From c0b3c67e51fbc3affeed366e792164ca64f029a6 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Mon, 12 Dec 2022 16:59:38 +0100 Subject: [PATCH] sys-apps/systemd: Sync with Gentoo It's from Gentoo commit 5ee96ebd12ec053d626f2e717bb4ba9f38991b4f. --- .../sys-apps/systemd/CHECKLIST.md | 1 - .../coreos-overlay/sys-apps/systemd/Manifest | 2 +- .../0001-wait-online-set-any-by-default.patch | 32 -- ...fault-to-kernel-IPForwarding-setting.patch | 24 -- ...ate-don-t-require-strictly-newer-usr.patch | 58 ---- ...004-core-use-max-for-DefaultTasksMax.patch | 64 ---- ...d-Disable-SELinux-permissions-checks.patch | 29 -- ...e-handle-lookup-paths-being-symlinks.patch | 84 ----- ...-Pass-tty-to-use-by-agetty-via-stdin.patch | 93 ------ .../sys-apps/systemd/files/99-default.preset | 2 - .../sys-apps/systemd/files/nsswitch.conf | 27 ++ .../systemd/files/systemd-flatcar.conf | 19 -- .../systemd/files/systemd-resolv.conf | 2 - .../sys-apps/systemd/files/systemd-user.pam | 5 + .../sys-apps/systemd/metadata.xml | 8 +- .../sys-apps/systemd/systemd-250.3-r1.ebuild | 1 - ...temd-250.3.ebuild => systemd-250.7.ebuild} | 308 +++++------------- 17 files changed, 116 insertions(+), 643 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/CHECKLIST.md delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-wait-online-set-any-by-default.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-networkd-default-to-kernel-IPForwarding-setting.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0003-needs-update-don-t-require-strictly-newer-usr.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-core-use-max-for-DefaultTasksMax.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-systemd-Disable-SELinux-permissions-checks.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-core-handle-lookup-paths-being-symlinks.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-default.preset create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/nsswitch.conf delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-resolv.conf create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-user.pam delete mode 120000 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.3-r1.ebuild rename sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/{systemd-250.3.ebuild => systemd-250.7.ebuild} (58%) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/CHECKLIST.md b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/CHECKLIST.md deleted file mode 100644 index 0685b359fd..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/CHECKLIST.md +++ /dev/null @@ -1 +0,0 @@ -- Check that the `systemd-sysext.service`'s `ConditionDirectoryNotEmpty` entries are correctly reflected in `flatcar/init:systemd/system/ensure-sysext.service` diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest index 11fad23078..414ac1a206 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest @@ -1 +1 @@ -DIST systemd-stable-250.3.tar.gz 11125151 BLAKE2B 659c39994e76f94407dd9079e28fc644981d3475a0ed440b9895e8f201c3ce1fc47aa8c4d599ad85ed89ddfb6ca8e514aee2a739e93640745cf46647f99efe56 SHA512 81847fb088ff271138b1ea318995a2ca2ee5d4c5d839c9dd81f0210d366198049199d59c49b25ef8783df2c6b8dd9fcdf2d916777788b1a6d42deec9da8e9da5 +DIST systemd-stable-250.7.tar.gz 11214975 BLAKE2B 5d94b4b1f8b0cd6e8284a89ac0d4bd373eccdad2c3d6e6c453df79c8df47ee0f9cfbde764b72b1f9d172d07e2d9f1f1f41c1ab254cf4abd0722469ebc3ad7cf8 SHA512 99bc6f0c9757b280cb694f3fb4d6fe04d5ce55583eb2bae5ddeb324bb5ee9930c1720fcc27293d90cddba188473653ec541a471ae8115710a5850c26d0ba215d diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-wait-online-set-any-by-default.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-wait-online-set-any-by-default.patch deleted file mode 100644 index 342d9d0ae3..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-wait-online-set-any-by-default.patch +++ /dev/null @@ -1,32 +0,0 @@ -From d13deba6bad21e796829b83b00dce03085b0ab14 Mon Sep 17 00:00:00 2001 -From: David Michael -Date: Tue, 16 Apr 2019 02:44:51 +0000 -Subject: [PATCH 1/8] wait-online: set --any by default - -The systemd-networkd-wait-online command would normally continue -waiting after a network interface is usable if other interfaces are -still configuring. There is a new flag --any to change this. - -Preserve previous Container Linux behavior for compatibility by -setting the --any flag by default. See patches from v241 (or -earlier) for the original implementation. ---- - src/network/wait-online/wait-online.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/network/wait-online/wait-online.c b/src/network/wait-online/wait-online.c -index a679b858fa..3b6dad8d1d 100644 ---- a/src/network/wait-online/wait-online.c -+++ b/src/network/wait-online/wait-online.c -@@ -20,7 +20,7 @@ static Hashmap *arg_interfaces = NULL; - static char **arg_ignore = NULL; - static LinkOperationalStateRange arg_required_operstate = { _LINK_OPERSTATE_INVALID, _LINK_OPERSTATE_INVALID }; - static AddressFamily arg_required_family = ADDRESS_FAMILY_NO; --static bool arg_any = false; -+static bool arg_any = true; - - STATIC_DESTRUCTOR_REGISTER(arg_interfaces, hashmap_free_free_freep); - STATIC_DESTRUCTOR_REGISTER(arg_ignore, strv_freep); --- -2.35.