/lib/tmpfiles.d/var.conf +/var/log/wtmp { + create 0664 root utmp + size 1M +} +/var/log/btmp { + create 0600 root utmp + size 1M +} + +# system-specific logs may also be configured here. +EOF + # install this for backward compatibility + dosym -r /usr/share/flatcar/etc/logrotate.conf /usr/share/logrotate/logrotate.conf + insinto /usr/share/flatcar/etc + newins - logrotate.conf + + # needs systemd eclass to be inherited by the ebuild + systemd_enable_service multi-user.target logrotate.timer +} diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/app-containers/syft b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/app-containers/syft new file mode 100644 index 0000000000..23f700402e --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/app-containers/syft @@ -0,0 +1,5 @@ +# there are only examples installed +syft_install_mask=" /usr/share/syft/examples " +INSTALL_MASK+="${syft_install_mask}" +PKG_INSTALL_MASK+="${syft_install_mask}" +unset syft_install_mask diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/app-crypt/trousers b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/app-crypt/trousers new file mode 100644 index 0000000000..4696a6f171 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/app-crypt/trousers @@ -0,0 +1,42 @@ +cros_post_src_install_trousers_flatcar_modifications() { + # override the systemd unit file and enable it + systemd_newunit - tcsd.service <<'EOF' +[Unit] +Description=TCG Core Services Daemon +ConditionPathExists=/dev/tpm0 +ConditionSecurity=!tpm2 + +[Service] +User=tss +ExecCondition=/bin/bash -c "/usr/bin/test $(cat /sys/class/tpm/*/tpm_version_major | grep -m 1 1 || echo 0) -eq 1" +ExecStart=/usr/sbin/tcsd -f + +[Install] +WantedBy=multi-user.target +EOF + systemd_enable_service multi-user.target tcsd.service + + # handle system.data file - put into /usr and install a tmpfiles + # conf copying it into /var/lib/tpm + ( + insinto /usr/share/trousers/ + insopts -o tss -g tss + newins - system.data <<<"/" + ) + ( + insopts -m 0644 + insinto /usr/lib/tmpfiles.d + newins - trousers.conf <<'EOF' +C /var/lib/tpm/system.data 0600 tss tss - /usr/share/trousers/system.data +EOF + ) + + # symlink for backward compatibility, can't use "dosym -r", + # because ebuild has EAPI 7, while "dosym -r" is supported only + # since EAPI 8. + # + # dosym -r /usr/share/flatcar/etc/tcsd.conf /usr/share/trousers/tcsd.conf + ln -sTr "${ED}/usr/share/flatcar/etc/tcsd.conf" "${ED}/usr/share/trousers/tcsd.conf" || die + insinto /usr/share/flatcar/etc + newins - tcsd.conf +} diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/dev-libs/openssl b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/dev-libs/openssl index d2d30ce81b..9673ee081b 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/dev-libs/openssl +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/dev-libs/openssl @@ -1,5 +1,7 @@ # A hack to avoid rehashing certs in a nonexistent directory. -flatcar_hacked_openssl=$(command -v openssl) +if [[ -z ${flatcar_hacked_openssl:-} ]]; then + flatcar_hacked_openssl=$(command -v openssl) +fi openssl() { if [[ ${#} -gt 0 && ${1} = 'rehash' ]]; then return; diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/dev-util/bsdiff b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/dev-util/bsdiff new file mode 100644 index 0000000000..5921f3bfd5 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/dev-util/bsdiff @@ -0,0 +1,16 @@ +# Hacks to build bsdiff that now requires linking both bsdiff.o and +# sais.o to produce an executable. The original required only bsdiff.o +# - sais.o is a result of compiling a third-party code we added in our +# user patches. We replace bsdiff.c with a simple source file, so +# src_compile succeeds. In post hook we build actual bsdiff. + +cros_pre_src_compile_bsdiff_flatcar_modifications() { + mv bsdiff.c "${T}/bsdiff.c" + echo "int main(void) { return 0; }" >bsdiff.c +} + +cros_post_src_compile_bsdiff_flatcar_modifications() { + rm bsdiff bsdiff.c || die + mv "${T}/bsdiff.c" bsdiff.c || die + edo $(tc-getCC) ${CPPFLAGS} ${CFLAGS} ${LDFLAGS} -o bsdiff bsdiff.c sais.c -lbz2 +} diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-dns/bind b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-dns/bind index 0cb2bea848..1affd99df9 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-dns/bind +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-dns/bind @@ -22,12 +22,14 @@ unset ndb_install_mask # only files that this happens for are files that we have put into # {PKG_,}INSTALL_MASK. This will help us avoid installing # acct-user/named and acct-user/group. -fowners_script=$(command -v fowners) +if [[ -z ${flatcar_hacked_fowners:-} ]]; then + flatcar_hacked_fowners=$(command -v fowners) +fi fowners() { if [[ ${#} -gt 0 && ( ${1} = named:* || ${1} = *:named ) ]]; then return 0 fi - "${fowners_script}" "${@}" + "${flatcar_hacked_fowners}" "${@}" } # The pkg_postinst phase function wants to generate an rndc.key file diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-firewall/ebtables b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-firewall/ebtables new file mode 100644 index 0000000000..f4715afc48 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-firewall/ebtables @@ -0,0 +1,13 @@ +# A hack to set ebtables to xtables-nft-multi instead of +# ebtables-legacy. +if [[ -z ${flatcar_hacked_eselect:-} ]]; then + flatcar_hacked_eselect=$(command -v eselect) +fi +eselect() { + if [[ ${#} -gt 2 && ${1} = 'ebtables' && ${2} = 'set' && ${3} = 'ebtables-legacy' ]]; then + elog "Ackchyually, we are setting it to xtables-nft-multi" + "${flatcar_hacked_eselect}" ebtables set xtables-nft-multi + else + "${flatcar_hacked_eselect}" "${@}" + fi +} diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-firewall/iptables b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-firewall/iptables new file mode 100644 index 0000000000..61dd535c58 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-firewall/iptables @@ -0,0 +1,56 @@ +# A hack to avoid removing ebtables binaries +if [[ -z ${flatcar_hacked_rm:-} ]]; then + flatcar_hacked_rm=$(command -v rm) +fi +rm() { + local -a new_f=() + local f + for f; do + if [[ ${f} != */sbin/ebtables* ]]; then + new_f+=( "${f}" ) + fi + done + "${flatcar_hacked_rm}" "${new_f[@]}" +} + +# A hack to set iptables to xtables-nft-multi instead of +# xtables-legacy-multi, and to avoid tinkering with arptables. +if [[ -z ${flatcar_hacked_eselect:-} ]]; then + flatcar_hacked_eselect=$(command -v eselect) +fi +eselect() { + if [[ ${#} -gt 2 && ${1} = 'iptables' && ${2} = 'set' && ${3} = 'xtables-legacy-multi' ]]; then + elog "Ackchyually, we are setting it to xtables-nft-multi" + "${flatcar_hacked_eselect}" iptables set xtables-nft-multi + elif [[ ${#} -gt 1 && ${1} = 'arptables' && ${2} = 'show' ]]; then + # Nothing to do, we will just return success, so ebuild will + # not be doing anything with arptables + : + else + "${flatcar_hacked_eselect}" "${@}" + fi +} + +cros_post_src_install_iptables_flatcar_modifications() { + # Drop the rest of the arptables binaries. + rm "${ED}"/sbin/arptables-{translate,nft{,-{save,restore}}} || die + + # Gentoo upstream dropped the iptables & ip6tables services but we + # continue to ship them. + systemd_newunit - ip6tables.service </dev/null 2>&1; then + eval "$(echo 'flatcar_hacked_dostrip()'; declare -pf dostrip | tail -n +2)" +fi dostrip() { if [[ ${#} = 2 && ${1} = '-x' && ${2} = '/' ]]; then return diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-libs/timezone-data b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-libs/timezone-data new file mode 100644 index 0000000000..7b152f09de --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-libs/timezone-data @@ -0,0 +1,4 @@ +cros_post_src_install_timezone_data_flatcar_modifications() { + # install the symlink by hand to not break existing timezones + dosym . /usr/share/zoneinfo/posix +} diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-process/audit b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-process/audit index 4f8e6e6f41..52fc0e0aad 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-process/audit +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-process/audit @@ -1,11 +1,7 @@ # Do not install Gentoo-provided audit rules, we will install our own # in coreos-base/misc-files. Also skip installing legacy initscripts # stuff in /usr/libexec. -INSTALL_MASK+=" -/etc/audit/audit.rules* -/usr/libexec -" -PKG_INSTALL_MASK+=" -/etc/audit/audit.rules* -/usr/libexec -" +audit_install_mask=" /etc/audit/audit.rules* /usr/libexec " +INSTALL_MASK+="${audit_install_mask}" +PKG_INSTALL_MASK+="${audit_install_mask}" +unset audit_install_mask diff --git a/sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/files/4.3_bsdiff-convert-to-sais-lite-suffix-sort.patch b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/dev-util/bsdiff/0001-convert-to-sais-lite-suffix-sort.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/files/4.3_bsdiff-convert-to-sais-lite-suffix-sort.patch rename to sdk_container/src/third_party/coreos-overlay/coreos/user-patches/dev-util/bsdiff/0001-convert-to-sais-lite-suffix-sort.patch diff --git a/sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/files/bsdiff-4.3-CVE-2020-14315.patch b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/dev-util/bsdiff/0002-CVE-2020-14315.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/files/bsdiff-4.3-CVE-2020-14315.patch rename to sdk_container/src/third_party/coreos-overlay/coreos/user-patches/dev-util/bsdiff/0002-CVE-2020-14315.patch diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/dev-util/bsdiff/README.md b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/dev-util/bsdiff/README.md new file mode 100644 index 0000000000..e02194296d --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/dev-util/bsdiff/README.md @@ -0,0 +1,24 @@ +About `0001-convert-to-sais-lite-suffix-sort.patch` - see the message +at the top of the patch. + +About `0002-CVE-2020-14315.patch`: + +Originally the security issue was published as +[FreeBSD-SA-16:29](https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc), +which pointed to a FreeBSD +[patch](https://security.freebsd.org/patches/SA-16:29/bspatch.patch). +However, the patch was a set of huge changes including other unrelated +changes. That's why it was not simple at all to apply the patch to +bsdiff. Both Gentoo and Flatcar have not included the fix. + +Fortunately X41 D-SEC +[examined](https://www.x41-dsec.de/security/news/working/research/2020/07/15/bspatch/) +the issue again, and nailed down to a simple patch that can be easily +applied to other trees. We simply take the patch with minimal changes. + +See also +[CVE-2020-14315](https://nvd.nist.gov/vuln/detail/CVE-2020-14315). + + +Neither of the patches are unlikely to be applied to upstream, so we +will carry those indefinitely. diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/Manifest b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/Manifest deleted file mode 100644 index 44c1d5abb4..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST iptables-1.8.8.tar.bz2 746985 BLAKE2B 0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164 SHA512 f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59 diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-1.8.2-link.patch b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-1.8.2-link.patch deleted file mode 100644 index c20f2e54b8..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-1.8.2-link.patch +++ /dev/null @@ -1,24 +0,0 @@ -From ee4fc7c558d9eb9c37035250046d4eac9af3fa28 Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping -Date: Thu, 27 Dec 2018 23:47:33 +0100 -Subject: [PATCH] Fix link errors for USE="conntrack static-libs" (bug #586106) - ---- - iptables/Makefile.am | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/iptables/Makefile.am b/iptables/Makefile.am -index 581dc32..2c3db86 100644 ---- a/iptables/Makefile.am -+++ b/iptables/Makefile.am -@@ -26,6 +26,7 @@ xtables_legacy_multi_LDADD += ../libiptc/libip6tc.la ../extensions/libext6.a - endif - xtables_legacy_multi_SOURCES += xshared.c - xtables_legacy_multi_LDADD += ../libxtables/libxtables.la -lm -+xtables_legacy_multi_LDADD += ${libnetfilter_conntrack_LIBS} - - # iptables using nf_tables api - if ENABLE_NFTABLES --- -2.19.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-1.8.8-format-security.patch b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-1.8.8-format-security.patch deleted file mode 100644 index fafc435379..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-1.8.8-format-security.patch +++ /dev/null @@ -1,21 +0,0 @@ -https://git.netfilter.org/iptables/commit/?id=b72eb12ea5a61df0655ad99d5048994e916be83a - -From: Phil Sutter -Date: Fri, 13 May 2022 16:51:58 +0200 -Subject: xshared: Fix build for -Werror=format-security - -Gcc complains about the omitted format string. - -Signed-off-by: Phil Sutter ---- a/iptables/xshared.c -+++ b/iptables/xshared.c -@@ -1307,7 +1307,7 @@ static void check_empty_interface(struct xtables_args *args, const char *arg) - return; - - if (args->family != NFPROTO_ARP) -- xtables_error(PARAMETER_PROBLEM, msg); -+ xtables_error(PARAMETER_PROBLEM, "%s", msg); - - fprintf(stderr, "%s", msg); - } -cgit v1.2.3 diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch deleted file mode 100644 index 52e2c70199..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch +++ /dev/null @@ -1,59 +0,0 @@ -https://git.netfilter.org/iptables/commit/?id=0e7cf0ad306cdf95dc3c28d15a254532206a888e -https://bugs.gentoo.org/846377 - -From: Phil Sutter -Date: Wed, 18 May 2022 16:04:09 +0200 -Subject: Revert "fix build for missing ETH_ALEN definition" -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This reverts commit c5d9a723b5159a28f547b577711787295a14fd84 as it broke -compiling against musl libc. Might be a bug in the latter, but for the -time being try to please both by avoiding the include and instead -defining ETH_ALEN if unset. - -While being at it, move netinet/ether.h include up. - -Fixes: 1bdb5535f561a ("libxtables: Extend MAC address printing/parsing support") -Signed-off-by: Phil Sutter -Reviewed-by: Maciej Żenczykowski ---- a/libxtables/xtables.c -+++ b/libxtables/xtables.c -@@ -28,6 +28,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -45,7 +46,6 @@ - - #include - #include /* INT_MAX in ip_tables.h/ip6_tables.h */ --#include /* ETH_ALEN */ - #include - #include - #include -@@ -72,6 +72,10 @@ - #define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe" - #endif - -+#ifndef ETH_ALEN -+#define ETH_ALEN 6 -+#endif -+ - /* we need this for ip6?tables-restore. ip6?tables-restore.c sets line to the - * current line of the input file, in order to give a more precise error - * message. ip6?tables itself doesn't need this, so it is initialized to the -@@ -2245,8 +2249,6 @@ void xtables_print_num(uint64_t number, unsigned int format) - printf(FMT("%4lluT ","%lluT "), (unsigned long long)number); - } - --#include -- - static const unsigned char mac_type_unicast[ETH_ALEN] = {}; - static const unsigned char msk_type_unicast[ETH_ALEN] = {1}; - static const unsigned char mac_type_multicast[ETH_ALEN] = {1}; -cgit v1.2.3 diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch deleted file mode 100644 index ee9e218b5d..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch +++ /dev/null @@ -1,26 +0,0 @@ -https://git.netfilter.org/iptables/commit/?id=0ebf52fc951b2a4d98a166afb34af4f364bbeece - -From: Ben Brown -Date: Wed, 25 May 2022 16:26:13 +0100 -Subject: build: Fix error during out of tree build - -Fixes the following error: - - ../../libxtables/xtables.c:52:10: fatal error: libiptc/linux_list.h: No such file or directory - 52 | #include - -Fixes: f58b0d7406451 ("libxtables: Implement notargets hash table") -Signed-off-by: Ben Brown -Signed-off-by: Phil Sutter ---- a/libxtables/Makefile.am -+++ b/libxtables/Makefile.am -@@ -1,7 +1,7 @@ - # -*- Makefile -*- - - AM_CFLAGS = ${regular_CFLAGS} --AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include -I${top_srcdir}/iptables ${kinclude_CPPFLAGS} -+AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include -I${top_srcdir}/iptables -I${top_srcdir} ${kinclude_CPPFLAGS} - - lib_LTLIBRARIES = libxtables.la - libxtables_la_SOURCES = xtables.c xtoptions.c getethertype.c -cgit v1.2.3 diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch deleted file mode 100644 index 40302f624e..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch +++ /dev/null @@ -1,135 +0,0 @@ -https://git.netfilter.org/iptables/commit/?id=f319389525b066b7dc6d389c88f16a0df3b8f189 - -From: Nick Hainke -Date: Mon, 16 May 2022 18:16:41 +0200 -Subject: treewide: use uint* instead of u_int* - -Gcc complains about missing types. Some commits introduced u_int* instead -of uint*. Use uint treewide. - -Fixes errors in the form of: -In file included from xtables-legacy-multi.c:5: -xshared.h:83:56: error: unknown type name 'u_int16_t'; did you mean 'uint16_t'? - 83 | set_option(unsigned int *options, unsigned int option, u_int16_t *invflg, - | ^~~~~~~~~ - | uint16_t -make[6]: *** [Makefile:712: xtables_legacy_multi-xtables-legacy-multi.o] Error 1 - -Avoid libipq API breakage by adjusting libipq.h include accordingly. For -arpt_mangle.h kernel uAPI header, apply same change as in kernel commit -e91ded8db5747 ("uapi: netfilter_arp: use __u8 instead of u_int8_t"). - -Signed-off-by: Nick Hainke -Signed-off-by: Phil Sutter ---- a/extensions/libxt_conntrack.c -+++ b/extensions/libxt_conntrack.c -@@ -778,7 +778,7 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric, - - static void - conntrack_dump_ports(const char *prefix, const char *opt, -- u_int16_t port_low, u_int16_t port_high) -+ uint16_t port_low, uint16_t port_high) - { - if (port_high == 0 || port_low == port_high) - printf(" %s%s %u", prefix, opt, port_low); ---- a/include/libipq/libipq.h -+++ b/include/libipq/libipq.h -@@ -24,7 +24,7 @@ - #include - #include - #include --#include -+#include - #include - #include - #include -@@ -48,19 +48,19 @@ typedef unsigned long ipq_id_t; - struct ipq_handle - { - int fd; -- u_int8_t blocking; -+ uint8_t blocking; - struct sockaddr_nl local; - struct sockaddr_nl peer; - }; - --struct ipq_handle *ipq_create_handle(u_int32_t flags, u_int32_t protocol); -+struct ipq_handle *ipq_create_handle(uint32_t flags, uint32_t protocol); - - int ipq_destroy_handle(struct ipq_handle *h); - - ssize_t ipq_read(const struct ipq_handle *h, - unsigned char *buf, size_t len, int timeout); - --int ipq_set_mode(const struct ipq_handle *h, u_int8_t mode, size_t len); -+int ipq_set_mode(const struct ipq_handle *h, uint8_t mode, size_t len); - - ipq_packet_msg_t *ipq_get_packet(const unsigned char *buf); - ---- a/include/libiptc/libxtc.h -+++ b/include/libiptc/libxtc.h -@@ -10,7 +10,7 @@ extern "C" { - #endif - - #ifndef XT_MIN_ALIGN --/* xt_entry has pointers and u_int64_t's in it, so if you align to -+/* xt_entry has pointers and uint64_t's in it, so if you align to - it, you'll also align to any crazy matches and targets someone - might write */ - #define XT_MIN_ALIGN (__alignof__(struct xt_entry)) ---- a/include/linux/netfilter_arp/arpt_mangle.h -+++ b/include/linux/netfilter_arp/arpt_mangle.h -@@ -13,7 +13,7 @@ struct arpt_mangle - union { - struct in_addr tgt_ip; - } u_t; -- u_int8_t flags; -+ __u8 flags; - int target; - }; - ---- a/iptables/xshared.c -+++ b/iptables/xshared.c -@@ -1025,7 +1025,7 @@ static const int inverse_for_options[NUMBER_OF_OPT] = - }; - - void --set_option(unsigned int *options, unsigned int option, u_int16_t *invflg, -+set_option(unsigned int *options, unsigned int option, uint16_t *invflg, - bool invert) - { - if (*options & option) ---- a/iptables/xshared.h -+++ b/iptables/xshared.h -@@ -80,7 +80,7 @@ struct xtables_target; - #define IPT_INV_ARPHRD 0x0800 - - void --set_option(unsigned int *options, unsigned int option, u_int16_t *invflg, -+set_option(unsigned int *options, unsigned int option, uint16_t *invflg, - bool invert); - - /** ---- a/libipq/ipq_create_handle.3 -+++ b/libipq/ipq_create_handle.3 -@@ -24,7 +24,7 @@ ipq_create_handle, ipq_destroy_handle \(em create and destroy libipq handles. - .br - .B #include - .sp --.BI "struct ipq_handle *ipq_create_handle(u_int32_t " flags ", u_int32_t " protocol ");" -+.BI "struct ipq_handle *ipq_create_handle(uint32_t " flags ", uint32_t " protocol ");" - .br - .BI "int ipq_destroy_handle(struct ipq_handle *" h ); - .SH DESCRIPTION ---- a/libipq/ipq_set_mode.3 -+++ b/libipq/ipq_set_mode.3 -@@ -24,7 +24,7 @@ ipq_set_mode \(em set the ip_queue queuing mode - .br - .B #include - .sp --.BI "int ipq_set_mode(const struct ipq_handle *" h ", u_int8_t " mode ", size_t " range ); -+.BI "int ipq_set_mode(const struct ipq_handle *" h ", uint8_t " mode ", size_t " range ); - .SH DESCRIPTION - The - .B ipq_set_mode -cgit v1.2.3 diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/ip6tables.service b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/ip6tables.service deleted file mode 100644 index 0a6d7fa1c8..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/ip6tables.service +++ /dev/null @@ -1,6 +0,0 @@ -[Unit] -Description=Store and restore ip6tables firewall rules - -[Install] -Also=ip6tables-store.service -Also=ip6tables-restore.service diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/iptables.service b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/iptables.service deleted file mode 100644 index 3643a3e310..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/iptables.service +++ /dev/null @@ -1,6 +0,0 @@ -[Unit] -Description=Store and restore iptables firewall rules - -[Install] -Also=iptables-store.service -Also=iptables-restore.service diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/nftables/Manifest b/sdk_container/src/third_party/coreos-overlay/net-firewall/nftables/Manifest deleted file mode 100644 index b81c0121c4..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-firewall/nftables/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST nftables-0.9.9.tar.bz2 922624 BLAKE2B 8de2709576a26ca84a8d694f7cb06cad2bb2fb4671ba21ffc32c0d5997e8124ae7cd794dafddf4db48d8a49c280b48b07d2a31b6c18f6647fdb67cfe7f065b61 SHA512 dfdd3ffc0ffc1742ca0494a3f8fac1c7b2fe942849e60d33fc3cb8a51e27bd39e1ccfeda2195191377a32bb5363ea244f4c3e71b4a6d930f33bf87e17a534fab diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/nftables/files/nftables-0.9.8-slibtool.patch b/sdk_container/src/third_party/coreos-overlay/net-firewall/nftables/files/nftables-0.9.8-slibtool.patch deleted file mode 100644 index a92645f793..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-firewall/nftables/files/nftables-0.9.8-slibtool.patch +++ /dev/null @@ -1,13 +0,0 @@ -This fixes build with sys-devel/slibtool - ---- nftables-0.9.8/src/Makefile.am -+++ nftables-0.9.8/src/Makefile.am -@@ -90,7 +90,7 @@ - - libnftables_la_LIBADD = ${LIBMNL_LIBS} ${LIBNFTNL_LIBS} libparser.la - libnftables_la_LDFLAGS = -version-info ${libnftables_LIBVERSION} \ -- --version-script=$(srcdir)/libnftables.map -+ -Wl,--version-script=$(srcdir)/libnftables.map - - if BUILD_MINIGMP - noinst_LTLIBRARIES += libminigmp.la diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/nftables/nftables-0.9.9-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/net-firewall/nftables/nftables-0.9.9-r2.ebuild deleted file mode 100644 index ce56aed820..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-firewall/nftables/nftables-0.9.9-r2.ebuild +++ /dev/null @@ -1,121 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{6..11} ) - -inherit autotools linux-info python-r1 systemd - -DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" -HOMEPAGE="https://netfilter.org/projects/nftables/" - -if [[ ${PV} =~ ^[9]{4,}$ ]]; then - inherit git-r3 - EGIT_REPO_URI="https://git.netfilter.org/${PN}" - - BDEPEND=" - sys-devel/bison - sys-devel/flex - " -else - SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" - KEYWORDS="amd64 arm arm64 ~ia64 ppc ~ppc64 ~riscv sparc x86" -fi - -LICENSE="GPL-2" -SLOT="0/1" -IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xtables" - -RDEPEND=" - >=net-libs/libmnl-1.0.4:0= - >=net-libs/libnftnl-1.2.0:0= - gmp? ( dev-libs/gmp:0= ) - json? ( dev-libs/jansson:= ) - python? ( ${PYTHON_DEPS} ) - readline? ( sys-libs/readline:0= ) - xtables? ( >=net-firewall/iptables-1.6.1 ) -" - -DEPEND="${RDEPEND}" - -BDEPEND+=" - doc? ( - app-text/asciidoc - >=app-text/docbook2X-0.8.8-r4 - ) - virtual/pkgconfig -" - -REQUIRED_USE=" - python? ( ${PYTHON_REQUIRED_USE} ) - libedit? ( !readline ) -" - -PATCHES=( - "${FILESDIR}/${PN}-0.9.8-slibtool.patch" -) - -python_make() { - emake \ - -C py \ - abs_builddir="${S}" \ - DESTDIR="${D}" \ - PYTHON_BIN="${PYTHON}" \ - "${@}" -} - -pkg_setup() { - if kernel_is ge 3 13; then - if use modern-kernel && kernel_is lt 3 18; then - eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." - fi - CONFIG_CHECK="~NF_TABLES" - linux-info_pkg_setup - else - eerror "This package requires kernel version 3.13 or newer to work properly." - fi -} - -src_prepare() { - default - - # fix installation path for doc stuff - sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \ - -i files/nftables/Makefile.am || die - sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \ - -i files/osf/Makefile.am || die - - eautoreconf -} - -src_configure() { - local myeconfargs=( - # We handle python separately - --disable-python - --sbindir="${EPREFIX}"/sbin - --sysconfdir="${EPREFIX}"/usr/share - $(use_enable debug) - $(use_enable doc man-doc) - $(use_with !gmp mini_gmp) - $(use_with json) - $(use_with libedit cli editline) - $(use_with readline cli readline) - $(use_enable static-libs static) - $(use_with xtables) - ) - econf "${myeconfargs[@]}" -} - -src_compile() { - default - - if use python; then - python_foreach_impl python_make - fi -} - -src_install() { - default - find "${ED}" -type f -name "*.la" -delete || die -} diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/nfs-utils/Manifest b/sdk_container/src/third_party/coreos-overlay/net-fs/nfs-utils/Manifest deleted file mode 100644 index c36c94e4db..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/nfs-utils/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST nfs-utils-2.5.4.tar.bz2 943373 BLAKE2B 72ed871613701f5b035941a7aed957771fe3b6a19fefee203130442c292bbbefde35721f2287fef19046d2d837faeda43b06a93a5acdb8ac6240eef90e6dd12c SHA512 b1395c5b06a06246666c48174594b1e08b71cf40b8f94b533497bd92625401a669e2c40e48dbd665891ad2247bc94d7d604d0c5d0f0b66bfe957b03d42e5d305 diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/nfs-utils/files/nfs-utils-2.5.4-kernel-5.3-nfsv4.patch b/sdk_container/src/third_party/coreos-overlay/net-fs/nfs-utils/files/nfs-utils-2.5.4-kernel-5.3-nfsv4.patch deleted file mode 100644 index c9a543191b..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/nfs-utils/files/nfs-utils-2.5.4-kernel-5.3-nfsv4.patch +++ /dev/null @@ -1,32 +0,0 @@ -https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commitdiff;h=feb3dfc7127cf1337530ccb06ed90e818b026a07#patch1 -https://bugzilla.redhat.com/show_bug.cgi?id=1979816 -https://bugs.gentoo.org/808183 - -Slightly rebased by sam@ to account for version.h moving around. - -From feb3dfc7127cf1337530ccb06ed90e818b026a07 Mon Sep 17 00:00:00 2001 -From: Steve Dickson -Date: Wed, 22 Sep 2021 11:31:56 -0400 -Subject: [PATCH] mountd: only do NFSv4 logging on supported kernels. - -Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1979816 -Signed-off-by: Steve Dickson ---- a/support/export/v4clients.c -+++ b/support/export/v4clients.c -@@ -10,6 +10,7 @@ - #include - #include - #include "export.h" -+#include "../../utils/mount/version.h" - - /* search.h declares 'struct entry' and nfs_prot.h - * does too. Easiest fix is to trick search.h into -@@ -23,6 +24,8 @@ static int clients_fd = -1; - - void v4clients_init(void) - { -+ if (linux_version_code() < MAKE_VERSION(5, 3, 0)) -+ return; - if (clients_fd >= 0) - return; - clients_fd = inotify_init1(IN_NONBLOCK); diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/nfs-utils/files/nfs-utils.conf b/sdk_container/src/third_party/coreos-overlay/net-fs/nfs-utils/files/nfs-utils.conf deleted file mode 100644 index 02737e2f51..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/nfs-utils/files/nfs-utils.conf +++ /dev/null @@ -1,9 +0,0 @@ -d /var/lib/nfs/rpc_pipefs -d /var/lib/nfs/v4recovery -d /var/lib/nfs/v4root -C /var/lib/nfs/etab - - - - /usr/lib64/nfs/etab -C /var/lib/nfs/rmtab - - - - /usr/lib64/nfs/rmtab -C /var/lib/nfs/sm - - - - /usr/lib64/nfs/sm -C /var/lib/nfs/sm.bak - - - - /usr/lib64/nfs/sm.bak -C /var/lib/nfs/state - - - - /usr/lib64/nfs/state -C /var/lib/nfs/xtab - - - - /usr/lib64/nfs/xtab diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/nfs-utils/metadata.xml b/sdk_container/src/third_party/coreos-overlay/net-fs/nfs-utils/metadata.xml deleted file mode 100644 index f60293313f..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/nfs-utils/metadata.xml +++ /dev/null @@ -1,21 +0,0 @@ - - - - - base-system@gentoo.org - Gentoo Base System - - - Enable NFS junction support in nfsref - Add ldap support - Link mount.nfs with libmount - Enable nfsdcld NFSv4 clientid tracking daemon - Enable support for newer nfsidmap helper - Enable support for NFSv4 - Enable support for NFSv4.1 - Support UUID lookups in rpc.mountd - - - nfs - - diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/nfs-utils/nfs-utils-2.5.4-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/net-fs/nfs-utils/nfs-utils-2.5.4-r3.ebuild deleted file mode 100644 index 45339e3660..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/nfs-utils/nfs-utils-2.5.4-r3.ebuild +++ /dev/null @@ -1,170 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -TMPFILES_OPTIONAL=1 -inherit autotools linux-info systemd tmpfiles - -DESCRIPTION="NFS client and server daemons" -HOMEPAGE="http://linux-nfs.org/" - -if [[ "${PV}" = *_rc* ]] ; then - MY_PV="$(ver_rs 1- -)" - SRC_URI="http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=snapshot;h=refs/tags/${PN}-${MY_PV};sf=tgz -> ${P}.tar.gz" - S="${WORKDIR}/${PN}-${PN}-${MY_PV}" -else - SRC_URI="mirror://sourceforge/nfs/${P}.tar.bz2" - KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86" -fi - -LICENSE="GPL-2" -SLOT="0" -IUSE="caps ipv6 junction kerberos ldap +libmount nfsdcld +nfsidmap +nfsv4 nfsv41 sasl selinux tcpd +uuid" -REQUIRED_USE="kerberos? ( nfsv4 )" -RESTRICT="test" #315573 - -# kth-krb doesn't provide the right include -# files, and nfs-utils doesn't build against heimdal either, -# so don't depend on virtual/krb. -# (04 Feb 2005 agriffis) -COMMON_DEPEND=" - dev-db/sqlite:3 - dev-libs/libxml2 - net-libs/libtirpc:= - >=net-nds/rpcbind-0.2.4 - sys-fs/e2fsprogs - caps? ( sys-libs/libcap ) - ldap? ( - net-nds/openldap - sasl? ( - app-crypt/mit-krb5 - dev-libs/cyrus-sasl:2 - ) - ) - libmount? ( sys-apps/util-linux ) - nfsv4? ( - dev-libs/libevent:= - >=sys-apps/keyutils-1.5.9:= - kerberos? ( - >=net-libs/libtirpc-0.2.4-r1[kerberos] - app-crypt/mit-krb5 - ) - ) - nfsv41? ( - sys-fs/lvm2 - ) - tcpd? ( sys-apps/tcp-wrappers ) - uuid? ( sys-apps/util-linux )" -DEPEND="${COMMON_DEPEND} - elibc_musl? ( sys-libs/queue-standalone ) -" -RDEPEND="${COMMON_DEPEND} - !net-libs/libnfsidmap - !net-nds/portmap - ! id_resolver.conf - doins id_resolver.conf - fi - - dotmpfiles "${FILESDIR}"/nfs-utils.conf - - # Provide an empty xtab for compatibility with the old tmpfiles config. - touch "${ED}"/usr/$(get_libdir)/nfs/xtab - - # Maintain compatibility with the old gentoo systemd unit names, since nfs-utils has units upstream now. - dosym nfs-server.service "$(systemd_get_systemunitdir)"/nfsd.service - dosym nfs-idmapd.service "$(systemd_get_systemunitdir)"/rpc-idmapd.service - dosym nfs-mountd.service "$(systemd_get_systemunitdir)"/rpc-mountd.service -} diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/Manifest b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/Manifest deleted file mode 100644 index 5ac59969a3..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST samba-4.19.7.tar.gz 41851647 BLAKE2B 9bd58363d4cd30f900b286be7c7e172ed0308c4527308d15309a5f3881ba9b1d4c3dd2a37f19d63fdf80a36bd89c9b6001ab2a5aefb724f10721e3a0dc09fa94 SHA512 a837a6255be6268a48c9f41ccad5db040c69b596936a37b011a4c8e3ec68f27ebd1947b86d26b544a7b546ed426dadc450353dff9553698ca4e6e0a3af162ad3 diff --git a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/Manifest b/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/Manifest deleted file mode 100644 index 959e80b1c1..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/Manifest +++ /dev/null @@ -1,2 +0,0 @@ -DIST libtirpc-1.3.4.tar.bz2 563292 BLAKE2B 33371e83e9f54e9d6d434b75d3a95bedefce63050846483471e302b1fbb3b63a18db90b652050c43e1c6e42b03e34bafb2fb6ae89787f05af0cf747319825424 SHA512 004e61b5853717324790c46cda5ff227d525909f189194ae72a1ec8f476ca35d7f4c1f03c0fbc690c1696d60a212675b09246dbe627fdbf1a9a47f5664e82b00 -DIST libtirpc-glibc-nfs.tar.xz 8948 BLAKE2B 7316623d9f2b6928e296137fe2bf6794b208d549c2ffba9e4a35b47f7b04bf023798a09f38c02d039debf6adc466d7689cf3c8274d71a22eaff08729642c0a28 SHA512 90255bf0a27af16164e0710dd940778609925d473f4343093ff19d98cc4f23023788bf4edf0178eae1961afc0ba8b69b273de95b7d7e2afdb706701d8ba6f7ba diff --git a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/README.md b/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/README.md deleted file mode 100644 index fddc791399..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/README.md +++ /dev/null @@ -1,7 +0,0 @@ -This is a fork of gentoo package. We have it on overlay because: - -- We change the NETCONFIG macro value from `"/etc/netconfig"` to - `"/usr/share/tirpc/netconfig"`. - -- We update the installation of the netconfig accordingly to the - previous point. diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords index be48ab3f22..5170068ca2 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords @@ -13,6 +13,9 @@ # Needed to address CVE-2025-24965. =app-containers/crun-1.20 ~amd64 ~arm64 +# No stable keywords. +=app-containers/syft-1.18.1 ~amd64 ~arm64 + # Seems to be the only available ebuild in portage-stable right now. =app-crypt/adcli-0.9.2 ~arm64 @@ -52,6 +55,9 @@ # The only available ebuild (from GURU) has ~amd64 and no keyword for arm64 yet. =dev-libs/luksmeta-9-r1 ** +# No arm64 keyword in package. +=dev-util/bsdiff-4.3-r4 ** + # Catalyst 4 is not stable yet, but earlier versions are masked now. =dev-util/catalyst-4.0.0 ~amd64 ~arm64 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use index 9b987284ec..94311fbd4c 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use @@ -126,7 +126,7 @@ sys-apps/shadow su sys-apps/util-linux -su # Enable kerberos support for NFS -net-fs/nfs-utils kerberos nfsv41 nfsv4 junction ldap libmount nfsdcld uuid +net-fs/nfs-utils junction kerberos ldap libmount nfsv3 nfsv4 uuid net-libs/libtirpc kerberos # Disable enabled-by-default support for 16-bit and 32-bit characters, diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/profile.bashrc b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/profile.bashrc index 06def4ad28..0471f8e6ec 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/profile.bashrc +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/profile.bashrc @@ -87,26 +87,6 @@ cros_pre_pkg_postinst_no_modifications_of_users() { export ACCT_USER_NO_MODIFY=x } -# sys-apps/policycoreutils creates /var/lib/selinux directory in -# src_install and then needs it to be available when running -# pkg_postinst, because it does a policy module rebuild there. We -# initially have put /var/lib/selinux into INSTALL_MASK and told -# coreos-base/misc-files to install the directory at -# /usr/lib/selinux/policy together with a symlink at /var/lib/selinux -# pointing to the directory. But this is done too late - at -# sys-apps/policycoreutils' pkg_postinst time, /var/lib/selinux does -# not exist, because coreos-base/misc-files was not yet emerged. So we -# need to fall back to this hack, where we set up /var/lib/selinux and -# /usr/lib/selinux/policy the way we want. -cros_post_src_install_set_up_var_lib_selinux() { - if [[ ${CATEGORY} != 'sys-apps' ]] || [[ ${PN} != 'policycoreutils' ]]; then - return 0; - fi - dodir /usr/lib/selinux - mv "${ED}/var/lib/selinux" "${ED}/usr/lib/selinux/policy" - dosym ../../usr/lib/selinux/policy /var/lib/selinux -} - # Source hooks for SLSA build provenance report generation source "${BASH_SOURCE[0]}.slsa-provenance" diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults index 30b3d41305..348cfb7899 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults @@ -32,8 +32,6 @@ INSTALL_MASK="${INSTALL_MASK} /etc/dmtab /etc/e2fsck.conf /etc/libnl - /etc/logrotate.conf - /etc/logrotate.d /etc/lvm/* /etc/mdadm.conf /etc/rsyncd.conf diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.provided b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.provided index d4a409acb3..68341eb892 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.provided +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.provided @@ -24,3 +24,9 @@ sys-process/psmisc-23.7 # Pulled in by app-admin/sudo dev-lang/perl-5.40.0 + +# Pulled in by net-fs/samba +dev-lang/perl-5.40.0-r1 +dev-libs/icu-76.1-r1 +dev-perl/Parse-Yapp-1.210.0-r1 +dev-perl/JSON-4.100.0 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use index 762a97f8b8..aa39f4a383 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use @@ -21,7 +21,7 @@ net-misc/dhcp -server net-misc/ntp caps sys-apps/smartmontools -daemon -update-drivedb -systemd sys-block/parted device-mapper -sys-fs/lvm2 -readline +sys-fs/lvm2 -readline thin lvm sys-libs/ncurses minimal sys-libs/pam audit diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/Manifest deleted file mode 100644 index b69b290210..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST dbus-1.14.4.tar.xz 1368196 BLAKE2B 7da5cd8f09eaef7a64f35f8ccbeb81c5687b3fad02d6ac05dd4c232e0f731dbcf4c76c36b615e6216815c8f8631bf9cb32543665440153a1199b1b35922cdda4 SHA512 7c8ce95b8a4c63cf51cc9f10bebbc19e66d6a96c4806befad48c3fe73b4468bb2b50f9570b73fe05ff12223e5e6815032139d316995eb670c28b23c028f293d6 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/README.md b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/README.md deleted file mode 100644 index e8770d9ee3..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/README.md +++ /dev/null @@ -1,15 +0,0 @@ -Modifications done in this fork: - -- Disable user sessions. We don't need them in Flatcar. At some point - Gentoo dropped the dedicated USE flag for it and enables user - sessions with systemd USE flag. - -- Drop the dependency on sec-policy/selinux-dbus which is brought by - the selinux USE flag. We enable the flag because we still want DBus - to be selinux-aware, but for some reason we didn't want to pull in - the `sec-policy/selinux-dbus` package. We may want to revisit this - with our SELinux work. - -- Drop /etc/machine-id generation. We do it elsewhere (bootengine?). - -- Mark it as stable for amd64 and arm64. diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.14.4-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.14.4-r2.ebuild deleted file mode 100644 index d901a80896..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.14.4-r2.ebuild +++ /dev/null @@ -1,297 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_{8..11} ) -TMPFILES_OPTIONAL=1 - -# At least at the moment, while a CMake port exists, it's not recommended -# for distributions. -# https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/CONTRIBUTING.md#L189 -inherit autotools flag-o-matic linux-info python-any-r1 readme.gentoo-r1 systemd tmpfiles virtualx multilib-minimal - -DESCRIPTION="A message bus system, a simple way for applications to talk to each other" -HOMEPAGE="https://www.freedesktop.org/wiki/Software/dbus/" -SRC_URI="https://dbus.freedesktop.org/releases/dbus/${P}.tar.xz" - -LICENSE="|| ( AFL-2.1 GPL-2 )" -SLOT="0" -# Flatcar: Mark it as stable for amd64 and arm64. -KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="debug doc elogind selinux static-libs systemd test X" -RESTRICT="!test? ( test )" - -REQUIRED_USE="?? ( elogind systemd )" - -BDEPEND=" - acct-user/messagebus - app-text/xmlto - app-text/docbook-xml-dtd:4.4 - dev-build/autoconf-archive - virtual/pkgconfig - doc? ( app-doc/doxygen ) -" -COMMON_DEPEND=" - >=dev-libs/expat-2.1.0 - elogind? ( sys-auth/elogind ) - selinux? ( - sys-process/audit - sys-libs/libselinux - ) - systemd? ( sys-apps/systemd:0= ) - X? ( - x11-libs/libX11 - x11-libs/libXt - ) -" -DEPEND="${COMMON_DEPEND} - dev-libs/expat - test? ( - ${PYTHON_DEPS} - >=dev-libs/glib-2.40:2 - ) -" -# Flatcar: Drop the following dependency to avoid pulling in -# unnecessary ebuilds into rootfs: -# -# selinux? ( sec-policy/selinux-dbus ) -# -# We may want to revisit that, actually. -RDEPEND="${COMMON_DEPEND} - acct-user/messagebus - systemd? ( virtual/tmpfiles ) -" - -DOC_CONTENTS=" - Some applications require a session bus in addition to the system - bus. Please see \`man dbus-launch\` for more information. -" - -# out of sources build dir for make check -TBD="${WORKDIR}/${P}-tests-build" - -PATCHES=( - "${FILESDIR}/dbus-enable-elogind.patch" - "${FILESDIR}/dbus-daemon-optional.patch" # bug #653136 -) - -pkg_setup() { - use test && python-any-r1_pkg_setup - - if use kernel_linux; then - CONFIG_CHECK="~EPOLL" - linux-info_pkg_setup - fi -} - -src_prepare() { - default - - if [[ ${CHOST} == *-solaris* ]]; then - # fix standards conflict, due to gcc being c99 by default nowadays - sed -i \ - -e 's/_XOPEN_SOURCE=500/_XOPEN_SOURCE=600/' \ - configure.ac || die - fi - - # required for bug #263909, cross-compile so don't remove eautoreconf - eautoreconf -} - -src_configure() { - local rundir=$(usex kernel_linux /run /var/run) - - sed -e "s;@rundir@;${EPREFIX}${rundir};g" "${FILESDIR}"/dbus.initd.in \ - > "${T}"/dbus.initd || die - - multilib-minimal_src_configure -} - -multilib_src_configure() { - local docconf myconf testconf - - # so we can get backtraces from apps - case ${CHOST} in - *-mingw*) - # error: unrecognized command line option '-rdynamic', bug #488036 - ;; - *) - append-flags -rdynamic - ;; - esac - - # libaudit is *only* used in DBus wrt SELinux support, so disable it, if - # not on an SELinux profile. - myconf=( - --localstatedir="${EPREFIX}/var" - --runstatedir="${EPREFIX}${rundir}" - $(use_enable static-libs static) - $(use_enable debug verbose-mode) - --disable-asserts - --disable-checks - $(use_enable selinux) - $(use_enable selinux libaudit) - --disable-apparmor - $(use_enable kernel_linux inotify) - --disable-kqueue - $(use_enable elogind) - $(use_enable systemd) - $(use_enable systemd user-session) - --disable-embedded-tests - --disable-modular-tests - $(use_enable debug stats) - --with-session-socket-dir="${EPREFIX}"/tmp - --with-system-pid-file="${EPREFIX}${rundir}"/dbus.pid - --with-system-socket="${EPREFIX}${rundir}"/dbus/system_bus_socket - --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" - --with-systemduserunitdir="$(systemd_get_userunitdir)" - --with-dbus-user=messagebus - $(use_with X x) - ) - - if [[ ${CHOST} == *-darwin* ]]; then - myconf+=( - --enable-launchd - --with-launchd-agent-dir="${EPREFIX}"/Library/LaunchAgents - ) - fi - - if multilib_is_native_abi; then - docconf=( - --enable-xml-docs - $(use_enable doc doxygen-docs) - ) - else - docconf=( - --disable-xml-docs - --disable-doxygen-docs - ) - myconf+=( - --disable-daemon - --disable-selinux - --disable-libaudit - --disable-elogind - --disable-systemd - --without-x - ) - fi - - einfo "Running configure in ${BUILD_DIR}" - ECONF_SOURCE="${S}" econf "${myconf[@]}" "${docconf[@]}" - - if multilib_is_native_abi && use test; then - mkdir "${TBD}" || die - cd "${TBD}" || die - testconf=( - $(use_enable test asserts) - $(use_enable test checks) - $(use_enable test embedded-tests) - $(use_enable test stats) - $(has_version dev-libs/dbus-glib && echo --enable-modular-tests) - ) - einfo "Running configure in ${TBD}" - ECONF_SOURCE="${S}" econf "${myconf[@]}" "${testconf[@]}" - fi -} - -multilib_src_compile() { - if multilib_is_native_abi; then - # After the compile, it uses a selinuxfs interface to - # check if the SELinux policy has the right support - use selinux && addwrite /selinux/access - - einfo "Running make in ${BUILD_DIR}" - emake - - if use test; then - einfo "Running make in ${TBD}" - emake -C "${TBD}" - fi - else - emake -C dbus libdbus-1.la - fi -} - -src_test() { - # DBUS_TEST_MALLOC_FAILURES=0 to avoid huge test logs - # https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/CONTRIBUTING.md#L231 - DBUS_TEST_MALLOC_FAILURES=0 DBUS_VERBOSE=1 virtx emake -j1 -C "${TBD}" check - -} - -multilib_src_install() { - if multilib_is_native_abi; then - emake DESTDIR="${D}" install - else - emake DESTDIR="${D}" install-pkgconfigDATA - emake DESTDIR="${D}" -C dbus \ - install-libLTLIBRARIES install-dbusincludeHEADERS \ - install-nodist_dbusarchincludeHEADERS - fi -} - -multilib_src_install_all() { - newinitd "${T}"/dbus.initd dbus - - if use X; then - # dbus X session script (bug #77504) - # turns out to only work for GDM (and startx). has been merged into - # other desktop (kdm and such scripts) - exeinto /etc/X11/xinit/xinitrc.d - newexe "${FILESDIR}"/80-dbus-r1 80-dbus - fi - - # Needs to exist for dbus sessions to launch - keepdir /usr/share/dbus-1/services - keepdir /etc/dbus-1/{session,system}.d - # machine-id symlink from pkg_postinst() - keepdir /var/lib/dbus - # Let the init script create the /var/run/dbus directory - rm -rf "${ED}"/var/run - - # bug #761763 - rm -rf "${ED}"/usr/lib/sysusers.d - - dodoc AUTHORS NEWS README doc/TODO - readme.gentoo_create_doc - - find "${ED}" -name '*.la' -delete || die -} - -pkg_postinst() { - readme.gentoo_print_elog - - # Flatcar: Drop machine-id generation. - # if use systemd; then - # tmpfiles_process dbus.conf - # fi - # - # # Ensure unique id is generated and put it in /etc bug wrt #370451 but symlink - # # for DBUS_MACHINE_UUID_FILE (see tools/dbus-launch.c) and reverse - # # dependencies with hardcoded paths (although the known ones got fixed already) - # # TODO: should be safe to remove at least the ln because of the above tmpfiles_process? - # dbus-uuidgen --ensure="${EROOT}"/etc/machine-id - # ln -sf "${EPREFIX}"/etc/machine-id "${EROOT}"/var/lib/dbus/machine-id - - if [[ ${CHOST} == *-darwin* ]]; then - local plist="org.freedesktop.dbus-session.plist" - elog - elog - elog "For MacOS/Darwin we now ship launchd support for dbus." - elog "This enables autolaunch of dbus at session login and makes" - elog "dbus usable under MacOS/Darwin." - elog - elog "The launchd plist file ${plist} has been" - elog "installed in ${EPREFIX}/Library/LaunchAgents." - elog "For it to be used, you will have to do all of the following:" - elog " + cd ~/Library/LaunchAgents" - elog " + ln -s ${EPREFIX}/Library/LaunchAgents/${plist}" - elog " + logout and log back in" - elog - elog "If your application needs a proper DBUS_SESSION_BUS_ADDRESS" - elog "specified and refused to start otherwise, then export the" - elog "the following to your environment:" - elog " DBUS_SESSION_BUS_ADDRESS=\"launchd:env=DBUS_LAUNCHD_SESSION_BUS_SOCKET\"" - fi -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-daemon-optional.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-daemon-optional.patch deleted file mode 100644 index 353dcb5761..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-daemon-optional.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 3c08d28fbae8b0ef3839ef26f8d2a713a9a684f9 Mon Sep 17 00:00:00 2001 -From: Andreas Sturmlechner -Date: Thu, 21 Feb 2019 23:53:19 +0100 -Subject: [PATCH] Make dbus daemon build optional - ---- - bus/Makefile.am | 2 ++ - configure.ac | 17 ++++++++++++++++- - 2 files changed, 18 insertions(+), 1 deletion(-) - -diff --git a/bus/Makefile.am b/bus/Makefile.am -index 9ae3071..26a770c 100644 ---- a/bus/Makefile.am -+++ b/bus/Makefile.am -@@ -70,6 +70,7 @@ agentdir=$(LAUNCHD_AGENT_DIR) - agent_DATA=org.freedesktop.dbus-session.plist - endif - -+if DBUS_DAEMON - if DBUS_BUS_ENABLE_KQUEUE - DIR_WATCH_SOURCE=dir-watch-kqueue.c - else -@@ -241,6 +242,7 @@ test_bus_LDADD = \ - $(top_builddir)/dbus/libdbus-internal.la \ - $(DBUS_BUS_LIBS) \ - $(NULL) -+endif DBUS_DAEMON - - install-data-hook: - $(mkinstalldirs) $(DESTDIR)$(dbusdatadir)/session.d -diff --git a/configure.ac b/configure.ac -index be6b065..854e846 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -202,6 +202,7 @@ AC_ARG_ENABLE([apparmor], - [enable_apparmor=$enableval], - [enable_apparmor=auto]) - AC_ARG_ENABLE(libaudit,AS_HELP_STRING([--enable-libaudit],[build audit daemon support for SELinux]),enable_libaudit=$enableval,enable_libaudit=auto) -+AC_ARG_ENABLE(daemon, AS_HELP_STRING([--enable-daemon],[build with the dbus daemon]),enable_daemon=$enableval,enable_daemon=yes) - AC_ARG_ENABLE(inotify, AS_HELP_STRING([--enable-inotify],[build with inotify support (linux only)]),enable_inotify=$enableval,enable_inotify=auto) - AC_ARG_ENABLE(kqueue, AS_HELP_STRING([--enable-kqueue],[build with kqueue support]),enable_kqueue=$enableval,enable_kqueue=auto) - AC_ARG_ENABLE(console-owner-file, AS_HELP_STRING([--enable-console-owner-file],[enable console owner file]),enable_console_owner_file=$enableval,enable_console_owner_file=auto) -@@ -830,7 +831,20 @@ AC_CHECK_FUNCS(getpeerucred getpeereid) - - AC_CHECK_FUNCS(pipe2 accept4) - --PKG_CHECK_MODULES([EXPAT], [expat]) -+# dbusdaemon checks -+if test x$enable_daemon = xno ; then -+ have_daemon=no -+else -+ have_daemon=yes -+fi -+ -+dnl check if daemon shall be built -+if test x$have_daemon = xyes; then -+ AC_DEFINE(DBUS_DAEMON,1,[Use daemon]) -+ PKG_CHECK_MODULES([EXPAT], [expat]) -+fi -+ -+AM_CONDITIONAL(DBUS_DAEMON, test x$have_daemon = xyes) - - save_cflags="$CFLAGS" - save_libs="$LIBS" -@@ -1824,6 +1838,7 @@ echo " - Building bus stats API: ${enable_stats} - Building SELinux support: ${have_selinux} - Building AppArmor support: ${have_apparmor} -+ Building daemon: ${have_daemon} - Building inotify support: ${have_inotify} - Building kqueue support: ${have_kqueue} - Building systemd support: ${have_systemd} --- -2.20.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-enable-elogind.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-enable-elogind.patch deleted file mode 100644 index 5cb5d649cd..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-enable-elogind.patch +++ /dev/null @@ -1,73 +0,0 @@ ---- a/dbus/dbus-userdb-util.c 2015-09-30 16:48:40.000000000 +0200 -+++ b/dbus/dbus-userdb-util.c 2016-11-03 11:09:42.550520587 +0100 -@@ -32,6 +32,9 @@ - #if HAVE_SYSTEMD - #include - #endif -+#if HAVE_ELOGIND -+#include -+#endif - - /** - * @addtogroup DBusInternalsUtils -@@ -54,7 +57,7 @@ - const DBusUserInfo *info; - dbus_bool_t result = FALSE; - --#ifdef HAVE_SYSTEMD -+#if defined(HAVE_SYSTEMD) || defined(HAVE_ELOGIND) - /* check if we have logind */ - if (access ("/run/systemd/seats/", F_OK) >= 0) - { ---- a/configure.ac 2016-11-03 11:13:58.286528265 +0100 -+++ b/configure.ac 2016-11-03 11:22:11.210543063 +0100 -@@ -185,6 +185,7 @@ - AC_ARG_ENABLE(kqueue, AS_HELP_STRING([--enable-kqueue],[build with kqueue support]),enable_kqueue=$enableval,enable_kqueue=auto) - AC_ARG_ENABLE(console-owner-file, AS_HELP_STRING([--enable-console-owner-file],[enable console owner file]),enable_console_owner_file=$enableval,enable_console_owner_file=auto) - AC_ARG_ENABLE(launchd, AS_HELP_STRING([--enable-launchd],[build with launchd auto-launch support]),enable_launchd=$enableval,enable_launchd=auto) -+AC_ARG_ENABLE(elogind, AS_HELP_STRING([--enable-elogind],[build with elogind user seat support]),enable_elogind=$enableval,enable_elogind=auto) - AC_ARG_ENABLE(systemd, AS_HELP_STRING([--enable-systemd],[build with systemd at_console support]),enable_systemd=$enableval,enable_systemd=auto) - - AC_ARG_WITH(init-scripts, AS_HELP_STRING([--with-init-scripts=[redhat]],[Style of init scripts to install])) -@@ -1184,6 +1185,24 @@ - - AM_CONDITIONAL(HAVE_CONSOLE_OWNER_FILE, test x$have_console_owner_file = xyes) - -+dnl elogind detection -+if test x$enable_elogind = xno ; then -+ have_elogind=no; -+else -+ PKG_CHECK_MODULES([ELOGIND], -+ [libelogind >= 209], -+ [have_elogind=yes], -+ [have_elogind=no]) -+fi -+ -+if test x$have_elogind = xyes; then -+ AC_DEFINE(HAVE_ELOGIND,1,[Have elogind]) -+fi -+ -+if test x$enable_elogind = xyes -a x$have_elogind != xyes ; then -+ AC_MSG_ERROR([Explicitly requested elogind support, but libelogind not found]) -+fi -+ - dnl systemd detection - if test x$enable_systemd = xno ; then - have_systemd=no; -@@ -1290,7 +1309,7 @@ - fi - - #### Set up final flags --LIBDBUS_LIBS="$THREAD_LIBS $NETWORK_libs $SYSTEMD_LIBS" -+LIBDBUS_LIBS="$THREAD_LIBS $NETWORK_libs $SYSTEMD_LIBS $ELOGIND_LIBS" - AC_SUBST([LIBDBUS_LIBS]) - - ### X11 detection -@@ -1949,6 +1968,7 @@ - Building AppArmor support: ${have_apparmor} - Building inotify support: ${have_inotify} - Building kqueue support: ${have_kqueue} -+ Building elogind support: ${have_elogind} - Building systemd support: ${have_systemd} - Building X11 code: ${have_x11} - Building Doxygen docs: ${enable_doxygen_docs} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/keyutils/README.md b/sdk_container/src/third_party/coreos-overlay/sys-apps/keyutils/README.md deleted file mode 100644 index 2aab30e620..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/keyutils/README.md +++ /dev/null @@ -1,3 +0,0 @@ -We keep this package in overlay, because we install the keyutils -config file in /usr instead of /etc, and then establish some symlinks -during installation and with systemd's tmpfiles.d utility. diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/keyutils/files/tmpfiles.d/keyutils.conf b/sdk_container/src/third_party/coreos-overlay/sys-apps/keyutils/files/tmpfiles.d/keyutils.conf deleted file mode 100644 index 4e88f2670a..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/keyutils/files/tmpfiles.d/keyutils.conf +++ /dev/null @@ -1,3 +0,0 @@ -L /etc/request-key.conf - - - - ../usr/share/keyutils/request-key.conf -d /etc/request-key.d - - - - - -d /etc/keyutils - - - - - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/Manifest deleted file mode 100644 index ca3ab73585..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/Manifest +++ /dev/null @@ -1,2 +0,0 @@ -DIST shadow-4.13.tar.xz 1762908 BLAKE2B 315ab8a7e598aeefb50c11293e20cfa0982c3c3ae21c35ae243d09a4facf97a13c1d672990876e74ef94f5284402acf14997663743e2aaefa6cfc4369b7d24dc SHA512 2949a728c3312bef13d23138d6b79caf402781b1cb179e33b5be546c1790971ec20778d0e9cd3dbe09691d928ffcbe88e60da42fab58c69a90d5ebe5e3e2ab8e -DIST shadow-4.13.tar.xz.asc 488 BLAKE2B de1f8285c5713a772343a2a7c638d1d13429dd4fa867d4f91d4922aa0d083b4a3110d38e8a8ab82137fdf4fecb12ba3677f3fb235401fc6438ae663fbd9bfbd2 SHA512 f8549c4e699c65721d53946d61b6127712572f7ad9ee13018ef3a25307002992aa727471c948d1bb22dcddf112715bed387d28f436123f30e153ae6bc0cd3648 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/securetty b/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/securetty deleted file mode 100644 index c7042fae2c..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/securetty +++ /dev/null @@ -1,33 +0,0 @@ -# /etc/securetty: list of terminals on which root is allowed to login. -# See securetty(5) and login(1). -console - -vc/0 -vc/1 -vc/2 -vc/3 -vc/4 -vc/5 -vc/6 -vc/7 -vc/8 -vc/9 -vc/10 -vc/11 -vc/12 -tty0 -tty1 -tty2 -tty3 -tty4 -tty5 -tty6 -tty7 -tty8 -tty9 -tty10 -tty11 -tty12 - -tts/0 -ttyS0 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/shadow-4.13-CVE-2023-29383.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/shadow-4.13-CVE-2023-29383.patch deleted file mode 100644 index 49868ba67c..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/shadow-4.13-CVE-2023-29383.patch +++ /dev/null @@ -1,100 +0,0 @@ -From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001 -From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com> -Date: Thu, 23 Mar 2023 23:39:38 +0000 -Subject: [PATCH] Added control character check - -Added control character check, returning -1 (to "err") if control characters are present. ---- - lib/fields.c | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/lib/fields.c b/lib/fields.c -index 640be931f..fb51b5829 100644 ---- a/lib/fields.c -+++ b/lib/fields.c -@@ -21,9 +21,9 @@ - * - * The supplied field is scanned for non-printable and other illegal - * characters. -- * + -1 is returned if an illegal character is present. -- * + 1 is returned if no illegal characters are present, but the field -- * contains a non-printable character. -+ * + -1 is returned if an illegal or control character is present. -+ * + 1 is returned if no illegal or control characters are present, -+ * but the field contains a non-printable character. - * + 0 is returned otherwise. - */ - int valid_field (const char *field, const char *illegal) -@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal) - } - - if (0 == err) { -- /* Search if there are some non-printable characters */ -+ /* Search if there are non-printable or control characters */ - for (cp = field; '\0' != *cp; cp++) { - if (!isprint (*cp)) { - err = 1; -+ } -+ if (!iscntrl (*cp)) { -+ err = -1; - break; - } - } -From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= -Date: Fri, 31 Mar 2023 14:46:50 +0200 -Subject: [PATCH] Overhaul valid_field() - -e5905c4b ("Added control character check") introduced checking for -control characters but had the logic inverted, so it rejects all -characters that are not control ones. - -Cast the character to `unsigned char` before passing to the character -checking functions to avoid UB. - -Use strpbrk(3) for the illegal character test and return early. ---- - lib/fields.c | 24 ++++++++++-------------- - 1 file changed, 10 insertions(+), 14 deletions(-) - -diff --git a/lib/fields.c b/lib/fields.c -index fb51b5829..539292485 100644 ---- a/lib/fields.c -+++ b/lib/fields.c -@@ -37,26 +37,22 @@ int valid_field (const char *field, const char *illegal) - - /* For each character of field, search if it appears in the list - * of illegal characters. */ -+ if (illegal && NULL != strpbrk (field, illegal)) { -+ return -1; -+ } -+ -+ /* Search if there are non-printable or control characters */ - for (cp = field; '\0' != *cp; cp++) { -- if (strchr (illegal, *cp) != NULL) { -+ unsigned char c = *cp; -+ if (!isprint (c)) { -+ err = 1; -+ } -+ if (iscntrl (c)) { - err = -1; - break; - } - } - -- if (0 == err) { -- /* Search if there are non-printable or control characters */ -- for (cp = field; '\0' != *cp; cp++) { -- if (!isprint (*cp)) { -- err = 1; -- } -- if (!iscntrl (*cp)) { -- err = -1; -- break; -- } -- } -- } -- - return err; - } - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/shadow-4.13-configure-clang16.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/shadow-4.13-configure-clang16.patch deleted file mode 100644 index 4e703db93a..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/shadow-4.13-configure-clang16.patch +++ /dev/null @@ -1,38 +0,0 @@ -https://github.com/shadow-maint/shadow/commit/a281f241b592aec636d1b93a99e764499d68c7ef -https://github.com/shadow-maint/shadow/pull/595 - -From a281f241b592aec636d1b93a99e764499d68c7ef Mon Sep 17 00:00:00 2001 -From: Florian Weimer -Date: Mon, 21 Nov 2022 11:52:45 +0100 -Subject: [PATCH] Fix HAVE_SHADOWGRP configure check - -The missing #include causes the configure check to fail -spuriously, resulting in HAVE_SHADOWGRP not being defined even -on systems that actually have sgetsgent (such as current glibc). ---- a/configure.ac -+++ b/configure.ac -@@ -116,6 +116,10 @@ if test "$ac_cv_header_shadow_h" = "yes"; then - ac_cv_libc_shadowgrp, - AC_RUN_IFELSE([AC_LANG_SOURCE([ - #include -+ #ifdef HAVE_GSHADOW_H -+ #include -+ #endif -+ int - main() - { - struct sgrp *sg = sgetsgent("test:x::"); - ---- a/configure -+++ b/configure -@@ -15684,6 +15684,10 @@ else $as_nop - /* end confdefs.h. */ - - #include -+ #ifdef HAVE_GSHADOW_H -+ #include -+ #endif -+ int - main() - { - struct sgrp *sg = sgetsgent("test:x::"); diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/shadow-4.13-password-leak.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/shadow-4.13-password-leak.patch deleted file mode 100644 index 25b5ec39c5..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/shadow-4.13-password-leak.patch +++ /dev/null @@ -1,135 +0,0 @@ -https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904 - -From 65c88a43a23c2391dcc90c0abda3e839e9c57904 Mon Sep 17 00:00:00 2001 -From: Alejandro Colomar -Date: Sat, 10 Jun 2023 16:20:05 +0200 -Subject: [PATCH] gpasswd(1): Fix password leak - -How to trigger this password leak? -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -When gpasswd(1) asks for the new password, it asks twice (as is usual -for confirming the new password). Each of those 2 password prompts -uses agetpass() to get the password. If the second agetpass() fails, -the first password, which has been copied into the 'static' buffer -'pass' via STRFCPY(), wasn't being zeroed. - -agetpass() is defined in <./libmisc/agetpass.c> (around line 91), and -can fail for any of the following reasons: - -- malloc(3) or readpassphrase(3) failure. - - These are going to be difficult to trigger. Maybe getting the system - to the limits of memory utilization at that exact point, so that the - next malloc(3) gets ENOMEM, and possibly even the OOM is triggered. - About readpassphrase(3), ENFILE and EINTR seem the only plausible - ones, and EINTR probably requires privilege or being the same user; - but I wouldn't discard ENFILE so easily, if a process starts opening - files. - -- The password is longer than PASS_MAX. - - The is plausible with physical access. However, at that point, a - keylogger will be a much simpler attack. - -And, the attacker must be able to know when the second password is being -introduced, which is not going to be easy. - -How to read the password after the leak? -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Provoking the leak yourself at the right point by entering a very long -password is easy, and inspecting the process stack at that point should -be doable. Try to find some consistent patterns. - -Then, search for those patterns in free memory, right after the victim -leaks their password. - -Once you get the leak, a program should read all the free memory -searching for patterns that gpasswd(1) leaves nearby the leaked -password. - -On 6/10/23 03:14, Seth Arnold wrote: -> An attacker process wouldn't be able to use malloc(3) for this task. -> There's a handful of tools available for userspace to allocate memory: -> -> - brk / sbrk -> - mmap MAP_ANONYMOUS -> - mmap /dev/zero -> - mmap some other file -> - shm_open -> - shmget -> -> Most of these return only pages of zeros to a process. Using mmap of an -> existing file, you can get some of the contents of the file demand-loaded -> into the memory space on the first use. -> -> The MAP_UNINITIALIZED flag only works if the kernel was compiled with -> CONFIG_MMAP_ALLOW_UNINITIALIZED. This is rare. -> -> malloc(3) doesn't zero memory, to our collective frustration, but all the -> garbage in the allocations is from previous allocations in the current -> process. It isn't leftover from other processes. -> -> The avenues available for reading the memory: -> - /dev/mem and /dev/kmem (requires root, not available with Secure Boot) -> - /proc/pid/mem (requires ptrace privileges, mediated by YAMA) -> - ptrace (requires ptrace privileges, mediated by YAMA) -> - causing memory to be swapped to disk, and then inspecting the swap -> -> These all require a certain amount of privileges. - -How to fix it? -~~~~~~~~~~~~~ - -memzero(), which internally calls explicit_bzero(3), or whatever -alternative the system provides with a slightly different name, will -make sure that the buffer is zeroed in memory, and optimizations are not -allowed to impede this zeroing. - -This is not really 100% effective, since compilers may place copies of -the string somewhere hidden in the stack. Those copies won't get zeroed -by explicit_bzero(3). However, that's arguably a compiler bug, since -compilers should make everything possible to avoid optimizing strings -that are later passed to explicit_bzero(3). But we all know that -sometimes it's impossible to have perfect knowledge in the compiler, so -this is plausible. Nevertheless, there's nothing we can do against such -issues, except minimizing the time such passwords are stored in plain -text. - -Security concerns -~~~~~~~~~~~~~~~~ - -We believe this isn't easy to exploit. Nevertheless, and since the fix -is trivial, this fix should probably be applied soon, and backported to -all supported distributions, to prevent someone else having more -imagination than us to find a way. - -Affected versions -~~~~~~~~~~~~~~~~ - -All. Bug introduced in shadow 19990709. That's the second commit in -the git history. - -Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream version, shadow (19990709)") -Reported-by: Alejandro Colomar -Cc: Serge Hallyn -Cc: Iker Pedrosa -Cc: Seth Arnold -Cc: Christian Brauner -Cc: Balint Reczey -Cc: Sam James -Cc: David Runge -Cc: Andreas Jaeger -Cc: <~hallyn/shadow@lists.sr.ht> -Signed-off-by: Alejandro Colomar ---- a/src/gpasswd.c -+++ b/src/gpasswd.c -@@ -898,6 +898,7 @@ static void change_passwd (struct group *gr) - erase_pass (cp); - cp = agetpass (_("Re-enter new password: ")); - if (NULL == cp) { -+ memzero (pass, sizeof pass); - exit (1); - } - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/shadow-4.13-usermod-prefix-gid.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/shadow-4.13-usermod-prefix-gid.patch deleted file mode 100644 index 50cbe699d1..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/shadow-4.13-usermod-prefix-gid.patch +++ /dev/null @@ -1,33 +0,0 @@ -https://bugs.gentoo.org/903083 -https://github.com/shadow-maint/shadow/pull/691 -https://github.com/shadow-maint/shadow/commit/bd2d0079c90241f24671a7946a3ad175dc1a3aeb - -From fcb04de38a0ddc263288a1c450b35bfb1503d523 Mon Sep 17 00:00:00 2001 -From: Mike Gilbert -Date: Sat, 25 Mar 2023 21:16:55 -0400 -Subject: [PATCH] usermod: respect --prefix for --gid option - -The --gid option accepts a group name or id. When a name is provided, it -is resolved to an id by looking up the name in the group database -(/etc/group). - -The --prefix option overides the location of the passwd and group -databases. I suspect the --gid option was overlooked when wiring up the ---prefix option. - -useradd --gid already respects --prefix; this change makes usermod -behave the same way. - -Fixes: b6b2c756c91806b1c3e150ea0ee4721c6cdaf9d0 -Signed-off-by: Mike Gilbert ---- a/src/usermod.c -+++ b/src/usermod.c -@@ -1072,7 +1072,7 @@ static void process_flags (int argc, char **argv) - fflg = true; - break; - case 'g': -- grp = getgr_nam_gid (optarg); -+ grp = prefix_getgr_nam_gid (optarg); - if (NULL == grp) { - fprintf (stderr, - _("%s: group '%s' does not exist\n"), diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/tmpfiles.d/etc-shadow.conf b/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/tmpfiles.d/etc-shadow.conf deleted file mode 100644 index 0acaf6838a..