Missed this reference to /usr/local/portage in a recent scripts change:
174a847e36
So existing SDKs kept working but newly created SDKs would mysteriously
fail to build some things like cmake and vim. :(
Specify vim-7.4.712 and vim-core-7.4.712 in package.accept_keywords
to pickup needed upstream cross-compile fix.
https://bugs.gentoo.org/show_bug.cgi?id=473372
Fix build errors like these:
checking for tgetent()... configure: error: NOT FOUND!
You need to install a terminal library; for example ncurses.
Signed-off-by: Geoff Levand <geoff@infradead.org>
This now includes ignition-disks.service and ignition-files.service
which run their respective stages. Both of these services are required
by ignition.target which is wanted when the udev rule matches an
unbooted disk.
In addition to enabling PIE and stack protector, hardened compilers also
enable the -fstack-check option which I had previously overlooked,
conflating it with -fstack-protector which the kernel build already
handles properly. This is the second time I hit this trying to use
ccache, I forgot that -nopie was insufficent for kernel builds. Last
time around reverted in cd043688f09b22ccf245ffd11f8a22a5ff31e577.
At least this time I finally dug deep enough to find the cause instead
of setting myself up for repeating history in another 6 months. For
reference the issue is that the Go 1.3.x runtime can call clock_gettime
with a very small stack. If the vDSO library was built with
-fstack-check it will attempt to write 0 to a location beyond the end of
the very small stack, triggering SEGV:
Dump of assembler code for function __vdso_clock_gettime:
0x00007ffff7ffaa50 <+0>: push %rbp
0x00007ffff7ffaa51 <+1>: mov %rsp,%rbp
0x00007ffff7ffaa54 <+4>: push %r14
0x00007ffff7ffaa56 <+6>: push %r13
0x00007ffff7ffaa58 <+8>: push %r12
0x00007ffff7ffaa5a <+10>: push %rbx
0x00007ffff7ffaa5b <+11>: sub $0x1038,%rsp
=> 0x00007ffff7ffaa62 <+18>: orq $0x0,(%rsp)
0x00007ffff7ffaa67 <+23>: add $0x1020,%rsp
Upstream moved the python stuff to its own package which we don't need
anyway. Cleans up dependencies a bit but all the changes are in use
flags we don't enable so nothing impacts us. Our delta is now:
```patch
--- gentoo-x86/sys-apps/systemd/systemd-9999.ebuild 2015-07-11 12:19:02.628603502 -0700
+++ coreos-overlay/sys-apps/systemd/systemd-9999.ebuild 2015-07-11 12:33:19.136880252 -0700
@@ -7,16 +7,23 @@
AUTOTOOLS_AUTORECONF=yes
AUTOTOOLS_PRUNE_LIBTOOL_FILES=all
PYTHON_COMPAT=( python{2_7,3_3,3_4} )
+CROS_WORKON_PROJECT="coreos/systemd"
+CROS_WORKON_REPO="git://github.com"
if [[ ${PV} == 9999 ]]; then
- EGIT_REPO_URI="https://github.com/systemd/systemd.git"
- inherit git-r3
+ # Use ~arch instead of empty keywords for compatibility with cros-workon
+ KEYWORDS="~amd64 ~arm64 ~arm ~x86"
else
- SRC_URI="https://github.com/systemd/systemd/archive/v${PV}.tar.gz -> ${P}.tar.gz"
- KEYWORDS="~amd64 ~arm ~ia64 ~x86"
+ CROS_WORKON_COMMIT="015325350548732458e61c193f5fab6f139f47fc"
+ KEYWORDS="amd64 arm64 ~arm ~x86"
fi
UNIFONT=unifont-8.0.01
-SRC_URI+=" terminal? ( http://unifoundry.com/pub/${UNIFONT}/font-builds/${UNIFONT}.hex.gz )"
+SRC_URI="terminal? ( http://unifoundry.com/pub/${UNIFONT}/font-builds/${UNIFONT}.hex.gz )"
+
+# cros-workon must be imported first, in cases where cros-workon and
+# another eclass exports the same function (say src_compile) we want
+# the later eclass's version to win. Only need src_unpack from workon.
