From 6b2771eb2d060eb889f30c1dd25349797b07ff6f Mon Sep 17 00:00:00 2001 From: Sayan Chowdhury Date: Tue, 6 Feb 2024 15:28:05 +0530 Subject: [PATCH] sys-apps/systemd: Apply Flatcar patches Signed-off-by: Adrian Vladu --- .../0001-wait-online-set-any-by-default.patch | 32 + ...fault-to-kernel-IPForwarding-setting.patch | 24 + ...ate-don-t-require-strictly-newer-usr.patch | 58 ++ ...004-core-use-max-for-DefaultTasksMax.patch | 64 ++ ...d-Disable-SELinux-permissions-checks.patch | 29 + ...-Pass-tty-to-use-by-agetty-via-stdin.patch | 95 +++ ...s-Keep-using-old-journal-file-format.patch | 42 ++ ...-when-resetting-PID-also-reset-known.patch | 40 ++ .../sys-apps/systemd/files/99-default.preset | 2 + .../sys-apps/systemd/files/nsswitch.conf | 27 - .../systemd/files/systemd-flatcar.conf | 10 + .../systemd/files/systemd-resolv.conf | 2 + .../sys-apps/systemd/files/systemd-user.pam | 5 - .../systemd/systemd-252.3.ebuild.html | 650 ------------------ .../sys-apps/systemd/systemd-254.5-r2.ebuild | 539 --------------- .../sys-apps/systemd/systemd-254.7-r1.ebuild | 539 --------------- .../sys-apps/systemd/systemd-254.8-r1.ebuild | 540 --------------- .../sys-apps/systemd/systemd-254.9.ebuild | 540 --------------- .../sys-apps/systemd/systemd-255.2-r2.ebuild | 524 -------------- .../sys-apps/systemd/systemd-255.3.ebuild | 268 +++++++- .../sys-apps/systemd/systemd-9999.ebuild | 524 -------------- 21 files changed, 635 insertions(+), 3919 deletions(-) create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-wait-online-set-any-by-default.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-networkd-default-to-kernel-IPForwarding-setting.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0003-needs-update-don-t-require-strictly-newer-usr.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-core-use-max-for-DefaultTasksMax.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-systemd-Disable-SELinux-permissions-checks.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-units-Keep-using-old-journal-file-format.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0008-Revert-core-service-when-resetting-PID-also-reset-known.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-default.preset delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/nsswitch.conf create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-resolv.conf delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-user.pam delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-252.3.ebuild.html delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-254.5-r2.ebuild delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-254.7-r1.ebuild delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-254.8-r1.ebuild delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-254.9.ebuild delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-255.2-r2.ebuild delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-wait-online-set-any-by-default.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-wait-online-set-any-by-default.patch new file mode 100644 index 0000000000..d72a506d4f --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-wait-online-set-any-by-default.patch @@ -0,0 +1,32 @@ +From 02ebe43df912c7090a155484fbd1b422c4f438f4 Mon Sep 17 00:00:00 2001 +From: David Michael +Date: Tue, 16 Apr 2019 02:44:51 +0000 +Subject: [PATCH 1/7] wait-online: set --any by default + +The systemd-networkd-wait-online command would normally continue +waiting after a network interface is usable if other interfaces are +still configuring. There is a new flag --any to change this. + +Preserve previous Container Linux behavior for compatibility by +setting the --any flag by default. See patches from v241 (or +earlier) for the original implementation. +--- + src/network/wait-online/wait-online.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/network/wait-online/wait-online.c b/src/network/wait-online/wait-online.c +index a679b858fa..3b6dad8d1d 100644 +--- a/src/network/wait-online/wait-online.c ++++ b/src/network/wait-online/wait-online.c +@@ -20,7 +20,7 @@ static Hashmap *arg_interfaces = NULL; + static char **arg_ignore = NULL; + static LinkOperationalStateRange arg_required_operstate = { _LINK_OPERSTATE_INVALID, _LINK_OPERSTATE_INVALID }; + static AddressFamily arg_required_family = ADDRESS_FAMILY_NO; +-static bool arg_any = false; ++static bool arg_any = true; + + STATIC_DESTRUCTOR_REGISTER(arg_interfaces, hashmap_free_free_freep); + STATIC_DESTRUCTOR_REGISTER(arg_ignore, strv_freep); +-- +2.25.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-networkd-default-to-kernel-IPForwarding-setting.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-networkd-default-to-kernel-IPForwarding-setting.patch new file mode 100644 index 0000000000..a6fde47f6f --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-networkd-default-to-kernel-IPForwarding-setting.patch @@ -0,0 +1,24 @@ +From e124d3716ada4fc7c34278435a61d51b07b61024 Mon Sep 17 00:00:00 2001 +From: Nick Owens +Date: Tue, 2 Jun 2015 18:22:32 -0700 +Subject: [PATCH 2/7] networkd: default to "kernel" IPForwarding setting + +--- + src/network/networkd-network.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c +index a6c5b44238..54f9d12fec 100644 +--- a/src/network/networkd-network.c ++++ b/src/network/networkd-network.c +@@ -465,6 +465,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi + .link_local = _ADDRESS_FAMILY_INVALID, + .ipv6ll_address_gen_mode = _IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_INVALID, + ++ .ip_forward = _ADDRESS_FAMILY_INVALID, + .ipv4_accept_local = -1, + .ipv4_route_localnet = -1, + .ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO, +-- +2.25.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0003-needs-update-don-t-require-strictly-newer-usr.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0003-needs-update-don-t-require-strictly-newer-usr.patch new file mode 100644 index 0000000000..96f030a3cf --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0003-needs-update-don-t-require-strictly-newer-usr.patch @@ -0,0 +1,58 @@ +From a8366f0ddffabef08c010064ea62e64d7276a0f3 Mon Sep 17 00:00:00 2001 +From: Alex Crawford +Date: Wed, 2 Mar 2016 10:46:33 -0800 +Subject: [PATCH 3/7] needs-update: don't require strictly newer usr + +Updates should be triggered whenever usr changes, not only when it is newer. +--- + man/systemd-update-done.service.xml | 2 +- + src/shared/condition.c | 6 +++--- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/man/systemd-update-done.service.xml b/man/systemd-update-done.service.xml +index 3393010ff6..5478baca25 100644 +--- a/man/systemd-update-done.service.xml ++++ b/man/systemd-update-done.service.xml +@@ -50,7 +50,7 @@ + ConditionNeedsUpdate= (see + systemd.unit5) + condition to make sure to run when /etc/ or +- /var/ are older than /usr/ ++ /var/ aren't the same age as /usr/ + according to the modification times of the files described above. + This requires that updates to /usr/ are always + followed by an update of the modification time of +diff --git a/src/shared/condition.c b/src/shared/condition.c +index a23d6a3e45..8ca1f4606f 100644 +--- a/src/shared/condition.c ++++ b/src/shared/condition.c +@@ -792,7 +792,7 @@ static int condition_test_needs_update(Condition *c, char **env) { + * First, compare seconds as they are always accurate... + */ + if (usr.st_mtim.tv_sec != other.st_mtim.tv_sec) +- return usr.st_mtim.tv_sec > other.st_mtim.tv_sec; ++ return true; + + /* + * ...then compare nanoseconds. +@@ -803,7 +803,7 @@ static int condition_test_needs_update(Condition *c, char **env) { + * (otherwise the filesystem supports nsec timestamps, see stat(2)). + */ + if (usr.st_mtim.tv_nsec == 0 || other.st_mtim.tv_nsec > 0) +- return usr.st_mtim.tv_nsec > other.st_mtim.tv_nsec; ++ return usr.st_mtim.tv_nsec != other.st_mtim.tv_nsec; + + _cleanup_free_ char *timestamp_str = NULL; + r = parse_env_file(NULL, p, "TIMESTAMP_NSEC", ×tamp_str); +@@ -823,7 +823,7 @@ static int condition_test_needs_update(Condition *c, char **env) { + return true; + } + +- return timespec_load_nsec(&usr.st_mtim) > timestamp; ++ return timespec_load_nsec(&usr.st_mtim) != timestamp; + } + + static int condition_test_first_boot(Condition *c, char **env) { +-- +2.25.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-core-use-max-for-DefaultTasksMax.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-core-use-max-for-DefaultTasksMax.patch new file mode 100644 index 0000000000..dfd6dbd492 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-core-use-max-for-DefaultTasksMax.patch @@ -0,0 +1,64 @@ +From 4cdbcf5df9a2fd165385465bd5be9b8cdb78f83a Mon Sep 17 00:00:00 2001 +From: Adrian Vladu +Date: Fri, 16 Feb 2024 11:22:08 +0000 +Subject: [PATCH] [PATCH 4/7] core: use max for DefaultTasksMax + +Since systemd v228, systemd has a DefaultTasksMax which defaulted +to 512, later 15% of the system's maximum number of PIDs. This +limit is low and a change in behavior that people running services +in containers will hit frequently, so revert to previous behavior. + +Though later the TasksMax was changed in the a dynamic property to +accommodate stale values. + +This change is built on previous patch by David Michael(dm0-). + +Signed-off-by: Adrian Vladu +--- + man/systemd-system.conf.xml | 2 +- + src/core/manager.c | 2 +- + src/core/system.conf.in | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml +index 31b6421399..52819ae8b7 100644 +--- a/man/systemd-system.conf.xml ++++ b/man/systemd-system.conf.xml +@@ -515,7 +515,7 @@ + Configure the default value for the per-unit TasksMax= setting. See + systemd.resource-control5 + for details. This setting applies to all unit types that support resource control settings, with the exception +- of slice units. Defaults to 15% of the minimum of kernel.pid_max=, kernel.threads-max= ++ of slice units. Defaults to 100% of the minimum of kernel.pid_max=, kernel.threads-max= + and root cgroup pids.max. + Kernel has a default value for kernel.pid_max= and an algorithm of counting in case of more than 32 cores. + For example, with the default kernel.pid_max=, DefaultTasksMax= defaults to 4915, +diff --git a/src/core/manager.c b/src/core/manager.c +index e8c747d96d..df9269aab8 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -114,7 +114,7 @@ + /* How many units and jobs to process of the bus queue before returning to the event loop. */ + #define MANAGER_BUS_MESSAGE_BUDGET 100U + +-#define DEFAULT_TASKS_MAX ((CGroupTasksMax) { 15U, 100U }) /* 15% */ ++#define DEFAULT_TASKS_MAX ((CGroupTasksMax) { 100U, 100U }) /* 15% */ + + static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata); + static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata); +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index 9b89a6aa77..5a7e92ab5a 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -59,7 +59,7 @@ + #DefaultIPAccounting=no + #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }} + #DefaultTasksAccounting=yes +-#DefaultTasksMax=15% ++#DefaultTasksMax=100% + #DefaultLimitCPU= + #DefaultLimitFSIZE= + #DefaultLimitDATA= +-- +2.34.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-systemd-Disable-SELinux-permissions-checks.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-systemd-Disable-SELinux-permissions-checks.patch new file mode 100644 index 0000000000..75d421ea08 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-systemd-Disable-SELinux-permissions-checks.patch @@ -0,0 +1,29 @@ +From 0a5e52f5511cd7a5312d06abff12bc432bdedc96 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Tue, 20 Dec 2016 16:43:22 +0000 +Subject: [PATCH 5/7] systemd: Disable SELinux permissions checks + +We don't care about the interaction between systemd and SELinux policy, so +let's just disable these checks rather than having to incorporate policy +support. This has no impact on our SELinux use-case, which is purely intended +to limit containers and not anything running directly on the host. +--- + src/core/selinux-access.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c +index 11dbf4640e..c839a4f39e 100644 +--- a/src/core/selinux-access.c ++++ b/src/core/selinux-access.c +@@ -2,7 +2,7 @@ + + #include "selinux-access.h" + +-#if HAVE_SELINUX ++#if 0 + + #include + #include +-- +2.25.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch new file mode 100644 index 0000000000..6c4f35cff4 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch @@ -0,0 +1,95 @@ +From ede353ea720f07b7b19fa638d5a59a7471237e2d Mon Sep 17 00:00:00 2001 +From: Sayan Chowdhury +Date: Fri, 16 Dec 2022 16:28:26 +0530 +Subject: [PATCH 6/7] Revert "getty: Pass tty to use by agetty via stdin" + +This reverts commit b4bf9007cbee7dc0b1356897344ae2a7890df84c. + +This is to work around a SELinux denial that happens when setting up standard +input for serial consoles (which is used for SSH connections). + +Signed-off-by: Sayan Chowdhury +--- + units/console-getty.service.in | 4 +--- + units/container-getty@.service.in | 4 +--- + units/getty@.service.in | 4 +--- + units/serial-getty@.service.in | 4 +--- + 4 files changed, 4 insertions(+), 12 deletions(-) + +diff --git a/units/console-getty.service.in b/units/console-getty.service.in +index 606b7dbe16..54fd7c292d 100644 +--- a/units/console-getty.service.in ++++ b/units/console-getty.service.in +@@ -22,12 +22,10 @@ ConditionPathExists=/dev/console + [Service] + # The '-o' option value tells agetty to replace 'login' arguments with an option to preserve environment (-p), + # followed by '--' for safety, and then the entered username. +-ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud - 115200,38400,9600 $TERM ++ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud console 115200,38400,9600 $TERM + Type=idle + Restart=always + UtmpIdentifier=cons +-StandardInput=tty +-StandardOutput=tty + TTYPath=/dev/console + TTYReset=yes + TTYVHangup=yes +diff --git a/units/container-getty@.service.in b/units/container-getty@.service.in +index 8d7e20d5ec..5f095f48b0 100644 +--- a/units/container-getty@.service.in ++++ b/units/container-getty@.service.in +@@ -27,13 +27,11 @@ Before=rescue.service + [Service] + # The '-o' option value tells agetty to replace 'login' arguments with an option to preserve environment (-p), + # followed by '--' for safety, and then the entered username. +-ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear - $TERM ++ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud pts/%I 115200,38400,9600 $TERM + Type=idle + Restart=always + RestartSec=0 + UtmpIdentifier=pts/%I +-StandardInput=tty +-StandardOutput=tty + TTYPath=/dev/pts/%I + TTYReset=yes + TTYVHangup=yes +diff --git a/units/getty@.service.in b/units/getty@.service.in +index 21d66f9367..78deb7cffe 100644 +--- a/units/getty@.service.in ++++ b/units/getty@.service.in +@@ -38,13 +38,11 @@ ConditionPathExists=/dev/tty0 + # The '-o' option value tells agetty to replace 'login' arguments with an + # option to preserve environment (-p), followed by '--' for safety, and then + # the entered username. +-ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear - $TERM ++ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear %I $TERM + Type=idle + Restart=always + RestartSec=0 + UtmpIdentifier=%I +-StandardInput=tty +-StandardOutput=tty + TTYPath=/dev/%I + TTYReset=yes + TTYVHangup=yes +diff --git a/units/serial-getty@.service.in b/units/serial-getty@.service.in +index 2433124c55..bb7af3105d 100644 +--- a/units/serial-getty@.service.in ++++ b/units/serial-getty@.service.in +@@ -33,12 +33,10 @@ Before=rescue.service + # The '-o' option value tells agetty to replace 'login' arguments with an + # option to preserve environment (-p), followed by '--' for safety, and then + # the entered username. +-ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,57600,38400,9600 - $TERM ++ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,57600,38400,9600 %I $TERM + Type=idle + Restart=always + UtmpIdentifier=%I +-StandardInput=tty +-StandardOutput=tty + TTYPath=/dev/%I + TTYReset=yes + TTYVHangup=yes +-- +2.25.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-units-Keep-using-old-journal-file-format.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-units-Keep-using-old-journal-file-format.patch new file mode 100644 index 0000000000..a6734671fa --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-units-Keep-using-old-journal-file-format.patch @@ -0,0 +1,42 @@ +From 44374d98fb65ff5fdbc2a7d07a076b50b8f2b003 Mon Sep 17 00:00:00 2001 +From: Adrian Vladu +Date: Fri, 16 Feb 2024 11:29:04 +0000 +Subject: [PATCH] [PATCH 7/7] units: Keep using old journal file format + +Systemd 252 made an incompatible change in journal file format. Temporarily +force journald to use the old journal format to give logging containers more +time to adapt to the new format. + +Signed-off-by: Adrian Vladu +--- + units/systemd-journald.service.in | 1 + + units/systemd-journald@.service.in | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in +index 37eeabc510..e5030a81bd 100644 +--- a/units/systemd-journald.service.in ++++ b/units/systemd-journald.service.in +@@ -27,6 +27,7 @@ IgnoreOnIsolate=yes + + [Service] + DeviceAllow=char-* rw ++Environment=SYSTEMD_JOURNAL_COMPACT=0 + ExecStart={{LIBEXECDIR}}/systemd-journald + FileDescriptorStoreMax=4224 + IPAddressDeny=any +diff --git a/units/systemd-journald@.service.in b/units/systemd-journald@.service.in +index c3bcb08533..8780783cf6 100644 +--- a/units/systemd-journald@.service.in ++++ b/units/systemd-journald@.service.in +@@ -21,6 +21,7 @@ Conflicts=soft-reboot.target + [Service] + CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE + DevicePolicy=closed ++Environment=SYSTEMD_JOURNAL_COMPACT=0 + ExecStart={{LIBEXECDIR}}/systemd-journald %i + FileDescriptorStoreMax=4224 + Group=systemd-journal +-- +2.34.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0008-Revert-core-service-when-resetting-PID-also-reset-known.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0008-Revert-core-service-when-resetting-PID-also-reset-known.patch new file mode 100644 index 0000000000..b793894109 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0008-Revert-core-service-when-resetting-PID-also-reset-known.patch @@ -0,0 +1,40 @@ +From 34e834f496338fdc2a8a8cc771cba4082079cf9a Mon Sep 17 00:00:00 2001 +From: msizanoen +Date: Mon, 12 Jun 2023 10:30:12 +0700 +Subject: [PATCH] Revert "core/service: when resetting PID also reset known + flag" + +This reverts commit ff32060f2ed37b68dc26256b05e2e69013b0ecfe. + +This change is incorrect as we don't want to mark the PID as invalid but +only mark it as dead. + +The change in question also breaks user level socket activation for +`podman.service` as the termination of the main `podman system service` +process is not properly handled, causing any application accessing the +socket to hang. + +This is because the user-level `podman.service` unit also hosts two +non-main processes: `rootlessport` and `rootlessport-child` which causes +the `cgroup_good` check to still succeed. + +The original submitter of this commit is recommended to find another +more correct way to fix the cgroupsv1 issue on CentOS 8. + +(cherry picked from commit f29f0877c5abfd03060838d1812ea6fdff3b0b37) +--- + src/core/service.