mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2026-05-11 15:16:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

sys-apps/systemd: Sync with Gentoo

Browse Source 
It's from Gentoo commit 050f1563613fddb5b0188508dea2811fd2b76e1f.

Signed-off-by: Flatcar Buildbot <buildbot@flatcar-linux.org>
This commit is contained in:
Flatcar Buildbot 2026-05-11 08:18:47 +00:00
parent 628927d02d
commit 70aedfd2c5
17 changed files with 779 additions and 1669 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sdk_container/src/third_party/portage-stable/sys-apps/systemd/Manifest vendored
View File

@ -1,4 +1,2 @@
DIST systemd-258.3.tar.gz 17034328 BLAKE2B 668f5829d78412b256f49c3f46dffad5cf70fa335de3e5ca822bdc13e4f67874ac28005b616e7fdc0f3235f760c68809ae3ac97e1f53d3ca43fb7e0934ec0de9 SHA512 9f4261e1703efd1f38c90e4166e6d85fa9379c99ac7f3c66caa62955c3cbe8a43ab259c261ab20bce0dd84dd682258192ace66b4dee0390bf3740c32f4569fed
DIST systemd-259.1.tar.gz 17274033 BLAKE2B 08d3b640e699ecaae9f2e2471db4547870786a5b5e2953671a0a9460b13a4d942c605942f95c144e68a04ffd6be1a72d8a084fe1f59c4d49c0ac3dc1eda55533 SHA512 7cbeca5dad6413a876809200583854ddc706b7a69deff958eb1ca1afb726cf4dec014006c10d1945c450b754811d4b95a80fe1778cb3136997f6d11b11c0560e
DIST systemd-259.2.tar.gz 17284532 BLAKE2B a0826ef6f1cc8546957cbd558283e9bf634e434893de526d39b00f7d5ecdc982ccadf0f5397f74a8c9090887d14acbbe20dac27905376b72aa07b5246436c1ed SHA512 1cb677c98a56210948bfc9a6e296aa92dde030ceeca6b6e4fe3f4014d051f4d0f1d83584cfdceb921d7d578952b85112b2ba497385faefca4d6c871bf8de48cf
DIST systemd-259.tar.gz 17250241 BLAKE2B 59ba6edea59338fc30d4cf72b197e8eda2ccd4fc7d53f016c0b9bd4422433839696fe553b58dcf1f31345ec92080a426a04a2878fd97cb17b3b1e3f92f08e135 SHA512 ef46b13661df43e3cfbeee1bc22f0b1eb902e8ebe39c19868c465efd08b35a199c2a2cd9d8021a6bc4d692fa0c6e0eab3f13eecd6ce24dde81d3945464a25b50
DIST systemd-259.4.tar.gz 17336661 BLAKE2B 5e90410698e21e8fc8f5f22e3e26858f51d2cdfc362870f09ecccf8ed882602cdcef2614843738b14601349b05cfd3a8358a1771fc1fcd8e75d831940a8683c8 SHA512 bf572f92b0b01ecaf08f36ea5e13a2c05a79e6c0c2d9ef191855d1b83ae791a2977841ca85541ace1d30945d5f879d703d390767f708294986b29aeda1449b1f
DIST systemd-260.1.tar.gz 17581096 BLAKE2B 072424e7288f8796be1e6952fadc5452c2ab54633b356796a29872609a03b4cc2edbc0cac0df7542bc969b06d265d2cbf52f9174742c5a570a5a3d7a7664cfa8 SHA512 9f975dce6861853a817a7ceab18a24449a85d1bda6939b3a5173430c02a4d8a9a2b34ebb8cce1c51db9b0ff9078fcc65da7b0f44e3bdcbbe013b9e04bb6f0ff9

51
sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/gentoo-journald-audit-r3.patch vendored
View File

@ -1,51 +0,0 @@
From 0f16422e52ef793407d1cbef0c38eff29d6e251c Mon Sep 17 00:00:00 2001
From: Mike Gilbert <floppym@gentoo.org>
Date: Wed, 17 Sep 2025 15:40:57 -0400
Subject: [PATCH] journald: do not change the kernel audit setting by default
Bug: https://bugs.gentoo.org/736910
---
man/journald.conf.xml | 2 +-
src/journal/journald-config.c | 2 +-
src/journal/journald.conf | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/journald.conf.xml b/man/journald.conf.xml
index 1d615b110d..4676d674a2 100644
--- a/man/journald.conf.xml
+++ b/man/journald.conf.xml
@@ -483,7 +483,7 @@
turn it off. When <literal>keep</literal> it will neither enable nor disable it, leaving the previous
state unchanged. This means if another tool turns on auditing even if
<command>systemd-journald</command> left it off, it will still collect the generated messages.
- Defaults to yes in the default journal namespace, and <literal>keep</literal> otherwise.</para>
+ Defaults to <literal>keep</literal>.</para>
<!-- Explicit assignment of an empty string is equivalent to 'keep', for backward compatibility. -->
diff --git a/src/journal/journald-config.c b/src/journal/journald-config.c
index 8cffec880b..ea3bb34a76 100644
--- a/src/journal/journald-config.c
+++ b/src/journal/journald-config.c
@@ -123,7 +123,7 @@ void manager_merge_configs(Manager *m) {
MERGE_NON_NEGATIVE(read_kmsg, !m->namespace);
/* By default, kernel auditing is enabled by the main namespace instance, and not controlled by
* non-default namespace instances. */
- MERGE_NON_NEGATIVE(set_audit, m->namespace ? AUDIT_KEEP : AUDIT_YES);
+ MERGE_NON_NEGATIVE(set_audit, AUDIT_KEEP);
MERGE_NON_ZERO(sync_interval_usec, DEFAULT_SYNC_INTERVAL_USEC);
/* TODO: also merge them when comdline or credentials support to configure them. */
diff --git a/src/journal/journald.conf b/src/journal/journald.conf
index 9a12ca7657..3be3ed7327 100644
--- a/src/journal/journald.conf
+++ b/src/journal/journald.conf
@@ -47,4 +47,4 @@
#MaxLevelSocket=debug
#LineMax=48K
#ReadKMsg=yes
-#Audit=yes
+#Audit=keep
--
2.51.0

24
sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-258-shared-add-missing-alloc-util.patch vendored
View File

@ -1,24 +0,0 @@
https://bugs.gentoo.org/963481
https://github.com/systemd/systemd/pull/39149
From 3df39cedda01dec35e49f1ab5632cf9f325e5320 Mon Sep 17 00:00:00 2001
From: Xarblu <xarblu@protonmail.com>
Date: Fri, 26 Sep 2025 21:40:50 +0200
Subject: [PATCH] shared: add missing alloc-util.h include
Needed for _cleanup_free_
---
src/shared/password-quality-util-passwdqc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/shared/password-quality-util-passwdqc.c b/src/shared/password-quality-util-passwdqc.c
index d74e0fb7f2370..844068a4d64a3 100644
--- a/src/shared/password-quality-util-passwdqc.c
+++ b/src/shared/password-quality-util-passwdqc.c
@@ -1,5 +1,6 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#include "alloc-util.h"
#include "dlfcn-util.h"
#include "errno-util.h"
#include "log.h"

16
sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-258.3-kernel-install-test.patch vendored
View File

@ -1,16 +0,0 @@
Revert for 258.3 of https://github.com/systemd/systemd/pull/39945 as that
commit got backported. It fails because master has the kernel install moved
to /var/tmp and this test change assumed that.
--- a/src/kernel-install/test-kernel-install.sh
+++ b/src/kernel-install/test-kernel-install.sh
@@ -318,7 +318,7 @@ diff -u <(echo "$output") - >&2 <<EOF
"KERNEL_INSTALL_LAYOUT=other",
"KERNEL_INSTALL_INITRD_GENERATOR=none",
"KERNEL_INSTALL_UKI_GENERATOR=",
- "KERNEL_INSTALL_STAGING_AREA=${TMPDIR:-/tmp}/kernel-install.staging.XXXXXX"
+ "KERNEL_INSTALL_STAGING_AREA=/tmp/kernel-install.staging.XXXXXX"
]
}
EOF

32
sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-259-test-echo.patch vendored
View File

@ -1,32 +0,0 @@
https://github.com/systemd/systemd/pull/40607
From 1766be649f2c153dee6fe2c79c5aac3a21c73a7b Mon Sep 17 00:00:00 2001
From: Mike Gilbert <floppym@gentoo.org>
Date: Sun, 8 Feb 2026 19:12:30 -0500
Subject: [PATCH] meson: use printf instead of echo
The echo builtin provided by some shells (mksh) will interpret \x2d as
an escape sequence. This causes meson to fail:
```
test/fuzz/meson.build:93:52: ERROR: File fuzz-unit-file/dm-back-slash.swap does not exist.
```
Bug: https://bugs.gentoo.org/969789
---
test/fuzz/meson.build | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/fuzz/meson.build b/test/fuzz/meson.build
index d4cfc0a5b4816..6f9f43a4105f9 100644
--- a/test/fuzz/meson.build
+++ b/test/fuzz/meson.build
@@ -42,7 +42,7 @@ if git.found() and fs.is_dir(meson.project_source_root() / '.git')
'ls-files', ':/@0@/*/*'.format(fuzz_testsdir),
check: true)
else
- out = run_command(sh, '-c', 'cd "@0@"; echo @1@/*/*'.format(meson.project_source_root(), fuzz_testsdir), check: true)
+ out = run_command(sh, '-c', 'cd "@0@"; printf "%s " @1@/*/*'.format(meson.project_source_root(), fuzz_testsdir), check: true)
endif
# Add crafted fuzz inputs we have in the repo

71
sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-259-vmspawn-use-indexed-loop.patch vendored
View File

@ -1,71 +0,0 @@
https://bugs.gentoo.org/968936
https://github.com/systemd/systemd/issues/40380
From 8a5fb3627a1518d2d2ef70919c81448158d64ac0 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 19 Jan 2026 23:14:26 +0900
Subject: [PATCH] vmspawn: use indexed loop
Previously, the index is obtained from the pointer offset. The
pointer offset is expressed by ptrdiff_t and may be different from
ssize_t.
Let's avoid to use FOREACH_ARRAY() but use an indexed loop.
This also renames `mount` to `m` to avoid conflict with `mount()`.
Fixes #40380.
---
src/vmspawn/vmspawn.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/src/vmspawn/vmspawn.c b/src/vmspawn/vmspawn.c
index 43817954a3d22..b12e260fa4d1f 100644
--- a/src/vmspawn/vmspawn.c
+++ b/src/vmspawn/vmspawn.c
@@ -2408,7 +2408,8 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
if (r < 0)
return log_oom();
- FOREACH_ARRAY(mount, arg_runtime_mounts.mounts, arg_runtime_mounts.n_mounts) {
+ for (size_t j = 0; j < arg_runtime_mounts.n_mounts; j++) {
+ RuntimeMount *m = arg_runtime_mounts.mounts + j;
_cleanup_free_ char *listen_address = NULL;
_cleanup_(fork_notify_terminate) PidRef child = PIDREF_NULL;
@@ -2417,9 +2418,9 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
r = start_virtiofsd(
unit,
- mount->source,
- /* source_uid= */ mount->source_uid,
- /* target_uid= */ mount->target_uid,
+ m->source,
+ /* source_uid= */ m->source_uid,
+ /* target_uid= */ m->target_uid,
/* uid_range= */ 1U,
runtime_dir,
sd_socket_activate,
@@ -2444,7 +2445,7 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
return log_oom();
_cleanup_free_ char *id = NULL;
- if (asprintf(&id, "mnt%zi", mount - arg_runtime_mounts.mounts) < 0)
+ if (asprintf(&id, "mnt%zu", j) < 0)
return log_oom();
if (strv_extendf(&cmdline, "socket,id=%s,path=%s", id, escaped_listen_address) < 0)
@@ -2456,12 +2457,12 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
if (strv_extendf(&cmdline, "vhost-user-fs-pci,queue-size=1024,chardev=%1$s,tag=%1$s", id) < 0)
return log_oom();
- _cleanup_free_ char *clean_target = xescape(mount->target, "\":");
+ _cleanup_free_ char *clean_target = xescape(m->target, "\":");
if (!clean_target)
return log_oom();
if (strv_extendf(&arg_kernel_cmdline_extra, "systemd.mount-extra=\"%s:%s:virtiofs:%s\"",
- id, clean_target, mount->read_only ? "ro" : "rw") < 0)
+ id, clean_target, m->read_only ? "ro" : "rw") < 0)
return log_oom();
}

114
sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260-mips.patch vendored Normal file
View File

