Biggest change (beyond the version bump itself) is removing support for
building gudev which is moving out of the systemd repository. Also moves
USE flag changes from IUSE into package.use so the IUSE line doesn't
cause merge conflicts with upstream.
For reference the current delta from upstream is:
```patch
--- gentoo-x86/sys-apps/systemd/systemd-9999.ebuild 2015-07-08 14:20:49.679059002 -0700
+++ coreos-overlay/sys-apps/systemd/systemd-9999.ebuild 2015-07-08 15:51:11.351991236 -0700
@@ -4,18 +4,25 @@
EAPI=5
+AUTOTOOLS_AUTORECONF=yes
AUTOTOOLS_PRUNE_LIBTOOL_FILES=all
PYTHON_COMPAT=( python{2_7,3_3,3_4} )
+CROS_WORKON_PROJECT="coreos/systemd"
+CROS_WORKON_REPO="git://github.com"
if [[ ${PV} == 9999 ]]; then
- AUTOTOOLS_AUTORECONF=yes
- EGIT_REPO_URI="https://github.com/systemd/systemd.git"
- inherit git-r3
+ # Use ~arch instead of empty keywords for compatibility with cros-workon
+ KEYWORDS="~amd64 ~arm64 ~arm ~x86"
else
- SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz"
- KEYWORDS="~amd64 ~arm ~ia64 ~x86"
+ CROS_WORKON_COMMIT="9b174479806a66ff3a220a89291a38f8a4fed701"
+ KEYWORDS="amd64 arm64 ~arm ~x86"
fi
+# cros-workon must be imported first, in cases where cros-workon and
+# another eclass exports the same function (say src_compile) we want
+# the later eclass's version to win. Only need src_unpack from workon.
+inherit cros-workon
+
inherit autotools-utils bash-completion-r1 linux-info multilib \
multilib-minimal pam python-single-r1 systemd toolchain-funcs udev \
user
@@ -29,6 +36,9 @@
idn importd +kdbus +kmod +lz4 lzma nat pam policykit python
qrcode +seccomp selinux ssl sysv-utils terminal test vanilla xkb"
+# CoreOS specific use flags
+IUSE+=" man symlink-usr"
+
REQUIRED_USE="importd? ( curl gcrypt lzma )
python? ( ${PYTHON_REQUIRED_USE} )"
@@ -82,7 +92,6 @@
# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
PDEPEND=">=sys-apps/dbus-1.6.8-r1:0[systemd]
>=sys-apps/hwids-20130717-r1[udev]
- >=sys-fs/udev-init-scripts-25
policykit? ( sys-auth/polkit )
!vanilla? ( sys-apps/gentoo-systemd-integration )"
@@ -102,19 +111,19 @@
terminal? ( media-fonts/unifont[utils(+)] )
test? ( >=sys-apps/dbus-1.6.8-r1:0 )"
-if [[ -n ${AUTOTOOLS_AUTORECONF} ]]; then
- DEPEND+="
- app-text/docbook-xml-dtd:4.2
+# Not required when building from unpatched tarballs, but we build from git.
+DEPEND+="
+ man? ( app-text/docbook-xml-dtd:4.2
app-text/docbook-xml-dtd:4.5
app-text/docbook-xsl-stylesheets
dev-libs/libxslt:0
- >=dev-libs/libgcrypt-1.4.5:0"
-fi
-
-if [[ ${PV} == 9999 ]]; then
- DEPEND+=" ${PYTHON_DEPS}"
- REQUIRED_USE+=" ${PYTHON_REQUIRED_USE}"
-fi
+ ${PYTHON_DEPS} )
+ terminal? ( ${PYTHON_DEPS} )
+ >=dev-libs/libgcrypt-1.4.5:0"
+
+REQUIRED_USE+="
+ man? ( ${PYTHON_REQUIRED_USE} )
+ terminal? ( ${PYTHON_REQUIRED_USE} )"
pkg_pretend() {
local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
@@ -162,12 +171,6 @@
# Bug 463376
sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
- if [[ ${PV} != 9999 ]]; then
- # Update the timestamp on this to avoid rebuilding it.