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/tmpfiles.d/etc-shadow.conf +++ /dev/null @@ -1,5 +0,0 @@ -L /etc/login.defs - - - - ../usr/share/shadow/login.defs -L /etc/securetty - - - - ../usr/share/shadow/securetty - -d /etc/default - - - - - -L /etc/default/useradd - - - - ../../usr/share/shadow/useradd diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/tmpfiles.d/var-shadow.conf b/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/tmpfiles.d/var-shadow.conf deleted file mode 100644 index 612187d6ae..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/tmpfiles.d/var-shadow.conf +++ /dev/null @@ -1 +0,0 @@ -f /var/log/faillog - - - - - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/Manifest deleted file mode 100644 index 9f7fb1747d..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST polkit-121.tar.gz 743287 BLAKE2B 6ebda8fc866ef960281ef912a3d3c45572da3ba90a84026e386b78ced8eaadc6cfc0e88d6e5a75133bf99e28041f8b29b236bb0e9666dd1ffc43af2227a5cb2d SHA512 f565027b80f32833c558900b612e089ab25027da5bf9a90c421a292467d4db9a291f6dc9850c4bca8f9ee890d476fd064a643a5f7e28497661ba1e31d4227624 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch b/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch deleted file mode 100644 index 2922b86066..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/files/polkit-0.120_p20220509-make-netgroup-support-optional.patch +++ /dev/null @@ -1,231 +0,0 @@ -Pulled in from https://github.com/gentoo/musl/blob/master/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch. - -https://bugs.gentoo.org/833753 -https://bugs.gentoo.org/561672 -https://bugs.freedesktop.org/show_bug.cgi?id=50145 -https://gitlab.freedesktop.org/polkit/polkit/-/issues/14 - -Patch has been rebased a bit since but keeping original headers. - -From c7ad7cb3ca8fca32b9b64b0fc33867b98935b76b Mon Sep 17 00:00:00 2001 -From: "A. Wilcox" -Date: Wed, 11 Jul 2018 04:54:26 -0500 -Subject: [PATCH] make netgroup support optional - -On at least Linux/musl and Linux/uclibc, netgroup support is not -available. PolKit fails to compile on these systems for that reason. - -This change makes netgroup support conditional on the presence of the -setnetgrent(3) function which is required for the support to work. If -that function is not available on the system, an error will be returned -to the administrator if unix-netgroup: is specified in configuration. - -Fixes bug 50145. - -Signed-off-by: A. Wilcox ---- a/meson.build -+++ b/meson.build -@@ -89,6 +89,7 @@ config_h.set('_GNU_SOURCE', true) - check_functions = [ - 'clearenv', - 'fdatasync', -+ 'setnetgrent', - ] - - foreach func: check_functions ---- a/src/polkit/polkitidentity.c -+++ b/src/polkit/polkitidentity.c -@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str, - } - else if (g_str_has_prefix (str, "unix-netgroup:")) - { -+#ifndef HAVE_SETNETGRENT -+ g_set_error (error, -+ POLKIT_ERROR, -+ POLKIT_ERROR_FAILED, -+ "Netgroups are not available on this machine ('%s')", -+ str); -+#else - identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); -+#endif - } - - if (identity == NULL && (error != NULL && *error == NULL)) -@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant, - GVariant *v; - const char *name; - -+#ifndef HAVE_SETNETGRENT -+ g_set_error (error, -+ POLKIT_ERROR, -+ POLKIT_ERROR_FAILED, -+ "Netgroups are not available on this machine"); -+ goto out; -+#else -+ - v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); - if (v == NULL) - { -@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, - name = g_variant_get_string (v, NULL); - ret = polkit_unix_netgroup_new (name); - g_variant_unref (v); -+#endif - } - else - { ---- a/src/polkit/polkitunixnetgroup.c -+++ b/src/polkit/polkitunixnetgroup.c -@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group, - PolkitIdentity * - polkit_unix_netgroup_new (const gchar *name) - { -+#ifndef HAVE_SETNETGRENT -+ g_assert_not_reached(); -+#endif - g_return_val_if_fail (name != NULL, NULL); - return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, - "name", name, ---- a/src/polkitbackend/polkitbackendduktapeauthority.c -+++ b/src/polkitbackend/polkitbackendduktapeauthority.c -@@ -1035,7 +1035,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx) - - user = duk_require_string (cx, 0); - netgroup = duk_require_string (cx, 1); -- -+#ifdef HAVE_SETNETGRENT - if (innetgr (netgroup, - NULL, /* host */ - user, -@@ -1043,7 +1043,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx) - { - is_in_netgroup = TRUE; - } -- -+#endif - duk_push_boolean (cx, is_in_netgroup); - return 1; - } ---- a/src/polkitbackend/polkitbackendinteractiveauthority.c -+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c -@@ -2248,25 +2248,26 @@ get_users_in_net_group (PolkitIdentity *group, - GList *ret; - - ret = NULL; -+#ifdef HAVE_SETNETGRENT - name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); - --#ifdef HAVE_SETNETGRENT_RETURN -+# ifdef HAVE_SETNETGRENT_RETURN - if (setnetgrent (name) == 0) - { - g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); - goto out; - } --#else -+# else - setnetgrent (name); --#endif -+# endif /* HAVE_SETNETGRENT_RETURN */ - - for (;;) - { --#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) -+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) - const char *hostname, *username, *domainname; --#else -+# else - char *hostname, *username, *domainname; --#endif -+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */ - PolkitIdentity *user; - GError *error = NULL; - -@@ -2297,6 +2298,7 @@ get_users_in_net_group (PolkitIdentity *group, - - out: - endnetgrent (); -+#endif /* HAVE_SETNETGRENT */ - return ret; - } - ---- a/src/polkitbackend/polkitbackendjsauthority.cpp -+++ b/src/polkitbackend/polkitbackendjsauthority.cpp -@@ -1271,6 +1271,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, - - JS::CallArgs args = JS::CallArgsFromVp (argc, vp); - -+#ifdef HAVE_SETNETGRENT - JS::RootedString usrstr (authority->priv->cx); - usrstr = args[0].toString(); - user = JS_EncodeStringToUTF8 (cx, usrstr); -@@ -1285,6 +1286,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, - { - is_in_netgroup = true; - } -+#endif - - ret = true; - ---- a/test/polkit/polkitidentitytest.c -+++ b/test/polkit/polkitidentitytest.c -@@ -145,11 +145,15 @@ struct ComparisonTestData comparison_test_data [] = { - {"unix-group:root", "unix-group:jane", FALSE}, - {"unix-group:jane", "unix-group:jane", TRUE}, - -+#ifdef HAVE_SETNETGRENT - {"unix-netgroup:foo", "unix-netgroup:foo", TRUE}, - {"unix-netgroup:foo", "unix-netgroup:bar", FALSE}, -+#endif - - {"unix-user:root", "unix-group:root", FALSE}, -+#ifdef HAVE_SETNETGRENT - {"unix-user:jane", "unix-netgroup:foo", FALSE}, -+#endif - - {NULL}, - }; -@@ -181,11 +185,13 @@ main (int argc, char *argv[]) - g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); - g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); - -+#ifdef HAVE_SETNETGRENT - g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string); -+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); -+#endif - - g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant); - g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant); -- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); - - add_comparison_tests (); - ---- a/test/polkit/polkitunixnetgrouptest.c -+++ b/test/polkit/polkitunixnetgrouptest.c -@@ -69,7 +69,9 @@ int - main (int argc, char *argv[]) - { - g_test_init (&argc, &argv, NULL); -+#ifdef HAVE_SETNETGRENT - g_test_add_func ("/PolkitUnixNetgroup/new", test_new); - g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name); -+#endif - return g_test_run (); - } ---- a/test/polkitbackend/test-polkitbackendjsauthority.c -+++ b/test/polkitbackend/test-polkitbackendjsauthority.c -@@ -137,12 +137,14 @@ test_get_admin_identities (void) - "unix-group:users" - } - }, -+#ifdef HAVE_SETNETGRENT - { - "net.company.action3", - { - "unix-netgroup:foo" - } - }, -+#endif - }; - guint n; - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/files/polkit.conf b/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/files/polkit.conf deleted file mode 100644 index 9734ff4ba6..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/files/polkit.conf +++ /dev/null @@ -1,3 +0,0 @@ -d /etc/polkit-1 - - - - - -d /etc/polkit-1/rules.d 0700 polkitd root - - -d /var/lib/polkit-1 0700 polkitd polkitd - - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/Manifest deleted file mode 100644 index 686afb069a..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST LVM2.2.02.188.tgz 2421550 BLAKE2B bed90c8454cd4b20fdeec6dcbf5a9f97c9310671aea3b2252f8069cfa439fcb050f5ad95f928a7125a1734a4dc5ac985da99a4a570538e377a7205191a505476 SHA512 8c9db17c49dc8ebcab6c7f246ab85870a80658be811cf7f4d8f36abbebafa355b030bfc1e3bcbad73ccccb7fcd06d4a95ac547ca15d18d33715126da92703dca diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/README.md b/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/README.md deleted file mode 100644 index 379916ebf0..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/README.md +++ /dev/null @@ -1,20 +0,0 @@ -We keep this package in overlay, because we carry one extra patch for -the unit generator. It was posted upstream and remains -unacknowledged. We could try sending the patch to gentoo, so we can -bring this package back to portage-stable. - -The lvm2-activation(-early).service was triggered multiple times which -if done too quickly leads to a failure like this: - -systemd[1]: Finished Activation of LVM2 logical volumes. -systemd[1]: lvm2-activation-early.service: Start request repeated too quickly. -systemd[1]: lvm2-activation-early.service: Failed with result 'start-limit-hit'. - -Set RemainAfterExit=yes as done for the other oneshot services to -prevent the unit from running multiple times in a row and hitting the -restart limit. - - - -We also patch the configure script to use the correct path for systemd -util directory. diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.145-oneshot.patch b/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.145-oneshot.patch deleted file mode 100644 index 58e06f07f1..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.145-oneshot.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ur LVM2.2.02.145/scripts/lvm2_activation_generator_systemd_red_hat.c LVM2.2.02.145-patch/scripts/lvm2_activation_generator_systemd_red_hat.c ---- LVM2.2.02.145/scripts/lvm2_activation_generator_systemd_red_hat.c 2016-03-04 19:03:29.000000000 +0100 -+++ LVM2.2.02.145-patch/scripts/lvm2_activation_generator_systemd_red_hat.c 2020-07-28 18:15:35.766505354 +0200 -@@ -153,7 +153,7 @@ - fputs("ExecStart=" LVM_PATH " vgchange -aay --ignoreskippedcluster", f); - if (sysinit_needed) - fputs (" --sysinit", f); -- fputs("\nType=oneshot\n", f); -+ fputs("\nType=oneshot\nRemainAfterExit=yes\n", f); - - if (fclose(f) < 0) { - kmsg(LOG_ERR, "LVM: Failed to write unit file %s: %m.\n", unit_name); diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.166-HPPA-no-O_DIRECT.patch b/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.166-HPPA-no-O_DIRECT.patch deleted file mode 100644 index 0f830e428b..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.166-HPPA-no-O_DIRECT.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- a/lib/device/dev-io.c -+++ b/lib/device/dev-io.c -@@ -505,7 +505,9 @@ - dev->flags |= DEV_NOT_O_NOATIME; - if ((dev->fd = open(name, flags, 0777)) >= 0) { - log_debug_devs("%s: Not using O_NOATIME", name); -+#ifdef O_DIRECT_SUPPORT - goto opened; -+#endif - } - } - #endif diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.171-static-libm.patch b/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.171-static-libm.patch deleted file mode 100644 index 1cbf956db2..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.171-static-libm.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/make.tmpl.in b/make.tmpl.in -index a40eaaa15..7eea943aa 100644 ---- a/make.tmpl.in -+++ b/make.tmpl.in -@@ -53,7 +53,7 @@ PYCOMPILE = $(top_srcdir)/autoconf/py-compile - - LIBS = @LIBS@ - # Extra libraries always linked with static binaries --STATIC_LIBS = $(SELINUX_STATIC_LIBS) $(UDEV_STATIC_LIBS) $(BLKID_STATIC_LIBS) -+STATIC_LIBS = $(SELINUX_STATIC_LIBS) $(UDEV_STATIC_LIBS) $(BLKID_STATIC_LIBS) $(M_LIBS) - DEFS += @DEFS@ - # FIXME set this only where it's needed, not globally? - CFLAGS ?= @COPTIMISE_FLAG@ @CFLAGS@ diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.176-pthread-pkgconfig.patch b/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.176-pthread-pkgconfig.patch deleted file mode 100644 index c0265e8126..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.176-pthread-pkgconfig.patch +++ /dev/null @@ -1,29 +0,0 @@ ---- LVM2.2.02.176/libdm/libdevmapper.pc.in -+++ LVM2.2.02.176/libdm/libdevmapper.pc.in -@@ -9,4 +9,4 @@ - Cflags: -I${includedir} - Libs: -L${libdir} -ldevmapper - Requires.private: @SELINUX_PC@ @UDEV_PC@ --Libs.private: -lm @RT_LIBS@ -+Libs.private: -lm @RT_LIBS@ @PTHREAD_LIBS@ ---- LVM2.2.02.176/tools/Makefile.in -+++ LVM2.2.02.176/tools/Makefile.in -@@ -93,6 +93,7 @@ - INSTALL_LVM_TARGETS += install_tools_static - INSTALL_DMSETUP_TARGETS += install_dmsetup_static - INSTALL_CMDLIB_TARGETS += install_cmdlib_static -+ STATIC_LIBS += @PTHREAD_LIBS@ - endif - - LVMLIBS = $(LVMINTERNAL_LIBS) -ldevmapper -@@ -118,6 +119,10 @@ - - include $(top_builddir)/make.tmpl - -+ifeq ("@STATIC_LINK@", "yes") -+ STATIC_LIBS += @PTHREAD_LIBS@ -+endif -+ - device-mapper: $(TARGETS_DM) - - CFLAGS_dmsetup.o += $(UDEV_CFLAGS) $(EXTRA_EXEC_CFLAGS) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.178-asneeded.patch b/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.178-asneeded.patch deleted file mode 100644 index c831c6d6e6..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.178-asneeded.patch +++ /dev/null @@ -1,15 +0,0 @@ -http://bugs.gentoo.org/330255 - -liblvm2app.so: undefined reference to `floor' - ---- LVM2.2.02.178/liblvm/Makefile.in -+++ LVM2.2.02.178/liblvm/Makefile.in -@@ -43,7 +43,7 @@ - include $(top_builddir)/make.tmpl - - LDFLAGS += -L$(top_builddir)/lib -L$(top_builddir)/daemons/dmeventd --LIBS += $(LVMINTERNAL_LIBS) -ldevmapper -laio -+LIBS += $(LVMINTERNAL_LIBS) -ldevmapper -laio -lm - - .PHONY: install_dynamic install_static install_include install_pkgconfig - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.178-dynamic-static-ldflags.patch b/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.178-dynamic-static-ldflags.patch deleted file mode 100644 index 0a0e732090..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.178-dynamic-static-ldflags.patch +++ /dev/null @@ -1,59 +0,0 @@ ---- LVM2.2.02.178/configure.ac -+++ LVM2.2.02.178/configure.ac -@@ -33,6 +33,7 @@ - CLDFLAGS="$CLDFLAGS -Wl,--version-script,.export.sym" - # equivalent to -rdynamic - ELDFLAGS="-Wl,--export-dynamic" -+ STATIC_LDFLAGS="-Wl,--no-export-dynamic" - # FIXME Generate list and use --dynamic-list=.dlopen.sym - CLDWHOLEARCHIVE="-Wl,-whole-archive" - CLDNOWHOLEARCHIVE="-Wl,-no-whole-archive" -@@ -2042,6 +2043,7 @@ - AC_SUBST(SYSTEMD_LIBS) - AC_SUBST(SNAPSHOTS) - AC_SUBST(STATICDIR) -+AC_SUBST(STATIC_LDFLAGS) - AC_SUBST(STATIC_LINK) - AC_SUBST(TESTSUITE_DATA) - AC_SUBST(THIN) ---- LVM2.2.02.178/daemons/dmeventd/Makefile.in -+++ LVM2.2.02.178/daemons/dmeventd/Makefile.in -@@ -64,7 +64,7 @@ - -o $@ $(DL_LIBS) $(DMEVENT_LIBS) $(LIBS) - - dmeventd.static: $(LIB_STATIC) dmeventd.o $(interfacebuilddir)/libdevmapper.a -- $(CC) $(CFLAGS) $(LDFLAGS) -static -L. -L$(interfacebuilddir) dmeventd.o \ -+ $(CC) $(CFLAGS) $(LDFLAGS) $(STATIC_LDFLAGS) -static -L. -L$(interfacebuilddir) dmeventd.o \ - -o $@ $(DL_LIBS) $(DMEVENT_LIBS) $(LIBS) $(STATIC_LIBS) - - ifeq ("@PKGCONFIG@", "yes") ---- LVM2.2.02.178/make.tmpl.in -+++ LVM2.2.02.178/make.tmpl.in -@@ -64,6 +64,7 @@ - # FIXME set this only where it's needed, not globally? - CFLAGS ?= @COPTIMISE_FLAG@ @CFLAGS@ - LDFLAGS ?= @LDFLAGS@ -+STATIC_LDFLAGS += @STATIC_LDFLAGS@ - CLDFLAGS += @CLDFLAGS@ - ELDFLAGS += @ELDFLAGS@ - LDDEPS += @LDDEPS@ ---- LVM2.2.02.178/tools/Makefile.in -+++ LVM2.2.02.178/tools/Makefile.in -@@ -129,7 +129,7 @@ - - dmsetup.static: dmsetup.o $(interfacebuilddir)/libdevmapper.a - @echo " [CC] $@" -- $(Q) $(CC) $(CFLAGS) $(LDFLAGS) -static -L$(interfacebuilddir) \ -+ $(Q) $(CC) $(CFLAGS) $(LDFLAGS) $(STATIC_LDFLAGS) -static -L$(interfacebuilddir) \ - -o $@ dmsetup.o -ldevmapper $(M_LIBS) $(PTHREAD_LIBS) $(STATIC_LIBS) $(LIBS) - - all: device-mapper -@@ -159,7 +159,7 @@ - - lvm.static: $(OBJECTS) lvm-static.o $(top_builddir)/lib/liblvm-internal.a $(interfacebuilddir)/libdevmapper.a - @echo " [CC] $@" -- $(Q) $(CC) $(CFLAGS) $(LDFLAGS) -static -L$(interfacebuilddir) -o $@ \ -+ $(Q) $(CC) $(CFLAGS) $(LDFLAGS) $(STATIC_LDFLAGS) -static -L$(interfacebuilddir) -o $@ \ - $(OBJECTS) lvm-static.o $(LVMLIBS) $(STATIC_LIBS) $(LIBS) - - liblvm2cmd.a: $(top_builddir)/lib/liblvm-internal.a $(OBJECTS) lvmcmdlib.o lvm2cmd.o diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.178-static-pkgconfig-libs.patch b/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.178-static-pkgconfig-libs.patch deleted file mode 100644 index 989b308257..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.178-static-pkgconfig-libs.patch +++ /dev/null @@ -1,102 +0,0 @@ ---- LVM2.2.02.178/configure.ac -+++ LVM2.2.02.178/configure.ac -@@ -1238,6 +1238,7 @@ - PKG_CHECK_MODULES(BLKID, blkid >= 2.24, - [ BLKID_WIPING=yes - BLKID_PC="blkid" -+ BLKID_STATIC_LIBS=`$PKG_CONFIG --static --libs $BLKID_PC` - DEFAULT_USE_BLKID_WIPING=1 - AC_DEFINE([BLKID_WIPING_SUPPORT], 1, [Define to 1 to use libblkid detection of signatures when wiping.]) - ], [if test "$BLKID_WIPING" = maybe; then -@@ -1286,6 +1287,7 @@ - if test "$UDEV_SYNC" = yes; then - pkg_config_init - PKG_CHECK_MODULES(UDEV, libudev >= 143, [UDEV_PC="libudev"]) -+ UDEV_STATIC_LIBS=`$PKG_CONFIG --static --libs libudev` - AC_DEFINE([UDEV_SYNC_SUPPORT], 1, [Define to 1 to enable synchronisation with udev processing.]) - - AC_CHECK_LIB(udev, udev_device_get_is_initialized, AC_DEFINE([HAVE_LIBUDEV_UDEV_DEVICE_GET_IS_INITIALIZED], 1, -@@ -1564,19 +1566,32 @@ - if test "$SELINUX" = yes; then - AC_CHECK_LIB([sepol], [sepol_check_context], [ - AC_DEFINE([HAVE_SEPOL], 1, [Define to 1 if sepol_check_context is available.]) -- SELINUX_LIBS="-lsepol"]) -+ SEPOL_LIBS="-lsepol"]) -+ -+ dnl -- init pkgconfig if required -+ if test x$PKGCONFIG_INIT != x1; then -+ pkg_config_init -+ fi -+ PKG_CHECK_MODULES(SELINUX, libselinux, [ -+ SELINUX_PC="libselinux" -+ SELINUX_STATIC_LIBS=`$PKG_CONFIG --static --libs libselinux` -+ SELINUX_LIBS="$SELINUX_LIBS $SEPOL_LIBS" -+ AC_DEFINE([HAVE_SELINUX], 1, [Define to 1 to include support for selinux.]) -+ ],[ -+ dnl -- old non-pkgconfig method, is buggy with static builds - - AC_CHECK_LIB([selinux], [is_selinux_enabled], [ - AC_CHECK_HEADERS([selinux/selinux.h],, hard_bailout) - AC_CHECK_HEADERS([selinux/label.h]) - AC_DEFINE([HAVE_SELINUX], 1, [Define to 1 to include support for selinux.]) -- SELINUX_LIBS="-lselinux $SELINUX_LIBS" -+ SELINUX_LIBS="-lselinux $SEPOL_LIBS" - SELINUX_PC="libselinux" - HAVE_SELINUX=yes ], [ - AC_MSG_WARN(Disabling selinux) - SELINUX_LIBS= - SELINUX_PC= - HAVE_SELINUX=no ]) -+ ]) - fi - - ################################################################################ -@@ -1927,6 +1942,7 @@ - ################################################################################ - AC_SUBST(APPLIB) - AC_SUBST(AWK) -+AC_SUBST(BLKID_STATIC_LIBS) - AC_SUBST(BLKID_PC) - AC_SUBST(BUILD_CMIRRORD) - AC_SUBST(BUILD_DMEVENTD) -@@ -2037,6 +2053,7 @@ - AC_SUBST(SALCK_LIBS) - AC_SUBST(SBINDIR) - AC_SUBST(SELINUX_LIBS) -+AC_SUBST(SELINUX_STATIC_LIBS) - AC_SUBST(SELINUX_PC) - AC_SUBST(SYSCONFDIR) - AC_SUBST(SYSTEMD_LIBS) -@@ -2053,6 +2070,7 @@ - AC_SUBST(CACHE_DUMP_CMD) - AC_SUBST(CACHE_REPAIR_CMD) - AC_SUBST(CACHE_RESTORE_CMD) -+AC_SUBST(UDEV_STATIC_LIBS) - AC_SUBST(UDEV_PC) - AC_SUBST(UDEV_RULES) - AC_SUBST(UDEV_SYNC) ---- LVM2.2.02.178/make.tmpl.in -+++ LVM2.2.02.178/make.tmpl.in -@@ -59,7 +59,7 @@ - - LIBS = @LIBS@ - # Extra libraries always linked with static binaries --STATIC_LIBS = $(SELINUX_LIBS) $(UDEV_LIBS) $(BLKID_LIBS) -+STATIC_LIBS = $(SELINUX_STATIC_LIBS) $(UDEV_STATIC_LIBS) $(BLKID_STATIC_LIBS) - DEFS += @DEFS@ - # FIXME set this only where it's needed, not globally? - CFLAGS ?= @COPTIMISE_FLAG@ @CFLAGS@ -@@ -75,10 +75,13 @@ - PTHREAD_LIBS = @PTHREAD_LIBS@ - READLINE_LIBS = @READLINE_LIBS@ - SELINUX_LIBS = @SELINUX_LIBS@ -+SELINUX_STATIC_LIBS = @SELINUX_STATIC_LIBS@ - UDEV_CFLAGS = @UDEV_CFLAGS@ - UDEV_LIBS = @UDEV_LIBS@ -+UDEV_STATIC_LIBS = @UDEV_STATIC_LIBS@ - BLKID_CFLAGS = @BLKID_CFLAGS@ - BLKID_LIBS = @BLKID_LIBS@ -+BLKID_STATIC_LIBS = @BLKID_STATIC_LIBS@ - SYSTEMD_LIBS = @SYSTEMD_LIBS@ - VALGRIND_CFLAGS = @VALGRIND_CFLAGS@ - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.184-mksh_build.patch b/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.184-mksh_build.patch deleted file mode 100644 index 49c6853f23..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.184-mksh_build.patch +++ /dev/null @@ -1,13 +0,0 @@ -https://bugs.gentoo.org/686652 - ---- LVM2.2.02.184/tools/Makefile.in -+++ LVM2.2.02.184/tools/Makefile.in -@@ -220,6 +220,6 @@ - echo "/* Do not edit. This file is generated by the Makefile. */" && \ - echo -en "const char _command_input[] =\n\n\"" && \ - $(EGREP) -v '^#|\-\-\-|^$$' $(srcdir)/command-lines.in | $(AWK) 'BEGIN {ORS = "\\n\"\n\""} //' && \ -- echo "\\n\";" \ -+ printf "%s\n" "\\n\";" \ - ) > $@ - - $(SOURCES:%.c=%.d) $(SOURCES2:%.c=%.d): command-lines-input.h command-count.h cmds.h diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.186-udev_remove_unsupported_option.patch b/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.186-udev_remove_unsupported_option.patch deleted file mode 100644 index f895e1921e..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.186-udev_remove_unsupported_option.patch +++ /dev/null @@ -1,34 +0,0 @@ -From f98f79a047dd1c4980008e0ed6c9ad4e18596cdc Mon Sep 17 00:00:00 2001 -From: Peter Rajnoha -Date: Tue, 13 Aug 2019 15:18:30 +0200 -Subject: [PATCH] udev: remove unsupported OPTIONS+="event_timeout" rule - -The OPTIONS+="event_timeout" is Unsupported since systemd/udev version 216, -that is ~5 years ago. - -Since systemd/udev version 243, there's a new message printed if unsupported -OPTIONS value is used: - - Invalid value for OPTIONS key, ignoring: 'event_timeout=180' - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1740666 ---- - udev/11-dm-lvm.rules.in | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/udev/11-dm-lvm.rules.in b/udev/11-dm-lvm.rules.in -index 91cb991df9..7c589943b7 100644 ---- a/udev/11-dm-lvm.rules.in -+++ b/udev/11-dm-lvm.rules.in -@@ -37,8 +37,6 @@ ENV{DM_SUBSYSTEM_UDEV_FLAG0}!="1", ENV{DM_NOSCAN}=="1", ENV{DM_UDEV_DISABLE_OTHE - - ENV{DM_UDEV_DISABLE_SUBSYSTEM_RULES_FLAG}=="1", GOTO="lvm_end" - --OPTIONS+="event_timeout=180" -- - # Do not create symlinks for inappropriate subdevices. - ENV{DM_LV_NAME}=="pvmove?*|?*_vorigin", GOTO="lvm_disable" - ENV{DM_LV_LAYER}=="?*", GOTO="lvm_disable" --- -2.24.0 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.56-lvm2create_initrd.patch b/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.56-lvm2create_initrd.patch deleted file mode 100644 index 59aaa9b34a..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.56-lvm2create_initrd.patch +++ /dev/null @@ -1,72 +0,0 @@ ---- LVM2.2.02.56/scripts/lvm2create_initrd/lvm2create_initrd.orig 2006-11-21 22:41:56.000000000 +0000 -+++ LVM2.2.02.56/scripts/lvm2create_initrd/lvm2create_initrd 2009-12-26 01:47:08.025224602 +0000 -@@ -54,7 +54,9 @@ - DEVRAM=/tmp/initrd.$$ - - # set defaults --BINFILES=${BINFILES:-"`which lvm` `which bash` `which busybox` `which pivot_root`"} -+LVM=`which lvm.static` -+LVM=${LVM:-"`which lvm`"} -+BINFILES=${BINFILES:-"${LVM} `which bash` `which busybox` `which pivot_root`"} - BASICDEVICES=${BASICDEVICES:-"std consoleonly fd"} - BLOCKDEVICES=${BLOCKDEVICES:-"md hda hdb hdc hdd sda sdb sdc sdd"} - MAKEDEV=${MAKEDEV:-"debian"} -@@ -119,6 +121,10 @@ - echo "$PRE Mounting /proc" - mount -t proc none /proc - -+# We need /sys for lvm -+echo "$PRE Mounting /sys" -+mount -t sysfs sysfs /sys -+ - # plug in modules listed in /etc/modules - if [ -f /etc/modules ]; then - echo -n "$PRE plugging in kernel modules:" -@@ -179,26 +185,29 @@ - # run a shell if we're passed lvm2rescue on commandline - grep lvm2rescue /proc/cmdline 1>/dev/null 2>&1 - if [ $? -eq 0 ]; then -- lvm vgchange --ignorelockingfailure -P -a y -+ $LVM vgchange --ignorelockingfailure -P -a y - do_shell - else -- lvm vgchange --ignorelockingfailure -a y -+ $LVM vgchange --ignorelockingfailure -a y - fi - - echo "$PRE Mounting root filesystem $rootvol ro" - mkdir /rootvol - if ! mount -t auto -o ro $rootvol /rootvol; then -- echo "\t*FAILED*"; -+ echo "\t*FAILED TRYING TO MOUNT ROOTVOL*"; - do_shell - fi - - echo "$PRE Umounting /proc" - umount /proc - -+echo "$PRE Umounting /sys" -+umount /sys -+ - echo "$PRE Changing roots" - cd /rootvol - if ! pivot_root . initrd ; then -- echo "\t*FAILED*" -+ echo "\t*FAILED PIVOT TO NEW ROOT*" - do_shell - fi - -@@ -356,7 +365,7 @@ - fi - - verbose "creating basic set of directories in $TMPMNT" --(cd $TMPMNT; mkdir bin dev etc lib proc sbin var) -+(cd $TMPMNT; mkdir bin dev etc lib proc sbin sys var) - if [ $? -ne 0 ]; then - echo "$cmd -- ERROR creating directories in $TMPMNT" - cleanup 1 -@@ -499,4 +508,3 @@ - FINALTXT - - cleanup 0 -- diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.63-always-make-static-libdm.patch b/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.63-always-make-static-libdm.patch deleted file mode 100644 index 5ddcb4e567..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.63-always-make-static-libdm.patch +++ /dev/null @@ -1,42 +0,0 @@ -diff -Nuar --exclude '*~' LVM2.2.02.63.orig/daemons/dmeventd/Makefile.in LVM2.2.02.63/daemons/dmeventd/Makefile.in ---- LVM2.2.02.63.orig/daemons/dmeventd/Makefile.in 2010-04-09 14:42:48.000000000 -0700 -+++ LVM2.2.02.63/daemons/dmeventd/Makefile.in 2010-04-19 11:53:27.000000000 -0700 -@@ -28,11 +28,12 @@ - INSTALL_LIB_TARGETS = install_lib_dynamic - - LIB_NAME = libdevmapper-event -+LIB_STATIC = $(LIB_NAME).a -+INSTALL_LIB_TARGETS += install_lib_static -+TARGETS += $(LIB_STATIC) - ifeq ("@STATIC_LINK@", "yes") -- LIB_STATIC = $(LIB_NAME).a -- TARGETS += $(LIB_STATIC) dmeventd.static -+ TARGETS += dmeventd.static - INSTALL_DMEVENTD_TARGETS += install_dmeventd_static -- INSTALL_LIB_TARGETS += install_lib_static - endif - - LIB_VERSION = $(LIB_VERSION_DM) -diff -Nuar --exclude '*~' LVM2.2.02.63.orig/libdm/Makefile.in LVM2.2.02.63/libdm/Makefile.in ---- LVM2.2.02.63.orig/libdm/Makefile.in 2010-04-09 14:42:51.000000000 -0700 -+++ LVM2.2.02.63/libdm/Makefile.in 2010-04-19 11:52:20.000000000 -0700 -@@ -34,8 +34,8 @@ - - INCLUDES = -I$(srcdir)/$(interface) -I$(srcdir) - --ifeq ("@STATIC_LINK@", "yes") - LIB_STATIC = $(interface)/libdevmapper.a -+ifeq ("@STATIC_LINK@", "yes") - endif - - LIB_SHARED = $(interface)/libdevmapper.$(LIB_SUFFIX) -@@ -63,8 +63,8 @@ - - INSTALL_TYPE = install_dynamic - --ifeq ("@STATIC_LINK@", "yes") - INSTALL_TYPE += install_static -+ifeq ("@STATIC_LINK@", "yes") - endif - - ifeq ("@PKGCONFIG@", "yes") diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.67-createinitrd.patch b/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.67-createinitrd.patch deleted file mode 100644 index 7f0bfb894f..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.67-createinitrd.patch +++ /dev/null @@ -1,18 +0,0 @@ -X-Gentoo-Bug-URL: http://bugs.gentoo.org/show_bug.cgi?id=301331 -X-Gentoo-Bug: 301331 - -diff -Nuar LVM2.2.02.67.orig/scripts/lvm2create_initrd/lvm2create_initrd LVM2.2.02.67/scripts/lvm2create_initrd/lvm2create_initrd ---- LVM2.2.02.67.orig/scripts/lvm2create_initrd/lvm2create_initrd 2010-06-07 18:44:34.182980475 +0000 -+++ LVM2.2.02.67/scripts/lvm2create_initrd/lvm2create_initrd 2010-06-07 18:51:27.636312899 +0000 -@@ -469,9 +469,9 @@ - rmdir $TMPMNT/lost+found - - echo "$cmd -- ummounting ram disk" --umount $DEVRAM -+umount $TMPMNT - if [ $? -ne 0 ]; then -- echo "$cmd -- ERROR umounting $DEVRAM" -+ echo "$cmd -- ERROR umounting $TMPMNT" - cleanup 1 - fi - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.99-locale-muck.patch b/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.99-locale-muck.patch deleted file mode 100644 index fe7ec87931..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.99-locale-muck.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- LVM2/make.tmpl.in -+++ LVM2/make.tmpl.in -@@ -395,7 +395,7 @@ - ( cat $(srcdir)/.exported_symbols; \ - if test x$(EXPORTED_HEADER) != x; then \ - $(CC) -E -P $(INCLUDES) $(DEFS) $(EXPORTED_HEADER) | \ -- $(SED) -ne "/^typedef|}/!s/.*[ *]\($(EXPORTED_FN_PREFIX)_[a-z0-9_]*\)(.*/\1/p"; \ -+ LC_ALL=C $(SED) -ne "/^typedef|}/!s/.*[ *]\($(EXPORTED_FN_PREFIX)_[a-z0-9_]*\)(.*/\1/p"; \ - fi \ - ) > $@ - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvmetad.initd-2.02.116-r3 b/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvmetad.initd-2.02.116-r3 deleted file mode 100644 index 55bbf9c4b6..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvmetad.initd-2.02.116-r3 +++ /dev/null @@ -1,17 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -pidfile="/run/lvmetad.pid" -command="/sbin/lvmetad" -command_args="${LVMETAD_OPTS:=-p ${pidfile}}" -start_stop_daemon_args="--pidfile ${pidfile}" - -depend() { - : -} - -start_pre() -{ - checkpath --directory /run/lvm || return 1 -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/lvm2-2.02.188-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/lvm2-2.02.188-r3.ebuild deleted file mode 100644 index b8d46580a6..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/lvm2-2.02.188-r3.ebuild +++ /dev/null @@ -1,311 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -TMPFILES_OPTIONAL=1 -inherit autotools linux-info systemd toolchain-funcs tmpfiles udev flag-o-matic - -DESCRIPTION="User-land utilities for LVM2 (device-mapper) software" -HOMEPAGE="https://sourceware.org/lvm2/" -SRC_URI="ftp://sourceware.org/pub/lvm2/${PN/lvm/LVM}.${PV}.tgz - ftp://sourceware.org/pub/lvm2/old/${PN/lvm/LVM}.${PV}.tgz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux" -IUSE="readline static static-libs systemd lvm2create_initrd sanlock selinux +udev +thin device-mapper-only" -REQUIRED_USE="device-mapper-only? ( !lvm2create_initrd !sanlock !thin ) - static? ( !systemd !udev ) - static-libs? ( !udev ) - systemd? ( udev )" - -DEPEND_COMMON=" - dev-libs/libaio[static-libs?] - static? ( dev-libs/libaio[static-libs] ) - !static? ( dev-libs/libaio[static-libs?] ) - readline? ( sys-libs/readline:0= ) - sanlock? ( sys-cluster/sanlock ) - systemd? ( >=sys-apps/systemd-205:0= ) - udev? ( >=virtual/libudev-208:= )" -# /run is now required for locking during early boot. /var cannot be assumed to -# be available -- thus, pull in recent enough baselayout for /run. -# This version of LVM is incompatible with cryptsetup <1.1.2. -RDEPEND="${DEPEND_COMMON} - >=sys-apps/baselayout-2.2 - !=sys-apps/util-linux-2.16 - lvm2create_initrd? ( sys-apps/makedev ) - !device-mapper-only? ( virtual/tmpfiles ) - thin? ( >=sys-block/thin-provisioning-tools-0.3.0 )" -# note: thin- 0.3.0 is required to avoid --disable-thin_check_needs_check -DEPEND="${DEPEND_COMMON} - static? ( - selinux? ( sys-libs/libselinux[static-libs] ) - >=sys-apps/util-linux-2.16[static-libs] - )" -BDEPEND=" - dev-build/autoconf-archive - virtual/pkgconfig -" - -S="${WORKDIR}/${PN/lvm/LVM}.${PV}" - -PATCHES=( - # Gentoo specific modification(s): - "${FILESDIR}"/${PN}-2.02.178-example.conf.in.patch - - # For upstream -- review and forward: - "${FILESDIR}"/${PN}-2.02.63-always-make-static-libdm.patch - "${FILESDIR}"/${PN}-2.02.56-lvm2create_initrd.patch - "${FILESDIR}"/${PN}-2.02.67-createinitrd.patch #301331 - "${FILESDIR}"/${PN}-2.02.99-locale-muck.patch #330373 - "${FILESDIR}"/${PN}-2.02.178-asneeded.patch # -Wl,--as-needed - "${FILESDIR}"/${PN}-2.02.178-dynamic-static-ldflags.patch #332905 - "${FILESDIR}"/${PN}-2.02.178-static-pkgconfig-libs.patch #370217, #439414 + blkid - "${FILESDIR}"/${PN}-2.02.176-pthread-pkgconfig.patch #492450 - "${FILESDIR}"/${PN}-2.02.171-static-libm.patch #617756 - "${FILESDIR}"/${PN}-2.02.166-HPPA-no-O_DIRECT.patch #657446 - #"${FILESDIR}"/${PN}-2.02.145-mkdev.patch #580062 # Merged upstream - "${FILESDIR}"/${PN}-2.02.184-dmeventd-no-idle-exit.patch - #"${FILESDIR}"/${PN}-2.02.184-allow-reading-metadata-with-invalid-creation_time.patch #682380 # merged upstream - "${FILESDIR}"/${PN}-2.02.184-mksh_build.patch #686652 - "${FILESDIR}"/${PN}-2.02.186-udev_remove_unsupported_option.patch #700160 - "${FILESDIR}"/${PN}-2.02.145-oneshot.patch -) - -pkg_setup() { - local CONFIG_CHECK="~SYSVIPC" - - if use udev; then - local WARNING_SYSVIPC="CONFIG_SYSVIPC:\tis not set (required for udev sync)\n" - if linux_config_exists; then - local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) - if [[ -n "${uevent_helper_path}" ]] && [[ "${uevent_helper_path}" != '""' ]]; then - ewarn "It's recommended to set an empty value to the following kernel config option:" - ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" - fi - fi - fi - - check_extra_config - - # 1. Genkernel no longer copies /sbin/lvm blindly. - if use static; then - elog "Warning, we no longer overwrite /sbin/lvm and /sbin/dmsetup with" - elog "their static versions. If you need the static binaries," - elog "you must append .static to the filename!" - fi -} - -src_prepare() { - default - - sed -i \ - -e "1iAR = $(tc-getAR)" \ - -e "s:CC ?= @CC@:CC = $(tc-getCC):" \ - make.tmpl.in || die #444082 - - sed -i -e '/FLAG/s:-O2::' configure{.ac,} || die #480212 - - if use udev && ! use device-mapper-only; then - sed -i -e '/use_lvmetad =/s:0:1:' conf/example.conf.in || die #514196 - elog "Notice that \"use_lvmetad\" setting is enabled with USE=\"udev\" in" - elog "/etc/lvm/lvm.conf, which will require restart of udev, lvm, and lvmetad" - elog "if it was previously disabled." - fi - - sed -i -e "s:/usr/bin/true:$(type -P true):" scripts/blk_availability_systemd_red_hat.service.in || die #517514 - - # Don't install thin man page when not requested - if ! use thin ; then - sed -i -e 's/^\(MAN7+=.*\) $(LVMTHINMAN) \(.*\)$/\1 \2/' man/Makefile.in || die - fi - - # Flatcar: The configure script tries to detect the systemd - # util dir without providing a way for us to override it, so - # modify the script. - sed -i \ - -e "s#^\(systemdutildir=\).*#\1$(systemd_get_utildir)#" \ - configure{.ac,} || die - - eautoreconf -} - -src_configure() { - filter-flags -flto - local myeconfargs=() - - # Most of this package does weird stuff. - # The build options are tristate, and --without is NOT supported - # options: 'none', 'internal', 'shared' - myeconfargs+=( - $(use_enable !device-mapper-only dmfilemapd) - $(use_enable !device-mapper-only dmeventd) - $(use_enable !device-mapper-only cmdlib) - $(use_enable !device-mapper-only applib) - $(use_enable !device-mapper-only fsadm) - $(use_enable !device-mapper-only lvmetad) - $(use_enable !device-mapper-only lvmpolld) - $(usex device-mapper-only --disable-udev-systemd-background-jobs '') - - # This only causes the .static versions to become available - $(usex static --enable-static_link '') - - # dmeventd requires mirrors to be internal, and snapshot available - # so we cannot disable them - --with-mirrors="$(usex device-mapper-only none internal)" - --with-snapshots="$(usex device-mapper-only none internal)" - - # disable O_DIRECT support on hppa, breaks pv detection (#99532) - $(usex hppa --disable-o_direct '') - ) - - if use thin; then - myeconfargs+=( --with-thin=internal --with-cache=internal ) - local texec - for texec in check dump repair restore; do - myeconfargs+=( --with-thin-${texec}="${EPREFIX}"/sbin/thin_${texec} ) - myeconfargs+=( --with-cache-${texec}="${EPREFIX}"/sbin/cache_${texec} ) - done - else - myeconfargs+=( --with-thin=none --with-cache=none ) - fi - - myeconfargs+=( --with-clvmd=none --with-cluster=none ) - - myeconfargs+=( - $(use_enable readline) - $(use_enable selinux) - --enable-pkgconfig - --with-confdir="${EPREFIX}"/etc - --exec-prefix="${EPREFIX}" - --sbindir="${EPREFIX}/sbin" - --with-staticdir="${EPREFIX}"/sbin - --libdir="${EPREFIX}/$(get_libdir)" - --with-usrlibdir="${EPREFIX}/usr/$(get_libdir)" - --with-default-dm-run-dir=/run - --with-default-run-dir=/run/lvm - --with-default-locking-dir=/run/lock/lvm - --with-default-pid-dir=/run - $(use_enable udev udev_rules) - $(use_enable udev udev_sync) - $(use_with udev udevdir "$(get_udevdir)"/rules.d) - $(use_enable sanlock lvmlockd-sanlock) - $(use_enable systemd udev-systemd-background-jobs) - $(use_enable systemd notify-dbus) - --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" - CLDFLAGS="${LDFLAGS}" - ) - # Hard-wire this to bash as some shells (dash) don't know - # "-o pipefail" #682404 - CONFIG_SHELL="/bin/bash" \ - econf "${myeconfargs[@]}" -} - -src_compile() { - pushd include >/dev/null - emake V=1 - popd >/dev/null - - if use device-mapper-only ; then - emake V=1 device-mapper - else - emake V=1 - emake V=1 CC="$(tc-getCC)" -C scripts lvm2_activation_generator_systemd_red_hat - fi -} - -src_install() { - local inst INSTALL_TARGETS - INSTALL_TARGETS=( install install_tmpfiles_configuration ) - # install systemd related files only when requested, bug #522430 - use systemd && INSTALL_TARGETS+=( install_systemd_units install_systemd_generators ) - use device-mapper-only && INSTALL_TARGETS=( install_device-mapper ) - for inst in ${INSTALL_TARGETS[@]}; do - emake V=1 DESTDIR="${D}" ${inst} - done - - newinitd "${FILESDIR}"/device-mapper.rc-2.02.105-r2 device-mapper - newconfd "${FILESDIR}"/device-mapper.conf-1.02.22-r3 device-mapper - - if use !device-mapper-only ; then - newinitd "${FILESDIR}"/dmeventd.initd-2.02.184-r2 dmeventd - newinitd "${FILESDIR}"/lvm.rc-2.02.187 lvm - newconfd "${FILESDIR}"/lvm.confd-2.02.184-r3 lvm - if ! use udev ; then - # We keep the variable but remove udev from it. - sed -r -i \ - -e '/^rc_need=/s/\//g' \ - "${ED}/etc/conf.d/lvm" || die "Could not drop udev from rc_need" - fi - - newinitd "${FILESDIR}"/lvm-monitoring.initd-2.02.105-r2 lvm-monitoring - newinitd "${FILESDIR}"/lvmetad.initd-2.02.116-r3 lvmetad - newinitd "${FILESDIR}"/lvmpolld.initd-2.02.183 lvmpolld - fi - - if use sanlock; then - newinitd "${FILESDIR}"/lvmlockd.initd-2.02.166-r1 lvmlockd - fi - - if use static-libs; then - dolib.a libdm/ioctl/libdevmapper.a - if use !device-mapper-only; then - # depends on lvmetad - dolib.a libdaemon/client/libdaemonclient.a #462908 - # depends on dmeventd - dolib.a daemons/dmeventd/libdevmapper-event.a - fi - else - rm -f "${ED}"/usr/$(get_libdir)/{libdevmapper-event,liblvm2cmd,liblvm2app,libdevmapper}.a - fi - - if use lvm2create_initrd; then - dosbin scripts/lvm2create_initrd/lvm2create_initrd - doman scripts/lvm2create_initrd/lvm2create_initrd.8 - newdoc scripts/lvm2create_initrd/README README.lvm2create_initrd - fi - - insinto /etc - doins "${FILESDIR}"/dmtab - - dodoc README VERSION* WHATS_NEW WHATS_NEW_DM doc/*.{c,txt} conf/*.conf -} - -pkg_postinst() { - if ! use device-mapper-only; then - tmpfiles_process lvm2.conf - fi - - if [[ -z "${REPLACING_VERSIONS}" ]]; then - # This is a new installation - ewarn "Make sure the \"lvm\" init script is in the runlevels:" - ewarn "# rc-update add lvm boot" - ewarn - ewarn "Make sure to enable lvmetad in /etc/lvm/lvm.conf if you want" - ewarn "to enable lvm autoactivation and metadata caching." - fi - - if use udev && [[ -d /run ]] ; then - local permission_run_expected="drwxr-xr-x" - local permission_run=$(stat -c "%A" /run) - if [[ "${permission_run}" != "${permission_run_expected}" ]] ; then - ewarn "Found the following problematic permissions:" - ewarn "" - ewarn " ${permission_run} /run" - ewarn "" - ewarn "Expected:" - ewarn "" - ewarn " ${permission_run_expected} /run" - ewarn "" - ewarn "This is known to be causing problems for UDEV-enabled LVM services." - fi - fi -} - -src_test() { - einfo "Tests are disabled because of device-node mucking, if you want to" - einfo "run tests, compile the package and see ${S}/tests" -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/metadata.xml b/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/metadata.xml deleted file mode 100644 index 75aaff4f1e..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/metadata.xml +++ /dev/null @@ -1,26 +0,0 @@ - - - - - base-system@gentoo.org - Gentoo Base System - - - robbat2@gentoo.org - Robin H. Johnson - - - agk@redhat.com - Alasdair Kergon - Upstream Maintainer (please CC on bugs) - - - Install lvm2create_initrd script and pull in sys-apps/makedev for the /sbin/MAKEDEV command - Support for thin volumes - Build only device-mapper and not the rest of LVM2 (UNSUPPORTED) - Enable lvmlockd with support for sanlock - - - cpe:/a:heinz_mauelshagen:lvm2 - - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/Manifest deleted file mode 100644 index 961f422d5f..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/Manifest +++ /dev/null @@ -1,2 +0,0 @@ -DIST mdadm-4.2.tar.xz 453624 BLAKE2B de7c4318dc5479de41378233869ab84ca2cd0e8a42310157b1acb969e7152af61556fbbe6f17bf6af4dfaf5543e49b1c982d2baeedf1c39b000032f4db7f5502 SHA512 57897a2b7fb8b0b88bece50501099872bb45ddb076cfc323d563588096d2b66b1ecba3724534943f651ace2bfe591482570700616500dc3398552e4f9ff0c37d -DIST mdadm_4.2~rc2-7.debian.tar.xz 89904 BLAKE2B dd04f2dd044d0bca85920eaf5c79a288d69c47a7ad7e36509a126c01ef63bd045d7e0530450650028de39d74ad852995ca080c3a73dbcb1cf1b3783118109f35 SHA512 3d36533d2713b663606919b2bfec18b15e18a6a0194e333e38e4a58f175da96af7b1fe16f0c36ee148e14492a4e0710b9fad6ac7856495b63c0176ebb7333be6 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/README.md b/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/README.md deleted file mode 100644 index 0374e15666..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/README.md +++ /dev/null @@ -1,6 +0,0 @@ -This is a fork of Gentoo's sys-fs/mdadm package. The main reason of -having this fork is to carry Flatcar-specific patches for using -systemd.timer instead of cron.weekly. - -There is also a minor change to build this package by default for -arm64 without needing an entry in accept_keywords file. diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/files/mdadm.service b/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/files/mdadm.service deleted file mode 100644 index 182c97310b..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/files/mdadm.service +++ /dev/null @@ -1,6 +0,0 @@ -[Unit] -Description=Initiates a check run of an MD array's redundancy information. - -[Service] -Type=oneshot -ExecStart=/usr/sbin/checkarray --cron --all --idle --quiet diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/files/mdadm.timer b/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/files/mdadm.timer deleted file mode 100644 index ad1a52d828..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/files/mdadm.timer +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Weekly check for MD array's redundancy information. - -[Install] -WantedBy=timers.target - -[Timer] -OnCalendar=weekly -Persistent=true diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/timezone-data/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-libs/timezone-data/Manifest deleted file mode 100644 index 95722eb438..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/timezone-data/Manifest +++ /dev/null @@ -1,2 +0,0 @@ -DIST tzcode2021a.tar.gz 262204 BLAKE2B 4072685f2344602ffcfe32a7bf92d3b0d93e38ffca842f1c07a60db5e26f1f18ab32fc7b5f155b0bdab49f8d0bfcd5b58f4a192b4d06d7d9639893e5cb596328 SHA512 bf1d53bcbfecd3b09d57a9e6d3cb49b5dc5f8e1b6674b67e7f974e1a268c2aaf13ca89a7ef12f49d0665aff782bd72685e00c22a41ca88a028da0429f972fd45 -DIST tzdata2021a.tar.gz 411892 BLAKE2B b8d177e90e22bd8a3fd23c9a9c19896cb245efd8e768b59ab8c63e56ab141e67331f3231e3a7c802f844375049cfd902e14e912ce677b3aea38fc0d968905e87 SHA512 7cdd762ec90ce12a30fa36b1d66d1ea82d9fa21e514e2b9c7fcbe2541514ee0fadf30843ff352c65512fb270857b51d1517b45e1232b89c6f954ba9ff1833bb3 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/timezone-data/timezone-data-2021a-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/timezone-data/timezone-data-2021a-r1.ebuild deleted file mode 100644 index 2d30e145a4..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/timezone-data/timezone-data-2021a-r1.ebuild +++ /dev/null @@ -1,113 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" - -inherit toolchain-funcs flag-o-matic - -code_ver=${PV} -data_ver=${PV} -DESCRIPTION="Timezone data (/usr/share/zoneinfo) and utilities (tzselect/zic/zdump)" -HOMEPAGE="https://www.iana.org/time-zones" -SRC_URI="https://www.iana.org/time-zones/repository/releases/tzdata${data_ver}.tar.gz - https://www.iana.org/time-zones/repository/releases/tzcode${code_ver}.tar.gz" - -LICENSE="BSD public-domain" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="nls leaps-timezone zic-slim" - -DEPEND="nls? ( virtual/libintl )" -RDEPEND="${DEPEND} - !sys-libs/glibc[vanilla(+)]" - -src_unpack() { - mkdir -p "${S}" && cd "${S}" || die - default -} - -src_prepare() { - default - - # check_web contacts validator.w3.org - sed -i -e 's/check_tables check_web/check_tables/g' \ - Makefile || die "Failed to disable check_web" - - tc-is-cross-compiler && cp -pR "${S}" "${S}"-native -} - -src_configure() { - tc-export CC - - append-lfs-flags #471102 - - if use elibc_Darwin ; then - append-cppflags -DSTD_INSPIRED #138251 - fi - - append-cppflags -DHAVE_GETTEXT=$(usex nls 1 0) -DTZ_DOMAIN='\"libc\"' - - # Upstream default is 'slim', but it breaks quite a few programs - # that parse /etc/localtime directly: bug# 747538. - append-cppflags -DZIC_BLOAT_DEFAULT='\"'$(usex zic-slim slim fat)'\"' - - LDLIBS="" - if use nls ; then - # See if an external libintl is available. #154181 #578424 - local c="${T}/test" - echo 'main(){}' > "${c}.c" - if $(tc-getCC) ${CPPFLAGS} ${CFLAGS} ${LDFLAGS} "${c}.c" -o "${c}" -lintl 2>/dev/null ; then - LDLIBS+=" -lintl" - fi - fi -} - -_emake() { - emake \ - REDO=$(usex leaps-timezone posix_right posix_only) \ - TOPDIR="${EPREFIX}" \ - ZICDIR='$(TOPDIR)/usr/bin' \ - "$@" -} - -src_compile() { - _emake \ - AR="$(tc-getAR)" \ - cc="$(tc-getCC)" \ - RANLIB="$(tc-getRANLIB)" \ - CFLAGS="${CFLAGS} -std=gnu99 ${CPPFLAGS}" \ - LDFLAGS="${LDFLAGS}" \ - LDLIBS="${LDLIBS}" - if tc-is-cross-compiler ; then - _emake -C "${S}"-native \ - AR="$(tc-getBUILD_AR)" \ - cc="$(tc-getBUILD_CC)" \ - RANLIB="$(tc-getBUILD_RANLIB)" \ - CFLAGS="${BUILD_CFLAGS} ${BUILD_CPPFLAGS}" \ - LDFLAGS="${BUILD_LDFLAGS}" \ - LDLIBS="${LDLIBS}" \ - zic - fi -} - -src_test() { - # VALIDATE_ENV is used for extended/web based tests. Punt on them. - emake check VALIDATE_ENV=true -} - -src_install() { - local zic="" - tc-is-cross-compiler && zic="zic=${S}-native/zic" - _emake install ${zic} DESTDIR="${D}" LIBDIR="/nukeit" - rm -rf "${D}/nukeit" "${ED}/etc" || die - - insinto /usr/share/zoneinfo - doins "${S}"/leap-seconds.list - - # Delete man pages installed by man-pages package. - rm "${ED}"/usr/share/man/man5/tzfile.5* "${ED}"/usr/share/man/man8/{tzselect,zdump,zic}.8 || die - dodoc CONTRIBUTING README NEWS *.html - - # install the symlink by hand to not break existing timezones - dosym . /usr/share/zoneinfo/posix -} diff --git a/sdk_container/src/third_party/portage-stable/app-admin/logrotate/Manifest b/sdk_container/src/third_party/portage-stable/app-admin/logrotate/Manifest new file mode 100644 index 0000000000..889283fbcb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-admin/logrotate/Manifest @@ -0,0 +1,4 @@ +DIST logrotate-3.21.0.tar.xz 168532 BLAKE2B f7fa0050bde51e2517eac8456ecf87648bc8423621830894ceb2a3ff6b9dfe32c5b53df6a4ee59aa91bd563ed94376a635159535f4fdc170fbc673354bcef508 SHA512 c576df7d2bc1a1db2f99befdd0ea627aef2d97bdcd4a7cdea76870623ba92fb1f04f1af6d15b75e4a9085f4aef2ae5e9843c4094cdd01e24d89872ccaf9c0d4a +DIST logrotate-3.21.0.tar.xz.asc 833 BLAKE2B b2099a0b8c15d1ea7f7325884027dff08dcc8305113411448797b8089d17026242a3f10bd6d7f3d865e3e339ec6fb5faf4ff48f8fd65bca3af4da8b335c3b5f1 SHA512 8f4c1853cd84f85c796b72b43048f4cf04e3409703e7669ee91e1d1aa5e9e5c04261fac1cdf85ec303508d5b6dbf126a44eb9ec819bcc772c664830d39e1068c +DIST logrotate-3.22.0.tar.xz 172108 BLAKE2B c1c9f1ff792905d2917e9ba3cee360c50259e1520e04073cb69abe475499adcf01aeb3cb4c6933af61255fbb5978577c4fdf9d6ab6ebf9568358d2446791c7f3 SHA512 16fd95b4daef779212008c4a968c7a7130be8d550f58531d24fc04599cb9adff6323a745725b3b14d7312ad36cb6646fe33a3defdb5b70cda2cec9646aab066a +DIST logrotate-3.22.0.tar.xz.asc 833 BLAKE2B 379d4fd71c6161211234903560770cf14a7ddf769b83e76ef27ad96d1204e2f4dc73d1e44aa69401db87c252c4471d5bdbace0555dfbb66c8751c20131a7751f SHA512 93664c45bfe9ea20aedc54fe216825db38eaf81d43b238cd7bf8ea3e03f7d282f53743fb6d914766a9ed0cb5b33376435d253db5b9ec7039facd66e25d349dd4 diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/logrotate/files/logrotate-3.15.0-ignore-hidden.patch b/sdk_container/src/third_party/portage-stable/app-admin/logrotate/files/logrotate-3.15.0-ignore-hidden.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-admin/logrotate/files/logrotate-3.15.0-ignore-hidden.patch rename to sdk_container/src/third_party/portage-stable/app-admin/logrotate/files/logrotate-3.15.0-ignore-hidden.patch diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/logrotate/files/logrotate.conf b/sdk_container/src/third_party/portage-stable/app-admin/logrotate/files/logrotate.conf similarity index 66% rename from sdk_container/src/third_party/coreos-overlay/app-admin/logrotate/files/logrotate.conf rename to sdk_container/src/third_party/portage-stable/app-admin/logrotate/files/logrotate.conf index 0b1d0b9265..d25e023858 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-admin/logrotate/files/logrotate.conf +++ b/sdk_container/src/third_party/portage-stable/app-admin/logrotate/files/logrotate.conf @@ -1,19 +1,13 @@ -# Flatcar: This is a modified version of the default config that came -# with Gentoo Linux. - # # Default logrotate(8) configuration file for Gentoo Linux. # See "man logrotate" for details. # rotate log files weekly. -#weekly +weekly #daily # keep 4 weeks worth of backlogs. -#rotate 4 - -# Flatcar: keep only the most recent old log. -rotate 1 +rotate 4 # create new (empty) log files after rotating old ones. create @@ -24,8 +18,6 @@ dateext # compress rotated log files. compress -# Flatcar: If a file to rotate is missing, don't log an error. -missingok notifempty nomail noolddir @@ -34,14 +26,17 @@ noolddir include /etc/logrotate.d # no packages own wtmp and btmp -- we'll rotate them here. -# must match creation rules in /usr/lib/tmpfiles.d/var.conf /var/log/wtmp { + monthly create 0664 root utmp - size 1M + minsize 1M + rotate 1 } /var/log/btmp { + missingok + monthly create 0600 root utmp - size 1M + rotate 1 } # system-specific logs may also be configured here. diff --git a/sdk_container/src/third_party/portage-stable/app-admin/logrotate/files/logrotate.tmpfiles b/sdk_container/src/third_party/portage-stable/app-admin/logrotate/files/logrotate.tmpfiles new file mode 100644 index 0000000000..dfb4ab66c1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-admin/logrotate/files/logrotate.tmpfiles @@ -0,0 +1 @@ +d /var/lib/misc diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/logrotate/logrotate-3.20.1-r1.ebuild b/sdk_container/src/third_party/portage-stable/app-admin/logrotate/logrotate-3.21.0.ebuild similarity index 66% rename from sdk_container/src/third_party/coreos-overlay/app-admin/logrotate/logrotate-3.20.1-r1.ebuild rename to sdk_container/src/third_party/portage-stable/app-admin/logrotate/logrotate-3.21.0.ebuild index 59e516b607..5c8f335a35 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-admin/logrotate/logrotate-3.20.1-r1.ebuild +++ b/sdk_container/src/third_party/portage-stable/app-admin/logrotate/logrotate-3.21.0.ebuild @@ -1,9 +1,9 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/kamildudka.asc +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/kamildudka.asc inherit systemd tmpfiles verify-sig DESCRIPTION="Rotates, compresses, and mails system logs" @@ -13,15 +13,19 @@ SRC_URI+=" verify-sig? ( https://github.com/${PN}/${PN}/releases/download/${PV}/ LICENSE="GPL-2" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" +KEYWORDS="~alpha amd64 arm arm64 hppa ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" IUSE="acl +cron selinux" -DEPEND=">=dev-libs/popt-1.5 +DEPEND=" + >=dev-libs/popt-1.5 selinux? ( sys-libs/libselinux ) - acl? ( virtual/acl )" -RDEPEND="${DEPEND} + acl? ( virtual/acl ) +" +RDEPEND=" + ${DEPEND} selinux? ( sec-policy/selinux-logrotate ) - cron? ( virtual/cron )" + cron? ( virtual/cron ) +" BDEPEND="verify-sig? ( sec-keys/openpgp-keys-kamildudka )" STATEFILE="${EPREFIX}/var/lib/misc/logrotate.status" @@ -29,7 +33,6 @@ OLDSTATEFILE="${EPREFIX}/var/lib/logrotate.status" PATCHES=( "${FILESDIR}"/${PN}-3.15.0-ignore-hidden.patch - "${FILESDIR}"/${P}-log-changes.patch ) move_old_state_file() { @@ -64,25 +67,12 @@ src_install() { doman logrotate.8 dodoc ChangeLog.md - # Flatcar: Put our config under /usr. We will point logrotate - # to use this configuration in the systemd unit we install - # below. User can always customize logrotate configuration by - # using drop-ins to point to a different path or by adding - # logrotate config files to /etc/logrotate.d. - insinto /usr/share/logrotate + insinto /etc doins "${FILESDIR}"/logrotate.conf use cron && install_cron_file - # Flatcar: Install our own systemd service file and enable it - # by default. - # - # TODO: We probably should just patch the example logrotate - # service unit, as it has a bunch of hardening and performance - # tuning stuff done. - systemd_dounit examples/logrotate.timer - systemd_dounit "${FILESDIR}"/logrotate.service - systemd_enable_service multi-user.target logrotate.timer + systemd_dounit examples/logrotate.{service,timer} newtmpfiles "${FILESDIR}"/${PN}.tmpfiles ${PN}.conf keepdir /etc/logrotate.d diff --git a/sdk_container/src/third_party/portage-stable/app-admin/logrotate/logrotate-3.22.0.ebuild b/sdk_container/src/third_party/portage-stable/app-admin/logrotate/logrotate-3.22.0.ebuild new file mode 100644 index 0000000000..169818f942 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-admin/logrotate/logrotate-3.22.0.ebuild @@ -0,0 +1,99 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/cgzones.asc +inherit systemd tmpfiles verify-sig + +DESCRIPTION="Rotates, compresses, and mails system logs" +HOMEPAGE="https://github.com/logrotate/logrotate" +SRC_URI="https://github.com/${PN}/${PN}/releases/download/${PV}/${P}.tar.xz" +SRC_URI+=" verify-sig? ( https://github.com/${PN}/${PN}/releases/download/${PV}/${P}.tar.xz.asc )" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 hppa ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="acl +cron selinux" + +DEPEND=" + >=dev-libs/popt-1.5 + selinux? ( sys-libs/libselinux ) + acl? ( virtual/acl ) +" +RDEPEND=" + ${DEPEND} + selinux? ( sec-policy/selinux-logrotate ) + cron? ( virtual/cron ) +" +BDEPEND="verify-sig? ( sec-keys/openpgp-keys-cgzones )" + +STATEFILE="${EPREFIX}/var/lib/misc/logrotate.status" +OLDSTATEFILE="${EPREFIX}/var/lib/logrotate.status" + +PATCHES=( + "${FILESDIR}"/${PN}-3.15.0-ignore-hidden.patch +) + +move_old_state_file() { + elog "logrotate state file is now located at ${STATEFILE}" + elog "See bug #357275" + if [[ -e "${OLDSTATEFILE}" ]] ; then + elog "Moving your current state file to new location: ${STATEFILE}" + mv -n "${OLDSTATEFILE}" "${STATEFILE}" || die + fi +} + +install_cron_file() { + exeinto /etc/cron.daily + newexe "${S}"/examples/logrotate.cron "${PN}" +} + +src_prepare() { + default + + sed -i -e 's#/usr/sbin/logrotate#/usr/bin/logrotate#' examples/logrotate.{cron,service} || die +} + +src_configure() { + econf \ + $(use_with acl) \ + $(use_with selinux) \ + --with-state-file-path="${STATEFILE}" +} + +src_install() { + dobin logrotate + doman logrotate.8 + dodoc ChangeLog.md + + insinto /etc + doins "${FILESDIR}"/logrotate.conf + + use cron && install_cron_file + + systemd_dounit examples/logrotate.{service,timer} + newtmpfiles "${FILESDIR}"/${PN}.tmpfiles ${PN}.conf + + keepdir /etc/logrotate.d +} + +pkg_postinst() { + elog + elog "The ${PN} binary is now installed under /usr/bin. Please" + elog "update your links" + elog + + move_old_state_file + + tmpfiles_process ${PN}.conf + + if [[ -z ${REPLACING_VERSIONS} ]] ; then + elog "If you wish to have logrotate e-mail you updates, please" + elog "emerge virtual/mailx and configure logrotate in" + elog "/etc/logrotate.conf appropriately" + elog + elog "Additionally, /etc/logrotate.conf may need to be modified" + elog "for your particular needs. See man logrotate for details." + fi +} diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/logrotate/metadata.xml b/sdk_container/src/third_party/portage-stable/app-admin/logrotate/metadata.xml similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-admin/logrotate/metadata.xml rename to sdk_container/src/third_party/portage-stable/app-admin/logrotate/metadata.xml diff --git a/sdk_container/src/third_party/portage-stable/app-containers/syft/Manifest b/sdk_container/src/third_party/portage-stable/app-containers/syft/Manifest new file mode 100644 index 0000000000..917a175b7a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/syft/Manifest @@ -0,0 +1,12 @@ +DIST syft-0.75.0-deps.tar.xz 449464772 BLAKE2B 60329a7054917079ea2ad683019933b5a5b02441f7ec6823f64b83fd5c353b7096a21113d91d3b9fc1ecaa0870ccef4ee39c60a250f193bef35e15ea1e1b5598 SHA512 1605a7dd830d648e48049bf918c67bbc542dc790c09097db52e578bb826c994ca0364cc42ae510a6411febd90e395715b8a5317e82d424481ae3b835fae98357 +DIST syft-0.75.0.tar.gz 5714462 BLAKE2B 4513fb5ce8c9b432d9042e31c13032428db7ae2b7637f25d391c572094706a1bcfa7dc971a96a8630b3d226504000c79219c0cbc6e1372558c6d08c3ff41dfa4 SHA512 4b8f7cc2823ace1fb2a57a5a989690967ac2b0caf2358dd61a85eca418050ff3fb8ea0409fa694754e595f85168f7f2b192fd407f651f48e05932a73b18fa379 +DIST syft-0.76.0-deps.tar.xz 457367140 BLAKE2B 8d05372361e6051b8102bec3b775eb00f9f24c5d6cddcee39d5d5b0a8f8db5260173d17aa3922b625885c1dddba42f2c2ecb6afe39b03c61a04a9a9577c4a9c6 SHA512 20f32db12c11a15eb323016fb0df09ec0ad823882344006fd30c4450e25feb9db17b8784581a01ed5a3fd68597ad05749082413c4196deff4b908af56c72b04e +DIST syft-0.76.0.tar.gz 5726316 BLAKE2B debf5c9764994c616fceb7b69c42e87d6399ceb4b2f878935901f626256723177cc3e23b38f6dbce40a59c6586cb5589e82ed3c2a9811117486d9a1ced2f2260 SHA512 86f82455ff0d78864f56f2575bb2acb311ab658c23161b44f342242e88470948581097c2d928fae96ed01ad52843cb26d4682e22e5f81818a83a35cca1eff69e +DIST syft-0.94.0-deps.tar.xz 502576092 BLAKE2B 35c13d34a7a4b2afafb9b73502f4258b379db737d9482d3f2fc8c0748cda67733e198df25237b6622e7450055f6681de7e7031cf0d5c0f7d422b268e64608da2 SHA512 1018cbd7e22b44ca8626747ddce2a4672b7f6e0ff359d30e36877ac00e093cea8709d6880093850afe107aef7333b6f928ababc1dbb3cb5741c466b95ac69268 +DIST syft-0.94.0.tar.gz 5266343 BLAKE2B 892c7bf90a1d15fd926207acd1a28e8bd907ae5869be763e48ccd8d3279975c2ec84d9ec5842e3799460a823b5aa611a028982d8d40d90248c1cfad25415c672 SHA512 171b23271f03e1e824dcac41a563f7947d004797a21e762eea883ea680e0de65a532e03e4b245a4021288fec60142da8c1c16d6520eadece65728728b9d15f91 +DIST syft-0.95.0-deps.tar.xz 525784260 BLAKE2B 8aa9da529a605725ecbcc4ec98bef651218ee7b1ed08564fae0911fc83f78a13f7773c8c6e7c12f0ecb4b979477e1ea1a89354c11de932ef2e0a45b1fb80ec10 SHA512 0571b3586d27d1cf76a6bfd4c3fd5c06f796bd94feea63303c8464c602ce91f94e4bdc0002eb7241ff967e4146ec2a91cce428ad495d89dfda078a968e43d63f +DIST syft-0.95.0.tar.gz 5328311 BLAKE2B 555844c771dc57dd396f4016095a8e462b5088abf7d7dc2f77b14dcd98bd77fb58598c1011145ce001117ea3059cf93f2b4a1d2a7c01914cd1e5b855e79394cc SHA512 6509d7a505ff1adc37386bccfefb8ce106ff8c1ffe267ee768f731ef865c731dec3603c055d094363aae8b0ad6dd09547cb4b7e5a8d6993d7f8e09ef47f195c3 +DIST syft-1.18.1-deps.tar.xz 162627924 BLAKE2B c68a14ede812e6573f90d3e6ebeb3e60f26e3caa92d71f008d3706921f3f873d78305f3c24ede226ee67d1ac39ac3cc2412e6c03a3386a89ee7cfd75e7df80b1 SHA512 df2a1182200074ec0bd5be08340e3fdddc4ee76a857741359a2c0a2469b16dface84e1f3540fe3034dab89562a1adb8ba341d42521686d7566b8d81f39da9217 +DIST syft-1.18.1.tar.gz 5951602 BLAKE2B d73714c11143ca8f84e8b3167c4416417845af736a677369703d7aa334cfc69fb71bd0de05dc6cd21e5282e3df3c1548c8d1306c3311054c02266a19ece37d1e SHA512 05693eb5d13be1dc5682c91906027b67de881fb5513667f98d40302130a10bd082cc1c4df006cdd5d09968e3d77ec97d8cc620d0a816d325e3571f67e98b0143 +DIST syft-1.9.0-deps.tar.xz 207469280 BLAKE2B 38b428c8062f006586c0b7f1b8aeb2af09063d9f665a5a18c50dbe3848436cac80da2d2fd441a07d76787cb8e66d35fd322c7f9d1254662bf34fd29d05116e22 SHA512 34aa74de4befc2d097cb01e0ff3b37fd30cfca60b4d916f3fe7578848b6f2bb4ea263431adff7852b2b70dc9a4f7b50e75cfd58ee6ea3c604d03f7bde5ab10e6 +DIST syft-1.9.0.tar.gz 5825322 BLAKE2B e6b0808de2179a8956a1ba30138bcf11b0fead1c154a8d432cd852d6be2753075491c43f238943883d1c8080f7c24fc9a617daff4457aba6731831c619ff9223 SHA512 0a116accd3762fa6c43475b52c85d9a103423aa5f747b86209f128a2484b54e20d17d0dce7ec88c412e95f6685f8a47032bbfe812e6fceb39451cf1faa9e7fbb diff --git a/sdk_container/src/third_party/portage-stable/app-containers/syft/metadata.xml b/sdk_container/src/third_party/portage-stable/app-containers/syft/metadata.xml new file mode 100644 index 0000000000..522f506c2c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/syft/metadata.xml @@ -0,0 +1,11 @@ + + + + + williamh@gentoo.org + William Hubbs + + + anchore/syft + + diff --git a/sdk_container/src/third_party/portage-stable/app-containers/syft/syft-0.75.0.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/syft/syft-0.75.0.ebuild new file mode 100644 index 0000000000..1dc3782ce8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/syft/syft-0.75.0.ebuild @@ -0,0 +1,34 @@ +# Copyright 2022-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +inherit go-module +GIT_COMMIT=cc0a376aba43e7f9c5fe66320643f72088533838 + +DESCRIPTION="Generate a Software Bill of Materials from container images and filesystems" +HOMEPAGE="https://www.anchore.com" +SRC_URI="https://github.com/anchore/syft/archive/v${PV}.tar.gz -> ${P}.tar.gz" +SRC_URI+=" https://dev.gentoo.org/~williamh/dist/${P}-deps.tar.xz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~arm64" + +# tests require a running docker daemon +RESTRICT="test" + +src_compile() { + local BUILD_DATE + BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ) + ego build -o bin/syft -ldflags " + -extldflags '-static' + -X github.com/anchore/syft/internal/version.version=${PV} + -X github.com/anchore/syft/internal/version.gitCommit=${GIT_COMMIT} + -X github.com/anchore/syft/internal/version.buildDate=${BUILD_DATE} + -X github.com/anchore/syft/internal/version.gitDescription=v${PV} + " ./cmd/syft +} + +src_install() { + dobin bin/* +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/syft/syft-0.76.0.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/syft/syft-0.76.0.ebuild new file mode 100644 index 0000000000..f2d767a1a2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/syft/syft-0.76.0.ebuild @@ -0,0 +1,34 @@ +# Copyright 2022-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +inherit go-module +GIT_COMMIT=dfcc07e5122217ca9e2fc75817c593356fc0c405 + +DESCRIPTION="Generate a Software Bill of Materials from container images and filesystems" +HOMEPAGE="https://www.anchore.com" +SRC_URI="https://github.com/anchore/syft/archive/v${PV}.tar.gz -> ${P}.tar.gz" +SRC_URI+=" https://dev.gentoo.org/~williamh/dist/${P}-deps.tar.xz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~arm64" + +# tests require a running docker daemon +RESTRICT="test" + +src_compile() { + local BUILD_DATE + BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ) + ego build -o bin/syft -ldflags " + -extldflags '-static' + -X github.com/anchore/syft/internal/version.version=${PV} + -X github.com/anchore/syft/internal/version.gitCommit=${GIT_COMMIT} + -X github.com/anchore/syft/internal/version.buildDate=${BUILD_DATE} + -X github.com/anchore/syft/internal/version.gitDescription=v${PV} + " ./cmd/syft +} + +src_install() { + dobin bin/* +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/syft/syft-0.94.0.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/syft/syft-0.94.0.ebuild new file mode 100644 index 0000000000..b5c24f11d1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/syft/syft-0.94.0.ebuild @@ -0,0 +1,34 @@ +# Copyright 2022-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +inherit go-module +GIT_COMMIT=8f6bdde6662aa8050a71eadbdb7bd5a3b079a56d + +DESCRIPTION="Generate a Software Bill of Materials from container images and filesystems" +HOMEPAGE="https://www.anchore.com" +SRC_URI="https://github.com/anchore/syft/archive/v${PV}.tar.gz -> ${P}.tar.gz" +SRC_URI+=" https://dev.gentoo.org/~williamh/dist/${P}-deps.tar.xz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~arm64" + +# tests require a running docker daemon +RESTRICT="test" + +src_compile() { + local BUILD_DATE + BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ) + ego build -o bin/syft -ldflags " + -extldflags '-static' + -X github.com/anchore/syft/internal/version.version=${PV} + -X github.com/anchore/syft/internal/version.gitCommit=${GIT_COMMIT} + -X github.com/anchore/syft/internal/version.buildDate=${BUILD_DATE} + -X github.com/anchore/syft/internal/version.gitDescription=v${PV} + " ./cmd/syft +} + +src_install() { + dobin bin/* +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/syft/syft-0.95.0.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/syft/syft-0.95.0.ebuild new file mode 100644 index 0000000000..a3a0542d8f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/syft/syft-0.95.0.ebuild @@ -0,0 +1,34 @@ +# Copyright 2022-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +inherit go-module +GIT_COMMIT=9b98785aab9346999a0b5e9f5e4b4e63a1b1916c + +DESCRIPTION="Generate a Software Bill of Materials from container images and filesystems" +HOMEPAGE="https://www.anchore.com" +SRC_URI="https://github.com/anchore/syft/archive/v${PV}.tar.gz -> ${P}.tar.gz" +SRC_URI+=" https://dev.gentoo.org/~williamh/dist/${P}-deps.tar.xz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~arm64" + +# tests require a running docker daemon +RESTRICT="test" + +src_compile() { + local BUILD_DATE + BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ) + ego build -o bin/syft -ldflags " + -extldflags '-static' + -X github.com/anchore/syft/internal/version.version=${PV} + -X github.com/anchore/syft/internal/version.gitCommit=${GIT_COMMIT} + -X github.com/anchore/syft/internal/version.buildDate=${BUILD_DATE} + -X github.com/anchore/syft/internal/version.gitDescription=v${PV} + " ./cmd/syft +} + +src_install() { + dobin bin/* +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/syft/syft-1.18.1.