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/core/service.c b/src/core/service.c +index c05f13c765..211f72900e 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -3529,7 +3529,6 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) { + return; + + s->main_pid = 0; +- s->main_pid_known = false; + exec_status_exit(&s->main_exec_status, &s->exec_context, pid, code, status); + + if (s->main_command) { diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-default.preset b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-default.preset new file mode 100644 index 0000000000..d2545d5d1d --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-default.preset @@ -0,0 +1,2 @@ +# Do not enable any services if /etc is detected as empty. +disable * diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/nsswitch.conf b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/nsswitch.conf deleted file mode 100644 index 91dbe757f9..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/nsswitch.conf +++ /dev/null @@ -1,27 +0,0 @@ -# Sample nss configuration for systemd - -# systemd-specific modules -# See the manual pages fore further information. -# nss-myhostname - host resolution for the local hostname -# nss-mymachines - host, user, group resolution for containers -# nss-resolve - host resolution using resolved -# nss-systemd - dynamic user/group resolution (DynamicUser in unit files) - -passwd: files mymachines systemd -shadow: files -group: files mymachines systemd -gshadow: files - -hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname -networks: files - -services: db files -protocols: db files -rpc: db files -ethers: db files -netmasks: files -netgroup: files -bootparams: files - -automount: files -aliases: files diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf new file mode 100644 index 0000000000..2b72383153 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf @@ -0,0 +1,10 @@ +# The list of directories is taken from Gentoo ebuild, where they use +# keepdir. The list isn't sorted, but tries to preserve the order of +# keepdir lines from Gentoo ebuild for easier comparisons. We skip the +# directories in /usr, though. +d /var/lib/systemd - - - - - +d /var/log/journal - - - - - +d /etc/sysctl.d - - - - - + +# This seems to be our own addition. +d /var/log/journal/remote - systemd-journal-remote systemd-journal-remote - - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-resolv.conf b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-resolv.conf new file mode 100644 index 0000000000..32b7e9d214 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-resolv.conf @@ -0,0 +1,2 @@ +d /run/systemd/network - - - - - +L /run/systemd/network/resolv.conf - - - - ../resolve/resolv.conf diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-user.pam b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-user.pam deleted file mode 100644 index 38ae3211f8..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-user.pam +++ /dev/null @@ -1,5 +0,0 @@ -account include system-auth - -session required pam_loginuid.so -session include system-auth -session optional pam_systemd.so diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-252.3.ebuild.html b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-252.3.ebuild.html deleted file mode 100644 index d215d6f747..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-252.3.ebuild.html +++ /dev/null @@ -1,650 +0,0 @@ - - - - -~/code/work/gentoo/sys-apps/systemd/systemd-252.3.ebuild.html - - - - - - - - - - -
-  1 # Copyright 2011-2022 Gentoo Authors
-  2 # Distributed under the terms of the GNU General Public License v2
-  3 
-  4 EAPI=7
-  5 PYTHON_COMPAT=( python3_{8..11} )                                                                                                                                         
-  6 
-  7 # Avoid QA warnings
-  8 TMPFILES_OPTIONAL=1
-  9 UDEV_OPTIONAL=1                                                                                                                                                           
- 10                                                                                                                                                                           
- 11 QA_PKGCONFIG_VERSION=$(ver_cut 1)                                                                                                                                         
- 12 
- 13 if [[ ${PV} == 9999 ]]; then
- 14   EGIT_REPO_URI="https://github.com/systemd/systemd.git"
- 15   inherit git-r3
- 16 else
- 17   if [[ ${PV} == *.* ]]; then
- 18 +--  2 lines: MY_PN=systemd-stable--------------------------------------------------------------------------------------------------------------------------------------------
- 20     MY_PN=systemd
- 21   fi
- 22   MY_PV=${PV/_/-}
- 23   MY_P=${MY_PN}-${MY_PV}
- 24   S=${WORKDIR}/${MY_P}
- 25   SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
- 26   KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"                                                                
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- 27 fi
- 28 
- 29 inherit bash-completion-r1 flag-o-matic linux-info meson-multilib pam                                                                                                     
- 30 inherit python-any-r1 systemd toolchain-funcs udev usr-ldscript                                                                                                           
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- 31 
- 32 DESCRIPTION="System and service manager for Linux"
- 33 HOMEPAGE="http://systemd.io/"                                                                                                                                             
- 34 
- 35 LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
- 36 SLOT="0/2"
- 37 IUSE="
- 38   acl apparmor audit cgroup-hybrid cryptsetup curl +dns-over-tls elfutils                                                                                                 
- 39   fido2 +gcrypt gnuefi gnutls homed http idn importd iptables +kmod                                                                                                       
- 40   +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode                                                                                                           
- 41   +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd
- 42 "
- 43 REQUIRED_USE="
- 44   dns-over-tls? ( || ( gnutls openssl ) )
- 45   homed? ( cryptsetup pam openssl )
- 46   importd? ( curl lzma || ( gcrypt openssl ) )
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- 47   pwquality? ( homed )
- 48 "
- 49 RESTRICT="!test? ( test )"
- 50 
- 51 MINKV="4.15"                                                                                                                                                              
- 52 
- 53 COMMON_DEPEND="
- 54   >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
- 55   sys-libs/libcap:0=[${MULTILIB_USEDEP}]
- 56   virtual/libcrypt:=[${MULTILIB_USEDEP}]
- 57   acl? ( sys-apps/acl:0= )
- 58 +-- 11 lines: apparmor? ( sys-libs/libapparmor:0= )---------------------------------------------------------------------------------------------------------------------------
- 69     app-arch/bzip2:0=
- 70     sys-libs/zlib:0=
- 71   )
- 72   kmod? ( >=sys-apps/kmod-15:0= )
- 73   lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
- 74   lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
- 75   iptables? ( net-firewall/iptables:0= )                                                                                                                                  
- 76   openssl? ( >=dev-libs/openssl-1.1.0:0= )
- 77   pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
- 78   pkcs11? ( app-crypt/p11-kit:0= )
- 79   pcre? ( dev-libs/libpcre2 )
- 80   pwquality? ( dev-libs/libpwquality:0= )
- 81   qrcode? ( media-gfx/qrencode:0= )
- 82 +-- 36 lines: seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )---------------------------------------------------------------------------------------------------------------------
-118   >=acct-user/systemd-coredump-0-r1
-119   >=acct-user/systemd-network-0-r1
-120   acct-user/systemd-oom
-121   >=acct-user/systemd-resolve-0-r1
-122   >=acct-user/systemd-timesync-0-r1
-123   >=sys-apps/baselayout-2.2
-124   selinux? (                                                                                                                                                              
-125     sec-policy/selinux-base-policy[systemd]                                                                                                                               
-126     sec-policy/selinux-ntp                                                                                                                                                
-127   )
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-128   sysv-utils? (
-129     !sys-apps/openrc[sysv-utils(-)]
-130     !sys-apps/sysvinit
-131   )
-132   !sysv-utils? ( sys-apps/sysvinit )
-133   resolvconf? ( !net-dns/openresolv )
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-134   !sys-apps/hwids[udev]
-135   !sys-auth/nss-myhostname
-136   !sys-fs/eudev
-137   !sys-fs/udev
-138 "
-139 
-140 # sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-141 PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
-142   >=sys-fs/udev-init-scripts-34                                                                                                                                           
-143   policykit? ( sys-auth/polkit )
-144   !vanilla? ( sys-apps/gentoo-systemd-integration )"
-145 
-146 BDEPEND="
-147   app-arch/xz-utils:0
-148   dev-util/gperf
-149 +-- 12 lines: >=dev-util/meson-0.46-------------------------------------------------------------------------------------------------------------------------------------------
-161   dev-libs/libxslt:0
-162   $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]')
-163   $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
-164 "
-165 
-166 python_check_deps() {
-167   python_has_version "dev-python/jinja[${PYTHON_USEDEP}]" &&                                                                                                              
-168   python_has_version "dev-python/lxml[${PYTHON_USEDEP}]"                                                                                                                  
-169 }
-170 
-171 QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
-172 QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
-173 
-174 pkg_pretend() {
-175   if [[ ${MERGE_TYPE} != buildonly ]]; then
-176     if use test && has pid-sandbox ${FEATURES}; then
-177       ewarn "Tests are known to fail with PID sandboxing enabled."
-178       ewarn "See https://bugs.gentoo.org/674458."
-179     fi
-180 
-181     local CONFIG_CHECK=" ~BINFMT_MISC ~BLK_DEV_BSG ~CGROUPS                                                                                                               
-182       ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE                                                                                                                     
-183       ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
-184       ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
-185       ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
-186       ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
-187       ~!SYSFS_DEPRECATED_V2"
-188 
-189     use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
-190     use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-191 
-192     if kernel_is -ge 5 10 20; then                                                                                                                                        
-193       CONFIG_CHECK+=" ~KCMP"                                                                                                                                              
-194     else                                                                                                                                                                  
-195       CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
-196     fi                                                                                                                                                                    
-197                                                                                                                                                                           
-198     if kernel_is -ge 4 18; then                                                                                                                                           
-199       CONFIG_CHECK+=" ~AUTOFS_FS"                                                                                                                                         
-200     else
-201       CONFIG_CHECK+=" ~AUTOFS4_FS"                                                                                                                                        
-202     fi
-203 
-204     if linux_config_exists; then
-205       local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
-206       if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
-207         ewarn "It's recommended to set an empty value to the following kernel config option:"
-208 +-- 19 lines: ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"---------------------------------------------------------------------------------------------------------
-227 src_unpack() {
-228   default
-229   [[ ${PV} != 9999 ]] || git-r3_src_unpack
-230 }
-231 
-232 src_prepare() {
-233   local PATCHES=(                                                                                                                                                         
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-234   )
-235 
-236   if ! use vanilla; then
-237     PATCHES+=(
-238       "${FILESDIR}/gentoo-generator-path-r2.patch"
-239       "${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
-240       "${FILESDIR}/gentoo-journald-audit.patch"
-241     )
-242   fi
-243 
-244   # Fails with split-usr.                                                                                                                                                 
-245   sed -i -e '2i exit 77' test/test-rpm-macros.sh || die                                                                                                                   
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-246 
-247   default
-248 }
-249 
-250 src_configure() {
-251   # Prevent conflicts with i686 cross toolchain, bug 559726
-252   tc-export AR CC NM OBJCOPY RANLIB
-253 
-254   # Broken with FORTIFY_SOURCE=3: bug #841770.                                                                                                                            
-255   #                                                                                                                                                                       
-256   # Our toolchain sets F_S=2 by default w/ >= -O2, so we need                                                                                                             
-257   # to unset F_S first, then explicitly set 2, to negate any default                                                                                                      
-258   # and anything set by the user if they're choosing 3 (or if they've                                                                                                     
-259   # modified GCC to set 3).                                                                                                                                               
-260   #                                                                                                                                                                       
-261   if is-flagq '-O[23]' || is-flagq '-Ofast' ; then                                                                                                                        
-262     # We can't unconditionally do this b/c we fortify needs                                                                                                               
-263     # some level of optimisation.                                                                                                                                         
-264     filter-flags -D_FORTIFY_SOURCE=3                                                                                                                                      
-265     append-cppflags -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2                                                                                                                 
-266   fi                                                                                                                                                                      
-267                                                                                                                                                                           
-268   python_setup
-269 
-270   multilib-minimal_src_configure
-271 }
-272 
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-273 multilib_src_configure() {
-274   local myconf=(
-275     --localstatedir="${EPREFIX}/var"
-276     -Dsupport-url="https://gentoo.org/support/"                                                                                                                           
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-277     -Dpamlibdir="$(getpam_mod_dir)"
-278     # avoid bash-completion dep
-279     -Dbashcompletiondir="$(get_bashcompdir)"
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-280     $(meson_use split-usr)
-281     $(meson_use split-usr split-bin)                                                                                                                                      
-282     -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"                                                                                                     
-283     -Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
-284     # Avoid infinite exec recursion, bug 642724
-285     -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
-286     # no deps
-287     -Dima=true
-288     -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
-289 +-- 18 lines: Optional components/dependencies--------------------------------------------------------------------------------------------------------------------------------
-307     $(meson_native_use_bool importd bzip2)
-308     $(meson_native_use_bool importd zlib)
-309     $(meson_native_use_bool kmod)
-310     $(meson_use lz4)
-311     $(meson_use lzma xz)
-312     $(meson_use zstd)
-313     $(meson_native_use_bool iptables libiptc)                                                                                                                             
-314     $(meson_native_use_bool openssl)
-315     $(meson_use pam)
-316     $(meson_native_use_bool pkcs11 p11kit)
-317     $(meson_native_use_bool pcre pcre2)
-318     $(meson_native_use_bool policykit polkit)
-319     $(meson_native_use_bool pwquality)
-320     $(meson_native_use_bool qrcode qrencode)
-321     $(meson_native_use_bool seccomp)
-322     $(meson_native_use_bool selinux)
-323     $(meson_native_use_bool tpm tpm2)
-324     $(meson_native_use_bool test dbus)
-325     $(meson_native_use_bool xkb xkbcommon)
-326     -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"                                                               
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-327     # Breaks screen, tmux, etc.
