mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-09-30 18:12:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

sys-apps/systemd: Sync with Gentoo

Browse Source 
It's from Gentoo commit 5ee96ebd12ec053d626f2e717bb4ba9f38991b4f.
This commit is contained in:
Krzesimir Nowak 2022-12-12 16:59:38 +01:00
parent 1ffb2901f8
commit c0b3c67e51
17 changed files with 116 additions and 643 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/CHECKLIST.md vendored
View File

@ -1 +0,0 @@
- Check that the `systemd-sysext.service`'s `ConditionDirectoryNotEmpty` entries are correctly reflected in `flatcar/init:systemd/system/ensure-sysext.service`

2
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest vendored
View File

@ -1 +1 @@
DIST systemd-stable-250.3.tar.gz 11125151 BLAKE2B 659c39994e76f94407dd9079e28fc644981d3475a0ed440b9895e8f201c3ce1fc47aa8c4d599ad85ed89ddfb6ca8e514aee2a739e93640745cf46647f99efe56 SHA512 81847fb088ff271138b1ea318995a2ca2ee5d4c5d839c9dd81f0210d366198049199d59c49b25ef8783df2c6b8dd9fcdf2d916777788b1a6d42deec9da8e9da5 DIST systemd-stable-250.7.tar.gz 11214975 BLAKE2B 5d94b4b1f8b0cd6e8284a89ac0d4bd373eccdad2c3d6e6c453df79c8df47ee0f9cfbde764b72b1f9d172d07e2d9f1f1f41c1ab254cf4abd0722469ebc3ad7cf8 SHA512 99bc6f0c9757b280cb694f3fb4d6fe04d5ce55583eb2bae5ddeb324bb5ee9930c1720fcc27293d90cddba188473653ec541a471ae8115710a5850c26d0ba215d

32
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-wait-online-set-any-by-default.patch vendored
View File

@ -1,32 +0,0 @@
From d13deba6bad21e796829b83b00dce03085b0ab14 Mon Sep 17 00:00:00 2001
From: David Michael <dm0@redhat.com>
Date: Tue, 16 Apr 2019 02:44:51 +0000
Subject: [PATCH 1/8] wait-online: set --any by default
The systemd-networkd-wait-online command would normally continue
waiting after a network interface is usable if other interfaces are
still configuring. There is a new flag --any to change this.
Preserve previous Container Linux behavior for compatibility by
setting the --any flag by default. See patches from v241 (or
earlier) for the original implementation.
---
src/network/wait-online/wait-online.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/network/wait-online/wait-online.c b/src/network/wait-online/wait-online.c
index a679b858fa..3b6dad8d1d 100644
--- a/src/network/wait-online/wait-online.c
+++ b/src/network/wait-online/wait-online.c
@@ -20,7 +20,7 @@ static Hashmap *arg_interfaces = NULL;
static char **arg_ignore = NULL;
static LinkOperationalStateRange arg_required_operstate = { _LINK_OPERSTATE_INVALID, _LINK_OPERSTATE_INVALID };
static AddressFamily arg_required_family = ADDRESS_FAMILY_NO;
-static bool arg_any = false;
+static bool arg_any = true;
STATIC_DESTRUCTOR_REGISTER(arg_interfaces, hashmap_free_free_freep);
STATIC_DESTRUCTOR_REGISTER(arg_ignore, strv_freep);
--
2.35.1

24
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-networkd-default-to-kernel-IPForwarding-setting.patch vendored
View File

@ -1,24 +0,0 @@
From 2a8f5356c608e6f4512ade1b3ce2176f4491bce1 Mon Sep 17 00:00:00 2001
From: Nick Owens <nick.owens@coreos.com>
Date: Tue, 2 Jun 2015 18:22:32 -0700
Subject: [PATCH 2/8] networkd: default to "kernel" IPForwarding setting
---
src/network/networkd-network.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index 873ad2e703..4395dce4e2 100644
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -458,6 +458,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi
.link_local = _ADDRESS_FAMILY_INVALID,
.ipv6ll_address_gen_mode = _IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_INVALID,
+ .ip_forward = _ADDRESS_FAMILY_INVALID,
.ipv4_accept_local = -1,
.ipv4_route_localnet = -1,
.ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO,
--
2.35.1

58
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0003-needs-update-don-t-require-strictly-newer-usr.patch vendored
View File