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/syft/syft-1.18.1.ebuild new file mode 100644 index 0000000000..20e8cdef9d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/syft/syft-1.18.1.ebuild @@ -0,0 +1,36 @@ +# Copyright 2022-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +inherit go-module +GIT_COMMIT=5e16e5031a13f8a11057feb8544decebfc43b4ed + +DESCRIPTION="Generate a Software Bill of Materials from container images and filesystems" +HOMEPAGE="https://www.anchore.com" +SRC_URI="https://github.com/anchore/syft/archive/v${PV}.tar.gz -> ${P}.tar.gz" +SRC_URI+=" https://dev.gentoo.org/~williamh/dist/${P}-deps.tar.xz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~arm64" + +# tests require a running docker daemon +RESTRICT="test" + +src_compile() { + local BUILD_DATE + BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ) + ego build -o bin/syft -ldflags " + -extldflags '-static' + -X github.com/anchore/syft/internal/version.version=${PV} + -X github.com/anchore/syft/internal/version.gitCommit=${GIT_COMMIT} + -X github.com/anchore/syft/internal/version.buildDate=${BUILD_DATE} + -X github.com/anchore/syft/internal/version.gitDescription=v${PV} + " ./cmd/syft +} + +src_install() { + dobin bin/* + insinto /usr/share/"${PN}" + doins -r examples +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/syft/syft-1.9.0.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/syft/syft-1.9.0.ebuild new file mode 100644 index 0000000000..da16f36918 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/syft/syft-1.9.0.ebuild @@ -0,0 +1,36 @@ +# Copyright 2022-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +inherit go-module +GIT_COMMIT=4e09908ba124dca7e6f1f6e7dc4f4663fae658ca + +DESCRIPTION="Generate a Software Bill of Materials from container images and filesystems" +HOMEPAGE="https://www.anchore.com" +SRC_URI="https://github.com/anchore/syft/archive/v${PV}.tar.gz -> ${P}.tar.gz" +SRC_URI+=" https://dev.gentoo.org/~williamh/dist/${P}-deps.tar.xz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~arm64" + +# tests require a running docker daemon +RESTRICT="test" + +src_compile() { + local BUILD_DATE + BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ) + ego build -o bin/syft -ldflags " + -extldflags '-static' + -X github.com/anchore/syft/internal/version.version=${PV} + -X github.com/anchore/syft/internal/version.gitCommit=${GIT_COMMIT} + -X github.com/anchore/syft/internal/version.buildDate=${BUILD_DATE} + -X github.com/anchore/syft/internal/version.gitDescription=v${PV} + " ./cmd/syft +} + +src_install() { + dobin bin/* + insinto /usr/share/"${PN}" + doins -r examples +} diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntools/Manifest b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/Manifest similarity index 66% rename from sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntools/Manifest rename to sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/Manifest index 25850541d8..e0a935653e 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntools/Manifest +++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/Manifest @@ -1,2 +1,3 @@ DIST sbsigntool-0.8-ccan.tar.gz 113537 BLAKE2B 8fbf27463d30c1895930628a145be2d521ae4f6adb7af3299bf2f5f4319fd643df0a07347ef6851bd41d233af4c3fc5f77002771af1c43aa0f20665aef2390b8 SHA512 6857096879f116f1802eb6b44789cbea7bb24440bc0f16503aeadf5f276fa45943f322f844dbb9abee717655205d82b830143be3a7f4424fd4146b9360674a09 DIST sbsigntools-0.9.4.tar.gz 57714 BLAKE2B 94797af6c98a9c13cb71e52ba6f7ff07de70660af2194b14061e0cb618d6effff52ef7a4dd2fd4e44e75f022b979442d4290b1d65d63017b2fbebdca5951c5c9 SHA512 953d3d9a7f92b837da966eabe3572163a29c5292e792d5ef17cf842d7373ffaa901377cb4ec68006a6ef2f9c97d48db8ffdd3a6d2853be67016d3484a118bba9 +DIST sbsigntools-0.9.5.tar.gz 57876 BLAKE2B 677f87eac9fba9185acd7e25b8d7a3682083938313f3086aaaa6871e010bd403bdda5b9a5fe931151af75a344802c964918be8feb38ec6229d9a16c5b63416b6 SHA512 3b23bdf1855132a91e2063039bd4d14c5564e9cd8f551711aa89a91646ff783afb6e318479e9cf46eedbc914a1eade142398c774d8dbfef8fd1d65cbbe60aabd diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/sbsigntools-0.9.4-no-werror.patch b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/sbsigntools-0.9.4-no-werror.patch new file mode 100644 index 0000000000..42650929b8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/sbsigntools-0.9.4-no-werror.patch @@ -0,0 +1,13 @@ +https://bugs.gentoo.org/832212 +https://bugs.gentoo.org/845372 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -7,7 +7,7 @@ AM_CFLAGS = -Wall -Wextra --std=gnu99 + common_SOURCES = idc.c idc.h image.c image.h fileio.c fileio.h \ + efivars.h $(coff_headers) + common_LDADD = ../lib/ccan/libccan.a $(libcrypto_LIBS) +-common_CFLAGS = -I$(top_srcdir)/lib/ccan/ -Werror ++common_CFLAGS = -I$(top_srcdir)/lib/ccan/ + + sbsign_SOURCES = sbsign.c $(common_SOURCES) + sbsign_LDADD = $(common_LDADD) diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/sbsigntools-0.9.4-openssl3.patch b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/sbsigntools-0.9.4-openssl3.patch new file mode 100644 index 0000000000..3fffe9b668 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/sbsigntools-0.9.4-openssl3.patch @@ -0,0 +1,35 @@ +Subject: [PATCH] Fix openssl-3.0 issue involving ASN1 xxx_it +From: Jeremi Piotrowski +Origin: https://groups.io/g/sbsigntools/message/54 + +Use ASN1_ITEM_rptr() instead of taking the address of IDC_PEID_it. + +openssl-3.0 changed the type of TYPE_it from `const ASN1_ITEM TYPE_it` to +`const ASN1_ITEM *TYPE_it(void)`. This was previously hidden behind +OPENSSL_EXPORT_VAR_AS_FUNCTION but in 3.0 only the function version is +available. This change should have been transparent to the application, but +only if the `ASN1_ITEM_rptr()` macro is used. + +This change passes `make check` with both openssl 1.1 and 3.0. + +Signed-off-by: Jeremi Piotrowski +--- + src/idc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/idc.c b/src/idc.c +index 6d87bd4..0a82218 100644 +--- a/src/idc.c ++++ b/src/idc.c +@@ -189,7 +189,7 @@ int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image *image) + + idc->data->type = OBJ_nid2obj(peid_nid); + idc->data->value = ASN1_TYPE_new(); +- type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it); ++ type_set_sequence(image, idc->data->value, peid, ASN1_ITEM_rptr(IDC_PEID)); + + idc->digest->alg->parameter = ASN1_TYPE_new(); + idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256); +-- +2.25.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntools/metadata.xml b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/metadata.xml similarity index 80% rename from sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntools/metadata.xml rename to sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/metadata.xml index ef5313d421..f0168eb305 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntools/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/metadata.xml @@ -2,7 +2,8 @@ - tamiko@gentoo.org + nowa@gentoo.org + Nowa Ammerlaan ubuntu diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntools/sbsigntools-0.9.4.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/sbsigntools-0.9.4-r1.ebuild similarity index 85% rename from sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntools/sbsigntools-0.9.4.ebuild rename to sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/sbsigntools-0.9.4-r1.ebuild index 41cf7c59c5..0ce5dbbe30 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntools/sbsigntools-0.9.4.ebuild +++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/sbsigntools-0.9.4-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI="7" @@ -14,7 +14,7 @@ SRC_URI="https://git.kernel.org/pub/scm/linux/kernel/git/jejb/${PN}.git/snapshot LICENSE="GPL-3 LGPL-3 LGPL-2.1 CC0-1.0" SLOT="0" -KEYWORDS="amd64 arm64 ~x86" +KEYWORDS="amd64 arm64 ~riscv x86" IUSE="" RDEPEND=" @@ -27,7 +27,8 @@ DEPEND="${RDEPEND} virtual/pkgconfig" PATCHES=( - "${FILESDIR}"/openssl-3-compat.patch + "${FILESDIR}"/${PN}-0.9.4-no-werror.patch + "${FILESDIR}"/${PN}-0.9.4-openssl3.patch ) src_prepare() { @@ -39,6 +40,7 @@ src_prepare() { amd64) iarch=x86_64 ;; arm64) iarch=aarch64 ;; ia64) iarch=ia64 ;; + riscv) iarch=riscv64 ;; x86) iarch=ia32 ;; *) die "unsupported architecture: ${ARCH}" ;; esac @@ -46,9 +48,6 @@ src_prepare() { sed -i 's/-m64$/& -march=x86-64/' tests/Makefile.am || die sed -i "/^AR /s:=.*:= $(tc-getAR):" lib/ccan/Makefile.in || die #481480 - # Flatcar change required to compile with OpenSSLv3 - sed -i "s/-Werror//g" src/Makefile.am || die - default eautoreconf } diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/sbsigntools-0.9.5.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/sbsigntools-0.9.5.ebuild new file mode 100644 index 0000000000..b6c7e8e1d9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/sbsigntools-0.9.5.ebuild @@ -0,0 +1,59 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +MY_PN="${PN::-1}" + +inherit autotools toolchain-funcs + +DESCRIPTION="Utilities for signing and verifying files for UEFI Secure Boot" +HOMEPAGE="https://git.kernel.org/cgit/linux/kernel/git/jejb/sbsigntools.git/" +SRC_URI=" + https://git.kernel.org/pub/scm/linux/kernel/git/jejb/${PN}.git/snapshot/${P}.tar.gz + https://dev.gentoo.org/~tamiko/distfiles/${MY_PN}-0.8-ccan.tar.gz +" + +LICENSE="GPL-3 LGPL-3 LGPL-2.1 CC0-1.0" +SLOT="0" +KEYWORDS="amd64 arm64 ~riscv x86" +IUSE="" + +RDEPEND=" + dev-libs/openssl:= + sys-apps/util-linux +" +DEPEND=" + ${RDEPEND} + sys-boot/gnu-efi + sys-libs/binutils-libs +" +BDEPEND=" + sys-apps/help2man + virtual/pkgconfig +" + +PATCHES=( + "${FILESDIR}"/${PN}-0.9.4-no-werror.patch +) + +src_prepare() { + mv "${WORKDIR}"/lib/ccan "${S}"/lib || die "mv failed" + rmdir "${WORKDIR}"/lib || die "rmdir failed" + + local iarch + case ${ARCH} in + amd64) iarch=x86_64 ;; + arm64) iarch=aarch64 ;; + ia64) iarch=ia64 ;; + riscv) iarch=riscv64 ;; + x86) iarch=ia32 ;; + *) die "unsupported architecture: ${ARCH}" ;; + esac + sed -i "/^EFI_ARCH=/s:=.*:=${iarch}:" configure.ac || die + sed -i 's/-m64$/& -march=x86-64/' tests/Makefile.am || die + sed -i "/^AR /s:=.*:= $(tc-getAR):" lib/ccan/Makefile.in || die #481480 + + default + eautoreconf +} diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/trousers/Manifest b/sdk_container/src/third_party/portage-stable/app-crypt/trousers/Manifest new file mode 100644 index 0000000000..4556d86ce7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/trousers/Manifest @@ -0,0 +1 @@ +DIST trousers-0.3.15.tar.gz 4699936 BLAKE2B 53c60498ed6a9d3d87295b00676e5d0d82452918c35af6b98c7979ffa2dc04dd817e7cd3f4a33ca17c30b90eab53d80b2bb25306fe9db7bda2125019edfed280 SHA512 769c7d891c6306c1b3252448f86e3043ee837e566c9431f5b4353512113e2907f6ce29c91e8044c420025b79c5f3ff2396ddce93f73b1eb2a15ea1de89ac0fdb diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/61-trousers.rules b/sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/61-trousers.rules similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/61-trousers.rules rename to sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/61-trousers.rules diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/tcsd.initd b/sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/tcsd.initd new file mode 100644 index 0000000000..9b18c48e1e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/tcsd.initd @@ -0,0 +1,19 @@ +#!/sbin/openrc-run +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +command=/usr/sbin/tcsd +description="TrouSerS' TCS daemon (tcsd)" +command_user="tss:tss" + +depend() { + use logger + need net +} + +start_pre() { + if [ ! -c /dev/tpm ] && [ ! -c /dev/tpm0 ] ; then + eerror "No TPM device found!" + return 1 + fi +} diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/tcsd.service b/sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/tcsd.service new file mode 100644 index 0000000000..4a46e6143b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/tcsd.service @@ -0,0 +1,10 @@ +[Unit] +Description=TCG Core Services Daemon + +[Service] +User=tss +ExecStart=/usr/sbin/tcsd -f + +[Install] +WantedBy=multi-user.target + diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.13-nouseradd.patch b/sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/trousers-0.3.13-nouseradd.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.13-nouseradd.patch rename to sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/trousers-0.3.13-nouseradd.patch diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-Makefile.am-Mark-tddl.a-nodist.patch b/sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/trousers-0.3.14-Makefile.am-Mark-tddl.a-nodist.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-Makefile.am-Mark-tddl.a-nodist.patch rename to sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/trousers-0.3.14-Makefile.am-Mark-tddl.a-nodist.patch diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/trousers-0.3.15-tspi-drop-the-use-of-getpwent_r.patch b/sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/trousers-0.3.15-tspi-drop-the-use-of-getpwent_r.patch new file mode 100644 index 0000000000..ab6ef762bc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/trousers/files/trousers-0.3.15-tspi-drop-the-use-of-getpwent_r.patch @@ -0,0 +1,69 @@ +https://bugs.gentoo.org/713444 + +From 2299eadf77ae7a7ec52148b6a8f4ea37e217eafa Mon Sep 17 00:00:00 2001 +From: Stijn Tintel +Date: Thu, 2 Feb 2023 01:06:15 +0200 +Subject: [PATCH] tspi: drop the use of getpwent_r + +On systems with musl libc, libtspi.so is unusable due to the lack of +getpwent_r. As there are multiple historical functions named getpwent_r +that all behave differently, let's just play it safe and stop using it +altogether. + +Signed-off-by: Stijn Tintel +--- + src/tspi/ps/tspps.c | 16 ---------------- + 1 file changed, 16 deletions(-) + +diff --git a/src/tspi/ps/tspps.c b/src/tspi/ps/tspps.c +index b5e83d0..ae7b3df 100644 +--- a/src/tspi/ps/tspps.c ++++ b/src/tspi/ps/tspps.c +@@ -51,9 +51,7 @@ + + static int user_ps_fd = -1; + static MUTEX_DECLARE_INIT(user_ps_lock); +-#if (defined (__FreeBSD__) || defined (__OpenBSD__)) + static MUTEX_DECLARE_INIT(user_ps_path); +-#endif + static struct flock fl; + + +@@ -66,9 +64,6 @@ get_user_ps_path(char **file) + TSS_RESULT result; + char *file_name = NULL, *home_dir = NULL; + struct passwd *pwp; +-#if (defined (__linux) || defined (linux) || defined(__GLIBC__)) +- struct passwd pw; +-#endif + struct stat stat_buf; + char buf[PASSWD_BUFSIZE]; + uid_t euid; +@@ -96,16 +91,6 @@ get_user_ps_path(char **file) + #else + setpwent(); + while (1) { +-#if (defined (__linux) || defined (linux) || defined(__GLIBC__)) +- rc = getpwent_r(&pw, buf, PASSWD_BUFSIZE, &pwp); +- if (rc) { +- LogDebugFn("USER PS: Error getting path to home directory: getpwent_r: %s", +- strerror(rc)); +- endpwent(); +- return TSPERR(TSS_E_INTERNAL_ERROR); +- } +- +-#elif (defined (__FreeBSD__) || defined (__OpenBSD__)) + if ((pwp = getpwent()) == NULL) { + LogDebugFn("USER PS: Error getting path to home directory: getpwent: %s", + strerror(rc)); +@@ -113,7 +98,6 @@ get_user_ps_path(char **file) + MUTEX_UNLOCK(user_ps_path); + return TSPERR(TSS_E_INTERNAL_ERROR); + } +-#endif + if (euid == pwp->pw_uid) { + home_dir = strdup(pwp->pw_dir); + break; +-- +2.39.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/metadata.xml b/sdk_container/src/third_party/portage-stable/app-crypt/trousers/metadata.xml similarity index 64% rename from sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/metadata.xml rename to sdk_container/src/third_party/portage-stable/app-crypt/trousers/metadata.xml index 643c6bf8c7..2eceffb8ae 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/app-crypt/trousers/metadata.xml @@ -1,11 +1,11 @@ - + - + salah.coronya@gmail.com - Salah Coronya + Christopher Byrne - + proxy-maint@gentoo.org Proxy Maintainers diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/trousers/trousers-0.3.15-r1.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/trousers/trousers-0.3.15-r1.ebuild new file mode 100644 index 0000000000..dc79a35af9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/trousers/trousers-0.3.15-r1.ebuild @@ -0,0 +1,73 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools linux-info readme.gentoo-r1 systemd udev + +DESCRIPTION="An open-source TCG Software Stack (TSS) v1.1 implementation" +HOMEPAGE="http://trousers.sf.net" +SRC_URI="https://downloads.sourceforge.net/trousers/${PN}/${P}.tar.gz" + +LICENSE="CPL-1.0 GPL-2" +SLOT="0" +KEYWORDS="amd64 arm arm64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 x86" +IUSE="doc selinux" # gtk + +# gtk support presently does NOT compile. +# gtk? ( >=x11-libs/gtk+-2 ) + +DEPEND="acct-group/tss + acct-user/tss + >=dev-libs/glib-2 + >=dev-libs/openssl-0.9.7:0= + " +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-tcsd )" +BDEPEND="virtual/pkgconfig" + +PATCHES=( + "${FILESDIR}/${PN}-0.3.13-nouseradd.patch" + "${FILESDIR}/${PN}-0.3.14-Makefile.am-Mark-tddl.a-nodist.patch" + "${FILESDIR}/${P}-tspi-drop-the-use-of-getpwent_r.patch" +) + +DOCS="AUTHORS ChangeLog NICETOHAVES README TODO" + +DOC_CONTENTS=" + If you have problems starting tcsd, please check permissions and + ownership on /dev/tpm* and ~tss/system.data +" + +CONFIG_CHECK="~TCG_TPM" + +src_prepare() { + default + eautoreconf +} + +src_configure() { + # econf --with-gui=$(usex gtk gtk openssl) + econf --with-gui=openssl +} + +src_install() { + default + find "${D}" -name '*.la' -delete || die + + keepdir /var/lib/tpm + use doc && dodoc doc/* + newinitd "${FILESDIR}"/tcsd.initd tcsd + systemd_dounit "${FILESDIR}"/tcsd.service + udev_dorules "${FILESDIR}"/61-trousers.rules + fowners tss:tss /var/lib/tpm + readme.gentoo_create_doc +} + +pkg_postinst() { + udev_reload +} + +pkg_postrm() { + udev_reload +} diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/trousers/trousers-0.3.15.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/trousers/trousers-0.3.15.ebuild new file mode 100644 index 0000000000..ba36bc65b5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/trousers/trousers-0.3.15.ebuild @@ -0,0 +1,72 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools linux-info readme.gentoo-r1 systemd udev + +DESCRIPTION="An open-source TCG Software Stack (TSS) v1.1 implementation" +HOMEPAGE="http://trousers.sf.net" +SRC_URI="https://downloads.sourceforge.net/trousers/${PN}/${P}.tar.gz" + +LICENSE="CPL-1.0 GPL-2" +SLOT="0" +KEYWORDS="amd64 arm arm64 ~loong ~m68k ~ppc ppc64 ~riscv ~s390 x86" +IUSE="doc selinux" # gtk + +# gtk support presently does NOT compile. +# gtk? ( >=x11-libs/gtk+-2 ) + +DEPEND="acct-group/tss + acct-user/tss + >=dev-libs/glib-2 + >=dev-libs/openssl-0.9.7:0= + " +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-tcsd )" +BDEPEND="virtual/pkgconfig" + +PATCHES=( + "${FILESDIR}/${PN}-0.3.13-nouseradd.patch" + "${FILESDIR}/${PN}-0.3.14-Makefile.am-Mark-tddl.a-nodist.patch" +) + +DOCS="AUTHORS ChangeLog NICETOHAVES README TODO" + +DOC_CONTENTS=" + If you have problems starting tcsd, please check permissions and + ownership on /dev/tpm* and ~tss/system.data +" + +CONFIG_CHECK="~TCG_TPM" + +src_prepare() { + default + eautoreconf +} + +src_configure() { + # econf --with-gui=$(usex gtk gtk openssl) + econf --with-gui=openssl +} + +src_install() { + default + find "${D}" -name '*.la' -delete || die + + keepdir /var/lib/tpm + use doc && dodoc doc/* + newinitd "${FILESDIR}"/tcsd.initd tcsd + systemd_dounit "${FILESDIR}"/tcsd.service + udev_dorules "${FILESDIR}"/61-trousers.rules + fowners tss:tss /var/lib/tpm + readme.gentoo_create_doc +} + +pkg_postinst() { + udev_reload +} + +pkg_postrm() { + udev_reload +} diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/dbus-glib/Manifest b/sdk_container/src/third_party/portage-stable/dev-libs/dbus-glib/Manifest similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/dev-libs/dbus-glib/Manifest rename to sdk_container/src/third_party/portage-stable/dev-libs/dbus-glib/Manifest diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/dbus-glib/dbus-glib-0.112-r1.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/dbus-glib/dbus-glib-0.112.ebuild similarity index 82% rename from sdk_container/src/third_party/coreos-overlay/dev-libs/dbus-glib/dbus-glib-0.112-r1.ebuild rename to sdk_container/src/third_party/portage-stable/dev-libs/dbus-glib/dbus-glib-0.112.ebuild index 78482ec9d6..7faec8fb4b 100644 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/dbus-glib/dbus-glib-0.112-r1.ebuild +++ b/sdk_container/src/third_party/portage-stable/dev-libs/dbus-glib/dbus-glib-0.112.ebuild @@ -1,9 +1,9 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 -inherit autotools bash-completion-r1 multilib-minimal toolchain-funcs +inherit autotools bash-completion-r1 flag-o-matic multilib-minimal toolchain-funcs DESCRIPTION="D-Bus bindings for glib" HOMEPAGE="https://dbus.freedesktop.org/" @@ -11,7 +11,7 @@ SRC_URI="https://dbus.freedesktop.org/releases/${PN}/${P}.tar.gz" LICENSE="|| ( GPL-2 AFL-2.1 )" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris" +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos" IUSE="debug static-libs test" RESTRICT="!test? ( test )" @@ -22,11 +22,11 @@ DEPEND=" " RDEPEND="${DEPEND}" BDEPEND=" - dev-build/gtk-doc-am >=dev-libs/expat-2.1.0-r3 >=dev-libs/glib-2.40:2 >=sys-apps/dbus-1.8 >=dev-util/glib-utils-2.40 + >=dev-build/gtk-doc-am-1.14 virtual/pkgconfig " # CBUILD dependencies are needed to make a native tool while cross-compiling. @@ -43,6 +43,9 @@ src_prepare() { } multilib_src_configure() { + # bug #943768 + append-cflags -std=gnu17 + local myconf=( --localstatedir="${EPREFIX}"/var --enable-bash-completion @@ -58,9 +61,6 @@ multilib_src_configure() { ECONF_SOURCE="${S}" econf_build myconf+=( --with-dbus-binding-tool="$PWD/dbus/dbus-binding-tool" ) cd - || die - # Flatcar: override glib-genmarshal path - local build_pkg_config="$(tc-getBUILD_PROG PKG_CONFIG pkg-config)" - myconf+=(GLIB_GENMARSHAL="$("${build_pkg_config}" --variable=glib_genmarshal glib-2.0)") fi ECONF_SOURCE="${S}" econf "${myconf[@]}" diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/dbus-glib/metadata.xml b/sdk_container/src/third_party/portage-stable/dev-libs/dbus-glib/metadata.xml similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/dev-libs/dbus-glib/metadata.xml rename to sdk_container/src/third_party/portage-stable/dev-libs/dbus-glib/metadata.xml diff --git a/sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/Manifest b/sdk_container/src/third_party/portage-stable/dev-util/bsdiff/Manifest similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/Manifest rename to sdk_container/src/third_party/portage-stable/dev-util/bsdiff/Manifest diff --git a/sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/bsdiff-4.3-r4.ebuild b/sdk_container/src/third_party/portage-stable/dev-util/bsdiff/bsdiff-4.3-r4.ebuild similarity index 59% rename from sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/bsdiff-4.3-r4.ebuild rename to sdk_container/src/third_party/portage-stable/dev-util/bsdiff/bsdiff-4.3-r4.ebuild index 3b66dbd7b0..4fed0325c4 100644 --- a/sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/bsdiff-4.3-r4.ebuild +++ b/sdk_container/src/third_party/portage-stable/dev-util/bsdiff/bsdiff-4.3-r4.ebuild @@ -11,25 +11,19 @@ SRC_URI="https://www.daemonology.net/bsdiff/${P}.tar.gz" LICENSE="BSD-2" SLOT="0" -KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~mips ppc sparc x86 ~amd64-linux ~x86-linux ~ppc-macos" +KEYWORDS="~alpha amd64 ~arm ~hppa ~mips ppc sparc x86 ~amd64-linux ~x86-linux ~ppc-macos" RDEPEND="app-arch/bzip2" DEPEND="${RDEPEND}" PATCHES=( "${FILESDIR}/${P}-CVE-2014-9862.patch" - # Flatcar: Apply patch to change suffix sort to sais-lite, and - # to fix heap overflow vulnerability CVE-2020-14315. - "${FILESDIR}/${PV}_bsdiff-convert-to-sais-lite-suffix-sort.patch" - "${FILESDIR}/${P}-CVE-2020-14315.patch" ) src_compile() { append-lfs-flags - # Flatcar: build including sais.c, which comes from 3rd-party patch - # 4.3_bsdiff-convert-to-sais-lite-suffix-sort.patch. - edo $(tc-getCC) ${CPPFLAGS} ${CFLAGS} ${LDFLAGS} -o bsdiff bsdiff.c sais.c -lbz2 + edo $(tc-getCC) ${CPPFLAGS} ${CFLAGS} ${LDFLAGS} -o bsdiff bsdiff.c -lbz2 edo $(tc-getCC) ${CPPFLAGS} ${CFLAGS} ${LDFLAGS} -o bspatch bspatch.c -lbz2 } diff --git a/sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/files/bsdiff-4.3-CVE-2014-9862.patch b/sdk_container/src/third_party/portage-stable/dev-util/bsdiff/files/bsdiff-4.3-CVE-2014-9862.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/files/bsdiff-4.3-CVE-2014-9862.patch rename to sdk_container/src/third_party/portage-stable/dev-util/bsdiff/files/bsdiff-4.3-CVE-2014-9862.patch diff --git a/sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/metadata.xml b/sdk_container/src/third_party/portage-stable/dev-util/bsdiff/metadata.xml similarity index 65% rename from sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/metadata.xml rename to sdk_container/src/third_party/portage-stable/dev-util/bsdiff/metadata.xml index 115e9d64a6..a686893727 100644 --- a/sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/dev-util/bsdiff/metadata.xml @@ -2,4 +2,7 @@ + + cpe:/a:daemonology:bsdiff + diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/ebtables/Manifest b/sdk_container/src/third_party/portage-stable/net-firewall/ebtables/Manifest similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-firewall/ebtables/Manifest rename to sdk_container/src/third_party/portage-stable/net-firewall/ebtables/Manifest diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/ebtables/ebtables-2.0.11-r3.ebuild b/sdk_container/src/third_party/portage-stable/net-firewall/ebtables/ebtables-2.0.11-r3.ebuild similarity index 88% rename from sdk_container/src/third_party/coreos-overlay/net-firewall/ebtables/ebtables-2.0.11-r3.ebuild rename to sdk_container/src/third_party/portage-stable/net-firewall/ebtables/ebtables-2.0.11-r3.ebuild index bf33af5eb1..21b871f38e 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-firewall/ebtables/ebtables-2.0.11-r3.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-firewall/ebtables/ebtables-2.0.11-r3.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI="7" @@ -15,7 +15,7 @@ S="${WORKDIR}/${MY_P}" LICENSE="GPL-2" SLOT="0" -KEYWORDS="amd64 ~arm arm64 ppc ~ppc64 ~riscv x86" +KEYWORDS="amd64 arm arm64 ~loong ppc ppc64 ~riscv x86" IUSE="+perl static" BDEPEND=">=app-eselect/eselect-iptables-20200508" @@ -87,10 +87,9 @@ src_install() { } pkg_postinst() { - # Flatcar: Use the xtables-nft-multi to use the nft_backend instead of the legacy if ! eselect ebtables show &>/dev/null; then - elog "Current ebtables implementation is unset, setting to xtables-nft-multi" - eselect ebtables set xtables-nft-multi + elog "Current ebtables implementation is unset, setting to ebtables-legacy" + eselect ebtables set ebtables-legacy fi eselect ebtables show diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/ebtables/files/ebtables-2.0.11-ebt-save.patch b/sdk_container/src/third_party/portage-stable/net-firewall/ebtables/files/ebtables-2.0.11-ebt-save.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-firewall/ebtables/files/ebtables-2.0.11-ebt-save.patch rename to sdk_container/src/third_party/portage-stable/net-firewall/ebtables/files/ebtables-2.0.11-ebt-save.patch diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/ebtables/files/ebtables-2.0.11-makefile.patch b/sdk_container/src/third_party/portage-stable/net-firewall/ebtables/files/ebtables-2.0.11-makefile.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-firewall/ebtables/files/ebtables-2.0.11-makefile.patch rename to sdk_container/src/third_party/portage-stable/net-firewall/ebtables/files/ebtables-2.0.11-makefile.patch diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/ebtables/files/ebtables-2.0.11-remove-stray-atsign.patch b/sdk_container/src/third_party/portage-stable/net-firewall/ebtables/files/ebtables-2.0.11-remove-stray-atsign.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-firewall/ebtables/files/ebtables-2.0.11-remove-stray-atsign.patch rename to sdk_container/src/third_party/portage-stable/net-firewall/ebtables/files/ebtables-2.0.11-remove-stray-atsign.patch diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/ebtables/files/ebtables.confd-r1 b/sdk_container/src/third_party/portage-stable/net-firewall/ebtables/files/ebtables.confd-r1 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-firewall/ebtables/files/ebtables.confd-r1 rename to sdk_container/src/third_party/portage-stable/net-firewall/ebtables/files/ebtables.confd-r1 diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/ebtables/files/ebtables.initd-r1 b/sdk_container/src/third_party/portage-stable/net-firewall/ebtables/files/ebtables.initd-r1 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-firewall/ebtables/files/ebtables.initd-r1 rename to sdk_container/src/third_party/portage-stable/net-firewall/ebtables/files/ebtables.initd-r1 diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/ebtables/metadata.xml b/sdk_container/src/third_party/portage-stable/net-firewall/ebtables/metadata.xml similarity index 85% rename from sdk_container/src/third_party/coreos-overlay/net-firewall/ebtables/metadata.xml rename to sdk_container/src/third_party/portage-stable/net-firewall/ebtables/metadata.xml index 3386c21e01..c14a522a20 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-firewall/ebtables/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/net-firewall/ebtables/metadata.xml @@ -1,5 +1,5 @@ - + base-system@gentoo.org diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/iptables/Manifest b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/Manifest new file mode 100644 index 0000000000..b09d48227e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/Manifest @@ -0,0 +1,3 @@ +DIST iptables-1.8.10.tar.xz 641168 BLAKE2B 417b33fcfc7edeba169caef26ed0322798f6b82500840509f6c10b97b4ef3f11932c0393fc8dcc5946264442bf8ee959a594b6fbd5dc92012cfad30edf130520 SHA512 71e6ed2260859157d61981a4fe5039dc9e8d7da885a626a4b5dae8164c509a9d9f874286b9468bb6a462d6e259d4d32d5967777ecefdd8a293011ae80c00f153 +DIST iptables-1.8.11.tar.xz 649284 BLAKE2B 82daca3940e253f6fda7cf5b3332488c31391ff66c0112c0cae2645ab61918f81e6028ea2b1e1385f21e4c5ff8cd64cba31072a2417a2ab696fe1c6b5464cea1 SHA512 4937020bf52d57a45b76e1eba125214a2f4531de52ff1d15185faeef8bea0cd90eb77f99f81baa573944aa122f350a7198cef41d70594e1b65514784addbcc40 +DIST iptables-1.8.9.tar.xz 637848 BLAKE2B 37ba80be0ee7049c4d3ee5689b273b4d2cc6e6fb9ebb297e86976b5750f987f2ae4536013fe1749ae79b6989c241eaece3202019fafd47d842c7a4fe3e5093b1 SHA512 e367bf286135e39b7401e852de25c1ed06d44befdffd92ed1566eb2ae9704b48ac9196cb971f43c6c83c6ad4d910443d32064bcdf618cfcef6bcab113e31ff70 diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/ip6tables-r1.confd b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/ip6tables-r1.confd similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/ip6tables-r1.confd rename to sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/ip6tables-r1.confd diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-1.8.4-no-symlinks.patch b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/iptables-1.8.4-no-symlinks.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-1.8.4-no-symlinks.patch rename to sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/iptables-1.8.4-no-symlinks.patch diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/iptables-1.8.9-fix-checking-existence-of-rule.patch b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/iptables-1.8.9-fix-checking-existence-of-rule.patch new file mode 100644 index 0000000000..16c894f185 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/iptables-1.8.9-fix-checking-existence-of-rule.patch @@ -0,0 +1,34 @@ +https://git.netfilter.org/iptables/commit/?id=78850e7dba64a949c440dbdbe557f59409c6db48 + +From 78850e7dba64a949c440dbdbe557f59409c6db48 Mon Sep 17 00:00:00 2001 +From: Markus Boehme +Date: Mon, 3 Apr 2023 23:13:47 +0200 +Subject: [PATCH] ip6tables: Fix checking existence of rule + +Pass the proper entry size when creating a match mask for checking the +existence of a rule. Failing to do so causes wrong results. + +Reported-by: Jonathan Caicedo +Fixes: eb2546a846776 ("xshared: Share make_delete_mask() between ip{,6}tables") +Signed-off-by: Markus Boehme +Signed-off-by: Phil Sutter +--- + iptables/ip6tables.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c +index 345af451..9afc32c1 100644 +--- a/iptables/ip6tables.c ++++ b/iptables/ip6tables.c +@@ -331,7 +331,7 @@ check_entry(const xt_chainlabel chain, struct ip6t_entry *fw, + int ret = 1; + unsigned char *mask; + +- mask = make_delete_mask(matches, target, sizeof(fw)); ++ mask = make_delete_mask(matches, target, sizeof(*fw)); + for (i = 0; i < nsaddrs; i++) { + fw->ipv6.src = saddrs[i]; + fw->ipv6.smsk = smasks[i]; +-- +2.42.0.283.g2d96d420d3-goog + diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/iptables-1.8.9-format-security.patch b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/iptables-1.8.9-format-security.patch new file mode 100644 index 0000000000..a95c436009 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/iptables-1.8.9-format-security.patch @@ -0,0 +1,26 @@ +https://git.netfilter.org/iptables/commit/?id=ed4082a7405a5838c205a34c1559e289949200cc + +From ed4082a7405a5838c205a34c1559e289949200cc Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Thu, 12 Jan 2023 14:38:44 +0100 +Subject: extensions: NAT: Fix for -Werror=format-security + +Have to pass either a string literal or format string to xt_xlate_add(). + +Fixes: f30c5edce0413 ("extensions: Merge SNAT, DNAT, REDIRECT and MASQUERADE") +Signed-off-by: Phil Sutter +--- a/extensions/libxt_NAT.c ++++ b/extensions/libxt_NAT.c +@@ -424,7 +424,7 @@ __NAT_xlate(struct xt_xlate *xl, const struct nf_nat_range2 *r, + if (r->flags & NF_NAT_RANGE_PROTO_OFFSET) + return 0; + +- xt_xlate_add(xl, tgt); ++ xt_xlate_add(xl, "%s", tgt); + if (strlen(range_str)) + xt_xlate_add(xl, " to %s", range_str); + if (r->flags & NF_NAT_RANGE_PROTO_RANDOM) { +-- +cgit v1.2.3 + + diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-r1.confd b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/iptables-r1.confd similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-r1.confd rename to sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/iptables-r1.confd diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-r3.init b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/iptables-r3.init similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-r3.init rename to sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/iptables-r3.init diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/iptables-r4.init b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/iptables-r4.init new file mode 100644 index 0000000000..e3b38b30e4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/iptables-r4.init @@ -0,0 +1,167 @@ +#!/sbin/openrc-run +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="check save panic" +extra_started_commands="reload" + +iptables_lock_wait_time=${IPTABLES_LOCK_WAIT_TIME:-"60"} +iptables_lock_wait_interval=${IPTABLES_LOCK_WAIT_INTERVAL:-"1000"} + +iptables_name=${SVCNAME} +case ${iptables_name} in + iptables|ip6tables) ;; + *) iptables_name="iptables" ;; +esac + +iptables_bin="/sbin/${iptables_name}" +case ${iptables_name} in + iptables) iptables_proc="/proc/net/ip_tables_names" + iptables_save=${IPTABLES_SAVE};; + ip6tables) iptables_proc="/proc/net/ip6_tables_names" + iptables_save=${IP6TABLES_SAVE};; +esac + +depend() { + need localmount #434774 + before net +} + +set_table_policy() { + local has_errors=0 chains table=$1 policy=$2 + case ${table} in + nat) chains="PREROUTING POSTROUTING OUTPUT";; + mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; + filter) chains="INPUT FORWARD OUTPUT";; + *) chains="";; + esac + + local chain + for chain in ${chains} ; do + ${iptables_bin} --wait ${iptables_lock_wait_time} -t ${table} -P ${chain} ${policy} + [ $? -ne 0 ] && has_errors=1 + done + + return ${has_errors} +} + +checkkernel() { + if [ ! -e ${iptables_proc} ] ; then + eerror "Your kernel lacks ${iptables_name} support, please load" + eerror "appropriate modules and try again." + return 1 + fi + return 0 +} + +checkconfig() { + if [ -z "${iptables_save}" -o ! -f "${iptables_save}" ] ; then + eerror "Not starting ${iptables_name}. First create some rules then run:" + eerror "/etc/init.d/${iptables_name} save" + return 1 + fi + return 0 +} + +start_pre() { + checkconfig || return 1 +} + +start() { + ebegin "Loading ${iptables_name} state and starting firewall" + ${iptables_bin}-restore --wait ${iptables_lock_wait_time} ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" + eend $? +} + +stop_pre() { + checkkernel || return 1 +} + +stop() { + if [ "${SAVE_ON_STOP}" = "yes" ] ; then + save || return 1 + fi + + ebegin "Stopping firewall" + local has_errors=0 a + for a in $(cat ${iptables_proc}) ; do + set_table_policy $a ACCEPT + [ $? -ne 0 ] && has_errors=1 + + ${iptables_bin} --wait ${iptables_lock_wait_time} -F -t $a + [ $? -ne 0 ] && has_errors=1 + + ${iptables_bin} --wait ${iptables_lock_wait_time} -X -t $a + [ $? -ne 0 ] && has_errors=1 + done + eend ${has_errors} +} + +reload() { + checkkernel || return 1 + checkrules || return 1 + local has_errors=0 a flushed=0 + for a in $(cat ${iptables_proc}) ; do + if ! grep -q "^\*${a}$" "${iptables_save}" ; then + [ $flushed -eq 0 ] && ebegin "Flushing firewall" && flushed=1 + ${iptables_bin} --wait ${iptables_lock_wait_time} -F -t $a + [ $? -ne 0 ] && has_errors=1 + + ${iptables_bin} --wait ${iptables_lock_wait_time} -X -t $a + [ $? -ne 0 ] && has_errors=1 + fi + done + eend ${has_errors} + + start +} + +checkrules() { + ebegin "Checking rules" + ${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" + eend $? +} + +check() { + # Short name for users of init.d script. + checkrules +} + +save() { + ebegin "Saving ${iptables_name} state" + checkpath -q -d "$(dirname "${iptables_save}")" + checkpath -q -m 0600 -f "${iptables_save}" + ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" + eend $? +} + +panic() { + # use iptables autoload capability to load at least all required + # modules and filter table + ${iptables_bin} --wait ${iptables_lock_wait_time} -S >/dev/null + if [ $? -ne 0 ] ; then + eerror "${iptables_bin} failed to load" + return 1 + fi + + if service_started ${iptables_name}; then + rc-service ${iptables_name} stop + fi + + local has_errors=0 a + ebegin "Dropping all packets" + for a in $(cat ${iptables_proc}) ; do + ${iptables_bin} --wait ${iptables_lock_wait_time} -F -t $a + [ $? -ne 0 ] && has_errors=1 + + ${iptables_bin} --wait ${iptables_lock_wait_time} -X -t $a + [ $? -ne 0 ] && has_errors=1 + + if [ "${a}" != "nat" ]; then + # The "nat" table is not intended for filtering, the use of DROP is therefore inhibited. + set_table_policy $a DROP + [ $? -ne 0 ] && has_errors=1 + fi + done + eend ${has_errors} +} diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/ip6tables-restore.service b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/systemd/ip6tables-restore.service similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/ip6tables-restore.service rename to sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/systemd/ip6tables-restore.service diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/ip6tables-store.service b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/systemd/ip6tables-store.service similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/ip6tables-store.service rename to sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/systemd/ip6tables-store.service diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/iptables-restore.service b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/systemd/iptables-restore.service similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/iptables-restore.service rename to sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/systemd/iptables-restore.service diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/iptables-store.service b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/systemd/iptables-store.service similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/iptables-store.service rename to sdk_container/src/third_party/portage-stable/net-firewall/iptables/files/systemd/iptables-store.service diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/iptables/iptables-1.8.10-r1.ebuild b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/iptables-1.8.10-r1.ebuild new file mode 100644 index 0000000000..2ffa21efe8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/iptables-1.8.10-r1.ebuild @@ -0,0 +1,179 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit systemd toolchain-funcs autotools flag-o-matic + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="https://www.netfilter.org/projects/iptables/" +SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.xz" + +LICENSE="GPL-2" +# Subslot reflects PV when libxtables and/or libip*tc was changed +# the last time. +SLOT="0/1.8.3" +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="conntrack netlink nftables pcap static-libs test" +RESTRICT="!test? ( test )" +# TODO: skip tests needing nftables if no xtables-nft-multi (bug #890628) +REQUIRED_USE="test? ( conntrack nftables )" + +COMMON_DEPEND=" + conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 ) + netlink? ( net-libs/libnfnetlink ) + nftables? ( + >=net-libs/libmnl-1.0:= + >=net-libs/libnftnl-1.2.6:= + ) + pcap? ( net-libs/libpcap ) +" +DEPEND=" + ${COMMON_DEPEND} + virtual/os-headers + >=sys-kernel/linux-headers-4.4:0 +" +BDEPEND=" + virtual/pkgconfig + nftables? ( + app-alternatives/lex + app-alternatives/yacc + ) +" +RDEPEND=" + ${COMMON_DEPEND} + nftables? ( net-misc/ethertypes ) + !/dev/null; then + elog "Current iptables implementation is unset, setting to ${default_iptables}" + eselect iptables set "${default_iptables}" + fi + + if use nftables; then + local tables + for tables in {arp,eb}tables; do + if ! eselect ${tables} show &>/dev/null; then + elog "Current ${tables} implementation is unset, setting to ${default_iptables}" + eselect ${tables} set xtables-nft-multi + fi + done + fi + + eselect iptables show +} + +pkg_prerm() { + if [[ -z ${REPLACED_BY_VERSION} ]]; then + elog "Unsetting iptables symlinks before removal" + eselect iptables unset + fi + + if ! has_version 'net-firewall/ebtables'; then + elog "Unsetting ebtables symlinks before removal" + eselect ebtables unset + elif [[ -z ${REPLACED_BY_VERSION} ]]; then + elog "Resetting ebtables symlinks to ebtables-legacy" + eselect ebtables set ebtables-legacy + fi + + if ! has_version 'net-firewall/arptables'; then + elog "Unsetting arptables symlinks before removal" + eselect arptables unset + elif [[ -z ${REPLACED_BY_VERSION} ]]; then + elog "Resetting arptables symlinks to arptables-legacy" + eselect arptables set arptables-legacy + fi + + # The eselect module failing should not be fatal + return 0 +} diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/iptables/iptables-1.8.10.ebuild b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/iptables-1.8.10.ebuild new file mode 100644 index 0000000000..393d59e867 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/iptables-1.8.10.ebuild @@ -0,0 +1,182 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="https://www.netfilter.org/projects/iptables/" +SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.xz" + +LICENSE="GPL-2" +# Subslot reflects PV when libxtables and/or libip*tc was changed +# the last time. +SLOT="0/1.8.3" +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="conntrack netlink nftables pcap static-libs test" +RESTRICT="!test? ( test )" +# TODO: skip tests needing nftables if no xtables-nft-multi (bug #890628) +REQUIRED_USE="test? ( conntrack nftables )" + +COMMON_DEPEND=" + conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 ) + netlink? ( net-libs/libnfnetlink ) + nftables? ( + >=net-libs/libmnl-1.0:= + >=net-libs/libnftnl-1.2.6:= + ) + pcap? ( net-libs/libpcap ) +" +DEPEND=" + ${COMMON_DEPEND} + virtual/os-headers + >=sys-kernel/linux-headers-4.4:0 +" +BDEPEND=" + virtual/pkgconfig + nftables? ( + app-alternatives/lex + app-alternatives/yacc + ) +" +RDEPEND=" + ${COMMON_DEPEND} + nftables? ( net-misc/ethertypes ) + !/dev/null; then + elog "Current iptables implementation is unset, setting to ${default_iptables}" + eselect iptables set "${default_iptables}" + fi + + if use nftables; then + local tables + for tables in {arp,eb}tables; do + if ! eselect ${tables} show &>/dev/null; then + elog "Current ${tables} implementation is unset, setting to ${default_iptables}" + eselect ${tables} set xtables-nft-multi + fi + done + fi + + eselect iptables show +} + +pkg_prerm() { + if [[ -z ${REPLACED_BY_VERSION} ]]; then + elog "Unsetting iptables symlinks before removal" + eselect iptables unset + fi + + if ! has_version 'net-firewall/ebtables'; then + elog "Unsetting ebtables symlinks before removal" + eselect ebtables unset + elif [[ -z ${REPLACED_BY_VERSION} ]]; then + elog "Resetting ebtables symlinks to ebtables-legacy" + eselect ebtables set ebtables-legacy + fi + + if ! has_version 'net-firewall/arptables'; then + elog "Unsetting arptables symlinks before removal" + eselect arptables unset + elif [[ -z ${REPLACED_BY_VERSION} ]]; then + elog "Resetting arptables symlinks to arptables-legacy" + eselect arptables set arptables-legacy + fi + + # The eselect module failing should not be fatal + return 0 +} diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/iptables/iptables-1.8.11-r1.ebuild b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/iptables-1.8.11-r1.ebuild new file mode 100644 index 0000000000..5a3032e919 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/iptables-1.8.11-r1.ebuild @@ -0,0 +1,176 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit systemd toolchain-funcs autotools flag-o-matic + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="https://www.netfilter.org/projects/iptables/" +SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.xz" + +LICENSE="GPL-2" +# Subslot reflects PV when libxtables and/or libip*tc was changed +# the last time. +SLOT="0/1.8.3" +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="conntrack netlink nftables pcap static-libs test" +RESTRICT="!test? ( test )" +# TODO: skip tests needing nftables if no xtables-nft-multi (bug #890628) +REQUIRED_USE="test? ( conntrack nftables )" + +COMMON_DEPEND=" + conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 ) + netlink? ( net-libs/libnfnetlink ) + nftables? ( + >=net-libs/libmnl-1.0:= + >=net-libs/libnftnl-1.2.6:= + ) + pcap? ( net-libs/libpcap ) +" +DEPEND=" + ${COMMON_DEPEND} + virtual/os-headers + >=sys-kernel/linux-headers-4.4:0 +" +BDEPEND=" + virtual/pkgconfig + nftables? ( + app-alternatives/lex + app-alternatives/yacc + ) +" +RDEPEND=" + ${COMMON_DEPEND} + nftables? ( net-misc/ethertypes ) + !/dev/null; then + elog "Current iptables implementation is unset, setting to ${default_iptables}" + eselect iptables set "${default_iptables}" + fi + + if use nftables; then + local tables + for tables in {arp,eb}tables; do + if ! eselect ${tables} show &>/dev/null; then + elog "Current ${tables} implementation is unset, setting to ${default_iptables}" + eselect ${tables} set xtables-nft-multi + fi + done + fi + + eselect iptables show +} + +pkg_prerm() { + if [[ -z ${REPLACED_BY_VERSION} ]]; then + elog "Unsetting iptables symlinks before removal" + eselect iptables unset + fi + + if ! has_version 'net-firewall/ebtables'; then + elog "Unsetting ebtables symlinks before removal" + eselect ebtables unset + elif [[ -z ${REPLACED_BY_VERSION} ]]; then + elog "Resetting ebtables symlinks to ebtables-legacy" + eselect ebtables set ebtables-legacy + fi + + if ! has_version 'net-firewall/arptables'; then + elog "Unsetting arptables symlinks before removal" + eselect arptables unset + elif [[ -z ${REPLACED_BY_VERSION} ]]; then + elog "Resetting arptables symlinks to arptables-legacy" + eselect arptables set arptables-legacy + fi + + # The eselect module failing should not be fatal + return 0 +} diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/iptables/iptables-1.8.11.ebuild b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/iptables-1.8.11.ebuild new file mode 100644 index 0000000000..ba246b4b17 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/iptables-1.8.11.ebuild @@ -0,0 +1,176 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit systemd toolchain-funcs autotools flag-o-matic + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="https://www.netfilter.org/projects/iptables/" +SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.xz" + +LICENSE="GPL-2" +# Subslot reflects PV when libxtables and/or libip*tc was changed +# the last time. +SLOT="0/1.8.3" +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="conntrack netlink nftables pcap static-libs test" +RESTRICT="!test? ( test )" +# TODO: skip tests needing nftables if no xtables-nft-multi (bug #890628) +REQUIRED_USE="test? ( conntrack nftables )" + +COMMON_DEPEND=" + conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 ) + netlink? ( net-libs/libnfnetlink ) + nftables? ( + >=net-libs/libmnl-1.0:= + >=net-libs/libnftnl-1.2.6:= + ) + pcap? ( net-libs/libpcap ) +" +DEPEND=" + ${COMMON_DEPEND} + virtual/os-headers + >=sys-kernel/linux-headers-4.4:0 +" +BDEPEND=" + virtual/pkgconfig + nftables? ( + app-alternatives/lex + app-alternatives/yacc + ) +" +RDEPEND=" + ${COMMON_DEPEND} + nftables? ( net-misc/ethertypes ) + !/dev/null; then + elog "Current iptables implementation is unset, setting to ${default_iptables}" + eselect iptables set "${default_iptables}" + fi + + if use nftables; then + local tables + for tables in {arp,eb}tables; do + if ! eselect ${tables} show &>/dev/null; then + elog "Current ${tables} implementation is unset, setting to ${default_iptables}" + eselect ${tables} set xtables-nft-multi + fi + done + fi + + eselect iptables show +} + +pkg_prerm() { + if [[ -z ${REPLACED_BY_VERSION} ]]; then + elog "Unsetting iptables symlinks before removal" + eselect iptables unset + fi + + if ! has_version 'net-firewall/ebtables'; then + elog "Unsetting ebtables symlinks before removal" + eselect ebtables unset + elif [[ -z ${REPLACED_BY_VERSION} ]]; then + elog "Resetting ebtables symlinks to ebtables-legacy" + eselect ebtables set ebtables-legacy + fi + + if ! has_version 'net-firewall/arptables'; then + elog "Unsetting arptables symlinks before removal" + eselect arptables unset + elif [[ -z ${REPLACED_BY_VERSION} ]]; then + elog "Resetting arptables symlinks to arptables-legacy" + eselect arptables set arptables-legacy + fi + + # The eselect module failing should not be fatal + return 0 +} diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/iptables/iptables-1.8.9-r2.ebuild b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/iptables-1.8.9-r2.ebuild new file mode 100644 index 0000000000..d726e124e3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/iptables-1.8.9-r2.ebuild @@ -0,0 +1,181 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit systemd toolchain-funcs autotools flag-o-matic + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="https://www.netfilter.org/projects/iptables/" +SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.xz" + +LICENSE="GPL-2" +# Subslot reflects PV when libxtables and/or libip*tc was changed +# the last time. +SLOT="0/1.8.3" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="conntrack netlink nftables pcap static-libs test" +RESTRICT="!test? ( test )" +# TODO: skip tests needing nftables if no xtables-nft-multi (bug #890628) +REQUIRED_USE="test? ( conntrack nftables )" + +COMMON_DEPEND=" + conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 ) + netlink? ( net-libs/libnfnetlink ) + nftables? ( + >=net-libs/libmnl-1.0:= + >=net-libs/libnftnl-1.1.6:= + ) + pcap? ( net-libs/libpcap ) +" +DEPEND=" + ${COMMON_DEPEND} + virtual/os-headers + >=sys-kernel/linux-headers-4.4:0 +" +BDEPEND=" + virtual/pkgconfig + nftables? ( + app-alternatives/lex + app-alternatives/yacc + ) +" +RDEPEND=" + ${COMMON_DEPEND} + nftables? ( net-misc/ethertypes ) + !/dev/null; then + elog "Current iptables implementation is unset, setting to ${default_iptables}" + eselect iptables set "${default_iptables}" + fi + + if use nftables; then + local tables + for tables in {arp,eb}tables; do + if ! eselect ${tables} show &>/dev/null; then + elog "Current ${tables} implementation is unset, setting to ${default_iptables}" + eselect ${tables} set xtables-nft-multi + fi + done + fi + + eselect iptables show +} + +pkg_prerm() { + if [[ -z ${REPLACED_BY_VERSION} ]]; then + elog "Unsetting iptables symlinks before removal" + eselect iptables unset + fi + + if ! has_version 'net-firewall/ebtables'; then + elog "Unsetting ebtables symlinks before removal" + eselect ebtables unset + elif [[ -z ${REPLACED_BY_VERSION} ]]; then + elog "Resetting ebtables symlinks to ebtables-legacy" + eselect ebtables set ebtables-legacy + fi + + if ! has_version 'net-firewall/arptables'; then + elog "Unsetting arptables symlinks before removal" + eselect arptables unset + elif [[ -z ${REPLACED_BY_VERSION} ]]; then + elog "Resetting arptables symlinks to arptables-legacy" + eselect arptables set arptables-legacy + fi + + # The eselect module failing should not be fatal + return 0 +} diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/iptables-1.8.8-r5.ebuild b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/iptables-1.8.9.ebuild similarity index 74% rename from sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/iptables-1.8.8-r5.ebuild rename to sdk_container/src/third_party/portage-stable/net-firewall/iptables/iptables-1.8.9.ebuild index f5aff78b2e..89c0132825 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/iptables-1.8.8-r5.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/iptables-1.8.9.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -7,13 +7,13 @@ inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" HOMEPAGE="https://www.netfilter.org/projects/iptables/" -SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2" +SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.xz" LICENSE="GPL-2" # Subslot reflects PV when libxtables and/or libip*tc was changed # the last time. SLOT="0/1.8.3" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" IUSE="conntrack netlink nftables pcap static-libs" COMMON_DEPEND=" @@ -33,26 +33,21 @@ DEPEND=" BDEPEND=" virtual/pkgconfig nftables? ( - sys-devel/flex + app-alternatives/lex app-alternatives/yacc ) " -# Flatcar: Drop net-firewall/arptables as we don't ship arptables. RDEPEND=" ${COMMON_DEPEND} nftables? ( net-misc/ethertypes ) !/dev/null; then elog "Current iptables implementation is unset, setting to ${default_iptables}" eselect iptables set "${default_iptables}" fi - # Flatcar: Drop the arptables, but retain the `for` structure in favor of lesser diff - # to upstream + if use nftables; then local tables - for tables in ebtables; do + for tables in {arp,eb}tables; do if ! eselect ${tables} show &>/dev/null; then elog "Current ${tables} implementation is unset, setting to ${default_iptables}" - eselect ${tables} set "${default_iptables}" + eselect ${tables} set xtables-nft-multi fi done fi @@ -173,6 +162,17 @@ pkg_prerm() { if ! has_version 'net-firewall/ebtables'; then elog "Unsetting ebtables symlinks before removal" eselect ebtables unset + elif [[ -z ${REPLACED_BY_VERSION} ]]; then + elog "Resetting ebtables symlinks to ebtables-legacy" + eselect ebtables set ebtables-legacy + fi + + if ! has_version 'net-firewall/arptables'; then + elog "Unsetting arptables symlinks before removal" + eselect arptables unset + elif [[ -z ${REPLACED_BY_VERSION} ]]; then + elog "Resetting arptables symlinks to arptables-legacy" + eselect arptables set arptables-legacy fi # The eselect module failing should not be fatal diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/metadata.xml b/sdk_container/src/third_party/portage-stable/net-firewall/iptables/metadata.xml similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/metadata.xml rename to sdk_container/src/third_party/portage-stable/net-firewall/iptables/metadata.xml diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/nftables/Manifest b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/Manifest new file mode 100644 index 0000000000..95ba729628 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/Manifest @@ -0,0 +1,2 @@ +DIST nftables-1.1.1.tar.xz 989700 BLAKE2B f273c78369ba755049c6afa63eba195cf29f926fa8fc9bf344022904c00a8c6c4259cc5093e23993a55fd25790af575305df79a7c28624fa7082661b2eed70d0 SHA512 676413d4adadffb15d52c1f8f6432636cab83a7bcda1a18d9f0e6b58819a2c027a49922588c02bd9ad386de930eaa697bfe74c0938b595bf1ee485bfa7cf2e50 +DIST nftables-1.1.1.tar.xz.sig 566 BLAKE2B b7debda3373972f69af9b4b23e1b66a8fd156440187aafba605bb7342c267207e5aa628256e96432ebd4583a6a9436e1969a33636111d2bd8d57185a01e2d502 SHA512 fc23034c512f686167203e827ff2a8f7cb64530211ce92a28793bd49577ce3bf519ffbe910b0071cb21925898497cb5cbf70121c68bfcdbfa4460c63a14203ac diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/libexec/nftables-mk.sh b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/libexec/nftables-mk.sh new file mode 100644 index 0000000000..27defe3c1c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/libexec/nftables-mk.sh @@ -0,0 +1,60 @@ +#!/bin/sh + +main() { + local NFTABLES_SAVE=${2:-'/var/lib/nftables/rules-save'} + case "$1" in + "check") + nft -c -f "${NFTABLES_SAVE}" + ;; + "clear") + nft flush ruleset + ;; + "list") + nft ${SAVE_OPTIONS} list ruleset + ;; + "load") + # We use an include because cat fails with long rulesets see #675188 + printf 'flush ruleset\ninclude "%s"\n' "${NFTABLES_SAVE}" | nft -f - + ;; + "panic") + panic hard | nft -f - + ;; + "soft_panic") + panic soft | nft -f - + ;; + "store") + local tmp_save="${NFTABLES_SAVE}.tmp" + umask 177 + ( + printf '#!/sbin/nft -f\nflush ruleset\n' + nft ${SAVE_OPTIONS} list ruleset + ) > "$tmp_save" && mv ${tmp_save} ${NFTABLES_SAVE} + ;; + esac +} + +panic() { + local erule; + [ "$1" = soft ] && erule="ct state established,related accept;" || erule=""; + cat < ${tmp_save} + else + save_legacy ${tmp_save} + fi + retval=$? + if [ ${retval} ]; then + mv ${tmp_save} ${NFTABLES_SAVE} + fi + ;; + esac + return ${retval} +} + +clear_legacy() { + local l3f line table chain first_line + + first_line=1 + if manualwalk; then + for l3f in $(getfamilies); do + nft list tables ${l3f} | while read line; do + table=$(echo ${line} | sed "s/table[ \t]*//") + deletetable ${l3f} ${table} + done + done + else + nft list tables | while read line; do + l3f=$(echo ${line} | cut -d ' ' -f2) + table=$(echo ${line} | cut -d ' ' -f3) + deletetable ${l3f} ${table} + done + fi +} + +list_legacy() { + local l3f + + if manualwalk; then + for l3f in $(getfamilies); do + nft list tables ${l3f} | while read line; do + line=$(echo ${line} | sed "s/table/table ${l3f}/") + echo "$(nft list ${line})" + done + done + else + nft list tables | while read line; do + echo "$(nft list ${line})" + done + fi +} + +save_legacy() { + tmp_save=$1 + touch "${tmp_save}" + if manualwalk; then + for l3f in $(getfamilies); do + nft list tables ${l3f} | while read line; do + line=$(echo ${line} | sed "s/table/table ${l3f}/") + nft ${SAVE_OPTIONS} list ${line} >> ${tmp_save} + done + done + else + nft list tables | while read line; do + nft ${SAVE_OPTIONS} list ${line} >> "${tmp_save}" + done + fi +} + +use_legacy() { + local major_ver minor_ver + + major_ver=$(uname -r | cut -d '.' -f1) + minor_ver=$(uname -r | cut -d '.' -f2) + + [ $major_ver -ge 4 -o $major_ver -eq 3 -a $minor_ver -ge 18 ] && return 1 + return 0 +} + +CHECK_TABLE_NAME="GENTOO_CHECK_TABLE" + +getfamilies() { + local l3f families + + for l3f in ip arp ip6 bridge inet; do + if nft create table ${l3f} ${CHECK_TABLE_NAME} > /dev/null 2>&1; then + families="${families}${l3f} " + nft delete table ${l3f} ${CHECK_TABLE_NAME} + fi + done + echo ${families} +} + +manualwalk() { + local result l3f=`getfamilies | cut -d ' ' -f1` + + nft create table ${l3f} ${CHECK_TABLE_NAME} + nft list tables | read line + if [ $(echo $line | wc -w) -lt 3 ]; then + result=0 + fi + result=1 + nft delete table ${l3f} ${CHECK_TABLE_NAME} + + return $result +} + +deletetable() { + # family is $1 + # table name is $2 + nft flush table $1 $2 + nft list table $1 $2 | while read l; do + chain=$(echo $l | grep -o 'chain [^[:space:]]\+' | cut -d ' ' -f2) + if [ -n "${chain}" ]; then + nft flush chain $1 $2 ${chain} + nft delete chain $1 $2 ${chain} + fi + done + nft delete table $1 $2 +} + +main "$@" diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/man-pages/gen-manpages.bash b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/man-pages/gen-manpages.bash new file mode 100644 index 0000000000..a2223d3dd5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/man-pages/gen-manpages.bash @@ -0,0 +1,72 @@ +#!/bin/bash +# +# create manpages for nftables + +declare -A MAN_PAGES + +MAN_PAGES=( + [nft.8]="nft.txt" + [libnftables-json.5]="libnftables-json.adoc" + [libnftables.3]="libnftables.adoc" +) + +build_manpages() { + tar axf "${distfile}" -C "${srcdir}" || return + + pushd "${srcdir}/${version}/doc" > /dev/null || return + local manpage + for manpage in "${!MAN_PAGES[@]}"; do + a2x -L --doctype manpage --format manpage -D . "${MAN_PAGES[${manpage}]}" || return + done + popd > /dev/null || return + + local -a tarfiles + readarray -t tarfiles < <(printf -- "${version}/doc/%s\\n" "${!MAN_PAGES[@]}") + + tar -Jc --owner='root:0' --group='root:0' \ + --transform="s:^${version}/doc:${version}-manpages:" \ + -f "${version}-manpages.tar.xz" \ + -C "${srcdir}" \ + "${tarfiles[@]}" || return + + rm -rf "${srcdir:?}/${version}" || return +} + +main() { + shopt -s failglob + local version="${1}" srcdir="${0%/*}" + + if [[ -z ${version} ]]; then + # shellcheck disable=SC2016 + version=$( + find . -maxdepth 1 -type d -a -name 'nftables-*' -printf '%P\0' 2>/dev/null \ + | LC_COLLATE=C sort -z \ + | sed -z -n '${p;Q}' \ + | tr -d '\000' + ) + if [[ -z ${version} ]]; then + # shellcheck disable=SC2016 + version=$( + find . -maxdepth 3 -mindepth 3 -type f -a -name 'nftables-*.ebuild' -printf '%P\0' 2>/dev/null \ + | LC_COLLATE=C sort -z \ + | sed -r -z -n '${s:.*/::;s:-r[0-9]+::;s:[.]ebuild::;p;Q}' \ + | tr -d '\000' + ) + if [[ -z ${version} ]]; then + printf 'Usage %s \n' "${0}" >&2 + return 1 + fi + fi + elif [[ ${version} =~ [0-9.]+ ]]; then + version="nftables-${version}" + fi + + local distdir distfile + local -a distfiles + distdir="$(portageq distdir)" || return + distfiles=( "${distdir}/${version}.tar."* ) || return + distfile="${distfiles[-1]}" + build_manpages || return +} + +main "${@}" diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/nftables-mk.confd b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/nftables-mk.confd new file mode 100644 index 0000000000..5cda24030f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/nftables-mk.confd @@ -0,0 +1,26 @@ +# /etc/conf.d/nftables + +# Location in which nftables initscript will save set rules on +# service shutdown +NFTABLES_SAVE="/var/lib/nftables/rules-save" + +# Options to pass to nft on save +SAVE_OPTIONS="-n" + +# Save state on stopping nftables +SAVE_ON_STOP="yes" + +# Only for OpenRC systems. +# Set to "hard" or "soft" to panic when stopping instead of +# clearing the rules +# Soft panic loads a ruleset dropping any new or invalid connections +# Hard panic loads a ruleset dropping all traffic +PANIC_ON_STOP="" + +# If you need to log nftables messages as soon as nftables starts, +# AND your logger does NOT depend on the network, then you may wish +# to uncomment the next line. +# If your logger depends on the network, and you uncomment this line +# you will create an unresolvable circular dependency during startup. +# After commenting or uncommenting this line, you must run 'rc-update -u'. +#rc_use="logger" diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/nftables-mk.init-r1 b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/nftables-mk.init-r1 new file mode 100644 index 0000000000..1f03301c05 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/nftables-mk.init-r1 @@ -0,0 +1,109 @@ +#!/sbin/openrc-run +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="check clear list panic save soft_panic" +extra_started_commands="reload" + +depend() { + need localmount #434774 + before net +} + +checkkernel() { + if ! /sbin/nft list ruleset >/dev/null 2>/dev/null ; then + eerror "Your kernel lacks nftables support, please load" + eerror "appropriate modules and try again." + return 1 + fi + return 0 +} + +checkconfig() { + if [ -z "${NFTABLES_SAVE}" ] || [ ! -f "${NFTABLES_SAVE}" ] ; then + eerror "Not starting nftables. First create some rules then run:" + eerror "/etc/init.d/${SVCNAME} save" + return 1 + fi + return 0 +} + +_nftables() { + export NFTABLES_SAVE SAVE_OPTIONS + /usr/libexec/nftables/nftables.sh "${@}" +} + +start_pre() { + checkconfig || return 1 + checkkernel || return 1 + check || return 1 +} + +start() { + ebegin "Loading ${SVCNAME} state and starting firewall" + _nftables load "${NFTABLES_SAVE}" + eend ${?} +} + +stop() { + if [ "${SAVE_ON_STOP}" = "yes" ] ; then + save || return 1 + fi + + ebegin "Stopping firewall" + if [ "${PANIC_ON_STOP}" = "hard" ]; then + _nftables panic + elif [ "${PANIC_ON_STOP}" = "soft" ]; then + _nftables soft_panic + else + _nftables clear + fi + eend ${?} +} + +reload() { + start_pre || return 1 + start +} + +clear() { + ebegin "Clearing rules" + _nftables clear + eend ${?} +} + +list() { + _nftables list +} + +check() { + ebegin "Checking rules" + _nftables check "${NFTABLES_SAVE}" + eend ${?} +} + +save() { + ebegin "Saving ${SVCNAME} state" + checkpath -q -d "$(dirname "${NFTABLES_SAVE}")" + checkpath -q -m 0600 -f "${NFTABLES_SAVE}" + _nftables store "${NFTABLES_SAVE}" + eend ${?} +} + +panic() { + if service_started "${SVCNAME}"; then + rc-service "${SVCNAME}" zap + fi + ebegin "Dropping all packets" + _nftables panic + eend ${?} +} + +soft_panic() { + if service_started "${SVCNAME}"; then + rc-service "${SVCNAME}" zap + fi + ebegin "Dropping new connections" + _nftables soft_panic + eend ${?} +} diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/nftables.confd b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/nftables.confd new file mode 100644 index 0000000000..e83a4b9620 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/nftables.confd @@ -0,0 +1,19 @@ +# /etc/conf.d/nftables + +# Location in which nftables initscript will save set rules on +# service shutdown +NFTABLES_SAVE="/var/lib/nftables/rules-save" + +# Options to pass to nft on save +SAVE_OPTIONS="-n" + +# Save state on stopping nftables +SAVE_ON_STOP="yes" + +# If you need to log nftables messages as soon as nftables starts, +# AND your logger does NOT depend on the network, then you may wish +# to uncomment the next line. +# If your logger depends on the network, and you uncomment this line +# you will create an unresolvable circular dependency during startup. +# After commenting or uncommenting this line, you must run 'rc-update -u'. +#rc_use="logger" diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/nftables.init-r1 b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/nftables.init-r1 new file mode 100644 index 0000000000..60f1632f45 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/nftables.init-r1 @@ -0,0 +1,129 @@ +#!