@ -0,0 +1,114 @@
https://bugs.gentoo.org/971376
https://github.com/systemd/systemd/pull/41240
From 26fe43d2189cc7eab3b5c710673f04a23627caf0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20K=2E=20H=C3=BCttel?= <dilfridge@gentoo.org>
Date: Fri, 20 Mar 2026 13:52:17 +0100
Subject: [PATCH] mips: Fix conditional inclusion of <asm/sgidefs.h>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
systemd now has a system call wrapper that does a long series of #ifdef's to
differentiate between architectures and ABIs. This wrapper has two problems.
1. On mips, it needs to differentiate between O32, N32, N64 ABI. It does that
via a code block in src/include/override/sys/generate-syscall.py (and derived
files):
76 # elif defined(_MIPS_SIM)
77 # if _MIPS_SIM == _MIPS_SIM_ABI32
78 # define systemd_NR_{syscall} {nr_mipso32}
79 # elif _MIPS_SIM == _MIPS_SIM_NABI32
80 # define systemd_NR_{syscall} {nr_mips64n32}
81 # elif _MIPS_SIM == _MIPS_SIM_ABI64
82 # define systemd_NR_{syscall} {nr_mips64}
83 # else
84 # error "Unknown MIPS ABI"
85 # endif
86 # elif defined(__hppa__)
Now the _MIPS_SIM* constants stem from a vendor-specific header file sgidefs.h,
which is included with glibc, but not with musl. It is however always present
in the Linux kernel headers as asm/sgidefs.h ...
2. To work around this, the syscall wrapper already has a block
47 #ifdef ARCH_MIPS
48 #include <asm/sgidefs.h>
49 #endif
Turns out, ARCH_MIPS is defined nowhere in Gentoo, neither on glibc nor on musl.
As a result the code (by accident, probably sgidefs.h is included transitively
somehow) works on glibc, but not on musl.
The simplest fix is to replace line 47 in the generator and the derived file
with
47 #ifdef __mips__
Two other source code files require a similar fix since they rely on the
constants.
Bug: https://github.com/systemd/systemd/issues/41239
Bug: https://bugs.gentoo.org/971376
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
---
src/include/override/sys/generate-syscall.py | 2 +-
src/include/override/sys/syscall.h | 2 +-
src/shared/base-filesystem.c | 2 +-
src/shared/seccomp-util.c | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/include/override/sys/generate-syscall.py b/src/include/override/sys/generate-syscall.py
index 6f449f9dc1330..1c90ad0e38402 100755
--- a/src/include/override/sys/generate-syscall.py
+++ b/src/include/override/sys/generate-syscall.py
@@ -44,7 +44,7 @@ def parse_syscall_tables(filenames):
#include_next <sys/syscall.h> /* IWYU pragma: export */
-#ifdef ARCH_MIPS
+#ifdef __mips__
#include <asm/sgidefs.h>
#endif
diff --git a/src/include/override/sys/syscall.h b/src/include/override/sys/syscall.h
index da2f780bed39c..0233f254b421c 100644
--- a/src/include/override/sys/syscall.h
+++ b/src/include/override/sys/syscall.h
@@ -11,7 +11,7 @@
#include_next <sys/syscall.h> /* IWYU pragma: export */
-#ifdef ARCH_MIPS
+#ifdef __mips__
#include <asm/sgidefs.h>
#endif
diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c
index bad3b46f3ad3a..9e8856ba48ce6 100644
--- a/src/shared/base-filesystem.c
+++ b/src/shared/base-filesystem.c
@@ -5,7 +5,7 @@
#include <syslog.h>
#include <unistd.h>
-#ifdef ARCH_MIPS
+#ifdef __mips__
#include <asm/sgidefs.h>
#endif
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index d2f7612a53de5..9785fc45d78f3 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -12,7 +12,7 @@
#include <sys/shm.h>
#include <sys/stat.h>
-#ifdef ARCH_MIPS
+#ifdef __mips__
#include <asm/sgidefs.h>
#endif

131
sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260.1-fuzz-journald.patch vendored Normal file
View File

@ -0,0 +1,131 @@
https://bugs.gentoo.org/969103
https://github.com/systemd/systemd/pull/41753
https://github.com/systemd/systemd/pull/41773
From f6c2e14676f266132772bec078578e344c91440d Mon Sep 17 00:00:00 2001
From: Chris Hofer <christian.hofer@codasip.com>
Date: Mon, 20 Apr 2026 16:55:38 +0200
Subject: [PATCH] build: Compile fuzz-journald-util.c only if want_fuzz_tests
fuzz-journald-util.c is compiled unconditionally even though fuzzing
tests aren't enabled. Only build it if fuzzing tests are configured.
This also ensure that the functions it uses from src/shared/tests.c are
available.
Fixes 32bd43d768a4bdd54481c5e37ce9ea3d1009a824
Closes #39984
Signed-off-by: Chris Hofer <christian.hofer@codasip.com>
---
src/journal/meson.build | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/journal/meson.build b/src/journal/meson.build
index 5f64304219447..1bec605b0ccf0 100644
--- a/src/journal/meson.build
+++ b/src/journal/meson.build
@@ -19,11 +19,16 @@ systemd_journald_extract_sources = files(
'journald-syslog.c',
'journald-varlink.c',
'journald-wall.c',
- # Build fuzz-journald.c as part of systemd-journald so we only compile it once instead of once per
- # fuzz test.
- 'fuzz-journald-util.c',
)
+if want_fuzz_tests
+ # Build fuzz-journald-util.c as part of systemd-journald so we only
+ # compile it once instead of once per fuzz test.
+ systemd_journald_extract_sources += files(
+ 'fuzz-journald-util.c',
+ )
+endif
+
journald_gperf_c = custom_target(
input : 'journald-gperf.gperf',
output : 'journald-gperf.c',
From 46776da0314528c1385fcde2bd59f34ba00866fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@amutable.com>
Date: Wed, 22 Apr 2026 17:01:45 +0200
Subject: [PATCH 1/2] meson: concatenate donors specified in 'objects'
Previously, we'd only honour the last donor.
---
meson.build | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meson.build b/meson.build
index 2b717e23966f6..ce25b59ce00c2 100644
--- a/meson.build
+++ b/meson.build
@@ -2541,7 +2541,7 @@ foreach dict : executables
foreach val : dict.get('objects', [])
obj = objects_by_name[val]
- kwargs += { 'objects' : obj['objects'] }
+ kwargs += { 'objects' : kwargs.get('objects', []) + obj['objects'] }
include_directories += obj['include_directories']
endforeach
From f397ce001e525ae8f42518835d2ae98fba41fbe9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@amutable.com>
Date: Wed, 22 Apr 2026 16:33:12 +0200
Subject: [PATCH 2/2] meson: move fuzz-journald-util.c to fuzz-journal-audit
The .c file is shared between various fuzz-journal-* binaries. It
was added to 32bd43d768a4bdd54481c5e37ce9ea3d1009a824, but that is
somewhat ugly.
Let's add it to the alphabetially first fuzzer and share from there.
Follow-up for 32bd43d768a4bdd54481c5e37ce9ea3d1009a824 and
85b5acde869baa51f5618fa503eafac3dccbf379.
---
src/journal/meson.build | 18 ++++++++----------
1 file changed, 8 insertions(+), 10 deletions(-)
diff --git a/src/journal/meson.build b/src/journal/meson.build
index 1bec605b0ccf0..142d2246c1fe0 100644
--- a/src/journal/meson.build
+++ b/src/journal/meson.build
@@ -21,14 +21,6 @@ systemd_journald_extract_sources = files(
'journald-wall.c',
)
-if want_fuzz_tests
- # Build fuzz-journald-util.c as part of systemd-journald so we only
- # compile it once instead of once per fuzz test.
- systemd_journald_extract_sources += files(
- 'fuzz-journald-util.c',
- )
-endif
-
journald_gperf_c = custom_target(
input : 'journald-gperf.gperf',
output : 'journald-gperf.c',
@@ -63,7 +55,10 @@ journal_test_template = test_template + {
}
journal_fuzz_template = fuzz_template + {
- 'objects' : ['systemd-journald'],
+ 'objects' : [
+ 'fuzz-journald-audit',
+ 'systemd-journald',
+ ],
'dependencies' : libselinux_cflags,
}
@@ -138,8 +133,11 @@ executables += [
libselinux_cflags,
],
},
- journal_fuzz_template + {
+ fuzz_template + {
'sources' : files('fuzz-journald-audit.c'),
+ # fuzz-journald-util.c is shared with the other fuzzers below.
+ 'extract' : files('fuzz-journald-util.c'),
+ 'objects' : ['systemd-journald'],
},
journal_fuzz_template + {
'sources' : files('fuzz-journald-kmsg.c'),

45
sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260.1-gcc-17.patch vendored Normal file
View File

@ -0,0 +1,45 @@
From 64b1e6be83f49b9fdebc9e07cc3b7485169970c2 Mon Sep 17 00:00:00 2001
From: Sergei Trofimovich <slyich@gmail.com>
Date: Tue, 5 May 2026 21:55:30 +0100
Subject: [PATCH] sd-boot: efi-log: fix `__stack_chk_guard` type
In https://gcc.gnu.org/PR121911 `gcc` started enforcing the type of
`__stack_chk_guard` to `uintptr_t` and broke `systemd` build as:
```
../src/boot/efi-log.c:136:17: error: conflicting types for '__stack_chk_guard'; have 'intptr_t' {aka 'long int'}
136 | _used_ intptr_t __stack_chk_guard = (intptr_t) 0x70f6967de78acae3;
| ^~~~~~~~~~~~~~~~~
cc1: note: previous declaration of '__stack_chk_guard' with type 'long unsigned int'
../src/boot/efi-log.c:136:17: error: declaration of '__stack_chk_guard' shadows a global declaration [-Werror=shadow]
136 | _used_ intptr_t __stack_chk_guard = (intptr_t) 0x70f6967de78acae3;
| ^~~~~~~~~~~~~~~~~
```
Let's match the declaration to unsigned type as suggested by upstream in
https://gcc.gnu.org/PR121911#c6.
---
src/boot/efi-log.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/boot/efi-log.c b/src/boot/efi-log.c
index ed0a2746933e0..520f985389c55 100644
--- a/src/boot/efi-log.c
+++ b/src/boot/efi-log.c
@@ -133,7 +133,7 @@ void log_wait(void) {
}
// NOLINTNEXTLINE(misc-use-internal-linkage)
-_used_ intptr_t __stack_chk_guard = (intptr_t) 0x70f6967de78acae3;
+_used_ uintptr_t __stack_chk_guard = (uintptr_t) 0x70f6967de78acae3;
/* We can only set a random stack canary if this function attribute is available,
* otherwise this may create a stack check fail. */
@@ -144,7 +144,7 @@ void __stack_chk_guard_init(void) {
(void) rng->GetRNG(rng, NULL, sizeof(__stack_chk_guard), (void *) &__stack_chk_guard);
else
/* Better than no extra entropy. */
- __stack_chk_guard ^= (intptr_t) __executable_start;
+ __stack_chk_guard ^= (uintptr_t) __executable_start;
}
#endif

39
sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260.1-gpt-generator.patch vendored Normal file
View File

@ -0,0 +1,39 @@
https://bugs.gentoo.org/973136
https://github.com/systemd/systemd/issues/41749
https://github.com/systemd/systemd/pull/41756
https://github.com/systemd/systemd/commit/1d78c2d327cbd4e738d0f1281a976a771f643517
From 1d78c2d327cbd4e738d0f1281a976a771f643517 Mon Sep 17 00:00:00 2001
From: Nandakumar Raghavan <naraghavan@microsoft.com>
Date: Tue, 21 Apr 2026 13:14:17 +0000
Subject: [PATCH] gpt-auto-generator: do not fail on missing libcryptsetup when
verity is not used
add_veritysetup() is called unconditionally from add_root_mount() and
add_usr_mount() whenever in_initrd() is true, to generate units that
only activate if verity devices appear. However, when compiled without
libcryptsetup, this function returned a hard error, causing the entire
generator to fail even when no verity protection is in use.
Change the #else fallback to log a debug message and return 0, matching
the pattern already used by add_root_cryptsetup().
---
src/gpt-auto-generator/gpt-auto-generator.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c
index 6716a8d1aaf7c..abbb955e5992e 100644
--- a/src/gpt-auto-generator/gpt-auto-generator.c
+++ b/src/gpt-auto-generator/gpt-auto-generator.c
@@ -295,8 +295,8 @@ static int add_veritysetup(
return 0;
#else
- return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
- "Partition is Verity protected, but systemd-gpt-auto-generator was compiled without libcryptsetup support.");
+ log_warning("Compiled without libcryptsetup support, skipping verity setup for '%s'.", id);
+ return 0;
#endif
}
#endif

