From e91f84ce519318eb4f8ae1eddca24d02258ae45f Mon Sep 17 00:00:00 2001 From: Sayan Chowdhury Date: Tue, 22 Aug 2023 15:03:48 +0530 Subject: [PATCH] sys-apps/systemd: Sync with Gentoo It's from Gentoo commit 2dcfd6ce1952b2c37fefd04fe11cfbb1ef8ebe41. --- .../sys-apps/systemd/CHECKLIST.md | 2 - .../coreos-overlay/sys-apps/systemd/Manifest | 8 +- .../0001-wait-online-set-any-by-default.patch | 32 - ...fault-to-kernel-IPForwarding-setting.patch | 24 - ...ate-don-t-require-strictly-newer-usr.patch | 58 -- ...004-core-use-max-for-DefaultTasksMax.patch | 64 -- ...d-Disable-SELinux-permissions-checks.patch | 29 - ...-Pass-tty-to-use-by-agetty-via-stdin.patch | 95 --- ...s-Keep-using-old-journal-file-format.patch | 40 -- .../files/252-no-stack-protector-bpf.patch | 26 - .../sys-apps/systemd/files/99-default.preset | 2 - .../files/gentoo-journald-audit-r1.patch | 51 ++ .../systemd/files/gentoo-journald-audit.patch | 40 -- ...entoo-systemctl-disable-sysv-sync-r1.patch | 25 - .../sys-apps/systemd/files/legacy.conf | 3 + .../sys-apps/systemd/files/nsswitch.conf | 27 + .../files/systemd-253-initrd-generators.patch | 34 + ...atch => systemd-253.5-services-stop.patch} | 16 +- ...stemd-254.1-tmpfiles-setup-dev-early.patch | 252 +++++++ .../systemd/files/systemd-flatcar.conf | 19 - .../systemd/files/systemd-resolv.conf | 2 - .../sys-apps/systemd/files/systemd-user.pam | 5 + .../sys-apps/systemd/metadata.xml | 1 + .../systemd/systemd-252.3.ebuild.html | 650 ++++++++++++++++++ ...2.11-r1.ebuild => systemd-253.3-r1.ebuild} | 301 ++------ .../sys-apps/systemd/systemd-253.4.ebuild | 512 ++++++++++++++ .../sys-apps/systemd/systemd-253.5-r1.ebuild | 515 ++++++++++++++ .../sys-apps/systemd/systemd-253.5.ebuild | 512 ++++++++++++++ .../sys-apps/systemd/systemd-253.6.ebuild | 514 ++++++++++++++ .../sys-apps/systemd/systemd-253.7.ebuild | 514 ++++++++++++++ .../sys-apps/systemd/systemd-253.8.ebuild | 514 ++++++++++++++ .../sys-apps/systemd/systemd-254.1-r1.ebuild | 526 ++++++++++++++ .../sys-apps/systemd/systemd-9999.ebuild | 498 ++++++++++++++ 33 files changed, 5193 insertions(+), 718 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/CHECKLIST.md delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-wait-online-set-any-by-default.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-networkd-default-to-kernel-IPForwarding-setting.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0003-needs-update-don-t-require-strictly-newer-usr.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-core-use-max-for-DefaultTasksMax.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-systemd-Disable-SELinux-permissions-checks.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-units-Keep-using-old-journal-file-format.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/252-no-stack-protector-bpf.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-default.preset create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/gentoo-journald-audit-r1.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/gentoo-journald-audit.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync-r1.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/legacy.conf create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/nsswitch.conf create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-253-initrd-generators.patch rename sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/{0008-Revert-core-service-when-resetting-PID-also-reset-known.patch => systemd-253.5-services-stop.patch} (77%) create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-254.1-tmpfiles-setup-dev-early.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-resolv.conf create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-user.pam create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-252.3.ebuild.html rename sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/{systemd-252.11-r1.ebuild => systemd-253.3-r1.ebuild} (53%) create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.4.ebuild create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.5-r1.ebuild create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.5.ebuild create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.6.ebuild create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.7.ebuild create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.8.ebuild create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-254.1-r1.ebuild create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/CHECKLIST.md b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/CHECKLIST.md deleted file mode 100644 index df01f3aea5..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/CHECKLIST.md +++ /dev/null @@ -1,2 +0,0 @@ -- Check that the `systemd-sysext.service`'s `ConditionDirectoryNotEmpty` entries are correctly reflected in `flatcar/init:systemd/system/ensure-sysext.service` -- Check if our preset setup in `multilib_src_install_all` is in sync with `systemd/systemd:presets/90-systemd.preset`. diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest index 43ddd12fcd..58410ec5f1 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest @@ -1 +1,7 @@ -DIST systemd-stable-252.11.tar.gz 11845530 BLAKE2B 5c4492040640d09248d4ec775e8bfca5dbe81d42f4fbda6ecb120271624c19d84eeacd0e93dd018fbab714a29954d50898a93238179948927e466b345446bc9a SHA512 f64c452b028eb8c6342a7e3b943fc22adb04bcfe00790dd91827604bf8746b5cf87fbffd666f408b1a89ed999dec2629533b92d02bec560406ea03313fc41206 +DIST systemd-stable-253.3.tar.gz 11996044 BLAKE2B fdbac11914ea4a3718dd48c19f0dc34db798e68f36e2e858536e4ef50e376380a250ad59dbbd1ccec4ed73e59efd198dcc0aa85faafa9d6f85d4b2e1de67ccfa SHA512 2c686d83b8b09efa09e09c82feb965f3cfceb6338e42b57d4133dc9ffe52592c67bce9bc9e294c69bc831294e3cbdcc391aba778f10d7b408cef90a85c0ab8aa +DIST systemd-stable-253.4.tar.gz 12010733 BLAKE2B 166ce3f089a9fc3d5d374566258d05ddc9ad1e6a06f5d171ee4e3462e30dd996ed45eccac9e27a8ce75ddf591d81ad2af8ce3bd214709cc0b816422f3960f52a SHA512 cbd572330871fe938307cdead57637e9a03fcdb95b62dd12506f13f48fddcacfaf1e7b179bc9e1c1889a07d3bf21f840aafc773df3a1ab05b37d28950cb94ee1 +DIST systemd-stable-253.5.tar.gz 12015672 BLAKE2B 3b09bc1a63bc3321c51ea05080f95958ab55064596c13ab967a182cdaace302cc85c19e2cdabd9bdc8ba0a1a04999ae588fbce2fe2626c0f792ee22836feddf4 SHA512 39709b485cd9287e26ac8e973fa1692b280bec3b96e1da6667e4a4f2ac2228aa072b22802720a254698d32c82f5306d7feb32229e4b6d54cc0e2b1e2caa4cc2e +DIST systemd-stable-253.6.tar.gz 12069024 BLAKE2B 7dfb28127bf6c091180a6cfbae1eb657b99896920cc6b74d1e86586f51bf312d6c2647582a635a479048cadceb0b5ed508918ddff42b2639cec6234a656762f4 SHA512 c81f7ac0cca9073878026d6a3024ebad8bf38c4745fe7bac5a156906ba9fd7b78b90fdc69376821c9927dd60173dd6604684e2ea7dcb55dc2e60a0e20ee01735 +DIST systemd-stable-253.7.tar.gz 12111722 BLAKE2B 2007653c264d615fbef52cd91d173597f175ba05c1b961c6035d51c1a28ff663151a72d858115536c316a2644d880dfe94e6d00809bf3a2abe3e2f5532df565b SHA512 6935508f511930d6e980a7f0a3319295acbbc482cbce4f8f407af399259fe04b095dabd470f8825d84328a7d0f39efe6d5926022c1bdf18ec7fffe43b2586aa1 +DIST systemd-stable-253.8.tar.gz 12112413 BLAKE2B 0edf5d2fdb47ef4c2fd9257642a719cb3cf70096d74ae0002f4df2696f3efd591ddf239f2ac9762aa53ebcee5bf31295739f8176313b8260e97fe99cc51722f6 SHA512 628db658ccf01e6cf09c6832735ad08c3d0dd906798e3366d42621fb08ad8b72aa7a51ae4874d76acf6c56282c63dc5fdce677cde3d4e102ce0036571ccabcc4 +DIST systemd-stable-254.1.tar.gz 14324840 BLAKE2B 10a72db38dae1dd13440f6d59c629b515bfb32f1708efeb6b9134b17887cc0c5af47c184b9a7d3c9be1ecbf8be16ea2682f84c44afd4702ce12861a143e8347a SHA512 eb2f4a95c890792fe11080e8dafc1eb4588ee98a3084d28083c4dd1f97962f56188c41641708c23267d01f1431821e823e1b89012f90d6ede80a12a0ce11a6d7 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-wait-online-set-any-by-default.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-wait-online-set-any-by-default.patch deleted file mode 100644 index d72a506d4f..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-wait-online-set-any-by-default.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 02ebe43df912c7090a155484fbd1b422c4f438f4 Mon Sep 17 00:00:00 2001 -From: David Michael -Date: Tue, 16 Apr 2019 02:44:51 +0000 -Subject: [PATCH 1/7] wait-online: set --any by default - -The systemd-networkd-wait-online command would normally continue -waiting after a network interface is usable if other interfaces are -still configuring. There is a new flag --any to change this. - -Preserve previous Container Linux behavior for compatibility by -setting the --any flag by default. See patches from v241 (or -earlier) for the original implementation. ---- - src/network/wait-online/wait-online.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/network/wait-online/wait-online.c b/src/network/wait-online/wait-online.c -index a679b858fa..3b6dad8d1d 100644 ---- a/src/network/wait-online/wait-online.c -+++ b/src/network/wait-online/wait-online.c -@@ -20,7 +20,7 @@ static Hashmap *arg_interfaces = NULL; - static char **arg_ignore = NULL; - static LinkOperationalStateRange arg_required_operstate = { _LINK_OPERSTATE_INVALID, _LINK_OPERSTATE_INVALID }; - static AddressFamily arg_required_family = ADDRESS_FAMILY_NO; --static bool arg_any = false; -+static bool arg_any = true; - - STATIC_DESTRUCTOR_REGISTER(arg_interfaces, hashmap_free_free_freep); - STATIC_DESTRUCTOR_REGISTER(arg_ignore, strv_freep); --- -2.25.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-networkd-default-to-kernel-IPForwarding-setting.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-networkd-default-to-kernel-IPForwarding-setting.patch deleted file mode 100644 index a6fde47f6f..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-networkd-default-to-kernel-IPForwarding-setting.patch +++ /dev/null @@ -1,24 +0,0 @@ -From e124d3716ada4fc7c34278435a61d51b07b61024 Mon Sep 17 00:00:00 2001 -From: Nick Owens -Date: Tue, 2 Jun 2015 18:22:32 -0700 -Subject: [PATCH 2/7] networkd: default to "kernel" IPForwarding setting - ---- - src/network/networkd-network.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c -index a6c5b44238..54f9d12fec 100644 ---- a/src/network/networkd-network.c -+++ b/src/network/networkd-network.c -@@ -465,6 +465,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi - .link_local = _ADDRESS_FAMILY_INVALID, - .ipv6ll_address_gen_mode = _IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_INVALID, - -+ .ip_forward = _ADDRESS_FAMILY_INVALID, - .ipv4_accept_local = -1, - .ipv4_route_localnet = -1, - .ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO, --- -2.25.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0003-needs-update-don-t-require-strictly-newer-usr.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0003-needs-update-don-t-require-strictly-newer-usr.patch deleted file mode 100644 index 96f030a3cf..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0003-needs-update-don-t-require-strictly-newer-usr.patch +++ /dev/null @@ -1,58 +0,0 @@ -From a8366f0ddffabef08c010064ea62e64d7276a0f3 Mon Sep 17 00:00:00 2001 -From: Alex Crawford -Date: Wed, 2 Mar 2016 10:46:33 -0800 -Subject: [PATCH 3/7] needs-update: don't require strictly newer usr - -Updates should be triggered whenever usr changes, not only when it is newer. ---- - man/systemd-update-done.service.xml | 2 +- - src/shared/condition.c | 6 +++--- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/man/systemd-update-done.service.xml b/man/systemd-update-done.service.xml -index 3393010ff6..5478baca25 100644 ---- a/man/systemd-update-done.service.xml -+++ b/man/systemd-update-done.service.xml -@@ -50,7 +50,7 @@ - ConditionNeedsUpdate= (see - systemd.unit5) - condition to make sure to run when /etc/ or -- /var/ are older than /usr/ -+ /var/ aren't the same age as /usr/ - according to the modification times of the files described above. - This requires that updates to /usr/ are always - followed by an update of the modification time of -diff --git a/src/shared/condition.c b/src/shared/condition.c -index a23d6a3e45..8ca1f4606f 100644 ---- a/src/shared/condition.c -+++ b/src/shared/condition.c -@@ -792,7 +792,7 @@ static int condition_test_needs_update(Condition *c, char **env) { - * First, compare seconds as they are always accurate... - */ - if (usr.st_mtim.tv_sec != other.st_mtim.tv_sec) -- return usr.st_mtim.tv_sec > other.st_mtim.tv_sec; -+ return true; - - /* - * ...then compare nanoseconds. -@@ -803,7 +803,7 @@ static int condition_test_needs_update(Condition *c, char **env) { - * (otherwise the filesystem supports nsec timestamps, see stat(2)). - */ - if (usr.st_mtim.tv_nsec == 0 || other.st_mtim.tv_nsec > 0) -- return usr.st_mtim.tv_nsec > other.st_mtim.tv_nsec; -+ return usr.st_mtim.tv_nsec != other.st_mtim.tv_nsec; - - _cleanup_free_ char *timestamp_str = NULL; - r = parse_env_file(NULL, p, "TIMESTAMP_NSEC", ×tamp_str); -@@ -823,7 +823,7 @@ static int condition_test_needs_update(Condition *c, char **env) { - return true; - } - -- return timespec_load_nsec(&usr.st_mtim) > timestamp; -+ return timespec_load_nsec(&usr.st_mtim) != timestamp; - } - - static int condition_test_first_boot(Condition *c, char **env) { --- -2.25.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-core-use-max-for-DefaultTasksMax.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-core-use-max-for-DefaultTasksMax.patch deleted file mode 100644 index f6e75517eb..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-core-use-max-for-DefaultTasksMax.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 7f71d79cc1cac4dc509cecb2f5c00b6dcfd7732b Mon Sep 17 00:00:00 2001 -From: Sayan Chowdhury -Date: Thu, 22 Apr 2021 20:08:33 +0530 -Subject: [PATCH 4/7] core: use max for DefaultTasksMax - -Since systemd v228, systemd has a DefaultTasksMax which defaulted -to 512, later 15% of the system's maximum number of PIDs. This -limit is low and a change in behavior that people running services -in containers will hit frequently, so revert to previous behavior. - -Though later the TasksMax was changed in the a dynamic property to -accommodate stale values. - -This change is built on previous patch by David Michael(dm0-). - -Signed-off-by: Sayan Chowdhury ---- - man/systemd-system.conf.xml | 2 +- - src/core/main.c | 2 +- - src/core/system.conf.in | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml -index ac21c31d9a..39323f6a55 100644 ---- a/man/systemd-system.conf.xml -+++ b/man/systemd-system.conf.xml -@@ -461,7 +461,7 @@ - Configure the default value for the per-unit TasksMax= setting. See - systemd.resource-control5 - for details. This setting applies to all unit types that support resource control settings, with the exception -- of slice units. Defaults to 15% of the minimum of kernel.pid_max=, kernel.threads-max= -+ of slice units. Defaults to 100% of the minimum of kernel.pid_max=, kernel.threads-max= - and root cgroup pids.max. - Kernel has a default value for kernel.pid_max= and an algorithm of counting in case of more than 32 cores. - For example with the default kernel.pid_max=, DefaultTasksMax= defaults to 4915, -diff --git a/src/core/main.c b/src/core/main.c -index a3fdd1dfe1..9b79308397 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -100,7 +100,7 @@ - #include - #endif - --#define DEFAULT_TASKS_MAX ((TasksMax) { 15U, 100U }) /* 15% */ -+#define DEFAULT_TASKS_MAX ((TasksMax) { 100U, 100U }) /* 100% */ - - static enum { - ACTION_RUN, -diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index 71a5869ec0..92fe35b2d6 100644 ---- a/src/core/system.conf.in -+++ b/src/core/system.conf.in -@@ -56,7 +56,7 @@ - #DefaultIPAccounting=no - #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }} - #DefaultTasksAccounting=yes --#DefaultTasksMax=15% -+#DefaultTasksMax=100% - #DefaultLimitCPU= - #DefaultLimitFSIZE= - #DefaultLimitDATA= --- -2.25.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-systemd-Disable-SELinux-permissions-checks.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-systemd-Disable-SELinux-permissions-checks.patch deleted file mode 100644 index 75d421ea08..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-systemd-Disable-SELinux-permissions-checks.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 0a5e52f5511cd7a5312d06abff12bc432bdedc96 Mon Sep 17 00:00:00 2001 -From: Matthew Garrett -Date: Tue, 20 Dec 2016 16:43:22 +0000 -Subject: [PATCH 5/7] systemd: Disable SELinux permissions checks - -We don't care about the interaction between systemd and SELinux policy, so -let's just disable these checks rather than having to incorporate policy -support. This has no impact on our SELinux use-case, which is purely intended -to limit containers and not anything running directly on the host. ---- - src/core/selinux-access.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c -index 11dbf4640e..c839a4f39e 100644 ---- a/src/core/selinux-access.c -+++ b/src/core/selinux-access.c -@@ -2,7 +2,7 @@ - - #include "selinux-access.h" - --#if HAVE_SELINUX -+#if 0 - - #include - #include --- -2.25.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch deleted file mode 100644 index 6c4f35cff4..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch +++ /dev/null @@ -1,95 +0,0 @@ -From ede353ea720f07b7b19fa638d5a59a7471237e2d Mon Sep 17 00:00:00 2001 -From: Sayan Chowdhury -Date: Fri, 16 Dec 2022 16:28:26 +0530 -Subject: [PATCH 6/7] Revert "getty: Pass tty to use by agetty via stdin" - -This reverts commit b4bf9007cbee7dc0b1356897344ae2a7890df84c. - -This is to work around a SELinux denial that happens when setting up standard -input for serial consoles (which is used for SSH connections). - -Signed-off-by: Sayan Chowdhury ---- - units/console-getty.service.in | 4 +--- - units/container-getty@.service.in | 4 +--- - units/getty@.service.in | 4 +--- - units/serial-getty@.service.in | 4 +--- - 4 files changed, 4 insertions(+), 12 deletions(-) - -diff --git a/units/console-getty.service.in b/units/console-getty.service.in -index 606b7dbe16..54fd7c292d 100644 ---- a/units/console-getty.service.in -+++ b/units/console-getty.service.in -@@ -22,12 +22,10 @@ ConditionPathExists=/dev/console - [Service] - # The '-o' option value tells agetty to replace 'login' arguments with an option to preserve environment (-p), - # followed by '--' for safety, and then the entered username. --ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud - 115200,38400,9600 $TERM -+ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud console 115200,38400,9600 $TERM - Type=idle - Restart=always - UtmpIdentifier=cons --StandardInput=tty --StandardOutput=tty - TTYPath=/dev/console - TTYReset=yes - TTYVHangup=yes -diff --git a/units/container-getty@.service.in b/units/container-getty@.service.in -index 8d7e20d5ec..5f095f48b0 100644 ---- a/units/container-getty@.service.in -+++ b/units/container-getty@.service.in -@@ -27,13 +27,11 @@ Before=rescue.service - [Service] - # The '-o' option value tells agetty to replace 'login' arguments with an option to preserve environment (-p), - # followed by '--' for safety, and then the entered username. --ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear - $TERM -+ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud pts/%I 115200,38400,9600 $TERM - Type=idle - Restart=always - RestartSec=0 - UtmpIdentifier=pts/%I --StandardInput=tty --StandardOutput=tty - TTYPath=/dev/pts/%I - TTYReset=yes - TTYVHangup=yes -diff --git a/units/getty@.service.in b/units/getty@.service.in -index 21d66f9367..78deb7cffe 100644 ---- a/units/getty@.service.in -+++ b/units/getty@.service.in -@@ -38,13 +38,11 @@ ConditionPathExists=/dev/tty0 - # The '-o' option value tells agetty to replace 'login' arguments with an - # option to preserve environment (-p), followed by '--' for safety, and then - # the entered username. --ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear - $TERM -+ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear %I $TERM - Type=idle - Restart=always - RestartSec=0 - UtmpIdentifier=%I --StandardInput=tty --StandardOutput=tty - TTYPath=/dev/%I - TTYReset=yes - TTYVHangup=yes -diff --git a/units/serial-getty@.service.in b/units/serial-getty@.service.in -index 2433124c55..bb7af3105d 100644 ---- a/units/serial-getty@.service.in -+++ b/units/serial-getty@.service.in -@@ -33,12 +33,10 @@ Before=rescue.service - # The '-o' option value tells agetty to replace 'login' arguments with an - # option to preserve environment (-p), followed by '--' for safety, and then - # the entered username. --ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,57600,38400,9600 - $TERM -+ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,57600,38400,9600 %I $TERM - Type=idle - Restart=always - UtmpIdentifier=%I --StandardInput=tty --StandardOutput=tty - TTYPath=/dev/%I - TTYReset=yes - TTYVHangup=yes --- -2.25.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-units-Keep-using-old-journal-file-format.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-units-Keep-using-old-journal-file-format.patch deleted file mode 100644 index 683cc5b0a4..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-units-Keep-using-old-journal-file-format.patch +++ /dev/null @@ -1,40 +0,0 @@ -From ff9f1aa2ab7d707c57008f406186c45cd9858228 Mon Sep 17 00:00:00 2001 -From: Krzesimir Nowak -Date: Tue, 7 Feb 2023 11:33:44 +0100 -Subject: [PATCH 7/7] units: Keep using old journal file format - -Systemd 252 made an incompatible change in journal file format. Temporarily -force journald to use the old journal format to give logging containers more -time to adapt to the new format. ---- - units/systemd-journald.service.in | 1 + - units/systemd-journald@.service.in | 1 + - 2 files changed, 2 insertions(+) - -diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in -index 38ba3e2856..e7f671e070 100644 ---- a/units/systemd-journald.service.in -+++ b/units/systemd-journald.service.in -@@ -22,6 +22,7 @@ IgnoreOnIsolate=yes - - [Service] - DeviceAllow=char-* rw -+Environment=SYSTEMD_JOURNAL_COMPACT=0 - ExecStart={{ROOTLIBEXECDIR}}/systemd-journald - FileDescriptorStoreMax=4224 - IPAddressDeny=any -diff --git a/units/systemd-journald@.service.in b/units/systemd-journald@.service.in -index 35c998285f..9f7c6a2b3f 100644 ---- a/units/systemd-journald@.service.in -+++ b/units/systemd-journald@.service.in -@@ -16,6 +16,7 @@ After=systemd-journald@%i.socket systemd-journald-varlink@%i.socket - [Service] - CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE - DevicePolicy=closed -+Environment=SYSTEMD_JOURNAL_COMPACT=0 - ExecStart={{ROOTLIBEXECDIR}}/systemd-journald %i - FileDescriptorStoreMax=4224 - Group=systemd-journal --- -2.25.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/252-no-stack-protector-bpf.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/252-no-stack-protector-bpf.patch deleted file mode 100644 index 4e4d1a1baf..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/252-no-stack-protector-bpf.patch +++ /dev/null @@ -1,26 +0,0 @@ -https://github.com/systemd/systemd/pull/26050 - -From d6a0784a350fb27698ed04f7ada17137324b31bb Mon Sep 17 00:00:00 2001 -From: Sam James -Date: Fri, 13 Jan 2023 05:17:56 +0000 -Subject: [PATCH] bpf: disable -fstack-protector in meson - -In Gentoo, we recently started making Clang behave the same way as -our GCC, with -fstack-protector and some friends enabled by default. - -SSP doesn't make sense for BPF, so disable it explicitly. - -See also e.g. https://www.spinics.net/lists/netdev/msg556400.html. - -Bug: https://bugs.gentoo.org/890004 ---- a/src/core/bpf/meson.build -+++ b/src/core/bpf/meson.build -@@ -7,6 +7,7 @@ endif - bpf_clang_flags = [ - '-std=gnu11', - '-Wno-compare-distinct-pointer-types', -+ '-fno-stack-protector', - '-O2', - '-target', - 'bpf', - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-default.preset b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-default.preset deleted file mode 100644 index d2545d5d1d..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-default.preset +++ /dev/null @@ -1,2 +0,0 @@ -# Do not enable any services if /etc is detected as empty. -disable * diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/gentoo-journald-audit-r1.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/gentoo-journald-audit-r1.patch new file mode 100644 index 0000000000..b5c32df788 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/gentoo-journald-audit-r1.patch @@ -0,0 +1,51 @@ +From 2de502ccff1cc780d9d29c4ff7e6c1e0f2d7a082 Mon Sep 17 00:00:00 2001 +From: Mike Gilbert +Date: Fri, 21 Aug 2020 13:16:17 -0400 +Subject: [PATCH] journald: do not change the kernel audit setting by default + +Bug: https://bugs.gentoo.org/736910 +--- + man/journald.conf.xml | 2 +- + src/journal/journald-server.c | 2 +- + src/journal/journald.conf | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/man/journald.conf.xml b/man/journald.conf.xml +index 50c33e4792..2e14674f42 100644 +--- a/man/journald.conf.xml ++++ b/man/journald.conf.xml +@@ -427,7 +427,7 @@ + kernel auditing on start-up. If disabled it will turn it off. If unset it will neither enable nor + disable it, leaving the previous state unchanged. This means if another tool turns on auditing even + if systemd-journald left it off, it will still collect the generated +- messages. Defaults to on. ++ messages. + + Note that this option does not control whether systemd-journald collects + generated audit records, it just controls whether it tells the kernel to generate them. If you need +diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c +index 022e12d83d..6b3d261af6 100644 +--- a/src/journal/journald-server.c ++++ b/src/journal/journald-server.c +@@ -2367,7 +2367,7 @@ int server_init(Server *s, const char *namespace) { + .compress.threshold_bytes = UINT64_MAX, + .seal = true, + +- .set_audit = true, ++ .set_audit = -1, + + .watchdog_usec = USEC_INFINITY, + +diff --git a/src/journal/journald.conf b/src/journal/journald.conf +index 5a60a9d39c..64156d5463 100644 +--- a/src/journal/journald.conf ++++ b/src/journal/journald.conf +@@ -44,4 +44,4 @@ + #MaxLevelWall=emerg + #LineMax=48K + #ReadKMsg=yes +-#Audit=yes ++#Audit= +-- +2.39.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/gentoo-journald-audit.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/gentoo-journald-audit.patch deleted file mode 100644 index 088bceb769..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/gentoo-journald-audit.