mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2026-05-04 19:56:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

sdk_container/src/third_party/coreos-overlay : merge contents of version flatcar-3033

Browse Source
This commit is contained in:
Thilo Fromm 2023-04-13 13:23:19 +02:00
commit 5f6d3c0b84
1264 changed files with 57719 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sdk_container/src/third_party/coreos-overlay/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
metadata/md5-cache

21
sdk_container/src/third_party/coreos-overlay/.travis.yml vendored Normal file
View File

@ -0,0 +1,21 @@
# Derived from https://github.com/mrueg/repoman-travis/
sudo: required
language: python
python:
- pypy
# For some reason portage is defaulting to lbzip2/lbunzip2 here and then complaining when they don't
# exist, so use plain old b{,un}zip2.
env:
- PORTAGE_VER="2.3.40" PORTAGE_BZIP2_COMMAND="bzip2" PORTAGE_BUNZIP2_COMMAND="bunzip2"
before_install:
- sudo apt-get -qq update
- pip install lxml pyyaml
before_script: ./.travis/setup_repoman.sh
script:
- cd /usr/coreos-overlay
- /tmp/portage/portage-${PORTAGE_VER}/repoman/bin/repoman --experimental-repository-modules=y -dx full

8
sdk_container/src/third_party/coreos-overlay/.travis/coreos.conf vendored Normal file
View File

@ -0,0 +1,8 @@
[DEFAULT]
main-repo = portage-stable
[coreos]
location = /usr/coreos-overlay
[portage-stable]
location = /usr/portage

23
sdk_container/src/third_party/coreos-overlay/.travis/setup_repoman.sh vendored Executable file
View File

@ -0,0 +1,23 @@
#!/bin/bash
set -euo pipefail
# Set up directory permissions/portage user and group.
sudo chmod a+rwX /etc/passwd /etc/group /etc /usr
echo "portage:x:250:250:portage:/var/tmp/portage:/bin/false" >> /etc/passwd
echo "portage::250:portage,travis" >> /etc/group
# Shuffle portage repositories around into the right places.
mkdir -p /etc/portage/repos.conf /usr/coreos-overlay
mv * /usr/coreos-overlay/
mv .git /usr/coreos-overlay/
git clone https://github.com/coreos/portage-stable /usr/portage/
cp .travis/coreos.conf /etc/portage/repos.conf/
ln -s /usr/coreos-overlay/profiles/coreos/amd64/sdk /etc/portage/make.profile
mkdir -p /usr/portage/metadata/{dtd,xml-schema}
wget -O /usr/portage/metadata/dtd/metadata.dtd https://www.gentoo.org/dtd/metadata.dtd
wget -O /usr/portage/metadata/xml-schema/metadata.xsd https://www.gentoo.org/xml-schema/metadata.xsd
# Download portage.
mkdir /tmp/portage && cd /tmp/portage
wget -qO - "https://gitweb.gentoo.org/proj/portage.git/snapshot/portage-${PORTAGE_VER}.tar.gz" | tar xz

0
sdk_container/src/third_party/coreos-overlay/CHANGELOG.md vendored Normal file
View File

57
sdk_container/src/third_party/coreos-overlay/README.md vendored Normal file
View File

@ -0,0 +1,57 @@
# Overview
This overlay contains Container Linux specific packages and Gentoo packages
that differ from their upstream Gentoo versions.
See the [portage-stable](https://github.com/coreos/portage-stable) repo
for packages which do not have Container Linux specific changes.
Licensing information can be found in the respective files, so consult
them directly. Most ebuilds are licensed under the GPL version 2.
Upstream Gentoo sources: https://gitweb.gentoo.org/repo/gentoo.git
# Important packages
`coreos-base/coreos` is the package responsible for everything that gets
built into a production image and is not OEM specific.
`coreos-base/coreos-dev` is the package responsible for everything that
gets built into a developer image and is not OEM specific.
`coreos-devel/sdk-depends` is the package responsible for everything that
gets built into the Container Linux SDK.
`coreos-devel/board-packages` is everything that could be built into a
development or production image, plus any OEM specific packages.
`coreos-base/oem-*` are the OEM specific packages. They mostly install things
that belong in the OEM partition. Any RDEPENDS from these packages should
be copied to the RDEPENDS in `board-packages` to ensure they are built.
`coreos-base/coreos-oem-*` are metapackages for OEM specific ACIs.
# Updating
To update follow the following steps:
* Remove or rename the whole folder of the package to prepare the import from
upstream Gentoo, not only resetting the ebuild file but also any additional
files like patches or downstream additions under `files`.
* Run `~/trunk/src/scripts/update_ebuilds --portage_stable . CATEGORY/PACKAGE`
in the `coreos-overlay` folder to import a new version from upstream Gentoo.
Drop the ebuild files that you don't plan to use.
* Commit the changes with a message like `CATEGORY/PACKAGE: Sync from Gentoo`,
and mention the the commit ID in the body (`git show update_ebuilds/master`).
* Now find all downstream patches for the package by running
`git log CATEGORY/PACKAGE`. If everybody followed the process of resetting
before importing an upstream update, you only have to look for the commits
after the last update and port them to the new version. Otherwise you have
to compare the files manually to their upstream versions from older
[portage](https://github.com/gentoo/portage/) revisions.
* You can combine all old and new downstream patches into a single new commit
with the message `CATEGORY/PACKAGE: Apply Flatcar patches` to keep the number of
commits to port low, or have separate commits. Make sure that you explain
the changes and carry the explanations from old commits over, either in the
commit message, through comments in the ebuild file, or through a `README.md`
in the folder.

1
sdk_container/src/third_party/coreos-overlay/app-admin/adcli/Manifest vendored Normal file
View File

@ -0,0 +1 @@
DIST adcli-0.9.0.tar.bz2 83331 SHA512 22e26be0fe836ee550b98192c03fef0d7da9add228ba6a5a8bceb08a87936d26dfd3c524758ae64ab9d699aa26c4494e278942d28b6c2d11d00c48d326715399 BLAKE2B 6df373c140a4631e1e931d6983e22dc7f967889c52d5c5e12a60f9afca0cf7954bd8a05cdcb2c69a910567e5d7382951281e3fcb0789e95e1553b0e9ec61bdcb

1
sdk_container/src/third_party/coreos-overlay/app-admin/adcli/adcli-0.9.0.ebuild vendored Symbolic link
View File

@ -0,0 +1 @@
adcli-9999.ebuild

45
sdk_container/src/third_party/coreos-overlay/app-admin/adcli/adcli-9999.ebuild vendored Normal file
View File

@ -0,0 +1,45 @@
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI=6
if [[ ${PV} == *9999 ]]; then
EGIT_REPO_URI="https://gitlab.freedesktop.org/realmd/adcli.git"
KEYWORDS="~amd64 ~arm64"
inherit git-r3
else
SRC_URI="https://gitlab.freedesktop.org/realmd/adcli/-/archive/${PV}/${P}.tar.bz2"
KEYWORDS="amd64 arm64"
fi
inherit autotools
DESCRIPTION="A helper library and tools for Active Directory client operations"
HOMEPAGE="https://www.freedesktop.org/software/realmd/adcli/"
LICENSE="LGPL-2.1+"
SLOT="0"
IUSE="debug doc"
RDEPEND="
app-crypt/mit-krb5
dev-libs/cyrus-sasl
net-nds/openldap
"
DEPEND="${RDEPEND}
doc? (
app-text/docbook-xml-dtd:4.3
dev-libs/libxslt
)
"
src_prepare() {
eapply_user
eautoreconf
}
src_configure() {
econf \
$(use_enable debug) \
$(use_enable doc)
}

4
sdk_container/src/third_party/coreos-overlay/app-admin/adcli/metadata.xml vendored Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
</pkgmetadata>

35
sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/etcd-wrapper-3.5.0.ebuild vendored Normal file
View File

@ -0,0 +1,35 @@
# Copyright (c) 2016 CoreOS, Inc.. All rights reserved.
# Distributed under the terms of the GNU General Public License v2
EAPI=6
inherit systemd
DESCRIPTION="etcd (System Application Container)"
HOMEPAGE="https://github.com/etcd-io/etcd"
KEYWORDS="amd64 arm64"
LICENSE="Apache-2.0"
IUSE=""
SLOT=0
DEPEND=""
RDEPEND=">=app-admin/sdnotify-proxy-0.1.0"
S=${WORKDIR}
src_install() {
local tag="v${PV}"
if [[ "${ARCH}" != "amd64" ]]; then
tag+="-${ARCH}"
fi
exeinto /usr/lib/flatcar
doexe "${FILESDIR}"/etcd-wrapper
sed "s|@ETCD_IMAGE_TAG@|${tag}|g" \
"${FILESDIR}"/etcd-member.service > ${T}/etcd-member.service
systemd_dounit ${T}/etcd-member.service
systemd_dotmpfilesd "${FILESDIR}"/etcd-wrapper.conf
}

29
sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-member.service vendored Normal file
View File

@ -0,0 +1,29 @@
[Unit]
Description=etcd (System Application Container)
Documentation=https://github.com/etcd-io/etcd
Wants=network-online.target network.target
After=network-online.target
Conflicts=etcd.service
Conflicts=etcd2.service
[Service]
Type=notify
NotifyAccess=all
Restart=always
RestartSec=10s
TimeoutStartSec=0
LimitNOFILE=40000
Environment="ETCD_IMAGE_URL=quay.io/coreos/etcd"
Environment="ETCD_IMAGE_TAG=@ETCD_IMAGE_TAG@"
Environment="ETCD_NAME=%m"
Environment="ETCD_USER=etcd"
Environment="ETCD_DATA_DIR=/var/lib/etcd"
Environment="ETCD_SSL_DIR=/etc/ssl/certs"
ExecStart=/usr/lib/flatcar/etcd-wrapper $ETCD_OPTS
ExecStop=/usr/bin/docker stop etcd-member
ExecStopPost=/usr/bin/docker rm etcd-member
[Install]
WantedBy=multi-user.target

36
sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper vendored Executable file
View File

@ -0,0 +1,36 @@
#!/bin/bash
# The "etcd-wrapper" script can't be deleted because ct overwrites
# the ExecStart directive with etcd-wrapper. Do the new action of
# ExecStart here.
set -e
# Since etcd/v3 we can't use both `--name` and `ETCD_NAME` at the same time.
# We parse the etcd command line options to find a `--name/-name` flag if we found one,
# we unset the `ETCD_NAME` to not conflict with it.
for f in "${@}"; do
if [[ $f =~ ^-?-name=? ]]; then
unset ETCD_NAME
break
fi
done
# Do not pass ETCD_DATA_DIR through to the container. The default path,
# /var/lib/etcd is always used inside the container.
etcd_data_dir="${ETCD_DATA_DIR}"
ETCD_DATA_DIR="/var/lib/etcd"
mkdir -p ${etcd_data_dir}
chown -R etcd:etcd ${etcd_data_dir}
chmod 700 ${etcd_data_dir}
# A better way to run the Flannel/etcd container image is Podman because
# Flannel depends on etcd but wants to be run before Docker so that it
# can set up the Docker networking. Etcd and Flannel are part of the
# Container Linux Config specification and thus can't be dropped easily.
# For now we have to resort to running these services with Docker and try
# to restart Docker for the Flannel options to take effect.
/usr/bin/docker stop etcd-member || true
/usr/bin/docker rm -f etcd-member || true
# set umask so that sdnotify-proxy creates /run/etcd-notify with the same relaxed permissions as NOTIFY_SOCKET (/run/systemd/notify) normally has, to allow ETCD_USER to write to it
umask 000
# mapping only /run/etcd-notify does not work and we use the full /run, also we must set NOTIFY_SOCKET in the container but use the original for /usr/libexec/sdnotify-proxy
/usr/libexec/sdnotify-proxy /run/etcd-notify /usr/bin/docker run --name etcd-member --network=host --ipc=host -u $(id -u ${ETCD_USER}):$(id -g ${ETCD_USER}) -v /run:/run -v /usr/share/ca-certificates:/usr/share/ca-certificates:ro -v ${etcd_data_dir}:/var/lib/etcd:rw -v ${ETCD_SSL_DIR}:/etc/ssl/certs:ro --env-file <(env; echo PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; echo NOTIFY_SOCKET=/run/etcd-notify) --entrypoint /usr/local/bin/etcd ${ETCD_IMAGE:-${ETCD_IMAGE_URL}:${ETCD_IMAGE_TAG}} "$@"

1
sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper.conf vendored Normal file
View File

@ -0,0 +1 @@
d /var/lib/etcd 0700 etcd etcd - -

4
sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/metadata.xml vendored Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
</pkgmetadata>

5
sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/50-flannel.link vendored Normal file
View File

@ -0,0 +1,5 @@
[Match]
OriginalName=flannel*
[Link]
MACAddressPolicy=none

5
sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/50-flannel.network vendored Normal file
View File

@ -0,0 +1,5 @@
[Match]
Name=flannel*
[Link]
Unmanaged=yes

24
sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flannel-docker-opts.service vendored Normal file
View File

@ -0,0 +1,24 @@
[Unit]
Description=flannel docker export service - Network fabric for containers (System Application Container)
Documentation=https://github.com/coreos/flannel
PartOf=flanneld.service
Requires=flanneld.service
After=flanneld.service
[Service]
Type=oneshot
RemainAfterExit=true
Restart=on-failure
RestartSec=5s
Environment="FLANNEL_IMAGE_URL=quay.io/coreos/flannel"
Environment="FLANNEL_IMAGE_TAG=@FLANNEL_IMAGE_TAG@"
Environment="FLANNEL_CMD=/opt/bin/mk-docker-opts.sh"
Environment="FLANNEL_CONTAINER=flannel-docker-opts"
ExecStart=/usr/lib/flatcar/flannel-wrapper -d /run/flannel/flannel_docker_opts.env -i
ExecStop=/usr/bin/docker stop flannel-docker-opts
ExecStopPost=/usr/bin/docker rm flannel-docker-opts
[Install]
WantedBy=multi-user.target

42
sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flannel-wrapper vendored Executable file
View File