81
sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260.1-openssl-4.patch vendored Normal file
View File

@ -0,0 +1,81 @@
https://bugs.gentoo.org/973121
https://github.com/systemd/systemd/pull/41639
From 5fb14a1b88edb0a1d402ad5cf14c7a6b00f682c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@amutable.com>
Date: Tue, 14 Apr 2026 18:59:07 +0200
Subject: [PATCH] various: fix compilation with openssl-4.0.0-beta1
Various types have been made opaque, so we need to use some accessor
functions.
---
src/sbsign/sbsign.c | 5 +++--
src/shared/pkcs11-util.c | 15 ++++++++-------
2 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/src/sbsign/sbsign.c b/src/sbsign/sbsign.c
index ee1c0f77ab906..f54dacf65a49d 100644
--- a/src/sbsign/sbsign.c
+++ b/src/sbsign/sbsign.c
@@ -265,8 +265,9 @@ static int spc_indirect_data_content_new(const void *digest, size_t digestsz, ui
return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to get SpcPeImageData object: %s",
ERR_error_string(ERR_get_error(), NULL));
- idc->data->value->value.sequence->data = TAKE_PTR(peidraw);
- idc->data->value->value.sequence->length = peidrawsz;
+ if (!ASN1_STRING_set(idc->data->value->value.sequence, peidraw, peidrawsz))
+ return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to set ASN1_STRING data.");
+
idc->messageDigest->digestAlgorithm->algorithm = OBJ_nid2obj(NID_sha256);
if (!idc->messageDigest->digestAlgorithm->algorithm)
return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to get SHA256 object: %s",
diff --git a/src/shared/pkcs11-util.c b/src/shared/pkcs11-util.c
index 165fefbea1ff8..96b25c4ac36b8 100644
--- a/src/shared/pkcs11-util.c
+++ b/src/shared/pkcs11-util.c
@@ -560,7 +560,11 @@ int pkcs11_token_read_public_key(
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to init an EVP_PKEY_CTX for EC.");
OSSL_PARAM ec_params[8] = {
- OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, os->data, os->length)
+ /* We need to drop the const from the data param, because ec_params is
+ * modified below. But we'll not modify ec_params[0]. */
+ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
+ (unsigned char *) ASN1_STRING_get0_data(os),
+ ASN1_STRING_length(os)),
};
_cleanup_free_ void *order = NULL, *p = NULL, *a = NULL, *b = NULL, *generator = NULL;
@@ -663,13 +667,10 @@ int pkcs11_token_read_x509_certificate(
CK_OBJECT_HANDLE object,
X509 **ret_cert) {
- _cleanup_free_ char *t = NULL;
CK_ATTRIBUTE attribute = {
.type = CKA_VALUE
};
CK_RV rv;
- _cleanup_(X509_freep) X509 *x509 = NULL;
- X509_NAME *name = NULL;
int r;
assert(ret_cert);
@@ -695,15 +696,15 @@ int pkcs11_token_read_x509_certificate(
"Failed to read X.509 certificate data off token: %s", sym_p11_kit_strerror(rv));
const unsigned char *p = attribute.pValue;
- x509 = d2i_X509(NULL, &p, attribute.ulValueLen);
+ _cleanup_(X509_freep) X509 *x509 = d2i_X509(NULL, &p, attribute.ulValueLen);
if (!x509)
return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "Failed to parse X.509 certificate.");
- name = X509_get_subject_name(x509);
+ const X509_NAME *name = X509_get_subject_name(x509);
if (!name)
return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "Failed to acquire X.509 subject name.");
- t = X509_NAME_oneline(name, NULL, 0);
+ _cleanup_free_ char *t = X509_NAME_oneline(name, NULL, 0);
if (!t)
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to format X.509 subject name as string.");

2
sdk_container/src/third_party/portage-stable/sys-apps/systemd/metadata.xml vendored
View File

@ -22,7 +22,6 @@
<flag name="homed">Enable portable home directories</flag>
<flag name="http">Enable embedded HTTP server in journald</flag>
<flag name="importd">Enable import daemon</flag>
<flag name="iptables">Use libiptc from <pkg>net-firewall/iptables</pkg> for NAT support in systemd-networkd; this is used only if the running kernel does not support nftables</flag>
<flag name="kernel-install">Enable kernel-install</flag>
<flag name="kmod">Enable kernel module loading via <pkg>sys-apps/kmod</pkg></flag>
<flag name="lz4">Enable lz4 compression for the journal</flag>
@ -31,6 +30,7 @@
<flag name="pkcs11">Enable PKCS#11 support for cryptsetup and homed</flag>
<flag name="pwquality">Use <pkg>dev-libs/libpwquality</pkg> for password checking in homed</flag>
<flag name="qrcode">Enable qrcode output support in journal</flag>
<flag name="remote">Enable remote journal access</flag>
<flag name="resolvconf">Install resolvconf symlink for systemd-resolve</flag>
<flag name="sysv-utils">Install sysvinit compatibility symlinks and manpages for init, telinit, halt, poweroff, reboot, runlevel, and shutdown</flag>
<flag name="tpm">Enable TPM support</flag>

579
sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-258.3.ebuild vendored
View File