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 593db1c78011ddce551051ce17eda6feac079b3d Mon Sep 17 00:00:00 2001 -From: Mike Gilbert -Date: Fri, 21 Aug 2020 13:16:17 -0400 -Subject: [PATCH] journald: do not change the kernel audit setting by default - -Bug: https://bugs.gentoo.org/736910 ---- - man/journald.conf.xml | 2 +- - src/journal/journald-server.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/man/journald.conf.xml b/man/journald.conf.xml -index bfd359a903..7e93d4050e 100644 ---- a/man/journald.conf.xml -+++ b/man/journald.conf.xml -@@ -411,7 +411,7 @@ - systemd-journald collects generated audit records, it just controls whether it - tells the kernel to generate them. This means if another tool turns on auditing even if - systemd-journald left it off, it will still collect the generated -- messages. Defaults to on. -+ messages. - - - -diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c -index 5865bf9809..163be685a8 100644 ---- a/src/journal/journald-server.c -+++ b/src/journal/journald-server.c -@@ -2208,7 +2208,7 @@ int server_init(Server *s, const char *namespace) { - .compress.threshold_bytes = (uint64_t) -1, - .seal = true, - -- .set_audit = true, -+ .set_audit = -1, - - .watchdog_usec = USEC_INFINITY, - --- -2.28.0 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync-r1.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync-r1.patch deleted file mode 100644 index a9d40be4ab..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync-r1.patch +++ /dev/null @@ -1,25 +0,0 @@ -From d9059d2ef1b0d6034267cc8ff44871d0f82f840f Mon Sep 17 00:00:00 2001 -From: Mike Gilbert -Date: Sun, 8 Nov 2020 12:34:11 -0500 -Subject: [PATCH] systemctl: disable synchronizaion of sysv init scripts - ---- - src/systemctl/systemctl-sysv-compat.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/systemctl/systemctl-sysv-compat.c b/src/systemctl/systemctl-sysv-compat.c -index 2dca9e480f..5dcf13ba17 100644 ---- a/src/systemctl/systemctl-sysv-compat.c -+++ b/src/systemctl/systemctl-sysv-compat.c -@@ -111,7 +111,7 @@ int parse_shutdown_time_spec(const char *t, usec_t *ret) { - int enable_sysv_units(const char *verb, char **args) { - int r = 0; - --#if HAVE_SYSV_COMPAT -+#if 0 - _cleanup_(lookup_paths_free) LookupPaths paths = {}; - unsigned f = 0; - --- -2.29.0 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/legacy.conf b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/legacy.conf new file mode 100644 index 0000000000..2d322e8869 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/legacy.conf @@ -0,0 +1,3 @@ +# Based on legacy.conf from systemd +d /run/lock +L /var/lock - - - - ../run/lock diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/nsswitch.conf b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/nsswitch.conf new file mode 100644 index 0000000000..91dbe757f9 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/nsswitch.conf @@ -0,0 +1,27 @@ +# Sample nss configuration for systemd + +# systemd-specific modules +# See the manual pages fore further information. +# nss-myhostname - host resolution for the local hostname +# nss-mymachines - host, user, group resolution for containers +# nss-resolve - host resolution using resolved +# nss-systemd - dynamic user/group resolution (DynamicUser in unit files) + +passwd: files mymachines systemd +shadow: files +group: files mymachines systemd +gshadow: files + +hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname +networks: files + +services: db files +protocols: db files +rpc: db files +ethers: db files +netmasks: files +netgroup: files +bootparams: files + +automount: files +aliases: files diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-253-initrd-generators.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-253-initrd-generators.patch new file mode 100644 index 0000000000..60e7b29d7a --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-253-initrd-generators.patch @@ -0,0 +1,34 @@ +https://bugs.gentoo.org/896364 + +Workaround for bug in sys-kernel/dracut. + +From 6b25470ee28843a49c50442e9d8a98edc842ceca Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 20 Feb 2023 12:00:30 +0900 +Subject: [PATCH] core/manager: run generators directly when we are in initrd + +Some initrd system write files at ourside of /run, /etc, or other +allowed places. This is a kind of workaround, but in most cases, such +sandboxing is not necessary as the filesystem is on ramfs when we are in +initrd. + +Fixes #26488. +--- + src/core/manager.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 7b394794b0d4..306477c6e6c2 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -3822,8 +3822,8 @@ static int manager_run_generators(Manager *m) { + /* If we are the system manager, we fork and invoke the generators in a sanitized mount namespace. If + * we are the user manager, let's just execute the generators directly. We might not have the + * necessary privileges, and the system manager has already mounted /tmp/ and everything else for us. +- */ +- if (MANAGER_IS_USER(m)) { ++ * If we are in initrd, let's also execute the generators directly, as we are in ramfs. */ ++ if (MANAGER_IS_USER(m) || in_initrd()) { + r = manager_execute_generators(m, paths, /* remount_ro= */ false); + goto finish; + } diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0008-Revert-core-service-when-resetting-PID-also-reset-known.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-253.5-services-stop.patch similarity index 77% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0008-Revert-core-service-when-resetting-PID-also-reset-known.patch rename to sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-253.5-services-stop.patch index b793894109..5f2c5aa889 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0008-Revert-core-service-when-resetting-PID-also-reset-known.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-253.5-services-stop.patch @@ -1,4 +1,7 @@ -From 34e834f496338fdc2a8a8cc771cba4082079cf9a Mon Sep 17 00:00:00 2001 +https://github.com/systemd/systemd-stable/issues/302 +https://github.com/systemd/systemd/pull/28000 + +From 5f7f82ba625ee48d662c1f0286f44b8b0918d05d Mon Sep 17 00:00:00 2001 From: msizanoen Date: Mon, 12 Jun 2023 10:30:12 +0700 Subject: [PATCH] Revert "core/service: when resetting PID also reset known @@ -20,17 +23,9 @@ the `cgroup_good` check to still succeed. The original submitter of this commit is recommended to find another more correct way to fix the cgroupsv1 issue on CentOS 8. - -(cherry picked from commit f29f0877c5abfd03060838d1812ea6fdff3b0b37) ---- - src/core/service.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/core/service.c b/src/core/service.c -index c05f13c765..211f72900e 100644 --- a/src/core/service.c +++ b/src/core/service.c -@@ -3529,7 +3529,6 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) { +@@ -3752,7 +3752,6 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) { return; s->main_pid = 0; @@ -38,3 +33,4 @@ index c05f13c765..211f72900e 100644 exec_status_exit(&s->main_exec_status, &s->exec_context, pid, code, status); if (s->main_command) { + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-254.1-tmpfiles-setup-dev-early.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-254.1-tmpfiles-setup-dev-early.patch new file mode 100644 index 0000000000..77f6e19fe6 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-254.1-tmpfiles-setup-dev-early.patch @@ -0,0 +1,252 @@ +https://github.com/systemd/systemd/pull/28784 +https://bugs.gentoo.org/911723 + +From bb7f485f4bddd57bbf50739bafa43d127bab59d6 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sat, 12 Aug 2023 07:54:32 +0900 +Subject: [PATCH] units: introduce systemd-tmpfiles-setup-dev-early.service + +This makes tmpfiles, sysusers, and udevd invoked in the following order: +1. systemd-tmpfiles-setup-dev-early.service + Create device nodes gracefully, that is, create device nodes anyway + by ignoring unknown users and groups. +2. systemd-sysusers.service + Create users and groups, to make later invocations of tmpfiles and + udevd can resolve necessary users and groups. +3. systemd-tmpfiles-setup-dev.service + Adjust owners of previously created device nodes. +4. systemd-udevd.service + Process all devices. Especially to make block devices active and can + be mountable. +5. systemd-tmpfiles-setup.service + Setup basic filesystem. + +Follow-up for b42482af904ae0b94a6e4501ec595448f0ba1c06. + +Fixes #28653. +Replaces #28681 and #28732. +--- + man/systemd-tmpfiles.xml | 3 + + test/TEST-17-UDEV/test.sh | 4 ++ + test/units/testsuite-17.00.sh | 57 +++++++++++++++++++ + units/kmod-static-nodes.service.in | 2 +- + units/meson.build | 5 ++ + units/systemd-sysusers.service | 2 + + .../systemd-tmpfiles-setup-dev-early.service | 25 ++++++++ + units/systemd-tmpfiles-setup-dev.service | 3 +- + units/systemd-tmpfiles-setup.service | 2 +- + 9 files changed, 100 insertions(+), 3 deletions(-) + create mode 100755 test/units/testsuite-17.00.sh + create mode 100644 units/systemd-tmpfiles-setup-dev-early.service + +diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml +index decd66d5c667..0db2a4b03b46 100644 +--- a/man/systemd-tmpfiles.xml ++++ b/man/systemd-tmpfiles.xml +@@ -19,6 +19,7 @@ + + systemd-tmpfiles + systemd-tmpfiles-setup.service ++ systemd-tmpfiles-setup-dev-early.service + systemd-tmpfiles-setup-dev.service + systemd-tmpfiles-clean.service + systemd-tmpfiles-clean.timer +@@ -35,6 +36,7 @@ + + System units: + systemd-tmpfiles-setup.service ++systemd-tmpfiles-setup-dev-early.service + systemd-tmpfiles-setup-dev.service + systemd-tmpfiles-clean.service + systemd-tmpfiles-clean.timer +@@ -64,6 +66,7 @@ + searched for a matching file and the file found that has the highest priority is executed. + + System services (systemd-tmpfiles-setup.service, ++ systemd-tmpfiles-setup-dev-early.service, + systemd-tmpfiles-setup-dev.service, + systemd-tmpfiles-clean.service) invoke systemd-tmpfiles to create + system files and to perform system wide cleanup. Those services read administrator-controlled +diff --git a/test/TEST-17-UDEV/test.sh b/test/TEST-17-UDEV/test.sh +index 6b8f08fc328a..f7a907549607 100755 +--- a/test/TEST-17-UDEV/test.sh ++++ b/test/TEST-17-UDEV/test.sh +@@ -8,5 +8,9 @@ TEST_NO_NSPAWN=1 + # shellcheck source=test/test-functions + . "${TEST_BASE_DIR:?}/test-functions" + ++test_append_files() { ++ instmods snd_seq snd_timer tun ++ generate_module_dependencies ++} + + do_test "$@" +diff --git a/test/units/testsuite-17.00.sh b/test/units/testsuite-17.00.sh +new file mode 100755 +index 000000000000..d2aec60b1326 +--- /dev/null ++++ b/test/units/testsuite-17.00.sh +@@ -0,0 +1,57 @@ ++#!/usr/bin/env bash ++# SPDX-License-Identifier: LGPL-2.1-or-later ++set -ex ++set -o pipefail ++ ++# shellcheck source=test/units/util.sh ++. "$(dirname "$0")"/util.sh ++ ++# Tests for issue #28588 and #28653. ++ ++# On boot, services need to be started in the following order: ++# 1. systemd-tmpfiles-setup-dev-early.service ++# 2. systemd-sysusers.service ++# 3. systemd-tmpfiles-setup-dev.service ++# 4. systemd-udevd.service ++ ++output="$(systemctl show --property After --value systemd-udevd.service)" ++assert_in "systemd-tmpfiles-setup-dev-early.service" "$output" ++assert_in "systemd-sysusers.service" "$output" ++assert_in "systemd-tmpfiles-setup-dev.service" "$output" ++ ++output="$(systemctl show --property After --value systemd-tmpfiles-setup-dev.service)" ++assert_in "systemd-tmpfiles-setup-dev-early.service" "$output" ++assert_in "systemd-sysusers.service" "$output" ++ ++output="$(systemctl show --property After --value systemd-sysusers.service)" ++assert_in "systemd-tmpfiles-setup-dev-early.service" "$output" ++ ++check_owner_and_mode() { ++ local dev=${1?} ++ local user=${2?} ++ local group=${3?} ++ local mode=${4:-} ++ ++ if [[ -e "$dev" ]]; then ++ assert_in "$user" "$(stat --format=%U "$dev")" ++ assert_in "$group" "$(stat --format=%G "$dev")" ++ if [[ -n "$mode" ]]; then ++ assert_in "$mode" "$(stat --format=%#0a "$dev")" ++ fi ++ fi ++ ++ return 0 ++} ++ ++# Check owner and access mode specified in static-nodes-permissions.conf ++check_owner_and_mode /dev/snd/seq root audio 0660 ++check_owner_and_mode /dev/snd/timer root audio 0660 ++check_owner_and_mode /dev/loop-control root disk 0660 ++check_owner_and_mode /dev/net/tun root root 0666 ++check_owner_and_mode /dev/fuse root root 0666 ++check_owner_and_mode /dev/vfio/vfio root root 0666 ++check_owner_and_mode /dev/kvm root kvm ++check_owner_and_mode /dev/vhost-net root kvm ++check_owner_and_mode /dev/vhost-vsock root kvm ++ ++exit 0 +diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in +index 777e82d16b90..70605d997e0a 100644 +--- a/units/kmod-static-nodes.service.in ++++ b/units/kmod-static-nodes.service.in +@@ -10,7 +10,7 @@ + [Unit] + Description=Create List of Static Device Nodes + DefaultDependencies=no +-Before=sysinit.target systemd-tmpfiles-setup-dev.service ++Before=sysinit.target systemd-tmpfiles-setup-dev-early.service + ConditionCapability=CAP_SYS_MODULE + ConditionFileNotEmpty=/lib/modules/%v/modules.devname + +diff --git a/units/meson.build b/units/meson.build +index 96ad1dc85016..20665e040874 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -544,6 +544,11 @@ units = [ + 'conditions' : ['ENABLE_TMPFILES'], + 'symlinks' : ['timers.target.wants/'], + }, ++ { ++ 'file' : 'systemd-tmpfiles-setup-dev-early.service', ++ 'conditions' : ['ENABLE_TMPFILES'], ++ 'symlinks' : ['sysinit.target.wants/'], ++ }, + { + 'file' : 'systemd-tmpfiles-setup-dev.service', + 'conditions' : ['ENABLE_TMPFILES'], +diff --git a/units/systemd-sysusers.service b/units/systemd-sysusers.service +index 84fd66de37aa..de6c71a03825 100644 +--- a/units/systemd-sysusers.service ++++ b/units/systemd-sysusers.service +@@ -16,6 +16,8 @@ ConditionCredential=|sysusers.extra + + DefaultDependencies=no + After=systemd-remount-fs.service ++After=systemd-tmpfiles-setup-dev-early.service ++Before=systemd-tmpfiles-setup-dev.service + Before=sysinit.target systemd-update-done.service + Conflicts=shutdown.target initrd-switch-root.target + Before=shutdown.target initrd-switch-root.target +diff --git a/units/systemd-tmpfiles-setup-dev-early.service b/units/systemd-tmpfiles-setup-dev-early.service +new file mode 100644 +index 000000000000..0d6f0daaae32 +--- /dev/null ++++ b/units/systemd-tmpfiles-setup-dev-early.service +@@ -0,0 +1,25 @@ ++# SPDX-License-Identifier: LGPL-2.1-or-later ++# ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU Lesser General Public License as published by ++# the Free Software Foundation; either version 2.1 of the License, or ++# (at your option) any later version. ++ ++[Unit] ++Description=Create Static Device Nodes in /dev gracefully ++Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) ++ ++DefaultDependencies=no ++Before=sysinit.target local-fs-pre.target systemd-udevd.service ++Wants=local-fs-pre.target ++Conflicts=shutdown.target initrd-switch-root.target ++Before=shutdown.target initrd-switch-root.target ++ ++[Service] ++Type=oneshot ++RemainAfterExit=yes ++ExecStart=systemd-tmpfiles --prefix=/dev --create --boot --graceful ++SuccessExitStatus=DATAERR CANTCREAT ++ImportCredential=tmpfiles.* +diff --git a/units/systemd-tmpfiles-setup-dev.service b/units/systemd-tmpfiles-setup-dev.service +index acaa9510aa60..3016b497493f 100644 +--- a/units/systemd-tmpfiles-setup-dev.service ++++ b/units/systemd-tmpfiles-setup-dev.service +@@ -12,6 +12,7 @@ Description=Create Static Device Nodes in /dev + Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) + + DefaultDependencies=no ++After=systemd-tmpfiles-setup-dev-early.service + Before=sysinit.target local-fs-pre.target systemd-udevd.service + Wants=local-fs-pre.target + Conflicts=shutdown.target initrd-switch-root.target +@@ -20,6 +21,6 @@ Before=shutdown.target initrd-switch-root.target + [Service] + Type=oneshot + RemainAfterExit=yes +-ExecStart=systemd-tmpfiles --prefix=/dev --create --boot --graceful ++ExecStart=systemd-tmpfiles --prefix=/dev --create --boot + SuccessExitStatus=DATAERR CANTCREAT + ImportCredential=tmpfiles.* +diff --git a/units/systemd-tmpfiles-setup.service b/units/systemd-tmpfiles-setup.service +index 6c5e3de8fd96..6cae32850f4f 100644 +--- a/units/systemd-tmpfiles-setup.service ++++ b/units/systemd-tmpfiles-setup.service +@@ -21,7 +21,7 @@ RefuseManualStop=yes + [Service] + Type=oneshot + RemainAfterExit=yes +-ExecStart=systemd-tmpfiles --create --remove --boot ++ExecStart=systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev + SuccessExitStatus=DATAERR CANTCREAT + ImportCredential=tmpfiles.* + ImportCredential=login.motd diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf deleted file mode 100644 index c4f06a17f7..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf +++ /dev/null @@ -1,19 +0,0 @@ -# The list of directories is taken from Gentoo ebuild, where they use -# keepdir. The list isn't sorted, but tries to preserve the order of -# keepdir lines from Gentoo ebuild for easier comparisons. We skip the -# directories in /usr, though. -d /etc/binfmt.d - - - - - -d /etc/modules-load.d - - - - - -d /etc/tmpfiles.d - - - - - -d /etc/kernel/install.d - - - - - -d /etc/systemd/network - - - - - -d /etc/systemd/system - - - - - -d /etc/systemd/user - - - - - -d /etc/udev/rules.d - - - - - -d /etc/udev/hwdb.d - - - - - -d /var/lib/systemd - - - - - -d /var/log/journal - - - - - -d /etc/sysctl.d - - - - - - -# This seems to be our own addition. -d /var/log/journal/remote - systemd-journal-remote systemd-journal-remote - - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-resolv.conf b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-resolv.conf deleted file mode 100644 index 32b7e9d214..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-resolv.conf +++ /dev/null @@ -1,2 +0,0 @@ -d /run/systemd/network - - - - - -L /run/systemd/network/resolv.conf - - - - ../resolve/resolv.conf diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-user.pam b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-user.pam new file mode 100644 index 0000000000..38ae3211f8 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-user.pam @@ -0,0 +1,5 @@ +account include system-auth + +session required pam_loginuid.so +session include system-auth +session optional pam_systemd.so diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml index 34a269d81d..9576ddd514 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml @@ -10,6 +10,7 @@ Enable support for sys-process/audit + Enable EFI boot manager and stub loader Default to hybrid (legacy) cgroup hierarchy instead of unified (modern). Enable support for uploading journals Enable cryptsetup tools (includes unit generator for crypttab) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-252.3.ebuild.html b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-252.3.ebuild.html new file mode 100644 index 0000000000..d215d6f747 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-252.3.ebuild.html @@ -0,0 +1,650 @@ + + + + +~/code/work/gentoo/sys-apps/systemd/systemd-252.3.ebuild.html + + + + + + + + + + +
+  1 # Copyright 2011-2022 Gentoo Authors
+  2 # Distributed under the terms of the GNU General Public License v2
+  3 
+  4 EAPI=7
+  5 PYTHON_COMPAT=( python3_{8..11} )                                                                                                                                         
+  6 
+  7 # Avoid QA warnings
+  8 TMPFILES_OPTIONAL=1
+  9 UDEV_OPTIONAL=1                                                                                                                                                           
+ 10                                                                                                                                                                           
+ 11 QA_PKGCONFIG_VERSION=$(ver_cut 1)                                                                                                                                         
+ 12 
+ 13 if [[ ${PV} == 9999 ]]; then
+ 14   EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+ 15   inherit git-r3
+ 16 else
+ 17   if [[ ${PV} == *.* ]]; then
+ 18 +--  2 lines: MY_PN=systemd-stable--------------------------------------------------------------------------------------------------------------------------------------------
+ 20     MY_PN=systemd
+ 21   fi
+ 22   MY_PV=${PV/_/-}
+ 23   MY_P=${MY_PN}-${MY_PV}
+ 24   S=${WORKDIR}/${MY_P}
+ 25   SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
+ 26   KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"                                                                
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ 27 fi
+ 28 
+ 29 inherit bash-completion-r1 flag-o-matic linux-info meson-multilib pam                                                                                                     
+ 30 inherit python-any-r1 systemd toolchain-funcs udev usr-ldscript                                                                                                           
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ 31 
+ 32 DESCRIPTION="System and service manager for Linux"
+ 33 HOMEPAGE="http://systemd.io/"                                                                                                                                             
+ 34 
+ 35 LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+ 36 SLOT="0/2"
+ 37 IUSE="
+ 38   acl apparmor audit cgroup-hybrid cryptsetup curl +dns-over-tls elfutils                                                                                                 
+ 39   fido2 +gcrypt gnuefi gnutls homed http idn importd iptables +kmod                                                                                                       
+ 40   +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode                                                                                                           
+ 41   +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd
+ 42 "
+ 43 REQUIRED_USE="
+ 44   dns-over-tls? ( || ( gnutls openssl ) )
+ 45   homed? ( cryptsetup pam openssl )
+ 46   importd? ( curl lzma || ( gcrypt openssl ) )
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ 47   pwquality? ( homed )
+ 48 "
+ 49 RESTRICT="!test? ( test )"
+ 50 
+ 51 MINKV="4.15"                                                                                                                                                              
+ 52 
+ 53 COMMON_DEPEND="
+ 54   >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+ 55   sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+ 56   virtual/libcrypt:=[${MULTILIB_USEDEP}]
+ 57   acl? ( sys-apps/acl:0= )
+ 58 +-- 11 lines: apparmor? ( sys-libs/libapparmor:0= )---------------------------------------------------------------------------------------------------------------------------
+ 69     app-arch/bzip2:0=
+ 70     sys-libs/zlib:0=
+ 71   )
+ 72   kmod? ( >=sys-apps/kmod-15:0= )
+ 73   lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+ 74   lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+ 75   iptables? ( net-firewall/iptables:0= )                                                                                                                                  
+ 76   openssl? ( >=dev-libs/openssl-1.1.0:0= )
+ 77   pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
+ 78   pkcs11? ( app-crypt/p11-kit:0= )
+ 79   pcre? ( dev-libs/libpcre2 )
+ 80   pwquality? ( dev-libs/libpwquality:0= )
+ 81   qrcode? ( media-gfx/qrencode:0= )
+ 82 +-- 36 lines: seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )---------------------------------------------------------------------------------------------------------------------
+118   >=acct-user/systemd-coredump-0-r1
+119   >=acct-user/systemd-network-0-r1
+120   acct-user/systemd-oom
+121   >=acct-user/systemd-resolve-0-r1
+122   >=acct-user/systemd-timesync-0-r1
+123   >=sys-apps/baselayout-2.2
+124   selinux? (                                                                                                                                                              
+125     sec-policy/selinux-base-policy[systemd]                                                                                                                               
+126     sec-policy/selinux-ntp                                                                                                                                                
+127   )
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+128   sysv-utils? (
+129     !sys-apps/openrc[sysv-utils(-)]
+130     !sys-apps/sysvinit
+131   )
+132   !sysv-utils? ( sys-apps/sysvinit )
+133   resolvconf? ( !net-dns/openresolv )
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+134   !sys-apps/hwids[udev]
+135   !sys-auth/nss-myhostname
+136   !sys-fs/eudev
+137   !sys-fs/udev
+138 "
+139 
+140 # sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+141 PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+142   >=sys-fs/udev-init-scripts-34                                                                                                                                           
+143   policykit? ( sys-auth/polkit )
+144   !vanilla? ( sys-apps/gentoo-systemd-integration )"
+145 
+146 BDEPEND="
+147   app-arch/xz-utils:0
+148   dev-util/gperf
+149 +-- 12 lines: >=dev-util/meson-0.46-------------------------------------------------------------------------------------------------------------------------------------------
+161   dev-libs/libxslt:0
+162   $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]')
+163   $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
+164 "
+165 
+166 python_check_deps() {
+167   python_has_version "dev-python/jinja[${PYTHON_USEDEP}]" &&                                                                                                              
+168   python_has_version "dev-python/lxml[${PYTHON_USEDEP}]"                                                                                                                  
+169 }
+170 
+171 QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
+172 QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
+173 
+174 pkg_pretend() {
+175   if [[ ${MERGE_TYPE} != buildonly ]]; then
+176     if use test && has pid-sandbox ${FEATURES}; then
+177       ewarn "Tests are known to fail with PID sandboxing enabled."
