diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/README b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/README new file mode 100644 index 0000000000..6449bb5dbb --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/README @@ -0,0 +1,13 @@ += CoreOS systemd packages + +The systemd git repo lives in src/third_party/systemd and is normally +checked out to the 'master' branch by repo and the live ebuild, +systemd-9999, will build the master branch. Release ebuilds must +specify a specific git commit to build which may be the upstream tagged +commit (e.g. v218) or a commit on one of the CoreOS release branches +(e.g. v218-coreos). If you want to use cros-workon and the live ebuild +to test new changes to a release branch it is up to you to check out +that branch in src/third_party/systemd and be warned: a repo sync will +always switch back to master. I don't have a particularly good +recommendation for dealing with this, repo thinks it should be +authoritative when in fact it is the ebuilds that are authoritative. diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/217-systemd-consoled.service.in b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/217-systemd-consoled.service.in deleted file mode 100644 index fd7938aa8b..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/217-systemd-consoled.service.in +++ /dev/null @@ -1,15 +0,0 @@ -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. - -[Unit] -Description=Console Manager and Terminal Emulator - -[Service] -Type=notify -Restart=always -RestartSec=0 -ExecStart=@rootlibexecdir@/systemd-consoled diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0001-networkd-accept-a-trailing-.-on-the-end-of-domains.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0001-networkd-accept-a-trailing-.-on-the-end-of-domains.patch deleted file mode 100644 index 1570cf9f34..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0001-networkd-accept-a-trailing-.-on-the-end-of-domains.patch +++ /dev/null @@ -1,118 +0,0 @@ -From 846415f22adc23ceba5831301433d3587a871697 Mon Sep 17 00:00:00 2001 -From: Michael Marineau -Date: Thu, 15 Jan 2015 13:02:48 -0800 -Subject: [PATCH] networkd: accept a trailing '.' on the end of domains - -While not common outside of BIND configs the implied top level '.' in -domains is commonly accepted and crops up in random places. Starting -with commit 784d9b9c networkd began validating domains as hostnames -which rejects trailing dots, breaking short name resolution in some -environments such as Google Compute Engine. This change splits the -validation code into two functions to be more tolerant for domains. ---- - src/libsystemd-network/sd-dhcp-lease.c | 2 +- - src/network/networkd-network.c | 2 +- - src/shared/util.c | 13 ++++++++++--- - src/shared/util.h | 1 + - src/test/test-util.c | 14 ++++++++++++++ - 5 files changed, 27 insertions(+), 5 deletions(-) - -diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c -index 22a4af6..8144061 100644 ---- a/src/libsystemd-network/sd-dhcp-lease.c -+++ b/src/libsystemd-network/sd-dhcp-lease.c -@@ -502,7 +502,7 @@ int dhcp_lease_parse_options(uint8_t code, uint8_t len, const uint8_t *option, - if (r < 0) - return r; - -- if (!hostname_is_valid(domainname) || is_localhost(domainname)) -+ if (!domainname_is_valid(domainname) || is_localhost(domainname)) - break; - - free(lease->domainname); -diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c -index ef9e0a8..c13c731 100644 ---- a/src/network/networkd-network.c -+++ b/src/network/networkd-network.c -@@ -392,7 +392,7 @@ int config_parse_domains(const char *unit, - STRV_FOREACH(domain, *domains) { - if (is_localhost(*domain)) - log_syntax(unit, LOG_ERR, filename, line, EINVAL, "'localhost' domain names may not be configured, ignoring assignment: %s", *domain); -- else if (!hostname_is_valid(*domain)) { -+ else if (!domainname_is_valid(*domain)) { - if (!streq(*domain, "*")) - log_syntax(unit, LOG_ERR, filename, line, EINVAL, "domain name is not valid, ignoring assignment: %s", *domain); - } else -diff --git a/src/shared/util.c b/src/shared/util.c -index 26a4f72..736a3dd 100644 ---- a/src/shared/util.c -+++ b/src/shared/util.c -@@ -4170,7 +4170,7 @@ static bool hostname_valid_char(char c) { - c == '.'; - } - --bool hostname_is_valid(const char *s) { -+bool domainname_is_valid(const char *s) { - const char *p; - bool dot; - -@@ -4191,10 +4191,17 @@ bool hostname_is_valid(const char *s) { - } - } - -- if (dot) -+ if (p-s > HOST_NAME_MAX) - return false; - -- if (p-s > HOST_NAME_MAX) -+ return true; -+} -+ -+bool hostname_is_valid(const char *s) { -+ if (!domainname_is_valid(s)) -+ return false; -+ -+ if (s[strlen(s)-1] == '.') - return false; - - return true; -diff --git a/src/shared/util.h b/src/shared/util.h -index 73bd901..87cdac5 100644 ---- a/src/shared/util.h -+++ b/src/shared/util.h -@@ -542,6 +542,7 @@ bool nulstr_contains(const char*nulstr, const char *needle); - bool plymouth_running(void); - - bool hostname_is_valid(const char *s) _pure_; -+bool domainname_is_valid(const char *s) _pure_; - char* hostname_cleanup(char *s, bool lowercase); - - bool machine_name_is_valid(const char *s) _pure_; -diff --git a/src/test/test-util.c b/src/test/test-util.c -index fe54586..b334d38 100644 ---- a/src/test/test-util.c -+++ b/src/test/test-util.c -@@ -479,6 +479,20 @@ static void test_hostname_is_valid(void) { - assert_se(!hostname_is_valid("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")); - } - -+static void test_domainname_is_valid(void) { -+ assert_se(domainname_is_valid("foobar")); -+ assert_se(domainname_is_valid("foobar.")); -+ assert_se(domainname_is_valid("foobar.com")); -+ assert_se(domainname_is_valid("foobar.com.")); -+ assert_se(!domainname_is_valid("fööbar")); -+ assert_se(!domainname_is_valid("")); -+ assert_se(!domainname_is_valid(".")); -+ assert_se(!domainname_is_valid("..")); -+ assert_se(!domainname_is_valid(".foobar")); -+ assert_se(!domainname_is_valid("foo..bar")); -+ assert_se(!domainname_is_valid("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")); -+} -+ - static void test_u64log2(void) { - assert_se(u64log2(0) == 0); - assert_se(u64log2(8) == 3); --- -2.0.5 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0002-allow-module-loading.