From ff243aa6137ff1da03f4abf0828f507328d00d6b Mon Sep 17 00:00:00 2001 From: Sayan Chowdhury Date: Thu, 2 Sep 2021 07:49:40 +0000 Subject: [PATCH] sys-apps/systemd: Sync with Gentoo upstream; updates to v249.2 Signed-off-by: Sayan Chowdhury --- .../coreos-overlay/sys-apps/systemd/Manifest | 2 +- .../coreos-overlay/sys-apps/systemd/README | 13 - .../0004-wait-online-set-any-by-default.patch | 32 -- ...fault-to-kernel-IPForwarding-setting.patch | 24 - ...ate-don-t-require-strictly-newer-usr.patch | 58 --- ...007-core-use-max-for-DefaultTasksMax.patch | 65 --- ...d-Disable-SELinux-permissions-checks.patch | 29 -- .../systemd/files/249-libudev-static.patch | 26 + .../sys-apps/systemd/files/99-default.preset | 2 - .../systemd/files/systemd-flatcar.conf | 10 - .../systemd/files/systemd-resolv.conf | 2 - .../sys-apps/systemd/files/systemd-user.pam | 5 + .../sys-apps/systemd/metadata.xml | 10 +- ...temd-247.9.ebuild => systemd-249.3.ebuild} | 0 .../sys-apps/systemd/systemd-9999.ebuild | 479 +++++++----------- 15 files changed, 210 insertions(+), 547 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/README delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-wait-online-set-any-by-default.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-networkd-default-to-kernel-IPForwarding-setting.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-needs-update-don-t-require-strictly-newer-usr.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-core-use-max-for-DefaultTasksMax.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0008-systemd-Disable-SELinux-permissions-checks.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/249-libudev-static.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-default.preset delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-resolv.conf create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-user.pam rename sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/{systemd-247.9.ebuild => systemd-249.3.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest index 898251c412..1beb0c7be1 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest @@ -1 +1 @@ -DIST systemd-stable-247.9.tar.gz 9915803 BLAKE2B cca6a40dac78d48eb0f7752e96b19894baff1cd462b8a3001e121820ca792a4752c03d725e13d91f238ce26980c62b1830b49e56ae7bfdc7b48b838508810163 SHA512 61cd36bec931a3550c9d25abd86d12b031d55cebf3c31eb08805947484aa93d215e3d12227cd41131a26c2a6024a74b1fef5cd4929e6240f916279bfbfc67116 +DIST systemd-stable-249.3.tar.gz 10592081 BLAKE2B e780ffeedbe916c8c633937475b14586023f80e438f9afcdce264ae97e34443567af2c35cba16e19f8456f40e5a16ce71e6cdd61b1d7995cb99fbfbdb4700aac SHA512 06cf03e448f0a311cca5faa2c3e75087355441514dc3d7d6d7f0924b27cdd21867d0dbb33ff2e9451e2ae90eb6fb206c77539805f30c7e54f6a1e7b6800c0120 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/README b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/README deleted file mode 100644 index 6449bb5dbb..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/README +++ /dev/null @@ -1,13 +0,0 @@ -= CoreOS systemd packages - -The systemd git repo lives in src/third_party/systemd and is normally -checked out to the 'master' branch by repo and the live ebuild, -systemd-9999, will build the master branch. Release ebuilds must -specify a specific git commit to build which may be the upstream tagged -commit (e.g. v218) or a commit on one of the CoreOS release branches -(e.g. v218-coreos). If you want to use cros-workon and the live ebuild -to test new changes to a release branch it is up to you to check out -that branch in src/third_party/systemd and be warned: a repo sync will -always switch back to master. I don't have a particularly good -recommendation for dealing with this, repo thinks it should be -authoritative when in fact it is the ebuilds that are authoritative. diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-wait-online-set-any-by-default.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-wait-online-set-any-by-default.patch deleted file mode 100644 index 23670cd96f..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-wait-online-set-any-by-default.patch +++ /dev/null @@ -1,32 +0,0 @@ -From eb00b0bf1014fd9da26fc1ed2612c579cbcf09ce Mon Sep 17 00:00:00 2001 -From: David Michael -Date: Tue, 16 Apr 2019 02:44:51 +0000 -Subject: [PATCH 1/5] wait-online: set --any by default - -The systemd-networkd-wait-online command would normally continue -waiting after a network interface is usable if other interfaces are -still configuring. There is a new flag --any to change this. - -Preserve previous Container Linux behavior for compatibility by -setting the --any flag by default. See patches from v241 (or -earlier) for the original implementation. ---- - src/network/wait-online/wait-online.