/sbin/openrc-run +# Copyright 2014-2017 Nicholas Vinson +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="clear list panic save" +extra_started_commands="reload" +depend() { + need localmount #434774 + before net +} + +_nftables() { + export NFTABLES_SAVE SAVE_OPTIONS + /usr/libexec/nftables/nftables.sh "${@}" +} + +start_pre() { + checkkernel || return 1 + checkconfig || return 1 + return 0 +} + +clear() { + _nftables clear || return 1 + return 0 +} + +list() { + _nftables list || return 1 + return 0 +} + +panic() { + checkkernel || return 1 + if service_started "${RC_SVCNAME}"; then + rc-service "${RC_SVCNAME}" stop + fi + + ebegin "Dropping all packets" + clear + if nft create table ip filter >/dev/null 2>&1; then + nft -f /dev/stdin <<-EOF + table ip filter { + chain input { + type filter hook input priority 0; + drop + } + chain forward { + type filter hook forward priority 0; + drop + } + chain output { + type filter hook output priority 0; + drop + } + } + EOF + fi + if nft create table ip6 filter >/dev/null 2>&1; then + nft -f /dev/stdin <<-EOF + table ip6 filter { + chain input { + type filter hook input priority 0; + drop + } + chain forward { + type filter hook forward priority 0; + drop + } + chain output { + type filter hook output priority 0; + drop + } + } + EOF + fi +} + +reload() { + checkkernel || return 1 + ebegin "Flushing firewall" + clear + start +} + +save() { + ebegin "Saving nftables state" + checkpath -q -d "$(dirname "${NFTABLES_SAVE}")" + checkpath -q -m 0600 -f "${NFTABLES_SAVE}" + export SAVE_OPTIONS + _nftables store "${NFTABLES_SAVE}" + return $? +} + +start() { + ebegin "Loading nftables state and starting firewall" + clear + _nftables load "${NFTABLES_SAVE}" + eend ${?} +} + +stop() { + if yesno "${SAVE_ON_STOP:-yes}"; then + save || return 1 + fi + + ebegin "Stopping firewall" + clear + eend ${?} +} + +checkconfig() { + if [ ! -f "${NFTABLES_SAVE}" ]; then + eerror "Not starting nftables. First create some rules then run:" + eerror "rc-service nftables save" + return 1 + fi + return 0 +} + +checkkernel() { + if ! nft list tables >/dev/null 2>&1; then + eerror "Your kernel lacks nftables support, please load" + eerror "appropriate modules and try again." + return 1 + fi + return 0 +} diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/systemd/nftables-load.service b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/systemd/nftables-load.service new file mode 100644 index 0000000000..149ccac2f5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/systemd/nftables-load.service @@ -0,0 +1,14 @@ +[Unit] +Description=Load nftables firewall rules +# if both are queued for some reason, don't store before restoring :) +Before=nftables-store.service +# sounds reasonable to have firewall up before any of the services go up +Before=network-pre.target +Wants=network-pre.target + +[Service] +Type=oneshot +ExecStart=/usr/libexec/nftables/nftables.sh load /var/lib/nftables/rules-save + +[Install] +WantedBy=basic.target diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/systemd/nftables-restore.service b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/systemd/nftables-restore.service new file mode 100644 index 0000000000..4b68b0a5b0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/systemd/nftables-restore.service @@ -0,0 +1,14 @@ +[Unit] +Description=Store and restore nftables firewall rules +ConditionPathExists=/var/lib/nftables/rules-save +Before=network-pre.target +Wants=network-pre.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/libexec/nftables/nftables.sh load /var/lib/nftables/rules-save +ExecStop=/usr/libexec/nftables/nftables.sh store /var/lib/nftables/rules-save + +[Install] +WantedBy=basic.target diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/systemd/nftables-store.service b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/systemd/nftables-store.service new file mode 100644 index 0000000000..373f8b947d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/files/systemd/nftables-store.service @@ -0,0 +1,11 @@ +[Unit] +Description=Store nftables firewall rules +Before=shutdown.target +DefaultDependencies=No + +[Service] +Type=oneshot +ExecStart=/usr/libexec/nftables/nftables.sh store /var/lib/nftables/rules-save + +[Install] +WantedBy=shutdown.target diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/nftables/metadata.xml b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/metadata.xml similarity index 65% rename from sdk_container/src/third_party/coreos-overlay/net-firewall/nftables/metadata.xml rename to sdk_container/src/third_party/portage-stable/net-firewall/nftables/metadata.xml index cdf267b12f..c8347d8c55 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-firewall/nftables/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/metadata.xml @@ -1,5 +1,5 @@ - + base-system@gentoo.org @@ -9,14 +9,9 @@ prometheanfire@gentoo.org Matthew Thode - - klondike@gentoo.org - Francisco Blas Izquierdo Riera - Create man pages for the package (requires app-text/asciidoc) Enable JSON support via dev-libs/jansson - Install init scripts for 3.18 or higher kernels with atomic rule updates Add libxtables support to try to automatically translate rules added by iptables-compat diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/nftables/nftables-1.1.1-r1.ebuild b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/nftables-1.1.1-r1.ebuild new file mode 100644 index 0000000000..14a775b021 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/nftables-1.1.1-r1.ebuild @@ -0,0 +1,233 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DISTUTILS_OPTIONAL=1 +DISTUTILS_USE_PEP517=setuptools +PYTHON_COMPAT=( python3_{10..13} ) +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/netfilter.org.asc +inherit eapi9-ver edo linux-info distutils-r1 systemd verify-sig + +DESCRIPTION="Linux kernel firewall, NAT and packet mangling tools" +HOMEPAGE="https://netfilter.org/projects/nftables/" + +if [[ ${PV} =~ ^[9]{4,}$ ]]; then + inherit autotools git-r3 + EGIT_REPO_URI="https://git.netfilter.org/${PN}" + BDEPEND="app-alternatives/yacc" +else + SRC_URI=" + https://netfilter.org/projects/nftables/files/${P}.tar.xz + verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.xz.sig ) + " + KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" + BDEPEND="verify-sig? ( sec-keys/openpgp-keys-netfilter )" +fi + +# See COPYING: new code is GPL-2+, existing code is GPL-2 +LICENSE="GPL-2 GPL-2+" +SLOT="0/1" +IUSE="debug doc +gmp json libedit python +readline static-libs test xtables" +RESTRICT="!test? ( test )" + +RDEPEND=" + >=net-libs/libmnl-1.0.4:= + >=net-libs/libnftnl-1.2.8:= + gmp? ( dev-libs/gmp:= ) + json? ( dev-libs/jansson:= ) + python? ( ${PYTHON_DEPS} ) + readline? ( sys-libs/readline:= ) + xtables? ( >=net-firewall/iptables-1.6.1:= ) +" +DEPEND="${RDEPEND}" +BDEPEND+=" + app-alternatives/lex + virtual/pkgconfig + doc? ( + app-text/asciidoc + >=app-text/docbook2X-0.8.8-r4 + ) + python? ( ${DISTUTILS_DEPS} ) +" + +REQUIRED_USE=" + python? ( ${PYTHON_REQUIRED_USE} ) + libedit? ( !readline ) +" + +src_prepare() { + default + + if [[ ${PV} =~ ^[9]{4,}$ ]] ; then + eautoreconf + fi + + if use python; then + pushd py >/dev/null || die + distutils-r1_src_prepare + popd >/dev/null || die + fi +} + +src_configure() { + local myeconfargs=( + --sbindir="${EPREFIX}"/sbin + $(use_enable debug) + $(use_enable doc man-doc) + $(use_with !gmp mini_gmp) + $(use_with json) + $(use_with libedit cli editline) + $(use_with readline cli readline) + $(use_enable static-libs static) + $(use_with xtables) + ) + + econf "${myeconfargs[@]}" + + if use python; then + pushd py >/dev/null || die + distutils-r1_src_configure + popd >/dev/null || die + fi +} + +src_compile() { + default + + if use python; then + pushd py >/dev/null || die + distutils-r1_src_compile + popd >/dev/null || die + fi +} + +src_test() { + emake check + + if [[ ${EUID} == 0 ]]; then + edo tests/shell/run-tests.sh -v + else + ewarn "Skipping shell tests (requires root)" + fi + + if use python; then + pushd tests/py >/dev/null || die + distutils-r1_src_test + popd >/dev/null || die + fi +} + +python_test() { + if [[ ${EUID} == 0 ]]; then + edo "${EPYTHON}" nft-test.py + else + ewarn "Skipping Python tests (requires root)" + fi +} + +src_install() { + default + + if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then + pushd doc >/dev/null || die + doman *.? + popd >/dev/null || die + fi + + # Do it here instead of in src_prepare to avoid eautoreconf + # rmdir lets us catch if more files end up installed in /etc/nftables + dodir /usr/share/doc/${PF}/skels/ + mv "${ED}"/etc/nftables/osf "${ED}"/usr/share/doc/${PF}/skels/osf || die + rmdir "${ED}"/etc/nftables || die + + exeinto /usr/libexec/${PN} + newexe "${FILESDIR}"/libexec/${PN}-mk.sh ${PN}.sh + newconfd "${FILESDIR}"/${PN}-mk.confd ${PN} + newinitd "${FILESDIR}"/${PN}-mk.init-r1 ${PN} + keepdir /var/lib/nftables + + systemd_dounit "${FILESDIR}"/systemd/${PN}-load.service + systemd_dounit "${FILESDIR}"/systemd/${PN}-store.service + + if use python ; then + pushd py >/dev/null || die + distutils-r1_src_install + popd >/dev/null || die + fi + + find "${ED}" -type f -name "*.la" -delete || die +} + +pkg_preinst() { + local stderr + + # There's a history of regressions with nftables upgrades. Perform a + # safety check to help us spot them earlier. For the check to pass, the + # currently loaded ruleset, if any, must be successfully evaluated by + # the newly built instance of nft(8). + if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then + # Either nftables isn't yet in use or nft(8) cannot be executed. + return + elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then + # Report errors induced by trying to list the ruleset but don't + # treat them as being fatal. + printf '%s\n' "${stderr}" >&2 + elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then + # Rulesets generated by iptables-nft are special in nature and + # will not always be printed in a way that constitutes a valid + # syntax for ntf(8). Ignore them. + return + elif set -- "${ED}"/usr/lib*/libnftables.so; + ! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft + then + eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of" + eerror "nft. This probably means that there is a regression introduced by v${PV}." + eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)" + if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then + die "Aborting because of failed nft reload!" + fi + fi +} + +pkg_postinst() { + local save_file + save_file="${EROOT}"/var/lib/nftables/rules-save + + # In order for the nftables-load systemd service to start + # the save_file must exist. + if [[ ! -f "${save_file}" ]]; then + ( umask 177; touch "${save_file}" ) + elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then + ewarn "Your system has dangerous permissions for ${save_file}" + ewarn "It is probably affected by bug #691326." + ewarn "You may need to fix the permissions of the file. To do so," + ewarn "you can run the command in the line below as root." + ewarn " 'chmod 600 \"${save_file}\"'" + fi + + if has_version 'sys-apps/systemd'; then + if ver_replacing -lt "1.1.1-r1"; then + elog "Starting with ${PN}-1.1.1-r1, the ${PN}-restore.service has" + elog "been split into ${PN}-load.service and ${PN}-store.service." + elog + fi + elog "If you wish to enable the firewall rules on boot (on systemd) you" + elog "will need to enable the nftables-load service." + elog " 'systemctl enable ${PN}-load.service'" + elog + elog "Enable nftables-store.service if you want firewall rules to be" + elog "saved at shutdown." + fi + + if has_version 'sys-apps/openrc'; then + elog "If you wish to enable the firewall rules on boot (on openrc) you" + elog "will need to enable the nftables service." + elog " 'rc-update add ${PN} default'" + elog + elog "If you are creating or updating the firewall rules and wish to save" + elog "them to be loaded on the next restart, use the \"save\" functionality" + elog "in the init script." + elog " 'rc-service ${PN} save'" + fi +} diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/nftables/nftables-1.1.1.ebuild b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/nftables-1.1.1.ebuild new file mode 100644 index 0000000000..81f6ec23a5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/nftables-1.1.1.ebuild @@ -0,0 +1,228 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DISTUTILS_OPTIONAL=1 +DISTUTILS_USE_PEP517=setuptools +PYTHON_COMPAT=( python3_{10..13} ) +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/netfilter.org.asc +inherit edo linux-info distutils-r1 systemd verify-sig + +DESCRIPTION="Linux kernel firewall, NAT and packet mangling tools" +HOMEPAGE="https://netfilter.org/projects/nftables/" + +if [[ ${PV} =~ ^[9]{4,}$ ]]; then + inherit autotools git-r3 + EGIT_REPO_URI="https://git.netfilter.org/${PN}" + BDEPEND="app-alternatives/yacc" +else + SRC_URI=" + https://netfilter.org/projects/nftables/files/${P}.tar.xz + verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.xz.sig ) + " + KEYWORDS="amd64 arm arm64 hppa ~loong ~mips ppc ppc64 ~riscv sparc x86" + BDEPEND="verify-sig? ( sec-keys/openpgp-keys-netfilter )" +fi + +# See COPYING: new code is GPL-2+, existing code is GPL-2 +LICENSE="GPL-2 GPL-2+" +SLOT="0/1" +IUSE="debug doc +gmp json libedit python +readline static-libs test xtables" +RESTRICT="!test? ( test )" + +RDEPEND=" + >=net-libs/libmnl-1.0.4:= + >=net-libs/libnftnl-1.2.8:= + gmp? ( dev-libs/gmp:= ) + json? ( dev-libs/jansson:= ) + python? ( ${PYTHON_DEPS} ) + readline? ( sys-libs/readline:= ) + xtables? ( >=net-firewall/iptables-1.6.1:= ) +" +DEPEND="${RDEPEND}" +BDEPEND+=" + app-alternatives/lex + virtual/pkgconfig + doc? ( + app-text/asciidoc + >=app-text/docbook2X-0.8.8-r4 + ) + python? ( ${DISTUTILS_DEPS} ) +" + +REQUIRED_USE=" + python? ( ${PYTHON_REQUIRED_USE} ) + libedit? ( !readline ) +" + +src_prepare() { + default + + if [[ ${PV} =~ ^[9]{4,}$ ]] ; then + eautoreconf + fi + + if use python; then + pushd py >/dev/null || die + distutils-r1_src_prepare + popd >/dev/null || die + fi +} + +src_configure() { + local myeconfargs=( + --sbindir="${EPREFIX}"/sbin + $(use_enable debug) + $(use_enable doc man-doc) + $(use_with !gmp mini_gmp) + $(use_with json) + $(use_with libedit cli editline) + $(use_with readline cli readline) + $(use_enable static-libs static) + $(use_with xtables) + ) + + econf "${myeconfargs[@]}" + + if use python; then + pushd py >/dev/null || die + distutils-r1_src_configure + popd >/dev/null || die + fi +} + +src_compile() { + default + + if use python; then + pushd py >/dev/null || die + distutils-r1_src_compile + popd >/dev/null || die + fi +} + +src_test() { + emake check + + if [[ ${EUID} == 0 ]]; then + edo tests/shell/run-tests.sh -v + else + ewarn "Skipping shell tests (requires root)" + fi + + if use python; then + pushd tests/py >/dev/null || die + distutils-r1_src_test + popd >/dev/null || die + fi +} + +python_test() { + if [[ ${EUID} == 0 ]]; then + edo "${EPYTHON}" nft-test.py + else + ewarn "Skipping Python tests (requires root)" + fi +} + +src_install() { + default + + if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then + pushd doc >/dev/null || die + doman *.? + popd >/dev/null || die + fi + + # Do it here instead of in src_prepare to avoid eautoreconf + # rmdir lets us catch if more files end up installed in /etc/nftables + dodir /usr/share/doc/${PF}/skels/ + mv "${ED}"/etc/nftables/osf "${ED}"/usr/share/doc/${PF}/skels/osf || die + rmdir "${ED}"/etc/nftables || die + + exeinto /usr/libexec/${PN} + newexe "${FILESDIR}"/libexec/${PN}-mk.sh ${PN}.sh + newconfd "${FILESDIR}"/${PN}-mk.confd ${PN} + newinitd "${FILESDIR}"/${PN}-mk.init-r1 ${PN} + keepdir /var/lib/nftables + + systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service + + if use python ; then + pushd py >/dev/null || die + distutils-r1_src_install + popd >/dev/null || die + fi + + find "${ED}" -type f -name "*.la" -delete || die +} + +pkg_preinst() { + local stderr + + # There's a history of regressions with nftables upgrades. Perform a + # safety check to help us spot them earlier. For the check to pass, the + # currently loaded ruleset, if any, must be successfully evaluated by + # the newly built instance of nft(8). + if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then + # Either nftables isn't yet in use or nft(8) cannot be executed. + return + elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then + # Report errors induced by trying to list the ruleset but don't + # treat them as being fatal. + printf '%s\n' "${stderr}" >&2 + elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then + # Rulesets generated by iptables-nft are special in nature and + # will not always be printed in a way that constitutes a valid + # syntax for ntf(8). Ignore them. + return + elif set -- "${ED}"/usr/lib*/libnftables.so; + ! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft + then + eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of" + eerror "nft. This probably means that there is a regression introduced by v${PV}." + eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)" + if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then + die "Aborting because of failed nft reload!" + fi + fi +} + +pkg_postinst() { + local save_file + save_file="${EROOT}"/var/lib/nftables/rules-save + + # In order for the nftables-restore systemd service to start + # the save_file must exist. + if [[ ! -f "${save_file}" ]]; then + ( umask 177; touch "${save_file}" ) + elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then + ewarn "Your system has dangerous permissions for ${save_file}" + ewarn "It is probably affected by bug #691326." + ewarn "You may need to fix the permissions of the file. To do so," + ewarn "you can run the command in the line below as root." + ewarn " 'chmod 600 \"${save_file}\"'" + fi + + if has_version 'sys-apps/systemd'; then + elog "If you wish to enable the firewall rules on boot (on systemd) you" + elog "will need to enable the nftables-restore service." + elog " 'systemctl enable ${PN}-restore.service'" + elog + elog "If you are creating firewall rules before the next system restart" + elog "the nftables-restore service must be manually started in order to" + elog "save those rules on shutdown." + fi + + if has_version 'sys-apps/openrc'; then + elog "If you wish to enable the firewall rules on boot (on openrc) you" + elog "will need to enable the nftables service." + elog " 'rc-update add ${PN} default'" + elog + elog "If you are creating or updating the firewall rules and wish to save" + elog "them to be loaded on the next restart, use the \"save\" functionality" + elog "in the init script." + elog " 'rc-service ${PN} save'" + fi +} diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/nftables/nftables-9999.ebuild b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/nftables-9999.ebuild new file mode 100644 index 0000000000..14a775b021 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-firewall/nftables/nftables-9999.ebuild @@ -0,0 +1,233 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DISTUTILS_OPTIONAL=1 +DISTUTILS_USE_PEP517=setuptools +PYTHON_COMPAT=( python3_{10..13} ) +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/netfilter.org.asc +inherit eapi9-ver edo linux-info distutils-r1 systemd verify-sig + +DESCRIPTION="Linux kernel firewall, NAT and packet mangling tools" +HOMEPAGE="https://netfilter.org/projects/nftables/" + +if [[ ${PV} =~ ^[9]{4,}$ ]]; then + inherit autotools git-r3 + EGIT_REPO_URI="https://git.netfilter.org/${PN}" + BDEPEND="app-alternatives/yacc" +else + SRC_URI=" + https://netfilter.org/projects/nftables/files/${P}.tar.xz + verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.xz.sig ) + " + KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" + BDEPEND="verify-sig? ( sec-keys/openpgp-keys-netfilter )" +fi + +# See COPYING: new code is GPL-2+, existing code is GPL-2 +LICENSE="GPL-2 GPL-2+" +SLOT="0/1" +IUSE="debug doc +gmp json libedit python +readline static-libs test xtables" +RESTRICT="!test? ( test )" + +RDEPEND=" + >=net-libs/libmnl-1.0.4:= + >=net-libs/libnftnl-1.2.8:= + gmp? ( dev-libs/gmp:= ) + json? ( dev-libs/jansson:= ) + python? ( ${PYTHON_DEPS} ) + readline? ( sys-libs/readline:= ) + xtables? ( >=net-firewall/iptables-1.6.1:= ) +" +DEPEND="${RDEPEND}" +BDEPEND+=" + app-alternatives/lex + virtual/pkgconfig + doc? ( + app-text/asciidoc + >=app-text/docbook2X-0.8.8-r4 + ) + python? ( ${DISTUTILS_DEPS} ) +" + +REQUIRED_USE=" + python? ( ${PYTHON_REQUIRED_USE} ) + libedit? ( !readline ) +" + +src_prepare() { + default + + if [[ ${PV} =~ ^[9]{4,}$ ]] ; then + eautoreconf + fi + + if use python; then + pushd py >/dev/null || die + distutils-r1_src_prepare + popd >/dev/null || die + fi +} + +src_configure() { + local myeconfargs=( + --sbindir="${EPREFIX}"/sbin + $(use_enable debug) + $(use_enable doc man-doc) + $(use_with !gmp mini_gmp) + $(use_with json) + $(use_with libedit cli editline) + $(use_with readline cli readline) + $(use_enable static-libs static) + $(use_with xtables) + ) + + econf "${myeconfargs[@]}" + + if use python; then + pushd py >/dev/null || die + distutils-r1_src_configure + popd >/dev/null || die + fi +} + +src_compile() { + default + + if use python; then + pushd py >/dev/null || die + distutils-r1_src_compile + popd >/dev/null || die + fi +} + +src_test() { + emake check + + if [[ ${EUID} == 0 ]]; then + edo tests/shell/run-tests.sh -v + else + ewarn "Skipping shell tests (requires root)" + fi + + if use python; then + pushd tests/py >/dev/null || die + distutils-r1_src_test + popd >/dev/null || die + fi +} + +python_test() { + if [[ ${EUID} == 0 ]]; then + edo "${EPYTHON}" nft-test.py + else + ewarn "Skipping Python tests (requires root)" + fi +} + +src_install() { + default + + if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then + pushd doc >/dev/null || die + doman *.? + popd >/dev/null || die + fi + + # Do it here instead of in src_prepare to avoid eautoreconf + # rmdir lets us catch if more files end up installed in /etc/nftables + dodir /usr/share/doc/${PF}/skels/ + mv "${ED}"/etc/nftables/osf "${ED}"/usr/share/doc/${PF}/skels/osf || die + rmdir "${ED}"/etc/nftables || die + + exeinto /usr/libexec/${PN} + newexe "${FILESDIR}"/libexec/${PN}-mk.sh ${PN}.sh + newconfd "${FILESDIR}"/${PN}-mk.confd ${PN} + newinitd "${FILESDIR}"/${PN}-mk.init-r1 ${PN} + keepdir /var/lib/nftables + + systemd_dounit "${FILESDIR}"/systemd/${PN}-load.service + systemd_dounit "${FILESDIR}"/systemd/${PN}-store.service + + if use python ; then + pushd py >/dev/null || die + distutils-r1_src_install + popd >/dev/null || die + fi + + find "${ED}" -type f -name "*.la" -delete || die +} + +pkg_preinst() { + local stderr + + # There's a history of regressions with nftables upgrades. Perform a + # safety check to help us spot them earlier. For the check to pass, the + # currently loaded ruleset, if any, must be successfully evaluated by + # the newly built instance of nft(8). + if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then + # Either nftables isn't yet in use or nft(8) cannot be executed. + return + elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then + # Report errors induced by trying to list the ruleset but don't + # treat them as being fatal. + printf '%s\n' "${stderr}" >&2 + elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then + # Rulesets generated by iptables-nft are special in nature and + # will not always be printed in a way that constitutes a valid + # syntax for ntf(8). Ignore them. + return + elif set -- "${ED}"/usr/lib*/libnftables.so; + ! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft + then + eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of" + eerror "nft. This probably means that there is a regression introduced by v${PV}." + eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)" + if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then + die "Aborting because of failed nft reload!" + fi + fi +} + +pkg_postinst() { + local save_file + save_file="${EROOT}"/var/lib/nftables/rules-save + + # In order for the nftables-load systemd service to start + # the save_file must exist. + if [[ ! -f "${save_file}" ]]; then + ( umask 177; touch "${save_file}" ) + elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then + ewarn "Your system has dangerous permissions for ${save_file}" + ewarn "It is probably affected by bug #691326." + ewarn "You may need to fix the permissions of the file. To do so," + ewarn "you can run the command in the line below as root." + ewarn " 'chmod 600 \"${save_file}\"'" + fi + + if has_version 'sys-apps/systemd'; then + if ver_replacing -lt "1.1.1-r1"; then + elog "Starting with ${PN}-1.1.1-r1, the ${PN}-restore.service has" + elog "been split into ${PN}-load.service and ${PN}-store.service." + elog + fi + elog "If you wish to enable the firewall rules on boot (on systemd) you" + elog "will need to enable the nftables-load service." + elog " 'systemctl enable ${PN}-load.service'" + elog + elog "Enable nftables-store.service if you want firewall rules to be" + elog "saved at shutdown." + fi + + if has_version 'sys-apps/openrc'; then + elog "If you wish to enable the firewall rules on boot (on openrc) you" + elog "will need to enable the nftables service." + elog " 'rc-update add ${PN} default'" + elog + elog "If you are creating or updating the firewall rules and wish to save" + elog "them to be loaded on the next restart, use the \"save\" functionality" + elog "in the init script." + elog " 'rc-service ${PN} save'" + fi +} diff --git a/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/Manifest b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/Manifest new file mode 100644 index 0000000000..a754d26a5c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/Manifest @@ -0,0 +1,2 @@ +DIST nfs-utils-2.6.4.tar.bz2 979652 BLAKE2B 45f6e9c98e8148e82684526c2ab0f8976b2a46fd869d91f03cf9afffbaad64b77dc1729a50b74d30c5d65bfe213a1da2f54e3d3e19539b61994f7b65671a26ab SHA512 e5fde25c54f594d00e69c9aeff8abc22663b994ecd37d8516751be98b51b12c61ffec47ee128794e170ec773f0649cb594df1ca104ec4dba561823db423f8533 +DIST nfs-utils-2.7.1.tar.bz2 1001424 BLAKE2B 176c5559c23c2761c1f2beed068fda8bdd39ac9fa09b4b223552c1455152c410d8925adf8d0023300d4355338e9dc8f6b2774ba71488e795945e5f1fee2b305c SHA512 9e55d4a0d672dbb0e20f8ea0213355a0bec054124c2a9437b3e4b81214c24ef5adb43914bd8606d4af14801ec8e6a4f849c9a97d76ae0879566792bbc960845a diff --git a/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/exports b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/exports new file mode 100644 index 0000000000..5102ef27c1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/exports @@ -0,0 +1 @@ +# /etc/exports: NFS file systems being exported. See exports(5). diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/nfs-utils/files/nfs-utils-2.5.2-no-werror.patch b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/nfs-utils-2.5.2-no-werror.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-fs/nfs-utils/files/nfs-utils-2.5.2-no-werror.patch rename to sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/nfs-utils-2.5.2-no-werror.patch diff --git a/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/nfs-utils-2.6.4-C99-inline.patch b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/nfs-utils-2.6.4-C99-inline.patch new file mode 100644 index 0000000000..2797249523 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/nfs-utils-2.6.4-C99-inline.patch @@ -0,0 +1,26 @@ +C99 `inline` is not guaranteed to emit an external definition +https://www.greenend.org.uk/rjk/tech/inline.html +Bug: https://bugs.gentoo.org/922958 + +--- a/utils/exportd/exportd.c ++++ b/utils/exportd/exportd.c +@@ -53,7 +53,7 @@ + */ + inline static void set_signals(void); + +-inline void ++inline static void + cleanup_lockfiles (void) + { + unlink(etab.lockfn); +--- a/utils/mountd/mountd.c ++++ b/utils/mountd/mountd.c +@@ -111,7 +111,7 @@ + nfs_svc_unregister(MOUNTPROG, MOUNTVERS_NFSV3); + } + +-static void ++inline static void + cleanup_lockfiles (void) + { + unlink(etab.lockfn); diff --git a/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/nfs-utils-2.6.4-includes.patch b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/nfs-utils-2.6.4-includes.patch new file mode 100644 index 0000000000..0312ac1a8b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/nfs-utils-2.6.4-includes.patch @@ -0,0 +1,41 @@ +https://bugs.gentoo.org/922373 +https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=bb25f3f594ddf85e5826e931eaaa35874f6a4204 + +From bb25f3f594ddf85e5826e931eaaa35874f6a4204 Mon Sep 17 00:00:00 2001 +From: Petr Vorel +Date: Wed, 3 Jan 2024 19:07:43 -0500 +Subject: [PATCH] reexport/{fsidd,reexport}.c: Re-add missing includes + +Older uClibc-ng requires for close(2), unlink(2) and write(2), + for struct sockaddr_un. + +Fixes: 1a4edb2a ("reexport/fsidd.c: Remove unused headers") +Fixes: bdc79f02 ("support/reexport.c: Remove unused headers") + +Reviewed-by: Giulio Benetti +Tested-by: Giulio Benetti +Signed-off-by: Petr Vorel +Signed-off-by: Steve Dickson +--- a/support/reexport/fsidd.c ++++ b/support/reexport/fsidd.c +@@ -7,6 +7,8 @@ + #include + #endif + #include ++#include ++#include + + #include "conffile.h" + #include "reexport_backend.h" +--- a/support/reexport/reexport.c ++++ b/support/reexport/reexport.c +@@ -7,6 +7,7 @@ + #endif + #include + #include ++#include + #include + + #include "nfsd_path.h" +-- +1.8.3.1 diff --git a/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/nfs-utils-udev-sysctl.patch b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/nfs-utils-udev-sysctl.patch new file mode 100644 index 0000000000..156a3067bb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/nfs-utils-udev-sysctl.patch @@ -0,0 +1,32 @@ +Gentoo installs sysctl in /usr/sbin + +https://bugs.gentoo.org/907688 + +--- a/systemd/60-nfs.rules ++++ b/systemd/60-nfs.rules +@@ -2,20 +2,20 @@ + + # sunrpc module supports "sunrpc.*" sysctls + ACTION=="add", SUBSYSTEM=="module", KERNEL=="sunrpc", \ +- RUN+="/sbin/sysctl -q --pattern ^sunrpc --system" ++ RUN+="/usr/sbin/sysctl -q --pattern ^sunrpc --system" + + # rpcrdma module supports sunrpc.svc_rdma.* + ACTION=="add", SUBSYSTEM=="module", KERNEL=="rpcrdma", \ +- RUN+="/sbin/sysctl -q --pattern ^sunrpc.svc_rdma --system" ++ RUN+="/usr/sbin/sysctl -q --pattern ^sunrpc.svc_rdma --system" + + # lockd module supports "fs.nfs.nlm*" and "fs.nfs.nsm*" sysctls + ACTION=="add", SUBSYSTEM=="module", KERNEL=="lockd", \ +- RUN+="/sbin/sysctl -q --pattern ^fs.nfs.n[sl]m --system" ++ RUN+="/usr/sbin/sysctl -q --pattern ^fs.nfs.n[sl]m --system" + + # nfsv4 module supports "fs.nfs.*" sysctls (nfs_callback_tcpport and idmap_cache_timeout) + ACTION=="add", SUBSYSTEM=="module", KERNEL=="nfsv4", \ +- RUN+="/sbin/sysctl -q --pattern ^fs.nfs.(nfs_callback_tcpport|idmap_cache_timeout) --system" ++ RUN+="/usr/sbin/sysctl -q --pattern ^fs.nfs.(nfs_callback_tcpport|idmap_cache_timeout) --system" + + # nfs module supports "fs.nfs.*" sysctls + ACTION=="add", SUBSYSTEM=="module", KERNEL=="nfs", \ +- RUN+="/sbin/sysctl -q --pattern ^fs.nfs --system" ++ RUN+="/usr/sbin/sysctl -q --pattern ^fs.nfs --system" diff --git a/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/nfs.initd b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/nfs.initd new file mode 100644 index 0000000000..88a13a85db --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/nfs.initd @@ -0,0 +1,155 @@ +#!/sbin/openrc-run +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +extra_started_commands="reload" + +# The binary locations +exportfs=/usr/sbin/exportfs +mountd=/usr/sbin/rpc.mountd +nfsd=/usr/sbin/rpc.nfsd +smnotify=/usr/sbin/sm-notify + +depend() { + local myneed="" + # XXX: no way to detect NFSv4 is desired and so need rpc.idmapd + myneed="${myneed} $( + awk '!/^[[:space:]]*#/ { + # clear the path to avoid spurious matches + $1 = ""; + if ($0 ~ /[(][^)]*sec=(krb|spkm)[^)]*[)]/) { + print "rpc.svcgssd" + exit 0 + } + }' /etc/exports /etc/exports.d/*.exports 2>/dev/null + )" + config /etc/exports /etc/exports.d/*.exports + need portmap + need rpc.statd ${myneed} ${NFS_NEEDED_SERVICES} + use ypbind net dns rpc.rquotad rpc.idmapd rpc.svcgssd + after quota +} + +mkdir_nfsdirs() { + local d + for d in v4recovery v4root ; do + d="/var/lib/nfs/${d}" + [ ! -d "${d}" ] && mkdir -p "${d}" + done +} + +waitfor_exportfs() { + local pid=$1 + ( sleep ${EXPORTFS_TIMEOUT:-30}; kill -9 ${pid} 2>/dev/null ) & + wait $1 +} + +mount_nfsd() { + if [ -e /proc/modules ] ; then + # Make sure nfs support is loaded in the kernel #64709 + if ! grep -qs nfsd /proc/filesystems ; then + modprobe -q nfsd + fi + # Restart idmapd if needed #220747 + if grep -qs nfsd /proc/modules ; then + killall -q --signal=HUP rpc.idmapd + fi + fi + + # This is the new "kernel 2.6 way" to handle the exports file + if grep -qs nfsd /proc/filesystems ; then + if ! mountinfo -q /proc/fs/nfsd ; then + ebegin "Mounting nfsd filesystem in /proc" + mount -t nfsd -o nodev,noexec,nosuid nfsd /proc/fs/nfsd + eend $? + fi + + local o + for o in ${OPTS_NFSD} ; do + echo "${o#*=}" > "/proc/fs/nfsd/${o%%=*}" + done + fi +} + +start_it() { + ebegin "Starting NFS $1" + shift + "$@" + eend $? + ret=$((ret + $?)) +} +start() { + mount_nfsd + mkdir_nfsdirs + + # Exportfs likes to hang if networking isn't working. + # If that's the case, then try to kill it so the + # bootup process can continue. + if grep -qs '^[[:space:]]*"\?/' /etc/exports /etc/exports.d/*.exports ; then + ebegin "Exporting NFS directories" + ${exportfs} -r & + waitfor_exportfs $! + eend $? + fi + + local ret=0 + start_it mountd ${mountd} ${OPTS_RPC_MOUNTD} + start_it daemon ${nfsd} ${OPTS_RPC_NFSD} + [ -x "${smnotify}" ] && start_it smnotify ${smnotify} ${OPTS_SMNOTIFY} + return ${ret} +} + +stop() { + local ret=0 + + ebegin "Stopping NFS mountd" + start-stop-daemon --stop --exec ${mountd} + eend $? + ret=$((ret + $?)) + + ebegin "Stopping NFS daemon" + # Do not attempt to signal kernel nfsd threads directly, #924309 + ${nfsd} 0 + eend $? + ret=$((ret + $?)) + + # When restarting the NFS server, running "exportfs -ua" probably + # isn't what the user wants. Running it causes all entries listed + # in xtab to be removed from the kernel export tables, and the + # xtab file is cleared. This effectively shuts down all NFS + # activity, leaving all clients holding stale NFS filehandles, + # *even* when the NFS server has restarted. + # + # That's what you would want if you were shutting down the NFS + # server for good, or for a long period of time, but not when the + # NFS server will be running again in short order. In this case, + # then "exportfs -r" will reread the xtab, and all the current + # clients will be able to resume NFS activity, *without* needing + # to umount/(re)mount the filesystem. + if [ "${RC_CMD}" != "restart" ] ; then + ebegin "Unexporting NFS directories" + # Exportfs likes to hang if networking isn't working. + # If that's the case, then try to kill it so the + # shutdown process can continue. + ${exportfs} -ua & + waitfor_exportfs $! + eend $? + fi + + return ${ret} +} + +reload() { + # Exportfs likes to hang if networking isn't working. + # If that's the case, then try to kill it so the + # bootup process can continue. + ebegin "Reloading /etc/exports" + ${exportfs} -r 1>&2 & + waitfor_exportfs $! + eend $? +} + +restart() { + svc_stop + svc_start +} diff --git a/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/nfsclient.initd b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/nfsclient.initd new file mode 100644 index 0000000000..e278cbde05 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/nfsclient.initd @@ -0,0 +1,34 @@ +#!/sbin/openrc-run +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +[ -e /etc/conf.d/nfs ] && . /etc/conf.d/nfs + +depend() { + local opts myneed="" + if [ -e /etc/fstab ] ; then + for opts in $(fstabinfo -o -t nfs,nfs4) ; do + case $opts in + *sec=krb*|*sec=spkm*) myneed="$myneed rpc.gssd" ;; + esac + done + fi + config /etc/fstab + need portmap + need rpc.statd rpc.idmapd ${myneed} + use ypbind dns +} + +start() { + if [ -x /usr/sbin/sm-notify ] ; then + ebegin "Starting NFS sm-notify" + /usr/sbin/sm-notify ${OPTS_SMNOTIFY} + eend $? + fi + + # Make sure nfs support is loaded in the kernel #64709 + if [ -e /proc/modules ] && ! grep -qs 'nfs$' /proc/filesystems ; then + modprobe -q nfs + fi + return 0 +} diff --git a/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/rpc.gssd.initd b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/rpc.gssd.initd new file mode 100644 index 0000000000..7bfe920b3d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/rpc.gssd.initd @@ -0,0 +1,24 @@ +#!/sbin/openrc-run +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +[ -e /etc/conf.d/nfs ] && . /etc/conf.d/nfs + +depend() { + use ypbind net + need portmap + need rpc.pipefs + after quota +} + +start() { + ebegin "Starting gssd" + start-stop-daemon --start --exec /usr/sbin/rpc.gssd -- ${OPTS_RPC_GSSD} + eend $? +} + +stop() { + ebegin "Stopping gssd" + start-stop-daemon --stop --exec /usr/sbin/rpc.gssd + eend $? +} diff --git a/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/rpc.idmapd.initd b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/rpc.idmapd.initd new file mode 100644 index 0000000000..9cb36000b5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/rpc.idmapd.initd @@ -0,0 +1,26 @@ +#!/sbin/openrc-run +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +[ -e /etc/conf.d/nfs ] && . /etc/conf.d/nfs + +rpc_bin=/usr/sbin/rpc.idmapd + +depend() { + use ypbind net + need portmap + need rpc.pipefs + after quota +} + +start() { + ebegin "Starting idmapd" + ${rpc_bin} ${OPTS_RPC_IDMAPD} + eend $? "make sure DNOTIFY support is enabled ..." +} + +stop() { + ebegin "Stopping idmapd" + start-stop-daemon --stop --exec ${rpc_bin} + eend $? +} diff --git a/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/rpc.pipefs.initd b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/rpc.pipefs.initd new file mode 100644 index 0000000000..f971a49b39 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/rpc.pipefs.initd @@ -0,0 +1,32 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +MNT="/var/lib/nfs/rpc_pipefs" + +mount_pipefs() { + local fstype=rpc_pipefs + + # if things are already mounted, nothing to do + mountinfo -q ${MNT} && return 0 + + # if rpc_pipefs is not available, try to load sunrpc for it #219566 + grep -qs ${fstype} /proc/filesystems || modprobe -q sunrpc + # if still not available, the `mount` will issue an error for the user + + # now just do it for kicks + mkdir -p ${MNT} + mount -t ${fstype} ${fstype} ${MNT} +} + +start() { + ebegin "Setting up RPC pipefs" + mount_pipefs + eend $? "make sure you have NFS/SUNRPC enabled in your kernel" +} + +stop() { + ebegin "Unmounting RPC pipefs" + umount ${MNT} + eend $? +} diff --git a/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/rpc.statd.initd b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/rpc.statd.initd new file mode 100644 index 0000000000..ea78b9aef6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/rpc.statd.initd @@ -0,0 +1,32 @@ +#!/sbin/openrc-run +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +[ -e /etc/conf.d/nfs ] && . /etc/conf.d/nfs + +rpc_bin=/sbin/rpc.statd +rpc_pid=/var/run/rpc.statd.pid + +depend() { + use ypbind net + need portmap + after quota +} + +start() { + # Don't start rpc.statd if already started by someone else ... + # Don't try and kill it if it's already dead ... + if killall -q -0 ${rpc_bin} ; then + return 0 + fi + + ebegin "Starting NFS statd" + start-stop-daemon --start --exec ${rpc_bin} -- --no-notify ${OPTS_RPC_STATD} + eend $? +} + +stop() { + ebegin "Stopping NFS statd" + start-stop-daemon --stop --exec ${rpc_bin} --pidfile /var/run/rpc.statd.pid + eend $? +} diff --git a/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/rpc.svcgssd.initd b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/rpc.svcgssd.initd new file mode 100644 index 0000000000..11bc4265ed --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/files/rpc.svcgssd.initd @@ -0,0 +1,24 @@ +#!/sbin/openrc-run +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +[ -e /etc/conf.d/nfs ] && . /etc/conf.d/nfs + +depend() { + use ypbind net + need portmap + need rpc.pipefs + after quota +} + +start() { + ebegin "Starting svcgssd" + start-stop-daemon --start --exec /usr/sbin/rpc.svcgssd -- ${OPTS_RPC_SVCGSSD} + eend $? +} + +stop() { + ebegin "Stopping svcgssd" + start-stop-daemon --stop --exec /usr/sbin/rpc.svcgssd + eend $? +} diff --git a/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/metadata.xml b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/metadata.xml new file mode 100644 index 0000000000..d2ea9df1b5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/metadata.xml @@ -0,0 +1,20 @@ + + + + + base-system@gentoo.org + Gentoo Base System + + + Enable NFS junction support in nfsref + Add ldap support + Link mount.nfs with libmount + Enable support for NFSv2 and NFSv3 + Enable support for NFSv4 (includes NFSv4.1 and NFSv4.2) + Support UUID lookups in rpc.mountd + + + cpe:/a:linux-nfs:nfs-utils + nfs + + diff --git a/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/nfs-utils-2.6.4-r11.ebuild b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/nfs-utils-2.6.4-r11.ebuild new file mode 100644 index 0000000000..99425764d7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/nfs-utils-2.6.4-r11.ebuild @@ -0,0 +1,214 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools linux-info systemd + +DESCRIPTION="NFS client and server daemons" +HOMEPAGE="http://linux-nfs.org/ https://git.linux-nfs.org/?p=steved/nfs-utils.git" + +if [[ ${PV} == *_rc* ]] ; then + MY_PV="$(ver_rs 1- -)" + SRC_URI="http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=snapshot;h=refs/tags/${PN}-${MY_PV};sf=tgz -> ${P}.tar.gz" + S="${WORKDIR}/${PN}-${PN}-${MY_PV}" +else + SRC_URI="https://downloads.sourceforge.net/nfs/${P}.tar.bz2" + KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="caps junction kerberos ldap +libmount +nfsv3 +nfsv4 sasl selinux tcpd +uuid" +REQUIRED_USE="|| ( nfsv3 nfsv4 ) kerberos? ( nfsv4 )" +# bug #315573 +RESTRICT="test" + +# kth-krb doesn't provide the right include +# files, and nfs-utils doesn't build against heimdal either, +# so don't depend on virtual/krb. +# (04 Feb 2005 agriffis) +COMMON_DEPEND=" + dev-libs/libxml2 + net-libs/libtirpc:= + sys-fs/e2fsprogs + dev-db/sqlite:3 + dev-libs/libevent:= + caps? ( sys-libs/libcap ) + ldap? ( + net-nds/openldap:= + sasl? ( + app-crypt/mit-krb5 + dev-libs/cyrus-sasl:2 + ) + ) + libmount? ( sys-apps/util-linux ) + nfsv3? ( >=net-nds/rpcbind-0.2.4 ) + nfsv4? ( + >=sys-apps/keyutils-1.5.9:= + sys-fs/lvm2 + kerberos? ( + >=net-libs/libtirpc-0.2.4-r1[kerberos] + app-crypt/mit-krb5 + ) + ) + tcpd? ( sys-apps/tcp-wrappers ) + uuid? ( sys-apps/util-linux )" +DEPEND="${COMMON_DEPEND} + elibc_musl? ( sys-libs/queue-standalone ) +" +RDEPEND="${COMMON_DEPEND} + !net-libs/libnfsidmap + selinux? ( + sec-policy/selinux-rpc + nfsv3? ( sec-policy/selinux-rpcbind ) + ) +" +BDEPEND=" + net-libs/rpcsvc-proto + virtual/pkgconfig +" + +PATCHES=( + "${FILESDIR}"/${PN}-2.5.2-no-werror.patch + "${FILESDIR}"/${PN}-udev-sysctl.patch + "${FILESDIR}"/${P}-includes.patch + "${FILESDIR}"/${P}-C99-inline.patch +) + +pkg_setup() { + linux-info_pkg_setup + + if use nfsv4 && linux_config_exists && ! linux_chkconfig_present CRYPTO_MD5 ; then + ewarn "Your NFS server will be unable to track clients across server restarts!" + ewarn "Please enable ${HILITE}CONFIG_CRYPTO_MD5${NORMAL} in your kernel to" + ewarn "support the legacy, in-kernel client tracker." + fi +} + +src_prepare() { + default + + sed \ + -e "/^sbindir/s:= := \"${EPREFIX}\":g" \ + -i utils/*/Makefile.am || die + + eautoreconf +} + +src_configure() { + # Our DEPEND forces this. + export libsqlite3_cv_is_recent=yes + export ac_cv_header_keyutils_h=$(usex nfsv4) + + # SASL is consumed in a purely automagic way + export ac_cv_header_sasl_h=no + export ac_cv_header_sasl_sasl_h=$(usex sasl) + + local myeconfargs=( + --disable-static + --with-statedir="${EPREFIX}"/var/lib/nfs + --enable-tirpc + --with-tirpcinclude="${ESYSROOT}"/usr/include/tirpc/ + --with-pluginpath="${EPREFIX}"/usr/$(get_libdir)/libnfsidmap + --with-rpcgen + --with-systemd="$(systemd_get_systemunitdir)" + --without-gssglue + $(use_enable caps) + --enable-ipv6 + $(use_enable junction) + $(use_enable kerberos gss) + $(use_enable kerberos svcgss) + $(use_enable ldap) + $(use_enable libmount libmount-mount) + $(use_enable nfsv4) + $(use_enable nfsv4 nfsdcld) + $(use_enable nfsv4 nfsdcltrack) + $(use_enable nfsv4 nfsv41) + $(use_enable nfsv4 nfsv4server) + $(use_enable uuid) + $(use_with tcpd tcp-wrappers) + ) + econf "${myeconfargs[@]}" +} + +src_compile() { + # Remove compiled files bundled in the tarball + emake clean + + default +} + +src_install() { + default + rm linux-nfs/Makefile* || die + dodoc -r linux-nfs README + + # Don't overwrite existing xtab/etab, install the original + # versions somewhere safe... more info in pkg_postinst + keepdir /var/lib/nfs/{,sm,sm.bak} + mv "${ED}"/var/lib/nfs "${ED}"/usr/$(get_libdir)/ || die + + # Install some client-side binaries in /sbin + dodir /sbin + mv "${ED}"/usr/sbin/rpc.statd "${ED}"/sbin/ || die + + if use nfsv4 ; then + insinto /etc + doins support/nfsidmap/idmapd.conf + + # Install a config file for idmappers in newer kernels. bug #415625 + insinto /etc/request-key.d + echo 'create id_resolver * * /usr/sbin/nfsidmap -t 600 %k %d' > id_resolver.conf + doins id_resolver.conf + fi + + insinto /etc + doins "${FILESDIR}"/exports + keepdir /etc/exports.d + + local f list=() + if use nfsv4 ; then + list+=( rpc.idmapd rpc.pipefs ) + use kerberos && list+=( rpc.gssd rpc.svcgssd ) + fi + + local sedexp=( -e '#placehoder' ) + use nfsv3 || sedexp+=( -e '/need portmap/d' ) + + mkdir -p "${T}/init.d" || die + for f in nfs nfsclient rpc.statd "${list[@]}" ; do + sed "${sedexp[@]}" "${FILESDIR}/${f}.initd" > "${T}/init.d/${f}" || die + doinitd "${T}/init.d/${f}" + done + + local systemd_systemunitdir="$(systemd_get_systemunitdir)" + sed -i \ + -e 's:/usr/sbin/rpc.statd:/sbin/rpc.statd:' \ + "${ED}${systemd_systemunitdir}"/* || die + + # Remove legacy service if not requested (as it will be broken without rpcbind) + if ! use nfsv3; then + rm "${ED}${systemd_systemunitdir}/nfs-server.service" || die + fi + + # bug #368505 + keepdir /var/lib/nfs + # bug #603628 + keepdir /var/lib/nfs/v4recovery + + # No static archives + find "${ED}" -name '*.la' -delete || die +} + +pkg_postinst() { + # Install default xtab and friends if there's none existing. In + # src_install we put them in /usr/lib/nfs for safe-keeping, but + # the daemons actually use the files in /var/lib/nfs. #30486 + local f + for f in "${EROOT}"/usr/$(get_libdir)/nfs/*; do + [[ -e ${EROOT}/var/lib/nfs/${f##*/} ]] && continue + einfo "Copying default ${f##*/} from ${EPREFIX}/usr/$(get_libdir)/nfs to ${EPREFIX}/var/lib/nfs" + cp -pPR "${f}" "${EROOT}"/var/lib/nfs/ + done +} diff --git a/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/nfs-utils-2.7.1.ebuild b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/nfs-utils-2.7.1.ebuild new file mode 100644 index 0000000000..955f9fbb2b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/nfs-utils/nfs-utils-2.7.1.ebuild @@ -0,0 +1,214 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools linux-info systemd + +DESCRIPTION="NFS client and server daemons" +HOMEPAGE="http://linux-nfs.org/ https://git.linux-nfs.org/?p=steved/nfs-utils.git" + +if [[ ${PV} == *_rc* ]] ; then + MY_PV="$(ver_rs 1- -)" + SRC_URI="http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=snapshot;h=refs/tags/${PN}-${MY_PV};sf=tgz -> ${P}.tar.gz" + S="${WORKDIR}/${PN}-${PN}-${MY_PV}" +else + SRC_URI="https://downloads.sourceforge.net/nfs/${P}.tar.bz2" + KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="caps junction kerberos ldap +libmount +nfsv3 +nfsv4 sasl selinux tcpd +uuid" +REQUIRED_USE="|| ( nfsv3 nfsv4 ) kerberos? ( nfsv4 )" +# bug #315573 +RESTRICT="test" + +# kth-krb doesn't provide the right include +# files, and nfs-utils doesn't build against heimdal either, +# so don't depend on virtual/krb. +# (04 Feb 2005 agriffis) +COMMON_DEPEND=" + dev-libs/libxml2 + net-libs/libtirpc:= + sys-fs/e2fsprogs + dev-db/sqlite:3 + dev-libs/libevent:= + caps? ( sys-libs/libcap ) + ldap? ( + net-nds/openldap:= + sasl? ( + app-crypt/mit-krb5 + dev-libs/cyrus-sasl:2 + ) + ) + libmount? ( sys-apps/util-linux ) + nfsv3? ( >=net-nds/rpcbind-0.2.4 ) + nfsv4? ( + >=sys-apps/keyutils-1.5.9:= + sys-fs/lvm2 + kerberos? ( + >=net-libs/libtirpc-0.2.4-r1[kerberos] + app-crypt/mit-krb5 + ) + ) + tcpd? ( sys-apps/tcp-wrappers ) + uuid? ( sys-apps/util-linux )" +DEPEND="${COMMON_DEPEND} + elibc_musl? ( sys-libs/queue-standalone ) +" +RDEPEND="${COMMON_DEPEND} + !net-libs/libnfsidmap + selinux? ( + sec-policy/selinux-rpc + nfsv3? ( sec-policy/selinux-rpcbind ) + ) +" +BDEPEND=" + net-libs/rpcsvc-proto + virtual/pkgconfig +" + +PATCHES=( + "${FILESDIR}"/${PN}-2.5.2-no-werror.patch + "${FILESDIR}"/${PN}-udev-sysctl.patch + "${FILESDIR}"/${PN}-2.6.4-C99-inline.patch +) + +pkg_setup() { + linux-info_pkg_setup + + if use nfsv4 && linux_config_exists && ! linux_chkconfig_present CRYPTO_MD5 ; then + ewarn "Your NFS server will be unable to track clients across server restarts!" + ewarn "Please enable CONFIG_CRYPTO_MD5 in your kernel to" + ewarn "support the legacy, in-kernel client tracker." + fi +} + +src_prepare() { + default + + sed \ + -e "/^sbindir/s:= := \"${EPREFIX}\":g" \ + -i utils/*/Makefile.am || die + + eautoreconf +} + +src_configure() { + # Our DEPEND forces this. + export libsqlite3_cv_is_recent=yes + export ac_cv_header_keyutils_h=$(usex nfsv4) + + # SASL is consumed in a purely automagic way + export ac_cv_header_sasl_h=no + export ac_cv_header_sasl_sasl_h=$(usex sasl) + + local myeconfargs=( + --disable-static + --with-statedir="${EPREFIX}"/var/lib/nfs + --enable-tirpc + --with-tirpcinclude="${ESYSROOT}"/usr/include/tirpc/ + --with-pluginpath="${EPREFIX}"/usr/$(get_libdir)/libnfsidmap + --with-rpcgen + --with-systemd="$(systemd_get_systemunitdir)" + --without-gssglue + $(use_enable caps) + --enable-ipv6 + $(use_enable junction) + $(use_enable kerberos gss) + $(use_enable kerberos svcgss) + $(use_enable ldap) + $(use_enable libmount libmount-mount) + $(use_enable nfsv4) + $(use_enable nfsv4 nfsdcld) + $(use_enable nfsv4 nfsdcltrack) + $(use_enable nfsv4 nfsv41) + $(use_enable nfsv4 nfsv4server) + $(use_enable uuid) + $(use_with kerberos krb5 "${ESYSROOT}"/usr) + $(use_with tcpd tcp-wrappers) + ) + econf "${myeconfargs[@]}" +} + +src_compile() { + # Remove compiled files bundled in the tarball + emake clean + + default +} + +src_install() { + default + rm linux-nfs/Makefile* || die + dodoc -r linux-nfs README + + # Don't overwrite existing xtab/etab, install the original + # versions somewhere safe... more info in pkg_postinst + keepdir /var/lib/nfs/{,sm,sm.bak} + mv "${ED}"/var/lib/nfs "${ED}"/usr/$(get_libdir)/ || die + + # Install some client-side binaries in /sbin + dodir /sbin + mv "${ED}"/usr/sbin/rpc.statd "${ED}"/sbin/ || die + + if use nfsv4 ; then + insinto /etc + doins support/nfsidmap/idmapd.conf + + # Install a config file for idmappers in newer kernels. bug #415625 + insinto /etc/request-key.d + echo 'create id_resolver * * /usr/sbin/nfsidmap -t 600 %k %d' > id_resolver.conf + doins id_resolver.conf + fi + + insinto /etc + doins "${FILESDIR}"/exports + keepdir /etc/exports.d + + local f list=() + if use nfsv4 ; then + list+=( rpc.idmapd rpc.pipefs ) + use kerberos && list+=( rpc.gssd rpc.svcgssd ) + fi + + local sedexp=( -e '#placehoder' ) + use nfsv3 || sedexp+=( -e '/need portmap/d' ) + + mkdir -p "${T}/init.d" || die + for f in nfs nfsclient rpc.statd "${list[@]}" ; do + sed "${sedexp[@]}" "${FILESDIR}/${f}.initd" > "${T}/init.d/${f}" || die + doinitd "${T}/init.d/${f}" + done + + local systemd_systemunitdir="$(systemd_get_systemunitdir)" + sed -i \ + -e 's:/usr/sbin/rpc.statd:/sbin/rpc.statd:' \ + "${ED}${systemd_systemunitdir}"/* || die + + # Remove legacy service if not requested (as it will be broken without rpcbind) + if ! use nfsv3; then + rm "${ED}${systemd_systemunitdir}/nfs-server.service" || die + fi + + # bug #368505 + keepdir /var/lib/nfs + # bug #603628 + keepdir /var/lib/nfs/v4recovery + + # No static archives + find "${ED}" -name '*.la' -delete || die +} + +pkg_postinst() { + # Install default xtab and friends if there's none existing. In + # src_install we put them in /usr/lib/nfs for safe-keeping, but + # the daemons actually use the files in /var/lib/nfs. #30486 + local f + for f in "${EROOT}"/usr/$(get_libdir)/nfs/*; do + [[ -e ${EROOT}/var/lib/nfs/${f##*/} ]] && continue + einfo "Copying default ${f##*/} from ${EPREFIX}/usr/$(get_libdir)/nfs to ${EPREFIX}/var/lib/nfs" + cp -pPR "${f}" "${EROOT}"/var/lib/nfs/ + done +} diff --git a/sdk_container/src/third_party/portage-stable/net-fs/samba/Manifest b/sdk_container/src/third_party/portage-stable/net-fs/samba/Manifest new file mode 100644 index 0000000000..be105c3a52 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/samba/Manifest @@ -0,0 +1,8 @@ +DIST samba-4.19.7.tar.gz 41851647 BLAKE2B 9bd58363d4cd30f900b286be7c7e172ed0308c4527308d15309a5f3881ba9b1d4c3dd2a37f19d63fdf80a36bd89c9b6001ab2a5aefb724f10721e3a0dc09fa94 SHA512 a837a6255be6268a48c9f41ccad5db040c69b596936a37b011a4c8e3ec68f27ebd1947b86d26b544a7b546ed426dadc450353dff9553698ca4e6e0a3af162ad3 +DIST samba-4.19.8.tar.gz 41878540 BLAKE2B 8d0e720ad572b6c17d90b5f9822eae6bdbaedcc05397fb79a77fc3838a6c9fac852f7ef31d47433efe057b39d97652c7391c4d28b33c4b8f95503129e0bb8470 SHA512 90d5bc6f52d7905b00b846e024220c0eec999d83f0343522e1cf76038e7630280bd0c039ce553e3024f8ebf91ab9b5f18d9395bd46811e1a3bc97261d1f69ca7 +DIST samba-4.19.9.tar.gz 41877221 BLAKE2B 62c6fa2bca40edd8ff879aa34515532a9dc2620df6d6c9cc88677fbd5ff337a635a5ab7964df36d28a1c09748a343424100fa5d483005e9bb34706fa713f4d97 SHA512 c7345cbf2b756429cb7ae4e722f7e3389778711b64a943885b8fdb0e1db85ea93fff6098378d973f8a971faf05052c7f23a6a067e713680c5345b046d9a1fec1 +DIST samba-4.20.5.tar.gz 42503174 BLAKE2B c0e3eed4b7ee02697f379d2f1697ba05536885345fbd6a28959f167686176a2b228306c7a691a3f63940944dc219523a7683f9f41a0150bae94e691c6a89b6cc SHA512 a666fc76dad2d9a68e802454555d2e93f7f71c2781ca5d11cf2fe8af046990b4be6677bbc754298613173849efb4387c16c2fd5557d65ba8b5a1ac02bd8c542a +DIST samba-4.20.7.tar.gz 42523056 BLAKE2B 3ddd41876dc7219396c410941a350bea89464d1012caa112b17457c03612821b64e6be6694ea8a06d3d1168983198c8837edc3cbaa5e8bef11c7bc2fe81531c6 SHA512 60699e332774a33f7c831f628e720bb2f25cf4a3462f24c2451b5eb799952d1a16ee487d76218ff651836ae2c0f406783da520f859a6af47b9a5d1c090019bda +DIST samba-4.21.0.tar.gz 42625973 BLAKE2B 0889f2be3b78affee88250114397de87a77da77d9674815ec5605780a6bb3e2e28dbbae53b66695196408f4aef550acce793e6397045fbea4bb236fdd095ce1a SHA512 5d1d7f89d46f29a772bb56c060934e6868e5a3962915f3c5ab2daff3c3f49863af36c89f989066dd496cf5d0ed8cc63ad9c93f2cfe0b98797baa87b50bc5bf3f +DIST samba-4.21.1.tar.gz 42635617 BLAKE2B e99c6d45758d50195a634d2a2ebdbe324ca3f205d8013fb8fb2160c2581d7551bbff946f3413b2782648470e922d84d8a2f9c3d33e32c46db6391b749ba30000 SHA512 a3fb57d9dc72e7b924995cc59887535a75f4462d3afb68098321efeb15541e372071e3f8277006f9e792491e25a0f05127c2929fd2f22d9ee7dace3c13088cdb +DIST samba-4.21.4.tar.gz 42669530 BLAKE2B 37c3b924799369dfe7a9ac208d3e470d4c41c45eb725f973e6948c3581523abe5fe768ea0a82e38c5a1cf5ad238896ddfd1783a1adebc9fa6d42fbb6769e9bdb SHA512 eed6bfe8b9122198fb44cb0bbb30e7f0c9936147d88f731a79146617edf76b1d5773b36972ac96813feb57effd29825d77e72ad705027eb93ce3b5b7fd196102 diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/4.4/samba4.confd b/sdk_container/src/third_party/portage-stable/net-fs/samba/files/4.4/samba4.confd similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/4.4/samba4.confd rename to sdk_container/src/third_party/portage-stable/net-fs/samba/files/4.4/samba4.confd diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/4.4/samba4.initd-r1 b/sdk_container/src/third_party/portage-stable/net-fs/samba/files/4.4/samba4.initd-r1 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/4.4/samba4.initd-r1 rename to sdk_container/src/third_party/portage-stable/net-fs/samba/files/4.4/samba4.initd-r1 diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/4.4/system-auth-winbind.pam b/sdk_container/src/third_party/portage-stable/net-fs/samba/files/4.4/system-auth-winbind.pam similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/4.4/system-auth-winbind.pam rename to sdk_container/src/third_party/portage-stable/net-fs/samba/files/4.4/system-auth-winbind.pam diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/ldb-2.5.2-skip-wav-tevent-check.patch b/sdk_container/src/third_party/portage-stable/net-fs/samba/files/ldb-2.5.2-skip-wav-tevent-check.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/ldb-2.5.2-skip-wav-tevent-check.patch rename to sdk_container/src/third_party/portage-stable/net-fs/samba/files/ldb-2.5.2-skip-wav-tevent-check.patch diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.18.4-pam.patch b/sdk_container/src/third_party/portage-stable/net-fs/samba/files/samba-4.18.4-pam.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.18.4-pam.patch rename to sdk_container/src/third_party/portage-stable/net-fs/samba/files/samba-4.18.4-pam.patch diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba.conf b/sdk_container/src/third_party/portage-stable/net-fs/samba/files/samba.conf similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba.conf rename to sdk_container/src/third_party/portage-stable/net-fs/samba/files/samba.conf diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/metadata.xml b/sdk_container/src/third_party/portage-stable/net-fs/samba/metadata.xml similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-fs/samba/metadata.xml rename to sdk_container/src/third_party/portage-stable/net-fs/samba/metadata.xml diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/samba-4.19.7.ebuild b/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.19.7.ebuild similarity index 90% rename from sdk_container/src/third_party/coreos-overlay/net-fs/samba/samba-4.19.7.ebuild rename to sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.19.7.ebuild index f6dcd0804f..b71f2f9b62 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/samba-4.19.7.