@ -0,0 +1,42 @@
#!/bin/bash
# The "flannel-wrapper" script can't be deleted because ct overwrites
# the ExecStart directive with flannel-wrapper. Do the new action of
# ExecStart here.
set -e
ETCD_SSL_DIR="${ETCD_SSL_DIR:-/etc/ssl/etcd}"
RUN_ARGS=""
if [[ -d "${ETCD_SSL_DIR}" ]]; then
RUN_ARGS="-v ${ETCD_SSL_DIR}:${ETCD_SSL_DIR}:ro"
fi
mkdir --parents /run/flannel
WRAP=""
if [[ -S "${NOTIFY_SOCKET}" ]]; then
WRAP="/usr/libexec/sdnotify-proxy /run/${FLANNEL_CONTAINER}-notify"
fi
# A better way to run the Flannel/etcd container image is Podman because
# Flannel depends on etcd but wants to be run before Docker so that it
# can set up the Docker networking. Etcd and Flannel are part of the
# Container Linux Config specification and thus can't be dropped easily.
# For now we have to resort to running these services with Docker and try
# to restart Docker for the Flannel options to take effect (but that also
# terminates the etcd and flannel containers, causing the services to
# restart).
RESTART_DOCKER=0
if [ "${FLANNEL_CMD}" = "/opt/bin/mk-docker-opts.sh" ] && [ "$1" = "-d" ] && [ ! -f "$2" ]; then
# only restart Docker only on first run, propagating updates on later runs was not done before in the rkt version, so keep the behavior
# (which also helps to break the loop which otherwise exists because "restart docker" mentioned above)
RESTART_DOCKER=1
fi
/usr/bin/docker stop ${FLANNEL_CONTAINER} || true
/usr/bin/docker rm -f ${FLANNEL_CONTAINER} || true
# mapping only /run/${FLANNEL_CONTAINER}-notify does not work and we map the full /run (using /run:/run covers /run/flannel, too), also we must set NOTIFY_SOCKET in the container but use the original for /usr/libexec/sdnotify-proxy
${WRAP} /usr/bin/docker run --name ${FLANNEL_CONTAINER} --privileged --network=host --ipc=host ${RUN_ARGS} -v /run:/run:rw -v /etc/ssl/certs:/etc/ssl/certs:ro -v /usr/share/ca-certificates:/usr/share/ca-certificates:ro --env-file <(env; echo PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; echo NOTIFY_SOCKET=/run/${FLANNEL_CONTAINER}-notify) --entrypoint ${FLANNEL_CMD} ${FLANNEL_IMAGE:-${FLANNEL_IMAGE_URL}:${FLANNEL_IMAGE_TAG}} "$@"
if [ "${RESTART_DOCKER}" = 1 ]; then
systemctl restart docker
echo "Restarted Docker to apply Flannel options"
fi

29
sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flanneld.service vendored Normal file
View File

@ -0,0 +1,29 @@
[Unit]
Description=flannel - Network fabric for containers (System Application Container)
Documentation=https://github.com/coreos/flannel
After=etcd.service etcd2.service etcd-member.service
Requires=flannel-docker-opts.service
[Service]
Type=notify
NotifyAccess=all
Restart=always
RestartSec=10s
TimeoutStartSec=300
LimitNOFILE=40000
LimitNPROC=1048576
Environment="FLANNEL_IMAGE_URL=quay.io/coreos/flannel"
Environment="FLANNEL_IMAGE_TAG=@FLANNEL_IMAGE_TAG@"
Environment="FLANNEL_OPTS=--ip-masq=true"
Environment="FLANNEL_CMD=/opt/bin/flanneld"
Environment="FLANNEL_CONTAINER=flannel"
EnvironmentFile=-/run/flannel/options.env
ExecStartPre=/sbin/modprobe ip_tables
ExecStart=/usr/lib/flatcar/flannel-wrapper $FLANNEL_OPTS
ExecStop=/usr/bin/docker stop flannel
ExecStopPost=/usr/bin/docker rm flannel
[Install]
WantedBy=multi-user.target

45
sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/flannel-wrapper-0.14.0.ebuild vendored Normal file
View File

@ -0,0 +1,45 @@
# Copyright (c) 2014 CoreOS, Inc.. All rights reserved.
# Distributed under the terms of the GNU General Public License v2
EAPI=6
inherit systemd
DESCRIPTION="flannel (System Application Container)"
HOMEPAGE="https://github.com/coreos/flannel"
KEYWORDS="amd64 arm64"
SRC_URI=""
LICENSE="Apache-2.0"
SLOT="0"
IUSE=""
RDEPEND="
!app-admin/flannel
>=app-admin/sdnotify-proxy-0.1.0
"
S="$WORKDIR"
src_install() {
local tag="v${PV}"
if [[ "${ARCH}" != "amd64" ]]; then
tag+="-${ARCH}"
fi
exeinto /usr/lib/flatcar
doexe "${FILESDIR}"/flannel-wrapper
sed "s|@FLANNEL_IMAGE_TAG@|${tag}|g" \
"${FILESDIR}"/flanneld.service > ${T}/flanneld.service
systemd_dounit ${T}/flanneld.service
sed "s|@FLANNEL_IMAGE_TAG@|${tag}|g" \
"${FILESDIR}"/flannel-docker-opts.service > ${T}/flannel-docker-opts.service
systemd_dounit ${T}/flannel-docker-opts.service
insinto /usr/lib/systemd/network
doins "${FILESDIR}"/50-flannel.network
doins "${FILESDIR}"/50-flannel.link
}

4
sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/metadata.xml vendored Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
</pkgmetadata>

1
sdk_container/src/third_party/coreos-overlay/app-admin/locksmith/locksmith-0.7.0.ebuild vendored Symbolic link
View File

@ -0,0 +1 @@
locksmith-9999.ebuild

37
sdk_container/src/third_party/coreos-overlay/app-admin/locksmith/locksmith-9999.ebuild vendored Normal file
View File

@ -0,0 +1,37 @@
# Copyright (c) 2014 CoreOS, Inc.. All rights reserved.
# Distributed under the terms of the GNU General Public License v2
EAPI=7
CROS_WORKON_PROJECT="flatcar/locksmith"
CROS_WORKON_LOCALNAME="locksmith"
CROS_WORKON_REPO="https://github.com"
COREOS_GO_PACKAGE="github.com/flatcar/locksmith"
inherit cros-workon systemd coreos-go
if [[ "${PV}" == 9999 ]]; then
KEYWORDS="~amd64 ~arm64"
else
CROS_WORKON_COMMIT="c4cca93a15c7b7fd175e6687a83fc2725029a17a" # flatcar-master
KEYWORDS="amd64 arm64"
fi
DESCRIPTION="locksmith"
HOMEPAGE="https://github.com/flatcar/locksmith"
SRC_URI=""
LICENSE="Apache-2.0"
SLOT="0"
IUSE=""
src_compile() {
COREOS_GO_MOD=vendor go_build "${COREOS_GO_PACKAGE}/locksmithctl"
}
src_install() {
dobin ${GOBIN}/locksmithctl
dodir /usr/lib/locksmith
dosym ../../../bin/locksmithctl /usr/lib/locksmith/locksmithd
systemd_dounit "${S}"/systemd/locksmithd.service
systemd_enable_service multi-user.target locksmithd.service
}

4
sdk_container/src/third_party/coreos-overlay/app-admin/locksmith/metadata.xml vendored Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
</pkgmetadata>

1
sdk_container/src/third_party/coreos-overlay/app-admin/mayday/mayday-1.0.0-r2.ebuild vendored Symbolic link
View File

@ -0,0 +1 @@
mayday-9999.ebuild

35
sdk_container/src/third_party/coreos-overlay/app-admin/mayday/mayday-9999.ebuild vendored Normal file
View File

@ -0,0 +1,35 @@
# Copyright (c) 2015 CoreOS, Inc.. All rights reserved.
# Distributed under the terms of the GNU General Public License v2
EAPI=7
CROS_WORKON_PROJECT="flatcar/mayday"
CROS_WORKON_LOCALNAME="mayday"
CROS_WORKON_REPO="https://github.com"
COREOS_GO_PACKAGE="github.com/flatcar/mayday"
inherit coreos-go cros-workon
if [[ "${PV}" == 9999 ]]; then
KEYWORDS="~amd64 ~arm64"
else
CROS_WORKON_COMMIT="9de08c8f9f4360fe52cb3a56a7fb8f4bc4e75dcc" # flatcar-master
KEYWORDS="amd64 arm64"
fi
DESCRIPTION="mayday"
HOMEPAGE="https://github.com/flatcar/mayday"
SRC_URI=""
LICENSE="Apache-2.0"
SLOT="0"
IUSE=""
src_compile() {
COREOS_GO_MOD=vendor go_build "${COREOS_GO_PACKAGE}"
}
src_install() {
newbin ${GOBIN}/mayday mayday
insinto /usr/share/mayday
doins "${S}/default.json"
}

4
sdk_container/src/third_party/coreos-overlay/app-admin/mayday/metadata.xml vendored Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
</pkgmetadata>

4
sdk_container/src/third_party/coreos-overlay/app-admin/sdnotify-proxy/metadata.xml vendored Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
</pkgmetadata>

1
sdk_container/src/third_party/coreos-overlay/app-admin/sdnotify-proxy/sdnotify-proxy-0.1.0-r3.ebuild vendored Symbolic link
View File

@ -0,0 +1 @@
sdnotify-proxy-9999.ebuild

31
sdk_container/src/third_party/coreos-overlay/app-admin/sdnotify-proxy/sdnotify-proxy-9999.ebuild vendored Normal file
View File

@ -0,0 +1,31 @@
# Copyright (c) 2014 CoreOS, Inc.. All rights reserved.
# Distributed under the terms of the GNU General Public License v2
EAPI=7
CROS_WORKON_PROJECT="kinvolk/sdnotify-proxy"
CROS_WORKON_LOCALNAME="sdnotify-proxy"
CROS_WORKON_REPO="https://github.com"
COREOS_GO_PACKAGE="github.com/coreos/sdnotify-proxy"
COREOS_GO_GO111MODULE="off"
inherit coreos-go cros-workon
if [[ "${PV}" == 9999 ]]; then
KEYWORDS="~amd64 ~arm64"
else
CROS_WORKON_COMMIT="0f8ef1aa86c59fc6d54eadaffb248feaccd1018b" # master
KEYWORDS="amd64 arm64"
fi
DESCRIPTION="sdnotify-proxy"
HOMEPAGE="https://github.com/coreos/sdnotify-proxy"
SRC_URI=""
LICENSE="Apache-2.0"
SLOT="0"
IUSE=""
src_install() {
# Put sdnotify-proxy into its well-know location.
exeinto /usr/libexec
doexe ${GOBIN}/sdnotify-proxy
}

2
sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest vendored Normal file
View File

@ -0,0 +1,2 @@
DIST sudo-1.8.31.tar.gz 3350674 BLAKE2B de5a968732fdd58933b4c513d13c43a08cb50075a00c3e0d338c9892570a416a2b3a8f19940c0893715f4eeab991e804831a87ef656ffd91e7f1ba047c119261 SHA512 b9e408a322938c7a712458e9012d8a5f648fba5b23a5057cf5d8372c7f931262595f1575c32c32b9cb1a04af670ff4611e7df48d197e5c4cc038d6b65439a28a
DIST sudo-1.9.5p2.tar.gz 4012277 BLAKE2B 41913887463e4f775564af8d614fb5ed762200aa777dc789ec333842d4f432323474fc952a531fe929b33607cdfbcd18d7fe7470a15d67139deaf855841ed11f SHA512 f0fe914963c31a6f8ab6c86847ff6cdd125bd5a839b27f46dcae03963f4fc413b3d4cca54c1979feb825c8479b44c7df0642c07345c941eecf6f9f1e03ea0e27

29
sdk_container/src/third_party/coreos-overlay/app-admin/sudo/metadata.xml vendored Normal file
View File

@ -0,0 +1,29 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>base-system@gentoo.org</email>
<name>Gentoo Base System</name>
</maintainer>
<longdescription lang="en">
Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all)
commands as root or another user while logging the commands and
arguments.
</longdescription>
<use>
<flag name="gcrypt">Use message digest functions from <pkg>dev-libs/libgcrypt</pkg> instead of sudo's</flag>
<flag name="libressl">Use message digest functions from <pkg>dev-libs/libressl</pkg> instead of sudo's</flag>
<flag name="offensive">Let sudo print insults when the user types the wrong password</flag>
<flag name="sendmail">Allow sudo to send emails with sendmail</flag>
<flag name="sssd">Add System Security Services Daemon support</flag>
<flag name="secure-path">Replace PATH variable with compile time secure paths</flag>
<flag name="system-digest">
Use message digest functions from <pkg>dev-libs/libgcrypt</pkg>, <pkg>dev-libs/libressl</pkg>
or <pkg>dev-libs/openssl</pkg> instead of sudo's internal SHA2 implementation
</flag>
</use>
<upstream>
<remote-id type="cpe">cpe:/a:todd_miller:sudo</remote-id>
</upstream>
</pkgmetadata>

259
sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.8.31.ebuild vendored Normal file
View File

@ -0,0 +1,259 @@
# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit pam multilib libtool tmpfiles
MY_P="${P/_/}"
MY_P="${MY_P/beta/b}"
DESCRIPTION="Allows users or groups to run commands as other users"
HOMEPAGE="https://www.sudo.ws/"
if [[ ${PV} == "9999" ]] ; then
inherit mercurial
EHG_REPO_URI="https://www.sudo.ws/repos/sudo"
else
uri_prefix=
case ${P} in
*_beta*|*_rc*) uri_prefix=beta/ ;;
esac
SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-solaris"
fi
fi
# Basic license is ISC-style as-is, some files are released under
# 3-clause BSD license
LICENSE="ISC BSD"
SLOT="0"
IUSE="gcrypt ldap libressl nls offensive pam sasl +secure-path selinux +sendmail skey sssd system-digest"
DEPEND="
sys-libs/zlib:=
ldap? (
>=net-nds/openldap-2.1.30-r1
sasl? (
dev-libs/cyrus-sasl
net-nds/openldap[sasl]
)
)
pam? ( sys-libs/pam )
sasl? ( dev-libs/cyrus-sasl )
skey? ( >=sys-auth/skey-1.1.5-r1 )
sssd? ( sys-auth/sssd[sudo] )
system-digest? (
gcrypt? ( dev-libs/libgcrypt:= )
!gcrypt? (
!libressl? ( dev-libs/openssl:0= )
libressl? ( dev-libs/libressl:0= )
)
)
"
RDEPEND="
${DEPEND}
>=app-misc/editor-wrapper-3
virtual/editor
pam? ( sys-auth/pambase )
selinux? ( sec-policy/selinux-sudo )
sendmail? ( virtual/mta )
"
BDEPEND="
sys-devel/bison
"
S="${WORKDIR}/${MY_P}"
REQUIRED_USE="
pam? ( !skey )
skey? ( !pam )
"
MAKEOPTS+=" SAMPLES="
src_prepare() {
default
elibtoolize
}
set_secure_path() {
# FIXME: secure_path is a compile time setting. using PATH or
# ROOTPATH is not perfect, env-update may invalidate this, but until it
# is available as a sudoers setting this will have to do.
einfo "Setting secure_path ..."
# first extract the default ROOTPATH from build env
SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env;
echo "${ROOTPATH}")
case "${SECURE_PATH}" in
*/usr/sbin*) ;;
*) SECURE_PATH=$(unset PATH;
. "${EPREFIX}"/etc/profile.env; echo "${PATH}")
;;
esac
if [[ -z ${SECURE_PATH} ]] ; then
ewarn " Failed to detect SECURE_PATH, please report this"
fi
# then remove duplicate path entries
cleanpath() {
local newpath thisp IFS=:
for thisp in $1 ; do
if [[ :${newpath}: != *:${thisp}:* ]] ; then
newpath+=:${thisp}
else
einfo " Duplicate entry ${thisp} removed..."
fi
done
SECURE_PATH=${newpath#:}
}
cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}
# finally, strip gcc paths #136027
rmpath() {
local e newpath thisp IFS=:
for thisp in ${SECURE_PATH} ; do
for e ; do [[ ${thisp} == ${e} ]] && continue 2 ; done
newpath+=:${thisp}
done
SECURE_PATH=${newpath#:}
}
rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'
einfo "... done"
}
src_configure() {
local SECURE_PATH
set_secure_path
# audit: somebody got to explain me how I can test this before I
# enable it.. - Diego
# plugindir: autoconf code is crappy and does not delay evaluation
# until `make` time, so we have to use a full path here rather than
# basing off other values.
myeconfargs=(
--enable-zlib=system
--enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d
--with-editor="${EPREFIX}"/usr/libexec/editor
--with-env-editor
--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
--with-rundir="${EPREFIX}"/run/sudo
$(use_with secure-path secure-path "${SECURE_PATH}")
--with-vardir="${EPREFIX}"/var/db/sudo
--without-linux-audit
--without-opie
$(use_enable gcrypt)
$(use_enable nls)
$(use_enable sasl)
$(use_with offensive insults)
$(use_with offensive all-insults)
$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
$(use_with ldap)
$(use_with pam)
$(use_with skey)
$(use_with sssd)
$(use_with selinux)
$(use_with sendmail)
)
if use system-digest && ! use gcrypt; then
myeconfargs+=("--enable-openssl")
else
myeconfargs+=("--disable-openssl")
fi
econf "${myeconfargs[@]}"
}
src_install() {
default
if use ldap ; then
dodoc README.LDAP
cat <<-EOF > "${T}"/ldap.conf.sudo
# See ldap.conf(5) and README.LDAP for details
# This file should only be readable by root
# supported directives: host, port, ssl, ldap_version
# uri, binddn, bindpw, sudoers_base, sudoers_debug
# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}
EOF
if use sasl ; then
cat <<-EOF >> "${T}"/ldap.conf.sudo
# SASL directives: use_sasl, sasl_mech, sasl_auth_id
# sasl_secprops, rootuse_sasl, rootsasl_auth_id, krb5_ccname
EOF
fi
insinto /etc
doins "${T}"/ldap.conf.sudo
fperms 0440 /etc/ldap.conf.sudo
fi
pamd_mimic system-auth sudo auth account session
keepdir /var/db/sudo/lectured
fperms 0700 /var/db/sudo/lectured
fperms 0711 /var/db/sudo #652958
# Don't install into /run as that is a tmpfs most of the time
# (bug #504854)
rm -rf "${ED}"/run
find "${ED}" -type f -name "*.la" -delete || die #697812
}
pkg_postinst() {
tmpfiles_process sudo.conf
#652958
local sudo_db="${EROOT}/var/db/sudo"
if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
chmod 711 "${sudo_db}" || die
fi
if use ldap ; then
ewarn
ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
ewarn
if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
ewarn "configured in /etc/nsswitch.conf."
ewarn
ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"
ewarn " sudoers: ldap files"
ewarn
fi
fi
if use prefix ; then
ewarn
ewarn "To use sudo, you need to change file ownership and permissions"
ewarn "with root privileges, as follows:"
ewarn
ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo"
ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
ewarn " # chown root:root ${EPREFIX}/etc/sudoers"
ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d"
ewarn " # chown root:root ${EPREFIX}/var/db/sudo"
ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo"
ewarn
fi
elog "To use the -A (askpass) option, you need to install a compatible"
elog "password program from the following list. Starred packages will"
elog "automatically register for the use with sudo (but will not force"
elog "the -A option):"
elog ""
elog " [*] net-misc/ssh-askpass-fullscreen"
elog " net-misc/x11-ssh-askpass"
elog ""
elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
elog "variable to the program you want to use."
}