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/network/wait-online/wait-online.c b/src/network/wait-online/wait-online.c -index cfd9093f1a..3c67e3a379 100644 ---- a/src/network/wait-online/wait-online.c -+++ b/src/network/wait-online/wait-online.c -@@ -19,7 +19,7 @@ static usec_t arg_timeout = 120 * USEC_PER_SEC; - static Hashmap *arg_interfaces = NULL; - static char **arg_ignore = NULL; - static LinkOperationalStateRange arg_required_operstate = { _LINK_OPERSTATE_INVALID, _LINK_OPERSTATE_INVALID }; --static bool arg_any = false; -+static bool arg_any = true; - - STATIC_DESTRUCTOR_REGISTER(arg_interfaces, hashmap_free_free_freep); - STATIC_DESTRUCTOR_REGISTER(arg_ignore, strv_freep); --- -2.26.2 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-networkd-default-to-kernel-IPForwarding-setting.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-networkd-default-to-kernel-IPForwarding-setting.patch deleted file mode 100644 index 053617f485..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-networkd-default-to-kernel-IPForwarding-setting.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 9acb14187bacd1d716adaed491813ea1cde12237 Mon Sep 17 00:00:00 2001 -From: Nick Owens -Date: Tue, 2 Jun 2015 18:22:32 -0700 -Subject: [PATCH 2/5] networkd: default to "kernel" IPForwarding setting - ---- - src/network/networkd-network.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c -index 3254641461..4f34daa919 100644 ---- a/src/network/networkd-network.c -+++ b/src/network/networkd-network.c -@@ -410,6 +410,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi - .ipv6ll_address_gen_mode = _IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_INVALID, - - .ipv4_accept_local = -1, -+ .ip_forward = _ADDRESS_FAMILY_INVALID, - .ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO, - .ipv6_accept_ra = -1, - .ipv6_dad_transmits = -1, --- -2.26.2 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-needs-update-don-t-require-strictly-newer-usr.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-needs-update-don-t-require-strictly-newer-usr.patch deleted file mode 100644 index c8f1460902..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-needs-update-don-t-require-strictly-newer-usr.patch +++ /dev/null @@ -1,58 +0,0 @@ -From e073ce40241db173d160d5d9986129820a98270a Mon Sep 17 00:00:00 2001 -From: Alex Crawford -Date: Wed, 2 Mar 2016 10:46:33 -0800 -Subject: [PATCH 3/5] needs-update: don't require strictly newer usr - -Updates should be triggered whenever usr changes, not only when it is newer. ---- - man/systemd-update-done.service.xml | 2 +- - src/shared/condition.c | 6 +++--- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/man/systemd-update-done.service.xml b/man/systemd-update-done.service.xml -index 3393010ff6..5478baca25 100644 ---- a/man/systemd-update-done.service.xml -+++ b/man/systemd-update-done.service.xml -@@ -50,7 +50,7 @@ - ConditionNeedsUpdate= (see - systemd.unit5) - condition to make sure to run when /etc/ or -- /var/ are older than /usr/ -+ /var/ aren't the same age as /usr/ - according to the modification times of the files described above. - This requires that updates to /usr/ are always - followed by an update of the modification time of -diff --git a/src/shared/condition.c b/src/shared/condition.c -index b2ec690bc3..4cf6523b90 100644 ---- a/src/shared/condition.c -+++ b/src/shared/condition.c -@@ -593,7 +593,7 @@ static int condition_test_needs_update(Condition *c, char **env) { - * First, compare seconds as they are always accurate... - */ - if (usr.st_mtim.tv_sec != other.st_mtim.tv_sec) -- return usr.st_mtim.tv_sec > other.st_mtim.tv_sec; -+ return true; - - /* - * ...then compare nanoseconds. -@@ -604,7 +604,7 @@ static int condition_test_needs_update(Condition *c, char **env) { - * (otherwise the filesystem supports nsec timestamps, see stat(2)). - */ - if (usr.st_mtim.tv_nsec == 0 || other.st_mtim.tv_nsec > 0) -- return usr.st_mtim.tv_nsec > other.st_mtim.tv_nsec; -+ return usr.st_mtim.tv_nsec != other.st_mtim.tv_nsec; - - _cleanup_free_ char *timestamp_str = NULL; - r = parse_env_file(NULL, p, "TIMESTAMP_NSEC", ×tamp_str); -@@ -623,7 +623,7 @@ static int condition_test_needs_update(Condition *c, char **env) { - return true; - } - -- return timespec_load_nsec(&usr.st_mtim) > timestamp; -+ return timespec_load_nsec(&usr.st_mtim) != timestamp; - } - - static int condition_test_first_boot(Condition *c, char **env) { --- -2.26.2 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-core-use-max-for-DefaultTasksMax.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-core-use-max-for-DefaultTasksMax.patch deleted file mode 100644 index 00625b1496..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-core-use-max-for-DefaultTasksMax.