From 971bfb47ae09a6111084c4db0c6b29f4aeab7666 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Fri, 8 Apr 2022 20:33:11 +0200 Subject: [PATCH 01/15] sys-apps/dbus: Sync with Gentoo It's from Gentoo commit 036bc045b998a68b4da32a023cc544e33e7080e1. --- .../coreos-overlay/sys-apps/dbus/Manifest | 2 +- ...12.20-r2.ebuild => dbus-1.12.22-r1.ebuild} | 40 ++++-- .../dbus/files/dbus-1.12.22-check-fd.patch | 33 +++++ .../files/dbus-1.14.0-oom_score_adj.patch | 115 ++++++++++++++++++ .../coreos-overlay/sys-apps/dbus/metadata.xml | 3 +- 5 files changed, 178 insertions(+), 15 deletions(-) rename sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/{dbus-1.12.20-r2.ebuild => dbus-1.12.22-r1.ebuild} (85%) create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-1.12.22-check-fd.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-1.14.0-oom_score_adj.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/Manifest index 0af7e50b0b..5823be671c 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/Manifest @@ -1 +1 @@ -DIST dbus-1.12.20.tar.gz 2095511 BLAKE2B b467526e7e0281db7b8c7c178469fe006dab29ccb1ea197c02495bd297e8de766230b68ed86c4a7e05dbe09ca30ce941a15e0bf8030fe0df66c04febf0534b3b SHA512 0964683bc6859374cc94e42e1ec0cdb542cca67971c205fcba4352500b6c0891665b0718e7d85eb060c81cb82e3346c313892bc02384da300ddd306c7eef0056 +DIST dbus-1.12.22.tar.gz 2108231 BLAKE2B 40c30ad9e48d8ac6b5f1c67726015eb17cb3501372ef2c8ffcd8ad73e4a2f186b80a7bbba094460d4093d1d0a3f1bbb8d83a27724397a8f5312bb8542237e6b7 SHA512 0a716022f9d693fcaf871b6dfb5f242b49a8dd05d3316ec3e530f5129f1d81a2fa9caec795fa62cfdcba6ed21549fdd2f896f9bf1cc9a96e2a7d04f2c7ec7be6 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.12.20-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.12.22-r1.ebuild similarity index 85% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.12.20-r2.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.12.22-r1.ebuild index 71950707da..68513fcf1e 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.12.20-r2.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.12.22-r1.ebuild @@ -1,10 +1,12 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 -PYTHON_COMPAT=( python3_{6..10} ) -inherit autotools flag-o-matic linux-info python-any-r1 readme.gentoo-r1 systemd virtualx multilib-minimal +PYTHON_COMPAT=( python3_{8..10} ) +TMPFILES_OPTIONAL=1 + +inherit autotools flag-o-matic linux-info python-any-r1 readme.gentoo-r1 systemd tmpfiles virtualx multilib-minimal DESCRIPTION="A message bus system, a simple way for applications to talk to each other" HOMEPAGE="https://dbus.freedesktop.org/" @@ -13,7 +15,7 @@ SRC_URI="https://dbus.freedesktop.org/releases/dbus/${P}.tar.gz" LICENSE="|| ( AFL-2.1 GPL-2 )" SLOT="0" KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="debug doc elogind kernel_linux selinux static-libs systemd test user-session X" +IUSE="debug doc elogind selinux static-libs systemd test X" RESTRICT="!test? ( test )" REQUIRED_USE="?? ( elogind systemd )" @@ -43,11 +45,10 @@ DEPEND="${COMMON_DEPEND} >=dev-libs/glib-2.40:2 ) " - -# Flatcar: drop dependency on sec-policy/selinux-dbus, to avoid pulling in -# unnecessary ebuilds into rootfs RDEPEND="${COMMON_DEPEND} acct-user/messagebus + selinux? ( sec-policy/selinux-dbus ) + systemd? ( virtual/tmpfiles ) " DOC_CONTENTS=" @@ -59,8 +60,13 @@ DOC_CONTENTS=" TBD="${WORKDIR}/${P}-tests-build" PATCHES=( - "${FILESDIR}/${PN}-enable-elogind.patch" - "${FILESDIR}/${PN}-daemon-optional.patch" # bug #653136 + "${FILESDIR}/dbus-enable-elogind.patch" + "${FILESDIR}/dbus-daemon-optional.patch" # bug #653136 + + "${FILESDIR}/dbus-1.12.22-check-fd.patch" + + # https://bugs.gentoo.org/836560 + "${FILESDIR}/dbus-1.14.0-oom_score_adj.patch" ) pkg_setup() { @@ -124,10 +130,10 @@ multilib_src_configure() { $(use_enable selinux libaudit) --disable-apparmor $(use_enable kernel_linux inotify) - $(use_enable kernel_FreeBSD kqueue) + --disable-kqueue $(use_enable elogind) $(use_enable systemd) - $(use_enable user-session) + $(use_enable systemd user-session) --disable-embedded-tests --disable-modular-tests $(use_enable debug stats) @@ -135,6 +141,7 @@ multilib_src_configure() { --with-system-pid-file="${EPREFIX}${rundir}"/dbus.pid --with-system-socket="${EPREFIX}${rundir}"/dbus/system_bus_socket --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" + --with-systemduserunitdir="$(systemd_get_userunitdir)" --with-dbus-user=messagebus $(use_with X x) ) @@ -248,7 +255,16 @@ multilib_src_install_all() { pkg_postinst() { readme.gentoo_print_elog - # Flatcar: remove machine-id generation. + if use systemd; then + tmpfiles_process dbus.conf + fi + + # Ensure unique id is generated and put it in /etc wrt #370451 but symlink + # for DBUS_MACHINE_UUID_FILE (see tools/dbus-launch.c) and reverse + # dependencies with hardcoded paths (although the known ones got fixed already) + # TODO: should be safe to remove at least the ln because of the above tmpfiles_process? + dbus-uuidgen --ensure="${EROOT}"/etc/machine-id + ln -sf "${EPREFIX}"/etc/machine-id "${EROOT}"/var/lib/dbus/machine-id if [[ ${CHOST} == *-darwin* ]]; then local plist="org.freedesktop.dbus-session.plist" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-1.12.22-check-fd.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-1.12.22-check-fd.patch new file mode 100644 index 0000000000..9038411bb1 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-1.12.22-check-fd.patch @@ -0,0 +1,33 @@ +From 769a0462befb9829594a76e675526aba8579317e Mon Sep 17 00:00:00 2001 +From: Mike Gilbert +Date: Sun, 27 Mar 2022 15:09:48 -0400 +Subject: [PATCH] sysdeps-unix: check fd before calling + _dbus_fd_set_close_on_exec() + +If /proc/self/oom_score_adj does not exist, fd will invalid (-1). +Attempting to set the CLOEXEC flag will obviously fail, and we lose the +original errno value from open(). + +Bug: https://bugs.gentoo.org/834725 +Signed-off-by: Mike Gilbert +--- + dbus/dbus-sysdeps-util-unix.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c +index 314ce64b..8f079cbf 100644 +--- a/dbus/dbus-sysdeps-util-unix.c ++++ b/dbus/dbus-sysdeps-util-unix.c +@@ -1633,7 +1633,8 @@ _dbus_reset_oom_score_adj (const char **error_str_p) + if (fd < 0) + { + fd = open ("/proc/self/oom_score_adj", O_RDWR); +- _dbus_fd_set_close_on_exec (fd); ++ if (fd >= 0) ++ _dbus_fd_set_close_on_exec (fd); + } + + if (fd >= 0) +-- +GitLab + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-1.14.0-oom_score_adj.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-1.14.0-oom_score_adj.patch new file mode 100644 index 0000000000..0945297080 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-1.14.0-oom_score_adj.patch @@ -0,0 +1,115 @@ +From 499cdfde1b3f5d812912e89b1a1a0d7a4fb83306 Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Fri, 1 Apr 2022 18:58:34 +0100 +Subject: [PATCH 1/2] activation-helper: Never crash if unable to write + oom_score_adj + +_dbus_warn() normally only logs a warning, but can be made fatal by +environment variables. In particular, we do that during unit testing, +which can result in a build-time test failure if dbus is built in a +sandbox environment that prevents write access. + +_dbus_log() does only the logging part of _dbus_warn(), which seems +more appropriate here. + +Signed-off-by: Simon McVittie +--- + bus/activation-helper.