From 70aedfd2c500255d64d4afcc3f0c91f61b9122a8 Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Mon, 11 May 2026 08:18:47 +0000 Subject: [PATCH] sys-apps/systemd: Sync with Gentoo It's from Gentoo commit 050f1563613fddb5b0188508dea2811fd2b76e1f. Signed-off-by: Flatcar Buildbot --- .../portage-stable/sys-apps/systemd/Manifest | 6 +- .../files/gentoo-journald-audit-r3.patch | 51 -- ...md-258-shared-add-missing-alloc-util.patch | 24 - .../systemd-258.3-kernel-install-test.patch | 16 - .../systemd/files/systemd-259-test-echo.patch | 32 - ...systemd-259-vmspawn-use-indexed-loop.patch | 71 --- .../systemd/files/systemd-260-mips.patch | 114 ++++ .../files/systemd-260.1-fuzz-journald.patch | 131 ++++ .../systemd/files/systemd-260.1-gcc-17.patch | 45 ++ .../files/systemd-260.1-gpt-generator.patch | 39 ++ .../files/systemd-260.1-openssl-4.patch | 81 +++ .../sys-apps/systemd/metadata.xml | 2 +- .../sys-apps/systemd/systemd-258.3.ebuild | 579 ------------------ ...d-259.1.ebuild => systemd-259.4-r1.ebuild} | 38 +- .../sys-apps/systemd/systemd-259.ebuild | 579 ------------------ ...d-259.2.ebuild => systemd-260.1-r1.ebuild} | 323 +++++----- .../sys-apps/systemd/systemd-9999.ebuild | 317 +++++----- 17 files changed, 779 insertions(+), 1669 deletions(-) delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/gentoo-journald-audit-r3.patch delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-258-shared-add-missing-alloc-util.patch delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-258.3-kernel-install-test.patch delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-259-test-echo.patch delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-259-vmspawn-use-indexed-loop.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260-mips.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260.1-fuzz-journald.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260.1-gcc-17.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260.1-gpt-generator.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260.1-openssl-4.patch delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-258.3.ebuild rename sdk_container/src/third_party/portage-stable/sys-apps/systemd/{systemd-259.1.ebuild => systemd-259.4-r1.ebuild} (93%) delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-259.ebuild rename sdk_container/src/third_party/portage-stable/sys-apps/systemd/{systemd-259.2.ebuild => systemd-260.1-r1.ebuild} (67%) diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/Manifest b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/Manifest index 33ca9cacbc..061d92169a 100644 --- a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/Manifest +++ b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/Manifest @@ -1,4 +1,2 @@ -DIST systemd-258.3.tar.gz 17034328 BLAKE2B 668f5829d78412b256f49c3f46dffad5cf70fa335de3e5ca822bdc13e4f67874ac28005b616e7fdc0f3235f760c68809ae3ac97e1f53d3ca43fb7e0934ec0de9 SHA512 9f4261e1703efd1f38c90e4166e6d85fa9379c99ac7f3c66caa62955c3cbe8a43ab259c261ab20bce0dd84dd682258192ace66b4dee0390bf3740c32f4569fed -DIST systemd-259.1.tar.gz 17274033 BLAKE2B 08d3b640e699ecaae9f2e2471db4547870786a5b5e2953671a0a9460b13a4d942c605942f95c144e68a04ffd6be1a72d8a084fe1f59c4d49c0ac3dc1eda55533 SHA512 7cbeca5dad6413a876809200583854ddc706b7a69deff958eb1ca1afb726cf4dec014006c10d1945c450b754811d4b95a80fe1778cb3136997f6d11b11c0560e -DIST systemd-259.2.tar.gz 17284532 BLAKE2B a0826ef6f1cc8546957cbd558283e9bf634e434893de526d39b00f7d5ecdc982ccadf0f5397f74a8c9090887d14acbbe20dac27905376b72aa07b5246436c1ed SHA512 1cb677c98a56210948bfc9a6e296aa92dde030ceeca6b6e4fe3f4014d051f4d0f1d83584cfdceb921d7d578952b85112b2ba497385faefca4d6c871bf8de48cf -DIST systemd-259.tar.gz 17250241 BLAKE2B 59ba6edea59338fc30d4cf72b197e8eda2ccd4fc7d53f016c0b9bd4422433839696fe553b58dcf1f31345ec92080a426a04a2878fd97cb17b3b1e3f92f08e135 SHA512 ef46b13661df43e3cfbeee1bc22f0b1eb902e8ebe39c19868c465efd08b35a199c2a2cd9d8021a6bc4d692fa0c6e0eab3f13eecd6ce24dde81d3945464a25b50 +DIST systemd-259.4.tar.gz 17336661 BLAKE2B 5e90410698e21e8fc8f5f22e3e26858f51d2cdfc362870f09ecccf8ed882602cdcef2614843738b14601349b05cfd3a8358a1771fc1fcd8e75d831940a8683c8 SHA512 bf572f92b0b01ecaf08f36ea5e13a2c05a79e6c0c2d9ef191855d1b83ae791a2977841ca85541ace1d30945d5f879d703d390767f708294986b29aeda1449b1f +DIST systemd-260.1.tar.gz 17581096 BLAKE2B 072424e7288f8796be1e6952fadc5452c2ab54633b356796a29872609a03b4cc2edbc0cac0df7542bc969b06d265d2cbf52f9174742c5a570a5a3d7a7664cfa8 SHA512 9f975dce6861853a817a7ceab18a24449a85d1bda6939b3a5173430c02a4d8a9a2b34ebb8cce1c51db9b0ff9078fcc65da7b0f44e3bdcbbe013b9e04bb6f0ff9 diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/gentoo-journald-audit-r3.patch b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/gentoo-journald-audit-r3.patch deleted file mode 100644 index 291559ff22..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/gentoo-journald-audit-r3.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 0f16422e52ef793407d1cbef0c38eff29d6e251c Mon Sep 17 00:00:00 2001 -From: Mike Gilbert -Date: Wed, 17 Sep 2025 15:40:57 -0400 -Subject: [PATCH] journald: do not change the kernel audit setting by default - -Bug: https://bugs.gentoo.org/736910 ---- - man/journald.conf.xml | 2 +- - src/journal/journald-config.c | 2 +- - src/journal/journald.conf | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/man/journald.conf.xml b/man/journald.conf.xml -index 1d615b110d..4676d674a2 100644 ---- a/man/journald.conf.xml -+++ b/man/journald.conf.xml -@@ -483,7 +483,7 @@ - turn it off. When keep it will neither enable nor disable it, leaving the previous - state unchanged. This means if another tool turns on auditing even if - systemd-journald left it off, it will still collect the generated messages. -- Defaults to yes in the default journal namespace, and keep otherwise. -+ Defaults to keep. - - - -diff --git a/src/journal/journald-config.c b/src/journal/journald-config.c -index 8cffec880b..ea3bb34a76 100644 ---- a/src/journal/journald-config.c -+++ b/src/journal/journald-config.c -@@ -123,7 +123,7 @@ void manager_merge_configs(Manager *m) { - MERGE_NON_NEGATIVE(read_kmsg, !m->namespace); - /* By default, kernel auditing is enabled by the main namespace instance, and not controlled by - * non-default namespace instances. */ -- MERGE_NON_NEGATIVE(set_audit, m->namespace ? AUDIT_KEEP : AUDIT_YES); -+ MERGE_NON_NEGATIVE(set_audit, AUDIT_KEEP); - MERGE_NON_ZERO(sync_interval_usec, DEFAULT_SYNC_INTERVAL_USEC); - - /* TODO: also merge them when comdline or credentials support to configure them. */ -diff --git a/src/journal/journald.conf b/src/journal/journald.conf -index 9a12ca7657..3be3ed7327 100644 ---- a/src/journal/journald.conf -+++ b/src/journal/journald.conf -@@ -47,4 +47,4 @@ - #MaxLevelSocket=debug - #LineMax=48K - #ReadKMsg=yes --#Audit=yes -+#Audit=keep --- -2.51.0 - diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-258-shared-add-missing-alloc-util.patch b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-258-shared-add-missing-alloc-util.patch deleted file mode 100644 index f384b3fece..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-258-shared-add-missing-alloc-util.patch +++ /dev/null @@ -1,24 +0,0 @@ -https://bugs.gentoo.org/963481 -https://github.com/systemd/systemd/pull/39149 - -From 3df39cedda01dec35e49f1ab5632cf9f325e5320 Mon Sep 17 00:00:00 2001 -From: Xarblu -Date: Fri, 26 Sep 2025 21:40:50 +0200 -Subject: [PATCH] shared: add missing alloc-util.h include - -Needed for _cleanup_free_ ---- - src/shared/password-quality-util-passwdqc.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/shared/password-quality-util-passwdqc.c b/src/shared/password-quality-util-passwdqc.c -index d74e0fb7f2370..844068a4d64a3 100644 ---- a/src/shared/password-quality-util-passwdqc.c -+++ b/src/shared/password-quality-util-passwdqc.c -@@ -1,5 +1,6 @@ - /* SPDX-License-Identifier: LGPL-2.1-or-later */ - -+#include "alloc-util.h" - #include "dlfcn-util.h" - #include "errno-util.h" - #include "log.h" diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-258.3-kernel-install-test.patch b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-258.3-kernel-install-test.patch deleted file mode 100644 index b67c9a87f8..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-258.3-kernel-install-test.patch +++ /dev/null @@ -1,16 +0,0 @@ -Revert for 258.3 of https://github.com/systemd/systemd/pull/39945 as that -commit got backported. It fails because master has the kernel install moved -to /var/tmp and this test change assumed that. - ---- a/src/kernel-install/test-kernel-install.sh -+++ b/src/kernel-install/test-kernel-install.sh -@@ -318,7 +318,7 @@ diff -u <(echo "$output") - >&2 < -Date: Sun, 8 Feb 2026 19:12:30 -0500 -Subject: [PATCH] meson: use printf instead of echo - -The echo builtin provided by some shells (mksh) will interpret \x2d as -an escape sequence. This causes meson to fail: - -``` -test/fuzz/meson.build:93:52: ERROR: File fuzz-unit-file/dm-back-slash.swap does not exist. -``` - -Bug: https://bugs.gentoo.org/969789 ---- - test/fuzz/meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/test/fuzz/meson.build b/test/fuzz/meson.build -index d4cfc0a5b4816..6f9f43a4105f9 100644 ---- a/test/fuzz/meson.build -+++ b/test/fuzz/meson.build -@@ -42,7 +42,7 @@ if git.found() and fs.is_dir(meson.project_source_root() / '.git') - 'ls-files', ':/@0@/*/*'.format(fuzz_testsdir), - check: true) - else -- out = run_command(sh, '-c', 'cd "@0@"; echo @1@/*/*'.format(meson.project_source_root(), fuzz_testsdir), check: true) -+ out = run_command(sh, '-c', 'cd "@0@"; printf "%s " @1@/*/*'.format(meson.project_source_root(), fuzz_testsdir), check: true) - endif - - # Add crafted fuzz inputs we have in the repo diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-259-vmspawn-use-indexed-loop.patch b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-259-vmspawn-use-indexed-loop.patch deleted file mode 100644 index 72f2cff078..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-259-vmspawn-use-indexed-loop.patch +++ /dev/null @@ -1,71 +0,0 @@ -https://bugs.gentoo.org/968936 -https://github.com/systemd/systemd/issues/40380 - -From 8a5fb3627a1518d2d2ef70919c81448158d64ac0 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 19 Jan 2026 23:14:26 +0900 -Subject: [PATCH] vmspawn: use indexed loop - -Previously, the index is obtained from the pointer offset. The -pointer offset is expressed by ptrdiff_t and may be different from -ssize_t. - -Let's avoid to use FOREACH_ARRAY() but use an indexed loop. -This also renames `mount` to `m` to avoid conflict with `mount()`. - -Fixes #40380. ---- - src/vmspawn/vmspawn.c | 15 ++++++++------- - 1 file changed, 8 insertions(+), 7 deletions(-) - -diff --git a/src/vmspawn/vmspawn.c b/src/vmspawn/vmspawn.c -index 43817954a3d22..b12e260fa4d1f 100644 ---- a/src/vmspawn/vmspawn.c -+++ b/src/vmspawn/vmspawn.c -@@ -2408,7 +2408,8 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) { - if (r < 0) - return log_oom(); - -- FOREACH_ARRAY(mount, arg_runtime_mounts.mounts, arg_runtime_mounts.n_mounts) { -+ for (size_t j = 0; j < arg_runtime_mounts.n_mounts; j++) { -+ RuntimeMount *m = arg_runtime_mounts.mounts + j; - _cleanup_free_ char *listen_address = NULL; - _cleanup_(fork_notify_terminate) PidRef child = PIDREF_NULL; - -@@ -2417,9 +2418,9 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) { - - r = start_virtiofsd( - unit, -- mount->source, -- /* source_uid= */ mount->source_uid, -- /* target_uid= */ mount->target_uid, -+ m->source, -+ /* source_uid= */ m->source_uid, -+ /* target_uid= */ m->target_uid, - /* uid_range= */ 1U, - runtime_dir, - sd_socket_activate, -@@ -2444,7 +2445,7 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) { - return log_oom(); - - _cleanup_free_ char *id = NULL; -- if (asprintf(&id, "mnt%zi", mount - arg_runtime_mounts.mounts) < 0) -+ if (asprintf(&id, "mnt%zu", j) < 0) - return log_oom(); - - if (strv_extendf(&cmdline, "socket,id=%s,path=%s", id, escaped_listen_address) < 0) -@@ -2456,12 +2457,12 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) { - if (strv_extendf(&cmdline, "vhost-user-fs-pci,queue-size=1024,chardev=%1$s,tag=%1$s", id) < 0) - return log_oom(); - -- _cleanup_free_ char *clean_target = xescape(mount->target, "\":"); -+ _cleanup_free_ char *clean_target = xescape(m->target, "\":"); - if (!clean_target) - return log_oom(); - - if (strv_extendf(&arg_kernel_cmdline_extra, "systemd.mount-extra=\"%s:%s:virtiofs:%s\"", -- id, clean_target, mount->read_only ? "ro" : "rw") < 0) -+ id, clean_target, m->read_only ? "ro" : "rw") < 0) - return log_oom(); - } - diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260-mips.patch b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260-mips.patch new file mode 100644 index 0000000000..9268ee6cec --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260-mips.patch @@ -0,0 +1,114 @@ +https://bugs.gentoo.org/971376 +https://github.com/systemd/systemd/pull/41240 + +From 26fe43d2189cc7eab3b5c710673f04a23627caf0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Andreas=20K=2E=20H=C3=BCttel?