From c5a3b00250ca4abcab507629f3509979e063b6bd Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Tue, 12 May 2015 13:20:26 -0700
Subject: [PATCH 1/4] ntp: do not enable ntpd by default

---
 .../net-misc/ntp/ntp-4.2.8-r1.ebuild          | 102 ------------------
 ...tp-4.2.8-r2.ebuild => ntp-4.2.8-r3.ebuild} |   1 -
 2 files changed, 103 deletions(-)
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/ntp/ntp-4.2.8-r1.ebuild
 rename sdk_container/src/third_party/coreos-overlay/net-misc/ntp/{ntp-4.2.8-r2.ebuild => ntp-4.2.8-r3.ebuild} (98%)

diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/ntp-4.2.8-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/ntp-4.2.8-r1.ebuild
deleted file mode 100644
index 73cbd6a1b0..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/ntp-4.2.8-r1.ebuild
+++ /dev/null
@@ -1,102 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/ntp/ntp-4.2.8-r1.ebuild,v 1.4 2014/12/22 15:04:43 hwoarang Exp $
-
-EAPI="4"
-
-inherit autotools eutils toolchain-funcs flag-o-matic user systemd
-
-MY_P=${P/_p/p}
-DESCRIPTION="Network Time Protocol suite/programs"
-HOMEPAGE="http://www.ntp.org/"
-SRC_URI="http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-${PV:0:3}/${MY_P}.tar.gz
-	mirror://gentoo/${MY_P}-manpages.tar.bz2"
-
-LICENSE="HPND BSD ISC"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux ~m68k-mint"
-IUSE="caps debug doc ipv6 openntpd parse-clocks perl samba selinux snmp ssl vim-syntax zeroconf"
-
-CDEPEND=">=sys-libs/ncurses-5.2
-	>=sys-libs/readline-4.1
-	>=dev-libs/libevent-2.0.9
-	kernel_linux? ( caps? ( sys-libs/libcap ) )
-	zeroconf? ( net-dns/avahi[mdnsresponder-compat] )
-	!openntpd? ( !net-misc/openntpd )
-	snmp? ( net-analyzer/net-snmp )
-	ssl? ( dev-libs/openssl )
-	parse-clocks? ( net-misc/pps-tools )"
-DEPEND="${CDEPEND}
-	virtual/pkgconfig"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-ntp )
-	vim-syntax? ( app-vim/ntp-syntax )"
-PDEPEND="openntpd? ( net-misc/openntpd )"
-
-S=${WORKDIR}/${MY_P}
-
-pkg_setup() {
-	enewgroup ntp 123
-	enewuser ntp 123 -1 /dev/null ntp
-}
-
-src_prepare() {
-	epatch "${FILESDIR}"/${PN}-4.2.4_p7-nano.patch #270483
-	epatch "${FILESDIR}"/${P}-ntp-keygen-no-openssl.patch #533238
-	use perl || epatch "${FILESDIR}"/${P}-disable-perl-scripts.patch
-	append-cppflags -D_GNU_SOURCE #264109
-	eautoreconf
-}
-
-src_configure() {
-	# avoid libmd5/libelf
-	export ac_cv_search_MD5Init=no ac_cv_header_md5_h=no
-	export ac_cv_lib_elf_nlist=no
-	# blah, no real configure options #176333
-	export ac_cv_header_dns_sd_h=$(usex zeroconf)
-	export ac_cv_lib_dns_sd_DNSServiceRegister=${ac_cv_header_dns_sd_h}
-	econf \
-		--with-lineeditlibs=readline,edit,editline \
-		--with-yielding-select \
-		--disable-local-libevent \
-		$(use_enable caps linuxcaps) \
-		$(use_enable parse-clocks) \
-		$(use_enable ipv6) \
-		$(use_enable debug debugging) \
-		$(use_enable samba ntp-signd) \
-		$(use_with snmp ntpsnmpd) \
-		$(use_with ssl crypto)
-}
-
-src_install() {
-	default
-	# move ntpd/ntpdate to sbin #66671
-	dodir /usr/sbin
-	mv "${ED}"/usr/bin/{ntpd,ntpdate} "${ED}"/usr/sbin/ || die "move to sbin"
-
-	dodoc INSTALL WHERE-TO-START
-	doman "${WORKDIR}"/man/*.[58]
-	use doc && dohtml -r html/*
-
-	insinto /usr/share/ntp
-	doins "${FILESDIR}"/ntp.conf
-
-	keepdir /var/lib/ntp
-	use prefix || fowners ntp:ntp /var/lib/ntp
-	systemd_newtmpfilesd "${FILESDIR}"/ntp.tmpfiles ntp.conf
-
-	if use openntpd ; then
-		cd "${ED}"
-		rm usr/sbin/ntpd || die
-		rm -r var/lib
-		rm usr/share/man/*/ntpd.8 || die
-	else
-		systemd_dounit "${FILESDIR}"/ntpd.service
-		use caps && sed -i '/ExecStart/ s|$| -u ntp:ntp|' "${ED}"/usr/lib/systemd/system/ntpd.service
-		systemd_enable_ntpunit 60-ntpd ntpd.service
-		systemd_enable_service multi-user.target ntpd.service
-	fi
-
-	systemd_dounit "${FILESDIR}"/ntpdate.service
-	systemd_dounit "${FILESDIR}"/sntp.service
-}
diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/ntp-4.2.8-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/ntp-4.2.8-r3.ebuild
similarity index 98%
rename from sdk_container/src/third_party/coreos-overlay/net-misc/ntp/ntp-4.2.8-r2.ebuild
rename to sdk_container/src/third_party/coreos-overlay/net-misc/ntp/ntp-4.2.8-r3.ebuild
index 9e4d0fdb57..77558008e0 100644
--- a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/ntp-4.2.8-r2.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/ntp-4.2.8-r3.ebuild
@@ -96,7 +96,6 @@ src_install() {
 		systemd_dounit "${FILESDIR}"/ntpd.service
 		use caps && sed -i '/ExecStart/ s|$| -u ntp:ntp|' "${ED}"/usr/lib/systemd/system/ntpd.service
 		systemd_enable_ntpunit 60-ntpd ntpd.service
-		systemd_enable_service multi-user.target ntpd.service
 	fi
 
