mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-14 00:16:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2614 from flatcar/buildbot/weekly-portage-stable-package-updates-2025-01-27

Browse Source 
Weekly portage-stable package updates 2025-01-27
This commit is contained in:
Krzesimir Nowak 2025-02-07 16:11:36 +01:00 committed by GitHub
commit b3d993190e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
540 changed files with 37451 additions and 22169 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
.github/workflows/containerd-apply-patch.sh vendored
View File

@ -1,48 +0,0 @@
#!/bin/bash
set -euo pipefail
source "${GHA_SCRIPTS_DIR}/.github/workflows/common.sh"
prepare_git_repo
if ! check_remote_branch "containerd-${VERSION_NEW}-${TARGET_BRANCH}"; then
echo "remote branch already exists, nothing to do"
exit 0
fi
pushd "${SDK_OUTER_OVERLAY}"
VERSION_OLD=$(sed -n "s/^DIST containerd-\([0-9]*\.[0-9]*\.[0-9]*\).*/\1/p" app-containers/containerd/Manifest | sort -ruV | head -n1)
if [[ "${VERSION_NEW}" = "${VERSION_OLD}" ]]; then
echo "already the latest Containerd, nothing to do"
exit 0
fi
# we need to update not only the main ebuild file, but also its CONTAINERD_COMMIT,
# which needs to point to COMMIT_HASH that matches with $VERSION_NEW from upstream containerd.
containerdEbuildOld=$(get_ebuild_filename app-containers/containerd "${VERSION_OLD}")
containerdEbuildNew="app-containers/containerd/containerd-${VERSION_NEW}.ebuild"
git mv "${containerdEbuildOld}" "${containerdEbuildNew}"
sed -i "s/GIT_REVISION=.*/GIT_REVISION=${COMMIT_HASH}/g" "${containerdEbuildNew}"
# The ebuild is masked by default to maintain compatibility with Gentoo upstream
# so we add an unmask for Flatcar only.
keywords_file="profiles/coreos/base/package.accept_keywords"
ts=$(date +'%Y-%m-%d %H:%M:%S')
comment="DO NOT EDIT THIS LINE. Added by containerd-apply-patch.sh on ${ts}"
sed -i "s;^\(=app-containers/containerd\)-${VERSION_OLD} .*;\1-${VERSION_NEW} ~amd64 ~arm64 # ${comment};" "${keywords_file}"
popd
URL="https://github.com/containerd/containerd/releases/tag/v${VERSION_NEW}"
generate_update_changelog 'containerd' "${VERSION_NEW}" "${URL}" 'containerd'
# Commit package changes and updated keyword file
commit_changes app-containers/containerd "${VERSION_OLD}" "${VERSION_NEW}" "${keywords_file}"
cleanup_repo
echo "VERSION_OLD=${VERSION_OLD}" >>"${GITHUB_OUTPUT}"
echo 'UPDATE_NEEDED=1' >>"${GITHUB_OUTPUT}"

50
.github/workflows/containerd-release-main.yaml vendored
View File

@ -1,50 +0,0 @@
name: Get the latest Containerd release for main
on:
schedule:
- cron: '00 8 * * 5'
workflow_dispatch:
jobs:
get-containerd-release:
runs-on: ubuntu-latest
steps:
- name: Check out scripts
uses: actions/checkout@v4
with:
token: ${{ secrets.BOT_PR_TOKEN }}
path: scripts
- name: Figure out latest Containerd release version
id: containerd-latest-release
run: |
versionCommitPair=( $(git ls-remote --tags https://github.com/containerd/containerd | grep 'refs/tags/v[0-9]*\.[0-9]*\.[0-9]*$' | sed -e 's#^\([0-9a-fA-F]*\)[[:space:]]*refs/tags/v\(.*\)$#\2 \1#g' | sort --reverse --unique --version-sort | head --lines 1) )
echo "VERSION_NEW=${versionCommitPair[0]}" >>"${GITHUB_OUTPUT}"
echo "COMMIT_HASH=${versionCommitPair[1]}" >>"${GITHUB_OUTPUT}"
- name: Set up Flatcar SDK
id: setup-flatcar-sdk
env:
WORK_SCRIPTS_DIR: "${{ github.workspace }}/scripts"
CHANNEL: main
run: scripts/.github/workflows/setup-flatcar-sdk.sh
- name: Apply patch for main
id: apply-patch-main
env:
GHA_SCRIPTS_DIR: "${{ github.workspace }}/scripts"
WORK_SCRIPTS_DIR: "${{ github.workspace }}/scripts"
VERSION_NEW: ${{ steps.containerd-latest-release.outputs.VERSION_NEW }}
COMMIT_HASH: ${{ steps.containerd-latest-release.outputs.COMMIT_HASH }}
PACKAGES_CONTAINER: ${{ steps.setup-flatcar-sdk.outputs.PACKAGES_CONTAINER }}
SDK_NAME: ${{ steps.setup-flatcar-sdk.outputs.SDK_NAME }}
TARGET_BRANCH: main
run: scripts/.github/workflows/containerd-apply-patch.sh
- name: Create pull request for main
uses: peter-evans/create-pull-request@v6
if: steps.apply-patch-main.outputs.UPDATE_NEEDED == 1
with:
token: ${{ secrets.BOT_PR_TOKEN }}
path: scripts
branch: "containerd-${{ steps.containerd-latest-release.outputs.VERSION_NEW }}-main"
base: main
title: Upgrade Containerd in main from ${{ steps.apply-patch-main.outputs.VERSION_OLD }} to ${{ steps.containerd-latest-release.outputs.VERSION_NEW }}
body: Subject says it all.
labels: main

74
.github/workflows/go-apply-patch.sh vendored
View File

@ -1,74 +0,0 @@
#!/bin/bash
set -euo pipefail
source "${GHA_SCRIPTS_DIR}/.github/workflows/common.sh"
prepare_git_repo
# create a mapping between short version and new version, e.g. 1.16 -> 1.16.3
declare -A VERSIONS
for version_new in ${VERSIONS_NEW}; do
version_new_trimmed="${version_new%.*}"
if [[ "${version_new_trimmed%.*}" = "${version_new_trimmed}" ]]; then
version_new_trimmed="${version_new}"
fi
VERSIONS["${version_new_trimmed}"]="${version_new}"
done
branch_name="go-$(join_by '-and-' ${VERSIONS_NEW})-main"
if ! check_remote_branch "${branch_name}"; then
echo "remote branch already exists, nothing to do"
exit 0
fi
# Parse the Manifest file for already present source files and keep the latest version in the current series
# DIST go1.17.src.tar.gz ... => 1.17
# DIST go1.17.1.src.tar.gz ... => 1.17.1
declare -a UPDATED_VERSIONS_OLD UPDATED_VERSIONS_NEW
any_different=0
for version_short in "${!VERSIONS[@]}"; do
pushd "${SDK_OUTER_OVERLAY}"
VERSION_NEW="${VERSIONS["${version_short}"]}"
VERSION_OLD=$(sed -n "s/^DIST go\(${version_short}\(\.*[0-9]*\)\?\)\.src.*/\1/p" dev-lang/go/Manifest | sort -ruV | head -n1)
if [[ -z "${VERSION_OLD}" ]]; then
echo "${version_short} is not packaged, skipping"
popd
continue
fi
if [[ "${VERSION_NEW}" = "${VERSION_OLD}" ]]; then
echo "${version_short} is already at the latest (${VERSION_NEW}), skipping"
popd
continue
fi
UPDATED_VERSIONS_OLD+=("${VERSION_OLD}")
UPDATED_VERSIONS_NEW+=("${VERSION_NEW}")
any_different=1
EBUILD_FILENAME=$(get_ebuild_filename dev-lang/go "${VERSION_OLD}")
git mv "${EBUILD_FILENAME}" "dev-lang/go/go-${VERSION_NEW}.ebuild"
popd
URL="https://go.dev/doc/devel/release#go${VERSION_NEW}"
generate_update_changelog 'Go' "${VERSION_NEW}" "${URL}" 'go'
commit_changes dev-lang/go "${VERSION_OLD}" "${VERSION_NEW}"
done
cleanup_repo
if [[ $any_different -eq 0 ]]; then
echo "go packages were already at the latest versions, nothing to do"
exit 0
fi
vo_gh="$(join_by ' and ' "${UPDATED_VERSIONS_OLD[@]}")"
vn_gh="$(join_by ' and ' "${UPDATED_VERSIONS_NEW[@]}")"
echo "VERSIONS_OLD=${vo_gh}" >>"${GITHUB_OUTPUT}"
echo "VERSIONS_NEW=${vn_gh}" >>"${GITHUB_OUTPUT}"
echo "BRANCH_NAME=${branch_name}" >>"${GITHUB_OUTPUT}"
echo 'UPDATE_NEEDED=1' >>"${GITHUB_OUTPUT}"

30
.github/workflows/go-current-major-versions.sh vendored
View File

@ -1,30 +0,0 @@
#!/bin/bash
set -euo pipefail
source "${GHA_SCRIPTS_DIR}/.github/workflows/common.sh"
pushd "${SDK_OUTER_OVERLAY}"
versions=()
for ebuild in dev-lang/go/go-*.ebuild; do
version="${ebuild##*/go-}" # 1.20.1-r1.ebuild or 1.19.ebuild
version="${version%.ebuild}" # 1.20.1-r1 or 1.19
version="${version%%-*}" # 1.20.1 or 1.19
short_version="${version%.*}" # 1.20 or 1
if [[ "${short_version%.*}" = "${short_version}" ]]; then
# fix short version
short_version="${version}"
fi
versions+=($(git ls-remote --tags https://github.com/golang/go | \
cut -f2 | \
sed --quiet "/refs\/tags\/go${short_version}\(\.[0-9]*\)\?$/s/^refs\/tags\/go//p" | \
grep --extended-regexp --invert-match --regexp='(beta|rc)' | \
sort --reverse --unique --version-sort | \
head --lines=1))
done
popd
echo "VERSIONS_NEW=${versions[*]}" >>"${GITHUB_OUTPUT}"

48
.github/workflows/go-release-main.yaml vendored
View File

@ -1,48 +0,0 @@
name: Get the latest Go release for main
on:
schedule:
- cron: '15 7 * * 1'
workflow_dispatch:
jobs:
get-go-releases:
runs-on: ubuntu-latest
steps:
- name: Check out scripts
uses: actions/checkout@v4
with:
token: ${{ secrets.BOT_PR_TOKEN }}
path: scripts
- name: Figure out latest Go release versions
id: go-latest-release
env:
GHA_SCRIPTS_DIR: "${{ github.workspace }}/scripts"
WORK_SCRIPTS_DIR: "${{ github.workspace }}/scripts"
run: scripts/.github/workflows/go-current-major-versions.sh
- name: Set up Flatcar SDK
id: setup-flatcar-sdk
env:
WORK_SCRIPTS_DIR: "${{ github.workspace }}/scripts"
CHANNEL: main
run: scripts/.github/workflows/setup-flatcar-sdk.sh
- name: Apply patch for main
id: apply-patch-main
env:
GHA_SCRIPTS_DIR: "${{ github.workspace }}/scripts"
WORK_SCRIPTS_DIR: "${{ github.workspace }}/scripts"
VERSIONS_NEW: ${{ steps.go-latest-release.outputs.VERSIONS_NEW }}
PACKAGES_CONTAINER: ${{ steps.setup-flatcar-sdk.outputs.PACKAGES_CONTAINER }}
SDK_NAME: ${{ steps.setup-flatcar-sdk.outputs.SDK_NAME }}
TARGET_BRANCH: main
run: scripts/.github/workflows/go-apply-patch.sh
- name: Create pull request for main
uses: peter-evans/create-pull-request@v6
if: steps.apply-patch-main.outputs.UPDATE_NEEDED == 1
with:
token: ${{ secrets.BOT_PR_TOKEN }}
path: scripts
branch: ${{ steps.apply-patch-main.outputs.BRANCH_NAME }}
base: main
title: Upgrade Go from ${{ steps.apply-patch-main.outputs.VERSIONS_OLD }} to ${{ steps.apply-patch-main.outputs.VERSIONS_NEW }}
body: Subject says it all.
labels: main

6
.github/workflows/portage-stable-packages-list vendored
View File

@ -67,6 +67,7 @@ acct-user/tss
app-admin/eselect
app-admin/perl-cleaner
app-admin/sudo
app-alternatives/awk
app-alternatives/bc
@ -103,6 +104,7 @@ app-cdr/cdrtools
app-containers/aardvark-dns
app-containers/catatonit
app-containers/conmon
app-containers/containerd
app-containers/containers-common
app-containers/containers-image
app-containers/containers-shortnames
@ -204,6 +206,7 @@ dev-embedded/u-boot-tools
dev-go/go-md2man
dev-lang/duktape
dev-lang/go
dev-lang/go-bootstrap
dev-lang/nasm
dev-lang/perl
@ -266,6 +269,7 @@ dev-libs/npth
dev-libs/nspr
dev-libs/oniguruma
dev-libs/opensc
dev-libs/openssl
dev-libs/popt
dev-libs/protobuf
dev-libs/tree-sitter
@ -653,6 +657,7 @@ sys-libs/binutils-libs
sys-libs/cracklib
sys-libs/efivar
sys-libs/gdbm
sys-libs/glibc
sys-libs/ldb
sys-libs/libcap
sys-libs/libcap-ng
@ -682,6 +687,7 @@ virtual/acl
virtual/dev-manager
virtual/editor
virtual/krb5
virtual/ldb
virtual/libc
virtual/libcrypt
virtual/libelf

5
changelog/security/2025-01-29-weekly-updates.md Normal file
View File

@ -0,0 +1,5 @@
- git ([CVE-2024-50349](https://nvd.nist.gov/vuln/detail/CVE-2024-50349), [CVE-2024-52005](https://nvd.nist.gov/vuln/detail/CVE-2024-52005), [CVE-2024-52006](https://nvd.nist.gov/vuln/detail/CVE-2024-52006))
- glib ([CVE-2024-52533](https://nvd.nist.gov/vuln/detail/CVE-2024-52533))
- glibc ([CVE-2025-0395](https://nvd.nist.gov/vuln/detail/CVE-2025-0395))
- openssl ([CVE-2024-13176](https://nvd.nist.gov/vuln/detail/CVE-2024-13176))
- rsync ([CVE-2024-12084](https://nvd.nist.gov/vuln/detail/CVE-2024-12084), [CVE-2024-12085](https://nvd.nist.gov/vuln/detail/CVE-2024-12085), [CVE-2024-12086](https://nvd.nist.gov/vuln/detail/CVE-2024-12086), [CVE-2024-12087](https://nvd.nist.gov/vuln/detail/CVE-2024-12087), [CVE-2024-12088](https://nvd.nist.gov/vuln/detail/CVE-2024-12088), [CVE-2024-12747](https://nvd.nist.gov/vuln/detail/CVE-2024-12747))

21
changelog/updates/2025-01-29-weekly-updates.md Normal file
View File

@ -0,0 +1,21 @@
- SDK: go ([1.23.5](https://go.dev/doc/go1.23))
- SDK: meson ([1.6.1](https://mesonbuild.com/Release-notes-for-1-6-0.html))
- SDK: rust ([1.83.0](https://blog.rust-lang.org/2024/11/28/Rust-1.83.0.html))
- base, dev: cri-tools ([1.32.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.32.0) (includes [1.31.1](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.31.1), [1.31.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.31.0), [1.30.1](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.30.1), [1.30.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.30.0), [1.29.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.29.0), [1.28.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.28.0), [1.27.1](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.27.1)))
- base, dev: git ([2.45.3](https://github.com/git/git/blob/v2.45.3/Documentation/RelNotes/2.45.3.txt))
- base, dev: glib ([2.82.4](https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.4) (includes [2.82.3](https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.3), [2.82.2](https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.2), [2.82.1](https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1), [2.82.0](https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.0)))
- base, dev: gnupg ([2.4.7](https://dev.gnupg.org/T7353))
- base, dev: gnutls ([3.8.8](https://gitlab.com/gnutls/gnutls/-/blob/3.8.8/NEWS))
- base, dev: ipset ([7.23](https://ipset.netfilter.org/changelog.html))
- base, dev: kbd ([2.7.1](https://git.kernel.org/pub/scm/linux/kernel/git/legion/kbd.git/tag/?h=v2.7.1) (includes [2.7](https://git.kernel.org/pub/scm/linux/kernel/git/legion/kbd.git/tag/?h=v2.7), [2.7-rc1](https://git.kernel.org/pub/scm/linux/kernel/git/legion/kbd.git/tag/?h=v2.7-rc1)))
- base, dev: nghttp2 ([1.64.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.64.0) (includes [1.63.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.63.0)))
- base, dev: socat ([1.8.0.1](https://repo.or.cz/socat.git/blob/6ff391324d2d3b9f6bfb58e7d16a20be43b47af7:/CHANGES))
- base, dev: sqlite ([3.47.2](https://sqlite.org/releaselog/3_47_2.html))
- base, dev: sssd ([2.9.6](https://sssd.io/release-notes/sssd-2.9.6.html))
- base, dev: zram-generator ([1.2.1](https://github.com/systemd/zram-generator/releases/tag/v1.2.1) (includes [1.2.0](https://github.com/systemd/zram-generator/releases/tag/v1.2.0)))
- containerd: runc ([1.2.4](https://github.com/opencontainers/runc/releases/tag/v1.2.4) (includes [1.2.3](https://github.com/opencontainers/runc/releases/tag/v1.2.3), [1.2.2](https://github.com/opencontainers/runc/releases/tag/v1.2.2), [1.2.1](https://github.com/opencontainers/runc/releases/tag/v1.2.1), [1.2.0](https://github.com/opencontainers/runc/releases/tag/v1.2.0), [1.1.15](https://github.com/opencontainers/runc/releases/tag/v1.1.15)))
- dev: gcc-config ([2.12.1](https://gitweb.gentoo.org/proj/gcc-config.git/log/?h=v2.12.1))
- docker: docker ([27.4.1](https://docs.docker.com/engine/release-notes/27/#2741) (includes [27.4.0](https://docs.docker.com/engine/release-notes/27/#2740))
- docker: docker-buildx ([0.19.1](https://github.com/docker/buildx/releases/tag/v0.19.1) (includes [0.19.0](https://github.com/docker/buildx/releases/tag/v0.19.0), [0.18.0](https://github.com/docker/buildx/releases/tag/v0.18.0), [0.17.1](https://github.com/docker/buildx/releases/tag/v0.17.1), [0.17.0](https://github.com/docker/buildx/releases/tag/v0.17.0), [0.16.2](https://github.com/docker/buildx/releases/tag/v0.16.2), [0.16.1](https://github.com/docker/buildx/releases/tag/v0.16.1), [0.16.0](https://github.com/docker/buildx/releases/tag/v0.16.0), [0.15.1](https://github.com/docker/buildx/releases/tag/v0.15.1), [0.15.0](https://github.com/docker/buildx/releases/tag/v0.15.0), [0.14.1](https://github.com/docker/buildx/releases/tag/v0.14.1)))
- sysext-python: setuptools ([75.8.0](https://github.com/pypa/setuptools/blob/v75.8.0/NEWS.rst#v7580) (includes [75.7.0](https://github.com/pypa/setuptools/blob/v75.7.0/NEWS.rst#v7570)))
- vmware: xmlsec ([1.3.6](https://github.com/lsh123/xmlsec/releases/tag/1.3.6))

2
pkg_auto/impl/pkg_auto_lib.sh
View File

@ -2768,7 +2768,7 @@ function grep_pkg() {
pkg=${1}; shift
# rest are directories
git -C "${scripts}" grep "${pkg}"'\(-[0-9]\|[^a-zA-Z0-9_-]\|$\)' -- "${@}" || :
GIT_PAGER= git -C "${scripts}" grep "${pkg}"'\(-[0-9]\|[^a-zA-Z0-9_-]\|$\)' -- "${@}" || :
}
# Prints the passed files preceding and following with BEGIN ENTRY and

2
sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest vendored
View File

@ -1,2 +0,0 @@
DIST sudo-1.9.15p5.tar.gz 5306611 BLAKE2B 73ee598c2a2848d5be24f97492b13eba2f326c514799220e43a1aeafc6692224a7555fb7cc0a96a2720751d3e4d98e752804db589ac3c1476f24e71f5b9bc720 SHA512 ebac69719de2fe7bd587924701bdd24149bf376a68b17ec02f69b2b96d4bb6fa5eb8260a073ec5ea046d3ac69bb5b1c0b9d61709fe6a56f1f66e40817a70b15a
DIST sudo-1.9.15p5.tar.gz.sig 566 BLAKE2B ddd8fed1b3721aafdb32b762834168063c3f0f003ef5d83f1883615320da6fe89b08d72c8e893c8b2bf9fd892a40e47cc77d72672e43b5a24db50e7194d9bc4c SHA512 97480a3d27b546a93e997c3a1e8169904a7625ab8fa6198d0b7e1d2d040f55b2d58462cd08e5cc97c2f1c817b12343e35cdd7db207aee42785f2b95b17c600b0

8
sdk_container/src/third_party/coreos-overlay/app-admin/sudo/README.md vendored
View File

@ -1,8 +0,0 @@
## Flatcar changes
- Remove Perl Runtime Dependency
- Remove OpenLDAP schema files for sudo
```
insinto /etc/openldap/schema
newins doc/schema.OpenLDAP sudo.schema
```
- Remove sudo.conf file as it is shipped via baselayout

4
sdk_container/src/third_party/coreos-overlay/app-containers/containerd/Manifest vendored
View File

@ -1,4 +0,0 @@
DIST containerd-1.7.1.tar.gz 9682254 BLAKE2B f168070caf2b76f0be350a98f41bfdbfe6d78344d68821fb92a29f839a6e847d795e5b79436e36f985aa88028ff1c3f44f134cf6bd502ddac22453a457bd952b SHA512 e9b00ba8f4dd1b5b1088060d3822f684611d43b367ddfeb1bee1660140af85f31e9c9bfc600a67e8fc8645a625dc4e1919d9af7291bdeaa607bff7065a4fc945
DIST containerd-1.7.2.tar.gz 9688701 BLAKE2B d31cd0e96bb2675390cc63d06114e37d532b7c666b3ffc5b0087dfcef8de23559471f08bf8a52b164c5f645faf1b8102ab2ccdd8ec417a1c74336097f0c3a899 SHA512 c0d4c02991b7e9fc341c4ef3df2d93097f5854a51b99596ed95436a79f7a586820bb8bb7c17fc43b5f38d97ea942e59490fbbf6c9710391ef9caae3d34627bc5
DIST containerd-1.7.23.tar.gz 10192816 BLAKE2B 592e3a1992a637879f1669a660991f811db6f3d11a788c9809277b3fb9639d8b89445cbbca1de16ed45703e8506c8850d9ce68b64d1213817732d008a1847ea6 SHA512 4cb003a6ef2f9fe856665c3b7099e13b23cf07c77ed9a9ed50988d74de1933e3fe9463ae123635230f25cde38cd8a487133b11e20d829a79517c4d7fbe2ce012
DIST containerd-1.7.6.tar.gz 9714550 BLAKE2B 863df1a8ab0f0fe6ec62893ed64824763c1b5230fe830fa268820ce0d6254c79e1ac62ab1261a74785b86b01dff83ea9109a899857fa47a48f2cf2eaf298fea8 SHA512 8b7e13c6ea544754ba7d53092d143f3fd2224b9bc874a33d8a00b781e719927f1b22ad5cd1e35b7b95e4890e630f4b92308549a970587ccdf9dbb8eb470e2703

86
sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-1.7.2.ebuild vendored
View File

@ -1,86 +0,0 @@
# Copyright 2022-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit go-module systemd
GIT_REVISION=0cae528dd6cb557f7201036e9f43420650207b58
DESCRIPTION="A daemon to control runC"
HOMEPAGE="https://containerd.io/"
SRC_URI="https://github.com/containerd/containerd/archive/v${PV}.tar.gz -> ${P}.tar.gz"
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
IUSE="apparmor btrfs device-mapper +cri hardened +seccomp selinux test"
DEPEND="
btrfs? ( sys-fs/btrfs-progs )
seccomp? ( sys-libs/libseccomp )
"
# recommended version of runc is found in script/setup/runc-version
RDEPEND="
${DEPEND}
~app-containers/runc-1.1.7[apparmor?,seccomp?]
"
BDEPEND="
dev-go/go-md2man
virtual/pkgconfig
"
# tests require root or docker
RESTRICT+="test"
src_prepare() {
default
sed -i \
-e "s/-s -w//" \
-e "s/-mod=readonly//" \
Makefile || die
sed -i \
-e "s:/usr/local:/usr:" \
containerd.service || die
}
src_compile() {
local options=(
$(usev apparmor)
$(usex btrfs "" "no_btrfs")
$(usex cri "" "no_cri")
$(usex device-mapper "" "no_devmapper")
$(usev seccomp)
$(usev selinux)
)
myemakeargs=(
BUILDTAGS="${options[*]}"
LDFLAGS="$(usex hardened '-extldflags -fno-PIC' '')"
REVISION="${GIT_REVISION}"
VERSION=v${PV}
)
# race condition in man target https://bugs.gentoo.org/765100
# we need to explicitly specify GOFLAGS for "go run" to use vendor source
emake "${myemakeargs[@]}" man -j1 #nowarn
emake "${myemakeargs[@]}" all
}
src_install() {
rm "${D}"/bin/gen-manpages
dobin bin/*
doman man/*
newconfd "${FILESDIR}"/${PN}.confd "${PN}"
newinitd "${FILESDIR}"/${PN}.initd "${PN}"
systemd_dounit containerd.service
keepdir /var/lib/containerd
# we already installed manpages, remove markdown source
# before installing docs directory
rm -r docs/man || die
local DOCS=( ADOPTERS.md README.md RELEASES.md ROADMAP.md SCOPE.md docs/. )
einstalldocs
}

86
sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-1.7.6.ebuild vendored
View File

@ -1,86 +0,0 @@
# Copyright 2022-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit go-module systemd
GIT_REVISION=091922f03c2762540fd057fba91260237ff86acb
DESCRIPTION="A daemon to control runC"
HOMEPAGE="https://containerd.io/"
SRC_URI="https://github.com/containerd/containerd/archive/v${PV}.tar.gz -> ${P}.tar.gz"
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
IUSE="apparmor btrfs device-mapper +cri hardened +seccomp selinux test"
DEPEND="
btrfs? ( sys-fs/btrfs-progs )
seccomp? ( sys-libs/libseccomp )
"
# recommended version of runc is found in script/setup/runc-version
RDEPEND="
${DEPEND}
~app-containers/runc-1.1.9[apparmor?,seccomp?]
"
BDEPEND="
dev-go/go-md2man
virtual/pkgconfig
"
# tests require root or docker
RESTRICT+="test"
src_prepare() {
default
sed -i \
-e "s/-s -w//" \
-e "s/-mod=readonly//" \
Makefile || die
sed -i \
-e "s:/usr/local:/usr:" \
containerd.service || die
}
src_compile() {
local options=(
$(usev apparmor)
$(usex btrfs "" "no_btrfs")
$(usex cri "" "no_cri")
$(usex device-mapper "" "no_devmapper")
$(usev seccomp)
$(usev selinux)
)
myemakeargs=(
BUILDTAGS="${options[*]}"
LDFLAGS="$(usex hardened '-extldflags -fno-PIC' '')"
REVISION="${GIT_REVISION}"
VERSION=v${PV}
)
# race condition in man target https://bugs.gentoo.org/765100
# we need to explicitly specify GOFLAGS for "go run" to use vendor source
emake "${myemakeargs[@]}" man -j1 #nowarn
emake "${myemakeargs[@]}" all
}
src_install() {
rm "${D}"/bin/gen-manpages
dobin bin/*
doman man/*
newconfd "${FILESDIR}"/${PN}.confd "${PN}"
newinitd "${FILESDIR}"/${PN}.initd "${PN}"
systemd_dounit containerd.service
keepdir /var/lib/containerd
# we already installed manpages, remove markdown source
# before installing docs directory
rm -r docs/man || die
local DOCS=( ADOPTERS.md README.md RELEASES.md ROADMAP.md SCOPE.md docs/. )
einstalldocs
}

1
sdk_container/src/third_party/coreos-overlay/app-eselect/eselect-go/Manifest vendored
View File

