mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-21 06:21:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

systemd: build from git instead of release tarballs

Browse Source
This commit is contained in:
Michael Marineau 2015-03-24 17:13:40 -07:00
parent 19593301d8
commit ba9ca13102
16 changed files with 46 additions and 1348 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/README vendored Normal file
View File

@ -0,0 +1,13 @@
= CoreOS systemd packages
The systemd git repo lives in src/third_party/systemd and is normally
checked out to the 'master' branch by repo and the live ebuild,
systemd-9999, will build the master branch. Release ebuilds must
specify a specific git commit to build which may be the upstream tagged
commit (e.g. v218) or a commit on one of the CoreOS release branches
(e.g. v218-coreos). If you want to use cros-workon and the live ebuild
to test new changes to a release branch it is up to you to check out
that branch in src/third_party/systemd and be warned: a repo sync will
always switch back to master. I don't have a particularly good
recommendation for dealing with this, repo thinks it should be
authoritative when in fact it is the ebuilds that are authoritative.

15
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/217-systemd-consoled.service.in vendored
View File

@ -1,15 +0,0 @@
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
[Unit]
Description=Console Manager and Terminal Emulator
[Service]
Type=notify
Restart=always
RestartSec=0
ExecStart=@rootlibexecdir@/systemd-consoled

118
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0001-networkd-accept-a-trailing-.-on-the-end-of-domains.patch vendored
View File

@ -1,118 +0,0 @@
From 846415f22adc23ceba5831301433d3587a871697 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Thu, 15 Jan 2015 13:02:48 -0800
Subject: [PATCH] networkd: accept a trailing '.' on the end of domains
While not common outside of BIND configs the implied top level '.' in
domains is commonly accepted and crops up in random places. Starting
with commit 784d9b9c networkd began validating domains as hostnames
which rejects trailing dots, breaking short name resolution in some
environments such as Google Compute Engine. This change splits the
validation code into two functions to be more tolerant for domains.
---
src/libsystemd-network/sd-dhcp-lease.c | 2 +-
src/network/networkd-network.c | 2 +-
src/shared/util.c | 13 ++++++++++---
src/shared/util.h | 1 +
src/test/test-util.c | 14 ++++++++++++++
5 files changed, 27 insertions(+), 5 deletions(-)
diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c
index 22a4af6..8144061 100644
--- a/src/libsystemd-network/sd-dhcp-lease.c
+++ b/src/libsystemd-network/sd-dhcp-lease.c
@@ -502,7 +502,7 @@ int dhcp_lease_parse_options(uint8_t code, uint8_t len, const uint8_t *option,
if (r < 0)
return r;
- if (!hostname_is_valid(domainname) || is_localhost(domainname))
+ if (!domainname_is_valid(domainname) || is_localhost(domainname))
break;
free(lease->domainname);
diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index ef9e0a8..c13c731 100644
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -392,7 +392,7 @@ int config_parse_domains(const char *unit,
STRV_FOREACH(domain, *domains) {
if (is_localhost(*domain))
log_syntax(unit, LOG_ERR, filename, line, EINVAL, "'localhost' domain names may not be configured, ignoring assignment: %s", *domain);
- else if (!hostname_is_valid(*domain)) {
+ else if (!domainname_is_valid(*domain)) {
if (!streq(*domain, "*"))
log_syntax(unit, LOG_ERR, filename, line, EINVAL, "domain name is not valid, ignoring assignment: %s", *domain);
} else
diff --git a/src/shared/util.c b/src/shared/util.c
index 26a4f72..736a3dd 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -4170,7 +4170,7 @@ static bool hostname_valid_char(char c) {
c == '.';
}
-bool hostname_is_valid(const char *s) {
+bool domainname_is_valid(const char *s) {
const char *p;
bool dot;
@@ -4191,10 +4191,17 @@ bool hostname_is_valid(const char *s) {
}
}
- if (dot)
+ if (p-s > HOST_NAME_MAX)
return false;
- if (p-s > HOST_NAME_MAX)
+ return true;
+}
+
+bool hostname_is_valid(const char *s) {
+ if (!domainname_is_valid(s))
+ return false;
+
+ if (s[strlen(s)-1] == '.')
return false;
return true;
diff --git a/src/shared/util.h b/src/shared/util.h
index 73bd901..87cdac5 100644
--- a/src/shared/util.h
+++ b/src/shared/util.h
@@ -542,6 +542,7 @@ bool nulstr_contains(const char*nulstr, const char *needle);
bool plymouth_running(void);
bool hostname_is_valid(const char *s) _pure_;
+bool domainname_is_valid(const char *s) _pure_;
char* hostname_cleanup(char *s, bool lowercase);
bool machine_name_is_valid(const char *s) _pure_;
diff --git a/src/test/test-util.c b/src/test/test-util.c
index fe54586..b334d38 100644
--- a/src/test/test-util.c
+++ b/src/test/test-util.c
@@ -479,6 +479,20 @@ static void test_hostname_is_valid(void) {
assert_se(!hostname_is_valid("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"));
}
+static void test_domainname_is_valid(void) {
+ assert_se(domainname_is_valid("foobar"));
+ assert_se(domainname_is_valid("foobar."));
+ assert_se(domainname_is_valid("foobar.com"));
+ assert_se(domainname_is_valid("foobar.com."));
+ assert_se(!domainname_is_valid("fööbar"));
+ assert_se(!domainname_is_valid(""));
+ assert_se(!domainname_is_valid("."));
+ assert_se(!domainname_is_valid(".."));
+ assert_se(!domainname_is_valid(".foobar"));
+ assert_se(!domainname_is_valid("foo..bar"));
+ assert_se(!domainname_is_valid("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"));
+}
+
static void test_u64log2(void) {
assert_se(u64log2(0) == 0);
assert_se(u64log2(8) == 3);
--
2.0.5

58
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0002-allow-module-loading.patch vendored
View File

@ -1,58 +0,0 @@
From d0a0ccf3fecdb422d3fb7ab89646fe9042f11acd Mon Sep 17 00:00:00 2001
From: Jay Faulkner <jay@jvf.cc>
Date: Tue, 3 Feb 2015 17:45:50 -0800
Subject: nspawn: Allow module loading if CAP_SYS_MODULE is requested
nspawn containers currently block module loading in all cases, with
no option to disable it. This allows an admin, specifically setting
capability=CAP_SYS_MODULE or capability=all to load modules.
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 1e6e7bf..fb67251 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -2485,15 +2485,18 @@ static int setup_seccomp(void) {
static const int blacklist[] = {
SCMP_SYS(kexec_load),
SCMP_SYS(open_by_handle_at),
- SCMP_SYS(init_module),
- SCMP_SYS(finit_module),
- SCMP_SYS(delete_module),
SCMP_SYS(iopl),
SCMP_SYS(ioperm),
SCMP_SYS(swapon),
SCMP_SYS(swapoff),
};
+ static const int kmod_blacklist[] = {
+ SCMP_SYS(init_module),
+ SCMP_SYS(finit_module),
+ SCMP_SYS(delete_module),
+ };
+
scmp_filter_ctx seccomp;
unsigned i;
int r;
@@ -2518,6 +2521,20 @@ static int setup_seccomp(void) {
}
}
+ /* If the CAP_SYS_MODULE capability is not requested then
+ * we'll block the kmod syscalls too */
+ if (!(arg_retain & (1ULL << CAP_SYS_MODULE))) {
+ for (i = 0; i < ELEMENTSOF(kmod_blacklist); i++) {
+ r = seccomp_rule_add(seccomp, SCMP_ACT_ERRNO(EPERM), kmod_blacklist[i], 0);
+ if (r == -EFAULT)
+ continue; /* unknown syscall */
+ if (r < 0) {
+ log_error_errno(r, "Failed to block syscall: %m");
+ goto finish;
+ }
+ }
+ }
+
/*
Audit is broken in containers, much of the userspace audit
hookup will fail if running inside a container. We don't
--
cgit v0.10.2