 	systemd_dounit "${FILESDIR}"/ntpdate.service

From dc626a669efdb72b5a90acf950c78e4c17b5e789 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Tue, 12 May 2015 13:22:29 -0700
Subject: [PATCH 2/4] systemd: drop 218 ebuild

---
 .../sys-apps/systemd/systemd-218-r11.ebuild   | 573 ------------------
 1 file changed, 573 deletions(-)
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-218-r11.ebuild

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-218-r11.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-218-r11.ebuild
deleted file mode 100644
index f9f5f62d8e..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-218-r11.ebuild
+++ /dev/null
@@ -1,573 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/systemd-9999.ebuild,v 1.153 2014/12/26 19:58:55 floppym Exp $
-
-EAPI=5
-
-CROS_WORKON_PROJECT="coreos/systemd"
-CROS_WORKON_REPO="git://github.com"
-
-if [[ "${PV}" == 9999 ]]; then
-	# Use ~arch instead of empty keywords for compatibility with cros-workon
-	KEYWORDS="~amd64 ~arm ~x86"
-else
-	CROS_WORKON_COMMIT="85fa71efc8554c20f7886fbf9ec40e47dc4fcb57"
-	KEYWORDS="amd64 ~arm ~x86"
-fi
-
-# cros-workon must be imported first, in cases where cros-workon and
-# another eclass exports the same function (say src_compile) we want
-# the later eclass's version to win. Only need src_unpack from workon.
-inherit cros-workon
-
-AUTOTOOLS_AUTORECONF=yes
-AUTOTOOLS_PRUNE_LIBTOOL_FILES=all
-PYTHON_COMPAT=( python{2_7,3_2,3_3,3_4} )
-inherit autotools-utils bash-completion-r1 linux-info multilib \
-	multilib-minimal pam python-single-r1 systemd toolchain-funcs udev \
-	user
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="http://www.freedesktop.org/wiki/Software/systemd"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit cryptsetup curl doc elfutils gcrypt gudev http
-	idn introspection kdbus +kmod lz4 lzma pam policykit python qrcode +seccomp
-	selinux ssl sysv-utils terminal test vanilla xkb"
-
-# Gentoo removed the nls use flag, we'll keep it for now
-IUSE+=" nls symlink-usr"
-
-MINKV="3.8"
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.25:0=
-	sys-libs/libcap:0=
-	acl? ( sys-apps/acl:0= )
-	apparmor? ( sys-libs/libapparmor:0= )
-	audit? ( >=sys-process/audit-2:0= )
-	cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
-	curl? ( net-misc/curl:0= )
-	elfutils? ( >=dev-libs/elfutils-0.158:0= )
-	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
-	gudev? ( >=dev-libs/glib-2.34.3:2=[${MULTILIB_USEDEP}] )
-	http? (
-		>=net-libs/libmicrohttpd-0.9.33:0=
-		ssl? ( >=net-libs/gnutls-3.1.4:0= )
-	)
-	idn? ( net-dns/libidn:0= )
-	introspection? ( >=dev-libs/gobject-introspection-1.31.1:0= )
-	kmod? ( >=sys-apps/kmod-15:0= )
-	lz4? ( >=app-arch/lz4-0_p119:0=[${MULTILIB_USEDEP}] )
-	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
-	pam? ( virtual/pam:= )
-	python? ( ${PYTHON_DEPS} )
-	qrcode? ( media-gfx/qrencode:0= )
-	seccomp? ( sys-libs/libseccomp:0= )
-	selinux? ( sys-libs/libselinux:0= )
-	sysv-utils? (
-		!sys-apps/systemd-sysv-utils
-		!sys-apps/sysvinit )
-	terminal? ( >=dev-libs/libevdev-1.2:0=
-		>=x11-libs/libxkbcommon-0.5:0=
-		>=x11-libs/libdrm-2.4:0= )
-	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
-	abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
-	>=sys-apps/baselayout-2.2
-	!sys-auth/nss-myhostname
-	!<sys-libs/glibc-2.14
-	!sys-fs/eudev
-	!sys-fs/udev"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.6.8-r1:0[systemd]
-	>=sys-apps/hwids-20130717-r1[udev]
-	policykit? ( sys-auth/polkit )
-	!vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
-	app-arch/xz-utils:0
-	dev-util/gperf
-	>=dev-util/intltool-0.50
-	>=sys-apps/coreutils-8.16
-	>=sys-devel/binutils-2.23.1
-	>=sys-devel/gcc-4.6
-	>=sys-kernel/linux-headers-${MINKV}
-	virtual/pkgconfig
-	doc? ( >=dev-util/gtk-doc-1.18 )