+178       ewarn "See https://bugs.gentoo.org/674458."
+179     fi
+180 
+181     local CONFIG_CHECK=" ~BINFMT_MISC ~BLK_DEV_BSG ~CGROUPS                                                                                                               
+182       ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE                                                                                                                     
+183       ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+184       ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
+185       ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+186       ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+187       ~!SYSFS_DEPRECATED_V2"
+188 
+189     use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+190     use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+191 
+192     if kernel_is -ge 5 10 20; then                                                                                                                                        
+193       CONFIG_CHECK+=" ~KCMP"                                                                                                                                              
+194     else                                                                                                                                                                  
+195       CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
+196     fi                                                                                                                                                                    
+197                                                                                                                                                                           
+198     if kernel_is -ge 4 18; then                                                                                                                                           
+199       CONFIG_CHECK+=" ~AUTOFS_FS"                                                                                                                                         
+200     else
+201       CONFIG_CHECK+=" ~AUTOFS4_FS"                                                                                                                                        
+202     fi
+203 
+204     if linux_config_exists; then
+205       local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+206       if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+207         ewarn "It's recommended to set an empty value to the following kernel config option:"
+208 +-- 19 lines: ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"---------------------------------------------------------------------------------------------------------
+227 src_unpack() {
+228   default
+229   [[ ${PV} != 9999 ]] || git-r3_src_unpack
+230 }
+231 
+232 src_prepare() {
+233   local PATCHES=(                                                                                                                                                         
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+234   )
+235 
+236   if ! use vanilla; then
+237     PATCHES+=(
+238       "${FILESDIR}/gentoo-generator-path-r2.patch"
+239       "${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
+240       "${FILESDIR}/gentoo-journald-audit.patch"
+241     )
+242   fi
+243 
+244   # Fails with split-usr.                                                                                                                                                 
+245   sed -i -e '2i exit 77' test/test-rpm-macros.sh || die                                                                                                                   
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+246 
+247   default
+248 }
+249 
+250 src_configure() {
+251   # Prevent conflicts with i686 cross toolchain, bug 559726
+252   tc-export AR CC NM OBJCOPY RANLIB
+253 
+254   # Broken with FORTIFY_SOURCE=3: bug #841770.                                                                                                                            
+255   #                                                                                                                                                                       
+256   # Our toolchain sets F_S=2 by default w/ >= -O2, so we need                                                                                                             
+257   # to unset F_S first, then explicitly set 2, to negate any default                                                                                                      
+258   # and anything set by the user if they're choosing 3 (or if they've                                                                                                     
+259   # modified GCC to set 3).                                                                                                                                               
+260   #                                                                                                                                                                       
+261   if is-flagq '-O[23]' || is-flagq '-Ofast' ; then                                                                                                                        
+262     # We can't unconditionally do this b/c we fortify needs                                                                                                               
+263     # some level of optimisation.                                                                                                                                         
+264     filter-flags -D_FORTIFY_SOURCE=3                                                                                                                                      
+265     append-cppflags -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2                                                                                                                 
+266   fi                                                                                                                                                                      
+267                                                                                                                                                                           
+268   python_setup
+269 
+270   multilib-minimal_src_configure
+271 }
+272 
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+273 multilib_src_configure() {
+274   local myconf=(
+275     --localstatedir="${EPREFIX}/var"
+276     -Dsupport-url="https://gentoo.org/support/"                                                                                                                           
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+277     -Dpamlibdir="$(getpam_mod_dir)"
+278     # avoid bash-completion dep
+279     -Dbashcompletiondir="$(get_bashcompdir)"
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+280     $(meson_use split-usr)
+281     $(meson_use split-usr split-bin)                                                                                                                                      
+282     -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"                                                                                                     
+283     -Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
+284     # Avoid infinite exec recursion, bug 642724
+285     -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+286     # no deps
+287     -Dima=true
+288     -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
+289 +-- 18 lines: Optional components/dependencies--------------------------------------------------------------------------------------------------------------------------------
+307     $(meson_native_use_bool importd bzip2)
+308     $(meson_native_use_bool importd zlib)
+309     $(meson_native_use_bool kmod)
+310     $(meson_use lz4)
+311     $(meson_use lzma xz)
+312     $(meson_use zstd)
+313     $(meson_native_use_bool iptables libiptc)                                                                                                                             
+314     $(meson_native_use_bool openssl)
+315     $(meson_use pam)
+316     $(meson_native_use_bool pkcs11 p11kit)
+317     $(meson_native_use_bool pcre pcre2)
+318     $(meson_native_use_bool policykit polkit)
+319     $(meson_native_use_bool pwquality)
+320     $(meson_native_use_bool qrcode qrencode)
+321     $(meson_native_use_bool seccomp)
+322     $(meson_native_use_bool selinux)
+323     $(meson_native_use_bool tpm tpm2)
+324     $(meson_native_use_bool test dbus)
+325     $(meson_native_use_bool xkb xkbcommon)
+326     -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"                                                               
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+327     # Breaks screen, tmux, etc.
+328     -Ddefault-kill-user-processes=false
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+329     -Dcreate-log-dirs=false
+330 
+331     # multilib options
+332     $(meson_native_true backlight)
+333     $(meson_native_true binfmt)
+334     $(meson_native_true coredump)
+335 +-- 10 lines: $(meson_native_true environment-d)------------------------------------------------------------------------------------------------------------------------------
+345     $(meson_native_true rfkill)
+346     $(meson_native_true sysusers)
+347     $(meson_native_true timedated)
+348     $(meson_native_true timesyncd)
+349     $(meson_native_true tmpfiles)
+350     $(meson_native_true vconsole)
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+351   )
+352 
+353   meson_src_configure "${myconf[@]}"
+354 }
+355 
+356 multilib_src_test() {
+357   unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
+358   meson_src_test
+359 }
+360 
+361 multilib_src_install_all() {
+362   local rootprefix=$(usex split-usr '' /usr)
+363   local sbin=$(usex split-usr sbin bin)                                                                                                                                   
+364 
+365   # meson doesn't know about docdir
+366   mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
+367 
+368   einstalldocs
+369   dodoc "${FILESDIR}"/nsswitch.conf                                                                                                                                       
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+370 
+371   if ! use resolvconf; then
+372     rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die                                                                                                                  
+373   fi
+374 
+375   rm "${ED}"/etc/init.d/README || die
+376   rm "${ED}${rootprefix}"/lib/systemd/system-generators/systemd-sysv-generator || die
+377 
+378   if ! use sysv-utils; then
+379     rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die                                                                          
+380     rm "${ED}"/usr/share/man/man1/init.1 || die
+381     rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
+382   fi
+383 
+384   if ! use resolvconf && ! use sysv-utils && use split-usr; then                                                                                                          
+385     rmdir "${ED}${rootprefix}"/sbin || die
+386   fi
+387 
+388   # https://bugs.gentoo.org/761763
+389   rm -r "${ED}"/usr/lib/sysusers.d || die
+390 
+391   # Preserve empty dirs in /etc & /var, bug #437008                                                                                                                       
+392   keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}                                                                                                                       
+393   keepdir /etc/kernel/install.d                                                                                                                                           
+394   keepdir /etc/systemd/{network,system,user}                                                                                                                              
+395   keepdir /etc/udev/rules.d                                                                                                                                               
+396                                                                                                                                                                           
+397   keepdir /etc/udev/hwdb.d                                                                                                                                                
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+398 
+399   keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}                                                                                                      
+400   keepdir /usr/lib/{binfmt.d,modules-load.d}                                                                                                                              
+401   keepdir /usr/lib/systemd/user-generators                                                                                                                                
+402   keepdir /var/lib/systemd                                                                                                                                                
+403   keepdir /var/log/journal                                                                                                                                                
+404 
+405   # Symlink /etc/sysctl.conf for easy migration.                                                                                                                          
+406   dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf                                                                                                         
+407                                                                                                                                                                           
+408   if use pam; then                                                                                                                                                        
+409     newpamd "${FILESDIR}"/systemd-user.pam systemd-user                                                                                                                   
+410   fi                                                                                                                                                                      
+411 
+412   if use split-usr; then
+413     # Avoid breaking boot/reboot
+414     dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
+415     dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
+416   fi
+417 
+418   gen_usr_ldscript -a systemd udev                                                                                                                                        
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+419 }
+420 
+421 migrate_locale() {
+422   local envd_locale_def="${EROOT}/etc/env.d/02locale"
+423   local envd_locale=( "${EROOT}"/etc/env.d/??locale )
+424   local locale_conf="${EROOT}/etc/locale.conf"
+425 +-- 37 lines: if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then-------------------------------------------------------------------------------------------------------
+462   fi
+463 }
+464 
+465 pkg_preinst() {
+466   if ! use split-usr; then
+467     local dir
+468     for dir in bin sbin lib usr/sbin; do                                                                                                                                  
+469       if [[ ! -L ${EROOT}/${dir} ]]; then                                                                                                                                 
+470         eerror "'${EROOT}/${dir}' is not a symbolic link."                                                                                                                
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+471         FAIL=1
+472       fi
+473     done
+474     if [[ ${FAIL} ]]; then
+475       eerror "Migration to system layout with merged directories must be performed before"
+476       eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."                                                                           
+477       die "System layout with split directories still used"
+478     fi
+479   fi
+480 }
+481 
+482 pkg_postinst() {
+483 +--  6 lines: systemd_update_catalog------------------------------------------------------------------------------------------------------------------------------------------
+489   udev_reload || FAIL=1
+490 
+491   # Bug 465468, make sure locales are respected, and ensure consistency
+492   # between OpenRC & systemd
+493   migrate_locale
+494 
+495   if [[ -z ${REPLACING_VERSIONS} ]]; then                                                                                                                                 
+496     if type systemctl &>/dev/null; then                                                                                                                                   
+497       systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1                                                                                      
+498     fi                                                                                                                                                                    
+499     elog "To enable a useful set of services, run the following:"                                                                                                         
+500     elog "  systemctl preset-all --preset-mode=enable-only"                                                                                                               
+501   fi                                                                                                                                                                      
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+502 
+503   if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
+504     rm "${EROOT}/var/lib/systemd/timesync"
+505   fi
+506 
+507   if [[ ${FAIL} ]]; then
+508 +-- 13 lines: eerror "One of the postinst commands failed. Please check the postinst output"----------------------------------------------------------------------------------
+
+ + + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-252.11-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.3-r1.ebuild similarity index 53% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-252.11-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.3-r1.ebuild index 796f927fde..f43b489d45 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-252.11-r1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.3-r1.ebuild @@ -23,14 +23,11 @@ else MY_P=${MY_PN}-${MY_PV} S=${WORKDIR}/${MY_P} SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" - # Flatcar: Mark as stable. - KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" + KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" fi inherit bash-completion-r1 linux-info meson-multilib pam -# Flatcar: We don't use gen_usr_ldscript so dropping usr-ldscript. -# Adding tmpfiles, since we use it for installing some files. -inherit python-any-r1 systemd tmpfiles toolchain-funcs udev usr-ldscript +inherit python-any-r1 systemd toolchain-funcs udev usr-ldscript DESCRIPTION="System and service manager for Linux" HOMEPAGE="http://systemd.io/" @@ -45,6 +42,7 @@ IUSE=" " REQUIRED_USE=" dns-over-tls? ( || ( gnutls openssl ) ) + fido2? ( cryptsetup openssl ) homed? ( cryptsetup pam openssl ) importd? ( curl lzma || ( gcrypt openssl ) ) pwquality? ( homed ) @@ -96,11 +94,6 @@ DEPEND="${COMMON_DEPEND} " # baselayout-2.2 has /run -# -# Flatcar: Drop sec-policy/selinux-ntp from deps (under selinux use -# flag). The image stage fails with "Failed to resolve -# typeattributeset statement at -# /var/lib/selinux/mcs/tmp/modules/400/ntp/cil:120" RDEPEND="${COMMON_DEPEND} >=acct-group/adm-0-r1 >=acct-group/wheel-0-r1 @@ -131,6 +124,7 @@ RDEPEND="${COMMON_DEPEND} >=sys-apps/baselayout-2.2 selinux? ( sec-policy/selinux-base-policy[systemd] + sec-policy/selinux-ntp ) sysv-utils? ( !sys-apps/openrc[sysv-utils(-)] @@ -145,9 +139,8 @@ RDEPEND="${COMMON_DEPEND} " # sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -# -# Flatcar: We don't have sys-fs/udev-init-scripts-34, so it's dropped. PDEPEND=">=sys-apps/dbus-1.9.8[systemd] + >=sys-fs/udev-init-scripts-34 policykit? ( sys-auth/polkit ) !vanilla? ( sys-apps/gentoo-systemd-integration )" @@ -186,7 +179,7 @@ pkg_pretend() { ewarn "See https://bugs.gentoo.org/674458." fi - local CONFIG_CHECK=" ~BINFMT_MISC ~BLK_DEV_BSG ~CGROUPS + local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS @@ -239,44 +232,19 @@ src_unpack() { src_prepare() { local PATCHES=( - "${FILESDIR}/252-no-stack-protector-bpf.patch" - # Flatcar: Adding our own patches here. - "${FILESDIR}/0001-wait-online-set-any-by-default.patch" - "${FILESDIR}/0002-networkd-default-to-kernel-IPForwarding-setting.patch" - "${FILESDIR}/0003-needs-update-don-t-require-strictly-newer-usr.patch" - "${FILESDIR}/0004-core-use-max-for-DefaultTasksMax.patch" - "${FILESDIR}/0005-systemd-Disable-SELinux-permissions-checks.patch" - "${FILESDIR}/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch" - "${FILESDIR}/0007-units-Keep-using-old-journal-file-format.patch" - "${FILESDIR}/0008-Revert-core-service-when-resetting-PID-also-reset-known.patch" + "${FILESDIR}/systemd-253-initrd-generators.patch" ) if ! use vanilla; then PATCHES+=( "${FILESDIR}/gentoo-generator-path-r2.patch" - "${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch" - "${FILESDIR}/gentoo-journald-audit.patch" + "${FILESDIR}/gentoo-journald-audit-r1.patch" ) fi # Fails with split-usr. sed -i -e '2i exit 77' test/test-rpm-macros.sh || die - # Flatcar: The Kubelet takes /etc/resolv.conf for, e.g., - # CoreDNS which has dnsPolicy "default", but unless the - # kubelet --resolv-conf flag is set to point to - # /run/systemd/resolve/resolv.conf this won't work with - # /etc/resolv.conf pointing to - # /run/systemd/resolve/stub-resolv.conf which configures - # 127.0.0.53. See - # https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/#known-issues - # This means that users who need split DNS to work should - # point /etc/resolv.conf back to - # /run/systemd/resolve/stub-resolv.conf (and if using K8s - # configure the kubelet resolvConf variable/--resolv-conf flag - # to /run/systemd/resolve/resolv.conf). - sed -i -e 's,/run/systemd/resolve/stub-resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/systemd-resolve.conf || die - default } @@ -289,28 +257,20 @@ src_configure() { multilib-minimal_src_configure } -# Flatcar: Our function, we use it in some places below. -get_rootprefix() { - usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr" -} - multilib_src_configure() { local myconf=( --localstatedir="${EPREFIX}/var" - # Flatcar: Point to our user mailing list. - -Dsupport-url="https://groups.google.com/forum/#!forum/flatcar-linux-user" + -Dsupport-url="https://gentoo.org/support/" -Dpamlibdir="$(getpam_mod_dir)" # avoid bash-completion dep -Dbashcompletiondir="$(get_bashcompdir)" $(meson_use split-usr) - # Flatcar: Always set split-bin to true, we always - # have separate bin and sbin directories - -Dsplit-bin=true - # Flatcar: Use get_rootprefix. No functional change - # from upstream, just refactoring the common code used - # in some places. - -Drootprefix="$(get_rootprefix)" + $(meson_use split-usr split-bin) + -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" + # Disable compatibility with sysvinit + -Dsysvinit-path= + -Dsysvrcnd-path= # Avoid infinite exec recursion, bug 642724 -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" # no deps @@ -339,6 +299,7 @@ multilib_src_configure() { $(meson_native_use_bool kmod) $(meson_use lz4) $(meson_use lzma xz) + $(meson_use test tests) $(meson_use zstd) $(meson_native_use_bool iptables libiptc) $(meson_native_use_bool openssl) @@ -353,11 +314,9 @@ multilib_src_configure() { $(meson_native_use_bool tpm tpm2) $(meson_native_use_bool test dbus) $(meson_native_use_bool xkb xkbcommon) - # Flatcar: Use our ntp servers. - -Dntp-servers="0.flatcar.pool.ntp.org 1.flatcar.pool.ntp.org 2.flatcar.pool.ntp.org 3.flatcar.pool.ntp.org" + -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" # Breaks screen, tmux, etc. -Ddefault-kill-user-processes=false - # Flatcar: TODO: Investigate if we want this. -Dcreate-log-dirs=false # multilib options @@ -380,42 +339,6 @@ multilib_src_configure() { $(meson_native_true timesyncd) $(meson_native_true tmpfiles) $(meson_native_true vconsole) - - # Flatcar: Specify this, or meson breaks due to no - # /etc/login.defs. - -Dsystem-gid-max=999 - -Dsystem-uid-max=999 - - # Flatcar: DBus paths. - -Ddbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services" - -Ddbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services" - - # Flatcar: PAM config directory. - -Dpamconfdir=/usr/share/pam.d - - # Flatcar: The CoreOS epoch, Mon Jul 1 00:00:00 UTC - # 2013. Used by timesyncd as a sanity check