53
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0003-core-open-up-DefaultDependencies-property-for-transi.patch vendored
View File

@ -1,53 +0,0 @@
From e61fa9feb66c85686a1dd5d54517978ae1032768 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 3 Feb 2015 19:07:40 +0100
Subject: [PATCH] core: open up DefaultDependencies= property for transient
units
---
src/core/dbus-unit.c | 14 ++++++++++++++
src/libsystemd/sd-bus/bus-util.c | 3 +--
2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index b968009..6a0fec2 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -862,6 +862,20 @@ static int bus_unit_set_transient_property(
return 1;
+ } else if (streq(name, "DefaultDependencies")) {
+ int b;
+
+ r = sd_bus_message_read(message, "b", &b);
+ if (r < 0)
+ return r;
+
+ if (mode != UNIT_CHECK) {
+ u->default_dependencies = b;
+ unit_write_drop_in_format(u, mode, name, "[Unit]\nDefaultDependencies=%s\n", yes_no(b));
+ }
+
+ return 1;
+
} else if (streq(name, "Slice") && unit_get_cgroup_context(u)) {
const char *s;
diff --git a/src/libsystemd/sd-bus/bus-util.c b/src/libsystemd/sd-bus/bus-util.c
index 0f1a89c..022d866 100644
--- a/src/libsystemd/sd-bus/bus-util.c
+++ b/src/libsystemd/sd-bus/bus-util.c
@@ -1372,8 +1372,7 @@ int bus_append_unit_property_assignment(sd_bus_message *m, const char *assignmen
if (STR_IN_SET(field,
"CPUAccounting", "MemoryAccounting", "BlockIOAccounting",
- "SendSIGHUP", "SendSIGKILL",
- "WakeSystem")) {
+ "SendSIGHUP", "SendSIGKILL", "WakeSystem", "DefaultDependencies")) {
r = parse_boolean(eq);
if (r < 0) {
--
2.1.4

39
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0004-timesyncd-enable-timesyncd-in-virtual-machines.patch vendored
View File

@ -1,39 +0,0 @@
From 48a6d639f867ba5b96ff22edce6a297cdace9cf9 Mon Sep 17 00:00:00 2001
From: Kay Sievers <kay@vrfy.org>
Date: Sun, 15 Mar 2015 19:44:59 +0100
Subject: [PATCH 4/5] timesyncd: enable timesyncd in virtual machines
On Fri, Mar 13, 2015 at 8:25 PM, Michael Marineau <michael.marineau@coreos.com> wrote:
> Currently systemd-timesyncd.service includes
> ConditionVirtualization=no, disabling it in both containers and
> virtual machines. Each VM platform tends to deal with or ignore the
> time problem in their own special ways, KVM/QEMU has the kernel time
> source kvm-clock, Xen has had different schemes over the years, VMware
> expects a userspace daemon sync the clock, and other platforms are
> content to drift with the wind as far as I can tell.
>
> I don't know of a robust way to know if a platform needs a little
> extra help from userspace to keep the clock sane or not but it seems
> generally safer to try than to risk drifting. Does anyone know of a
> reason to leave timesyncd off by default? Otherwise switching to
> ConditionVirtualization=!container should be reasonable.
---
units/systemd-timesyncd.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
index 39edafc..8219c95 100644
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -9,7 +9,7 @@
Description=Network Time Synchronization
Documentation=man:systemd-timesyncd.service(8)
ConditionCapability=CAP_SYS_TIME
-ConditionVirtualization=no
+ConditionVirtualization=!container
DefaultDependencies=no
RequiresMountsFor=/var/lib/systemd/clock
After=systemd-remount-fs.service systemd-tmpfiles-setup.service systemd-sysusers.service
--
2.0.5

46
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0005-network-add-UseNTP-DHCP-option.patch vendored
View File

@ -1,46 +0,0 @@
From 5aabe1661ded65cf5231a213cbf161a09b603207 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Fri, 13 Mar 2015 12:01:29 -0700
Subject: [PATCH 5/5] network: add UseNTP DHCP option
Despite having the internal logic in place to enable/disable using NTP
servers provided by DHCP the network config didn't expose the option.
---
man/systemd.network.xml | 8 ++++++++
src/network/networkd-network-gperf.gperf | 1 +
2 files changed, 9 insertions(+)
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index 79c7a23..1897657 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -468,6 +468,14 @@
</listitem>
</varlistentry>
<varlistentry>
+ <term><varname>UseNTP=</varname></term>
+ <listitem>
+ <para>When true (the default), the NTP servers received
+ from the DHCP server will be used by systemd-timesyncd
+ and take precedence over any statically configured ones.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term><varname>UseMTU=</varname></term>
<listitem>
<para>When true, the interface maximum transmission unit from the DHCP server will
diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf
index 640a3a2..8c1f552 100644
--- a/src/network/networkd-network-gperf.gperf
+++ b/src/network/networkd-network-gperf.gperf
@@ -52,6 +52,7 @@ Route.Destination, config_parse_destination, 0,
Route.Source, config_parse_destination, 0, 0
Route.Metric, config_parse_route_priority, 0, 0
DHCP.UseDNS, config_parse_bool, 0, offsetof(Network, dhcp_dns)
+DHCP.UseNTP, config_parse_bool, 0, offsetof(Network, dhcp_ntp)
DHCP.UseMTU, config_parse_bool, 0, offsetof(Network, dhcp_mtu)
DHCP.UseHostname, config_parse_bool, 0, offsetof(Network, dhcp_hostname)
DHCP.UseDomains, config_parse_bool, 0, offsetof(Network, dhcp_domains)
--
2.0.5

36
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0006-networkd-fix-systemd-networkd-wait-online-with-multi.patch vendored
View File

@ -1,36 +0,0 @@
From 325461e38bd4536342da50e00c8d86f6a348ef5c Mon Sep 17 00:00:00 2001
From: mischief <mischief@offblast.org>
Date: Thu, 19 Mar 2015 16:04:43 -0700
Subject: [PATCH] networkd: fix systemd-networkd-wait-online with multiple NICs
when checking interface status, systemd-networkd-wait-online
will continue to wait if any interface is still configuring or
being processed by udev. this patch allows it to return if any
one interface is degraded/routable, as per the manual.
---
src/network/networkd-wait-online-manager.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/network/networkd-wait-online-manager.c b/src/network/networkd-wait-online-manager.c
index 1c997a5..1ac162a 100644
--- a/src/network/networkd-wait-online-manager.c
+++ b/src/network/networkd-wait-online-manager.c
@@ -74,13 +74,13 @@ bool manager_all_configured(Manager *m) {
if (!l->state) {
log_debug("link %s has not yet been processed by udev",
l->ifname);
- return false;
+ continue;
}
if (streq(l->state, "configuring")) {
log_debug("link %s is being processed by networkd",
l->ifname);
- return false;
+ continue;
}
if (l->operational_state &&
--
2.0.5