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bus/activation-helper.c b/bus/activation-helper.c +index 8a4fd732..df0472ce 100644 +--- a/bus/activation-helper.c ++++ b/bus/activation-helper.c +@@ -348,7 +348,7 @@ exec_for_correct_user (char *exec, char *user, DBusError *error) + /* Resetting the OOM score adjustment is best-effort, so we don't + * treat a failure to do so as fatal. */ + if (!_dbus_reset_oom_score_adj (&error_str)) +- _dbus_warn ("%s: %s", error_str, strerror (errno)); ++ _dbus_log (DBUS_SYSTEM_LOG_WARNING, "%s: %s", error_str, strerror (errno)); + + if (!switch_user (user, error)) + return FALSE; +-- +GitLab + + +From 5c8e5b7140c4f1f88684c7a83ce9587fff2def0c Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Fri, 1 Apr 2022 18:56:26 +0100 +Subject: [PATCH 2/2] sysdeps: Only open oom_score_adj read/write if we need to + write it + +If we're running in a sandbox, we might not have write access to +oom_score_adj. In the common case where we don't have any special +protection from the OOM-killer, we can detect that with only read +access, and skip the part where we open it for writing. + +(We would also not have write access to oom_score_adj if we're running +with elevated Linux capabilities while not root, but that should never +actually happen for dbus-daemon-launch-helper, which is setuid root +for production use or has no capabilities during unit-testing.) + +Signed-off-by: Simon McVittie +--- + dbus/dbus-sysdeps-util-unix.c | 26 +++++++++++++++++++++++--- + 1 file changed, 23 insertions(+), 3 deletions(-) + +diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c +index 8f079cbf..ca130cff 100644 +--- a/dbus/dbus-sysdeps-util-unix.c ++++ b/dbus/dbus-sysdeps-util-unix.c +@@ -1627,12 +1627,12 @@ _dbus_reset_oom_score_adj (const char **error_str_p) + const char *error_str = NULL; + + #ifdef O_CLOEXEC +- fd = open ("/proc/self/oom_score_adj", O_RDWR | O_CLOEXEC); ++ fd = open ("/proc/self/oom_score_adj", O_RDONLY | O_CLOEXEC); + #endif + + if (fd < 0) + { +- fd = open ("/proc/self/oom_score_adj", O_RDWR); ++ fd = open ("/proc/self/oom_score_adj", O_RDONLY); + if (fd >= 0) + _dbus_fd_set_close_on_exec (fd); + } +@@ -1680,6 +1680,26 @@ _dbus_reset_oom_score_adj (const char **error_str_p) + goto out; + } + ++ close (fd); ++#ifdef O_CLOEXEC ++ fd = open ("/proc/self/oom_score_adj", O_WRONLY | O_CLOEXEC); ++ ++ if (fd < 0) ++#endif ++ { ++ fd = open ("/proc/self/oom_score_adj", O_WRONLY); ++ if (fd >= 0) ++ _dbus_fd_set_close_on_exec (fd); ++ } ++ ++ if (fd < 0) ++ { ++ ret = FALSE; ++ error_str = "open(/proc/self/oom_score_adj) for writing"; ++ saved_errno = errno; ++ goto out; ++ } ++ + if (pwrite (fd, "0", sizeof (char), 0) < 0) + { + ret = FALSE; +@@ -1700,7 +1720,7 @@ _dbus_reset_oom_score_adj (const char **error_str_p) + else + { + ret = FALSE; +- error_str = "open(/proc/self/oom_score_adj)"; ++ error_str = "open(/proc/self/oom_score_adj) for reading"; + saved_errno = errno; + goto out; + } +-- +GitLab + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/metadata.xml b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/metadata.xml index a8736a7781..010eeadbdd 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/metadata.xml @@ -1,5 +1,5 @@ - + freedesktop-bugs@gentoo.org @@ -7,7 +7,6 @@ Use sys-auth/elogind for session tracking. Build with sys-apps/systemd at_console support - Enable user-session semantics for session bus under systemd cpe:/a:freedesktop:dbus From ab6119aa8b0cb6febede5f2a73b1fa9b92eed84f Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Fri, 8 Apr 2022 20:46:02 +0200 Subject: [PATCH 02/15] sys-apps/dbus: Apply Flatcar modifications --- .../coreos-overlay/sys-apps/dbus/README.md | 13 ++++++++ .../sys-apps/dbus/dbus-1.12.22-r1.ebuild | 32 ++++++++++++------- 2 files changed, 33 insertions(+), 12 deletions(-) create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/README.md diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/README.md b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/README.md new file mode 100644 index 0000000000..5ae966f65b --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/README.md @@ -0,0 +1,13 @@ +Modifications done in this fork: + +- Disable user sessions. We don't need them in Flatcar. At some point + Gentoo dropped the dedicated USE flag for it and enables user + sessions with systemd USE flag. + +- Dropped the dependency on sec-policy/selinux-dbus which is brought + by the selinux USE flag. We enable the flag because we still want + DBus to be selinux-aware, but for some reason we didn't want to pull + in the `sec-policy/selinux-dbus` package. We may want to revisit + this with our SELinux work. + +- Drop /etc/machine-id generation. We do it elsewhere (bootengine?). diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.12.22-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.12.22-r1.ebuild index 68513fcf1e..e5950d5e47 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.12.22-r1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.12.22-r1.ebuild @@ -45,9 +45,14 @@ DEPEND="${COMMON_DEPEND} >=dev-libs/glib-2.40:2 ) " +# Flatcar: Drop the following dependency to avoid pulling in +# unnecessary ebuilds into rootfs: +# +# selinux? ( sec-policy/selinux-dbus ) +# +# We may want to revisit that, actually. RDEPEND="${COMMON_DEPEND} acct-user/messagebus - selinux? ( sec-policy/selinux-dbus ) systemd? ( virtual/tmpfiles ) " @@ -133,7 +138,9 @@ multilib_src_configure() { --disable-kqueue $(use_enable elogind) $(use_enable systemd) - $(use_enable systemd user-session) + # Flatcar: disable user sessions + # $(use_enable systemd user-session) + --disable-user-session --disable-embedded-tests --disable-modular-tests $(use_enable debug stats) @@ -255,16 +262,17 @@ multilib_src_install_all() { pkg_postinst() { readme.gentoo_print_elog - if use systemd; then - tmpfiles_process dbus.conf - fi - - # Ensure unique id is generated and put it in /etc wrt #370451 but symlink - # for DBUS_MACHINE_UUID_FILE (see tools/dbus-launch.c) and reverse - # dependencies with hardcoded paths (although the known ones got fixed already) - # TODO: should be safe to remove at least the ln because of the above tmpfiles_process? - dbus-uuidgen --ensure="${EROOT}"/etc/machine-id - ln -sf "${EPREFIX}"/etc/machine-id "${EROOT}"/var/lib/dbus/machine-id + # Flatcar: Drop machine-id generation. + # if use systemd; then + # tmpfiles_process dbus.conf + # fi + # + # # Ensure unique id is generated and put it in /etc wrt #370451 but symlink + # # for DBUS_MACHINE_UUID_FILE (see tools/dbus-launch.c) and reverse + # # dependencies with hardcoded paths (although the known ones got fixed already) + # # TODO: should be safe to remove at least the ln because of the above tmpfiles_process? + # dbus-uuidgen --ensure="${EROOT}"/etc/machine-id + # ln -sf "${EPREFIX}"/etc/machine-id "${EROOT}"/var/lib/dbus/machine-id if [[ ${CHOST} == *-darwin* ]]; then local plist="org.freedesktop.dbus-session.plist" From 3c92acec077f3fe976c0c82c99115838887497ae Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Fri, 6 May 2022 20:49:50 +0200 Subject: [PATCH 03/15] profiles: Update app-emulation/qemu accept_keywords --- .../coreos-overlay/profiles/coreos/base/package.accept_keywords | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords index 91ac46d823..eb6af09197 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords @@ -4,7 +4,7 @@ =app-arch/zstd-1.4.9 ~amd64 ~arm64 -=app-emulation/qemu-6.1.0-r1 ~amd64 ~arm64 +=app-emulation/qemu-7.0.0-r1 ~arm64 =coreos-devel/fero-client-0.1.1 ** From 6a2d7bc67338b8a6c86c2c6b647d63c0cbad9272 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Fri, 6 May 2022 19:52:38 +0200 Subject: [PATCH 04/15] net-fs/samba: Sync with Gentoo It's from Gentoo commit d33672fa71f0223f90aca9d85d52d916f05de354. --- .../coreos-overlay/net-fs/samba/Manifest | 2 +- ...1-fix-glibc-2.32-function-collisions.patch | 79 ------- ...ba-4.13-vfs_snapper_configure_option.patch | 56 ----- .../files/samba-4.13-winexe_option.patch | 67 ------ .../samba/files/samba-4.9.2-timespec.patch | 21 -- .../coreos-overlay/net-fs/samba/metadata.xml | 3 +- ....12.9-r2.ebuild => samba-4.15.4-r3.ebuild} | 222 +++++++++--------- 7 files changed, 113 insertions(+), 337 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.11-fix-glibc-2.32-function-collisions.