@ -1,58 +0,0 @@
From 5ba2f094ba91f8f52a4b3c0aca83e2fe344594d8 Mon Sep 17 00:00:00 2001
From: Alex Crawford <alex.crawford@coreos.com>
Date: Wed, 2 Mar 2016 10:46:33 -0800
Subject: [PATCH 3/8] needs-update: don't require strictly newer usr
Updates should be triggered whenever usr changes, not only when it is newer.
---
man/systemd-update-done.service.xml | 2 +-
src/shared/condition.c | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/man/systemd-update-done.service.xml b/man/systemd-update-done.service.xml
index 3393010ff6..5478baca25 100644
--- a/man/systemd-update-done.service.xml
+++ b/man/systemd-update-done.service.xml
@@ -50,7 +50,7 @@
<varname>ConditionNeedsUpdate=</varname> (see
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
condition to make sure to run when <filename>/etc/</filename> or
- <filename>/var/</filename> are older than <filename>/usr/</filename>
+ <filename>/var/</filename> aren't the same age as <filename>/usr/</filename>
according to the modification times of the files described above.
This requires that updates to <filename>/usr/</filename> are always
followed by an update of the modification time of
diff --git a/src/shared/condition.c b/src/shared/condition.c
index 68fbbf643a..306089cd26 100644
--- a/src/shared/condition.c
+++ b/src/shared/condition.c
@@ -769,7 +769,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
* First, compare seconds as they are always accurate...
*/
if (usr.st_mtim.tv_sec != other.st_mtim.tv_sec)
- return usr.st_mtim.tv_sec > other.st_mtim.tv_sec;
+ return true;
/*
* ...then compare nanoseconds.
@@ -780,7 +780,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
* (otherwise the filesystem supports nsec timestamps, see stat(2)).
*/
if (usr.st_mtim.tv_nsec == 0 || other.st_mtim.tv_nsec > 0)
- return usr.st_mtim.tv_nsec > other.st_mtim.tv_nsec;
+ return usr.st_mtim.tv_nsec != other.st_mtim.tv_nsec;
_cleanup_free_ char *timestamp_str = NULL;
r = parse_env_file(NULL, p, "TIMESTAMP_NSEC", &timestamp_str);
@@ -799,7 +799,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
return true;
}
- return timespec_load_nsec(&usr.st_mtim) > timestamp;
+ return timespec_load_nsec(&usr.st_mtim) != timestamp;
}
static int condition_test_first_boot(Condition *c, char **env) {
--
2.35.1

64
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-core-use-max-for-DefaultTasksMax.patch vendored
View File

@ -1,64 +0,0 @@
From 75c683b81fcdb47eaa9aa6c4355ed96296d6d547 Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <sayan@kinvolk.io>
Date: Thu, 22 Apr 2021 20:08:33 +0530
Subject: [PATCH 4/8] core: use max for DefaultTasksMax
Since systemd v228, systemd has a DefaultTasksMax which defaulted
to 512, later 15% of the system's maximum number of PIDs. This
limit is low and a change in behavior that people running services
in containers will hit frequently, so revert to previous behavior.
Though later the TasksMax was changed in the a dynamic property to
accommodate stale values.
This change is built on previous patch by David Michael(dm0-).
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
---
man/systemd-system.conf.xml | 2 +-
src/core/main.c | 2 +-
src/core/system.conf.in | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
index 3805a010e2..48d9061d16 100644
--- a/man/systemd-system.conf.xml
+++ b/man/systemd-system.conf.xml
@@ -404,7 +404,7 @@
<listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for details. This setting applies to all unit types that support resource control settings, with the exception
- of slice units. Defaults to 15% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
+ of slice units. Defaults to 100% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
and root cgroup <varname>pids.max</varname>.
Kernel has a default value for <varname>kernel.pid_max=</varname> and an algorithm of counting in case of more than 32 cores.
For example with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 4915,
diff --git a/src/core/main.c b/src/core/main.c
index 57aedb9b93..a8859478a9 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -98,7 +98,7 @@
#include <sanitizer/lsan_interface.h>
#endif
-#define DEFAULT_TASKS_MAX ((TasksMax) { 15U, 100U }) /* 15% */
+#define DEFAULT_TASKS_MAX ((TasksMax) { 100U, 100U }) /* 100% */
static enum {
ACTION_RUN,
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
index 96fb64d2c1..7a71efbb0a 100644
--- a/src/core/system.conf.in
+++ b/src/core/system.conf.in
@@ -54,7 +54,7 @@
#DefaultBlockIOAccounting=no
#DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }}
#DefaultTasksAccounting=yes
-#DefaultTasksMax=15%
+#DefaultTasksMax=100%
#DefaultLimitCPU=
#DefaultLimitFSIZE=
#DefaultLimitDATA=
--
2.35.1

29
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-systemd-Disable-SELinux-permissions-checks.patch vendored
View File

@ -1,29 +0,0 @@
From 170a29c01603c8815edf019bdc0ddc29c986e1a2 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Tue, 20 Dec 2016 16:43:22 +0000
Subject: [PATCH 5/8] systemd: Disable SELinux permissions checks
We don't care about the interaction between systemd and SELinux policy, so
let's just disable these checks rather than having to incorporate policy
support. This has no impact on our SELinux use-case, which is purely intended
to limit containers and not anything running directly on the host.
---
src/core/selinux-access.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
index ad098e99df..8b341184a2 100644
--- a/src/core/selinux-access.c
+++ b/src/core/selinux-access.c
@@ -2,7 +2,7 @@
#include "selinux-access.h"
-#if HAVE_SELINUX
+#if 0
#include <errno.h>
#include <selinux/avc.h>
--
2.35.1

84
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-core-handle-lookup-paths-being-symlinks.patch vendored
View File