-	python? ( dev-python/lxml[${PYTHON_USEDEP}] )
-	test? ( >=sys-apps/dbus-1.6.8-r1:0 )"
-
-# Not required when building from unpatched tarballs, but we build from git.
-DEPEND="${DEPEND}
-	app-text/docbook-xml-dtd:4.2
-	app-text/docbook-xml-dtd:4.5
-	app-text/docbook-xsl-stylesheets
-	dev-libs/libxslt:0
-	dev-libs/gobject-introspection
-	>=dev-libs/libgcrypt-1.4.5:0"
-
-pkg_pretend() {
-	local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS ~DEVTMPFS ~DMIID
-		~EPOLL ~FANOTIFY ~FHANDLE ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS
-		~SECCOMP ~SIGNALFD ~SYSFS ~TIMERFD ~TMPFS_XATTR
-		~!IDE ~!SYSFS_DEPRECATED ~!SYSFS_DEPRECATED_V2
-		~!GRKERNSEC_PROC ~!FW_LOADER_USER_HELPER"
-
-	use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
-	kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
-
-	if linux_config_exists; then
-		local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
-			if [ -n "${uevent_helper_path}" ] && [ "${uevent_helper_path}" != '""' ]; then
-				ewarn "It's recommended to set an empty value to the following kernel config option:"
-				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
-			fi
-	fi
-
-	if [[ ${MERGE_TYPE} != binary ]]; then
-		if [[ $(gcc-major-version) -lt 4
-			|| ( $(gcc-major-version) -eq 4 && $(gcc-minor-version) -lt 6 ) ]]
-		then
-			eerror "systemd requires at least gcc 4.6 to build. Please switch the active"
-			eerror "gcc version using gcc-config."
-			die "systemd requires at least gcc 4.6"
-		fi
-	fi
-
-	if [[ ${MERGE_TYPE} != buildonly ]]; then
-		if kernel_is -lt ${MINKV//./ }; then
-			ewarn "Kernel version at least ${MINKV} required"
-		fi
-
-		check_extra_config
-	fi
-}
-
-pkg_setup() {
-	use python && python-single-r1_pkg_setup
-}
-
-src_prepare() {
-	if use doc; then
-		gtkdocize --docdir docs/ || die
-	else
-		echo 'EXTRA_DIST =' > docs/gtk-doc.make
-	fi
-
-	# Bug 463376
-	sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
-
-	autotools-utils_src_prepare
-}
-
-src_configure() {
-	# Keep using the one where the rules were installed.
-	MY_UDEVDIR=$(get_udevdir)
-	# Fix systems broken by bug #509454.
-	[[ ${MY_UDEVDIR} ]] || MY_UDEVDIR=/lib/udev
-
-	multilib-minimal_src_configure
-}
-
-multilib_native_enable() {
-	if multilib_is_native_abi; then
-		echo "--enable-${1}"
-	else
-		echo "--disable-${1}"
-	fi
-}
-
-multilib_src_configure() {
-	local myeconfargs=(
-		--with-pamconfdir=/usr/share/pam.d
-
-		# Workaround for bug 516346
-		--enable-dependency-tracking
-
-		--disable-maintainer-mode
-		--localstatedir=/var
-		--with-pamlibdir=$(getpam_mod_dir)
-		# avoid bash-completion dep
-		--with-bashcompletiondir="$(get_bashcompdir)"
-		# make sure we get /bin:/sbin in $PATH
-		--enable-split-usr
-		# For testing.
-		--with-rootprefix="${ROOTPREFIX-/usr}"
-		--with-rootlibdir="${ROOTPREFIX-/usr}/$(get_libdir)"
-		# disable sysv compatibility
-		--with-sysvinit-path=
-		--with-sysvrcnd-path=
-		# no deps
-		--enable-efi
-		--enable-ima
-		# used for stacktraces in log messages, leave off for now
-		--disable-elfutils
-
-		# Optional components/dependencies
-		$(multilib_native_use_enable acl)
-		$(multilib_native_use_enable apparmor)
-		$(multilib_native_use_enable audit)
-		$(multilib_native_use_enable cryptsetup libcryptsetup)
-		$(multilib_native_use_enable curl libcurl)
-		$(multilib_native_use_enable doc gtk-doc)
-		$(multilib_native_use_enable elfutils)
-		$(use_enable gcrypt)
-		$(use_enable gudev)
-		$(multilib_native_use_enable http microhttpd)
-		$(usex http $(multilib_native_use_enable ssl gnutls) --disable-gnutls)
-		$(multilib_native_use_enable idn libidn)
-		$(multilib_native_use_enable introspection)
-		$(use_enable kdbus)
-		$(multilib_native_use_enable kmod)
-		$(use_enable lz4)
-		$(use_enable lzma xz)
-		$(use_enable nls)
-		$(multilib_native_use_enable pam)
-		$(multilib_native_use_enable policykit polkit)
