Followup backports from upstream

At the same time, try to document all the Flatcar specific changes.

Co-authored-by: Sayan Chowdhury <sayan@kinvolk.io>

sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-apps/systemd-245

@@ -0,0 +1,15 @@
+BDEPEND=app-arch/xz-utils:0 dev-util/gperf >=dev-util/meson-0.46 >=dev-util/intltool-0.50 >=sys-apps/coreutils-8.16 sys-devel/m4 virtual/pkgconfig test? ( sys-apps/dbus ) app-text/docbook-xml-dtd:4.2 app-text/docbook-xml-dtd:4.5 app-text/docbook-xsl-stylesheets dev-libs/libxslt:0 || ( ( dev-lang/python:3.7 dev-python/lxml[python_targets_python3_7(-),python_single_target_python3_7(+)] ) ( dev-lang/python:3.6 dev-python/lxml[python_targets_python3_6(-),python_single_target_python3_6(+)] ) ( dev-lang/python:3.5 dev-python/lxml[python_targets_python3_5(-),python_single_target_python3_5(+)] ) ) >=dev-vcs/git-1.8.2.1[curl] >=dev-util/meson-0.48.2 >=dev-util/ninja-1.7.2 virtual/pkgconfig virtual/pkgconfig
+DEFINED_PHASES=compile configure info install postinst preinst prepare prerm pretend setup test unpack
+DESCRIPTION=System and service manager for Linux
+EAPI=7
+HOMEPAGE=https://www.freedesktop.org/wiki/Software/systemd
+IUSE=acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux +split-usr +sysv-utils test vanilla xkb cros_workon_tree_ profiling kernel_linux abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_riscv_lp64d abi_riscv_lp64 abi_s390_32 abi_s390_64
+KEYWORDS=~alpha amd64 ~arm arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86
+LICENSE=GPL-2 LGPL-2.1 MIT public-domain
+PDEPEND=>=sys-apps/dbus-1.9.8[systemd] hwdb? ( >=sys-apps/hwids-20150417[udev] ) policykit? ( sys-auth/polkit ) !vanilla? ( sys-apps/gentoo-systemd-integration )
+RDEPEND=>=sys-apps/util-linux-2.30:0=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] sys-libs/libcap:0=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] acl? ( sys-apps/acl:0= ) apparmor? ( sys-libs/libapparmor:0= ) audit? ( >=sys-process/audit-2:0= ) cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) curl? ( net-misc/curl:0= ) elfutils? ( >=dev-libs/elfutils-0.158:0= ) gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) homed? ( >=dev-libs/openssl-1.1.0:0= ) http? ( >=net-libs/libmicrohttpd-0.9.33:0= ssl? ( >=net-libs/gnutls-3.1.4:0= ) ) idn? ( net-dns/libidn2:= ) importd? ( app-arch/bzip2:0= sys-libs/zlib:0= ) kmod? ( >=sys-apps/kmod-15:0= ) lz4? ( >=app-arch/lz4-0_p131:0=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) nat? ( net-firewall/iptables:0= ) pam? ( sys-libs/pam:=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) pkcs11? ( app-crypt/p11-kit:0= ) pcre? ( dev-libs/libpcre2 ) pwquality? ( dev-libs/libpwquality:0= ) qrcode? ( media-gfx/qrencode:0= ) repart? ( >=dev-libs/openssl-1.1.0:0= ) seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) selinux? ( sys-libs/libselinux:0= ) xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) sysv-utils? ( !sys-apps/sysvinit ) !sysv-utils? ( sys-apps/sysvinit ) resolvconf? ( !net-dns/openresolv ) !build? ( || ( sys-apps/util-linux[kill(-)] sys-process/procps[kill(+)] sys-apps/coreutils[kill(-)] ) ) !sys-auth/nss-myhostname !sys-fs/eudev
+REQUIRED_USE=homed? ( cryptsetup ) importd? ( curl gcrypt lzma )
+RESTRICT=!test? ( test )
+SLOT=0/2
+_eclasses_=bash-completion-r1	47a7402d95930413ce25ba8d857339bb	cros-workon	4ad6e6491a1010ad7c875302b3be18ba	eutils	6e6c2737b59a4b982de6fb3ecefd87f8	flag-o-matic	a09389deba2c0a7108b581e02c7cecbf	git-r3	0d4635eeb5a96cd5315597a47eba25c9	linux-info	953c3b1c472dcadbf62098a9301327f2	meson	e53acc5913e5581a8a71be22731d8f36	multibuild	40fe59465edacd730c644ec2bc197809	multilib	1d91b03d42ab6308b5f4f6b598ed110e	multilib-build	0d0c25170069d06d0eb233154229af97	multilib-minimal	8bddda43703ba94d8341f4e247f97566	multiprocessing	cac3169468f893670dac3e7cb940e045	ninja-utils	132cbb376048d079b5a012f5467c4e7f	pam	69b1cf8e80a877ad42a03042aaa66a5e	python-any-r1	4900ae970f827a22d33d41bd8b8f9ace	python-utils-r1	08e17157a6807add7db1f8d01e7e391f	systemd	71fd8d2065d102753fb9e4d20eaf3e9f	toolchain-funcs	8c7f9d80beedd16f2e5a7f612c609529	udev	7752f306eec7b286d00bdb47b763e7ac	usr-ldscript	b8347f91cfb6122afdab80b966752a2c
+_md5_=8a783655bb0a0eec4ff204363bf853c9

sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-apps/systemd-9999

@@ -1,15 +1,14 @@
-BDEPEND=app-arch/xz-utils:0 dev-util/gperf >=dev-util/meson-0.46 >=dev-util/intltool-0.50 >=sys-apps/coreutils-8.16 virtual/pkgconfig[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] test? ( sys-apps/dbus ) app-text/docbook-xml-dtd:4.2 app-text/docbook-xml-dtd:4.5 app-text/docbook-xsl-stylesheets dev-libs/libxslt:0 || ( ( dev-lang/python:3.7 dev-python/lxml[python_targets_python3_7(-),python_single_target_python3_7(+)] ) ( dev-lang/python:3.6 dev-python/lxml[python_targets_python3_6(-),python_single_target_python3_6(+)] ) ( dev-lang/python:3.5 dev-python/lxml[python_targets_python3_5(-),python_single_target_python3_5(+)] ) ) >=dev-vcs/git-1.8.2.1[curl] >=dev-util/meson-0.48.2 >=dev-util/ninja-1.7.2 virtual/pkgconfig virtual/pkgconfig
+BDEPEND=app-arch/xz-utils:0 dev-util/gperf >=dev-util/meson-0.46 >=dev-util/intltool-0.50 >=sys-apps/coreutils-8.16 sys-devel/m4 virtual/pkgconfig test? ( sys-apps/dbus ) app-text/docbook-xml-dtd:4.2 app-text/docbook-xml-dtd:4.5 app-text/docbook-xsl-stylesheets dev-libs/libxslt:0 || ( ( dev-lang/python:3.7 dev-python/lxml[python_targets_python3_7(-),python_single_target_python3_7(+)] ) ( dev-lang/python:3.6 dev-python/lxml[python_targets_python3_6(-),python_single_target_python3_6(+)] ) ( dev-lang/python:3.5 dev-python/lxml[python_targets_python3_5(-),python_single_target_python3_5(+)] ) ) >=dev-vcs/git-1.8.2.1[curl] >=dev-util/meson-0.48.2 >=dev-util/ninja-1.7.2 virtual/pkgconfig virtual/pkgconfig
 DEFINED_PHASES=compile configure info install postinst preinst prepare prerm pretend setup test unpack
-DEPEND=>=sys-kernel/linux-headers-3.11 gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
 DESCRIPTION=System and service manager for Linux
 EAPI=7
 HOMEPAGE=https://www.freedesktop.org/wiki/Software/systemd
-IUSE=acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi http idn importd +kmod libidn2 +lz4 lzma nat pam pcre policykit qrcode +resolvconf +seccomp selinux +split-usr ssl +sysv-utils test vanilla xkb cros_workon_tree_ profiling kernel_linux abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_riscv_lp64d abi_riscv_lp64 abi_s390_32 abi_s390_64
+IUSE=acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux +split-usr +sysv-utils test vanilla xkb cros_workon_tree_ profiling kernel_linux abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_riscv_lp64d abi_riscv_lp64 abi_s390_32 abi_s390_64
 KEYWORDS=~amd64 ~arm64 ~arm ~x86
 LICENSE=GPL-2 LGPL-2.1 MIT public-domain
-PDEPEND=>=sys-apps/dbus-1.9.8[systemd] >=sys-apps/hwids-20150417[udev] policykit? ( sys-auth/polkit ) !vanilla? ( sys-apps/gentoo-systemd-integration )
-RDEPEND=>=sys-apps/util-linux-2.30:0=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] sys-libs/libcap:0=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] !<sys-libs/glibc-2.16 acl? ( sys-apps/acl:0= ) apparmor? ( sys-libs/libapparmor:0= ) audit? ( >=sys-process/audit-2:0= ) cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= ) curl? ( net-misc/curl:0= ) elfutils? ( >=dev-libs/elfutils-0.158:0= ) gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) http? ( >=net-libs/libmicrohttpd-0.9.33:0= ssl? ( >=net-libs/gnutls-3.1.4:0= ) ) idn? ( libidn2? ( net-dns/libidn2:= ) !libidn2? ( net-dns/libidn:= ) ) importd? ( app-arch/bzip2:0= sys-libs/zlib:0= ) kmod? ( >=sys-apps/kmod-15:0= ) lz4? ( >=app-arch/lz4-0_p131:0=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) nat? ( net-firewall/iptables:0= ) pam? ( virtual/pam:=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) pcre? ( dev-libs/libpcre2 ) qrcode? ( media-gfx/qrencode:0= ) seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) selinux? ( sys-libs/libselinux:0= ) xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) sysv-utils? ( !sys-apps/sysvinit ) !sysv-utils? ( sys-apps/sysvinit ) resolvconf? ( !net-dns/openresolv ) !build? ( || ( sys-apps/util-linux[kill(-)] sys-process/procps[kill(+)] sys-apps/coreutils[kill(-)] ) ) !sys-auth/nss-myhostname !<sys-kernel/dracut-048 !sys-fs/eudev !sys-fs/udev
-REQUIRED_USE=importd? ( curl gcrypt lzma )
+PDEPEND=>=sys-apps/dbus-1.9.8[systemd] hwdb? ( >=sys-apps/hwids-20150417[udev] ) policykit? ( sys-auth/polkit ) !vanilla? ( sys-apps/gentoo-systemd-integration )
+RDEPEND=>=sys-apps/util-linux-2.30:0=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] sys-libs/libcap:0=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] acl? ( sys-apps/acl:0= ) apparmor? ( sys-libs/libapparmor:0= ) audit? ( >=sys-process/audit-2:0= ) cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) curl? ( net-misc/curl:0= ) elfutils? ( >=dev-libs/elfutils-0.158:0= ) gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) homed? ( >=dev-libs/openssl-1.1.0:0= ) http? ( >=net-libs/libmicrohttpd-0.9.33:0= ssl? ( >=net-libs/gnutls-3.1.4:0= ) ) idn? ( net-dns/libidn2:= ) importd? ( app-arch/bzip2:0= sys-libs/zlib:0= ) kmod? ( >=sys-apps/kmod-15:0= ) lz4? ( >=app-arch/lz4-0_p131:0=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) nat? ( net-firewall/iptables:0= ) pam? ( sys-libs/pam:=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) pkcs11? ( app-crypt/p11-kit:0= ) pcre? ( dev-libs/libpcre2 ) pwquality? ( dev-libs/libpwquality:0= ) qrcode? ( media-gfx/qrencode:0= ) repart? ( >=dev-libs/openssl-1.1.0:0= ) seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) selinux? ( sys-libs/libselinux:0= ) xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) sysv-utils? ( !sys-apps/sysvinit ) !sysv-utils? ( sys-apps/sysvinit ) resolvconf? ( !net-dns/openresolv ) !build? ( || ( sys-apps/util-linux[kill(-)] sys-process/procps[kill(+)] sys-apps/coreutils[kill(-)] ) ) !sys-auth/nss-myhostname !sys-fs/eudev
+REQUIRED_USE=homed? ( cryptsetup ) importd? ( curl gcrypt lzma )
 RESTRICT=!test? ( test )
 SLOT=0/2
 _eclasses_=bash-completion-r1	47a7402d95930413ce25ba8d857339bb	cros-workon	4ad6e6491a1010ad7c875302b3be18ba	eutils	6e6c2737b59a4b982de6fb3ecefd87f8	flag-o-matic	a09389deba2c0a7108b581e02c7cecbf	git-r3	0d4635eeb5a96cd5315597a47eba25c9	linux-info	c90a203b1c14cfa77bd3e37a0e96c955	meson	e53acc5913e5581a8a71be22731d8f36	multibuild	40fe59465edacd730c644ec2bc197809	multilib	1d91b03d42ab6308b5f4f6b598ed110e	multilib-build	0d0c25170069d06d0eb233154229af97	multilib-minimal	8bddda43703ba94d8341f4e247f97566	multiprocessing	cac3169468f893670dac3e7cb940e045	ninja-utils	132cbb376048d079b5a012f5467c4e7f	pam	69b1cf8e80a877ad42a03042aaa66a5e	python-any-r1	4900ae970f827a22d33d41bd8b8f9ace	python-utils-r1	08e17157a6807add7db1f8d01e7e391f	systemd	71fd8d2065d102753fb9e4d20eaf3e9f	toolchain-funcs	8c7f9d80beedd16f2e5a7f612c609529	udev	7752f306eec7b286d00bdb47b763e7ac	user	7b7fc6ec5eb1c1eee55b0609f01e7362	user-info	a2abd4e2f4c3b9b06d64bf1329359a02

sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords

@@ -42,7 +42,7 @@ dev-util/checkbashisms
 # Pick up fixes for bugs introduced in 4.0
 =sys-fs/dosfstools-4.1 **
 
-# iproute2 4.13 includes a patch to avoid leaking netns mounts in rkt 
+# iproute2 4.13 includes a patch to avoid leaking netns mounts in rkt
 # https://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git/commit/?id=d6a4076b6ba6547d7e52c377a7c58c56eb5ea16e
 =sys-apps/iproute2-4.13.0 ~amd64 ~arm64
 
@@ -80,3 +80,5 @@ dev-util/checkbashisms
 >=dev-util/strace-5.3 ~amd64 ~arm64
 
 =dev-lang/rust-1.44.1 ~amd64 ~arm64
+
+=sys-fs/cryptsetup-2.0.3 ~amd64

sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild

@@ -1,24 +1,32 @@
-# Copyright 2011-2019 Gentoo Authors
+# Copyright 2011-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
+# Flatcar: Based on systemd-245.5.ebuild from commit
+# 960277ffec44c6245e1ae16b3b36fed9d76496b1 in gentoo repo.
+
 EAPI=7
 
+# Flatcar: Use cros setup
 CROS_WORKON_PROJECT="flatcar-linux/systemd"
 CROS_WORKON_REPO="git://github.com"
 
 if [[ ${PV} == 9999 ]]; then
+	# Flatcar: Use cros setup
 	# Use ~arch instead of empty keywords for compatibility with cros-workon
 	KEYWORDS="~amd64 ~arm64 ~arm ~x86"
 else
-	CROS_WORKON_COMMIT="171ebfdbcb79b1f42659d111b5a642e72ea02021" # v245-flatcar
+	# Flatcar: Use cros setup
+	CROS_WORKON_COMMIT="d74c3540c7b01126cf2881574da1664284ec3b41" # v245-flatcar
 	KEYWORDS="~alpha amd64 ~arm arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86"
 fi
 
-PYTHON_COMPAT=( python{3_5,3_6,3_7} )
+# Flatcar: We still have python 3.5, and have no python3.8 yet.
+PYTHON_COMPAT=( python3_{5,6,7} )
 
-# cros-workon must be imported first, in cases where cros-workon and
-# another eclass exports the same function (say src_compile) we want
-# the later eclass's version to win. Only need src_unpack from workon.
+# Flatcar: cros-workon must be imported first, in cases where
+# cros-workon and another eclass exports the same function (say
+# src_compile) we want the later eclass's version to win. Only need
+# src_unpack from workon.
 inherit cros-workon
 
 inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev user
@@ -28,7 +36,10 @@ HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
 
 LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
 SLOT="0/2"
-IUSE="acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi http idn importd +kmod +lz4 lzma nat pam pcre policykit qrcode +resolvconf +seccomp selinux +split-usr ssl +sysv-utils test vanilla xkb"
+# Flatcar: Dropped cgroup-hybrid. We use legacy hierarchy by default
+# to keep docker working. Dropped static-libs, we don't care about
+# static libraries.
+IUSE="acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux +split-usr ssl +sysv-utils test vanilla xkb"
 
 REQUIRED_USE="
 	homed? ( cryptsetup )
@@ -45,9 +56,8 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
 	acl? ( sys-apps/acl:0= )
 	apparmor? ( sys-libs/libapparmor:0= )
 	audit? ( >=sys-process/audit-2:0= )
-	cryptsetup? ( >=sys-fs/cryptsetup-2.0:1= )
+	cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
 	curl? ( net-misc/curl:0= )
-	dns-over-tls? ( >=net-libs/gnutls-3.6.0:0= )
 	elfutils? ( >=dev-libs/elfutils-0.158:0= )
 	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
 	homed? ( ${OPENSSL_DEP} )
@@ -65,7 +75,7 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
 	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
 	nat? ( net-firewall/iptables:0= )
 	pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
-	pkcs11? (app-crypt/p11-kit:0=)
+	pkcs11? ( app-crypt/p11-kit:0= )
 	pcre? ( dev-libs/libpcre2 )
 	pwquality? ( dev-libs/libpwquality:0= )
 	qrcode? ( media-gfx/qrencode:0= )
@@ -85,26 +95,23 @@ RDEPEND="${COMMON_DEPEND}
 	) )
 	!sys-auth/nss-myhostname
 	!sys-fs/eudev
-	!sys-fs/udev"
+"
 
 # sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+#
+# Flatcar: We don't have sys-fs/udev-init-scripts-25, so it's dropped.
 PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
 	hwdb? ( >=sys-apps/hwids-20150417[udev] )
 	policykit? ( sys-auth/polkit )
 	!vanilla? ( sys-apps/gentoo-systemd-integration )"
 
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="
-	>=sys-kernel/linux-headers-${MINKV}
-	gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
-"
-
 BDEPEND="
 	app-arch/xz-utils:0
 	dev-util/gperf
 	>=dev-util/meson-0.46
 	>=dev-util/intltool-0.50
 	>=sys-apps/coreutils-8.16
+	sys-devel/m4
 	virtual/pkgconfig
 	test? ( sys-apps/dbus )
 	app-text/docbook-xml-dtd:4.2
@@ -120,6 +127,11 @@ python_check_deps() {
 
 pkg_pretend() {
 	if [[ ${MERGE_TYPE} != buildonly ]]; then
+		if use test && has pid-sandbox ${FEATURES}; then
+			ewarn "Tests are known to fail with PID sandboxing enabled."
+			ewarn "See https://bugs.gentoo.org/674458."
+		fi
+
 		local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
 			~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
 			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
@@ -159,11 +171,14 @@ pkg_setup() {
 
 src_unpack() {
 	default
+	# Flatcar: Use cros setup.
 	cros-workon_src_unpack
 }
 
 src_prepare() {
-	# Use the resolv.conf managed by systemd-resolved
+	# Flatcar: We don't have separate patches, so no patching code here.
+	#
+	# Flatcar: Use the resolv.conf managed by systemd-resolved.
 	sed -i -e 's,/run/systemd/resolve/stub-resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/etc.conf.m4 || die
 
