From b585ebc2d6dded29fa2280499ba54ab670864f2e Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Fri, 26 Jul 2013 06:42:56 -0700 Subject: [PATCH 1/7] chore(net-misc/strongswan): remove, we don't use it right now remove strongswan, we aren't using it right now. --- .../net-misc/strongswan/Manifest | 1 - .../net-misc/strongswan/files/ipsec | 33 -- ...trongswan-4.6.4-ignore-peer-id-check.patch | 302 ------------------ .../files/strongswan-4.6.4-initgroups.patch | 14 - .../strongswan/strongswan-4.6.4-r2.ebuild | 289 ----------------- .../strongswan/strongswan-4.6.4.ebuild | 272 ---------------- 6 files changed, 911 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/strongswan/Manifest delete mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/strongswan/files/ipsec delete mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/strongswan/files/strongswan-4.6.4-ignore-peer-id-check.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/strongswan/files/strongswan-4.6.4-initgroups.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/strongswan/strongswan-4.6.4-r2.ebuild delete mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/strongswan/strongswan-4.6.4.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/strongswan/Manifest b/sdk_container/src/third_party/coreos-overlay/net-misc/strongswan/Manifest deleted file mode 100644 index d842f7f111..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-misc/strongswan/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST strongswan-4.6.4.tar.bz2 3504672 RMD160 51406171d60e51866d7b3afd89c1c2c9e3884de1 SHA1 a0bb51ace911dbfb8d4a9560e150b0661ea6220c SHA256 f372b4cc3d6c8a50a0b262e02e6a7fad43f91cc5a80cbd9432eb3c48ab2d4c69 diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/strongswan/files/ipsec b/sdk_container/src/third_party/coreos-overlay/net-misc/strongswan/files/ipsec deleted file mode 100644 index 42cde4f38d..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-misc/strongswan/files/ipsec +++ /dev/null @@ -1,33 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2006 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -depend() { - need logger net -} - -start() { - ebegin "Starting ${IPSECD}" - ipsec start - eend $? -} - -stop() { - ebegin "Stopping ${IPSECD}" - ipsec stop - eend $? -} - -restart() { - ebegin "Restarting ${IPSECD}" - svc_stop - sleep 2 - svc_start - eend $? -} - -status() { - ebegin "${IPSECD} Status (verbose):" - ipsec statusall - eend $? -} diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/strongswan/files/strongswan-4.6.4-ignore-peer-id-check.patch b/sdk_container/src/third_party/coreos-overlay/net-misc/strongswan/files/strongswan-4.6.4-ignore-peer-id-check.patch deleted file mode 100644 index 5a56447b6f..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-misc/strongswan/files/strongswan-4.6.4-ignore-peer-id-check.patch +++ /dev/null @@ -1,302 +0,0 @@ -diff -rupN strongswan-4.6.4/src/pluto/ipsec_doi.c strongswan-4.6.4.patched/src/pluto/ipsec_doi.c ---- strongswan-4.6.4/src/pluto/ipsec_doi.c 2011-10-16 08:19:04.000000000 -0700 -+++ strongswan-4.6.4.patched/src/pluto/ipsec_doi.c 2012-06-05 22:27:58.208664827 -0700 -@@ -112,6 +112,8 @@ enum endpoint { - EP_REMOTE = 1 << 1, - }; - -+extern bool ignore_peer_id_check; -+ - /* create output HDR as replica of input HDR */ - void echo_hdr(struct msg_digest *md, bool enc, u_int8_t np) - { -@@ -2429,7 +2431,15 @@ static bool switch_connection(struct msg - loglog(RC_LOG_SERIOUS, - "we require peer to have ID '%Y', but peer declares '%Y'", - c->spd.that.id, peer); -- return FALSE; -+ if (ignore_peer_id_check) -+ { -+ loglog(RC_LOG_SERIOUS, -+ "ignore peer ID mismatch"); -+ } -+ else -+ { -+ return FALSE; -+ } - } - - if (c->spd.that.ca) -diff -rupN strongswan-4.6.4/src/pluto/plutomain.c strongswan-4.6.4.patched/src/pluto/plutomain.c ---- strongswan-4.6.4/src/pluto/plutomain.c 2012-02-06 09:05:46.000000000 -0800 -+++ strongswan-4.6.4.patched/src/pluto/plutomain.c 2012-06-05 22:27:58.208664827 -0700 -@@ -256,6 +256,8 @@ bool pkcs11_keep_state = FALSE; - /* by default pluto does not allow pkcs11 proxy access via whack */ - bool pkcs11_proxy = FALSE; - -+bool ignore_peer_id_check = FALSE; -+ - /* argument string to pass to PKCS#11 module. - * Not used for compliant modules, just for NSS softoken - */ -@@ -339,6 +341,7 @@ int main(int argc, char **argv) - { "disable_port_floating", no_argument, NULL, '4' }, - { "debug-natt", no_argument, NULL, '5' }, - { "virtual_private", required_argument, NULL, '6' }, -+ { "ignorepeeridcheck", no_argument, NULL, '7' }, - #ifdef DEBUG - { "debug-none", no_argument, NULL, 'N' }, - { "debug-all", no_argument, NULL, 'A' }, -@@ -539,6 +542,9 @@ int main(int argc, char **argv) - case '6': /* --virtual_private */ - virtual_private = optarg; - continue; -+ case '7': /* --ignorepeeridcheck */ -+ ignore_peer_id_check = TRUE; -+ continue; - - default: - #ifdef DEBUG -diff -rupN strongswan-4.6.4/src/starter/args.c strongswan-4.6.4.patched/src/starter/args.c ---- strongswan-4.6.4/src/starter/args.c 2012-05-30 09:17:15.000000000 -0700 -+++ strongswan-4.6.4.patched/src/starter/args.c 2012-06-05 22:27:58.208664827 -0700 -@@ -189,6 +189,7 @@ static const token_info_t token_info[] = - { ARG_STR, offsetof(starter_config_t, setup.pkcs11initargs), NULL }, - { ARG_ENUM, offsetof(starter_config_t, setup.pkcs11keepstate), LST_bool }, - { ARG_ENUM, offsetof(starter_config_t, setup.pkcs11proxy), LST_bool }, -+ { ARG_ENUM, offsetof(starter_config_t, setup.ignorepeeridcheck), LST_bool }, - - /* KLIPS keywords */ - { ARG_LST, offsetof(starter_config_t, setup.klipsdebug), LST_klipsdebug }, -diff -rupN strongswan-4.6.4/src/starter/confread.h strongswan-4.6.4.patched/src/starter/confread.h ---- strongswan-4.6.4/src/starter/confread.h 2012-05-30 09:17:15.000000000 -0700 -+++ strongswan-4.6.4.patched/src/starter/confread.h 2012-06-05 22:27:58.208664827 -0700 -@@ -210,6 +210,7 @@ struct starter_config { - char *pkcs11initargs; - bool pkcs11keepstate; - bool pkcs11proxy; -+ bool ignorepeeridcheck; - - /* KLIPS keywords */ - char **klipsdebug; -diff -rupN strongswan-4.6.4/src/starter/invokepluto.c strongswan-4.6.4.patched/src/starter/invokepluto.c ---- strongswan-4.6.4/src/starter/invokepluto.c 2012-02-06 09:05:46.000000000 -0800 -+++ strongswan-4.6.4.patched/src/starter/invokepluto.c 2012-06-05 22:27:58.208664827 -0700 -@@ -238,6 +238,10 @@ starter_start_pluto (starter_config_t *c - { - arg[argc++] = "--pkcs11proxy"; - } -+ if (cfg->setup.ignorepeeridcheck) -+ { -+ arg[argc++] = "--ignorepeeridcheck"; -+ } - - if (_pluto_pid) - { -diff -rupN strongswan-4.6.4/src/starter/keywords.c strongswan-4.6.4.patched/src/starter/keywords.c ---- strongswan-4.6.4/src/starter/keywords.c 2012-05-30 09:20:52.000000000 -0700 -+++ strongswan-4.6.4.patched/src/starter/keywords.c 2012-06-05 22:27:58.208664827 -0700 -@@ -54,7 +54,7 @@ struct kw_entry { - kw_token_t token; - }; - --#define TOTAL_KEYWORDS 131 -+#define TOTAL_KEYWORDS 132 - #define MIN_WORD_LENGTH 3 - #define MAX_WORD_LENGTH 17 - #define MIN_HASH_VALUE 9 -@@ -79,15 +79,15 @@ hash (str, len) - 247, 247, 247, 247, 247, 247, 247, 247, 247, 247, - 247, 247, 247, 247, 247, 247, 247, 247, 247, 247, - 247, 247, 247, 247, 247, 247, 247, 247, 247, 247, -- 247, 247, 247, 247, 247, 247, 247, 247, 247, 12, -+ 247, 247, 247, 247, 247, 247, 247, 247, 247, 0, - 126, 247, 247, 247, 247, 247, 247, 247, 247, 247, - 247, 247, 247, 247, 247, 247, 247, 247, 247, 247, - 247, 247, 247, 247, 247, 247, 247, 247, 247, 247, - 247, 247, 247, 247, 247, 247, 247, 247, 247, 247, -- 247, 247, 247, 247, 247, 51, 247, 11, 1, 92, -- 43, 0, 6, 0, 110, 0, 247, 120, 56, 37, -+ 247, 247, 247, 247, 247, 20, 247, 11, 3, 92, -+ 43, 0, 6, 0, 110, 0, 247, 132, 56, 57, - 27, 72, 43, 1, 16, 0, 5, 75, 1, 247, -- 247, 11, 5, 247, 247, 247, 247, 247, 247, 247, -+ 247, 11, 4, 247, 247, 247, 247, 247, 247, 247, - 247, 247, 247, 247, 247, 247, 247, 247, 247, 247, - 247, 247, 247, 247, 247, 247, 247, 247, 247, 247, - 247, 247, 247, 247, 247, 247, 247, 247, 247, 247, -@@ -164,12 +164,14 @@ static const struct kw_entry wordlist[] - {"marginpackets", KW_MARGINPACKETS}, - {"leftnatip", KW_LEFTNATIP}, - {"mediated_by", KW_MEDIATED_BY}, -+ {"me_peerid", KW_ME_PEERID}, - {"ldapbase", KW_LDAPBASE}, - {"leftfirewall", KW_LEFTFIREWALL}, - {"rightfirewall", KW_RIGHTFIREWALL}, - {"crluri", KW_CRLURI}, -- {"mobike", KW_MOBIKE}, -+ {"crluri1", KW_CRLURI}, - {"rightnatip", KW_RIGHTNATIP}, -+ {"mobike", KW_MOBIKE}, - {"rightnexthop", KW_RIGHTNEXTHOP}, - {"mediation", KW_MEDIATION}, - {"leftallowany", KW_LEFTALLOWANY}, -@@ -177,14 +179,12 @@ static const struct kw_entry wordlist[] - {"overridemtu", KW_OVERRIDEMTU}, - {"aaa_identity", KW_AAA_IDENTITY}, - {"esp", KW_ESP}, -- {"crluri1", KW_CRLURI}, - {"lefthostaccess", KW_LEFTHOSTACCESS}, - {"leftsubnet", KW_LEFTSUBNET}, - {"leftid", KW_LEFTID}, - {"forceencaps", KW_FORCEENCAPS}, - {"eap", KW_EAP}, - {"nat_traversal", KW_NAT_TRAVERSAL}, -- {"me_peerid", KW_ME_PEERID}, - {"rightcert", KW_RIGHTCERT}, - {"installpolicy", KW_INSTALLPOLICY}, - {"authby", KW_AUTHBY}, -@@ -194,50 +194,50 @@ static const struct kw_entry wordlist[] - {"rightupdown", KW_RIGHTUPDOWN}, - {"keyexchange", KW_KEYEXCHANGE}, - {"ocspuri", KW_OCSPURI}, -- {"compress", KW_COMPRESS}, -+ {"ocspuri1", KW_OCSPURI}, - {"rightcertpolicy", KW_RIGHTCERTPOLICY}, - {"cacert", KW_CACERT}, - {"eap_identity", KW_EAP_IDENTITY}, - {"hidetos", KW_HIDETOS}, -- {"ike", KW_IKE}, -+ {"force_keepalive", KW_FORCE_KEEPALIVE}, - {"leftsubnetwithin", KW_LEFTSUBNETWITHIN}, - {"righthostaccess", KW_RIGHTHOSTACCESS}, - {"packetdefault", KW_PACKETDEFAULT}, - {"dpdaction", KW_DPDACTION}, -- {"ocspuri1", KW_OCSPURI}, - {"pfsgroup", KW_PFSGROUP}, - {"rightauth", KW_RIGHTAUTH}, -+ {"xauth_identity", KW_XAUTH_IDENTITY}, - {"also", KW_ALSO}, - {"leftsourceip", KW_LEFTSOURCEIP}, - {"rightid2", KW_RIGHTID2}, -- {"dumpdir", KW_DUMPDIR}, -- {"rekey", KW_REKEY}, -- {"ikelifetime", KW_IKELIFETIME}, -- {"dpdtimeout", KW_DPDTIMEOUT}, -+ {"ike", KW_IKE}, -+ {"compress", KW_COMPRESS}, - {"ldaphost", KW_LDAPHOST}, -- {"rekeyfuzz", KW_REKEYFUZZ}, - {"leftcert2", KW_LEFTCERT2}, -- {"leftikeport", KW_LEFTIKEPORT}, - {"crlcheckinterval", KW_CRLCHECKINTERVAL}, - {"plutostderrlog", KW_PLUTOSTDERRLOG}, - {"plutostart", KW_PLUTOSTART}, - {"rightauth2", KW_RIGHTAUTH2}, -+ {"rekey", KW_REKEY}, -+ {"ikelifetime", KW_IKELIFETIME}, - {"leftca2", KW_LEFTCA2}, -- {"mark", KW_MARK}, -- {"force_keepalive", KW_FORCE_KEEPALIVE}, -+ {"rekeyfuzz", KW_REKEYFUZZ}, -+ {"leftikeport", KW_LEFTIKEPORT}, -+ {"dumpdir", KW_DUMPDIR}, - {"auto", KW_AUTO}, -+ {"dpdtimeout", KW_DPDTIMEOUT}, - {"charondebug", KW_CHARONDEBUG}, - {"dpddelay", KW_DPDDELAY}, -- {"xauth_identity", KW_XAUTH_IDENTITY}, -+ {"mark", KW_MARK}, - {"charonstart", KW_CHARONSTART}, - {"fragicmp", KW_FRAGICMP}, - {"prepluto", KW_PREPLUTO}, -+ {"ignorepeeridcheck", KW_IGNOREPEERIDCHECK}, - {"closeaction", KW_CLOSEACTION}, - {"leftid2", KW_LEFTID2}, - {"plutodebug", KW_PLUTODEBUG}, - {"tfc", KW_TFC}, - {"auth", KW_AUTH}, -- {"rekeymargin", KW_REKEYMARGIN}, - {"modeconfig", KW_MODECONFIG}, - {"leftauth", KW_LEFTAUTH}, - {"xauth", KW_XAUTH}, -@@ -247,6 +247,7 @@ static const struct kw_entry wordlist[] - {"nocrsend", KW_NOCRSEND}, - {"leftauth2", KW_LEFTAUTH2}, - {"rightca2", KW_RIGHTCA2}, -+ {"rekeymargin", KW_REKEYMARGIN}, - {"rightcert2", KW_RIGHTCERT2}, - {"pkcs11module", KW_PKCS11MODULE}, - {"reauth", KW_REAUTH}, -@@ -265,24 +266,24 @@ static const short lookup[] = - 21, 22, 23, 24, 25, -1, -1, -1, 26, 27, - 28, -1, 29, -1, -1, -1, 30, -1, 31, 32, - 33, 34, 35, -1, 36, 37, -1, 38, -1, 39, -- 40, -1, -1, 41, 42, 43, -1, -1, 44, 45, -- 46, -1, 47, -1, 48, 49, 50, 51, 52, 53, -- -1, 54, 55, -1, -1, -1, 56, -1, 57, 58, -- 59, 60, -1, 61, -1, -1, 62, 63, 64, 65, -- 66, -1, 67, 68, 69, 70, -1, 71, 72, 73, -- 74, -1, 75, 76, 77, 78, 79, 80, 81, 82, -- 83, -1, 84, 85, 86, 87, 88, 89, 90, 91, -- 92, 93, 94, -1, 95, 96, 97, 98, -1, -1, -- 99, 100, -1, -1, 101, -1, 102, -1, -1, 103, -- -1, 104, 105, -1, 106, -1, -1, -1, -1, -1, -- 107, 108, -1, -1, -1, -1, -1, 109, -1, -1, -- -1, -1, 110, -1, 111, -1, -1, -1, -1, -1, -- -1, -1, -1, 112, 113, 114, -1, 115, -1, 116, -+ 40, -1, 41, 42, 43, 44, -1, -1, 45, 46, -+ 47, 48, 49, -1, 50, 51, 52, 53, 54, 55, -+ -1, -1, 56, -1, -1, -1, 57, -1, 58, 59, -+ 60, 61, -1, -1, -1, -1, 62, 63, 64, 65, -+ 66, -1, 67, 68, 69, 70, 71, -1, 72, 73, -+ 74, -1, 75, 76, 77, 78, 79, 80, -1, 81, -+ 82, 83, 84, 85, 86, 87, -1, 88, -1, 89, -+ -1, 90, -1, -1, 91, 92, 93, 94, 95, 96, -+ 97, 98, -1, -1, 99, 100, 101, -1, 102, 103, -+ -1, 104, -1, 105, 106, -1, -1, -1, -1, -1, -+ 107, 108, -1, -1, -1, -1, 109, 110, -1, -1, -+ -1, -1, 111, -1, 112, -1, -1, -1, -1, -1, -+ -1, -1, -1, 113, 114, -1, -1, 115, -1, 116, - -1, 117, -1, -1, 118, 119, -1, -1, -1, 120, - -1, -1, -1, -1, -1, 121, 122, -1, -1, -1, -- -1, -1, -1, -1, -1, -1, 123, -1, 124, -1, -- -1, -1, -1, -1, -1, -1, 125, 126, 127, 128, -- -1, -1, 129, -1, -1, -1, 130 -+ -1, -1, -1, -1, -1, -1, 123, 124, 125, -1, -+ -1, -1, -1, -1, -1, -1, 126, 127, 128, 129, -+ -1, -1, 130, -1, -1, -1, 131 - }; - - #ifdef __GNUC__ -diff -rupN strongswan-4.6.4/src/starter/keywords.h strongswan-4.6.4.patched/src/starter/keywords.h ---- strongswan-4.6.4/src/starter/keywords.h 2012-05-30 09:17:15.000000000 -0700 -+++ strongswan-4.6.4.patched/src/starter/keywords.h 2012-06-05 22:27:58.208664827 -0700 -@@ -43,9 +43,10 @@ typedef enum { - KW_PKCS11INITARGS, - KW_PKCS11KEEPSTATE, - KW_PKCS11PROXY, -+ KW_IGNOREPEERIDCHECK, - - #define KW_PLUTO_FIRST KW_PLUTODEBUG --#define KW_PLUTO_LAST KW_PKCS11PROXY -+#define KW_PLUTO_LAST KW_IGNOREPEERIDCHECK - - /* KLIPS keywords */ - KW_KLIPSDEBUG, -@@ -218,4 +219,3 @@ typedef enum { - } kw_token_t; - - #endif /* _KEYWORDS_H_ */ -- -diff -rupN strongswan-4.6.4/src/starter/keywords.txt strongswan-4.6.4.patched/src/starter/keywords.txt ---- strongswan-4.6.4/src/starter/keywords.txt 2012-05-30 09:17:15.000000000 -0700 -+++ strongswan-4.6.4.patched/src/starter/keywords.txt 2012-06-05 22:27:58.208664827 -0700 -@@ -56,6 +56,7 @@ pkcs11module, KW_PKCS11MODULE - pkcs11initargs, KW_PKCS11INITARGS - pkcs11keepstate, KW_PKCS11KEEPSTATE - pkcs11proxy, KW_PKCS11PROXY -+ignorepeeridcheck, KW_IGNOREPEERIDCHECK - keyexchange, KW_KEYEXCHANGE - type, KW_TYPE - pfs, KW_PFS diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/strongswan/files/strongswan-4.6.4-initgroups.patch b/sdk_container/src/third_party/coreos-overlay/net-misc/strongswan/files/strongswan-4.6.4-initgroups.patch deleted file mode 100644 index 375159e59f..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-misc/strongswan/files/strongswan-4.6.4-initgroups.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -rupN strongswan-4.6.4/src/pluto/plutomain.c strongswan-4.6.4.patched/src/pluto/plutomain.c ---- strongswan-4.6.4/src/pluto/plutomain.c 2012-02-06 09:05:46.000000000 -0800 -+++ strongswan-4.6.4.patched/src/pluto/plutomain.c 2012-06-05 22:24:41.335822876 -0700 -@@ -726,7 +726,9 @@ int main(int argc, char **argv) - char buf[1024]; - - if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 || -- pwp == NULL || setuid(pwp->pw_uid) != 0) -+ pwp == NULL || -+ initgroups(pwp->pw_name, pwp->pw_gid) != 0 || -+ setuid(pwp->pw_uid) != 0) - { - plog("unable to change daemon user"); - abort(); diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/strongswan/strongswan-4.6.4-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/net-misc/strongswan/strongswan-4.6.4-r2.ebuild deleted file mode 100644 index e845be2dd1..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-misc/strongswan/strongswan-4.6.4-r2.ebuild +++ /dev/null @@ -1,289 +0,0 @@ -# Copyright 1999-2012 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-4.6.4.ebuild,v 1.1 2012/05/31 16:30:53 gurligebis Exp $ - -EAPI=2 -inherit eutils linux-info - -DESCRIPTION="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE" -HOMEPAGE="http://www.strongswan.org/" -SRC_URI="http://download.strongswan.org/${P}.tar.bz2" - -LICENSE="GPL-2 RSA-MD5 RSA-PKCS11 DES" -SLOT="0" -KEYWORDS="arm amd64 ~ppc ~sparc x86" -# TODO(simonjam): Figure out why +openssl broke certificate support. Until then, -# openssl is disabled unlike upstream. -# See http://codereview.chromium.org/6833010 and http://crosbug.com/12695 for details. -IUSE="+caps cisco curl debug dhcp eap farp gcrypt ldap +ikev1 +ikev2 mysql nat-transport +non-root openssl +smartcard sqlite" - -COMMON_DEPEND="!net-misc/openswan - >=dev-libs/gmp-4.1.5 - gcrypt? ( dev-libs/libgcrypt ) - caps? ( sys-libs/libcap ) - curl? ( net-misc/curl ) - ldap? ( net-nds/openldap ) - smartcard? ( dev-libs/opensc ) - openssl? ( >=dev-libs/openssl-0.9.8[-bindist] ) - mysql? ( virtual/mysql ) - sqlite? ( >=dev-db/sqlite-3.3.1 )" -DEPEND="${COMMON_DEPEND} - virtual/linux-sources - sys-kernel/linux-headers" -RDEPEND="${COMMON_DEPEND} - virtual/logger" - -UGID="ipsec" - -pkg_setup() { - linux-info_pkg_setup - elog "Linux kernel version: ${KV_FULL}" - - if ! kernel_is -ge 2 6 16; then - eerror - eerror "This ebuild currently only supports ${PN} with the" - eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16." - eerror - fi - - if use nat-transport; then - ewarn - ewarn "You have enabled NAT Traversal for transport mode with the IKEv1" - ewarn "protocol. Please double check if you really require this feature" - ewarn "as it is potentially insecure and usually only required in certain" - ewarn "situations when interoperating with Windows using L2TP/IPsec." - ewarn - fi - - if kernel_is -lt 2 6 34; then - ewarn - ewarn "IMPORTANT KERNEL NOTES: Please read carefully..." - ewarn - - if kernel_is -lt 2 6 29; then - ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to" - ewarn "include all required IPv6 modules even if you just intend" - ewarn "to run on IPv4 only." - ewarn - ewarn "This has been fixed with kernels >= 2.6.29." - ewarn - fi - - if kernel_is -lt 2 6 33; then - ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards" - ewarn "compliant implementation for SHA-2 HMAC support in ESP and" - ewarn "miss SHA384 and SHA512 HMAC support altogether." - ewarn - ewarn "If you need any of those features, please use kernel >= 2.6.33." - ewarn - fi - - if kernel_is -lt 2 6 34; then - ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only" - ewarn "ESP cipher is only included in kernels >= 2.6.34." - ewarn - ewarn "If you need it, please use kernel >= 2.6.34." - ewarn - fi - fi -} - -src_prepare() { - # Initialize the supplementary group access list when pluto starts. - # See http://crosbug.com/16252 for details. - epatch "${FILESDIR}/${P}-initgroups.patch" || die - # Provide an option to ignore peer ID check in pluto. - # See http://crosbug.com/24476 for details. - epatch "${FILESDIR}/${P}-ignore-peer-id-check.patch" || die -} - -src_configure() { - local myconf="" - - if use non-root; then - myconf="${myconf} --with-user=${UGID} --with-group=${UGID}" - fi - - # If a user has already enabled db support, those plugins will - # most likely be desired as well. Besides they don't impose new - # dependencies and come at no cost (except for space). - if use mysql || use sqlite; then - myconf="${myconf} --enable-attr-sql --enable-sql" - fi - - # strongSwan builds and installs static libs by default which are - # useless to the user (and to strongSwan for that matter) because no - # header files or alike get installed... so disabling them is safe. - # - # On Chromium OS, we use --disable-xauth-vid to prevent strongswan - # from sending a XAUTH vendor ID during ISAKMP phase 1 exchange. - # See http://crosbug.com/25675 for details. - econf \ - --disable-static \ - --disable-xauth-vid \ - $(use_with caps capabilities libcap) \ - $(use_enable curl) \ - $(use_enable ldap) \ - $(use_enable smartcard) \ - $(use_enable cisco cisco-quirks) \ - $(use_enable debug leak-detective) \ - $(use_enable eap eap-sim) \ - $(use_enable eap eap-sim-file) \ - $(use_enable eap eap-simaka-sql) \ - $(use_enable eap eap-simaka-pseudonym) \ - $(use_enable eap eap-simaka-reauth) \ - $(use_enable eap eap-identity) \ - $(use_enable eap eap-md5) \ - $(use_enable eap eap-gtc) \ - $(use_enable eap eap-aka) \ - $(use_enable eap eap-aka-3gpp2) \ - $(use_enable eap eap-mschapv2) \ - $(use_enable eap eap-radius) \ - $(use_enable nat-transport) \ - $(use_enable openssl) \ - $(use_enable gcrypt) \ - $(use_enable mysql) \ - $(use_enable sqlite) \ - $(use_enable ikev1 pluto) \ - $(use_enable ikev2 charon) \ - $(use_enable dhcp) \ - $(use_enable farp) \ - ${myconf} -} - -src_install() { - emake DESTDIR="${D}" install || die "Install failed" - - doinitd "${FILESDIR}"/ipsec - - local dir_ugid - if use non-root; then - fowners ${UGID}:${UGID} \ - /etc/ipsec.conf \ - /etc/ipsec.secrets \ - /etc/strongswan.conf - - dir_ugid="${UGID}" - else - dir_ugid="root" - fi - - diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid} - dodir /etc/ipsec.d \ - /etc/ipsec.d/aacerts \ - /etc/ipsec.d/acerts \ - /etc/ipsec.d/cacerts \ - /etc/ipsec.d/certs \ - /etc/ipsec.d/crls \ - /etc/ipsec.d/ocspcerts \ - /etc/ipsec.d/private \ - /etc/ipsec.d/reqs - - # Replace various IPsec files with symbolic links to runtime generated - # files (by l2tpipsec_vpn) on the stateful partition of Chromium OS. - rm -f "${D}"/etc/ipsec.conf "${D}"/etc/ipsec.secrets "{$D}"/etc/ipsec.d/cacerts/cacert.der - dosym /mnt/stateful_partition/etc/ipsec.conf /etc/ipsec.conf || die - dosym /mnt/stateful_partition/etc/ipsec.secrets /etc/ipsec.secrets || die - dosym /mnt/stateful_partition/etc/cacert.der /etc/ipsec.d/cacerts/cacert.der || die - - dodoc CREDITS NEWS README TODO || die - - # shared libs are used only internally and there are no static libs, - # so it's safe to get rid of the .la files - find "${D}" -name '*.la' -delete || die "Failed to remove .la files." -} - -pkg_preinst() { - has_version "= 2.6.16." - eerror - die "Please install a recent 2.6 