- [[ -e src/libsystemd-terminal/unifont-glyph-array.bin ]] || die "File missing from tarball"
- touch src/libsystemd-terminal/unifont-glyph-array.bin || die
- fi
-
autotools-utils_src_prepare
}
@@ -177,18 +180,14 @@
# Fix systems broken by bug #509454.
[[ ${MY_UDEVDIR} ]] || MY_UDEVDIR=/lib/udev
- if [[ ${PV} == 9999 ]] || use python; then
- python_setup
- fi
+ python_setup
multilib-minimal_src_configure
}
multilib_src_configure() {
local myeconfargs=(
- # disable -flto since it is an optimization flag
- # and makes distcc less effective
- cc_cv_CFLAGS__flto=no
+ --with-pamconfdir=/usr/share/pam.d
# Workaround for bug 516346
--enable-dependency-tracking
@@ -229,6 +228,7 @@
$(multilib_native_use_enable kmod)
$(use_enable lz4)
$(use_enable lzma xz)
+ $(multilib_native_use_enable man manpages)
$(multilib_native_use_enable nat libiptc)
$(multilib_native_use_enable pam)
$(multilib_native_use_enable policykit polkit)
@@ -250,11 +250,19 @@
EFI_CC="$(tc-getCC)"
# dbus paths
- --with-dbuspolicydir="${EPREFIX}/etc/dbus-1/system.d"
+ --with-dbuspolicydir="${EPREFIX}/usr/share/dbus-1/system.d"
--with-dbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services"
--with-dbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services"
- --with-ntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+ --with-ntp-servers="0.coreos.pool.ntp.org 1.coreos.pool.ntp.org 2.coreos.pool.ntp.org 3.coreos.pool.ntp.org"
+
+ # The CoreOS epoch, Mon Jul 1 00:00:00 UTC 2013. Used by timesyncd
+ # as a sanity check for the minimum acceptable time. Explicitly set
+ # to avoid using the current build time.
+ --with-time-epoch=1372636800
+
+ # no default name servers
+ --with-dns-servers=
)
if ! multilib_is_native_abi; then
@@ -326,38 +334,81 @@
}
multilib_src_install_all() {
+ local unitdir=$(systemd_get_unitdir)
+
prune_libtool_files --modules
einstalldocs
if use sysv-utils; then
+ local prefix
+ use symlink-usr && prefix=/usr
for app in halt poweroff reboot runlevel shutdown telinit; do
- dosym "..${ROOTPREFIX-/usr}/bin/systemctl" /sbin/${app}
+ dosym "${ROOTPREFIX-/usr}/bin/systemctl" ${prefix}/sbin/${app}
done
- dosym "..${ROOTPREFIX-/usr}/lib/systemd/systemd" /sbin/init
- else
+ dosym "${ROOTPREFIX-/usr}/lib/systemd/systemd" ${prefix}/sbin/init
+ elif use man; then
# we just keep sysvinit tools, so no need for the mans
rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
|| die
rm "${D}"/usr/share/man/man1/init.1 || die
fi
- # Disable storing coredumps in journald, bug #433457
- mv "${D}"/usr/lib/sysctl.d/50-coredump.conf{,.disabled} || die
-
- # Preserve empty dirs in /etc & /var, bug #437008
- keepdir /etc/binfmt.d /etc/modules-load.d /etc/tmpfiles.d \
- /etc/systemd/ntp-units.d /etc/systemd/user /var/lib/systemd \
- /var/log/journal/remote
-
- # Symlink /etc/sysctl.conf for easy migration.
- dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
-
- # If we install these symlinks, there is no way for the sysadmin to remove them
- # permanently.
- rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
- rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
- rm -r "${D}"/etc/systemd/system/network-online.target.wants || die
- rm -r "${D}"/etc/systemd/system/sysinit.target.wants || die
+ # Ensure journal directory has correct ownership/mode in inital image.
+ # This is fixed by systemd-tmpfiles *but* journald starts before that
+ # and will create the journal if the filesystem is already read-write.
+ # Conveniently the systemd Makefile sets this up completely wrong.