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.19.7.ebuild @@ -5,7 +5,6 @@ EAPI=8 PYTHON_COMPAT=( python3_{10..12} ) PYTHON_REQ_USE="threads(+),xml(+)" -TMPFILES_OPTIONAL=1 inherit python-single-r1 flag-o-matic waf-utils multilib-minimal linux-info systemd pam tmpfiles DESCRIPTION="Samba Suite Version 4" @@ -27,7 +26,6 @@ IUSE="acl addc ads ceph client cluster cups debug fam glusterfs gpg" IUSE+=" iprint json ldap llvm-libunwind pam profiling-data python quota +regedit selinux" IUSE+=" snapper spotlight syslog system-heimdal +system-mitkrb5 systemd test unwind winbind" IUSE+=" zeroconf" -IUSE+=" +minimal" # Flatcar: Only install libraries, not executables. REQUIRED_USE="${PYTHON_REQUIRED_USE} addc? ( json python !system-mitkrb5 winbind ) @@ -61,13 +59,14 @@ TALLOC_VERSION="2.4.1" TDB_VERSION="1.4.9" TEVENT_VERSION="0.15.0" -# Flatcar: exclude perl, icu, libtasn1, Parse-Yapp from DEPEND COMMON_DEPEND=" >=app-arch/libarchive-3.1.2:=[${MULTILIB_USEDEP}] - spotlight? ( dev-libs/icu:=[${MULTILIB_USEDEP}] ) + dev-lang/perl:= + dev-libs/icu:=[${MULTILIB_USEDEP}] dev-libs/libbsd[${MULTILIB_USEDEP}] - !minimal? ( dev-libs/libtasn1:=[${MULTILIB_USEDEP}] ) + dev-libs/libtasn1:=[${MULTILIB_USEDEP}] dev-libs/popt[${MULTILIB_USEDEP}] + dev-perl/Parse-Yapp >=net-libs/gnutls-3.4.7:=[${MULTILIB_USEDEP}] >=sys-fs/e2fsprogs-1.46.4-r51[${MULTILIB_USEDEP}] >=sys-libs/ldb-2.8.1:=[ldap(+)?,${MULTILIB_USEDEP}] @@ -89,7 +88,7 @@ COMMON_DEPEND=" ) ads? ( dev-python/dnspython:=[${PYTHON_USEDEP}] - net-dns/bind[gssapi] + net-dns/bind-tools[gssapi] ) ') acl? ( virtual/acl ) @@ -114,20 +113,19 @@ COMMON_DEPEND=" !system-heimdal? ( !system-mitkrb5? ( sys-apps/keyutils[${MULTILIB_USEDEP}] ) ) systemd? ( sys-apps/systemd:= ) unwind? ( - llvm-libunwind? ( sys-libs/llvm-libunwind:= ) + llvm-libunwind? ( llvm-runtimes/libunwind:= ) !llvm-libunwind? ( sys-libs/libunwind:= ) ) zeroconf? ( net-dns/avahi[dbus] ) " -# Flatcar: pull in JSON only if json is enabled DEPEND="${COMMON_DEPEND} - json? ( dev-perl/JSON ) + dev-perl/JSON net-libs/libtirpc[${MULTILIB_USEDEP}] net-libs/rpcsvc-proto spotlight? ( dev-libs/glib ) test? ( >=dev-util/cmocka-1.1.3[${MULTILIB_USEDEP}] - $(python_gen_cond_dep "dev-python/subunit[\${PYTHON_USEDEP},${MULTILIB_USEDEP}]" ) + $(python_gen_cond_dep "dev-python/python-subunit[\${PYTHON_USEDEP},${MULTILIB_USEDEP}]" ) !system-mitkrb5? ( >=net-dns/resolv_wrapper-1.1.4 >=net-libs/socket_wrapper-1.1.9 @@ -141,8 +139,6 @@ RDEPEND="${COMMON_DEPEND} selinux? ( sec-policy/selinux-samba ) " BDEPEND="${PYTHON_DEPS} - dev-lang/perl:= - dev-perl/Parse-Yapp app-text/docbook-xsl-stylesheets dev-libs/libxslt virtual/pkgconfig @@ -253,10 +249,6 @@ multilib_src_configure() { EOF fi - # Flatcar: we need only the mandatory bundled library, ldb by default. - # Without that, configure will fail because of a missing bundled library. - bundled_libs="ldb" - local myconf=( --enable-fhs --sysconfdir="${EPREFIX}/etc" @@ -366,8 +358,7 @@ multilib_src_install() { newinitd "${CONFDIR}/samba4.initd-r1" samba newconfd "${CONFDIR}/samba4.confd" samba - # Flatcar: do not create samba config if minimal enabled - use minimal || dotmpfiles "${FILESDIR}"/samba.conf + dotmpfiles "${FILESDIR}"/samba.conf if ! use addc ; then rm "${D}/$(systemd_get_systemunitdir)/samba.service" \ || die @@ -387,22 +378,8 @@ multilib_src_install() { insinto /etc/security doins examples/pam_winbind/pam_winbind.conf fi - - # Flatcar: clean up unnecessary files - rm -f "${ED%/}"/etc/samba/* - rm -f "${ED%/}"/usr/lib*/samba/ldb/* - if use minimal ; then - mv "${ED%/}"/usr/bin/net "${T}"/ - rm -f "${ED%/}"/usr/bin/* "${ED%/}"/usr/sbin/* - mv "${T}"/net "${ED%/}"/usr/bin/net - rm -rf ${ED%/}/lib*/security - rm -rf ${ED%/}/usr/lib/systemd - rm -rf ${ED%/}/usr/lib*/perl* - rm -rf ${ED%/}/usr/lib*/python* - rm -rf ${ED%/}/var - fi } pkg_postinst() { - use minimal || tmpfiles_process samba.conf + tmpfiles_process samba.conf } diff --git a/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.19.8.ebuild b/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.19.8.ebuild new file mode 100644 index 0000000000..14c64b2ad4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.19.8.ebuild @@ -0,0 +1,385 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +PYTHON_REQ_USE="threads(+),xml(+)" +inherit python-single-r1 flag-o-matic waf-utils multilib-minimal linux-info systemd pam tmpfiles + +DESCRIPTION="Samba Suite Version 4" +HOMEPAGE="https://samba.org/" + +MY_PV="${PV/_rc/rc}" +MY_P="${PN}-${MY_PV}" +if [[ ${PV} == *_rc* ]]; then + SRC_URI="https://download.samba.org/pub/samba/rc/${MY_P}.tar.gz" +else + SRC_URI="https://download.samba.org/pub/samba/stable/${MY_P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" +fi +S="${WORKDIR}/${MY_P}" + +LICENSE="GPL-3" +SLOT="0" +IUSE="acl addc ads ceph client cluster cups debug fam glusterfs gpg" +IUSE+=" iprint json ldap llvm-libunwind pam profiling-data python quota +regedit selinux" +IUSE+=" snapper spotlight syslog system-heimdal +system-mitkrb5 systemd test unwind winbind" +IUSE+=" zeroconf" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + addc? ( json python !system-mitkrb5 winbind ) + ads? ( acl ldap python winbind ) + cluster? ( ads ) + gpg? ( addc ) + spotlight? ( json ) + test? ( python ) + !ads? ( !addc ) + ?? ( system-heimdal system-mitkrb5 ) +" + +# the test suite is messed, it uses system-installed samba +# bits instead of what was built, tests things disabled via use +# flags, and generally just fails to work in a way ebuilds could +# rely on in its current state +RESTRICT="test" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/samba-4.0/policy.h + /usr/include/samba-4.0/dcerpc_server.h + /usr/include/samba-4.0/ctdb.h + /usr/include/samba-4.0/ctdb_client.h + /usr/include/samba-4.0/ctdb_protocol.h + /usr/include/samba-4.0/ctdb_private.h + /usr/include/samba-4.0/ctdb_typesafe_cb.h + /usr/include/samba-4.0/ctdb_version.h +) + +TALLOC_VERSION="2.4.1" +TDB_VERSION="1.4.9" +TEVENT_VERSION="0.15.0" + +COMMON_DEPEND=" + >=app-arch/libarchive-3.1.2:=[${MULTILIB_USEDEP}] + dev-lang/perl:= + dev-libs/icu:=[${MULTILIB_USEDEP}] + dev-libs/libbsd[${MULTILIB_USEDEP}] + dev-libs/libtasn1:=[${MULTILIB_USEDEP}] + dev-libs/popt[${MULTILIB_USEDEP}] + dev-perl/Parse-Yapp + >=net-libs/gnutls-3.4.7:=[${MULTILIB_USEDEP}] + >=sys-fs/e2fsprogs-1.46.4-r51[${MULTILIB_USEDEP}] + >=sys-libs/ldb-2.8.1:=[ldap(+)?,${MULTILIB_USEDEP}] + =sys-libs/talloc-${TALLOC_VERSION}[${MULTILIB_USEDEP}] + >=sys-libs/tdb-${TDB_VERSION}[${MULTILIB_USEDEP}] + >=sys-libs/tevent-${TEVENT_VERSION}[${MULTILIB_USEDEP}] + sys-libs/zlib[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + virtual/libiconv + $(python_gen_cond_dep ' + addc? ( + dev-python/dnspython:=[${PYTHON_USEDEP}] + dev-python/markdown[${PYTHON_USEDEP}] + ) + ads? ( + dev-python/dnspython:=[${PYTHON_USEDEP}] + net-dns/bind-tools[gssapi] + ) + ') + acl? ( virtual/acl ) + ceph? ( sys-cluster/ceph ) + cluster? ( net-libs/rpcsvc-proto ) + cups? ( net-print/cups ) + debug? ( dev-util/lttng-ust ) + fam? ( virtual/fam ) + gpg? ( app-crypt/gpgme:= ) + json? ( dev-libs/jansson:= ) + ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) + pam? ( sys-libs/pam ) + python? ( + sys-libs/ldb[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/talloc[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/tdb[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/tevent[python,${PYTHON_SINGLE_USEDEP}] + ) + snapper? ( sys-apps/dbus ) + system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl(-),${MULTILIB_USEDEP}] ) + system-mitkrb5? ( >=app-crypt/mit-krb5-1.19[${MULTILIB_USEDEP}] ) + !system-heimdal? ( !system-mitkrb5? ( sys-apps/keyutils[${MULTILIB_USEDEP}] ) ) + systemd? ( sys-apps/systemd:= ) + unwind? ( + llvm-libunwind? ( llvm-runtimes/libunwind:= ) + !llvm-libunwind? ( sys-libs/libunwind:= ) + ) + zeroconf? ( net-dns/avahi[dbus] ) +" +DEPEND="${COMMON_DEPEND} + dev-perl/JSON + net-libs/libtirpc[${MULTILIB_USEDEP}] + net-libs/rpcsvc-proto + spotlight? ( dev-libs/glib ) + test? ( + >=dev-util/cmocka-1.1.3[${MULTILIB_USEDEP}] + $(python_gen_cond_dep "dev-python/python-subunit[\${PYTHON_USEDEP},${MULTILIB_USEDEP}]" ) + !system-mitkrb5? ( + >=net-dns/resolv_wrapper-1.1.4 + >=net-libs/socket_wrapper-1.1.9 + >=sys-libs/nss_wrapper-1.1.3 + >=sys-libs/uid_wrapper-1.2.1 + ) + )" +RDEPEND="${COMMON_DEPEND} + client? ( net-fs/cifs-utils[ads?] ) + python? ( ${PYTHON_DEPS} ) + selinux? ( sec-policy/selinux-samba ) +" +BDEPEND="${PYTHON_DEPS} + app-text/docbook-xsl-stylesheets + dev-libs/libxslt + virtual/pkgconfig +" + +PATCHES=( + "${FILESDIR}"/${PN}-4.18.4-pam.patch + "${FILESDIR}"/ldb-2.5.2-skip-wav-tevent-check.patch +) + +CONFDIR="${FILESDIR}/4.4" +WAF_BINARY="${S}/buildtools/bin/waf" +SHAREDMODS="" + +pkg_setup() { + # Package fails to build with distcc + export DISTCC_DISABLE=1 + export PYTHONHASHSEED=1 + + python-single-r1_pkg_setup + + SHAREDMODS="$(usev !snapper '!')vfs_snapper" + if use cluster ; then + SHAREDMODS+=",idmap_rid,idmap_tdb2,idmap_ad" + elif use ads ; then + SHAREDMODS+=",idmap_ad" + fi +} + +check_samba_dep_versions() { + actual_talloc_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/talloc/wscript || die) + if [[ ${actual_talloc_version} != ${TALLOC_VERSION} ]] ; then + eerror "Source talloc version: ${TALLOC_VERSION}" + eerror "Ebuild talloc version: ${actual_talloc_version}" + die "Ebuild needs to fix TALLOC_VERSION!" + fi + + actual_tdb_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/tdb/wscript || die) + if [[ ${actual_tdb_version} != ${TDB_VERSION} ]] ; then + eerror "Source tdb version: ${TDB_VERSION}" + eerror "Ebuild tdb version: ${actual_tdb_version}" + die "Ebuild needs to fix TDB_VERSION!" + fi + + actual_tevent_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/tevent/wscript || die) + if [[ ${actual_tevent_version} != ${TEVENT_VERSION} ]] ; then + eerror "Source tevent version: ${TEVENT_VERSION}" + eerror "Ebuild tevent version: ${actual_tevent_version}" + die "Ebuild needs to fix TEVENT_VERSION!" + fi +} + +src_prepare() { + default + + check_samba_dep_versions + + # Unbundle dnspython + sed -i -e '/"dns.resolver":/d' "${S}"/third_party/wscript || die + + # Unbundle iso8601 unless tests are enabled + if ! use test ; then + sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die + fi + + # Ugly hackaround for bug #592502 + #cp /usr/include/tevent_internal.h "${S}"/lib/tevent/ || die + + sed -e 's:::' \ + -i source4/dsdb/samdb/ldb_modules/password_hash.c \ + || die + + # WAF + multilib_copy_sources +} + +multilib_src_configure() { + # When specifying libs for samba build you must append NONE to the end to + # stop it automatically including things + local bundled_libs="NONE" + if ! use system-heimdal && ! use system-mitkrb5 ; then + bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE" + fi + + # We "use" bundled cmocka when we're not running tests as we're + # not using it anyway. Means we avoid making users install it for + # no reason. bug #802531 + if ! use test ; then + bundled_libs="cmocka,${bundled_libs}" + fi + + # bug #874633 + if use llvm-libunwind ; then + mkdir -p "${T}"/${ABI}/pkgconfig || die + + local -x PKG_CONFIG_PATH="${T}/${ABI}/pkgconfig:${PKG_CONFIG_PATH}" + + cat <<-EOF > "${T}"/${ABI}/pkgconfig/libunwind-generic.pc || die + exec_prefix=\${prefix} + libdir=/usr/$(get_libdir) + includedir=\${prefix}/include + + Name: libunwind-generic + Description: libunwind generic library + Version: 1.70 + Libs: -L\${libdir} -lunwind + Cflags: -I\${includedir} + EOF + fi + + local myconf=( + --enable-fhs + --sysconfdir="${EPREFIX}/etc" + --localstatedir="${EPREFIX}/var" + --with-modulesdir="${EPREFIX}/usr/$(get_libdir)/samba" + --with-piddir="${EPREFIX}/run/${PN}" + --bundled-libraries="${bundled_libs}" + --builtin-libraries=NONE + --disable-rpath + --disable-rpath-install + --nopyc + --nopyo + --without-winexe + $(multilib_native_use_with acl acl-support) + $(multilib_native_usex addc '' '--without-ad-dc') + $(multilib_native_use_with ads) + $(multilib_native_use_enable ceph cephfs) + $(multilib_native_use_with cluster cluster-support) + $(multilib_native_use_enable cups) + --without-dmapi + $(multilib_native_use_with fam) + $(multilib_native_use_enable glusterfs) + $(multilib_native_use_with gpg gpgme) + $(multilib_native_use_with json) + $(multilib_native_use_enable iprint) + $(multilib_native_use_with pam) + $(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '') + $(multilib_native_use_with quota quotas) + $(multilib_native_use_with regedit) + $(multilib_native_use_enable spotlight) + $(multilib_native_use_with syslog) + $(multilib_native_use_with systemd) + --systemd-install-services + --with-systemddir="$(systemd_get_systemunitdir)" + $(multilib_native_use_with unwind libunwind) + $(multilib_native_use_with winbind) + $(multilib_native_usex python '' '--disable-python') + $(multilib_native_use_enable zeroconf avahi) + $(multilib_native_usex test '--enable-selftest' '') + $(usev system-mitkrb5 "--with-system-mitkrb5 $(multilib_native_usex addc --with-experimental-mit-ad-dc '')") + $(use_with debug lttng) + $(use_with ldap) + $(use_with profiling-data) + # bug #683148 + --jobs 1 + ) + + if multilib_is_native_abi ; then + myconf+=( --with-shared-modules=${SHAREDMODS} ) + else + myconf+=( --with-shared-modules=DEFAULT,!vfs_snapper ) + fi + + append-cppflags "-I${ESYSROOT}/usr/include/et" + + waf-utils_src_configure ${myconf[@]} +} + +multilib_src_compile() { + waf-utils_src_compile +} + +multilib_src_test() { + if multilib_is_native_abi ; then + "${WAF_BINARY}" test || die "Test failed" + fi +} + +multilib_src_install() { + waf-utils_src_install + + # Make all .so files executable + find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die + # smbspool_krb5_wrapper must only be accessible to root, bug #880739 + find "${ED}" -type f -name "smbspool_krb5_wrapper" -exec chmod go-rwx {} + || die + + # Remove empty runtime dirs created by build system (bug #892341) + find "${ED}"/{run,var} -type d -empty -delete || die + + if multilib_is_native_abi ; then + # Install ldap schema for server (bug #491002) + if use ldap ; then + insinto /etc/openldap/schema + doins examples/LDAP/samba.schema + fi + + # Create symlink for cups (bug #552310) + if use cups ; then + dosym ../../../bin/smbspool \ + /usr/libexec/cups/backend/smb + fi + + # Install example config file + insinto /etc/samba + doins examples/smb.conf.default + + # Fix paths in example file (bug #603964) + sed \ + -e '/log file =/s@/usr/local/samba/var/@/var/log/samba/@' \ + -e '/include =/s@/usr/local/samba/lib/@/etc/samba/@' \ + -e '/path =/s@/usr/local/samba/lib/@/var/lib/samba/@' \ + -e '/path =/s@/usr/local/samba/@/var/lib/samba/@' \ + -e '/path =/s@/usr/spool/samba@/var/spool/samba@' \ + -i "${ED}"/etc/samba/smb.conf.default || die + + # Install init script and conf.d file + newinitd "${CONFDIR}/samba4.initd-r1" samba + newconfd "${CONFDIR}/samba4.confd" samba + + dotmpfiles "${FILESDIR}"/samba.conf + if ! use addc ; then + rm "${D}/$(systemd_get_systemunitdir)/samba.service" \ + || die + fi + + # Preserve functionality for old gentoo-specific unit names + dosym nmb.service "$(systemd_get_systemunitdir)/nmbd.service" + dosym smb.service "$(systemd_get_systemunitdir)/smbd.service" + dosym winbind.service "$(systemd_get_systemunitdir)/winbindd.service" + + use python && python_optimize + fi + + if use pam && use winbind ; then + newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind + # bugs #376853 and #590374 + insinto /etc/security + doins examples/pam_winbind/pam_winbind.conf + fi +} + +pkg_postinst() { + tmpfiles_process samba.conf +} diff --git a/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.19.9.ebuild b/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.19.9.ebuild new file mode 100644 index 0000000000..bd4f6d5797 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.19.9.ebuild @@ -0,0 +1,385 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +PYTHON_REQ_USE="threads(+),xml(+)" +inherit python-single-r1 flag-o-matic waf-utils multilib-minimal linux-info systemd pam tmpfiles + +DESCRIPTION="Samba Suite Version 4" +HOMEPAGE="https://samba.org/" + +MY_PV="${PV/_rc/rc}" +MY_P="${PN}-${MY_PV}" +if [[ ${PV} == *_rc* ]]; then + SRC_URI="https://download.samba.org/pub/samba/rc/${MY_P}.tar.gz" +else + SRC_URI="https://download.samba.org/pub/samba/stable/${MY_P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" +fi +S="${WORKDIR}/${MY_P}" + +LICENSE="GPL-3" +SLOT="0" +IUSE="acl addc ads ceph client cluster cups debug fam glusterfs gpg" +IUSE+=" iprint json ldap llvm-libunwind pam profiling-data python quota +regedit selinux" +IUSE+=" snapper spotlight syslog system-heimdal +system-mitkrb5 systemd test unwind winbind" +IUSE+=" zeroconf" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + addc? ( json python !system-mitkrb5 winbind ) + ads? ( acl ldap python winbind ) + cluster? ( ads ) + gpg? ( addc ) + spotlight? ( json ) + test? ( python ) + !ads? ( !addc ) + ?? ( system-heimdal system-mitkrb5 ) +" + +# the test suite is messed, it uses system-installed samba +# bits instead of what was built, tests things disabled via use +# flags, and generally just fails to work in a way ebuilds could +# rely on in its current state +RESTRICT="test" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/samba-4.0/policy.h + /usr/include/samba-4.0/dcerpc_server.h + /usr/include/samba-4.0/ctdb.h + /usr/include/samba-4.0/ctdb_client.h + /usr/include/samba-4.0/ctdb_protocol.h + /usr/include/samba-4.0/ctdb_private.h + /usr/include/samba-4.0/ctdb_typesafe_cb.h + /usr/include/samba-4.0/ctdb_version.h +) + +TALLOC_VERSION="2.4.1" +TDB_VERSION="1.4.9" +TEVENT_VERSION="0.15.0" + +COMMON_DEPEND=" + >=app-arch/libarchive-3.1.2:=[${MULTILIB_USEDEP}] + dev-lang/perl:= + dev-libs/icu:=[${MULTILIB_USEDEP}] + dev-libs/libbsd[${MULTILIB_USEDEP}] + dev-libs/libtasn1:=[${MULTILIB_USEDEP}] + dev-libs/popt[${MULTILIB_USEDEP}] + dev-perl/Parse-Yapp + >=net-libs/gnutls-3.4.7:=[${MULTILIB_USEDEP}] + >=sys-fs/e2fsprogs-1.46.4-r51[${MULTILIB_USEDEP}] + >=sys-libs/ldb-2.8.2:=[ldap(+)?,${MULTILIB_USEDEP}] + =sys-libs/talloc-${TALLOC_VERSION}[${MULTILIB_USEDEP}] + >=sys-libs/tdb-${TDB_VERSION}[${MULTILIB_USEDEP}] + >=sys-libs/tevent-${TEVENT_VERSION}[${MULTILIB_USEDEP}] + sys-libs/zlib[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + virtual/libiconv + $(python_gen_cond_dep ' + addc? ( + dev-python/dnspython:=[${PYTHON_USEDEP}] + dev-python/markdown[${PYTHON_USEDEP}] + ) + ads? ( + dev-python/dnspython:=[${PYTHON_USEDEP}] + net-dns/bind-tools[gssapi] + ) + ') + acl? ( virtual/acl ) + ceph? ( sys-cluster/ceph ) + cluster? ( net-libs/rpcsvc-proto ) + cups? ( net-print/cups ) + debug? ( dev-util/lttng-ust ) + fam? ( virtual/fam ) + gpg? ( app-crypt/gpgme:= ) + json? ( dev-libs/jansson:= ) + ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) + pam? ( sys-libs/pam ) + python? ( + sys-libs/ldb[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/talloc[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/tdb[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/tevent[python,${PYTHON_SINGLE_USEDEP}] + ) + snapper? ( sys-apps/dbus ) + system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl(-),${MULTILIB_USEDEP}] ) + system-mitkrb5? ( >=app-crypt/mit-krb5-1.19[${MULTILIB_USEDEP}] ) + !system-heimdal? ( !system-mitkrb5? ( sys-apps/keyutils[${MULTILIB_USEDEP}] ) ) + systemd? ( sys-apps/systemd:= ) + unwind? ( + llvm-libunwind? ( llvm-runtimes/libunwind:= ) + !llvm-libunwind? ( sys-libs/libunwind:= ) + ) + zeroconf? ( net-dns/avahi[dbus] ) +" +DEPEND="${COMMON_DEPEND} + dev-perl/JSON + net-libs/libtirpc[${MULTILIB_USEDEP}] + net-libs/rpcsvc-proto + spotlight? ( dev-libs/glib ) + test? ( + >=dev-util/cmocka-1.1.3[${MULTILIB_USEDEP}] + $(python_gen_cond_dep "dev-python/python-subunit[\${PYTHON_USEDEP},${MULTILIB_USEDEP}]" ) + !system-mitkrb5? ( + >=net-dns/resolv_wrapper-1.1.4 + >=net-libs/socket_wrapper-1.1.9 + >=sys-libs/nss_wrapper-1.1.3 + >=sys-libs/uid_wrapper-1.2.1 + ) + )" +RDEPEND="${COMMON_DEPEND} + client? ( net-fs/cifs-utils[ads?] ) + python? ( ${PYTHON_DEPS} ) + selinux? ( sec-policy/selinux-samba ) +" +BDEPEND="${PYTHON_DEPS} + app-text/docbook-xsl-stylesheets + dev-libs/libxslt + virtual/pkgconfig +" + +PATCHES=( + "${FILESDIR}"/${PN}-4.18.4-pam.patch + "${FILESDIR}"/ldb-2.5.2-skip-wav-tevent-check.patch +) + +CONFDIR="${FILESDIR}/4.4" +WAF_BINARY="${S}/buildtools/bin/waf" +SHAREDMODS="" + +pkg_setup() { + # Package fails to build with distcc + export DISTCC_DISABLE=1 + export PYTHONHASHSEED=1 + + python-single-r1_pkg_setup + + SHAREDMODS="$(usev !snapper '!')vfs_snapper" + if use cluster ; then + SHAREDMODS+=",idmap_rid,idmap_tdb2,idmap_ad" + elif use ads ; then + SHAREDMODS+=",idmap_ad" + fi +} + +check_samba_dep_versions() { + actual_talloc_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/talloc/wscript || die) + if [[ ${actual_talloc_version} != ${TALLOC_VERSION} ]] ; then + eerror "Source talloc version: ${TALLOC_VERSION}" + eerror "Ebuild talloc version: ${actual_talloc_version}" + die "Ebuild needs to fix TALLOC_VERSION!" + fi + + actual_tdb_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/tdb/wscript || die) + if [[ ${actual_tdb_version} != ${TDB_VERSION} ]] ; then + eerror "Source tdb version: ${TDB_VERSION}" + eerror "Ebuild tdb version: ${actual_tdb_version}" + die "Ebuild needs to fix TDB_VERSION!" + fi + + actual_tevent_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/tevent/wscript || die) + if [[ ${actual_tevent_version} != ${TEVENT_VERSION} ]] ; then + eerror "Source tevent version: ${TEVENT_VERSION}" + eerror "Ebuild tevent version: ${actual_tevent_version}" + die "Ebuild needs to fix TEVENT_VERSION!" + fi +} + +src_prepare() { + default + + check_samba_dep_versions + + # Unbundle dnspython + sed -i -e '/"dns.resolver":/d' "${S}"/third_party/wscript || die + + # Unbundle iso8601 unless tests are enabled + if ! use test ; then + sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die + fi + + # Ugly hackaround for bug #592502 + #cp /usr/include/tevent_internal.h "${S}"/lib/tevent/ || die + + sed -e 's:::' \ + -i source4/dsdb/samdb/ldb_modules/password_hash.c \ + || die + + # WAF + multilib_copy_sources +} + +multilib_src_configure() { + # When specifying libs for samba build you must append NONE to the end to + # stop it automatically including things + local bundled_libs="NONE" + if ! use system-heimdal && ! use system-mitkrb5 ; then + bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE" + fi + + # We "use" bundled cmocka when we're not running tests as we're + # not using it anyway. Means we avoid making users install it for + # no reason. bug #802531 + if ! use test ; then + bundled_libs="cmocka,${bundled_libs}" + fi + + # bug #874633 + if use llvm-libunwind ; then + mkdir -p "${T}"/${ABI}/pkgconfig || die + + local -x PKG_CONFIG_PATH="${T}/${ABI}/pkgconfig:${PKG_CONFIG_PATH}" + + cat <<-EOF > "${T}"/${ABI}/pkgconfig/libunwind-generic.pc || die + exec_prefix=\${prefix} + libdir=/usr/$(get_libdir) + includedir=\${prefix}/include + + Name: libunwind-generic + Description: libunwind generic library + Version: 1.70 + Libs: -L\${libdir} -lunwind + Cflags: -I\${includedir} + EOF + fi + + local myconf=( + --enable-fhs + --sysconfdir="${EPREFIX}/etc" + --localstatedir="${EPREFIX}/var" + --with-modulesdir="${EPREFIX}/usr/$(get_libdir)/samba" + --with-piddir="${EPREFIX}/run/${PN}" + --bundled-libraries="${bundled_libs}" + --builtin-libraries=NONE + --disable-rpath + --disable-rpath-install + --nopyc + --nopyo + --without-winexe + $(multilib_native_use_with acl acl-support) + $(multilib_native_usex addc '' '--without-ad-dc') + $(multilib_native_use_with ads) + $(multilib_native_use_enable ceph cephfs) + $(multilib_native_use_with cluster cluster-support) + $(multilib_native_use_enable cups) + --without-dmapi + $(multilib_native_use_with fam) + $(multilib_native_use_enable glusterfs) + $(multilib_native_use_with gpg gpgme) + $(multilib_native_use_with json) + $(multilib_native_use_enable iprint) + $(multilib_native_use_with pam) + $(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '') + $(multilib_native_use_with quota quotas) + $(multilib_native_use_with regedit) + $(multilib_native_use_enable spotlight) + $(multilib_native_use_with syslog) + $(multilib_native_use_with systemd) + --systemd-install-services + --with-systemddir="$(systemd_get_systemunitdir)" + $(multilib_native_use_with unwind libunwind) + $(multilib_native_use_with winbind) + $(multilib_native_usex python '' '--disable-python') + $(multilib_native_use_enable zeroconf avahi) + $(multilib_native_usex test '--enable-selftest' '') + $(usev system-mitkrb5 "--with-system-mitkrb5 $(multilib_native_usex addc --with-experimental-mit-ad-dc '')") + $(use_with debug lttng) + $(use_with ldap) + $(use_with profiling-data) + # bug #683148 + --jobs 1 + ) + + if multilib_is_native_abi ; then + myconf+=( --with-shared-modules=${SHAREDMODS} ) + else + myconf+=( --with-shared-modules=DEFAULT,!vfs_snapper ) + fi + + append-cppflags "-I${ESYSROOT}/usr/include/et" + + waf-utils_src_configure ${myconf[@]} +} + +multilib_src_compile() { + waf-utils_src_compile +} + +multilib_src_test() { + if multilib_is_native_abi ; then + "${WAF_BINARY}" test || die "Test failed" + fi +} + +multilib_src_install() { + waf-utils_src_install + + # Make all .so files executable + find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die + # smbspool_krb5_wrapper must only be accessible to root, bug #880739 + find "${ED}" -type f -name "smbspool_krb5_wrapper" -exec chmod go-rwx {} + || die + + # Remove empty runtime dirs created by build system (bug #892341) + find "${ED}"/{run,var} -type d -empty -delete || die + + if multilib_is_native_abi ; then + # Install ldap schema for server (bug #491002) + if use ldap ; then + insinto /etc/openldap/schema + doins examples/LDAP/samba.schema + fi + + # Create symlink for cups (bug #552310) + if use cups ; then + dosym ../../../bin/smbspool \ + /usr/libexec/cups/backend/smb + fi + + # Install example config file + insinto /etc/samba + doins examples/smb.conf.default + + # Fix paths in example file (bug #603964) + sed \ + -e '/log file =/s@/usr/local/samba/var/@/var/log/samba/@' \ + -e '/include =/s@/usr/local/samba/lib/@/etc/samba/@' \ + -e '/path =/s@/usr/local/samba/lib/@/var/lib/samba/@' \ + -e '/path =/s@/usr/local/samba/@/var/lib/samba/@' \ + -e '/path =/s@/usr/spool/samba@/var/spool/samba@' \ + -i "${ED}"/etc/samba/smb.conf.default || die + + # Install init script and conf.d file + newinitd "${CONFDIR}/samba4.initd-r1" samba + newconfd "${CONFDIR}/samba4.confd" samba + + dotmpfiles "${FILESDIR}"/samba.conf + if ! use addc ; then + rm "${D}/$(systemd_get_systemunitdir)/samba.service" \ + || die + fi + + # Preserve functionality for old gentoo-specific unit names + dosym nmb.service "$(systemd_get_systemunitdir)/nmbd.service" + dosym smb.service "$(systemd_get_systemunitdir)/smbd.service" + dosym winbind.service "$(systemd_get_systemunitdir)/winbindd.service" + + use python && python_optimize + fi + + if use pam && use winbind ; then + newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind + # bugs #376853 and #590374 + insinto /etc/security + doins examples/pam_winbind/pam_winbind.conf + fi +} + +pkg_postinst() { + tmpfiles_process samba.conf +} diff --git a/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.20.5.ebuild b/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.20.5.ebuild new file mode 100644 index 0000000000..92740c1a10 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.20.5.ebuild @@ -0,0 +1,385 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..13} ) +PYTHON_REQ_USE="threads(+),xml(+)" +inherit python-single-r1 flag-o-matic waf-utils multilib-minimal linux-info systemd pam tmpfiles + +DESCRIPTION="Samba Suite Version 4" +HOMEPAGE="https://samba.org/" + +MY_PV="${PV/_rc/rc}" +MY_P="${PN}-${MY_PV}" +if [[ ${PV} == *_rc* ]]; then + SRC_URI="https://download.samba.org/pub/samba/rc/${MY_P}.tar.gz" +else + SRC_URI="https://download.samba.org/pub/samba/stable/${MY_P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" +fi +S="${WORKDIR}/${MY_P}" + +LICENSE="GPL-3" +SLOT="0" +IUSE="acl addc ads ceph client cluster cups debug fam glusterfs gpg" +IUSE+=" iprint json ldap llvm-libunwind pam profiling-data python quota +regedit selinux" +IUSE+=" snapper spotlight syslog system-heimdal +system-mitkrb5 systemd test unwind winbind" +IUSE+=" zeroconf" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + addc? ( json python !system-mitkrb5 winbind ) + ads? ( acl ldap python winbind ) + cluster? ( ads ) + gpg? ( addc ) + spotlight? ( json ) + test? ( python ) + !ads? ( !addc ) + ?? ( system-heimdal system-mitkrb5 ) +" + +# the test suite is messed, it uses system-installed samba +# bits instead of what was built, tests things disabled via use +# flags, and generally just fails to work in a way ebuilds could +# rely on in its current state +RESTRICT="test" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/samba-4.0/policy.h + /usr/include/samba-4.0/dcerpc_server.h + /usr/include/samba-4.0/ctdb.h + /usr/include/samba-4.0/ctdb_client.h + /usr/include/samba-4.0/ctdb_protocol.h + /usr/include/samba-4.0/ctdb_private.h + /usr/include/samba-4.0/ctdb_typesafe_cb.h + /usr/include/samba-4.0/ctdb_version.h +) + +TALLOC_VERSION="2.4.2" +TDB_VERSION="1.4.10" +TEVENT_VERSION="0.16.1" + +COMMON_DEPEND=" + >=app-arch/libarchive-3.1.2:=[${MULTILIB_USEDEP}] + dev-lang/perl:= + dev-libs/icu:=[${MULTILIB_USEDEP}] + dev-libs/libbsd[${MULTILIB_USEDEP}] + dev-libs/libtasn1:=[${MULTILIB_USEDEP}] + dev-libs/popt[${MULTILIB_USEDEP}] + dev-perl/Parse-Yapp + >=net-libs/gnutls-3.4.7:=[${MULTILIB_USEDEP}] + >=sys-fs/e2fsprogs-1.46.4-r51[${MULTILIB_USEDEP}] + >=sys-libs/ldb-2.9.1:=[ldap(+)?,${MULTILIB_USEDEP}] + =sys-libs/talloc-${TALLOC_VERSION}[${MULTILIB_USEDEP}] + >=sys-libs/tdb-${TDB_VERSION}[${MULTILIB_USEDEP}] + >=sys-libs/tevent-${TEVENT_VERSION}[${MULTILIB_USEDEP}] + sys-libs/zlib[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + virtual/libiconv + $(python_gen_cond_dep ' + addc? ( + dev-python/dnspython:=[${PYTHON_USEDEP}] + dev-python/markdown[${PYTHON_USEDEP}] + ) + ads? ( + dev-python/dnspython:=[${PYTHON_USEDEP}] + net-dns/bind-tools[gssapi] + ) + ') + acl? ( virtual/acl ) + ceph? ( sys-cluster/ceph ) + cluster? ( net-libs/rpcsvc-proto ) + cups? ( net-print/cups ) + debug? ( dev-util/lttng-ust ) + fam? ( virtual/fam ) + gpg? ( app-crypt/gpgme:= ) + json? ( dev-libs/jansson:= ) + ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) + pam? ( sys-libs/pam ) + python? ( + sys-libs/ldb[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/talloc[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/tdb[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/tevent[python,${PYTHON_SINGLE_USEDEP}] + ) + snapper? ( sys-apps/dbus ) + system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl(-),${MULTILIB_USEDEP}] ) + system-mitkrb5? ( >=app-crypt/mit-krb5-1.19[${MULTILIB_USEDEP}] ) + !system-heimdal? ( !system-mitkrb5? ( sys-apps/keyutils[${MULTILIB_USEDEP}] ) ) + systemd? ( sys-apps/systemd:= ) + unwind? ( + llvm-libunwind? ( llvm-runtimes/libunwind:= ) + !llvm-libunwind? ( sys-libs/libunwind:= ) + ) + zeroconf? ( net-dns/avahi[dbus] ) +" +DEPEND="${COMMON_DEPEND} + dev-perl/JSON + net-libs/libtirpc[${MULTILIB_USEDEP}] + net-libs/rpcsvc-proto + spotlight? ( dev-libs/glib ) + test? ( + >=dev-util/cmocka-1.1.3[${MULTILIB_USEDEP}] + $(python_gen_cond_dep "dev-python/python-subunit[\${PYTHON_USEDEP},${MULTILIB_USEDEP}]" ) + !system-mitkrb5? ( + >=net-dns/resolv_wrapper-1.1.4 + >=net-libs/socket_wrapper-1.1.9 + >=sys-libs/nss_wrapper-1.1.3 + >=sys-libs/uid_wrapper-1.2.1 + ) + )" +RDEPEND="${COMMON_DEPEND} + client? ( net-fs/cifs-utils[ads?] ) + python? ( ${PYTHON_DEPS} ) + selinux? ( sec-policy/selinux-samba ) +" +BDEPEND="${PYTHON_DEPS} + app-text/docbook-xsl-stylesheets + dev-libs/libxslt + virtual/pkgconfig +" + +PATCHES=( + "${FILESDIR}"/${PN}-4.18.4-pam.patch + "${FILESDIR}"/ldb-2.5.2-skip-wav-tevent-check.patch +) + +CONFDIR="${FILESDIR}/4.4" +WAF_BINARY="${S}/buildtools/bin/waf" +SHAREDMODS="" + +pkg_setup() { + # Package fails to build with distcc + export DISTCC_DISABLE=1 + export PYTHONHASHSEED=1 + + python-single-r1_pkg_setup + + SHAREDMODS="$(usev !snapper '!')vfs_snapper" + if use cluster ; then + SHAREDMODS+=",idmap_rid,idmap_tdb2,idmap_ad" + elif use ads ; then + SHAREDMODS+=",idmap_ad" + fi +} + +check_samba_dep_versions() { + actual_talloc_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/talloc/wscript || die) + if [[ ${actual_talloc_version} != ${TALLOC_VERSION} ]] ; then + eerror "Source talloc version: ${TALLOC_VERSION}" + eerror "Ebuild talloc version: ${actual_talloc_version}" + die "Ebuild needs to fix TALLOC_VERSION!" + fi + + actual_tdb_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/tdb/wscript || die) + if [[ ${actual_tdb_version} != ${TDB_VERSION} ]] ; then + eerror "Source tdb version: ${TDB_VERSION}" + eerror "Ebuild tdb version: ${actual_tdb_version}" + die "Ebuild needs to fix TDB_VERSION!" + fi + + actual_tevent_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/tevent/wscript || die) + if [[ ${actual_tevent_version} != ${TEVENT_VERSION} ]] ; then + eerror "Source tevent version: ${TEVENT_VERSION}" + eerror "Ebuild tevent version: ${actual_tevent_version}" + die "Ebuild needs to fix TEVENT_VERSION!" + fi +} + +src_prepare() { + default + + check_samba_dep_versions + + # Unbundle dnspython + sed -i -e '/"dns.resolver":/d' "${S}"/third_party/wscript || die + + # Unbundle iso8601 unless tests are enabled + if ! use test ; then + sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die + fi + + # Ugly hackaround for bug #592502 + #cp /usr/include/tevent_internal.h "${S}"/lib/tevent/ || die + + sed -e 's:::' \ + -i source4/dsdb/samdb/ldb_modules/password_hash.c \ + || die + + # WAF + multilib_copy_sources +} + +multilib_src_configure() { + # When specifying libs for samba build you must append NONE to the end to + # stop it automatically including things + local bundled_libs="NONE" + if ! use system-heimdal && ! use system-mitkrb5 ; then + bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE" + fi + + # We "use" bundled cmocka when we're not running tests as we're + # not using it anyway. Means we avoid making users install it for + # no reason. bug #802531 + if ! use test ; then + bundled_libs="cmocka,${bundled_libs}" + fi + + # bug #874633 + if use llvm-libunwind ; then + mkdir -p "${T}"/${ABI}/pkgconfig || die + + local -x PKG_CONFIG_PATH="${T}/${ABI}/pkgconfig:${PKG_CONFIG_PATH}" + + cat <<-EOF > "${T}"/${ABI}/pkgconfig/libunwind-generic.pc || die + exec_prefix=\${prefix} + libdir=/usr/$(get_libdir) + includedir=\${prefix}/include + + Name: libunwind-generic + Description: libunwind generic library + Version: 1.70 + Libs: -L\${libdir} -lunwind + Cflags: -I\${includedir} + EOF + fi + + local myconf=( + --enable-fhs + --sysconfdir="${EPREFIX}/etc" + --localstatedir="${EPREFIX}/var" + --with-modulesdir="${EPREFIX}/usr/$(get_libdir)/samba" + --with-piddir="${EPREFIX}/run/${PN}" + --bundled-libraries="${bundled_libs}" + --builtin-libraries=NONE + --disable-rpath + --disable-rpath-install + --nopyc + --nopyo + --without-winexe + $(multilib_native_use_with acl acl-support) + $(multilib_native_usex addc '' '--without-ad-dc') + $(multilib_native_use_with ads) + $(multilib_native_use_enable ceph cephfs) + $(multilib_native_use_with cluster cluster-support) + $(multilib_native_use_enable cups) + --without-dmapi + $(multilib_native_use_with fam) + $(multilib_native_use_enable glusterfs) + $(multilib_native_use_with gpg gpgme) + $(multilib_native_use_with json) + $(multilib_native_use_enable iprint) + $(multilib_native_use_with pam) + $(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '') + $(multilib_native_use_with quota quotas) + $(multilib_native_use_with regedit) + $(multilib_native_use_enable spotlight) + $(multilib_native_use_with syslog) + $(multilib_native_use_with systemd) + --systemd-install-services + --with-systemddir="$(systemd_get_systemunitdir)" + $(multilib_native_use_with unwind libunwind) + $(multilib_native_use_with winbind) + $(multilib_native_usex python '' '--disable-python') + $(multilib_native_use_enable zeroconf avahi) + $(multilib_native_usex test '--enable-selftest' '') + $(usev system-mitkrb5 "--with-system-mitkrb5 ${ESYSROOT}/usr $(multilib_native_usex addc --with-experimental-mit-ad-dc '')") + $(use_with debug lttng) + $(use_with ldap) + $(use_with profiling-data) + # bug #683148 + --jobs 1 + ) + + if multilib_is_native_abi ; then + myconf+=( --with-shared-modules=${SHAREDMODS} ) + else + myconf+=( --with-shared-modules=DEFAULT,!vfs_snapper ) + fi + + append-cppflags "-I${ESYSROOT}/usr/include/et" + + waf-utils_src_configure ${myconf[@]} +} + +multilib_src_compile() { + waf-utils_src_compile +} + +multilib_src_test() { + if multilib_is_native_abi ; then + "${WAF_BINARY}" test || die "Test failed" + fi +} + +multilib_src_install() { + waf-utils_src_install + + # Make all .so files executable + find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die + # smbspool_krb5_wrapper must only be accessible to root, bug #880739 + find "${ED}" -type f -name "smbspool_krb5_wrapper" -exec chmod go-rwx {} + || die + + # Remove empty runtime dirs created by build system (bug #892341) + find "${ED}"/{run,var} -type d -empty -delete || die + + if multilib_is_native_abi ; then + # Install ldap schema for server (bug #491002) + if use ldap ; then + insinto /etc/openldap/schema + doins examples/LDAP/samba.schema + fi + + # Create symlink for cups (bug #552310) + if use cups ; then + dosym ../../../bin/smbspool \ + /usr/libexec/cups/backend/smb + fi + + # Install example config file + insinto /etc/samba + doins examples/smb.conf.default + + # Fix paths in example file (bug #603964) + sed \ + -e '/log file =/s@/usr/local/samba/var/@/var/log/samba/@' \ + -e '/include =/s@/usr/local/samba/lib/@/etc/samba/@' \ + -e '/path =/s@/usr/local/samba/lib/@/var/lib/samba/@' \ + -e '/path =/s@/usr/local/samba/@/var/lib/samba/@' \ + -e '/path =/s@/usr/spool/samba@/var/spool/samba@' \ + -i "${ED}"/etc/samba/smb.conf.default || die + + # Install init script and conf.d file + newinitd "${CONFDIR}/samba4.initd-r1" samba + newconfd "${CONFDIR}/samba4.confd" samba + + dotmpfiles "${FILESDIR}"/samba.conf + if ! use addc ; then + rm "${D}/$(systemd_get_systemunitdir)/samba.service" \ + || die + fi + + # Preserve functionality for old gentoo-specific unit names + dosym nmb.service "$(systemd_get_systemunitdir)/nmbd.service" + dosym smb.service "$(systemd_get_systemunitdir)/smbd.service" + dosym winbind.service "$(systemd_get_systemunitdir)/winbindd.service" + + use python && python_optimize + fi + + if use pam && use winbind ; then + newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind + # bugs #376853 and #590374 + insinto /etc/security + doins examples/pam_winbind/pam_winbind.conf + fi +} + +pkg_postinst() { + tmpfiles_process samba.conf +} diff --git a/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.20.7.ebuild b/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.20.7.ebuild new file mode 100644 index 0000000000..ba5c0cd3c8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.20.7.ebuild @@ -0,0 +1,385 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..13} ) +PYTHON_REQ_USE="threads(+),xml(+)" +inherit python-single-r1 flag-o-matic waf-utils multilib-minimal linux-info systemd pam tmpfiles + +DESCRIPTION="Samba Suite Version 4" +HOMEPAGE="https://samba.org/" + +MY_PV="${PV/_rc/rc}" +MY_P="${PN}-${MY_PV}" +if [[ ${PV} == *_rc* ]]; then + SRC_URI="https://download.samba.org/pub/samba/rc/${MY_P}.tar.gz" +else + SRC_URI="https://download.samba.org/pub/samba/stable/${MY_P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" +fi +S="${WORKDIR}/${MY_P}" + +LICENSE="GPL-3" +SLOT="0" +IUSE="acl addc ads ceph client cluster cups debug fam glusterfs gpg" +IUSE+=" iprint json ldap llvm-libunwind pam profiling-data python quota +regedit selinux" +IUSE+=" snapper spotlight syslog system-heimdal +system-mitkrb5 systemd test unwind winbind" +IUSE+=" zeroconf" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + addc? ( json python !system-mitkrb5 winbind ) + ads? ( acl ldap python winbind ) + cluster? ( ads ) + gpg? ( addc ) + spotlight? ( json ) + test? ( python ) + !ads? ( !addc ) + ?? ( system-heimdal system-mitkrb5 ) +" + +# the test suite is messed, it uses system-installed samba +# bits instead of what was built, tests things disabled via use +# flags, and generally just fails to work in a way ebuilds could +# rely on in its current state +RESTRICT="test" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/samba-4.0/policy.h + /usr/include/samba-4.0/dcerpc_server.h + /usr/include/samba-4.0/ctdb.h + /usr/include/samba-4.0/ctdb_client.h + /usr/include/samba-4.0/ctdb_protocol.h + /usr/include/samba-4.0/ctdb_private.h + /usr/include/samba-4.0/ctdb_typesafe_cb.h + /usr/include/samba-4.0/ctdb_version.h +) + +TALLOC_VERSION="2.4.2" +TDB_VERSION="1.4.10" +TEVENT_VERSION="0.16.1" + +COMMON_DEPEND=" + >=app-arch/libarchive-3.1.2:=[${MULTILIB_USEDEP}] + dev-lang/perl:= + dev-libs/icu:=[${MULTILIB_USEDEP}] + dev-libs/libbsd[${MULTILIB_USEDEP}] + dev-libs/libtasn1:=[${MULTILIB_USEDEP}] + dev-libs/popt[${MULTILIB_USEDEP}] + dev-perl/Parse-Yapp + >=net-libs/gnutls-3.4.7:=[${MULTILIB_USEDEP}] + >=sys-fs/e2fsprogs-1.46.4-r51[${MULTILIB_USEDEP}] + >=sys-libs/ldb-2.9.2:=[ldap(+)?,${MULTILIB_USEDEP}] + =sys-libs/talloc-${TALLOC_VERSION}[${MULTILIB_USEDEP}] + >=sys-libs/tdb-${TDB_VERSION}[${MULTILIB_USEDEP}] + >=sys-libs/tevent-${TEVENT_VERSION}[${MULTILIB_USEDEP}] + sys-libs/zlib[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + virtual/libiconv + $(python_gen_cond_dep ' + addc? ( + dev-python/dnspython:=[${PYTHON_USEDEP}] + dev-python/markdown[${PYTHON_USEDEP}] + ) + ads? ( + dev-python/dnspython:=[${PYTHON_USEDEP}] + net-dns/bind-tools[gssapi] + ) + ') + acl? ( virtual/acl ) + ceph? ( sys-cluster/ceph ) + cluster? ( net-libs/rpcsvc-proto ) + cups? ( net-print/cups ) + debug? ( dev-util/lttng-ust ) + fam? ( virtual/fam ) + gpg? ( app-crypt/gpgme:= ) + json? ( dev-libs/jansson:= ) + ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) + pam? ( sys-libs/pam ) + python? ( + sys-libs/ldb[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/talloc[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/tdb[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/tevent[python,${PYTHON_SINGLE_USEDEP}] + ) + snapper? ( sys-apps/dbus ) + system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl(-),${MULTILIB_USEDEP}] ) + system-mitkrb5? ( >=app-crypt/mit-krb5-1.19[${MULTILIB_USEDEP}] ) + !system-heimdal? ( !system-mitkrb5? ( sys-apps/keyutils[${MULTILIB_USEDEP}] ) ) + systemd? ( sys-apps/systemd:= ) + unwind? ( + llvm-libunwind? ( llvm-runtimes/libunwind:= ) + !llvm-libunwind? ( sys-libs/libunwind:= ) + ) + zeroconf? ( net-dns/avahi[dbus] ) +" +DEPEND="${COMMON_DEPEND} + dev-perl/JSON + net-libs/libtirpc[${MULTILIB_USEDEP}] + net-libs/rpcsvc-proto + spotlight? ( dev-libs/glib ) + test? ( + >=dev-util/cmocka-1.1.3[${MULTILIB_USEDEP}] + $(python_gen_cond_dep "dev-python/python-subunit[\${PYTHON_USEDEP},${MULTILIB_USEDEP}]" ) + !system-mitkrb5? ( + >=net-dns/resolv_wrapper-1.1.4 + >=net-libs/socket_wrapper-1.1.9 + >=sys-libs/nss_wrapper-1.1.3 + >=sys-libs/uid_wrapper-1.2.1 + ) + )" +RDEPEND="${COMMON_DEPEND} + client? ( net-fs/cifs-utils[ads?] ) + python? ( ${PYTHON_DEPS} ) + selinux? ( sec-policy/selinux-samba ) +" +BDEPEND="${PYTHON_DEPS} + app-text/docbook-xsl-stylesheets + dev-libs/libxslt + virtual/pkgconfig +" + +PATCHES=( + "${FILESDIR}"/${PN}-4.18.4-pam.patch + "${FILESDIR}"/ldb-2.5.2-skip-wav-tevent-check.patch +) + +CONFDIR="${FILESDIR}/4.4" +WAF_BINARY="${S}/buildtools/bin/waf" +SHAREDMODS="" + +pkg_setup() { + # Package fails to build with distcc + export DISTCC_DISABLE=1 + export PYTHONHASHSEED=1 + + python-single-r1_pkg_setup + + SHAREDMODS="$(usev !snapper '!')vfs_snapper" + if use cluster ; then + SHAREDMODS+=",idmap_rid,idmap_tdb2,idmap_ad" + elif use ads ; then + SHAREDMODS+=",idmap_ad" + fi +} + +check_samba_dep_versions() { + actual_talloc_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/talloc/wscript || die) + if [[ ${actual_talloc_version} != ${TALLOC_VERSION} ]] ; then + eerror "Source talloc version: ${TALLOC_VERSION}" + eerror "Ebuild talloc version: ${actual_talloc_version}" + die "Ebuild needs to fix TALLOC_VERSION!" + fi + + actual_tdb_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/tdb/wscript || die) + if [[ ${actual_tdb_version} != ${TDB_VERSION} ]] ; then + eerror "Source tdb version: ${TDB_VERSION}" + eerror "Ebuild tdb version: ${actual_tdb_version}" + die "Ebuild needs to fix TDB_VERSION!" + fi + + actual_tevent_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/tevent/wscript || die) + if [[ ${actual_tevent_version} != ${TEVENT_VERSION} ]] ; then + eerror "Source tevent version: ${TEVENT_VERSION}" + eerror "Ebuild tevent version: ${actual_tevent_version}" + die "Ebuild needs to fix TEVENT_VERSION!" + fi +} + +src_prepare() { + default + + check_samba_dep_versions + + # Unbundle dnspython + sed -i -e '/"dns.resolver":/d' "${S}"/third_party/wscript || die + + # Unbundle iso8601 unless tests are enabled + if ! use test ; then + sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die + fi + + # Ugly hackaround for bug #592502 + #cp /usr/include/tevent_internal.h "${S}"/lib/tevent/ || die + + sed -e 's:::' \ + -i source4/dsdb/samdb/ldb_modules/password_hash.c \ + || die + + # WAF + multilib_copy_sources +} + +multilib_src_configure() { + # When specifying libs for samba build you must append NONE to the end to + # stop it automatically including things + local bundled_libs="NONE" + if ! use system-heimdal && ! use system-mitkrb5 ; then + bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE" + fi + + # We "use" bundled cmocka when we're not running tests as we're + # not using it anyway. Means we avoid making users install it for + # no reason. bug #802531 + if ! use test ; then + bundled_libs="cmocka,${bundled_libs}" + fi + + # bug #874633 + if use llvm-libunwind ; then + mkdir -p "${T}"/${ABI}/pkgconfig || die + + local -x PKG_CONFIG_PATH="${T}/${ABI}/pkgconfig:${PKG_CONFIG_PATH}" + + cat <<-EOF > "${T}"/${ABI}/pkgconfig/libunwind-generic.pc || die + exec_prefix=\${prefix} + libdir=/usr/$(get_libdir) + includedir=\${prefix}/include + + Name: libunwind-generic + Description: libunwind generic library + Version: 1.70 + Libs: -L\${libdir} -lunwind + Cflags: -I\${includedir} + EOF + fi + + local myconf=( + --enable-fhs + --sysconfdir="${EPREFIX}/etc" + --localstatedir="${EPREFIX}/var" + --with-modulesdir="${EPREFIX}/usr/$(get_libdir)/samba" + --with-piddir="${EPREFIX}/run/${PN}" + --bundled-libraries="${bundled_libs}" + --builtin-libraries=NONE + --disable-rpath + --disable-rpath-install + --nopyc + --nopyo + --without-winexe + $(multilib_native_use_with acl acl-support) + $(multilib_native_usex addc '' '--without-ad-dc') + $(multilib_native_use_with ads) + $(multilib_native_use_enable ceph cephfs) + $(multilib_native_use_with cluster cluster-support) + $(multilib_native_use_enable cups) + --without-dmapi + $(multilib_native_use_with fam) + $(multilib_native_use_enable glusterfs) + $(multilib_native_use_with gpg gpgme) + $(multilib_native_use_with json) + $(multilib_native_use_enable iprint) + $(multilib_native_use_with pam) + $(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '') + $(multilib_native_use_with quota quotas) + $(multilib_native_use_with regedit) + $(multilib_native_use_enable spotlight) + $(multilib_native_use_with syslog) + $(multilib_native_use_with systemd) + --systemd-install-services + --with-systemddir="$(systemd_get_systemunitdir)" + $(multilib_native_use_with unwind libunwind) + $(multilib_native_use_with winbind) + $(multilib_native_usex python '' '--disable-python') + $(multilib_native_use_enable zeroconf avahi) + $(multilib_native_usex test '--enable-selftest' '') + $(usev system-mitkrb5 "--with-system-mitkrb5 ${ESYSROOT}/usr $(multilib_native_usex addc --with-experimental-mit-ad-dc '')") + $(use_with debug lttng) + $(use_with ldap) + $(use_with profiling-data) + # bug #683148 + --jobs 1 + ) + + if multilib_is_native_abi ; then + myconf+=( --with-shared-modules=${SHAREDMODS} ) + else + myconf+=( --with-shared-modules=DEFAULT,!vfs_snapper ) + fi + + append-cppflags "-I${ESYSROOT}/usr/include/et" + + waf-utils_src_configure ${myconf[@]} +} + +multilib_src_compile() { + waf-utils_src_compile +} + +multilib_src_test() { + if multilib_is_native_abi ; then + "${WAF_BINARY}" test || die "Test failed" + fi +} + +multilib_src_install() { + waf-utils_src_install + + # Make all .so files executable + find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die + # smbspool_krb5_wrapper must only be accessible to root, bug #880739 + find "${ED}" -type f -name "smbspool_krb5_wrapper" -exec chmod go-rwx {} + || die + + # Remove empty runtime dirs created by build system (bug #892341) + find "${ED}"/{run,var} -type d -empty -delete || die + + if multilib_is_native_abi ; then + # Install ldap schema for server (bug #491002) + if use ldap ; then + insinto /etc/openldap/schema + doins examples/LDAP/samba.schema + fi + + # Create symlink for cups (bug #552310) + if use cups ; then + dosym ../../../bin/smbspool \ + /usr/libexec/cups/backend/smb + fi + + # Install example config file + insinto /etc/samba + doins examples/smb.conf.default + + # Fix paths in example file (bug #603964) + sed \ + -e '/log file =/s@/usr/local/samba/var/@/var/log/samba/@' \ + -e '/include =/s@/usr/local/samba/lib/@/etc/samba/@' \ + -e '/path =/s@/usr/local/samba/lib/@/var/lib/samba/@' \ + -e '/path =/s@/usr/local/samba/@/var/lib/samba/@' \ + -e '/path =/s@/usr/spool/samba@/var/spool/samba@' \ + -i "${ED}"/etc/samba/smb.conf.default || die + + # Install init script and conf.d file + newinitd "${CONFDIR}/samba4.initd-r1" samba + newconfd "${CONFDIR}/samba4.confd" samba + + dotmpfiles "${FILESDIR}"/samba.conf + if ! use addc ; then + rm "${D}/$(systemd_get_systemunitdir)/samba.service" \ + || die + fi + + # Preserve functionality for old gentoo-specific unit names + dosym nmb.service "$(systemd_get_systemunitdir)/nmbd.service" + dosym smb.service "$(systemd_get_systemunitdir)/smbd.service" + dosym winbind.service "$(systemd_get_systemunitdir)/winbindd.service" + + use python && python_optimize + fi + + if use pam && use winbind ; then + newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind + # bugs #376853 and #590374 + insinto /etc/security + doins examples/pam_winbind/pam_winbind.conf + fi +} + +pkg_postinst() { + tmpfiles_process samba.conf +} diff --git a/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.21.0.ebuild b/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.21.0.ebuild new file mode 100644 index 0000000000..fb93abd592 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.21.0.ebuild @@ -0,0 +1,384 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..13} ) +PYTHON_REQ_USE="threads(+),xml(+)" +inherit python-single-r1 flag-o-matic waf-utils multilib-minimal linux-info systemd pam tmpfiles + +DESCRIPTION="Samba Suite Version 4" +HOMEPAGE="https://samba.org/" + +MY_PV="${PV/_rc/rc}" +MY_P="${PN}-${MY_PV}" +if [[ ${PV} == *_rc* ]]; then + SRC_URI="https://download.samba.org/pub/samba/rc/${MY_P}.tar.gz" +else + SRC_URI="https://download.samba.org/pub/samba/stable/${MY_P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" +fi +S="${WORKDIR}/${MY_P}" + +LICENSE="GPL-3" +SLOT="0/2.10.0" +IUSE="acl addc ads ceph client cluster cups debug fam glusterfs gpg" +IUSE+=" iprint json ldap llvm-libunwind pam profiling-data python quota +regedit selinux" +IUSE+=" snapper spotlight syslog system-heimdal +system-mitkrb5 systemd test unwind winbind" +IUSE+=" zeroconf" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + addc? ( json python !system-mitkrb5 winbind ) + ads? ( acl ldap python winbind ) + cluster? ( ads ) + gpg? ( addc ) + spotlight? ( json ) + test? ( python ) + !ads? ( !addc ) + ?? ( system-heimdal system-mitkrb5 ) +" + +# the test suite is messed, it uses system-installed samba +# bits instead of what was built, tests things disabled via use +# flags, and generally just fails to work in a way ebuilds could +# rely on in its current state +RESTRICT="test" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/samba-4.0/policy.h + /usr/include/samba-4.0/dcerpc_server.h + /usr/include/samba-4.0/ctdb.h + /usr/include/samba-4.0/ctdb_client.h + /usr/include/samba-4.0/ctdb_protocol.h + /usr/include/samba-4.0/ctdb_private.h + /usr/include/samba-4.0/ctdb_typesafe_cb.h + /usr/include/samba-4.0/ctdb_version.h +) + +TALLOC_VERSION="2.4.2" +TDB_VERSION="1.4.12" +TEVENT_VERSION="0.16.1" + +COMMON_DEPEND=" + >=app-arch/libarchive-3.1.2:=[${MULTILIB_USEDEP}] + dev-lang/perl:= + dev-libs/icu:=[${MULTILIB_USEDEP}] + dev-libs/libbsd[${MULTILIB_USEDEP}] + dev-libs/libtasn1:=[${MULTILIB_USEDEP}] + dev-libs/popt[${MULTILIB_USEDEP}] + dev-perl/Parse-Yapp + >=net-libs/gnutls-3.4.7:=[${MULTILIB_USEDEP}] + >=sys-fs/e2fsprogs-1.46.4-r51[${MULTILIB_USEDEP}] + !sys-libs/ldb + sys-libs/libcap[${MULTILIB_USEDEP}] + sys-libs/liburing:=[${MULTILIB_USEDEP}] + sys-libs/ncurses:= + sys-libs/readline:= + >=sys-libs/talloc-${TALLOC_VERSION}[${MULTILIB_USEDEP}] + >=sys-libs/tdb-${TDB_VERSION}[${MULTILIB_USEDEP}] + >=sys-libs/tevent-${TEVENT_VERSION}[${MULTILIB_USEDEP}] + sys-libs/zlib[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + virtual/libiconv + $(python_gen_cond_dep ' + addc? ( + dev-python/dnspython:=[${PYTHON_USEDEP}] + dev-python/markdown[${PYTHON_USEDEP}] + ) + ads? ( + dev-python/dnspython:=[${PYTHON_USEDEP}] + net-dns/bind-tools[gssapi] + ) + ') + acl? ( virtual/acl ) + ceph? ( sys-cluster/ceph ) + cluster? ( net-libs/rpcsvc-proto ) + cups? ( net-print/cups ) + debug? ( dev-util/lttng-ust ) + fam? ( virtual/fam ) + gpg? ( app-crypt/gpgme:= ) + json? ( dev-libs/jansson:= ) + ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) + pam? ( sys-libs/pam ) + python? ( + sys-libs/talloc[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/tdb[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/tevent[python,${PYTHON_SINGLE_USEDEP}] + ) + snapper? ( sys-apps/dbus ) + system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl(-),${MULTILIB_USEDEP}] ) + system-mitkrb5? ( >=app-crypt/mit-krb5-1.19[${MULTILIB_USEDEP}] ) + !system-heimdal? ( !system-mitkrb5? ( sys-apps/keyutils[${MULTILIB_USEDEP}] ) ) + systemd? ( sys-apps/systemd:= ) + unwind? ( + llvm-libunwind? ( llvm-runtimes/libunwind:= ) + !llvm-libunwind? ( sys-libs/libunwind:= ) + ) + zeroconf? ( net-dns/avahi[dbus] ) +" +DEPEND="${COMMON_DEPEND} + dev-perl/JSON + net-libs/libtirpc[${MULTILIB_USEDEP}] + net-libs/rpcsvc-proto + spotlight? ( dev-libs/glib ) + test? ( + >=dev-util/cmocka-1.1.3[${MULTILIB_USEDEP}] + $(python_gen_cond_dep "dev-python/python-subunit[\${PYTHON_USEDEP},${MULTILIB_USEDEP}]" ) + !system-mitkrb5? ( + >=net-dns/resolv_wrapper-1.1.4 + >=net-libs/socket_wrapper-1.1.9 + >=sys-libs/nss_wrapper-1.1.3 + >=sys-libs/uid_wrapper-1.2.1 + ) + )" +RDEPEND="${COMMON_DEPEND} + client? ( net-fs/cifs-utils[ads?] ) + python? ( ${PYTHON_DEPS} ) + selinux? ( sec-policy/selinux-samba ) +" +BDEPEND="${PYTHON_DEPS} + app-text/docbook-xsl-stylesheets + dev-libs/libxslt + virtual/pkgconfig +" + +PATCHES=( + "${FILESDIR}"/${PN}-4.18.4-pam.patch + "${FILESDIR}"/ldb-2.5.2-skip-wav-tevent-check.patch +) + +CONFDIR="${FILESDIR}/4.4" +WAF_BINARY="${S}/buildtools/bin/waf" +SHAREDMODS="" + +pkg_setup() { + # Package fails to build with distcc + export DISTCC_DISABLE=1 + export PYTHONHASHSEED=1 + + python-single-r1_pkg_setup + + SHAREDMODS="$(usev !snapper '!')vfs_snapper" + if use cluster ; then + SHAREDMODS+=",idmap_rid,idmap_tdb2,idmap_ad" + elif use ads ; then + SHAREDMODS+=",idmap_ad" + fi +} + +check_samba_dep_versions() { + actual_talloc_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/talloc/wscript || die) + if [[ ${actual_talloc_version} != ${TALLOC_VERSION} ]] ; then + eerror "Source talloc version: ${TALLOC_VERSION}" + eerror "Ebuild talloc version: ${actual_talloc_version}" + die "Ebuild needs to fix TALLOC_VERSION!" + fi + + actual_tdb_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/tdb/wscript || die) + if [[ ${actual_tdb_version} != ${TDB_VERSION} ]] ; then + eerror "Source tdb version: ${TDB_VERSION}" + eerror "Ebuild tdb version: ${actual_tdb_version}" + die "Ebuild needs to fix TDB_VERSION!" + fi + + actual_tevent_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/tevent/wscript || die) + if [[ ${actual_tevent_version} != ${TEVENT_VERSION} ]] ; then + eerror "Source tevent version: ${TEVENT_VERSION}" + eerror "Ebuild tevent version: ${actual_tevent_version}" + die "Ebuild needs to fix TEVENT_VERSION!" + fi +} + +src_prepare() { + default + + check_samba_dep_versions + + # Unbundle dnspython + sed -i -e '/"dns.resolver":/d' "${S}"/third_party/wscript || die + + # Unbundle iso8601 unless tests are enabled + if ! use test ; then + sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die + fi + + # Ugly hackaround for bug #592502 + #cp /usr/include/tevent_internal.h "${S}"/lib/tevent/ || die + + sed -e 's:::' \ + -i source4/dsdb/samdb/ldb_modules/password_hash.c \ + || die + + # WAF + multilib_copy_sources +} + +multilib_src_configure() { + # When specifying libs for samba build you must append NONE to the end to + # stop it automatically including things + local bundled_libs="NONE" + if ! use system-heimdal && ! use system-mitkrb5 ; then + bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE" + fi + + # We "use" bundled cmocka when we're not running tests as we're + # not using it anyway. Means we avoid making users install it for + # no reason. bug #802531 + if ! use test ; then + bundled_libs="cmocka,${bundled_libs}" + fi + + # bug #874633 + if use llvm-libunwind ; then + mkdir -p "${T}"/${ABI}/pkgconfig || die + + local -x PKG_CONFIG_PATH="${T}/${ABI}/pkgconfig:${PKG_CONFIG_PATH}" + + cat <<-EOF > "${T}"/${ABI}/pkgconfig/libunwind-generic.pc || die + exec_prefix=\${prefix} + libdir=/usr/$(get_libdir) + includedir=\${prefix}/include + + Name: libunwind-generic + Description: libunwind generic library + Version: 1.70 + Libs: -L\${libdir} -lunwind + Cflags: -I\${includedir} + EOF + fi + + local myconf=( + --enable-fhs + --sysconfdir="${EPREFIX}/etc" + --localstatedir="${EPREFIX}/var" + --with-modulesdir="${EPREFIX}/usr/$(get_libdir)/samba" + --with-piddir="${EPREFIX}/run/${PN}" + --bundled-libraries="${bundled_libs}" + --builtin-libraries=NONE + --disable-rpath + --disable-rpath-install + --nopyc + --nopyo + --without-winexe + $(multilib_native_use_with acl acl-support) + $(multilib_native_usex addc '' '--without-ad-dc') + $(multilib_native_use_with ads) + $(multilib_native_use_enable ceph cephfs) + $(multilib_native_use_with cluster cluster-support) + $(multilib_native_use_enable cups) + --without-dmapi + $(multilib_native_use_with fam) + $(multilib_native_use_enable glusterfs) + $(multilib_native_use_with gpg gpgme) + $(multilib_native_use_with json) + $(multilib_native_use_enable iprint) + $(multilib_native_use_with pam) + $(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '') + $(multilib_native_use_with quota quotas) + $(multilib_native_use_with regedit) + $(multilib_native_use_enable spotlight) + $(multilib_native_use_with syslog) + $(multilib_native_use_with systemd) + --systemd-install-services + --with-systemddir="$(systemd_get_systemunitdir)" + $(multilib_native_use_with unwind libunwind) + $(multilib_native_use_with winbind) + $(multilib_native_usex python '' '--disable-python') + $(multilib_native_use_enable zeroconf avahi) + $(multilib_native_usex test '--enable-selftest' '') + $(usev system-mitkrb5 "--with-system-mitkrb5 ${ESYSROOT}/usr $(multilib_native_usex addc --with-experimental-mit-ad-dc '')") + $(use_with debug lttng) + $(use_with ldap) + $(use_with profiling-data) + --private-libraries='!ldb' + # bug #683148 + --jobs 1 + ) + + if multilib_is_native_abi ; then + myconf+=( --with-shared-modules=${SHAREDMODS} ) + else + myconf+=( --with-shared-modules=DEFAULT,!vfs_snapper ) + fi + + append-cppflags "-I${ESYSROOT}/usr/include/et" + + waf-utils_src_configure ${myconf[@]} +} + +multilib_src_compile() { + waf-utils_src_compile +} + +multilib_src_test() { + if multilib_is_native_abi ; then + "${WAF_BINARY}" test || die "Test failed" + fi +} + +multilib_src_install() { + waf-utils_src_install + + # Make all .so files executable + find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die + # smbspool_krb5_wrapper must only be accessible to root, bug #880739 + find "${ED}" -type f -name "smbspool_krb5_wrapper" -exec chmod go-rwx {} + || die + + # Remove empty runtime dirs created by build system (bug #892341) + find "${ED}"/{run,var} -type d -empty -delete || die + + if multilib_is_native_abi ; then + # Install ldap schema for server (bug #491002) + if use ldap ; then + insinto /etc/openldap/schema + doins examples/LDAP/samba.schema + fi + + # Create symlink for cups (bug #552310) + if use cups ; then + dosym ../../../bin/smbspool \ + /usr/libexec/cups/backend/smb + fi + + # Install example config file + insinto /etc/samba + doins examples/smb.conf.default + + # Fix paths in example file (bug #603964) + sed \ + -e '/log file =/s@/usr/local/samba/var/@/var/log/samba/@' \ + -e '/include =/s@/usr/local/samba/lib/@/etc/samba/@' \ + -e '/path =/s@/usr/local/samba/lib/@/var/lib/samba/@' \ + -e '/path =/s@/usr/local/samba/@/var/lib/samba/@' \ + -e '/path =/s@/usr/spool/samba@/var/spool/samba@' \ + -i "${ED}"/etc/samba/smb.conf.default || die + + # Install init script and conf.d file + newinitd "${CONFDIR}/samba4.initd-r1" samba + newconfd "${CONFDIR}/samba4.confd" samba + + dotmpfiles "${FILESDIR}"/samba.conf + if ! use addc ; then + rm "${D}/$(systemd_get_systemunitdir)/samba.service" \ + || die + fi + + # Preserve functionality for old gentoo-specific unit names + dosym nmb.service "$(systemd_get_systemunitdir)/nmbd.service" + dosym smb.service "$(systemd_get_systemunitdir)/smbd.service" + dosym winbind.service "$(systemd_get_systemunitdir)/winbindd.service" + + use python && python_optimize + fi + + if use pam && use winbind ; then + newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind + # bugs #376853 and #590374 + insinto /etc/security + doins examples/pam_winbind/pam_winbind.conf + fi +} + +pkg_postinst() { + tmpfiles_process samba.conf +} diff --git a/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.21.1.ebuild b/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.21.1.ebuild new file mode 100644 index 0000000000..71fd45394a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.21.1.ebuild @@ -0,0 +1,389 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..13} ) +PYTHON_REQ_USE="threads(+),xml(+)" +inherit python-single-r1 flag-o-matic waf-utils multilib-minimal linux-info systemd pam tmpfiles + +DESCRIPTION="Samba Suite Version 4" +HOMEPAGE="https://samba.org/" + +MY_PV="${PV/_rc/rc}" +MY_P="${PN}-${MY_PV}" +if [[ ${PV} == *_rc* ]]; then + SRC_URI="https://download.samba.org/pub/samba/rc/${MY_P}.tar.gz" +else + SRC_URI="https://download.samba.org/pub/samba/stable/${MY_P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" +fi +S="${WORKDIR}/${MY_P}" + +LICENSE="GPL-3" +SLOT="0/2.10.0" +IUSE="acl addc ads ceph client cluster cups debug fam glusterfs gpg" +IUSE+=" iprint json ldap llvm-libunwind lmdb pam profiling-data python quota" +IUSE+=" +regedit selinux snapper spotlight syslog system-heimdal +system-mitkrb5" +IUSE+=" systemd test unwind winbind zeroconf" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + addc? ( json python !system-mitkrb5 winbind ) + ads? ( acl ldap python winbind ) + cluster? ( ads ) + gpg? ( addc ) + spotlight? ( json ) + test? ( python ) + !ads? ( !addc ) + ?? ( system-heimdal system-mitkrb5 ) +" + +# the test suite is messed, it uses system-installed samba +# bits instead of what was built, tests things disabled via use +# flags, and generally just fails to work in a way ebuilds could +# rely on in its current state +RESTRICT="test" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/samba-4.0/policy.h + /usr/include/samba-4.0/dcerpc_server.h + /usr/include/samba-4.0/ctdb.h + /usr/include/samba-4.0/ctdb_client.h + /usr/include/samba-4.0/ctdb_protocol.h + /usr/include/samba-4.0/ctdb_private.h + /usr/include/samba-4.0/ctdb_typesafe_cb.h + /usr/include/samba-4.0/ctdb_version.h +) + +TALLOC_VERSION="2.4.2" +TDB_VERSION="1.4.12" +TEVENT_VERSION="0.16.1" + +COMMON_DEPEND=" + >=app-arch/libarchive-3.1.2:=[${MULTILIB_USEDEP}] + dev-lang/perl:= + dev-libs/icu:=[${MULTILIB_USEDEP}] + dev-libs/libbsd[${MULTILIB_USEDEP}] + dev-libs/libtasn1:=[${MULTILIB_USEDEP}] + dev-libs/popt[${MULTILIB_USEDEP}] + dev-perl/Parse-Yapp + >=net-libs/gnutls-3.4.7:=[${MULTILIB_USEDEP}] + >=sys-fs/e2fsprogs-1.46.4-r51[${MULTILIB_USEDEP}] + !sys-libs/ldb + sys-libs/libcap[${MULTILIB_USEDEP}] + sys-libs/liburing:=[${MULTILIB_USEDEP}] + sys-libs/ncurses:= + sys-libs/readline:= + >=sys-libs/talloc-${TALLOC_VERSION}[${MULTILIB_USEDEP}] + >=sys-libs/tdb-${TDB_VERSION}[${MULTILIB_USEDEP}] + >=sys-libs/tevent-${TEVENT_VERSION}[${MULTILIB_USEDEP}] + sys-libs/zlib[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + virtual/libiconv + $(python_gen_cond_dep ' + addc? ( + dev-python/dnspython:=[${PYTHON_USEDEP}] + dev-python/markdown[${PYTHON_USEDEP}] + ) + ads? ( + dev-python/dnspython:=[${PYTHON_USEDEP}] + net-dns/bind-tools[gssapi] + ) + ') + acl? ( virtual/acl ) + ceph? ( sys-cluster/ceph ) + cluster? ( net-libs/rpcsvc-proto ) + cups? ( net-print/cups ) + debug? ( dev-util/lttng-ust ) + fam? ( virtual/fam ) + gpg? ( app-crypt/gpgme:= ) + json? ( dev-libs/jansson:= ) + ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) + lmdb? ( >=dev-db/lmdb-0.9.16:=[${MULTILIB_USEDEP}] ) + pam? ( sys-libs/pam ) + python? ( + sys-libs/talloc[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/tdb[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/tevent[python,${PYTHON_SINGLE_USEDEP}] + ) + snapper? ( sys-apps/dbus ) + system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl(-),${MULTILIB_USEDEP}] ) + system-mitkrb5? ( >=app-crypt/mit-krb5-1.19[${MULTILIB_USEDEP}] ) + !system-heimdal? ( !system-mitkrb5? ( sys-apps/keyutils[${MULTILIB_USEDEP}] ) ) + systemd? ( sys-apps/systemd:= ) + unwind? ( + llvm-libunwind? ( llvm-runtimes/libunwind:= ) + !llvm-libunwind? ( sys-libs/libunwind:= ) + ) + zeroconf? ( net-dns/avahi[dbus] ) +" +DEPEND="${COMMON_DEPEND} + dev-perl/JSON + net-libs/libtirpc[${MULTILIB_USEDEP}] + net-libs/rpcsvc-proto + spotlight? ( dev-libs/glib ) + test? ( + >=dev-util/cmocka-1.1.3[${MULTILIB_USEDEP}] + $(python_gen_cond_dep "dev-python/python-subunit[\${PYTHON_USEDEP},${MULTILIB_USEDEP}]" ) + !system-mitkrb5? ( + >=net-dns/resolv_wrapper-1.1.4 + >=net-libs/socket_wrapper-1.1.9 + >=sys-libs/nss_wrapper-1.1.3 + >=sys-libs/uid_wrapper-1.2.1 + ) + )" +RDEPEND="${COMMON_DEPEND} + client? ( net-fs/cifs-utils[ads?] ) + python? ( ${PYTHON_DEPS} ) + selinux? ( sec-policy/selinux-samba ) +" +BDEPEND="${PYTHON_DEPS} + app-text/docbook-xsl-stylesheets + dev-libs/libxslt + virtual/pkgconfig +" + +PATCHES=( + "${FILESDIR}"/${PN}-4.18.4-pam.patch + "${FILESDIR}"/ldb-2.5.2-skip-wav-tevent-check.patch +) + +CONFDIR="${FILESDIR}/4.4" +WAF_BINARY="${S}/buildtools/bin/waf" +SHAREDMODS="" + +pkg_setup() { + # Package fails to build with distcc + export DISTCC_DISABLE=1 + export PYTHONHASHSEED=1 + + python-single-r1_pkg_setup + + SHAREDMODS="$(usev !snapper '!')vfs_snapper" + if use cluster ; then + SHAREDMODS+=",idmap_rid,idmap_tdb2,idmap_ad" + elif use ads ; then + SHAREDMODS+=",idmap_ad" + fi +} + +check_samba_dep_versions() { + actual_talloc_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/talloc/wscript || die) + if [[ ${actual_talloc_version} != ${TALLOC_VERSION} ]] ; then + eerror "Source talloc version: ${TALLOC_VERSION}" + eerror "Ebuild talloc version: ${actual_talloc_version}" + die "Ebuild needs to fix TALLOC_VERSION!" + fi + + actual_tdb_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/tdb/wscript || die) + if [[ ${actual_tdb_version} != ${TDB_VERSION} ]] ; then + eerror "Source tdb version: ${TDB_VERSION}" + eerror "Ebuild tdb version: ${actual_tdb_version}" + die "Ebuild needs to fix TDB_VERSION!" + fi + + actual_tevent_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/tevent/wscript || die) + if [[ ${actual_tevent_version} != ${TEVENT_VERSION} ]] ; then + eerror "Source tevent version: ${TEVENT_VERSION}" + eerror "Ebuild tevent version: ${actual_tevent_version}" + die "Ebuild needs to fix TEVENT_VERSION!" + fi +} + +src_prepare() { + default + + check_samba_dep_versions + + # Unbundle dnspython + sed -i -e '/"dns.resolver":/d' "${S}"/third_party/wscript || die + + # Unbundle iso8601 unless tests are enabled + if ! use test ; then + sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die + fi + + # Ugly hackaround for bug #592502 + #cp /usr/include/tevent_internal.h "${S}"/lib/tevent/ || die + + sed -e 's:::' \ + -i source4/dsdb/samdb/ldb_modules/password_hash.c \ + || die + + # bug #943942 + append-cflags -std=gnu17 + + # WAF + multilib_copy_sources +} + +multilib_src_configure() { + # When specifying libs for samba build you must append NONE to the end to + # stop it automatically including things + local bundled_libs="NONE" + if ! use system-heimdal && ! use system-mitkrb5 ; then + bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE" + fi + + # We "use" bundled cmocka when we're not running tests as we're + # not using it anyway. Means we avoid making users install it for + # no reason. bug #802531 + if ! use test ; then + bundled_libs="cmocka,${bundled_libs}" + fi + + # bug #874633 + if use llvm-libunwind ; then + mkdir -p "${T}"/${ABI}/pkgconfig || die + + local -x PKG_CONFIG_PATH="${T}/${ABI}/pkgconfig:${PKG_CONFIG_PATH}" + + cat <<-EOF > "${T}"/${ABI}/pkgconfig/libunwind-generic.pc || die + exec_prefix=\${prefix} + libdir=/usr/$(get_libdir) + includedir=\${prefix}/include + + Name: libunwind-generic + Description: libunwind generic library + Version: 1.70 + Libs: -L\${libdir} -lunwind + Cflags: -I\${includedir} + EOF + fi + + local myconf=( + --enable-fhs + --sysconfdir="${EPREFIX}/etc" + --localstatedir="${EPREFIX}/var" + --with-modulesdir="${EPREFIX}/usr/$(get_libdir)/samba" + --with-piddir="${EPREFIX}/run/${PN}" + --bundled-libraries="${bundled_libs}" + --builtin-libraries=NONE + --disable-rpath + --disable-rpath-install + --nopyc + --nopyo + --without-winexe + $(multilib_native_use_with acl acl-support) + $(multilib_native_usex addc '' '--without-ad-dc') + $(multilib_native_use_with ads) + $(multilib_native_use_enable ceph cephfs) + $(multilib_native_use_with cluster cluster-support) + $(multilib_native_use_enable cups) + --without-dmapi + $(multilib_native_use_with fam) + $(multilib_native_use_enable glusterfs) + $(multilib_native_use_with gpg gpgme) + $(multilib_native_use_with json) + $(multilib_native_use_enable iprint) + $(multilib_native_use_with pam) + $(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '') + $(multilib_native_use_with quota quotas) + $(multilib_native_use_with regedit) + $(multilib_native_use_enable spotlight) + $(multilib_native_use_with syslog) + $(multilib_native_use_with systemd) + --systemd-install-services + --with-systemddir="$(systemd_get_systemunitdir)" + $(multilib_native_use_with unwind libunwind) + $(multilib_native_use_with winbind) + $(multilib_native_usex python '' '--disable-python') + $(multilib_native_use_enable zeroconf avahi) + $(multilib_native_usex test '--enable-selftest' '') + $(usev system-mitkrb5 "--with-system-mitkrb5 ${ESYSROOT}/usr $(multilib_native_usex addc --with-experimental-mit-ad-dc '')") + $(use_with debug lttng) + $(use_with ldap) + $(use_with profiling-data) + --private-libraries='!ldb' + $(usex lmdb '' --without-ldb-lmdb) + # bug #683148 + --jobs 1 + ) + + if multilib_is_native_abi ; then + myconf+=( --with-shared-modules=${SHAREDMODS} ) + else + myconf+=( --with-shared-modules=DEFAULT,!vfs_snapper ) + fi + + append-cppflags "-I${ESYSROOT}/usr/include/et" + + waf-utils_src_configure ${myconf[@]} +} + +multilib_src_compile() { + waf-utils_src_compile +} + +multilib_src_test() { + if multilib_is_native_abi ; then + "${WAF_BINARY}" test || die "Test failed" + fi +} + +multilib_src_install() { + waf-utils_src_install + + # Make all .so files executable + find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die + # smbspool_krb5_wrapper must only be accessible to root, bug #880739 + find "${ED}" -type f -name "smbspool_krb5_wrapper" -exec chmod go-rwx {} + || die + + # Remove empty runtime dirs created by build system (bug #892341) + find "${ED}"/{run,var} -type d -empty -delete || die + + if multilib_is_native_abi ; then + # Install ldap schema for server (bug #491002) + if use ldap ; then + insinto /etc/openldap/schema + doins examples/LDAP/samba.schema + fi + + # Create symlink for cups (bug #552310) + if use cups ; then + dosym ../../../bin/smbspool \ + /usr/libexec/cups/backend/smb + fi + + # Install example config file + insinto /etc/samba + doins examples/smb.conf.default + + # Fix paths in example file (bug #603964) + sed \ + -e '/log file =/s@/usr/local/samba/var/@/var/log/samba/@' \ + -e '/include =/s@/usr/local/samba/lib/@/etc/samba/@' \ + -e '/path =/s@/usr/local/samba/lib/@/var/lib/samba/@' \ + -e '/path =/s@/usr/local/samba/@/var/lib/samba/@' \ + -e '/path =/s@/usr/spool/samba@/var/spool/samba@' \ + -i "${ED}"/etc/samba/smb.conf.default || die + + # Install init script and conf.d file + newinitd "${CONFDIR}/samba4.initd-r1" samba + newconfd "${CONFDIR}/samba4.confd" samba + + dotmpfiles "${FILESDIR}"/samba.conf + if ! use addc ; then + rm "${D}/$(systemd_get_systemunitdir)/samba.service" \ + || die + fi + + # Preserve functionality for old gentoo-specific unit names + dosym nmb.service "$(systemd_get_systemunitdir)/nmbd.service" + dosym smb.service "$(systemd_get_systemunitdir)/smbd.service" + dosym winbind.service "$(systemd_get_systemunitdir)/winbindd.service" + + use python && python_optimize + fi + + if use pam && use winbind ; then + newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind + # bugs #376853 and #590374 + insinto /etc/security + doins examples/pam_winbind/pam_winbind.conf + fi +} + +pkg_postinst() { + tmpfiles_process samba.conf +} diff --git a/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.21.4.ebuild b/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.21.4.ebuild new file mode 100644 index 0000000000..71fd45394a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-fs/samba/samba-4.21.4.ebuild @@ -0,0 +1,389 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..13} ) +PYTHON_REQ_USE="threads(+),xml(+)" +inherit python-single-r1 flag-o-matic waf-utils multilib-minimal linux-info systemd pam tmpfiles + +DESCRIPTION="Samba Suite Version 4" +HOMEPAGE="https://samba.org/" + +MY_PV="${PV/_rc/rc}" +MY_P="${PN}-${MY_PV}" +if [[ ${PV} == *_rc* ]]; then + SRC_URI="https://download.samba.org/pub/samba/rc/${MY_P}.tar.gz" +else + SRC_URI="https://download.samba.org/pub/samba/stable/${MY_P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" +fi +S="${WORKDIR}/${MY_P}" + +LICENSE="GPL-3" +SLOT="0/2.10.0" +IUSE="acl addc ads ceph client cluster cups debug fam glusterfs gpg" +IUSE+=" iprint json ldap llvm-libunwind lmdb pam profiling-data python quota" +IUSE+=" +regedit selinux snapper spotlight syslog system-heimdal +system-mitkrb5" +IUSE+=" systemd test unwind winbind zeroconf" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + addc? ( json python !system-mitkrb5 winbind ) + ads? ( acl ldap python winbind ) + cluster? ( ads ) + gpg? ( addc ) + spotlight? ( json ) + test? ( python ) + !ads? ( !addc ) + ?? ( system-heimdal system-mitkrb5 ) +" + +# the test suite is messed, it uses system-installed samba +# bits instead of what was built, tests things disabled via use +# flags, and generally just fails to work in a way ebuilds could +# rely on in its current state +RESTRICT="test" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/samba-4.0/policy.h + /usr/include/samba-4.0/dcerpc_server.h + /usr/include/samba-4.0/ctdb.h + /usr/include/samba-4.0/ctdb_client.h + /usr/include/samba-4.0/ctdb_protocol.h + /usr/include/samba-4.0/ctdb_private.h + /usr/include/samba-4.0/ctdb_typesafe_cb.h + /usr/include/samba-4.0/ctdb_version.h +) + +TALLOC_VERSION="2.4.2" +TDB_VERSION="1.4.12" +TEVENT_VERSION="0.16.1" + +COMMON_DEPEND=" + >=app-arch/libarchive-3.1.2:=[${MULTILIB_USEDEP}] + dev-lang/perl:= + dev-libs/icu:=[${MULTILIB_USEDEP}] + dev-libs/libbsd[${MULTILIB_USEDEP}] + dev-libs/libtasn1:=[${MULTILIB_USEDEP}] + dev-libs/popt[${MULTILIB_USEDEP}] + dev-perl/Parse-Yapp + >=net-libs/gnutls-3.4.7:=[${MULTILIB_USEDEP}] + >=sys-fs/e2fsprogs-1.46.4-r51[${MULTILIB_USEDEP}] + !sys-libs/ldb + sys-libs/libcap[${MULTILIB_USEDEP}] + sys-libs/liburing:=[${MULTILIB_USEDEP}] + sys-libs/ncurses:= + sys-libs/readline:= + >=sys-libs/talloc-${TALLOC_VERSION}[${MULTILIB_USEDEP}] + >=sys-libs/tdb-${TDB_VERSION}[${MULTILIB_USEDEP}] + >=sys-libs/tevent-${TEVENT_VERSION}[${MULTILIB_USEDEP}] + sys-libs/zlib[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + virtual/libiconv + $(python_gen_cond_dep ' + addc? ( + dev-python/dnspython:=[${PYTHON_USEDEP}] + dev-python/markdown[${PYTHON_USEDEP}] + ) + ads? ( + dev-python/dnspython:=[${PYTHON_USEDEP}] + net-dns/bind-tools[gssapi] + ) + ') + acl? ( virtual/acl ) + ceph? ( sys-cluster/ceph ) + cluster? ( net-libs/rpcsvc-proto ) + cups? ( net-print/cups ) + debug? ( dev-util/lttng-ust ) + fam? ( virtual/fam ) + gpg? ( app-crypt/gpgme:= ) + json? ( dev-libs/jansson:= ) + ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) + lmdb? ( >=dev-db/lmdb-0.9.16:=[${MULTILIB_USEDEP}] ) + pam? ( sys-libs/pam ) + python? ( + sys-libs/talloc[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/tdb[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/tevent[python,${PYTHON_SINGLE_USEDEP}] + ) + snapper? ( sys-apps/dbus ) + system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl(-),${MULTILIB_USEDEP}] ) + system-mitkrb5? ( >=app-crypt/mit-krb5-1.19[${MULTILIB_USEDEP}] ) + !system-heimdal? ( !system-mitkrb5? ( sys-apps/keyutils[${MULTILIB_USEDEP}] ) ) + systemd? ( sys-apps/systemd:= ) + unwind? ( + llvm-libunwind? ( llvm-runtimes/libunwind:= ) + !llvm-libunwind? ( sys-libs/libunwind:= ) + ) + zeroconf? ( net-dns/avahi[dbus] ) +" +DEPEND="${COMMON_DEPEND} + dev-perl/JSON + net-libs/libtirpc[${MULTILIB_USEDEP}] + net-libs/rpcsvc-proto + spotlight? ( dev-libs/glib ) + test? ( + >=dev-util/cmocka-1.1.3[${MULTILIB_USEDEP}] + $(python_gen_cond_dep "dev-python/python-subunit[\${PYTHON_USEDEP},${MULTILIB_USEDEP}]" ) + !system-mitkrb5? ( + >=net-dns/resolv_wrapper-1.1.4 + >=net-libs/socket_wrapper-1.1.9 + >=sys-libs/nss_wrapper-1.1.3 + >=sys-libs/uid_wrapper-1.2.1 + ) + )" +RDEPEND="${COMMON_DEPEND} + client? ( net-fs/cifs-utils[ads?] ) + python? ( ${PYTHON_DEPS} ) + selinux? ( sec-policy/selinux-samba ) +" +BDEPEND="${PYTHON_DEPS} + app-text/docbook-xsl-stylesheets + dev-libs/libxslt + virtual/pkgconfig +" + +PATCHES=( + "${FILESDIR}"/${PN}-4.18.4-pam.patch + "${FILESDIR}"/ldb-2.5.2-skip-wav-tevent-check.patch +) + +CONFDIR="${FILESDIR}/4.4" +WAF_BINARY="${S}/buildtools/bin/waf" +SHAREDMODS="" + +pkg_setup() { + # Package fails to build with distcc + export DISTCC_DISABLE=1 + export PYTHONHASHSEED=1 + + python-single-r1_pkg_setup + + SHAREDMODS="$(usev !snapper '!')vfs_snapper" + if use cluster ; then + SHAREDMODS+=",idmap_rid,idmap_tdb2,idmap_ad" + elif use ads ; then + SHAREDMODS+=",idmap_ad" + fi +} + +check_samba_dep_versions() { + actual_talloc_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/talloc/wscript || die) + if [[ ${actual_talloc_version} != ${TALLOC_VERSION} ]] ; then + eerror "Source talloc version: ${TALLOC_VERSION}" + eerror "Ebuild talloc version: ${actual_talloc_version}" + die "Ebuild needs to fix TALLOC_VERSION!" + fi + + actual_tdb_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/tdb/wscript || die) + if [[ ${actual_tdb_version} != ${TDB_VERSION} ]] ; then + eerror "Source tdb version: ${TDB_VERSION}" + eerror "Ebuild tdb version: ${actual_tdb_version}" + die "Ebuild needs to fix TDB_VERSION!" + fi + + actual_tevent_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/tevent/wscript || die) + if [[ ${actual_tevent_version} != ${TEVENT_VERSION} ]] ; then + eerror "Source tevent version: ${TEVENT_VERSION}" + eerror "Ebuild tevent version: ${actual_tevent_version}" + die "Ebuild needs to fix TEVENT_VERSION!" + fi +} + +src_prepare() { + default + + check_samba_dep_versions + + # Unbundle dnspython + sed -i -e '/"dns.resolver":/d' "${S}"/third_party/wscript || die + + # Unbundle iso8601 unless tests are enabled + if ! use test ; then + sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die + fi + + # Ugly hackaround for bug #592502 + #cp /usr/include/tevent_internal.h "${S}"/lib/tevent/ || die + + sed -e 's:::' \ + -i source4/dsdb/samdb/ldb_modules/password_hash.c \ + || die + + # bug #943942 + append-cflags -std=gnu17 + + # WAF + multilib_copy_sources +} + +multilib_src_configure() { + # When specifying libs for samba build you must append NONE to the end to + # stop it automatically including things + local bundled_libs="NONE" + if ! use system-heimdal && ! use system-mitkrb5 ; then + bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE" + fi + + # We "use" bundled cmocka when we're not running tests as we're + # not using it anyway. Means we avoid making users install it for + # no reason. bug #802531 + if ! use test ; then + bundled_libs="cmocka,${bundled_libs}" + fi + + # bug #874633 + if use llvm-libunwind ; then + mkdir -p "${T}"/${ABI}/pkgconfig || die + + local -x PKG_CONFIG_PATH="${T}/${ABI}/pkgconfig:${PKG_CONFIG_PATH}" + + cat <<-EOF > "${T}"/${ABI}/pkgconfig/libunwind-generic.pc || die + exec_prefix=\${prefix} + libdir=/usr/$(get_libdir) + includedir=\${prefix}/include + + Name: libunwind-generic + Description: libunwind generic library + Version: 1.70 + Libs: -L\${libdir} -lunwind + Cflags: -I\${includedir} + EOF + fi + + local myconf=( + --enable-fhs + --sysconfdir="${EPREFIX}/etc" + --localstatedir="${EPREFIX}/var" + --with-modulesdir="${EPREFIX}/usr/$(get_libdir)/samba" + --with-piddir="${EPREFIX}/run/${PN}" + --bundled-libraries="${bundled_libs}" + --builtin-libraries=NONE + --disable-rpath + --disable-rpath-install + --nopyc + --nopyo + --without-winexe + $(multilib_native_use_with acl acl-support) + $(multilib_native_usex addc '' '--without-ad-dc') + $(multilib_native_use_with ads) + $(multilib_native_use_enable ceph cephfs) + $(multilib_native_use_with cluster cluster-support) + $(multilib_native_use_enable cups) + --without-dmapi + $(multilib_native_use_with fam) + $(multilib_native_use_enable glusterfs) + $(multilib_native_use_with gpg gpgme) + $(multilib_native_use_with json) + $(multilib_native_use_enable iprint) + $(multilib_native_use_with pam) + $(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '') + $(multilib_native_use_with quota quotas) + $(multilib_native_use_with regedit) + $(multilib_native_use_enable spotlight) + $(multilib_native_use_with syslog) + $(multilib_native_use_with systemd) + --systemd-install-services + --with-systemddir="$(systemd_get_systemunitdir)" + $(multilib_native_use_with unwind libunwind) + $(multilib_native_use_with winbind) + $(multilib_native_usex python '' '--disable-python') + $(multilib_native_use_enable zeroconf avahi) + $(multilib_native_usex test '--enable-selftest' '') + $(usev system-mitkrb5 "--with-system-mitkrb5 ${ESYSROOT}/usr $(multilib_native_usex addc --with-experimental-mit-ad-dc '')") + $(use_with debug lttng) + $(use_with ldap) + $(use_with profiling-data) + --private-libraries='!ldb' + $(usex lmdb '' --without-ldb-lmdb) + # bug #683148 + --jobs 1 + ) + + if multilib_is_native_abi ; then + myconf+=( --with-shared-modules=${SHAREDMODS} ) + else + myconf+=( --with-shared-modules=DEFAULT,!vfs_snapper ) + fi + + append-cppflags "-I${ESYSROOT}/usr/include/et" + + waf-utils_src_configure ${myconf[@]} +} + +multilib_src_compile() { + waf-utils_src_compile +} + +multilib_src_test() { + if multilib_is_native_abi ; then + "${WAF_BINARY}" test || die "Test failed" + fi +} + +multilib_src_install() { + waf-utils_src_install + + # Make all .so files executable + find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die + # smbspool_krb5_wrapper must only be accessible to root, bug #880739 + find "${ED}" -type f -name "smbspool_krb5_wrapper" -exec chmod go-rwx {} + || die + + # Remove empty runtime dirs created by build system (bug #892341) + find "${ED}"/{run,var} -type d -empty -delete || die + + if multilib_is_native_abi ; then + # Install ldap schema for server (bug #491002) + if use ldap ; then + insinto /etc/openldap/schema + doins examples/LDAP/samba.schema + fi + + # Create symlink for cups (bug #552310) + if use cups ; then + dosym ../../../bin/smbspool \ + /usr/libexec/cups/backend/smb + fi + + # Install example config file + insinto /etc/samba + doins examples/smb.conf.default + + # Fix paths in example file (bug #603964) + sed \ + -e '/log file =/s@/usr/local/samba/var/@/var/log/samba/@' \ + -e '/include =/s@/usr/local/samba/lib/@/etc/samba/@' \ + -e '/path =/s@/usr/local/samba/lib/@/var/lib/samba/@' \ + -e '/path =/s@/usr/local/samba/@/var/lib/samba/@' \ + -e '/path =/s@/usr/spool/samba@/var/spool/samba@' \ + -i "${ED}"/etc/samba/smb.conf.default || die + + # Install init script and conf.d file + newinitd "${CONFDIR}/samba4.initd-r1" samba + newconfd "${CONFDIR}/samba4.confd" samba + + dotmpfiles "${FILESDIR}"/samba.conf + if ! use addc ; then + rm "${D}/$(systemd_get_systemunitdir)/samba.service" \ + || die + fi + + # Preserve functionality for old gentoo-specific unit names + dosym nmb.service "$(systemd_get_systemunitdir)/nmbd.service" + dosym smb.service "$(systemd_get_systemunitdir)/smbd.service" + dosym winbind.service "$(systemd_get_systemunitdir)/winbindd.service" + + use python && python_optimize + fi + + if use pam && use winbind ; then + newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind + # bugs #376853 and #590374 + insinto /etc/security + doins examples/pam_winbind/pam_winbind.conf + fi +} + +pkg_postinst() { + tmpfiles_process samba.conf +} diff --git a/sdk_container/src/third_party/portage-stable/net-libs/libtirpc/Manifest b/sdk_container/src/third_party/portage-stable/net-libs/libtirpc/Manifest new file mode 100644 index 0000000000..a0d59d4f49 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-libs/libtirpc/Manifest @@ -0,0 +1,3 @@ +DIST libtirpc-1.3.5.tar.bz2 565188 BLAKE2B 1ae1cc0be1c52bca8fbe2300159d9298b069b3f81adde7f50da3fb7049f9b9f628393dfe94e9276facfeea2b1ccdc9a52632fee4af432c36e457fd3ff2b0963c SHA512 c80a953671c5692294efe7425e41c7f12bd4c430f473f9ea71883168cb4a69111f0018122bd0e7982e18f4576e45d4977ce0790743382faae006c446813d2a4f +DIST libtirpc-1.3.6.tar.bz2 566384 BLAKE2B 521e1e3d2ceefd668f1b0d52b7c0342b97952d322eeb7bf740bb1eb1fb88a14b0a2fce57f07a9fd3797d289f57f511085924bba3d8984f15c799468d30f47500 SHA512 f3ccc45f9de8d517ccc10dd4b68b844bbe71a2cb61ca5819995d97319353f7e24cfee205e09dddf65cf47605314176aee161091d7379b6113ee8d1f5077c93d0 +DIST libtirpc-glibc-nfs.tar.xz 8948 BLAKE2B 7316623d9f2b6928e296137fe2bf6794b208d549c2ffba9e4a35b47f7b04bf023798a09f38c02d039debf6adc466d7689cf3c8274d71a22eaff08729642c0a28 SHA512 90255bf0a27af16164e0710dd940778609925d473f4343093ff19d98cc4f23023788bf4edf0178eae1961afc0ba8b69b273de95b7d7e2afdb706701d8ba6f7ba diff --git a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/libtirpc-1.3.4.ebuild b/sdk_container/src/third_party/portage-stable/net-libs/libtirpc/libtirpc-1.3.5.ebuild similarity index 56% rename from sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/libtirpc-1.3.4.ebuild rename to sdk_container/src/third_party/portage-stable/net-libs/libtirpc/libtirpc-1.3.5.ebuild index 370d55dafb..0075a750f0 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/libtirpc-1.3.4.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-libs/libtirpc/libtirpc-1.3.5.ebuild @@ -1,20 +1,20 @@ -# Copyright 1999-2023 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 -inherit flag-o-matic multilib-minimal toolchain-funcs usr-ldscript +inherit flag-o-matic libtool multilib-minimal DESCRIPTION="Transport Independent RPC library (SunRPC replacement)" HOMEPAGE="https://sourceforge.net/projects/libtirpc/ https://git.linux-nfs.org/?p=steved/libtirpc.git" SRC_URI=" - mirror://sourceforge/${PN}/${P}.tar.bz2 - mirror://gentoo/${PN}-glibc-nfs.tar.xz + https://downloads.sourceforge.net/${PN}/${P}.tar.bz2 + https://dev.gentoo.org/~sam/distfiles/${PN}-glibc-nfs.tar.xz " LICENSE="BSD BSD-2 BSD-4 LGPL-2.1+" SLOT="0/3" # subslot matches SONAME major -KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux" IUSE="kerberos static-libs" RDEPEND="kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )" @@ -31,39 +31,25 @@ src_prepare() { cp -ra "${WORKDIR}"/tirpc "${S}"/ || die default - - # Flatcar: Set netconfig path to /usr so NFS works in - # PXE/ISO-booted systems. - sed -i -e "s,/etc,/usr/share/tirpc," "${S}/tirpc/netconfig.h" || die + elibtoolize } multilib_src_configure() { - # ideally we want !tc-ld-is-bfd for best future-proofing, but it needs - # https://github.com/gentoo/gentoo/pull/28355 - # mold needs this too but right now tc-ld-is-mold is also not available - if tc-ld-is-lld; then - append-ldflags -Wl,--undefined-version - fi + append-ldflags $(test-flags-CCLD -Wl,--undefined-version) local myeconfargs=( $(use_enable kerberos gssapi) $(use_enable static-libs static) + KRB5_CONFIG="${ESYSROOT}"/usr/bin/krb5-config ) ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" } -multilib_src_install() { - default - - # libtirpc replaces rpc support in glibc, so we need it in / - gen_usr_ldscript -a tirpc -} - multilib_src_install_all() { einstalldocs - insinto /usr/share/tirpc + insinto /etc doins doc/netconfig insinto /usr/include/tirpc diff --git a/sdk_container/src/third_party/portage-stable/net-libs/libtirpc/libtirpc-1.3.6.ebuild b/sdk_container/src/third_party/portage-stable/net-libs/libtirpc/libtirpc-1.3.6.ebuild new file mode 100644 index 0000000000..ab9cc1da1a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-libs/libtirpc/libtirpc-1.3.6.ebuild @@ -0,0 +1,67 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit flag-o-matic libtool multilib-minimal + +DESCRIPTION="Transport Independent RPC library (SunRPC replacement)" +HOMEPAGE="https://sourceforge.net/projects/libtirpc/ https://git.linux-nfs.org/?p=steved/libtirpc.git" +SRC_URI=" + https://downloads.sourceforge.net/${PN}/${P}.tar.bz2 + https://dev.gentoo.org/~sam/distfiles/${PN}-glibc-nfs.tar.xz +" + +LICENSE="BSD BSD-2 BSD-4 LGPL-2.1+" +SLOT="0/3" # subslot matches SONAME major +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux" +IUSE="kerberos static-libs" + +RDEPEND="kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )" +DEPEND=" + ${RDEPEND} + elibc_musl? ( sys-libs/queue-standalone ) +" +BDEPEND=" + app-arch/xz-utils + virtual/pkgconfig +" + +src_prepare() { + cp -ra "${WORKDIR}"/tirpc "${S}"/ || die + + default + elibtoolize +} + +multilib_src_configure() { + # bug #943709 + append-cflags -std=gnu17 + append-ldflags $(test-flags-CCLD -Wl,--undefined-version) + # bug #911863 + append-lfs-flags + + local myeconfargs=( + $(use_enable kerberos gssapi) + $(use_enable static-libs static) + KRB5_CONFIG="${ESYSROOT}"/usr/bin/krb5-config + ) + + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" +} + +multilib_src_install_all() { + einstalldocs + + insinto /etc + doins doc/netconfig + + insinto /usr/include/tirpc + doins -r "${WORKDIR}"/tirpc/* + + # makes sure that the linking order for nfs-utils is proper, as + # libtool would inject a libgssglue dependency in the list. + if ! use static-libs ; then + find "${ED}" -name "*.la" -delete || die + fi +} diff --git a/sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/metadata.xml b/sdk_container/src/third_party/portage-stable/net-libs/libtirpc/metadata.xml similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/net-libs/libtirpc/metadata.xml rename to sdk_container/src/third_party/portage-stable/net-libs/libtirpc/metadata.xml diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/dbus/Manifest b/sdk_container/src/third_party/portage-stable/sys-apps/dbus/Manifest new file mode 100644 index 0000000000..1758356071 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/dbus/Manifest @@ -0,0 +1,3 @@ +DIST dbus-1.15.8.tar.xz 1149088 BLAKE2B 7c1962dfccc6a1b6250e80b0706d7f44536fabeff009013865ec4b1edaec6d4b47dcbe8f78caa61ef7aef4bac6b79f0e2027dd16bbb2baae328429e648bf8b8c SHA512 84b8ac194ede3bf300f4501395b7253538469a4f9d59ea4adaf800282e359ef43494d81941b338081d3704317d39f0aba14906c6490419f04f946eb9d815f46c +DIST dbus-1.16.0.tar.xz 1114680 BLAKE2B a5a3ebe777c1c0296ba7240f9ed29ad329a6578a05baf10a469ce8c7d243791d35aca42a70d04cdd88feea238d081c3c8b0db444df24abcf7ce5ffe9187a0440 SHA512 9206bf4e41575f379e4c615212d137600967311f3c8feac94692aadf4dca9df9169ae52c404ec8ed31a9b2bc718792be920ac0130f1159f082e4b6c66f3f233e +DIST dbus-1.16.2.tar.xz 1115644 BLAKE2B ddca8abdd5df70b24d51293a262cda3f9e69681b31ae8bb560a6286ca6f2dc0c420dc5322a61bb142a77b2b5f86bdafcc6bf84b0d78af9610af7a78763b8b8fb SHA512 5c26f52d85984bb9ae1dde8d7e73921eacbdf020a61ff15f00a4c240cb38a121553ee04bd66e62b28425ff9bc50f4f5e15135166573ac0888332a01a0db1faa2 diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/dbus/dbus-1.15.8.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/dbus/dbus-1.15.8.ebuild new file mode 100644 index 0000000000..79d7d089c6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/dbus/dbus-1.15.8.ebuild @@ -0,0 +1,223 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Be careful with packaging odd-version-number branches! +# After >1.15, we should at least keep stable as an upstream stable branch, +# possibly even ~arch too, given the note about security releases on their website. +# See https://www.freedesktop.org/wiki/Software/dbus/#download. + +PYTHON_COMPAT=( python3_{10..12} ) +TMPFILES_OPTIONAL=1 + +inherit linux-info meson-multilib python-any-r1 readme.gentoo-r1 systemd tmpfiles virtualx + +DESCRIPTION="A message bus system, a simple way for applications to talk to each other" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/dbus/" +SRC_URI="https://dbus.freedesktop.org/releases/dbus/${P}.tar.xz" + +LICENSE="|| ( AFL-2.1 GPL-2 )" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris" +# TODO: USE=daemon +IUSE="debug doc elogind selinux static-libs systemd test valgrind X" +RESTRICT="!test? ( test )" + +BDEPEND=" + ${PYTHON_DEPS} + acct-user/messagebus + app-text/xmlto + app-text/docbook-xml-dtd:4.4 + dev-build/autoconf-archive + virtual/pkgconfig + doc? ( app-text/doxygen ) +" +COMMON_DEPEND=" + >=dev-libs/expat-2.1.0 + elogind? ( sys-auth/elogind ) + selinux? ( + sys-process/audit + sys-libs/libselinux + ) + systemd? ( sys-apps/systemd:= ) + X? ( + x11-libs/libX11 + x11-libs/libXt + ) +" +DEPEND=" + ${COMMON_DEPEND} + dev-libs/expat + test? ( >=dev-libs/glib-2.40:2[${MULTILIB_USEDEP}] ) + valgrind? ( >=dev-debug/valgrind-3.6 ) + X? ( x11-base/xorg-proto ) +" +RDEPEND=" + ${COMMON_DEPEND} + acct-user/messagebus + selinux? ( sec-policy/selinux-dbus ) + systemd? ( virtual/tmpfiles ) +" + +DOC_CONTENTS=" + Some applications require a session bus in addition to the system + bus. Please see \`man dbus-launch\` for more information. +" + +PATCHES=( + "${FILESDIR}"/${PN}-1.15.8-enable-elogind.patch # bug #599494 +) + +pkg_setup() { + # Python interpeter required unconditionally (bug #932517) + python-any-r1_pkg_setup + + if use kernel_linux; then + CONFIG_CHECK="~EPOLL" + linux-info_pkg_setup + fi +} + +src_configure() { + local rundir=$(usex kernel_linux /run /var/run) + + sed -e "s;@rundir@;${EPREFIX}${rundir};g" "${FILESDIR}"/dbus.initd.in \ + > "${T}"/dbus.initd || die + + meson-multilib_src_configure +} + +multilib_src_configure() { + local emesonargs=( + --localstatedir="${EPREFIX}/var" + -Druntime_dir="${EPREFIX}${rundir}" + + -Ddefault_library=$(multilib_native_usex static-libs both shared) + + -Dapparmor=disabled + -Dasserts=false # TODO + -Dchecks=false # TODO + $(meson_use debug stats) + $(meson_use debug verbose_mode) + -Dcontainers=false + -Ddbus_user=messagebus + -Dkqueue=disabled + $(meson_feature kernel_linux inotify) + $(meson_native_use_feature doc doxygen_docs) + $(meson_native_enabled xml_docs) # Controls man pages + + -Dembedded_tests=false + -Dinstalled_tests=false + $(meson_native_true message_bus) # TODO: USE=daemon? + $(meson_feature test modular_tests) + -Dqt_help=disabled + + $(meson_native_true tools) + + $(meson_native_use_feature elogind) + $(meson_native_use_feature systemd) + $(meson_use systemd user_session) + $(meson_native_use_feature X x11_autolaunch) + $(meson_native_use_feature valgrind) + + # libaudit is *only* used in DBus wrt SELinux support, so disable it if + # not on an SELinux profile. + $(meson_native_use_feature selinux) + $(meson_native_use_feature selinux libaudit) + + -Dsession_socket_dir="${EPREFIX}"/tmp + -Dsystem_pid_file="${EPREFIX}${rundir}"/dbus.pid + -Dsystem_socket="${EPREFIX}${rundir}"/dbus/system_bus_socket + -Dsystemd_system_unitdir="$(systemd_get_systemunitdir)" + -Dsystemd_user_unitdir="$(systemd_get_userunitdir)" + ) + + if [[ ${CHOST} == *-darwin* ]] ; then + emesonargs+=( + -Dlaunchd=enabled + -Dlaunchd_agent_dir="${EPREFIX}"/Library/LaunchAgents + ) + fi + + meson_src_configure +} + +multilib_src_compile() { + # After the compile, it uses a selinuxfs interface to + # check if the SELinux policy has the right support + use selinux && addwrite /selinux/access + + meson_src_compile +} + +multilib_src_test() { + # DBUS_TEST_MALLOC_FAILURES=0 to avoid huge test logs + # https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/CONTRIBUTING.md#L231 + DBUS_TEST_MALLOC_FAILURES=0 DBUS_VERBOSE=1 virtx meson_src_test + +} + +multilib_src_install_all() { + newinitd "${T}"/dbus.initd dbus + + if use X; then + # dbus X session script (bug #77504) + # turns out to only work for GDM (and startx). has been merged into + # other desktop (kdm and such scripts) + exeinto /etc/X11/xinit/xinitrc.d + newexe "${FILESDIR}"/80-dbus-r1 80-dbus + fi + + # Needs to exist for dbus sessions to launch + keepdir /usr/share/dbus-1/services + keepdir /etc/dbus-1/{session,system}.d + # machine-id symlink from pkg_postinst() + keepdir /var/lib/dbus + # Let the init script create the /var/run/dbus directory + rm -rf "${ED}"/{,var/}run + + # bug #761763 + rm -rf "${ED}"/usr/lib/sysusers.d + + dodoc AUTHORS NEWS README doc/TODO + readme.gentoo_create_doc + + mv "${ED}"/usr/share/doc/dbus/* "${ED}"/usr/share/doc/${PF}/ || die + rm -rf "${ED}"/usr/share/doc/dbus || die +} + +pkg_postinst() { + readme.gentoo_print_elog + + if use systemd; then + tmpfiles_process dbus.conf + fi + + # Ensure unique id is generated and put it in /etc wrt bug #370451 but symlink + # for DBUS_MACHINE_UUID_FILE (see tools/dbus-launch.c) and reverse + # dependencies with hardcoded paths (although the known ones got fixed already) + # TODO: should be safe to remove at least the ln because of the above tmpfiles_process? + dbus-uuidgen --ensure="${EROOT}"/etc/machine-id + ln -sf "${EPREFIX}"/etc/machine-id "${EROOT}"/var/lib/dbus/machine-id + + if [[ ${CHOST} == *-darwin* ]]; then + local plist="org.freedesktop.dbus-session.plist" + elog + elog "For MacOS/Darwin we now ship launchd support for dbus." + elog "This enables autolaunch of dbus at session login and makes" + elog "dbus usable under MacOS/Darwin." + elog + elog "The launchd plist file ${plist} has been" + elog "installed in ${EPREFIX}/Library/LaunchAgents." + elog "For it to be used, you will have to do all of the following:" + elog " + cd ~/Library/LaunchAgents" + elog " + ln -s ${EPREFIX}/Library/LaunchAgents/${plist}" + elog " + logout and log back in" + elog + elog "If your application needs a proper DBUS_SESSION_BUS_ADDRESS" + elog "specified and refused to start otherwise, then export the" + elog "the following to your environment:" + elog " DBUS_SESSION_BUS_ADDRESS=\"launchd:env=DBUS_LAUNCHD_SESSION_BUS_SOCKET\"" + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/dbus/dbus-1.16.0-r3.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/dbus/dbus-1.16.0-r3.ebuild new file mode 100644 index 0000000000..329294046b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/dbus/dbus-1.16.0-r3.ebuild @@ -0,0 +1,223 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Be careful with packaging odd-version-number branches! +# We should at the very least keep stable as an upstream stable branch, +# possibly even ~arch too, given the note about security releases on their website. +# See https://www.freedesktop.org/wiki/Software/dbus/#download. + +PYTHON_COMPAT=( python3_{10..13} ) +TMPFILES_OPTIONAL=1 + +inherit linux-info meson-multilib python-any-r1 readme.gentoo-r1 systemd tmpfiles virtualx + +DESCRIPTION="A message bus system, a simple way for applications to talk to each other" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/dbus/" +SRC_URI="https://dbus.freedesktop.org/releases/dbus/${P}.tar.xz" + +LICENSE="|| ( AFL-2.1 GPL-2 )" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris" +# TODO: USE=daemon +IUSE="debug doc elogind selinux static-libs systemd test valgrind X" +RESTRICT="!test? ( test )" + +BDEPEND=" + ${PYTHON_DEPS} + acct-user/messagebus + app-text/xmlto + app-text/docbook-xml-dtd:4.4 + dev-build/autoconf-archive + virtual/pkgconfig + doc? ( app-text/doxygen ) +" +COMMON_DEPEND=" + >=dev-libs/expat-2.1.0 + elogind? ( sys-auth/elogind ) + selinux? ( + sys-process/audit + sys-libs/libselinux + ) + systemd? ( sys-apps/systemd:= ) + X? ( + x11-libs/libX11 + x11-libs/libXt + ) +" +DEPEND=" + ${COMMON_DEPEND} + dev-libs/expat + test? ( >=dev-libs/glib-2.40:2[${MULTILIB_USEDEP}] ) + valgrind? ( >=dev-debug/valgrind-3.6 ) + X? ( x11-base/xorg-proto ) +" +RDEPEND=" + ${COMMON_DEPEND} + acct-user/messagebus + selinux? ( sec-policy/selinux-dbus ) + systemd? ( virtual/tmpfiles ) +" + +DOC_CONTENTS=" + Some applications require a session bus in addition to the system + bus. Please see \`man dbus-launch\` for more information. +" + +PATCHES=( + "${FILESDIR}"/${PN}-1.16.0-enable-elogind.patch # bug #599494 +) + +pkg_setup() { + # Python interpeter required unconditionally (bug #932517) + python-any-r1_pkg_setup + + if use kernel_linux; then + CONFIG_CHECK="~EPOLL" + linux-info_pkg_setup + fi +} + +src_configure() { + local rundir=$(usex kernel_linux /run /var/run) + + sed -e "s;@rundir@;${EPREFIX}${rundir};g" "${FILESDIR}"/dbus.initd.in \ + > "${T}"/dbus.initd || die + + meson-multilib_src_configure +} + +multilib_src_configure() { + local emesonargs=( + --localstatedir="${EPREFIX}/var" + -Druntime_dir="${EPREFIX}${rundir}" + + -Ddefault_library=$(multilib_native_usex static-libs both shared) + + -Dapparmor=disabled + -Dasserts=false # TODO + -Dchecks=false # TODO + $(meson_use debug stats) + $(meson_use debug verbose_mode) + -Ddbus_user=messagebus + -Dkqueue=disabled + $(meson_feature kernel_linux inotify) + $(meson_native_use_feature doc doxygen_docs) + $(meson_native_enabled xml_docs) # Controls man pages + + -Dinstalled_tests=false + $(meson_native_true message_bus) # TODO: USE=daemon? + $(meson_feature test modular_tests) + -Dqt_help=disabled + + $(meson_native_true tools) + + $(meson_native_use_feature elogind) + $(meson_native_use_feature systemd) + $(meson_use systemd user_session) + $(meson_native_use_feature X x11_autolaunch) + $(meson_native_use_feature valgrind) + + # libaudit is *only* used in DBus wrt SELinux support, so disable it if + # not on an SELinux profile. + $(meson_native_use_feature selinux) + $(meson_native_use_feature selinux libaudit) + + -Dsession_socket_dir="${EPREFIX}"/tmp + -Dsystem_pid_file="${EPREFIX}${rundir}"/dbus.pid + -Dsystem_socket="${EPREFIX}${rundir}"/dbus/system_bus_socket + -Dsystemd_system_unitdir="$(systemd_get_systemunitdir)" + -Dsystemd_user_unitdir="$(systemd_get_userunitdir)" + ) + + if [[ ${CHOST} == *-darwin* ]] ; then + emesonargs+=( + -Dlaunchd=enabled + -Dlaunchd_agent_dir="${EPREFIX}"/Library/LaunchAgents + ) + fi + + meson_src_configure +} + +multilib_src_compile() { + # After the compile, it uses a selinuxfs interface to + # check if the SELinux policy has the right support + use selinux && addwrite /selinux/access + + meson_src_compile +} + +multilib_src_test() { + # DBUS_TEST_MALLOC_FAILURES=0 to avoid huge test logs + # https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/CONTRIBUTING.md#L231 + DBUS_TEST_MALLOC_FAILURES=0 DBUS_VERBOSE=1 virtx meson_src_test + +} + +multilib_src_install_all() { + newinitd "${T}"/dbus.initd dbus + exeinto /etc/user/init.d + newexe "${FILESDIR}/dbus.user.initd" dbus + + if use X; then + # dbus X session script (bug #77504) + # turns out to only work for GDM (and startx). has been merged into + # other desktop (kdm and such scripts) + exeinto /etc/X11/xinit/xinitrc.d + newexe "${FILESDIR}"/80-dbus-r1 80-dbus + fi + + # Needs to exist for dbus sessions to launch + keepdir /usr/share/dbus-1/services + keepdir /etc/dbus-1/{session,system}.d + # machine-id symlink from pkg_postinst() + keepdir /var/lib/dbus + # Let the init script create the /var/run/dbus directory + rm -rf "${ED}"/{,var/}run + + # bug #761763 + rm -rf "${ED}"/usr/lib/sysusers.d + + dodoc AUTHORS NEWS README doc/TODO + readme.gentoo_create_doc + + mv "${ED}"/usr/share/doc/dbus/* "${ED}"/usr/share/doc/${PF}/ || die + rm -rf "${ED}"/usr/share/doc/dbus || die +} + +pkg_postinst() { + readme.gentoo_print_elog + + if use systemd; then + tmpfiles_process dbus.conf + fi + + # Ensure unique id is generated and put it in /etc wrt bug #370451 but symlink + # for DBUS_MACHINE_UUID_FILE (see tools/dbus-launch.c) and reverse + # dependencies with hardcoded paths (although the known ones got fixed already) + # TODO: should be safe to remove at least the ln because of the above tmpfiles_process? + dbus-uuidgen --ensure="${EROOT}"/etc/machine-id + ln -sf "${EPREFIX}"/etc/machine-id "${EROOT}"/var/lib/dbus/machine-id + + if [[ ${CHOST} == *-darwin* ]]; then + local plist="org.freedesktop.dbus-session.plist" + elog + elog "For MacOS/Darwin we now ship launchd support for dbus." + elog "This enables autolaunch of dbus at session login and makes" + elog "dbus usable under MacOS/Darwin." + elog + elog "The launchd plist file ${plist} has been" + elog "installed in ${EPREFIX}/Library/LaunchAgents." + elog "For it to be used, you will have to do all of the following:" + elog " + cd ~/Library/LaunchAgents" + elog " + ln -s ${EPREFIX}/Library/LaunchAgents/${plist}" + elog " + logout and log back in" + elog + elog "If your application needs a proper DBUS_SESSION_BUS_ADDRESS" + elog "specified and refused to start otherwise, then export the" + elog "the following to your environment:" + elog " DBUS_SESSION_BUS_ADDRESS=\"launchd:env=DBUS_LAUNCHD_SESSION_BUS_SOCKET\"" + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/dbus/dbus-1.16.0.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/dbus/dbus-1.16.0.ebuild new file mode 100644 index 0000000000..ce3cee9230 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/dbus/dbus-1.16.0.ebuild @@ -0,0 +1,221 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Be careful with packaging odd-version-number branches! +# We should at the very least keep stable as an upstream stable branch, +# possibly even ~arch too, given the note about security releases on their website. +# See https://www.freedesktop.org/wiki/Software/dbus/#download. + +PYTHON_COMPAT=( python3_{10..13} ) +TMPFILES_OPTIONAL=1 + +inherit linux-info meson-multilib python-any-r1 readme.gentoo-r1 systemd tmpfiles virtualx + +DESCRIPTION="A message bus system, a simple way for applications to talk to each other" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/dbus/" +SRC_URI="https://dbus.freedesktop.org/releases/dbus/${P}.tar.xz" + +LICENSE="|| ( AFL-2.1 GPL-2 )" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris" +# TODO: USE=daemon +IUSE="debug doc elogind selinux static-libs systemd test valgrind X" +RESTRICT="!test? ( test )" + +BDEPEND=" + ${PYTHON_DEPS} + acct-user/messagebus + app-text/xmlto + app-text/docbook-xml-dtd:4.4 + dev-build/autoconf-archive + virtual/pkgconfig + doc? ( app-text/doxygen ) +" +COMMON_DEPEND=" + >=dev-libs/expat-2.1.0 + elogind? ( sys-auth/elogind ) + selinux? ( + sys-process/audit + sys-libs/libselinux + ) + systemd? ( sys-apps/systemd:= ) + X? ( + x11-libs/libX11 + x11-libs/libXt + ) +" +DEPEND=" + ${COMMON_DEPEND} + dev-libs/expat + test? ( >=dev-libs/glib-2.40:2[${MULTILIB_USEDEP}] ) + valgrind? ( >=dev-debug/valgrind-3.6 ) + X? ( x11-base/xorg-proto ) +" +RDEPEND=" + ${COMMON_DEPEND} + acct-user/messagebus + selinux? ( sec-policy/selinux-dbus ) + systemd? ( virtual/tmpfiles ) +" + +DOC_CONTENTS=" + Some applications require a session bus in addition to the system + bus. Please see \`man dbus-launch\` for more information. +" + +PATCHES=( + "${FILESDIR}"/${PN}-1.16.0-enable-elogind.patch # bug #599494 +) + +pkg_setup() { + # Python interpeter required unconditionally (bug #932517) + python-any-r1_pkg_setup + + if use kernel_linux; then + CONFIG_CHECK="~EPOLL" + linux-info_pkg_setup + fi +} + +src_configure() { + local rundir=$(usex kernel_linux /run /var/run) + + sed -e "s;@rundir@;${EPREFIX}${rundir};g" "${FILESDIR}"/dbus.initd.in \ + > "${T}"/dbus.initd || die + + meson-multilib_src_configure +} + +multilib_src_configure() { + local emesonargs=( + --localstatedir="${EPREFIX}/var" + -Druntime_dir="${EPREFIX}${rundir}" + + -Ddefault_library=$(multilib_native_usex static-libs both shared) + + -Dapparmor=disabled + -Dasserts=false # TODO + -Dchecks=false # TODO + $(meson_use debug stats) + $(meson_use debug verbose_mode) + -Ddbus_user=messagebus + -Dkqueue=disabled + $(meson_feature kernel_linux inotify) + $(meson_native_use_feature doc doxygen_docs) + $(meson_native_enabled xml_docs) # Controls man pages + + -Dinstalled_tests=false + $(meson_native_true message_bus) # TODO: USE=daemon? + $(meson_feature test modular_tests) + -Dqt_help=disabled + + $(meson_native_true tools) + + $(meson_native_use_feature elogind) + $(meson_native_use_feature systemd) + $(meson_use systemd user_session) + $(meson_native_use_feature X x11_autolaunch) + $(meson_native_use_feature valgrind) + + # libaudit is *only* used in DBus wrt SELinux support, so disable it if + # not on an SELinux profile. + $(meson_native_use_feature selinux) + $(meson_native_use_feature selinux libaudit) + + -Dsession_socket_dir="${EPREFIX}"/tmp + -Dsystem_pid_file="${EPREFIX}${rundir}"/dbus.pid + -Dsystem_socket="${EPREFIX}${rundir}"/dbus/system_bus_socket + -Dsystemd_system_unitdir="$(systemd_get_systemunitdir)" + -Dsystemd_user_unitdir="$(systemd_get_userunitdir)" + ) + + if [[ ${CHOST} == *-darwin* ]] ; then + emesonargs+=( + -Dlaunchd=enabled + -Dlaunchd_agent_dir="${EPREFIX}"/Library/LaunchAgents + ) + fi + + meson_src_configure +} + +multilib_src_compile() { + # After the compile, it uses a selinuxfs interface to + # check if the SELinux policy has the right support + use selinux && addwrite /selinux/access + + meson_src_compile +} + +multilib_src_test() { + # DBUS_TEST_MALLOC_FAILURES=0 to avoid huge test logs + # https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/CONTRIBUTING.md#L231 + DBUS_TEST_MALLOC_FAILURES=0 DBUS_VERBOSE=1 virtx meson_src_test + +} + +multilib_src_install_all() { + newinitd "${T}"/dbus.initd dbus + + if use X; then + # dbus X session script (bug #77504) + # turns out to only work for GDM (and startx). has been merged into + # other desktop (kdm and such scripts) + exeinto /etc/X11/xinit/xinitrc.d + newexe "${FILESDIR}"/80-dbus-r1 80-dbus + fi + + # Needs to exist for dbus sessions to launch + keepdir /usr/share/dbus-1/services + keepdir /etc/dbus-1/{session,system}.d + # machine-id symlink from pkg_postinst() + keepdir /var/lib/dbus + # Let the init script create the /var/run/dbus directory + rm -rf "${ED}"/{,var/}run + + # bug #761763 + rm -rf "${ED}"/usr/lib/sysusers.d + + dodoc AUTHORS NEWS README doc/TODO + readme.gentoo_create_doc + + mv "${ED}"/usr/share/doc/dbus/* "${ED}"/usr/share/doc/${PF}/ || die + rm -rf "${ED}"/usr/share/doc/dbus || die +} + +pkg_postinst() { + readme.gentoo_print_elog + + if use systemd; then + tmpfiles_process dbus.conf + fi + + # Ensure unique id is generated and put it in /etc wrt bug #370451 but symlink + # for DBUS_MACHINE_UUID_FILE (see tools/dbus-launch.c) and reverse + # dependencies with hardcoded paths (although the known ones got fixed already) + # TODO: should be safe to remove at least the ln because of the above tmpfiles_process? + dbus-uuidgen --ensure="${EROOT}"/etc/machine-id + ln -sf "${EPREFIX}"/etc/machine-id "${EROOT}"/var/lib/dbus/machine-id + + if [[ ${CHOST} == *-darwin* ]]; then + local plist="org.freedesktop.dbus-session.plist" + elog + elog "For MacOS/Darwin we now ship launchd support for dbus." + elog "This enables autolaunch of dbus at session login and makes" + elog "dbus usable under MacOS/Darwin." + elog + elog "The launchd plist file ${plist} has been" + elog "installed in ${EPREFIX}/Library/LaunchAgents." + elog "For it to be used, you will have to do all of the following:" + elog " + cd ~/Library/LaunchAgents" + elog " + ln -s ${EPREFIX}/Library/LaunchAgents/${plist}" + elog " + logout and log back in" + elog + elog "If your application needs a proper DBUS_SESSION_BUS_ADDRESS" + elog "specified and refused to start otherwise, then export the" + elog "the following to your environment:" + elog " DBUS_SESSION_BUS_ADDRESS=\"launchd:env=DBUS_LAUNCHD_SESSION_BUS_SOCKET\"" + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/dbus/dbus-1.16.2.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/dbus/dbus-1.16.2.ebuild new file mode 100644 index 0000000000..6e3b3438bd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/dbus/dbus-1.16.2.ebuild @@ -0,0 +1,223 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Be careful with packaging odd-version-number branches! +# We should at the very least keep stable as an upstream stable branch, +# possibly even ~arch too, given the note about security releases on their website. +# See https://www.freedesktop.org/wiki/Software/dbus/#download. + +PYTHON_COMPAT=( python3_{10..13} ) +TMPFILES_OPTIONAL=1 + +inherit linux-info meson-multilib python-any-r1 readme.gentoo-r1 systemd tmpfiles virtualx + +DESCRIPTION="A message bus system, a simple way for applications to talk to each other" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/dbus/" +SRC_URI="https://dbus.freedesktop.org/releases/dbus/${P}.tar.xz" + +LICENSE="|| ( AFL-2.1 GPL-2 )" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris" +# TODO: USE=daemon +IUSE="debug doc elogind selinux static-libs systemd test valgrind X" +RESTRICT="!test? ( test )" + +BDEPEND=" + ${PYTHON_DEPS} + acct-user/messagebus + app-text/xmlto + app-text/docbook-xml-dtd:4.4 + dev-build/autoconf-archive + virtual/pkgconfig + doc? ( app-text/doxygen ) +" +COMMON_DEPEND=" + >=dev-libs/expat-2.1.0 + elogind? ( sys-auth/elogind ) + selinux? ( + sys-process/audit + sys-libs/libselinux + ) + systemd? ( sys-apps/systemd:= ) + X? ( + x11-libs/libX11 + x11-libs/libXt + ) +" +DEPEND=" + ${COMMON_DEPEND} + dev-libs/expat + test? ( >=dev-libs/glib-2.40:2[${MULTILIB_USEDEP}] ) + valgrind? ( >=dev-debug/valgrind-3.6 ) + X? ( x11-base/xorg-proto ) +" +RDEPEND=" + ${COMMON_DEPEND} + acct-user/messagebus + selinux? ( sec-policy/selinux-dbus ) + systemd? ( virtual/tmpfiles ) +" + +DOC_CONTENTS=" + Some applications require a session bus in addition to the system + bus. Please see \`man dbus-launch\` for more information. +" + +PATCHES=( + "${FILESDIR}"/${PN}-1.16.0-enable-elogind.patch # bug #599494 +) + +pkg_setup() { + # Python interpeter required unconditionally (bug #932517) + python-any-r1_pkg_setup + + if use kernel_linux; then + CONFIG_CHECK="~EPOLL" + linux-info_pkg_setup + fi +} + +src_configure() { + local rundir=$(usex kernel_linux /run /var/run) + + sed -e "s;@rundir@;${EPREFIX}${rundir};g" "${FILESDIR}"/dbus.initd.in \ + > "${T}"/dbus.initd || die + + meson-multilib_src_configure +} + +multilib_src_configure() { + local emesonargs=( + --localstatedir="${EPREFIX}/var" + -Druntime_dir="${EPREFIX}${rundir}" + + -Ddefault_library=$(multilib_native_usex static-libs both shared) + + -Dapparmor=disabled + -Dasserts=false # TODO + -Dchecks=false # TODO + $(meson_use debug stats) + $(meson_use debug verbose_mode) + -Ddbus_user=messagebus + -Dkqueue=disabled + $(meson_feature kernel_linux inotify) + $(meson_native_use_feature doc doxygen_docs) + $(meson_native_enabled xml_docs) # Controls man pages + + -Dinstalled_tests=false + $(meson_native_true message_bus) # TODO: USE=daemon? + $(meson_feature test modular_tests) + -Dqt_help=disabled + + $(meson_native_true tools) + + $(meson_native_use_feature elogind) + $(meson_native_use_feature systemd) + $(meson_use systemd user_session) + $(meson_native_use_feature X x11_autolaunch) + $(meson_native_use_feature valgrind) + + # libaudit is *only* used in DBus wrt SELinux support, so disable it if + # not on an SELinux profile. + $(meson_native_use_feature selinux) + $(meson_native_use_feature selinux libaudit) + + -Dsession_socket_dir="${EPREFIX}"/tmp + -Dsystem_pid_file="${EPREFIX}${rundir}"/dbus.pid + -Dsystem_socket="${EPREFIX}${rundir}"/dbus/system_bus_socket + -Dsystemd_system_unitdir="$(systemd_get_systemunitdir)" + -Dsystemd_user_unitdir="$(systemd_get_userunitdir)" + ) + + if [[ ${CHOST} == *-darwin* ]] ; then + emesonargs+=( + -Dlaunchd=enabled + -Dlaunchd_agent_dir="${EPREFIX}"/Library/LaunchAgents + ) + fi + + meson_src_configure +} + +multilib_src_compile() { + # After the compile, it uses a selinuxfs interface to + # check if the SELinux policy has the right support + use selinux && addwrite /selinux/access + + meson_src_compile +} + +multilib_src_test() { + # DBUS_TEST_MALLOC_FAILURES=0 to avoid huge test logs + # https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/CONTRIBUTING.md#L231 + DBUS_TEST_MALLOC_FAILURES=0 DBUS_VERBOSE=1 virtx meson_src_test + +} + +multilib_src_install_all() { + newinitd "${T}"/dbus.initd dbus + exeinto /etc/user/init.d + newexe "${FILESDIR}/dbus.user.initd" dbus + + if use X; then + # dbus X session script (bug #77504) + # turns out to only work for GDM (and startx). has been merged into + # other desktop (kdm and such scripts) + exeinto /etc/X11/xinit/xinitrc.d + newexe "${FILESDIR}"/80-dbus-r1 80-dbus + fi + + # Needs to exist for dbus sessions to launch + keepdir /usr/share/dbus-1/services + keepdir /etc/dbus-1/{session,system}.d + # machine-id symlink from pkg_postinst() + keepdir /var/lib/dbus + # Let the init script create the /var/run/dbus directory + rm -rf "${ED}"/{,var/}run + + # bug #761763 + rm -rf "${ED}"/usr/lib/sysusers.d + + dodoc AUTHORS NEWS README doc/TODO + readme.gentoo_create_doc + + mv "${ED}"/usr/share/doc/dbus/* "${ED}"/usr/share/doc/${PF}/ || die + rm -rf "${ED}"/usr/share/doc/dbus || die +} + +pkg_postinst() { + readme.gentoo_print_elog + + if use systemd; then + tmpfiles_process dbus.conf + fi + + # Ensure unique id is generated and put it in /etc wrt bug #370451 but symlink + # for DBUS_MACHINE_UUID_FILE (see tools/dbus-launch.c) and reverse + # dependencies with hardcoded paths (although the known ones got fixed already) + # TODO: should be safe to remove at least the ln because of the above tmpfiles_process? + dbus-uuidgen --ensure="${EROOT}"/etc/machine-id + ln -sf "${EPREFIX}"/etc/machine-id "${EROOT}"/var/lib/dbus/machine-id + + if [[ ${CHOST} == *-darwin* ]]; then + local plist="org.freedesktop.dbus-session.plist" + elog + elog "For MacOS/Darwin we now ship launchd support for dbus." + elog "This enables autolaunch of dbus at session login and makes" + elog "dbus usable under MacOS/Darwin." + elog + elog "The launchd plist file ${plist} has been" + elog "installed in ${EPREFIX}/Library/LaunchAgents." + elog "For it to be used, you will have to do all of the following:" + elog " + cd ~/Library/LaunchAgents" + elog " + ln -s ${EPREFIX}/Library/LaunchAgents/${plist}" + elog " + logout and log back in" + elog + elog "If your application needs a proper DBUS_SESSION_BUS_ADDRESS" + elog "specified and refused to start otherwise, then export the" + elog "the following to your environment:" + elog " DBUS_SESSION_BUS_ADDRESS=\"launchd:env=DBUS_LAUNCHD_SESSION_BUS_SOCKET\"" + fi +} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/80-dbus-r1 b/sdk_container/src/third_party/portage-stable/sys-apps/dbus/files/80-dbus-r1 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/80-dbus-r1 rename to sdk_container/src/third_party/portage-stable/sys-apps/dbus/files/80-dbus-r1 diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/dbus/files/dbus-1.15.8-enable-elogind.patch b/sdk_container/src/third_party/portage-stable/sys-apps/dbus/files/dbus-1.15.8-enable-elogind.patch new file mode 100644 index 0000000000..543eac5b30 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/dbus/files/dbus-1.15.8-enable-elogind.patch @@ -0,0 +1,65 @@ +https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/53 +https://bugs.gentoo.org/599494 + +Especially see https://bugs.gentoo.org/599494#c21 - this functionality isn't +particularly required. The only known consumer at the moment is hplip. +--- a/dbus/dbus-userdb-util.c ++++ b/dbus/dbus-userdb-util.c +@@ -41,6 +41,9 @@ + #ifdef HAVE_SYSTEMD + #include + #endif ++#ifdef HAVE_ELOGIND ++#include ++#endif + + /** + * @addtogroup DBusInternalsUtils +@@ -67,7 +70,7 @@ dbus_bool_t + _dbus_is_console_user (dbus_uid_t uid, + DBusError *error) + { +-#ifdef HAVE_SYSTEMD ++#if defined(HAVE_SYSTEMD) || defined(HAVE_ELOGIND) + /* check if we have logind */ + if (access ("/run/systemd/seats/", F_OK) >= 0) + { +--- a/dbus/meson.build ++++ b/dbus/meson.build +@@ -23,6 +23,7 @@ dbus_dependencies = [ + threads, + network_libs, + systemd, ++ elogind, + valgrind.partial_dependency(compile_args: true), + ] + +--- a/meson.build ++++ b/meson.build +@@ -478,6 +478,10 @@ if use_launchd + endif + endif + ++elogind = dependency('libelogind', version: '>=209', required: get_option('elogind')) ++use_elogind = elogind.found() ++config.set('HAVE_ELOGIND', use_elogind) ++ + systemd = dependency('libsystemd', version: '>=209', required: get_option('systemd')) + use_systemd = systemd.found() + config.set('HAVE_SYSTEMD', use_systemd) +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -244,6 +244,13 @@ option( + description: 'Systemd at_console support' + ) + ++option( ++ 'elogind', ++ type: 'feature', ++ value: 'auto', ++ description: 'elogind at_console support' ++) ++ + option( + 'test_socket_dir', + type: 'string', diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/dbus/files/dbus-1.16.0-enable-elogind.patch b/sdk_container/src/third_party/portage-stable/sys-apps/dbus/files/dbus-1.16.0-enable-elogind.patch new file mode 100644 index 0000000000..6403c03d44 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/dbus/files/dbus-1.16.0-enable-elogind.patch @@ -0,0 +1,103 @@ +https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/509 + +From a10cfc2ed95b04063826911111819fff5e837d6f Mon Sep 17 00:00:00 2001 +From: Dudemanguy +Date: Fri, 20 Dec 2024 10:53:28 -0600 +Subject: [PATCH] build: add elogind support + +Checking the uid of the user seat also works if elogind is used. Add +this as an option to the build and make it mutually exclusive with +enabling systemd. +--- + dbus/dbus-userdb-util.c | 6 +++++- + dbus/meson.build | 1 + + meson.build | 12 ++++++++++++ + meson_options.txt | 7 +++++++ + 4 files changed, 25 insertions(+), 1 deletion(-) + +diff --git a/dbus/dbus-userdb-util.c b/dbus/dbus-userdb-util.c +index 736244955..a7b611309 100644 +--- a/dbus/dbus-userdb-util.c ++++ b/dbus/dbus-userdb-util.c +@@ -42,6 +42,10 @@ + #include + #endif + ++#ifdef HAVE_ELOGIND ++#include ++#endif ++ + /** + * @addtogroup DBusInternalsUtils + * @{ +@@ -67,7 +71,7 @@ dbus_bool_t + _dbus_is_console_user (dbus_uid_t uid, + DBusError *error) + { +-#ifdef HAVE_SYSTEMD ++#if defined(HAVE_SYSTEMD) || defined(HAVE_ELOGIND) + /* check if we have logind */ + if (access ("/run/systemd/seats/", F_OK) >= 0) + { +diff --git a/dbus/meson.build b/dbus/meson.build +index d2acd0594..0e543069e 100644 +--- a/dbus/meson.build ++++ b/dbus/meson.build +@@ -24,6 +24,7 @@ dbus_dependencies = [ + adt_libs, + network_libs, + systemd, ++ elogind, + valgrind.partial_dependency(compile_args: true), + ] + +diff --git a/meson.build b/meson.build +index 97d14593f..5f24ba3af 100644 +--- a/meson.build ++++ b/meson.build +@@ -519,6 +519,17 @@ else + endif + data_config.set('SYSTEMCTL', systemctl) + ++elogind_opt = get_option('elogind') ++if use_systemd ++ if elogind_opt.enabled() ++ error('-Dsystemd and -Delogind are mutually exclusive') ++ endif ++ elogind = dependency('', required: false) ++else ++ elogind = dependency('libelogind', version: '>=209', required: elogind_opt) ++endif ++use_elogind = elogind.found() ++config.set('HAVE_ELOGIND', use_elogind) + + + use_traditional_activation = message_bus and get_option('traditional_activation') +@@ -1361,6 +1372,7 @@ summary_dict += { + 'Building inotify support': use_inotify, + 'Building kqueue support': use_kqueue, + 'Building systemd support': use_systemd, ++ 'Building elogind support': use_elogind, + 'Traditional activation': use_traditional_activation, + 'Building X11 code': config.get('DBUS_BUILD_X11'), + 'Building Doxygen docs': doxygen.found(), +diff --git a/meson_options.txt b/meson_options.txt +index 1bd00579f..9a56fb825 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -95,6 +95,13 @@ option( + description: 'Enable tests that require insecure extra code in the library and binaries' + ) + ++option( ++ 'elogind', ++ type: 'feature', ++ value: 'disabled', ++ description: 'Use elogind for detecting user sessions' ++) ++ + option( + 'epoll', + type: 'feature', +-- +GitLab diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus.initd.in b/sdk_container/src/third_party/portage-stable/sys-apps/dbus/files/dbus.initd.in similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus.initd.in rename to sdk_container/src/third_party/portage-stable/sys-apps/dbus/files/dbus.initd.in diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/dbus/files/dbus.user.initd b/sdk_container/src/third_party/portage-stable/sys-apps/dbus/files/dbus.user.initd new file mode 100644 index 0000000000..eee461f700 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/dbus/files/dbus.user.initd @@ -0,0 +1,25 @@ +#!/sbin/openrc-run +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License, v2 or later + +supervisor=supervise-daemon +dbus_socket="${XDG_RUNTIME_DIR}/bus" +export DBUS_SESSION_BUS_ADDRESS="unix:path=$dbus_socket" + +description="An IPC message bus daemon" +command="/usr/bin/dbus-daemon" +command_args="--session --syslog --nofork --address ${DBUS_SESSION_BUS_ADDRESS}" + +extra_started_commands="reload" + +stop_post() { + [ ! -S "${dbus_socket}" ] || rm -f "${dbus_socket}" +} + +reload() { + ebegin "Reloading D-BUS messagebus config" + dbus-send --print-reply --system --type=method_call \ + --dest=org.freedesktop.DBus \ + / org.freedesktop.DBus.ReloadConfig > /dev/null + eend $? +} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-apps/dbus/metadata.xml similarity index 89% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/metadata.xml rename to sdk_container/src/third_party/portage-stable/sys-apps/dbus/metadata.xml index 010eeadbdd..e74554521c 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/sys-apps/dbus/metadata.xml @@ -10,5 +10,6 @@ cpe:/a:freedesktop:dbus + dbus/dbus diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/keyutils/Manifest b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/Manifest similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/keyutils/Manifest rename to sdk_container/src/third_party/portage-stable/sys-apps/keyutils/Manifest diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/keyutils/files/keyutils-1.5.10-disable-tests.patch b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.5.10-disable-tests.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/keyutils/files/keyutils-1.5.10-disable-tests.patch rename to sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.5.10-disable-tests.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/keyutils/files/keyutils-1.5.9-header-extern-c.patch b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.5.9-header-extern-c.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/keyutils/files/keyutils-1.5.9-header-extern-c.patch rename to sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.5.9-header-extern-c.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/keyutils/files/keyutils-1.6-makefile-fixup.patch b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6-makefile-fixup.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/keyutils/files/keyutils-1.6-makefile-fixup.patch rename to sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6-makefile-fixup.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/keyutils/files/keyutils-1.6.3-fix-rpmspec-check.patch b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6.3-fix-rpmspec-check.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/keyutils/files/keyutils-1.6.3-fix-rpmspec-check.patch rename to sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6.3-fix-rpmspec-check.patch diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6.3-tests.patch b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6.3-tests.patch new file mode 100644 index 0000000000..d9414e800a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6.3-tests.patch @@ -0,0 +1,76 @@ +https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/commit/?id=c076dff259e99d84d3822b4d2ad7f3f66532f411 + +From c076dff259e99d84d3822b4d2ad7f3f66532f411 Mon Sep 17 00:00:00 2001 +From: Pavel Reichl +Date: Tue, 20 Dec 2022 14:13:29 +0100 +Subject: test: Fix test expectation based on kernel config + +Some test results are dependent on the kernel configuration option +CONFIG_SYSTEM_BLACKLIST_AUTH_UPDATE. + +Check the kernel configuration file for its presence and expect appropriate +test results. + +Function has_kernel_config is based on its xfstsests counterpart. + +Signed-off-by: Pavel Reichl +Signed-off-by: David Howells +--- a/tests/features/builtin_trusted/runtest.sh ++++ b/tests/features/builtin_trusted/runtest.sh +@@ -33,7 +33,11 @@ expect_error EACCES + create_key --fail user a a $stk + expect_error EOPNOTSUPP + create_key --fail user a a $blk +-expect_error EACCES ++if has_kernel_config "CONFIG_SYSTEM_BLACKLIST_AUTH_UPDATE"; then ++ expect_error EOPNOTSUPP ++else ++ expect_error EACCES ++fi + + # Try adding a key to the keyrings + marker "TRY ADDING ASYMMETRIC KEYS" +@@ -89,7 +93,11 @@ expect_error EACCES + create_key --fail -x asymmetric "" "$x509" $stk + expect_error ENOKEY + create_key --fail -x asymmetric "" "$x509" $blk +-expect_error EACCES ++if has_kernel_config "CONFIG_SYSTEM_BLACKLIST_AUTH_UPDATE"; then ++ expect_error EOPNOTSUPP ++else ++ expect_error EACCES ++fi + + echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +--- a/tests/prepare.inc.sh ++++ b/tests/prepare.inc.sh +@@ -4,6 +4,26 @@ + includes=${BASH_SOURCE[0]} + includes=${includes%/*}/ + ++# Check if currently running kernel has option set ++function has_kernel_config() ++{ ++ local option=$1 ++ local uname=$(uname -r) ++ local config_list="$KCONFIG_PATH ++ /lib/modules/$uname/build/.config ++ /boot/config-$uname ++ /lib/kernel/config-$uname" ++ ++ for config in $config_list; do ++ [ ! -f $config ] && continue ++ grep -qE "^${option}=[my]" $config ++ return ++ done ++ ++ echo "Failed to find kernel configuration file" ++ return false ++} ++ + # --- need to run in own session keyring + watch_fd=0 + if [ "$1" != "--inside-test-session" ] +-- +cgit 1.2.3-korg diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/keyutils/keyutils-1.6.3.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/keyutils-1.6.3-r1.ebuild similarity index 69% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/keyutils/keyutils-1.6.3.ebuild rename to sdk_container/src/third_party/portage-stable/sys-apps/keyutils/keyutils-1.6.3-r1.ebuild index e9c4abb077..691b0f34f6 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/keyutils/keyutils-1.6.3.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/keyutils-1.6.3-r1.ebuild @@ -1,10 +1,9 @@ -# Copyright 1999-2023 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 -TMPFILES_OPTIONAL=1 -inherit toolchain-funcs linux-info multilib-minimal usr-ldscript systemd tmpfiles +inherit toolchain-funcs linux-info multilib-minimal DESCRIPTION="Linux Key Management Utilities" HOMEPAGE="https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git" @@ -12,7 +11,7 @@ SRC_URI="https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/s LICENSE="GPL-2 LGPL-2.1" SLOT="0/1.9" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux" +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux" IUSE="static static-libs test" RESTRICT="!test? ( test )" @@ -24,10 +23,9 @@ PATCHES=( "${FILESDIR}"/${PN}-1.5.10-disable-tests.patch #519062 #522050 "${FILESDIR}"/${PN}-1.5.9-header-extern-c.patch "${FILESDIR}"/${PN}-1.6.3-fix-rpmspec-check.patch + "${FILESDIR}"/${P}-tests.patch ) -MAKEOPTS+=" ETCDIR=/usr/share/keyutils" - pkg_setup() { # To prevent a failure in test phase and false positive bug reports # we are enforcing the following options because testsuite expects @@ -72,30 +70,38 @@ src_prepare() { multilib_copy_sources } -multilib_src_compile() { - tc-export AR CC CXX - sed -i \ - -e "1iRPATH = $(usex static -static '')" \ - -e '/^C.*FLAGS/s|:=|+=|' \ - -e 's:-Werror::' \ - -e '/^BUILDFOR/s:=.*:=:' \ - -e "/^LIBDIR/s:=.*:= /usr/$(get_libdir):" \ - -e '/^USRLIBDIR/s:=.*:=$(LIBDIR):' \ - -e "s: /: ${EPREFIX}/:g" \ - -e '/^NO_ARLIB/d' \ - Makefile || die - - # We need the static lib in order to statically link programs. - if use static ; then - export NO_ARLIB=0 - # Hack the progs to depend on the static lib instead. - sed -i \ - -e '/^.*:.*[$](DEVELLIB)$/s:$(DEVELLIB):$(ARLIB) $(SONAME):' \ - Makefile || die - else - export NO_ARLIB=$(usex static-libs 0 1) +mymake() { + local args=( + PREFIX="${EPREFIX}/usr" + ETCDIR="${EPREFIX}/etc" + BINDIR="${EPREFIX}/bin" + SBINDIR="${EPREFIX}/sbin" + SHAREDIR="${EPREFIX}/usr/share/keyutils" + MANDIR="${EPREFIX}/usr/share/man" + INCLUDEDIR="${EPREFIX}/usr/include" + LIBDIR="${EPREFIX}/usr/$(get_libdir)" + USRLIBDIR="${EPREFIX}/usr/$(get_libdir)" + CFLAGS="${CFLAGS}" + CXXFLAGS="${CXXFLAGS}" + RPATH=$(usex static -static '') + BUILDFOR= + NO_ARLIB="${NO_ARLIB}" + ) + if use static; then + args+=( LIB_DEPENDENCY='$(ARLIB)' ) fi - emake + emake "${args[@]}" "$@" +} + +multilib_src_compile() { + local NO_ARLIB + if use static; then + NO_ARLIB=0 + else + NO_ARLIB=$(usex static-libs 0 1) + fi + tc-export AR CC CXX + mymake } multilib_src_test() { @@ -103,19 +109,13 @@ multilib_src_test() { # older versions already installed in the system. LD_LIBRARY_PATH=${BUILD_DIR} \ PATH="${BUILD_DIR}:${PATH}" \ - emake test + mymake test } multilib_src_install() { - dotmpfiles "${FILESDIR}/tmpfiles.d/keyutils.conf" # Possibly undo the setting for USE=static (see src_compile). - export NO_ARLIB=$(usex static-libs 0 1) - - default - use static || gen_usr_ldscript -a keyutils - dosym ../usr/share/keyutils/request-key.conf /etc/request-key.conf - dodir /etc/request-key.d - dodir /etc/keyutils + local NO_ARLIB=$(usex static-libs 0 1) + mymake DESTDIR="${D}" install } multilib_src_install_all() { diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/keyutils/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/metadata.xml similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/keyutils/metadata.xml rename to sdk_container/src/third_party/portage-stable/sys-apps/keyutils/metadata.xml diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/shadow/Manifest b/sdk_container/src/third_party/portage-stable/sys-apps/shadow/Manifest new file mode 100644 index 0000000000..6071c4e93f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/shadow/Manifest @@ -0,0 +1,2 @@ +DIST shadow-4.14.8.tar.xz 1806352 BLAKE2B a6ed45e44560c68baec97072399c106060be859a0f9514da2e5b0ec373e5b9c9f54b402132f39c20401496a5b3faeaa0bc90e1b9f02dd2e3b3ffc7389d0745bb SHA512 6f98ef412874f91cfa3f08877f3fe058d725636705b07d473aa1ea44cb6864059701bd11513caf692d270a7ed8ab1956e04421e53dfb8c74e925b8ec12ab8634 +DIST shadow-4.14.8.tar.xz.asc 833 BLAKE2B 1b8b8f3f36e06c1dda0a4e0d1508b1ad0ef85f0fa993a92a583831687076ba22d05f47109d56c1e740b60632c3bbeeb6c8cc001e41f46b1a2f9177ce62854f8c SHA512 1db2647babe3f434204c93e7700ff6a0ece078f6c5adb96ae0c0ac9d82a862835c4ab8afb37b0ffc80cf62e9a59f1ba33a92ff454e7ae0ca2aa535b19627615e diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/default/useradd b/sdk_container/src/third_party/portage-stable/sys-apps/shadow/files/default/useradd similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/default/useradd rename to sdk_container/src/third_party/portage-stable/sys-apps/shadow/files/default/useradd diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/pam.d-include/chpasswd b/sdk_container/src/third_party/portage-stable/sys-apps/shadow/files/pam.d-include/chpasswd similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/pam.d-include/chpasswd rename to sdk_container/src/third_party/portage-stable/sys-apps/shadow/files/pam.d-include/chpasswd diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/pam.d-include/passwd b/sdk_container/src/third_party/portage-stable/sys-apps/shadow/files/pam.d-include/passwd similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/pam.d-include/passwd rename to sdk_container/src/third_party/portage-stable/sys-apps/shadow/files/pam.d-include/passwd diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/pam.d-include/shadow b/sdk_container/src/third_party/portage-stable/sys-apps/shadow/files/pam.d-include/shadow similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/pam.d-include/shadow rename to sdk_container/src/third_party/portage-stable/sys-apps/shadow/files/pam.d-include/shadow diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/pam.d-include/shadow-r1 b/sdk_container/src/third_party/portage-stable/sys-apps/shadow/files/pam.d-include/shadow-r1 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/pam.d-include/shadow-r1 rename to sdk_container/src/third_party/portage-stable/sys-apps/shadow/files/pam.d-include/shadow-r1 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-apps/shadow/metadata.xml similarity index 87% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/metadata.xml rename to sdk_container/src/third_party/portage-stable/sys-apps/shadow/metadata.xml index 732ee860c2..dcb8aecd00 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/sys-apps/shadow/metadata.xml @@ -6,7 +6,6 @@ Gentoo Base System - build the bcrypt password encryption algorithm build the su program diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/shadow-4.13-r4.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/shadow/shadow-4.14.8.ebuild similarity index 69% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/shadow-4.13-r4.ebuild rename to sdk_container/src/third_party/portage-stable/sys-apps/shadow/shadow-4.14.8.ebuild index 51cecb5afd..364c20cca6 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/shadow-4.13-r4.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-apps/shadow/shadow-4.14.8.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2023 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -7,11 +7,7 @@ EAPI=8 # official. Don't keyword the pre-releases! # Check https://github.com/shadow-maint/shadow/releases. -# Flatcar: -TMPFILES_OPTIONAL=1 -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/sergehallyn.asc -# Flatcar: install systemd units and tmpfiles -inherit libtool pam verify-sig systemd tmpfiles +inherit libtool pam verify-sig DESCRIPTION="Utilities to deal with user accounts" HOMEPAGE="https://github.com/shadow-maint/shadow" @@ -21,8 +17,8 @@ SRC_URI+=" verify-sig? ( https://github.com/shadow-maint/shadow/releases/downloa LICENSE="BSD GPL-2" # Subslot is for libsubid's SONAME. SLOT="0/4" -KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86" -IUSE="acl audit bcrypt cracklib nls pam selinux skey split-usr su xattr" +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="acl audit cracklib nls pam selinux skey split-usr su systemd xattr" # Taken from the man/Makefile.am file. LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW ) @@ -40,7 +36,9 @@ COMMON_DEPEND=" >=sys-libs/libselinux-1.28:= sys-libs/libsemanage:= ) + systemd? ( sys-apps/systemd:= ) xattr? ( sys-apps/attr:= ) + !