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0002-allow-module-loading.patch deleted file mode 100644 index 05946224bf..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0002-allow-module-loading.patch +++ /dev/null @@ -1,58 +0,0 @@ -From d0a0ccf3fecdb422d3fb7ab89646fe9042f11acd Mon Sep 17 00:00:00 2001 -From: Jay Faulkner -Date: Tue, 3 Feb 2015 17:45:50 -0800 -Subject: nspawn: Allow module loading if CAP_SYS_MODULE is requested - -nspawn containers currently block module loading in all cases, with -no option to disable it. This allows an admin, specifically setting -capability=CAP_SYS_MODULE or capability=all to load modules. - -diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 1e6e7bf..fb67251 100644 ---- a/src/nspawn/nspawn.c -+++ b/src/nspawn/nspawn.c -@@ -2485,15 +2485,18 @@ static int setup_seccomp(void) { - static const int blacklist[] = { - SCMP_SYS(kexec_load), - SCMP_SYS(open_by_handle_at), -- SCMP_SYS(init_module), -- SCMP_SYS(finit_module), -- SCMP_SYS(delete_module), - SCMP_SYS(iopl), - SCMP_SYS(ioperm), - SCMP_SYS(swapon), - SCMP_SYS(swapoff), - }; - -+ static const int kmod_blacklist[] = { -+ SCMP_SYS(init_module), -+ SCMP_SYS(finit_module), -+ SCMP_SYS(delete_module), -+ }; -+ - scmp_filter_ctx seccomp; - unsigned i; - int r; -@@ -2518,6 +2521,20 @@ static int setup_seccomp(void) { - } - } - -+ /* If the CAP_SYS_MODULE capability is not requested then -+ * we'll block the kmod syscalls too */ -+ if (!(arg_retain & (1ULL << CAP_SYS_MODULE))) { -+ for (i = 0; i < ELEMENTSOF(kmod_blacklist); i++) { -+ r = seccomp_rule_add(seccomp, SCMP_ACT_ERRNO(EPERM), kmod_blacklist[i], 0); -+ if (r == -EFAULT) -+ continue; /* unknown syscall */ -+ if (r < 0) { -+ log_error_errno(r, "Failed to block syscall: %m"); -+ goto finish; -+ } -+ } -+ } -+ - /* - Audit is broken in containers, much of the userspace audit - hookup will fail if running inside a container. We don't --- -cgit v0.10.2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0003-core-open-up-DefaultDependencies-property-for-transi.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0003-core-open-up-DefaultDependencies-property-for-transi.patch deleted file mode 100644 index 2dbc5d5bcf..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0003-core-open-up-DefaultDependencies-property-for-transi.patch +++ /dev/null @@ -1,53 +0,0 @@ -From e61fa9feb66c85686a1dd5d54517978ae1032768 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 3 Feb 2015 19:07:40 +0100 -Subject: [PATCH] core: open up DefaultDependencies= property for transient - units - ---- - src/core/dbus-unit.c | 14 ++++++++++++++ - src/libsystemd/sd-bus/bus-util.c | 3 +-- - 2 files changed, 15 insertions(+), 2 deletions(-) - -diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c -index b968009..6a0fec2 100644 ---- a/src/core/dbus-unit.c -+++ b/src/core/dbus-unit.c -@@ -862,6 +862,20 @@ static int bus_unit_set_transient_property( - - return 1; - -+ } else if (streq(name, "DefaultDependencies")) { -+ int b; -+ -+ r = sd_bus_message_read(message, "b", &b); -+ if (r < 0) -+ return r; -+ -+ if (mode != UNIT_CHECK) { -+ u->default_dependencies = b; -+ unit_write_drop_in_format(u, mode, name, "[Unit]\nDefaultDependencies=%s\n", yes_no(b)); -+ } -+ -+ return 1; -+ - } else if (streq(name, "Slice") && unit_get_cgroup_context(u)) { - const char *s; - -diff --git a/src/libsystemd/sd-bus/bus-util.c b/src/libsystemd/sd-bus/bus-util.c -index 0f1a89c..022d866 100644 ---- a/src/libsystemd/sd-bus/bus-util.c -+++ b/src/libsystemd/sd-bus/bus-util.c -@@ -1372,8 +1372,7 @@ int bus_append_unit_property_assignment(sd_bus_message *m, const char *assignmen - - if (STR_IN_SET(field, - "CPUAccounting", "MemoryAccounting", "BlockIOAccounting", -- "SendSIGHUP", "SendSIGKILL", -- "WakeSystem")) { -+ "SendSIGHUP", "SendSIGKILL", "WakeSystem", "DefaultDependencies")) { - - r = parse_boolean(eq); - if (r < 0) { --- -2.1.4 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0004-timesyncd-enable-timesyncd-in-virtual-machines.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0004-timesyncd-enable-timesyncd-in-virtual-machines.patch deleted file mode 100644 index f019ac656c..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0004-timesyncd-enable-timesyncd-in-virtual-machines.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 48a6d639f867ba5b96ff22edce6a297cdace9cf9 Mon Sep 17 00:00:00 2001 -From: Kay Sievers -Date: Sun, 15 Mar 2015 19:44:59 +0100 -Subject: [PATCH 4/5] timesyncd: enable timesyncd in virtual machines - -On Fri, Mar 13, 2015 at 8:25 PM, Michael Marineau wrote: -> Currently systemd-timesyncd.service includes -> ConditionVirtualization=no, disabling it in both containers and -> virtual machines. Each VM platform tends to deal with or ignore the -> time problem in their own special ways, KVM/QEMU has the kernel time -> source kvm-clock, Xen has had different schemes over the years, VMware -> expects a userspace daemon sync the clock, and other platforms are -> content to drift with the wind as far as I can tell. -> -> I don't know of a robust way to know if a platform needs a little -> extra help from userspace to keep the clock sane or not but it seems -> generally safer to try than to risk drifting. Does anyone know of a -> reason to leave timesyncd off by default? Otherwise switching to -> ConditionVirtualization=!container should be reasonable. ---- - units/systemd-timesyncd.service.