kernel." - fi - - if use nat-transport; then - ewarn - ewarn "You have enabled NAT Traversal for transport mode with the IKEv1" - ewarn "protocol. Please double check if you really require this feature" - ewarn "as it is potentially insecure and usually only required in certain" - ewarn "situations when interoperating with Windows using L2TP/IPsec." - ewarn - fi - - if kernel_is -lt 2 6 34; then - ewarn - ewarn "IMPORTANT KERNEL NOTES: Please read carefully..." - ewarn - - if kernel_is -lt 2 6 29; then - ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to" - ewarn "include all required IPv6 modules even if you just intend" - ewarn "to run on IPv4 only." - ewarn - ewarn "This has been fixed with kernels >= 2.6.29." - ewarn - fi - - if kernel_is -lt 2 6 33; then - ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards" - ewarn "compliant implementation for SHA-2 HMAC support in ESP and" - ewarn "miss SHA384 and SHA512 HMAC support altogether." - ewarn - ewarn "If you need any of those features, please use kernel >= 2.6.33." - ewarn - fi - - if kernel_is -lt 2 6 34; then - ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only" - ewarn "ESP cipher is only included in kernels >= 2.6.34." - ewarn - ewarn "If you need it, please use kernel >= 2.6.34." - ewarn - fi - fi - - if use non-root; then - enewgroup ${UGID} - enewuser ${UGID} -1 -1 -1 ${UGID} - fi -} - -src_configure() { - local myconf="" - - if use non-root; then - myconf="${myconf} --with-user=${UGID} --with-group=${UGID}" - fi - - # If a user has already enabled db support, those plugins will - # most likely be desired as well. Besides they don't impose new - # dependencies and come at no cost (except for space). - if use mysql || use sqlite; then - myconf="${myconf} --enable-attr-sql --enable-sql" - fi - - # strongSwan builds and installs static libs by default which are - # useless to the user (and to strongSwan for that matter) because no - # header files or alike get installed... so disabling them is safe. - econf \ - --disable-static \ - $(use_with caps capabilities libcap) \ - $(use_enable curl) \ - $(use_enable ldap) \ - $(use_enable smartcard) \ - $(use_enable cisco cisco-quirks) \ - $(use_enable debug leak-detective) \ - $(use_enable eap eap-sim) \ - $(use_enable eap eap-sim-file) \ - $(use_enable eap eap-simaka-sql) \ - $(use_enable eap eap-simaka-pseudonym) \ - $(use_enable eap eap-simaka-reauth) \ - $(use_enable eap eap-identity) \ - $(use_enable eap eap-md5) \ - $(use_enable eap eap-gtc) \ - $(use_enable eap eap-aka) \ - $(use_enable eap eap-aka-3gpp2) \ - $(use_enable eap eap-mschapv2) \ - $(use_enable eap eap-radius) \ - $(use_enable nat-transport) \ - $(use_enable openssl) \ - $(use_enable gcrypt) \ - $(use_enable mysql) \ - $(use_enable sqlite) \ - $(use_enable ikev1 pluto) \ - $(use_enable ikev2 charon) \ - $(use_enable dhcp) \ - $(use_enable farp) \ - ${myconf} -} - -src_install() { - emake DESTDIR="${D}" install || die "Install failed" - - doinitd "${FILESDIR}"/ipsec - - local dir_ugid - if use non-root; then - fowners ${UGID}:${UGID} \ - /etc/ipsec.conf \ - /etc/ipsec.secrets \ - /etc/strongswan.conf - - dir_ugid="${UGID}" - else - dir_ugid="root" - fi - - diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid} - dodir /etc/ipsec.d \ - /etc/ipsec.d/aacerts \ - /etc/ipsec.d/acerts \ - /etc/ipsec.d/cacerts \ - /etc/ipsec.d/certs \ - /etc/ipsec.d/crls \ - /etc/ipsec.d/ocspcerts \ - /etc/ipsec.d/private \ - /etc/ipsec.d/reqs - - dodoc CREDITS NEWS README TODO || die - - # shared libs are used only internally and there are no static libs, - # so it's safe to get rid of the .la files - find "${D}" -name '*.la' -delete || die "Failed to remove .la files." -} - -pkg_preinst() { - has_version " Date: Fri, 26 Jul 2013 08:30:22 -0700 Subject: [PATCH 2/7] fix(*): use new stateful_partition location moving /mnt/stateful_partition to /media/state --- .../coreos-base/chromeos-auth-config/files/chromeos-auth | 4 ++-- .../coreos-base/coreos-base/coreos-base-0.ebuild | 2 +- .../coreos-overlay/dev-db/etcd/files/etcd-bootstrap | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/chromeos-auth-config/files/chromeos-auth b/sdk_container/src/third_party/coreos-overlay/coreos-base/chromeos-auth-config/files/chromeos-auth index b07fe86473..43f14769b4 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/chromeos-auth-config/files/chromeos-auth +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/chromeos-auth-config/files/chromeos-auth @@ -4,11 +4,11 @@ auth [success=ignore default=3] pam_exec.so \ # Check if a custom devmode password file exists and prefer it. auth [success=ignore default=1] pam_exec.so \ - quiet /usr/bin/test -f /mnt/stateful_partition/etc/devmode.passwd + quiet /usr/bin/test -f /media/state/etc/devmode.passwd # If we get to pwdfile, use it or bypass the password-less login. auth [success=done default=1] pam_pwdfile.so \ - pwdfile /mnt/stateful_partition/etc/devmode.passwd + pwdfile /media/state/etc/devmode.passwd # If we get here, allow password-less access auth sufficient pam_exec.so quiet /usr/bin/crossystem cros_debug?1 diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild index 3b5c69231c..7819f209f7 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild @@ -284,7 +284,7 @@ pkg_postinst() { # Some default directories. These are created here rather than at # install because some of them may already exist and have mounts. for x in /dev /home /media \ - /mnt/stateful_partition /proc /root /sys /var/lock; do + /proc /root /sys /var/lock; do [ -d "${ROOT}/$x" ] && continue install -d --mode=0755 --owner=root --group=root "${ROOT}/$x" done diff --git a/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/etcd-bootstrap b/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/etcd-bootstrap index 3cd1b954ad..611cc898c4 100755 --- a/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/etcd-bootstrap +++ b/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/etcd-bootstrap @@ -7,7 +7,7 @@ MY_IP=$(curl -s $META_URL/meta-data/local-ipv4) BOOTSTRAP="/var/run/etcd/bootstrap.config" # for etcd -STATE=/mnt/stateful_partition/etcd +STATE=/media/state/etcd mkdir -p $STATE [ ! -e $BOOTSTRAP ] && echo bootstrap config missing && exit 1 From 589a10d8d55b02c74c289b2bc19df5c1a5dd27a1 Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Fri, 26 Jul 2013 08:56:08 -0700 Subject: [PATCH 3/7] fix(coreos-base/*): move /mnt/stateful_partition around This bumps all of the ebuilds to use the new /media/state code. --- ...0.0.1-r280.ebuild => coreos-installer-0.0.1-r281.ebuild} | 0 .../coreos-installer/coreos-installer-0.0.1.ebuild | 2 +- ...ls-0.0.1-r520.ebuild => cros-devutils-0.0.1-r521.ebuild} | 0 .../coreos-base/cros-devutils/cros-devutils-0.0.1.ebuild | 6 +++--- .../{gmerge-0.0.1-r564.ebuild => gmerge-0.0.1-r565.ebuild} | 0 .../coreos-overlay/coreos-base/gmerge/gmerge-0.0.1.ebuild | 2 +- ...ne-0.0.1-r377.ebuild => update_engine-0.0.1-r378.ebuild} | 0 .../coreos-base/update_engine/update_engine-0.0.1.ebuild | 2 +- ...ence-1.0-r869.ebuild => vboot_reference-1.0-r870.ebuild} | 0 .../coreos-base/vboot_reference/vboot_reference-1.0.ebuild | 2 +- 10 files changed, 7 insertions(+), 7 deletions(-) rename sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-installer/{coreos-installer-0.0.1-r280.ebuild => coreos-installer-0.0.1-r281.ebuild} (100%) rename sdk_container/src/third_party/coreos-overlay/coreos-base/cros-devutils/{cros-devutils-0.0.1-r520.ebuild => cros-devutils-0.0.1-r521.ebuild} (100%) rename sdk_container/src/third_party/coreos-overlay/coreos-base/gmerge/{gmerge-0.0.1-r564.ebuild => gmerge-0.0.1-r565.ebuild} (100%) rename sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/{update_engine-0.0.1-r377.ebuild => update_engine-0.0.1-r378.ebuild} (100%) rename sdk_container/src/third_party/coreos-overlay/coreos-base/vboot_reference/{vboot_reference-1.0-r869.ebuild => vboot_reference-1.0-r870.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-installer/coreos-installer-0.0.1-r280.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-installer/coreos-installer-0.0.1-r281.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-installer/coreos-installer-0.0.1-r280.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-installer/coreos-installer-0.0.1-r281.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-installer/coreos-installer-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-installer/coreos-installer-0.0.1.ebuild index e5cffbcd0f..601d5aaa6f 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-installer/coreos-installer-0.0.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-installer/coreos-installer-0.0.1.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI="4" -CROS_WORKON_COMMIT="c76738e1550b495b77559c3f728ee5bd17a9518a" +CROS_WORKON_COMMIT="de7fdece8274523985aced8f2f46462f910a3b53" CROS_WORKON_PROJECT="coreos/installer" CROS_WORKON_LOCALNAME="installer" CROS_WORKON_OUTOFTREE_BUILD=1 diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/cros-devutils/cros-devutils-0.0.1-r520.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/cros-devutils/cros-devutils-0.0.1-r521.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/cros-devutils/cros-devutils-0.0.1-r520.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/cros-devutils/cros-devutils-0.0.1-r521.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/cros-devutils/cros-devutils-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/cros-devutils/cros-devutils-0.0.1.ebuild index 24a3d9ff1c..5fd5143e7c 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/cros-devutils/cros-devutils-0.0.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/cros-devutils/cros-devutils-0.0.1.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI="4" -CROS_WORKON_COMMIT="c13826733534ba1e42671ca42bec56b1f6ba6ba0" +CROS_WORKON_COMMIT="72f475940f7a9b2228e1960cbce0d4b538b41527" CROS_WORKON_PROJECT="coreos/dev-util" CROS_WORKON_REPO="git://github.com" CROS_WORKON_LOCALNAME="dev" @@ -10,8 +10,8 @@ CROS_WORKON_LOCALDIR="src/platform" inherit cros-workon multilib python -DESCRIPTION="Development utilities for ChromiumOS" -HOMEPAGE="http://www.chromium.org/" +DESCRIPTION="Development utilities for CoreOS" +HOMEPAGE="http://coreos.com" LICENSE="GPL-2" SLOT="0" diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/gmerge/gmerge-0.0.1-r564.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/gmerge/gmerge-0.0.1-r565.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/gmerge/gmerge-0.0.1-r564.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/gmerge/gmerge-0.0.1-r565.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/gmerge/gmerge-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/gmerge/gmerge-0.0.1.ebuild index 089160896e..1a79f78bb6 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/gmerge/gmerge-0.0.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/gmerge/gmerge-0.0.1.