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 3acaafc6fcd34b272e5249c49e498ff7facb564e Mon Sep 17 00:00:00 2001 -From: Sayan Chowdhury -Date: Thu, 22 Apr 2021 20:08:33 +0530 -Subject: [PATCH] core: use max for DefaultTasksMax - -Since systemd v228, systemd has a DefaultTasksMax which defaulted -to 512, later 15% of the system's maximum number of PIDs. This -limit is low and a change in behavior that people running services -in containers will hit frequently, so revert to previous behavior. - -Though later the TasksMax was changed in the a dynamic property to -accommodate stale values. - -This change is built on previous patch by David Michael(dm0-). - -Signed-off-by: Sayan Chowdhury ---- - man/systemd-system.conf.xml | 2 +- - src/core/main.c | 2 +- - src/core/system.conf.in | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml -index d39928ec23..4d89a68b16 100644 ---- a/man/systemd-system.conf.xml -+++ b/man/systemd-system.conf.xml -@@ -376,7 +376,7 @@ - Configure the default value for the per-unit TasksMax= setting. See - systemd.resource-control5 - for details. This setting applies to all unit types that support resource control settings, with the exception -- of slice units. Defaults to 15% of the minimum of kernel.pid_max=, kernel.threads-max= -+ of slice units. Defaults to 100% of the minimum of kernel.pid_max=, kernel.threads-max= - and root cgroup pids.max. - Kernel has a default value for kernel.pid_max= and an algorithm of counting in case of more than 32 cores. - For example with the default kernel.pid_max=, DefaultTasksMax= defaults to 4915, -diff --git a/src/core/main.c b/src/core/main.c -index 0ddd629851..5e25a1b4b7 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -91,7 +91,7 @@ - #include - #endif - --#define DEFAULT_TASKS_MAX ((TasksMax) { 15U, 100U }) /* 15% */ -+#define DEFAULT_TASKS_MAX ((TasksMax) { 100U, 100U }) /* 100% */ - - static enum { - ACTION_RUN, -diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index fa6fb690c7..1e6df17d94 100644 ---- a/src/core/system.conf.in -+++ b/src/core/system.conf.in -@@ -55,7 +55,7 @@ - #DefaultBlockIOAccounting=no - #DefaultMemoryAccounting=@MEMORY_ACCOUNTING_DEFAULT@ - #DefaultTasksAccounting=yes --#DefaultTasksMax=15% -+#DefaultTasksMax=100% - #DefaultLimitCPU= - #DefaultLimitFSIZE= - #DefaultLimitDATA= --- -2.30.2 - - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0008-systemd-Disable-SELinux-permissions-checks.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0008-systemd-Disable-SELinux-permissions-checks.patch deleted file mode 100644 index e4891b4f70..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0008-systemd-Disable-SELinux-permissions-checks.patch +++ /dev/null @@ -1,29 +0,0 @@ -From f83a1a190139d6f7752e0d7c86396330f845b261 Mon Sep 17 00:00:00 2001 -From: Matthew Garrett -Date: Tue, 20 Dec 2016 16:43:22 +0000 -Subject: [PATCH 5/5] systemd: Disable SELinux permissions checks - -We don't care about the interaction between systemd and SELinux policy, so -let's just disable these checks rather than having to incorporate policy -support. This has no impact on our SELinux use-case, which is purely intended -to limit containers and not anything running directly on the host. ---- - src/core/selinux-access.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c -index 1d52b5ff04..1653d241f6 100644 ---- a/src/core/selinux-access.c -+++ b/src/core/selinux-access.c -@@ -2,7 +2,7 @@ - - #include "selinux-access.h" - --#if HAVE_SELINUX -+#if 0 - - #include - #include --- -2.26.2 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/249-libudev-static.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/249-libudev-static.patch new file mode 100644 index 0000000000..73375b716e --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/249-libudev-static.patch @@ -0,0 +1,26 @@ +From f2c57d4f3805775e0ffdc80ce578eaa737017d31 Mon Sep 17 00:00:00 2001 +From: Mike Gilbert +Date: Fri, 9 Jul 2021 13:05:23 -0400 +Subject: [PATCH] libudev: add "Libs.private: -lrt -pthread" to libudev.pc + +This resolves a failure when linking cryptsetup.static against libudev.a. + +``` +libtool: link: x86_64-pc-linux-gnu-gcc -Wall -O2 -pipe -march=amdfam10 -static -O2 -o cryptsetup.static lib/utils_crypt.o lib/utils_loop.o lib/utils_io.o lib/utils_blkid.o src/utils_tools.o src/utils_password.o src/utils_luks2.o src/utils_blockdev.o src/cryptsetup.o -pthread -pthread -Wl,--as-needed ./.libs/libcryptsetup.a -largon2 -lrt -ljson-c -lpopt -luuid -lblkid -lssl -lcrypto -lz -ldl -ldevmapper -lm -lpthread -ludev -pthread +/usr/lib/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../x86_64-pc-linux-gnu/bin/ld: /usr/lib/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../lib64/libudev.a(src_libsystemd_sd-daemon_sd-daemon.c.o): in function `sd_is_mq': +(.text.sd_is_mq+0x3a): undefined reference to `mq_getattr' +``` +--- + src/libudev/libudev.pc.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/libudev/libudev.pc.in b/src/libudev/libudev.pc.in +index 89028aaa6bf2..1d6487fa4084 100644 +--- a/src/libudev/libudev.pc.in ++++ b/src/libudev/libudev.pc.in +@@ -16,4 +16,5 @@ Name: libudev + Description: Library to access udev device information + Version: {{PROJECT_VERSION}} + Libs: -L${libdir} -ludev ++Libs.private: -lrt -pthread + Cflags: -I${includedir} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-default.preset b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-default.preset deleted file mode 100644 index d2545d5d1d..