@ -1 +0,0 @@
DIST eselect-go-0.1.0.tar.gz 104232 BLAKE2B 770773f990509bdfcdb1c463f01915526358fe28b440be288dad0833a4e8647cf52ba136569b4e7b46c71b80c6ffd43075fd25bfb516ec5790f80067247e08c5 SHA512 b7e9bf07bc7026115d639ed893c54332d63cd2d7a46a6f3b2f8a6748658dfb82f09e875def8bf9abecfb1e39f054ef194b39b0c415ac9ce69ea03332125d4c1f

36
sdk_container/src/third_party/coreos-overlay/app-eselect/eselect-go/eselect-go-0.1.0-r1.ebuild vendored
View File

@ -1,36 +0,0 @@
# Copyright 2016 CoreOS, Inc.
# Distributed under the terms of the GNU General Public License v2
EAPI=8
DESCRIPTION="Eselect module for managing multiple Go versions"
HOMEPAGE="https://github.com/coreos/eselect-go"
SRC_URI="https://github.com/coreos/eselect-go/releases/download/v${PV}/${P}.tar.gz"
# Note for future releases: the tarball was generated via `make dist` and
# uploaded to GitHub so there is no need for initializing autotools here.
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="amd64 arm64"
IUSE="test"
RESTRICT="!test? ( test )"
DEPEND="test? ( dev-libs/glib )"
RDEPEND="app-admin/eselect
!dev-lang/go:0"
src_configure() {
# Go is installed to /usr/lib, not /usr/lib64
econf --libdir=/usr/lib
}
src_install() {
keepdir /etc/env.d/go
default
}
pkg_postinst() {
if has_version 'dev-lang/go'; then
eselect go update --if-unset
fi
}

12
sdk_container/src/third_party/coreos-overlay/app-eselect/eselect-go/metadata.xml vendored
View File

@ -1,12 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<longdescription lang="en">
This tool is intended for use in the CoreOS SDK in order to support
packages or architectures that cannot upgrade to the same Go version
all at the same time. Gentoo doesn't support this use case.
</longdescription>
<upstream>
<remote-id type="github">coreos/eselect-go</remote-id>
</upstream>
</pkgmetadata>

10
sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.107.ebuild → sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.107-r1.ebuild vendored
View File

@ -21,11 +21,15 @@ SLOT="0"
KEYWORDS="amd64 arm64"
IUSE=""
RDEPEND="dev-libs/openssl
RDEPEND="
>=app-misc/c_rehash-1.7-r1
dev-libs/openssl
sys-apps/findutils
sys-apps/systemd"
sys-apps/systemd
"
DEPEND="${RDEPEND}
${PYTHON_DEPS}"
${PYTHON_DEPS}
"
pkg_setup() {
python-any-r1_pkg_setup

0
sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r317.ebuild → sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r318.ebuild vendored
View File

3
sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild vendored
View File

@ -219,5 +219,8 @@ RDEPEND+="
# Group and user packages to eventually replace passwd in baselayout.
RDEPEND="${RDEPEND}
acct-group/floppy
acct-group/man
acct-group/uucp
acct-user/man
"

2
sdk_container/src/third_party/coreos-overlay/coreos-base/hard-host-depends/hard-host-depends-0.0.1.ebuild vendored
View File

@ -36,7 +36,7 @@ RDEPEND="${RDEPEND}
app-text/xmlto
dev-build/gtk-doc-am
dev-lang/go-bootstrap
dev-lang/go:1.22
dev-lang/go
dev-lang/nasm
=dev-lang/python-3*
dev-lang/swig

14
sdk_container/src/third_party/coreos-overlay/coreos/config/env/app-admin/sudo vendored Normal file
View File

@ -0,0 +1,14 @@
cros_post_src_install_keep_etc_sudoers_d() {
# Flatcar: Build system installs /etc/sudoers.d, let's make
# sure we keep having it.
#
# Upstream PR: https://github.com/gentoo/gentoo/pull/37397
keepdir /etc/sudoers.d
}
# We don't ship OpenLDAP schemas (why?) and we provide sudo.conf
# through baselayout.
sudo_install_mask='/etc/openldap/schema /etc/sudo.conf'
INSTALL_MASK+=" ${sudo_install_mask}"
PKG_INSTALL_MASK+=" ${sudo_install_mask}"
unset sudo_install_mask

12
sdk_container/src/third_party/coreos-overlay/coreos/config/env/app-containers/docker vendored Normal file
View File

@ -0,0 +1,12 @@
# Fix cross-compilation by setting up the environment properly.
#
# This is what go-module_src_unpack does, but docker does not use it.
cros_pre_src_unpack_set_build_env() {
if use amd64 || use arm || use arm64 ||
( use ppc64 && [[ $(tc-endian) == "little" ]] ) || use s390 || use x86; then
GOFLAGS="-buildmode=pie ${GOFLAGS}"
fi
GOFLAGS="${GOFLAGS} -p=$(makeopts_jobs)"
go-env_set_compile_environment
}

12
sdk_container/src/third_party/coreos-overlay/coreos/config/env/app-containers/docker-cli vendored Normal file
View File

@ -0,0 +1,12 @@
# Fix cross-compilation by setting up the environment properly.
#
# This is what go-module_src_unpack does, but docker does not use it.
cros_pre_src_unpack_set_build_env() {
if use amd64 || use arm || use arm64 ||
( use ppc64 && [[ $(tc-endian) == "little" ]] ) || use s390 || use x86; then
GOFLAGS="-buildmode=pie ${GOFLAGS}"
fi
GOFLAGS="${GOFLAGS} -p=$(makeopts_jobs)"
go-env_set_compile_environment
}

29
sdk_container/src/third_party/coreos-overlay/coreos/config/env/dev-libs/openssl vendored Normal file
View File

@ -0,0 +1,29 @@
# A hack to avoid rehashing certs in a nonexistent directory.
flatcar_hacked_openssl=$(command -v openssl)
openssl() {
if [[ ${#} -gt 0 && ${1} = 'rehash' ]]; then
return;
fi
"${flatcar_hacked_openssl}" "${@}"
}
cros_post_src_install_certs() {
# Do not keep the sample CA files in /etc.
rm -rf "${ED}${SSL_CNF_DIR}"
# Save the default openssl.cnf in /etc.
diropts -m0755
insinto "${SSL_CNF_DIR}"
doins "${S}/apps/openssl.cnf"
# Recreate the private directory.
diropts -m0700
keepdir "${SSL_CNF_DIR}/private"
diropts -m0755
# Create a symlink for backward-compatibility.
dosym -r /usr/share/flatcar/etc/ssl/openssl.cnf /usr/share/ssl/openssl.cnf
# And an empty file, so the compat symlink is not dangling. It
# will be replaced later with a valid file from /etc.
insinto /usr/share/flatcar/etc/ssl
newins - openssl.cnf
}

27
sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-libs/glibc vendored Normal file
View File

@ -0,0 +1,27 @@
# A terrible hack to actually strip our binaries. We want to make
# "dostrip -x /" a no-op, otherwise pass everything to the original
# dostrip.
eval "$(echo 'flatcar_hacked_dostrip()'; declare -pf dostrip | tail -n + 2)"
dostrip() {
if [[ ${#} = 2 && ${1} = '-x' && ${2} = '/' ]]; then
return
fi
flatcar_hacked_dostrip "${@}"
}
cros_post_src_install_etc_munging() {
# Clean out any default configs. Baselayout will provide those.
rm -rf "${ED}"/etc
# Restore this one for the SDK.
test ! -e "${T}"/00glibc || doenvd "${T}"/00glibc
# Create nscd directories and config.
keepdir /var/db/nscd
insinto /etc
doins "${S}/nscd/nscd.conf"
# Create a symlink for backward-compatibility.
dosym -r /usr/share/flatcar/etc/nscd.conf /usr/share/baselayout/nscd.conf
# And an empty file, so the compat symlink is not dangling. It
# will be replaced later with a valid file from /etc.
insinto /usr/share/flatcar/etc
newins - nscd.conf
}

1
sdk_container/src/third_party/coreos-overlay/coreos/user-patches/cross-aarch64-cros-linux-gnu/gcc vendored
View File

@ -1 +0,0 @@
../sys-devel/gcc

1
sdk_container/src/third_party/coreos-overlay/coreos/user-patches/cross-x86_64-cros-linux-gnu/gcc vendored
View File

@ -1 +0,0 @@
../sys-devel/gcc

68
sdk_container/src/third_party/coreos-overlay/coreos/user-patches/dev-lang/go/0001-cmd-link-stop-forcing-binutils-gold-dependency-on-aa.patch vendored Normal file
View File

@ -0,0 +1,68 @@
From 6d265b008e3d106b2706645e5a88cd8e2fb98953 Mon Sep 17 00:00:00 2001
From: Dirk Müller <dirk@dmllr.de>
Date: Wed, 09 Mar 2022 17:47:23 +0100
Subject: [PATCH] cmd/link: stop forcing binutils-gold dependency on aarch64
The bfd linker appears to be working just fine at least in version
2.41 or above. Reject the known broken one instead, which
avoids an architecture specific linker dependency that
is cumbersome for distributions.
Fixes #22040.
Change-Id: I9f377e47c22ef20497479c0978c053ed5de46a38
---
diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go
index 2d8f964..fcf0bc7 100644
--- a/src/cmd/link/internal/ld/lib.go
+++ b/src/cmd/link/internal/ld/lib.go
@@ -1670,27 +1670,6 @@
// Use lld to avoid errors from default linker (issue #38838)
altLinker = "lld"
}
-
- if ctxt.Arch.InFamily(sys.ARM64) && buildcfg.GOOS == "linux" {
- // On ARM64, the GNU linker will fail with
- // -znocopyreloc if it thinks a COPY relocation is
- // required. Switch to gold.
- // https://sourceware.org/bugzilla/show_bug.cgi?id=19962
- // https://go.dev/issue/22040
- altLinker = "gold"
-
- // If gold is not installed, gcc will silently switch
- // back to ld.bfd. So we parse the version information
- // and provide a useful error if gold is missing.
- name, args := flagExtld[0], flagExtld[1:]
- args = append(args, "-fuse-ld=gold", "-Wl,--version")
- cmd := exec.Command(name, args...)
- if out, err := cmd.CombinedOutput(); err == nil {
- if !bytes.Contains(out, []byte("GNU gold")) {
- log.Fatalf("ARM64 external linker must be gold (issue #15696, 22040), but is not: %s", out)
- }
- }
- }
}
if ctxt.Arch.Family == sys.ARM64 && buildcfg.GOOS == "freebsd" {
// Switch to ld.bfd on freebsd/arm64.
diff --git a/src/make.bash b/src/make.bash
index b67ae15..7df4910 100755
--- a/src/make.bash
+++ b/src/make.bash
@@ -94,6 +94,16 @@
;;
esac
+# Test for bad bfd.ld
+if test "$(uname -m)" = "aarch64" && ld -v | grep -E "GNU ld.* 2\.([0-3]|40)"; then
+ echo 'ERROR: Your system uses bfd.LD 2.40 or older which has issues with dynamic linking on aarch64'
+ echo 'Consider upgrading or switching to binutils-gold.'
+ echo
+ echo 'See https://sourceware.org/bugzilla/show_bug.cgi?id=30437'
+
+ exit 1
+fi
+
# Test for bad ld.
if ld --version 2>&1 | grep 'gold.* 2\.20' >/dev/null; then
echo 'ERROR: Your system has gold 2.20 installed.'

6
sdk_container/src/third_party/coreos-overlay/coreos/user-patches/dev-lang/go/README.md vendored Normal file
View File

@ -0,0 +1,6 @@
The `0001-cmd-link-stop-forcing-binutils-gold-dependency-on-aa.patch`
drops the use of the gold linker. Track the following to see when it
needs to be dropped:
- https://go-review.googlesource.com/c/go/+/391115
- https://github.com/golang/go/issues/22040

2
sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-auth/sssd/README.md vendored
View File

@ -1,3 +1,3 @@
The `0001-Assume-that-callbacks-are-not-broken-in-OpenLDAP-whe.patch` allows
the project to be cross-compiled without disabling LDAP connection
callbacks. It is being upstreamed.
callbacks. Drop when updating to >=2.9.7 or >=2.10.2.

8
sdk_container/src/third_party/coreos-overlay/dev-lang/go/go-1.22.11.ebuild vendored
View File

@ -1,8 +0,0 @@
# Copyright 2022 Flatcar Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit coreos-go-lang
KEYWORDS="-* amd64 arm64"

2
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/Manifest vendored
View File

@ -1,2 +0,0 @@
DIST openssl-3.2.3.tar.gz 17762604 BLAKE2B 1445336aa92d0fd9df266ad570fe2bf5701279e462dd3fccd4cf662f328bfee923dc6c72c42c1921fd38bce43e1c60cacdec3f1c2963fe0ffda6a0e8e34ac6e4 SHA512 9e9f06ab630914e32e64bfb945dfa375ea3595b3db4eb8ef68288a58909baf753b34998439907c22ff2b8561cfd3f3f6b7fbf22981479e66a98c2e92fda172a2
DIST openssl-3.2.3.tar.gz.asc 833 BLAKE2B 5a7289ed40534a058b9eb7686ce444b9d453a2973ab7ebda01c99f7245f6ba19197123f8bb3b16940d4bfbc5e313babc0249f280e55911190b47da3a47ed1e6a SHA512 e727adb88f84c48082ef0cae963bf999cce11619f7322014cc7f36c16e8375a60542f518c1b86319208cf8da33044e942b3d65208bc59fd4a5f522ab78ff1c23

3
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl.conf vendored
View File

@ -1,3 +0,0 @@
d /etc/ssl - - - - -
d /etc/ssl/private 0700 - - - -
L /etc/ssl/openssl.cnf - - - - ../../usr/share/ssl/openssl.cnf

5
sdk_container/src/third_party/coreos-overlay/eclass/coreos-go-depend.eclass vendored
View File

@ -13,11 +13,10 @@
# @CODE
# COREOS_GO_VERSION=go1.20
# @CODE
export COREOS_GO_VERSION="${COREOS_GO_VERSION:-go1.22}"
export COREOS_GO_VERSION="${COREOS_GO_VERSION:-go1.23}"
case "${EAPI:-0}" in
5|6) DEPEND="dev-lang/go:${COREOS_GO_VERSION#go}=" ;;
7|8) BDEPEND="dev-lang/go:${COREOS_GO_VERSION#go}=" ;;
7|8) BDEPEND=">=dev-lang/go-${COREOS_GO_VERSION#go}:=" ;;
*) die "Unsupported EAPI=${EAPI} for ${ECLASS}"
esac

121
sdk_container/src/third_party/coreos-overlay/eclass/coreos-go-lang.eclass vendored
View File

@ -1,121 +0,0 @@
# Copyright 2016 CoreOS, Inc.
# Distributed under the terms of the GNU General Public License v2
# @ECLASS: coreos-go-lang.eclass
# @BLURB: Common functionality for building Go itself
# @DESCRIPTION:
# Only dev-lang/go ebuilds should inherit this eclass.
#
# Native (${CHOST} == ${CTARGET}):
#
case "${EAPI:-0}" in
6|7|8) ;;
*) die "Unsupported EAPI=${EAPI} for ${ECLASS}"
esac
inherit coreos-go-utils toolchain-funcs
export CBUILD=${CBUILD:-${CHOST}}
export CTARGET=${CTARGET:-${CHOST}}
# Determine the main SLOT we will be using, e.g.: PV=1.5.3 SLOT=1.5
GOSLOT="$(ver_cut 1-2)"
DESCRIPTION="A concurrent garbage collected and typesafe programming language"
HOMEPAGE="http://www.golang.org"
SRC_URI="https://storage.googleapis.com/golang/go${PV}.src.tar.gz"
LICENSE="BSD"
SLOT="${GOSLOT}/${PV}"
IUSE=""
RDEPEND="app-eselect/eselect-go"
DEPEND="${RDEPEND}
>=dev-lang/go-bootstrap-1.17.13"
# These test data objects have writable/executable stacks.
QA_EXECSTACK="usr/lib/go${GOSLOT}/src/debug/elf/testdata/*.obj"
# Similarly, test data is never executed so don't check link dependencies.
REQUIRES_EXCLUDE="/usr/lib/go/src/debug/elf/testdata/*"
# The tools in /usr/lib/go should not cause the multilib-strict check to fail.
QA_MULTILIB_PATHS="usr/lib/go${GOSLOT}/pkg/tool/.*/.*"
# The go language uses *.a files which are _NOT_ libraries and should not be
# stripped. The test data objects should also be left alone and unstripped.
STRIP_MASK="*.a /usr/lib/go${GOSLOT}/src/*"
S="${WORKDIR}/go"
coreos-go-lang_pkg_pretend() {
# make.bash does not understand cross-compiling a cross-compiler
if [[ $(go_tuple) != $(go_tuple ${CTARGET}) ]]; then
die "CHOST CTARGET pair unsupported: CHOST=${CHOST} CTARGET=${CTARGET}"
fi
}
coreos-go-lang_src_compile() {
export GOROOT_BOOTSTRAP="${EPREFIX}/usr/lib/go-bootstrap"
export GOROOT_FINAL="${EPREFIX}/usr/lib/go${GOSLOT}"
export GOROOT="${S}"
export GOBIN="${GOROOT}/bin"
# Go's build script does not use BUILD/HOST/TARGET consistently. :(
go_export
export GOHOSTARCH=$(go_arch ${CBUILD})
export GOHOSTOS=$(go_os ${CBUILD})
export CC_FOR_TARGET=$(tc-getCC)
export CXX_FOR_TARGET=$(tc-getCXX)
# Must be set *after* calling tc-getCC
export CC=$(tc-getBUILD_CC)
cd src
./make.bash || die "build failed"
}
coreos-go-lang_src_test() {
go_cross_compile && return 0
cd src
PATH="${GOBIN}:${PATH}" \
./run.bash -no-rebuild || die "tests failed"
}
coreos-go-lang_src_install() {
exeinto "/usr/lib/go${GOSLOT}/bin"
if go_cross_compile; then
doexe "${GOBIN}/$(go_tuple)/"{go,gofmt}
else
doexe "${GOBIN}/"{go,gofmt}
fi
dosym "../lib/go${GOSLOT}/bin/go" "/usr/bin/go${GOSLOT}"
dosym "../lib/go${GOSLOT}/bin/gofmt" "/usr/bin/gofmt${GOSLOT}"
exeinto "/usr/lib/go${GOSLOT}/pkg/tool/$(go_tuple)"
doexe "pkg/tool/$(go_tuple)/"*
insopts -m0644 -p # preserve timestamps
insinto "/usr/lib/go${GOSLOT}"
doins -r doc lib src
insinto "/usr/lib/go${GOSLOT}/pkg"
doins -r "pkg/include"
# Install pkg/linux_{amd64,arm64} only for Go <= 1.19, as Go 1.20+
# does not ship pre-compiled package archives for the standard library
# in $GOROOT/pkg. See https://go.dev/doc/go1.20.
ver_test "${GOSLOT}" -lt 1.20 && doins -r "pkg/$(go_tuple)"
dodoc CONTRIBUTING.md PATENTS README.md
}
coreos-go-lang_pkg_postinst() {
eselect go update
}
coreos-go-lang_pkg_postrm() {
eselect go update
}
EXPORT_FUNCTIONS pkg_pretend src_compile src_test src_install pkg_postinst pkg_postrm

4
sdk_container/src/third_party/coreos-overlay/eclass/coreos-go-utils.eclass vendored
View File

@ -91,9 +91,7 @@ go_export() {
export CGO_CPPFLAGS="${CPPFLAGS}"
export CGO_CXXFLAGS="${CXXFLAGS}"
export CGO_LDFLAGS="${LDFLAGS}"
# Ensure the `go` wrapper calls the version we expect
export EGO="${COREOS_GO_VERSION}"
export EGO=go
# With Go >= 1.16, GO111MODULE=on is set by default.
# Few of our repos still don't support Go modules so we would need to set

36
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords vendored
View File

@ -7,21 +7,8 @@
# Gentoo upstream package stabilisation
# (the following packages are "unstable" upstream; we're stabilising these)
# Handled by automation
=app-containers/containerd-1.7.23 ~amd64 ~arm64 # DO NOT EDIT THIS LINE. Added by containerd-apply-patch.sh on 2024-10-18 08:06:10
# Keep versions on both arches in sync.
=app-containers/cri-tools-1.27.0 ~arm64
# Accept unstable for Docker and its CLI.
=app-containers/docker-27.3.1 ~amd64 ~arm64
=app-containers/docker-cli-27.3.1 ~amd64 ~arm64
# These seem to be the versions we initially got, but the
# modifications made to the ebuilds were clobbered, so these are here
# to keep using the same version. Can be dropped when these or newer
# get stabilized in Gentoo.
=app-containers/runc-1.1.14 ~amd64 ~arm64
=app-containers/cri-tools-1.32.0 ~arm64
# Seems to be the only available ebuild in portage-stable right now.
=app-crypt/adcli-0.9.2 ~arm64
@ -38,19 +25,19 @@
# We need the new --provider option.
=app-crypt/p11-kit-0.25.5 ~amd64 ~arm64
# Needed in SDK for Secure Boot.
=app-emulation/virt-firmware-24.7 ~amd64
# Needed by arm64-native SDK.
=app-emulation/open-vmdk-1.0 *
# Keep versions on both arches in sync.
=app-emulation/qemu-guest-agent-8.2.0 ~arm64
=dev-build/meson-1.5.2 ~arm64
=dev-build/meson-1.6.1 ~arm64
=dev-cpp/glog-0.6.0 ~arm64
=dev-lang/yasm-1.3.0-r1 ~arm64
=dev-libs/ding-libs-0.6.2-r1 ~arm64
# Needed to address CVE-2024-52533
=dev-libs/glib-2.82.4-r1 ~amd64 ~arm64
# The only available ebuild (from GURU) has ~amd64 and no keyword for arm64 yet.
=dev-libs/jose-12 **
@ -63,7 +50,12 @@
# Catalyst 4 is not stable yet, but earlier versions are masked now.
=dev-util/catalyst-4.0.0 ~amd64 ~arm64
# Needed to address CVE-2024-52533
=dev-util/gdbus-codegen-2.82.4 ~amd64 ~arm64
=dev-util/glib-utils-2.82.4 ~amd64 ~arm64
# Keep versions on both arches in sync.
=dev-util/maturin-1.8.1 ~arm64
=net-firewall/conntrack-tools-1.4.8-r1 ~arm64
=net-libs/libnetfilter_cthelper-1.0.1-r1 ~arm64
=net-libs/libnetfilter_cttimeout-1.0.1 ~arm64
@ -78,8 +70,12 @@
=sys-apps/azure-vm-utils-0.4.0 ~amd64 ~arm64
# Keep versions on both arches in sync.
=sys-apps/zram-generator-1.1.2-r1 ~arm64
=sys-auth/sssd-2.9.5 ~arm64
=sys-apps/zram-generator-1.2.1 ~arm64
# Needed to avoid pulling python into production images.
=sys-auth/sssd-2.9.6-r1 ~amd64 ~arm64
# Keep versions on both arches in sync.
=sys-boot/mokutil-0.7.2 **
# Enable ipvsadm for arm64.

3
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.mask vendored
View File

@ -20,6 +20,3 @@
# Pulls in LLVM and clang.
>=sys-block/thin-provisioning-tools-1.0.14
# Pulls in python into production.
>=sys-auth/sssd-2.9.6

2
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use vendored
View File

@ -59,7 +59,7 @@ sys-libs/glibc nscd
dev-libs/cyrus-sasl kerberos -gdbm
# don't build manpages for sssd
sys-auth/sssd -python samba kerberos gssapi ssh sudo selinux
sys-auth/sssd -python samba kerberos gssapi ssh selinux
# enable logging command-line options in update_engine
dev-cpp/glog gflags

3
sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.provided vendored
View File

@ -21,3 +21,6 @@ app-misc/editor-wrapper-4
acct-group/named-0-r3
acct-user/named-0-r3
sys-process/psmisc-23.7
# Pulled in by app-admin/sudo
dev-lang/perl-5.40.0

4
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest vendored
View File

@ -1,4 +0,0 @@
DIST gcc-multilib-bootstrap-20201208.tar.xz 5528452 BLAKE2B 16699a6e4df5b2f28a21776ae9e3728b26a9ea251f5580aa5349545ad7c9f6145b9cb6a12ca8f5f96b9cb2a3c70b7e66ca702e4c6f083ac00408e0a20a69e613 SHA512 a243f505e17d0a7e144e8713c077582412f61d6cf7f79baa846de4fb77f5e0f27e11c9a785e14624e04ac52287b32164e7995323aa11caef59113ac438254347
DIST glibc-2.38-patches-13.tar.xz 92708 BLAKE2B b2f05a793c92ea0b7901d2124fcd968fa846fdf687f8cbdbc17795c33fae2d538133fae66d575c5b98a7a05a29f9f816e7ecd45f3be5ed10ef65adbf92c7fc4d SHA512 24e45a88fa7676ef22a7e2bb864dff27262f69900c4ef76d21c6fee498d728949b6f5d03dd094d1774a66a8a47b779bf4b16ee31e5306bcdb55cedcc0a1c5e9f
DIST glibc-2.38.tar.xz 18913712 BLAKE2B f9b039f0ef98a7dd8e1cba228ed10286b9e4fbe4dd89af4d26fa5c4e4cf266f19c2746b44d797ce54739d86499e74cf334aaf311bcf6e30120fd7748453e653f SHA512 a6dd5e42dcd63d58e2820c783522c8c895890b6e8c8e6c83b025553de0cc77cdf227e7044e431ead98c89c68a9ce4dd63509b47e647775fb2075f011849c1900
DIST glibc-systemd-20210729.tar.gz 1480 BLAKE2B 37722c7579df782d890e44dbab99c3de52ab466eb9de80d82405e9bb5620bf39ffc8c5f466a435bdb86ef6d36dd7019c0736573916bda6c67d02a2581e0ec979 SHA512 efd75af58b50522c28cdac7abd1fc56555bc1bb042512c90d8340c1ec09c5791b3872a305bf83723252bbde5855b75d958c041083457765c4cfd170732d09238

9
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/README.md vendored
View File

@ -1,9 +0,0 @@
# GLibc
The system's C library, sometimes referred to as "service pack for the C
language". The build recipe has a single modification over the one Gentoo
upstream uses: in the installation callback `glibc_do_src_install`, we remove
all of glibc's `/etc` files right after the stock glibc build diligently
installed them, since we ship our own `/etc` stuff via the `baseimage` recipe.
The addition sits at the end of the `glibc_do_src_install` function and is duly
labelled `## Flatcar Container Linux: ...`.