@ -1,579 +0,0 @@
# Copyright 2011-2026 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{11..14} )
# Avoid QA warnings
TMPFILES_OPTIONAL=1
UDEV_OPTIONAL=1
QA_PKGCONFIG_VERSION=$(ver_cut 1)
if [[ ${PV} == 9999 ]]; then
EGIT_REPO_URI="https://github.com/systemd/systemd.git"
inherit git-r3
else
MY_PV=${PV/_/-}
MY_P=${PN}-${MY_PV}
S=${WORKDIR}/${MY_P}
SRC_URI="https://github.com/systemd/${PN}/archive/refs/tags/v${MY_PV}.tar.gz -> ${MY_P}.tar.gz"
if [[ ${PV} != *rc* ]] ; then
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86"
fi
fi
inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1
inherit secureboot systemd toolchain-funcs udev
DESCRIPTION="System and service manager for Linux"
HOMEPAGE="https://systemd.io/"
LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
SLOT="0/2"
IUSE="
acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod
+lz4 lzma +openssl pam passwdqc pcre pkcs11 policykit pwquality qrcode
+resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
"
REQUIRED_USE="
${PYTHON_REQUIRED_USE}
dns-over-tls? ( openssl )
fido2? ( cryptsetup openssl )
homed? ( cryptsetup pam openssl )
importd? ( curl lzma openssl )
?? ( passwdqc pwquality )
passwdqc? ( homed )
pwquality? ( homed )
boot? ( kernel-install )
ukify? ( boot )
"
RESTRICT="!test? ( test )"
MINKV="4.15"
COMMON_DEPEND="
>=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}]
sys-libs/libcap:0=[${MULTILIB_USEDEP}]
virtual/libcrypt:=[${MULTILIB_USEDEP}]
acl? ( sys-apps/acl:0= )
apparmor? ( >=sys-libs/libapparmor-2.13:0= )
audit? ( >=sys-process/audit-2:0= )
bpf? ( >=dev-libs/libbpf-1.4.0:0= )
cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
curl? ( >=net-misc/curl-7.32.0:0= )
elfutils? ( >=dev-libs/elfutils-0.158:0= )
fido2? (
dev-libs/libfido2:0=
)
gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
gnutls? ( >=net-libs/gnutls-3.6.0:0= )
http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
idn? ( net-dns/libidn2:= )
importd? (
app-arch/bzip2:0=
virtual/zlib:=
)
kmod? ( >=sys-apps/kmod-15:0= )
lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
iptables? ( net-firewall/iptables:0= )
openssl? ( >=dev-libs/openssl-1.1.0:0= )
pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
passwdqc? ( sys-auth/passwdqc:0= )
pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= )
pcre? ( dev-libs/libpcre2 )
pwquality? ( >=dev-libs/libpwquality-1.4.1:0= )
qrcode? ( >=media-gfx/qrencode-3:0= )
seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
selinux? ( >=sys-libs/libselinux-2.1.9:0= )
tpm? ( app-crypt/tpm2-tss:0= )
xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
"
# Newer linux-headers needed by ia64, bug #480218
DEPEND="${COMMON_DEPEND}
>=sys-kernel/linux-headers-${MINKV}
"
PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
# baselayout-2.2 has /run
RDEPEND="${COMMON_DEPEND}
>=acct-group/adm-0-r1
>=acct-group/wheel-0-r1
>=acct-group/kmem-0-r1
>=acct-group/tty-0-r1
>=acct-group/utmp-0-r1
>=acct-group/audio-0-r1
>=acct-group/cdrom-0-r1
acct-group/clock
>=acct-group/dialout-0-r1
>=acct-group/disk-0-r1
>=acct-group/input-0-r1
>=acct-group/kvm-0-r1
>=acct-group/lp-0-r1
>=acct-group/render-0-r1
acct-group/sgx
>=acct-group/tape-0-r1
acct-group/users
>=acct-group/video-0-r1
>=acct-group/systemd-journal-0-r1
>=acct-user/root-0-r1
acct-user/nobody
>=acct-user/systemd-journal-remote-0-r1
>=acct-user/systemd-coredump-0-r1
>=acct-user/systemd-network-0-r1
acct-user/systemd-oom
>=acct-user/systemd-resolve-0-r1
>=acct-user/systemd-timesync-0-r1
>=sys-apps/baselayout-2.2
ukify? (
${PYTHON_DEPS}
$(python_gen_cond_dep "${PEFILE_DEPEND}")
)
selinux? (
sec-policy/selinux-base-policy[systemd]
sec-policy/selinux-ntp
)
sysv-utils? (
!sys-apps/openrc[sysv-utils(-)]
!sys-apps/sysvinit
)
!sysv-utils? ( sys-apps/sysvinit )
resolvconf? ( !net-dns/openresolv )
!sys-apps/hwids[udev]
!sys-auth/nss-myhostname
!sys-fs/eudev
!sys-fs/udev
"
# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
>=sys-fs/udev-init-scripts-34
policykit? ( sys-auth/polkit )
!vanilla? ( sys-apps/gentoo-systemd-integration )"
BDEPEND="
app-arch/xz-utils:0
dev-util/gperf
>=dev-build/meson-0.46
>=sys-apps/coreutils-8.16
sys-devel/gettext
virtual/pkgconfig
bpf? (
>=dev-util/bpftool-7.0.0
sys-devel/bpf-toolchain
)
test? (
app-text/tree
dev-lang/perl
sys-apps/dbus
)
app-text/docbook-xml-dtd:4.2
app-text/docbook-xml-dtd:4.5
app-text/docbook-xsl-stylesheets
dev-libs/libxslt:0
${PYTHON_DEPS}
$(python_gen_cond_dep "
dev-python/jinja2[\${PYTHON_USEDEP}]
dev-python/lxml[\${PYTHON_USEDEP}]
boot? (
>=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}]
test? ( ${PEFILE_DEPEND} )
)
")
"
QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
check_cgroup_layout() {
# https://bugs.gentoo.org/935261
[[ ${MERGE_TYPE} != buildonly ]] || return
[[ -z ${ROOT} ]] || return
[[ -e /sys/fs/cgroup/unified ]] || return
grep -q 'SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1' /proc/cmdline && return
eerror "This system appears to be booted with the 'hybrid' cgroup layout."
eerror "This layout obsolete and is disabled in systemd."
if grep -qF 'systemd.unified_cgroup_hierarchy'; then
eerror "Remove the systemd.unified_cgroup_hierarchy option"
eerror "from the kernel command line and reboot."
die "hybrid cgroup layout detected"
fi
}
pkg_pretend() {
if use split-usr; then
eerror "Please complete the migration to merged-usr."
eerror "https://wiki.gentoo.org/wiki/Merge-usr"
die "systemd no longer supports split-usr"
fi
check_cgroup_layout
if use cgroup-hybrid; then
eerror "Disable the 'cgroup-hybrid' USE flag."
eerror "Rebuild any initramfs images after rebuilding systemd."
die "cgroup-hybrid is no longer supported"
fi
if [[ ${MERGE_TYPE} != buildonly ]]; then
local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
~!SYSFS_DEPRECATED_V2"
use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
use bpf && CONFIG_CHECK+=" ~BPF ~BPF_SYSCALL ~BPF_LSM ~DEBUG_INFO_BTF"
use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
if kernel_is -ge 5 10 20; then
CONFIG_CHECK+=" ~KCMP"
else
CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
fi
if kernel_is -ge 4 18; then
CONFIG_CHECK+=" ~AUTOFS_FS"
else
CONFIG_CHECK+=" ~AUTOFS4_FS"
fi
if linux_config_exists; then
local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
ewarn "It's recommended to set an empty value to the following kernel config option:"
ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
fi
if linux_chkconfig_present X86; then
CONFIG_CHECK+=" ~DMIID"
fi
fi
if kernel_is -lt ${MINKV//./ }; then
ewarn "Kernel version at least ${MINKV} required"
fi
check_extra_config
fi
}
pkg_setup() {
use boot && secureboot_pkg_setup
}
src_unpack() {
default
[[ ${PV} != 9999 ]] || git-r3_src_unpack
}
src_prepare() {
local PATCHES=(
"${FILESDIR}/systemd-258-shared-add-missing-alloc-util.patch"
"${FILESDIR}/systemd-258.3-kernel-install-test.patch"
"${FILESDIR}/systemd-259-test-echo.patch"
)
if ! use vanilla; then
PATCHES+=(
"${FILESDIR}/gentoo-journald-audit-r3.patch"
)
fi
default
}
src_configure() {
# Prevent conflicts with i686 cross toolchain, bug 559726
tc-export AR CC NM OBJCOPY RANLIB
python_setup
multilib-minimal_src_configure
}
multilib_src_configure() {
local myconf=(
--localstatedir="${EPREFIX}/var"
-Ddocdir="share/doc/${PF}"
# default is developer, bug 918671
-Dmode=release
-Dsupport-url="https://gentoo.org/support/"
-Dpamlibdir="$(getpam_mod_dir)"
# avoid bash-completion dep
-Dbashcompletiondir="$(get_bashcompdir)"
-Dsplit-bin=false
# Disable compatibility with sysvinit
-Dsysvinit-path=
-Dsysvrcnd-path=
# no deps
-Dima=true
# Match /etc/shells, bug 919749
-Ddebug-shell="${EPREFIX}/bin/sh"
-Ddefault-user-shell="${EPREFIX}/bin/bash"
# Optional components/dependencies
$(meson_native_use_feature acl)
$(meson_native_use_feature apparmor)
$(meson_native_use_feature audit)
$(meson_native_use_feature boot bootloader)
$(meson_native_use_feature bpf bpf-framework)
-Dbpf-compiler=gcc
$(meson_native_use_feature cryptsetup libcryptsetup)
$(meson_native_use_feature curl libcurl)
$(meson_native_use_bool dns-over-tls dns-over-tls)
$(meson_native_use_feature elfutils)
$(meson_native_use_feature fido2 libfido2)
$(meson_feature gcrypt)
$(meson_native_use_feature gnutls)
$(meson_native_use_feature homed)
$(meson_native_use_feature http microhttpd)
$(meson_native_use_bool idn)
$(meson_native_use_feature importd)
$(meson_native_use_feature importd bzip2)
$(meson_native_use_feature importd zlib)
$(meson_native_use_bool kernel-install)
$(meson_native_use_feature kmod)
$(meson_feature lz4)
$(meson_feature lzma xz)
$(meson_use test tests)
$(meson_feature zstd)
$(meson_native_use_feature iptables libiptc)
$(meson_native_use_feature openssl)
$(meson_feature pam)
$(meson_native_use_feature passwdqc)
$(meson_native_use_feature pkcs11 p11kit)
$(meson_native_use_feature pcre pcre2)
$(meson_native_use_feature policykit polkit)
$(meson_native_use_feature pwquality)
$(meson_native_use_feature qrcode qrencode)
$(meson_native_use_feature seccomp)
$(meson_native_use_feature selinux)
$(meson_native_use_feature tpm tpm2)
$(meson_native_use_feature test dbus)
$(meson_native_use_feature ukify)
$(meson_native_use_feature xkb xkbcommon)