= +Date: Fri, 20 Mar 2026 13:52:17 +0100 +Subject: [PATCH] mips: Fix conditional inclusion of +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +systemd now has a system call wrapper that does a long series of #ifdef's to +differentiate between architectures and ABIs. This wrapper has two problems. + +1. On mips, it needs to differentiate between O32, N32, N64 ABI. It does that +via a code block in src/include/override/sys/generate-syscall.py (and derived +files): + + 76 # elif defined(_MIPS_SIM) + 77 # if _MIPS_SIM == _MIPS_SIM_ABI32 + 78 # define systemd_NR_{syscall} {nr_mipso32} + 79 # elif _MIPS_SIM == _MIPS_SIM_NABI32 + 80 # define systemd_NR_{syscall} {nr_mips64n32} + 81 # elif _MIPS_SIM == _MIPS_SIM_ABI64 + 82 # define systemd_NR_{syscall} {nr_mips64} + 83 # else + 84 # error "Unknown MIPS ABI" + 85 # endif + 86 # elif defined(__hppa__) + +Now the _MIPS_SIM* constants stem from a vendor-specific header file sgidefs.h, +which is included with glibc, but not with musl. It is however always present +in the Linux kernel headers as asm/sgidefs.h ... + +2. To work around this, the syscall wrapper already has a block + + 47 #ifdef ARCH_MIPS + 48 #include + 49 #endif + +Turns out, ARCH_MIPS is defined nowhere in Gentoo, neither on glibc nor on musl. +As a result the code (by accident, probably sgidefs.h is included transitively +somehow) works on glibc, but not on musl. + +The simplest fix is to replace line 47 in the generator and the derived file +with + + 47 #ifdef __mips__ + +Two other source code files require a similar fix since they rely on the +constants. + +Bug: https://github.com/systemd/systemd/issues/41239 +Bug: https://bugs.gentoo.org/971376 +Signed-off-by: Andreas K. Hüttel +--- + src/include/override/sys/generate-syscall.py | 2 +- + src/include/override/sys/syscall.h | 2 +- + src/shared/base-filesystem.c | 2 +- + src/shared/seccomp-util.c | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/include/override/sys/generate-syscall.py b/src/include/override/sys/generate-syscall.py +index 6f449f9dc1330..1c90ad0e38402 100755 +--- a/src/include/override/sys/generate-syscall.py ++++ b/src/include/override/sys/generate-syscall.py +@@ -44,7 +44,7 @@ def parse_syscall_tables(filenames): + + #include_next /* IWYU pragma: export */ + +-#ifdef ARCH_MIPS ++#ifdef __mips__ + #include + #endif + +diff --git a/src/include/override/sys/syscall.h b/src/include/override/sys/syscall.h +index da2f780bed39c..0233f254b421c 100644 +--- a/src/include/override/sys/syscall.h ++++ b/src/include/override/sys/syscall.h +@@ -11,7 +11,7 @@ + + #include_next /* IWYU pragma: export */ + +-#ifdef ARCH_MIPS ++#ifdef __mips__ + #include + #endif + +diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c +index bad3b46f3ad3a..9e8856ba48ce6 100644 +--- a/src/shared/base-filesystem.c ++++ b/src/shared/base-filesystem.c +@@ -5,7 +5,7 @@ + #include + #include + +-#ifdef ARCH_MIPS ++#ifdef __mips__ + #include + #endif + +diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c +index d2f7612a53de5..9785fc45d78f3 100644 +--- a/src/shared/seccomp-util.c ++++ b/src/shared/seccomp-util.c +@@ -12,7 +12,7 @@ + #include + #include + +-#ifdef ARCH_MIPS ++#ifdef __mips__ + #include + #endif + diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260.1-fuzz-journald.patch b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260.1-fuzz-journald.patch new file mode 100644 index 0000000000..6f3b52f7da --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260.1-fuzz-journald.patch @@ -0,0 +1,131 @@ +https://bugs.gentoo.org/969103 +https://github.com/systemd/systemd/pull/41753 +https://github.com/systemd/systemd/pull/41773 + +From f6c2e14676f266132772bec078578e344c91440d Mon Sep 17 00:00:00 2001 +From: Chris Hofer +Date: Mon, 20 Apr 2026 16:55:38 +0200 +Subject: [PATCH] build: Compile fuzz-journald-util.c only if want_fuzz_tests + +fuzz-journald-util.c is compiled unconditionally even though fuzzing +tests aren't enabled. Only build it if fuzzing tests are configured. +This also ensure that the functions it uses from src/shared/tests.c are +available. + +Fixes 32bd43d768a4bdd54481c5e37ce9ea3d1009a824 +Closes #39984 + +Signed-off-by: Chris Hofer +--- + src/journal/meson.build | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/journal/meson.build b/src/journal/meson.build +index 5f64304219447..1bec605b0ccf0 100644 +--- a/src/journal/meson.build ++++ b/src/journal/meson.build +@@ -19,11 +19,16 @@ systemd_journald_extract_sources = files( + 'journald-syslog.c', + 'journald-varlink.c', + 'journald-wall.c', +- # Build fuzz-journald.c as part of systemd-journald so we only compile it once instead of once per +- # fuzz test. +- 'fuzz-journald-util.c', + ) + ++if want_fuzz_tests ++ # Build fuzz-journald-util.c as part of systemd-journald so we only ++ # compile it once instead of once per fuzz test. ++ systemd_journald_extract_sources += files( ++ 'fuzz-journald-util.c', ++ ) ++endif ++ + journald_gperf_c = custom_target( + input : 'journald-gperf.gperf', + output : 'journald-gperf.c', +From 46776da0314528c1385fcde2bd59f34ba00866fa Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 22 Apr 2026 17:01:45 +0200 +Subject: [PATCH 1/2] meson: concatenate donors specified in 'objects' + +Previously, we'd only honour the last donor. +--- + meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/meson.build b/meson.build +index 2b717e23966f6..ce25b59ce00c2 100644 +--- a/meson.build ++++ b/meson.build +@@ -2541,7 +2541,7 @@ foreach dict : executables + + foreach val : dict.get('objects', []) + obj = objects_by_name[val] +- kwargs += { 'objects' : obj['objects'] } ++ kwargs += { 'objects' : kwargs.get('objects', []) + obj['objects'] } + include_directories += obj['include_directories'] + endforeach + + +From f397ce001e525ae8f42518835d2ae98fba41fbe9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 22 Apr 2026 16:33:12 +0200 +Subject: [PATCH 2/2] meson: move fuzz-journald-util.c to fuzz-journal-audit + +The .c file is shared between various fuzz-journal-* binaries. It +was added to 32bd43d768a4bdd54481c5e37ce9ea3d1009a824, but that is +somewhat ugly. + +Let's add it to the alphabetially first fuzzer and share from there. + +Follow-up for 32bd43d768a4bdd54481c5e37ce9ea3d1009a824 and +85b5acde869baa51f5618fa503eafac3dccbf379. +--- + src/journal/meson.build | 18 ++++++++---------- + 1 file changed, 8 insertions(+), 10 deletions(-) + +diff --git a/src/journal/meson.build b/src/journal/meson.build +index 1bec605b0ccf0..142d2246c1fe0 100644 +--- a/src/journal/meson.build ++++ b/src/journal/meson.build +@@ -21,14 +21,6 @@ systemd_journald_extract_sources = files( + 'journald-wall.c', + ) + +-if want_fuzz_tests +- # Build fuzz-journald-util.c as part of systemd-journald so we only +- # compile it once instead of once per fuzz test. +- systemd_journald_extract_sources += files( +- 'fuzz-journald-util.c', +- ) +-endif +- + journald_gperf_c = custom_target( + input : 'journald-gperf.gperf', + output : 'journald-gperf.c', +@@ -63,7 +55,10 @@ journal_test_template = test_template + { + } + + journal_fuzz_template = fuzz_template + { +- 'objects' : ['systemd-journald'], ++ 'objects' : [ ++ 'fuzz-journald-audit', ++ 'systemd-journald', ++ ], + 'dependencies' : libselinux_cflags, + } + +@@ -138,8 +133,11 @@ executables += [ + libselinux_cflags, + ], + }, +- journal_fuzz_template + { ++ fuzz_template + { + 'sources' : files('fuzz-journald-audit.c'), ++ # fuzz-journald-util.c is shared with the other fuzzers below. ++ 'extract' : files('fuzz-journald-util.c'), ++ 'objects' : ['systemd-journald'], + }, + journal_fuzz_template + { + 'sources' : files('fuzz-journald-kmsg.c'), diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260.1-gcc-17.patch b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260.1-gcc-17.patch new file mode 100644 index 0000000000..a73c6c7957 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260.1-gcc-17.patch @@ -0,0 +1,45 @@ +From 64b1e6be83f49b9fdebc9e07cc3b7485169970c2 Mon Sep 17 00:00:00 2001 +From: Sergei Trofimovich +Date: Tue, 5 May 2026 21:55:30 +0100 +Subject: [PATCH] sd-boot: efi-log: fix `__stack_chk_guard` type + +In https://gcc.gnu.org/PR121911 `gcc` started enforcing the type of +`__stack_chk_guard` to `uintptr_t` and broke `systemd` build as: + +``` +../src/boot/efi-log.c:136:17: error: conflicting types for '__stack_chk_guard'; have 'intptr_t' {aka 'long int'} + 136 | _used_ intptr_t __stack_chk_guard = (intptr_t) 0x70f6967de78acae3; + | ^~~~~~~~~~~~~~~~~ +cc1: note: previous declaration of '__stack_chk_guard' with type 'long unsigned int' +../src/boot/efi-log.c:136:17: error: declaration of '__stack_chk_guard' shadows a global declaration [-Werror=shadow] + 136 | _used_ intptr_t __stack_chk_guard = (intptr_t) 0x70f6967de78acae3; + | ^~~~~~~~~~~~~~~~~ +``` + +Let's match the declaration to unsigned type as suggested by upstream in +https://gcc.gnu.org/PR121911#c6. +--- + src/boot/efi-log.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/boot/efi-log.c b/src/boot/efi-log.c +index ed0a2746933e0..520f985389c55 100644 +--- a/src/boot/efi-log.c ++++ b/src/boot/efi-log.c +@@ -133,7 +133,7 @@ void log_wait(void) { + } + + // NOLINTNEXTLINE(misc-use-internal-linkage) +-_used_ intptr_t __stack_chk_guard = (intptr_t) 0x70f6967de78acae3; ++_used_ uintptr_t __stack_chk_guard = (uintptr_t) 0x70f6967de78acae3; + + /* We can only set a random stack canary if this function attribute is available, + * otherwise this may create a stack check fail. */ +@@ -144,7 +144,7 @@ void __stack_chk_guard_init(void) { + (void) rng->GetRNG(rng, NULL, sizeof(__stack_chk_guard), (void *) &__stack_chk_guard); + else + /* Better than no extra entropy. */ +- __stack_chk_guard ^= (intptr_t) __executable_start; ++ __stack_chk_guard ^= (uintptr_t) __executable_start; + } + #endif diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260.1-gpt-generator.patch b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260.1-gpt-generator.patch new file mode 100644 index 0000000000..d85bddcdbf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260.1-gpt-generator.patch @@ -0,0 +1,39 @@ +https://bugs.gentoo.org/973136 +https://github.com/systemd/systemd/issues/41749 +https://github.com/systemd/systemd/pull/41756 +https://github.com/systemd/systemd/commit/1d78c2d327cbd4e738d0f1281a976a771f643517 + +From 1d78c2d327cbd4e738d0f1281a976a771f643517 Mon Sep 17 00:00:00 2001 +From: Nandakumar Raghavan +Date: Tue, 21 Apr 2026 13:14:17 +0000 +Subject: [PATCH] gpt-auto-generator: do not fail on missing libcryptsetup when + verity is not used + +add_veritysetup() is called unconditionally from add_root_mount() and +add_usr_mount() whenever in_initrd() is true, to generate units that +only activate if verity devices appear. However, when compiled without +libcryptsetup, this function returned a hard error, causing the entire +generator to fail even when no verity protection is in use. + +Change the #else fallback to log a debug message and return 0, matching +the pattern already used by add_root_cryptsetup(). +--- + src/gpt-auto-generator/gpt-auto-generator.