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-networkd-default-to-kernel-IPForwarding-setting.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-networkd-default-to-kernel-IPForwarding-setting.patch deleted file mode 100644 index 8cfc66862d..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-networkd-default-to-kernel-IPForwarding-setting.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 2a8f5356c608e6f4512ade1b3ce2176f4491bce1 Mon Sep 17 00:00:00 2001 -From: Nick Owens -Date: Tue, 2 Jun 2015 18:22:32 -0700 -Subject: [PATCH 2/8] networkd: default to "kernel" IPForwarding setting - ---- - src/network/networkd-network.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c -index 873ad2e703..4395dce4e2 100644 ---- a/src/network/networkd-network.c -+++ b/src/network/networkd-network.c -@@ -458,6 +458,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi - .link_local = _ADDRESS_FAMILY_INVALID, - .ipv6ll_address_gen_mode = _IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_INVALID, - -+ .ip_forward = _ADDRESS_FAMILY_INVALID, - .ipv4_accept_local = -1, - .ipv4_route_localnet = -1, - .ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO, --- -2.35.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0003-needs-update-don-t-require-strictly-newer-usr.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0003-needs-update-don-t-require-strictly-newer-usr.patch deleted file mode 100644 index 5548f861d6..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0003-needs-update-don-t-require-strictly-newer-usr.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 5ba2f094ba91f8f52a4b3c0aca83e2fe344594d8 Mon Sep 17 00:00:00 2001 -From: Alex Crawford -Date: Wed, 2 Mar 2016 10:46:33 -0800 -Subject: [PATCH 3/8] needs-update: don't require strictly newer usr - -Updates should be triggered whenever usr changes, not only when it is newer. ---- - man/systemd-update-done.service.xml | 2 +- - src/shared/condition.c | 6 +++--- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/man/systemd-update-done.service.xml b/man/systemd-update-done.service.xml -index 3393010ff6..5478baca25 100644 ---- a/man/systemd-update-done.service.xml -+++ b/man/systemd-update-done.service.xml -@@ -50,7 +50,7 @@ - ConditionNeedsUpdate= (see - systemd.unit5) - condition to make sure to run when /etc/ or -- /var/ are older than /usr/ -+ /var/ aren't the same age as /usr/ - according to the modification times of the files described above. - This requires that updates to /usr/ are always - followed by an update of the modification time of -diff --git a/src/shared/condition.c b/src/shared/condition.c -index 68fbbf643a..306089cd26 100644 ---- a/src/shared/condition.c -+++ b/src/shared/condition.c -@@ -769,7 +769,7 @@ static int condition_test_needs_update(Condition *c, char **env) { - * First, compare seconds as they are always accurate... - */ - if (usr.st_mtim.tv_sec != other.st_mtim.tv_sec) -- return usr.st_mtim.tv_sec > other.st_mtim.tv_sec; -+ return true; - - /* - * ...then compare nanoseconds. -@@ -780,7 +780,7 @@ static int condition_test_needs_update(Condition *c, char **env) { - * (otherwise the filesystem supports nsec timestamps, see stat(2)). - */ - if (usr.st_mtim.tv_nsec == 0 || other.st_mtim.tv_nsec > 0) -- return usr.st_mtim.tv_nsec > other.st_mtim.tv_nsec; -+ return usr.st_mtim.tv_nsec != other.st_mtim.tv_nsec; - - _cleanup_free_ char *timestamp_str = NULL; - r = parse_env_file(NULL, p, "TIMESTAMP_NSEC", ×tamp_str); -@@ -799,7 +799,7 @@ static int condition_test_needs_update(Condition *c, char **env) { - return true; - } - -- return timespec_load_nsec(&usr.st_mtim) > timestamp; -+ return timespec_load_nsec(&usr.st_mtim) != timestamp; - } - - static int condition_test_first_boot(Condition *c, char **env) { --- -2.35.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-core-use-max-for-DefaultTasksMax.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-core-use-max-for-DefaultTasksMax.patch deleted file mode 100644 index 2b4578bc58..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-core-use-max-for-DefaultTasksMax.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 75c683b81fcdb47eaa9aa6c4355ed96296d6d547 Mon Sep 17 00:00:00 2001 -From: Sayan Chowdhury -Date: Thu, 22 Apr 2021 20:08:33 +0530 -Subject: [PATCH 4/8] core: use max for DefaultTasksMax - -Since systemd v228, systemd has a DefaultTasksMax which defaulted -to 512, later 15% of the system's maximum number of PIDs. This -limit is low and a change in behavior that people running services -in containers will hit frequently, so revert to previous behavior. - -Though later the TasksMax was changed in the a dynamic property to -accommodate stale values. - -This change is built on previous patch by David Michael(dm0-). - -Signed-off-by: Sayan Chowdhury ---- - man/systemd-system.conf.xml | 2 +- - src/core/main.c | 2 +- - src/core/system.conf.in | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml -index 3805a010e2..48d9061d16 100644 ---- a/man/systemd-system.conf.xml -+++ b/man/systemd-system.conf.xml -@@ -404,7 +404,7 @@ - Configure the default value for the per-unit TasksMax= setting. See - systemd.resource-control5 - for details. This setting applies to