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.13-vfs_snapper_configure_option.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.13-winexe_option.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.9.2-timespec.patch rename sdk_container/src/third_party/coreos-overlay/net-fs/samba/{samba-4.12.9-r2.ebuild => samba-4.15.4-r3.ebuild} (68%) diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/Manifest b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/Manifest index d30cd1649f..315c45a9db 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/Manifest @@ -1 +1 @@ -DIST samba-4.12.9.tar.gz 18236198 BLAKE2B e19cbbbb8416626ca2fe769bf26f3645e94f23781538b3c5e1f94ce618efb807d0732e5591525ec066a31cc0211463b9b66105d1d499989012d624edaa2a132c SHA512 8bd3122bcaab2f5a16a73902a9b628384063a8116a08f0254541e05c148016839b3215c60ff0d3291a332e7884708950ad64137204b0ac19801012d3b6684fa6 +DIST samba-4.15.4.tar.gz 19280813 BLAKE2B 3106f2f265263e871fe3f82d3eecaac2e5f642925ff5dd2a9d163092fd13e9348a3910e40431d51cb94a1abeb3b9c32c487ce1f8caebe59a8d6d90641b4d9201 SHA512 e55473dd4971816a01880870309ca44f022625cd529511bcf386c865a2e7e79118577ee4866559f607952de47dc0d310d6426bd08dd4293db95ddbbe3982383d diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.11-fix-glibc-2.32-function-collisions.patch b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.11-fix-glibc-2.32-function-collisions.patch deleted file mode 100644 index 5d196a68af..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.11-fix-glibc-2.32-function-collisions.patch +++ /dev/null @@ -1,79 +0,0 @@ -glibc-2.30 and above ship their own version of nss_setpwent, nss_endpwent, -nss_setgrent, and nss_endgrent. So we rename the static functions here to -prevent a name clash. - -Also see https://forums.gentoo.org/viewtopic-t-1118902.html?sid=e1809c2d407bafda1df63d9115bcaaef - ---- a/nsswitch/nsstest.c 2019-12-06 06:46:56.000000000 -0300 -+++ b/nsswitch/nsstest.c 2020-09-11 18:35:27.199949579 -0300 -@@ -137,7 +137,7 @@ - return &pwd; - } - --static void nss_setpwent(void) -+static void nss_setpwent2(void) - { - NSS_STATUS (*_nss_setpwent)(void) = - (NSS_STATUS(*)(void))find_fn("setpwent"); -@@ -152,7 +152,7 @@ - } - } - --static void nss_endpwent(void) -+static void nss_endpwent2(void) - { - NSS_STATUS (*_nss_endpwent)(void) = - (NSS_STATUS (*)(void))find_fn("endpwent"); -@@ -290,7 +290,7 @@ - return &grp; - } - --static void nss_setgrent(void) -+static void nss_setgrent2(void) - { - NSS_STATUS (*_nss_setgrent)(void) = - (NSS_STATUS (*)(void))find_fn("setgrent"); -@@ -305,7 +305,7 @@ - } - } - --static void nss_endgrent(void) -+static void nss_endgrent2(void) - { - NSS_STATUS (*_nss_endgrent)(void) = - (NSS_STATUS (*)(void))find_fn("endgrent"); -@@ -402,7 +402,7 @@ - { - struct passwd *pwd; - -- nss_setpwent(); -+ nss_setpwent2(); - /* loop over all users */ - while ((pwd = nss_getpwent())) { - printf("Testing user %s\n", pwd->pw_name); -@@ -424,14 +424,14 @@ - printf("initgroups: "); nss_test_initgroups(pwd->pw_name, pwd->pw_gid); - printf("\n"); - } -- nss_endpwent(); -+ nss_endpwent2(); - } - - static void nss_test_groups(void) - { - struct group *grp; - -- nss_setgrent(); -+ nss_setgrent2(); - /* loop over all groups */ - while ((grp = nss_getgrent())) { - printf("Testing group %s\n", grp->gr_name); -@@ -452,7 +452,7 @@ - printf("getgrgid: "); print_group(grp); - printf("\n"); - } -- nss_endgrent(); -+ nss_endgrent2(); - } - - static void nss_test_errors(void) diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.13-vfs_snapper_configure_option.patch b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.13-vfs_snapper_configure_option.patch deleted file mode 100644 index b472119956..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.13-vfs_snapper_configure_option.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 7ae03a19b3ca895ba5f97a6bd4f9539d8daa6e0a Mon Sep 17 00:00:00 2001 -From: Matt Taylor -Date: Mon, 11 May 2020 15:26:41 -0400 -Subject: [PATCH] build: add configure option to control vfs_snapper build - -vfs_snapper is currently built if dbus development headers / libraries -are detected during configure. This commit adds new --disable-snapper -and --enable-snapper (default) configure parameters. When enabled, -configure will fail if the dbus development headers / libraries are -missing. - -Signed-off-by: Matt Taylor -Reviewed-by: David Disseldorp -Reviewed-by: Andrew Bartlett - -Autobuild-User(master): Andrew Bartlett -Autobuild-Date(master): Mon May 25 01:16:46 UTC 2020 on sn-devel-184 ---- - source3/wscript | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) - -diff --git a/source3/wscript b/source3/wscript -index 07991806c63..24ade3b0a2b 100644 ---- a/source3/wscript -+++ b/source3/wscript -@@ -74,6 +74,7 @@ def options(opt): - - opt.samba_add_onoff_option('glusterfs', with_name="enable", without_name="disable", default=True) - opt.samba_add_onoff_option('cephfs', with_name="enable", without_name="disable", default=True) -+ opt.samba_add_onoff_option('snapper', with_name="enable", without_name="disable", default=True) - - opt.add_option('--enable-vxfs', - help=("enable support for VxFS (default=no)"), -@@ -1752,11 +1753,16 @@ main() { - if Options.options.enable_vxfs: - conf.DEFINE('HAVE_VXFS', '1') - -- if conf.CHECK_CFG(package='dbus-1', args='--cflags --libs', -+ if Options.options.with_snapper: -+ if conf.CHECK_CFG(package='dbus-1', args='--cflags --libs', - msg='Checking for dbus', uselib_store="DBUS-1"): -- if (conf.CHECK_HEADERS('dbus/dbus.h', lib='dbus-1') -+ if (conf.CHECK_HEADERS('dbus/dbus.h', lib='dbus-1') - and conf.CHECK_LIB('dbus-1', shlib=True)): -- conf.DEFINE('HAVE_DBUS', '1') -+ conf.DEFINE('HAVE_DBUS', '1') -+ else: -+ conf.fatal("vfs_snapper is enabled but prerequisite DBUS libraries " -+ "or headers not found. Use --disable-snapper to disable " -+ "vfs_snapper support."); - - if conf.CHECK_CFG(package='liburing', args='--cflags --libs', - msg='Checking for liburing package', uselib_store="URING"): --- -2.26.2 - diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.13-winexe_option.patch b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.13-winexe_option.patch deleted file mode 100644 index 63f8a9ec41..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.13-winexe_option.