+inherit cros-workon
inherit autotools-utils bash-completion-r1 linux-info multilib \
multilib-minimal pam python-any-r1 systemd toolchain-funcs udev \
@@ -31,6 +38,9 @@
idn importd +kdbus +kmod +lz4 lzma nat pam policykit
qrcode +seccomp selinux ssl sysv-utils terminal test vanilla xkb"
+# CoreOS specific use flags
+IUSE+=" man symlink-usr"
+
REQUIRED_USE="importd? ( curl gcrypt lzma )"
MINKV="3.8"
@@ -82,7 +92,6 @@
# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
PDEPEND=">=sys-apps/dbus-1.6.8-r1:0[systemd]
>=sys-apps/hwids-20130717-r1[udev]
- >=sys-fs/udev-init-scripts-25
policykit? ( sys-auth/polkit )
!vanilla? ( sys-apps/gentoo-systemd-integration )"
@@ -101,14 +110,13 @@
terminal? ( ${PYTHON_DEPS} )
test? ( >=sys-apps/dbus-1.6.8-r1:0 )"
-if [[ -n ${AUTOTOOLS_AUTORECONF} ]]; then
- DEPEND+="
- app-text/docbook-xml-dtd:4.2
+# Not required when building from unpatched tarballs, but we build from git.
+DEPEND+="
+ man? ( app-text/docbook-xml-dtd:4.2
app-text/docbook-xml-dtd:4.5
app-text/docbook-xsl-stylesheets
- dev-libs/libxslt:0
- >=dev-libs/libgcrypt-1.4.5:0"
-fi
+ dev-libs/libxslt:0 )
+ >=dev-libs/libgcrypt-1.4.5:0"
pkg_pretend() {
local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
@@ -154,7 +162,7 @@
src_unpack() {
default
- [[ ${PV} != 9999 ]] || git-r3_src_unpack
+ cros-workon_src_unpack
}
src_prepare() {
@@ -179,9 +187,7 @@
multilib_src_configure() {
local myeconfargs=(
- # disable -flto since it is an optimization flag
- # and makes distcc less effective
- cc_cv_CFLAGS__flto=no
+ --with-pamconfdir=/usr/share/pam.d
# Workaround for gcc-4.7, bug 554454.
cc_cv_CFLAGS__Werror_shadow=no
@@ -228,6 +234,7 @@
$(multilib_native_use_enable kmod)
$(use_enable lz4)
$(use_enable lzma xz)
+ $(multilib_native_use_enable man manpages)
$(multilib_native_use_enable nat libiptc)
$(multilib_native_use_enable pam)
$(multilib_native_use_enable policykit polkit)
@@ -248,11 +255,19 @@
EFI_CC="$(tc-getCC)"
# dbus paths
- --with-dbuspolicydir="${EPREFIX}/etc/dbus-1/system.d"
+ --with-dbuspolicydir="${EPREFIX}/usr/share/dbus-1/system.d"
--with-dbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services"
--with-dbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services"
- --with-ntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+ --with-ntp-servers="0.coreos.pool.ntp.org 1.coreos.pool.ntp.org 2.coreos.pool.ntp.org 3.coreos.pool.ntp.org"
+
+ # The CoreOS epoch, Mon Jul 1 00:00:00 UTC 2013. Used by timesyncd
+ # as a sanity check for the minimum acceptable time. Explicitly set
+ # to avoid using the current build time.