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in -index 39edafc..8219c95 100644 ---- a/units/systemd-timesyncd.service.in -+++ b/units/systemd-timesyncd.service.in -@@ -9,7 +9,7 @@ - Description=Network Time Synchronization - Documentation=man:systemd-timesyncd.service(8) - ConditionCapability=CAP_SYS_TIME --ConditionVirtualization=no -+ConditionVirtualization=!container - DefaultDependencies=no - RequiresMountsFor=/var/lib/systemd/clock - After=systemd-remount-fs.service systemd-tmpfiles-setup.service systemd-sysusers.service --- -2.0.5 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0005-network-add-UseNTP-DHCP-option.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0005-network-add-UseNTP-DHCP-option.patch deleted file mode 100644 index 7c0a616f87..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0005-network-add-UseNTP-DHCP-option.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 5aabe1661ded65cf5231a213cbf161a09b603207 Mon Sep 17 00:00:00 2001 -From: Michael Marineau -Date: Fri, 13 Mar 2015 12:01:29 -0700 -Subject: [PATCH 5/5] network: add UseNTP DHCP option - -Despite having the internal logic in place to enable/disable using NTP -servers provided by DHCP the network config didn't expose the option. ---- - man/systemd.network.xml | 8 ++++++++ - src/network/networkd-network-gperf.gperf | 1 + - 2 files changed, 9 insertions(+) - -diff --git a/man/systemd.network.xml b/man/systemd.network.xml -index 79c7a23..1897657 100644 ---- a/man/systemd.network.xml -+++ b/man/systemd.network.xml -@@ -468,6 +468,14 @@ - - - -+ UseNTP= -+ -+ When true (the default), the NTP servers received -+ from the DHCP server will be used by systemd-timesyncd -+ and take precedence over any statically configured ones. -+ -+ -+ - UseMTU= - - When true, the interface maximum transmission unit from the DHCP server will -diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf -index 640a3a2..8c1f552 100644 ---- a/src/network/networkd-network-gperf.gperf -+++ b/src/network/networkd-network-gperf.gperf -@@ -52,6 +52,7 @@ Route.Destination, config_parse_destination, 0, - Route.Source, config_parse_destination, 0, 0 - Route.Metric, config_parse_route_priority, 0, 0 - DHCP.UseDNS, config_parse_bool, 0, offsetof(Network, dhcp_dns) -+DHCP.UseNTP, config_parse_bool, 0, offsetof(Network, dhcp_ntp) - DHCP.UseMTU, config_parse_bool, 0, offsetof(Network, dhcp_mtu) - DHCP.UseHostname, config_parse_bool, 0, offsetof(Network, dhcp_hostname) - DHCP.UseDomains, config_parse_bool, 0, offsetof(Network, dhcp_domains) --- -2.0.5 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0006-networkd-fix-systemd-networkd-wait-online-with-multi.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0006-networkd-fix-systemd-networkd-wait-online-with-multi.patch deleted file mode 100644 index 751eed7146..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0006-networkd-fix-systemd-networkd-wait-online-with-multi.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 325461e38bd4536342da50e00c8d86f6a348ef5c Mon Sep 17 00:00:00 2001 -From: mischief -Date: Thu, 19 Mar 2015 16:04:43 -0700 -Subject: [PATCH] networkd: fix systemd-networkd-wait-online with multiple NICs - -when checking interface status, systemd-networkd-wait-online -will continue to wait if any interface is still configuring or -being processed by udev. this patch allows it to return if any -one interface is degraded/routable, as per the manual. ---- - src/network/networkd-wait-online-manager.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/network/networkd-wait-online-manager.c b/src/network/networkd-wait-online-manager.c -index 1c997a5..1ac162a 100644 ---- a/src/network/networkd-wait-online-manager.c -+++ b/src/network/networkd-wait-online-manager.c -@@ -74,13 +74,13 @@ bool manager_all_configured(Manager *m) { - if (!l->state) { - log_debug("link %s has not yet been processed by udev", - l->ifname); -- return false; -+ continue; - } - - if (streq(l->state, "configuring")) { - log_debug("link %s is being processed by networkd", - l->ifname); -- return false; -+ continue; - } - - if (l->operational_state && --- -2.0.5 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0007-Treat-a-trailing-backslash-as-an-error.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0007-Treat-a-trailing-backslash-as-an-error.patch deleted file mode 100644 index 06aa14f421..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0007-Treat-a-trailing-backslash-as-an-error.patch +++ /dev/null @@ -1,151 +0,0 @@ -From ba774317ac7d3e67fdb9ed81663264d38859df59 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 18 Dec 2014 17:51:38 -0500 -Subject: [PATCH] Treat a trailing backslash as an error -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Commit a2a5291b3f5 changed the parser to reject unfinished quoted -strings. Unfortunately it introduced an error where a trailing -backslash would case an infinite loop. Of course this must fixed, but -the question is what to to instead. Allowing trailing backslashes and -treating them as normal characters would be one option, but this seems -suboptimal. First, there would be inconsistency between handling of -quoting and of backslashes. Second, a trailing backslash is most -likely an error, at it seems better to point it out to the user than -to try to continue. - -Updated rules: -ExecStart=/bin/echo \\ → OK, prints a backslash -ExecStart=/bin/echo \ → error -ExecStart=/bin/echo "x → error -ExecStart=/bin/echo "x"y → error ---- - src/shared/util.c | 8 +++++++- - src/test/test-strv.c | 4 ++++ - src/test/test-util.c | 49 ++++++++++++++++++++++++++++++------------------- - 3 files changed, 41 insertions(+), 20 deletions(-) - -diff --git a/src/shared/util.c b/src/shared/util.c -index 364f618..91cf670 100644 ---- a/src/shared/util.c -+++ b/src/shared/util.c -@@ -521,7 +521,7 @@ int safe_atod(const char *s, double *ret_d) { - - static size_t strcspn_escaped(const char *s, const char *reject) { - bool escaped = false; -- size_t n; -+ int n; - - for (n=0; s[n]; n++) { - if (escaped) -@@ -531,6 +531,7 @@ static size_t strcspn_escaped(const char *s, const char *reject) { - else if (strchr(reject, s[n])) - break; - } -+ - /* if s ends in \, return index of previous char */ - return n - escaped; - } -@@ -566,6 +567,11 @@ const char* split(const char **state, size_t *l, const char *separator, bool quo - *state = current++ + *l + 2; - } else if (quoted) { - *l = strcspn_escaped(current, separator); -+ if (current[*l] && !strchr(separator, current[*l])) { -+ /* unfinished escape */ -+ *state = current; -+ return NULL; -+ } - *state = current + *l; - } else { - *l = strcspn(current, separator); -diff --git a/src/test/test-strv.c b/src/test/test-strv.c -index 0b78086..f343eab 100644 ---- a/src/test/test-strv.c -+++ b/src/test/test-strv.c -@@ -520,6 +520,10 @@ int main(int argc, char *argv[]) { - test_strv_unquote(" \"x'\" ", STRV_MAKE("x'")); - test_strv_unquote("a '--b=c \"d e\"'", STRV_MAKE("a", "--b=c \"d e\"")); - -+ /* trailing backslashes */ -+ test_strv_unquote(" x\\\\", STRV_MAKE("x\\")); -+ test_invalid_unquote(" x\\"); -+ - test_invalid_unquote("a --b='c \"d e\"''"); - test_invalid_unquote("a --b='c \"d e\" '\""); - test_invalid_unquote("a --b='c \"d e\"garbage"); -diff --git a/src/test/test-util.c b/src/test/test-util.c -index bbf7512..222af9a 100644 ---- a/src/test/test-util.c -+++ b/src/test/test-util.c -@@ -406,28 +406,12 @@ static void test_foreach_word(void) { - assert_se(strneq(expected[i++], word, l)); - } - --static void test_foreach_word_quoted(void) { -+static void check(const char *test, char** expected, bool trailing) { - const char *word, *state; - size_t l; - int i = 0; -- const char test[] = "test a b c 'd' e '' '' hhh '' '' \"a b c\""; -- const char * const expected[] = { -- "test", -- "a", -- "b", -- "c", -- "d", -- "e", -- "", -- "", -- "hhh", -- "", -- "", -- "a b c", -- NULL -- }; - -- printf("<%s>\n", test); -+ printf("<<<%s>>>\n", test); - FOREACH_WORD_QUOTED(word, l, test, state) { - _cleanup_free_ char *t = NULL; - -@@ -435,7 +419,34 @@ static void test_foreach_word_quoted(void) { - assert_se(strneq(expected[i++], word, l)); - printf("<%s>\n", t); - } -- assert_se(isempty(state)); -+ printf("<<<%s>>>\n", state); -+ assert(expected[i] == NULL); -+ assert_se(isempty(state) == !trailing); -+} -+ -+static void test_foreach_word_quoted(void) { -+ check("test a b c 'd' e '' '' hhh '' '' \"a b c\"", -+ STRV_MAKE("test", -+ "a", -+ "b", -+ "c", -+ "d", -+ "e", -+ "", -+ "", -+ "hhh", -+ "", -+ "", -+ "a b c"), -+ false); -+ -+ check("test \"xxx", -+ STRV_MAKE("test"), -+ true); -+ -+ check("test\\", -+ STRV_MAKE_EMPTY, -+ true); - } - - static void test_default_term_for_tty(void) { --- -2.0.5 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/219-0001-timesyncd-enable-timesyncd-in-virtual-machines.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/219-0001-timesyncd-enable-timesyncd-in-virtual-machines.patch deleted file mode 100644 index ab4c4bc192..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/219-0001-timesyncd-enable-timesyncd-in-virtual-machines.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 4b16233e59b3edd8338819dad275cc94b5e5f6e7 Mon Sep 17 00:00:00 2001 -From: Kay Sievers -Date: Sun, 15 Mar 2015 19:44:59 +0100 -Subject: [PATCH] timesyncd: enable timesyncd in virtual machines - -On Fri, Mar 13, 2015 at 8:25 PM, Michael Marineau wrote: -> Currently systemd-timesyncd.service includes -> ConditionVirtualization=no, disabling it in both containers and -> virtual machines. Each VM platform tends to deal with or ignore the -> time problem in their own special ways, KVM/QEMU has the kernel time -> source kvm-clock, Xen has had different schemes over the years, VMware -> expects a userspace daemon sync the clock, and other platforms are -> content to drift with the wind as far as I can tell. -> -> I don't know of a robust way to know if a platform needs a little -> extra help from userspace to keep the clock sane or not but it seems -> generally safer to try than to risk drifting. Does anyone know of a -> reason to leave timesyncd off by default? Otherwise switching to -> ConditionVirtualization=!container should be reasonable. ---- - units/systemd-timesyncd.service.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in -index 39edafc..8219c95 100644 ---- a/units/systemd-timesyncd.service.in -+++ b/units/systemd-timesyncd.service.in -@@ -9,7 +9,7 @@ - Description=Network Time Synchronization - Documentation=man:systemd-timesyncd.service(8) - ConditionCapability=CAP_SYS_TIME --ConditionVirtualization=no -+ConditionVirtualization=!container - DefaultDependencies=no - RequiresMountsFor=/var/lib/systemd/clock - After=systemd-remount-fs.service systemd-tmpfiles-setup.service systemd-sysusers.service --- -2.0.5 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/219-0002-network-add-UseNTP-DHCP-option.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/219-0002-network-add-UseNTP-DHCP-option.patch deleted file mode 100644 index c3b10aa0bc..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/219-0002-network-add-UseNTP-DHCP-option.