-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
# Breaks screen, tmux, etc.
-Ddefault-kill-user-processes=false
-Dcreate-log-dirs=false
# multilib options
$(meson_native_true backlight)
$(meson_native_true binfmt)
$(meson_native_true coredump)
$(meson_native_true environment-d)
$(meson_native_true firstboot)
$(meson_native_true hibernate)
$(meson_native_true hostnamed)
$(meson_native_true ldconfig)
$(meson_native_true localed)
$(meson_native_enabled man)
$(meson_native_true networkd)
$(meson_native_true quotacheck)
$(meson_native_true randomseed)
$(meson_native_true rfkill)
$(meson_native_true sysusers)
$(meson_native_true timedated)
$(meson_native_true timesyncd)
$(meson_native_true tmpfiles)
$(meson_native_true vconsole)
)
case $(tc-arch) in
amd64|arm|arm64|loong|ppc|ppc64|riscv|s390|x86)
# src/vmspawn/vmspawn-util.h: QEMU_MACHINE_TYPE
myconf+=( $(meson_native_enabled vmspawn) ) ;;
*)
myconf+=( -Dvmspawn=disabled ) ;;
esac
meson_src_configure "${myconf[@]}"
}
multilib_src_test() {
(
unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
export COLUMNS=80
addpredict /dev
addpredict /proc
addpredict /run
addpredict /sys/fs/cgroup
meson_src_test --timeout-multiplier=10
) || die
}
multilib_src_install_all() {
einstalldocs
dodoc "${FILESDIR}"/nsswitch.conf
insinto /usr/lib/tmpfiles.d
doins "${FILESDIR}"/legacy.conf
if ! use resolvconf; then
rm -f "${ED}"/usr/bin/resolvconf || die
fi
if ! use sysv-utils; then
rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die
rm "${ED}"/usr/share/man/man1/init.1 || die
rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
fi
# https://bugs.gentoo.org/761763
rm -r "${ED}"/usr/lib/sysusers.d || die
# Preserve empty dirs in /etc & /var, bug #437008
keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
keepdir /etc/kernel/install.d
keepdir /etc/systemd/{network,system,user}
keepdir /etc/udev/rules.d
keepdir /etc/udev/hwdb.d
keepdir /usr/lib/systemd/{system-sleep,system-shutdown}
keepdir /usr/lib/{binfmt.d,modules-load.d}
keepdir /usr/lib/systemd/user-generators
keepdir /var/lib/systemd
keepdir /var/log/journal
if use pam; then
if use selinux; then
newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
else
newpamd "${FILESDIR}"/systemd-user.pam systemd-user
fi
fi
if use kernel-install; then
# Dummy config, remove to make room for sys-kernel/installkernel
rm "${ED}/usr/lib/kernel/install.conf" || die
fi
use ukify && python_fix_shebang "${ED}"
use boot && secureboot_auto_sign
}
migrate_locale() {
local envd_locale_def="${EROOT}/etc/env.d/02locale"
local envd_locale=( "${EROOT}"/etc/env.d/??locale )
local locale_conf="${EROOT}/etc/locale.conf"
if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
# If locale.conf does not exist...
if [[ -e ${envd_locale} ]]; then
# ...either copy env.d/??locale if there's one
ebegin "Moving ${envd_locale} to ${locale_conf}"
mv "${envd_locale}" "${locale_conf}"
eend ${?} || FAIL=1
else
# ...or create a dummy default
ebegin "Creating ${locale_conf}"
cat > "${locale_conf}" <<-EOF
# This file has been created by the sys-apps/systemd ebuild.
# See locale.conf(5) and localectl(1).
# LANG=${LANG}
EOF
eend ${?} || FAIL=1
fi
fi
if [[ ! -L ${envd_locale} ]]; then
# now, if env.d/??locale is not a symlink (to locale.conf)...
if [[ -e ${envd_locale} ]]; then
# ...warn the user that he has duplicate locale settings
ewarn
ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
ewarn "and create the symlink with the following command:"
ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
ewarn
else
# ...or just create the symlink if there's nothing here
ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
ln -n -s ../locale.conf "${envd_locale_def}"
eend ${?} || FAIL=1
fi
fi
}
pkg_preinst() {
if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
# Symlink /etc/sysctl.conf for easy migration.
dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
fi
if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
fi
}
pkg_postinst() {
systemd_update_catalog
# Keep this here in case the database format changes so it gets updated
# when required.
systemd-hwdb --root="${ROOT}" update
udev_reload || FAIL=1
# Bug 465468, make sure locales are respected, and ensure consistency
# between OpenRC & systemd
migrate_locale
if [[ -z ${REPLACING_VERSIONS} ]]; then
if type systemctl &>/dev/null; then
systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
fi
elog "To enable a useful set of services, run the following:"
elog " systemctl preset-all --preset-mode=enable-only"
fi
if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
rm "${EROOT}/var/lib/systemd/timesync"
fi
if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
ebegin "Reexecuting system manager (systemd)"
systemctl daemon-reexec
eend $? || FAIL=1
# https://lists.freedesktop.org/archives/systemd-devel/2024-June/050466.html
ebegin "Signaling user managers to reexec"
systemctl kill --kill-whom='main' --signal='SIGRTMIN+25' 'user@*.service'
eend $?
fi
if [[ ${FAIL} ]]; then
eerror "One of the postinst commands failed. Please check the postinst output"
eerror "for errors. You may need to clean up your system and/or try installing"
eerror "systemd again."
eerror
fi
if use boot; then
optfeature "installing kernels in systemd-boot's native layout and update loader entries" \
"sys-kernel/installkernel[systemd-boot]"
fi
if use ukify; then
optfeature "generating unified kernel image on each kernel installation" \
"sys-kernel/installkernel[ukify]"
fi
}
pkg_prerm() {
# If removing systemd completely, remove the catalog database.
if [[ ! ${REPLACED_BY_VERSION} ]]; then
rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
fi
}

38
sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-259.1.ebuild → sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-259.4-r1.ebuild vendored
View File

@ -20,11 +20,11 @@ else
SRC_URI="https://github.com/systemd/${PN}/archive/refs/tags/v${MY_PV}.tar.gz -> ${MY_P}.tar.gz"
if [[ ${PV} != *rc* ]] ; then
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86"
fi
fi
inherit branding linux-info meson-multilib optfeature pam python-single-r1
inherit branding flag-o-matic linux-info meson-multilib optfeature pam python-single-r1
inherit secureboot shell-completion systemd toolchain-funcs udev
DESCRIPTION="System and service manager for Linux"
@ -34,9 +34,9 @@ LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
SLOT="0/2"
IUSE="
acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod
fido2 +gcrypt gnutls homed http idn importd +kernel-install +kmod
+lz4 lzma +openssl pam passwdqc pcre pkcs11 policykit pwquality qrcode
+resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
+resolvconf +seccomp selinux split-usr sysv-utils test tpm ukify vanilla xkb +zstd
"
REQUIRED_USE="
${PYTHON_REQUIRED_USE}
@ -79,7 +79,6 @@ COMMON_DEPEND="
kmod? ( >=sys-apps/kmod-15:0= )
lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
iptables? ( net-firewall/iptables:0= )
openssl? ( >=dev-libs/openssl-1.1.0:0= )
pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
passwdqc? ( sys-auth/passwdqc:0= )
@ -146,17 +145,19 @@ RDEPEND="${COMMON_DEPEND}
)
!sysv-utils? ( sys-apps/sysvinit )
resolvconf? ( !net-dns/openresolv )
!sys-apps/hwids[udev]
!sys-auth/nss-myhostname
!sys-fs/eudev
!sys-fs/udev
"
# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
PDEPEND="
>=sys-apps/dbus-1.9.8[systemd]
>=sys-fs/udev-init-scripts-34
policykit? ( sys-auth/polkit )
!vanilla? ( sys-apps/gentoo-systemd-integration )"
!sysv-utils? ( sys-apps/systemd-initctl )
!vanilla? ( sys-apps/gentoo-systemd-integration )
"
BDEPEND="
app-arch/xz-utils:0
@ -229,7 +230,6 @@ pkg_pretend() {
~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
~!SYSFS_DEPRECATED_V2"
@ -279,7 +279,7 @@ src_unpack() {
src_prepare() {
local PATCHES=(
"${FILESDIR}/systemd-259-test-echo.patch"
"${FILESDIR}/systemd-260-mips.patch"
)
if ! use vanilla; then
@ -295,6 +295,20 @@ src_configure() {
# Prevent conflicts with i686 cross toolchain, bug 559726
tc-export AR CC NM OBJCOPY RANLIB
# Our toolchain sets F_S=2 by default w/ >= -O2, so we need
# to unset F_S first, then explicitly set 2, to negate any default
# and anything set by the user if they're choosing 3 (or if they've
# modified GCC to set 3).
#
# malloc_usable_size doesn't play well with _F_S=3:
# https://github.com/systemd/systemd/issues/41459 (bug #971773)
if tc-is-clang && tc-enables-fortify-source ; then
# We can't unconditionally do this b/c we fortify needs
# some level of optimisation.
filter-flags -D_FORTIFY_SOURCE=3
append-cppflags -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
fi
python_setup
multilib-minimal_src_configure
@ -346,7 +360,6 @@ multilib_src_configure() {
$(meson_feature lz4)
$(meson_feature lzma xz)
$(meson_feature zstd)
$(meson_native_use_feature iptables libiptc)
$(meson_native_use_feature openssl)
$(meson_feature pam)
$(meson_native_use_feature passwdqc)
@ -530,8 +543,7 @@ pkg_postinst() {
# Keep this here in case the database format changes so it gets updated
# when required.
systemd-hwdb --root="${ROOT}" update
udev_hwdb_update || FAIL=1
udev_reload || FAIL=1
# Bug 465468, make sure locales are respected, and ensure consistency

