* [gentoo-commits] dev/steev:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2012-04-05 22:37 Stephen Klimaszewski
0 siblings, 0 replies; only message in thread
From: Stephen Klimaszewski @ 2012-04-05 22:37 UTC (permalink / raw
To: gentoo-commits
commit: 1c619374ef208df51c34c55dd0b64ef72b05d718
Author: Steev Klimaszewski <steev <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 5 22:36:26 2012 +0000
Commit: Stephen Klimaszewski <steev <AT> gentoo <DOT> org>
CommitDate: Thu Apr 5 22:36:26 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=dev/steev.git;a=commit;h=1c619374
systemd: Add systemd 44
Add systemd-44 with patch to use NAME_MAX instead of PAGE_SIZE
Signed-off-by: Steev Klimaszewski <steev <AT> gentoo.org>
---
sys-apps/systemd/Manifest | 8 +
...l-never-follow-symlinks-in-rm_rf_children.patch | 32 ++++
sys-apps/systemd/files/gentoo-run.conf | 5 +
sys-apps/systemd/files/journal-use-NAME_MAX.patch | 44 +++++
.../systemd/files/update-etc-systemd-symlinks.path | 5 +
.../files/update-etc-systemd-symlinks.service | 6 +
.../systemd/files/update-etc-systemd-symlinks.sh | 19 +++
sys-apps/systemd/systemd-44.ebuild | 167 ++++++++++++++++++++
8 files changed, 286 insertions(+), 0 deletions(-)
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
new file mode 100644
index 0000000..66bccea
--- /dev/null
+++ b/sys-apps/systemd/Manifest
@@ -0,0 +1,8 @@
+AUX 0001-util-never-follow-symlinks-in-rm_rf_children.patch 1262 RMD160 4b328f8d97887b773a95c520595ed2488a0922f7 SHA1 b212485909bae7f625e74809641385915a8bb110 SHA256 4bf6f7d0312f07614d2addece6b48f3301bb85de5f27c8b9729e11b1f4d9e36a
+AUX gentoo-run.conf 226 RMD160 3bea7b3d3fe3b3589d8bfdeaf52112ab46a67e82 SHA1 521d0d3ff408905075f42b3b00ccc77da2355c6a SHA256 a23fa3b35b4e9d5f1c41dc77cb5be1cec492eb903a57472df3d93a053db28ca7
+AUX journal-use-NAME_MAX.patch 2072 RMD160 bd9b713a2d42c54cf93e69b5793fada57fdebf13 SHA1 a3056c50455f4b23ed7b652bef3680e3a4dafb1d SHA256 763a621f1f459f751377049a8f4b444107d378d59be185413beef585a427f4ea
+AUX update-etc-systemd-symlinks.path 119 RMD160 b2512605a2313af9fca6b611a32b66e2c435577a SHA1 70ddad85c6981b9a0a81f1d0f84f4b039951c543 SHA256 4dbbe99fdc4b7922ad6fb4c6f39c975a4b139e04b04a65e3c79650b364fdc02a
+AUX update-etc-systemd-symlinks.service 165 RMD160 aab6eb2ff82ae82be72c12682fda2bc62d7b2e51 SHA1 6a766b8ef0a97290431756c8bbabf242447c632e SHA256 77f199392367cefc6d70110b955fb5f2ebafaf21ea8ca355b1863a44f130bf69
+AUX update-etc-systemd-symlinks.sh 451 RMD160 94066bbc526f108e2a3a49ad3b8dc52eb1ed4ad7 SHA1 9ad3fa9e5bef1b7d10a54101ddedb299d0f875a7 SHA256 1ed27cf8c2ca5ab862b9d935eec613d1a21ceb4cc363a4bfdac6430387e350df
+DIST systemd-44.tar.xz 885636 RMD160 d81f0b72806884628b80af5e261dddf5dbc88025 SHA1 851869f1d991343995a9ca1243616c8bf4edfdad SHA256 7a5aac4b4b8b3a82bf59292f10e43d8f2c2d7039f34e95714f81d8edcb42233c
+EBUILD systemd-44.ebuild 5223 RMD160 98f45aefd7efed79740703e347f1a709563cb463 SHA1 133795870b6fa29f55b1bf153d576426a3c31c7b SHA256 ac6f93421966bcc0d9de95000e083eec728a1a496d1a658a97c3eee37da47735
diff --git a/sys-apps/systemd/files/0001-util-never-follow-symlinks-in-rm_rf_children.patch b/sys-apps/systemd/files/0001-util-never-follow-symlinks-in-rm_rf_children.patch
new file mode 100644
index 0000000..7ac9251
--- /dev/null
+++ b/sys-apps/systemd/files/0001-util-never-follow-symlinks-in-rm_rf_children.patch
@@ -0,0 +1,32 @@
+From 5ebff5337594d690b322078c512eb222d34aaa82 Mon Sep 17 00:00:00 2001
+From: Michal Schmidt <mschmidt@redhat.com>
+Date: Fri, 2 Mar 2012 10:39:10 +0100
+Subject: [PATCH] util: never follow symlinks in rm_rf_children()
+
+The function checks if the entry is a directory before recursing, but
+there is a window between the check and the open, during which the
+directory could be replaced with a symlink.