for the - # minimum acceptable time. Explicitly set to avoid - # using the current build time. - -Dtime-epoch=1372636800 - - # Flatcar: No default name servers. - -Ddns-servers= - - # Flatcar: Disable the "First Boot Wizard", it isn't - # very applicable to us. - -Dfirstboot=false - - # Flatcar: Set latest network interface naming scheme - # for https://github.com/flatcar/Flatcar/issues/36 - -Ddefault-net-naming-scheme=latest - - # Flatcar: Combined log format: name plus description - -Dstatus-unit-format-default=combined - - # Flatcar: Unported options, still needed? - -Dquotaon-path=/usr/sbin/quotaon - -Dquotacheck-path=/usr/sbin/quotacheck ) meson_src_configure "${myconf[@]}" @@ -423,69 +346,60 @@ multilib_src_configure() { multilib_src_test() { unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR + local -x COLUMNS=80 meson_src_test } multilib_src_install_all() { local rootprefix=$(usex split-usr '' /usr) - # Flatcar: We always have bin separate from sbin - # local sbin=$(usex split-usr sbin bin) - local sbin='sbin' + local sbin=$(usex split-usr sbin bin) # meson doesn't know about docdir mv "${ED}"/usr/share/doc/{systemd,${PF}} || die einstalldocs - # Flatcar: Do not install sample nsswitch.conf, we don't - # provide it. - # dodoc "${FILESDIR}"/nsswitch.conf + dodoc "${FILESDIR}"/nsswitch.conf + + insinto /usr/lib/tmpfiles.d + doins "${FILESDIR}"/legacy.conf if ! use resolvconf; then rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die fi - rm "${ED}"/etc/init.d/README || die - rm "${ED}${rootprefix}"/lib/systemd/system-generators/systemd-sysv-generator || die - if ! use sysv-utils; then - rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die + rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die rm "${ED}"/usr/share/man/man1/init.1 || die - rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die + rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die fi - # Flatcar: We always have bin separate from sbin, so drop the - # "&& use split-usr" part. - if ! use resolvconf && ! use sysv-utils; then + if ! use resolvconf && ! use sysv-utils && use split-usr; then rmdir "${ED}${rootprefix}"/sbin || die fi # https://bugs.gentoo.org/761763 rm -r "${ED}"/usr/lib/sysusers.d || die - # Flatcar: Upstream uses keepdir commands to keep some empty - # directories. We use tmpfiles. - # # Preserve empty dirs in /etc & /var, bug #437008 - # keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} - # keepdir /etc/kernel/install.d - # keepdir /etc/systemd/{network,system,user} - # keepdir /etc/udev/rules.d - # - # keepdir /etc/udev/hwdb.d - # - # keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} - # keepdir /usr/lib/{binfmt.d,modules-load.d} - # keepdir /usr/lib/systemd/user-generators - # keepdir /var/lib/systemd - # keepdir /var/log/journal + # Preserve empty dirs in /etc & /var, bug #437008 + keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} + keepdir /etc/kernel/install.d + keepdir /etc/systemd/{network,system,user} + keepdir /etc/udev/rules.d - # Flatcar: No migrations happening here. - # # Symlink /etc/sysctl.conf for easy migration. - # dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf + keepdir /etc/udev/hwdb.d - # Flatcar: Do not install a pam policy, we have our own. - # if use pam; then - # newpamd "${FILESDIR}"/systemd-user.pam systemd-user - # fi + keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} + keepdir /usr/lib/{binfmt.d,modules-load.d} + keepdir /usr/lib/systemd/user-generators + keepdir /var/lib/systemd + keepdir /var/log/journal + + # Symlink /etc/sysctl.conf for easy migration. + dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf + + if use pam; then + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi if use split-usr; then # Avoid breaking boot/reboot @@ -493,115 +407,7 @@ multilib_src_install_all() { dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown fi - # Flatcar: gen_usr_ldscript is likely for static libs, so we - # dropped it. - # gen_usr_ldscript -a systemd udev - - # Flatcar: Ensure journal directory has correct ownership/mode - # in inital image. This is fixed by systemd-tmpfiles *but* - # journald starts before that and will create the journal if - # the filesystem is already read-write. Conveniently the - # systemd Makefile sets this up completely wrong. - # - # Flatcar: TODO: Is this still a problem? - dodir /var/log/journal - fowners root:systemd-journal /var/log/journal - fperms 2755 /var/log/journal - - # Flatcar: Don't prune systemd dirs. - dotmpfiles "${FILESDIR}"/systemd-flatcar.conf - # Flatcar: Add tmpfiles rule for resolv.conf. This path has - # changed after v213 so it must be handled here instead of - # baselayout now. - dotmpfiles "${FILESDIR}"/systemd-resolv.conf - - # Flatcar: Don't default to graphical.target. - local unitdir=$(builddir_systemd_get_systemunitdir) - dosym multi-user.target "${unitdir}"/default.target - - # Flatcar: Don't set any extra environment variables by default. - rm "${ED}/usr/lib/environment.d/99-environment.conf" || die - - # Flatcar: These lines more or less follow the systemd's - # preset file (90-systemd.preset). We do it that way, to avoid - # putting symlinks in /etc. Please keep the lines in the same - # order as the "enable" lines appear in the preset file. For a - # single enable line in preset, there may be more lines if the - # unit file had Also: clause which has units we enable here - # too. - - # Flatcar: enable remote-fs.target - builddir_systemd_enable_service multi-user.target remote-fs.target - # Flatcar: enable remote-cryptsetup.target - if use cryptsetup; then - builddir_systemd_enable_service multi-user.target remote-cryptsetup.target - fi - # Flatcar: enable machines.target - builddir_systemd_enable_service multi-user.target machines.target - # Flatcar: enable getty@.service - dodir "${unitdir}/getty.target.wants" - dosym ../getty@.service "${unitdir}/getty.target.wants/getty@tty1.service" - # Flatcar: enable systemd-timesyncd.service - builddir_systemd_enable_service sysinit.target systemd-timesyncd.service - # Flatcar: enable systemd-networkd.service (Also: systemd-networkd.socket, systemd-networkd-wait-online.service) - builddir_systemd_enable_service multi-user.target systemd-networkd.service - builddir_systemd_enable_service sockets.target systemd-networkd.socket - builddir_systemd_enable_service network-online.target systemd-networkd-wait-online.service - # Flatcar: enable systemd-network-generator.service - builddir_systemd_enable_service sysinit.target systemd-network-generator.service - # Flatcar: enable systemd-resolved.service - builddir_systemd_enable_service multi-user.target systemd-resolved.service - # Flatcar: enable systemd-homed.service (Also: systemd-userdbd.service [not enabled - has no WantedBy entry]) - if use homed; then - builddir_systemd_enable_service multi-user.target systemd-homed.target - fi - # Flatcar: enable systemd-userdbd.socket - builddir_systemd_enable_service sockets.target systemd-userdbd.socket - # Flatcar: enable systemd-pstore.service - builddir_systemd_enable_service sysinit.target systemd-pstore.service - # Flatcar: enable systemd-boot-update.service - if use gnuefi; then - builddir_systemd_enable_service sysinit.target systemd-boot-update.service - fi - # Flatcar: enable reboot.target (not enabled - has no WantedBy - # entry) - - # Flatcar: enable systemd-sysext.service by default - builddir_systemd_enable_service sysinit.target systemd-sysext.service - - # Flatcar: Use an empty preset file, because systemctl - # preset-all puts symlinks in /etc, not in /usr. We don't use - # /etc, because it is not autoupdated. We do the "preset" above. - rm "${ED}$(usex split-usr '' /usr)/lib/systemd/system-preset/90-systemd.preset" || die - insinto $(usex split-usr '' /usr)/lib/systemd/system-preset - doins "${FILESDIR}"/99-default.preset - - # Flatcar: Do not ship distro-specific files (nsswitch.conf - # pam.d). This conflicts with our own configuration provided - # by baselayout. - rm -rf "${ED}"/usr/share/factory - sed -i "${ED}"/usr/lib/tmpfiles.d/etc.conf \ - -e '/^C!* \/etc\/nsswitch\.conf/d' \ - -e '/^C!* \/etc\/pam\.d/d' \ - -e '/^C!* \/etc\/issue/d' -} - -# Flatcar: Our own version of systemd_get_systemunitdir, that returns -# a path inside /usr, not /etc. -builddir_systemd_get_systemunitdir() { - echo "$(get_rootprefix)/lib/systemd/system" -} - -# Flatcar: Our own version of systemd_enable_service, that does -# operations inside /usr, not /etc. -builddir_systemd_enable_service() { - local target=${1} - local service=${2} - local ud=$(builddir_systemd_get_systemunitdir) - local destname=${service##*/} - - dodir "${ud}"/"${target}".wants && \ - dosym ../"${service}" "${ud}"/"${target}".wants/"${destname}" + gen_usr_ldscript -a systemd udev } migrate_locale() { @@ -651,8 +457,7 @@ migrate_locale() { pkg_preinst() { if ! use split-usr; then local dir - # Flatcar: We still use separate bin and sbin, so drop usr/sbin from the list. - for dir in bin sbin lib; do + for dir in bin sbin lib usr/sbin; do if [[ ! -L ${EROOT}/${dir} ]]; then eerror "'${EROOT}/${dir}' is not a symbolic link." FAIL=1 @@ -679,15 +484,13 @@ pkg_postinst() { # between OpenRC & systemd migrate_locale - # Flatcar: We enable getty and remote-fs targets in /usr - # ourselves above. - # if [[ -z ${REPLACING_VERSIONS} ]]; then - # if type systemctl &>/dev/null; then - # systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 - # fi - # elog "To enable a useful set of services, run the following:" - # elog " systemctl preset-all --preset-mode=enable-only" - # fi + if [[ -z ${REPLACING_VERSIONS} ]]; then + if type systemctl &>/dev/null; then + systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 + fi + elog "To enable a useful set of services, run the following:" + elog " systemctl preset-all --preset-mode=enable-only" + fi if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then rm "${EROOT}/var/lib/systemd/timesync" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.4.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.4.ebuild new file mode 100644 index 0000000000..72824b08e8 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.4.ebuild @@ -0,0 +1,512 @@ +# Copyright 2011-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +PYTHON_COMPAT=( python3_{10..11} ) + +# Avoid QA warnings +TMPFILES_OPTIONAL=1 +UDEV_OPTIONAL=1 + +QA_PKGCONFIG_VERSION=$(ver_cut 1) + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="https://github.com/systemd/systemd.git" + inherit git-r3 +else + if [[ ${PV} == *.* ]]; then + MY_PN=systemd-stable + else + MY_PN=systemd + fi + MY_PV=${PV/_/-} + MY_P=${MY_PN}-${MY_PV} + S=${WORKDIR}/${MY_P} + SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi + +inherit bash-completion-r1 linux-info meson-multilib pam +inherit python-any-r1 systemd toolchain-funcs udev usr-ldscript + +DESCRIPTION="System and service manager for Linux" +HOMEPAGE="http://systemd.io/" + +LICENSE="GPL-2 LGPL-2.1 MIT public-domain" +SLOT="0/2" +IUSE=" + acl apparmor audit cgroup-hybrid cryptsetup curl +dns-over-tls elfutils + fido2 +gcrypt gnuefi gnutls homed http idn importd iptables +kmod + +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode + +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd +" +REQUIRED_USE=" + dns-over-tls? ( || ( gnutls openssl ) ) + fido2? ( cryptsetup openssl ) + homed? ( cryptsetup pam openssl ) + importd? ( curl lzma || ( gcrypt openssl ) ) + pwquality? ( homed ) +" +RESTRICT="!test? ( test )" + +MINKV="4.15" + +COMMON_DEPEND=" + >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] + sys-libs/libcap:0=[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + acl? ( sys-apps/acl:0= ) + apparmor? ( sys-libs/libapparmor:0= ) + audit? ( >=sys-process/audit-2:0= ) + cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) + curl? ( net-misc/curl:0= ) + elfutils? ( >=dev-libs/elfutils-0.158:0= ) + fido2? ( dev-libs/libfido2:0= ) + gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) + gnutls? ( >=net-libs/gnutls-3.6.0:0= ) + http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) + idn? ( net-dns/libidn2:= ) + importd? ( + app-arch/bzip2:0= + sys-libs/zlib:0= + ) + kmod? ( >=sys-apps/kmod-15:0= ) + lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) + iptables? ( net-firewall/iptables:0= ) + openssl? ( >=dev-libs/openssl-1.1.0:0= ) + pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) + pkcs11? ( app-crypt/p11-kit:0= ) + pcre? ( dev-libs/libpcre2 ) + pwquality? ( dev-libs/libpwquality:0= ) + qrcode? ( media-gfx/qrencode:0= ) + seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) + selinux? ( sys-libs/libselinux:0= ) + tpm? ( app-crypt/tpm2-tss:0= ) + xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) + zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) +" + +# Newer linux-headers needed by ia64, bug #480218 +DEPEND="${COMMON_DEPEND} + >=sys-kernel/linux-headers-${MINKV} + gnuefi? ( >=sys-boot/gnu-efi-3.0.2 ) +" + +# baselayout-2.2 has /run +RDEPEND="${COMMON_DEPEND} + >=acct-group/adm-0-r1 + >=acct-group/wheel-0-r1 + >=acct-group/kmem-0-r1 + >=acct-group/tty-0-r1 + >=acct-group/utmp-0-r1 + >=acct-group/audio-0-r1 + >=acct-group/cdrom-0-r1 + >=acct-group/dialout-0-r1 + >=acct-group/disk-0-r1 + >=acct-group/input-0-r1 + >=acct-group/kvm-0-r1 + >=acct-group/lp-0-r1 + >=acct-group/render-0-r1 + acct-group/sgx + >=acct-group/tape-0-r1 + acct-group/users + >=acct-group/video-0-r1 + >=acct-group/systemd-journal-0-r1 + >=acct-user/root-0-r1 + acct-user/nobody + >=acct-user/systemd-journal-remote-0-r1 + >=acct-user/systemd-coredump-0-r1 + >=acct-user/systemd-network-0-r1 + acct-user/systemd-oom + >=acct-user/systemd-resolve-0-r1 + >=acct-user/systemd-timesync-0-r1 + >=sys-apps/baselayout-2.2 + selinux? ( + sec-policy/selinux-base-policy[systemd] + sec-policy/selinux-ntp + ) + sysv-utils? ( + !sys-apps/openrc[sysv-utils(-)] + !sys-apps/sysvinit + ) + !sysv-utils? ( sys-apps/sysvinit ) + resolvconf? ( !net-dns/openresolv ) + !sys-apps/hwids[udev] + !sys-auth/nss-myhostname + !sys-fs/eudev + !sys-fs/udev +" + +# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) +PDEPEND=">=sys-apps/dbus-1.9.8[systemd] + >=sys-fs/udev-init-scripts-34 + policykit? ( sys-auth/polkit ) + !vanilla? ( sys-apps/gentoo-systemd-integration )" + +BDEPEND=" + app-arch/xz-utils:0 + dev-util/gperf + >=dev-util/meson-0.46 + >=sys-apps/coreutils-8.16 + sys-devel/gettext + virtual/pkgconfig + test? ( + app-text/tree + dev-lang/perl + sys-apps/dbus + ) + app-text/docbook-xml-dtd:4.2 + app-text/docbook-xml-dtd:4.5 + app-text/docbook-xsl-stylesheets + dev-libs/libxslt:0 + $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]') + $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') +" + +python_check_deps() { + python_has_version "dev-python/jinja[${PYTHON_USEDEP}]" && + python_has_version "dev-python/lxml[${PYTHON_USEDEP}]" +} + +QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" +QA_EXECSTACK="usr/lib/systemd/boot/efi/*" + +pkg_pretend() { + if [[ ${MERGE_TYPE} != buildonly ]]; then + if use test && has pid-sandbox ${FEATURES}; then + ewarn "Tests are known to fail with PID sandboxing enabled." + ewarn "See https://bugs.gentoo.org/674458." + fi + + local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS + ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE + ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS + ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS + ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH + ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED + ~!SYSFS_DEPRECATED_V2" + + use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" + use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" + + if kernel_is -ge 5 10 20; then + CONFIG_CHECK+=" ~KCMP" + else + CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" + fi + + if kernel_is -ge 4 18; then + CONFIG_CHECK+=" ~AUTOFS_FS" + else + CONFIG_CHECK+=" ~AUTOFS4_FS" + fi + + if linux_config_exists; then + local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) + if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then + ewarn "It's recommended to set an empty value to the following kernel config option:" + ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" + fi + if linux_chkconfig_present X86; then + CONFIG_CHECK+=" ~DMIID" + fi + fi + + if kernel_is -lt ${MINKV//./ }; then + ewarn "Kernel version at least ${MINKV} required" + fi + + check_extra_config + fi +} + +pkg_setup() { + : +} + +src_unpack() { + default + [[ ${PV} != 9999 ]] || git-r3_src_unpack +} + +src_prepare() { + local PATCHES=( + "${FILESDIR}/systemd-253-initrd-generators.patch" + ) + + if ! use vanilla; then + PATCHES+=( + "${FILESDIR}/gentoo-generator-path-r2.patch" + "${FILESDIR}/gentoo-journald-audit-r1.patch" + ) + fi + + # Fails with split-usr. + sed -i -e '2i exit 77' test/test-rpm-macros.sh || die + + default +} + +src_configure() { + # Prevent conflicts with i686 cross toolchain, bug 559726 + tc-export AR CC NM OBJCOPY RANLIB + + python_setup + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myconf=( + --localstatedir="${EPREFIX}/var" + -Dsupport-url="https://gentoo.org/support/" + -Dpamlibdir="$(getpam_mod_dir)" + # avoid bash-completion dep + -Dbashcompletiondir="$(get_bashcompdir)" + $(meson_use split-usr) + $(meson_use split-usr split-bin) + -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" + -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" + # Disable compatibility with sysvinit + -Dsysvinit-path= + -Dsysvrcnd-path= + # Avoid infinite exec recursion, bug 642724 + -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" + # no deps + -Dima=true + -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) + # Optional components/dependencies + $(meson_native_use_bool acl) + $(meson_native_use_bool apparmor) + $(meson_native_use_bool audit) + $(meson_native_use_bool cryptsetup libcryptsetup) + $(meson_native_use_bool curl libcurl) + $(meson_native_use_bool dns-over-tls dns-over-tls) + $(meson_native_use_bool elfutils) + $(meson_native_use_bool fido2 libfido2) + $(meson_use gcrypt) + $(meson_native_use_bool gnuefi gnu-efi) + $(meson_native_use_bool gnutls) + -Defi-includedir="${ESYSROOT}/usr/include/efi" + -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)" + $(meson_native_use_bool homed) + $(meson_native_use_bool http microhttpd) + $(meson_native_use_bool idn) + $(meson_native_use_bool importd) + $(meson_native_use_bool importd bzip2) + $(meson_native_use_bool importd zlib) + $(meson_native_use_bool kmod) + $(meson_use lz4) + $(meson_use lzma xz) + $(meson_use test tests) + $(meson_use zstd) + $(meson_native_use_bool iptables libiptc) + $(meson_native_use_bool openssl) + $(meson_use pam) + $(meson_native_use_bool pkcs11 p11kit) + $(meson_native_use_bool pcre pcre2) + $(meson_native_use_bool policykit polkit) + $(meson_native_use_bool pwquality) + $(meson_native_use_bool qrcode qrencode) + $(meson_native_use_bool seccomp) + $(meson_native_use_bool selinux) + $(meson_native_use_bool tpm tpm2) + $(meson_native_use_bool test dbus) + $(meson_native_use_bool xkb xkbcommon) + -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" + # Breaks screen, tmux, etc. + -Ddefault-kill-user-processes=false + -Dcreate-log-dirs=false + + # multilib options + $(meson_native_true backlight) + $(meson_native_true binfmt) + $(meson_native_true coredump) + $(meson_native_true environment-d) + $(meson_native_true firstboot) + $(meson_native_true hibernate) + $(meson_native_true hostnamed) + $(meson_native_true ldconfig) + $(meson_native_true localed) + $(meson_native_true man) + $(meson_native_true networkd) + $(meson_native_true quotacheck) + $(meson_native_true randomseed) + $(meson_native_true rfkill) + $(meson_native_true sysusers) + $(meson_native_true timedated) + $(meson_native_true timesyncd) + $(meson_native_true tmpfiles) + $(meson_native_true vconsole) + ) + + meson_src_configure "${myconf[@]}" +} + +multilib_src_test() { + unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR + local -x COLUMNS=80 + meson_src_test +} + +multilib_src_install_all() { + local rootprefix=$(usex split-usr '' /usr) + local sbin=$(usex split-usr sbin bin) + + # meson doesn't know about docdir + mv "${ED}"/usr/share/doc/{systemd,${PF}} || die + + einstalldocs + dodoc "${FILESDIR}"/nsswitch.conf + + insinto /usr/lib/tmpfiles.d + doins "${FILESDIR}"/legacy.conf + + if ! use resolvconf; then + rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die + fi + + if ! use sysv-utils; then + rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die + rm "${ED}"/usr/share/man/man1/init.1 || die + rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die + fi + + if ! use resolvconf && ! use sysv-utils && use split-usr; then + rmdir "${ED}${rootprefix}"/sbin || die + fi + + # https://bugs.gentoo.org/761763 + rm -r "${ED}"/usr/lib/sysusers.d || die + + # Preserve empty dirs in /etc & /var, bug #437008 + keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} + keepdir /etc/kernel/install.d + keepdir /etc/systemd/{network,system,user} + keepdir /etc/udev/rules.d + + keepdir /etc/udev/hwdb.d + + keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} + keepdir /usr/lib/{binfmt.d,modules-load.d} + keepdir /usr/lib/systemd/user-generators + keepdir /var/lib/systemd + keepdir /var/log/journal + + # Symlink /etc/sysctl.conf for easy migration. + dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf + + if use pam; then + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi + + if use split-usr; then + # Avoid breaking boot/reboot + dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd + dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown + fi + + gen_usr_ldscript -a systemd udev +} + +migrate_locale() { + local envd_locale_def="${EROOT}/etc/env.d/02locale" + local envd_locale=( "${EROOT}"/etc/env.d/??locale ) + local locale_conf="${EROOT}/etc/locale.conf" + + if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then + # If locale.conf does not exist... + if [[ -e ${envd_locale} ]]; then + # ...either copy env.d/??locale if there's one + ebegin "Moving ${envd_locale} to ${locale_conf}" + mv "${envd_locale}" "${locale_conf}" + eend ${?} || FAIL=1 + else + # ...or create a dummy default + ebegin "Creating ${locale_conf}" + cat > "${locale_conf}" <<-EOF + # This file has been created by the sys-apps/systemd ebuild. + # See locale.conf(5) and localectl(1). + + # LANG=${LANG} + EOF + eend ${?} || FAIL=1 + fi + fi + + if [[ ! -L ${envd_locale} ]]; then + # now, if env.d/??locale is not a symlink (to locale.conf)... + if [[ -e ${envd_locale} ]]; then + # ...warn the user that he has duplicate locale settings + ewarn + ewarn "To ensure consistent behavior, you should replace ${envd_locale}" + ewarn "with a symlink to ${locale_conf}. Please migrate your settings" + ewarn "and create the symlink with the following command:" + ewarn "ln -s -n -f ../locale.conf ${envd_locale}" + ewarn + else + # ...or just create the symlink if there's nothing here + ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" + ln -n -s ../locale.conf "${envd_locale_def}" + eend ${?} || FAIL=1 + fi + fi +} + +pkg_preinst() { + if ! use split-usr; then + local dir + for dir in bin sbin lib usr/sbin; do + if [[ ! -L ${EROOT}/${dir} ]]; then + eerror "'${EROOT}/${dir}' is not a symbolic link." + FAIL=1 + fi + done + if [[ ${FAIL} ]]; then + eerror "Migration to system layout with merged directories must be performed before" + eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage." + die "System layout with split directories still used" + fi + fi +} + +pkg_postinst() { + systemd_update_catalog + + # Keep this here in case the database format changes so it gets updated + # when required. + systemd-hwdb --root="${ROOT}" update + + udev_reload || FAIL=1 + + # Bug 465468, make sure locales are respected, and ensure consistency + # between OpenRC & systemd + migrate_locale + + if [[ -z ${REPLACING_VERSIONS} ]]; then + if type systemctl &>/dev/null; then + systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 + fi + elog "To enable a useful set of services, run the following:" + elog " systemctl preset-all --preset-mode=enable-only" + fi + + if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then + rm "${EROOT}/var/lib/systemd/timesync" + fi + + if [[ ${FAIL} ]]; then + eerror "One of the postinst commands failed. Please check the postinst output" + eerror "for errors. You may need to clean up your system and/or try installing" + eerror "systemd again." + eerror + fi +} + +pkg_prerm() { + # If removing systemd completely, remove the catalog database. + if [[ ! ${REPLACED_BY_VERSION} ]]; then + rm -f -v "${EROOT}"/var/lib/systemd/catalog/database + fi +} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.5-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.5-r1.ebuild new file mode 100644 index 0000000000..684c214f6a --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.5-r1.ebuild @@ -0,0 +1,515 @@ +# Copyright 2011-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +PYTHON_COMPAT=( python3_{10..11} ) + +# Avoid QA warnings +TMPFILES_OPTIONAL=1 +UDEV_OPTIONAL=1 + +QA_PKGCONFIG_VERSION=$(ver_cut 1) + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="https://github.com/systemd/systemd.git" + inherit git-r3 +else + if [[ ${PV} == *.