all unit types that support resource control settings, with the exception -- of slice units. Defaults to 15% of the minimum of kernel.pid_max=, kernel.threads-max= -+ of slice units. Defaults to 100% of the minimum of kernel.pid_max=, kernel.threads-max= - and root cgroup pids.max. - Kernel has a default value for kernel.pid_max= and an algorithm of counting in case of more than 32 cores. - For example with the default kernel.pid_max=, DefaultTasksMax= defaults to 4915, -diff --git a/src/core/main.c b/src/core/main.c -index 57aedb9b93..a8859478a9 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -98,7 +98,7 @@ - #include - #endif - --#define DEFAULT_TASKS_MAX ((TasksMax) { 15U, 100U }) /* 15% */ -+#define DEFAULT_TASKS_MAX ((TasksMax) { 100U, 100U }) /* 100% */ - - static enum { - ACTION_RUN, -diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index 96fb64d2c1..7a71efbb0a 100644 ---- a/src/core/system.conf.in -+++ b/src/core/system.conf.in -@@ -54,7 +54,7 @@ - #DefaultBlockIOAccounting=no - #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }} - #DefaultTasksAccounting=yes --#DefaultTasksMax=15% -+#DefaultTasksMax=100% - #DefaultLimitCPU= - #DefaultLimitFSIZE= - #DefaultLimitDATA= --- -2.35.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-systemd-Disable-SELinux-permissions-checks.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-systemd-Disable-SELinux-permissions-checks.patch deleted file mode 100644 index e998f3e37c..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-systemd-Disable-SELinux-permissions-checks.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 170a29c01603c8815edf019bdc0ddc29c986e1a2 Mon Sep 17 00:00:00 2001 -From: Matthew Garrett -Date: Tue, 20 Dec 2016 16:43:22 +0000 -Subject: [PATCH 5/8] systemd: Disable SELinux permissions checks - -We don't care about the interaction between systemd and SELinux policy, so -let's just disable these checks rather than having to incorporate policy -support. This has no impact on our SELinux use-case, which is purely intended -to limit containers and not anything running directly on the host. ---- - src/core/selinux-access.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c -index ad098e99df..8b341184a2 100644 ---- a/src/core/selinux-access.c -+++ b/src/core/selinux-access.c -@@ -2,7 +2,7 @@ - - #include "selinux-access.h" - --#if HAVE_SELINUX -+#if 0 - - #include - #include --- -2.35.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-core-handle-lookup-paths-being-symlinks.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-core-handle-lookup-paths-being-symlinks.patch deleted file mode 100644 index 824afeac28..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-core-handle-lookup-paths-being-symlinks.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 8f007876ee3ac88087a8b24c252e9187e754c880 Mon Sep 17 00:00:00 2001 -From: Sayan Chowdhury -Date: Wed, 8 Sep 2021 12:10:35 +0530 -Subject: [PATCH 6/8] core: handle lookup paths being symlinks - -With a recent change paths leaving the statically known lookup paths -would be treated differently then those that remained within those. That -was done (AFAIK) to consistently handle alias names. Unfortunately that -means that on some distributions, especially those where /etc/ consists -mostly of symlinks, would trigger that new detection for every single -unit in /etc/systemd/system. The reason for that is that the units -directory itself is already a symlink. - -Original Patch from: https://github.com/systemd/systemd/pull/20479 - -Signed-off-by: Sayan Chowdhury ---- - src/basic/unit-file.c | 33 +++++++++++++++++++++++++++++++-- - 1 file changed, 31 insertions(+), 2 deletions(-) - -diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c -index faea92f66d..b024df21a9 100644 ---- a/src/basic/unit-file.c -+++ b/src/basic/unit-file.c -@@ -280,6 +280,7 @@ int unit_file_build_name_map( - - _cleanup_hashmap_free_ Hashmap *ids = NULL, *names = NULL; - _cleanup_set_free_free_ Set *paths = NULL; -+ _cleanup_strv_free_ char **expanded_search_paths = NULL; - uint64_t timestamp_hash; - char **dir; - int r; -@@ -299,6 +300,34 @@ int unit_file_build_name_map( - return log_oom(); - } - -+ /* Go over all our search paths, chase their symlinks and store the -+ * result in the expanded_search_paths list. -+ * -+ * This is important for cases where any of the unit directories itself -+ * are symlinks into other directories and would therefore cause all of -+ * the unit files to be recognized as linked units. -+ * -+ * This is important for distributions such as NixOS where most paths -+ * in /etc/ are symlinks to some other location on the filesystem (e.g. -+ * into /nix/store/). -+ */ -+ STRV_FOREACH(dir, (char**) lp->search_path) { -+ _cleanup_free_ char *resolved_dir = NULL; -+ r = strv_extend(&expanded_search_paths, *dir); -+ if (r < 0) -+ return log_oom(); -+ -+ r = chase_symlinks(*dir, NULL, 0, &resolved_dir, NULL); -+ if (r < 0) { -+ if (r != -ENOENT) -+ log_warning_errno(r, "Failed to resolve symlink %s, ignoring: %m", *dir); -+ continue; -+ } -+ -+ if (strv_consume(&expanded_search_paths, TAKE_PTR(resolved_dir)) < 0) -+ return log_oom(); -+ } -+ - STRV_FOREACH(dir, (char**) lp->search_path) { - _cleanup_closedir_ DIR *d = NULL; - -@@ -424,11 +453,11 @@ int unit_file_build_name_map( - continue; - } - -- /* Check if the symlink goes outside of our search path. -+ /* Check if the symlink goes outside of our (expanded) search path. - * If yes, it's a linked unit file or mask, and we don't care about the target name. - * Let's just store the link source directly. - * If not, let's verify that it's a good symlink. */ -- char *tail = path_startswith_strv(simplified, lp->search_path); -+ char *tail = path_startswith_strv(simplified, expanded_search_paths); - if (!tail) { - log_debug("%s: linked unit file: %s → %s", - __func__, filename, simplified); --- -2.35.