-		$(multilib_native_use_with python)
-		$(multilib_native_use_enable python python-devel)
-		$(multilib_native_use_enable qrcode qrencode)
-		$(multilib_native_use_enable seccomp)
-		$(multilib_native_use_enable selinux)
-		$(multilib_native_use_enable terminal)
-		$(multilib_native_use_enable test tests)
-		$(multilib_native_use_enable test dbus)
-		$(multilib_native_use_enable xkb xkbcommon)
-
-		# Disable optional binaries for non-native abis
-		$(multilib_native_enable backlight)
-		$(multilib_native_enable binfmt)
-		$(multilib_native_enable bootchart)
-		$(multilib_native_enable coredump)
-		$(multilib_native_enable firstboot)
-		$(multilib_native_enable hibernate)
-		$(multilib_native_enable hostnamed)
-		$(multilib_native_enable localed)
-		$(multilib_native_enable logind)
-		$(multilib_native_enable machined)
-		$(multilib_native_enable networkd)
-		$(multilib_native_enable quotacheck)
-		$(multilib_native_enable randomseed)
-		$(multilib_native_enable resolved)
-		$(multilib_native_enable rfkill)
-		$(multilib_native_enable sysusers)
-		$(multilib_native_enable timedated)
-		$(multilib_native_enable timesyncd)
-		$(multilib_native_enable tmpfiles)
-		$(multilib_native_enable vconsole)
-
-		# not supported (avoid automagic deps in the future)
-		--disable-chkconfig
-
-		# hardcode a few paths to spare some deps
-		QUOTAON=/usr/sbin/quotaon
-		QUOTACHECK=/usr/sbin/quotacheck
-
-		# dbus paths
-		--with-dbuspolicydir="${EPREFIX}/usr/share/dbus-1/system.d"
-		--with-dbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services"
-		--with-dbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services"
-		--with-dbusinterfacedir="${EPREFIX}/usr/share/dbus-1/interfaces"
-
-		--with-ntp-servers="0.coreos.pool.ntp.org 1.coreos.pool.ntp.org 2.coreos.pool.ntp.org 3.coreos.pool.ntp.org"
-
-		# no default name servers
-		--with-dns-servers=
-	)
-
-	if ! multilib_is_native_abi; then
-		myeconfargs+=(
-			MOUNT_{CFLAGS,LIBS}=' '
-
-			ac_cv_search_cap_init=
-			ac_cv_header_sys_capability_h=yes
-		)
-	fi
-
-	# Work around bug 463846.
-	tc-export CC
-
-	autotools-utils_src_configure
-}
-
-multilib_src_compile() {
-	local mymakeopts=(
-		udevlibexecdir="${MY_UDEVDIR}"
-	)
-
-	if multilib_is_native_abi; then
-		emake "${mymakeopts[@]}"
-	else
-		# prerequisites for gudev
-		use gudev && emake src/gudev/gudev{enumtypes,marshal}.{c,h}
-
-		echo 'gentoo: $(BUILT_SOURCES)' | \
-		emake "${mymakeopts[@]}" -f Makefile -f - gentoo
-		echo 'gentoo: $(lib_LTLIBRARIES) $(pkgconfiglib_DATA)' | \
-		emake "${mymakeopts[@]}" -f Makefile -f - gentoo
-	fi
-}
-
-multilib_src_test() {
-	multilib_is_native_abi || continue
-
-	default
-}
-
-multilib_src_install() {
-	local mymakeopts=(
-		# automake fails with parallel libtool relinking
-		# https://bugs.gentoo.org/show_bug.cgi?id=491398
-		-j1
-
-		udevlibexecdir="${MY_UDEVDIR}"
-		dist_udevhwdb_DATA=
-		DESTDIR="${D}"
-	)
-
-	if multilib_is_native_abi; then
-		emake "${mymakeopts[@]}" install
-	else
-		mymakeopts+=(
-			install-libLTLIBRARIES
-			install-pkgconfiglibDATA
-			install-includeHEADERS
-			# safe to call unconditionally, 'installs' empty list
-			install-libgudev_includeHEADERS
-			install-pkgincludeHEADERS
-		)
-
-		emake "${mymakeopts[@]}"
-	fi
-
-	# install compat pkg-config files
-	# Change dbus to >=sys-apps/dbus-1.8.8 if/when this is dropped.
-	local pcfiles=( src/compat-libs/libsystemd-{daemon,id128,journal,login}.pc )
-	emake "${mymakeopts[@]}" install-pkgconfiglibDATA \
-		pkgconfiglib_DATA="${pcfiles[*]}"
-}
-
-multilib_src_install_all() {
-	prune_libtool_files --modules
-	einstalldocs
-
-	if use sysv-utils; then
-		local prefix
-		use symlink-usr && prefix=/usr
-		for app in halt poweroff reboot runlevel shutdown telinit; do
-			dosym /usr/bin/systemctl ${prefix}/sbin/${app}
-		done