271
sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.5_p2.ebuild vendored Normal file
View File

@ -0,0 +1,271 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit pam multilib libtool systemd tmpfiles
MY_P="${P/_/}"
MY_P="${MY_P/beta/b}"
DESCRIPTION="Allows users or groups to run commands as other users"
HOMEPAGE="https://www.sudo.ws/"
if [[ ${PV} == "9999" ]] ; then
inherit mercurial
EHG_REPO_URI="https://www.sudo.ws/repos/sudo"
else
uri_prefix=
case ${P} in
*_beta*|*_rc*) uri_prefix=beta/ ;;
esac
SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~sparc-solaris"
fi
fi
# Basic license is ISC-style as-is, some files are released under
# 3-clause BSD license
LICENSE="ISC BSD"
SLOT="0"
IUSE="gcrypt ldap libressl nls offensive pam sasl +secure-path selinux +sendmail skey ssl sssd"
DEPEND="
sys-libs/zlib:=
gcrypt? ( dev-libs/libgcrypt:= )
ldap? (
>=net-nds/openldap-2.1.30-r1
sasl? (
dev-libs/cyrus-sasl
net-nds/openldap[sasl]
)
)
pam? ( sys-libs/pam )
sasl? ( dev-libs/cyrus-sasl )
skey? ( >=sys-auth/skey-1.1.5-r1 )
ssl? (
!libressl? ( dev-libs/openssl:0= )
libressl? ( dev-libs/libressl:0= )
)
sssd? ( sys-auth/sssd[sudo] )
"
# Flatcar: remove perl runtime dependency
# ldap? ( dev-lang/perl )
RDEPEND="
${DEPEND}
>=app-misc/editor-wrapper-3
virtual/editor
pam? ( sys-auth/pambase )
selinux? ( sec-policy/selinux-sudo )
sendmail? ( virtual/mta )
"
BDEPEND="
sys-devel/bison
virtual/pkgconfig
"
S="${WORKDIR}/${MY_P}"
REQUIRED_USE="
?? ( pam skey )
?? ( gcrypt ssl )
"
MAKEOPTS+=" SAMPLES="
src_prepare() {
default
elibtoolize
}
set_secure_path() {
# FIXME: secure_path is a compile time setting. using PATH or
# ROOTPATH is not perfect, env-update may invalidate this, but until it
# is available as a sudoers setting this will have to do.
einfo "Setting secure_path ..."
# first extract the default ROOTPATH from build env
SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env;
echo "${ROOTPATH}")
case "${SECURE_PATH}" in
*/usr/sbin*) ;;
*) SECURE_PATH=$(unset PATH;
. "${EPREFIX}"/etc/profile.env; echo "${PATH}")
;;
esac
if [[ -z ${SECURE_PATH} ]] ; then
ewarn " Failed to detect SECURE_PATH, please report this"
fi
# then remove duplicate path entries
cleanpath() {
local newpath thisp IFS=:
for thisp in $1 ; do
if [[ :${newpath}: != *:${thisp}:* ]] ; then
newpath+=:${thisp}
else
einfo " Duplicate entry ${thisp} removed..."
fi
done
SECURE_PATH=${newpath#:}
}
cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}
# finally, strip gcc paths #136027
rmpath() {
local e newpath thisp IFS=:
for thisp in ${SECURE_PATH} ; do
for e ; do [[ ${thisp} == ${e} ]] && continue 2 ; done
newpath+=:${thisp}
done
SECURE_PATH=${newpath#:}
}
rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'
einfo "... done"
}
src_configure() {
local SECURE_PATH
set_secure_path
# audit: somebody got to explain me how I can test this before I
# enable it.. - Diego
# plugindir: autoconf code is crappy and does not delay evaluation
# until `make` time, so we have to use a full path here rather than
# basing off other values.
myeconfargs=(
# requires some python eclass
--disable-python
--enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d
--enable-zlib=system
--with-editor="${EPREFIX}"/usr/libexec/editor
--with-env-editor
--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
--with-rundir="${EPREFIX}"/run/sudo
--with-vardir="${EPREFIX}"/var/db/sudo
--without-linux-audit
--without-opie
$(use_enable gcrypt)
$(use_enable nls)
$(use_enable sasl)
$(use_enable ssl openssl)
$(use_with ldap)
$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
$(use_with offensive insults)
$(use_with offensive all-insults)
$(use_with pam)
$(use_with pam pam-login)
$(use_with secure-path secure-path "${SECURE_PATH}")
$(use_with selinux)
$(use_with sendmail)
$(use_with skey)
$(use_with sssd)
)
econf "${myeconfargs[@]}"
}
src_install() {
default
if use ldap ; then
dodoc README.LDAP
cat <<-EOF > "${T}"/ldap.conf.sudo
# See ldap.conf(5) and README.LDAP for details
# This file should only be readable by root
# supported directives: host, port, ssl, ldap_version
# uri, binddn, bindpw, sudoers_base, sudoers_debug
# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}
EOF
if use sasl ; then
cat <<-EOF >> "${T}"/ldap.conf.sudo
# SASL directives: use_sasl, sasl_mech, sasl_auth_id
# sasl_secprops, rootuse_sasl, rootsasl_auth_id, krb5_ccname
EOF
fi
insinto /etc
doins "${T}"/ldap.conf.sudo
fperms 0440 /etc/ldap.conf.sudo
# Flatcar: we don't ship openldap schemas
#insinto /etc/openldap/schema
#newins doc/schema.OpenLDAP sudo.schema
fi
if use pam; then
pamd_mimic system-auth sudo auth account session
pamd_mimic system-auth sudo-i auth account session
fi
keepdir /var/db/sudo/lectured
fperms 0700 /var/db/sudo/lectured
fperms 0711 /var/db/sudo #652958
# Don't install into /run as that is a tmpfs most of the time
# (bug #504854)
rm -rf "${ED}"/run || die
find "${ED}" -type f -name "*.la" -delete || die #697812
# Flatcar specific:
# - remove sudo.conf (shipped by baselayout)
rm "${ED}/etc/sudo.conf"
# Flatcar end
}
pkg_postinst() {
tmpfiles_process sudo.conf
#652958
local sudo_db="${EROOT}/var/db/sudo"
if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
chmod 711 "${sudo_db}" || die
fi
if use ldap ; then
ewarn
ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
ewarn
if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
ewarn "configured in /etc/nsswitch.conf."
ewarn
ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"
ewarn " sudoers: ldap files"
ewarn
fi
fi
if use prefix ; then
ewarn
ewarn "To use sudo, you need to change file ownership and permissions"
ewarn "with root privileges, as follows:"
ewarn
ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo"
ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
ewarn " # chown root:root ${EPREFIX}/etc/sudoers"
ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d"
ewarn " # chown root:root ${EPREFIX}/var/db/sudo"
ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo"
ewarn
fi
elog "To use the -A (askpass) option, you need to install a compatible"
elog "password program from the following list. Starred packages will"
elog "automatically register for the use with sudo (but will not force"
elog "the -A option):"
elog ""
elog " [*] net-misc/ssh-askpass-fullscreen"
elog " net-misc/x11-ssh-askpass"
elog ""
elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
elog "variable to the program you want to use."
}

4
sdk_container/src/third_party/coreos-overlay/app-admin/toolbox/metadata.xml vendored Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
</pkgmetadata>

1
sdk_container/src/third_party/coreos-overlay/app-admin/toolbox/toolbox-0.0.0-r16.ebuild vendored Symbolic link
View File

@ -0,0 +1 @@
toolbox-9999.ebuild

28
sdk_container/src/third_party/coreos-overlay/app-admin/toolbox/toolbox-9999.ebuild vendored Normal file
View File

@ -0,0 +1,28 @@
# Copyright (c) 2014 CoreOS, Inc.. All rights reserved.
# Distributed under the terms of the GNU General Public License v2
EAPI=7
CROS_WORKON_PROJECT="flatcar/toolbox"
CROS_WORKON_LOCALNAME="toolbox"
CROS_WORKON_REPO="https://github.com"
if [[ "${PV}" == 9999 ]]; then
KEYWORDS="~amd64 ~arm64"
else
CROS_WORKON_COMMIT="a851cb8961f092012e4d64ba1e71b27b36b7ec9d" # flatcar-master
KEYWORDS="amd64 arm64"
fi
inherit cros-workon
DESCRIPTION="toolbox"
HOMEPAGE="https://github.com/flatcar/toolbox"
SRC_URI=""
LICENSE="Apache-2.0"
SLOT="0"
IUSE=""
src_install() {
dobin ${S}/toolbox
}

4
sdk_container/src/third_party/coreos-overlay/app-admin/updateservicectl/metadata.xml vendored Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
</pkgmetadata>

1
sdk_container/src/third_party/coreos-overlay/app-admin/updateservicectl/updateservicectl-2.1.0.ebuild vendored Symbolic link
View File

@ -0,0 +1 @@
updateservicectl-9999.ebuild

32
sdk_container/src/third_party/coreos-overlay/app-admin/updateservicectl/updateservicectl-9999.ebuild vendored Normal file
View File

@ -0,0 +1,32 @@
# Copyright (c) 2014 CoreOS, Inc.. All rights reserved.
# Distributed under the terms of the GNU General Public License v2
EAPI=7
CROS_WORKON_PROJECT="kinvolk/updateservicectl"
CROS_WORKON_LOCALNAME="updateservicectl"
CROS_WORKON_REPO="https://github.com"
COREOS_GO_PACKAGE="github.com/kinvolk/updateservicectl"
COREOS_GO_GO111MODULE="on"
inherit cros-workon coreos-go
if [[ "${PV}" == 9999 ]]; then
KEYWORDS="~amd64 ~arm64"
else
CROS_WORKON_COMMIT="6a4ff4ca879082c07353dd379439c437cbe27e18" # main
KEYWORDS="amd64 arm64"
fi
DESCRIPTION="CoreUpdate Management CLI"
HOMEPAGE="https://github.com/kinvolk/updateservicectl"
SRC_URI=""
LICENSE="Apache-2.0"
SLOT="0"
IUSE=""
RDEPEND="!app-admin/updatectl"
src_prepare() {
coreos-go_src_prepare
GOPATH+=":${S}/Godeps/_workspace"
}

2
sdk_container/src/third_party/coreos-overlay/app-arch/bzip2/Manifest vendored Normal file
View File

@ -0,0 +1,2 @@
DIST bzip2-1.0.6.tar.gz 782025 BLAKE2B b31533af7c71d715e6600874bb0a11b9b3aebbb08af0414a6d88bd5a2ad879a482ad408338159cb6c241815da8f48798d2ea7789ea971431d0be42ee827b0a7e SHA512 00ace5438cfa0c577e5f578d8a808613187eff5217c35164ffe044fbafdfec9e98f4192c02a7d67e01e5a5ccced630583ad1003c37697219b0f147343a3fdd12
DIST bzip2-1.0.8.tar.gz 810029 BLAKE2B 22ab3acd84f4db8c3d6f59340c252faedfd4447cea00dafbd652e65b6cf8a20adf6835c22e58563004cfafdb15348c924996230b4b23cae42da5e25eeac4bdad SHA512 083f5e675d73f3233c7930ebe20425a533feedeaaa9d8cc86831312a6581cefbe6ed0d08d2fa89be81082f2a5abdabca8b3c080bf97218a1bd59dc118a30b9f3

117
sdk_container/src/third_party/coreos-overlay/app-arch/bzip2/bzip2-1.0.6-r12.ebuild vendored Normal file
View File