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/99-default.preset +++ /dev/null @@ -1,2 +0,0 @@ -# Do not enable any services if /etc is detected as empty. -disable * diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf deleted file mode 100644 index 013c8e1634..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-flatcar.conf +++ /dev/null @@ -1,10 +0,0 @@ -d /etc/binfmt.d - - - - - -d /etc/modules-load.d - - - - - -d /etc/sysctl.d - - - - - -d /etc/systemd - - - - - -d /etc/systemd/network - - - - - -d /etc/systemd/system - - - - - -d /etc/systemd/user - - - - - -d /etc/tmpfiles.d - - - - - -d /etc/sysusers.d - - - - - -d /var/log/journal/remote - systemd-journal-remote systemd-journal-remote - - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-resolv.conf b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-resolv.conf deleted file mode 100644 index 32b7e9d214..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-resolv.conf +++ /dev/null @@ -1,2 +0,0 @@ -d /run/systemd/network - - - - - -L /run/systemd/network/resolv.conf - - - - ../resolve/resolv.conf diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-user.pam b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-user.pam new file mode 100644 index 0000000000..38ae3211f8 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/systemd-user.pam @@ -0,0 +1,5 @@ +account include system-auth + +session required pam_loginuid.so +session include system-auth +session optional pam_systemd.so diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml index ad89da6658..cb86e5b1d2 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/metadata.xml @@ -11,21 +11,27 @@ Enable AppArmor support Enable support for sys-process/audit + Default to hybrid (legacy) cgroup hierarchy instead of unified (modern). Enable support for uploading journals Enable cryptsetup tools (includes unit generator for crypttab) + Enable DNS-over-TLS support Enable EFI boot manager and stub loader (built using sys-boot/gnu-efi) Enable coredump stacktraces in the journal Enable sealing of journal files using gcrypt + Enable portable home directories Enable embedded HTTP server in journald + Enable support for the hardware database Enable import daemon Enable kernel module loading via sys-apps/kmod - If IDN support is enabled, use net-dns/libidn2 instead of net-dns/libidn Enable lz4 compression for the journal Enable support for network address translation in networkd + Enable PKCS#11 support for cryptsetup and homed + Enable password quality checking in homed + Enable support for growing/adding partitions Enable qrcode output support in journal Install resolvconf symlink for systemd-resolve Install sysvinit compatibility symlinks and manpages for init, telinit, halt, poweroff, reboot, runlevel, and shutdown - Enable this if /bin and /usr/bin are separate directories + Enable TPM support Disable Gentoo-specific behavior and compatibility quirks Depend on x11-libs/libxkbcommon to allow logind to control the X11 keymap diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-247.9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-249.3.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-247.9.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-249.3.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild index 50f08d2885..3683686fc0 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild @@ -1,11 +1,8 @@ -# Copyright 2011-2020 Gentoo Authors +# Copyright 2011-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -# Flatcar: Based on systemd-246-r2.ebuild from commit -# 4bf7b81548f70cbf7ce5ae377e85fd21ae259ce7 in gentoo repo (see -# https://gitweb.gentoo.org/repo/gentoo.git/plain/sys-apps/systemd/systemd-246-r2.ebuild?id=4bf7b81548f70cbf7ce5ae377e85fd21ae259ce7). - EAPI=7 +PYTHON_COMPAT=( python3_{8..10} ) if [[ ${PV} == 9999 ]]; then EGIT_REPO_URI="https://github.com/systemd/systemd.git" @@ -20,27 +17,22 @@ else MY_P=${MY_PN}-${MY_PV} S=${WORKDIR}/${MY_P} SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 sparc x86" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" fi -# Flatcar: We still have python 3.5, and have no python3.8 yet. -PYTHON_COMPAT=( python3_{5,6,7} ) - -inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev user +inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev usr-ldscript DESCRIPTION="System and service manager for Linux" HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd" LICENSE="GPL-2 LGPL-2.1 MIT public-domain" SLOT="0/2" -# Flatcar: Dropped cgroup-hybrid. We use legacy hierarchy by default -# to keep docker working. Dropped static-libs, we don't care about -# static libraries. -IUSE="acl apparmor audit build cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux +split-usr ssl +sysv-utils test vanilla xkb +zstd" +IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr static-libs +sysv-utils test tpm vanilla xkb +zstd" REQUIRED_USE=" - homed? ( cryptsetup ) + homed? ( cryptsetup pam ) importd? ( curl gcrypt lzma ) + pwquality? ( homed ) " RESTRICT="!test? ( test )" @@ -50,6 +42,7 @@ OPENSSL_DEP=">=dev-libs/openssl-1.1.0:0=" COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] sys-libs/libcap:0=[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] acl? ( sys-apps/acl:0= ) apparmor? ( sys-libs/libapparmor:0= ) audit? ( >=sys-process/audit-2:0= ) @@ -60,8 +53,8 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) homed? ( ${OPENSSL_DEP} ) http? ( - >=net-libs/libmicrohttpd-0.9.33:0= - ssl? ( >=net-libs/gnutls-3.1.4:0= ) + >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] + >=net-libs/gnutls-3.1.4:0= ) idn? ( net-dns/libidn2:= ) importd? ( @@ -69,7 +62,7 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] sys-libs/zlib:0= ) kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-1.9.3-r1:0=[${MULTILIB_USEDEP}] ) + lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) nat? ( net-firewall/iptables:0= ) pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) @@ -80,12 +73,51 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] repart? ( ${OPENSSL_DEP} ) seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) selinux? ( sys-libs/libselinux:0= ) + tpm? ( app-crypt/tpm2-tss:0= ) xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) " +# Newer linux-headers needed by ia64, bug #480218 +DEPEND="${COMMON_DEPEND} + >=sys-kernel/linux-headers-${MINKV} + gnuefi? ( >=sys-boot/gnu-efi-3.0.2 ) +" + +# baselayout-2.2 has /run RDEPEND="${COMMON_DEPEND} - sysv-utils? ( !sys-apps/sysvinit ) + >=acct-group/adm-0-r1 + >=acct-group/wheel-0-r1 + >=acct-group/kmem-0-r1 + >=acct-group/tty-0-r1 + >=acct-group/utmp-0-r1 + >=acct-group/audio-0-r1 + >=acct-group/cdrom-0-r1 + >=acct-group/dialout-0-r1 + >=acct-group/disk-0-r1 + >=acct-group/input-0-r1 + >=acct-group/kvm-0-r1 + >=acct-group/lp-0-r1 + >=acct-group/render-0-r1 + acct-group/sgx + >=acct-group/tape-0-r1 + acct-group/users + >=acct-group/video-0-r1 + >=acct-group/systemd-journal-0-r1 + >=acct-user/root-0-r1 + acct-user/nobody + >=acct-user/systemd-journal-remote-0-r1 + >=acct-user/systemd-coredump-0-r1 + >=acct-user/systemd-network-0-r1 + acct-user/systemd-oom + >=acct-user/systemd-resolve-0-r1 + >=acct-user/systemd-timesync-0-r1 + >=sys-apps/baselayout-2.2 + selinux? ( sec-policy/selinux-base-policy[systemd] ) + sysv-utils? ( + !sys-apps/openrc[sysv-utils(-)] + !sys-apps/sysvinit + ) !sysv-utils? ( sys-apps/sysvinit ) resolvconf? ( !net-dns/openresolv ) !build? ( || ( @@ -95,13 +127,13 @@ RDEPEND="${COMMON_DEPEND} ) ) !sys-auth/nss-myhostname !sys-fs/eudev + !sys-fs/udev " # sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -# -# Flatcar: We don't have sys-fs/udev-init-scripts-25, so it's dropped. PDEPEND=">=sys-apps/dbus-1.9.8[systemd] - hwdb? ( >=sys-apps/hwids-20150417[udev] ) + hwdb? ( sys-apps/hwids[systemd(+),udev] ) + >=sys-fs/udev-init-scripts-34 policykit? ( sys-auth/polkit ) !vanilla? ( sys-apps/gentoo-systemd-integration )" @@ -109,22 +141,30 @@ BDEPEND=" app-arch/xz-utils:0 dev-util/gperf >=dev-util/meson-0.46 - >=dev-util/intltool-0.50 >=sys-apps/coreutils-8.16 - sys-devel/m4 + sys-devel/gettext virtual/pkgconfig - test? ( sys-apps/dbus ) + test? ( + app-text/tree + dev-lang/perl + sys-apps/dbus + ) app-text/docbook-xml-dtd:4.2 app-text/docbook-xml-dtd:4.5 app-text/docbook-xsl-stylesheets dev-libs/libxslt:0 + $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]') $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') " python_check_deps() { + has_version -b "dev-python/jinja[${PYTHON_USEDEP}]" && has_version -b "dev-python/lxml[${PYTHON_USEDEP}]" } +QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" +QA_EXECSTACK="usr/lib/systemd/boot/efi/*" + pkg_pretend() { if [[ ${MERGE_TYPE} != buildonly ]]; then if use test && has pid-sandbox ${FEATURES}; then @@ -182,25 +222,15 @@ src_prepare() { # Add local patches here PATCHES+=( - # Flatcar: Adding our own patches here. - "${FILESDIR}/0004-wait-online-set-any-by-default.patch" - "${FILESDIR}/0005-networkd-default-to-kernel-IPForwarding-setting.patch" - "${FILESDIR}/0006-needs-update-don-t-require-strictly-newer-usr.patch" - "${FILESDIR}/0007-core-use-max-for-DefaultTasksMax.patch" - "${FILESDIR}/0008-systemd-Disable-SELinux-permissions-checks.patch" ) - # Flatcar: We carry our own patches, we don't use the ones - # from Gentoo. Thus we dropped the `if ! use vanilla` code - # here. - - # Flatcar: The Kubelet takes /etc/resolv.conf for, e.g., CoreDNS which has dnsPolicy "default", but unless - # the kubelet --resolv-conf flag is set to point to /run/systemd/resolve/resolv.conf this won't work with - # /etc/resolv.conf pointing to /run/systemd/resolve/stub-resolv.conf which configures 127.0.0.53. - # See https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/#known-issues - # This means that users who need split DNS to work should point /etc/resolv.conf back to /run/systemd/resolve/stub-resolv.conf - # (and if using K8s configure the kubelet resolvConf variable/--resolv-conf flag to /run/systemd/resolve/resolv.conf). - sed -i -e 