-		dosym /usr/lib/systemd/systemd ${prefix}/sbin/init
-	else
-		# we just keep sysvinit tools, so no need for the mans
-		rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
-			|| die
-		rm "${D}"/usr/share/man/man1/init.1 || die
-	fi
-
-	# Ensure journal directory has correct ownership/mode in inital image.
-	# This is fixed by systemd-tmpfiles *but* journald starts before that
-	# and will create the journal if the filesystem is already read-write.
-	# Conveniently the systemd Makefile sets this up completely wrong.
-	dodir /var/log/journal
-	fowners root:systemd-journal /var/log/journal
-	fperms 2755 /var/log/journal
-
-	systemd_dotmpfilesd "${FILESDIR}"/systemd-coreos.conf
-	systemd_dotmpfilesd "${FILESDIR}"/systemd-resolv.conf
-
-	# Don't default to graphical.target
-	rm "${D}"/usr/lib/systemd/system/default.target || die
-	dosym multi-user.target /usr/lib/systemd/system/default.target
-
-	# Move a few services enabled in /etc to /usr
-	# systemd-timesyncd is left disabled, we currently use ntpd
-	rm -f "${D}"/etc/systemd/system/getty.target.wants/getty@tty1.service
-	rm -f "${D}"/etc/systemd/system/multi-user.target.wants/remote-fs.target
-	rm -f "${D}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service
-	rm -f "${D}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service
-	rm -f "${D}"/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service
-	rm -rf "${D}"/etc/systemd/system/network-online.target.wants
-	rmdir "${D}"/etc/systemd/system/getty.target.wants \
-		"${D}"/etc/systemd/system/multi-user.target.wants \
-		"${D}"/etc/systemd/system/sysinit.target.wants \
-		|| die
-
-	dosym ../getty@.service /usr/lib/systemd/system/getty.target.wants/getty@tty1.service
-	systemd_enable_service multi-user.target remote-fs.target
-	systemd_enable_service multi-user.target systemd-networkd.service
-	systemd_enable_service multi-user.target systemd-resolved.service
-	systemd_enable_service network-online.target systemd-networkd-wait-online.service
-
-	# Grant networkd access to set the transient host name
-	insinto /usr/share/polkit-1/rules.d
-	doins "${FILESDIR}"/99-org.freedesktop.hostname1.rules
-
-	# Do not enable random services if /etc was detected as empty!!!
-	rm "${D}"/usr/lib/systemd/system-preset/90-systemd.preset
-	insinto /usr/lib/systemd/system-preset
-	doins "${FILESDIR}"/99-default.preset
-
-	# Disable the "First Boot Wizard" by default, it isn't very applicable to CoreOS
-	rm "${D}"/usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service
-
-	# Do not ship distro-specific files (nsswitch.conf pam.d)
-	rm -rf "${D}"/usr/share/factory
-	sed -i "${D}"/usr/lib/tmpfiles.d/etc.conf \
-		-e '/^C \/etc\/nsswitch\.conf/d' \
-		-e '/^C \/etc\/pam\.d/d'
-}
-
-migrate_locale() {
-	local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
-	local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
-	local locale_conf="${EROOT%/}/etc/locale.conf"
-
-	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
-		# If locale.conf does not exist...
-		if [[ -e ${envd_locale} ]]; then
-			# ...either copy env.d/??locale if there's one
-			ebegin "Moving ${envd_locale} to ${locale_conf}"
-			mv "${envd_locale}" "${locale_conf}"
-			eend ${?} || FAIL=1
-		else
-			# ...or create a dummy default
-			ebegin "Creating ${locale_conf}"
-			cat > "${locale_conf}" <<-EOF
-				# This file has been created by the sys-apps/systemd ebuild.
-				# See locale.conf(5) and localectl(1).
-
-				# LANG=${LANG}
-			EOF
-			eend ${?} || FAIL=1
-		fi
-	fi
-
-	if [[ ! -L ${envd_locale} ]]; then
-		# now, if env.d/??locale is not a symlink (to locale.conf)...
-		if [[ -e ${envd_locale} ]]; then
-			# ...warn the user that he has duplicate locale settings
-			ewarn
-			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
-			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