-328     -Ddefault-kill-user-processes=false
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-329     -Dcreate-log-dirs=false
-330 
-331     # multilib options
-332     $(meson_native_true backlight)
-333     $(meson_native_true binfmt)
-334     $(meson_native_true coredump)
-335 +-- 10 lines: $(meson_native_true environment-d)------------------------------------------------------------------------------------------------------------------------------
-345     $(meson_native_true rfkill)
-346     $(meson_native_true sysusers)
-347     $(meson_native_true timedated)
-348     $(meson_native_true timesyncd)
-349     $(meson_native_true tmpfiles)
-350     $(meson_native_true vconsole)
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-351   )
-352 
-353   meson_src_configure "${myconf[@]}"
-354 }
-355 
-356 multilib_src_test() {
-357   unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
-358   meson_src_test
-359 }
-360 
-361 multilib_src_install_all() {
-362   local rootprefix=$(usex split-usr '' /usr)
-363   local sbin=$(usex split-usr sbin bin)                                                                                                                                   
-364 
-365   # meson doesn't know about docdir
-366   mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
-367 
-368   einstalldocs
-369   dodoc "${FILESDIR}"/nsswitch.conf                                                                                                                                       
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-370 
-371   if ! use resolvconf; then
-372     rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die                                                                                                                  
-373   fi
-374 
-375   rm "${ED}"/etc/init.d/README || die
-376   rm "${ED}${rootprefix}"/lib/systemd/system-generators/systemd-sysv-generator || die
-377 
-378   if ! use sysv-utils; then
-379     rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die                                                                          
-380     rm "${ED}"/usr/share/man/man1/init.1 || die
-381     rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
-382   fi
-383 
-384   if ! use resolvconf && ! use sysv-utils && use split-usr; then                                                                                                          
-385     rmdir "${ED}${rootprefix}"/sbin || die
-386   fi
-387 
-388   # https://bugs.gentoo.org/761763
-389   rm -r "${ED}"/usr/lib/sysusers.d || die
-390 
-391   # Preserve empty dirs in /etc & /var, bug #437008                                                                                                                       
-392   keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}                                                                                                                       
-393   keepdir /etc/kernel/install.d                                                                                                                                           
-394   keepdir /etc/systemd/{network,system,user}                                                                                                                              
-395   keepdir /etc/udev/rules.d                                                                                                                                               
-396                                                                                                                                                                           
-397   keepdir /etc/udev/hwdb.d                                                                                                                                                
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-398 
-399   keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}                                                                                                      
-400   keepdir /usr/lib/{binfmt.d,modules-load.d}                                                                                                                              
-401   keepdir /usr/lib/systemd/user-generators                                                                                                                                
-402   keepdir /var/lib/systemd                                                                                                                                                
-403   keepdir /var/log/journal                                                                                                                                                
-404 
-405   # Symlink /etc/sysctl.conf for easy migration.                                                                                                                          
-406   dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf                                                                                                         
-407                                                                                                                                                                           
-408   if use pam; then                                                                                                                                                        
-409     newpamd "${FILESDIR}"/systemd-user.pam systemd-user                                                                                                                   
-410   fi                                                                                                                                                                      
-411 
-412   if use split-usr; then
-413     # Avoid breaking boot/reboot
-414     dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
-415     dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
-416   fi
-417 
-418   gen_usr_ldscript -a systemd udev                                                                                                                                        
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-419 }
-420 
-421 migrate_locale() {
-422   local envd_locale_def="${EROOT}/etc/env.d/02locale"
-423   local envd_locale=( "${EROOT}"/etc/env.d/??locale )
-424   local locale_conf="${EROOT}/etc/locale.conf"
-425 +-- 37 lines: if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then-------------------------------------------------------------------------------------------------------
-462   fi
-463 }
-464 
-465 pkg_preinst() {
-466   if ! use split-usr; then
-467     local dir
-468     for dir in bin sbin lib usr/sbin; do                                                                                                                                  
-469       if [[ ! -L ${EROOT}/${dir} ]]; then                                                                                                                                 
-470         eerror "'${EROOT}/${dir}' is not a symbolic link."                                                                                                                
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-471         FAIL=1
-472       fi
-473     done
-474     if [[ ${FAIL} ]]; then
-475       eerror "Migration to system layout with merged directories must be performed before"
-476       eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."                                                                           
-477       die "System layout with split directories still used"
-478     fi
-479   fi
-480 }
-481 
-482 pkg_postinst() {
-483 +--  6 lines: systemd_update_catalog------------------------------------------------------------------------------------------------------------------------------------------
-489   udev_reload || FAIL=1
-490 
-491   # Bug 465468, make sure locales are respected, and ensure consistency
-492   # between OpenRC & systemd
-493   migrate_locale
-494 
-495   if [[ -z ${REPLACING_VERSIONS} ]]; then                                                                                                                                 
-496     if type systemctl &>/dev/null; then                                                                                                                                   
-497       systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1                                                                                      
-498     fi                                                                                                                                                                    
-499     elog "To enable a useful set of services, run the following:"                                                                                                         
-500     elog "  systemctl preset-all --preset-mode=enable-only"                                                                                                               
-501   fi                                                                                                                                                                      
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-502 
-503   if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
-504     rm "${EROOT}/var/lib/systemd/timesync"
-505   fi
-506 
-507   if [[ ${FAIL} ]]; then
-508 +-- 13 lines: eerror "One of the postinst commands failed. Please check the postinst output"----------------------------------------------------------------------------------
-
- - - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-254.5-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-254.5-r2.ebuild deleted file mode 100644 index 94a29b1079..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-254.5-r2.ebuild +++ /dev/null @@ -1,539 +0,0 @@ -# Copyright 2011-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 -PYTHON_COMPAT=( python3_{10..12} ) - -# Avoid QA warnings -TMPFILES_OPTIONAL=1 -UDEV_OPTIONAL=1 - -QA_PKGCONFIG_VERSION=$(ver_cut 1) - -if [[ ${PV} == 9999 ]]; then - EGIT_REPO_URI="https://github.com/systemd/systemd.git" - inherit git-r3 -else - if [[ ${PV} == *.* ]]; then - MY_PN=systemd-stable - else - MY_PN=systemd - fi - MY_PV=${PV/_/-} - MY_P=${MY_PN}-${MY_PV} - S=${WORKDIR}/${MY_P} - SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" -fi - -inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1 -inherit secureboot systemd toolchain-funcs udev usr-ldscript - -DESCRIPTION="System and service manager for Linux" -HOMEPAGE="http://systemd.io/" - -LICENSE="GPL-2 LGPL-2.1 MIT public-domain" -SLOT="0/2" -IUSE=" - acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils - fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod - +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode - +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd -" -REQUIRED_USE=" - ${PYTHON_REQUIRED_USE} - dns-over-tls? ( || ( gnutls openssl ) ) - fido2? ( cryptsetup openssl ) - homed? ( cryptsetup pam openssl ) - importd? ( curl lzma || ( gcrypt openssl ) ) - pwquality? ( homed ) - boot? ( kernel-install ) - ukify? ( boot ) -" -RESTRICT="!test? ( test )" - -MINKV="4.15" - -COMMON_DEPEND=" - >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] - sys-libs/libcap:0=[${MULTILIB_USEDEP}] - virtual/libcrypt:=[${MULTILIB_USEDEP}] - acl? ( sys-apps/acl:0= ) - apparmor? ( sys-libs/libapparmor:0= ) - audit? ( >=sys-process/audit-2:0= ) - cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) - curl? ( net-misc/curl:0= ) - elfutils? ( >=dev-libs/elfutils-0.158:0= ) - fido2? ( dev-libs/libfido2:0= ) - gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) - gnutls? ( >=net-libs/gnutls-3.6.0:0= ) - http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) - idn? ( net-dns/libidn2:= ) - importd? ( - app-arch/bzip2:0= - sys-libs/zlib:0= - ) - kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - iptables? ( net-firewall/iptables:0= ) - openssl? ( >=dev-libs/openssl-1.1.0:0= ) - pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) - pkcs11? ( app-crypt/p11-kit:0= ) - pcre? ( dev-libs/libpcre2 ) - pwquality? ( dev-libs/libpwquality:0= ) - qrcode? ( media-gfx/qrencode:0= ) - seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) - selinux? ( sys-libs/libselinux:0= ) - tpm? ( app-crypt/tpm2-tss:0= ) - xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) - zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) -" - -# Newer linux-headers needed by ia64, bug #480218 -DEPEND="${COMMON_DEPEND} - >=sys-kernel/linux-headers-${MINKV} -" - -PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' - -# baselayout-2.2 has /run -RDEPEND="${COMMON_DEPEND} - >=acct-group/adm-0-r1 - >=acct-group/wheel-0-r1 - >=acct-group/kmem-0-r1 - >=acct-group/tty-0-r1 - >=acct-group/utmp-0-r1 - >=acct-group/audio-0-r1 - >=acct-group/cdrom-0-r1 - >=acct-group/dialout-0-r1 - >=acct-group/disk-0-r1 - >=acct-group/input-0-r1 - >=acct-group/kvm-0-r1 - >=acct-group/lp-0-r1 - >=acct-group/render-0-r1 - acct-group/sgx - >=acct-group/tape-0-r1 - acct-group/users - >=acct-group/video-0-r1 - >=acct-group/systemd-journal-0-r1 - >=acct-user/root-0-r1 - acct-user/nobody - >=acct-user/systemd-journal-remote-0-r1 - >=acct-user/systemd-coredump-0-r1 - >=acct-user/systemd-network-0-r1 - acct-user/systemd-oom - >=acct-user/systemd-resolve-0-r1 - >=acct-user/systemd-timesync-0-r1 - >=sys-apps/baselayout-2.2 - ukify? ( - ${PYTHON_DEPS} - $(python_gen_cond_dep "${PEFILE_DEPEND}") - ) - selinux? ( - sec-policy/selinux-base-policy[systemd] - sec-policy/selinux-ntp - ) - sysv-utils? ( - !sys-apps/openrc[sysv-utils(-)] - !sys-apps/sysvinit - ) - !sysv-utils? ( sys-apps/sysvinit ) - resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] - !sys-auth/nss-myhostname - !sys-fs/eudev - !sys-fs/udev -" - -# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -PDEPEND=">=sys-apps/dbus-1.9.8[systemd] - >=sys-fs/udev-init-scripts-34 - policykit? ( sys-auth/polkit ) - !vanilla? ( sys-apps/gentoo-systemd-integration )" - -BDEPEND=" - app-arch/xz-utils:0 - dev-util/gperf - >=dev-build/meson-0.46 - >=sys-apps/coreutils-8.16 - sys-devel/gettext - virtual/pkgconfig - test? ( - app-text/tree - dev-lang/perl - sys-apps/dbus - ) - app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0 - ${PYTHON_DEPS} - $(python_gen_cond_dep " - dev-python/jinja[\${PYTHON_USEDEP}] - dev-python/lxml[\${PYTHON_USEDEP}] - boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] ) - ukify? ( test? ( ${PEFILE_DEPEND} ) ) - ") -" - -QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" -QA_EXECSTACK="usr/lib/systemd/boot/efi/*" - -pkg_pretend() { - if [[ ${MERGE_TYPE} != buildonly ]]; then - if use test && has pid-sandbox ${FEATURES}; then - ewarn "Tests are known to fail with PID sandboxing enabled." - ewarn "See https://bugs.gentoo.org/674458." - fi - - local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS - ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE - ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS - ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS - ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH - ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED - ~!SYSFS_DEPRECATED_V2" - - use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" - use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" - - if kernel_is -ge 5 10 20; then - CONFIG_CHECK+=" ~KCMP" - else - CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" - fi - - if kernel_is -ge 4 18; then - CONFIG_CHECK+=" ~AUTOFS_FS" - else - CONFIG_CHECK+=" ~AUTOFS4_FS" - fi - - if linux_config_exists; then - local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) - if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then - ewarn "It's recommended to set an empty value to the following kernel config option:" - ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" - fi - if linux_chkconfig_present X86; then - CONFIG_CHECK+=" ~DMIID" - fi - fi - - if kernel_is -lt ${MINKV//./ }; then - ewarn "Kernel version at least ${MINKV} required" - fi - - check_extra_config - fi -} - -pkg_setup() { - use boot && secureboot_pkg_setup -} - -src_unpack() { - default - [[ ${PV} != 9999 ]] || git-r3_src_unpack -} - -src_prepare() { - local PATCHES=( - "${FILESDIR}/systemd-253-initrd-generators.patch" - ) - - if ! use vanilla; then - PATCHES+=( - "${FILESDIR}/gentoo-generator-path-r2.patch" - "${FILESDIR}/gentoo-journald-audit-r1.patch" - ) - fi - - # Fails with split-usr. - sed -i -e '2i exit 77' test/test-rpm-macros.sh || die - - default -} - -src_configure() { - # Prevent conflicts with i686 cross toolchain, bug 559726 - tc-export AR CC NM OBJCOPY RANLIB - - python_setup - - multilib-minimal_src_configure -} - -multilib_src_configure() { - local myconf=( - --localstatedir="${EPREFIX}/var" - -Dsupport-url="https://gentoo.org/support/" - -Dpamlibdir="$(getpam_mod_dir)" - # avoid bash-completion dep - -Dbashcompletiondir="$(get_bashcompdir)" - $(meson_use split-usr) - $(meson_use split-usr split-bin) - -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" - -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" - # Disable compatibility with sysvinit - -Dsysvinit-path= - -Dsysvrcnd-path= - # Avoid infinite exec recursion, bug 642724 - -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" - # no deps - -Dima=true - -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) - # Optional components/dependencies - $(meson_native_use_bool acl) - $(meson_native_use_bool apparmor) - $(meson_native_use_bool audit) - $(meson_native_use_bool boot bootloader) - $(meson_native_use_bool cryptsetup libcryptsetup) - $(meson_native_use_bool curl libcurl) - $(meson_native_use_bool dns-over-tls dns-over-tls) - $(meson_native_use_bool elfutils) - $(meson_native_use_bool fido2 libfido2) - $(meson_use gcrypt) - $(meson_native_use_bool gnutls) - $(meson_native_use_bool homed) - $(meson_native_use_bool http microhttpd) - $(meson_native_use_bool idn) - $(meson_native_use_bool importd) - $(meson_native_use_bool importd bzip2) - $(meson_native_use_bool importd zlib) - $(meson_native_use_bool kernel-install) - $(meson_native_use_bool kmod) - $(meson_use lz4) - $(meson_use lzma xz) - $(meson_use test tests) - $(meson_use zstd) - $(meson_native_use_bool iptables libiptc) - $(meson_native_use_bool openssl) - $(meson_use pam) - $(meson_native_use_bool pkcs11 p11kit) - $(meson_native_use_bool pcre pcre2) - $(meson_native_use_bool policykit polkit) - $(meson_native_use_bool pwquality) - $(meson_native_use_bool qrcode qrencode) - $(meson_native_use_bool seccomp) - $(meson_native_use_bool selinux) - $(meson_native_use_bool tpm tpm2) - $(meson_native_use_bool test dbus) - $(meson_native_use_bool ukify) - $(meson_native_use_bool xkb xkbcommon) - -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" - # Breaks screen, tmux, etc. - -Ddefault-kill-user-processes=false - -Dcreate-log-dirs=false - - # multilib options - $(meson_native_true backlight) - $(meson_native_true binfmt) - $(meson_native_true coredump) - $(meson_native_true environment-d) - $(meson_native_true firstboot) - $(meson_native_true hibernate) - $(meson_native_true hostnamed) - $(meson_native_true ldconfig) - $(meson_native_true localed) - $(meson_native_true man) - $(meson_native_true networkd) - $(meson_native_true quotacheck) - $(meson_native_true randomseed) - $(meson_native_true rfkill) - $(meson_native_true sysusers) - $(meson_native_true timedated) - $(meson_native_true timesyncd) - $(meson_native_true tmpfiles) - $(meson_native_true vconsole) - ) - - meson_src_configure "${myconf[@]}" -} - -multilib_src_test() { - unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR - local -x COLUMNS=80 - meson_src_test -} - -multilib_src_install_all() { - local rootprefix=$(usex split-usr '' /usr) - local sbin=$(usex split-usr sbin bin) - - # meson doesn't know about docdir - mv "${ED}"/usr/share/doc/{systemd,${PF}} || die - - einstalldocs - dodoc "${FILESDIR}"/nsswitch.conf - - insinto /usr/lib/tmpfiles.d - doins "${FILESDIR}"/legacy.conf - - if ! use resolvconf; then - rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die - fi - - if ! use sysv-utils; then - rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die - rm "${ED}"/usr/share/man/man1/init.1 || die - rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die - fi - - # https://bugs.gentoo.org/761763 - rm -r "${ED}"/usr/lib/sysusers.d || die - - # Preserve empty dirs in /etc & /var, bug #437008 - keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} - keepdir /etc/kernel/install.d - keepdir /etc/systemd/{network,system,user} - keepdir /etc/udev/rules.d - - keepdir /etc/udev/hwdb.d - - keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} - keepdir /usr/lib/{binfmt.d,modules-load.d} - keepdir /usr/lib/systemd/user-generators - keepdir /var/lib/systemd - keepdir /var/log/journal - - if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user - fi - - if use split-usr; then - # Avoid breaking boot/reboot - dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd - dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown - fi - - gen_usr_ldscript -a systemd udev - - if use kernel-install; then - # Dummy config, remove to make room for sys-kernel/installkernel - rm "${ED}/usr/lib/kernel/install.conf" || die - fi - - use ukify && python_fix_shebang "${ED}" - use boot && secureboot_auto_sign -} - -migrate_locale() { - local envd_locale_def="${EROOT}/etc/env.d/02locale" - local envd_locale=( "${EROOT}"/etc/env.d/??locale ) - local locale_conf="${EROOT}/etc/locale.conf" - - if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then - # If locale.conf does not exist... - if [[ -e ${envd_locale} ]]; then - # ...either copy env.d/??locale if there's one - ebegin "Moving ${envd_locale} to ${locale_conf}" - mv "${envd_locale}" "${locale_conf}" - eend ${?