's,/run/systemd/resolve/stub-resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/etc.conf.m4 || die + if ! use vanilla; then + PATCHES+=( + "${FILESDIR}/gentoo-generator-path-r2.patch" + "${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch" + "${FILESDIR}/gentoo-journald-audit.patch" + ) + fi default } @@ -214,165 +244,98 @@ src_configure() { multilib-minimal_src_configure } -meson_use() { - usex "$1" true false -} - -meson_multilib() { - if multilib_is_native_abi; then - echo true - else - echo false - fi -} - -meson_multilib_native_use() { - if multilib_is_native_abi && use "$1"; then - echo true - else - echo false - fi -} - multilib_src_configure() { local myconf=( --localstatedir="${EPREFIX}/var" - # Flatcar: Point to our user mailing list. - -Dsupport-url="https://groups.google.com/forum/#!forum/flatcar-linux-user" + -Dsupport-url="https://gentoo.org/support/" -Dpamlibdir="$(getpam_mod_dir)" # avoid bash-completion dep -Dbashcompletiondir="$(get_bashcompdir)" # make sure we get /bin:/sbin in PATH - -Dsplit-usr=$(usex split-usr true false) + $(meson_use split-usr) -Dsplit-bin=true -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" # Avoid infinite exec recursion, bug 642724 -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" # no deps - # - # Flatcar: TODO: We have no clue why this was dropped - # from upstream, so we keep it until we understand - # more. - -Defi=$(meson_multilib) -Dima=true - # Flatcar: Use unified hierarchy now that docker-20.10 is available - -Ddefault-hierarchy=unified + -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) # Optional components/dependencies - -Dacl=$(meson_multilib_native_use acl) - -Dapparmor=$(meson_multilib_native_use apparmor) - -Daudit=$(meson_multilib_native_use audit) - -Dlibcryptsetup=$(meson_multilib_native_use cryptsetup) - -Dlibcurl=$(meson_multilib_native_use curl) - -Delfutils=$(meson_multilib_native_use elfutils) - -Dgcrypt=$(meson_use gcrypt) - -Dgnu-efi=$(meson_multilib_native_use gnuefi) + $(meson_native_use_bool acl) + $(meson_native_use_bool apparmor) + $(meson_native_use_bool audit) + $(meson_native_use_bool cryptsetup libcryptsetup) + $(meson_native_use_bool curl libcurl) + $(meson_native_use_bool dns-over-tls dns-over-tls) + $(meson_native_use_bool elfutils) + $(meson_use gcrypt) + $(meson_native_use_bool gnuefi gnu-efi) + -Defi-includedir="${ESYSROOT}/usr/include/efi" + -Defi-ld="$(tc-getLD)" -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)" - -Dhomed=$(meson_multilib_native_use homed) - -Dhwdb=$(meson_multilib_native_use hwdb) - -Dmicrohttpd=$(meson_multilib_native_use http) - -Didn=$(meson_multilib_native_use idn) - -Dimportd=$(meson_multilib_native_use importd) - -Dbzip2=$(meson_multilib_native_use importd) - -Dzlib=$(meson_multilib_native_use importd) - -Dkmod=$(meson_multilib_native_use kmod) - -Dlz4=$(meson_use lz4) - -Dxz=$(meson_use lzma) - -Dzstd=$(meson_use zstd) - -Dlibiptc=$(meson_multilib_native_use nat) - -Dpam=$(meson_use pam) - -Dp11kit=$(meson_multilib_native_use pkcs11) - -Dpcre2=$(meson_multilib_native_use pcre) - -Dpolkit=$(meson_multilib_native_use policykit) - -Dpwquality=$(meson_multilib_native_use pwquality) - -Dqrencode=$(meson_multilib_native_use qrcode) - -Drepart=$(meson_multilib_native_use repart) - -Dseccomp=$(meson_multilib_native_use seccomp) - -Dselinux=$(meson_multilib_native_use selinux) - -Ddbus=$(meson_multilib_native_use test) - -Dxkbcommon=$(meson_multilib_native_use xkb) - # Flatcar: Use our ntp servers. - -Dntp-servers="0.flatcar.pool.ntp.org 1.flatcar.pool.ntp.org 2.flatcar.pool.ntp.org 3.flatcar.pool.ntp.org" + $(meson_native_use_bool homed) + $(meson_native_use_bool hwdb) + $(meson_native_use_bool http microhttpd) + $(meson_native_use_bool idn) + $(meson_native_use_bool importd) + $(meson_native_use_bool importd bzip2) + $(meson_native_use_bool importd zlib) + $(meson_native_use_bool kmod) + $(meson_use lz4) + $(meson_use lzma xz) + $(meson_use zstd) + $(meson_native_use_bool nat libiptc) + $(meson_use pam) + $(meson_native_use_bool pkcs11 p11kit) + $(meson_native_use_bool pcre pcre2) + $(meson_native_use_bool policykit polkit) + $(meson_native_use_bool pwquality) + $(meson_native_use_bool qrcode qrencode) + $(meson_native_use_bool repart) + $(meson_native_use_bool seccomp) + $(meson_native_use_bool selinux) + $(meson_native_use_bool tpm tpm2) + $(meson_native_use_bool test dbus) + $(meson_native_use_bool xkb xkbcommon) + -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" # Breaks screen, tmux, etc. -Ddefault-kill-user-processes=false - # Flatcar: TODO: Investigate if we want this. -Dcreate-log-dirs=false # multilib options - -Dbacklight=$(meson_multilib) - -Dbinfmt=$(meson_multilib) - -Dcoredump=$(meson_multilib) - -Denvironment-d=$(meson_multilib) - -Dfirstboot=$(meson_multilib) - -Dhibernate=$(meson_multilib) - -Dhostnamed=$(meson_multilib) - -Dldconfig=$(meson_multilib) - -Dlocaled=$(meson_multilib) - -Dman=$(meson_multilib) - -Dnetworkd=$(meson_multilib) - -Dquotacheck=$(meson_multilib) - -Drandomseed=$(meson_multilib) - -Drfkill=$(meson_multilib) - -Dsysusers=$(meson_multilib) - -Dtimedated=$(meson_multilib) - -Dtimesyncd=$(meson_multilib) - -Dtmpfiles=$(meson_multilib) - -Dvconsole=$(meson_multilib) + $(meson_native_true