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 301f4073fe1c2757e602aef24cee9ccf5f81a3a3 Mon Sep 17 00:00:00 2001 -From: Michael Marineau -Date: Fri, 13 Mar 2015 12:01:29 -0700 -Subject: [PATCH] network: add UseNTP DHCP option - -Despite having the internal logic in place to enable/disable using NTP -servers provided by DHCP the network config didn't expose the option. ---- - man/systemd.network.xml | 8 ++++++++ - src/network/networkd-network-gperf.gperf | 1 + - 2 files changed, 9 insertions(+) - -diff --git a/man/systemd.network.xml b/man/systemd.network.xml -index ed0b2eb..087e9e2 100644 ---- a/man/systemd.network.xml -+++ b/man/systemd.network.xml -@@ -515,6 +515,14 @@ - - - -+ UseNTP= -+ -+ When true (the default), the NTP servers received -+ from the DHCP server will be used by systemd-timesyncd -+ and take precedence over any statically configured ones. -+ -+ -+ - UseMTU= - - When true, the interface maximum transmission unit -diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf -index 93df83a..8abf5bc 100644 ---- a/src/network/networkd-network-gperf.gperf -+++ b/src/network/networkd-network-gperf.gperf -@@ -60,6 +60,7 @@ Route.Metric, config_parse_route_priority, 0, - Route.Scope, config_parse_route_scope, 0, 0 - DHCP.ClientIdentifier, config_parse_dhcp_client_identifier,0, offsetof(Network, dhcp_client_identifier) - DHCP.UseDNS, config_parse_bool, 0, offsetof(Network, dhcp_dns) -+DHCP.UseNTP, config_parse_bool, 0, offsetof(Network, dhcp_ntp) - DHCP.UseMTU, config_parse_bool, 0, offsetof(Network, dhcp_mtu) - DHCP.UseHostname, config_parse_bool, 0, offsetof(Network, dhcp_hostname) - DHCP.UseDomains, config_parse_bool, 0, offsetof(Network, dhcp_domains) --- -2.0.5 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/219-0003-nspawn-map-all-seccomp-filters-to-capabilities.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/219-0003-nspawn-map-all-seccomp-filters-to-capabilities.patch deleted file mode 100644 index 382fca6cdb..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/219-0003-nspawn-map-all-seccomp-filters-to-capabilities.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 9a71b1122c6e49dd9227f82b2f53837c7ea13019 Mon Sep 17 00:00:00 2001 -From: Jay Faulkner -Date: Fri, 20 Feb 2015 21:59:47 +0000 -Subject: nspawn: Map all seccomp filters to capabilities - -This change makes it so all seccomp filters are mapped -to the appropriate capability and are only added if that -capability was not requested when running the container. - -This unbreaks the remaining use cases broken by the -addition of seccomp filters without respecting requested -capabilities. - -Co-Authored-By: Clif Houck - -[zj: - adapt to our coding style, make struct anonymous] - -diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 8ce5fbe..8833704 100644 ---- a/src/nspawn/nspawn.c -+++ b/src/nspawn/nspawn.c -@@ -2567,19 +2567,19 @@ static int setup_ipvlan(pid_t pid) { - static int setup_seccomp(void) { - - #ifdef HAVE_SECCOMP -- static const int blacklist[] = { -- SCMP_SYS(kexec_load), -- SCMP_SYS(open_by_handle_at), -- SCMP_SYS(iopl), -- SCMP_SYS(ioperm), -- SCMP_SYS(swapon), -- SCMP_SYS(swapoff), -- }; -- -- static const int kmod_blacklist[] = { -- SCMP_SYS(init_module), -- SCMP_SYS(finit_module), -- SCMP_SYS(delete_module), -+ static const struct { -+ uint64_t capability; -+ int syscall_num; -+ } blacklist[] = { -+ { CAP_SYS_RAWIO, SCMP_SYS(iopl)}, -+ { CAP_SYS_RAWIO, SCMP_SYS(ioperm)}, -+ { CAP_SYS_BOOT, SCMP_SYS(kexec_load)}, -+ { CAP_SYS_ADMIN, SCMP_SYS(swapon)}, -+ { CAP_SYS_ADMIN, SCMP_SYS(swapoff)}, -+ { CAP_SYS_ADMIN, SCMP_SYS(open_by_handle_at)}, -+ { CAP_SYS_MODULE, SCMP_SYS(init_module)}, -+ { CAP_SYS_MODULE, SCMP_SYS(finit_module)}, -+ { CAP_SYS_MODULE, SCMP_SYS(delete_module)}, - }; - - scmp_filter_ctx seccomp; -@@ -2597,7 +2597,10 @@ static int setup_seccomp(void) { - } - - for (i = 0; i < ELEMENTSOF(blacklist); i++) { -- r = seccomp_rule_add(seccomp, SCMP_ACT_ERRNO(EPERM), blacklist[i], 0); -+ if (arg_retain & (1ULL << blacklist[i].capability)) -+ continue; -+ -+ r = seccomp_rule_add(seccomp, SCMP_ACT_ERRNO(EPERM), blacklist[i].syscall_num, 0); - if (r == -EFAULT) - continue; /* unknown syscall */ - if (r < 0) { -@@ -2606,19 +2609,6 @@ static int setup_seccomp(void) { - } - } - -- /* If the CAP_SYS_MODULE capability is not requested then -- * we'll block the kmod syscalls too */ -- if (!(arg_retain & (1ULL << CAP_SYS_MODULE))) { -- for (i = 0; i < ELEMENTSOF(kmod_blacklist); i++) { -- r = seccomp_rule_add(seccomp, SCMP_ACT_ERRNO(EPERM), kmod_blacklist[i], 0); -- if (r == -EFAULT) -- continue; /* unknown syscall */ -- if (r < 0) { -- log_error_errno(r, "Failed to block syscall: %m"); -- goto finish; -- } -- } -- } - - /* - Audit is broken in containers, much of the userspace audit --- -cgit v0.10.2 - - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-218-r9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-218-r10.ebuild similarity index 90% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-218-r9.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-218-r10.ebuild index 9116c8457a..196a0f4b16 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-218-r9.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-218-r10.ebuild @@ -4,22 +4,22 @@ EAPI=5 -if [[ ${PV} == 9999 ]]; then -AUTOTOOLS_AUTORECONF=yes -EGIT_REPO_URI="git://anongit.freedesktop.org/${PN}/${PN} - http://cgit.freedesktop.org/${PN}/${PN}/" +CROS_WORKON_PROJECT="coreos/systemd" +CROS_WORKON_REPO="git://github.com" -inherit git-r3 - -elif [[ ${PV} == *9999 ]]; then -AUTOTOOLS_AUTORECONF=yes -EGIT_REPO_URI="git://anongit.freedesktop.org/${PN}/${PN}-stable - http://cgit.freedesktop.org/${PN}/${PN}-stable/" -EGIT_BRANCH=v${PV%%.