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch deleted file mode 100644 index 7e46a13015..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 925d668d820d728ec58e470fd64cdff1504d8e04 Mon Sep 17 00:00:00 2001 -From: Krzesimir Nowak -Date: Fri, 21 Jan 2022 19:17:11 +0100 -Subject: [PATCH 7/8] Revert "getty: Pass tty to use by agetty via stdin" - -This reverts commit b4bf9007cbee7dc0b1356897344ae2a7890df84c. - -This is to work around a SELinux denial that happens when setting up standard -input for serial consoles (which is used for SSH connections). ---- - units/console-getty.service.in | 4 +--- - units/container-getty@.service.in | 4 +--- - units/getty@.service.in | 4 +--- - units/serial-getty@.service.in | 4 +--- - 4 files changed, 4 insertions(+), 12 deletions(-) - -diff --git a/units/console-getty.service.in b/units/console-getty.service.in -index 73871d6f50..bb67541dce 100644 ---- a/units/console-getty.service.in -+++ b/units/console-getty.service.in -@@ -23,12 +23,10 @@ ConditionPathExists=/dev/console - # The '-o' option value tells agetty to replace 'login' arguments with an - # option to preserve environment (-p), followed by '--' for safety, and then - # the entered username. --ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud - 115200,38400,9600 $TERM -+ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud console 115200,38400,9600 $TERM - Type=idle - Restart=always - UtmpIdentifier=cons --StandardInput=tty --StandardOutput=tty - TTYPath=/dev/console - TTYReset=yes - TTYVHangup=yes -diff --git a/units/container-getty@.service.in b/units/container-getty@.service.in -index a6e3f94e2a..ed1eb7bde1 100644 ---- a/units/container-getty@.service.in -+++ b/units/container-getty@.service.in -@@ -28,13 +28,11 @@ Before=rescue.service - # The '-o' option value tells agetty to replace 'login' arguments with an - # option to preserve environment (-p), followed by '--' for safety, and then - # the entered username. --ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud - 115200,38400,9600 $TERM -+ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud pts/%I 115200,38400,9600 $TERM - Type=idle - Restart=always - RestartSec=0 - UtmpIdentifier=pts/%I --StandardInput=tty --StandardOutput=tty - TTYPath=/dev/pts/%I - TTYReset=yes - TTYVHangup=yes -diff --git a/units/getty@.service.in b/units/getty@.service.in -index 21d66f9367..78deb7cffe 100644 ---- a/units/getty@.service.in -+++ b/units/getty@.service.in -@@ -38,13 +38,11 @@ ConditionPathExists=/dev/tty0 - # The '-o' option value tells agetty to replace 'login' arguments with an - # option to preserve environment (-p), followed by '--' for safety, and then - # the entered username. --ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear - $TERM -+ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear %I $TERM - Type=idle - Restart=always - RestartSec=0 - UtmpIdentifier=%I --StandardInput=tty --StandardOutput=tty - TTYPath=/dev/%I - TTYReset=yes - TTYVHangup=yes -diff --git a/units/serial-getty@.service.in b/units/serial-getty@.service.in -index 2433124c55..bb7af3105d 100644 ---- a/units/serial-getty@.service.in -+++ b/units/serial-getty@.service.in -@@ -33,12 +33,10 @@ Before=rescue.service - # The '-o' option value tells agetty to replace 'login' arguments with an - # option to preserve environment (-p), followed by '--' for safety, and then - # the entered username. --ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,57600,38400,9600 - $TERM -+ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,57600,38400,9600 %I $TERM - Type=idle - Restart=always - UtmpIdentifier=%I --StandardInput=tty --StandardOutput=tty - TTYPath=/dev/%I - TTYReset=yes - TTYVHangup=yes --- -2.35.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-default.preset b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-default.preset deleted file mode 100644 index d2545d5d1d..