backlight) + $(meson_native_true binfmt) + $(meson_native_true coredump) + $(meson_native_true environment-d) + $(meson_native_true firstboot) + $(meson_native_true hibernate) + $(meson_native_true hostnamed) + $(meson_native_true ldconfig) + $(meson_native_true localed) + $(meson_native_true man) + $(meson_native_true networkd) + $(meson_native_true quotacheck) + $(meson_native_true randomseed) + $(meson_native_true rfkill) + $(meson_native_true sysusers) + $(meson_native_true timedated) + $(meson_native_true timesyncd) + $(meson_native_true tmpfiles) + $(meson_native_true vconsole) - # Flatcar: Specify this, or meson breaks due to no - # /etc/login.defs. - -Dsystem-gid-max=999 - -Dsystem-uid-max=999 - - # Flatcar: DBus paths. - -Ddbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services" - -Ddbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services" - - # Flatcar: PAM config directory. - -Dpamconfdir=/usr/share/pam.d - - # Flatcar: The CoreOS epoch, Mon Jul 1 00:00:00 UTC - # 2013. Used by timesyncd as a sanity check for the - # minimum acceptable time. Explicitly set to avoid - # using the current build time. - -Dtime-epoch=1372636800 - - # Flatcar: No default name servers. - -Ddns-servers= - - # Flatcar: Disable the "First Boot Wizard", it isn't - # very applicable to us. - -Dfirstboot=false - - # Flatcar: Set latest network interface naming scheme - # for - # https://github.com/flatcar-linux/Flatcar/issues/36 - -Ddefault-net-naming-scheme=latest - - # Flatcar: Unported options, still needed? - -Defi-cc="$(tc-getCC)" - -Dquotaon-path=/usr/sbin/quotaon - -Dquotacheck-path=/usr/sbin/quotacheck - - # Flatcar: No static libs. + # static-libs + $(meson_use static-libs static-libudev) ) meson_src_configure "${myconf[@]}" } -multilib_src_compile() { - eninja -} - multilib_src_test() { unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR meson_src_test } -multilib_src_install() { - DESTDIR="${D}" eninja install -} - multilib_src_install_all() { local rootprefix=$(usex split-usr '' /usr) @@ -380,8 +343,7 @@ multilib_src_install_all() { mv "${ED}"/usr/share/doc/{systemd,${PF}} || die einstalldocs - # Flatcar: Do not install sample nsswitch.conf, we don't - # provide it. + dodoc "${FILESDIR}"/nsswitch.conf if ! use resolvconf; then rm -f "${ED}${rootprefix}"/sbin/resolvconf || die @@ -400,11 +362,31 @@ multilib_src_install_all() { rmdir "${ED}${rootprefix}"/sbin || die fi - # Flatcar: Upstream uses keepdir commands to keep some empty - # directories. - # - # Flatcar: TODO: Consider using that instead of - # systemd_dotmpfilesd "${FILESDIR}"/systemd-flatcar.conf below. + # https://bugs.gentoo.org/761763 + rm -r "${ED}"/usr/lib/sysusers.d || die + + # Preserve empty dirs in /etc & /var, bug #437008 + keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} + keepdir /etc/kernel/install.d + keepdir /etc/systemd/{network,system,user} + keepdir /etc/udev/rules.d + + if use hwdb; then + keepdir /etc/udev/hwdb.d + fi + + keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} + keepdir /usr/lib/{binfmt.d,modules-load.d} + keepdir /usr/lib/systemd/user-generators + keepdir /var/lib/systemd + keepdir /var/log/journal + + # Symlink /etc/sysctl.conf for easy migration. + dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf + + if use pam; then + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi if use hwdb; then rm -r "${ED}${rootprefix}"/lib/udev/hwdb.d || die @@ -416,100 +398,7 @@ multilib_src_install_all() { dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown fi - # Flatcar: Ensure journal directory has correct ownership/mode - # in inital image. This is fixed by systemd-tmpfiles *but* - # journald starts before that and will create the journal if - # the filesystem is already read-write. Conveniently the - # systemd Makefile sets this up completely wrong. - # - # Flatcar: TODO: Is this still a problem? - dodir /var/log/journal - fowners root:systemd-journal /var/log/journal - fperms 2755 /var/log/journal - - # Flatcar: Don't prune systemd dirs. - # - # Flatcar: TODO: Upstream probably fixed it in different way - - # it's using some keepdir commands. - systemd_dotmpfilesd "${FILESDIR}"/systemd-flatcar.conf - # Flatcar: Add tmpfiles rule for resolv.conf. This path has - # changed after v213 so it must be handled here instead of - # baselayout now. - systemd_dotmpfilesd "${FILESDIR}"/systemd-resolv.conf - - # Flatcar: Don't default to graphical.target. - local unitdir=$(builddir_systemd_get_systemunitdir) - dosym multi-user.target "${unitdir}"/default.target - - # Flatcar: Don't set any extra environment variables by default. - rm "${ED}/usr/lib/environment.d/99-environment.conf" || die - - # Flatcar: These lines more or less follow the systemd's - # preset file (90-systemd.preset). We do it that way, to avoid - # putting symlink in /etc. Please keep the lines in the same - # order as the "enable" lines appear in the preset file. - builddir_systemd_enable_service multi-user.target remote-fs.target - builddir_systemd_enable_service multi-user.target remote-cryptsetup.target - builddir_systemd_enable_service multi-user.target machines.target - # Flatcar: getty@.service is enabled manually below. - builddir_systemd_enable_service sysinit.target systemd-timesyncd.service - builddir_systemd_enable_service multi-user.target systemd-networkd.service - # Flatcar: For systemd-networkd.service, it has it in Also, which also - # needs to be enabled - builddir_systemd_enable_service sockets.target systemd-networkd.socket - # Flatcar: For systemd-networkd.service, it has it in Also, which also - # needs to be enabled - builddir_systemd_enable_service network-online.target systemd-networkd-wait-online.service - builddir_systemd_enable_service multi-user.target systemd-resolved.service - if use homed; then - builddir_systemd_enable_service multi-user.target systemd-homed.target - # Flatcar: systemd-homed.target has - # Also=systemd-userdbd.service, but the service has no - # WantedBy entry. It's likely going to be executed through - # systemd-userdbd.socket, which is enabled in upstream's - # presets file. - builddir_systemd_enable_service sockets.target systemd-userdbd.socket - fi - builddir_systemd_enable_service sysinit.target systemd-pstore.service - # Flatcar: not enabling reboot.target - it has no WantedBy - # entry. - - # Flatcar: Enable getty manually. - dodir "${unitdir}/getty.target.wants" - dosym ../getty@.service "${unitdir}/getty.target.wants/getty@tty1.service" - - # Flatcar: Use an empty preset file, because systemctl - # preset-all puts symlinks in /etc, not in /usr. We don't use - # /etc, because it is not autoupdated. We do the "preset" above. - rm "${ED}$(usex split-usr '' /usr)/lib/systemd/system-preset/90-systemd.preset" || die - insinto $(usex split-usr '' /usr)/lib/systemd/system-preset - doins "${FILESDIR}"/99-default.preset - - # Flatcar: Do not ship distro-specific files (nsswitch.conf - # pam.d). This conflicts with our own configuration provided - # by baselayout. - rm -rf "${ED}"/usr/share/factory - sed -i "${ED}"/usr/lib/tmpfiles.d/etc.conf \ - -e '/^C!* \/etc\/nsswitch\.conf/d' \ - -e '/^C!* \/etc\/pam\.d/d' \ - -e '/^C!* \/etc\/issue/d' - - # Flatcar: gen_usr_ldscript is likely for static libs, so we - # dropped it. -} - -builddir_systemd_enable_service() { - ( - export SYSROOT="${ED}" - systemd_enable_service "$@" - ) -} - -builddir_systemd_get_systemunitdir() { - ( - export SYSROOT="${ED}" - systemd_get_systemunitdir - ) + gen_usr_ldscript -a systemd udev } migrate_locale() { @@ -556,15 +445,7 @@ migrate_locale() { fi } -# Flatcar: save_enabled_units function is dropped, because it's -# unused. When building releases, we assume that there was no systemd -# previously, so there are no units to remember. - pkg_preinst() { - # Flatcar: When building releases, we assume that there was no - # systemd previously, so there are no units to remember, so - # there is no point in calling save_enabled_units. - if ! use split-usr; then local dir for dir in bin sbin lib; do @@ -583,47 +464,27 @@ pkg_preinst() { } pkg_postinst() { - newusergroup() { - enewgroup "$1" - enewuser "$1" -1 -1 -1 "$1" - } - - enewgroup input - enewgroup kvm 78 - enewgroup render 30 - enewgroup systemd-journal - newusergroup systemd-coredump - newusergroup systemd-journal-remote - newusergroup systemd-network - newusergroup systemd-resolve - newusergroup systemd-timesync - newusergroup systemd-oom - - systemd_update_catalog # Keep this here in case the database format changes so it gets updated - # when required. Despite that this file is owned by sys-apps/hwids. - if has_version "sys-apps/hwids[udev]"; then - udevadm hwdb --update --root="${EROOT}" + # when required. + if use hwdb; then + systemd-hwdb --root="${ROOT}" update fi udev_reload || FAIL=1 - # Bug 465468, make sure locales are respect, and ensure consistency + # Bug 465468, make sure locales are respected, and ensure consistency # between OpenRC & systemd migrate_locale - # Flatcar: Dropping the reenabling, since there earlier there - # was no systemd (we are building the release from scratch - # here). The function checks if the unit is enabled before - # running reenable, which in our case results in no action at - # all (because no service is enabled). - - # Flatcar: Dropping handling of ENABLED_UNITS. - - # Flatcar: We enable getty and remote-fs targets in /usr - # ourselves above. + if [[ -z ${REPLACING_VERSIONS} ]]; then + if type systemctl &>/dev/null; then + systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 + fi + elog "To enable a useful set of services, run the following:" + elog " systemctl preset-all --preset-mode=enable-only" + fi if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then rm "${EROOT}/var/lib/systemd/timesync"