@ -1,84 +0,0 @@
From 8f007876ee3ac88087a8b24c252e9187e754c880 Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <sayan@kinvolk.io>
Date: Wed, 8 Sep 2021 12:10:35 +0530
Subject: [PATCH 6/8] core: handle lookup paths being symlinks
With a recent change paths leaving the statically known lookup paths
would be treated differently then those that remained within those. That
was done (AFAIK) to consistently handle alias names. Unfortunately that
means that on some distributions, especially those where /etc/ consists
mostly of symlinks, would trigger that new detection for every single
unit in /etc/systemd/system. The reason for that is that the units
directory itself is already a symlink.
Original Patch from: https://github.com/systemd/systemd/pull/20479
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
---
src/basic/unit-file.c | 33 +++++++++++++++++++++++++++++++--
1 file changed, 31 insertions(+), 2 deletions(-)
diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c
index faea92f66d..b024df21a9 100644
--- a/src/basic/unit-file.c
+++ b/src/basic/unit-file.c
@@ -280,6 +280,7 @@ int unit_file_build_name_map(
_cleanup_hashmap_free_ Hashmap *ids = NULL, *names = NULL;
_cleanup_set_free_free_ Set *paths = NULL;
+ _cleanup_strv_free_ char **expanded_search_paths = NULL;
uint64_t timestamp_hash;
char **dir;
int r;
@@ -299,6 +300,34 @@ int unit_file_build_name_map(
return log_oom();
}
+ /* Go over all our search paths, chase their symlinks and store the
+ * result in the expanded_search_paths list.
+ *
+ * This is important for cases where any of the unit directories itself
+ * are symlinks into other directories and would therefore cause all of
+ * the unit files to be recognized as linked units.
+ *
+ * This is important for distributions such as NixOS where most paths
+ * in /etc/ are symlinks to some other location on the filesystem (e.g.
+ * into /nix/store/).
+ */
+ STRV_FOREACH(dir, (char**) lp->search_path) {
+ _cleanup_free_ char *resolved_dir = NULL;
+ r = strv_extend(&expanded_search_paths, *dir);
+ if (r < 0)
+ return log_oom();
+
+ r = chase_symlinks(*dir, NULL, 0, &resolved_dir, NULL);
+ if (r < 0) {
+ if (r != -ENOENT)
+ log_warning_errno(r, "Failed to resolve symlink %s, ignoring: %m", *dir);
+ continue;
+ }
+
+ if (strv_consume(&expanded_search_paths, TAKE_PTR(resolved_dir)) < 0)
+ return log_oom();
+ }
+
STRV_FOREACH(dir, (char**) lp->search_path) {
_cleanup_closedir_ DIR *d = NULL;
@@ -424,11 +453,11 @@ int unit_file_build_name_map(
continue;
}
- /* Check if the symlink goes outside of our search path.
+ /* Check if the symlink goes outside of our (expanded) search path.
* If yes, it's a linked unit file or mask, and we don't care about the target name.
* Let's just store the link source directly.
* If not, let's verify that it's a good symlink. */
- char *tail = path_startswith_strv(simplified, lp->search_path);
+ char *tail = path_startswith_strv(simplified, expanded_search_paths);
if (!tail) {
log_debug("%s: linked unit file: %s → %s",
__func__, filename, simplified);
--
2.35.1

93
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch vendored
View File

@ -1,93 +0,0 @@
From 925d668d820d728ec58e470fd64cdff1504d8e04 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Fri, 21 Jan 2022 19:17:11 +0100
Subject: [PATCH 7/8] Revert "getty: Pass tty to use by agetty via stdin"
This reverts commit b4bf9007cbee7dc0b1356897344ae2a7890df84c.
This is to work around a SELinux denial that happens when setting up standard
input for serial consoles (which is used for SSH connections).
---
units/console-getty.service.in | 4 +---
units/container-getty@.service.in | 4 +---
units/getty@.service.in | 4 +---
units/serial-getty@.service.in | 4 +---
4 files changed, 4 insertions(+), 12 deletions(-)
diff --git a/units/console-getty.service.in b/units/console-getty.service.in
index 73871d6f50..bb67541dce 100644
--- a/units/console-getty.service.in
+++ b/units/console-getty.service.in
@@ -23,12 +23,10 @@ ConditionPathExists=/dev/console
# The '-o' option value tells agetty to replace 'login' arguments with an
# option to preserve environment (-p), followed by '--' for safety, and then
# the entered username.
-ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud - 115200,38400,9600 $TERM
+ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud console 115200,38400,9600 $TERM
Type=idle
Restart=always
UtmpIdentifier=cons
-StandardInput=tty
-StandardOutput=tty
TTYPath=/dev/console
TTYReset=yes
TTYVHangup=yes
diff --git a/units/container-getty@.service.in b/units/container-getty@.service.in
index a6e3f94e2a..ed1eb7bde1 100644
--- a/units/container-getty@.service.in
+++ b/units/container-getty@.service.in
@@ -28,13 +28,11 @@ Before=rescue.service
# The '-o' option value tells agetty to replace 'login' arguments with an
# option to preserve environment (-p), followed by '--' for safety, and then
# the entered username.
-ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud - 115200,38400,9600 $TERM
+ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud pts/%I 115200,38400,9600 $TERM
Type=idle
Restart=always
RestartSec=0
UtmpIdentifier=pts/%I
-StandardInput=tty
-StandardOutput=tty
TTYPath=/dev/pts/%I
TTYReset=yes
TTYVHangup=yes
diff --git a/units/getty@.service.in b/units/getty@.service.in
index 21d66f9367..78deb7cffe 100644
--- a/units/getty@.service.in
+++ b/units/getty@.service.in
@@ -38,13 +38,11 @@ ConditionPathExists=/dev/tty0
# The '-o' option value tells agetty to replace 'login' arguments with an
# option to preserve environment (-p), followed by '--' for safety, and then
# the entered username.
-ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear - $TERM
+ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear %I $TERM
Type=idle
Restart=always
RestartSec=0
UtmpIdentifier=%I
-StandardInput=tty
-StandardOutput=tty
TTYPath=/dev/%I
TTYReset=yes
TTYVHangup=yes
diff --git a/units/serial-getty@.service.in b/units/serial-getty@.service.in
index 2433124c55..bb7af3105d 100644
--- a/units/serial-getty@.service.in
+++ b/units/serial-getty@.service.in
@@ -33,12 +33,10 @@ Before=rescue.service
# The '-o' option value tells agetty to replace 'login' arguments with an
# option to preserve environment (-p), followed by '--' for safety, and then
# the entered username.
-ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,57600,38400,9600 - $TERM
+ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,57600,38400,9600 %I $TERM
Type=idle
Restart=always
UtmpIdentifier=%I
-StandardInput=tty
-StandardOutput=tty
TTYPath=/dev/%I
TTYReset=yes
TTYVHangup=yes
--
2.35.1