2
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/nscd-conf.tmpfiles vendored
View File

@ -1,2 +0,0 @@
L /etc/nscd.conf - - - - ../usr/share/baselayout/nscd.conf
d /var/db/nscd - - - - -

8
sdk_container/src/third_party/portage-stable/app-admin/sudo/Manifest vendored Normal file
View File

@ -0,0 +1,8 @@
DIST sudo-1.9.15p5.tar.gz 5306611 BLAKE2B 73ee598c2a2848d5be24f97492b13eba2f326c514799220e43a1aeafc6692224a7555fb7cc0a96a2720751d3e4d98e752804db589ac3c1476f24e71f5b9bc720 SHA512 ebac69719de2fe7bd587924701bdd24149bf376a68b17ec02f69b2b96d4bb6fa5eb8260a073ec5ea046d3ac69bb5b1c0b9d61709fe6a56f1f66e40817a70b15a
DIST sudo-1.9.15p5.tar.gz.sig 566 BLAKE2B ddd8fed1b3721aafdb32b762834168063c3f0f003ef5d83f1883615320da6fe89b08d72c8e893c8b2bf9fd892a40e47cc77d72672e43b5a24db50e7194d9bc4c SHA512 97480a3d27b546a93e997c3a1e8169904a7625ab8fa6198d0b7e1d2d040f55b2d58462cd08e5cc97c2f1c817b12343e35cdd7db207aee42785f2b95b17c600b0
DIST sudo-1.9.16.tar.gz 5392026 BLAKE2B 19daa789af3ca2c4832950f0dd6f26a97285fdc155f0d7c18ec1f1accafce9b86f2f5730d3bb0b8e7717c0c55f4079928e03acb3974cb2652c58d4bcb2f74a12 SHA512 1b0254eb5b75422bffd31a2ae8c56cb4e8e2ecc08e2fa687eddb638d4f2de2585fa7621c868c03423e9d636bfb5679a3758d504155dbdfd3eebfbdcbd8b58f7c
DIST sudo-1.9.16.tar.gz.sig 566 BLAKE2B 9eb9fd2db0de5b9ce965c2109a9722e0b5f0793b7c9003123b1540d7cb5b8178043221296fd51c7f0b24ce1b1cda9f196a6d50083da172ca2afcb8f130d8eae1 SHA512 edf066f9ffdf2653468f8b45866a65214f0dff0164318d5f6bd9252f6211e82522161b1b9621798fbc9112253e6940d7137d18e8b42e8c6e5ba52ccac64d99cf
DIST sudo-1.9.16p1.tar.gz 5396038 BLAKE2B 7f973510658e91af54121d8c4c634b26231ef270abac50f658c9ad8a446a7dbbc44cb878561fb8da51e4ec15ebc8873fdaed05be142907f96964ff42c7e4f896 SHA512 3239d16513c431383b6d54cf40690a9b8fcf905d9b8f5a2085679dd5daeaacbd7efb153b41fd672fc634277c3203aaa1dc18e6a6c01799ebc9948763ec93a038
DIST sudo-1.9.16p1.tar.gz.sig 566 BLAKE2B 0f68bb4a653cfaacf05d6c148f690ae0022035090e6e60df7efde6b25193ac46d12905ca898e5aadb8339ca3f08e27a4408edeb75f26f7e483f136026835aa24 SHA512 96cdd7f646d2fe7eeefce7710ba421be12a9bfd6811284ba8ccb3f7288b328531bbd7215cf0182c13670f2ec7c0ee25dfd6396214ddd61ee4ee153fec19bef7e
DIST sudo-1.9.16p2.tar.gz 5398419 BLAKE2B ef9f1c2cd4044454a808d1dff5f865355e1bd061d1b5c93a005207e28e9b9df7c267cf01358ce60dd2c98f6844b51dab00eac4e7a08bade1d621235c3a4774bf SHA512 1e2ea762671890a03b0ea4b95b3849f2d3a4c301432db8767433e9d80c517efd8b7a68e0bbce1b178aff5857907600f1f5e0d889779cb27e38c2f602395f6f06
DIST sudo-1.9.16p2.tar.gz.sig 566 BLAKE2B 90f90658a7d6ec3b32f6a726a2cd28e156826a65749a88a2a29d970e97804d2d75de856bc85c9a459233b59e35564c5fbf93aff53ffe42d17d0e94dd23724acd SHA512 7f0e3269c9befada535590b2cfc36f96cd70831b5c030df5b3bf8c7cb3eff296d22193429f940db4a0df849b4d8080e4006086c49869b4bbae663836b2632b49

54
sdk_container/src/third_party/portage-stable/app-admin/sudo/files/sudo-1.9.16-allow-disabling-secure-path.patch vendored Normal file
View File

@ -0,0 +1,54 @@
https://github.com/sudo-project/sudo/commit/131e7e2de02ab53cfefefe93978d7fee4cb8142d
From 131e7e2de02ab53cfefefe93978d7fee4cb8142d Mon Sep 17 00:00:00 2001
From: Andy Fiddaman <illumos@fiddaman.net>
Date: Tue, 17 Sep 2024 12:49:13 +0000
Subject: [PATCH] Allow --secure-path-value=no
This adds support for --with-secure-path-value=no to allow packagers
to ship the sudoers configuration file with the secure path
line commented out if required.
--- a/configure.ac
+++ b/configure.ac
@@ -177,6 +177,7 @@ AC_SUBST([sssd_lib])
AC_SUBST([nsswitch_conf])
AC_SUBST([netsvc_conf])
AC_SUBST([secure_path])
+AC_SUBST([secure_path_config])
AC_SUBST([secure_path_status])
AC_SUBST([editor])
AC_SUBST([pam_session])
@@ -230,6 +231,7 @@ sesh_file="$libexecdir/sudo/sesh"
visudo="$sbindir/visudo"
nsswitch_conf=/etc/nsswitch.conf
secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+secure_path_config=
secure_path_status="disabled"
pam_session=on
pam_login_service=sudo
@@ -1068,9 +1070,11 @@ AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path t
test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file"
SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file])
-AC_ARG_WITH(secure-path-value, [AS_HELP_STRING([--with-secure-path-value], [value of secure_path in the default sudoers file])],
+AC_ARG_WITH(secure-path-value, [AS_HELP_STRING([--with-secure-path-value], [value of secure_path in the default sudoers file, or "no" to comment out by default])],
[case $with_secure_path_value in
- yes|no) AC_MSG_ERROR([must give --secure-path-value an argument.])
+ yes) AC_MSG_ERROR([must give --with-secure-path-value an argument.])
+ ;;
+ no) secure_path_config="# "
;;
*) secure_path="$with_secure_path_value"
;;
--- a/plugins/sudoers/sudoers.in
+++ b/plugins/sudoers/sudoers.in
@@ -48,7 +48,7 @@ Defaults!@visudo@ env_keep += "SUDO_EDITOR EDITOR VISUAL"
## Use a hard-coded PATH instead of the user's to find commands.
## This also helps prevent poorly written scripts from running
## artbitrary commands under sudo.
-Defaults secure_path="@secure_path@"
+@secure_path_config@Defaults secure_path="@secure_path@"
##
## You may wish to keep some of the following environment variables
## when running commands via sudo.

0
sdk_container/src/third_party/coreos-overlay/app-admin/sudo/metadata.xml → sdk_container/src/third_party/portage-stable/app-admin/sudo/metadata.xml vendored
View File

27
sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.15_p5.ebuild → sdk_container/src/third_party/portage-stable/app-admin/sudo/sudo-1.9.15_p5-r1.ebuild vendored
View File

@ -3,7 +3,7 @@
EAPI=8
inherit pam libtool tmpfiles toolchain-funcs
inherit flag-o-matic pam libtool tmpfiles toolchain-funcs
MY_P="${P/_/}"
MY_P="${MY_P/beta/b}"
@ -33,7 +33,7 @@ else
"
if [[ ${PV} != *_beta* && ${PV} != *_rc* ]] ; then
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
fi
BDEPEND="verify-sig? ( sec-keys/openpgp-keys-sudo )"
@ -63,14 +63,13 @@ DEPEND="
selinux? ( sys-libs/libselinux )
skey? ( >=sys-auth/skey-1.1.5-r1 )
ssl? ( dev-libs/openssl:= )
sssd? ( sys-auth/sssd[sudo] )
sssd? ( sys-auth/sssd[sudo(+)] )
"
#Flatcar: Remove Perl runtime dependency
# ldap? ( dev-lang/perl )
RDEPEND="
${DEPEND}
>=app-misc/editor-wrapper-3
virtual/editor
ldap? ( dev-lang/perl )
pam? ( sys-auth/pambase )
selinux? ( sec-policy/selinux-sudo )
sendmail? ( virtual/mta )
@ -145,6 +144,9 @@ src_configure() {
# bug #767712
tc-export PKG_CONFIG
# https://github.com/sudo-project/sudo/issues/420
append-cflags -std=gnu17
# - audit: somebody got to explain me how I can test this before I
# enable it.. - Diego
# - plugindir: autoconf code is crappy and does not delay evaluation
@ -179,7 +181,7 @@ src_configure() {
$(use_with offensive all-insults)
$(use_with pam)
$(use_with pam pam-login)
$(use_with secure-path secure-path "${SECURE_PATH}")
"$(use_with secure-path secure-path "${SECURE_PATH}")"
$(use_with selinux)
$(use_with sendmail)
$(use_with skey)
@ -216,8 +218,8 @@ src_install() {
doins "${T}"/ldap.conf.sudo
fperms 0440 /etc/ldap.conf.sudo
#Flatcar: we don't ship OpenLDAP schemas
insinto /etc/openldap/schema
newins docs/schema.OpenLDAP sudo.schema
fi
if use pam ; then
@ -236,15 +238,6 @@ src_install() {
# bug #697812
find "${ED}" -type f -name "*.la" -delete || die
# Flatcar: Remove sudo.conf as it is shipped via baselayout
rm "${ED}/etc/sudo.conf" || die
# Flatcar: Build system installs /etc/sudoers.d, let's make
# sure we keep having it.
#
# Upstream PR: https://github.com/gentoo/gentoo/pull/37397
keepdir /etc/sudoers.d
}
pkg_postinst() {

296
sdk_container/src/third_party/portage-stable/app-admin/sudo/sudo-1.9.16-r2.ebuild vendored Normal file
View File

@ -0,0 +1,296 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit autotools flag-o-matic pam tmpfiles toolchain-funcs
MY_P="${P/_/}"
MY_P="${MY_P/beta/b}"
DESCRIPTION="Allows users or groups to run commands as other users"
HOMEPAGE="https://www.sudo.ws/"
if [[ ${PV} == 9999 ]] ; then
inherit mercurial
EHG_REPO_URI="https://www.sudo.ws/repos/sudo"
else
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/sudo.ws.asc
inherit verify-sig
uri_prefix=
case ${P} in
*_beta*|*_rc*) uri_prefix=beta/ ;;
esac
SRC_URI="
https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz
verify-sig? (
https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz.sig
ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz.sig
)
"
if [[ ${PV} != *_beta* && ${PV} != *_rc* ]] ; then
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
fi
BDEPEND="verify-sig? ( sec-keys/openpgp-keys-sudo )"
fi
S="${WORKDIR}/${MY_P}"
# Basic license is ISC-style as-is, some files are released under
# 3-clause BSD license
LICENSE="ISC BSD"
SLOT="0"
IUSE="gcrypt ldap nls offensive pam sasl +secure-path selinux +sendmail skey ssl sssd"
DEPEND="
sys-libs/zlib:=
virtual/libcrypt:=
gcrypt? ( dev-libs/libgcrypt:= )
ldap? (
>=net-nds/openldap-2.1.30-r1:=
sasl? (
dev-libs/cyrus-sasl
net-nds/openldap:=[sasl]
)
)
pam? ( sys-libs/pam )
sasl? ( dev-libs/cyrus-sasl )
selinux? ( sys-libs/libselinux )
skey? ( >=sys-auth/skey-1.1.5-r1 )
ssl? ( dev-libs/openssl:= )
sssd? ( sys-auth/sssd[sudo(+)] )
"
RDEPEND="
${DEPEND}
>=app-misc/editor-wrapper-3
virtual/editor
ldap? ( dev-lang/perl )
pam? ( sys-auth/pambase )
selinux? ( sec-policy/selinux-sudo )
sendmail? ( virtual/mta )
"
BDEPEND+="
app-alternatives/yacc
virtual/pkgconfig
"
REQUIRED_USE="
?? ( pam skey )
?? ( gcrypt ssl )
"
MAKEOPTS+=" SAMPLES="
PATCHES=(
"${FILESDIR}"/${PN}-1.9.16-allow-disabling-secure-path.patch
)
src_prepare() {
default
# eautoreconf temporarily for allow-disabling-secure-path patch
# in 1.9.16; revert to elibtoolize once that is gone.
eautoreconf
}
set_secure_path() {
# First extract the default ROOTPATH from build env
SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}")
case "${SECURE_PATH}" in
*/usr/sbin*)
;;
*)
SECURE_PATH=$(unset PATH; . "${EPREFIX}"/etc/profile.env; echo "${PATH}")
;;
esac
if [[ -z ${SECURE_PATH} ]] ; then
ewarn " Failed to detect SECURE_PATH, please report this"
fi
# Then remove duplicate path entries
cleanpath() {
local newpath thisp IFS=:
for thisp in $1 ; do
if [[ :${newpath}: != *:${thisp}:* ]] ; then
newpath+=:${thisp}
else
einfo " Duplicate entry ${thisp} removed..."
fi
done
SECURE_PATH=${newpath#:}
}
cleanpath /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}
# Finally, strip gcc paths, bug #136027
rmpath() {
local e newpath thisp IFS=:
for thisp in ${SECURE_PATH} ; do
for e ; do
[[ ${thisp} == ${e} ]] && continue 2 ;
done
newpath+=:${thisp}
done
SECURE_PATH=${newpath#:}
}
rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'
}
src_configure() {
local SECURE_PATH
set_secure_path
# bug #767712
tc-export PKG_CONFIG
# https://github.com/sudo-project/sudo/issues/420
append-cflags -std=gnu17
# - audit: somebody got to explain me how I can test this before I
# enable it.. - Diego
# - plugindir: autoconf code is crappy and does not delay evaluation
# until `make` time, so we have to use a full path here rather than
# basing off other values.
local myeconfargs=(
# We set all of the relevant options by ourselves (patched
# into the toolchain) and setting these in the build system
# actually causes a downgrade when using e.g. -D_FORTIFY_SOURCE=3
# (it'll downgrade to =2). So, this has no functional effect on
# the hardening for users. It's safe.
--disable-hardening
# requires some python eclass
--disable-python
--enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d
--enable-zlib=system
--with-editor="${EPREFIX}"/usr/libexec/editor
--with-env-editor
--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
--with-rundir="${EPREFIX}"/run/sudo
--with-vardir="${EPREFIX}"/var/db/sudo
--without-linux-audit
--without-opie
$(use_enable gcrypt)
$(use_enable nls)
$(use_enable sasl)
$(use_enable ssl openssl)
$(use_with ldap)
$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
$(use_with offensive insults)
$(use_with offensive all-insults)
$(use_with pam)
$(use_with pam pam-login)
$(use_with secure-path)
"$(use_with secure-path secure-path-value "${SECURE_PATH}")"
$(use_with selinux)
$(use_with sendmail)
$(use_with skey)
$(use_with sssd)
)
econf "${myeconfargs[@]}"
}
src_install() {
default
if use ldap ; then
dodoc README.LDAP.md
cat <<-EOF > "${T}"/ldap.conf.sudo
# See ldap.conf(5) and README.LDAP.md for details
# This file should only be readable by root
# supported directives: host, port, ssl, ldap_version
# uri, binddn, bindpw, sudoers_base, sudoers_debug
# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}
EOF
if use sasl ; then
cat <<-EOF >> "${T}"/ldap.conf.sudo
# SASL directives: use_sasl, sasl_mech, sasl_auth_id
# sasl_secprops, rootuse_sasl, rootsasl_auth_id, krb5_ccname
EOF
fi
insinto /etc
doins "${T}"/ldap.conf.sudo
fperms 0440 /etc/ldap.conf.sudo
insinto /etc/openldap/schema
newins docs/schema.OpenLDAP sudo.schema
fi
if use pam ; then
pamd_mimic system-auth sudo auth account session
pamd_mimic system-auth sudo-i auth account session
fi
keepdir /var/db/sudo/lectured
fperms 0700 /var/db/sudo/lectured
# bug #652958
fperms 0711 /var/db/sudo
# Don't install into /run as that is a tmpfs most of the time
# (bug #504854)
rm -rf "${ED}"/run || die
# bug #697812
find "${ED}" -type f -name "*.la" -delete || die
}
pkg_postinst() {
tmpfiles_process sudo.conf
# bug #652958
local sudo_db="${EROOT}/var/db/sudo"
if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
chmod 711 "${sudo_db}" || die
fi
if use ldap ; then
ewarn
ewarn "sudo uses the ${ROOT}/etc/ldap.conf.sudo file for ldap configuration."
ewarn
if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
ewarn "configured in ${ROOT}/etc/nsswitch.conf."
ewarn
ewarn "To make use of LDAP, add this line to your ${ROOT}/etc/nsswitch.conf:"
ewarn " sudoers: ldap files"
ewarn
fi
fi
if use prefix ; then
ewarn
ewarn "To use sudo on Prefix, you need to change file ownership and permissions"
ewarn "with root privileges, as follows:"
ewarn
ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo"
ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
ewarn " # chown root:root ${EPREFIX}/etc/sudoers"
ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d"
ewarn " # chown root:root ${EPREFIX}/var/db/sudo"
ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo"
ewarn
fi
elog "To use the -A (askpass) option, you need to install a compatible"
elog "password program from the following list. Starred packages will"
elog "automatically register for the use with sudo (but will not force"
elog "the -A option):"
elog ""
elog " [*] net-misc/ssh-askpass-fullscreen"
elog " net-misc/x11-ssh-askpass"
elog ""
elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
elog "variable to the program you want to use."
}

294
sdk_container/src/third_party/portage-stable/app-admin/sudo/sudo-1.9.16_p1-r1.ebuild vendored Normal file
View File

@ -0,0 +1,294 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit flag-o-matic pam tmpfiles toolchain-funcs
MY_P="${P/_/}"
MY_P="${MY_P/beta/b}"
DESCRIPTION="Allows users or groups to run commands as other users"
HOMEPAGE="https://www.sudo.ws/"
if [[ ${PV} == 9999 ]] ; then
inherit autotools mercurial
EHG_REPO_URI="https://www.sudo.ws/repos/sudo"
else
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/sudo.ws.asc
inherit libtool verify-sig
uri_prefix=
case ${P} in
*_beta*|*_rc*) uri_prefix=beta/ ;;
esac
SRC_URI="
https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz
verify-sig? (
https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz.sig
ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz.sig
)
"
if [[ ${PV} != *_beta* && ${PV} != *_rc* ]] ; then
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
fi
BDEPEND="verify-sig? ( sec-keys/openpgp-keys-sudo )"
fi
S="${WORKDIR}/${MY_P}"
# Basic license is ISC-style as-is, some files are released under
# 3-clause BSD license
LICENSE="ISC BSD"
SLOT="0"
IUSE="gcrypt ldap nls offensive pam sasl +secure-path selinux +sendmail skey ssl sssd"
DEPEND="
sys-libs/zlib:=
virtual/libcrypt:=
gcrypt? ( dev-libs/libgcrypt:= )
ldap? (
>=net-nds/openldap-2.1.30-r1:=
sasl? (
dev-libs/cyrus-sasl
net-nds/openldap:=[sasl]
)
)
pam? ( sys-libs/pam )
sasl? ( dev-libs/cyrus-sasl )
selinux? ( sys-libs/libselinux )
skey? ( >=sys-auth/skey-1.1.5-r1 )
ssl? ( dev-libs/openssl:= )
sssd? ( sys-auth/sssd[sudo(+)] )
"
RDEPEND="
${DEPEND}
>=app-misc/editor-wrapper-3
virtual/editor
ldap? ( dev-lang/perl )
pam? ( sys-auth/pambase )
selinux? ( sec-policy/selinux-sudo )
sendmail? ( virtual/mta )
"
BDEPEND+="
app-alternatives/yacc
virtual/pkgconfig
"
REQUIRED_USE="
?? ( pam skey )
?? ( gcrypt ssl )
"
MAKEOPTS+=" SAMPLES="
src_prepare() {
default
if [[ ${PV} == 9999 ]] ; then
eautoreconf
else
elibtoolize
fi
}
set_secure_path() {
# First extract the default ROOTPATH from build env
SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}")
case "${SECURE_PATH}" in
*/usr/sbin*)
;;
*)
SECURE_PATH=$(unset PATH; . "${EPREFIX}"/etc/profile.env; echo "${PATH}")
;;
esac
if [[ -z ${SECURE_PATH} ]] ; then
ewarn " Failed to detect SECURE_PATH, please report this"
fi
# Then remove duplicate path entries
cleanpath() {
local newpath thisp IFS=:
for thisp in $1 ; do
if [[ :${newpath}: != *:${thisp}:* ]] ; then
newpath+=:${thisp}
else
einfo " Duplicate entry ${thisp} removed..."
fi
done
SECURE_PATH=${newpath#:}
}
cleanpath /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}
# Finally, strip gcc paths, bug #136027
rmpath() {
local e newpath thisp IFS=:
for thisp in ${SECURE_PATH} ; do
for e ; do
[[ ${thisp} == ${e} ]] && continue 2 ;
done
newpath+=:${thisp}
done
SECURE_PATH=${newpath#:}
}
rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'
}
src_configure() {
local SECURE_PATH
set_secure_path
# bug #767712
tc-export PKG_CONFIG
# https://github.com/sudo-project/sudo/issues/420
append-cflags -std=gnu17
# - audit: somebody got to explain me how I can test this before I
# enable it.. - Diego
# - plugindir: autoconf code is crappy and does not delay evaluation
# until `make` time, so we have to use a full path here rather than
# basing off other values.
local myeconfargs=(
# We set all of the relevant options by ourselves (patched
# into the toolchain) and setting these in the build system
# actually causes a downgrade when using e.g. -D_FORTIFY_SOURCE=3
# (it'll downgrade to =2). So, this has no functional effect on
# the hardening for users. It's safe.
--disable-hardening
# requires some python eclass
--disable-python
--enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d
--enable-zlib=system
--with-editor="${EPREFIX}"/usr/libexec/editor
--with-env-editor
--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
--with-rundir="${EPREFIX}"/run/sudo
--with-vardir="${EPREFIX}"/var/db/sudo
--without-linux-audit
--without-opie
$(use_enable gcrypt)
$(use_enable nls)
$(use_enable sasl)
$(use_enable ssl openssl)
$(use_with ldap)
$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
$(use_with offensive insults)
$(use_with offensive all-insults)
$(use_with pam)
$(use_with pam pam-login)
$(use_with secure-path)
"$(use_with secure-path secure-path-value "${SECURE_PATH}")"
$(use_with selinux)
$(use_with sendmail)
$(use_with skey)
$(use_with sssd)
)
econf "${myeconfargs[@]}"
}
src_install() {
default
if use ldap ; then
dodoc README.LDAP.md
cat <<-EOF > "${T}"/ldap.conf.sudo
# See ldap.conf(5) and README.LDAP.md for details
# This file should only be readable by root
# supported directives: host, port, ssl, ldap_version
# uri, binddn, bindpw, sudoers_base, sudoers_debug
# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}
EOF
if use sasl ; then
cat <<-EOF >> "${T}"/ldap.conf.sudo
# SASL directives: use_sasl, sasl_mech, sasl_auth_id
# sasl_secprops, rootuse_sasl, rootsasl_auth_id, krb5_ccname
EOF
fi
insinto /etc
doins "${T}"/ldap.conf.sudo
fperms 0440 /etc/ldap.conf.sudo
insinto /etc/openldap/schema
newins docs/schema.OpenLDAP sudo.schema
fi
if use pam ; then
pamd_mimic system-auth sudo auth account session
pamd_mimic system-auth sudo-i auth account session
fi
keepdir /var/db/sudo/lectured
fperms 0700 /var/db/sudo/lectured
# bug #652958
fperms 0711 /var/db/sudo
# Don't install into /run as that is a tmpfs most of the time
# (bug #504854)
rm -rf "${ED}"/run || die
# bug #697812
find "${ED}" -type f -name "*.la" -delete || die
}
pkg_postinst() {
tmpfiles_process sudo.conf
# bug #652958
local sudo_db="${EROOT}/var/db/sudo"
if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
chmod 711 "${sudo_db}" || die
fi
if use ldap ; then
ewarn
ewarn "sudo uses the ${ROOT}/etc/ldap.conf.sudo file for ldap configuration."
ewarn
if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
ewarn "configured in ${ROOT}/etc/nsswitch.conf."
ewarn
ewarn "To make use of LDAP, add this line to your ${ROOT}/etc/nsswitch.conf:"
ewarn " sudoers: ldap files"
ewarn
fi
fi
if use prefix ; then
ewarn
ewarn "To use sudo on Prefix, you need to change file ownership and permissions"
ewarn "with root privileges, as follows:"
ewarn
ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo"
ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
ewarn " # chown root:root ${EPREFIX}/etc/sudoers"
ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d"
ewarn " # chown root:root ${EPREFIX}/var/db/sudo"
ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo"
ewarn
fi
elog "To use the -A (askpass) option, you need to install a compatible"
elog "password program from the following list. Starred packages will"
elog "automatically register for the use with sudo (but will not force"
elog "the -A option):"
elog ""
elog " [*] net-misc/ssh-askpass-fullscreen"
elog " net-misc/x11-ssh-askpass"
elog ""
elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
elog "variable to the program you want to use."
}

291
sdk_container/src/third_party/portage-stable/app-admin/sudo/sudo-1.9.16_p2-r1.ebuild vendored Normal file
View File

@ -0,0 +1,291 @@
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit flag-o-matic pam tmpfiles toolchain-funcs
MY_P="${P/_/}"
MY_P="${MY_P/beta/b}"
DESCRIPTION="Allows users or groups to run commands as other users"
HOMEPAGE="https://www.sudo.ws/"
if [[ ${PV} == 9999 ]] ; then
inherit autotools mercurial
EHG_REPO_URI="https://www.sudo.ws/repos/sudo"
else
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/sudo.ws.asc
inherit libtool verify-sig
uri_prefix=
case ${P} in
*_beta*|*_rc*) uri_prefix=beta/ ;;
esac
SRC_URI="
https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz
verify-sig? (
https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz.sig
ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz.sig
)
"
if [[ ${PV} != *_beta* && ${PV} != *_rc* ]] ; then
KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
fi
BDEPEND="verify-sig? ( sec-keys/openpgp-keys-sudo )"
fi
S="${WORKDIR}/${MY_P}"
# Basic license is ISC-style as-is, some files are released under
# 3-clause BSD license
LICENSE="ISC BSD"
SLOT="0"
IUSE="gcrypt ldap nls offensive pam sasl +secure-path selinux +sendmail skey ssl sssd"
DEPEND="
sys-libs/zlib:=
virtual/libcrypt:=
gcrypt? ( dev-libs/libgcrypt:= )
ldap? (
>=net-nds/openldap-2.1.30-r1:=
sasl? (
dev-libs/cyrus-sasl
net-nds/openldap:=[sasl]
)
)
pam? ( sys-libs/pam )
sasl? ( dev-libs/cyrus-sasl )
selinux? ( sys-libs/libselinux )
skey? ( >=sys-auth/skey-1.1.5-r1 )
ssl? ( dev-libs/openssl:= )
sssd? ( sys-auth/sssd[sudo(+)] )
"
RDEPEND="
${DEPEND}
>=app-misc/editor-wrapper-3
virtual/editor
ldap? ( dev-lang/perl )
pam? ( sys-auth/pambase )
selinux? ( sec-policy/selinux-sudo )
sendmail? ( virtual/mta )
"
BDEPEND+="
app-alternatives/yacc
virtual/pkgconfig
"
REQUIRED_USE="
?? ( pam skey )
?? ( gcrypt ssl )
"
MAKEOPTS+=" SAMPLES="
src_prepare() {
default
if [[ ${PV} == 9999 ]] ; then
eautoreconf
else
elibtoolize
fi
}
set_secure_path() {
# First extract the default ROOTPATH from build env
SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}")
case "${SECURE_PATH}" in
*/usr/sbin*)
;;
*)
SECURE_PATH=$(unset PATH; . "${EPREFIX}"/etc/profile.env; echo "${PATH}")
;;
esac
if [[ -z ${SECURE_PATH} ]] ; then
ewarn " Failed to detect SECURE_PATH, please report this"
fi
# Then remove duplicate path entries
cleanpath() {
local newpath thisp IFS=:
for thisp in $1 ; do
if [[ :${newpath}: != *:${thisp}:* ]] ; then
newpath+=:${thisp}
else
einfo " Duplicate entry ${thisp} removed..."
fi
done
SECURE_PATH=${newpath#:}
}
cleanpath /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}
# Finally, strip gcc paths, bug #136027
rmpath() {
local e newpath thisp IFS=:
for thisp in ${SECURE_PATH} ; do
for e ; do
[[ ${thisp} == ${e} ]] && continue 2 ;
done
newpath+=:${thisp}
done
SECURE_PATH=${newpath#:}
}
rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'
}
src_configure() {
local SECURE_PATH
set_secure_path
# bug #767712
tc-export PKG_CONFIG
# - audit: somebody got to explain me how I can test this before I
# enable it.. - Diego
# - plugindir: autoconf code is crappy and does not delay evaluation
# until `make` time, so we have to use a full path here rather than
# basing off other values.
local myeconfargs=(
# We set all of the relevant options by ourselves (patched
# into the toolchain) and setting these in the build system
# actually causes a downgrade when using e.g. -D_FORTIFY_SOURCE=3
# (it'll downgrade to =2). So, this has no functional effect on
# the hardening for users. It's safe.
--disable-hardening
# requires some python eclass
--disable-python
--enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d
--enable-zlib=system
--with-editor="${EPREFIX}"/usr/libexec/editor
--with-env-editor
--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
--with-rundir="${EPREFIX}"/run/sudo
--with-vardir="${EPREFIX}"/var/db/sudo
--without-linux-audit
--without-opie
$(use_enable gcrypt)
$(use_enable nls)
$(use_enable sasl)
$(use_enable ssl openssl)
$(use_with ldap)
$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
$(use_with offensive insults)
$(use_with offensive all-insults)
$(use_with pam)
$(use_with pam pam-login)
$(use_with secure-path)
"$(use_with secure-path secure-path-value "${SECURE_PATH}")"
$(use_with selinux)
$(use_with sendmail)
$(use_with skey)
$(use_with sssd)
)
econf "${myeconfargs[@]}"
}
src_install() {
default
if use ldap ; then
dodoc README.LDAP.md
cat <<-EOF > "${T}"/ldap.conf.sudo
# See ldap.conf(5) and README.LDAP.md for details
# This file should only be readable by root
# supported directives: host, port, ssl, ldap_version
# uri, binddn, bindpw, sudoers_base, sudoers_debug
# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}
EOF
if use sasl ; then
cat <<-EOF >> "${T}"/ldap.conf.sudo
# SASL directives: use_sasl, sasl_mech, sasl_auth_id
# sasl_secprops, rootuse_sasl, rootsasl_auth_id, krb5_ccname
EOF
fi
insinto /etc
doins "${T}"/ldap.conf.sudo
fperms 0440 /etc/ldap.conf.sudo
insinto /etc/openldap/schema
newins docs/schema.OpenLDAP sudo.schema
fi
if use pam ; then
pamd_mimic system-auth sudo auth account session
pamd_mimic system-auth sudo-i auth account session
fi
keepdir /var/db/sudo/lectured
fperms 0700 /var/db/sudo/lectured
# bug #652958
fperms 0711 /var/db/sudo
# Don't install into /run as that is a tmpfs most of the time
# (bug #504854)
rm -rf "${ED}"/run || die
# bug #697812
find "${ED}" -type f -name "*.la" -delete || die
}
pkg_postinst() {
tmpfiles_process sudo.conf
# bug #652958
local sudo_db="${EROOT}/var/db/sudo"
if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
chmod 711 "${sudo_db}" || die
fi
if use ldap ; then
ewarn
ewarn "sudo uses the ${ROOT}/etc/ldap.conf.sudo file for ldap configuration."
ewarn
if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
ewarn "configured in ${ROOT}/etc/nsswitch.conf."
ewarn
ewarn "To make use of LDAP, add this line to your ${ROOT}/etc/nsswitch.conf:"
ewarn " sudoers: ldap files"
ewarn
fi
fi
if use prefix ; then
ewarn
ewarn "To use sudo on Prefix, you need to change file ownership and permissions"
ewarn "with root privileges, as follows:"
ewarn
ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo"
ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
ewarn " # chown root:root ${EPREFIX}/etc/sudoers"
ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d"
ewarn " # chown root:root ${EPREFIX}/var/db/sudo"
ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo"
ewarn
fi
elog "To use the -A (askpass) option, you need to install a compatible"
elog "password program from the following list. Starred packages will"
elog "automatically register for the use with sudo (but will not force"
elog "the -A option):"
elog ""
elog " [*] net-misc/ssh-askpass-fullscreen"
elog " net-misc/x11-ssh-askpass"
elog ""
elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
elog "variable to the program you want to use."
}