*}-stable - -inherit git-r3 +if [[ "${PV}" == 9999 ]]; then + # Use ~arch instead of empty keywords for compatibility with cros-workon + KEYWORDS="~amd64 ~arm ~x86" +else + CROS_WORKON_COMMIT="85fa71efc8554c20f7886fbf9ec40e47dc4fcb57" + KEYWORDS="amd64 ~arm ~x86" fi +# cros-workon must be imported first, in cases where cros-workon and +# another eclass exports the same function (say src_compile) we want +# the later eclass's version to win. Only need src_unpack from workon. +inherit cros-workon + AUTOTOOLS_AUTORECONF=yes AUTOTOOLS_PRUNE_LIBTOOL_FILES=all PYTHON_COMPAT=( python{2_7,3_2,3_3,3_4} ) @@ -33,7 +33,6 @@ SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz" LICENSE="GPL-2 LGPL-2.1 MIT public-domain" SLOT="0/2" -KEYWORDS="~alpha amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86" IUSE="acl apparmor audit cryptsetup curl doc elfutils gcrypt gudev http idn introspection kdbus +kmod lz4 lzma pam policykit python qrcode +seccomp selinux ssl sysv-utils terminal test vanilla xkb" @@ -105,22 +104,15 @@ DEPEND="${COMMON_DEPEND} python? ( dev-python/lxml[${PYTHON_USEDEP}] ) test? ( >=sys-apps/dbus-1.6.8-r1:0 )" -# Only required if patches touch man page source xml, which is usually. +# Not required when building from unpatched tarballs, but we build from git. DEPEND="${DEPEND} app-text/docbook-xml-dtd:4.2 app-text/docbook-xml-dtd:4.5 app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0" - -if [[ ${PV} == *9999 ]]; then -DEPEND="${DEPEND} + dev-libs/libxslt:0 dev-libs/gobject-introspection >=dev-libs/libgcrypt-1.4.5:0" -SRC_URI= -KEYWORDS= -fi - pkg_pretend() { local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS ~DEVTMPFS ~DMIID ~EPOLL ~FANOTIFY ~FHANDLE ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS @@ -163,43 +155,15 @@ pkg_setup() { } src_prepare() { -if [[ ${PV} == *9999 ]]; then if use doc; then gtkdocize --docdir docs/ || die else echo 'EXTRA_DIST =' > docs/gtk-doc.make fi -fi + # Bug 463376 sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die - # missing in tarball - cp "${FILESDIR}"/217-systemd-consoled.service.in \ - units/user/systemd-consoled.service.in || die - - # https://github.com/coreos/bugs/issues/220 - epatch "${FILESDIR}"/218-0001-networkd-accept-a-trailing-.-on-the-end-of-domains.patch - - # https://github.com/coreos/bugs/issues/260 - epatch "${FILESDIR}"/218-0002-allow-module-loading.patch - - # https://github.com/coreos/bugs/issues/186 - epatch "${FILESDIR}"/218-0003-core-open-up-DefaultDependencies-property-for-transi.patch - - # Allow timesyncd in VMs, make DHCP provided NTP servers optional - epatch "${FILESDIR}"/218-0004-timesyncd-enable-timesyncd-in-virtual-machines.patch - epatch "${FILESDIR}"/218-0005-network-add-UseNTP-DHCP-option.patch - - # Fix for coreos/bugs #293 - epatch "${FILESDIR}"/219-0003-nspawn-map-all-seccomp-filters-to-capabilities.patch - - # https://github.com/coreos/bugs/issues/279 - epatch "${FILESDIR}"/218-0006-networkd-fix-systemd-networkd-wait-online-with-multi.patch - - # stops systemd from hanging when there's trailing space after a line - # contiuation - epatch "${FILESDIR}"/218-0007-Treat-a-trailing-backslash-as-an-error.patch - autotools-utils_src_prepare } diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-219-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-219-r3.ebuild deleted file mode 100644 index 1f2be830fb..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-219-r3.ebuild +++ /dev/null @@ -1,580 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/systemd-9999.ebuild,v 1.160 2015/02/20 16:13:22 floppym Exp $ - -EAPI=5 - -if [[ ${PV} == 9999 ]]; then -AUTOTOOLS_AUTORECONF=yes -EGIT_REPO_URI="git://anongit.freedesktop.org/${PN}/${PN} - http://cgit.freedesktop.org/${PN}/${PN}/" - -inherit git-r3 - -elif [[ ${PV} == *9999 ]]; then -AUTOTOOLS_AUTORECONF=yes -EGIT_REPO_URI="git://anongit.freedesktop.org/${PN}/${PN}-stable - http://cgit.freedesktop.org/${PN}/${PN}-stable/" -EGIT_BRANCH=v${PV%%.*}-stable - -inherit git-r3 -fi - -AUTOTOOLS_AUTORECONF=yes -AUTOTOOLS_PRUNE_LIBTOOL_FILES=all -PYTHON_COMPAT=( python{2_7,3_2,3_3,3_4} ) -inherit autotools-utils bash-completion-r1 linux-info multilib \ - multilib-minimal pam python-single-r1 systemd toolchain-funcs udev \ - user - -DESCRIPTION="System and service manager for Linux" -HOMEPAGE="http://www.freedesktop.org/wiki/Software/systemd" -SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz" - -LICENSE="GPL-2 LGPL-2.1 MIT public-domain" -SLOT="0/2" -KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86" -IUSE="acl apparmor audit cryptsetup curl doc elfutils gcrypt gudev http - idn importd introspection kdbus +kmod +lz4 lzma nat pam policykit python - qrcode +seccomp selinux ssl sysv-utils terminal test vanilla xkb" - -# Gentoo removed the nls use flag, we'll keep it for now -IUSE+=" nls symlink-usr" - -REQUIRED_USE="importd? ( curl gcrypt lzma )" - -MINKV="3.8" - -COMMON_DEPEND=">=sys-apps/util-linux-2.25:0= - sys-libs/libcap:0= - acl? ( sys-apps/acl:0= ) - apparmor? ( sys-libs/libapparmor:0= ) - audit? ( >=sys-process/audit-2:0= ) - cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= ) - curl? ( net-misc/curl:0= ) - elfutils? ( >=dev-libs/elfutils-0.158:0= ) - gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) - gudev? ( >=dev-libs/glib-2.34.3:2=[${MULTILIB_USEDEP}] ) - http? ( - >=net-libs/libmicrohttpd-0.9.33:0= - ssl? ( >=net-libs/gnutls-3.1.4:0= ) - ) - idn? ( net-dns/libidn:0= ) - importd? ( - app-arch/bzip2:0= - sys-libs/zlib:0= - ) - introspection? ( >=dev-libs/gobject-introspection-1.31.1:0= ) - kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-0_p119:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - nat? ( net-firewall/iptables:0= ) - pam? ( virtual/pam:= ) - python? ( ${PYTHON_DEPS} ) - qrcode? ( media-gfx/qrencode:0= ) - seccomp? ( sys-libs/libseccomp:0= ) - selinux? ( sys-libs/libselinux:0= ) - sysv-utils? ( - !sys-apps/systemd-sysv-utils - !sys-apps/sysvinit ) - terminal? ( >=dev-libs/libevdev-1.2:0= - >=x11-libs/libxkbcommon-0.5:0= - >=x11-libs/libdrm-2.4:0= ) - xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) - abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )" - -# baselayout-2.2 has /run -RDEPEND="${COMMON_DEPEND} - >=sys-apps/baselayout-2.2 - !sys-auth/nss-myhostname - !