+
+CVE-2012-1174
+https://bugzilla.redhat.com/show_bug.cgi?id=803358
+---
+ src/util.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/util.c b/src/util.c
+index 20cbc2b..dfc1dc6 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -3593,7 +3593,8 @@ static int rm_rf_children(int fd, bool only_dirs, bool honour_sticky) {
+ if (is_dir) {
+ int subdir_fd;
+
+- if ((subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC)) < 0) {
++ subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW);
++ if (subdir_fd < 0) {
+ if (ret == 0 && errno != ENOENT)
+ ret = -errno;
+ continue;
+--
+1.7.9.4
+
diff --git a/sys-apps/systemd/files/gentoo-run.conf b/sys-apps/systemd/files/gentoo-run.conf
new file mode 100644
index 0000000..5b3bcab
--- /dev/null
+++ b/sys-apps/systemd/files/gentoo-run.conf
@@ -0,0 +1,5 @@
+# New OpenRC versions replace /var/lock with a symlink to /run/lock.
+# We just create that directory for now, just in case.
+# Of course, it's not guaranteed that'll satisfy all relevant packages.
+
+d /run/lock 0755 root root -
diff --git a/sys-apps/systemd/files/journal-use-NAME_MAX.patch b/sys-apps/systemd/files/journal-use-NAME_MAX.patch
new file mode 100644
index 0000000..623bea1
--- /dev/null
+++ b/sys-apps/systemd/files/journal-use-NAME_MAX.patch
@@ -0,0 +1,44 @@
+From 7264278fbbdc1dc6c30fedc902d1337594aa6ff6 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 21 Mar 2012 22:47:44 +0000
+Subject: journal: PAGE_SIZE is not known on ppc and other archs
+
+Let's use NAME_MAX, as suggested by Dan Walsh
+---
+diff --git a/src/journal/journald.c b/src/journal/journald.c
+index d27cb60..87390bd 100644
+--- a/src/journal/journald.c
++++ b/src/journal/journald.c
+@@ -29,7 +29,6 @@
+ #include <sys/ioctl.h>
+ #include <linux/sockios.h>
+ #include <sys/statvfs.h>
+-#include <sys/user.h>
+
+ #include <systemd/sd-journal.h>
+ #include <systemd/sd-login.h>
+@@ -2149,10 +2148,20 @@ static int process_event(Server *s, struct epoll_event *ev) {
+ size_t label_len = 0;
+ union {
+ struct cmsghdr cmsghdr;
++
++ /* We use NAME_MAX space for the
++ * SELinux label here. The kernel
++ * currently enforces no limit, but
++ * according to suggestions from the
++ * SELinux people this will change and
++ * it will probably be identical to
++ * NAME_MAX. For now we use that, but
++ * this should be updated one day when
++ * the final limit is known.*/
+ uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
+ CMSG_SPACE(sizeof(struct timeval)) +
+- CMSG_SPACE(sizeof(int)) +
+- CMSG_SPACE(PAGE_SIZE)]; /* selinux label */
++ CMSG_SPACE(sizeof(int)) + /* fd */
++ CMSG_SPACE(NAME_MAX)]; /* selinux label */
+ } control;
+ ssize_t n;
+ int v;
+--
+cgit v0.9.0.2-2-gbebe
diff --git a/sys-apps/systemd/files/update-etc-systemd-symlinks.path b/sys-apps/systemd/files/update-etc-systemd-symlinks.path
new file mode 100644
index 0000000..33a9576
--- /dev/null
+++ b/sys-apps/systemd/files/update-etc-systemd-symlinks.path
@@ -0,0 +1,5 @@
+[Unit]
+Description=Update /etc/systemd/system symlinks for units moved to /usr
+
+[Path]
+PathChanged=/lib/systemd/system
diff --git a/sys-apps/systemd/files/update-etc-systemd-symlinks.service b/sys-apps/systemd/files/update-etc-systemd-symlinks.service
new file mode 100644
index 0000000..c05a194
--- /dev/null
+++ b/sys-apps/systemd/files/update-etc-systemd-symlinks.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Update /etc/systemd/system symlinks for units moved to /usr
+
+[Service]
+Type=oneshot
+ExecStart=/usr/libexec/systemd/update-etc-systemd-symlinks.sh
diff --git a/sys-apps/systemd/files/update-etc-systemd-symlinks.sh b/sys-apps/systemd/files/update-etc-systemd-symlinks.sh
new file mode 100755
index 0000000..ce81bba
--- /dev/null
+++ b/sys-apps/systemd/files/update-etc-systemd-symlinks.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+# Update symlinks to systemd units moved into /usr/systemd.