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c +index 6716a8d1aaf7c..abbb955e5992e 100644 +--- a/src/gpt-auto-generator/gpt-auto-generator.c ++++ b/src/gpt-auto-generator/gpt-auto-generator.c +@@ -295,8 +295,8 @@ static int add_veritysetup( + + return 0; + #else +- return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), +- "Partition is Verity protected, but systemd-gpt-auto-generator was compiled without libcryptsetup support."); ++ log_warning("Compiled without libcryptsetup support, skipping verity setup for '%s'.", id); ++ return 0; + #endif + } + #endif + diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260.1-openssl-4.patch b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260.1-openssl-4.patch new file mode 100644 index 0000000000..486e2ee1ff --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/files/systemd-260.1-openssl-4.patch @@ -0,0 +1,81 @@ +https://bugs.gentoo.org/973121 +https://github.com/systemd/systemd/pull/41639 + +From 5fb14a1b88edb0a1d402ad5cf14c7a6b00f682c2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 14 Apr 2026 18:59:07 +0200 +Subject: [PATCH] various: fix compilation with openssl-4.0.0-beta1 + +Various types have been made opaque, so we need to use some accessor +functions. +--- + src/sbsign/sbsign.c | 5 +++-- + src/shared/pkcs11-util.c | 15 ++++++++------- + 2 files changed, 11 insertions(+), 9 deletions(-) + +diff --git a/src/sbsign/sbsign.c b/src/sbsign/sbsign.c +index ee1c0f77ab906..f54dacf65a49d 100644 +--- a/src/sbsign/sbsign.c ++++ b/src/sbsign/sbsign.c +@@ -265,8 +265,9 @@ static int spc_indirect_data_content_new(const void *digest, size_t digestsz, ui + return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to get SpcPeImageData object: %s", + ERR_error_string(ERR_get_error(), NULL)); + +- idc->data->value->value.sequence->data = TAKE_PTR(peidraw); +- idc->data->value->value.sequence->length = peidrawsz; ++ if (!ASN1_STRING_set(idc->data->value->value.sequence, peidraw, peidrawsz)) ++ return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to set ASN1_STRING data."); ++ + idc->messageDigest->digestAlgorithm->algorithm = OBJ_nid2obj(NID_sha256); + if (!idc->messageDigest->digestAlgorithm->algorithm) + return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to get SHA256 object: %s", +diff --git a/src/shared/pkcs11-util.c b/src/shared/pkcs11-util.c +index 165fefbea1ff8..96b25c4ac36b8 100644 +--- a/src/shared/pkcs11-util.c ++++ b/src/shared/pkcs11-util.c +@@ -560,7 +560,11 @@ int pkcs11_token_read_public_key( + return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to init an EVP_PKEY_CTX for EC."); + + OSSL_PARAM ec_params[8] = { +- OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, os->data, os->length) ++ /* We need to drop the const from the data param, because ec_params is ++ * modified below. But we'll not modify ec_params[0]. */ ++ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, ++ (unsigned char *) ASN1_STRING_get0_data(os), ++ ASN1_STRING_length(os)), + }; + + _cleanup_free_ void *order = NULL, *p = NULL, *a = NULL, *b = NULL, *generator = NULL; +@@ -663,13 +667,10 @@ int pkcs11_token_read_x509_certificate( + CK_OBJECT_HANDLE object, + X509 **ret_cert) { + +- _cleanup_free_ char *t = NULL; + CK_ATTRIBUTE attribute = { + .type = CKA_VALUE + }; + CK_RV rv; +- _cleanup_(X509_freep) X509 *x509 = NULL; +- X509_NAME *name = NULL; + int r; + + assert(ret_cert); +@@ -695,15 +696,15 @@ int pkcs11_token_read_x509_certificate( + "Failed to read X.509 certificate data off token: %s", sym_p11_kit_strerror(rv)); + + const unsigned char *p = attribute.pValue; +- x509 = d2i_X509(NULL, &p, attribute.ulValueLen); ++ _cleanup_(X509_freep) X509 *x509 = d2i_X509(NULL, &p, attribute.ulValueLen); + if (!x509) + return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "Failed to parse X.509 certificate."); + +- name = X509_get_subject_name(x509); ++ const X509_NAME *name = X509_get_subject_name(x509); + if (!name) + return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "Failed to acquire X.509 subject name."); + +- t = X509_NAME_oneline(name, NULL, 0); ++ _cleanup_free_ char *t = X509_NAME_oneline(name, NULL, 0); + if (!t) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to format X.509 subject name as string."); + diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/metadata.xml index c7c46b6219..cbee979b47 100644 --- a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/metadata.xml @@ -22,7 +22,6 @@ Enable portable home directories Enable embedded HTTP server in journald Enable import daemon - Use libiptc from net-firewall/iptables for NAT support in systemd-networkd; this is used only if the running kernel does not support nftables Enable kernel-install Enable kernel module loading via sys-apps/kmod Enable lz4 compression for the journal @@ -31,6 +30,7 @@ Enable PKCS#11 support for cryptsetup and homed Use dev-libs/libpwquality for password checking in homed Enable qrcode output support in journal + Enable remote journal access Install resolvconf symlink for systemd-resolve Install sysvinit compatibility symlinks and manpages for init, telinit, halt, poweroff, reboot, runlevel, and shutdown Enable TPM support diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-258.3.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-258.3.ebuild deleted file mode 100644 index 1d462d6ea4..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-258.3.ebuild +++ /dev/null @@ -1,579 +0,0 @@ -# Copyright 2011-2026 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 -PYTHON_COMPAT=( python3_{11..14} ) - -# Avoid QA warnings -TMPFILES_OPTIONAL=1 -UDEV_OPTIONAL=1 - -QA_PKGCONFIG_VERSION=$(ver_cut 1) - -if [[ ${PV} == 9999 ]]; then - EGIT_REPO_URI="https://github.com/systemd/systemd.git" - inherit git-r3 -else - MY_PV=${PV/_/-} - MY_P=${PN}-${MY_PV} - S=${WORKDIR}/${MY_P} - SRC_URI="https://github.com/systemd/${PN}/archive/refs/tags/v${MY_PV}.tar.gz -> ${MY_P}.tar.gz" - - if [[ ${PV} != *rc* ]] ; then - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" - fi -fi - -inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1 -inherit secureboot systemd toolchain-funcs udev - -DESCRIPTION="System and service manager for Linux" -HOMEPAGE="https://systemd.io/" - -LICENSE="GPL-2 LGPL-2.1 MIT public-domain" -SLOT="0/2" -IUSE=" - acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils - fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod - +lz4 lzma +openssl pam passwdqc pcre pkcs11 policykit pwquality qrcode - +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd -" -REQUIRED_USE=" - ${PYTHON_REQUIRED_USE} - dns-over-tls? ( openssl ) - fido2? ( cryptsetup openssl ) - homed? ( cryptsetup pam openssl ) - importd? ( curl lzma openssl ) - ?? ( passwdqc pwquality ) - passwdqc? ( homed ) - pwquality? ( homed ) - boot? ( kernel-install ) - ukify? ( boot ) -" -RESTRICT="!test? ( test )" - -MINKV="4.15" - -COMMON_DEPEND=" - >=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}] - sys-libs/libcap:0=[${MULTILIB_USEDEP}] - virtual/libcrypt:=[${MULTILIB_USEDEP}] - acl? ( sys-apps/acl:0= ) - apparmor? ( >=sys-libs/libapparmor-2.13:0= ) - audit? ( >=sys-process/audit-2:0= ) - bpf? ( >=dev-libs/libbpf-1.4.0:0= ) - cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) - curl? ( >=net-misc/curl-7.32.0:0= ) - elfutils? ( >=dev-libs/elfutils-0.158:0= ) - fido2? ( - dev-libs/libfido2:0= - ) - gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) - gnutls? ( >=net-libs/gnutls-3.6.0:0= ) - http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) - idn? ( net-dns/libidn2:= ) - importd? ( - app-arch/bzip2:0= - virtual/zlib:= - ) - kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - iptables? ( net-firewall/iptables:0= ) - openssl? ( >=dev-libs/openssl-1.1.0:0= ) - pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) - passwdqc? ( sys-auth/passwdqc:0= ) - pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= ) - pcre? ( dev-libs/libpcre2 ) - pwquality? ( >=dev-libs/libpwquality-1.4.1:0= ) - qrcode? ( >=media-gfx/qrencode-3:0= ) - seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) - selinux? ( >=sys-libs/libselinux-2.1.9:0= ) - tpm? ( app-crypt/tpm2-tss:0= ) - xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) - zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) -" - -# Newer linux-headers needed by ia64, bug #480218 -DEPEND="${COMMON_DEPEND} - >=sys-kernel/linux-headers-${MINKV} -" - -PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' - -# baselayout-2.2 has /run -RDEPEND="${COMMON_DEPEND} - >=acct-group/adm-0-r1 - >=acct-group/wheel-0-r1 - >=acct-group/kmem-0-r1 - >=acct-group/tty-0-r1 - >=acct-group/utmp-0-r1 - >=acct-group/audio-0-r1 - >=acct-group/cdrom-0-r1 - acct-group/clock - >=acct-group/dialout-0-r1 - >=acct-group/disk-0-r1 - >=acct-group/input-0-r1 - >=acct-group/kvm-0-r1 - >=acct-group/lp-0-r1 - >=acct-group/render-0-r1 - acct-group/sgx - >=acct-group/tape-0-r1 - acct-group/users - >=acct-group/video-0-r1 - >=acct-group/systemd-journal-0-r1 - >=acct-user/root-0-r1 - acct-user/nobody - >=acct-user/systemd-journal-remote-0-r1 - >=acct-user/systemd-coredump-0-r1 - >=acct-user/systemd-network-0-r1 - acct-user/systemd-oom - >=acct-user/systemd-resolve-0-r1 - >=acct-user/systemd-timesync-0-r1 - >=sys-apps/baselayout-2.2 - ukify? ( - ${PYTHON_DEPS} - $(python_gen_cond_dep "${PEFILE_DEPEND}") - ) - selinux? ( - sec-policy/selinux-base-policy[systemd] - sec-policy/selinux-ntp - ) - sysv-utils? ( - !sys-apps/openrc[sysv-utils(-)] - !sys-apps/sysvinit - ) - !sysv-utils? ( sys-apps/sysvinit ) - resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] - !sys-auth/nss-myhostname - !sys-fs/eudev - !sys-fs/udev -" - -# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -PDEPEND=">=sys-apps/dbus-1.9.8[systemd] - >=sys-fs/udev-init-scripts-34 - policykit? ( sys-auth/polkit ) - !vanilla? ( sys-apps/gentoo-systemd-integration )" - -BDEPEND=" - app-arch/xz-utils:0 - dev-util/gperf - >=dev-build/meson-0.46 - >=sys-apps/coreutils-8.16 - sys-devel/gettext - virtual/pkgconfig - bpf? ( - >=dev-util/bpftool-7.0.0 - sys-devel/bpf-toolchain - ) - test? ( - app-text/tree - dev-lang/perl - sys-apps/dbus - ) - app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0 - ${PYTHON_DEPS} - $(python_gen_cond_dep " - dev-python/jinja2[\${PYTHON_USEDEP}] - dev-python/lxml[\${PYTHON_USEDEP}] - boot? ( - >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] - test? ( ${PEFILE_DEPEND} ) - ) - ") -" - -QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" -QA_EXECSTACK="usr/lib/systemd/boot/efi/*" - -check_cgroup_layout() { - # https://bugs.gentoo.org/935261 - [[ ${MERGE_TYPE} != buildonly ]] || return - [[ -z ${ROOT} ]] || return - [[ -e /sys/fs/cgroup/unified ]] || return - grep -q 'SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1' /proc/cmdline && return - - eerror "This system appears to be booted with the 'hybrid' cgroup layout." - eerror "This layout obsolete and is disabled in systemd." - - if grep -qF 'systemd.unified_cgroup_hierarchy'; then - eerror "Remove the systemd.unified_cgroup_hierarchy option" - eerror "from the kernel command line and reboot." - die "hybrid cgroup layout detected" - fi -} - -pkg_pretend() { - if use split-usr; then - eerror "Please complete the migration to merged-usr." - eerror "https://wiki.gentoo.org/wiki/Merge-usr" - die "systemd no longer supports split-usr" - fi - - check_cgroup_layout - - if use cgroup-hybrid; then - eerror "Disable the 'cgroup-hybrid' USE flag." - eerror "Rebuild any initramfs images after rebuilding systemd." - die "cgroup-hybrid is no longer supported" - fi - - if [[ ${MERGE_TYPE} != buildonly ]]; then - local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS - ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE - ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS - ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS - ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH - ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED - ~!SYSFS_DEPRECATED_V2" - - use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" - use bpf && CONFIG_CHECK+=" ~BPF ~BPF_SYSCALL ~BPF_LSM ~DEBUG_INFO_BTF" - use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" - - if kernel_is -ge 5 10 20; then - CONFIG_CHECK+=" ~KCMP" - else - CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" - fi - - if kernel_is -ge 4 18; then - CONFIG_CHECK+=" ~AUTOFS_FS" - else - CONFIG_CHECK+=" ~AUTOFS4_FS" - fi - - if linux_config_exists; then - local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) - if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then - ewarn "It's recommended to set an empty value to the following kernel config option:" - ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" - fi - if linux_chkconfig_present X86; then - CONFIG_CHECK+=" ~DMIID" - fi - fi - - if kernel_is -lt ${MINKV//./ }; then - ewarn "Kernel version at least ${MINKV} required" - fi - - check_extra_config - fi -} - -pkg_setup() { - use boot && secureboot_pkg_setup -} - -src_unpack() { - default - [[ ${PV} != 9999 ]] || git-r3_src_unpack -} - -src_prepare() { - local PATCHES=( - "${FILESDIR}/systemd-258-shared-add-missing-alloc-util.patch" - "${FILESDIR}/systemd-258.3-kernel-install-test.patch" - "${FILESDIR}/systemd-259-test-echo.patch" - ) - - if ! use vanilla; then - PATCHES+=( - "${FILESDIR}/gentoo-journald-audit-r3.patch" - ) - fi - - default -} - -src_configure() { - # Prevent conflicts with i686 cross toolchain, bug 559726 - tc-export AR CC NM OBJCOPY RANLIB - - python_setup - - multilib-minimal_src_configure -} - -multilib_src_configure() { - local myconf=( - --localstatedir="${EPREFIX}/var" - -Ddocdir="share/doc/${PF}" - # default is developer, bug 918671 - -Dmode=release - -Dsupport-url="https://gentoo.org/support/" - -Dpamlibdir="$(getpam_mod_dir)" - # avoid bash-completion dep - -Dbashcompletiondir="$(get_bashcompdir)" - -Dsplit-bin=false - # Disable compatibility with sysvinit - -Dsysvinit-path= - -Dsysvrcnd-path= - # no deps - -Dima=true - # Match /etc/shells, bug 919749 - -Ddebug-shell="${EPREFIX}/bin/sh" - -Ddefault-user-shell="${EPREFIX}/bin/bash" - # Optional components/dependencies - $(meson_native_use_feature acl) - $(meson_native_use_feature apparmor) - $(meson_native_use_feature audit) - $(meson_native_use_feature boot bootloader) - $(meson_native_use_feature bpf bpf-framework) - -Dbpf-compiler=gcc - $(meson_native_use_feature cryptsetup libcryptsetup) - $(meson_native_use_feature curl libcurl) - $(meson_native_use_bool dns-over-tls dns-over-tls) - $(meson_native_use_feature elfutils) - $(meson_native_use_feature fido2 libfido2) - $(meson_feature gcrypt) - $(meson_native_use_feature gnutls) - $(meson_native_use_feature homed) - $(meson_native_use_feature http microhttpd) - $(meson_native_use_bool idn) - $(meson_native_use_feature importd) - $(meson_native_use_feature importd bzip2) - $(meson_native_use_feature importd zlib) - $(meson_native_use_bool kernel-install) - $(meson_native_use_feature kmod) - $(meson_feature lz4) - $(meson_feature lzma xz) - $(meson_use test tests) - $(meson_feature zstd) - $(meson_native_use_feature iptables libiptc) - $(meson_native_use_feature openssl) - $(meson_feature pam) - $(meson_native_use_feature passwdqc) - $(meson_native_use_feature pkcs11 p11kit) - $(meson_native_use_feature pcre pcre2) - $(meson_native_use_feature policykit polkit) - $(meson_native_use_feature pwquality) - $(meson_native_use_feature qrcode qrencode) - $(meson_native_use_feature seccomp) - $(meson_native_use_feature selinux) - $(meson_native_use_feature tpm tpm2) - $(meson_native_use_feature test dbus) - $(meson_native_use_feature ukify) - $(meson_native_use_feature xkb xkbcommon) - -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" - # Breaks screen, tmux, etc. - -Ddefault-kill-user-processes=false - -Dcreate-log-dirs=false - - # multilib options - $(meson_native_true backlight) - $(meson_native_true binfmt) - $(meson_native_true coredump) - $(meson_native_true environment-d) - $(meson_native_true firstboot) - $(meson_native_true hibernate) - $(meson_native_true hostnamed) - $(meson_native_true ldconfig) - $(meson_native_true localed) - $(meson_native_enabled man) - $(meson_native_true networkd) - $(meson_native_true quotacheck) - $(meson_native_true randomseed) - $(meson_native_true rfkill) - $(meson_native_true sysusers) - $(meson_native_true timedated) - $(meson_native_true timesyncd) - $(meson_native_true tmpfiles) - $(meson_native_true vconsole) - ) - - case $(tc-arch) in - amd64|arm|arm64|loong|ppc|ppc64|riscv|s390|x86) - # src/vmspawn/vmspawn-util.h: QEMU_MACHINE_TYPE - myconf+=( $(meson_native_enabled vmspawn) ) ;; - *) - myconf+=( -Dvmspawn=disabled ) ;; - esac - - meson_src_configure "${myconf[@]}" -} - -multilib_src_test() { - ( - unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR - export COLUMNS=80 - addpredict /dev - addpredict /proc - addpredict /run - addpredict /sys/fs/cgroup - meson_src_test --timeout-multiplier=10 - ) || die -} - -multilib_src_install_all() { - einstalldocs - dodoc "${FILESDIR}"/nsswitch.conf - - insinto /usr/lib/tmpfiles.d - doins "${FILESDIR}"/legacy.conf - - if ! use resolvconf; then - rm -f "${ED}"/usr/bin/resolvconf || die - fi - - if ! use sysv-utils; then - rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die - rm "${ED}"/usr/share/man/man1/init.1 || die - rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die - fi - - # https://bugs.gentoo.org/761763 - rm -r "${ED}"/usr/lib/sysusers.d || die - - # Preserve empty dirs in /etc & /var, bug #437008 - keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} - keepdir /etc/kernel/install.d - keepdir /etc/systemd/{network,system,user} - keepdir /etc/udev/rules.d - - keepdir /etc/udev/hwdb.d - - keepdir /usr/lib/systemd/{system-sleep,system-shutdown} - keepdir /usr/lib/{binfmt.d,modules-load.d} - keepdir /usr/lib/systemd/user-generators - keepdir /var/lib/systemd - keepdir /var/log/journal - - if use pam; then - if use selinux; then - newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user - else - newpamd "${FILESDIR}"/systemd-user.pam systemd-user - fi - fi - - if use kernel-install; then - # Dummy config, remove to make room for sys-kernel/installkernel - rm "${ED}/usr/lib/kernel/install.conf" || die - fi - - use ukify && python_fix_shebang "${ED}" - use boot && secureboot_auto_sign -} - -migrate_locale() { - local envd_locale_def="${EROOT}/etc/env.d/02locale" - local envd_locale=( "${EROOT}"/etc/env.d/??locale ) - local locale_conf="${EROOT}/etc/locale.conf" - - if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then - # If locale.conf does not exist... - if [[ -e ${envd_locale} ]]; then - # ...either copy env.d/??locale if there's one - ebegin "Moving ${envd_locale} to ${locale_conf}" - mv "${envd_locale}" "${locale_conf}" - eend ${?} || FAIL=1 - else - # ...or create a dummy default - ebegin "Creating ${locale_conf}" - cat > "${locale_conf}" <<-EOF - # This file has been created by the sys-apps/systemd ebuild. - # See locale.conf(5) and localectl(1). - - # LANG=${LANG} - EOF - eend ${?} || FAIL=1 - fi - fi - - if [[ ! -L ${envd_locale} ]]; then - # now, if env.d/??locale is not a symlink (to locale.conf)... - if [[ -e ${envd_locale} ]]; then - # ...warn the user that he has duplicate locale settings - ewarn - ewarn "To ensure consistent behavior, you should replace ${envd_locale}" - ewarn "with a symlink to ${locale_conf}. Please migrate your settings" - ewarn "and create the symlink with the following command:" - ewarn "ln -s -n -f ../locale.conf ${envd_locale}" - ewarn - else - # ...or just create the symlink if there's nothing here - ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" - ln -n -s ../locale.conf "${envd_locale_def}" - eend ${?} || FAIL=1 - fi - fi -} - -pkg_preinst() { - if [[ -e ${EROOT}/etc/sysctl.conf ]]; then - # Symlink /etc/sysctl.conf for easy migration. - dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf - fi - - if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then - ewarn "The 'gnuefi' USE flag has been renamed to 'boot'." - ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot." - fi -} - -pkg_postinst() { - systemd_update_catalog - - # Keep this here in case the database format changes so it gets updated - # when required. - systemd-hwdb --root="${ROOT}" update - - udev_reload || FAIL=1 - - # Bug 465468, make sure locales are respected, and ensure consistency - # between OpenRC & systemd - migrate_locale - - if [[ -z ${REPLACING_VERSIONS} ]]; then - if type systemctl &>/dev/null; then - systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 - fi - elog "To enable a useful set of services, run the following:" - elog " systemctl preset-all --preset-mode=enable-only" - fi - - if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then - rm "${EROOT}/var/lib/systemd/timesync" - fi - - if [[ -z ${ROOT} && -d /run/systemd/system ]]; then - ebegin "Reexecuting system manager (systemd)" - systemctl daemon-reexec - eend $? || FAIL=1 - - # https://lists.freedesktop.org/archives/systemd-devel/2024-June/050466.html - ebegin "Signaling user managers to reexec" - systemctl kill --kill-whom='main' --signal='SIGRTMIN+25' 'user@*.service' - eend $? - fi - - if [[ ${FAIL} ]]; then - eerror "One of the postinst commands failed. Please check the postinst output" - eerror "for errors. You may need to clean up your system and/or try installing" - eerror "systemd again." - eerror - fi - - if use boot; then - optfeature "installing kernels in systemd-boot's native layout and update loader entries" \ - "sys-kernel/installkernel[systemd-boot]" - fi - if use ukify; then - optfeature "generating unified kernel image on each kernel installation" \ - "sys-kernel/installkernel[ukify]" - fi -} - -pkg_prerm() { - # If removing systemd completely, remove the catalog database. - if [[ ! ${REPLACED_BY_VERSION} ]]; then - rm -f -v "${EROOT}"/var/lib/systemd/catalog/database - fi -} diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-259.1.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-259.4-r1.ebuild similarity index 93% rename from sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-259.1.ebuild rename to sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-259.4-r1.ebuild index 1750925132..84055e8f1d 100644 --- a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-259.1.