} || FAIL=1 - else - # ...or create a dummy default - ebegin "Creating ${locale_conf}" - cat > "${locale_conf}" <<-EOF - # This file has been created by the sys-apps/systemd ebuild. - # See locale.conf(5) and localectl(1). - - # LANG=${LANG} - EOF - eend ${?} || FAIL=1 - fi - fi - - if [[ ! -L ${envd_locale} ]]; then - # now, if env.d/??locale is not a symlink (to locale.conf)... - if [[ -e ${envd_locale} ]]; then - # ...warn the user that he has duplicate locale settings - ewarn - ewarn "To ensure consistent behavior, you should replace ${envd_locale}" - ewarn "with a symlink to ${locale_conf}. Please migrate your settings" - ewarn "and create the symlink with the following command:" - ewarn "ln -s -n -f ../locale.conf ${envd_locale}" - ewarn - else - # ...or just create the symlink if there's nothing here - ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" - ln -n -s ../locale.conf "${envd_locale_def}" - eend ${?} || FAIL=1 - fi - fi -} - -pkg_preinst() { - if [[ -e ${EROOT}/etc/sysctl.conf ]]; then - # Symlink /etc/sysctl.conf for easy migration. - dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf - fi - - if ! use split-usr; then - local dir - for dir in bin sbin lib usr/sbin; do - if [[ ! -L ${EROOT}/${dir} ]]; then - eerror "'${EROOT}/${dir}' is not a symbolic link." - FAIL=1 - fi - done - if [[ ${FAIL} ]]; then - eerror "Migration to system layout with merged directories must be performed before" - eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage." - die "System layout with split directories still used" - fi - fi - if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then - ewarn "The 'gnuefi' USE flag has been renamed to 'boot'." - ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot." - fi -} - -pkg_postinst() { - systemd_update_catalog - - # Keep this here in case the database format changes so it gets updated - # when required. - systemd-hwdb --root="${ROOT}" update - - udev_reload || FAIL=1 - - # Bug 465468, make sure locales are respected, and ensure consistency - # between OpenRC & systemd - migrate_locale - - if [[ -z ${REPLACING_VERSIONS} ]]; then - if type systemctl &>/dev/null; then - systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 - fi - elog "To enable a useful set of services, run the following:" - elog " systemctl preset-all --preset-mode=enable-only" - fi - - if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then - rm "${EROOT}/var/lib/systemd/timesync" - fi - - if [[ ${FAIL} ]]; then - eerror "One of the postinst commands failed. Please check the postinst output" - eerror "for errors. You may need to clean up your system and/or try installing" - eerror "systemd again." - eerror - fi - - if use boot; then - optfeature "automatically installing the kernels in systemd-boot's native layout and updating the bootloader configuration" \ - "sys-kernel/installkernel[systemd-boot]" - fi - if use ukify; then - optfeature "automatically generating an unified kernel image on each kernel installation" \ - "sys-kernel/installkernel[ukify]" - fi -} - -pkg_prerm() { - # If removing systemd completely, remove the catalog database. - if [[ ! ${REPLACED_BY_VERSION} ]]; then - rm -f -v "${EROOT}"/var/lib/systemd/catalog/database - fi -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-254.7-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-254.7-r1.ebuild deleted file mode 100644 index a3b0cb5166..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-254.7-r1.ebuild +++ /dev/null @@ -1,539 +0,0 @@ -# Copyright 2011-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 -PYTHON_COMPAT=( python3_{10..12} ) - -# Avoid QA warnings -TMPFILES_OPTIONAL=1 -UDEV_OPTIONAL=1 - -QA_PKGCONFIG_VERSION=$(ver_cut 1) - -if [[ ${PV} == 9999 ]]; then - EGIT_REPO_URI="https://github.com/systemd/systemd.git" - inherit git-r3 -else - if [[ ${PV} == *.* ]]; then - MY_PN=systemd-stable - else - MY_PN=systemd - fi - MY_PV=${PV/_/-} - MY_P=${MY_PN}-${MY_PV} - S=${WORKDIR}/${MY_P} - SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" - KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" -fi - -inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1 -inherit secureboot systemd toolchain-funcs udev usr-ldscript - -DESCRIPTION="System and service manager for Linux" -HOMEPAGE="http://systemd.io/" - -LICENSE="GPL-2 LGPL-2.1 MIT public-domain" -SLOT="0/2" -IUSE=" - acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils - fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod - +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode - +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd -" -REQUIRED_USE=" - ${PYTHON_REQUIRED_USE} - dns-over-tls? ( || ( gnutls openssl ) ) - fido2? ( cryptsetup openssl ) - homed? ( cryptsetup pam openssl ) - importd? ( curl lzma || ( gcrypt openssl ) ) - pwquality? ( homed ) - boot? ( kernel-install ) - ukify? ( boot ) -" -RESTRICT="!test? ( test )" - -MINKV="4.15" - -COMMON_DEPEND=" - >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] - sys-libs/libcap:0=[${MULTILIB_USEDEP}] - virtual/libcrypt:=[${MULTILIB_USEDEP}] - acl? ( sys-apps/acl:0= ) - apparmor? ( sys-libs/libapparmor:0= ) - audit? ( >=sys-process/audit-2:0= ) - cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) - curl? ( net-misc/curl:0= ) - elfutils? ( >=dev-libs/elfutils-0.158:0= ) - fido2? ( dev-libs/libfido2:0= ) - gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) - gnutls? ( >=net-libs/gnutls-3.6.0:0= ) - http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) - idn? ( net-dns/libidn2:= ) - importd? ( - app-arch/bzip2:0= - sys-libs/zlib:0= - ) - kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - iptables? ( net-firewall/iptables:0= ) - openssl? ( >=dev-libs/openssl-1.1.0:0= ) - pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) - pkcs11? ( app-crypt/p11-kit:0= ) - pcre? ( dev-libs/libpcre2 ) - pwquality? ( dev-libs/libpwquality:0= ) - qrcode? ( media-gfx/qrencode:0= ) - seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) - selinux? ( sys-libs/libselinux:0= ) - tpm? ( app-crypt/tpm2-tss:0= ) - xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) - zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) -" - -# Newer linux-headers needed by ia64, bug #480218 -DEPEND="${COMMON_DEPEND} - >=sys-kernel/linux-headers-${MINKV} -" - -PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' - -# baselayout-2.2 has /run -RDEPEND="${COMMON_DEPEND} - >=acct-group/adm-0-r1 - >=acct-group/wheel-0-r1 - >=acct-group/kmem-0-r1 - >=acct-group/tty-0-r1 - >=acct-group/utmp-0-r1 - >=acct-group/audio-0-r1 - >=acct-group/cdrom-0-r1 - >=acct-group/dialout-0-r1 - >=acct-group/disk-0-r1 - >=acct-group/input-0-r1 - >=acct-group/kvm-0-r1 - >=acct-group/lp-0-r1 - >=acct-group/render-0-r1 - acct-group/sgx - >=acct-group/tape-0-r1 - acct-group/users - >=acct-group/video-0-r1 - >=acct-group/systemd-journal-0-r1 - >=acct-user/root-0-r1 - acct-user/nobody - >=acct-user/systemd-journal-remote-0-r1 - >=acct-user/systemd-coredump-0-r1 - >=acct-user/systemd-network-0-r1 - acct-user/systemd-oom - >=acct-user/systemd-resolve-0-r1 - >=acct-user/systemd-timesync-0-r1 - >=sys-apps/baselayout-2.2 - ukify? ( - ${PYTHON_DEPS} - $(python_gen_cond_dep "${PEFILE_DEPEND}") - ) - selinux? ( - sec-policy/selinux-base-policy[systemd] - sec-policy/selinux-ntp - ) - sysv-utils? ( - !sys-apps/openrc[sysv-utils(-)] - !sys-apps/sysvinit - ) - !sysv-utils? ( sys-apps/sysvinit ) - resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] - !sys-auth/nss-myhostname - !sys-fs/eudev - !sys-fs/udev -" - -# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -PDEPEND=">=sys-apps/dbus-1.9.8[systemd] - >=sys-fs/udev-init-scripts-34 - policykit? ( sys-auth/polkit ) - !vanilla? ( sys-apps/gentoo-systemd-integration )" - -BDEPEND=" - app-arch/xz-utils:0 - dev-util/gperf - >=dev-build/meson-0.46 - >=sys-apps/coreutils-8.16 - sys-devel/gettext - virtual/pkgconfig - test? ( - app-text/tree - dev-lang/perl - sys-apps/dbus - ) - app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0 - ${PYTHON_DEPS} - $(python_gen_cond_dep " - dev-python/jinja[\${PYTHON_USEDEP}] - dev-python/lxml[\${PYTHON_USEDEP}] - boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] ) - ukify? ( test? ( ${PEFILE_DEPEND} ) ) - ") -" - -QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" -QA_EXECSTACK="usr/lib/systemd/boot/efi/*" - -pkg_pretend() { - if [[ ${MERGE_TYPE} != buildonly ]]; then - if use test && has pid-sandbox ${FEATURES}; then - ewarn "Tests are known to fail with PID sandboxing enabled." - ewarn "See https://bugs.gentoo.org/674458." - fi - - local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS - ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE - ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS - ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS - ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH - ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED - ~!SYSFS_DEPRECATED_V2" - - use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" - use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" - - if kernel_is -ge 5 10 20; then - CONFIG_CHECK+=" ~KCMP" - else - CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" - fi - - if kernel_is -ge 4 18; then - CONFIG_CHECK+=" ~AUTOFS_FS" - else - CONFIG_CHECK+=" ~AUTOFS4_FS" - fi - - if linux_config_exists; then - local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) - if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then - ewarn "It's recommended to set an empty value to the following kernel config option:" - ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" - fi - if linux_chkconfig_present X86; then - CONFIG_CHECK+=" ~DMIID" - fi - fi - - if kernel_is -lt ${MINKV//./ }; then - ewarn "Kernel version at least ${MINKV} required" - fi - - check_extra_config - fi -} - -pkg_setup() { - use boot && secureboot_pkg_setup -} - -src_unpack() { - default - [[ ${PV} != 9999 ]] || git-r3_src_unpack -} - -src_prepare() { - local PATCHES=( - "${FILESDIR}/systemd-253-initrd-generators.patch" - ) - - if ! use vanilla; then - PATCHES+=( - "${FILESDIR}/gentoo-generator-path-r2.patch" - "${FILESDIR}/gentoo-journald-audit-r1.patch" - ) - fi - - # Fails with split-usr. - sed -i -e '2i exit 77' test/test-rpm-macros.sh || die - - default -} - -src_configure() { - # Prevent conflicts with i686 cross toolchain, bug 559726 - tc-export AR CC NM OBJCOPY RANLIB - - python_setup - - multilib-minimal_src_configure -} - -multilib_src_configure() { - local myconf=( - --localstatedir="${EPREFIX}/var" - -Dsupport-url="https://gentoo.org/support/" - -Dpamlibdir="$(getpam_mod_dir)" - # avoid bash-completion dep - -Dbashcompletiondir="$(get_bashcompdir)" - $(meson_use split-usr) - $(meson_use split-usr split-bin) - -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" - -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" - # Disable compatibility with sysvinit - -Dsysvinit-path= - -Dsysvrcnd-path= - # Avoid infinite exec recursion, bug 642724 - -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" - # no deps - -Dima=true - -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) - # Optional components/dependencies - $(meson_native_use_bool acl) - $(meson_native_use_bool apparmor) - $(meson_native_use_bool audit) - $(meson_native_use_bool boot bootloader) - $(meson_native_use_bool cryptsetup libcryptsetup) - $(meson_native_use_bool curl libcurl) - $(meson_native_use_bool dns-over-tls dns-over-tls) - $(meson_native_use_bool elfutils) - $(meson_native_use_bool fido2 libfido2) - $(meson_use gcrypt) - $(meson_native_use_bool gnutls) - $(meson_native_use_bool homed) - $(meson_native_use_bool http microhttpd) - $(meson_native_use_bool idn) - $(meson_native_use_bool importd) - $(meson_native_use_bool importd bzip2) - $(meson_native_use_bool importd zlib) - $(meson_native_use_bool kernel-install) - $(meson_native_use_bool kmod) - $(meson_use lz4) - $(meson_use lzma xz) - $(meson_use test tests) - $(meson_use zstd) - $(meson_native_use_bool iptables libiptc) - $(meson_native_use_bool openssl) - $(meson_use pam) - $(meson_native_use_bool pkcs11 p11kit) - $(meson_native_use_bool pcre pcre2) - $(meson_native_use_bool policykit polkit) - $(meson_native_use_bool pwquality) - $(meson_native_use_bool qrcode qrencode) - $(meson_native_use_bool seccomp) - $(meson_native_use_bool selinux) - $(meson_native_use_bool tpm tpm2) - $(meson_native_use_bool test dbus) - $(meson_native_use_bool ukify) - $(meson_native_use_bool xkb xkbcommon) - -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" - # Breaks screen, tmux, etc. - -Ddefault-kill-user-processes=false - -Dcreate-log-dirs=false - - # multilib options - $(meson_native_true backlight) - $(meson_native_true binfmt) - $(meson_native_true coredump) - $(meson_native_true environment-d) - $(meson_native_true firstboot) - $(meson_native_true hibernate) - $(meson_native_true hostnamed) - $(meson_native_true ldconfig) - $(meson_native_true localed) - $(meson_native_true man) - $(meson_native_true networkd) - $(meson_native_true quotacheck) - $(meson_native_true randomseed) - $(meson_native_true rfkill) - $(meson_native_true sysusers) - $(meson_native_true timedated) - $(meson_native_true timesyncd) - $(meson_native_true tmpfiles) - $(meson_native_true vconsole) - ) - - meson_src_configure "${myconf[@]}" -} - -multilib_src_test() { - unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR - local -x COLUMNS=80 - meson_src_test -} - -multilib_src_install_all() { - local rootprefix=$(usex split-usr '' /usr) - local sbin=$(usex split-usr sbin bin) - - # meson doesn't know about docdir - mv "${ED}"/usr/share/doc/{systemd,${PF}} || die - - einstalldocs - dodoc "${FILESDIR}"/nsswitch.conf - - insinto /usr/lib/tmpfiles.d - doins "${FILESDIR}"/legacy.conf - - if ! use resolvconf; then - rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die - fi - - if ! use sysv-utils; then - rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die - rm "${ED}"/usr/share/man/man1/init.1 || die - rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die - fi - - # https://bugs.gentoo.org/761763 - rm -r "${ED}"/usr/lib/sysusers.d || die - - # Preserve empty dirs in /etc & /var, bug #437008 - keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} - keepdir /etc/kernel/install.d - keepdir /etc/systemd/{network,system,user} - keepdir /etc/udev/rules.d - - keepdir /etc/udev/hwdb.d - - keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} - keepdir /usr/lib/{binfmt.d,modules-load.d} - keepdir /usr/lib/systemd/user-generators - keepdir /var/lib/systemd - keepdir /var/log/journal - - if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user - fi - - if use split-usr; then - # Avoid breaking boot/reboot - dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd - dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown - fi - - gen_usr_ldscript -a systemd udev - - if use kernel-install; then - # Dummy config, remove to make room for sys-kernel/installkernel - rm "${ED}/usr/lib/kernel/install.conf" || die - fi - - use ukify && python_fix_shebang "${ED}" - use boot && secureboot_auto_sign -} - -migrate_locale() { - local envd_locale_def="${EROOT}/etc/env.d/02locale" - local envd_locale=( "${EROOT}"/etc/env.d/??locale ) - local locale_conf="${EROOT}/etc/locale.conf" - - if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then - # If locale.conf does not exist... - if [[ -e ${envd_locale} ]]; then - # ...either copy env.d/??locale if there's one - ebegin "Moving ${envd_locale} to ${locale_conf}" - mv "${envd_locale}" "${locale_conf}" - eend ${?} || FAIL=1 - else - # ...or create a dummy default - ebegin "Creating ${locale_conf}" - cat > "${locale_conf}" <<-EOF - # This file has been created by the sys-apps/systemd ebuild. - # See locale.conf(5) and localectl(1). - - # LANG=${LANG} - EOF - eend ${?} || FAIL=1 - fi - fi - - if [[ ! -L ${envd_locale} ]]; then - # now, if env.d/??locale is not a symlink (to locale.conf)... - if [[ -e ${envd_locale} ]]; then - # ...warn the user that he has duplicate locale settings - ewarn - ewarn "To ensure consistent behavior, you should replace ${envd_locale}" - ewarn "with a symlink to ${locale_conf}. Please migrate your settings" - ewarn "and create the symlink with the following command:" - ewarn "ln -s -n -f ../locale.conf ${envd_locale}" - ewarn - else - # ...or just create the symlink if there's nothing here - ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" - ln -n -s ../locale.conf "${envd_locale_def}" - eend ${?} || FAIL=1 - fi - fi -} - -pkg_preinst() { - if [[ -e ${EROOT}/etc/sysctl.conf ]]; then - # Symlink /etc/sysctl.conf for easy migration. - dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf - fi - - if ! use split-usr; then - local dir - for dir in bin sbin lib usr/sbin; do - if [[ ! -L ${EROOT}/${dir} ]]; then - eerror "'${EROOT}/${dir}' is not a symbolic link." - FAIL=1 - fi - done - if [[ ${FAIL} ]]; then - eerror "Migration to system layout with merged directories must be performed before" - eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage." - die "System layout with split directories still used" - fi - fi - if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then - ewarn "The 'gnuefi' USE flag has been renamed to 'boot'." - ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot." - fi -} - -pkg_postinst() { - systemd_update_catalog - - # Keep this here in case the database format changes so it gets updated - # when required. - systemd-hwdb --root="${ROOT}" update - - udev_reload || FAIL=1 - - # Bug 465468, make sure locales are respected, and ensure consistency - # between OpenRC & systemd - migrate_locale - - if [[ -z ${REPLACING_VERSIONS} ]]; then - if type systemctl &>/dev/null; then - systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 - fi - elog "To enable a useful set of services, run the following:" - elog " systemctl preset-all --preset-mode=enable-only" - fi - - if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then - rm "${EROOT}/var/lib/systemd/timesync" - fi - - if [[ ${FAIL} ]]; then - eerror "One of the postinst commands failed. Please check the postinst output" - eerror "for errors. You may need to clean up your system and/or try installing" - eerror "systemd again." - eerror - fi - - if use boot; then - optfeature "automatically installing the kernels in systemd-boot's native layout and updating the bootloader configuration" \ - "sys-kernel/installkernel[systemd-boot]" - fi - if use ukify; then - optfeature "automatically generating an unified kernel image on each kernel installation" \ - "sys-kernel/installkernel[ukify]" - fi -} - -pkg_prerm() { - # If removing systemd completely, remove the catalog database. - if [[ ! ${REPLACED_BY_VERSION} ]]; then - rm -f -v "${EROOT}"/var/lib/systemd/catalog/database - fi -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-254.8-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-254.8-r1.ebuild deleted file mode 100644 index 6546ff87b7..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-254.8-r1.ebuild +++ /dev/null @@ -1,540 +0,0 @@ -# Copyright 2011-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 -PYTHON_COMPAT=( python3_{10..12} ) - -# Avoid QA warnings -TMPFILES_OPTIONAL=1 -UDEV_OPTIONAL=1 - -QA_PKGCONFIG_VERSION=$(ver_cut 1) - -if [[ ${PV} == 9999 ]]; then - EGIT_REPO_URI="https://github.com/systemd/systemd.git" - inherit git-r3 -else - if [[ ${PV} == *.* ]]; then - MY_PN=systemd-stable - else - MY_PN=systemd - fi - MY_PV=${PV/_/-} - MY_P=${MY_PN}-${MY_PV} - S=${WORKDIR}/${MY_P} - SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" - KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" -fi - -inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1 -inherit secureboot systemd toolchain-funcs udev usr-ldscript - -DESCRIPTION="System and service manager for Linux" -HOMEPAGE="http://systemd.io/" - -LICENSE="GPL-2 LGPL-2.1 MIT public-domain" -SLOT="0/2" -IUSE=" - acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils - fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod - +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode - +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd -" -REQUIRED_USE=" - ${PYTHON_REQUIRED_USE} - dns-over-tls? ( || ( gnutls openssl ) ) - fido2? ( cryptsetup openssl ) - homed? ( cryptsetup pam openssl ) - importd? ( curl lzma || ( gcrypt openssl ) ) - pwquality? ( homed ) - boot? ( kernel-install ) - ukify? ( boot ) -" -RESTRICT="!test? ( test )" - -MINKV="4.15" - -COMMON_DEPEND=" - >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] - sys-libs/libcap:0=[${MULTILIB_USEDEP}] - virtual/libcrypt:=[${MULTILIB_USEDEP}] - acl? ( sys-apps/acl:0= ) - apparmor? ( sys-libs/libapparmor:0= ) - audit? ( >=sys-process/audit-2:0= ) - cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) - curl? ( net-misc/curl:0= ) - elfutils? ( >=dev-libs/elfutils-0.158:0= ) - fido2? ( dev-libs/libfido2:0= ) - gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) - gnutls? ( >=net-libs/gnutls-3.6.0:0= ) - http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) - idn? ( net-dns/libidn2:= ) - importd? ( - app-arch/bzip2:0= - sys-libs/zlib:0= - ) - kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - iptables? ( net-firewall/iptables:0= ) - openssl? ( >=dev-libs/openssl-1.1.0:0= ) - pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) - pkcs11? ( app-crypt/p11-kit:0= ) - pcre? ( dev-libs/libpcre2 ) - pwquality? ( dev-libs/libpwquality:0= ) - qrcode? ( media-gfx/qrencode:0= ) - seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) - selinux? ( sys-libs/libselinux:0= ) - tpm? ( app-crypt/tpm2-tss:0= ) - xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) - zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) -" - -# Newer linux-headers needed by ia64, bug #480218 -DEPEND="${COMMON_DEPEND} - >=sys-kernel/linux-headers-${MINKV} -" - -PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' - -# baselayout-2.2 has /run -RDEPEND="${COMMON_DEPEND} - >=acct-group/adm-0-r1 - >=acct-group/wheel-0-r1 - >=acct-group/kmem-0-r1 - >=acct-group/tty-0-r1 - >=acct-group/utmp-0-r1 - >=acct-group/audio-0-r1 - >=acct-group/cdrom-0-r1 - >=acct-group/dialout-0-r1 - >=acct-group/disk-0-r1 - >=acct-group/input-0-r1 - >=acct-group/kvm-0-r1 - >=acct-group/lp-0-r1 - >=acct-group/render-0-r1 - acct-group/sgx - >=acct-group/tape-0-r1 - acct-group/users - >=acct-group/video-0-r1 - >=acct-group/systemd-journal-0-r1 - >=acct-user/root-0-r1 - acct-user/nobody - >=acct-user/systemd-journal-remote-0-r1 - >=acct-user/systemd-coredump-0-r1 - >=acct-user/systemd-network-0-r1 - acct-user/systemd-oom - >=acct-user/systemd-resolve-0-r1 - >=acct-user/systemd-timesync-0-r1 - >=sys-apps/baselayout-2.2 - ukify? ( - ${PYTHON_DEPS} - $(python_gen_cond_dep "${PEFILE_DEPEND}") - ) - selinux? ( - sec-policy/selinux-base-policy[systemd] - sec-policy/selinux-ntp - ) - sysv-utils? ( - !sys-apps/openrc[sysv-utils(-)] - !sys-apps/sysvinit - ) - !sysv-utils? ( sys-apps/sysvinit ) - resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] - !sys-auth/nss-myhostname - !sys-fs/eudev - !sys-fs/udev -" - -# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -PDEPEND=">=sys-apps/dbus-1.9.8[systemd] - >=sys-fs/udev-init-scripts-34 - policykit? ( sys-auth/polkit ) - !vanilla? ( sys-apps/gentoo-systemd-integration )" - -BDEPEND=" - app-arch/xz-utils:0 - dev-util/gperf - >=dev-build/meson-0.46 - >=sys-apps/coreutils-8.16 - sys-devel/gettext - virtual/pkgconfig - test? ( - app-text/tree - dev-lang/perl - sys-apps/dbus - ) - app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0 - ${PYTHON_DEPS} - $(python_gen_cond_dep " - dev-python/jinja[\${PYTHON_USEDEP}] - dev-python/lxml[\${PYTHON_USEDEP}] - boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] ) - ukify? ( test? ( ${PEFILE_DEPEND} ) ) - ") -" - -QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" -QA_EXECSTACK="usr/lib/systemd/boot/efi/*" - -pkg_pretend() { - if [[ ${MERGE_TYPE} != buildonly ]]; then - if use test && has pid-sandbox ${FEATURES}; then - ewarn "Tests are known to fail with PID sandboxing enabled." - ewarn "See https://bugs.gentoo.org/674458." - fi - - local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS - ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE - ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS - ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS - ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH - ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED - ~!SYSFS_DEPRECATED_V2" - - use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" - use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" - - if kernel_is -ge 5 10 20; then - CONFIG_CHECK+=" ~KCMP" - else - CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" - fi - - if kernel_is -ge 4 18; then - CONFIG_CHECK+=" ~AUTOFS_FS" - else - CONFIG_CHECK+=" ~AUTOFS4_FS" - fi - - if linux_config_exists; then - local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) - if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then - ewarn "It's recommended to set an empty value to the following kernel config option:" - ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" - fi - if linux_chkconfig_present X86; then - CONFIG_CHECK+=" ~DMIID" - fi - fi - - if kernel_is -lt ${MINKV//./ }; then - ewarn "Kernel version at least ${MINKV} required" - fi - - check_extra_config - fi -} - -pkg_setup() { - use boot && secureboot_pkg_setup -} - -src_unpack() { - default - [[ ${PV} != 9999 ]] || git-r3_src_unpack -} - -src_prepare() { - local PATCHES=( - "${FILESDIR}/systemd-253-initrd-generators.patch" - "${FILESDIR}/254-PrivateDevices-userdbd.patch" - ) - - if ! use vanilla; then - PATCHES+=( - "${FILESDIR}/gentoo-generator-path-r2.patch" - "${FILESDIR}/gentoo-journald-audit-r1.patch" - ) - fi - - # Fails with split-usr. - sed -i -e '2i exit 77' test/test-rpm-macros.sh || die - - default -} - -src_configure() { - # Prevent conflicts with i686 cross toolchain, bug 559726 - tc-export AR CC NM OBJCOPY RANLIB - - python_setup - - multilib-minimal_src_configure -} - -multilib_src_configure() { - local myconf=( - --localstatedir="${EPREFIX}/var" - -Dsupport-url="https://gentoo.org/support/" - -Dpamlibdir="$(getpam_mod_dir)" - # avoid bash-completion dep - -Dbashcompletiondir="$(get_bashcompdir)" - $(meson_use split-usr) - $(meson_use split-usr split-bin) - -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" - -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" - # Disable compatibility with sysvinit - -Dsysvinit-path= - -Dsysvrcnd-path= - # Avoid infinite exec recursion, bug 642724 - -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" - # no deps - -Dima=true - -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) - # Optional components/dependencies - $(meson_native_use_bool acl) - $(meson_native_use_bool apparmor) - $(meson_native_use_bool audit) - $(meson_native_use_bool boot bootloader) - $(meson_native_use_bool cryptsetup libcryptsetup) - $(meson_native_use_bool curl libcurl) - $(meson_native_use_bool dns-over-tls dns-over-tls) - $(meson_native_use_bool elfutils) - $(meson_native_use_bool fido2 libfido2) - $(meson_use gcrypt) - $(meson_native_use_bool gnutls) - $(meson_native_use_bool homed) - $(meson_native_use_bool http microhttpd) - $(meson_native_use_bool idn) - $(meson_native_use_bool importd) - $(meson_native_use_bool importd bzip2) - $(meson_native_use_bool importd zlib) - $(meson_native_use_bool kernel-install) - $(meson_native_use_bool kmod) - $(meson_use lz4) - $(meson_use lzma xz) - $(meson_use test tests) - $(meson_use zstd) - $(meson_native_use_bool iptables libiptc) - $(meson_native_use_bool openssl) - $(meson_use pam) - $(meson_native_use_bool pkcs11 p11kit) - $(meson_native_use_bool pcre pcre2) - $(meson_native_use_bool policykit polkit) - $(meson_native_use_bool pwquality) - $(meson_native_use_bool qrcode qrencode) - $(meson_native_use_bool seccomp) - $(meson_native_use_bool selinux) - $(meson_native_use_bool tpm tpm2) - $(meson_native_use_bool test dbus) - $(meson_native_use_bool ukify) - $(meson_native_use_bool xkb xkbcommon) - -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" - # Breaks screen, tmux, etc. - -Ddefault-kill-user-processes=false - -Dcreate-log-dirs=false - - # multilib options - $(meson_native_true backlight) - $(meson_native_true binfmt) - $(meson_native_true coredump) - $(meson_native_true environment-d) - $(meson_native_true firstboot) - $(meson_native_true hibernate) - $(meson_native_true hostnamed) - $(meson_native_true ldconfig) - $(meson_native_true localed) - $(meson_native_true man) - $(meson_native_true networkd) - $(meson_native_true quotacheck) - $(meson_native_true randomseed) - $(meson_native_true rfkill) - $(meson_native_true sysusers) - $(meson_native_true timedated) - $(meson_native_true timesyncd) - $(meson_native_true tmpfiles) - $(meson_native_true vconsole) - ) - - meson_src_configure "${myconf[@]}" -} - -multilib_src_test() { - unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR - local -x COLUMNS=80 - meson_src_test -} - -multilib_src_install_all() { - local rootprefix=$(usex split-usr '' /usr) - local sbin=$(usex split-usr sbin bin) - - # meson doesn't know about docdir - mv "${ED}"/usr/share/doc/{systemd,${PF}} || die - - einstalldocs - dodoc "${FILESDIR}"/nsswitch.conf - - insinto /usr/lib/tmpfiles.d - doins "${FILESDIR}"/legacy.conf - - if ! use resolvconf; then - rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die - fi - - if ! use sysv-utils; then - rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die - rm "${ED}"/usr/share/man/man1/init.1 || die - rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die - fi - - # https://bugs.gentoo.org/761763 - rm -r "${ED}"/usr/lib/sysusers.d || die - - # Preserve empty dirs in /etc & /var, bug #437008 - keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} - keepdir /etc/kernel/install.d - keepdir /etc/systemd/{network,system,user} - keepdir /etc/udev/rules.d - - keepdir /etc/udev/hwdb.d - - keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} - keepdir /usr/lib/{binfmt.d,modules-load.d} - keepdir /usr/lib/systemd/user-generators - keepdir /var/lib/systemd - keepdir /var/log/journal - - if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user - fi - - if use split-usr; then - # Avoid breaking boot/reboot - dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd - dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown - fi - - gen_usr_ldscript -a systemd udev - - if use kernel-install; then - # Dummy config, remove to make room for sys-kernel/installkernel - rm "${ED}/usr/lib/kernel/install.conf" || die - fi - - use ukify && python_fix_shebang "${ED}" - use boot && secureboot_auto_sign -} - -migrate_locale() { - local envd_locale_def="${EROOT}/etc/env.d/02locale" - local envd_locale=( "${EROOT}"/etc/env.d/??locale ) - local locale_conf="${EROOT}/etc/locale.conf" - - if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then - # If locale.conf does not exist... - if [[ -e ${envd_locale} ]]; then - # ...either copy env.d/??locale if there's one - ebegin "Moving ${envd_locale} to ${locale_conf}" - mv "${envd_locale}" "${locale_conf}" - eend ${?} || FAIL=1 - else - # ...or create a dummy default - ebegin "Creating ${locale_conf}" - cat > "${locale_conf}" <<-EOF - # This file has been created by the sys-apps/systemd ebuild. - # See locale.conf(5) and localectl(1). - - # LANG=${LANG} - EOF - eend ${?} || FAIL=1 - fi - fi - - if [[ ! -L ${envd_locale} ]]; then - # now, if env.d/??locale is not a symlink (to locale.conf)... - if [[ -e ${envd_locale} ]]; then - # ...warn the user that he has duplicate locale settings - ewarn - ewarn "To ensure consistent behavior, you should replace ${envd_locale}" - ewarn "with a symlink to ${locale_conf}. Please migrate your settings" - ewarn "and create the symlink with the following command:" - ewarn "ln -s -n -f ../locale.conf ${envd_locale}" - ewarn - else - # ...or just create the symlink if there's nothing here - ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" - ln -n -s ../locale.conf "${envd_locale_def}" - eend ${?} || FAIL=1 - fi - fi -} - -pkg_preinst() { - if [[ -e ${EROOT}/etc/sysctl.conf ]]; then - # Symlink /etc/sysctl.conf for easy migration. - dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf - fi - - if ! use split-usr; then - local dir - for dir in bin sbin lib usr/sbin; do - if [[ ! -L ${EROOT}/${dir} ]]; then - eerror "'${EROOT}/${dir}' is not a symbolic link." - FAIL=1 - fi - done - if [[ ${FAIL} ]]; then - eerror "Migration to system layout with merged directories must be performed before" - eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage." - die "System layout with split directories still used" - fi - fi - if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then - ewarn "The 'gnuefi' USE flag has been renamed to 'boot'." - ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot." - fi -} - -pkg_postinst() { - systemd_update_catalog - - # Keep this here in case the database format changes so it gets updated - # when required. - systemd-hwdb --root="${ROOT}" update - - udev_reload || FAIL=1 - - # Bug 465468, make sure locales are respected, and ensure consistency - # between OpenRC & systemd - migrate_locale - - if [[ -z ${REPLACING_VERSIONS} ]]; then - if type systemctl &>/dev/null; then - systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 - fi - elog "To enable a useful set of services, run the following:" - elog " systemctl preset-all --preset-mode=enable-only" - fi - - if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then - rm "${EROOT}/var/lib/systemd/timesync" - fi - - if [[ ${FAIL} ]]; then - eerror "One of the postinst commands failed. Please check the postinst output" - eerror "for errors. You may need to clean up your system and/or try installing" - eerror "systemd again." - eerror - fi - - if use boot; then - optfeature "automatically installing the kernels in systemd-boot's native layout and updating the bootloader configuration" \ - "sys-kernel/installkernel[systemd-boot]" - fi - if use ukify; then - optfeature "automatically generating an unified kernel image on each kernel installation" \ - "sys-kernel/installkernel[ukify]" - fi -} - -pkg_prerm() { - # If removing systemd completely, remove the catalog database. - if [[ ! ${REPLACED_BY_VERSION} ]]; then - rm -f -v "${EROOT}"/var/lib/systemd/catalog/database - fi -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-254.9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-254.9.ebuild deleted file mode 100644 index c12a9240f8..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-254.9.ebuild +++ /dev/null @@ -1,540 +0,0 @@ -# Copyright 2011-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 -PYTHON_COMPAT=( python3_{10..12} ) - -# Avoid QA warnings -TMPFILES_OPTIONAL=1 -UDEV_OPTIONAL=1 - -QA_PKGCONFIG_VERSION=$(ver_cut 1) - -if [[ ${PV} == 9999 ]]; then - EGIT_REPO_URI="https://github.com/systemd/systemd.git" - inherit git-r3 -else - if [[ ${PV} == *.* ]]; then - MY_PN=systemd-stable - else - MY_PN=systemd - fi - MY_PV=${PV/_/-} - MY_P=${MY_PN}-${MY_PV} - S=${WORKDIR}/${MY_P} - SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" -fi - -inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1 -inherit secureboot systemd toolchain-funcs udev usr-ldscript - -DESCRIPTION="System and service manager for Linux" -HOMEPAGE="http://systemd.io/" - -LICENSE="GPL-2 LGPL-2.1 MIT public-domain" -SLOT="0/2" -IUSE=" - acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils - fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod - +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode - +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd -" -REQUIRED_USE=" - ${PYTHON_REQUIRED_USE} - dns-over-tls? ( || ( gnutls openssl ) ) - fido2? ( cryptsetup openssl ) - homed? ( cryptsetup pam openssl ) - importd? ( curl lzma || ( gcrypt openssl ) ) - pwquality? ( homed ) - boot? ( kernel-install ) - ukify? ( boot ) -" -RESTRICT="!test? ( test )" - -MINKV="4.15" - -COMMON_DEPEND=" - >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] - sys-libs/libcap:0=[${MULTILIB_USEDEP}] - virtual/libcrypt:=[${MULTILIB_USEDEP}] - acl? ( sys-apps/acl:0= ) - apparmor? ( sys-libs/libapparmor:0= ) - audit? ( >=sys-process/audit-2:0= ) - cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) - curl? ( net-misc/curl:0= ) - elfutils? ( >=dev-libs/elfutils-0.158:0= ) - fido2? ( dev-libs/libfido2:0= ) - gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) - gnutls? ( >=net-libs/gnutls-3.6.0:0= ) - http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) - idn? ( net-dns/libidn2:= ) - importd? ( - app-arch/bzip2:0= - sys-libs/zlib:0= - ) - kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - iptables? ( net-firewall/iptables:0= ) - openssl? ( >=dev-libs/openssl-1.1.0:0= ) - pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) - pkcs11? ( app-crypt/p11-kit:0= ) - pcre? ( dev-libs/libpcre2 ) - pwquality? ( dev-libs/libpwquality:0= ) - qrcode? ( media-gfx/qrencode:0= ) - seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) - selinux? ( sys-libs/libselinux:0= ) - tpm? ( app-crypt/tpm2-tss:0= ) - xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) - zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) -" - -# Newer linux-headers needed by ia64, bug #480218 -DEPEND="${COMMON_DEPEND} - >=sys-kernel/linux-headers-${MINKV} -" - -PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' - -# baselayout-2.2 has /run -RDEPEND="${COMMON_DEPEND} - >=acct-group/adm-0-r1 - >=acct-group/wheel-0-r1 - >=acct-group/kmem-0-r1 - >=acct-group/tty-0-r1 - >=acct-group/utmp-0-r1 - >=acct-group/audio-0-r1 - >=acct-group/cdrom-0-r1 - >=acct-group/dialout-0-r1 - >=acct-group/disk-0-r1 - >=acct-group/input-0-r1 - >=acct-group/kvm-0-r1 - >=acct-group/lp-0-r1 - >=acct-group/render-0-r1 - acct-group/sgx - >=acct-group/tape-0-r1 - acct-group/users - >=acct-group/video-0-r1 - >=acct-group/systemd-journal-0-r1 - >=acct-user/root-0-r1 - acct-user/nobody - >=acct-user/systemd-journal-remote-0-r1 - >=acct-user/systemd-coredump-0-r1 - >=acct-user/systemd-network-0-r1 - acct-user/systemd-oom - >=acct-user/systemd-resolve-0-r1 - >=acct-user/systemd-timesync-0-r1 - >=sys-apps/baselayout-2.2 - ukify? ( - ${PYTHON_DEPS} - $(python_gen_cond_dep "${PEFILE_DEPEND}") - ) - selinux? ( - sec-policy/selinux-base-policy[systemd] - sec-policy/selinux-ntp - ) - sysv-utils? ( - !sys-apps/openrc[sysv-utils(-)] - !sys-apps/sysvinit - ) - !sysv-utils? ( sys-apps/sysvinit ) - resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] - !sys-auth/nss-myhostname - !sys-fs/eudev - !sys-fs/udev -" - -# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -PDEPEND=">=sys-apps/dbus-1.9.8[systemd] - >=sys-fs/udev-init-scripts-34 - policykit? ( sys-auth/polkit ) - !vanilla? ( sys-apps/gentoo-systemd-integration )" - -BDEPEND=" - app-arch/xz-utils:0 - dev-util/gperf - >=dev-build/meson-0.46 - >=sys-apps/coreutils-8.16 - sys-devel/gettext - virtual/pkgconfig - test? ( - app-text/tree - dev-lang/perl - sys-apps/dbus - ) - app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0 - ${PYTHON_DEPS} - $(python_gen_cond_dep " - dev-python/jinja[\${PYTHON_USEDEP}] - dev-python/lxml[\${PYTHON_USEDEP}] - boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] ) - ukify? ( test? ( ${PEFILE_DEPEND} ) ) - ") -" - -QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" -QA_EXECSTACK="usr/lib/systemd/boot/efi/*" - -pkg_pretend() { - if [[ ${MERGE_TYPE} != buildonly ]]; then - if use test && has pid-sandbox ${FEATURES}; then - ewarn "Tests are known to fail with PID sandboxing enabled." - ewarn "See https://bugs.gentoo.org/674458." - fi - - local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS - ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE - ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS - ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS - ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH - ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED - ~!SYSFS_DEPRECATED_V2" - - use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" - use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" - - if kernel_is -ge 5 10 20; then - CONFIG_CHECK+=" ~KCMP" - else - CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" - fi - - if kernel_is -ge 4 18; then - CONFIG_CHECK+=" ~AUTOFS_FS" - else - CONFIG_CHECK+=" ~AUTOFS4_FS" - fi - - if linux_config_exists; then - local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) - if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then - ewarn "It's recommended to set an empty value to the following kernel config option:" - ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" - fi - if linux_chkconfig_present X86; then - CONFIG_CHECK+=" ~DMIID" - fi - fi - - if kernel_is -lt ${MINKV//./ }; then - ewarn "Kernel version at least ${MINKV} required" - fi - - check_extra_config - fi -} - -pkg_setup() { - use boot && secureboot_pkg_setup -} - -src_unpack() { - default - [[ ${PV} != 9999 ]] || git-r3_src_unpack -} - -src_prepare() { - local PATCHES=( - "${FILESDIR}/systemd-253-initrd-generators.patch" - "${FILESDIR}/254-PrivateDevices-userdbd.patch" - ) - - if ! use vanilla; then - PATCHES+=( - "${FILESDIR}/gentoo-generator-path-r2.patch" - "${FILESDIR}/gentoo-journald-audit-r1.patch" - ) - fi - - # Fails with split-usr. - sed -i -e '2i exit 77' test/test-rpm-macros.sh || die - - default -} - -src_configure() { - # Prevent conflicts with i686 cross toolchain, bug 559726 - tc-export AR CC NM OBJCOPY RANLIB - - python_setup - - multilib-minimal_src_configure -} - -multilib_src_configure() { - local myconf=( - --localstatedir="${EPREFIX}/var" - -Dsupport-url="https://gentoo.org/support/" - -Dpamlibdir="$(getpam_mod_dir)" - # avoid bash-completion dep - -Dbashcompletiondir="$(get_bashcompdir)" - $(meson_use split-usr) - $(meson_use split-usr split-bin) - -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" - -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" - # Disable compatibility with sysvinit - -Dsysvinit-path= - -Dsysvrcnd-path= - # Avoid infinite exec recursion, bug 642724 - -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" - # no deps - -Dima=true - -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) - # Optional components/dependencies - $(meson_native_use_bool acl) - $(meson_native_use_bool apparmor) - $(meson_native_use_bool audit) - $(meson_native_use_bool boot bootloader) - $(meson_native_use_bool cryptsetup libcryptsetup) - $(meson_native_use_bool curl libcurl) - $(meson_native_use_bool dns-over-tls dns-over-tls) - $(meson_native_use_bool elfutils) - $(meson_native_use_bool fido2 libfido2) - $(meson_use gcrypt) - $(meson_native_use_bool gnutls) - $(meson_native_use_bool homed) - $(meson_native_use_bool http microhttpd) - $(meson_native_use_bool idn) - $(meson_native_use_bool importd) - $(meson_native_use_bool importd bzip2) - $(meson_native_use_bool importd zlib) - $(meson_native_use_bool kernel-install) - $(meson_native_use_bool kmod) - $(meson_use lz4) - $(meson_use lzma xz) - $(meson_use test tests) - $(meson_use zstd) - $(meson_native_use_bool iptables libiptc) - $(meson_native_use_bool openssl) - $(meson_use pam) - $(meson_native_use_bool pkcs11 p11kit) - $(meson_native_use_bool pcre pcre2) - $(meson_native_use_bool policykit polkit) - $(meson_native_use_bool pwquality) - $(meson_native_use_bool qrcode qrencode) - $(meson_native_use_bool seccomp) - $(meson_native_use_bool selinux) - $(meson_native_use_bool tpm tpm2) - $(meson_native_use_bool test dbus) - $(meson_native_use_bool ukify) - $(meson_native_use_bool xkb xkbcommon) - -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" - # Breaks screen, tmux, etc. - -Ddefault-kill-user-processes=false - -Dcreate-log-dirs=false - - # multilib options - $(meson_native_true backlight) - $(meson_native_true binfmt) - $(meson_native_true coredump) - $(meson_native_true environment-d) - $(meson_native_true firstboot) - $(meson_native_true hibernate) - $(meson_native_true hostnamed) - $(meson_native_true ldconfig) - $(meson_native_true localed) - $(meson_native_true man) - $(meson_native_true networkd) - $(meson_native_true quotacheck) - $(meson_native_true randomseed) - $(meson_native_true rfkill) - $(meson_native_true sysusers) - $(meson_native_true timedated) - $(meson_native_true timesyncd) - $(meson_native_true tmpfiles) - $(meson_native_true vconsole) - ) - - meson_src_configure "${myconf[@]}" -} - -multilib_src_test() { - unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR - local -x COLUMNS=80 - meson_src_test -} - -multilib_src_install_all() { - local rootprefix=$(usex split-usr '' /usr) - local sbin=$(usex split-usr sbin bin) - - # meson doesn't know about docdir - mv "${ED}"/usr/share/doc/{systemd,${PF}} || die - - einstalldocs - dodoc "${FILESDIR}"/nsswitch.conf - - insinto /usr/lib/tmpfiles.d - doins "${FILESDIR}"/legacy.conf - - if ! use resolvconf; then - rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die - fi - - if ! use sysv-utils; then - rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die - rm "${ED}"/usr/share/man/man1/init.1 || die - rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die - fi - - # https://bugs.gentoo.org/761763 - rm -r "${ED}"/usr/lib/sysusers.d || die - - # Preserve empty dirs in /etc & /var, bug #437008 - keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} - keepdir /etc/kernel/install.d - keepdir /etc/systemd/{network,system,user} - keepdir /etc/udev/rules.d - - keepdir /etc/udev/hwdb.d - - keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} - keepdir /usr/lib/{binfmt.d,modules-load.d} - keepdir /usr/lib/systemd/user-generators - keepdir /var/lib/systemd - keepdir /var/log/journal - - if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user - fi - - if use split-usr; then - # Avoid breaking boot/reboot - dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd - dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown - fi - - gen_usr_ldscript -a systemd udev - - if use kernel-install; then - # Dummy config, remove to make room for sys-kernel/installkernel - rm "${ED}/usr/lib/kernel/install.conf" || die - fi - - use ukify && python_fix_shebang "${ED}" - use boot && secureboot_auto_sign -} - -migrate_locale() { - local envd_locale_def="${EROOT}/etc/env.d/02locale" - local envd_locale=( "${EROOT}"/etc/env.d/??locale ) - local locale_conf="${EROOT}/etc/locale.conf" - - if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then - # If locale.conf does not exist... - if [[ -e ${envd_locale} ]]; then - # ...either copy env.d/??locale if there's one - ebegin "Moving ${envd_locale} to ${locale_conf}" - mv "${envd_locale}" "${locale_conf}" - eend ${?} || FAIL=1 - else - # ...or create a dummy default - ebegin "Creating ${locale_conf}" - cat > "${locale_conf}" <<-EOF - # This file has been created by the sys-apps/systemd ebuild. - # See locale.conf(5) and localectl(1). - - # LANG=${LANG} - EOF - eend ${?} || FAIL=1 - fi - fi - - if [[ ! -L ${envd_locale} ]]; then - # now, if env.d/??locale is not a symlink (to locale.conf)... - if [[ -e ${envd_locale} ]]; then - # ...warn the user that he has duplicate locale settings - ewarn - ewarn "To ensure consistent behavior, you should replace ${envd_locale}" - ewarn "with a symlink to ${locale_conf}. Please migrate your settings" - ewarn "and create the symlink with the following command:" - ewarn "ln -s -n -f ../locale.conf ${envd_locale}" - ewarn - else - # ...or just create the symlink if there's nothing here - ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" - ln -n -s ../locale.conf "${envd_locale_def}" - eend ${?} || FAIL=1 - fi - fi -} - -pkg_preinst() { - if [[ -e ${EROOT}/etc/sysctl.conf ]]; then - # Symlink /etc/sysctl.conf for easy migration. - dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf - fi - - if ! use split-usr; then - local dir - for dir in bin sbin lib usr/sbin; do - if [[ ! -L ${EROOT}/${dir} ]]; then - eerror "'${EROOT}/${dir}' is not a symbolic link." - FAIL=1 - fi - done - if [[ ${FAIL} ]]; then - eerror "Migration to system layout with merged directories must be performed before" - eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage." - die "System layout with split directories still used" - fi - fi - if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then - ewarn "The 'gnuefi' USE flag has been renamed to 'boot'." - ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot." - fi -} - -pkg_postinst() { - systemd_update_catalog - - # Keep this here in case the database format changes so it gets updated - # when required. - systemd-hwdb --root="${ROOT}" update - - udev_reload || FAIL=1 - - # Bug 465468, make sure locales are respected, and ensure consistency - # between OpenRC & systemd - migrate_locale - - if [[ -z ${REPLACING_VERSIONS} ]]; then - if type systemctl &>/dev/null; then - systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 - fi - elog "To enable a useful set of services, run the following:" - elog " systemctl preset-all --preset-mode=enable-only" - fi - - if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then - rm "${EROOT}/var/lib/systemd/timesync" - fi - - if [[ ${FAIL} ]]; then - eerror "One of the postinst commands failed. Please check the postinst output" - eerror "for errors. You may need to clean up your system and/or try installing" - eerror "systemd again." - eerror - fi - - if use boot; then - optfeature "automatically installing the kernels in systemd-boot's native layout and updating the bootloader configuration" \ - "sys-kernel/installkernel[systemd-boot]" - fi - if use ukify; then - optfeature "automatically generating an unified kernel image on each kernel installation" \ - "sys-kernel/installkernel[ukify]" - fi -} - -pkg_prerm() { - # If removing systemd completely, remove the catalog database. - if [[ ! ${REPLACED_BY_VERSION} ]]; then - rm -f -v "${EROOT}"/var/lib/systemd/catalog/database - fi -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-255.2-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-255.2-r2.ebuild deleted file mode 100644 index 85965aed1d..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-255.2-r2.ebuild +++ /dev/null @@ -1,524 +0,0 @@ -# Copyright 2011-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 -PYTHON_COMPAT=( python3_{10..12} ) - -# Avoid QA warnings -TMPFILES_OPTIONAL=1 -UDEV_OPTIONAL=1 - -QA_PKGCONFIG_VERSION=$(ver_cut 1) - -if [[ ${PV} == 9999 ]]; then - EGIT_REPO_URI="https://github.com/systemd/systemd.git" - inherit git-r3 -else - if [[ ${PV} == *.* ]]; then - MY_PN=systemd-stable - else - MY_PN=systemd - fi - MY_PV=${PV/_/-} - MY_P=${MY_PN}-${MY_PV} - S=${WORKDIR}/${MY_P} - SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" - - if [[ ${PV} != *rc* ]] ; then - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" - fi -fi - -inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1 -inherit secureboot systemd toolchain-funcs udev - -DESCRIPTION="System and service manager for Linux" -HOMEPAGE="http://systemd.io/" - -LICENSE="GPL-2 LGPL-2.1 MIT public-domain" -SLOT="0/2" -IUSE=" - acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils - fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod - +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode - +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd -" -REQUIRED_USE=" - ${PYTHON_REQUIRED_USE} - dns-over-tls? ( || ( gnutls openssl ) ) - fido2? ( cryptsetup openssl ) - homed? ( cryptsetup pam openssl ) - importd? ( curl lzma || ( gcrypt openssl ) ) - pwquality? ( homed ) - boot? ( kernel-install ) - ukify? ( boot ) -" -RESTRICT="!test? ( test )" - -MINKV="4.15" - -COMMON_DEPEND=" - >=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}] - sys-libs/libcap:0=[${MULTILIB_USEDEP}] - virtual/libcrypt:=[${MULTILIB_USEDEP}] - acl? ( sys-apps/acl:0= ) - apparmor? ( >=sys-libs/libapparmor-2.13:0= ) - audit? ( >=sys-process/audit-2:0= ) - cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) - curl? ( >=net-misc/curl-7.32.0:0= ) - elfutils? ( >=dev-libs/elfutils-0.158:0= ) - fido2? ( dev-libs/libfido2:0= ) - gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) - gnutls? ( >=net-libs/gnutls-3.6.0:0= ) - http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) - idn? ( net-dns/libidn2:= ) - importd? ( - app-arch/bzip2:0= - sys-libs/zlib:0= - ) - kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - iptables? ( net-firewall/iptables:0= ) - openssl? ( >=dev-libs/openssl-1.1.0:0= ) - pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) - pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= ) - pcre? ( dev-libs/libpcre2 ) - pwquality? ( >=dev-libs/libpwquality-1.4.1:0= ) - qrcode? ( >=media-gfx/qrencode-3:0= ) - seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) - selinux? ( >=sys-libs/libselinux-2.1.9:0= ) - tpm? ( app-crypt/tpm2-tss:0= ) - xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) - zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) -" - -# Newer linux-headers needed by ia64, bug #480218 -DEPEND="${COMMON_DEPEND} - >=sys-kernel/linux-headers-${MINKV} -" - -PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' - -# baselayout-2.2 has /run -RDEPEND="${COMMON_DEPEND} - >=acct-group/adm-0-r1 - >=acct-group/wheel-0-r1 - >=acct-group/kmem-0-r1 - >=acct-group/tty-0-r1 - >=acct-group/utmp-0-r1 - >=acct-group/audio-0-r1 - >=acct-group/cdrom-0-r1 - >=acct-group/dialout-0-r1 - >=acct-group/disk-0-r1 - >=acct-group/input-0-r1 - >=acct-group/kvm-0-r1 - >=acct-group/lp-0-r1 - >=acct-group/render-0-r1 - acct-group/sgx - >=acct-group/tape-0-r1 - acct-group/users - >=acct-group/video-0-r1 - >=acct-group/systemd-journal-0-r1 - >=acct-user/root-0-r1 - acct-user/nobody - >=acct-user/systemd-journal-remote-0-r1 - >=acct-user/systemd-coredump-0-r1 - >=acct-user/systemd-network-0-r1 - acct-user/systemd-oom - >=acct-user/systemd-resolve-0-r1 - >=acct-user/systemd-timesync-0-r1 - >=sys-apps/baselayout-2.2 - ukify? ( - ${PYTHON_DEPS} - $(python_gen_cond_dep "${PEFILE_DEPEND}") - ) - selinux? ( - sec-policy/selinux-base-policy[systemd] - sec-policy/selinux-ntp - ) - sysv-utils? ( - !sys-apps/openrc[sysv-utils(-)] - !sys-apps/sysvinit - ) - !sysv-utils? ( sys-apps/sysvinit ) - resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] - !sys-auth/nss-myhostname - !sys-fs/eudev - !sys-fs/udev -" - -# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -PDEPEND=">=sys-apps/dbus-1.9.8[systemd] - >=sys-fs/udev-init-scripts-34 - policykit? ( sys-auth/polkit ) - !vanilla? ( sys-apps/gentoo-systemd-integration )" - -BDEPEND=" - app-arch/xz-utils:0 - dev-util/gperf - >=dev-build/meson-0.46 - >=sys-apps/coreutils-8.16 - sys-devel/gettext - virtual/pkgconfig - test? ( - app-text/tree - dev-lang/perl - sys-apps/dbus - ) - app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0 - ${PYTHON_DEPS} - $(python_gen_cond_dep " - dev-python/jinja[\${PYTHON_USEDEP}] - dev-python/lxml[\${PYTHON_USEDEP}] - boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] ) - ukify? ( test? ( ${PEFILE_DEPEND} ) ) - ") -" - -QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" -QA_EXECSTACK="usr/lib/systemd/boot/efi/*" - -pkg_pretend() { - if use split-usr; then - eerror "Please complete the migration to merged-usr." - eerror "https://wiki.gentoo.org/wiki/Merge-usr" - die "systemd no longer supports split-usr" - fi - if [[ ${MERGE_TYPE} != buildonly ]]; then - if use test && has pid-sandbox ${FEATURES}; then - ewarn "Tests are known to fail with PID sandboxing enabled." - ewarn "See https://bugs.gentoo.org/674458." - fi - - local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS - ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE - ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS - ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS - ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH - ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED - ~!SYSFS_DEPRECATED_V2" - - use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" - use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" - - if kernel_is -ge 5 10 20; then - CONFIG_CHECK+=" ~KCMP" - else - CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" - fi - - if kernel_is -ge 4 18; then - CONFIG_CHECK+=" ~AUTOFS_FS" - else - CONFIG_CHECK+=" ~AUTOFS4_FS" - fi - - if linux_config_exists; then - local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) - if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then - ewarn "It's recommended to set an empty value to the following kernel config option:" - ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" - fi - if linux_chkconfig_present X86; then - CONFIG_CHECK+=" ~DMIID" - fi - fi - - if kernel_is -lt ${MINKV//./ }; then - ewarn "Kernel version at least ${MINKV} required" - fi - - check_extra_config - fi -} - -pkg_setup() { - use boot && secureboot_pkg_setup -} - -src_unpack() { - default - [[ ${PV} != 9999 ]] || git-r3_src_unpack -} - -src_prepare() { - local PATCHES=( - ) - - if ! use vanilla; then - PATCHES+=( - "${FILESDIR}/gentoo-generator-path-r2.patch" - "${FILESDIR}/gentoo-journald-audit-r1.patch" - ) - fi - - default -} - -src_configure() { - # Prevent conflicts with i686 cross toolchain, bug 559726 - tc-export AR CC NM OBJCOPY RANLIB - - python_setup - - multilib-minimal_src_configure -} - -multilib_src_configure() { - local myconf=( - --localstatedir="${EPREFIX}/var" - # default is developer, bug 918671 - -Dmode=release - -Dsupport-url="https://gentoo.org/support/" - -Dpamlibdir="$(getpam_mod_dir)" - # avoid bash-completion dep - -Dbashcompletiondir="$(get_bashcompdir)" - -Dsplit-bin=false - # Disable compatibility with sysvinit - -Dsysvinit-path= - -Dsysvrcnd-path= - # Avoid infinite exec recursion, bug 642724 - -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" - # no deps - -Dima=true - -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) - # Optional components/dependencies - $(meson_native_use_bool acl) - $(meson_native_use_bool apparmor) - $(meson_native_use_bool audit) - $(meson_native_use_bool boot bootloader) - $(meson_native_use_bool cryptsetup libcryptsetup) - $(meson_native_use_bool curl libcurl) - $(meson_native_use_bool dns-over-tls dns-over-tls) - $(meson_native_use_bool elfutils) - $(meson_native_use_bool fido2 libfido2) - $(meson_use gcrypt) - $(meson_native_use_bool gnutls) - $(meson_native_use_bool homed) - $(meson_native_use_bool http microhttpd) - $(meson_native_use_bool idn) - $(meson_native_use_bool importd) - $(meson_native_use_bool importd bzip2) - $(meson_native_use_bool importd zlib) - $(meson_native_use_bool kernel-install) - $(meson_native_use_bool kmod) - $(meson_use lz4) - $(meson_use lzma xz) - $(meson_use test tests) - $(meson_use zstd) - $(meson_native_use_bool iptables libiptc) - $(meson_native_use_bool openssl) - $(meson_use pam) - $(meson_native_use_bool pkcs11 p11kit) - $(meson_native_use_bool pcre pcre2) - $(meson_native_use_bool policykit polkit) - $(meson_native_use_bool pwquality) - $(meson_native_use_bool qrcode qrencode) - $(meson_native_use_bool seccomp) - $(meson_native_use_bool selinux) - $(meson_native_use_bool tpm tpm2) - $(meson_native_use_bool test dbus) - $(meson_native_use_bool ukify) - $(meson_native_use_bool xkb xkbcommon) - -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" - # Breaks screen, tmux, etc. - -Ddefault-kill-user-processes=false - -Dcreate-log-dirs=false - - # multilib options - $(meson_native_true backlight) - $(meson_native_true binfmt) - $(meson_native_true coredump) - $(meson_native_true environment-d) - $(meson_native_true firstboot) - $(meson_native_true hibernate) - $(meson_native_true hostnamed) - $(meson_native_true ldconfig) - $(meson_native_true localed) - $(meson_native_true man) - $(meson_native_true networkd) - $(meson_native_true quotacheck) - $(meson_native_true randomseed) - $(meson_native_true rfkill) - $(meson_native_true sysusers) - $(meson_native_true timedated) - $(meson_native_true timesyncd) - $(meson_native_true tmpfiles) - $(meson_native_true vconsole) - $(meson_native_enabled vmspawn) - ) - - meson_src_configure "${myconf[@]}" -} - -multilib_src_test() { - unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR - local -x COLUMNS=80 - meson_src_test -} - -multilib_src_install_all() { - # meson doesn't know about docdir - mv "${ED}"/usr/share/doc/{systemd,${PF}} || die - - einstalldocs - dodoc "${FILESDIR}"/nsswitch.conf - - insinto /usr/lib/tmpfiles.d - doins "${FILESDIR}"/legacy.conf - - if ! use resolvconf; then - rm -f "${ED}"/usr/bin/resolvconf || die - fi - - if ! use sysv-utils; then - rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die - rm "${ED}"/usr/share/man/man1/init.1 || die - rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die - fi - - # https://bugs.gentoo.org/761763 - rm -r "${ED}"/usr/lib/sysusers.d || die - - # Preserve empty dirs in /etc & /var, bug #437008 - keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} - keepdir /etc/kernel/install.d - keepdir /etc/systemd/{network,system,user} - keepdir /etc/udev/rules.d - - keepdir /etc/udev/hwdb.d - - keepdir /usr/lib/systemd/{system-sleep,system-shutdown} - keepdir /usr/lib/{binfmt.d,modules-load.d} - keepdir /usr/lib/systemd/user-generators - keepdir /var/lib/systemd - keepdir /var/log/journal - - if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user - fi - - if use kernel-install; then - # Dummy config, remove to make room for sys-kernel/installkernel - rm "${ED}/usr/lib/kernel/install.conf" || die - fi - - use ukify && python_fix_shebang "${ED}" - use boot && secureboot_auto_sign -} - -migrate_locale() { - local envd_locale_def="${EROOT}/etc/env.d/02locale" - local envd_locale=( "${EROOT}"/etc/env.d/??locale ) - local locale_conf="${EROOT}/etc/locale.conf" - - if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then - # If locale.conf does not exist... - if [[ -e ${envd_locale} ]]; then - # ...either copy env.d/??locale if there's one - ebegin "Moving ${envd_locale} to ${locale_conf}" - mv "${envd_locale}" "${locale_conf}" - eend ${?} || FAIL=1 - else - # ...or create a dummy default - ebegin "Creating ${locale_conf}" - cat > "${locale_conf}" <<-EOF - # This file has been created by the sys-apps/systemd ebuild. - # See locale.conf(5) and localectl(1). - - # LANG=${LANG} - EOF - eend ${?} || FAIL=1 - fi - fi - - if [[ ! -L ${envd_locale} ]]; then - # now, if env.d/??locale is not a symlink (to locale.conf)... - if [[ -e ${envd_locale} ]]; then - # ...warn the user that he has duplicate locale settings - ewarn - ewarn "To ensure consistent behavior, you should replace ${envd_locale}" - ewarn "with a symlink to ${locale_conf}. Please migrate your settings" - ewarn "and create the symlink with the following command:" - ewarn "ln -s -n -f ../locale.conf ${envd_locale}" - ewarn - else - # ...or just create the symlink if there's nothing here - ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" - ln -n -s ../locale.conf "${envd_locale_def}" - eend ${?} || FAIL=1 - fi - fi -} - -pkg_preinst() { - if [[ -e ${EROOT}/etc/sysctl.conf ]]; then - # Symlink /etc/sysctl.conf for easy migration. - dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf - fi - - if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then - ewarn "The 'gnuefi' USE flag has been renamed to 'boot'." - ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot." - fi -} - -pkg_postinst() { - systemd_update_catalog - - # Keep this here in case the database format changes so it gets updated - # when required. - systemd-hwdb --root="${ROOT}" update - - udev_reload || FAIL=1 - - # Bug 465468, make sure locales are respected, and ensure consistency - # between OpenRC & systemd - migrate_locale - - if [[ -z ${REPLACING_VERSIONS} ]]; then - if type systemctl &>/dev/null; then - systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 - fi - elog "To enable a useful set of services, run the following:" - elog " systemctl preset-all --preset-mode=enable-only" - fi - - if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then - rm "${EROOT}/var/lib/systemd/timesync" - fi - - if [[ -z ${ROOT} && -d /run/systemd/system ]]; then - ebegin "Reexecuting system manager (systemd)" - systemctl daemon-reexec - eend $? || FAIL=1 - fi - - if [[ ${FAIL} ]]; then - eerror "One of the postinst commands failed. Please check the postinst output" - eerror "for errors. You may need to clean up your system and/or try installing" - eerror "systemd again." - eerror - fi - - if use boot; then - optfeature "automatically installing the kernels in systemd-boot's native layout and updating the bootloader configuration" \ - "sys-kernel/installkernel[systemd-boot]" - fi - if use ukify; then - optfeature "automatically generating an unified kernel image on each kernel installation" \ - "sys-kernel/installkernel[ukify]" - fi -} - -pkg_prerm() { - # If removing systemd completely, remove the catalog database. - if [[ ! ${REPLACED_BY_VERSION} ]]; then - rm -f -v "${EROOT}"/var/lib/systemd/catalog/database - fi -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-255.3.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-255.3.ebuild index 816ec6e0f3..5ac6f2b40f 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-255.3.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-255.3.ebuild @@ -24,13 +24,12 @@ else S=${WORKDIR}/${MY_P} SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" - if [[ ${PV} != *rc* ]] ; then - KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86" - fi + # Flatcar: mark as stable + KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" fi inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1 -inherit secureboot systemd toolchain-funcs udev +inherit secureboot systemd tmpfiles toolchain-funcs udev DESCRIPTION="System and service manager for Linux" HOMEPAGE="http://systemd.io/" @@ -101,6 +100,11 @@ DEPEND="${COMMON_DEPEND} PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' # baselayout-2.2 has /run +# +# Flatcar: Drop sec-policy/selinux-ntp from deps (under selinux use +# flag). The image stage fails with "Failed to resolve +# typeattributeset statement at +# /var/lib/selinux/mcs/tmp/modules/400/ntp/cil:120" RDEPEND="${COMMON_DEPEND} >=acct-group/adm-0-r1 >=acct-group/wheel-0-r1 @@ -129,13 +133,13 @@ RDEPEND="${COMMON_DEPEND} >=acct-user/systemd-resolve-0-r1 >=acct-user/systemd-timesync-0-r1 >=sys-apps/baselayout-2.2 + sys-apps/kbd ukify? ( ${PYTHON_DEPS} $(python_gen_cond_dep "${PEFILE_DEPEND}") ) selinux? ( sec-policy/selinux-base-policy[systemd] - sec-policy/selinux-ntp ) sysv-utils? ( !sys-apps/openrc[sysv-utils(-)] @@ -184,11 +188,6 @@ QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" QA_EXECSTACK="usr/lib/systemd/boot/efi/*" pkg_pretend() { - if use split-usr; then - eerror "Please complete the migration to merged-usr." - eerror "https://wiki.gentoo.org/wiki/Merge-usr" - die "systemd no longer supports split-usr" - fi if [[ ${MERGE_TYPE} != buildonly ]]; then if use test && has pid-sandbox ${FEATURES}; then ewarn "Tests are known to fail with PID sandboxing enabled." @@ -248,6 +247,14 @@ src_unpack() { src_prepare() { local PATCHES=( + # Flatcar: Adding our own patches here. + "${FILESDIR}/0001-wait-online-set-any-by-default.patch" + "${FILESDIR}/0002-networkd-default-to-kernel-IPForwarding-setting.patch" + "${FILESDIR}/0003-needs-update-don-t-require-strictly-newer-usr.patch" + "${FILESDIR}/0004-core-use-max-for-DefaultTasksMax.patch" + "${FILESDIR}/0005-systemd-Disable-SELinux-permissions-checks.patch" + "${FILESDIR}/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch" + "${FILESDIR}/0007-units-Keep-using-old-journal-file-format.patch" ) if ! use vanilla; then @@ -257,6 +264,23 @@ src_prepare() { ) fi + # Fails with split-usr. + sed -i -e '2i exit 77' test/test-rpm-macros.sh || die + + # Flatcar: The Kubelet takes /etc/resolv.conf for, e.g., + # CoreDNS which has dnsPolicy "default", but unless the + # kubelet --resolv-conf flag is set to point to + # /run/systemd/resolve/resolv.conf this won't work with + # /etc/resolv.conf pointing to + # /run/systemd/resolve/stub-resolv.conf which configures + # 127.0.0.53. See + # https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/#known-issues + # This means that users who need split DNS to work should + # point /etc/resolv.conf back to + # /run/systemd/resolve/stub-resolv.conf (and if using K8s + # configure the kubelet resolvConf variable/--resolv-conf flag + # to /run/systemd/resolve/resolv.conf). + sed -i -e 's,/run/systemd/resolve/stub-resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/systemd-resolve.conf || die default } @@ -269,16 +293,27 @@ src_configure() { multilib-minimal_src_configure } +# Flatcar: Our function, we use it in some places below. +get_rootprefix() { + usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr" +} multilib_src_configure() { local myconf=( --localstatedir="${EPREFIX}/var" - # default is developer, bug 918671 - -Dmode=release - -Dsupport-url="https://gentoo.org/support/" + # Flatcar: Point to our user mailing list. + -Dsupport-url="https://groups.google.com/forum/#!forum/flatcar-linux-user" -Dpamlibdir="$(getpam_mod_dir)" # avoid bash-completion dep -Dbashcompletiondir="$(get_bashcompdir)" - -Dsplit-bin=false + $(meson_use split-usr) + # Flatcar: Always set split-bin to true, we always + # have separate bin and sbin directories + -Dsplit-bin=true + # Flatcar: Use get_rootprefix. No functional change + # from upstream, just refactoring the common code used + # in some places. + -Drootprefix="$(get_rootprefix)" + -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" # Disable compatibility with sysvinit -Dsysvinit-path= -Dsysvrcnd-path= @@ -325,9 +360,11 @@ multilib_src_configure() { $(meson_native_use_bool test dbus) $(meson_native_use_bool ukify) $(meson_native_use_bool xkb xkbcommon) - -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" + # Flatcar: Use our ntp servers. + -Dntp-servers="0.flatcar.pool.ntp.org 1.flatcar.pool.ntp.org 2.flatcar.pool.ntp.org 3.flatcar.pool.ntp.org" # Breaks screen, tmux, etc. -Ddefault-kill-user-processes=false + # Flatcar: TODO: Investigate if we want this. -Dcreate-log-dirs=false # multilib options @@ -351,6 +388,42 @@ multilib_src_configure() { $(meson_native_true tmpfiles) $(meson_native_true vconsole) $(meson_native_enabled vmspawn) + # Flatcar: Specify this, or meson breaks due to no + # /etc/login.defs. + -Dsystem-gid-max=999 + -Dsystem-uid-max=999 + + # Flatcar: DBus paths. + -Ddbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services" + -Ddbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services" + + # Flatcar: PAM config directory. + -Dpamconfdir=/usr/share/pam.d + + # Flatcar: The CoreOS epoch, Mon Jul 1 00:00:00 UTC + # 2013. Used by timesyncd as a sanity check for the + # minimum acceptable time. Explicitly set to avoid + # using the current build time. + -Dtime-epoch=1372636800 + + # Flatcar: No default name servers. + -Ddns-servers= + + # Flatcar: Disable the "First Boot Wizard", it isn't + # very applicable to us. + -Dfirstboot=false + + # Flatcar: Set latest network interface naming scheme + # for https://github.com/flatcar/Flatcar/issues/36 + -Ddefault-net-naming-scheme=latest + + # Flatcar: Combined log format: name plus description + -Dstatus-unit-format-default=combined + + # Flatcar: Unported options, still needed? + -Dquotaon-path=/usr/sbin/quotaon + -Dquotacheck-path=/usr/sbin/quotacheck + -Ddefault-mdns=no ) meson_src_configure "${myconf[@]}" @@ -363,11 +436,16 @@ multilib_src_test() { } multilib_src_install_all() { + # Flatcar: We always have bin separate from sbin + # local sbin=$(usex split-usr sbin bin) + local sbin='sbin' # meson doesn't know about docdir mv "${ED}"/usr/share/doc/{systemd,${PF}} || die einstalldocs - dodoc "${FILESDIR}"/nsswitch.conf + # Flatcar: Do not install sample nsswitch.conf, we don't + # provide it. + # dodoc "${FILESDIR}"/nsswitch.conf insinto /usr/lib/tmpfiles.d doins "${FILESDIR}"/legacy.conf @@ -385,6 +463,8 @@ multilib_src_install_all() { # https://bugs.gentoo.org/761763 rm -r "${ED}"/usr/lib/sysusers.d || die + # Flatcar: Upstream uses keepdir commands to keep some empty + # directories. We use tmpfiles. # Preserve empty dirs in /etc & /var, bug #437008 keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} keepdir /etc/kernel/install.d @@ -393,25 +473,134 @@ multilib_src_install_all() { keepdir /etc/udev/hwdb.d - keepdir /usr/lib/systemd/{system-sleep,system-shutdown} - keepdir /usr/lib/{binfmt.d,modules-load.d} - keepdir /usr/lib/systemd/user-generators - keepdir /var/lib/systemd - keepdir /var/log/journal + # keepdir /usr/lib/systemd/{system-sleep,system-shutdown} + # keepdir /usr/lib/{binfmt.d,modules-load.d} + # keepdir /usr/lib/systemd/user-generators + # keepdir /var/lib/systemd + # keepdir /var/log/journal - if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user - fi + # if use pam; then + # newpamd "${FILESDIR}"/systemd-user.pam systemd-user + # fi if use kernel-install; then # Dummy config, remove to make room for sys-kernel/installkernel rm "${ED}/usr/lib/kernel/install.conf" || die fi + # Flatcar: Ensure journal directory has correct ownership/mode + # in inital image. This is fixed by systemd-tmpfiles *but* + # journald starts before that and will create the journal if + # the filesystem is already read-write. Conveniently the + # systemd Makefile sets this up completely wrong. + # + # Flatcar: TODO: Is this still a problem? + dodir /var/log/journal + fowners root:systemd-journal /var/log/journal + fperms 2755 /var/log/journal + + # Flatcar: Don't prune systemd dirs. + dotmpfiles "${FILESDIR}"/systemd-flatcar.conf + # Flatcar: Add tmpfiles rule for resolv.conf. This path has + # changed after v213 so it must be handled here instead of + # baselayout now. + dotmpfiles "${FILESDIR}"/systemd-resolv.conf + + # Flatcar: Don't default to graphical.target. + local unitdir=$(builddir_systemd_get_systemunitdir) + dosym multi-user.target "${unitdir}"/default.target + + # Flatcar: Don't set any extra environment variables by default. + rm "${ED}/usr/lib/environment.d/99-environment.conf" || die + + # Flatcar: These lines more or less follow the systemd's + # preset file (90-systemd.preset). We do it that way, to avoid + # putting symlinks in /etc. Please keep the lines in the same + # order as the "enable" lines appear in the preset file. For a + # single enable line in preset, there may be more lines if the + # unit file had Also: clause which has units we enable here + # too. + + # Flatcar: enable remote-fs.target + builddir_systemd_enable_service multi-user.target remote-fs.target + # Flatcar: enable remote-cryptsetup.target + if use cryptsetup; then + builddir_systemd_enable_service multi-user.target remote-cryptsetup.target + fi + # Flatcar: enable machines.target + builddir_systemd_enable_service multi-user.target machines.target + # Flatcar: enable getty@.service + dodir "${unitdir}/getty.target.wants" + dosym ../getty@.service "${unitdir}/getty.target.wants/getty@tty1.service" + # Flatcar: enable systemd-timesyncd.service + builddir_systemd_enable_service sysinit.target systemd-timesyncd.service + # Flatcar: enable systemd-networkd.service (Also: systemd-networkd.socket, systemd-networkd-wait-online.service) + builddir_systemd_enable_service multi-user.target systemd-networkd.service + builddir_systemd_enable_service sockets.target systemd-networkd.socket + builddir_systemd_enable_service network-online.target systemd-networkd-wait-online.service + # Flatcar: enable systemd-network-generator.service + builddir_systemd_enable_service sysinit.target systemd-network-generator.service + # Flatcar: enable systemd-resolved.service + builddir_systemd_enable_service multi-user.target systemd-resolved.service + # Flatcar: enable systemd-homed.service (Also: systemd-userdbd.service [not enabled - has no WantedBy entry]) + if use homed; then + builddir_systemd_enable_service multi-user.target systemd-homed.target + fi + # Flatcar: enable systemd-userdbd.socket + builddir_systemd_enable_service sockets.target systemd-userdbd.socket + # Flatcar: enable systemd-pstore.service + builddir_systemd_enable_service sysinit.target systemd-pstore.service + # Flatcar: enable systemd-boot-update.service + if use boot; then + builddir_systemd_enable_service sysinit.target systemd-boot-update.service + fi + # Flatcar: enable reboot.target (not enabled - has no WantedBy + # entry) + + # Flatcar: enable systemd-sysext.service by default + builddir_systemd_enable_service sysinit.target systemd-sysext.service + + # Flatcar: Use an empty preset file, because systemctl + # preset-all puts symlinks in /etc, not in /usr. We don't use + # /etc, because it is not autoupdated. We do the "preset" above. + rm "${ED}/usr/lib/systemd/system-preset/90-systemd.preset" || die + insinto /usr/lib/systemd/system-preset + doins "${FILESDIR}"/99-default.preset + + # Flatcar: Do not ship distro-specific files (nsswitch.conf + # pam.d). This conflicts with our own configuration provided + # by baselayout. + rm -rf "${ED}"/usr/share/factory + sed -i "${ED}"/usr/lib/tmpfiles.d/etc.conf \ + -e '/^C!* \/etc\/nsswitch\.conf/d' \ + -e '/^C!* \/etc\/pam\.d/d' \ + -e '/^C!* \/etc\/issue/d' use ukify && python_fix_shebang "${ED}" use boot && secureboot_auto_sign } +# Flatcar: Our own version of systemd_get_systemunitdir, that returns +# a path inside /usr, not /etc. +builddir_systemd_get_systemunitdir() { + echo "$(get_rootprefix)/lib/systemd/system" +} + +# Flatcar: Our own version of systemd_enable_service, that does +# operations inside /usr, not /etc. +builddir_systemd_enable_service() { + local target=${1} + local service=${2} + local ud=$(builddir_systemd_get_systemunitdir) + local destname=${service##*/} + + dodir "${ud}"/"${target}".wants && \ + dosym ../"${service}" "${ud}"/"${target}".wants/"${destname}" + + if use boot; then + python_fix_shebang "${ED}" + secureboot_auto_sign + fi +} migrate_locale() { local envd_locale_def="${EROOT}/etc/env.d/02locale" local envd_locale=( "${EROOT}"/etc/env.d/??locale ) @@ -462,6 +651,21 @@ pkg_preinst() { dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf fi + if ! use split-usr; then + local dir + # Flatcar: We still use separate bin and sbin, so drop usr/sbin from the list. + for dir in bin sbin lib; do + if [[ ! -L ${EROOT}/${dir} ]]; then + eerror "'${EROOT}/${dir}' is not a symbolic link." + FAIL=1 + fi + done + if [[ ${FAIL} ]]; then + eerror "Migration to system layout with merged directories must be performed before" + eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage." + die "System layout with split directories still used" + fi + fi if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then ewarn "The 'gnuefi' USE flag has been renamed to 'boot'." ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot." @@ -481,13 +685,15 @@ pkg_postinst() { # between OpenRC & systemd migrate_locale - if [[ -z ${REPLACING_VERSIONS} ]]; then - if type systemctl &>/dev/null; then - systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 - fi - elog "To enable a useful set of services, run the following:" - elog " systemctl preset-all --preset-mode=enable-only" - fi + # Flatcar: We enable getty and remote-fs targets in /usr + # ourselves above. + # if [[ -z ${REPLACING_VERSIONS} ]]; then + # if type systemctl &>/dev/null; then + # systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 + # fi + # elog "To enable a useful set of services, run the following:" + # elog " systemctl preset-all --preset-mode=enable-only" + # fi if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then rm "${EROOT}/var/lib/systemd/timesync" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild deleted file mode 100644 index 85965aed1d..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild +++ /dev/null @@ -1,524 +0,0 @@ -# Copyright 2011-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 -PYTHON_COMPAT=( python3_{10..12} ) - -# Avoid QA warnings -TMPFILES_OPTIONAL=1 -UDEV_OPTIONAL=1 - -QA_PKGCONFIG_VERSION=$(ver_cut 1) - -if [[ ${PV} == 9999 ]]; then - EGIT_REPO_URI="https://github.com/systemd/systemd.git" - inherit git-r3 -else - if [[ ${PV} == *.* ]]; then - MY_PN=systemd-stable - else - MY_PN=systemd - fi - MY_PV=${PV/_/-} - MY_P=${MY_PN}-${MY_PV} - S=${WORKDIR}/${MY_P} - SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" - - if [[ ${PV} != *rc* ]] ; then - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" - fi -fi - -inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1 -inherit secureboot systemd toolchain-funcs udev - -DESCRIPTION="System and service manager for Linux" -HOMEPAGE="http://systemd.io/" - -LICENSE="GPL-2 LGPL-2.1 MIT public-domain" -SLOT="0/2" -IUSE=" - acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils - fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod - +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode - +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd -" -REQUIRED_USE=" - ${PYTHON_REQUIRED_USE} - dns-over-tls? ( || ( gnutls openssl ) ) - fido2? ( cryptsetup openssl ) - homed? ( cryptsetup pam openssl ) - importd? ( curl lzma || ( gcrypt openssl ) ) - pwquality? ( homed ) - boot? ( kernel-install ) - ukify? ( boot ) -" -RESTRICT="!test? ( test )" - -MINKV="4.15" - -COMMON_DEPEND=" - >=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}] - sys-libs/libcap:0=[${MULTILIB_USEDEP}] - virtual/libcrypt:=[${MULTILIB_USEDEP}] - acl? ( sys-apps/acl:0= ) - apparmor? ( >=sys-libs/libapparmor-2.13:0= ) - audit? ( >=sys-process/audit-2:0= ) - cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) - curl? ( >=net-misc/curl-7.32.0:0= ) - elfutils? ( >=dev-libs/elfutils-0.158:0= ) - fido2? ( dev-libs/libfido2:0= ) - gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) - gnutls? ( >=net-libs/gnutls-3.6.0:0= ) - http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) - idn? ( net-dns/libidn2:= ) - importd? ( - app-arch/bzip2:0= - sys-libs/zlib:0= - ) - kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - iptables? ( net-firewall/iptables:0= ) - openssl? ( >=dev-libs/openssl-1.1.0:0= ) - pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) - pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= ) - pcre? ( dev-libs/libpcre2 ) - pwquality? ( >=dev-libs/libpwquality-1.4.1:0= ) - qrcode? ( >=media-gfx/qrencode-3:0= ) - seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) - selinux? ( >=sys-libs/libselinux-2.1.9:0= ) - tpm? ( app-crypt/tpm2-tss:0= ) - xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) - zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) -" - -# Newer linux-headers needed by ia64, bug #480218 -DEPEND="${COMMON_DEPEND} - >=sys-kernel/linux-headers-${MINKV} -" - -PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' - -# baselayout-2.2 has /run -RDEPEND="${COMMON_DEPEND} - >=acct-group/adm-0-r1 - >=acct-group/wheel-0-r1 - >=acct-group/kmem-0-r1 - >=acct-group/tty-0-r1 - >=acct-group/utmp-0-r1 - >=acct-group/audio-0-r1 - >=acct-group/cdrom-0-r1 - >=acct-group/dialout-0-r1 - >=acct-group/disk-0-r1 - >=acct-group/input-0-r1 - >=acct-group/kvm-0-r1 - >=acct-group/lp-0-r1 - >=acct-group/render-0-r1 - acct-group/sgx - >=acct-group/tape-0-r1 - acct-group/users - >=acct-group/video-0-r1 - >=acct-group/systemd-journal-0-r1 - >=acct-user/root-0-r1 - acct-user/nobody - >=acct-user/systemd-journal-remote-0-r1 - >=acct-user/systemd-coredump-0-r1 - >=acct-user/systemd-network-0-r1 - acct-user/systemd-oom - >=acct-user/systemd-resolve-0-r1 - >=acct-user/systemd-timesync-0-r1 - >=sys-apps/baselayout-2.2 - ukify? ( - ${PYTHON_DEPS} - $(python_gen_cond_dep "${PEFILE_DEPEND}") - ) - selinux? ( - sec-policy/selinux-base-policy[systemd] - sec-policy/selinux-ntp - ) - sysv-utils? ( - !sys-apps/openrc[sysv-utils(-)] - !sys-apps/sysvinit - ) - !sysv-utils? ( sys-apps/sysvinit ) - resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] - !sys-auth/nss-myhostname - !sys-fs/eudev - !sys-fs/udev -" - -# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -PDEPEND=">=sys-apps/dbus-1.9.8[systemd] - >=sys-fs/udev-init-scripts-34 - policykit? ( sys-auth/polkit ) - !vanilla? ( sys-apps/gentoo-systemd-integration )" - -BDEPEND=" - app-arch/xz-utils:0 - dev-util/gperf - >=dev-build/meson-0.46 - >=sys-apps/coreutils-8.16 - sys-devel/gettext - virtual/pkgconfig - test? ( - app-text/tree - dev-lang/perl - sys-apps/dbus - ) - app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0 - ${PYTHON_DEPS} - $(python_gen_cond_dep " - dev-python/jinja[\${PYTHON_USEDEP}] - dev-python/lxml[\${PYTHON_USEDEP}] - boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] ) - ukify? ( test? ( ${PEFILE_DEPEND} ) ) - ") -" - -QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" -QA_EXECSTACK="usr/lib/systemd/boot/efi/*" - -pkg_pretend() { - if use split-usr; then - eerror "Please complete the migration to merged-usr." - eerror "https://wiki.gentoo.org/wiki/Merge-usr" - die "systemd no longer supports split-usr" - fi - if [[ ${MERGE_TYPE} != buildonly ]]; then - if use test && has pid-sandbox ${FEATURES}; then - ewarn "Tests are known to fail with PID sandboxing enabled." - ewarn "See https://bugs.gentoo.org/674458." - fi - - local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS - ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE - ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS - ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS - ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH - ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED - ~!SYSFS_DEPRECATED_V2" - - use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" - use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" - - if kernel_is -ge 5 10 20; then - CONFIG_CHECK+=" ~KCMP" - else - CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" - fi - - if kernel_is -ge 4 18; then - CONFIG_CHECK+=" ~AUTOFS_FS" - else - CONFIG_CHECK+=" ~AUTOFS4_FS" - fi - - if linux_config_exists; then - local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) - if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then - ewarn "It's recommended to set an empty value to the following kernel config option:" - ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" - fi - if linux_chkconfig_present X86; then - CONFIG_CHECK+=" ~DMIID" - fi - fi - - if kernel_is -lt ${MINKV//./ }; then - ewarn "Kernel version at least ${MINKV} required" - fi - - check_extra_config - fi -} - -pkg_setup() { - use boot && secureboot_pkg_setup -} - -src_unpack() { - default - [[ ${PV} != 9999 ]] || git-r3_src_unpack -} - -src_prepare() { - local PATCHES=( - ) - - if ! use vanilla; then - PATCHES+=( - "${FILESDIR}/gentoo-generator-path-r2.patch" - "${FILESDIR}/gentoo-journald-audit-r1.patch" - ) - fi - - default -} - -src_configure() { - # Prevent conflicts with i686 cross toolchain, bug 559726 - tc-export AR CC NM OBJCOPY RANLIB - - python_setup - - multilib-minimal_src_configure -} - -multilib_src_configure() { - local myconf=( - --localstatedir="${EPREFIX}/var" - # default is developer, bug 918671 - -Dmode=release - -Dsupport-url="https://gentoo.org/support/" - -Dpamlibdir="$(getpam_mod_dir)" - # avoid bash-completion dep - -Dbashcompletiondir="$(get_bashcompdir)" - -Dsplit-bin=false - # Disable compatibility with sysvinit - -Dsysvinit-path= - -Dsysvrcnd-path= - # Avoid infinite exec recursion, bug 642724 - -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" - # no deps - -Dima=true - -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) - # Optional components/dependencies - $(meson_native_use_bool acl) - $(meson_native_use_bool apparmor) - $(meson_native_use_bool audit) - $(meson_native_use_bool boot bootloader) - $(meson_native_use_bool cryptsetup libcryptsetup) - $(meson_native_use_bool curl libcurl) - $(meson_native_use_bool dns-over-tls dns-over-tls) - $(meson_native_use_bool elfutils) - $(meson_native_use_bool fido2 libfido2) - $(meson_use gcrypt) - $(meson_native_use_bool gnutls) - $(meson_native_use_bool homed) - $(meson_native_use_bool http microhttpd) - $(meson_native_use_bool idn) - $(meson_native_use_bool importd) - $(meson_native_use_bool importd bzip2) - $(meson_native_use_bool importd zlib) - $(meson_native_use_bool kernel-install) - $(meson_native_use_bool kmod) - $(meson_use lz4) - $(meson_use lzma xz) - $(meson_use test tests) - $(meson_use zstd) - $(meson_native_use_bool iptables libiptc) - $(meson_native_use_bool openssl) - $(meson_use pam) - $(meson_native_use_bool pkcs11 p11kit) - $(meson_native_use_bool pcre pcre2) - $(meson_native_use_bool policykit polkit) - $(meson_native_use_bool pwquality) - $(meson_native_use_bool qrcode qrencode) - $(meson_native_use_bool seccomp) - $(meson_native_use_bool selinux) - $(meson_native_use_bool tpm tpm2) - $(meson_native_use_bool test dbus) - $(meson_native_use_bool ukify) - $(meson_native_use_bool xkb xkbcommon) - -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" - # Breaks screen, tmux, etc. - -Ddefault-kill-user-processes=false - -Dcreate-log-dirs=false - - # multilib options - $(meson_native_true backlight) - $(meson_native_true binfmt) - $(meson_native_true coredump) - $(meson_native_true environment-d) - $(meson_native_true firstboot) - $(meson_native_true hibernate) - $(meson_native_true hostnamed) - $(meson_native_true ldconfig) - $(meson_native_true localed) - $(meson_native_true man) - $(meson_native_true networkd) - $(meson_native_true quotacheck) - $(meson_native_true randomseed) - $(meson_native_true rfkill) - $(meson_native_true sysusers) - $(meson_native_true timedated) - $(meson_native_true timesyncd) - $(meson_native_true tmpfiles) - $(meson_native_true vconsole) - $(meson_native_enabled vmspawn) - ) - - meson_src_configure "${myconf[@]}" -} - -multilib_src_test() { - unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR - local -x COLUMNS=80 - meson_src_test -} - -multilib_src_install_all() { - # meson doesn't know about docdir - mv "${ED}"/usr/share/doc/{systemd,${PF}} || die - - einstalldocs - dodoc "${FILESDIR}"/nsswitch.conf - - insinto /usr/lib/tmpfiles.d - doins "${FILESDIR}"/legacy.conf - - if ! use resolvconf; then - rm -f "${ED}"/usr/bin/resolvconf || die - fi - - if ! use sysv-utils; then - rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die - rm "${ED}"/usr/share/man/man1/init.1 || die - rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die - fi - - # https://bugs.gentoo.org/761763 - rm -r "${ED}"/usr/lib/sysusers.d || die - - # Preserve empty dirs in /etc & /var, bug #437008 - keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} - keepdir /etc/kernel/install.d - keepdir /etc/systemd/{network,system,user} - keepdir /etc/udev/rules.d - - keepdir /etc/udev/hwdb.d - - keepdir /usr/lib/systemd/{system-sleep,system-shutdown} - keepdir /usr/lib/{binfmt.d,modules-load.d} - keepdir /usr/lib/systemd/user-generators - keepdir /var/lib/systemd - keepdir /var/log/journal - - if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user - fi - - if use kernel-install; then - # Dummy config, remove to make room for sys-kernel/installkernel - rm "${ED}/usr/lib/kernel/install.conf" || die - fi - - use ukify && python_fix_shebang "${ED}" - use boot && secureboot_auto_sign -} - -migrate_locale() { - local envd_locale_def="${EROOT}/etc/env.d/02locale" - local envd_locale=( "${EROOT}"/etc/env.d/??locale ) - local locale_conf="${EROOT}/etc/locale.conf" - - if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then - # If locale.conf does not exist... - if [[ -e ${envd_locale} ]]; then - # ...either copy env.d/??locale if there's one - ebegin "Moving ${envd_locale} to ${locale_conf}" - mv "${envd_locale}" "${locale_conf}" - eend ${?} || FAIL=1 - else - # ...or create a dummy default - ebegin "Creating ${locale_conf}" - cat > "${locale_conf}" <<-EOF - # This file has been created by the sys-apps/systemd ebuild. - # See locale.conf(5) and localectl(1). - - # LANG=${LANG} - EOF - eend ${?} || FAIL=1 - fi - fi - - if [[ ! -L ${envd_locale} ]]; then - # now, if env.d/??locale is not a symlink (to locale.conf)... - if [[ -e ${envd_locale} ]]; then - # ...warn the user that he has duplicate locale settings - ewarn - ewarn "To ensure consistent behavior, you should replace ${envd_locale}" - ewarn "with a symlink to ${locale_conf}. Please migrate your settings" - ewarn "and create the symlink with the following command:" - ewarn "ln -s -n -f ../locale.conf ${envd_locale}" - ewarn - else - # ...or just create the symlink if there's nothing here - ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" - ln -n -s ../locale.conf "${envd_locale_def}" - eend ${?} || FAIL=1 - fi - fi -} - -pkg_preinst() { - if [[ -e ${EROOT}/etc/sysctl.conf ]]; then - # Symlink /etc/sysctl.conf for easy migration. - dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf - fi - - if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then - ewarn "The 'gnuefi' USE flag has been renamed to 'boot'." - ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot." - fi -} - -pkg_postinst() { - systemd_update_catalog - - # Keep this here in case the database format changes so it gets updated - # when required. - systemd-hwdb --root="${ROOT}" update - - udev_reload || FAIL=1 - - # Bug 465468, make sure locales are respected, and ensure consistency - # between OpenRC & systemd - migrate_locale - - if [[ -z ${REPLACING_VERSIONS} ]]; then - if type systemctl &>/dev/null; then - systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 - fi - elog "To enable a useful set of services, run the following:" - elog " systemctl preset-all --preset-mode=enable-only" - fi - - if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then - rm "${EROOT}/var/lib/systemd/timesync" - fi - - if [[ -z ${ROOT} && -d /run/systemd/system ]]; then - ebegin "Reexecuting system manager (systemd)" - systemctl daemon-reexec - eend $? || FAIL=1 - fi - - if [[ ${FAIL} ]]; then - eerror "One of the postinst commands failed. Please check the postinst output" - eerror "for errors. You may need to clean up your system and/or try installing" - eerror "systemd again." - eerror - fi - - if use boot; then - optfeature "automatically installing the kernels in systemd-boot's native layout and updating the bootloader configuration" \ - "sys-kernel/installkernel[systemd-boot]" - fi - if use ukify; then - optfeature "automatically generating an unified kernel image on each kernel installation" \ - "sys-kernel/installkernel[ukify]" - fi -} - -pkg_prerm() { - # If removing systemd completely, remove the catalog database. - if [[ ! ${REPLACED_BY_VERSION} ]]; then - rm -f -v "${EROOT}"/var/lib/systemd/catalog/database - fi -}