* ]]; then + MY_PN=systemd-stable + else + MY_PN=systemd + fi + MY_PV=${PV/_/-} + MY_P=${MY_PN}-${MY_PV} + S=${WORKDIR}/${MY_P} + SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi + +inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 +inherit secureboot systemd toolchain-funcs udev usr-ldscript + +DESCRIPTION="System and service manager for Linux" +HOMEPAGE="http://systemd.io/" + +LICENSE="GPL-2 LGPL-2.1 MIT public-domain" +SLOT="0/2" +IUSE=" + acl apparmor audit cgroup-hybrid cryptsetup curl +dns-over-tls elfutils + fido2 +gcrypt gnuefi gnutls homed http idn importd iptables +kmod + +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode + +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd +" +REQUIRED_USE=" + dns-over-tls? ( || ( gnutls openssl ) ) + fido2? ( cryptsetup openssl ) + homed? ( cryptsetup pam openssl ) + importd? ( curl lzma || ( gcrypt openssl ) ) + pwquality? ( homed ) +" +RESTRICT="!test? ( test )" + +MINKV="4.15" + +COMMON_DEPEND=" + >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] + sys-libs/libcap:0=[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + acl? ( sys-apps/acl:0= ) + apparmor? ( sys-libs/libapparmor:0= ) + audit? ( >=sys-process/audit-2:0= ) + cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) + curl? ( net-misc/curl:0= ) + elfutils? ( >=dev-libs/elfutils-0.158:0= ) + fido2? ( dev-libs/libfido2:0= ) + gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) + gnutls? ( >=net-libs/gnutls-3.6.0:0= ) + http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) + idn? ( net-dns/libidn2:= ) + importd? ( + app-arch/bzip2:0= + sys-libs/zlib:0= + ) + kmod? ( >=sys-apps/kmod-15:0= ) + lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) + iptables? ( net-firewall/iptables:0= ) + openssl? ( >=dev-libs/openssl-1.1.0:0= ) + pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) + pkcs11? ( app-crypt/p11-kit:0= ) + pcre? ( dev-libs/libpcre2 ) + pwquality? ( dev-libs/libpwquality:0= ) + qrcode? ( media-gfx/qrencode:0= ) + seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) + selinux? ( sys-libs/libselinux:0= ) + tpm? ( app-crypt/tpm2-tss:0= ) + xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) + zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) +" + +# Newer linux-headers needed by ia64, bug #480218 +DEPEND="${COMMON_DEPEND} + >=sys-kernel/linux-headers-${MINKV} + gnuefi? ( >=sys-boot/gnu-efi-3.0.2 ) +" + +# baselayout-2.2 has /run +RDEPEND="${COMMON_DEPEND} + >=acct-group/adm-0-r1 + >=acct-group/wheel-0-r1 + >=acct-group/kmem-0-r1 + >=acct-group/tty-0-r1 + >=acct-group/utmp-0-r1 + >=acct-group/audio-0-r1 + >=acct-group/cdrom-0-r1 + >=acct-group/dialout-0-r1 + >=acct-group/disk-0-r1 + >=acct-group/input-0-r1 + >=acct-group/kvm-0-r1 + >=acct-group/lp-0-r1 + >=acct-group/render-0-r1 + acct-group/sgx + >=acct-group/tape-0-r1 + acct-group/users + >=acct-group/video-0-r1 + >=acct-group/systemd-journal-0-r1 + >=acct-user/root-0-r1 + acct-user/nobody + >=acct-user/systemd-journal-remote-0-r1 + >=acct-user/systemd-coredump-0-r1 + >=acct-user/systemd-network-0-r1 + acct-user/systemd-oom + >=acct-user/systemd-resolve-0-r1 + >=acct-user/systemd-timesync-0-r1 + >=sys-apps/baselayout-2.2 + selinux? ( + sec-policy/selinux-base-policy[systemd] + sec-policy/selinux-ntp + ) + sysv-utils? ( + !sys-apps/openrc[sysv-utils(-)] + !sys-apps/sysvinit + ) + !sysv-utils? ( sys-apps/sysvinit ) + resolvconf? ( !net-dns/openresolv ) + !sys-apps/hwids[udev] + !sys-auth/nss-myhostname + !sys-fs/eudev + !sys-fs/udev +" + +# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) +PDEPEND=">=sys-apps/dbus-1.9.8[systemd] + >=sys-fs/udev-init-scripts-34 + policykit? ( sys-auth/polkit ) + !vanilla? ( sys-apps/gentoo-systemd-integration )" + +BDEPEND=" + app-arch/xz-utils:0 + dev-util/gperf + >=dev-util/meson-0.46 + >=sys-apps/coreutils-8.16 + sys-devel/gettext + virtual/pkgconfig + test? ( + app-text/tree + dev-lang/perl + sys-apps/dbus + ) + app-text/docbook-xml-dtd:4.2 + app-text/docbook-xml-dtd:4.5 + app-text/docbook-xsl-stylesheets + dev-libs/libxslt:0 + $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]') + $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') +" + +python_check_deps() { + python_has_version "dev-python/jinja[${PYTHON_USEDEP}]" && + python_has_version "dev-python/lxml[${PYTHON_USEDEP}]" +} + +QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" +QA_EXECSTACK="usr/lib/systemd/boot/efi/*" + +pkg_pretend() { + if [[ ${MERGE_TYPE} != buildonly ]]; then + if use test && has pid-sandbox ${FEATURES}; then + ewarn "Tests are known to fail with PID sandboxing enabled." + ewarn "See https://bugs.gentoo.org/674458." + fi + + local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS + ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE + ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS + ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS + ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH + ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED + ~!SYSFS_DEPRECATED_V2" + + use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" + use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" + + if kernel_is -ge 5 10 20; then + CONFIG_CHECK+=" ~KCMP" + else + CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" + fi + + if kernel_is -ge 4 18; then + CONFIG_CHECK+=" ~AUTOFS_FS" + else + CONFIG_CHECK+=" ~AUTOFS4_FS" + fi + + if linux_config_exists; then + local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) + if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then + ewarn "It's recommended to set an empty value to the following kernel config option:" + ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" + fi + if linux_chkconfig_present X86; then + CONFIG_CHECK+=" ~DMIID" + fi + fi + + if kernel_is -lt ${MINKV//./ }; then + ewarn "Kernel version at least ${MINKV} required" + fi + + check_extra_config + fi +} + +pkg_setup() { + use gnuefi && secureboot_pkg_setup +} + +src_unpack() { + default + [[ ${PV} != 9999 ]] || git-r3_src_unpack +} + +src_prepare() { + local PATCHES=( + "${FILESDIR}/systemd-253-initrd-generators.patch" + "${FILESDIR}/systemd-253.5-services-stop.patch" + ) + + if ! use vanilla; then + PATCHES+=( + "${FILESDIR}/gentoo-generator-path-r2.patch" + "${FILESDIR}/gentoo-journald-audit-r1.patch" + ) + fi + + # Fails with split-usr. + sed -i -e '2i exit 77' test/test-rpm-macros.sh || die + + default +} + +src_configure() { + # Prevent conflicts with i686 cross toolchain, bug 559726 + tc-export AR CC NM OBJCOPY RANLIB + + python_setup + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myconf=( + --localstatedir="${EPREFIX}/var" + -Dsupport-url="https://gentoo.org/support/" + -Dpamlibdir="$(getpam_mod_dir)" + # avoid bash-completion dep + -Dbashcompletiondir="$(get_bashcompdir)" + $(meson_use split-usr) + $(meson_use split-usr split-bin) + -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" + -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" + # Disable compatibility with sysvinit + -Dsysvinit-path= + -Dsysvrcnd-path= + # Avoid infinite exec recursion, bug 642724 + -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" + # no deps + -Dima=true + -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) + # Optional components/dependencies + $(meson_native_use_bool acl) + $(meson_native_use_bool apparmor) + $(meson_native_use_bool audit) + $(meson_native_use_bool cryptsetup libcryptsetup) + $(meson_native_use_bool curl libcurl) + $(meson_native_use_bool dns-over-tls dns-over-tls) + $(meson_native_use_bool elfutils) + $(meson_native_use_bool fido2 libfido2) + $(meson_use gcrypt) + $(meson_native_use_bool gnuefi gnu-efi) + $(meson_native_use_bool gnutls) + -Defi-includedir="${ESYSROOT}/usr/include/efi" + -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)" + $(meson_native_use_bool homed) + $(meson_native_use_bool http microhttpd) + $(meson_native_use_bool idn) + $(meson_native_use_bool importd) + $(meson_native_use_bool importd bzip2) + $(meson_native_use_bool importd zlib) + $(meson_native_use_bool kmod) + $(meson_use lz4) + $(meson_use lzma xz) + $(meson_use test tests) + $(meson_use zstd) + $(meson_native_use_bool iptables libiptc) + $(meson_native_use_bool openssl) + $(meson_use pam) + $(meson_native_use_bool pkcs11 p11kit) + $(meson_native_use_bool pcre pcre2) + $(meson_native_use_bool policykit polkit) + $(meson_native_use_bool pwquality) + $(meson_native_use_bool qrcode qrencode) + $(meson_native_use_bool seccomp) + $(meson_native_use_bool selinux) + $(meson_native_use_bool tpm tpm2) + $(meson_native_use_bool test dbus) + $(meson_native_use_bool xkb xkbcommon) + -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" + # Breaks screen, tmux, etc. + -Ddefault-kill-user-processes=false + -Dcreate-log-dirs=false + + # multilib options + $(meson_native_true backlight) + $(meson_native_true binfmt) + $(meson_native_true coredump) + $(meson_native_true environment-d) + $(meson_native_true firstboot) + $(meson_native_true hibernate) + $(meson_native_true hostnamed) + $(meson_native_true ldconfig) + $(meson_native_true localed) + $(meson_native_true man) + $(meson_native_true networkd) + $(meson_native_true quotacheck) + $(meson_native_true randomseed) + $(meson_native_true rfkill) + $(meson_native_true sysusers) + $(meson_native_true timedated) + $(meson_native_true timesyncd) + $(meson_native_true tmpfiles) + $(meson_native_true vconsole) + ) + + meson_src_configure "${myconf[@]}" +} + +multilib_src_test() { + unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR + local -x COLUMNS=80 + meson_src_test +} + +multilib_src_install_all() { + local rootprefix=$(usex split-usr '' /usr) + local sbin=$(usex split-usr sbin bin) + + # meson doesn't know about docdir + mv "${ED}"/usr/share/doc/{systemd,${PF}} || die + + einstalldocs + dodoc "${FILESDIR}"/nsswitch.conf + + insinto /usr/lib/tmpfiles.d + doins "${FILESDIR}"/legacy.conf + + if ! use resolvconf; then + rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die + fi + + if ! use sysv-utils; then + rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die + rm "${ED}"/usr/share/man/man1/init.1 || die + rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die + fi + + if ! use resolvconf && ! use sysv-utils && use split-usr; then + rmdir "${ED}${rootprefix}"/sbin || die + fi + + # https://bugs.gentoo.org/761763 + rm -r "${ED}"/usr/lib/sysusers.d || die + + # Preserve empty dirs in /etc & /var, bug #437008 + keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} + keepdir /etc/kernel/install.d + keepdir /etc/systemd/{network,system,user} + keepdir /etc/udev/rules.d + + keepdir /etc/udev/hwdb.d + + keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} + keepdir /usr/lib/{binfmt.d,modules-load.d} + keepdir /usr/lib/systemd/user-generators + keepdir /var/lib/systemd + keepdir /var/log/journal + + # Symlink /etc/sysctl.conf for easy migration. + dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf + + if use pam; then + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi + + if use split-usr; then + # Avoid breaking boot/reboot + dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd + dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown + fi + + gen_usr_ldscript -a systemd udev + + use gnuefi && secureboot_auto_sign +} + +migrate_locale() { + local envd_locale_def="${EROOT}/etc/env.d/02locale" + local envd_locale=( "${EROOT}"/etc/env.d/??locale ) + local locale_conf="${EROOT}/etc/locale.conf" + + if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then + # If locale.conf does not exist... + if [[ -e ${envd_locale} ]]; then + # ...either copy env.d/??locale if there's one + ebegin "Moving ${envd_locale} to ${locale_conf}" + mv "${envd_locale}" "${locale_conf}" + eend ${?} || FAIL=1 + else + # ...or create a dummy default + ebegin "Creating ${locale_conf}" + cat > "${locale_conf}" <<-EOF + # This file has been created by the sys-apps/systemd ebuild. + # See locale.conf(5) and localectl(1). + + # LANG=${LANG} + EOF + eend ${?} || FAIL=1 + fi + fi + + if [[ ! -L ${envd_locale} ]]; then + # now, if env.d/??locale is not a symlink (to locale.conf)... + if [[ -e ${envd_locale} ]]; then + # ...warn the user that he has duplicate locale settings + ewarn + ewarn "To ensure consistent behavior, you should replace ${envd_locale}" + ewarn "with a symlink to ${locale_conf}. Please migrate your settings" + ewarn "and create the symlink with the following command:" + ewarn "ln -s -n -f ../locale.conf ${envd_locale}" + ewarn + else + # ...or just create the symlink if there's nothing here + ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" + ln -n -s ../locale.conf "${envd_locale_def}" + eend ${?} || FAIL=1 + fi + fi +} + +pkg_preinst() { + if ! use split-usr; then + local dir + for dir in bin sbin lib usr/sbin; do + if [[ ! -L ${EROOT}/${dir} ]]; then + eerror "'${EROOT}/${dir}' is not a symbolic link." + FAIL=1 + fi + done + if [[ ${FAIL} ]]; then + eerror "Migration to system layout with merged directories must be performed before" + eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage." + die "System layout with split directories still used" + fi + fi +} + +pkg_postinst() { + systemd_update_catalog + + # Keep this here in case the database format changes so it gets updated + # when required. + systemd-hwdb --root="${ROOT}" update + + udev_reload || FAIL=1 + + # Bug 465468, make sure locales are respected, and ensure consistency + # between OpenRC & systemd + migrate_locale + + if [[ -z ${REPLACING_VERSIONS} ]]; then + if type systemctl &>/dev/null; then + systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 + fi + elog "To enable a useful set of services, run the following:" + elog " systemctl preset-all --preset-mode=enable-only" + fi + + if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then + rm "${EROOT}/var/lib/systemd/timesync" + fi + + if [[ ${FAIL} ]]; then + eerror "One of the postinst commands failed. Please check the postinst output" + eerror "for errors. You may need to clean up your system and/or try installing" + eerror "systemd again." + eerror + fi +} + +pkg_prerm() { + # If removing systemd completely, remove the catalog database. + if [[ ! ${REPLACED_BY_VERSION} ]]; then + rm -f -v "${EROOT}"/var/lib/systemd/catalog/database + fi +} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.5.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.5.ebuild new file mode 100644 index 0000000000..72824b08e8 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.5.ebuild @@ -0,0 +1,512 @@ +# Copyright 2011-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +PYTHON_COMPAT=( python3_{10..11} ) + +# Avoid QA warnings +TMPFILES_OPTIONAL=1 +UDEV_OPTIONAL=1 + +QA_PKGCONFIG_VERSION=$(ver_cut 1) + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="https://github.com/systemd/systemd.git" + inherit git-r3 +else + if [[ ${PV} == *.* ]]; then + MY_PN=systemd-stable + else + MY_PN=systemd + fi + MY_PV=${PV/_/-} + MY_P=${MY_PN}-${MY_PV} + S=${WORKDIR}/${MY_P} + SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi + +inherit bash-completion-r1 linux-info meson-multilib pam +inherit python-any-r1 systemd toolchain-funcs udev usr-ldscript + +DESCRIPTION="System and service manager for Linux" +HOMEPAGE="http://systemd.io/" + +LICENSE="GPL-2 LGPL-2.1 MIT public-domain" +SLOT="0/2" +IUSE=" + acl apparmor audit cgroup-hybrid cryptsetup curl +dns-over-tls elfutils + fido2 +gcrypt gnuefi gnutls homed http idn importd iptables +kmod + +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode + +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd +" +REQUIRED_USE=" + dns-over-tls? ( || ( gnutls openssl ) ) + fido2? ( cryptsetup openssl ) + homed? ( cryptsetup pam openssl ) + importd? ( curl lzma || ( gcrypt openssl ) ) + pwquality? ( homed ) +" +RESTRICT="!test? ( test )" + +MINKV="4.15" + +COMMON_DEPEND=" + >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] + sys-libs/libcap:0=[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + acl? ( sys-apps/acl:0= ) + apparmor? ( sys-libs/libapparmor:0= ) + audit? ( >=sys-process/audit-2:0= ) + cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) + curl? ( net-misc/curl:0= ) + elfutils? ( >=dev-libs/elfutils-0.158:0= ) + fido2? ( dev-libs/libfido2:0= ) + gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) + gnutls? ( >=net-libs/gnutls-3.6.0:0= ) + http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) + idn? ( net-dns/libidn2:= ) + importd? ( + app-arch/bzip2:0= + sys-libs/zlib:0= + ) + kmod? ( >=sys-apps/kmod-15:0= ) + lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) + iptables? ( net-firewall/iptables:0= ) + openssl? ( >=dev-libs/openssl-1.1.0:0= ) + pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) + pkcs11? ( app-crypt/p11-kit:0= ) + pcre? ( dev-libs/libpcre2 ) + pwquality? ( dev-libs/libpwquality:0= ) + qrcode? ( media-gfx/qrencode:0= ) + seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) + selinux? ( sys-libs/libselinux:0= ) + tpm? ( app-crypt/tpm2-tss:0= ) + xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) + zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) +" + +# Newer linux-headers needed by ia64, bug #480218 +DEPEND="${COMMON_DEPEND} + >=sys-kernel/linux-headers-${MINKV} + gnuefi? ( >=sys-boot/gnu-efi-3.0.2 ) +" + +# baselayout-2.2 has /run +RDEPEND="${COMMON_DEPEND} + >=acct-group/adm-0-r1 + >=acct-group/wheel-0-r1 + >=acct-group/kmem-0-r1 + >=acct-group/tty-0-r1 + >=acct-group/utmp-0-r1 + >=acct-group/audio-0-r1 + >=acct-group/cdrom-0-r1 + >=acct-group/dialout-0-r1 + >=acct-group/disk-0-r1 + >=acct-group/input-0-r1 + >=acct-group/kvm-0-r1 + >=acct-group/lp-0-r1 + >=acct-group/render-0-r1 + acct-group/sgx + >=acct-group/tape-0-r1 + acct-group/users + >=acct-group/video-0-r1 + >=acct-group/systemd-journal-0-r1 + >=acct-user/root-0-r1 + acct-user/nobody + >=acct-user/systemd-journal-remote-0-r1 + >=acct-user/systemd-coredump-0-r1 + >=acct-user/systemd-network-0-r1 + acct-user/systemd-oom + >=acct-user/systemd-resolve-0-r1 + >=acct-user/systemd-timesync-0-r1 + >=sys-apps/baselayout-2.2 + selinux? ( + sec-policy/selinux-base-policy[systemd] + sec-policy/selinux-ntp + ) + sysv-utils? ( + !sys-apps/openrc[sysv-utils(-)] + !sys-apps/sysvinit + ) + !sysv-utils? ( sys-apps/sysvinit ) + resolvconf? ( !net-dns/openresolv ) + !sys-apps/hwids[udev] + !sys-auth/nss-myhostname + !sys-fs/eudev + !sys-fs/udev +" + +# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) +PDEPEND=">=sys-apps/dbus-1.9.8[systemd] + >=sys-fs/udev-init-scripts-34 + policykit? ( sys-auth/polkit ) + !vanilla? ( sys-apps/gentoo-systemd-integration )" + +BDEPEND=" + app-arch/xz-utils:0 + dev-util/gperf + >=dev-util/meson-0.46 + >=sys-apps/coreutils-8.16 + sys-devel/gettext + virtual/pkgconfig + test? ( + app-text/tree + dev-lang/perl + sys-apps/dbus + ) + app-text/docbook-xml-dtd:4.2 + app-text/docbook-xml-dtd:4.5 + app-text/docbook-xsl-stylesheets + dev-libs/libxslt:0 + $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]') + $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') +" + +python_check_deps() { + python_has_version "dev-python/jinja[${PYTHON_USEDEP}]" && + python_has_version "dev-python/lxml[${PYTHON_USEDEP}]" +} + +QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" +QA_EXECSTACK="usr/lib/systemd/boot/efi/*" + +pkg_pretend() { + if [[ ${MERGE_TYPE} != buildonly ]]; then + if use test && has pid-sandbox ${FEATURES}; then + ewarn "Tests are known to fail with PID sandboxing enabled." + ewarn "See https://bugs.gentoo.org/674458." + fi + + local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS + ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE + ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS + ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS + ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH + ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED + ~!SYSFS_DEPRECATED_V2" + + use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" + use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" + + if kernel_is -ge 5 10 20; then + CONFIG_CHECK+=" ~KCMP" + else + CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" + fi + + if kernel_is -ge 4 18; then + CONFIG_CHECK+=" ~AUTOFS_FS" + else + CONFIG_CHECK+=" ~AUTOFS4_FS" + fi + + if linux_config_exists; then + local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) + if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then + ewarn "It's recommended to set an empty value to the following kernel config option:" + ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" + fi + if linux_chkconfig_present X86; then + CONFIG_CHECK+=" ~DMIID" + fi + fi + + if kernel_is -lt ${MINKV//./ }; then + ewarn "Kernel version at least ${MINKV} required" + fi + + check_extra_config + fi +} + +pkg_setup() { + : +} + +src_unpack() { + default + [[ ${PV} != 9999 ]] || git-r3_src_unpack +} + +src_prepare() { + local PATCHES=( + "${FILESDIR}/systemd-253-initrd-generators.patch" + ) + + if ! use vanilla; then + PATCHES+=( + "${FILESDIR}/gentoo-generator-path-r2.patch" + "${FILESDIR}/gentoo-journald-audit-r1.patch" + ) + fi + + # Fails with split-usr. + sed -i -e '2i exit 77' test/test-rpm-macros.sh || die + + default +} + +src_configure() { + # Prevent conflicts with i686 cross toolchain, bug 559726 + tc-export AR CC NM OBJCOPY RANLIB + + python_setup + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myconf=( + --localstatedir="${EPREFIX}/var" + -Dsupport-url="https://gentoo.org/support/" + -Dpamlibdir="$(getpam_mod_dir)" + # avoid bash-completion dep + -Dbashcompletiondir="$(get_bashcompdir)" + $(meson_use split-usr) + $(meson_use split-usr split-bin) + -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" + -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" + # Disable compatibility with sysvinit + -Dsysvinit-path= + -Dsysvrcnd-path= + # Avoid infinite exec recursion, bug 642724 + -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" + # no deps + -Dima=true + -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) + # Optional components/dependencies + $(meson_native_use_bool acl) + $(meson_native_use_bool apparmor) + $(meson_native_use_bool audit) + $(meson_native_use_bool cryptsetup libcryptsetup) + $(meson_native_use_bool curl libcurl) + $(meson_native_use_bool dns-over-tls dns-over-tls) + $(meson_native_use_bool elfutils) + $(meson_native_use_bool fido2 libfido2) + $(meson_use gcrypt) + $(meson_native_use_bool gnuefi gnu-efi) + $(meson_native_use_bool gnutls) + -Defi-includedir="${ESYSROOT}/usr/include/efi" + -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)" + $(meson_native_use_bool homed) + $(meson_native_use_bool http microhttpd) + $(meson_native_use_bool idn) + $(meson_native_use_bool importd) + $(meson_native_use_bool importd bzip2) + $(meson_native_use_bool importd zlib) + $(meson_native_use_bool kmod) + $(meson_use lz4) + $(meson_use lzma xz) + $(meson_use test tests) + $(meson_use zstd) + $(meson_native_use_bool iptables libiptc) + $(meson_native_use_bool openssl) + $(meson_use pam) + $(meson_native_use_bool pkcs11 p11kit) + $(meson_native_use_bool pcre pcre2) + $(meson_native_use_bool policykit polkit) + $(meson_native_use_bool pwquality) + $(meson_native_use_bool qrcode qrencode) + $(meson_native_use_bool seccomp) + $(meson_native_use_bool selinux) + $(meson_native_use_bool tpm tpm2) + $(meson_native_use_bool test dbus) + $(meson_native_use_bool xkb xkbcommon) + -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" + # Breaks screen, tmux, etc. + -Ddefault-kill-user-processes=false + -Dcreate-log-dirs=false + + # multilib options + $(meson_native_true backlight) + $(meson_native_true binfmt) + $(meson_native_true coredump) + $(meson_native_true environment-d) + $(meson_native_true firstboot) + $(meson_native_true hibernate) + $(meson_native_true hostnamed) + $(meson_native_true ldconfig) + $(meson_native_true localed) + $(meson_native_true man) + $(meson_native_true networkd) + $(meson_native_true quotacheck) + $(meson_native_true randomseed) + $(meson_native_true rfkill) + $(meson_native_true sysusers) + $(meson_native_true timedated) + $(meson_native_true timesyncd) + $(meson_native_true tmpfiles) + $(meson_native_true vconsole) + ) + + meson_src_configure "${myconf[@]}" +} + +multilib_src_test() { + unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR + local -x COLUMNS=80 + meson_src_test +} + +multilib_src_install_all() { + local rootprefix=$(usex split-usr '' /usr) + local sbin=$(usex split-usr sbin bin) + + # meson doesn't know about docdir + mv "${ED}"/usr/share/doc/{systemd,${PF}} || die + + einstalldocs + dodoc "${FILESDIR}"/nsswitch.conf + + insinto /usr/lib/tmpfiles.d + doins "${FILESDIR}"/legacy.conf + + if ! use resolvconf; then + rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die + fi + + if ! use sysv-utils; then + rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die + rm "${ED}"/usr/share/man/man1/init.1 || die + rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die + fi + + if ! use resolvconf && ! use sysv-utils && use split-usr; then + rmdir "${ED}${rootprefix}"/sbin || die + fi + + # https://bugs.gentoo.org/761763 + rm -r "${ED}"/usr/lib/sysusers.d || die + + # Preserve empty dirs in /etc & /var, bug #437008 + keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} + keepdir /etc/kernel/install.d + keepdir /etc/systemd/{network,system,user} + keepdir /etc/udev/rules.d + + keepdir /etc/udev/hwdb.d + + keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} + keepdir /usr/lib/{binfmt.d,modules-load.d} + keepdir /usr/lib/systemd/user-generators + keepdir /var/lib/systemd + keepdir /var/log/journal + + # Symlink /etc/sysctl.conf for easy migration. + dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf + + if use pam; then + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi + + if use split-usr; then + # Avoid breaking boot/reboot + dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd + dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown + fi + + gen_usr_ldscript -a systemd udev +} + +migrate_locale() { + local envd_locale_def="${EROOT}/etc/env.d/02locale" + local envd_locale=( "${EROOT}"/etc/env.d/??locale ) + local locale_conf="${EROOT}/etc/locale.conf" + + if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then + # If locale.conf does not exist... + if [[ -e ${envd_locale} ]]; then + # ...either copy env.d/??locale if there's one + ebegin "Moving ${envd_locale} to ${locale_conf}" + mv "${envd_locale}" "${locale_conf}" + eend ${?