294
sdk_container/src/third_party/portage-stable/app-admin/sudo/sudo-9999.ebuild vendored Normal file
View File

@ -0,0 +1,294 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit flag-o-matic pam tmpfiles toolchain-funcs
MY_P="${P/_/}"
MY_P="${MY_P/beta/b}"
DESCRIPTION="Allows users or groups to run commands as other users"
HOMEPAGE="https://www.sudo.ws/"
if [[ ${PV} == 9999 ]] ; then
inherit autotools mercurial
EHG_REPO_URI="https://www.sudo.ws/repos/sudo"
else
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/sudo.ws.asc
inherit libtool verify-sig
uri_prefix=
case ${P} in
*_beta*|*_rc*) uri_prefix=beta/ ;;
esac
SRC_URI="
https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz
verify-sig? (
https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz.sig
ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz.sig
)
"
if [[ ${PV} != *_beta* && ${PV} != *_rc* ]] ; then
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
fi
BDEPEND="verify-sig? ( sec-keys/openpgp-keys-sudo )"
fi
S="${WORKDIR}/${MY_P}"
# Basic license is ISC-style as-is, some files are released under
# 3-clause BSD license
LICENSE="ISC BSD"
SLOT="0"
IUSE="gcrypt ldap nls offensive pam sasl +secure-path selinux +sendmail skey ssl sssd"
DEPEND="
sys-libs/zlib:=
virtual/libcrypt:=
gcrypt? ( dev-libs/libgcrypt:= )
ldap? (
>=net-nds/openldap-2.1.30-r1:=
sasl? (
dev-libs/cyrus-sasl
net-nds/openldap:=[sasl]
)
)
pam? ( sys-libs/pam )
sasl? ( dev-libs/cyrus-sasl )
selinux? ( sys-libs/libselinux )
skey? ( >=sys-auth/skey-1.1.5-r1 )
ssl? ( dev-libs/openssl:= )
sssd? ( sys-auth/sssd[sudo(+)] )
"
RDEPEND="
${DEPEND}
>=app-misc/editor-wrapper-3
virtual/editor
ldap? ( dev-lang/perl )
pam? ( sys-auth/pambase )
selinux? ( sec-policy/selinux-sudo )
sendmail? ( virtual/mta )
"
BDEPEND+="
app-alternatives/yacc
virtual/pkgconfig
"
REQUIRED_USE="
?? ( pam skey )
?? ( gcrypt ssl )
"
MAKEOPTS+=" SAMPLES="
src_prepare() {
default
if [[ ${PV} == 9999 ]] ; then
eautoreconf
else
elibtoolize
fi
}
set_secure_path() {
# First extract the default ROOTPATH from build env
SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}")
case "${SECURE_PATH}" in
*/usr/sbin*)
;;
*)
SECURE_PATH=$(unset PATH; . "${EPREFIX}"/etc/profile.env; echo "${PATH}")
;;
esac
if [[ -z ${SECURE_PATH} ]] ; then
ewarn " Failed to detect SECURE_PATH, please report this"
fi
# Then remove duplicate path entries
cleanpath() {
local newpath thisp IFS=:
for thisp in $1 ; do
if [[ :${newpath}: != *:${thisp}:* ]] ; then
newpath+=:${thisp}
else
einfo " Duplicate entry ${thisp} removed..."
fi
done
SECURE_PATH=${newpath#:}
}
cleanpath /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}
# Finally, strip gcc paths, bug #136027
rmpath() {
local e newpath thisp IFS=:
for thisp in ${SECURE_PATH} ; do
for e ; do
[[ ${thisp} == ${e} ]] && continue 2 ;
done
newpath+=:${thisp}
done
SECURE_PATH=${newpath#:}
}
rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'
}
src_configure() {
local SECURE_PATH
set_secure_path
# bug #767712
tc-export PKG_CONFIG
# https://github.com/sudo-project/sudo/issues/420
append-cflags -std=gnu17
# - audit: somebody got to explain me how I can test this before I
# enable it.. - Diego
# - plugindir: autoconf code is crappy and does not delay evaluation
# until `make` time, so we have to use a full path here rather than
# basing off other values.
local myeconfargs=(
# We set all of the relevant options by ourselves (patched
# into the toolchain) and setting these in the build system
# actually causes a downgrade when using e.g. -D_FORTIFY_SOURCE=3
# (it'll downgrade to =2). So, this has no functional effect on
# the hardening for users. It's safe.
--disable-hardening
# requires some python eclass
--disable-python
--enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d
--enable-zlib=system
--with-editor="${EPREFIX}"/usr/libexec/editor
--with-env-editor
--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
--with-rundir="${EPREFIX}"/run/sudo
--with-vardir="${EPREFIX}"/var/db/sudo
--without-linux-audit
--without-opie
$(use_enable gcrypt)
$(use_enable nls)
$(use_enable sasl)
$(use_enable ssl openssl)
$(use_with ldap)
$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
$(use_with offensive insults)
$(use_with offensive all-insults)
$(use_with pam)
$(use_with pam pam-login)
$(use_with secure-path)
"$(use_with secure-path secure-path-value "${SECURE_PATH}")"
$(use_with selinux)
$(use_with sendmail)
$(use_with skey)
$(use_with sssd)
)
econf "${myeconfargs[@]}"
}
src_install() {
default
if use ldap ; then
dodoc README.LDAP.md
cat <<-EOF > "${T}"/ldap.conf.sudo
# See ldap.conf(5) and README.LDAP.md for details
# This file should only be readable by root
# supported directives: host, port, ssl, ldap_version
# uri, binddn, bindpw, sudoers_base, sudoers_debug
# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}
EOF
if use sasl ; then
cat <<-EOF >> "${T}"/ldap.conf.sudo
# SASL directives: use_sasl, sasl_mech, sasl_auth_id
# sasl_secprops, rootuse_sasl, rootsasl_auth_id, krb5_ccname
EOF
fi
insinto /etc
doins "${T}"/ldap.conf.sudo
fperms 0440 /etc/ldap.conf.sudo
insinto /etc/openldap/schema
newins docs/schema.OpenLDAP sudo.schema
fi
if use pam ; then
pamd_mimic system-auth sudo auth account session
pamd_mimic system-auth sudo-i auth account session
fi
keepdir /var/db/sudo/lectured
fperms 0700 /var/db/sudo/lectured
# bug #652958
fperms 0711 /var/db/sudo
# Don't install into /run as that is a tmpfs most of the time
# (bug #504854)
rm -rf "${ED}"/run || die
# bug #697812
find "${ED}" -type f -name "*.la" -delete || die
}
pkg_postinst() {
tmpfiles_process sudo.conf
# bug #652958
local sudo_db="${EROOT}/var/db/sudo"
if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
chmod 711 "${sudo_db}" || die
fi
if use ldap ; then
ewarn
ewarn "sudo uses the ${ROOT}/etc/ldap.conf.sudo file for ldap configuration."
ewarn
if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
ewarn "configured in ${ROOT}/etc/nsswitch.conf."
ewarn
ewarn "To make use of LDAP, add this line to your ${ROOT}/etc/nsswitch.conf:"
ewarn " sudoers: ldap files"
ewarn
fi
fi
if use prefix ; then
ewarn
ewarn "To use sudo on Prefix, you need to change file ownership and permissions"
ewarn "with root privileges, as follows:"
ewarn
ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo"
ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
ewarn " # chown root:root ${EPREFIX}/etc/sudoers"
ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d"
ewarn " # chown root:root ${EPREFIX}/var/db/sudo"
ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo"
ewarn
fi
elog "To use the -A (askpass) option, you need to install a compatible"
elog "password program from the following list. Starred packages will"
elog "automatically register for the use with sudo (but will not force"
elog "the -A option):"
elog ""
elog " [*] net-misc/ssh-askpass-fullscreen"
elog " net-misc/x11-ssh-askpass"
elog ""
elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
elog "variable to the program you want to use."
}

2
sdk_container/src/third_party/portage-stable/app-arch/ncompress/ncompress-5.0-r2.ebuild vendored
View File

@ -11,7 +11,7 @@ SRC_URI="https://github.com/vapier/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
LICENSE="public-domain"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~ppc-macos"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos"
PATCHES=(
"${FILESDIR}"/${PN}-5.0-c23.patch

50
sdk_container/src/third_party/portage-stable/app-arch/sharutils/files/sharutils-4.15.2-C23.patch vendored Normal file
View File

@ -0,0 +1,50 @@
https://bugs.gentoo.org/900248
https://bugs.gentoo.org/894322
missing include for textdomain and bindtextdomain
This is only one place we can put include, else weird
macro dance messes with it or we use gettext before we
mark it for assembly operations.
--- a/src/shar-opts.h
+++ b/src/shar-opts.h
@@ -373,6 +373,8 @@
# include <libintl.h>
# endif
+#include "gettext.h"
+
# ifndef ATTRIBUTE_FORMAT_ARG
# define ATTRIBUTE_FORMAT_ARG(_a)
# endif
--- a/src/unshar-opts.h
+++ b/src/unshar-opts.h
@@ -210,6 +210,8 @@
# include <libintl.h>
# endif
+#include "gettext.h"
+
# ifndef ATTRIBUTE_FORMAT_ARG
# define ATTRIBUTE_FORMAT_ARG(_a)
# endif
--- a/src/uudecode-opts.h
+++ b/src/uudecode-opts.h
@@ -188,6 +188,8 @@
# include <libintl.h>
# endif
+#include "gettext.h"
+
# ifndef ATTRIBUTE_FORMAT_ARG
# define ATTRIBUTE_FORMAT_ARG(_a)
# endif
--- a/src/uuencode-opts.h
+++ b/src/uuencode-opts.h
@@ -184,6 +184,8 @@
# include <libintl.h>
# endif
+#include "gettext.h"
+
# ifndef ATTRIBUTE_FORMAT_ARG
# define ATTRIBUTE_FORMAT_ARG(_a)
# endif

32
sdk_container/src/third_party/portage-stable/app-arch/sharutils/files/sharutils-4.15.2-dewhich.patch vendored Normal file
View File

@ -0,0 +1,32 @@
https://bugs.gentoo.org/941724
which-hunt
diff '--color=auto' -ru sharutils-4.15.2.old/libopts/m4/libopts.m4 sharutils-4.15.2/libopts/m4/libopts.m4
--- sharutils-4.15.2.old/libopts/m4/libopts.m4 2025-01-22 13:17:52.302369061 +0000
+++ sharutils-4.15.2/libopts/m4/libopts.m4 2025-01-22 13:19:46.096362975 +0000
@@ -114,9 +114,9 @@
AC_PROG_SED
[while :
do
- POSIX_SHELL=`which bash`
+ POSIX_SHELL=`command -v bash`
test -x "$POSIX_SHELL" && break
- POSIX_SHELL=`which dash`
+ POSIX_SHELL=`command -v dash`
test -x "$POSIX_SHELL" && break
POSIX_SHELL=/usr/xpg4/bin/sh
test -x "$POSIX_SHELL" && break
diff '--color=auto' -ru sharutils-4.15.2.old/m4/libopts.m4 sharutils-4.15.2/m4/libopts.m4
--- sharutils-4.15.2.old/m4/libopts.m4 2025-01-22 13:17:52.365018511 +0000
+++ sharutils-4.15.2/m4/libopts.m4 2025-01-22 13:19:17.856525747 +0000
@@ -114,9 +114,9 @@
AC_PROG_SED
[while :
do
- POSIX_SHELL=`which bash`
+ POSIX_SHELL=`command -v bash`
test -x "$POSIX_SHELL" && break
- POSIX_SHELL=`which dash`
+ POSIX_SHELL=`command -v dash`
test -x "$POSIX_SHELL" && break
POSIX_SHELL=/usr/xpg4/bin/sh
test -x "$POSIX_SHELL" && break

22
sdk_container/src/third_party/portage-stable/app-arch/sharutils/sharutils-4.15.2-r2.ebuild → sdk_container/src/third_party/portage-stable/app-arch/sharutils/sharutils-4.15.2-r3.ebuild vendored
View File

@ -1,9 +1,9 @@
# Copyright 1999-2024 Gentoo Authors
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
EAPI=8
inherit flag-o-matic strip-linguas
inherit flag-o-matic strip-linguas autotools
MY_P="${P/_/-}"
DESCRIPTION="Tools to deal with shar archives"
@ -21,9 +21,15 @@ DEPEND="app-arch/xz-utils
nls? ( >=sys-devel/gettext-0.10.35 )"
PATCHES=(
"${FILESDIR}"/${PN}-4.15.2-glibc228.patch
"${FILESDIR}"/${PN}-4.15.2-CVE-2018-1000097.patch
"${FILESDIR}"/${PN}-4.15.2-gcc-10.patch
"${FILESDIR}"/${P}-glibc228.patch
"${FILESDIR}"/${P}-CVE-2018-1000097.patch
"${FILESDIR}"/${P}-gcc-10.patch
"${FILESDIR}"/${P}-dewhich.patch
"${FILESDIR}"/${P}-C23.patch
)
QA_CONFIG_IMPL_DECL_SKIP=(
pathfind
)
src_prepare() {
@ -35,6 +41,10 @@ src_prepare() {
# bug #943901
append-cflags -std=gnu17
# bug https://bugs.gentoo.org/941724
# regenerate config after which removal
eautoreconf
}
src_configure() {

4
sdk_container/src/third_party/portage-stable/app-arch/xz-utils/Manifest vendored
View File

@ -4,3 +4,7 @@ DIST xz-5.6.2.tar.gz 2355785 BLAKE2B d2d5f9772714b5b5993ec26c313bd27dc10d88928d9
DIST xz-5.6.2.tar.gz.sig 566 BLAKE2B 9b1f19d0449de18057eb5bd3cceaa073fc245e9a05fb19fabdac98b1d2e708b39c8070130c522b78ff75df724e207f978d8da65e2ccb1c6fa295aa892eda0d23 SHA512 f3d1055a2a6e96eec2fd5c0b733f2ab5e150bac9645f1fe9a7558ed6f34a241b4f57e17fd4504f311be26cf1e2b9b797f2e78b1b9d2db02e9cd0c1548cb6160b
DIST xz-5.6.3.tar.gz 2279396 BLAKE2B 9f09926f1ec7d72e6564f5816101512717bcb37610b551616117818d4e6a3b6c00b4ac74bf13a06cd299ff199a0561f2c05a3884a6f6b7e94951de2c1c2e6dc3 SHA512 b07b45e18615d1946e9d12157af99b54700d757832a638fccab70549574dcd7f28e69e71cc4c0b9c808959f818e79b668a5ccf108429ea0f40b6125bfd55d274
DIST xz-5.6.3.tar.gz.sig 566 BLAKE2B b59899d9ddc3325bd0de084dac420440ccdeb5f57f3656300f235fdae997a8943c2dc44edc3b83150b78717a7bf761152f09b41035d245fa536c45b8c06dd00d SHA512 65a0eb674b804309417d736b3ec9edb9c9bf39485593d81f352ee847662f5a95b3d5084fab21451e3510d74e4e2ee8f9cf4e8615d1128b6e16d5c211481481db
DIST xz-5.6.4.tar.gz 2280985 BLAKE2B 3d27c143f4856589d501bc47ff5c86c1c49b1d0b8c8fd2143bcbfe86b860ca93f6a103f628e06ce5c2839ce1941cecc7552d91b1aac5c11def40fd9182d93eee SHA512 b966950eb9206e31f284c9dc3bb0a79f2fabbaf515e88c89da53d3da41ddfeebd2fc6d3d3f8fcd150c70caaaefa43dec0bce84aa183e08bf339d1aebbe041751
DIST xz-5.6.4.tar.gz.sig 566 BLAKE2B 475b576431f573b9ce390ae2c43fc4f307f00ef523a741ec6795f182f5ff2c30f2049b1b4d2a3a7e61769bb7dc568de0f5af89661cb09341a58bbcdcdda3c877 SHA512 1ece59b7a540f6d215206ced14759aa971f192433705f8803b6ad8db0857e246145300c853cb571d8750b8152483d13736c478a7c0abb40d7ed25305d80a841c
DIST xz-5.7.1alpha.tar.gz 2334409 BLAKE2B 98e98ebde9175fe8b135fa59f8e8acff1b8c6278f75a3ea997ebbe9aac25cb1a6a1f1bde163af4788ca0532bc270fe5baaf6cd89ba4c81ed3e3f7a6f08e741eb SHA512 40349652f3903e1d37e1cdc0b0b6f5479db0bc5bcbdc371f34b7cf7de730b1781748e1a6cad3dcc9e721243a0bd6f1c062a5ae54e966d23ff80ae0f0c9371246
DIST xz-5.7.1alpha.tar.gz.sig 566 BLAKE2B 33c23b3aace6856f67b927d2f5b46f60f1e96eedde6a7e2cf5085e44b96da6503a8c38d5977a1dd7b068d9cb9ae652d457e9344eb40b482979d810afeb38f888 SHA512 f3fce937be1753b94110f2cf8ea1da52905133f8a62f9b2f91f6b5c91d2400ae63e000b392a0b992cd16495227077c0f26f1e36349b048e84a6bb8d3e618fd28

4
sdk_container/src/third_party/portage-stable/app-arch/xz-utils/xz-utils-5.6.3.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2024 Gentoo Authors
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# Remember: we cannot leverage autotools in this ebuild in order
@ -35,7 +35,7 @@ else
"
if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
fi
S="${WORKDIR}/${MY_P}"

203
sdk_container/src/third_party/portage-stable/app-arch/xz-utils/xz-utils-5.6.4.ebuild vendored Normal file
View File

@ -0,0 +1,203 @@
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# Remember: we cannot leverage autotools in this ebuild in order
# to avoid circular deps with autotools
EAPI=8
inherit libtool multilib multilib-minimal preserve-libs toolchain-funcs
if [[ ${PV} == 9999 ]] ; then
# Per tukaani.org, git.tukaani.org is a mirror of github and
# may be behind.
EGIT_REPO_URI="
https://github.com/tukaani-project/xz
https://git.tukaani.org/xz.git
"
inherit git-r3 autotools
# bug #272880 and bug #286068
BDEPEND="sys-devel/gettext >=dev-build/libtool-2"
else
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/lassecollin.asc
inherit verify-sig
MY_P="${PN/-utils}-${PV/_}"
SRC_URI="
https://github.com/tukaani-project/xz/releases/download/v${PV/_}/${MY_P}.tar.gz
https://downloads.sourceforge.net/lzmautils/${MY_P}.tar.gz
https://tukaani.org/xz/${MY_P}.tar.gz
verify-sig? (
https://github.com/tukaani-project/xz/releases/download/v${PV/_}/${MY_P}.tar.gz.sig
https://tukaani.org/xz/${MY_P}.tar.gz.sig
)
"
if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
fi
S="${WORKDIR}/${MY_P}"
fi
DESCRIPTION="Utils for managing LZMA compressed files"
HOMEPAGE="https://tukaani.org/xz/"
# See top-level COPYING file as it outlines the various pieces and their licenses.
LICENSE="0BSD LGPL-2.1+ GPL-2+ doc? ( CC-BY-SA-4.0 )"
SLOT="0"
IUSE="cpu_flags_arm_crc32 doc +extra-filters pgo nls static-libs"
if [[ ${PV} != 9999 ]] ; then
BDEPEND+=" verify-sig? ( >=sec-keys/openpgp-keys-lassecollin-20240529 )"
fi
src_prepare() {
default
if [[ ${PV} == 9999 ]] ; then
eautopoint
eautoreconf
else
# Allow building shared libs on Solaris/x64
elibtoolize
fi
}
multilib_src_configure() {
# Workaround for bug #934370 (libtool-2.5.0), drop when dist tarball
# uses newer libtool with the fix.
export ac_cv_prog_ac_ct_FILECMD='file' FILECMD='file'
local myconf=(
--enable-threads
$(multilib_native_use_enable doc)
$(use_enable nls)
$(use_enable static-libs static)
$(use_enable cpu_flags_arm_crc32 arm64-crc32)
)
if ! multilib_is_native_abi ; then
myconf+=(
--disable-{xz,xzdec,lzmadec,lzmainfo,lzma-links,scripts}
)
fi
if ! use extra-filters ; then
myconf+=(
# LZMA1 + LZMA2 for standard .lzma & .xz files
--enable-encoders=lzma1,lzma2
--enable-decoders=lzma1,lzma2
# those are used by default, depending on preset
--enable-match-finders=hc3,hc4,bt4
# CRC64 is used by default, though 7-Zip uses CRC32 by default.
# Also, XZ Embedded in Linux doesn't support CRC64, so
# kernel modules and friends are CRC32.
--enable-checks=crc32,crc64
)
fi
if [[ ${CHOST} == *-solaris* ]] ; then
export gl_cv_posix_shell="${EPREFIX}"/bin/sh
# Undo Solaris-based defaults pointing to /usr/xpg4/bin
myconf+=( --disable-path-for-script )
fi
ECONF_SOURCE="${S}" econf "${myconf[@]}"
}
multilib_src_compile() {
local pgo_generate_flags=$(usev pgo "-fprofile-update=atomic -fprofile-dir=${T}/${ABI}-pgo -fprofile-generate=${T}/${ABI}-pgo")
local pgo_use_flags=$(usev pgo "-fprofile-use=${T}/${ABI}-pgo -fprofile-dir=${T}/${ABI}-pgo")
emake CFLAGS="${CFLAGS} ${pgo_generate_flags}"
if use pgo ; then
emake CFLAGS="${CFLAGS} ${pgo_generate_flags}" -k check
local tar_pgo_args=()
if has_version -b "app-alternatives/tar[gnu]" ; then
tar_pgo_args+=(
--mtime=@2718281828
--sort=name
)
fi
if multilib_is_native_abi ; then
(
shopt -s globstar
tar \
"${tar_pgo_args[@]}" \
-cf xz-pgo-test-01.tar \
{"${S}","${BUILD_DIR}"}/**/*.[cho] \
{"${S}","${BUILD_DIR}"}/**/.libs/* \
{"${S}","${BUILD_DIR}"}/**/**.txt \
{"${S}","${BUILD_DIR}"}/tests/files
stat --printf="xz-pgo-test-01.tar.tar size: %s\n" xz-pgo-test-01.tar || die
md5sum xz-pgo-test-01.tar || die
)
local test_variants=(
# Borrowed from ALT Linux
# https://packages.altlinux.org/en/sisyphus/srpms/xz/specfiles/#line-80
'-0 -C none'
'-2 -C crc32'
"$(usev extra-filters '-6 --arm --lzma2 -C crc64')"
"$(usev extra-filters '-6 --x86 --lzma2=lc=4 -C sha256')"
'-7e --format=lzma'
# Our own variants
''
'-e'
"$(usev extra-filters '--x86 --lzma2=preset=6e')"
)
local test_variant
for test_variant in "${test_variants[@]}" ; do
einfo "Testing '${test_variant}' variant"
"${BUILD_DIR}"/src/xz/xz -c ${test_variant} xz-pgo-test-01.tar | "${BUILD_DIR}"/src/xz/xz -c -d - > /dev/null
assert "Testing '${test_variant}' variant failed"
done
fi
if tc-is-clang; then
llvm-profdata merge "${T}"/${ABI}-pgo --output="${T}"/${ABI}-pgo/default.profdata || die
fi
emake clean
emake CFLAGS="${CFLAGS} ${pgo_use_flags}"
fi
}
multilib_src_install() {
default
# bug #934370 and bug #450436 (and bug #934515)
if ! tc-is-static-only && [[ ! -f "${ED}/usr/$(get_libdir)/liblzma$(get_libname)" ]] ; then
eerror "Sanity check for liblzma$(get_libname) failed."
eerror "Shared library wasn't built, possible libtool bug"
[[ -z ${I_KNOW_WHAT_I_AM_DOING} ]] && die "liblzma$(get_libname) not found in build, aborting"
fi
}
multilib_src_install_all() {
find "${ED}" -type f -name '*.la' -delete || die
if use doc ; then
rm "${ED}"/usr/share/doc/${PF}/COPYING* || die
fi
}
pkg_preinst() {
preserve_old_lib /usr/$(get_libdir)/liblzma$(get_libname 0)
}
pkg_postinst() {
preserve_old_lib_notify /usr/$(get_libdir)/liblzma$(get_libname 0)
}

203
sdk_container/src/third_party/portage-stable/app-arch/xz-utils/xz-utils-5.7.1_alpha.ebuild vendored Normal file
View File