579
sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-259.ebuild vendored
View File

@ -1,579 +0,0 @@
# Copyright 2011-2026 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{11..14} )
# Avoid QA warnings
TMPFILES_OPTIONAL=1
UDEV_OPTIONAL=1
QA_PKGCONFIG_VERSION=$(ver_cut 1)
if [[ ${PV} == 9999 ]]; then
EGIT_REPO_URI="https://github.com/systemd/systemd.git"
inherit git-r3
else
MY_PV=${PV/_/-}
MY_P=${PN}-${MY_PV}
S=${WORKDIR}/${MY_P}
SRC_URI="https://github.com/systemd/${PN}/archive/refs/tags/v${MY_PV}.tar.gz -> ${MY_P}.tar.gz"
if [[ ${PV} != *rc* ]] ; then
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
fi
fi
inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1
inherit secureboot systemd toolchain-funcs udev
DESCRIPTION="System and service manager for Linux"
HOMEPAGE="https://systemd.io/"
LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
SLOT="0/2"
IUSE="
acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod
+lz4 lzma +openssl pam passwdqc pcre pkcs11 policykit pwquality qrcode
+resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
"
REQUIRED_USE="
${PYTHON_REQUIRED_USE}
dns-over-tls? ( openssl )
fido2? ( cryptsetup openssl )
homed? ( cryptsetup pam openssl )
importd? ( curl lzma openssl )
?? ( passwdqc pwquality )
passwdqc? ( homed )
pwquality? ( homed )
boot? ( kernel-install )
ukify? ( boot )
"
RESTRICT="!test? ( test )"
MINKV="4.15"
COMMON_DEPEND="
>=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}]
sys-libs/libcap:0=[${MULTILIB_USEDEP}]
virtual/libcrypt:=[${MULTILIB_USEDEP}]
acl? ( sys-apps/acl:0= )
apparmor? ( >=sys-libs/libapparmor-2.13:0= )
audit? ( >=sys-process/audit-2:0= )
bpf? ( >=dev-libs/libbpf-1.4.0:0= )
cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
curl? ( >=net-misc/curl-7.32.0:0= )
elfutils? ( >=dev-libs/elfutils-0.158:0= )
fido2? (
dev-libs/libfido2:0=
)
gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
gnutls? ( >=net-libs/gnutls-3.6.0:0= )
http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
idn? ( net-dns/libidn2:= )
importd? (
app-arch/bzip2:0=
virtual/zlib:=
)
kmod? ( >=sys-apps/kmod-15:0= )
lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
iptables? ( net-firewall/iptables:0= )
openssl? ( >=dev-libs/openssl-1.1.0:0= )
pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
passwdqc? ( sys-auth/passwdqc:0= )
pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= )
pcre? ( dev-libs/libpcre2 )
pwquality? ( >=dev-libs/libpwquality-1.4.1:0= )
qrcode? ( >=media-gfx/qrencode-3:0= )
seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
selinux? ( >=sys-libs/libselinux-2.1.9:0= )
tpm? ( app-crypt/tpm2-tss:0= )
xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
"
# Newer linux-headers needed by ia64, bug #480218
DEPEND="${COMMON_DEPEND}
>=sys-kernel/linux-headers-${MINKV}
"
PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
# baselayout-2.2 has /run
RDEPEND="${COMMON_DEPEND}
>=acct-group/adm-0-r1
>=acct-group/wheel-0-r1
>=acct-group/kmem-0-r1
>=acct-group/tty-0-r1
>=acct-group/utmp-0-r1
>=acct-group/audio-0-r1
>=acct-group/cdrom-0-r1
acct-group/clock
>=acct-group/dialout-0-r1
>=acct-group/disk-0-r1
>=acct-group/input-0-r1
>=acct-group/kvm-0-r1
>=acct-group/lp-0-r1
>=acct-group/render-0-r1
acct-group/sgx
>=acct-group/tape-0-r1
acct-group/users
>=acct-group/video-0-r1
>=acct-group/systemd-journal-0-r1
>=acct-user/root-0-r1
acct-user/nobody
>=acct-user/systemd-journal-remote-0-r1
>=acct-user/systemd-coredump-0-r1
>=acct-user/systemd-network-0-r1
acct-user/systemd-oom
>=acct-user/systemd-resolve-0-r1
>=acct-user/systemd-timesync-0-r1
>=sys-apps/baselayout-2.2
elibc_musl? ( >=sys-libs/musl-1.2.5-r8 )
ukify? (
${PYTHON_DEPS}
$(python_gen_cond_dep "${PEFILE_DEPEND}")
)
selinux? (
sec-policy/selinux-base-policy[systemd]
sec-policy/selinux-ntp
)
sysv-utils? (
!sys-apps/openrc[sysv-utils(-)]
!sys-apps/sysvinit
)
!sysv-utils? ( sys-apps/sysvinit )
resolvconf? ( !net-dns/openresolv )
!sys-apps/hwids[udev]
!sys-auth/nss-myhostname
!sys-fs/eudev
!sys-fs/udev
"
# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
>=sys-fs/udev-init-scripts-34
policykit? ( sys-auth/polkit )
!vanilla? ( sys-apps/gentoo-systemd-integration )"
BDEPEND="
app-arch/xz-utils:0
dev-util/gperf
>=dev-build/meson-0.46
>=sys-apps/coreutils-8.16
sys-devel/gettext
virtual/pkgconfig
bpf? (
>=dev-util/bpftool-7.0.0
sys-devel/bpf-toolchain
)
test? (
app-text/tree
dev-lang/perl
sys-apps/dbus
)
app-text/docbook-xml-dtd:4.2
app-text/docbook-xml-dtd:4.5
app-text/docbook-xsl-stylesheets
dev-libs/libxslt:0
${PYTHON_DEPS}
$(python_gen_cond_dep "
dev-python/jinja2[\${PYTHON_USEDEP}]
dev-python/lxml[\${PYTHON_USEDEP}]
boot? (
>=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}]
test? ( ${PEFILE_DEPEND} )
)
")
"
QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
check_cgroup_layout() {
# https://bugs.gentoo.org/935261
[[ ${MERGE_TYPE} != buildonly ]] || return
[[ -z ${ROOT} ]] || return
[[ -e /sys/fs/cgroup/unified ]] || return
grep -q 'SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1' /proc/cmdline && return
eerror "This system appears to be booted with the 'hybrid' cgroup layout."
eerror "This layout obsolete and is disabled in systemd."
if grep -qF 'systemd.unified_cgroup_hierarchy'; then
eerror "Remove the systemd.unified_cgroup_hierarchy option"
eerror "from the kernel command line and reboot."
die "hybrid cgroup layout detected"
fi
}
pkg_pretend() {
if use split-usr; then
eerror "Please complete the migration to merged-usr."
eerror "https://wiki.gentoo.org/wiki/Merge-usr"
die "systemd no longer supports split-usr"
fi
check_cgroup_layout
if use cgroup-hybrid; then
eerror "Disable the 'cgroup-hybrid' USE flag."
eerror "Rebuild any initramfs images after rebuilding systemd."
die "cgroup-hybrid is no longer supported"
fi
if [[ ${MERGE_TYPE} != buildonly ]]; then
local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
~!SYSFS_DEPRECATED_V2"
use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
use bpf && CONFIG_CHECK+=" ~BPF ~BPF_SYSCALL ~BPF_LSM ~DEBUG_INFO_BTF"
use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
if kernel_is -ge 5 10 20; then
CONFIG_CHECK+=" ~KCMP"
else
CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
fi
if kernel_is -ge 4 18; then
CONFIG_CHECK+=" ~AUTOFS_FS"
else
CONFIG_CHECK+=" ~AUTOFS4_FS"
fi
if linux_config_exists; then
local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
ewarn "It's recommended to set an empty value to the following kernel config option:"
ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
fi
if linux_chkconfig_present X86; then
CONFIG_CHECK+=" ~DMIID"
fi
fi
if kernel_is -lt ${MINKV//./ }; then
ewarn "Kernel version at least ${MINKV} required"
fi
check_extra_config
fi
}
pkg_setup() {
use boot && secureboot_pkg_setup
}
src_unpack() {
default
[[ ${PV} != 9999 ]] || git-r3_src_unpack
}
src_prepare() {
local PATCHES=(
"${FILESDIR}/systemd-259-vmspawn-use-indexed-loop.patch"
)
if ! use vanilla; then
PATCHES+=(
"${FILESDIR}/gentoo-journald-audit-r4.patch"
)
fi
default
}
src_configure() {
# Prevent conflicts with i686 cross toolchain, bug 559726
tc-export AR CC NM OBJCOPY RANLIB
python_setup
multilib-minimal_src_configure
}
multilib_src_configure() {
local myconf=(
--localstatedir="${EPREFIX}/var"
-Ddocdir="share/doc/${PF}"
# default is developer, bug 918671
-Dmode=release
-Dsupport-url="https://gentoo.org/support/"
-Dpamlibdir="$(getpam_mod_dir)"
-Dlibc=$(usex elibc_musl musl glibc)
# avoid bash-completion dep
-Dbashcompletiondir="$(get_bashcompdir)"
-Dsplit-bin=false
# Disable compatibility with sysvinit
-Dsysvinit-path=
-Dsysvrcnd-path=
# no deps
-Dima=true
# Match /etc/shells, bug 919749
-Ddebug-shell="${EPREFIX}/bin/sh"
-Ddefault-user-shell="${EPREFIX}/bin/bash"
# Optional components/dependencies
$(meson_native_use_feature acl)
$(meson_native_use_feature apparmor)
$(meson_native_use_feature audit)
$(meson_native_use_feature boot bootloader)
$(meson_native_use_feature bpf bpf-framework)
-Dbpf-compiler=gcc
$(meson_native_use_feature cryptsetup libcryptsetup)
$(meson_native_use_feature curl libcurl)
$(meson_native_use_bool dns-over-tls dns-over-tls)
$(meson_native_use_feature elfutils)
$(meson_native_use_feature fido2 libfido2)
$(meson_feature gcrypt)
$(meson_native_use_feature gnutls)
$(meson_native_use_feature homed)
$(meson_native_use_feature http microhttpd)
$(meson_native_use_bool idn)
$(meson_native_use_feature importd)
$(meson_native_use_feature importd bzip2)
$(meson_native_use_feature importd zlib)
$(meson_native_use_bool kernel-install)
$(meson_native_use_feature kmod)
$(meson_feature lz4)
$(meson_feature lzma xz)
$(meson_use test tests)
$(meson_feature zstd)
$(meson_native_use_feature iptables libiptc)
$(meson_native_use_feature openssl)
$(meson_feature pam)
$(meson_native_use_feature passwdqc)
$(meson_native_use_feature pkcs11 p11kit)
$(meson_native_use_feature pcre pcre2)
$(meson_native_use_feature policykit polkit)
$(meson_native_use_feature pwquality)
$(meson_native_use_feature qrcode qrencode)
$(meson_native_use_feature seccomp)
$(meson_native_use_feature selinux)
$(meson_native_use_feature tpm tpm2)
$(meson_native_use_feature test dbus)
$(meson_native_use_feature ukify)
$(meson_native_use_feature xkb xkbcommon)
-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
# Breaks screen, tmux, etc.
-Ddefault-kill-user-processes=false
-Dcreate-log-dirs=false
# multilib options
$(meson_native_true backlight)
$(meson_native_true binfmt)
$(meson_native_true coredump)
$(meson_native_true environment-d)
$(meson_native_true firstboot)
$(meson_native_true hibernate)
$(meson_native_true hostnamed)
$(meson_native_true ldconfig)
$(meson_native_true localed)
$(meson_native_enabled man)
$(meson_native_true networkd)
$(meson_native_true quotacheck)
$(meson_native_true randomseed)
$(meson_native_true rfkill)
$(meson_native_true sysusers)
$(meson_native_true timedated)
$(meson_native_true timesyncd)
$(meson_native_true tmpfiles)
$(meson_native_true vconsole)
)
case $(tc-arch) in
amd64|arm|arm64|loong|ppc|ppc64|riscv|s390|x86)
# src/vmspawn/vmspawn-util.h: QEMU_MACHINE_TYPE
myconf+=( $(meson_native_enabled vmspawn) ) ;;
*)
myconf+=( -Dvmspawn=disabled ) ;;
esac
meson_src_configure "${myconf[@]}"
}
multilib_src_test() {
(
unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
export COLUMNS=80
addpredict /dev
addpredict /proc
addpredict /run
addpredict /sys/fs/cgroup
meson_src_test --timeout-multiplier=10
) || die
}
multilib_src_install_all() {
einstalldocs
dodoc "${FILESDIR}"/nsswitch.conf
insinto /usr/lib/tmpfiles.d
doins "${FILESDIR}"/legacy.conf
if ! use resolvconf; then
rm -f "${ED}"/usr/bin/resolvconf || die
fi
if ! use sysv-utils; then
rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die
rm "${ED}"/usr/share/man/man1/init.1 || die
rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
fi
# https://bugs.gentoo.org/761763
rm -r "${ED}"/usr/lib/sysusers.d || die
# Preserve empty dirs in /etc & /var, bug #437008
keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
keepdir /etc/kernel/install.d
keepdir /etc/systemd/{network,system,user}
keepdir /etc/udev/rules.d
keepdir /etc/udev/hwdb.d
keepdir /usr/lib/systemd/{system-sleep,system-shutdown}
keepdir /usr/lib/{binfmt.d,modules-load.d}
keepdir /usr/lib/systemd/user-generators
keepdir /var/lib/systemd
keepdir /var/log/journal
if use pam; then
if use selinux; then
newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
else
newpamd "${FILESDIR}"/systemd-user.pam systemd-user
fi
fi
if use kernel-install; then
# Dummy config, remove to make room for sys-kernel/installkernel
rm "${ED}/usr/lib/kernel/install.conf" || die
fi
use ukify && python_fix_shebang "${ED}"
use boot && secureboot_auto_sign
}
migrate_locale() {
local envd_locale_def="${EROOT}/etc/env.d/02locale"
local envd_locale=( "${EROOT}"/etc/env.d/??locale )
local locale_conf="${EROOT}/etc/locale.conf"
if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
# If locale.conf does not exist...
if [[ -e ${envd_locale} ]]; then
# ...either copy env.d/??locale if there's one
ebegin "Moving ${envd_locale} to ${locale_conf}"
mv "${envd_locale}" "${locale_conf}"
eend ${?} || FAIL=1
else
# ...or create a dummy default
ebegin "Creating ${locale_conf}"
cat > "${locale_conf}" <<-EOF
# This file has been created by the sys-apps/systemd ebuild.
# See locale.conf(5) and localectl(1).
# LANG=${LANG}
EOF
eend ${?} || FAIL=1
fi
fi
if [[ ! -L ${envd_locale} ]]; then
# now, if env.d/??locale is not a symlink (to locale.conf)...
if [[ -e ${envd_locale} ]]; then
# ...warn the user that he has duplicate locale settings
ewarn
ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
ewarn "and create the symlink with the following command:"
ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
ewarn
else
# ...or just create the symlink if there's nothing here
ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
ln -n -s ../locale.conf "${envd_locale_def}"
eend ${?} || FAIL=1
fi
fi
}
pkg_preinst() {
if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
# Symlink /etc/sysctl.conf for easy migration.
dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
fi
if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
fi
}
pkg_postinst() {
systemd_update_catalog
# Keep this here in case the database format changes so it gets updated
# when required.
systemd-hwdb --root="${ROOT}" update
udev_reload || FAIL=1
# Bug 465468, make sure locales are respected, and ensure consistency
# between OpenRC & systemd
migrate_locale
if [[ -z ${REPLACING_VERSIONS} ]]; then
if type systemctl &>/dev/null; then
systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
fi
elog "To enable a useful set of services, run the following:"
elog " systemctl preset-all --preset-mode=enable-only"
fi
if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
rm "${EROOT}/var/lib/systemd/timesync"
fi
if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
ebegin "Reexecuting system manager (systemd)"
systemctl daemon-reexec
eend $? || FAIL=1
# https://lists.freedesktop.org/archives/systemd-devel/2024-June/050466.html
ebegin "Signaling user managers to reexec"
systemctl kill --kill-whom='main' --signal='SIGRTMIN+25' 'user@*.service'
eend $?
fi
if [[ ${FAIL} ]]; then
eerror "One of the postinst commands failed. Please check the postinst output"
eerror "for errors. You may need to clean up your system and/or try installing"
eerror "systemd again."
eerror
fi
if use boot; then
optfeature "installing kernels in systemd-boot's native layout and update loader entries" \
"sys-kernel/installkernel[systemd-boot]"
fi
if use ukify; then
optfeature "generating unified kernel image on each kernel installation" \
"sys-kernel/installkernel[ukify]"
fi
}
pkg_prerm() {
# If removing systemd completely, remove the catalog database.
if [[ ! ${REPLACED_BY_VERSION} ]]; then
rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
fi
}