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI="4" -CROS_WORKON_COMMIT="c13826733534ba1e42671ca42bec56b1f6ba6ba0" +CROS_WORKON_COMMIT="72f475940f7a9b2228e1960cbce0d4b538b41527" CROS_WORKON_PROJECT="coreos/dev-util" CROS_WORKON_LOCALNAME="dev" CROS_WORKON_REPO="git://github.com" diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-0.0.1-r377.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-0.0.1-r378.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-0.0.1-r377.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-0.0.1-r378.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-0.0.1.ebuild index 629d2e73c8..05d11e9379 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-0.0.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-0.0.1.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI="4" -CROS_WORKON_COMMIT="0db9ec826cd605fd9cc5dd576ecddeba0d3ec3e5" +CROS_WORKON_COMMIT="a71fdb93c89d6f716f36c30ff79b7089f4a3f3f5" CROS_WORKON_PROJECT="coreos/update_engine" CROS_WORKON_REPO="git://github.com" diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/vboot_reference/vboot_reference-1.0-r869.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/vboot_reference/vboot_reference-1.0-r870.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/vboot_reference/vboot_reference-1.0-r869.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/vboot_reference/vboot_reference-1.0-r870.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/vboot_reference/vboot_reference-1.0.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/vboot_reference/vboot_reference-1.0.ebuild index f53aaee982..835ec7280d 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/vboot_reference/vboot_reference-1.0.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/vboot_reference/vboot_reference-1.0.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI="4" -CROS_WORKON_COMMIT="eae86599ec97213565a0e9caeac1775e6c118e3f" +CROS_WORKON_COMMIT="db08bec32eb103072824a3c98070306511ff868b" CROS_WORKON_PROJECT="coreos/vboot_reference" CROS_WORKON_REPO="git://github.com" From 3970d28b5aa5548e23647b873925c315e8f4ef81 Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Fri, 26 Jul 2013 10:38:33 -0700 Subject: [PATCH 4/7] fix(*): move /home/core/user to /home/core --- .../{coreos-base-0-r60.ebuild => coreos-base-0-r61.ebuild} | 0 .../coreos-base/coreos-base/coreos-base-0.ebuild | 6 +++++- .../coreos-overlay/coreos-base/gmerge/gmerge-9999.ebuild | 4 +++- .../coreos-base/oem-ami/files/install-ec2-key.sh | 2 +- .../{oem-ami-0.0.1-r6.ebuild => oem-ami-0.0.1-r7.ebuild} | 0 .../coreos-overlay/coreos/config/make.conf.common-target | 2 +- .../coreos-overlay/dev-db/etcd/files/coreos-c10n | 4 ++-- 7 files changed, 12 insertions(+), 6 deletions(-) rename sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/{coreos-base-0-r60.ebuild => coreos-base-0-r61.ebuild} (100%) rename sdk_container/src/third_party/coreos-overlay/coreos-base/oem-ami/{oem-ami-0.0.1-r6.ebuild => oem-ami-0.0.1-r7.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0-r60.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0-r61.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0-r60.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0-r61.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild index 7819f209f7..6231f02418 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild @@ -106,6 +106,10 @@ src_install() { # target-specific fun if ! use cros_host ; then + # Add a /srv directory for mounting into later + dodir /srv + keepdir /srv + dodir /bin /usr/bin # Make mount work in the way systemd prescribes @@ -165,7 +169,7 @@ pkg_postinst() { # build roots we copy over the user entries if they already exist. local system_user="core" local system_id="1000" - local system_home="/home/${system_user}/user" + local system_home="/home/${system_user}" # Add a chronos-access group to provide non-chronos users, # mostly system daemons running as a non-chronos user, group permissions # to access files/directories owned by chronos. diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/gmerge/gmerge-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/gmerge/gmerge-9999.ebuild index 5edbde3515..8bf1cf05d6 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/gmerge/gmerge-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/gmerge/gmerge-9999.ebuild @@ -2,8 +2,10 @@ # Distributed under the terms of the GNU General Public License v2 EAPI="4" -CROS_WORKON_PROJECT="chromiumos/platform/dev-util" +CROS_WORKON_PROJECT="coreos/dev-util" +CROS_WORKON_REPO="git://github.com" CROS_WORKON_LOCALNAME="dev" +CROS_WORKON_LOCALDIR="src/platform" inherit cros-workon diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-ami/files/install-ec2-key.sh b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-ami/files/install-ec2-key.sh index a7cda709fa..6144e1b120 100755 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-ami/files/install-ec2-key.sh +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-ami/files/install-ec2-key.sh @@ -2,7 +2,7 @@ /usr/bin/block-until-url http://169.254.169.254/ -USER_DIR="/home/core/user" +USER_DIR="/home/core" if [ ! -d ${USER_DIR}/.ssh ] ; then mkdir -p ${USER_DIR}/.ssh diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-ami/oem-ami-0.0.1-r6.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-ami/oem-ami-0.0.1-r7.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/oem-ami/oem-ami-0.0.1-r6.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/oem-ami/oem-ami-0.0.1-r7.