 	default
@@ -201,6 +216,8 @@ meson_multilib_native_use() {
 multilib_src_configure() {
 	local myconf=(
 		--localstatedir="${EPREFIX}/var"
+		# Flatcar: Point to our user mailing list.
+		-Dsupport-url="https://groups.google.com/forum/#!forum/flatcar-linux-user"
 		-Dpamlibdir="$(getpam_mod_dir)"
 		# avoid bash-completion dep
 		-Dbashcompletiondir="$(get_bashcompdir)"
@@ -212,8 +229,15 @@ multilib_src_configure() {
 		# Avoid infinite exec recursion, bug 642724
 		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
 		# no deps
+		#
+		# Flatcar: TODO: We have no clue why this was dropped
+		# from upstream, so we keep it until we understand
+		# more.
 		-Defi=$(meson_multilib)
 		-Dima=true
+		# Flatcar: Use legacy hierarchy to avoid breaking
+		# Docker.
+		-Ddefault-hierarchy=legacy
 		# Optional components/dependencies
 		-Dacl=$(meson_multilib_native_use acl)
 		-Dapparmor=$(meson_multilib_native_use apparmor)
@@ -223,12 +247,11 @@ multilib_src_configure() {
 		-Delfutils=$(meson_multilib_native_use elfutils)
 		-Dgcrypt=$(meson_use gcrypt)
 		-Dgnu-efi=$(meson_multilib_native_use gnuefi)
-		-Defi-libdir="${EPREFIX}/usr/$(get_libdir)"
+		-Defi-libdir="${ESYSROOT}/usr/$(get_libdir)"
 		-Dhomed=$(meson_multilib_native_use homed)
 		-Dhwdb=$(meson_multilib_native_use hwdb)
 		-Dmicrohttpd=$(meson_multilib_native_use http)
 		-Didn=$(meson_multilib_native_use idn)
-		$(usex http -Dgnutls=$(meson_multilib_native_use ssl) -Dgnutls=false)
 		-Dimportd=$(meson_multilib_native_use importd)
 		-Dbzip2=$(meson_multilib_native_use importd)
 		-Dzlib=$(meson_multilib_native_use importd)
@@ -245,14 +268,14 @@ multilib_src_configure() {
 		-Drepart=$(meson_multilib_native_use repart)
 		-Dseccomp=$(meson_multilib_native_use seccomp)
 		-Dselinux=$(meson_multilib_native_use selinux)
-		#-Dtests=$(meson_multilib_native_use test)
 		-Ddbus=$(meson_multilib_native_use test)
 		-Dxkbcommon=$(meson_multilib_native_use xkb)
-		# hardcode a few paths to spare some deps
-		-Dkill-path=/bin/kill
-		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+		# Flatcar: Use our ntp servers.
+		-Dntp-servers="0.flatcar.pool.ntp.org 1.flatcar.pool.ntp.org 2.flatcar.pool.ntp.org 3.flatcar.pool.ntp.org"
 		# Breaks screen, tmux, etc.
 		-Ddefault-kill-user-processes=false
+		# Flatcar: TODO: Investigate if we want this.
+		-Dcreate-log-dirs=false
 
 		# multilib options
 		-Dbacklight=$(meson_multilib)
@@ -275,45 +298,42 @@ multilib_src_configure() {
 		-Dtmpfiles=$(meson_multilib)
 		-Dvconsole=$(meson_multilib)
 
-		# static-libs
-		-Dstatic-libsystemd=$(usex static-libs true false)
-		-Dstatic-libudev=$(usex static-libs true false)
-
-		### CoreOS options
-		# Specify this, or meson breaks due to no /etc/login.defs
+		# Flatcar: Specify this, or meson breaks due to no
+		# /etc/login.defs.
 		-Dsystem-gid-max=999
 		-Dsystem-uid-max=999
 
-		# dbus paths
+		# Flatcar: DBus paths.
 		-Ddbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services"
 		-Ddbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services"
 
-		-Dntp-servers="0.flatcar.pool.ntp.org 1.flatcar.pool.ntp.org 2.flatcar.pool.ntp.org 3.flatcar.pool.ntp.org"
-
+		# Flatcar: PAM config directory.
 		-Dpamconfdir=/usr/share/pam.d
 
-		# The CoreOS epoch, Mon Jul  1 00:00:00 UTC 2013. Used by timesyncd
-		# as a sanity check for the minimum acceptable time. Explicitly set
-		# to avoid using the current build time.
+		# Flatcar: The CoreOS epoch, Mon Jul 1 00:00:00 UTC
+		# 2013. Used by timesyncd as a sanity check for the
+		# minimum acceptable time. Explicitly set to avoid
+		# using the current build time.
 		-Dtime-epoch=1372636800
 