323
sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-259.2.ebuild → sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-260.1-r1.ebuild vendored
View File

@ -20,11 +20,11 @@ else
SRC_URI="https://github.com/systemd/${PN}/archive/refs/tags/v${MY_PV}.tar.gz -> ${MY_P}.tar.gz"
if [[ ${PV} != *rc* ]] ; then
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86"
fi
fi
inherit branding linux-info meson-multilib optfeature pam python-single-r1
inherit branding flag-o-matic linux-info meson-multilib optfeature pam python-single-r1
inherit secureboot shell-completion systemd toolchain-funcs udev
DESCRIPTION="System and service manager for Linux"
@ -33,13 +33,14 @@ HOMEPAGE="https://systemd.io/"
LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
SLOT="0/2"
IUSE="
acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod
+lz4 lzma +openssl pam passwdqc pcre pkcs11 policykit pwquality qrcode
+resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
acl apparmor audit boot bpf cryptsetup curl +dns-over-tls elfutils
fido2 +gcrypt gnutls homed idn importd +kernel-install +kmod +lz4 lzma
+openssl pam passwdqc pcre pkcs11 policykit pwquality qrcode remote
+resolvconf +seccomp selinux sysv-utils test tpm ukify vanilla xkb +zstd
"
REQUIRED_USE="
${PYTHON_REQUIRED_USE}
boot? ( kernel-install )
dns-over-tls? ( openssl )
fido2? ( cryptsetup openssl )
homed? ( cryptsetup pam openssl )
@ -47,51 +48,56 @@ REQUIRED_USE="
?? ( passwdqc pwquality )
passwdqc? ( homed )
pwquality? ( homed )
boot? ( kernel-install )
remote? ( curl )
ukify? ( boot )
"
RESTRICT="!test? ( test )"
MINKV="4.15"
MINKV="5.10"
COMMON_DEPEND="
>=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}]
sys-libs/libcap:0=[${MULTILIB_USEDEP}]
virtual/libcrypt:=[${MULTILIB_USEDEP}]
acl? ( sys-apps/acl:0= )
apparmor? ( >=sys-libs/libapparmor-2.13:0= )
audit? ( >=sys-process/audit-2:0= )
bpf? ( >=dev-libs/libbpf-1.4.0:0= )
cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
>=sys-apps/util-linux-2.37
acl? ( sys-apps/acl )
apparmor? ( >=sys-libs/libapparmor-2.13 )
audit? ( >=sys-process/audit-2 )
bpf? ( >=dev-libs/libbpf-1.4.0 )
cryptsetup? ( >=sys-fs/cryptsetup-2.4.0:= )
curl? ( >=net-misc/curl-7.32.0:0= )
elfutils? ( >=dev-libs/elfutils-0.158:0= )
fido2? (
dev-libs/libfido2:0=
elfutils? ( >=dev-libs/elfutils-0.177 )
elibc_glibc? (
>=sys-libs/glibc-2.34
>=sys-libs/libxcrypt-4.4.0
)
gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
elibc_musl? (
>=sys-libs/musl-1.2.5-r8
virtual/libcrypt
)
fido2? (
dev-libs/libfido2
)
gcrypt? ( >=dev-libs/libgcrypt-1.4.5 )
gnutls? ( >=net-libs/gnutls-3.6.0:0= )
http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
idn? ( net-dns/libidn2:= )
remote? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
idn? ( net-dns/libidn2 )
importd? (
app-arch/bzip2:0=
virtual/zlib:=
)
kmod? ( >=sys-apps/kmod-15:0= )
lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
iptables? ( net-firewall/iptables:0= )
openssl? ( >=dev-libs/openssl-1.1.0:0= )
lz4? ( >=app-arch/lz4-0_p131:0= )
lzma? ( >=app-arch/xz-utils-5.0.5-r1:0= )
openssl? ( >=dev-libs/openssl-3.0.0:0= )
pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
passwdqc? ( sys-auth/passwdqc:0= )
pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= )
passwdqc? ( sys-auth/passwdqc )
pkcs11? ( >=app-crypt/p11-kit-0.23.3 )
pcre? ( dev-libs/libpcre2 )
pwquality? ( >=dev-libs/libpwquality-1.4.1:0= )
pwquality? ( >=dev-libs/libpwquality-1.4.1 )
qrcode? ( >=media-gfx/qrencode-3:0= )
seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
selinux? ( >=sys-libs/libselinux-2.1.9:0= )
tpm? ( app-crypt/tpm2-tss:0= )
xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
seccomp? ( >=sys-libs/libseccomp-2.4.0 )
selinux? ( >=sys-libs/libselinux-2.1.9 )
tpm? ( app-crypt/tpm2-tss )
xkb? ( >=x11-libs/libxkbcommon-0.4.1 )
zstd? ( >=app-arch/zstd-1.4.0:0= )
"
# Newer linux-headers needed by ia64, bug #480218
@ -131,7 +137,6 @@ RDEPEND="${COMMON_DEPEND}
>=acct-user/systemd-resolve-0-r1
>=acct-user/systemd-timesync-0-r1
>=sys-apps/baselayout-2.2
elibc_musl? ( >=sys-libs/musl-1.2.5-r8 )
ukify? (
${PYTHON_DEPS}
$(python_gen_cond_dep "${PEFILE_DEPEND}")
@ -146,17 +151,19 @@ RDEPEND="${COMMON_DEPEND}
)
!sysv-utils? ( sys-apps/sysvinit )
resolvconf? ( !net-dns/openresolv )
!sys-apps/hwids[udev]
!sys-auth/nss-myhostname
!sys-fs/eudev
!sys-fs/udev
"
# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
PDEPEND="
>=sys-apps/dbus-1.9.8[systemd]
>=sys-fs/udev-init-scripts-34
policykit? ( sys-auth/polkit )
!vanilla? ( sys-apps/gentoo-systemd-integration )"
!sysv-utils? ( sys-apps/systemd-initctl )
!vanilla? ( sys-apps/gentoo-systemd-integration )
"
BDEPEND="
app-arch/xz-utils:0
@ -172,6 +179,7 @@ BDEPEND="
test? (
app-text/tree
dev-lang/perl
>=dev-libs/glib-2.22.0:2
sys-apps/dbus
)
app-text/docbook-xml-dtd:4.2
@ -192,44 +200,12 @@ BDEPEND="
QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
check_cgroup_layout() {
# https://bugs.gentoo.org/935261
[[ ${MERGE_TYPE} != buildonly ]] || return
[[ -z ${ROOT} ]] || return
[[ -e /sys/fs/cgroup/unified ]] || return
grep -q 'SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1' /proc/cmdline && return
eerror "This system appears to be booted with the 'hybrid' cgroup layout."
eerror "This layout obsolete and is disabled in systemd."
if grep -qF 'systemd.unified_cgroup_hierarchy'; then
eerror "Remove the systemd.unified_cgroup_hierarchy option"
eerror "from the kernel command line and reboot."
die "hybrid cgroup layout detected"
fi
}
pkg_pretend() {
if use split-usr; then
eerror "Please complete the migration to merged-usr."
eerror "https://wiki.gentoo.org/wiki/Merge-usr"
die "systemd no longer supports split-usr"
fi
check_cgroup_layout
if use cgroup-hybrid; then
eerror "Disable the 'cgroup-hybrid' USE flag."
eerror "Rebuild any initramfs images after rebuilding systemd."
die "cgroup-hybrid is no longer supported"
fi
if [[ ${MERGE_TYPE} != buildonly ]]; then
local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
~!SYSFS_DEPRECATED_V2"
@ -279,6 +255,10 @@ src_unpack() {
src_prepare() {
local PATCHES=(
"${FILESDIR}/systemd-260.1-fuzz-journald.patch"
"${FILESDIR}/systemd-260.1-openssl-4.patch"
"${FILESDIR}/systemd-260.1-gcc-17.patch"
"${FILESDIR}/systemd-260.1-gpt-generator.patch"
)
if ! use vanilla; then
@ -294,6 +274,20 @@ src_configure() {
# Prevent conflicts with i686 cross toolchain, bug 559726
tc-export AR CC NM OBJCOPY RANLIB
# Our toolchain sets F_S=2 by default w/ >= -O2, so we need
# to unset F_S first, then explicitly set 2, to negate any default
# and anything set by the user if they're choosing 3 (or if they've
# modified GCC to set 3).
#
# malloc_usable_size doesn't play well with _F_S=3:
# https://github.com/systemd/systemd/issues/41459 (bug #971773)
if tc-is-clang && tc-enables-fortify-source ; then
# We can't unconditionally do this b/c we fortify needs
# some level of optimisation.
filter-flags -D_FORTIFY_SOURCE=3
append-cppflags -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
fi
python_setup
multilib-minimal_src_configure
@ -303,88 +297,30 @@ multilib_src_configure() {
local myconf=(
--localstatedir="${EPREFIX}/var"
-Ddocdir="share/doc/${PF}"
# default is developer, bug 918671
-Dmode=release
-Dmode=release # default is developer, bug 918671
-Dlibc=$(usex elibc_musl musl glibc)
-Dsupport-url="${BRANDING_OS_SUPPORT_URL}"
-Dpamlibdir="$(getpam_mod_dir)"
-Dlibc=$(usex elibc_musl musl glibc)
# avoid bash-completion dep
-Dbashcompletiondir="$(get_bashcompdir)"
-Dzshcompletiondir="$(get_zshcompdir)"
-Dsplit-bin=false
# Disable compatibility with sysvinit
-Dsysvinit-path=
-Dsysvrcnd-path=
# no deps
-Dima=true
# Match /etc/shells, bug 919749
-Ddebug-shell="${EPREFIX}/bin/sh"
-Dima=true # no deps
-Ddebug-shell="${EPREFIX}/bin/sh" # Match /etc/shells, bug 919749
-Ddefault-user-shell="${EPREFIX}/bin/bash"
# Optional components/dependencies
$(meson_native_use_feature acl)
$(meson_native_use_feature apparmor)
$(meson_native_use_feature audit)
$(meson_native_use_feature boot bootloader)
$(meson_native_use_feature bpf bpf-framework)
-Dbpf-compiler=gcc
$(meson_native_use_feature cryptsetup libcryptsetup)
$(meson_native_use_feature curl libcurl)
$(meson_native_use_bool dns-over-tls dns-over-tls)
$(meson_native_use_feature elfutils)
$(meson_native_use_feature fido2 libfido2)
$(meson_feature gcrypt)
$(meson_native_use_feature gnutls)
$(meson_native_use_feature homed)
$(meson_native_use_feature http microhttpd)
$(meson_native_use_bool idn)
$(meson_native_use_feature importd)
$(meson_native_use_feature importd bzip2)
$(meson_native_use_feature importd zlib)
$(meson_native_use_bool kernel-install)
$(meson_native_use_feature kmod)
$(meson_feature lz4)
$(meson_feature lzma xz)
$(meson_feature zstd)
$(meson_native_use_feature iptables libiptc)
$(meson_native_use_feature openssl)
$(meson_feature pam)
$(meson_native_use_feature passwdqc)
$(meson_native_use_feature pkcs11 p11kit)
$(meson_native_use_feature pcre pcre2)
$(meson_native_use_feature policykit polkit)
$(meson_native_use_feature pwquality)
$(meson_native_use_feature qrcode qrencode)
$(meson_native_use_feature seccomp)
$(meson_native_use_feature selinux)
$(meson_native_use_feature tpm tpm2)
$(meson_native_use_feature test dbus)
$(meson_native_use_feature ukify)
$(meson_native_use_feature xkb xkbcommon)
-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
# Breaks screen, tmux, etc.
-Ddefault-kill-user-processes=false
-Dcreate-log-dirs=false
-Dlibcrypt=enabled
-Dcompat-mutable-uid-boundaries=true
# multilib options
$(meson_native_true backlight)
$(meson_native_true binfmt)
$(meson_native_true coredump)
$(meson_native_true environment-d)
$(meson_native_true firstboot)
$(meson_native_true hibernate)
$(meson_native_true hostnamed)
$(meson_native_true ldconfig)
$(meson_native_true localed)
$(meson_native_enabled man)
$(meson_native_true networkd)
$(meson_native_true quotacheck)
$(meson_native_true randomseed)
$(meson_native_true rfkill)
$(meson_native_true sysusers)
$(meson_native_true timedated)
$(meson_native_true timesyncd)
$(meson_native_true tmpfiles)
$(meson_native_true vconsole)
# options affecting multilib
$(meson_use !elibc_musl nss-myhostname)
$(meson_feature !elibc_musl nss-mymachines)
$(meson_feature !elibc_musl nss-resolve)
$(meson_use !elibc_musl nss-systemd)
$(meson_feature pam)
)
# workaround for bug 969103
@ -394,18 +330,92 @@ multilib_src_configure() {
myconf+=( $(meson_use test tests) )
fi
case $(tc-arch) in
amd64|arm|arm64|loong|ppc|ppc64|riscv|s390|x86)
# src/vmspawn/vmspawn-util.h: QEMU_MACHINE_TYPE
myconf+=( $(meson_native_enabled vmspawn) ) ;;
*)
myconf+=( -Dvmspawn=disabled ) ;;
esac
if multilib_is_native_abi; then
myconf+=(
--auto-features=enabled
-Dman=enabled
-Dxenctrl=disabled
# Optional components/dependencies
$(meson_feature acl)
$(meson_feature apparmor)
$(meson_feature audit)
$(meson_feature boot bootloader)
$(meson_feature bpf bpf-framework)
$(meson_feature cryptsetup libcryptsetup)
$(meson_feature cryptsetup libcryptsetup-plugins)
$(meson_feature curl libcurl)
$(meson_use dns-over-tls dns-over-tls)
$(meson_feature elfutils)
$(meson_feature fido2 libfido2)
$(meson_feature gcrypt)
$(meson_feature gnutls)
$(meson_feature homed)
$(meson_use idn)
$(meson_feature importd)
$(meson_feature importd bzip2)
$(meson_feature importd sysupdate)
$(meson_feature importd zlib)
$(meson_use kernel-install)
$(meson_feature kmod)
$(meson_feature lz4)
$(meson_feature lzma xz)
$(meson_feature zstd)
$(meson_feature openssl)
$(meson_feature passwdqc)
$(meson_feature pkcs11 p11kit)
$(meson_feature pcre pcre2)
$(meson_feature policykit polkit)
$(meson_feature pwquality)
$(meson_feature qrcode qrencode)
$(meson_feature remote)
$(meson_feature remote microhttpd)
$(meson_feature seccomp)
$(meson_feature selinux)
$(meson_feature tpm tpm2)
$(meson_feature test dbus)
$(meson_feature test glib)
$(meson_feature ukify)
$(meson_feature xkb xkbcommon)
)
case $(tc-arch) in
amd64|arm|arm64|loong|ppc|ppc64|riscv|s390|x86)
# src/vmspawn/vmspawn-util.h: QEMU_MACHINE_TYPE
myconf+=( $(meson_native_enabled vmspawn) ) ;;
*)
myconf+=( -Dvmspawn=disabled ) ;;
esac
else
myconf+=(
--auto-features=disabled
)
fi
meson_src_configure "${myconf[@]}"
}
multilib_src_compile() {
local args=()
if ! multilib_is_native_abi; then
args+=(
devel libsystemd libudev
$(usex elibc_musl '' nss)
$(usev pam)
)
fi
meson_src_compile "${args[@]}"
}
multilib_src_test() {
local args=( --timeout-multiplier=10 )
if ! multilib_is_native_abi; then
args+=(
--suite libsystemd --suite libudev
$(usex elibc_musl '' '--suite nss')
$(usex pam '--suite pam' '')
)
fi
(
unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
export COLUMNS=80
@ -413,10 +423,21 @@ multilib_src_test() {
addpredict /proc
addpredict /run
addpredict /sys/fs/cgroup
meson_src_test --timeout-multiplier=10
meson_src_test "${args[@]}"
) || die
}
multilib_src_install() {
local args=()
if ! multilib_is_native_abi; then
local tags=devel,libsystemd,libudev
use !elibc_musl && tags+=,nss
use pam && tags+=,pam
args+=( --tags "${tags}" )
fi
meson_src_install "${args[@]}"
}
multilib_src_install_all() {
einstalldocs
dodoc "${FILESDIR}"/nsswitch.conf
@ -529,14 +550,16 @@ pkg_postinst() {
# Keep this here in case the database format changes so it gets updated
# when required.
systemd-hwdb --root="${ROOT}" update
udev_hwdb_update || FAIL=1
udev_reload || FAIL=1
# Bug 465468, make sure locales are respected, and ensure consistency
# between OpenRC & systemd
migrate_locale
# Bug 971385
systemd_reenable getty@.service
if [[ -z ${REPLACING_VERSIONS} ]]; then
if type systemctl &>/dev/null; then
systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1

317
sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-9999.ebuild vendored
View File