2
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-default.preset vendored
View File

@ -1,2 +0,0 @@
# Do not enable any services if /etc is detected as empty.
disable *

27
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/nsswitch.conf vendored Normal file
View File

@ -0,0 +1,27 @@
# Sample nss configuration for systemd
# systemd-specific modules
# See the manual pages fore further information.
# nss-myhostname - host resolution for the local hostname
# nss-mymachines - host, user, group resolution for containers
# nss-resolve - host resolution using resolved
# nss-systemd - dynamic user/group resolution (DynamicUser in unit files)
passwd: files mymachines systemd
shadow: files
group: files mymachines systemd
gshadow: files
hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
networks: files
services: db files
protocols: db files
rpc: db files
ethers: db files
netmasks: files
netgroup: files
bootparams: files
automount: files
aliases: files

19
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf vendored
View File

@ -1,19 +0,0 @@
# The list of directories is taken from Gentoo ebuild, where they use
# keepdir. The list isn't sorted, but tries to preserve the order of
# keepdir lines from Gentoo ebuild for easier comparisons. We skip the
# directories in /usr, though.
d /etc/binfmt.d - - - - -
d /etc/modules-load.d - - - - -
d /etc/tmpfiles.d - - - - -
d /etc/kernel/install.d - - - - -
d /etc/systemd/network - - - - -
d /etc/systemd/system - - - - -
d /etc/systemd/user - - - - -
d /etc/udev/rules.d - - - - -
d /etc/udev/hwdb.d - - - - -
d /var/lib/systemd - - - - -
d /var/log/journal - - - - -
d /etc/sysctl.d - - - - -
# This seems to be our own addition.
d /var/log/journal/remote - systemd-journal-remote systemd-journal-remote - -

2
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-resolv.conf vendored
View File

@ -1,2 +0,0 @@
d /run/systemd/network - - - - -
L /run/systemd/network/resolv.conf - - - - ../resolve/resolv.conf

5
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-user.pam vendored Normal file
View File

@ -0,0 +1,5 @@
account include system-auth
session required pam_loginuid.so
session include system-auth
session optional pam_systemd.so

8
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml vendored
View File

@ -18,18 +18,17 @@
<flag name="gnuefi">Enable EFI boot manager and stub loader (built using <pkg>sys-boot/gnu-efi</pkg>)</flag> <flag name="gnuefi">Enable EFI boot manager and stub loader (built using <pkg>sys-boot/gnu-efi</pkg>)</flag>
<flag name="elfutils">Enable coredump stacktraces in the journal</flag> <flag name="elfutils">Enable coredump stacktraces in the journal</flag>
<flag name="fido2">Enable FIDO2 support</flag> <flag name="fido2">Enable FIDO2 support</flag>
<flag name="gcrypt">Enable sealing of journal files using gcrypt</flag> <flag name="gcrypt">Enable use of <pkg>dev-libs/libgcrypt</pkg> for various features</flag>
<flag name="homed">Enable portable home directories</flag> <flag name="homed">Enable portable home directories</flag>
<flag name="hostnamed-fallback">Enable setting hostname with networkd/hostnamed without polkit (requires running <pkg>sys-apps/dbus-broker</pkg>)</flag> <flag name="hostnamed-fallback">Enable setting hostname with networkd/hostnamed without polkit (requires running <pkg>sys-apps/dbus-broker</pkg>)</flag>
<flag name="http">Enable embedded HTTP server in journald</flag> <flag name="http">Enable embedded HTTP server in journald</flag>
<flag name="importd">Enable import daemon</flag> <flag name="importd">Enable import daemon</flag>
<flag name="iptables">Use libiptc from <pkg>net-firewall/iptables</pkg> for NAT support in systemd-networkd; this is used only if the running kernel does not support nftables</flag>
<flag name="kmod">Enable kernel module loading via <pkg>sys-apps/kmod</pkg></flag> <flag name="kmod">Enable kernel module loading via <pkg>sys-apps/kmod</pkg></flag>
<flag name="lz4">Enable lz4 compression for the journal</flag> <flag name="lz4">Enable lz4 compression for the journal</flag>
<flag name="nat">Enable support for network address translation in networkd</flag> <flag name="openssl">Enable use of <pkg>dev-libs/openssl</pkg> for various features</flag>
<flag name="openssl">Enable use of <pkg>dev-libs/openssl</pkg></flag>
<flag name="pkcs11">Enable PKCS#11 support for cryptsetup and homed</flag> <flag name="pkcs11">Enable PKCS#11 support for cryptsetup and homed</flag>
<flag name="pwquality">Enable password quality checking in homed</flag> <flag name="pwquality">Enable password quality checking in homed</flag>
<flag name="repart">Enable support for growing/adding partitions</flag>
<flag name="qrcode">Enable qrcode output support in journal</flag> <flag name="qrcode">Enable qrcode output support in journal</flag>
<flag name="resolvconf">Install resolvconf symlink for systemd-resolve</flag> <flag name="resolvconf">Install resolvconf symlink for systemd-resolve</flag>
<flag name="sysv-utils">Install sysvinit compatibility symlinks and manpages for init, telinit, halt, poweroff, reboot, runlevel, and shutdown</flag> <flag name="sysv-utils">Install sysvinit compatibility symlinks and manpages for init, telinit, halt, poweroff, reboot, runlevel, and shutdown</flag>
@ -39,5 +38,6 @@
</use> </use>
<upstream> <upstream>
<remote-id type="github">systemd/systemd</remote-id> <remote-id type="github">systemd/systemd</remote-id>
<remote-id type="github">systemd/systemd-stable</remote-id>
</upstream> </upstream>
</pkgmetadata> </pkgmetadata>

1
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.3-r1.ebuild vendored
View File

@ -1 +0,0 @@
systemd-250.3.ebuild

308
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.3.ebuild → sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.7.ebuild vendored
View File

@ -6,6 +6,9 @@ PYTHON_COMPAT=( python3_{8..10} )
# Avoid QA warnings # Avoid QA warnings
TMPFILES_OPTIONAL=1 TMPFILES_OPTIONAL=1
UDEV_OPTIONAL=1
QA_PKGCONFIG_VERSION=$(ver_cut 1)
if [[ ${PV} == 9999 ]]; then if [[ ${PV} == 9999 ]]; then
EGIT_REPO_URI="https://github.com/systemd/systemd.git" EGIT_REPO_URI="https://github.com/systemd/systemd.git"
@ -20,23 +23,20 @@ else
MY_P=${MY_PN}-${MY_PV} MY_P=${MY_PN}-${MY_PV}
S=${WORKDIR}/${MY_P} S=${WORKDIR}/${MY_P}
SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
# Flatcar: Stabilize for amd64 and arm64. KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86"
KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
fi fi
# Flatcar: We don't use gen_usr_ldscript so dropping usr-ldscript. inherit bash-completion-r1 flag-o-matic linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev usr-ldscript
# Adding tmpfiles, since we use it for installing some files.
inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev tmpfiles
DESCRIPTION="System and service manager for Linux" DESCRIPTION="System and service manager for Linux"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd" HOMEPAGE="http://systemd.io/"
LICENSE="GPL-2 LGPL-2.1 MIT public-domain" LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
SLOT="0/2" SLOT="0/2"
IUSE=" IUSE="
acl apparmor audit build cgroup-hybrid cryptsetup curl +dns-over-tls elfutils acl apparmor audit build cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
fido2 +gcrypt gnuefi gnutls homed hostnamed-fallback http idn importd +kmod fido2 +gcrypt gnuefi gnutls homed hostnamed-fallback http idn importd iptables +kmod
+lz4 lzma nat +openssl pam pcre pkcs11 policykit pwquality qrcode +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
+resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd
" "
REQUIRED_USE=" REQUIRED_USE="
@ -72,7 +72,7 @@ COMMON_DEPEND="
kmod? ( >=sys-apps/kmod-15:0= ) kmod? ( >=sys-apps/kmod-15:0= )
lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
nat? ( net-firewall/iptables:0= ) iptables? ( net-firewall/iptables:0= )
openssl? ( >=dev-libs/openssl-1.1.0:0= ) openssl? ( >=dev-libs/openssl-1.1.0:0= )
pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
pkcs11? ( app-crypt/p11-kit:0= ) pkcs11? ( app-crypt/p11-kit:0= )
@ -125,7 +125,10 @@ RDEPEND="${COMMON_DEPEND}
acct-group/systemd-hostname acct-group/systemd-hostname
sys-apps/dbus-broker sys-apps/dbus-broker
) )
selinux? ( sec-policy/selinux-base-policy[systemd] ) selinux? (
sec-policy/selinux-base-policy[systemd]
sec-policy/selinux-ntp
)
sysv-utils? ( sysv-utils? (
!sys-apps/openrc[sysv-utils(-)] !sys-apps/openrc[sysv-utils(-)]
!sys-apps/sysvinit !sys-apps/sysvinit
@ -144,9 +147,8 @@ RDEPEND="${COMMON_DEPEND}
" "
# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) # sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
#
# Flatcar: We don't have sys-fs/udev-init-scripts-34, so it's dropped.
PDEPEND=">=sys-apps/dbus-1.9.8[systemd] PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
>=sys-fs/udev-init-scripts-34
policykit? ( sys-auth/polkit ) policykit? ( sys-auth/polkit )
!vanilla? ( sys-apps/gentoo-systemd-integration )" !vanilla? ( sys-apps/gentoo-systemd-integration )"
@ -185,7 +187,7 @@ pkg_pretend() {
ewarn "See https://bugs.gentoo.org/674458." ewarn "See https://bugs.gentoo.org/674458."
fi fi
local CONFIG_CHECK="~AUTOFS4_FS ~BINFMT_MISC ~BLK_DEV_BSG ~CGROUPS local CONFIG_CHECK=" ~BINFMT_MISC ~BLK_DEV_BSG ~CGROUPS
~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
@ -199,10 +201,16 @@ pkg_pretend() {
kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES" kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF" kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
if kernel_is -lt 5 10 20; then if kernel_is -ge 5 10 20; then
CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
else
CONFIG_CHECK+=" ~KCMP" CONFIG_CHECK+=" ~KCMP"
else
CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
fi
if kernel_is -ge 4 18; then
CONFIG_CHECK+=" ~AUTOFS_FS"
else
CONFIG_CHECK+=" ~AUTOFS4_FS"
fi fi
if linux_config_exists; then if linux_config_exists; then
@ -241,14 +249,6 @@ src_prepare() {
# Add local patches here # Add local patches here
PATCHES+=( PATCHES+=(
# Flatcar: Adding our own patches here.
"${FILESDIR}/0001-wait-online-set-any-by-default.patch"
"${FILESDIR}/0002-networkd-default-to-kernel-IPForwarding-setting.patch"
"${FILESDIR}/0003-needs-update-don-t-require-strictly-newer-usr.patch"
"${FILESDIR}/0004-core-use-max-for-DefaultTasksMax.patch"
"${FILESDIR}/0005-systemd-Disable-SELinux-permissions-checks.patch"
"${FILESDIR}/0006-core-handle-lookup-paths-being-symlinks.patch"
"${FILESDIR}/0007-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch"
) )
if ! use vanilla; then if ! use vanilla; then
@ -259,21 +259,6 @@ src_prepare() {
) )
fi fi
# Flatcar: The Kubelet takes /etc/resolv.conf for, e.g.,
# CoreDNS which has dnsPolicy "default", but unless the
# kubelet --resolv-conf flag is set to point to
# /run/systemd/resolve/resolv.conf this won't work with
# /etc/resolv.conf pointing to
# /run/systemd/resolve/stub-resolv.conf which configures
# 127.0.0.53. See
# https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/#known-issues
# This means that users who need split DNS to work should
# point /etc/resolv.conf back to
# /run/systemd/resolve/stub-resolv.conf (and if using K8s
# configure the kubelet resolvConf variable/--resolv-conf flag
# to /run/systemd/resolve/resolv.conf).
sed -i -e 's,/run/systemd/resolve/stub-resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/systemd-resolve.conf || die
default default
} }
@ -281,28 +266,38 @@ src_configure() {
# Prevent conflicts with i686 cross toolchain, bug 559726 # Prevent conflicts with i686 cross toolchain, bug 559726
tc-export AR CC NM OBJCOPY RANLIB tc-export AR CC NM OBJCOPY RANLIB
# Broken with FORTIFY_SOURCE=3 without a patch. And the patch
# wasn't backported to 250.x, but it turns out to break Clang
# anyway: bug #841770.
#
# Our toolchain sets F_S=2 by default w/ >= -O2, so we need
# to unset F_S first, then explicitly set 2, to negate any default
# and anything set by the user if they're choosing 3 (or if they've
# modified GCC to set 3).
#
if is-flagq '-O[23]' || is-flagq '-Ofast' ; then
# We can't unconditionally do this b/c we fortify needs
# some level of optimisation.
filter-flags -D_FORTIFY_SOURCE=3
append-cppflags -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
fi
python_setup python_setup
multilib-minimal_src_configure multilib-minimal_src_configure
} }
# Flatcar: Our function, we use it in some places below.
get_rootprefix() {
usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr"
}
multilib_src_configure() { multilib_src_configure() {
local myconf=( local myconf=(
--localstatedir="${EPREFIX}/var" --localstatedir="${EPREFIX}/var"
# Flatcar: Point to our user mailing list. -Dsupport-url="https://gentoo.org/support/"
-Dsupport-url="https://groups.google.com/forum/#!forum/flatcar-linux-user"
-Dpamlibdir="$(getpam_mod_dir)" -Dpamlibdir="$(getpam_mod_dir)"
# avoid bash-completion dep # avoid bash-completion dep
-Dbashcompletiondir="$(get_bashcompdir)" -Dbashcompletiondir="$(get_bashcompdir)"
# make sure we get /bin:/sbin in PATH # make sure we get /bin:/sbin in PATH
$(meson_use split-usr) $(meson_use split-usr)
-Dsplit-bin=true -Dsplit-bin=true
-Drootprefix="$(get_rootprefix)" -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
-Drootlibdir="${EPREFIX}/usr/$(get_libdir)" -Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
# Avoid infinite exec recursion, bug 642724 # Avoid infinite exec recursion, bug 642724
-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
@ -333,7 +328,7 @@ multilib_src_configure() {
$(meson_use lz4) $(meson_use lz4)
$(meson_use lzma xz) $(meson_use lzma xz)
$(meson_use zstd) $(meson_use zstd)
$(meson_native_use_bool nat libiptc) $(meson_native_use_bool iptables libiptc)
$(meson_native_use_bool openssl) $(meson_native_use_bool openssl)
$(meson_use pam) $(meson_use pam)
$(meson_native_use_bool pkcs11 p11kit) $(meson_native_use_bool pkcs11 p11kit)
@ -346,11 +341,9 @@ multilib_src_configure() {
$(meson_native_use_bool tpm tpm2) $(meson_native_use_bool tpm tpm2)
$(meson_native_use_bool test dbus) $(meson_native_use_bool test dbus)
$(meson_native_use_bool xkb xkbcommon) $(meson_native_use_bool xkb xkbcommon)
# Flatcar: Use our ntp servers. -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
-Dntp-servers="0.flatcar.pool.ntp.org 1.flatcar.pool.ntp.org 2.flatcar.pool.ntp.org 3.flatcar.pool.ntp.org"
# Breaks screen, tmux, etc. # Breaks screen, tmux, etc.
-Ddefault-kill-user-processes=false -Ddefault-kill-user-processes=false
# Flatcar: TODO: Investigate if we want this.
-Dcreate-log-dirs=false -Dcreate-log-dirs=false
# multilib options # multilib options
@ -373,41 +366,6 @@ multilib_src_configure() {
$(meson_native_true timesyncd) $(meson_native_true timesyncd)
$(meson_native_true tmpfiles) $(meson_native_true tmpfiles)
$(meson_native_true vconsole) $(meson_native_true vconsole)
# Flatcar: Specify this, or meson breaks due to no
# /etc/login.defs.
-Dsystem-gid-max=999
-Dsystem-uid-max=999
# Flatcar: DBus paths.
-Ddbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services"
-Ddbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services"
# Flatcar: PAM config directory.
-Dpamconfdir=/usr/share/pam.d
# Flatcar: The CoreOS epoch, Mon Jul 1 00:00:00 UTC
# 2013. Used by timesyncd as a sanity check for the
# minimum acceptable time. Explicitly set to avoid
# using the current build time.
-Dtime-epoch=1372636800
# Flatcar: No default name servers.
-Ddns-servers=
# Flatcar: Disable the "First Boot Wizard", it isn't
# very applicable to us.
-Dfirstboot=false
# Flatcar: Set latest network interface naming scheme
# for
# https://github.com/flatcar/Flatcar/issues/36
-Ddefault-net-naming-scheme=latest
# Flatcar: Unported options, still needed?
-Defi-cc="$(tc-getCC)"
-Dquotaon-path=/usr/sbin/quotaon
-Dquotacheck-path=/usr/sbin/quotacheck
) )
meson_src_configure "${myconf[@]}" meson_src_configure "${myconf[@]}"
@ -425,9 +383,7 @@ multilib_src_install_all() {
mv "${ED}"/usr/share/doc/{systemd,${PF}} || die mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
einstalldocs einstalldocs
# Flatcar: Do not install sample nsswitch.conf, we don't dodoc "${FILESDIR}"/nsswitch.conf
# provide it.
# dodoc "${FILESDIR}"/nsswitch.conf
if ! use resolvconf; then if ! use resolvconf; then
rm -f "${ED}${rootprefix}"/sbin/resolvconf || die rm -f "${ED}${rootprefix}"/sbin/resolvconf || die
@ -449,30 +405,26 @@ multilib_src_install_all() {
# https://bugs.gentoo.org/761763 # https://bugs.gentoo.org/761763
rm -r "${ED}"/usr/lib/sysusers.d || die rm -r "${ED}"/usr/lib/sysusers.d || die
# Flatcar: Upstream uses keepdir commands to keep some empty # Preserve empty dirs in /etc & /var, bug #437008
# directories. We use tmpfiles. keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
# # Preserve empty dirs in /etc & /var, bug #437008 keepdir /etc/kernel/install.d
# keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} keepdir /etc/systemd/{network,system,user}
# keepdir /etc/kernel/install.d keepdir /etc/udev/rules.d
# keepdir /etc/systemd/{network,system,user}
# keepdir /etc/udev/rules.d
#
# keepdir /etc/udev/hwdb.d
#
# keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
# keepdir /usr/lib/{binfmt.d,modules-load.d}
# keepdir /usr/lib/systemd/user-generators
# keepdir /var/lib/systemd
# keepdir /var/log/journal
# Flatcar: No migrations happening here. keepdir /etc/udev/hwdb.d
# # Symlink /etc/sysctl.conf for easy migration.
# dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
# Flatcar: Do not install a pam policy, we have our own. keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
# if use pam; then keepdir /usr/lib/{binfmt.d,modules-load.d}
# newpamd "${FILESDIR}"/systemd-user.pam systemd-user keepdir /usr/lib/systemd/user-generators
# fi keepdir /var/lib/systemd
keepdir /var/log/journal
# Symlink /etc/sysctl.conf for easy migration.
dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
if use pam; then
newpamd "${FILESDIR}"/systemd-user.pam systemd-user
fi
if use split-usr; then if use split-usr; then
# Avoid breaking boot/reboot # Avoid breaking boot/reboot
@ -490,115 +442,7 @@ multilib_src_install_all() {
doins "${FILESDIR}/00-hostnamed-network-user.conf" doins "${FILESDIR}/00-hostnamed-network-user.conf"
fi fi
# Flatcar: gen_usr_ldscript is likely for static libs, so we gen_usr_ldscript -a systemd udev
# dropped it.
# gen_usr_ldscript -a systemd udev
# Flatcar: Ensure journal directory has correct ownership/mode
# in inital image. This is fixed by systemd-tmpfiles *but*
# journald starts before that and will create the journal if
# the filesystem is already read-write. Conveniently the
# systemd Makefile sets this up completely wrong.
#
# Flatcar: TODO: Is this still a problem?
dodir /var/log/journal
fowners root:systemd-journal /var/log/journal
fperms 2755 /var/log/journal
# Flatcar: Don't prune systemd dirs.
dotmpfiles "${FILESDIR}"/systemd-flatcar.conf
# Flatcar: Add tmpfiles rule for resolv.conf. This path has
# changed after v213 so it must be handled here instead of
# baselayout now.
dotmpfiles "${FILESDIR}"/systemd-resolv.conf
# Flatcar: Don't default to graphical.target.
local unitdir=$(builddir_systemd_get_systemunitdir)
dosym multi-user.target "${unitdir}"/default.target
# Flatcar: Don't set any extra environment variables by default.
rm "${ED}/usr/lib/environment.d/99-environment.conf" || die
# Flatcar: These lines more or less follow the systemd's
# preset file (90-systemd.preset). We do it that way, to avoid
# putting symlinks in /etc. Please keep the lines in the same
# order as the "enable" lines appear in the preset file. For a
# single enable line in preset, there may be more lines if the
# unit file had Also: clause which has units we enable here
# too.
# Flatcar: enable remote-fs.target
builddir_systemd_enable_service multi-user.target remote-fs.target