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 54c21a99e6ca54bdb963c70d322f6778b57a384f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= -Date: Wed, 4 Mar 2020 18:51:01 +0100 -Subject: [PATCH] winexe: add configure option to control whether to build it - (default: auto) - -Guenther - -Signed-off-by: Guenther Deschner -Reviewed-by: Andreas Schneider - -Autobuild-User(master): Andreas Schneider -Autobuild-Date(master): Mon Mar 9 16:27:21 UTC 2020 on sn-devel-184 ---- - examples/winexe/wscript_build | 3 ++- - source3/wscript | 17 +++++++++++++++++ - 2 files changed, 19 insertions(+), 1 deletion(-) - -diff --git a/examples/winexe/wscript_build b/examples/winexe/wscript_build -index 43c09717e3d..559ed3fc706 100644 ---- a/examples/winexe/wscript_build -+++ b/examples/winexe/wscript_build -@@ -106,4 +106,5 @@ if winexesvc_binaries != '': - LOADPARM_CTX - libsmb - msrpc3 -- ''') -+ ''', -+ enabled=bld.env.build_winexe) -diff --git a/source3/wscript b/source3/wscript -index 85466b493fa..6d5bd22ca49 100644 ---- a/source3/wscript -+++ b/source3/wscript -@@ -63,6 +63,7 @@ def options(opt): - opt.samba_add_onoff_option('cluster-support', default=False) - - opt.samba_add_onoff_option('regedit', default=None) -+ opt.samba_add_onoff_option('winexe', default=None) - - opt.samba_add_onoff_option('fake-kaserver', - help=("Include AFS fake-kaserver support"), default=False) -@@ -1782,6 +1783,22 @@ main() { - if conf.CHECK_HEADERS('ftw.h') and conf.CHECK_FUNCS('nftw'): - conf.env.build_mvxattr = True - -+ conf.env.build_winexe = False -+ if not Options.options.with_winexe == False: -+ if conf.CONFIG_SET('HAVE_WINEXE_CC_WIN32') or conf.CONFIG_SET('HAVE_WINEXE_CC_WIN64'): -+ conf.env.build_winexe = True -+ -+ if conf.env.build_winexe: -+ Logs.info("building winexe") -+ else: -+ if Options.options.with_winexe == False: -+ Logs.info("not building winexe (--without-winexe)") -+ elif Options.options.with_winexe == True: -+ Logs.error("mingw not available, cannot build winexe") -+ conf.fatal("mingw not available, but --with-winexe was specified") -+ else: -+ Logs.info("mingw not available, not building winexe") -+ - conf.CHECK_FUNCS_IN('DES_pcbc_encrypt', 'crypto') - if Options.options.with_fake_kaserver == True: - conf.CHECK_HEADERS('afs/param.h afs/stds.h', together=True) --- -2.26.2 - diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.9.2-timespec.patch b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.9.2-timespec.patch deleted file mode 100644 index c82f4af4e7..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.9.2-timespec.patch +++ /dev/null @@ -1,21 +0,0 @@ -From 11e8c14b78e2423041f3846882f74cd6490a3e44 Mon Sep 17 00:00:00 2001 -From: Joan Karadimov -Date: Thu, 18 Oct 2018 18:16:17 +0300 -Subject: [PATCH] Fix compatibility issues with the timespec struct - ---- - source3/include/libsmbclient.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/source3/include/libsmbclient.h b/source3/include/libsmbclient.h -index 5e4a1715402..6487ea7a8aa 100644 ---- a/source3/include/libsmbclient.h -+++ b/source3/include/libsmbclient.h -@@ -78,6 +78,7 @@ extern "C" { - #include - #include - #include -+#include - #include - - #define SMBC_BASE_FD 10000 /* smallest file descriptor returned */ diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/metadata.xml b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/metadata.xml index e871aa5724..0430625e20 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/metadata.xml @@ -1,5 +1,5 @@ - + samba@gentoo.org @@ -15,7 +15,6 @@ Enable support for Ceph distributed filesystem via sys-cluster/ceph Enables the client part Enable support for clustering - Enable support for DMAPI. This currently works only in combination with XFS. Enable support for Glusterfs filesystem via sys-cluster/glusterfs Use app-crypt/gpgme for AD DC Enable json audit support through dev-libs/jansson diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/samba-4.12.9-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/samba-4.15.4-r3.ebuild similarity index 68% rename from sdk_container/src/third_party/coreos-overlay/net-fs/samba/samba-4.12.9-r2.ebuild rename to sdk_container/src/third_party/coreos-overlay/net-fs/samba/samba-4.15.4-r3.ebuild index 7b1b079397..bf1ff5956d 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/samba-4.12.9-r2.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/samba-4.15.4-r3.ebuild @@ -1,34 +1,48 @@ -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 -PYTHON_COMPAT=( python3_{6..10} ) -PYTHON_REQ_USE='threads(+),xml(+)' -TMPFILES_OPTIONAL=1 +PYTHON_COMPAT=( python3_{8..10} ) +PYTHON_REQ_USE="threads(+),xml(+)" inherit python-single-r1 waf-utils multilib-minimal linux-info systemd pam tmpfiles +DESCRIPTION="Samba Suite Version 4" +HOMEPAGE="https://samba.org/" + MY_PV="${PV/_rc/rc}" MY_P="${PN}-${MY_PV}" +if [[ ${PV} = *_rc* ]]; then + SRC_URI="mirror://samba/rc/${MY_P}.tar.gz" +else + SRC_URI="mirror://samba/stable/${MY_P}.tar.gz" + KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ppc ppc64 ~riscv sparc x86" +fi +S="${WORKDIR}/${MY_P}" -SRC_PATH="stable" -[[ ${PV} = *_rc* ]] && SRC_PATH="rc" - -SRC_URI="mirror://samba/${SRC_PATH}/${MY_P}.tar.gz" -[[ ${PV} = *_rc* ]] || \ -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~ppc ~ppc64 sparc x86" - -DESCRIPTION="Samba Suite Version 4" -HOMEPAGE="https://www.samba.org/" LICENSE="GPL-3" - SLOT="0" - -IUSE="acl addc addns ads ceph client cluster cups debug dmapi fam glusterfs -gpg iprint json ldap ntvfs pam profiling-data python quota +regedit selinux +IUSE="acl addc ads ceph client cluster cpu_flags_x86_aes cups debug fam +glusterfs gpg iprint json ldap pam profiling-data python quota +regedit selinux snapper spotlight syslog system-heimdal +system-mitkrb5 systemd test winbind zeroconf" -IUSE+=" +minimal" # Flatcar: Only install libraries, not executables. + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + addc? ( python json winbind ) + ads? ( acl ldap python winbind ) + cluster? ( ads ) + gpg? ( addc ) + spotlight? ( json ) + test? ( python ) + !ads? ( !addc ) + ?? ( system-heimdal system-mitkrb5 ) +" + +# the test suite is messed, it uses system-installed samba +# bits instead of what was built, tests things disabled via use +# flags, and generally just fails to work in a way ebuilds could +# rely on in its current state +RESTRICT="test" MULTILIB_WRAPPED_HEADERS=( /usr/include/samba-4.0/policy.h @@ -41,103 +55,91 @@ MULTILIB_WRAPPED_HEADERS=( /usr/include/samba-4.0/ctdb_version.h ) -CDEPEND=" +COMMON_DEPEND=" >=app-arch/libarchive-3.1.2[${MULTILIB_USEDEP}] - spotlight? ( dev-libs/icu:=[${MULTILIB_USEDEP}] ) + dev-lang/perl:= + dev-libs/icu:=[${MULTILIB_USEDEP}] dev-libs/libbsd[${MULTILIB_USEDEP}] - !minimal? ( dev-libs/libtasn1[${MULTILIB_USEDEP}] ) + dev-libs/libtasn1[${MULTILIB_USEDEP}] dev-libs/popt[${MULTILIB_USEDEP}] + dev-perl/Parse-Yapp >=net-libs/gnutls-3.4.7[${MULTILIB_USEDEP}] - sys-libs/e2fsprogs-libs[${MULTILIB_USEDEP}] + >=sys-fs/e2fsprogs-1.46.4-r51[${MULTILIB_USEDEP}] + >=sys-libs/ldb-2.4.1[ldap(+)?,${MULTILIB_USEDEP}] + =sys-libs/talloc-2.3.3[${MULTILIB_USEDEP}] + >=sys-libs/tdb-1.4.4[${MULTILIB_USEDEP}] + >=sys-libs/tevent-0.11.0[${MULTILIB_USEDEP}] sys-libs/zlib[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] virtual/libiconv - pam? ( sys-libs/pam ) + $(python_gen_cond_dep " + addc? ( + dev-python/dnspython:=[\${PYTHON_USEDEP}] + dev-python/markdown[\${PYTHON_USEDEP}] + ) + ads? ( + dev-python/dnspython:=[\${PYTHON_USEDEP}] + net-dns/bind-tools[gssapi] + ) + ") + !alpha? ( !sparc? ( sys-libs/libunwind:= ) ) acl? ( virtual/acl ) - addns? ( - net-dns/bind-tools[gssapi] - dev-python/dnspython - ) ceph? ( sys-cluster/ceph ) - cluster? ( - net-libs/rpcsvc-proto - !dev-db/ctdb - ) + cluster? ( net-libs/rpcsvc-proto ) cups? ( net-print/cups ) debug? ( dev-util/lttng-ust ) - dmapi? ( sys-apps/dmapi ) fam? ( virtual/fam ) - gpg? ( app-crypt/gpgme ) - json? ( dev-libs/jansson ) - ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) + gpg? ( app-crypt/gpgme:= ) + json? ( dev-libs/jansson:= ) + ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) + pam? ( sys-libs/pam ) + python? ( + sys-libs/ldb[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/talloc[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/tdb[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/tevent[python,${PYTHON_SINGLE_USEDEP}] + ) snapper? ( sys-apps/dbus ) system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl,${MULTILIB_USEDEP}] ) - system-mitkrb5? ( >=app-crypt/mit-krb5-1.15.1[${MULTILIB_USEDEP}] ) + system-mitkrb5? ( >=app-crypt/mit-krb5-1.19[${MULTILIB_USEDEP}] ) systemd? ( sys-apps/systemd:0= ) zeroconf? ( net-dns/avahi[dbus] ) " -DEPEND="${CDEPEND} - ${PYTHON_DEPS} - dev-lang/perl:= +DEPEND="${COMMON_DEPEND} >=dev-util/cmocka-1.1.3[${MULTILIB_USEDEP}] net-libs/libtirpc[${MULTILIB_USEDEP}] - virtual/pkgconfig || ( net-libs/rpcsvc-proto =sys-libs/nss_wrapper-1.1.3 >=net-dns/resolv_wrapper-1.1.4 >=net-libs/socket_wrapper-1.1.9 + >=sys-libs/nss_wrapper-1.1.3 >=sys-libs/uid_wrapper-1.2.1 ) )" -RDEPEND="${CDEPEND} - python? ( ${PYTHON_DEPS} ) +RDEPEND="${COMMON_DEPEND} client? ( net-fs/cifs-utils[ads?] ) + python? ( ${PYTHON_DEPS} ) selinux? ( sec-policy/selinux-samba ) " - -BDEPEND=" +BDEPEND="${PYTHON_DEPS} app-text/docbook-xsl-stylesheets dev-libs/libxslt + virtual/pkgconfig " -REQUIRED_USE=" - addc? ( python json winbind ) - addns? ( python ) - ads? ( acl ldap winbind ) - cluster? ( ads ) - gpg? ( addc ) - ntvfs? ( addc ) - spotlight? ( json ) - test? ( python ) - ?? ( system-heimdal system-mitkrb5 ) - ${PYTHON_REQUIRED_USE} -" - -# the test suite is messed, it uses system-installed samba -# bits instead of what was built, tests things disabled via use -# flags, and generally just fails to work in a way ebuilds could -# rely on in its current state -RESTRICT="test" - -S="${WORKDIR}/${MY_P}" - PATCHES=( "${FILESDIR}/${PN}-4.4.0-pam.patch" - "${FILESDIR}/${PN}-4.9.2-timespec.patch" - "${FILESDIR}/${PN}-4.13-winexe_option.patch" - "${FILESDIR}/${PN}-4.13-vfs_snapper_configure_option.patch" ) #CONFDIR="${FILESDIR}/$(get_version_component_range 1-2)" @@ -152,10 +154,12 @@ pkg_setup() { export DISTCC_DISABLE=1 python-single-r1_pkg_setup + + SHAREDMODS="$(usex snapper '' '!')vfs_snapper" if use cluster ; then - SHAREDMODS="idmap_rid,idmap_tdb2,idmap_ad" + SHAREDMODS+=",idmap_rid,idmap_tdb2,idmap_ad" elif use ads ; then - SHAREDMODS="idmap_ad" + SHAREDMODS+=",idmap_ad" fi } @@ -170,6 +174,9 @@ src_prepare() { sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die fi + ## ugly hackaround for bug #592502 + #cp /usr/include/tevent_internal.h "${S}"/lib/tevent/ || die + sed -e 's:::' \ -i source4/dsdb/samdb/ldb_modules/password_hash.c \ || die @@ -186,10 +193,6 @@ multilib_src_configure() { bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE" fi - # Flatcar: we need only the mandatory bundled library, ldb by default. - # Without that, configure will fail because of a missing bundled library. - bundled_libs="ldb" - local myconf=( --enable-fhs --sysconfdir="${EPREFIX}/etc" @@ -203,26 +206,23 @@ multilib_src_configure() { --nopyc --nopyo --without-winexe - --disable-python + --accel-aes=$(usex cpu_flags_x86_aes intelaesni none) $(multilib_native_use_with acl acl-support) $(multilib_native_usex addc '' '--without-ad-dc') - $(multilib_native_use_with addns dnsupdate) $(multilib_native_use_with ads) $(multilib_native_use_enable ceph cephfs) $(multilib_native_use_with cluster cluster-support) $(multilib_native_use_enable cups) - $(multilib_native_use_with dmapi) + --without-dmapi $(multilib_native_use_with fam) $(multilib_native_use_enable glusterfs) $(multilib_native_use_with gpg gpgme) $(multilib_native_use_with json) $(multilib_native_use_enable iprint) - $(multilib_native_use_with ntvfs ntvfs-fileserver) $(multilib_native_use_with pam) $(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '') $(multilib_native_use_with quota quotas) - $(multilib_native_use_with regedit regedit) - $(multilib_native_use_enable snapper) + $(multilib_native_use_with regedit) $(multilib_native_use_enable spotlight) $(multilib_native_use_with syslog) $(multilib_native_use_with systemd) @@ -240,7 +240,11 @@ multilib_src_configure() { --jobs 1 ) - multilib_is_native_abi && myconf+=( --with-shared-modules=${SHAREDMODS} ) + if multilib_is_native_abi ; then + myconf+=( --with-shared-modules=${SHAREDMODS} ) + else + myconf+=( --with-shared-modules=DEFAULT,!vfs_snapper ) + fi CPPFLAGS="-I${SYSROOT}${EPREFIX}/usr/include/et ${CPPFLAGS}" \ waf-utils_src_configure ${myconf[@]} @@ -265,7 +269,8 @@ multilib_src_install() { # create symlink for cups (bug #552310) if use cups ; then - dosym ../../../bin/smbspool /usr/libexec/cups/backend/smb + dosym ../../../bin/smbspool \ + /usr/libexec/cups/backend/smb fi # install example config file @@ -279,14 +284,17 @@ multilib_src_install() { -e '/path =/s@/usr/local/samba/lib/@/var/lib/samba/@' \ -e '/path =/s@/usr/local/samba/@/var/lib/samba/@' \ -e '/path =/s@/usr/spool/samba@/var/spool/samba@' \ - -i "${ED%/}"/etc/samba/smb.conf.default || die + -i "${ED}"/etc/samba/smb.conf.default || die # Install init script and conf.d file newinitd "${CONFDIR}/samba4.initd-r1" samba newconfd "${CONFDIR}/samba4.confd" samba - [[ ! use_minimal ]] && dotmpfiles "${FILESDIR}"/samba.conf - use addc || rm "${D}/$(systemd_get_systemunitdir)/samba.service" || die + dotmpfiles "${FILESDIR}"/samba.conf + if ! use addc ; then + rm "${D}/$(systemd_get_systemunitdir)/samba.service" \ + || die + fi # Preserve functionality for old gentoo-specific unit names dosym nmb.service "$(systemd_get_systemunitdir)/nmbd.service" @@ -306,20 +314,6 @@ multilib_src_install() { keepdir /var/lib/samba/{bind-dns,private} keepdir /var/lock/samba keepdir /var/log/samba - - - rm -f "${ED%/}"/etc/samba/* - rm -f "${ED%/}"/usr/lib*/samba/ldb/* - if use minimal ; then - mv "${ED%/}"/usr/bin/net "${T}"/ - rm -f "${ED%/}"/usr/bin/* "${ED%/}"/usr/sbin/* - mv "${T}"/net "${ED%/}"/usr/bin/net - rm -rf ${ED%/}/lib*/security - rm -rf ${ED%/}/usr/lib/systemd - rm -rf ${ED%/}/usr/lib*/perl* - rm -rf ${ED%/}/usr/lib*/python* - rm -rf ${ED%/}/var - fi } multilib_src_test() { @@ -329,12 +323,18 @@ multilib_src_test() { } pkg_postinst() { - ewarn "Be aware that this release contains the best of all of Samba's" - ewarn "technology parts, both a file server (that you can reasonably expect" - ewarn "to upgrade existing Samba 3.x releases to) and the AD domain" - ewarn "controller work previously known as 'samba4'." + tmpfiles_process samba.conf - elog "For further information and migration steps make sure to read " - elog "https://samba.org/samba/history/${P}.html " - elog "https://wiki.samba.org/index.php/Samba4/HOWTO " + if [[ -z ${REPLACING_VERSIONS} ]] ; then + elog "Be aware that this release contains the best of all of Samba's" + elog "technology parts, both a file server (that you can reasonably expect" + elog "to upgrade existing Samba 3.x releases to) and the AD domain" + elog "controller work previously known as 'samba4'." + elog + fi + if [[ "${PV}" != *_rc* ]] ; then + elog "For further information and migration steps make sure to read " + elog "https://samba.org/samba/history/${P}.html " + elog "https://wiki.samba.org/index.php/Samba4/HOWTO " + fi } From 7295c3113d2e9715d0ec2514f5c11fa855b4870d Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 15 Dec 2021 19:43:24 +0100 Subject: [PATCH 05/15] net-fs/samba: Apply Flatcar modifications - Add a minimal USE flag for only installing libraries - Change the Perl run-time dep to build-time only - Disable building libraries requiring Python - Limit the size of bundled libraries --- .../net-fs/samba/samba-4.15.4-r3.ebuild | 35 ++++++++++++++----- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/samba-4.15.4-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/samba-4.15.4-r3.ebuild index bf1ff5956d..46c11daf01 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/samba-4.15.4-r3.