+ dodir /var/log/journal
+ fowners root:systemd-journal /var/log/journal
+ fperms 2755 /var/log/journal
+
+ systemd_dotmpfilesd "${FILESDIR}"/systemd-coreos.conf
+ systemd_dotmpfilesd "${FILESDIR}"/systemd-resolv.conf
+
+ # Don't default to graphical.target
+ rm "${D}${unitdir}"/default.target || die
+ dosym multi-user.target "${unitdir}"/default.target
+
+ # Move a few services enabled in /etc to /usr, delete files individually
+ # so builds fail if systemd adds any new unexpected stuff to /etc
+ local f
+ for f in \
+ getty.target.wants/getty@tty1.service \
+ multi-user.target.wants/remote-fs.target \
+ multi-user.target.wants/systemd-networkd.service \
+ multi-user.target.wants/systemd-resolved.service \
+ network-online.target.wants/systemd-networkd-wait-online.service \
+ sockets.target.wants/systemd-networkd.socket \
+ sysinit.target.wants/systemd-timesyncd.service
+ do
+ local s="${f#*/}" t="${f%/*}"
+ local u="${s/@*.service/@.service}"
+
+ # systemd_enable_service doesn't understand template units
+ einfo "Enabling ${s} via ${t}"
+ dodir "${unitdir}/${t}"
+ dosym "../${u}" "${unitdir}/${t}/${s}"
+
+ rm "${D}/etc/systemd/system/${f}" || die
+ done
+ rmdir "${D}"/etc/systemd/system/*.wants || die
+
+ # Grant networkd access to set the transient host name
+ insinto /usr/share/polkit-1/rules.d
+ doins "${FILESDIR}"/99-org.freedesktop.hostname1.rules
+
+ # Do not enable random services if /etc was detected as empty!!!
+ rm "${D}"/usr/lib/systemd/system-preset/90-systemd.preset
+ insinto /usr/lib/systemd/system-preset
+ doins "${FILESDIR}"/99-default.preset
+
+ # Disable the "First Boot Wizard" by default, it isn't very applicable to CoreOS
+ rm "${D}${unitdir}"/sysinit.target.wants/systemd-firstboot.service
+
+ # Do not ship distro-specific files (nsswitch.conf pam.d)
+ rm -rf "${D}"/usr/share/factory
+ sed -i "${D}"/usr/lib/tmpfiles.d/etc.conf \
+ -e '/^C \/etc\/nsswitch\.conf/d' \
+ -e '/^C \/etc\/pam\.d/d'
}
migrate_locale() {
```
This option doesn't actually do anything, it merely moves errors about
missing intltool from the compile step to the configure step. Upstream
dropped the flag ages ago but we kept it not knowing if it was useful.
We may not *need* things like fsck.minix but it does get the systemd
test suite to pass. setarch should be there. fdformat and others are no
longer built by the ebuild.
The Gentoo hardened compiler enables PIE by default unless it detects an
incompatible option. To detect kernel builds it uses -D__KERNEL__ which
is unfortunately a preprocessor option that ccache >= 3.2 will not pass
to compile-only calls, since in theory it is unnessicary and omitting
preprocessor options works around and issues in another (*cough* LLVM)
compilers. There really isn't any other alternative magic hack so go
with the plain no-magic solution. :)
Bug: https://bugs.gentoo.org/show_bug.cgi?id=535984
SELinux policies were attempting to run the host checkmodule and semodule
commands. The former is easy to fix via pointing them at the build root, the
latter we skip entirely because we don't want to install the policy at this
point - we'll do that during image build.
We will be carrying some patches so the version of the source code will
no longer be simply the upstream mainline version. A -coreos or
-coreos-r1 and so forth will be appended. A new variable defining the
source revision (e.g. -r1) has been added so we can continue to bump the
coreos-kernel revision independently of coreos-sources for minor things
like config updates.
We need some additional selinux policy to get rkt working. Right now
this is a slightly rough cut - we'll tidy this up over time and ensure
that it's not overly permissive. In addition, ensure that policy is
installed in /usr rather than /etc and /var in order to allow upgrades
to work properly.
Pull in various selinux bits that need modification, and enable them.
setools: Needs patching to support cross building
policycoreutils: Needs patching to remove python runtime dependency
sec-policy/*: We need custom policy modifications
In addition, modify selinux-policy-2.eclass to support pulling in selinux
includes from the build root rather than /, enable selinux in systemd's
use flags and enable selinux support in the kernel.
The update of the elfutils package for arm64 bumped the amd64 stable to
elfutils-0.158 which unfortunatly, has a cross compile bug. Specify the
unstable ~amd64 (elfutils-0.161) to work around the problem.
Signed-off-by: Geoff Levand <geoff@infradead.org>
Before we can enable ixgbevf devices by default we need to prevent the
interface names from changing names and surprising folks. On the down
side this may surprise anyone manually enabling ixgbevf on their
instances but I expect that to be the smaller population.