@ -0,0 +1,117 @@
# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# XXX: atm, libbz2.a is always PIC :(, so it is always built quickly
# (since we're building shared libs) ...
EAPI=6
inherit toolchain-funcs multilib-minimal
DESCRIPTION="A high-quality data compressor used extensively by Gentoo Linux"
HOMEPAGE="https://sourceware.org/bzip2/"
SRC_URI="mirror://gentoo/${P}.tar.gz"
LICENSE="BZIP2"
SLOT="0/1" # subslot = SONAME
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd"
IUSE="static static-libs"
PATCHES=(
"${FILESDIR}"/${PN}-1.0.4-makefile-CFLAGS.patch
"${FILESDIR}"/${PN}-1.0.6-saneso.patch
"${FILESDIR}"/${PN}-1.0.4-man-links.patch #172986
"${FILESDIR}"/${PN}-1.0.6-progress.patch
"${FILESDIR}"/${PN}-1.0.3-no-test.patch
"${FILESDIR}"/${PN}-1.0.4-POSIX-shell.patch #193365
"${FILESDIR}"/${PN}-1.0.6-mingw.patch #393573
"${FILESDIR}"/${PN}-1.0.6-out-of-tree-build.patch
"${FILESDIR}"/${PN}-1.0.6-CVE-2016-3189.patch #620466
"${FILESDIR}"/${PN}-1.0.6-ubsan-error.patch
)
DOCS=( CHANGES README{,.COMPILATION.PROBLEMS,.XML.STUFF} manual.pdf )
HTML_DOCS=( manual.html )
src_prepare() {
default
# - Use right man path
# - Generate symlinks instead of hardlinks
# - pass custom variables to control libdir
sed -i \
-e 's:\$(PREFIX)/man:\$(PREFIX)/share/man:g' \
-e 's:ln -s -f $(PREFIX)/bin/:ln -s -f :' \
-e 's:$(PREFIX)/lib:$(PREFIX)/$(LIBDIR):g' \
Makefile || die
}
bemake() {
emake \
VPATH="${S}" \
CC="$(tc-getCC)" \
AR="$(tc-getAR)" \
RANLIB="$(tc-getRANLIB)" \
"$@"
}
multilib_src_compile() {
bemake -f "${S}"/Makefile-libbz2_so all
# Make sure we link against the shared lib #504648
ln -s libbz2.so.${PV} libbz2.so || die
bemake -f "${S}"/Makefile all LDFLAGS="${LDFLAGS} $(usex static -static '')"
}
multilib_src_install() {
into /usr
# Install the shared lib manually. We install:
# .x.x.x - standard shared lib behavior
# .x.x - SONAME some distros use #338321
# .x - SONAME Gentoo uses
dolib.so libbz2.so.${PV}
local v
for v in libbz2.so{,.{${PV%%.*},${PV%.*}}} ; do
dosym libbz2.so.${PV} /usr/$(get_libdir)/${v}
done
use static-libs && dolib.a libbz2.a
if multilib_is_native_abi ; then
gen_usr_ldscript -a bz2
dobin bzip2recover
into /
dobin bzip2
fi
}
multilib_src_install_all() {
# `make install` doesn't cope with out-of-tree builds, nor with
# installing just non-binaries, so handle things ourselves.
insinto /usr/include
doins bzlib.h
into /usr
dobin bz{diff,grep,more}
doman *.1
dosym bzdiff /usr/bin/bzcmp
dosym bzdiff.1 /usr/share/man/man1/bzcmp.1
dosym bzmore /usr/bin/bzless
dosym bzmore.1 /usr/share/man/man1/bzless.1
local x
for x in bunzip2 bzcat bzip2recover ; do
dosym bzip2.1 /usr/share/man/man1/${x}.1
done
for x in bz{e,f}grep ; do
dosym bzgrep /usr/bin/${x}
dosym bzgrep.1 /usr/share/man/man1/${x}.1
done
einstalldocs
# move "important" bzip2 binaries to /bin and use the shared libbz2.so
dosym bzip2 /bin/bzcat
dosym bzip2 /bin/bunzip2
}

122
sdk_container/src/third_party/coreos-overlay/app-arch/bzip2/bzip2-1.0.8-r1.ebuild vendored Normal file
View File

@ -0,0 +1,122 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# XXX: atm, libbz2.a is always PIC :(, so it is always built quickly
# (since we're building shared libs) ...
EAPI=6
inherit toolchain-funcs multilib-minimal usr-ldscript
DESCRIPTION="A high-quality data compressor used extensively by Gentoo Linux"
HOMEPAGE="https://sourceware.org/bzip2/"
SRC_URI="https://sourceware.org/pub/${PN}/${P}.tar.gz"
LICENSE="BZIP2"
SLOT="0/1" # subslot = SONAME
KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
IUSE="static static-libs"
PATCHES=(
"${FILESDIR}"/${PN}-1.0.4-makefile-CFLAGS.patch
"${FILESDIR}"/${PN}-1.0.8-saneso.patch
"${FILESDIR}"/${PN}-1.0.4-man-links.patch #172986
"${FILESDIR}"/${PN}-1.0.6-progress.patch
"${FILESDIR}"/${PN}-1.0.3-no-test.patch
"${FILESDIR}"/${PN}-1.0.8-mingw.patch #393573
"${FILESDIR}"/${PN}-1.0.8-out-of-tree-build.patch
)
DOCS=( CHANGES README{,.COMPILATION.PROBLEMS,.XML.STUFF} manual.pdf )
HTML_DOCS=( manual.html )
src_prepare() {
default
# - Use right man path
# - Generate symlinks instead of hardlinks
# - pass custom variables to control libdir
sed -i \
-e 's:\$(PREFIX)/man:\$(PREFIX)/share/man:g' \
-e 's:ln -s -f $(PREFIX)/bin/:ln -s -f :' \
-e 's:$(PREFIX)/lib:$(PREFIX)/$(LIBDIR):g' \
Makefile || die
}
bemake() {
emake \
VPATH="${S}" \
CC="$(tc-getCC)" \
AR="$(tc-getAR)" \
RANLIB="$(tc-getRANLIB)" \
"$@"
}
multilib_src_compile() {
bemake -f "${S}"/Makefile-libbz2_so all
# Make sure we link against the shared lib #504648
ln -s libbz2.so.${PV} libbz2.so || die
bemake -f "${S}"/Makefile all LDFLAGS="${LDFLAGS} $(usex static -static '')"
}
multilib_src_install() {
into /usr
# Install the shared lib manually. We install:
# .x.x.x - standard shared lib behavior
# .x.x - SONAME some distros use #338321
# .x - SONAME Gentoo uses
dolib.so libbz2.so.${PV}
local v
for v in libbz2.so{,.{${PV%%.*},${PV%.*}}} ; do
dosym libbz2.so.${PV} /usr/$(get_libdir)/${v}
done
# Install libbz2.so.1.0 due to accidental soname change in 1.0.7.
# Reference: 98da0ad82192d21ad74ae52366ea8466e2acea24.
# OK to remove one year after 2020-04-11.
if [[ ! -L "${ED}/usr/$(get_libdir)/libbz2.so.1.0" ]]; then
dosym libbz2.so.${PV} "/usr/$(get_libdir)/libbz2.so.1.0"
fi
use static-libs && dolib.a libbz2.a
if multilib_is_native_abi ; then
gen_usr_ldscript -a bz2
dobin bzip2recover
into /
dobin bzip2
fi
}
multilib_src_install_all() {
# `make install` doesn't cope with out-of-tree builds, nor with
# installing just non-binaries, so handle things ourselves.
insinto /usr/include
doins bzlib.h
into /usr
dobin bz{diff,grep,more}
doman *.1
dosym bzdiff /usr/bin/bzcmp
dosym bzdiff.1 /usr/share/man/man1/bzcmp.1
dosym bzmore /usr/bin/bzless
dosym bzmore.1 /usr/share/man/man1/bzless.1
local x
for x in bunzip2 bzcat bzip2recover ; do
dosym bzip2.1 /usr/share/man/man1/${x}.1
done
for x in bz{e,f}grep ; do
dosym bzgrep /usr/bin/${x}
dosym bzgrep.1 /usr/share/man/man1/${x}.1
done
einstalldocs
# move "important" bzip2 binaries to /bin and use the shared libbz2.so
dosym bzip2 /bin/bzcat
dosym bzip2 /bin/bunzip2
}

9
sdk_container/src/third_party/coreos-overlay/app-arch/bzip2/files/bzip2-1.0.3-no-test.patch vendored Normal file
View File

@ -0,0 +1,9 @@
--- a/Makefile
+++ b/Makefile
@@ -23,5 +23,5 @@
bzlib.o
-all: libbz2.a bzip2 bzip2recover test
+all: libbz2.a bzip2 bzip2recover
bzip2: libbz2.a bzip2.o

21
sdk_container/src/third_party/coreos-overlay/app-arch/bzip2/files/bzip2-1.0.4-POSIX-shell.patch vendored Normal file
View File

@ -0,0 +1,21 @@
bzgrep uses !/bin/sh but then uses the bashism ${var//} so replace those
with calls to sed so POSIX shells work
http://bugs.gentoo.org/193365
--- a/bzgrep
+++ b/bzgrep
@@ -63,10 +63,9 @@
bzip2 -cdfq "$i" | $grep $opt "$pat"
r=$?
else
- j=${i//\\/\\\\}
- j=${j//|/\\|}
- j=${j//&/\\&}
- j=`printf "%s" "$j" | tr '\n' ' '`
+ # the backslashes here are doubled up as we have to escape each one for the
+ # shell and then escape each one for the sed expression
+ j=`printf "%s" "${i}" | sed -e 's:\\\\:\\\\\\\\:g' -e 's:[|]:\\\\|:g' -e 's:[&]:\\\\&:g' | tr '\n' ' '`
bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${j}:|"
r=$?
fi

25
sdk_container/src/third_party/coreos-overlay/app-arch/bzip2/files/bzip2-1.0.4-makefile-CFLAGS.patch vendored Normal file
View File

@ -0,0 +1,25 @@
--- a/Makefile
+++ b/Makefile
@@ -18,10 +18,9 @@
CC=gcc
AR=ar
RANLIB=ranlib
-LDFLAGS=
BIGFILES=-D_FILE_OFFSET_BITS=64
-CFLAGS=-Wall -Winline -O2 -g $(BIGFILES)
+CFLAGS+=-Wall -Winline $(BIGFILES) $(CPPFLAGS)
# Where you want it installed when you do 'make install'
PREFIX=/usr/local
--- a/Makefile-libbz2_so
+++ b/Makefile-libbz2_so
@@ -24,7 +24,7 @@
SHELL=/bin/sh
CC=gcc
BIGFILES=-D_FILE_OFFSET_BITS=64
-CFLAGS=-fpic -fPIC -Wall -Winline -O2 -g $(BIGFILES)
+CFLAGS+=-fpic -fPIC -Wall -Winline $(BIGFILES) $(CPPFLAGS)
OBJS= blocksort.o \
huffman.o \

12
sdk_container/src/third_party/coreos-overlay/app-arch/bzip2/files/bzip2-1.0.4-man-links.patch vendored Normal file
View File

@ -0,0 +1,12 @@
http://bugs.gentoo.org/172986
--- a/Makefile
+++ b/Makefile
@@ -85,4 +85,7 @@
cp -f bzip2.1 $(PREFIX)/share/man/man1
chmod a+r $(PREFIX)/share/man/man1/bzip2.1
+ ln -s -f bzip2.1 $(PREFIX)/share/man/man1/bunzip2.1
+ ln -s -f bzip2.1 $(PREFIX)/share/man/man1/bzcat.1
+ ln -s -f bzip2.1 $(PREFIX)/share/man/man1/bzip2recover.1
cp -f bzlib.h $(PREFIX)/include
chmod a+r $(PREFIX)/include/bzlib.h

18
sdk_container/src/third_party/coreos-overlay/app-arch/bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch vendored Normal file
View File

@ -0,0 +1,18 @@
Upstream-Status: Backport
https://bugzilla.suse.com/attachment.cgi?id=681334
CVE: CVE-2016-3189
Signed-off-by: Armin Kuster <akuster@mvista.com>
Index: bzip2-1.0.6/bzip2recover.c
===================================================================
--- a/bzip2recover.c
+++ b/bzip2recover.c
@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
bsPutUInt32 ( bsWr, blockCRC );
bsClose ( bsWr );
+ outFile = NULL;
}
if (wrBlock >= rbCtr) break;
wrBlock++;

27
sdk_container/src/third_party/coreos-overlay/app-arch/bzip2/files/bzip2-1.0.6-mingw.patch vendored Normal file
View File

@ -0,0 +1,27 @@
make it build for mingw targets
https://bugs.gentoo.org/393573
--- a/bzip2.c
+++ b/bzip2.c
@@ -129,7 +129,7 @@
#if BZ_LCCWIN32
# include <io.h>
# include <fcntl.h>
-# include <sys\stat.h>
+# include <sys/stat.h>
# define NORETURN /**/
# define PATH_SEP '\\'
--- a/bzlib.h
+++ b/bzlib.h
@@ -81,6 +81,9 @@ typedef
/* windows.h define small to char */
# undef small
# endif
+# ifndef WINAPI
+# define WINAPI
+# endif
# ifdef BZ_EXPORT
# define BZ_API(func) WINAPI func
# define BZ_EXTERN extern

79
sdk_container/src/third_party/coreos-overlay/app-arch/bzip2/files/bzip2-1.0.6-out-of-tree-build.patch vendored Normal file
View File

@ -0,0 +1,79 @@
--- a/Makefile
+++ b/Makefile
@@ -53,7 +53,6 @@ libbz2.a: $(OBJS)
check: test
test: bzip2
- @cat words1
./bzip2 -1 < sample1.ref > sample1.rb2
./bzip2 -2 < sample2.ref > sample2.rb2
./bzip2 -3 < sample3.ref > sample3.rb2
@@ -66,7 +65,6 @@ test: bzip2
cmp sample1.tst sample1.ref
cmp sample2.tst sample2.ref
cmp sample3.tst sample3.ref
- @cat words3
install: bzip2 bzip2recover
if ( test ! -d $(PREFIX)/bin ) ; then mkdir -p $(PREFIX)/bin ; fi
@@ -115,25 +113,8 @@ clean:
sample1.rb2 sample2.rb2 sample3.rb2 \
sample1.tst sample2.tst sample3.tst
-blocksort.o: blocksort.c
- @cat words0
- $(CC) $(CFLAGS) -c blocksort.c
-huffman.o: huffman.c
- $(CC) $(CFLAGS) -c huffman.c
-crctable.o: crctable.c
- $(CC) $(CFLAGS) -c crctable.c
-randtable.o: randtable.c
- $(CC) $(CFLAGS) -c randtable.c
-compress.o: compress.c
- $(CC) $(CFLAGS) -c compress.c
-decompress.o: decompress.c
- $(CC) $(CFLAGS) -c decompress.c
-bzlib.o: bzlib.c
- $(CC) $(CFLAGS) -c bzlib.c
-bzip2.o: bzip2.c
- $(CC) $(CFLAGS) -c bzip2.c
-bzip2recover.o: bzip2recover.c
- $(CC) $(CFLAGS) -c bzip2recover.c
+%.o: %.c
+ $(CC) $(CFLAGS) -c $<
distclean: clean
--- a/Makefile-libbz2_so
+++ b/Makefile-libbz2_so
@@ -36,9 +36,7 @@ OBJS= blocksort.o \
all: $(OBJS)
$(CC) $(LDFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.6 $(OBJS)
- $(CC) $(LDFLAGS) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6
- rm -f libbz2.so.1.0
- ln -s libbz2.so.1.0.6 libbz2.so.1.0
+ ln -sf libbz2.so.1.0.6 libbz2.so.1.0
clean:
rm -f $(OBJS) bzip2.o libbz2.so.1.0.6 libbz2.so.1.0 bzip2-shared
@@ -43,17 +43,5 @@ all: $(OBJS)
clean:
rm -f $(OBJS) bzip2.o libbz2.so.1.0.6 libbz2.so.1.0 bzip2-shared
-blocksort.o: blocksort.c
- $(CC) $(CFLAGS) -c blocksort.c
-huffman.o: huffman.c
- $(CC) $(CFLAGS) -c huffman.c
-crctable.o: crctable.c
- $(CC) $(CFLAGS) -c crctable.c
-randtable.o: randtable.c
- $(CC) $(CFLAGS) -c randtable.c
-compress.o: compress.c
- $(CC) $(CFLAGS) -c compress.c
-decompress.o: decompress.c
- $(CC) $(CFLAGS) -c decompress.c
-bzlib.o: bzlib.c
- $(CC) $(CFLAGS) -c bzlib.c
+%.o: %.c
+ $(CC) $(CFLAGS) -c $<