-		# no default name servers
+		# Flatcar: No default name servers.
 		-Ddns-servers=
 
-		# Breaks Docker
-		-Ddefault-hierarchy=legacy
-
-		# Disable the "First Boot Wizard", it isn't very applicable to CoreOS
+		# Flatcar: Disable the "First Boot Wizard", it isn't
+		# very applicable to us.
 		-Dfirstboot=false
 
-		# Set latest network interface naming scheme for https://github.com/flatcar-linux/Flatcar/issues/36
+		# Flatcar: Set latest network interface naming scheme
+		# for
+		# https://github.com/flatcar-linux/Flatcar/issues/36
 		-Ddefault-net-naming-scheme=latest
 
-		# unported options, still needed?
+		# Flatcar: Unported options, still needed?
 		-Defi-cc="$(tc-getCC)"
 		-Dquotaon-path=/usr/sbin/quotaon
 		-Dquotacheck-path=/usr/sbin/quotacheck
-		-Drootlibdir="${EPREFIX}$(usex split-usr '' /usr)/$(get_libdir)"
+
+		# Flatcar: No static libs.
 	)
 
 	meson_src_configure "${myconf[@]}"
@@ -325,7 +345,7 @@ multilib_src_compile() {
 
 multilib_src_test() {
 	unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
-	eninja test
+	meson_src_test
 }
 
 multilib_src_install() {
@@ -339,11 +359,16 @@ multilib_src_install_all() {
 	mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
 
 	einstalldocs
+	# Flatcar: Do not install sample nsswitch.conf, we don't
+	# provide it.
 
 	if ! use resolvconf; then
 		rm -f "${ED}${rootprefix}"/sbin/resolvconf || die
 	fi
 
+	rm "${ED}"/etc/init.d/README || die
+	rm "${ED}${rootprefix}"/lib/systemd/system-generators/systemd-sysv-generator || die
+
 	if ! use sysv-utils; then
 		rm "${ED}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
 		rm "${ED}"/usr/share/man/man1/init.1 || die
@@ -354,10 +379,13 @@ multilib_src_install_all() {
 		rmdir "${ED}${rootprefix}"/sbin || die
 	fi
 
-	local udevdir=/lib/udev
-	use split-usr || udevdir=/usr/lib/udev
+	rm -r "${ED}${rootprefix}"/lib/udev/hwdb.d || die
 
-	rm -r "${ED}${udevdir}/hwdb.d" || die
+	# Flatcar: Upstream uses keepdir commands to keep some empty
+	# directories.
+	#
+	# Flatcar: TODO: Consider using that instead of
+	# systemd_dotmpfilesd "${FILESDIR}"/systemd-flatcar.conf below.
 
 	if use split-usr; then
 		# Avoid breaking boot/reboot
@@ -365,43 +393,60 @@ multilib_src_install_all() {
 		dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
 	fi
 
-	# Ensure journal directory has correct ownership/mode in inital image.
-	# This is fixed by systemd-tmpfiles *but* journald starts before that
-	# and will create the journal if the filesystem is already read-write.
-	# Conveniently the systemd Makefile sets this up completely wrong.
+	# Flatcar: Ensure journal directory has correct ownership/mode
+	# in inital image.  This is fixed by systemd-tmpfiles *but*
+	# journald starts before that and will create the journal if
+	# the filesystem is already read-write.  Conveniently the
+	# systemd Makefile sets this up completely wrong.
+	#
+	# Flatcar: TODO: Is this still a problem?
 	dodir /var/log/journal
 	fowners root:systemd-journal /var/log/journal
 	fperms 2755 /var/log/journal
 
+	# Flatcar: Don't prune systemd dirs.
+	#
+	# Flatcar: TODO: Upstream probably fixed it in different way -
+	# it's using some keepdir commands.
 	systemd_dotmpfilesd "${FILESDIR}"/systemd-flatcar.conf
+	# Flatcar: Add tmpfiles rule for resolv.conf. This path has
+	# changed after v213 so it must be handled here instead of
+	# baselayout now.
 	systemd_dotmpfilesd "${FILESDIR}"/systemd-resolv.conf
 