151
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/218-0007-Treat-a-trailing-backslash-as-an-error.patch vendored
View File

@ -1,151 +0,0 @@
From ba774317ac7d3e67fdb9ed81663264d38859df59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 18 Dec 2014 17:51:38 -0500
Subject: [PATCH] Treat a trailing backslash as an error
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Commit a2a5291b3f5 changed the parser to reject unfinished quoted
strings. Unfortunately it introduced an error where a trailing
backslash would case an infinite loop. Of course this must fixed, but
the question is what to to instead. Allowing trailing backslashes and
treating them as normal characters would be one option, but this seems
suboptimal. First, there would be inconsistency between handling of
quoting and of backslashes. Second, a trailing backslash is most
likely an error, at it seems better to point it out to the user than
to try to continue.
Updated rules:
ExecStart=/bin/echo \\ → OK, prints a backslash
ExecStart=/bin/echo \ → error
ExecStart=/bin/echo "x → error
ExecStart=/bin/echo "x"y → error
---
src/shared/util.c | 8 +++++++-
src/test/test-strv.c | 4 ++++
src/test/test-util.c | 49 ++++++++++++++++++++++++++++++-------------------
3 files changed, 41 insertions(+), 20 deletions(-)
diff --git a/src/shared/util.c b/src/shared/util.c
index 364f618..91cf670 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -521,7 +521,7 @@ int safe_atod(const char *s, double *ret_d) {
static size_t strcspn_escaped(const char *s, const char *reject) {
bool escaped = false;
- size_t n;
+ int n;
for (n=0; s[n]; n++) {
if (escaped)
@@ -531,6 +531,7 @@ static size_t strcspn_escaped(const char *s, const char *reject) {
else if (strchr(reject, s[n]))
break;
}
+
/* if s ends in \, return index of previous char */
return n - escaped;
}
@@ -566,6 +567,11 @@ const char* split(const char **state, size_t *l, const char *separator, bool quo
*state = current++ + *l + 2;
} else if (quoted) {
*l = strcspn_escaped(current, separator);
+ if (current[*l] && !strchr(separator, current[*l])) {
+ /* unfinished escape */
+ *state = current;
+ return NULL;
+ }
*state = current + *l;
} else {
*l = strcspn(current, separator);
diff --git a/src/test/test-strv.c b/src/test/test-strv.c
index 0b78086..f343eab 100644
--- a/src/test/test-strv.c
+++ b/src/test/test-strv.c
@@ -520,6 +520,10 @@ int main(int argc, char *argv[]) {
test_strv_unquote(" \"x'\" ", STRV_MAKE("x'"));
test_strv_unquote("a '--b=c \"d e\"'", STRV_MAKE("a", "--b=c \"d e\""));
+ /* trailing backslashes */
+ test_strv_unquote(" x\\\\", STRV_MAKE("x\\"));
+ test_invalid_unquote(" x\\");
+
test_invalid_unquote("a --b='c \"d e\"''");
test_invalid_unquote("a --b='c \"d e\" '\"");
test_invalid_unquote("a --b='c \"d e\"garbage");
diff --git a/src/test/test-util.c b/src/test/test-util.c
index bbf7512..222af9a 100644
--- a/src/test/test-util.c
+++ b/src/test/test-util.c
@@ -406,28 +406,12 @@ static void test_foreach_word(void) {
assert_se(strneq(expected[i++], word, l));
}
-static void test_foreach_word_quoted(void) {
+static void check(const char *test, char** expected, bool trailing) {
const char *word, *state;
size_t l;
int i = 0;
- const char test[] = "test a b c 'd' e '' '' hhh '' '' \"a b c\"";
- const char * const expected[] = {
- "test",
- "a",
- "b",
- "c",
- "d",
- "e",
- "",
- "",
- "hhh",
- "",
- "",
- "a b c",
- NULL
- };
- printf("<%s>\n", test);
+ printf("<<<%s>>>\n", test);
FOREACH_WORD_QUOTED(word, l, test, state) {
_cleanup_free_ char *t = NULL;
@@ -435,7 +419,34 @@ static void test_foreach_word_quoted(void) {
assert_se(strneq(expected[i++], word, l));
printf("<%s>\n", t);
}
- assert_se(isempty(state));
+ printf("<<<%s>>>\n", state);
+ assert(expected[i] == NULL);
+ assert_se(isempty(state) == !trailing);
+}
+
+static void test_foreach_word_quoted(void) {
+ check("test a b c 'd' e '' '' hhh '' '' \"a b c\"",
+ STRV_MAKE("test",
+ "a",
+ "b",
+ "c",
+ "d",
+ "e",
+ "",
+ "",
+ "hhh",
+ "",
+ "",
+ "a b c"),
+ false);
+
+ check("test \"xxx",
+ STRV_MAKE("test"),
+ true);
+
+ check("test\\",
+ STRV_MAKE_EMPTY,
+ true);
}
static void test_default_term_for_tty(void) {
--
2.0.5

39
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/219-0001-timesyncd-enable-timesyncd-in-virtual-machines.patch vendored
View File

@ -1,39 +0,0 @@
From 4b16233e59b3edd8338819dad275cc94b5e5f6e7 Mon Sep 17 00:00:00 2001
From: Kay Sievers <kay@vrfy.org>
Date: Sun, 15 Mar 2015 19:44:59 +0100
Subject: [PATCH] timesyncd: enable timesyncd in virtual machines
On Fri, Mar 13, 2015 at 8:25 PM, Michael Marineau <michael.marineau@coreos.com> wrote:
> Currently systemd-timesyncd.service includes
> ConditionVirtualization=no, disabling it in both containers and
> virtual machines. Each VM platform tends to deal with or ignore the
> time problem in their own special ways, KVM/QEMU has the kernel time
> source kvm-clock, Xen has had different schemes over the years, VMware
> expects a userspace daemon sync the clock, and other platforms are
> content to drift with the wind as far as I can tell.
>
> I don't know of a robust way to know if a platform needs a little
> extra help from userspace to keep the clock sane or not but it seems
> generally safer to try than to risk drifting. Does anyone know of a
> reason to leave timesyncd off by default? Otherwise switching to
> ConditionVirtualization=!container should be reasonable.
---
units/systemd-timesyncd.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
index 39edafc..8219c95 100644
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -9,7 +9,7 @@
Description=Network Time Synchronization
Documentation=man:systemd-timesyncd.service(8)
ConditionCapability=CAP_SYS_TIME
-ConditionVirtualization=no
+ConditionVirtualization=!container
DefaultDependencies=no
RequiresMountsFor=/var/lib/systemd/clock
After=systemd-remount-fs.service systemd-tmpfiles-setup.service systemd-sysusers.service
--
2.0.5

46
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/219-0002-network-add-UseNTP-DHCP-option.patch vendored
View File