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/samba-4.15.4-r3.ebuild @@ -5,6 +5,7 @@ EAPI=7 PYTHON_COMPAT=( python3_{8..10} ) PYTHON_REQ_USE="threads(+),xml(+)" +TMPFILES_OPTIONAL=1 inherit python-single-r1 waf-utils multilib-minimal linux-info systemd pam tmpfiles DESCRIPTION="Samba Suite Version 4" @@ -26,6 +27,7 @@ IUSE="acl addc ads ceph client cluster cpu_flags_x86_aes cups debug fam glusterfs gpg iprint json ldap pam profiling-data python quota +regedit selinux snapper spotlight syslog system-heimdal +system-mitkrb5 systemd test winbind zeroconf" +IUSE+=" +minimal" # Flatcar: Only install libraries, not executables. REQUIRED_USE="${PYTHON_REQUIRED_USE} addc? ( python json winbind ) @@ -57,12 +59,10 @@ MULTILIB_WRAPPED_HEADERS=( COMMON_DEPEND=" >=app-arch/libarchive-3.1.2[${MULTILIB_USEDEP}] - dev-lang/perl:= - dev-libs/icu:=[${MULTILIB_USEDEP}] + spotlight? ( dev-libs/icu:=[${MULTILIB_USEDEP}] ) dev-libs/libbsd[${MULTILIB_USEDEP}] - dev-libs/libtasn1[${MULTILIB_USEDEP}] + !minimal? ( dev-libs/libtasn1[${MULTILIB_USEDEP}] ) dev-libs/popt[${MULTILIB_USEDEP}] - dev-perl/Parse-Yapp >=net-libs/gnutls-3.4.7[${MULTILIB_USEDEP}] >=sys-fs/e2fsprogs-1.46.4-r51[${MULTILIB_USEDEP}] >=sys-libs/ldb-2.4.1[ldap(+)?,${MULTILIB_USEDEP}] @@ -133,6 +133,8 @@ RDEPEND="${COMMON_DEPEND} selinux? ( sec-policy/selinux-samba ) " BDEPEND="${PYTHON_DEPS} + dev-lang/perl:= + dev-perl/Parse-Yapp app-text/docbook-xsl-stylesheets dev-libs/libxslt virtual/pkgconfig @@ -174,9 +176,6 @@ src_prepare() { sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die fi - ## ugly hackaround for bug #592502 - #cp /usr/include/tevent_internal.h "${S}"/lib/tevent/ || die - sed -e 's:::' \ -i source4/dsdb/samdb/ldb_modules/password_hash.c \ || die @@ -193,6 +192,10 @@ multilib_src_configure() { bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE" fi + # Flatcar: we need only the mandatory bundled library, ldb by default. + # Without that, configure will fail because of a missing bundled library. + bundled_libs="ldb" + local myconf=( --enable-fhs --sysconfdir="${EPREFIX}/etc" @@ -290,7 +293,7 @@ multilib_src_install() { newinitd "${CONFDIR}/samba4.initd-r1" samba newconfd "${CONFDIR}/samba4.confd" samba - dotmpfiles "${FILESDIR}"/samba.conf + use minimal || dotmpfiles "${FILESDIR}"/samba.conf if ! use addc ; then rm "${D}/$(systemd_get_systemunitdir)/samba.service" \ || die @@ -314,6 +317,20 @@ multilib_src_install() { keepdir /var/lib/samba/{bind-dns,private} keepdir /var/lock/samba keepdir /var/log/samba + + + rm -f "${ED%/}"/etc/samba/* + rm -f "${ED%/}"/usr/lib*/samba/ldb/* + if use minimal ; then + mv "${ED%/}"/usr/bin/net "${T}"/ + rm -f "${ED%/}"/usr/bin/* "${ED%/}"/usr/sbin/* + mv "${T}"/net "${ED%/}"/usr/bin/net + rm -rf ${ED%/}/lib*/security + rm -rf ${ED%/}/usr/lib/systemd + rm -rf ${ED%/}/usr/lib*/perl* + rm -rf ${ED%/}/usr/lib*/python* + rm -rf ${ED%/}/var + fi } multilib_src_test() { @@ -323,7 +340,7 @@ multilib_src_test() { } pkg_postinst() { - tmpfiles_process samba.conf + use minimal || tmpfiles_process samba.conf if [[ -z ${REPLACING_VERSIONS} ]] ; then elog "Be aware that this release contains the best of all of Samba's" From 56c7e989672b07b747ee9fa52580ff66e1d5b43f Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Mon, 9 May 2022 19:23:18 +0200 Subject: [PATCH 06/15] profiles: Cleanup use flags for app-emulation/qemu Move them to targets/sdk as qemu is only built for SDK. Drop all the enabled-by-default USE flags. --- .../third_party/coreos-overlay/profiles/coreos/base/package.use | 1 - .../coreos-overlay/profiles/coreos/targets/sdk/package.use | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use index 6bceb01650..1eb377ad12 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use @@ -13,7 +13,6 @@ dev-vcs/git webdav curl bash-completion net-misc/curl kerberos threads telnet net-misc/iputils arping tracepath traceroute6 sys-devel/gettext -git -app-emulation/qemu aio caps curl -doc ncurses png python threads uuid vhost-net virtfs vnc -xkb -slirp -jpeg qemu_softmmu_targets_x86_64 qemu_softmmu_targets_aarch64 sys-apps/gptfdisk -icu diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.use index 0f3c765e6c..4c1f3550ab 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.use @@ -11,7 +11,7 @@ app-crypt/gnupg smartcard usb # for qemu app-arch/bzip2 static-libs -app-emulation/qemu static-user slirp -jpeg +app-emulation/qemu -doc -jpeg ncurses python static-user virtfs qemu_softmmu_targets_x86_64 qemu_softmmu_targets_aarch64 dev-libs/glib static-libs dev-libs/libaio static-libs dev-libs/libpcre static-libs From 1e9c554554a795a54a3c787f5d42acecab8c0b26 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Mon, 9 May 2022 19:35:33 +0200 Subject: [PATCH 07/15] profiles: Cleanup use flags for dev-vcs/git --- .../coreos-overlay/profiles/coreos/base/package.unmask | 4 ++++ .../coreos-overlay/profiles/coreos/base/package.use | 2 +- .../coreos-overlay/profiles/coreos/base/package.use.mask | 3 --- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask index 1e5dd5d5b6..2b71e249dc 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask @@ -16,3 +16,7 @@ # Overwrite portage-stable mask. OpenSSL-3* is building fine on Flatcar # and Flatcar's dependencies are building fine against it. =dev-libs/openssl-3.0* + +# Overwrite portage-stable mask - we want to use this version of git +# for security fixes. +=dev-vcs/git-2.35.3 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use index 1eb377ad12..2d051ed4c3 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use @@ -19,7 +19,7 @@ sys-apps/gptfdisk -icu # for profile migration sys-libs/gdbm berkdb -dev-vcs/git -pcre-jit -perl -iconv +dev-vcs/git -perl -iconv net-analyzer/nmap ncat -system-lua diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use.mask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use.mask index 66df6be1ce..e96fa19be4 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use.mask +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use.mask @@ -1,9 +1,6 @@ # We don't ship GnuTLS by default, and smartcard has a dep loop app-crypt/gnupg smartcard ssl -# We don't need integration with cvs, perl, or subversion in git, so we can -dev-vcs/git cvs perl subversion - # not needed, requires dev-lang/python-exec sys-apps/util-linux python From 92e5b6774c259b2de3887c6364d5053433f1f3d1 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Mon, 9 May 2022 19:35:45 +0200 Subject: [PATCH 08/15] profiles: Drop outdated unmasks --- .../coreos-overlay/profiles/coreos/base/package.unmask | 