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-default.preset +++ /dev/null @@ -1,2 +0,0 @@ -# Do not enable any services if /etc is detected as empty. -disable * diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/nsswitch.conf b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/nsswitch.conf new file mode 100644 index 0000000000..91dbe757f9 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/nsswitch.conf @@ -0,0 +1,27 @@ +# Sample nss configuration for systemd + +# systemd-specific modules +# See the manual pages fore further information. +# nss-myhostname - host resolution for the local hostname +# nss-mymachines - host, user, group resolution for containers +# nss-resolve - host resolution using resolved +# nss-systemd - dynamic user/group resolution (DynamicUser in unit files) + +passwd: files mymachines systemd +shadow: files +group: files mymachines systemd +gshadow: files + +hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname +networks: files + +services: db files +protocols: db files +rpc: db files +ethers: db files +netmasks: files +netgroup: files +bootparams: files + +automount: files +aliases: files diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf deleted file mode 100644 index c4f06a17f7..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf +++ /dev/null @@ -1,19 +0,0 @@ -# The list of directories is taken from Gentoo ebuild, where they use -# keepdir. The list isn't sorted, but tries to preserve the order of -# keepdir lines from Gentoo ebuild for easier comparisons. We skip the -# directories in /usr, though. -d /etc/binfmt.d - - - - - -d /etc/modules-load.d - - - - - -d /etc/tmpfiles.d - - - - - -d /etc/kernel/install.d - - - - - -d /etc/systemd/network - - - - - -d /etc/systemd/system - - - - - -d /etc/systemd/user - - - - - -d /etc/udev/rules.d - - - - - -d /etc/udev/hwdb.d - - - - - -d /var/lib/systemd - - - - - -d /var/log/journal - - - - - -d /etc/sysctl.d - - - - - - -# This seems to be our own addition. -d /var/log/journal/remote - systemd-journal-remote systemd-journal-remote - - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-resolv.conf b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-resolv.conf deleted file mode 100644 index 32b7e9d214..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-resolv.conf +++ /dev/null @@ -1,2 +0,0 @@ -d /run/systemd/network - - - - - -L /run/systemd/network/resolv.conf - - - - ../resolve/resolv.conf diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-user.pam b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-user.pam new file mode 100644 index 0000000000..38ae3211f8 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-user.pam @@ -0,0 +1,5 @@ +account include system-auth + +session required pam_loginuid.so +session include system-auth +session optional pam_systemd.so diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml index 1e7d92356b..d9f94345f7 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml @@ -18,18 +18,17 @@ Enable EFI boot manager and stub loader (built using sys-boot/gnu-efi) Enable coredump stacktraces in the journal Enable FIDO2 support - Enable sealing of journal files using gcrypt + Enable use of dev-libs/libgcrypt for various features Enable portable home directories Enable setting hostname with networkd/hostnamed without polkit (requires running sys-apps/dbus-broker) Enable embedded HTTP server in journald Enable import daemon + Use libiptc from net-firewall/iptables for NAT support in systemd-networkd; this is used only if the running kernel does not support nftables Enable kernel module loading via sys-apps/kmod Enable lz4 compression for the journal - Enable support for network address translation in networkd - Enable use of dev-libs/openssl + Enable use of dev-libs/openssl for various features Enable PKCS#11 support for cryptsetup and homed Enable password quality checking in homed - Enable support for growing/adding partitions Enable qrcode output support in journal Install resolvconf symlink for systemd-resolve Install sysvinit compatibility symlinks and manpages for init, telinit, halt, poweroff, reboot, runlevel, and shutdown @@ -39,5 +38,6 @@ systemd/systemd + systemd/systemd-stable diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.3-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.3-r1.ebuild deleted file mode 120000 index 5446582e48..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.3-r1.ebuild +++ /dev/null @@ -1 +0,0 @@ -systemd-250.3.ebuild \ No newline at end of file diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.3.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.7.ebuild similarity index 58% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.3.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.7.ebuild index b8f1582d7d..6c099f218f 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.3.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.7.ebuild @@ -6,6 +6,9 @@ PYTHON_COMPAT=( python3_{8..10} ) # Avoid QA warnings TMPFILES_OPTIONAL=1 +UDEV_OPTIONAL=1 + +QA_PKGCONFIG_VERSION=$(ver_cut 1) if [[ ${PV} == 9999 ]]; then EGIT_REPO_URI="https://github.com/systemd/systemd.git" @@ -20,23 +23,20 @@ else MY_P=${MY_PN}-${MY_PV} S=${WORKDIR}/${MY_P} SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" - # Flatcar: Stabilize for amd64 and arm64. - KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" + KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86" fi -# Flatcar: We don't use gen_usr_ldscript so dropping usr-ldscript. -# Adding tmpfiles, since we use it for installing some files. -inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev tmpfiles +inherit bash-completion-r1 flag-o-matic linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev usr-ldscript DESCRIPTION="System and service manager for Linux" -HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd" +HOMEPAGE="http://systemd.io/" LICENSE="GPL-2 LGPL-2.1 MIT public-domain" SLOT="0/2" IUSE=" acl apparmor audit build cgroup-hybrid cryptsetup curl +dns-over-tls elfutils - fido2 +gcrypt gnuefi gnutls homed hostnamed-fallback http idn importd +kmod - +lz4 lzma nat +openssl pam pcre pkcs11 policykit pwquality qrcode + fido2 +gcrypt gnuefi gnutls homed hostnamed-fallback http idn importd iptables +kmod + +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd " REQUIRED_USE=" @@ -72,7 +72,7 @@ COMMON_DEPEND=" kmod? ( >=sys-apps/kmod-15:0= ) lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - nat? ( net-firewall/iptables:0= ) + iptables? ( net-firewall/iptables:0= ) openssl? ( >=dev-libs/openssl-1.1.0:0= ) pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) pkcs11? ( app-crypt/p11-kit:0= ) @@ -125,7 +125,10 @@ RDEPEND="${COMMON_DEPEND} acct-group/systemd-hostname sys-apps/dbus-broker ) - selinux? ( sec-policy/selinux-base-policy[systemd] ) + selinux? ( + sec-policy/selinux-base-policy[systemd] + sec-policy/selinux-ntp + ) sysv-utils? ( !sys-apps/openrc[sysv-utils(-)] !sys-apps/sysvinit @@ -144,9 +147,8 @@ RDEPEND="${COMMON_DEPEND} " # sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -# -# Flatcar: We don't have sys-fs/udev-init-scripts-34, so it's dropped. PDEPEND=">=sys-apps/dbus-1.9.8[systemd] + >=sys-fs/udev-init-scripts-34 policykit? ( sys-auth/polkit ) !vanilla? ( sys-apps/gentoo-systemd-integration )" @@ -185,7 +187,7 @@ pkg_pretend() { ewarn "See https://bugs.gentoo.org/674458." fi - local CONFIG_CHECK="~AUTOFS4_FS ~BINFMT_MISC ~BLK_DEV_BSG ~CGROUPS + local CONFIG_CHECK=" ~BINFMT_MISC ~BLK_DEV_BSG ~CGROUPS ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS @@ -199,10 +201,16 @@ pkg_pretend() { kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES" kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF" - if kernel_is -lt 5 10 20; then - CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" - else + if kernel_is -ge 5 10 20; then CONFIG_CHECK+=" ~KCMP" + else + CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" + fi + + if kernel_is -ge 4 18; then + CONFIG_CHECK+=" ~AUTOFS_FS" + else + CONFIG_CHECK+=" ~AUTOFS4_FS" fi if linux_config_exists; then @@ -241,14 +249,6 @@ src_prepare() { # Add local patches here PATCHES+=( - # Flatcar: Adding our own patches here. - "${FILESDIR}/0001-wait-online-set-any-by-default.patch" - "${FILESDIR}/0002-networkd-default-to-kernel-IPForwarding-setting.patch" - "${FILESDIR}/0003-needs-update-don-t-require-strictly-newer-usr.patch" - "${FILESDIR}/0004-core-use-max-for-DefaultTasksMax.patch" - "${FILESDIR}/0005-systemd-Disable-SELinux-permissions-checks.patch" - "${FILESDIR}/0006-core-handle-lookup-paths-being-symlinks.patch" - "${FILESDIR}/0007-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch" ) if ! use vanilla; then @@ -259,21 +259,6 @@ src_prepare() { ) fi - # Flatcar: The Kubelet takes /etc/resolv.conf for, e.g., - # CoreDNS which has dnsPolicy "default", but unless the - # kubelet --resolv-conf flag is set to point to - # /run/systemd/resolve/resolv.conf this won't work with - # /etc/resolv.conf pointing to - # /run/systemd/resolve/stub-resolv.conf which configures - # 127.0.0.53. See - # https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/#known-issues - # This means that users who need split DNS to work should - # point /etc/resolv.conf back to - # /run/systemd/resolve/stub-resolv.conf (and if using K8s - # configure the kubelet resolvConf variable/--resolv-conf flag - # to /run/systemd/resolve/resolv.conf). - sed -i -e 's,/run/systemd/resolve/stub-resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/systemd-resolve.conf || die - default } @@ -281,28 +266,38 @@ src_configure() { # Prevent conflicts with i686 cross toolchain, bug 559726 tc-export AR CC NM OBJCOPY RANLIB + # Broken with FORTIFY_SOURCE=3 without a patch. And the patch + # wasn't backported to 250.x, but it turns out to break Clang + # anyway: bug #841770. + # + # Our toolchain sets F_S=2 by default w/ >= -O2, so we need + # to unset F_S first, then explicitly set 2, to negate any default + # and anything set by the user if they're choosing 3 (or if they've + # modified GCC to set 3). + # + if is-flagq '-O[23]' || is-flagq '-Ofast' ; then + # We can't unconditionally do this b/c we fortify needs + # some level of optimisation. + filter-flags -D_FORTIFY_SOURCE=3 + append-cppflags -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 + fi + python_setup multilib-minimal_src_configure } -# Flatcar: Our function, we use it in some places below. -get_rootprefix() { - usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr" -} - multilib_src_configure() { local myconf=( --localstatedir="${EPREFIX}/var" - # Flatcar: Point to our user mailing list. - -Dsupport-url="https://groups.google.com/forum/#!forum/flatcar-linux-user" + -Dsupport-url="https://gentoo.org/support/" -Dpamlibdir="$(getpam_mod_dir)" # avoid bash-completion dep -Dbashcompletiondir="$(get_bashcompdir)" # make sure we get /bin:/sbin in PATH $(meson_use split-usr) -Dsplit-bin=true - -Drootprefix="$(get_rootprefix)" + -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" # Avoid