# Flatcar: enable remote-cryptsetup.target
if use cryptsetup; then
builddir_systemd_enable_service multi-user.target remote-cryptsetup.target
fi
# Flatcar: enable machines.target
builddir_systemd_enable_service multi-user.target machines.target
# Flatcar: enable getty@.service
dodir "${unitdir}/getty.target.wants"
dosym ../getty@.service "${unitdir}/getty.target.wants/getty@tty1.service"
# Flatcar: enable systemd-timesyncd.service
builddir_systemd_enable_service sysinit.target systemd-timesyncd.service
# Flatcar: enable systemd-networkd.service (Also: systemd-networkd.socket, systemd-networkd-wait-online.service)
builddir_systemd_enable_service multi-user.target systemd-networkd.service
builddir_systemd_enable_service sockets.target systemd-networkd.socket
builddir_systemd_enable_service network-online.target systemd-networkd-wait-online.service
# Flatcar: enable systemd-network-generator.service
builddir_systemd_enable_service sysinit.target systemd-network-generator.service
# Flatcar: enable systemd-resolved.service
builddir_systemd_enable_service multi-user.target systemd-resolved.service
# Flatcar: enable systemd-homed.service (Also: systemd-userdbd.service [not enabled - has no WantedBy entry])
if use homed; then
builddir_systemd_enable_service multi-user.target systemd-homed.target
fi
# Flatcar: enable systemd-userdbd.socket
builddir_systemd_enable_service sockets.target systemd-userdbd.socket
# Flatcar: enable systemd-pstore.service
builddir_systemd_enable_service sysinit.target systemd-pstore.service
# Flatcar: enable systemd-boot-update.service
if use gnuefi; then
builddir_systemd_enable_service sysinit.target systemd-boot-update.service
fi
# Flatcar: enable reboot.target (not enabled - has no WantedBy
# entry)
# Flatcar: enable systemd-sysext.service by default
builddir_systemd_enable_service sysinit.target systemd-sysext.service
# Flatcar: Use an empty preset file, because systemctl
# preset-all puts symlinks in /etc, not in /usr. We don't use
# /etc, because it is not autoupdated. We do the "preset" above.
rm "${ED}$(usex split-usr '' /usr)/lib/systemd/system-preset/90-systemd.preset" || die
insinto $(usex split-usr '' /usr)/lib/systemd/system-preset
doins "${FILESDIR}"/99-default.preset
# Flatcar: Do not ship distro-specific files (nsswitch.conf
# pam.d). This conflicts with our own configuration provided
# by baselayout.
rm -rf "${ED}"/usr/share/factory
sed -i "${ED}"/usr/lib/tmpfiles.d/etc.conf \
-e '/^C!* \/etc\/nsswitch\.conf/d' \
-e '/^C!* \/etc\/pam\.d/d' \
-e '/^C!* \/etc\/issue/d'
}
# Flatcar: Our own version of systemd_get_systemunitdir, that returns
# a path inside /usr, not /etc.
builddir_systemd_get_systemunitdir() {
echo "$(get_rootprefix)/lib/systemd/system"
}
# Flatcar: Our own version of systemd_enable_service, that does
# operations inside /usr, not /etc.
builddir_systemd_enable_service() {
local target=${1}
local service=${2}
local ud=$(builddir_systemd_get_systemunitdir)
local destname=${service##*/}
dodir "${ud}"/"${target}".wants && \
dosym ../"${service}" "${ud}"/"${target}".wants/"${destname}"
} }
migrate_locale() { migrate_locale() {
@ -676,15 +520,13 @@ pkg_postinst() {
# between OpenRC & systemd # between OpenRC & systemd
migrate_locale migrate_locale
# Flatcar: We enable getty and remote-fs targets in /usr if [[ -z ${REPLACING_VERSIONS} ]]; then
# ourselves above. if type systemctl &>/dev/null; then
# if [[ -z ${REPLACING_VERSIONS} ]]; then systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
# if type systemctl &>/dev/null; then fi
# systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 elog "To enable a useful set of services, run the following:"
# fi elog " systemctl preset-all --preset-mode=enable-only"
# elog "To enable a useful set of services, run the following:" fi
# elog " systemctl preset-all --preset-mode=enable-only"
# fi
if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
rm "${EROOT}/var/lib/systemd/timesync" rm "${EROOT}/var/lib/systemd/timesync"
@ -696,6 +538,14 @@ pkg_postinst() {
eerror "systemd again." eerror "systemd again."
eerror eerror
fi fi
if use hostnamed-fallback; then
if ! systemctl --root="${ROOT:-/}" is-enabled --quiet dbus-broker.service 2>/dev/null; then
ewarn "dbus-broker.service is not enabled, systemd-hostnamed will fail to run."
ewarn "To enable dbus-broker.service run the next command as root:"
ewarn "systemctl enable dbus-broker.service"
fi
fi
} }
pkg_prerm() { pkg_prerm() {