163
sdk_container/src/third_party/coreos-overlay/app-arch/bzip2/files/bzip2-1.0.6-progress.patch vendored Normal file
View File

@ -0,0 +1,163 @@
Ripped from Mandrake
http://bugs.gentoo.org/82192
--- a/bzip2.1
+++ b/bzip2.1
@@ -235,6 +235,10 @@
Suppress non-essential warning messages. Messages pertaining to
I/O errors and other critical events will not be suppressed.
.TP
+.B \-p \-\-show\-progress
+Show percentage of input\-file done and while compressing show the percentage
+of the original file the new file is.
+.TP
.B \-v --verbose
Verbose mode -- show the compression ratio for each file processed.
Further \-v's increase the verbosity level, spewing out lots of
--- a/bzip2.c
+++ b/bzip2.c
@@ -145,6 +145,7 @@
#include <signal.h>
#include <math.h>
#include <errno.h>
+#include <time.h>
#include <ctype.h>
#include "bzlib.h"
@@ -301,6 +302,7 @@
Char progNameReally[FILE_NAME_LEN];
FILE *outputHandleJustInCase;
Int32 workFactor;
+Char showProgress;
static void panic ( Char* ) NORETURN;
static void ioError ( void ) NORETURN;
@@ -425,6 +427,12 @@
UInt32 nbytes_in_lo32, nbytes_in_hi32;
UInt32 nbytes_out_lo32, nbytes_out_hi32;
Int32 bzerr, bzerr_dummy, ret;
+ double fileSize = 0; /* initialized to make the compiler stop crying */
+ /* double because big files might otherwhise give
+ * overflows. not long long since not all compilers
+ * support that one
+ */
+ time_t startTime, currentTime;
SET_BINARY_MODE(stream);
SET_BINARY_MODE(zStream);
@@ -432,12 +440,21 @@
if (ferror(stream)) goto errhandler_io;
if (ferror(zStream)) goto errhandler_io;
+ if ((srcMode == SM_F2F || srcMode == SM_F2O) && showProgress == True) {
+ (void)fseek(stream, 0, SEEK_END);
+ fileSize = ftello(stream);
+ rewind(stream);
+ if (verbosity >= 1)
+ fprintf(stderr, "Input-file size: %ld\n", (long)fileSize);
+ }
+
bzf = BZ2_bzWriteOpen ( &bzerr, zStream,
blockSize100k, verbosity, workFactor );
if (bzerr != BZ_OK) goto errhandler;
if (verbosity >= 2) fprintf ( stderr, "\n" );
+ time(&startTime);
while (True) {
if (myfeof(stream)) break;
@@ -446,6 +463,22 @@
if (nIbuf > 0) BZ2_bzWrite ( &bzerr, bzf, (void*)ibuf, nIbuf );
if (bzerr != BZ_OK) goto errhandler;
+ if ((srcMode == SM_F2F || srcMode == SM_F2O) && showProgress == True) {
+ time(&currentTime);
+
+ if ((currentTime - startTime) > 1) { /* show progress every 2 seconds */
+ double curInPos = ftello(stream);
+ double curOutPos = ftello(zStream);
+
+ startTime = currentTime;
+
+ fprintf(stderr, "%.2f%% done", (curInPos * 100.0) / fileSize);
+ if (srcMode == SM_F2F)
+ fprintf(stderr, ", new size: %.2f%%", (curOutPos * 100.0) / curInPos);
+
+ fprintf(stderr, " \r");
+ }
+ }
}
BZ2_bzWriteClose64 ( &bzerr, bzf, 0,
@@ -526,6 +559,8 @@
UChar unused[BZ_MAX_UNUSED];
Int32 nUnused;
UChar* unusedTmp;
+ double fileSize = 0; /* initialized to make the compiler stop crying */
+ time_t startTime, currentTime;
nUnused = 0;
streamNo = 0;
@@ -533,9 +568,19 @@
SET_BINARY_MODE(stream);
SET_BINARY_MODE(zStream);
+ if ((srcMode == SM_F2F || srcMode == SM_F2O) && showProgress == True) {
+ off_t dummy = ftello(zStream);
+ (void)fseeko(zStream, 0, SEEK_END);
+ fileSize = ftello(zStream);
+ (void)fseeko(zStream, dummy, SEEK_SET);
+ if (verbosity >= 1)
+ fprintf(stderr, "Input-file size: %ld\n", (long)fileSize);
+ }
+
if (ferror(stream)) goto errhandler_io;
if (ferror(zStream)) goto errhandler_io;
+ time(&startTime);
while (True) {
bzf = BZ2_bzReadOpen (
@@ -551,6 +596,16 @@
if ((bzerr == BZ_OK || bzerr == BZ_STREAM_END) && nread > 0)
fwrite ( obuf, sizeof(UChar), nread, stream );
if (ferror(stream)) goto errhandler_io;
+
+ if ((srcMode == SM_F2F || srcMode == SM_F2O) && showProgress == True) {
+ time(&currentTime);
+ if ((currentTime - startTime) >= 2) {
+ double curInPos = ftello(zStream);
+ startTime = currentTime;
+
+ fprintf(stderr, "%.2f%% done\r", (curInPos * 100.0) / fileSize);
+ }
+ }
}
if (bzerr != BZ_STREAM_END) goto errhandler;
@@ -1872,6 +1927,7 @@
deleteOutputOnInterrupt = False;
exitValue = 0;
i = j = 0; /* avoid bogus warning from egcs-1.1.X */
+ showProgress = False;
/*-- Set up signal handlers for mem access errors --*/
signal (SIGSEGV, mySIGSEGVorSIGBUScatcher);
@@ -1949,6 +2005,7 @@
case 'k': keepInputFiles = True; break;
case 's': smallMode = True; break;
case 'q': noisy = False; break;
+ case 'p': showProgress = True; break;
case '1': blockSize100k = 1; break;
case '2': blockSize100k = 2; break;
case '3': blockSize100k = 3; break;
@@ -1985,6 +2042,7 @@
if (ISFLAG("--keep")) keepInputFiles = True; else
if (ISFLAG("--small")) smallMode = True; else
if (ISFLAG("--quiet")) noisy = False; else
+ if (ISFLAG("--show-progress")) showProgress = True; else
if (ISFLAG("--version")) license(); else
if (ISFLAG("--license")) license(); else
if (ISFLAG("--exponential")) workFactor = 1; else

13
sdk_container/src/third_party/coreos-overlay/app-arch/bzip2/files/bzip2-1.0.6-saneso.patch vendored Normal file
View File

@ -0,0 +1,13 @@
--- a/Makefile-libbz2_so
+++ b/Makefile-libbz2_so
@@ -35,8 +35,8 @@
bzlib.o
all: $(OBJS)
- $(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.6 $(OBJS)
- $(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6
+ $(CC) $(LDFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.6 $(OBJS)
+ $(CC) $(LDFLAGS) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6
rm -f libbz2.so.1.0
ln -s libbz2.so.1.0.6 libbz2.so.1.0

24
sdk_container/src/third_party/coreos-overlay/app-arch/bzip2/files/bzip2-1.0.6-ubsan-error.patch vendored Normal file
View File

@ -0,0 +1,24 @@
Author: Manoj Gupta <manojgupta@google.com>
Use unsigned 1 for shifting instead of signed 1.
This fixed an issue with shift caught by undefined behavior
sanitizer in clang.
bzip2-1.0.6/blocksort.c:255:7
runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
--- a/blocksort.c
+++ b/blocksort.c
@@ -202,9 +202,9 @@ void fallbackQSort3 ( UInt32* fmap,
bhtab [ 0 .. 2+(nblock/32) ] destroyed
*/
-#define SET_BH(zz) bhtab[(zz) >> 5] |= (1 << ((zz) & 31))
-#define CLEAR_BH(zz) bhtab[(zz) >> 5] &= ~(1 << ((zz) & 31))
-#define ISSET_BH(zz) (bhtab[(zz) >> 5] & (1 << ((zz) & 31)))
+#define SET_BH(zz) bhtab[(zz) >> 5] |= (1u << ((zz) & 31))
+#define CLEAR_BH(zz) bhtab[(zz) >> 5] &= ~(1u << ((zz) & 31))
+#define ISSET_BH(zz) (bhtab[(zz) >> 5] & (1u << ((zz) & 31)))
#define WORD_BH(zz) bhtab[(zz) >> 5]
#define UNALIGNED_BH(zz) ((zz) & 0x01f)

16
sdk_container/src/third_party/coreos-overlay/app-arch/bzip2/files/bzip2-1.0.8-mingw.patch vendored Normal file
View File

@ -0,0 +1,16 @@
make it build for mingw targets
https://bugs.gentoo.org/393573
--- a/bzlib.h
+++ b/bzlib.h
@@ -81,6 +81,9 @@ typedef
/* windows.h define small to char */
# undef small
# endif
+# ifndef WINAPI
+# define WINAPI
+# endif
# ifdef BZ_EXPORT
# define BZ_API(func) WINAPI func
# define BZ_EXTERN extern

76
sdk_container/src/third_party/coreos-overlay/app-arch/bzip2/files/bzip2-1.0.8-out-of-tree-build.patch vendored Normal file
View File

@ -0,0 +1,76 @@
--- bzip2-1.0.8/Makefile
+++ bzip2-1.0.8/Makefile
@@ -54,7 +54,6 @@
check: test
test: bzip2
- @cat words1
./bzip2 -1 < sample1.ref > sample1.rb2
./bzip2 -2 < sample2.ref > sample2.rb2
./bzip2 -3 < sample3.ref > sample3.rb2
@@ -67,7 +66,6 @@
cmp sample1.tst sample1.ref
cmp sample2.tst sample2.ref
cmp sample3.tst sample3.ref
- @cat words3
install: bzip2 bzip2recover
if ( test ! -d $(PREFIX)/bin ) ; then mkdir -p $(PREFIX)/bin ; fi
@@ -113,25 +111,8 @@
sample1.rb2 sample2.rb2 sample3.rb2 \
sample1.tst sample2.tst sample3.tst
-blocksort.o: blocksort.c
- @cat words0
- $(CC) $(CFLAGS) -c blocksort.c
-huffman.o: huffman.c
- $(CC) $(CFLAGS) -c huffman.c
-crctable.o: crctable.c
- $(CC) $(CFLAGS) -c crctable.c
-randtable.o: randtable.c
- $(CC) $(CFLAGS) -c randtable.c
-compress.o: compress.c
- $(CC) $(CFLAGS) -c compress.c
-decompress.o: decompress.c
- $(CC) $(CFLAGS) -c decompress.c
-bzlib.o: bzlib.c
- $(CC) $(CFLAGS) -c bzlib.c
-bzip2.o: bzip2.c
- $(CC) $(CFLAGS) -c bzip2.c
-bzip2recover.o: bzip2recover.c
- $(CC) $(CFLAGS) -c bzip2recover.c
+%.o: %.c
+ $(CC) $(CFLAGS) -c $<
distclean: clean
--- bzip2-1.0.8/Makefile-libbz2_so
+++ bzip2-1.0.8/Makefile-libbz2_so
@@ -36,24 +36,10 @@
all: $(OBJS)
$(CC) $(LDFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.8 $(OBJS)
- $(CC) $(LDFLAGS) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.8
- rm -f libbz2.so.1.0
- ln -s libbz2.so.1.0.8 libbz2.so.1.0
+ ln -sf libbz2.so.1.0.8 libbz2.so.1.0
clean:
rm -f $(OBJS) bzip2.o libbz2.so.1.0.8 libbz2.so.1.0 bzip2-shared
-blocksort.o: blocksort.c
- $(CC) $(CFLAGS) -c blocksort.c
-huffman.o: huffman.c
- $(CC) $(CFLAGS) -c huffman.c
-crctable.o: crctable.c
- $(CC) $(CFLAGS) -c crctable.c
-randtable.o: randtable.c
- $(CC) $(CFLAGS) -c randtable.c
-compress.o: compress.c
- $(CC) $(CFLAGS) -c compress.c
-decompress.o: decompress.c
- $(CC) $(CFLAGS) -c decompress.c
-bzlib.o: bzlib.c
- $(CC) $(CFLAGS) -c bzlib.c
+%.o: %.c
+ $(CC) $(CFLAGS) -c $<

13
sdk_container/src/third_party/coreos-overlay/app-arch/bzip2/files/bzip2-1.0.8-saneso.patch vendored Normal file
View File

@ -0,0 +1,13 @@
--- bzip2-1.0.8/Makefile-libbz2_so
+++ bzip2-1.0.8/Makefile-libbz2_so
@@ -35,8 +35,8 @@
bzlib.o
all: $(OBJS)
- $(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.8 $(OBJS)
- $(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.8
+ $(CC) $(LDFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.8 $(OBJS)
+ $(CC) $(LDFLAGS) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.8
rm -f libbz2.so.1.0
ln -s libbz2.so.1.0.8 libbz2.so.1.0

11
sdk_container/src/third_party/coreos-overlay/app-arch/bzip2/metadata.xml vendored Normal file
View File

@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>base-system@gentoo.org</email>
<name>Gentoo Base System</name>
</maintainer>
<upstream>
<remote-id type="cpe">cpe:/a:bzip:bzip2</remote-id>
</upstream>
</pkgmetadata>

33
sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/compat-wrapper.sh vendored Normal file
View File

@ -0,0 +1,33 @@
#!/bin/bash
set -e
bin=${0##*/}
seal=/run/metadata/torcx
if [ -z "${bin}" ]
then
echo 'Failed to determine the executed program name.' 1>&2
exit 1
fi
if [ -s "${seal}" ]
then
. "${seal}"
else
echo "The program ${bin} is managed by torcx, which did not run." 1>&2
exit 1
fi
if [ -z "${TORCX_BINDIR-}" ]
then
echo "The torcx seal file ${seal} is invalid." 1>&2
exit 1
fi
if [ ! -x "${TORCX_BINDIR}/${bin}" ]
then
echo "The current torcx profile did not install a ${bin} program." 1>&2
exit 1
fi
PATH="${TORCX_BINDIR}${PATH:+:${PATH}}" exec "${TORCX_BINDIR}/${bin}" "$@"

11
sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/docker-1.12-no.json vendored Normal file
View File

@ -0,0 +1,11 @@
{
"kind": "profile-manifest-v0",
"value": {
"images": [
{
"name": "docker",
"reference": "com.coreos.cl"
}
]
}
}

41
sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/dockerd-wrapper.sh vendored Normal file
View File