infinite exec recursion, bug 642724 -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" @@ -333,7 +328,7 @@ multilib_src_configure() { $(meson_use lz4) $(meson_use lzma xz) $(meson_use zstd) - $(meson_native_use_bool nat libiptc) + $(meson_native_use_bool iptables libiptc) $(meson_native_use_bool openssl) $(meson_use pam) $(meson_native_use_bool pkcs11 p11kit) @@ -346,11 +341,9 @@ multilib_src_configure() { $(meson_native_use_bool tpm tpm2) $(meson_native_use_bool test dbus) $(meson_native_use_bool xkb xkbcommon) - # Flatcar: Use our ntp servers. - -Dntp-servers="0.flatcar.pool.ntp.org 1.flatcar.pool.ntp.org 2.flatcar.pool.ntp.org 3.flatcar.pool.ntp.org" + -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" # Breaks screen, tmux, etc. -Ddefault-kill-user-processes=false - # Flatcar: TODO: Investigate if we want this. -Dcreate-log-dirs=false # multilib options @@ -373,41 +366,6 @@ multilib_src_configure() { $(meson_native_true timesyncd) $(meson_native_true tmpfiles) $(meson_native_true vconsole) - - # Flatcar: Specify this, or meson breaks due to no - # /etc/login.defs. - -Dsystem-gid-max=999 - -Dsystem-uid-max=999 - - # Flatcar: DBus paths. - -Ddbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services" - -Ddbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services" - - # Flatcar: PAM config directory. - -Dpamconfdir=/usr/share/pam.d - - # Flatcar: The CoreOS epoch, Mon Jul 1 00:00:00 UTC - # 2013. Used by timesyncd as a sanity check for the - # minimum acceptable time. Explicitly set to avoid - # using the current build time. - -Dtime-epoch=1372636800 - - # Flatcar: No default name servers. - -Ddns-servers= - - # Flatcar: Disable the "First Boot Wizard", it isn't - # very applicable to us. - -Dfirstboot=false - - # Flatcar: Set latest network interface naming scheme - # for - # https://github.com/flatcar/Flatcar/issues/36 - -Ddefault-net-naming-scheme=latest - - # Flatcar: Unported options, still needed? - -Defi-cc="$(tc-getCC)" - -Dquotaon-path=/usr/sbin/quotaon - -Dquotacheck-path=/usr/sbin/quotacheck ) meson_src_configure "${myconf[@]}" @@ -425,9 +383,7 @@ multilib_src_install_all() { mv "${ED}"/usr/share/doc/{systemd,${PF}} || die einstalldocs - # Flatcar: Do not install sample nsswitch.conf, we don't - # provide it. - # dodoc "${FILESDIR}"/nsswitch.conf + dodoc "${FILESDIR}"/nsswitch.conf if ! use resolvconf; then rm -f "${ED}${rootprefix}"/sbin/resolvconf || die @@ -449,30 +405,26 @@ multilib_src_install_all() { # https://bugs.gentoo.org/761763 rm -r "${ED}"/usr/lib/sysusers.d || die - # Flatcar: Upstream uses keepdir commands to keep some empty - # directories. We use tmpfiles. - # # Preserve empty dirs in /etc & /var, bug #437008 - # keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} - # keepdir /etc/kernel/install.d - # keepdir /etc/systemd/{network,system,user} - # keepdir /etc/udev/rules.d - # - # keepdir /etc/udev/hwdb.d - # - # keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} - # keepdir /usr/lib/{binfmt.d,modules-load.d} - # keepdir /usr/lib/systemd/user-generators - # keepdir /var/lib/systemd - # keepdir /var/log/journal + # Preserve empty dirs in /etc & /var, bug #437008 + keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} + keepdir /etc/kernel/install.d + keepdir /etc/systemd/{network,system,user} + keepdir /etc/udev/rules.d - # Flatcar: No migrations happening here. - # # Symlink /etc/sysctl.conf for easy migration. - # dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf + keepdir /etc/udev/hwdb.d - # Flatcar: Do not install a pam policy, we have our own. - # if use pam; then - # newpamd "${FILESDIR}"/systemd-user.pam systemd-user - # fi + keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} + keepdir /usr/lib/{binfmt.d,modules-load.d} + keepdir /usr/lib/systemd/user-generators + keepdir /var/lib/systemd + keepdir /var/log/journal + + # Symlink /etc/sysctl.conf for easy migration. + dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf + + if use pam; then + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi if use split-usr; then # Avoid breaking boot/reboot @@ -490,115 +442,7 @@ multilib_src_install_all() { doins "${FILESDIR}/00-hostnamed-network-user.conf" fi - # Flatcar: gen_usr_ldscript is likely for static libs, so we - # dropped it. - # gen_usr_ldscript -a systemd udev - - # Flatcar: Ensure journal directory has correct ownership/mode - # in inital image. This is fixed by systemd-tmpfiles *but* - # journald starts before that and will create the journal if - # the filesystem is already read-write. Conveniently the - # systemd Makefile sets this up completely wrong. - # - # Flatcar: TODO: Is this still a problem? - dodir /var/log/journal - fowners root:systemd-journal /var/log/journal - fperms 2755 /var/log/journal - - # Flatcar: Don't prune systemd dirs. - dotmpfiles "${FILESDIR}"/systemd-flatcar.conf - # Flatcar: Add tmpfiles rule for resolv.conf. This path has - # changed after v213 so it must be handled here instead of - # baselayout now. - dotmpfiles "${FILESDIR}"/systemd-resolv.conf - - # Flatcar: Don't default to graphical.target. - local unitdir=$(builddir_systemd_get_systemunitdir) - dosym