@ -0,0 +1,203 @@
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# Remember: we cannot leverage autotools in this ebuild in order
# to avoid circular deps with autotools
EAPI=8
inherit libtool multilib multilib-minimal preserve-libs toolchain-funcs
if [[ ${PV} == 9999 ]] ; then
# Per tukaani.org, git.tukaani.org is a mirror of github and
# may be behind.
EGIT_REPO_URI="
https://github.com/tukaani-project/xz
https://git.tukaani.org/xz.git
"
inherit git-r3 autotools
# bug #272880 and bug #286068
BDEPEND="sys-devel/gettext >=dev-build/libtool-2"
else
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/lassecollin.asc
inherit verify-sig
MY_P="${PN/-utils}-${PV/_}"
SRC_URI="
https://github.com/tukaani-project/xz/releases/download/v${PV/_}/${MY_P}.tar.gz
https://downloads.sourceforge.net/lzmautils/${MY_P}.tar.gz
https://tukaani.org/xz/${MY_P}.tar.gz
verify-sig? (
https://github.com/tukaani-project/xz/releases/download/v${PV/_}/${MY_P}.tar.gz.sig
https://tukaani.org/xz/${MY_P}.tar.gz.sig
)
"
if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
fi
S="${WORKDIR}/${MY_P}"
fi
DESCRIPTION="Utils for managing LZMA compressed files"
HOMEPAGE="https://tukaani.org/xz/"
# See top-level COPYING file as it outlines the various pieces and their licenses.
LICENSE="0BSD LGPL-2.1+ GPL-2+ doc? ( CC-BY-SA-4.0 )"
SLOT="0"
IUSE="cpu_flags_arm_crc32 doc +extra-filters pgo nls static-libs"
if [[ ${PV} != 9999 ]] ; then
BDEPEND+=" verify-sig? ( >=sec-keys/openpgp-keys-lassecollin-20240529 )"
fi
src_prepare() {
default
if [[ ${PV} == 9999 ]] ; then
eautopoint
eautoreconf
else
# Allow building shared libs on Solaris/x64
elibtoolize
fi
}
multilib_src_configure() {
# Workaround for bug #934370 (libtool-2.5.0), drop when dist tarball
# uses newer libtool with the fix.
export ac_cv_prog_ac_ct_FILECMD='file' FILECMD='file'
local myconf=(
--enable-threads
$(multilib_native_use_enable doc)
$(use_enable nls)
$(use_enable static-libs static)
$(use_enable cpu_flags_arm_crc32 arm64-crc32)
)
if ! multilib_is_native_abi ; then
myconf+=(
--disable-{xz,xzdec,lzmadec,lzmainfo,lzma-links,scripts}
)
fi
if ! use extra-filters ; then
myconf+=(
# LZMA1 + LZMA2 for standard .lzma & .xz files
--enable-encoders=lzma1,lzma2
--enable-decoders=lzma1,lzma2
# those are used by default, depending on preset
--enable-match-finders=hc3,hc4,bt4
# CRC64 is used by default, though 7-Zip uses CRC32 by default.
# Also, XZ Embedded in Linux doesn't support CRC64, so
# kernel modules and friends are CRC32.
--enable-checks=crc32,crc64
)
fi
if [[ ${CHOST} == *-solaris* ]] ; then
export gl_cv_posix_shell="${EPREFIX}"/bin/sh
# Undo Solaris-based defaults pointing to /usr/xpg4/bin
myconf+=( --disable-path-for-script )
fi
ECONF_SOURCE="${S}" econf "${myconf[@]}"
}
multilib_src_compile() {
local pgo_generate_flags=$(usev pgo "-fprofile-update=atomic -fprofile-dir=${T}/${ABI}-pgo -fprofile-generate=${T}/${ABI}-pgo")
local pgo_use_flags=$(usev pgo "-fprofile-use=${T}/${ABI}-pgo -fprofile-dir=${T}/${ABI}-pgo")
emake CFLAGS="${CFLAGS} ${pgo_generate_flags}"
if use pgo ; then
emake CFLAGS="${CFLAGS} ${pgo_generate_flags}" -k check
local tar_pgo_args=()
if has_version -b "app-alternatives/tar[gnu]" ; then
tar_pgo_args+=(
--mtime=@2718281828
--sort=name
)
fi
if multilib_is_native_abi ; then
(
shopt -s globstar
tar \
"${tar_pgo_args[@]}" \
-cf xz-pgo-test-01.tar \
{"${S}","${BUILD_DIR}"}/**/*.[cho] \
{"${S}","${BUILD_DIR}"}/**/.libs/* \
{"${S}","${BUILD_DIR}"}/**/**.txt \
{"${S}","${BUILD_DIR}"}/tests/files
stat --printf="xz-pgo-test-01.tar.tar size: %s\n" xz-pgo-test-01.tar || die
md5sum xz-pgo-test-01.tar || die
)
local test_variants=(
# Borrowed from ALT Linux
# https://packages.altlinux.org/en/sisyphus/srpms/xz/specfiles/#line-80
'-0 -C none'
'-2 -C crc32'
"$(usev extra-filters '-6 --arm --lzma2 -C crc64')"
"$(usev extra-filters '-6 --x86 --lzma2=lc=4 -C sha256')"
'-7e --format=lzma'
# Our own variants
''
'-e'
"$(usev extra-filters '--x86 --lzma2=preset=6e')"
)
local test_variant
for test_variant in "${test_variants[@]}" ; do
einfo "Testing '${test_variant}' variant"
"${BUILD_DIR}"/src/xz/xz -c ${test_variant} xz-pgo-test-01.tar | "${BUILD_DIR}"/src/xz/xz -c -d - > /dev/null
assert "Testing '${test_variant}' variant failed"
done
fi
if tc-is-clang; then
llvm-profdata merge "${T}"/${ABI}-pgo --output="${T}"/${ABI}-pgo/default.profdata || die
fi
emake clean
emake CFLAGS="${CFLAGS} ${pgo_use_flags}"
fi
}
multilib_src_install() {
default
# bug #934370 and bug #450436 (and bug #934515)
if ! tc-is-static-only && [[ ! -f "${ED}/usr/$(get_libdir)/liblzma$(get_libname)" ]] ; then
eerror "Sanity check for liblzma$(get_libname) failed."
eerror "Shared library wasn't built, possible libtool bug"
[[ -z ${I_KNOW_WHAT_I_AM_DOING} ]] && die "liblzma$(get_libname) not found in build, aborting"
fi
}
multilib_src_install_all() {
find "${ED}" -type f -name '*.la' -delete || die
if use doc ; then
rm "${ED}"/usr/share/doc/${PF}/COPYING* || die
fi
}
pkg_preinst() {
preserve_old_lib /usr/$(get_libdir)/liblzma$(get_libname 0)
}
pkg_postinst() {
preserve_old_lib_notify /usr/$(get_libdir)/liblzma$(get_libname 0)
}

2
sdk_container/src/third_party/portage-stable/app-containers/containerd/Manifest vendored Normal file
View File

@ -0,0 +1,2 @@
DIST containerd-2.0.1.tar.gz 10423945 BLAKE2B 7f77678557bf649c71475d3ff08a57579b8959ef19a5f8fc1c27b8e8eacea01572d44d3f6dff1f53b72c1b7cf153413a5152391a78b0d5bd624a4c5267381144 SHA512 7875eee0fb274545acb4d62f5bca808105580177db6007e59164fd57830ea3e8ab646b8e227027016bf8dd4816341d38a620bfef48bb0fd83de006b1a91826b7
DIST containerd-2.0.2.tar.gz 10379986 BLAKE2B aee39f749f056965b899f6525bebe00d46b72b6c437efbd01ed890c5ae9c5d812464bc6d10e32aea20fd0c6df00d98cd30502dd73f9a27b0d8d143a5542976d9 SHA512 86eb24acfa5d4d87ae396f8888e2484693823fad897a29f1a5ada78e2318640927cfcff1e85415bfd6c66f5417e582203eb94976d52e3dd373997e6e2cbae354

18
sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-1.7.1-r1.ebuild → sdk_container/src/third_party/portage-stable/app-containers/containerd/containerd-2.0.1.ebuild vendored
View File

@ -1,9 +1,9 @@
# Copyright 2022-2023 Gentoo Authors
# Copyright 2022-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit go-module systemd
GIT_REVISION=2806fc1057397dbaeefbea0e4e17bddfbd388f38
GIT_REVISION=88aa2f531d6c2922003cc7929e51daf1c14caa0a
DESCRIPTION="A daemon to control runC"
HOMEPAGE="https://containerd.io/"
@ -14,15 +14,19 @@ SLOT="0"
KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86"
IUSE="apparmor btrfs device-mapper +cri hardened +seccomp selinux test"
DEPEND="
COMMON_DEPEND="
btrfs? ( sys-fs/btrfs-progs )
seccomp? ( sys-libs/libseccomp )
"
# recommended version of runc is found in script/setup/runc-version
DEPEND="
${COMMON_DEPEND}
"
# recommended minimum version of runc is found in script/setup/runc-version
RDEPEND="
${DEPEND}
~app-containers/runc-1.1.7[apparmor?,seccomp?]
${COMMON_DEPEND}
>=app-containers/runc-1.2.1[apparmor?,seccomp?]
"
BDEPEND="
@ -69,7 +73,7 @@ src_compile() {
}
src_install() {
rm "${D}"/bin/gen-manpages
rm bin/gen-manpages || die
dobin bin/*
doman man/*
newconfd "${FILESDIR}"/${PN}.confd "${PN}"

18
sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-1.7.23.ebuild → sdk_container/src/third_party/portage-stable/app-containers/containerd/containerd-2.0.2.ebuild vendored
View File

@ -1,9 +1,9 @@
# Copyright 2022-2023 Gentoo Authors
# Copyright 2022-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit go-module systemd
GIT_REVISION=9b2ad7760328148397346d10c7b2004271249db4
GIT_REVISION=c507a0257ea6462fbd6f5ba4f5c74facb04021f4
DESCRIPTION="A daemon to control runC"
HOMEPAGE="https://containerd.io/"
@ -14,15 +14,19 @@ SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
IUSE="apparmor btrfs device-mapper +cri hardened +seccomp selinux test"
DEPEND="
COMMON_DEPEND="
btrfs? ( sys-fs/btrfs-progs )
seccomp? ( sys-libs/libseccomp )
"
# recommended version of runc is found in script/setup/runc-version
DEPEND="
${COMMON_DEPEND}
"
# recommended minimum version of runc is found in script/setup/runc-version
RDEPEND="
${DEPEND}
~app-containers/runc-1.1.14[apparmor?,seccomp?]
${COMMON_DEPEND}
>=app-containers/runc-1.2.4[apparmor?,seccomp?]
"
BDEPEND="
@ -69,7 +73,7 @@ src_compile() {
}
src_install() {
rm "${D}"/bin/gen-manpages
rm bin/gen-manpages || die
dobin bin/*
doman man/*
newconfd "${FILESDIR}"/${PN}.confd "${PN}"

0
sdk_container/src/third_party/coreos-overlay/app-containers/containerd/files/containerd.confd → sdk_container/src/third_party/portage-stable/app-containers/containerd/files/containerd.confd vendored
View File

0
sdk_container/src/third_party/coreos-overlay/app-containers/containerd/files/containerd.initd → sdk_container/src/third_party/portage-stable/app-containers/containerd/files/containerd.initd vendored
View File

4
sdk_container/src/third_party/coreos-overlay/app-containers/containerd/metadata.xml → sdk_container/src/third_party/portage-stable/app-containers/containerd/metadata.xml vendored
View File

@ -12,10 +12,6 @@
<email>williamh@gentoo.org</email>
<name>William Hubbs</name>
</maintainer>
<maintainer type="person">
<email>gyakovlev@gentoo.org</email>
<name>Georgy Yakovlev</name>
</maintainer>
<use>
<flag name="btrfs">Support for BTRFS snapshot driver</flag>
<flag name="cri">Support for Kubernetes CRI</flag>

100
sdk_container/src/third_party/portage-stable/app-containers/containers-image/files/moving-policy-json-default-yaml.patch vendored
View File

@ -1,100 +0,0 @@
From 45441676e34e6410ae8af6dbb46b6161c5c81a7c Mon Sep 17 00:00:00 2001
From: Rahil Bhimjiani <me@rahil.website>
Date: Thu, 7 Dec 2023 14:12:26 +0530
Subject: [PATCH] Moving policy.json and default.yaml from containers/skopeo
It makes more sense to keep these 2 files along with their man
pages...in c/image
https://github.com/containers/common/pull/1757
Signed-off-by: Rahil Bhimjiani <me@rahil.website>
---
Makefile | 11 +++++++++++
default-policy.json | 14 ++++++++++++++
default.yaml | 27 +++++++++++++++++++++++++++
3 files changed, 52 insertions(+)
create mode 100644 default-policy.json
create mode 100644 default.yaml
diff --git a/Makefile b/Makefile
index f329ef083..5e9799b19 100644
--- a/Makefile
+++ b/Makefile
@@ -24,6 +24,13 @@ GOMD2MAN ?= $(shell command -v go-md2man || echo '$(GOBIN)/go-md2man')
MANPAGES_MD = $(wildcard docs/*.5.md)
MANPAGES ?= $(MANPAGES_MD:%.md=%)
+ifeq ($(shell uname -s),FreeBSD)
+CONTAINERSCONFDIR ?= /usr/local/etc/containers
+else
+CONTAINERSCONFDIR ?= /etc/containers
+endif
+REGISTRIESDDIR ?= ${CONTAINERSCONFDIR}/registries.d
+
# N/B: This value is managed by Renovate, manual changes are
# possible, as long as they don't disturb the formatting
# (i.e. DO NOT ADD A 'v' prefix!)
@@ -46,6 +53,10 @@ install-docs: docs
install -m 644 docs/*.5 ${MANINSTALLDIR}/man5/
install: install-docs
+ install -d -m 755 ${DESTDIR}${CONTAINERSCONFDIR}
+ install -m 644 default-policy.json ${DESTDIR}${CONTAINERSCONFDIR}/policy.json
+ install -d -m 755 ${DESTDIR}${REGISTRIESDDIR}
+ install -m 644 default.yaml ${DESTDIR}${REGISTRIESDDIR}/default.yaml
cross:
GOOS=windows $(MAKE) build BUILDTAGS="$(BUILDTAGS) $(BUILD_TAGS_WINDOWS_CROSS)"
diff --git a/default-policy.json b/default-policy.json
new file mode 100644
index 000000000..dffc54a62
--- /dev/null
+++ b/default-policy.json
@@ -0,0 +1,14 @@
+{
+ "default": [
+ {
+ "type": "insecureAcceptAnything"
+ }
+ ],
+ "transports":
+ {
+ "docker-daemon":
+ {
+ "": [{"type":"insecureAcceptAnything"}]
+ }
+ }
+}
diff --git a/default.yaml b/default.yaml
new file mode 100644
index 000000000..9e892d760
--- /dev/null
+++ b/default.yaml
@@ -0,0 +1,27 @@
+# This is a default registries.d configuration file. You may
+# add to this file or create additional files in registries.d/.
+#
+# lookaside: for reading/writing simple signing signatures
+# lookaside-staging: for writing simple signing signatures, preferred over lookaside
+#
+# lookaside and lookaside-staging take a value of the following:
+# lookaside: {schema}://location
+#
+# For reading signatures, schema may be http, https, or file.
+# For writing signatures, schema may only be file.
+
+# The default locations are built-in, for both reading and writing:
+# /var/lib/containers/sigstore for root, or
+# ~/.local/share/containers/sigstore for non-root users.
+default-docker:
+# lookaside: https://…
+# lookaside-staging: file:///…
+
+# The 'docker' indicator here is the start of the configuration
+# for docker registries.
+#
+# docker:
+#
+# privateregistry.com:
+# lookaside: https://privateregistry.com/sigstore/
+# lookaside-staging: /mnt/nfs/privateregistry/sigstore

10
sdk_container/src/third_party/portage-stable/app-containers/containers-image/files/prevent-downloading-mods-5.29.2.patch vendored
View File

@ -1,10 +0,0 @@
--- a/Makefile
+++ b/Makefile
@@ -15,7 +15,6 @@
BUILDTAGS = btrfs_noversion libdm_no_deferred_remove
BUILDFLAGS := -tags "$(BUILDTAGS)"
-PACKAGES := $(shell GO111MODULE=on go list $(BUILDFLAGS) ./...)
SOURCE_DIRS = $(shell echo $(PACKAGES) | awk 'BEGIN{FS="/"; RS=" "}{print $$4}' | uniq)
PREFIX ?= ${DESTDIR}/usr

4
sdk_container/src/third_party/portage-stable/app-containers/cri-tools/cri-tools-1.32.0.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 2021-2024 Gentoo Authors
# Copyright 2021-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@ -11,7 +11,7 @@ SRC_URI="https://github.com/kubernetes-sigs/cri-tools/archive/v${PV}.tar.gz -> $
LICENSE="Apache-2.0 BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0"
SLOT="0"
KEYWORDS="~amd64 ~arm64"
KEYWORDS="amd64 ~arm64"
RESTRICT="test"
DOCS=( docs {README,RELEASE,CHANGELOG,CONTRIBUTING}.md )

32
sdk_container/src/third_party/portage-stable/app-containers/crun/files/crun-1.11.2-caps.patch vendored
View File

@ -1,32 +0,0 @@
From 767ba88ef363115e80e077ce312f89f20488da01 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20G=C3=BCnzler?= <r@gnzler.io>
Date: Thu, 9 Nov 2023 14:16:08 +0100
Subject: [PATCH] Fix build without libcap
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The work to support features introduced another point of dependency on
libcap that previously wasn't guarded by ifdefs
Refs: https://github.com/containers/crun/pull/1237
Signed-off-by: Robert Günzler <r@gnzler.io>
---
src/libcrun/container.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/libcrun/container.c b/src/libcrun/container.c
index ed0fa29bb..7be1713ab 100644
--- a/src/libcrun/container.c
+++ b/src/libcrun/container.c
@@ -3925,8 +3925,10 @@ libcrun_container_get_features (libcrun_context_t *context, struct features_info
// Populate namespaces
populate_array_field (&((*info)->linux.namespaces), namespaces, num_namspaces);
+#ifdef HAVE_CAP
// Populate capabilities
populate_capabilities (*info, &capabilities, &num_capabilities);
+#endif
// Hardcode the values for cgroup
(*info)->linux.cgroup.v1 = true;

4
sdk_container/src/third_party/portage-stable/app-containers/docker-buildx/docker-buildx-0.19.1.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2024 Gentoo Authors
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@ -13,7 +13,7 @@ if [[ ${PV} == 9999 ]]; then
EGIT_REPO_URI="https://github.com/docker/buildx.git"
else
SRC_URI="https://github.com/docker/buildx/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz"
KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86"
S="${WORKDIR}/${MY_PN}-${PV}"
fi

10
sdk_container/src/third_party/portage-stable/app-containers/docker-cli/Manifest vendored
View File

@ -1,10 +1,4 @@
DIST docker-cli-26.1.0-man.tar.xz 79004 BLAKE2B 36dcf969c6567680990420d6d177101bf457f7fc1c24dff195ce8b478268335419fba5ff51a7b77bb8c0a6e0e6077d83ddb50f2ecf08bf069be89fc4849afd6e SHA512 36297ee3cbf096112ec41db2cd1d06796ddd27a57c4323e71a727e17d3930102710f643a77df9e68cd9b3294a6bb0fdf5565379e9fae7331e25afcd147b0084f
DIST docker-cli-26.1.0.tar.gz 7213165 BLAKE2B 302236467f2b6f3f46b0f0c75e89c2cef0cd251d36e12f78a67c906cfb85b842b998fd3b07f4a2dfc0a04825a9b105d90f11d176055ded397f2d4e9145639d5d SHA512 1a1e9af1a836765ffa91f7f2e1b27911e2b6b373c308a7db332a7cd1825459ab1c04a93d03c9947b631bead0af21d9f03e06c3a60855cc56ca7039e50e38ba87
DIST docker-cli-27.2.0-man.tar.xz 79052 BLAKE2B 019299b8cd0adbb1a3749f9aa37b1e38bf212b2c13eee81ae49f843bcc56ff3f41413e1021bebf5c88b4406d7928c2c40de026df861195aa2df79d9c724f8b87 SHA512 d61d6f9f9139f2d22268932d795a50e7b9b1ff993699ba87ca9353cb9908ac18c103a34ee9a486f3537988d6ba7317b05588cd84ff8327b86826ab7ed5023947
DIST docker-cli-27.2.0.tar.gz 7236608 BLAKE2B 828f002d83de47efad370e28df2f5e50f75da7952bf4fcbe30d3d66c9bc281ee99fab820f7bca002c8eb13fa29b7518e951974b62008e213662c1d384a286c0d SHA512 5dce9e974a96b2518a73d50a9421d12feeb9cc792bb89000f26e04a91fdddade2648dea39aa721e48c9b07bfc18f7a6676fb7e286ae779556753886ec45e86c3
DIST docker-cli-27.3.1-man.tar.xz 75056 BLAKE2B 791cd4fab7c36417cdfd3078bbbaff6a7e87a61908bbfd38fdfdb7fff6dfc6bac80ee351a54d5673f5c5e25180d4e0429b4b6d0a220cbea3880d568faa64dc96 SHA512 24a1f6aa923d8aa878c2007d49597e1384494b05bb0886f64b15e575fecf96941235f1f89c8731074e85f49dda5efec087d6759cb7622cb834461e76ebfb3fcd
DIST docker-cli-27.3.1.tar.gz 7225408 BLAKE2B 1c3d428b3e7d653b0a246ee51f9bea47eba5f2b80bbfb1915f31f57e420750a28e2615482058f4051c55c8b723d4935d2711dd4a4c423ec3a17932fd9363d13e SHA512 6e80e94a0e9e16aaf2b19bc97c99ead39184745f601aea94e47c066a19b6436850d5269962e0802e9f7fa9f7dcb357ec0756c9466afa2c0a6ae239d61ef15961
DIST docker-cli-27.4.0-man.tar.xz 75096 BLAKE2B bc3a6edfa83d506ba2cd9407506d7e3e60c57fe7bd319e08b50d559bfbce289b83a44440b1cf948f163b3b348787ae7a9e5e5e897f6ae113b60bc33407870ab3 SHA512 e2701a76ab028bc325183f52d96a2129f425a14c5c038411e928507c8e103638e9b376eb3192be9c8a99996fadf453d0205d1b64d92661a61df5feea6609e58d
DIST docker-cli-27.4.0.tar.gz 7270507 BLAKE2B 18ddd86952016fbf6d423812c28ab7983e55517d832dec278e7a0cef4af0790cba54ed74ba7ca60036116ff6170a6578f7eec24ca8c852ee6b8cea321c9d0ae9 SHA512 432ebf450b03f2e4ca6e7230bbb2b37d5c8372bc62bf3c4c24469d1015974231f9f5cadf949a2340fa1e8d3ba82c88cadae604a029141a9e037ee1fd6ff89355
DIST docker-cli-27.4.1-man.tar.xz 70252 BLAKE2B 3fbefe359b39cfb7eda125830dc6c8e9e49685a833f7f46b111e9e7c0ed4d0009ab5a6ccdd27a97a1885453a7e43ae4f557c63f9201fc2604d0146f20f14763c SHA512 ddd7017fb0d5193e6f7b39e67f047edf3c98e86f299d0a7ab318efc3fb8b712a71ee5ac933ccf33945f846e2b20d2b1efc7fa9fcbd12f9a56b9d519bec4bcee1
DIST docker-cli-27.4.1.tar.gz 7273057 BLAKE2B 3ebebe0e0918dd54d45c058c2922107fc2e82170c6e00540fde2c884c8f88945ceb5428fd5917014af5d35a554a0d9e83306d173ceea9c7461508b902f0023f8 SHA512 5880053d44e169b93fe50f3d4b13fa2f8f60de32a96f8ee2923a3291385532c1903027f0654a65a8eab51f29caf7b805857b491c0bfeee2e1983f822e579851e
DIST docker-cli-27.5.0-man.tar.xz 70224 BLAKE2B 4c2a4025721fbfbb63c24e20bdbc68f3a8b2d355d57060a86190ea30ec4dc1e01eae1265a3de6077c3952e1c9d859c1c28c707caccf07260f6dabe8bf3ef5439 SHA512 4450669971503665ca644899a657c587e86edaf4462ef47bd49b09da961111e8bc27a61caf8a8dbf9a617427bb2ebf92ab8d7adb6c4f33001383e590b59cfff3
DIST docker-cli-27.5.0.tar.gz 7462649 BLAKE2B 89ae65834c606d9ef4f8ebc9fee5052d3e12b8aa6d9f4df7c0415157b24a55e89d0758b4f5cf0e4f3f5b6ea2f9c46bfc010c604995cb5cf1d162c068ba679787 SHA512 3c7c709f38fffd4d4e134d2abd7e6dc606e1cba765d36924a53f9470d6077be2282983eb23995bd56d772da253a69a854fe3112fea1a7ed2c9a1b70d2cc45b57

72
sdk_container/src/third_party/portage-stable/app-containers/docker-cli/docker-cli-26.1.0.ebuild vendored
View File

@ -1,72 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
GIT_COMMIT=9714adc6c797755f63053726c56bc1c17c0c9204
EGO_PN="github.com/docker/cli"
MY_PV=${PV/_/-}
inherit bash-completion-r1 golang-vcs-snapshot
DESCRIPTION="the command line binary for docker"
HOMEPAGE="https://www.docker.com/"
SRC_URI="https://github.com/docker/cli/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
SRC_URI+=" https://dev.gentoo.org/~williamh/dist/${P}-man.tar.xz"
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="amd64 ~arm arm64 ~loong ppc64 ~riscv ~x86"
IUSE="hardened selinux"
RDEPEND="!<app-containers/docker-20.10.1
selinux? ( sec-policy/selinux-docker )"
BDEPEND="
>=dev-lang/go-1.16.6"
RESTRICT="installsources strip test"
S="${WORKDIR}/${P}/src/${EGO_PN}"
src_unpack() {
golang-vcs-snapshot_src_unpack
set -- ${A}
unpack ${2}
}
src_prepare() {
default
sed -i 's@dockerd\?\.exe@@g' contrib/completion/bash/docker || die
}
src_compile() {
export DISABLE_WARN_OUTSIDE_CONTAINER=1
export GOPATH="${WORKDIR}/${P}"
# setup CFLAGS and LDFLAGS for separate build target
# see https://github.com/tianon/docker-overlay/pull/10
CGO_CFLAGS+=" -I${ESYSROOT}/usr/include"
CGO_LDFLAGS+=" -L${ESYSROOT}/usr/$(get_libdir)"
emake \
LDFLAGS="$(usex hardened '-extldflags -fno-PIC' '')" \
VERSION="${PV}" \
GITCOMMIT="${GIT_COMMIT}" \
dynbinary
}
src_install() {
dobin build/docker
doman "${WORKDIR}"/man/man?/*
dobashcomp contrib/completion/bash/*
bashcomp_alias docker dockerd
insinto /usr/share/fish/vendor_completions.d/
doins contrib/completion/fish/docker.fish
insinto /usr/share/zsh/site-functions
doins contrib/completion/zsh/_*
}
pkg_postinst() {
has_version "app-containers/docker-buildx" && return
ewarn "the 'docker build' command is deprecated and will be removed in a"
ewarn "future release. If you need this functionality, install"
ewarn "app-containers/docker-buildx."
}

72
sdk_container/src/third_party/portage-stable/app-containers/docker-cli/docker-cli-27.3.1.ebuild vendored
View File

@ -1,72 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
GIT_COMMIT=ce1223035ac3ab8922717092e63a184cf67b493d
EGO_PN="github.com/docker/cli"
MY_PV=${PV/_/-}
inherit bash-completion-r1 golang-vcs-snapshot
DESCRIPTION="the command line binary for docker"
HOMEPAGE="https://www.docker.com/"
SRC_URI="https://github.com/docker/cli/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
SRC_URI+=" https://dev.gentoo.org/~williamh/dist/${P}-man.tar.xz"
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86"
IUSE="hardened selinux"
RDEPEND="!<app-containers/docker-20.10.1
selinux? ( sec-policy/selinux-docker )"
BDEPEND="
>=dev-lang/go-1.16.6"
RESTRICT="installsources strip test"
S="${WORKDIR}/${P}/src/${EGO_PN}"
src_unpack() {
golang-vcs-snapshot_src_unpack
set -- ${A}
unpack ${2}
}
src_prepare() {
default
sed -i 's@dockerd\?\.exe@@g' contrib/completion/bash/docker || die
}
src_compile() {
export DISABLE_WARN_OUTSIDE_CONTAINER=1
export GOPATH="${WORKDIR}/${P}"
# setup CFLAGS and LDFLAGS for separate build target
# see https://github.com/tianon/docker-overlay/pull/10
CGO_CFLAGS+=" -I${ESYSROOT}/usr/include"
CGO_LDFLAGS+=" -L${ESYSROOT}/usr/$(get_libdir)"
emake \
LDFLAGS="$(usex hardened '-extldflags -fno-PIC' '')" \
VERSION="${PV}" \
GITCOMMIT="${GIT_COMMIT}" \
dynbinary
}
src_install() {
dobin build/docker
doman "${WORKDIR}"/man/man?/*
dobashcomp contrib/completion/bash/*
bashcomp_alias docker dockerd
insinto /usr/share/fish/vendor_completions.d/
doins contrib/completion/fish/docker.fish
insinto /usr/share/zsh/site-functions
doins contrib/completion/zsh/_*
}
pkg_postinst() {
has_version "app-containers/docker-buildx" && return
ewarn "the 'docker build' command is deprecated and will be removed in a"
ewarn "future release. If you need this functionality, install"
ewarn "app-containers/docker-buildx."
}