@ -0,0 +1,41 @@
#!/bin/bash
# Wrapper for launching docker daemons with selinux default on
# This wrapper script has been deprecated (euank: 2017-05-09) and is retained
# for backwards compatibility.
set -e
parse_docker_args() {
local flag
while [[ $# -gt 0 ]]; do
flag="$1"
shift
# treat --flag=foo and --flag foo identically
if [[ "${flag}" == *=* ]]; then
set -- "${flag#*=}" "$@"
flag="${flag%=*}"
fi
case "${flag}" in
--selinux-enabled)
ARG_SELINUX="$1"
shift
;;
*)
# ignore everything else
;;
esac
done
}
parse_docker_args "$@"
USE_SELINUX=""
# Do not override selinux if it is already explicitly configured.
if [[ -z "${ARG_SELINUX}" ]]; then
# If unspecified, default off
USE_SELINUX="--selinux-enabled=false"
fi
exec dockerd "$@" ${USE_SELINUX}

7
sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/torcx.target vendored Normal file
View File

@ -0,0 +1,7 @@
[Unit]
Description=Verify torcx succeeded
DefaultDependencies=no
AssertPathExists=/run/metadata/torcx
[Install]
WantedBy=basic.target

11
sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/vendor.json vendored Normal file
View File

@ -0,0 +1,11 @@
{
"kind": "profile-manifest-v0",
"value": {
"images": [
{
"name": "docker",
"reference": "com.coreos.cl"
}
]
}
}

4
sdk_container/src/third_party/coreos-overlay/app-arch/torcx/metadata.xml vendored Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
</pkgmetadata>

1
sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-0.2.0-r7.ebuild vendored Symbolic link
View File

@ -0,0 +1 @@
torcx-9999.ebuild

58
sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild vendored Normal file
View File

@ -0,0 +1,58 @@
# Copyright (c) 2017-2018 CoreOS, Inc.. All rights reserved.
# Distributed under the terms of the GNU General Public License v2
EAPI=7
CROS_WORKON_PROJECT="flatcar/torcx"
CROS_WORKON_LOCALNAME="torcx"
CROS_WORKON_REPO="https://github.com"
COREOS_GO_PACKAGE="github.com/flatcar/torcx"
COREOS_GO_GO111MODULE="off"
if [[ "${PV}" == 9999 ]]; then
KEYWORDS="~amd64 ~arm64"
else
CROS_WORKON_COMMIT="72556df98e14575721b6a8dc3c9775d2b4d6e3e8" # flatcar-master
KEYWORDS="amd64 arm64"
fi
inherit coreos-go cros-workon systemd
DESCRIPTION="torcx is a boot-time addon manager for immutable systems"
HOMEPAGE="https://github.com/flatcar/torcx"
LICENSE="Apache-2.0"
SLOT="0"
src_compile() {
CGO_ENABLED=0 go_export
${EGO} build -v \
-p "$(makeopts_jobs)" \
-ldflags "-X ${COREOS_GO_PACKAGE}/pkg/version.VERSION=${PV}" \
-o "bin/${ARCH}/torcx" \
-tags containers_image_openpgp \
"${COREOS_GO_PACKAGE}"
}
src_install() {
local generatordir=/usr/lib/systemd/system-generators
local vendordir=/usr/share/torcx
local libcoreosdir=/usr/lib/flatcar
# Install generator and userland.
exeinto "${generatordir}"
newexe "${S}/bin/${ARCH}/torcx" torcx-generator
dosym ../systemd/system-generators/torcx-generator "${libcoreosdir}/torcx"
systemd_dounit "${FILESDIR}/torcx.target"
insinto "${vendordir}/profiles"
doins "${FILESDIR}/docker-1.12-no.json"
doins "${FILESDIR}/vendor.json"
dodir "${vendordir}/store"
# Preserve program paths for torcx packages.
newbin "${FILESDIR}/compat-wrapper.sh" docker
for link in {docker-,}{containerd{,-shim},runc} ctr docker-{init,proxy} dockerd tini
do ln -fns docker "${ED}/usr/bin/${link}"
done
exeinto /usr/lib/flatcar
newexe "${FILESDIR}/dockerd-wrapper.sh" dockerd
}

5
sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/Manifest vendored Normal file
View File

@ -0,0 +1,5 @@
DIST gnupg-2.2.16-scdaemon_shared-access.patch 2586 BLAKE2B 42fd5482c4e86751ce62836125997c2295c44bc5db0671a06460fd306b2ed93f290fb898fc1b1e463a863eddf9ab5f99ea3c90a55499ef45ca1ed6edf2854663 SHA512 38abaa4200114ae6b6f220fabc0a84a056761949c97bd0564557f4411a299b9a1939893555c27e26da2d8e8da4bc97a298fa7e68f1e80fe99c3f88cc329eaa84
DIST gnupg-2.2.27.tar.bz2 7191555 BLAKE2B d652aad382cf07cc458b29ff82718edd47457d8236dcbeee51f22d88503be141f009e9ea45b6dafe614115d9558fe371509579e58ce17a5f04540a31aa406ea3 SHA512 cf336962116c9c08ac80b1299654b94948033ef51d6d5e7f54c2f07bbf7d92c7b0bddb606ceee2cdd837063f519b8d59af5a82816b840a0fc47d90c07b0e95ab
DIST gnupg-2.2.29.tar.bz2 7215986 BLAKE2B 04b777730b8fcbe8d93dfc8985aadd6bc7385ac2ac9684e6248cb3ae6d008daae5aa976ffa3bae27fe9e89bc2c4c1d4ae81dcaa259fb08d13f894f00f12072e9 SHA512 12645e230fc6aa4811420ef33def6baa590e847ecdf7e5f8b96eb49122e6406cbdba4595d0b52fa26700d5d5def67acb4ed7dfe7f778e496d4d21ccbef3c476b
DIST gnupg-2.2.31.tar.bz2 7212188 BLAKE2B 57a2b6c6ea491137a708e18a0119502621b7bdf0591818d19beb8b08a521a7dbf60472243e1723f53acbfb9a5de612b8e5040c45dc847bdda26012244edb11be SHA512 2f6fa200e08d6b8993b482e5825bea6083afc8686c4e1ae80386b36ae49e1c2d73066c508edaa359a7794cb26ba7a00f81555a906fa422d1117e41415cfa2fea
DIST gnupg-2.3.2.tar.bz2 7589445 BLAKE2B f7e35ed553ea89cdb073abb1432f67fa00bb625f6e686e534f96bca11d88f09ea272b3cb0d6706e4bce2c023f8c5b8d628742aa2f60752a2e605132cd32f62ed SHA512 2747cbe38546f500d165f024ebb2dc5be70fa68d20702af3f61e97db685eba94caf65307293137c76ea6cfcc189ed24aaee025c80cd33f26609e5fe512bdda73

33
sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch vendored Normal file
View File

@ -0,0 +1,33 @@
From e3bdb7d17264b8d5bd9abab97c96d9c4a50e4f61 Mon Sep 17 00:00:00 2001
From: Kristian Fiskerstrand <kf@sumptuouscapital.com>
Date: Mon, 3 Apr 2017 23:44:56 +0300
Subject: [PATCH] gpgscm: Use shorter socket path lengts to improve test
reliability
--
As socket lengths are normally restricted to 108 characters
(UNIX_PATH_MAX variable in /usr/include/linux/un.h), using 42 characters
by default easily results in errors.
---
tests/gpgscm/tests.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm
index 592b36f..f54a387 100644
--- a/tests/gpgscm/tests.scm
+++ b/tests/gpgscm/tests.scm
@@ -273,9 +273,9 @@
(canonical-path (_mkdtemp (if (null? components)
(path-join
(get-temp-path)
- (string-append "gpgscm-" (get-isotime) "-"
+ (string-append "gscm"
(basename-suffix *scriptname* ".scm")
- "-XXXXXX"))
+ "XXXXXX"))
(apply path-join components)))))
;; Make a temporary directory and remove it at interpreter shutdown.
--
2.10.2

32
sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch vendored Normal file
View File

@ -0,0 +1,32 @@
From: Vincent Breitmoser <look@my.amazin.horse>
Date: Thu, 13 Jun 2019 21:27:43 +0200
Subject: gpg: accept subkeys with a good revocation but no self-sig during
import
* g10/import.c (chk_self_sigs): Set the NODE_GOOD_SELFSIG flag when we
encounter a valid revocation signature. This allows import of subkey
revocation signatures, even in the absence of a corresponding subkey
binding signature.
--
This fixes the remaining test in import-incomplete.scm.
GnuPG-Bug-id: 4393
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
g10/import.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/g10/import.c b/g10/import.c
index f9acf95..9217911 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -3602,6 +3602,7 @@ chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, int *non_self)
/* It's valid, so is it newer? */
if (sig->timestamp >= rsdate)
{
+ knode->flag |= NODE_GOOD_SELFSIG; /* Subkey is valid. */
if (rsnode)
{
/* Delete the last revocation sig since

106
sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-allow-import-of-previously-known-keys-even-without-UI.patch vendored Normal file
View File

@ -0,0 +1,106 @@
From: Vincent Breitmoser <look@my.amazin.horse>
Date: Thu, 13 Jun 2019 21:27:42 +0200
Subject: gpg: allow import of previously known keys, even without UIDs
* g10/import.c (import_one): Accept an incoming OpenPGP certificate that
has no user id, as long as we already have a local variant of the cert
that matches the primary key.
--
This fixes two of the three broken tests in import-incomplete.scm.
GnuPG-Bug-id: 4393
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
g10/import.c | 44 +++++++++++---------------------------------
1 file changed, 11 insertions(+), 33 deletions(-)
diff --git a/g10/import.c b/g10/import.c
index 5d3162c..f9acf95 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -1788,7 +1788,6 @@ import_one_real (ctrl_t ctrl,
size_t an;
char pkstrbuf[PUBKEY_STRING_SIZE];
int merge_keys_done = 0;
- int any_filter = 0;
KEYDB_HANDLE hd = NULL;
if (r_valid)
@@ -1825,14 +1824,6 @@ import_one_real (ctrl_t ctrl,
log_printf ("\n");
}
-
- if (!uidnode )
- {
- if (!silent)
- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
- return 0;
- }
-
if (screener && screener (keyblock, screener_arg))
{
log_error (_("key %s: %s\n"), keystr_from_pk (pk),
@@ -1907,17 +1898,10 @@ import_one_real (ctrl_t ctrl,
}
}
- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) )
- {
- if (!silent)
- {
- log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
- if (!opt.quiet )
- log_info(_("this may be caused by a missing self-signature\n"));
- }
- stats->no_user_id++;
- return 0;
- }
+ /* Delete invalid parts, and note if we have any valid ones left.
+ * We will later abort import if this key is new but contains
+ * no valid uids. */
+ delete_inv_parts (ctrl, keyblock, keyid, options);
/* Get rid of deleted nodes. */
commit_kbnode (&keyblock);
@@ -1927,24 +1911,11 @@ import_one_real (ctrl_t ctrl,
{
apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid);
commit_kbnode (&keyblock);
- any_filter = 1;
}
if (import_filter.drop_sig)
{
apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig);
commit_kbnode (&keyblock);
- any_filter = 1;
- }
-
- /* If we ran any filter we need to check that at least one user id
- * is left in the keyring. Note that we do not use log_error in
- * this case. */
- if (any_filter && !any_uid_left (keyblock))
- {
- if (!opt.quiet )
- log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk));
- stats->no_user_id++;
- return 0;
}
/* The keyblock is valid and ready for real import. */
@@ -2002,6 +1973,13 @@ import_one_real (ctrl_t ctrl,
err = 0;
stats->skipped_new_keys++;
}
+ else if (err && !any_uid_left (keyblock))
+ {
+ if (!silent)
+ log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid));
+ err = 0;
+ stats->no_user_id++;
+ }
else if (err) /* Insert this key. */
{
/* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */

157
sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/gnupg-2.2.29.ebuild vendored Normal file
View File

@ -0,0 +1,157 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# Flatcar: use EAPI=7, until EAPI 8 could be fully supported
EAPI=7
inherit flag-o-matic systemd toolchain-funcs
MY_P="${P/_/-}"
DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
HOMEPAGE="https://gnupg.org/"
SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
LICENSE="GPL-3"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb user-socket wks-server"
# Existence of executables is checked during configuration.
DEPEND=">=dev-libs/libassuan-2.5.0
>=dev-libs/libgcrypt-1.8.0
>=dev-libs/libgpg-error-1.29
>=dev-libs/libksba-1.3.4
>=dev-libs/npth-1.2
>=net-misc/curl-7.10
bzip2? ( app-arch/bzip2 )
ldap? ( net-nds/openldap )
readline? ( sys-libs/readline:0= )
smartcard? ( usb? ( virtual/libusb:1 ) )
ssl? ( >=net-libs/gnutls-3.0:0= )
sys-libs/zlib
tofu? ( >=dev-db/sqlite-3.7 )"
RDEPEND="${DEPEND}
app-crypt/pinentry
nls? ( virtual/libintl )
selinux? ( sec-policy/selinux-gpg )
wks-server? ( virtual/mta )"
BDEPEND="virtual/pkgconfig
doc? ( sys-apps/texinfo )
nls? ( sys-devel/gettext )"
S="${WORKDIR}/${MY_P}"
DOCS=(
ChangeLog NEWS README THANKS TODO VERSION
doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
)
PATCHES=(
"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
# Flatcar: the patches below are added only for Flatcar, to address the
# upstream gnupg issue https://dev.gnupg.org/T4393.
"${FILESDIR}/${PN}-allow-import-of-previously-known-keys-even-without-UI.patch"
"${FILESDIR}/${PN}-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch"
)
src_prepare() {
default
# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
# idea borrowed from libdbus, see
# https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
#
# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
# which in turn requires discovery in Autoconf, something that upstream deeply resents.
sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-i doc/examples/systemd-user/gpg-agent-ssh.socket || die
}
src_configure() {
local myconf=(
$(use_enable bzip2)
$(use_enable nls)
$(use_enable smartcard scdaemon)
$(use_enable ssl gnutls)
$(use_enable tofu)
$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
$(use_enable wks-server wks-tools)
$(use_with ldap)
$(use_with readline)
--with-mailprog=/usr/libexec/sendmail
--disable-ntbtls
--enable-all-tests
--enable-gpg
--enable-gpgsm
--enable-large-secmem
CC_FOR_BUILD="$(tc-getBUILD_CC)"
GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
)
if use prefix && use usb; then
# bug #649598
append-cppflags -I"${EPREFIX}/usr/include/libusb-1.0"
fi
#bug 663142
if use user-socket; then
myconf+=( --enable-run-gnupg-user-socket )
fi
# glib fails and picks up clang's internal stdint.h causing weird errors
[[ ${CC} == *clang ]] && \
export gl_cv_absolute_stdint_h=/usr/include/stdint.h
# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
# As of GnuPG 2.3, the mailprog substitution is used for the binary called
# by wks-client & wks-server; and if it's autodetected but not not exist at
# build time, then then 'gpg-wks-client --send' functionality will not
# work. This has an unwanted side-effect in stage3 builds: there was a
# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
# the build where the install guide previously make the user chose the
# logger & mta early in the install.
econf "${myconf[@]}"
}
src_compile() {
default
use doc && emake -C doc html
}
src_test() {
#Bug: 638574
use tofu && export TESTFLAGS=--parallel
default
}
src_install() {
default
use tools &&
dobin \
tools/{convert-from-106,gpg-check-pattern} \
tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
tools/make-dns-cert
dosym gpg /usr/bin/gpg2
dosym gpgv /usr/bin/gpgv2
echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
dodir /etc/env.d
echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
use doc && dodoc doc/gnupg.html/* doc/*.png
systemd_douserunit doc/examples/systemd-user/*.{service,socket}
}