-			ewarn "and create the symlink with the following command:"
-			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
-			ewarn
-		else
-			# ...or just create the symlink if there's nothing here
-			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
-			ln -n -s ../locale.conf "${envd_locale_def}"
-			eend ${?} || FAIL=1
-		fi
-	fi
-}
-
-migrate_net_name_slot() {
-	# If user has disabled 80-net-name-slot.rules using a empty file or a symlink to /dev/null,
-	# do the same for 80-net-setup-link.rules to keep the old behavior
-	local net_move=no
-	local net_name_slot_sym=no
-	local net_rules_path="${EROOT%/}"/etc/udev/rules.d
-	local net_name_slot="${net_rules_path}"/80-net-name-slot.rules
-	local net_setup_link="${net_rules_path}"/80-net-setup-link.rules
-	if [[ -e ${net_setup_link} ]]; then
-		net_move=no
-	elif [[ -f ${net_name_slot} && $(sed -e "/^#/d" -e "/^\W*$/d" ${net_name_slot} | wc -l) == 0 ]]; then
-		net_move=yes
-	elif [[ -L ${net_name_slot} && $(readlink ${net_name_slot}) == /dev/null ]]; then
-		net_move=yes
-		net_name_slot_sym=yes
-	fi
-	if [[ ${net_move} == yes ]]; then
-		ebegin "Copying ${net_name_slot} to ${net_setup_link}"
-
-		if [[ ${net_name_slot_sym} == yes ]]; then
-			ln -nfs /dev/null "${net_setup_link}"
-		else
-			cp "${net_name_slot}" "${net_setup_link}"
-		fi
-		eend $? || FAIL=1
-	fi
-}
-
-pkg_postinst() {
-	newusergroup() {
-		enewgroup "$1"
-		enewuser "$1" -1 -1 -1 "$1"
-	}
-
-	enewgroup input
-	enewgroup systemd-journal
-	newusergroup systemd-bus-proxy
-	newusergroup systemd-journal-gateway
-	newusergroup systemd-journal-remote
-	newusergroup systemd-journal-upload
-	newusergroup systemd-network
-	newusergroup systemd-resolve
-	newusergroup systemd-timesync
-	use http && newusergroup systemd-journal-gateway
-
-	systemd_update_catalog
-
-	# Keep this here in case the database format changes so it gets updated
-	# when required. Despite that this file is owned by sys-apps/hwids.
-	if has_version "sys-apps/hwids[udev]"; then
-		udevadm hwdb --update --root="${ROOT%/}"
-	fi
-
-	udev_reload || FAIL=1
-
-	# Bug 465468, make sure locales are respect, and ensure consistency
-	# between OpenRC & systemd
-	migrate_locale
-
-	# Migrate 80-net-name-slot.rules -> 80-net-setup-link.rules
-	migrate_net_name_slot
-
-	if [[ ${FAIL} ]]; then
-		eerror "One of the postinst commands failed. Please check the postinst output"
-		eerror "for errors. You may need to clean up your system and/or try installing"
-		eerror "systemd again."
-		eerror
-	fi
-
-	if [[ ! -L "${ROOT}"/etc/mtab ]]; then
-		ewarn "Upstream mandates the /etc/mtab file should be a symlink to /proc/mounts."
-		ewarn "Not having it is not supported by upstream and will cause tools like 'df'"
-		ewarn "and 'mount' to not work properly. Please run:"
-		ewarn "	# ln -sf '${ROOT}proc/self/mounts' '${ROOT}etc/mtab'"
-		ewarn
-	fi
-
-	if [[ $(readlink "${ROOT}"/etc/resolv.conf) == */run/systemd/network/resolv.conf ]]; then
-		ewarn "resolv.conf is now generated by systemd-resolved. To use it, enable"
-		ewarn "systemd-resolved.service, and create a symlink from /etc/resolv.conf"
-		ewarn "to /run/systemd/resolve/resolv.conf"
-		ewarn
-	fi
-
-	if ! has_version sys-apps/systemd-ui; then
-		elog "To get additional features, a number of optional runtime dependencies may"
-		elog "be installed:"
-		elog "- sys-apps/systemd-ui: for GTK+ systemadm UI and gnome-ask-password-agent"
-	fi
-
-	if has_version sys-apps/openrc &&
-		! has_version sys-fs/udev-init-scripts; then
-		elog "If you plan to boot using OpenRC and udev or eudev, you"
-		elog "need to install the udev-init-scripts package."
-	fi
-}
-
-pkg_prerm() {
-	# If removing systemd completely, remove the catalog database.
-	if [[ ! ${REPLACED_BY_VERSION} ]]; then
-		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
-	fi
-}