72
sdk_container/src/third_party/portage-stable/app-containers/docker-cli/docker-cli-27.4.0.ebuild vendored
View File

@ -1,72 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
GIT_COMMIT=bde2b893136c1c7a2894386e4f8743089c89b041
EGO_PN="github.com/docker/cli"
MY_PV=${PV/_/-}
inherit bash-completion-r1 golang-vcs-snapshot
DESCRIPTION="the command line binary for docker"
HOMEPAGE="https://www.docker.com/"
SRC_URI="https://github.com/docker/cli/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
SRC_URI+=" https://dev.gentoo.org/~williamh/dist/${P}-man.tar.xz"
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86"
IUSE="hardened selinux"
RDEPEND="!<app-containers/docker-20.10.1
selinux? ( sec-policy/selinux-docker )"
BDEPEND="
>=dev-lang/go-1.16.6"
RESTRICT="installsources strip test"
S="${WORKDIR}/${P}/src/${EGO_PN}"
src_unpack() {
golang-vcs-snapshot_src_unpack
set -- ${A}
unpack ${2}
}
src_prepare() {
default
sed -i 's@dockerd\?\.exe@@g' contrib/completion/bash/docker || die
}
src_compile() {
export DISABLE_WARN_OUTSIDE_CONTAINER=1
export GOPATH="${WORKDIR}/${P}"
# setup CFLAGS and LDFLAGS for separate build target
# see https://github.com/tianon/docker-overlay/pull/10
CGO_CFLAGS+=" -I${ESYSROOT}/usr/include"
CGO_LDFLAGS+=" -L${ESYSROOT}/usr/$(get_libdir)"
emake \
LDFLAGS="$(usex hardened '-extldflags -fno-PIC' '')" \
VERSION="${PV}" \
GITCOMMIT="${GIT_COMMIT}" \
dynbinary
}
src_install() {
dobin build/docker
doman "${WORKDIR}"/man/man?/*
dobashcomp contrib/completion/bash/*
bashcomp_alias docker dockerd
insinto /usr/share/fish/vendor_completions.d/
doins contrib/completion/fish/docker.fish
insinto /usr/share/zsh/site-functions
doins contrib/completion/zsh/_*
}
pkg_postinst() {
has_version "app-containers/docker-buildx" && return
ewarn "the 'docker build' command is deprecated and will be removed in a"
ewarn "future release. If you need this functionality, install"
ewarn "app-containers/docker-buildx."
}

4
sdk_container/src/third_party/portage-stable/app-containers/docker-cli/docker-cli-27.4.1.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2024 Gentoo Authors
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@ -17,7 +17,7 @@ S="${WORKDIR}/cli-${PV}"
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86"
KEYWORDS="amd64 ~arm arm64 ~loong ppc64 ~riscv ~x86"
IUSE="hardened selinux"
RDEPEND="selinux? ( sec-policy/selinux-docker )"

30
sdk_container/src/third_party/portage-stable/app-containers/docker-cli/docker-cli-27.2.0.ebuild → sdk_container/src/third_party/portage-stable/app-containers/docker-cli/docker-cli-27.5.0.ebuild vendored
View File

@ -1,37 +1,34 @@
# Copyright 1999-2024 Gentoo Authors
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
EAPI=8
GIT_COMMIT=3ab42569583b58dbc6f167d842d5a3dd5972065f
EGO_PN="github.com/docker/cli"
inherit bash-completion-r1 go-module
MY_PV=${PV/_/-}
inherit bash-completion-r1 golang-vcs-snapshot
# update this on every bump
GIT_COMMIT=a187fa5d2d0d5f12db920734e425afc758e98ead
DESCRIPTION="the command line binary for docker"
HOMEPAGE="https://www.docker.com/"
SRC_URI="https://github.com/docker/cli/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
SRC_URI+=" https://dev.gentoo.org/~williamh/dist/${P}-man.tar.xz"
S="${WORKDIR}/cli-${PV}"
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86"
IUSE="hardened selinux"
RDEPEND="!<app-containers/docker-20.10.1
selinux? ( sec-policy/selinux-docker )"
BDEPEND="
>=dev-lang/go-1.16.6"
RDEPEND="selinux? ( sec-policy/selinux-docker )"
RESTRICT="installsources strip test"
S="${WORKDIR}/${P}/src/${EGO_PN}"
src_unpack() {
golang-vcs-snapshot_src_unpack
set -- ${A}
unpack ${2}
default
cd "${S}"
ln -s vendor.mod go.mod
ln -s vendor.sum go.sum
}
src_prepare() {
@ -41,7 +38,6 @@ src_prepare() {
src_compile() {
export DISABLE_WARN_OUTSIDE_CONTAINER=1
export GOPATH="${WORKDIR}/${P}"
# setup CFLAGS and LDFLAGS for separate build target
# see https://github.com/tianon/docker-overlay/pull/10
CGO_CFLAGS+=" -I${ESYSROOT}/usr/include"
@ -56,7 +52,7 @@ src_compile() {
src_install() {
dobin build/docker
doman "${WORKDIR}"/man/man?/*
dobashcomp contrib/completion/bash/*
dobashcomp contrib/completion/bash/docker
bashcomp_alias docker dockerd
insinto /usr/share/fish/vendor_completions.d/
doins contrib/completion/fish/docker.fish

5
sdk_container/src/third_party/portage-stable/app-containers/docker/Manifest vendored
View File

@ -1,5 +1,2 @@
DIST docker-26.1.0.tar.gz 16390376 BLAKE2B 6703e9b153c430bc28aed2e7de7bada0203353d61f0a2ce3d49ddbd017eab196a685dd1ab1e719a6b287813eb5fa4f2c612e2cf1ab95789d6e79ebe5dac7ace3 SHA512 47b6b9af9947016884614b6bc25977e1db281da95c9b8b34c753c21c664a737a893f9fa65d92cbb897735aae3893567e106e6bababb5507e069b1e0981e48d50
DIST docker-27.2.0.tar.gz 16689537 BLAKE2B faf0bae9f7da127d5b65b9989acd82dc726bc3f09ace502df151b9f03a84b6f1ec2a946d905263aaa7d2e7d7a3cd4ad1a09291dcfc6691e73cc9a8738f150d55 SHA512 97abaf56d2249c1514beacf17fc9096848b960846e064f1a9bd800a59762a1f1888b32e83b3e8289e23656496ca0293fea65931210d68faaa8a713aab6e48b65
DIST docker-27.3.1.tar.gz 16790553 BLAKE2B 64670eec5a957cb1a088047836fe5e906435f85a062178f52276bafa3df750207bfd02ebb8783e642a6817b2bfa9fb439e441d412e448eba0f3cf15869067d72 SHA512 0fddcc8314eed2e7b131af78f1fa01292cfc4fcb7fd0af94b79d5435349ab54a21b0a78cffbf29dd4c58747d8bcd1f47473cc5f5ab2596e133828b2e6540d172
DIST docker-27.4.0.tar.gz 16836980 BLAKE2B 9bea16a6177cf8c4f05f015bb241b51f7c96ca8813167a07d3b951e418f38aff09277f83772342bf326a5acb05c7c3a0659120d92d6d57df2e9f9fbba3006c79 SHA512 f684d6e91bf0a00247605ea88ea6421cc13b9152239b8f51eb640a568b43b3898ea6bcd22ef64a0e263d6e795362160473db849490672dd1fd39d174ad6f45a0
DIST docker-27.4.1.tar.gz 16837429 BLAKE2B da2e915944a0260619b1e036b43d40f5cbff66f07182153c0ae238ecbcecdfe2066473887882fdaaffa5ef29e2328211f1d07ba3a5239381f9e82d34d9da43fe SHA512 3d77708f7373c1b58b1c46428c2cfc9e8985076e494e40ab86709f37a686cf92b9e2c9db5aa34293f728bb7ccd6a7e08e0cbb1c6d20acfd025c4c787d5908dc0
DIST docker-27.5.0.tar.gz 17076981 BLAKE2B 20dfdb9fb3d594520f063352c28ccc7a936ec2dc0cd6d04737c2d8c78c54db024ac33fc986ddf06cbe4f496b27bd6e63cc3a2532f3c36b83cf8f9eca0dbae3a2 SHA512 89245805edebd7d43d5b47a38aba115239c20448fc10bce5a1605f99951a303ba360456a54815ffc5346cdd97ddd08657df1881c97f79066e9e2bd075af542da

322
sdk_container/src/third_party/portage-stable/app-containers/docker/docker-26.1.0-r1.ebuild vendored
View File

@ -1,322 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
EGO_PN=github.com/docker/docker
MY_PV=${PV/_/-}
inherit golang-vcs-snapshot linux-info systemd udev
GIT_COMMIT=061aa95809be396a6b5542618d8a34b02a21ff77
DESCRIPTION="The core functions you need to create Docker images and run Docker containers"
HOMEPAGE="https://www.docker.com/"
SRC_URI="https://github.com/moby/moby/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86"
IUSE="apparmor btrfs +container-init overlay seccomp selinux systemd"
DEPEND="
acct-group/docker
>=dev-db/sqlite-3.7.9:3
apparmor? ( sys-libs/libapparmor )
btrfs? ( >=sys-fs/btrfs-progs-3.16.1 )
seccomp? ( >=sys-libs/libseccomp-2.2.1 )
systemd? ( sys-apps/systemd )
"
# https://github.com/moby/moby/blob/master/project/PACKAGERS.md#runtime-dependencies
# https://github.com/moby/moby/blob/master/project/PACKAGERS.md#optional-dependencies
RDEPEND="
${DEPEND}
>=net-firewall/iptables-1.4
sys-process/procps
>=dev-vcs/git-1.7
>=app-arch/xz-utils-4.9
>=app-containers/containerd-1.7.15[apparmor?,btrfs?,seccomp?]
>=app-containers/runc-1.1.12[apparmor?,seccomp?]
!app-containers/docker-proxy
container-init? ( >=sys-process/tini-0.19.0[static] )
selinux? ( sec-policy/selinux-docker )
"
# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies
BDEPEND="
>=dev-lang/go-1.16.12
dev-go/go-md2man
virtual/pkgconfig
"
# tests require running dockerd as root and downloading containers
RESTRICT="installsources strip test"
S="${WORKDIR}/${P}/src/${EGO_PN}"
# https://bugs.gentoo.org/748984 https://github.com/etcd-io/etcd/pull/12552
PATCHES=(
"${FILESDIR}/0001-Openrc-Depend-on-containerd-init-script.patch"
"${FILESDIR}/docker-26.1.0-automagic-systemd.patch"
)
pkg_setup() {
# this is based on "contrib/check-config.sh" from upstream's sources
# required features.
CONFIG_CHECK="
~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS
~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG
~KEYS
~VETH ~BRIDGE ~BRIDGE_NETFILTER
~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE
~NETFILTER_XT_MATCH_ADDRTYPE
~NETFILTER_XT_MATCH_CONNTRACK
~NETFILTER_XT_MATCH_IPVS
~NETFILTER_XT_MARK
~IP_NF_NAT ~NF_NAT
~POSIX_MQUEUE
"
WARNING_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: is required for bind-mounting /dev/mqueue into containers"
if kernel_is lt 4 8; then
CONFIG_CHECK+="
~DEVPTS_MULTIPLE_INSTANCES
"
fi
if kernel_is le 5 1; then
CONFIG_CHECK+="
~NF_NAT_IPV4
"
fi
if kernel_is le 5 2; then
CONFIG_CHECK+="
~NF_NAT_NEEDED
"
fi
if kernel_is ge 4 15; then
CONFIG_CHECK+="
~CGROUP_BPF
"
fi
# optional features
CONFIG_CHECK+="
~USER_NS
"
if use seccomp; then
CONFIG_CHECK+="
~SECCOMP ~SECCOMP_FILTER
"
fi
CONFIG_CHECK+="
~CGROUP_PIDS
"
if kernel_is lt 6 1; then
CONFIG_CHECK+="
~MEMCG_SWAP
"
fi
if kernel_is le 5 8; then
CONFIG_CHECK+="
~MEMCG_SWAP_ENABLED
"
fi
CONFIG_CHECK+="
~!LEGACY_VSYSCALL_NATIVE
"
if kernel_is lt 5 19; then
CONFIG_CHECK+="
~LEGACY_VSYSCALL_EMULATE
"
fi
CONFIG_CHECK+="
~!LEGACY_VSYSCALL_NONE
"
WARNING_LEGACY_VSYSCALL_NONE="CONFIG_LEGACY_VSYSCALL_NONE enabled: \
Containers with <=glibc-2.13 will not work"
if kernel_is le 4 5; then
CONFIG_CHECK+="
~MEMCG_KMEM
"
fi
if kernel_is lt 5; then
CONFIG_CHECK+="
~IOSCHED_CFQ ~CFQ_GROUP_IOSCHED
"
fi
CONFIG_CHECK+="
~BLK_CGROUP ~BLK_DEV_THROTTLING
~CGROUP_PERF
~CGROUP_HUGETLB
~NET_CLS_CGROUP ~CGROUP_NET_PRIO
~CFS_BANDWIDTH ~FAIR_GROUP_SCHED
~IP_NF_TARGET_REDIRECT
~IP_VS
~IP_VS_NFCT
~IP_VS_PROTO_TCP
~IP_VS_PROTO_UDP
~IP_VS_RR
"
if use selinux; then
CONFIG_CHECK+="
~SECURITY_SELINUX
"
fi
if use apparmor; then
CONFIG_CHECK+="
~SECURITY_APPARMOR
"
fi
# if ! is_set EXT4_USE_FOR_EXT2; then
# check_flags EXT3_FS EXT3_FS_XATTR EXT3_FS_POSIX_ACL EXT3_FS_SECURITY
# if ! is_set EXT3_FS || ! is_set EXT3_FS_XATTR || ! is_set EXT3_FS_POSIX_ACL || ! is_set EXT3_FS_SECURITY; then
# echo " $(wrap_color '(enable these ext3 configs if you are using ext3 as backing filesystem)' bold black)"
# fi
# fi
CONFIG_CHECK+="
~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY
"
# if ! is_set EXT4_FS || ! is_set EXT4_FS_POSIX_ACL || ! is_set EXT4_FS_SECURITY; then
# if is_set EXT4_USE_FOR_EXT2; then
# echo " $(wrap_color 'enable these ext4 configs if you are using ext3 or ext4 as backing filesystem' bold black)"
# else
# echo " $(wrap_color 'enable these ext4 configs if you are using ext4 as backing filesystem' bold black)"
# fi
# fi
# network drivers
CONFIG_CHECK+="
~VXLAN ~BRIDGE_VLAN_FILTERING
~CRYPTO ~CRYPTO_AEAD ~CRYPTO_GCM ~CRYPTO_SEQIV ~CRYPTO_GHASH
~XFRM ~XFRM_USER ~XFRM_ALGO ~INET_ESP
"
if kernel_is le 5 3; then
CONFIG_CHECK+="
~INET_XFRM_MODE_TRANSPORT
"
fi
CONFIG_CHECK+="
~IPVLAN
"
CONFIG_CHECK+="
~MACVLAN ~DUMMY
"
CONFIG_CHECK+="
~NF_NAT_FTP ~NF_CONNTRACK_FTP ~NF_NAT_TFTP ~NF_CONNTRACK_TFTP
"
# storage drivers
if use btrfs; then
CONFIG_CHECK+="
~BTRFS_FS
~BTRFS_FS_POSIX_ACL
"
fi
CONFIG_CHECK+="
~OVERLAY_FS
"
linux-info_pkg_setup
}
src_compile() {
export DOCKER_GITCOMMIT="${GIT_COMMIT}"
export GOPATH="${WORKDIR}/${P}"
export VERSION=${PV}
tc-export PKG_CONFIG
# setup CFLAGS and LDFLAGS for separate build target
# see https://github.com/tianon/docker-overlay/pull/10
CGO_CFLAGS+=" -I${ESYSROOT}/usr/include"
CGO_LDFLAGS+=" -L${ESYSROOT}/usr/$(get_libdir)"
# let's set up some optional features :)
export DOCKER_BUILDTAGS=''
for gd in btrfs overlay; do
if ! use $gd; then
DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}"
fi
done
for tag in apparmor seccomp; do
if use $tag; then
DOCKER_BUILDTAGS+=" $tag"
fi
done
export SYSTEMD=$(usex systemd 1 0)
# build binaries
./hack/make.sh dynbinary || die 'dynbinary failed'
}
src_install() {
dosym containerd /usr/bin/docker-containerd
dosym containerd-shim /usr/bin/docker-containerd-shim
dosym runc /usr/bin/docker-runc
use container-init && dosym tini /usr/bin/docker-init
dobin bundles/dynbinary-daemon/dockerd
dobin bundles/dynbinary-daemon/docker-proxy
newinitd contrib/init/openrc/docker.initd docker
newconfd contrib/init/openrc/docker.confd docker
systemd_dounit contrib/init/systemd/docker.{service,socket}
udev_dorules contrib/udev/*.rules
dodoc AUTHORS CONTRIBUTING.md NOTICE README.md
dodoc -r docs/*
# note: intentionally not using "doins" so that we preserve +x bits
dodir /usr/share/${PN}/contrib
cp -R contrib/* "${ED}/usr/share/${PN}/contrib"
}
pkg_postinst() {
udev_reload
elog
elog "To use Docker, the Docker daemon must be running as root. To automatically"
elog "start the Docker daemon at boot:"
if systemd_is_booted || has_version sys-apps/systemd; then
elog " systemctl enable docker.service"
else
elog " rc-update add docker default"
fi
elog
elog "To use Docker as a non-root user, add yourself to the 'docker' group:"
elog ' usermod -aG docker <youruser>'
elog
if use overlay; then
elog " Overlay storage driver/USEflag has been deprecated"
elog " in favor of overlay2 (enabled unconditionally)"
elog
fi
if has_version sys-fs/zfs; then
elog " ZFS storage driver is available"
elog " Check https://docs.docker.com/storage/storagedriver/zfs-driver for more info"
elog
fi
}
pkg_postrm() {
udev_reload
}

323
sdk_container/src/third_party/portage-stable/app-containers/docker/docker-27.2.0.ebuild vendored
View File

@ -1,323 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
EGO_PN=github.com/docker/docker
MY_PV=${PV/_/-}
inherit golang-vcs-snapshot linux-info optfeature systemd udev
GIT_COMMIT=3ab5c7d0036ca8fc43141e83b167456ec79828aa
DESCRIPTION="The core functions you need to create Docker images and run Docker containers"
HOMEPAGE="https://www.docker.com/"
SRC_URI="https://github.com/moby/moby/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
IUSE="apparmor btrfs +container-init +overlay2 seccomp selinux systemd"
DEPEND="
acct-group/docker
>=dev-db/sqlite-3.7.9:3
apparmor? ( sys-libs/libapparmor )
btrfs? ( >=sys-fs/btrfs-progs-3.16.1 )
seccomp? ( >=sys-libs/libseccomp-2.2.1 )
systemd? ( sys-apps/systemd )
"
# https://github.com/moby/moby/blob/master/project/PACKAGERS.md#runtime-dependencies
# https://github.com/moby/moby/blob/master/project/PACKAGERS.md#optional-dependencies
RDEPEND="
${DEPEND}
>=net-firewall/iptables-1.4
sys-process/procps
>=dev-vcs/git-1.7
>=app-arch/xz-utils-4.9
>=app-containers/containerd-1.7.21[apparmor?,btrfs?,seccomp?]
>=app-containers/runc-1.1.13[apparmor?,seccomp?]
!app-containers/docker-proxy
container-init? ( >=sys-process/tini-0.19.0[static] )
selinux? ( sec-policy/selinux-docker )
"
# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies
BDEPEND="
>=dev-lang/go-1.16.12
dev-go/go-md2man
virtual/pkgconfig
"
# tests require running dockerd as root and downloading containers
RESTRICT="installsources strip test"
S="${WORKDIR}/${P}/src/${EGO_PN}"
# https://bugs.gentoo.org/748984 https://github.com/etcd-io/etcd/pull/12552
PATCHES=(
"${FILESDIR}/0001-Openrc-Depend-on-containerd-init-script.patch"
)
pkg_setup() {
# this is based on "contrib/check-config.sh" from upstream's sources
# required features.
CONFIG_CHECK="
~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS
~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG
~KEYS
~VETH ~BRIDGE ~BRIDGE_NETFILTER
~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE
~NETFILTER_XT_MATCH_ADDRTYPE
~NETFILTER_XT_MATCH_CONNTRACK
~NETFILTER_XT_MATCH_IPVS
~NETFILTER_XT_MARK
~IP_NF_NAT ~NF_NAT
~POSIX_MQUEUE
"
WARNING_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: is required for bind-mounting /dev/mqueue into containers"
if kernel_is lt 4 8; then
CONFIG_CHECK+="
~DEVPTS_MULTIPLE_INSTANCES
"
fi
if kernel_is le 5 1; then
CONFIG_CHECK+="
~NF_NAT_IPV4
"
fi
if kernel_is le 5 2; then
CONFIG_CHECK+="
~NF_NAT_NEEDED
"
fi
if kernel_is ge 4 15; then
CONFIG_CHECK+="
~CGROUP_BPF
"
fi
# optional features
CONFIG_CHECK+="
~USER_NS
"
if use seccomp; then
CONFIG_CHECK+="
~SECCOMP ~SECCOMP_FILTER
"
fi
CONFIG_CHECK+="
~CGROUP_PIDS
"
if kernel_is lt 6 1; then
CONFIG_CHECK+="
~MEMCG_SWAP
"
fi
if kernel_is le 5 8; then
CONFIG_CHECK+="
~MEMCG_SWAP_ENABLED
"
fi
CONFIG_CHECK+="
~!LEGACY_VSYSCALL_NATIVE
"
if kernel_is lt 5 19; then
CONFIG_CHECK+="
~LEGACY_VSYSCALL_EMULATE
"
fi
CONFIG_CHECK+="
~!LEGACY_VSYSCALL_NONE
"
WARNING_LEGACY_VSYSCALL_NONE="CONFIG_LEGACY_VSYSCALL_NONE enabled: \
Containers with <=glibc-2.13 will not work"
if kernel_is le 4 5; then
CONFIG_CHECK+="
~MEMCG_KMEM
"
fi
if kernel_is lt 5; then
CONFIG_CHECK+="
~IOSCHED_CFQ ~CFQ_GROUP_IOSCHED
"
fi
CONFIG_CHECK+="
~BLK_CGROUP ~BLK_DEV_THROTTLING
~CGROUP_PERF
~CGROUP_HUGETLB
~NET_CLS_CGROUP ~CGROUP_NET_PRIO
~CFS_BANDWIDTH ~FAIR_GROUP_SCHED
~IP_NF_TARGET_REDIRECT
~IP_VS
~IP_VS_NFCT
~IP_VS_PROTO_TCP
~IP_VS_PROTO_UDP
~IP_VS_RR
"
if use selinux; then
CONFIG_CHECK+="
~SECURITY_SELINUX
"
fi
if use apparmor; then
CONFIG_CHECK+="
~SECURITY_APPARMOR
"
fi
# if ! is_set EXT4_USE_FOR_EXT2; then
# check_flags EXT3_FS EXT3_FS_XATTR EXT3_FS_POSIX_ACL EXT3_FS_SECURITY
# if ! is_set EXT3_FS || ! is_set EXT3_FS_XATTR || ! is_set EXT3_FS_POSIX_ACL || ! is_set EXT3_FS_SECURITY; then
# echo " $(wrap_color '(enable these ext3 configs if you are using ext3 as backing filesystem)' bold black)"
# fi
# fi
CONFIG_CHECK+="
~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY
"
# if ! is_set EXT4_FS || ! is_set EXT4_FS_POSIX_ACL || ! is_set EXT4_FS_SECURITY; then
# if is_set EXT4_USE_FOR_EXT2; then
# echo " $(wrap_color 'enable these ext4 configs if you are using ext3 or ext4 as backing filesystem' bold black)"
# else
# echo " $(wrap_color 'enable these ext4 configs if you are using ext4 as backing filesystem' bold black)"
# fi
# fi
# network drivers
CONFIG_CHECK+="
~VXLAN ~BRIDGE_VLAN_FILTERING
~CRYPTO ~CRYPTO_AEAD ~CRYPTO_GCM ~CRYPTO_SEQIV ~CRYPTO_GHASH
~XFRM ~XFRM_USER ~XFRM_ALGO ~INET_ESP
"
if kernel_is le 5 3; then
CONFIG_CHECK+="
~INET_XFRM_MODE_TRANSPORT
"
fi
CONFIG_CHECK+="
~IPVLAN
"
CONFIG_CHECK+="
~MACVLAN ~DUMMY
"
CONFIG_CHECK+="
~NF_NAT_FTP ~NF_CONNTRACK_FTP ~NF_NAT_TFTP ~NF_CONNTRACK_TFTP
"
# storage drivers
if use btrfs; then
CONFIG_CHECK+="
~BTRFS_FS
~BTRFS_FS_POSIX_ACL
"
fi
CONFIG_CHECK+="
~OVERLAY_FS
"
linux-info_pkg_setup
}
src_compile() {
export DOCKER_GITCOMMIT="${GIT_COMMIT}"
export GOPATH="${WORKDIR}/${P}"
export VERSION=${PV}
tc-export PKG_CONFIG
# setup CFLAGS and LDFLAGS for separate build target
# see https://github.com/tianon/docker-overlay/pull/10
CGO_CFLAGS+=" -I${ESYSROOT}/usr/include"
CGO_LDFLAGS+=" -L${ESYSROOT}/usr/$(get_libdir)"
# let's set up some optional features :)
export DOCKER_BUILDTAGS=''
for gd in btrfs overlay2; do
if ! use $gd; then
DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}"
fi
done
for tag in apparmor seccomp; do
if use $tag; then
DOCKER_BUILDTAGS+=" $tag"
fi
done
export EXCLUDE_AUTO_BUILDTAG_JOURNALD=$(usex systemd '' 'y')
# build binaries
./hack/make.sh dynbinary || die 'dynbinary failed'
}
src_install() {
dosym containerd /usr/bin/docker-containerd
dosym containerd-shim /usr/bin/docker-containerd-shim
dosym runc /usr/bin/docker-runc
use container-init && dosym tini /usr/bin/docker-init
dobin bundles/dynbinary-daemon/dockerd
dobin bundles/dynbinary-daemon/docker-proxy
for f in dockerd-rootless-setuptool.sh dockerd-rootless.sh; do
dosym ../share/docker/contrib/${f} /usr/bin/${f}
done
newinitd contrib/init/openrc/docker.initd docker
newconfd contrib/init/openrc/docker.confd docker
systemd_dounit contrib/init/systemd/docker.{service,socket}
udev_dorules contrib/udev/*.rules
dodoc AUTHORS CONTRIBUTING.md NOTICE README.md
dodoc -r docs/*
# note: intentionally not using "doins" so that we preserve +x bits
dodir /usr/share/${PN}/contrib
cp -R contrib/* "${ED}/usr/share/${PN}/contrib"
}
pkg_postinst() {
udev_reload
elog
elog "To use Docker, the Docker daemon must be running as root. To automatically"
elog "start the Docker daemon at boot:"
if systemd_is_booted || has_version sys-apps/systemd; then
elog " systemctl enable docker.service"
else
elog " rc-update add docker default"
fi
elog
elog "To use Docker as a non-root user, add yourself to the 'docker' group:"
elog ' usermod -aG docker <youruser>'
elog
if has_version sys-fs/zfs; then
elog " ZFS storage driver is available"
elog " Check https://docs.docker.com/storage/storagedriver/zfs-driver for more info"
elog
fi
optfeature "rootless mode support" sys-apps/shadow
optfeature "rootless mode support" sys-apps/rootlesskit
optfeature_header "for rootless mode you also need a network stack"
optfeature "rootless mode network stack" app-containers/slirp4netns
}
pkg_postrm() {
udev_reload
}