@ -1,46 +0,0 @@
From 301f4073fe1c2757e602aef24cee9ccf5f81a3a3 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Fri, 13 Mar 2015 12:01:29 -0700
Subject: [PATCH] network: add UseNTP DHCP option
Despite having the internal logic in place to enable/disable using NTP
servers provided by DHCP the network config didn't expose the option.
---
man/systemd.network.xml | 8 ++++++++
src/network/networkd-network-gperf.gperf | 1 +
2 files changed, 9 insertions(+)
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index ed0b2eb..087e9e2 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -515,6 +515,14 @@
</listitem>
</varlistentry>
<varlistentry>
+ <term><varname>UseNTP=</varname></term>
+ <listitem>
+ <para>When true (the default), the NTP servers received
+ from the DHCP server will be used by systemd-timesyncd
+ and take precedence over any statically configured ones.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term><varname>UseMTU=</varname></term>
<listitem>
<para>When true, the interface maximum transmission unit
diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf
index 93df83a..8abf5bc 100644
--- a/src/network/networkd-network-gperf.gperf
+++ b/src/network/networkd-network-gperf.gperf
@@ -60,6 +60,7 @@ Route.Metric, config_parse_route_priority, 0,
Route.Scope, config_parse_route_scope, 0, 0
DHCP.ClientIdentifier, config_parse_dhcp_client_identifier,0, offsetof(Network, dhcp_client_identifier)
DHCP.UseDNS, config_parse_bool, 0, offsetof(Network, dhcp_dns)
+DHCP.UseNTP, config_parse_bool, 0, offsetof(Network, dhcp_ntp)
DHCP.UseMTU, config_parse_bool, 0, offsetof(Network, dhcp_mtu)
DHCP.UseHostname, config_parse_bool, 0, offsetof(Network, dhcp_hostname)
DHCP.UseDomains, config_parse_bool, 0, offsetof(Network, dhcp_domains)
--
2.0.5

90
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/219-0003-nspawn-map-all-seccomp-filters-to-capabilities.patch vendored
View File

@ -1,90 +0,0 @@
From 9a71b1122c6e49dd9227f82b2f53837c7ea13019 Mon Sep 17 00:00:00 2001
From: Jay Faulkner <jay@jvf.cc>
Date: Fri, 20 Feb 2015 21:59:47 +0000
Subject: nspawn: Map all seccomp filters to capabilities
This change makes it so all seccomp filters are mapped
to the appropriate capability and are only added if that
capability was not requested when running the container.
This unbreaks the remaining use cases broken by the
addition of seccomp filters without respecting requested
capabilities.
Co-Authored-By: Clif Houck <me@clifhouck.com>
[zj: - adapt to our coding style, make struct anonymous]
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 8ce5fbe..8833704 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -2567,19 +2567,19 @@ static int setup_ipvlan(pid_t pid) {
static int setup_seccomp(void) {
#ifdef HAVE_SECCOMP
- static const int blacklist[] = {
- SCMP_SYS(kexec_load),
- SCMP_SYS(open_by_handle_at),
- SCMP_SYS(iopl),
- SCMP_SYS(ioperm),
- SCMP_SYS(swapon),
- SCMP_SYS(swapoff),
- };
-
- static const int kmod_blacklist[] = {
- SCMP_SYS(init_module),
- SCMP_SYS(finit_module),
- SCMP_SYS(delete_module),
+ static const struct {
+ uint64_t capability;
+ int syscall_num;
+ } blacklist[] = {
+ { CAP_SYS_RAWIO, SCMP_SYS(iopl)},
+ { CAP_SYS_RAWIO, SCMP_SYS(ioperm)},
+ { CAP_SYS_BOOT, SCMP_SYS(kexec_load)},
+ { CAP_SYS_ADMIN, SCMP_SYS(swapon)},
+ { CAP_SYS_ADMIN, SCMP_SYS(swapoff)},
+ { CAP_SYS_ADMIN, SCMP_SYS(open_by_handle_at)},
+ { CAP_SYS_MODULE, SCMP_SYS(init_module)},
+ { CAP_SYS_MODULE, SCMP_SYS(finit_module)},
+ { CAP_SYS_MODULE, SCMP_SYS(delete_module)},
};
scmp_filter_ctx seccomp;
@@ -2597,7 +2597,10 @@ static int setup_seccomp(void) {
}
for (i = 0; i < ELEMENTSOF(blacklist); i++) {
- r = seccomp_rule_add(seccomp, SCMP_ACT_ERRNO(EPERM), blacklist[i], 0);
+ if (arg_retain & (1ULL << blacklist[i].capability))
+ continue;
+
+ r = seccomp_rule_add(seccomp, SCMP_ACT_ERRNO(EPERM), blacklist[i].syscall_num, 0);
if (r == -EFAULT)
continue; /* unknown syscall */
if (r < 0) {
@@ -2606,19 +2609,6 @@ static int setup_seccomp(void) {
}
}
- /* If the CAP_SYS_MODULE capability is not requested then
- * we'll block the kmod syscalls too */
- if (!(arg_retain & (1ULL << CAP_SYS_MODULE))) {
- for (i = 0; i < ELEMENTSOF(kmod_blacklist); i++) {
- r = seccomp_rule_add(seccomp, SCMP_ACT_ERRNO(EPERM), kmod_blacklist[i], 0);
- if (r == -EFAULT)
- continue; /* unknown syscall */
- if (r < 0) {
- log_error_errno(r, "Failed to block syscall: %m");
- goto finish;
- }
- }
- }
/*
Audit is broken in containers, much of the userspace audit
--
cgit v0.10.2

68
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-218-r9.ebuild → sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-218-r10.ebuild vendored
View File