/s:^:#:" \ - "${ED}"/usr/share/shadow/login.defs || die + "${ED}"/etc/login.defs || die else sed -i -r \ -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \ - "${ED}"/usr/share/shadow/login.defs + "${ED}"/etc/login.defs fi - local res=$(grep "^${comment}${opt}\>" "${ED}"/usr/share/shadow/login.defs) - einfo "${res:-Unable to find ${opt} in /usr/share/shadow/login.defs}" + local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs) + einfo "${res:-Unable to find ${opt} in /etc/login.defs}" } src_install() { @@ -134,43 +129,29 @@ src_install() { find "${ED}" -name '*.la' -type f -delete || die - # Flatcar: - # Remove files from /etc, they will be symlinks to /usr instead. - rm -f "${ED}"/etc/{limits,login.access,login.defs,securetty,default/useradd} - - # CoreOS: break shadow.conf into two files so that we only have to apply - # etc-shadow.conf in the initrd. - dotmpfiles "${FILESDIR}"/tmpfiles.d/etc-shadow.conf - dotmpfiles "${FILESDIR}"/tmpfiles.d/var-shadow.conf - # Package the symlinks for the SDK and containers. - systemd-tmpfiles --create --root="${ED}" "${FILESDIR}"/tmpfiles.d/* - - insinto /usr/share/shadow + insinto /etc if ! use pam ; then insopts -m0600 doins etc/login.access etc/limits fi - # Flatcar: - # Using a securetty with devfs device names added - # (compat names kept for non-devfs compatibility) - insopts -m0600 ; doins "${FILESDIR}"/securetty - # Output arch-specific cruft - local devs - case $(tc-arch) in - ppc*) devs="hvc0 hvsi0 ttyPSC0";; - hppa) devs="ttyB0";; - arm) devs="ttyFB0 ttySAC0 ttySAC1 ttySAC2 ttySAC3 ttymxc0 ttymxc1 ttymxc2 ttymxc3 ttyO0 ttyO1 ttyO2";; - sh) devs="ttySC0 ttySC1";; - amd64|x86) devs="hvc0";; - esac - if [[ -n ${devs} ]]; then - printf '%s\n' ${devs} >> "${ED}"/usr/share/shadow/securetty - fi # needed for 'useradd -D' + insinto /etc/default insopts -m0600 doins "${FILESDIR}"/default/useradd + if use split-usr ; then + # move passwd to / to help recover broke systems #64441 + # We cannot simply remove this or else net-misc/scponly + # and other tools will break because of hardcoded passwd + # location + dodir /bin + mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die + dosym ../../bin/passwd /usr/bin/passwd + fi + + cd "${S}" || die + insinto /etc insopts -m0644 newins etc/login.defs login.defs @@ -224,7 +205,7 @@ src_install() { -e 'b exit' \ -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \ -e ': exit' \ - "${ED}"/usr/share/shadow/login.defs || die + "${ED}"/etc/login.defs || die # Remove manpages that pam will install for us # and/or don't apply when using pam @@ -253,6 +234,10 @@ src_install() { newdoc README README.download cd doc || die dodoc HOWTO README* WISHLIST *.txt + + if use elibc_musl; then + QA_CONFIG_IMPL_DECL_SKIP+=( sgetsgent ) + fi } pkg_preinst() { diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/Manifest b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/Manifest new file mode 100644 index 0000000000..91a8d2edf2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/Manifest @@ -0,0 +1,4 @@ +DIST polkit-123.tar.bz2 707480 BLAKE2B 27d8764606d8156118269fb4cd5eda1cfd0d56df219e4157cd78fd4c2a2d001c474271b7bb31e7e82ca376eacd26411418695058cc888700690606348b4d014a SHA512 4306363d3ed7311243de462832199bd10ddda35e36449104daff0895725d8189b07a4c88340f28607846fdf761c23470da2d43288199c46aa816426384124bb6 +DIST polkit-124.tar.bz2 715490 BLAKE2B ecfc1ec73a7e1bbdf7374642ad4e1dbe534149a27e75bb1235eaa446ff912466ee0cdd978c34b7f110bc62a49b25ffddc9011e280686e3f304a234454be85a40 SHA512 db520882b0bedf1c96052570bf4c55d7e966d8172f6d26acf0791d98c4b911fce5ee39e6d830f06122ac8df33c6b43c252cdb7ba3a54523804824ebf355405dc +DIST polkit-125.tar.gz 453652 BLAKE2B 068bd4a7c028a0b4e026a0fdc3a60bd323087282a5c5bd7cbc404dbedb997de63893ce2282e8cd5f01f8d98ff0cc1a46200543a832fa397a4f50ef8d6ba2b28b SHA512 64d85c1557355d6de6483beeb855b74a99dbb30cf9968206dc0aaf147156072ca2604bf667533099ee3972b3eed0421ec0a1ff8bea35a1e4c54da7b9688e0953 +DIST polkit-126.tar.gz 456138 BLAKE2B 2e86c8853edf29879d8367b77d210d3a891178297cb5f9eb204a953bfaa66f6ff2307da265f4c3f89265ba8ce32e94641272d654a78d116dfb32a65d402f877a SHA512 dbdbc31b7a231c963788b37cf1a138e30336466fb662225a812faaf58e45439925d9d39346cc8f07e54f22040c2f142435acb9fded315d33e24930e0abc736c7 diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/8cf58abef12e61f369af3f583af349b0e086ba27.patch b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/8cf58abef12e61f369af3f583af349b0e086ba27.patch new file mode 100644 index 0000000000..44a6958eb4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/8cf58abef12e61f369af3f583af349b0e086ba27.patch @@ -0,0 +1,58 @@ +From 8cf58abef12e61f369af3f583af349b0e086ba27 Mon Sep 17 00:00:00 2001 +From: Eli Schwartz +Date: Sun, 20 Oct 2024 15:18:55 -0400 +Subject: [PATCH] meson: correctly test for setnetgrent return type + +meson doesn't automatically add all project arguments to configure +checks -- nor incrementally the inline value of all configuration_data +entries. + +But that meant it was missing -D_GNU_SOURCE, as well as a define added +to config.h itself. As a result, this check failed to detect the +necessary function definition and failed to link. + +``` +Command line: `gcc-14 /var/tmp/portage/sys-auth/polkit-125/work/polkit-125-build/meson-private/tmpj0ih4pm4/testfile.c -o /var/tmp/portage/sys-auth/polkit-125/work/polkit-125-build/meson-private/tmpj0ih4pm4/output.obj -c -pipe -march=native -fstack-protector-all -O2 -fdiagnostics-color=always -frecord-gcc-switches -Werror=odr -Werror=lto-type-mismatch -Werror=strict-aliasing -Wformat -Werror=format-security -Werror=implicit-function-declaration -Werror=implicit-int -Werror=int-conversion -Werror=incompatible-pointer-types -D_FILE_OFFSET_BITS=64 -O0 -std=c99` -> 1 +stderr: +/var/tmp/portage/sys-auth/polkit-125/work/polkit-125-build/meson-private/tmpj0ih4pm4/testfile.c: In function 'main': +/var/tmp/portage/sys-auth/polkit-125/work/polkit-125-build/meson-private/tmpj0ih4pm4/testfile.c:9:17: error: implicit declaration of function 'setnetgrent'; did you mean 'setnetent'? [-Wimplicit-function-declaration] + 9 | int r = setnetgrent (NULL); + | ^~~~~~~~~~~ + | setnetent +----------- +Checking if "setnetgrent return support" compiles: NO +``` + +Bug: https://bugs.gentoo.org/938870 +Signed-off-by: Eli Schwartz +--- + meson.build | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/meson.build b/meson.build +index 0800c88..a0b440d 100644 +--- a/meson.build ++++ b/meson.build +@@ -159,7 +159,8 @@ host_system = host_machine.system() + config_data.set('HAVE_' + host_system.to_upper(), true) + + # Check whether setnetgrent has a return value +-config_data.set('HAVE_NETGROUP_H', cc.has_header('netgroup.h')) ++have_netgroup_h = cc.has_header('netgroup.h') ++config_data.set('HAVE_NETGROUP_H', have_netgroup_h) + + if config_data.get('HAVE_SETNETGRENT', false) + setnetgrent_return_src = ''' +@@ -174,7 +175,11 @@ if config_data.get('HAVE_SETNETGRENT', false) + }; + ''' + +- config_data.set('HAVE_SETNETGRENT_RETURN', cc.compiles(setnetgrent_return_src, name: 'setnetgrent return support')) ++ args = ['-D_GNU_SOURCE'] ++ if have_netgroup_h ++ args += '-DHAVE_NETGROUP_H' ++ endif ++ config_data.set('HAVE_SETNETGRENT_RETURN', cc.compiles(setnetgrent_return_src, args: args, name: 'setnetgrent return support')) + endif + + # Select wether to use logind, elogind or ConsoleKit for session tracking diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch new file mode 100644 index 0000000000..5b3f2c4a36 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch @@ -0,0 +1,36 @@ +https://gitlab.freedesktop.org/polkit/polkit/-/commit/4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb + +From 4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Sat, 29 Jul 2023 17:44:58 +0800 +Subject: [PATCH] jsauthority: mozjs: Disable JIT + +The JIT compiling of mozjs needs W/X mapping, but our systemd hardening +setting does not allow it. + +For polkit, security is much more important than the speed running +Javascript code in rule files, so we should disable JIT. + +Fixes #199. +--- a/src/polkitbackend/polkitbackendjsauthority.cpp ++++ b/src/polkitbackend/polkitbackendjsauthority.cpp +@@ -56,7 +56,16 @@ + static class JsInitHelperType + { + public: +- JsInitHelperType() { JS_Init(); } ++ JsInitHelperType() ++ { ++ /* Disable JIT because it needs W/X mapping, which is not allowed by ++ * our systemd hardening setting. ++ */ ++ JS::DisableJitBackend(); ++ ++ JS_Init(); ++ } ++ + ~JsInitHelperType() { JS_ShutDown(); } + } JsInitHelper; + +-- +GitLab diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch new file mode 100644 index 0000000000..f19560943c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch @@ -0,0 +1,35 @@ +https://gitlab.freedesktop.org/polkit/polkit/-/commit/c79ee5595c8d397098978ad50eb521ba2ae8467d + +From c79ee5595c8d397098978ad50eb521ba2ae8467d Mon Sep 17 00:00:00 2001 +From: Vincent Mihalkovic +Date: Wed, 16 Aug 2023 08:59:55 +0000 +Subject: [PATCH] pkexec: fix uninitialized pointer warning + +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -53,6 +53,7 @@ + static gchar *original_user_name = NULL; + static gchar *original_cwd; + static gchar *command_line = NULL; ++static gchar *cmdline_short = NULL; + static struct passwd *pw; + + #ifndef HAVE_CLEARENV +@@ -508,6 +509,7 @@ main (int argc, char *argv[]) + path = NULL; + exec_argv = NULL; + command_line = NULL; ++ cmdline_short = NULL; + opt_user = NULL; + local_agent_handle = NULL; + +@@ -802,7 +804,6 @@ main (int argc, char *argv[]) + polkit_details_insert (details, "program", path); + polkit_details_insert (details, "command_line", command_line); + +- gchar *cmdline_short = NULL; + cmdline_short = g_strdup(command_line); + if (strlen(command_line) > 80) + g_stpcpy(g_stpcpy( cmdline_short + 38, " ... " ), +-- +GitLab diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-c99-fixes.patch b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-c99-fixes.patch new file mode 100644 index 0000000000..00d3cbbd26 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-c99-fixes.patch @@ -0,0 +1,111 @@ +https://bugs.gentoo.org/925440 +https://github.com/polkit-org/polkit/commit/0d78d1e4bf5ab3ce11678005b220aac0cfc5bee5 + +From: Vincent Mihalkovic +Date: Fri, 8 Mar 2024 14:04:33 +0100 +Subject: [PATCH 3/3] mocklibc: move the print_indent function to the file + where it is used +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This fixes build error with GCC >= 14 and clang >= 17, +failing on: +``` +../subprojects/mocklibc-1.0/src/netgroup-debug.c:25:3: error: implicit declaration of function ‘print_indent’ [-Wimplicit-function-declaration] + 25 | print_indent(stream, indent); + | ^~~~~~~~~~~~ +``` + +Closes: #6 +--- + subprojects/mocklibc.wrap | 2 + + .../packagefiles/mocklibc-print-indent.diff | 68 +++++++++++++++++++ + 2 files changed, 70 insertions(+) + create mode 100644 subprojects/packagefiles/mocklibc-print-indent.diff + +diff --git a/subprojects/mocklibc.wrap b/subprojects/mocklibc.wrap +index af82298..539ee83 100644 +--- a/subprojects/mocklibc.wrap ++++ b/subprojects/mocklibc.wrap +@@ -8,3 +8,5 @@ source_hash = b2236a6af1028414783e9734a46ea051916ec226479d6a55a3bb823bff68f120 + patch_url = https://wrapdb.mesonbuild.com/v1/projects/mocklibc/1.0/2/get_zip + patch_filename = mocklibc-1.0-2-wrap.zip + patch_hash = 0280f96a2eeb3c023e5acf4e00cef03d362868218d4a85347ea45137c0ef6c56 ++ ++diff_files = mocklibc-print-indent.diff +diff --git a/subprojects/packagefiles/mocklibc-print-indent.diff b/subprojects/packagefiles/mocklibc-print-indent.diff +new file mode 100644 +index 0000000..d8b2029 +--- /dev/null ++++ b/subprojects/packagefiles/mocklibc-print-indent.diff +@@ -0,0 +1,68 @@ ++From: Vincent Mihalkovic ++Date: Fri, 8 Mar 2024 14:04:33 +0100 ++Subject: [PATCH 3/3] mocklibc: move the print_indent function to the file ++ where it is used ++MIME-Version: 1.0 ++Content-Type: text/plain; charset=UTF-8 ++Content-Transfer-Encoding: 8bit ++ ++This fixes build error with GCC >= 14 and clang >= 17, ++failing on: ++``` ++../subprojects/mocklibc-1.0/src/netgroup-debug.c:25:3: error: implicit declaration of function ‘print_indent’ [-Wimplicit-function-declaration] ++ 25 | print_indent(stream, indent); ++ | ^~~~~~~~~~~~ ++``` ++ ++Closes: #6 ++--- ++ src/netgroup-debug.c | 11 +++++++++++ ++ src/netgroup.c | 11 ----------- ++ 2 files changed, 11 insertions(+), 11 deletions(-) ++ ++diff --git a/src/netgroup-debug.c b/src/netgroup-debug.c ++index 81d6e72..46e5b25 100644 ++--- a/src/netgroup-debug.c +++++ b/src/netgroup-debug.c ++@@ -21,6 +21,17 @@ ++ #include ++ #include ++ +++/** +++ * Print a varaible indentation to the stream. +++ * @param stream Stream to print to +++ * @param indent Number of indents to use +++ */ +++static void print_indent(FILE *stream, unsigned int indent) { +++ int i; +++ for (i = 0; i < indent; i++) +++ fprintf(stream, " "); +++} +++ ++ void netgroup_debug_print_entry(struct entry *entry, FILE *stream, unsigned int indent) { ++ print_indent(stream, indent); ++ ++diff --git a/src/netgroup.c b/src/netgroup.c ++index 06a8a89..e16e451 100644 ++--- a/src/netgroup.c +++++ b/src/netgroup.c ++@@ -71,17 +71,6 @@ static char *parser_copy_word(char **cur) { ++ return result; ++ } ++ ++-/** ++- * Print a varaible indentation to the stream. ++- * @param stream Stream to print to ++- * @param indent Number of indents to use ++- */ ++-void print_indent(FILE *stream, unsigned int indent) { ++- int i; ++- for (i = 0; i < indent; i++) ++- fprintf(stream, " "); ++-} ++- ++ /** ++ * Connect entries with 'child' type to their child entries. ++ * @param headentry Head of list of entries that need to be connected ++-- ++2.43.0 +-- diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-systemd-fixup.patch b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-systemd-fixup.patch new file mode 100644 index 0000000000..a4dd7eafcf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-systemd-fixup.patch @@ -0,0 +1,28 @@ +https://bugs.gentoo.org/922458 +https://github.com/polkit-org/polkit/pull/417/files#r1458416421 +--- a/meson.build ++++ b/meson.build +@@ -212,14 +212,17 @@ if enable_logind + config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep)) + + # systemd unit / service files +- systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + systemd_systemdsystemunitdir = get_option('systemdsystemunitdir') +- if systemd_systemdsystemunitdir == '' and session_tracking == 'libsystemd-login' +- # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used +- systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir') +- endif ++ if session_tracking == 'libsystemd-login' ++ systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + +- systemd_sysusers_dir = systemd_dep.get_pkgconfig_variable('sysusers_dir', default: '/usr/lib/sysusers.d') ++ if systemd_systemdsystemunitdir == '' ++ # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used ++ systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir') ++ endif ++ ++ systemd_sysusers_dir = systemd_dep.get_pkgconfig_variable('sysusers_dir', default: '/usr/lib/sysusers.d') ++ endif + endif + config_h.set('HAVE_LIBSYSTEMD', enable_logind) + diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-systemd.patch b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-systemd.patch new file mode 100644 index 0000000000..e9b10e99e5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-124-systemd.patch @@ -0,0 +1,50 @@ +https://github.com/polkit-org/polkit/pull/417 + +From 69d6b94d590b4dd1fbbac22b4f4d449f46ef61aa Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Thu, 18 Jan 2024 15:07:32 +0000 +Subject: [PATCH] meson: fix build failure when -Dsystemdsystemunitdir is + specified + +When 'systemdsystemunitdir' is specified as an option the systemd_dep +variable is not defined, but the sysusers.d directory lookup uses it, +causing a build failure: + +dh_auto_configure -- \ + -Dexamples=false \ + -Dintrospection=true \ + -Dman=true \ + -Dsystemdsystemunitdir=/usr/lib/systemd/system \ + -Dtests=true \ + -Dgtk_doc=true -Dsession_tracking=libsystemd-login + cd obj-x86_64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 meson setup .. --wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=lib/x86_64-linux-gnu -Dpython.bytecompile=-1 -Dexamples=false -Dintrospection=true -Dman=true -Dsystemdsystemunitdir=/usr/lib/systemd/system -Dtests=true -Dgtk_doc=true -Dsession_tracking=libsystemd-login +The Meson build system +Version: 1.3.1 +Source dir: /builds/bluca/polkit/debian/output/source_dir +Build dir: /builds/bluca/polkit/debian/output/source_dir/obj-x86_64-linux-gnu +Build type: native build +Project name: polkit +Project version: 124 + +<...> + +Run-time dependency libsystemd found: YES 255 +Checking for function "sd_uid_get_display" with dependency libsystemd: YES +Checking for function "sd_pidfd_get_session" with dependency libsystemd: YES +../meson.build:222:37: ERROR: Unknown variable "systemd_dep". + +Follow-up for 24f1e0af3f7bd17e220cb96201f3c654e737ad34 +--- a/meson.build ++++ b/meson.build +@@ -212,9 +212,9 @@ if enable_logind + config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep)) + + # systemd unit / service files ++ systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + systemd_systemdsystemunitdir = get_option('systemdsystemunitdir') + if systemd_systemdsystemunitdir == '' and session_tracking == 'libsystemd-login' +- systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used + systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir') + endif + diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-125-musl.patch b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-125-musl.patch new file mode 100644 index 0000000000..ee0a444c91 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-125-musl.patch @@ -0,0 +1,34 @@ +https://github.com/polkit-org/polkit/commit/13bea3e08f924002a6a5c2f275d4bf1588fc3d02 + +From 13bea3e08f924002a6a5c2f275d4bf1588fc3d02 Mon Sep 17 00:00:00 2001 +From: Sertonix +Date: Sun, 11 Aug 2024 00:26:51 +0200 +Subject: [PATCH] Fix missing arguments with HAVE_PTHREAD_CONDATTR_SETCLOCK + +Fixes <64f5e4dda52> Add syslog-style log levels support +--- a/src/polkitbackend/polkitbackendduktapeauthority.c ++++ b/src/polkitbackend/polkitbackendduktapeauthority.c +@@ -767,12 +767,14 @@ runaway_killer_common(PolkitBackendJsAuthority *authority, RunawayKillerCtx *ctx + #ifdef HAVE_PTHREAD_CONDATTR_SETCLOCK + if ((pthread_err = pthread_condattr_init(&attr))) { + polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), ++ LOG_LEVEL_ERROR, + "Error initializing condition variable attributes: %s", + strerror(pthread_err)); + return FALSE; + } + if ((pthread_err = pthread_condattr_setclock(&attr, PK_CLOCK))) { + polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), ++ LOG_LEVEL_ERROR, + "Error setting condition variable attributes: %s", + strerror(pthread_err)); + goto err_clean_condattr; +@@ -780,6 +782,7 @@ runaway_killer_common(PolkitBackendJsAuthority *authority, RunawayKillerCtx *ctx + /* Init again, with needed attr */ + if ((pthread_err = pthread_cond_init(&ctx->cond, &attr))) { + polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), ++ LOG_LEVEL_ERROR, + "Error initializing condition variable: %s", + strerror(pthread_err)); + goto err_clean_condattr; + diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-elogind.patch b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-elogind.patch new file mode 100644 index 0000000000..41245059c4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-elogind.patch @@ -0,0 +1,37 @@ +https://github.com/polkit-org/polkit/commit/55ee1b70456eca8281dda9612c485c619122f202 + +From 55ee1b70456eca8281dda9612c485c619122f202 Mon Sep 17 00:00:00 2001 +From: Jan Rybar +Date: Tue, 14 Jan 2025 13:47:54 +0100 +Subject: [PATCH] meson: fix unused dependency, fixes elogind FTBFS + +polkit-126 could not be built from source with elogind session service due +to wrong dependencies in meson.build. + +Author: @markhindley +--- + src/polkitbackend/meson.build | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/polkitbackend/meson.build b/src/polkitbackend/meson.build +index fc35e195..a807b41b 100644 +--- a/src/polkitbackend/meson.build ++++ b/src/polkitbackend/meson.build +@@ -37,7 +37,6 @@ deps += thread_dep + + if enable_logind + sources += files('polkitbackendsessionmonitor-systemd.c') +- + deps += logind_dep + else + sources += files('polkitbackendsessionmonitor.c') +@@ -73,7 +72,7 @@ executable( + program, + program + '.c', + include_directories: top_inc, +- dependencies: libpolkit_gobject_dep, ++ dependencies: deps, + c_args: c_flags, + link_with: libpolkit_backend, + install: true, + diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-musl.patch b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-musl.patch new file mode 100644 index 0000000000..3bc3cc1284 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-musl.patch @@ -0,0 +1,34 @@ +https://github.com/polkit-org/polkit/commit/074ad836836167190cfe5649f9fc50da2e79a0ab + +From 074ad836836167190cfe5649f9fc50da2e79a0ab Mon Sep 17 00:00:00 2001 +From: Jan Rybar +Date: Wed, 19 Feb 2025 14:20:22 +0100 +Subject: [PATCH] Fix musl compilation error on Alpine + +Disruptions between glibc and musl-(not-)predefined feature-test macros led to +a decision to remove a check for POSIX standards older than 17 years. It makes no +sense to test the existence of a macro that we explicitly define in +meson.build either (shall we test for _GNU_SOURCE). +--- + src/programs/pkexec.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index b439475f..4274c92b 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -674,12 +674,8 @@ main (int argc, char *argv[]) + argv[n] = path_abs; + } + } +-#if _POSIX_C_SOURCE >= 200809L ++ + s = realpath(path, NULL); +-#else +- s = NULL; +-# error We have to deal with realpath(3) PATH_MAX madness +-#endif + if (s != NULL) + { + /* The called program resolved to the canonical location. We don't update + diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-realpath.patch b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-realpath.patch new file mode 100644 index 0000000000..3946932fa1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-126-realpath.patch @@ -0,0 +1,133 @@ +https://github.com/polkit-org/polkit/commit/9aa43e089d870a8ee695e625237c5b731b250678 + +From 9aa43e089d870a8ee695e625237c5b731b250678 Mon Sep 17 00:00:00 2001 +From: Walter Doekes +Date: Fri, 25 Oct 2024 23:18:16 +0200 +Subject: [PATCH] pkexec: Use realpath when comparing + org.freedesktop.policykit.exec.path + +This changes the pkexec path that is compared from the original supplied +path to the path resolved by realpath(3). + +That means that "/bin/something" might now be matched as +"/usr/bin/something", a review of your + +actions might be in order. + +Fixes: polkit-org/polkit#194 + +See also: systemd/systemd#34714 +--- + src/programs/pkexec.c | 29 +++++++++++++++++++++++++++-- + test/integration/pkexec/test.sh | 23 +++++++++++++++++++++++ + 2 files changed, 50 insertions(+), 2 deletions(-) + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 65c13090..b439475f 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -452,6 +452,7 @@ main (int argc, char *argv[]) + gchar *action_id; + gboolean allow_gui; + gchar **exec_argv; ++ gchar *path_abs; + gchar *path; + struct passwd pwstruct; + gchar pwbuf[8192]; +@@ -508,6 +509,7 @@ main (int argc, char *argv[]) + result = NULL; + action_id = NULL; + saved_env = NULL; ++ path_abs = NULL; + path = NULL; + exec_argv = NULL; + command_line = NULL; +@@ -624,6 +626,8 @@ main (int argc, char *argv[]) + * but do check this is the case. + * + * We also try to locate the program in the path if a non-absolute path is given. ++ * ++ * And then we resolve the real path of the program. + */ + g_assert (argv[argc] == NULL); + path = g_strdup (argv[n]); +@@ -647,7 +651,7 @@ main (int argc, char *argv[]) + } + if (path[0] != '/') + { +- /* g_find_program_in_path() is not suspectible to attacks via the environment */ ++ /* g_find_program_in_path() is not susceptible to attacks via the environment */ + s = g_find_program_in_path (path); + if (s == NULL) + { +@@ -662,9 +666,29 @@ main (int argc, char *argv[]) + */ + if (argv[n] != NULL) + { +- argv[n] = path; ++ /* Must copy because we might replace path later on. */ ++ path_abs = g_strdup(path); ++ /* argv[n:] is used as argv arguments to execv(). The called program ++ * sees the original called path, but we make sure it's absolute. */ ++ if (path_abs != NULL) ++ argv[n] = path_abs; + } + } ++#if _POSIX_C_SOURCE >= 200809L ++ s = realpath(path, NULL); ++#else ++ s = NULL; ++# error We have to deal with realpath(3) PATH_MAX madness ++#endif ++ if (s != NULL) ++ { ++ /* The called program resolved to the canonical location. We don't update ++ * argv[n] this time. The called program still sees the original ++ * called path. This is very important for multi-call binaries like ++ * busybox. */ ++ g_free (path); ++ path = s; ++ } + if (access (path, F_OK) != 0) + { + g_printerr ("Error accessing %s: %s\n", path, g_strerror (errno)); +@@ -1084,6 +1108,7 @@ main (int argc, char *argv[]) + } + + g_free (original_cwd); ++ g_free (path_abs); + g_free (path); + g_free (command_line); + g_free (cmdline_short); +diff --git a/test/integration/pkexec/test.sh b/test/integration/pkexec/test.sh +index 4c76687b..e57b948f 100755 +--- a/test/integration/pkexec/test.sh ++++ b/test/integration/pkexec/test.sh +@@ -142,3 +142,26 @@ sudo -u "$TEST_USER" expect "$TMP_DIR/SIGTRAP-on-EOF.exp" | tee "$TMP_DIR/SIGTRA + grep -q "AUTHENTICATION FAILED" "$TMP_DIR/SIGTRAP-on-EOF.log" + grep -q "Not authorized" "$TMP_DIR/SIGTRAP-on-EOF.log" + rm -f "$TMP_DIR/SIGTRAP-on-EOF.log" ++ ++: "Check absolute (but not canonicalized) path" ++BASH_ABS=$(command -v bash) ++ln -s "$BASH_ABS" ./my-bash ++sudo -u "$TEST_USER" expect "$TMP_DIR/basic-auth.exp" "$TEST_USER_PASSWORD" ./my-bash -c true | tee "$TMP_DIR/absolute-path.log" ++grep -Eq "Authentication is needed to run \`/.*/${PWD##*/}/./my-bash -c true' as the super user" "$TMP_DIR/absolute-path.log" ++grep -q "AUTHENTICATION COMPLETE" "$TMP_DIR/absolute-path.log" ++rm -f "$TMP_DIR/absolute-path.log" ++rm -f "./my-bash" ++ ++: "Check canonicalized path" ++if command -v strace; then ++ BASH_ABS=$(command -v bash) ++ ln -s "$BASH_ABS" ./my-bash ++ sudo -u "$TEST_USER" strace -s 512 -o "$TMP_DIR/canonical-path.strace" -feexecve \ ++ expect "$TMP_DIR/basic-auth.exp" "$TEST_USER_PASSWORD" ./my-bash -c true | tee "$TMP_DIR/canonical-path.log" ++ cat "$TMP_DIR/canonical-path.strace" ++ grep -qF "execve(\"$BASH_ABS\", [\"$PWD/./my-bash\"," "$TMP_DIR/canonical-path.strace" ++ grep -q "AUTHENTICATION COMPLETE" "$TMP_DIR/canonical-path.log" ++ rm -f "$TMP_DIR/canonical-path.log" "$TMP_DIR/canonical-path.strace" ++ rm -f "./my-bash" ++ rm -f "$TMP_DIR/preload.c" "$TMP_DIR/preload.so" ++fi + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/metadata.xml similarity index 75% rename from sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/metadata.xml rename to sdk_container/src/third_party/portage-stable/sys-auth/polkit/metadata.xml index 4e902cca88..420dae0ebc 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/metadata.xml @@ -5,7 +5,11 @@ freedesktop-bugs@gentoo.org + Build polkitd in addition to libpolkit. Use dev-lang/duktape instead of dev-lang/spidermonkey as JavaScript engine Use sys-apps/systemd for session tracking + + polkit-org/polkit + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-121.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-123-r1.ebuild similarity index 70% rename from sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-121.ebuild rename to sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-123-r1.ebuild index d1c5fde8e9..c80be20754 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/polkit/polkit-121.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-123-r1.ebuild @@ -1,14 +1,13 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 -PYTHON_COMPAT=( python3_{8..11} ) -TMPFILES_OPTIONAL=1 -inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils +PYTHON_COMPAT=( python3_{10..11} ) +inherit meson pam pax-utils python-any-r1 systemd xdg-utils DESCRIPTION="Policy framework for controlling privileges for system-wide services" -HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit" if [[ ${PV} == *_p* ]] ; then # Upstream don't make releases very often. Test snapshots throughly # and review commits, but don't shy away if there's useful stuff there @@ -18,16 +17,15 @@ if [[ ${PV} == *_p* ]] ; then S="${WORKDIR}"/${PN}-${MY_COMMIT} else - SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz" - - S="${WORKDIR}"/${PN}-v.${PV} + SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2" fi LICENSE="LGPL-2" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86" -IUSE="+duktape examples gtk +introspection kde pam selinux systemd test" -RESTRICT="!test? ( test )" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="+daemon examples gtk +introspection kde pam selinux systemd test" +# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction +RESTRICT="!test? ( test ) test" # This seems to be fixed with 121? #if [[ ${PV} == *_p* ]] ; then @@ -48,7 +46,7 @@ BDEPEND=" dev-util/glib-utils sys-devel/gettext virtual/pkgconfig - introspection? ( dev-libs/gobject-introspection ) + introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) test? ( $(python_gen_any_dep ' dev-python/dbus-python[${PYTHON_USEDEP}] @@ -57,10 +55,9 @@ BDEPEND=" ) " DEPEND=" - dev-libs/glib:2 + >=dev-libs/glib-2.32:2 dev-libs/expat - duktape? ( dev-lang/duktape:= ) - !duktape? ( dev-lang/spidermonkey:91[-debug] ) + daemon? ( dev-lang/duktape:= ) pam? ( sys-auth/pambase sys-libs/pam @@ -69,7 +66,8 @@ DEPEND=" systemd? ( sys-apps/systemd:0=[policykit] ) !systemd? ( sys-auth/elogind ) " -RDEPEND="${DEPEND} +RDEPEND=" + ${DEPEND} acct-user/polkitd selinux? ( sec-policy/selinux-policykit ) " @@ -85,7 +83,13 @@ DOCS=( docs/TODO HACKING.md NEWS.md README.md ) QA_MULTILIB_PATHS=" usr/lib/polkit-1/polkit-agent-helper-1 - usr/lib/polkit-1/polkitd" + usr/lib/polkit-1/polkitd +" + +PATCHES=( + "${FILESDIR}"/${P}-mozjs-JIT.patch + "${FILESDIR}"/${P}-pkexec-uninitialized.patch +) python_check_deps() { python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && @@ -97,11 +101,6 @@ pkg_setup() { } src_prepare() { - local PATCHES=( - # musl - "${FILESDIR}"/${PN}-0.120_p20220509-make-netgroup-support-optional.patch - ) - default # bug #401513 @@ -120,7 +119,8 @@ src_configure() { -Dos_type=gentoo -Dsession_tracking="$(usex systemd libsystemd-login libelogind)" -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" - -Djs_engine=$(usex duktape duktape mozjs) + -Djs_engine=duktape + $(meson_use !daemon libs-only) $(meson_use introspection) $(meson_use test tests) $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '') @@ -138,21 +138,22 @@ src_compile() { src_install() { meson_src_install - dodir /usr/share/polkit-1/rules.d - dodir /usr/lib/pam.d - - mv "${D}"/{etc,usr/share}/polkit-1/rules.d/50-default.rules || die - mv "${D}"/{etc,usr/lib}/pam.d/polkit-1 || die - rmdir "${D}"/etc/polkit-1/rules.d "${D}"/etc/polkit-1 || die - rmdir "${D}"/etc/pam.d || die - - dotmpfiles "${FILESDIR}/polkit.conf" - if use examples ; then docinto examples dodoc src/examples/{*.c,*.policy*} fi - diropts -m 0700 -o polkitd - keepdir /usr/share/polkit-1/rules.d + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi +} + +pkg_postinst() { + if use daemon && [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi } diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-124-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-124-r1.ebuild new file mode 100644 index 0000000000..9cbf98691a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-124-r1.ebuild @@ -0,0 +1,156 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit meson pam pax-utils python-any-r1 systemd xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit" +if [[ ${PV} == *_p* ]] ; then + # Upstream don't make releases very often. Test snapshots throughly + # and review commits, but don't shy away if there's useful stuff there + # we want. + MY_COMMIT="" + SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2" + + S="${WORKDIR}"/${PN}-${MY_COMMIT} +else + SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2" +fi + +LICENSE="LGPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test" +RESTRICT="!test? ( test )" + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + dev-libs/glib + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + sys-devel/gettext + virtual/pkgconfig + introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) + test? ( + $(python_gen_any_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/python-dbusmock[${PYTHON_USEDEP}] + ') + ) +" +DEPEND=" + >=dev-libs/glib-2.32:2 + dev-libs/expat + daemon? ( + duktape? ( dev-lang/duktape:= ) + !duktape? ( dev-lang/spidermonkey:115[-debug] ) + ) + pam? ( + sys-auth/pambase + sys-libs/pam + ) + !pam? ( virtual/libcrypt:= ) + systemd? ( sys-apps/systemd:0=[policykit] ) + !systemd? ( sys-auth/elogind ) +" +RDEPEND=" + ${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING.md NEWS.md README.md ) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd +" + +PATCHES=( + "${FILESDIR}"/${PN}-124-systemd.patch + "${FILESDIR}"/${PN}-124-systemd-fixup.patch + "${FILESDIR}"/${PN}-124-c99-fixes.patch +) + +python_check_deps() { + python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && + python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # bug #401513 + sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die +} + +src_configure() { + xdg_environment_reset + + local emesonargs=( + --localstatedir="${EPREFIX}"/var + -Dauthfw="$(usex pam pam shadow)" + -Dexamples=false + -Dgtk_doc=false + -Dman=true + -Dos_type=gentoo + -Dsession_tracking="$(usex systemd libsystemd-login libelogind)" + -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" + -Djs_engine=$(usex duktape duktape mozjs) + $(meson_use !daemon libs-only) + $(meson_use introspection) + $(meson_use test tests) + $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '') + ) + meson_src_configure +} + +src_compile() { + meson_src_compile + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest +} + +src_install() { + meson_src_install + + # acct-user/polkitd installs its own (albeit with a different filename) + rm -rf "${ED}"/usr/lib/sysusers.d || die + + if use examples ; then + docinto examples + dodoc src/examples/{*.c,*.policy*} + fi + + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi +} + +pkg_postinst() { + if use daemon && [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-125-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-125-r1.ebuild new file mode 100644 index 0000000000..9a9d630ffd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-125-r1.ebuild @@ -0,0 +1,159 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit" +if [[ ${PV} == *_p* ]] ; then + # Upstream don't make releases very often. Test snapshots throughly + # and review commits, but don't shy away if there's useful stuff there + # we want. + MY_COMMIT="" + SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz" + + S="${WORKDIR}"/${PN}-${MY_COMMIT} +else + SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" +fi + +LICENSE="LGPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test" +# Tests restricted b/c of permissions +RESTRICT="!test? ( test ) test" + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + dev-libs/glib + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + sys-devel/gettext + virtual/pkgconfig + introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) + test? ( + $(python_gen_any_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/python-dbusmock[${PYTHON_USEDEP}] + ') + ) +" +DEPEND=" + >=dev-libs/glib-2.32:2 + dev-libs/expat + daemon? ( + duktape? ( dev-lang/duktape:= ) + !duktape? ( dev-lang/spidermonkey:115[-debug] ) + ) + pam? ( + sys-auth/pambase + sys-libs/pam + ) + !pam? ( virtual/libcrypt:= ) + systemd? ( sys-apps/systemd:0=[policykit] ) + !systemd? ( sys-auth/elogind ) +" +RDEPEND=" + ${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING.md NEWS.md README.md ) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd +" + +PATCHES=( + "${FILESDIR}"/${P}-musl.patch + # fix incorrect feature detection + "${FILESDIR}"/8cf58abef12e61f369af3f583af349b0e086ba27.patch +) + +python_check_deps() { + python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && + python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # bug #401513 + sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die +} + +src_configure() { + xdg_environment_reset + + local emesonargs=( + --localstatedir="${EPREFIX}"/var + -Dauthfw="$(usex pam pam shadow)" + -Dexamples=false + -Dgtk_doc=false + -Dman=true + -Dos_type=gentoo + -Djs_engine=$(usex duktape duktape mozjs) + -Dpam_module_dir=$(getpam_mod_dir) + -Dsession_tracking="$(usex systemd logind elogind)" + -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" + $(meson_use !daemon libs-only) + $(meson_use introspection) + $(meson_use test tests) + ) + meson_src_configure +} + +src_compile() { + meson_src_compile + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest +} + +src_install() { + meson_src_install + + # acct-user/polkitd installs its own (albeit with a different filename) + rm -rf "${ED}"/usr/lib/sysusers.d || die + + if use examples ; then + docinto examples + dodoc src/examples/{*.c,*.policy*} + fi + + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi +} + +pkg_postinst() { + tmpfiles_process polkit-tmpfiles.conf + + if use daemon && [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-125.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-125.ebuild new file mode 100644 index 0000000000..d262fc5114 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-125.ebuild @@ -0,0 +1,157 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit" +if [[ ${PV} == *_p* ]] ; then + # Upstream don't make releases very often. Test snapshots throughly + # and review commits, but don't shy away if there's useful stuff there + # we want. + MY_COMMIT="" + SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz" + + S="${WORKDIR}"/${PN}-${MY_COMMIT} +else + SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" +fi + +LICENSE="LGPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test" +# Tests restricted b/c of permissions +RESTRICT="!test? ( test ) test" + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + dev-libs/glib + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + sys-devel/gettext + virtual/pkgconfig + introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) + test? ( + $(python_gen_any_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/python-dbusmock[${PYTHON_USEDEP}] + ') + ) +" +DEPEND=" + >=dev-libs/glib-2.32:2 + dev-libs/expat + daemon? ( + duktape? ( dev-lang/duktape:= ) + !duktape? ( dev-lang/spidermonkey:115[-debug] ) + ) + pam? ( + sys-auth/pambase + sys-libs/pam + ) + !pam? ( virtual/libcrypt:= ) + systemd? ( sys-apps/systemd:0=[policykit] ) + !systemd? ( sys-auth/elogind ) +" +RDEPEND=" + ${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING.md NEWS.md README.md ) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd +" + +PATCHES=( + "${FILESDIR}"/${P}-musl.patch +) + +python_check_deps() { + python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && + python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # bug #401513 + sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die +} + +src_configure() { + xdg_environment_reset + + local emesonargs=( + --localstatedir="${EPREFIX}"/var + -Dauthfw="$(usex pam pam shadow)" + -Dexamples=false + -Dgtk_doc=false + -Dman=true + -Dos_type=gentoo + -Djs_engine=$(usex duktape duktape mozjs) + -Dpam_module_dir=$(getpam_mod_dir) + -Dsession_tracking="$(usex systemd logind elogind)" + -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" + $(meson_use !daemon libs-only) + $(meson_use introspection) + $(meson_use test tests) + ) + meson_src_configure +} + +src_compile() { + meson_src_compile + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest +} + +src_install() { + meson_src_install + + # acct-user/polkitd installs its own (albeit with a different filename) + rm -rf "${ED}"/usr/lib/sysusers.d || die + + if use examples ; then + docinto examples + dodoc src/examples/{*.c,*.policy*} + fi + + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi +} + +pkg_postinst() { + tmpfiles_process polkit-tmpfiles.conf + + if use daemon && [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-126-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-126-r1.ebuild new file mode 100644 index 0000000000..d3d5ee6aac --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-126-r1.ebuild @@ -0,0 +1,165 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..13} ) +inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit" +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/polkit-org/polkit" + inherit git-r3 +elif [[ ${PV} == *_p* ]] ; then + # Upstream don't make releases very often. Test snapshots throughly + # and review commits, but don't shy away if there's useful stuff there + # we want. + MY_COMMIT="" + SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz" + + S="${WORKDIR}"/${PN}-${MY_COMMIT} +else + SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" +fi + +LICENSE="LGPL-2" +SLOT="0" +if [[ ${PV} != 9999 ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi +IUSE="+daemon examples gtk +introspection kde pam nls selinux systemd test" +RESTRICT="!test? ( test )" + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + >=dev-libs/glib-2.32 + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + virtual/pkgconfig + introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) + nls? ( sys-devel/gettext ) + test? ( + $(python_gen_any_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/python-dbusmock[${PYTHON_USEDEP}] + ') + ) +" +DEPEND=" + >=dev-libs/glib-2.32:2 + dev-libs/expat + daemon? ( + dev-lang/duktape:= + ) + pam? ( + sys-auth/pambase + sys-libs/pam + ) + !pam? ( virtual/libcrypt:= ) + systemd? ( sys-apps/systemd:0=[policykit] ) + !systemd? ( sys-auth/elogind ) +" +RDEPEND=" + ${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING.md NEWS.md README.md ) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd +" + +PATCHES=( + "${FILESDIR}"/${P}-elogind.patch + "${FILESDIR}"/${P}-realpath.patch + "${FILESDIR}"/${P}-musl.patch +) + +python_check_deps() { + python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && + python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # bug #401513 + sed -i -e 's|unix-group:@PRIVILEGED_GROUP@|unix-user:@PRIVILEGED_GROUP@|' src/polkitbackend/*-default.rules.in || die +} + +src_configure() { + xdg_environment_reset + + local emesonargs=( + --localstatedir="${EPREFIX}"/var + -Dauthfw="$(usex pam pam shadow)" + -Dexamples=false + -Dgtk_doc=false + -Dman=true + -Dos_type=gentoo + -Dpam_module_dir=$(getpam_mod_dir) + -Dprivileged_group=0 + -Dsession_tracking="$(usex systemd logind elogind)" + -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" + $(meson_use !daemon libs-only) + $(meson_use introspection) + $(meson_use nls gettext) + $(meson_use test tests) + ) + meson_src_configure +} + +src_compile() { + meson_src_compile + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest +} + +src_install() { + meson_src_install + + # acct-user/polkitd installs its own (albeit with a different filename) + rm -rf "${ED}"/usr/lib/sysusers.d || die + + if use examples ; then + docinto examples + dodoc src/examples/{*.c,*.policy*} + fi + + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi +} + +pkg_postinst() { + if use daemon ; then + tmpfiles_process polkit-tmpfiles.conf + + if [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-126.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-126.ebuild new file mode 100644 index 0000000000..6d0de65b25 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-126.ebuild @@ -0,0 +1,157 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit" +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/polkit-org/polkit" + inherit git-r3 +elif [[ ${PV} == *_p* ]] ; then + # Upstream don't make releases very often. Test snapshots throughly + # and review commits, but don't shy away if there's useful stuff there + # we want. + MY_COMMIT="" + SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz" + + S="${WORKDIR}"/${PN}-${MY_COMMIT} +else + SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" +fi + +LICENSE="LGPL-2" +SLOT="0" +if [[ ${PV} != 9999 ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi +IUSE="+daemon examples gtk +introspection kde pam nls selinux systemd test" +RESTRICT="!test? ( test )" + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + >=dev-libs/glib-2.32 + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + virtual/pkgconfig + introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) + nls? ( sys-devel/gettext ) + test? ( + $(python_gen_any_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/python-dbusmock[${PYTHON_USEDEP}] + ') + ) +" +DEPEND=" + >=dev-libs/glib-2.32:2 + dev-libs/expat + daemon? ( + dev-lang/duktape:= + ) + pam? ( + sys-auth/pambase + sys-libs/pam + ) + !pam? ( virtual/libcrypt:= ) + systemd? ( sys-apps/systemd:0=[policykit] ) + !systemd? ( sys-auth/elogind ) +" +RDEPEND=" + ${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING.md NEWS.md README.md ) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd +" + +python_check_deps() { + python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && + python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # bug #401513 + sed -i -e 's|unix-group:@PRIVILEGED_GROUP@|unix-user:@PRIVILEGED_GROUP@|' src/polkitbackend/*-default.rules.in || die +} + +src_configure() { + xdg_environment_reset + + local emesonargs=( + --localstatedir="${EPREFIX}"/var + -Dauthfw="$(usex pam pam shadow)" + -Dexamples=false + -Dgtk_doc=false + -Dman=true + -Dos_type=gentoo + -Dpam_module_dir=$(getpam_mod_dir) + -Dprivileged_group=0 + -Dsession_tracking="$(usex systemd logind elogind)" + -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" + $(meson_use !daemon libs-only) + $(meson_use introspection) + $(meson_use nls gettext) + $(meson_use test tests) + ) + meson_src_configure +} + +src_compile() { + meson_src_compile + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest +} + +src_install() { + meson_src_install + + # acct-user/polkitd installs its own (albeit with a different filename) + rm -rf "${ED}"/usr/lib/sysusers.d || die + + if use examples ; then + docinto examples + dodoc src/examples/{*.c,*.policy*} + fi + + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi +} + +pkg_postinst() { + tmpfiles_process polkit-tmpfiles.conf + + if use daemon && [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-9999-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-9999-r1.ebuild new file mode 100644 index 0000000000..c4a985f124 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-9999-r1.ebuild @@ -0,0 +1,160 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit meson pam pax-utils python-any-r1 systemd xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit" +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/polkit-org/polkit" + inherit git-r3 +elif [[ ${PV} == *_p* ]] ; then + # Upstream don't make releases very often. Test snapshots throughly + # and review commits, but don't shy away if there's useful stuff there + # we want. + MY_COMMIT="" + SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz" + + S="${WORKDIR}"/${PN}-${MY_COMMIT} +else + SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" +fi + +LICENSE="LGPL-2" +SLOT="0" +if [[ ${PV} != 9999 ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi +IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test" +RESTRICT="!test? ( test )" + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + dev-libs/glib + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + sys-devel/gettext + virtual/pkgconfig + introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) + test? ( + $(python_gen_any_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/python-dbusmock[${PYTHON_USEDEP}] + ') + ) +" +DEPEND=" + >=dev-libs/glib-2.32:2 + dev-libs/expat + daemon? ( + duktape? ( dev-lang/duktape:= ) + !duktape? ( dev-lang/spidermonkey:115[-debug] ) + ) + pam? ( + sys-auth/pambase + sys-libs/pam + ) + !pam? ( virtual/libcrypt:= ) + systemd? ( sys-apps/systemd:0=[policykit] ) + !systemd? ( sys-auth/elogind ) +" +RDEPEND=" + ${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING.md NEWS.md README.md ) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd +" + +python_check_deps() { + python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && + python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # FIXME: Horrible hack to facilitate testing in bug #934314 + patch -p1 -f < "${FILESDIR}"/${PN}-124-systemd.patch + patch -p1 -f < "${FILESDIR}"/${PN}-124-systemd-fixup.patch + patch -p1 -f < "${FILESDIR}"/${PN}-124-c99-fixes.patch + sed -i -e "s:dependency('systemd':dependency('libelogind':" meson.build || die + + sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die +} + +src_configure() { + xdg_environment_reset + + local emesonargs=( + --localstatedir="${EPREFIX}"/var + -Dauthfw="$(usex pam pam shadow)" + -Dexamples=false + -Dgtk_doc=false + -Dman=true + -Dos_type=gentoo + -Dsession_tracking="$(usex systemd libsystemd-login libelogind)" + -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" + -Djs_engine=$(usex duktape duktape mozjs) + $(meson_use !daemon libs-only) + $(meson_use introspection) + $(meson_use test tests) + $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '') + ) + meson_src_configure +} + +src_compile() { + meson_src_compile + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest +} + +src_install() { + meson_src_install + + # acct-user/polkitd installs its own (albeit with a different filename) + rm -rf "${ED}"/usr/lib/sysusers.d || die + + if use examples ; then + docinto examples + dodoc src/examples/{*.c,*.policy*} + fi + + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi +} + +pkg_postinst() { + if use daemon && [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-9999.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-9999.ebuild new file mode 100644 index 0000000000..d3d5ee6aac --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-9999.ebuild @@ -0,0 +1,165 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..13} ) +inherit meson pam pax-utils python-any-r1 systemd tmpfiles xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit" +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/polkit-org/polkit" + inherit git-r3 +elif [[ ${PV} == *_p* ]] ; then + # Upstream don't make releases very often. Test snapshots throughly + # and review commits, but don't shy away if there's useful stuff there + # we want. + MY_COMMIT="" + SRC_URI="https://github.com/polkit-org/polkit/archive/${MY_COMMIT}.tar.gz -> ${P}.tar.gz" + + S="${WORKDIR}"/${PN}-${MY_COMMIT} +else + SRC_URI="https://github.com/polkit-org/polkit/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" +fi + +LICENSE="LGPL-2" +SLOT="0" +if [[ ${PV} != 9999 ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi +IUSE="+daemon examples gtk +introspection kde pam nls selinux systemd test" +RESTRICT="!test? ( test )" + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + >=dev-libs/glib-2.32 + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + virtual/pkgconfig + introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) + nls? ( sys-devel/gettext ) + test? ( + $(python_gen_any_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/python-dbusmock[${PYTHON_USEDEP}] + ') + ) +" +DEPEND=" + >=dev-libs/glib-2.32:2 + dev-libs/expat + daemon? ( + dev-lang/duktape:= + ) + pam? ( + sys-auth/pambase + sys-libs/pam + ) + !pam? ( virtual/libcrypt:= ) + systemd? ( sys-apps/systemd:0=[policykit] ) + !systemd? ( sys-auth/elogind ) +" +RDEPEND=" + ${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING.md NEWS.md README.md ) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd +" + +PATCHES=( + "${FILESDIR}"/${P}-elogind.patch + "${FILESDIR}"/${P}-realpath.patch + "${FILESDIR}"/${P}-musl.patch +) + +python_check_deps() { + python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && + python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # bug #401513 + sed -i -e 's|unix-group:@PRIVILEGED_GROUP@|unix-user:@PRIVILEGED_GROUP@|' src/polkitbackend/*-default.rules.in || die +} + +src_configure() { + xdg_environment_reset + + local emesonargs=( + --localstatedir="${EPREFIX}"/var + -Dauthfw="$(usex pam pam shadow)" + -Dexamples=false + -Dgtk_doc=false + -Dman=true + -Dos_type=gentoo + -Dpam_module_dir=$(getpam_mod_dir) + -Dprivileged_group=0 + -Dsession_tracking="$(usex systemd logind elogind)" + -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" + $(meson_use !daemon libs-only) + $(meson_use introspection) + $(meson_use nls gettext) + $(meson_use test tests) + ) + meson_src_configure +} + +src_compile() { + meson_src_compile + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest +} + +src_install() { + meson_src_install + + # acct-user/polkitd installs its own (albeit with a different filename) + rm -rf "${ED}"/usr/lib/sysusers.d || die + + if use examples ; then + docinto examples + dodoc src/examples/{*.c,*.policy*} + fi + + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi +} + +pkg_postinst() { + if use daemon ; then + tmpfiles_process polkit-tmpfiles.conf + + if [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/.lvm2-2.03.22-r7.ebuild.swp b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/.lvm2-2.03.22-r7.ebuild.swp new file mode 100644 index 0000000000..d714f4788d Binary files /dev/null and b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/.lvm2-2.03.22-r7.ebuild.swp differ diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/Manifest b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/Manifest new file mode 100644 index 0000000000..5e526190b7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/Manifest @@ -0,0 +1,2 @@ +DIST LVM2.2.03.21.tgz 2742294 BLAKE2B 529bc01b3d1ba6207c9ddc95309b39e6293fcd0286334240b9fdc076da0b7bc7e026338ec0243564ec153f2fb5009014149c3f8e0db0cd47a29418af62068728 SHA512 6024811c3fa92afd2fc13a10d1c3542352aa9a016f40c3ef588bd2f5f3e41245fed4b36c8a87d9f7f8dddc6e13b7253396f5c811f99665df27751676dc7b5bde +DIST LVM2.2.03.22.tgz 2755031 BLAKE2B 79bbea84bd82f111c1bb5de336e6a9f1368b2c9e43f075dccaa90c7746a364259ad278adf650379eca75f2803ed74e74dd372be2cca8518462182657f96a0033 SHA512 17cd24ceee8026481566824b688dafd03ec816201d5cb3549cb7fc8a36f4cdaa982faaef4dcd26debfe775dea5ffa2744798164314ea6dc99a84f8ccccfc33ff diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/device-mapper.conf-1.02.22-r3 b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/device-mapper.conf-r4 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/device-mapper.conf-1.02.22-r3 rename to sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/device-mapper.conf-r4 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/device-mapper.rc-2.02.105-r2 b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/device-mapper.rc-r3 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/device-mapper.rc-2.02.105-r2 rename to sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/device-mapper.rc-r3 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/dmeventd.initd-2.02.184-r2 b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/dmeventd.initd-r3 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/dmeventd.initd-2.02.184-r2 rename to sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/dmeventd.initd-r3 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/dmtab b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/dmtab similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/dmtab rename to sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/dmtab diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm-monitoring.initd-2.02.105-r2 b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm-monitoring.initd-r3 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm-monitoring.initd-2.02.105-r2 rename to sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm-monitoring.initd-r3 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm.confd-2.02.184-r3 b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm.confd-r4 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm.confd-2.02.184-r3 rename to sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm.confd-r4 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm.rc-2.02.187 b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm.rc-r1 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm.rc-2.02.187 rename to sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm.rc-r1 diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.20-dm_lvm_rules_no_systemd.patch b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.20-dm_lvm_rules_no_systemd.patch new file mode 100644 index 0000000000..e39d7959b3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.20-dm_lvm_rules_no_systemd.patch @@ -0,0 +1,11 @@ +--- a/udev/69-dm-lvm.rules.in ++++ b/udev/69-dm-lvm.rules.in +@@ -76,7 +76,7 @@ + # it's better suited to appearing in the journal. + + IMPORT{program}="(LVM_EXEC)/lvm pvscan --cache --listvg --checkcomplete --vgonline --autoactivation event --udevoutput --journal=output $env{DEVNAME}" +-ENV{LVM_VG_NAME_COMPLETE}=="?*", RUN+="(SYSTEMDRUN) --no-block --property DefaultDependencies=no --unit lvm-activate-$env{LVM_VG_NAME_COMPLETE} (LVM_EXEC)/lvm vgchange -aay --autoactivation event $env{LVM_VG_NAME_COMPLETE}" ++ENV{LVM_VG_NAME_COMPLETE}=="?*", RUN+="(LVM_EXEC)/lvm vgchange -aay --nohints --autoactivation event $env{LVM_VG_NAME_COMPLETE}" + GOTO="lvm_end" + + LABEL="lvm_end" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.184-dmeventd-no-idle-exit.patch b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.20-dmeventd-no-idle-exit.patch similarity index 70% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.184-dmeventd-no-idle-exit.patch rename to sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.20-dmeventd-no-idle-exit.patch index c80bd2ba2b..8f3cb5534d 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.184-dmeventd-no-idle-exit.patch +++ b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.20-dmeventd-no-idle-exit.patch @@ -1,5 +1,6 @@ +From ab3ae0a22dfbe20e2d17e7dc60e0f76184ec098c Mon Sep 17 00:00:00 2001 From: "Robin H. Johnson" -Date: Wed, 17 Apr 2019 06:54:27 +0000 +Date: Wed, 24 Jul 2019 11:22:32 +0200 Subject: [PATCH] dmeventd configurable idle exit time dmeventd nominally exits after 1 hour of idle time. There are use cases for @@ -11,11 +12,9 @@ that can be -1 to not exit, or a configurable time for different idle exit. Signed-off-by: Robin H. Johnson Fixes: https://bugs.gentoo.org/682556 - -diff -Nuar LVM2.2.02.184.orig/daemons/dmeventd/dmeventd.c LVM2.2.02.184/daemons/dmeventd/dmeventd.c ---- LVM2.2.02.184.orig/daemons/dmeventd/dmeventd.c 2019-03-22 03:14:59.000000000 -0700 -+++ LVM2.2.02.184/daemons/dmeventd/dmeventd.c 2019-04-17 00:18:23.535029906 -0700 -@@ -2158,6 +2158,18 @@ +--- a/daemons/dmeventd/dmeventd.c ++++ b/daemons/dmeventd/dmeventd.c +@@ -2169,6 +2169,18 @@ .server_path = DM_EVENT_FIFO_SERVER }; time_t now, idle_exit_timeout = DMEVENTD_IDLE_EXIT_TIMEOUT; @@ -34,7 +33,7 @@ diff -Nuar LVM2.2.02.184.orig/daemons/dmeventd/dmeventd.c LVM2.2.02.184/daemons/ opterr = 0; optind = 0; -@@ -2253,7 +2265,7 @@ +@@ -2265,7 +2277,7 @@ _process_initial_registrations(); for (;;) { @@ -43,7 +42,7 @@ diff -Nuar LVM2.2.02.184.orig/daemons/dmeventd/dmeventd.c LVM2.2.02.184/daemons/ if (_exit_now) { if (_exit_now == DM_SCHEDULED_EXIT) break; /* Only prints shutdown message */ -@@ -2262,7 +2274,7 @@ +@@ -2274,7 +2286,7 @@ (long) (time(NULL) - _idle_since)); break; } @@ -52,13 +51,12 @@ diff -Nuar LVM2.2.02.184.orig/daemons/dmeventd/dmeventd.c LVM2.2.02.184/daemons/ now = time(NULL); if (now < _idle_since) _idle_since = now; /* clock change? */ -diff -Nuar LVM2.2.02.184.orig/man/dmeventd.8_main LVM2.2.02.184/man/dmeventd.8_main ---- LVM2.2.02.184.orig/man/dmeventd.8_main 2019-03-22 03:15:00.000000000 -0700 -+++ LVM2.2.02.184/man/dmeventd.8_main 2019-04-17 00:17:46.076023638 -0700 -@@ -143,6 +143,10 @@ - Variable is set by thin plugin to prohibit recursive interation +--- a/man/dmeventd.8_main ++++ b/man/dmeventd.8_main +@@ -169,6 +169,10 @@ + Variable is set by thin and vdo plugin to prohibit recursive interaction with dmeventd by any executed lvm2 command from - a thin_command environment. + a thin_command, vdo_command environment. +.TP +.B DMEVENTD_IDLE_EXIT_TIMEOUT +Configure the dmeventd idle exit timeout behavior, value in seconds. Default diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.178-example.conf.in.patch b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.20-example.conf.in.patch similarity index 64% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.178-example.conf.in.patch rename to sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.20-example.conf.in.patch index 34c710d439..b63b681e5f 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvm2-2.02.178-example.conf.in.patch +++ b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.20-example.conf.in.patch @@ -1,26 +1,18 @@ ---- LVM2.2.02.178/conf/example.conf.in -+++ LVM2.2.02.178/conf/example.conf.in -@@ -128,6 +128,9 @@ +Add Gentoo specific changes + +--- a/conf/example.conf.in ++++ b/conf/example.conf.in +@@ -170,6 +170,9 @@ # Example # Accept every block device: - # filter = [ "a|.*/|" ] + # filter = [ "a|.*|" ] + # Gentoo: we exclude /dev/nbd by default, because it makes a lot of kernel + # noise when you probed while not available. -+ filter = [ "r|/dev/nbd.*|", "a/.*/" ] ++ filter = [ "r|/dev/nbd.*|", "a|.*|" ] # Reject the cdrom drive: # filter = [ "r|/dev/cdrom|" ] # Work with just loopback devices, e.g. for testing: -@@ -704,7 +707,8 @@ - # Configuration option global/fallback_to_lvm1. - # This setting is no longer used. - # This configuration option has an automatic default value. -- # fallback_to_lvm1 = 0 -+ # Gentoo: the LVM tools are a seperate package. -+ fallback_to_lvm1 = 0 - - # Configuration option global/format. - # This setting is no longer used. -@@ -1508,7 +1512,7 @@ +@@ -1843,7 +1846,7 @@ # Configuration section metadata. # This configuration section has an automatic default value. @@ -29,8 +21,8 @@ # Configuration option metadata/check_pv_device_sizes. # Check device sizes are not smaller than corresponding PV sizes. -@@ -1553,7 +1557,8 @@ - # +@@ -1888,7 +1891,8 @@ + # # This configuration option is advanced. # This configuration option has an automatic default value. - # pvmetadatacopies = 1 @@ -39,10 +31,10 @@ # Configuration option metadata/vgmetadatacopies. # Number of copies of metadata to maintain for each VG. -@@ -1608,7 +1613,7 @@ - # +@@ -1931,7 +1935,7 @@ # This configuration option is advanced. - # This configuration option does not have a default value defined. + # This configuration option has an automatic default value. + # stripesize = 64 -# } +} diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.20-freopen-musl.patch b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.20-freopen-musl.patch new file mode 100644 index 0000000000..2b3f0a91f2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.20-freopen-musl.patch @@ -0,0 +1,54 @@ +From 4cf08811e112100a2b10c60047f3c537ad21d674 Mon Sep 17 00:00:00 2001 +From: David Seifert +Date: Sat, 28 Jan 2023 14:22:42 +0100 +Subject: [PATCH] Use `freopen()` on {stdin,stdout,stderr} + +* ISO C does not guarantee that the standard streams are modifiable + lvalues. Glibc even calls out this behaviour as non-portable: + https://www.gnu.org/software/libc/manual/html_node/Standard-Streams.html +--- a/lib/log/log.c ++++ b/lib/log/log.c +@@ -208,7 +208,11 @@ int reopen_standard_stream(FILE **stream, const char *mode) + + _check_and_replace_standard_log_streams(old_stream, new_stream); + ++#ifdef __GLIBC__ + *stream = new_stream; ++#else ++ freopen(NULL, mode, *stream); ++#endif + return 1; + } + +--- a/tools/lvmcmdline.c ++++ b/tools/lvmcmdline.c +@@ -3422,7 +3422,7 @@ static int _check_standard_fds(void) + int err = is_valid_fd(STDERR_FILENO); + + if (!is_valid_fd(STDIN_FILENO) && +- !(stdin = fopen(_PATH_DEVNULL, "r"))) { ++ !freopen(_PATH_DEVNULL, "r", stdin)) { + if (err) + perror("stdin stream open"); + else +@@ -3432,7 +3432,7 @@ static int _check_standard_fds(void) + } + + if (!is_valid_fd(STDOUT_FILENO) && +- !(stdout = fopen(_PATH_DEVNULL, "w"))) { ++ !freopen(_PATH_DEVNULL, "w", stdout)) { + if (err) + perror("stdout stream open"); + /* else no stdout */ +@@ -3440,7 +3440,7 @@ static int _check_standard_fds(void) + } + + if (!is_valid_fd(STDERR_FILENO) && +- !(stderr = fopen(_PATH_DEVNULL, "w"))) { ++ !freopen(_PATH_DEVNULL, "w", stderr)) { + printf("stderr stream open: %s\n", + strerror(errno)); + return 0; +-- +2.39.2 + diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.22-autoconf-2.72-egrep.patch b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.22-autoconf-2.72-egrep.patch new file mode 100644 index 0000000000..9ce7d54020 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.22-autoconf-2.72-egrep.patch @@ -0,0 +1,30 @@ +https://bugs.gentoo.org/920798 +https://gitlab.com/lvmteam/lvm2/-/merge_requests/4 + +From 39cb34e56b8c04b4d652eb9dbd643e10a05ff21c Mon Sep 17 00:00:00 2001 +From: Kai Kang +Date: Mon, 6 Nov 2023 16:44:41 +0800 +Subject: [PATCH] configure.ac: check egrep + +The macro AC_HEADER_STDC which requires AC_PROG_EGREP has been removed +from configure.ac, then it fails to substitute '@EGREP@': + +| [GEN] command-lines-input.h +| /bin/bash: line 2: @EGREP@: command not found +| [GEN] command-count.h + +Call AC_PROG_EGREP to fix the error. + +Signed-off-by: Kai Kang +--- a/configure.ac ++++ b/configure.ac +@@ -78,6 +78,7 @@ AC_PROG_LN_S + AC_PROG_MAKE_SET + AC_PROG_MKDIR_P + AC_PROG_RANLIB ++AC_PROG_EGREP + AC_CHECK_TOOL([READELF], [readelf]) + AC_CHECK_TOOL(AR, ar) + AC_PATH_TOOL(CFLOW_CMD, cflow) +-- +GitLab diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.22-basename-musl.patch b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.22-basename-musl.patch new file mode 100644 index 0000000000..2dd9f8ff52 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.22-basename-musl.patch @@ -0,0 +1,34 @@ +https://bugs.gentoo.org/937239 +https://github.com/lvmteam/lvm2/commit/f98d2ffe8753895c84160a7abce4223bd127cd9e + +From f98d2ffe8753895c84160a7abce4223bd127cd9e Mon Sep 17 00:00:00 2001 +From: Zdenek Kabelac +Date: Wed, 27 Mar 2024 00:28:14 +0100 +Subject: [PATCH] device_id: use dm_basename + +Avoid problems for other libc like muslc and use dm_basename. + +Prototype for basename has been removed from string.h from latest musl [1] +compilers e.g. clang-18 flags the absense of prototype as error. therefore +include libgen.h for providing it. + +[1] https://git.musl-libc.org/cgit/musl/commit/?id=725e17ed6dff4d0cd22487bb64470881e86a92e7 + +Reported-by: Khem Raj +--- + lib/device/device_id.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/device/device_id.c b/lib/device/device_id.c +index 7d67a1cb7..200d39432 100644 +--- a/lib/device/device_id.c ++++ b/lib/device/device_id.c +@@ -740,7 +740,7 @@ static int _dev_read_sys_serial(struct cmd_context *cmd, struct device *dev, + int ret; + + /* /dev/vda to vda */ +- base = basename(devname); ++ base = dm_basename(devname); + + /* vda1 to vda */ + for (i = 0; i < strlen(base); i++) { diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.22-thin-autodetect.patch b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.22-thin-autodetect.patch new file mode 100644 index 0000000000..968601af5b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.22-thin-autodetect.patch @@ -0,0 +1,137 @@ +https://gitlab.com/lvmteam/lvm2/-/merge_requests/18 + +From 25f0398b1c9d108160a39de43af6f2fa3f952db5 Mon Sep 17 00:00:00 2001 +From: Mike Gilbert +Date: Sun, 17 Nov 2024 10:45:29 -0500 +Subject: [PATCH] configure: update thin_check_needs_check logic + +If the user has explicitly passed a value for thin_check_needs_check, +skip the autodetection logic entirely. Same for cache_check_needs_check. + +This allows lvm2 to be built consistently without having +thin-provisioning-tools installed. +--- + configure.ac | 84 ++++++++++++++++++++++++++++------------------------ + 1 file changed, 46 insertions(+), 38 deletions(-) + +diff --git a/configure.ac b/configure.ac +index cbea6adc6..4f77b4e6f 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -422,7 +422,7 @@ dnl -- thin_check needs-check flag + AC_ARG_ENABLE(thin_check_needs_check, + AS_HELP_STRING([--disable-thin_check_needs_check], + [required if thin_check version is < 0.3.0]), +- THIN_CHECK_NEEDS_CHECK=$enableval, THIN_CHECK_NEEDS_CHECK="yes") ++ THIN_CHECK_NEEDS_CHECK=$enableval, THIN_CHECK_NEEDS_CHECK="autodetect") + + # Test if necessary thin tools are available + # if not - use plain defaults and warn user +@@ -437,20 +437,24 @@ AS_CASE(["$THIN"], + THIN_CONFIGURE_WARN="y" + ]) + ]) +- AS_IF([test "$THIN_CHECK_NEEDS_CHECK" = "yes" && test "$THIN_CONFIGURE_WARN" != "y"], [ +- THIN_CHECK_VSN=$("$THIN_CHECK_CMD" -V 2>/dev/null) +- THIN_CHECK_VSN=${THIN_CHECK_VSN##* } # trim away all before the first space +- THIN_CHECK_VSN_MAJOR=$(echo "$THIN_CHECK_VSN" | $AWK -F '.' '{print $1}') +- THIN_CHECK_VSN_MINOR=$(echo "$THIN_CHECK_VSN" | $AWK -F '.' '{print $2}') +- +- AS_IF([test -z "$THIN_CHECK_VSN_MAJOR" || test -z "$THIN_CHECK_VSN_MINOR"], [ +- AC_MSG_WARN([$THIN_CHECK_CMD: Bad version "$THIN_CHECK_VSN" found]) +- THIN_CHECK_VERSION_WARN="y" +- THIN_CHECK_NEEDS_CHECK="no" +- ], [test "$THIN_CHECK_VSN_MAJOR" -eq 0 && test "$THIN_CHECK_VSN_MINOR" -lt 3], [ +- AC_MSG_WARN([$THIN_CHECK_CMD: Old version "$THIN_CHECK_VSN" found]) +- THIN_CHECK_VERSION_WARN="y" +- THIN_CHECK_NEEDS_CHECK="no" ++ AS_IF([test "$THIN_CHECK_NEEDS_CHECK" = "autodetect"], [ ++ AS_IF([test "$THIN_CONFIGURE_WARN" != "y"], [ ++ THIN_CHECK_VSN=$("$THIN_CHECK_CMD" -V 2>/dev/null) ++ THIN_CHECK_VSN=${THIN_CHECK_VSN##* } # trim away all before the first space ++ THIN_CHECK_VSN_MAJOR=$(echo "$THIN_CHECK_VSN" | $AWK -F '.' '{print $1}') ++ THIN_CHECK_VSN_MINOR=$(echo "$THIN_CHECK_VSN" | $AWK -F '.' '{print $2}') ++ ++ AS_IF([test -z "$THIN_CHECK_VSN_MAJOR" || test -z "$THIN_CHECK_VSN_MINOR"], [ ++ AC_MSG_WARN([$THIN_CHECK_CMD: Bad version "$THIN_CHECK_VSN" found]) ++ THIN_CHECK_VERSION_WARN="y" ++ THIN_CHECK_NEEDS_CHECK="no" ++ ], [test "$THIN_CHECK_VSN_MAJOR" -eq 0 && test "$THIN_CHECK_VSN_MINOR" -lt 3], [ ++ AC_MSG_WARN([$THIN_CHECK_CMD: Old version "$THIN_CHECK_VSN" found]) ++ THIN_CHECK_VERSION_WARN="y" ++ THIN_CHECK_NEEDS_CHECK="no" ++ ], [ ++ THIN_CHECK_NEEDS_CHECK="yes" ++ ]) + ]) + ]) + # Empty means a config way to ignore thin dumping +@@ -535,7 +539,7 @@ dnl -- cache_check needs-check flag + AC_ARG_ENABLE(cache_check_needs_check, + AS_HELP_STRING([--disable-cache_check_needs_check], + [required if cache_check version is < 0.5]), +- CACHE_CHECK_NEEDS_CHECK=$enableval, CACHE_CHECK_NEEDS_CHECK="yes") ++ CACHE_CHECK_NEEDS_CHECK=$enableval, CACHE_CHECK_NEEDS_CHECK="autodetect") + + # Test if necessary cache tools are available + # if not - use plain defaults and warn user +@@ -550,30 +554,34 @@ AS_CASE(["$CACHE"], + CACHE_CONFIGURE_WARN="y" + ]) + ]) +- AS_IF([test "$CACHE_CHECK_NEEDS_CHECK" = "yes" && test "$CACHE_CONFIGURE_WARN" != "y"], [ +- "$CACHE_CHECK_CMD" -V 2>/dev/null >conftest.tmp +- read -r CACHE_CHECK_VSN < conftest.tmp +- IFS=.