} || FAIL=1 + else + # ...or create a dummy default + ebegin "Creating ${locale_conf}" + cat > "${locale_conf}" <<-EOF + # This file has been created by the sys-apps/systemd ebuild. + # See locale.conf(5) and localectl(1). + + # LANG=${LANG} + EOF + eend ${?} || FAIL=1 + fi + fi + + if [[ ! -L ${envd_locale} ]]; then + # now, if env.d/??locale is not a symlink (to locale.conf)... + if [[ -e ${envd_locale} ]]; then + # ...warn the user that he has duplicate locale settings + ewarn + ewarn "To ensure consistent behavior, you should replace ${envd_locale}" + ewarn "with a symlink to ${locale_conf}. Please migrate your settings" + ewarn "and create the symlink with the following command:" + ewarn "ln -s -n -f ../locale.conf ${envd_locale}" + ewarn + else + # ...or just create the symlink if there's nothing here + ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" + ln -n -s ../locale.conf "${envd_locale_def}" + eend ${?} || FAIL=1 + fi + fi +} + +pkg_preinst() { + if ! use split-usr; then + local dir + for dir in bin sbin lib usr/sbin; do + if [[ ! -L ${EROOT}/${dir} ]]; then + eerror "'${EROOT}/${dir}' is not a symbolic link." + FAIL=1 + fi + done + if [[ ${FAIL} ]]; then + eerror "Migration to system layout with merged directories must be performed before" + eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage." + die "System layout with split directories still used" + fi + fi +} + +pkg_postinst() { + systemd_update_catalog + + # Keep this here in case the database format changes so it gets updated + # when required. + systemd-hwdb --root="${ROOT}" update + + udev_reload || FAIL=1 + + # Bug 465468, make sure locales are respected, and ensure consistency + # between OpenRC & systemd + migrate_locale + + if [[ -z ${REPLACING_VERSIONS} ]]; then + if type systemctl &>/dev/null; then + systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 + fi + elog "To enable a useful set of services, run the following:" + elog " systemctl preset-all --preset-mode=enable-only" + fi + + if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then + rm "${EROOT}/var/lib/systemd/timesync" + fi + + if [[ ${FAIL} ]]; then + eerror "One of the postinst commands failed. Please check the postinst output" + eerror "for errors. You may need to clean up your system and/or try installing" + eerror "systemd again." + eerror + fi +} + +pkg_prerm() { + # If removing systemd completely, remove the catalog database. + if [[ ! ${REPLACED_BY_VERSION} ]]; then + rm -f -v "${EROOT}"/var/lib/systemd/catalog/database + fi +} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.6.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.6.ebuild new file mode 100644 index 0000000000..443fe8bbfd --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.6.ebuild @@ -0,0 +1,514 @@ +# Copyright 2011-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +PYTHON_COMPAT=( python3_{10..11} ) + +# Avoid QA warnings +TMPFILES_OPTIONAL=1 +UDEV_OPTIONAL=1 + +QA_PKGCONFIG_VERSION=$(ver_cut 1) + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="https://github.com/systemd/systemd.git" + inherit git-r3 +else + if [[ ${PV} == *.* ]]; then + MY_PN=systemd-stable + else + MY_PN=systemd + fi + MY_PV=${PV/_/-} + MY_P=${MY_PN}-${MY_PV} + S=${WORKDIR}/${MY_P} + SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" + KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" +fi + +inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 +inherit secureboot systemd toolchain-funcs udev usr-ldscript + +DESCRIPTION="System and service manager for Linux" +HOMEPAGE="http://systemd.io/" + +LICENSE="GPL-2 LGPL-2.1 MIT public-domain" +SLOT="0/2" +IUSE=" + acl apparmor audit cgroup-hybrid cryptsetup curl +dns-over-tls elfutils + fido2 +gcrypt gnuefi gnutls homed http idn importd iptables +kmod + +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode + +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd +" +REQUIRED_USE=" + dns-over-tls? ( || ( gnutls openssl ) ) + fido2? ( cryptsetup openssl ) + homed? ( cryptsetup pam openssl ) + importd? ( curl lzma || ( gcrypt openssl ) ) + pwquality? ( homed ) +" +RESTRICT="!test? ( test )" + +MINKV="4.15" + +COMMON_DEPEND=" + >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] + sys-libs/libcap:0=[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + acl? ( sys-apps/acl:0= ) + apparmor? ( sys-libs/libapparmor:0= ) + audit? ( >=sys-process/audit-2:0= ) + cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) + curl? ( net-misc/curl:0= ) + elfutils? ( >=dev-libs/elfutils-0.158:0= ) + fido2? ( dev-libs/libfido2:0= ) + gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) + gnutls? ( >=net-libs/gnutls-3.6.0:0= ) + http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) + idn? ( net-dns/libidn2:= ) + importd? ( + app-arch/bzip2:0= + sys-libs/zlib:0= + ) + kmod? ( >=sys-apps/kmod-15:0= ) + lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) + iptables? ( net-firewall/iptables:0= ) + openssl? ( >=dev-libs/openssl-1.1.0:0= ) + pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) + pkcs11? ( app-crypt/p11-kit:0= ) + pcre? ( dev-libs/libpcre2 ) + pwquality? ( dev-libs/libpwquality:0= ) + qrcode? ( media-gfx/qrencode:0= ) + seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) + selinux? ( sys-libs/libselinux:0= ) + tpm? ( app-crypt/tpm2-tss:0= ) + xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) + zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) +" + +# Newer linux-headers needed by ia64, bug #480218 +DEPEND="${COMMON_DEPEND} + >=sys-kernel/linux-headers-${MINKV} + gnuefi? ( >=sys-boot/gnu-efi-3.0.2 ) +" + +# baselayout-2.2 has /run +RDEPEND="${COMMON_DEPEND} + >=acct-group/adm-0-r1 + >=acct-group/wheel-0-r1 + >=acct-group/kmem-0-r1 + >=acct-group/tty-0-r1 + >=acct-group/utmp-0-r1 + >=acct-group/audio-0-r1 + >=acct-group/cdrom-0-r1 + >=acct-group/dialout-0-r1 + >=acct-group/disk-0-r1 + >=acct-group/input-0-r1 + >=acct-group/kvm-0-r1 + >=acct-group/lp-0-r1 + >=acct-group/render-0-r1 + acct-group/sgx + >=acct-group/tape-0-r1 + acct-group/users + >=acct-group/video-0-r1 + >=acct-group/systemd-journal-0-r1 + >=acct-user/root-0-r1 + acct-user/nobody + >=acct-user/systemd-journal-remote-0-r1 + >=acct-user/systemd-coredump-0-r1 + >=acct-user/systemd-network-0-r1 + acct-user/systemd-oom + >=acct-user/systemd-resolve-0-r1 + >=acct-user/systemd-timesync-0-r1 + >=sys-apps/baselayout-2.2 + selinux? ( + sec-policy/selinux-base-policy[systemd] + sec-policy/selinux-ntp + ) + sysv-utils? ( + !sys-apps/openrc[sysv-utils(-)] + !sys-apps/sysvinit + ) + !sysv-utils? ( sys-apps/sysvinit ) + resolvconf? ( !net-dns/openresolv ) + !sys-apps/hwids[udev] + !sys-auth/nss-myhostname + !sys-fs/eudev + !sys-fs/udev +" + +# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) +PDEPEND=">=sys-apps/dbus-1.9.8[systemd] + >=sys-fs/udev-init-scripts-34 + policykit? ( sys-auth/polkit ) + !vanilla? ( sys-apps/gentoo-systemd-integration )" + +BDEPEND=" + app-arch/xz-utils:0 + dev-util/gperf + >=dev-util/meson-0.46 + >=sys-apps/coreutils-8.16 + sys-devel/gettext + virtual/pkgconfig + test? ( + app-text/tree + dev-lang/perl + sys-apps/dbus + ) + app-text/docbook-xml-dtd:4.2 + app-text/docbook-xml-dtd:4.5 + app-text/docbook-xsl-stylesheets + dev-libs/libxslt:0 + $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]') + $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') +" + +python_check_deps() { + python_has_version "dev-python/jinja[${PYTHON_USEDEP}]" && + python_has_version "dev-python/lxml[${PYTHON_USEDEP}]" +} + +QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" +QA_EXECSTACK="usr/lib/systemd/boot/efi/*" + +pkg_pretend() { + if [[ ${MERGE_TYPE} != buildonly ]]; then + if use test && has pid-sandbox ${FEATURES}; then + ewarn "Tests are known to fail with PID sandboxing enabled." + ewarn "See https://bugs.gentoo.org/674458." + fi + + local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS + ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE + ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS + ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS + ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH + ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED + ~!SYSFS_DEPRECATED_V2" + + use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" + use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" + + if kernel_is -ge 5 10 20; then + CONFIG_CHECK+=" ~KCMP" + else + CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" + fi + + if kernel_is -ge 4 18; then + CONFIG_CHECK+=" ~AUTOFS_FS" + else + CONFIG_CHECK+=" ~AUTOFS4_FS" + fi + + if linux_config_exists; then + local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) + if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then + ewarn "It's recommended to set an empty value to the following kernel config option:" + ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" + fi + if linux_chkconfig_present X86; then + CONFIG_CHECK+=" ~DMIID" + fi + fi + + if kernel_is -lt ${MINKV//./ }; then + ewarn "Kernel version at least ${MINKV} required" + fi + + check_extra_config + fi +} + +pkg_setup() { + use gnuefi && secureboot_pkg_setup +} + +src_unpack() { + default + [[ ${PV} != 9999 ]] || git-r3_src_unpack +} + +src_prepare() { + local PATCHES=( + "${FILESDIR}/systemd-253-initrd-generators.patch" + ) + + if ! use vanilla; then + PATCHES+=( + "${FILESDIR}/gentoo-generator-path-r2.patch" + "${FILESDIR}/gentoo-journald-audit-r1.patch" + ) + fi + + # Fails with split-usr. + sed -i -e '2i exit 77' test/test-rpm-macros.sh || die + + default +} + +src_configure() { + # Prevent conflicts with i686 cross toolchain, bug 559726 + tc-export AR CC NM OBJCOPY RANLIB + + python_setup + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myconf=( + --localstatedir="${EPREFIX}/var" + -Dsupport-url="https://gentoo.org/support/" + -Dpamlibdir="$(getpam_mod_dir)" + # avoid bash-completion dep + -Dbashcompletiondir="$(get_bashcompdir)" + $(meson_use split-usr) + $(meson_use split-usr split-bin) + -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" + -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" + # Disable compatibility with sysvinit + -Dsysvinit-path= + -Dsysvrcnd-path= + # Avoid infinite exec recursion, bug 642724 + -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" + # no deps + -Dima=true + -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) + # Optional components/dependencies + $(meson_native_use_bool acl) + $(meson_native_use_bool apparmor) + $(meson_native_use_bool audit) + $(meson_native_use_bool cryptsetup libcryptsetup) + $(meson_native_use_bool curl libcurl) + $(meson_native_use_bool dns-over-tls dns-over-tls) + $(meson_native_use_bool elfutils) + $(meson_native_use_bool fido2 libfido2) + $(meson_use gcrypt) + $(meson_native_use_bool gnuefi gnu-efi) + $(meson_native_use_bool gnutls) + -Defi-includedir="${ESYSROOT}/usr/include/efi" + -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)" + $(meson_native_use_bool homed) + $(meson_native_use_bool http microhttpd) + $(meson_native_use_bool idn) + $(meson_native_use_bool importd) + $(meson_native_use_bool importd bzip2) + $(meson_native_use_bool importd zlib) + $(meson_native_use_bool kmod) + $(meson_use lz4) + $(meson_use lzma xz) + $(meson_use test tests) + $(meson_use zstd) + $(meson_native_use_bool iptables libiptc) + $(meson_native_use_bool openssl) + $(meson_use pam) + $(meson_native_use_bool pkcs11 p11kit) + $(meson_native_use_bool pcre pcre2) + $(meson_native_use_bool policykit polkit) + $(meson_native_use_bool pwquality) + $(meson_native_use_bool qrcode qrencode) + $(meson_native_use_bool seccomp) + $(meson_native_use_bool selinux) + $(meson_native_use_bool tpm tpm2) + $(meson_native_use_bool test dbus) + $(meson_native_use_bool xkb xkbcommon) + -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" + # Breaks screen, tmux, etc. + -Ddefault-kill-user-processes=false + -Dcreate-log-dirs=false + + # multilib options + $(meson_native_true backlight) + $(meson_native_true binfmt) + $(meson_native_true coredump) + $(meson_native_true environment-d) + $(meson_native_true firstboot) + $(meson_native_true hibernate) + $(meson_native_true hostnamed) + $(meson_native_true ldconfig) + $(meson_native_true localed) + $(meson_native_true man) + $(meson_native_true networkd) + $(meson_native_true quotacheck) + $(meson_native_true randomseed) + $(meson_native_true rfkill) + $(meson_native_true sysusers) + $(meson_native_true timedated) + $(meson_native_true timesyncd) + $(meson_native_true tmpfiles) + $(meson_native_true vconsole) + ) + + meson_src_configure "${myconf[@]}" +} + +multilib_src_test() { + unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR + local -x COLUMNS=80 + meson_src_test +} + +multilib_src_install_all() { + local rootprefix=$(usex split-usr '' /usr) + local sbin=$(usex split-usr sbin bin) + + # meson doesn't know about docdir + mv "${ED}"/usr/share/doc/{systemd,${PF}} || die + + einstalldocs + dodoc "${FILESDIR}"/nsswitch.conf + + insinto /usr/lib/tmpfiles.d + doins "${FILESDIR}"/legacy.conf + + if ! use resolvconf; then + rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die + fi + + if ! use sysv-utils; then + rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die + rm "${ED}"/usr/share/man/man1/init.1 || die + rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die + fi + + if ! use resolvconf && ! use sysv-utils && use split-usr; then + rmdir "${ED}${rootprefix}"/sbin || die + fi + + # https://bugs.gentoo.org/761763 + rm -r "${ED}"/usr/lib/sysusers.d || die + + # Preserve empty dirs in /etc & /var, bug #437008 + keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} + keepdir /etc/kernel/install.d + keepdir /etc/systemd/{network,system,user} + keepdir /etc/udev/rules.d + + keepdir /etc/udev/hwdb.d + + keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} + keepdir /usr/lib/{binfmt.d,modules-load.d} + keepdir /usr/lib/systemd/user-generators + keepdir /var/lib/systemd + keepdir /var/log/journal + + # Symlink /etc/sysctl.conf for easy migration. + dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf + + if use pam; then + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi + + if use split-usr; then + # Avoid breaking boot/reboot + dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd + dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown + fi + + gen_usr_ldscript -a systemd udev + + use gnuefi && secureboot_auto_sign +} + +migrate_locale() { + local envd_locale_def="${EROOT}/etc/env.d/02locale" + local envd_locale=( "${EROOT}"/etc/env.d/??locale ) + local locale_conf="${EROOT}/etc/locale.conf" + + if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then + # If locale.conf does not exist... + if [[ -e ${envd_locale} ]]; then + # ...either copy env.d/??locale if there's one + ebegin "Moving ${envd_locale} to ${locale_conf}" + mv "${envd_locale}" "${locale_conf}" + eend ${?} || FAIL=1 + else + # ...or create a dummy default + ebegin "Creating ${locale_conf}" + cat > "${locale_conf}" <<-EOF + # This file has been created by the sys-apps/systemd ebuild. + # See locale.conf(5) and localectl(1). + + # LANG=${LANG} + EOF + eend ${?} || FAIL=1 + fi + fi + + if [[ ! -L ${envd_locale} ]]; then + # now, if env.d/??locale is not a symlink (to locale.conf)... + if [[ -e ${envd_locale} ]]; then + # ...warn the user that he has duplicate locale settings + ewarn + ewarn "To ensure consistent behavior, you should replace ${envd_locale}" + ewarn "with a symlink to ${locale_conf}. Please migrate your settings" + ewarn "and create the symlink with the following command:" + ewarn "ln -s -n -f ../locale.conf ${envd_locale}" + ewarn + else + # ...or just create the symlink if there's nothing here + ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" + ln -n -s ../locale.conf "${envd_locale_def}" + eend ${?} || FAIL=1 + fi + fi +} + +pkg_preinst() { + if ! use split-usr; then + local dir + for dir in bin sbin lib usr/sbin; do + if [[ ! -L ${EROOT}/${dir} ]]; then + eerror "'${EROOT}/${dir}' is not a symbolic link." + FAIL=1 + fi + done + if [[ ${FAIL} ]]; then + eerror "Migration to system layout with merged directories must be performed before" + eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage." + die "System layout with split directories still used" + fi + fi +} + +pkg_postinst() { + systemd_update_catalog + + # Keep this here in case the database format changes so it gets updated + # when required. + systemd-hwdb --root="${ROOT}" update + + udev_reload || FAIL=1 + + # Bug 465468, make sure locales are respected, and ensure consistency + # between OpenRC & systemd + migrate_locale + + if [[ -z ${REPLACING_VERSIONS} ]]; then + if type systemctl &>/dev/null; then + systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 + fi + elog "To enable a useful set of services, run the following:" + elog " systemctl preset-all --preset-mode=enable-only" + fi + + if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then + rm "${EROOT}/var/lib/systemd/timesync" + fi + + if [[ ${FAIL} ]]; then + eerror "One of the postinst commands failed. Please check the postinst output" + eerror "for errors. You may need to clean up your system and/or try installing" + eerror "systemd again." + eerror + fi +} + +pkg_prerm() { + # If removing systemd completely, remove the catalog database. + if [[ ! ${REPLACED_BY_VERSION} ]]; then + rm -f -v "${EROOT}"/var/lib/systemd/catalog/database + fi +} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.7.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.7.ebuild new file mode 100644 index 0000000000..cf50cf37cc --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.7.ebuild @@ -0,0 +1,514 @@ +# Copyright 2011-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +PYTHON_COMPAT=( python3_{10..11} ) + +# Avoid QA warnings +TMPFILES_OPTIONAL=1 +UDEV_OPTIONAL=1 + +QA_PKGCONFIG_VERSION=$(ver_cut 1) + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="https://github.com/systemd/systemd.git" + inherit git-r3 +else + if [[ ${PV} == *.* ]]; then + MY_PN=systemd-stable + else + MY_PN=systemd + fi + MY_PV=${PV/_/-} + MY_P=${MY_PN}-${MY_PV} + S=${WORKDIR}/${MY_P} + SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi + +inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 +inherit secureboot systemd toolchain-funcs udev usr-ldscript + +DESCRIPTION="System and service manager for Linux" +HOMEPAGE="http://systemd.io/" + +LICENSE="GPL-2 LGPL-2.1 MIT public-domain" +SLOT="0/2" +IUSE=" + acl apparmor audit cgroup-hybrid cryptsetup curl +dns-over-tls elfutils + fido2 +gcrypt gnuefi gnutls homed http idn importd iptables +kmod + +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode + +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd +" +REQUIRED_USE=" + dns-over-tls? ( || ( gnutls openssl ) ) + fido2? ( cryptsetup openssl ) + homed? ( cryptsetup pam openssl ) + importd? ( curl lzma || ( gcrypt openssl ) ) + pwquality? ( homed ) +" +RESTRICT="!test? ( test )" + +MINKV="4.15" + +COMMON_DEPEND=" + >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] + sys-libs/libcap:0=[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + acl? ( sys-apps/acl:0= ) + apparmor? ( sys-libs/libapparmor:0= ) + audit? ( >=sys-process/audit-2:0= ) + cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) + curl? ( net-misc/curl:0= ) + elfutils? ( >=dev-libs/elfutils-0.158:0= ) + fido2? ( dev-libs/libfido2:0= ) + gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) + gnutls? ( >=net-libs/gnutls-3.6.0:0= ) + http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) + idn? ( net-dns/libidn2:= ) + importd? ( + app-arch/bzip2:0= + sys-libs/zlib:0= + ) + kmod? ( >=sys-apps/kmod-15:0= ) + lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) + iptables? ( net-firewall/iptables:0= ) + openssl? ( >=dev-libs/openssl-1.1.0:0= ) + pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) + pkcs11? ( app-crypt/p11-kit:0= ) + pcre? ( dev-libs/libpcre2 ) + pwquality? ( dev-libs/libpwquality:0= ) + qrcode? ( media-gfx/qrencode:0= ) + seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) + selinux? ( sys-libs/libselinux:0= ) + tpm? ( app-crypt/tpm2-tss:0= ) + xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) + zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) +" + +# Newer linux-headers needed by ia64, bug #480218 +DEPEND="${COMMON_DEPEND} + >=sys-kernel/linux-headers-${MINKV} + gnuefi? ( >=sys-boot/gnu-efi-3.0.2 ) +" + +# baselayout-2.2 has /run +RDEPEND="${COMMON_DEPEND} + >=acct-group/adm-0-r1 + >=acct-group/wheel-0-r1 + >=acct-group/kmem-0-r1 + >=acct-group/tty-0-r1 + >=acct-group/utmp-0-r1 + >=acct-group/audio-0-r1 + >=acct-group/cdrom-0-r1 + >=acct-group/dialout-0-r1 + >=acct-group/disk-0-r1 + >=acct-group/input-0-r1 + >=acct-group/kvm-0-r1 + >=acct-group/lp-0-r1 + >=acct-group/render-0-r1 + acct-group/sgx + >=acct-group/tape-0-r1 + acct-group/users + >=acct-group/video-0-r1 + >=acct-group/systemd-journal-0-r1 + >=acct-user/root-0-r1 + acct-user/nobody + >=acct-user/systemd-journal-remote-0-r1 + >=acct-user/systemd-coredump-0-r1 + >=acct-user/systemd-network-0-r1 + acct-user/systemd-oom + >=acct-user/systemd-resolve-0-r1 + >=acct-user/systemd-timesync-0-r1 + >=sys-apps/baselayout-2.2 + selinux? ( + sec-policy/selinux-base-policy[systemd] + sec-policy/selinux-ntp + ) + sysv-utils? ( + !sys-apps/openrc[sysv-utils(-)] + !sys-apps/sysvinit + ) + !sysv-utils? ( sys-apps/sysvinit ) + resolvconf? ( !net-dns/openresolv ) + !sys-apps/hwids[udev] + !sys-auth/nss-myhostname + !sys-fs/eudev + !sys-fs/udev +" + +# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) +PDEPEND=">=sys-apps/dbus-1.9.8[systemd] + >=sys-fs/udev-init-scripts-34 + policykit? ( sys-auth/polkit ) + !vanilla? ( sys-apps/gentoo-systemd-integration )" + +BDEPEND=" + app-arch/xz-utils:0 + dev-util/gperf + >=dev-util/meson-0.46 + >=sys-apps/coreutils-8.16 + sys-devel/gettext + virtual/pkgconfig + test? ( + app-text/tree + dev-lang/perl + sys-apps/dbus + ) + app-text/docbook-xml-dtd:4.2 + app-text/docbook-xml-dtd:4.5 + app-text/docbook-xsl-stylesheets + dev-libs/libxslt:0 + $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]') + $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') +" + +python_check_deps() { + python_has_version "dev-python/jinja[${PYTHON_USEDEP}]" && + python_has_version "dev-python/lxml[${PYTHON_USEDEP}]" +} + +QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" +QA_EXECSTACK="usr/lib/systemd/boot/efi/*" + +pkg_pretend() { + if [[ ${MERGE_TYPE} != buildonly ]]; then + if use test && has pid-sandbox ${FEATURES}; then + ewarn "Tests are known to fail with PID sandboxing enabled." + ewarn "See https://bugs.gentoo.org/674458." + fi + + local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS + ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE + ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS + ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS + ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH + ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED + ~!SYSFS_DEPRECATED_V2" + + use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" + use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" + + if kernel_is -ge 5 10 20; then + CONFIG_CHECK+=" ~KCMP" + else + CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" + fi + + if kernel_is -ge 4 18; then + CONFIG_CHECK+=" ~AUTOFS_FS" + else + CONFIG_CHECK+=" ~AUTOFS4_FS" + fi + + if linux_config_exists; then + local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) + if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then + ewarn "It's recommended to set an empty value to the following kernel config option:" + ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" + fi + if linux_chkconfig_present X86; then + CONFIG_CHECK+=" ~DMIID" + fi + fi + + if kernel_is -lt ${MINKV//./ }; then + ewarn "Kernel version at least ${MINKV} required" + fi + + check_extra_config + fi +} + +pkg_setup() { + use gnuefi && secureboot_pkg_setup +} + +src_unpack() { + default + [[ ${PV} != 9999 ]] || git-r3_src_unpack +} + +src_prepare() { + local PATCHES=( + "${FILESDIR}/systemd-253-initrd-generators.patch" + ) + + if ! use vanilla; then + PATCHES+=( + "${FILESDIR}/gentoo-generator-path-r2.patch" + "${FILESDIR}/gentoo-journald-audit-r1.patch" + ) + fi + + # Fails with split-usr. + sed -i -e '2i exit 77' test/test-rpm-macros.sh || die + + default +} + +src_configure() { + # Prevent conflicts with i686 cross toolchain, bug 559726 + tc-export AR CC NM OBJCOPY RANLIB + + python_setup + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myconf=( + --localstatedir="${EPREFIX}/var" + -Dsupport-url="https://gentoo.org/support/" + -Dpamlibdir="$(getpam_mod_dir)" + # avoid bash-completion dep + -Dbashcompletiondir="$(get_bashcompdir)" + $(meson_use split-usr) + $(meson_use split-usr split-bin) + -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" + -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" + # Disable compatibility