=sys-apps/dbus-1.8.8 if/when this is dropped. - local pcfiles=( src/compat-libs/libsystemd-{daemon,id128,journal,login}.pc ) - emake "${mymakeopts[@]}" install-pkgconfiglibDATA \ - pkgconfiglib_DATA="${pcfiles[*]}" -} - -multilib_src_install_all() { - prune_libtool_files --modules - einstalldocs - - if use sysv-utils; then - local prefix - use symlink-usr && prefix=/usr - for app in halt poweroff reboot runlevel shutdown telinit; do - dosym "/${ROOTPREFIX-/usr}/bin/systemctl" ${prefix}/sbin/${app} - done - dosym "/${ROOTPREFIX-/usr}/lib/systemd/systemd" ${prefix}/sbin/init - else - # we just keep sysvinit tools, so no need for the mans - rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \ - || die - rm "${D}"/usr/share/man/man1/init.1 || die - fi - - # Ensure journal directory has correct ownership/mode in inital image. - # This is fixed by systemd-tmpfiles *but* journald starts before that - # and will create the journal if the filesystem is already read-write. - # Conveniently the systemd Makefile sets this up completely wrong. - dodir /var/log/journal - fowners root:systemd-journal /var/log/journal - fperms 2755 /var/log/journal - - systemd_dotmpfilesd "${FILESDIR}"/systemd-coreos.conf - systemd_dotmpfilesd "${FILESDIR}"/systemd-resolv.conf - - # Don't default to graphical.target - rm "${D}"/usr/lib/systemd/system/default.target || die - dosym multi-user.target /usr/lib/systemd/system/default.target - - # If we install these symlinks, there is no way for the sysadmin to remove them - # permanently. - rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die - rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die - rm -r "${D}"/etc/systemd/system/network-online.target.wants || die - rm -r "${D}"/etc/systemd/system/sysinit.target.wants || die - - # Move a few services enabled in /etc to /usr - # systemd-timesyncd is left disabled, we currently use ntpd - rm -f "${D}"/etc/systemd/system/getty.target.wants/getty@tty1.service - rm -f "${D}"/etc/systemd/system/multi-user.target.wants/remote-fs.target - - rm -f "${D}"/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service - rmdir "${D}"/etc/systemd/system/getty.target.wants \ - "${D}"/etc/systemd/system/multi-user.target.wants \ - || die - - dosym ../getty@.service /usr/lib/systemd/system/getty.target.wants/getty@tty1.service - systemd_enable_service multi-user.target remote-fs.target - systemd_enable_service multi-user.target systemd-networkd.service - systemd_enable_service multi-user.target systemd-resolved.service - systemd_enable_service network-online.target systemd-networkd-wait-online.service - - # Grant networkd access to set the transient host name - insinto /usr/share/polkit-1/rules.d - doins "${FILESDIR}"/99-org.freedesktop.hostname1.rules - - # Do not enable random services if /etc was detected as empty!!! - rm "${D}"/usr/lib/systemd/system-preset/90-systemd.preset - insinto /usr/lib/systemd/system-preset - doins "${FILESDIR}"/99-default.preset - - # Disable the "First Boot Wizard" by default, it isn't very applicable to CoreOS - rm "${D}"/usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service - - # Do not ship distro-specific files (nsswitch.conf pam.d) - rm -rf "${D}"/usr/share/factory - sed -i "${D}"/usr/lib/tmpfiles.d/etc.conf \ - -e '/^C \/etc\/nsswitch\.conf/d' \ - -e '/^C \/etc\/pam\.d/d' -} - -migrate_locale() { - local envd_locale_def="${EROOT%/}/etc/env.d/02locale" - local envd_locale=( "${EROOT%/}"/etc/env.d/??locale ) - local locale_conf="${EROOT%/}/etc/locale.conf" - - if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then - # If locale.conf does not exist... - if [[ -e ${envd_locale} ]]; then - # ...either copy env.d/??locale if there's one - ebegin "Moving ${envd_locale} to ${locale_conf}" - mv "${envd_locale}" "${locale_conf}" - eend ${?} || FAIL=1 - else - # ...or create a dummy default - ebegin "Creating ${locale_conf}" - cat > "${locale_conf}" <<-EOF - # This file has been created by the sys-apps/systemd ebuild. - # See locale.conf(5) and localectl(1). - - # LANG=${LANG} - EOF - eend ${?} || FAIL=1 - fi - fi - - if [[ ! -L ${envd_locale} ]]; then - # now, if env.d/??locale is not a symlink (to locale.conf)... - if [[ -e ${envd_locale} ]]; then - # ...warn the user that he has duplicate locale settings - ewarn - ewarn "To ensure consistent behavior, you should replace ${envd_locale}" - ewarn "with a symlink to ${locale_conf}. Please migrate your settings" - ewarn "and create the symlink with the following command:" - ewarn "ln -s -n -f ../locale.conf ${envd_locale}" - ewarn - else - # ...or just create the symlink if there's nothing here - ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" - ln -n -s ../locale.conf "${envd_locale_def}" - eend ${?