-	# Don't default to graphical.target
+	# Flatcar: Don't default to graphical.target.
 	local unitdir=$(PKG_CONFIG_LIBDIR="${PWD}/src/core" systemd_get_systemunitdir)
 	dosym multi-user.target "${unitdir}"/default.target
 
-	# Don't set any extra environment variables by default
+	# Flatcar: Don't set any extra environment variables by default.
 	rm "${ED}/usr/lib/environment.d/99-environment.conf" || die
 
+	# Flatcar: Don't enable services in /etc, move to /usr.
 	systemd_enable_service multi-user.target systemd-networkd.service
 	systemd_enable_service multi-user.target systemd-resolved.service
 	systemd_enable_service sysinit.target systemd-timesyncd.service
 
-	# enable getty manually
+	# Flatcar: Enable getty manually.
 	mkdir --parents "${ED}/usr/lib/systemd/system/getty.target.wants"
 	dosym ../getty@.service "/usr/lib/systemd/system/getty.target.wants/getty@tty1.service"
 
-	# Do not enable random services if /etc was detected as empty!!!
+	# Flatcar: Do not enable random services if /etc was detected
+	# as empty!!!
 	rm "${ED}$(usex split-usr '' /usr)/lib/systemd/system-preset/90-systemd.preset" || die
 	insinto $(usex split-usr '' /usr)/lib/systemd/system-preset
 	doins "${FILESDIR}"/99-default.preset
 
-	# Do not ship distro-specific files (nsswitch.conf pam.d)
+	# Flatcar: Do not ship distro-specific files (nsswitch.conf
+	# pam.d). This conflicts with our own configuration provided
+	# by baselayout.
 	rm -rf "${ED}"/usr/share/factory
 	sed -i "${ED}"/usr/lib/tmpfiles.d/etc.conf \
 		-e '/^C!* \/etc\/nsswitch\.conf/d' \
 		-e '/^C!* \/etc\/pam\.d/d' \
 		-e '/^C!* \/etc\/issue/d'
+
+	# Flatcar: gen_usr_ldscript is likely for static libs, so we
+	# dropped it.
 }
 
 migrate_locale() {
@@ -460,23 +505,39 @@ save_enabled_units() {
 
 pkg_preinst() {
 	save_enabled_units {machines,remote-{cryptsetup,fs}}.target getty@tty1.service
+
+	if ! use split-usr; then
+		local dir
+		for dir in bin sbin lib; do
+			if [[ ! ${EROOT}/${dir} -ef ${EROOT}/usr/${dir} ]]; then
+				eerror "\"${EROOT}/${dir}\" and \"${EROOT}/usr/${dir}\" are not merged."
+				eerror "One of them should be a symbolic link to the other one."
+				FAIL=1
+			fi
+		done
+		if [[ ${FAIL} ]]; then
+			eerror "Migration to system layout with merged directories must be performed before"
+			eerror "rebuilding ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
+			die "System layout with split directories still used"
+		fi
+	fi
 }
 
 pkg_postinst() {
-	newusergroup() {
-		enewgroup "$1"
-		enewuser "$1" -1 -1 -1 "$1"
-	}
+       newusergroup() {
+               enewgroup "$1"
+               enewuser "$1" -1 -1 -1 "$1"
+       }
 
-	enewgroup input
-	enewgroup kvm 78
-	enewgroup render
-	enewgroup systemd-journal
-	newusergroup systemd-coredump
-	newusergroup systemd-journal-remote
-	newusergroup systemd-network
-	newusergroup systemd-resolve
-	newusergroup systemd-timesync
+       enewgroup input
+       enewgroup kvm 78
+       enewgroup render
+       enewgroup systemd-journal
+       newusergroup systemd-coredump
+       newusergroup systemd-journal-remote
+       newusergroup systemd-network
+       newusergroup systemd-resolve
+       newusergroup systemd-timesync
 
 	systemd_update_catalog
 
@@ -492,6 +553,7 @@ pkg_postinst() {
 	# between OpenRC & systemd
 	migrate_locale
 
+	# Flatcar: Reenabling systemd-timesyncd service too.
 	systemd_reenable systemd-networkd.service systemd-resolved.service systemd-timesyncd.service
 
 	if [[ ${ENABLED_UNITS[@]} ]]; then