with sysvinit + -Dsysvinit-path= + -Dsysvrcnd-path= + # Avoid infinite exec recursion, bug 642724 + -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" + # no deps + -Dima=true + -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) + # Optional components/dependencies + $(meson_native_use_bool acl) + $(meson_native_use_bool apparmor) + $(meson_native_use_bool audit) + $(meson_native_use_bool cryptsetup libcryptsetup) + $(meson_native_use_bool curl libcurl) + $(meson_native_use_bool dns-over-tls dns-over-tls) + $(meson_native_use_bool elfutils) + $(meson_native_use_bool fido2 libfido2) + $(meson_use gcrypt) + $(meson_native_use_bool gnuefi gnu-efi) + $(meson_native_use_bool gnutls) + -Defi-includedir="${ESYSROOT}/usr/include/efi" + -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)" + $(meson_native_use_bool homed) + $(meson_native_use_bool http microhttpd) + $(meson_native_use_bool idn) + $(meson_native_use_bool importd) + $(meson_native_use_bool importd bzip2) + $(meson_native_use_bool importd zlib) + $(meson_native_use_bool kmod) + $(meson_use lz4) + $(meson_use lzma xz) + $(meson_use test tests) + $(meson_use zstd) + $(meson_native_use_bool iptables libiptc) + $(meson_native_use_bool openssl) + $(meson_use pam) + $(meson_native_use_bool pkcs11 p11kit) + $(meson_native_use_bool pcre pcre2) + $(meson_native_use_bool policykit polkit) + $(meson_native_use_bool pwquality) + $(meson_native_use_bool qrcode qrencode) + $(meson_native_use_bool seccomp) + $(meson_native_use_bool selinux) + $(meson_native_use_bool tpm tpm2) + $(meson_native_use_bool test dbus) + $(meson_native_use_bool xkb xkbcommon) + -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" + # Breaks screen, tmux, etc. + -Ddefault-kill-user-processes=false + -Dcreate-log-dirs=false + + # multilib options + $(meson_native_true backlight) + $(meson_native_true binfmt) + $(meson_native_true coredump) + $(meson_native_true environment-d) + $(meson_native_true firstboot) + $(meson_native_true hibernate) + $(meson_native_true hostnamed) + $(meson_native_true ldconfig) + $(meson_native_true localed) + $(meson_native_true man) + $(meson_native_true networkd) + $(meson_native_true quotacheck) + $(meson_native_true randomseed) + $(meson_native_true rfkill) + $(meson_native_true sysusers) + $(meson_native_true timedated) + $(meson_native_true timesyncd) + $(meson_native_true tmpfiles) + $(meson_native_true vconsole) + ) + + meson_src_configure "${myconf[@]}" +} + +multilib_src_test() { + unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR + local -x COLUMNS=80 + meson_src_test +} + +multilib_src_install_all() { + local rootprefix=$(usex split-usr '' /usr) + local sbin=$(usex split-usr sbin bin) + + # meson doesn't know about docdir + mv "${ED}"/usr/share/doc/{systemd,${PF}} || die + + einstalldocs + dodoc "${FILESDIR}"/nsswitch.conf + + insinto /usr/lib/tmpfiles.d + doins "${FILESDIR}"/legacy.conf + + if ! use resolvconf; then + rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die + fi + + if ! use sysv-utils; then + rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die + rm "${ED}"/usr/share/man/man1/init.1 || die + rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die + fi + + if ! use resolvconf && ! use sysv-utils && use split-usr; then + rmdir "${ED}${rootprefix}"/sbin || die + fi + + # https://bugs.gentoo.org/761763 + rm -r "${ED}"/usr/lib/sysusers.d || die + + # Preserve empty dirs in /etc & /var, bug #437008 + keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} + keepdir /etc/kernel/install.d + keepdir /etc/systemd/{network,system,user} + keepdir /etc/udev/rules.d + + keepdir /etc/udev/hwdb.d + + keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} + keepdir /usr/lib/{binfmt.d,modules-load.d} + keepdir /usr/lib/systemd/user-generators + keepdir /var/lib/systemd + keepdir /var/log/journal + + # Symlink /etc/sysctl.conf for easy migration. + dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf + + if use pam; then + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi + + if use split-usr; then + # Avoid breaking boot/reboot + dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd + dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown + fi + + gen_usr_ldscript -a systemd udev + + use gnuefi && secureboot_auto_sign +} + +migrate_locale() { + local envd_locale_def="${EROOT}/etc/env.d/02locale" + local envd_locale=( "${EROOT}"/etc/env.d/??locale ) + local locale_conf="${EROOT}/etc/locale.conf" + + if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then + # If locale.conf does not exist... + if [[ -e ${envd_locale} ]]; then + # ...either copy env.d/??locale if there's one + ebegin "Moving ${envd_locale} to ${locale_conf}" + mv "${envd_locale}" "${locale_conf}" + eend ${?} || FAIL=1 + else + # ...or create a dummy default + ebegin "Creating ${locale_conf}" + cat > "${locale_conf}" <<-EOF + # This file has been created by the sys-apps/systemd ebuild. + # See locale.conf(5) and localectl(1). + + # LANG=${LANG} + EOF + eend ${?} || FAIL=1 + fi + fi + + if [[ ! -L ${envd_locale} ]]; then + # now, if env.d/??locale is not a symlink (to locale.conf)... + if [[ -e ${envd_locale} ]]; then + # ...warn the user that he has duplicate locale settings + ewarn + ewarn "To ensure consistent behavior, you should replace ${envd_locale}" + ewarn "with a symlink to ${locale_conf}. Please migrate your settings" + ewarn "and create the symlink with the following command:" + ewarn "ln -s -n -f ../locale.conf ${envd_locale}" + ewarn + else + # ...or just create the symlink if there's nothing here + ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" + ln -n -s ../locale.conf "${envd_locale_def}" + eend ${?} || FAIL=1 + fi + fi +} + +pkg_preinst() { + if ! use split-usr; then + local dir + for dir in bin sbin lib usr/sbin; do + if [[ ! -L ${EROOT}/${dir} ]]; then + eerror "'${EROOT}/${dir}' is not a symbolic link." + FAIL=1 + fi + done + if [[ ${FAIL} ]]; then + eerror "Migration to system layout with merged directories must be performed before" + eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage." + die "System layout with split directories still used" + fi + fi +} + +pkg_postinst() { + systemd_update_catalog + + # Keep this here in case the database format changes so it gets updated + # when required. + systemd-hwdb --root="${ROOT}" update + + udev_reload || FAIL=1 + + # Bug 465468, make sure locales are respected, and ensure consistency + # between OpenRC & systemd + migrate_locale + + if [[ -z ${REPLACING_VERSIONS} ]]; then + if type systemctl &>/dev/null; then + systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 + fi + elog "To enable a useful set of services, run the following:" + elog " systemctl preset-all --preset-mode=enable-only" + fi + + if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then + rm "${EROOT}/var/lib/systemd/timesync" + fi + + if [[ ${FAIL} ]]; then + eerror "One of the postinst commands failed. Please check the postinst output" + eerror "for errors. You may need to clean up your system and/or try installing" + eerror "systemd again." + eerror + fi +} + +pkg_prerm() { + # If removing systemd completely, remove the catalog database. + if [[ ! ${REPLACED_BY_VERSION} ]]; then + rm -f -v "${EROOT}"/var/lib/systemd/catalog/database + fi +} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.8.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.8.ebuild new file mode 100644 index 0000000000..cf50cf37cc --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-253.8.ebuild @@ -0,0 +1,514 @@ +# Copyright 2011-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +PYTHON_COMPAT=( python3_{10..11} ) + +# Avoid QA warnings +TMPFILES_OPTIONAL=1 +UDEV_OPTIONAL=1 + +QA_PKGCONFIG_VERSION=$(ver_cut 1) + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="https://github.com/systemd/systemd.git" + inherit git-r3 +else + if [[ ${PV} == *.* ]]; then + MY_PN=systemd-stable + else + MY_PN=systemd + fi + MY_PV=${PV/_/-} + MY_P=${MY_PN}-${MY_PV} + S=${WORKDIR}/${MY_P} + SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi + +inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 +inherit secureboot systemd toolchain-funcs udev usr-ldscript + +DESCRIPTION="System and service manager for Linux" +HOMEPAGE="http://systemd.io/" + +LICENSE="GPL-2 LGPL-2.1 MIT public-domain" +SLOT="0/2" +IUSE=" + acl apparmor audit cgroup-hybrid cryptsetup curl +dns-over-tls elfutils + fido2 +gcrypt gnuefi gnutls homed http idn importd iptables +kmod + +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode + +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd +" +REQUIRED_USE=" + dns-over-tls? ( || ( gnutls openssl ) ) + fido2? ( cryptsetup openssl ) + homed? ( cryptsetup pam openssl ) + importd? ( curl lzma || ( gcrypt openssl ) ) + pwquality? ( homed ) +" +RESTRICT="!test? ( test )" + +MINKV="4.15" + +COMMON_DEPEND=" + >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] + sys-libs/libcap:0=[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + acl? ( sys-apps/acl:0= ) + apparmor? ( sys-libs/libapparmor:0= ) + audit? ( >=sys-process/audit-2:0= ) + cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) + curl? ( net-misc/curl:0= ) + elfutils? ( >=dev-libs/elfutils-0.158:0= ) + fido2? ( dev-libs/libfido2:0= ) + gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) + gnutls? ( >=net-libs/gnutls-3.6.0:0= ) + http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) + idn? ( net-dns/libidn2:= ) + importd? ( + app-arch/bzip2:0= + sys-libs/zlib:0= + ) + kmod? ( >=sys-apps/kmod-15:0= ) + lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) + iptables? ( net-firewall/iptables:0= ) + openssl? ( >=dev-libs/openssl-1.1.0:0= ) + pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) + pkcs11? ( app-crypt/p11-kit:0= ) + pcre? ( dev-libs/libpcre2 ) + pwquality? ( dev-libs/libpwquality:0= ) + qrcode? ( media-gfx/qrencode:0= ) + seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) + selinux? ( sys-libs/libselinux:0= ) + tpm? ( app-crypt/tpm2-tss:0= ) + xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) + zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) +" + +# Newer linux-headers needed by ia64, bug #480218 +DEPEND="${COMMON_DEPEND} + >=sys-kernel/linux-headers-${MINKV} + gnuefi? ( >=sys-boot/gnu-efi-3.0.2 ) +" + +# baselayout-2.2 has /run +RDEPEND="${COMMON_DEPEND} + >=acct-group/adm-0-r1 + >=acct-group/wheel-0-r1 + >=acct-group/kmem-0-r1 + >=acct-group/tty-0-r1 + >=acct-group/utmp-0-r1 + >=acct-group/audio-0-r1 + >=acct-group/cdrom-0-r1 + >=acct-group/dialout-0-r1 + >=acct-group/disk-0-r1 + >=acct-group/input-0-r1 + >=acct-group/kvm-0-r1 + >=acct-group/lp-0-r1 + >=acct-group/render-0-r1 + acct-group/sgx + >=acct-group/tape-0-r1 + acct-group/users + >=acct-group/video-0-r1 + >=acct-group/systemd-journal-0-r1 + >=acct-user/root-0-r1 + acct-user/nobody + >=acct-user/systemd-journal-remote-0-r1 + >=acct-user/systemd-coredump-0-r1 + >=acct-user/systemd-network-0-r1 + acct-user/systemd-oom + >=acct-user/systemd-resolve-0-r1 + >=acct-user/systemd-timesync-0-r1 + >=sys-apps/baselayout-2.2 + selinux? ( + sec-policy/selinux-base-policy[systemd] + sec-policy/selinux-ntp + ) + sysv-utils? ( + !sys-apps/openrc[sysv-utils(-)] + !sys-apps/sysvinit + ) + !sysv-utils? ( sys-apps/sysvinit ) + resolvconf? ( !net-dns/openresolv ) + !sys-apps/hwids[udev] + !sys-auth/nss-myhostname + !sys-fs/eudev + !sys-fs/udev +" + +# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) +PDEPEND=">=sys-apps/dbus-1.9.8[systemd] + >=sys-fs/udev-init-scripts-34 + policykit? ( sys-auth/polkit ) + !vanilla? ( sys-apps/gentoo-systemd-integration )" + +BDEPEND=" + app-arch/xz-utils:0 + dev-util/gperf + >=dev-util/meson-0.46 + >=sys-apps/coreutils-8.16 + sys-devel/gettext + virtual/pkgconfig + test? ( + app-text/tree + dev-lang/perl + sys-apps/dbus + ) + app-text/docbook-xml-dtd:4.2 + app-text/docbook-xml-dtd:4.5 + app-text/docbook-xsl-stylesheets + dev-libs/libxslt:0 + $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]') + $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') +" + +python_check_deps() { + python_has_version "dev-python/jinja[${PYTHON_USEDEP}]" && + python_has_version "dev-python/lxml[${PYTHON_USEDEP}]" +} + +QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" +QA_EXECSTACK="usr/lib/systemd/boot/efi/*" + +pkg_pretend() { + if [[ ${MERGE_TYPE} != buildonly ]]; then + if use test && has pid-sandbox ${FEATURES}; then + ewarn "Tests are known to fail with PID sandboxing enabled." + ewarn "See https://bugs.gentoo.org/674458." + fi + + local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS + ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE + ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS + ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS + ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH + ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED + ~!SYSFS_DEPRECATED_V2" + + use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" + use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" + + if kernel_is -ge 5 10 20; then + CONFIG_CHECK+=" ~KCMP" + else + CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" + fi + + if kernel_is -ge 4 18; then + CONFIG_CHECK+=" ~AUTOFS_FS" + else + CONFIG_CHECK+=" ~AUTOFS4_FS" + fi + + if linux_config_exists; then + local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) + if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then + ewarn "It's recommended to set an empty value to the following kernel config option:" + ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" + fi + if linux_chkconfig_present X86; then + CONFIG_CHECK+=" ~DMIID" + fi + fi + + if kernel_is -lt ${MINKV//./ }; then + ewarn "Kernel version at least ${MINKV} required" + fi + + check_extra_config + fi +} + +pkg_setup() { + use gnuefi && secureboot_pkg_setup +} + +src_unpack() { + default + [[ ${PV} != 9999 ]] || git-r3_src_unpack +} + +src_prepare() { + local PATCHES=( + "${FILESDIR}/systemd-253-initrd-generators.patch" + ) + + if ! use vanilla; then + PATCHES+=( + "${FILESDIR}/gentoo-generator-path-r2.patch" + "${FILESDIR}/gentoo-journald-audit-r1.patch" + ) + fi + + # Fails with split-usr. + sed -i -e '2i exit 77' test/test-rpm-macros.sh || die + + default +} + +src_configure() { + # Prevent conflicts with i686 cross toolchain, bug 559726 + tc-export AR CC NM OBJCOPY RANLIB + + python_setup + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myconf=( + --localstatedir="${EPREFIX}/var" + -Dsupport-url="https://gentoo.org/support/" + -Dpamlibdir="$(getpam_mod_dir)" + # avoid bash-completion dep + -Dbashcompletiondir="$(get_bashcompdir)" + $(meson_use split-usr) + $(meson_use split-usr split-bin) + -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" + -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" + # Disable compatibility with sysvinit + -Dsysvinit-path= + -Dsysvrcnd-path= + # Avoid infinite exec recursion, bug 642724 + -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" + # no deps + -Dima=true + -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) + # Optional components/dependencies + $(meson_native_use_bool acl) + $(meson_native_use_bool apparmor) + $(meson_native_use_bool audit) + $(meson_native_use_bool cryptsetup libcryptsetup) + $(meson_native_use_bool curl libcurl) + $(meson_native_use_bool dns-over-tls dns-over-tls) + $(meson_native_use_bool elfutils) + $(meson_native_use_bool fido2 libfido2) + $(meson_use gcrypt) + $(meson_native_use_bool gnuefi gnu-efi) + $(meson_native_use_bool gnutls) + -Defi-includedir="${ESYSROOT}/usr/include/efi" + -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)" + $(meson_native_use_bool homed) + $(meson_native_use_bool http microhttpd) + $(meson_native_use_bool idn) + $(meson_native_use_bool importd) + $(meson_native_use_bool importd bzip2) + $(meson_native_use_bool importd zlib) + $(meson_native_use_bool kmod) + $(meson_use lz4) + $(meson_use lzma xz) + $(meson_use test tests) + $(meson_use zstd) + $(meson_native_use_bool iptables libiptc) + $(meson_native_use_bool openssl) + $(meson_use pam) + $(meson_native_use_bool pkcs11 p11kit) + $(meson_native_use_bool pcre pcre2) + $(meson_native_use_bool policykit polkit) + $(meson_native_use_bool pwquality) + $(meson_native_use_bool qrcode qrencode) + $(meson_native_use_bool seccomp) + $(meson_native_use_bool selinux) + $(meson_native_use_bool tpm tpm2) + $(meson_native_use_bool test dbus) + $(meson_native_use_bool xkb xkbcommon) + -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" + # Breaks screen, tmux, etc. + -Ddefault-kill-user-processes=false + -Dcreate-log-dirs=false + + # multilib options + $(meson_native_true backlight) + $(meson_native_true binfmt) + $(meson_native_true coredump) + $(meson_native_true environment-d) + $(meson_native_true firstboot) + $(meson_native_true hibernate) + $(meson_native_true hostnamed) + $(meson_native_true ldconfig) + $(meson_native_true localed) + $(meson_native_true man) + $(meson_native_true networkd) + $(meson_native_true quotacheck) + $(meson_native_true randomseed) + $(meson_native_true rfkill) + $(meson_native_true sysusers) + $(meson_native_true timedated) + $(meson_native_true timesyncd) + $(meson_native_true tmpfiles) + $(meson_native_true vconsole) + ) + + meson_src_configure "${myconf[@]}" +} + +multilib_src_test() { + unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR + local -x COLUMNS=80 + meson_src_test +} + +multilib_src_install_all() { + local rootprefix=$(usex split-usr '' /usr) + local sbin=$(usex split-usr sbin bin) + + # meson doesn't know about docdir + mv "${ED}"/usr/share/doc/{systemd,${PF}} || die + + einstalldocs + dodoc "${FILESDIR}"/nsswitch.conf + + insinto /usr/lib/tmpfiles.d + doins "${FILESDIR}"/legacy.conf + + if ! use resolvconf; then + rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die + fi + + if ! use sysv-utils; then + rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die + rm "${ED}"/usr/share/man/man1/init.1 || die + rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die + fi + + if ! use resolvconf && ! use sysv-utils && use split-usr; then + rmdir "${ED}${rootprefix}"/sbin || die + fi + + # https://bugs.gentoo.org/761763 + rm -r "${ED}"/usr/lib/sysusers.d || die + + # Preserve empty dirs in /etc & /var, bug #437008 + keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} + keepdir /etc/kernel/install.d + keepdir /etc/systemd/{network,system,user} + keepdir /etc/udev/rules.d + + keepdir /etc/udev/hwdb.d + + keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} + keepdir /usr/lib/{binfmt.d,modules-load.d} + keepdir /usr/lib/systemd/user-generators + keepdir /var/lib/systemd + keepdir /var/log/journal + + # Symlink /etc/sysctl.conf for easy migration. + dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf + + if use pam; then + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi + + if use split-usr; then + # Avoid breaking boot/reboot + dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd + dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown + fi + + gen_usr_ldscript -a systemd udev + + use gnuefi && secureboot_auto_sign +} + +migrate_locale() { + local envd_locale_def="${EROOT}/etc/env.d/02locale" + local envd_locale=( "${EROOT}"/etc/env.d/??locale ) + local locale_conf="${EROOT}/etc/locale.conf" + + if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then + # If locale.conf does not exist... + if [[ -e ${envd_locale} ]]; then + # ...either copy env.d/??locale if there's one + ebegin "Moving ${envd_locale} to ${locale_conf}" + mv "${envd_locale}" "${locale_conf}" + eend ${?} || FAIL=1 + else + # ...or create a dummy default + ebegin "Creating ${locale_conf}" + cat > "${locale_conf}" <<-EOF + # This file has been created by the sys-apps/systemd ebuild. + # See locale.conf(5) and localectl(1). + + # LANG=${LANG} + EOF + eend ${?} || FAIL=1 + fi + fi + + if [[ ! -L ${envd_locale} ]]; then + # now, if env.d/??locale is not a symlink (to locale.conf)... + if [[ -e ${envd_locale} ]]; then + # ...warn the user that he has duplicate locale settings + ewarn + ewarn "To ensure consistent behavior, you should replace ${envd_locale}" + ewarn "with a symlink to ${locale_conf}. Please migrate your settings" + ewarn "and create the symlink with the following command:" + ewarn "ln -s -n -f ../locale.conf ${envd_locale}" + ewarn + else + # ...or just create the symlink if there's nothing here + ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" + ln -n -s ../locale.conf "${envd_locale_def}" + eend ${?} || FAIL=1 + fi + fi +} + +pkg_preinst() { + if ! use split-usr; then + local dir + for dir in bin sbin lib usr/sbin; do + if [[ ! -L ${EROOT}/${dir} ]]; then + eerror "'${EROOT}/${dir}' is not a symbolic link." + FAIL=1 + fi + done + if [[ ${FAIL} ]]; then + eerror "Migration to system layout with merged directories must be performed before" + eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage." + die "System layout with split directories still used" + fi + fi +} + +pkg_postinst() { + systemd_update_catalog + + # Keep this here in case the database format changes so it gets updated + # when required. + systemd-hwdb --root="${ROOT}" update + + udev_reload || FAIL=1 + + # Bug 465468, make sure locales are respected, and ensure consistency + # between OpenRC & systemd + migrate_locale + + if [[ -z ${REPLACING_VERSIONS} ]]; then + if type systemctl &>/dev/null; then + systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 + fi + elog "To enable a useful set of services, run the following:" + elog " systemctl preset-all --preset-mode=enable-only" + fi + + if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then + rm "${EROOT}/var/lib/systemd/timesync" + fi + + if [[ ${FAIL} ]]; then + eerror "One of the postinst commands failed. Please check the postinst output" + eerror "for errors. You may need to clean up your system and/or try installing" + eerror "systemd again." + eerror + fi +} + +pkg_prerm() { + # If removing systemd completely, remove the catalog database. + if [[ ! ${REPLACED_BY_VERSION} ]]; then + rm -f -v "${EROOT}"/var/lib/systemd/catalog/database + fi +} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-254.1-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-254.1-r1.ebuild new file mode 100644 index 0000000000..c0ddb15afd --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-254.1-r1.ebuild @@ -0,0 +1,526 @@ +# Copyright 2011-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +PYTHON_COMPAT=( python3_{10..11} ) + +# Avoid QA warnings +TMPFILES_OPTIONAL=1 +UDEV_OPTIONAL=1 + +QA_PKGCONFIG_VERSION=$(ver_cut 1) + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="https://github.com/systemd/systemd.git" + inherit git-r3 +else + if [[ ${PV} == *.