} || FAIL=1 - fi - fi -} - -migrate_net_name_slot() { - # If user has disabled 80-net-name-slot.rules using a empty file or a symlink to /dev/null, - # do the same for 80-net-setup-link.rules to keep the old behavior - local net_move=no - local net_name_slot_sym=no - local net_rules_path="${EROOT%/}"/etc/udev/rules.d - local net_name_slot="${net_rules_path}"/80-net-name-slot.rules - local net_setup_link="${net_rules_path}"/80-net-setup-link.rules - if [[ -e ${net_setup_link} ]]; then - net_move=no - elif [[ -f ${net_name_slot} && $(sed -e "/^#/d" -e "/^\W*$/d" ${net_name_slot} | wc -l) == 0 ]]; then - net_move=yes - elif [[ -L ${net_name_slot} && $(readlink ${net_name_slot}) == /dev/null ]]; then - net_move=yes - net_name_slot_sym=yes - fi - if [[ ${net_move} == yes ]]; then - ebegin "Copying ${net_name_slot} to ${net_setup_link}" - - if [[ ${net_name_slot_sym} == yes ]]; then - ln -nfs /dev/null "${net_setup_link}" - else - cp "${net_name_slot}" "${net_setup_link}" - fi - eend $? || FAIL=1 - fi -} - -pkg_postinst() { - newusergroup() { - enewgroup "$1" - enewuser "$1" -1 -1 -1 "$1" - } - - enewgroup input - enewgroup systemd-journal - newusergroup systemd-bus-proxy - newusergroup systemd-journal-gateway - newusergroup systemd-journal-remote - newusergroup systemd-journal-upload - newusergroup systemd-network - newusergroup systemd-resolve - newusergroup systemd-timesync - use http && newusergroup systemd-journal-gateway - - systemd_update_catalog - - # Keep this here in case the database format changes so it gets updated - # when required. Despite that this file is owned by sys-apps/hwids. - if has_version "sys-apps/hwids[udev]"; then - udevadm hwdb --update --root="${ROOT%/}" - fi - - udev_reload || FAIL=1 - - # Bug 465468, make sure locales are respect, and ensure consistency - # between OpenRC & systemd - migrate_locale - - # Migrate 80-net-name-slot.rules -> 80-net-setup-link.rules - migrate_net_name_slot - - if [[ ${FAIL} ]]; then - eerror "One of the postinst commands failed. Please check the postinst output" - eerror "for errors. You may need to clean up your system and/or try installing" - eerror "systemd again." - eerror - fi - - if [[ ! -L "${ROOT}"/etc/mtab ]]; then - ewarn "Upstream mandates the /etc/mtab file should be a symlink to /proc/mounts." - ewarn "Not having it is not supported by upstream and will cause tools like 'df'" - ewarn "and 'mount' to not work properly. Please run:" - ewarn " # ln -sf '${ROOT}proc/self/mounts' '${ROOT}etc/mtab'" - ewarn - fi - - if [[ $(readlink "${ROOT}"/etc/resolv.conf) == */run/systemd/network/resolv.conf ]]; then - ewarn "resolv.conf is now generated by systemd-resolved. To use it, enable" - ewarn "systemd-resolved.service, and create a symlink from /etc/resolv.conf" - ewarn "to /run/systemd/resolve/resolv.conf" - ewarn - fi - - if ! has_version sys-apps/systemd-ui; then - elog "To get additional features, a number of optional runtime dependencies may" - elog "be installed:" - elog "- sys-apps/systemd-ui: for GTK+ systemadm UI and gnome-ask-password-agent" - fi - - if has_version sys-apps/openrc && - ! has_version sys-fs/udev-init-scripts; then - elog "If you plan to boot using OpenRC and udev or eudev, you" - elog "need to install the udev-init-scripts package." - fi -} - -pkg_prerm() { - # If removing systemd completely, remove the catalog database. - if [[ ! ${REPLACED_BY_VERSION} ]]; then - rm -f -v "${EROOT}"/var/lib/systemd/catalog/database - fi -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-219-r4.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-219-r4.ebuild new file mode 120000 index 0000000000..8da16946bc --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-219-r4.ebuild @@ -0,0 +1 @@ +systemd-9999.ebuild \ No newline at end of file diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild index 1bd4640eb7..30046f6c3d 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild @@ -4,22 +4,22 @@ EAPI=5 -if [[ ${PV} == 9999 ]]; then -AUTOTOOLS_AUTORECONF=yes -EGIT_REPO_URI="git://anongit.freedesktop.org/${PN}/${PN} - http://cgit.freedesktop.org/${PN}/${PN}/" +CROS_WORKON_PROJECT="coreos/systemd" +CROS_WORKON_REPO="git://github.com" -inherit git-r3 - -elif [[ ${PV} == *9999 ]]; then -AUTOTOOLS_AUTORECONF=yes -EGIT_REPO_URI="git://anongit.freedesktop.org/${PN}/${PN}-stable - http://cgit.freedesktop.org/${PN}/${PN}-stable/" -EGIT_BRANCH=v${PV%%.*}-stable - -inherit git-r3 +if [[ "${PV}" == 9999 ]]; then + # Use ~arch instead of empty keywords for compatibility with cros-workon + KEYWORDS="~amd64 ~arm ~x86" +else + CROS_WORKON_COMMIT="26f5c5989fa5e4024a3a717c42977b898c621d07" + KEYWORDS="~amd64 ~arm ~x86" fi +# cros-workon must be imported first, in cases where cros-workon and +# another eclass exports the same function (say src_compile) we want +# the later eclass's version to win. Only need src_unpack from workon. +inherit cros-workon + AUTOTOOLS_AUTORECONF=yes AUTOTOOLS_PRUNE_LIBTOOL_FILES=all PYTHON_COMPAT=( python{2_7,3_2,3_3,3_4} ) @@ -33,7 +33,6 @@ SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz" LICENSE="GPL-2 LGPL-2.1 MIT public-domain" SLOT="0/2" -KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86" IUSE="acl apparmor audit cryptsetup curl doc elfutils gcrypt gudev http idn importd introspection kdbus +kmod +lz4 lzma nat pam policykit python qrcode +seccomp selinux ssl sysv-utils terminal test vanilla xkb" @@ -114,22 +113,15 @@ DEPEND="${COMMON_DEPEND} terminal? ( media-fonts/unifont[utils(+)] ) test? ( >=sys-apps/dbus-1.6.8-r1:0 )" -# Only required if patches touch man page source xml, which is usually. +# Not required when building from unpatched tarballs, but we build from git. DEPEND="${DEPEND} app-text/docbook-xml-dtd:4.2 app-text/docbook-xml-dtd:4.5 app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0" - -if [[ ${PV} == *9999 ]]; then -DEPEND="${DEPEND} + dev-libs/libxslt:0 dev-libs/gobject-introspection >=dev-libs/libgcrypt-1.4.5:0" -SRC_URI= -KEYWORDS= -fi - pkg_pretend() { local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS ~DEVPTS_MULTIPLE_INSTANCES ~DEVTMPFS ~DMIID ~EPOLL ~FANOTIFY ~FHANDLE @@ -173,13 +165,12 @@ pkg_setup() { } src_prepare() { -if [[ ${PV} == *9999 ]]; then if use doc; then gtkdocize --docdir docs/ || die else echo 'EXTRA_DIST =' > docs/gtk-doc.make fi -fi + # Bug 463376 sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die