@ -4,22 +4,22 @@
EAPI=5 EAPI=5
if [[ ${PV} == 9999 ]]; then CROS_WORKON_PROJECT="coreos/systemd"
AUTOTOOLS_AUTORECONF=yes CROS_WORKON_REPO="git://github.com"
EGIT_REPO_URI="git://anongit.freedesktop.org/${PN}/${PN}
http://cgit.freedesktop.org/${PN}/${PN}/"
inherit git-r3 if [[ "${PV}" == 9999 ]]; then
# Use ~arch instead of empty keywords for compatibility with cros-workon
elif [[ ${PV} == *9999 ]]; then KEYWORDS="~amd64 ~arm ~x86"
AUTOTOOLS_AUTORECONF=yes else
EGIT_REPO_URI="git://anongit.freedesktop.org/${PN}/${PN}-stable CROS_WORKON_COMMIT="85fa71efc8554c20f7886fbf9ec40e47dc4fcb57"
http://cgit.freedesktop.org/${PN}/${PN}-stable/" KEYWORDS="amd64 ~arm ~x86"
EGIT_BRANCH=v${PV%%.*}-stable
inherit git-r3
fi fi
# cros-workon must be imported first, in cases where cros-workon and
# another eclass exports the same function (say src_compile) we want
# the later eclass's version to win. Only need src_unpack from workon.
inherit cros-workon
AUTOTOOLS_AUTORECONF=yes AUTOTOOLS_AUTORECONF=yes
AUTOTOOLS_PRUNE_LIBTOOL_FILES=all AUTOTOOLS_PRUNE_LIBTOOL_FILES=all
PYTHON_COMPAT=( python{2_7,3_2,3_3,3_4} ) PYTHON_COMPAT=( python{2_7,3_2,3_3,3_4} )
@ -33,7 +33,6 @@ SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz"
LICENSE="GPL-2 LGPL-2.1 MIT public-domain" LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
SLOT="0/2" SLOT="0/2"
KEYWORDS="~alpha amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86"
IUSE="acl apparmor audit cryptsetup curl doc elfutils gcrypt gudev http IUSE="acl apparmor audit cryptsetup curl doc elfutils gcrypt gudev http
idn introspection kdbus +kmod lz4 lzma pam policykit python qrcode +seccomp idn introspection kdbus +kmod lz4 lzma pam policykit python qrcode +seccomp
selinux ssl sysv-utils terminal test vanilla xkb" selinux ssl sysv-utils terminal test vanilla xkb"
@ -105,22 +104,15 @@ DEPEND="${COMMON_DEPEND}
python? ( dev-python/lxml[${PYTHON_USEDEP}] ) python? ( dev-python/lxml[${PYTHON_USEDEP}] )
test? ( >=sys-apps/dbus-1.6.8-r1:0 )" test? ( >=sys-apps/dbus-1.6.8-r1:0 )"
# Only required if patches touch man page source xml, which is usually. # Not required when building from unpatched tarballs, but we build from git.
DEPEND="${DEPEND} DEPEND="${DEPEND}
app-text/docbook-xml-dtd:4.2 app-text/docbook-xml-dtd:4.2
app-text/docbook-xml-dtd:4.5 app-text/docbook-xml-dtd:4.5
app-text/docbook-xsl-stylesheets app-text/docbook-xsl-stylesheets
dev-libs/libxslt:0" dev-libs/libxslt:0
if [[ ${PV} == *9999 ]]; then
DEPEND="${DEPEND}
dev-libs/gobject-introspection dev-libs/gobject-introspection
>=dev-libs/libgcrypt-1.4.5:0" >=dev-libs/libgcrypt-1.4.5:0"
SRC_URI=
KEYWORDS=
fi
pkg_pretend() { pkg_pretend() {
local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS ~DEVTMPFS ~DMIID local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS ~DEVTMPFS ~DMIID
~EPOLL ~FANOTIFY ~FHANDLE ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~EPOLL ~FANOTIFY ~FHANDLE ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS
@ -163,43 +155,15 @@ pkg_setup() {
} }
src_prepare() { src_prepare() {
if [[ ${PV} == *9999 ]]; then
if use doc; then if use doc; then
gtkdocize --docdir docs/ || die gtkdocize --docdir docs/ || die
else else
echo 'EXTRA_DIST =' > docs/gtk-doc.make echo 'EXTRA_DIST =' > docs/gtk-doc.make
fi fi
fi
# Bug 463376 # Bug 463376
sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
# missing in tarball
cp "${FILESDIR}"/217-systemd-consoled.service.in \
units/user/systemd-consoled.service.in || die
# https://github.com/coreos/bugs/issues/220
epatch "${FILESDIR}"/218-0001-networkd-accept-a-trailing-.-on-the-end-of-domains.patch
# https://github.com/coreos/bugs/issues/260
epatch "${FILESDIR}"/218-0002-allow-module-loading.patch
# https://github.com/coreos/bugs/issues/186
epatch "${FILESDIR}"/218-0003-core-open-up-DefaultDependencies-property-for-transi.patch
# Allow timesyncd in VMs, make DHCP provided NTP servers optional
epatch "${FILESDIR}"/218-0004-timesyncd-enable-timesyncd-in-virtual-machines.patch
epatch "${FILESDIR}"/218-0005-network-add-UseNTP-DHCP-option.patch
# Fix for coreos/bugs #293
epatch "${FILESDIR}"/219-0003-nspawn-map-all-seccomp-filters-to-capabilities.patch
# https://github.com/coreos/bugs/issues/279
epatch "${FILESDIR}"/218-0006-networkd-fix-systemd-networkd-wait-online-with-multi.patch
# stops systemd from hanging when there's trailing space after a line
# contiuation
epatch "${FILESDIR}"/218-0007-Treat-a-trailing-backslash-as-an-error.patch
autotools-utils_src_prepare autotools-utils_src_prepare
} }

580
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-219-r3.ebuild vendored
View File