46
sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/metadata.xml vendored Normal file
View File

@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>zlogene@gentoo.org</email>
<name>Mikle Kolyada</name>
</maintainer>
<maintainer type="person">
<email>polynomial-c@gentoo.org</email>
<name>Lars Wendler</name>
</maintainer>
<maintainer type="project">
<email>base-system@gentoo.org</email>
<name>Gentoo Base System</name>
</maintainer>
<use>
<flag name="scd-shared-access">
Allow concurrent access to scdaemon by multiple apps from same
user. Useful if you want to use scdaemon with gnupg and for
example NitroKey.
</flag>
<flag name="smartcard">
Build scdaemon software. Enables usage of OpenPGP cards. For
other type of smartcards, try <pkg>app-crypt/gnupg-pkcs11-scd</pkg>.
Bring in <pkg>dev-libs/libusb</pkg> as a dependency; enable scdaemon.
</flag>
<flag name="usb">
Build direct CCID access for scdaemon; requires <pkg>dev-libs/libusb</pkg>.
</flag>
<flag name="user-socket">
try a socket directory which is not removed by init manager at session end
</flag>
<flag name="tofu">
Enable support for Trust on First use trust model; requires <pkg>dev-db/sqlite</pkg>.
</flag>
<flag name="tools">
Install extra tools (including gpgsplit and gpg-zip).
</flag>
<flag name="wks-server">
Install the wks-server
</flag>
</use>
<upstream>
<remote-id type="cpe">cpe:/a:gnupg:gnupg</remote-id>
</upstream>
</pkgmetadata>

11
sdk_container/src/third_party/coreos-overlay/app-crypt/go-tspi/files/tpmd.service vendored Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Description=TPM remote access daemon
Requires=tcsd.service
[Service]
ExecStart=/bin/tpmd 23179
Restart=always
RestartSec=0
[Install]
WantedBy=multi-user.target

1
sdk_container/src/third_party/coreos-overlay/app-crypt/go-tspi/go-tspi-0.1-r4.ebuild vendored Symbolic link
View File

@ -0,0 +1 @@
go-tspi-9999.ebuild

31
sdk_container/src/third_party/coreos-overlay/app-crypt/go-tspi/go-tspi-9999.ebuild vendored Normal file
View File

@ -0,0 +1,31 @@
EAPI=7
inherit coreos-go eutils git-r3 systemd
COREOS_GO_PACKAGE="github.com/coreos/go-tspi"
COREOS_GO_GO111MODULE="off"
EGIT_REPO_URI="https://github.com/coreos/go-tspi.git"
if [[ "${PV}" == 9999 ]]; then
KEYWORDS="~amd64 ~arm64"
else
EGIT_COMMIT="27182e3e7b1dfcfb398b5408a619abc4f652a38b"
KEYWORDS="amd64 arm64"
fi
IUSE=""
LICENSE="Apache-2.0"
SLOT="0"
RDEPEND="app-crypt/trousers"
DEPEND="${RDEPEND}"
src_compile() {
go_build "${COREOS_GO_PACKAGE}/tpmd"
go_build "${COREOS_GO_PACKAGE}/tpmown"
}
src_install() {
dobin ${GOBIN}/*
systemd_dounit "${FILESDIR}"/tpmd.service
}

1
sdk_container/src/third_party/coreos-overlay/app-crypt/mit-krb5/Manifest vendored Normal file
View File

@ -0,0 +1 @@
DIST krb5-1.19.2.tar.gz 8741053 BLAKE2B 963722721201e75381c91a2af6e982f569a5b1602beb2d1ded83d35f6f914235a6ed91e5d54f56c97e94921a32ed27c49aded258327966ee13d39485208c38d8 SHA512 b90d6ed0e1e8a87eb5cb2c36d88b823a6a6caabf85e5d419adb8a930f7eea09a5f8491464e7e454cca7ba88be09d19415962fe0036ad2e31fc584f9fc0bbd470

11
sdk_container/src/third_party/coreos-overlay/app-crypt/mit-krb5/files/kpropd.xinetd vendored Normal file
View File

@ -0,0 +1,11 @@
service tell
{
disable = yes
socket_type = stream
user = root
wait = no
server = /usr/sbin/kpropd
only_from = 0.0.0.0
log_on_success = PID HOST EXIT DURATION
log_on_failure = HOST
}

11
sdk_container/src/third_party/coreos-overlay/app-crypt/mit-krb5/files/mit-krb5-1.12_warn_cflags.patch vendored Normal file
View File

@ -0,0 +1,11 @@
gentoo bug #498794
--- src/aclocal.m4 2014-01-16 00:44:15.000000000 +0000
+++ src/aclocal.m4 2014-03-26 10:20:54.000000000 +0000
@@ -501,6 +501,7 @@
fi
if test "x$krb5_ac_warn_cflags_set" = xset ; then
AC_MSG_NOTICE(not adding extra gcc warning flags because WARN_CFLAGS was set)
+ WARN_CFLAGS=""
else
AC_MSG_NOTICE(adding extra warning flags for gcc)
WARN_CFLAGS="$WARN_CFLAGS $extra_gcc_warn_opts -Wmissing-prototypes"

15
sdk_container/src/third_party/coreos-overlay/app-crypt/mit-krb5/files/mit-krb5-1.18.2-krb5-config.patch vendored Normal file
View File

@ -0,0 +1,15 @@
--- a/build-tools/krb5-config.in
+++ b/build-tools/krb5-config.in
@@ -208,12 +208,6 @@
if test -n "$do_libs"; then
- # Assumes /usr/lib is the standard library directory everywhere...
- if test "$libdir" = /usr/lib; then
- libdirarg=
- else
- libdirarg="-L$libdir"
- fi
# Ugly gross hack for our build tree
lib_flags=`echo $CC_LINK | sed -e 's/\$(CC)//' \
-e 's/\$(PURE)//' \

12
sdk_container/src/third_party/coreos-overlay/app-crypt/mit-krb5/files/mit-krb5-config_LDFLAGS-r1.patch vendored Normal file
View File

@ -0,0 +1,12 @@
Bug #448778
--- a/build-tools/krb5-config.in 2012-12-18 02:47:04.000000000 +0000
+++ b/build-tools/krb5-config.in 2012-12-28 07:13:16.582693363 +0000
@@ -217,7 +217,7 @@
-e 's#\$(PROG_RPATH)#'$libdir'#' \
-e 's#\$(PROG_LIBPATH)#'$libdirarg'#' \
-e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \
- -e 's#\$(LDFLAGS)#'"$LDFLAGS"'#' \
+ -e 's#\$(LDFLAGS)##' \
-e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \
-e 's#\$(CFLAGS)##'`

35
sdk_container/src/third_party/coreos-overlay/app-crypt/mit-krb5/files/mit-krb5-warn-crossbuild.patch vendored Normal file
View File

@ -0,0 +1,35 @@
diff --git a/aclocal.m4 b/aclocal.m4
index 8709a7f5..fe6d41b4 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -746,7 +746,7 @@ AC_TRY_RUN([
#include <regex.h>
regex_t x; regmatch_t m;
int main() { return regcomp(&x,"pat.*",0) || regexec(&x,"pattern",1,&m,0); }
-], ac_cv_func_regcomp=yes, ac_cv_func_regcomp=no, AC_MSG_ERROR([Cannot test regcomp when cross compiling]))])
+], ac_cv_func_regcomp=yes, ac_cv_func_regcomp=no, AC_MSG_WARN([Cannot test regcomp when cross compiling]))])
AC_MSG_RESULT($ac_cv_func_regcomp)
test $ac_cv_func_regcomp = yes && AC_DEFINE(HAVE_REGCOMP,1,[Define if regcomp exists and functions])
dnl
@@ -1608,7 +1608,7 @@ void foo2() __attribute__((destructor));
void foo2() { unlink("conftest.2"); }
int main () { return 0; }],
[test -r conftest.1 || a=yes
-test -r conftest.2 || b=yes], , AC_MSG_ERROR(Cannot test for constructor/destructor support when cross compiling))
+test -r conftest.2 || b=yes], , AC_MSG_WARN(Cannot test for constructor/destructor support when cross compiling))
case $krb5_cv_host in
*-*-aix4.*)
# Under AIX 4.3.3, at least, shared library destructor functions
diff --git a/configure.ac b/configure.ac
index 234f4281..0e9f86dd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -928,7 +928,7 @@ int main () {
}],
ac_cv_printf_positional=yes,
ac_cv_printf_positional=no,
- AC_MSG_ERROR([Cannot test for printf positional argument support when cross compiling]))])
+ AC_MSG_WARN([Cannot test for printf positional argument support when cross compiling]))])
# Nothing for autoconf.h for now.
AC_MSG_RESULT($ac_cv_printf_positional)

10
sdk_container/src/third_party/coreos-overlay/app-crypt/mit-krb5/files/mit-krb5_dont_create_rundir.patch vendored Normal file
View File

@ -0,0 +1,10 @@
--- src/Makefile.in 2019-12-12 10:15:51.674552983 +0300
+++ src/Makefile.in 2019-12-12 10:16:33.205543490 +0300
@@ -71,7 +71,6 @@
$(KRB5_AD_MODULE_DIR) \
$(KRB5_LIBKRB5_MODULE_DIR) $(KRB5_TLS_MODULE_DIR) \
$(localstatedir) $(localstatedir)/krb5kdc \
- $(runstatedir) $(runstatedir)/krb5kdc \
$(KRB5_INCSUBDIRS) $(datadir) $(EXAMPLEDIR) \
$(PKGCONFIG_DIR)

2
sdk_container/src/third_party/coreos-overlay/app-crypt/mit-krb5/files/mit-krb5kadmind.confd vendored Normal file
View File

@ -0,0 +1,2 @@
# Define startup options for Kerberos administration server
KADMIND_OPTS=""

25
sdk_container/src/third_party/coreos-overlay/app-crypt/mit-krb5/files/mit-krb5kadmind.initd-r2 vendored Normal file
View File

@ -0,0 +1,25 @@
#!/sbin/openrc-run
#---------------------------------------------------------------------------
# This script starts/stops the MIT Kerberos 5 Admin daemon
#---------------------------------------------------------------------------
daemon="MIT Kerberos 5 Admin daemon"
exec="/usr/sbin/kadmind"
depend() {
need mit-krb5kdc
use net
}
start() {
ebegin "Starting $daemon"
start-stop-daemon --start --quiet --exec ${exec} -- ${KADMIND_OPTS} 1>&2
eend $? "Error starting $daemon"
}
stop() {
ebegin "Stopping $daemon"
start-stop-daemon --stop --quiet --exec ${exec} 1>&2
eend $? "Error stopping $daemon"
}

8
sdk_container/src/third_party/coreos-overlay/app-crypt/mit-krb5/files/mit-krb5kadmind.service vendored Normal file
View File

@ -0,0 +1,8 @@
[Unit]
Description=Kerberos 5 administration server
[Service]
ExecStart=/usr/sbin/kadmind -nofork
[Install]
WantedBy=multi-user.target

2
sdk_container/src/third_party/coreos-overlay/app-crypt/mit-krb5/files/mit-krb5kdc.confd vendored Normal file
View File

@ -0,0 +1,2 @@
# Define startup options for Kerberos KDC
KDC_OPTS=""

24
sdk_container/src/third_party/coreos-overlay/app-crypt/mit-krb5/files/mit-krb5kdc.initd-r2 vendored Normal file
View File

@ -0,0 +1,24 @@
#!/sbin/openrc-run
#---------------------------------------------------------------------------
# This script starts/stops the MIT Kerberos 5 KDC
#---------------------------------------------------------------------------
daemon="MIT Kerberos 5 KDC"
exec="/usr/sbin/krb5kdc"
depend() {
use net
}
start() {
ebegin "Starting $daemon"
start-stop-daemon --start --quiet --exec ${exec} -- ${KDC_OPTS} 1>&2
eend $? "Error starting $daemon"
}
stop() {
ebegin "Stopping $daemon"
start-stop-daemon --stop --quiet --exec ${exec} 1>&2
eend $? "Error stopping $daemon"
}

9
sdk_container/src/third_party/coreos-overlay/app-crypt/mit-krb5/files/mit-krb5kdc.service vendored Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=Kerberos 5 KDC
[Service]
ExecStart=/usr/sbin/krb5kdc -n
Restart=always
[Install]
WantedBy=multi-user.target

2
sdk_container/src/third_party/coreos-overlay/app-crypt/mit-krb5/files/mit-krb5kpropd.confd vendored Normal file
View File

@ -0,0 +1,2 @@
# Define startup options for Kerberos incremental propagation server
KPROPD_OPTS=""

24
sdk_container/src/third_party/coreos-overlay/app-crypt/mit-krb5/files/mit-krb5kpropd.initd-r2 vendored Normal file
View File

@ -0,0 +1,24 @@
#!/sbin/openrc-run
#---------------------------------------------------------------------------
# This script starts/stops the MIT Kerberos 5 kpropd
#---------------------------------------------------------------------------
daemon="MIT Kerberos 5 kpropd"
exec="/usr/sbin/kpropd"
depend() {
use net mit-krb5kdc mit-krb5kadmind
}
start() {
ebegin "Starting $daemon"
start-stop-daemon --start --quiet --exec ${exec} -- ${KPROPD_OPTS} 1>&2
eend $? "Error starting $daemon"
}
stop() {
ebegin "Stopping $daemon"
start-stop-daemon --stop --quiet --exec ${exec} 1>&2
eend $? "Error stopping $daemon"
}

8
sdk_container/src/third_party/coreos-overlay/app-crypt/mit-krb5/files/mit-krb5kpropd.service vendored Normal file
View File

@ -0,0 +1,8 @@
[Unit]
Description=Kerberos 5 propagation server
[Service]
ExecStart=/usr/sbin/kpropd -S
[Install]
WantedBy=multi-user.target

9
sdk_container/src/third_party/coreos-overlay/app-crypt/mit-krb5/files/mit-krb5kpropd.socket vendored Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=Kerberos 5 propagation server
[Socket]
ListenStream=754
Accept=yes
[Install]
WantedBy=sockets.target

8
sdk_container/src/third_party/coreos-overlay/app-crypt/mit-krb5/files/mit-krb5kpropd_at.service vendored Normal file
View File

@ -0,0 +1,8 @@
[Unit]
Description=Kerberos 5 propagation server
Conflicts=mit-krb5kpropd.service
[Service]
ExecStart=/usr/sbin/kpropd
StandardInput=socket
StandardError=syslog

22
sdk_container/src/third_party/coreos-overlay/app-crypt/mit-krb5/metadata.xml vendored Normal file
View File