319
sdk_container/src/third_party/portage-stable/app-containers/docker/docker-27.3.1.ebuild vendored
View File

@ -1,319 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
EGO_PN=github.com/docker/docker
MY_PV=${PV/_/-}
inherit golang-vcs-snapshot linux-info optfeature systemd udev
GIT_COMMIT=41ca978a0a5400cc24b274137efa9f25517fcc0b
DESCRIPTION="The core functions you need to create Docker images and run Docker containers"
HOMEPAGE="https://www.docker.com/"
SRC_URI="https://github.com/moby/moby/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
IUSE="apparmor btrfs +container-init +overlay2 seccomp selinux systemd"
DEPEND="
acct-group/docker
>=dev-db/sqlite-3.7.9:3
apparmor? ( sys-libs/libapparmor )
btrfs? ( >=sys-fs/btrfs-progs-3.16.1 )
seccomp? ( >=sys-libs/libseccomp-2.2.1 )
systemd? ( sys-apps/systemd )
"
# https://github.com/moby/moby/blob/master/project/PACKAGERS.md#runtime-dependencies
# https://github.com/moby/moby/blob/master/project/PACKAGERS.md#optional-dependencies
RDEPEND="
${DEPEND}
>=net-firewall/iptables-1.4
sys-process/procps
>=dev-vcs/git-1.7
>=app-arch/xz-utils-4.9
>=app-containers/containerd-1.7.22[apparmor?,btrfs?,seccomp?]
>=app-containers/runc-1.1.14[apparmor?,seccomp?]
!app-containers/docker-proxy
container-init? ( >=sys-process/tini-0.19.0[static] )
selinux? ( sec-policy/selinux-docker )
"
# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies
BDEPEND="
>=dev-lang/go-1.16.12
dev-go/go-md2man
virtual/pkgconfig
"
# tests require running dockerd as root and downloading containers
RESTRICT="installsources strip test"
S="${WORKDIR}/${P}/src/${EGO_PN}"
# https://bugs.gentoo.org/748984 https://github.com/etcd-io/etcd/pull/12552
pkg_setup() {
# this is based on "contrib/check-config.sh" from upstream's sources
# required features.
CONFIG_CHECK="
~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS
~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG
~KEYS
~VETH ~BRIDGE ~BRIDGE_NETFILTER
~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE
~NETFILTER_XT_MATCH_ADDRTYPE
~NETFILTER_XT_MATCH_CONNTRACK
~NETFILTER_XT_MATCH_IPVS
~NETFILTER_XT_MARK
~IP_NF_NAT ~NF_NAT
~POSIX_MQUEUE
"
WARNING_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: is required for bind-mounting /dev/mqueue into containers"
if kernel_is lt 4 8; then
CONFIG_CHECK+="
~DEVPTS_MULTIPLE_INSTANCES
"
fi
if kernel_is le 5 1; then
CONFIG_CHECK+="
~NF_NAT_IPV4
"
fi
if kernel_is le 5 2; then
CONFIG_CHECK+="
~NF_NAT_NEEDED
"
fi
if kernel_is ge 4 15; then
CONFIG_CHECK+="
~CGROUP_BPF
"
fi
# optional features
CONFIG_CHECK+="
~USER_NS
"
if use seccomp; then
CONFIG_CHECK+="
~SECCOMP ~SECCOMP_FILTER
"
fi
CONFIG_CHECK+="
~CGROUP_PIDS
"
if kernel_is lt 6 1; then
CONFIG_CHECK+="
~MEMCG_SWAP
"
fi
if kernel_is le 5 8; then
CONFIG_CHECK+="
~MEMCG_SWAP_ENABLED
"
fi
CONFIG_CHECK+="
~!LEGACY_VSYSCALL_NATIVE
"
if kernel_is lt 5 19; then
CONFIG_CHECK+="
~LEGACY_VSYSCALL_EMULATE
"
fi
CONFIG_CHECK+="
~!LEGACY_VSYSCALL_NONE
"
WARNING_LEGACY_VSYSCALL_NONE="CONFIG_LEGACY_VSYSCALL_NONE enabled: \
Containers with <=glibc-2.13 will not work"
if kernel_is le 4 5; then
CONFIG_CHECK+="
~MEMCG_KMEM
"
fi
if kernel_is lt 5; then
CONFIG_CHECK+="
~IOSCHED_CFQ ~CFQ_GROUP_IOSCHED
"
fi
CONFIG_CHECK+="
~BLK_CGROUP ~BLK_DEV_THROTTLING
~CGROUP_PERF
~CGROUP_HUGETLB
~NET_CLS_CGROUP ~CGROUP_NET_PRIO
~CFS_BANDWIDTH ~FAIR_GROUP_SCHED
~IP_NF_TARGET_REDIRECT
~IP_VS
~IP_VS_NFCT
~IP_VS_PROTO_TCP
~IP_VS_PROTO_UDP
~IP_VS_RR
"
if use selinux; then
CONFIG_CHECK+="
~SECURITY_SELINUX
"
fi
if use apparmor; then
CONFIG_CHECK+="
~SECURITY_APPARMOR
"
fi
# if ! is_set EXT4_USE_FOR_EXT2; then
# check_flags EXT3_FS EXT3_FS_XATTR EXT3_FS_POSIX_ACL EXT3_FS_SECURITY
# if ! is_set EXT3_FS || ! is_set EXT3_FS_XATTR || ! is_set EXT3_FS_POSIX_ACL || ! is_set EXT3_FS_SECURITY; then
# echo " $(wrap_color '(enable these ext3 configs if you are using ext3 as backing filesystem)' bold black)"
# fi
# fi
CONFIG_CHECK+="
~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY
"
# if ! is_set EXT4_FS || ! is_set EXT4_FS_POSIX_ACL || ! is_set EXT4_FS_SECURITY; then
# if is_set EXT4_USE_FOR_EXT2; then
# echo " $(wrap_color 'enable these ext4 configs if you are using ext3 or ext4 as backing filesystem' bold black)"
# else
# echo " $(wrap_color 'enable these ext4 configs if you are using ext4 as backing filesystem' bold black)"
# fi
# fi
# network drivers
CONFIG_CHECK+="
~VXLAN ~BRIDGE_VLAN_FILTERING
~CRYPTO ~CRYPTO_AEAD ~CRYPTO_GCM ~CRYPTO_SEQIV ~CRYPTO_GHASH
~XFRM ~XFRM_USER ~XFRM_ALGO ~INET_ESP
"
if kernel_is le 5 3; then
CONFIG_CHECK+="
~INET_XFRM_MODE_TRANSPORT
"
fi
CONFIG_CHECK+="
~IPVLAN
"
CONFIG_CHECK+="
~MACVLAN ~DUMMY
"
CONFIG_CHECK+="
~NF_NAT_FTP ~NF_CONNTRACK_FTP ~NF_NAT_TFTP ~NF_CONNTRACK_TFTP
"
# storage drivers
if use btrfs; then
CONFIG_CHECK+="
~BTRFS_FS
~BTRFS_FS_POSIX_ACL
"
fi
CONFIG_CHECK+="
~OVERLAY_FS
"
linux-info_pkg_setup
}
src_compile() {
export DOCKER_GITCOMMIT="${GIT_COMMIT}"
export GOPATH="${WORKDIR}/${P}"
export VERSION=${PV}
tc-export PKG_CONFIG
# setup CFLAGS and LDFLAGS for separate build target
# see https://github.com/tianon/docker-overlay/pull/10
CGO_CFLAGS+=" -I${ESYSROOT}/usr/include"
CGO_LDFLAGS+=" -L${ESYSROOT}/usr/$(get_libdir)"
# let's set up some optional features :)
export DOCKER_BUILDTAGS=''
for gd in btrfs overlay2; do
if ! use $gd; then
DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}"
fi
done
for tag in apparmor seccomp; do
if use $tag; then
DOCKER_BUILDTAGS+=" $tag"
fi
done
export EXCLUDE_AUTO_BUILDTAG_JOURNALD=$(usex systemd '' 'y')
# build binaries
./hack/make.sh dynbinary || die 'dynbinary failed'
}
src_install() {
dosym containerd /usr/bin/docker-containerd
dosym containerd-shim /usr/bin/docker-containerd-shim
dosym runc /usr/bin/docker-runc
use container-init && dosym tini /usr/bin/docker-init
dobin bundles/dynbinary-daemon/dockerd
dobin bundles/dynbinary-daemon/docker-proxy
for f in dockerd-rootless-setuptool.sh dockerd-rootless.sh; do
dosym ../share/docker/contrib/${f} /usr/bin/${f}
done
newinitd contrib/init/openrc/docker.initd docker
newconfd contrib/init/openrc/docker.confd docker
systemd_dounit contrib/init/systemd/docker.{service,socket}
udev_dorules contrib/udev/*.rules
dodoc AUTHORS CONTRIBUTING.md NOTICE README.md
dodoc -r docs/*
# note: intentionally not using "doins" so that we preserve +x bits
dodir /usr/share/${PN}/contrib
cp -R contrib/* "${ED}/usr/share/${PN}/contrib"
}
pkg_postinst() {
udev_reload
elog
elog "To use Docker, the Docker daemon must be running as root. To automatically"
elog "start the Docker daemon at boot:"
if systemd_is_booted || has_version sys-apps/systemd; then
elog " systemctl enable docker.service"
else
elog " rc-update add docker default"
fi
elog
elog "To use Docker as a non-root user, add yourself to the 'docker' group:"
elog ' usermod -aG docker <youruser>'
elog
if has_version sys-fs/zfs; then
elog " ZFS storage driver is available"
elog " Check https://docs.docker.com/storage/storagedriver/zfs-driver for more info"
elog
fi
optfeature "rootless mode support" sys-apps/shadow
optfeature "rootless mode support" sys-apps/rootlesskit
optfeature_header "for rootless mode you also need a network stack"
optfeature "rootless mode network stack" app-containers/slirp4netns
}
pkg_postrm() {
udev_reload
}

319
sdk_container/src/third_party/portage-stable/app-containers/docker/docker-27.4.0.ebuild vendored
View File

@ -1,319 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
EGO_PN=github.com/docker/docker
MY_PV=${PV/_/-}
inherit golang-vcs-snapshot linux-info optfeature systemd udev
GIT_COMMIT=92a83937d0280dcbea92099b01e01aa4251c1777
DESCRIPTION="The core functions you need to create Docker images and run Docker containers"
HOMEPAGE="https://www.docker.com/"
SRC_URI="https://github.com/moby/moby/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
IUSE="apparmor btrfs +container-init +overlay2 seccomp selinux systemd"
DEPEND="
acct-group/docker
>=dev-db/sqlite-3.7.9:3
apparmor? ( sys-libs/libapparmor )
btrfs? ( >=sys-fs/btrfs-progs-3.16.1 )
seccomp? ( >=sys-libs/libseccomp-2.2.1 )
systemd? ( sys-apps/systemd )
"
# https://github.com/moby/moby/blob/master/project/PACKAGERS.md#runtime-dependencies
# https://github.com/moby/moby/blob/master/project/PACKAGERS.md#optional-dependencies
RDEPEND="
${DEPEND}
>=net-firewall/iptables-1.4
sys-process/procps
>=dev-vcs/git-1.7
>=app-arch/xz-utils-4.9
>=app-containers/containerd-1.7.24[apparmor?,btrfs?,seccomp?]
>=app-containers/runc-1.2.2[apparmor?,seccomp?]
!app-containers/docker-proxy
container-init? ( >=sys-process/tini-0.19.0[static] )
selinux? ( sec-policy/selinux-docker )
"
# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies
BDEPEND="
>=dev-lang/go-1.16.12
dev-go/go-md2man
virtual/pkgconfig
"
# tests require running dockerd as root and downloading containers
RESTRICT="installsources strip test"
S="${WORKDIR}/${P}/src/${EGO_PN}"
# https://bugs.gentoo.org/748984 https://github.com/etcd-io/etcd/pull/12552
pkg_setup() {
# this is based on "contrib/check-config.sh" from upstream's sources
# required features.
CONFIG_CHECK="
~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS
~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG
~KEYS
~VETH ~BRIDGE ~BRIDGE_NETFILTER
~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE
~NETFILTER_XT_MATCH_ADDRTYPE
~NETFILTER_XT_MATCH_CONNTRACK
~NETFILTER_XT_MATCH_IPVS
~NETFILTER_XT_MARK
~IP_NF_NAT ~NF_NAT
~POSIX_MQUEUE
"
WARNING_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: is required for bind-mounting /dev/mqueue into containers"
if kernel_is lt 4 8; then
CONFIG_CHECK+="
~DEVPTS_MULTIPLE_INSTANCES
"
fi
if kernel_is le 5 1; then
CONFIG_CHECK+="
~NF_NAT_IPV4
"
fi
if kernel_is le 5 2; then
CONFIG_CHECK+="
~NF_NAT_NEEDED
"
fi
if kernel_is ge 4 15; then
CONFIG_CHECK+="
~CGROUP_BPF
"
fi
# optional features
CONFIG_CHECK+="
~USER_NS
"
if use seccomp; then
CONFIG_CHECK+="
~SECCOMP ~SECCOMP_FILTER
"
fi
CONFIG_CHECK+="
~CGROUP_PIDS
"
if kernel_is lt 6 1; then
CONFIG_CHECK+="
~MEMCG_SWAP
"
fi
if kernel_is le 5 8; then
CONFIG_CHECK+="
~MEMCG_SWAP_ENABLED
"
fi
CONFIG_CHECK+="
~!LEGACY_VSYSCALL_NATIVE
"
if kernel_is lt 5 19; then
CONFIG_CHECK+="
~LEGACY_VSYSCALL_EMULATE
"
fi
CONFIG_CHECK+="
~!LEGACY_VSYSCALL_NONE
"
WARNING_LEGACY_VSYSCALL_NONE="CONFIG_LEGACY_VSYSCALL_NONE enabled: \
Containers with <=glibc-2.13 will not work"
if kernel_is le 4 5; then
CONFIG_CHECK+="
~MEMCG_KMEM
"
fi
if kernel_is lt 5; then
CONFIG_CHECK+="
~IOSCHED_CFQ ~CFQ_GROUP_IOSCHED
"
fi
CONFIG_CHECK+="
~BLK_CGROUP ~BLK_DEV_THROTTLING
~CGROUP_PERF
~CGROUP_HUGETLB
~NET_CLS_CGROUP ~CGROUP_NET_PRIO
~CFS_BANDWIDTH ~FAIR_GROUP_SCHED
~IP_NF_TARGET_REDIRECT
~IP_VS
~IP_VS_NFCT
~IP_VS_PROTO_TCP
~IP_VS_PROTO_UDP
~IP_VS_RR
"
if use selinux; then
CONFIG_CHECK+="
~SECURITY_SELINUX
"
fi
if use apparmor; then
CONFIG_CHECK+="
~SECURITY_APPARMOR
"
fi
# if ! is_set EXT4_USE_FOR_EXT2; then
# check_flags EXT3_FS EXT3_FS_XATTR EXT3_FS_POSIX_ACL EXT3_FS_SECURITY
# if ! is_set EXT3_FS || ! is_set EXT3_FS_XATTR || ! is_set EXT3_FS_POSIX_ACL || ! is_set EXT3_FS_SECURITY; then
# echo " $(wrap_color '(enable these ext3 configs if you are using ext3 as backing filesystem)' bold black)"
# fi
# fi
CONFIG_CHECK+="
~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY
"
# if ! is_set EXT4_FS || ! is_set EXT4_FS_POSIX_ACL || ! is_set EXT4_FS_SECURITY; then
# if is_set EXT4_USE_FOR_EXT2; then
# echo " $(wrap_color 'enable these ext4 configs if you are using ext3 or ext4 as backing filesystem' bold black)"
# else
# echo " $(wrap_color 'enable these ext4 configs if you are using ext4 as backing filesystem' bold black)"
# fi
# fi
# network drivers
CONFIG_CHECK+="
~VXLAN ~BRIDGE_VLAN_FILTERING
~CRYPTO ~CRYPTO_AEAD ~CRYPTO_GCM ~CRYPTO_SEQIV ~CRYPTO_GHASH
~XFRM ~XFRM_USER ~XFRM_ALGO ~INET_ESP
"
if kernel_is le 5 3; then
CONFIG_CHECK+="
~INET_XFRM_MODE_TRANSPORT
"
fi
CONFIG_CHECK+="
~IPVLAN
"
CONFIG_CHECK+="
~MACVLAN ~DUMMY
"
CONFIG_CHECK+="
~NF_NAT_FTP ~NF_CONNTRACK_FTP ~NF_NAT_TFTP ~NF_CONNTRACK_TFTP
"
# storage drivers
if use btrfs; then
CONFIG_CHECK+="
~BTRFS_FS
~BTRFS_FS_POSIX_ACL
"
fi
CONFIG_CHECK+="
~OVERLAY_FS
"
linux-info_pkg_setup
}
src_compile() {
export DOCKER_GITCOMMIT="${GIT_COMMIT}"
export GOPATH="${WORKDIR}/${P}"
export VERSION=${PV}
tc-export PKG_CONFIG
# setup CFLAGS and LDFLAGS for separate build target
# see https://github.com/tianon/docker-overlay/pull/10
CGO_CFLAGS+=" -I${ESYSROOT}/usr/include"
CGO_LDFLAGS+=" -L${ESYSROOT}/usr/$(get_libdir)"
# let's set up some optional features :)
export DOCKER_BUILDTAGS=''
for gd in btrfs overlay2; do
if ! use $gd; then
DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}"
fi
done
for tag in apparmor seccomp; do
if use $tag; then
DOCKER_BUILDTAGS+=" $tag"
fi
done
export EXCLUDE_AUTO_BUILDTAG_JOURNALD=$(usex systemd '' 'y')
# build binaries
./hack/make.sh dynbinary || die 'dynbinary failed'
}
src_install() {
dosym containerd /usr/bin/docker-containerd
dosym containerd-shim /usr/bin/docker-containerd-shim
dosym runc /usr/bin/docker-runc
use container-init && dosym tini /usr/bin/docker-init
dobin bundles/dynbinary-daemon/dockerd
dobin bundles/dynbinary-daemon/docker-proxy
for f in dockerd-rootless-setuptool.sh dockerd-rootless.sh; do
dosym ../share/docker/contrib/${f} /usr/bin/${f}
done
newinitd contrib/init/openrc/docker.initd docker
newconfd contrib/init/openrc/docker.confd docker
systemd_dounit contrib/init/systemd/docker.{service,socket}
udev_dorules contrib/udev/*.rules
dodoc AUTHORS CONTRIBUTING.md NOTICE README.md
dodoc -r docs/*
# note: intentionally not using "doins" so that we preserve +x bits
dodir /usr/share/${PN}/contrib
cp -R contrib/* "${ED}/usr/share/${PN}/contrib"
}
pkg_postinst() {
udev_reload
elog
elog "To use Docker, the Docker daemon must be running as root. To automatically"
elog "start the Docker daemon at boot:"
if systemd_is_booted || has_version sys-apps/systemd; then
elog " systemctl enable docker.service"
else
elog " rc-update add docker default"
fi
elog
elog "To use Docker as a non-root user, add yourself to the 'docker' group:"
elog ' usermod -aG docker <youruser>'
elog
if has_version sys-fs/zfs; then
elog " ZFS storage driver is available"
elog " Check https://docs.docker.com/storage/storagedriver/zfs-driver for more info"
elog
fi
optfeature "rootless mode support" sys-apps/shadow
optfeature "rootless mode support" sys-apps/rootlesskit
optfeature_header "for rootless mode you also need a network stack"
optfeature "rootless mode network stack" app-containers/slirp4netns
}
pkg_postrm() {
udev_reload
}

4
sdk_container/src/third_party/portage-stable/app-containers/docker/docker-27.4.1-r1.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2024 Gentoo Authors
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@ -13,7 +13,7 @@ S="${WORKDIR}/moby-${PV}"
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86"
IUSE="apparmor btrfs +container-init cuda +overlay2 seccomp selinux systemd"
DEPEND="

10
sdk_container/src/third_party/portage-stable/app-containers/docker/docker-27.4.1.ebuild → sdk_container/src/third_party/portage-stable/app-containers/docker/docker-27.5.0.ebuild vendored
View File

@ -1,10 +1,10 @@
# Copyright 1999-2024 Gentoo Authors
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
MY_PV=${PV/_/-}
inherit go-module linux-info optfeature systemd toolchain-funcs udev
GIT_COMMIT=c710b88579fcb5e0d53f96dcae976d79323b9166
GIT_COMMIT=38b84dce32c45732606fe09ffebef8b29a783644
DESCRIPTION="The core functions you need to create Docker images and run Docker containers"
HOMEPAGE="https://www.docker.com/"
@ -14,7 +14,7 @@ S="${WORKDIR}/moby-${PV}"
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
IUSE="apparmor btrfs +container-init +overlay2 seccomp selinux systemd"
IUSE="apparmor btrfs +container-init cuda +overlay2 seccomp selinux systemd"
DEPEND="
acct-group/docker
@ -36,7 +36,9 @@ RDEPEND="
>=app-containers/containerd-1.7.24[apparmor?,btrfs?,seccomp?]
>=app-containers/runc-1.2.2[apparmor?,seccomp?]
!app-containers/docker-proxy
!<app-containers/docker-cli-${PV}
container-init? ( >=sys-process/tini-0.19.0[static] )
cuda? ( app-containers/nvidia-container-toolkit )
selinux? ( sec-policy/selinux-docker )
"
@ -271,7 +273,7 @@ src_compile() {
src_install() {
dosym containerd /usr/bin/docker-containerd
dosym containerd-shim /usr/bin/docker-containerd-shim
dosym containerd-shim-runc-v2 /usr/bin/docker-containerd-shim
dosym runc /usr/bin/docker-runc
use container-init && dosym tini /usr/bin/docker-init
dobin bundles/dynbinary-daemon/dockerd

28
sdk_container/src/third_party/portage-stable/app-containers/docker/files/0001-Openrc-Depend-on-containerd-init-script.patch vendored
View File

@ -1,28 +0,0 @@
From bb69104381805014eb7675682d204fe460a52388 Mon Sep 17 00:00:00 2001
From: Jan Breig <git@pygos.space>
Date: Mon, 16 May 2022 14:58:36 +0200
Subject: [PATCH] Openrc: Depend on containerd init script
Signed-off-by: Jan Breig <git@pygos.space>
---
contrib/init/openrc/docker.initd | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/contrib/init/openrc/docker.initd b/contrib/init/openrc/docker.initd
index 3229223bad..57defb8f57 100644
--- a/contrib/init/openrc/docker.initd
+++ b/contrib/init/openrc/docker.initd
@@ -17,6 +17,10 @@ rc_ulimit="${DOCKER_ULIMIT:--c unlimited -n 1048576 -u unlimited}"
retry="${DOCKER_RETRY:-TERM/60/KILL/10}"
+depend() {
+ need containerd
+}
+
start_pre() {
checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE"
}
--
2.35.1

13
sdk_container/src/third_party/portage-stable/app-containers/docker/files/docker-26.1.0-automagic-systemd.patch vendored
View File

@ -1,13 +0,0 @@
https://bugs.gentoo.org/914076
https://github.com/moby/moby/issues/47770
--- a/hack/make.sh
+++ b/hack/make.sh
@@ -83,7 +83,7 @@ if [ ! "$GOPATH" ]; then
exit 1
fi
-if ${PKG_CONFIG} 'libsystemd' 2> /dev/null; then
+if [[ -n "$SYSTEMD" ]] && [[ "$SYSTEMD" == 1 ]] && ${PKG_CONFIG} 'libsystemd' 2> /dev/null; then
DOCKER_BUILDTAGS+=" journald"
fi

4
sdk_container/src/third_party/portage-stable/app-containers/docker/metadata.xml vendored
View File

@ -21,10 +21,6 @@
Makes the a staticly-linked init system tini available inside a
container.
</flag>
<flag name="overlay">
Enables dependencies for the "overlay" graph driver, including
necessary kernel flags.
</flag>
<flag name="overlay2">
Enables dependencies for the "overlay2" graph driver, including
necessary kernel flags.