8 -------- 1 file changed, 8 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask index 2b71e249dc..fdc50f0aaa 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask @@ -1,11 +1,3 @@ -# Overwrite outdated portage-stable mask -=dev-libs/openssl-3.0.0 - -# Overwrite portage-stable mask - this package was removed in -# gentoo. We still need it, since sys-libs/libsemanage still requires -# it. When we update selinux, this can be dropped. -=dev-libs/ustr-1.0.4-r8 - # Overwrite portage-stable mask. We are delaying the transition to # libxcrypt, because we need to figure out how to solve the dep loop # that results from the migration (python -> virtual/libcrypt -> From 5de6530bbe566151cb65813cbb7e4abc005604ba Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Mon, 9 May 2022 20:03:40 +0200 Subject: [PATCH 09/15] coreos/config: Drop some env var overrides for net-nds/openldap --- .../coreos-overlay/coreos/config/env/net-nds/openldap | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-nds/openldap b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-nds/openldap index f0590f1078..ee4df86ccf 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-nds/openldap +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-nds/openldap @@ -1,4 +1,2 @@ +# We know that memcmp works fine for us, but the configure script decides that it won't work just because we are cross-compiling. export ac_cv_func_memcmp_working=yes -export ol_with_yielding_select=yes -export with_yielding_select+set=yes -export with_yielding_select=yes From 6133cc6d8a8e5ea1cc10cf91f97f4b607ac9804a Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Mon, 9 May 2022 20:03:59 +0200 Subject: [PATCH 10/15] profiles: Drop accept_keywords for net-nds/openldap The updated package became stable for both amd64 and arm64. --- .../coreos-overlay/profiles/coreos/base/package.accept_keywords | 2 -- 1 file changed, 2 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords index eb6af09197..5786154a0d 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords @@ -26,8 +26,6 @@ # keywords for wget 1.21.2. =net-misc/wget-1.21.2 ~amd64 ~arm64 -=net-nds/openldap-2.4.58 ~amd64 ~arm64 - # Upgrade to GCC 10.3.0 to support latest glibc builds =sys-devel/binutils-2.37_p1 ~amd64 ~arm64 =sys-libs/binutils-libs-2.37_p1 ~amd64 ~arm64 From 4a13a5f86976df6bb5b3259bb0eb5749e8e6f365 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 11 May 2022 14:16:44 +0200 Subject: [PATCH 11/15] sys-libs/ldb: Move to portage-stable We have updated pythong and the related eclasses some time ago, so I think this ebuild should be working fine now. Also, it needs updating, because net-fs/samba started to require a newer version of it. --- .../coreos-overlay/sys-libs/ldb/Manifest | 1 - .../coreos-overlay/sys-libs/ldb/README.md | 19 --- ...ix_PKGCONFIGDIR-when-python-disabled.patch | 17 --- .../files/ldb-1.5.2-optional_packages.patch | 40 ------- .../sys-libs/ldb/ldb-2.3.0-r2.ebuild | 111 ------------------ .../coreos-overlay/sys-libs/ldb/metadata.xml | 17 --- 6 files changed, 205 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/Manifest delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/README.md delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/files/ldb-1.1.31-fix_PKGCONFIGDIR-when-python-disabled.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/files/ldb-1.5.2-optional_packages.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/ldb-2.3.0-r2.ebuild delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/metadata.xml diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/Manifest deleted file mode 100644 index 274e22e2df..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST ldb-2.3.0.tar.gz 1686378 BLAKE2B b31949e14a41f6fc99ef022e4072021d135037d835aeca80ee81a58ed20cab4f8cbd96e394f59460df11e2424e2e263d5fb01b9cebbfb4ca1bcc77162e93ed3f SHA512 7e389c0b4700a809893276d69216436ebd6d30e1f52407e4a08a1113cf14e151aed74300d8c36765c91c8f3195d8054b13a28cbdfcab031f88fd1d353e415348 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/README.md b/sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/README.md deleted file mode 100644 index 3af4511797..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/README.md +++ /dev/null @@ -1,19 +0,0 @@ -There are two reasons for keeping this package in coreos-overlay: - -- Lower the version of the python3 dependency to 3.6. - -- Drop a part of dependencies in RDEPEND that were hidden behind the - python use flag. This normally would not be necessary, because we - masked the use flag in our profile, but for some reason portage - bails out when parsing RDEPEND variable with the error pasted - below. I suppose that the solution to the problem would be updating - either python eclasses or portage (or both). - - -The error from portage: - -``` -!!! All ebuilds that could satisfy "sys-libs/ldb" for /build/amd64-usr/ have been masked. -!!! One of the following masked packages is required to complete your request: -- sys-libs/ldb-2.3.0-r1::coreos (masked by: invalid: DEPEND: Invalid atom (Invalid use dep: ''), token 25, invalid: RDEPEND: Invalid atom (Invalid use dep: ''), token 25) -``` diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/files/ldb-1.1.31-fix_PKGCONFIGDIR-when-python-disabled.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/files/ldb-1.1.31-fix_PKGCONFIGDIR-when-python-disabled.patch deleted file mode 100644 index c45b13feba..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/files/ldb-1.1.31-fix_PKGCONFIGDIR-when-python-disabled.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- a/wscript 2017-07-05 15:35:52.178964698 -0400 -+++ b/wscript 2017-07-05 15:49:20.137977649 -0400 -@@ -208,6 +208,14 @@ - ldb_headers = ('include/ldb.h include/ldb_errors.h ' - 'include/ldb_module.h include/ldb_handlers.h') - -+ # we're not currently linking against the ldap libs, but ldb.pc.in -+ # has @LDAP_LIBS@ -+ bld.env.LDAP_LIBS = '' -+ -+ if not 'PACKAGE_VERSION' in bld.env: -+ bld.env.PACKAGE_VERSION = VERSION -+ bld.env.PKGCONFIGDIR = '${LIBDIR}/pkgconfig' -+ - bld.SAMBA_LIBRARY('ldb', - COMMON_SRC + ' ' + LDB_MAP_SRC, - deps='tevent LIBLDB_MAIN replace', diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/files/ldb-1.5.2-optional_packages.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/files/ldb-1.5.2-optional_packages.patch deleted file mode 100644 index bdceeb3c43..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/files/ldb-1.5.2-optional_packages.patch +++ /dev/null @@ -1,40 +0,0 @@ ---- ldb-1.5.2/wscript -+++ ldb-1.5.2/wscript -@@ -33,6 +33,10 @@ - opt.RECURSE('lib/tevent') - opt.RECURSE('lib/replace') - opt.load('python') # options for disabling pyc or pyo compilation -+ if opt.IN_LAUNCH_DIR(): -+ opt.add_option('--disable-ldap', -+ help=("disable ldap support"), -+ action="store_true", dest='disable_ldap', default=False) - - opt.add_option('--without-ldb-lmdb', - help='disable new LMDB backend for LDB', -@@ -40,6 +44,10 @@ - - - def configure(conf): -+ conf.env.standalone_ldb = conf.IN_LAUNCH_DIR() -+ -+ conf.env.disable_ldap = getattr(Options.options, 'disable_ldap', False) -+ - conf.RECURSE('lib/tdb') - conf.RECURSE('lib/tevent') - -@@ -157,9 +165,12 @@ - if conf.env.standalone_ldb: - conf.CHECK_XSLTPROC_MANPAGES() - -- # we need this for the ldap backend -- if conf.CHECK_FUNCS_IN('ber_flush ldap_open ldap_initialize', 'lber ldap', headers='lber.h ldap.h'): -- conf.env.ENABLE_LDAP_BACKEND = True -+ if not conf.env.disable_ldap: -+ # we need this for the ldap backend -+ if conf.CHECK_FUNCS_IN('ber_flush ldap_open ldap_initialize', 'lber ldap', headers='lber.h ldap.h'): -+ conf.env.ENABLE_LDAP_BACKEND = True -+ else: -+ conf.env.ENABLE_LDAP_BACKEND = False - - # we don't want any libraries or modules to rely on runtime - # resolution of symbols diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/ldb-2.3.0-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/ldb-2.3.0-r2.ebuild deleted file mode 100644 index adb1021014..