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/make.conf.common-target b/sdk_container/src/third_party/coreos-overlay/coreos/config/make.conf.common-target index f846f7f06b..77c7844678 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos/config/make.conf.common-target +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/make.conf.common-target @@ -55,7 +55,7 @@ DISTDIR="/var/lib/portage/distfiles-target" # Username and home directory of the shared user. SHARED_USER_NAME="core" -SHARED_USER_HOME="/home/core/user" +SHARED_USER_HOME="/home/core" SHARED_USER_PASSWD_FILE="/etc/shared_user_passwd.txt" # the AC_FUNC_WAIT3 macro uses runtime-checks for the function, which diff --git a/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/coreos-c10n b/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/coreos-c10n index c5afd82baa..e264dd9079 100755 --- a/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/coreos-c10n +++ b/sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/coreos-c10n @@ -22,9 +22,9 @@ if [ $? -eq 0 ] && [ ! -z "$USER_DATA" ]; then # validate ssh key ssh-keygen -l -f $TMP > /dev/null 2>&1 if [ $? -eq 0 ]; then - cat $TMP >> /home/core/user/.ssh/authorized_keys + cat $TMP >> /home/core/.ssh/authorized_keys echo "SSH key updated" - chown -R core: /home/core/user/.ssh/ + chown -R core: /home/core/.ssh/ else echo "Not a valid ssh key" fi From 8bb371377f6b9d19ccd00e7c4382e282c416a61d Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Fri, 26 Jul 2013 10:46:33 -0700 Subject: [PATCH 5/7] fix(coreos-base): move images/dev to overlays/usr/local --- ...oreos-init-0.0.1-r10.ebuild => coreos-init-0.0.1-r11.ebuild} | 0 .../coreos-base/coreos-init/coreos-init-0.0.1.ebuild | 2 +- ...vutils-0.0.1-r521.ebuild => cros-devutils-0.0.1-r522.ebuild} | 0 .../coreos-base/cros-devutils/cros-devutils-0.0.1.ebuild | 2 +- 4 files changed, 2 insertions(+), 2 deletions(-) rename sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/{coreos-init-0.0.1-r10.ebuild => coreos-init-0.0.1-r11.ebuild} (100%) rename sdk_container/src/third_party/coreos-overlay/coreos-base/cros-devutils/{cros-devutils-0.0.1-r521.ebuild => cros-devutils-0.0.1-r522.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1-r10.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1-r11.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1-r10.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1-r11.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1.ebuild index 4796080308..813ee0848c 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1.ebuild @@ -3,7 +3,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI="4" -CROS_WORKON_COMMIT="1f2cd73df612360c8c1910f6e9ca7bd3732c2dec" +CROS_WORKON_COMMIT="846047ef0d082a660288276ff93d158346258dce" CROS_WORKON_PROJECT="coreos/init" CROS_WORKON_LOCALNAME="init" diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/cros-devutils/cros-devutils-0.0.1-r521.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/cros-devutils/cros-devutils-0.0.1-r522.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/cros-devutils/cros-devutils-0.0.1-r521.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/cros-devutils/cros-devutils-0.0.1-r522.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/cros-devutils/cros-devutils-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/cros-devutils/cros-devutils-0.0.1.ebuild index 5fd5143e7c..7f33e5ca28 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/cros-devutils/cros-devutils-0.0.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/cros-devutils/cros-devutils-0.0.1.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI="4" -CROS_WORKON_COMMIT="72f475940f7a9b2228e1960cbce0d4b538b41527" +CROS_WORKON_COMMIT="1ba18f0a0ebbe7677de65b0ccf035aa05bc56024" CROS_WORKON_PROJECT="coreos/dev-util" CROS_WORKON_REPO="git://github.com" CROS_WORKON_LOCALNAME="dev" From aa944b9be221e21dbf016543eb9a260a63d872c2 Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Fri, 26 Jul 2013 11:09:51 -0700 Subject: [PATCH 6/7] fix(coreos-installer): get dev image location fix --- .../coreos-base/coreos-installer/coreos-installer-0.0.1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-installer/coreos-installer-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-installer/coreos-installer-0.0.1.ebuild index 601d5aaa6f..97556e9ebe 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-installer/coreos-installer-0.0.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-installer/coreos-installer-0.0.1.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI="4" -CROS_WORKON_COMMIT="de7fdece8274523985aced8f2f46462f910a3b53" +CROS_WORKON_COMMIT="c7232f27aef96a59e81fb48974a815521c5a488e" CROS_WORKON_PROJECT="coreos/installer" CROS_WORKON_LOCALNAME="installer" CROS_WORKON_OUTOFTREE_BUILD=1 From 2e0a3d9a2e1686c40c367a3a01f72583dc5642f0 Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Fri, 26 Jul 2013 11:28:43 -0700 Subject: [PATCH 7/7] bump(coreos-init): create /srv and /opt --- .../coreos-base/coreos-init/coreos-init-0.0.1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1.ebuild index 813ee0848c..a0e7496dfa 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1.ebuild @@ -3,7 +3,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI="4" -CROS_WORKON_COMMIT="846047ef0d082a660288276ff93d158346258dce" +CROS_WORKON_COMMIT="defdf1c8856372681c6e0be318beec8af7eb36be" CROS_WORKON_PROJECT="coreos/init" CROS_WORKON_LOCALNAME="init"