@ -0,0 +1,22 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>kerberos@gentoo.org</email>
<name>Kerberos</name>
</maintainer>
<use>
<flag name="doc">
Creates and installs the API and implementation
documentation. This is only useful if you want to develop software
which depends on kerberos
</flag>
<flag name="keyutils">Enable for the keyring ccache using keyutils</flag>
<flag name="lmdb">Add support for using dev-db/lmdb for lookup tables</flag>
<flag name="pkinit">Enable pkinit support for the initial ticket</flag>
<flag name="openldap">Enable support for ldap as a database backend</flag>
</use>
<upstream>
<remote-id type="cpe">cpe:/a:mit:kerberos</remote-id>
</upstream>
</pkgmetadata>

162
sdk_container/src/third_party/coreos-overlay/app-crypt/mit-krb5/mit-krb5-1.19.2.ebuild vendored Normal file
View File

@ -0,0 +1,162 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
PYTHON_COMPAT=( python3_{6,7} )
inherit autotools flag-o-matic multilib-minimal python-any-r1 systemd toolchain-funcs
MY_P="${P/mit-}"
P_DIR=$(ver_cut 1-2)
DESCRIPTION="MIT Kerberos V"
HOMEPAGE="https://web.mit.edu/kerberos/www/"
SRC_URI="https://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}.tar.gz"
LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA CC-BY-SA-3.0 || ( BSD-2 GPL-2+ )"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86"
IUSE="cpu_flags_x86_aes doc +keyutils lmdb nls openldap +pkinit selinux +threads test xinetd"
# Test suite requires network access
RESTRICT="test"
DEPEND="
!!app-crypt/heimdal
>=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}]
|| (
>=dev-libs/libverto-0.2.5[libev,${MULTILIB_USEDEP}]
>=dev-libs/libverto-0.2.5[libevent,${MULTILIB_USEDEP}]
)
keyutils? ( >=sys-apps/keyutils-1.5.8:=[${MULTILIB_USEDEP}] )
lmdb? ( dev-db/lmdb )
nls? ( sys-devel/gettext[${MULTILIB_USEDEP}] )
openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] )
pkinit? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
xinetd? ( sys-apps/xinetd )
"
BDEPEND="
${PYTHON_DEPS}
virtual/yacc
cpu_flags_x86_aes? (
amd64? ( dev-lang/yasm )
x86? ( dev-lang/yasm )
)
doc? ( virtual/latex-base )
test? (
${PYTHON_DEPS}
dev-lang/tcl:0
dev-util/dejagnu
dev-util/cmocka
)"
RDEPEND="${DEPEND}
selinux? ( sec-policy/selinux-kerberos )"
S=${WORKDIR}/${MY_P}/src
PATCHES=(
"${FILESDIR}/${PN}-1.12_warn_cflags.patch"
"${FILESDIR}/${PN}-config_LDFLAGS-r1.patch"
"${FILESDIR}/${PN}_dont_create_rundir.patch"
"${FILESDIR}/${PN}-1.18.2-krb5-config.patch"
"${FILESDIR}/${PN}-warn-crossbuild.patch"
)
MULTILIB_CHOST_TOOLS=(
/usr/bin/krb5-config
)
src_prepare() {
default
# Make sure we always use the system copies.
rm -rf util/{et,ss,verto}
sed -i 's:^[[:space:]]*util/verto$::' configure.ac || die
eautoreconf
}
src_configure() {
# QA
append-flags -fno-strict-aliasing
append-flags -fno-strict-overflow
multilib-minimal_src_configure
}
multilib_src_configure() {
ECONF_SOURCE=${S} \
AR="$(tc-getAR)" \
WARN_CFLAGS="set" \
econf \
$(use_with openldap ldap) \
"$(multilib_native_use_with test tcl "${EPREFIX}/usr")" \
$(use_enable nls) \
$(use_enable pkinit) \
$(use_enable threads thread-support) \
$(use_with lmdb) \
$(use_with keyutils) \
--without-hesiod \
--enable-shared \
--with-system-et \
--with-system-ss \
--enable-dns-for-realm \
--enable-kdc-lookaside-cache \
--with-system-verto \
--disable-rpath
}
multilib_src_compile() {
emake -j1
}
multilib_src_test() {
multilib_is_native_abi && emake -j1 check
}
multilib_src_install() {
emake \
DESTDIR="${D}" \
EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \
install
}
multilib_src_install_all() {
# default database dir
keepdir /var/lib/krb5kdc
cd ..
dodoc README
if use doc; then
dodoc -r doc/html
docinto pdf
dodoc doc/pdf/*.pdf
fi
newinitd "${FILESDIR}"/mit-krb5kadmind.initd-r2 mit-krb5kadmind
newinitd "${FILESDIR}"/mit-krb5kdc.initd-r2 mit-krb5kdc
newinitd "${FILESDIR}"/mit-krb5kpropd.initd-r2 mit-krb5kpropd
newconfd "${FILESDIR}"/mit-krb5kadmind.confd mit-krb5kadmind
newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc
newconfd "${FILESDIR}"/mit-krb5kpropd.confd mit-krb5kpropd
systemd_newunit "${FILESDIR}"/mit-krb5kadmind.service mit-krb5kadmind.service
systemd_newunit "${FILESDIR}"/mit-krb5kdc.service mit-krb5kdc.service
systemd_newunit "${FILESDIR}"/mit-krb5kpropd.service mit-krb5kpropd.service
systemd_newunit "${FILESDIR}"/mit-krb5kpropd_at.service "mit-krb5kpropd@.service"
systemd_newunit "${FILESDIR}"/mit-krb5kpropd.socket mit-krb5kpropd.socket
insinto /etc
newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example
insinto /var/lib/krb5kdc
newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example
if use openldap ; then
insinto /etc/openldap/schema
doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema"
fi
if use xinetd ; then
insinto /etc/xinetd.d
newins "${FILESDIR}/kpropd.xinetd" kpropd
fi
}

3
sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntools/Manifest vendored Normal file
View File

@ -0,0 +1,3 @@
DIST sbsigntool-0.8-ccan.tar.gz 113537 BLAKE2B 8fbf27463d30c1895930628a145be2d521ae4f6adb7af3299bf2f5f4319fd643df0a07347ef6851bd41d233af4c3fc5f77002771af1c43aa0f20665aef2390b8 SHA512 6857096879f116f1802eb6b44789cbea7bb24440bc0f16503aeadf5f276fa45943f322f844dbb9abee717655205d82b830143be3a7f4424fd4146b9360674a09
DIST sbsigntool_0.6.orig.tar.gz 212375 BLAKE2B fab9141c7fbfa01ec24f975503ac83be4ae0664251a1311afb3d95124fec3750ce20a5ffab35b6965d4ee4585ab4ee91f25ae49488214a983b6fc006071d0968 SHA512 ed314d1cb7278cf5f27d4c3cd17f2195678419a7f9e47770429b6f95df35f7df035331e60c45970183ddd9b150a9b752f876c777929598b0525872b3255af95c
DIST sbsigntools-0.9.1.tar.gz 56497 BLAKE2B 22791bd4b490f36963a19e82da3ce7b93a56d948bf44d1ffdb62fa3291a3f815b2c19d68f9180b607c2b1438f656367ec1f9002f0b1225734d16a9aadc6d20ec SHA512 ae16232327c098bbc60a9701185d856d851cb7fa8f62be64d3c8f75c8b274b8521fcc4212226189def05db980690878ee6ac9a9b418166c92442aaf35e790d29

29
sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntools/files/0002-image.c-clear-image-variable.patch vendored Normal file
View File

@ -0,0 +1,29 @@
From 21e984fa9d93a760cc03f5d9d13d023809227df2 Mon Sep 17 00:00:00 2001
From: James Bottomley <JBottomley@Parallels.com>
Date: Thu, 11 Apr 2013 21:12:17 -0700
Subject: image.c: clear image variable
Not zeroing the image after talloc occasionally leads to a segfault because
the programme thinks it has a signature when in reality it just has a junk
pointer and segfaults.
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
---
src/image.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/image.c b/src/image.c
index cc55791..10eba0e 100644
--- a/src/image.c
+++ b/src/image.c
@@ -401,6 +401,7 @@ struct image *image_load(const char *filename)
return NULL;
}
+ memset(image, 0, sizeof(*image));
rc = fileio_read_file(image, filename, &image->buf, &image->size);
if (rc)
goto err;
--
1.8.2.1

39
sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntools/files/0003-Fix-for-multi-sign.patch vendored Normal file
View File

@ -0,0 +1,39 @@
From e58a528ef57e53008222f238cce7c326a14572e2 Mon Sep 17 00:00:00 2001
From: James Bottomley <JBottomley@Parallels.com>
Date: Mon, 30 Sep 2013 19:25:37 -0700
Subject: [PATCH 4/4] Fix for multi-sign
The new Tianocore multi-sign code fails now for images signed with
sbsigntools. The reason is that we don't actually align the signature table,
we just slap it straight after the binary data. Unfortunately, the new
multi-signature code checks that our alignment offsets are correct and fails
the signature for this reason. Fix by adding junk to the end of the image to
align the signature section.
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
---
src/image.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/image.c b/src/image.c
index 10eba0e..519e288 100644
--- a/src/image.c
+++ b/src/image.c
@@ -385,7 +385,13 @@ static int image_find_regions(struct image *image)
/* record the size of non-signature data */
r = &image->checksum_regions[image->n_checksum_regions - 1];
- image->data_size = (r->data - (void *)image->buf) + r->size;
+ /*
+ * The new Tianocore multisign does a stricter check of the signatures
+ * in particular, the signature table must start at an aligned offset
+ * fix this by adding bytes to the end of the text section (which must
+ * be included in the hash)
+ */
+ image->data_size = align_up((r->data - (void *)image->buf) + r->size, 8);
return 0;
}
--
1.8.4

152
sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntools/files/sbsigntools-0.9.1-openssl-1.1.0-compat.patch vendored Normal file
View File

@ -0,0 +1,152 @@
diff --git a/src/fileio.c b/src/fileio.c
index 032eb1e..09bc3aa 100644
--- a/src/fileio.c
+++ b/src/fileio.c
@@ -40,6 +40,7 @@
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/engine.h>
+#include <openssl/ui.h>
#include <ccan/talloc/talloc.h>
#include <ccan/read_write_all/read_write_all.h>
diff --git a/src/idc.c b/src/idc.c
index 236cefd..6d87bd4 100644
--- a/src/idc.c
+++ b/src/idc.c
@@ -238,7 +238,11 @@ struct idc *IDC_get(PKCS7 *p7, BIO *bio)
/* extract the idc from the signed PKCS7 'other' data */
str = p7->d.sign->contents->d.other->value.asn1_string;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
idcbuf = buf = ASN1_STRING_data(str);
+#else
+ idcbuf = buf = ASN1_STRING_get0_data(str);
+#endif
idc = d2i_IDC(NULL, &buf, ASN1_STRING_length(str));
/* If we were passed a BIO, write the idc data, minus type and length,
@@ -289,7 +293,11 @@ int IDC_check_hash(struct idc *idc, struct image *image)
}
/* check hash against the one we calculated from the image */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
buf = ASN1_STRING_data(str);
+#else
+ buf = ASN1_STRING_get0_data(str);
+#endif
if (memcmp(buf, sha, sizeof(sha))) {
fprintf(stderr, "Hash doesn't match image\n");
fprintf(stderr, " got: %s\n", sha256_str(buf));
diff --git a/src/sbattach.c b/src/sbattach.c
index a0c01b8..e89a23e 100644
--- a/src/sbattach.c
+++ b/src/sbattach.c
@@ -231,6 +231,7 @@ int main(int argc, char **argv)
return EXIT_FAILURE;
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
ERR_load_crypto_strings();
OpenSSL_add_all_digests();
OPENSSL_config(NULL);
@@ -239,6 +240,7 @@ int main(int argc, char **argv)
* module isn't present). In either case ignore the errors
* (malloc will cause other failures out lower down */
ERR_clear_error();
+#endif
image = image_load(image_filename);
if (!image) {
diff --git a/src/sbkeysync.c b/src/sbkeysync.c
index 7b17f40..419b1e7 100644
--- a/src/sbkeysync.c
+++ b/src/sbkeysync.c
@@ -208,7 +208,11 @@ static int x509_key_parse(struct key *key, uint8_t *data, size_t len)
goto out;
key->id_len = ASN1_STRING_length(serial);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
key->id = talloc_memdup(key, ASN1_STRING_data(serial), key->id_len);
+#else
+ key->id = talloc_memdup(key, ASN1_STRING_get0_data(serial), key->id_len);
+#endif
key->description = talloc_array(key, char, description_len);
X509_NAME_oneline(X509_get_subject_name(x509),
@@ -927,6 +931,7 @@ int main(int argc, char **argv)
return EXIT_FAILURE;
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
ERR_load_crypto_strings();
OpenSSL_add_all_digests();
OpenSSL_add_all_ciphers();
@@ -936,6 +941,7 @@ int main(int argc, char **argv)
* module isn't present). In either case ignore the errors
* (malloc will cause other failures out lower down */
ERR_clear_error();
+#endif
ctx->filesystem_keys = init_keyset(ctx);
ctx->firmware_keys = init_keyset(ctx);
diff --git a/src/sbsign.c b/src/sbsign.c
index ff1fdfd..78d8d64 100644
--- a/src/sbsign.c
+++ b/src/sbsign.c
@@ -188,6 +188,7 @@ int main(int argc, char **argv)
talloc_steal(ctx, ctx->image);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
ERR_load_crypto_strings();
OpenSSL_add_all_digests();
OpenSSL_add_all_ciphers();
@@ -197,6 +198,7 @@ int main(int argc, char **argv)
* module isn't present). In either case ignore the errors
* (malloc will cause other failures out lower down */
ERR_clear_error();
+#endif
if (engine)
pkey = fileio_read_engine_key(engine, keyfilename);
else
diff --git a/src/sbvarsign.c b/src/sbvarsign.c
index 7dcbe51..9319c8b 100644
--- a/src/sbvarsign.c
+++ b/src/sbvarsign.c
@@ -509,6 +509,7 @@ int main(int argc, char **argv)
return EXIT_FAILURE;
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
/* initialise openssl */
OpenSSL_add_all_digests();
OpenSSL_add_all_ciphers();
@@ -519,6 +520,7 @@ int main(int argc, char **argv)
* module isn't present). In either case ignore the errors
* (malloc will cause other failures out lower down */
ERR_clear_error();
+#endif
/* set up the variable signing context */
varname = argv[optind];
diff --git a/src/sbverify.c b/src/sbverify.c
index 3920d91..d0b203a 100644
--- a/src/sbverify.c
+++ b/src/sbverify.c
@@ -250,6 +250,7 @@ int main(int argc, char **argv)
verbose = false;
detached_sig_filename = NULL;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
OpenSSL_add_all_digests();
ERR_load_crypto_strings();
OPENSSL_config(NULL);
@@ -258,6 +259,7 @@ int main(int argc, char **argv)
* module isn't present). In either case ignore the errors
* (malloc will cause other failures out lower down */
ERR_clear_error();
+#endif
for (;;) {
int idx;

10
sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntools/metadata.xml vendored Normal file
View File

@ -0,0 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>tamiko@gentoo.org</email>
</maintainer>
<upstream>
<remote-id type="launchpad">ubuntu</remote-id>
</upstream>
</pkgmetadata>

Some files were not shown because too many files have changed in this diff Show More