* ]]; then + MY_PN=systemd-stable + else + MY_PN=systemd + fi + MY_PV=${PV/_/-} + MY_P=${MY_PN}-${MY_PV} + S=${WORKDIR}/${MY_P} + SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi + +inherit bash-completion-r1 linux-info meson-multilib pam python-single-r1 +inherit secureboot systemd toolchain-funcs udev usr-ldscript + +DESCRIPTION="System and service manager for Linux" +HOMEPAGE="http://systemd.io/" + +LICENSE="GPL-2 LGPL-2.1 MIT public-domain" +SLOT="0/2" +IUSE=" + acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils + fido2 +gcrypt gnutls homed http idn importd iptables +kmod + +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode + +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd +" +REQUIRED_USE=" + ${PYTHON_REQUIRED_USE} + dns-over-tls? ( || ( gnutls openssl ) ) + fido2? ( cryptsetup openssl ) + homed? ( cryptsetup pam openssl ) + importd? ( curl lzma || ( gcrypt openssl ) ) + pwquality? ( homed ) +" +RESTRICT="!test? ( test )" + +MINKV="4.15" + +COMMON_DEPEND=" + >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] + sys-libs/libcap:0=[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + acl? ( sys-apps/acl:0= ) + apparmor? ( sys-libs/libapparmor:0= ) + audit? ( >=sys-process/audit-2:0= ) + cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) + curl? ( net-misc/curl:0= ) + elfutils? ( >=dev-libs/elfutils-0.158:0= ) + fido2? ( dev-libs/libfido2:0= ) + gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) + gnutls? ( >=net-libs/gnutls-3.6.0:0= ) + http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) + idn? ( net-dns/libidn2:= ) + importd? ( + app-arch/bzip2:0= + sys-libs/zlib:0= + ) + kmod? ( >=sys-apps/kmod-15:0= ) + lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) + iptables? ( net-firewall/iptables:0= ) + openssl? ( >=dev-libs/openssl-1.1.0:0= ) + pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) + pkcs11? ( app-crypt/p11-kit:0= ) + pcre? ( dev-libs/libpcre2 ) + pwquality? ( dev-libs/libpwquality:0= ) + qrcode? ( media-gfx/qrencode:0= ) + seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) + selinux? ( sys-libs/libselinux:0= ) + tpm? ( app-crypt/tpm2-tss:0= ) + xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) + zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) +" + +# Newer linux-headers needed by ia64, bug #480218 +DEPEND="${COMMON_DEPEND} + >=sys-kernel/linux-headers-${MINKV} +" + +PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' + +# baselayout-2.2 has /run +RDEPEND="${COMMON_DEPEND} + >=acct-group/adm-0-r1 + >=acct-group/wheel-0-r1 + >=acct-group/kmem-0-r1 + >=acct-group/tty-0-r1 + >=acct-group/utmp-0-r1 + >=acct-group/audio-0-r1 + >=acct-group/cdrom-0-r1 + >=acct-group/dialout-0-r1 + >=acct-group/disk-0-r1 + >=acct-group/input-0-r1 + >=acct-group/kvm-0-r1 + >=acct-group/lp-0-r1 + >=acct-group/render-0-r1 + acct-group/sgx + >=acct-group/tape-0-r1 + acct-group/users + >=acct-group/video-0-r1 + >=acct-group/systemd-journal-0-r1 + >=acct-user/root-0-r1 + acct-user/nobody + >=acct-user/systemd-journal-remote-0-r1 + >=acct-user/systemd-coredump-0-r1 + >=acct-user/systemd-network-0-r1 + acct-user/systemd-oom + >=acct-user/systemd-resolve-0-r1 + >=acct-user/systemd-timesync-0-r1 + >=sys-apps/baselayout-2.2 + boot? ( + ${PYTHON_DEPS} + $(python_gen_cond_dep "${PEFILE_DEPEND}") + ) + selinux? ( + sec-policy/selinux-base-policy[systemd] + sec-policy/selinux-ntp + ) + sysv-utils? ( + !sys-apps/openrc[sysv-utils(-)] + !sys-apps/sysvinit + ) + !sysv-utils? ( sys-apps/sysvinit ) + resolvconf? ( !net-dns/openresolv ) + !sys-apps/hwids[udev] + !sys-auth/nss-myhostname + !sys-fs/eudev + !sys-fs/udev +" + +# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) +PDEPEND=">=sys-apps/dbus-1.9.8[systemd] + >=sys-fs/udev-init-scripts-34 + policykit? ( sys-auth/polkit ) + !vanilla? ( sys-apps/gentoo-systemd-integration )" + +BDEPEND=" + app-arch/xz-utils:0 + dev-util/gperf + >=dev-util/meson-0.46 + >=sys-apps/coreutils-8.16 + sys-devel/gettext + virtual/pkgconfig + test? ( + app-text/tree + dev-lang/perl + sys-apps/dbus + ) + app-text/docbook-xml-dtd:4.2 + app-text/docbook-xml-dtd:4.5 + app-text/docbook-xsl-stylesheets + dev-libs/libxslt:0 + ${PYTHON_DEPS} + $(python_gen_cond_dep " + dev-python/jinja[\${PYTHON_USEDEP}] + dev-python/lxml[\${PYTHON_USEDEP}] + boot? ( + dev-python/pyelftools[\${PYTHON_USEDEP}] + test? ( ${PEFILE_DEPEND} ) + ) + ") +" + +QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" +QA_EXECSTACK="usr/lib/systemd/boot/efi/*" + +pkg_pretend() { + if [[ ${MERGE_TYPE} != buildonly ]]; then + if use test && has pid-sandbox ${FEATURES}; then + ewarn "Tests are known to fail with PID sandboxing enabled." + ewarn "See https://bugs.gentoo.org/674458." + fi + + local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS + ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE + ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS + ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS + ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH + ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED + ~!SYSFS_DEPRECATED_V2" + + use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" + use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" + + if kernel_is -ge 5 10 20; then + CONFIG_CHECK+=" ~KCMP" + else + CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" + fi + + if kernel_is -ge 4 18; then + CONFIG_CHECK+=" ~AUTOFS_FS" + else + CONFIG_CHECK+=" ~AUTOFS4_FS" + fi + + if linux_config_exists; then + local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) + if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then + ewarn "It's recommended to set an empty value to the following kernel config option:" + ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" + fi + if linux_chkconfig_present X86; then + CONFIG_CHECK+=" ~DMIID" + fi + fi + + if kernel_is -lt ${MINKV//./ }; then + ewarn "Kernel version at least ${MINKV} required" + fi + + check_extra_config + fi +} + +pkg_setup() { + use boot && secureboot_pkg_setup +} + +src_unpack() { + default + [[ ${PV} != 9999 ]] || git-r3_src_unpack +} + +src_prepare() { + local PATCHES=( + "${FILESDIR}/systemd-253-initrd-generators.patch" + "${FILESDIR}/systemd-254.1-tmpfiles-setup-dev-early.patch" + ) + + if ! use vanilla; then + PATCHES+=( + "${FILESDIR}/gentoo-generator-path-r2.patch" + "${FILESDIR}/gentoo-journald-audit-r1.patch" + ) + fi + + # Fails with split-usr. + sed -i -e '2i exit 77' test/test-rpm-macros.sh || die + + default +} + +src_configure() { + # Prevent conflicts with i686 cross toolchain, bug 559726 + tc-export AR CC NM OBJCOPY RANLIB + + python_setup + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myconf=( + --localstatedir="${EPREFIX}/var" + -Dsupport-url="https://gentoo.org/support/" + -Dpamlibdir="$(getpam_mod_dir)" + # avoid bash-completion dep + -Dbashcompletiondir="$(get_bashcompdir)" + $(meson_use split-usr) + $(meson_use split-usr split-bin) + -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" + -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" + # Disable compatibility with sysvinit + -Dsysvinit-path= + -Dsysvrcnd-path= + # Avoid infinite exec recursion, bug 642724 + -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" + # no deps + -Dima=true + -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) + # Optional components/dependencies + $(meson_native_use_bool acl) + $(meson_native_use_bool apparmor) + $(meson_native_use_bool audit) + $(meson_native_use_bool boot bootloader) + $(meson_native_use_bool cryptsetup libcryptsetup) + $(meson_native_use_bool curl libcurl) + $(meson_native_use_bool dns-over-tls dns-over-tls) + $(meson_native_use_bool elfutils) + $(meson_native_use_bool fido2 libfido2) + $(meson_use gcrypt) + $(meson_native_use_bool gnutls) + $(meson_native_use_bool homed) + $(meson_native_use_bool http microhttpd) + $(meson_native_use_bool idn) + $(meson_native_use_bool importd) + $(meson_native_use_bool importd bzip2) + $(meson_native_use_bool importd zlib) + $(meson_native_use_bool kmod) + $(meson_use lz4) + $(meson_use lzma xz) + $(meson_use test tests) + $(meson_use zstd) + $(meson_native_use_bool iptables libiptc) + $(meson_native_use_bool openssl) + $(meson_use pam) + $(meson_native_use_bool pkcs11 p11kit) + $(meson_native_use_bool pcre pcre2) + $(meson_native_use_bool policykit polkit) + $(meson_native_use_bool pwquality) + $(meson_native_use_bool qrcode qrencode) + $(meson_native_use_bool seccomp) + $(meson_native_use_bool selinux) + $(meson_native_use_bool tpm tpm2) + $(meson_native_use_bool test dbus) + $(meson_native_use_bool xkb xkbcommon) + -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" + # Breaks screen, tmux, etc. + -Ddefault-kill-user-processes=false + -Dcreate-log-dirs=false + + # multilib options + $(meson_native_true backlight) + $(meson_native_true binfmt) + $(meson_native_true coredump) + $(meson_native_true environment-d) + $(meson_native_true firstboot) + $(meson_native_true hibernate) + $(meson_native_true hostnamed) + $(meson_native_true ldconfig) + $(meson_native_true localed) + $(meson_native_true man) + $(meson_native_true networkd) + $(meson_native_true quotacheck) + $(meson_native_true randomseed) + $(meson_native_true rfkill) + $(meson_native_true sysusers) + $(meson_native_true timedated) + $(meson_native_true timesyncd) + $(meson_native_true tmpfiles) + $(meson_native_true vconsole) + ) + + meson_src_configure "${myconf[@]}" +} + +multilib_src_test() { + unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR + local -x COLUMNS=80 + meson_src_test +} + +multilib_src_install_all() { + local rootprefix=$(usex split-usr '' /usr) + local sbin=$(usex split-usr sbin bin) + + # meson doesn't know about docdir + mv "${ED}"/usr/share/doc/{systemd,${PF}} || die + + einstalldocs + dodoc "${FILESDIR}"/nsswitch.conf + + insinto /usr/lib/tmpfiles.d + doins "${FILESDIR}"/legacy.conf + + if ! use resolvconf; then + rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die + fi + + if ! use sysv-utils; then + rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die + rm "${ED}"/usr/share/man/man1/init.1 || die + rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die + fi + + # https://bugs.gentoo.org/761763 + rm -r "${ED}"/usr/lib/sysusers.d || die + + # Preserve empty dirs in /etc & /var, bug #437008 + keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} + keepdir /etc/kernel/install.d + keepdir /etc/systemd/{network,system,user} + keepdir /etc/udev/rules.d + + keepdir /etc/udev/hwdb.d + + keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} + keepdir /usr/lib/{binfmt.d,modules-load.d} + keepdir /usr/lib/systemd/user-generators + keepdir /var/lib/systemd + keepdir /var/log/journal + + if use pam; then + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi + + if use split-usr; then + # Avoid breaking boot/reboot + dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd + dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown + fi + + gen_usr_ldscript -a systemd udev + + if use boot; then + python_fix_shebang "${ED}" + secureboot_auto_sign + fi +} + +migrate_locale() { + local envd_locale_def="${EROOT}/etc/env.d/02locale" + local envd_locale=( "${EROOT}"/etc/env.d/??locale ) + local locale_conf="${EROOT}/etc/locale.conf" + + if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then + # If locale.conf does not exist... + if [[ -e ${envd_locale} ]]; then + # ...either copy env.d/??locale if there's one + ebegin "Moving ${envd_locale} to ${locale_conf}" + mv "${envd_locale}" "${locale_conf}" + eend ${?} || FAIL=1 + else + # ...or create a dummy default + ebegin "Creating ${locale_conf}" + cat > "${locale_conf}" <<-EOF + # This file has been created by the sys-apps/systemd ebuild. + # See locale.conf(5) and localectl(1). + + # LANG=${LANG} + EOF + eend ${?} || FAIL=1 + fi + fi + + if [[ ! -L ${envd_locale} ]]; then + # now, if env.d/??locale is not a symlink (to locale.conf)... + if [[ -e ${envd_locale} ]]; then + # ...warn the user that he has duplicate locale settings + ewarn + ewarn "To ensure consistent behavior, you should replace ${envd_locale}" + ewarn "with a symlink to ${locale_conf}. Please migrate your settings" + ewarn "and create the symlink with the following command:" + ewarn "ln -s -n -f ../locale.conf ${envd_locale}" + ewarn + else + # ...or just create the symlink if there's nothing here + ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" + ln -n -s ../locale.conf "${envd_locale_def}" + eend ${?} || FAIL=1 + fi + fi +} + +pkg_preinst() { + if [[ -e ${EROOT}/etc/sysctl.conf ]]; then + # Symlink /etc/sysctl.conf for easy migration. + dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf + fi + + if ! use split-usr; then + local dir + for dir in bin sbin lib usr/sbin; do + if [[ ! -L ${EROOT}/${dir} ]]; then + eerror "'${EROOT}/${dir}' is not a symbolic link." + FAIL=1 + fi + done + if [[ ${FAIL} ]]; then + eerror "Migration to system layout with merged directories must be performed before" + eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage." + die "System layout with split directories still used" + fi + fi + if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then + ewarn "The 'gnuefi' USE flag has been renamed to 'boot'." + ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot." + fi +} + +pkg_postinst() { + systemd_update_catalog + + # Keep this here in case the database format changes so it gets updated + # when required. + systemd-hwdb --root="${ROOT}" update + + udev_reload || FAIL=1 + + # Bug 465468, make sure locales are respected, and ensure consistency + # between OpenRC & systemd + migrate_locale + + if [[ -z ${REPLACING_VERSIONS} ]]; then + if type systemctl &>/dev/null; then + systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 + fi + elog "To enable a useful set of services, run the following:" + elog " systemctl preset-all --preset-mode=enable-only" + fi + + if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then + rm "${EROOT}/var/lib/systemd/timesync" + fi + + if [[ ${FAIL} ]]; then + eerror "One of the postinst commands failed. Please check the postinst output" + eerror "for errors. You may need to clean up your system and/or try installing" + eerror "systemd again." + eerror + fi +} + +pkg_prerm() { + # If removing systemd completely, remove the catalog database. + if [[ ! ${REPLACED_BY_VERSION} ]]; then + rm -f -v "${EROOT}"/var/lib/systemd/catalog/database + fi +} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild new file mode 100644 index 0000000000..d48601337c --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild @@ -0,0 +1,498 @@ +# Copyright 2011-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +PYTHON_COMPAT=( python3_{10..11} ) + +# Avoid QA warnings +TMPFILES_OPTIONAL=1 +UDEV_OPTIONAL=1 + +QA_PKGCONFIG_VERSION=$(ver_cut 1) + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="https://github.com/systemd/systemd.git" + inherit git-r3 +else + if [[ ${PV} == *.* ]]; then + MY_PN=systemd-stable + else + MY_PN=systemd + fi + MY_PV=${PV/_/-} + MY_P=${MY_PN}-${MY_PV} + S=${WORKDIR}/${MY_P} + SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" + KEYWORDS="~amd64 ~arm ~arm64 ~x86" +fi + +inherit bash-completion-r1 linux-info meson-multilib pam python-single-r1 +inherit secureboot systemd toolchain-funcs udev + +DESCRIPTION="System and service manager for Linux" +HOMEPAGE="http://systemd.io/" + +LICENSE="GPL-2 LGPL-2.1 MIT public-domain" +SLOT="0/2" +IUSE=" + acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils + fido2 +gcrypt gnutls homed http idn importd iptables +kmod + +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode + +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd +" +REQUIRED_USE=" + ${PYTHON_REQUIRED_USE} + dns-over-tls? ( || ( gnutls openssl ) ) + fido2? ( cryptsetup openssl ) + homed? ( cryptsetup pam openssl ) + importd? ( curl lzma || ( gcrypt openssl ) ) + pwquality? ( homed ) +" +RESTRICT="!test? ( test )" + +MINKV="4.15" + +COMMON_DEPEND=" + >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] + sys-libs/libcap:0=[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + acl? ( sys-apps/acl:0= ) + apparmor? ( sys-libs/libapparmor:0= ) + audit? ( >=sys-process/audit-2:0= ) + cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) + curl? ( net-misc/curl:0= ) + elfutils? ( >=dev-libs/elfutils-0.158:0= ) + fido2? ( dev-libs/libfido2:0= ) + gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) + gnutls? ( >=net-libs/gnutls-3.6.0:0= ) + http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) + idn? ( net-dns/libidn2:= ) + importd? ( + app-arch/bzip2:0= + sys-libs/zlib:0= + ) + kmod? ( >=sys-apps/kmod-15:0= ) + lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) + iptables? ( net-firewall/iptables:0= ) + openssl? ( >=dev-libs/openssl-1.1.0:0= ) + pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) + pkcs11? ( app-crypt/p11-kit:0= ) + pcre? ( dev-libs/libpcre2 ) + pwquality? ( dev-libs/libpwquality:0= ) + qrcode? ( media-gfx/qrencode:0= ) + seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) + selinux? ( sys-libs/libselinux:0= ) + tpm? ( app-crypt/tpm2-tss:0= ) + xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) + zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) +" + +# Newer linux-headers needed by ia64, bug #480218 +DEPEND="${COMMON_DEPEND} + >=sys-kernel/linux-headers-${MINKV} +" + +PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' + +# baselayout-2.2 has /run +RDEPEND="${COMMON_DEPEND} + >=acct-group/adm-0-r1 + >=acct-group/wheel-0-r1 + >=acct-group/kmem-0-r1 + >=acct-group/tty-0-r1 + >=acct-group/utmp-0-r1 + >=acct-group/audio-0-r1 + >=acct-group/cdrom-0-r1 + >=acct-group/dialout-0-r1 + >=acct-group/disk-0-r1 + >=acct-group/input-0-r1 + >=acct-group/kvm-0-r1 + >=acct-group/lp-0-r1 + >=acct-group/render-0-r1 + acct-group/sgx + >=acct-group/tape-0-r1 + acct-group/users + >=acct-group/video-0-r1 + >=acct-group/systemd-journal-0-r1 + >=acct-user/root-0-r1 + acct-user/nobody + >=acct-user/systemd-journal-remote-0-r1 + >=acct-user/systemd-coredump-0-r1 + >=acct-user/systemd-network-0-r1 + acct-user/systemd-oom + >=acct-user/systemd-resolve-0-r1 + >=acct-user/systemd-timesync-0-r1 + >=sys-apps/baselayout-2.2 + boot? ( + ${PYTHON_DEPS} + $(python_gen_cond_dep "${PEFILE_DEPEND}") + ) + selinux? ( + sec-policy/selinux-base-policy[systemd] + sec-policy/selinux-ntp + ) + sysv-utils? ( + !sys-apps/openrc[sysv-utils(-)] + !sys-apps/sysvinit + ) + !sysv-utils? ( sys-apps/sysvinit ) + resolvconf? ( !net-dns/openresolv ) + !sys-apps/hwids[udev] + !sys-auth/nss-myhostname + !sys-fs/eudev + !sys-fs/udev +" + +# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) +PDEPEND=">=sys-apps/dbus-1.9.8[systemd] + >=sys-fs/udev-init-scripts-34 + policykit? ( sys-auth/polkit ) + !vanilla? ( sys-apps/gentoo-systemd-integration )" + +BDEPEND=" + app-arch/xz-utils:0 + dev-util/gperf + >=dev-util/meson-0.46 + >=sys-apps/coreutils-8.16 + sys-devel/gettext + virtual/pkgconfig + test? ( + app-text/tree + dev-lang/perl + sys-apps/dbus + ) + app-text/docbook-xml-dtd:4.2 + app-text/docbook-xml-dtd:4.5 + app-text/docbook-xsl-stylesheets + dev-libs/libxslt:0 + ${PYTHON_DEPS} + $(python_gen_cond_dep " + dev-python/jinja[\${PYTHON_USEDEP}] + dev-python/lxml[\${PYTHON_USEDEP}] + boot? ( + dev-python/pyelftools[\${PYTHON_USEDEP}] + test? ( ${PEFILE_DEPEND} ) + ) + ") +" + +QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" +QA_EXECSTACK="usr/lib/systemd/boot/efi/*" + +pkg_pretend() { + if use split-usr; then + eerror "Please complete the migration to merged-usr." + eerror "https://wiki.gentoo.org/wiki/Merge-usr" + die "systemd no longer supports split-usr" + fi + if [[ ${MERGE_TYPE} != buildonly ]]; then + if use test && has pid-sandbox ${FEATURES}; then + ewarn "Tests are known to fail with PID sandboxing enabled." + ewarn "See https://bugs.gentoo.org/674458." + fi + + local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS + ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE + ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS + ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS + ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH + ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED + ~!SYSFS_DEPRECATED_V2" + + use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" + use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" + + if kernel_is -ge 5 10 20; then + CONFIG_CHECK+=" ~KCMP" + else + CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" + fi + + if kernel_is -ge 4 18; then + CONFIG_CHECK+=" ~AUTOFS_FS" + else + CONFIG_CHECK+=" ~AUTOFS4_FS" + fi + + if linux_config_exists; then + local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) + if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then + ewarn "It's recommended to set an empty value to the following kernel config option:" + ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" + fi + if linux_chkconfig_present X86; then + CONFIG_CHECK+=" ~DMIID" + fi + fi + + if kernel_is -lt ${MINKV//./ }; then + ewarn "Kernel version at least ${MINKV} required" + fi + + check_extra_config + fi +} + +pkg_setup() { + use boot && secureboot_pkg_setup +} + +src_unpack() { + default + [[ ${PV} != 9999 ]] || git-r3_src_unpack +} + +src_prepare() { + local PATCHES=( + ) + + if ! use vanilla; then + PATCHES+=( + "${FILESDIR}/gentoo-generator-path-r2.patch" + "${FILESDIR}/gentoo-journald-audit-r1.patch" + ) + fi + + default +} + +src_configure() { + # Prevent conflicts with i686 cross toolchain, bug 559726 + tc-export AR CC NM OBJCOPY RANLIB + + python_setup + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myconf=( + --localstatedir="${EPREFIX}/var" + -Dsupport-url="https://gentoo.org/support/" + -Dpamlibdir="$(getpam_mod_dir)" + # avoid bash-completion dep + -Dbashcompletiondir="$(get_bashcompdir)" + -Dsplit-bin=false + # Disable compatibility with sysvinit + -Dsysvinit-path= + -Dsysvrcnd-path= + # Avoid infinite exec recursion, bug 642724 + -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" + # no deps + -Dima=true + -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) + # Optional components/dependencies + $(meson_native_use_bool acl) + $(meson_native_use_bool apparmor) + $(meson_native_use_bool audit) + $(meson_native_use_bool boot bootloader) + $(meson_native_use_bool cryptsetup libcryptsetup) + $(meson_native_use_bool curl libcurl) + $(meson_native_use_bool dns-over-tls dns-over-tls) + $(meson_native_use_bool elfutils) + $(meson_native_use_bool fido2 libfido2) + $(meson_use gcrypt) + $(meson_native_use_bool gnutls) + $(meson_native_use_bool homed) + $(meson_native_use_bool http microhttpd) + $(meson_native_use_bool idn) + $(meson_native_use_bool importd) + $(meson_native_use_bool importd bzip2) + $(meson_native_use_bool importd zlib) + $(meson_native_use_bool kmod) + $(meson_use lz4) + $(meson_use lzma xz) + $(meson_use test tests) + $(meson_use zstd) + $(meson_native_use_bool iptables libiptc) + $(meson_native_use_bool openssl) + $(meson_use pam) + $(meson_native_use_bool pkcs11 p11kit) + $(meson_native_use_bool pcre pcre2) + $(meson_native_use_bool policykit polkit) + $(meson_native_use_bool pwquality) + $(meson_native_use_bool qrcode qrencode) + $(meson_native_use_bool seccomp) + $(meson_native_use_bool selinux) + $(meson_native_use_bool tpm tpm2) + $(meson_native_use_bool test dbus) + $(meson_native_use_bool xkb xkbcommon) + -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" + # Breaks screen, tmux, etc. + -Ddefault-kill-user-processes=false + -Dcreate-log-dirs=false + + # multilib options + $(meson_native_true backlight) + $(meson_native_true binfmt) + $(meson_native_true coredump) + $(meson_native_true environment-d) + $(meson_native_true firstboot) + $(meson_native_true hibernate) + $(meson_native_true hostnamed) + $(meson_native_true ldconfig) + $(meson_native_true localed) + $(meson_native_true man) + $(meson_native_true networkd) + $(meson_native_true quotacheck) + $(meson_native_true randomseed) + $(meson_native_true rfkill) + $(meson_native_true sysusers) + $(meson_native_true timedated) + $(meson_native_true timesyncd) + $(meson_native_true tmpfiles) + $(meson_native_true vconsole) + ) + + meson_src_configure "${myconf[@]}" +} + +multilib_src_test() { + unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR + local -x COLUMNS=80 + meson_src_test +} + +multilib_src_install_all() { + # meson doesn't know about docdir + mv "${ED}"/usr/share/doc/{systemd,${PF}} || die + + einstalldocs + dodoc "${FILESDIR}"/nsswitch.conf + + insinto /usr/lib/tmpfiles.d + doins "${FILESDIR}"/legacy.conf + + if ! use resolvconf; then + rm -f "${ED}"/usr/bin/resolvconf || die + fi + + if ! use sysv-utils; then + rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die + rm "${ED}"/usr/share/man/man1/init.1 || die + rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die + fi + + # https://bugs.gentoo.org/761763 + rm -r "${ED}"/usr/lib/sysusers.d || die + + # Preserve empty dirs in /etc & /var, bug #437008 + keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} + keepdir /etc/kernel/install.d + keepdir /etc/systemd/{network,system,user} + keepdir /etc/udev/rules.d + + keepdir /etc/udev/hwdb.d + + keepdir /usr/lib/systemd/{system-sleep,system-shutdown} + keepdir /usr/lib/{binfmt.d,modules-load.d} + keepdir /usr/lib/systemd/user-generators + keepdir /var/lib/systemd + keepdir /var/log/journal + + if use pam; then + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi + + if use boot; then + python_fix_shebang "${ED}" + secureboot_auto_sign + fi +} + +migrate_locale() { + local envd_locale_def="${EROOT}/etc/env.d/02locale" + local envd_locale=( "${EROOT}"/etc/env.d/??locale ) + local locale_conf="${EROOT}/etc/locale.conf" + + if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then + # If locale.conf does not exist... + if [[ -e ${envd_locale} ]]; then + # ...either copy env.d/??locale if there's one + ebegin "Moving ${envd_locale} to ${locale_conf}" + mv "${envd_locale}" "${locale_conf}" + eend ${?} || FAIL=1 + else + # ...or create a dummy default + ebegin "Creating ${locale_conf}" + cat > "${locale_conf}" <<-EOF + # This file has been created by the sys-apps/systemd ebuild. + # See locale.conf(5) and localectl(1). + + # LANG=${LANG} + EOF + eend ${?} || FAIL=1 + fi + fi + + if [[ ! -L ${envd_locale} ]]; then + # now, if env.d/??locale is not a symlink (to locale.conf)... + if [[ -e ${envd_locale} ]]; then + # ...warn the user that he has duplicate locale settings + ewarn + ewarn "To ensure consistent behavior, you should replace ${envd_locale}" + ewarn "with a symlink to ${locale_conf}. Please migrate your settings" + ewarn "and create the symlink with the following command:" + ewarn "ln -s -n -f ../locale.conf ${envd_locale}" + ewarn + else + # ...or just create the symlink if there's nothing here + ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" + ln -n -s ../locale.conf "${envd_locale_def}" + eend ${?} || FAIL=1 + fi + fi +} + +pkg_preinst() { + if [[ -e ${EROOT}/etc/sysctl.conf ]]; then + # Symlink /etc/sysctl.conf for easy migration. + dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf + fi + + if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then + ewarn "The 'gnuefi' USE flag has been renamed to 'boot'." + ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot." + fi +} + +pkg_postinst() { + systemd_update_catalog + + # Keep this here in case the database format changes so it gets updated + # when required. + systemd-hwdb --root="${ROOT}" update + + udev_reload || FAIL=1 + + # Bug 465468, make sure locales are respected, and ensure consistency + # between OpenRC & systemd + migrate_locale + + if [[ -z ${REPLACING_VERSIONS} ]]; then + if type systemctl &>/dev/null; then + systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 + fi + elog "To enable a useful set of services, run the following:" + elog " systemctl preset-all --preset-mode=enable-only" + fi + + if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then + rm "${EROOT}/var/lib/systemd/timesync" + fi + + if [[ ${FAIL} ]]; then + eerror "One of the postinst commands failed. Please check the postinst output" + eerror "for errors. You may need to clean up your system and/or try installing" + eerror "systemd again." + eerror + fi +} + +pkg_prerm() { + # If removing systemd completely, remove the catalog database. + if [[ ! ${REPLACED_BY_VERSION} ]]; then + rm -f -v "${EROOT}"/var/lib/systemd/catalog/database + fi +}