From 9b5c37fa3920047386cddc57ffbcb34b889e7cf7 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Tue, 12 May 2015 13:50:02 -0700
Subject: [PATCH 3/4] systemd: enable systemd-timesyncd

In the process clean up moving units from /etc to /usr, the current goo
was sloppy and sometimes missed when systemd added new things to /etc.
For example we didn't move systemd-networkd.socket, added in 219.
---
 ...md-219-r7.ebuild => systemd-219-r8.ebuild} |  0
 .../sys-apps/systemd/systemd-9999.ebuild      | 53 ++++++++++---------
 2 files changed, 28 insertions(+), 25 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/{systemd-219-r7.ebuild => systemd-219-r8.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-219-r7.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-219-r8.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-219-r7.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-219-r8.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
index ecc712f837..426a31dc47 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
@@ -340,6 +340,8 @@ multilib_src_install() {
 }
 
 multilib_src_install_all() {
+	local unitdir=$(systemd_get_unitdir)
+
 	prune_libtool_files --modules
 	einstalldocs
 
@@ -347,9 +349,9 @@ multilib_src_install_all() {
 		local prefix
 		use symlink-usr && prefix=/usr
 		for app in halt poweroff reboot runlevel shutdown telinit; do
-			dosym "/${ROOTPREFIX-/usr}/bin/systemctl" ${prefix}/sbin/${app}
+			dosym "${ROOTPREFIX-/usr}/bin/systemctl" ${prefix}/sbin/${app}
 		done
-		dosym "/${ROOTPREFIX-/usr}/lib/systemd/systemd" ${prefix}/sbin/init
+		dosym "${ROOTPREFIX-/usr}/lib/systemd/systemd" ${prefix}/sbin/init
 	else
 		# we just keep sysvinit tools, so no need for the mans
 		rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
@@ -369,31 +371,32 @@ multilib_src_install_all() {
 	systemd_dotmpfilesd "${FILESDIR}"/systemd-resolv.conf
 
 	# Don't default to graphical.target
-	rm "${D}"/usr/lib/systemd/system/default.target || die
-	dosym multi-user.target /usr/lib/systemd/system/default.target
+	rm "${D}${unitdir}"/default.target || die
+	dosym multi-user.target "${unitdir}"/default.target
 