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/ldb-2.3.0-r2.ebuild +++ /dev/null @@ -1,111 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{6..10} ) -PYTHON_REQ_USE="threads(+)" -inherit python-single-r1 waf-utils multilib-minimal - -DESCRIPTION="LDAP-like embedded database" -HOMEPAGE="https://ldb.samba.org" -SRC_URI="https://samba.org/ftp/pub/${PN}/${P}.tar.gz" - -LICENSE="LGPL-3" -SLOT="0/${PV}" -KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86" -IUSE="doc ldap +lmdb python test" - -REQUIRED_USE="${PYTHON_REQUIRED_USE} - test? ( python )" - -RESTRICT="!test? ( test )" - -RDEPEND=" - dev-libs/popt[${MULTILIB_USEDEP}] - >=dev-util/cmocka-1.1.3[${MULTILIB_USEDEP}] - >=sys-libs/talloc-2.3.1[${MULTILIB_USEDEP}] - >=sys-libs/tdb-1.4.3[${MULTILIB_USEDEP}] - >=sys-libs/tevent-0.10.2[${MULTILIB_USEDEP}] - ldap? ( net-nds/openldap ) - lmdb? ( >=dev-db/lmdb-0.9.16[${MULTILIB_USEDEP}] ) -" -DEPEND="${RDEPEND}" -BDEPEND="${PYTHON_DEPS} - dev-libs/libxslt - virtual/pkgconfig - doc? ( app-doc/doxygen ) -" - -WAF_BINARY="${S}/buildtools/bin/waf" - -MULTILIB_WRAPPED_HEADERS=( /usr/include/pyldb.h ) - -PATCHES=( - "${FILESDIR}"/${PN}-1.5.2-optional_packages.patch - "${FILESDIR}"/${PN}-1.1.31-fix_PKGCONFIGDIR-when-python-disabled.patch -) - -pkg_setup() { - # Package fails to build with distcc - export DISTCC_DISABLE=1 - - # waf requires a python interpreter - python-single-r1_pkg_setup -} - -src_prepare() { - default - multilib_copy_sources -} - -multilib_src_configure() { - local myconf=( - $(usex ldap '' --disable-ldap) - $(usex lmdb '' --without-ldb-lmdb) - --disable-rpath - --disable-rpath-install --bundled-libraries=NONE - --with-modulesdir="${EPREFIX}"/usr/$(get_libdir)/samba - --builtin-libraries=NONE - ) - if ! multilib_is_native_abi; then - myconf+=( --disable-python ) - else - use python || myconf+=( --disable-python ) - fi - waf-utils_src_configure "${myconf[@]}" -} - -multilib_src_compile() { - waf-utils_src_compile - multilib_is_native_abi && use doc && doxygen Doxyfile -} - -multilib_src_test() { - if multilib_is_native_abi; then - WAF_MAKE=1 \ - PATH=buildtools/bin:../../../buildtools/bin:$PATH:"${BUILD_DIR}"/bin/shared/private/ \ - LD_LIBRARY_PATH=$LD_LIBRARY_PATH:"${BUILD_DIR}"/bin/shared/private/:"${BUILD_DIR}"/bin/shared \ - waf test || die - fi -} - -multilib_src_install() { - waf-utils_src_install - - if multilib_is_native_abi && use doc; then - doman apidocs/man/man3/*.3 - docinto html - dodoc -r apidocs/html/. - fi - - use python && python_optimize #726454 -} - -pkg_postinst() { - if has_version sys-auth/sssd; then - ewarn "You have sssd installed. It is known to break after ldb upgrades," - ewarn "so please try to rebuild it before reporting bugs." - ewarn "See https://bugs.gentoo.org/404281" - fi -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/metadata.xml b/sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/metadata.xml deleted file mode 100644 index 5970784771..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/ldb/metadata.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - - samba@gentoo.org - Samba - - - cpe:/a:samba:samba - - - Builds documentation - Enable LDAP support - Enable LMDB backend - Enable Python support - - From 86c1c65b842cae3d753571a1e60212d720d6157c Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 11 May 2022 14:22:48 +0200 Subject: [PATCH 12/15] coreos/config: Drop env overrides for dead package --- .../coreos/config/env/sys-libs/e2fsprogs-libs | 12 ------------ 1 file changed, 12 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-libs/e2fsprogs-libs diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-libs/e2fsprogs-libs b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-libs/e2fsprogs-libs deleted file mode 100644 index b312ac96b1..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-libs/e2fsprogs-libs +++ /dev/null @@ -1,12 +0,0 @@ -# Remove all the build-time helpers leaving just the libraries. -# Not like we can execute them anyways for the target. -if [[ $(cros_target) != "cros_host" ]] ; then - e2fsprogs_mask=" - /usr/bin - /usr/share/et - /usr/share/ss - " - PKG_INSTALL_MASK+=" ${e2fsprogs_mask}" - INSTALL_MASK+=" ${e2fsprogs_mask}" - unset e2fsprogs_mask -fi From 35ac1a04a4638702ba696f71e77a9e3eda853ead Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 11 May 2022 14:42:10 +0200 Subject: [PATCH 13/15] profiles: Drop accept_keywords for sys-libs/talloc We updated to 2.3.3, which is stable for both amd64 and arm64. Also, we have the new enough python version now. --- .../profiles/coreos/base/package.accept_keywords | 6 ------ 1 file changed, 6 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords index 5786154a0d..db1600bd49 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords @@ -39,12 +39,6 @@ =sys-libs/libseccomp-2.5.0 ~amd64 ~arm64 -# We need 2.3.2, but it still marked as unstable on arm64. Can't -# update the package to a newer revision from gentoo (where it is -# already stabilised for both amd64 and arm64) until we move off from -# python3.6. -=sys-libs/talloc-2.3.2 ~amd64 ~arm64 - # Keep headers in sync with kernel version. =sys-kernel/linux-headers-5.15 ~amd64 ~arm64 From 5efb559382d9e2287ee7b5e65fbacd26bfed5c94 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 11 May 2022 18:12:16 +0200 Subject: [PATCH 14/15] profiles: Do not install the e2fsprogs devel tools --- .../profiles/coreos/targets/generic/make.defaults | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults index c3e0e2f642..0f2d4854f5 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults @@ -76,6 +76,14 @@ INSTALL_MASK="${INSTALL_MASK} /usr/bin/cvtsudoers " +# Do not install some of the tools from e2fsprogs. +INSTALL_MASK="${INSTALL_MASK} + /usr/bin/mk_cmds + /usr/bin/compile_et + /usr/share/et + /usr/share/ss +" + # Override UIDs and GIDs where ours differ from Gentoo defaults. ACCT_GROUP_DIALOUT_ID=249 ACCT_GROUP_INPUT_ID=28 From c5d6280026f0a4be0f643b41a7b2e1783122b698 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Thu, 12 May 2022 19:12:38 +0200 Subject: [PATCH 15/15] changelog: Add an entry --- .../changelog/updates/2022-05-12-dbus-and-samba-update.md | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/changelog/updates/2022-05-12-dbus-and-samba-update.md diff --git a/sdk_container/src/third_party/coreos-overlay/changelog/updates/2022-05-12-dbus-and-samba-update.md b/sdk_container/src/third_party/coreos-overlay/changelog/updates/2022-05-12-dbus-and-samba-update.md new file mode 100644 index 0000000000..3090f25133 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/changelog/updates/2022-05-12-dbus-and-samba-update.md @@ -0,0 +1,2 @@ +- dbus ([1.12.22](https://gitlab.freedesktop.org/dbus/dbus/-/blob/177ab044bc87cbc4ded75d21b900795a6fefef76/NEWS)) +- samba ([4.15.4](https://www.samba.org/samba/history/samba-4.15.4.html))