@ -1,580 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/systemd-9999.ebuild,v 1.160 2015/02/20 16:13:22 floppym Exp $
EAPI=5
if [[ ${PV} == 9999 ]]; then
AUTOTOOLS_AUTORECONF=yes
EGIT_REPO_URI="git://anongit.freedesktop.org/${PN}/${PN}
http://cgit.freedesktop.org/${PN}/${PN}/"
inherit git-r3
elif [[ ${PV} == *9999 ]]; then
AUTOTOOLS_AUTORECONF=yes
EGIT_REPO_URI="git://anongit.freedesktop.org/${PN}/${PN}-stable
http://cgit.freedesktop.org/${PN}/${PN}-stable/"
EGIT_BRANCH=v${PV%%.*}-stable
inherit git-r3
fi
AUTOTOOLS_AUTORECONF=yes
AUTOTOOLS_PRUNE_LIBTOOL_FILES=all
PYTHON_COMPAT=( python{2_7,3_2,3_3,3_4} )
inherit autotools-utils bash-completion-r1 linux-info multilib \
multilib-minimal pam python-single-r1 systemd toolchain-funcs udev \
user
DESCRIPTION="System and service manager for Linux"
HOMEPAGE="http://www.freedesktop.org/wiki/Software/systemd"
SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz"
LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
SLOT="0/2"
KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86"
IUSE="acl apparmor audit cryptsetup curl doc elfutils gcrypt gudev http
idn importd introspection kdbus +kmod +lz4 lzma nat pam policykit python
qrcode +seccomp selinux ssl sysv-utils terminal test vanilla xkb"
# Gentoo removed the nls use flag, we'll keep it for now
IUSE+=" nls symlink-usr"
REQUIRED_USE="importd? ( curl gcrypt lzma )"
MINKV="3.8"
COMMON_DEPEND=">=sys-apps/util-linux-2.25:0=
sys-libs/libcap:0=
acl? ( sys-apps/acl:0= )
apparmor? ( sys-libs/libapparmor:0= )
audit? ( >=sys-process/audit-2:0= )
cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
curl? ( net-misc/curl:0= )
elfutils? ( >=dev-libs/elfutils-0.158:0= )
gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
gudev? ( >=dev-libs/glib-2.34.3:2=[${MULTILIB_USEDEP}] )
http? (
>=net-libs/libmicrohttpd-0.9.33:0=
ssl? ( >=net-libs/gnutls-3.1.4:0= )
)
idn? ( net-dns/libidn:0= )
importd? (
app-arch/bzip2:0=
sys-libs/zlib:0=
)
introspection? ( >=dev-libs/gobject-introspection-1.31.1:0= )
kmod? ( >=sys-apps/kmod-15:0= )
lz4? ( >=app-arch/lz4-0_p119:0=[${MULTILIB_USEDEP}] )
lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
nat? ( net-firewall/iptables:0= )
pam? ( virtual/pam:= )
python? ( ${PYTHON_DEPS} )
qrcode? ( media-gfx/qrencode:0= )
seccomp? ( sys-libs/libseccomp:0= )
selinux? ( sys-libs/libselinux:0= )
sysv-utils? (
!sys-apps/systemd-sysv-utils
!sys-apps/sysvinit )
terminal? ( >=dev-libs/libevdev-1.2:0=
>=x11-libs/libxkbcommon-0.5:0=
>=x11-libs/libdrm-2.4:0= )
xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
# baselayout-2.2 has /run
RDEPEND="${COMMON_DEPEND}
>=sys-apps/baselayout-2.2
!sys-auth/nss-myhostname
!<sys-libs/glibc-2.14
!sys-fs/eudev
!sys-fs/udev"
# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
PDEPEND=">=sys-apps/dbus-1.6.8-r1:0[systemd]
>=sys-apps/hwids-20130717-r1[udev]
policykit? ( sys-auth/polkit )
!vanilla? ( sys-apps/gentoo-systemd-integration )"
# Newer linux-headers needed by ia64, bug #480218
DEPEND="${COMMON_DEPEND}
app-arch/xz-utils:0
dev-util/gperf
>=dev-util/intltool-0.50
>=sys-apps/coreutils-8.16
>=sys-devel/binutils-2.23.1
>=sys-devel/gcc-4.6
>=sys-kernel/linux-headers-${MINKV}
ia64? ( >=sys-kernel/linux-headers-3.9 )
virtual/pkgconfig
doc? ( >=dev-util/gtk-doc-1.18 )
python? ( dev-python/lxml[${PYTHON_USEDEP}] )
terminal? ( media-fonts/unifont[utils(+)] )
test? ( >=sys-apps/dbus-1.6.8-r1:0 )"
# Only required if patches touch man page source xml, which is usually.
DEPEND="${DEPEND}
app-text/docbook-xml-dtd:4.2
app-text/docbook-xml-dtd:4.5
app-text/docbook-xsl-stylesheets
dev-libs/libxslt:0"
if [[ ${PV} == *9999 ]]; then
DEPEND="${DEPEND}
dev-libs/gobject-introspection
>=dev-libs/libgcrypt-1.4.5:0"
SRC_URI=
KEYWORDS=
fi
pkg_pretend() {
local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
~DEVPTS_MULTIPLE_INSTANCES ~DEVTMPFS ~DMIID ~EPOLL ~FANOTIFY ~FHANDLE
~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SECCOMP ~SIGNALFD ~SYSFS
~TIMERFD ~TMPFS_XATTR
~!FW_LOADER_USER_HELPER ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
~!SYSFS_DEPRECATED_V2"
use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
if linux_config_exists; then
local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
if [ -n "${uevent_helper_path}" ] && [ "${uevent_helper_path}" != '""' ]; then
ewarn "It's recommended to set an empty value to the following kernel config option:"
ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
fi
fi
if [[ ${MERGE_TYPE} != binary ]]; then
if [[ $(gcc-major-version) -lt 4
|| ( $(gcc-major-version) -eq 4 && $(gcc-minor-version) -lt 6 ) ]]
then
eerror "systemd requires at least gcc 4.6 to build. Please switch the active"
eerror "gcc version using gcc-config."
die "systemd requires at least gcc 4.6"
fi
fi
if [[ ${MERGE_TYPE} != buildonly ]]; then
if kernel_is -lt ${MINKV//./ }; then
ewarn "Kernel version at least ${MINKV} required"
fi
check_extra_config
fi
}
pkg_setup() {
use python && python-single-r1_pkg_setup
}
src_prepare() {
if [[ ${PV} == *9999 ]]; then
if use doc; then
gtkdocize --docdir docs/ || die
else
echo 'EXTRA_DIST =' > docs/gtk-doc.make
fi
fi
# Bug 463376
sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
# Allow timesyncd in VMs, make DHCP provided NTP servers optional
epatch "${FILESDIR}"/219-0001-timesyncd-enable-timesyncd-in-virtual-machines.patch
epatch "${FILESDIR}"/219-0002-network-add-UseNTP-DHCP-option.patch
# Fix for coreos/bugs #293
epatch "${FILESDIR}"/219-0003-nspawn-map-all-seccomp-filters-to-capabilities.patch
# https://github.com/coreos/bugs/issues/279
epatch "${FILESDIR}"/218-0006-networkd-fix-systemd-networkd-wait-online-with-multi.patch
autotools-utils_src_prepare
}
src_configure() {
# Keep using the one where the rules were installed.
MY_UDEVDIR=$(get_udevdir)
# Fix systems broken by bug #509454.
[[ ${MY_UDEVDIR} ]] || MY_UDEVDIR=/lib/udev
multilib-minimal_src_configure
}
multilib_src_configure() {
local myeconfargs=(
--with-pamconfdir=/usr/share/pam.d
# Workaround for bug 516346
--enable-dependency-tracking
--disable-maintainer-mode
--localstatedir=/var
--with-pamlibdir=$(getpam_mod_dir)
# avoid bash-completion dep
--with-bashcompletiondir="$(get_bashcompdir)"
# make sure we get /bin:/sbin in $PATH
--enable-split-usr
# For testing.
--with-rootprefix="${ROOTPREFIX-/usr}"
--with-rootlibdir="${ROOTPREFIX-/usr}/$(get_libdir)"
# disable sysv compatibility
--with-sysvinit-path=
--with-sysvrcnd-path=
# no deps
--enable-efi
--enable-ima
# used for stacktraces in log messages, leave off for now
--disable-elfutils
# Optional components/dependencies
$(multilib_native_use_enable acl)
$(multilib_native_use_enable apparmor)
$(multilib_native_use_enable audit)
$(multilib_native_use_enable cryptsetup libcryptsetup)
$(multilib_native_use_enable curl libcurl)
$(multilib_native_use_enable doc gtk-doc)
$(multilib_native_use_enable elfutils)
$(use_enable gcrypt)
$(use_enable gudev)
$(multilib_native_use_enable http microhttpd)
$(usex http $(multilib_native_use_enable ssl gnutls) --disable-gnutls)
$(multilib_native_use_enable idn libidn)
$(multilib_native_use_enable importd)
$(multilib_native_use_enable importd bzip2)
$(multilib_native_use_enable importd zlib)
$(multilib_native_use_enable introspection)
$(use_enable kdbus)
$(multilib_native_use_enable kmod)
$(use_enable lz4)
$(use_enable lzma xz)
$(multilib_native_use_enable nat libiptc)
$(use_enable nls)
$(multilib_native_use_enable pam)
$(multilib_native_use_enable policykit polkit)
$(multilib_native_use_with python)
$(multilib_native_use_enable python python-devel)
$(multilib_native_use_enable qrcode qrencode)
$(multilib_native_use_enable seccomp)
$(multilib_native_use_enable selinux)
$(multilib_native_use_enable terminal)
$(multilib_native_use_enable test tests)
$(multilib_native_use_enable test dbus)
$(multilib_native_use_enable xkb xkbcommon)
# not supported (avoid automagic deps in the future)
--disable-chkconfig
# hardcode a few paths to spare some deps
QUOTAON=/usr/sbin/quotaon
QUOTACHECK=/usr/sbin/quotacheck
# dbus paths
--with-dbuspolicydir="${EPREFIX}/usr/share/dbus-1/system.d"
--with-dbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services"
--with-dbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services"
--with-dbusinterfacedir="${EPREFIX}/usr/share/dbus-1/interfaces"
--with-ntp-servers="0.coreos.pool.ntp.org 1.coreos.pool.ntp.org 2.coreos.pool.ntp.org 3.coreos.pool.ntp.org"
# no default name servers
--with-dns-servers=
)
if ! multilib_is_native_abi; then
myeconfargs+=(
MOUNT_{CFLAGS,LIBS}=' '
ac_cv_search_cap_init=
ac_cv_header_sys_capability_h=yes
)
fi
# Work around bug 463846.
tc-export CC
autotools-utils_src_configure