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-259.4-r1.ebuild @@ -20,11 +20,11 @@ else SRC_URI="https://github.com/systemd/${PN}/archive/refs/tags/v${MY_PV}.tar.gz -> ${MY_P}.tar.gz" if [[ ${PV} != *rc* ]] ; then - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" + KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" fi fi -inherit branding linux-info meson-multilib optfeature pam python-single-r1 +inherit branding flag-o-matic linux-info meson-multilib optfeature pam python-single-r1 inherit secureboot shell-completion systemd toolchain-funcs udev DESCRIPTION="System and service manager for Linux" @@ -34,9 +34,9 @@ LICENSE="GPL-2 LGPL-2.1 MIT public-domain" SLOT="0/2" IUSE=" acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils - fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod + fido2 +gcrypt gnutls homed http idn importd +kernel-install +kmod +lz4 lzma +openssl pam passwdqc pcre pkcs11 policykit pwquality qrcode - +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd + +resolvconf +seccomp selinux split-usr sysv-utils test tpm ukify vanilla xkb +zstd " REQUIRED_USE=" ${PYTHON_REQUIRED_USE} @@ -79,7 +79,6 @@ COMMON_DEPEND=" kmod? ( >=sys-apps/kmod-15:0= ) lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - iptables? ( net-firewall/iptables:0= ) openssl? ( >=dev-libs/openssl-1.1.0:0= ) pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) passwdqc? ( sys-auth/passwdqc:0= ) @@ -146,17 +145,19 @@ RDEPEND="${COMMON_DEPEND} ) !sysv-utils? ( sys-apps/sysvinit ) resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] !sys-auth/nss-myhostname !sys-fs/eudev !sys-fs/udev " # sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -PDEPEND=">=sys-apps/dbus-1.9.8[systemd] +PDEPEND=" + >=sys-apps/dbus-1.9.8[systemd] >=sys-fs/udev-init-scripts-34 policykit? ( sys-auth/polkit ) - !vanilla? ( sys-apps/gentoo-systemd-integration )" + !sysv-utils? ( sys-apps/systemd-initctl ) + !vanilla? ( sys-apps/gentoo-systemd-integration ) +" BDEPEND=" app-arch/xz-utils:0 @@ -229,7 +230,6 @@ pkg_pretend() { ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS - ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED ~!SYSFS_DEPRECATED_V2" @@ -279,7 +279,7 @@ src_unpack() { src_prepare() { local PATCHES=( - "${FILESDIR}/systemd-259-test-echo.patch" + "${FILESDIR}/systemd-260-mips.patch" ) if ! use vanilla; then @@ -295,6 +295,20 @@ src_configure() { # Prevent conflicts with i686 cross toolchain, bug 559726 tc-export AR CC NM OBJCOPY RANLIB + # Our toolchain sets F_S=2 by default w/ >= -O2, so we need + # to unset F_S first, then explicitly set 2, to negate any default + # and anything set by the user if they're choosing 3 (or if they've + # modified GCC to set 3). + # + # malloc_usable_size doesn't play well with _F_S=3: + # https://github.com/systemd/systemd/issues/41459 (bug #971773) + if tc-is-clang && tc-enables-fortify-source ; then + # We can't unconditionally do this b/c we fortify needs + # some level of optimisation. + filter-flags -D_FORTIFY_SOURCE=3 + append-cppflags -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 + fi + python_setup multilib-minimal_src_configure @@ -346,7 +360,6 @@ multilib_src_configure() { $(meson_feature lz4) $(meson_feature lzma xz) $(meson_feature zstd) - $(meson_native_use_feature iptables libiptc) $(meson_native_use_feature openssl) $(meson_feature pam) $(meson_native_use_feature passwdqc) @@ -530,8 +543,7 @@ pkg_postinst() { # Keep this here in case the database format changes so it gets updated # when required. - systemd-hwdb --root="${ROOT}" update - + udev_hwdb_update || FAIL=1 udev_reload || FAIL=1 # Bug 465468, make sure locales are respected, and ensure consistency diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-259.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-259.ebuild deleted file mode 100644 index 83d7f3cc53..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-259.ebuild +++ /dev/null @@ -1,579 +0,0 @@ -# Copyright 2011-2026 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 -PYTHON_COMPAT=( python3_{11..14} ) - -# Avoid QA warnings -TMPFILES_OPTIONAL=1 -UDEV_OPTIONAL=1 - -QA_PKGCONFIG_VERSION=$(ver_cut 1) - -if [[ ${PV} == 9999 ]]; then - EGIT_REPO_URI="https://github.com/systemd/systemd.git" - inherit git-r3 -else - MY_PV=${PV/_/-} - MY_P=${PN}-${MY_PV} - S=${WORKDIR}/${MY_P} - SRC_URI="https://github.com/systemd/${PN}/archive/refs/tags/v${MY_PV}.tar.gz -> ${MY_P}.tar.gz" - - if [[ ${PV} != *rc* ]] ; then - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" - fi -fi - -inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1 -inherit secureboot systemd toolchain-funcs udev - -DESCRIPTION="System and service manager for Linux" -HOMEPAGE="https://systemd.io/" - -LICENSE="GPL-2 LGPL-2.1 MIT public-domain" -SLOT="0/2" -IUSE=" - acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils - fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod - +lz4 lzma +openssl pam passwdqc pcre pkcs11 policykit pwquality qrcode - +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd -" -REQUIRED_USE=" - ${PYTHON_REQUIRED_USE} - dns-over-tls? ( openssl ) - fido2? ( cryptsetup openssl ) - homed? ( cryptsetup pam openssl ) - importd? ( curl lzma openssl ) - ?? ( passwdqc pwquality ) - passwdqc? ( homed ) - pwquality? ( homed ) - boot? ( kernel-install ) - ukify? ( boot ) -" -RESTRICT="!test? ( test )" - -MINKV="4.15" - -COMMON_DEPEND=" - >=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}] - sys-libs/libcap:0=[${MULTILIB_USEDEP}] - virtual/libcrypt:=[${MULTILIB_USEDEP}] - acl? ( sys-apps/acl:0= ) - apparmor? ( >=sys-libs/libapparmor-2.13:0= ) - audit? ( >=sys-process/audit-2:0= ) - bpf? ( >=dev-libs/libbpf-1.4.0:0= ) - cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) - curl? ( >=net-misc/curl-7.32.0:0= ) - elfutils? ( >=dev-libs/elfutils-0.158:0= ) - fido2? ( - dev-libs/libfido2:0= - ) - gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) - gnutls? ( >=net-libs/gnutls-3.6.0:0= ) - http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) - idn? ( net-dns/libidn2:= ) - importd? ( - app-arch/bzip2:0= - virtual/zlib:= - ) - kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - iptables? ( net-firewall/iptables:0= ) - openssl? ( >=dev-libs/openssl-1.1.0:0= ) - pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) - passwdqc? ( sys-auth/passwdqc:0= ) - pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= ) - pcre? ( dev-libs/libpcre2 ) - pwquality? ( >=dev-libs/libpwquality-1.4.1:0= ) - qrcode? ( >=media-gfx/qrencode-3:0= ) - seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) - selinux? ( >=sys-libs/libselinux-2.1.9:0= ) - tpm? ( app-crypt/tpm2-tss:0= ) - xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) - zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) -" - -# Newer linux-headers needed by ia64, bug #480218 -DEPEND="${COMMON_DEPEND} - >=sys-kernel/linux-headers-${MINKV} -" - -PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' - -# baselayout-2.2 has /run -RDEPEND="${COMMON_DEPEND} - >=acct-group/adm-0-r1 - >=acct-group/wheel-0-r1 - >=acct-group/kmem-0-r1 - >=acct-group/tty-0-r1 - >=acct-group/utmp-0-r1 - >=acct-group/audio-0-r1 - >=acct-group/cdrom-0-r1 - acct-group/clock - >=acct-group/dialout-0-r1 - >=acct-group/disk-0-r1 - >=acct-group/input-0-r1 - >=acct-group/kvm-0-r1 - >=acct-group/lp-0-r1 - >=acct-group/render-0-r1 - acct-group/sgx - >=acct-group/tape-0-r1 - acct-group/users - >=acct-group/video-0-r1 - >=acct-group/systemd-journal-0-r1 - >=acct-user/root-0-r1 - acct-user/nobody - >=acct-user/systemd-journal-remote-0-r1 - >=acct-user/systemd-coredump-0-r1 - >=acct-user/systemd-network-0-r1 - acct-user/systemd-oom - >=acct-user/systemd-resolve-0-r1 - >=acct-user/systemd-timesync-0-r1 - >=sys-apps/baselayout-2.2 - elibc_musl? ( >=sys-libs/musl-1.2.5-r8 ) - ukify? ( - ${PYTHON_DEPS} - $(python_gen_cond_dep "${PEFILE_DEPEND}") - ) - selinux? ( - sec-policy/selinux-base-policy[systemd] - sec-policy/selinux-ntp - ) - sysv-utils? ( - !sys-apps/openrc[sysv-utils(-)] - !sys-apps/sysvinit - ) - !sysv-utils? ( sys-apps/sysvinit ) - resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] - !sys-auth/nss-myhostname - !sys-fs/eudev - !sys-fs/udev -" - -# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -PDEPEND=">=sys-apps/dbus-1.9.8[systemd] - >=sys-fs/udev-init-scripts-34 - policykit? ( sys-auth/polkit ) - !vanilla? ( sys-apps/gentoo-systemd-integration )" - -BDEPEND=" - app-arch/xz-utils:0 - dev-util/gperf - >=dev-build/meson-0.46 - >=sys-apps/coreutils-8.16 - sys-devel/gettext - virtual/pkgconfig - bpf? ( - >=dev-util/bpftool-7.0.0 - sys-devel/bpf-toolchain - ) - test? ( - app-text/tree - dev-lang/perl - sys-apps/dbus - ) - app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0 - ${PYTHON_DEPS} - $(python_gen_cond_dep " - dev-python/jinja2[\${PYTHON_USEDEP}] - dev-python/lxml[\${PYTHON_USEDEP}] - boot? ( - >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] - test? ( ${PEFILE_DEPEND} ) - ) - ") -" - -QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" -QA_EXECSTACK="usr/lib/systemd/boot/efi/*" - -check_cgroup_layout() { - # https://bugs.gentoo.org/935261 - [[ ${MERGE_TYPE} != buildonly ]] || return - [[ -z ${ROOT} ]] || return - [[ -e /sys/fs/cgroup/unified ]] || return - grep -q 'SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1' /proc/cmdline && return - - eerror "This system appears to be booted with the 'hybrid' cgroup layout." - eerror "This layout obsolete and is disabled in systemd." - - if grep -qF 'systemd.unified_cgroup_hierarchy'; then - eerror "Remove the systemd.unified_cgroup_hierarchy option" - eerror "from the kernel command line and reboot." - die "hybrid cgroup layout detected" - fi -} - -pkg_pretend() { - if use split-usr; then - eerror "Please complete the migration to merged-usr." - eerror "https://wiki.gentoo.org/wiki/Merge-usr" - die "systemd no longer supports split-usr" - fi - - check_cgroup_layout - - if use cgroup-hybrid; then - eerror "Disable the 'cgroup-hybrid' USE flag." - eerror "Rebuild any initramfs images after rebuilding systemd." - die "cgroup-hybrid is no longer supported" - fi - - if [[ ${MERGE_TYPE} != buildonly ]]; then - local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS - ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE - ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS - ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS - ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH - ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED - ~!SYSFS_DEPRECATED_V2" - - use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" - use bpf && CONFIG_CHECK+=" ~BPF ~BPF_SYSCALL ~BPF_LSM ~DEBUG_INFO_BTF" - use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" - - if kernel_is -ge 5 10 20; then - CONFIG_CHECK+=" ~KCMP" - else - CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" - fi - - if kernel_is -ge 4 18; then - CONFIG_CHECK+=" ~AUTOFS_FS" - else - CONFIG_CHECK+=" ~AUTOFS4_FS" - fi - - if linux_config_exists; then - local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) - if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then - ewarn "It's recommended to set an empty value to the following kernel config option:" - ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" - fi - if linux_chkconfig_present X86; then - CONFIG_CHECK+=" ~DMIID" - fi - fi - - if kernel_is -lt ${MINKV//./ }; then - ewarn "Kernel version at least ${MINKV} required" - fi - - check_extra_config - fi -} - -pkg_setup() { - use boot && secureboot_pkg_setup -} - -src_unpack() { - default - [[ ${PV} != 9999 ]] || git-r3_src_unpack -} - -src_prepare() { - local PATCHES=( - "${FILESDIR}/systemd-259-vmspawn-use-indexed-loop.patch" - ) - - if ! use vanilla; then - PATCHES+=( - "${FILESDIR}/gentoo-journald-audit-r4.patch" - ) - fi - - default -} - -src_configure() { - # Prevent conflicts with i686 cross toolchain, bug 559726 - tc-export AR CC NM OBJCOPY RANLIB - - python_setup - - multilib-minimal_src_configure -} - -multilib_src_configure() { - local myconf=( - --localstatedir="${EPREFIX}/var" - -Ddocdir="share/doc/${PF}" - # default is developer, bug 918671 - -Dmode=release - -Dsupport-url="https://gentoo.org/support/" - -Dpamlibdir="$(getpam_mod_dir)" - -Dlibc=$(usex elibc_musl musl glibc) - # avoid bash-completion dep - -Dbashcompletiondir="$(get_bashcompdir)" - -Dsplit-bin=false - # Disable compatibility with sysvinit - -Dsysvinit-path= - -Dsysvrcnd-path= - # no deps - -Dima=true - # Match /etc/shells, bug 919749 - -Ddebug-shell="${EPREFIX}/bin/sh" - -Ddefault-user-shell="${EPREFIX}/bin/bash" - # Optional components/dependencies - $(meson_native_use_feature acl) - $(meson_native_use_feature apparmor) - $(meson_native_use_feature audit) - $(meson_native_use_feature boot bootloader) - $(meson_native_use_feature bpf bpf-framework) - -Dbpf-compiler=gcc - $(meson_native_use_feature cryptsetup libcryptsetup) - $(meson_native_use_feature curl libcurl) - $(meson_native_use_bool dns-over-tls dns-over-tls) - $(meson_native_use_feature elfutils) - $(meson_native_use_feature fido2 libfido2) - $(meson_feature gcrypt) - $(meson_native_use_feature gnutls) - $(meson_native_use_feature homed) - $(meson_native_use_feature http microhttpd) - $(meson_native_use_bool idn) - $(meson_native_use_feature importd) - $(meson_native_use_feature importd bzip2) - $(meson_native_use_feature importd zlib) - $(meson_native_use_bool kernel-install) - $(meson_native_use_feature kmod) - $(meson_feature lz4) - $(meson_feature lzma xz) - $(meson_use test tests) - $(meson_feature zstd) - $(meson_native_use_feature iptables libiptc) - $(meson_native_use_feature openssl) - $(meson_feature pam) - $(meson_native_use_feature passwdqc) - $(meson_native_use_feature pkcs11 p11kit) - $(meson_native_use_feature pcre pcre2) - $(meson_native_use_feature policykit polkit) - $(meson_native_use_feature pwquality) - $(meson_native_use_feature qrcode qrencode) - $(meson_native_use_feature seccomp) - $(meson_native_use_feature selinux) - $(meson_native_use_feature tpm tpm2) - $(meson_native_use_feature test dbus) - $(meson_native_use_feature ukify) - $(meson_native_use_feature xkb xkbcommon) - -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" - # Breaks screen, tmux, etc. - -Ddefault-kill-user-processes=false - -Dcreate-log-dirs=false - - # multilib options - $(meson_native_true backlight) - $(meson_native_true binfmt) - $(meson_native_true coredump) - $(meson_native_true environment-d) - $(meson_native_true firstboot) - $(meson_native_true hibernate) - $(meson_native_true hostnamed) - $(meson_native_true ldconfig) - $(meson_native_true localed) - $(meson_native_enabled man) - $(meson_native_true networkd) - $(meson_native_true quotacheck) - $(meson_native_true randomseed) - $(meson_native_true rfkill) - $(meson_native_true sysusers) - $(meson_native_true timedated) - $(meson_native_true timesyncd) - $(meson_native_true tmpfiles) - $(meson_native_true vconsole) - ) - - case $(tc-arch) in - amd64|arm|arm64|loong|ppc|ppc64|riscv|s390|x86) - # src/vmspawn/vmspawn-util.h: QEMU_MACHINE_TYPE - myconf+=( $(meson_native_enabled vmspawn) ) ;; - *) - myconf+=( -Dvmspawn=disabled ) ;; - esac - - meson_src_configure "${myconf[@]}" -} - -multilib_src_test() { - ( - unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR - export COLUMNS=80 - addpredict /dev - addpredict /proc - addpredict /run - addpredict /sys/fs/cgroup - meson_src_test --timeout-multiplier=10 - ) || die -} - -multilib_src_install_all() { - einstalldocs - dodoc "${FILESDIR}"/nsswitch.conf - - insinto /usr/lib/tmpfiles.d - doins "${FILESDIR}"/legacy.conf - - if ! use resolvconf; then - rm -f "${ED}"/usr/bin/resolvconf || die - fi - - if ! use sysv-utils; then - rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die - rm "${ED}"/usr/share/man/man1/init.1 || die - rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die - fi - - # https://bugs.gentoo.org/761763 - rm -r "${ED}"/usr/lib/sysusers.d || die - - # Preserve empty dirs in /etc & /var, bug #437008 - keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} - keepdir /etc/kernel/install.d - keepdir /etc/systemd/{network,system,user} - keepdir /etc/udev/rules.d - - keepdir /etc/udev/hwdb.d - - keepdir /usr/lib/systemd/{system-sleep,system-shutdown} - keepdir /usr/lib/{binfmt.d,modules-load.d} - keepdir /usr/lib/systemd/user-generators - keepdir /var/lib/systemd - keepdir /var/log/journal - - if use pam; then - if use selinux; then - newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user - else - newpamd "${FILESDIR}"/systemd-user.pam systemd-user - fi - fi - - if use kernel-install; then - # Dummy config, remove to make room for sys-kernel/installkernel - rm "${ED}/usr/lib/kernel/install.conf" || die - fi - - use ukify && python_fix_shebang "${ED}" - use boot && secureboot_auto_sign -} - -migrate_locale() { - local envd_locale_def="${EROOT}/etc/env.d/02locale" - local envd_locale=( "${EROOT}"/etc/env.d/??locale ) - local locale_conf="${EROOT}/etc/locale.conf" - - if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then - # If locale.conf does not exist... - if [[ -e ${envd_locale} ]]; then - # ...either copy env.d/??locale if there's one - ebegin "Moving ${envd_locale} to ${locale_conf}" - mv "${envd_locale}" "${locale_conf}" - eend ${?} || FAIL=1 - else - # ...or create a dummy default - ebegin "Creating ${locale_conf}" - cat > "${locale_conf}" <<-EOF - # This file has been created by the sys-apps/systemd ebuild. - # See locale.conf(5) and localectl(1). - - # LANG=${LANG} - EOF - eend ${?} || FAIL=1 - fi - fi - - if [[ ! -L ${envd_locale} ]]; then - # now, if env.d/??locale is not a symlink (to locale.conf)... - if [[ -e ${envd_locale} ]]; then - # ...warn the user that he has duplicate locale settings - ewarn - ewarn "To ensure consistent behavior, you should replace ${envd_locale}" - ewarn "with a symlink to ${locale_conf}. Please migrate your settings" - ewarn "and create the symlink with the following command:" - ewarn "ln -s -n -f ../locale.conf ${envd_locale}" - ewarn - else - # ...or just create the symlink if there's nothing here - ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" - ln -n -s ../locale.conf "${envd_locale_def}" - eend ${?} || FAIL=1 - fi - fi -} - -pkg_preinst() { - if [[ -e ${EROOT}/etc/sysctl.conf ]]; then - # Symlink /etc/sysctl.conf for easy migration. - dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf - fi - - if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then - ewarn "The 'gnuefi' USE flag has been renamed to 'boot'." - ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot." - fi -} - -pkg_postinst() { - systemd_update_catalog - - # Keep this here in case the database format changes so it gets updated - # when required. - systemd-hwdb --root="${ROOT}" update - - udev_reload || FAIL=1 - - # Bug 465468, make sure locales are respected, and ensure consistency - # between OpenRC & systemd - migrate_locale - - if [[ -z ${REPLACING_VERSIONS} ]]; then - if type systemctl &>/dev/null; then - systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 - fi - elog "To enable a useful set of services, run the following:" - elog " systemctl preset-all --preset-mode=enable-only" - fi - - if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then - rm "${EROOT}/var/lib/systemd/timesync" - fi - - if [[ -z ${ROOT} && -d /run/systemd/system ]]; then - ebegin "Reexecuting system manager (systemd)" - systemctl daemon-reexec - eend $? || FAIL=1 - - # https://lists.freedesktop.org/archives/systemd-devel/2024-June/050466.html - ebegin "Signaling user managers to reexec" - systemctl kill --kill-whom='main' --signal='SIGRTMIN+25' 'user@*.service' - eend $? - fi - - if [[ ${FAIL} ]]; then - eerror "One of the postinst commands failed. Please check the postinst output" - eerror "for errors. You may need to clean up your system and/or try installing" - eerror "systemd again." - eerror - fi - - if use boot; then - optfeature "installing kernels in systemd-boot's native layout and update loader entries" \ - "sys-kernel/installkernel[systemd-boot]" - fi - if use ukify; then - optfeature "generating unified kernel image on each kernel installation" \ - "sys-kernel/installkernel[ukify]" - fi -} - -pkg_prerm() { - # If removing systemd completely, remove the catalog database. - if [[ ! ${REPLACED_BY_VERSION} ]]; then - rm -f -v "${EROOT}"/var/lib/systemd/catalog/database - fi -} diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-259.2.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-260.1-r1.ebuild similarity index 67% rename from sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-259.2.ebuild rename to sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-260.1-r1.ebuild index 5a6103b359..7fba5b8883 100644 --- a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-259.2.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-260.1-r1.ebuild @@ -20,11 +20,11 @@ else SRC_URI="https://github.com/systemd/${PN}/archive/refs/tags/v${MY_PV}.tar.gz -> ${MY_P}.tar.gz" if [[ ${PV} != *rc* ]] ; then - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" + KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" fi fi -inherit branding linux-info meson-multilib optfeature pam python-single-r1 +inherit branding flag-o-matic linux-info meson-multilib optfeature pam python-single-r1 inherit secureboot shell-completion systemd toolchain-funcs udev DESCRIPTION="System and service manager for Linux" @@ -33,13 +33,14 @@ HOMEPAGE="https://systemd.io/" LICENSE="GPL-2 LGPL-2.1 MIT public-domain" SLOT="0/2" IUSE=" - acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils - fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod - +lz4 lzma +openssl pam passwdqc pcre pkcs11 policykit pwquality qrcode - +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd + acl apparmor audit boot bpf cryptsetup curl +dns-over-tls elfutils + fido2 +gcrypt gnutls homed idn importd +kernel-install +kmod +lz4 lzma + +openssl pam passwdqc pcre pkcs11 policykit pwquality qrcode remote + +resolvconf +seccomp selinux sysv-utils test tpm ukify vanilla xkb +zstd " REQUIRED_USE=" ${PYTHON_REQUIRED_USE} + boot? ( kernel-install ) dns-over-tls? ( openssl ) fido2? ( cryptsetup openssl ) homed? ( cryptsetup pam openssl ) @@ -47,51 +48,56 @@ REQUIRED_USE=" ?? ( passwdqc pwquality ) passwdqc? ( homed ) pwquality? ( homed ) - boot? ( kernel-install ) + remote? ( curl ) ukify? ( boot ) " RESTRICT="!test? ( test )" -MINKV="4.15" +MINKV="5.10" COMMON_DEPEND=" - >=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}] - sys-libs/libcap:0=[${MULTILIB_USEDEP}] - virtual/libcrypt:=[${MULTILIB_USEDEP}] - acl? ( sys-apps/acl:0= ) - apparmor? ( >=sys-libs/libapparmor-2.13:0= ) - audit? ( >=sys-process/audit-2:0= ) - bpf? ( >=dev-libs/libbpf-1.4.0:0= ) - cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) + >=sys-apps/util-linux-2.37 + acl? ( sys-apps/acl ) + apparmor? ( >=sys-libs/libapparmor-2.13 ) + audit? ( >=sys-process/audit-2 ) + bpf? ( >=dev-libs/libbpf-1.4.0 ) + cryptsetup? ( >=sys-fs/cryptsetup-2.4.0:= ) curl? ( >=net-misc/curl-7.32.0:0= ) - elfutils? ( >=dev-libs/elfutils-0.158:0= ) - fido2? ( - dev-libs/libfido2:0= + elfutils? ( >=dev-libs/elfutils-0.177 ) + elibc_glibc? ( + >=sys-libs/glibc-2.34 + >=sys-libs/libxcrypt-4.4.0 ) - gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) + elibc_musl? ( + >=sys-libs/musl-1.2.5-r8 + virtual/libcrypt + ) + fido2? ( + dev-libs/libfido2 + ) + gcrypt? ( >=dev-libs/libgcrypt-1.4.5 ) gnutls? ( >=net-libs/gnutls-3.6.0:0= ) - http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) - idn? ( net-dns/libidn2:= ) + remote? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) + idn? ( net-dns/libidn2 ) importd? ( app-arch/bzip2:0= virtual/zlib:= ) kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - iptables? ( net-firewall/iptables:0= ) - openssl? ( >=dev-libs/openssl-1.1.0:0= ) + lz4? ( >=app-arch/lz4-0_p131:0= ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:0= ) + openssl? ( >=dev-libs/openssl-3.0.0:0= ) pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) - passwdqc? ( sys-auth/passwdqc:0= ) - pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= ) + passwdqc? ( sys-auth/passwdqc ) + pkcs11? ( >=app-crypt/p11-kit-0.23.3 ) pcre? ( dev-libs/libpcre2 ) - pwquality? ( >=dev-libs/libpwquality-1.4.1:0= ) + pwquality? ( >=dev-libs/libpwquality-1.4.1 ) qrcode? ( >=media-gfx/qrencode-3:0= ) - seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) - selinux? ( >=sys-libs/libselinux-2.1.9:0= ) - tpm? ( app-crypt/tpm2-tss:0= ) - xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) - zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) + seccomp? ( >=sys-libs/libseccomp-2.4.0 ) + selinux? ( >=sys-libs/libselinux-2.1.9 ) + tpm? ( app-crypt/tpm2-tss ) + xkb? ( >=x11-libs/libxkbcommon-0.4.1 ) + zstd? ( >=app-arch/zstd-1.4.0:0= ) " # Newer linux-headers needed by ia64, bug #480218 @@ -131,7 +137,6 @@ RDEPEND="${COMMON_DEPEND} >=acct-user/systemd-resolve-0-r1 >=acct-user/systemd-timesync-0-r1 >=sys-apps/baselayout-2.2 - elibc_musl? ( >=sys-libs/musl-1.2.5-r8 ) ukify? ( ${PYTHON_DEPS} $(python_gen_cond_dep "${PEFILE_DEPEND}") @@ -146,17 +151,19 @@ RDEPEND="${COMMON_DEPEND} ) !sysv-utils? ( sys-apps/sysvinit ) resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] !sys-auth/nss-myhostname !sys-fs/eudev !sys-fs/udev " # sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -PDEPEND=">=sys-apps/dbus-1.9.8[systemd] +PDEPEND=" + >=sys-apps/dbus-1.9.8[systemd] >=sys-fs/udev-init-scripts-34 policykit? ( sys-auth/polkit ) - !vanilla? ( sys-apps/gentoo-systemd-integration )" + !sysv-utils? ( sys-apps/systemd-initctl ) + !vanilla? ( sys-apps/gentoo-systemd-integration ) +" BDEPEND=" app-arch/xz-utils:0 @@ -172,6 +179,7 @@ BDEPEND=" test? ( app-text/tree dev-lang/perl + >=dev-libs/glib-2.22.0:2 sys-apps/dbus ) app-text/docbook-xml-dtd:4.2 @@ -192,44 +200,12 @@ BDEPEND=" QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" QA_EXECSTACK="usr/lib/systemd/boot/efi/*" -check_cgroup_layout() { - # https://bugs.gentoo.org/935261 - [[ ${MERGE_TYPE} != buildonly ]] || return - [[ -z ${ROOT} ]] || return - [[ -e /sys/fs/cgroup/unified ]] || return - grep -q 'SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1' /proc/cmdline && return - - eerror "This system appears to be booted with the 'hybrid' cgroup layout." - eerror "This layout obsolete and is disabled in systemd." - - if grep -qF 'systemd.unified_cgroup_hierarchy'; then - eerror "Remove the systemd.unified_cgroup_hierarchy option" - eerror "from the kernel command line and reboot." - die "hybrid cgroup layout detected" - fi -} - pkg_pretend() { - if use split-usr; then - eerror "Please complete the migration to merged-usr." - eerror "https://wiki.gentoo.org/wiki/Merge-usr" - die "systemd no longer supports split-usr" - fi - - check_cgroup_layout - - if use cgroup-hybrid; then - eerror "Disable the 'cgroup-hybrid' USE flag." - eerror "Rebuild any initramfs images after rebuilding systemd." - die "cgroup-hybrid is no longer supported" - fi - if [[ ${MERGE_TYPE} != buildonly ]]; then local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS - ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED ~!SYSFS_DEPRECATED_V2" @@ -279,6 +255,10 @@ src_unpack() { src_prepare() { local PATCHES=( + "${FILESDIR}/systemd-260.1-fuzz-journald.patch" + "${FILESDIR}/systemd-260.1-openssl-4.patch" + "${FILESDIR}/systemd-260.1-gcc-17.patch" + "${FILESDIR}/systemd-260.1-gpt-generator.patch" ) if ! use vanilla; then @@ -294,6 +274,20 @@ src_configure() { # Prevent conflicts with i686 cross toolchain, bug 559726 tc-export AR CC NM OBJCOPY RANLIB + # Our toolchain sets F_S=2 by default w/ >= -O2, so we need + # to unset F_S first, then explicitly set 2, to negate any default + # and anything set by the user if they're choosing 3 (or if they've + # modified GCC to set 3). + # + # malloc_usable_size doesn't play well with _F_S=3: + # https://github.com/systemd/systemd/issues/41459 (bug #971773) + if tc-is-clang && tc-enables-fortify-source ; then + # We can't unconditionally do this b/c we fortify needs + # some level of optimisation. + filter-flags -D_FORTIFY_SOURCE=3 + append-cppflags -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 + fi + python_setup multilib-minimal_src_configure @@ -303,88 +297,30 @@ multilib_src_configure() { local myconf=( --localstatedir="${EPREFIX}/var" -Ddocdir="share/doc/${PF}" - # default is developer, bug 918671 - -Dmode=release + -Dmode=release # default is developer, bug 918671 + -Dlibc=$(usex elibc_musl musl glibc) -Dsupport-url="${BRANDING_OS_SUPPORT_URL}" -Dpamlibdir="$(getpam_mod_dir)" - -Dlibc=$(usex elibc_musl musl glibc) - # avoid bash-completion dep -Dbashcompletiondir="$(get_bashcompdir)" -Dzshcompletiondir="$(get_zshcompdir)" -Dsplit-bin=false - # Disable compatibility with sysvinit - -Dsysvinit-path= - -Dsysvrcnd-path= - # no deps - -Dima=true - # Match /etc/shells, bug 919749 - -Ddebug-shell="${EPREFIX}/bin/sh" + -Dima=true # no deps + -Ddebug-shell="${EPREFIX}/bin/sh" # Match /etc/shells, bug 919749 -Ddefault-user-shell="${EPREFIX}/bin/bash" - # Optional components/dependencies - $(meson_native_use_feature acl) - $(meson_native_use_feature apparmor) - $(meson_native_use_feature audit) - $(meson_native_use_feature boot bootloader) - $(meson_native_use_feature bpf bpf-framework) -Dbpf-compiler=gcc - $(meson_native_use_feature cryptsetup libcryptsetup) - $(meson_native_use_feature curl libcurl) - $(meson_native_use_bool dns-over-tls dns-over-tls) - $(meson_native_use_feature elfutils) - $(meson_native_use_feature fido2 libfido2) - $(meson_feature gcrypt) - $(meson_native_use_feature gnutls) - $(meson_native_use_feature homed) - $(meson_native_use_feature http microhttpd) - $(meson_native_use_bool idn) - $(meson_native_use_feature importd) - $(meson_native_use_feature importd bzip2) - $(meson_native_use_feature importd zlib) - $(meson_native_use_bool kernel-install) - $(meson_native_use_feature kmod) - $(meson_feature lz4) - $(meson_feature lzma xz) - $(meson_feature zstd) - $(meson_native_use_feature iptables libiptc) - $(meson_native_use_feature openssl) - $(meson_feature pam) - $(meson_native_use_feature passwdqc) - $(meson_native_use_feature pkcs11 p11kit) - $(meson_native_use_feature pcre pcre2) - $(meson_native_use_feature policykit polkit) - $(meson_native_use_feature pwquality) - $(meson_native_use_feature qrcode qrencode) - $(meson_native_use_feature seccomp) - $(meson_native_use_feature selinux) - $(meson_native_use_feature tpm tpm2) - $(meson_native_use_feature test dbus) - $(meson_native_use_feature ukify) - $(meson_native_use_feature xkb xkbcommon) -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" # Breaks screen, tmux, etc. -Ddefault-kill-user-processes=false -Dcreate-log-dirs=false + -Dlibcrypt=enabled + -Dcompat-mutable-uid-boundaries=true - # multilib options - $(meson_native_true backlight) - $(meson_native_true binfmt) - $(meson_native_true coredump) - $(meson_native_true environment-d) - $(meson_native_true firstboot) - $(meson_native_true hibernate) - $(meson_native_true hostnamed) - $(meson_native_true ldconfig) - $(meson_native_true localed) - $(meson_native_enabled man) - $(meson_native_true networkd) - $(meson_native_true quotacheck) - $(meson_native_true randomseed) - $(meson_native_true rfkill) - $(meson_native_true sysusers) - $(meson_native_true timedated) - $(meson_native_true timesyncd) - $(meson_native_true tmpfiles) - $(meson_native_true vconsole) + # options affecting multilib + $(meson_use !elibc_musl nss-myhostname) + $(meson_feature !elibc_musl nss-mymachines) + $(meson_feature !elibc_musl nss-resolve) + $(meson_use !elibc_musl nss-systemd) + $(meson_feature pam) ) # workaround for bug 969103 @@ -394,18 +330,92 @@ multilib_src_configure() { myconf+=( $(meson_use test tests) ) fi - case $(tc-arch) in - amd64|arm|arm64|loong|ppc|ppc64|riscv|s390|x86) - # src/vmspawn/vmspawn-util.h: QEMU_MACHINE_TYPE - myconf+=( $(meson_native_enabled vmspawn) ) ;; - *) - myconf+=( -Dvmspawn=disabled ) ;; - esac + if multilib_is_native_abi; then + myconf+=( + --auto-features=enabled + -Dman=enabled + -Dxenctrl=disabled + + # Optional components/dependencies + $(meson_feature acl) + $(meson_feature apparmor) + $(meson_feature audit) + $(meson_feature boot bootloader) + $(meson_feature bpf bpf-framework) + $(meson_feature cryptsetup libcryptsetup) + $(meson_feature cryptsetup libcryptsetup-plugins) + $(meson_feature curl libcurl) + $(meson_use dns-over-tls dns-over-tls) + $(meson_feature elfutils) + $(meson_feature fido2 libfido2) + $(meson_feature gcrypt) + $(meson_feature gnutls) + $(meson_feature homed) + $(meson_use idn) + $(meson_feature importd) + $(meson_feature importd bzip2) + $(meson_feature importd sysupdate) + $(meson_feature importd zlib) + $(meson_use kernel-install) + $(meson_feature kmod) + $(meson_feature lz4) + $(meson_feature lzma xz) + $(meson_feature zstd) + $(meson_feature openssl) + $(meson_feature passwdqc) + $(meson_feature pkcs11 p11kit) + $(meson_feature pcre pcre2) + $(meson_feature policykit polkit) + $(meson_feature pwquality) + $(meson_feature qrcode qrencode) + $(meson_feature remote) + $(meson_feature remote microhttpd) + $(meson_feature seccomp) + $(meson_feature selinux) + $(meson_feature tpm tpm2) + $(meson_feature test dbus) + $(meson_feature test glib) + $(meson_feature ukify) + $(meson_feature xkb xkbcommon) + ) + + case $(tc-arch) in + amd64|arm|arm64|loong|ppc|ppc64|riscv|s390|x86) + # src/vmspawn/vmspawn-util.h: QEMU_MACHINE_TYPE + myconf+=( $(meson_native_enabled vmspawn) ) ;; + *) + myconf+=( -Dvmspawn=disabled ) ;; + esac + else + myconf+=( + --auto-features=disabled + ) + fi meson_src_configure "${myconf[@]}" } +multilib_src_compile() { + local args=() + if ! multilib_is_native_abi; then + args+=( + devel libsystemd libudev + $(usex elibc_musl '' nss) + $(usev pam) + ) + fi + meson_src_compile "${args[@]}" +} + multilib_src_test() { + local args=( --timeout-multiplier=10 ) + if ! multilib_is_native_abi; then + args+=( + --suite libsystemd --suite libudev + $(usex elibc_musl '' '--suite nss') + $(usex pam '--suite pam' '') + ) + fi ( unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR export COLUMNS=80 @@ -413,10 +423,21 @@ multilib_src_test() { addpredict /proc addpredict /run addpredict /sys/fs/cgroup - meson_src_test --timeout-multiplier=10 + meson_src_test "${args[@]}" ) || die } +multilib_src_install() { + local args=() + if ! multilib_is_native_abi; then + local tags=devel,libsystemd,libudev + use !elibc_musl && tags+=,nss + use pam && tags+=,pam + args+=( --tags "${tags}" ) + fi + meson_src_install "${args[@]}" +} + multilib_src_install_all() { einstalldocs dodoc "${FILESDIR}"/nsswitch.conf @@ -529,14 +550,16 @@ pkg_postinst() { # Keep this here in case the database format changes so it gets updated # when required. - systemd-hwdb --root="${ROOT}" update - + udev_hwdb_update || FAIL=1 udev_reload || FAIL=1 # Bug 465468, make sure locales are respected, and ensure consistency # between OpenRC & systemd migrate_locale + # Bug 971385 + systemd_reenable getty@.service + if [[ -z ${REPLACING_VERSIONS} ]]; then if type systemctl &>/dev/null; then systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-9999.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-9999.ebuild index 5a6103b359..f77cd77363 100644 --- a/sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-9999.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-apps/systemd/systemd-9999.ebuild @@ -24,7 +24,7 @@ else fi fi -inherit branding linux-info meson-multilib optfeature pam python-single-r1 +inherit branding flag-o-matic linux-info meson-multilib optfeature pam python-single-r1 inherit secureboot shell-completion systemd toolchain-funcs udev DESCRIPTION="System and service manager for Linux" @@ -33,13 +33,14 @@ HOMEPAGE="https://systemd.io/" LICENSE="GPL-2 LGPL-2.1 MIT public-domain" SLOT="0/2" IUSE=" - acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils - fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod - +lz4 lzma +openssl pam passwdqc pcre pkcs11 policykit pwquality qrcode - +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd + acl apparmor audit boot bpf cryptsetup curl +dns-over-tls elfutils + fido2 +gcrypt gnutls homed idn importd +kernel-install +kmod +lz4 lzma + +openssl pam passwdqc pcre pkcs11 policykit pwquality qrcode remote + +resolvconf +seccomp selinux sysv-utils test tpm ukify vanilla xkb +zstd " REQUIRED_USE=" ${PYTHON_REQUIRED_USE} + boot? ( kernel-install ) dns-over-tls? ( openssl ) fido2? ( cryptsetup openssl ) homed? ( cryptsetup pam openssl ) @@ -47,51 +48,56 @@ REQUIRED_USE=" ?? ( passwdqc pwquality ) passwdqc? ( homed ) pwquality? ( homed ) - boot? ( kernel-install ) + remote? ( curl ) ukify? ( boot ) " RESTRICT="!test? ( test )" -MINKV="4.15" +MINKV="5.10" COMMON_DEPEND=" - >=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}] - sys-libs/libcap:0=[${MULTILIB_USEDEP}] - virtual/libcrypt:=[${MULTILIB_USEDEP}] - acl? ( sys-apps/acl:0= ) - apparmor? ( >=sys-libs/libapparmor-2.13:0= ) - audit? ( >=sys-process/audit-2:0= ) - bpf? ( >=dev-libs/libbpf-1.4.0:0= ) - cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) + >=sys-apps/util-linux-2.37 + acl? ( sys-apps/acl ) + apparmor? ( >=sys-libs/libapparmor-2.13 ) + audit? ( >=sys-process/audit-2 ) + bpf? ( >=dev-libs/libbpf-1.4.0 ) + cryptsetup? ( >=sys-fs/cryptsetup-2.4.0:= ) curl? ( >=net-misc/curl-7.32.0:0= ) - elfutils? ( >=dev-libs/elfutils-0.158:0= ) - fido2? ( - dev-libs/libfido2:0= + elfutils? ( >=dev-libs/elfutils-0.177 ) + elibc_glibc? ( + >=sys-libs/glibc-2.34 + >=sys-libs/libxcrypt-4.4.0 ) - gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) + elibc_musl? ( + >=sys-libs/musl-1.2.5-r8 + virtual/libcrypt + ) + fido2? ( + dev-libs/libfido2 + ) + gcrypt? ( >=dev-libs/libgcrypt-1.4.5 ) gnutls? ( >=net-libs/gnutls-3.6.0:0= ) - http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) - idn? ( net-dns/libidn2:= ) + remote? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) + idn? ( net-dns/libidn2 ) importd? ( app-arch/bzip2:0= virtual/zlib:= ) kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - iptables? ( net-firewall/iptables:0= ) - openssl? ( >=dev-libs/openssl-1.1.0:0= ) + lz4? ( >=app-arch/lz4-0_p131:0= ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:0= ) + openssl? ( >=dev-libs/openssl-3.0.0:0= ) pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) - passwdqc? ( sys-auth/passwdqc:0= ) - pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= ) + passwdqc? ( sys-auth/passwdqc ) + pkcs11? ( >=app-crypt/p11-kit-0.23.3 ) pcre? ( dev-libs/libpcre2 ) - pwquality? ( >=dev-libs/libpwquality-1.4.1:0= ) + pwquality? ( >=dev-libs/libpwquality-1.4.1 ) qrcode? ( >=media-gfx/qrencode-3:0= ) - seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) - selinux? ( >=sys-libs/libselinux-2.1.9:0= ) - tpm? ( app-crypt/tpm2-tss:0= ) - xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) - zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) + seccomp? ( >=sys-libs/libseccomp-2.4.0 ) + selinux? ( >=sys-libs/libselinux-2.1.9 ) + tpm? ( app-crypt/tpm2-tss ) + xkb? ( >=x11-libs/libxkbcommon-0.4.1 ) + zstd? ( >=app-arch/zstd-1.4.0:0= ) " # Newer linux-headers needed by ia64, bug #480218 @@ -131,7 +137,6 @@ RDEPEND="${COMMON_DEPEND} >=acct-user/systemd-resolve-0-r1 >=acct-user/systemd-timesync-0-r1 >=sys-apps/baselayout-2.2 - elibc_musl? ( >=sys-libs/musl-1.2.5-r8 ) ukify? ( ${PYTHON_DEPS} $(python_gen_cond_dep "${PEFILE_DEPEND}") @@ -146,17 +151,19 @@ RDEPEND="${COMMON_DEPEND} ) !sysv-utils? ( sys-apps/sysvinit ) resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] !sys-auth/nss-myhostname !sys-fs/eudev !sys-fs/udev " # sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -PDEPEND=">=sys-apps/dbus-1.9.8[systemd] +PDEPEND=" + >=sys-apps/dbus-1.9.8[systemd] >=sys-fs/udev-init-scripts-34 policykit? ( sys-auth/polkit ) - !vanilla? ( sys-apps/gentoo-systemd-integration )" + !sysv-utils? ( sys-apps/systemd-initctl ) + !vanilla? ( sys-apps/gentoo-systemd-integration ) +" BDEPEND=" app-arch/xz-utils:0 @@ -172,6 +179,7 @@ BDEPEND=" test? ( app-text/tree dev-lang/perl + >=dev-libs/glib-2.22.0:2 sys-apps/dbus ) app-text/docbook-xml-dtd:4.2 @@ -192,44 +200,12 @@ BDEPEND=" QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" QA_EXECSTACK="usr/lib/systemd/boot/efi/*" -check_cgroup_layout() { - # https://bugs.gentoo.org/935261 - [[ ${MERGE_TYPE} != buildonly ]] || return - [[ -z ${ROOT} ]] || return - [[ -e /sys/fs/cgroup/unified ]] || return - grep -q 'SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1' /proc/cmdline && return - - eerror "This system appears to be booted with the 'hybrid' cgroup layout." - eerror "This layout obsolete and is disabled in systemd." - - if grep -qF 'systemd.unified_cgroup_hierarchy'; then - eerror "Remove the systemd.unified_cgroup_hierarchy option" - eerror "from the kernel command line and reboot." - die "hybrid cgroup layout detected" - fi -} - pkg_pretend() { - if use split-usr; then - eerror "Please complete the migration to merged-usr." - eerror "https://wiki.gentoo.org/wiki/Merge-usr" - die "systemd no longer supports split-usr" - fi - - check_cgroup_layout - - if use cgroup-hybrid; then - eerror "Disable the 'cgroup-hybrid' USE flag." - eerror "Rebuild any initramfs images after rebuilding systemd." - die "cgroup-hybrid is no longer supported" - fi - if [[ ${MERGE_TYPE} != buildonly ]]; then local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS - ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED ~!SYSFS_DEPRECATED_V2" @@ -294,6 +270,20 @@ src_configure() { # Prevent conflicts with i686 cross toolchain, bug 559726 tc-export AR CC NM OBJCOPY RANLIB + # Our toolchain sets F_S=2 by default w/ >= -O2, so we need + # to unset F_S first, then explicitly set 2, to negate any default + # and anything set by the user if they're choosing 3 (or if they've + # modified GCC to set 3). + # + # malloc_usable_size doesn't play well with _F_S=3: + # https://github.com/systemd/systemd/issues/41459 (bug #971773) + if tc-is-clang && tc-enables-fortify-source ; then + # We can't unconditionally do this b/c we fortify needs + # some level of optimisation. + filter-flags -D_FORTIFY_SOURCE=3 + append-cppflags -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 + fi + python_setup multilib-minimal_src_configure @@ -303,88 +293,30 @@ multilib_src_configure() { local myconf=( --localstatedir="${EPREFIX}/var" -Ddocdir="share/doc/${PF}" - # default is developer, bug 918671 - -Dmode=release + -Dmode=release # default is developer, bug 918671 + -Dlibc=$(usex elibc_musl musl glibc) -Dsupport-url="${BRANDING_OS_SUPPORT_URL}" -Dpamlibdir="$(getpam_mod_dir)" - -Dlibc=$(usex elibc_musl musl glibc) - # avoid bash-completion dep -Dbashcompletiondir="$(get_bashcompdir)" -Dzshcompletiondir="$(get_zshcompdir)" -Dsplit-bin=false - # Disable compatibility with sysvinit - -Dsysvinit-path= - -Dsysvrcnd-path= - # no deps - -Dima=true - # Match /etc/shells, bug 919749 - -Ddebug-shell="${EPREFIX}/bin/sh" + -Dima=true # no deps + -Ddebug-shell="${EPREFIX}/bin/sh" # Match /etc/shells, bug 919749 -Ddefault-user-shell="${EPREFIX}/bin/bash" - # Optional components/dependencies - $(meson_native_use_feature acl) - $(meson_native_use_feature apparmor) - $(meson_native_use_feature audit) - $(meson_native_use_feature boot bootloader) - $(meson_native_use_feature bpf bpf-framework) -Dbpf-compiler=gcc - $(meson_native_use_feature cryptsetup libcryptsetup) - $(meson_native_use_feature curl libcurl) - $(meson_native_use_bool dns-over-tls dns-over-tls) - $(meson_native_use_feature elfutils) - $(meson_native_use_feature fido2 libfido2) - $(meson_feature gcrypt) - $(meson_native_use_feature gnutls) - $(meson_native_use_feature homed) - $(meson_native_use_feature http microhttpd) - $(meson_native_use_bool idn) - $(meson_native_use_feature importd) - $(meson_native_use_feature importd bzip2) - $(meson_native_use_feature importd zlib) - $(meson_native_use_bool kernel-install) - $(meson_native_use_feature kmod) - $(meson_feature lz4) - $(meson_feature lzma xz) - $(meson_feature zstd) - $(meson_native_use_feature iptables libiptc) - $(meson_native_use_feature openssl) - $(meson_feature pam) - $(meson_native_use_feature passwdqc) - $(meson_native_use_feature pkcs11 p11kit) - $(meson_native_use_feature pcre pcre2) - $(meson_native_use_feature policykit polkit) - $(meson_native_use_feature pwquality) - $(meson_native_use_feature qrcode qrencode) - $(meson_native_use_feature seccomp) - $(meson_native_use_feature selinux) - $(meson_native_use_feature tpm tpm2) - $(meson_native_use_feature test dbus) - $(meson_native_use_feature ukify) - $(meson_native_use_feature xkb xkbcommon) -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" # Breaks screen, tmux, etc. -Ddefault-kill-user-processes=false -Dcreate-log-dirs=false + -Dlibcrypt=enabled + -Dcompat-mutable-uid-boundaries=true - # multilib options - $(meson_native_true backlight) - $(meson_native_true binfmt) - $(meson_native_true coredump) - $(meson_native_true environment-d) - $(meson_native_true firstboot) - $(meson_native_true hibernate) - $(meson_native_true hostnamed) - $(meson_native_true ldconfig) - $(meson_native_true localed) - $(meson_native_enabled man) - $(meson_native_true networkd) - $(meson_native_true quotacheck) - $(meson_native_true randomseed) - $(meson_native_true rfkill) - $(meson_native_true sysusers) - $(meson_native_true timedated) - $(meson_native_true timesyncd) - $(meson_native_true tmpfiles) - $(meson_native_true vconsole) + # options affecting multilib + $(meson_use !elibc_musl nss-myhostname) + $(meson_feature !elibc_musl nss-mymachines) + $(meson_feature !elibc_musl nss-resolve) + $(meson_use !elibc_musl nss-systemd) + $(meson_feature pam) ) # workaround for bug 969103 @@ -394,18 +326,92 @@ multilib_src_configure() { myconf+=( $(meson_use test tests) ) fi - case $(tc-arch) in - amd64|arm|arm64|loong|ppc|ppc64|riscv|s390|x86) - # src/vmspawn/vmspawn-util.h: QEMU_MACHINE_TYPE - myconf+=( $(meson_native_enabled vmspawn) ) ;; - *) - myconf+=( -Dvmspawn=disabled ) ;; - esac + if multilib_is_native_abi; then + myconf+=( + --auto-features=enabled + -Dman=enabled + -Dxenctrl=disabled + + # Optional components/dependencies + $(meson_feature acl) + $(meson_feature apparmor) + $(meson_feature audit) + $(meson_feature boot bootloader) + $(meson_feature bpf bpf-framework) + $(meson_feature cryptsetup libcryptsetup) + $(meson_feature cryptsetup libcryptsetup-plugins) + $(meson_feature curl libcurl) + $(meson_use dns-over-tls dns-over-tls) + $(meson_feature elfutils) + $(meson_feature fido2 libfido2) + $(meson_feature gcrypt) + $(meson_feature gnutls) + $(meson_feature homed) + $(meson_use idn) + $(meson_feature importd) + $(meson_feature importd bzip2) + $(meson_feature importd sysupdate) + $(meson_feature importd zlib) + $(meson_use kernel-install) + $(meson_feature kmod) + $(meson_feature lz4) + $(meson_feature lzma xz) + $(meson_feature zstd) + $(meson_feature openssl) + $(meson_feature passwdqc) + $(meson_feature pkcs11 p11kit) + $(meson_feature pcre pcre2) + $(meson_feature policykit polkit) + $(meson_feature pwquality) + $(meson_feature qrcode qrencode) + $(meson_feature remote) + $(meson_feature remote microhttpd) + $(meson_feature seccomp) + $(meson_feature selinux) + $(meson_feature tpm tpm2) + $(meson_feature test dbus) + $(meson_feature test glib) + $(meson_feature ukify) + $(meson_feature xkb xkbcommon) + ) + + case $(tc-arch) in + amd64|arm|arm64|loong|ppc|ppc64|riscv|s390|x86) + # src/vmspawn/vmspawn-util.h: QEMU_MACHINE_TYPE + myconf+=( $(meson_native_enabled vmspawn) ) ;; + *) + myconf+=( -Dvmspawn=disabled ) ;; + esac + else + myconf+=( + --auto-features=disabled + ) + fi meson_src_configure "${myconf[@]}" } +multilib_src_compile() { + local args=() + if ! multilib_is_native_abi; then + args+=( + devel libsystemd libudev + $(usex elibc_musl '' nss) + $(usev pam) + ) + fi + meson_src_compile "${args[@]}" +} + multilib_src_test() { + local args=( --timeout-multiplier=10 ) + if ! multilib_is_native_abi; then + args+=( + --suite libsystemd --suite libudev + $(usex elibc_musl '' '--suite nss') + $(usex pam '--suite pam' '') + ) + fi ( unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR export COLUMNS=80 @@ -413,10 +419,21 @@ multilib_src_test() { addpredict /proc addpredict /run addpredict /sys/fs/cgroup - meson_src_test --timeout-multiplier=10 + meson_src_test "${args[@]}" ) || die } +multilib_src_install() { + local args=() + if ! multilib_is_native_abi; then + local tags=devel,libsystemd,libudev + use !elibc_musl && tags+=,nss + use pam && tags+=,pam + args+=( --tags "${tags}" ) + fi + meson_src_install "${args[@]}" +} + multilib_src_install_all() { einstalldocs dodoc "${FILESDIR}"/nsswitch.conf @@ -529,14 +546,16 @@ pkg_postinst() { # Keep this here in case the database format changes so it gets updated # when required. - systemd-hwdb --root="${ROOT}" update - + udev_hwdb_update || FAIL=1 udev_reload || FAIL=1 # Bug 465468, make sure locales are respected, and ensure consistency # between OpenRC & systemd migrate_locale + # Bug 971385 + systemd_reenable getty@.service + if [[ -z ${REPLACING_VERSIONS} ]]; then if type systemctl &>/dev/null; then systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1