2
sdk_container/src/third_party/portage-stable/app-containers/netavark/netavark-1.12.2-r1.ebuild vendored
View File

@ -24,7 +24,7 @@ LICENSE="Apache-2.0"
LICENSE+=" Apache-2.0-with-LLVM-exceptions BSD BSD-2 Boost-1.0 MIT Unicode-DFS-2016 Unlicense ZLIB"
SLOT="0"
BDEPEND="dev-go/go-md2man
dev-libs/protobuf"
dev-libs/protobuf[protoc(+)]"
QA_FLAGS_IGNORED="
usr/libexec/podman/${PN}"

4
sdk_container/src/third_party/portage-stable/app-containers/netavark/netavark-9999.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2024 Gentoo Authors
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@ -24,7 +24,7 @@ LICENSE="Apache-2.0"
LICENSE+=" Apache-2.0-with-LLVM-exceptions BSD BSD-2 Boost-1.0 MIT Unicode-DFS-2016 Unlicense ZLIB"
SLOT="0"
BDEPEND="dev-go/go-md2man
dev-libs/protobuf"
dev-libs/protobuf[protoc(+)]"
QA_FLAGS_IGNORED="
usr/libexec/podman/${PN}"

1
sdk_container/src/third_party/portage-stable/app-containers/podman/Manifest vendored
View File

@ -1,2 +1,3 @@
DIST podman-5.2.5.tar.gz 23834863 BLAKE2B 2264c9b19e621a1269ae5baee6fee148e6f1b9cacbdd83fdbecf671f87855d0ae566e41e4e8cbffe57662b7e9a3d653d57a7d2acb8f30b869b8af1bd7473a617 SHA512 29f71c67a5700e8dffe45e6e91acab509d8c8924a5f3cf9b4eee95f665a9ed19333285df89da892699ee314cee27c0c8a4a62d29e4205198781f5d5f585135a9
DIST podman-5.3.0.tar.gz 24194165 BLAKE2B fb2da37e4f97d69997b9518425bb1ec74846e4e26855bf9ece0eeefb723f603051d4d4a1b3320cdba5c97595db12e1948f280776429819d10bfe83a57f349c78 SHA512 3f1ab7e792850e2e21823c59ca9e03d348e78267e3ec5344a04c38e51466159717944c318cf5e61ad9a785d9112b468b9fc37f3b60a40e8764d5cac9f58e7d16
DIST podman-5.3.2.tar.gz 24207488 BLAKE2B 68f618b74be41bf489de97b009d335f3033634c5c065b1089cc9a6132e38e3a7f707b959d29d955ab0bd805721c14cda90c77fa60f6ba09327f38d4a8bc19112 SHA512 b7007278dd3f493bd0d0185ed4328570d5af527d4864c4435e7b330543d60ba87f04f36c94407d4e11e622a4af8b6467f66474e9b66cbeacb8eecb3088b4439e

146
sdk_container/src/third_party/portage-stable/app-containers/podman/podman-5.3.2.ebuild vendored Normal file
View File

@ -0,0 +1,146 @@
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{11..13} )
inherit go-module python-any-r1 tmpfiles toolchain-funcs linux-info
DESCRIPTION="A tool for managing OCI containers and pods with Docker-compatible CLI"
HOMEPAGE="https://github.com/containers/podman/ https://podman.io/"
if [[ ${PV} == 9999* ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/containers/podman.git"
else
SRC_URI="https://github.com/containers/podman/archive/v${PV/_rc/-rc}.tar.gz -> ${P}.tar.gz"
S="${WORKDIR}/${P/_rc/-rc}"
[[ ${PV} != *rc* ]] && \
KEYWORDS="~amd64 ~arm64 ~loong ~riscv"
fi
# main pkg
LICENSE="Apache-2.0"
# deps
LICENSE+=" BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0"
SLOT="0"
IUSE="apparmor btrfs +seccomp selinux systemd wrapper"
RESTRICT="test"
RDEPEND="
app-containers/catatonit
>=app-containers/conmon-2.1.10
>=app-containers/containers-common-0.58.0-r1
app-crypt/gpgme:=
dev-libs/libassuan:=
dev-libs/libgpg-error:=
sys-apps/shadow:=
apparmor? ( sys-libs/libapparmor )
btrfs? ( sys-fs/btrfs-progs )
wrapper? ( !app-containers/docker-cli )
seccomp? ( sys-libs/libseccomp:= )
selinux? ( sec-policy/selinux-podman sys-libs/libselinux:= )
systemd? ( sys-apps/systemd:= )
"
DEPEND="${RDEPEND}"
BDEPEND="
${PYTHON_DEPS}
dev-go/go-md2man
"
PATCHES=(
"${T}"/togglable-seccomp.patch
)
CONFIG_CHECK="
~USER_NS
"
pkg_setup() {
use btrfs && CONFIG_CHECK+=" ~BTRFS_FS"
linux-info_pkg_setup
python-any-r1_pkg_setup
}
src_prepare() {
cat <<'EOF' > "${T}"/togglable-seccomp.patch || die
--- a/Makefile
+++ b/Makefile
@@ -56,7 +56,6 @@ BUILDTAGS ?= \
$(shell hack/systemd_tag.sh) \
$(shell hack/libsubid_tag.sh) \
exclude_graphdriver_devicemapper \
- seccomp
# allow downstreams to easily add build tags while keeping our defaults
BUILDTAGS += ${EXTRA_BUILDTAGS}
# N/B: This value is managed by Renovate, manual changes are
EOF
default
# assure necessary files are present
local file
for file in apparmor_tag btrfs_installed_tag btrfs_tag systemd_tag; do
[[ -f hack/"${file}".sh ]] || die
done
local feature
for feature in apparmor systemd; do
cat <<-EOF > hack/"${feature}"_tag.sh || die
#!/usr/bin/env bash
$(usex ${feature} "echo ${feature}" echo)
EOF
done
echo -e "#!/usr/bin/env bash\n echo" > hack/btrfs_installed_tag.sh || die
cat <<-EOF > hack/btrfs_tag.sh || die
#!/usr/bin/env bash
$(usex btrfs echo 'echo exclude_graphdriver_btrfs btrfs_noversion')
EOF
}
src_compile() {
export PREFIX="${EPREFIX}/usr"
# For non-live versions, prevent git operations which causes sandbox violations
# https://github.com/gentoo/gentoo/pull/33531#issuecomment-1786107493
[[ ${PV} != 9999* ]] && export COMMIT_NO="" GIT_COMMIT="" EPOCH_TEST_COMMIT=""
# Use proper pkg-config to get gpgme cflags and ldflags when
# cross-compiling, bug 930982.
if tc-is-cross-compiler; then
tc-export PKG_CONFIG
fi
emake BUILDFLAGS="-v -work -x" GOMD2MAN="go-md2man" EXTRA_BUILDTAGS="$(usev seccomp)" SELINUXOPT= \
all $(usev wrapper docker-docs)
}
src_install() {
emake DESTDIR="${D}" SELINUXOPT= install install.completions $(usev wrapper install.docker-full)
if use !systemd; then
newconfd "${FILESDIR}"/podman-5.0.0_rc4.confd podman
newinitd "${FILESDIR}"/podman-5.0.0_rc4.initd podman
newinitd "${FILESDIR}"/podman-restart-5.0.0_rc4.initd podman-restart
newconfd "${FILESDIR}"/podman-restart-5.0.0_rc4.confd podman-restart
newinitd "${FILESDIR}"/podman-clean-transient-5.0.0_rc6.initd podman-clean-transient
newconfd "${FILESDIR}"/podman-clean-transient-5.0.0_rc6.confd podman-clean-transient
exeinto /etc/cron.daily
newexe "${FILESDIR}"/podman-auto-update-5.0.0.cron podman-auto-update
insinto /etc/logrotate.d
newins "${FILESDIR}/podman.logrotated" podman
fi
keepdir /var/lib/containers
}
pkg_postinst() {
tmpfiles_process podman.conf $(usev wrapper podman-docker.conf)
}

8
sdk_container/src/third_party/portage-stable/app-containers/runc/Manifest vendored
View File

@ -1,7 +1 @@
DIST runc-1.1.12.tar.gz 2522196 BLAKE2B 14fe8d5f82d5b4d7f6b4bb9111c5d258e74f6a44aeb51fc87c69104e95b9bf24a3d503f4cc5dedb40d542fbd4b6e27273f456bda4fcf3bc298eb93ae292d9663 SHA512 92e8ac54a77d7ebcc76b5a9cc08d9a064211f12e9d26f064070cc203a5afb11c3af28d8f556f297513f797a2933d50bf10a8f22e307724041d66aa8c5ca1d9d3
DIST runc-1.1.13.tar.gz 2532849 BLAKE2B f3d3171ffce2bb833bfb5cc21d0dc034fd7e38c47ee098cc1fc75c06fd4dfae21dfe25c2e69a1ca93b29d36e8799727ea41725eee8aca3a059c14dab6c8a435f SHA512 644bf9e6359bf49bbdec667c0f7c69ded78c7eacfc2d1b730d52fdcf7348571c6406b8e5790811fe3662a458c878e4225c3559885f0d95f8905273e7e40e55ad
DIST runc-1.1.14.tar.gz 2543890 BLAKE2B 3eede8cd7d04d2a3826cfc7caae032744551799e8262d28e989d3d5c66ca3969ce8dede064ebd37361a00eb276fa7c9961180dd9fc9b0d53535421ecc99acb39 SHA512 bdefbf34cf57485c6b961babc8294d0e6b2e003eb836b8e99c49ef4d00acf11f30a46ad0bcd399ee9346610419591daf1eecb3b6b127962357d629bf5f252e22
DIST runc-1.2.0.tar.gz 2776027 BLAKE2B 743ea8641c0fabda5e32c1d3e044627241337bcdfd92b740bf8ef406e2ad4f37f7069975d93639954a1b20b2627b6456a66847eabfb544ee0eef44e59b2a7453 SHA512 30194521e9ff8e5586309bedbb29812f057220f765b68145d88f2e0008f7f9b5a22fa185d448247d7c71aeade3f48f76b48d4289c94a6c02a1e3384ae5674617
DIST runc-1.2.1.tar.gz 2742512 BLAKE2B 06beda96edb4fa0796371d28f646b01760cd9b663104045407ae27f3ddd51e0318eddba8fc3dbe107629831a5f4051af0f50406418213485b7ee90cdf9a86085 SHA512 098ba9810d6a6704b11f97360cf403d0e5cccdf635a9b5c594b70e26c2c1554c328506265754f500e2faec1f08655839837036010c6a25265047a47c31f4defd
DIST runc-1.2.2.tar.gz 2743483 BLAKE2B d1e59aff284dcacdc50a17c4efab09b4bdda5d93ce13822542ea73ec696d3642d4dcc715d2adad308622100b04ef62365d3848be6418db5a325ac574b66e314c SHA512 87066ff0fe7ff6dc0eefd61ba2b194fa96433a091a34e9035350123b7da7dccf7fcec6f52b377c72be853820b4a57154b42bcd58c872263f8b7a16bfc480e5d7
DIST runc-1.2.3.tar.gz 2757883 BLAKE2B adc3b23ddc487d674a406de8e9e17c2d41d2335e4e18ed2a8a1f5add0909ec235a01fc9483e91e74fb2869950c572d0a22882034b8b5f80c4719d20790e3b38c SHA512 e422e469dbcd60fbc3bf9ca348ba04f8b27b2a43bca8f3ee4c9407539f5dec71373d53d192b47d42eaefa1d7ca2ac9e64839cbe4b82bf930b5a496f3028e5212
DIST runc-1.2.4.tar.gz 2759394 BLAKE2B 02b282c9fbe7f82ad1d4297b9d2576ee99db7f4db193aa6b08b595d1a18f4a0cb41c5fddb8184ca389e77726c71f4b64b686b2ee1b8e8df97179669362c17ff7 SHA512 2a14bfe7759e0cefcf88fac9d756eb2cbed8a9ebf7b6eacb96855467ea151c278ae0d58735d2a5a2d3335fc54eae4625dfcdb641065df58ba10fd1faafbd3119

78
sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.1.12.ebuild vendored
View File

@ -1,78 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit go-module linux-info
# update on bump, look for https://github.com/docker\
# docker-ce/blob/<docker ver OR branch>/components/engine/hack/dockerfile/install/runc.installer
RUNC_COMMIT=51d5e94601ceffbbd85688df1c928ecccbfa4685
CONFIG_CHECK="~USER_NS"
DESCRIPTION="runc container cli tools"
HOMEPAGE="http://github.com/opencontainers/runc/"
MY_PV="${PV/_/-}"
SRC_URI="https://github.com/opencontainers/${PN}/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
LICENSE="Apache-2.0 BSD-2 BSD MIT"
SLOT="0"
KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86"
IUSE="apparmor hardened +kmem +seccomp selinux test"
DEPEND="seccomp? ( sys-libs/libseccomp )"
RDEPEND="
${DEPEND}
!app-emulation/docker-runc
apparmor? ( sys-libs/libapparmor )
selinux? ( sec-policy/selinux-container )
"
BDEPEND="
dev-go/go-md2man
test? ( "${RDEPEND}" )
"
# tests need busybox binary, and portage namespace
# sandboxing disabled: mount-sandbox pid-sandbox ipc-sandbox
# majority of tests pass
RESTRICT+=" test"
S="${WORKDIR}/${PN}-${MY_PV}"
src_compile() {
# Taken from app-containers/docker-1.7.0-r1
CGO_CFLAGS+=" -I${ESYSROOT}/usr/include"
CGO_LDFLAGS+=" $(usex hardened '-fno-PIC ' '')
-L${ESYSROOT}/usr/$(get_libdir)"
# build up optional flags
local options=(
$(usev apparmor)
$(usev seccomp)
$(usex kmem '' 'nokmem')
)
myemakeargs=(
BUILDTAGS="${options[*]}"
COMMIT="${RUNC_COMMIT}"
)
emake "${myemakeargs[@]}" runc man
}
src_install() {
myemakeargs+=(
PREFIX="${ED}/usr"
BINDIR="${ED}/usr/bin"
MANDIR="${ED}/usr/share/man"
)
emake "${myemakeargs[@]}" install install-man install-bash
local DOCS=( README.md PRINCIPLES.md docs/. )
einstalldocs
}
src_test() {
emake "${myemakeargs[@]}" localunittest
}

77
sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.1.13.ebuild vendored
View File

@ -1,77 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit go-module linux-info
# update on bump, look for commit ID on release tag.
# https://github.com/opencontainers/runc
RUNC_COMMIT=58aa9203c123022138b22cf96540c284876a7910
CONFIG_CHECK="~USER_NS"
DESCRIPTION="runc container cli tools"
HOMEPAGE="https://github.com/opencontainers/runc/"
MY_PV="${PV/_/-}"
SRC_URI="https://github.com/opencontainers/${PN}/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
S="${WORKDIR}/${PN}-${MY_PV}"
LICENSE="Apache-2.0 BSD-2 BSD MIT"
SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
IUSE="apparmor hardened +kmem +seccomp selinux test"
DEPEND="seccomp? ( sys-libs/libseccomp )"
RDEPEND="
${DEPEND}
!app-emulation/docker-runc
apparmor? ( sys-libs/libapparmor )
selinux? ( sec-policy/selinux-container )
"
BDEPEND="
dev-go/go-md2man
test? ( "${RDEPEND}" )
"
# tests need busybox binary, and portage namespace
# sandboxing disabled: mount-sandbox pid-sandbox ipc-sandbox
# majority of tests pass
RESTRICT+=" test"
src_compile() {
# Taken from app-containers/docker-1.7.0-r1
CGO_CFLAGS+=" -I${ESYSROOT}/usr/include"
CGO_LDFLAGS+=" $(usex hardened '-fno-PIC ' '')
-L${ESYSROOT}/usr/$(get_libdir)"
# build up optional flags
local options=(
$(usev apparmor)
$(usev seccomp)
$(usex kmem '' 'nokmem')
)
myemakeargs=(
BUILDTAGS="${options[*]}"
COMMIT="${RUNC_COMMIT}"
)
emake "${myemakeargs[@]}" runc man
}
src_install() {
myemakeargs+=(
PREFIX="${ED}/usr"
BINDIR="${ED}/usr/bin"
MANDIR="${ED}/usr/share/man"
)
emake "${myemakeargs[@]}" install install-man install-bash
local DOCS=( README.md PRINCIPLES.md docs/. )
einstalldocs
}
src_test() {
emake "${myemakeargs[@]}" localunittest
}

77
sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.1.14.ebuild vendored
View File

@ -1,77 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit go-module linux-info
# update on bump, look for commit ID on release tag.
# https://github.com/opencontainers/runc
RUNC_COMMIT=2c9f5602f0ba3d9da1c2596322dfc4e156844890
CONFIG_CHECK="~USER_NS"
DESCRIPTION="runc container cli tools"
HOMEPAGE="https://github.com/opencontainers/runc/"
MY_PV="${PV/_/-}"
SRC_URI="https://github.com/opencontainers/${PN}/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
S="${WORKDIR}/${PN}-${MY_PV}"
LICENSE="Apache-2.0 BSD-2 BSD MIT"
SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
IUSE="apparmor hardened +kmem +seccomp selinux test"
DEPEND="seccomp? ( sys-libs/libseccomp )"
RDEPEND="
${DEPEND}
!app-emulation/docker-runc
apparmor? ( sys-libs/libapparmor )
selinux? ( sec-policy/selinux-container )
"
BDEPEND="
dev-go/go-md2man
test? ( "${RDEPEND}" )
"
# tests need busybox binary, and portage namespace
# sandboxing disabled: mount-sandbox pid-sandbox ipc-sandbox
# majority of tests pass
RESTRICT+=" test"
src_compile() {
# Taken from app-containers/docker-1.7.0-r1
CGO_CFLAGS+=" -I${ESYSROOT}/usr/include"
CGO_LDFLAGS+=" $(usex hardened '-fno-PIC ' '')
-L${ESYSROOT}/usr/$(get_libdir)"
# build up optional flags
local options=(
$(usev apparmor)
$(usev seccomp)
$(usex kmem '' 'nokmem')
)
myemakeargs=(
BUILDTAGS="${options[*]}"
COMMIT="${RUNC_COMMIT}"
)
emake "${myemakeargs[@]}" runc man
}
src_install() {
myemakeargs+=(
PREFIX="${ED}/usr"
BINDIR="${ED}/usr/bin"
MANDIR="${ED}/usr/share/man"
)
emake "${myemakeargs[@]}" install install-man install-bash
local DOCS=( README.md PRINCIPLES.md docs/. )
einstalldocs
}
src_test() {
emake "${myemakeargs[@]}" localunittest
}

75
sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.0.ebuild vendored
View File

@ -1,75 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit go-module linux-info
# update on bump, look for commit ID on release tag.
# https://github.com/opencontainers/runc
RUNC_COMMIT=0b9fa21be2bcba45f6d9d748b4bcf70cfbffbc19
CONFIG_CHECK="~USER_NS"
DESCRIPTION="runc container cli tools"
HOMEPAGE="https://github.com/opencontainers/runc/"
MY_PV="${PV/_/-}"
SRC_URI="https://github.com/opencontainers/${PN}/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
S="${WORKDIR}/${PN}-${MY_PV}"
LICENSE="Apache-2.0 BSD-2 BSD MIT"
SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
IUSE="apparmor hardened +kmem +seccomp selinux test"
COMMON_DEPEND="
apparmor? ( sys-libs/libapparmor )
seccomp? ( sys-libs/libseccomp )"
DEPEND="${COMMON_DEPEND}"
RDEPEND="${COMMON_DEPEND}
!app-emulation/docker-runc
selinux? ( sec-policy/selinux-container )"
BDEPEND="
dev-go/go-md2man
test? ( "${RDEPEND}" )"
# tests need busybox binary, and portage namespace
# sandboxing disabled: mount-sandbox pid-sandbox ipc-sandbox
# majority of tests pass
RESTRICT+=" test"
src_compile() {
# Taken from app-containers/docker-1.7.0-r1
CGO_CFLAGS+=" -I${ESYSROOT}/usr/include"
CGO_LDFLAGS+=" $(usex hardened '-fno-PIC ' '')
-L${ESYSROOT}/usr/$(get_libdir)"
# build up optional flags
local options=(
$(usev apparmor)
$(usev seccomp)
$(usex kmem '' 'nokmem')
)
myemakeargs=(
BUILDTAGS="${options[*]}"
COMMIT="${RUNC_COMMIT}"
)
emake "${myemakeargs[@]}" runc man
}
src_install() {
myemakeargs+=(
PREFIX="${ED}/usr"
BINDIR="${ED}/usr/bin"
MANDIR="${ED}/usr/share/man"
)
emake "${myemakeargs[@]}" install install-man install-bash
local DOCS=( README.md PRINCIPLES.md docs/. )
einstalldocs
}
src_test() {
emake "${myemakeargs[@]}" localunittest
}

75
sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.1.ebuild vendored
View File

@ -1,75 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit go-module linux-info
# update on bump, look for commit ID on release tag.
# https://github.com/opencontainers/runc
RUNC_COMMIT=7cb363254b69e10320360b63fb73e0ffb5da7bf2
CONFIG_CHECK="~USER_NS"
DESCRIPTION="runc container cli tools"
HOMEPAGE="https://github.com/opencontainers/runc/"
MY_PV="${PV/_/-}"
SRC_URI="https://github.com/opencontainers/${PN}/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
S="${WORKDIR}/${PN}-${MY_PV}"
LICENSE="Apache-2.0 BSD-2 BSD MIT"
SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
IUSE="apparmor hardened +kmem +seccomp selinux test"
COMMON_DEPEND="
apparmor? ( sys-libs/libapparmor )
seccomp? ( sys-libs/libseccomp )"
DEPEND="${COMMON_DEPEND}"
RDEPEND="${COMMON_DEPEND}
!app-emulation/docker-runc
selinux? ( sec-policy/selinux-container )"
BDEPEND="
dev-go/go-md2man
test? ( "${RDEPEND}" )"
# tests need busybox binary, and portage namespace
# sandboxing disabled: mount-sandbox pid-sandbox ipc-sandbox
# majority of tests pass
RESTRICT+=" test"
src_compile() {
# Taken from app-containers/docker-1.7.0-r1
CGO_CFLAGS+=" -I${ESYSROOT}/usr/include"
CGO_LDFLAGS+=" $(usex hardened '-fno-PIC ' '')
-L${ESYSROOT}/usr/$(get_libdir)"
# build up optional flags
local options=(
$(usev apparmor)
$(usev seccomp)
$(usex kmem '' 'nokmem')
)
myemakeargs=(
BUILDTAGS="${options[*]}"
COMMIT="${RUNC_COMMIT}"
)
emake "${myemakeargs[@]}" runc man
}
src_install() {
myemakeargs+=(
PREFIX="${ED}/usr"
BINDIR="${ED}/usr/bin"
MANDIR="${ED}/usr/share/man"
)
emake "${myemakeargs[@]}" install install-man install-bash
local DOCS=( README.md PRINCIPLES.md docs/. )
einstalldocs
}
src_test() {
emake "${myemakeargs[@]}" localunittest
}

75
sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.2.ebuild vendored
View File

@ -1,75 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit go-module linux-info
# update on bump, look for commit ID on release tag.
# https://github.com/opencontainers/runc
RUNC_COMMIT=7cb363254b69e10320360b63fb73e0ffb5da7bf2
CONFIG_CHECK="~USER_NS"
DESCRIPTION="runc container cli tools"
HOMEPAGE="https://github.com/opencontainers/runc/"
MY_PV="${PV/_/-}"
SRC_URI="https://github.com/opencontainers/${PN}/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
S="${WORKDIR}/${PN}-${MY_PV}"
LICENSE="Apache-2.0 BSD-2 BSD MIT"
SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
IUSE="apparmor hardened +kmem +seccomp selinux test"
COMMON_DEPEND="
apparmor? ( sys-libs/libapparmor )
seccomp? ( sys-libs/libseccomp )"
DEPEND="${COMMON_DEPEND}"
RDEPEND="${COMMON_DEPEND}
!app-emulation/docker-runc
selinux? ( sec-policy/selinux-container )"
BDEPEND="
dev-go/go-md2man
test? ( "${RDEPEND}" )"
# tests need busybox binary, and portage namespace
# sandboxing disabled: mount-sandbox pid-sandbox ipc-sandbox
# majority of tests pass
RESTRICT+=" test"
src_compile() {
# Taken from app-containers/docker-1.7.0-r1
CGO_CFLAGS+=" -I${ESYSROOT}/usr/include"
CGO_LDFLAGS+=" $(usex hardened '-fno-PIC ' '')
-L${ESYSROOT}/usr/$(get_libdir)"
# build up optional flags
local options=(
$(usev apparmor)
$(usev seccomp)
$(usex kmem '' 'nokmem')
)
myemakeargs=(
BUILDTAGS="${options[*]}"
COMMIT="${RUNC_COMMIT}"
)
emake "${myemakeargs[@]}" runc man
}
src_install() {
myemakeargs+=(
PREFIX="${ED}/usr"
BINDIR="${ED}/usr/bin"
MANDIR="${ED}/usr/share/man"
)
emake "${myemakeargs[@]}" install install-man install-bash
local DOCS=( README.md PRINCIPLES.md docs/. )
einstalldocs
}
src_test() {
emake "${myemakeargs[@]}" localunittest
}

7
sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.3.ebuild → sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.4.ebuild vendored
View File

@ -6,7 +6,7 @@ inherit go-module linux-info
# update on bump, look for commit ID on release tag.
# https://github.com/opencontainers/runc
RUNC_COMMIT=0d37cfd4b557771e555a184d5a78d0ed4bdb79a5
RUNC_COMMIT=6c52b3fc541fb26fe8c374d5f58112a0a5dbda66
CONFIG_CHECK="~USER_NS"
@ -38,11 +38,6 @@ BDEPEND="
RESTRICT+=" test"
src_compile() {
# Taken from app-containers/docker-1.7.0-r1
CGO_CFLAGS+=" -I${ESYSROOT}/usr/include"
CGO_LDFLAGS+=" $(usex hardened '-fno-PIC ' '')
-L${ESYSROOT}/usr/$(get_libdir)"
# build up optional flags
local options=(
$(usev apparmor)

6
sdk_container/src/third_party/portage-stable/app-crypt/gnupg/Manifest vendored
View File

@ -1,11 +1,5 @@
DIST gnupg-2.2.42.tar.bz2 7434291 BLAKE2B 5f7f01f31949e5258d638fbff81fa641e5c167e6eaf32c55eb187d4a31b31cd4fe6e51c622e74d8544c4f95c75484e15117f26a8cf26055ff6813d75e54f2b8a SHA512 9c59d034f428d42323b5520e1a8984acc1505ba1d96d90f00e17b24aa91660b2dc64e1a3ceb044c56f39b4c402a77c7e0b226c65218c23c094781b4ef51e2eb5
DIST gnupg-2.2.42.tar.bz2.sig 238 BLAKE2B 251ad0a832042ceb93b0edfda8652104bfb463e291322f22f0ab0d9b35606c3589be7a6f3e9e2aac8f6ac368a7d11840ab83b29997587dc65685de9f2dec3fee SHA512 7073bfc920c571680a1de57b4e6cd83cde24ccb3b5f592602b0c32fd762eef497027b08745044c9f41130ca99bb7ec77222568c2d0a1099d3c1c15137e0221d7
DIST gnupg-2.2.43.tar.bz2 7435426 BLAKE2B ddf5c89d317e6ce8d1a5348f0ef81ffa1c61c995ddb312b28410f04502b01eae307cd943bee7182d28d4efccac394c91053f8e33756b00166bf66b2bf4a791a7 SHA512 0d2e733b6659c116c043db5252de4de33d6a70c16172d1fe9b779ba413ba9fcb64bbfdcc4686d0e87904561fc62d1aa765144e0586957a500287c175ee37bd49
DIST gnupg-2.2.43.tar.bz2.sig 119 BLAKE2B 38fd3790f5065d67d6b5323ef7abbb79facf00e5b9daba98e5078302fc3887423173ba434c7eff1e64faecef88d87aab9c057c570d6e96e8d0808f07f32d8fa1 SHA512 47c5354869b1825e56fa4276826fcde1ee41c70aab9b411686cf2733f4d1df9c006049e49e066b22e475bd37b337f9ffc97f8bbca0c62c0f32296909464a0643
DIST gnupg-2.2.45.tar.bz2 7447141 BLAKE2B 8fe2036325e31332166c0477ce9514152c8417a9f61b3edc43487340d5b52e6a4d4c2b104ca9fe7ce6893e6d2977e2cd9c9ccfb52c0b1ea18dae3304ec6ec7f3 SHA512 086bb2a96ff4a681451b357495c8b435229e6526e1121d8faee3cb2ecc9c14965c92c9b1ccbbf3a03f6c59c215cca85a5c4f740f2df7c008a9fa672b370bf33c
DIST gnupg-2.2.45.tar.bz2.sig 119 BLAKE2B 6656747b2d640a95c4172a221952fa75f7d03c231b7c6d40ea57b43a5bcfbceb800023ca2f352ca09325aaf186a7bf31fcfe7104129c5d6628f0e1256994df76 SHA512 181195a76eede8113bd8f2a7f5bc20674226f6327cf8263389e3d178c205ed2d817b28f2d3b504dd9f852f22fc283d2c14e809ba1c05cfe88b66103845ff114c
DIST gnupg-2.4.5.tar.bz2 7889060 BLAKE2B a8b80cd4dfbb377066efb5c9f1b6cdc6d0cd1b18358c962781b5c06de1545117b13038a4655ae627c36bfd2e5fee127692df8729d6b23e1b31051ab6d897b733 SHA512 4d54744f09399c5899144d0cb5fdc2756e45b058db41b9ea9df3be03e80b914509e16ef35aa0248e7561185b80f7a5f9fd6afcab8ccff75ff82ed555448a38ff
DIST gnupg-2.4.5.tar.bz2.sig 238 BLAKE2B b236e7d62f49c8385f4fb81389bf10715d9c0a0cb5c0b4c20fb6ff1465d05a3c3657061284db23af988a1ca16c9fa393af3ce5cbd27934501eb41a4f448fff0a SHA512 5a06970e499d1eb5213b142a8a182e46f5f21b7cb32785a9e5069378797c124e151ce74727382003820042d60fd7a2f909143f44aa9ef282605875e1cab04aef
DIST gnupg-2.4.6.tar.bz2 8011304 BLAKE2B 3b0deb3da1ec404e8f0aa50c424c7072727f933228de732d661a17ca15785b7430700e7b88afba69538f9794863cb218c90ae3d43469541fb9152fbabd3bc909 SHA512 192ae6cb18547e9c5fc4263dc968b548c1ce563ceb8cc2e651b264d4e5afa1cd99a2c1cdd80906faf5e0b0ca99cef76e003b1f7e73238f311a74a1de6c35b5cb
DIST gnupg-2.4.6.tar.bz2.sig 119 BLAKE2B f22b9488a46e585eaa4ed6434c37603756de2a0136a6e8a44d974304d31299f64dee5065a0c1f8ed6aff24555e369ffa213558027698a7e7b2244cef7c9eff76 SHA512 699f99d5aedbb1adef0fc46fbfb4184996ebaeb08e3c5a4d64195cd14e628a17a234ff9d990ad63c32119cbab24bcba802590eaf69f030a0a0addf9928172221
DIST gnupg-2.4.7.tar.bz2 8010244 BLAKE2B 4cdc6be4330b0c8f150d9d1a9ce9c7d34232ecf9b980b15fbd20e96ff6fcd8665688456d66f1c862b816472034eaa0796444357b1f36e75e8520a603a0e6b298 SHA512 3e84f1679904bf0efb789df6466e468bd2be9149d52561f35e2380038133479bebf1c61ee7adf6d3564b370915f32111098c052be6e6acaf3083a807f9f36019

Some files were not shown because too many files have changed in this diff Show More