-	# If we install these symlinks, there is no way for the sysadmin to remove them
-	# permanently.
-	rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
-	rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
-	rm -r "${D}"/etc/systemd/system/network-online.target.wants || die
-	rm -r "${D}"/etc/systemd/system/sysinit.target.wants || die
+	# Move a few services enabled in /etc to /usr, delete files individually
+	# so builds fail if systemd adds any new unexpected stuff to /etc
+	local f
+	for f in \
+		getty.target.wants/getty@tty1.service \
+		multi-user.target.wants/remote-fs.target \
+		multi-user.target.wants/systemd-networkd.service \
+		multi-user.target.wants/systemd-resolved.service \
+		network-online.target.wants/systemd-networkd-wait-online.service \
+		sockets.target.wants/systemd-networkd.socket \
+		sysinit.target.wants/systemd-timesyncd.service
+	do
+		local s="${f#*/}" t="${f%/*}"
+		local u="${s/@*.service/@.service}"
 
-	# Move a few services enabled in /etc to /usr
-	# systemd-timesyncd is left disabled, we currently use ntpd
-	rm -f "${D}"/etc/systemd/system/getty.target.wants/getty@tty1.service
-	rm -f "${D}"/etc/systemd/system/multi-user.target.wants/remote-fs.target
+		# systemd_enable_service doesn't understand template units
+		einfo "Enabling ${s} via ${t}"
+		dodir "${unitdir}/${t}"
+		dosym "../${u}" "${unitdir}/${t}/${s}"
 
-	rm -f "${D}"/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service
-	rmdir "${D}"/etc/systemd/system/getty.target.wants \
-		"${D}"/etc/systemd/system/multi-user.target.wants \
-		|| die
-
-	dosym ../getty@.service /usr/lib/systemd/system/getty.target.wants/getty@tty1.service
-	systemd_enable_service multi-user.target remote-fs.target
-	systemd_enable_service multi-user.target systemd-networkd.service
-	systemd_enable_service multi-user.target systemd-resolved.service
-	systemd_enable_service network-online.target systemd-networkd-wait-online.service
+		rm "${D}/etc/systemd/system/${f}" || die
+	done
+	rmdir "${D}"/etc/systemd/system/*.wants || die
 
 	# Grant networkd access to set the transient host name
 	insinto /usr/share/polkit-1/rules.d
@@ -405,7 +408,7 @@ multilib_src_install_all() {
 	doins "${FILESDIR}"/99-default.preset
 
 	# Disable the "First Boot Wizard" by default, it isn't very applicable to CoreOS
-	rm "${D}"/usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service
+	rm "${D}${unitdir}"/sysinit.target.wants/systemd-firstboot.service
 
 	# Do not ship distro-specific files (nsswitch.conf pam.d)
 	rm -rf "${D}"/usr/share/factory

From ce4e710c6c4bf9474b25a3cb96e437c1826cac75 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Tue, 12 May 2015 14:15:10 -0700
Subject: [PATCH 4/4] systemd: apply a few trivial changes from upstream

---
 .../coreos-overlay/sys-apps/systemd/systemd-9999.ebuild  | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
index 426a31dc47..637ce4dadb 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/systemd-9999.ebuild,v 1.160 2015/02/20 16:13:22 floppym Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/systemd-9999.ebuild,v 1.164 2015/04/18 23:54:18 floppym Exp $
 
 EAPI=5
 
@@ -22,7 +22,7 @@ inherit cros-workon
 
 AUTOTOOLS_AUTORECONF=yes
 AUTOTOOLS_PRUNE_LIBTOOL_FILES=all
-PYTHON_COMPAT=( python{2_7,3_2,3_3,3_4} )
+PYTHON_COMPAT=( python{2_7,3_3,3_4} )
 inherit autotools-utils bash-completion-r1 linux-info multilib \
 	multilib-minimal pam python-single-r1 systemd toolchain-funcs udev \
 	user
@@ -45,6 +45,7 @@ MINKV="3.8"
 
 COMMON_DEPEND=">=sys-apps/util-linux-2.25:0=
 	sys-libs/libcap:0=
+	!<sys-libs/glibc-2.16
 	acl? ( sys-apps/acl:0= )
 	apparmor? ( sys-libs/libapparmor:0= )
 	audit? ( >=sys-process/audit-2:0= )
@@ -86,7 +87,6 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.25:0=
 RDEPEND="${COMMON_DEPEND}
 	>=sys-apps/baselayout-2.2
 	!sys-auth/nss-myhostname
-	!<sys-libs/glibc-2.14
 	!sys-fs/eudev
 	!sys-fs/udev"
 
@@ -255,6 +255,9 @@ multilib_src_configure() {
 		QUOTAON=/usr/sbin/quotaon
 		QUOTACHECK=/usr/sbin/quotacheck
 
+		# TODO: we may need to restrict this to gcc
+		EFI_CC="$(tc-getCC)"
+
 		# dbus paths
 		--with-dbuspolicydir="${EPREFIX}/usr/share/dbus-1/system.d"
 		--with-dbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services"