multi-user.target "${unitdir}"/default.target - - # Flatcar: Don't set any extra environment variables by default. - rm "${ED}/usr/lib/environment.d/99-environment.conf" || die - - # Flatcar: These lines more or less follow the systemd's - # preset file (90-systemd.preset). We do it that way, to avoid - # putting symlinks in /etc. Please keep the lines in the same - # order as the "enable" lines appear in the preset file. For a - # single enable line in preset, there may be more lines if the - # unit file had Also: clause which has units we enable here - # too. - - # Flatcar: enable remote-fs.target - builddir_systemd_enable_service multi-user.target remote-fs.target - # Flatcar: enable remote-cryptsetup.target - if use cryptsetup; then - builddir_systemd_enable_service multi-user.target remote-cryptsetup.target - fi - # Flatcar: enable machines.target - builddir_systemd_enable_service multi-user.target machines.target - # Flatcar: enable getty@.service - dodir "${unitdir}/getty.target.wants" - dosym ../getty@.service "${unitdir}/getty.target.wants/getty@tty1.service" - # Flatcar: enable systemd-timesyncd.service - builddir_systemd_enable_service sysinit.target systemd-timesyncd.service - # Flatcar: enable systemd-networkd.service (Also: systemd-networkd.socket, systemd-networkd-wait-online.service) - builddir_systemd_enable_service multi-user.target systemd-networkd.service - builddir_systemd_enable_service sockets.target systemd-networkd.socket - builddir_systemd_enable_service network-online.target systemd-networkd-wait-online.service - # Flatcar: enable systemd-network-generator.service - builddir_systemd_enable_service sysinit.target systemd-network-generator.service - # Flatcar: enable systemd-resolved.service - builddir_systemd_enable_service multi-user.target systemd-resolved.service - # Flatcar: enable systemd-homed.service (Also: systemd-userdbd.service [not enabled - has no WantedBy entry]) - if use homed; then - builddir_systemd_enable_service multi-user.target systemd-homed.target - fi - # Flatcar: enable systemd-userdbd.socket - builddir_systemd_enable_service sockets.target systemd-userdbd.socket - # Flatcar: enable systemd-pstore.service - builddir_systemd_enable_service sysinit.target systemd-pstore.service - # Flatcar: enable systemd-boot-update.service - if use gnuefi; then - builddir_systemd_enable_service sysinit.target systemd-boot-update.service - fi - # Flatcar: enable reboot.target (not enabled - has no WantedBy - # entry) - - # Flatcar: enable systemd-sysext.service by default - builddir_systemd_enable_service sysinit.target systemd-sysext.service - - # Flatcar: Use an empty preset file, because systemctl - # preset-all puts symlinks in /etc, not in /usr. We don't use - # /etc, because it is not autoupdated. We do the "preset" above. - rm "${ED}$(usex split-usr '' /usr)/lib/systemd/system-preset/90-systemd.preset" || die - insinto $(usex split-usr '' /usr)/lib/systemd/system-preset - doins "${FILESDIR}"/99-default.preset - - # Flatcar: Do not ship distro-specific files (nsswitch.conf - # pam.d). This conflicts with our own configuration provided - # by baselayout. - rm -rf "${ED}"/usr/share/factory - sed -i "${ED}"/usr/lib/tmpfiles.d/etc.conf \ - -e '/^C!* \/etc\/nsswitch\.conf/d' \ - -e '/^C!* \/etc\/pam\.d/d' \ - -e '/^C!* \/etc\/issue/d' -} - -# Flatcar: Our own version of systemd_get_systemunitdir, that returns -# a path inside /usr, not /etc. -builddir_systemd_get_systemunitdir() { - echo "$(get_rootprefix)/lib/systemd/system" -} - -# Flatcar: Our own version of systemd_enable_service, that does -# operations inside /usr, not /etc. -builddir_systemd_enable_service() { - local target=${1} - local service=${2} - local ud=$(builddir_systemd_get_systemunitdir) - local destname=${service##*/} - - dodir "${ud}"/"${target}".wants && \ - dosym ../"${service}" "${ud}"/"${target}".wants/"${destname}" + gen_usr_ldscript -a systemd udev } migrate_locale() { @@ -676,15 +520,13 @@ pkg_postinst() { # between OpenRC & systemd migrate_locale - # Flatcar: We enable getty and remote-fs targets in /usr - # ourselves above. - # if [[ -z ${REPLACING_VERSIONS} ]]; then - # if type systemctl &>/dev/null; then - # systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 - # fi - # elog "To enable a useful set of services, run the following:" - # elog " systemctl preset-all --preset-mode=enable-only" - # fi + if [[ -z ${REPLACING_VERSIONS} ]]; then + if type systemctl &>/dev/null; then + systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 + fi + elog "To enable a useful set of services, run the following:" + elog " systemctl preset-all --preset-mode=enable-only" + fi if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then rm "${EROOT}/var/lib/systemd/timesync" @@ -696,6 +538,14 @@ pkg_postinst() { eerror "systemd again." eerror fi + + if use hostnamed-fallback; then + if ! systemctl --root="${ROOT:-/}" is-enabled --quiet dbus-broker.service 2>/dev/null; then + ewarn "dbus-broker.service is not enabled, systemd-hostnamed will fail to run." + ewarn "To enable dbus-broker.service run the next command as root:" + ewarn "systemctl enable dbus-broker.service" + fi + fi } pkg_prerm() {