}
multilib_src_compile() {
local mymakeopts=(
udevlibexecdir="${MY_UDEVDIR}"
)
if multilib_is_native_abi; then
emake "${mymakeopts[@]}"
else
# prerequisites for gudev
use gudev && emake src/gudev/gudev{enumtypes,marshal}.{c,h}
echo 'gentoo: $(BUILT_SOURCES)' | \
emake "${mymakeopts[@]}" -f Makefile -f - gentoo
echo 'gentoo: $(lib_LTLIBRARIES) $(pkgconfiglib_DATA)' | \
emake "${mymakeopts[@]}" -f Makefile -f - gentoo
fi
}
multilib_src_test() {
multilib_is_native_abi || continue
default
}
multilib_src_install() {
local mymakeopts=(
# automake fails with parallel libtool relinking
# https://bugs.gentoo.org/show_bug.cgi?id=491398
-j1
udevlibexecdir="${MY_UDEVDIR}"
dist_udevhwdb_DATA=
DESTDIR="${D}"
)
if multilib_is_native_abi; then
emake "${mymakeopts[@]}" install
else
mymakeopts+=(
install-libLTLIBRARIES
install-pkgconfiglibDATA
install-includeHEADERS
# safe to call unconditionally, 'installs' empty list
install-libgudev_includeHEADERS
install-pkgincludeHEADERS
)
emake "${mymakeopts[@]}"
fi
# install compat pkg-config files
# Change dbus to >=sys-apps/dbus-1.8.8 if/when this is dropped.
local pcfiles=( src/compat-libs/libsystemd-{daemon,id128,journal,login}.pc )
emake "${mymakeopts[@]}" install-pkgconfiglibDATA \
pkgconfiglib_DATA="${pcfiles[*]}"
}
multilib_src_install_all() {
prune_libtool_files --modules
einstalldocs
if use sysv-utils; then
local prefix
use symlink-usr && prefix=/usr
for app in halt poweroff reboot runlevel shutdown telinit; do
dosym "/${ROOTPREFIX-/usr}/bin/systemctl" ${prefix}/sbin/${app}
done
dosym "/${ROOTPREFIX-/usr}/lib/systemd/systemd" ${prefix}/sbin/init
else
# we just keep sysvinit tools, so no need for the mans
rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
|| die
rm "${D}"/usr/share/man/man1/init.1 || die
fi
# Ensure journal directory has correct ownership/mode in inital image.
# This is fixed by systemd-tmpfiles *but* journald starts before that
# and will create the journal if the filesystem is already read-write.
# Conveniently the systemd Makefile sets this up completely wrong.
dodir /var/log/journal
fowners root:systemd-journal /var/log/journal
fperms 2755 /var/log/journal
systemd_dotmpfilesd "${FILESDIR}"/systemd-coreos.conf
systemd_dotmpfilesd "${FILESDIR}"/systemd-resolv.conf
# Don't default to graphical.target
rm "${D}"/usr/lib/systemd/system/default.target || die
dosym multi-user.target /usr/lib/systemd/system/default.target
# If we install these symlinks, there is no way for the sysadmin to remove them
# permanently.
rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
rm -r "${D}"/etc/systemd/system/network-online.target.wants || die
rm -r "${D}"/etc/systemd/system/sysinit.target.wants || die
# Move a few services enabled in /etc to /usr
# systemd-timesyncd is left disabled, we currently use ntpd
rm -f "${D}"/etc/systemd/system/getty.target.wants/getty@tty1.service
rm -f "${D}"/etc/systemd/system/multi-user.target.wants/remote-fs.target
rm -f "${D}"/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service
rmdir "${D}"/etc/systemd/system/getty.target.wants \
"${D}"/etc/systemd/system/multi-user.target.wants \
|| die
dosym ../getty@.service /usr/lib/systemd/system/getty.target.wants/getty@tty1.service
systemd_enable_service multi-user.target remote-fs.target
systemd_enable_service multi-user.target systemd-networkd.service
systemd_enable_service multi-user.target systemd-resolved.service
systemd_enable_service network-online.target systemd-networkd-wait-online.service
# Grant networkd access to set the transient host name
insinto /usr/share/polkit-1/rules.d
doins "${FILESDIR}"/99-org.freedesktop.hostname1.rules
# Do not enable random services if /etc was detected as empty!!!
rm "${D}"/usr/lib/systemd/system-preset/90-systemd.preset
insinto /usr/lib/systemd/system-preset
doins "${FILESDIR}"/99-default.preset
# Disable the "First Boot Wizard" by default, it isn't very applicable to CoreOS
rm "${D}"/usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service
# Do not ship distro-specific files (nsswitch.conf pam.d)
rm -rf "${D}"/usr/share/factory
sed -i "${D}"/usr/lib/tmpfiles.d/etc.conf \
-e '/^C \/etc\/nsswitch\.conf/d' \
-e '/^C \/etc\/pam\.d/d'
}
migrate_locale() {
local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
local locale_conf="${EROOT%/}/etc/locale.conf"
if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
# If locale.conf does not exist...
if [[ -e ${envd_locale} ]]; then
# ...either copy env.d/??locale if there's one
ebegin "Moving ${envd_locale} to ${locale_conf}"
mv "${envd_locale}" "${locale_conf}"
eend ${?} || FAIL=1
else
# ...or create a dummy default
ebegin "Creating ${locale_conf}"
cat > "${locale_conf}" <<-EOF
# This file has been created by the sys-apps/systemd ebuild.
# See locale.conf(5) and localectl(1).
# LANG=${LANG}
EOF
eend ${?} || FAIL=1
fi
fi
if [[ ! -L ${envd_locale} ]]; then
# now, if env.d/??locale is not a symlink (to locale.conf)...
if [[ -e ${envd_locale} ]]; then
# ...warn the user that he has duplicate locale settings
ewarn
ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
ewarn "and create the symlink with the following command:"
ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
ewarn
else
# ...or just create the symlink if there's nothing here
ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
ln -n -s ../locale.conf "${envd_locale_def}"
eend ${?} || FAIL=1
fi
fi
}
migrate_net_name_slot() {
# If user has disabled 80-net-name-slot.rules using a empty file or a symlink to /dev/null,
# do the same for 80-net-setup-link.rules to keep the old behavior
local net_move=no
local net_name_slot_sym=no
local net_rules_path="${EROOT%/}"/etc/udev/rules.d
local net_name_slot="${net_rules_path}"/80-net-name-slot.rules
local net_setup_link="${net_rules_path}"/80-net-setup-link.rules
if [[ -e ${net_setup_link} ]]; then
net_move=no
elif [[ -f ${net_name_slot} && $(sed -e "/^#/d" -e "/^\W*$/d" ${net_name_slot} | wc -l) == 0 ]]; then
net_move=yes
elif [[ -L ${net_name_slot} && $(readlink ${net_name_slot}) == /dev/null ]]; then
net_move=yes
net_name_slot_sym=yes
fi
if [[ ${net_move} == yes ]]; then
ebegin "Copying ${net_name_slot} to ${net_setup_link}"
if [[ ${net_name_slot_sym} == yes ]]; then
ln -nfs /dev/null "${net_setup_link}"
else
cp "${net_name_slot}" "${net_setup_link}"
fi
eend $? || FAIL=1
fi
}
pkg_postinst() {
newusergroup() {
enewgroup "$1"
enewuser "$1" -1 -1 -1 "$1"
}
enewgroup input
enewgroup systemd-journal
newusergroup systemd-bus-proxy
newusergroup systemd-journal-gateway
newusergroup systemd-journal-remote
newusergroup systemd-journal-upload
newusergroup systemd-network
newusergroup systemd-resolve
newusergroup systemd-timesync
use http && newusergroup systemd-journal-gateway
systemd_update_catalog
# Keep this here in case the database format changes so it gets updated
# when required. Despite that this file is owned by sys-apps/hwids.
if has_version "sys-apps/hwids[udev]"; then
udevadm hwdb --update --root="${ROOT%/}"
fi
udev_reload || FAIL=1
# Bug 465468, make sure locales are respect, and ensure consistency
# between OpenRC & systemd
migrate_locale
# Migrate 80-net-name-slot.rules -> 80-net-setup-link.rules
migrate_net_name_slot
if [[ ${FAIL} ]]; then
eerror "One of the postinst commands failed. Please check the postinst output"
eerror "for errors. You may need to clean up your system and/or try installing"
eerror "systemd again."
eerror
fi
if [[ ! -L "${ROOT}"/etc/mtab ]]; then
ewarn "Upstream mandates the /etc/mtab file should be a symlink to /proc/mounts."
ewarn "Not having it is not supported by upstream and will cause tools like 'df'"
ewarn "and 'mount' to not work properly. Please run:"
ewarn " # ln -sf '${ROOT}proc/self/mounts' '${ROOT}etc/mtab'"
ewarn
fi
if [[ $(readlink "${ROOT}"/etc/resolv.conf) == */run/systemd/network/resolv.conf ]]; then
ewarn "resolv.conf is now generated by systemd-resolved. To use it, enable"
ewarn "systemd-resolved.service, and create a symlink from /etc/resolv.conf"
ewarn "to /run/systemd/resolve/resolv.conf"
ewarn
fi
if ! has_version sys-apps/systemd-ui; then
elog "To get additional features, a number of optional runtime dependencies may"
elog "be installed:"
elog "- sys-apps/systemd-ui: for GTK+ systemadm UI and gnome-ask-password-agent"
fi
if has_version sys-apps/openrc &&
! has_version sys-fs/udev-init-scripts; then
elog "If you plan to boot using OpenRC and udev or eudev, you"
elog "need to install the udev-init-scripts package."
fi
}
pkg_prerm() {
# If removing systemd completely, remove the catalog database.
if [[ ! ${REPLACED_BY_VERSION} ]]; then
rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
fi
}

1
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-219-r4.ebuild vendored Symbolic link
View File

@ -0,0 +1 @@
systemd-9999.ebuild

41
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild vendored
View File

@ -4,22 +4,22 @@
EAPI=5 EAPI=5
if [[ ${PV} == 9999 ]]; then CROS_WORKON_PROJECT="coreos/systemd"
AUTOTOOLS_AUTORECONF=yes CROS_WORKON_REPO="git://github.com"
EGIT_REPO_URI="git://anongit.freedesktop.org/${PN}/${PN}
http://cgit.freedesktop.org/${PN}/${PN}/"
inherit git-r3 if [[ "${PV}" == 9999 ]]; then
# Use ~arch instead of empty keywords for compatibility with cros-workon
elif [[ ${PV} == *9999 ]]; then KEYWORDS="~amd64 ~arm ~x86"
AUTOTOOLS_AUTORECONF=yes else
EGIT_REPO_URI="git://anongit.freedesktop.org/${PN}/${PN}-stable CROS_WORKON_COMMIT="26f5c5989fa5e4024a3a717c42977b898c621d07"
http://cgit.freedesktop.org/${PN}/${PN}-stable/" KEYWORDS="~amd64 ~arm ~x86"
EGIT_BRANCH=v${PV%%.*}-stable
inherit git-r3
fi fi
# cros-workon must be imported first, in cases where cros-workon and
# another eclass exports the same function (say src_compile) we want
# the later eclass's version to win. Only need src_unpack from workon.
inherit cros-workon
AUTOTOOLS_AUTORECONF=yes AUTOTOOLS_AUTORECONF=yes
AUTOTOOLS_PRUNE_LIBTOOL_FILES=all AUTOTOOLS_PRUNE_LIBTOOL_FILES=all
PYTHON_COMPAT=( python{2_7,3_2,3_3,3_4} ) PYTHON_COMPAT=( python{2_7,3_2,3_3,3_4} )
@ -33,7 +33,6 @@ SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz"
LICENSE="GPL-2 LGPL-2.1 MIT public-domain" LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
SLOT="0/2" SLOT="0/2"
KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86"
IUSE="acl apparmor audit cryptsetup curl doc elfutils gcrypt gudev http IUSE="acl apparmor audit cryptsetup curl doc elfutils gcrypt gudev http
idn importd introspection kdbus +kmod +lz4 lzma nat pam policykit python idn importd introspection kdbus +kmod +lz4 lzma nat pam policykit python
qrcode +seccomp selinux ssl sysv-utils terminal test vanilla xkb" qrcode +seccomp selinux ssl sysv-utils terminal test vanilla xkb"
@ -114,22 +113,15 @@ DEPEND="${COMMON_DEPEND}
terminal? ( media-fonts/unifont[utils(+)] ) terminal? ( media-fonts/unifont[utils(+)] )
test? ( >=sys-apps/dbus-1.6.8-r1:0 )" test? ( >=sys-apps/dbus-1.6.8-r1:0 )"
# Only required if patches touch man page source xml, which is usually. # Not required when building from unpatched tarballs, but we build from git.
DEPEND="${DEPEND} DEPEND="${DEPEND}
app-text/docbook-xml-dtd:4.2 app-text/docbook-xml-dtd:4.2
app-text/docbook-xml-dtd:4.5 app-text/docbook-xml-dtd:4.5
app-text/docbook-xsl-stylesheets app-text/docbook-xsl-stylesheets
dev-libs/libxslt:0" dev-libs/libxslt:0
if [[ ${PV} == *9999 ]]; then
DEPEND="${DEPEND}
dev-libs/gobject-introspection dev-libs/gobject-introspection
>=dev-libs/libgcrypt-1.4.5:0" >=dev-libs/libgcrypt-1.4.5:0"
SRC_URI=
KEYWORDS=
fi
pkg_pretend() { pkg_pretend() {
local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
~DEVPTS_MULTIPLE_INSTANCES ~DEVTMPFS ~DMIID ~EPOLL ~FANOTIFY ~FHANDLE ~DEVPTS_MULTIPLE_INSTANCES ~DEVTMPFS ~DMIID ~EPOLL ~FANOTIFY ~FHANDLE
@ -173,13 +165,12 @@ pkg_setup() {
} }
src_prepare() { src_prepare() {
if [[ ${PV} == *9999 ]]; then
if use doc; then if use doc; then
gtkdocize --docdir docs/ || die gtkdocize --docdir docs/ || die
else else
echo 'EXTRA_DIST =' > docs/gtk-doc.make echo 'EXTRA_DIST =' > docs/gtk-doc.make
fi fi
fi
# Bug 463376 # Bug 463376
sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die