+ --with-time-epoch=1372636800
+
+ # no default name servers
+ --with-dns-servers=
)
if ! multilib_is_native_abi; then
@@ -324,38 +339,81 @@
}
multilib_src_install_all() {
+ local unitdir=$(systemd_get_unitdir)
+
prune_libtool_files --modules
einstalldocs
if use sysv-utils; then
+ local prefix
+ use symlink-usr && prefix=/usr
for app in halt poweroff reboot runlevel shutdown telinit; do
- dosym "..${ROOTPREFIX-/usr}/bin/systemctl" /sbin/${app}
+ dosym "${ROOTPREFIX-/usr}/bin/systemctl" ${prefix}/sbin/${app}
done
- dosym "..${ROOTPREFIX-/usr}/lib/systemd/systemd" /sbin/init
- else
+ dosym "${ROOTPREFIX-/usr}/lib/systemd/systemd" ${prefix}/sbin/init
+ elif use man; then
# we just keep sysvinit tools, so no need for the mans
rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
|| die
rm "${D}"/usr/share/man/man1/init.1 || die
fi
- # Disable storing coredumps in journald, bug #433457
- mv "${D}"/usr/lib/sysctl.d/50-coredump.conf{,.disabled} || die
-
- # Preserve empty dirs in /etc & /var, bug #437008
- keepdir /etc/binfmt.d /etc/modules-load.d /etc/tmpfiles.d \
- /etc/systemd/ntp-units.d /etc/systemd/user /var/lib/systemd \
- /var/log/journal/remote
-
- # Symlink /etc/sysctl.conf for easy migration.
- dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
-
- # If we install these symlinks, there is no way for the sysadmin to remove them
- # permanently.
- rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
- rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
- rm -r "${D}"/etc/systemd/system/network-online.target.wants || die
- rm -r "${D}"/etc/systemd/system/sysinit.target.wants || die
+ # Ensure journal directory has correct ownership/mode in inital image.
+ # This is fixed by systemd-tmpfiles *but* journald starts before that
+ # and will create the journal if the filesystem is already read-write.
+ # Conveniently the systemd Makefile sets this up completely wrong.
+ dodir /var/log/journal
+ fowners root:systemd-journal /var/log/journal
+ fperms 2755 /var/log/journal
+
+ systemd_dotmpfilesd "${FILESDIR}"/systemd-coreos.conf
+ systemd_dotmpfilesd "${FILESDIR}"/systemd-resolv.conf
+
+ # Don't default to graphical.target
+ rm "${D}${unitdir}"/default.target || die
+ dosym multi-user.target "${unitdir}"/default.target
+
+ # Move a few services enabled in /etc to /usr, delete files individually
+ # so builds fail if systemd adds any new unexpected stuff to /etc
+ local f
+ for f in \
+ getty.target.wants/getty@tty1.service \
+ multi-user.target.wants/remote-fs.target \
+ multi-user.target.wants/systemd-networkd.service \
+ multi-user.target.wants/systemd-resolved.service \
+ network-online.target.wants/systemd-networkd-wait-online.service \
+ sockets.target.wants/systemd-networkd.socket \
+ sysinit.target.wants/systemd-timesyncd.service
+ do
+ local s="${f#*/}" t="${f%/*}"
+ local u="${s/@*.service/@.service}"
+
+ # systemd_enable_service doesn't understand template units
+ einfo "Enabling ${s} via ${t}"
+ dodir "${unitdir}/${t}"
+ dosym "../${u}" "${unitdir}/${t}/${s}"
+
+ rm "${D}/etc/systemd/system/${f}" || die
+ done
+ rmdir "${D}"/etc/systemd/system/*.wants || die
+
+ # Grant networkd access to set the transient host name
+ insinto /usr/share/polkit-1/rules.d
+ doins "${FILESDIR}"/99-org.freedesktop.hostname1.rules
+
+ # Do not enable random services if /etc was detected as empty!!!
+ rm "${D}"/usr/lib/systemd/system-preset/90-systemd.preset
+ insinto /usr/lib/systemd/system-preset
+ doins "${FILESDIR}"/99-default.preset
+
+ # Disable the "First Boot Wizard" by default, it isn't very applicable to CoreOS
+ rm "${D}${unitdir}"/sysinit.target.wants/systemd-firstboot.service
+
+ # Do not ship distro-specific files (nsswitch.conf pam.d)
+ rm -rf "${D}"/usr/share/factory
+ sed -i "${D}"/usr/lib/tmpfiles.d/etc.conf \
+ -e '/^C \/etc\/nsswitch\.conf/d' \
+ -e '/^C \/etc\/pam\.d/d'
}
migrate_locale() {
```
By default ccache checks the compiler's mtime and size but that gets
thrown off by reinstalls, including from binary packages. The
alternative mode reads the compiler binary itself instead. In theory
that may be slower but in reality both modes are effectively the same
speed. ccache will now work under catalyst