@ -24,7 +24,7 @@ else
fi
fi
inherit branding linux-info meson-multilib optfeature pam python-single-r1
inherit branding flag-o-matic linux-info meson-multilib optfeature pam python-single-r1
inherit secureboot shell-completion systemd toolchain-funcs udev
DESCRIPTION="System and service manager for Linux"
@ -33,13 +33,14 @@ HOMEPAGE="https://systemd.io/"
LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
SLOT="0/2"
IUSE="
acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod
+lz4 lzma +openssl pam passwdqc pcre pkcs11 policykit pwquality qrcode
+resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
acl apparmor audit boot bpf cryptsetup curl +dns-over-tls elfutils
fido2 +gcrypt gnutls homed idn importd +kernel-install +kmod +lz4 lzma
+openssl pam passwdqc pcre pkcs11 policykit pwquality qrcode remote
+resolvconf +seccomp selinux sysv-utils test tpm ukify vanilla xkb +zstd
"
REQUIRED_USE="
${PYTHON_REQUIRED_USE}
boot? ( kernel-install )
dns-over-tls? ( openssl )
fido2? ( cryptsetup openssl )
homed? ( cryptsetup pam openssl )
@ -47,51 +48,56 @@ REQUIRED_USE="
?? ( passwdqc pwquality )
passwdqc? ( homed )
pwquality? ( homed )
boot? ( kernel-install )
remote? ( curl )
ukify? ( boot )
"
RESTRICT="!test? ( test )"
MINKV="4.15"
MINKV="5.10"
COMMON_DEPEND="
>=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}]
sys-libs/libcap:0=[${MULTILIB_USEDEP}]
virtual/libcrypt:=[${MULTILIB_USEDEP}]
acl? ( sys-apps/acl:0= )
apparmor? ( >=sys-libs/libapparmor-2.13:0= )
audit? ( >=sys-process/audit-2:0= )
bpf? ( >=dev-libs/libbpf-1.4.0:0= )
cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
>=sys-apps/util-linux-2.37
acl? ( sys-apps/acl )
apparmor? ( >=sys-libs/libapparmor-2.13 )
audit? ( >=sys-process/audit-2 )
bpf? ( >=dev-libs/libbpf-1.4.0 )
cryptsetup? ( >=sys-fs/cryptsetup-2.4.0:= )
curl? ( >=net-misc/curl-7.32.0:0= )
elfutils? ( >=dev-libs/elfutils-0.158:0= )
fido2? (
dev-libs/libfido2:0=
elfutils? ( >=dev-libs/elfutils-0.177 )
elibc_glibc? (
>=sys-libs/glibc-2.34
>=sys-libs/libxcrypt-4.4.0
)
gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
elibc_musl? (
>=sys-libs/musl-1.2.5-r8
virtual/libcrypt
)
fido2? (
dev-libs/libfido2
)
gcrypt? ( >=dev-libs/libgcrypt-1.4.5 )
gnutls? ( >=net-libs/gnutls-3.6.0:0= )
http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
idn? ( net-dns/libidn2:= )
remote? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
idn? ( net-dns/libidn2 )
importd? (
app-arch/bzip2:0=
virtual/zlib:=
)
kmod? ( >=sys-apps/kmod-15:0= )
lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
iptables? ( net-firewall/iptables:0= )
openssl? ( >=dev-libs/openssl-1.1.0:0= )
lz4? ( >=app-arch/lz4-0_p131:0= )
lzma? ( >=app-arch/xz-utils-5.0.5-r1:0= )
openssl? ( >=dev-libs/openssl-3.0.0:0= )
pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
passwdqc? ( sys-auth/passwdqc:0= )
pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= )
passwdqc? ( sys-auth/passwdqc )
pkcs11? ( >=app-crypt/p11-kit-0.23.3 )
pcre? ( dev-libs/libpcre2 )
pwquality? ( >=dev-libs/libpwquality-1.4.1:0= )
pwquality? ( >=dev-libs/libpwquality-1.4.1 )
qrcode? ( >=media-gfx/qrencode-3:0= )
seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
selinux? ( >=sys-libs/libselinux-2.1.9:0= )
tpm? ( app-crypt/tpm2-tss:0= )
xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
seccomp? ( >=sys-libs/libseccomp-2.4.0 )
selinux? ( >=sys-libs/libselinux-2.1.9 )
tpm? ( app-crypt/tpm2-tss )
xkb? ( >=x11-libs/libxkbcommon-0.4.1 )
zstd? ( >=app-arch/zstd-1.4.0:0= )
"
# Newer linux-headers needed by ia64, bug #480218
@ -131,7 +137,6 @@ RDEPEND="${COMMON_DEPEND}
>=acct-user/systemd-resolve-0-r1
>=acct-user/systemd-timesync-0-r1
>=sys-apps/baselayout-2.2
elibc_musl? ( >=sys-libs/musl-1.2.5-r8 )
ukify? (
${PYTHON_DEPS}
$(python_gen_cond_dep "${PEFILE_DEPEND}")
@ -146,17 +151,19 @@ RDEPEND="${COMMON_DEPEND}
)
!sysv-utils? ( sys-apps/sysvinit )
resolvconf? ( !net-dns/openresolv )
!sys-apps/hwids[udev]
!sys-auth/nss-myhostname
!sys-fs/eudev
!sys-fs/udev
"
# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
PDEPEND="
>=sys-apps/dbus-1.9.8[systemd]
>=sys-fs/udev-init-scripts-34
policykit? ( sys-auth/polkit )
!vanilla? ( sys-apps/gentoo-systemd-integration )"
!sysv-utils? ( sys-apps/systemd-initctl )
!vanilla? ( sys-apps/gentoo-systemd-integration )
"
BDEPEND="
app-arch/xz-utils:0
@ -172,6 +179,7 @@ BDEPEND="
test? (
app-text/tree
dev-lang/perl
>=dev-libs/glib-2.22.0:2
sys-apps/dbus
)
app-text/docbook-xml-dtd:4.2
@ -192,44 +200,12 @@ BDEPEND="
QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
check_cgroup_layout() {
# https://bugs.gentoo.org/935261
[[ ${MERGE_TYPE} != buildonly ]] || return
[[ -z ${ROOT} ]] || return
[[ -e /sys/fs/cgroup/unified ]] || return
grep -q 'SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1' /proc/cmdline && return
eerror "This system appears to be booted with the 'hybrid' cgroup layout."
eerror "This layout obsolete and is disabled in systemd."
if grep -qF 'systemd.unified_cgroup_hierarchy'; then
eerror "Remove the systemd.unified_cgroup_hierarchy option"
eerror "from the kernel command line and reboot."
die "hybrid cgroup layout detected"
fi
}
pkg_pretend() {
if use split-usr; then
eerror "Please complete the migration to merged-usr."
eerror "https://wiki.gentoo.org/wiki/Merge-usr"
die "systemd no longer supports split-usr"
fi
check_cgroup_layout
if use cgroup-hybrid; then
eerror "Disable the 'cgroup-hybrid' USE flag."
eerror "Rebuild any initramfs images after rebuilding systemd."
die "cgroup-hybrid is no longer supported"
fi
if [[ ${MERGE_TYPE} != buildonly ]]; then
local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
~!SYSFS_DEPRECATED_V2"
@ -294,6 +270,20 @@ src_configure() {
# Prevent conflicts with i686 cross toolchain, bug 559726
tc-export AR CC NM OBJCOPY RANLIB
# Our toolchain sets F_S=2 by default w/ >= -O2, so we need
# to unset F_S first, then explicitly set 2, to negate any default
# and anything set by the user if they're choosing 3 (or if they've
# modified GCC to set 3).
#
# malloc_usable_size doesn't play well with _F_S=3:
# https://github.com/systemd/systemd/issues/41459 (bug #971773)
if tc-is-clang && tc-enables-fortify-source ; then
# We can't unconditionally do this b/c we fortify needs
# some level of optimisation.
filter-flags -D_FORTIFY_SOURCE=3
append-cppflags -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
fi
python_setup
multilib-minimal_src_configure
@ -303,88 +293,30 @@ multilib_src_configure() {
local myconf=(
--localstatedir="${EPREFIX}/var"
-Ddocdir="share/doc/${PF}"
# default is developer, bug 918671
-Dmode=release
-Dmode=release # default is developer, bug 918671
-Dlibc=$(usex elibc_musl musl glibc)
-Dsupport-url="${BRANDING_OS_SUPPORT_URL}"
-Dpamlibdir="$(getpam_mod_dir)"
-Dlibc=$(usex elibc_musl musl glibc)
# avoid bash-completion dep
-Dbashcompletiondir="$(get_bashcompdir)"
-Dzshcompletiondir="$(get_zshcompdir)"
-Dsplit-bin=false
# Disable compatibility with sysvinit
-Dsysvinit-path=
-Dsysvrcnd-path=
# no deps
-Dima=true
# Match /etc/shells, bug 919749
-Ddebug-shell="${EPREFIX}/bin/sh"
-Dima=true # no deps
-Ddebug-shell="${EPREFIX}/bin/sh" # Match /etc/shells, bug 919749
-Ddefault-user-shell="${EPREFIX}/bin/bash"
# Optional components/dependencies
$(meson_native_use_feature acl)
$(meson_native_use_feature apparmor)
$(meson_native_use_feature audit)
$(meson_native_use_feature boot bootloader)
$(meson_native_use_feature bpf bpf-framework)
-Dbpf-compiler=gcc
$(meson_native_use_feature cryptsetup libcryptsetup)
$(meson_native_use_feature curl libcurl)
$(meson_native_use_bool dns-over-tls dns-over-tls)
$(meson_native_use_feature elfutils)
$(meson_native_use_feature fido2 libfido2)
$(meson_feature gcrypt)
$(meson_native_use_feature gnutls)
$(meson_native_use_feature homed)
$(meson_native_use_feature http microhttpd)
$(meson_native_use_bool idn)
$(meson_native_use_feature importd)
$(meson_native_use_feature importd bzip2)
$(meson_native_use_feature importd zlib)
$(meson_native_use_bool kernel-install)
$(meson_native_use_feature kmod)
$(meson_feature lz4)
$(meson_feature lzma xz)
$(meson_feature zstd)
$(meson_native_use_feature iptables libiptc)
$(meson_native_use_feature openssl)
$(meson_feature pam)
$(meson_native_use_feature passwdqc)
$(meson_native_use_feature pkcs11 p11kit)
$(meson_native_use_feature pcre pcre2)
$(meson_native_use_feature policykit polkit)
$(meson_native_use_feature pwquality)
$(meson_native_use_feature qrcode qrencode)
$(meson_native_use_feature seccomp)
$(meson_native_use_feature selinux)
$(meson_native_use_feature tpm tpm2)
$(meson_native_use_feature test dbus)
$(meson_native_use_feature ukify)
$(meson_native_use_feature xkb xkbcommon)
-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
# Breaks screen, tmux, etc.
-Ddefault-kill-user-processes=false
-Dcreate-log-dirs=false
-Dlibcrypt=enabled
-Dcompat-mutable-uid-boundaries=true
# multilib options
$(meson_native_true backlight)
$(meson_native_true binfmt)
$(meson_native_true coredump)
$(meson_native_true environment-d)
$(meson_native_true firstboot)
$(meson_native_true hibernate)
$(meson_native_true hostnamed)
$(meson_native_true ldconfig)
$(meson_native_true localed)
$(meson_native_enabled man)
$(meson_native_true networkd)
$(meson_native_true quotacheck)
$(meson_native_true randomseed)
$(meson_native_true rfkill)
$(meson_native_true sysusers)
$(meson_native_true timedated)
$(meson_native_true timesyncd)
$(meson_native_true tmpfiles)
$(meson_native_true vconsole)
# options affecting multilib
$(meson_use !elibc_musl nss-myhostname)
$(meson_feature !elibc_musl nss-mymachines)
$(meson_feature !elibc_musl nss-resolve)
$(meson_use !elibc_musl nss-systemd)
$(meson_feature pam)
)
# workaround for bug 969103
@ -394,18 +326,92 @@ multilib_src_configure() {
myconf+=( $(meson_use test tests) )
fi
case $(tc-arch) in
amd64|arm|arm64|loong|ppc|ppc64|riscv|s390|x86)
# src/vmspawn/vmspawn-util.h: QEMU_MACHINE_TYPE
myconf+=( $(meson_native_enabled vmspawn) ) ;;
*)
myconf+=( -Dvmspawn=disabled ) ;;
esac
if multilib_is_native_abi; then
myconf+=(
--auto-features=enabled
-Dman=enabled
-Dxenctrl=disabled
# Optional components/dependencies
$(meson_feature acl)
$(meson_feature apparmor)
$(meson_feature audit)
$(meson_feature boot bootloader)
$(meson_feature bpf bpf-framework)
$(meson_feature cryptsetup libcryptsetup)
$(meson_feature cryptsetup libcryptsetup-plugins)
$(meson_feature curl libcurl)
$(meson_use dns-over-tls dns-over-tls)
$(meson_feature elfutils)
$(meson_feature fido2 libfido2)
$(meson_feature gcrypt)
$(meson_feature gnutls)
$(meson_feature homed)
$(meson_use idn)
$(meson_feature importd)
$(meson_feature importd bzip2)
$(meson_feature importd sysupdate)
$(meson_feature importd zlib)
$(meson_use kernel-install)
$(meson_feature kmod)
$(meson_feature lz4)
$(meson_feature lzma xz)
$(meson_feature zstd)
$(meson_feature openssl)
$(meson_feature passwdqc)
$(meson_feature pkcs11 p11kit)
$(meson_feature pcre pcre2)
$(meson_feature policykit polkit)
$(meson_feature pwquality)
$(meson_feature qrcode qrencode)
$(meson_feature remote)
$(meson_feature remote microhttpd)
$(meson_feature seccomp)
$(meson_feature selinux)
$(meson_feature tpm tpm2)
$(meson_feature test dbus)
$(meson_feature test glib)
$(meson_feature ukify)
$(meson_feature xkb xkbcommon)
)
case $(tc-arch) in
amd64|arm|arm64|loong|ppc|ppc64|riscv|s390|x86)
# src/vmspawn/vmspawn-util.h: QEMU_MACHINE_TYPE
myconf+=( $(meson_native_enabled vmspawn) ) ;;
*)
myconf+=( -Dvmspawn=disabled ) ;;
esac
else
myconf+=(
--auto-features=disabled
)
fi
meson_src_configure "${myconf[@]}"
}
multilib_src_compile() {
local args=()
if ! multilib_is_native_abi; then
args+=(
devel libsystemd libudev
$(usex elibc_musl '' nss)
$(usev pam)
)
fi
meson_src_compile "${args[@]}"
}
multilib_src_test() {
local args=( --timeout-multiplier=10 )
if ! multilib_is_native_abi; then
args+=(
--suite libsystemd --suite libudev
$(usex elibc_musl '' '--suite nss')
$(usex pam '--suite pam' '')
)
fi
(
unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
export COLUMNS=80
@ -413,10 +419,21 @@ multilib_src_test() {
addpredict /proc
addpredict /run
addpredict /sys/fs/cgroup
meson_src_test --timeout-multiplier=10
meson_src_test "${args[@]}"
) || die
}
multilib_src_install() {
local args=()
if ! multilib_is_native_abi; then
local tags=devel,libsystemd,libudev
use !elibc_musl && tags+=,nss
use pam && tags+=,pam
args+=( --tags "${tags}" )
fi
meson_src_install "${args[@]}"
}
multilib_src_install_all() {
einstalldocs
dodoc "${FILESDIR}"/nsswitch.conf
@ -529,14 +546,16 @@ pkg_postinst() {
# Keep this here in case the database format changes so it gets updated
# when required.
systemd-hwdb --root="${ROOT}" update
udev_hwdb_update || FAIL=1
udev_reload || FAIL=1
# Bug 465468, make sure locales are respected, and ensure consistency
# between OpenRC & systemd
migrate_locale
# Bug 971385
systemd_reenable getty@.service
if [[ -z ${REPLACING_VERSIONS} ]]; then
if type systemctl &>/dev/null; then
systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1