+# (c) 2012 Michał Górny
+# Released under the terms of the 2-clause BSD license
+
+IFS_SAVE=${IFS}
+IFS='
+'
+# follow + symlink type will match broken symlinks only
+set -- $(find -L /etc/systemd/system -type l -print)
+IFS=${IFS_SAVE}
+
+for f; do
+ old_path=$(readlink "${f}")
+ new_path=/usr/lib${old_path#/lib}
+ if [ -f "${new_path}" ]; then
+ ln -v -s -f "${new_path}" "${f}"
+ fi
+done
diff --git a/sys-apps/systemd/systemd-44.ebuild b/sys-apps/systemd/systemd-44.ebuild
new file mode 100644
index 0000000..39f1a9b
--- /dev/null
+++ b/sys-apps/systemd/systemd-44.ebuild
@@ -0,0 +1,167 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/systemd-44.ebuild,v 1.1 2012/04/05 11:15:27 mgorny Exp $
+
+EAPI=4
+
+inherit autotools-utils bash-completion-r1 linux-info pam systemd
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="http://www.freedesktop.org/wiki/Software/systemd"
+SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="acl audit cryptsetup lzma pam plymouth selinux tcpd"
+
+# We need to depend on sysvinit for sulogin which is used in the rescue
+# mode. Bug #399615.
+
+# A little higher than upstream requires
+# but I had real trouble with 2.6.37 and systemd.
+MINKV="2.6.38"
+
+# dbus version because of systemd units
+# sysvinit for sulogin
+RDEPEND=">=sys-apps/dbus-1.4.10
+ >=sys-apps/kmod-5
+ sys-apps/sysvinit
+ >=sys-apps/util-linux-2.19
+ >=sys-fs/udev-172
+ sys-libs/libcap
+ acl? ( sys-apps/acl )
+ audit? ( >=sys-process/audit-2 )
+ cryptsetup? ( sys-fs/cryptsetup )
+ lzma? ( app-arch/xz-utils )
+ pam? ( virtual/pam )
+ plymouth? ( sys-boot/plymouth )
+ selinux? ( sys-libs/libselinux )
+ tcpd? ( sys-apps/tcp-wrappers )"
+
+DEPEND="${RDEPEND}
+ app-arch/xz-utils
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt
+ dev-util/gperf
+ dev-util/intltool
+ >=sys-kernel/linux-headers-${MINKV}"
+
+PATCHES=(
+ # bug #408879: Session Logout File Deletion Weakness (CVE-2012-1174)
+ "${FILESDIR}"/0001-util-never-follow-symlinks-in-rm_rf_children.patch
+ # Not all architectures have PAGE_SIZE
+ "${FILESDIR}"/journal-use-NAME_MAX.patch
+)
+
+pkg_setup() {
+ enewgroup lock # used by var-lock.mount
+ enewgroup tty 5 # used by mount-setup for /dev/pts
+}
+
+src_configure() {
+ local myeconfargs=(
+ --with-distro=gentoo
+ # install everything to /usr
+ --with-rootprefix=/usr
+ --with-rootlibdir=/usr/$(get_libdir)
+ # but pam modules have to lie in /lib*
+ --with-pamlibdir=/$(get_libdir)/security
+ --localstatedir=/var
+ # make sure we get /bin:/sbin in $PATH
+ --enable-split-usr
+ $(use_enable acl)
+ $(use_enable audit)
+ $(use_enable cryptsetup libcryptsetup)
+ $(use_enable lzma xz)
+ $(use_enable pam)
+ $(use_enable plymouth)
+ $(use_enable selinux)
+ $(use_enable tcpd tcpwrap)
+ # now in sys-apps/systemd-ui
+ --disable-gtk
+ )
+
+ autotools-utils_src_configure
+}
+
+src_install() {
+ autotools-utils_src_install \
+ bashcompletiondir=/tmp
+
+ # compat for init= use
+ dosym ../usr/lib/systemd/systemd /bin/systemd
+ dosym ../lib/systemd/systemd /usr/bin/systemd
+ # rsyslog.service depends on it...