- read -r CACHE_CHECK_VSN_MAJOR CACHE_CHECK_VSN_MINOR CACHE_CHECK_VSN_PATCH LEFTOVER < conftest.tmp +- rm -f conftest.tmp +- +- # Require version >= 0.5.4 for --clear-needs-check-flag +- CACHE_CHECK_VSN_MAJOR=${CACHE_CHECK_VSN_MAJOR##* } +- AS_IF([test -z "$CACHE_CHECK_VSN_MAJOR" \ +- || test -z "$CACHE_CHECK_VSN_MINOR" \ +- || test -z "$CACHE_CHECK_VSN_PATCH"], [ +- AC_MSG_WARN([$CACHE_CHECK_CMD: Bad version "$CACHE_CHECK_VSN" found]) +- CACHE_CHECK_VERSION_WARN="y" +- CACHE_CHECK_NEEDS_CHECK="no" +- ], [test "$CACHE_CHECK_VSN_MAJOR" -eq 0], [ +- AS_IF([test "$CACHE_CHECK_VSN_MINOR" -lt 5 \ +- || ( test "$CACHE_CHECK_VSN_MINOR" -eq 5 && test "$CACHE_CHECK_VSN_PATCH" -lt 4 )], [ +- AC_MSG_WARN([$CACHE_CHECK_CMD: Old version "$CACHE_CHECK_VSN" found]) ++ AS_IF([test "$CACHE_CHECK_NEEDS_CHECK" = "autodetect"], [ ++ AS_IF([test "$CACHE_CONFIGURE_WARN" != "y"], [ ++ "$CACHE_CHECK_CMD" -V 2>/dev/null >conftest.tmp ++ read -r CACHE_CHECK_VSN < conftest.tmp ++ IFS=.- read -r CACHE_CHECK_VSN_MAJOR CACHE_CHECK_VSN_MINOR CACHE_CHECK_VSN_PATCH LEFTOVER < conftest.tmp ++ rm -f conftest.tmp ++ ++ # Require version >= 0.5.4 for --clear-needs-check-flag ++ CACHE_CHECK_VSN_MAJOR=${CACHE_CHECK_VSN_MAJOR##* } ++ AS_IF([test -z "$CACHE_CHECK_VSN_MAJOR" \ ++ || test -z "$CACHE_CHECK_VSN_MINOR" \ ++ || test -z "$CACHE_CHECK_VSN_PATCH"], [ ++ AC_MSG_WARN([$CACHE_CHECK_CMD: Bad version "$CACHE_CHECK_VSN" found]) + CACHE_CHECK_VERSION_WARN="y" + CACHE_CHECK_NEEDS_CHECK="no" +- ]) +- AS_IF([test "$CACHE_CHECK_VSN_MINOR" -lt 7], [ +- AC_MSG_WARN([$CACHE_CHECK_CMD: Old version "$CACHE_CHECK_VSN" does not support new cache format V2]) +- CACHE_CHECK_VERSION_WARN=y ++ ], [test "$CACHE_CHECK_VSN_MAJOR" -eq 0], [ ++ AS_IF([test "$CACHE_CHECK_VSN_MINOR" -lt 5 \ ++ || ( test "$CACHE_CHECK_VSN_MINOR" -eq 5 && test "$CACHE_CHECK_VSN_PATCH" -lt 4 )], [ ++ AC_MSG_WARN([$CACHE_CHECK_CMD: Old version "$CACHE_CHECK_VSN" found]) ++ CACHE_CHECK_VERSION_WARN="y" ++ CACHE_CHECK_NEEDS_CHECK="no" ++ ]) ++ AS_IF([test "$CACHE_CHECK_VSN_MINOR" -lt 7], [ ++ AC_MSG_WARN([$CACHE_CHECK_CMD: Old version "$CACHE_CHECK_VSN" does not support new cache format V2]) ++ CACHE_CHECK_VERSION_WARN=y ++ ]) ++ ], [ ++ CACHE_CHECK_NEEDS_CHECK="yes" + ]) + ]) + ]) +-- +2.47.0 + diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.22-thin-version-checking.patch b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.22-thin-version-checking.patch new file mode 100644 index 0000000000..28d901bc7d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvm2-2.03.22-thin-version-checking.patch @@ -0,0 +1,59 @@ +From f117d47ffa781f7f1ad452505c250b4826cdcc7f Mon Sep 17 00:00:00 2001 +From: Zdenek Kabelac +Date: Tue, 10 Oct 2023 22:03:50 +0200 +Subject: [PATCH] configure.ac: version checking for new dmpd tools + +New rust version of thin_check returns now also binary name in version, +so adapt the version checking to handle this variant. +--- + configure.ac | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 1550f1f70..59d4b65af 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -426,6 +426,7 @@ AS_CASE(["$THIN"], + ]) + AS_IF([test "$THIN_CHECK_NEEDS_CHECK" = "yes" && test "$THIN_CONFIGURE_WARN" != "y"], [ + THIN_CHECK_VSN=$("$THIN_CHECK_CMD" -V 2>/dev/null) ++ THIN_CHECK_VSN=${THIN_CHECK_VSN##* } # trim away all before the first space + THIN_CHECK_VSN_MAJOR=$(echo "$THIN_CHECK_VSN" | $AWK -F '.' '{print $1}') + THIN_CHECK_VSN_MINOR=$(echo "$THIN_CHECK_VSN" | $AWK -F '.' '{print $2}') + +@@ -467,7 +468,7 @@ AS_CASE(["$THIN"], + ]) + ]) + +- AC_MSG_CHECKING([whether thin_check supports the needs-check flag]) ++ AC_MSG_CHECKING([whether $THIN_CHECK_CMD ($THIN_CHECK_VSN_MAJOR.$THIN_CHECK_VSN_MINOR) supports the needs-check flag]) + AC_MSG_RESULT([$THIN_CHECK_NEEDS_CHECK]) + AS_IF([test "$THIN_CHECK_NEEDS_CHECK" = "yes"], [ + AC_DEFINE([THIN_CHECK_NEEDS_CHECK], 1, [Define to 1 if the external 'thin_check' tool requires the --clear-needs-check-flag option]) +@@ -537,12 +538,13 @@ AS_CASE(["$CACHE"], + ]) + ]) + AS_IF([test "$CACHE_CHECK_NEEDS_CHECK" = "yes" && test "$CACHE_CONFIGURE_WARN" != "y"], [ +- $CACHE_CHECK_CMD -V 2>/dev/null >conftest.tmp ++ "$CACHE_CHECK_CMD" -V 2>/dev/null >conftest.tmp + read -r CACHE_CHECK_VSN < conftest.tmp + IFS=.- read -r CACHE_CHECK_VSN_MAJOR CACHE_CHECK_VSN_MINOR CACHE_CHECK_VSN_PATCH LEFTOVER < conftest.tmp + rm -f conftest.tmp + + # Require version >= 0.5.4 for --clear-needs-check-flag ++ CACHE_CHECK_VSN_MAJOR=${CACHE_CHECK_VSN_MAJOR##* } + AS_IF([test -z "$CACHE_CHECK_VSN_MAJOR" \ + || test -z "$CACHE_CHECK_VSN_MINOR" \ + || test -z "$CACHE_CHECK_VSN_PATCH"], [ +@@ -590,7 +592,7 @@ AS_CASE(["$CACHE"], + ]) + ]) + +- AC_MSG_CHECKING([whether cache_check supports the needs-check flag]) ++ AC_MSG_CHECKING([whether $CACHE_CHECK_CMD ($CACHE_CHECK_VSN_MAJOR.$CACHE_CHECK_VSN_MINOR.$CACHE_CHECK_VSN_PATCH) supports the needs-check flag]) + AC_MSG_RESULT([$CACHE_CHECK_NEEDS_CHECK]) + AS_IF([test "$CACHE_CHECK_NEEDS_CHECK" = "yes"], [ + AC_DEFINE([CACHE_CHECK_NEEDS_CHECK], 1, [Define to 1 if the external 'cache_check' tool requires the --clear-needs-check-flag option]) +-- +2.45.0 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvmlockd.initd-2.02.166-r1 b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvmlockd.initd-r2 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvmlockd.initd-2.02.166-r1 rename to sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvmlockd.initd-r2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvmpolld.initd-2.02.183 b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvmpolld.initd-r1 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/lvm2/files/lvmpolld.initd-2.02.183 rename to sdk_container/src/third_party/portage-stable/sys-fs/lvm2/files/lvmpolld.initd-r1 diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/lvm2-2.03.21-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/lvm2-2.03.21-r1.ebuild new file mode 100644 index 0000000000..5db75e4d88 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/lvm2-2.03.21-r1.ebuild @@ -0,0 +1,303 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +TMPFILES_OPTIONAL=1 +inherit autotools linux-info systemd toolchain-funcs tmpfiles udev flag-o-matic + +DESCRIPTION="User-land utilities for LVM2 (device-mapper) software" +HOMEPAGE="https://sourceware.org/lvm2/" +SRC_URI="https://sourceware.org/ftp/lvm2/${PN^^}.${PV}.tgz" +S="${WORKDIR}/${PN^^}.${PV}" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux" +IUSE="lvm readline sanlock selinux static static-libs systemd thin +udev valgrind" +REQUIRED_USE=" + static? ( !systemd !udev ) + static-libs? ( static !udev ) + systemd? ( udev ) + thin? ( lvm ) +" + +DEPEND_COMMON=" + udev? ( virtual/libudev:= ) + lvm? ( + dev-libs/libaio + sys-apps/util-linux + readline? ( sys-libs/readline:= ) + sanlock? ( sys-cluster/sanlock ) + systemd? ( sys-apps/systemd:= ) + ) +" +# /run is now required for locking during early boot. /var cannot be assumed to +# be available -- thus, pull in recent enough baselayout for /run. +# This version of LVM is incompatible with cryptsetup <1.1.2. +RDEPEND=" + ${DEPEND_COMMON} + >=sys-apps/baselayout-2.2 + lvm? ( + virtual/tmpfiles + thin? ( //g' \ + "${ED}"/etc/conf.d/lvm || die "Could not drop udev from rc_need" + fi + + newinitd "${FILESDIR}"/lvm-monitoring.initd-r3 lvm-monitoring + newinitd "${FILESDIR}"/lvmpolld.initd-r1 lvmpolld + + if use sanlock; then + newinitd "${FILESDIR}"/lvmlockd.initd-r2 lvmlockd + fi + fi + + if use static-libs; then + dolib.a libdm/ioctl/libdevmapper.a + if use lvm; then + # depends on lvmetad + dolib.a libdaemon/client/libdaemonclient.a #462908 + # depends on dmeventd + dolib.a daemons/dmeventd/libdevmapper-event.a + fi + else + rm -f "${ED}"/usr/$(get_libdir)/{libdevmapper-event,liblvm2cmd,liblvm2app,libdevmapper}.a || die + fi + + insinto /etc + doins "${FILESDIR}"/dmtab + + dodoc README VERSION* WHATS_NEW WHATS_NEW_DM doc/*.{c,txt} conf/*.conf +} + +pkg_preinst() { + HAD_LVM=0 + + if has_version 'sys-fs/lvm2[lvm(+)]' ; then + HAD_LVM=1 + fi +} + +pkg_postinst() { + use lvm && tmpfiles_process lvm2.conf + use udev && udev_reload + + # This is a new installation + if [[ -z "${REPLACING_VERSIONS}" ]]; then + if use lvm ; then + ewarn "Make sure the \"lvm\" init script is in the runlevels:" + ewarn "# rc-update add lvm boot" + ewarn + ewarn "Make sure to enable lvmetad in ${EROOT}/etc/lvm/lvm.conf if you want" + ewarn "to enable lvm autoactivation and metadata caching." + else + ewarn "Please enable USE=lvm if you need the LVM daemon and" + ewarn "tools like 'lvchange', 'vgchange', etc!" + fi + else + if ! use lvm && [[ ${HAD_LVM} -eq 1 ]] ; then + ewarn "LVM was previously enabled but is now disabled." + ewarn "Please enable USE=lvm if you need the LVM daemon and" + ewarn "tools like 'lvchange', 'vgchange', etc!" + ewarn "See the 2022-11-19-lvm2-default-USE-flags news item for more details." + fi + fi + + if use udev && [[ -d /run ]] ; then + local permission_run_expected="drwxr-xr-x" + local permission_run=$(stat -c "%A" /run) + if [[ "${permission_run}" != "${permission_run_expected}" ]] ; then + ewarn "Found the following problematic permissions:" + ewarn "" + ewarn " ${permission_run} /run" + ewarn "" + ewarn "Expected:" + ewarn "" + ewarn " ${permission_run_expected} /run" + ewarn "" + ewarn "This is known to cause problems for udev-enabled LVM services." + fi + fi +} + +pkg_postrm() { + if use udev && [[ -z ${REPLACED_BY_VERSION} ]]; then + udev_reload + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/lvm2-2.03.22-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/lvm2-2.03.22-r1.ebuild new file mode 100644 index 0000000000..525b2fc698 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/lvm2-2.03.22-r1.ebuild @@ -0,0 +1,304 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +TMPFILES_OPTIONAL=1 +inherit autotools linux-info systemd toolchain-funcs tmpfiles udev flag-o-matic + +DESCRIPTION="User-land utilities for LVM2 (device-mapper) software" +HOMEPAGE="https://sourceware.org/lvm2/" +SRC_URI="https://sourceware.org/ftp/lvm2/${PN^^}.${PV}.tgz" +S="${WORKDIR}/${PN^^}.${PV}" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" +IUSE="lvm readline sanlock selinux static static-libs systemd thin +udev valgrind" +REQUIRED_USE=" + static? ( !systemd !udev ) + static-libs? ( static !udev ) + systemd? ( udev ) + thin? ( lvm ) +" + +DEPEND_COMMON=" + udev? ( virtual/libudev:= ) + lvm? ( + dev-libs/libaio + sys-apps/util-linux + readline? ( sys-libs/readline:= ) + sanlock? ( sys-cluster/sanlock ) + systemd? ( sys-apps/systemd:= ) + ) +" +# /run is now required for locking during early boot. /var cannot be assumed to +# be available -- thus, pull in recent enough baselayout for /run. +# This version of LVM is incompatible with cryptsetup <1.1.2. +RDEPEND=" + ${DEPEND_COMMON} + >=sys-apps/baselayout-2.2 + lvm? ( + virtual/tmpfiles + thin? ( //g' \ + "${ED}"/etc/conf.d/lvm || die "Could not drop udev from rc_need" + fi + + newinitd "${FILESDIR}"/lvm-monitoring.initd-r3 lvm-monitoring + newinitd "${FILESDIR}"/lvmpolld.initd-r1 lvmpolld + + if use sanlock; then + newinitd "${FILESDIR}"/lvmlockd.initd-r2 lvmlockd + fi + fi + + if use static-libs; then + dolib.a libdm/ioctl/libdevmapper.a + if use lvm; then + # depends on lvmetad + dolib.a libdaemon/client/libdaemonclient.a #462908 + # depends on dmeventd + dolib.a daemons/dmeventd/libdevmapper-event.a + fi + else + rm -f "${ED}"/usr/$(get_libdir)/{libdevmapper-event,liblvm2cmd,liblvm2app,libdevmapper}.a || die + fi + + insinto /etc + doins "${FILESDIR}"/dmtab + + dodoc README VERSION* WHATS_NEW WHATS_NEW_DM doc/*.{c,txt} conf/*.conf +} + +pkg_preinst() { + HAD_LVM=0 + + if has_version 'sys-fs/lvm2[lvm(+)]' ; then + HAD_LVM=1 + fi +} + +pkg_postinst() { + use lvm && tmpfiles_process lvm2.conf + use udev && udev_reload + + # This is a new installation + if [[ -z "${REPLACING_VERSIONS}" ]]; then + if use lvm ; then + ewarn "Make sure the \"lvm\" init script is in the runlevels:" + ewarn "# rc-update add lvm boot" + ewarn + ewarn "Make sure to enable lvmetad in ${EROOT}/etc/lvm/lvm.conf if you want" + ewarn "to enable lvm autoactivation and metadata caching." + else + ewarn "Please enable USE=lvm if you need the LVM daemon and" + ewarn "tools like 'lvchange', 'vgchange', etc!" + fi + else + if ! use lvm && [[ ${HAD_LVM} -eq 1 ]] ; then + ewarn "LVM was previously enabled but is now disabled." + ewarn "Please enable USE=lvm if you need the LVM daemon and" + ewarn "tools like 'lvchange', 'vgchange', etc!" + ewarn "See the 2022-11-19-lvm2-default-USE-flags news item for more details." + fi + fi + + if use udev && [[ -d /run ]] ; then + local permission_run_expected="drwxr-xr-x" + local permission_run=$(stat -c "%A" /run) + if [[ "${permission_run}" != "${permission_run_expected}" ]] ; then + ewarn "Found the following problematic permissions:" + ewarn "" + ewarn " ${permission_run} /run" + ewarn "" + ewarn "Expected:" + ewarn "" + ewarn " ${permission_run_expected} /run" + ewarn "" + ewarn "This is known to cause problems for udev-enabled LVM services." + fi + fi +} + +pkg_postrm() { + if use udev && [[ -z ${REPLACED_BY_VERSION} ]]; then + udev_reload + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/lvm2-2.03.22-r7.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/lvm2-2.03.22-r7.ebuild new file mode 100644 index 0000000000..b64f9dc7b1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/lvm2-2.03.22-r7.ebuild @@ -0,0 +1,317 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +TMPFILES_OPTIONAL=1 +inherit autotools linux-info systemd toolchain-funcs tmpfiles udev flag-o-matic + +DESCRIPTION="User-land utilities for LVM2 (device-mapper) software" +HOMEPAGE="https://sourceware.org/lvm2/" +SRC_URI="https://sourceware.org/ftp/lvm2/${PN^^}.${PV}.tgz" +S="${WORKDIR}/${PN^^}.${PV}" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux" +IUSE="lvm readline sanlock selinux static static-libs systemd thin +udev valgrind" +REQUIRED_USE=" + static? ( !systemd !udev ) + static-libs? ( static !udev ) + systemd? ( udev ) + thin? ( lvm ) +" + +DEPEND_COMMON=" + udev? ( virtual/libudev:= ) + lvm? ( + dev-libs/libaio + sys-apps/util-linux + readline? ( sys-libs/readline:= ) + sanlock? ( sys-cluster/sanlock ) + systemd? ( sys-apps/systemd:= ) + ) +" +# /run is now required for locking during early boot. /var cannot be assumed to +# be available -- thus, pull in recent enough baselayout for /run. +# This version of LVM is incompatible with cryptsetup <1.1.2. +RDEPEND=" + ${DEPEND_COMMON} + >=sys-apps/baselayout-2.2 + lvm? ( virtual/tmpfiles ) +" + +PDEPEND=" + lvm? ( + thin? ( >=sys-block/thin-provisioning-tools-1.0.6 ) + ) +" +# note: thin-0.3.0 is required to avoid --disable-thin_check_needs_check +DEPEND=" + ${DEPEND_COMMON} + static? ( + sys-apps/util-linux[static-libs] + lvm? ( + dev-libs/libaio[static-libs] + readline? ( sys-libs/readline[static-libs] ) + ) + selinux? ( sys-libs/libselinux[static-libs] ) + ) + valgrind? ( >=dev-debug/valgrind-3.6 ) +" +BDEPEND=" + dev-build/autoconf-archive + virtual/pkgconfig +" + +PATCHES=( + # Gentoo specific modification(s): + "${FILESDIR}"/${PN}-2.03.20-example.conf.in.patch + + # For upstream -- review and forward: + "${FILESDIR}"/${PN}-2.03.20-dmeventd-no-idle-exit.patch + "${FILESDIR}"/${PN}-2.03.20-freopen-musl.patch + "${FILESDIR}"/${PN}-2.03.22-autoconf-2.72-egrep.patch + "${FILESDIR}"/${PN}-2.03.22-thin-version-checking.patch + "${FILESDIR}"/${PN}-2.03.22-thin-autodetect.patch + "${FILESDIR}"/${PN}-2.03.22-basename-musl.patch +) + +pkg_setup() { + local CONFIG_CHECK="~SYSVIPC" + + if use udev; then + local WARNING_SYSVIPC="CONFIG_SYSVIPC:\tis not set (required for udev sync)\n" + if linux_config_exists; then + local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) + if [[ -n "${uevent_helper_path}" ]] && [[ "${uevent_helper_path}" != '""' ]]; then + ewarn "It's recommended to set an empty value to the following kernel config option:" + ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" + fi + fi + fi + + check_extra_config + + # 1. Genkernel no longer copies /sbin/lvm blindly. + if use static; then + elog "Warning, we no longer overwrite /sbin/lvm and /sbin/dmsetup with" + elog "their static versions. If you need the static binaries," + elog "you must append .static to the filename!" + fi +} + +src_prepare() { + default + + # Users without systemd get no auto-activation of any logical volume + if ! use systemd ; then + eapply "${FILESDIR}"/${PN}-2.03.20-dm_lvm_rules_no_systemd.patch + fi + + eautoreconf +} + +src_configure() { + filter-lto + + # Workaround for bug #822210 + tc-ld-disable-gold + + # Most of this package does weird stuff. + # The build options are tristate, and --without is NOT supported + # options: 'none', 'internal', 'shared' + local myeconfargs=( + $(use_enable lvm dmfilemapd) + $(use_enable lvm dmeventd) + $(use_enable lvm cmdlib) + $(use_enable lvm fsadm) + $(use_enable lvm lvmpolld) + + # This only causes the .static versions to become available + $(usev static --enable-static_link) + + # dmeventd requires mirrors to be internal, and snapshot available + # so we cannot disable them + --with-mirrors="$(usex lvm internal none)" + --with-snapshots="$(usex lvm internal none)" + ) + + if use lvm && use thin; then + myeconfargs+=( + --with-thin=internal + --enable-thin_check_needs_check + --with-cache=internal + --enable-cache_check_needs_check + ) + local texec + for texec in check dump repair restore; do + myeconfargs+=( --with-thin-${texec}="${EPREFIX}"/usr/sbin/thin_${texec} ) + myeconfargs+=( --with-cache-${texec}="${EPREFIX}"/usr/sbin/cache_${texec} ) + done + else + myeconfargs+=( --with-thin=none --with-cache=none ) + fi + + myeconfargs+=( + # musl doesn't do symbol versioning so can end up with + # runtime breakage. + --with-symvers=$(usex elibc_glibc 'gnu' 'no') + $(use_enable readline) + $(use_enable selinux) + --enable-pkgconfig + --with-confdir="${EPREFIX}"/etc + --exec-prefix="${EPREFIX}" + --sbindir="${EPREFIX}/sbin" + --with-staticdir="${EPREFIX}"/sbin + --libdir="${EPREFIX}/$(get_libdir)" + --with-usrlibdir="${EPREFIX}/usr/$(get_libdir)" + --with-default-dm-run-dir=/run + --with-default-run-dir=/run/lvm + --with-default-locking-dir=/run/lock/lvm + --with-default-pid-dir=/run + $(use_enable udev udev_rules) + $(use_enable udev udev_sync) + $(use_with udev udevdir "${EPREFIX}$(get_udevdir)"/rules.d) + # USE=sanlock requires USE=lvm + $(use_enable $(usex lvm sanlock lvm) lvmlockd-sanlock) + $(use_enable systemd notify-dbus) + $(use_enable systemd app-machineid) + $(use_enable systemd systemd-journal) + $(use_with systemd systemd-run "/usr/bin/systemd-run") + $(use_enable valgrind valgrind-pool) + --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" + CLDFLAGS="${LDFLAGS}" + ) + + econf "${myeconfargs[@]}" +} + +src_compile() { + emake V=1 -C include + + if use lvm ; then + emake V=1 + emake V=1 CC="$(tc-getCC)" -C scripts + else + emake V=1 device-mapper + # https://bugs.gentoo.org/878131 + emake V=1 -C libdm/dm-tools device-mapper + fi +} + +src_test() { + einfo "Tests are disabled because of device-node mucking, if you want to" + einfo "run tests, compile the package and see ${S}/tests" +} + +src_install() { + local targets=() + if use lvm; then + targets+=( install install_tmpfiles_configuration ) + if use systemd; then + # install systemd related files only when requested, bug #522430 + targets+=( install_systemd_units ) + fi + else + targets+=( install_device-mapper ) + fi + + # -j1 for bug #918125 + emake -j1 V=1 DESTDIR="${D}" "${targets[@]}" + + newinitd "${FILESDIR}"/device-mapper.rc-r3 device-mapper + newconfd "${FILESDIR}"/device-mapper.conf-r4 device-mapper + + if use lvm ; then + newinitd "${FILESDIR}"/dmeventd.initd-r3 dmeventd + newinitd "${FILESDIR}"/lvm.rc-r1 lvm + newconfd "${FILESDIR}"/lvm.confd-r4 lvm + if ! use udev ; then + # We keep the variable but remove udev from it. + sed -r -i \ + -e '/^rc_need=/s/\//g' \ + "${ED}"/etc/conf.d/lvm || die "Could not drop udev from rc_need" + fi + + newinitd "${FILESDIR}"/lvm-monitoring.initd-r3 lvm-monitoring + newinitd "${FILESDIR}"/lvmpolld.initd-r1 lvmpolld + + if use sanlock; then + newinitd "${FILESDIR}"/lvmlockd.initd-r2 lvmlockd + fi + fi + + if use static-libs; then + dolib.a libdm/ioctl/libdevmapper.a + if use lvm; then + # depends on lvmetad + dolib.a libdaemon/client/libdaemonclient.a #462908 + # depends on dmeventd + dolib.a daemons/dmeventd/libdevmapper-event.a + fi + else + rm -f "${ED}"/usr/$(get_libdir)/{libdevmapper-event,liblvm2cmd,liblvm2app,libdevmapper}.a || die + fi + + insinto /etc + doins "${FILESDIR}"/dmtab + + dodoc README VERSION* WHATS_NEW WHATS_NEW_DM doc/*.{c,txt} conf/*.conf +} + +pkg_preinst() { + HAD_LVM=0 + + if has_version 'sys-fs/lvm2[lvm(+)]' ; then + HAD_LVM=1 + fi +} + +pkg_postinst() { + use lvm && tmpfiles_process lvm2.conf + use udev && udev_reload + + # This is a new installation + if [[ -z "${REPLACING_VERSIONS}" ]]; then + if use lvm ; then + ewarn "Make sure the \"lvm\" init script is in the runlevels:" + ewarn "# rc-update add lvm boot" + ewarn + ewarn "Make sure to enable lvmetad in ${EROOT}/etc/lvm/lvm.conf if you want" + ewarn "to enable lvm autoactivation and metadata caching." + else + ewarn "Please enable USE=lvm if you need the LVM daemon and" + ewarn "tools like 'lvchange', 'vgchange', etc!" + fi + else + if ! use lvm && [[ ${HAD_LVM} -eq 1 ]] ; then + ewarn "LVM was previously enabled but is now disabled." + ewarn "Please enable USE=lvm if you need the LVM daemon and" + ewarn "tools like 'lvchange', 'vgchange', etc!" + ewarn "See the 2022-11-19-lvm2-default-USE-flags news item for more details." + fi + fi + + if use udev && [[ -d /run ]] ; then + local permission_run_expected="drwxr-xr-x" + local permission_run=$(stat -c "%A" /run) + if [[ "${permission_run}" != "${permission_run_expected}" ]] ; then + ewarn "Found the following problematic permissions:" + ewarn "" + ewarn " ${permission_run} /run" + ewarn "" + ewarn "Expected:" + ewarn "" + ewarn " ${permission_run_expected} /run" + ewarn "" + ewarn "This is known to cause problems for udev-enabled LVM services." + fi + fi +} + +pkg_postrm() { + if use udev && [[ -z ${REPLACED_BY_VERSION} ]]; then + udev_reload + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/metadata.xml new file mode 100644 index 0000000000..33bafa5c0e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/lvm2/metadata.xml @@ -0,0 +1,22 @@ + + + + + base-system@gentoo.org + Gentoo Base System + + + Support for thin volumes + + Build all of LVM2 including daemons and tools like lvchange, not just the device-mapper library (for other packages to use). + + If your system uses LVM2 for managing disks and partitions, enable this flag. + + Enable lvmlockd with support for sanlock + + + cpe:/a:heinz_mauelshagen:lvm2 + lvmteam/lvm2 + lvmteam/lvm2 + + diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/Manifest b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/Manifest new file mode 100644 index 0000000000..d8a958ec1c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/Manifest @@ -0,0 +1,6 @@ +DIST mdadm-4.2.tar.xz 453624 BLAKE2B de7c4318dc5479de41378233869ab84ca2cd0e8a42310157b1acb969e7152af61556fbbe6f17bf6af4dfaf5543e49b1c982d2baeedf1c39b000032f4db7f5502 SHA512 57897a2b7fb8b0b88bece50501099872bb45ddb076cfc323d563588096d2b66b1ecba3724534943f651ace2bfe591482570700616500dc3398552e4f9ff0c37d +DIST mdadm-4.3.tar.xz 465820 BLAKE2B 3b6955339adb6c254a69d698e3b807838f8840e37f7f94280f4a1fbffb082ee694309f4b6f9adc8edfa2071fde324bf00ae0493d5b2e6c8d87796783dfa3ee1c SHA512 e44977f2f80d2471cb313803a60c92dafe8282ac06bbbfd41ae90ca493c64a3da94db924538788d045fd7f0667333912dabedb0b070f9abf5c0540b32e0fa08f +DIST mdadm-4.4.tar.gz 619823 BLAKE2B d368681d94e31db2127a1114ad21b76647ee4b62f701705a93ca8482a58ec10d9cd58c5394bb346da0c58339f759fa6168441250a504931e43c0943b74ceef85 SHA512 08682b27f41a230f188d3b61e22e95ff8808b36c8fc2cba1dff443d39a72b35ba2eaf29ed64c7e5583c177fe6b71df983ec9a80a4128d8f07d58b7435d4700f6 +DIST mdadm_4.2~rc2-7.debian.tar.xz 89904 BLAKE2B dd04f2dd044d0bca85920eaf5c79a288d69c47a7ad7e36509a126c01ef63bd045d7e0530450650028de39d74ad852995ca080c3a73dbcb1cf1b3783118109f35 SHA512 3d36533d2713b663606919b2bfec18b15e18a6a0194e333e38e4a58f175da96af7b1fe16f0c36ee148e14492a4e0710b9fad6ac7856495b63c0176ebb7333be6 +DIST mdadm_4.3-1.debian.tar.xz 86972 BLAKE2B 52af9ddacc402d8c3318bac31b4cd5ac3045e564832546146ba0a18d6a43866ae2c21270ac15f48df98c4f76af0eeae41679ea9e0e265dad44914bd58f27d689 SHA512 1c5203523f0c7fe271d850ab4ad376a449e870f8f1549dc4460adede1f59a1a364e741562954297e7848bae19d1cfe273a31f1bfaf739dd37559a0666abd8517 +DIST mdadm_4.4-3.debian.tar.xz 88948 BLAKE2B 48d2af9477b420f1bbaffebbeaf2389038f8f58846264fcda5f25d72c64c5543a2cd73eb3fba4c7dc834810e3367f571628bdcc43989724f773fc3789514c765 SHA512 8be55fb40e21ad4026339e8e03df1c4889b66f36d4c41627dd60528dc424e5faa10cb20e8e3fbe737eb9af4705eed10bd4e7017353e773ac73cbeaaa3670d2ff diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/files/etc-default-mdadm b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/etc-default-mdadm similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/files/etc-default-mdadm rename to sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/etc-default-mdadm diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/files/mdadm-3.4-sysmacros.patch b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-3.4-sysmacros.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/files/mdadm-3.4-sysmacros.patch rename to sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-3.4-sysmacros.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/files/mdadm-4.2-in_initrd-collision.patch b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.2-in_initrd-collision.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/files/mdadm-4.2-in_initrd-collision.patch rename to sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.2-in_initrd-collision.patch diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.2-mdadm_env.patch b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.2-mdadm_env.patch new file mode 100644 index 0000000000..bd09da5538 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.2-mdadm_env.patch @@ -0,0 +1,36 @@ +--- mdadm-4.2/systemd/SUSE-mdadm_env.sh 2021-12-30 11:43:35.000000000 -0800 ++++ mdadm-4.2/systemd/SUSE-mdadm_env.sh 2024-02-19 12:20:56.509632098 -0800 +@@ -6,6 +7,12 @@ + + MDADM_SCAN="yes" + ++# Gentoo: source conf.d ++mdadmd_CONFIG=/etc/conf.d/mdadm ++if test -r $mdadmd_CONFIG; then ++ . $mdadmd_CONFIG ++fi ++ + # Following adapted from /etc/init.d/mdadmd on openSUSE + + mdadmd_CONFIG=/etc/sysconfig/mdadm +@@ -42,7 +49,8 @@ + fi + + mkdir -p /run/sysconfig +-echo "MDADM_MONITOR_ARGS=$MDADM_RAIDDEVICES $MDADM_DELAY $MDADM_MAIL $MDADM_PROGRAM $MDADM_SCAN $MDADM_SEND_MAIL $MDADM_CONFIG" > /run/sysconfig/mdadm ++# Gentoo: added $MDADM_OPTS to the end. ++echo "MDADM_MONITOR_ARGS=$MDADM_RAIDDEVICES $MDADM_DELAY $MDADM_MAIL $MDADM_PROGRAM $MDADM_SCAN $MDADM_SEND_MAIL $MDADM_CONFIG $MDADM_OPTS" > /run/sysconfig/mdadm + if [ -n "$MDADM_CHECK_DURATION" ]; then + echo "MDADM_CHECK_DURATION=$MDADM_CHECK_DURATION" >> /run/sysconfig/mdadm + fi +--- mdadm-4.2.orig/Makefile 2024-02-19 12:27:19.512400849 -0800 ++++ mdadm-4.2/Makefile 2024-02-19 12:27:39.517338433 -0800 +@@ -298,7 +298,7 @@ + $(INSTALL) -D -m 755 .install.tmp.3 $(DESTDIR)$(SYSTEMD_DIR)-shutdown/$$file ; \ + rm -f .install.tmp.3; \ + done +- if [ -f /etc/SuSE-release -o -n "$(SUSE)" ] ;then $(INSTALL) -D -m 755 systemd/SUSE-mdadm_env.sh $(DESTDIR)$(LIB_DIR)/mdadm_env.sh ;fi ++ $(INSTALL) -D -m 755 systemd/SUSE-mdadm_env.sh $(DESTDIR)$(LIB_DIR)/mdadm_env.sh + + install-bin: mdadm mdmon + $(INSTALL) -D $(STRIP) -m 755 mdadm $(DESTDIR)$(BINDIR)/mdadm diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.3-do-not-call-gcc-directly.patch b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.3-do-not-call-gcc-directly.patch new file mode 100644 index 0000000000..0ba8c45284 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.3-do-not-call-gcc-directly.patch @@ -0,0 +1,53 @@ +https://bugs.gentoo.org/931972 +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=027b2d37a8cd56973d117107acc25a64cfe0a92f + +From b7028334f2dfbb0b11cf1fa34ecb89d5287c367b Mon Sep 17 00:00:00 2001 +From: Gwendal Grignou +Date: Wed, 15 May 2024 14:30:59 -0700 +Subject: [PATCH] Makefile: Do not call gcc directly + +When mdadm is compiled with clang, direct gcc will fail. +Make sure to use $(CC) variable instead. + +Note that Clang does not support --help=warnings -- +-print-diagnostic-options should be used instead. +So with Clang, the compilation will go through, but the +extra warning flags will never be added. + +Signed-off-by: Gwendal Grignou +--- + Makefile | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/Makefile b/Makefile +index adac7905..ec8c4226 100644 +--- a/Makefile ++++ b/Makefile +@@ -56,21 +56,21 @@ CWFLAGS += -Wp -O3 + endif + + ifeq ($(origin FALLTHROUGH), undefined) +- FALLTHROUGH := $(shell gcc -Q --help=warnings 2>&1 | grep "implicit-fallthrough" | wc -l) ++ FALLTHROUGH := $(shell $(CC) $(CFLAGS) -Q --help=warnings 2>&1 | grep "implicit-fallthrough" | wc -l) + ifneq "$(FALLTHROUGH)" "0" + CWFLAGS += -Wimplicit-fallthrough=0 + endif + endif + + ifeq ($(origin FORMATOVERFLOW), undefined) +- FORMATOVERFLOW := $(shell gcc -Q --help=warnings 2>&1 | grep "format-overflow" | wc -l) ++ FORMATOVERFLOW := $(shell $(CC) $(CFLAGS) -Q --help=warnings 2>&1 | grep "format-overflow" | wc -l) + ifneq "$(FORMATOVERFLOW)" "0" + CWFLAGS += -Wformat-overflow + endif + endif + + ifeq ($(origin STRINGOPOVERFLOW), undefined) +- STRINGOPOVERFLOW := $(shell gcc -Q --help=warnings 2>&1 | grep "stringop-overflow" | wc -l) ++ STRINGOPOVERFLOW := $(shell $(CC) $(CFLAGS) -Q --help=warnings 2>&1 | grep "stringop-overflow" | wc -l) + ifneq "$(STRINGOPOVERFLOW)" "0" + CWFLAGS += -Wstringop-overflow + endif +-- +2.45.0.215.g3402c0e53f-goog + diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.3-in_initrd-collision.patch b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.3-in_initrd-collision.patch new file mode 100644 index 0000000000..54e4aadacb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.3-in_initrd-collision.patch @@ -0,0 +1,45 @@ +Fix collision with libudev symbols when statically linking. + +https://bugs.gentoo.org/830485 +--- a/mdadm.h ++++ b/mdadm.h +@@ -1665,7 +1665,7 @@ + extern void udev_block(char *devnm); + extern void udev_unblock(void); + +-extern int in_initrd(void); ++extern int mdadm_in_initrd(void); + + struct cmap_hooks { + void *cmap_handle; /* corosync lib related */ +--- a/mdmon.c ++++ b/mdmon.c +@@ -309,7 +309,7 @@ + {NULL, 0, NULL, 0} + }; + +- if (in_initrd()) { ++ if (mdadm_in_initrd()) { + /* + * set first char of argv[0] to @. This is used by + * systemd to signal that the task was launched from +--- a/util.c ++++ b/util.c +@@ -1960,7 +1960,7 @@ + int len; + pid_t pid; + int status; +- char *prefix = in_initrd() ? "initrd-" : ""; ++ char *prefix = mdadm_in_initrd() ? "initrd-" : ""; + char pathbuf[1024]; + char *paths[4] = { + pathbuf, +@@ -2219,7 +2219,7 @@ + return 0; + } + +-int in_initrd(void) ++int mdadm_in_initrd(void) + { + /* This is based on similar function in systemd. */ + struct statfs s; diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.3-ldflags.patch b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.3-ldflags.patch new file mode 100644 index 0000000000..e8e93d4245 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.3-ldflags.patch @@ -0,0 +1,11 @@ +--- mdadm-4.3/Makefile.orig 2024-03-13 20:11:48.949678469 -0700 ++++ mdadm-4.3/Makefile 2024-03-13 20:11:52.773671814 -0700 +@@ -132,7 +132,7 @@ + MON_LDFLAGS += -pthread + endif + +-LDFLAGS = -Wl,-z,now,-z,noexecstack ++LDFLAGS += -Wl,-z,now,-z,noexecstack + + # If you want a static binary, you might uncomment these + # LDFLAGS += -static diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.3-musl-basename.patch b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.3-musl-basename.patch new file mode 100644 index 0000000000..b8d0c3a7ca --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.3-musl-basename.patch @@ -0,0 +1,19 @@ +https://bugs.gentoo.org/926289#c6 +https://github.com/md-raid-utilities/mdadm/commit/9dbd11e091f84eb0bf9d717283774816c4c4453d +--- a/mdadm.h ++++ b/mdadm.h +@@ -223,6 +223,14 @@ struct dlm_lksb { + struct __una_u16 { __u16 x; } __attribute__ ((packed)); + struct __una_u32 { __u32 x; } __attribute__ ((packed)); + ++/* ++ * Ensure GNU basename behavior on GLIBC less systems. ++ */ ++#ifndef __GLIBC__ ++#define basename(path) \ ++ (strrchr((path), '/') ? strrchr((path),'/') + 1 : (path)) ++#endif ++ + static inline __u16 __get_unaligned16(const void *p) + { + const struct __una_u16 *ptr = (const struct __una_u16 *)p; diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.3-musl-include.patch b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.3-musl-include.patch new file mode 100644 index 0000000000..da9efc9a01 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.3-musl-include.patch @@ -0,0 +1,14 @@ +https://bugs.gentoo.org/926289#c7 +https://github.com/md-raid-utilities/mdadm/commit/8bda86099089b44129ef6206764f9de47a45f0db +--- a/util.c ++++ b/util.c +@@ -36,7 +36,7 @@ + #include + #include + #include +- ++#include + + /* + * following taken from linux/blkpg.h because they aren't + diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.3-musl125-1.patch b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.3-musl125-1.patch new file mode 100644 index 0000000000..a10b56b67b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.3-musl125-1.patch @@ -0,0 +1,44 @@ + +Note- This is also needed for musl-1.2.5 (aside other fixes)- dilfridge + +From 52bead95d2957437c691891fcdc49bd6afccdd49 Mon Sep 17 00:00:00 2001 +From: Fabrice Fontaine +Date: Fri, 12 Apr 2024 18:45:13 +0200 +Subject: Create.c: fix uclibc build + +Define FALLOC_FL_ZERO_RANGE if needed as FALLOC_FL_ZERO_RANGE is only +defined for aarch64 on uclibc-ng resulting in the following or1k build +failure since commit 577fd10486d8d1472a6b559066f344ac30a3a391: + +Create.c: In function 'write_zeroes_fork': +Create.c:155:35: error: 'FALLOC_FL_ZERO_RANGE' undeclared (first use in this function) + 155 | if (fallocate(fd, FALLOC_FL_ZERO_RANGE | FALLOC_FL_KEEP_SIZE, + | ^~~~~~~~~~~~~~~~~~~~ + +Fixes: + - http://autobuild.buildroot.org/results/0e04bcdb591ca5642053e1f7e31384f06581e989 + +Signed-off-by: Fabrice Fontaine +Signed-off-by: Mariusz Tkaczyk +--- + Create.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/Create.c b/Create.c +index 4397ff49..d94253b1 100644 +--- a/Create.c ++++ b/Create.c +@@ -32,6 +32,10 @@ + #include + #include + ++#ifndef FALLOC_FL_ZERO_RANGE ++#define FALLOC_FL_ZERO_RANGE 16 ++#endif ++ + static int round_size_and_verify(unsigned long long *size, int chunk) + { + if (*size == 0) +-- +cgit 1.2.3-korg + diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.3-no-udev.patch b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.3-no-udev.patch new file mode 100644 index 0000000000..dd7ef696ac --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm-4.3-no-udev.patch @@ -0,0 +1,31 @@ +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/patch/?id=1750758c7ff526e3560433f6235e5cfa35cf646a +https://bugs.gentoo.org/928228 + +From 1750758c7ff526e3560433f6235e5cfa35cf646a Mon Sep 17 00:00:00 2001 +From: Mariusz Tkaczyk +Date: Wed, 6 Mar 2024 15:50:55 +0100 +Subject: udev.c: Do not require libudev.h if DNO_LIBUDEV + +libudev may not be presented at all, do not require it. + +Reported-by: Boian Bonev +Signed-off-by: Mariusz Tkaczyk +--- + udev.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/udev.c b/udev.c +index bc4722b0..066e6ab1 100644 +--- a/udev.c ++++ b/udev.c +@@ -26,7 +26,10 @@ + #include + #include + #include ++ ++#ifndef NO_LIBUDEV + #include ++#endif + + static char *unblock_path; + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/files/mdadm.confd b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm.confd similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/files/mdadm.confd rename to sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm.confd diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/files/mdadm.rc b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm.rc similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/files/mdadm.rc rename to sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm.rc diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm.weekly b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm.weekly new file mode 100644 index 0000000000..e2b35b550f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdadm.weekly @@ -0,0 +1,5 @@ +#!/bin/sh +# This requires that AUTOCHECK is true in /etc/default/mdadm +if [ -x /usr/sbin/checkarray ] && [ $(date +\%d) -le 7 ]; then + /usr/sbin/checkarray --cron --all --idle --quiet +fi diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/files/mdraid.confd b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdraid.confd similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/files/mdraid.confd rename to sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdraid.confd diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/files/mdraid.rc b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdraid.rc similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/files/mdraid.rc rename to sdk_container/src/third_party/portage-stable/sys-fs/mdadm/files/mdraid.rc diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/mdadm-4.2-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/mdadm-4.2-r3.ebuild similarity index 70% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/mdadm-4.2-r1.ebuild rename to sdk_container/src/third_party/portage-stable/sys-fs/mdadm/mdadm-4.2-r3.ebuild index cc41f29d25..55ff5a471b 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/mdadm-4.2-r1.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/mdadm-4.2-r3.ebuild @@ -1,9 +1,6 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -# Flatcar: Based on mdadm-4.2-r1.ebuild from commit -# 81a13f851b7502d547ff8c0434bf64a443877fb1 in Gentoo repo (see -# https://gitweb.gentoo.org/repo/gentoo.git/plain/sys-fs/mdadm/mdadm-4.2-r1.ebuild?id=81a13f851b7502d547ff8c0434bf64a443877fb1). EAPI=7 inherit flag-o-matic systemd toolchain-funcs udev @@ -16,23 +13,17 @@ SRC_URI="https://www.kernel.org/pub/linux/utils/raid/mdadm/${P/_/-}.tar.xz LICENSE="GPL-2" SLOT="0" -# Flatcar: Build for amd64 and arm64 -KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" +[[ "${PV}" = *_rc* ]] || \ +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ppc ppc64 ~riscv sparc x86" IUSE="static systemd +udev" -# Only sys-fs/eudev provides static-libs right now, so if you have systemd, -# you need to choose between static or udev, as your udev won't have static libs. -# bug #830485 -REQUIRED_USE="systemd? ( ?? ( static udev ) )" +REQUIRED_USE="static? ( !udev )" BDEPEND="app-arch/xz-utils virtual/pkgconfig" -DEPEND="udev? ( - static? ( !systemd? ( sys-fs/eudev[static-libs] ) ) - !static? ( virtual/libudev:= ) - )" -RDEPEND=">=sys-apps/util-linux-2.16 - udev? ( !static? ( virtual/libudev:= ) )" +DEPEND="udev? ( virtual/libudev:= )" +RDEPEND="${DEPEND} + >=sys-apps/util-linux-2.16" # The tests edit values in /proc and run tests on software raid devices. # Thus, they shouldn't be run on systems with active software RAID devices. @@ -41,6 +32,7 @@ RESTRICT="test" PATCHES=( "${FILESDIR}/${PN}"-3.4-sysmacros.patch #580188 "${FILESDIR}/${PN}"-4.2-in_initrd-collision.patch #830461 + "${FILESDIR}/${PN}"-4.2-mdadm_env.patch #628968 ) mdadm_emake() { @@ -69,6 +61,9 @@ src_compile() { # CPPFLAGS won't work for this use udev || append-cflags -DNO_LIBUDEV + # bug 907082 + use elibc_musl && append-cppflags -D_LARGEFILE64_SOURCE + mdadm_emake all } @@ -96,13 +91,12 @@ src_install() { insinto /etc/default newins "${FILESDIR}"/etc-default-mdadm mdadm - systemd_dounit "${FILESDIR}"/mdadm.service - systemd_dounit "${FILESDIR}"/mdadm.timer - - systemd_enable_service timers.target mdadm.timer + exeinto /etc/cron.weekly + newexe "${FILESDIR}"/mdadm.weekly mdadm } pkg_postinst() { + udev_reload if ! systemd_is_booted; then if [[ -z ${REPLACING_VERSIONS} ]] ; then # Only inform people the first time they install. @@ -112,3 +106,7 @@ pkg_postinst() { fi fi } + +pkg_postrm() { + udev_reload +} diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/mdadm-4.3-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/mdadm-4.3-r1.ebuild new file mode 100644 index 0000000000..a2271bcf25 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/mdadm-4.3-r1.ebuild @@ -0,0 +1,128 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit flag-o-matic systemd toolchain-funcs udev + +DESCRIPTION="Tool for running RAID systems - replacement for the raidtools" +HOMEPAGE="https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/" +DEB_PF="4.3-1" +SRC_URI="https://www.kernel.org/pub/linux/utils/raid/mdadm/${P/_/-}.tar.xz + mirror://debian/pool/main/m/mdadm/${PN}_${DEB_PF}.debian.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +[[ "${PV}" = *_rc* ]] || \ +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ppc ppc64 ~riscv sparc x86" +IUSE="static systemd +udev corosync" + +REQUIRED_USE="static? ( !udev )" + +BDEPEND="virtual/pkgconfig" +DEPEND="udev? ( virtual/libudev:= ) + corosync? ( sys-cluster/corosync )" +RDEPEND="${DEPEND} + >=sys-apps/util-linux-2.16" + +# The tests edit values in /proc and run tests on software raid devices. +# Thus, they shouldn't be run on systems with active software RAID devices. +RESTRICT="test" + +PATCHES=( + #"${FILESDIR}/${PN}"-3.4-sysmacros.patch #580188 # upstream has it later in the list of includes as of 4.3. + "${FILESDIR}/${PN}"-4.3-in_initrd-collision.patch #830461 + "${FILESDIR}/${PN}"-4.2-mdadm_env.patch #628968 + "${FILESDIR}/${PN}"-4.3-ldflags.patch + "${FILESDIR}/${PN}"-4.3-no-udev.patch + "${FILESDIR}/${PN}"-4.3-musl125-1.patch + "${FILESDIR}/${PN}"-4.3-do-not-call-gcc-directly.patch # 931972 + "${FILESDIR}/${PN}"-4.3-musl-basename.patch + "${FILESDIR}/${PN}"-4.3-musl-include.patch + "${WORKDIR}/debian/patches/debian/0001-fix-manpages.patch" + "${WORKDIR}/debian/patches/debian/0003-host-name-in-default-mailfrom.patch" + "${WORKDIR}/debian/patches/debian/0004-exit-gracefully-when-md-device-not-found.patch" + "${WORKDIR}/debian/patches/debian/0007-no-Werror.patch" +) + +mdadm_emake() { + # We should probably make libdlm into USE flags. #573782 + local args=( + PKG_CONFIG="$(tc-getPKG_CONFIG)" + CC="$(tc-getCC)" + CWFLAGS="-Wall -fPIE" + CXFLAGS="${CFLAGS}" + LDFLAGS="${LDFLAGS}" + UDEVDIR="$(get_udevdir)" + SYSTEMD_DIR="$(systemd_get_systemunitdir)" + COROSYNC="$(usex corosync '' -DNO_COROSYNC)" + DLM="-DNO_DLM" + + # https://bugs.gentoo.org/732276 + STRIP= + + "$@" + ) + emake "${args[@]}" +} + +src_compile() { + use static && append-ldflags -static + + # CPPFLAGS won't work for this + use udev || append-cflags -DNO_LIBUDEV + + # bug 907082 + use elibc_musl && append-cppflags -D_LARGEFILE64_SOURCE + + mdadm_emake all +} + +src_test() { + mdadm_emake test + + sh ./test || die +} + +src_install() { + mdadm_emake DESTDIR="${D}" install install-systemd + dodoc ChangeLog INSTALL TODO README* ANNOUNCE-* + + # install mdcheck_start.service + # needed for systemd units https://bugs.gentoo.org/833000 + exeinto /usr/share/mdadm/ + doexe misc/mdcheck + + insinto /etc + newins mdadm.conf-example mdadm.conf + newinitd "${FILESDIR}"/mdadm.rc mdadm + newconfd "${FILESDIR}"/mdadm.confd mdadm + newinitd "${FILESDIR}"/mdraid.rc mdraid + newconfd "${FILESDIR}"/mdraid.confd mdraid + + # From the Debian patchset + into /usr + dodoc "${WORKDIR}"/debian/local/doc/README.checkarray + dosbin "${WORKDIR}"/debian/local/bin/checkarray + insinto /etc/default + newins "${FILESDIR}"/etc-default-mdadm mdadm + + exeinto /etc/cron.weekly + newexe "${FILESDIR}"/mdadm.weekly mdadm +} + +pkg_postinst() { + udev_reload + if ! systemd_is_booted; then + if [[ -z ${REPLACING_VERSIONS} ]] ; then + # Only inform people the first time they install. + elog "If you're not relying on kernel auto-detect of your RAID" + elog "devices, you need to add 'mdraid' to your 'boot' runlevel:" + elog " rc-update add mdraid boot" + fi + fi +} + +pkg_postrm() { + udev_reload +} diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/mdadm-4.3.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/mdadm-4.3.ebuild new file mode 100644 index 0000000000..e503b5875f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/mdadm-4.3.ebuild @@ -0,0 +1,126 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit flag-o-matic systemd toolchain-funcs udev + +DESCRIPTION="Tool for running RAID systems - replacement for the raidtools" +HOMEPAGE="https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/" +DEB_PF="4.3-1" +SRC_URI="https://www.kernel.org/pub/linux/utils/raid/mdadm/${P/_/-}.tar.xz + mirror://debian/pool/main/m/mdadm/${PN}_${DEB_PF}.debian.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +[[ "${PV}" = *_rc* ]] || \ +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" +IUSE="static systemd +udev corosync" + +REQUIRED_USE="static? ( !udev )" + +BDEPEND="app-arch/xz-utils + virtual/pkgconfig" +DEPEND="udev? ( virtual/libudev:= ) + corosync? ( sys-cluster/corosync )" +RDEPEND="${DEPEND} + >=sys-apps/util-linux-2.16" + +# The tests edit values in /proc and run tests on software raid devices. +# Thus, they shouldn't be run on systems with active software RAID devices. +RESTRICT="test" + +PATCHES=( + #"${FILESDIR}/${PN}"-3.4-sysmacros.patch #580188 # upstream has it later in the list of includes as of 4.3. + "${FILESDIR}/${PN}"-4.3-in_initrd-collision.patch #830461 + "${FILESDIR}/${PN}"-4.2-mdadm_env.patch #628968 + "${FILESDIR}/${PN}"-4.3-ldflags.patch + "${FILESDIR}/${PN}"-4.3-no-udev.patch + "${FILESDIR}/${PN}"-4.3-musl125-1.patch + "${WORKDIR}/debian/patches/debian/0001-fix-manpages.patch" + "${WORKDIR}/debian/patches/debian/0003-host-name-in-default-mailfrom.patch" + "${WORKDIR}/debian/patches/debian/0004-exit-gracefully-when-md-device-not-found.patch" + "${WORKDIR}/debian/patches/debian/0007-no-Werror.patch" +) + +mdadm_emake() { + # We should probably make corosync & libdlm into USE flags. #573782 + local args=( + PKG_CONFIG="$(tc-getPKG_CONFIG)" + CC="$(tc-getCC)" + CWFLAGS="-Wall" + CXFLAGS="${CFLAGS}" + LDFLAGS="${LDFLAGS}" + UDEVDIR="$(get_udevdir)" + SYSTEMD_DIR="$(systemd_get_systemunitdir)" + COROSYNC="$(usex corosync '' -DNO_COROSYNC)" + DLM="-DNO_DLM" + + # https://bugs.gentoo.org/732276 + STRIP= + + "$@" + ) + emake "${args[@]}" +} + +src_compile() { + use static && append-ldflags -static + + # CPPFLAGS won't work for this + use udev || append-cflags -DNO_LIBUDEV + + # bug 907082 + use elibc_musl && append-cppflags -D_LARGEFILE64_SOURCE + + mdadm_emake all +} + +src_test() { + mdadm_emake test + + sh ./test || die +} + +src_install() { + mdadm_emake DESTDIR="${D}" install install-systemd + dodoc ChangeLog INSTALL TODO README* ANNOUNCE-* + + # install mdcheck_start.service + # needed for systemd units https://bugs.gentoo.org/833000 + exeinto /usr/share/mdadm/ + doexe misc/mdcheck + + insinto /etc + newins mdadm.conf-example mdadm.conf + newinitd "${FILESDIR}"/mdadm.rc mdadm + newconfd "${FILESDIR}"/mdadm.confd mdadm + newinitd "${FILESDIR}"/mdraid.rc mdraid + newconfd "${FILESDIR}"/mdraid.confd mdraid + + # From the Debian patchset + into /usr + dodoc "${WORKDIR}"/debian/local/doc/README.checkarray + dosbin "${WORKDIR}"/debian/local/bin/checkarray + insinto /etc/default + newins "${FILESDIR}"/etc-default-mdadm mdadm + + exeinto /etc/cron.weekly + newexe "${FILESDIR}"/mdadm.weekly mdadm +} + +pkg_postinst() { + udev_reload + if ! systemd_is_booted; then + if [[ -z ${REPLACING_VERSIONS} ]] ; then + # Only inform people the first time they install. + elog "If you're not relying on kernel auto-detect of your RAID" + elog "devices, you need to add 'mdraid' to your 'boot' runlevel:" + elog " rc-update add mdraid boot" + fi + fi +} + +pkg_postrm() { + udev_reload +} diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/mdadm-4.4.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/mdadm-4.4.ebuild new file mode 100644 index 0000000000..25366a118d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/mdadm-4.4.ebuild @@ -0,0 +1,122 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit flag-o-matic systemd toolchain-funcs udev + +DEB_PF="4.4-3" +DESCRIPTION="Tool for running RAID systems - replacement for the raidtools" +HOMEPAGE="https://github.com/md-raid-utilities/mdadm https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/" +SRC_URI="https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/snapshot/${P}.tar.gz" +SRC_URI+=" mirror://debian/pool/main/m/mdadm/${PN}_${DEB_PF}.debian.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +if [[ ${PV} != *_rc* ]] ; then + KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ppc ppc64 ~riscv sparc x86" +fi +IUSE="static systemd +udev corosync" +REQUIRED_USE="static? ( !udev )" + +BDEPEND="virtual/pkgconfig" +DEPEND=" + udev? ( virtual/libudev:= ) + corosync? ( sys-cluster/corosync ) +" +RDEPEND=" + ${DEPEND} + >=sys-apps/util-linux-2.16 +" + +# The tests edit values in /proc and run tests on software raid devices. +# Thus, they shouldn't be run on systems with active software RAID devices. +RESTRICT="test" + +PATCHES=( + "${WORKDIR}/debian/patches/debian" +) + +mdadm_emake() { + # We should probably make libdlm into USE flags (bug #573782) + local args=( + PKG_CONFIG="$(tc-getPKG_CONFIG)" + CC="$(tc-getCC)" + CWFLAGS="-Wall -fPIE" + CXFLAGS="${CFLAGS}" + LDFLAGS="${LDFLAGS}" + UDEVDIR="$(get_udevdir)" + SYSTEMD_DIR="$(systemd_get_systemunitdir)" + COROSYNC="$(usev !corosync '-DNO_COROSYNC')" + DLM="-DNO_DLM" + + # bug #732276 + STRIP= + + "$@" + ) + + emake "${args[@]}" +} + +src_compile() { + use static && append-ldflags -static + + # CPPFLAGS won't work for this + use udev || append-cflags -DNO_LIBUDEV + + # bug 907082 + use elibc_musl && append-cppflags -D_LARGEFILE64_SOURCE + + mdadm_emake all +} + +src_test() { + mdadm_emake test + + sh ./test || die +} + +src_install() { + mdadm_emake DESTDIR="${D}" install install-systemd + + einstalldocs + + # install mdcheck_start.service, needed for systemd units (bug #833000) + exeinto /usr/share/mdadm/ + doexe misc/mdcheck + + insinto /etc + newins documentation/mdadm.conf-example mdadm.conf + newinitd "${FILESDIR}"/mdadm.rc mdadm + newconfd "${FILESDIR}"/mdadm.confd mdadm + newinitd "${FILESDIR}"/mdraid.rc mdraid + newconfd "${FILESDIR}"/mdraid.confd mdraid + + # From the Debian patchset + into /usr + dodoc "${WORKDIR}"/debian/local/doc/README.checkarray + dosbin "${WORKDIR}"/debian/local/bin/checkarray + insinto /etc/default + newins "${FILESDIR}"/etc-default-mdadm mdadm + + exeinto /etc/cron.weekly + newexe "${FILESDIR}"/mdadm.weekly mdadm +} + +pkg_postinst() { + udev_reload + + if ! systemd_is_booted; then + if [[ -z ${REPLACING_VERSIONS} ]] ; then + # Only inform people the first time they install. + elog "If you're not relying on kernel auto-detect of your RAID" + elog "devices, you need to add 'mdraid' to your 'boot' runlevel:" + elog " rc-update add mdraid boot" + fi + fi +} + +pkg_postrm() { + udev_reload +} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/metadata.xml similarity index 70% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/metadata.xml rename to sdk_container/src/third_party/portage-stable/sys-fs/mdadm/metadata.xml index 536bb38d9f..c5395c9d19 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/mdadm/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/sys-fs/mdadm/metadata.xml @@ -5,7 +5,11 @@ base-system@gentoo.org Gentoo Base System + + Support for corosync cluster engine + cpe:/a:mdadm_project:mdadm + md-raid-utilities/mdadm diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/timezone-data/Manifest b/sdk_container/src/third_party/portage-stable/sys-libs/timezone-data/Manifest new file mode 100644 index 0000000000..f8d417b26c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/timezone-data/Manifest @@ -0,0 +1,2 @@ +DIST tzdb-2025a.tar.lz 548434 BLAKE2B cccd37ca71bfde7e56ed5138be5a610ec9d5ca59658b90e5e2a10af9221ed6d09b24b106bef46b04bbc97bff74b6e97a1f800c078a523aa32c13416a33264df2 SHA512 1e8c4e141158d63ca5c39babc9d18c32df14e2e59bc7649a7fed8c3e577f7b175bafa43883cf351139ff198515f5f8c22b1418e2ac7efb7f837faa8f61d2574d +DIST tzdb-2025b.tar.lz 549879 BLAKE2B 6930d475e7fa2c29d7c6c9a1d3c8a8e4ec80745d3f8d7be6b74ae1fc1ba06fbe362e5ff96f6e3b6faa4e15240973ec4162a7f764cddf451029776f443966824c SHA512 4f4afca86645ca5564a9d7d3ddc36e6b07c15c1b87cd4edbbcae72c6be4e6154e4ad1966407a7081237550301f1093af53dd8a486effb95f7cf3e5721db47c8f diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/timezone-data/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-libs/timezone-data/metadata.xml similarity index 90% rename from sdk_container/src/third_party/coreos-overlay/sys-libs/timezone-data/metadata.xml rename to sdk_container/src/third_party/portage-stable/sys-libs/timezone-data/metadata.xml index 0e4c5ee4f0..3ff1474e99 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/timezone-data/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/sys-libs/timezone-data/metadata.xml @@ -16,4 +16,7 @@ is used. Not all programs can handle 'slim' format'. + + eggert/tz + diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/timezone-data/timezone-data-2025a-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/timezone-data/timezone-data-2025a-r1.ebuild new file mode 100644 index 0000000000..3666f8f638 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/timezone-data/timezone-data-2025a-r1.ebuild @@ -0,0 +1,169 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit toolchain-funcs flag-o-matic unpacker + +DESCRIPTION="Timezone data (/usr/share/zoneinfo) and utilities (tzselect/zic/zdump)" +HOMEPAGE="https://www.iana.org/time-zones" +SRC_URI=" + https://data.iana.org/time-zones/releases/tzdb-${PV}.tar.lz +" +S="${WORKDIR}"/tzdb-${PV} + +LICENSE="BSD public-domain" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +IUSE="nls leaps-timezone zic-slim" + +DEPEND="nls? ( virtual/libintl )" +RDEPEND=" + ${DEPEND} + !sys-libs/glibc[vanilla(+)] +" +BDEPEND="$(unpacker_src_uri_depends)" + +src_prepare() { + default + + if tc-is-cross-compiler ; then + cp -pR "${S}" "${S}"-native || die + fi +} + +src_configure() { + tc-export CC + + # bug #471102 + append-lfs-flags + + if use elibc_Darwin ; then + # bug #138251 + append-cppflags -DSTD_INSPIRED + fi + + append-cppflags -DHAVE_GETTEXT=$(usex nls 1 0) -DTZ_DOMAIN='\"libc\"' + + # Upstream default is 'slim', but it breaks quite a few programs + # that parse /etc/localtime directly: bug #747538. + append-cppflags -DZIC_BLOAT_DEFAULT='\"'$(usex zic-slim slim fat)'\"' + + LDLIBS="" + if use nls ; then + # See if an external libintl is available. bug #154181, bug #578424 + local c="${T}/test" + echo 'int main(){}' > "${c}.c" || die + if $(tc-getCC) ${CPPFLAGS} ${CFLAGS} ${LDFLAGS} "${c}.c" -o "${c}" -lintl 2>/dev/null ; then + LDLIBS+=" -lintl" + fi + fi +} + +_emake() { + emake \ + REDO=$(usex leaps-timezone posix_right posix_only) \ + TOPDIR="${EPREFIX}" \ + ZICDIR='$(TOPDIR)/usr/bin' \ + "$@" +} + +src_compile() { + tc-export AR CC RANLIB + + _emake \ + CFLAGS="${CFLAGS} -std=gnu99 ${CPPFLAGS}" \ + LDFLAGS="${LDFLAGS}" \ + LDLIBS="${LDLIBS}" + + if tc-is-cross-compiler ; then + _emake -C "${S}"-native \ + AR="$(tc-getBUILD_AR)" \ + CC="$(tc-getBUILD_CC)" \ + RANLIB="$(tc-getBUILD_RANLIB)" \ + CFLAGS="${BUILD_CFLAGS} ${BUILD_CPPFLAGS}" \ + LDFLAGS="${BUILD_LDFLAGS}" \ + LDLIBS="${LDLIBS}" \ + zic + fi +} + +src_test() { + # CURL is used for extended/web based tests. Punt on them. + emake check CURL=: +} + +src_install() { + local zic="" + tc-is-cross-compiler && zic="zic=${S}-native/zic" + _emake install ${zic} DESTDIR="${D}" LIBDIR="/nukeit" + rm -rf "${D}/nukeit" "${ED}/etc" || die + + insinto /usr/share/zoneinfo + doins "${S}"/leap-seconds.list + + # Delete man pages installed by man-pages package. + rm "${ED}"/usr/share/man/man5/tzfile.5* "${ED}"/usr/share/man/man8/{tzselect,zdump,zic}.8 || die + dodoc CONTRIBUTING README NEWS *.html +} + +configure_tz_data() { + # Make sure the /etc/localtime file does not get stale, bug #127899 + local tz src="${EROOT}/etc/timezone" etc_lt="${EROOT}/etc/localtime" + + # If it's a symlink, assume the user knows what they're doing and + # they're managing it themselves, bug #511474 + if [[ -L "${etc_lt}" ]] ; then + einfo "Skipping update: ${etc_lt} is a symlink." + if [[ -e ${src} ]]; then + einfo "Removing ${src}." + rm "${src}" + fi + return 0 + fi + + if [[ ! -e ${src} ]] ; then + einfo "Skipping update: ${src} does not exist." + return 0 + fi + + tz=$(sed -e 's:#.*::' -e 's:[[:space:]]*::g' -e '/^$/d' "${src}") + + if [[ -z ${tz} ]]; then + einfo "Skipping update: ${src} is empty." + return 0 + fi + + local tzpath="${EROOT}/usr/share/zoneinfo/${tz}" + + if [[ ! -e ${tzpath} ]]; then + ewarn "The timezone specified in ${src} is not valid!" + return 1 + fi + + if [[ -f ${etc_lt} ]]; then + # If a regular file already exists, copy over it. + ewarn "Found a regular file at ${etc_lt}." + ewarn "Some software may expect a symlink instead." + ewarn "Convert it to a symlink by removing the file and running:" + ewarn " emerge --config sys-libs/timezone-data" + einfo "Copying ${tzpath} to ${etc_lt}." + cp -f "${tzpath}" "${etc_lt}" + else + # Otherwise, create a symlink and remove the timezone file. + tzpath="../usr/share/zoneinfo/${tz}" + einfo "Linking ${tzpath} at ${etc_lt}." + if ln -snf "${tzpath}" "${etc_lt}"; then + einfo "Removing ${src}." + rm -f "${src}" + fi + fi +} + +pkg_config() { + configure_tz_data +} + +pkg_postinst() { + configure_tz_data +} diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/timezone-data/timezone-data-2025b.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/timezone-data/timezone-data-2025b.ebuild new file mode 100644 index 0000000000..89f2544d57 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/timezone-data/timezone-data-2025b.ebuild @@ -0,0 +1,169 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit toolchain-funcs flag-o-matic unpacker + +DESCRIPTION="Timezone data (/usr/share/zoneinfo) and utilities (tzselect/zic/zdump)" +HOMEPAGE="https://www.iana.org/time-zones" +SRC_URI=" + https://data.iana.org/time-zones/releases/tzdb-${PV}.tar.lz +" +S="${WORKDIR}"/tzdb-${PV} + +LICENSE="BSD public-domain" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +IUSE="nls leaps-timezone zic-slim" + +DEPEND="nls? ( virtual/libintl )" +RDEPEND=" + ${DEPEND} + !sys-libs/glibc[vanilla(+)] +" +BDEPEND="$(unpacker_src_uri_depends)" + +src_prepare() { + default + + if tc-is-cross-compiler ; then + cp -pR "${S}" "${S}"-native || die + fi +} + +src_configure() { + tc-export CC + + # bug #471102 + append-lfs-flags + + if use elibc_Darwin ; then + # bug #138251 + append-cppflags -DSTD_INSPIRED + fi + + append-cppflags -DHAVE_GETTEXT=$(usex nls 1 0) -DTZ_DOMAIN='\"libc\"' + + # Upstream default is 'slim', but it breaks quite a few programs, + # that parse /etc/localtime directly: bug #747538. + append-cppflags -DZIC_BLOAT_DEFAULT='\"'$(usex zic-slim slim fat)'\"' + + LDLIBS="" + if use nls ; then + # See if an external libintl is available. bug #154181, bug #578424 + local c="${T}/test" + echo 'int main(){}' > "${c}.c" || die + if $(tc-getCC) ${CPPFLAGS} ${CFLAGS} ${LDFLAGS} "${c}.c" -o "${c}" -lintl 2>/dev/null ; then + LDLIBS+=" -lintl" + fi + fi +} + +_emake() { + emake \ + REDO=$(usex leaps-timezone posix_right posix_only) \ + TOPDIR="${EPREFIX}" \ + ZICDIR='$(TOPDIR)/usr/bin' \ + "$@" +} + +src_compile() { + tc-export AR CC RANLIB + + _emake \ + CFLAGS="${CFLAGS} -std=gnu99 ${CPPFLAGS}" \ + LDFLAGS="${LDFLAGS}" \ + LDLIBS="${LDLIBS}" + + if tc-is-cross-compiler ; then + _emake -C "${S}"-native \ + AR="$(tc-getBUILD_AR)" \ + CC="$(tc-getBUILD_CC)" \ + RANLIB="$(tc-getBUILD_RANLIB)" \ + CFLAGS="${BUILD_CFLAGS} ${BUILD_CPPFLAGS}" \ + LDFLAGS="${BUILD_LDFLAGS}" \ + LDLIBS="${LDLIBS}" \ + zic + fi +} + +src_test() { + # CURL is used for extended/web based tests. Punt on them. + emake check CURL=: +} + +src_install() { + local zic="" + tc-is-cross-compiler && zic="zic=${S}-native/zic" + _emake install ${zic} DESTDIR="${D}" LIBDIR="/nukeit" + rm -rf "${D}/nukeit" "${ED}/etc" || die + + insinto /usr/share/zoneinfo + doins "${S}"/leap-seconds.list + + # Delete man pages installed by man-pages package. + rm "${ED}"/usr/share/man/man5/tzfile.5* "${ED}"/usr/share/man/man8/{tzselect,zdump,zic}.8 || die + dodoc CONTRIBUTING README NEWS *.html +} + +configure_tz_data() { + # Make sure the /etc/localtime file does not get stale, bug #127899 + local tz src="${EROOT}/etc/timezone" etc_lt="${EROOT}/etc/localtime" + + # If it's a symlink, assume the user knows what they're doing and + # they're managing it themselves, bug #511474 + if [[ -L "${etc_lt}" ]] ; then + einfo "Skipping update: ${etc_lt} is a symlink." + if [[ -e ${src} ]]; then + einfo "Removing ${src}." + rm "${src}" + fi + return 0 + fi + + if [[ ! -e ${src} ]] ; then + einfo "Skipping update: ${src} does not exist." + return 0 + fi + + tz=$(sed -e 's:#.*::' -e 's:[[:space:]]*::g' -e '/^$/d' "${src}") + + if [[ -z ${tz} ]]; then + einfo "Skipping update: ${src} is empty." + return 0 + fi + + local tzpath="${EROOT}/usr/share/zoneinfo/${tz}" + + if [[ ! -e ${tzpath} ]]; then + ewarn "The timezone specified in ${src} is not valid!" + return 1 + fi + + if [[ -f ${etc_lt} ]]; then + # If a regular file already exists, copy over it. + ewarn "Found a regular file at ${etc_lt}." + ewarn "Some software may expect a symlink instead." + ewarn "Convert it to a symlink by removing the file and running:" + ewarn " emerge --config sys-libs/timezone-data" + einfo "Copying ${tzpath} to ${etc_lt}." + cp -f "${tzpath}" "${etc_lt}" + else + # Otherwise, create a symlink and remove the timezone file. + tzpath="../usr/share/zoneinfo/${tz}" + einfo "Linking ${tzpath} at ${etc_lt}." + if ln -snf "${tzpath}" "${etc_lt}"; then + einfo "Removing ${src}." + rm -f "${src}" + fi + fi +} + +pkg_config() { + configure_tz_data +} + +pkg_postinst() { + configure_tz_data +} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/udev-init-scripts/Manifest b/sdk_container/src/third_party/prefix-overlay/sys-fs/udev-init-scripts/Manifest similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/udev-init-scripts/Manifest rename to sdk_container/src/third_party/prefix-overlay/sys-fs/udev-init-scripts/Manifest diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/udev-init-scripts/metadata.xml b/sdk_container/src/third_party/prefix-overlay/sys-fs/udev-init-scripts/metadata.xml similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/udev-init-scripts/metadata.xml rename to sdk_container/src/third_party/prefix-overlay/sys-fs/udev-init-scripts/metadata.xml diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/udev-init-scripts/udev-init-scripts-35.ebuild b/sdk_container/src/third_party/prefix-overlay/sys-fs/udev-init-scripts/udev-init-scripts-35.ebuild similarity index 86% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/udev-init-scripts/udev-init-scripts-35.ebuild rename to sdk_container/src/third_party/prefix-overlay/sys-fs/udev-init-scripts/udev-init-scripts-35.ebuild index 866d0ce54c..582d066209 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/udev-init-scripts/udev-init-scripts-35.ebuild +++ b/sdk_container/src/third_party/prefix-overlay/sys-fs/udev-init-scripts/udev-init-scripts-35.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -6,12 +6,12 @@ OLD_PN=udev-gentoo-scripts OLD_P=${OLD_PN}-${PV} if [ "${PV}" = "9999" ]; then - EGIT_REPO_URI="https://anongit.gentoo.org/proj/${OLD_PN}.git" + EGIT_REPO_URI="https://anongit.gentoo.org/git/proj/${OLD_PN}.git" inherit git-r3 else SRC_URI="https://gitweb.gentoo.org/proj/${OLD_PN}.git/snapshot/${OLD_P}.tar.gz -> ${P}.tar.gz" S="${WORKDIR}/${OLD_P}" - KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" + KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" fi DESCRIPTION="udev startup scripts for openrc" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-fs/udev-init-scripts/udev-init-scripts-9999.ebuild b/sdk_container/src/third_party/prefix-overlay/sys-fs/udev-init-scripts/udev-init-scripts-9999.ebuild similarity index 86% rename from sdk_container/src/third_party/coreos-overlay/sys-fs/udev-init-scripts/udev-init-scripts-9999.ebuild rename to sdk_container/src/third_party/prefix-overlay/sys-fs/udev-init-scripts/udev-init-scripts-9999.ebuild index 7c9229bd76..6a7f0d673f 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-fs/udev-init-scripts/udev-init-scripts-9999.ebuild +++ b/sdk_container/src/third_party/prefix-overlay/sys-fs/udev-init-scripts/udev-init-scripts-9999.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -6,12 +6,12 @@ OLD_PN=udev-gentoo-scripts OLD_P=${OLD_PN}-${PV} if [ "${PV}" = "9999" ]; then - EGIT_REPO_URI="https://anongit.gentoo.org/proj/${OLD_PN}.git" + EGIT_REPO_URI="https://anongit.gentoo.org/git/proj/${OLD_PN}.git" inherit git-r3 else SRC_URI="https://gitweb.gentoo.org/proj/${OLD_PN}.git/snapshot/${OLD_P}.tar.gz -> ${P}.tar.gz" S="${WORKDIR}/${OLD_P}" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" fi DESCRIPTION="udev startup scripts for openrc"