+ dosym ../usr/bin/systemctl /bin/systemctl
+
+ # move files as necessary
+ newbashcomp "${D}"/tmp/systemd-bash-completion.sh ${PN}
+ rm -r "${D}"/tmp || die
+
+ # we just keep sysvinit tools, so no need for the mans
+ rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
+ || die
+ rm "${D}"/usr/share/man/man1/init.1 || die
+
+ # Create /run/lock as required by new baselay/OpenRC compat.
+ insinto /usr/lib/tmpfiles.d
+ doins "${FILESDIR}"/gentoo-run.conf
+
+ # Migration helpers.
+ exeinto /usr/libexec/systemd
+ doexe "${FILESDIR}"/update-etc-systemd-symlinks.sh
+ systemd_dounit "${FILESDIR}"/update-etc-systemd-symlinks.{service,path}
+ systemd_enable_service sysinit.target update-etc-systemd-symlinks.path
+}
+
+pkg_preinst() {
+ local CONFIG_CHECK="~AUTOFS4_FS ~CGROUPS ~DEVTMPFS ~FANOTIFY ~IPV6"
+ kernel_is -ge ${MINKV//./ } || ewarn "Kernel version at least ${MINKV} required"
+ check_extra_config
+}
+
+optfeature() {
+ elog " [\e[1m$(has_version ${1} && echo I || echo ' ')\e[0m] ${1} (${2})"
+}
+
+pkg_postinst() {
+ mkdir -p "${ROOT}"/run || ewarn "Unable to mkdir /run, this could mean trouble."
+ if [[ ! -L "${ROOT}"/etc/mtab ]]; then
+ ewarn "Upstream suggests that the /etc/mtab file should be a symlink to /proc/mounts."
+ ewarn "It is known to cause users being unable to unmount user mounts. If you don't"
+ ewarn "require that specific feature, please call:"
+ ewarn " $ ln -sf '${ROOT}proc/self/mounts' '${ROOT}etc/mtab'"
+ ewarn
+ fi
+
+ elog "You may need to perform some additional configuration for some programs"
+ elog "to work, see the systemd manpages for loading modules and handling tmpfiles:"
+ elog " $ man modules-load.d"
+ elog " $ man tmpfiles.d"
+ elog
+
+ elog "To get additional features, a number of optional runtime dependencies may"
+ elog "be installed:"
+ optfeature 'dev-python/dbus-python' 'for systemd-analyze'
+ optfeature 'dev-python/pycairo[svg]' 'for systemd-analyze plotting ability'
+ optfeature 'sys-apps/systemd-ui' 'for GTK+ systemadm UI and gnome-ask-password-agent'
+ elog
+
+ ewarn "Please note this is a work-in-progress and many packages in Gentoo"
+ ewarn "do not supply systemd unit files yet. You are testing it on your own"
+ ewarn "responsibility. Please remember than you can pass:"
+ ewarn " init=/sbin/init"
+ ewarn "to your kernel to boot using sysvinit / OpenRC."
+
+ # Don't run it if we're outta /
+ if [[ ! ${ROOT%/} ]]; then
+ # Update symlinks to moved units.
+ sh "${FILESDIR}"/update-etc-systemd-symlinks.sh
+
+ # Try to start migration unit.
+ ebegin "Trying to start migration helper path monitoring."
+ systemctl --system start update-etc-systemd-symlinks.path 2>/dev/null
+ eend ${?}
+ fi
+}
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2012-04-05 22:38 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-04-05 22:37 [gentoo-commits] dev/steev:master commit in: sys-apps/systemd/, sys-apps/systemd/files/ Stephen Klimaszewski
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox