public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2021-09-08 18:29 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2021-09-08 18:29 UTC (permalink / raw
  To: gentoo-commits

commit:     b4f43b6837d616fef3678a80562b0d483d0ce7cb
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Sep  8 18:23:16 2021 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Sep  8 18:29:25 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4f43b68

sys-apps/systemd: backport FIDO2 fix

Closes: https://bugs.gentoo.org/811864
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 sys-apps/systemd/files/249-fido2.patch             | 58 ++++++++++++++++++++++
 ...emd-249.4-r1.ebuild => systemd-249.4-r2.ebuild} |  1 +
 2 files changed, 59 insertions(+)

diff --git a/sys-apps/systemd/files/249-fido2.patch b/sys-apps/systemd/files/249-fido2.patch
new file mode 100644
index 00000000000..bbfa4afb540
--- /dev/null
+++ b/sys-apps/systemd/files/249-fido2.patch
@@ -0,0 +1,58 @@
+From b6aa89b0a399992c8ea762e6ec4f30cff90618f2 Mon Sep 17 00:00:00 2001
+From: pedro martelletto <pedro@yubico.com>
+Date: Wed, 8 Sep 2021 10:42:56 +0200
+Subject: [PATCH] explicitly close FIDO2 devices
+
+FIDO2 device access is serialised by libfido2 using flock().
+Therefore, make sure to close a FIDO2 device once we are done
+with it, or we risk opening it again at a later point and
+deadlocking. Fixes #20664.
+---
+ src/shared/libfido2-util.c | 2 ++
+ src/shared/libfido2-util.h | 5 ++++-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/shared/libfido2-util.c b/src/shared/libfido2-util.c
+index 12c644dcfcce..6d18178b68c9 100644
+--- a/src/shared/libfido2-util.c
++++ b/src/shared/libfido2-util.c
+@@ -58,6 +58,7 @@ bool (*sym_fido_dev_is_fido2)(const fido_dev_t *) = NULL;
+ int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char *) = NULL;
+ fido_dev_t* (*sym_fido_dev_new)(void) = NULL;
+ int (*sym_fido_dev_open)(fido_dev_t *, const char *) = NULL;
++int (*sym_fido_dev_close)(fido_dev_t *) = NULL;
+ const char* (*sym_fido_strerr)(int) = NULL;
+ 
+ int dlopen_libfido2(void) {
+@@ -106,6 +107,7 @@ int dlopen_libfido2(void) {
+                         DLSYM_ARG(fido_dev_make_cred),
+                         DLSYM_ARG(fido_dev_new),
+                         DLSYM_ARG(fido_dev_open),
++                        DLSYM_ARG(fido_dev_close),
+                         DLSYM_ARG(fido_strerr));
+ }
+ 
+diff --git a/src/shared/libfido2-util.h b/src/shared/libfido2-util.h
+index 5640cca5e39b..4ebf8ab77509 100644
+--- a/src/shared/libfido2-util.h
++++ b/src/shared/libfido2-util.h
+@@ -60,6 +60,7 @@ extern bool (*sym_fido_dev_is_fido2)(const fido_dev_t *);
+ extern int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char *);
+ extern fido_dev_t* (*sym_fido_dev_new)(void);
+ extern int (*sym_fido_dev_open)(fido_dev_t *, const char *);
++extern int (*sym_fido_dev_close)(fido_dev_t *);
+ extern const char* (*sym_fido_strerr)(int);
+ 
+ int dlopen_libfido2(void);
+@@ -75,8 +76,10 @@ static inline void fido_assert_free_wrapper(fido_assert_t **p) {
+ }
+ 
+ static inline void fido_dev_free_wrapper(fido_dev_t **p) {
+-        if (*p)
++        if (*p) {
++                sym_fido_dev_close(*p);
+                 sym_fido_dev_free(p);
++        }
+ }
+ 
+ static inline void fido_cred_free_wrapper(fido_cred_t **p) {

diff --git a/sys-apps/systemd/systemd-249.4-r1.ebuild b/sys-apps/systemd/systemd-249.4-r2.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-249.4-r1.ebuild
rename to sys-apps/systemd/systemd-249.4-r2.ebuild
index 6c7937f4e0e..95d20177016 100644
--- a/sys-apps/systemd/systemd-249.4-r1.ebuild
+++ b/sys-apps/systemd/systemd-249.4-r2.ebuild
@@ -226,6 +226,7 @@ src_prepare() {
 	# Add local patches here
 	PATCHES+=(
 		"${FILESDIR}/249-libudev-static.patch"
+		"${FILESDIR}/249-fido2.patch"
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2024-05-28  0:51 Sam James
  0 siblings, 0 replies; 65+ messages in thread
From: Sam James @ 2024-05-28  0:51 UTC (permalink / raw
  To: gentoo-commits

commit:     4081984af756a502e85da04e8ca5df6c760fdc21
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue May 28 00:47:40 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue May 28 00:50:51 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4081984a

sys-apps/systemd: drop 255.5, 255.5-r1, 255.5-r2

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-apps/systemd/Manifest                 |   1 -
 sys-apps/systemd/files/255-dnssec-2.patch |  48 ---
 sys-apps/systemd/files/255-dnssec-3.patch |  32 --
 sys-apps/systemd/files/255-dnssec.patch   |  29 --
 sys-apps/systemd/systemd-255.5-r1.ebuild  | 530 -----------------------------
 sys-apps/systemd/systemd-255.5-r2.ebuild  | 532 ------------------------------
 sys-apps/systemd/systemd-255.5.ebuild     | 529 -----------------------------
 7 files changed, 1701 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 44bac9120da5..aff852674ab4 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -4,6 +4,5 @@ DIST systemd-stable-254.13.tar.gz 14533359 BLAKE2B 6f37bf5f1868840f122652fdca270
 DIST systemd-stable-254.8.tar.gz 14418468 BLAKE2B e5a151ece86e57c7224fc95bda1b4ede1277fce4a2ba28d3605ab0431a2aafe1088f90c49a20e3b53a5b56aeef7c0f1f5da0601db740150f5efdf6eae7bbde80 SHA512 a3f35d9fcafcccd8d9c33ab1047241f226146017be95562a67c7dcc9eeb4b77bded92ad80e92f4767f2bf2009df0172a621d4c54a805e07ed5a5ed03940ec28e
 DIST systemd-stable-255.3.tar.gz 14873273 BLAKE2B e22ef391c691fcf1e765c5112e1a55096d3bba61a9dae3ea1a3958add4e355892a97d5214e63c516ba3b70e2a83bb5d21254812d870f06c16c74a58d4f957d75 SHA512 c2868a53df2176649b0d0c94e5d451c46ba783bcdbc89ce12434ed2d11dba44b4854ffe4c2430f3f64eef2e214cbb51d5f740170afbd9edd66761a8851157453
 DIST systemd-stable-255.4.tar.gz 14952427 BLAKE2B 27f5080f83a9e870fbe8e3ebcb500a63c42022f1f96f26f35c76eeeea85dab691291c31ee716cab330b76df5e576910a6a82f51267eff4f766b1d4c304d815c9 SHA512 8a2bde11a55f7f788ba7751789a5e9be6ce9634e88d54e49f6e832c4c49020c6cacaf2a610fe26f92998b0cbf43c6c2150a96b2c0953d23261009f57d71ea979
-DIST systemd-stable-255.5.tar.gz 14976055 BLAKE2B 08e2d5e6ed340214f195e8ecc22665c572838af94c19f946de7dc710e0f5e0476dda09d313b6848a7f10f6d545b8cd6b1b7ce234b9f4aad1dbff3a065eda6b76 SHA512 9c0b39379e9ef2af983d885ec3cac0377c90435846341bb4e22abf33c00cc1c9f40abba1d6f598300ffac18e2b27bf917eea41885b1413f63cb9902d2efe9bcc
 DIST systemd-stable-255.6.tar.gz 15060034 BLAKE2B 27e14a870bd8ae85e3c7679a69b7dcd6f1165430c4cdea57d3f7092a40a22085bafc3e3e397a7429b53773f7460bde0ad0af9afb6852c6d0c9cc681d25c34c03 SHA512 523c5d973e2ccd47f8ba33d1fb8264a8de58cb639fab22be0d0854f96009dce700d6f022d30aad5ab7b9292b33047cbbc1eefc3c6141328e337b9a245944c237
 DIST systemd-stable-255.7.tar.gz 15068684 BLAKE2B 6fb5415d9e013bc8695ef837affce7063d214027529412a25ea73eb25473d1f07cff6ad3ea3ea18b7bbf9d73d2bb8e39838e1aeb2a14d016b3b47e4ba24d02d0 SHA512 1cd2a00f292751b923bd93c60bdcdd66d82792b45e32dce11d77e2b3b6fc5c8ba4c5db386652deffa8c24e75032af1a745700ba91f1726e249f0c447daf85c2a

diff --git a/sys-apps/systemd/files/255-dnssec-2.patch b/sys-apps/systemd/files/255-dnssec-2.patch
deleted file mode 100644
index e8eaf9782b3e..000000000000
--- a/sys-apps/systemd/files/255-dnssec-2.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-https://github.com/systemd/systemd/pull/32598
-https://github.com/systemd/systemd-stable/commit/ee15f5efaf2f6cdbb867fca601e92761276e2b1e
-
-From ee15f5efaf2f6cdbb867fca601e92761276e2b1e Mon Sep 17 00:00:00 2001
-From: Ronan Pigott <ronan@rjp.ie>
-Date: Tue, 30 Apr 2024 22:15:18 -0700
-Subject: [PATCH] resolved: probe for dnssec support in allow-downgrade mode
-
-Previously, sd-resolved unnecessarily requested SOA records for each dns
-label in the query, even though they are not needed for the chain of
-trust. Since 47690634f157, only the necessary records are queried when
-validating.
-
-This is actually a problem in allow-downgrade mode, since we will no
-longer attempt a query for a record that we know is signed a priori, and
-will therefore never update our belief about the state of dnssec support
-in the recursive resolver.
-
-Rectify this by reintroducing a query for the root zone SOA in the
-allow-downgrade case, specifically to test that the resolver attaches
-the RRSIGs which we know must exist.
-
-Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
-(cherry picked from commit 5237ffdf2b63a5afea77c3470d9981a2c29643cc)
---- a/src/resolve/resolved-dns-transaction.c
-+++ b/src/resolve/resolved-dns-transaction.c
-@@ -2622,6 +2622,21 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
-                         if (r < 0)
-                                 return r;
- 
-+                        if (t->scope->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE && dns_name_is_root(name)) {
-+                                _cleanup_(dns_resource_key_unrefp) DnsResourceKey *soa = NULL;
-+                                /* We made it all the way to the root zone. If we are in allow-downgrade
-+                                 * mode, we need to make at least one request that we can be certain should
-+                                 * have been signed, to test for servers that are not dnssec aware. */
-+                                soa = dns_resource_key_new(rr->key->class, DNS_TYPE_SOA, name);
-+                                if (!soa)
-+                                        return -ENOMEM;
-+
-+                                log_debug("Requesting root zone SOA to probe dnssec support.");
-+                                r = dns_transaction_request_dnssec_rr(t, soa);
-+                                if (r < 0)
-+                                        return r;
-+                        }
-+
-                         break;
-                 }
- 

diff --git a/sys-apps/systemd/files/255-dnssec-3.patch b/sys-apps/systemd/files/255-dnssec-3.patch
deleted file mode 100644
index 4fd231d6d157..000000000000
--- a/sys-apps/systemd/files/255-dnssec-3.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-https://github.com/systemd/systemd/pull/32593
-https://github.com/systemd/systemd-stable/commit/a1580223a5dd67ab61c5f888b114de43b65fffbf
-
-From a1580223a5dd67ab61c5f888b114de43b65fffbf Mon Sep 17 00:00:00 2001
-From: Ronan Pigott <ronan@rjp.ie>
-Date: Tue, 30 Apr 2024 13:19:14 -0700
-Subject: [PATCH] resolved: validate authentic insecure delegation to CNAME
-
-If the parent zone uses a non-opt-out method that provides authenticated
-negative DS replies, we still can't expect signatures from the child
-zone. sd-resolved was using the authenticated status of the DS reply to
-require signatures for CNAMEs, even though it had already proved that no
-signature exists.
-
-Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
-(cherry picked from commit 414a9b8e5e1e772261b0ffaedc853f5c0aba5719)
---- a/src/resolve/resolved-dns-transaction.c
-+++ b/src/resolve/resolved-dns-transaction.c
-@@ -2863,7 +2863,12 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
-                         if (r == 0)
-                                 continue;
- 
--                        return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
-+                        if (!FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED))
-+                                return false;
-+
-+                        /* We expect this to be signed when the DS record exists, and don't expect it to be
-+                         * signed when the DS record is proven not to exist. */
-+                        return dns_answer_match_key(dt->answer, dns_transaction_key(dt), NULL);
-                 }
- 
-                 return true;

diff --git a/sys-apps/systemd/files/255-dnssec.patch b/sys-apps/systemd/files/255-dnssec.patch
deleted file mode 100644
index 978c26ff15f4..000000000000
--- a/sys-apps/systemd/files/255-dnssec.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-https://github.com/systemd/systemd/issues/32531
-https://github.com/systemd/systemd/commit/d840783db5208219c78d73b9b46ef5daae9fea0a
-https://github.com/systemd/systemd-stable/commit/52c17febf14c866d9808d1804f13ac98d76e665b
-
-From 52c17febf14c866d9808d1804f13ac98d76e665b Mon Sep 17 00:00:00 2001
-From: Ronan Pigott <ronan@rjp.ie>
-Date: Mon, 29 Apr 2024 02:17:23 -0700
-Subject: [PATCH] resolved: always progress DS queries
-
-If we request a DS and the resolver offers an unsigned SOA, a new
-auxiliary transaction for the DS will be rejected as a loop, and we
-might not make any progress toward finding the DS we need. Let's ensure
-that we at least always check the parent in this case.
-
-Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
-(cherry picked from commit d840783db5208219c78d73b9b46ef5daae9fea0a)
---- a/src/resolve/resolved-dns-transaction.c
-+++ b/src/resolve/resolved-dns-transaction.c
-@@ -2545,6 +2545,10 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
-                                         return r;
-                                 if (r == 0)
-                                         continue;
-+
-+                                /* If we were looking for the DS RR, don't request it again. */
-+                                if (dns_transaction_key(t)->type == DNS_TYPE_DS)
-+                                        continue;
-                         }
- 
-                         r = dnssec_has_rrsig(t->answer, rr->key);

diff --git a/sys-apps/systemd/systemd-255.5-r1.ebuild b/sys-apps/systemd/systemd-255.5-r1.ebuild
deleted file mode 100644
index 5b851ace01ec..000000000000
--- a/sys-apps/systemd/systemd-255.5-r1.ebuild
+++ /dev/null
@@ -1,530 +0,0 @@
-# Copyright 2011-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-PYTHON_COMPAT=( python3_{10..12} )
-
-# Avoid QA warnings
-TMPFILES_OPTIONAL=1
-UDEV_OPTIONAL=1
-
-QA_PKGCONFIG_VERSION=$(ver_cut 1)
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
-	inherit git-r3
-else
-	if [[ ${PV} == *.* ]]; then
-		MY_PN=systemd-stable
-	else
-		MY_PN=systemd
-	fi
-	MY_PV=${PV/_/-}
-	MY_P=${MY_PN}-${MY_PV}
-	S=${WORKDIR}/${MY_P}
-	SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
-
-	if [[ ${PV} != *rc* ]] ; then
-		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-	fi
-fi
-
-inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1
-inherit secureboot systemd toolchain-funcs udev
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="http://systemd.io/"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="
-	acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
-	fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod
-	+lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
-	+resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
-"
-REQUIRED_USE="
-	${PYTHON_REQUIRED_USE}
-	dns-over-tls? ( || ( gnutls openssl ) )
-	fido2? ( cryptsetup openssl )
-	homed? ( cryptsetup pam openssl )
-	importd? ( curl lzma || ( gcrypt openssl ) )
-	pwquality? ( homed )
-	boot? ( kernel-install )
-	ukify? ( boot )
-"
-RESTRICT="!test? ( test )"
-
-MINKV="4.15"
-
-COMMON_DEPEND="
-	>=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}]
-	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
-	virtual/libcrypt:=[${MULTILIB_USEDEP}]
-	acl? ( sys-apps/acl:0= )
-	apparmor? ( >=sys-libs/libapparmor-2.13:0= )
-	audit? ( >=sys-process/audit-2:0= )
-	cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
-	curl? ( >=net-misc/curl-7.32.0:0= )
-	elfutils? ( >=dev-libs/elfutils-0.158:0= )
-	fido2? ( dev-libs/libfido2:0= )
-	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
-	gnutls? ( >=net-libs/gnutls-3.6.0:0= )
-	http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
-	idn? ( net-dns/libidn2:= )
-	importd? (
-		app-arch/bzip2:0=
-		sys-libs/zlib:0=
-	)
-	kmod? ( >=sys-apps/kmod-15:0= )
-	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
-	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
-	iptables? ( net-firewall/iptables:0= )
-	openssl? ( >=dev-libs/openssl-1.1.0:0= )
-	pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
-	pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= )
-	pcre? ( dev-libs/libpcre2 )
-	pwquality? ( >=dev-libs/libpwquality-1.4.1:0= )
-	qrcode? ( >=media-gfx/qrencode-3:0= )
-	seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
-	selinux? ( >=sys-libs/libselinux-2.1.9:0= )
-	tpm? ( app-crypt/tpm2-tss:0= )
-	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
-	zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
-"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
-	>=sys-kernel/linux-headers-${MINKV}
-"
-
-PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
-	>=acct-group/adm-0-r1
-	>=acct-group/wheel-0-r1
-	>=acct-group/kmem-0-r1
-	>=acct-group/tty-0-r1
-	>=acct-group/utmp-0-r1
-	>=acct-group/audio-0-r1
-	>=acct-group/cdrom-0-r1
-	>=acct-group/dialout-0-r1
-	>=acct-group/disk-0-r1
-	>=acct-group/input-0-r1
-	>=acct-group/kvm-0-r1
-	>=acct-group/lp-0-r1
-	>=acct-group/render-0-r1
-	acct-group/sgx
-	>=acct-group/tape-0-r1
-	acct-group/users
-	>=acct-group/video-0-r1
-	>=acct-group/systemd-journal-0-r1
-	>=acct-user/root-0-r1
-	acct-user/nobody
-	>=acct-user/systemd-journal-remote-0-r1
-	>=acct-user/systemd-coredump-0-r1
-	>=acct-user/systemd-network-0-r1
-	acct-user/systemd-oom
-	>=acct-user/systemd-resolve-0-r1
-	>=acct-user/systemd-timesync-0-r1
-	>=sys-apps/baselayout-2.2
-	ukify? (
-		${PYTHON_DEPS}
-		$(python_gen_cond_dep "${PEFILE_DEPEND}")
-	)
-	selinux? (
-		sec-policy/selinux-base-policy[systemd]
-		sec-policy/selinux-ntp
-	)
-	sysv-utils? (
-		!sys-apps/openrc[sysv-utils(-)]
-		!sys-apps/sysvinit
-	)
-	!sysv-utils? ( sys-apps/sysvinit )
-	resolvconf? ( !net-dns/openresolv )
-	!sys-apps/hwids[udev]
-	!sys-auth/nss-myhostname
-	!sys-fs/eudev
-	!sys-fs/udev
-"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
-	>=sys-fs/udev-init-scripts-34
-	policykit? ( sys-auth/polkit )
-	!vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-BDEPEND="
-	app-arch/xz-utils:0
-	dev-util/gperf
-	>=dev-build/meson-0.46
-	>=sys-apps/coreutils-8.16
-	sys-devel/gettext
-	virtual/pkgconfig
-	test? (
-		app-text/tree
-		dev-lang/perl
-		sys-apps/dbus
-	)
-	app-text/docbook-xml-dtd:4.2
-	app-text/docbook-xml-dtd:4.5
-	app-text/docbook-xsl-stylesheets
-	dev-libs/libxslt:0
-	${PYTHON_DEPS}
-	$(python_gen_cond_dep "
-		dev-python/jinja[\${PYTHON_USEDEP}]
-		dev-python/lxml[\${PYTHON_USEDEP}]
-		boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] )
-		ukify? ( test? ( ${PEFILE_DEPEND} ) )
-	")
-"
-
-QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
-QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
-
-pkg_pretend() {
-	if use split-usr; then
-		eerror "Please complete the migration to merged-usr."
-		eerror "https://wiki.gentoo.org/wiki/Merge-usr"
-		die "systemd no longer supports split-usr"
-	fi
-	if [[ ${MERGE_TYPE} != buildonly ]]; then
-		local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
-			~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
-			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
-			~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
-			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
-			~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
-			~!SYSFS_DEPRECATED_V2"
-
-		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
-		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
-
-		if kernel_is -ge 5 10 20; then
-			CONFIG_CHECK+=" ~KCMP"
-		else
-			CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
-		fi
-
-		if kernel_is -ge 4 18; then
-			CONFIG_CHECK+=" ~AUTOFS_FS"
-		else
-			CONFIG_CHECK+=" ~AUTOFS4_FS"
-		fi
-
-		if linux_config_exists; then
-			local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
-			if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
-				ewarn "It's recommended to set an empty value to the following kernel config option:"
-				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
-			fi
-			if linux_chkconfig_present X86; then
-				CONFIG_CHECK+=" ~DMIID"
-			fi
-		fi
-
-		if kernel_is -lt ${MINKV//./ }; then
-			ewarn "Kernel version at least ${MINKV} required"
-		fi
-
-		check_extra_config
-	fi
-}
-
-pkg_setup() {
-	use boot && secureboot_pkg_setup
-}
-
-src_unpack() {
-	default
-	[[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
-	local PATCHES=(
-		"${FILESDIR}/systemd-test-process-util.patch"
-		"${FILESDIR}/255-dnssec.patch"
-	)
-
-	if ! use vanilla; then
-		PATCHES+=(
-			"${FILESDIR}/gentoo-generator-path-r2.patch"
-			"${FILESDIR}/gentoo-journald-audit-r1.patch"
-		)
-	fi
-
-	default
-}
-
-src_configure() {
-	# Prevent conflicts with i686 cross toolchain, bug 559726
-	tc-export AR CC NM OBJCOPY RANLIB
-
-	python_setup
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	local myconf=(
-		--localstatedir="${EPREFIX}/var"
-		# default is developer, bug 918671
-		-Dmode=release
-		-Dsupport-url="https://gentoo.org/support/"
-		-Dpamlibdir="$(getpam_mod_dir)"
-		# avoid bash-completion dep
-		-Dbashcompletiondir="$(get_bashcompdir)"
-		-Dsplit-bin=false
-		# Disable compatibility with sysvinit
-		-Dsysvinit-path=
-		-Dsysvrcnd-path=
-		# Avoid infinite exec recursion, bug 642724
-		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
-		# no deps
-		-Dima=true
-		-Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
-		# Match /etc/shells, bug 919749
-		-Ddebug-shell="${EPREFIX}/bin/sh"
-		-Ddefault-user-shell="${EPREFIX}/bin/bash"
-		# Optional components/dependencies
-		$(meson_native_use_bool acl)
-		$(meson_native_use_bool apparmor)
-		$(meson_native_use_bool audit)
-		$(meson_native_use_bool boot bootloader)
-		$(meson_native_use_bool cryptsetup libcryptsetup)
-		$(meson_native_use_bool curl libcurl)
-		$(meson_native_use_bool dns-over-tls dns-over-tls)
-		$(meson_native_use_bool elfutils)
-		$(meson_native_use_bool fido2 libfido2)
-		$(meson_use gcrypt)
-		$(meson_native_use_bool gnutls)
-		$(meson_native_use_bool homed)
-		$(meson_native_use_bool http microhttpd)
-		$(meson_native_use_bool idn)
-		$(meson_native_use_bool importd)
-		$(meson_native_use_bool importd bzip2)
-		$(meson_native_use_bool importd zlib)
-		$(meson_native_use_bool kernel-install)
-		$(meson_native_use_bool kmod)
-		$(meson_use lz4)
-		$(meson_use lzma xz)
-		$(meson_use test tests)
-		$(meson_use zstd)
-		$(meson_native_use_bool iptables libiptc)
-		$(meson_native_use_bool openssl)
-		$(meson_use pam)
-		$(meson_native_use_bool pkcs11 p11kit)
-		$(meson_native_use_bool pcre pcre2)
-		$(meson_native_use_bool policykit polkit)
-		$(meson_native_use_bool pwquality)
-		$(meson_native_use_bool qrcode qrencode)
-		$(meson_native_use_bool seccomp)
-		$(meson_native_use_bool selinux)
-		$(meson_native_use_bool tpm tpm2)
-		$(meson_native_use_bool test dbus)
-		$(meson_native_use_bool ukify)
-		$(meson_native_use_bool xkb xkbcommon)
-		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
-		# Breaks screen, tmux, etc.
-		-Ddefault-kill-user-processes=false
-		-Dcreate-log-dirs=false
-
-		# multilib options
-		$(meson_native_true backlight)
-		$(meson_native_true binfmt)
-		$(meson_native_true coredump)
-		$(meson_native_true environment-d)
-		$(meson_native_true firstboot)
-		$(meson_native_true hibernate)
-		$(meson_native_true hostnamed)
-		$(meson_native_true ldconfig)
-		$(meson_native_true localed)
-		$(meson_native_true man)
-		$(meson_native_true networkd)
-		$(meson_native_true quotacheck)
-		$(meson_native_true randomseed)
-		$(meson_native_true rfkill)
-		$(meson_native_true sysusers)
-		$(meson_native_true timedated)
-		$(meson_native_true timesyncd)
-		$(meson_native_true tmpfiles)
-		$(meson_native_true vconsole)
-		$(meson_native_enabled vmspawn)
-	)
-
-	meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_test() {
-	(
-		unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
-		export COLUMNS=80
-		addpredict /dev
-		addpredict /proc
-		addpredict /run
-		addpredict /sys/fs/cgroup
-		meson_src_test
-	) || die
-}
-
-multilib_src_install_all() {
-	# meson doesn't know about docdir
-	mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
-
-	einstalldocs
-	dodoc "${FILESDIR}"/nsswitch.conf
-
-	insinto /usr/lib/tmpfiles.d
-	doins "${FILESDIR}"/legacy.conf
-
-	if ! use resolvconf; then
-		rm -f "${ED}"/usr/bin/resolvconf || die
-	fi
-
-	if ! use sysv-utils; then
-		rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die
-		rm "${ED}"/usr/share/man/man1/init.1 || die
-		rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
-	fi
-
-	# https://bugs.gentoo.org/761763
-	rm -r "${ED}"/usr/lib/sysusers.d || die
-
-	# Preserve empty dirs in /etc & /var, bug #437008
-	keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
-	keepdir /etc/kernel/install.d
-	keepdir /etc/systemd/{network,system,user}
-	keepdir /etc/udev/rules.d
-
-	keepdir /etc/udev/hwdb.d
-
-	keepdir /usr/lib/systemd/{system-sleep,system-shutdown}
-	keepdir /usr/lib/{binfmt.d,modules-load.d}
-	keepdir /usr/lib/systemd/user-generators
-	keepdir /var/lib/systemd
-	keepdir /var/log/journal
-
-	if use pam; then
-		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
-	fi
-
-	if use kernel-install; then
-		# Dummy config, remove to make room for sys-kernel/installkernel
-		rm "${ED}/usr/lib/kernel/install.conf" || die
-	fi
-
-	use ukify && python_fix_shebang "${ED}"
-	use boot && secureboot_auto_sign
-}
-
-migrate_locale() {
-	local envd_locale_def="${EROOT}/etc/env.d/02locale"
-	local envd_locale=( "${EROOT}"/etc/env.d/??locale )
-	local locale_conf="${EROOT}/etc/locale.conf"
-
-	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
-		# If locale.conf does not exist...
-		if [[ -e ${envd_locale} ]]; then
-			# ...either copy env.d/??locale if there's one
-			ebegin "Moving ${envd_locale} to ${locale_conf}"
-			mv "${envd_locale}" "${locale_conf}"
-			eend ${?} || FAIL=1
-		else
-			# ...or create a dummy default
-			ebegin "Creating ${locale_conf}"
-			cat > "${locale_conf}" <<-EOF
-				# This file has been created by the sys-apps/systemd ebuild.
-				# See locale.conf(5) and localectl(1).
-
-				# LANG=${LANG}
-			EOF
-			eend ${?} || FAIL=1
-		fi
-	fi
-
-	if [[ ! -L ${envd_locale} ]]; then
-		# now, if env.d/??locale is not a symlink (to locale.conf)...
-		if [[ -e ${envd_locale} ]]; then
-			# ...warn the user that he has duplicate locale settings
-			ewarn
-			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
-			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
-			ewarn "and create the symlink with the following command:"
-			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
-			ewarn
-		else
-			# ...or just create the symlink if there's nothing here
-			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
-			ln -n -s ../locale.conf "${envd_locale_def}"
-			eend ${?} || FAIL=1
-		fi
-	fi
-}
-
-pkg_preinst() {
-	if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
-		# Symlink /etc/sysctl.conf for easy migration.
-		dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
-	fi
-
-	if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
-		ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
-		ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
-	fi
-}
-
-pkg_postinst() {
-	systemd_update_catalog
-
-	# Keep this here in case the database format changes so it gets updated
-	# when required.
-	systemd-hwdb --root="${ROOT}" update
-
-	udev_reload || FAIL=1
-
-	# Bug 465468, make sure locales are respected, and ensure consistency
-	# between OpenRC & systemd
-	migrate_locale
-
-	if [[ -z ${REPLACING_VERSIONS} ]]; then
-		if type systemctl &>/dev/null; then
-			systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
-		fi
-		elog "To enable a useful set of services, run the following:"
-		elog "  systemctl preset-all --preset-mode=enable-only"
-	fi
-
-	if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
-		rm "${EROOT}/var/lib/systemd/timesync"
-	fi
-
-	if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
-		ebegin "Reexecuting system manager (systemd)"
-		systemctl daemon-reexec
-		eend $? || FAIL=1
-	fi
-
-	if [[ ${FAIL} ]]; then
-		eerror "One of the postinst commands failed. Please check the postinst output"
-		eerror "for errors. You may need to clean up your system and/or try installing"
-		eerror "systemd again."
-		eerror
-	fi
-
-	if use boot; then
-		optfeature "installing kernels in systemd-boot's native layout and update loader entries" \
-			"sys-kernel/installkernel[systemd-boot]"
-	fi
-	if use ukify; then
-		optfeature "generating unified kernel image on each kernel installation" \
-			"sys-kernel/installkernel[ukify]"
-	fi
-}
-
-pkg_prerm() {
-	# If removing systemd completely, remove the catalog database.
-	if [[ ! ${REPLACED_BY_VERSION} ]]; then
-		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
-	fi
-}

diff --git a/sys-apps/systemd/systemd-255.5-r2.ebuild b/sys-apps/systemd/systemd-255.5-r2.ebuild
deleted file mode 100644
index 533779767069..000000000000
--- a/sys-apps/systemd/systemd-255.5-r2.ebuild
+++ /dev/null
@@ -1,532 +0,0 @@
-# Copyright 2011-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-PYTHON_COMPAT=( python3_{10..12} )
-
-# Avoid QA warnings
-TMPFILES_OPTIONAL=1
-UDEV_OPTIONAL=1
-
-QA_PKGCONFIG_VERSION=$(ver_cut 1)
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
-	inherit git-r3
-else
-	if [[ ${PV} == *.* ]]; then
-		MY_PN=systemd-stable
-	else
-		MY_PN=systemd
-	fi
-	MY_PV=${PV/_/-}
-	MY_P=${MY_PN}-${MY_PV}
-	S=${WORKDIR}/${MY_P}
-	SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
-
-	if [[ ${PV} != *rc* ]] ; then
-		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-	fi
-fi
-
-inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1
-inherit secureboot systemd toolchain-funcs udev
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="http://systemd.io/"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="
-	acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
-	fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod
-	+lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
-	+resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
-"
-REQUIRED_USE="
-	${PYTHON_REQUIRED_USE}
-	dns-over-tls? ( || ( gnutls openssl ) )
-	fido2? ( cryptsetup openssl )
-	homed? ( cryptsetup pam openssl )
-	importd? ( curl lzma || ( gcrypt openssl ) )
-	pwquality? ( homed )
-	boot? ( kernel-install )
-	ukify? ( boot )
-"
-RESTRICT="!test? ( test )"
-
-MINKV="4.15"
-
-COMMON_DEPEND="
-	>=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}]
-	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
-	virtual/libcrypt:=[${MULTILIB_USEDEP}]
-	acl? ( sys-apps/acl:0= )
-	apparmor? ( >=sys-libs/libapparmor-2.13:0= )
-	audit? ( >=sys-process/audit-2:0= )
-	cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
-	curl? ( >=net-misc/curl-7.32.0:0= )
-	elfutils? ( >=dev-libs/elfutils-0.158:0= )
-	fido2? ( dev-libs/libfido2:0= )
-	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
-	gnutls? ( >=net-libs/gnutls-3.6.0:0= )
-	http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
-	idn? ( net-dns/libidn2:= )
-	importd? (
-		app-arch/bzip2:0=
-		sys-libs/zlib:0=
-	)
-	kmod? ( >=sys-apps/kmod-15:0= )
-	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
-	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
-	iptables? ( net-firewall/iptables:0= )
-	openssl? ( >=dev-libs/openssl-1.1.0:0= )
-	pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
-	pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= )
-	pcre? ( dev-libs/libpcre2 )
-	pwquality? ( >=dev-libs/libpwquality-1.4.1:0= )
-	qrcode? ( >=media-gfx/qrencode-3:0= )
-	seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
-	selinux? ( >=sys-libs/libselinux-2.1.9:0= )
-	tpm? ( app-crypt/tpm2-tss:0= )
-	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
-	zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
-"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
-	>=sys-kernel/linux-headers-${MINKV}
-"
-
-PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
-	>=acct-group/adm-0-r1
-	>=acct-group/wheel-0-r1
-	>=acct-group/kmem-0-r1
-	>=acct-group/tty-0-r1
-	>=acct-group/utmp-0-r1
-	>=acct-group/audio-0-r1
-	>=acct-group/cdrom-0-r1
-	>=acct-group/dialout-0-r1
-	>=acct-group/disk-0-r1
-	>=acct-group/input-0-r1
-	>=acct-group/kvm-0-r1
-	>=acct-group/lp-0-r1
-	>=acct-group/render-0-r1
-	acct-group/sgx
-	>=acct-group/tape-0-r1
-	acct-group/users
-	>=acct-group/video-0-r1
-	>=acct-group/systemd-journal-0-r1
-	>=acct-user/root-0-r1
-	acct-user/nobody
-	>=acct-user/systemd-journal-remote-0-r1
-	>=acct-user/systemd-coredump-0-r1
-	>=acct-user/systemd-network-0-r1
-	acct-user/systemd-oom
-	>=acct-user/systemd-resolve-0-r1
-	>=acct-user/systemd-timesync-0-r1
-	>=sys-apps/baselayout-2.2
-	ukify? (
-		${PYTHON_DEPS}
-		$(python_gen_cond_dep "${PEFILE_DEPEND}")
-	)
-	selinux? (
-		sec-policy/selinux-base-policy[systemd]
-		sec-policy/selinux-ntp
-	)
-	sysv-utils? (
-		!sys-apps/openrc[sysv-utils(-)]
-		!sys-apps/sysvinit
-	)
-	!sysv-utils? ( sys-apps/sysvinit )
-	resolvconf? ( !net-dns/openresolv )
-	!sys-apps/hwids[udev]
-	!sys-auth/nss-myhostname
-	!sys-fs/eudev
-	!sys-fs/udev
-"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
-	>=sys-fs/udev-init-scripts-34
-	policykit? ( sys-auth/polkit )
-	!vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-BDEPEND="
-	app-arch/xz-utils:0
-	dev-util/gperf
-	>=dev-build/meson-0.46
-	>=sys-apps/coreutils-8.16
-	sys-devel/gettext
-	virtual/pkgconfig
-	test? (
-		app-text/tree
-		dev-lang/perl
-		sys-apps/dbus
-	)
-	app-text/docbook-xml-dtd:4.2
-	app-text/docbook-xml-dtd:4.5
-	app-text/docbook-xsl-stylesheets
-	dev-libs/libxslt:0
-	${PYTHON_DEPS}
-	$(python_gen_cond_dep "
-		dev-python/jinja[\${PYTHON_USEDEP}]
-		dev-python/lxml[\${PYTHON_USEDEP}]
-		boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] )
-		ukify? ( test? ( ${PEFILE_DEPEND} ) )
-	")
-"
-
-QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
-QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
-
-pkg_pretend() {
-	if use split-usr; then
-		eerror "Please complete the migration to merged-usr."
-		eerror "https://wiki.gentoo.org/wiki/Merge-usr"
-		die "systemd no longer supports split-usr"
-	fi
-	if [[ ${MERGE_TYPE} != buildonly ]]; then
-		local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
-			~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
-			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
-			~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
-			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
-			~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
-			~!SYSFS_DEPRECATED_V2"
-
-		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
-		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
-
-		if kernel_is -ge 5 10 20; then
-			CONFIG_CHECK+=" ~KCMP"
-		else
-			CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
-		fi
-
-		if kernel_is -ge 4 18; then
-			CONFIG_CHECK+=" ~AUTOFS_FS"
-		else
-			CONFIG_CHECK+=" ~AUTOFS4_FS"
-		fi
-
-		if linux_config_exists; then
-			local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
-			if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
-				ewarn "It's recommended to set an empty value to the following kernel config option:"
-				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
-			fi
-			if linux_chkconfig_present X86; then
-				CONFIG_CHECK+=" ~DMIID"
-			fi
-		fi
-
-		if kernel_is -lt ${MINKV//./ }; then
-			ewarn "Kernel version at least ${MINKV} required"
-		fi
-
-		check_extra_config
-	fi
-}
-
-pkg_setup() {
-	use boot && secureboot_pkg_setup
-}
-
-src_unpack() {
-	default
-	[[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
-	local PATCHES=(
-		"${FILESDIR}/systemd-test-process-util.patch"
-		"${FILESDIR}/255-dnssec.patch"
-		"${FILESDIR}/255-dnssec-2.patch"
-		"${FILESDIR}/255-dnssec-3.patch"
-	)
-
-	if ! use vanilla; then
-		PATCHES+=(
-			"${FILESDIR}/gentoo-generator-path-r2.patch"
-			"${FILESDIR}/gentoo-journald-audit-r1.patch"
-		)
-	fi
-
-	default
-}
-
-src_configure() {
-	# Prevent conflicts with i686 cross toolchain, bug 559726
-	tc-export AR CC NM OBJCOPY RANLIB
-
-	python_setup
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	local myconf=(
-		--localstatedir="${EPREFIX}/var"
-		# default is developer, bug 918671
-		-Dmode=release
-		-Dsupport-url="https://gentoo.org/support/"
-		-Dpamlibdir="$(getpam_mod_dir)"
-		# avoid bash-completion dep
-		-Dbashcompletiondir="$(get_bashcompdir)"
-		-Dsplit-bin=false
-		# Disable compatibility with sysvinit
-		-Dsysvinit-path=
-		-Dsysvrcnd-path=
-		# Avoid infinite exec recursion, bug 642724
-		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
-		# no deps
-		-Dima=true
-		-Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
-		# Match /etc/shells, bug 919749
-		-Ddebug-shell="${EPREFIX}/bin/sh"
-		-Ddefault-user-shell="${EPREFIX}/bin/bash"
-		# Optional components/dependencies
-		$(meson_native_use_bool acl)
-		$(meson_native_use_bool apparmor)
-		$(meson_native_use_bool audit)
-		$(meson_native_use_bool boot bootloader)
-		$(meson_native_use_bool cryptsetup libcryptsetup)
-		$(meson_native_use_bool curl libcurl)
-		$(meson_native_use_bool dns-over-tls dns-over-tls)
-		$(meson_native_use_bool elfutils)
-		$(meson_native_use_bool fido2 libfido2)
-		$(meson_use gcrypt)
-		$(meson_native_use_bool gnutls)
-		$(meson_native_use_bool homed)
-		$(meson_native_use_bool http microhttpd)
-		$(meson_native_use_bool idn)
-		$(meson_native_use_bool importd)
-		$(meson_native_use_bool importd bzip2)
-		$(meson_native_use_bool importd zlib)
-		$(meson_native_use_bool kernel-install)
-		$(meson_native_use_bool kmod)
-		$(meson_use lz4)
-		$(meson_use lzma xz)
-		$(meson_use test tests)
-		$(meson_use zstd)
-		$(meson_native_use_bool iptables libiptc)
-		$(meson_native_use_bool openssl)
-		$(meson_use pam)
-		$(meson_native_use_bool pkcs11 p11kit)
-		$(meson_native_use_bool pcre pcre2)
-		$(meson_native_use_bool policykit polkit)
-		$(meson_native_use_bool pwquality)
-		$(meson_native_use_bool qrcode qrencode)
-		$(meson_native_use_bool seccomp)
-		$(meson_native_use_bool selinux)
-		$(meson_native_use_bool tpm tpm2)
-		$(meson_native_use_bool test dbus)
-		$(meson_native_use_bool ukify)
-		$(meson_native_use_bool xkb xkbcommon)
-		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
-		# Breaks screen, tmux, etc.
-		-Ddefault-kill-user-processes=false
-		-Dcreate-log-dirs=false
-
-		# multilib options
-		$(meson_native_true backlight)
-		$(meson_native_true binfmt)
-		$(meson_native_true coredump)
-		$(meson_native_true environment-d)
-		$(meson_native_true firstboot)
-		$(meson_native_true hibernate)
-		$(meson_native_true hostnamed)
-		$(meson_native_true ldconfig)
-		$(meson_native_true localed)
-		$(meson_native_true man)
-		$(meson_native_true networkd)
-		$(meson_native_true quotacheck)
-		$(meson_native_true randomseed)
-		$(meson_native_true rfkill)
-		$(meson_native_true sysusers)
-		$(meson_native_true timedated)
-		$(meson_native_true timesyncd)
-		$(meson_native_true tmpfiles)
-		$(meson_native_true vconsole)
-		$(meson_native_enabled vmspawn)
-	)
-
-	meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_test() {
-	(
-		unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
-		export COLUMNS=80
-		addpredict /dev
-		addpredict /proc
-		addpredict /run
-		addpredict /sys/fs/cgroup
-		meson_src_test
-	) || die
-}
-
-multilib_src_install_all() {
-	# meson doesn't know about docdir
-	mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
-
-	einstalldocs
-	dodoc "${FILESDIR}"/nsswitch.conf
-
-	insinto /usr/lib/tmpfiles.d
-	doins "${FILESDIR}"/legacy.conf
-
-	if ! use resolvconf; then
-		rm -f "${ED}"/usr/bin/resolvconf || die
-	fi
-
-	if ! use sysv-utils; then
-		rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die
-		rm "${ED}"/usr/share/man/man1/init.1 || die
-		rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
-	fi
-
-	# https://bugs.gentoo.org/761763
-	rm -r "${ED}"/usr/lib/sysusers.d || die
-
-	# Preserve empty dirs in /etc & /var, bug #437008
-	keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
-	keepdir /etc/kernel/install.d
-	keepdir /etc/systemd/{network,system,user}
-	keepdir /etc/udev/rules.d
-
-	keepdir /etc/udev/hwdb.d
-
-	keepdir /usr/lib/systemd/{system-sleep,system-shutdown}
-	keepdir /usr/lib/{binfmt.d,modules-load.d}
-	keepdir /usr/lib/systemd/user-generators
-	keepdir /var/lib/systemd
-	keepdir /var/log/journal
-
-	if use pam; then
-		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
-	fi
-
-	if use kernel-install; then
-		# Dummy config, remove to make room for sys-kernel/installkernel
-		rm "${ED}/usr/lib/kernel/install.conf" || die
-	fi
-
-	use ukify && python_fix_shebang "${ED}"
-	use boot && secureboot_auto_sign
-}
-
-migrate_locale() {
-	local envd_locale_def="${EROOT}/etc/env.d/02locale"
-	local envd_locale=( "${EROOT}"/etc/env.d/??locale )
-	local locale_conf="${EROOT}/etc/locale.conf"
-
-	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
-		# If locale.conf does not exist...
-		if [[ -e ${envd_locale} ]]; then
-			# ...either copy env.d/??locale if there's one
-			ebegin "Moving ${envd_locale} to ${locale_conf}"
-			mv "${envd_locale}" "${locale_conf}"
-			eend ${?} || FAIL=1
-		else
-			# ...or create a dummy default
-			ebegin "Creating ${locale_conf}"
-			cat > "${locale_conf}" <<-EOF
-				# This file has been created by the sys-apps/systemd ebuild.
-				# See locale.conf(5) and localectl(1).
-
-				# LANG=${LANG}
-			EOF
-			eend ${?} || FAIL=1
-		fi
-	fi
-
-	if [[ ! -L ${envd_locale} ]]; then
-		# now, if env.d/??locale is not a symlink (to locale.conf)...
-		if [[ -e ${envd_locale} ]]; then
-			# ...warn the user that he has duplicate locale settings
-			ewarn
-			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
-			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
-			ewarn "and create the symlink with the following command:"
-			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
-			ewarn
-		else
-			# ...or just create the symlink if there's nothing here
-			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
-			ln -n -s ../locale.conf "${envd_locale_def}"
-			eend ${?} || FAIL=1
-		fi
-	fi
-}
-
-pkg_preinst() {
-	if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
-		# Symlink /etc/sysctl.conf for easy migration.
-		dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
-	fi
-
-	if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
-		ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
-		ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
-	fi
-}
-
-pkg_postinst() {
-	systemd_update_catalog
-
-	# Keep this here in case the database format changes so it gets updated
-	# when required.
-	systemd-hwdb --root="${ROOT}" update
-
-	udev_reload || FAIL=1
-
-	# Bug 465468, make sure locales are respected, and ensure consistency
-	# between OpenRC & systemd
-	migrate_locale
-
-	if [[ -z ${REPLACING_VERSIONS} ]]; then
-		if type systemctl &>/dev/null; then
-			systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
-		fi
-		elog "To enable a useful set of services, run the following:"
-		elog "  systemctl preset-all --preset-mode=enable-only"
-	fi
-
-	if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
-		rm "${EROOT}/var/lib/systemd/timesync"
-	fi
-
-	if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
-		ebegin "Reexecuting system manager (systemd)"
-		systemctl daemon-reexec
-		eend $? || FAIL=1
-	fi
-
-	if [[ ${FAIL} ]]; then
-		eerror "One of the postinst commands failed. Please check the postinst output"
-		eerror "for errors. You may need to clean up your system and/or try installing"
-		eerror "systemd again."
-		eerror
-	fi
-
-	if use boot; then
-		optfeature "installing kernels in systemd-boot's native layout and update loader entries" \
-			"sys-kernel/installkernel[systemd-boot]"
-	fi
-	if use ukify; then
-		optfeature "generating unified kernel image on each kernel installation" \
-			"sys-kernel/installkernel[ukify]"
-	fi
-}
-
-pkg_prerm() {
-	# If removing systemd completely, remove the catalog database.
-	if [[ ! ${REPLACED_BY_VERSION} ]]; then
-		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
-	fi
-}

diff --git a/sys-apps/systemd/systemd-255.5.ebuild b/sys-apps/systemd/systemd-255.5.ebuild
deleted file mode 100644
index 9ebc6c14fa23..000000000000
--- a/sys-apps/systemd/systemd-255.5.ebuild
+++ /dev/null
@@ -1,529 +0,0 @@
-# Copyright 2011-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-PYTHON_COMPAT=( python3_{10..12} )
-
-# Avoid QA warnings
-TMPFILES_OPTIONAL=1
-UDEV_OPTIONAL=1
-
-QA_PKGCONFIG_VERSION=$(ver_cut 1)
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
-	inherit git-r3
-else
-	if [[ ${PV} == *.* ]]; then
-		MY_PN=systemd-stable
-	else
-		MY_PN=systemd
-	fi
-	MY_PV=${PV/_/-}
-	MY_P=${MY_PN}-${MY_PV}
-	S=${WORKDIR}/${MY_P}
-	SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
-
-	if [[ ${PV} != *rc* ]] ; then
-		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-	fi
-fi
-
-inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1
-inherit secureboot systemd toolchain-funcs udev
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="http://systemd.io/"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="
-	acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
-	fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod
-	+lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
-	+resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
-"
-REQUIRED_USE="
-	${PYTHON_REQUIRED_USE}
-	dns-over-tls? ( || ( gnutls openssl ) )
-	fido2? ( cryptsetup openssl )
-	homed? ( cryptsetup pam openssl )
-	importd? ( curl lzma || ( gcrypt openssl ) )
-	pwquality? ( homed )
-	boot? ( kernel-install )
-	ukify? ( boot )
-"
-RESTRICT="!test? ( test )"
-
-MINKV="4.15"
-
-COMMON_DEPEND="
-	>=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}]
-	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
-	virtual/libcrypt:=[${MULTILIB_USEDEP}]
-	acl? ( sys-apps/acl:0= )
-	apparmor? ( >=sys-libs/libapparmor-2.13:0= )
-	audit? ( >=sys-process/audit-2:0= )
-	cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
-	curl? ( >=net-misc/curl-7.32.0:0= )
-	elfutils? ( >=dev-libs/elfutils-0.158:0= )
-	fido2? ( dev-libs/libfido2:0= )
-	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
-	gnutls? ( >=net-libs/gnutls-3.6.0:0= )
-	http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
-	idn? ( net-dns/libidn2:= )
-	importd? (
-		app-arch/bzip2:0=
-		sys-libs/zlib:0=
-	)
-	kmod? ( >=sys-apps/kmod-15:0= )
-	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
-	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
-	iptables? ( net-firewall/iptables:0= )
-	openssl? ( >=dev-libs/openssl-1.1.0:0= )
-	pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
-	pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= )
-	pcre? ( dev-libs/libpcre2 )
-	pwquality? ( >=dev-libs/libpwquality-1.4.1:0= )
-	qrcode? ( >=media-gfx/qrencode-3:0= )
-	seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
-	selinux? ( >=sys-libs/libselinux-2.1.9:0= )
-	tpm? ( app-crypt/tpm2-tss:0= )
-	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
-	zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
-"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
-	>=sys-kernel/linux-headers-${MINKV}
-"
-
-PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
-	>=acct-group/adm-0-r1
-	>=acct-group/wheel-0-r1
-	>=acct-group/kmem-0-r1
-	>=acct-group/tty-0-r1
-	>=acct-group/utmp-0-r1
-	>=acct-group/audio-0-r1
-	>=acct-group/cdrom-0-r1
-	>=acct-group/dialout-0-r1
-	>=acct-group/disk-0-r1
-	>=acct-group/input-0-r1
-	>=acct-group/kvm-0-r1
-	>=acct-group/lp-0-r1
-	>=acct-group/render-0-r1
-	acct-group/sgx
-	>=acct-group/tape-0-r1
-	acct-group/users
-	>=acct-group/video-0-r1
-	>=acct-group/systemd-journal-0-r1
-	>=acct-user/root-0-r1
-	acct-user/nobody
-	>=acct-user/systemd-journal-remote-0-r1
-	>=acct-user/systemd-coredump-0-r1
-	>=acct-user/systemd-network-0-r1
-	acct-user/systemd-oom
-	>=acct-user/systemd-resolve-0-r1
-	>=acct-user/systemd-timesync-0-r1
-	>=sys-apps/baselayout-2.2
-	ukify? (
-		${PYTHON_DEPS}
-		$(python_gen_cond_dep "${PEFILE_DEPEND}")
-	)
-	selinux? (
-		sec-policy/selinux-base-policy[systemd]
-		sec-policy/selinux-ntp
-	)
-	sysv-utils? (
-		!sys-apps/openrc[sysv-utils(-)]
-		!sys-apps/sysvinit
-	)
-	!sysv-utils? ( sys-apps/sysvinit )
-	resolvconf? ( !net-dns/openresolv )
-	!sys-apps/hwids[udev]
-	!sys-auth/nss-myhostname
-	!sys-fs/eudev
-	!sys-fs/udev
-"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
-	>=sys-fs/udev-init-scripts-34
-	policykit? ( sys-auth/polkit )
-	!vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-BDEPEND="
-	app-arch/xz-utils:0
-	dev-util/gperf
-	>=dev-build/meson-0.46
-	>=sys-apps/coreutils-8.16
-	sys-devel/gettext
-	virtual/pkgconfig
-	test? (
-		app-text/tree
-		dev-lang/perl
-		sys-apps/dbus
-	)
-	app-text/docbook-xml-dtd:4.2
-	app-text/docbook-xml-dtd:4.5
-	app-text/docbook-xsl-stylesheets
-	dev-libs/libxslt:0
-	${PYTHON_DEPS}
-	$(python_gen_cond_dep "
-		dev-python/jinja[\${PYTHON_USEDEP}]
-		dev-python/lxml[\${PYTHON_USEDEP}]
-		boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] )
-		ukify? ( test? ( ${PEFILE_DEPEND} ) )
-	")
-"
-
-QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
-QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
-
-pkg_pretend() {
-	if use split-usr; then
-		eerror "Please complete the migration to merged-usr."
-		eerror "https://wiki.gentoo.org/wiki/Merge-usr"
-		die "systemd no longer supports split-usr"
-	fi
-	if [[ ${MERGE_TYPE} != buildonly ]]; then
-		local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
-			~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
-			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
-			~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
-			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
-			~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
-			~!SYSFS_DEPRECATED_V2"
-
-		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
-		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
-
-		if kernel_is -ge 5 10 20; then
-			CONFIG_CHECK+=" ~KCMP"
-		else
-			CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
-		fi
-
-		if kernel_is -ge 4 18; then
-			CONFIG_CHECK+=" ~AUTOFS_FS"
-		else
-			CONFIG_CHECK+=" ~AUTOFS4_FS"
-		fi
-
-		if linux_config_exists; then
-			local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
-			if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
-				ewarn "It's recommended to set an empty value to the following kernel config option:"
-				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
-			fi
-			if linux_chkconfig_present X86; then
-				CONFIG_CHECK+=" ~DMIID"
-			fi
-		fi
-
-		if kernel_is -lt ${MINKV//./ }; then
-			ewarn "Kernel version at least ${MINKV} required"
-		fi
-
-		check_extra_config
-	fi
-}
-
-pkg_setup() {
-	use boot && secureboot_pkg_setup
-}
-
-src_unpack() {
-	default
-	[[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
-	local PATCHES=(
-		"${FILESDIR}/systemd-test-process-util.patch"
-	)
-
-	if ! use vanilla; then
-		PATCHES+=(
-			"${FILESDIR}/gentoo-generator-path-r2.patch"
-			"${FILESDIR}/gentoo-journald-audit-r1.patch"
-		)
-	fi
-
-	default
-}
-
-src_configure() {
-	# Prevent conflicts with i686 cross toolchain, bug 559726
-	tc-export AR CC NM OBJCOPY RANLIB
-
-	python_setup
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	local myconf=(
-		--localstatedir="${EPREFIX}/var"
-		# default is developer, bug 918671
-		-Dmode=release
-		-Dsupport-url="https://gentoo.org/support/"
-		-Dpamlibdir="$(getpam_mod_dir)"
-		# avoid bash-completion dep
-		-Dbashcompletiondir="$(get_bashcompdir)"
-		-Dsplit-bin=false
-		# Disable compatibility with sysvinit
-		-Dsysvinit-path=
-		-Dsysvrcnd-path=
-		# Avoid infinite exec recursion, bug 642724
-		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
-		# no deps
-		-Dima=true
-		-Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
-		# Match /etc/shells, bug 919749
-		-Ddebug-shell="${EPREFIX}/bin/sh"
-		-Ddefault-user-shell="${EPREFIX}/bin/bash"
-		# Optional components/dependencies
-		$(meson_native_use_bool acl)
-		$(meson_native_use_bool apparmor)
-		$(meson_native_use_bool audit)
-		$(meson_native_use_bool boot bootloader)
-		$(meson_native_use_bool cryptsetup libcryptsetup)
-		$(meson_native_use_bool curl libcurl)
-		$(meson_native_use_bool dns-over-tls dns-over-tls)
-		$(meson_native_use_bool elfutils)
-		$(meson_native_use_bool fido2 libfido2)
-		$(meson_use gcrypt)
-		$(meson_native_use_bool gnutls)
-		$(meson_native_use_bool homed)
-		$(meson_native_use_bool http microhttpd)
-		$(meson_native_use_bool idn)
-		$(meson_native_use_bool importd)
-		$(meson_native_use_bool importd bzip2)
-		$(meson_native_use_bool importd zlib)
-		$(meson_native_use_bool kernel-install)
-		$(meson_native_use_bool kmod)
-		$(meson_use lz4)
-		$(meson_use lzma xz)
-		$(meson_use test tests)
-		$(meson_use zstd)
-		$(meson_native_use_bool iptables libiptc)
-		$(meson_native_use_bool openssl)
-		$(meson_use pam)
-		$(meson_native_use_bool pkcs11 p11kit)
-		$(meson_native_use_bool pcre pcre2)
-		$(meson_native_use_bool policykit polkit)
-		$(meson_native_use_bool pwquality)
-		$(meson_native_use_bool qrcode qrencode)
-		$(meson_native_use_bool seccomp)
-		$(meson_native_use_bool selinux)
-		$(meson_native_use_bool tpm tpm2)
-		$(meson_native_use_bool test dbus)
-		$(meson_native_use_bool ukify)
-		$(meson_native_use_bool xkb xkbcommon)
-		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
-		# Breaks screen, tmux, etc.
-		-Ddefault-kill-user-processes=false
-		-Dcreate-log-dirs=false
-
-		# multilib options
-		$(meson_native_true backlight)
-		$(meson_native_true binfmt)
-		$(meson_native_true coredump)
-		$(meson_native_true environment-d)
-		$(meson_native_true firstboot)
-		$(meson_native_true hibernate)
-		$(meson_native_true hostnamed)
-		$(meson_native_true ldconfig)
-		$(meson_native_true localed)
-		$(meson_native_true man)
-		$(meson_native_true networkd)
-		$(meson_native_true quotacheck)
-		$(meson_native_true randomseed)
-		$(meson_native_true rfkill)
-		$(meson_native_true sysusers)
-		$(meson_native_true timedated)
-		$(meson_native_true timesyncd)
-		$(meson_native_true tmpfiles)
-		$(meson_native_true vconsole)
-		$(meson_native_enabled vmspawn)
-	)
-
-	meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_test() {
-	(
-		unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
-		export COLUMNS=80
-		addpredict /dev
-		addpredict /proc
-		addpredict /run
-		addpredict /sys/fs/cgroup
-		meson_src_test
-	) || die
-}
-
-multilib_src_install_all() {
-	# meson doesn't know about docdir
-	mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
-
-	einstalldocs
-	dodoc "${FILESDIR}"/nsswitch.conf
-
-	insinto /usr/lib/tmpfiles.d
-	doins "${FILESDIR}"/legacy.conf
-
-	if ! use resolvconf; then
-		rm -f "${ED}"/usr/bin/resolvconf || die
-	fi
-
-	if ! use sysv-utils; then
-		rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die
-		rm "${ED}"/usr/share/man/man1/init.1 || die
-		rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
-	fi
-
-	# https://bugs.gentoo.org/761763
-	rm -r "${ED}"/usr/lib/sysusers.d || die
-
-	# Preserve empty dirs in /etc & /var, bug #437008
-	keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
-	keepdir /etc/kernel/install.d
-	keepdir /etc/systemd/{network,system,user}
-	keepdir /etc/udev/rules.d
-
-	keepdir /etc/udev/hwdb.d
-
-	keepdir /usr/lib/systemd/{system-sleep,system-shutdown}
-	keepdir /usr/lib/{binfmt.d,modules-load.d}
-	keepdir /usr/lib/systemd/user-generators
-	keepdir /var/lib/systemd
-	keepdir /var/log/journal
-
-	if use pam; then
-		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
-	fi
-
-	if use kernel-install; then
-		# Dummy config, remove to make room for sys-kernel/installkernel
-		rm "${ED}/usr/lib/kernel/install.conf" || die
-	fi
-
-	use ukify && python_fix_shebang "${ED}"
-	use boot && secureboot_auto_sign
-}
-
-migrate_locale() {
-	local envd_locale_def="${EROOT}/etc/env.d/02locale"
-	local envd_locale=( "${EROOT}"/etc/env.d/??locale )
-	local locale_conf="${EROOT}/etc/locale.conf"
-
-	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
-		# If locale.conf does not exist...
-		if [[ -e ${envd_locale} ]]; then
-			# ...either copy env.d/??locale if there's one
-			ebegin "Moving ${envd_locale} to ${locale_conf}"
-			mv "${envd_locale}" "${locale_conf}"
-			eend ${?} || FAIL=1
-		else
-			# ...or create a dummy default
-			ebegin "Creating ${locale_conf}"
-			cat > "${locale_conf}" <<-EOF
-				# This file has been created by the sys-apps/systemd ebuild.
-				# See locale.conf(5) and localectl(1).
-
-				# LANG=${LANG}
-			EOF
-			eend ${?} || FAIL=1
-		fi
-	fi
-
-	if [[ ! -L ${envd_locale} ]]; then
-		# now, if env.d/??locale is not a symlink (to locale.conf)...
-		if [[ -e ${envd_locale} ]]; then
-			# ...warn the user that he has duplicate locale settings
-			ewarn
-			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
-			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
-			ewarn "and create the symlink with the following command:"
-			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
-			ewarn
-		else
-			# ...or just create the symlink if there's nothing here
-			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
-			ln -n -s ../locale.conf "${envd_locale_def}"
-			eend ${?} || FAIL=1
-		fi
-	fi
-}
-
-pkg_preinst() {
-	if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
-		# Symlink /etc/sysctl.conf for easy migration.
-		dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
-	fi
-
-	if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
-		ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
-		ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
-	fi
-}
-
-pkg_postinst() {
-	systemd_update_catalog
-
-	# Keep this here in case the database format changes so it gets updated
-	# when required.
-	systemd-hwdb --root="${ROOT}" update
-
-	udev_reload || FAIL=1
-
-	# Bug 465468, make sure locales are respected, and ensure consistency
-	# between OpenRC & systemd
-	migrate_locale
-
-	if [[ -z ${REPLACING_VERSIONS} ]]; then
-		if type systemctl &>/dev/null; then
-			systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
-		fi
-		elog "To enable a useful set of services, run the following:"
-		elog "  systemctl preset-all --preset-mode=enable-only"
-	fi
-
-	if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
-		rm "${EROOT}/var/lib/systemd/timesync"
-	fi
-
-	if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
-		ebegin "Reexecuting system manager (systemd)"
-		systemctl daemon-reexec
-		eend $? || FAIL=1
-	fi
-
-	if [[ ${FAIL} ]]; then
-		eerror "One of the postinst commands failed. Please check the postinst output"
-		eerror "for errors. You may need to clean up your system and/or try installing"
-		eerror "systemd again."
-		eerror
-	fi
-
-	if use boot; then
-		optfeature "installing kernels in systemd-boot's native layout and update loader entries" \
-			"sys-kernel/installkernel[systemd-boot]"
-	fi
-	if use ukify; then
-		optfeature "generating unified kernel image on each kernel installation" \
-			"sys-kernel/installkernel[ukify]"
-	fi
-}
-
-pkg_prerm() {
-	# If removing systemd completely, remove the catalog database.
-	if [[ ! ${REPLACED_BY_VERSION} ]]; then
-		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
-	fi
-}


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2024-05-05 15:43 Sam James
  0 siblings, 0 replies; 65+ messages in thread
From: Sam James @ 2024-05-05 15:43 UTC (permalink / raw
  To: gentoo-commits

commit:     a2f26b71bd5e7b811ad0a085459c32ac149239b8
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun May  5 15:41:52 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun May  5 15:43:30 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a2f26b71

sys-apps/systemd: backport more dnssec fixes to 255.5

Followup to 1b646e8e63408abcdbf131ace4af9bb80ed5e29a.

Bug: https://bugs.gentoo.org/836341
Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-apps/systemd/files/255-dnssec-2.patch |  48 +++
 sys-apps/systemd/files/255-dnssec-3.patch |  32 ++
 sys-apps/systemd/files/255-dnssec.patch   |   8 +-
 sys-apps/systemd/systemd-255.5-r2.ebuild  | 532 ++++++++++++++++++++++++++++++
 4 files changed, 617 insertions(+), 3 deletions(-)

diff --git a/sys-apps/systemd/files/255-dnssec-2.patch b/sys-apps/systemd/files/255-dnssec-2.patch
new file mode 100644
index 000000000000..e8eaf9782b3e
--- /dev/null
+++ b/sys-apps/systemd/files/255-dnssec-2.patch
@@ -0,0 +1,48 @@
+https://github.com/systemd/systemd/pull/32598
+https://github.com/systemd/systemd-stable/commit/ee15f5efaf2f6cdbb867fca601e92761276e2b1e
+
+From ee15f5efaf2f6cdbb867fca601e92761276e2b1e Mon Sep 17 00:00:00 2001
+From: Ronan Pigott <ronan@rjp.ie>
+Date: Tue, 30 Apr 2024 22:15:18 -0700
+Subject: [PATCH] resolved: probe for dnssec support in allow-downgrade mode
+
+Previously, sd-resolved unnecessarily requested SOA records for each dns
+label in the query, even though they are not needed for the chain of
+trust. Since 47690634f157, only the necessary records are queried when
+validating.
+
+This is actually a problem in allow-downgrade mode, since we will no
+longer attempt a query for a record that we know is signed a priori, and
+will therefore never update our belief about the state of dnssec support
+in the recursive resolver.
+
+Rectify this by reintroducing a query for the root zone SOA in the
+allow-downgrade case, specifically to test that the resolver attaches
+the RRSIGs which we know must exist.
+
+Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
+(cherry picked from commit 5237ffdf2b63a5afea77c3470d9981a2c29643cc)
+--- a/src/resolve/resolved-dns-transaction.c
++++ b/src/resolve/resolved-dns-transaction.c
+@@ -2622,6 +2622,21 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
+                         if (r < 0)
+                                 return r;
+ 
++                        if (t->scope->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE && dns_name_is_root(name)) {
++                                _cleanup_(dns_resource_key_unrefp) DnsResourceKey *soa = NULL;
++                                /* We made it all the way to the root zone. If we are in allow-downgrade
++                                 * mode, we need to make at least one request that we can be certain should
++                                 * have been signed, to test for servers that are not dnssec aware. */
++                                soa = dns_resource_key_new(rr->key->class, DNS_TYPE_SOA, name);
++                                if (!soa)
++                                        return -ENOMEM;
++
++                                log_debug("Requesting root zone SOA to probe dnssec support.");
++                                r = dns_transaction_request_dnssec_rr(t, soa);
++                                if (r < 0)
++                                        return r;
++                        }
++
+                         break;
+                 }
+ 

diff --git a/sys-apps/systemd/files/255-dnssec-3.patch b/sys-apps/systemd/files/255-dnssec-3.patch
new file mode 100644
index 000000000000..4fd231d6d157
--- /dev/null
+++ b/sys-apps/systemd/files/255-dnssec-3.patch
@@ -0,0 +1,32 @@
+https://github.com/systemd/systemd/pull/32593
+https://github.com/systemd/systemd-stable/commit/a1580223a5dd67ab61c5f888b114de43b65fffbf
+
+From a1580223a5dd67ab61c5f888b114de43b65fffbf Mon Sep 17 00:00:00 2001
+From: Ronan Pigott <ronan@rjp.ie>
+Date: Tue, 30 Apr 2024 13:19:14 -0700
+Subject: [PATCH] resolved: validate authentic insecure delegation to CNAME
+
+If the parent zone uses a non-opt-out method that provides authenticated
+negative DS replies, we still can't expect signatures from the child
+zone. sd-resolved was using the authenticated status of the DS reply to
+require signatures for CNAMEs, even though it had already proved that no
+signature exists.
+
+Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
+(cherry picked from commit 414a9b8e5e1e772261b0ffaedc853f5c0aba5719)
+--- a/src/resolve/resolved-dns-transaction.c
++++ b/src/resolve/resolved-dns-transaction.c
+@@ -2863,7 +2863,12 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
+                         if (r == 0)
+                                 continue;
+ 
+-                        return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
++                        if (!FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED))
++                                return false;
++
++                        /* We expect this to be signed when the DS record exists, and don't expect it to be
++                         * signed when the DS record is proven not to exist. */
++                        return dns_answer_match_key(dt->answer, dns_transaction_key(dt), NULL);
+                 }
+ 
+                 return true;

diff --git a/sys-apps/systemd/files/255-dnssec.patch b/sys-apps/systemd/files/255-dnssec.patch
index 5c720c58ce4a..978c26ff15f4 100644
--- a/sys-apps/systemd/files/255-dnssec.patch
+++ b/sys-apps/systemd/files/255-dnssec.patch
@@ -1,6 +1,8 @@
+https://github.com/systemd/systemd/issues/32531
 https://github.com/systemd/systemd/commit/d840783db5208219c78d73b9b46ef5daae9fea0a
+https://github.com/systemd/systemd-stable/commit/52c17febf14c866d9808d1804f13ac98d76e665b
 
-From d840783db5208219c78d73b9b46ef5daae9fea0a Mon Sep 17 00:00:00 2001
+From 52c17febf14c866d9808d1804f13ac98d76e665b Mon Sep 17 00:00:00 2001
 From: Ronan Pigott <ronan@rjp.ie>
 Date: Mon, 29 Apr 2024 02:17:23 -0700
 Subject: [PATCH] resolved: always progress DS queries
@@ -11,9 +13,10 @@ might not make any progress toward finding the DS we need. Let's ensure
 that we at least always check the parent in this case.
 
 Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
+(cherry picked from commit d840783db5208219c78d73b9b46ef5daae9fea0a)
 --- a/src/resolve/resolved-dns-transaction.c
 +++ b/src/resolve/resolved-dns-transaction.c
-@@ -2618,6 +2618,10 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
+@@ -2545,6 +2545,10 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
                                          return r;
                                  if (r == 0)
                                          continue;
@@ -24,4 +27,3 @@ Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
                          }
  
                          r = dnssec_has_rrsig(t->answer, rr->key);
-

diff --git a/sys-apps/systemd/systemd-255.5-r2.ebuild b/sys-apps/systemd/systemd-255.5-r2.ebuild
new file mode 100644
index 000000000000..533779767069
--- /dev/null
+++ b/sys-apps/systemd/systemd-255.5-r2.ebuild
@@ -0,0 +1,532 @@
+# Copyright 2011-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+PYTHON_COMPAT=( python3_{10..12} )
+
+# Avoid QA warnings
+TMPFILES_OPTIONAL=1
+UDEV_OPTIONAL=1
+
+QA_PKGCONFIG_VERSION=$(ver_cut 1)
+
+if [[ ${PV} == 9999 ]]; then
+	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+	inherit git-r3
+else
+	if [[ ${PV} == *.* ]]; then
+		MY_PN=systemd-stable
+	else
+		MY_PN=systemd
+	fi
+	MY_PV=${PV/_/-}
+	MY_P=${MY_PN}-${MY_PV}
+	S=${WORKDIR}/${MY_P}
+	SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
+
+	if [[ ${PV} != *rc* ]] ; then
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+	fi
+fi
+
+inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1
+inherit secureboot systemd toolchain-funcs udev
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="http://systemd.io/"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="
+	acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
+	fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod
+	+lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
+	+resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
+"
+REQUIRED_USE="
+	${PYTHON_REQUIRED_USE}
+	dns-over-tls? ( || ( gnutls openssl ) )
+	fido2? ( cryptsetup openssl )
+	homed? ( cryptsetup pam openssl )
+	importd? ( curl lzma || ( gcrypt openssl ) )
+	pwquality? ( homed )
+	boot? ( kernel-install )
+	ukify? ( boot )
+"
+RESTRICT="!test? ( test )"
+
+MINKV="4.15"
+
+COMMON_DEPEND="
+	>=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}]
+	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+	virtual/libcrypt:=[${MULTILIB_USEDEP}]
+	acl? ( sys-apps/acl:0= )
+	apparmor? ( >=sys-libs/libapparmor-2.13:0= )
+	audit? ( >=sys-process/audit-2:0= )
+	cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
+	curl? ( >=net-misc/curl-7.32.0:0= )
+	elfutils? ( >=dev-libs/elfutils-0.158:0= )
+	fido2? ( dev-libs/libfido2:0= )
+	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+	gnutls? ( >=net-libs/gnutls-3.6.0:0= )
+	http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
+	idn? ( net-dns/libidn2:= )
+	importd? (
+		app-arch/bzip2:0=
+		sys-libs/zlib:0=
+	)
+	kmod? ( >=sys-apps/kmod-15:0= )
+	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+	iptables? ( net-firewall/iptables:0= )
+	openssl? ( >=dev-libs/openssl-1.1.0:0= )
+	pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
+	pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= )
+	pcre? ( dev-libs/libpcre2 )
+	pwquality? ( >=dev-libs/libpwquality-1.4.1:0= )
+	qrcode? ( >=media-gfx/qrencode-3:0= )
+	seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+	selinux? ( >=sys-libs/libselinux-2.1.9:0= )
+	tpm? ( app-crypt/tpm2-tss:0= )
+	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
+	zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
+"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+	>=sys-kernel/linux-headers-${MINKV}
+"
+
+PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+	>=acct-group/adm-0-r1
+	>=acct-group/wheel-0-r1
+	>=acct-group/kmem-0-r1
+	>=acct-group/tty-0-r1
+	>=acct-group/utmp-0-r1
+	>=acct-group/audio-0-r1
+	>=acct-group/cdrom-0-r1
+	>=acct-group/dialout-0-r1
+	>=acct-group/disk-0-r1
+	>=acct-group/input-0-r1
+	>=acct-group/kvm-0-r1
+	>=acct-group/lp-0-r1
+	>=acct-group/render-0-r1
+	acct-group/sgx
+	>=acct-group/tape-0-r1
+	acct-group/users
+	>=acct-group/video-0-r1
+	>=acct-group/systemd-journal-0-r1
+	>=acct-user/root-0-r1
+	acct-user/nobody
+	>=acct-user/systemd-journal-remote-0-r1
+	>=acct-user/systemd-coredump-0-r1
+	>=acct-user/systemd-network-0-r1
+	acct-user/systemd-oom
+	>=acct-user/systemd-resolve-0-r1
+	>=acct-user/systemd-timesync-0-r1
+	>=sys-apps/baselayout-2.2
+	ukify? (
+		${PYTHON_DEPS}
+		$(python_gen_cond_dep "${PEFILE_DEPEND}")
+	)
+	selinux? (
+		sec-policy/selinux-base-policy[systemd]
+		sec-policy/selinux-ntp
+	)
+	sysv-utils? (
+		!sys-apps/openrc[sysv-utils(-)]
+		!sys-apps/sysvinit
+	)
+	!sysv-utils? ( sys-apps/sysvinit )
+	resolvconf? ( !net-dns/openresolv )
+	!sys-apps/hwids[udev]
+	!sys-auth/nss-myhostname
+	!sys-fs/eudev
+	!sys-fs/udev
+"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+	>=sys-fs/udev-init-scripts-34
+	policykit? ( sys-auth/polkit )
+	!vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+BDEPEND="
+	app-arch/xz-utils:0
+	dev-util/gperf
+	>=dev-build/meson-0.46
+	>=sys-apps/coreutils-8.16
+	sys-devel/gettext
+	virtual/pkgconfig
+	test? (
+		app-text/tree
+		dev-lang/perl
+		sys-apps/dbus
+	)
+	app-text/docbook-xml-dtd:4.2
+	app-text/docbook-xml-dtd:4.5
+	app-text/docbook-xsl-stylesheets
+	dev-libs/libxslt:0
+	${PYTHON_DEPS}
+	$(python_gen_cond_dep "
+		dev-python/jinja[\${PYTHON_USEDEP}]
+		dev-python/lxml[\${PYTHON_USEDEP}]
+		boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] )
+		ukify? ( test? ( ${PEFILE_DEPEND} ) )
+	")
+"
+
+QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
+QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
+
+pkg_pretend() {
+	if use split-usr; then
+		eerror "Please complete the migration to merged-usr."
+		eerror "https://wiki.gentoo.org/wiki/Merge-usr"
+		die "systemd no longer supports split-usr"
+	fi
+	if [[ ${MERGE_TYPE} != buildonly ]]; then
+		local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
+			~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+			~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
+			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+			~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+			~!SYSFS_DEPRECATED_V2"
+
+		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+
+		if kernel_is -ge 5 10 20; then
+			CONFIG_CHECK+=" ~KCMP"
+		else
+			CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
+		fi
+
+		if kernel_is -ge 4 18; then
+			CONFIG_CHECK+=" ~AUTOFS_FS"
+		else
+			CONFIG_CHECK+=" ~AUTOFS4_FS"
+		fi
+
+		if linux_config_exists; then
+			local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+			if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+				ewarn "It's recommended to set an empty value to the following kernel config option:"
+				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+			fi
+			if linux_chkconfig_present X86; then
+				CONFIG_CHECK+=" ~DMIID"
+			fi
+		fi
+
+		if kernel_is -lt ${MINKV//./ }; then
+			ewarn "Kernel version at least ${MINKV} required"
+		fi
+
+		check_extra_config
+	fi
+}
+
+pkg_setup() {
+	use boot && secureboot_pkg_setup
+}
+
+src_unpack() {
+	default
+	[[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}/systemd-test-process-util.patch"
+		"${FILESDIR}/255-dnssec.patch"
+		"${FILESDIR}/255-dnssec-2.patch"
+		"${FILESDIR}/255-dnssec-3.patch"
+	)
+
+	if ! use vanilla; then
+		PATCHES+=(
+			"${FILESDIR}/gentoo-generator-path-r2.patch"
+			"${FILESDIR}/gentoo-journald-audit-r1.patch"
+		)
+	fi
+
+	default
+}
+
+src_configure() {
+	# Prevent conflicts with i686 cross toolchain, bug 559726
+	tc-export AR CC NM OBJCOPY RANLIB
+
+	python_setup
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	local myconf=(
+		--localstatedir="${EPREFIX}/var"
+		# default is developer, bug 918671
+		-Dmode=release
+		-Dsupport-url="https://gentoo.org/support/"
+		-Dpamlibdir="$(getpam_mod_dir)"
+		# avoid bash-completion dep
+		-Dbashcompletiondir="$(get_bashcompdir)"
+		-Dsplit-bin=false
+		# Disable compatibility with sysvinit
+		-Dsysvinit-path=
+		-Dsysvrcnd-path=
+		# Avoid infinite exec recursion, bug 642724
+		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+		# no deps
+		-Dima=true
+		-Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
+		# Match /etc/shells, bug 919749
+		-Ddebug-shell="${EPREFIX}/bin/sh"
+		-Ddefault-user-shell="${EPREFIX}/bin/bash"
+		# Optional components/dependencies
+		$(meson_native_use_bool acl)
+		$(meson_native_use_bool apparmor)
+		$(meson_native_use_bool audit)
+		$(meson_native_use_bool boot bootloader)
+		$(meson_native_use_bool cryptsetup libcryptsetup)
+		$(meson_native_use_bool curl libcurl)
+		$(meson_native_use_bool dns-over-tls dns-over-tls)
+		$(meson_native_use_bool elfutils)
+		$(meson_native_use_bool fido2 libfido2)
+		$(meson_use gcrypt)
+		$(meson_native_use_bool gnutls)
+		$(meson_native_use_bool homed)
+		$(meson_native_use_bool http microhttpd)
+		$(meson_native_use_bool idn)
+		$(meson_native_use_bool importd)
+		$(meson_native_use_bool importd bzip2)
+		$(meson_native_use_bool importd zlib)
+		$(meson_native_use_bool kernel-install)
+		$(meson_native_use_bool kmod)
+		$(meson_use lz4)
+		$(meson_use lzma xz)
+		$(meson_use test tests)
+		$(meson_use zstd)
+		$(meson_native_use_bool iptables libiptc)
+		$(meson_native_use_bool openssl)
+		$(meson_use pam)
+		$(meson_native_use_bool pkcs11 p11kit)
+		$(meson_native_use_bool pcre pcre2)
+		$(meson_native_use_bool policykit polkit)
+		$(meson_native_use_bool pwquality)
+		$(meson_native_use_bool qrcode qrencode)
+		$(meson_native_use_bool seccomp)
+		$(meson_native_use_bool selinux)
+		$(meson_native_use_bool tpm tpm2)
+		$(meson_native_use_bool test dbus)
+		$(meson_native_use_bool ukify)
+		$(meson_native_use_bool xkb xkbcommon)
+		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+		# Breaks screen, tmux, etc.
+		-Ddefault-kill-user-processes=false
+		-Dcreate-log-dirs=false
+
+		# multilib options
+		$(meson_native_true backlight)
+		$(meson_native_true binfmt)
+		$(meson_native_true coredump)
+		$(meson_native_true environment-d)
+		$(meson_native_true firstboot)
+		$(meson_native_true hibernate)
+		$(meson_native_true hostnamed)
+		$(meson_native_true ldconfig)
+		$(meson_native_true localed)
+		$(meson_native_true man)
+		$(meson_native_true networkd)
+		$(meson_native_true quotacheck)
+		$(meson_native_true randomseed)
+		$(meson_native_true rfkill)
+		$(meson_native_true sysusers)
+		$(meson_native_true timedated)
+		$(meson_native_true timesyncd)
+		$(meson_native_true tmpfiles)
+		$(meson_native_true vconsole)
+		$(meson_native_enabled vmspawn)
+	)
+
+	meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_test() {
+	(
+		unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
+		export COLUMNS=80
+		addpredict /dev
+		addpredict /proc
+		addpredict /run
+		addpredict /sys/fs/cgroup
+		meson_src_test
+	) || die
+}
+
+multilib_src_install_all() {
+	# meson doesn't know about docdir
+	mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
+
+	einstalldocs
+	dodoc "${FILESDIR}"/nsswitch.conf
+
+	insinto /usr/lib/tmpfiles.d
+	doins "${FILESDIR}"/legacy.conf
+
+	if ! use resolvconf; then
+		rm -f "${ED}"/usr/bin/resolvconf || die
+	fi
+
+	if ! use sysv-utils; then
+		rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die
+		rm "${ED}"/usr/share/man/man1/init.1 || die
+		rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
+	fi
+
+	# https://bugs.gentoo.org/761763
+	rm -r "${ED}"/usr/lib/sysusers.d || die
+
+	# Preserve empty dirs in /etc & /var, bug #437008
+	keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+	keepdir /etc/kernel/install.d
+	keepdir /etc/systemd/{network,system,user}
+	keepdir /etc/udev/rules.d
+
+	keepdir /etc/udev/hwdb.d
+
+	keepdir /usr/lib/systemd/{system-sleep,system-shutdown}
+	keepdir /usr/lib/{binfmt.d,modules-load.d}
+	keepdir /usr/lib/systemd/user-generators
+	keepdir /var/lib/systemd
+	keepdir /var/log/journal
+
+	if use pam; then
+		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+	fi
+
+	if use kernel-install; then
+		# Dummy config, remove to make room for sys-kernel/installkernel
+		rm "${ED}/usr/lib/kernel/install.conf" || die
+	fi
+
+	use ukify && python_fix_shebang "${ED}"
+	use boot && secureboot_auto_sign
+}
+
+migrate_locale() {
+	local envd_locale_def="${EROOT}/etc/env.d/02locale"
+	local envd_locale=( "${EROOT}"/etc/env.d/??locale )
+	local locale_conf="${EROOT}/etc/locale.conf"
+
+	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+		# If locale.conf does not exist...
+		if [[ -e ${envd_locale} ]]; then
+			# ...either copy env.d/??locale if there's one
+			ebegin "Moving ${envd_locale} to ${locale_conf}"
+			mv "${envd_locale}" "${locale_conf}"
+			eend ${?} || FAIL=1
+		else
+			# ...or create a dummy default
+			ebegin "Creating ${locale_conf}"
+			cat > "${locale_conf}" <<-EOF
+				# This file has been created by the sys-apps/systemd ebuild.
+				# See locale.conf(5) and localectl(1).
+
+				# LANG=${LANG}
+			EOF
+			eend ${?} || FAIL=1
+		fi
+	fi
+
+	if [[ ! -L ${envd_locale} ]]; then
+		# now, if env.d/??locale is not a symlink (to locale.conf)...
+		if [[ -e ${envd_locale} ]]; then
+			# ...warn the user that he has duplicate locale settings
+			ewarn
+			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+			ewarn "and create the symlink with the following command:"
+			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+			ewarn
+		else
+			# ...or just create the symlink if there's nothing here
+			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+			ln -n -s ../locale.conf "${envd_locale_def}"
+			eend ${?} || FAIL=1
+		fi
+	fi
+}
+
+pkg_preinst() {
+	if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
+		# Symlink /etc/sysctl.conf for easy migration.
+		dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
+	fi
+
+	if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
+		ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
+		ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
+	fi
+}
+
+pkg_postinst() {
+	systemd_update_catalog
+
+	# Keep this here in case the database format changes so it gets updated
+	# when required.
+	systemd-hwdb --root="${ROOT}" update
+
+	udev_reload || FAIL=1
+
+	# Bug 465468, make sure locales are respected, and ensure consistency
+	# between OpenRC & systemd
+	migrate_locale
+
+	if [[ -z ${REPLACING_VERSIONS} ]]; then
+		if type systemctl &>/dev/null; then
+			systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
+		fi
+		elog "To enable a useful set of services, run the following:"
+		elog "  systemctl preset-all --preset-mode=enable-only"
+	fi
+
+	if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
+		rm "${EROOT}/var/lib/systemd/timesync"
+	fi
+
+	if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
+		ebegin "Reexecuting system manager (systemd)"
+		systemctl daemon-reexec
+		eend $? || FAIL=1
+	fi
+
+	if [[ ${FAIL} ]]; then
+		eerror "One of the postinst commands failed. Please check the postinst output"
+		eerror "for errors. You may need to clean up your system and/or try installing"
+		eerror "systemd again."
+		eerror
+	fi
+
+	if use boot; then
+		optfeature "installing kernels in systemd-boot's native layout and update loader entries" \
+			"sys-kernel/installkernel[systemd-boot]"
+	fi
+	if use ukify; then
+		optfeature "generating unified kernel image on each kernel installation" \
+			"sys-kernel/installkernel[ukify]"
+	fi
+}
+
+pkg_prerm() {
+	# If removing systemd completely, remove the catalog database.
+	if [[ ! ${REPLACED_BY_VERSION} ]]; then
+		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+	fi
+}


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2024-04-18  4:20 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2024-04-18  4:20 UTC (permalink / raw
  To: gentoo-commits

commit:     867009193d04369c4ca3d9f0af26c72c8ca9b82f
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 18 04:19:21 2024 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Apr 18 04:19:21 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=86700919

sys-apps/systemd: make test-process-util work with pid-sandbox

Closes: https://bugs.gentoo.org/674458
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../systemd/files/systemd-test-process-util.patch  | 30 ++++++++++++++++++++++
 sys-apps/systemd/systemd-254.10.ebuild             |  6 +----
 sys-apps/systemd/systemd-255.4.ebuild              |  8 ++----
 sys-apps/systemd/systemd-9999.ebuild               |  6 +----
 4 files changed, 34 insertions(+), 16 deletions(-)

diff --git a/sys-apps/systemd/files/systemd-test-process-util.patch b/sys-apps/systemd/files/systemd-test-process-util.patch
new file mode 100644
index 000000000000..ec1a766764ee
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-test-process-util.patch
@@ -0,0 +1,30 @@
+From 1d3404701bf0c27600dd44b2814cd6caffca877a Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Thu, 18 Apr 2024 00:04:44 -0400
+Subject: [PATCH] test-process-util: remove assert that fails under pid-sandbox
+
+Upstream refuses to fix this.
+
+Bug: https://bugs.gentoo.org/674458
+Bug: https://github.com/systemd/systemd/issues/25015
+---
+ src/test/test-process-util.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
+index c96bd4341b..4009cf96e2 100644
+--- a/src/test/test-process-util.c
++++ b/src/test/test-process-util.c
+@@ -92,9 +92,6 @@ static void test_pid_get_comm_one(pid_t pid) {
+         assert_se(r >= 0 || r == -EACCES);
+         log_info("PID"PID_FMT" strlen(environ): %zi", pid, env ? (ssize_t)strlen(env) : (ssize_t)-errno);
+ 
+-        if (!detect_container())
+-                assert_se(get_ctty_devnr(pid, &h) == -ENXIO || pid != 1);
+-
+         (void) getenv_for_pid(pid, "PATH", &i);
+         log_info("PID"PID_FMT" $PATH: '%s'", pid, strna(i));
+ }
+-- 
+2.44.0
+

diff --git a/sys-apps/systemd/systemd-254.10.ebuild b/sys-apps/systemd/systemd-254.10.ebuild
index 3428d3abc74f..c85a0b31b907 100644
--- a/sys-apps/systemd/systemd-254.10.ebuild
+++ b/sys-apps/systemd/systemd-254.10.ebuild
@@ -182,11 +182,6 @@ QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
 
 pkg_pretend() {
 	if [[ ${MERGE_TYPE} != buildonly ]]; then
-		if use test && has pid-sandbox ${FEATURES}; then
-			ewarn "Tests are known to fail with PID sandboxing enabled."
-			ewarn "See https://bugs.gentoo.org/674458."
-		fi
-
 		local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
 			~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
 			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
@@ -240,6 +235,7 @@ src_unpack() {
 
 src_prepare() {
 	local PATCHES=(
+		"${FILESDIR}/systemd-test-process-util.patch"
 		"${FILESDIR}/systemd-253-initrd-generators.patch"
 		"${FILESDIR}/254-PrivateDevices-userdbd.patch"
 	)

diff --git a/sys-apps/systemd/systemd-255.4.ebuild b/sys-apps/systemd/systemd-255.4.ebuild
index de47dde183cf..03c7008aa486 100644
--- a/sys-apps/systemd/systemd-255.4.ebuild
+++ b/sys-apps/systemd/systemd-255.4.ebuild
@@ -190,11 +190,6 @@ pkg_pretend() {
 		die "systemd no longer supports split-usr"
 	fi
 	if [[ ${MERGE_TYPE} != buildonly ]]; then
-		if use test && has pid-sandbox ${FEATURES}; then
-			ewarn "Tests are known to fail with PID sandboxing enabled."
-			ewarn "See https://bugs.gentoo.org/674458."
-		fi
-
 		local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
 			~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
 			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
@@ -248,7 +243,8 @@ src_unpack() {
 
 src_prepare() {
 	local PATCHES=(
-		"${FILESDIR}"/255-install-format-overflow.patch
+		"${FILESDIR}/systemd-test-process-util.patch"
+		"${FILESDIR}/255-install-format-overflow.patch"
 	)
 
 	if ! use vanilla; then

diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index c035b9a2cfde..9ebc6c14fa23 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -190,11 +190,6 @@ pkg_pretend() {
 		die "systemd no longer supports split-usr"
 	fi
 	if [[ ${MERGE_TYPE} != buildonly ]]; then
-		if use test && has pid-sandbox ${FEATURES}; then
-			ewarn "Tests are known to fail with PID sandboxing enabled."
-			ewarn "See https://bugs.gentoo.org/674458."
-		fi
-
 		local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
 			~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
 			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
@@ -248,6 +243,7 @@ src_unpack() {
 
 src_prepare() {
 	local PATCHES=(
+		"${FILESDIR}/systemd-test-process-util.patch"
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2024-03-04  2:51 Sam James
  0 siblings, 0 replies; 65+ messages in thread
From: Sam James @ 2024-03-04  2:51 UTC (permalink / raw
  To: gentoo-commits

commit:     a25cf19d6f0dd41643c17cdfebbd87fde5e0e336
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Mar  4 02:50:27 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Mar  4 02:51:32 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a25cf19d

sys-apps/systemd: backport another stringop-truncation fix

No revbump as this is a false positive (the stringop-* warnings are known
to be noisy/flaky).

Closes: https://bugs.gentoo.org/916518
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/255-install-format-overflow.patch        | 43 ++++++++++++++++++++++
 sys-apps/systemd/systemd-255.4.ebuild              |  1 +
 2 files changed, 44 insertions(+)

diff --git a/sys-apps/systemd/files/255-install-format-overflow.patch b/sys-apps/systemd/files/255-install-format-overflow.patch
new file mode 100644
index 000000000000..3dca7d8e8ec7
--- /dev/null
+++ b/sys-apps/systemd/files/255-install-format-overflow.patch
@@ -0,0 +1,43 @@
+https://github.com/systemd/systemd-stable/commit/f85d2c6d1023b1fe558142440b1d63c4fc5f7c98
+https://github.com/systemd/systemd/issues/30448
+https://bugs.gentoo.org/916518
+
+From f85d2c6d1023b1fe558142440b1d63c4fc5f7c98 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <bluca@debian.org>
+Date: Sat, 24 Feb 2024 12:05:44 +0000
+Subject: [PATCH] install: fix compiler warning about empty directive argument
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+On ppc64el with gcc 13.2 on Ubuntu 24.04:
+
+3s In file included from ../src/basic/macro.h:386,
+483s                  from ../src/basic/alloc-util.h:10,
+483s                  from ../src/shared/install.c:12:
+483s ../src/shared/install.c: In function ‘install_changes_dump’:
+483s ../src/shared/install.c:432:64: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
+483s   432 |                         err = log_error_errno(changes[i].type, "Failed to %s unit, unit %s does not exist.",
+483s       |                                                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+483s ../src/shared/install.c:432:75: note: format string is defined here
+483s   432 |                         err = log_error_errno(changes[i].type, "Failed to %s unit, unit %s does not exist.",
+
+(cherry picked from commit 8040fa55a1cbc34dede3205a902095ecd26c21e3)
+--- a/src/shared/install.c
++++ b/src/shared/install.c
+@@ -340,9 +340,12 @@ void install_changes_dump(int r, const char *verb, const InstallChange *changes,
+         assert(verb || r >= 0);
+ 
+         for (size_t i = 0; i < n_changes; i++) {
+-                if (changes[i].type < 0)
+-                        assert(verb);
+                 assert(changes[i].path);
++                /* This tries to tell the compiler that it's safe to use 'verb' in a string format if there
++                 * was an error, but the compiler doesn't care and fails anyway, so strna(verb) is used
++                 * too. */
++                assert(verb || changes[i].type >= 0);
++                verb = strna(verb);
+ 
+                 /* When making changes here, make sure to also change install_error() in dbus-manager.c. */
+ 
+

diff --git a/sys-apps/systemd/systemd-255.4.ebuild b/sys-apps/systemd/systemd-255.4.ebuild
index 183166373f1d..c1d288b695d5 100644
--- a/sys-apps/systemd/systemd-255.4.ebuild
+++ b/sys-apps/systemd/systemd-255.4.ebuild
@@ -248,6 +248,7 @@ src_unpack() {
 
 src_prepare() {
 	local PATCHES=(
+		"${FILESDIR}"/255-install-format-overflow.patch
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2024-02-24 15:51 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2024-02-24 15:51 UTC (permalink / raw
  To: gentoo-commits

commit:     296415fa509175fd0253091697d1eec1fcf462df
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 24 15:48:45 2024 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Feb 24 15:48:45 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=296415fa

sys-apps/systemd: backport fchmodat2 support to 254.9

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../systemd/files/systemd-254.9-fchmodat2.patch    | 255 +++++++++++++++++++++
 ...ystemd-254.9.ebuild => systemd-254.9-r1.ebuild} |   1 +
 2 files changed, 256 insertions(+)

diff --git a/sys-apps/systemd/files/systemd-254.9-fchmodat2.patch b/sys-apps/systemd/files/systemd-254.9-fchmodat2.patch
new file mode 100644
index 000000000000..27bdd121aa60
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-254.9-fchmodat2.patch
@@ -0,0 +1,255 @@
+From 3d93b69fa558b33f1f2b52305fa4c2d836789394 Mon Sep 17 00:00:00 2001
+From: Arseny Maslennikov <arseny@altlinux.org>
+Date: Sun, 15 Oct 2023 11:00:00 +0300
+Subject: [PATCH 1/3] basic/missing_syscall: generate defs for `fchmodat2(2)`
+
+We will need this to set seccomp filters on this system call regardless
+of libseccomp or kernel support.
+
+(cherry picked from commit 3677364cc3a2c5429380cfd3a2472e2da87925c4)
+---
+ src/basic/missing_syscall_def.h | 68 +++++++++++++++++++++++++++++++++
+ src/basic/missing_syscalls.py   |  1 +
+ 2 files changed, 69 insertions(+)
+
+diff --git a/src/basic/missing_syscall_def.h b/src/basic/missing_syscall_def.h
+index 402fdd00dc..b5beb434db 100644
+--- a/src/basic/missing_syscall_def.h
++++ b/src/basic/missing_syscall_def.h
+@@ -246,6 +246,74 @@ assert_cc(__NR_copy_file_range == systemd_NR_copy_file_range);
+ #  endif
+ #endif
+ 
++#ifndef __IGNORE_fchmodat2
++#  if defined(__aarch64__)
++#    define systemd_NR_fchmodat2 452
++#  elif defined(__alpha__)
++#    define systemd_NR_fchmodat2 562
++#  elif defined(__arc__) || defined(__tilegx__)
++#    define systemd_NR_fchmodat2 452
++#  elif defined(__arm__)
++#    define systemd_NR_fchmodat2 452
++#  elif defined(__i386__)
++#    define systemd_NR_fchmodat2 452
++#  elif defined(__ia64__)
++#    define systemd_NR_fchmodat2 1476
++#  elif defined(__loongarch_lp64)
++#    define systemd_NR_fchmodat2 452
++#  elif defined(__m68k__)
++#    define systemd_NR_fchmodat2 452
++#  elif defined(_MIPS_SIM)
++#    if _MIPS_SIM == _MIPS_SIM_ABI32
++#      define systemd_NR_fchmodat2 4452
++#    elif _MIPS_SIM == _MIPS_SIM_NABI32
++#      define systemd_NR_fchmodat2 6452
++#    elif _MIPS_SIM == _MIPS_SIM_ABI64
++#      define systemd_NR_fchmodat2 5452
++#    else
++#      error "Unknown MIPS ABI"
++#    endif
++#  elif defined(__hppa__)
++#    define systemd_NR_fchmodat2 452
++#  elif defined(__powerpc__)
++#    define systemd_NR_fchmodat2 452
++#  elif defined(__riscv)
++#    if __riscv_xlen == 32
++#      define systemd_NR_fchmodat2 452
++#    elif __riscv_xlen == 64
++#      define systemd_NR_fchmodat2 452
++#    else
++#      error "Unknown RISC-V ABI"
++#    endif
++#  elif defined(__s390__)
++#    define systemd_NR_fchmodat2 452
++#  elif defined(__sparc__)
++#    define systemd_NR_fchmodat2 452
++#  elif defined(__x86_64__)
++#    if defined(__ILP32__)
++#      define systemd_NR_fchmodat2 (452 | /* __X32_SYSCALL_BIT */ 0x40000000)
++#    else
++#      define systemd_NR_fchmodat2 452
++#    endif
++#  elif !defined(missing_arch_template)
++#    warning "fchmodat2() syscall number is unknown for your architecture"
++#  endif
++
++/* may be an (invalid) negative number due to libseccomp, see PR 13319 */
++#  if defined __NR_fchmodat2 && __NR_fchmodat2 >= 0
++#    if defined systemd_NR_fchmodat2
++assert_cc(__NR_fchmodat2 == systemd_NR_fchmodat2);
++#    endif
++#  else
++#    if defined __NR_fchmodat2
++#      undef __NR_fchmodat2
++#    endif
++#    if defined systemd_NR_fchmodat2 && systemd_NR_fchmodat2 >= 0
++#      define __NR_fchmodat2 systemd_NR_fchmodat2
++#    endif
++#  endif
++#endif
++
+ #ifndef __IGNORE_getrandom
+ #  if defined(__aarch64__)
+ #    define systemd_NR_getrandom 278
+diff --git a/src/basic/missing_syscalls.py b/src/basic/missing_syscalls.py
+index 5ccf02adec..00f72dc7a8 100644
+--- a/src/basic/missing_syscalls.py
++++ b/src/basic/missing_syscalls.py
+@@ -9,6 +9,7 @@ SYSCALLS = [
+     'bpf',
+     'close_range',
+     'copy_file_range',
++    'fchmodat2',
+     'getrandom',
+     'memfd_create',
+     'mount_setattr',
+-- 
+2.43.0
+
+
+From c1ffd32c642dcadb844b149fcc0c6fe0dbe8a292 Mon Sep 17 00:00:00 2001
+From: Arseny Maslennikov <arseny@altlinux.org>
+Date: Sun, 15 Oct 2023 11:00:00 +0300
+Subject: [PATCH 2/3] seccomp: include `fchmodat2` in `@file-system`
+
+(cherry picked from commit 6e10405aa25fe5e76b740d9ec59730e3f4470c7a)
+---
+ src/shared/seccomp-util.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
+index bd9660cb35..a9c6279b18 100644
+--- a/src/shared/seccomp-util.c
++++ b/src/shared/seccomp-util.c
+@@ -468,6 +468,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
+                 "fchdir\0"
+                 "fchmod\0"
+                 "fchmodat\0"
++                "fchmodat2\0"
+                 "fcntl\0"
+                 "fcntl64\0"
+                 "fgetxattr\0"
+-- 
+2.43.0
+
+
+From da6ec29e7f755e14655132b4e0b04f463f40af3e Mon Sep 17 00:00:00 2001
+From: Arseny Maslennikov <arseny@altlinux.org>
+Date: Sun, 15 Oct 2023 11:00:00 +0300
+Subject: [PATCH 3/3] seccomp: also check the mode parameter of `fchmodat2(2)`
+
+If there is no libseccomp support, just ban the entire syscall instead
+so wrappers will fall back to older, supported syscalls.
+Also reflect all of this in `test-seccomp.c`.
+
+(cherry picked from commit 8b45281daa3a87b4b7a3248263cd0ba929d15596)
+---
+ src/shared/seccomp-util.c | 24 +++++++++++++++++++++++-
+ src/test/test-seccomp.c   | 28 ++++++++++++++++++++++++++++
+ 2 files changed, 51 insertions(+), 1 deletion(-)
+
+diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
+index a9c6279b18..12fd95d95b 100644
+--- a/src/shared/seccomp-util.c
++++ b/src/shared/seccomp-util.c
+@@ -2038,7 +2038,7 @@ int seccomp_protect_hostname(void) {
+ static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) {
+         /* Checks the mode_t parameter of the following system calls:
+          *
+-         *       → chmod() + fchmod() + fchmodat()
++         *       → chmod() + fchmod() + fchmodat() + fchmodat2()
+          *       → open() + creat() + openat()
+          *       → mkdir() + mkdirat()
+          *       → mknod() + mknodat()
+@@ -2081,6 +2081,28 @@ static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) {
+         else
+                 any = true;
+ 
++#if defined(__SNR_fchmodat2)
++        r = seccomp_rule_add_exact(
++                        seccomp,
++                        SCMP_ACT_ERRNO(EPERM),
++                        SCMP_SYS(fchmodat2),
++                        1,
++                        SCMP_A2(SCMP_CMP_MASKED_EQ, m, m));
++#else
++        /* It looks like this libseccomp does not know about fchmodat2().
++         * Pretend the fchmodat2() system call is not supported at all,
++         * regardless of the kernel version. */
++        r = seccomp_rule_add_exact(
++                        seccomp,
++                        SCMP_ACT_ERRNO(ENOSYS),
++                        __NR_fchmodat2,
++                        0);
++#endif
++        if (r < 0)
++                log_debug_errno(r, "Failed to add filter for fchmodat2: %m");
++        else
++                any = true;
++
+         r = seccomp_rule_add_exact(
+                         seccomp,
+                         SCMP_ACT_ERRNO(EPERM),
+diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
+index 2d06098ddd..3a73262a8b 100644
+--- a/src/test/test-seccomp.c
++++ b/src/test/test-seccomp.c
+@@ -21,6 +21,7 @@
+ #include "macro.h"
+ #include "memory-util.h"
+ #include "missing_sched.h"
++#include "missing_syscall_def.h"
+ #include "nsflags.h"
+ #include "nulstr-util.h"
+ #include "process-util.h"
+@@ -1003,6 +1004,23 @@ static int real_open(const char *path, int flags, mode_t mode) {
+ #endif
+ }
+ 
++static int try_fchmodat2(int dirfd, const char *path, int flags, mode_t mode) {
++        /* glibc does not provide a direct wrapper for fchmodat2(). Let's hence define our own wrapper for
++         * testing purposes that calls the real syscall, on architectures and in environments where
++         * SYS_fchmodat2 is defined. Otherwise, let's just fall back to the glibc fchmodat() call. */
++
++#if defined __NR_fchmodat2 && __NR_fchmodat2 >= 0
++        int r;
++        r = (int) syscall(__NR_fchmodat2, dirfd, path, flags, mode);
++        /* The syscall might still be unsupported by kernel or libseccomp. */
++        if (r < 0 && errno == ENOSYS)
++                return fchmodat(dirfd, path, flags, mode);
++        return r;
++#else
++        return fchmodat(dirfd, path, flags, mode);
++#endif
++}
++
+ TEST(restrict_suid_sgid) {
+         pid_t pid;
+ 
+@@ -1044,6 +1062,11 @@ TEST(restrict_suid_sgid) {
+                 assert_se(fchmodat(AT_FDCWD, path, 0755 | S_ISGID | S_ISUID, 0) >= 0);
+                 assert_se(fchmodat(AT_FDCWD, path, 0755, 0) >= 0);
+ 
++                assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISUID, 0) >= 0);
++                assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISGID, 0) >= 0);
++                assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISGID | S_ISUID, 0) >= 0);
++                assert_se(try_fchmodat2(AT_FDCWD, path, 0755, 0) >= 0);
++
+                 k = real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID);
+                 k = safe_close(k);
+                 assert_se(unlink(z) >= 0);
+@@ -1145,6 +1168,11 @@ TEST(restrict_suid_sgid) {
+                 assert_se(fchmodat(AT_FDCWD, path, 0755 | S_ISGID | S_ISUID, 0) < 0 && errno == EPERM);
+                 assert_se(fchmodat(AT_FDCWD, path, 0755, 0) >= 0);
+ 
++                assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISUID, 0) < 0 && errno == EPERM);
++                assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISGID, 0) < 0 && errno == EPERM);
++                assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISGID | S_ISUID, 0) < 0 && errno == EPERM);
++                assert_se(try_fchmodat2(AT_FDCWD, path, 0755, 0) >= 0);
++
+                 assert_se(real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID) < 0 && errno == EPERM);
+                 assert_se(real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISGID) < 0 && errno == EPERM);
+                 assert_se(real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID | S_ISGID) < 0 && errno == EPERM);
+-- 
+2.43.0
+

diff --git a/sys-apps/systemd/systemd-254.9.ebuild b/sys-apps/systemd/systemd-254.9-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-254.9.ebuild
rename to sys-apps/systemd/systemd-254.9-r1.ebuild
index c12a9240f822..b9a20c537da3 100644
--- a/sys-apps/systemd/systemd-254.9.ebuild
+++ b/sys-apps/systemd/systemd-254.9-r1.ebuild
@@ -242,6 +242,7 @@ src_prepare() {
 	local PATCHES=(
 		"${FILESDIR}/systemd-253-initrd-generators.patch"
 		"${FILESDIR}/254-PrivateDevices-userdbd.patch"
+		"${FILESDIR}/systemd-254.9-fchmodat2.patch"
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2023-12-24 11:58 Sam James
  0 siblings, 0 replies; 65+ messages in thread
From: Sam James @ 2023-12-24 11:58 UTC (permalink / raw
  To: gentoo-commits

commit:     795d72fab680fc06f338f4ab4db38ee10049ae1e
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 24 11:48:50 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Dec 24 11:56:30 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=795d72fa

sys-apps/systemd: add 254.8

Bug: https://bugs.gentoo.org/920331
Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-apps/systemd/Manifest                          |   1 +
 .../systemd/files/254-PrivateDevices-userdbd.patch | 242 ++++++++++
 sys-apps/systemd/systemd-254.8.ebuild              | 526 +++++++++++++++++++++
 3 files changed, 769 insertions(+)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 5bbbd1461af0..062d2c576f03 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -9,4 +9,5 @@ DIST systemd-stable-254.4.tar.gz 14332995 BLAKE2B 2b51ea867e142beeaf332cead5e2da
 DIST systemd-stable-254.5.tar.gz 14334696 BLAKE2B 2f63d79ae93add69ac0b56dda9f67019340f84692de4da200557b9f5f1f16bebbad42a9a7e2d6ef7420aa37746d2ede0481fd8e39f03a31576c7e4e48e259ce3 SHA512 cac713670216add9e5473e2c86f04da441015e7cc0ac1500b9e1489a435f9b80c4c6ee24e9b22e4c4213a495bc1a0a908925df2045e344a2170d5aea6aafa16c
 DIST systemd-stable-254.6.tar.gz 14400611 BLAKE2B 5b23131b8aaabcd386ceb9cfb4ba8e7e1c92c454dbcc2dd907fb459f3022cd324cef86d531fe296ad56349602e487544d60900f71e189aadac6ec0a361a382e3 SHA512 3ebb8c2b931d13cf6efa59842d6d7fb84410fee02f5161061900321497d33750e0b88e2366a4234ba1ab0b89b797da0b1f8b577e0924e560cd9914fde83a1e45
 DIST systemd-stable-254.7.tar.gz 14411955 BLAKE2B 1213237a001fb0aef8912637f31d7d77888bc2505e1e8d8d295642a547bdebbc3a786eed095694e6a6fe2665d6e8e45e98cd883186eedeb1b4fd73daf2520dcf SHA512 2e859813f1f52fa693631ce43466875ac2ac42e09872011ee52fe4e44727663c3de9f128a47776899423188c1e99ce73a69059426a9356c930e275037d001685
+DIST systemd-stable-254.8.tar.gz 14418468 BLAKE2B e5a151ece86e57c7224fc95bda1b4ede1277fce4a2ba28d3605ab0431a2aafe1088f90c49a20e3b53a5b56aeef7c0f1f5da0601db740150f5efdf6eae7bbde80 SHA512 a3f35d9fcafcccd8d9c33ab1047241f226146017be95562a67c7dcc9eeb4b77bded92ad80e92f4767f2bf2009df0172a621d4c54a805e07ed5a5ed03940ec28e
 DIST systemd-stable-255.1.tar.gz 14863856 BLAKE2B 3cf30872cf68117fea970ee2af2dad5e017bec351c866b7b22c9e2f8501c6e526421288feee7fbcf4994bba24beb4b2d98e858ac5b014dd832f9833767e28efe SHA512 ec1506b8e36c943920d8a5a8f6bbedd687d6a8cbc5cd28510485aaa65b96ad1bb58e77cf138818c95d31ea748bb65c56b95efd781d18c8936e910e222e9fdedb

diff --git a/sys-apps/systemd/files/254-PrivateDevices-userdbd.patch b/sys-apps/systemd/files/254-PrivateDevices-userdbd.patch
new file mode 100644
index 000000000000..115c831c275a
--- /dev/null
+++ b/sys-apps/systemd/files/254-PrivateDevices-userdbd.patch
@@ -0,0 +1,242 @@
+https://bugs.gentoo.org/920331
+https://github.com/systemd/systemd/issues/30535
+
+From 4a9e03aa6bb2cbd23dac00f2b2a7642cc79eaade Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Wed, 27 Sep 2023 11:55:59 +0200
+Subject: [PATCH 1/2] core: Make private /dev read-only after populating it
+
+---
+ src/core/namespace.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/core/namespace.c b/src/core/namespace.c
+index e2304f5d066da..d1153f7690140 100644
+--- a/src/core/namespace.c
++++ b/src/core/namespace.c
+@@ -995,6 +995,11 @@ static int mount_private_dev(MountEntry *m) {
+         if (r < 0)
+                 log_debug_errno(r, "Failed to set up basic device tree at '%s', ignoring: %m", temporary_mount);
+ 
++        /* Make the bind mount read-only. */
++        r = mount_nofollow_verbose(LOG_DEBUG, NULL, dev, NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL);
++        if (r < 0)
++                return r;
++
+         /* Create the /dev directory if missing. It is more likely to be missing when the service is started
+          * with RootDirectory. This is consistent with mount units creating the mount points when missing. */
+         (void) mkdir_p_label(mount_entry_path(m), 0755);
+
+From cd7f3702eb47c82a50bf74c2b7c15c2e4e1f5c79 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Wed, 27 Sep 2023 10:52:50 +0200
+Subject: [PATCH 2/2] core: Use a subdirectory of /run/ for PrivateDevices=
+
+When we're starting early boot services such as systemd-userdbd.service,
+/tmp might not yet be mounted, so let's use a directory in /run instead
+which is guaranteed to be available.
+---
+ src/core/execute.c        |  1 +
+ src/core/namespace.c      | 61 +++++++++++++++++++++++++++++----------
+ src/core/namespace.h      |  2 ++
+ src/test/test-namespace.c |  1 +
+ src/test/test-ns.c        |  1 +
+ 5 files changed, 50 insertions(+), 16 deletions(-)
+
+diff --git a/src/core/execute.c b/src/core/execute.c
+index a52df64d01081..89c3868d55f6c 100644
+--- a/src/core/execute.c
++++ b/src/core/execute.c
+@@ -3307,6 +3307,7 @@ static int apply_mount_namespace(
+                         extension_dir,
+                         root_dir || root_image ? params->notify_socket : NULL,
+                         host_os_release_stage,
++                        params->runtime_scope,
+                         error_path);
+ 
+         /* If we couldn't set up the namespace this is probably due to a missing capability. setup_namespace() reports
+diff --git a/src/core/namespace.c b/src/core/namespace.c
+index d1153f7690140..a0471ac8884bf 100644
+--- a/src/core/namespace.c
++++ b/src/core/namespace.c
+@@ -909,7 +909,19 @@ static int clone_device_node(
+         return 0;
+ }
+ 
+-static int mount_private_dev(MountEntry *m) {
++static char *settle_runtime_dir(RuntimeScope scope) {
++        char *runtime_dir;
++
++        if (scope != RUNTIME_SCOPE_USER)
++                return strdup("/run/");
++
++        if (asprintf(&runtime_dir, "/run/user/" UID_FMT, geteuid()) < 0)
++                return NULL;
++
++        return runtime_dir;
++}
++
++static int mount_private_dev(MountEntry *m, RuntimeScope scope) {
+         static const char devnodes[] =
+                 "/dev/null\0"
+                 "/dev/zero\0"
+@@ -918,13 +930,21 @@ static int mount_private_dev(MountEntry *m) {
+                 "/dev/urandom\0"
+                 "/dev/tty\0";
+ 
+-        char temporary_mount[] = "/tmp/namespace-dev-XXXXXX";
++        _cleanup_free_ char *runtime_dir = NULL, *temporary_mount = NULL;
+         const char *dev = NULL, *devpts = NULL, *devshm = NULL, *devhugepages = NULL, *devmqueue = NULL, *devlog = NULL, *devptmx = NULL;
+         bool can_mknod = true;
+         int r;
+ 
+         assert(m);
+ 
++        runtime_dir = settle_runtime_dir(scope);
++        if (!runtime_dir)
++                return log_oom_debug();
++
++        temporary_mount = path_join(runtime_dir, "systemd/namespace-dev-XXXXXX");
++        if (!temporary_mount)
++                return log_oom_debug();
++
+         if (!mkdtemp(temporary_mount))
+                 return log_debug_errno(errno, "Failed to create temporary directory '%s': %m", temporary_mount);
+ 
+@@ -1364,7 +1384,8 @@ static int apply_one_mount(
+                 MountEntry *m,
+                 const ImagePolicy *mount_image_policy,
+                 const ImagePolicy *extension_image_policy,
+-                const NamespaceInfo *ns_info) {
++                const NamespaceInfo *ns_info,
++                RuntimeScope scope) {
+ 
+         _cleanup_free_ char *inaccessible = NULL;
+         bool rbind = true, make = false;
+@@ -1379,8 +1400,7 @@ static int apply_one_mount(
+         switch (m->mode) {
+ 
+         case INACCESSIBLE: {
+-                _cleanup_free_ char *tmp = NULL;
+-                const char *runtime_dir;
++                _cleanup_free_ char *runtime_dir = NULL;
+                 struct stat target;
+ 
+                 /* First, get rid of everything that is below if there
+@@ -1396,14 +1416,14 @@ static int apply_one_mount(
+                                                mount_entry_path(m));
+                 }
+ 
+-                if (geteuid() == 0)
+-                        runtime_dir = "/run";
+-                else {
+-                        if (asprintf(&tmp, "/run/user/" UID_FMT, geteuid()) < 0)
+-                                return -ENOMEM;
+-
+-                        runtime_dir = tmp;
+-                }
++                /* We don't pass the literal runtime scope through here but one based purely on our UID. This
++                 * means that the root user's --user services will use the host's inaccessible inodes rather
++                 * then root's private ones. This is preferable since it means device nodes that are
++                 * overmounted to make them inaccessible will be overmounted with a device node, rather than
++                 * an AF_UNIX socket inode. */
++                runtime_dir = settle_runtime_dir(geteuid() == 0 ? RUNTIME_SCOPE_SYSTEM : RUNTIME_SCOPE_USER);
++                if (!runtime_dir)
++                        return log_oom_debug();
+ 
+                 r = mode_to_inaccessible_node(runtime_dir, target.st_mode, &inaccessible);
+                 if (r < 0)
+@@ -1523,7 +1543,7 @@ static int apply_one_mount(
+                 break;
+ 
+         case PRIVATE_DEV:
+-                return mount_private_dev(m);
++                return mount_private_dev(m, scope);
+ 
+         case BIND_DEV:
+                 return mount_bind_dev(m);
+@@ -1824,6 +1844,7 @@ static int apply_mounts(
+                 const NamespaceInfo *ns_info,
+                 MountEntry *mounts,
+                 size_t *n_mounts,
++                RuntimeScope scope,
+                 char **symlinks,
+                 char **error_path) {
+ 
+@@ -1875,7 +1896,7 @@ static int apply_mounts(
+                                 break;
+                         }
+ 
+-                        r = apply_one_mount(root, m, mount_image_policy, extension_image_policy, ns_info);
++                        r = apply_one_mount(root, m, mount_image_policy, extension_image_policy, ns_info, scope);
+                         if (r < 0) {
+                                 if (error_path && mount_entry_path(m))
+                                         *error_path = strdup(mount_entry_path(m));
+@@ -2030,6 +2051,7 @@ int setup_namespace(
+                 const char *extension_dir,
+                 const char *notify_socket,
+                 const char *host_os_release_stage,
++                RuntimeScope scope,
+                 char **error_path) {
+ 
+         _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
+@@ -2490,7 +2512,14 @@ int setup_namespace(
+                 (void) base_filesystem_create(root, UID_INVALID, GID_INVALID);
+ 
+         /* Now make the magic happen */
+-        r = apply_mounts(root, mount_image_policy, extension_image_policy, ns_info, mounts, &n_mounts, symlinks, error_path);
++        r = apply_mounts(root,
++                         mount_image_policy,
++                         extension_image_policy,
++                         ns_info,
++                         mounts, &n_mounts,
++                         scope,
++                         symlinks,
++                         error_path);
+         if (r < 0)
+                 goto finish;
+ 
+diff --git a/src/core/namespace.h b/src/core/namespace.h
+index b6132154c5132..581403d89826d 100644
+--- a/src/core/namespace.h
++++ b/src/core/namespace.h
+@@ -16,6 +16,7 @@ typedef struct MountImage MountImage;
+ #include "fs-util.h"
+ #include "macro.h"
+ #include "namespace-util.h"
++#include "runtime-scope.h"
+ #include "string-util.h"
+ 
+ typedef enum ProtectHome {
+@@ -134,6 +135,7 @@ int setup_namespace(
+                 const char *extension_dir,
+                 const char *notify_socket,
+                 const char *host_os_release_stage,
++                RuntimeScope scope,
+                 char **error_path);
+ 
+ #define RUN_SYSTEMD_EMPTY "/run/systemd/empty"
+diff --git a/src/test/test-namespace.c b/src/test/test-namespace.c
+index 25aafc35ca837..42ac65d08c87a 100644
+--- a/src/test/test-namespace.c
++++ b/src/test/test-namespace.c
+@@ -206,6 +206,7 @@ TEST(protect_kernel_logs) {
+                                     NULL,
+                                     NULL,
+                                     NULL,
++                                    RUNTIME_SCOPE_SYSTEM,
+                                     NULL);
+                 assert_se(r == 0);
+ 
+diff --git a/src/test/test-ns.c b/src/test/test-ns.c
+index 77afd2f6b9eb8..eb3afed9e1c66 100644
+--- a/src/test/test-ns.c
++++ b/src/test/test-ns.c
+@@ -108,6 +108,7 @@ int main(int argc, char *argv[]) {
+                             NULL,
+                             NULL,
+                             NULL,
++                            RUNTIME_SCOPE_SYSTEM,
+                             NULL);
+         if (r < 0) {
+                 log_error_errno(r, "Failed to set up namespace: %m");

diff --git a/sys-apps/systemd/systemd-254.8.ebuild b/sys-apps/systemd/systemd-254.8.ebuild
new file mode 100644
index 000000000000..0ad5f8893f48
--- /dev/null
+++ b/sys-apps/systemd/systemd-254.8.ebuild
@@ -0,0 +1,526 @@
+# Copyright 2011-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+PYTHON_COMPAT=( python3_{10..12} )
+
+# Avoid QA warnings
+TMPFILES_OPTIONAL=1
+UDEV_OPTIONAL=1
+
+QA_PKGCONFIG_VERSION=$(ver_cut 1)
+
+if [[ ${PV} == 9999 ]]; then
+	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+	inherit git-r3
+else
+	if [[ ${PV} == *.* ]]; then
+		MY_PN=systemd-stable
+	else
+		MY_PN=systemd
+	fi
+	MY_PV=${PV/_/-}
+	MY_P=${MY_PN}-${MY_PV}
+	S=${WORKDIR}/${MY_P}
+	SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+fi
+
+inherit bash-completion-r1 linux-info meson-multilib pam python-single-r1
+inherit secureboot systemd toolchain-funcs udev usr-ldscript
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="http://systemd.io/"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="
+	acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
+	fido2 +gcrypt gnutls homed http idn importd iptables kernel-install +kmod
+	+lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
+	+resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
+"
+REQUIRED_USE="
+	${PYTHON_REQUIRED_USE}
+	dns-over-tls? ( || ( gnutls openssl ) )
+	fido2? ( cryptsetup openssl )
+	homed? ( cryptsetup pam openssl )
+	importd? ( curl lzma || ( gcrypt openssl ) )
+	pwquality? ( homed )
+	boot? ( kernel-install )
+	ukify? ( boot )
+"
+RESTRICT="!test? ( test )"
+
+MINKV="4.15"
+
+COMMON_DEPEND="
+	>=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+	virtual/libcrypt:=[${MULTILIB_USEDEP}]
+	acl? ( sys-apps/acl:0= )
+	apparmor? ( sys-libs/libapparmor:0= )
+	audit? ( >=sys-process/audit-2:0= )
+	cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
+	curl? ( net-misc/curl:0= )
+	elfutils? ( >=dev-libs/elfutils-0.158:0= )
+	fido2? ( dev-libs/libfido2:0= )
+	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+	gnutls? ( >=net-libs/gnutls-3.6.0:0= )
+	http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
+	idn? ( net-dns/libidn2:= )
+	importd? (
+		app-arch/bzip2:0=
+		sys-libs/zlib:0=
+	)
+	kmod? ( >=sys-apps/kmod-15:0= )
+	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+	iptables? ( net-firewall/iptables:0= )
+	openssl? ( >=dev-libs/openssl-1.1.0:0= )
+	pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
+	pkcs11? ( app-crypt/p11-kit:0= )
+	pcre? ( dev-libs/libpcre2 )
+	pwquality? ( dev-libs/libpwquality:0= )
+	qrcode? ( media-gfx/qrencode:0= )
+	seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+	selinux? ( sys-libs/libselinux:0= )
+	tpm? ( app-crypt/tpm2-tss:0= )
+	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
+	zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
+"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+	>=sys-kernel/linux-headers-${MINKV}
+"
+
+PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+	>=acct-group/adm-0-r1
+	>=acct-group/wheel-0-r1
+	>=acct-group/kmem-0-r1
+	>=acct-group/tty-0-r1
+	>=acct-group/utmp-0-r1
+	>=acct-group/audio-0-r1
+	>=acct-group/cdrom-0-r1
+	>=acct-group/dialout-0-r1
+	>=acct-group/disk-0-r1
+	>=acct-group/input-0-r1
+	>=acct-group/kvm-0-r1
+	>=acct-group/lp-0-r1
+	>=acct-group/render-0-r1
+	acct-group/sgx
+	>=acct-group/tape-0-r1
+	acct-group/users
+	>=acct-group/video-0-r1
+	>=acct-group/systemd-journal-0-r1
+	>=acct-user/root-0-r1
+	acct-user/nobody
+	>=acct-user/systemd-journal-remote-0-r1
+	>=acct-user/systemd-coredump-0-r1
+	>=acct-user/systemd-network-0-r1
+	acct-user/systemd-oom
+	>=acct-user/systemd-resolve-0-r1
+	>=acct-user/systemd-timesync-0-r1
+	>=sys-apps/baselayout-2.2
+	ukify? (
+		${PYTHON_DEPS}
+		$(python_gen_cond_dep "${PEFILE_DEPEND}")
+	)
+	selinux? (
+		sec-policy/selinux-base-policy[systemd]
+		sec-policy/selinux-ntp
+	)
+	sysv-utils? (
+		!sys-apps/openrc[sysv-utils(-)]
+		!sys-apps/sysvinit
+	)
+	!sysv-utils? ( sys-apps/sysvinit )
+	resolvconf? ( !net-dns/openresolv )
+	!sys-apps/hwids[udev]
+	!sys-auth/nss-myhostname
+	!sys-fs/eudev
+	!sys-fs/udev
+"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+	>=sys-fs/udev-init-scripts-34
+	policykit? ( sys-auth/polkit )
+	!vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+BDEPEND="
+	app-arch/xz-utils:0
+	dev-util/gperf
+	>=dev-util/meson-0.46
+	>=sys-apps/coreutils-8.16
+	sys-devel/gettext
+	virtual/pkgconfig
+	test? (
+		app-text/tree
+		dev-lang/perl
+		sys-apps/dbus
+	)
+	app-text/docbook-xml-dtd:4.2
+	app-text/docbook-xml-dtd:4.5
+	app-text/docbook-xsl-stylesheets
+	dev-libs/libxslt:0
+	${PYTHON_DEPS}
+	$(python_gen_cond_dep "
+		dev-python/jinja[\${PYTHON_USEDEP}]
+		dev-python/lxml[\${PYTHON_USEDEP}]
+		boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] )
+		ukify? ( test? ( ${PEFILE_DEPEND} ) )
+	")
+"
+
+QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
+QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
+
+pkg_pretend() {
+	if [[ ${MERGE_TYPE} != buildonly ]]; then
+		if use test && has pid-sandbox ${FEATURES}; then
+			ewarn "Tests are known to fail with PID sandboxing enabled."
+			ewarn "See https://bugs.gentoo.org/674458."
+		fi
+
+		local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
+			~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+			~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
+			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+			~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+			~!SYSFS_DEPRECATED_V2"
+
+		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+
+		if kernel_is -ge 5 10 20; then
+			CONFIG_CHECK+=" ~KCMP"
+		else
+			CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
+		fi
+
+		if kernel_is -ge 4 18; then
+			CONFIG_CHECK+=" ~AUTOFS_FS"
+		else
+			CONFIG_CHECK+=" ~AUTOFS4_FS"
+		fi
+
+		if linux_config_exists; then
+			local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+			if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+				ewarn "It's recommended to set an empty value to the following kernel config option:"
+				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+			fi
+			if linux_chkconfig_present X86; then
+				CONFIG_CHECK+=" ~DMIID"
+			fi
+		fi
+
+		if kernel_is -lt ${MINKV//./ }; then
+			ewarn "Kernel version at least ${MINKV} required"
+		fi
+
+		check_extra_config
+	fi
+}
+
+pkg_setup() {
+	use boot && secureboot_pkg_setup
+}
+
+src_unpack() {
+	default
+	[[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}/systemd-253-initrd-generators.patch"
+		"${FILESDIR}/254-PrivateDevices-userdbd.patch"
+	)
+
+	if ! use vanilla; then
+		PATCHES+=(
+			"${FILESDIR}/gentoo-generator-path-r2.patch"
+			"${FILESDIR}/gentoo-journald-audit-r1.patch"
+		)
+	fi
+
+	# Fails with split-usr.
+	sed -i -e '2i exit 77' test/test-rpm-macros.sh || die
+
+	default
+}
+
+src_configure() {
+	# Prevent conflicts with i686 cross toolchain, bug 559726
+	tc-export AR CC NM OBJCOPY RANLIB
+
+	python_setup
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	local myconf=(
+		--localstatedir="${EPREFIX}/var"
+		-Dsupport-url="https://gentoo.org/support/"
+		-Dpamlibdir="$(getpam_mod_dir)"
+		# avoid bash-completion dep
+		-Dbashcompletiondir="$(get_bashcompdir)"
+		$(meson_use split-usr)
+		$(meson_use split-usr split-bin)
+		-Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
+		-Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
+		# Disable compatibility with sysvinit
+		-Dsysvinit-path=
+		-Dsysvrcnd-path=
+		# Avoid infinite exec recursion, bug 642724
+		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+		# no deps
+		-Dima=true
+		-Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
+		# Optional components/dependencies
+		$(meson_native_use_bool acl)
+		$(meson_native_use_bool apparmor)
+		$(meson_native_use_bool audit)
+		$(meson_native_use_bool boot bootloader)
+		$(meson_native_use_bool cryptsetup libcryptsetup)
+		$(meson_native_use_bool curl libcurl)
+		$(meson_native_use_bool dns-over-tls dns-over-tls)
+		$(meson_native_use_bool elfutils)
+		$(meson_native_use_bool fido2 libfido2)
+		$(meson_use gcrypt)
+		$(meson_native_use_bool gnutls)
+		$(meson_native_use_bool homed)
+		$(meson_native_use_bool http microhttpd)
+		$(meson_native_use_bool idn)
+		$(meson_native_use_bool importd)
+		$(meson_native_use_bool importd bzip2)
+		$(meson_native_use_bool importd zlib)
+		$(meson_native_use_bool kernel-install)
+		$(meson_native_use_bool kmod)
+		$(meson_use lz4)
+		$(meson_use lzma xz)
+		$(meson_use test tests)
+		$(meson_use zstd)
+		$(meson_native_use_bool iptables libiptc)
+		$(meson_native_use_bool openssl)
+		$(meson_use pam)
+		$(meson_native_use_bool pkcs11 p11kit)
+		$(meson_native_use_bool pcre pcre2)
+		$(meson_native_use_bool policykit polkit)
+		$(meson_native_use_bool pwquality)
+		$(meson_native_use_bool qrcode qrencode)
+		$(meson_native_use_bool seccomp)
+		$(meson_native_use_bool selinux)
+		$(meson_native_use_bool tpm tpm2)
+		$(meson_native_use_bool test dbus)
+		$(meson_native_use_bool ukify)
+		$(meson_native_use_bool xkb xkbcommon)
+		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+		# Breaks screen, tmux, etc.
+		-Ddefault-kill-user-processes=false
+		-Dcreate-log-dirs=false
+
+		# multilib options
+		$(meson_native_true backlight)
+		$(meson_native_true binfmt)
+		$(meson_native_true coredump)
+		$(meson_native_true environment-d)
+		$(meson_native_true firstboot)
+		$(meson_native_true hibernate)
+		$(meson_native_true hostnamed)
+		$(meson_native_true ldconfig)
+		$(meson_native_true localed)
+		$(meson_native_true man)
+		$(meson_native_true networkd)
+		$(meson_native_true quotacheck)
+		$(meson_native_true randomseed)
+		$(meson_native_true rfkill)
+		$(meson_native_true sysusers)
+		$(meson_native_true timedated)
+		$(meson_native_true timesyncd)
+		$(meson_native_true tmpfiles)
+		$(meson_native_true vconsole)
+	)
+
+	meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_test() {
+	unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
+	local -x COLUMNS=80
+	meson_src_test
+}
+
+multilib_src_install_all() {
+	local rootprefix=$(usex split-usr '' /usr)
+	local sbin=$(usex split-usr sbin bin)
+
+	# meson doesn't know about docdir
+	mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
+
+	einstalldocs
+	dodoc "${FILESDIR}"/nsswitch.conf
+
+	insinto /usr/lib/tmpfiles.d
+	doins "${FILESDIR}"/legacy.conf
+
+	if ! use resolvconf; then
+		rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die
+	fi
+
+	if ! use sysv-utils; then
+		rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die
+		rm "${ED}"/usr/share/man/man1/init.1 || die
+		rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
+	fi
+
+	# https://bugs.gentoo.org/761763
+	rm -r "${ED}"/usr/lib/sysusers.d || die
+
+	# Preserve empty dirs in /etc & /var, bug #437008
+	keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+	keepdir /etc/kernel/install.d
+	keepdir /etc/systemd/{network,system,user}
+	keepdir /etc/udev/rules.d
+
+	keepdir /etc/udev/hwdb.d
+
+	keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
+	keepdir /usr/lib/{binfmt.d,modules-load.d}
+	keepdir /usr/lib/systemd/user-generators
+	keepdir /var/lib/systemd
+	keepdir /var/log/journal
+
+	if use pam; then
+		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+	fi
+
+	if use split-usr; then
+		# Avoid breaking boot/reboot
+		dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
+		dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
+	fi
+
+	gen_usr_ldscript -a systemd udev
+
+	use ukify && python_fix_shebang "${ED}"
+	use boot && secureboot_auto_sign
+}
+
+migrate_locale() {
+	local envd_locale_def="${EROOT}/etc/env.d/02locale"
+	local envd_locale=( "${EROOT}"/etc/env.d/??locale )
+	local locale_conf="${EROOT}/etc/locale.conf"
+
+	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+		# If locale.conf does not exist...
+		if [[ -e ${envd_locale} ]]; then
+			# ...either copy env.d/??locale if there's one
+			ebegin "Moving ${envd_locale} to ${locale_conf}"
+			mv "${envd_locale}" "${locale_conf}"
+			eend ${?} || FAIL=1
+		else
+			# ...or create a dummy default
+			ebegin "Creating ${locale_conf}"
+			cat > "${locale_conf}" <<-EOF
+				# This file has been created by the sys-apps/systemd ebuild.
+				# See locale.conf(5) and localectl(1).
+
+				# LANG=${LANG}
+			EOF
+			eend ${?} || FAIL=1
+		fi
+	fi
+
+	if [[ ! -L ${envd_locale} ]]; then
+		# now, if env.d/??locale is not a symlink (to locale.conf)...
+		if [[ -e ${envd_locale} ]]; then
+			# ...warn the user that he has duplicate locale settings
+			ewarn
+			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+			ewarn "and create the symlink with the following command:"
+			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+			ewarn
+		else
+			# ...or just create the symlink if there's nothing here
+			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+			ln -n -s ../locale.conf "${envd_locale_def}"
+			eend ${?} || FAIL=1
+		fi
+	fi
+}
+
+pkg_preinst() {
+	if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
+		# Symlink /etc/sysctl.conf for easy migration.
+		dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
+	fi
+
+	if ! use split-usr; then
+		local dir
+		for dir in bin sbin lib usr/sbin; do
+			if [[ ! -L ${EROOT}/${dir} ]]; then
+				eerror "'${EROOT}/${dir}' is not a symbolic link."
+				FAIL=1
+			fi
+		done
+		if [[ ${FAIL} ]]; then
+			eerror "Migration to system layout with merged directories must be performed before"
+			eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
+			die "System layout with split directories still used"
+		fi
+	fi
+	if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
+		ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
+		ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
+	fi
+}
+
+pkg_postinst() {
+	systemd_update_catalog
+
+	# Keep this here in case the database format changes so it gets updated
+	# when required.
+	systemd-hwdb --root="${ROOT}" update
+
+	udev_reload || FAIL=1
+
+	# Bug 465468, make sure locales are respected, and ensure consistency
+	# between OpenRC & systemd
+	migrate_locale
+
+	if [[ -z ${REPLACING_VERSIONS} ]]; then
+		if type systemctl &>/dev/null; then
+			systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
+		fi
+		elog "To enable a useful set of services, run the following:"
+		elog "  systemctl preset-all --preset-mode=enable-only"
+	fi
+
+	if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
+		rm "${EROOT}/var/lib/systemd/timesync"
+	fi
+
+	if [[ ${FAIL} ]]; then
+		eerror "One of the postinst commands failed. Please check the postinst output"
+		eerror "for errors. You may need to clean up your system and/or try installing"
+		eerror "systemd again."
+		eerror
+	fi
+}
+
+pkg_prerm() {
+	# If removing systemd completely, remove the catalog database.
+	if [[ ! ${REPLACED_BY_VERSION} ]]; then
+		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+	fi
+}


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2023-12-12  2:50 Sam James
  0 siblings, 0 replies; 65+ messages in thread
From: Sam James @ 2023-12-12  2:50 UTC (permalink / raw
  To: gentoo-commits

commit:     b62348acb65f64622e8c55722dc76e74593336f1
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 12 02:41:31 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Dec 12 02:41:47 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b62348ac

sys-apps/systemd: backport systemd-analyze regression fix (for git test suite)

Link: https://lore.kernel.org/git/20231207062752.GA777253 <AT> coredump.intra.peff.net/T/#t
Bug: https://github.com/systemd/systemd/issues/30357
Bug: https://github.com/systemd/systemd/pull/30363
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../systemd/files/255-analyze-regression.patch     | 156 +++++++
 sys-apps/systemd/systemd-255-r1.ebuild             | 510 +++++++++++++++++++++
 2 files changed, 666 insertions(+)

diff --git a/sys-apps/systemd/files/255-analyze-regression.patch b/sys-apps/systemd/files/255-analyze-regression.patch
new file mode 100644
index 000000000000..cba6a479f1a7
--- /dev/null
+++ b/sys-apps/systemd/files/255-analyze-regression.patch
@@ -0,0 +1,156 @@
+Fixes a regression in the git test suite.
+
+https://lore.kernel.org/git/20231207062752.GA777253@coredump.intra.peff.net/T/#t
+https://github.com/systemd/systemd/issues/30357
+https://github.com/systemd/systemd/pull/30363
+https://github.com/systemd/systemd/commit/bf8726d1ee33047b138f677fe4c72ca9989680e8
+
+From 6d9d55657946385916fa4db7149a9b389645ee73 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Thu, 7 Dec 2023 19:29:29 +0900
+Subject: [PATCH 1/2] analyze: also find template unit when a template instance
+ is specified
+
+Fixes a regression caused by 2f6181ad4d6c126e3ebf6880ba30b3b0059c6fc8.
+
+Fixes #30357.
+
+Co-authored-by: Jeff King <peff@peff.net>
+--- a/src/analyze/analyze-verify-util.c
++++ b/src/analyze/analyze-verify-util.c
+@@ -72,6 +72,54 @@ int verify_prepare_filename(const char *filename, char **ret) {
+         return 0;
+ }
+ 
++static int find_unit_directory(const char *p, char **ret) {
++        _cleanup_free_ char *a = NULL, *u = NULL, *t = NULL, *d = NULL;
++        int r;
++
++        assert(p);
++        assert(ret);
++
++        r = path_make_absolute_cwd(p, &a);
++        if (r < 0)
++                return r;
++
++        if (access(a, F_OK) >= 0) {
++                r = path_extract_directory(a, &d);
++                if (r < 0)
++                        return r;
++
++                *ret = TAKE_PTR(d);
++                return 0;
++        }
++
++        r = path_extract_filename(a, &u);
++        if (r < 0)
++                return r;
++
++        if (!unit_name_is_valid(u, UNIT_NAME_INSTANCE))
++                return -ENOENT;
++
++        /* If the specified unit is an instance of a template unit, then let's try to find the template unit. */
++        r = unit_name_template(u, &t);
++        if (r < 0)
++                return r;
++
++        r = path_extract_directory(a, &d);
++        if (r < 0)
++                return r;
++
++        free(a);
++        a = path_join(d, t);
++        if (!a)
++                return -ENOMEM;
++
++        if (access(a, F_OK) < 0)
++                return -errno;
++
++        *ret = TAKE_PTR(d);
++        return 0;
++}
++
+ int verify_set_unit_path(char **filenames) {
+         _cleanup_strv_free_ char **ans = NULL;
+         _cleanup_free_ char *joined = NULL;
+@@ -79,21 +127,15 @@ int verify_set_unit_path(char **filenames) {
+         int r;
+ 
+         STRV_FOREACH(filename, filenames) {
+-                _cleanup_free_ char *a = NULL;
+-                char *t;
++                _cleanup_free_ char *t = NULL;
+ 
+-                r = path_make_absolute_cwd(*filename, &a);
+-                if (r < 0)
++                r = find_unit_directory(*filename, &t);
++                if (r == -ENOMEM)
+                         return r;
+-
+-                if (access(a, F_OK) < 0)
+-                        continue;
+-
+-                r = path_extract_directory(a, &t);
+                 if (r < 0)
+-                        return r;
++                        continue;
+ 
+-                r = strv_consume(&ans, t);
++                r = strv_consume(&ans, TAKE_PTR(t));
+                 if (r < 0)
+                         return r;
+         }
+
+From 9d51ab78300364c71a0e1f138e1d2cbc65771b93 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Fri, 8 Dec 2023 10:41:49 +0900
+Subject: [PATCH 2/2] test: add test cases for issue #30357
+
+--- a/test/units/testsuite-65.sh
++++ b/test/units/testsuite-65.sh
+@@ -296,6 +296,44 @@ EOF
+ # Verifies that the --offline= option works with --root=
+ systemd-analyze security --threshold=90 --offline=true --root=/tmp/img/ testfile.service
+ 
++cat <<EOF >/tmp/foo@.service
++[Service]
++ExecStart=ls
++EOF
++
++cat <<EOF >/tmp/hoge@test.service
++[Service]
++ExecStart=ls
++EOF
++
++# issue #30357
++pushd /tmp
++systemd-analyze verify foo@bar.service
++systemd-analyze verify foo@.service
++systemd-analyze verify hoge@test.service
++(! systemd-analyze verify hoge@nonexist.service)
++(! systemd-analyze verify hoge@.service)
++popd
++pushd /
++systemd-analyze verify tmp/foo@bar.service
++systemd-analyze verify tmp/foo@.service
++systemd-analyze verify tmp/hoge@test.service
++(! systemd-analyze verify tmp/hoge@nonexist.service)
++(! systemd-analyze verify tmp/hoge@.service)
++popd
++pushd /usr
++systemd-analyze verify ../tmp/foo@bar.service
++systemd-analyze verify ../tmp/foo@.service
++systemd-analyze verify ../tmp/hoge@test.service
++(! systemd-analyze verify ../tmp/hoge@nonexist.service)
++(! systemd-analyze verify ../tmp/hoge@.service)
++popd
++systemd-analyze verify /tmp/foo@bar.service
++systemd-analyze verify /tmp/foo@.service
++systemd-analyze verify /tmp/hoge@test.service
++(! systemd-analyze verify /tmp/hoge@nonexist.service)
++(! systemd-analyze verify /tmp/hoge@.service)
++
+ # Added an additional "INVALID_ID" id to the .json to verify that nothing breaks when input is malformed
+ # The PrivateNetwork id description and weight was changed to verify that 'security' is actually reading in
+ # values from the .json file when required. The default weight for "PrivateNetwork" is 2500, and the new weight
+

diff --git a/sys-apps/systemd/systemd-255-r1.ebuild b/sys-apps/systemd/systemd-255-r1.ebuild
new file mode 100644
index 000000000000..2c96d3c84e46
--- /dev/null
+++ b/sys-apps/systemd/systemd-255-r1.ebuild
@@ -0,0 +1,510 @@
+# Copyright 2011-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+PYTHON_COMPAT=( python3_{10..12} )
+
+# Avoid QA warnings
+TMPFILES_OPTIONAL=1
+UDEV_OPTIONAL=1
+
+QA_PKGCONFIG_VERSION=$(ver_cut 1)
+
+if [[ ${PV} == 9999 ]]; then
+	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+	inherit git-r3
+else
+	if [[ ${PV} == *.* ]]; then
+		MY_PN=systemd-stable
+	else
+		MY_PN=systemd
+	fi
+	MY_PV=${PV/_/-}
+	MY_P=${MY_PN}-${MY_PV}
+	S=${WORKDIR}/${MY_P}
+	SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
+
+	if [[ ${PV} != *rc* ]] ; then
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+	fi
+fi
+
+inherit bash-completion-r1 linux-info meson-multilib pam python-single-r1
+inherit secureboot systemd toolchain-funcs udev
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="http://systemd.io/"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="
+	acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
+	fido2 +gcrypt gnutls homed http idn importd iptables kernel-install +kmod
+	+lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
+	+resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
+"
+REQUIRED_USE="
+	${PYTHON_REQUIRED_USE}
+	dns-over-tls? ( || ( gnutls openssl ) )
+	fido2? ( cryptsetup openssl )
+	homed? ( cryptsetup pam openssl )
+	importd? ( curl lzma || ( gcrypt openssl ) )
+	pwquality? ( homed )
+	boot? ( kernel-install )
+	ukify? ( boot )
+"
+RESTRICT="!test? ( test )"
+
+MINKV="4.15"
+
+COMMON_DEPEND="
+	>=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}]
+	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+	virtual/libcrypt:=[${MULTILIB_USEDEP}]
+	acl? ( sys-apps/acl:0= )
+	apparmor? ( >=sys-libs/libapparmor-2.13:0= )
+	audit? ( >=sys-process/audit-2:0= )
+	cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
+	curl? ( >=net-misc/curl-7.32.0:0= )
+	elfutils? ( >=dev-libs/elfutils-0.158:0= )
+	fido2? ( dev-libs/libfido2:0= )
+	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+	gnutls? ( >=net-libs/gnutls-3.6.0:0= )
+	http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
+	idn? ( net-dns/libidn2:= )
+	importd? (
+		app-arch/bzip2:0=
+		sys-libs/zlib:0=
+	)
+	kmod? ( >=sys-apps/kmod-15:0= )
+	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+	iptables? ( net-firewall/iptables:0= )
+	openssl? ( >=dev-libs/openssl-1.1.0:0= )
+	pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
+	pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= )
+	pcre? ( dev-libs/libpcre2 )
+	pwquality? ( >=dev-libs/libpwquality-1.4.1:0= )
+	qrcode? ( >=media-gfx/qrencode-3:0= )
+	seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+	selinux? ( >=sys-libs/libselinux-2.1.9:0= )
+	tpm? ( app-crypt/tpm2-tss:0= )
+	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
+	zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
+"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+	>=sys-kernel/linux-headers-${MINKV}
+"
+
+PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+	>=acct-group/adm-0-r1
+	>=acct-group/wheel-0-r1
+	>=acct-group/kmem-0-r1
+	>=acct-group/tty-0-r1
+	>=acct-group/utmp-0-r1
+	>=acct-group/audio-0-r1
+	>=acct-group/cdrom-0-r1
+	>=acct-group/dialout-0-r1
+	>=acct-group/disk-0-r1
+	>=acct-group/input-0-r1
+	>=acct-group/kvm-0-r1
+	>=acct-group/lp-0-r1
+	>=acct-group/render-0-r1
+	acct-group/sgx
+	>=acct-group/tape-0-r1
+	acct-group/users
+	>=acct-group/video-0-r1
+	>=acct-group/systemd-journal-0-r1
+	>=acct-user/root-0-r1
+	acct-user/nobody
+	>=acct-user/systemd-journal-remote-0-r1
+	>=acct-user/systemd-coredump-0-r1
+	>=acct-user/systemd-network-0-r1
+	acct-user/systemd-oom
+	>=acct-user/systemd-resolve-0-r1
+	>=acct-user/systemd-timesync-0-r1
+	>=sys-apps/baselayout-2.2
+	ukify? (
+		${PYTHON_DEPS}
+		$(python_gen_cond_dep "${PEFILE_DEPEND}")
+	)
+	selinux? (
+		sec-policy/selinux-base-policy[systemd]
+		sec-policy/selinux-ntp
+	)
+	sysv-utils? (
+		!sys-apps/openrc[sysv-utils(-)]
+		!sys-apps/sysvinit
+	)
+	!sysv-utils? ( sys-apps/sysvinit )
+	resolvconf? ( !net-dns/openresolv )
+	!sys-apps/hwids[udev]
+	!sys-auth/nss-myhostname
+	!sys-fs/eudev
+	!sys-fs/udev
+"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+	>=sys-fs/udev-init-scripts-34
+	policykit? ( sys-auth/polkit )
+	!vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+BDEPEND="
+	app-arch/xz-utils:0
+	dev-util/gperf
+	>=dev-util/meson-0.46
+	>=sys-apps/coreutils-8.16
+	sys-devel/gettext
+	virtual/pkgconfig
+	test? (
+		app-text/tree
+		dev-lang/perl
+		sys-apps/dbus
+	)
+	app-text/docbook-xml-dtd:4.2
+	app-text/docbook-xml-dtd:4.5
+	app-text/docbook-xsl-stylesheets
+	dev-libs/libxslt:0
+	${PYTHON_DEPS}
+	$(python_gen_cond_dep "
+		dev-python/jinja[\${PYTHON_USEDEP}]
+		dev-python/lxml[\${PYTHON_USEDEP}]
+		boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] )
+		ukify? ( test? ( ${PEFILE_DEPEND} ) )
+	")
+"
+
+QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
+QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
+
+pkg_pretend() {
+	if use split-usr; then
+		eerror "Please complete the migration to merged-usr."
+		eerror "https://wiki.gentoo.org/wiki/Merge-usr"
+		die "systemd no longer supports split-usr"
+	fi
+	if [[ ${MERGE_TYPE} != buildonly ]]; then
+		if use test && has pid-sandbox ${FEATURES}; then
+			ewarn "Tests are known to fail with PID sandboxing enabled."
+			ewarn "See https://bugs.gentoo.org/674458."
+		fi
+
+		local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
+			~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+			~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
+			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+			~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+			~!SYSFS_DEPRECATED_V2"
+
+		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+
+		if kernel_is -ge 5 10 20; then
+			CONFIG_CHECK+=" ~KCMP"
+		else
+			CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
+		fi
+
+		if kernel_is -ge 4 18; then
+			CONFIG_CHECK+=" ~AUTOFS_FS"
+		else
+			CONFIG_CHECK+=" ~AUTOFS4_FS"
+		fi
+
+		if linux_config_exists; then
+			local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+			if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+				ewarn "It's recommended to set an empty value to the following kernel config option:"
+				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+			fi
+			if linux_chkconfig_present X86; then
+				CONFIG_CHECK+=" ~DMIID"
+			fi
+		fi
+
+		if kernel_is -lt ${MINKV//./ }; then
+			ewarn "Kernel version at least ${MINKV} required"
+		fi
+
+		check_extra_config
+	fi
+}
+
+pkg_setup() {
+	use boot && secureboot_pkg_setup
+}
+
+src_unpack() {
+	default
+	[[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}"/255-analyze-regression.patch
+	)
+
+	if ! use vanilla; then
+		PATCHES+=(
+			"${FILESDIR}/gentoo-generator-path-r2.patch"
+			"${FILESDIR}/gentoo-journald-audit-r1.patch"
+		)
+	fi
+
+	default
+}
+
+src_configure() {
+	# Prevent conflicts with i686 cross toolchain, bug 559726
+	tc-export AR CC NM OBJCOPY RANLIB
+
+	python_setup
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	local myconf=(
+		--localstatedir="${EPREFIX}/var"
+		# default is developer, bug 918671
+		-Dmode=release
+		-Dsupport-url="https://gentoo.org/support/"
+		-Dpamlibdir="$(getpam_mod_dir)"
+		# avoid bash-completion dep
+		-Dbashcompletiondir="$(get_bashcompdir)"
+		-Dsplit-bin=false
+		# Disable compatibility with sysvinit
+		-Dsysvinit-path=
+		-Dsysvrcnd-path=
+		# Avoid infinite exec recursion, bug 642724
+		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+		# no deps
+		-Dima=true
+		-Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
+		# Optional components/dependencies
+		$(meson_native_use_bool acl)
+		$(meson_native_use_bool apparmor)
+		$(meson_native_use_bool audit)
+		$(meson_native_use_bool boot bootloader)
+		$(meson_native_use_bool cryptsetup libcryptsetup)
+		$(meson_native_use_bool curl libcurl)
+		$(meson_native_use_bool dns-over-tls dns-over-tls)
+		$(meson_native_use_bool elfutils)
+		$(meson_native_use_bool fido2 libfido2)
+		$(meson_use gcrypt)
+		$(meson_native_use_bool gnutls)
+		$(meson_native_use_bool homed)
+		$(meson_native_use_bool http microhttpd)
+		$(meson_native_use_bool idn)
+		$(meson_native_use_bool importd)
+		$(meson_native_use_bool importd bzip2)
+		$(meson_native_use_bool importd zlib)
+		$(meson_native_use_bool kernel-install)
+		$(meson_native_use_bool kmod)
+		$(meson_use lz4)
+		$(meson_use lzma xz)
+		$(meson_use test tests)
+		$(meson_use zstd)
+		$(meson_native_use_bool iptables libiptc)
+		$(meson_native_use_bool openssl)
+		$(meson_use pam)
+		$(meson_native_use_bool pkcs11 p11kit)
+		$(meson_native_use_bool pcre pcre2)
+		$(meson_native_use_bool policykit polkit)
+		$(meson_native_use_bool pwquality)
+		$(meson_native_use_bool qrcode qrencode)
+		$(meson_native_use_bool seccomp)
+		$(meson_native_use_bool selinux)
+		$(meson_native_use_bool tpm tpm2)
+		$(meson_native_use_bool test dbus)
+		$(meson_native_use_bool ukify)
+		$(meson_native_use_bool xkb xkbcommon)
+		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+		# Breaks screen, tmux, etc.
+		-Ddefault-kill-user-processes=false
+		-Dcreate-log-dirs=false
+
+		# multilib options
+		$(meson_native_true backlight)
+		$(meson_native_true binfmt)
+		$(meson_native_true coredump)
+		$(meson_native_true environment-d)
+		$(meson_native_true firstboot)
+		$(meson_native_true hibernate)
+		$(meson_native_true hostnamed)
+		$(meson_native_true ldconfig)
+		$(meson_native_true localed)
+		$(meson_native_true man)
+		$(meson_native_true networkd)
+		$(meson_native_true quotacheck)
+		$(meson_native_true randomseed)
+		$(meson_native_true rfkill)
+		$(meson_native_true sysusers)
+		$(meson_native_true timedated)
+		$(meson_native_true timesyncd)
+		$(meson_native_true tmpfiles)
+		$(meson_native_true vconsole)
+	)
+
+	meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_test() {
+	unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
+	local -x COLUMNS=80
+	meson_src_test
+}
+
+multilib_src_install_all() {
+	# meson doesn't know about docdir
+	mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
+
+	einstalldocs
+	dodoc "${FILESDIR}"/nsswitch.conf
+
+	insinto /usr/lib/tmpfiles.d
+	doins "${FILESDIR}"/legacy.conf
+
+	if ! use resolvconf; then
+		rm -f "${ED}"/usr/bin/resolvconf || die
+	fi
+
+	if ! use sysv-utils; then
+		rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die
+		rm "${ED}"/usr/share/man/man1/init.1 || die
+		rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
+	fi
+
+	# https://bugs.gentoo.org/761763
+	rm -r "${ED}"/usr/lib/sysusers.d || die
+
+	# Preserve empty dirs in /etc & /var, bug #437008
+	keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+	keepdir /etc/kernel/install.d
+	keepdir /etc/systemd/{network,system,user}
+	keepdir /etc/udev/rules.d
+
+	keepdir /etc/udev/hwdb.d
+
+	keepdir /usr/lib/systemd/{system-sleep,system-shutdown}
+	keepdir /usr/lib/{binfmt.d,modules-load.d}
+	keepdir /usr/lib/systemd/user-generators
+	keepdir /var/lib/systemd
+	keepdir /var/log/journal
+
+	if use pam; then
+		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+	fi
+
+	use ukify && python_fix_shebang "${ED}"
+	use boot && secureboot_auto_sign
+}
+
+migrate_locale() {
+	local envd_locale_def="${EROOT}/etc/env.d/02locale"
+	local envd_locale=( "${EROOT}"/etc/env.d/??locale )
+	local locale_conf="${EROOT}/etc/locale.conf"
+
+	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+		# If locale.conf does not exist...
+		if [[ -e ${envd_locale} ]]; then
+			# ...either copy env.d/??locale if there's one
+			ebegin "Moving ${envd_locale} to ${locale_conf}"
+			mv "${envd_locale}" "${locale_conf}"
+			eend ${?} || FAIL=1
+		else
+			# ...or create a dummy default
+			ebegin "Creating ${locale_conf}"
+			cat > "${locale_conf}" <<-EOF
+				# This file has been created by the sys-apps/systemd ebuild.
+				# See locale.conf(5) and localectl(1).
+
+				# LANG=${LANG}
+			EOF
+			eend ${?} || FAIL=1
+		fi
+	fi
+
+	if [[ ! -L ${envd_locale} ]]; then
+		# now, if env.d/??locale is not a symlink (to locale.conf)...
+		if [[ -e ${envd_locale} ]]; then
+			# ...warn the user that he has duplicate locale settings
+			ewarn
+			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+			ewarn "and create the symlink with the following command:"
+			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+			ewarn
+		else
+			# ...or just create the symlink if there's nothing here
+			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+			ln -n -s ../locale.conf "${envd_locale_def}"
+			eend ${?} || FAIL=1
+		fi
+	fi
+}
+
+pkg_preinst() {
+	if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
+		# Symlink /etc/sysctl.conf for easy migration.
+		dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
+	fi
+
+	if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
+		ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
+		ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
+	fi
+}
+
+pkg_postinst() {
+	systemd_update_catalog
+
+	# Keep this here in case the database format changes so it gets updated
+	# when required.
+	systemd-hwdb --root="${ROOT}" update
+
+	udev_reload || FAIL=1
+
+	# Bug 465468, make sure locales are respected, and ensure consistency
+	# between OpenRC & systemd
+	migrate_locale
+
+	if [[ -z ${REPLACING_VERSIONS} ]]; then
+		if type systemctl &>/dev/null; then
+			systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
+		fi
+		elog "To enable a useful set of services, run the following:"
+		elog "  systemctl preset-all --preset-mode=enable-only"
+	fi
+
+	if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
+		rm "${EROOT}/var/lib/systemd/timesync"
+	fi
+
+	if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
+		ebegin "Reexecuting system manager (systemd)"
+		systemctl daemon-reexec
+		eend $? || FAIL=1
+	fi
+
+	if [[ ${FAIL} ]]; then
+		eerror "One of the postinst commands failed. Please check the postinst output"
+		eerror "for errors. You may need to clean up your system and/or try installing"
+		eerror "systemd again."
+		eerror
+	fi
+}
+
+pkg_prerm() {
+	# If removing systemd completely, remove the catalog database.
+	if [[ ! ${REPLACED_BY_VERSION} ]]; then
+		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+	fi
+}


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2023-08-17  1:08 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2023-08-17  1:08 UTC (permalink / raw
  To: gentoo-commits

commit:     2dcfd6ce1952b2c37fefd04fe11cfbb1ef8ebe41
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 17 01:07:13 2023 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Aug 17 01:07:13 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2dcfd6ce

sys-apps/systemd: backport tmpfiles/udev fix

Closes: https://bugs.gentoo.org/911723
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../systemd-254.1-tmpfiles-setup-dev-early.patch   | 252 +++++++++++++++++++++
 ...ystemd-254.1.ebuild => systemd-254.1-r1.ebuild} |   1 +
 2 files changed, 253 insertions(+)

diff --git a/sys-apps/systemd/files/systemd-254.1-tmpfiles-setup-dev-early.patch b/sys-apps/systemd/files/systemd-254.1-tmpfiles-setup-dev-early.patch
new file mode 100644
index 000000000000..77f6e19fe6c8
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-254.1-tmpfiles-setup-dev-early.patch
@@ -0,0 +1,252 @@
+https://github.com/systemd/systemd/pull/28784
+https://bugs.gentoo.org/911723
+
+From bb7f485f4bddd57bbf50739bafa43d127bab59d6 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sat, 12 Aug 2023 07:54:32 +0900
+Subject: [PATCH] units: introduce systemd-tmpfiles-setup-dev-early.service
+
+This makes tmpfiles, sysusers, and udevd invoked in the following order:
+1. systemd-tmpfiles-setup-dev-early.service
+   Create device nodes gracefully, that is, create device nodes anyway
+   by ignoring unknown users and groups.
+2. systemd-sysusers.service
+   Create users and groups, to make later invocations of tmpfiles and
+   udevd can resolve necessary users and groups.
+3. systemd-tmpfiles-setup-dev.service
+   Adjust owners of previously created device nodes.
+4. systemd-udevd.service
+   Process all devices. Especially to make block devices active and can
+   be mountable.
+5. systemd-tmpfiles-setup.service
+   Setup basic filesystem.
+
+Follow-up for b42482af904ae0b94a6e4501ec595448f0ba1c06.
+
+Fixes #28653.
+Replaces #28681 and #28732.
+---
+ man/systemd-tmpfiles.xml                      |  3 +
+ test/TEST-17-UDEV/test.sh                     |  4 ++
+ test/units/testsuite-17.00.sh                 | 57 +++++++++++++++++++
+ units/kmod-static-nodes.service.in            |  2 +-
+ units/meson.build                             |  5 ++
+ units/systemd-sysusers.service                |  2 +
+ .../systemd-tmpfiles-setup-dev-early.service  | 25 ++++++++
+ units/systemd-tmpfiles-setup-dev.service      |  3 +-
+ units/systemd-tmpfiles-setup.service          |  2 +-
+ 9 files changed, 100 insertions(+), 3 deletions(-)
+ create mode 100755 test/units/testsuite-17.00.sh
+ create mode 100644 units/systemd-tmpfiles-setup-dev-early.service
+
+diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml
+index decd66d5c667..0db2a4b03b46 100644
+--- a/man/systemd-tmpfiles.xml
++++ b/man/systemd-tmpfiles.xml
+@@ -19,6 +19,7 @@
+   <refnamediv>
+     <refname>systemd-tmpfiles</refname>
+     <refname>systemd-tmpfiles-setup.service</refname>
++    <refname>systemd-tmpfiles-setup-dev-early.service</refname>
+     <refname>systemd-tmpfiles-setup-dev.service</refname>
+     <refname>systemd-tmpfiles-clean.service</refname>
+     <refname>systemd-tmpfiles-clean.timer</refname>
+@@ -35,6 +36,7 @@
+ 
+     <para>System units:
+ <literallayout><filename>systemd-tmpfiles-setup.service</filename>
++<filename>systemd-tmpfiles-setup-dev-early.service</filename>
+ <filename>systemd-tmpfiles-setup-dev.service</filename>
+ <filename>systemd-tmpfiles-clean.service</filename>
+ <filename>systemd-tmpfiles-clean.timer</filename></literallayout></para>
+@@ -64,6 +66,7 @@
+     searched for a matching file and the file found that has the highest priority is executed.</para>
+ 
+     <para>System services (<filename>systemd-tmpfiles-setup.service</filename>,
++    <filename>systemd-tmpfiles-setup-dev-early.service</filename>,
+     <filename>systemd-tmpfiles-setup-dev.service</filename>,
+     <filename>systemd-tmpfiles-clean.service</filename>) invoke <command>systemd-tmpfiles</command> to create
+     system files and to perform system wide cleanup. Those services read administrator-controlled
+diff --git a/test/TEST-17-UDEV/test.sh b/test/TEST-17-UDEV/test.sh
+index 6b8f08fc328a..f7a907549607 100755
+--- a/test/TEST-17-UDEV/test.sh
++++ b/test/TEST-17-UDEV/test.sh
+@@ -8,5 +8,9 @@ TEST_NO_NSPAWN=1
+ # shellcheck source=test/test-functions
+ . "${TEST_BASE_DIR:?}/test-functions"
+ 
++test_append_files() {
++    instmods snd_seq snd_timer tun
++    generate_module_dependencies
++}
+ 
+ do_test "$@"
+diff --git a/test/units/testsuite-17.00.sh b/test/units/testsuite-17.00.sh
+new file mode 100755
+index 000000000000..d2aec60b1326
+--- /dev/null
++++ b/test/units/testsuite-17.00.sh
+@@ -0,0 +1,57 @@
++#!/usr/bin/env bash
++# SPDX-License-Identifier: LGPL-2.1-or-later
++set -ex
++set -o pipefail
++
++# shellcheck source=test/units/util.sh
++. "$(dirname "$0")"/util.sh
++
++# Tests for issue #28588 and #28653.
++
++# On boot, services need to be started in the following order:
++# 1. systemd-tmpfiles-setup-dev-early.service
++# 2. systemd-sysusers.service
++# 3. systemd-tmpfiles-setup-dev.service
++# 4. systemd-udevd.service
++
++output="$(systemctl show --property After --value systemd-udevd.service)"
++assert_in "systemd-tmpfiles-setup-dev-early.service" "$output"
++assert_in "systemd-sysusers.service" "$output"
++assert_in "systemd-tmpfiles-setup-dev.service" "$output"
++
++output="$(systemctl show --property After --value systemd-tmpfiles-setup-dev.service)"
++assert_in "systemd-tmpfiles-setup-dev-early.service" "$output"
++assert_in "systemd-sysusers.service" "$output"
++
++output="$(systemctl show --property After --value systemd-sysusers.service)"
++assert_in "systemd-tmpfiles-setup-dev-early.service" "$output"
++
++check_owner_and_mode() {
++    local dev=${1?}
++    local user=${2?}
++    local group=${3?}
++    local mode=${4:-}
++
++    if [[ -e "$dev" ]]; then
++        assert_in "$user" "$(stat --format=%U "$dev")"
++        assert_in "$group" "$(stat --format=%G "$dev")"
++        if [[ -n "$mode" ]]; then
++            assert_in "$mode" "$(stat --format=%#0a "$dev")"
++        fi
++    fi
++
++    return 0
++}
++
++# Check owner and access mode specified in static-nodes-permissions.conf
++check_owner_and_mode /dev/snd/seq      root audio 0660
++check_owner_and_mode /dev/snd/timer    root audio 0660
++check_owner_and_mode /dev/loop-control root disk  0660
++check_owner_and_mode /dev/net/tun      root root  0666
++check_owner_and_mode /dev/fuse         root root  0666
++check_owner_and_mode /dev/vfio/vfio    root root  0666
++check_owner_and_mode /dev/kvm          root kvm
++check_owner_and_mode /dev/vhost-net    root kvm
++check_owner_and_mode /dev/vhost-vsock  root kvm
++
++exit 0
+diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in
+index 777e82d16b90..70605d997e0a 100644
+--- a/units/kmod-static-nodes.service.in
++++ b/units/kmod-static-nodes.service.in
+@@ -10,7 +10,7 @@
+ [Unit]
+ Description=Create List of Static Device Nodes
+ DefaultDependencies=no
+-Before=sysinit.target systemd-tmpfiles-setup-dev.service
++Before=sysinit.target systemd-tmpfiles-setup-dev-early.service
+ ConditionCapability=CAP_SYS_MODULE
+ ConditionFileNotEmpty=/lib/modules/%v/modules.devname
+ 
+diff --git a/units/meson.build b/units/meson.build
+index 96ad1dc85016..20665e040874 100644
+--- a/units/meson.build
++++ b/units/meson.build
+@@ -544,6 +544,11 @@ units = [
+           'conditions' : ['ENABLE_TMPFILES'],
+           'symlinks' : ['timers.target.wants/'],
+         },
++        {
++          'file' : 'systemd-tmpfiles-setup-dev-early.service',
++          'conditions' : ['ENABLE_TMPFILES'],
++          'symlinks' : ['sysinit.target.wants/'],
++        },
+         {
+           'file' : 'systemd-tmpfiles-setup-dev.service',
+           'conditions' : ['ENABLE_TMPFILES'],
+diff --git a/units/systemd-sysusers.service b/units/systemd-sysusers.service
+index 84fd66de37aa..de6c71a03825 100644
+--- a/units/systemd-sysusers.service
++++ b/units/systemd-sysusers.service
+@@ -16,6 +16,8 @@ ConditionCredential=|sysusers.extra
+ 
+ DefaultDependencies=no
+ After=systemd-remount-fs.service
++After=systemd-tmpfiles-setup-dev-early.service
++Before=systemd-tmpfiles-setup-dev.service
+ Before=sysinit.target systemd-update-done.service
+ Conflicts=shutdown.target initrd-switch-root.target
+ Before=shutdown.target initrd-switch-root.target
+diff --git a/units/systemd-tmpfiles-setup-dev-early.service b/units/systemd-tmpfiles-setup-dev-early.service
+new file mode 100644
+index 000000000000..0d6f0daaae32
+--- /dev/null
++++ b/units/systemd-tmpfiles-setup-dev-early.service
+@@ -0,0 +1,25 @@
++#  SPDX-License-Identifier: LGPL-2.1-or-later
++#
++#  This file is part of systemd.
++#
++#  systemd is free software; you can redistribute it and/or modify it
++#  under the terms of the GNU Lesser General Public License as published by
++#  the Free Software Foundation; either version 2.1 of the License, or
++#  (at your option) any later version.
++
++[Unit]
++Description=Create Static Device Nodes in /dev gracefully
++Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8)
++
++DefaultDependencies=no
++Before=sysinit.target local-fs-pre.target systemd-udevd.service
++Wants=local-fs-pre.target
++Conflicts=shutdown.target initrd-switch-root.target
++Before=shutdown.target initrd-switch-root.target
++
++[Service]
++Type=oneshot
++RemainAfterExit=yes
++ExecStart=systemd-tmpfiles --prefix=/dev --create --boot --graceful
++SuccessExitStatus=DATAERR CANTCREAT
++ImportCredential=tmpfiles.*
+diff --git a/units/systemd-tmpfiles-setup-dev.service b/units/systemd-tmpfiles-setup-dev.service
+index acaa9510aa60..3016b497493f 100644
+--- a/units/systemd-tmpfiles-setup-dev.service
++++ b/units/systemd-tmpfiles-setup-dev.service
+@@ -12,6 +12,7 @@ Description=Create Static Device Nodes in /dev
+ Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8)
+ 
+ DefaultDependencies=no
++After=systemd-tmpfiles-setup-dev-early.service
+ Before=sysinit.target local-fs-pre.target systemd-udevd.service
+ Wants=local-fs-pre.target
+ Conflicts=shutdown.target initrd-switch-root.target
+@@ -20,6 +21,6 @@ Before=shutdown.target initrd-switch-root.target
+ [Service]
+ Type=oneshot
+ RemainAfterExit=yes
+-ExecStart=systemd-tmpfiles --prefix=/dev --create --boot --graceful
++ExecStart=systemd-tmpfiles --prefix=/dev --create --boot
+ SuccessExitStatus=DATAERR CANTCREAT
+ ImportCredential=tmpfiles.*
+diff --git a/units/systemd-tmpfiles-setup.service b/units/systemd-tmpfiles-setup.service
+index 6c5e3de8fd96..6cae32850f4f 100644
+--- a/units/systemd-tmpfiles-setup.service
++++ b/units/systemd-tmpfiles-setup.service
+@@ -21,7 +21,7 @@ RefuseManualStop=yes
+ [Service]
+ Type=oneshot
+ RemainAfterExit=yes
+-ExecStart=systemd-tmpfiles --create --remove --boot
++ExecStart=systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev
+ SuccessExitStatus=DATAERR CANTCREAT
+ ImportCredential=tmpfiles.*
+ ImportCredential=login.motd

diff --git a/sys-apps/systemd/systemd-254.1.ebuild b/sys-apps/systemd/systemd-254.1-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-254.1.ebuild
rename to sys-apps/systemd/systemd-254.1-r1.ebuild
index a03b6cbadd51..c0ddb15afd95 100644
--- a/sys-apps/systemd/systemd-254.1.ebuild
+++ b/sys-apps/systemd/systemd-254.1-r1.ebuild
@@ -241,6 +241,7 @@ src_unpack() {
 src_prepare() {
 	local PATCHES=(
 		"${FILESDIR}/systemd-253-initrd-generators.patch"
+		"${FILESDIR}/systemd-254.1-tmpfiles-setup-dev-early.patch"
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2023-08-05 23:07 Sam James
  0 siblings, 0 replies; 65+ messages in thread
From: Sam James @ 2023-08-05 23:07 UTC (permalink / raw
  To: gentoo-commits

commit:     939a1468f8957a670026888a01d4601a00f17142
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Aug  5 23:06:46 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Aug  5 23:06:54 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=939a1468

sys-apps/systemd: backport tmpfiles/udev permissions race fix

Closes: https://bugs.gentoo.org/911723
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../systemd/files/systemd-254-tmpfiles-udev.patch  |  88 ++++
 sys-apps/systemd/systemd-254-r2.ebuild             | 528 +++++++++++++++++++++
 2 files changed, 616 insertions(+)

diff --git a/sys-apps/systemd/files/systemd-254-tmpfiles-udev.patch b/sys-apps/systemd/files/systemd-254-tmpfiles-udev.patch
new file mode 100644
index 000000000000..04dd166310c8
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-254-tmpfiles-udev.patch
@@ -0,0 +1,88 @@
+https://bugs.gentoo.org/911723
+https://github.com/systemd/systemd/issues/28588
+https://github.com/systemd/systemd/issues/28653
+https://github.com/systemd/systemd/pull/28681
+
+(Skipped first commit as it was a revert of https://github.com/systemd/systemd/commit/a3d610998ad3b4c88224fe89a048a84dbceb652b.patc
+which wasn't in 254.)
+
+From 31845ef554877525dc4ff4f25ad11ad805ebf81c Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sat, 5 Aug 2023 04:37:19 +0900
+Subject: [PATCH 2/4] unit: make udev rules take precesence over tmpfiles
+
+Without this change, there are no ordering between udevd and tmpfiles,
+and if tmpfiles is invoked later it may discard the permission set by
+udevd.
+
+Fixes an issue introduced by b42482af904ae0b94a6e4501ec595448f0ba1c06.
+
+Fixes #28588 and #28653.
+--- a/units/systemd-udevd.service.in
++++ b/units/systemd-udevd.service.in
+@@ -12,6 +12,7 @@ Description=Rule-based Manager for Device Events and Files
+ Documentation=man:systemd-udevd.service(8) man:udev(7)
+ DefaultDependencies=no
+ After=systemd-sysusers.service systemd-hwdb-update.service
++After=systemd-tmpfiles-setup-dev.service
+ Before=sysinit.target
+ ConditionPathIsReadWrite=/sys
+ 
+
+From b768379e8b494b025f41946205944a6f3a1a553f Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sat, 5 Aug 2023 04:52:16 +0900
+Subject: [PATCH 3/4] test: add short test for device node permission
+
+--- /dev/null
++++ b/test/units/testsuite-17.00.sh
+@@ -0,0 +1,18 @@
++#!/usr/bin/env bash
++# SPDX-License-Identifier: LGPL-2.1-or-later
++set -ex
++set -o pipefail
++
++# shellcheck source=test/units/util.sh
++. "$(dirname "$0")"/util.sh
++
++# Tests for issue #28588 and #28653.
++
++assert_in "systemd-tmpfiles-setup-dev.service" "$(systemctl show --property After --value systemd-udevd.service)"
++assert_in "systemd-udevd.service" "$(systemctl show --property Before --value systemd-tmpfiles-setup-dev.service)"
++
++if [[ -f /dev/vfio/vfio ]]; then
++   assert_in "crw-rw-rw-" "$(stat --format=%A /dev/vfio/vfio)"
++fi
++
++exit 0
+
+From 23acdb8d0b04d46ecdc88a45594135c321dbfd5b Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sat, 5 Aug 2023 05:03:16 +0900
+Subject: [PATCH 4/4] test: shorten timeout for 'udevadm monitor'
+
+The command should never finish, it is not necessary to wait so long.
+--- a/test/units/testsuite-17.10.sh
++++ b/test/units/testsuite-17.10.sh
+@@ -79,13 +79,13 @@ udevadm info -w /sys/class/net/$netdev
+ udevadm info --wait-for-initialization=5 /sys/class/net/$netdev
+ udevadm info -h
+ 
+-assert_rc 124 timeout 5 udevadm monitor
+-assert_rc 124 timeout 5 udevadm monitor -k
+-assert_rc 124 timeout 5 udevadm monitor -u
+-assert_rc 124 timeout 5 udevadm monitor -s net
+-assert_rc 124 timeout 5 udevadm monitor --subsystem-match net/$netdev
+-assert_rc 124 timeout 5 udevadm monitor -t systemd
+-assert_rc 124 timeout 5 udevadm monitor --tag-match hello
++assert_rc 124 timeout 1 udevadm monitor
++assert_rc 124 timeout 1 udevadm monitor -k
++assert_rc 124 timeout 1 udevadm monitor -u
++assert_rc 124 timeout 1 udevadm monitor -s net
++assert_rc 124 timeout 1 udevadm monitor --subsystem-match net/$netdev
++assert_rc 124 timeout 1 udevadm monitor -t systemd
++assert_rc 124 timeout 1 udevadm monitor --tag-match hello
+ udevadm monitor -h
+ 
+ udevadm settle
+

diff --git a/sys-apps/systemd/systemd-254-r2.ebuild b/sys-apps/systemd/systemd-254-r2.ebuild
new file mode 100644
index 000000000000..4005bb141fa7
--- /dev/null
+++ b/sys-apps/systemd/systemd-254-r2.ebuild
@@ -0,0 +1,528 @@
+# Copyright 2011-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+PYTHON_COMPAT=( python3_{10..11} )
+
+# Avoid QA warnings
+TMPFILES_OPTIONAL=1
+UDEV_OPTIONAL=1
+
+QA_PKGCONFIG_VERSION=$(ver_cut 1)
+
+if [[ ${PV} == 9999 ]]; then
+	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+	inherit git-r3
+else
+	if [[ ${PV} == *.* ]]; then
+		MY_PN=systemd-stable
+	else
+		MY_PN=systemd
+	fi
+	MY_PV=${PV/_/-}
+	MY_P=${MY_PN}-${MY_PV}
+	S=${WORKDIR}/${MY_P}
+	SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+fi
+
+inherit bash-completion-r1 linux-info meson-multilib pam python-single-r1
+inherit secureboot systemd toolchain-funcs udev usr-ldscript
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="http://systemd.io/"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="
+	acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
+	fido2 +gcrypt gnutls homed http idn importd iptables +kmod
+	+lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
+	+resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd
+"
+REQUIRED_USE="
+	${PYTHON_REQUIRED_USE}
+	dns-over-tls? ( || ( gnutls openssl ) )
+	fido2? ( cryptsetup openssl )
+	homed? ( cryptsetup pam openssl )
+	importd? ( curl lzma || ( gcrypt openssl ) )
+	pwquality? ( homed )
+"
+RESTRICT="!test? ( test )"
+
+MINKV="4.15"
+
+COMMON_DEPEND="
+	>=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+	virtual/libcrypt:=[${MULTILIB_USEDEP}]
+	acl? ( sys-apps/acl:0= )
+	apparmor? ( sys-libs/libapparmor:0= )
+	audit? ( >=sys-process/audit-2:0= )
+	cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
+	curl? ( net-misc/curl:0= )
+	elfutils? ( >=dev-libs/elfutils-0.158:0= )
+	fido2? ( dev-libs/libfido2:0= )
+	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+	gnutls? ( >=net-libs/gnutls-3.6.0:0= )
+	http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
+	idn? ( net-dns/libidn2:= )
+	importd? (
+		app-arch/bzip2:0=
+		sys-libs/zlib:0=
+	)
+	kmod? ( >=sys-apps/kmod-15:0= )
+	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+	iptables? ( net-firewall/iptables:0= )
+	openssl? ( >=dev-libs/openssl-1.1.0:0= )
+	pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
+	pkcs11? ( app-crypt/p11-kit:0= )
+	pcre? ( dev-libs/libpcre2 )
+	pwquality? ( dev-libs/libpwquality:0= )
+	qrcode? ( media-gfx/qrencode:0= )
+	seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+	selinux? ( sys-libs/libselinux:0= )
+	tpm? ( app-crypt/tpm2-tss:0= )
+	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
+	zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
+"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+	>=sys-kernel/linux-headers-${MINKV}
+"
+
+PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+	>=acct-group/adm-0-r1
+	>=acct-group/wheel-0-r1
+	>=acct-group/kmem-0-r1
+	>=acct-group/tty-0-r1
+	>=acct-group/utmp-0-r1
+	>=acct-group/audio-0-r1
+	>=acct-group/cdrom-0-r1
+	>=acct-group/dialout-0-r1
+	>=acct-group/disk-0-r1
+	>=acct-group/input-0-r1
+	>=acct-group/kvm-0-r1
+	>=acct-group/lp-0-r1
+	>=acct-group/render-0-r1
+	acct-group/sgx
+	>=acct-group/tape-0-r1
+	acct-group/users
+	>=acct-group/video-0-r1
+	>=acct-group/systemd-journal-0-r1
+	>=acct-user/root-0-r1
+	acct-user/nobody
+	>=acct-user/systemd-journal-remote-0-r1
+	>=acct-user/systemd-coredump-0-r1
+	>=acct-user/systemd-network-0-r1
+	acct-user/systemd-oom
+	>=acct-user/systemd-resolve-0-r1
+	>=acct-user/systemd-timesync-0-r1
+	>=sys-apps/baselayout-2.2
+	boot? (
+		${PYTHON_DEPS}
+		$(python_gen_cond_dep "${PEFILE_DEPEND}")
+	)
+	selinux? (
+		sec-policy/selinux-base-policy[systemd]
+		sec-policy/selinux-ntp
+	)
+	sysv-utils? (
+		!sys-apps/openrc[sysv-utils(-)]
+		!sys-apps/sysvinit
+	)
+	!sysv-utils? ( sys-apps/sysvinit )
+	resolvconf? ( !net-dns/openresolv )
+	!sys-apps/hwids[udev]
+	!sys-auth/nss-myhostname
+	!sys-fs/eudev
+	!sys-fs/udev
+"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+	>=sys-fs/udev-init-scripts-34
+	policykit? ( sys-auth/polkit )
+	!vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+BDEPEND="
+	app-arch/xz-utils:0
+	dev-util/gperf
+	>=dev-util/meson-0.46
+	>=sys-apps/coreutils-8.16
+	sys-devel/gettext
+	virtual/pkgconfig
+	test? (
+		app-text/tree
+		dev-lang/perl
+		sys-apps/dbus
+	)
+	app-text/docbook-xml-dtd:4.2
+	app-text/docbook-xml-dtd:4.5
+	app-text/docbook-xsl-stylesheets
+	dev-libs/libxslt:0
+	${PYTHON_DEPS}
+	$(python_gen_cond_dep "
+		dev-python/jinja[\${PYTHON_USEDEP}]
+		dev-python/lxml[\${PYTHON_USEDEP}]
+		boot? (
+			dev-python/pyelftools[\${PYTHON_USEDEP}]
+			test? ( ${PEFILE_DEPEND} )
+		)
+	")
+"
+
+QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
+QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
+
+pkg_pretend() {
+	if [[ ${MERGE_TYPE} != buildonly ]]; then
+		if use test && has pid-sandbox ${FEATURES}; then
+			ewarn "Tests are known to fail with PID sandboxing enabled."
+			ewarn "See https://bugs.gentoo.org/674458."
+		fi
+
+		local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
+			~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+			~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
+			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+			~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+			~!SYSFS_DEPRECATED_V2"
+
+		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+
+		if kernel_is -ge 5 10 20; then
+			CONFIG_CHECK+=" ~KCMP"
+		else
+			CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
+		fi
+
+		if kernel_is -ge 4 18; then
+			CONFIG_CHECK+=" ~AUTOFS_FS"
+		else
+			CONFIG_CHECK+=" ~AUTOFS4_FS"
+		fi
+
+		if linux_config_exists; then
+			local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+			if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+				ewarn "It's recommended to set an empty value to the following kernel config option:"
+				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+			fi
+			if linux_chkconfig_present X86; then
+				CONFIG_CHECK+=" ~DMIID"
+			fi
+		fi
+
+		if kernel_is -lt ${MINKV//./ }; then
+			ewarn "Kernel version at least ${MINKV} required"
+		fi
+
+		check_extra_config
+	fi
+}
+
+pkg_setup() {
+	use boot && secureboot_pkg_setup
+}
+
+src_unpack() {
+	default
+	[[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}/systemd-253-initrd-generators.patch"
+		"${FILESDIR}/systemd-254-dt_relr.patch"
+		"${FILESDIR}/systemd-254-varlink-allocate-heap.patch"
+		"${FILESDIR}/systemd-254-tmpfiles-udev.patch"
+	)
+
+	if ! use vanilla; then
+		PATCHES+=(
+			"${FILESDIR}/gentoo-generator-path-r2.patch"
+			"${FILESDIR}/gentoo-journald-audit-r1.patch"
+		)
+	fi
+
+	# Fails with split-usr.
+	sed -i -e '2i exit 77' test/test-rpm-macros.sh || die
+
+	default
+}
+
+src_configure() {
+	# Prevent conflicts with i686 cross toolchain, bug 559726
+	tc-export AR CC NM OBJCOPY RANLIB
+
+	python_setup
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	local myconf=(
+		--localstatedir="${EPREFIX}/var"
+		-Dsupport-url="https://gentoo.org/support/"
+		-Dpamlibdir="$(getpam_mod_dir)"
+		# avoid bash-completion dep
+		-Dbashcompletiondir="$(get_bashcompdir)"
+		$(meson_use split-usr)
+		$(meson_use split-usr split-bin)
+		-Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
+		-Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
+		# Disable compatibility with sysvinit
+		-Dsysvinit-path=
+		-Dsysvrcnd-path=
+		# Avoid infinite exec recursion, bug 642724
+		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+		# no deps
+		-Dima=true
+		-Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
+		# Optional components/dependencies
+		$(meson_native_use_bool acl)
+		$(meson_native_use_bool apparmor)
+		$(meson_native_use_bool audit)
+		$(meson_native_use_bool boot bootloader)
+		$(meson_native_use_bool cryptsetup libcryptsetup)
+		$(meson_native_use_bool curl libcurl)
+		$(meson_native_use_bool dns-over-tls dns-over-tls)
+		$(meson_native_use_bool elfutils)
+		$(meson_native_use_bool fido2 libfido2)
+		$(meson_use gcrypt)
+		$(meson_native_use_bool gnutls)
+		$(meson_native_use_bool homed)
+		$(meson_native_use_bool http microhttpd)
+		$(meson_native_use_bool idn)
+		$(meson_native_use_bool importd)
+		$(meson_native_use_bool importd bzip2)
+		$(meson_native_use_bool importd zlib)
+		$(meson_native_use_bool kmod)
+		$(meson_use lz4)
+		$(meson_use lzma xz)
+		$(meson_use test tests)
+		$(meson_use zstd)
+		$(meson_native_use_bool iptables libiptc)
+		$(meson_native_use_bool openssl)
+		$(meson_use pam)
+		$(meson_native_use_bool pkcs11 p11kit)
+		$(meson_native_use_bool pcre pcre2)
+		$(meson_native_use_bool policykit polkit)
+		$(meson_native_use_bool pwquality)
+		$(meson_native_use_bool qrcode qrencode)
+		$(meson_native_use_bool seccomp)
+		$(meson_native_use_bool selinux)
+		$(meson_native_use_bool tpm tpm2)
+		$(meson_native_use_bool test dbus)
+		$(meson_native_use_bool xkb xkbcommon)
+		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+		# Breaks screen, tmux, etc.
+		-Ddefault-kill-user-processes=false
+		-Dcreate-log-dirs=false
+
+		# multilib options
+		$(meson_native_true backlight)
+		$(meson_native_true binfmt)
+		$(meson_native_true coredump)
+		$(meson_native_true environment-d)
+		$(meson_native_true firstboot)
+		$(meson_native_true hibernate)
+		$(meson_native_true hostnamed)
+		$(meson_native_true ldconfig)
+		$(meson_native_true localed)
+		$(meson_native_true man)
+		$(meson_native_true networkd)
+		$(meson_native_true quotacheck)
+		$(meson_native_true randomseed)
+		$(meson_native_true rfkill)
+		$(meson_native_true sysusers)
+		$(meson_native_true timedated)
+		$(meson_native_true timesyncd)
+		$(meson_native_true tmpfiles)
+		$(meson_native_true vconsole)
+	)
+
+	meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_test() {
+	unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
+	local -x COLUMNS=80
+	meson_src_test
+}
+
+multilib_src_install_all() {
+	local rootprefix=$(usex split-usr '' /usr)
+	local sbin=$(usex split-usr sbin bin)
+
+	# meson doesn't know about docdir
+	mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
+
+	einstalldocs
+	dodoc "${FILESDIR}"/nsswitch.conf
+
+	insinto /usr/lib/tmpfiles.d
+	doins "${FILESDIR}"/legacy.conf
+
+	if ! use resolvconf; then
+		rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die
+	fi
+
+	if ! use sysv-utils; then
+		rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die
+		rm "${ED}"/usr/share/man/man1/init.1 || die
+		rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
+	fi
+
+	# https://bugs.gentoo.org/761763
+	rm -r "${ED}"/usr/lib/sysusers.d || die
+
+	# Preserve empty dirs in /etc & /var, bug #437008
+	keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+	keepdir /etc/kernel/install.d
+	keepdir /etc/systemd/{network,system,user}
+	keepdir /etc/udev/rules.d
+
+	keepdir /etc/udev/hwdb.d
+
+	keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
+	keepdir /usr/lib/{binfmt.d,modules-load.d}
+	keepdir /usr/lib/systemd/user-generators
+	keepdir /var/lib/systemd
+	keepdir /var/log/journal
+
+	if use pam; then
+		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+	fi
+
+	if use split-usr; then
+		# Avoid breaking boot/reboot
+		dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
+		dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
+	fi
+
+	gen_usr_ldscript -a systemd udev
+
+	if use boot; then
+		python_fix_shebang "${ED}"
+		secureboot_auto_sign
+	fi
+}
+
+migrate_locale() {
+	local envd_locale_def="${EROOT}/etc/env.d/02locale"
+	local envd_locale=( "${EROOT}"/etc/env.d/??locale )
+	local locale_conf="${EROOT}/etc/locale.conf"
+
+	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+		# If locale.conf does not exist...
+		if [[ -e ${envd_locale} ]]; then
+			# ...either copy env.d/??locale if there's one
+			ebegin "Moving ${envd_locale} to ${locale_conf}"
+			mv "${envd_locale}" "${locale_conf}"
+			eend ${?} || FAIL=1
+		else
+			# ...or create a dummy default
+			ebegin "Creating ${locale_conf}"
+			cat > "${locale_conf}" <<-EOF
+				# This file has been created by the sys-apps/systemd ebuild.
+				# See locale.conf(5) and localectl(1).
+
+				# LANG=${LANG}
+			EOF
+			eend ${?} || FAIL=1
+		fi
+	fi
+
+	if [[ ! -L ${envd_locale} ]]; then
+		# now, if env.d/??locale is not a symlink (to locale.conf)...
+		if [[ -e ${envd_locale} ]]; then
+			# ...warn the user that he has duplicate locale settings
+			ewarn
+			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+			ewarn "and create the symlink with the following command:"
+			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+			ewarn
+		else
+			# ...or just create the symlink if there's nothing here
+			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+			ln -n -s ../locale.conf "${envd_locale_def}"
+			eend ${?} || FAIL=1
+		fi
+	fi
+}
+
+pkg_preinst() {
+	if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
+		# Symlink /etc/sysctl.conf for easy migration.
+		dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
+	fi
+
+	if ! use split-usr; then
+		local dir
+		for dir in bin sbin lib usr/sbin; do
+			if [[ ! -L ${EROOT}/${dir} ]]; then
+				eerror "'${EROOT}/${dir}' is not a symbolic link."
+				FAIL=1
+			fi
+		done
+		if [[ ${FAIL} ]]; then
+			eerror "Migration to system layout with merged directories must be performed before"
+			eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
+			die "System layout with split directories still used"
+		fi
+	fi
+	if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
+		ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
+		ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
+	fi
+}
+
+pkg_postinst() {
+	systemd_update_catalog
+
+	# Keep this here in case the database format changes so it gets updated
+	# when required.
+	systemd-hwdb --root="${ROOT}" update
+
+	udev_reload || FAIL=1
+
+	# Bug 465468, make sure locales are respected, and ensure consistency
+	# between OpenRC & systemd
+	migrate_locale
+
+	if [[ -z ${REPLACING_VERSIONS} ]]; then
+		if type systemctl &>/dev/null; then
+			systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
+		fi
+		elog "To enable a useful set of services, run the following:"
+		elog "  systemctl preset-all --preset-mode=enable-only"
+	fi
+
+	if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
+		rm "${EROOT}/var/lib/systemd/timesync"
+	fi
+
+	if [[ ${FAIL} ]]; then
+		eerror "One of the postinst commands failed. Please check the postinst output"
+		eerror "for errors. You may need to clean up your system and/or try installing"
+		eerror "systemd again."
+		eerror
+	fi
+}
+
+pkg_prerm() {
+	# If removing systemd completely, remove the catalog database.
+	if [[ ! ${REPLACED_BY_VERSION} ]]; then
+		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+	fi
+}


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2023-08-02 21:14 Sam James
  0 siblings, 0 replies; 65+ messages in thread
From: Sam James @ 2023-08-02 21:14 UTC (permalink / raw
  To: gentoo-commits

commit:     ceaeadb34ca8a6b72f2da8131dcf69ee24d63324
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Aug  2 21:10:54 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Aug  2 21:14:08 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ceaeadb3

sys-apps/systemd: backport nss-resolve fix

Closes: https://bugs.gentoo.org/911583
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/systemd-254-varlink-allocate-heap.patch  |  40 ++
 sys-apps/systemd/systemd-254-r1.ebuild             | 527 +++++++++++++++++++++
 2 files changed, 567 insertions(+)

diff --git a/sys-apps/systemd/files/systemd-254-varlink-allocate-heap.patch b/sys-apps/systemd/files/systemd-254-varlink-allocate-heap.patch
new file mode 100644
index 000000000000..85f306a175f3
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-254-varlink-allocate-heap.patch
@@ -0,0 +1,40 @@
+https://bugs.gentoo.org/911583
+https://github.com/systemd/systemd/issues/28635
+https://github.com/systemd/systemd/commit/b456f2266afd839f8817235475e57c38e9d76dc9
+
+From b456f2266afd839f8817235475e57c38e9d76dc9 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Wed, 2 Aug 2023 14:55:50 +0200
+Subject: [PATCH] varlink: allocate the buffer for varlink FDs on the heap
+
+Since it's ~16K, which might cause issues in environments with limited
+stack space.
+
+Resolves: #28635
+--- a/src/shared/varlink.c
++++ b/src/shared/varlink.c
+@@ -633,7 +633,7 @@ static int varlink_write(Varlink *v) {
+ #define VARLINK_FDS_MAX (16U*1024U)
+ 
+ static int varlink_read(Varlink *v) {
+-        CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(int) * VARLINK_FDS_MAX)) control;
++        _cleanup_free_ struct cmsghdr *cmsg_fds = NULL;
+         struct iovec iov;
+         struct msghdr mh;
+         size_t rs;
+@@ -690,9 +690,13 @@ static int varlink_read(Varlink *v) {
+                 mh = (struct msghdr) {
+                         .msg_iov = &iov,
+                         .msg_iovlen = 1,
+-                        .msg_control = &control,
+-                        .msg_controllen = sizeof(control),
+                 };
++
++                mh.msg_controllen = CMSG_SPACE(sizeof(int) * VARLINK_FDS_MAX);
++                mh.msg_control = cmsg_fds = malloc(mh.msg_controllen);
++                if (!cmsg_fds)
++                        return -ENOMEM;
++
+                 n = recvmsg_safe(v->fd, &mh, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
+         } else {
+                 bool prefer_read = v->prefer_read_write;

diff --git a/sys-apps/systemd/systemd-254-r1.ebuild b/sys-apps/systemd/systemd-254-r1.ebuild
new file mode 100644
index 000000000000..3ea2cd6d62b0
--- /dev/null
+++ b/sys-apps/systemd/systemd-254-r1.ebuild
@@ -0,0 +1,527 @@
+# Copyright 2011-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+PYTHON_COMPAT=( python3_{10..11} )
+
+# Avoid QA warnings
+TMPFILES_OPTIONAL=1
+UDEV_OPTIONAL=1
+
+QA_PKGCONFIG_VERSION=$(ver_cut 1)
+
+if [[ ${PV} == 9999 ]]; then
+	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+	inherit git-r3
+else
+	if [[ ${PV} == *.* ]]; then
+		MY_PN=systemd-stable
+	else
+		MY_PN=systemd
+	fi
+	MY_PV=${PV/_/-}
+	MY_P=${MY_PN}-${MY_PV}
+	S=${WORKDIR}/${MY_P}
+	SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+fi
+
+inherit bash-completion-r1 linux-info meson-multilib pam python-single-r1
+inherit secureboot systemd toolchain-funcs udev usr-ldscript
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="http://systemd.io/"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="
+	acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
+	fido2 +gcrypt gnutls homed http idn importd iptables +kmod
+	+lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
+	+resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd
+"
+REQUIRED_USE="
+	${PYTHON_REQUIRED_USE}
+	dns-over-tls? ( || ( gnutls openssl ) )
+	fido2? ( cryptsetup openssl )
+	homed? ( cryptsetup pam openssl )
+	importd? ( curl lzma || ( gcrypt openssl ) )
+	pwquality? ( homed )
+"
+RESTRICT="!test? ( test )"
+
+MINKV="4.15"
+
+COMMON_DEPEND="
+	>=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+	virtual/libcrypt:=[${MULTILIB_USEDEP}]
+	acl? ( sys-apps/acl:0= )
+	apparmor? ( sys-libs/libapparmor:0= )
+	audit? ( >=sys-process/audit-2:0= )
+	cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
+	curl? ( net-misc/curl:0= )
+	elfutils? ( >=dev-libs/elfutils-0.158:0= )
+	fido2? ( dev-libs/libfido2:0= )
+	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+	gnutls? ( >=net-libs/gnutls-3.6.0:0= )
+	http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
+	idn? ( net-dns/libidn2:= )
+	importd? (
+		app-arch/bzip2:0=
+		sys-libs/zlib:0=
+	)
+	kmod? ( >=sys-apps/kmod-15:0= )
+	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+	iptables? ( net-firewall/iptables:0= )
+	openssl? ( >=dev-libs/openssl-1.1.0:0= )
+	pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
+	pkcs11? ( app-crypt/p11-kit:0= )
+	pcre? ( dev-libs/libpcre2 )
+	pwquality? ( dev-libs/libpwquality:0= )
+	qrcode? ( media-gfx/qrencode:0= )
+	seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+	selinux? ( sys-libs/libselinux:0= )
+	tpm? ( app-crypt/tpm2-tss:0= )
+	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
+	zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
+"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+	>=sys-kernel/linux-headers-${MINKV}
+"
+
+PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+	>=acct-group/adm-0-r1
+	>=acct-group/wheel-0-r1
+	>=acct-group/kmem-0-r1
+	>=acct-group/tty-0-r1
+	>=acct-group/utmp-0-r1
+	>=acct-group/audio-0-r1
+	>=acct-group/cdrom-0-r1
+	>=acct-group/dialout-0-r1
+	>=acct-group/disk-0-r1
+	>=acct-group/input-0-r1
+	>=acct-group/kvm-0-r1
+	>=acct-group/lp-0-r1
+	>=acct-group/render-0-r1
+	acct-group/sgx
+	>=acct-group/tape-0-r1
+	acct-group/users
+	>=acct-group/video-0-r1
+	>=acct-group/systemd-journal-0-r1
+	>=acct-user/root-0-r1
+	acct-user/nobody
+	>=acct-user/systemd-journal-remote-0-r1
+	>=acct-user/systemd-coredump-0-r1
+	>=acct-user/systemd-network-0-r1
+	acct-user/systemd-oom
+	>=acct-user/systemd-resolve-0-r1
+	>=acct-user/systemd-timesync-0-r1
+	>=sys-apps/baselayout-2.2
+	boot? (
+		${PYTHON_DEPS}
+		$(python_gen_cond_dep "${PEFILE_DEPEND}")
+	)
+	selinux? (
+		sec-policy/selinux-base-policy[systemd]
+		sec-policy/selinux-ntp
+	)
+	sysv-utils? (
+		!sys-apps/openrc[sysv-utils(-)]
+		!sys-apps/sysvinit
+	)
+	!sysv-utils? ( sys-apps/sysvinit )
+	resolvconf? ( !net-dns/openresolv )
+	!sys-apps/hwids[udev]
+	!sys-auth/nss-myhostname
+	!sys-fs/eudev
+	!sys-fs/udev
+"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+	>=sys-fs/udev-init-scripts-34
+	policykit? ( sys-auth/polkit )
+	!vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+BDEPEND="
+	app-arch/xz-utils:0
+	dev-util/gperf
+	>=dev-util/meson-0.46
+	>=sys-apps/coreutils-8.16
+	sys-devel/gettext
+	virtual/pkgconfig
+	test? (
+		app-text/tree
+		dev-lang/perl
+		sys-apps/dbus
+	)
+	app-text/docbook-xml-dtd:4.2
+	app-text/docbook-xml-dtd:4.5
+	app-text/docbook-xsl-stylesheets
+	dev-libs/libxslt:0
+	${PYTHON_DEPS}
+	$(python_gen_cond_dep "
+		dev-python/jinja[\${PYTHON_USEDEP}]
+		dev-python/lxml[\${PYTHON_USEDEP}]
+		boot? (
+			dev-python/pyelftools[\${PYTHON_USEDEP}]
+			test? ( ${PEFILE_DEPEND} )
+		)
+	")
+"
+
+QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
+QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
+
+pkg_pretend() {
+	if [[ ${MERGE_TYPE} != buildonly ]]; then
+		if use test && has pid-sandbox ${FEATURES}; then
+			ewarn "Tests are known to fail with PID sandboxing enabled."
+			ewarn "See https://bugs.gentoo.org/674458."
+		fi
+
+		local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
+			~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+			~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
+			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+			~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+			~!SYSFS_DEPRECATED_V2"
+
+		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+
+		if kernel_is -ge 5 10 20; then
+			CONFIG_CHECK+=" ~KCMP"
+		else
+			CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
+		fi
+
+		if kernel_is -ge 4 18; then
+			CONFIG_CHECK+=" ~AUTOFS_FS"
+		else
+			CONFIG_CHECK+=" ~AUTOFS4_FS"
+		fi
+
+		if linux_config_exists; then
+			local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+			if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+				ewarn "It's recommended to set an empty value to the following kernel config option:"
+				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+			fi
+			if linux_chkconfig_present X86; then
+				CONFIG_CHECK+=" ~DMIID"
+			fi
+		fi
+
+		if kernel_is -lt ${MINKV//./ }; then
+			ewarn "Kernel version at least ${MINKV} required"
+		fi
+
+		check_extra_config
+	fi
+}
+
+pkg_setup() {
+	use boot && secureboot_pkg_setup
+}
+
+src_unpack() {
+	default
+	[[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}/systemd-253-initrd-generators.patch"
+		"${FILESDIR}/systemd-254-dt_relr.patch"
+		"${FILESDIR}/systemd-254-varlink-allocate-heap.patch"
+	)
+
+	if ! use vanilla; then
+		PATCHES+=(
+			"${FILESDIR}/gentoo-generator-path-r2.patch"
+			"${FILESDIR}/gentoo-journald-audit-r1.patch"
+		)
+	fi
+
+	# Fails with split-usr.
+	sed -i -e '2i exit 77' test/test-rpm-macros.sh || die
+
+	default
+}
+
+src_configure() {
+	# Prevent conflicts with i686 cross toolchain, bug 559726
+	tc-export AR CC NM OBJCOPY RANLIB
+
+	python_setup
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	local myconf=(
+		--localstatedir="${EPREFIX}/var"
+		-Dsupport-url="https://gentoo.org/support/"
+		-Dpamlibdir="$(getpam_mod_dir)"
+		# avoid bash-completion dep
+		-Dbashcompletiondir="$(get_bashcompdir)"
+		$(meson_use split-usr)
+		$(meson_use split-usr split-bin)
+		-Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
+		-Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
+		# Disable compatibility with sysvinit
+		-Dsysvinit-path=
+		-Dsysvrcnd-path=
+		# Avoid infinite exec recursion, bug 642724
+		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+		# no deps
+		-Dima=true
+		-Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
+		# Optional components/dependencies
+		$(meson_native_use_bool acl)
+		$(meson_native_use_bool apparmor)
+		$(meson_native_use_bool audit)
+		$(meson_native_use_bool boot bootloader)
+		$(meson_native_use_bool cryptsetup libcryptsetup)
+		$(meson_native_use_bool curl libcurl)
+		$(meson_native_use_bool dns-over-tls dns-over-tls)
+		$(meson_native_use_bool elfutils)
+		$(meson_native_use_bool fido2 libfido2)
+		$(meson_use gcrypt)
+		$(meson_native_use_bool gnutls)
+		$(meson_native_use_bool homed)
+		$(meson_native_use_bool http microhttpd)
+		$(meson_native_use_bool idn)
+		$(meson_native_use_bool importd)
+		$(meson_native_use_bool importd bzip2)
+		$(meson_native_use_bool importd zlib)
+		$(meson_native_use_bool kmod)
+		$(meson_use lz4)
+		$(meson_use lzma xz)
+		$(meson_use test tests)
+		$(meson_use zstd)
+		$(meson_native_use_bool iptables libiptc)
+		$(meson_native_use_bool openssl)
+		$(meson_use pam)
+		$(meson_native_use_bool pkcs11 p11kit)
+		$(meson_native_use_bool pcre pcre2)
+		$(meson_native_use_bool policykit polkit)
+		$(meson_native_use_bool pwquality)
+		$(meson_native_use_bool qrcode qrencode)
+		$(meson_native_use_bool seccomp)
+		$(meson_native_use_bool selinux)
+		$(meson_native_use_bool tpm tpm2)
+		$(meson_native_use_bool test dbus)
+		$(meson_native_use_bool xkb xkbcommon)
+		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+		# Breaks screen, tmux, etc.
+		-Ddefault-kill-user-processes=false
+		-Dcreate-log-dirs=false
+
+		# multilib options
+		$(meson_native_true backlight)
+		$(meson_native_true binfmt)
+		$(meson_native_true coredump)
+		$(meson_native_true environment-d)
+		$(meson_native_true firstboot)
+		$(meson_native_true hibernate)
+		$(meson_native_true hostnamed)
+		$(meson_native_true ldconfig)
+		$(meson_native_true localed)
+		$(meson_native_true man)
+		$(meson_native_true networkd)
+		$(meson_native_true quotacheck)
+		$(meson_native_true randomseed)
+		$(meson_native_true rfkill)
+		$(meson_native_true sysusers)
+		$(meson_native_true timedated)
+		$(meson_native_true timesyncd)
+		$(meson_native_true tmpfiles)
+		$(meson_native_true vconsole)
+	)
+
+	meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_test() {
+	unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
+	local -x COLUMNS=80
+	meson_src_test
+}
+
+multilib_src_install_all() {
+	local rootprefix=$(usex split-usr '' /usr)
+	local sbin=$(usex split-usr sbin bin)
+
+	# meson doesn't know about docdir
+	mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
+
+	einstalldocs
+	dodoc "${FILESDIR}"/nsswitch.conf
+
+	insinto /usr/lib/tmpfiles.d
+	doins "${FILESDIR}"/legacy.conf
+
+	if ! use resolvconf; then
+		rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die
+	fi
+
+	if ! use sysv-utils; then
+		rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die
+		rm "${ED}"/usr/share/man/man1/init.1 || die
+		rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
+	fi
+
+	# https://bugs.gentoo.org/761763
+	rm -r "${ED}"/usr/lib/sysusers.d || die
+
+	# Preserve empty dirs in /etc & /var, bug #437008
+	keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+	keepdir /etc/kernel/install.d
+	keepdir /etc/systemd/{network,system,user}
+	keepdir /etc/udev/rules.d
+
+	keepdir /etc/udev/hwdb.d
+
+	keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
+	keepdir /usr/lib/{binfmt.d,modules-load.d}
+	keepdir /usr/lib/systemd/user-generators
+	keepdir /var/lib/systemd
+	keepdir /var/log/journal
+
+	if use pam; then
+		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+	fi
+
+	if use split-usr; then
+		# Avoid breaking boot/reboot
+		dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
+		dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
+	fi
+
+	gen_usr_ldscript -a systemd udev
+
+	if use boot; then
+		python_fix_shebang "${ED}"
+		secureboot_auto_sign
+	fi
+}
+
+migrate_locale() {
+	local envd_locale_def="${EROOT}/etc/env.d/02locale"
+	local envd_locale=( "${EROOT}"/etc/env.d/??locale )
+	local locale_conf="${EROOT}/etc/locale.conf"
+
+	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+		# If locale.conf does not exist...
+		if [[ -e ${envd_locale} ]]; then
+			# ...either copy env.d/??locale if there's one
+			ebegin "Moving ${envd_locale} to ${locale_conf}"
+			mv "${envd_locale}" "${locale_conf}"
+			eend ${?} || FAIL=1
+		else
+			# ...or create a dummy default
+			ebegin "Creating ${locale_conf}"
+			cat > "${locale_conf}" <<-EOF
+				# This file has been created by the sys-apps/systemd ebuild.
+				# See locale.conf(5) and localectl(1).
+
+				# LANG=${LANG}
+			EOF
+			eend ${?} || FAIL=1
+		fi
+	fi
+
+	if [[ ! -L ${envd_locale} ]]; then
+		# now, if env.d/??locale is not a symlink (to locale.conf)...
+		if [[ -e ${envd_locale} ]]; then
+			# ...warn the user that he has duplicate locale settings
+			ewarn
+			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+			ewarn "and create the symlink with the following command:"
+			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+			ewarn
+		else
+			# ...or just create the symlink if there's nothing here
+			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+			ln -n -s ../locale.conf "${envd_locale_def}"
+			eend ${?} || FAIL=1
+		fi
+	fi
+}
+
+pkg_preinst() {
+	if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
+		# Symlink /etc/sysctl.conf for easy migration.
+		dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
+	fi
+
+	if ! use split-usr; then
+		local dir
+		for dir in bin sbin lib usr/sbin; do
+			if [[ ! -L ${EROOT}/${dir} ]]; then
+				eerror "'${EROOT}/${dir}' is not a symbolic link."
+				FAIL=1
+			fi
+		done
+		if [[ ${FAIL} ]]; then
+			eerror "Migration to system layout with merged directories must be performed before"
+			eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
+			die "System layout with split directories still used"
+		fi
+	fi
+	if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
+		ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
+		ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
+	fi
+}
+
+pkg_postinst() {
+	systemd_update_catalog
+
+	# Keep this here in case the database format changes so it gets updated
+	# when required.
+	systemd-hwdb --root="${ROOT}" update
+
+	udev_reload || FAIL=1
+
+	# Bug 465468, make sure locales are respected, and ensure consistency
+	# between OpenRC & systemd
+	migrate_locale
+
+	if [[ -z ${REPLACING_VERSIONS} ]]; then
+		if type systemctl &>/dev/null; then
+			systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
+		fi
+		elog "To enable a useful set of services, run the following:"
+		elog "  systemctl preset-all --preset-mode=enable-only"
+	fi
+
+	if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
+		rm "${EROOT}/var/lib/systemd/timesync"
+	fi
+
+	if [[ ${FAIL} ]]; then
+		eerror "One of the postinst commands failed. Please check the postinst output"
+		eerror "for errors. You may need to clean up your system and/or try installing"
+		eerror "systemd again."
+		eerror
+	fi
+}
+
+pkg_prerm() {
+	# If removing systemd completely, remove the catalog database.
+	if [[ ! ${REPLACED_BY_VERSION} ]]; then
+		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+	fi
+}


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2023-07-27 22:55 Sam James
  0 siblings, 0 replies; 65+ messages in thread
From: Sam James @ 2023-07-27 22:55 UTC (permalink / raw
  To: gentoo-commits

commit:     0d124f17782d4b6a9e07a2a1bebc5f723e2efac6
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jul 27 22:53:10 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jul 27 22:54:48 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0d124f17

sys-apps/systemd: fix DT_RELR build w/ USE=boot

Closes: https://bugs.gentoo.org/910570
Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-apps/systemd/files/systemd-254-dt_relr.patch | 26 ++++++++++++++++++++++++
 sys-apps/systemd/systemd-254_rc3.ebuild          |  1 +
 2 files changed, 27 insertions(+)

diff --git a/sys-apps/systemd/files/systemd-254-dt_relr.patch b/sys-apps/systemd/files/systemd-254-dt_relr.patch
new file mode 100644
index 000000000000..9adfc11c1dd3
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-254-dt_relr.patch
@@ -0,0 +1,26 @@
+https://bugs.gentoo.org/910570
+https://github.com/systemd/systemd/issues/28520
+https://github.com/systemd/systemd/commit/eff91e2f3863f9e176b383e5c54741c64ca7a636
+
+From eff91e2f3863f9e176b383e5c54741c64ca7a636 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <bluca@debian.org>
+Date: Wed, 26 Jul 2023 11:29:57 +0100
+Subject: [PATCH] efi: link with -z nopack-relative-relocs
+
+elf2efi.py cannot handle DT_RELR relocations, so disable it
+if we can
+
+Fixes https://github.com/systemd/systemd/issues/28520
+--- a/src/boot/efi/meson.build
++++ b/src/boot/efi/meson.build
+@@ -174,6 +174,10 @@ efi_c_ld_args = [
+         '-T' + elf2efi_lds,
+ ]
+ 
++# On CentOS 8 the nopack-relative-relocs linker flag is not supported, and we get:
++#   /usr/bin/ld.bfd: warning: -z nopack-relative-relocs ignored
++efi_c_ld_args += cc.get_supported_link_arguments('-Wl,-z,nopack-relative-relocs')
++
+ # efi_c_args is explicitly passed to targets so that they can override distro-provided flags
+ # that should not be used for EFI binaries.
+ efi_disabled_c_args = cc.get_supported_arguments(

diff --git a/sys-apps/systemd/systemd-254_rc3.ebuild b/sys-apps/systemd/systemd-254_rc3.ebuild
index 494249a2edd6..1333d2cd88f7 100644
--- a/sys-apps/systemd/systemd-254_rc3.ebuild
+++ b/sys-apps/systemd/systemd-254_rc3.ebuild
@@ -241,6 +241,7 @@ src_unpack() {
 src_prepare() {
 	local PATCHES=(
 		"${FILESDIR}/systemd-253-initrd-generators.patch"
+		"${FILESDIR}/systemd-254-dt_relr.patch"
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2023-02-26 19:27 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2023-02-26 19:27 UTC (permalink / raw
  To: gentoo-commits

commit:     bfebeda18b81d781f9dcf8d12c1adddefff6b9a4
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 26 19:26:29 2023 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Feb 26 19:27:02 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bfebeda1

sys-apps/systemd: work around dracut bug with LVM

Bug: https://bugs.gentoo.org/896364
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../files/systemd-253-initrd-generators.patch      | 34 ++++++++++++++++++++++
 .../{systemd-253.ebuild => systemd-253-r1.ebuild}  |  1 +
 2 files changed, 35 insertions(+)

diff --git a/sys-apps/systemd/files/systemd-253-initrd-generators.patch b/sys-apps/systemd/files/systemd-253-initrd-generators.patch
new file mode 100644
index 000000000000..60e7b29d7a1f
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-253-initrd-generators.patch
@@ -0,0 +1,34 @@
+https://bugs.gentoo.org/896364
+
+Workaround for bug in sys-kernel/dracut.
+
+From 6b25470ee28843a49c50442e9d8a98edc842ceca Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Mon, 20 Feb 2023 12:00:30 +0900
+Subject: [PATCH] core/manager: run generators directly when we are in initrd
+
+Some initrd system write files at ourside of /run, /etc, or other
+allowed places. This is a kind of workaround, but in most cases, such
+sandboxing is not necessary as the filesystem is on ramfs when we are in
+initrd.
+
+Fixes #26488.
+---
+ src/core/manager.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 7b394794b0d4..306477c6e6c2 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -3822,8 +3822,8 @@ static int manager_run_generators(Manager *m) {
+         /* If we are the system manager, we fork and invoke the generators in a sanitized mount namespace. If
+          * we are the user manager, let's just execute the generators directly. We might not have the
+          * necessary privileges, and the system manager has already mounted /tmp/ and everything else for us.
+-         */
+-        if (MANAGER_IS_USER(m)) {
++         * If we are in initrd, let's also execute the generators directly, as we are in ramfs. */
++        if (MANAGER_IS_USER(m) || in_initrd()) {
+                 r = manager_execute_generators(m, paths, /* remount_ro= */ false);
+                 goto finish;
+         }

diff --git a/sys-apps/systemd/systemd-253.ebuild b/sys-apps/systemd/systemd-253-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-253.ebuild
rename to sys-apps/systemd/systemd-253-r1.ebuild
index 77c9145b2914..cb638034f21f 100644
--- a/sys-apps/systemd/systemd-253.ebuild
+++ b/sys-apps/systemd/systemd-253-r1.ebuild
@@ -231,6 +231,7 @@ src_unpack() {
 
 src_prepare() {
 	local PATCHES=(
+		"${FILESDIR}/systemd-253-initrd-generators.patch"
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2022-11-07 16:15 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2022-11-07 16:15 UTC (permalink / raw
  To: gentoo-commits

commit:     83353a2bfaa32fa2a5988496eb99674f711849cd
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Nov  7 16:14:40 2022 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Nov  7 16:14:40 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83353a2b

sys-apps/systemd: backport fix for meson-0.64

Bug: https://bugs.gentoo.org/879141
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 sys-apps/systemd/files/251-meson-0.64.patch | 26 ++++++++++++++++++++++++++
 sys-apps/systemd/systemd-251.7.ebuild       |  1 +
 2 files changed, 27 insertions(+)

diff --git a/sys-apps/systemd/files/251-meson-0.64.patch b/sys-apps/systemd/files/251-meson-0.64.patch
new file mode 100644
index 000000000000..6cc200bbd87d
--- /dev/null
+++ b/sys-apps/systemd/files/251-meson-0.64.patch
@@ -0,0 +1,26 @@
+From cddbc850270415a818aadabd71fe12dc0dddd508 Mon Sep 17 00:00:00 2001
+From: Jan Janssen <medhefgo@web.de>
+Date: Sun, 9 Oct 2022 17:16:12 +0200
+Subject: [PATCH] meson: Fix build with --optimization=plain
+
+Note that -O0 is deliberately filtered out as we have to compile with at
+least -O1 due to #24202.
+
+Fixes: #24323
+---
+ src/boot/efi/meson.build | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build
+index e0cd4ebad993..395386d3eda7 100644
+--- a/src/boot/efi/meson.build
++++ b/src/boot/efi/meson.build
+@@ -223,7 +223,7 @@ endif
+ if get_option('debug') and get_option('mode') == 'developer'
+         efi_cflags += ['-ggdb', '-DEFI_DEBUG']
+ endif
+-if get_option('optimization') != '0'
++if get_option('optimization') in ['1', '2', '3', 's', 'g']
+         efi_cflags += ['-O' + get_option('optimization')]
+ endif
+ if get_option('b_ndebug') == 'true' or (

diff --git a/sys-apps/systemd/systemd-251.7.ebuild b/sys-apps/systemd/systemd-251.7.ebuild
index de8a975e58e1..b08e49db559d 100644
--- a/sys-apps/systemd/systemd-251.7.ebuild
+++ b/sys-apps/systemd/systemd-251.7.ebuild
@@ -239,6 +239,7 @@ src_prepare() {
 		# bug #841770.
 		"${FILESDIR}/251-revert-fortify-source-3-fix.patch"
 		"${FILESDIR}/251-gpt-auto-no-cryptsetup.patch"
+		"${FILESDIR}/251-meson-0.64.patch"
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2022-10-19 18:13 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2022-10-19 18:13 UTC (permalink / raw
  To: gentoo-commits

commit:     fca805df7532779c8b3c312ffb7d15f019a8d642
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 19 18:12:45 2022 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Oct 19 18:13:27 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fca805df

sys-apps/systemd: add 252_rc2, drop 252_rc1

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 sys-apps/systemd/Manifest                          |   2 +-
 sys-apps/systemd/files/252-rc1-cryptsetup.patch    | 226 ---------------------
 ...stemd-252_rc1.ebuild => systemd-252_rc2.ebuild} |   1 -
 3 files changed, 1 insertion(+), 228 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index a6bf7d23cced..b02fcebfbc4c 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,4 +1,4 @@
-DIST systemd-252-rc1.tar.gz 11718698 BLAKE2B 599c5c125c0fb0477ea71195491962db230cbaa2c610afbb14a475263f356f160a77ba7321f425cb6db837649ccbce971f80daaf5524ace03362777a71e7a9b5 SHA512 e249eb39da41aca1bc371c9e2b61f135227b0653e4e175c4c6453b0ca4e1cd50894c005d4ef267b5122af4f339cd9b5a4b90a98c4f84f998f96a7ca1ed637d28
+DIST systemd-252-rc2.tar.gz 11736313 BLAKE2B 58efe76846b034ec61136fe01f535b40aabc993ffee687d4a22a20d93a3952fd15e4ac46591934a441f4e74cffec29145f441d97a69a5c456e7a3caee92602cc SHA512 f67703dcd03b300cddc2e8bfbeb843ef66ba0b0c548973797a920c1bed9e3a14a740e08936f7d906141da714bccbae0d4fcb47a7ce13e69c8a2f17d7928e218c
 DIST systemd-stable-251.4.tar.gz 11440203 BLAKE2B 58a0ee4adcc9d35b15b9cc98b3da81d1103b61a6c0bee722468a5113cd7d6de1d40c46ef964ba9ecc4746e81b516ae4b2f1d046874d62db066735c652592612e SHA512 7bbfadd80b88a4c3510a5e4e3572e4eab71dafbf6289da038e552988e09ee8da16da3c9bb8a4fbbde6c6236e0e3c352b0a33f9ee0b84f10241f3499383387738
 DIST systemd-stable-251.5.tar.gz 11444428 BLAKE2B 96df35dae789b11ead1960e1139046972a29c41f74ca800e0fafd84e6a8c238f8d4a30e2991ee94e07e866bc0c3137774ee116f276ac1203cca85254ccf91913 SHA512 2c645a694d45a2670920115529c5f34001153dafe26e5c4e65f8d1a37922a351569d056fc002f1af72dfc173988f93e11893460f64b497e3d5fc339083dcb2fa
 DIST systemd-stable-251.6.tar.gz 11448383 BLAKE2B 987ea88ea23662fd4119e3c796cc2e5f428fcce6cf0b033a5f8da7974c0026d41851f517e489354bbc22973b33c3932ac7280c56527f03a1fcbce3092148b638 SHA512 2da41ac7e939a893ada3ce682a6fe7dd326e8e0132221589da3d2b1d994e1a879118e0c6025f03351dac6567d754223a5f5401d64a5ca9256ab95512800370f8

diff --git a/sys-apps/systemd/files/252-rc1-cryptsetup.patch b/sys-apps/systemd/files/252-rc1-cryptsetup.patch
deleted file mode 100644
index 54b4ce1ea0aa..000000000000
--- a/sys-apps/systemd/files/252-rc1-cryptsetup.patch
+++ /dev/null
@@ -1,226 +0,0 @@
-From bbf73b00697e77ca35ae60109418da77f257be52 Mon Sep 17 00:00:00 2001
-From: Daan De Meyer <daan.j.demeyer@gmail.com>
-Date: Tue, 11 Oct 2022 20:35:34 +0200
-Subject: [PATCH 1/2] cryptsetup-util: Always define dlopen_cryptsetup()
-
----
- src/shared/cryptsetup-util.c | 118 ++++++++++++++++++-----------------
- src/shared/cryptsetup-util.h |   4 +-
- 2 files changed, 63 insertions(+), 59 deletions(-)
-
-diff --git a/src/shared/cryptsetup-util.c b/src/shared/cryptsetup-util.c
-index da6dcb2f093a..401e7a3f9c7d 100644
---- a/src/shared/cryptsetup-util.c
-+++ b/src/shared/cryptsetup-util.c
-@@ -50,63 +50,6 @@ int (*sym_crypt_token_max)(const char *type);
- crypt_token_info (*sym_crypt_token_status)(struct crypt_device *cd, int token, const char **type);
- int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size);
- 
--int dlopen_cryptsetup(void) {
--        int r;
--
--        r = dlopen_many_sym_or_warn(
--                        &cryptsetup_dl, "libcryptsetup.so.12", LOG_DEBUG,
--                        DLSYM_ARG(crypt_activate_by_passphrase),
--#if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
--                        DLSYM_ARG(crypt_activate_by_signed_key),
--#endif
--                        DLSYM_ARG(crypt_activate_by_volume_key),
--                        DLSYM_ARG(crypt_deactivate_by_name),
--                        DLSYM_ARG(crypt_format),
--                        DLSYM_ARG(crypt_free),
--                        DLSYM_ARG(crypt_get_cipher),
--                        DLSYM_ARG(crypt_get_cipher_mode),
--                        DLSYM_ARG(crypt_get_data_offset),
--                        DLSYM_ARG(crypt_get_device_name),
--                        DLSYM_ARG(crypt_get_dir),
--                        DLSYM_ARG(crypt_get_type),
--                        DLSYM_ARG(crypt_get_uuid),
--                        DLSYM_ARG(crypt_get_verity_info),
--                        DLSYM_ARG(crypt_get_volume_key_size),
--                        DLSYM_ARG(crypt_init),
--                        DLSYM_ARG(crypt_init_by_name),
--                        DLSYM_ARG(crypt_keyslot_add_by_volume_key),
--                        DLSYM_ARG(crypt_keyslot_destroy),
--                        DLSYM_ARG(crypt_keyslot_max),
--                        DLSYM_ARG(crypt_load),
--                        DLSYM_ARG(crypt_resize),
--                        DLSYM_ARG(crypt_resume_by_passphrase),
--                        DLSYM_ARG(crypt_set_data_device),
--                        DLSYM_ARG(crypt_set_debug_level),
--                        DLSYM_ARG(crypt_set_log_callback),
--#if HAVE_CRYPT_SET_METADATA_SIZE
--                        DLSYM_ARG(crypt_set_metadata_size),
--#endif
--                        DLSYM_ARG(crypt_set_pbkdf_type),
--                        DLSYM_ARG(crypt_suspend),
--                        DLSYM_ARG(crypt_token_json_get),
--                        DLSYM_ARG(crypt_token_json_set),
--#if HAVE_CRYPT_TOKEN_MAX
--                        DLSYM_ARG(crypt_token_max),
--#endif
--                        DLSYM_ARG(crypt_token_status),
--                        DLSYM_ARG(crypt_volume_key_get));
--        if (r <= 0)
--                return r;
--
--        /* Redirect the default logging calls of libcryptsetup to our own logging infra. (Note that
--         * libcryptsetup also maintains per-"struct crypt_device" log functions, which we'll also set
--         * whenever allocating a "struct crypt_device" context. Why set both? To be defensive: maybe some
--         * other code loaded into this process also changes the global log functions of libcryptsetup, who
--         * knows? And if so, we still want our own objects to log via our own infra, at the very least.) */
--        cryptsetup_enable_logging(NULL);
--        return 1;
--}
--
- static void cryptsetup_log_glue(int level, const char *msg, void *usrptr) {
- 
-         switch (level) {
-@@ -246,6 +189,67 @@ int cryptsetup_add_token_json(struct crypt_device *cd, JsonVariant *v) {
- }
- #endif
- 
-+int dlopen_cryptsetup(void) {
-+#if HAVE_LIBCRYPTSETUP
-+        int r;
-+
-+        r = dlopen_many_sym_or_warn(
-+                        &cryptsetup_dl, "libcryptsetup.so.12", LOG_DEBUG,
-+                        DLSYM_ARG(crypt_activate_by_passphrase),
-+#if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
-+                        DLSYM_ARG(crypt_activate_by_signed_key),
-+#endif
-+                        DLSYM_ARG(crypt_activate_by_volume_key),
-+                        DLSYM_ARG(crypt_deactivate_by_name),
-+                        DLSYM_ARG(crypt_format),
-+                        DLSYM_ARG(crypt_free),
-+                        DLSYM_ARG(crypt_get_cipher),
-+                        DLSYM_ARG(crypt_get_cipher_mode),
-+                        DLSYM_ARG(crypt_get_data_offset),
-+                        DLSYM_ARG(crypt_get_device_name),
-+                        DLSYM_ARG(crypt_get_dir),
-+                        DLSYM_ARG(crypt_get_type),
-+                        DLSYM_ARG(crypt_get_uuid),
-+                        DLSYM_ARG(crypt_get_verity_info),
-+                        DLSYM_ARG(crypt_get_volume_key_size),
-+                        DLSYM_ARG(crypt_init),
-+                        DLSYM_ARG(crypt_init_by_name),
-+                        DLSYM_ARG(crypt_keyslot_add_by_volume_key),
-+                        DLSYM_ARG(crypt_keyslot_destroy),
-+                        DLSYM_ARG(crypt_keyslot_max),
-+                        DLSYM_ARG(crypt_load),
-+                        DLSYM_ARG(crypt_resize),
-+                        DLSYM_ARG(crypt_resume_by_passphrase),
-+                        DLSYM_ARG(crypt_set_data_device),
-+                        DLSYM_ARG(crypt_set_debug_level),
-+                        DLSYM_ARG(crypt_set_log_callback),
-+#if HAVE_CRYPT_SET_METADATA_SIZE
-+                        DLSYM_ARG(crypt_set_metadata_size),
-+#endif
-+                        DLSYM_ARG(crypt_set_pbkdf_type),
-+                        DLSYM_ARG(crypt_suspend),
-+                        DLSYM_ARG(crypt_token_json_get),
-+                        DLSYM_ARG(crypt_token_json_set),
-+#if HAVE_CRYPT_TOKEN_MAX
-+                        DLSYM_ARG(crypt_token_max),
-+#endif
-+                        DLSYM_ARG(crypt_token_status),
-+                        DLSYM_ARG(crypt_volume_key_get));
-+        if (r <= 0)
-+                return r;
-+
-+        /* Redirect the default logging calls of libcryptsetup to our own logging infra. (Note that
-+         * libcryptsetup also maintains per-"struct crypt_device" log functions, which we'll also set
-+         * whenever allocating a "struct crypt_device" context. Why set both? To be defensive: maybe some
-+         * other code loaded into this process also changes the global log functions of libcryptsetup, who
-+         * knows? And if so, we still want our own objects to log via our own infra, at the very least.) */
-+        cryptsetup_enable_logging(NULL);
-+        return 1;
-+#else
-+        return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "cryptsetup support is not compiled in.");
-+#endif
-+}
-+
- int cryptsetup_get_keyslot_from_token(JsonVariant *v) {
-         int keyslot, r;
-         JsonVariant *w;
-diff --git a/src/shared/cryptsetup-util.h b/src/shared/cryptsetup-util.h
-index b1ce07ec8a50..b390dc9a5cbb 100644
---- a/src/shared/cryptsetup-util.h
-+++ b/src/shared/cryptsetup-util.h
-@@ -65,8 +65,6 @@ static inline int crypt_token_max(_unused_ const char *type) {
- extern crypt_token_info (*sym_crypt_token_status)(struct crypt_device *cd, int token, const char **type);
- extern int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size);
- 
--int dlopen_cryptsetup(void);
--
- DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct crypt_device *, crypt_free, NULL);
- DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct crypt_device *, sym_crypt_free, NULL);
- 
-@@ -91,6 +89,8 @@ static inline void sym_crypt_freep(struct crypt_device** cd) {}
- 
- #endif
- 
-+int dlopen_cryptsetup(void);
-+
- int cryptsetup_get_keyslot_from_token(JsonVariant *v);
- 
- static inline const char *mangle_none(const char *s) {
-
-From 86bebe385f6e35ecec708e44dae2b896f5bfa770 Mon Sep 17 00:00:00 2001
-From: Daan De Meyer <daan.j.demeyer@gmail.com>
-Date: Tue, 11 Oct 2022 20:36:03 +0200
-Subject: [PATCH 2/2] repart: Always define VerityMode from/to string functions
-
----
- src/partition/repart.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/src/partition/repart.c b/src/partition/repart.c
-index a0f7d4164500..dd544d6415a9 100644
---- a/src/partition/repart.c
-+++ b/src/partition/repart.c
-@@ -255,12 +255,11 @@ static const char *verity_mode_table[_VERITY_MODE_MAX] = {
- 
- #if HAVE_LIBCRYPTSETUP
- DEFINE_PRIVATE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(encrypt_mode, EncryptMode, ENCRYPT_KEY_FILE);
--DEFINE_PRIVATE_STRING_TABLE_LOOKUP(verity_mode, VerityMode);
- #else
- DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_BOOLEAN(encrypt_mode, EncryptMode, ENCRYPT_KEY_FILE);
--DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(verity_mode, VerityMode);
- #endif
- 
-+DEFINE_PRIVATE_STRING_TABLE_LOOKUP(verity_mode, VerityMode);
- 
- static uint64_t round_down_size(uint64_t v, uint64_t p) {
-         return (v / p) * p;
-From 748367c72368031ca0ef32fadd394c4bcacc126a Mon Sep 17 00:00:00 2001
-From: David Seifert <soap@gentoo.org>
-Date: Wed, 12 Oct 2022 21:47:29 +0200
-Subject: [PATCH] gpt-auto: allow using without cryptsetup
-
-Fixes #24978
----
- src/gpt-auto-generator/gpt-auto-generator.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c
-index 31377d877d5c..5584eb22af1a 100644
---- a/src/gpt-auto-generator/gpt-auto-generator.c
-+++ b/src/gpt-auto-generator/gpt-auto-generator.c
-@@ -571,11 +571,15 @@ static int add_root_rw(DissectedPartition *p) {
- 
- #if ENABLE_EFI
- static int add_root_cryptsetup(void) {
-+#if HAVE_LIBCRYPTSETUP
- 
-         /* If a device /dev/gpt-auto-root-luks appears, then make it pull in systemd-cryptsetup-root.service, which
-          * sets it up, and causes /dev/gpt-auto-root to appear which is all we are looking for. */
- 
-         return add_cryptsetup("root", "/dev/gpt-auto-root-luks", true, false, NULL);
-+#else
-+        return 0;
-+#endif
- }
- #endif
- 

diff --git a/sys-apps/systemd/systemd-252_rc1.ebuild b/sys-apps/systemd/systemd-252_rc2.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-252_rc1.ebuild
rename to sys-apps/systemd/systemd-252_rc2.ebuild
index 6d2654a50d90..2b38fab6fdb7 100644
--- a/sys-apps/systemd/systemd-252_rc1.ebuild
+++ b/sys-apps/systemd/systemd-252_rc2.ebuild
@@ -235,7 +235,6 @@ src_unpack() {
 
 src_prepare() {
 	local PATCHES=(
-		"${FILESDIR}/252-rc1-cryptsetup.patch"
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2022-05-21 22:23 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2022-05-21 22:23 UTC (permalink / raw
  To: gentoo-commits

commit:     c663204d5fb372f83ce48663ee06eed272ab6325
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat May 21 22:22:47 2022 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat May 21 22:23:31 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c663204d

sys-apps/systemd: drop 249.9, 249.11

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 sys-apps/systemd/Manifest                        |   2 -
 sys-apps/systemd/files/249.9-cross-compile.patch |  23 --
 sys-apps/systemd/systemd-249.11.ebuild           | 505 ----------------------
 sys-apps/systemd/systemd-249.9.ebuild            | 506 -----------------------
 4 files changed, 1036 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 7691df4ca36f..9b589c708f7e 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,5 +1,3 @@
 DIST systemd-251.tar.gz 11431104 BLAKE2B da783d815adf244defc3c1ec8a788fffdff45215f5c2449c457e872ad89b8270caa3e48ecb696fa79eb1d79578ded3d098802fed0fc69a191ba2d7d6b120e068 SHA512 5a7116cfd99f7875334a1ce55a76ba1840a28b6500b02de82b879629768e10457efd8278024aa1ffefd43defe657284c4d51ab502ed3c7e6b63d5b6e0cc1f642
-DIST systemd-stable-249.11.tar.gz 10622702 BLAKE2B aa3a327ba8de73dd2ac5ecbd9065f2ca4ed56702d6bbd19de43580e6d56211be58ec7678c1609d843f7e960b71b251e0b7080c49338942cd3071076fa02f7acb SHA512 fed7f81933648945a4bfac9fb12150ecd84d32181f79be0e14e0b3a789343a87569f868670e0b8dfc2801fab39f7490f95ee8c29ba831d7611f78c14ace5ddd8
-DIST systemd-stable-249.9.tar.gz 10613893 BLAKE2B fc7a14fa3b0cc3d05fa9f20fde2efedd3ef0f011d9dce53b0a418994b4257cf753b228cf98f749fb2028d81db55ef30a6e3d9b138d86239cad4fc730d845f9e2 SHA512 ce57bc6c522082e55649fc1886c4dc818c89607e175df2c92feffe288dbd38757f36b30abeebe153f5be6b664a49d729405040a952473cb2133a2e39cf9cc164
 DIST systemd-stable-250.4.tar.gz 11132786 BLAKE2B 8fdfe1bad76e572dc1be0955f3d1c4080f2beb81a2f9670f80827899f5406ab8ed8675400c2f5e8ccef44cf1bceff42ceae12a42e1b67d46c0deb523e6495f25 SHA512 307ed0920da660b6c45d909fea66864fb98db8b2f6905d629fb2012fc4bf64dd25fd61168c22bf4098200be541be9b0e815fbde98806a99c85cb33d49d8b63d0
 DIST systemd-stable-250.5.tar.gz 11212059 BLAKE2B b7dbcb9e82c51e966db20a92ccd59ac19309702c481dd575c4e6367ca5ade10fe4b689925416ce1169682380cbf22d7d692b2378ef091f3007c16891992e3f92 SHA512 ad864b67bd5e2f5fd5705b636467827e4735142cefba150d24bb8e51ac0263650b2b0e53d4426eb509d1db59b83dc3b4c4bf157cc355fc2b7524db6bc4a9b5cd

diff --git a/sys-apps/systemd/files/249.9-cross-compile.patch b/sys-apps/systemd/files/249.9-cross-compile.patch
deleted file mode 100644
index e063d303c7d8..000000000000
--- a/sys-apps/systemd/files/249.9-cross-compile.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From 3d7fd38ea938ab194366f40ed7aa413ad33f2fad Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Tue, 21 Dec 2021 20:10:09 +0900
-Subject: [PATCH] meson: fix cross compiling
-
-(cherry picked from commit 3112d756a36993900b70fbff98e69a2a43b970a8)
----
- meson.build | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/meson.build b/meson.build
-index 02495d16c9..c76cab535d 100644
---- a/meson.build
-+++ b/meson.build
-@@ -442,7 +442,7 @@ conf.set('SIZEOF_DEV_T', cc.sizeof('dev_t', prefix : '#include <sys/types.h>'))
- conf.set('SIZEOF_INO_T', cc.sizeof('ino_t', prefix : '#include <sys/types.h>'))
- conf.set('SIZEOF_TIME_T', cc.sizeof('time_t', prefix : '#include <sys/time.h>'))
- conf.set('SIZEOF_RLIM_T', cc.sizeof('rlim_t', prefix : '#include <sys/resource.h>'))
--conf.set('SIZEOF_TIMEX_MEMBER', cc.sizeof('((struct timex *)0)->freq', prefix : '#include <sys/timex.h>'))
-+conf.set('SIZEOF_TIMEX_MEMBER', cc.sizeof('typeof(((struct timex *)0)->freq)', prefix : '#include <sys/timex.h>'))
- 
- decl_headers = '''
- #include <uchar.h>

diff --git a/sys-apps/systemd/systemd-249.11.ebuild b/sys-apps/systemd/systemd-249.11.ebuild
deleted file mode 100644
index 79c41b24c83c..000000000000
--- a/sys-apps/systemd/systemd-249.11.ebuild
+++ /dev/null
@@ -1,505 +0,0 @@
-# Copyright 2011-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-PYTHON_COMPAT=( python3_{8..10} )
-
-# Avoid QA warnings
-TMPFILES_OPTIONAL=1
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
-	inherit git-r3
-else
-	if [[ ${PV} == *.* ]]; then
-		MY_PN=systemd-stable
-	else
-		MY_PN=systemd
-	fi
-	MY_PV=${PV/_/-}
-	MY_P=${MY_PN}-${MY_PV}
-	S=${WORKDIR}/${MY_P}
-	SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
-	KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
-fi
-
-inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev usr-ldscript
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils fido2 +gcrypt gnuefi homed http idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd"
-
-REQUIRED_USE="
-	homed? ( cryptsetup pam )
-	importd? ( curl gcrypt lzma )
-	pwquality? ( homed )
-"
-RESTRICT="!test? ( test )"
-
-MINKV="3.11"
-
-OPENSSL_DEP=">=dev-libs/openssl-1.1.0:0="
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
-	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
-	virtual/libcrypt:=[${MULTILIB_USEDEP}]
-	acl? ( sys-apps/acl:0= )
-	apparmor? ( sys-libs/libapparmor:0= )
-	audit? ( >=sys-process/audit-2:0= )
-	cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
-	curl? ( net-misc/curl:0= )
-	dns-over-tls? ( >=net-libs/gnutls-3.6.0:0= )
-	elfutils? ( >=dev-libs/elfutils-0.158:0= )
-	fido2? ( dev-libs/libfido2:0= )
-	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
-	homed? ( ${OPENSSL_DEP} )
-	http? (
-		>=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)]
-		>=net-libs/gnutls-3.1.4:0=
-	)
-	idn? ( net-dns/libidn2:= )
-	importd? (
-		app-arch/bzip2:0=
-		sys-libs/zlib:0=
-	)
-	kmod? ( >=sys-apps/kmod-15:0= )
-	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
-	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
-	nat? ( net-firewall/iptables:0= )
-	pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
-	pkcs11? ( app-crypt/p11-kit:0= )
-	pcre? ( dev-libs/libpcre2 )
-	pwquality? ( dev-libs/libpwquality:0= )
-	qrcode? ( media-gfx/qrencode:0= )
-	repart? ( ${OPENSSL_DEP} )
-	seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
-	selinux? ( sys-libs/libselinux:0= )
-	tpm? ( app-crypt/tpm2-tss:0= )
-	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
-	zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
-"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
-	>=sys-kernel/linux-headers-${MINKV}
-	gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
-"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
-	>=acct-group/adm-0-r1
-	>=acct-group/wheel-0-r1
-	>=acct-group/kmem-0-r1
-	>=acct-group/tty-0-r1
-	>=acct-group/utmp-0-r1
-	>=acct-group/audio-0-r1
-	>=acct-group/cdrom-0-r1
-	>=acct-group/dialout-0-r1
-	>=acct-group/disk-0-r1
-	>=acct-group/input-0-r1
-	>=acct-group/kvm-0-r1
-	>=acct-group/lp-0-r1
-	>=acct-group/render-0-r1
-	acct-group/sgx
-	>=acct-group/tape-0-r1
-	acct-group/users
-	>=acct-group/video-0-r1
-	>=acct-group/systemd-journal-0-r1
-	>=acct-user/root-0-r1
-	acct-user/nobody
-	>=acct-user/systemd-journal-remote-0-r1
-	>=acct-user/systemd-coredump-0-r1
-	>=acct-user/systemd-network-0-r1
-	acct-user/systemd-oom
-	>=acct-user/systemd-resolve-0-r1
-	>=acct-user/systemd-timesync-0-r1
-	>=sys-apps/baselayout-2.2
-	selinux? ( sec-policy/selinux-base-policy[systemd] )
-	sysv-utils? (
-		!sys-apps/openrc[sysv-utils(-)]
-		!sys-apps/sysvinit
-	)
-	!sysv-utils? ( sys-apps/sysvinit )
-	resolvconf? ( !net-dns/openresolv )
-	!build? ( || (
-		sys-apps/util-linux[kill(-)]
-		sys-process/procps[kill(+)]
-		sys-apps/coreutils[kill(-)]
-	) )
-	!sys-apps/hwids[udev]
-	!sys-auth/nss-myhostname
-	!sys-fs/eudev
-	!sys-fs/udev
-"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
-	>=sys-fs/udev-init-scripts-34
-	policykit? ( sys-auth/polkit )
-	!vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-BDEPEND="
-	app-arch/xz-utils:0
-	dev-util/gperf
-	>=dev-util/meson-0.46
-	>=sys-apps/coreutils-8.16
-	sys-devel/gettext
-	virtual/pkgconfig
-	test? (
-		app-text/tree
-		dev-lang/perl
-		sys-apps/dbus
-	)
-	app-text/docbook-xml-dtd:4.2
-	app-text/docbook-xml-dtd:4.5
-	app-text/docbook-xsl-stylesheets
-	dev-libs/libxslt:0
-	$(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]')
-	$(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
-"
-
-python_check_deps() {
-	has_version -b "dev-python/jinja[${PYTHON_USEDEP}]" &&
-	has_version -b "dev-python/lxml[${PYTHON_USEDEP}]"
-}
-
-QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
-QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
-
-pkg_pretend() {
-	if [[ ${MERGE_TYPE} != buildonly ]]; then
-		if use test && has pid-sandbox ${FEATURES}; then
-			ewarn "Tests are known to fail with PID sandboxing enabled."
-			ewarn "See https://bugs.gentoo.org/674458."
-		fi
-
-		local CONFIG_CHECK="~AUTOFS4_FS ~BINFMT_MISC ~BLK_DEV_BSG ~CGROUPS
-			~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
-			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
-			~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
-			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
-			~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
-			~!SYSFS_DEPRECATED_V2"
-
-		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
-		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
-		kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
-		kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
-		kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
-
-		if kernel_is -lt 5 10 20; then
-			CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
-		else
-			CONFIG_CHECK+=" ~KCMP"
-		fi
-
-		if linux_config_exists; then
-			local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
-			if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
-				ewarn "It's recommended to set an empty value to the following kernel config option:"
-				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
-			fi
-			if linux_chkconfig_present X86; then
-				CONFIG_CHECK+=" ~DMIID"
-			fi
-		fi
-
-		if kernel_is -lt ${MINKV//./ }; then
-			ewarn "Kernel version at least ${MINKV} required"
-		fi
-
-		check_extra_config
-	fi
-}
-
-pkg_setup() {
-	:
-}
-
-src_unpack() {
-	default
-	[[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
-	# Do NOT add patches here
-	local PATCHES=()
-
-	[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
-	# Add local patches here
-	PATCHES+=(
-	)
-
-	if ! use vanilla; then
-		PATCHES+=(
-			"${FILESDIR}/gentoo-generator-path-r2.patch"
-			"${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
-			"${FILESDIR}/gentoo-journald-audit.patch"
-		)
-	fi
-
-	default
-}
-
-src_configure() {
-	# Prevent conflicts with i686 cross toolchain, bug 559726
-	tc-export AR CC NM OBJCOPY RANLIB
-
-	python_setup
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	local myconf=(
-		--localstatedir="${EPREFIX}/var"
-		-Dsupport-url="https://gentoo.org/support/"
-		-Dpamlibdir="$(getpam_mod_dir)"
-		# avoid bash-completion dep
-		-Dbashcompletiondir="$(get_bashcompdir)"
-		# make sure we get /bin:/sbin in PATH
-		$(meson_use split-usr)
-		-Dsplit-bin=true
-		-Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
-		-Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
-		# Avoid infinite exec recursion, bug 642724
-		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
-		# no deps
-		-Dima=true
-		-Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
-		# Optional components/dependencies
-		$(meson_native_use_bool acl)
-		$(meson_native_use_bool apparmor)
-		$(meson_native_use_bool audit)
-		$(meson_native_use_bool cryptsetup libcryptsetup)
-		$(meson_native_use_bool curl libcurl)
-		$(meson_native_use_bool dns-over-tls dns-over-tls)
-		$(meson_native_use_bool elfutils)
-		$(meson_native_use_bool fido2 libfido2)
-		$(meson_use gcrypt)
-		$(meson_native_use_bool gnuefi gnu-efi)
-		-Defi-includedir="${ESYSROOT}/usr/include/efi"
-		-Defi-ld="$(tc-getLD)"
-		-Defi-libdir="${ESYSROOT}/usr/$(get_libdir)"
-		$(meson_native_use_bool homed)
-		$(meson_native_use_bool http microhttpd)
-		$(meson_native_use_bool idn)
-		$(meson_native_use_bool importd)
-		$(meson_native_use_bool importd bzip2)
-		$(meson_native_use_bool importd zlib)
-		$(meson_native_use_bool kmod)
-		$(meson_use lz4)
-		$(meson_use lzma xz)
-		$(meson_use zstd)
-		$(meson_native_use_bool nat libiptc)
-		$(meson_use pam)
-		$(meson_native_use_bool pkcs11 p11kit)
-		$(meson_native_use_bool pcre pcre2)
-		$(meson_native_use_bool policykit polkit)
-		$(meson_native_use_bool pwquality)
-		$(meson_native_use_bool qrcode qrencode)
-		$(meson_native_use_bool repart)
-		$(meson_native_use_bool seccomp)
-		$(meson_native_use_bool selinux)
-		$(meson_native_use_bool tpm tpm2)
-		$(meson_native_use_bool test dbus)
-		$(meson_native_use_bool xkb xkbcommon)
-		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
-		# Breaks screen, tmux, etc.
-		-Ddefault-kill-user-processes=false
-		-Dcreate-log-dirs=false
-
-		# multilib options
-		$(meson_native_true backlight)
-		$(meson_native_true binfmt)
-		$(meson_native_true coredump)
-		$(meson_native_true environment-d)
-		$(meson_native_true firstboot)
-		$(meson_native_true hibernate)
-		$(meson_native_true hostnamed)
-		$(meson_native_true ldconfig)
-		$(meson_native_true localed)
-		$(meson_native_true man)
-		$(meson_native_true networkd)
-		$(meson_native_true quotacheck)
-		$(meson_native_true randomseed)
-		$(meson_native_true rfkill)
-		$(meson_native_true sysusers)
-		$(meson_native_true timedated)
-		$(meson_native_true timesyncd)
-		$(meson_native_true tmpfiles)
-		$(meson_native_true vconsole)
-	)
-
-	meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_test() {
-	unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
-	meson_src_test
-}
-
-multilib_src_install_all() {
-	local rootprefix=$(usex split-usr '' /usr)
-
-	# meson doesn't know about docdir
-	mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
-
-	einstalldocs
-	dodoc "${FILESDIR}"/nsswitch.conf
-
-	if ! use resolvconf; then
-		rm -f "${ED}${rootprefix}"/sbin/resolvconf || die
-	fi
-
-	rm "${ED}"/etc/init.d/README || die
-	rm "${ED}${rootprefix}"/lib/systemd/system-generators/systemd-sysv-generator || die
-
-	if ! use sysv-utils; then
-		rm "${ED}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
-		rm "${ED}"/usr/share/man/man1/init.1 || die
-		rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
-	fi
-
-	if ! use resolvconf && ! use sysv-utils; then
-		rmdir "${ED}${rootprefix}"/sbin || die
-	fi
-
-	# https://bugs.gentoo.org/761763
-	rm -r "${ED}"/usr/lib/sysusers.d || die
-
-	# Preserve empty dirs in /etc & /var, bug #437008
-	keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
-	keepdir /etc/kernel/install.d
-	keepdir /etc/systemd/{network,system,user}
-	keepdir /etc/udev/rules.d
-
-	keepdir /etc/udev/hwdb.d
-
-	keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
-	keepdir /usr/lib/{binfmt.d,modules-load.d}
-	keepdir /usr/lib/systemd/user-generators
-	keepdir /var/lib/systemd
-	keepdir /var/log/journal
-
-	# Symlink /etc/sysctl.conf for easy migration.
-	dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
-
-	if use pam; then
-		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
-	fi
-
-	if use split-usr; then
-		# Avoid breaking boot/reboot
-		dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
-		dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
-	fi
-
-	gen_usr_ldscript -a systemd udev
-}
-
-migrate_locale() {
-	local envd_locale_def="${EROOT}/etc/env.d/02locale"
-	local envd_locale=( "${EROOT}"/etc/env.d/??locale )
-	local locale_conf="${EROOT}/etc/locale.conf"
-
-	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
-		# If locale.conf does not exist...
-		if [[ -e ${envd_locale} ]]; then
-			# ...either copy env.d/??locale if there's one
-			ebegin "Moving ${envd_locale} to ${locale_conf}"
-			mv "${envd_locale}" "${locale_conf}"
-			eend ${?} || FAIL=1
-		else
-			# ...or create a dummy default
-			ebegin "Creating ${locale_conf}"
-			cat > "${locale_conf}" <<-EOF
-				# This file has been created by the sys-apps/systemd ebuild.
-				# See locale.conf(5) and localectl(1).
-
-				# LANG=${LANG}
-			EOF
-			eend ${?} || FAIL=1
-		fi
-	fi
-
-	if [[ ! -L ${envd_locale} ]]; then
-		# now, if env.d/??locale is not a symlink (to locale.conf)...
-		if [[ -e ${envd_locale} ]]; then
-			# ...warn the user that he has duplicate locale settings
-			ewarn
-			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
-			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
-			ewarn "and create the symlink with the following command:"
-			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
-			ewarn
-		else
-			# ...or just create the symlink if there's nothing here
-			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
-			ln -n -s ../locale.conf "${envd_locale_def}"
-			eend ${?} || FAIL=1
-		fi
-	fi
-}
-
-pkg_preinst() {
-	if ! use split-usr; then
-		local dir
-		for dir in bin sbin lib; do
-			if [[ ! ${EROOT}/${dir} -ef ${EROOT}/usr/${dir} ]]; then
-				eerror "\"${EROOT}/${dir}\" and \"${EROOT}/usr/${dir}\" are not merged."
-				eerror "One of them should be a symbolic link to the other one."
-				FAIL=1
-			fi
-		done
-		if [[ ${FAIL} ]]; then
-			eerror "Migration to system layout with merged directories must be performed before"
-			eerror "rebuilding ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
-			die "System layout with split directories still used"
-		fi
-	fi
-}
-
-pkg_postinst() {
-	systemd_update_catalog
-
-	# Keep this here in case the database format changes so it gets updated
-	# when required.
-	systemd-hwdb --root="${ROOT}" update
-
-	udev_reload || FAIL=1
-
-	# Bug 465468, make sure locales are respected, and ensure consistency
-	# between OpenRC & systemd
-	migrate_locale
-
-	if [[ -z ${REPLACING_VERSIONS} ]]; then
-		if type systemctl &>/dev/null; then
-			systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
-		fi
-		elog "To enable a useful set of services, run the following:"
-		elog "  systemctl preset-all --preset-mode=enable-only"
-	fi
-
-	if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
-		rm "${EROOT}/var/lib/systemd/timesync"
-	fi
-
-	if [[ ${FAIL} ]]; then
-		eerror "One of the postinst commands failed. Please check the postinst output"
-		eerror "for errors. You may need to clean up your system and/or try installing"
-		eerror "systemd again."
-		eerror
-	fi
-}
-
-pkg_prerm() {
-	# If removing systemd completely, remove the catalog database.
-	if [[ ! ${REPLACED_BY_VERSION} ]]; then
-		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
-	fi
-}

diff --git a/sys-apps/systemd/systemd-249.9.ebuild b/sys-apps/systemd/systemd-249.9.ebuild
deleted file mode 100644
index 3367ca393987..000000000000
--- a/sys-apps/systemd/systemd-249.9.ebuild
+++ /dev/null
@@ -1,506 +0,0 @@
-# Copyright 2011-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-PYTHON_COMPAT=( python3_{8..10} )
-
-# Avoid QA warnings
-TMPFILES_OPTIONAL=1
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
-	inherit git-r3
-else
-	if [[ ${PV} == *.* ]]; then
-		MY_PN=systemd-stable
-	else
-		MY_PN=systemd
-	fi
-	MY_PV=${PV/_/-}
-	MY_P=${MY_PN}-${MY_PV}
-	S=${WORKDIR}/${MY_P}
-	SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv sparc x86"
-fi
-
-inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev usr-ldscript
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils fido2 +gcrypt gnuefi homed http idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd"
-
-REQUIRED_USE="
-	homed? ( cryptsetup pam )
-	importd? ( curl gcrypt lzma )
-	pwquality? ( homed )
-"
-RESTRICT="!test? ( test )"
-
-MINKV="3.11"
-
-OPENSSL_DEP=">=dev-libs/openssl-1.1.0:0="
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
-	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
-	virtual/libcrypt:=[${MULTILIB_USEDEP}]
-	acl? ( sys-apps/acl:0= )
-	apparmor? ( sys-libs/libapparmor:0= )
-	audit? ( >=sys-process/audit-2:0= )
-	cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
-	curl? ( net-misc/curl:0= )
-	dns-over-tls? ( >=net-libs/gnutls-3.6.0:0= )
-	elfutils? ( >=dev-libs/elfutils-0.158:0= )
-	fido2? ( dev-libs/libfido2:0= )
-	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
-	homed? ( ${OPENSSL_DEP} )
-	http? (
-		>=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)]
-		>=net-libs/gnutls-3.1.4:0=
-	)
-	idn? ( net-dns/libidn2:= )
-	importd? (
-		app-arch/bzip2:0=
-		sys-libs/zlib:0=
-	)
-	kmod? ( >=sys-apps/kmod-15:0= )
-	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
-	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
-	nat? ( net-firewall/iptables:0= )
-	pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
-	pkcs11? ( app-crypt/p11-kit:0= )
-	pcre? ( dev-libs/libpcre2 )
-	pwquality? ( dev-libs/libpwquality:0= )
-	qrcode? ( media-gfx/qrencode:0= )
-	repart? ( ${OPENSSL_DEP} )
-	seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
-	selinux? ( sys-libs/libselinux:0= )
-	tpm? ( app-crypt/tpm2-tss:0= )
-	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
-	zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
-"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
-	>=sys-kernel/linux-headers-${MINKV}
-	gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
-"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
-	>=acct-group/adm-0-r1
-	>=acct-group/wheel-0-r1
-	>=acct-group/kmem-0-r1
-	>=acct-group/tty-0-r1
-	>=acct-group/utmp-0-r1
-	>=acct-group/audio-0-r1
-	>=acct-group/cdrom-0-r1
-	>=acct-group/dialout-0-r1
-	>=acct-group/disk-0-r1
-	>=acct-group/input-0-r1
-	>=acct-group/kvm-0-r1
-	>=acct-group/lp-0-r1
-	>=acct-group/render-0-r1
-	acct-group/sgx
-	>=acct-group/tape-0-r1
-	acct-group/users
-	>=acct-group/video-0-r1
-	>=acct-group/systemd-journal-0-r1
-	>=acct-user/root-0-r1
-	acct-user/nobody
-	>=acct-user/systemd-journal-remote-0-r1
-	>=acct-user/systemd-coredump-0-r1
-	>=acct-user/systemd-network-0-r1
-	acct-user/systemd-oom
-	>=acct-user/systemd-resolve-0-r1
-	>=acct-user/systemd-timesync-0-r1
-	>=sys-apps/baselayout-2.2
-	selinux? ( sec-policy/selinux-base-policy[systemd] )
-	sysv-utils? (
-		!sys-apps/openrc[sysv-utils(-)]
-		!sys-apps/sysvinit
-	)
-	!sysv-utils? ( sys-apps/sysvinit )
-	resolvconf? ( !net-dns/openresolv )
-	!build? ( || (
-		sys-apps/util-linux[kill(-)]
-		sys-process/procps[kill(+)]
-		sys-apps/coreutils[kill(-)]
-	) )
-	!sys-apps/hwids[udev]
-	!sys-auth/nss-myhostname
-	!sys-fs/eudev
-	!sys-fs/udev
-"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
-	>=sys-fs/udev-init-scripts-34
-	policykit? ( sys-auth/polkit )
-	!vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-BDEPEND="
-	app-arch/xz-utils:0
-	dev-util/gperf
-	>=dev-util/meson-0.46
-	>=sys-apps/coreutils-8.16
-	sys-devel/gettext
-	virtual/pkgconfig
-	test? (
-		app-text/tree
-		dev-lang/perl
-		sys-apps/dbus
-	)
-	app-text/docbook-xml-dtd:4.2
-	app-text/docbook-xml-dtd:4.5
-	app-text/docbook-xsl-stylesheets
-	dev-libs/libxslt:0
-	$(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]')
-	$(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
-"
-
-python_check_deps() {
-	has_version -b "dev-python/jinja[${PYTHON_USEDEP}]" &&
-	has_version -b "dev-python/lxml[${PYTHON_USEDEP}]"
-}
-
-QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
-QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
-
-pkg_pretend() {
-	if [[ ${MERGE_TYPE} != buildonly ]]; then
-		if use test && has pid-sandbox ${FEATURES}; then
-			ewarn "Tests are known to fail with PID sandboxing enabled."
-			ewarn "See https://bugs.gentoo.org/674458."
-		fi
-
-		local CONFIG_CHECK="~AUTOFS4_FS ~BINFMT_MISC ~BLK_DEV_BSG ~CGROUPS
-			~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
-			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
-			~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
-			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
-			~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
-			~!SYSFS_DEPRECATED_V2"
-
-		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
-		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
-		kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
-		kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
-		kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
-
-		if kernel_is -lt 5 10 20; then
-			CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
-		else
-			CONFIG_CHECK+=" ~KCMP"
-		fi
-
-		if linux_config_exists; then
-			local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
-			if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
-				ewarn "It's recommended to set an empty value to the following kernel config option:"
-				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
-			fi
-			if linux_chkconfig_present X86; then
-				CONFIG_CHECK+=" ~DMIID"
-			fi
-		fi
-
-		if kernel_is -lt ${MINKV//./ }; then
-			ewarn "Kernel version at least ${MINKV} required"
-		fi
-
-		check_extra_config
-	fi
-}
-
-pkg_setup() {
-	:
-}
-
-src_unpack() {
-	default
-	[[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
-	# Do NOT add patches here
-	local PATCHES=()
-
-	[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
-	# Add local patches here
-	PATCHES+=(
-		"${FILESDIR}/249.9-cross-compile.patch"
-	)
-
-	if ! use vanilla; then
-		PATCHES+=(
-			"${FILESDIR}/gentoo-generator-path-r2.patch"
-			"${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
-			"${FILESDIR}/gentoo-journald-audit.patch"
-		)
-	fi
-
-	default
-}
-
-src_configure() {
-	# Prevent conflicts with i686 cross toolchain, bug 559726
-	tc-export AR CC NM OBJCOPY RANLIB
-
-	python_setup
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	local myconf=(
-		--localstatedir="${EPREFIX}/var"
-		-Dsupport-url="https://gentoo.org/support/"
-		-Dpamlibdir="$(getpam_mod_dir)"
-		# avoid bash-completion dep
-		-Dbashcompletiondir="$(get_bashcompdir)"
-		# make sure we get /bin:/sbin in PATH
-		$(meson_use split-usr)
-		-Dsplit-bin=true
-		-Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
-		-Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
-		# Avoid infinite exec recursion, bug 642724
-		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
-		# no deps
-		-Dima=true
-		-Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
-		# Optional components/dependencies
-		$(meson_native_use_bool acl)
-		$(meson_native_use_bool apparmor)
-		$(meson_native_use_bool audit)
-		$(meson_native_use_bool cryptsetup libcryptsetup)
-		$(meson_native_use_bool curl libcurl)
-		$(meson_native_use_bool dns-over-tls dns-over-tls)
-		$(meson_native_use_bool elfutils)
-		$(meson_native_use_bool fido2 libfido2)
-		$(meson_use gcrypt)
-		$(meson_native_use_bool gnuefi gnu-efi)
-		-Defi-includedir="${ESYSROOT}/usr/include/efi"
-		-Defi-ld="$(tc-getLD)"
-		-Defi-libdir="${ESYSROOT}/usr/$(get_libdir)"
-		$(meson_native_use_bool homed)
-		$(meson_native_use_bool http microhttpd)
-		$(meson_native_use_bool idn)
-		$(meson_native_use_bool importd)
-		$(meson_native_use_bool importd bzip2)
-		$(meson_native_use_bool importd zlib)
-		$(meson_native_use_bool kmod)
-		$(meson_use lz4)
-		$(meson_use lzma xz)
-		$(meson_use zstd)
-		$(meson_native_use_bool nat libiptc)
-		$(meson_use pam)
-		$(meson_native_use_bool pkcs11 p11kit)
-		$(meson_native_use_bool pcre pcre2)
-		$(meson_native_use_bool policykit polkit)
-		$(meson_native_use_bool pwquality)
-		$(meson_native_use_bool qrcode qrencode)
-		$(meson_native_use_bool repart)
-		$(meson_native_use_bool seccomp)
-		$(meson_native_use_bool selinux)
-		$(meson_native_use_bool tpm tpm2)
-		$(meson_native_use_bool test dbus)
-		$(meson_native_use_bool xkb xkbcommon)
-		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
-		# Breaks screen, tmux, etc.
-		-Ddefault-kill-user-processes=false
-		-Dcreate-log-dirs=false
-
-		# multilib options
-		$(meson_native_true backlight)
-		$(meson_native_true binfmt)
-		$(meson_native_true coredump)
-		$(meson_native_true environment-d)
-		$(meson_native_true firstboot)
-		$(meson_native_true hibernate)
-		$(meson_native_true hostnamed)
-		$(meson_native_true ldconfig)
-		$(meson_native_true localed)
-		$(meson_native_true man)
-		$(meson_native_true networkd)
-		$(meson_native_true quotacheck)
-		$(meson_native_true randomseed)
-		$(meson_native_true rfkill)
-		$(meson_native_true sysusers)
-		$(meson_native_true timedated)
-		$(meson_native_true timesyncd)
-		$(meson_native_true tmpfiles)
-		$(meson_native_true vconsole)
-	)
-
-	meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_test() {
-	unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
-	meson_src_test
-}
-
-multilib_src_install_all() {
-	local rootprefix=$(usex split-usr '' /usr)
-
-	# meson doesn't know about docdir
-	mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
-
-	einstalldocs
-	dodoc "${FILESDIR}"/nsswitch.conf
-
-	if ! use resolvconf; then
-		rm -f "${ED}${rootprefix}"/sbin/resolvconf || die
-	fi
-
-	rm "${ED}"/etc/init.d/README || die
-	rm "${ED}${rootprefix}"/lib/systemd/system-generators/systemd-sysv-generator || die
-
-	if ! use sysv-utils; then
-		rm "${ED}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
-		rm "${ED}"/usr/share/man/man1/init.1 || die
-		rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
-	fi
-
-	if ! use resolvconf && ! use sysv-utils; then
-		rmdir "${ED}${rootprefix}"/sbin || die
-	fi
-
-	# https://bugs.gentoo.org/761763
-	rm -r "${ED}"/usr/lib/sysusers.d || die
-
-	# Preserve empty dirs in /etc & /var, bug #437008
-	keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
-	keepdir /etc/kernel/install.d
-	keepdir /etc/systemd/{network,system,user}
-	keepdir /etc/udev/rules.d
-
-	keepdir /etc/udev/hwdb.d
-
-	keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
-	keepdir /usr/lib/{binfmt.d,modules-load.d}
-	keepdir /usr/lib/systemd/user-generators
-	keepdir /var/lib/systemd
-	keepdir /var/log/journal
-
-	# Symlink /etc/sysctl.conf for easy migration.
-	dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
-
-	if use pam; then
-		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
-	fi
-
-	if use split-usr; then
-		# Avoid breaking boot/reboot
-		dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
-		dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
-	fi
-
-	gen_usr_ldscript -a systemd udev
-}
-
-migrate_locale() {
-	local envd_locale_def="${EROOT}/etc/env.d/02locale"
-	local envd_locale=( "${EROOT}"/etc/env.d/??locale )
-	local locale_conf="${EROOT}/etc/locale.conf"
-
-	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
-		# If locale.conf does not exist...
-		if [[ -e ${envd_locale} ]]; then
-			# ...either copy env.d/??locale if there's one
-			ebegin "Moving ${envd_locale} to ${locale_conf}"
-			mv "${envd_locale}" "${locale_conf}"
-			eend ${?} || FAIL=1
-		else
-			# ...or create a dummy default
-			ebegin "Creating ${locale_conf}"
-			cat > "${locale_conf}" <<-EOF
-				# This file has been created by the sys-apps/systemd ebuild.
-				# See locale.conf(5) and localectl(1).
-
-				# LANG=${LANG}
-			EOF
-			eend ${?} || FAIL=1
-		fi
-	fi
-
-	if [[ ! -L ${envd_locale} ]]; then
-		# now, if env.d/??locale is not a symlink (to locale.conf)...
-		if [[ -e ${envd_locale} ]]; then
-			# ...warn the user that he has duplicate locale settings
-			ewarn
-			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
-			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
-			ewarn "and create the symlink with the following command:"
-			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
-			ewarn
-		else
-			# ...or just create the symlink if there's nothing here
-			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
-			ln -n -s ../locale.conf "${envd_locale_def}"
-			eend ${?} || FAIL=1
-		fi
-	fi
-}
-
-pkg_preinst() {
-	if ! use split-usr; then
-		local dir
-		for dir in bin sbin lib; do
-			if [[ ! ${EROOT}/${dir} -ef ${EROOT}/usr/${dir} ]]; then
-				eerror "\"${EROOT}/${dir}\" and \"${EROOT}/usr/${dir}\" are not merged."
-				eerror "One of them should be a symbolic link to the other one."
-				FAIL=1
-			fi
-		done
-		if [[ ${FAIL} ]]; then
-			eerror "Migration to system layout with merged directories must be performed before"
-			eerror "rebuilding ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
-			die "System layout with split directories still used"
-		fi
-	fi
-}
-
-pkg_postinst() {
-	systemd_update_catalog
-
-	# Keep this here in case the database format changes so it gets updated
-	# when required.
-	systemd-hwdb --root="${ROOT}" update
-
-	udev_reload || FAIL=1
-
-	# Bug 465468, make sure locales are respected, and ensure consistency
-	# between OpenRC & systemd
-	migrate_locale
-
-	if [[ -z ${REPLACING_VERSIONS} ]]; then
-		if type systemctl &>/dev/null; then
-			systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
-		fi
-		elog "To enable a useful set of services, run the following:"
-		elog "  systemctl preset-all --preset-mode=enable-only"
-	fi
-
-	if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
-		rm "${EROOT}/var/lib/systemd/timesync"
-	fi
-
-	if [[ ${FAIL} ]]; then
-		eerror "One of the postinst commands failed. Please check the postinst output"
-		eerror "for errors. You may need to clean up your system and/or try installing"
-		eerror "systemd again."
-		eerror
-	fi
-}
-
-pkg_prerm() {
-	# If removing systemd completely, remove the catalog database.
-	if [[ ! ${REPLACED_BY_VERSION} ]]; then
-		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
-	fi
-}


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2022-03-25  4:56 Sam James
  0 siblings, 0 replies; 65+ messages in thread
From: Sam James @ 2022-03-25  4:56 UTC (permalink / raw
  To: gentoo-commits

commit:     6ce7901f80b073f8206f95aadf8e119eca7695b2
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 25 04:56:04 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Mar 25 04:56:04 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ce7901f

sys-apps/systemd: backport RNG seed fix/improvements

Bug: https://github.com/systemd/systemd/issues/21983
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../systemd/files/250.4-random-seed-hash.patch     |  74 +++
 sys-apps/systemd/systemd-250.4-r1.ebuild           | 521 +++++++++++++++++++++
 2 files changed, 595 insertions(+)

diff --git a/sys-apps/systemd/files/250.4-random-seed-hash.patch b/sys-apps/systemd/files/250.4-random-seed-hash.patch
new file mode 100644
index 000000000000..efaa8cdfcaac
--- /dev/null
+++ b/sys-apps/systemd/files/250.4-random-seed-hash.patch
@@ -0,0 +1,74 @@
+https://github.com/systemd/systemd-stable/commit/ed46ff2bd6ca21d83cae4a94c3ed752ad1b64cce
+
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Mon, 3 Jan 2022 18:11:32 +0100
+Subject: [PATCH] random-seed: hash together old seed and new seed before
+ writing out file
+
+If we're consuming an on-disk seed, we usually write out a new one after
+consuming it. In that case, we might be at early boot and the randomness
+could be rather poor, and the kernel doesn't guarantee that it'll use
+the new randomness right away for us. In order to prevent the new
+entropy from getting any worse, hash together the old seed and the new
+seed, and replace the final bytes of the new seed with the hash output.
+This way, entropy strictly increases and never regresses.
+
+(cherry picked from commit da2862ef06f22fc8d31dafced6d2d6dc14f2ee0b)
+--- a/src/random-seed/random-seed.c
++++ b/src/random-seed/random-seed.c
+@@ -26,6 +26,7 @@
+ #include "random-util.h"
+ #include "string-util.h"
+ #include "sync-util.h"
++#include "sha256.h"
+ #include "util.h"
+ #include "xattr-util.h"
+ 
+@@ -106,9 +107,11 @@ static int run(int argc, char *argv[]) {
+         _cleanup_close_ int seed_fd = -1, random_fd = -1;
+         bool read_seed_file, write_seed_file, synchronous;
+         _cleanup_free_ void* buf = NULL;
++        struct sha256_ctx hash_state;
++        uint8_t hash[32];
+         size_t buf_size;
+         struct stat st;
+-        ssize_t k;
++        ssize_t k, l;
+         int r;
+ 
+         log_setup();
+@@ -242,6 +245,16 @@ static int run(int argc, char *argv[]) {
+                         if (r < 0)
+                                 log_error_errno(r, "Failed to write seed to /dev/urandom: %m");
+                 }
++                /* If we're going to later write out a seed file, initialize a hash state with
++                 * the contents of the seed file we just read, so that the new one can't regress
++                 * in entropy. */
++                if (write_seed_file) {
++                        sha256_init_ctx(&hash_state);
++                        if (k < 0)
++                                k = 0;
++                        sha256_process_bytes(&k, sizeof(k), &hash_state);
++                        sha256_process_bytes(buf, k, &hash_state);
++                }
+         }
+ 
+         if (write_seed_file) {
+@@ -277,6 +290,17 @@ static int run(int argc, char *argv[]) {
+                                                        "Got EOF while reading from /dev/urandom.");
+                 }
+ 
++                /* If we previously read in a seed file, then hash the new seed into the old one,
++                 * and replace the last 32 bytes of the seed with the hash output, so that the
++                 * new seed file can't regress in entropy. */
++                if (read_seed_file) {
++                        sha256_process_bytes(&k, sizeof(k), &hash_state);
++                        sha256_process_bytes(buf, k, &hash_state);
++                        sha256_finish_ctx(&hash_state, hash);
++                        l = MIN(k, 32);
++                        memcpy((uint8_t *)buf + k - l, hash, l);
++                }
++
+                 r = loop_write(seed_fd, buf, (size_t) k, false);
+                 if (r < 0)
+                         return log_error_errno(r, "Failed to write new random seed file: %m");

diff --git a/sys-apps/systemd/systemd-250.4-r1.ebuild b/sys-apps/systemd/systemd-250.4-r1.ebuild
new file mode 100644
index 000000000000..444d748cfd2b
--- /dev/null
+++ b/sys-apps/systemd/systemd-250.4-r1.ebuild
@@ -0,0 +1,521 @@
+# Copyright 2011-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+PYTHON_COMPAT=( python3_{8..10} )
+
+# Avoid QA warnings
+TMPFILES_OPTIONAL=1
+
+if [[ ${PV} == 9999 ]]; then
+	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+	inherit git-r3
+else
+	if [[ ${PV} == *.* ]]; then
+		MY_PN=systemd-stable
+	else
+		MY_PN=systemd
+	fi
+	MY_PV=${PV/_/-}
+	MY_P=${MY_PN}-${MY_PV}
+	S=${WORKDIR}/${MY_P}
+	SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev usr-ldscript
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="
+	acl apparmor audit build cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
+	fido2 +gcrypt gnuefi gnutls homed hostnamed-fallback http idn importd +kmod
+	+lz4 lzma nat +openssl pam pcre pkcs11 policykit pwquality qrcode
+	+resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd
+"
+REQUIRED_USE="
+	dns-over-tls? ( || ( gnutls openssl ) )
+	homed? ( cryptsetup pam openssl )
+	importd? ( curl lzma || ( gcrypt openssl ) )
+	policykit? ( !hostnamed-fallback )
+	pwquality? ( homed )
+"
+RESTRICT="!test? ( test )"
+
+MINKV="3.11"
+
+COMMON_DEPEND="
+	>=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+	virtual/libcrypt:=[${MULTILIB_USEDEP}]
+	acl? ( sys-apps/acl:0= )
+	apparmor? ( sys-libs/libapparmor:0= )
+	audit? ( >=sys-process/audit-2:0= )
+	cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
+	curl? ( net-misc/curl:0= )
+	elfutils? ( >=dev-libs/elfutils-0.158:0= )
+	fido2? ( dev-libs/libfido2:0= )
+	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+	gnutls? ( >=net-libs/gnutls-3.6.0:0= )
+	http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
+	idn? ( net-dns/libidn2:= )
+	importd? (
+		app-arch/bzip2:0=
+		sys-libs/zlib:0=
+	)
+	kmod? ( >=sys-apps/kmod-15:0= )
+	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+	nat? ( net-firewall/iptables:0= )
+	openssl? ( >=dev-libs/openssl-1.1.0:0= )
+	pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
+	pkcs11? ( app-crypt/p11-kit:0= )
+	pcre? ( dev-libs/libpcre2 )
+	pwquality? ( dev-libs/libpwquality:0= )
+	qrcode? ( media-gfx/qrencode:0= )
+	seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+	selinux? ( sys-libs/libselinux:0= )
+	tpm? ( app-crypt/tpm2-tss:0= )
+	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
+	zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
+"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+	>=sys-kernel/linux-headers-${MINKV}
+	gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
+"
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+	>=acct-group/adm-0-r1
+	>=acct-group/wheel-0-r1
+	>=acct-group/kmem-0-r1
+	>=acct-group/tty-0-r1
+	>=acct-group/utmp-0-r1
+	>=acct-group/audio-0-r1
+	>=acct-group/cdrom-0-r1
+	>=acct-group/dialout-0-r1
+	>=acct-group/disk-0-r1
+	>=acct-group/input-0-r1
+	>=acct-group/kvm-0-r1
+	>=acct-group/lp-0-r1
+	>=acct-group/render-0-r1
+	acct-group/sgx
+	>=acct-group/tape-0-r1
+	acct-group/users
+	>=acct-group/video-0-r1
+	>=acct-group/systemd-journal-0-r1
+	>=acct-user/root-0-r1
+	acct-user/nobody
+	>=acct-user/systemd-journal-remote-0-r1
+	>=acct-user/systemd-coredump-0-r1
+	>=acct-user/systemd-network-0-r1
+	acct-user/systemd-oom
+	>=acct-user/systemd-resolve-0-r1
+	>=acct-user/systemd-timesync-0-r1
+	>=sys-apps/baselayout-2.2
+	hostnamed-fallback? (
+		acct-group/systemd-hostname
+		sys-apps/dbus-broker
+	)
+	selinux? ( sec-policy/selinux-base-policy[systemd] )
+	sysv-utils? (
+		!sys-apps/openrc[sysv-utils(-)]
+		!sys-apps/sysvinit
+	)
+	!sysv-utils? ( sys-apps/sysvinit )
+	resolvconf? ( !net-dns/openresolv )
+	!build? ( || (
+		sys-apps/util-linux[kill(-)]
+		sys-process/procps[kill(+)]
+		sys-apps/coreutils[kill(-)]
+	) )
+	!sys-apps/hwids[udev]
+	!sys-auth/nss-myhostname
+	!sys-fs/eudev
+	!sys-fs/udev
+"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+	>=sys-fs/udev-init-scripts-34
+	policykit? ( sys-auth/polkit )
+	!vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+BDEPEND="
+	app-arch/xz-utils:0
+	dev-util/gperf
+	>=dev-util/meson-0.46
+	>=sys-apps/coreutils-8.16
+	sys-devel/gettext
+	virtual/pkgconfig
+	test? (
+		app-text/tree
+		dev-lang/perl
+		sys-apps/dbus
+	)
+	app-text/docbook-xml-dtd:4.2
+	app-text/docbook-xml-dtd:4.5
+	app-text/docbook-xsl-stylesheets
+	dev-libs/libxslt:0
+	$(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]')
+	$(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
+"
+
+python_check_deps() {
+	has_version -b "dev-python/jinja[${PYTHON_USEDEP}]" &&
+	has_version -b "dev-python/lxml[${PYTHON_USEDEP}]"
+}
+
+QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
+QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
+
+pkg_pretend() {
+	if [[ ${MERGE_TYPE} != buildonly ]]; then
+		if use test && has pid-sandbox ${FEATURES}; then
+			ewarn "Tests are known to fail with PID sandboxing enabled."
+			ewarn "See https://bugs.gentoo.org/674458."
+		fi
+
+		local CONFIG_CHECK="~AUTOFS4_FS ~BINFMT_MISC ~BLK_DEV_BSG ~CGROUPS
+			~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+			~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
+			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+			~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+			~!SYSFS_DEPRECATED_V2"
+
+		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+		kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
+		kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
+		kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
+
+		if kernel_is -lt 5 10 20; then
+			CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
+		else
+			CONFIG_CHECK+=" ~KCMP"
+		fi
+
+		if linux_config_exists; then
+			local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+			if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+				ewarn "It's recommended to set an empty value to the following kernel config option:"
+				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+			fi
+			if linux_chkconfig_present X86; then
+				CONFIG_CHECK+=" ~DMIID"
+			fi
+		fi
+
+		if kernel_is -lt ${MINKV//./ }; then
+			ewarn "Kernel version at least ${MINKV} required"
+		fi
+
+		check_extra_config
+	fi
+}
+
+pkg_setup() {
+	:
+}
+
+src_unpack() {
+	default
+	[[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+	# Do NOT add patches here
+	local PATCHES=()
+
+	[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
+
+	# Add local patches here
+	PATCHES+=(
+		"${FILESDIR}/250.4-random-seed-hash.patch"
+	)
+
+	if ! use vanilla; then
+		PATCHES+=(
+			"${FILESDIR}/gentoo-generator-path-r2.patch"
+			"${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
+			"${FILESDIR}/gentoo-journald-audit.patch"
+		)
+	fi
+
+	default
+}
+
+src_configure() {
+	# Prevent conflicts with i686 cross toolchain, bug 559726
+	tc-export AR CC NM OBJCOPY RANLIB
+
+	python_setup
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	local myconf=(
+		--localstatedir="${EPREFIX}/var"
+		-Dsupport-url="https://gentoo.org/support/"
+		-Dpamlibdir="$(getpam_mod_dir)"
+		# avoid bash-completion dep
+		-Dbashcompletiondir="$(get_bashcompdir)"
+		# make sure we get /bin:/sbin in PATH
+		$(meson_use split-usr)
+		-Dsplit-bin=true
+		-Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
+		-Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
+		# Avoid infinite exec recursion, bug 642724
+		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+		# no deps
+		-Dima=true
+		-Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
+		# Optional components/dependencies
+		$(meson_native_use_bool acl)
+		$(meson_native_use_bool apparmor)
+		$(meson_native_use_bool audit)
+		$(meson_native_use_bool cryptsetup libcryptsetup)
+		$(meson_native_use_bool curl libcurl)
+		$(meson_native_use_bool dns-over-tls dns-over-tls)
+		$(meson_native_use_bool elfutils)
+		$(meson_native_use_bool fido2 libfido2)
+		$(meson_use gcrypt)
+		$(meson_native_use_bool gnuefi gnu-efi)
+		$(meson_native_use_bool gnutls)
+		-Defi-includedir="${ESYSROOT}/usr/include/efi"
+		-Defi-libdir="${ESYSROOT}/usr/$(get_libdir)"
+		$(meson_native_use_bool homed)
+		$(meson_native_use_bool http microhttpd)
+		$(meson_native_use_bool idn)
+		$(meson_native_use_bool importd)
+		$(meson_native_use_bool importd bzip2)
+		$(meson_native_use_bool importd zlib)
+		$(meson_native_use_bool kmod)
+		$(meson_use lz4)
+		$(meson_use lzma xz)
+		$(meson_use zstd)
+		$(meson_native_use_bool nat libiptc)
+		$(meson_native_use_bool openssl)
+		$(meson_use pam)
+		$(meson_native_use_bool pkcs11 p11kit)
+		$(meson_native_use_bool pcre pcre2)
+		$(meson_native_use_bool policykit polkit)
+		$(meson_native_use_bool pwquality)
+		$(meson_native_use_bool qrcode qrencode)
+		$(meson_native_use_bool seccomp)
+		$(meson_native_use_bool selinux)
+		$(meson_native_use_bool tpm tpm2)
+		$(meson_native_use_bool test dbus)
+		$(meson_native_use_bool xkb xkbcommon)
+		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+		# Breaks screen, tmux, etc.
+		-Ddefault-kill-user-processes=false
+		-Dcreate-log-dirs=false
+
+		# multilib options
+		$(meson_native_true backlight)
+		$(meson_native_true binfmt)
+		$(meson_native_true coredump)
+		$(meson_native_true environment-d)
+		$(meson_native_true firstboot)
+		$(meson_native_true hibernate)
+		$(meson_native_true hostnamed)
+		$(meson_native_true ldconfig)
+		$(meson_native_true localed)
+		$(meson_native_true man)
+		$(meson_native_true networkd)
+		$(meson_native_true quotacheck)
+		$(meson_native_true randomseed)
+		$(meson_native_true rfkill)
+		$(meson_native_true sysusers)
+		$(meson_native_true timedated)
+		$(meson_native_true timesyncd)
+		$(meson_native_true tmpfiles)
+		$(meson_native_true vconsole)
+	)
+
+	meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_test() {
+	unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
+	meson_src_test
+}
+
+multilib_src_install_all() {
+	local rootprefix=$(usex split-usr '' /usr)
+
+	# meson doesn't know about docdir
+	mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
+
+	einstalldocs
+	dodoc "${FILESDIR}"/nsswitch.conf
+
+	if ! use resolvconf; then
+		rm -f "${ED}${rootprefix}"/sbin/resolvconf || die
+	fi
+
+	rm "${ED}"/etc/init.d/README || die
+	rm "${ED}${rootprefix}"/lib/systemd/system-generators/systemd-sysv-generator || die
+
+	if ! use sysv-utils; then
+		rm "${ED}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
+		rm "${ED}"/usr/share/man/man1/init.1 || die
+		rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
+	fi
+
+	if ! use resolvconf && ! use sysv-utils; then
+		rmdir "${ED}${rootprefix}"/sbin || die
+	fi
+
+	# https://bugs.gentoo.org/761763
+	rm -r "${ED}"/usr/lib/sysusers.d || die
+
+	# Preserve empty dirs in /etc & /var, bug #437008
+	keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+	keepdir /etc/kernel/install.d
+	keepdir /etc/systemd/{network,system,user}
+	keepdir /etc/udev/rules.d
+
+	keepdir /etc/udev/hwdb.d
+
+	keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
+	keepdir /usr/lib/{binfmt.d,modules-load.d}
+	keepdir /usr/lib/systemd/user-generators
+	keepdir /var/lib/systemd
+	keepdir /var/log/journal
+
+	# Symlink /etc/sysctl.conf for easy migration.
+	dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
+
+	if use pam; then
+		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+	fi
+
+	if use split-usr; then
+		# Avoid breaking boot/reboot
+		dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
+		dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
+	fi
+
+	# workaround for https://github.com/systemd/systemd/issues/13501
+	if use hostnamed-fallback; then
+		# this file requires dbus-broker
+		insinto /usr/share/dbus-1/system.d/
+		doins "${FILESDIR}/org.freedesktop.hostname1_no_polkit.conf"
+
+		insinto "${rootprefix}/lib/systemd/system/systemd-hostnamed.service.d/"
+		doins "${FILESDIR}/00-hostnamed-network-user.conf"
+	fi
+
+	gen_usr_ldscript -a systemd udev
+}
+
+migrate_locale() {
+	local envd_locale_def="${EROOT}/etc/env.d/02locale"
+	local envd_locale=( "${EROOT}"/etc/env.d/??locale )
+	local locale_conf="${EROOT}/etc/locale.conf"
+
+	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+		# If locale.conf does not exist...
+		if [[ -e ${envd_locale} ]]; then
+			# ...either copy env.d/??locale if there's one
+			ebegin "Moving ${envd_locale} to ${locale_conf}"
+			mv "${envd_locale}" "${locale_conf}"
+			eend ${?} || FAIL=1
+		else
+			# ...or create a dummy default
+			ebegin "Creating ${locale_conf}"
+			cat > "${locale_conf}" <<-EOF
+				# This file has been created by the sys-apps/systemd ebuild.
+				# See locale.conf(5) and localectl(1).
+
+				# LANG=${LANG}
+			EOF
+			eend ${?} || FAIL=1
+		fi
+	fi
+
+	if [[ ! -L ${envd_locale} ]]; then
+		# now, if env.d/??locale is not a symlink (to locale.conf)...
+		if [[ -e ${envd_locale} ]]; then
+			# ...warn the user that he has duplicate locale settings
+			ewarn
+			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+			ewarn "and create the symlink with the following command:"
+			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+			ewarn
+		else
+			# ...or just create the symlink if there's nothing here
+			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+			ln -n -s ../locale.conf "${envd_locale_def}"
+			eend ${?} || FAIL=1
+		fi
+	fi
+}
+
+pkg_preinst() {
+	if ! use split-usr; then
+		local dir
+		for dir in bin sbin lib; do
+			if [[ ! ${EROOT}/${dir} -ef ${EROOT}/usr/${dir} ]]; then
+				eerror "\"${EROOT}/${dir}\" and \"${EROOT}/usr/${dir}\" are not merged."
+				eerror "One of them should be a symbolic link to the other one."
+				FAIL=1
+			fi
+		done
+		if [[ ${FAIL} ]]; then
+			eerror "Migration to system layout with merged directories must be performed before"
+			eerror "rebuilding ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
+			die "System layout with split directories still used"
+		fi
+	fi
+}
+
+pkg_postinst() {
+	systemd_update_catalog
+
+	# Keep this here in case the database format changes so it gets updated
+	# when required.
+	systemd-hwdb --root="${ROOT}" update
+
+	udev_reload || FAIL=1
+
+	# Bug 465468, make sure locales are respected, and ensure consistency
+	# between OpenRC & systemd
+	migrate_locale
+
+	if [[ -z ${REPLACING_VERSIONS} ]]; then
+		if type systemctl &>/dev/null; then
+			systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
+		fi
+		elog "To enable a useful set of services, run the following:"
+		elog "  systemctl preset-all --preset-mode=enable-only"
+	fi
+
+	if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
+		rm "${EROOT}/var/lib/systemd/timesync"
+	fi
+
+	if [[ ${FAIL} ]]; then
+		eerror "One of the postinst commands failed. Please check the postinst output"
+		eerror "for errors. You may need to clean up your system and/or try installing"
+		eerror "systemd again."
+		eerror
+	fi
+}
+
+pkg_prerm() {
+	# If removing systemd completely, remove the catalog database.
+	if [[ ! ${REPLACED_BY_VERSION} ]]; then
+		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+	fi
+}


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2021-12-25 18:20 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2021-12-25 18:20 UTC (permalink / raw
  To: gentoo-commits

commit:     9a73ceca960a687e8457fa24a382fa04ef4dc6f9
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 25 18:19:04 2021 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Dec 25 18:19:04 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a73ceca

sys-apps/systemd: backport build fix for USE="-dns-over-tls -gcrypt"

Closes: https://bugs.gentoo.org/829944
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 sys-apps/systemd/files/250-fix-openssl.patch | 102 +++++++++++++++++++++++++++
 sys-apps/systemd/systemd-250.ebuild          |   1 +
 2 files changed, 103 insertions(+)

diff --git a/sys-apps/systemd/files/250-fix-openssl.patch b/sys-apps/systemd/files/250-fix-openssl.patch
new file mode 100644
index 000000000000..520ba0b66427
--- /dev/null
+++ b/sys-apps/systemd/files/250-fix-openssl.patch
@@ -0,0 +1,102 @@
+From 9bcf483b117b23ae25bf4a5d39ddc3eade8659a6 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Fri, 24 Dec 2021 10:06:13 +0900
+Subject: [PATCH] meson: fix build with -Dcryptolib=openssl
+ -Ddns-over-tls=false
+
+Previously, when -Ddns-over-tls=false, libopenssl was missing in the
+dependency of resolved.
+Also, this drops libgpg_error when it is not necessary.
+
+Replaces #21878.
+---
+ meson.build             | 3 +--
+ src/resolve/meson.build | 9 +--------
+ 2 files changed, 2 insertions(+), 10 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index c0cbadecb123..0b7c1918ad4c 100644
+--- a/meson.build
++++ b/meson.build
+@@ -1474,7 +1474,7 @@ conf.set10('PREFER_OPENSSL',
+            opt == 'openssl' or (opt == 'auto' and conf.get('HAVE_OPENSSL') == 1 and conf.get('HAVE_GCRYPT') == 0))
+ conf.set10('HAVE_OPENSSL_OR_GCRYPT',
+            conf.get('HAVE_OPENSSL') == 1 or conf.get('HAVE_GCRYPT') == 1)
+-lib_openssl_or_gcrypt = conf.get('PREFER_OPENSSL') == 1 ? libopenssl : libgcrypt
++lib_openssl_or_gcrypt = conf.get('PREFER_OPENSSL') == 1 ? [libopenssl] : [libgcrypt, libgpg_error]
+ 
+ dns_over_tls = get_option('dns-over-tls')
+ if dns_over_tls != 'false'
+@@ -2200,7 +2200,6 @@ if conf.get('ENABLE_RESOLVE') == 1
+                              libsystemd_resolve_core],
+                 dependencies : [threads,
+                                 lib_openssl_or_gcrypt,
+-                                libgpg_error,
+                                 libm,
+                                 libidn],
+                 install_rpath : rootlibexecdir,
+diff --git a/src/resolve/meson.build b/src/resolve/meson.build
+index 0580fbeec625..2cdf24b1cbef 100644
+--- a/src/resolve/meson.build
++++ b/src/resolve/meson.build
+@@ -135,7 +135,7 @@ systemd_resolved_sources += custom_target(
+         output : 'resolved-dnssd-gperf.c',
+         command : [gperf, '@INPUT@', '--output-file', '@OUTPUT@'])
+ 
+-systemd_resolved_dependencies = [threads, libgpg_error, libm]
++systemd_resolved_dependencies = [threads, libm] + [lib_openssl_or_gcrypt]
+ if conf.get('ENABLE_DNS_OVER_TLS') == 1
+         if conf.get('DNS_OVER_TLS_USE_GNUTLS') == 1
+                 systemd_resolved_sources += files(
+@@ -178,14 +178,12 @@ tests += [
+          [libsystemd_resolve_core,
+           libshared],
+          [lib_openssl_or_gcrypt,
+-          libgpg_error,
+           libm]],
+ 
+         [['src/resolve/test-dns-packet.c'],
+          [libsystemd_resolve_core,
+           libshared],
+          [lib_openssl_or_gcrypt,
+-          libgpg_error,
+           libm]],
+ 
+         [['src/resolve/test-resolved-etc-hosts.c',
+@@ -194,21 +192,18 @@ tests += [
+          [libsystemd_resolve_core,
+           libshared],
+          [lib_openssl_or_gcrypt,
+-          libgpg_error,
+           libm]],
+ 
+         [['src/resolve/test-resolved-packet.c'],
+          [libsystemd_resolve_core,
+           libshared],
+          [lib_openssl_or_gcrypt,
+-          libgpg_error,
+           libm]],
+ 
+         [['src/resolve/test-dnssec.c'],
+          [libsystemd_resolve_core,
+           libshared],
+          [lib_openssl_or_gcrypt,
+-          libgpg_error,
+           libm],
+          [], 'HAVE_OPENSSL_OR_GCRYPT'],
+ 
+@@ -216,7 +211,6 @@ tests += [
+          [libsystemd_resolve_core,
+           libshared],
+          [lib_openssl_or_gcrypt,
+-          libgpg_error,
+           libm],
+          [], '', 'manual'],
+ ]
+@@ -226,6 +220,5 @@ fuzzers += [
+          [libsystemd_resolve_core,
+           libshared],
+          [lib_openssl_or_gcrypt,
+-          libgpg_error,
+           libm]],
+ ]

diff --git a/sys-apps/systemd/systemd-250.ebuild b/sys-apps/systemd/systemd-250.ebuild
index bc4018c9efa4..26dc346527a3 100644
--- a/sys-apps/systemd/systemd-250.ebuild
+++ b/sys-apps/systemd/systemd-250.ebuild
@@ -237,6 +237,7 @@ src_prepare() {
 
 	# Add local patches here
 	PATCHES+=(
+		"${FILESDIR}"/250-fix-openssl.patch
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2021-12-09 19:40 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2021-12-09 19:40 UTC (permalink / raw
  To: gentoo-commits

commit:     1f2e7fd084a9c6571af78262eacd9c153fbf1c3f
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Dec  9 19:39:31 2021 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Dec  9 19:39:31 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f2e7fd0

sys-apps/systemd: drop 249.4-r4

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 sys-apps/systemd/Manifest                          |   1 -
 sys-apps/systemd/files/249-fido2.patch             |  58 ---
 .../systemd/files/249-home-secret-assert.patch     | 106 -----
 sys-apps/systemd/files/249-libudev-static.patch    |  26 -
 sys-apps/systemd/files/249-network-renaming.patch  |  41 --
 sys-apps/systemd/systemd-249.4-r4.ebuild           | 524 ---------------------
 6 files changed, 756 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index b4ec49408dd1..ec8fbe294598 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,2 +1 @@
-DIST systemd-stable-249.4.tar.gz 10593723 BLAKE2B 466b3cb27c4bc6c85c9ba50f6614175b2c31a4c177d452542faa1395e99511440029b1a093dc80a5a1a0135eed09d8b1849572f36dba4e18a1396230bfc31adb SHA512 5b9ec28102538bc3dcb632ee16389ff20dccf4b723186f6ae2da119a1809d84db0d8bcecf9b75c5e2da8427f5543e1da281bbed1a154e529d8a82ea5128c465c
 DIST systemd-stable-249.6.tar.gz 10599611 BLAKE2B 9c0cbaa4319f2ce9a78dbe820d1b6df5191e6c632e2eac9f71f9ff9817564d9b3fc177d2aec0c0daea8ac33bbdc2066ad68a8967cf8857f4af3668b9a3e7d3bf SHA512 7a7791dfe4923c00987b924adcb1cd08c4d17af2b17b4c6c6c701856c6810cfda61f06821c39787339fc05293853c0ea61b9973fcf4495c7bf4f8054ecfae66f

diff --git a/sys-apps/systemd/files/249-fido2.patch b/sys-apps/systemd/files/249-fido2.patch
deleted file mode 100644
index bbfa4afb540e..000000000000
--- a/sys-apps/systemd/files/249-fido2.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From b6aa89b0a399992c8ea762e6ec4f30cff90618f2 Mon Sep 17 00:00:00 2001
-From: pedro martelletto <pedro@yubico.com>
-Date: Wed, 8 Sep 2021 10:42:56 +0200
-Subject: [PATCH] explicitly close FIDO2 devices
-
-FIDO2 device access is serialised by libfido2 using flock().
-Therefore, make sure to close a FIDO2 device once we are done
-with it, or we risk opening it again at a later point and
-deadlocking. Fixes #20664.
----
- src/shared/libfido2-util.c | 2 ++
- src/shared/libfido2-util.h | 5 ++++-
- 2 files changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/src/shared/libfido2-util.c b/src/shared/libfido2-util.c
-index 12c644dcfcce..6d18178b68c9 100644
---- a/src/shared/libfido2-util.c
-+++ b/src/shared/libfido2-util.c
-@@ -58,6 +58,7 @@ bool (*sym_fido_dev_is_fido2)(const fido_dev_t *) = NULL;
- int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char *) = NULL;
- fido_dev_t* (*sym_fido_dev_new)(void) = NULL;
- int (*sym_fido_dev_open)(fido_dev_t *, const char *) = NULL;
-+int (*sym_fido_dev_close)(fido_dev_t *) = NULL;
- const char* (*sym_fido_strerr)(int) = NULL;
- 
- int dlopen_libfido2(void) {
-@@ -106,6 +107,7 @@ int dlopen_libfido2(void) {
-                         DLSYM_ARG(fido_dev_make_cred),
-                         DLSYM_ARG(fido_dev_new),
-                         DLSYM_ARG(fido_dev_open),
-+                        DLSYM_ARG(fido_dev_close),
-                         DLSYM_ARG(fido_strerr));
- }
- 
-diff --git a/src/shared/libfido2-util.h b/src/shared/libfido2-util.h
-index 5640cca5e39b..4ebf8ab77509 100644
---- a/src/shared/libfido2-util.h
-+++ b/src/shared/libfido2-util.h
-@@ -60,6 +60,7 @@ extern bool (*sym_fido_dev_is_fido2)(const fido_dev_t *);
- extern int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char *);
- extern fido_dev_t* (*sym_fido_dev_new)(void);
- extern int (*sym_fido_dev_open)(fido_dev_t *, const char *);
-+extern int (*sym_fido_dev_close)(fido_dev_t *);
- extern const char* (*sym_fido_strerr)(int);
- 
- int dlopen_libfido2(void);
-@@ -75,8 +76,10 @@ static inline void fido_assert_free_wrapper(fido_assert_t **p) {
- }
- 
- static inline void fido_dev_free_wrapper(fido_dev_t **p) {
--        if (*p)
-+        if (*p) {
-+                sym_fido_dev_close(*p);
-                 sym_fido_dev_free(p);
-+        }
- }
- 
- static inline void fido_cred_free_wrapper(fido_cred_t **p) {

diff --git a/sys-apps/systemd/files/249-home-secret-assert.patch b/sys-apps/systemd/files/249-home-secret-assert.patch
deleted file mode 100644
index e6e2a8e7cc78..000000000000
--- a/sys-apps/systemd/files/249-home-secret-assert.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From 6a09dbb89507449d158af6c7097d2c51ce83205f Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Sun, 5 Sep 2021 11:16:26 +0900
-Subject: [PATCH] home: 'secret' argument of handle_generic_user_record_error
- may be null
-
-When RefHome() bus method is called in acquire_home(), secret is NULL.
-
-Fixes #20639.
----
- src/home/pam_systemd_home.c | 19 ++++++++++++++++++-
- 1 file changed, 18 insertions(+), 1 deletion(-)
-
-diff --git a/src/home/pam_systemd_home.c b/src/home/pam_systemd_home.c
-index 836ed0d5e96d..a04d50208a8e 100644
---- a/src/home/pam_systemd_home.c
-+++ b/src/home/pam_systemd_home.c
-@@ -281,7 +281,6 @@ static int handle_generic_user_record_error(
-                 const sd_bus_error *error) {
- 
-         assert(user_name);
--        assert(secret);
-         assert(error);
- 
-         int r;
-@@ -301,6 +300,8 @@ static int handle_generic_user_record_error(
-         } else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_PASSWORD)) {
-                 _cleanup_(erase_and_freep) char *newp = NULL;
- 
-+                assert(secret);
-+
-                 /* This didn't work? Ask for an (additional?) password */
- 
-                 if (strv_isempty(secret->password))
-@@ -326,6 +327,8 @@ static int handle_generic_user_record_error(
-         } else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN)) {
-                 _cleanup_(erase_and_freep) char *newp = NULL;
- 
-+                assert(secret);
-+
-                 if (strv_isempty(secret->password)) {
-                         (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token of user %s not inserted.", user_name);
-                         r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Try again with password: ");
-@@ -350,6 +353,8 @@ static int handle_generic_user_record_error(
-         } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PIN_NEEDED)) {
-                 _cleanup_(erase_and_freep) char *newp = NULL;
- 
-+                assert(secret);
-+
-                 r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Security token PIN: ");
-                 if (r != PAM_SUCCESS)
-                         return PAM_CONV_ERR; /* no logging here */
-@@ -367,6 +372,8 @@ static int handle_generic_user_record_error(
- 
-         } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED)) {
- 
-+                assert(secret);
-+
-                 (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please authenticate physically on security token of user %s.", user_name);
- 
-                 r = user_record_set_pkcs11_protected_authentication_path_permitted(secret, true);
-@@ -377,6 +384,8 @@ static int handle_generic_user_record_error(
- 
-         } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_USER_PRESENCE_NEEDED)) {
- 
-+                assert(secret);
-+
-                 (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please confirm presence on security token of user %s.", user_name);
- 
-                 r = user_record_set_fido2_user_presence_permitted(secret, true);
-@@ -387,6 +396,8 @@ static int handle_generic_user_record_error(
- 
-         } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_USER_VERIFICATION_NEEDED)) {
- 
-+                assert(secret);
-+
-                 (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please verify user on security token of user %s.", user_name);
- 
-                 r = user_record_set_fido2_user_verification_permitted(secret, true);
-@@ -403,6 +414,8 @@ static int handle_generic_user_record_error(
-         } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN)) {
-                 _cleanup_(erase_and_freep) char *newp = NULL;
- 
-+                assert(secret);
-+
-                 (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN incorrect for user %s.", user_name);
-                 r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: ");
-                 if (r != PAM_SUCCESS)
-@@ -422,6 +435,8 @@ static int handle_generic_user_record_error(
-         } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN_FEW_TRIES_LEFT)) {
-                 _cleanup_(erase_and_freep) char *newp = NULL;
- 
-+                assert(secret);
-+
-                 (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN of user %s incorrect (only a few tries left!)", user_name);
-                 r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: ");
-                 if (r != PAM_SUCCESS)
-@@ -441,6 +456,8 @@ static int handle_generic_user_record_error(
-         } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN_ONE_TRY_LEFT)) {
-                 _cleanup_(erase_and_freep) char *newp = NULL;
- 
-+                assert(secret);
-+
-                 (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN of user %s incorrect (only one try left!)", user_name);
-                 r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: ");
-                 if (r != PAM_SUCCESS)

diff --git a/sys-apps/systemd/files/249-libudev-static.patch b/sys-apps/systemd/files/249-libudev-static.patch
deleted file mode 100644
index 73375b716e9b..000000000000
--- a/sys-apps/systemd/files/249-libudev-static.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From f2c57d4f3805775e0ffdc80ce578eaa737017d31 Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Fri, 9 Jul 2021 13:05:23 -0400
-Subject: [PATCH] libudev: add "Libs.private: -lrt -pthread" to libudev.pc
-
-This resolves a failure when linking cryptsetup.static against libudev.a.
-
-```
-libtool: link: x86_64-pc-linux-gnu-gcc -Wall -O2 -pipe -march=amdfam10 -static -O2 -o cryptsetup.static lib/utils_crypt.o lib/utils_loop.o lib/utils_io.o lib/utils_blkid.o src/utils_tools.o src/utils_password.o src/utils_luks2.o src/utils_blockdev.o src/cryptsetup.o -pthread -pthread  -Wl,--as-needed ./.libs/libcryptsetup.a -largon2 -lrt -ljson-c -lpopt -luuid -lblkid -lssl -lcrypto -lz -ldl -ldevmapper -lm -lpthread -ludev -pthread
-/usr/lib/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../x86_64-pc-linux-gnu/bin/ld: /usr/lib/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../lib64/libudev.a(src_libsystemd_sd-daemon_sd-daemon.c.o): in function `sd_is_mq':
-(.text.sd_is_mq+0x3a): undefined reference to `mq_getattr'
-```
----
- src/libudev/libudev.pc.in | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/libudev/libudev.pc.in b/src/libudev/libudev.pc.in
-index 89028aaa6bf2..1d6487fa4084 100644
---- a/src/libudev/libudev.pc.in
-+++ b/src/libudev/libudev.pc.in
-@@ -16,4 +16,5 @@ Name: libudev
- Description: Library to access udev device information
- Version: {{PROJECT_VERSION}}
- Libs: -L${libdir} -ludev
-+Libs.private: -lrt -pthread
- Cflags: -I${includedir}

diff --git a/sys-apps/systemd/files/249-network-renaming.patch b/sys-apps/systemd/files/249-network-renaming.patch
deleted file mode 100644
index b9eecf57b10f..000000000000
--- a/sys-apps/systemd/files/249-network-renaming.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 160203e974945ce520fe8f569458634ef898c61c Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Fri, 10 Sep 2021 08:09:56 +0900
-Subject: [PATCH] network: fix handling of network interface renaming
-
-Fixes #20657.
----
- src/network/networkd-link.c | 14 +++++++++-----
- 1 file changed, 9 insertions(+), 5 deletions(-)
-
-diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
-index 4afd540d2015..caad6205ae83 100644
---- a/src/network/networkd-link.c
-+++ b/src/network/networkd-link.c
-@@ -1470,17 +1470,21 @@ static int link_initialized(Link *link, sd_device *device) {
-         assert(link);
-         assert(device);
- 
--        if (link->state != LINK_STATE_PENDING)
--                return 0;
-+        /* Always replace with the new sd_device object. As the sysname (and possibly other properties
-+         * or sysattrs) may be outdated. */
-+        sd_device_ref(device);
-+        sd_device_unref(link->sd_device);
-+        link->sd_device = device;
- 
--        if (link->sd_device)
-+        /* Do not ignore unamanaged state case here. If an interface is renamed after being once
-+         * configured, and the corresponding .network file has Name= in [Match] section, then the
-+         * interface may be already in unmanaged state. See #20657. */
-+        if (!IN_SET(link->state, LINK_STATE_PENDING, LINK_STATE_UNMANAGED))
-                 return 0;
- 
-         log_link_debug(link, "udev initialized link");
-         link_set_state(link, LINK_STATE_INITIALIZED);
- 
--        link->sd_device = sd_device_ref(device);
--
-         /* udev has initialized the link, but we don't know if we have yet
-          * processed the NEWLINK messages with the latest state. Do a GETLINK,
-          * when it returns we know that the pending NEWLINKs have already been

diff --git a/sys-apps/systemd/systemd-249.4-r4.ebuild b/sys-apps/systemd/systemd-249.4-r4.ebuild
deleted file mode 100644
index 722d9f6b3f04..000000000000
--- a/sys-apps/systemd/systemd-249.4-r4.ebuild
+++ /dev/null
@@ -1,524 +0,0 @@
-# Copyright 2011-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-PYTHON_COMPAT=( python3_{8..10} )
-
-# Avoid QA warnings
-TMPFILES_OPTIONAL=1
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
-	inherit git-r3
-else
-	if [[ ${PV} == *.* ]]; then
-		MY_PN=systemd-stable
-	else
-		MY_PN=systemd
-	fi
-	MY_PV=${PV/_/-}
-	MY_P=${MY_PN}-${MY_PV}
-	S=${WORKDIR}/${MY_P}
-	SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
-	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~riscv sparc x86"
-fi
-
-inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev usr-ldscript
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils fido2 +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd"
-
-REQUIRED_USE="
-	homed? ( cryptsetup pam )
-	importd? ( curl gcrypt lzma )
-	pwquality? ( homed )
-"
-RESTRICT="!test? ( test )"
-
-MINKV="3.11"
-
-OPENSSL_DEP=">=dev-libs/openssl-1.1.0:0="
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
-	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
-	virtual/libcrypt:=[${MULTILIB_USEDEP}]
-	acl? ( sys-apps/acl:0= )
-	apparmor? ( sys-libs/libapparmor:0= )
-	audit? ( >=sys-process/audit-2:0= )
-	cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
-	curl? ( net-misc/curl:0= )
-	dns-over-tls? ( >=net-libs/gnutls-3.6.0:0= )
-	elfutils? ( >=dev-libs/elfutils-0.158:0= )
-	fido2? ( dev-libs/libfido2:0= )
-	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
-	homed? ( ${OPENSSL_DEP} )
-	http? (
-		>=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)]
-		>=net-libs/gnutls-3.1.4:0=
-	)
-	idn? ( net-dns/libidn2:= )
-	importd? (
-		app-arch/bzip2:0=
-		sys-libs/zlib:0=
-	)
-	kmod? ( >=sys-apps/kmod-15:0= )
-	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
-	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
-	nat? ( net-firewall/iptables:0= )
-	pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
-	pkcs11? ( app-crypt/p11-kit:0= )
-	pcre? ( dev-libs/libpcre2 )
-	pwquality? ( dev-libs/libpwquality:0= )
-	qrcode? ( media-gfx/qrencode:0= )
-	repart? ( ${OPENSSL_DEP} )
-	seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
-	selinux? ( sys-libs/libselinux:0= )
-	tpm? ( app-crypt/tpm2-tss:0= )
-	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
-	zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
-"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
-	>=sys-kernel/linux-headers-${MINKV}
-	gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
-"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
-	>=acct-group/adm-0-r1
-	>=acct-group/wheel-0-r1
-	>=acct-group/kmem-0-r1
-	>=acct-group/tty-0-r1
-	>=acct-group/utmp-0-r1
-	>=acct-group/audio-0-r1
-	>=acct-group/cdrom-0-r1
-	>=acct-group/dialout-0-r1
-	>=acct-group/disk-0-r1
-	>=acct-group/input-0-r1
-	>=acct-group/kvm-0-r1
-	>=acct-group/lp-0-r1
-	>=acct-group/render-0-r1
-	acct-group/sgx
-	>=acct-group/tape-0-r1
-	acct-group/users
-	>=acct-group/video-0-r1
-	>=acct-group/systemd-journal-0-r1
-	>=acct-user/root-0-r1
-	acct-user/nobody
-	>=acct-user/systemd-journal-remote-0-r1
-	>=acct-user/systemd-coredump-0-r1
-	>=acct-user/systemd-network-0-r1
-	acct-user/systemd-oom
-	>=acct-user/systemd-resolve-0-r1
-	>=acct-user/systemd-timesync-0-r1
-	>=sys-apps/baselayout-2.2
-	selinux? ( sec-policy/selinux-base-policy[systemd] )
-	sysv-utils? (
-		!sys-apps/openrc[sysv-utils(-)]
-		!sys-apps/sysvinit
-	)
-	!sysv-utils? ( sys-apps/sysvinit )
-	resolvconf? ( !net-dns/openresolv )
-	!build? ( || (
-		sys-apps/util-linux[kill(-)]
-		sys-process/procps[kill(+)]
-		sys-apps/coreutils[kill(-)]
-	) )
-	!sys-auth/nss-myhostname
-	!sys-fs/eudev
-	!sys-fs/udev
-"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
-	hwdb? ( sys-apps/hwids[systemd(+),udev] )
-	>=sys-fs/udev-init-scripts-34
-	policykit? ( sys-auth/polkit )
-	!vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-BDEPEND="
-	app-arch/xz-utils:0
-	dev-util/gperf
-	>=dev-util/meson-0.46
-	>=sys-apps/coreutils-8.16
-	sys-devel/gettext
-	virtual/pkgconfig
-	test? (
-		app-text/tree
-		dev-lang/perl
-		sys-apps/dbus
-	)
-	app-text/docbook-xml-dtd:4.2
-	app-text/docbook-xml-dtd:4.5
-	app-text/docbook-xsl-stylesheets
-	dev-libs/libxslt:0
-	$(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]')
-	$(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
-"
-
-python_check_deps() {
-	has_version -b "dev-python/jinja[${PYTHON_USEDEP}]" &&
-	has_version -b "dev-python/lxml[${PYTHON_USEDEP}]"
-}
-
-QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
-QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
-
-pkg_pretend() {
-	if [[ ${MERGE_TYPE} != buildonly ]]; then
-		if use test && has pid-sandbox ${FEATURES}; then
-			ewarn "Tests are known to fail with PID sandboxing enabled."
-			ewarn "See https://bugs.gentoo.org/674458."
-		fi
-
-		local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
-			~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
-			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
-			~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
-			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
-			~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
-			~!SYSFS_DEPRECATED_V2"
-
-		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
-		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
-		kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
-		kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
-		kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
-
-		if kernel_is -lt 5 10 20; then
-			CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
-		else
-			CONFIG_CHECK+=" ~KCMP"
-		fi
-
-		if linux_config_exists; then
-			local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
-			if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
-				ewarn "It's recommended to set an empty value to the following kernel config option:"
-				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
-			fi
-			if linux_chkconfig_present X86; then
-				CONFIG_CHECK+=" ~DMIID"
-			fi
-		fi
-
-		if kernel_is -lt ${MINKV//./ }; then
-			ewarn "Kernel version at least ${MINKV} required"
-		fi
-
-		check_extra_config
-	fi
-}
-
-pkg_setup() {
-	:
-}
-
-src_unpack() {
-	default
-	[[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
-	# Do NOT add patches here
-	local PATCHES=()
-
-	[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
-	# Add local patches here
-	PATCHES+=(
-		"${FILESDIR}/249-libudev-static.patch"
-		"${FILESDIR}/249-home-secret-assert.patch"
-		"${FILESDIR}/249-fido2.patch"
-		"${FILESDIR}/249-network-renaming.patch"
-	)
-
-	if ! use vanilla; then
-		PATCHES+=(
-			"${FILESDIR}/gentoo-generator-path-r2.patch"
-			"${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
-			"${FILESDIR}/gentoo-journald-audit.patch"
-		)
-	fi
-
-	default
-}
-
-src_configure() {
-	# Prevent conflicts with i686 cross toolchain, bug 559726
-	tc-export AR CC NM OBJCOPY RANLIB
-
-	python_setup
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	local myconf=(
-		--localstatedir="${EPREFIX}/var"
-		-Dsupport-url="https://gentoo.org/support/"
-		-Dpamlibdir="$(getpam_mod_dir)"
-		# avoid bash-completion dep
-		-Dbashcompletiondir="$(get_bashcompdir)"
-		# make sure we get /bin:/sbin in PATH
-		$(meson_use split-usr)
-		-Dsplit-bin=true
-		-Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
-		-Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
-		# Avoid infinite exec recursion, bug 642724
-		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
-		# no deps
-		-Dima=true
-		-Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
-		# Optional components/dependencies
-		$(meson_native_use_bool acl)
-		$(meson_native_use_bool apparmor)
-		$(meson_native_use_bool audit)
-		$(meson_native_use_bool cryptsetup libcryptsetup)
-		$(meson_native_use_bool curl libcurl)
-		$(meson_native_use_bool dns-over-tls dns-over-tls)
-		$(meson_native_use_bool elfutils)
-		$(meson_native_use_bool fido2 libfido2)
-		$(meson_use gcrypt)
-		$(meson_native_use_bool gnuefi gnu-efi)
-		-Defi-includedir="${ESYSROOT}/usr/include/efi"
-		-Defi-ld="$(tc-getLD)"
-		-Defi-libdir="${ESYSROOT}/usr/$(get_libdir)"
-		$(meson_native_use_bool homed)
-		$(meson_native_use_bool hwdb)
-		$(meson_native_use_bool http microhttpd)
-		$(meson_native_use_bool idn)
-		$(meson_native_use_bool importd)
-		$(meson_native_use_bool importd bzip2)
-		$(meson_native_use_bool importd zlib)
-		$(meson_native_use_bool kmod)
-		$(meson_use lz4)
-		$(meson_use lzma xz)
-		$(meson_use zstd)
-		$(meson_native_use_bool nat libiptc)
-		$(meson_use pam)
-		$(meson_native_use_bool pkcs11 p11kit)
-		$(meson_native_use_bool pcre pcre2)
-		$(meson_native_use_bool policykit polkit)
-		$(meson_native_use_bool pwquality)
-		$(meson_native_use_bool qrcode qrencode)
-		$(meson_native_use_bool repart)
-		$(meson_native_use_bool seccomp)
-		$(meson_native_use_bool selinux)
-		$(meson_native_use_bool tpm tpm2)
-		$(meson_native_use_bool test dbus)
-		$(meson_native_use_bool xkb xkbcommon)
-		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
-		# Breaks screen, tmux, etc.
-		-Ddefault-kill-user-processes=false
-		-Dcreate-log-dirs=false
-
-		# multilib options
-		$(meson_native_true backlight)
-		$(meson_native_true binfmt)
-		$(meson_native_true coredump)
-		$(meson_native_true environment-d)
-		$(meson_native_true firstboot)
-		$(meson_native_true hibernate)
-		$(meson_native_true hostnamed)
-		$(meson_native_true ldconfig)
-		$(meson_native_true localed)
-		$(meson_native_true man)
-		$(meson_native_true networkd)
-		$(meson_native_true quotacheck)
-		$(meson_native_true randomseed)
-		$(meson_native_true rfkill)
-		$(meson_native_true sysusers)
-		$(meson_native_true timedated)
-		$(meson_native_true timesyncd)
-		$(meson_native_true tmpfiles)
-		$(meson_native_true vconsole)
-	)
-
-	meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_test() {
-	unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
-	meson_src_test
-}
-
-multilib_src_install_all() {
-	local rootprefix=$(usex split-usr '' /usr)
-
-	# meson doesn't know about docdir
-	mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
-
-	einstalldocs
-	dodoc "${FILESDIR}"/nsswitch.conf
-
-	if ! use resolvconf; then
-		rm -f "${ED}${rootprefix}"/sbin/resolvconf || die
-	fi
-
-	rm "${ED}"/etc/init.d/README || die
-	rm "${ED}${rootprefix}"/lib/systemd/system-generators/systemd-sysv-generator || die
-
-	if ! use sysv-utils; then
-		rm "${ED}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
-		rm "${ED}"/usr/share/man/man1/init.1 || die
-		rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
-	fi
-
-	if ! use resolvconf && ! use sysv-utils; then
-		rmdir "${ED}${rootprefix}"/sbin || die
-	fi
-
-	# https://bugs.gentoo.org/761763
-	rm -r "${ED}"/usr/lib/sysusers.d || die
-
-	# Preserve empty dirs in /etc & /var, bug #437008
-	keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
-	keepdir /etc/kernel/install.d
-	keepdir /etc/systemd/{network,system,user}
-	keepdir /etc/udev/rules.d
-
-	if use hwdb; then
-		keepdir /etc/udev/hwdb.d
-	fi
-
-	keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
-	keepdir /usr/lib/{binfmt.d,modules-load.d}
-	keepdir /usr/lib/systemd/user-generators
-	keepdir /var/lib/systemd
-	keepdir /var/log/journal
-
-	# Symlink /etc/sysctl.conf for easy migration.
-	dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
-
-	if use pam; then
-		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
-	fi
-
-	if use hwdb; then
-		rm -r "${ED}${rootprefix}"/lib/udev/hwdb.d || die
-	fi
-
-	if use split-usr; then
-		# Avoid breaking boot/reboot
-		dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
-		dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
-	fi
-
-	gen_usr_ldscript -a systemd udev
-}
-
-migrate_locale() {
-	local envd_locale_def="${EROOT}/etc/env.d/02locale"
-	local envd_locale=( "${EROOT}"/etc/env.d/??locale )
-	local locale_conf="${EROOT}/etc/locale.conf"
-
-	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
-		# If locale.conf does not exist...
-		if [[ -e ${envd_locale} ]]; then
-			# ...either copy env.d/??locale if there's one
-			ebegin "Moving ${envd_locale} to ${locale_conf}"
-			mv "${envd_locale}" "${locale_conf}"
-			eend ${?} || FAIL=1
-		else
-			# ...or create a dummy default
-			ebegin "Creating ${locale_conf}"
-			cat > "${locale_conf}" <<-EOF
-				# This file has been created by the sys-apps/systemd ebuild.
-				# See locale.conf(5) and localectl(1).
-
-				# LANG=${LANG}
-			EOF
-			eend ${?} || FAIL=1
-		fi
-	fi
-
-	if [[ ! -L ${envd_locale} ]]; then
-		# now, if env.d/??locale is not a symlink (to locale.conf)...
-		if [[ -e ${envd_locale} ]]; then
-			# ...warn the user that he has duplicate locale settings
-			ewarn
-			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
-			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
-			ewarn "and create the symlink with the following command:"
-			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
-			ewarn
-		else
-			# ...or just create the symlink if there's nothing here
-			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
-			ln -n -s ../locale.conf "${envd_locale_def}"
-			eend ${?} || FAIL=1
-		fi
-	fi
-}
-
-pkg_preinst() {
-	if ! use split-usr; then
-		local dir
-		for dir in bin sbin lib; do
-			if [[ ! ${EROOT}/${dir} -ef ${EROOT}/usr/${dir} ]]; then
-				eerror "\"${EROOT}/${dir}\" and \"${EROOT}/usr/${dir}\" are not merged."
-				eerror "One of them should be a symbolic link to the other one."
-				FAIL=1
-			fi
-		done
-		if [[ ${FAIL} ]]; then
-			eerror "Migration to system layout with merged directories must be performed before"
-			eerror "rebuilding ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
-			die "System layout with split directories still used"
-		fi
-	fi
-}
-
-pkg_postinst() {
-	systemd_update_catalog
-
-	# Keep this here in case the database format changes so it gets updated
-	# when required.
-	if use hwdb; then
-		systemd-hwdb --root="${ROOT}" update
-	fi
-
-	udev_reload || FAIL=1
-
-	# Bug 465468, make sure locales are respected, and ensure consistency
-	# between OpenRC & systemd
-	migrate_locale
-
-	if [[ -z ${REPLACING_VERSIONS} ]]; then
-		if type systemctl &>/dev/null; then
-			systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
-		fi
-		elog "To enable a useful set of services, run the following:"
-		elog "  systemctl preset-all --preset-mode=enable-only"
-	fi
-
-	if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
-		rm "${EROOT}/var/lib/systemd/timesync"
-	fi
-
-	if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
-		ebegin "Reexecuting system manager"
-		systemctl daemon-reexec
-		eend $?
-	fi
-
-	if [[ ${FAIL} ]]; then
-		eerror "One of the postinst commands failed. Please check the postinst output"
-		eerror "for errors. You may need to clean up your system and/or try installing"
-		eerror "systemd again."
-		eerror
-	fi
-}
-
-pkg_prerm() {
-	# If removing systemd completely, remove the catalog database.
-	if [[ ! ${REPLACED_BY_VERSION} ]]; then
-		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
-	fi
-}


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2021-11-14 23:53 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2021-11-14 23:53 UTC (permalink / raw
  To: gentoo-commits

commit:     fc438698ea33d1481c56dbbcdbf5623aed59a69e
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 14 23:52:53 2021 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Nov 14 23:52:53 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fc438698

sys-apps/systemd: add 249.6, drop 249.5-r1

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 sys-apps/systemd/Manifest                          |   2 +-
 sys-apps/systemd/files/249.5-coredumpctl.patch     |  31 --
 .../249.5-revert-unit-start-rate-limiting.patch    | 483 ---------------------
 ...ystemd-249.5-r1.ebuild => systemd-249.6.ebuild} |   3 -
 4 files changed, 1 insertion(+), 518 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 6cbf0d852592..b4ec49408dd1 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,2 +1,2 @@
 DIST systemd-stable-249.4.tar.gz 10593723 BLAKE2B 466b3cb27c4bc6c85c9ba50f6614175b2c31a4c177d452542faa1395e99511440029b1a093dc80a5a1a0135eed09d8b1849572f36dba4e18a1396230bfc31adb SHA512 5b9ec28102538bc3dcb632ee16389ff20dccf4b723186f6ae2da119a1809d84db0d8bcecf9b75c5e2da8427f5543e1da281bbed1a154e529d8a82ea5128c465c
-DIST systemd-stable-249.5.tar.gz 10597897 BLAKE2B 5c573322ef9bcd9d019776d6e2d8625a741c1535c0d06661b5666c2438a70cfc4dc182919bb419829de27a4d93c16717ce24e668faf9bd6b09e57f8bd88be725 SHA512 d6f1a5a6f03f0ed05b111aee75da509c5868c523af6209f33e630724dd0c7e0d0abf16920795d587e6c31a5915d247ebc613cf26d4aecf39f82ebb0690fab75f
+DIST systemd-stable-249.6.tar.gz 10599611 BLAKE2B 9c0cbaa4319f2ce9a78dbe820d1b6df5191e6c632e2eac9f71f9ff9817564d9b3fc177d2aec0c0daea8ac33bbdc2066ad68a8967cf8857f4af3668b9a3e7d3bf SHA512 7a7791dfe4923c00987b924adcb1cd08c4d17af2b17b4c6c6c701856c6810cfda61f06821c39787339fc05293853c0ea61b9973fcf4495c7bf4f8054ecfae66f

diff --git a/sys-apps/systemd/files/249.5-coredumpctl.patch b/sys-apps/systemd/files/249.5-coredumpctl.patch
deleted file mode 100644
index 2892f3477137..000000000000
--- a/sys-apps/systemd/files/249.5-coredumpctl.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 473627e1c9fcdf8f819ced2bb79cb7e9ff598b0c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Tue, 12 Oct 2021 19:46:25 +0200
-Subject: [PATCH] coredumpctl: stop truncating information about coredump
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-With the changes to limit that print 'Found module …' over and over, we were
-hitting the journal field message limit, effectively truncating the info output.
-
-Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1998488.
-
-(cherry picked from commit 384c6207669eb0d92aa0043dbc01957c6c7ff41e)
----
- src/coredump/coredumpctl.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/coredump/coredumpctl.c b/src/coredump/coredumpctl.c
-index 3d44e51e32..7eba8330d7 100644
---- a/src/coredump/coredumpctl.c
-+++ b/src/coredump/coredumpctl.c
-@@ -555,6 +555,8 @@ static int print_info(FILE *file, sd_journal *j, bool need_space) {
-         assert(file);
-         assert(j);
- 
-+        (void) sd_journal_set_data_threshold(j, 0);
-+
-         SD_JOURNAL_FOREACH_DATA(j, d, l) {
-                 RETRIEVE(d, l, "MESSAGE_ID", mid);
-                 RETRIEVE(d, l, "COREDUMP_PID", pid);

diff --git a/sys-apps/systemd/files/249.5-revert-unit-start-rate-limiting.patch b/sys-apps/systemd/files/249.5-revert-unit-start-rate-limiting.patch
deleted file mode 100644
index 6d070e8d30d1..000000000000
--- a/sys-apps/systemd/files/249.5-revert-unit-start-rate-limiting.patch
+++ /dev/null
@@ -1,483 +0,0 @@
-From 4fa9d8f14523982482386d398d2b2669902f2098 Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Mon, 18 Oct 2021 14:11:53 +0900
-Subject: [PATCH] Revert "core: Check unit start rate limiting earlier"
-
-This reverts commit ed8fbbf1745c6a2dc0b8cd560ac8a3353f72e979.
-
-This was causing problems during boot, see
-https://bodhi.fedoraproject.org/updates/FEDORA-2021-a1a52487e6,
-https://bugzilla.redhat.com/show_bug.cgi?id=2013386.
-https://github.com/systemd/systemd/issues/21025
----
- src/core/automount.c                   | 23 ++++++-----------------
- src/core/mount.c                       | 23 ++++++-----------------
- src/core/path.c                        | 23 ++++++-----------------
- src/core/service.c                     | 25 +++++++------------------
- src/core/socket.c                      | 23 ++++++-----------------
- src/core/swap.c                        | 23 ++++++-----------------
- src/core/timer.c                       | 23 ++++++-----------------
- src/core/unit.c                        |  7 -------
- src/core/unit.h                        |  4 ----
- test/TEST-63-ISSUE-17433/Makefile      |  1 -
- test/TEST-63-ISSUE-17433/test.sh       |  9 ---------
- test/meson.build                       |  2 --
- test/testsuite-10.units/test10.service |  3 ---
- test/testsuite-63.units/test63.path    |  2 --
- test/testsuite-63.units/test63.service |  5 -----
- test/units/testsuite-63.service        | 16 ----------------
- 16 files changed, 43 insertions(+), 169 deletions(-)
- delete mode 120000 test/TEST-63-ISSUE-17433/Makefile
- delete mode 100755 test/TEST-63-ISSUE-17433/test.sh
- delete mode 100644 test/testsuite-63.units/test63.path
- delete mode 100644 test/testsuite-63.units/test63.service
- delete mode 100644 test/units/testsuite-63.service
-
-diff --git a/src/core/automount.c b/src/core/automount.c
-index 0722abef23..edc9588165 100644
---- a/src/core/automount.c
-+++ b/src/core/automount.c
-@@ -814,6 +814,12 @@ static int automount_start(Unit *u) {
-         if (r < 0)
-                 return r;
- 
-+        r = unit_test_start_limit(u);
-+        if (r < 0) {
-+                automount_enter_dead(a, AUTOMOUNT_FAILURE_START_LIMIT_HIT);
-+                return r;
-+        }
-+
-         r = unit_acquire_invocation_id(u);
-         if (r < 0)
-                 return r;
-@@ -1059,21 +1065,6 @@ static bool automount_supported(void) {
-         return supported;
- }
- 
--static int automount_test_start_limit(Unit *u) {
--        Automount *a = AUTOMOUNT(u);
--        int r;
--
--        assert(a);
--
--        r = unit_test_start_limit(u);
--        if (r < 0) {
--                automount_enter_dead(a, AUTOMOUNT_FAILURE_START_LIMIT_HIT);
--                return r;
--        }
--
--        return 0;
--}
--
- static const char* const automount_result_table[_AUTOMOUNT_RESULT_MAX] = {
-         [AUTOMOUNT_SUCCESS] = "success",
-         [AUTOMOUNT_FAILURE_RESOURCES] = "resources",
-@@ -1136,6 +1127,4 @@ const UnitVTable automount_vtable = {
-                         [JOB_FAILED]     = "Failed to unset automount %s.",
-                 },
-         },
--
--        .test_start_limit = automount_test_start_limit,
- };
-diff --git a/src/core/mount.c b/src/core/mount.c
-index 9bec190cb6..af39db214b 100644
---- a/src/core/mount.c
-+++ b/src/core/mount.c
-@@ -1168,6 +1168,12 @@ static int mount_start(Unit *u) {
- 
-         assert(IN_SET(m->state, MOUNT_DEAD, MOUNT_FAILED));
- 
-+        r = unit_test_start_limit(u);
-+        if (r < 0) {
-+                mount_enter_dead(m, MOUNT_FAILURE_START_LIMIT_HIT);
-+                return r;
-+        }
-+
-         r = unit_acquire_invocation_id(u);
-         if (r < 0)
-                 return r;
-@@ -2137,21 +2143,6 @@ static int mount_can_clean(Unit *u, ExecCleanMask *ret) {
-         return exec_context_get_clean_mask(&m->exec_context, ret);
- }
- 
--static int mount_test_start_limit(Unit *u) {
--        Mount *m = MOUNT(u);
--        int r;
--
--        assert(m);
--
--        r = unit_test_start_limit(u);
--        if (r < 0) {
--                mount_enter_dead(m, MOUNT_FAILURE_START_LIMIT_HIT);
--                return r;
--        }
--
--        return 0;
--}
--
- static const char* const mount_exec_command_table[_MOUNT_EXEC_COMMAND_MAX] = {
-         [MOUNT_EXEC_MOUNT] = "ExecMount",
-         [MOUNT_EXEC_UNMOUNT] = "ExecUnmount",
-@@ -2249,6 +2240,4 @@ const UnitVTable mount_vtable = {
-                         [JOB_TIMEOUT]    = "Timed out unmounting %s.",
-                 },
-         },
--
--        .test_start_limit = mount_test_start_limit,
- };
-diff --git a/src/core/path.c b/src/core/path.c
-index 2b659696a4..e098e83a31 100644
---- a/src/core/path.c
-+++ b/src/core/path.c
-@@ -590,6 +590,12 @@ static int path_start(Unit *u) {
-         if (r < 0)
-                 return r;
- 
-+        r = unit_test_start_limit(u);
-+        if (r < 0) {
-+                path_enter_dead(p, PATH_FAILURE_START_LIMIT_HIT);
-+                return r;
-+        }
-+
-         r = unit_acquire_invocation_id(u);
-         if (r < 0)
-                 return r;
-@@ -805,21 +811,6 @@ static void path_reset_failed(Unit *u) {
-         p->result = PATH_SUCCESS;
- }
- 
--static int path_test_start_limit(Unit *u) {
--        Path *p = PATH(u);
--        int r;
--
--        assert(p);
--
--        r = unit_test_start_limit(u);
--        if (r < 0) {
--                path_enter_dead(p, PATH_FAILURE_START_LIMIT_HIT);
--                return r;
--        }
--
--        return 0;
--}
--
- static const char* const path_type_table[_PATH_TYPE_MAX] = {
-         [PATH_EXISTS] = "PathExists",
-         [PATH_EXISTS_GLOB] = "PathExistsGlob",
-@@ -874,6 +865,4 @@ const UnitVTable path_vtable = {
-         .reset_failed = path_reset_failed,
- 
-         .bus_set_property = bus_path_set_property,
--
--        .test_start_limit = path_test_start_limit,
- };
-diff --git a/src/core/service.c b/src/core/service.c
-index 701c145565..7b90822f68 100644
---- a/src/core/service.c
-+++ b/src/core/service.c
-@@ -2456,6 +2456,13 @@ static int service_start(Unit *u) {
- 
-         assert(IN_SET(s->state, SERVICE_DEAD, SERVICE_FAILED));
- 
-+        /* Make sure we don't enter a busy loop of some kind. */
-+        r = unit_test_start_limit(u);
-+        if (r < 0) {
-+                service_enter_dead(s, SERVICE_FAILURE_START_LIMIT_HIT, false);
-+                return r;
-+        }
-+
-         r = unit_acquire_invocation_id(u);
-         if (r < 0)
-                 return r;
-@@ -4451,22 +4458,6 @@ static const char *service_finished_job(Unit *u, JobType t, JobResult result) {
-         return NULL;
- }
- 
--static int service_test_start_limit(Unit *u) {
--        Service *s = SERVICE(u);
--        int r;
--
--        assert(s);
--
--        /* Make sure we don't enter a busy loop of some kind. */
--        r = unit_test_start_limit(u);
--        if (r < 0) {
--                service_enter_dead(s, SERVICE_FAILURE_START_LIMIT_HIT, false);
--                return r;
--        }
--
--        return 0;
--}
--
- static const char* const service_restart_table[_SERVICE_RESTART_MAX] = {
-         [SERVICE_RESTART_NO] = "no",
-         [SERVICE_RESTART_ON_SUCCESS] = "on-success",
-@@ -4629,6 +4620,4 @@ const UnitVTable service_vtable = {
-                 },
-                 .finished_job = service_finished_job,
-         },
--
--        .test_start_limit = service_test_start_limit,
- };
-diff --git a/src/core/socket.c b/src/core/socket.c
-index 31d88b71ff..f362a5baa8 100644
---- a/src/core/socket.c
-+++ b/src/core/socket.c
-@@ -2515,6 +2515,12 @@ static int socket_start(Unit *u) {
- 
-         assert(IN_SET(s->state, SOCKET_DEAD, SOCKET_FAILED));
- 
-+        r = unit_test_start_limit(u);
-+        if (r < 0) {
-+                socket_enter_dead(s, SOCKET_FAILURE_START_LIMIT_HIT);
-+                return r;
-+        }
-+
-         r = unit_acquire_invocation_id(u);
-         if (r < 0)
-                 return r;
-@@ -3423,21 +3429,6 @@ static int socket_can_clean(Unit *u, ExecCleanMask *ret) {
-         return exec_context_get_clean_mask(&s->exec_context, ret);
- }
- 
--static int socket_test_start_limit(Unit *u) {
--        Socket *s = SOCKET(u);
--        int r;
--
--        assert(s);
--
--        r = unit_test_start_limit(u);
--        if (r < 0) {
--                socket_enter_dead(s, SOCKET_FAILURE_START_LIMIT_HIT);
--                return r;
--        }
--
--        return 0;
--}
--
- static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
-         [SOCKET_EXEC_START_PRE] = "ExecStartPre",
-         [SOCKET_EXEC_START_CHOWN] = "ExecStartChown",
-@@ -3564,6 +3555,4 @@ const UnitVTable socket_vtable = {
-                         [JOB_TIMEOUT]    = "Timed out stopping %s.",
-                 },
-         },
--
--        .test_start_limit = socket_test_start_limit,
- };
-diff --git a/src/core/swap.c b/src/core/swap.c
-index b25f68fb7d..3843b19500 100644
---- a/src/core/swap.c
-+++ b/src/core/swap.c
-@@ -933,6 +933,12 @@ static int swap_start(Unit *u) {
-                 if (UNIT(other)->job && UNIT(other)->job->state == JOB_RUNNING)
-                         return -EAGAIN;
- 
-+        r = unit_test_start_limit(u);
-+        if (r < 0) {
-+                swap_enter_dead(s, SWAP_FAILURE_START_LIMIT_HIT);
-+                return r;
-+        }
-+
-         r = unit_acquire_invocation_id(u);
-         if (r < 0)
-                 return r;
-@@ -1582,21 +1588,6 @@ static int swap_can_clean(Unit *u, ExecCleanMask *ret) {
-         return exec_context_get_clean_mask(&s->exec_context, ret);
- }
- 
--static int swap_test_start_limit(Unit *u) {
--        Swap *s = SWAP(u);
--        int r;
--
--        assert(s);
--
--        r = unit_test_start_limit(u);
--        if (r < 0) {
--                swap_enter_dead(s, SWAP_FAILURE_START_LIMIT_HIT);
--                return r;
--        }
--
--        return 0;
--}
--
- static const char* const swap_exec_command_table[_SWAP_EXEC_COMMAND_MAX] = {
-         [SWAP_EXEC_ACTIVATE] = "ExecActivate",
-         [SWAP_EXEC_DEACTIVATE] = "ExecDeactivate",
-@@ -1692,6 +1683,4 @@ const UnitVTable swap_vtable = {
-                         [JOB_TIMEOUT]    = "Timed out deactivating swap %s.",
-                 },
-         },
--
--        .test_start_limit = swap_test_start_limit,
- };
-diff --git a/src/core/timer.c b/src/core/timer.c
-index 5ecc9f35cf..e064ad9a2d 100644
---- a/src/core/timer.c
-+++ b/src/core/timer.c
-@@ -635,6 +635,12 @@ static int timer_start(Unit *u) {
-         if (r < 0)
-                 return r;
- 
-+        r = unit_test_start_limit(u);
-+        if (r < 0) {
-+                timer_enter_dead(t, TIMER_FAILURE_START_LIMIT_HIT);
-+                return r;
-+        }
-+
-         r = unit_acquire_invocation_id(u);
-         if (r < 0)
-                 return r;
-@@ -895,21 +901,6 @@ static int timer_can_clean(Unit *u, ExecCleanMask *ret) {
-         return 0;
- }
- 
--static int timer_test_start_limit(Unit *u) {
--        Timer *t = TIMER(u);
--        int r;
--
--        assert(t);
--
--        r = unit_test_start_limit(u);
--        if (r < 0) {
--                timer_enter_dead(t, TIMER_FAILURE_START_LIMIT_HIT);
--                return r;
--        }
--
--        return 0;
--}
--
- static const char* const timer_base_table[_TIMER_BASE_MAX] = {
-         [TIMER_ACTIVE] = "OnActiveSec",
-         [TIMER_BOOT] = "OnBootSec",
-@@ -969,6 +960,4 @@ const UnitVTable timer_vtable = {
-         .timezone_change = timer_timezone_change,
- 
-         .bus_set_property = bus_timer_set_property,
--
--        .test_start_limit = timer_test_start_limit,
- };
-diff --git a/src/core/unit.c b/src/core/unit.c
-index 69ed43578e..38d3eb703f 100644
---- a/src/core/unit.c
-+++ b/src/core/unit.c
-@@ -1851,13 +1851,6 @@ int unit_start(Unit *u) {
- 
-         assert(u);
- 
--        /* Check start rate limiting early so that failure conditions don't cause us to enter a busy loop. */
--        if (UNIT_VTABLE(u)->test_start_limit) {
--                int r = UNIT_VTABLE(u)->test_start_limit(u);
--                if (r < 0)
--                        return r;
--        }
--
-         /* If this is already started, then this will succeed. Note that this will even succeed if this unit
-          * is not startable by the user. This is relied on to detect when we need to wait for units and when
-          * waiting is finished. */
-diff --git a/src/core/unit.h b/src/core/unit.h
-index 9babd07188..759104ffa7 100644
---- a/src/core/unit.h
-+++ b/src/core/unit.h
-@@ -649,10 +649,6 @@ typedef struct UnitVTable {
-          * of this type will immediately fail. */
-         bool (*supported)(void);
- 
--        /* If this function is set, it's invoked first as part of starting a unit to allow start rate
--         * limiting checks to occur before we do anything else. */
--        int (*test_start_limit)(Unit *u);
--
-         /* The strings to print in status messages */
-         UnitStatusMessageFormats status_message_formats;
- 
-diff --git a/test/TEST-63-ISSUE-17433/Makefile b/test/TEST-63-ISSUE-17433/Makefile
-deleted file mode 120000
-index e9f93b1104..0000000000
---- a/test/TEST-63-ISSUE-17433/Makefile
-+++ /dev/null
-@@ -1 +0,0 @@
--../TEST-01-BASIC/Makefile
-\ No newline at end of file
-diff --git a/test/TEST-63-ISSUE-17433/test.sh b/test/TEST-63-ISSUE-17433/test.sh
-deleted file mode 100755
-index c595a9f2de..0000000000
---- a/test/TEST-63-ISSUE-17433/test.sh
-+++ /dev/null
-@@ -1,9 +0,0 @@
--#!/usr/bin/env bash
--set -e
--
--TEST_DESCRIPTION="https://github.com/systemd/systemd/issues/17433"
--
--# shellcheck source=test/test-functions
--. "${TEST_BASE_DIR:?}/test-functions"
--
--do_test "$@"
-diff --git a/test/meson.build b/test/meson.build
-index 6f8f257c2d..47c7f4d49a 100644
---- a/test/meson.build
-+++ b/test/meson.build
-@@ -33,8 +33,6 @@ if install_tests
-                        install_dir : testdata_dir)
-         install_subdir('testsuite-52.units',
-                        install_dir : testdata_dir)
--        install_subdir('testsuite-63.units',
--                       install_dir : testdata_dir)
- 
-         testsuite08_dir = testdata_dir + '/testsuite-08.units'
-         install_data('testsuite-08.units/-.mount',
-diff --git a/test/testsuite-10.units/test10.service b/test/testsuite-10.units/test10.service
-index 2fb476b986..d0be786b01 100644
---- a/test/testsuite-10.units/test10.service
-+++ b/test/testsuite-10.units/test10.service
-@@ -1,9 +1,6 @@
- [Unit]
- Requires=test10.socket
- ConditionPathExistsGlob=/tmp/nonexistent
--# Make sure we hit the socket trigger limit in the test and not the service start limit.
--StartLimitInterval=1000
--StartLimitBurst=1000
- 
- [Service]
- ExecStart=true
-diff --git a/test/testsuite-63.units/test63.path b/test/testsuite-63.units/test63.path
-deleted file mode 100644
-index a6573bda0a..0000000000
---- a/test/testsuite-63.units/test63.path
-+++ /dev/null
-@@ -1,2 +0,0 @@
--[Path]
--PathExists=/tmp/test63
-diff --git a/test/testsuite-63.units/test63.service b/test/testsuite-63.units/test63.service
-deleted file mode 100644
-index c83801874d..0000000000
---- a/test/testsuite-63.units/test63.service
-+++ /dev/null
-@@ -1,5 +0,0 @@
--[Unit]
--ConditionPathExists=!/tmp/nonexistent
--
--[Service]
--ExecStart=true
-diff --git a/test/units/testsuite-63.service b/test/units/testsuite-63.service
-deleted file mode 100644
-index 04122723d4..0000000000
---- a/test/units/testsuite-63.service
-+++ /dev/null
-@@ -1,16 +0,0 @@
--[Unit]
--Description=TEST-63-ISSUE-17433
--
--[Service]
--ExecStartPre=rm -f /failed /testok
--Type=oneshot
--ExecStart=rm -f /tmp/nonexistent
--ExecStart=systemctl start test63.path
--ExecStart=touch /tmp/test63
--# Make sure systemd has sufficient time to hit the start limit for test63.service.
--ExecStart=sleep 2
--ExecStart=sh -x -c 'test "$(systemctl show test63.service -P ActiveState)" = failed'
--ExecStart=sh -x -c 'test "$(systemctl show test63.service -P Result)" = start-limit-hit'
--ExecStart=sh -x -c 'test "$(systemctl show test63.path -P ActiveState)" = failed'
--ExecStart=sh -x -c 'test "$(systemctl show test63.path -P Result)" = unit-start-limit-hit'
--ExecStart=sh -x -c 'echo OK >/testok'

diff --git a/sys-apps/systemd/systemd-249.5-r1.ebuild b/sys-apps/systemd/systemd-249.6.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-249.5-r1.ebuild
rename to sys-apps/systemd/systemd-249.6.ebuild
index e47a7beaa3d1..8348517478b6 100644
--- a/sys-apps/systemd/systemd-249.5-r1.ebuild
+++ b/sys-apps/systemd/systemd-249.6.ebuild
@@ -226,9 +226,6 @@ src_prepare() {
 
 	# Add local patches here
 	PATCHES+=(
-		"${FILESDIR}/249-libudev-static.patch"
-		"${FILESDIR}/249.5-coredumpctl.patch"
-		"${FILESDIR}/249.5-revert-unit-start-rate-limiting.patch"
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2021-11-07  5:27 Georgy Yakovlev
  0 siblings, 0 replies; 65+ messages in thread
From: Georgy Yakovlev @ 2021-11-07  5:27 UTC (permalink / raw
  To: gentoo-commits

commit:     c897165ab00b566f2a21db3bb1d8da0fee67bfc8
Author:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
AuthorDate: Mon Nov  1 23:33:10 2021 +0000
Commit:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
CommitDate: Sun Nov  7 05:26:12 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c897165a

sys-apps/systemd: add hostnamed-fallback mode

this will allow networkd/hostnamed to properly set hostname
on systems without polkit.

while it's possible to set hostname/fqdn manually already, with fallback workaround
it will be possible to get hostnames from DHCP via networkd too without
using polkit->spidermonkey->rust->llvm chain of deps.

ideas and configs taken from yocto/oe
https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=3dc37c12c17d5bb6d4701a425a4f79f6e31784ee

https://github.com/systemd/systemd/issues/13501
Closes: https://github.com/gentoo/gentoo/pull/22792
Signed-off-by: Georgy Yakovlev <gyakovlev <AT> gentoo.org>

 sys-apps/systemd/files/00-hostnamed-network-user.conf   |  6 ++++++
 .../files/org.freedesktop.hostname1_no_polkit.conf      | 11 +++++++++++
 sys-apps/systemd/metadata.xml                           |  1 +
 sys-apps/systemd/systemd-9999.ebuild                    | 17 ++++++++++++++++-
 4 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/sys-apps/systemd/files/00-hostnamed-network-user.conf b/sys-apps/systemd/files/00-hostnamed-network-user.conf
new file mode 100644
index 00000000000..6b224ba9b93
--- /dev/null
+++ b/sys-apps/systemd/files/00-hostnamed-network-user.conf
@@ -0,0 +1,6 @@
+[Service]
+# By running with these options instead of root, networkd is allowed to request
+# a hostname change via DBUS when policykit is not present
+User=systemd-network
+Group=systemd-hostname
+AmbientCapabilities=CAP_SYS_ADMIN

diff --git a/sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf b/sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf
new file mode 100644
index 00000000000..f4d0271cdb6
--- /dev/null
+++ b/sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf
@@ -0,0 +1,11 @@
+<?xml version="1.0"?> <!--*-nxml-*-->
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+        "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
+<busconfig>
+        <policy group="systemd-hostname">
+                <allow own="org.freedesktop.hostname1"/>
+                <allow send_destination="org.freedesktop.hostname1"/>
+                <allow receive_sender="org.freedesktop.hostname1"/>
+        </policy>
+</busconfig>

diff --git a/sys-apps/systemd/metadata.xml b/sys-apps/systemd/metadata.xml
index b35d6bfbd41..cd0754d004d 100644
--- a/sys-apps/systemd/metadata.xml
+++ b/sys-apps/systemd/metadata.xml
@@ -20,6 +20,7 @@
 		<flag name="fido2">Enable FIDO2 support</flag>
 		<flag name="gcrypt">Enable sealing of journal files using gcrypt</flag>
 		<flag name="homed">Enable portable home directories</flag>
+		<flag name="hostnamed-fallback">Enable setting hostname with networkd/hostnamed without polkit (requires running <pkg>sys-apps/dbus-broker</pkg>)</flag>
 		<flag name="http">Enable embedded HTTP server in journald</flag>
 		<flag name="hwdb">Enable support for the hardware database</flag>
 		<flag name="importd">Enable import daemon</flag>

diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 8348517478b..485b6498181 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -30,11 +30,12 @@ HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
 
 LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
 SLOT="0/2"
-IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils fido2 +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd"
+IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils fido2 +gcrypt gnuefi homed hostnamed-fallback http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd"
 
 REQUIRED_USE="
 	homed? ( cryptsetup pam )
 	importd? ( curl gcrypt lzma )
+	policykit? ( !hostnamed-fallback )
 	pwquality? ( homed )
 "
 RESTRICT="!test? ( test )"
@@ -117,6 +118,10 @@ RDEPEND="${COMMON_DEPEND}
 	>=acct-user/systemd-resolve-0-r1
 	>=acct-user/systemd-timesync-0-r1
 	>=sys-apps/baselayout-2.2
+	hostnamed-fallback? (
+		acct-group/systemd-hostname
+		sys-apps/dbus-broker
+	)
 	selinux? ( sec-policy/selinux-base-policy[systemd] )
 	sysv-utils? (
 		!sys-apps/openrc[sysv-utils(-)]
@@ -400,6 +405,16 @@ multilib_src_install_all() {
 		dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
 	fi
 
+	# workaround for https://github.com/systemd/systemd/issues/13501
+	if use hostnamed-fallback; then
+		# this file requires dbus-broker
+		insinto /usr/share/dbus-1/system.d/
+		doins "${FILESDIR}/org.freedesktop.hostname1_no_polkit.conf"
+
+		insinto "${rootprefix}/lib/systemd/system/systemd-hostnamed.service.d/"
+		doins "${FILESDIR}/00-hostnamed-network-user.conf"
+	fi
+
 	gen_usr_ldscript -a systemd udev
 }
 


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2021-09-14 23:47 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2021-09-14 23:47 UTC (permalink / raw
  To: gentoo-commits

commit:     456fb26fe2564868771b7948b6049dc96743d947
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 14 23:46:05 2021 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Tue Sep 14 23:46:05 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=456fb26f

sys-apps/systemd: backport network fix

Closes: https://bugs.gentoo.org/813102
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 sys-apps/systemd/files/249-network-renaming.patch  | 41 ++++++++++++++++++++++
 ...emd-249.4-r3.ebuild => systemd-249.4-r4.ebuild} |  1 +
 2 files changed, 42 insertions(+)

diff --git a/sys-apps/systemd/files/249-network-renaming.patch b/sys-apps/systemd/files/249-network-renaming.patch
new file mode 100644
index 00000000000..b9eecf57b10
--- /dev/null
+++ b/sys-apps/systemd/files/249-network-renaming.patch
@@ -0,0 +1,41 @@
+From 160203e974945ce520fe8f569458634ef898c61c Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Fri, 10 Sep 2021 08:09:56 +0900
+Subject: [PATCH] network: fix handling of network interface renaming
+
+Fixes #20657.
+---
+ src/network/networkd-link.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 4afd540d2015..caad6205ae83 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -1470,17 +1470,21 @@ static int link_initialized(Link *link, sd_device *device) {
+         assert(link);
+         assert(device);
+ 
+-        if (link->state != LINK_STATE_PENDING)
+-                return 0;
++        /* Always replace with the new sd_device object. As the sysname (and possibly other properties
++         * or sysattrs) may be outdated. */
++        sd_device_ref(device);
++        sd_device_unref(link->sd_device);
++        link->sd_device = device;
+ 
+-        if (link->sd_device)
++        /* Do not ignore unamanaged state case here. If an interface is renamed after being once
++         * configured, and the corresponding .network file has Name= in [Match] section, then the
++         * interface may be already in unmanaged state. See #20657. */
++        if (!IN_SET(link->state, LINK_STATE_PENDING, LINK_STATE_UNMANAGED))
+                 return 0;
+ 
+         log_link_debug(link, "udev initialized link");
+         link_set_state(link, LINK_STATE_INITIALIZED);
+ 
+-        link->sd_device = sd_device_ref(device);
+-
+         /* udev has initialized the link, but we don't know if we have yet
+          * processed the NEWLINK messages with the latest state. Do a GETLINK,
+          * when it returns we know that the pending NEWLINKs have already been

diff --git a/sys-apps/systemd/systemd-249.4-r3.ebuild b/sys-apps/systemd/systemd-249.4-r4.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-249.4-r3.ebuild
rename to sys-apps/systemd/systemd-249.4-r4.ebuild
index b651ce70662..dff4c114007 100644
--- a/sys-apps/systemd/systemd-249.4-r3.ebuild
+++ b/sys-apps/systemd/systemd-249.4-r4.ebuild
@@ -229,6 +229,7 @@ src_prepare() {
 		"${FILESDIR}/249-libudev-static.patch"
 		"${FILESDIR}/249-home-secret-assert.patch"
 		"${FILESDIR}/249-fido2.patch"
+		"${FILESDIR}/249-network-renaming.patch"
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2021-09-08 18:29 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2021-09-08 18:29 UTC (permalink / raw
  To: gentoo-commits

commit:     bf8a15acdb09aef0eedfaeb743e1ae566120e0b7
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Sep  8 18:28:49 2021 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Sep  8 18:29:25 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf8a15ac

sys-apps/systemd: backport fix for pam_systemd_home

Closes: https://bugs.gentoo.org/811093
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../systemd/files/249-home-secret-assert.patch     | 106 +++++++++++++++++++++
 sys-apps/systemd/systemd-249.4-r2.ebuild           |   1 +
 2 files changed, 107 insertions(+)

diff --git a/sys-apps/systemd/files/249-home-secret-assert.patch b/sys-apps/systemd/files/249-home-secret-assert.patch
new file mode 100644
index 00000000000..e6e2a8e7cc7
--- /dev/null
+++ b/sys-apps/systemd/files/249-home-secret-assert.patch
@@ -0,0 +1,106 @@
+From 6a09dbb89507449d158af6c7097d2c51ce83205f Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 5 Sep 2021 11:16:26 +0900
+Subject: [PATCH] home: 'secret' argument of handle_generic_user_record_error
+ may be null
+
+When RefHome() bus method is called in acquire_home(), secret is NULL.
+
+Fixes #20639.
+---
+ src/home/pam_systemd_home.c | 19 ++++++++++++++++++-
+ 1 file changed, 18 insertions(+), 1 deletion(-)
+
+diff --git a/src/home/pam_systemd_home.c b/src/home/pam_systemd_home.c
+index 836ed0d5e96d..a04d50208a8e 100644
+--- a/src/home/pam_systemd_home.c
++++ b/src/home/pam_systemd_home.c
+@@ -281,7 +281,6 @@ static int handle_generic_user_record_error(
+                 const sd_bus_error *error) {
+ 
+         assert(user_name);
+-        assert(secret);
+         assert(error);
+ 
+         int r;
+@@ -301,6 +300,8 @@ static int handle_generic_user_record_error(
+         } else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_PASSWORD)) {
+                 _cleanup_(erase_and_freep) char *newp = NULL;
+ 
++                assert(secret);
++
+                 /* This didn't work? Ask for an (additional?) password */
+ 
+                 if (strv_isempty(secret->password))
+@@ -326,6 +327,8 @@ static int handle_generic_user_record_error(
+         } else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN)) {
+                 _cleanup_(erase_and_freep) char *newp = NULL;
+ 
++                assert(secret);
++
+                 if (strv_isempty(secret->password)) {
+                         (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token of user %s not inserted.", user_name);
+                         r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Try again with password: ");
+@@ -350,6 +353,8 @@ static int handle_generic_user_record_error(
+         } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PIN_NEEDED)) {
+                 _cleanup_(erase_and_freep) char *newp = NULL;
+ 
++                assert(secret);
++
+                 r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Security token PIN: ");
+                 if (r != PAM_SUCCESS)
+                         return PAM_CONV_ERR; /* no logging here */
+@@ -367,6 +372,8 @@ static int handle_generic_user_record_error(
+ 
+         } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED)) {
+ 
++                assert(secret);
++
+                 (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please authenticate physically on security token of user %s.", user_name);
+ 
+                 r = user_record_set_pkcs11_protected_authentication_path_permitted(secret, true);
+@@ -377,6 +384,8 @@ static int handle_generic_user_record_error(
+ 
+         } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_USER_PRESENCE_NEEDED)) {
+ 
++                assert(secret);
++
+                 (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please confirm presence on security token of user %s.", user_name);
+ 
+                 r = user_record_set_fido2_user_presence_permitted(secret, true);
+@@ -387,6 +396,8 @@ static int handle_generic_user_record_error(
+ 
+         } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_USER_VERIFICATION_NEEDED)) {
+ 
++                assert(secret);
++
+                 (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please verify user on security token of user %s.", user_name);
+ 
+                 r = user_record_set_fido2_user_verification_permitted(secret, true);
+@@ -403,6 +414,8 @@ static int handle_generic_user_record_error(
+         } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN)) {
+                 _cleanup_(erase_and_freep) char *newp = NULL;
+ 
++                assert(secret);
++
+                 (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN incorrect for user %s.", user_name);
+                 r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: ");
+                 if (r != PAM_SUCCESS)
+@@ -422,6 +435,8 @@ static int handle_generic_user_record_error(
+         } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN_FEW_TRIES_LEFT)) {
+                 _cleanup_(erase_and_freep) char *newp = NULL;
+ 
++                assert(secret);
++
+                 (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN of user %s incorrect (only a few tries left!)", user_name);
+                 r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: ");
+                 if (r != PAM_SUCCESS)
+@@ -441,6 +456,8 @@ static int handle_generic_user_record_error(
+         } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN_ONE_TRY_LEFT)) {
+                 _cleanup_(erase_and_freep) char *newp = NULL;
+ 
++                assert(secret);
++
+                 (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN of user %s incorrect (only one try left!)", user_name);
+                 r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: ");
+                 if (r != PAM_SUCCESS)

diff --git a/sys-apps/systemd/systemd-249.4-r2.ebuild b/sys-apps/systemd/systemd-249.4-r2.ebuild
index 95d20177016..dd5462b694d 100644
--- a/sys-apps/systemd/systemd-249.4-r2.ebuild
+++ b/sys-apps/systemd/systemd-249.4-r2.ebuild
@@ -226,6 +226,7 @@ src_prepare() {
 	# Add local patches here
 	PATCHES+=(
 		"${FILESDIR}/249-libudev-static.patch"
+		"${FILESDIR}/249-home-secret-assert.patch"
 		"${FILESDIR}/249-fido2.patch"
 	)
 


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2021-07-08 20:23 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2021-07-08 20:23 UTC (permalink / raw
  To: gentoo-commits

commit:     9cb1e202e281d9fa3ebbf9f354b0672d98743d87
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Jul  8 20:22:01 2021 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Jul  8 20:22:01 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9cb1e202

sys-apps/systemd: backport fix for hostnamed

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../files/249-hostnamed-error-variable.patch       | 50 ++++++++++++++++++++++
 .../{systemd-249.ebuild => systemd-249-r1.ebuild}  |  1 +
 2 files changed, 51 insertions(+)

diff --git a/sys-apps/systemd/files/249-hostnamed-error-variable.patch b/sys-apps/systemd/files/249-hostnamed-error-variable.patch
new file mode 100644
index 00000000000..7fe7af73a00
--- /dev/null
+++ b/sys-apps/systemd/files/249-hostnamed-error-variable.patch
@@ -0,0 +1,50 @@
+From 105a4245ff13d588e1e848e8ee3cffd6185bd0ae Mon Sep 17 00:00:00 2001
+From: Jan Palus <jpalus@fastmail.com>
+Date: Thu, 8 Jul 2021 00:23:21 +0200
+Subject: [PATCH] hostnamed: correct variable with errno in fallback_chassis
+
+fixes assertion failure on arm:
+
+systemd-hostnamed[642]: Assertion '(_error) != 0' failed at src/hostname/hostnamed.c:207, function fallback_chassis(). Aborting.
+---
+ src/hostname/hostnamed.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
+index bd535ddc4d80..36702f2fb0cd 100644
+--- a/src/hostname/hostnamed.c
++++ b/src/hostname/hostnamed.c
+@@ -204,14 +204,14 @@ static const char* fallback_chassis(void) {
+ 
+         r = read_one_line_file("/sys/class/dmi/id/chassis_type", &type);
+         if (r < 0) {
+-                log_debug_errno(v, "Failed to read DMI chassis type, ignoring: %m");
++                log_debug_errno(r, "Failed to read DMI chassis type, ignoring: %m");
+                 goto try_acpi;
+         }
+ 
+         r = safe_atou(type, &t);
+         free(type);
+         if (r < 0) {
+-                log_debug_errno(v, "Failed to parse DMI chassis type, ignoring: %m");
++                log_debug_errno(r, "Failed to parse DMI chassis type, ignoring: %m");
+                 goto try_acpi;
+         }
+ 
+@@ -260,14 +260,14 @@ static const char* fallback_chassis(void) {
+ try_acpi:
+         r = read_one_line_file("/sys/firmware/acpi/pm_profile", &type);
+         if (r < 0) {
+-                log_debug_errno(v, "Failed read ACPI PM profile, ignoring: %m");
++                log_debug_errno(r, "Failed read ACPI PM profile, ignoring: %m");
+                 return NULL;
+         }
+ 
+         r = safe_atou(type, &t);
+         free(type);
+         if (r < 0) {
+-                log_debug_errno(v, "Failed parse ACPI PM profile, ignoring: %m");
++                log_debug_errno(r, "Failed parse ACPI PM profile, ignoring: %m");
+                 return NULL;
+         }
+ 

diff --git a/sys-apps/systemd/systemd-249.ebuild b/sys-apps/systemd/systemd-249-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-249.ebuild
rename to sys-apps/systemd/systemd-249-r1.ebuild
index 7b82142e7ac..3bc38914353 100644
--- a/sys-apps/systemd/systemd-249.ebuild
+++ b/sys-apps/systemd/systemd-249-r1.ebuild
@@ -218,6 +218,7 @@ src_prepare() {
 
 	# Add local patches here
 	PATCHES+=(
+		"${FILESDIR}/249-hostnamed-error-variable.patch"
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2021-06-20 17:18 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2021-06-20 17:18 UTC (permalink / raw
  To: gentoo-commits

commit:     b528f97e26fe1d046152e38cbd199355d380cc98
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 20 16:53:28 2021 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Jun 20 17:18:48 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b528f97e

sys-apps/systemd: simplify systemd-user pam config

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 sys-apps/systemd/files/systemd-user.pam | 5 +++++
 sys-apps/systemd/systemd-9999.ebuild    | 5 ++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/sys-apps/systemd/files/systemd-user.pam b/sys-apps/systemd/files/systemd-user.pam
new file mode 100644
index 00000000000..38ae3211f8d
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-user.pam
@@ -0,0 +1,5 @@
+account include system-auth
+
+session required pam_loginuid.so
+session include system-auth
+session optional pam_systemd.so

diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 3f2168e521b..41b2a1b5b70 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -223,7 +223,6 @@ src_prepare() {
 			"${FILESDIR}/gentoo-generator-path-r2.patch"
 			"${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
 			"${FILESDIR}/gentoo-journald-audit.patch"
-			"${FILESDIR}/gentoo-pam-r1.patch"
 		)
 	fi
 
@@ -380,6 +379,10 @@ multilib_src_install_all() {
 	# Symlink /etc/sysctl.conf for easy migration.
 	dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
 
+	if use pam; then
+		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+	fi
+
 	if use hwdb; then
 		rm -r "${ED}${rootprefix}"/lib/udev/hwdb.d || die
 	fi


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2021-05-19 19:37 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2021-05-19 19:37 UTC (permalink / raw
  To: gentoo-commits

commit:     802dfd1188797b98f8be573efd29feccf7ab8c2c
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed May 19 19:36:46 2021 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed May 19 19:36:46 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=802dfd11

sys-apps/systemd: update pam patch for jinja conversion

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 sys-apps/systemd/files/gentoo-pam-r1.patch | 33 ++++++++++++++++++++++++++++++
 sys-apps/systemd/systemd-9999.ebuild       |  2 +-
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/sys-apps/systemd/files/gentoo-pam-r1.patch b/sys-apps/systemd/files/gentoo-pam-r1.patch
new file mode 100644
index 00000000000..8816bae19e0
--- /dev/null
+++ b/sys-apps/systemd/files/gentoo-pam-r1.patch
@@ -0,0 +1,33 @@
+From e404e655eab9042bfc81ff5638dd54f4a5452ce0 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Wed, 19 May 2021 15:34:41 -0400
+Subject: [PATCH] pam: include system-auth for systemd --user
+
+---
+ src/login/systemd-user.in | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in
+index 343aec4a01..a18d7d43cf 100644
+--- a/src/login/systemd-user.in
++++ b/src/login/systemd-user.in
+@@ -5,7 +5,7 @@
+ {% if ENABLE_HOMED %}
+ -account sufficient pam_systemd_home.so
+ {% endif %}
+-account sufficient pam_unix.so
++account include system-auth
+ account required pam_permit.so
+ 
+ {% if HAVE_SELINUX %}
+@@ -13,6 +13,7 @@ session required pam_selinux.so close
+ session required pam_selinux.so nottys open
+ {% endif %}
+ session required pam_loginuid.so
++session include system-auth
+ session optional pam_keyinit.so force revoke
+ {% if ENABLE_HOMED %}
+ -session optional pam_systemd_home.so
+-- 
+2.31.1
+

diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 72aabc846fe..03cc0e7e225 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -223,7 +223,7 @@ src_prepare() {
 			"${FILESDIR}/gentoo-generator-path-r2.patch"
 			"${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
 			"${FILESDIR}/gentoo-journald-audit.patch"
-			"${FILESDIR}/gentoo-pam.patch"
+			"${FILESDIR}/gentoo-pam-r1.patch"
 		)
 	fi
 


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2020-11-08 17:51 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2020-11-08 17:51 UTC (permalink / raw
  To: gentoo-commits

commit:     e25dac18a28a39570cbd3bc258be1b573c8fa9dc
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Nov  8 17:50:35 2020 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Nov  8 17:50:50 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e25dac18

sys-apps/systemd: bump to 247-rc1

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 sys-apps/systemd/Manifest                          |  1 +
 .../gentoo-systemctl-disable-sysv-sync-r1.patch    | 25 ++++++++++++++++++++++
 ...{systemd-9999.ebuild => systemd-247_rc1.ebuild} |  2 +-
 sys-apps/systemd/systemd-9999.ebuild               |  2 +-
 4 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 470a6c699a3..530182fc3ff 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,2 +1,3 @@
 DIST systemd-246.tar.gz 9534036 BLAKE2B 71b72abcd4d066d35d45d9835d41bec8faa9a7eddc80b48fe7073223f07d32f78a8442c52dc0800940f9750d9c5502123a633738981d797cf610d85df2035bf0 SHA512 7103f7da53f7ced3b5543c238f23bd11c82af8e37166c1720a90576b6b431b4329320c78726166c65a9f5e101dd465c0a86dd13c586c4e55e608a6273d8f324f
+DIST systemd-247-rc1.tar.gz 9838448 BLAKE2B 99eeafb9ef35d7786f39e8089820ea7b838e06b7ad74271a193c27e716275cb96e0cfe213fa546abc304978fdf95be37e23f31c2059aa6aff28739979a1a036d SHA512 5c04b013ceebbf466c917d093189a60a2a77c57a844eed840c911669855d4d9d783dcaec1ba6b488c5e96e7f9a9f3d4e39cff240c46c013ec2fcce5a5b7c4aee
 DIST systemd-stable-246.6.tar.gz 9545237 BLAKE2B 5290736b30ca1a3188335a74d49b4f3e8b48007d9563efac1985ea6428a8b8fd6cad7ae87c35e13a32f851ebd27821829738274d35cfbff9340750bd3b086621 SHA512 1936b291d9831cf61f800fe718a4c2c2fe9b2a11fd817fe32bd48da2087a675dfc91013209a3478ea52e8ada593300ed906e248b8081dcf9141bf1cc17483ea9

diff --git a/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync-r1.patch b/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync-r1.patch
new file mode 100644
index 00000000000..a9d40be4ab7
--- /dev/null
+++ b/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync-r1.patch
@@ -0,0 +1,25 @@
+From d9059d2ef1b0d6034267cc8ff44871d0f82f840f Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Sun, 8 Nov 2020 12:34:11 -0500
+Subject: [PATCH] systemctl: disable synchronizaion of sysv init scripts
+
+---
+ src/systemctl/systemctl-sysv-compat.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/systemctl/systemctl-sysv-compat.c b/src/systemctl/systemctl-sysv-compat.c
+index 2dca9e480f..5dcf13ba17 100644
+--- a/src/systemctl/systemctl-sysv-compat.c
++++ b/src/systemctl/systemctl-sysv-compat.c
+@@ -111,7 +111,7 @@ int parse_shutdown_time_spec(const char *t, usec_t *ret) {
+ int enable_sysv_units(const char *verb, char **args) {
+         int r = 0;
+ 
+-#if HAVE_SYSV_COMPAT
++#if 0
+         _cleanup_(lookup_paths_free) LookupPaths paths = {};
+         unsigned f = 0;
+ 
+-- 
+2.29.0
+

diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-247_rc1.ebuild
similarity index 99%
copy from sys-apps/systemd/systemd-9999.ebuild
copy to sys-apps/systemd/systemd-247_rc1.ebuild
index 4c0c3699148..016f308320d 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-247_rc1.ebuild
@@ -208,7 +208,7 @@ src_prepare() {
 	if ! use vanilla; then
 		PATCHES+=(
 			"${FILESDIR}/gentoo-generator-path-r2.patch"
-			"${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch"
+			"${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
 			"${FILESDIR}/gentoo-journald-audit.patch"
 			"${FILESDIR}/gentoo-pam.patch"
 		)

diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 4c0c3699148..016f308320d 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -208,7 +208,7 @@ src_prepare() {
 	if ! use vanilla; then
 		PATCHES+=(
 			"${FILESDIR}/gentoo-generator-path-r2.patch"
-			"${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch"
+			"${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
 			"${FILESDIR}/gentoo-journald-audit.patch"
 			"${FILESDIR}/gentoo-pam.patch"
 		)


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2020-05-21  0:13 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2020-05-21  0:13 UTC (permalink / raw
  To: gentoo-commits

commit:     25690985f6ec821756db3ee0af7484976005b79d
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu May 21 00:11:48 2020 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu May 21 00:12:58 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=25690985

sys-apps/systemd: remove old

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 sys-apps/systemd/Manifest                |   1 -
 sys-apps/systemd/files/243-seccomp.patch | 145 ---------
 sys-apps/systemd/systemd-243-r2.ebuild   | 504 -------------------------------
 3 files changed, 650 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index fe384c4ffdc..2b7c2f78b20 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,4 +1,3 @@
-DIST systemd-243.tar.gz 8242522 BLAKE2B 89e3ebbea5a99061329f7c78220a66c1e075d5ba90dfdf5ee8d0d9b762ef4600dc82d8ca2054632e5e343b6272cd8046c92f7f99dcfa8287c5ef2b42fb96d4cb SHA512 56b52a297aa5ac04d9667eb3afb1598725b197de73ff72baa1aabbc2844e36fba7b7fccdf6d214ae8b5b926616b2b7e15772763aaa80ec938d74333ff9c8673e
 DIST systemd-244.tar.gz 8445963 BLAKE2B 19751fb9c058a079694ee1b991259fd3f1fa30ae98ca38bbe8caadfc5628db7848c7f742a1b11781fbd67f911adda917d7a4da1dddb63064907f86f47e5a3256 SHA512 08f260fb15b5eb273faafda826dd9154e9a02841b4c5911cc1c7e1445072ad51389f8cced7b9acf112737c20fd56b2fbf48b3f914733c934c774d38a23b616fb
 DIST systemd-245.tar.gz 8993479 BLAKE2B be0b1fca5ba8585978f570868bc9135c1fee78ea64dcdf8b1a3419e856a83da90104ed2f86e5f3e5b0b6f29d4b34f603bfe1e4cbc61ccf71bedce547db62ff35 SHA512 1b80d0e02472dfc4197f11dab4f56cf90e8a6e105ce19f837cb11335b6d8577ed49031dad94cdb41aa9bdc06ec8eec62c8e9246272b83935e7bb9dcd3cd8c012
 DIST systemd-stable-244.3.tar.gz 8484735 BLAKE2B 25125ecdae59c852e8ceb45b7ed0b76631b301ab4026c4e389c4bc12090fe41f5918411a75bd20f38b6b3993445df93c850ba98f8d9b30fd24fc4e25f8355a3d SHA512 f8e83fa3e57ac8fdbed61b66bb45fd0eafa6fb36eda26f10690d93f34b03daab6ce4e7eff45b79dcaf59f11f41c1b022d1d9314f576c50ad28f6bb5901f1b18d

diff --git a/sys-apps/systemd/files/243-seccomp.patch b/sys-apps/systemd/files/243-seccomp.patch
deleted file mode 100644
index 88b129f7722..00000000000
--- a/sys-apps/systemd/files/243-seccomp.patch
+++ /dev/null
@@ -1,145 +0,0 @@
-From 4df8fe8415eaf4abd5b93c3447452547c6ea9e5f Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Thu, 14 Nov 2019 17:51:30 +0100
-Subject: [PATCH] seccomp: more comprehensive protection against libseccomp's
- __NR_xyz namespace invasion
-
-A follow-up for 59b657296a2fe104f112b91bbf9301724067cc81, adding the
-same conditioning for all cases of our __NR_xyz use.
-
-Fixes: #14031
----
- src/basic/missing_syscall.h | 10 +++++-----
- src/test/test-seccomp.c     | 19 ++++++++++---------
- 2 files changed, 15 insertions(+), 14 deletions(-)
-
-diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h
-index 6d9b12544d..1255d8b197 100644
---- a/src/basic/missing_syscall.h
-+++ b/src/basic/missing_syscall.h
-@@ -274,7 +274,7 @@ static inline int missing_renameat2(int oldfd, const char *oldname, int newfd, c
- 
- #if !HAVE_KCMP
- static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned long idx1, unsigned long idx2) {
--#  ifdef __NR_kcmp
-+#  if defined __NR_kcmp && __NR_kcmp > 0
-         return syscall(__NR_kcmp, pid1, pid2, type, idx1, idx2);
- #  else
-         errno = ENOSYS;
-@@ -289,7 +289,7 @@ static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned long i
- 
- #if !HAVE_KEYCTL
- static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) {
--#  ifdef __NR_keyctl
-+#  if defined __NR_keyctl && __NR_keyctl > 0
-         return syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5);
- #  else
-         errno = ENOSYS;
-@@ -300,7 +300,7 @@ static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg
- }
- 
- static inline key_serial_t missing_add_key(const char *type, const char *description, const void *payload, size_t plen, key_serial_t ringid) {
--#  ifdef __NR_add_key
-+#  if defined __NR_add_key && __NR_add_key > 0
-         return syscall(__NR_add_key, type, description, payload, plen, ringid);
- #  else
-         errno = ENOSYS;
-@@ -311,7 +311,7 @@ static inline key_serial_t missing_add_key(const char *type, const char *descrip
- }
- 
- static inline key_serial_t missing_request_key(const char *type, const char *description, const char * callout_info, key_serial_t destringid) {
--#  ifdef __NR_request_key
-+#  if defined __NR_request_key && __NR_request_key > 0
-         return syscall(__NR_request_key, type, description, callout_info, destringid);
- #  else
-         errno = ENOSYS;
-@@ -496,7 +496,7 @@ enum {
- static inline long missing_set_mempolicy(int mode, const unsigned long *nodemask,
-                            unsigned long maxnode) {
-         long i;
--#  ifdef __NR_set_mempolicy
-+#  if defined __NR_set_mempolicy && __NR_set_mempolicy > 0
-         i = syscall(__NR_set_mempolicy, mode, nodemask, maxnode);
- #  else
-         errno = ENOSYS;
-diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
-index 018c20f8be..c6692043fe 100644
---- a/src/test/test-seccomp.c
-+++ b/src/test/test-seccomp.c
-@@ -28,7 +28,8 @@
- #include "tmpfile-util.h"
- #include "virt.h"
- 
--#if SCMP_SYS(socket) < 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__)
-+/* __NR_socket may be invalid due to libseccomp */
-+#if !defined(__NR_socket) || __NR_socket <= 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__)
- /* On these archs, socket() is implemented via the socketcall() syscall multiplexer,
-  * and we can't restrict it hence via seccomp. */
- #  define SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN 1
-@@ -304,14 +305,14 @@ static void test_protect_sysctl(void) {
-         assert_se(pid >= 0);
- 
-         if (pid == 0) {
--#if __NR__sysctl > 0
-+#if defined __NR__sysctl && __NR__sysctl > 0
-                 assert_se(syscall(__NR__sysctl, NULL) < 0);
-                 assert_se(errno == EFAULT);
- #endif
- 
-                 assert_se(seccomp_protect_sysctl() >= 0);
- 
--#if __NR__sysctl > 0
-+#if defined __NR__sysctl && __NR__sysctl > 0
-                 assert_se(syscall(__NR__sysctl, 0, 0, 0) < 0);
-                 assert_se(errno == EPERM);
- #endif
-@@ -640,7 +641,7 @@ static void test_load_syscall_filter_set_raw(void) {
-                 assert_se(poll(NULL, 0, 0) == 0);
- 
-                 assert_se(s = hashmap_new(NULL));
--#if SCMP_SYS(access) >= 0
-+#if defined __NR_access && __NR_access > 0
-                 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(-1)) >= 0);
- #else
-                 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(-1)) >= 0);
-@@ -656,7 +657,7 @@ static void test_load_syscall_filter_set_raw(void) {
-                 s = hashmap_free(s);
- 
-                 assert_se(s = hashmap_new(NULL));
--#if SCMP_SYS(access) >= 0
-+#if defined __NR_access && __NR_access > 0
-                 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(EILSEQ)) >= 0);
- #else
-                 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(EILSEQ)) >= 0);
-@@ -672,7 +673,7 @@ static void test_load_syscall_filter_set_raw(void) {
-                 s = hashmap_free(s);
- 
-                 assert_se(s = hashmap_new(NULL));
--#if SCMP_SYS(poll) >= 0
-+#if defined __NR_poll && __NR_poll > 0
-                 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(-1)) >= 0);
- #else
-                 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(-1)) >= 0);
-@@ -689,7 +690,7 @@ static void test_load_syscall_filter_set_raw(void) {
-                 s = hashmap_free(s);
- 
-                 assert_se(s = hashmap_new(NULL));
--#if SCMP_SYS(poll) >= 0
-+#if defined __NR_poll && __NR_poll > 0
-                 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(EILSEQ)) >= 0);
- #else
-                 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(EILSEQ)) >= 0);
-@@ -767,8 +768,8 @@ static int real_open(const char *path, int flags, mode_t mode) {
-          * testing purposes that calls the real syscall, on architectures where SYS_open is defined. On
-          * other architectures, let's just fall back to the glibc call. */
- 
--#ifdef SYS_open
--        return (int) syscall(SYS_open, path, flags, mode);
-+#if defined __NR_open && __NR_open > 0
-+        return (int) syscall(__NR_open, path, flags, mode);
- #else
-         return open(path, flags, mode);
- #endif
--- 
-2.24.0
-

diff --git a/sys-apps/systemd/systemd-243-r2.ebuild b/sys-apps/systemd/systemd-243-r2.ebuild
deleted file mode 100644
index 62ea76aad71..00000000000
--- a/sys-apps/systemd/systemd-243-r2.ebuild
+++ /dev/null
@@ -1,504 +0,0 @@
-# Copyright 2011-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
-	inherit git-r3
-else
-	MY_PV=${PV/_/-}
-	MY_P=${PN}-${MY_PV}
-	S=${WORKDIR}/${MY_P}
-	SRC_URI="https://github.com/systemd/systemd/archive/v${MY_PV}/${MY_P}.tar.gz"
-	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 sparc x86"
-fi
-
-PYTHON_COMPAT=( python{3_6,3_7} )
-
-inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev usr-ldscript
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi http idn importd +kmod +lz4 lzma nat pam pcre policykit qrcode +resolvconf +seccomp selinux split-usr static-libs +sysv-utils test vanilla xkb"
-
-REQUIRED_USE="importd? ( curl gcrypt lzma )"
-RESTRICT="!test? ( test )"
-
-MINKV="3.11"
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
-	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
-	acl? ( sys-apps/acl:0= )
-	apparmor? ( sys-libs/libapparmor:0= )
-	audit? ( >=sys-process/audit-2:0= )
-	cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
-	curl? ( net-misc/curl:0= )
-	dns-over-tls? ( >=net-libs/gnutls-3.5.3:0= )
-	elfutils? ( >=dev-libs/elfutils-0.158:0= )
-	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
-	http? (
-		>=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)]
-		>=net-libs/gnutls-3.1.4:0=
-	)
-	idn? ( net-dns/libidn2:= )
-	importd? (
-		app-arch/bzip2:0=
-		sys-libs/zlib:0=
-	)
-	kmod? ( >=sys-apps/kmod-15:0= )
-	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
-	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
-	nat? ( net-firewall/iptables:0= )
-	pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
-	pcre? ( dev-libs/libpcre2 )
-	qrcode? ( media-gfx/qrencode:0= )
-	seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
-	selinux? ( sys-libs/libselinux:0= )
-	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
-	>=sys-kernel/linux-headers-${MINKV}
-	gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
-"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
-	acct-group/adm
-	acct-group/wheel
-	acct-group/kmem
-	acct-group/tty
-	acct-group/utmp
-	acct-group/audio
-	acct-group/cdrom
-	acct-group/dialout
-	acct-group/disk
-	acct-group/input
-	acct-group/kvm
-	acct-group/render
-	acct-group/tape
-	acct-group/video
-	acct-group/systemd-journal
-	acct-user/systemd-journal-remote
-	acct-user/systemd-coredump
-	acct-user/systemd-network
-	acct-user/systemd-resolve
-	acct-user/systemd-timesync
-	>=sys-apps/baselayout-2.2
-	selinux? ( sec-policy/selinux-base-policy[systemd] )
-	sysv-utils? ( !sys-apps/sysvinit )
-	!sysv-utils? ( sys-apps/sysvinit )
-	resolvconf? ( !net-dns/openresolv )
-	!build? ( || (
-		sys-apps/util-linux[kill(-)]
-		sys-process/procps[kill(+)]
-		sys-apps/coreutils[kill(-)]
-	) )
-	!sys-auth/nss-myhostname
-	!sys-fs/eudev
-	!sys-fs/udev
-"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
-	>=sys-apps/hwids-20150417[udev]
-	>=sys-fs/udev-init-scripts-25
-	policykit? ( sys-auth/polkit )
-	!vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-BDEPEND="
-	app-arch/xz-utils:0
-	dev-util/gperf
-	>=dev-util/meson-0.46
-	>=dev-util/intltool-0.50
-	>=sys-apps/coreutils-8.16
-	sys-devel/m4
-	virtual/pkgconfig[${MULTILIB_USEDEP}]
-	test? ( sys-apps/dbus )
-	app-text/docbook-xml-dtd:4.2
-	app-text/docbook-xml-dtd:4.5
-	app-text/docbook-xsl-stylesheets
-	dev-libs/libxslt:0
-	$(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
-"
-
-python_check_deps() {
-	has_version -b "dev-python/lxml[${PYTHON_USEDEP}]"
-}
-
-pkg_pretend() {
-	if [[ ${MERGE_TYPE} != buildonly ]]; then
-		if use test && has pid-sandbox ${FEATURES}; then
-			ewarn "Tests are known to fail with PID sandboxing enabled."
-			ewarn "See https://bugs.gentoo.org/674458."
-		fi
-
-		local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
-			~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
-			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
-			~TIMERFD ~TMPFS_XATTR ~UNIX
-			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
-			~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
-			~!SYSFS_DEPRECATED_V2"
-
-		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
-		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
-		kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
-		kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
-		kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
-
-		if linux_config_exists; then
-			local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
-			if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
-				ewarn "It's recommended to set an empty value to the following kernel config option:"
-				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
-			fi
-			if linux_chkconfig_present X86; then
-				CONFIG_CHECK+=" ~DMIID"
-			fi
-		fi
-
-		if kernel_is -lt ${MINKV//./ }; then
-			ewarn "Kernel version at least ${MINKV} required"
-		fi
-
-		check_extra_config
-	fi
-}
-
-pkg_setup() {
-	:
-}
-
-src_unpack() {
-	default
-	[[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
-	# Do NOT add patches here
-	local PATCHES=()
-
-	[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
-	# Add local patches here
-	PATCHES+=(
-		"${FILESDIR}/243-seccomp.patch"
-		"${FILESDIR}/245-clang-gnu11.patch"
-	)
-
-	if ! use vanilla; then
-		PATCHES+=(
-			"${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
-			"${FILESDIR}/gentoo-systemd-user-pam.patch"
-			"${FILESDIR}/gentoo-generator-path-r1.patch"
-		)
-	fi
-
-	default
-}
-
-src_configure() {
-	# Prevent conflicts with i686 cross toolchain, bug 559726
-	tc-export AR CC NM OBJCOPY RANLIB
-
-	python_setup
-
-	multilib-minimal_src_configure
-}
-
-meson_use() {
-	usex "$1" true false
-}
-
-meson_multilib() {
-	if multilib_is_native_abi; then
-		echo true
-	else
-		echo false
-	fi
-}
-
-meson_multilib_native_use() {
-	if multilib_is_native_abi && use "$1"; then
-		echo true
-	else
-		echo false
-	fi
-}
-
-multilib_src_configure() {
-	local myconf=(
-		--localstatedir="${EPREFIX}/var"
-		-Dsupport-url="https://gentoo.org/support/"
-		-Dpamlibdir="$(getpam_mod_dir)"
-		# avoid bash-completion dep
-		-Dbashcompletiondir="$(get_bashcompdir)"
-		# make sure we get /bin:/sbin in PATH
-		-Dsplit-usr=$(usex split-usr true false)
-		-Dsplit-bin=true
-		-Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
-		-Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
-		-Dsysvinit-path=
-		-Dsysvrcnd-path=
-		# Avoid infinite exec recursion, bug 642724
-		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
-		# no deps
-		-Defi=$(meson_multilib)
-		-Dima=true
-		-Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
-		# Optional components/dependencies
-		-Dacl=$(meson_multilib_native_use acl)
-		-Dapparmor=$(meson_multilib_native_use apparmor)
-		-Daudit=$(meson_multilib_native_use audit)
-		-Dlibcryptsetup=$(meson_multilib_native_use cryptsetup)
-		-Dlibcurl=$(meson_multilib_native_use curl)
-		-Ddns-over-tls=$(meson_multilib_native_use dns-over-tls)
-		-Delfutils=$(meson_multilib_native_use elfutils)
-		-Dgcrypt=$(meson_use gcrypt)
-		-Dgnu-efi=$(meson_multilib_native_use gnuefi)
-		-Defi-libdir="${ESYSROOT}/usr/$(get_libdir)"
-		-Dmicrohttpd=$(meson_multilib_native_use http)
-		-Didn=$(meson_multilib_native_use idn)
-		-Dimportd=$(meson_multilib_native_use importd)
-		-Dbzip2=$(meson_multilib_native_use importd)
-		-Dzlib=$(meson_multilib_native_use importd)
-		-Dkmod=$(meson_multilib_native_use kmod)
-		-Dlz4=$(meson_use lz4)
-		-Dxz=$(meson_use lzma)
-		-Dlibiptc=$(meson_multilib_native_use nat)
-		-Dpam=$(meson_use pam)
-		-Dpcre2=$(meson_multilib_native_use pcre)
-		-Dpolkit=$(meson_multilib_native_use policykit)
-		-Dqrencode=$(meson_multilib_native_use qrcode)
-		-Dseccomp=$(meson_multilib_native_use seccomp)
-		-Dselinux=$(meson_multilib_native_use selinux)
-		-Ddbus=$(meson_multilib_native_use test)
-		-Dxkbcommon=$(meson_multilib_native_use xkb)
-		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
-		# Breaks screen, tmux, etc.
-		-Ddefault-kill-user-processes=false
-		-Dcreate-log-dirs=false
-
-		# multilib options
-		-Dbacklight=$(meson_multilib)
-		-Dbinfmt=$(meson_multilib)
-		-Dcoredump=$(meson_multilib)
-		-Denvironment-d=$(meson_multilib)
-		-Dfirstboot=$(meson_multilib)
-		-Dhibernate=$(meson_multilib)
-		-Dhostnamed=$(meson_multilib)
-		-Dhwdb=$(meson_multilib)
-		-Dldconfig=$(meson_multilib)
-		-Dlocaled=$(meson_multilib)
-		-Dman=$(meson_multilib)
-		-Dnetworkd=$(meson_multilib)
-		-Dquotacheck=$(meson_multilib)
-		-Drandomseed=$(meson_multilib)
-		-Drfkill=$(meson_multilib)
-		-Dsysusers=$(meson_multilib)
-		-Dtimedated=$(meson_multilib)
-		-Dtimesyncd=$(meson_multilib)
-		-Dtmpfiles=$(meson_multilib)
-		-Dvconsole=$(meson_multilib)
-
-		# static-libs
-		-Dstatic-libsystemd=$(usex static-libs true false)
-		-Dstatic-libudev=$(usex static-libs true false)
-	)
-
-	meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_compile() {
-	eninja
-}
-
-multilib_src_test() {
-	unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
-	meson_src_test
-}
-
-multilib_src_install() {
-	DESTDIR="${D}" eninja install
-}
-
-multilib_src_install_all() {
-	local rootprefix=$(usex split-usr '' /usr)
-
-	# meson doesn't know about docdir
-	mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
-
-	einstalldocs
-	dodoc "${FILESDIR}"/nsswitch.conf
-
-	if ! use resolvconf; then
-		rm -f "${ED}${rootprefix}"/sbin/resolvconf || die
-	fi
-
-	if ! use sysv-utils; then
-		rm "${ED}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
-		rm "${ED}"/usr/share/man/man1/init.1 || die
-		rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
-	fi
-
-	if ! use resolvconf && ! use sysv-utils; then
-		rmdir "${ED}${rootprefix}"/sbin || die
-	fi
-
-	# Preserve empty dirs in /etc & /var, bug #437008
-	keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
-	keepdir /etc/kernel/install.d
-	keepdir /etc/systemd/{network,system,user}
-	keepdir /etc/udev/{hwdb.d,rules.d}
-	keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
-	keepdir /usr/lib/{binfmt.d,modules-load.d}
-	keepdir /usr/lib/systemd/user-generators
-	keepdir /var/lib/systemd
-	keepdir /var/log/journal
-
-	# Symlink /etc/sysctl.conf for easy migration.
-	dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
-
-	rm -r "${ED}${rootprefix}"/lib/udev/hwdb.d || die
-
-	if use split-usr; then
-		# Avoid breaking boot/reboot
-		dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
-		dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
-	fi
-
-	gen_usr_ldscript -a systemd udev
-}
-
-migrate_locale() {
-	local envd_locale_def="${EROOT}/etc/env.d/02locale"
-	local envd_locale=( "${EROOT}"/etc/env.d/??locale )
-	local locale_conf="${EROOT}/etc/locale.conf"
-
-	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
-		# If locale.conf does not exist...
-		if [[ -e ${envd_locale} ]]; then
-			# ...either copy env.d/??locale if there's one
-			ebegin "Moving ${envd_locale} to ${locale_conf}"
-			mv "${envd_locale}" "${locale_conf}"
-			eend ${?} || FAIL=1
-		else
-			# ...or create a dummy default
-			ebegin "Creating ${locale_conf}"
-			cat > "${locale_conf}" <<-EOF
-				# This file has been created by the sys-apps/systemd ebuild.
-				# See locale.conf(5) and localectl(1).
-
-				# LANG=${LANG}
-			EOF
-			eend ${?} || FAIL=1
-		fi
-	fi
-
-	if [[ ! -L ${envd_locale} ]]; then
-		# now, if env.d/??locale is not a symlink (to locale.conf)...
-		if [[ -e ${envd_locale} ]]; then
-			# ...warn the user that he has duplicate locale settings
-			ewarn
-			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
-			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
-			ewarn "and create the symlink with the following command:"
-			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
-			ewarn
-		else
-			# ...or just create the symlink if there's nothing here
-			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
-			ln -n -s ../locale.conf "${envd_locale_def}"
-			eend ${?} || FAIL=1
-		fi
-	fi
-}
-
-save_enabled_units() {
-	ENABLED_UNITS=()
-	type systemctl &>/dev/null || return
-	for x; do
-		if systemctl --quiet --root="${ROOT:-/}" is-enabled "${x}"; then
-			ENABLED_UNITS+=( "${x}" )
-		fi
-	done
-}
-
-pkg_preinst() {
-	save_enabled_units {machines,remote-{cryptsetup,fs}}.target getty@tty1.service
-
-	if ! use split-usr; then
-		local dir
-		for dir in bin sbin lib; do
-			if [[ ! ${EROOT}/${dir} -ef ${EROOT}/usr/${dir} ]]; then
-				eerror "\"${EROOT}/${dir}\" and \"${EROOT}/usr/${dir}\" are not merged."
-				eerror "One of them should be a symbolic link to the other one."
-				FAIL=1
-			fi
-		done
-		if [[ ${FAIL} ]]; then
-			eerror "Migration to system layout with merged directories must be performed before"
-			eerror "rebuilding ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
-			die "System layout with split directories still used"
-		fi
-	fi
-}
-
-pkg_postinst() {
-	systemd_update_catalog
-
-	# Keep this here in case the database format changes so it gets updated
-	# when required. Despite that this file is owned by sys-apps/hwids.
-	if has_version "sys-apps/hwids[udev]"; then
-		udevadm hwdb --update --root="${EROOT}"
-	fi
-
-	udev_reload || FAIL=1
-
-	# Bug 465468, make sure locales are respect, and ensure consistency
-	# between OpenRC & systemd
-	migrate_locale
-
-	systemd_reenable systemd-networkd.service systemd-resolved.service
-
-	if [[ ${ENABLED_UNITS[@]} ]]; then
-		systemctl --root="${ROOT:-/}" enable "${ENABLED_UNITS[@]}"
-	fi
-
-	if [[ -z ${REPLACING_VERSIONS} ]]; then
-		if type systemctl &>/dev/null; then
-			systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
-		fi
-		elog "To enable a useful set of services, run the following:"
-		elog "  systemctl preset-all --preset-mode=enable-only"
-	fi
-
-	if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
-		rm "${EROOT}/var/lib/systemd/timesync"
-	fi
-
-	if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
-		ebegin "Reexecuting system manager"
-		systemctl daemon-reexec
-		eend $?
-	fi
-
-	if [[ ${FAIL} ]]; then
-		eerror "One of the postinst commands failed. Please check the postinst output"
-		eerror "for errors. You may need to clean up your system and/or try installing"
-		eerror "systemd again."
-		eerror
-	fi
-}
-
-pkg_prerm() {
-	# If removing systemd completely, remove the catalog database.
-	if [[ ! ${REPLACED_BY_VERSION} ]]; then
-		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
-	fi
-}


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2020-04-27 14:41 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2020-04-27 14:41 UTC (permalink / raw
  To: gentoo-commits

commit:     4b96b826237c2ba711b79c8fa5b1980004bd5d9b
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 27 14:26:44 2020 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Apr 27 14:40:51 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b96b826

sys-apps/systemd: disable sysv init script sync

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../files/gentoo-systemctl-disable-sysv-sync.patch | 25 ++++++++++++++++++++++
 ...systemd-245-r4.ebuild => systemd-245-r5.ebuild} |  1 +
 sys-apps/systemd/systemd-9999.ebuild               |  1 +
 3 files changed, 27 insertions(+)

diff --git a/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync.patch b/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync.patch
new file mode 100644
index 00000000000..d92d2d43a0c
--- /dev/null
+++ b/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync.patch
@@ -0,0 +1,25 @@
+From 7ccd5724afc6fa83ec6cd93dbaf4faf3671c88fc Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Mon, 27 Apr 2020 10:22:03 -0400
+Subject: [PATCH] systemctl: disable synchronizaion of sysv init scripts
+
+---
+ src/systemctl/systemctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index d319d5d375..bb8419800c 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -6622,7 +6622,7 @@ static int import_environment(int argc, char *argv[], void *userdata) {
+ static int enable_sysv_units(const char *verb, char **args) {
+         int r = 0;
+ 
+-#if HAVE_SYSV_COMPAT
++#if 0
+         _cleanup_(lookup_paths_free) LookupPaths paths = {};
+         unsigned f = 0;
+ 
+-- 
+2.26.2
+

diff --git a/sys-apps/systemd/systemd-245-r4.ebuild b/sys-apps/systemd/systemd-245-r5.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-245-r4.ebuild
rename to sys-apps/systemd/systemd-245-r5.ebuild
index b686b0a738b..46c7844250b 100644
--- a/sys-apps/systemd/systemd-245-r4.ebuild
+++ b/sys-apps/systemd/systemd-245-r5.ebuild
@@ -209,6 +209,7 @@ src_prepare() {
 			"${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
 			"${FILESDIR}/gentoo-systemd-user-pam.patch"
 			"${FILESDIR}/gentoo-generator-path-r1.patch"
+			"${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch"
 		)
 	fi
 

diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index c692b2d9f5d..b755eb2883e 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -208,6 +208,7 @@ src_prepare() {
 			"${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
 			"${FILESDIR}/gentoo-systemd-user-pam.patch"
 			"${FILESDIR}/gentoo-generator-path-r2.patch"
+			"${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch"
 		)
 	fi
 


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2020-04-17 16:36 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2020-04-17 16:36 UTC (permalink / raw
  To: gentoo-commits

commit:     0ea30d0d62cb1a52dbc575bba34e286209e6bcc4
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 17 16:35:14 2020 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Fri Apr 17 16:35:14 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ea30d0d

sys-apps/systemd: update generator-path patch

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../systemd/files/gentoo-generator-path-r2.patch   | 26 ++++++++++++++++++++++
 sys-apps/systemd/systemd-9999.ebuild               |  2 +-
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/sys-apps/systemd/files/gentoo-generator-path-r2.patch b/sys-apps/systemd/files/gentoo-generator-path-r2.patch
new file mode 100644
index 00000000000..46e5c1dacb8
--- /dev/null
+++ b/sys-apps/systemd/files/gentoo-generator-path-r2.patch
@@ -0,0 +1,26 @@
+From 91182cc273d2dd8325d856fd683d2d8e038abd91 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Tue, 25 Dec 2018 22:52:50 -0500
+Subject: [PATCH] path-lookup: look for generators in
+ /usr/lib/systemd/system-generators
+
+Bug: https://bugs.gentoo.org/625402
+---
+ src/basic/path-lookup.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/basic/path-lookup.c b/src/basic/path-lookup.c
+index 52968dee34..0cb10b1116 100644
+--- a/src/basic/path-lookup.c
++++ b/src/basic/path-lookup.c
+@@ -798,6 +798,7 @@ char **generator_binary_paths(UnitFileScope scope) {
+                         add = strv_new("/run/systemd/system-generators",
+                                        "/etc/systemd/system-generators",
+                                        "/usr/local/lib/systemd/system-generators",
++                                       "/usr/lib/systemd/system-generators",
+                                        SYSTEM_GENERATOR_DIR);
+                         break;
+ 
+-- 
+2.26.1
+

diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 79adf7db45a..dcf64e48a2a 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -207,7 +207,7 @@ src_prepare() {
 		PATCHES+=(
 			"${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
 			"${FILESDIR}/gentoo-systemd-user-pam.patch"
-			"${FILESDIR}/gentoo-generator-path-r1.patch"
+			"${FILESDIR}/gentoo-generator-path-r2.patch"
 		)
 	fi
 


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2020-02-06 15:24 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2020-02-06 15:24 UTC (permalink / raw
  To: gentoo-commits

commit:     1f550c46e58f6d48b6072f50097e1c6d44a30485
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Feb  6 15:24:08 2020 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Feb  6 15:24:08 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f550c46

sys-apps/systemd: fix segfault in systemd-sysctl

Closes: https://bugs.gentoo.org/708462
Package-Manager: Portage-2.3.86_p1, Repoman-2.3.20_p43
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../systemd/files/245-rc1-sysctl-segfault.patch    | 23 ++++++++++++++++++++++
 ...md-245_rc1.ebuild => systemd-245_rc1-r1.ebuild} |  1 +
 2 files changed, 24 insertions(+)

diff --git a/sys-apps/systemd/files/245-rc1-sysctl-segfault.patch b/sys-apps/systemd/files/245-rc1-sysctl-segfault.patch
new file mode 100644
index 00000000000..7618b2deba5
--- /dev/null
+++ b/sys-apps/systemd/files/245-rc1-sysctl-segfault.patch
@@ -0,0 +1,23 @@
+From db99904bc8482efe556bb010a8b203a3e60ee37f Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Thu, 6 Feb 2020 19:13:11 +0900
+Subject: [PATCH] sysctl: fix segfault
+
+Fixes #14801.
+---
+ src/sysctl/sysctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/sysctl/sysctl.c b/src/sysctl/sysctl.c
+index bbcf0c43235..0cdb740d218 100644
+--- a/src/sysctl/sysctl.c
++++ b/src/sysctl/sysctl.c
+@@ -257,7 +257,7 @@ static int parse_file(OrderedHashmap **sysctl_options, const char *path, bool ig
+ 
+                 existing = ordered_hashmap_get(*sysctl_options, p);
+                 if (existing) {
+-                        if (streq(value, existing->value)) {
++                        if (streq_ptr(value, existing->value)) {
+                                 existing->ignore_failure = existing->ignore_failure || ignore_failure;
+                                 continue;
+                         }

diff --git a/sys-apps/systemd/systemd-245_rc1.ebuild b/sys-apps/systemd/systemd-245_rc1-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-245_rc1.ebuild
rename to sys-apps/systemd/systemd-245_rc1-r1.ebuild
index 7bb75c3ee62..e889210fcbd 100644
--- a/sys-apps/systemd/systemd-245_rc1.ebuild
+++ b/sys-apps/systemd/systemd-245_rc1-r1.ebuild
@@ -186,6 +186,7 @@ src_prepare() {
 	# Add local patches here
 	PATCHES+=(
 		"${FILESDIR}"/245-rc1-network-debug.patch
+		"${FILESDIR}"/245-rc1-sysctl-segfault.patch
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2020-02-05 18:24 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2020-02-05 18:24 UTC (permalink / raw
  To: gentoo-commits

commit:     7b8918d1047cd2b707ea43dc1d7afcceb761f789
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  5 18:23:54 2020 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Feb  5 18:23:54 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b8918d1

sys-apps/systemd: bump to 245-rc1

Package-Manager: Portage-2.3.86_p1, Repoman-2.3.20_p43
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 sys-apps/systemd/Manifest                          |   1 +
 sys-apps/systemd/files/245-rc1-network-debug.patch |  45 ++
 sys-apps/systemd/systemd-245_rc1.ebuild            | 500 +++++++++++++++++++++
 3 files changed, 546 insertions(+)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index ca6af94c9ac..447ac0b12db 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,2 +1,3 @@
 DIST systemd-243.tar.gz 8242522 BLAKE2B 89e3ebbea5a99061329f7c78220a66c1e075d5ba90dfdf5ee8d0d9b762ef4600dc82d8ca2054632e5e343b6272cd8046c92f7f99dcfa8287c5ef2b42fb96d4cb SHA512 56b52a297aa5ac04d9667eb3afb1598725b197de73ff72baa1aabbc2844e36fba7b7fccdf6d214ae8b5b926616b2b7e15772763aaa80ec938d74333ff9c8673e
 DIST systemd-244.tar.gz 8445963 BLAKE2B 19751fb9c058a079694ee1b991259fd3f1fa30ae98ca38bbe8caadfc5628db7848c7f742a1b11781fbd67f911adda917d7a4da1dddb63064907f86f47e5a3256 SHA512 08f260fb15b5eb273faafda826dd9154e9a02841b4c5911cc1c7e1445072ad51389f8cced7b9acf112737c20fd56b2fbf48b3f914733c934c774d38a23b616fb
+DIST systemd-245-rc1.tar.gz 8961356 BLAKE2B ed04166ead57c2f1cc1a1ca2f0041cae134b503d3448ea9fdd799e12d81f45721ee304d4aabd96d3eab8ea1321b283820e8d2a850b41733e40f07fd419f67b95 SHA512 2ef9a295f3897c6642a2fac2e3c73467ece9bc6fc196cc4f3707b9c23af2581eb9f74def78909d57513b67604bf1cf6dc5dbb31c6d435f7997677d09a73d006b

diff --git a/sys-apps/systemd/files/245-rc1-network-debug.patch b/sys-apps/systemd/files/245-rc1-network-debug.patch
new file mode 100644
index 00000000000..e65035f2185
--- /dev/null
+++ b/sys-apps/systemd/files/245-rc1-network-debug.patch
@@ -0,0 +1,45 @@
+From 01ec0028d97fa97d2e433659e24a1517b0e2382e Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Wed, 5 Feb 2020 11:04:50 -0500
+Subject: [PATCH] network: remove unnecessary link->ifname from debug log
+ statements
+
+Since 98b0299479a68ffd414888368907fc776a46b82a, we log the interface
+name automatically via log_link_debug().
+
+Fixes: https://github.com/systemd/systemd/issues/14782
+---
+ src/network/networkd-dhcp-server.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/network/networkd-dhcp-server.c b/src/network/networkd-dhcp-server.c
+index a6dbe2e596c..bee75a6930e 100644
+--- a/src/network/networkd-dhcp-server.c
++++ b/src/network/networkd-dhcp-server.c
+@@ -45,7 +45,7 @@ static int link_push_uplink_dns_to_dhcp_server(Link *link, sd_dhcp_server *s) {
+         size_t n_addresses = 0, n_allocated = 0;
+         unsigned i;
+ 
+-        log_link_debug(link, "Copying DNS server information from %s", link->ifname);
++        log_link_debug(link, "Copying DNS server information from link");
+ 
+         if (!link->network)
+                 return 0;
+@@ -99,7 +99,7 @@ static int link_push_uplink_ntp_to_dhcp_server(Link *link, sd_dhcp_server *s) {
+         if (!link->network)
+                 return 0;
+ 
+-        log_link_debug(link, "Copying NTP server information from %s", link->ifname);
++        log_link_debug(link, "Copying NTP server information from link");
+ 
+         STRV_FOREACH(a, link->network->ntp) {
+                 union in_addr_union ia;
+@@ -148,7 +148,7 @@ static int link_push_uplink_sip_to_dhcp_server(Link *link, sd_dhcp_server *s) {
+         if (!link->network)
+                 return 0;
+ 
+-        log_link_debug(link, "Copying SIP server information from %s", link->ifname);
++        log_link_debug(link, "Copying SIP server information from link");
+ 
+         STRV_FOREACH(a, link->network->sip) {
+                 union in_addr_union ia;

diff --git a/sys-apps/systemd/systemd-245_rc1.ebuild b/sys-apps/systemd/systemd-245_rc1.ebuild
new file mode 100644
index 00000000000..7bb75c3ee62
--- /dev/null
+++ b/sys-apps/systemd/systemd-245_rc1.ebuild
@@ -0,0 +1,500 @@
+# Copyright 2011-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+if [[ ${PV} == 9999 ]]; then
+	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+	inherit git-r3
+else
+	MY_PV=${PV/_/-}
+	MY_P=${PN}-${MY_PV}
+	S=${WORKDIR}/${MY_P}
+	SRC_URI="https://github.com/systemd/systemd/archive/v${MY_PV}/${MY_P}.tar.gz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+fi
+
+PYTHON_COMPAT=( python{3_6,3_7} )
+
+inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev usr-ldscript
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi http idn importd +kmod +lz4 lzma nat pam pcre policykit qrcode +resolvconf +seccomp selinux split-usr static-libs +sysv-utils test vanilla xkb"
+
+REQUIRED_USE="importd? ( curl gcrypt lzma )"
+RESTRICT="!test? ( test )"
+
+MINKV="3.11"
+
+COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+	!<sys-libs/glibc-2.16
+	acl? ( sys-apps/acl:0= )
+	apparmor? ( sys-libs/libapparmor:0= )
+	audit? ( >=sys-process/audit-2:0= )
+	cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
+	curl? ( net-misc/curl:0= )
+	dns-over-tls? ( >=net-libs/gnutls-3.5.3:0= )
+	elfutils? ( >=dev-libs/elfutils-0.158:0= )
+	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+	http? (
+		>=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)]
+		>=net-libs/gnutls-3.1.4:0=
+	)
+	idn? ( net-dns/libidn2:= )
+	importd? (
+		app-arch/bzip2:0=
+		sys-libs/zlib:0=
+	)
+	kmod? ( >=sys-apps/kmod-15:0= )
+	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+	nat? ( net-firewall/iptables:0= )
+	pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
+	pcre? ( dev-libs/libpcre2 )
+	qrcode? ( media-gfx/qrencode:0= )
+	seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+	selinux? ( sys-libs/libselinux:0= )
+	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+	>=sys-kernel/linux-headers-${MINKV}
+	gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
+"
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+	acct-group/adm
+	acct-group/wheel
+	acct-group/kmem
+	acct-group/tty
+	acct-group/utmp
+	acct-group/audio
+	acct-group/cdrom
+	acct-group/dialout
+	acct-group/disk
+	acct-group/input
+	acct-group/kvm
+	acct-group/render
+	acct-group/tape
+	acct-group/video
+	acct-group/systemd-journal
+	acct-user/systemd-journal-remote
+	acct-user/systemd-coredump
+	acct-user/systemd-network
+	acct-user/systemd-resolve
+	acct-user/systemd-timesync
+	>=sys-apps/baselayout-2.2
+	selinux? ( sec-policy/selinux-base-policy[systemd] )
+	sysv-utils? ( !sys-apps/sysvinit )
+	!sysv-utils? ( sys-apps/sysvinit )
+	resolvconf? ( !net-dns/openresolv )
+	!build? ( || (
+		sys-apps/util-linux[kill(-)]
+		sys-process/procps[kill(+)]
+		sys-apps/coreutils[kill(-)]
+	) )
+	!sys-auth/nss-myhostname
+	!<sys-kernel/dracut-044
+	!sys-fs/eudev
+	!sys-fs/udev
+"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+	>=sys-apps/hwids-20150417[udev]
+	>=sys-fs/udev-init-scripts-25
+	policykit? ( sys-auth/polkit )
+	!vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+BDEPEND="
+	app-arch/xz-utils:0
+	dev-util/gperf
+	>=dev-util/meson-0.46
+	>=dev-util/intltool-0.50
+	>=sys-apps/coreutils-8.16
+	sys-devel/m4
+	virtual/pkgconfig[${MULTILIB_USEDEP}]
+	test? ( sys-apps/dbus )
+	app-text/docbook-xml-dtd:4.2
+	app-text/docbook-xml-dtd:4.5
+	app-text/docbook-xsl-stylesheets
+	dev-libs/libxslt:0
+	$(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
+"
+
+pkg_pretend() {
+	if [[ ${MERGE_TYPE} != buildonly ]]; then
+		if use test && has pid-sandbox ${FEATURES}; then
+			ewarn "Tests are known to fail with PID sandboxing enabled."
+			ewarn "See https://bugs.gentoo.org/674458."
+		fi
+
+		local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
+			~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+			~TIMERFD ~TMPFS_XATTR ~UNIX
+			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+			~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+			~!SYSFS_DEPRECATED_V2"
+
+		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+		kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
+		kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
+		kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
+
+		if linux_config_exists; then
+			local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+			if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+				ewarn "It's recommended to set an empty value to the following kernel config option:"
+				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+			fi
+			if linux_chkconfig_present X86; then
+				CONFIG_CHECK+=" ~DMIID"
+			fi
+		fi
+
+		if kernel_is -lt ${MINKV//./ }; then
+			ewarn "Kernel version at least ${MINKV} required"
+		fi
+
+		check_extra_config
+	fi
+}
+
+pkg_setup() {
+	:
+}
+
+src_unpack() {
+	default
+	[[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+	# Do NOT add patches here
+	local PATCHES=()
+
+	[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
+
+	# Add local patches here
+	PATCHES+=(
+		"${FILESDIR}"/245-rc1-network-debug.patch
+	)
+
+	if ! use vanilla; then
+		PATCHES+=(
+			"${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
+			"${FILESDIR}/gentoo-systemd-user-pam.patch"
+			"${FILESDIR}/gentoo-generator-path-r1.patch"
+		)
+	fi
+
+	default
+}
+
+src_configure() {
+	# Prevent conflicts with i686 cross toolchain, bug 559726
+	tc-export AR CC NM OBJCOPY RANLIB
+
+	python_setup
+
+	multilib-minimal_src_configure
+}
+
+meson_use() {
+	usex "$1" true false
+}
+
+meson_multilib() {
+	if multilib_is_native_abi; then
+		echo true
+	else
+		echo false
+	fi
+}
+
+meson_multilib_native_use() {
+	if multilib_is_native_abi && use "$1"; then
+		echo true
+	else
+		echo false
+	fi
+}
+
+multilib_src_configure() {
+	local myconf=(
+		--localstatedir="${EPREFIX}/var"
+		-Dsupport-url="https://gentoo.org/support/"
+		-Dpamlibdir="$(getpam_mod_dir)"
+		# avoid bash-completion dep
+		-Dbashcompletiondir="$(get_bashcompdir)"
+		# make sure we get /bin:/sbin in PATH
+		-Dsplit-usr=$(usex split-usr true false)
+		-Dsplit-bin=true
+		-Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
+		-Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
+		-Dsysvinit-path=
+		-Dsysvrcnd-path=
+		# Avoid infinite exec recursion, bug 642724
+		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+		# no deps
+		-Dima=true
+		-Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
+		# Optional components/dependencies
+		-Dacl=$(meson_multilib_native_use acl)
+		-Dapparmor=$(meson_multilib_native_use apparmor)
+		-Daudit=$(meson_multilib_native_use audit)
+		-Dlibcryptsetup=$(meson_multilib_native_use cryptsetup)
+		-Dlibcurl=$(meson_multilib_native_use curl)
+		-Ddns-over-tls=$(meson_multilib_native_use dns-over-tls)
+		-Delfutils=$(meson_multilib_native_use elfutils)
+		-Dgcrypt=$(meson_use gcrypt)
+		-Dgnu-efi=$(meson_multilib_native_use gnuefi)
+		-Defi-libdir="${ESYSROOT}/usr/$(get_libdir)"
+		-Dmicrohttpd=$(meson_multilib_native_use http)
+		-Didn=$(meson_multilib_native_use idn)
+		-Dimportd=$(meson_multilib_native_use importd)
+		-Dbzip2=$(meson_multilib_native_use importd)
+		-Dzlib=$(meson_multilib_native_use importd)
+		-Dkmod=$(meson_multilib_native_use kmod)
+		-Dlz4=$(meson_use lz4)
+		-Dxz=$(meson_use lzma)
+		-Dlibiptc=$(meson_multilib_native_use nat)
+		-Dpam=$(meson_use pam)
+		-Dpcre2=$(meson_multilib_native_use pcre)
+		-Dpolkit=$(meson_multilib_native_use policykit)
+		-Dqrencode=$(meson_multilib_native_use qrcode)
+		-Dseccomp=$(meson_multilib_native_use seccomp)
+		-Dselinux=$(meson_multilib_native_use selinux)
+		-Ddbus=$(meson_multilib_native_use test)
+		-Dxkbcommon=$(meson_multilib_native_use xkb)
+		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+		# Breaks screen, tmux, etc.
+		-Ddefault-kill-user-processes=false
+		-Dcreate-log-dirs=false
+
+		# multilib options
+		-Dbacklight=$(meson_multilib)
+		-Dbinfmt=$(meson_multilib)
+		-Dcoredump=$(meson_multilib)
+		-Denvironment-d=$(meson_multilib)
+		-Dfirstboot=$(meson_multilib)
+		-Dhibernate=$(meson_multilib)
+		-Dhostnamed=$(meson_multilib)
+		-Dhwdb=$(meson_multilib)
+		-Dldconfig=$(meson_multilib)
+		-Dlocaled=$(meson_multilib)
+		-Dman=$(meson_multilib)
+		-Dnetworkd=$(meson_multilib)
+		-Dquotacheck=$(meson_multilib)
+		-Drandomseed=$(meson_multilib)
+		-Drfkill=$(meson_multilib)
+		-Dsysusers=$(meson_multilib)
+		-Dtimedated=$(meson_multilib)
+		-Dtimesyncd=$(meson_multilib)
+		-Dtmpfiles=$(meson_multilib)
+		-Dvconsole=$(meson_multilib)
+
+		# static-libs
+		-Dstatic-libsystemd=$(usex static-libs true false)
+		-Dstatic-libudev=$(usex static-libs true false)
+	)
+
+	meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_compile() {
+	eninja
+}
+
+multilib_src_test() {
+	unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
+	meson_src_test
+}
+
+multilib_src_install() {
+	DESTDIR="${D}" eninja install
+}
+
+multilib_src_install_all() {
+	local rootprefix=$(usex split-usr '' /usr)
+
+	# meson doesn't know about docdir
+	mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
+
+	einstalldocs
+	dodoc "${FILESDIR}"/nsswitch.conf
+
+	if ! use resolvconf; then
+		rm -f "${ED}${rootprefix}"/sbin/resolvconf || die
+	fi
+
+	if ! use sysv-utils; then
+		rm "${ED}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
+		rm "${ED}"/usr/share/man/man1/init.1 || die
+		rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
+	fi
+
+	if ! use resolvconf && ! use sysv-utils; then
+		rmdir "${ED}${rootprefix}"/sbin || die
+	fi
+
+	# Preserve empty dirs in /etc & /var, bug #437008
+	keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+	keepdir /etc/kernel/install.d
+	keepdir /etc/systemd/{network,system,user}
+	keepdir /etc/udev/{hwdb.d,rules.d}
+	keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
+	keepdir /usr/lib/{binfmt.d,modules-load.d}
+	keepdir /usr/lib/systemd/user-generators
+	keepdir /var/lib/systemd
+	keepdir /var/log/journal
+
+	# Symlink /etc/sysctl.conf for easy migration.
+	dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
+
+	rm -r "${ED}${rootprefix}"/lib/udev/hwdb.d || die
+
+	if use split-usr; then
+		# Avoid breaking boot/reboot
+		dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
+		dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
+	fi
+
+	gen_usr_ldscript -a systemd udev
+}
+
+migrate_locale() {
+	local envd_locale_def="${EROOT}/etc/env.d/02locale"
+	local envd_locale=( "${EROOT}"/etc/env.d/??locale )
+	local locale_conf="${EROOT}/etc/locale.conf"
+
+	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+		# If locale.conf does not exist...
+		if [[ -e ${envd_locale} ]]; then
+			# ...either copy env.d/??locale if there's one
+			ebegin "Moving ${envd_locale} to ${locale_conf}"
+			mv "${envd_locale}" "${locale_conf}"
+			eend ${?} || FAIL=1
+		else
+			# ...or create a dummy default
+			ebegin "Creating ${locale_conf}"
+			cat > "${locale_conf}" <<-EOF
+				# This file has been created by the sys-apps/systemd ebuild.
+				# See locale.conf(5) and localectl(1).
+
+				# LANG=${LANG}
+			EOF
+			eend ${?} || FAIL=1
+		fi
+	fi
+
+	if [[ ! -L ${envd_locale} ]]; then
+		# now, if env.d/??locale is not a symlink (to locale.conf)...
+		if [[ -e ${envd_locale} ]]; then
+			# ...warn the user that he has duplicate locale settings
+			ewarn
+			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+			ewarn "and create the symlink with the following command:"
+			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+			ewarn
+		else
+			# ...or just create the symlink if there's nothing here
+			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+			ln -n -s ../locale.conf "${envd_locale_def}"
+			eend ${?} || FAIL=1
+		fi
+	fi
+}
+
+save_enabled_units() {
+	ENABLED_UNITS=()
+	type systemctl &>/dev/null || return
+	for x; do
+		if systemctl --quiet --root="${ROOT:-/}" is-enabled "${x}"; then
+			ENABLED_UNITS+=( "${x}" )
+		fi
+	done
+}
+
+pkg_preinst() {
+	save_enabled_units {machines,remote-{cryptsetup,fs}}.target getty@tty1.service
+
+	if ! use split-usr; then
+		local dir
+		for dir in bin sbin lib; do
+			if [[ ! ${EROOT}/${dir} -ef ${EROOT}/usr/${dir} ]]; then
+				eerror "\"${EROOT}/${dir}\" and \"${EROOT}/usr/${dir}\" are not merged."
+				eerror "One of them should be a symbolic link to the other one."
+				FAIL=1
+			fi
+		done
+		if [[ ${FAIL} ]]; then
+			eerror "Migration to system layout with merged directories must be performed before"
+			eerror "rebuilding ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
+			die "System layout with split directories still used"
+		fi
+	fi
+}
+
+pkg_postinst() {
+	systemd_update_catalog
+
+	# Keep this here in case the database format changes so it gets updated
+	# when required. Despite that this file is owned by sys-apps/hwids.
+	if has_version "sys-apps/hwids[udev]"; then
+		udevadm hwdb --update --root="${EROOT}"
+	fi
+
+	udev_reload || FAIL=1
+
+	# Bug 465468, make sure locales are respect, and ensure consistency
+	# between OpenRC & systemd
+	migrate_locale
+
+	systemd_reenable systemd-networkd.service systemd-resolved.service
+
+	if [[ ${ENABLED_UNITS[@]} ]]; then
+		systemctl --root="${ROOT:-/}" enable "${ENABLED_UNITS[@]}"
+	fi
+
+	if [[ -z ${REPLACING_VERSIONS} ]]; then
+		if type systemctl &>/dev/null; then
+			systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
+		fi
+		elog "To enable a useful set of services, run the following:"
+		elog "  systemctl preset-all --preset-mode=enable-only"
+	fi
+
+	if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
+		rm "${EROOT}/var/lib/systemd/timesync"
+	fi
+
+	if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
+		ebegin "Reexecuting system manager"
+		systemctl daemon-reexec
+		eend $?
+	fi
+
+	if [[ ${FAIL} ]]; then
+		eerror "One of the postinst commands failed. Please check the postinst output"
+		eerror "for errors. You may need to clean up your system and/or try installing"
+		eerror "systemd again."
+		eerror
+	fi
+}
+
+pkg_prerm() {
+	# If removing systemd completely, remove the catalog database.
+	if [[ ! ${REPLACED_BY_VERSION} ]]; then
+		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+	fi
+}


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2019-11-17 19:56 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2019-11-17 19:56 UTC (permalink / raw
  To: gentoo-commits

commit:     6b544a541f106150ecca3b94bee639792b55733c
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 17 19:56:11 2019 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Nov 17 19:56:11 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b544a54

sys-apps/systemd: backport seccomp build fix

Closes: https://bugs.gentoo.org/700200
Package-Manager: Portage-2.3.79_p3, Repoman-2.3.18_p2
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 sys-apps/systemd/files/243-seccomp.patch | 145 +++++++++++++++++++++++++++++++
 sys-apps/systemd/systemd-243-r2.ebuild   |   1 +
 2 files changed, 146 insertions(+)

diff --git a/sys-apps/systemd/files/243-seccomp.patch b/sys-apps/systemd/files/243-seccomp.patch
new file mode 100644
index 00000000000..88b129f7722
--- /dev/null
+++ b/sys-apps/systemd/files/243-seccomp.patch
@@ -0,0 +1,145 @@
+From 4df8fe8415eaf4abd5b93c3447452547c6ea9e5f Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 14 Nov 2019 17:51:30 +0100
+Subject: [PATCH] seccomp: more comprehensive protection against libseccomp's
+ __NR_xyz namespace invasion
+
+A follow-up for 59b657296a2fe104f112b91bbf9301724067cc81, adding the
+same conditioning for all cases of our __NR_xyz use.
+
+Fixes: #14031
+---
+ src/basic/missing_syscall.h | 10 +++++-----
+ src/test/test-seccomp.c     | 19 ++++++++++---------
+ 2 files changed, 15 insertions(+), 14 deletions(-)
+
+diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h
+index 6d9b12544d..1255d8b197 100644
+--- a/src/basic/missing_syscall.h
++++ b/src/basic/missing_syscall.h
+@@ -274,7 +274,7 @@ static inline int missing_renameat2(int oldfd, const char *oldname, int newfd, c
+ 
+ #if !HAVE_KCMP
+ static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned long idx1, unsigned long idx2) {
+-#  ifdef __NR_kcmp
++#  if defined __NR_kcmp && __NR_kcmp > 0
+         return syscall(__NR_kcmp, pid1, pid2, type, idx1, idx2);
+ #  else
+         errno = ENOSYS;
+@@ -289,7 +289,7 @@ static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned long i
+ 
+ #if !HAVE_KEYCTL
+ static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) {
+-#  ifdef __NR_keyctl
++#  if defined __NR_keyctl && __NR_keyctl > 0
+         return syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5);
+ #  else
+         errno = ENOSYS;
+@@ -300,7 +300,7 @@ static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg
+ }
+ 
+ static inline key_serial_t missing_add_key(const char *type, const char *description, const void *payload, size_t plen, key_serial_t ringid) {
+-#  ifdef __NR_add_key
++#  if defined __NR_add_key && __NR_add_key > 0
+         return syscall(__NR_add_key, type, description, payload, plen, ringid);
+ #  else
+         errno = ENOSYS;
+@@ -311,7 +311,7 @@ static inline key_serial_t missing_add_key(const char *type, const char *descrip
+ }
+ 
+ static inline key_serial_t missing_request_key(const char *type, const char *description, const char * callout_info, key_serial_t destringid) {
+-#  ifdef __NR_request_key
++#  if defined __NR_request_key && __NR_request_key > 0
+         return syscall(__NR_request_key, type, description, callout_info, destringid);
+ #  else
+         errno = ENOSYS;
+@@ -496,7 +496,7 @@ enum {
+ static inline long missing_set_mempolicy(int mode, const unsigned long *nodemask,
+                            unsigned long maxnode) {
+         long i;
+-#  ifdef __NR_set_mempolicy
++#  if defined __NR_set_mempolicy && __NR_set_mempolicy > 0
+         i = syscall(__NR_set_mempolicy, mode, nodemask, maxnode);
+ #  else
+         errno = ENOSYS;
+diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
+index 018c20f8be..c6692043fe 100644
+--- a/src/test/test-seccomp.c
++++ b/src/test/test-seccomp.c
+@@ -28,7 +28,8 @@
+ #include "tmpfile-util.h"
+ #include "virt.h"
+ 
+-#if SCMP_SYS(socket) < 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__)
++/* __NR_socket may be invalid due to libseccomp */
++#if !defined(__NR_socket) || __NR_socket <= 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__)
+ /* On these archs, socket() is implemented via the socketcall() syscall multiplexer,
+  * and we can't restrict it hence via seccomp. */
+ #  define SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN 1
+@@ -304,14 +305,14 @@ static void test_protect_sysctl(void) {
+         assert_se(pid >= 0);
+ 
+         if (pid == 0) {
+-#if __NR__sysctl > 0
++#if defined __NR__sysctl && __NR__sysctl > 0
+                 assert_se(syscall(__NR__sysctl, NULL) < 0);
+                 assert_se(errno == EFAULT);
+ #endif
+ 
+                 assert_se(seccomp_protect_sysctl() >= 0);
+ 
+-#if __NR__sysctl > 0
++#if defined __NR__sysctl && __NR__sysctl > 0
+                 assert_se(syscall(__NR__sysctl, 0, 0, 0) < 0);
+                 assert_se(errno == EPERM);
+ #endif
+@@ -640,7 +641,7 @@ static void test_load_syscall_filter_set_raw(void) {
+                 assert_se(poll(NULL, 0, 0) == 0);
+ 
+                 assert_se(s = hashmap_new(NULL));
+-#if SCMP_SYS(access) >= 0
++#if defined __NR_access && __NR_access > 0
+                 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(-1)) >= 0);
+ #else
+                 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(-1)) >= 0);
+@@ -656,7 +657,7 @@ static void test_load_syscall_filter_set_raw(void) {
+                 s = hashmap_free(s);
+ 
+                 assert_se(s = hashmap_new(NULL));
+-#if SCMP_SYS(access) >= 0
++#if defined __NR_access && __NR_access > 0
+                 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(EILSEQ)) >= 0);
+ #else
+                 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(EILSEQ)) >= 0);
+@@ -672,7 +673,7 @@ static void test_load_syscall_filter_set_raw(void) {
+                 s = hashmap_free(s);
+ 
+                 assert_se(s = hashmap_new(NULL));
+-#if SCMP_SYS(poll) >= 0
++#if defined __NR_poll && __NR_poll > 0
+                 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(-1)) >= 0);
+ #else
+                 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(-1)) >= 0);
+@@ -689,7 +690,7 @@ static void test_load_syscall_filter_set_raw(void) {
+                 s = hashmap_free(s);
+ 
+                 assert_se(s = hashmap_new(NULL));
+-#if SCMP_SYS(poll) >= 0
++#if defined __NR_poll && __NR_poll > 0
+                 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(EILSEQ)) >= 0);
+ #else
+                 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(EILSEQ)) >= 0);
+@@ -767,8 +768,8 @@ static int real_open(const char *path, int flags, mode_t mode) {
+          * testing purposes that calls the real syscall, on architectures where SYS_open is defined. On
+          * other architectures, let's just fall back to the glibc call. */
+ 
+-#ifdef SYS_open
+-        return (int) syscall(SYS_open, path, flags, mode);
++#if defined __NR_open && __NR_open > 0
++        return (int) syscall(__NR_open, path, flags, mode);
+ #else
+         return open(path, flags, mode);
+ #endif
+-- 
+2.24.0
+

diff --git a/sys-apps/systemd/systemd-243-r2.ebuild b/sys-apps/systemd/systemd-243-r2.ebuild
index bb30df33710..1b32293a17b 100644
--- a/sys-apps/systemd/systemd-243-r2.ebuild
+++ b/sys-apps/systemd/systemd-243-r2.ebuild
@@ -185,6 +185,7 @@ src_prepare() {
 
 	# Add local patches here
 	PATCHES+=(
+		"${FILESDIR}/243-seccomp.patch"
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2019-08-11 16:28 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2019-08-11 16:28 UTC (permalink / raw
  To: gentoo-commits

commit:     35dcfcc83b7e325672f9167b5417d67deb4e3270
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 11 16:27:41 2019 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Aug 11 16:27:41 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35dcfcc8

sys-apps/systemd: backport fixes

Closes: https://bugs.gentoo.org/691232
Closes: https://bugs.gentoo.org/691280
Closes: https://bugs.gentoo.org/691502
Package-Manager: Portage-2.3.71, Repoman-2.3.16_p24
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 sys-apps/systemd/files/243-rc1-cryptsetup.patch    | 148 +++++++++++++++++++++
 ...243-rc1-revert-logind-remove-unused-check.patch |  31 +++++
 .../systemd/files/243-rc1-udev-properties.patch    |  53 ++++++++
 ...243_rc1-r1.ebuild => systemd-243_rc1-r2.ebuild} |   3 +
 4 files changed, 235 insertions(+)

diff --git a/sys-apps/systemd/files/243-rc1-cryptsetup.patch b/sys-apps/systemd/files/243-rc1-cryptsetup.patch
new file mode 100644
index 00000000000..e922d4d29cb
--- /dev/null
+++ b/sys-apps/systemd/files/243-rc1-cryptsetup.patch
@@ -0,0 +1,148 @@
+From f4ea8432e67110b73b07dd0e47a5339d83b350fb Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 31 Jul 2019 09:38:15 +0200
+Subject: [PATCH] cryptsetup-generator: fix coverity issue
+
+Fixes coverity issue 1403772
+---
+ src/cryptsetup/cryptsetup-generator.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
+index c51bb9ae189..960f4762b7d 100644
+--- a/src/cryptsetup/cryptsetup-generator.c
++++ b/src/cryptsetup/cryptsetup-generator.c
+@@ -46,30 +46,30 @@ STATIC_DESTRUCTOR_REGISTER(arg_disks, hashmap_freep);
+ STATIC_DESTRUCTOR_REGISTER(arg_default_options, freep);
+ STATIC_DESTRUCTOR_REGISTER(arg_default_keyfile, freep);
+ 
+-static int split_keyspec(const char *keyspec, char **keyfile, char **keydev) {
++static int split_keyspec(const char *keyspec, char **ret_keyfile, char **ret_keydev) {
+         _cleanup_free_ char *kfile = NULL, *kdev = NULL;
+-        char *c;
++        const char *c;
+ 
+         assert(keyspec);
+-        assert(keyfile);
+-        assert(keydev);
++        assert(ret_keyfile);
++        assert(ret_keydev);
+ 
+         c = strrchr(keyspec, ':');
+         if (c) {
+                 kfile = strndup(keyspec, c-keyspec);
+                 kdev = strdup(c + 1);
+-                if (!*kfile || !*kdev)
++                if (!kfile || !kdev)
+                         return log_oom();
+         } else {
+                 /* No keydev specified */
+                 kfile = strdup(keyspec);
+                 kdev = NULL;
+-                if (!*kfile)
++                if (!kfile)
+                         return log_oom();
+         }
+ 
+-        *keyfile = TAKE_PTR(kfile);
+-        *keydev = TAKE_PTR(kdev);
++        *ret_keyfile = TAKE_PTR(kfile);
++        *ret_keydev = TAKE_PTR(kdev);
+ 
+         return 0;
+ }
+From 5d2100dc4c32abbce4109e75cbfbbef6e1b2b7b1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 1 Aug 2019 08:13:13 +0200
+Subject: [PATCH] cryptsetup: use unabbrieviated variable names
+
+Now that "ret_" has been added to the output variables, we can name
+the internal variables without artificial abbrevs.
+---
+ src/cryptsetup/cryptsetup-generator.c | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
+index 960f4762b7d..84483143945 100644
+--- a/src/cryptsetup/cryptsetup-generator.c
++++ b/src/cryptsetup/cryptsetup-generator.c
+@@ -47,7 +47,7 @@ STATIC_DESTRUCTOR_REGISTER(arg_default_options, freep);
+ STATIC_DESTRUCTOR_REGISTER(arg_default_keyfile, freep);
+ 
+ static int split_keyspec(const char *keyspec, char **ret_keyfile, char **ret_keydev) {
+-        _cleanup_free_ char *kfile = NULL, *kdev = NULL;
++        _cleanup_free_ char *keyfile = NULL, *keydev = NULL;
+         const char *c;
+ 
+         assert(keyspec);
+@@ -56,20 +56,20 @@ static int split_keyspec(const char *keyspec, char **ret_keyfile, char **ret_key
+ 
+         c = strrchr(keyspec, ':');
+         if (c) {
+-                kfile = strndup(keyspec, c-keyspec);
+-                kdev = strdup(c + 1);
+-                if (!kfile || !kdev)
++                keyfile = strndup(keyspec, c-keyspec);
++                keydev = strdup(c + 1);
++                if (!keyfile || !keydev)
+                         return log_oom();
+         } else {
+                 /* No keydev specified */
+-                kfile = strdup(keyspec);
+-                kdev = NULL;
+-                if (!kfile)
++                keyfile = strdup(keyspec);
++                keydev = NULL;
++                if (!keyfile)
+                         return log_oom();
+         }
+ 
+-        *ret_keyfile = TAKE_PTR(kfile);
+-        *ret_keydev = TAKE_PTR(kdev);
++        *ret_keyfile = TAKE_PTR(keyfile);
++        *ret_keydev = TAKE_PTR(keydev);
+ 
+         return 0;
+ }
+From fef716b28be6e866b8afe995805d5ebe2af6bbfa Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 1 Aug 2019 08:15:43 +0200
+Subject: [PATCH] cryptsetup: don't assert on variable which is optional
+
+https://github.com/systemd/systemd/commit/50d2eba27b9bfc77ef6b40e5721713846815418b#commitcomment-34519739
+
+In add_crypttab_devices() split_keyspec is called on the keyfile argument,
+which may be NULL.
+---
+ src/cryptsetup/cryptsetup-generator.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
+index 84483143945..4815ded753f 100644
+--- a/src/cryptsetup/cryptsetup-generator.c
++++ b/src/cryptsetup/cryptsetup-generator.c
+@@ -50,10 +50,14 @@ static int split_keyspec(const char *keyspec, char **ret_keyfile, char **ret_key
+         _cleanup_free_ char *keyfile = NULL, *keydev = NULL;
+         const char *c;
+ 
+-        assert(keyspec);
+         assert(ret_keyfile);
+         assert(ret_keydev);
+ 
++        if (!keyspec) {
++                *ret_keyfile = *ret_keydev = NULL;
++                return 0;
++        }
++
+         c = strrchr(keyspec, ':');
+         if (c) {
+                 keyfile = strndup(keyspec, c-keyspec);
+@@ -567,7 +571,7 @@ static int add_crypttab_devices(void) {
+         }
+ 
+         for (;;) {
+-                _cleanup_free_ char *line = NULL, *name = NULL, *device = NULL, *keydev = NULL, *keyfile = NULL, *keyspec = NULL, *options = NULL;
++                _cleanup_free_ char *line = NULL, *name = NULL, *device = NULL, *keyspec = NULL, *options = NULL, *keyfile = NULL, *keydev = NULL;
+                 crypto_device *d = NULL;
+                 char *l, *uuid;
+                 int k;

diff --git a/sys-apps/systemd/files/243-rc1-revert-logind-remove-unused-check.patch b/sys-apps/systemd/files/243-rc1-revert-logind-remove-unused-check.patch
new file mode 100644
index 00000000000..30a20c17661
--- /dev/null
+++ b/sys-apps/systemd/files/243-rc1-revert-logind-remove-unused-check.patch
@@ -0,0 +1,31 @@
+From 18f689b1fa35c53580da62bfce875fb15d20d448 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 4 Aug 2019 05:43:34 +0900
+Subject: [PATCH] Revert "logind: remove unused check"
+
+This reverts commit f2330acda408a34451d5e15380fcdd225a672473.
+
+Fixes #13255.
+---
+ src/login/logind-action.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/login/logind-action.c b/src/login/logind-action.c
+index fa92f4870a2..140953eec10 100644
+--- a/src/login/logind-action.c
++++ b/src/login/logind-action.c
+@@ -61,8 +61,12 @@ int manager_handle_action(
+         int r;
+ 
+         assert(m);
+-        /* We should be called only with valid actions different than HANDLE_IGNORE. */
+-        assert(handle > HANDLE_IGNORE && handle < _HANDLE_ACTION_MAX);
++
++        /* If the key handling is turned off, don't do anything */
++        if (handle == HANDLE_IGNORE) {
++                log_debug("Refusing operation, as it is turned off.");
++                return 0;
++        }
+ 
+         if (inhibit_key == INHIBIT_HANDLE_LID_SWITCH) {
+                 /* If the last system suspend or startup is too close,

diff --git a/sys-apps/systemd/files/243-rc1-udev-properties.patch b/sys-apps/systemd/files/243-rc1-udev-properties.patch
new file mode 100644
index 00000000000..5e2ffa1868a
--- /dev/null
+++ b/sys-apps/systemd/files/243-rc1-udev-properties.patch
@@ -0,0 +1,53 @@
+From 41c81c4a626fda0969fc09ddeb8addb7aae6e4d9 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 4 Aug 2019 06:08:06 +0900
+Subject: [PATCH] udev: do not try to import properties on commented out lines
+
+Fixes #13257.
+---
+ src/udev/udev-rules.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
+index 3473a7eb7e5..1642f105354 100644
+--- a/src/udev/udev-rules.c
++++ b/src/udev/udev-rules.c
+@@ -1401,8 +1401,10 @@ static int get_property_from_string(char *line, char **ret_key, char **ret_value
+         key = skip_leading_chars(line, NULL);
+ 
+         /* comment or empty line */
+-        if (IN_SET(key[0], '#', '\0'))
++        if (IN_SET(key[0], '#', '\0')) {
++                *ret_key = *ret_value = NULL;
+                 return 0;
++        }
+ 
+         /* split key/value */
+         val = strchr(key, '=');
+@@ -1429,7 +1431,7 @@ static int get_property_from_string(char *line, char **ret_key, char **ret_value
+ 
+         *ret_key = key;
+         *ret_value = val;
+-        return 0;
++        return 1;
+ }
+ 
+ static int import_parent_into_properties(sd_device *dev, const char *filter) {
+@@ -1681,6 +1683,8 @@ static int udev_rule_apply_token_to_event(
+                                                      line);
+                                 continue;
+                         }
++                        if (r == 0)
++                                continue;
+ 
+                         r = device_add_property(dev, key, value);
+                         if (r < 0)
+@@ -1719,6 +1723,8 @@ static int udev_rule_apply_token_to_event(
+                                                      line);
+                                 continue;
+                         }
++                        if (r == 0)
++                                continue;
+ 
+                         r = device_add_property(dev, key, value);
+                         if (r < 0)

diff --git a/sys-apps/systemd/systemd-243_rc1-r1.ebuild b/sys-apps/systemd/systemd-243_rc1-r2.ebuild
similarity index 98%
rename from sys-apps/systemd/systemd-243_rc1-r1.ebuild
rename to sys-apps/systemd/systemd-243_rc1-r2.ebuild
index 34b6587a0db..d67b45ec87d 100644
--- a/sys-apps/systemd/systemd-243_rc1-r1.ebuild
+++ b/sys-apps/systemd/systemd-243_rc1-r2.ebuild
@@ -186,6 +186,9 @@ src_prepare() {
 	# Add local patches here
 	PATCHES+=(
 		"${FILESDIR}"/243-rc1-analyze.patch
+		"${FILESDIR}"/243-rc1-cryptsetup.patch
+		"${FILESDIR}"/243-rc1-revert-logind-remove-unused-check.patch
+		"${FILESDIR}"/243-rc1-udev-properties.patch
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2019-07-10 18:21 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2019-07-10 18:21 UTC (permalink / raw
  To: gentoo-commits

commit:     6be3d97505de9b79544a76fb998993886a40a9a4
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 10 18:14:37 2019 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Jul 10 18:20:54 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6be3d975

sys-apps/systemd: backport networkd fix

Closes: https://bugs.gentoo.org/687340
Package-Manager: Portage-2.3.68, Repoman-2.3.16_p2
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 sys-apps/systemd/files/242-network-domains.patch   | 57 ++++++++++++++++++++++
 ...systemd-242-r5.ebuild => systemd-242-r6.ebuild} |  1 +
 2 files changed, 58 insertions(+)

diff --git a/sys-apps/systemd/files/242-network-domains.patch b/sys-apps/systemd/files/242-network-domains.patch
new file mode 100644
index 00000000000..166a8ee5b76
--- /dev/null
+++ b/sys-apps/systemd/files/242-network-domains.patch
@@ -0,0 +1,57 @@
+From fe0e16db093a7da09fcb52a2bc7017197047443d Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Mon, 13 May 2019 05:40:31 +0900
+Subject: [PATCH] network: do not use ordered_set_printf() for DOMAINS= or
+ ROUTE_DOMAINS=
+
+This partially reverts 5e2a51d588dde4b52c6017ea80b75c16e6e23431.
+
+Fixes #12531.
+---
+ src/network/networkd-link.c | 17 +++++++++++------
+ 1 file changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index f8ee48802cb..1dc10c65a1b 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -3495,12 +3495,11 @@ int link_save(Link *link) {
+                 admin_state, oper_state);
+ 
+         if (link->network) {
+-                bool space;
++                char **dhcp6_domains = NULL, **dhcp_domains = NULL;
++                const char *dhcp_domainname = NULL, *p;
+                 sd_dhcp6_lease *dhcp6_lease = NULL;
+-                const char *dhcp_domainname = NULL;
+-                char **dhcp6_domains = NULL;
+-                char **dhcp_domains = NULL;
+                 unsigned j;
++                bool space;
+ 
+                 fprintf(f, "REQUIRED_FOR_ONLINE=%s\n",
+                         yes_no(link->network->required_for_online));
+@@ -3617,7 +3616,10 @@ int link_save(Link *link) {
+                                 (void) sd_dhcp6_lease_get_domains(dhcp6_lease, &dhcp6_domains);
+                 }
+ 
+-                ordered_set_print(f, "DOMAINS=", link->network->search_domains);
++                fputs("DOMAINS=", f);
++                space = false;
++                ORDERED_SET_FOREACH(p, link->network->search_domains, i)
++                        fputs_with_space(f, p, NULL, &space);
+ 
+                 if (link->network->dhcp_use_domains == DHCP_USE_DOMAINS_YES) {
+                         NDiscDNSSL *dd;
+@@ -3635,7 +3637,10 @@ int link_save(Link *link) {
+ 
+                 fputc('\n', f);
+ 
+-                ordered_set_print(f, "ROUTE_DOMAINS=", link->network->route_domains);
++                fputs("ROUTE_DOMAINS=", f);
++                space = false;
++                ORDERED_SET_FOREACH(p, link->network->route_domains, i)
++                        fputs_with_space(f, p, NULL, &space);
+ 
+                 if (link->network->dhcp_use_domains == DHCP_USE_DOMAINS_ROUTE) {
+                         NDiscDNSSL *dd;

diff --git a/sys-apps/systemd/systemd-242-r5.ebuild b/sys-apps/systemd/systemd-242-r6.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-242-r5.ebuild
rename to sys-apps/systemd/systemd-242-r6.ebuild
index ec26fa49f50..a42f1f1f5d8 100644
--- a/sys-apps/systemd/systemd-242-r5.ebuild
+++ b/sys-apps/systemd/systemd-242-r6.ebuild
@@ -173,6 +173,7 @@ src_prepare() {
 		"${FILESDIR}"/242-file-max.patch
 		"${FILESDIR}"/242-rdrand-ryzen.patch
 		"${FILESDIR}"/242-networkd-ipv6-token.patch
+		"${FILESDIR}"/242-network-domains.patch
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2019-07-10 15:37 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2019-07-10 15:37 UTC (permalink / raw
  To: gentoo-commits

commit:     d5de18bc38a164bac47401cb9fa4a73afba5d49e
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 10 15:36:54 2019 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Jul 10 15:37:03 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d5de18bc

sys-apps/systemd: backport networkd fix

Closes: https://bugs.gentoo.org/689496
Package-Manager: Portage-2.3.68, Repoman-2.3.16_p2
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../systemd/files/242-networkd-ipv6-token.patch    | 152 +++++++++++++++++++++
 ...systemd-241-r3.ebuild => systemd-241-r4.ebuild} |   1 +
 ...systemd-242-r4.ebuild => systemd-242-r5.ebuild} |   1 +
 3 files changed, 154 insertions(+)

diff --git a/sys-apps/systemd/files/242-networkd-ipv6-token.patch b/sys-apps/systemd/files/242-networkd-ipv6-token.patch
new file mode 100644
index 00000000000..87a85f6f6ab
--- /dev/null
+++ b/sys-apps/systemd/files/242-networkd-ipv6-token.patch
@@ -0,0 +1,152 @@
+From 4eb086a38712ea98faf41e075b84555b11b54362 Mon Sep 17 00:00:00 2001
+From: Susant Sahani <ssahani@gmail.com>
+Date: Thu, 9 May 2019 07:35:35 +0530
+Subject: [PATCH] networkd: fix link_up() (#12505)
+
+Fillup IFLA_INET6_ADDR_GEN_MODE while we do link_up.
+
+Fixes the following error:
+```
+dummy-test: Could not bring up interface: Invalid argument
+```
+
+After reading the kernel code when we do a link up
+```
+net/core/rtnetlink.c
+IFLA_AF_SPEC
+ af_ops->set_link_af(dev, af);
+  inet6_set_link_af
+   if (tb[IFLA_INET6_ADDR_GEN_MODE])
+             Here it looks for IFLA_INET6_ADDR_GEN_MODE
+```
+Since link up we didn't filling up that it's failing.
+
+Closes #12504.
+---
+ src/network/networkd-link.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 3c8b5c5cb43..4db9f3f980f 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -2031,6 +2031,8 @@ static int link_up(Link *link) {
+         }
+ 
+         if (link_ipv6_enabled(link)) {
++                uint8_t ipv6ll_mode;
++
+                 r = sd_netlink_message_open_container(req, IFLA_AF_SPEC);
+                 if (r < 0)
+                         return log_link_error_errno(link, r, "Could not open IFLA_AF_SPEC container: %m");
+@@ -2046,6 +2048,19 @@ static int link_up(Link *link) {
+                                 return log_link_error_errno(link, r, "Could not append IFLA_INET6_TOKEN: %m");
+                 }
+ 
++                if (!link_ipv6ll_enabled(link))
++                        ipv6ll_mode = IN6_ADDR_GEN_MODE_NONE;
++                else if (sysctl_read_ip_property(AF_INET6, link->ifname, "stable_secret", NULL) < 0)
++                        /* The file may not exist. And event if it exists, when stable_secret is unset,
++                         * reading the file fails with EIO. */
++                        ipv6ll_mode = IN6_ADDR_GEN_MODE_EUI64;
++                else
++                        ipv6ll_mode = IN6_ADDR_GEN_MODE_STABLE_PRIVACY;
++
++                r = sd_netlink_message_append_u8(req, IFLA_INET6_ADDR_GEN_MODE, ipv6ll_mode);
++                if (r < 0)
++                        return log_link_error_errno(link, r, "Could not append IFLA_INET6_ADDR_GEN_MODE: %m");
++
+                 r = sd_netlink_message_close_container(req);
+                 if (r < 0)
+                         return log_link_error_errno(link, r, "Could not close AF_INET6 container: %m");
+From 9f6e82e6eb3b6e73d66d00d1d6eee60691fb702f Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Thu, 9 May 2019 14:39:46 +0900
+Subject: [PATCH] network: do not send ipv6 token to kernel
+
+We disabled kernel RA support. Then, we should not send
+IFLA_INET6_TOKEN.
+Thus, we do not need to send IFLA_INET6_ADDR_GEN_MODE twice.
+
+Follow-up for 0e2fdb83bb5e22047e0c7cc058b415d0e93f02cf and
+4eb086a38712ea98faf41e075b84555b11b54362.
+---
+ src/network/networkd-link.c | 51 +++++--------------------------------
+ 1 file changed, 6 insertions(+), 45 deletions(-)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 2b6ff2b6c58..b6da4ea70b7 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -1954,6 +1954,9 @@ static int link_configure_addrgen_mode(Link *link) {
+         assert(link->manager);
+         assert(link->manager->rtnl);
+ 
++        if (!socket_ipv6_is_supported())
++                return 0;
++
+         log_link_debug(link, "Setting address genmode for link");
+ 
+         r = sd_rtnl_message_new_link(link->manager->rtnl, &req, RTM_SETLINK, link->ifindex);
+@@ -2047,46 +2050,6 @@ static int link_up(Link *link) {
+                         return log_link_error_errno(link, r, "Could not set MAC address: %m");
+         }
+ 
+-        if (link_ipv6_enabled(link)) {
+-                uint8_t ipv6ll_mode;
+-
+-                r = sd_netlink_message_open_container(req, IFLA_AF_SPEC);
+-                if (r < 0)
+-                        return log_link_error_errno(link, r, "Could not open IFLA_AF_SPEC container: %m");
+-
+-                /* if the kernel lacks ipv6 support setting IFF_UP fails if any ipv6 options are passed */
+-                r = sd_netlink_message_open_container(req, AF_INET6);
+-                if (r < 0)
+-                        return log_link_error_errno(link, r, "Could not open AF_INET6 container: %m");
+-
+-                if (!in_addr_is_null(AF_INET6, &link->network->ipv6_token)) {
+-                        r = sd_netlink_message_append_in6_addr(req, IFLA_INET6_TOKEN, &link->network->ipv6_token.in6);
+-                        if (r < 0)
+-                                return log_link_error_errno(link, r, "Could not append IFLA_INET6_TOKEN: %m");
+-                }
+-
+-                if (!link_ipv6ll_enabled(link))
+-                        ipv6ll_mode = IN6_ADDR_GEN_MODE_NONE;
+-                else if (sysctl_read_ip_property(AF_INET6, link->ifname, "stable_secret", NULL) < 0)
+-                        /* The file may not exist. And event if it exists, when stable_secret is unset,
+-                         * reading the file fails with EIO. */
+-                        ipv6ll_mode = IN6_ADDR_GEN_MODE_EUI64;
+-                else
+-                        ipv6ll_mode = IN6_ADDR_GEN_MODE_STABLE_PRIVACY;
+-
+-                r = sd_netlink_message_append_u8(req, IFLA_INET6_ADDR_GEN_MODE, ipv6ll_mode);
+-                if (r < 0)
+-                        return log_link_error_errno(link, r, "Could not append IFLA_INET6_ADDR_GEN_MODE: %m");
+-
+-                r = sd_netlink_message_close_container(req);
+-                if (r < 0)
+-                        return log_link_error_errno(link, r, "Could not close AF_INET6 container: %m");
+-
+-                r = sd_netlink_message_close_container(req);
+-                if (r < 0)
+-                        return log_link_error_errno(link, r, "Could not close IFLA_AF_SPEC container: %m");
+-        }
+-
+         r = netlink_call_async(link->manager->rtnl, NULL, req, link_up_handler,
+                                link_netlink_destroy_callback, link);
+         if (r < 0)
+@@ -3226,11 +3189,9 @@ static int link_configure(Link *link) {
+         if (r < 0)
+                 return r;
+ 
+-        if (socket_ipv6_is_supported()) {
+-                r = link_configure_addrgen_mode(link);
+-                if (r < 0)
+-                        return r;
+-        }
++        r = link_configure_addrgen_mode(link);
++        if (r < 0)
++                return r;
+ 
+         return link_configure_after_setting_mtu(link);
+ }

diff --git a/sys-apps/systemd/systemd-241-r3.ebuild b/sys-apps/systemd/systemd-241-r4.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-241-r3.ebuild
rename to sys-apps/systemd/systemd-241-r4.ebuild
index bf75f7e6aa1..9ea26e0dc87 100644
--- a/sys-apps/systemd/systemd-241-r3.ebuild
+++ b/sys-apps/systemd/systemd-241-r4.ebuild
@@ -173,6 +173,7 @@ src_prepare() {
 		"${FILESDIR}"/242-file-max.patch
 		"${FILESDIR}"/241-wrapper-msan-unpoinson.patch
 		"${FILESDIR}"/242-rdrand-ryzen.patch
+		"${FILESDIR}"/242-networkd-ipv6-token.patch
 	)
 
 	if ! use vanilla; then

diff --git a/sys-apps/systemd/systemd-242-r4.ebuild b/sys-apps/systemd/systemd-242-r5.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-242-r4.ebuild
rename to sys-apps/systemd/systemd-242-r5.ebuild
index 942547ef011..50b6ad640b2 100644
--- a/sys-apps/systemd/systemd-242-r4.ebuild
+++ b/sys-apps/systemd/systemd-242-r5.ebuild
@@ -175,6 +175,7 @@ src_prepare() {
 		"${FILESDIR}"/242-wireguard-listenport.patch
 		"${FILESDIR}"/242-file-max.patch
 		"${FILESDIR}"/242-rdrand-ryzen.patch
+		"${FILESDIR}"/242-networkd-ipv6-token.patch
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2019-07-08 15:47 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2019-07-08 15:47 UTC (permalink / raw
  To: gentoo-commits

commit:     d8e9f1fc3f4d1cb207a640447f843d1fea8f941d
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Jul  8 15:47:01 2019 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Jul  8 15:47:01 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8e9f1fc

sys-apps/systemd: backport rdrand workaround for ryzen cpus

Package-Manager: Portage-2.3.68, Repoman-2.3.16_p2
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../systemd/files/241-wrapper-msan-unpoinson.patch |  76 +++++
 sys-apps/systemd/files/242-rdrand-ryzen.patch      | 353 +++++++++++++++++++++
 ...systemd-241-r2.ebuild => systemd-241-r3.ebuild} |   2 +
 ...systemd-242-r3.ebuild => systemd-242-r4.ebuild} |   1 +
 4 files changed, 432 insertions(+)

diff --git a/sys-apps/systemd/files/241-wrapper-msan-unpoinson.patch b/sys-apps/systemd/files/241-wrapper-msan-unpoinson.patch
new file mode 100644
index 00000000000..e337b4f4ca5
--- /dev/null
+++ b/sys-apps/systemd/files/241-wrapper-msan-unpoinson.patch
@@ -0,0 +1,76 @@
+From c322f379e6ca972f1c4d3409ac97828b1b838d5d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 22 Feb 2019 13:07:00 +0100
+Subject: [PATCH] Add wrapper for __msan_unpoinson() to reduce #ifdeffery
+
+This isn't really necessary for the subsequent commit, but I expect that we'll
+need to unpoison more often once we turn on msan in CI, so I think think this
+change makes sense in the long run.
+---
+ src/basic/alloc-util.h  | 10 ++++++++++
+ src/basic/random-util.c | 11 ++---------
+ 2 files changed, 12 insertions(+), 9 deletions(-)
+
+diff --git a/src/basic/alloc-util.h b/src/basic/alloc-util.h
+index 893a1238ff..78ee34bb71 100644
+--- a/src/basic/alloc-util.h
++++ b/src/basic/alloc-util.h
+@@ -8,6 +8,10 @@
+ 
+ #include "macro.h"
+ 
++#if HAS_FEATURE_MEMORY_SANITIZER
++#  include <sanitizer/msan_interface.h>
++#endif
++
+ typedef void (*free_func_t)(void *p);
+ 
+ /* If for some reason more than 4M are allocated on the stack, let's abort immediately. It's better than
+@@ -160,3 +164,9 @@ void* greedy_realloc0(void **p, size_t *allocated, size_t need, size_t size);
+                 (ptr) = NULL;                   \
+                 _ptr_;                          \
+         })
++
++#if HAS_FEATURE_MEMORY_SANITIZER
++#  define msan_unpoison(r, s) __msan_unpoison(r, s)
++#else
++#  define msan_unpoison(r, s)
++#endif
+diff --git a/src/basic/random-util.c b/src/basic/random-util.c
+index f7decf60b6..ca25fd2420 100644
+--- a/src/basic/random-util.c
++++ b/src/basic/random-util.c
+@@ -23,16 +23,13 @@
+ #  include <linux/random.h>
+ #endif
+ 
++#include "alloc-util.h"
+ #include "fd-util.h"
+ #include "io-util.h"
+ #include "missing.h"
+ #include "random-util.h"
+ #include "time-util.h"
+ 
+-#if HAS_FEATURE_MEMORY_SANITIZER
+-#include <sanitizer/msan_interface.h>
+-#endif
+-
+ int rdrand(unsigned long *ret) {
+ 
+ #if defined(__i386__) || defined(__x86_64__)
+@@ -58,11 +55,7 @@ int rdrand(unsigned long *ret) {
+                      "setc %1"
+                      : "=r" (*ret),
+                        "=qm" (err));
+-
+-#if HAS_FEATURE_MEMORY_SANITIZER
+-        __msan_unpoison(&err, sizeof(err));
+-#endif
+-
++        msan_unpoison(&err, sizeof(err));
+         if (!err)
+                 return -EAGAIN;
+ 
+-- 
+2.22.0
+

diff --git a/sys-apps/systemd/files/242-rdrand-ryzen.patch b/sys-apps/systemd/files/242-rdrand-ryzen.patch
new file mode 100644
index 00000000000..ec690c1b3f6
--- /dev/null
+++ b/sys-apps/systemd/files/242-rdrand-ryzen.patch
@@ -0,0 +1,353 @@
+From d351699739471734666230ae3c6f9ba56ce5ce45 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 7 May 2019 16:18:13 -0400
+Subject: [PATCH 1/6] =?UTF-8?q?random-util:=20rename=20RANDOM=5FDONT=5FDRA?=
+ =?UTF-8?q?IN=20=E2=86=92=20RANDOM=5FMAY=5FFAIL?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The old flag name was a bit of a misnomer, as /dev/urandom cannot be
+"drained". Once it's initialized it's initialized and then is good
+forever. (Only /dev/random has a concept of 'draining', but we never use
+that, as it's an obsolete interface).
+
+The flag is still useful though, since it allows us to suppress accesses
+to the random pool while it is not initialized, as that trips up the
+kernel and it logs about any such attempts, which we really don't want.
+
+(cherry picked from commit 1a0ffa1e737e65312abac63dcf4b44e1ac0e1642)
+---
+ src/basic/random-util.c | 36 +++++++++++++++++++-----------------
+ src/basic/random-util.h |  4 ++--
+ 2 files changed, 21 insertions(+), 19 deletions(-)
+
+diff --git a/src/basic/random-util.c b/src/basic/random-util.c
+index ca25fd2420..de29e07549 100644
+--- a/src/basic/random-util.c
++++ b/src/basic/random-util.c
+@@ -71,21 +71,22 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) {
+         bool got_some = false;
+         int r;
+ 
+-        /* Gathers some randomness from the kernel (or the CPU if the RANDOM_ALLOW_RDRAND flag is set). This call won't
+-         * block, unless the RANDOM_BLOCK flag is set. If RANDOM_DONT_DRAIN is set, an error is returned if the random
+-         * pool is not initialized. Otherwise it will always return some data from the kernel, regardless of whether
+-         * the random pool is fully initialized or not. */
++        /* Gathers some randomness from the kernel (or the CPU if the RANDOM_ALLOW_RDRAND flag is set). This
++         * call won't block, unless the RANDOM_BLOCK flag is set. If RANDOM_MAY_FAIL is set, an error is
++         * returned if the random pool is not initialized. Otherwise it will always return some data from the
++         * kernel, regardless of whether the random pool is fully initialized or not. */
+ 
+         if (n == 0)
+                 return 0;
+ 
+         if (FLAGS_SET(flags, RANDOM_ALLOW_RDRAND))
+-                /* Try x86-64' RDRAND intrinsic if we have it. We only use it if high quality randomness is not
+-                 * required, as we don't trust it (who does?). Note that we only do a single iteration of RDRAND here,
+-                 * even though the Intel docs suggest calling this in a tight loop of 10 invocations or so. That's
+-                 * because we don't really care about the quality here. We generally prefer using RDRAND if the caller
+-                 * allows us too, since this way we won't drain the kernel randomness pool if we don't need it, as the
+-                 * pool's entropy is scarce. */
++                /* Try x86-64' RDRAND intrinsic if we have it. We only use it if high quality randomness is
++                 * not required, as we don't trust it (who does?). Note that we only do a single iteration of
++                 * RDRAND here, even though the Intel docs suggest calling this in a tight loop of 10
++                 * invocations or so. That's because we don't really care about the quality here. We
++                 * generally prefer using RDRAND if the caller allows us to, since this way we won't upset
++                 * the kernel's random subsystem by accessing it before the pool is initialized (after all it
++                 * will kmsg log about every attempt to do so)..*/
+                 for (;;) {
+                         unsigned long u;
+                         size_t m;
+@@ -153,12 +154,13 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) {
+                                 break;
+ 
+                         } else if (errno == EAGAIN) {
+-                                /* The kernel has no entropy whatsoever. Let's remember to use the syscall the next
+-                                 * time again though.
++                                /* The kernel has no entropy whatsoever. Let's remember to use the syscall
++                                 * the next time again though.
+                                  *
+-                                 * If RANDOM_DONT_DRAIN is set, return an error so that random_bytes() can produce some
+-                                 * pseudo-random bytes instead. Otherwise, fall back to /dev/urandom, which we know is empty,
+-                                 * but the kernel will produce some bytes for us on a best-effort basis. */
++                                 * If RANDOM_MAY_FAIL is set, return an error so that random_bytes() can
++                                 * produce some pseudo-random bytes instead. Otherwise, fall back to
++                                 * /dev/urandom, which we know is empty, but the kernel will produce some
++                                 * bytes for us on a best-effort basis. */
+                                 have_syscall = true;
+ 
+                                 if (got_some && FLAGS_SET(flags, RANDOM_EXTEND_WITH_PSEUDO)) {
+@@ -167,7 +169,7 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) {
+                                         return 0;
+                                 }
+ 
+-                                if (FLAGS_SET(flags, RANDOM_DONT_DRAIN))
++                                if (FLAGS_SET(flags, RANDOM_MAY_FAIL))
+                                         return -ENODATA;
+ 
+                                 /* Use /dev/urandom instead */
+@@ -250,7 +252,7 @@ void pseudo_random_bytes(void *p, size_t n) {
+ 
+ void random_bytes(void *p, size_t n) {
+ 
+-        if (genuine_random_bytes(p, n, RANDOM_EXTEND_WITH_PSEUDO|RANDOM_DONT_DRAIN|RANDOM_ALLOW_RDRAND) >= 0)
++        if (genuine_random_bytes(p, n, RANDOM_EXTEND_WITH_PSEUDO|RANDOM_MAY_FAIL|RANDOM_ALLOW_RDRAND) >= 0)
+                 return;
+ 
+         /* If for some reason some user made /dev/urandom unavailable to us, or the kernel has no entropy, use a PRNG instead. */
+diff --git a/src/basic/random-util.h b/src/basic/random-util.h
+index 3e8c288d3d..148b6c7813 100644
+--- a/src/basic/random-util.h
++++ b/src/basic/random-util.h
+@@ -8,11 +8,11 @@
+ typedef enum RandomFlags {
+         RANDOM_EXTEND_WITH_PSEUDO = 1 << 0, /* If we can't get enough genuine randomness, but some, fill up the rest with pseudo-randomness */
+         RANDOM_BLOCK              = 1 << 1, /* Rather block than return crap randomness (only if the kernel supports that) */
+-        RANDOM_DONT_DRAIN         = 1 << 2, /* If we can't get any randomness at all, return early with -EAGAIN */
++        RANDOM_MAY_FAIL           = 1 << 2, /* If we can't get any randomness at all, return early with -ENODATA */
+         RANDOM_ALLOW_RDRAND       = 1 << 3, /* Allow usage of the CPU RNG */
+ } RandomFlags;
+ 
+-int genuine_random_bytes(void *p, size_t n, RandomFlags flags); /* returns "genuine" randomness, optionally filled upwith pseudo random, if not enough is available */
++int genuine_random_bytes(void *p, size_t n, RandomFlags flags); /* returns "genuine" randomness, optionally filled up with pseudo random, if not enough is available */
+ void pseudo_random_bytes(void *p, size_t n);                    /* returns only pseudo-randommess (but possibly seeded from something better) */
+ void random_bytes(void *p, size_t n);                           /* returns genuine randomness if cheaply available, and pseudo randomness if not. */
+ 
+-- 
+2.22.0
+
+
+From 1f492b9ecc31aa3782f9ce82058d8fb72a5c323f Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 7 May 2019 16:21:44 -0400
+Subject: [PATCH 2/6] random-util: use gcc's bit_RDRND definition if it exists
+
+(cherry picked from commit cc28145d51f62711fdc4b4c229aecd5778806419)
+---
+ src/basic/random-util.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/basic/random-util.c b/src/basic/random-util.c
+index de29e07549..205d5501e5 100644
+--- a/src/basic/random-util.c
++++ b/src/basic/random-util.c
+@@ -45,7 +45,12 @@ int rdrand(unsigned long *ret) {
+                         return -EOPNOTSUPP;
+                 }
+ 
+-                have_rdrand = !!(ecx & (1U << 30));
++/* Compat with old gcc where bit_RDRND didn't exist yet */
++#ifndef bit_RDRND
++#define bit_RDRND (1U << 30)
++#endif
++
++                have_rdrand = !!(ecx & bit_RDRND);
+         }
+ 
+         if (have_rdrand == 0)
+-- 
+2.22.0
+
+
+From 6460c540e6183dd19de89b7f0672b3b47c4d41cc Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 7 May 2019 17:26:55 -0400
+Subject: [PATCH 3/6] random-util: hash AT_RANDOM getauxval() value before
+ using it
+
+Let's be a bit paranoid and hash the 16 bytes we get from getauxval()
+before using them. AFter all they might be used by other stuff too (in
+particular ASLR), and we probably shouldn't end up leaking that seed
+though our crappy pseudo-random numbers.
+
+(cherry picked from commit 80eb560a5bd7439103036867d5e09a5e0393e5d3)
+---
+ src/basic/random-util.c | 18 ++++++++++++------
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/src/basic/random-util.c b/src/basic/random-util.c
+index 205d5501e5..40f1928936 100644
+--- a/src/basic/random-util.c
++++ b/src/basic/random-util.c
+@@ -28,6 +28,7 @@
+ #include "io-util.h"
+ #include "missing.h"
+ #include "random-util.h"
++#include "siphash24.h"
+ #include "time-util.h"
+ 
+ int rdrand(unsigned long *ret) {
+@@ -203,14 +204,19 @@ void initialize_srand(void) {
+                 return;
+ 
+ #if HAVE_SYS_AUXV_H
+-        /* The kernel provides us with 16 bytes of entropy in auxv, so let's
+-         * try to make use of that to seed the pseudo-random generator. It's
+-         * better than nothing... */
++        /* The kernel provides us with 16 bytes of entropy in auxv, so let's try to make use of that to seed
++         * the pseudo-random generator. It's better than nothing... But let's first hash it to make it harder
++         * to recover the original value by watching any pseudo-random bits we generate. After all the
++         * AT_RANDOM data might be used by other stuff too (in particular: ASLR), and we probably shouldn't
++         * leak the seed for that. */
+ 
+-        auxv = (const void*) getauxval(AT_RANDOM);
++        auxv = ULONG_TO_PTR(getauxval(AT_RANDOM));
+         if (auxv) {
+-                assert_cc(sizeof(x) <= 16);
+-                memcpy(&x, auxv, sizeof(x));
++                static const uint8_t auxval_hash_key[16] = {
++                        0x92, 0x6e, 0xfe, 0x1b, 0xcf, 0x00, 0x52, 0x9c, 0xcc, 0x42, 0xcf, 0xdc, 0x94, 0x1f, 0x81, 0x0f
++                };
++
++                x = (unsigned) siphash24(auxv, 16, auxval_hash_key);
+         } else
+ #endif
+                 x = 0;
+-- 
+2.22.0
+
+
+From 17d52f6320b45d1728af6007b4df4aaccc6fdaf4 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 7 May 2019 18:51:26 -0400
+Subject: [PATCH 4/6] random-util: rename "err" to "success"
+
+After all rdrand returns 1 on success, and 0 on failure, hence let's
+name this accordingly.
+
+(cherry picked from commit 328f850e36e86d14ab06d11fa8f2397e9575a7f9)
+---
+ src/basic/random-util.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/basic/random-util.c b/src/basic/random-util.c
+index 40f1928936..7c64857592 100644
+--- a/src/basic/random-util.c
++++ b/src/basic/random-util.c
+@@ -35,7 +35,7 @@ int rdrand(unsigned long *ret) {
+ 
+ #if defined(__i386__) || defined(__x86_64__)
+         static int have_rdrand = -1;
+-        unsigned char err;
++        uint8_t success;
+ 
+         if (have_rdrand < 0) {
+                 uint32_t eax, ebx, ecx, edx;
+@@ -60,9 +60,9 @@ int rdrand(unsigned long *ret) {
+         asm volatile("rdrand %0;"
+                      "setc %1"
+                      : "=r" (*ret),
+-                       "=qm" (err));
+-        msan_unpoison(&err, sizeof(err));
+-        if (!err)
++                       "=qm" (success));
++        msan_unpoison(&success, sizeof(sucess));
++        if (!success)
+                 return -EAGAIN;
+ 
+         return 0;
+-- 
+2.22.0
+
+
+From a6c72245ba5ba688cd6544650b9c6e313b39b53e Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Wed, 8 May 2019 15:50:53 +0200
+Subject: [PATCH 5/6] util-lib: fix a typo in rdrand
+
+Otherwise, the fuzzers will fail to compile with MSan:
+```
+../../src/systemd/src/basic/random-util.c:64:40: error: use of undeclared identifier 'sucess'; did you mean 'success'?
+        msan_unpoison(&success, sizeof(sucess));
+                                       ^~~~~~
+                                       success
+../../src/systemd/src/basic/alloc-util.h:169:50: note: expanded from macro 'msan_unpoison'
+                                                 ^
+../../src/systemd/src/basic/random-util.c:38:17: note: 'success' declared here
+        uint8_t success;
+                ^
+1 error generated.
+[80/545] Compiling C object 'src/basic/a6ba3eb@@basic@sta/process-util.c.o'.
+ninja: build stopped: subcommand failed.
+Fuzzers build failed
+```
+
+(cherry picked from commit 7f2cdceaed4d37c4e601e531c7d863fca1bd1460)
+---
+ src/basic/random-util.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/basic/random-util.c b/src/basic/random-util.c
+index 7c64857592..b8bbf2d418 100644
+--- a/src/basic/random-util.c
++++ b/src/basic/random-util.c
+@@ -61,7 +61,7 @@ int rdrand(unsigned long *ret) {
+                      "setc %1"
+                      : "=r" (*ret),
+                        "=qm" (success));
+-        msan_unpoison(&success, sizeof(sucess));
++        msan_unpoison(&success, sizeof(success));
+         if (!success)
+                 return -EAGAIN;
+ 
+-- 
+2.22.0
+
+
+From 47eec0ae61c887cb8cc05ce8d49b8d151bc4ef25 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 10 May 2019 15:16:16 -0400
+Subject: [PATCH 6/6] random-util: eat up bad RDRAND values seen on AMD CPUs
+
+An ugly, ugly work-around for #11810. And no, we shouldn't have to do
+this. This is something for AMD, the firmware or the kernel to
+fix/work-around, not us. But nonetheless, this should do it for now.
+
+Fixes: #11810
+(cherry picked from commit 1c53d4a070edbec8ad2d384ba0014d0eb6bae077)
+---
+ src/basic/random-util.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/src/basic/random-util.c b/src/basic/random-util.c
+index b8bbf2d418..0561f0cb22 100644
+--- a/src/basic/random-util.c
++++ b/src/basic/random-util.c
+@@ -35,6 +35,7 @@ int rdrand(unsigned long *ret) {
+ 
+ #if defined(__i386__) || defined(__x86_64__)
+         static int have_rdrand = -1;
++        unsigned long v;
+         uint8_t success;
+ 
+         if (have_rdrand < 0) {
+@@ -59,12 +60,24 @@ int rdrand(unsigned long *ret) {
+ 
+         asm volatile("rdrand %0;"
+                      "setc %1"
+-                     : "=r" (*ret),
++                     : "=r" (v),
+                        "=qm" (success));
+         msan_unpoison(&success, sizeof(success));
+         if (!success)
+                 return -EAGAIN;
+ 
++        /* Apparently on some AMD CPUs RDRAND will sometimes (after a suspend/resume cycle?) report success
++         * via the carry flag but nonetheless return the same fixed value -1 in all cases. This appears to be
++         * a bad bug in the CPU or firmware. Let's deal with that and work-around this by explicitly checking
++         * for this special value (and also 0, just to be sure) and filtering it out. This is a work-around
++         * only however and something AMD really should fix properly. The Linux kernel should probably work
++         * around this issue by turning off RDRAND altogether on those CPUs. See:
++         * https://github.com/systemd/systemd/issues/11810 */
++        if (v == 0 || v == ULONG_MAX)
++                return log_debug_errno(SYNTHETIC_ERRNO(EUCLEAN),
++                                       "RDRAND returned suspicious value %lx, assuming bad hardware RNG, not using value.", v);
++
++        *ret = v;
+         return 0;
+ #else
+         return -EOPNOTSUPP;
+-- 
+2.22.0
+

diff --git a/sys-apps/systemd/systemd-241-r2.ebuild b/sys-apps/systemd/systemd-241-r3.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-241-r2.ebuild
rename to sys-apps/systemd/systemd-241-r3.ebuild
index 36ac11f3ccd..bf75f7e6aa1 100644
--- a/sys-apps/systemd/systemd-241-r2.ebuild
+++ b/sys-apps/systemd/systemd-241-r3.ebuild
@@ -171,6 +171,8 @@ src_prepare() {
 		"${FILESDIR}"/241-version-dep.patch
 		"${FILESDIR}"/242-gcc-9.patch
 		"${FILESDIR}"/242-file-max.patch
+		"${FILESDIR}"/241-wrapper-msan-unpoinson.patch
+		"${FILESDIR}"/242-rdrand-ryzen.patch
 	)
 
 	if ! use vanilla; then

diff --git a/sys-apps/systemd/systemd-242-r3.ebuild b/sys-apps/systemd/systemd-242-r4.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-242-r3.ebuild
rename to sys-apps/systemd/systemd-242-r4.ebuild
index a5bcd952cf4..942547ef011 100644
--- a/sys-apps/systemd/systemd-242-r3.ebuild
+++ b/sys-apps/systemd/systemd-242-r4.ebuild
@@ -174,6 +174,7 @@ src_prepare() {
 		"${FILESDIR}"/242-socket-util-flush-accept.patch
 		"${FILESDIR}"/242-wireguard-listenport.patch
 		"${FILESDIR}"/242-file-max.patch
+		"${FILESDIR}"/242-rdrand-ryzen.patch
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2019-06-08 20:44 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2019-06-08 20:44 UTC (permalink / raw
  To: gentoo-commits

commit:     3b233dd17e8806f9eed9d8fa097a653d100a788a
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Jun  8 20:43:59 2019 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Jun  8 20:43:59 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3b233dd1

sys-apps/systemd: remove old

Package-Manager: Portage-2.3.67_p4, Repoman-2.3.13_p3
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 sys-apps/systemd/Manifest                          |   2 -
 sys-apps/systemd/files/239-debug-extra.patch       |  40 --
 sys-apps/systemd/files/gentoo-generator-path.patch |  27 --
 sys-apps/systemd/systemd-239-r4.ebuild             | 449 -------------------
 sys-apps/systemd/systemd-242-r1.ebuild             | 491 ---------------------
 5 files changed, 1009 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index ccc853651c0..e68034e7888 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,4 +1,2 @@
-DIST systemd-239-patches-2.tar.gz 33416 BLAKE2B 9602d101cbac65d3b2490f28308e843c28fcaea848dd09005abef0da0bc79ba0766a1cbe7c3cac63f796accddf0295b4eb946e601a201f7e81a48bd1720051ca SHA512 5f5a764d317c43c6b1854171a753eafaca006e12e4f91c81e6ba1d50e80bbbaca23c900fba417264bf9f0d827a73aca71a6da8f2a2043aaaefefed62f5a92b23
-DIST systemd-239.tar.gz 7157293 BLAKE2B 975f6215c8bb6662d6e161f637e1fece22930c0190b3c31a8fc4cb1a10600546a252704ac95590d9d14e495fcd06082a590e6d755e36603a41b3a396d579d8b0 SHA512 fd44590dfd148504c5ed1e67521efce50d84b627b7fc77015fa95dfa76d7a42297c56cc89eff40181809732024b16d48f2a87038cf435e0c63bc2b95ecd86b0f
 DIST systemd-241.tar.gz 7640538 BLAKE2B 69d7196fee0d0ad06ea8d7c78b0299cc17517ecce3ca4c0b1181a3fbb13bc2627629156785051e2ff427dcc21414f7a078724c6409ebaa431618e4799ebcd50a SHA512 a7757574590e8aa37e1291ea0b2c5eb03a8d8062fe9462fa5b0bf50830c933e2b301d106c70d904f94afc0aa8e43a8acfd11926dfa25b1b89174580e491e545e
 DIST systemd-242.tar.gz 7831435 BLAKE2B 288e65d0a8e133ef5885689eb16118a83d93c730e342da63115cea0892fc999104c3a4856c83f3e7ef909ba2f3311146730b05ee02d84cc0400851ccbdcd54cd SHA512 578f68a3c8f2d454198fc04ff8d943abcfb390531d57f9603d185857f7afa7f4dc641dafecf49ce50fe22f5837b252b181400891e8efd4459fd4f69bb4283cb4

diff --git a/sys-apps/systemd/files/239-debug-extra.patch b/sys-apps/systemd/files/239-debug-extra.patch
deleted file mode 100644
index 19db590257c..00000000000
--- a/sys-apps/systemd/files/239-debug-extra.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 8f6b442a78d0b485f044742ad90b2e8271b4e68e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Sun, 19 Aug 2018 19:11:30 +0200
-Subject: [PATCH] meson: rename -Ddebug to -Ddebug-extra
-
-Meson added -Doptimization and -Ddebug options, which obviously causes
-a conflict with our -Ddebug options. Let's rename it.
-
-Fixes #9883.
----
- meson.build       | 2 +-
- meson_options.txt | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/meson.build b/meson.build
-index f79ac4b12e7..2209c935ad6 100644
---- a/meson.build
-+++ b/meson.build
-@@ -763,7 +763,7 @@ substs.set('DEBUGTTY', get_option('debug-tty'))
- 
- enable_debug_hashmap = false
- enable_debug_mmap_cache = false
--foreach name : get_option('debug')
-+foreach name : get_option('debug-extra')
-         if name == 'hashmap'
-                 enable_debug_hashmap = true
-         elif name == 'mmap-cache'
-diff --git a/meson_options.txt b/meson_options.txt
-index e3140c8c110..7b1f61bf464 100644
---- a/meson_options.txt
-+++ b/meson_options.txt
-@@ -45,7 +45,7 @@ option('debug-shell', type : 'string', value : '/bin/sh',
-        description : 'path to debug shell binary')
- option('debug-tty', type : 'string', value : '/dev/tty9',
-        description : 'specify the tty device for debug shell')
--option('debug', type : 'array', choices : ['hashmap', 'mmap-cache'], value : [],
-+option('debug-extra', type : 'array', choices : ['hashmap', 'mmap-cache'], value : [],
-        description : 'enable extra debugging')
- option('memory-accounting-default', type : 'boolean',
-        description : 'enable MemoryAccounting= by default')

diff --git a/sys-apps/systemd/files/gentoo-generator-path.patch b/sys-apps/systemd/files/gentoo-generator-path.patch
deleted file mode 100644
index 6912b481f20..00000000000
--- a/sys-apps/systemd/files/gentoo-generator-path.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From d9287b10d714175521e3bcd6c53de4819b1357c5 Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Mon, 17 Jul 2017 11:21:25 -0400
-Subject: [PATCH 1/3] path-lookup: look for generators in
- {,/usr}/lib/systemd/system-generators
-
-Bug: https://bugs.gentoo.org/625402
----
- src/shared/path-lookup.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c
-index e2b3f8b74..1ee0e1cdb 100644
---- a/src/shared/path-lookup.c
-+++ b/src/shared/path-lookup.c
-@@ -821,6 +821,8 @@ char **generator_binary_paths(UnitFileScope scope) {
-                 return strv_new("/run/systemd/system-generators",
-                                 "/etc/systemd/system-generators",
-                                 "/usr/local/lib/systemd/system-generators",
-+                                "/usr/lib/systemd/system-generators",
-+                                "/lib/systemd/system-generators",
-                                 SYSTEM_GENERATOR_PATH,
-                                 NULL);
- 
--- 
-2.14.0
-

diff --git a/sys-apps/systemd/systemd-239-r4.ebuild b/sys-apps/systemd/systemd-239-r4.ebuild
deleted file mode 100644
index 2eae2f56767..00000000000
--- a/sys-apps/systemd/systemd-239-r4.ebuild
+++ /dev/null
@@ -1,449 +0,0 @@
-# Copyright 2011-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
-	inherit git-r3
-else
-	SRC_URI="https://github.com/systemd/systemd/archive/v${PV}/${P}.tar.gz
-		https://dev.gentoo.org/~floppym/dist/${P}-patches-2.tar.gz"
-	KEYWORDS="alpha amd64 arm arm64 ~hppa ia64 ~mips ppc ppc64 sparc x86"
-fi
-
-PYTHON_COMPAT=( python{3_5,3_6,3_7} )
-
-inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev user
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi http idn importd +kmod libidn2 +lz4 lzma nat pam pcre policykit qrcode +resolvconf +seccomp selinux +split-usr ssl +sysv-utils test vanilla xkb"
-
-REQUIRED_USE="importd? ( curl gcrypt lzma )"
-RESTRICT="!test? ( test )"
-
-MINKV="3.11"
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
-	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
-	!<sys-libs/glibc-2.16
-	acl? ( sys-apps/acl:0= )
-	apparmor? ( sys-libs/libapparmor:0= )
-	audit? ( >=sys-process/audit-2:0= )
-	cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
-	curl? ( net-misc/curl:0= )
-	elfutils? ( >=dev-libs/elfutils-0.158:0= )
-	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
-	http? (
-		>=net-libs/libmicrohttpd-0.9.33:0=
-		ssl? ( >=net-libs/gnutls-3.1.4:0= )
-	)
-	idn? (
-		libidn2? ( net-dns/libidn2:= )
-		!libidn2? ( net-dns/libidn:= )
-	)
-	importd? (
-		app-arch/bzip2:0=
-		sys-libs/zlib:0=
-	)
-	kmod? ( >=sys-apps/kmod-15:0= )
-	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
-	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
-	nat? ( net-firewall/iptables:0= )
-	pam? ( virtual/pam:=[${MULTILIB_USEDEP}] )
-	pcre? ( dev-libs/libpcre2 )
-	qrcode? ( media-gfx/qrencode:0= )
-	seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
-	selinux? ( sys-libs/libselinux:0= )
-	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
-	>=sys-apps/baselayout-2.2
-	selinux? ( sec-policy/selinux-base-policy[systemd] )
-	sysv-utils? ( !sys-apps/sysvinit )
-	!sysv-utils? ( sys-apps/sysvinit )
-	resolvconf? ( !net-dns/openresolv )
-	!build? ( || (
-		sys-apps/util-linux[kill(-)]
-		sys-process/procps[kill(+)]
-		sys-apps/coreutils[kill(-)]
-	) )
-	!sys-auth/nss-myhostname
-	!<sys-kernel/dracut-044
-	!sys-fs/eudev
-	!sys-fs/udev"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
-	>=sys-apps/hwids-20150417[udev]
-	>=sys-fs/udev-init-scripts-25
-	policykit? ( sys-auth/polkit )
-	!vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
-	app-arch/xz-utils:0
-	dev-util/gperf
-	>=dev-util/intltool-0.50
-	>=sys-apps/coreutils-8.16
-	>=sys-kernel/linux-headers-${MINKV}
-	virtual/pkgconfig[${MULTILIB_USEDEP}]
-	gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
-	test? ( sys-apps/dbus )
-	app-text/docbook-xml-dtd:4.2
-	app-text/docbook-xml-dtd:4.5
-	app-text/docbook-xsl-stylesheets
-	dev-libs/libxslt:0
-	$(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
-"
-
-pkg_pretend() {
-	if [[ ${MERGE_TYPE} != buildonly ]]; then
-		local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
-			~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
-			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
-			~TIMERFD ~TMPFS_XATTR ~UNIX
-			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
-			~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
-			~!SYSFS_DEPRECATED_V2"
-
-		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
-		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
-		kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
-		kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
-		kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
-
-		if linux_config_exists; then
-			local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
-			if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
-				ewarn "It's recommended to set an empty value to the following kernel config option:"
-				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
-			fi
-			if linux_chkconfig_present X86; then
-				CONFIG_CHECK+=" ~DMIID"
-			fi
-		fi
-
-		if kernel_is -lt ${MINKV//./ }; then
-			ewarn "Kernel version at least ${MINKV} required"
-		fi
-
-		check_extra_config
-	fi
-}
-
-pkg_setup() {
-	:
-}
-
-src_unpack() {
-	default
-	[[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
-	# Do NOT add patches here
-	local PATCHES=()
-
-	[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
-	# Add local patches here
-	PATCHES+=(
-		"${FILESDIR}"/239-debug-extra.patch
-		"${FILESDIR}"/CVE-2019-6454.patch
-	)
-
-	if ! use vanilla; then
-		PATCHES+=(
-			"${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
-			"${FILESDIR}/gentoo-systemd-user-pam.patch"
-			"${FILESDIR}/gentoo-uucp-group-r1.patch"
-			"${FILESDIR}/gentoo-generator-path.patch"
-		)
-	fi
-
-	default
-}
-
-src_configure() {
-	# Prevent conflicts with i686 cross toolchain, bug 559726
-	tc-export AR CC NM OBJCOPY RANLIB
-
-	python_setup
-
-	multilib-minimal_src_configure
-}
-
-meson_use() {
-	usex "$1" true false
-}
-
-meson_multilib() {
-	if multilib_is_native_abi; then
-		echo true
-	else
-		echo false
-	fi
-}
-
-meson_multilib_native_use() {
-	if multilib_is_native_abi && use "$1"; then
-		echo true
-	else
-		echo false
-	fi
-}
-
-multilib_src_configure() {
-	local myconf=(
-		--localstatedir="${EPREFIX}/var"
-		-Dpamlibdir="$(getpam_mod_dir)"
-		# avoid bash-completion dep
-		-Dbashcompletiondir="$(get_bashcompdir)"
-		# make sure we get /bin:/sbin in PATH
-		-Dsplit-usr=$(usex split-usr true false)
-		-Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
-		-Dsysvinit-path=
-		-Dsysvrcnd-path=
-		# Avoid infinite exec recursion, bug 642724
-		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
-		# no deps
-		-Defi=$(meson_multilib)
-		-Dima=true
-		# Optional components/dependencies
-		-Dacl=$(meson_multilib_native_use acl)
-		-Dapparmor=$(meson_multilib_native_use apparmor)
-		-Daudit=$(meson_multilib_native_use audit)
-		-Dlibcryptsetup=$(meson_multilib_native_use cryptsetup)
-		-Dlibcurl=$(meson_multilib_native_use curl)
-		-Delfutils=$(meson_multilib_native_use elfutils)
-		-Dgcrypt=$(meson_use gcrypt)
-		-Dgnu-efi=$(meson_multilib_native_use gnuefi)
-		-Defi-libdir="${EPREFIX}/usr/$(get_libdir)"
-		-Dmicrohttpd=$(meson_multilib_native_use http)
-		$(usex http -Dgnutls=$(meson_multilib_native_use ssl) -Dgnutls=false)
-		-Dimportd=$(meson_multilib_native_use importd)
-		-Dbzip2=$(meson_multilib_native_use importd)
-		-Dzlib=$(meson_multilib_native_use importd)
-		-Dkmod=$(meson_multilib_native_use kmod)
-		-Dlz4=$(meson_use lz4)
-		-Dxz=$(meson_use lzma)
-		-Dlibiptc=$(meson_multilib_native_use nat)
-		-Dpam=$(meson_use pam)
-		-Dpcre2=$(meson_multilib_native_use pcre)
-		-Dpolkit=$(meson_multilib_native_use policykit)
-		-Dqrencode=$(meson_multilib_native_use qrcode)
-		-Dseccomp=$(meson_multilib_native_use seccomp)
-		-Dselinux=$(meson_multilib_native_use selinux)
-		#-Dtests=$(meson_multilib_native_use test)
-		-Ddbus=$(meson_multilib_native_use test)
-		-Dxkbcommon=$(meson_multilib_native_use xkb)
-		# hardcode a few paths to spare some deps
-		-Dkill-path=/bin/kill
-		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
-		# Breaks screen, tmux, etc.
-		-Ddefault-kill-user-processes=false
-
-		# multilib options
-		-Dbacklight=$(meson_multilib)
-		-Dbinfmt=$(meson_multilib)
-		-Dcoredump=$(meson_multilib)
-		-Denvironment-d=$(meson_multilib)
-		-Dfirstboot=$(meson_multilib)
-		-Dhibernate=$(meson_multilib)
-		-Dhostnamed=$(meson_multilib)
-		-Dhwdb=$(meson_multilib)
-		-Dldconfig=$(meson_multilib)
-		-Dlocaled=$(meson_multilib)
-		-Dman=$(meson_multilib)
-		-Dnetworkd=$(meson_multilib)
-		-Dquotacheck=$(meson_multilib)
-		-Drandomseed=$(meson_multilib)
-		-Drfkill=$(meson_multilib)
-		-Dsysusers=$(meson_multilib)
-		-Dtimedated=$(meson_multilib)
-		-Dtimesyncd=$(meson_multilib)
-		-Dtmpfiles=$(meson_multilib)
-		-Dvconsole=$(meson_multilib)
-	)
-
-	if multilib_is_native_abi && use idn; then
-		myconf+=(
-			-Dlibidn2=$(usex libidn2 true false)
-			-Dlibidn=$(usex libidn2 false true)
-		)
-	else
-		myconf+=(
-			-Dlibidn2=false
-			-Dlibidn=false
-		)
-	fi
-
-	meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_compile() {
-	eninja
-}
-
-multilib_src_test() {
-	unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
-	eninja test
-}
-
-multilib_src_install() {
-	DESTDIR="${D}" eninja install
-}
-
-multilib_src_install_all() {
-	local rootprefix=$(usex split-usr '' /usr)
-
-	# meson doesn't know about docdir
-	mv "${ED%/}"/usr/share/doc/{systemd,${PF}} || die
-
-	einstalldocs
-	dodoc "${FILESDIR}"/nsswitch.conf
-
-	if ! use resolvconf; then
-		rm -f "${ED%/}${rootprefix}"/sbin/resolvconf || die
-	fi
-
-	if ! use sysv-utils; then
-		rm "${ED%/}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
-		rm "${ED%/}"/usr/share/man/man1/init.1 || die
-		rm "${ED%/}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
-	fi
-
-	if ! use resolvconf && ! use sysv-utils; then
-		rmdir "${ED%/}${rootprefix}"/sbin || die
-	fi
-
-	# Preserve empty dirs in /etc & /var, bug #437008
-	keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
-	keepdir /etc/systemd/{ntp-units.d,user} /var/lib/systemd
-	keepdir /etc/udev/{hwdb.d,rules.d}
-	keepdir /var/log/journal/remote
-
-	# Symlink /etc/sysctl.conf for easy migration.
-	dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
-
-	# If we install these symlinks, there is no way for the sysadmin to remove them
-	# permanently.
-	rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
-	rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.network1.service || die
-	rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
-	rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.resolve1.service || die
-	rm -fr "${ED%/}"/etc/systemd/system/network-online.target.wants || die
-	rm -fr "${ED%/}"/etc/systemd/system/sockets.target.wants || die
-	rm -fr "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
-
-	local udevdir=/lib/udev
-	use split-usr || udevdir=/usr/lib/udev
-
-	rm -r "${ED%/}${udevdir}/hwdb.d" || die
-
-	if use split-usr; then
-		# Avoid breaking boot/reboot
-		dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
-		dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
-	fi
-}
-
-migrate_locale() {
-	local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
-	local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
-	local locale_conf="${EROOT%/}/etc/locale.conf"
-
-	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
-		# If locale.conf does not exist...
-		if [[ -e ${envd_locale} ]]; then
-			# ...either copy env.d/??locale if there's one
-			ebegin "Moving ${envd_locale} to ${locale_conf}"
-			mv "${envd_locale}" "${locale_conf}"
-			eend ${?} || FAIL=1
-		else
-			# ...or create a dummy default
-			ebegin "Creating ${locale_conf}"
-			cat > "${locale_conf}" <<-EOF
-				# This file has been created by the sys-apps/systemd ebuild.
-				# See locale.conf(5) and localectl(1).
-
-				# LANG=${LANG}
-			EOF
-			eend ${?} || FAIL=1
-		fi
-	fi
-
-	if [[ ! -L ${envd_locale} ]]; then
-		# now, if env.d/??locale is not a symlink (to locale.conf)...
-		if [[ -e ${envd_locale} ]]; then
-			# ...warn the user that he has duplicate locale settings
-			ewarn
-			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
-			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
-			ewarn "and create the symlink with the following command:"
-			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
-			ewarn
-		else
-			# ...or just create the symlink if there's nothing here
-			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
-			ln -n -s ../locale.conf "${envd_locale_def}"
-			eend ${?} || FAIL=1
-		fi
-	fi
-}
-
-pkg_postinst() {
-	newusergroup() {
-		enewgroup "$1"
-		enewuser "$1" -1 -1 -1 "$1"
-	}
-
-	enewgroup input
-	enewgroup kvm 78
-	enewgroup render
-	enewgroup systemd-journal
-	newusergroup systemd-bus-proxy
-	newusergroup systemd-coredump
-	newusergroup systemd-journal-gateway
-	newusergroup systemd-journal-remote
-	newusergroup systemd-journal-upload
-	newusergroup systemd-network
-	newusergroup systemd-resolve
-	newusergroup systemd-timesync
-
-	systemd_update_catalog
-
-	# Keep this here in case the database format changes so it gets updated
-	# when required. Despite that this file is owned by sys-apps/hwids.
-	if has_version "sys-apps/hwids[udev]"; then
-		udevadm hwdb --update --root="${EROOT%/}"
-	fi
-
-	udev_reload || FAIL=1
-
-	# Bug 465468, make sure locales are respect, and ensure consistency
-	# between OpenRC & systemd
-	migrate_locale
-
-	systemd_reenable systemd-networkd.service systemd-resolved.service
-
-	if [[ ${FAIL} ]]; then
-		eerror "One of the postinst commands failed. Please check the postinst output"
-		eerror "for errors. You may need to clean up your system and/or try installing"
-		eerror "systemd again."
-		eerror
-	fi
-}
-
-pkg_prerm() {
-	# If removing systemd completely, remove the catalog database.
-	if [[ ! ${REPLACED_BY_VERSION} ]]; then
-		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
-	fi
-}

diff --git a/sys-apps/systemd/systemd-242-r1.ebuild b/sys-apps/systemd/systemd-242-r1.ebuild
deleted file mode 100644
index a2626727385..00000000000
--- a/sys-apps/systemd/systemd-242-r1.ebuild
+++ /dev/null
@@ -1,491 +0,0 @@
-# Copyright 2011-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
-	inherit git-r3
-else
-	MY_PV=${PV/_/-}
-	MY_P=${PN}-${MY_PV}
-	S=${WORKDIR}/${MY_P}
-	SRC_URI="https://github.com/systemd/systemd/archive/v${MY_PV}/${MY_P}.tar.gz"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
-fi
-
-PYTHON_COMPAT=( python{3_5,3_6,3_7} )
-
-inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev user
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit build cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi gnutls http idn importd +kmod libidn2 +lz4 lzma nat pam pcre policykit qrcode +resolvconf +seccomp selinux +split-usr +sysv-utils test vanilla xkb"
-
-REQUIRED_USE="importd? ( curl gcrypt lzma )"
-RESTRICT="!test? ( test )"
-
-MINKV="3.11"
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
-	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
-	!<sys-libs/glibc-2.16
-	acl? ( sys-apps/acl:0= )
-	apparmor? ( sys-libs/libapparmor:0= )
-	audit? ( >=sys-process/audit-2:0= )
-	cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
-	curl? ( net-misc/curl:0= )
-	dns-over-tls? (
-		gnutls? ( >=net-libs/gnutls-3.5.3:0= )
-		!gnutls? ( >=dev-libs/openssl-1.1.0:0= )
-	)
-	elfutils? ( >=dev-libs/elfutils-0.158:0= )
-	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
-	http? (
-		>=net-libs/libmicrohttpd-0.9.33:0=
-		gnutls? ( >=net-libs/gnutls-3.1.4:0= )
-	)
-	idn? (
-		libidn2? ( net-dns/libidn2:= )
-		!libidn2? ( net-dns/libidn:= )
-	)
-	importd? (
-		app-arch/bzip2:0=
-		sys-libs/zlib:0=
-	)
-	kmod? ( >=sys-apps/kmod-15:0= )
-	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
-	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
-	nat? ( net-firewall/iptables:0= )
-	pam? ( virtual/pam:=[${MULTILIB_USEDEP}] )
-	pcre? ( dev-libs/libpcre2 )
-	qrcode? ( media-gfx/qrencode:0= )
-	seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
-	selinux? ( sys-libs/libselinux:0= )
-	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
-	>=sys-apps/baselayout-2.2
-	selinux? ( sec-policy/selinux-base-policy[systemd] )
-	sysv-utils? ( !sys-apps/sysvinit )
-	!sysv-utils? ( sys-apps/sysvinit )
-	resolvconf? ( !net-dns/openresolv )
-	!build? ( || (
-		sys-apps/util-linux[kill(-)]
-		sys-process/procps[kill(+)]
-		sys-apps/coreutils[kill(-)]
-	) )
-	!sys-auth/nss-myhostname
-	!<sys-kernel/dracut-044
-	!sys-fs/eudev
-	!sys-fs/udev"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
-	>=sys-apps/hwids-20150417[udev]
-	>=sys-fs/udev-init-scripts-25
-	policykit? ( sys-auth/polkit )
-	!vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="
-	>=sys-kernel/linux-headers-${MINKV}
-	gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
-"
-
-BDEPEND="
-	app-arch/xz-utils:0
-	dev-util/gperf
-	>=dev-util/meson-0.46
-	>=dev-util/intltool-0.50
-	>=sys-apps/coreutils-8.16
-	sys-devel/m4
-	virtual/pkgconfig[${MULTILIB_USEDEP}]
-	test? ( sys-apps/dbus )
-	app-text/docbook-xml-dtd:4.2
-	app-text/docbook-xml-dtd:4.5
-	app-text/docbook-xsl-stylesheets
-	dev-libs/libxslt:0
-	$(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
-"
-
-pkg_pretend() {
-	if [[ ${MERGE_TYPE} != buildonly ]]; then
-		if use test && has pid-sandbox ${FEATURES}; then
-			ewarn "Tests are known to fail with PID sandboxing enabled."
-			ewarn "See https://bugs.gentoo.org/674458."
-		fi
-
-		local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
-			~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
-			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
-			~TIMERFD ~TMPFS_XATTR ~UNIX
-			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
-			~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
-			~!SYSFS_DEPRECATED_V2"
-
-		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
-		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
-		kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
-		kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
-		kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
-
-		if linux_config_exists; then
-			local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
-			if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
-				ewarn "It's recommended to set an empty value to the following kernel config option:"
-				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
-			fi
-			if linux_chkconfig_present X86; then
-				CONFIG_CHECK+=" ~DMIID"
-			fi
-		fi
-
-		if kernel_is -lt ${MINKV//./ }; then
-			ewarn "Kernel version at least ${MINKV} required"
-		fi
-
-		check_extra_config
-	fi
-}
-
-pkg_setup() {
-	:
-}
-
-src_unpack() {
-	default
-	[[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
-	# Do NOT add patches here
-	local PATCHES=()
-
-	[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
-	# Add local patches here
-	PATCHES+=(
-		"${FILESDIR}"/242-gcc-9.patch
-		"${FILESDIR}"/242-socket-util-flush-accept.patch
-	)
-
-	if ! use vanilla; then
-		PATCHES+=(
-			"${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
-			"${FILESDIR}/gentoo-systemd-user-pam.patch"
-			"${FILESDIR}/gentoo-uucp-group-r1.patch"
-			"${FILESDIR}/gentoo-generator-path-r1.patch"
-		)
-	fi
-
-	default
-}
-
-src_configure() {
-	# Prevent conflicts with i686 cross toolchain, bug 559726
-	tc-export AR CC NM OBJCOPY RANLIB
-
-	python_setup
-
-	multilib-minimal_src_configure
-}
-
-meson_use() {
-	usex "$1" true false
-}
-
-meson_multilib() {
-	if multilib_is_native_abi; then
-		echo true
-	else
-		echo false
-	fi
-}
-
-meson_multilib_native_use() {
-	if multilib_is_native_abi && use "$1"; then
-		echo true
-	else
-		echo false
-	fi
-}
-
-multilib_src_configure() {
-	local myconf=(
-		--localstatedir="${EPREFIX}/var"
-		-Dpamlibdir="$(getpam_mod_dir)"
-		# avoid bash-completion dep
-		-Dbashcompletiondir="$(get_bashcompdir)"
-		# make sure we get /bin:/sbin in PATH
-		-Dsplit-usr=$(usex split-usr true false)
-		-Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
-		-Dsysvinit-path=
-		-Dsysvrcnd-path=
-		# Avoid infinite exec recursion, bug 642724
-		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
-		# no deps
-		-Defi=$(meson_multilib)
-		-Dima=true
-		# Optional components/dependencies
-		-Dacl=$(meson_multilib_native_use acl)
-		-Dapparmor=$(meson_multilib_native_use apparmor)
-		-Daudit=$(meson_multilib_native_use audit)
-		-Dlibcryptsetup=$(meson_multilib_native_use cryptsetup)
-		-Dlibcurl=$(meson_multilib_native_use curl)
-		-Delfutils=$(meson_multilib_native_use elfutils)
-		-Dgcrypt=$(meson_use gcrypt)
-		-Dgnu-efi=$(meson_multilib_native_use gnuefi)
-		-Dgnutls=$(meson_multilib_native_use gnutls)
-		-Defi-libdir="${EPREFIX}/usr/$(get_libdir)"
-		-Dmicrohttpd=$(meson_multilib_native_use http)
-		-Dimportd=$(meson_multilib_native_use importd)
-		-Dbzip2=$(meson_multilib_native_use importd)
-		-Dzlib=$(meson_multilib_native_use importd)
-		-Dkmod=$(meson_multilib_native_use kmod)
-		-Dlz4=$(meson_use lz4)
-		-Dxz=$(meson_use lzma)
-		-Dlibiptc=$(meson_multilib_native_use nat)
-		-Dpam=$(meson_use pam)
-		-Dpcre2=$(meson_multilib_native_use pcre)
-		-Dpolkit=$(meson_multilib_native_use policykit)
-		-Dqrencode=$(meson_multilib_native_use qrcode)
-		-Dseccomp=$(meson_multilib_native_use seccomp)
-		-Dselinux=$(meson_multilib_native_use selinux)
-		-Ddbus=$(meson_multilib_native_use test)
-		-Dxkbcommon=$(meson_multilib_native_use xkb)
-		# hardcode a few paths to spare some deps
-		-Dkill-path=/bin/kill
-		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
-		# Breaks screen, tmux, etc.
-		-Ddefault-kill-user-processes=false
-
-		# multilib options
-		-Dbacklight=$(meson_multilib)
-		-Dbinfmt=$(meson_multilib)
-		-Dcoredump=$(meson_multilib)
-		-Denvironment-d=$(meson_multilib)
-		-Dfirstboot=$(meson_multilib)
-		-Dhibernate=$(meson_multilib)
-		-Dhostnamed=$(meson_multilib)
-		-Dhwdb=$(meson_multilib)
-		-Dldconfig=$(meson_multilib)
-		-Dlocaled=$(meson_multilib)
-		-Dman=$(meson_multilib)
-		-Dnetworkd=$(meson_multilib)
-		-Dquotacheck=$(meson_multilib)
-		-Drandomseed=$(meson_multilib)
-		-Drfkill=$(meson_multilib)
-		-Dsysusers=$(meson_multilib)
-		-Dtimedated=$(meson_multilib)
-		-Dtimesyncd=$(meson_multilib)
-		-Dtmpfiles=$(meson_multilib)
-		-Dvconsole=$(meson_multilib)
-	)
-
-	if multilib_is_native_abi && use idn; then
-		myconf+=(
-			-Dlibidn2=$(usex libidn2 true false)
-			-Dlibidn=$(usex libidn2 false true)
-		)
-	else
-		myconf+=(
-			-Dlibidn2=false
-			-Dlibidn=false
-		)
-	fi
-
-	if multilib_is_native_abi && use dns-over-tls; then
-		myconf+=(
-			-Ddns-over-tls=true
-			-Dopenssl=$(usex !gnutls true false)
-		)
-	else
-		myconf+=( -Ddns-over-tls=false -Dopenssl=false )
-	fi
-
-	meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_compile() {
-	eninja
-}
-
-multilib_src_test() {
-	unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
-	eninja test
-}
-
-multilib_src_install() {
-	DESTDIR="${D}" eninja install
-}
-
-multilib_src_install_all() {
-	local rootprefix=$(usex split-usr '' /usr)
-
-	# meson doesn't know about docdir
-	mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
-
-	einstalldocs
-	dodoc "${FILESDIR}"/nsswitch.conf
-
-	if ! use resolvconf; then
-		rm -f "${ED}${rootprefix}"/sbin/resolvconf || die
-	fi
-
-	if ! use sysv-utils; then
-		rm "${ED}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
-		rm "${ED}"/usr/share/man/man1/init.1 || die
-		rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
-	fi
-
-	if ! use resolvconf && ! use sysv-utils; then
-		rmdir "${ED}${rootprefix}"/sbin || die
-	fi
-
-	# Preserve empty dirs in /etc & /var, bug #437008
-	keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
-	keepdir /etc/systemd/{ntp-units.d,user} /var/lib/systemd
-	keepdir /etc/udev/{hwdb.d,rules.d}
-	keepdir /var/log/journal/remote
-
-	# Symlink /etc/sysctl.conf for easy migration.
-	dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
-
-	local udevdir=/lib/udev
-	use split-usr || udevdir=/usr/lib/udev
-
-	rm -r "${ED}${udevdir}/hwdb.d" || die
-
-	if use split-usr; then
-		# Avoid breaking boot/reboot
-		dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
-		dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
-	fi
-}
-
-migrate_locale() {
-	local envd_locale_def="${EROOT}/etc/env.d/02locale"
-	local envd_locale=( "${EROOT}"/etc/env.d/??locale )
-	local locale_conf="${EROOT}/etc/locale.conf"
-
-	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
-		# If locale.conf does not exist...
-		if [[ -e ${envd_locale} ]]; then
-			# ...either copy env.d/??locale if there's one
-			ebegin "Moving ${envd_locale} to ${locale_conf}"
-			mv "${envd_locale}" "${locale_conf}"
-			eend ${?} || FAIL=1
-		else
-			# ...or create a dummy default
-			ebegin "Creating ${locale_conf}"
-			cat > "${locale_conf}" <<-EOF
-				# This file has been created by the sys-apps/systemd ebuild.
-				# See locale.conf(5) and localectl(1).
-
-				# LANG=${LANG}
-			EOF
-			eend ${?} || FAIL=1
-		fi
-	fi
-
-	if [[ ! -L ${envd_locale} ]]; then
-		# now, if env.d/??locale is not a symlink (to locale.conf)...
-		if [[ -e ${envd_locale} ]]; then
-			# ...warn the user that he has duplicate locale settings
-			ewarn
-			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
-			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
-			ewarn "and create the symlink with the following command:"
-			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
-			ewarn
-		else
-			# ...or just create the symlink if there's nothing here
-			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
-			ln -n -s ../locale.conf "${envd_locale_def}"
-			eend ${?} || FAIL=1
-		fi
-	fi
-}
-
-save_enabled_units() {
-	ENABLED_UNITS=()
-	type systemctl &>/dev/null || return
-	for x; do
-		if systemctl --quiet --root="${ROOT:-/}" is-enabled "${x}"; then
-			ENABLED_UNITS+=( "${x}" )
-		fi
-	done
-}
-
-pkg_preinst() {
-	save_enabled_units {machines,remote-{cryptsetup,fs}}.target getty@tty1.service
-}
-
-pkg_postinst() {
-	newusergroup() {
-		enewgroup "$1"
-		enewuser "$1" -1 -1 -1 "$1"
-	}
-
-	enewgroup input
-	enewgroup kvm 78
-	enewgroup render
-	enewgroup systemd-journal
-	newusergroup systemd-bus-proxy
-	newusergroup systemd-coredump
-	newusergroup systemd-journal-gateway
-	newusergroup systemd-journal-remote
-	newusergroup systemd-journal-upload
-	newusergroup systemd-network
-	newusergroup systemd-resolve
-	newusergroup systemd-timesync
-
-	systemd_update_catalog
-
-	# Keep this here in case the database format changes so it gets updated
-	# when required. Despite that this file is owned by sys-apps/hwids.
-	if has_version "sys-apps/hwids[udev]"; then
-		udevadm hwdb --update --root="${EROOT}"
-	fi
-
-	udev_reload || FAIL=1
-
-	# Bug 465468, make sure locales are respect, and ensure consistency
-	# between OpenRC & systemd
-	migrate_locale
-
-	systemd_reenable systemd-networkd.service systemd-resolved.service
-
-	if [[ ${ENABLED_UNITS[@]} ]]; then
-		systemctl --root="${ROOT:-/}" enable "${ENABLED_UNITS[@]}"
-	fi
-
-	if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
-		rm "${EROOT}/var/lib/systemd/timesync"
-	fi
-
-	if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
-		ebegin "Reexecuting system manager"
-		systemctl daemon-reexec
-		eend $?
-	fi
-
-	if [[ ${FAIL} ]]; then
-		eerror "One of the postinst commands failed. Please check the postinst output"
-		eerror "for errors. You may need to clean up your system and/or try installing"
-		eerror "systemd again."
-		eerror
-	fi
-}
-
-pkg_prerm() {
-	# If removing systemd completely, remove the catalog database.
-	if [[ ! ${REPLACED_BY_VERSION} ]]; then
-		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
-	fi
-}


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2019-02-18 23:32 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2019-02-18 23:32 UTC (permalink / raw
  To: gentoo-commits

commit:     b8fdbe1769429ab4e0310916f85275f7a4e5b74e
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Feb 18 23:31:19 2019 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Feb 18 23:31:56 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b8fdbe17

sys-apps/systemd: apply fix for CVE-2019-6454 to 239

Bug: https://bugs.gentoo.org/677944
Package-Manager: Portage-2.3.59_p2, Repoman-2.3.12_p67
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 sys-apps/systemd/files/CVE-2019-6454.patch | 198 +++++++++++++
 sys-apps/systemd/systemd-239-r4.ebuild     | 449 +++++++++++++++++++++++++++++
 2 files changed, 647 insertions(+)

diff --git a/sys-apps/systemd/files/CVE-2019-6454.patch b/sys-apps/systemd/files/CVE-2019-6454.patch
new file mode 100644
index 00000000000..97b7d635e7d
--- /dev/null
+++ b/sys-apps/systemd/files/CVE-2019-6454.patch
@@ -0,0 +1,198 @@
+--- a/src/libsystemd/sd-bus/bus-internal.c
++++ b/src/libsystemd/sd-bus/bus-internal.c
+@@ -45,7 +45,7 @@
+         if (slash)
+                 return false;
+
+-        return true;
++        return (q - p) <= BUS_PATH_SIZE_MAX;
+ }
+
+ char* object_path_startswith(const char *a, const char *b) {
+--- a/src/libsystemd/sd-bus/bus-internal.h
++++ b/src/libsystemd/sd-bus/bus-internal.h
+@@ -333,6 +333,10 @@
+
+ #define BUS_MESSAGE_SIZE_MAX (128*1024*1024)
+ #define BUS_AUTH_SIZE_MAX (64*1024)
++/* Note that the D-Bus specification states that bus paths shall have no size limit. We enforce here one
++ * anyway, since truly unbounded strings are a security problem. The limit we pick is relatively large however,
++ * to not clash unnecessarily with real-life applications. */
++#define BUS_PATH_SIZE_MAX (64*1024)
+
+ #define BUS_CONTAINER_DEPTH 128
+
+--- a/src/libsystemd/sd-bus/bus-objects.c
++++ b/src/libsystemd/sd-bus/bus-objects.c
+@@ -1134,7 +1134,8 @@
+                 const char *path,
+                 sd_bus_error *error) {
+
+-        char *prefix;
++        _cleanup_free_ char *prefix = NULL;
++        size_t pl;
+         int r;
+
+         assert(bus);
+@@ -1150,7 +1151,12 @@
+                 return 0;
+
+         /* Second, add fallback vtables registered for any of the prefixes */
+-        prefix = alloca(strlen(path) + 1);
++        pl = strlen(path);
++        assert(pl <= BUS_PATH_SIZE_MAX);
++        prefix = new(char, pl + 1);
++        if (!prefix)
++                return -ENOMEM;
++
+         OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+                 r = object_manager_serialize_path(bus, reply, prefix, path, true, error);
+                 if (r < 0)
+@@ -1346,6 +1352,7 @@
+ }
+
+ int bus_process_object(sd_bus *bus, sd_bus_message *m) {
++        _cleanup_free_ char *prefix = NULL;
+         int r;
+         size_t pl;
+         bool found_object = false;
+@@ -1370,9 +1377,12 @@
+         assert(m->member);
+
+         pl = strlen(m->path);
+-        do {
+-                char prefix[pl+1];
++        assert(pl <= BUS_PATH_SIZE_MAX);
++        prefix = new(char, pl + 1);
++        if (!prefix)
++                return -ENOMEM;
+
++        do {
+                 bus->nodes_modified = false;
+
+                 r = object_find_and_run(bus, m, m->path, false, &found_object);
+@@ -1499,9 +1509,15 @@
+
+         n = hashmap_get(bus->nodes, path);
+         if (!n) {
+-                char *prefix;
++                _cleanup_free_ char *prefix = NULL;
++                size_t pl;
++
++                pl = strlen(path);
++                assert(pl <= BUS_PATH_SIZE_MAX);
++                prefix = new(char, pl + 1);
++                if (!prefix)
++                        return -ENOMEM;
+
+-                prefix = alloca(strlen(path) + 1);
+                 OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+                         n = hashmap_get(bus->nodes, prefix);
+                         if (n)
+@@ -2091,8 +2107,9 @@
+                 char **names) {
+
+         BUS_DONT_DESTROY(bus);
++        _cleanup_free_ char *prefix = NULL;
+         bool found_interface = false;
+-        char *prefix;
++        size_t pl;
+         int r;
+
+         assert_return(bus, -EINVAL);
+@@ -2111,6 +2128,12 @@
+         if (names && names[0] == NULL)
+                 return 0;
+
++        pl = strlen(path);
++        assert(pl <= BUS_PATH_SIZE_MAX);
++        prefix = new(char, pl + 1);
++        if (!prefix)
++                return -ENOMEM;
++
+         do {
+                 bus->nodes_modified = false;
+
+@@ -2120,7 +2143,6 @@
+                 if (bus->nodes_modified)
+                         continue;
+
+-                prefix = alloca(strlen(path) + 1);
+                 OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+                         r = emit_properties_changed_on_interface(bus, prefix, path, interface, true, &found_interface, names);
+                         if (r != 0)
+@@ -2252,7 +2274,8 @@
+
+ static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *path) {
+         _cleanup_set_free_ Set *s = NULL;
+-        char *prefix;
++        _cleanup_free_ char *prefix = NULL;
++        size_t pl;
+         int r;
+
+         assert(bus);
+@@ -2297,7 +2320,12 @@
+         if (bus->nodes_modified)
+                 return 0;
+
+-        prefix = alloca(strlen(path) + 1);
++        pl = strlen(path);
++        assert(pl <= BUS_PATH_SIZE_MAX);
++        prefix = new(char, pl + 1);
++        if (!prefix)
++                return -ENOMEM;
++
+         OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+                 r = object_added_append_all_prefix(bus, m, s, prefix, path, true);
+                 if (r < 0)
+@@ -2436,7 +2464,8 @@
+
+ static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char *path) {
+         _cleanup_set_free_ Set *s = NULL;
+-        char *prefix;
++        _cleanup_free_ char *prefix = NULL;
++        size_t pl;
+         int r;
+
+         assert(bus);
+@@ -2468,7 +2497,12 @@
+         if (bus->nodes_modified)
+                 return 0;
+
+-        prefix = alloca(strlen(path) + 1);
++        pl = strlen(path);
++        assert(pl <= BUS_PATH_SIZE_MAX);
++        prefix = new(char, pl + 1);
++        if (!prefix)
++                return -ENOMEM;
++
+         OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+                 r = object_removed_append_all_prefix(bus, m, s, prefix, path, true);
+                 if (r < 0)
+@@ -2618,7 +2652,8 @@
+                 const char *path,
+                 const char *interface) {
+
+-        char *prefix;
++        _cleanup_free_ char *prefix = NULL;
++        size_t pl;
+         int r;
+
+         assert(bus);
+@@ -2632,7 +2667,12 @@
+         if (bus->nodes_modified)
+                 return 0;
+
+-        prefix = alloca(strlen(path) + 1);
++        pl = strlen(path);
++        assert(pl <= BUS_PATH_SIZE_MAX);
++        prefix = new(char, pl + 1);
++        if (!prefix)
++                return -ENOMEM;
++
+         OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+                 r = interfaces_added_append_one_prefix(bus, m, prefix, path, interface, true);
+                 if (r != 0)
+
+
+

diff --git a/sys-apps/systemd/systemd-239-r4.ebuild b/sys-apps/systemd/systemd-239-r4.ebuild
new file mode 100644
index 00000000000..c44ada3fd2e
--- /dev/null
+++ b/sys-apps/systemd/systemd-239-r4.ebuild
@@ -0,0 +1,449 @@
+# Copyright 2011-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+if [[ ${PV} == 9999 ]]; then
+	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+	inherit git-r3
+else
+	SRC_URI="https://github.com/systemd/systemd/archive/v${PV}/${P}.tar.gz
+		https://dev.gentoo.org/~floppym/dist/${P}-patches-2.tar.gz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+fi
+
+PYTHON_COMPAT=( python{3_4,3_5,3_6,3_7} )
+
+inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev user
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi http idn importd +kmod libidn2 +lz4 lzma nat pam pcre policykit qrcode +resolvconf +seccomp selinux +split-usr ssl +sysv-utils test vanilla xkb"
+
+REQUIRED_USE="importd? ( curl gcrypt lzma )"
+RESTRICT="!test? ( test )"
+
+MINKV="3.11"
+
+COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+	!<sys-libs/glibc-2.16
+	acl? ( sys-apps/acl:0= )
+	apparmor? ( sys-libs/libapparmor:0= )
+	audit? ( >=sys-process/audit-2:0= )
+	cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
+	curl? ( net-misc/curl:0= )
+	elfutils? ( >=dev-libs/elfutils-0.158:0= )
+	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+	http? (
+		>=net-libs/libmicrohttpd-0.9.33:0=
+		ssl? ( >=net-libs/gnutls-3.1.4:0= )
+	)
+	idn? (
+		libidn2? ( net-dns/libidn2:= )
+		!libidn2? ( net-dns/libidn:= )
+	)
+	importd? (
+		app-arch/bzip2:0=
+		sys-libs/zlib:0=
+	)
+	kmod? ( >=sys-apps/kmod-15:0= )
+	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+	nat? ( net-firewall/iptables:0= )
+	pam? ( virtual/pam:=[${MULTILIB_USEDEP}] )
+	pcre? ( dev-libs/libpcre2 )
+	qrcode? ( media-gfx/qrencode:0= )
+	seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+	selinux? ( sys-libs/libselinux:0= )
+	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )"
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+	>=sys-apps/baselayout-2.2
+	selinux? ( sec-policy/selinux-base-policy[systemd] )
+	sysv-utils? ( !sys-apps/sysvinit )
+	!sysv-utils? ( sys-apps/sysvinit )
+	resolvconf? ( !net-dns/openresolv )
+	!build? ( || (
+		sys-apps/util-linux[kill(-)]
+		sys-process/procps[kill(+)]
+		sys-apps/coreutils[kill(-)]
+	) )
+	!sys-auth/nss-myhostname
+	!<sys-kernel/dracut-044
+	!sys-fs/eudev
+	!sys-fs/udev"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+	>=sys-apps/hwids-20150417[udev]
+	>=sys-fs/udev-init-scripts-25
+	policykit? ( sys-auth/polkit )
+	!vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+	app-arch/xz-utils:0
+	dev-util/gperf
+	>=dev-util/intltool-0.50
+	>=sys-apps/coreutils-8.16
+	>=sys-kernel/linux-headers-${MINKV}
+	virtual/pkgconfig[${MULTILIB_USEDEP}]
+	gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
+	test? ( sys-apps/dbus )
+	app-text/docbook-xml-dtd:4.2
+	app-text/docbook-xml-dtd:4.5
+	app-text/docbook-xsl-stylesheets
+	dev-libs/libxslt:0
+	$(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
+"
+
+pkg_pretend() {
+	if [[ ${MERGE_TYPE} != buildonly ]]; then
+		local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
+			~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+			~TIMERFD ~TMPFS_XATTR ~UNIX
+			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+			~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+			~!SYSFS_DEPRECATED_V2"
+
+		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+		kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
+		kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
+		kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
+
+		if linux_config_exists; then
+			local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+			if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+				ewarn "It's recommended to set an empty value to the following kernel config option:"
+				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+			fi
+			if linux_chkconfig_present X86; then
+				CONFIG_CHECK+=" ~DMIID"
+			fi
+		fi
+
+		if kernel_is -lt ${MINKV//./ }; then
+			ewarn "Kernel version at least ${MINKV} required"
+		fi
+
+		check_extra_config
+	fi
+}
+
+pkg_setup() {
+	:
+}
+
+src_unpack() {
+	default
+	[[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+	# Do NOT add patches here
+	local PATCHES=()
+
+	[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
+
+	# Add local patches here
+	PATCHES+=(
+		"${FILESDIR}"/239-debug-extra.patch
+		"${FILESDIR}"/CVE-2019-6454.patch
+	)
+
+	if ! use vanilla; then
+		PATCHES+=(
+			"${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
+			"${FILESDIR}/gentoo-systemd-user-pam.patch"
+			"${FILESDIR}/gentoo-uucp-group-r1.patch"
+			"${FILESDIR}/gentoo-generator-path.patch"
+		)
+	fi
+
+	default
+}
+
+src_configure() {
+	# Prevent conflicts with i686 cross toolchain, bug 559726
+	tc-export AR CC NM OBJCOPY RANLIB
+
+	python_setup
+
+	multilib-minimal_src_configure
+}
+
+meson_use() {
+	usex "$1" true false
+}
+
+meson_multilib() {
+	if multilib_is_native_abi; then
+		echo true
+	else
+		echo false
+	fi
+}
+
+meson_multilib_native_use() {
+	if multilib_is_native_abi && use "$1"; then
+		echo true
+	else
+		echo false
+	fi
+}
+
+multilib_src_configure() {
+	local myconf=(
+		--localstatedir="${EPREFIX}/var"
+		-Dpamlibdir="$(getpam_mod_dir)"
+		# avoid bash-completion dep
+		-Dbashcompletiondir="$(get_bashcompdir)"
+		# make sure we get /bin:/sbin in PATH
+		-Dsplit-usr=$(usex split-usr true false)
+		-Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
+		-Dsysvinit-path=
+		-Dsysvrcnd-path=
+		# Avoid infinite exec recursion, bug 642724
+		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+		# no deps
+		-Defi=$(meson_multilib)
+		-Dima=true
+		# Optional components/dependencies
+		-Dacl=$(meson_multilib_native_use acl)
+		-Dapparmor=$(meson_multilib_native_use apparmor)
+		-Daudit=$(meson_multilib_native_use audit)
+		-Dlibcryptsetup=$(meson_multilib_native_use cryptsetup)
+		-Dlibcurl=$(meson_multilib_native_use curl)
+		-Delfutils=$(meson_multilib_native_use elfutils)
+		-Dgcrypt=$(meson_use gcrypt)
+		-Dgnu-efi=$(meson_multilib_native_use gnuefi)
+		-Defi-libdir="${EPREFIX}/usr/$(get_libdir)"
+		-Dmicrohttpd=$(meson_multilib_native_use http)
+		$(usex http -Dgnutls=$(meson_multilib_native_use ssl) -Dgnutls=false)
+		-Dimportd=$(meson_multilib_native_use importd)
+		-Dbzip2=$(meson_multilib_native_use importd)
+		-Dzlib=$(meson_multilib_native_use importd)
+		-Dkmod=$(meson_multilib_native_use kmod)
+		-Dlz4=$(meson_use lz4)
+		-Dxz=$(meson_use lzma)
+		-Dlibiptc=$(meson_multilib_native_use nat)
+		-Dpam=$(meson_use pam)
+		-Dpcre2=$(meson_multilib_native_use pcre)
+		-Dpolkit=$(meson_multilib_native_use policykit)
+		-Dqrencode=$(meson_multilib_native_use qrcode)
+		-Dseccomp=$(meson_multilib_native_use seccomp)
+		-Dselinux=$(meson_multilib_native_use selinux)
+		#-Dtests=$(meson_multilib_native_use test)
+		-Ddbus=$(meson_multilib_native_use test)
+		-Dxkbcommon=$(meson_multilib_native_use xkb)
+		# hardcode a few paths to spare some deps
+		-Dkill-path=/bin/kill
+		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+		# Breaks screen, tmux, etc.
+		-Ddefault-kill-user-processes=false
+
+		# multilib options
+		-Dbacklight=$(meson_multilib)
+		-Dbinfmt=$(meson_multilib)
+		-Dcoredump=$(meson_multilib)
+		-Denvironment-d=$(meson_multilib)
+		-Dfirstboot=$(meson_multilib)
+		-Dhibernate=$(meson_multilib)
+		-Dhostnamed=$(meson_multilib)
+		-Dhwdb=$(meson_multilib)
+		-Dldconfig=$(meson_multilib)
+		-Dlocaled=$(meson_multilib)
+		-Dman=$(meson_multilib)
+		-Dnetworkd=$(meson_multilib)
+		-Dquotacheck=$(meson_multilib)
+		-Drandomseed=$(meson_multilib)
+		-Drfkill=$(meson_multilib)
+		-Dsysusers=$(meson_multilib)
+		-Dtimedated=$(meson_multilib)
+		-Dtimesyncd=$(meson_multilib)
+		-Dtmpfiles=$(meson_multilib)
+		-Dvconsole=$(meson_multilib)
+	)
+
+	if multilib_is_native_abi && use idn; then
+		myconf+=(
+			-Dlibidn2=$(usex libidn2 true false)
+			-Dlibidn=$(usex libidn2 false true)
+		)
+	else
+		myconf+=(
+			-Dlibidn2=false
+			-Dlibidn=false
+		)
+	fi
+
+	meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_compile() {
+	eninja
+}
+
+multilib_src_test() {
+	unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
+	eninja test
+}
+
+multilib_src_install() {
+	DESTDIR="${D}" eninja install
+}
+
+multilib_src_install_all() {
+	local rootprefix=$(usex split-usr '' /usr)
+
+	# meson doesn't know about docdir
+	mv "${ED%/}"/usr/share/doc/{systemd,${PF}} || die
+
+	einstalldocs
+	dodoc "${FILESDIR}"/nsswitch.conf
+
+	if ! use resolvconf; then
+		rm -f "${ED%/}${rootprefix}"/sbin/resolvconf || die
+	fi
+
+	if ! use sysv-utils; then
+		rm "${ED%/}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
+		rm "${ED%/}"/usr/share/man/man1/init.1 || die
+		rm "${ED%/}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
+	fi
+
+	if ! use resolvconf && ! use sysv-utils; then
+		rmdir "${ED%/}${rootprefix}"/sbin || die
+	fi
+
+	# Preserve empty dirs in /etc & /var, bug #437008
+	keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+	keepdir /etc/systemd/{ntp-units.d,user} /var/lib/systemd
+	keepdir /etc/udev/{hwdb.d,rules.d}
+	keepdir /var/log/journal/remote
+
+	# Symlink /etc/sysctl.conf for easy migration.
+	dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
+
+	# If we install these symlinks, there is no way for the sysadmin to remove them
+	# permanently.
+	rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
+	rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.network1.service || die
+	rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
+	rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.resolve1.service || die
+	rm -fr "${ED%/}"/etc/systemd/system/network-online.target.wants || die
+	rm -fr "${ED%/}"/etc/systemd/system/sockets.target.wants || die
+	rm -fr "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
+
+	local udevdir=/lib/udev
+	use split-usr || udevdir=/usr/lib/udev
+
+	rm -r "${ED%/}${udevdir}/hwdb.d" || die
+
+	if use split-usr; then
+		# Avoid breaking boot/reboot
+		dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
+		dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
+	fi
+}
+
+migrate_locale() {
+	local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
+	local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
+	local locale_conf="${EROOT%/}/etc/locale.conf"
+
+	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+		# If locale.conf does not exist...
+		if [[ -e ${envd_locale} ]]; then
+			# ...either copy env.d/??locale if there's one
+			ebegin "Moving ${envd_locale} to ${locale_conf}"
+			mv "${envd_locale}" "${locale_conf}"
+			eend ${?} || FAIL=1
+		else
+			# ...or create a dummy default
+			ebegin "Creating ${locale_conf}"
+			cat > "${locale_conf}" <<-EOF
+				# This file has been created by the sys-apps/systemd ebuild.
+				# See locale.conf(5) and localectl(1).
+
+				# LANG=${LANG}
+			EOF
+			eend ${?} || FAIL=1
+		fi
+	fi
+
+	if [[ ! -L ${envd_locale} ]]; then
+		# now, if env.d/??locale is not a symlink (to locale.conf)...
+		if [[ -e ${envd_locale} ]]; then
+			# ...warn the user that he has duplicate locale settings
+			ewarn
+			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+			ewarn "and create the symlink with the following command:"
+			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+			ewarn
+		else
+			# ...or just create the symlink if there's nothing here
+			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+			ln -n -s ../locale.conf "${envd_locale_def}"
+			eend ${?} || FAIL=1
+		fi
+	fi
+}
+
+pkg_postinst() {
+	newusergroup() {
+		enewgroup "$1"
+		enewuser "$1" -1 -1 -1 "$1"
+	}
+
+	enewgroup input
+	enewgroup kvm 78
+	enewgroup render
+	enewgroup systemd-journal
+	newusergroup systemd-bus-proxy
+	newusergroup systemd-coredump
+	newusergroup systemd-journal-gateway
+	newusergroup systemd-journal-remote
+	newusergroup systemd-journal-upload
+	newusergroup systemd-network
+	newusergroup systemd-resolve
+	newusergroup systemd-timesync
+
+	systemd_update_catalog
+
+	# Keep this here in case the database format changes so it gets updated
+	# when required. Despite that this file is owned by sys-apps/hwids.
+	if has_version "sys-apps/hwids[udev]"; then
+		udevadm hwdb --update --root="${EROOT%/}"
+	fi
+
+	udev_reload || FAIL=1
+
+	# Bug 465468, make sure locales are respect, and ensure consistency
+	# between OpenRC & systemd
+	migrate_locale
+
+	systemd_reenable systemd-networkd.service systemd-resolved.service
+
+	if [[ ${FAIL} ]]; then
+		eerror "One of the postinst commands failed. Please check the postinst output"
+		eerror "for errors. You may need to clean up your system and/or try installing"
+		eerror "systemd again."
+		eerror
+	fi
+}
+
+pkg_prerm() {
+	# If removing systemd completely, remove the catalog database.
+	if [[ ! ${REPLACED_BY_VERSION} ]]; then
+		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+	fi
+}


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2018-12-26  4:02 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2018-12-26  4:02 UTC (permalink / raw
  To: gentoo-commits

commit:     9f1432cda09ee42e59d6f67279f09140601e8269
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Dec 26 04:02:01 2018 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Dec 26 04:02:01 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f1432cd

sys-apps/systemd: update generator-path patch

Package-Manager: Portage-2.3.52_p8, Repoman-2.3.12_p20
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../systemd/files/gentoo-generator-path-r1.patch   | 27 ++++++++++++++++++++++
 sys-apps/systemd/systemd-9999.ebuild               |  2 +-
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/sys-apps/systemd/files/gentoo-generator-path-r1.patch b/sys-apps/systemd/files/gentoo-generator-path-r1.patch
new file mode 100644
index 00000000000..459be9d99ed
--- /dev/null
+++ b/sys-apps/systemd/files/gentoo-generator-path-r1.patch
@@ -0,0 +1,27 @@
+From 3c7918deafa34313b935851171279d8fdb5cfadb Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Tue, 25 Dec 2018 22:52:50 -0500
+Subject: [PATCH] path-lookup: look for generators in
+ {,/usr}/lib/systemd/system-generators
+
+Bug: https://bugs.gentoo.org/625402
+---
+ src/shared/path-lookup.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c
+index 442fde7b2d..6814164504 100644
+--- a/src/shared/path-lookup.c
++++ b/src/shared/path-lookup.c
+@@ -888,6 +888,8 @@ char **generator_binary_paths(UnitFileScope scope) {
+                 return strv_new("/run/systemd/system-generators",
+                                 "/etc/systemd/system-generators",
+                                 "/usr/local/lib/systemd/system-generators",
++                                "/usr/lib/systemd/system-generators",
++                                "/lib/systemd/system-generators",
+                                 SYSTEM_GENERATOR_PATH);
+ 
+         case UNIT_FILE_GLOBAL:
+-- 
+2.20.1
+

diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 3403bfbf099..1297d2c0d74 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -161,7 +161,7 @@ src_prepare() {
 			"${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
 			"${FILESDIR}/gentoo-systemd-user-pam.patch"
 			"${FILESDIR}/gentoo-uucp-group-r1.patch"
-			"${FILESDIR}/gentoo-generator-path.patch"
+			"${FILESDIR}/gentoo-generator-path-r1.patch"
 		)
 	fi
 


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2018-05-24 20:33 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2018-05-24 20:33 UTC (permalink / raw
  To: gentoo-commits

commit:     ec933bb0dda9b1771bf3f53d2bfb835040dfa07a
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu May 24 20:32:44 2018 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu May 24 20:33:03 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ec933bb0

sys-apps/systemd: fix raw_clone() on sparc

Closes: https://bugs.gentoo.org/656368
Package-Manager: Portage-2.3.37, Repoman-2.3.9_p219

 sys-apps/systemd/files/238-sparc-raw-clone.patch   | 42 ++++++++++++++++++++++
 ...systemd-238-r6.ebuild => systemd-238-r7.ebuild} |  1 +
 2 files changed, 43 insertions(+)

diff --git a/sys-apps/systemd/files/238-sparc-raw-clone.patch b/sys-apps/systemd/files/238-sparc-raw-clone.patch
new file mode 100644
index 00000000000..736a498e918
--- /dev/null
+++ b/sys-apps/systemd/files/238-sparc-raw-clone.patch
@@ -0,0 +1,42 @@
+From e4aa2c34d526c108dd8fa37448b19bdb38de52c9 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Thu, 24 May 2018 10:48:55 -0400
+Subject: [PATCH] basic: fix raw_clone() on 32-bit sparc
+
+The clone syscall uses the same semantics as on 64-bit. The trap number
+for syscall entry is different.
+
+Bug: https://bugs.gentoo.org/656368
+---
+ src/basic/raw-clone.h | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/basic/raw-clone.h b/src/basic/raw-clone.h
+index d8a68663180..d35540903ab 100644
+--- a/src/basic/raw-clone.h
++++ b/src/basic/raw-clone.h
+@@ -39,10 +39,10 @@ static inline pid_t raw_clone(unsigned long flags) {
+         /* On s390/s390x and cris the order of the first and second arguments
+          * of the raw clone() system call is reversed. */
+         ret = (pid_t) syscall(__NR_clone, NULL, flags);
+-#elif defined(__sparc__) && defined(__arch64__)
++#elif defined(__sparc__)
+         {
+                 /**
+-                 * sparc64 always returns the other process id in %o0, and
++                 * sparc always returns the other process id in %o0, and
+                  * a boolean flag whether this is the child or the parent in
+                  * %o1. Inline assembly is needed to get the flag returned
+                  * in %o1.
+@@ -52,7 +52,11 @@ static inline pid_t raw_clone(unsigned long flags) {
+                 asm volatile("mov %2, %%g1\n\t"
+                              "mov %3, %%o0\n\t"
+                              "mov 0 , %%o1\n\t"
++#if defined(__arch64__)
+                              "t 0x6d\n\t"
++#else
++                             "t 0x10\n\t"
++#endif
+                              "mov %%o1, %0\n\t"
+                              "mov %%o0, %1" :
+                              "=r"(in_child), "=r"(child_pid) :

diff --git a/sys-apps/systemd/systemd-238-r6.ebuild b/sys-apps/systemd/systemd-238-r7.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-238-r6.ebuild
rename to sys-apps/systemd/systemd-238-r7.ebuild
index b015f21cb90..e65ddd901dd 100644
--- a/sys-apps/systemd/systemd-238-r6.ebuild
+++ b/sys-apps/systemd/systemd-238-r7.ebuild
@@ -154,6 +154,7 @@ src_prepare() {
 		"${FILESDIR}/238-initctl.patch"
 		"${FILESDIR}/238-nspawn-wait.patch"
 		"${FILESDIR}/238-timesync-connection.patch"
+		"${FILESDIR}/238-sparc-raw-clone.patch"
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2018-04-18 16:50 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2018-04-18 16:50 UTC (permalink / raw
  To: gentoo-commits

commit:     92f2fa6fd24ae18ecafeab68ffd72eddc028325f
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 18 16:50:39 2018 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Apr 18 16:50:55 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=92f2fa6f

sys-apps/systemd: backport timesync fix

Package-Manager: Portage-2.3.24, Repoman-2.3.6_p81

 .../systemd/files/238-timesync-connection.patch    | 49 ++++++++++++++++++++++
 ...systemd-238-r5.ebuild => systemd-238-r6.ebuild} |  1 +
 2 files changed, 50 insertions(+)

diff --git a/sys-apps/systemd/files/238-timesync-connection.patch b/sys-apps/systemd/files/238-timesync-connection.patch
new file mode 100644
index 00000000000..a48a88e9e68
--- /dev/null
+++ b/sys-apps/systemd/files/238-timesync-connection.patch
@@ -0,0 +1,49 @@
+From 6d254dba01491b994115ecef8c4017fbe5451606 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Mon, 16 Apr 2018 12:24:36 +0900
+Subject: [PATCH] timesync: establish connection when network become online and
+ the manager is not connected yet
+
+This also introduces `manager_is_connected()` helper function, which
+returns true when the manager is sending a request, resolving a server
+name, or in a poll interval.
+
+Follow-up for 3e85ec072180b6fbec82d715186985536859a29d.
+Fixes #8719.
+---
+ src/timesync/timesyncd-manager.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/timesync/timesyncd-manager.c b/src/timesync/timesyncd-manager.c
+index cfdc43b0ff2..0c5d3e2d6f7 100644
+--- a/src/timesync/timesyncd-manager.c
++++ b/src/timesync/timesyncd-manager.c
+@@ -1036,6 +1036,12 @@ static int manager_network_read_link_servers(Manager *m) {
+         return r;
+ }
+ 
++static bool manager_is_connected(Manager *m) {
++        /* Return true when the manager is sending a request, resolving a server name, or
++         * in a poll interval. */
++        return m->server_socket >= 0 || m->resolve_query || m->event_timer;
++}
++
+ static int manager_network_event_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+         Manager *m = userdata;
+         bool changed, connected, online;
+@@ -1051,13 +1057,13 @@ static int manager_network_event_handler(sd_event_source *s, int fd, uint32_t re
+         online = network_is_online();
+ 
+         /* check if the client is currently connected */
+-        connected = m->server_socket >= 0 || m->resolve_query || m->exhausted_servers;
++        connected = manager_is_connected(m);
+ 
+         if (connected && !online) {
+                 log_info("No network connectivity, watching for changes.");
+                 manager_disconnect(m);
+ 
+-        } else if (!connected && online && changed) {
++        } else if ((!connected || changed) && online) {
+                 log_info("Network configuration changed, trying to establish connection.");
+ 
+                 if (m->current_server_address)

diff --git a/sys-apps/systemd/systemd-238-r5.ebuild b/sys-apps/systemd/systemd-238-r6.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-238-r5.ebuild
rename to sys-apps/systemd/systemd-238-r6.ebuild
index 6d0ee7602a8..8625668cfff 100644
--- a/sys-apps/systemd/systemd-238-r5.ebuild
+++ b/sys-apps/systemd/systemd-238-r6.ebuild
@@ -155,6 +155,7 @@ src_prepare() {
 	PATCHES+=(
 		"${FILESDIR}/238-initctl.patch"
 		"${FILESDIR}/238-nspawn-wait.patch"
+		"${FILESDIR}/238-timesync-connection.patch"
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2018-04-05 20:12 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2018-04-05 20:12 UTC (permalink / raw
  To: gentoo-commits

commit:     3ffe8430672993cfc0d8d0b3abdf4d777cf3fdc1
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Apr  5 20:11:52 2018 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Apr  5 20:11:52 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3ffe8430

sys-apps/systemd: fix regression in nspawn network setup

Closes: https://bugs.gentoo.org/652396
Package-Manager: Portage-2.3.24, Repoman-2.3.6_p81

 sys-apps/systemd/files/238-nspawn-wait.patch       | 83 ++++++++++++++++++++++
 ...systemd-238-r3.ebuild => systemd-238-r4.ebuild} |  1 +
 2 files changed, 84 insertions(+)

diff --git a/sys-apps/systemd/files/238-nspawn-wait.patch b/sys-apps/systemd/files/238-nspawn-wait.patch
new file mode 100644
index 00000000000..a740e893345
--- /dev/null
+++ b/sys-apps/systemd/files/238-nspawn-wait.patch
@@ -0,0 +1,83 @@
+From 7511655807e90aa33ea7b71991401a79ec36bb41 Mon Sep 17 00:00:00 2001
+From: Philip Sequeira <phsequei@gmail.com>
+Date: Thu, 5 Apr 2018 14:04:27 +0000
+Subject: [PATCH] nspawn: wait for network namespace creation before interface
+ setup (#8633)
+
+Otherwise, network interfaces can be "moved" into the container's
+namespace while it's still the same as the host namespace, in which case
+e.g. host0 for a veth ends up on the host side instead of inside the
+container.
+
+Regression introduced in 0441378080489e4ab6704cd0a2d78cb1ceaca899.
+
+Fixes #8599.
+---
+ src/nspawn/nspawn.c | 19 +++++++++++++++----
+ 1 file changed, 15 insertions(+), 4 deletions(-)
+
+diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
+index 810f1247ea2..a5bc50c1f4c 100644
+--- a/src/nspawn/nspawn.c
++++ b/src/nspawn/nspawn.c
+@@ -2329,6 +2329,9 @@ static int inner_child(
+                 r = unshare(CLONE_NEWNET);
+                 if (r < 0)
+                         return log_error_errno(errno, "Failed to unshare network namespace: %m");
++
++                /* Tell the parent that it can setup network interfaces. */
++                (void) barrier_place(barrier); /* #3 */
+         }
+ 
+         r = mount_sysfs(NULL, arg_mount_settings);
+@@ -2337,7 +2340,7 @@ static int inner_child(
+ 
+         /* Wait until we are cgroup-ified, so that we
+          * can mount the right cgroup path writable */
+-        if (!barrier_place_and_sync(barrier)) { /* #3 */
++        if (!barrier_place_and_sync(barrier)) { /* #4 */
+                 log_error("Parent died too early");
+                 return -ESRCH;
+         }
+@@ -2448,7 +2451,7 @@ static int inner_child(
+         /* Let the parent know that we are ready and
+          * wait until the parent is ready with the
+          * setup, too... */
+-        if (!barrier_place_and_sync(barrier)) { /* #4 */
++        if (!barrier_place_and_sync(barrier)) { /* #5 */
+                 log_error("Parent died too early");
+                 return -ESRCH;
+         }
+@@ -3533,6 +3536,14 @@ static int run(int master,
+ 
+         if (arg_private_network) {
+ 
++                if (!arg_network_namespace_path) {
++                        /* Wait until the child has unshared its network namespace. */
++                        if (!barrier_place_and_sync(&barrier)) { /* #3 */
++                                log_error("Child died too early");
++                                return -ESRCH;
++                        }
++                }
++
+                 r = move_network_interfaces(*pid, arg_network_interfaces);
+                 if (r < 0)
+                         return r;
+@@ -3656,7 +3667,7 @@ static int run(int master,
+          * its setup (including cgroup-ification), and that
+          * the child can now hand over control to the code to
+          * run inside the container. */
+-        (void) barrier_place(&barrier); /* #3 */
++        (void) barrier_place(&barrier); /* #4 */
+ 
+         /* Block SIGCHLD here, before notifying child.
+          * process_pty() will handle it with the other signals. */
+@@ -3684,7 +3695,7 @@ static int run(int master,
+                 return r;
+ 
+         /* Let the child know that we are ready and wait that the child is completely ready now. */
+-        if (!barrier_place_and_sync(&barrier)) { /* #4 */
++        if (!barrier_place_and_sync(&barrier)) { /* #5 */
+                 log_error("Child died too early.");
+                 return -ESRCH;
+         }

diff --git a/sys-apps/systemd/systemd-238-r3.ebuild b/sys-apps/systemd/systemd-238-r4.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-238-r3.ebuild
rename to sys-apps/systemd/systemd-238-r4.ebuild
index b68ed0bf92a..0aca5fbb302 100644
--- a/sys-apps/systemd/systemd-238-r3.ebuild
+++ b/sys-apps/systemd/systemd-238-r4.ebuild
@@ -155,6 +155,7 @@ src_prepare() {
 	PATCHES+=(
 		"${FILESDIR}/238-libmount-include.patch"
 		"${FILESDIR}/238-initctl.patch"
+		"${FILESDIR}/238-nspawn-wait.patch"
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2018-04-01 16:31 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2018-04-01 16:31 UTC (permalink / raw
  To: gentoo-commits

commit:     d323ea527c3f8e3b3803a39af5fd57254edeaadf
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Apr  1 16:27:04 2018 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Apr  1 16:31:27 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d323ea52

sys-apps/systemd: add initctl patch

Package-Manager: Portage-2.3.24, Repoman-2.3.6_p81

 sys-apps/systemd/files/238-initctl.patch | 46 ++++++++++++++++++++++++++++++++
 sys-apps/systemd/systemd-238-r3.ebuild   |  1 +
 2 files changed, 47 insertions(+)

diff --git a/sys-apps/systemd/files/238-initctl.patch b/sys-apps/systemd/files/238-initctl.patch
new file mode 100644
index 00000000000..39991697743
--- /dev/null
+++ b/sys-apps/systemd/files/238-initctl.patch
@@ -0,0 +1,46 @@
+From 4d8c7c1b3a5feebca948a3b8663f5be887b57731 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Fri, 30 Mar 2018 11:00:17 -0400
+Subject: [PATCH] units: initctl: move the fifo to /run/initctl to match
+ sysvinit
+
+The fifo location was moved in sysvinit-2.89.
+
+http://git.savannah.nongnu.org/cgit/sysvinit.git/commit/?id=80dbcf3de3c1b83aeaa713a8fe5b8d35d8649af2
+---
+ units/systemd-initctl.service.in | 2 +-
+ units/systemd-initctl.socket     | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/units/systemd-initctl.service.in b/units/systemd-initctl.service.in
+index 6cfed3da11f..2b4b957dce3 100644
+--- a/units/systemd-initctl.service.in
++++ b/units/systemd-initctl.service.in
+@@ -8,7 +8,7 @@
+ #  (at your option) any later version.
+ 
+ [Unit]
+-Description=/dev/initctl Compatibility Daemon
++Description=initctl Compatibility Daemon
+ Documentation=man:systemd-initctl.service(8)
+ DefaultDependencies=no
+ 
+diff --git a/units/systemd-initctl.socket b/units/systemd-initctl.socket
+index 61f877ba7d2..9d975799081 100644
+--- a/units/systemd-initctl.socket
++++ b/units/systemd-initctl.socket
+@@ -8,12 +8,12 @@
+ #  (at your option) any later version.
+ 
+ [Unit]
+-Description=/dev/initctl Compatibility Named Pipe
++Description=initctl Compatibility Named Pipe
+ Documentation=man:systemd-initctl.service(8)
+ DefaultDependencies=no
+ Before=sockets.target
+ 
+ [Socket]
+-ListenFIFO=/run/systemd/initctl/fifo
++ListenFIFO=/run/initctl
+ Symlinks=/dev/initctl
+ SocketMode=0600

diff --git a/sys-apps/systemd/systemd-238-r3.ebuild b/sys-apps/systemd/systemd-238-r3.ebuild
index 813d4f96708..b68ed0bf92a 100644
--- a/sys-apps/systemd/systemd-238-r3.ebuild
+++ b/sys-apps/systemd/systemd-238-r3.ebuild
@@ -154,6 +154,7 @@ src_prepare() {
 
 	PATCHES+=(
 		"${FILESDIR}/238-libmount-include.patch"
+		"${FILESDIR}/238-initctl.patch"
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2018-04-01 16:31 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2018-04-01 16:31 UTC (permalink / raw
  To: gentoo-commits

commit:     2266f8440e17591fc6a4905a706c74432051854f
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Apr  1 16:31:04 2018 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Apr  1 16:31:27 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2266f844

sys-apps/systemd: remove old

Package-Manager: Portage-2.3.24, Repoman-2.3.6_p81

 sys-apps/systemd/Manifest                          |   5 -
 .../files/237-0001-networkctl-display-type.patch   | 266 ------------
 sys-apps/systemd/metadata.xml                      |   1 -
 sys-apps/systemd/systemd-233-r6.ebuild             | 458 ---------------------
 sys-apps/systemd/systemd-237-r2.ebuild             | 440 --------------------
 sys-apps/systemd/systemd-237-r3.ebuild             | 442 --------------------
 sys-apps/systemd/systemd-238-r1.ebuild             | 437 --------------------
 7 files changed, 2049 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index f5ba7882937..42cccb76c59 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,9 +1,4 @@
-DIST systemd-233-man.tar.gz 31386 BLAKE2B e4947e658db3efeec6b5a6adf340d2cc8e8aff2a14db4932720f90c3dc898b1e78595db983948373a2e28191fb3b0aad234f80feb91ee8ae4b607a44038a9cae SHA512 cc5215d3590ffc3c9203a64c14d6adeb0148c421c1396b8c1e43dcb58763b687ce99bdee327dd8a00abab7198171e73b22109a3f2032e4cec6adf2dcc85acf40
-DIST systemd-233-patches.tar.gz 12553 BLAKE2B 5d19f2dc82cc6cbd9b2e9393f932dfa3c88a981358b282fe56d43cd432d0ee0c0245e9c13d5460b94d83908b84a382dad3348b999f2356ab3ef2ae2c542a867d SHA512 3081f4cf64542ba64a28fe2eff11d8040af42255eb99b5210db9d583fc4b4360a4a4bb8769a1e43d38474d69ead681974cb98d4605968b38f98fd3d9b40bf211
-DIST systemd-233.tar.gz 4660737 BLAKE2B 38cdd74543447b3c02391b328428fed169fe2cf2df6e9341dcaf2f7d3d977612ec102301e144c1cada90d61e9e9bda3b2faaef708c8ff4bd0b52b143760a83b2 SHA512 5ad5329ea116d973cf67096f7e7ad28e9ea0905696e9451291f1d25e5064f4a9bfcfae87e912996c6a38397e9f4a148d4ccecfa9b70f7ecdf04deadb61784c8e
 DIST systemd-236-patches-2.tar.gz 54737 BLAKE2B bce5f9e234c975a2b6e474ca2a0c2c82e704f02cf19885134dddc5edbd0b7bfb3773d737f88f78ba2ab81093dfceeb44d76ecda99cf2b916072dcdfa84720c19 SHA512 b74ab6944135c938b2d0d2a1dd40ac4cc4ff26d072603d6bfbe4529d808b2e481eb910155895bce14607842ad6d30751aded51654a53f76278becbb5e317b875
 DIST systemd-236.tar.gz 6759035 BLAKE2B 0fc26bd67fb6cc3b0565c763fc26e38186c4b05c3d38652b73a2189dfbfb46382dba239f7f6f889eec57ad1d8f69d4098745c8f4ca16a707aa23b7771f2328f3 SHA512 1a9672960e03e05c09e41fb8cfe9b0f25e867fd43f37f8371515ddddfdbd4270afd746a6da733f6d1d3b2cc43db1ecc7a9f2245f2dac2ec233db74e9e70e4f6d
-DIST systemd-237-patches-0.tar.gz 74617 BLAKE2B 52750bb08731e9e694a00fedc1e42beb7c6ad7736d3b6567f2ab094d4356506d10ec11e1c4c62623078d647c3314c71c9f141eb7c8628b610fd8a5e818b90ec6 SHA512 a6db99b330585e57c722bb0e692b0d988d5fbfef60c6cc87efbb7b903e55642c2f03bf6cdc80f15da22d0c41b5051387dac23a2f04238331f235154b17f32d1b
-DIST systemd-237.tar.gz 6871350 BLAKE2B 4734a110a297fbbd6679bced6302fcdca55ab5d4207905e8dee9f5545f1de841d5adeaa4fd89961b9e63709d04b5c862b8bc81481311cf8e72ee327e459c9d91 SHA512 15ef4b92815a6dd9a6c51672dbc00fd7cd0f08068ef0cbeaca574f68d330b28bc67ba1946f24f75ef3d9e7b63843a73eea700db54688061dbf5c9f8470394c3b
 DIST systemd-238-patches-0.tar.gz 30019 BLAKE2B 0f393865cd6bcd815c1a6e932c0e5a25e125768d2bdef072d5fa7830b9ea012d0986380a1cdea8e369e1fffe89ea7657e4d55de2bae0d785ae374796a4e7c64b SHA512 f7e6fb7bf3b5cde2717a9e5dcd779a4595d6185d1ecdad8405a075edbb55b32c2573558f6af119ff50ea0df8eacef12ae7ee710fadd269f83db0985d76eb22dc
 DIST systemd-238.tar.gz 6954022 BLAKE2B 9b5cc36a7234c0d037a2656ee1e5ed54186a394b8be41771ebc29c903d3efcecf7f13f004a6d1695c022923bd0d540a243e897852f07e810f73fd3163f688dde SHA512 c0f272b022308d3bd94679184e102a8dc85de55310bda205a458ea33c77c7733e5c8c8e5b15f786ba3e0ce59e7c6a9bf0d5a0950517c6b91e0f345950129b9c8

diff --git a/sys-apps/systemd/files/237-0001-networkctl-display-type.patch b/sys-apps/systemd/files/237-0001-networkctl-display-type.patch
deleted file mode 100644
index e29cf2206aa..00000000000
--- a/sys-apps/systemd/files/237-0001-networkctl-display-type.patch
+++ /dev/null
@@ -1,266 +0,0 @@
-From a18461bc7d446f8e130e9276de4397d00059267f Mon Sep 17 00:00:00 2001
-From: "Jason A. Donenfeld" <Jason@zx2c4.com>
-Date: Mon, 29 Jan 2018 20:58:24 +0100
-Subject: [PATCH 1/4] networkd: display wireguard devtype
-
-It's not useful to simply show "none", when we have more interesting
-information to display.
-
-Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
----
- src/network/networkctl.c | 22 +++++++++++++++-------
- 1 file changed, 15 insertions(+), 7 deletions(-)
-
-diff --git a/src/network/networkctl.c b/src/network/networkctl.c
-index 59ce098cd1..6ce00dff6d 100644
---- a/src/network/networkctl.c
-+++ b/src/network/networkctl.c
-@@ -62,18 +62,26 @@ static int link_get_type_string(unsigned short iftype, sd_device *d, char **ret)
- 
-         assert(ret);
- 
--        if (iftype == ARPHRD_ETHER && d) {
-+        if (d) {
-                 const char *devtype = NULL, *id = NULL;
-+
-+                (void) sd_device_get_devtype(d, &devtype);
-+
-                 /* WLANs have iftype ARPHRD_ETHER, but we want
-                  * to show a more useful type string for
-                  * them */
-+                if (iftype == ARPHRD_ETHER) {
-+                        if (streq_ptr(devtype, "wlan"))
-+                                id = "wlan";
-+                        else if (streq_ptr(devtype, "wwan"))
-+                                id = "wwan";
-+                }
- 
--                (void) sd_device_get_devtype(d, &devtype);
--
--                if (streq_ptr(devtype, "wlan"))
--                        id = "wlan";
--                else if (streq_ptr(devtype, "wwan"))
--                        id = "wwan";
-+                /* Likewise, WireGuard has iftype ARPHRD_NONE,
-+                 * since it's layer 3, but we of course want
-+                 * something more useful than that. */
-+                if (iftype == ARPHRD_NONE && streq_ptr(devtype, "wireguard"))
-+                        id = "wireguard";
- 
-                 if (id) {
-                         p = strdup(id);
-
-From f119082e7a1ccfbf50c30a99819b6e303cdf09a1 Mon Sep 17 00:00:00 2001
-From: "Jason A. Donenfeld" <Jason@zx2c4.com>
-Date: Mon, 29 Jan 2018 21:01:46 +0100
-Subject: [PATCH 2/4] networkd: simplify and display all devtypes
-
-Every place the kernel actually calls SET_NETDEV_DEVTYPE, it's adding a
-piece of information that looks useful and relevant for us to use. So
-let's use it when it's there.
-
-The previous matching based on the corresponding ARPHRD didn't really
-make much sense. The more sensible logic for getting a textual
-representation of the link type is to see if the kernel supplies a
-devtype. If it does, great. If not, then we can fall back on the ARPHRD,
-as before.
-
-Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
----
- src/network/networkctl.c | 23 +++--------------------
- 1 file changed, 3 insertions(+), 20 deletions(-)
-
-diff --git a/src/network/networkctl.c b/src/network/networkctl.c
-index 6ce00dff6d..8a08304240 100644
---- a/src/network/networkctl.c
-+++ b/src/network/networkctl.c
-@@ -63,28 +63,11 @@ static int link_get_type_string(unsigned short iftype, sd_device *d, char **ret)
-         assert(ret);
- 
-         if (d) {
--                const char *devtype = NULL, *id = NULL;
-+                const char *devtype = NULL;
- 
-                 (void) sd_device_get_devtype(d, &devtype);
--
--                /* WLANs have iftype ARPHRD_ETHER, but we want
--                 * to show a more useful type string for
--                 * them */
--                if (iftype == ARPHRD_ETHER) {
--                        if (streq_ptr(devtype, "wlan"))
--                                id = "wlan";
--                        else if (streq_ptr(devtype, "wwan"))
--                                id = "wwan";
--                }
--
--                /* Likewise, WireGuard has iftype ARPHRD_NONE,
--                 * since it's layer 3, but we of course want
--                 * something more useful than that. */
--                if (iftype == ARPHRD_NONE && streq_ptr(devtype, "wireguard"))
--                        id = "wireguard";
--
--                if (id) {
--                        p = strdup(id);
-+                if (!isempty(devtype)) {
-+                        p = strdup(devtype);
-                         if (!p)
-                                 return -ENOMEM;
- 
-
-From fdce7817b9a27a370c01b7dd9da6a84fcae1038e Mon Sep 17 00:00:00 2001
-From: "Jason A. Donenfeld" <Jason@zx2c4.com>
-Date: Mon, 29 Jan 2018 21:05:36 +0100
-Subject: [PATCH 3/4] networkd: clean up link_get_type_string
-
-The return value is always ignored, so get rid of it.
-
-Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
----
- src/network/networkctl.c | 16 +++++++---------
- 1 file changed, 7 insertions(+), 9 deletions(-)
-
-diff --git a/src/network/networkctl.c b/src/network/networkctl.c
-index 8a08304240..7b33e0db17 100644
---- a/src/network/networkctl.c
-+++ b/src/network/networkctl.c
-@@ -56,7 +56,7 @@ static bool arg_no_pager = false;
- static bool arg_legend = true;
- static bool arg_all = false;
- 
--static int link_get_type_string(unsigned short iftype, sd_device *d, char **ret) {
-+static void link_get_type_string(unsigned short iftype, sd_device *d, char **ret) {
-         const char *t;
-         char *p;
- 
-@@ -69,27 +69,25 @@ static int link_get_type_string(unsigned short iftype, sd_device *d, char **ret)
-                 if (!isempty(devtype)) {
-                         p = strdup(devtype);
-                         if (!p)
--                                return -ENOMEM;
-+                                return;
- 
-                         *ret = p;
--                        return 1;
-+                        return;
-                 }
-         }
- 
-         t = arphrd_to_name(iftype);
-         if (!t) {
-                 *ret = NULL;
--                return 0;
-+                return;
-         }
- 
-         p = strdup(t);
-         if (!p)
--                return -ENOMEM;
-+                return;
- 
-         ascii_strlower(p);
-         *ret = p;
--
--        return 0;
- }
- 
- static void operational_state_to_color(const char *state, const char **on, const char **off) {
-@@ -314,7 +312,7 @@ static int list_links(int argc, char *argv[], void *userdata) {
-                 xsprintf(devid, "n%i", links[i].ifindex);
-                 (void) sd_device_new_from_device_id(&d, devid);
- 
--                (void) link_get_type_string(links[i].iftype, d, &t);
-+                link_get_type_string(links[i].iftype, d, &t);
- 
-                 printf("%3i %-16s %-18s %s%-11s%s %s%-10s%s\n",
-                        links[i].ifindex, links[i].name, strna(t),
-@@ -807,7 +805,7 @@ static int link_status_one(
-                         (void) sd_device_get_property_value(d, "ID_MODEL", &model);
-         }
- 
--        (void) link_get_type_string(info->iftype, d, &t);
-+        link_get_type_string(info->iftype, d, &t);
- 
-         (void) sd_network_link_get_network_file(info->ifindex, &network);
- 
-
-From b55822c349d3e0559c1efc7475fd0f74cf086453 Mon Sep 17 00:00:00 2001
-From: "Jason A. Donenfeld" <Jason@zx2c4.com>
-Date: Mon, 29 Jan 2018 21:08:39 +0100
-Subject: [PATCH 4/4] networkd: clean up link_get_type_string returns
-
-It's cleaner and more consistent to actually return what we were
-planning on returning.
-
-Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
----
- src/network/networkctl.c | 28 +++++++++-------------------
- 1 file changed, 9 insertions(+), 19 deletions(-)
-
-diff --git a/src/network/networkctl.c b/src/network/networkctl.c
-index 7b33e0db17..14d8ecb03f 100644
---- a/src/network/networkctl.c
-+++ b/src/network/networkctl.c
-@@ -56,38 +56,28 @@ static bool arg_no_pager = false;
- static bool arg_legend = true;
- static bool arg_all = false;
- 
--static void link_get_type_string(unsigned short iftype, sd_device *d, char **ret) {
-+static char *link_get_type_string(unsigned short iftype, sd_device *d) {
-         const char *t;
-         char *p;
- 
--        assert(ret);
--
-         if (d) {
-                 const char *devtype = NULL;
- 
-                 (void) sd_device_get_devtype(d, &devtype);
--                if (!isempty(devtype)) {
--                        p = strdup(devtype);
--                        if (!p)
--                                return;
--
--                        *ret = p;
--                        return;
--                }
-+                if (!isempty(devtype))
-+                        return strdup(devtype);
-         }
- 
-         t = arphrd_to_name(iftype);
--        if (!t) {
--                *ret = NULL;
--                return;
--        }
-+        if (!t)
-+                return NULL;
- 
-         p = strdup(t);
-         if (!p)
--                return;
-+                return NULL;
- 
-         ascii_strlower(p);
--        *ret = p;
-+        return p;
- }
- 
- static void operational_state_to_color(const char *state, const char **on, const char **off) {
-@@ -312,7 +302,7 @@ static int list_links(int argc, char *argv[], void *userdata) {
-                 xsprintf(devid, "n%i", links[i].ifindex);
-                 (void) sd_device_new_from_device_id(&d, devid);
- 
--                link_get_type_string(links[i].iftype, d, &t);
-+                t = link_get_type_string(links[i].iftype, d);
- 
-                 printf("%3i %-16s %-18s %s%-11s%s %s%-10s%s\n",
-                        links[i].ifindex, links[i].name, strna(t),
-@@ -805,7 +795,7 @@ static int link_status_one(
-                         (void) sd_device_get_property_value(d, "ID_MODEL", &model);
-         }
- 
--        link_get_type_string(info->iftype, d, &t);
-+        t = link_get_type_string(info->iftype, d);
- 
-         (void) sd_network_link_get_network_file(info->ifindex, &network);
- 

diff --git a/sys-apps/systemd/metadata.xml b/sys-apps/systemd/metadata.xml
index c0dbc0de012..d2004bef107 100644
--- a/sys-apps/systemd/metadata.xml
+++ b/sys-apps/systemd/metadata.xml
@@ -13,7 +13,6 @@
 		<flag name="audit">Enable support for <pkg>sys-process/audit</pkg></flag>
 		<flag name="curl">Enable support for uploading journals</flag>
 		<flag name="cryptsetup">Enable cryptsetup tools (includes unit generator for crypttab)</flag>
-		<flag name="doc">Generate systemd.index.7 and systemd.directives.7</flag>
 		<flag name="gnuefi">Enable EFI boot manager and stub loader (built using <pkg>sys-boot/gnu-efi</pkg>)</flag>
 		<flag name="elfutils">Enable coredump stacktraces in the journal</flag>
 		<flag name="gcrypt">Enable sealing of journal files using gcrypt</flag>

diff --git a/sys-apps/systemd/systemd-233-r6.ebuild b/sys-apps/systemd/systemd-233-r6.ebuild
deleted file mode 100644
index 307333c182d..00000000000
--- a/sys-apps/systemd/systemd-233-r6.ebuild
+++ /dev/null
@@ -1,458 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
-	inherit git-r3
-else
-	SRC_URI="https://github.com/systemd/systemd/archive/v${PV}.tar.gz -> ${P}.tar.gz
-		https://dev.gentoo.org/~floppym/dist/${P}-patches.tar.gz
-		!doc? ( https://dev.gentoo.org/~floppym/dist/${P}-man.tar.gz )"
-	KEYWORDS="alpha amd64 arm ~arm64 ia64 ppc ppc64 ~sparc x86"
-fi
-
-PYTHON_COMPAT=( python{3_4,3_5,3_6} )
-
-inherit autotools bash-completion-r1 linux-info multilib-minimal pam python-any-r1 systemd toolchain-funcs udev user
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit build cryptsetup curl doc elfutils +gcrypt gnuefi http
-	idn importd +kmod +lz4 lzma nat pam policykit
-	qrcode +seccomp selinux ssl sysv-utils test vanilla xkb"
-
-REQUIRED_USE="importd? ( curl gcrypt lzma )"
-
-MINKV="3.11"
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.27.1:0=[${MULTILIB_USEDEP}]
-	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
-	!<sys-libs/glibc-2.16
-	acl? ( sys-apps/acl:0= )
-	apparmor? ( sys-libs/libapparmor:0= )
-	audit? ( >=sys-process/audit-2:0= )
-	cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
-	curl? ( net-misc/curl:0= )
-	elfutils? ( >=dev-libs/elfutils-0.158:0= )
-	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
-	http? (
-		>=net-libs/libmicrohttpd-0.9.33:0=
-		ssl? ( >=net-libs/gnutls-3.1.4:0= )
-	)
-	idn? ( net-dns/libidn:0= )
-	importd? (
-		app-arch/bzip2:0=
-		sys-libs/zlib:0=
-	)
-	kmod? ( >=sys-apps/kmod-15:0= )
-	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
-	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
-	nat? ( net-firewall/iptables:0= )
-	pam? ( virtual/pam:=[${MULTILIB_USEDEP}] )
-	qrcode? ( media-gfx/qrencode:0= )
-	seccomp? ( >=sys-libs/libseccomp-2.3.1:0= )
-	selinux? ( sys-libs/libselinux:0= )
-	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
-	abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
-	>=sys-apps/baselayout-2.2
-	selinux? ( sec-policy/selinux-base-policy[systemd] )
-	sysv-utils? ( !sys-apps/sysvinit )
-	!sysv-utils? ( sys-apps/sysvinit )
-	!build? ( || (
-		sys-apps/util-linux[kill(-)]
-		sys-process/procps[kill(+)]
-		sys-apps/coreutils[kill(-)]
-	) )
-	!sys-auth/nss-myhostname
-	!<sys-kernel/dracut-044
-	!sys-fs/eudev
-	!sys-fs/udev"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
-	>=sys-apps/hwids-20150417[udev]
-	>=sys-fs/udev-init-scripts-25
-	policykit? ( sys-auth/polkit )
-	!vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
-	app-arch/xz-utils:0
-	dev-util/gperf
-	>=dev-util/intltool-0.50
-	>=sys-apps/coreutils-8.16
-	>=sys-kernel/linux-headers-${MINKV}
-	virtual/pkgconfig
-	gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
-	test? ( sys-apps/dbus )
-	app-text/docbook-xml-dtd:4.2
-	app-text/docbook-xml-dtd:4.5
-	app-text/docbook-xsl-stylesheets
-	dev-libs/libxslt:0
-	doc? ( $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') )
-"
-
-python_check_deps() {
-	has_version --host-root "dev-python/lxml[${PYTHON_USEDEP}]"
-}
-
-pkg_pretend() {
-	if [[ ${MERGE_TYPE} != buildonly ]]; then
-		local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
-			~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
-			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
-			~TIMERFD ~TMPFS_XATTR ~UNIX
-			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
-			~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
-			~!SYSFS_DEPRECATED_V2"
-
-		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
-		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
-		kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
-		kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
-
-		if linux_config_exists; then
-			local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
-			if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
-				ewarn "It's recommended to set an empty value to the following kernel config option:"
-				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
-			fi
-			if linux_chkconfig_present X86; then
-				CONFIG_CHECK+=" ~DMIID"
-			fi
-		fi
-
-		if kernel_is -lt ${MINKV//./ }; then
-			ewarn "Kernel version at least ${MINKV} required"
-		fi
-
-		check_extra_config
-	fi
-}
-
-pkg_setup() {
-	:
-}
-
-src_unpack() {
-	default
-	[[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
-	# Bug 463376
-	sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
-
-	local PATCHES=(
-		"${FILESDIR}/CVE-2017-15908.patch"
-	)
-
-	if ! use vanilla; then
-		PATCHES+=(
-			"${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
-			"${FILESDIR}/gentoo-noclean-tmp.patch"
-			"${FILESDIR}/gentoo-systemd-user-pam.patch"
-		)
-	fi
-
-	[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
-	default
-
-	eautoreconf
-}
-
-src_configure() {
-	# Keep using the one where the rules were installed.
-	MY_UDEVDIR=$(get_udevdir)
-	# Fix systems broken by bug #509454.
-	[[ ${MY_UDEVDIR} ]] || MY_UDEVDIR=/lib/udev
-
-	# Prevent conflicts with i686 cross toolchain, bug 559726
-	tc-export AR CC NM OBJCOPY RANLIB
-
-	use doc && python_setup
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	local myeconfargs=(
-		# disable -flto since it is an optimization flag
-		# and makes distcc less effective
-		cc_cv_CFLAGS__flto=no
-		# disable -fuse-ld=gold since Gentoo supports explicit linker
-		# choice and forcing gold is undesired, #539998
-		# ld.gold may collide with user's LDFLAGS, #545168
-		# ld.gold breaks sparc, #573874
-		cc_cv_LDFLAGS__Wl__fuse_ld_gold=no
-
-		# Workaround for gcc-4.7, bug 554454.
-		cc_cv_CFLAGS__Werror_shadow=no
-
-		# Workaround for bug 516346
-		--enable-dependency-tracking
-
-		--disable-maintainer-mode
-		--localstatedir=/var
-		--with-pamlibdir=$(getpam_mod_dir)
-		# avoid bash-completion dep
-		--with-bashcompletiondir="$(get_bashcompdir)"
-		# make sure we get /bin:/sbin in $PATH
-		--enable-split-usr
-		# For testing.
-		--with-rootprefix="${ROOTPREFIX-/usr}"
-		--with-rootlibdir="${ROOTPREFIX-/usr}/$(get_libdir)"
-		# disable sysv compatibility
-		--with-sysvinit-path=
-		--with-sysvrcnd-path=
-		# no deps
-		--enable-efi
-		--enable-ima
-
-		# Optional components/dependencies
-		$(multilib_native_use_enable acl)
-		$(multilib_native_use_enable apparmor)
-		$(multilib_native_use_enable audit)
-		$(multilib_native_use_enable cryptsetup libcryptsetup)
-		$(multilib_native_use_enable curl libcurl)
-		$(multilib_native_use_enable elfutils)
-		$(use_enable gcrypt)
-		$(multilib_native_use_enable gnuefi)
-		--with-efi-libdir="/usr/$(get_libdir)"
-		$(multilib_native_use_enable http microhttpd)
-		$(usex http $(multilib_native_use_enable ssl gnutls) --disable-gnutls)
-		$(multilib_native_use_enable idn libidn)
-		$(multilib_native_use_enable importd)
-		$(multilib_native_use_enable importd bzip2)
-		$(multilib_native_use_enable importd zlib)
-		$(multilib_native_use_enable kmod)
-		$(use_enable lz4)
-		$(use_enable lzma xz)
-		$(multilib_native_use_enable nat libiptc)
-		$(use_enable pam)
-		$(multilib_native_use_enable policykit polkit)
-		$(multilib_native_use_enable qrcode qrencode)
-		$(multilib_native_use_enable seccomp)
-		$(multilib_native_use_enable selinux)
-		$(multilib_native_use_enable test tests)
-		$(multilib_native_use_enable test dbus)
-		$(multilib_native_use_enable xkb xkbcommon)
-		$(multilib_native_use_with doc python)
-
-		# hardcode a few paths to spare some deps
-		KILL=/bin/kill
-		QUOTAON=/usr/sbin/quotaon
-		QUOTACHECK=/usr/sbin/quotacheck
-
-		# TODO: we may need to restrict this to gcc
-		EFI_CC="$(tc-getCC)"
-
-		# dbus paths
-		--with-dbuspolicydir="${EPREFIX}/etc/dbus-1/system.d"
-		--with-dbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services"
-		--with-dbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services"
-
-		--with-ntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
-
-		# Breaks screen, tmux, etc.
-		--without-kill-user-processes
-	)
-
-	# Work around bug 463846.
-	tc-export CC
-
-	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	local mymakeopts=(
-		udevlibexecdir="${MY_UDEVDIR}"
-	)
-
-	if multilib_is_native_abi; then
-		emake "${mymakeopts[@]}"
-	else
-		emake built-sources
-		local targets=(
-			'$(rootlib_LTLIBRARIES)'
-			'$(lib_LTLIBRARIES)'
-			'$(pamlib_LTLIBRARIES)'
-			'$(pkgconfiglib_DATA)'
-		)
-		echo "gentoo: ${targets[*]}" | emake "${mymakeopts[@]}" -f Makefile -f - gentoo
-	fi
-}
-
-multilib_src_test() {
-	multilib_is_native_abi || return 0
-	default
-}
-
-multilib_src_install() {
-	local mymakeopts=(
-		# automake fails with parallel libtool relinking
-		# https://bugs.gentoo.org/show_bug.cgi?id=491398
-		-j1
-
-		udevlibexecdir="${MY_UDEVDIR}"
-		dist_udevhwdb_DATA=
-		DESTDIR="${D}"
-	)
-
-	if multilib_is_native_abi; then
-		emake "${mymakeopts[@]}" install
-	else
-		mymakeopts+=(
-			install-rootlibLTLIBRARIES
-			install-libLTLIBRARIES
-			install-pamlibLTLIBRARIES
-			install-pkgconfiglibDATA
-			install-includeHEADERS
-			install-pkgincludeHEADERS
-		)
-
-		emake "${mymakeopts[@]}"
-	fi
-}
-
-multilib_src_install_all() {
-	prune_libtool_files --modules
-	einstalldocs
-	dodoc "${FILESDIR}"/nsswitch.conf
-
-	if [[ ${PV} != 9999 ]]; then
-		use doc || doman "${WORKDIR}"/man/systemd.{directives,index}.7
-	fi
-
-	if use sysv-utils; then
-		for app in halt poweroff reboot runlevel shutdown telinit; do
-			dosym "..${ROOTPREFIX-/usr}/bin/systemctl" /sbin/${app}
-		done
-		dosym "..${ROOTPREFIX-/usr}/lib/systemd/systemd" /sbin/init
-	else
-		# we just keep sysvinit tools, so no need for the mans
-		rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
-			|| die
-		rm "${D}"/usr/share/man/man1/init.1 || die
-	fi
-
-	# Preserve empty dirs in /etc & /var, bug #437008
-	keepdir /etc/binfmt.d /etc/modules-load.d /etc/tmpfiles.d \
-		/etc/systemd/ntp-units.d /etc/systemd/user /var/lib/systemd \
-		/var/log/journal/remote
-
-	# Symlink /etc/sysctl.conf for easy migration.
-	dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
-
-	# If we install these symlinks, there is no way for the sysadmin to remove them
-	# permanently.
-	rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
-	rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.network1.service || die
-	rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
-	rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.resolve1.service || die
-	rm -fr "${ED%/}"/etc/systemd/system/network-online.target.wants || die
-	rm -fr "${ED%/}"/etc/systemd/system/sockets.target.wants || die
-	rm -fr "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
-}
-
-migrate_locale() {
-	local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
-	local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
-	local locale_conf="${EROOT%/}/etc/locale.conf"
-
-	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
-		# If locale.conf does not exist...
-		if [[ -e ${envd_locale} ]]; then
-			# ...either copy env.d/??locale if there's one
-			ebegin "Moving ${envd_locale} to ${locale_conf}"
-			mv "${envd_locale}" "${locale_conf}"
-			eend ${?} || FAIL=1
-		else
-			# ...or create a dummy default
-			ebegin "Creating ${locale_conf}"
-			cat > "${locale_conf}" <<-EOF
-				# This file has been created by the sys-apps/systemd ebuild.
-				# See locale.conf(5) and localectl(1).
-
-				# LANG=${LANG}
-			EOF
-			eend ${?} || FAIL=1
-		fi
-	fi
-
-	if [[ ! -L ${envd_locale} ]]; then
-		# now, if env.d/??locale is not a symlink (to locale.conf)...
-		if [[ -e ${envd_locale} ]]; then
-			# ...warn the user that he has duplicate locale settings
-			ewarn
-			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
-			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
-			ewarn "and create the symlink with the following command:"
-			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
-			ewarn
-		else
-			# ...or just create the symlink if there's nothing here
-			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
-			ln -n -s ../locale.conf "${envd_locale_def}"
-			eend ${?} || FAIL=1
-		fi
-	fi
-}
-
-pkg_postinst() {
-	newusergroup() {
-		enewgroup "$1"
-		enewuser "$1" -1 -1 -1 "$1"
-	}
-
-	enewgroup input
-	enewgroup systemd-journal
-	newusergroup systemd-bus-proxy
-	newusergroup systemd-coredump
-	newusergroup systemd-journal-gateway
-	newusergroup systemd-journal-remote
-	newusergroup systemd-journal-upload
-	newusergroup systemd-network
-	newusergroup systemd-resolve
-	newusergroup systemd-timesync
-
-	systemd_update_catalog
-
-	# Keep this here in case the database format changes so it gets updated
-	# when required. Despite that this file is owned by sys-apps/hwids.
-	if has_version "sys-apps/hwids[udev]"; then
-		udevadm hwdb --update --root="${ROOT%/}"
-	fi
-
-	udev_reload || FAIL=1
-
-	# Bug 465468, make sure locales are respect, and ensure consistency
-	# between OpenRC & systemd
-	migrate_locale
-
-	systemd_reenable systemd-networkd.service systemd-resolved.service
-
-	if [[ ${FAIL} ]]; then
-		eerror "One of the postinst commands failed. Please check the postinst output"
-		eerror "for errors. You may need to clean up your system and/or try installing"
-		eerror "systemd again."
-		eerror
-	fi
-}
-
-pkg_prerm() {
-	# If removing systemd completely, remove the catalog database.
-	if [[ ! ${REPLACED_BY_VERSION} ]]; then
-		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
-	fi
-}

diff --git a/sys-apps/systemd/systemd-237-r2.ebuild b/sys-apps/systemd/systemd-237-r2.ebuild
deleted file mode 100644
index 06b717f4da4..00000000000
--- a/sys-apps/systemd/systemd-237-r2.ebuild
+++ /dev/null
@@ -1,440 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
-	inherit git-r3
-else
-	SRC_URI="https://github.com/systemd/systemd/archive/v${PV}/${P}.tar.gz"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~x86"
-fi
-
-PYTHON_COMPAT=( python{3_4,3_5,3_6} )
-
-inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev user
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi http idn importd +kmod libidn2 +lz4 lzma nat pam pcre policykit qrcode +seccomp selinux ssl +sysv-utils test usrmerge vanilla xkb"
-
-REQUIRED_USE="importd? ( curl gcrypt lzma )"
-RESTRICT="!test? ( test )"
-
-MINKV="3.11"
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
-	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
-	!<sys-libs/glibc-2.16
-	acl? ( sys-apps/acl:0= )
-	apparmor? ( sys-libs/libapparmor:0= )
-	audit? ( >=sys-process/audit-2:0= )
-	cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
-	curl? ( net-misc/curl:0= )
-	elfutils? ( >=dev-libs/elfutils-0.158:0= )
-	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
-	http? (
-		>=net-libs/libmicrohttpd-0.9.33:0=
-		ssl? ( >=net-libs/gnutls-3.1.4:0= )
-	)
-	idn? (
-		libidn2? ( net-dns/libidn2 )
-		!libidn2? ( net-dns/libidn )
-	)
-	importd? (
-		app-arch/bzip2:0=
-		sys-libs/zlib:0=
-	)
-	kmod? ( >=sys-apps/kmod-15:0= )
-	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
-	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
-	nat? ( net-firewall/iptables:0= )
-	pam? ( virtual/pam:=[${MULTILIB_USEDEP}] )
-	pcre? ( dev-libs/libpcre2 )
-	qrcode? ( media-gfx/qrencode:0= )
-	seccomp? ( >=sys-libs/libseccomp-2.3.1:0= )
-	selinux? ( sys-libs/libselinux:0= )
-	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
-	abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
-	>=sys-apps/baselayout-2.2
-	selinux? ( sec-policy/selinux-base-policy[systemd] )
-	sysv-utils? ( !sys-apps/sysvinit )
-	!sysv-utils? ( sys-apps/sysvinit )
-	!build? ( || (
-		sys-apps/util-linux[kill(-)]
-		sys-process/procps[kill(+)]
-		sys-apps/coreutils[kill(-)]
-	) )
-	!sys-auth/nss-myhostname
-	!<sys-kernel/dracut-044
-	!sys-fs/eudev
-	!sys-fs/udev"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
-	>=sys-apps/hwids-20150417[udev]
-	>=sys-fs/udev-init-scripts-25
-	policykit? ( sys-auth/polkit )
-	!vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
-	app-arch/xz-utils:0
-	dev-util/gperf
-	>=dev-util/intltool-0.50
-	>=sys-apps/coreutils-8.16
-	>=sys-kernel/linux-headers-${MINKV}
-	virtual/pkgconfig
-	gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
-	test? ( sys-apps/dbus )
-	app-text/docbook-xml-dtd:4.2
-	app-text/docbook-xml-dtd:4.5
-	app-text/docbook-xsl-stylesheets
-	dev-libs/libxslt:0
-	$(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
-"
-
-pkg_pretend() {
-	if [[ ${MERGE_TYPE} != buildonly ]]; then
-		local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
-			~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
-			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
-			~TIMERFD ~TMPFS_XATTR ~UNIX
-			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
-			~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
-			~!SYSFS_DEPRECATED_V2"
-
-		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
-		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
-		kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
-		kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
-		kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
-
-		if linux_config_exists; then
-			local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
-			if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
-				ewarn "It's recommended to set an empty value to the following kernel config option:"
-				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
-			fi
-			if linux_chkconfig_present X86; then
-				CONFIG_CHECK+=" ~DMIID"
-			fi
-		fi
-
-		if kernel_is -lt ${MINKV//./ }; then
-			ewarn "Kernel version at least ${MINKV} required"
-		fi
-
-		check_extra_config
-	fi
-}
-
-pkg_setup() {
-	:
-}
-
-src_unpack() {
-	default
-	[[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
-	local PATCHES=(
-		"${FILESDIR}/237-0001-networkctl-display-type.patch"
-	)
-
-	[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
-	if ! use vanilla; then
-		PATCHES+=(
-			"${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
-			"${FILESDIR}/gentoo-systemd-user-pam.patch"
-			"${FILESDIR}/gentoo-uucp-group-r1.patch"
-			"${FILESDIR}/gentoo-generator-path.patch"
-		)
-	fi
-
-	default
-}
-
-src_configure() {
-	# Prevent conflicts with i686 cross toolchain, bug 559726
-	tc-export AR CC NM OBJCOPY RANLIB
-
-	python_setup
-
-	multilib-minimal_src_configure
-}
-
-meson_use() {
-	usex "$1" true false
-}
-
-meson_multilib() {
-	if multilib_is_native_abi; then
-		echo true
-	else
-		echo false
-	fi
-}
-
-meson_multilib_native_use() {
-	if multilib_is_native_abi && use "$1"; then
-		echo true
-	else
-		echo false
-	fi
-}
-
-multilib_src_configure() {
-	local myconf=(
-		--localstatedir="${EPREFIX}/var"
-		-Dpamlibdir="$(getpam_mod_dir)"
-		# avoid bash-completion dep
-		-Dbashcompletiondir="$(get_bashcompdir)"
-		# make sure we get /bin:/sbin in PATH
-		-Dsplit-usr=$(usex usrmerge false true)
-		-Drootprefix="$(usex usrmerge "${EPREFIX}/usr" "${EPREFIX:-/}")"
-		-Dsysvinit-path=
-		-Dsysvrcnd-path=
-		# Avoid infinite exec recursion, bug 642724
-		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
-		# no deps
-		-Defi=$(meson_multilib)
-		-Dima=true
-		# Optional components/dependencies
-		-Dacl=$(meson_multilib_native_use acl)
-		-Dapparmor=$(meson_multilib_native_use apparmor)
-		-Daudit=$(meson_multilib_native_use audit)
-		-Dlibcryptsetup=$(meson_multilib_native_use cryptsetup)
-		-Dlibcurl=$(meson_multilib_native_use curl)
-		-Delfutils=$(meson_multilib_native_use elfutils)
-		-Dgcrypt=$(meson_use gcrypt)
-		-Dgnu-efi=$(meson_multilib_native_use gnuefi)
-		-Defi-libdir="${EPREFIX}/usr/$(get_libdir)"
-		-Dmicrohttpd=$(meson_multilib_native_use http)
-		$(usex http -Dgnutls=$(meson_multilib_native_use ssl) -Dgnutls=false)
-		-Dimportd=$(meson_multilib_native_use importd)
-		-Dbzip2=$(meson_multilib_native_use importd)
-		-Dzlib=$(meson_multilib_native_use importd)
-		-Dkmod=$(meson_multilib_native_use kmod)
-		-Dlz4=$(meson_use lz4)
-		-Dxz=$(meson_use lzma)
-		-Dlibiptc=$(meson_multilib_native_use nat)
-		-Dpam=$(meson_use pam)
-		-Dpcre2=$(meson_multilib_native_use pcre)
-		-Dpolkit=$(meson_multilib_native_use policykit)
-		-Dqrencode=$(meson_multilib_native_use qrcode)
-		-Dseccomp=$(meson_multilib_native_use seccomp)
-		-Dselinux=$(meson_multilib_native_use selinux)
-		#-Dtests=$(meson_multilib_native_use test)
-		-Ddbus=$(meson_multilib_native_use test)
-		-Dxkbcommon=$(meson_multilib_native_use xkb)
-		# hardcode a few paths to spare some deps
-		-Dkill-path=/bin/kill
-		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
-		# Breaks screen, tmux, etc.
-		-Ddefault-kill-user-processes=false
-
-		# multilib options
-		-Dbacklight=$(meson_multilib)
-		-Dbinfmt=$(meson_multilib)
-		-Dcoredump=$(meson_multilib)
-		-Denvironment-d=$(meson_multilib)
-		-Dfirstboot=$(meson_multilib)
-		-Dhibernate=$(meson_multilib)
-		-Dhostnamed=$(meson_multilib)
-		-Dhwdb=$(meson_multilib)
-		-Dldconfig=$(meson_multilib)
-		-Dlocaled=$(meson_multilib)
-		-Dman=$(meson_multilib)
-		-Dnetworkd=$(meson_multilib)
-		-Dquotacheck=$(meson_multilib)
-		-Drandomseed=$(meson_multilib)
-		-Drfkill=$(meson_multilib)
-		-Dsysusers=$(meson_multilib)
-		-Dtimedated=$(meson_multilib)
-		-Dtimesyncd=$(meson_multilib)
-		-Dtmpfiles=$(meson_multilib)
-		-Dvconsole=$(meson_multilib)
-	)
-
-	if multilib_is_native_abi && use idn; then
-		myconf+=(
-			-Dlibidn2=$(usex libidn2 true false)
-			-Dlibidn=$(usex libidn2 false true)
-		)
-	else
-		myconf+=(
-			-Dlibidn2=false
-			-Dlibidn=false
-		)
-	fi
-
-	meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_compile() {
-	eninja
-}
-
-multilib_src_test() {
-	eninja test
-}
-
-multilib_src_install() {
-	DESTDIR="${D}" eninja install
-}
-
-multilib_src_install_all() {
-	# meson doesn't know about docdir
-	mv "${ED%/}"/usr/share/doc/{systemd,${PF}} || die
-
-	einstalldocs
-	dodoc "${FILESDIR}"/nsswitch.conf
-
-	if use sysv-utils; then
-		local app
-		for app in halt poweroff reboot runlevel shutdown telinit; do
-			dosym ../bin/systemctl /sbin/${app}
-		done
-		dosym ../lib/systemd/systemd /sbin/init
-	else
-		# we just keep sysvinit tools, so no need for the mans
-		rm "${ED%/}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
-			|| die
-		rm "${ED%/}"/usr/share/man/man1/init.1 || die
-	fi
-
-	# Preserve empty dirs in /etc & /var, bug #437008
-	keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
-	keepdir /etc/systemd/{ntp-units.d,user} /var/lib/systemd
-	keepdir /etc/udev/{hwdb.d,rules.d}
-	keepdir /var/log/journal/remote
-
-	# Symlink /etc/sysctl.conf for easy migration.
-	dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
-
-	# If we install these symlinks, there is no way for the sysadmin to remove them
-	# permanently.
-	rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
-	rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.network1.service || die
-	rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
-	rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.resolve1.service || die
-	rm -fr "${ED%/}"/etc/systemd/system/network-online.target.wants || die
-	rm -fr "${ED%/}"/etc/systemd/system/sockets.target.wants || die
-	rm -fr "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
-
-	local udevdir=/lib/udev
-	use usrmerge && udevdir=/usr/lib/udev
-
-	rm -r "${ED%/}${udevdir}/hwdb.d" || die
-
-	if ! use usrmerge; then
-		# Avoid breaking boot/reboot
-		dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
-		dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
-	fi
-}
-
-migrate_locale() {
-	local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
-	local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
-	local locale_conf="${EROOT%/}/etc/locale.conf"
-
-	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
-		# If locale.conf does not exist...
-		if [[ -e ${envd_locale} ]]; then
-			# ...either copy env.d/??locale if there's one
-			ebegin "Moving ${envd_locale} to ${locale_conf}"
-			mv "${envd_locale}" "${locale_conf}"
-			eend ${?} || FAIL=1
-		else
-			# ...or create a dummy default
-			ebegin "Creating ${locale_conf}"
-			cat > "${locale_conf}" <<-EOF
-				# This file has been created by the sys-apps/systemd ebuild.
-				# See locale.conf(5) and localectl(1).
-
-				# LANG=${LANG}
-			EOF
-			eend ${?} || FAIL=1
-		fi
-	fi
-
-	if [[ ! -L ${envd_locale} ]]; then
-		# now, if env.d/??locale is not a symlink (to locale.conf)...
-		if [[ -e ${envd_locale} ]]; then
-			# ...warn the user that he has duplicate locale settings
-			ewarn
-			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
-			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
-			ewarn "and create the symlink with the following command:"
-			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
-			ewarn
-		else
-			# ...or just create the symlink if there's nothing here
-			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
-			ln -n -s ../locale.conf "${envd_locale_def}"
-			eend ${?} || FAIL=1
-		fi
-	fi
-}
-
-pkg_postinst() {
-	newusergroup() {
-		enewgroup "$1"
-		enewuser "$1" -1 -1 -1 "$1"
-	}
-
-	enewgroup input
-	enewgroup kvm 78
-	enewgroup render
-	enewgroup systemd-journal
-	newusergroup systemd-bus-proxy
-	newusergroup systemd-coredump
-	newusergroup systemd-journal-gateway
-	newusergroup systemd-journal-remote
-	newusergroup systemd-journal-upload
-	newusergroup systemd-network
-	newusergroup systemd-resolve
-	newusergroup systemd-timesync
-
-	systemd_update_catalog
-
-	# Keep this here in case the database format changes so it gets updated
-	# when required. Despite that this file is owned by sys-apps/hwids.
-	if has_version "sys-apps/hwids[udev]"; then
-		udevadm hwdb --update --root="${EROOT%/}"
-	fi
-
-	udev_reload || FAIL=1
-
-	# Bug 465468, make sure locales are respect, and ensure consistency
-	# between OpenRC & systemd
-	migrate_locale
-
-	systemd_reenable systemd-networkd.service systemd-resolved.service
-
-	if [[ ${FAIL} ]]; then
-		eerror "One of the postinst commands failed. Please check the postinst output"
-		eerror "for errors. You may need to clean up your system and/or try installing"
-		eerror "systemd again."
-		eerror
-	fi
-}
-
-pkg_prerm() {
-	# If removing systemd completely, remove the catalog database.
-	if [[ ! ${REPLACED_BY_VERSION} ]]; then
-		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
-	fi
-}

diff --git a/sys-apps/systemd/systemd-237-r3.ebuild b/sys-apps/systemd/systemd-237-r3.ebuild
deleted file mode 100644
index d0254ee71db..00000000000
--- a/sys-apps/systemd/systemd-237-r3.ebuild
+++ /dev/null
@@ -1,442 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
-	inherit git-r3
-else
-	SRC_URI="https://github.com/systemd/systemd/archive/v${PV}/${P}.tar.gz
-		https://dev.gentoo.org/~floppym/dist/${P}-patches-0.tar.gz"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~x86"
-fi
-
-PYTHON_COMPAT=( python{3_4,3_5,3_6} )
-
-inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev user
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi http idn importd +kmod libidn2 +lz4 lzma nat pam pcre policykit qrcode +seccomp selinux ssl +sysv-utils test usrmerge vanilla xkb"
-
-REQUIRED_USE="importd? ( curl gcrypt lzma )"
-RESTRICT="!test? ( test )"
-
-MINKV="3.11"
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
-	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
-	!<sys-libs/glibc-2.16
-	acl? ( sys-apps/acl:0= )
-	apparmor? ( sys-libs/libapparmor:0= )
-	audit? ( >=sys-process/audit-2:0= )
-	cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
-	curl? ( net-misc/curl:0= )
-	elfutils? ( >=dev-libs/elfutils-0.158:0= )
-	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
-	http? (
-		>=net-libs/libmicrohttpd-0.9.33:0=
-		ssl? ( >=net-libs/gnutls-3.1.4:0= )
-	)
-	idn? (
-		libidn2? ( net-dns/libidn2 )
-		!libidn2? ( net-dns/libidn )
-	)
-	importd? (
-		app-arch/bzip2:0=
-		sys-libs/zlib:0=
-	)
-	kmod? ( >=sys-apps/kmod-15:0= )
-	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
-	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
-	nat? ( net-firewall/iptables:0= )
-	pam? ( virtual/pam:=[${MULTILIB_USEDEP}] )
-	pcre? ( dev-libs/libpcre2 )
-	qrcode? ( media-gfx/qrencode:0= )
-	seccomp? ( >=sys-libs/libseccomp-2.3.1:0= )
-	selinux? ( sys-libs/libselinux:0= )
-	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
-	abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
-	>=sys-apps/baselayout-2.2
-	selinux? ( sec-policy/selinux-base-policy[systemd] )
-	sysv-utils? ( !sys-apps/sysvinit )
-	!sysv-utils? ( sys-apps/sysvinit )
-	!build? ( || (
-		sys-apps/util-linux[kill(-)]
-		sys-process/procps[kill(+)]
-		sys-apps/coreutils[kill(-)]
-	) )
-	!sys-auth/nss-myhostname
-	!<sys-kernel/dracut-044
-	!sys-fs/eudev
-	!sys-fs/udev"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
-	>=sys-apps/hwids-20150417[udev]
-	>=sys-fs/udev-init-scripts-25
-	policykit? ( sys-auth/polkit )
-	!vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
-	app-arch/xz-utils:0
-	dev-util/gperf
-	>=dev-util/intltool-0.50
-	>=sys-apps/coreutils-8.16
-	>=sys-kernel/linux-headers-${MINKV}
-	virtual/pkgconfig
-	gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
-	test? ( sys-apps/dbus )
-	app-text/docbook-xml-dtd:4.2
-	app-text/docbook-xml-dtd:4.5
-	app-text/docbook-xsl-stylesheets
-	dev-libs/libxslt:0
-	$(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
-"
-
-pkg_pretend() {
-	if [[ ${MERGE_TYPE} != buildonly ]]; then
-		local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
-			~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
-			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
-			~TIMERFD ~TMPFS_XATTR ~UNIX
-			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
-			~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
-			~!SYSFS_DEPRECATED_V2"
-
-		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
-		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
-		kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
-		kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
-		kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
-
-		if linux_config_exists; then
-			local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
-			if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
-				ewarn "It's recommended to set an empty value to the following kernel config option:"
-				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
-			fi
-			if linux_chkconfig_present X86; then
-				CONFIG_CHECK+=" ~DMIID"
-			fi
-		fi
-
-		if kernel_is -lt ${MINKV//./ }; then
-			ewarn "Kernel version at least ${MINKV} required"
-		fi
-
-		check_extra_config
-	fi
-}
-
-pkg_setup() {
-	:
-}
-
-src_unpack() {
-	default
-	[[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
-	local PATCHES=(
-		"${FILESDIR}/237-0001-networkctl-display-type.patch"
-		"${FILESDIR}/238-libmount-include.patch"
-	)
-
-	[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
-	if ! use vanilla; then
-		PATCHES+=(
-			"${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
-			"${FILESDIR}/gentoo-systemd-user-pam.patch"
-			"${FILESDIR}/gentoo-uucp-group-r1.patch"
-			"${FILESDIR}/gentoo-generator-path.patch"
-		)
-	fi
-
-	default
-}
-
-src_configure() {
-	# Prevent conflicts with i686 cross toolchain, bug 559726
-	tc-export AR CC NM OBJCOPY RANLIB
-
-	python_setup
-
-	multilib-minimal_src_configure
-}
-
-meson_use() {
-	usex "$1" true false
-}
-
-meson_multilib() {
-	if multilib_is_native_abi; then
-		echo true
-	else
-		echo false
-	fi
-}
-
-meson_multilib_native_use() {
-	if multilib_is_native_abi && use "$1"; then
-		echo true
-	else
-		echo false
-	fi
-}
-
-multilib_src_configure() {
-	local myconf=(
-		--localstatedir="${EPREFIX}/var"
-		-Dpamlibdir="$(getpam_mod_dir)"
-		# avoid bash-completion dep
-		-Dbashcompletiondir="$(get_bashcompdir)"
-		# make sure we get /bin:/sbin in PATH
-		-Dsplit-usr=$(usex usrmerge false true)
-		-Drootprefix="$(usex usrmerge "${EPREFIX}/usr" "${EPREFIX:-/}")"
-		-Dsysvinit-path=
-		-Dsysvrcnd-path=
-		# Avoid infinite exec recursion, bug 642724
-		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
-		# no deps
-		-Defi=$(meson_multilib)
-		-Dima=true
-		# Optional components/dependencies
-		-Dacl=$(meson_multilib_native_use acl)
-		-Dapparmor=$(meson_multilib_native_use apparmor)
-		-Daudit=$(meson_multilib_native_use audit)
-		-Dlibcryptsetup=$(meson_multilib_native_use cryptsetup)
-		-Dlibcurl=$(meson_multilib_native_use curl)
-		-Delfutils=$(meson_multilib_native_use elfutils)
-		-Dgcrypt=$(meson_use gcrypt)
-		-Dgnu-efi=$(meson_multilib_native_use gnuefi)
-		-Defi-libdir="${EPREFIX}/usr/$(get_libdir)"
-		-Dmicrohttpd=$(meson_multilib_native_use http)
-		$(usex http -Dgnutls=$(meson_multilib_native_use ssl) -Dgnutls=false)
-		-Dimportd=$(meson_multilib_native_use importd)
-		-Dbzip2=$(meson_multilib_native_use importd)
-		-Dzlib=$(meson_multilib_native_use importd)
-		-Dkmod=$(meson_multilib_native_use kmod)
-		-Dlz4=$(meson_use lz4)
-		-Dxz=$(meson_use lzma)
-		-Dlibiptc=$(meson_multilib_native_use nat)
-		-Dpam=$(meson_use pam)
-		-Dpcre2=$(meson_multilib_native_use pcre)
-		-Dpolkit=$(meson_multilib_native_use policykit)
-		-Dqrencode=$(meson_multilib_native_use qrcode)
-		-Dseccomp=$(meson_multilib_native_use seccomp)
-		-Dselinux=$(meson_multilib_native_use selinux)
-		#-Dtests=$(meson_multilib_native_use test)
-		-Ddbus=$(meson_multilib_native_use test)
-		-Dxkbcommon=$(meson_multilib_native_use xkb)
-		# hardcode a few paths to spare some deps
-		-Dkill-path=/bin/kill
-		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
-		# Breaks screen, tmux, etc.
-		-Ddefault-kill-user-processes=false
-
-		# multilib options
-		-Dbacklight=$(meson_multilib)
-		-Dbinfmt=$(meson_multilib)
-		-Dcoredump=$(meson_multilib)
-		-Denvironment-d=$(meson_multilib)
-		-Dfirstboot=$(meson_multilib)
-		-Dhibernate=$(meson_multilib)
-		-Dhostnamed=$(meson_multilib)
-		-Dhwdb=$(meson_multilib)
-		-Dldconfig=$(meson_multilib)
-		-Dlocaled=$(meson_multilib)
-		-Dman=$(meson_multilib)
-		-Dnetworkd=$(meson_multilib)
-		-Dquotacheck=$(meson_multilib)
-		-Drandomseed=$(meson_multilib)
-		-Drfkill=$(meson_multilib)
-		-Dsysusers=$(meson_multilib)
-		-Dtimedated=$(meson_multilib)
-		-Dtimesyncd=$(meson_multilib)
-		-Dtmpfiles=$(meson_multilib)
-		-Dvconsole=$(meson_multilib)
-	)
-
-	if multilib_is_native_abi && use idn; then
-		myconf+=(
-			-Dlibidn2=$(usex libidn2 true false)
-			-Dlibidn=$(usex libidn2 false true)
-		)
-	else
-		myconf+=(
-			-Dlibidn2=false
-			-Dlibidn=false
-		)
-	fi
-
-	meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_compile() {
-	eninja
-}
-
-multilib_src_test() {
-	eninja test
-}
-
-multilib_src_install() {
-	DESTDIR="${D}" eninja install
-}
-
-multilib_src_install_all() {
-	# meson doesn't know about docdir
-	mv "${ED%/}"/usr/share/doc/{systemd,${PF}} || die
-
-	einstalldocs
-	dodoc "${FILESDIR}"/nsswitch.conf
-
-	if use sysv-utils; then
-		local app
-		for app in halt poweroff reboot runlevel shutdown telinit; do
-			dosym ../bin/systemctl /sbin/${app}
-		done
-		dosym ../lib/systemd/systemd /sbin/init
-	else
-		# we just keep sysvinit tools, so no need for the mans
-		rm "${ED%/}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
-			|| die
-		rm "${ED%/}"/usr/share/man/man1/init.1 || die
-	fi
-
-	# Preserve empty dirs in /etc & /var, bug #437008
-	keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
-	keepdir /etc/systemd/{ntp-units.d,user} /var/lib/systemd
-	keepdir /etc/udev/{hwdb.d,rules.d}
-	keepdir /var/log/journal/remote
-
-	# Symlink /etc/sysctl.conf for easy migration.
-	dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
-
-	# If we install these symlinks, there is no way for the sysadmin to remove them
-	# permanently.
-	rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
-	rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.network1.service || die
-	rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
-	rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.resolve1.service || die
-	rm -fr "${ED%/}"/etc/systemd/system/network-online.target.wants || die
-	rm -fr "${ED%/}"/etc/systemd/system/sockets.target.wants || die
-	rm -fr "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
-
-	local udevdir=/lib/udev
-	use usrmerge && udevdir=/usr/lib/udev
-
-	rm -r "${ED%/}${udevdir}/hwdb.d" || die
-
-	if ! use usrmerge; then
-		# Avoid breaking boot/reboot
-		dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
-		dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
-	fi
-}
-
-migrate_locale() {
-	local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
-	local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
-	local locale_conf="${EROOT%/}/etc/locale.conf"
-
-	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
-		# If locale.conf does not exist...
-		if [[ -e ${envd_locale} ]]; then
-			# ...either copy env.d/??locale if there's one
-			ebegin "Moving ${envd_locale} to ${locale_conf}"
-			mv "${envd_locale}" "${locale_conf}"
-			eend ${?} || FAIL=1
-		else
-			# ...or create a dummy default
-			ebegin "Creating ${locale_conf}"
-			cat > "${locale_conf}" <<-EOF
-				# This file has been created by the sys-apps/systemd ebuild.
-				# See locale.conf(5) and localectl(1).
-
-				# LANG=${LANG}
-			EOF
-			eend ${?} || FAIL=1
-		fi
-	fi
-
-	if [[ ! -L ${envd_locale} ]]; then
-		# now, if env.d/??locale is not a symlink (to locale.conf)...
-		if [[ -e ${envd_locale} ]]; then
-			# ...warn the user that he has duplicate locale settings
-			ewarn
-			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
-			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
-			ewarn "and create the symlink with the following command:"
-			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
-			ewarn
-		else
-			# ...or just create the symlink if there's nothing here
-			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
-			ln -n -s ../locale.conf "${envd_locale_def}"
-			eend ${?} || FAIL=1
-		fi
-	fi
-}
-
-pkg_postinst() {
-	newusergroup() {
-		enewgroup "$1"
-		enewuser "$1" -1 -1 -1 "$1"
-	}
-
-	enewgroup input
-	enewgroup kvm 78
-	enewgroup render
-	enewgroup systemd-journal
-	newusergroup systemd-bus-proxy
-	newusergroup systemd-coredump
-	newusergroup systemd-journal-gateway
-	newusergroup systemd-journal-remote
-	newusergroup systemd-journal-upload
-	newusergroup systemd-network
-	newusergroup systemd-resolve
-	newusergroup systemd-timesync
-
-	systemd_update_catalog
-
-	# Keep this here in case the database format changes so it gets updated
-	# when required. Despite that this file is owned by sys-apps/hwids.
-	if has_version "sys-apps/hwids[udev]"; then
-		udevadm hwdb --update --root="${EROOT%/}"
-	fi
-
-	udev_reload || FAIL=1
-
-	# Bug 465468, make sure locales are respect, and ensure consistency
-	# between OpenRC & systemd
-	migrate_locale
-
-	systemd_reenable systemd-networkd.service systemd-resolved.service
-
-	if [[ ${FAIL} ]]; then
-		eerror "One of the postinst commands failed. Please check the postinst output"
-		eerror "for errors. You may need to clean up your system and/or try installing"
-		eerror "systemd again."
-		eerror
-	fi
-}
-
-pkg_prerm() {
-	# If removing systemd completely, remove the catalog database.
-	if [[ ! ${REPLACED_BY_VERSION} ]]; then
-		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
-	fi
-}

diff --git a/sys-apps/systemd/systemd-238-r1.ebuild b/sys-apps/systemd/systemd-238-r1.ebuild
deleted file mode 100644
index 2903bb82e51..00000000000
--- a/sys-apps/systemd/systemd-238-r1.ebuild
+++ /dev/null
@@ -1,437 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
-	inherit git-r3
-else
-	SRC_URI="https://github.com/systemd/systemd/archive/v${PV}/${P}.tar.gz"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~x86"
-fi
-
-PYTHON_COMPAT=( python{3_4,3_5,3_6} )
-
-inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev user
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi http idn importd +kmod libidn2 +lz4 lzma nat pam pcre policykit qrcode +seccomp selinux ssl +sysv-utils test usrmerge vanilla xkb"
-
-REQUIRED_USE="importd? ( curl gcrypt lzma )"
-RESTRICT="!test? ( test )"
-
-MINKV="3.11"
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
-	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
-	!<sys-libs/glibc-2.16
-	acl? ( sys-apps/acl:0= )
-	apparmor? ( sys-libs/libapparmor:0= )
-	audit? ( >=sys-process/audit-2:0= )
-	cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
-	curl? ( net-misc/curl:0= )
-	elfutils? ( >=dev-libs/elfutils-0.158:0= )
-	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
-	http? (
-		>=net-libs/libmicrohttpd-0.9.33:0=
-		ssl? ( >=net-libs/gnutls-3.1.4:0= )
-	)
-	idn? (
-		libidn2? ( net-dns/libidn2 )
-		!libidn2? ( net-dns/libidn )
-	)
-	importd? (
-		app-arch/bzip2:0=
-		sys-libs/zlib:0=
-	)
-	kmod? ( >=sys-apps/kmod-15:0= )
-	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
-	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
-	nat? ( net-firewall/iptables:0= )
-	pam? ( virtual/pam:=[${MULTILIB_USEDEP}] )
-	pcre? ( dev-libs/libpcre2 )
-	qrcode? ( media-gfx/qrencode:0= )
-	seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
-	selinux? ( sys-libs/libselinux:0= )
-	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
-	abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
-	>=sys-apps/baselayout-2.2
-	selinux? ( sec-policy/selinux-base-policy[systemd] )
-	sysv-utils? ( !sys-apps/sysvinit )
-	!sysv-utils? ( sys-apps/sysvinit )
-	!build? ( || (
-		sys-apps/util-linux[kill(-)]
-		sys-process/procps[kill(+)]
-		sys-apps/coreutils[kill(-)]
-	) )
-	!sys-auth/nss-myhostname
-	!<sys-kernel/dracut-044
-	!sys-fs/eudev
-	!sys-fs/udev"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
-	>=sys-apps/hwids-20150417[udev]
-	>=sys-fs/udev-init-scripts-25
-	policykit? ( sys-auth/polkit )
-	!vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
-	app-arch/xz-utils:0
-	dev-util/gperf
-	>=dev-util/intltool-0.50
-	>=sys-apps/coreutils-8.16
-	>=sys-kernel/linux-headers-${MINKV}
-	virtual/pkgconfig
-	gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
-	test? ( sys-apps/dbus )
-	app-text/docbook-xml-dtd:4.2
-	app-text/docbook-xml-dtd:4.5
-	app-text/docbook-xsl-stylesheets
-	dev-libs/libxslt:0
-	$(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
-"
-
-pkg_pretend() {
-	if [[ ${MERGE_TYPE} != buildonly ]]; then
-		local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
-			~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
-			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
-			~TIMERFD ~TMPFS_XATTR ~UNIX
-			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
-			~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
-			~!SYSFS_DEPRECATED_V2"
-
-		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
-		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
-		kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
-		kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
-		kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
-
-		if linux_config_exists; then
-			local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
-			if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
-				ewarn "It's recommended to set an empty value to the following kernel config option:"
-				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
-			fi
-			if linux_chkconfig_present X86; then
-				CONFIG_CHECK+=" ~DMIID"
-			fi
-		fi
-
-		if kernel_is -lt ${MINKV//./ }; then
-			ewarn "Kernel version at least ${MINKV} required"
-		fi
-
-		check_extra_config
-	fi
-}
-
-pkg_setup() {
-	:
-}
-
-src_unpack() {
-	default
-	[[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
-	local PATCHES=(
-		"${FILESDIR}/238-0001-sd-bus-do-not-try-to-close-already-closed-fd-8392.patch"
-		"${FILESDIR}/238-0002-core-do-not-free-heap-allocated-strings-8391.patch"
-		"${FILESDIR}/238-libmount-include.patch"
-	)
-
-	[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
-	if ! use vanilla; then
-		PATCHES+=(
-			"${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
-			"${FILESDIR}/gentoo-systemd-user-pam.patch"
-			"${FILESDIR}/gentoo-uucp-group-r1.patch"
-			"${FILESDIR}/gentoo-generator-path.patch"
-		)
-	fi
-
-	default
-}
-
-src_configure() {
-	# Prevent conflicts with i686 cross toolchain, bug 559726
-	tc-export AR CC NM OBJCOPY RANLIB
-
-	python_setup
-
-	multilib-minimal_src_configure
-}
-
-meson_use() {
-	usex "$1" true false
-}
-
-meson_multilib() {
-	if multilib_is_native_abi; then
-		echo true
-	else
-		echo false
-	fi
-}
-
-meson_multilib_native_use() {
-	if multilib_is_native_abi && use "$1"; then
-		echo true
-	else
-		echo false
-	fi
-}
-
-multilib_src_configure() {
-	local myconf=(
-		--localstatedir="${EPREFIX}/var"
-		-Dpamlibdir="$(getpam_mod_dir)"
-		# avoid bash-completion dep
-		-Dbashcompletiondir="$(get_bashcompdir)"
-		# make sure we get /bin:/sbin in PATH
-		-Dsplit-usr=$(usex usrmerge false true)
-		-Drootprefix="$(usex usrmerge "${EPREFIX}/usr" "${EPREFIX:-/}")"
-		-Dsysvinit-path=
-		-Dsysvrcnd-path=
-		# Avoid infinite exec recursion, bug 642724
-		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
-		# no deps
-		-Defi=$(meson_multilib)
-		-Dima=true
-		# Optional components/dependencies
-		-Dacl=$(meson_multilib_native_use acl)
-		-Dapparmor=$(meson_multilib_native_use apparmor)
-		-Daudit=$(meson_multilib_native_use audit)
-		-Dlibcryptsetup=$(meson_multilib_native_use cryptsetup)
-		-Dlibcurl=$(meson_multilib_native_use curl)
-		-Delfutils=$(meson_multilib_native_use elfutils)
-		-Dgcrypt=$(meson_use gcrypt)
-		-Dgnu-efi=$(meson_multilib_native_use gnuefi)
-		-Defi-libdir="${EPREFIX}/usr/$(get_libdir)"
-		-Dmicrohttpd=$(meson_multilib_native_use http)
-		$(usex http -Dgnutls=$(meson_multilib_native_use ssl) -Dgnutls=false)
-		-Dimportd=$(meson_multilib_native_use importd)
-		-Dbzip2=$(meson_multilib_native_use importd)
-		-Dzlib=$(meson_multilib_native_use importd)
-		-Dkmod=$(meson_multilib_native_use kmod)
-		-Dlz4=$(meson_use lz4)
-		-Dxz=$(meson_use lzma)
-		-Dlibiptc=$(meson_multilib_native_use nat)
-		-Dpam=$(meson_use pam)
-		-Dpcre2=$(meson_multilib_native_use pcre)
-		-Dpolkit=$(meson_multilib_native_use policykit)
-		-Dqrencode=$(meson_multilib_native_use qrcode)
-		-Dseccomp=$(meson_multilib_native_use seccomp)
-		-Dselinux=$(meson_multilib_native_use selinux)
-		#-Dtests=$(meson_multilib_native_use test)
-		-Ddbus=$(meson_multilib_native_use test)
-		-Dxkbcommon=$(meson_multilib_native_use xkb)
-		# hardcode a few paths to spare some deps
-		-Dkill-path=/bin/kill
-		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
-		# Breaks screen, tmux, etc.
-		-Ddefault-kill-user-processes=false
-
-		# multilib options
-		-Dbacklight=$(meson_multilib)
-		-Dbinfmt=$(meson_multilib)
-		-Dcoredump=$(meson_multilib)
-		-Denvironment-d=$(meson_multilib)
-		-Dfirstboot=$(meson_multilib)
-		-Dhibernate=$(meson_multilib)
-		-Dhostnamed=$(meson_multilib)
-		-Dhwdb=$(meson_multilib)
-		-Dldconfig=$(meson_multilib)
-		-Dlocaled=$(meson_multilib)
-		-Dman=$(meson_multilib)
-		-Dnetworkd=$(meson_multilib)
-		-Dquotacheck=$(meson_multilib)
-		-Drandomseed=$(meson_multilib)
-		-Drfkill=$(meson_multilib)
-		-Dsysusers=$(meson_multilib)
-		-Dtimedated=$(meson_multilib)
-		-Dtimesyncd=$(meson_multilib)
-		-Dtmpfiles=$(meson_multilib)
-		-Dvconsole=$(meson_multilib)
-	)
-
-	if multilib_is_native_abi && use idn; then
-		myconf+=(
-			-Dlibidn2=$(usex libidn2 true false)
-			-Dlibidn=$(usex libidn2 false true)
-		)
-	else
-		myconf+=(
-			-Dlibidn2=false
-			-Dlibidn=false
-		)
-	fi
-
-	meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_compile() {
-	eninja
-}
-
-multilib_src_test() {
-	eninja test
-}
-
-multilib_src_install() {
-	DESTDIR="${D}" eninja install
-}
-
-multilib_src_install_all() {
-	# meson doesn't know about docdir
-	mv "${ED%/}"/usr/share/doc/{systemd,${PF}} || die
-
-	einstalldocs
-	dodoc "${FILESDIR}"/nsswitch.conf
-
-	if ! use sysv-utils; then
-		local rootprefix=$(usex usrmerge /usr '')
-		rm "${ED%/}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
-		rmdir "${ED%/}${rootprefix}"/sbin || die
-		rm "${ED%/}"/usr/share/man/man1/init.1 || die
-		rm "${ED%/}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
-	fi
-
-	# Preserve empty dirs in /etc & /var, bug #437008
-	keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
-	keepdir /etc/systemd/{ntp-units.d,user} /var/lib/systemd
-	keepdir /etc/udev/{hwdb.d,rules.d}
-	keepdir /var/log/journal/remote
-
-	# Symlink /etc/sysctl.conf for easy migration.
-	dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
-
-	# If we install these symlinks, there is no way for the sysadmin to remove them
-	# permanently.
-	rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
-	rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.network1.service || die
-	rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
-	rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.resolve1.service || die
-	rm -fr "${ED%/}"/etc/systemd/system/network-online.target.wants || die
-	rm -fr "${ED%/}"/etc/systemd/system/sockets.target.wants || die
-	rm -fr "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
-
-	local udevdir=/lib/udev
-	use usrmerge && udevdir=/usr/lib/udev
-
-	rm -r "${ED%/}${udevdir}/hwdb.d" || die
-
-	if ! use usrmerge; then
-		# Avoid breaking boot/reboot
-		dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
-		dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
-	fi
-}
-
-migrate_locale() {
-	local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
-	local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
-	local locale_conf="${EROOT%/}/etc/locale.conf"
-
-	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
-		# If locale.conf does not exist...
-		if [[ -e ${envd_locale} ]]; then
-			# ...either copy env.d/??locale if there's one
-			ebegin "Moving ${envd_locale} to ${locale_conf}"
-			mv "${envd_locale}" "${locale_conf}"
-			eend ${?} || FAIL=1
-		else
-			# ...or create a dummy default
-			ebegin "Creating ${locale_conf}"
-			cat > "${locale_conf}" <<-EOF
-				# This file has been created by the sys-apps/systemd ebuild.
-				# See locale.conf(5) and localectl(1).
-
-				# LANG=${LANG}
-			EOF
-			eend ${?} || FAIL=1
-		fi
-	fi
-
-	if [[ ! -L ${envd_locale} ]]; then
-		# now, if env.d/??locale is not a symlink (to locale.conf)...
-		if [[ -e ${envd_locale} ]]; then
-			# ...warn the user that he has duplicate locale settings
-			ewarn
-			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
-			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
-			ewarn "and create the symlink with the following command:"
-			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
-			ewarn
-		else
-			# ...or just create the symlink if there's nothing here
-			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
-			ln -n -s ../locale.conf "${envd_locale_def}"
-			eend ${?} || FAIL=1
-		fi
-	fi
-}
-
-pkg_postinst() {
-	newusergroup() {
-		enewgroup "$1"
-		enewuser "$1" -1 -1 -1 "$1"
-	}
-
-	enewgroup input
-	enewgroup kvm 78
-	enewgroup render
-	enewgroup systemd-journal
-	newusergroup systemd-bus-proxy
-	newusergroup systemd-coredump
-	newusergroup systemd-journal-gateway
-	newusergroup systemd-journal-remote
-	newusergroup systemd-journal-upload
-	newusergroup systemd-network
-	newusergroup systemd-resolve
-	newusergroup systemd-timesync
-
-	systemd_update_catalog
-
-	# Keep this here in case the database format changes so it gets updated
-	# when required. Despite that this file is owned by sys-apps/hwids.
-	if has_version "sys-apps/hwids[udev]"; then
-		udevadm hwdb --update --root="${EROOT%/}"
-	fi
-
-	udev_reload || FAIL=1
-
-	# Bug 465468, make sure locales are respect, and ensure consistency
-	# between OpenRC & systemd
-	migrate_locale
-
-	systemd_reenable systemd-networkd.service systemd-resolved.service
-
-	if [[ ${FAIL} ]]; then
-		eerror "One of the postinst commands failed. Please check the postinst output"
-		eerror "for errors. You may need to clean up your system and/or try installing"
-		eerror "systemd again."
-		eerror
-	fi
-}
-
-pkg_prerm() {
-	# If removing systemd completely, remove the catalog database.
-	if [[ ! ${REPLACED_BY_VERSION} ]]; then
-		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
-	fi
-}


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2018-03-26 21:17 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2018-03-26 21:17 UTC (permalink / raw
  To: gentoo-commits

commit:     9463c487ae1bf6a960ea83fafcda88b17c90ef06
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 26 21:17:04 2018 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Mar 26 21:17:23 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9463c487

sys-apps/systemd: fix build with util-linux-2.32

Closes: https://bugs.gentoo.org/651304
Package-Manager: Portage-2.3.24, Repoman-2.3.6_p81

 sys-apps/systemd/files/238-libmount-include.patch | 72 +++++++++++++++++++++++
 sys-apps/systemd/systemd-236-r5.ebuild            |  1 +
 sys-apps/systemd/systemd-237-r3.ebuild            |  1 +
 sys-apps/systemd/systemd-238-r1.ebuild            |  1 +
 4 files changed, 75 insertions(+)

diff --git a/sys-apps/systemd/files/238-libmount-include.patch b/sys-apps/systemd/files/238-libmount-include.patch
new file mode 100644
index 00000000000..6a02dff65e4
--- /dev/null
+++ b/sys-apps/systemd/files/238-libmount-include.patch
@@ -0,0 +1,72 @@
+From 227b8a762fea1458547be2cdf0e6e4aac0079730 Mon Sep 17 00:00:00 2001
+From: Michael Olbrich <m.olbrich@pengutronix.de>
+Date: Mon, 26 Mar 2018 17:34:53 +0200
+Subject: [PATCH] core: don't include libmount.h in a header file (#8580)
+
+linux/fs.h sys/mount.h, libmount.h and missing.h all include MS_*
+definitions.
+
+To avoid problems, only one of linux/fs.h, sys/mount.h and libmount.h
+should be included. And missing.h must be included last.
+
+Without this, building systemd may fail with:
+
+In file included from [...]/libmount/libmount.h:31:0,
+                 from ../systemd-238/src/core/manager.h:23,
+                 from ../systemd-238/src/core/emergency-action.h:37,
+                 from ../systemd-238/src/core/unit.h:34,
+                 from ../systemd-238/src/core/dbus-timer.h:25,
+                 from ../systemd-238/src/core/timer.c:26:
+[...]/sys/mount.h:57:2: error: expected identifier before numeric constant
+---
+ src/core/dbus-execute.c | 1 +
+ src/core/manager.h      | 3 ++-
+ src/core/mount.c        | 2 ++
+ 3 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
+index 7344623ebf6..c342093bca4 100644
+--- a/src/core/dbus-execute.c
++++ b/src/core/dbus-execute.c
+@@ -18,6 +18,7 @@
+   along with systemd; If not, see <http://www.gnu.org/licenses/>.
+ ***/
+ 
++#include <sys/mount.h>
+ #include <sys/prctl.h>
+ #include <stdio_ext.h>
+ 
+diff --git a/src/core/manager.h b/src/core/manager.h
+index 28c5da225b1..e09e0cdf5e9 100644
+--- a/src/core/manager.h
++++ b/src/core/manager.h
+@@ -20,7 +20,6 @@
+   along with systemd; If not, see <http://www.gnu.org/licenses/>.
+ ***/
+ 
+-#include <libmount.h>
+ #include <stdbool.h>
+ #include <stdio.h>
+ 
+@@ -34,6 +33,8 @@
+ #include "list.h"
+ #include "ratelimit.h"
+ 
++struct libmnt_monitor;
++
+ /* Enforce upper limit how many names we allow */
+ #define MANAGER_MAX_NAMES 131072 /* 128K */
+ 
+diff --git a/src/core/mount.c b/src/core/mount.c
+index 0e755da5c02..0154ebda5d6 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -23,6 +23,8 @@
+ #include <stdio.h>
+ #include <sys/epoll.h>
+ 
++#include <libmount.h>
++
+ #include "sd-messages.h"
+ 
+ #include "alloc-util.h"

diff --git a/sys-apps/systemd/systemd-236-r5.ebuild b/sys-apps/systemd/systemd-236-r5.ebuild
index ed62d0a6f44..aed2113e91a 100644
--- a/sys-apps/systemd/systemd-236-r5.ebuild
+++ b/sys-apps/systemd/systemd-236-r5.ebuild
@@ -148,6 +148,7 @@ src_unpack() {
 
 src_prepare() {
 	local PATCHES=(
+		"${FILESDIR}/238-libmount-include.patch"
 	)
 
 	[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )

diff --git a/sys-apps/systemd/systemd-237-r3.ebuild b/sys-apps/systemd/systemd-237-r3.ebuild
index 466126ca683..d0254ee71db 100644
--- a/sys-apps/systemd/systemd-237-r3.ebuild
+++ b/sys-apps/systemd/systemd-237-r3.ebuild
@@ -150,6 +150,7 @@ src_unpack() {
 src_prepare() {
 	local PATCHES=(
 		"${FILESDIR}/237-0001-networkctl-display-type.patch"
+		"${FILESDIR}/238-libmount-include.patch"
 	)
 
 	[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )

diff --git a/sys-apps/systemd/systemd-238-r1.ebuild b/sys-apps/systemd/systemd-238-r1.ebuild
index 2898aa322ed..2903bb82e51 100644
--- a/sys-apps/systemd/systemd-238-r1.ebuild
+++ b/sys-apps/systemd/systemd-238-r1.ebuild
@@ -150,6 +150,7 @@ src_prepare() {
 	local PATCHES=(
 		"${FILESDIR}/238-0001-sd-bus-do-not-try-to-close-already-closed-fd-8392.patch"
 		"${FILESDIR}/238-0002-core-do-not-free-heap-allocated-strings-8391.patch"
+		"${FILESDIR}/238-libmount-include.patch"
 	)
 
 	[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2018-03-10 17:29 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2018-03-10 17:29 UTC (permalink / raw
  To: gentoo-commits

commit:     7adcd630f7cdd1edbc7677d83976547506a6f661
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 10 17:29:26 2018 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Mar 10 17:29:26 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7adcd630

sys-apps/systemd: bump to 238

Package-Manager: Portage-2.3.24, Repoman-2.3.6_p81

 sys-apps/systemd/Manifest                          |   1 +
 ...o-not-try-to-close-already-closed-fd-8392.patch |  26 ++
 ...e-do-not-free-heap-allocated-strings-8391.patch |  44 ++
 sys-apps/systemd/systemd-238.ebuild                | 441 +++++++++++++++++++++
 4 files changed, 512 insertions(+)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 6d774fd4839..4907d8f2d32 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -5,3 +5,4 @@ DIST systemd-236-patches-2.tar.gz 54737 BLAKE2B bce5f9e234c975a2b6e474ca2a0c2c82
 DIST systemd-236.tar.gz 6759035 BLAKE2B 0fc26bd67fb6cc3b0565c763fc26e38186c4b05c3d38652b73a2189dfbfb46382dba239f7f6f889eec57ad1d8f69d4098745c8f4ca16a707aa23b7771f2328f3 SHA512 1a9672960e03e05c09e41fb8cfe9b0f25e867fd43f37f8371515ddddfdbd4270afd746a6da733f6d1d3b2cc43db1ecc7a9f2245f2dac2ec233db74e9e70e4f6d
 DIST systemd-237-patches-0.tar.gz 74617 BLAKE2B 52750bb08731e9e694a00fedc1e42beb7c6ad7736d3b6567f2ab094d4356506d10ec11e1c4c62623078d647c3314c71c9f141eb7c8628b610fd8a5e818b90ec6 SHA512 a6db99b330585e57c722bb0e692b0d988d5fbfef60c6cc87efbb7b903e55642c2f03bf6cdc80f15da22d0c41b5051387dac23a2f04238331f235154b17f32d1b
 DIST systemd-237.tar.gz 6871350 BLAKE2B 4734a110a297fbbd6679bced6302fcdca55ab5d4207905e8dee9f5545f1de841d5adeaa4fd89961b9e63709d04b5c862b8bc81481311cf8e72ee327e459c9d91 SHA512 15ef4b92815a6dd9a6c51672dbc00fd7cd0f08068ef0cbeaca574f68d330b28bc67ba1946f24f75ef3d9e7b63843a73eea700db54688061dbf5c9f8470394c3b
+DIST systemd-238.tar.gz 6954022 BLAKE2B 9b5cc36a7234c0d037a2656ee1e5ed54186a394b8be41771ebc29c903d3efcecf7f13f004a6d1695c022923bd0d540a243e897852f07e810f73fd3163f688dde SHA512 c0f272b022308d3bd94679184e102a8dc85de55310bda205a458ea33c77c7733e5c8c8e5b15f786ba3e0ce59e7c6a9bf0d5a0950517c6b91e0f345950129b9c8

diff --git a/sys-apps/systemd/files/238-0001-sd-bus-do-not-try-to-close-already-closed-fd-8392.patch b/sys-apps/systemd/files/238-0001-sd-bus-do-not-try-to-close-already-closed-fd-8392.patch
new file mode 100644
index 00000000000..c39575c62b6
--- /dev/null
+++ b/sys-apps/systemd/files/238-0001-sd-bus-do-not-try-to-close-already-closed-fd-8392.patch
@@ -0,0 +1,26 @@
+From 5681f772d7bc8226cb10bfc7f9fba0a29e34a54d Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Thu, 8 Mar 2018 22:19:35 +0900
+Subject: [PATCH 1/2] sd-bus: do not try to close already closed fd (#8392)
+
+Fixes #8376, which is introduced by 2b33ab0957f453a06b58e4bee482f2c2d4e100c1.
+---
+ src/libsystemd/sd-bus/bus-socket.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
+index b5160cff6..166fba157 100644
+--- a/src/libsystemd/sd-bus/bus-socket.c
++++ b/src/libsystemd/sd-bus/bus-socket.c
+@@ -960,8 +960,6 @@ int bus_socket_exec(sd_bus *b) {
+         if (r == 0) {
+                 /* Child */
+ 
+-                safe_close(s[0]);
+-
+                 if (rearrange_stdio(s[1], s[1], STDERR_FILENO) < 0)
+                         _exit(EXIT_FAILURE);
+ 
+-- 
+2.16.2
+

diff --git a/sys-apps/systemd/files/238-0002-core-do-not-free-heap-allocated-strings-8391.patch b/sys-apps/systemd/files/238-0002-core-do-not-free-heap-allocated-strings-8391.patch
new file mode 100644
index 00000000000..3ee2527f77d
--- /dev/null
+++ b/sys-apps/systemd/files/238-0002-core-do-not-free-heap-allocated-strings-8391.patch
@@ -0,0 +1,44 @@
+From 84c5e8010042788a03cff680592b37257b2a6de0 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Thu, 8 Mar 2018 22:21:54 +0900
+Subject: [PATCH 2/2] core: do not free heap-allocated strings (#8391)
+
+Fixes #8387.
+---
+ src/core/mount-setup.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
+index 536c17b4d..9c27972af 100644
+--- a/src/core/mount-setup.c
++++ b/src/core/mount-setup.c
+@@ -248,6 +248,7 @@ int mount_setup_early(void) {
+ 
+ int mount_cgroup_controllers(char ***join_controllers) {
+         _cleanup_set_free_free_ Set *controllers = NULL;
++        bool has_argument = !!join_controllers;
+         int r;
+ 
+         if (!cg_is_legacy_wanted())
+@@ -255,7 +256,7 @@ int mount_cgroup_controllers(char ***join_controllers) {
+ 
+         /* Mount all available cgroup controllers that are built into the kernel. */
+ 
+-        if (!join_controllers)
++        if (!has_argument)
+                 /* The defaults:
+                  * mount "cpu" + "cpuacct" together, and "net_cls" + "net_prio".
+                  *
+@@ -300,7 +301,8 @@ int mount_cgroup_controllers(char ***join_controllers) {
+ 
+                                         t = set_remove(controllers, *i);
+                                         if (!t) {
+-                                                free(*i);
++                                                if (has_argument)
++                                                        free(*i);
+                                                 continue;
+                                         }
+                                 }
+-- 
+2.16.2
+

diff --git a/sys-apps/systemd/systemd-238.ebuild b/sys-apps/systemd/systemd-238.ebuild
new file mode 100644
index 00000000000..00e28112485
--- /dev/null
+++ b/sys-apps/systemd/systemd-238.ebuild
@@ -0,0 +1,441 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+if [[ ${PV} == 9999 ]]; then
+	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+	inherit git-r3
+else
+	SRC_URI="https://github.com/systemd/systemd/archive/v${PV}/${P}.tar.gz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~x86"
+fi
+
+PYTHON_COMPAT=( python{3_4,3_5,3_6} )
+
+inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev user
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi http idn importd +kmod libidn2 +lz4 lzma nat pam pcre policykit qrcode +seccomp selinux ssl +sysv-utils test usrmerge vanilla xkb"
+
+REQUIRED_USE="importd? ( curl gcrypt lzma )"
+RESTRICT="!test? ( test )"
+
+MINKV="3.11"
+
+COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+	!<sys-libs/glibc-2.16
+	acl? ( sys-apps/acl:0= )
+	apparmor? ( sys-libs/libapparmor:0= )
+	audit? ( >=sys-process/audit-2:0= )
+	cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
+	curl? ( net-misc/curl:0= )
+	elfutils? ( >=dev-libs/elfutils-0.158:0= )
+	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+	http? (
+		>=net-libs/libmicrohttpd-0.9.33:0=
+		ssl? ( >=net-libs/gnutls-3.1.4:0= )
+	)
+	idn? (
+		libidn2? ( net-dns/libidn2 )
+		!libidn2? ( net-dns/libidn )
+	)
+	importd? (
+		app-arch/bzip2:0=
+		sys-libs/zlib:0=
+	)
+	kmod? ( >=sys-apps/kmod-15:0= )
+	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+	nat? ( net-firewall/iptables:0= )
+	pam? ( virtual/pam:=[${MULTILIB_USEDEP}] )
+	pcre? ( dev-libs/libpcre2 )
+	qrcode? ( media-gfx/qrencode:0= )
+	seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+	selinux? ( sys-libs/libselinux:0= )
+	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
+	abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+	>=sys-apps/baselayout-2.2
+	selinux? ( sec-policy/selinux-base-policy[systemd] )
+	sysv-utils? ( !sys-apps/sysvinit )
+	!sysv-utils? ( sys-apps/sysvinit )
+	!build? ( || (
+		sys-apps/util-linux[kill(-)]
+		sys-process/procps[kill(+)]
+		sys-apps/coreutils[kill(-)]
+	) )
+	!sys-auth/nss-myhostname
+	!<sys-kernel/dracut-044
+	!sys-fs/eudev
+	!sys-fs/udev"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+	>=sys-apps/hwids-20150417[udev]
+	>=sys-fs/udev-init-scripts-25
+	policykit? ( sys-auth/polkit )
+	!vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+	app-arch/xz-utils:0
+	dev-util/gperf
+	>=dev-util/intltool-0.50
+	>=sys-apps/coreutils-8.16
+	>=sys-kernel/linux-headers-${MINKV}
+	virtual/pkgconfig
+	gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
+	test? ( sys-apps/dbus )
+	app-text/docbook-xml-dtd:4.2
+	app-text/docbook-xml-dtd:4.5
+	app-text/docbook-xsl-stylesheets
+	dev-libs/libxslt:0
+	$(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
+"
+
+pkg_pretend() {
+	if [[ ${MERGE_TYPE} != buildonly ]]; then
+		local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
+			~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+			~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+			~TIMERFD ~TMPFS_XATTR ~UNIX
+			~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+			~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+			~!SYSFS_DEPRECATED_V2"
+
+		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+		kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
+		kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
+		kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
+
+		if linux_config_exists; then
+			local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+			if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+				ewarn "It's recommended to set an empty value to the following kernel config option:"
+				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+			fi
+			if linux_chkconfig_present X86; then
+				CONFIG_CHECK+=" ~DMIID"
+			fi
+		fi
+
+		if kernel_is -lt ${MINKV//./ }; then
+			ewarn "Kernel version at least ${MINKV} required"
+		fi
+
+		check_extra_config
+	fi
+}
+
+pkg_setup() {
+	:
+}
+
+src_unpack() {
+	default
+	[[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}/238-0001-sd-bus-do-not-try-to-close-already-closed-fd-8392.patch"
+		"${FILESDIR}/238-0002-core-do-not-free-heap-allocated-strings-8391.patch"
+	)
+
+	[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
+
+	if ! use vanilla; then
+		PATCHES+=(
+			"${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
+			"${FILESDIR}/gentoo-systemd-user-pam.patch"
+			"${FILESDIR}/gentoo-uucp-group-r1.patch"
+			"${FILESDIR}/gentoo-generator-path.patch"
+		)
+	fi
+
+	default
+}
+
+src_configure() {
+	# Prevent conflicts with i686 cross toolchain, bug 559726
+	tc-export AR CC NM OBJCOPY RANLIB
+
+	python_setup
+
+	multilib-minimal_src_configure
+}
+
+meson_use() {
+	usex "$1" true false
+}
+
+meson_multilib() {
+	if multilib_is_native_abi; then
+		echo true
+	else
+		echo false
+	fi
+}
+
+meson_multilib_native_use() {
+	if multilib_is_native_abi && use "$1"; then
+		echo true
+	else
+		echo false
+	fi
+}
+
+multilib_src_configure() {
+	local myconf=(
+		--localstatedir="${EPREFIX}/var"
+		-Dpamlibdir="$(getpam_mod_dir)"
+		# avoid bash-completion dep
+		-Dbashcompletiondir="$(get_bashcompdir)"
+		# make sure we get /bin:/sbin in PATH
+		-Dsplit-usr=$(usex usrmerge false true)
+		-Drootprefix="$(usex usrmerge "${EPREFIX}/usr" "${EPREFIX:-/}")"
+		-Dsysvinit-path=
+		-Dsysvrcnd-path=
+		# Avoid infinite exec recursion, bug 642724
+		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+		# no deps
+		-Defi=$(meson_multilib)
+		-Dima=true
+		# Optional components/dependencies
+		-Dacl=$(meson_multilib_native_use acl)
+		-Dapparmor=$(meson_multilib_native_use apparmor)
+		-Daudit=$(meson_multilib_native_use audit)
+		-Dlibcryptsetup=$(meson_multilib_native_use cryptsetup)
+		-Dlibcurl=$(meson_multilib_native_use curl)
+		-Delfutils=$(meson_multilib_native_use elfutils)
+		-Dgcrypt=$(meson_use gcrypt)
+		-Dgnu-efi=$(meson_multilib_native_use gnuefi)
+		-Defi-libdir="${EPREFIX}/usr/$(get_libdir)"
+		-Dmicrohttpd=$(meson_multilib_native_use http)
+		$(usex http -Dgnutls=$(meson_multilib_native_use ssl) -Dgnutls=false)
+		-Dimportd=$(meson_multilib_native_use importd)
+		-Dbzip2=$(meson_multilib_native_use importd)
+		-Dzlib=$(meson_multilib_native_use importd)
+		-Dkmod=$(meson_multilib_native_use kmod)
+		-Dlz4=$(meson_use lz4)
+		-Dxz=$(meson_use lzma)
+		-Dlibiptc=$(meson_multilib_native_use nat)
+		-Dpam=$(meson_use pam)
+		-Dpcre2=$(meson_multilib_native_use pcre)
+		-Dpolkit=$(meson_multilib_native_use policykit)
+		-Dqrencode=$(meson_multilib_native_use qrcode)
+		-Dseccomp=$(meson_multilib_native_use seccomp)
+		-Dselinux=$(meson_multilib_native_use selinux)
+		#-Dtests=$(meson_multilib_native_use test)
+		-Ddbus=$(meson_multilib_native_use test)
+		-Dxkbcommon=$(meson_multilib_native_use xkb)
+		# hardcode a few paths to spare some deps
+		-Dkill-path=/bin/kill
+		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+		# Breaks screen, tmux, etc.
+		-Ddefault-kill-user-processes=false
+
+		# multilib options
+		-Dbacklight=$(meson_multilib)
+		-Dbinfmt=$(meson_multilib)
+		-Dcoredump=$(meson_multilib)
+		-Denvironment-d=$(meson_multilib)
+		-Dfirstboot=$(meson_multilib)
+		-Dhibernate=$(meson_multilib)
+		-Dhostnamed=$(meson_multilib)
+		-Dhwdb=$(meson_multilib)
+		-Dldconfig=$(meson_multilib)
+		-Dlocaled=$(meson_multilib)
+		-Dman=$(meson_multilib)
+		-Dnetworkd=$(meson_multilib)
+		-Dquotacheck=$(meson_multilib)
+		-Drandomseed=$(meson_multilib)
+		-Drfkill=$(meson_multilib)
+		-Dsysusers=$(meson_multilib)
+		-Dtimedated=$(meson_multilib)
+		-Dtimesyncd=$(meson_multilib)
+		-Dtmpfiles=$(meson_multilib)
+		-Dvconsole=$(meson_multilib)
+	)
+
+	if multilib_is_native_abi && use idn; then
+		myconf+=(
+			-Dlibidn2=$(usex libidn2 true false)
+			-Dlibidn=$(usex libidn2 false true)
+		)
+	else
+		myconf+=(
+			-Dlibidn2=false
+			-Dlibidn=false
+		)
+	fi
+
+	meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_compile() {
+	eninja
+}
+
+multilib_src_test() {
+	eninja test
+}
+
+multilib_src_install() {
+	DESTDIR="${D}" eninja install
+}
+
+multilib_src_install_all() {
+	# meson doesn't know about docdir
+	mv "${ED%/}"/usr/share/doc/{systemd,${PF}} || die
+
+	einstalldocs
+	dodoc "${FILESDIR}"/nsswitch.conf
+
+	if use sysv-utils; then
+		local app
+		for app in halt poweroff reboot runlevel shutdown telinit; do
+			dosym ../bin/systemctl /sbin/${app}
+		done
+		dosym ../lib/systemd/systemd /sbin/init
+	else
+		# we just keep sysvinit tools, so no need for the mans
+		rm "${ED%/}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
+			|| die
+		rm "${ED%/}"/usr/share/man/man1/init.1 || die
+	fi
+
+	# Preserve empty dirs in /etc & /var, bug #437008
+	keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+	keepdir /etc/systemd/{ntp-units.d,user} /var/lib/systemd
+	keepdir /etc/udev/{hwdb.d,rules.d}
+	keepdir /var/log/journal/remote
+
+	# Symlink /etc/sysctl.conf for easy migration.
+	dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
+
+	# If we install these symlinks, there is no way for the sysadmin to remove them
+	# permanently.
+	rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
+	rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.network1.service || die
+	rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
+	rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.resolve1.service || die
+	rm -fr "${ED%/}"/etc/systemd/system/network-online.target.wants || die
+	rm -fr "${ED%/}"/etc/systemd/system/sockets.target.wants || die
+	rm -fr "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
+
+	local udevdir=/lib/udev
+	use usrmerge && udevdir=/usr/lib/udev
+
+	rm -r "${ED%/}${udevdir}/hwdb.d" || die
+
+	if ! use usrmerge; then
+		# Avoid breaking boot/reboot
+		dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
+		dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
+	fi
+}
+
+migrate_locale() {
+	local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
+	local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
+	local locale_conf="${EROOT%/}/etc/locale.conf"
+
+	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+		# If locale.conf does not exist...
+		if [[ -e ${envd_locale} ]]; then
+			# ...either copy env.d/??locale if there's one
+			ebegin "Moving ${envd_locale} to ${locale_conf}"
+			mv "${envd_locale}" "${locale_conf}"
+			eend ${?} || FAIL=1
+		else
+			# ...or create a dummy default
+			ebegin "Creating ${locale_conf}"
+			cat > "${locale_conf}" <<-EOF
+				# This file has been created by the sys-apps/systemd ebuild.
+				# See locale.conf(5) and localectl(1).
+
+				# LANG=${LANG}
+			EOF
+			eend ${?} || FAIL=1
+		fi
+	fi
+
+	if [[ ! -L ${envd_locale} ]]; then
+		# now, if env.d/??locale is not a symlink (to locale.conf)...
+		if [[ -e ${envd_locale} ]]; then
+			# ...warn the user that he has duplicate locale settings
+			ewarn
+			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+			ewarn "and create the symlink with the following command:"
+			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+			ewarn
+		else
+			# ...or just create the symlink if there's nothing here
+			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+			ln -n -s ../locale.conf "${envd_locale_def}"
+			eend ${?} || FAIL=1
+		fi
+	fi
+}
+
+pkg_postinst() {
+	newusergroup() {
+		enewgroup "$1"
+		enewuser "$1" -1 -1 -1 "$1"
+	}
+
+	enewgroup input
+	enewgroup kvm 78
+	enewgroup render
+	enewgroup systemd-journal
+	newusergroup systemd-bus-proxy
+	newusergroup systemd-coredump
+	newusergroup systemd-journal-gateway
+	newusergroup systemd-journal-remote
+	newusergroup systemd-journal-upload
+	newusergroup systemd-network
+	newusergroup systemd-resolve
+	newusergroup systemd-timesync
+
+	systemd_update_catalog
+
+	# Keep this here in case the database format changes so it gets updated
+	# when required. Despite that this file is owned by sys-apps/hwids.
+	if has_version "sys-apps/hwids[udev]"; then
+		udevadm hwdb --update --root="${EROOT%/}"
+	fi
+
+	udev_reload || FAIL=1
+
+	# Bug 465468, make sure locales are respect, and ensure consistency
+	# between OpenRC & systemd
+	migrate_locale
+
+	systemd_reenable systemd-networkd.service systemd-resolved.service
+
+	if [[ ${FAIL} ]]; then
+		eerror "One of the postinst commands failed. Please check the postinst output"
+		eerror "for errors. You may need to clean up your system and/or try installing"
+		eerror "systemd again."
+		eerror
+	fi
+}
+
+pkg_prerm() {
+	# If removing systemd completely, remove the catalog database.
+	if [[ ! ${REPLACED_BY_VERSION} ]]; then
+		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+	fi
+}


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2018-02-08 17:17 Jason Donenfeld
  0 siblings, 0 replies; 65+ messages in thread
From: Jason Donenfeld @ 2018-02-08 17:17 UTC (permalink / raw
  To: gentoo-commits

commit:     701d8158f31d695a453704b1b8f8f03bda93a39f
Author:     Jason A. Donenfeld <zx2c4 <AT> gentoo <DOT> org>
AuthorDate: Thu Feb  8 17:16:49 2018 +0000
Commit:     Jason Donenfeld <zx2c4 <AT> gentoo <DOT> org>
CommitDate: Thu Feb  8 17:17:18 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=701d8158

sys-apps/systemd: show proper networkctl display type

Upstream commit:
https://github.com/systemd/systemd/commit/3b8f29fd93899c4876a6ef53f9bcb6b40e1c98e7

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 .../files/237-0001-networkctl-display-type.patch   | 266 +++++++++++++++++++++
 ...systemd-237-r1.ebuild => systemd-237-r2.ebuild} |   1 +
 2 files changed, 267 insertions(+)

diff --git a/sys-apps/systemd/files/237-0001-networkctl-display-type.patch b/sys-apps/systemd/files/237-0001-networkctl-display-type.patch
new file mode 100644
index 00000000000..e29cf2206aa
--- /dev/null
+++ b/sys-apps/systemd/files/237-0001-networkctl-display-type.patch
@@ -0,0 +1,266 @@
+From a18461bc7d446f8e130e9276de4397d00059267f Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Mon, 29 Jan 2018 20:58:24 +0100
+Subject: [PATCH 1/4] networkd: display wireguard devtype
+
+It's not useful to simply show "none", when we have more interesting
+information to display.
+
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+---
+ src/network/networkctl.c | 22 +++++++++++++++-------
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/src/network/networkctl.c b/src/network/networkctl.c
+index 59ce098cd1..6ce00dff6d 100644
+--- a/src/network/networkctl.c
++++ b/src/network/networkctl.c
+@@ -62,18 +62,26 @@ static int link_get_type_string(unsigned short iftype, sd_device *d, char **ret)
+ 
+         assert(ret);
+ 
+-        if (iftype == ARPHRD_ETHER && d) {
++        if (d) {
+                 const char *devtype = NULL, *id = NULL;
++
++                (void) sd_device_get_devtype(d, &devtype);
++
+                 /* WLANs have iftype ARPHRD_ETHER, but we want
+                  * to show a more useful type string for
+                  * them */
++                if (iftype == ARPHRD_ETHER) {
++                        if (streq_ptr(devtype, "wlan"))
++                                id = "wlan";
++                        else if (streq_ptr(devtype, "wwan"))
++                                id = "wwan";
++                }
+ 
+-                (void) sd_device_get_devtype(d, &devtype);
+-
+-                if (streq_ptr(devtype, "wlan"))
+-                        id = "wlan";
+-                else if (streq_ptr(devtype, "wwan"))
+-                        id = "wwan";
++                /* Likewise, WireGuard has iftype ARPHRD_NONE,
++                 * since it's layer 3, but we of course want
++                 * something more useful than that. */
++                if (iftype == ARPHRD_NONE && streq_ptr(devtype, "wireguard"))
++                        id = "wireguard";
+ 
+                 if (id) {
+                         p = strdup(id);
+
+From f119082e7a1ccfbf50c30a99819b6e303cdf09a1 Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Mon, 29 Jan 2018 21:01:46 +0100
+Subject: [PATCH 2/4] networkd: simplify and display all devtypes
+
+Every place the kernel actually calls SET_NETDEV_DEVTYPE, it's adding a
+piece of information that looks useful and relevant for us to use. So
+let's use it when it's there.
+
+The previous matching based on the corresponding ARPHRD didn't really
+make much sense. The more sensible logic for getting a textual
+representation of the link type is to see if the kernel supplies a
+devtype. If it does, great. If not, then we can fall back on the ARPHRD,
+as before.
+
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+---
+ src/network/networkctl.c | 23 +++--------------------
+ 1 file changed, 3 insertions(+), 20 deletions(-)
+
+diff --git a/src/network/networkctl.c b/src/network/networkctl.c
+index 6ce00dff6d..8a08304240 100644
+--- a/src/network/networkctl.c
++++ b/src/network/networkctl.c
+@@ -63,28 +63,11 @@ static int link_get_type_string(unsigned short iftype, sd_device *d, char **ret)
+         assert(ret);
+ 
+         if (d) {
+-                const char *devtype = NULL, *id = NULL;
++                const char *devtype = NULL;
+ 
+                 (void) sd_device_get_devtype(d, &devtype);
+-
+-                /* WLANs have iftype ARPHRD_ETHER, but we want
+-                 * to show a more useful type string for
+-                 * them */
+-                if (iftype == ARPHRD_ETHER) {
+-                        if (streq_ptr(devtype, "wlan"))
+-                                id = "wlan";
+-                        else if (streq_ptr(devtype, "wwan"))
+-                                id = "wwan";
+-                }
+-
+-                /* Likewise, WireGuard has iftype ARPHRD_NONE,
+-                 * since it's layer 3, but we of course want
+-                 * something more useful than that. */
+-                if (iftype == ARPHRD_NONE && streq_ptr(devtype, "wireguard"))
+-                        id = "wireguard";
+-
+-                if (id) {
+-                        p = strdup(id);
++                if (!isempty(devtype)) {
++                        p = strdup(devtype);
+                         if (!p)
+                                 return -ENOMEM;
+ 
+
+From fdce7817b9a27a370c01b7dd9da6a84fcae1038e Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Mon, 29 Jan 2018 21:05:36 +0100
+Subject: [PATCH 3/4] networkd: clean up link_get_type_string
+
+The return value is always ignored, so get rid of it.
+
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+---
+ src/network/networkctl.c | 16 +++++++---------
+ 1 file changed, 7 insertions(+), 9 deletions(-)
+
+diff --git a/src/network/networkctl.c b/src/network/networkctl.c
+index 8a08304240..7b33e0db17 100644
+--- a/src/network/networkctl.c
++++ b/src/network/networkctl.c
+@@ -56,7 +56,7 @@ static bool arg_no_pager = false;
+ static bool arg_legend = true;
+ static bool arg_all = false;
+ 
+-static int link_get_type_string(unsigned short iftype, sd_device *d, char **ret) {
++static void link_get_type_string(unsigned short iftype, sd_device *d, char **ret) {
+         const char *t;
+         char *p;
+ 
+@@ -69,27 +69,25 @@ static int link_get_type_string(unsigned short iftype, sd_device *d, char **ret)
+                 if (!isempty(devtype)) {
+                         p = strdup(devtype);
+                         if (!p)
+-                                return -ENOMEM;
++                                return;
+ 
+                         *ret = p;
+-                        return 1;
++                        return;
+                 }
+         }
+ 
+         t = arphrd_to_name(iftype);
+         if (!t) {
+                 *ret = NULL;
+-                return 0;
++                return;
+         }
+ 
+         p = strdup(t);
+         if (!p)
+-                return -ENOMEM;
++                return;
+ 
+         ascii_strlower(p);
+         *ret = p;
+-
+-        return 0;
+ }
+ 
+ static void operational_state_to_color(const char *state, const char **on, const char **off) {
+@@ -314,7 +312,7 @@ static int list_links(int argc, char *argv[], void *userdata) {
+                 xsprintf(devid, "n%i", links[i].ifindex);
+                 (void) sd_device_new_from_device_id(&d, devid);
+ 
+-                (void) link_get_type_string(links[i].iftype, d, &t);
++                link_get_type_string(links[i].iftype, d, &t);
+ 
+                 printf("%3i %-16s %-18s %s%-11s%s %s%-10s%s\n",
+                        links[i].ifindex, links[i].name, strna(t),
+@@ -807,7 +805,7 @@ static int link_status_one(
+                         (void) sd_device_get_property_value(d, "ID_MODEL", &model);
+         }
+ 
+-        (void) link_get_type_string(info->iftype, d, &t);
++        link_get_type_string(info->iftype, d, &t);
+ 
+         (void) sd_network_link_get_network_file(info->ifindex, &network);
+ 
+
+From b55822c349d3e0559c1efc7475fd0f74cf086453 Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Mon, 29 Jan 2018 21:08:39 +0100
+Subject: [PATCH 4/4] networkd: clean up link_get_type_string returns
+
+It's cleaner and more consistent to actually return what we were
+planning on returning.
+
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+---
+ src/network/networkctl.c | 28 +++++++++-------------------
+ 1 file changed, 9 insertions(+), 19 deletions(-)
+
+diff --git a/src/network/networkctl.c b/src/network/networkctl.c
+index 7b33e0db17..14d8ecb03f 100644
+--- a/src/network/networkctl.c
++++ b/src/network/networkctl.c
+@@ -56,38 +56,28 @@ static bool arg_no_pager = false;
+ static bool arg_legend = true;
+ static bool arg_all = false;
+ 
+-static void link_get_type_string(unsigned short iftype, sd_device *d, char **ret) {
++static char *link_get_type_string(unsigned short iftype, sd_device *d) {
+         const char *t;
+         char *p;
+ 
+-        assert(ret);
+-
+         if (d) {
+                 const char *devtype = NULL;
+ 
+                 (void) sd_device_get_devtype(d, &devtype);
+-                if (!isempty(devtype)) {
+-                        p = strdup(devtype);
+-                        if (!p)
+-                                return;
+-
+-                        *ret = p;
+-                        return;
+-                }
++                if (!isempty(devtype))
++                        return strdup(devtype);
+         }
+ 
+         t = arphrd_to_name(iftype);
+-        if (!t) {
+-                *ret = NULL;
+-                return;
+-        }
++        if (!t)
++                return NULL;
+ 
+         p = strdup(t);
+         if (!p)
+-                return;
++                return NULL;
+ 
+         ascii_strlower(p);
+-        *ret = p;
++        return p;
+ }
+ 
+ static void operational_state_to_color(const char *state, const char **on, const char **off) {
+@@ -312,7 +302,7 @@ static int list_links(int argc, char *argv[], void *userdata) {
+                 xsprintf(devid, "n%i", links[i].ifindex);
+                 (void) sd_device_new_from_device_id(&d, devid);
+ 
+-                link_get_type_string(links[i].iftype, d, &t);
++                t = link_get_type_string(links[i].iftype, d);
+ 
+                 printf("%3i %-16s %-18s %s%-11s%s %s%-10s%s\n",
+                        links[i].ifindex, links[i].name, strna(t),
+@@ -805,7 +795,7 @@ static int link_status_one(
+                         (void) sd_device_get_property_value(d, "ID_MODEL", &model);
+         }
+ 
+-        link_get_type_string(info->iftype, d, &t);
++        t = link_get_type_string(info->iftype, d);
+ 
+         (void) sd_network_link_get_network_file(info->ifindex, &network);
+ 

diff --git a/sys-apps/systemd/systemd-237-r1.ebuild b/sys-apps/systemd/systemd-237-r2.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-237-r1.ebuild
rename to sys-apps/systemd/systemd-237-r2.ebuild
index 97ed32eebe7..71abd1c3359 100644
--- a/sys-apps/systemd/systemd-237-r1.ebuild
+++ b/sys-apps/systemd/systemd-237-r2.ebuild
@@ -148,6 +148,7 @@ src_unpack() {
 
 src_prepare() {
 	local PATCHES=(
+		"${FILESDIR}/237-0001-networkctl-display-type.patch"
 	)
 
 	[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2017-12-19  2:01 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2017-12-19  2:01 UTC (permalink / raw
  To: gentoo-commits

commit:     c6bf76a0c3f92c9f9d450357e7ee08098cc7988d
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Dec 18 22:41:25 2017 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Tue Dec 19 02:01:31 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c6bf76a0

sys-apps/systemd: backport crypsetup-generator fix

Closes: https://bugs.gentoo.org/641380
Package-Manager: Portage-2.3.19_p1, Repoman-2.3.6_p35

 ...generator-Don-t-mistake-NULL-input-as-OOM.patch | 49 ++++++++++++++++++++++
 .../{systemd-236.ebuild => systemd-236-r1.ebuild}  |  1 +
 2 files changed, 50 insertions(+)

diff --git a/sys-apps/systemd/files/236-0001-cryptsetup-generator-Don-t-mistake-NULL-input-as-OOM.patch b/sys-apps/systemd/files/236-0001-cryptsetup-generator-Don-t-mistake-NULL-input-as-OOM.patch
new file mode 100644
index 00000000000..d1c451835e3
--- /dev/null
+++ b/sys-apps/systemd/files/236-0001-cryptsetup-generator-Don-t-mistake-NULL-input-as-OOM.patch
@@ -0,0 +1,49 @@
+From 357ffd95294e1f9a1e91f8ca01213fb7db2b7614 Mon Sep 17 00:00:00 2001
+From: Jan Alexander Steffens <jan.steffens@gmail.com>
+Date: Mon, 18 Dec 2017 14:47:18 +0100
+Subject: [PATCH] cryptsetup-generator: Don't mistake NULL input as OOM (#7688)
+
+Since systemd v236, several Arch users complained that
+systemd-cryptsetup-generator exits with an OOM error and that it
+prevents the boot from continuing.
+
+Investigating the diff of cryptsetup-generator between v235 and v236 I
+noticed that create_disk allowed for the `password` and `filtered`
+variables to be NULL (they're handled with `strempty()`) but not their
+`*_escaped` versions, and returned OOM errors in those cases.
+
+Fix this by checking that the input string is non-NULL before deciding
+that `specifier_escape` had an OOM error.
+
+I could not test this fix myself, but some users have reported success.
+
+Downstream bug: https://bugs.archlinux.org/task/56733
+---
+ src/cryptsetup/cryptsetup-generator.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
+index 7e61332e5..f91451353 100644
+--- a/src/cryptsetup/cryptsetup-generator.c
++++ b/src/cryptsetup/cryptsetup-generator.c
+@@ -111,7 +111,7 @@ static int create_disk(
+                 return log_error_errno(r, "Failed to generate unit name: %m");
+ 
+         password_escaped = specifier_escape(password);
+-        if (!password_escaped)
++        if (password && !password_escaped)
+                 return log_oom();
+ 
+         f = fopen(p, "wxe");
+@@ -184,7 +184,7 @@ static int create_disk(
+                 return r;
+ 
+         filtered_escaped = specifier_escape(filtered);
+-        if (!filtered_escaped)
++        if (filtered && !filtered_escaped)
+                 return log_oom();
+ 
+         fprintf(f,
+-- 
+2.15.1
+

diff --git a/sys-apps/systemd/systemd-236.ebuild b/sys-apps/systemd/systemd-236-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-236.ebuild
rename to sys-apps/systemd/systemd-236-r1.ebuild
index 8142a96390b..e70e61f3fc5 100644
--- a/sys-apps/systemd/systemd-236.ebuild
+++ b/sys-apps/systemd/systemd-236-r1.ebuild
@@ -148,6 +148,7 @@ src_unpack() {
 
 src_prepare() {
 	local PATCHES=(
+		"${FILESDIR}/236-0001-cryptsetup-generator-Don-t-mistake-NULL-input-as-OOM.patch"
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2017-12-17 19:03 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2017-12-17 19:03 UTC (permalink / raw
  To: gentoo-commits

commit:     092463dce935d035a73bc56fd2b9ba3a73862b31
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 17 19:00:46 2017 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Dec 17 19:03:15 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=092463dc

sys-apps/systemd: move patches for 233 to a tarball

Package-Manager: Portage-2.3.19_p1, Repoman-2.3.6_p35

 sys-apps/systemd/Manifest                          |   1 +
 ...ct-DM-interface-version-dependencies-5519.patch | 456 ---------------------
 ...ragment-refuse-units-with-errors-in-RootD.patch | 117 ------
 ...ragment-refuse-units-with-errors-in-certa.patch | 339 ---------------
 sys-apps/systemd/files/233-CVE-2017-9445.patch     | 149 -------
 sys-apps/systemd/files/233-format-warnings.patch   |  84 ----
 sys-apps/systemd/files/CVE-2017-9217.patch         |  28 --
 sys-apps/systemd/systemd-233-r6.ebuild             |   7 +-
 8 files changed, 2 insertions(+), 1179 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index ac065dd7613..78aba9661e6 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,4 +1,5 @@
 DIST systemd-233-man.tar.gz 31386 BLAKE2B e4947e658db3efeec6b5a6adf340d2cc8e8aff2a14db4932720f90c3dc898b1e78595db983948373a2e28191fb3b0aad234f80feb91ee8ae4b607a44038a9cae SHA512 cc5215d3590ffc3c9203a64c14d6adeb0148c421c1396b8c1e43dcb58763b687ce99bdee327dd8a00abab7198171e73b22109a3f2032e4cec6adf2dcc85acf40
+DIST systemd-233-patches.tar.gz 12553 BLAKE2B 5d19f2dc82cc6cbd9b2e9393f932dfa3c88a981358b282fe56d43cd432d0ee0c0245e9c13d5460b94d83908b84a382dad3348b999f2356ab3ef2ae2c542a867d SHA512 3081f4cf64542ba64a28fe2eff11d8040af42255eb99b5210db9d583fc4b4360a4a4bb8769a1e43d38474d69ead681974cb98d4605968b38f98fd3d9b40bf211
 DIST systemd-233.tar.gz 4660737 BLAKE2B 38cdd74543447b3c02391b328428fed169fe2cf2df6e9341dcaf2f7d3d977612ec102301e144c1cada90d61e9e9bda3b2faaef708c8ff4bd0b52b143760a83b2 SHA512 5ad5329ea116d973cf67096f7e7ad28e9ea0905696e9451291f1d25e5064f4a9bfcfae87e912996c6a38397e9f4a148d4ccecfa9b70f7ecdf04deadb61784c8e
 DIST systemd-235.tar.gz 6586406 BLAKE2B f2e46a6c51fc9445800c4b7eee66f23ae83b42c2fedf2304acf612e6cb99122afe67f1b93cf72ed022b52384975afb92ab38cfb4efc6026384602c973d2eb98e SHA512 243f2eb5340fa37dd1286eaa63e83387bda9e03953af266cd6196a37535a13491482caf14c6ab10608bba4ed23b6c41923608e52017e0c26988ed72ddd2b9993
 DIST systemd-236.tar.gz 6759035 BLAKE2B 0fc26bd67fb6cc3b0565c763fc26e38186c4b05c3d38652b73a2189dfbfb46382dba239f7f6f889eec57ad1d8f69d4098745c8f4ca16a707aa23b7771f2328f3 SHA512 1a9672960e03e05c09e41fb8cfe9b0f25e867fd43f37f8371515ddddfdbd4270afd746a6da733f6d1d3b2cc43db1ecc7a9f2245f2dac2ec233db74e9e70e4f6d

diff --git a/sys-apps/systemd/files/233-0001-Avoid-strict-DM-interface-version-dependencies-5519.patch b/sys-apps/systemd/files/233-0001-Avoid-strict-DM-interface-version-dependencies-5519.patch
deleted file mode 100644
index be41fc4ec22..00000000000
--- a/sys-apps/systemd/files/233-0001-Avoid-strict-DM-interface-version-dependencies-5519.patch
+++ /dev/null
@@ -1,456 +0,0 @@
-From dac3407f02116b94866224e0b5ecd46a5fa1c161 Mon Sep 17 00:00:00 2001
-From: Michael Biebl <mbiebl@gmail.com>
-Date: Thu, 2 Mar 2017 19:11:37 +0100
-Subject: [PATCH] Avoid strict DM interface version dependencies (#5519)
-
-Compiling against the dm-ioctl.h header as provided by the Linux kernel
-will embed the DM interface version number. Running an older kernel can
-result in an error like this on shutdown:
-
-Could not detach DM dm-11: ioctl mismatch, kernel(4.34.4), user(4.35.4)
-
-Work around this by shipping a local copy of dm-ioctl.h. We need at
-least the version from 3.13 for DM_DEFERRED_REMOVE [1], so bump the
-requirements in README accordingly.
-
-[1] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c140a246dc0bc085b98eddde978060fcec1080c
-
-Fixes: #5492
----
- Makefile.am                      |   1 +
- README                           |   2 +-
- src/core/umount.c                |   2 +-
- src/shared/dissect-image.c       |   2 +-
- src/shared/linux-3.13/dm-ioctl.h | 355 +++++++++++++++++++++++++++++++++++++++
- 5 files changed, 359 insertions(+), 3 deletions(-)
- create mode 100644 src/shared/linux-3.13/dm-ioctl.h
-
-diff --git a/Makefile.am b/Makefile.am
-index 2a5610740..65de9f16d 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -1018,6 +1018,7 @@ libshared_la_SOURCES = \
- 	src/shared/gpt.h \
- 	src/shared/udev-util.h \
- 	src/shared/linux/auto_dev-ioctl.h \
-+	src/shared/linux-3.13/dm-ioctl.h \
- 	src/shared/initreq.h \
- 	src/shared/dns-domain.c \
- 	src/shared/dns-domain.h \
-diff --git a/README b/README
-index a4a649395..30b5f7187 100644
---- a/README
-+++ b/README
-@@ -35,7 +35,7 @@ LICENSE:
-         - except src/udev/* which is (currently still) GPLv2, GPLv2+
- 
- REQUIREMENTS:
--        Linux kernel >= 3.12
-+        Linux kernel >= 3.13
-         Linux kernel >= 4.2 for unified cgroup hierarchy support
- 
-         Kernel Config Options:
-diff --git a/src/core/umount.c b/src/core/umount.c
-index 2f4b12bdb..454383e7e 100644
---- a/src/core/umount.c
-+++ b/src/core/umount.c
-@@ -19,7 +19,6 @@
- 
- #include <errno.h>
- #include <fcntl.h>
--#include <linux/dm-ioctl.h>
- #include <linux/loop.h>
- #include <string.h>
- #include <sys/mount.h>
-@@ -31,6 +30,7 @@
- #include "escape.h"
- #include "fd-util.h"
- #include "fstab-util.h"
-+#include "linux-3.13/dm-ioctl.h"
- #include "list.h"
- #include "mount-setup.h"
- #include "path-util.h"
-diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
-index 39e724c51..1c9d21566 100644
---- a/src/shared/dissect-image.c
-+++ b/src/shared/dissect-image.c
-@@ -20,7 +20,6 @@
- #ifdef HAVE_LIBCRYPTSETUP
- #include <libcryptsetup.h>
- #endif
--#include <linux/dm-ioctl.h>
- #include <sys/mount.h>
- 
- #include "architecture.h"
-@@ -32,6 +31,7 @@
- #include "fs-util.h"
- #include "gpt.h"
- #include "hexdecoct.h"
-+#include "linux-3.13/dm-ioctl.h"
- #include "mount-util.h"
- #include "path-util.h"
- #include "stat-util.h"
-diff --git a/src/shared/linux-3.13/dm-ioctl.h b/src/shared/linux-3.13/dm-ioctl.h
-new file mode 100644
-index 000000000..c8a430209
---- /dev/null
-+++ b/src/shared/linux-3.13/dm-ioctl.h
-@@ -0,0 +1,355 @@
-+/*
-+ * Copyright (C) 2001 - 2003 Sistina Software (UK) Limited.
-+ * Copyright (C) 2004 - 2009 Red Hat, Inc. All rights reserved.
-+ *
-+ * This file is released under the LGPL.
-+ */
-+
-+#ifndef _LINUX_DM_IOCTL_V4_H
-+#define _LINUX_DM_IOCTL_V4_H
-+
-+#include <linux/types.h>
-+
-+#define DM_DIR "mapper"		/* Slashes not supported */
-+#define DM_CONTROL_NODE "control"
-+#define DM_MAX_TYPE_NAME 16
-+#define DM_NAME_LEN 128
-+#define DM_UUID_LEN 129
-+
-+/*
-+ * A traditional ioctl interface for the device mapper.
-+ *
-+ * Each device can have two tables associated with it, an
-+ * 'active' table which is the one currently used by io passing
-+ * through the device, and an 'inactive' one which is a table
-+ * that is being prepared as a replacement for the 'active' one.
-+ *
-+ * DM_VERSION:
-+ * Just get the version information for the ioctl interface.
-+ *
-+ * DM_REMOVE_ALL:
-+ * Remove all dm devices, destroy all tables.  Only really used
-+ * for debug.
-+ *
-+ * DM_LIST_DEVICES:
-+ * Get a list of all the dm device names.
-+ *
-+ * DM_DEV_CREATE:
-+ * Create a new device, neither the 'active' or 'inactive' table
-+ * slots will be filled.  The device will be in suspended state
-+ * after creation, however any io to the device will get errored
-+ * since it will be out-of-bounds.
-+ *
-+ * DM_DEV_REMOVE:
-+ * Remove a device, destroy any tables.
-+ *
-+ * DM_DEV_RENAME:
-+ * Rename a device or set its uuid if none was previously supplied.
-+ *
-+ * DM_SUSPEND:
-+ * This performs both suspend and resume, depending which flag is
-+ * passed in.
-+ * Suspend: This command will not return until all pending io to
-+ * the device has completed.  Further io will be deferred until
-+ * the device is resumed.
-+ * Resume: It is no longer an error to issue this command on an
-+ * unsuspended device.  If a table is present in the 'inactive'
-+ * slot, it will be moved to the active slot, then the old table
-+ * from the active slot will be _destroyed_.  Finally the device
-+ * is resumed.
-+ *
-+ * DM_DEV_STATUS:
-+ * Retrieves the status for the table in the 'active' slot.
-+ *
-+ * DM_DEV_WAIT:
-+ * Wait for a significant event to occur to the device.  This
-+ * could either be caused by an event triggered by one of the
-+ * targets of the table in the 'active' slot, or a table change.
-+ *
-+ * DM_TABLE_LOAD:
-+ * Load a table into the 'inactive' slot for the device.  The
-+ * device does _not_ need to be suspended prior to this command.
-+ *
-+ * DM_TABLE_CLEAR:
-+ * Destroy any table in the 'inactive' slot (ie. abort).
-+ *
-+ * DM_TABLE_DEPS:
-+ * Return a set of device dependencies for the 'active' table.
-+ *
-+ * DM_TABLE_STATUS:
-+ * Return the targets status for the 'active' table.
-+ *
-+ * DM_TARGET_MSG:
-+ * Pass a message string to the target at a specific offset of a device.
-+ *
-+ * DM_DEV_SET_GEOMETRY:
-+ * Set the geometry of a device by passing in a string in this format:
-+ *
-+ * "cylinders heads sectors_per_track start_sector"
-+ *
-+ * Beware that CHS geometry is nearly obsolete and only provided
-+ * for compatibility with dm devices that can be booted by a PC
-+ * BIOS.  See struct hd_geometry for range limits.  Also note that
-+ * the geometry is erased if the device size changes.
-+ */
-+
-+/*
-+ * All ioctl arguments consist of a single chunk of memory, with
-+ * this structure at the start.  If a uuid is specified any
-+ * lookup (eg. for a DM_INFO) will be done on that, *not* the
-+ * name.
-+ */
-+struct dm_ioctl {
-+	/*
-+	 * The version number is made up of three parts:
-+	 * major - no backward or forward compatibility,
-+	 * minor - only backwards compatible,
-+	 * patch - both backwards and forwards compatible.
-+	 *
-+	 * All clients of the ioctl interface should fill in the
-+	 * version number of the interface that they were
-+	 * compiled with.
-+	 *
-+	 * All recognised ioctl commands (ie. those that don't
-+	 * return -ENOTTY) fill out this field, even if the
-+	 * command failed.
-+	 */
-+	__u32 version[3];	/* in/out */
-+	__u32 data_size;	/* total size of data passed in
-+				 * including this struct */
-+
-+	__u32 data_start;	/* offset to start of data
-+				 * relative to start of this struct */
-+
-+	__u32 target_count;	/* in/out */
-+	__s32 open_count;	/* out */
-+	__u32 flags;		/* in/out */
-+
-+	/*
-+	 * event_nr holds either the event number (input and output) or the
-+	 * udev cookie value (input only).
-+	 * The DM_DEV_WAIT ioctl takes an event number as input.
-+	 * The DM_SUSPEND, DM_DEV_REMOVE and DM_DEV_RENAME ioctls
-+	 * use the field as a cookie to return in the DM_COOKIE
-+	 * variable with the uevents they issue.
-+	 * For output, the ioctls return the event number, not the cookie.
-+	 */
-+	__u32 event_nr;      	/* in/out */
-+	__u32 padding;
-+
-+	__u64 dev;		/* in/out */
-+
-+	char name[DM_NAME_LEN];	/* device name */
-+	char uuid[DM_UUID_LEN];	/* unique identifier for
-+				 * the block device */
-+	char data[7];		/* padding or data */
-+};
-+
-+/*
-+ * Used to specify tables.  These structures appear after the
-+ * dm_ioctl.
-+ */
-+struct dm_target_spec {
-+	__u64 sector_start;
-+	__u64 length;
-+	__s32 status;		/* used when reading from kernel only */
-+
-+	/*
-+	 * Location of the next dm_target_spec.
-+	 * - When specifying targets on a DM_TABLE_LOAD command, this value is
-+	 *   the number of bytes from the start of the "current" dm_target_spec
-+	 *   to the start of the "next" dm_target_spec.
-+	 * - When retrieving targets on a DM_TABLE_STATUS command, this value
-+	 *   is the number of bytes from the start of the first dm_target_spec
-+	 *   (that follows the dm_ioctl struct) to the start of the "next"
-+	 *   dm_target_spec.
-+	 */
-+	__u32 next;
-+
-+	char target_type[DM_MAX_TYPE_NAME];
-+
-+	/*
-+	 * Parameter string starts immediately after this object.
-+	 * Be careful to add padding after string to ensure correct
-+	 * alignment of subsequent dm_target_spec.
-+	 */
-+};
-+
-+/*
-+ * Used to retrieve the target dependencies.
-+ */
-+struct dm_target_deps {
-+	__u32 count;	/* Array size */
-+	__u32 padding;	/* unused */
-+	__u64 dev[0];	/* out */
-+};
-+
-+/*
-+ * Used to get a list of all dm devices.
-+ */
-+struct dm_name_list {
-+	__u64 dev;
-+	__u32 next;		/* offset to the next record from
-+				   the _start_ of this */
-+	char name[0];
-+};
-+
-+/*
-+ * Used to retrieve the target versions
-+ */
-+struct dm_target_versions {
-+        __u32 next;
-+        __u32 version[3];
-+
-+        char name[0];
-+};
-+
-+/*
-+ * Used to pass message to a target
-+ */
-+struct dm_target_msg {
-+	__u64 sector;	/* Device sector */
-+
-+	char message[0];
-+};
-+
-+/*
-+ * If you change this make sure you make the corresponding change
-+ * to dm-ioctl.c:lookup_ioctl()
-+ */
-+enum {
-+	/* Top level cmds */
-+	DM_VERSION_CMD = 0,
-+	DM_REMOVE_ALL_CMD,
-+	DM_LIST_DEVICES_CMD,
-+
-+	/* device level cmds */
-+	DM_DEV_CREATE_CMD,
-+	DM_DEV_REMOVE_CMD,
-+	DM_DEV_RENAME_CMD,
-+	DM_DEV_SUSPEND_CMD,
-+	DM_DEV_STATUS_CMD,
-+	DM_DEV_WAIT_CMD,
-+
-+	/* Table level cmds */
-+	DM_TABLE_LOAD_CMD,
-+	DM_TABLE_CLEAR_CMD,
-+	DM_TABLE_DEPS_CMD,
-+	DM_TABLE_STATUS_CMD,
-+
-+	/* Added later */
-+	DM_LIST_VERSIONS_CMD,
-+	DM_TARGET_MSG_CMD,
-+	DM_DEV_SET_GEOMETRY_CMD
-+};
-+
-+#define DM_IOCTL 0xfd
-+
-+#define DM_VERSION       _IOWR(DM_IOCTL, DM_VERSION_CMD, struct dm_ioctl)
-+#define DM_REMOVE_ALL    _IOWR(DM_IOCTL, DM_REMOVE_ALL_CMD, struct dm_ioctl)
-+#define DM_LIST_DEVICES  _IOWR(DM_IOCTL, DM_LIST_DEVICES_CMD, struct dm_ioctl)
-+
-+#define DM_DEV_CREATE    _IOWR(DM_IOCTL, DM_DEV_CREATE_CMD, struct dm_ioctl)
-+#define DM_DEV_REMOVE    _IOWR(DM_IOCTL, DM_DEV_REMOVE_CMD, struct dm_ioctl)
-+#define DM_DEV_RENAME    _IOWR(DM_IOCTL, DM_DEV_RENAME_CMD, struct dm_ioctl)
-+#define DM_DEV_SUSPEND   _IOWR(DM_IOCTL, DM_DEV_SUSPEND_CMD, struct dm_ioctl)
-+#define DM_DEV_STATUS    _IOWR(DM_IOCTL, DM_DEV_STATUS_CMD, struct dm_ioctl)
-+#define DM_DEV_WAIT      _IOWR(DM_IOCTL, DM_DEV_WAIT_CMD, struct dm_ioctl)
-+
-+#define DM_TABLE_LOAD    _IOWR(DM_IOCTL, DM_TABLE_LOAD_CMD, struct dm_ioctl)
-+#define DM_TABLE_CLEAR   _IOWR(DM_IOCTL, DM_TABLE_CLEAR_CMD, struct dm_ioctl)
-+#define DM_TABLE_DEPS    _IOWR(DM_IOCTL, DM_TABLE_DEPS_CMD, struct dm_ioctl)
-+#define DM_TABLE_STATUS  _IOWR(DM_IOCTL, DM_TABLE_STATUS_CMD, struct dm_ioctl)
-+
-+#define DM_LIST_VERSIONS _IOWR(DM_IOCTL, DM_LIST_VERSIONS_CMD, struct dm_ioctl)
-+
-+#define DM_TARGET_MSG	 _IOWR(DM_IOCTL, DM_TARGET_MSG_CMD, struct dm_ioctl)
-+#define DM_DEV_SET_GEOMETRY	_IOWR(DM_IOCTL, DM_DEV_SET_GEOMETRY_CMD, struct dm_ioctl)
-+
-+#define DM_VERSION_MAJOR	4
-+#define DM_VERSION_MINOR	27
-+#define DM_VERSION_PATCHLEVEL	0
-+#define DM_VERSION_EXTRA	"-ioctl (2013-10-30)"
-+
-+/* Status bits */
-+#define DM_READONLY_FLAG	(1 << 0) /* In/Out */
-+#define DM_SUSPEND_FLAG		(1 << 1) /* In/Out */
-+#define DM_PERSISTENT_DEV_FLAG	(1 << 3) /* In */
-+
-+/*
-+ * Flag passed into ioctl STATUS command to get table information
-+ * rather than current status.
-+ */
-+#define DM_STATUS_TABLE_FLAG	(1 << 4) /* In */
-+
-+/*
-+ * Flags that indicate whether a table is present in either of
-+ * the two table slots that a device has.
-+ */
-+#define DM_ACTIVE_PRESENT_FLAG   (1 << 5) /* Out */
-+#define DM_INACTIVE_PRESENT_FLAG (1 << 6) /* Out */
-+
-+/*
-+ * Indicates that the buffer passed in wasn't big enough for the
-+ * results.
-+ */
-+#define DM_BUFFER_FULL_FLAG	(1 << 8) /* Out */
-+
-+/*
-+ * This flag is now ignored.
-+ */
-+#define DM_SKIP_BDGET_FLAG	(1 << 9) /* In */
-+
-+/*
-+ * Set this to avoid attempting to freeze any filesystem when suspending.
-+ */
-+#define DM_SKIP_LOCKFS_FLAG	(1 << 10) /* In */
-+
-+/*
-+ * Set this to suspend without flushing queued ios.
-+ * Also disables flushing uncommitted changes in the thin target before
-+ * generating statistics for DM_TABLE_STATUS and DM_DEV_WAIT.
-+ */
-+#define DM_NOFLUSH_FLAG		(1 << 11) /* In */
-+
-+/*
-+ * If set, any table information returned will relate to the inactive
-+ * table instead of the live one.  Always check DM_INACTIVE_PRESENT_FLAG
-+ * is set before using the data returned.
-+ */
-+#define DM_QUERY_INACTIVE_TABLE_FLAG	(1 << 12) /* In */
-+
-+/*
-+ * If set, a uevent was generated for which the caller may need to wait.
-+ */
-+#define DM_UEVENT_GENERATED_FLAG	(1 << 13) /* Out */
-+
-+/*
-+ * If set, rename changes the uuid not the name.  Only permitted
-+ * if no uuid was previously supplied: an existing uuid cannot be changed.
-+ */
-+#define DM_UUID_FLAG			(1 << 14) /* In */
-+
-+/*
-+ * If set, all buffers are wiped after use. Use when sending
-+ * or requesting sensitive data such as an encryption key.
-+ */
-+#define DM_SECURE_DATA_FLAG		(1 << 15) /* In */
-+
-+/*
-+ * If set, a message generated output data.
-+ */
-+#define DM_DATA_OUT_FLAG		(1 << 16) /* Out */
-+
-+/*
-+ * If set with DM_DEV_REMOVE or DM_REMOVE_ALL this indicates that if
-+ * the device cannot be removed immediately because it is still in use
-+ * it should instead be scheduled for removal when it gets closed.
-+ *
-+ * On return from DM_DEV_REMOVE, DM_DEV_STATUS or other ioctls, this
-+ * flag indicates that the device is scheduled to be removed when it
-+ * gets closed.
-+ */
-+#define DM_DEFERRED_REMOVE		(1 << 17) /* In/Out */
-+
-+#endif				/* _LINUX_DM_IOCTL_H */
--- 
-2.12.0
-

diff --git a/sys-apps/systemd/files/233-0002-core-load-fragment-refuse-units-with-errors-in-RootD.patch b/sys-apps/systemd/files/233-0002-core-load-fragment-refuse-units-with-errors-in-RootD.patch
deleted file mode 100644
index fe30ef9ff61..00000000000
--- a/sys-apps/systemd/files/233-0002-core-load-fragment-refuse-units-with-errors-in-RootD.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From 433e7893c6c0f6cbc98d8911fc5149ee9beedb79 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Thu, 6 Jul 2017 13:54:42 -0400
-Subject: [PATCH 2/3] core/load-fragment: refuse units with errors in
- RootDirectory/RootImage/DynamicUser
-
-Behaviour of the service is completely different with the option off, so the
-service would probably mess up state on disk and do unexpected things.
----
- src/core/load-fragment-gperf.gperf.m4 |  6 +++---
- src/core/load-fragment.c              |  7 +++++--
- src/shared/conf-parser.c              | 16 +++++++++++-----
- 3 files changed, 19 insertions(+), 10 deletions(-)
-
-diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
-index cb9e6fea2..d0868bf40 100644
---- a/src/core/load-fragment-gperf.gperf.m4
-+++ b/src/core/load-fragment-gperf.gperf.m4
-@@ -18,8 +18,8 @@ struct ConfigPerfItem;
- m4_dnl Define the context options only once
- m4_define(`EXEC_CONTEXT_CONFIG_ITEMS',
- `$1.WorkingDirectory,            config_parse_working_directory,     0,                             offsetof($1, exec_context)
--$1.RootDirectory,                config_parse_unit_path_printf,      0,                             offsetof($1, exec_context.root_directory)
--$1.RootImage,                    config_parse_unit_path_printf,      0,                             offsetof($1, exec_context.root_image)
-+$1.RootDirectory,                config_parse_unit_path_printf,      true,                          offsetof($1, exec_context.root_directory)
-+$1.RootImage,                    config_parse_unit_path_printf,      true,                          offsetof($1, exec_context.root_image)
- $1.User,                         config_parse_user_group,            0,                             offsetof($1, exec_context.user)
- $1.Group,                        config_parse_user_group,            0,                             offsetof($1, exec_context.group)
- $1.SupplementaryGroups,          config_parse_user_group_strv,       0,                             offsetof($1, exec_context.supplementary_groups)
-@@ -35,7 +35,7 @@ $1.UMask,                        config_parse_mode,                  0,
- $1.Environment,                  config_parse_environ,               0,                             offsetof($1, exec_context.environment)
- $1.EnvironmentFile,              config_parse_unit_env_file,         0,                             offsetof($1, exec_context.environment_files)
- $1.PassEnvironment,              config_parse_pass_environ,          0,                             offsetof($1, exec_context.pass_environment)
--$1.DynamicUser,                  config_parse_bool,                  0,                             offsetof($1, exec_context.dynamic_user)
-+$1.DynamicUser,                  config_parse_bool,                  true,                          offsetof($1, exec_context.dynamic_user)
- $1.StandardInput,                config_parse_exec_input,            0,                             offsetof($1, exec_context)
- $1.StandardOutput,               config_parse_exec_output,           0,                             offsetof($1, exec_context)
- $1.StandardError,                config_parse_exec_output,           0,                             offsetof($1, exec_context)
-diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
-index 5b7471c0d..ae4ec5cf0 100644
---- a/src/core/load-fragment.c
-+++ b/src/core/load-fragment.c
-@@ -242,6 +242,7 @@ int config_parse_unit_path_printf(
-         _cleanup_free_ char *k = NULL;
-         Unit *u = userdata;
-         int r;
-+        bool fatal = ltype;
- 
-         assert(filename);
-         assert(lvalue);
-@@ -250,8 +251,10 @@ int config_parse_unit_path_printf(
- 
-         r = unit_full_printf(u, rvalue, &k);
-         if (r < 0) {
--                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers on %s, ignoring: %m", rvalue);
--                return 0;
-+                log_syntax(unit, LOG_ERR, filename, line, r,
-+                           "Failed to resolve unit specifiers on %s%s: %m",
-+                           fatal ? "" : ", ignoring", rvalue);
-+                return fatal ? -ENOEXEC : 0;
-         }
- 
-         return config_parse_path(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
-diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c
-index 265ac83dc..ffb905fb6 100644
---- a/src/shared/conf-parser.c
-+++ b/src/shared/conf-parser.c
-@@ -614,6 +614,7 @@ int config_parse_bool(const char* unit,
- 
-         int k;
-         bool *b = data;
-+        bool fatal = ltype;
- 
-         assert(filename);
-         assert(lvalue);
-@@ -622,8 +623,10 @@ int config_parse_bool(const char* unit,
- 
-         k = parse_boolean(rvalue);
-         if (k < 0) {
--                log_syntax(unit, LOG_ERR, filename, line, k, "Failed to parse boolean value, ignoring: %s", rvalue);
--                return 0;
-+                log_syntax(unit, LOG_ERR, filename, line, k,
-+                           "Failed to parse boolean value%s: %s",
-+                           fatal ? "" : ", ignoring", rvalue);
-+                return fatal ? -ENOEXEC : 0;
-         }
- 
-         *b = !!k;
-@@ -714,6 +717,7 @@ int config_parse_path(
-                 void *userdata) {
- 
-         char **s = data, *n;
-+        bool fatal = ltype;
- 
-         assert(filename);
-         assert(lvalue);
-@@ -722,12 +726,14 @@ int config_parse_path(
- 
-         if (!utf8_is_valid(rvalue)) {
-                 log_syntax_invalid_utf8(unit, LOG_ERR, filename, line, rvalue);
--                return 0;
-+                return fatal ? -ENOEXEC : 0;
-         }
- 
-         if (!path_is_absolute(rvalue)) {
--                log_syntax(unit, LOG_ERR, filename, line, 0, "Not an absolute path, ignoring: %s", rvalue);
--                return 0;
-+                log_syntax(unit, LOG_ERR, filename, line, 0,
-+                           "Not an absolute path%s: %s",
-+                           fatal ? "" : ", ignoring", rvalue);
-+                return fatal ? -ENOEXEC : 0;
-         }
- 
-         n = strdup(rvalue);
--- 
-2.13.2
-

diff --git a/sys-apps/systemd/files/233-0003-core-load-fragment-refuse-units-with-errors-in-certa.patch b/sys-apps/systemd/files/233-0003-core-load-fragment-refuse-units-with-errors-in-certa.patch
deleted file mode 100644
index 28961b4b1e3..00000000000
--- a/sys-apps/systemd/files/233-0003-core-load-fragment-refuse-units-with-errors-in-certa.patch
+++ /dev/null
@@ -1,339 +0,0 @@
-From f135524cd4cd6b71e7f6073b02389da30c6e94d9 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Thu, 6 Jul 2017 13:28:19 -0400
-Subject: [PATCH 3/3] core/load-fragment: refuse units with errors in certain
- directives
-
-If an error is encountered in any of the Exec* lines, WorkingDirectory,
-SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket
-units), User, or Group, refuse to load the unit. If the config stanza
-has support, ignore the failure if '-' is present.
-
-For those configuration directives, even if we started the unit, it's
-pretty likely that it'll do something unexpected (like write files
-in a wrong place, or with a wrong context, or run with wrong permissions,
-etc). It seems better to refuse to start the unit and have the admin
-clean up the configuration without giving the service a chance to mess
-up stuff.
-
-Note that all "security" options that restrict what the unit can do
-(Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*,
-PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are
-only supplementary, and are not always available depending on the architecture
-and compilation options, so unit authors have to make sure that the service
-runs correctly without them anyway.
-
-Fixes #6237, #6277.
----
- src/core/load-fragment.c  | 116 ++++++++++++++++++++++++++++------------------
- src/test/test-unit-file.c |  14 +++---
- 2 files changed, 78 insertions(+), 52 deletions(-)
-
-diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
-index ae4ec5cf0..f38240af3 100644
---- a/src/core/load-fragment.c
-+++ b/src/core/load-fragment.c
-@@ -637,26 +637,36 @@ int config_parse_exec(
- 
-                 r = unit_full_printf(u, f, &path);
-                 if (r < 0) {
--                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers on %s, ignoring: %m", f);
--                        return 0;
-+                        log_syntax(unit, LOG_ERR, filename, line, r,
-+                                   "Failed to resolve unit specifiers on %s%s: %m",
-+                                   f, ignore ? ", ignoring" : "");
-+                        return ignore ? 0 : -ENOEXEC;
-                 }
- 
-                 if (isempty(path)) {
-                         /* First word is either "-" or "@" with no command. */
--                        log_syntax(unit, LOG_ERR, filename, line, 0, "Empty path in command line, ignoring: \"%s\"", rvalue);
--                        return 0;
-+                        log_syntax(unit, LOG_ERR, filename, line, 0,
-+                                   "Empty path in command line%s: \"%s\"",
-+                                   ignore ? ", ignoring" : "", rvalue);
-+                        return ignore ? 0 : -ENOEXEC;
-                 }
-                 if (!string_is_safe(path)) {
--                        log_syntax(unit, LOG_ERR, filename, line, 0, "Executable path contains special characters, ignoring: %s", rvalue);
--                        return 0;
-+                        log_syntax(unit, LOG_ERR, filename, line, 0,
-+                                   "Executable path contains special characters%s: %s",
-+                                   ignore ? ", ignoring" : "", rvalue);
-+                        return ignore ? 0 : -ENOEXEC;
-                 }
-                 if (!path_is_absolute(path)) {
--                        log_syntax(unit, LOG_ERR, filename, line, 0, "Executable path is not absolute, ignoring: %s", rvalue);
--                        return 0;
-+                        log_syntax(unit, LOG_ERR, filename, line, 0,
-+                                   "Executable path is not absolute%s: %s",
-+                                   ignore ? ", ignoring" : "", rvalue);
-+                        return ignore ? 0 : -ENOEXEC;
-                 }
-                 if (endswith(path, "/")) {
--                        log_syntax(unit, LOG_ERR, filename, line, 0, "Executable path specifies a directory, ignoring: %s", rvalue);
--                        return 0;
-+                        log_syntax(unit, LOG_ERR, filename, line, 0,
-+                                   "Executable path specifies a directory%s: %s",
-+                                   ignore ? ", ignoring" : "", rvalue);
-+                        return ignore ? 0 : -ENOEXEC;
-                 }
- 
-                 if (!separate_argv0) {
-@@ -709,12 +719,14 @@ int config_parse_exec(
-                         if (r == 0)
-                                 break;
-                         if (r < 0)
--                                return 0;
-+                                return ignore ? 0 : -ENOEXEC;
- 
-                         r = unit_full_printf(u, word, &resolved);
-                         if (r < 0) {
--                                log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to resolve unit specifiers on %s, ignoring: %m", word);
--                                return 0;
-+                                log_syntax(unit, LOG_ERR, filename, line, r,
-+                                           "Failed to resolve unit specifiers on %s%s: %m",
-+                                           word, ignore ? ", ignoring" : "");
-+                                return ignore ? 0 : -ENOEXEC;
-                         }
- 
-                         if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
-@@ -725,8 +737,10 @@ int config_parse_exec(
-                 }
- 
-                 if (!n || !n[0]) {
--                        log_syntax(unit, LOG_ERR, filename, line, 0, "Empty executable name or zeroeth argument, ignoring: %s", rvalue);
--                        return 0;
-+                        log_syntax(unit, LOG_ERR, filename, line, 0,
-+                                   "Empty executable name or zeroeth argument%s: %s",
-+                                   ignore ? ", ignoring" : "", rvalue);
-+                        return ignore ? 0 : -ENOEXEC;
-                 }
- 
-                 nce = new0(ExecCommand, 1);
-@@ -1333,8 +1347,10 @@ int config_parse_exec_selinux_context(
- 
-         r = unit_full_printf(u, rvalue, &k);
-         if (r < 0) {
--                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve specifiers, ignoring: %m");
--                return 0;
-+                log_syntax(unit, LOG_ERR, filename, line, r,
-+                           "Failed to resolve specifiers%s: %m",
-+                           ignore ? ", ignoring" : "");
-+                return ignore ? 0 : -ENOEXEC;
-         }
- 
-         free(c->selinux_context);
-@@ -1381,8 +1397,10 @@ int config_parse_exec_apparmor_profile(
- 
-         r = unit_full_printf(u, rvalue, &k);
-         if (r < 0) {
--                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve specifiers, ignoring: %m");
--                return 0;
-+                log_syntax(unit, LOG_ERR, filename, line, r,
-+                           "Failed to resolve specifiers%s: %m",
-+                           ignore ? ", ignoring" : "");
-+                return ignore ? 0 : -ENOEXEC;
-         }
- 
-         free(c->apparmor_profile);
-@@ -1429,8 +1447,10 @@ int config_parse_exec_smack_process_label(
- 
-         r = unit_full_printf(u, rvalue, &k);
-         if (r < 0) {
--                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve specifiers, ignoring: %m");
--                return 0;
-+                log_syntax(unit, LOG_ERR, filename, line, r,
-+                           "Failed to resolve specifiers%s: %m",
-+                           ignore ? ", ignoring" : "");
-+                return ignore ? 0 : -ENOEXEC;
-         }
- 
-         free(c->smack_process_label);
-@@ -1648,19 +1668,19 @@ int config_parse_socket_service(
- 
-         r = unit_name_printf(UNIT(s), rvalue, &p);
-         if (r < 0) {
--                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve specifiers, ignoring: %s", rvalue);
--                return 0;
-+                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve specifiers: %s", rvalue);
-+                return -ENOEXEC;
-         }
- 
-         if (!endswith(p, ".service")) {
--                log_syntax(unit, LOG_ERR, filename, line, 0, "Unit must be of type service, ignoring: %s", rvalue);
--                return 0;
-+                log_syntax(unit, LOG_ERR, filename, line, 0, "Unit must be of type service: %s", rvalue);
-+                return -ENOEXEC;
-         }
- 
-         r = manager_load_unit(UNIT(s)->manager, p, NULL, &error, &x);
-         if (r < 0) {
--                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to load unit %s, ignoring: %s", rvalue, bus_error_message(&error, r));
--                return 0;
-+                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to load unit %s: %s", rvalue, bus_error_message(&error, r));
-+                return -ENOEXEC;
-         }
- 
-         unit_ref_set(&s->service, x);
-@@ -1911,13 +1931,13 @@ int config_parse_user_group(
- 
-                 r = unit_full_printf(u, rvalue, &k);
-                 if (r < 0) {
--                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
--                        return 0;
-+                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", rvalue);
-+                        return -ENOEXEC;
-                 }
- 
-                 if (!valid_user_group_name_or_id(k)) {
--                        log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID, ignoring: %s", k);
--                        return 0;
-+                        log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
-+                        return -ENOEXEC;
-                 }
- 
-                 n = k;
-@@ -1975,19 +1995,19 @@ int config_parse_user_group_strv(
-                 if (r == -ENOMEM)
-                         return log_oom();
-                 if (r < 0) {
--                        log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
--                        break;
-+                        log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax: %s", rvalue);
-+                        return -ENOEXEC;
-                 }
- 
-                 r = unit_full_printf(u, word, &k);
-                 if (r < 0) {
--                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", word);
--                        continue;
-+                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", word);
-+                        return -ENOEXEC;
-                 }
- 
-                 if (!valid_user_group_name_or_id(k)) {
--                        log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID, ignoring: %s", k);
--                        continue;
-+                        log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
-+                        return -ENOEXEC;
-                 }
- 
-                 r = strv_push(users, k);
-@@ -2146,25 +2166,28 @@ int config_parse_working_directory(
- 
-                 r = unit_full_printf(u, rvalue, &k);
-                 if (r < 0) {
--                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in working directory path '%s', ignoring: %m", rvalue);
--                        return 0;
-+                        log_syntax(unit, LOG_ERR, filename, line, r,
-+                                   "Failed to resolve unit specifiers in working directory path '%s'%s: %m",
-+                                   rvalue, missing_ok ? ", ignoring" : "");
-+                        return missing_ok ? 0 : -ENOEXEC;
-                 }
- 
-                 path_kill_slashes(k);
- 
-                 if (!utf8_is_valid(k)) {
-                         log_syntax_invalid_utf8(unit, LOG_ERR, filename, line, rvalue);
--                        return 0;
-+                        return missing_ok ? 0 : -ENOEXEC;
-                 }
- 
-                 if (!path_is_absolute(k)) {
--                        log_syntax(unit, LOG_ERR, filename, line, 0, "Working directory path '%s' is not absolute, ignoring.", rvalue);
--                        return 0;
-+                        log_syntax(unit, LOG_ERR, filename, line, 0,
-+                                   "Working directory path '%s' is not absolute%s.",
-+                                   rvalue, missing_ok ? ", ignoring" : "");
-+                        return missing_ok ? 0 : -ENOEXEC;
-                 }
- 
--                free_and_replace(c->working_directory, k);
--
-                 c->working_directory_home = false;
-+                free_and_replace(c->working_directory, k);
-         }
- 
-         c->working_directory_missing_ok = missing_ok;
-@@ -4444,8 +4467,11 @@ int unit_load_fragment(Unit *u) {
-                         return r;
- 
-                 r = load_from_path(u, k);
--                if (r < 0)
-+                if (r < 0) {
-+                        if (r == -ENOEXEC)
-+                                log_unit_notice(u, "Unit configuration has fatal error, unit will not be started.");
-                         return r;
-+                }
- 
-                 if (u->load_state == UNIT_STUB) {
-                         SET_FOREACH(t, u->names, i) {
-diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c
-index 12f48bf43..fd797b587 100644
---- a/src/test/test-unit-file.c
-+++ b/src/test/test-unit-file.c
-@@ -146,7 +146,7 @@ static void test_config_parse_exec(void) {
-         r = config_parse_exec(NULL, "fake", 4, "section", 1,
-                               "LValue", 0, "/RValue/ argv0 r1",
-                               &c, u);
--        assert_se(r == 0);
-+        assert_se(r == -ENOEXEC);
-         assert_se(c1->command_next == NULL);
- 
-         log_info("/* honour_argv0 */");
-@@ -161,7 +161,7 @@ static void test_config_parse_exec(void) {
-         r = config_parse_exec(NULL, "fake", 3, "section", 1,
-                               "LValue", 0, "@/RValue",
-                               &c, u);
--        assert_se(r == 0);
-+        assert_se(r == -ENOEXEC);
-         assert_se(c1->command_next == NULL);
- 
-         log_info("/* no command, whitespace only, reset */");
-@@ -220,7 +220,7 @@ static void test_config_parse_exec(void) {
-                               "-@/RValue argv0 r1 ; ; "
-                               "/goo/goo boo",
-                               &c, u);
--        assert_se(r >= 0);
-+        assert_se(r == -ENOEXEC);
-         c1 = c1->command_next;
-         check_execcommand(c1, "/RValue", "argv0", "r1", NULL, true);
- 
-@@ -374,7 +374,7 @@ static void test_config_parse_exec(void) {
-                 r = config_parse_exec(NULL, "fake", 4, "section", 1,
-                                       "LValue", 0, path,
-                                       &c, u);
--                assert_se(r == 0);
-+                assert_se(r == -ENOEXEC);
-                 assert_se(c1->command_next == NULL);
-         }
- 
-@@ -401,21 +401,21 @@ static void test_config_parse_exec(void) {
-         r = config_parse_exec(NULL, "fake", 4, "section", 1,
-                               "LValue", 0, "/path\\",
-                               &c, u);
--        assert_se(r == 0);
-+        assert_se(r == -ENOEXEC);
-         assert_se(c1->command_next == NULL);
- 
-         log_info("/* missing ending ' */");
-         r = config_parse_exec(NULL, "fake", 4, "section", 1,
-                               "LValue", 0, "/path 'foo",
-                               &c, u);
--        assert_se(r == 0);
-+        assert_se(r == -ENOEXEC);
-         assert_se(c1->command_next == NULL);
- 
-         log_info("/* missing ending ' with trailing backslash */");
-         r = config_parse_exec(NULL, "fake", 4, "section", 1,
-                               "LValue", 0, "/path 'foo\\",
-                               &c, u);
--        assert_se(r == 0);
-+        assert_se(r == -ENOEXEC);
-         assert_se(c1->command_next == NULL);
- 
-         log_info("/* invalid space between modifiers */");
--- 
-2.13.2
-

diff --git a/sys-apps/systemd/files/233-CVE-2017-9445.patch b/sys-apps/systemd/files/233-CVE-2017-9445.patch
deleted file mode 100644
index 22a366ceba0..00000000000
--- a/sys-apps/systemd/files/233-CVE-2017-9445.patch
+++ /dev/null
@@ -1,149 +0,0 @@
-From 29bb43cc46412366fc939c66331a916de07bfac4 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Sun, 18 Jun 2017 16:07:57 -0400
-Subject: [PATCH 1/4] resolved: simplify alloc size calculation
-
-The allocation size was calculated in a complicated way, and for values
-close to the page size we would actually allocate less than requested.
-
-Reported by Chris Coulson <chris.coulson@canonical.com>.
-
-CVE-2017-9445
----
- src/resolve/resolved-dns-packet.c | 8 +-------
- src/resolve/resolved-dns-packet.h | 2 --
- 2 files changed, 1 insertion(+), 9 deletions(-)
-
-diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
-index 652970284..2034e3c8c 100644
---- a/src/resolve/resolved-dns-packet.c
-+++ b/src/resolve/resolved-dns-packet.c
-@@ -47,13 +47,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
- 
-         assert(ret);
- 
--        if (mtu <= UDP_PACKET_HEADER_SIZE)
--                a = DNS_PACKET_SIZE_START;
--        else
--                a = mtu - UDP_PACKET_HEADER_SIZE;
--
--        if (a < DNS_PACKET_HEADER_SIZE)
--                a = DNS_PACKET_HEADER_SIZE;
-+        a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
- 
-         /* round up to next page size */
-         a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
-diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h
-index 2c92392e4..3abcaf8cf 100644
---- a/src/resolve/resolved-dns-packet.h
-+++ b/src/resolve/resolved-dns-packet.h
-@@ -66,8 +66,6 @@ struct DnsPacketHeader {
- /* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */
- #define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096
- 
--#define DNS_PACKET_SIZE_START 512
--
- struct DnsPacket {
-         int n_ref;
-         DnsProtocol protocol;
--- 
-2.13.1
-
-
-From cd3d8a7ebc01cd6913eaa9a591f7d606038a7588 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Tue, 27 Jun 2017 14:20:00 -0400
-Subject: [PATCH 2/4] resolved: do not allocate packets with minimum size
-
-dns_packet_new() is sometimes called with mtu == 0, and in that case we should
-allocate more than the absolute minimum (which is the dns packet header size),
-otherwise we have to resize immediately again after appending the first data to
-the packet.
-
-This partially reverts the previous commit.
----
- src/resolve/resolved-dns-packet.c | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
-index 2034e3c8c..9d806ab33 100644
---- a/src/resolve/resolved-dns-packet.c
-+++ b/src/resolve/resolved-dns-packet.c
-@@ -28,6 +28,9 @@
- 
- #define EDNS0_OPT_DO (1<<15)
- 
-+#define DNS_PACKET_SIZE_START 512
-+assert_cc(DNS_PACKET_SIZE_START > UDP_PACKET_HEADER_SIZE)
-+
- typedef struct DnsPacketRewinder {
-         DnsPacket *packet;
-         size_t saved_rindex;
-@@ -47,7 +50,14 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
- 
-         assert(ret);
- 
--        a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
-+        /* When dns_packet_new() is called with mtu == 0, allocate more than the
-+         * absolute minimum (which is the dns packet header size), to avoid
-+         * resizing immediately again after appending the first data to the packet.
-+         */
-+        if (mtu < UDP_PACKET_HEADER_SIZE)
-+                a = DNS_PACKET_SIZE_START;
-+        else
-+                a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
- 
-         /* round up to next page size */
-         a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
--- 
-2.13.1
-
-
-From a03fc1acd66d23e239f2545e9a6887c7d0aad7c5 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Tue, 27 Jun 2017 16:59:06 -0400
-Subject: [PATCH 3/4] resolved: define various packet sizes as unsigned
-
-This seems like the right thing to do, and apparently at least some compilers
-warn about signed/unsigned comparisons with DNS_PACKET_SIZE_MAX.
----
- src/resolve/resolved-dns-packet.c | 2 +-
- src/resolve/resolved-dns-packet.h | 6 +++---
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
-index 9d806ab33..e2285b440 100644
---- a/src/resolve/resolved-dns-packet.c
-+++ b/src/resolve/resolved-dns-packet.c
-@@ -28,7 +28,7 @@
- 
- #define EDNS0_OPT_DO (1<<15)
- 
--#define DNS_PACKET_SIZE_START 512
-+#define DNS_PACKET_SIZE_START 512u
- assert_cc(DNS_PACKET_SIZE_START > UDP_PACKET_HEADER_SIZE)
- 
- typedef struct DnsPacketRewinder {
-diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h
-index 3abcaf8cf..5dff272fd 100644
---- a/src/resolve/resolved-dns-packet.h
-+++ b/src/resolve/resolved-dns-packet.h
-@@ -58,13 +58,13 @@ struct DnsPacketHeader {
- /* The various DNS protocols deviate in how large a packet can grow,
-    but the TCP transport has a 16bit size field, hence that appears to
-    be the absolute maximum. */
--#define DNS_PACKET_SIZE_MAX 0xFFFF
-+#define DNS_PACKET_SIZE_MAX 0xFFFFu
- 
- /* RFC 1035 say 512 is the maximum, for classic unicast DNS */
--#define DNS_PACKET_UNICAST_SIZE_MAX 512
-+#define DNS_PACKET_UNICAST_SIZE_MAX 512u
- 
- /* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */
--#define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096
-+#define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096u
- 
- struct DnsPacket {
-         int n_ref;
--- 
-2.13.1

diff --git a/sys-apps/systemd/files/233-format-warnings.patch b/sys-apps/systemd/files/233-format-warnings.patch
deleted file mode 100644
index 7bb08f0a320..00000000000
--- a/sys-apps/systemd/files/233-format-warnings.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From 3e7d14d78c4d15ec7789299216cbf5c58e61547b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Sat, 3 Jun 2017 05:41:17 -0400
-Subject: [PATCH] sd-bus: silence format warnings in kdbus code (#6072)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The code is mostly correct, but gcc is trying to outsmart us, and emits a
-warning for a "llu vs lu" mismatch, even though they are the same size (on alpha):
-
-src/libsystemd/sd-bus/bus-control.c: In function ‘kernel_get_list’:
-src/libsystemd/sd-bus/bus-control.c:267:42: error: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64 {aka long unsigned int}’ [-Werror=format=]
-                         if (asprintf(&n, ":1.%llu", name->id) < 0) {
-                                          ^
-src/libsystemd/sd-bus/bus-control.c: In function ‘bus_get_name_creds_kdbus’:
-src/libsystemd/sd-bus/bus-control.c:714:47: error: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64 {aka long unsigned int}’ [-Werror=format=]
-                 if (asprintf(&c->unique_name, ":1.%llu", conn_info->id) < 0) {
-                                               ^
-This is hard to work around properly, because kdbus.h uses __u64 which is
-defined-differently-despite-being-the-same-size then uint64_t. Thus the simple
-solution of using %PRIu64 fails on amd64:
-
-src/libsystemd/sd-bus/bus-control.c:714:47: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘__u64 {aka long long unsigned int}’ [-Werror=format=]
-                 if (asprintf(&c->unique_name, ":1.%"PRIu64, conn_info->id) < 0) {
-                                               ^~~~~~
-
-Let's just avoid the whole issue for now by silencing the warning.
-After the next release, we should just get rid of the kdbus code.
-
-Fixes #5561.
----
- src/libsystemd/sd-bus/bus-control.c | 6 ++++++
- src/libsystemd/sd-bus/bus-kernel.c  | 2 ++
- 2 files changed, 8 insertions(+)
-
-diff --git a/src/libsystemd/sd-bus/bus-control.c b/src/libsystemd/sd-bus/bus-control.c
-index 9e58ffbd8..303ae0f23 100644
---- a/src/libsystemd/sd-bus/bus-control.c
-+++ b/src/libsystemd/sd-bus/bus-control.c
-@@ -264,10 +264,13 @@ static int kernel_get_list(sd_bus *bus, uint64_t flags, char ***x) {
-                 if ((flags & KDBUS_LIST_UNIQUE) && name->id != previous_id && !(name->flags & KDBUS_HELLO_ACTIVATOR)) {
-                         char *n;
- 
-+#pragma GCC diagnostic push
-+#pragma GCC diagnostic ignored "-Wformat"
-                         if (asprintf(&n, ":1.%llu", name->id) < 0) {
-                                 r = -ENOMEM;
-                                 goto fail;
-                         }
-+#pragma GCC diagnostic pop
- 
-                         r = strv_consume(x, n);
-                         if (r < 0)
-@@ -711,10 +714,13 @@ int bus_get_name_creds_kdbus(
-         }
- 
-         if (mask & SD_BUS_CREDS_UNIQUE_NAME) {
-+#pragma GCC diagnostic push
-+#pragma GCC diagnostic ignored "-Wformat"
-                 if (asprintf(&c->unique_name, ":1.%llu", conn_info->id) < 0) {
-                         r = -ENOMEM;
-                         goto fail;
-                 }
-+#pragma GCC diagnostic pop
- 
-                 c->mask |= SD_BUS_CREDS_UNIQUE_NAME;
-         }
-diff --git a/src/libsystemd/sd-bus/bus-kernel.c b/src/libsystemd/sd-bus/bus-kernel.c
-index c82caeb3f..ca6aee7c0 100644
---- a/src/libsystemd/sd-bus/bus-kernel.c
-+++ b/src/libsystemd/sd-bus/bus-kernel.c
-@@ -51,6 +51,8 @@
- #include "user-util.h"
- #include "util.h"
- 
-+#pragma GCC diagnostic ignored "-Wformat"
-+
- #define UNIQUE_NAME_MAX (3+DECIMAL_STR_MAX(uint64_t))
- 
- int bus_kernel_parse_unique_name(const char *s, uint64_t *id) {
--- 
-2.13.2
-

diff --git a/sys-apps/systemd/files/CVE-2017-9217.patch b/sys-apps/systemd/files/CVE-2017-9217.patch
deleted file mode 100644
index 68d0f36d491..00000000000
--- a/sys-apps/systemd/files/CVE-2017-9217.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From a924f43f30f9c4acaf70618dd2a055f8b0f166be Mon Sep 17 00:00:00 2001
-From: Evgeny Vereshchagin <evvers@ya.ru>
-Date: Wed, 24 May 2017 08:56:48 +0300
-Subject: [PATCH] resolved: bugfix of null pointer p->question dereferencing
- (#6020)
-
-See https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396
----
- src/resolve/resolved-dns-packet.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
-index 652970284..240ee448f 100644
---- a/src/resolve/resolved-dns-packet.c
-+++ b/src/resolve/resolved-dns-packet.c
-@@ -2269,6 +2269,9 @@ int dns_packet_is_reply_for(DnsPacket *p, const DnsResourceKey *key) {
-         if (r < 0)
-                 return r;
- 
-+        if (!p->question)
-+                return 0;
-+
-         if (p->question->n_keys != 1)
-                 return 0;
- 
--- 
-2.15.0.rc2
-

diff --git a/sys-apps/systemd/systemd-233-r6.ebuild b/sys-apps/systemd/systemd-233-r6.ebuild
index 42b0a4eb4c6..de147be79bd 100644
--- a/sys-apps/systemd/systemd-233-r6.ebuild
+++ b/sys-apps/systemd/systemd-233-r6.ebuild
@@ -8,6 +8,7 @@ if [[ ${PV} == 9999 ]]; then
 	inherit git-r3
 else
 	SRC_URI="https://github.com/systemd/systemd/archive/v${PV}.tar.gz -> ${P}.tar.gz
+		https://dev.gentoo.org/~floppym/dist/${P}-patches.tar.gz
 		!doc? ( https://dev.gentoo.org/~floppym/dist/${P}-man.tar.gz )"
 	KEYWORDS="alpha amd64 arm ~arm64 ia64 ppc ppc64 ~sparc x86"
 fi
@@ -153,13 +154,7 @@ src_prepare() {
 	sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
 
 	local PATCHES=(
-		"${FILESDIR}/233-0001-Avoid-strict-DM-interface-version-dependencies-5519.patch"
-		"${FILESDIR}/233-CVE-2017-9445.patch"
-		"${FILESDIR}/233-format-warnings.patch"
-		"${FILESDIR}/233-0002-core-load-fragment-refuse-units-with-errors-in-RootD.patch"
-		"${FILESDIR}/233-0003-core-load-fragment-refuse-units-with-errors-in-certa.patch"
 		"${FILESDIR}/CVE-2017-15908.patch"
-		"${FILESDIR}/CVE-2017-9217.patch"
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2017-11-19 20:09 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2017-11-19 20:09 UTC (permalink / raw
  To: gentoo-commits

commit:     e80e2c2f3c1d692f8b7c8c584ab1a517f9624313
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 19 20:09:16 2017 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Nov 19 20:09:16 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e80e2c2f

sys-apps/systemd: update uucp group patch

Package-Manager: Portage-2.3.14_p5, Repoman-2.3.6

 sys-apps/systemd/files/236-uucp-group.patch | 11 +++++++++++
 sys-apps/systemd/systemd-9999.ebuild        |  2 +-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/sys-apps/systemd/files/236-uucp-group.patch b/sys-apps/systemd/files/236-uucp-group.patch
new file mode 100644
index 00000000000..9c53b8b18ab
--- /dev/null
+++ b/sys-apps/systemd/files/236-uucp-group.patch
@@ -0,0 +1,11 @@
+--- a/rules/50-udev-default.rules.in
++++ b/rules/50-udev-default.rules.in
+@@ -22,7 +22,7 @@
+ SUBSYSTEM=="tty", KERNEL=="ttysclp[0-9]*", GROUP="tty", MODE="0620"
+ SUBSYSTEM=="tty", KERNEL=="3270/tty[0-9]*", GROUP="tty", MODE="0620"
+ SUBSYSTEM=="vc", KERNEL=="vcs*|vcsa*", GROUP="tty"
+-KERNEL=="tty[A-Z]*[0-9]|ttymxc[0-9]*|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", GROUP="dialout"
++KERNEL=="tty[A-Z]*[0-9]|ttymxc[0-9]*|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", GROUP="uucp"
+ 
+ SUBSYSTEM=="mem", KERNEL=="mem|kmem|port", GROUP="kmem", MODE="0640"
+ 

diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 9f58ed53ab2..8256350c5e1 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -155,7 +155,7 @@ src_prepare() {
 			"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
 			"${FILESDIR}/228-noclean-tmp.patch"
 			"${FILESDIR}/233-systemd-user-pam.patch"
-			"${FILESDIR}/234-uucp-group.patch"
+			"${FILESDIR}/236-uucp-group.patch"
 			"${FILESDIR}/generator-path.patch"
 		)
 	fi


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2017-10-26 21:37 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2017-10-26 21:37 UTC (permalink / raw
  To: gentoo-commits

commit:     06c2355e8eca30994fa0416793e2e04efd652c41
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Oct 26 21:36:27 2017 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Oct 26 21:36:45 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06c2355e

sys-apps/systemd: backport fix for CVE-2017-15908

Bug: https://bugs.gentoo.org/635514
Package-Manager: Portage-2.3.11_p4, Repoman-2.3.3_p62

 sys-apps/systemd/files/CVE-2017-15908.patch        |  39 +++
 .../{systemd-235.ebuild => systemd-233-r5.ebuild}  | 313 +++++++++++----------
 .../{systemd-235.ebuild => systemd-235-r1.ebuild}  |   1 +
 3 files changed, 204 insertions(+), 149 deletions(-)

diff --git a/sys-apps/systemd/files/CVE-2017-15908.patch b/sys-apps/systemd/files/CVE-2017-15908.patch
new file mode 100644
index 00000000000..08e5e37514c
--- /dev/null
+++ b/sys-apps/systemd/files/CVE-2017-15908.patch
@@ -0,0 +1,39 @@
+From 9f939335a07085aa9a9663efd1dca06ef6405d62 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 25 Oct 2017 11:19:19 +0200
+Subject: [PATCH] resolved: fix loop on packets with pseudo dns types
+
+Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D.
+
+https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
+---
+ src/resolve/resolved-dns-packet.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
+index e2f227bfc..35f4d0689 100644
+--- a/src/resolve/resolved-dns-packet.c
++++ b/src/resolve/resolved-dns-packet.c
+@@ -1514,7 +1514,7 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
+ 
+                 found = true;
+ 
+-                while (bitmask) {
++                for (; bitmask; bit++, bitmask >>= 1)
+                         if (bitmap[i] & bitmask) {
+                                 uint16_t n;
+ 
+@@ -1528,10 +1528,6 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
+                                 if (r < 0)
+                                         return r;
+                         }
+-
+-                        bit++;
+-                        bitmask >>= 1;
+-                }
+         }
+ 
+         if (!found)
+-- 
+2.15.0.rc2
+

diff --git a/sys-apps/systemd/systemd-235.ebuild b/sys-apps/systemd/systemd-233-r5.ebuild
similarity index 59%
copy from sys-apps/systemd/systemd-235.ebuild
copy to sys-apps/systemd/systemd-233-r5.ebuild
index 6fe34a0809b..bce73fafb4f 100644
--- a/sys-apps/systemd/systemd-235.ebuild
+++ b/sys-apps/systemd/systemd-233-r5.ebuild
@@ -7,28 +7,29 @@ if [[ ${PV} == 9999 ]]; then
 	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
 	inherit git-r3
 else
-	SRC_URI="https://github.com/systemd/systemd/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~x86"
+	SRC_URI="https://github.com/systemd/systemd/archive/v${PV}.tar.gz -> ${P}.tar.gz
+		!doc? ( https://dev.gentoo.org/~floppym/dist/${P}-man.tar.gz )"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86"
 fi
 
 PYTHON_COMPAT=( python{3_4,3_5,3_6} )
 
-inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev user
+inherit autotools bash-completion-r1 linux-info multilib-minimal pam python-any-r1 systemd toolchain-funcs udev user
 
 DESCRIPTION="System and service manager for Linux"
 HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
 
 LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
 SLOT="0/2"
-IUSE="acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi http
-	idn importd +kmod libidn2 +lz4 lzma nat pam policykit
+IUSE="acl apparmor audit build cryptsetup curl doc elfutils +gcrypt gnuefi http
+	idn importd +kmod +lz4 lzma nat pam policykit
 	qrcode +seccomp selinux ssl sysv-utils test vanilla xkb"
 
 REQUIRED_USE="importd? ( curl gcrypt lzma )"
 
 MINKV="3.11"
 
-COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+COMMON_DEPEND=">=sys-apps/util-linux-2.27.1:0=[${MULTILIB_USEDEP}]
 	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
 	!<sys-libs/glibc-2.16
 	acl? ( sys-apps/acl:0= )
@@ -42,10 +43,7 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
 		>=net-libs/libmicrohttpd-0.9.33:0=
 		ssl? ( >=net-libs/gnutls-3.1.4:0= )
 	)
-	idn? (
-		libidn2? ( net-dns/libidn2 )
-		!libidn2? ( net-dns/libidn )
-	)
+	idn? ( net-dns/libidn:0= )
 	importd? (
 		app-arch/bzip2:0=
 		sys-libs/zlib:0=
@@ -100,9 +98,13 @@ DEPEND="${COMMON_DEPEND}
 	app-text/docbook-xml-dtd:4.5
 	app-text/docbook-xsl-stylesheets
 	dev-libs/libxslt:0
-	$(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
+	doc? ( $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') )
 "
 
+python_check_deps() {
+	has_version --host-root "dev-python/lxml[${PYTHON_USEDEP}]"
+}
+
 pkg_pretend() {
 	if [[ ${MERGE_TYPE} != buildonly ]]; then
 		local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
@@ -147,9 +149,16 @@ src_unpack() {
 }
 
 src_prepare() {
+	# Bug 463376
+	sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
+
 	local PATCHES=(
-		"${FILESDIR}"/235-0001-test-skip-hwdb-and-sysv-generator-if-the-features-ar.patch
-		"${FILESDIR}"/235-0002-networkd-Don-t-stop-networkd-if-CONFIG_FIB_RULES-n-i.patch
+		"${FILESDIR}/233-0001-Avoid-strict-DM-interface-version-dependencies-5519.patch"
+		"${FILESDIR}/233-CVE-2017-9445.patch"
+		"${FILESDIR}/233-format-warnings.patch"
+		"${FILESDIR}/233-0002-core-load-fragment-refuse-units-with-errors-in-RootD.patch"
+		"${FILESDIR}/233-0003-core-load-fragment-refuse-units-with-errors-in-certa.patch"
+		"${FILESDIR}/CVE-2017-15908.patch"
 	)
 
 	if ! use vanilla; then
@@ -157,159 +166,189 @@ src_prepare() {
 			"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
 			"${FILESDIR}/228-noclean-tmp.patch"
 			"${FILESDIR}/233-systemd-user-pam.patch"
-			"${FILESDIR}/234-uucp-group.patch"
-			"${FILESDIR}/generator-path.patch"
 		)
 	fi
 
 	[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
 
 	default
+
+	eautoreconf
 }
 
 src_configure() {
+	# Keep using the one where the rules were installed.
+	MY_UDEVDIR=$(get_udevdir)
+	# Fix systems broken by bug #509454.
+	[[ ${MY_UDEVDIR} ]] || MY_UDEVDIR=/lib/udev
+
 	# Prevent conflicts with i686 cross toolchain, bug 559726
 	tc-export AR CC NM OBJCOPY RANLIB
 
-	python_setup
+	use doc && python_setup
 
 	multilib-minimal_src_configure
 }
 
-meson_use() {
-	usex "$1" true false
-}
-
-meson_multilib() {
-	if multilib_is_native_abi; then
-		echo true
-	else
-		echo false
-	fi
-}
-
-meson_multilib_native_use() {
-	if multilib_is_native_abi && use "$1"; then
-		echo true
-	else
-		echo false
-	fi
-}
-
 multilib_src_configure() {
-	local myconf=(
-		--localstatedir="${EPREFIX}/var"
-		-Dpamlibdir="$(getpam_mod_dir)"
+	local myeconfargs=(
+		# disable -flto since it is an optimization flag
+		# and makes distcc less effective
+		cc_cv_CFLAGS__flto=no
+		# disable -fuse-ld=gold since Gentoo supports explicit linker
+		# choice and forcing gold is undesired, #539998
+		# ld.gold may collide with user's LDFLAGS, #545168
+		# ld.gold breaks sparc, #573874
+		cc_cv_LDFLAGS__Wl__fuse_ld_gold=no
+
+		# Workaround for gcc-4.7, bug 554454.
+		cc_cv_CFLAGS__Werror_shadow=no
+
+		# Workaround for bug 516346
+		--enable-dependency-tracking
+
+		--disable-maintainer-mode
+		--localstatedir=/var
+		--with-pamlibdir=$(getpam_mod_dir)
 		# avoid bash-completion dep
-		-Dbashcompletiondir="$(get_bashcompdir)"
+		--with-bashcompletiondir="$(get_bashcompdir)"
 		# make sure we get /bin:/sbin in $PATH
-		-Dsplit-usr=true
-		-Drootprefix="${EPREFIX}${ROOTPREFIX}"
-		-Dsysvinit-path=
-		-Dsysvrcnd-path=
+		--enable-split-usr
+		# For testing.
+		--with-rootprefix="${ROOTPREFIX-/usr}"
+		--with-rootlibdir="${ROOTPREFIX-/usr}/$(get_libdir)"
+		# disable sysv compatibility
+		--with-sysvinit-path=
+		--with-sysvrcnd-path=
 		# no deps
-		-Defi=$(meson_multilib)
-		-Dima=true
+		--enable-efi
+		--enable-ima
+
 		# Optional components/dependencies
-		-Dacl=$(meson_multilib_native_use acl)
-		-Dapparmor=$(meson_multilib_native_use apparmor)
-		-Daudit=$(meson_multilib_native_use audit)
-		-Dlibcryptsetup=$(meson_multilib_native_use cryptsetup)
-		-Dlibcurl=$(meson_multilib_native_use curl)
-		-Delfutils=$(meson_multilib_native_use elfutils)
-		-Dgcrypt=$(meson_use gcrypt)
-		-Dgnu-efi=$(meson_multilib_native_use gnuefi)
-		-Defi-libdir="/usr/$(get_libdir)"
-		-Dmicrohttpd=$(meson_multilib_native_use http)
-		$(usex http -Dgnutls=$(meson_multilib_native_use ssl) -Dgnutls=false)
-		-Dimportd=$(meson_multilib_native_use importd)
-		-Dbzip2=$(meson_multilib_native_use importd)
-		-Dzlib=$(meson_multilib_native_use importd)
-		-Dkmod=$(meson_multilib_native_use kmod)
-		-Dlz4=$(meson_use lz4)
-		-Dxz=$(meson_use lzma)
-		-Dlibiptc=$(meson_multilib_native_use nat)
-		-Dpam=$(meson_use pam)
-		-Dpolkit=$(meson_multilib_native_use policykit)
-		-Dqrencode=$(meson_multilib_native_use qrcode)
-		-Dseccomp=$(meson_multilib_native_use seccomp)
-		-Dselinux=$(meson_multilib_native_use selinux)
-		#-Dtests=$(meson_multilib_native_use test)
-		-Ddbus=$(meson_multilib_native_use test)
-		-Dxkbcommon=$(meson_multilib_native_use xkb)
+		$(multilib_native_use_enable acl)
+		$(multilib_native_use_enable apparmor)
+		$(multilib_native_use_enable audit)
+		$(multilib_native_use_enable cryptsetup libcryptsetup)
+		$(multilib_native_use_enable curl libcurl)
+		$(multilib_native_use_enable elfutils)
+		$(use_enable gcrypt)
+		$(multilib_native_use_enable gnuefi)
+		--with-efi-libdir="/usr/$(get_libdir)"
+		$(multilib_native_use_enable http microhttpd)
+		$(usex http $(multilib_native_use_enable ssl gnutls) --disable-gnutls)
+		$(multilib_native_use_enable idn libidn)
+		$(multilib_native_use_enable importd)
+		$(multilib_native_use_enable importd bzip2)
+		$(multilib_native_use_enable importd zlib)
+		$(multilib_native_use_enable kmod)
+		$(use_enable lz4)
+		$(use_enable lzma xz)
+		$(multilib_native_use_enable nat libiptc)
+		$(use_enable pam)
+		$(multilib_native_use_enable policykit polkit)
+		$(multilib_native_use_enable qrcode qrencode)
+		$(multilib_native_use_enable seccomp)
+		$(multilib_native_use_enable selinux)
+		$(multilib_native_use_enable test tests)
+		$(multilib_native_use_enable test dbus)
+		$(multilib_native_use_enable xkb xkbcommon)
+		$(multilib_native_use_with doc python)
+
 		# hardcode a few paths to spare some deps
-		-Dpath-kill=/bin/kill
-		-Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+		KILL=/bin/kill
+		QUOTAON=/usr/sbin/quotaon
+		QUOTACHECK=/usr/sbin/quotacheck
+
+		# TODO: we may need to restrict this to gcc
+		EFI_CC="$(tc-getCC)"
+
+		# dbus paths
+		--with-dbuspolicydir="${EPREFIX}/etc/dbus-1/system.d"
+		--with-dbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services"
+		--with-dbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services"
+
+		--with-ntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+
 		# Breaks screen, tmux, etc.
-		-Ddefault-kill-user-processes=false
-
-		# multilib options
-		-Dbacklight=$(meson_multilib)
-		-Dbinfmt=$(meson_multilib)
-		-Dcoredump=$(meson_multilib)
-		-Denvironment-d=$(meson_multilib)
-		-Dfirstboot=$(meson_multilib)
-		-Dhibernate=$(meson_multilib)
-		-Dhostnamed=$(meson_multilib)
-		-Dhwdb=$(meson_multilib)
-		-Dldconfig=$(meson_multilib)
-		-Dlocaled=$(meson_multilib)
-		-Dman=$(meson_multilib)
-		-Dnetworkd=$(meson_multilib)
-		-Dquotacheck=$(meson_multilib)
-		-Drandomseed=$(meson_multilib)
-		-Drfkill=$(meson_multilib)
-		-Dsysusers=$(meson_multilib)
-		-Dtimedated=$(meson_multilib)
-		-Dtimesyncd=$(meson_multilib)
-		-Dtmpfiles=$(meson_multilib)
-		-Dvconsole=$(meson_multilib)
+		--without-kill-user-processes
 	)
 
-	if multilib_is_native_abi && use idn; then
-		myconf+=(
-			-Dlibidn2=$(usex libidn2 true false)
-			-Dlibidn=$(usex libidn2 false true)
-		)
-	else
-		myconf+=(
-			-Dlibidn2=false
-			-Dlibidn=false
-		)
-	fi
+	# Work around bug 463846.
+	tc-export CC
 
-	meson_src_configure "${myconf[@]}"
+	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
 }
 
 multilib_src_compile() {
-	eninja
+	local mymakeopts=(
+		udevlibexecdir="${MY_UDEVDIR}"
+	)
+
+	if multilib_is_native_abi; then
+		emake "${mymakeopts[@]}"
+	else
+		emake built-sources
+		local targets=(
+			'$(rootlib_LTLIBRARIES)'
+			'$(lib_LTLIBRARIES)'
+			'$(pamlib_LTLIBRARIES)'
+			'$(pkgconfiglib_DATA)'
+		)
+		echo "gentoo: ${targets[*]}" | emake "${mymakeopts[@]}" -f Makefile -f - gentoo
+	fi
 }
 
 multilib_src_test() {
-	eninja test
+	multilib_is_native_abi || return 0
+	default
 }
 
 multilib_src_install() {
-	DESTDIR="${D}" eninja install
+	local mymakeopts=(
+		# automake fails with parallel libtool relinking
+		# https://bugs.gentoo.org/show_bug.cgi?id=491398
+		-j1
+
+		udevlibexecdir="${MY_UDEVDIR}"
+		dist_udevhwdb_DATA=
+		DESTDIR="${D}"
+	)
+
+	if multilib_is_native_abi; then
+		emake "${mymakeopts[@]}" install
+	else
+		mymakeopts+=(
+			install-rootlibLTLIBRARIES
+			install-libLTLIBRARIES
+			install-pamlibLTLIBRARIES
+			install-pkgconfiglibDATA
+			install-includeHEADERS
+			install-pkgincludeHEADERS
+		)
+
+		emake "${mymakeopts[@]}"
+	fi
 }
 
 multilib_src_install_all() {
-	# meson doesn't know about docdir
-	mv "${ED%/}"/usr/share/doc/{systemd,${PF}} || die
-
+	prune_libtool_files --modules
 	einstalldocs
 	dodoc "${FILESDIR}"/nsswitch.conf
 
+	if [[ ${PV} != 9999 ]]; then
+		use doc || doman "${WORKDIR}"/man/systemd.{directives,index}.7
+	fi
+
 	if use sysv-utils; then
 		for app in halt poweroff reboot runlevel shutdown telinit; do
-			dosym "${EPREFIX}${ROOTPREFIX%/}/bin/systemctl" /sbin/${app}
+			dosym "..${ROOTPREFIX-/usr}/bin/systemctl" /sbin/${app}
 		done
-		dosym "${EPREFIX}${ROOTPREFIX%/}/lib/systemd/systemd" /sbin/init
+		dosym "..${ROOTPREFIX-/usr}/lib/systemd/systemd" /sbin/init
 	else
 		# we just keep sysvinit tools, so no need for the mans
-		rm "${ED%/}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
+		rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
 			|| die
-		rm "${ED%/}"/usr/share/man/man1/init.1 || die
+		rm "${D}"/usr/share/man/man1/init.1 || die
 	fi
 
 	# Preserve empty dirs in /etc & /var, bug #437008
@@ -322,21 +361,11 @@ multilib_src_install_all() {
 
 	# If we install these symlinks, there is no way for the sysadmin to remove them
 	# permanently.
-	rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
-	rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.network1.service || die
-	rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
-	rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.resolve1.service || die
-	rm -fr "${ED%/}"/etc/systemd/system/network-online.target.wants || die
-	rm -fr "${ED%/}"/etc/systemd/system/sockets.target.wants || die
-	rm -fr "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
-
-	rm -r "${ED%/}${ROOTPREFIX%/}/lib/udev/hwdb.d" || die
-
-	if [[ ! -e "${ED%/}"/usr/lib/systemd/systemd ]]; then
-		# Avoid breaking boot/reboot
-		dosym "../../..${ROOTPREFIX%/}/lib/systemd/systemd" /usr/lib/systemd/systemd
-		dosym "../../..${ROOTPREFIX%/}/lib/systemd/systemd-shutdown" /usr/lib/systemd/systemd-shutdown
-	fi
+	rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
+	rm -f "${D}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
+	rm -r "${D}"/etc/systemd/system/network-online.target.wants || die
+	rm -r "${D}"/etc/systemd/system/sockets.target.wants || die
+	rm -r "${D}"/etc/systemd/system/sysinit.target.wants || die
 }
 
 migrate_locale() {
@@ -383,19 +412,6 @@ migrate_locale() {
 	fi
 }
 
-pkg_preinst() {
-	# If /lib/systemd and /usr/lib/systemd are the same directory, remove the
-	# symlinks we created in src_install.
-	if [[ $(realpath "${EROOT%/}${ROOTPREFIX}/lib/systemd") == $(realpath "${EROOT%/}/usr/lib/systemd") ]]; then
-		if [[ -L ${ED%/}/usr/lib/systemd/systemd ]]; then
-			rm "${ED%/}/usr/lib/systemd/systemd" || die
-		fi
-		if [[ -L ${ED%/}/usr/lib/systemd/systemd-shutdown ]]; then
-			rm "${ED%/}/usr/lib/systemd/systemd-shutdown" || die
-		fi
-	fi
-}
-
 pkg_postinst() {
 	newusergroup() {
 		enewgroup "$1"
@@ -403,7 +419,6 @@ pkg_postinst() {
 	}
 
 	enewgroup input
-	enewgroup kvm 78
 	enewgroup systemd-journal
 	newusergroup systemd-bus-proxy
 	newusergroup systemd-coredump
@@ -419,7 +434,7 @@ pkg_postinst() {
 	# Keep this here in case the database format changes so it gets updated
 	# when required. Despite that this file is owned by sys-apps/hwids.
 	if has_version "sys-apps/hwids[udev]"; then
-		udevadm hwdb --update --root="${EROOT%/}"
+		udevadm hwdb --update --root="${ROOT%/}"
 	fi
 
 	udev_reload || FAIL=1

diff --git a/sys-apps/systemd/systemd-235.ebuild b/sys-apps/systemd/systemd-235-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-235.ebuild
rename to sys-apps/systemd/systemd-235-r1.ebuild
index 6fe34a0809b..2bb192a49e2 100644
--- a/sys-apps/systemd/systemd-235.ebuild
+++ b/sys-apps/systemd/systemd-235-r1.ebuild
@@ -150,6 +150,7 @@ src_prepare() {
 	local PATCHES=(
 		"${FILESDIR}"/235-0001-test-skip-hwdb-and-sysv-generator-if-the-features-ar.patch
 		"${FILESDIR}"/235-0002-networkd-Don-t-stop-networkd-if-CONFIG_FIB_RULES-n-i.patch
+		"${FILESDIR}/CVE-2017-15908.patch"
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2017-10-08 14:40 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2017-10-08 14:40 UTC (permalink / raw
  To: gentoo-commits

commit:     e570678453f45c1d34a3c0cd1e12a14ade8ff9ef
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Oct  8 14:17:16 2017 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Oct  8 14:40:08 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5706784

sys-apps/systemd: bump to 235

Closes: https://bugs.gentoo.org/633656
Package-Manager: Portage-2.3.10_p4, Repoman-2.3.3_p52

 sys-apps/systemd/Manifest                          |  1 +
 ...wdb-and-sysv-generator-if-the-features-ar.patch | 44 ++++++++++++++++++++++
 ...sr-lib-systemd-s.patch => generator-path.patch} |  0
 sys-apps/systemd/systemd-234-r4.ebuild             |  2 +-
 .../{systemd-9999.ebuild => systemd-235.ebuild}    | 12 ++++--
 sys-apps/systemd/systemd-9999.ebuild               | 11 ++++--
 6 files changed, 61 insertions(+), 9 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index e4684c7c942..0bfb021bca2 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,3 +1,4 @@
 DIST systemd-233-man.tar.gz 31386 SHA256 825e62eb82c4e23997061fc8f56f7ec9bb1e6ac1111d279c76c926cc2bfbf1dc SHA512 cc5215d3590ffc3c9203a64c14d6adeb0148c421c1396b8c1e43dcb58763b687ce99bdee327dd8a00abab7198171e73b22109a3f2032e4cec6adf2dcc85acf40 WHIRLPOOL ff1f36beff377f675047271df38503e8b71d615ea73c5fdfebf465edaf1fe29b4f89e3194d65cdf84eec9b7c3156de597627fdaffa4b86018520aaa127a7a159
 DIST systemd-233.tar.gz 4660737 SHA256 8b3e99da3d4164b66581830a7f2436c0c8fe697b5fbdc3927bdb960646be0083 SHA512 5ad5329ea116d973cf67096f7e7ad28e9ea0905696e9451291f1d25e5064f4a9bfcfae87e912996c6a38397e9f4a148d4ccecfa9b70f7ecdf04deadb61784c8e WHIRLPOOL ce19f6a546b8f899cfa952e49d47f063fd29186be4a53391bc30ea2c487eb2c140a74ad843a1dc499bb61bba3e9ca055613852291e38b85af5d79c59409dc176
 DIST systemd-234.tar.gz 4800186 SHA256 da3e69d10aa1c983d33833372ad4929037b411ac421fb085c8cee79ae1d80b6a SHA512 762336a7d96c6583cf71cad62efce95a0ed93cd0a0d7251f128d10dba8200c0c8df0e5a7d168179ababa5b221295a231e73b7e7ea2697cb3fb5c1b33538efa68 WHIRLPOOL 9ff9f25ce82514db969a427eee51c0483b2bcaaa611f93c1fc17c356ea25eee712217708c54101ecaafd835cd8ac988b16e8ad411b48541a32442b9a0d148f07
+DIST systemd-235.tar.gz 6586406 SHA256 25811f96f5a027bf2a4c9383495cf5b623e385d84da31e473cf375932b3e9c52 SHA512 243f2eb5340fa37dd1286eaa63e83387bda9e03953af266cd6196a37535a13491482caf14c6ab10608bba4ed23b6c41923608e52017e0c26988ed72ddd2b9993 WHIRLPOOL 05e50b31f7b3b1cd756abd1580dddae0e114953857564133784fc43b9ecd0e203ee534aaf76531ca7af5c43b03b9b73c6cbbbb1caf5afb17502555cc52fe06cd

diff --git a/sys-apps/systemd/files/235-0001-test-skip-hwdb-and-sysv-generator-if-the-features-ar.patch b/sys-apps/systemd/files/235-0001-test-skip-hwdb-and-sysv-generator-if-the-features-ar.patch
new file mode 100644
index 00000000000..bd2b3364369
--- /dev/null
+++ b/sys-apps/systemd/files/235-0001-test-skip-hwdb-and-sysv-generator-if-the-features-ar.patch
@@ -0,0 +1,44 @@
+From c013a410d0ec5f419ce8d53df19946795849591b Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Sun, 8 Oct 2017 09:47:05 -0400
+Subject: [PATCH] test: skip hwdb and sysv-generator if the features are
+ disabled
+
+---
+ test/meson.build | 16 ++++++++++------
+ 1 file changed, 10 insertions(+), 6 deletions(-)
+
+diff --git a/test/meson.build b/test/meson.build
+index 995a97177..c2df7ec22 100644
+--- a/test/meson.build
++++ b/test/meson.build
+@@ -163,9 +163,11 @@ endif
+ 
+ ############################################################
+ 
+-sysv_generator_test_py = find_program('sysv-generator-test.py')
+-test('sysv-generator-test',
+-     sysv_generator_test_py)
++if conf.get('HAVE_SYSV_COMPAT') == 1
++        sysv_generator_test_py = find_program('sysv-generator-test.py')
++        test('sysv-generator-test',
++             sysv_generator_test_py)
++endif
+ 
+ ############################################################
+ 
+@@ -181,6 +183,8 @@ udev_test_pl = find_program('udev-test.pl')
+ test('udev-test',
+      udev_test_pl)
+ 
+-hwdb_test_sh = find_program('hwdb-test.sh')
+-test('hwdb-test',
+-     hwdb_test_sh)
++if conf.get('ENABLE_HWDB') == 1
++        hwdb_test_sh = find_program('hwdb-test.sh')
++        test('hwdb-test',
++             hwdb_test_sh)
++endif
+-- 
+2.14.2
+

diff --git a/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch b/sys-apps/systemd/files/generator-path.patch
similarity index 100%
rename from sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
rename to sys-apps/systemd/files/generator-path.patch

diff --git a/sys-apps/systemd/systemd-234-r4.ebuild b/sys-apps/systemd/systemd-234-r4.ebuild
index 0085a0578fa..a4c94bd3a96 100644
--- a/sys-apps/systemd/systemd-234-r4.ebuild
+++ b/sys-apps/systemd/systemd-234-r4.ebuild
@@ -148,7 +148,6 @@ src_unpack() {
 
 src_prepare() {
 	local PATCHES=(
-		"${FILESDIR}"/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
 		"${FILESDIR}"/234-0002-cryptsetup-fix-infinite-timeout-6486.patch
 		"${FILESDIR}"/234-0003-resolved-make-sure-idn2-conversions-are-roundtrippab.patch
 		"${FILESDIR}"/234-0004-logind-make-sure-we-don-t-process-the-same-method-ca.patch
@@ -160,6 +159,7 @@ src_prepare() {
 			"${FILESDIR}/228-noclean-tmp.patch"
 			"${FILESDIR}/233-systemd-user-pam.patch"
 			"${FILESDIR}/234-uucp-group.patch"
+			"${FILESDIR}/generator-path.patch"
 		)
 	fi
 

diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-235.ebuild
similarity index 95%
copy from sys-apps/systemd/systemd-9999.ebuild
copy to sys-apps/systemd/systemd-235.ebuild
index 6be7da5ca64..6647d41a680 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-235.ebuild
@@ -148,6 +148,7 @@ src_unpack() {
 
 src_prepare() {
 	local PATCHES=(
+		"${FILESDIR}"/235-0001-test-skip-hwdb-and-sysv-generator-if-the-features-ar.patch
 	)
 
 	if ! use vanilla; then
@@ -156,6 +157,7 @@ src_prepare() {
 			"${FILESDIR}/228-noclean-tmp.patch"
 			"${FILESDIR}/233-systemd-user-pam.patch"
 			"${FILESDIR}/234-uucp-group.patch"
+			"${FILESDIR}/generator-path.patch"
 		)
 	fi
 
@@ -319,11 +321,13 @@ multilib_src_install_all() {
 
 	# If we install these symlinks, there is no way for the sysadmin to remove them
 	# permanently.
-	rm "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
+	rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
+	rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.network1.service || die
 	rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
-	rm -r "${ED%/}"/etc/systemd/system/network-online.target.wants || die
-	rm -r "${ED%/}"/etc/systemd/system/sockets.target.wants || die
-	rm -r "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
+	rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.resolve1.service || die
+	rm -fr "${ED%/}"/etc/systemd/system/network-online.target.wants || die
+	rm -fr "${ED%/}"/etc/systemd/system/sockets.target.wants || die
+	rm -fr "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
 
 	rm -r "${ED%/}${ROOTPREFIX%/}/lib/udev/hwdb.d" || die
 

diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 6be7da5ca64..3a0d6c4312e 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -156,6 +156,7 @@ src_prepare() {
 			"${FILESDIR}/228-noclean-tmp.patch"
 			"${FILESDIR}/233-systemd-user-pam.patch"
 			"${FILESDIR}/234-uucp-group.patch"
+			"${FILESDIR}/generator-path.patch"
 		)
 	fi
 
@@ -319,11 +320,13 @@ multilib_src_install_all() {
 
 	# If we install these symlinks, there is no way for the sysadmin to remove them
 	# permanently.
-	rm "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
+	rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
+	rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.network1.service || die
 	rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
-	rm -r "${ED%/}"/etc/systemd/system/network-online.target.wants || die
-	rm -r "${ED%/}"/etc/systemd/system/sockets.target.wants || die
-	rm -r "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
+	rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.resolve1.service || die
+	rm -fr "${ED%/}"/etc/systemd/system/network-online.target.wants || die
+	rm -fr "${ED%/}"/etc/systemd/system/sockets.target.wants || die
+	rm -fr "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
 
 	rm -r "${ED%/}${ROOTPREFIX%/}/lib/udev/hwdb.d" || die
 


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2017-08-13 23:08 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2017-08-13 23:08 UTC (permalink / raw
  To: gentoo-commits

commit:     3a1a0a2241cc8e2874ff3d85333136fc491b06ec
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 13 23:02:17 2017 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Aug 13 23:07:15 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a1a0a22

sys-apps/systemd: replace uucp sed with a patch

Bug: https://bugs.gentoo.org/625720
Package-Manager: Portage-2.3.6_p34, Repoman-2.3.3_p12

 sys-apps/systemd/files/234-uucp-group.patch | 11 +++++++++++
 sys-apps/systemd/systemd-234-r2.ebuild      |  4 +---
 sys-apps/systemd/systemd-9999.ebuild        |  4 +---
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/sys-apps/systemd/files/234-uucp-group.patch b/sys-apps/systemd/files/234-uucp-group.patch
new file mode 100644
index 00000000000..89cf552c829
--- /dev/null
+++ b/sys-apps/systemd/files/234-uucp-group.patch
@@ -0,0 +1,11 @@
+--- a/rules/50-udev-default.rules.in
++++ b/rules/50-udev-default.rules.in
+@@ -22,7 +22,7 @@
+ SUBSYSTEM=="tty", KERNEL=="ttysclp[0-9]*", GROUP="tty", MODE="0620"
+ SUBSYSTEM=="tty", KERNEL=="3270/tty[0-9]*", GROUP="tty", MODE="0620"
+ SUBSYSTEM=="vc", KERNEL=="vcs*|vcsa*", GROUP="tty"
+-KERNEL=="tty[A-Z]*[0-9]|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", GROUP="dialout"
++KERNEL=="tty[A-Z]*[0-9]|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", GROUP="uucp"
+ 
+ SUBSYSTEM=="mem", KERNEL=="mem|kmem|port", GROUP="kmem", MODE="0640"
+ 

diff --git a/sys-apps/systemd/systemd-234-r2.ebuild b/sys-apps/systemd/systemd-234-r2.ebuild
index 9d10c9d3fe4..dceb9eda711 100644
--- a/sys-apps/systemd/systemd-234-r2.ebuild
+++ b/sys-apps/systemd/systemd-234-r2.ebuild
@@ -147,9 +147,6 @@ src_unpack() {
 }
 
 src_prepare() {
-	# Bug 463376
-	sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
-
 	local PATCHES=(
 		"${FILESDIR}"/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
 	)
@@ -159,6 +156,7 @@ src_prepare() {
 			"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
 			"${FILESDIR}/228-noclean-tmp.patch"
 			"${FILESDIR}/233-systemd-user-pam.patch"
+			"${FILESDIR}/234-uucp-group.patch"
 		)
 	fi
 

diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 78c85bbcdd1..835ac073e82 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -147,9 +147,6 @@ src_unpack() {
 }
 
 src_prepare() {
-	# Bug 463376
-	sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
-
 	local PATCHES=(
 	)
 
@@ -158,6 +155,7 @@ src_prepare() {
 			"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
 			"${FILESDIR}/228-noclean-tmp.patch"
 			"${FILESDIR}/233-systemd-user-pam.patch"
+			"${FILESDIR}/234-uucp-group.patch"
 		)
 	fi
 


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2017-07-17 15:28 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2017-07-17 15:28 UTC (permalink / raw
  To: gentoo-commits

commit:     3b5be41d4d70c3761351cb4985c7da8f785858c5
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 17 15:27:38 2017 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Jul 17 15:27:38 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3b5be41d

sys-apps/systemd: look for generators in {,/usr}/lib/systemd/system-generators

Bug: https://bugs.gentoo.org/625402
Package-Manager: Portage-2.3.6_p16, Repoman-2.3.2_p84

 ...-look-for-generators-in-usr-lib-systemd-s.patch | 27 ++++++++++++++++++++++
 .../{systemd-234.ebuild => systemd-234-r1.ebuild}  |  1 +
 2 files changed, 28 insertions(+)

diff --git a/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch b/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
new file mode 100644
index 00000000000..47e2730a7b3
--- /dev/null
+++ b/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
@@ -0,0 +1,27 @@
+From d9287b10d714175521e3bcd6c53de4819b1357c5 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Mon, 17 Jul 2017 11:21:25 -0400
+Subject: [PATCH] path-lookup: look for generators in
+ {,/usr}/lib/systemd/system-generators
+
+Bug: https://bugs.gentoo.org/625402
+---
+ src/shared/path-lookup.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c
+index e2b3f8b74..1ee0e1cdb 100644
+--- a/src/shared/path-lookup.c
++++ b/src/shared/path-lookup.c
+@@ -821,6 +821,8 @@ char **generator_binary_paths(UnitFileScope scope) {
+                 return strv_new("/run/systemd/system-generators",
+                                 "/etc/systemd/system-generators",
+                                 "/usr/local/lib/systemd/system-generators",
++                                "/usr/lib/systemd/system-generators",
++                                "/lib/systemd/system-generators",
+                                 SYSTEM_GENERATOR_PATH,
+                                 NULL);
+ 
+-- 
+2.13.3
+

diff --git a/sys-apps/systemd/systemd-234.ebuild b/sys-apps/systemd/systemd-234-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-234.ebuild
rename to sys-apps/systemd/systemd-234-r1.ebuild
index c80965e1c39..6aaaaf45860 100644
--- a/sys-apps/systemd/systemd-234.ebuild
+++ b/sys-apps/systemd/systemd-234-r1.ebuild
@@ -151,6 +151,7 @@ src_prepare() {
 	sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
 
 	local PATCHES=(
+		"${FILESDIR}"/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2017-07-02 15:56 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2017-07-02 15:56 UTC (permalink / raw
  To: gentoo-commits

commit:     dc1c5167bcf33b3a500b072f5c40e8c2c7ab57c4
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Jul  2 15:53:46 2017 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Jul  2 15:56:13 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc1c5167

sys-apps/systemd: fix build failure on ia64/alpha

Bug: https://bugs.gentoo.org/623536
Bug: https://bugs.gentoo.org/612102
Package-Manager: Portage-2.3.6_p9, Repoman-2.3.2_p77

 sys-apps/systemd/files/233-format-warnings.patch | 84 ++++++++++++++++++++++++
 sys-apps/systemd/systemd-233-r3.ebuild           |  1 +
 2 files changed, 85 insertions(+)

diff --git a/sys-apps/systemd/files/233-format-warnings.patch b/sys-apps/systemd/files/233-format-warnings.patch
new file mode 100644
index 00000000000..7bb08f0a320
--- /dev/null
+++ b/sys-apps/systemd/files/233-format-warnings.patch
@@ -0,0 +1,84 @@
+From 3e7d14d78c4d15ec7789299216cbf5c58e61547b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sat, 3 Jun 2017 05:41:17 -0400
+Subject: [PATCH] sd-bus: silence format warnings in kdbus code (#6072)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The code is mostly correct, but gcc is trying to outsmart us, and emits a
+warning for a "llu vs lu" mismatch, even though they are the same size (on alpha):
+
+src/libsystemd/sd-bus/bus-control.c: In function ‘kernel_get_list’:
+src/libsystemd/sd-bus/bus-control.c:267:42: error: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64 {aka long unsigned int}’ [-Werror=format=]
+                         if (asprintf(&n, ":1.%llu", name->id) < 0) {
+                                          ^
+src/libsystemd/sd-bus/bus-control.c: In function ‘bus_get_name_creds_kdbus’:
+src/libsystemd/sd-bus/bus-control.c:714:47: error: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64 {aka long unsigned int}’ [-Werror=format=]
+                 if (asprintf(&c->unique_name, ":1.%llu", conn_info->id) < 0) {
+                                               ^
+This is hard to work around properly, because kdbus.h uses __u64 which is
+defined-differently-despite-being-the-same-size then uint64_t. Thus the simple
+solution of using %PRIu64 fails on amd64:
+
+src/libsystemd/sd-bus/bus-control.c:714:47: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘__u64 {aka long long unsigned int}’ [-Werror=format=]
+                 if (asprintf(&c->unique_name, ":1.%"PRIu64, conn_info->id) < 0) {
+                                               ^~~~~~
+
+Let's just avoid the whole issue for now by silencing the warning.
+After the next release, we should just get rid of the kdbus code.
+
+Fixes #5561.
+---
+ src/libsystemd/sd-bus/bus-control.c | 6 ++++++
+ src/libsystemd/sd-bus/bus-kernel.c  | 2 ++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/src/libsystemd/sd-bus/bus-control.c b/src/libsystemd/sd-bus/bus-control.c
+index 9e58ffbd8..303ae0f23 100644
+--- a/src/libsystemd/sd-bus/bus-control.c
++++ b/src/libsystemd/sd-bus/bus-control.c
+@@ -264,10 +264,13 @@ static int kernel_get_list(sd_bus *bus, uint64_t flags, char ***x) {
+                 if ((flags & KDBUS_LIST_UNIQUE) && name->id != previous_id && !(name->flags & KDBUS_HELLO_ACTIVATOR)) {
+                         char *n;
+ 
++#pragma GCC diagnostic push
++#pragma GCC diagnostic ignored "-Wformat"
+                         if (asprintf(&n, ":1.%llu", name->id) < 0) {
+                                 r = -ENOMEM;
+                                 goto fail;
+                         }
++#pragma GCC diagnostic pop
+ 
+                         r = strv_consume(x, n);
+                         if (r < 0)
+@@ -711,10 +714,13 @@ int bus_get_name_creds_kdbus(
+         }
+ 
+         if (mask & SD_BUS_CREDS_UNIQUE_NAME) {
++#pragma GCC diagnostic push
++#pragma GCC diagnostic ignored "-Wformat"
+                 if (asprintf(&c->unique_name, ":1.%llu", conn_info->id) < 0) {
+                         r = -ENOMEM;
+                         goto fail;
+                 }
++#pragma GCC diagnostic pop
+ 
+                 c->mask |= SD_BUS_CREDS_UNIQUE_NAME;
+         }
+diff --git a/src/libsystemd/sd-bus/bus-kernel.c b/src/libsystemd/sd-bus/bus-kernel.c
+index c82caeb3f..ca6aee7c0 100644
+--- a/src/libsystemd/sd-bus/bus-kernel.c
++++ b/src/libsystemd/sd-bus/bus-kernel.c
+@@ -51,6 +51,8 @@
+ #include "user-util.h"
+ #include "util.h"
+ 
++#pragma GCC diagnostic ignored "-Wformat"
++
+ #define UNIQUE_NAME_MAX (3+DECIMAL_STR_MAX(uint64_t))
+ 
+ int bus_kernel_parse_unique_name(const char *s, uint64_t *id) {
+-- 
+2.13.2
+

diff --git a/sys-apps/systemd/systemd-233-r3.ebuild b/sys-apps/systemd/systemd-233-r3.ebuild
index 8210bd8a2f9..ab19c28efc0 100644
--- a/sys-apps/systemd/systemd-233-r3.ebuild
+++ b/sys-apps/systemd/systemd-233-r3.ebuild
@@ -155,6 +155,7 @@ src_prepare() {
 	local PATCHES=(
 		"${FILESDIR}/233-0001-Avoid-strict-DM-interface-version-dependencies-5519.patch"
 		"${FILESDIR}/233-CVE-2017-9445.patch"
+		"${FILESDIR}/233-format-warnings.patch"
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2017-06-28 20:31 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2017-06-28 20:31 UTC (permalink / raw
  To: gentoo-commits

commit:     e9a542b09cb0ee4c3b085881190bed393f4ece03
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 28 20:30:47 2017 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Jun 28 20:31:08 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e9a542b0

sys-apps/systemd: update CVE-2017-9445 patch after upstream revert

Package-Manager: Portage-2.3.6_p9, Repoman-2.3.2_p77

 sys-apps/systemd/files/233-CVE-2017-9445.patch     | 29 ----------------------
 ...systemd-233-r2.ebuild => systemd-233-r3.ebuild} |  0
 2 files changed, 29 deletions(-)

diff --git a/sys-apps/systemd/files/233-CVE-2017-9445.patch b/sys-apps/systemd/files/233-CVE-2017-9445.patch
index a05c41f47b6..22a366ceba0 100644
--- a/sys-apps/systemd/files/233-CVE-2017-9445.patch
+++ b/sys-apps/systemd/files/233-CVE-2017-9445.patch
@@ -147,32 +147,3 @@ index 3abcaf8cf..5dff272fd 100644
          int n_ref;
 -- 
 2.13.1
-
-
-From 415871d88e0c44acf8b90dc07245809087a65d2c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Wed, 28 Jun 2017 12:24:37 -0400
-Subject: [PATCH 4/4] resolved: drop unnecessary comparison (#6220)
-
-mtu is always greater than UDP_PACKET_HEADER_SIZE at this point.
-Pointed out by Benjamin Robin.
----
- src/resolve/resolved-dns-packet.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
-index e2285b440..738d4cc8f 100644
---- a/src/resolve/resolved-dns-packet.c
-+++ b/src/resolve/resolved-dns-packet.c
-@@ -57,7 +57,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
-         if (mtu < UDP_PACKET_HEADER_SIZE)
-                 a = DNS_PACKET_SIZE_START;
-         else
--                a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
-+                a = mtu;
- 
-         /* round up to next page size */
-         a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
--- 
-2.13.1
-

diff --git a/sys-apps/systemd/systemd-233-r2.ebuild b/sys-apps/systemd/systemd-233-r3.ebuild
similarity index 100%
rename from sys-apps/systemd/systemd-233-r2.ebuild
rename to sys-apps/systemd/systemd-233-r3.ebuild


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2017-01-10 22:22 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2017-01-10 22:22 UTC (permalink / raw
  To: gentoo-commits

commit:     de560673b0254d41cc9ba910df222cf558ceafe3
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 10 22:15:58 2017 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Tue Jan 10 22:22:54 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=de560673

sys-apps/systemd: fix build with gperf-3.1

Bug: https://bugs.gentoo.org/605022

Package-Manager: Portage-2.3.3_p25, Repoman-2.3.1_p18

 ...eck-for-lz4-in-the-old-and-new-numbering.patch} |  12 +-
 ...dd-check-for-gperf-lookup-function-signat.patch | 302 +++++++++++++++++++++
 sys-apps/systemd/systemd-232.ebuild                |   3 +-
 3 files changed, 310 insertions(+), 7 deletions(-)

diff --git a/sys-apps/systemd/files/232-lz4-version.patch b/sys-apps/systemd/files/232-0001-build-sys-check-for-lz4-in-the-old-and-new-numbering.patch
similarity index 83%
rename from sys-apps/systemd/files/232-lz4-version.patch
rename to sys-apps/systemd/files/232-0001-build-sys-check-for-lz4-in-the-old-and-new-numbering.patch
index d99ceda..788f0aa 100644
--- a/sys-apps/systemd/files/232-lz4-version.patch
+++ b/sys-apps/systemd/files/232-0001-build-sys-check-for-lz4-in-the-old-and-new-numbering.patch
@@ -1,8 +1,8 @@
-From 3d4cf7de48a74726694abbaa09f9804b845ff3ba Mon Sep 17 00:00:00 2001
+From 63621678f44325b4c48574f9c9d7a3c499d1a608 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Wed, 23 Nov 2016 10:18:30 -0500
-Subject: [PATCH] build-sys: check for lz4 in the old and new numbering scheme
- (#4717)
+Subject: [PATCH 1/2] build-sys: check for lz4 in the old and new numbering
+ scheme (#4717)
 
 lz4 upstream decided to switch to an incompatible numbering scheme
 (1.7.3 follows 131, to match the so version).
@@ -19,12 +19,12 @@ Fixed #4690.
  1 file changed, 6 insertions(+), 3 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index 65eaae1ae..5979de4dc 100644
+index 0b10fc7de..1928e65bd 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -621,10 +621,13 @@ AM_CONDITIONAL(HAVE_BZIP2, [test "$have_bzip2" = "yes"])
+@@ -623,10 +623,13 @@ AM_CONDITIONAL(HAVE_BZIP2, [test "$have_bzip2" = "yes"])
  have_lz4=no
- AC_ARG_ENABLE(lz4, AS_HELP_STRING([--disable-lz4], [disable optional LZ4 support]))
+ AC_ARG_ENABLE(lz4, AS_HELP_STRING([--disable-lz4], [Disable optional LZ4 support]))
  AS_IF([test "x$enable_lz4" != "xno"], [
 -        PKG_CHECK_MODULES(LZ4, [ liblz4 >= 125 ],
 -               [AC_DEFINE(HAVE_LZ4, 1, [Define in LZ4 is available])

diff --git a/sys-apps/systemd/files/232-0002-build-sys-add-check-for-gperf-lookup-function-signat.patch b/sys-apps/systemd/files/232-0002-build-sys-add-check-for-gperf-lookup-function-signat.patch
new file mode 100644
index 00000000..440ec75
--- /dev/null
+++ b/sys-apps/systemd/files/232-0002-build-sys-add-check-for-gperf-lookup-function-signat.patch
@@ -0,0 +1,302 @@
+From 016fb3b83b861cfe58694996076a9764dcb46475 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppymaster@gmail.com>
+Date: Tue, 10 Jan 2017 02:39:05 -0500
+Subject: [PATCH 2/2] build-sys: add check for gperf lookup function signature
+ (#5055)
+
+gperf-3.1 generates lookup functions that take a size_t length
+parameter instead of unsigned int. Test for this at configure time.
+
+Fixes: https://github.com/systemd/systemd/issues/5039
+---
+ configure.ac                     | 22 ++++++++++++++++++++++
+ src/basic/af-list.c              |  2 +-
+ src/basic/arphrd-list.c          |  2 +-
+ src/basic/cap-list.c             |  2 +-
+ src/basic/errno-list.c           |  2 +-
+ src/core/load-fragment.h         |  2 +-
+ src/journal/journald-server.h    |  2 +-
+ src/login/logind.h               |  2 +-
+ src/network/networkd-conf.h      |  2 +-
+ src/network/networkd-netdev.h    |  2 +-
+ src/network/networkd-network.h   |  2 +-
+ src/nspawn/nspawn-settings.h     |  2 +-
+ src/resolve/dns-type.c           |  2 +-
+ src/resolve/resolved-conf.h      |  2 +-
+ src/test/test-af-list.c          |  2 +-
+ src/test/test-arphrd-list.c      |  2 +-
+ src/timesync/timesyncd-conf.h    |  2 +-
+ src/udev/net/link-config.h       |  2 +-
+ src/udev/udev-builtin-keyboard.c |  2 +-
+ 19 files changed, 40 insertions(+), 18 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 1928e65bd..5c639e32d 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -258,6 +258,28 @@ AC_CHECK_SIZEOF(rlim_t,,[
+        #include <sys/resource.h>
+ ])
+ 
++GPERF_TEST="$(echo foo,bar | ${GPERF} -L ANSI-C)"
++
++AC_COMPILE_IFELSE(
++        [AC_LANG_PROGRAM([
++                #include <string.h>
++                const char * in_word_set(const char *, size_t);
++                $GPERF_TEST]
++        )],
++        [GPERF_LEN_TYPE=size_t],
++        [AC_COMPILE_IFELSE(
++                [AC_LANG_PROGRAM([
++                        #include <string.h>
++                        const char * in_word_set(const char *, unsigned);
++                        $GPERF_TEST]
++                )],
++                [GPERF_LEN_TYPE=unsigned],
++                [AC_MSG_ERROR([** unable to determine gperf len type])]
++        )]
++)
++
++AC_DEFINE_UNQUOTED([GPERF_LEN_TYPE], [$GPERF_LEN_TYPE], [gperf len type])
++
+ # ------------------------------------------------------------------------------
+ # we use python to build the man page index
+ have_python=no
+diff --git a/src/basic/af-list.c b/src/basic/af-list.c
+index 3fac9c508..4b291d177 100644
+--- a/src/basic/af-list.c
++++ b/src/basic/af-list.c
+@@ -23,7 +23,7 @@
+ #include "af-list.h"
+ #include "macro.h"
+ 
+-static const struct af_name* lookup_af(register const char *str, register unsigned int len);
++static const struct af_name* lookup_af(register const char *str, register GPERF_LEN_TYPE len);
+ 
+ #include "af-from-name.h"
+ #include "af-to-name.h"
+diff --git a/src/basic/arphrd-list.c b/src/basic/arphrd-list.c
+index 6792d1ee3..2d598dc66 100644
+--- a/src/basic/arphrd-list.c
++++ b/src/basic/arphrd-list.c
+@@ -23,7 +23,7 @@
+ #include "arphrd-list.h"
+ #include "macro.h"
+ 
+-static const struct arphrd_name* lookup_arphrd(register const char *str, register unsigned int len);
++static const struct arphrd_name* lookup_arphrd(register const char *str, register GPERF_LEN_TYPE len);
+ 
+ #include "arphrd-from-name.h"
+ #include "arphrd-to-name.h"
+diff --git a/src/basic/cap-list.c b/src/basic/cap-list.c
+index 3e773a06f..d68cc78d0 100644
+--- a/src/basic/cap-list.c
++++ b/src/basic/cap-list.c
+@@ -26,7 +26,7 @@
+ #include "parse-util.h"
+ #include "util.h"
+ 
+-static const struct capability_name* lookup_capability(register const char *str, register unsigned int len);
++static const struct capability_name* lookup_capability(register const char *str, register GPERF_LEN_TYPE len);
+ 
+ #include "cap-from-name.h"
+ #include "cap-to-name.h"
+diff --git a/src/basic/errno-list.c b/src/basic/errno-list.c
+index 31b66bad5..c6a01eec8 100644
+--- a/src/basic/errno-list.c
++++ b/src/basic/errno-list.c
+@@ -23,7 +23,7 @@
+ #include "macro.h"
+ 
+ static const struct errno_name* lookup_errno(register const char *str,
+-                                             register unsigned int len);
++                                             register GPERF_LEN_TYPE len);
+ 
+ #include "errno-from-name.h"
+ #include "errno-to-name.h"
+diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h
+index c05f205c3..ede6b1f73 100644
+--- a/src/core/load-fragment.h
++++ b/src/core/load-fragment.h
+@@ -118,7 +118,7 @@ int config_parse_user_group(const char *unit, const char *filename, unsigned lin
+ int config_parse_user_group_strv(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+ 
+ /* gperf prototypes */
+-const struct ConfigPerfItem* load_fragment_gperf_lookup(const char *key, unsigned length);
++const struct ConfigPerfItem* load_fragment_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
+ extern const char load_fragment_gperf_nulstr[];
+ 
+ typedef enum Disabled {
+diff --git a/src/journal/journald-server.h b/src/journal/journald-server.h
+index 99d91496b..d1520c45d 100644
+--- a/src/journal/journald-server.h
++++ b/src/journal/journald-server.h
+@@ -179,7 +179,7 @@ void server_dispatch_message(Server *s, struct iovec *iovec, unsigned n, unsigne
+ void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) _printf_(3,0) _sentinel_;
+ 
+ /* gperf lookup function */
+-const struct ConfigPerfItem* journald_gperf_lookup(const char *key, unsigned length);
++const struct ConfigPerfItem* journald_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
+ 
+ int config_parse_storage(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+ 
+diff --git a/src/login/logind.h b/src/login/logind.h
+index 086fa1eeb..7556ee2e4 100644
+--- a/src/login/logind.h
++++ b/src/login/logind.h
+@@ -182,7 +182,7 @@ int manager_unit_is_active(Manager *manager, const char *unit);
+ int manager_job_is_active(Manager *manager, const char *path);
+ 
+ /* gperf lookup function */
+-const struct ConfigPerfItem* logind_gperf_lookup(const char *key, unsigned length);
++const struct ConfigPerfItem* logind_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
+ 
+ int manager_set_lid_switch_ignore(Manager *m, usec_t until);
+ 
+diff --git a/src/network/networkd-conf.h b/src/network/networkd-conf.h
+index c7bfb42a7..00ddb7672 100644
+--- a/src/network/networkd-conf.h
++++ b/src/network/networkd-conf.h
+@@ -23,7 +23,7 @@
+ 
+ int manager_parse_config_file(Manager *m);
+ 
+-const struct ConfigPerfItem* networkd_gperf_lookup(const char *key, unsigned length);
++const struct ConfigPerfItem* networkd_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
+ 
+ int config_parse_duid_type(
+                 const char *unit,
+diff --git a/src/network/networkd-netdev.h b/src/network/networkd-netdev.h
+index 70ff947b9..37c743121 100644
+--- a/src/network/networkd-netdev.h
++++ b/src/network/networkd-netdev.h
+@@ -175,7 +175,7 @@ NetDevKind netdev_kind_from_string(const char *d) _pure_;
+ int config_parse_netdev_kind(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+ 
+ /* gperf */
+-const struct ConfigPerfItem* network_netdev_gperf_lookup(const char *key, unsigned length);
++const struct ConfigPerfItem* network_netdev_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
+ 
+ /* Macros which append INTERFACE= to the message */
+ 
+diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h
+index 42fc82d39..09c3b3a3a 100644
+--- a/src/network/networkd-network.h
++++ b/src/network/networkd-network.h
+@@ -236,7 +236,7 @@ int config_parse_dhcp_route_table(const char *unit, const char *filename, unsign
+ /* Legacy IPv4LL support */
+ int config_parse_ipv4ll(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+ 
+-const struct ConfigPerfItem* network_network_gperf_lookup(const char *key, unsigned length);
++const struct ConfigPerfItem* network_network_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
+ 
+ extern const sd_bus_vtable network_vtable[];
+ 
+diff --git a/src/nspawn/nspawn-settings.h b/src/nspawn/nspawn-settings.h
+index 231e6d726..4ae34f8e2 100644
+--- a/src/nspawn/nspawn-settings.h
++++ b/src/nspawn/nspawn-settings.h
+@@ -103,7 +103,7 @@ bool settings_private_network(Settings *s);
+ 
+ DEFINE_TRIVIAL_CLEANUP_FUNC(Settings*, settings_free);
+ 
+-const struct ConfigPerfItem* nspawn_gperf_lookup(const char *key, unsigned length);
++const struct ConfigPerfItem* nspawn_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
+ 
+ int config_parse_capability(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+ int config_parse_id128(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+diff --git a/src/resolve/dns-type.c b/src/resolve/dns-type.c
+index aaf5ed62c..d89ae28dc 100644
+--- a/src/resolve/dns-type.c
++++ b/src/resolve/dns-type.c
+@@ -29,7 +29,7 @@ typedef const struct {
+ } dns_type;
+ 
+ static const struct dns_type_name *
+-lookup_dns_type (register const char *str, register unsigned int len);
++lookup_dns_type (register const char *str, register GPERF_LEN_TYPE len);
+ 
+ #include "dns_type-from-name.h"
+ #include "dns_type-to-name.h"
+diff --git a/src/resolve/resolved-conf.h b/src/resolve/resolved-conf.h
+index fc425a36b..8184d6cad 100644
+--- a/src/resolve/resolved-conf.h
++++ b/src/resolve/resolved-conf.h
+@@ -41,7 +41,7 @@ int manager_parse_search_domains_and_warn(Manager *m, const char *string);
+ int manager_add_dns_server_by_string(Manager *m, DnsServerType type, const char *word);
+ int manager_parse_dns_server_string_and_warn(Manager *m, DnsServerType type, const char *string);
+ 
+-const struct ConfigPerfItem* resolved_gperf_lookup(const char *key, unsigned length);
++const struct ConfigPerfItem* resolved_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
+ 
+ int config_parse_dns_servers(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+ int config_parse_search_domains(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+diff --git a/src/test/test-af-list.c b/src/test/test-af-list.c
+index aeaa0929b..e2479133d 100644
+--- a/src/test/test-af-list.c
++++ b/src/test/test-af-list.c
+@@ -24,7 +24,7 @@
+ #include "string-util.h"
+ #include "util.h"
+ 
+-static const struct af_name* lookup_af(register const char *str, register unsigned int len);
++static const struct af_name* lookup_af(register const char *str, register GPERF_LEN_TYPE len);
+ 
+ #include "af-from-name.h"
+ #include "af-list.h"
+diff --git a/src/test/test-arphrd-list.c b/src/test/test-arphrd-list.c
+index f3989ad20..8f4f342fa 100644
+--- a/src/test/test-arphrd-list.c
++++ b/src/test/test-arphrd-list.c
+@@ -24,7 +24,7 @@
+ #include "string-util.h"
+ #include "util.h"
+ 
+-static const struct arphrd_name* lookup_arphrd(register const char *str, register unsigned int len);
++static const struct arphrd_name* lookup_arphrd(register const char *str, register GPERF_LEN_TYPE len);
+ 
+ #include "arphrd-from-name.h"
+ #include "arphrd-list.h"
+diff --git a/src/timesync/timesyncd-conf.h b/src/timesync/timesyncd-conf.h
+index cba0724b1..0280697e9 100644
+--- a/src/timesync/timesyncd-conf.h
++++ b/src/timesync/timesyncd-conf.h
+@@ -22,7 +22,7 @@
+ #include "conf-parser.h"
+ #include "timesyncd-manager.h"
+ 
+-const struct ConfigPerfItem* timesyncd_gperf_lookup(const char *key, unsigned length);
++const struct ConfigPerfItem* timesyncd_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
+ 
+ int manager_parse_server_string(Manager *m, ServerType type, const char *string);
+ 
+diff --git a/src/udev/net/link-config.h b/src/udev/net/link-config.h
+index 91cc0357c..b0d8ceb76 100644
+--- a/src/udev/net/link-config.h
++++ b/src/udev/net/link-config.h
+@@ -93,7 +93,7 @@ const char *mac_policy_to_string(MACPolicy p) _const_;
+ MACPolicy mac_policy_from_string(const char *p) _pure_;
+ 
+ /* gperf lookup function */
+-const struct ConfigPerfItem* link_config_gperf_lookup(const char *key, unsigned length);
++const struct ConfigPerfItem* link_config_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
+ 
+ int config_parse_mac_policy(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+ int config_parse_name_policy(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+diff --git a/src/udev/udev-builtin-keyboard.c b/src/udev/udev-builtin-keyboard.c
+index aa10beafb..09024116f 100644
+--- a/src/udev/udev-builtin-keyboard.c
++++ b/src/udev/udev-builtin-keyboard.c
+@@ -29,7 +29,7 @@
+ #include "string-util.h"
+ #include "udev.h"
+ 
+-static const struct key *keyboard_lookup_key(const char *str, unsigned len);
++static const struct key *keyboard_lookup_key(const char *str, GPERF_LEN_TYPE len);
+ #include "keyboard-keys-from-name.h"
+ 
+ static int install_force_release(struct udev_device *dev, const unsigned *release, unsigned release_count) {
+-- 
+2.11.0
+

diff --git a/sys-apps/systemd/systemd-232.ebuild b/sys-apps/systemd/systemd-232.ebuild
index d2e71ed..76f1738 100644
--- a/sys-apps/systemd/systemd-232.ebuild
+++ b/sys-apps/systemd/systemd-232.ebuild
@@ -150,7 +150,8 @@ src_prepare() {
 	sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
 
 	local PATCHES=(
-		"${FILESDIR}/232-lz4-version.patch"
+		"${FILESDIR}"/232-0001-build-sys-check-for-lz4-in-the-old-and-new-numbering.patch
+		"${FILESDIR}"/232-0002-build-sys-add-check-for-gperf-lookup-function-signat.patch
 	)
 
 	if ! use vanilla; then


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2017-01-10 22:22 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2017-01-10 22:22 UTC (permalink / raw
  To: gentoo-commits

commit:     af7ef4577540518eb2849449d38036c222e9bc2e
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 10 22:22:20 2017 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Tue Jan 10 22:22:54 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=af7ef457

sys-apps/systemd: remove old

Package-Manager: Portage-2.3.3_p25, Repoman-2.3.1_p18

 sys-apps/systemd/Manifest                          |   1 -
 ...k-for-__BYTE_ORDER-__BIG_ENDIAN-when-chec.patch | 116 ------
 ...icitly-include-endian.h-wherever-we-want-.patch |  53 ---
 ...e-MD-from-block-device-ownership-event-lo.patch |  54 ---
 sys-apps/systemd/files/216-lz4-build.patch         |  19 -
 .../systemd/files/216-tmpfiles-setup-dev.patch     |  21 -
 .../systemd/files/217-systemd-consoled.service.in  |  15 -
 sys-apps/systemd/files/218-noclean-tmp.patch       |  28 --
 .../224-0001-networkd-fix-neworkd-crash.patch      |  28 --
 ...e-getxpid-syscall-on-alpha-for-raw_getpid.patch |  30 --
 sys-apps/systemd/files/229-sysmacros.patch         |  79 ----
 sys-apps/systemd/files/compile-unifont.py          | 119 ------
 sys-apps/systemd/files/linux-headers-if.h.patch    |  34 --
 sys-apps/systemd/metadata.xml                      |   2 -
 sys-apps/systemd/systemd-218-r5.ebuild             | 463 ---------------------
 15 files changed, 1062 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 2a3528a..7d29069 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,4 +1,3 @@
-DIST systemd-218.tar.xz 3782276 SHA256 1b0768b53b6c6d813a93a4b8fe1f80cf53561b09075010a97c7aa08eee3fd59b SHA512 c183cce8532ccb4716b84587c96a626eea390202a5469b9d89c8cee7f703e40d7c584e05f29501d375b8cd2a1409d011de564df16f54e27f66b3c3007a6e5bd4 WHIRLPOOL 4d0bcf3ddfecd3354d9f4ab13851f8da6baf31e89e64d3b1ac671159f16f23597d88cc2525aece2f867c140fc97e80bce086a5af91f84b8095e2503c13995e6d
 DIST systemd-226.tar.gz 3914162 SHA256 baff6a938c5579769330d0224280bf1a1ff5920151d7201545fc9880b6326c67 SHA512 565331661e7d144dcdf1505f9a1a70b20a9b904567478593a8fa47ed18f9eb68a9339cf32f117ede994676a84d0cfe3fcedbc9b8d8c964445b741a32271e5584 WHIRLPOOL 9f0d7b761ad84f0bb557a22738d7fcc1b6515340db776790d9199401017747a62c24de214300c1f00fb33f86284f3498cadbece713d6e66a30903475f6bce273
 DIST systemd-231-man.tar.gz 29466 SHA256 aecf91c13333e1791d026b82360d55b4783f8d281c6e80bfe9d6bbf0bac633e4 SHA512 6c359f88da3e5dc01745f7255c021aafe495d9ca16c74277cbcfa05a6903093ec2c4746a34504d04f2aff464eeaa5518519577c831a08f4336552c6b6e05fdfd WHIRLPOOL 55371b404bfc945abc38d4cef5c555223abbee0993d56b506c896a851ba9ce283f0a020fe24ea273d3674f8a9dbe79b843d32eed93a59b2597b7bad113fbc3e1
 DIST systemd-231.tar.gz 4381464 SHA256 899733ad6c157cedbb89aec4efe3bc824dcfd65a1d6f6bebc7b043f7924e39b4 SHA512 199fa33a0494d1d15f7fe3c796fe14913ad386766571d4d3fbb1cb1c446e04f6d06a965213be4c594a7183e810fc2fd4804fe14f64f21b0a1278b717889811c6 WHIRLPOOL 7779291e9fb9873cb1773b8583cf6d4b7dec837363ea89c4a73c1e397a76752b66f8b57d8fc4d9cef768cc1855b5e325ad88a8a69eb5380aa924e0a6dead41b1

diff --git a/sys-apps/systemd/files/215-0001-always-check-for-__BYTE_ORDER-__BIG_ENDIAN-when-chec.patch b/sys-apps/systemd/files/215-0001-always-check-for-__BYTE_ORDER-__BIG_ENDIAN-when-chec.patch
deleted file mode 100644
index b29c10d..00000000
--- a/sys-apps/systemd/files/215-0001-always-check-for-__BYTE_ORDER-__BIG_ENDIAN-when-chec.patch
+++ /dev/null
@@ -1,116 +0,0 @@
-From 28f6bb18cdea297164763db94e2366ca4857c9c7 Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Fri, 11 Jul 2014 15:56:16 +0200
-Subject: [PATCH 1/2] always check for __BYTE_ORDER == __BIG_ENDIAN when
- checking for endianess
-
-Let's always stick to glibc's way to determine byte order, and not mix
-autoconf-specific checks with gcc checks.
----
- src/shared/architecture.h | 12 ++++++------
- src/shared/gpt.h          |  4 ++--
- src/shared/time-dst.c     |  6 +++---
- 3 files changed, 11 insertions(+), 11 deletions(-)
-
-diff --git a/src/shared/architecture.h b/src/shared/architecture.h
-index 4821d5d..58e97e5 100644
---- a/src/shared/architecture.h
-+++ b/src/shared/architecture.h
-@@ -80,7 +80,7 @@ Architecture uname_architecture(void);
- #  define native_architecture() ARCHITECTURE_X86
- #  define LIB_ARCH_TUPLE "i386-linux-gnu"
- #elif defined(__powerpc64__)
--#  if defined(WORDS_BIGENDIAN)
-+#  if __BYTE_ORDER == __BIG_ENDIAN
- #    define native_architecture() ARCHITECTURE_PPC64
- #    define LIB_ARCH_TUPLE "ppc64-linux-gnu"
- #  else
-@@ -88,7 +88,7 @@ Architecture uname_architecture(void);
- #    error "Missing LIB_ARCH_TUPLE for PPC64LE"
- #  endif
- #elif defined(__powerpc__)
--#  if defined(WORDS_BIGENDIAN)
-+#  if __BYTE_ORDER == __BIG_ENDIAN
- #    define native_architecture() ARCHITECTURE_PPC
- #    define LIB_ARCH_TUPLE "powerpc-linux-gnu"
- #  else
-@@ -117,7 +117,7 @@ Architecture uname_architecture(void);
- #  define native_architecture() ARCHITECTURE_SPARC
- #  define LIB_ARCH_TUPLE "sparc-linux-gnu"
- #elif defined(__mips64__)
--#  if defined(WORDS_BIGENDIAN)
-+#  if __BYTE_ORDER == __BIG_ENDIAN
- #    define native_architecture() ARCHITECTURE_MIPS64
- #    error "Missing LIB_ARCH_TUPLE for MIPS64"
- #  else
-@@ -125,7 +125,7 @@ Architecture uname_architecture(void);
- #    error "Missing LIB_ARCH_TUPLE for MIPS64_LE"
- #  endif
- #elif defined(__mips__)
--#  if defined(WORDS_BIGENDIAN)
-+#  if __BYTE_ORDER == __BIG_ENDIAN
- #    define native_architecture() ARCHITECTURE_MIPS
- #    define LIB_ARCH_TUPLE "mips-linux-gnu"
- #  else
-@@ -136,7 +136,7 @@ Architecture uname_architecture(void);
- #  define native_architecture() ARCHITECTURE_ALPHA
- #  define LIB_ARCH_TUPLE "alpha-linux-gnu"
- #elif defined(__aarch64__)
--#  if defined(WORDS_BIGENDIAN)
-+#  if __BYTE_ORDER == __BIG_ENDIAN
- #    define native_architecture() ARCHITECTURE_ARM64_BE
- #    define LIB_ARCH_TUPLE "aarch64_be-linux-gnu"
- #  else
-@@ -144,7 +144,7 @@ Architecture uname_architecture(void);
- #    define LIB_ARCH_TUPLE "aarch64-linux-gnu"
- #  endif
- #elif defined(__arm__)
--#  if defined(WORDS_BIGENDIAN)
-+#  if __BYTE_ORDER == __BIG_ENDIAN
- #    define native_architecture() ARCHITECTURE_ARM_BE
- #    if defined(__ARM_EABI__)
- #      if defined(__ARM_PCS_VFP)
-diff --git a/src/shared/gpt.h b/src/shared/gpt.h
-index 64090e0..278940b 100644
---- a/src/shared/gpt.h
-+++ b/src/shared/gpt.h
-@@ -42,10 +42,10 @@
- #  define GPT_ROOT_NATIVE GPT_ROOT_X86
- #endif
- 
--#if defined(__aarch64__) && !defined(WORDS_BIGENDIAN)
-+#if defined(__aarch64__) && (__BYTE_ORDER != __BIG_ENDIAN)
- #  define GPT_ROOT_NATIVE GPT_ROOT_ARM_64
- #  define GPT_ROOT_SECONDARY GPT_ROOT_ARM
--#elif defined(__arm__) && !defined(WORDS_BIGENDIAN)
-+#elif defined(__arm__) && (__BYTE_ORDER != __BIG_ENDIAN)
- #  define GPT_ROOT_NATIVE GPT_ROOT_ARM
- #endif
- 
-diff --git a/src/shared/time-dst.c b/src/shared/time-dst.c
-index ceca2fa..6195b11 100644
---- a/src/shared/time-dst.c
-+++ b/src/shared/time-dst.c
-@@ -207,8 +207,8 @@ read_again:
-                 if (type_idxs[i] >= num_types)
-                         return -EINVAL;
- 
--        if (BYTE_ORDER == BIG_ENDIAN ? sizeof(time_t) == 8 && trans_width == 4
--                                     : sizeof(time_t) == 4 || trans_width == 4) {
-+        if (__BYTE_ORDER == __BIG_ENDIAN ? sizeof(time_t) == 8 && trans_width == 4
-+                                         : sizeof(time_t) == 4 || trans_width == 4) {
-                 /* Decode the transition times, stored as 4-byte integers in
-                    network (big-endian) byte order.  We work from the end of
-                    the array so as not to clobber the next element to be
-@@ -216,7 +216,7 @@ read_again:
-                 i = num_transitions;
-                 while (i-- > 0)
-                         transitions[i] = decode((char *)transitions + i * 4);
--        } else if (BYTE_ORDER != BIG_ENDIAN && sizeof(time_t) == 8) {
-+        } else if (__BYTE_ORDER != __BIG_ENDIAN && sizeof(time_t) == 8) {
-                 /* Decode the transition times, stored as 8-byte integers in
-                    network (big-endian) byte order.  */
-                 for (i = 0; i < num_transitions; ++i)
--- 
-1.8.5.5
-

diff --git a/sys-apps/systemd/files/215-0002-endian-explicitly-include-endian.h-wherever-we-want-.patch b/sys-apps/systemd/files/215-0002-endian-explicitly-include-endian.h-wherever-we-want-.patch
deleted file mode 100644
index 71acac1..00000000
--- a/sys-apps/systemd/files/215-0002-endian-explicitly-include-endian.h-wherever-we-want-.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 2281422746c00d2803911f2b4699eee6bc87ee04 Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Fri, 11 Jul 2014 16:13:13 +0200
-Subject: [PATCH 2/2] endian: explicitly include endian.h wherever we want to
- use __BYTE_ORDER
-
----
- src/libsystemd/sd-bus/bus-protocol.h | 1 +
- src/shared/architecture.h            | 2 ++
- src/shared/gpt.h                     | 2 ++
- 3 files changed, 5 insertions(+)
-
-diff --git a/src/libsystemd/sd-bus/bus-protocol.h b/src/libsystemd/sd-bus/bus-protocol.h
-index 5046d17..4f46468 100644
---- a/src/libsystemd/sd-bus/bus-protocol.h
-+++ b/src/libsystemd/sd-bus/bus-protocol.h
-@@ -21,6 +21,7 @@
-   along with systemd; If not, see <http://www.gnu.org/licenses/>.
- ***/
- 
-+#include <endian.h>
- 
- /* Endianness */
- 
-diff --git a/src/shared/architecture.h b/src/shared/architecture.h
-index 58e97e5..38780d1 100644
---- a/src/shared/architecture.h
-+++ b/src/shared/architecture.h
-@@ -21,6 +21,8 @@
-   along with systemd; If not, see <http://www.gnu.org/licenses/>.
- ***/
- 
-+#include <endian.h>
-+
- #include "util.h"
- 
- /* A cleaned up architecture definition. We don't want to get lost in
-diff --git a/src/shared/gpt.h b/src/shared/gpt.h
-index 278940b..ef3444f 100644
---- a/src/shared/gpt.h
-+++ b/src/shared/gpt.h
-@@ -19,6 +19,8 @@
-   along with systemd; If not, see <http://www.gnu.org/licenses/>.
- ***/
- 
-+#include <endian.h>
-+
- #include "sd-id128.h"
- 
- /* We only support root disk discovery for x86, x86-64 and ARM for
--- 
-1.8.5.5
-

diff --git a/sys-apps/systemd/files/215-0003-udev-exclude-MD-from-block-device-ownership-event-lo.patch b/sys-apps/systemd/files/215-0003-udev-exclude-MD-from-block-device-ownership-event-lo.patch
deleted file mode 100644
index c730242..00000000
--- a/sys-apps/systemd/files/215-0003-udev-exclude-MD-from-block-device-ownership-event-lo.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 9d17a215fb30cb3e49db516a39c9bec2159004a7 Mon Sep 17 00:00:00 2001
-From: Kay Sievers <kay@vrfy.org>
-Date: Thu, 24 Jul 2014 23:37:35 +0200
-Subject: [PATCH 3/3] udev: exclude MD from block device ownership event
- locking
-
-MD instantiates devices at open(). This is incomptible with the
-locking logic, as the "change" event emitted when stopping a
-device will bring it back.
----
- src/udev/udevd.c | 23 +++++++----------------
- 1 file changed, 7 insertions(+), 16 deletions(-)
-
-diff --git a/src/udev/udevd.c b/src/udev/udevd.c
-index a45d324..db935d6 100644
---- a/src/udev/udevd.c
-+++ b/src/udev/udevd.c
-@@ -285,26 +285,17 @@ static void worker_new(struct event *event)
-                                 udev_event->exec_delay = exec_delay;
- 
-                         /*
--                         * Take a "read lock" on the device node; this establishes
-+                         * Take a shared lock on the device node; this establishes
-                          * a concept of device "ownership" to serialize device
--                         * access. External processes holding a "write lock" will
-+                         * access. External processes holding an exclusive lock will
-                          * cause udev to skip the event handling; in the case udev
--                         * acquired the lock, the external process will block until
-+                         * acquired the lock, the external process can block until
-                          * udev has finished its event handling.
-                          */
--
--                        /*
--                         * <kabi_> since we make check - device seems unused - we try
--                         *         ioctl to deactivate - and device is found to be opened
--                         * <kay> sure, you try to take a write lock
--                         * <kay> if you get it udev is out
--                         * <kay> if you can't get it, udev is busy
--                         * <kabi_> we cannot deactivate openned device  (as it is in-use)
--                         * <kay> maybe we should just exclude dm from that thing entirely
--                         * <kabi_> IMHO this sounds like a good plan for this moment
--                         */
--                        if (streq_ptr("block", udev_device_get_subsystem(dev)) &&
--                            !startswith(udev_device_get_sysname(dev), "dm-")) {
-+                        if (!streq_ptr(udev_device_get_action(dev), "remove") &&
-+                            streq_ptr("block", udev_device_get_subsystem(dev)) &&
-+                            !startswith(udev_device_get_sysname(dev), "dm-") &&
-+                            !startswith(udev_device_get_sysname(dev), "md")) {
-                                 struct udev_device *d = dev;
- 
-                                 if (streq_ptr("partition", udev_device_get_devtype(d)))
--- 
-1.8.5.5
-

diff --git a/sys-apps/systemd/files/216-lz4-build.patch b/sys-apps/systemd/files/216-lz4-build.patch
deleted file mode 100644
index 65fe45c..00000000
--- a/sys-apps/systemd/files/216-lz4-build.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-commit 10893a5cfa7d792ba171282c2ec46b85ed6aae0c
-Author: Gustavo Sverzut Barbieri <gustavo.barbieri@intel.com>
-Date:   Thu Sep 25 18:08:02 2014 -0300
-
-    journal: build fix when LZ4 is enabled but XZ is not
-
-diff --git a/src/journal/journal-file.h b/src/journal/journal-file.h
-index da2ef3b..6b4bf0d 100644
---- a/src/journal/journal-file.h
-+++ b/src/journal/journal-file.h
-@@ -78,7 +78,7 @@ typedef struct JournalFile {
- 
-         Hashmap *chain_cache;
- 
--#ifdef HAVE_XZ
-+#if defined(HAVE_XZ) || defined(HAVE_LZ4)
-         void *compress_buffer;
-         size_t compress_buffer_size;
- #endif

diff --git a/sys-apps/systemd/files/216-tmpfiles-setup-dev.patch b/sys-apps/systemd/files/216-tmpfiles-setup-dev.patch
deleted file mode 100644
index 1fa4a3e..00000000
--- a/sys-apps/systemd/files/216-tmpfiles-setup-dev.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-From 8c94052ee543c3598a3c7b0c46688150aa2c6168 Mon Sep 17 00:00:00 2001
-From: Tom Gundersen <teg@jklm.no>
-Date: Mon, 27 Oct 2014 17:15:42 +0100
-Subject: units: tmpfiles-setup-dev - allow unsafe file creation to happen in
- /dev at boot
-
-This will allow us to mark static device nodes with '!' to indicate that they should only be created at early boot.
-
-diff --git a/units/systemd-tmpfiles-setup-dev.service.in b/units/systemd-tmpfiles-setup-dev.service.in
-index f3833fd..0123a03 100644
---- a/units/systemd-tmpfiles-setup-dev.service.in
-+++ b/units/systemd-tmpfiles-setup-dev.service.in
-@@ -17,4 +17,4 @@ ConditionCapability=CAP_SYS_MODULE
- [Service]
- Type=oneshot
- RemainAfterExit=yes
--ExecStart=@rootbindir@/systemd-tmpfiles --prefix=/dev --create
-+ExecStart=@rootbindir@/systemd-tmpfiles --prefix=/dev --create --boot
--- 
-cgit v0.10.2
-

diff --git a/sys-apps/systemd/files/217-systemd-consoled.service.in b/sys-apps/systemd/files/217-systemd-consoled.service.in
deleted file mode 100644
index fd7938a..00000000
--- a/sys-apps/systemd/files/217-systemd-consoled.service.in
+++ /dev/null
@@ -1,15 +0,0 @@
-#  This file is part of systemd.
-#
-#  systemd is free software; you can redistribute it and/or modify it
-#  under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2.1 of the License, or
-#  (at your option) any later version.
-
-[Unit]
-Description=Console Manager and Terminal Emulator
-
-[Service]
-Type=notify
-Restart=always
-RestartSec=0
-ExecStart=@rootlibexecdir@/systemd-consoled

diff --git a/sys-apps/systemd/files/218-noclean-tmp.patch b/sys-apps/systemd/files/218-noclean-tmp.patch
deleted file mode 100644
index b02e5c8..00000000
--- a/sys-apps/systemd/files/218-noclean-tmp.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 63e5f76a91e2401e8a6227d0d8ae5e75dd2213b0 Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Fri, 25 Sep 2015 10:26:18 -0400
-Subject: [PATCH] tmpfiles: Disable cleaning of /tmp and /var/tmp
-
-Bug: https://bugs.gentoo.org/490676
----
- tmpfiles.d/tmp.conf | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/tmpfiles.d/tmp.conf b/tmpfiles.d/tmp.conf
-index b80dab4..241fad5 100644
---- a/tmpfiles.d/tmp.conf
-+++ b/tmpfiles.d/tmp.conf
-@@ -8,8 +8,8 @@
- # See tmpfiles.d(5) for details
- 
- # Clear tmp directories separately, to make them easier to override
--d /tmp 1777 root root 10d
--d /var/tmp 1777 root root 30d
-+d /tmp 1777 root root
-+d /var/tmp 1777 root root
- 
- # Exclude namespace mountpoints created with PrivateTmp=yes
- x /tmp/systemd-private-%b-*
--- 
-2.5.3
-

diff --git a/sys-apps/systemd/files/224-0001-networkd-fix-neworkd-crash.patch b/sys-apps/systemd/files/224-0001-networkd-fix-neworkd-crash.patch
deleted file mode 100644
index 0e73dde..00000000
--- a/sys-apps/systemd/files/224-0001-networkd-fix-neworkd-crash.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 49f6e11e89b46bacf7b26f6da3921abc1c2faa80 Mon Sep 17 00:00:00 2001
-From: Susant Sahani <ssahani@gmail.com>
-Date: Sun, 2 Aug 2015 00:16:02 +0530
-Subject: [PATCH] networkd: fix neworkd crash
-
-fix issue #827
-
-hostname should be init to NULL.
----
- src/network/networkd-dhcp4.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c
-index 4aa301b..5454bdd 100644
---- a/src/network/networkd-dhcp4.c
-+++ b/src/network/networkd-dhcp4.c
-@@ -468,7 +468,7 @@ static int dhcp_lease_acquired(sd_dhcp_client *client, Link *link) {
-         }
- 
-         if (link->network->dhcp_hostname) {
--                const char *hostname;
-+                const char *hostname = NULL;
- 
-                 if (!link->network->hostname)
-                         r = sd_dhcp_lease_get_hostname(lease, &hostname);
--- 
-2.5.0
-

diff --git a/sys-apps/systemd/files/224-0002-Use-getxpid-syscall-on-alpha-for-raw_getpid.patch b/sys-apps/systemd/files/224-0002-Use-getxpid-syscall-on-alpha-for-raw_getpid.patch
deleted file mode 100644
index 40e2d1c..00000000
--- a/sys-apps/systemd/files/224-0002-Use-getxpid-syscall-on-alpha-for-raw_getpid.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From a242a99d42276b6b764f80bd0de70c26e5c5f1d4 Mon Sep 17 00:00:00 2001
-From: Matt Turner <mattst88@gmail.com>
-Date: Tue, 4 Aug 2015 14:47:01 -0700
-Subject: [PATCH] Use getxpid syscall on alpha for raw_getpid()
-
-Alpha does not have a getpid syscall, but rather has getxpid to match
-OSF/1.
----
- src/basic/missing.h | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/basic/missing.h b/src/basic/missing.h
-index ed6cd80..34ab025 100644
---- a/src/basic/missing.h
-+++ b/src/basic/missing.h
-@@ -977,7 +977,11 @@ static inline int raw_clone(unsigned long flags, void *child_stack) {
- }
- 
- static inline pid_t raw_getpid(void) {
-+#if defined(__alpha__)
-+        return (pid_t) syscall(__NR_getxpid);
-+#else
-         return (pid_t) syscall(__NR_getpid);
-+#endif
- }
- 
- #if !HAVE_DECL_RENAMEAT2
--- 
-2.5.0
-

diff --git a/sys-apps/systemd/files/229-sysmacros.patch b/sys-apps/systemd/files/229-sysmacros.patch
deleted file mode 100644
index 7b0dfbf..00000000
--- a/sys-apps/systemd/files/229-sysmacros.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From 27d13af71c3af6b2f9b60556d2c046dbb6e36e23 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Mon, 14 Mar 2016 17:44:49 -0400
-Subject: [PATCH] include sys/sysmacros.h in more places
-
-Since glibc is moving away from implicitly including sys/sysmacros.h
-all the time via sys/types.h, include the header directly in more
-places.  This seems to cover most makedev/major/minor usage.
----
- src/basic/macro.h       | 1 +
- src/basic/util.h        | 1 +
- src/libudev/libudev.h   | 1 +
- src/systemd/sd-device.h | 1 +
- src/udev/udev.h         | 1 +
- 5 files changed, 5 insertions(+)
-
-diff --git a/src/basic/macro.h b/src/basic/macro.h
-index c34441d..b36a956 100644
---- a/src/basic/macro.h
-+++ b/src/basic/macro.h
-@@ -23,6 +23,7 @@
- #include <inttypes.h>
- #include <stdbool.h>
- #include <sys/param.h>
-+#include <sys/sysmacros.h>
- #include <sys/types.h>
- 
- #define _printf_(a,b) __attribute__ ((format (printf, a, b)))
-diff --git a/src/basic/util.h b/src/basic/util.h
-index e095254..286db05 100644
---- a/src/basic/util.h
-+++ b/src/basic/util.h
-@@ -36,6 +36,7 @@
- #include <sys/socket.h>
- #include <sys/stat.h>
- #include <sys/statfs.h>
-+#include <sys/sysmacros.h>
- #include <sys/types.h>
- #include <time.h>
- #include <unistd.h>
-diff --git a/src/libudev/libudev.h b/src/libudev/libudev.h
-index eb58740..3f6d0ed 100644
---- a/src/libudev/libudev.h
-+++ b/src/libudev/libudev.h
-@@ -21,6 +21,7 @@
- #define _LIBUDEV_H_
- 
- #include <stdarg.h>
-+#include <sys/sysmacros.h>
- #include <sys/types.h>
- 
- #ifdef __cplusplus
-diff --git a/src/systemd/sd-device.h b/src/systemd/sd-device.h
-index 5bfca6e..c1d0756 100644
---- a/src/systemd/sd-device.h
-+++ b/src/systemd/sd-device.h
-@@ -22,6 +22,7 @@
- ***/
- 
- #include <inttypes.h>
-+#include <sys/sysmacros.h>
- #include <sys/types.h>
- 
- #include "_sd-common.h"
-diff --git a/src/udev/udev.h b/src/udev/udev.h
-index 5659051..8433e8d 100644
---- a/src/udev/udev.h
-+++ b/src/udev/udev.h
-@@ -19,6 +19,7 @@
-  */
- 
- #include <sys/param.h>
-+#include <sys/sysmacros.h>
- #include <sys/types.h>
- 
- #include "libudev.h"
--- 
-2.8.1
-

diff --git a/sys-apps/systemd/files/compile-unifont.py b/sys-apps/systemd/files/compile-unifont.py
deleted file mode 100644
index 5464c53..00000000
--- a/sys-apps/systemd/files/compile-unifont.py
+++ /dev/null
@@ -1,119 +0,0 @@
-#  -*- Mode: python; coding: utf-8; indent-tabs-mode: nil -*- */
-#
-#  This file is part of systemd.
-#
-#  Copyright 2013-2014 David Herrmann <dh.herrmann@gmail.com>
-#
-#  systemd is free software; you can redistribute it and/or modify it
-#  under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2.1 of the License, or
-#  (at your option) any later version.
-#
-#  systemd is distributed in the hope that it will be useful, but
-#  WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-#  Lesser General Public License for more details.
-#
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-
-#
-# Parse a unifont.hex file and produce a compressed binary-format.
-#
-
-from __future__ import print_function
-import re
-import sys
-import fileinput
-import struct
-
-#
-# Write "bits" array as binary output.
-#
-
-
-write = getattr(sys.stdout, 'buffer', sys.stdout).write
-
-def write_bin_entry(entry):
-    l = len(entry)
-    if l != 32 and l != 64:
-        entry = "0" * 64
-        l = 0
-    elif l < 64:
-        entry += "0" * (64 - l)
-
-    write(struct.pack('B', int(l / 32)))  # width
-    write(struct.pack('B', 0))            # padding
-    write(struct.pack('H', 0))            # padding
-    write(struct.pack('I', 0))            # padding
-
-    i = 0
-    for j in range(0, 16):
-        for k in range(0, 2):
-            if l <= k * 16 * 2:
-                c = 0
-            else:
-                c = int(entry[i:i+2], 16)
-                i += 2
-
-            write(struct.pack('B', c))
-
-def write_bin(bits):
-    write(struct.pack('B', 0x44))         # ASCII: 'D'
-    write(struct.pack('B', 0x56))         # ASCII: 'V'
-    write(struct.pack('B', 0x44))         # ASCII: 'D'
-    write(struct.pack('B', 0x48))         # ASCII: 'H'
-    write(struct.pack('B', 0x52))         # ASCII: 'R'
-    write(struct.pack('B', 0x4d))         # ASCII: 'M'
-    write(struct.pack('B', 0x55))         # ASCII: 'U'
-    write(struct.pack('B', 0x46))         # ASCII: 'F'
-    write(struct.pack('<I', 0))           # compatible-flags
-    write(struct.pack('<I', 0))           # incompatible-flags
-    write(struct.pack('<I', 32))          # header-size
-    write(struct.pack('<H', 8))           # glyph-header-size
-    write(struct.pack('<H', 2))           # glyph-stride
-    write(struct.pack('<Q', 32))          # glyph-body-size
-
-    # write glyphs
-    for idx in range(len(bits)):
-        write_bin_entry(bits[idx])
-
-#
-# Parse hex file into "bits" array
-#
-
-def parse_hex_line(bits, line):
-    m = re.match(r"^([0-9A-Fa-f]+):([0-9A-Fa-f]+)$", line)
-    if m == None:
-        return
-
-    idx = int(m.group(1), 16)
-    val = m.group(2)
-
-    # insert skipped lines
-    for i in range(len(bits), idx):
-        bits.append("")
-
-    bits.insert(idx, val)
-
-def parse_hex():
-    bits = []
-
-    for line in sys.stdin:
-        if not line:
-            continue
-        if line.startswith("#"):
-            continue
-
-        parse_hex_line(bits, line)
-
-    return bits
-
-#
-# In normal mode we simply read line by line from standard-input and write the
-# binary-file to standard-output.
-#
-
-if __name__ == "__main__":
-    bits = parse_hex()
-    write_bin(bits)

diff --git a/sys-apps/systemd/files/linux-headers-if.h.patch b/sys-apps/systemd/files/linux-headers-if.h.patch
deleted file mode 100644
index d0c38a9..00000000
--- a/sys-apps/systemd/files/linux-headers-if.h.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 96b90055e1e21417d4beb973fcb62858d7c69c17 Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Sat, 9 Apr 2016 18:07:02 -0400
-Subject: [PATCH] Work around net/if.h / linux/if.h conflict
-
----
- src/shared/firewall-util.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c
-index 0d3da2e..521e09c 100644
---- a/src/shared/firewall-util.c
-+++ b/src/shared/firewall-util.c
-@@ -17,14 +17,16 @@
-   along with systemd; If not, see <http://www.gnu.org/licenses/>.
- ***/
- 
-+#define _NET_IF_H 1
-+
- #include <alloca.h>
- #include <arpa/inet.h>
- #include <endian.h>
- #include <errno.h>
--#include <net/if.h>
- #include <stddef.h>
- #include <string.h>
- #include <sys/socket.h>
-+#include <linux/if.h>
- #include <linux/netfilter_ipv4/ip_tables.h>
- #include <linux/netfilter/nf_nat.h>
- #include <linux/netfilter/xt_addrtype.h>
--- 
-2.8.1
-

diff --git a/sys-apps/systemd/metadata.xml b/sys-apps/systemd/metadata.xml
index d616b8f..9970bd1 100644
--- a/sys-apps/systemd/metadata.xml
+++ b/sys-apps/systemd/metadata.xml
@@ -19,7 +19,6 @@
 		<flag name="elfutils">Enable coredump stacktraces in the journal</flag>
 		<!-- TODO: drop reference to systemd-import once the oldest release in tree is >218 -->
 		<flag name="gcrypt">Enable sealing of journal files using gcrypt; required to build systemd-import/systemd-pull</flag>
-		<flag name="gudev">enable libudev gobject interface</flag>
 		<flag name="http">Enable embedded HTTP server in journald</flag>
 		<flag name="importd">Enable import daemon</flag>
 		<flag name="kdbus">Connect to kernel dbus (KDBUS) instead of userspace dbus if available</flag>
@@ -28,7 +27,6 @@
 		<flag name="nat">Enable support for network address translation in networkd</flag>
 		<flag name="qrcode">Enable qrcode output support in journal</flag>
 		<flag name="sysv-utils">Install sysvinit compatibility symlinks and manpages for init, telinit, halt, poweroff, reboot, runlevel, and shutdown</flag>
-		<flag name="terminal">Enable experimental userspace virtual terminal support</flag>
 		<flag name="vanilla">Disable Gentoo-specific behavior and compatibility quirks</flag>
 		<flag name="xkb">Validate XKB keymap in logind</flag>
 	</use>

diff --git a/sys-apps/systemd/systemd-218-r5.ebuild b/sys-apps/systemd/systemd-218-r5.ebuild
deleted file mode 100644
index 5ac5db2..00000000
--- a/sys-apps/systemd/systemd-218-r5.ebuild
+++ /dev/null
@@ -1,463 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-AUTOTOOLS_PRUNE_LIBTOOL_FILES=all
-PYTHON_COMPAT=( python{2_7,3_4} )
-inherit autotools-utils bash-completion-r1 linux-info multilib \
-	multilib-minimal pam python-single-r1 systemd toolchain-funcs udev \
-	user
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-SRC_URI="https://www.freedesktop.org/software/systemd/${P}.tar.xz"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-KEYWORDS="alpha amd64 arm ia64 ppc ppc64 sparc x86"
-IUSE="acl apparmor audit cryptsetup curl doc elfutils gcrypt gudev http
-	idn introspection kdbus +kmod +lz4 lzma pam policykit python qrcode +seccomp
-	selinux ssl sysv-utils terminal test vanilla xkb"
-
-MINKV="3.8"
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.25:0=
-	sys-libs/libcap:0=
-	!<sys-libs/glibc-2.16
-	acl? ( sys-apps/acl:0= )
-	apparmor? ( sys-libs/libapparmor:0= )
-	audit? ( >=sys-process/audit-2:0= )
-	cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
-	curl? ( net-misc/curl:0= )
-	elfutils? ( >=dev-libs/elfutils-0.158:0= )
-	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
-	gudev? ( >=dev-libs/glib-2.34.3:2=[${MULTILIB_USEDEP}] )
-	http? (
-		>=net-libs/libmicrohttpd-0.9.33:0=
-		ssl? ( >=net-libs/gnutls-3.1.4:0= )
-	)
-	idn? ( net-dns/libidn:0= )
-	introspection? ( >=dev-libs/gobject-introspection-1.31.1:0= )
-	kmod? ( >=sys-apps/kmod-15:0= )
-	lz4? ( >=app-arch/lz4-0_p119:0=[${MULTILIB_USEDEP}] )
-	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
-	pam? ( virtual/pam:= )
-	python? ( ${PYTHON_DEPS} )
-	qrcode? ( media-gfx/qrencode:0= )
-	seccomp? ( sys-libs/libseccomp:0= )
-	selinux? ( sys-libs/libselinux:0= )
-	sysv-utils? (
-		!sys-apps/systemd-sysv-utils
-		!sys-apps/sysvinit )
-	terminal? ( >=dev-libs/libevdev-1.2:0=
-		>=x11-libs/libxkbcommon-0.5:0=
-		>=x11-libs/libdrm-2.4:0= )
-	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
-	abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
-	>=sys-apps/baselayout-2.2
-	!sys-auth/nss-myhostname
-	!sys-fs/eudev
-	!sys-fs/udev
-	gudev? ( !dev-libs/libgudev )"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.6.8-r1:0[systemd]
-	>=sys-apps/hwids-20130717-r1[udev]
-	>=sys-fs/udev-init-scripts-25
-	policykit? ( sys-auth/polkit )
-	!vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
-	app-arch/xz-utils:0
-	dev-util/gperf
-	>=dev-util/intltool-0.50
-	>=sys-apps/coreutils-8.16
-	>=sys-devel/binutils-2.23.1
-	>=sys-devel/gcc-4.6
-	>=sys-kernel/linux-headers-${MINKV}
-	ia64? ( >=sys-kernel/linux-headers-3.9 )
-	virtual/pkgconfig
-	doc? ( >=dev-util/gtk-doc-1.18 )
-	python? ( dev-python/lxml[${PYTHON_USEDEP}] )
-	test? ( >=sys-apps/dbus-1.6.8-r1:0 )"
-
-PATCHES=(
-	"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
-	"${FILESDIR}/218-noclean-tmp.patch"
-)
-
-pkg_pretend() {
-	local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
-		~DEVPTS_MULTIPLE_INSTANCES ~DEVTMPFS ~DMIID ~EPOLL ~FANOTIFY ~FHANDLE
-		~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SECCOMP ~SIGNALFD ~SYSFS
-		~TIMERFD ~TMPFS_XATTR ~UNIX
-		~!FW_LOADER_USER_HELPER ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
-		~!SYSFS_DEPRECATED_V2"
-
-	use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
-	kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
-
-	if linux_config_exists; then
-		local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
-			if [ -n "${uevent_helper_path}" ] && [ "${uevent_helper_path}" != '""' ]; then
-				ewarn "It's recommended to set an empty value to the following kernel config option:"
-				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
-			fi
-	fi
-
-	if [[ ${MERGE_TYPE} != binary ]]; then
-		if [[ $(gcc-major-version) -lt 4
-			|| ( $(gcc-major-version) -eq 4 && $(gcc-minor-version) -lt 6 ) ]]
-		then
-			eerror "systemd requires at least gcc 4.6 to build. Please switch the active"
-			eerror "gcc version using gcc-config."
-			die "systemd requires at least gcc 4.6"
-		fi
-	fi
-
-	if [[ ${MERGE_TYPE} != buildonly ]]; then
-		if kernel_is -lt ${MINKV//./ }; then
-			ewarn "Kernel version at least ${MINKV} required"
-		fi
-
-		check_extra_config
-	fi
-}
-
-pkg_setup() {
-	use python && python-single-r1_pkg_setup
-}
-
-src_prepare() {
-	# Bug 463376
-	sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
-
-	# missing in tarball
-	cp "${FILESDIR}"/217-systemd-consoled.service.in \
-		units/user/systemd-consoled.service.in || die
-
-	autotools-utils_src_prepare
-}
-
-src_configure() {
-	# Keep using the one where the rules were installed.
-	MY_UDEVDIR=$(get_udevdir)
-	# Fix systems broken by bug #509454.
-	[[ ${MY_UDEVDIR} ]] || MY_UDEVDIR=/lib/udev
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	local myeconfargs=(
-		# disable -flto since it is an optimization flag
-		# and makes distcc less effective
-		cc_cv_CFLAGS__flto=no
-
-		# Workaround for bug 516346
-		--enable-dependency-tracking
-
-		--disable-maintainer-mode
-		--localstatedir=/var
-		--with-pamlibdir=$(getpam_mod_dir)
-		# avoid bash-completion dep
-		--with-bashcompletiondir="$(get_bashcompdir)"
-		# make sure we get /bin:/sbin in $PATH
-		--enable-split-usr
-		# For testing.
-		--with-rootprefix="${ROOTPREFIX-/usr}"
-		--with-rootlibdir="${ROOTPREFIX-/usr}/$(get_libdir)"
-		# disable sysv compatibility
-		--with-sysvinit-path=
-		--with-sysvrcnd-path=
-		# no deps
-		--enable-efi
-		--enable-ima
-
-		# Optional components/dependencies
-		$(multilib_native_use_enable acl)
-		$(multilib_native_use_enable apparmor)
-		$(multilib_native_use_enable audit)
-		$(multilib_native_use_enable cryptsetup libcryptsetup)
-		$(multilib_native_use_enable curl libcurl)
-		$(multilib_native_use_enable doc gtk-doc)
-		$(multilib_native_use_enable elfutils)
-		$(use_enable gcrypt)
-		$(use_enable gudev)
-		$(multilib_native_use_enable http microhttpd)
-		$(usex http $(multilib_native_use_enable ssl gnutls) --disable-gnutls)
-		$(multilib_native_use_enable idn libidn)
-		$(multilib_native_use_enable introspection)
-		$(use_enable kdbus)
-		$(multilib_native_use_enable kmod)
-		$(use_enable lz4)
-		$(use_enable lzma xz)
-		$(multilib_native_use_enable pam)
-		$(multilib_native_use_enable policykit polkit)
-		$(multilib_native_use_with python)
-		$(multilib_native_use_enable python python-devel)
-		$(multilib_native_use_enable qrcode qrencode)
-		$(multilib_native_use_enable seccomp)
-		$(multilib_native_use_enable selinux)
-		$(multilib_native_use_enable terminal)
-		$(multilib_native_use_enable test tests)
-		$(multilib_native_use_enable test dbus)
-		$(multilib_native_use_enable xkb xkbcommon)
-
-		# not supported (avoid automagic deps in the future)
-		--disable-chkconfig
-
-		# hardcode a few paths to spare some deps
-		QUOTAON=/usr/sbin/quotaon
-		QUOTACHECK=/usr/sbin/quotacheck
-
-		# dbus paths
-		--with-dbuspolicydir="${EPREFIX}/etc/dbus-1/system.d"
-		--with-dbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services"
-		--with-dbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services"
-		--with-dbusinterfacedir="${EPREFIX}/usr/share/dbus-1/interfaces"
-
-		--with-ntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
-	)
-
-	if ! multilib_is_native_abi; then
-		myeconfargs+=(
-			MOUNT_{CFLAGS,LIBS}=' '
-
-			ac_cv_search_cap_init=
-			ac_cv_header_sys_capability_h=yes
-		)
-	fi
-
-	# Work around bug 463846.
-	tc-export CC
-
-	autotools-utils_src_configure
-}
-
-multilib_src_compile() {
-	local mymakeopts=(
-		udevlibexecdir="${MY_UDEVDIR}"
-	)
-
-	if multilib_is_native_abi; then
-		emake "${mymakeopts[@]}"
-	else
-		# prerequisites for gudev
-		use gudev && emake src/gudev/gudev{enumtypes,marshal}.{c,h}
-
-		echo 'gentoo: $(BUILT_SOURCES)' | \
-		emake "${mymakeopts[@]}" -f Makefile -f - gentoo
-		echo 'gentoo: $(lib_LTLIBRARIES) $(pkgconfiglib_DATA)' | \
-		emake "${mymakeopts[@]}" -f Makefile -f - gentoo
-	fi
-}
-
-multilib_src_test() {
-	multilib_is_native_abi || continue
-
-	default
-}
-
-multilib_src_install() {
-	local mymakeopts=(
-		# automake fails with parallel libtool relinking
-		# https://bugs.gentoo.org/show_bug.cgi?id=491398
-		-j1
-
-		udevlibexecdir="${MY_UDEVDIR}"
-		dist_udevhwdb_DATA=
-		DESTDIR="${D}"
-	)
-
-	if multilib_is_native_abi; then
-		emake "${mymakeopts[@]}" install
-	else
-		mymakeopts+=(
-			install-libLTLIBRARIES
-			install-pkgconfiglibDATA
-			install-includeHEADERS
-			# safe to call unconditionally, 'installs' empty list
-			install-libgudev_includeHEADERS
-			install-pkgincludeHEADERS
-		)
-
-		emake "${mymakeopts[@]}"
-	fi
-
-	# install compat pkg-config files
-	# Change dbus to >=sys-apps/dbus-1.8.8 if/when this is dropped.
-	local pcfiles=( src/compat-libs/libsystemd-{daemon,id128,journal,login}.pc )
-	emake "${mymakeopts[@]}" install-pkgconfiglibDATA \
-		pkgconfiglib_DATA="${pcfiles[*]}"
-}
-
-multilib_src_install_all() {
-	prune_libtool_files --modules
-	einstalldocs
-
-	if use sysv-utils; then
-		for app in halt poweroff reboot runlevel shutdown telinit; do
-			dosym "..${ROOTPREFIX-/usr}/bin/systemctl" /sbin/${app}
-		done
-		dosym "..${ROOTPREFIX-/usr}/lib/systemd/systemd" /sbin/init
-	else
-		# we just keep sysvinit tools, so no need for the mans
-		rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
-			|| die
-		rm "${D}"/usr/share/man/man1/init.1 || die
-	fi
-
-	# Disable storing coredumps in journald, bug #433457
-	mv "${D}"/usr/lib/sysctl.d/50-coredump.conf{,.disabled} || die
-
-	# Preserve empty dirs in /etc & /var, bug #437008
-	keepdir /etc/binfmt.d /etc/modules-load.d /etc/tmpfiles.d \
-		/etc/systemd/ntp-units.d /etc/systemd/user /var/lib/systemd \
-		/var/log/journal/remote
-
-	# Symlink /etc/sysctl.conf for easy migration.
-	dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
-
-	# If we install these symlinks, there is no way for the sysadmin to remove them
-	# permanently.
-	rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
-	rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
-	rm -r "${D}"/etc/systemd/system/network-online.target.wants || die
-	rm -r "${D}"/etc/systemd/system/sysinit.target.wants || die
-}
-
-migrate_locale() {
-	local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
-	local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
-	local locale_conf="${EROOT%/}/etc/locale.conf"
-
-	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
-		# If locale.conf does not exist...
-		if [[ -e ${envd_locale} ]]; then
-			# ...either copy env.d/??locale if there's one
-			ebegin "Moving ${envd_locale} to ${locale_conf}"
-			mv "${envd_locale}" "${locale_conf}"
-			eend ${?} || FAIL=1
-		else
-			# ...or create a dummy default
-			ebegin "Creating ${locale_conf}"
-			cat > "${locale_conf}" <<-EOF
-				# This file has been created by the sys-apps/systemd ebuild.
-				# See locale.conf(5) and localectl(1).
-
-				# LANG=${LANG}
-			EOF
-			eend ${?} || FAIL=1
-		fi
-	fi
-
-	if [[ ! -L ${envd_locale} ]]; then
-		# now, if env.d/??locale is not a symlink (to locale.conf)...
-		if [[ -e ${envd_locale} ]]; then
-			# ...warn the user that he has duplicate locale settings
-			ewarn
-			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
-			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
-			ewarn "and create the symlink with the following command:"
-			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
-			ewarn
-		else
-			# ...or just create the symlink if there's nothing here
-			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
-			ln -n -s ../locale.conf "${envd_locale_def}"
-			eend ${?} || FAIL=1
-		fi
-	fi
-}
-
-migrate_net_name_slot() {
-	# If user has disabled 80-net-name-slot.rules using a empty file or a symlink to /dev/null,
-	# do the same for 80-net-setup-link.rules to keep the old behavior
-	local net_move=no
-	local net_name_slot_sym=no
-	local net_rules_path="${EROOT%/}"/etc/udev/rules.d
-	local net_name_slot="${net_rules_path}"/80-net-name-slot.rules
-	local net_setup_link="${net_rules_path}"/80-net-setup-link.rules
-	if [[ -e ${net_setup_link} ]]; then
-		net_move=no
-	elif [[ -f ${net_name_slot} && $(sed -e "/^#/d" -e "/^\W*$/d" ${net_name_slot} | wc -l) == 0 ]]; then
-		net_move=yes
-	elif [[ -L ${net_name_slot} && $(readlink ${net_name_slot}) == /dev/null ]]; then
-		net_move=yes
-		net_name_slot_sym=yes
-	fi
-	if [[ ${net_move} == yes ]]; then
-		ebegin "Copying ${net_name_slot} to ${net_setup_link}"
-
-		if [[ ${net_name_slot_sym} == yes ]]; then
-			ln -nfs /dev/null "${net_setup_link}"
-		else
-			cp "${net_name_slot}" "${net_setup_link}"
-		fi
-		eend $? || FAIL=1
-	fi
-}
-
-pkg_postinst() {
-	newusergroup() {
-		enewgroup "$1"
-		enewuser "$1" -1 -1 -1 "$1"
-	}
-
-	enewgroup input
-	enewgroup systemd-journal
-	newusergroup systemd-bus-proxy
-	newusergroup systemd-journal-gateway
-	newusergroup systemd-journal-remote
-	newusergroup systemd-journal-upload
-	newusergroup systemd-network
-	newusergroup systemd-resolve
-	newusergroup systemd-timesync
-	use http && newusergroup systemd-journal-gateway
-
-	systemd_update_catalog
-
-	# Keep this here in case the database format changes so it gets updated
-	# when required. Despite that this file is owned by sys-apps/hwids.
-	if has_version "sys-apps/hwids[udev]"; then
-		udevadm hwdb --update --root="${ROOT%/}"
-	fi
-
-	udev_reload || FAIL=1
-
-	# Bug 465468, make sure locales are respect, and ensure consistency
-	# between OpenRC & systemd
-	migrate_locale
-
-	# Migrate 80-net-name-slot.rules -> 80-net-setup-link.rules
-	migrate_net_name_slot
-
-	if [[ ${FAIL} ]]; then
-		eerror "One of the postinst commands failed. Please check the postinst output"
-		eerror "for errors. You may need to clean up your system and/or try installing"
-		eerror "systemd again."
-		eerror
-	fi
-
-	if [[ $(readlink "${ROOT}"/etc/resolv.conf) == */run/systemd/network/resolv.conf ]]; then
-		ewarn "resolv.conf is now generated by systemd-resolved. To use it, enable"
-		ewarn "systemd-resolved.service, and create a symlink from /etc/resolv.conf"
-		ewarn "to /run/systemd/resolve/resolv.conf"
-		ewarn
-	fi
-}
-
-pkg_prerm() {
-	# If removing systemd completely, remove the catalog database.
-	if [[ ! ${REPLACED_BY_VERSION} ]]; then
-		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
-	fi
-}


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2016-11-04  1:06 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2016-11-04  1:06 UTC (permalink / raw
  To: gentoo-commits

commit:     8e4e49d41e1a128a609bb4ec7646b79c5f7e8f7e
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Nov  3 19:52:02 2016 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Fri Nov  4 01:05:57 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e4e49d4

sys-apps/systemd: add sample nsswitch.conf

Package-Manager: portage-2.3.2_p3

 sys-apps/systemd/files/nsswitch.conf | 27 +++++++++++++++++++++++++++
 sys-apps/systemd/systemd-9999.ebuild |  1 +
 2 files changed, 28 insertions(+)

diff --git a/sys-apps/systemd/files/nsswitch.conf b/sys-apps/systemd/files/nsswitch.conf
new file mode 100644
index 00000000..00667c0
--- /dev/null
+++ b/sys-apps/systemd/files/nsswitch.conf
@@ -0,0 +1,27 @@
+# Sample nss configuration for systemd
+
+# systemd-specific modules
+# See the manual pages fore further information.
+# nss-myhostname - host resolution for the local hostname
+# nss-mymachines - host, user, group resolution for containers
+# nss-resolve - host resolution using resolved
+# nss-systemd - dynamic user/group resolution (DynamicUser in unit files)
+
+passwd:		compat mymachines systemd
+shadow:		compat
+group:		compat mymachines systemd
+gshadow:	files
+
+hosts:		files mymachines resolve [!UNAVAIL=return] dns myhostname
+networks:	files
+
+services:	db files
+protocols:	db files
+rpc:		db files
+ethers:		db files
+netmasks:	files
+netgroup:	files
+bootparams:	files
+
+automount:	files
+aliases:	files

diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 0083535..5835868 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -326,6 +326,7 @@ multilib_src_install() {
 multilib_src_install_all() {
 	prune_libtool_files --modules
 	einstalldocs
+	dodoc "${FILESDIR}"/nsswitch.conf
 
 	if [[ ${PV} != 9999 ]]; then
 		use doc || doman "${WORKDIR}"/man/systemd.{directives,index}.7


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2016-10-30  3:52 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2016-10-30  3:52 UTC (permalink / raw
  To: gentoo-commits

commit:     448fde98950def2b1d69bd05903c8e800b3bbead
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 30 03:51:37 2016 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Oct 30 03:52:10 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=448fde98

sys-apps/systemd: call pam_limits for systemd-user

As suggested by DISTRO_PORTING.

Package-Manager: portage-2.3.2_p1

 sys-apps/systemd/files/232-systemd-user-pam.patch | 8 ++++++++
 sys-apps/systemd/systemd-9999.ebuild              | 1 +
 2 files changed, 9 insertions(+)

diff --git a/sys-apps/systemd/files/232-systemd-user-pam.patch b/sys-apps/systemd/files/232-systemd-user-pam.patch
new file mode 100644
index 00000000..a6501ba
--- /dev/null
+++ b/sys-apps/systemd/files/232-systemd-user-pam.patch
@@ -0,0 +1,8 @@
+--- a/src/login/systemd-user.m4
++++ b/src/login/systemd-user.m4
+@@ -9,4 +9,5 @@
+ session  required pam_selinux.so nottys open
+ )m4_dnl
+ session  required pam_loginuid.so
++session required pam_limits.so
+ session optional pam_systemd.so

diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index c0a9abc..b79eeac 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -159,6 +159,7 @@ src_prepare() {
 	local PATCHES=(
 		"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
 		"${FILESDIR}/228-noclean-tmp.patch"
+		"${FILESDIR}/232-systemd-user-pam.patch"
 	)
 	[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
 


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2016-04-10  1:05 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2016-04-10  1:05 UTC (permalink / raw
  To: gentoo-commits

commit:     c008e237dd1dfd1139373e4e6287e95f94c60346
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 10 01:05:07 2016 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Apr 10 01:05:35 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c008e237

sys-apps/systemd: Add workaround for if.h conflict

Bug: https://bugs.gentoo.org/577660

Package-Manager: portage-2.2.28_p3

 sys-apps/systemd/files/linux-headers-if.h.patch | 34 +++++++++++++++++++++++++
 sys-apps/systemd/systemd-229-r100.ebuild        |  1 +
 sys-apps/systemd/systemd-229.ebuild             |  1 +
 3 files changed, 36 insertions(+)

diff --git a/sys-apps/systemd/files/linux-headers-if.h.patch b/sys-apps/systemd/files/linux-headers-if.h.patch
new file mode 100644
index 0000000..d0c38a9
--- /dev/null
+++ b/sys-apps/systemd/files/linux-headers-if.h.patch
@@ -0,0 +1,34 @@
+From 96b90055e1e21417d4beb973fcb62858d7c69c17 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Sat, 9 Apr 2016 18:07:02 -0400
+Subject: [PATCH] Work around net/if.h / linux/if.h conflict
+
+---
+ src/shared/firewall-util.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c
+index 0d3da2e..521e09c 100644
+--- a/src/shared/firewall-util.c
++++ b/src/shared/firewall-util.c
+@@ -17,14 +17,16 @@
+   along with systemd; If not, see <http://www.gnu.org/licenses/>.
+ ***/
+ 
++#define _NET_IF_H 1
++
+ #include <alloca.h>
+ #include <arpa/inet.h>
+ #include <endian.h>
+ #include <errno.h>
+-#include <net/if.h>
+ #include <stddef.h>
+ #include <string.h>
+ #include <sys/socket.h>
++#include <linux/if.h>
+ #include <linux/netfilter_ipv4/ip_tables.h>
+ #include <linux/netfilter/nf_nat.h>
+ #include <linux/netfilter/xt_addrtype.h>
+-- 
+2.8.1
+

diff --git a/sys-apps/systemd/systemd-229-r100.ebuild b/sys-apps/systemd/systemd-229-r100.ebuild
index 0a7cf4d..cd9d446 100644
--- a/sys-apps/systemd/systemd-229-r100.ebuild
+++ b/sys-apps/systemd/systemd-229-r100.ebuild
@@ -152,6 +152,7 @@ src_prepare() {
 	local PATCHES=(
 		"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
 		"${FILESDIR}/228-noclean-tmp.patch"
+		"${FILESDIR}/linux-headers-if.h.patch"
 	)
 	[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
 

diff --git a/sys-apps/systemd/systemd-229.ebuild b/sys-apps/systemd/systemd-229.ebuild
index 70ec90f..0a35d50 100644
--- a/sys-apps/systemd/systemd-229.ebuild
+++ b/sys-apps/systemd/systemd-229.ebuild
@@ -152,6 +152,7 @@ src_prepare() {
 	local PATCHES=(
 		"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
 		"${FILESDIR}/228-noclean-tmp.patch"
+		"${FILESDIR}/linux-headers-if.h.patch"
 	)
 	[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
 


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2015-09-26  1:53 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2015-09-26  1:53 UTC (permalink / raw
  To: gentoo-commits

commit:     8595c126a7159621855791860b74f7d40b7eeed0
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 26 01:52:46 2015 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Sep 26 01:53:25 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8595c126

sys-apps/systemd: Fix noclean-tmp patch for 218

Package-Manager: portage-2.2.21_p119

 sys-apps/systemd/files/218-noclean-tmp.patch |   4 +-
 sys-apps/systemd/systemd-218-r5.ebuild       | 463 +++++++++++++++++++++++++++
 2 files changed, 465 insertions(+), 2 deletions(-)

diff --git a/sys-apps/systemd/files/218-noclean-tmp.patch b/sys-apps/systemd/files/218-noclean-tmp.patch
index 5dcc4b9..b02e5c8 100644
--- a/sys-apps/systemd/files/218-noclean-tmp.patch
+++ b/sys-apps/systemd/files/218-noclean-tmp.patch
@@ -18,8 +18,8 @@ index b80dab4..241fad5 100644
  # Clear tmp directories separately, to make them easier to override
 -d /tmp 1777 root root 10d
 -d /var/tmp 1777 root root 30d
-+v /tmp 1777 root root
-+v /var/tmp 1777 root root
++d /tmp 1777 root root
++d /var/tmp 1777 root root
  
  # Exclude namespace mountpoints created with PrivateTmp=yes
  x /tmp/systemd-private-%b-*

diff --git a/sys-apps/systemd/systemd-218-r5.ebuild b/sys-apps/systemd/systemd-218-r5.ebuild
new file mode 100644
index 0000000..7be421d
--- /dev/null
+++ b/sys-apps/systemd/systemd-218-r5.ebuild
@@ -0,0 +1,463 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+AUTOTOOLS_PRUNE_LIBTOOL_FILES=all
+PYTHON_COMPAT=( python{2_7,3_3,3_4} )
+inherit autotools-utils bash-completion-r1 linux-info multilib \
+	multilib-minimal pam python-single-r1 systemd toolchain-funcs udev \
+	user
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="http://www.freedesktop.org/wiki/Software/systemd"
+SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+KEYWORDS="alpha amd64 arm ia64 ppc ppc64 sparc x86"
+IUSE="acl apparmor audit cryptsetup curl doc elfutils gcrypt gudev http
+	idn introspection kdbus +kmod +lz4 lzma pam policykit python qrcode +seccomp
+	selinux ssl sysv-utils terminal test vanilla xkb"
+
+MINKV="3.8"
+
+COMMON_DEPEND=">=sys-apps/util-linux-2.25:0=
+	sys-libs/libcap:0=
+	!<sys-libs/glibc-2.16
+	acl? ( sys-apps/acl:0= )
+	apparmor? ( sys-libs/libapparmor:0= )
+	audit? ( >=sys-process/audit-2:0= )
+	cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
+	curl? ( net-misc/curl:0= )
+	elfutils? ( >=dev-libs/elfutils-0.158:0= )
+	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+	gudev? ( >=dev-libs/glib-2.34.3:2=[${MULTILIB_USEDEP}] )
+	http? (
+		>=net-libs/libmicrohttpd-0.9.33:0=
+		ssl? ( >=net-libs/gnutls-3.1.4:0= )
+	)
+	idn? ( net-dns/libidn:0= )
+	introspection? ( >=dev-libs/gobject-introspection-1.31.1:0= )
+	kmod? ( >=sys-apps/kmod-15:0= )
+	lz4? ( >=app-arch/lz4-0_p119:0=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+	pam? ( virtual/pam:= )
+	python? ( ${PYTHON_DEPS} )
+	qrcode? ( media-gfx/qrencode:0= )
+	seccomp? ( sys-libs/libseccomp:0= )
+	selinux? ( sys-libs/libselinux:0= )
+	sysv-utils? (
+		!sys-apps/systemd-sysv-utils
+		!sys-apps/sysvinit )
+	terminal? ( >=dev-libs/libevdev-1.2:0=
+		>=x11-libs/libxkbcommon-0.5:0=
+		>=x11-libs/libdrm-2.4:0= )
+	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
+	abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+	>=sys-apps/baselayout-2.2
+	!sys-auth/nss-myhostname
+	!sys-fs/eudev
+	!sys-fs/udev
+	gudev? ( !dev-libs/libgudev )"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.6.8-r1:0[systemd]
+	>=sys-apps/hwids-20130717-r1[udev]
+	>=sys-fs/udev-init-scripts-25
+	policykit? ( sys-auth/polkit )
+	!vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+	app-arch/xz-utils:0
+	dev-util/gperf
+	>=dev-util/intltool-0.50
+	>=sys-apps/coreutils-8.16
+	>=sys-devel/binutils-2.23.1
+	>=sys-devel/gcc-4.6
+	>=sys-kernel/linux-headers-${MINKV}
+	ia64? ( >=sys-kernel/linux-headers-3.9 )
+	virtual/pkgconfig
+	doc? ( >=dev-util/gtk-doc-1.18 )
+	python? ( dev-python/lxml[${PYTHON_USEDEP}] )
+	test? ( >=sys-apps/dbus-1.6.8-r1:0 )"
+
+PATCHES=(
+	"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
+	"${FILESDIR}/218-noclean-tmp.patch"
+)
+
+pkg_pretend() {
+	local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
+		~DEVPTS_MULTIPLE_INSTANCES ~DEVTMPFS ~DMIID ~EPOLL ~FANOTIFY ~FHANDLE
+		~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SECCOMP ~SIGNALFD ~SYSFS
+		~TIMERFD ~TMPFS_XATTR
+		~!FW_LOADER_USER_HELPER ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+		~!SYSFS_DEPRECATED_V2"
+
+	use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+	kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
+
+	if linux_config_exists; then
+		local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+			if [ -n "${uevent_helper_path}" ] && [ "${uevent_helper_path}" != '""' ]; then
+				ewarn "It's recommended to set an empty value to the following kernel config option:"
+				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+			fi
+	fi
+
+	if [[ ${MERGE_TYPE} != binary ]]; then
+		if [[ $(gcc-major-version) -lt 4
+			|| ( $(gcc-major-version) -eq 4 && $(gcc-minor-version) -lt 6 ) ]]
+		then
+			eerror "systemd requires at least gcc 4.6 to build. Please switch the active"
+			eerror "gcc version using gcc-config."
+			die "systemd requires at least gcc 4.6"
+		fi
+	fi
+
+	if [[ ${MERGE_TYPE} != buildonly ]]; then
+		if kernel_is -lt ${MINKV//./ }; then
+			ewarn "Kernel version at least ${MINKV} required"
+		fi
+
+		check_extra_config
+	fi
+}
+
+pkg_setup() {
+	use python && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	# Bug 463376
+	sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
+
+	# missing in tarball
+	cp "${FILESDIR}"/217-systemd-consoled.service.in \
+		units/user/systemd-consoled.service.in || die
+
+	autotools-utils_src_prepare
+}
+
+src_configure() {
+	# Keep using the one where the rules were installed.
+	MY_UDEVDIR=$(get_udevdir)
+	# Fix systems broken by bug #509454.
+	[[ ${MY_UDEVDIR} ]] || MY_UDEVDIR=/lib/udev
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	local myeconfargs=(
+		# disable -flto since it is an optimization flag
+		# and makes distcc less effective
+		cc_cv_CFLAGS__flto=no
+
+		# Workaround for bug 516346
+		--enable-dependency-tracking
+
+		--disable-maintainer-mode
+		--localstatedir=/var
+		--with-pamlibdir=$(getpam_mod_dir)
+		# avoid bash-completion dep
+		--with-bashcompletiondir="$(get_bashcompdir)"
+		# make sure we get /bin:/sbin in $PATH
+		--enable-split-usr
+		# For testing.
+		--with-rootprefix="${ROOTPREFIX-/usr}"
+		--with-rootlibdir="${ROOTPREFIX-/usr}/$(get_libdir)"
+		# disable sysv compatibility
+		--with-sysvinit-path=
+		--with-sysvrcnd-path=
+		# no deps
+		--enable-efi
+		--enable-ima
+
+		# Optional components/dependencies
+		$(multilib_native_use_enable acl)
+		$(multilib_native_use_enable apparmor)
+		$(multilib_native_use_enable audit)
+		$(multilib_native_use_enable cryptsetup libcryptsetup)
+		$(multilib_native_use_enable curl libcurl)
+		$(multilib_native_use_enable doc gtk-doc)
+		$(multilib_native_use_enable elfutils)
+		$(use_enable gcrypt)
+		$(use_enable gudev)
+		$(multilib_native_use_enable http microhttpd)
+		$(usex http $(multilib_native_use_enable ssl gnutls) --disable-gnutls)
+		$(multilib_native_use_enable idn libidn)
+		$(multilib_native_use_enable introspection)
+		$(use_enable kdbus)
+		$(multilib_native_use_enable kmod)
+		$(use_enable lz4)
+		$(use_enable lzma xz)
+		$(multilib_native_use_enable pam)
+		$(multilib_native_use_enable policykit polkit)
+		$(multilib_native_use_with python)
+		$(multilib_native_use_enable python python-devel)
+		$(multilib_native_use_enable qrcode qrencode)
+		$(multilib_native_use_enable seccomp)
+		$(multilib_native_use_enable selinux)
+		$(multilib_native_use_enable terminal)
+		$(multilib_native_use_enable test tests)
+		$(multilib_native_use_enable test dbus)
+		$(multilib_native_use_enable xkb xkbcommon)
+
+		# not supported (avoid automagic deps in the future)
+		--disable-chkconfig
+
+		# hardcode a few paths to spare some deps
+		QUOTAON=/usr/sbin/quotaon
+		QUOTACHECK=/usr/sbin/quotacheck
+
+		# dbus paths
+		--with-dbuspolicydir="${EPREFIX}/etc/dbus-1/system.d"
+		--with-dbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services"
+		--with-dbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services"
+		--with-dbusinterfacedir="${EPREFIX}/usr/share/dbus-1/interfaces"
+
+		--with-ntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+	)
+
+	if ! multilib_is_native_abi; then
+		myeconfargs+=(
+			MOUNT_{CFLAGS,LIBS}=' '
+
+			ac_cv_search_cap_init=
+			ac_cv_header_sys_capability_h=yes
+		)
+	fi
+
+	# Work around bug 463846.
+	tc-export CC
+
+	autotools-utils_src_configure
+}
+
+multilib_src_compile() {
+	local mymakeopts=(
+		udevlibexecdir="${MY_UDEVDIR}"
+	)
+
+	if multilib_is_native_abi; then
+		emake "${mymakeopts[@]}"
+	else
+		# prerequisites for gudev
+		use gudev && emake src/gudev/gudev{enumtypes,marshal}.{c,h}
+
+		echo 'gentoo: $(BUILT_SOURCES)' | \
+		emake "${mymakeopts[@]}" -f Makefile -f - gentoo
+		echo 'gentoo: $(lib_LTLIBRARIES) $(pkgconfiglib_DATA)' | \
+		emake "${mymakeopts[@]}" -f Makefile -f - gentoo
+	fi
+}
+
+multilib_src_test() {
+	multilib_is_native_abi || continue
+
+	default
+}
+
+multilib_src_install() {
+	local mymakeopts=(
+		# automake fails with parallel libtool relinking
+		# https://bugs.gentoo.org/show_bug.cgi?id=491398
+		-j1
+
+		udevlibexecdir="${MY_UDEVDIR}"
+		dist_udevhwdb_DATA=
+		DESTDIR="${D}"
+	)
+
+	if multilib_is_native_abi; then
+		emake "${mymakeopts[@]}" install
+	else
+		mymakeopts+=(
+			install-libLTLIBRARIES
+			install-pkgconfiglibDATA
+			install-includeHEADERS
+			# safe to call unconditionally, 'installs' empty list
+			install-libgudev_includeHEADERS
+			install-pkgincludeHEADERS
+		)
+
+		emake "${mymakeopts[@]}"
+	fi
+
+	# install compat pkg-config files
+	# Change dbus to >=sys-apps/dbus-1.8.8 if/when this is dropped.
+	local pcfiles=( src/compat-libs/libsystemd-{daemon,id128,journal,login}.pc )
+	emake "${mymakeopts[@]}" install-pkgconfiglibDATA \
+		pkgconfiglib_DATA="${pcfiles[*]}"
+}
+
+multilib_src_install_all() {
+	prune_libtool_files --modules
+	einstalldocs
+
+	if use sysv-utils; then
+		for app in halt poweroff reboot runlevel shutdown telinit; do
+			dosym "..${ROOTPREFIX-/usr}/bin/systemctl" /sbin/${app}
+		done
+		dosym "..${ROOTPREFIX-/usr}/lib/systemd/systemd" /sbin/init
+	else
+		# we just keep sysvinit tools, so no need for the mans
+		rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
+			|| die
+		rm "${D}"/usr/share/man/man1/init.1 || die
+	fi
+
+	# Disable storing coredumps in journald, bug #433457
+	mv "${D}"/usr/lib/sysctl.d/50-coredump.conf{,.disabled} || die
+
+	# Preserve empty dirs in /etc & /var, bug #437008
+	keepdir /etc/binfmt.d /etc/modules-load.d /etc/tmpfiles.d \
+		/etc/systemd/ntp-units.d /etc/systemd/user /var/lib/systemd \
+		/var/log/journal/remote
+
+	# Symlink /etc/sysctl.conf for easy migration.
+	dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
+
+	# If we install these symlinks, there is no way for the sysadmin to remove them
+	# permanently.
+	rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
+	rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
+	rm -r "${D}"/etc/systemd/system/network-online.target.wants || die
+	rm -r "${D}"/etc/systemd/system/sysinit.target.wants || die
+}
+
+migrate_locale() {
+	local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
+	local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
+	local locale_conf="${EROOT%/}/etc/locale.conf"
+
+	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+		# If locale.conf does not exist...
+		if [[ -e ${envd_locale} ]]; then
+			# ...either copy env.d/??locale if there's one
+			ebegin "Moving ${envd_locale} to ${locale_conf}"
+			mv "${envd_locale}" "${locale_conf}"
+			eend ${?} || FAIL=1
+		else
+			# ...or create a dummy default
+			ebegin "Creating ${locale_conf}"
+			cat > "${locale_conf}" <<-EOF
+				# This file has been created by the sys-apps/systemd ebuild.
+				# See locale.conf(5) and localectl(1).
+
+				# LANG=${LANG}
+			EOF
+			eend ${?} || FAIL=1
+		fi
+	fi
+
+	if [[ ! -L ${envd_locale} ]]; then
+		# now, if env.d/??locale is not a symlink (to locale.conf)...
+		if [[ -e ${envd_locale} ]]; then
+			# ...warn the user that he has duplicate locale settings
+			ewarn
+			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+			ewarn "and create the symlink with the following command:"
+			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+			ewarn
+		else
+			# ...or just create the symlink if there's nothing here
+			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+			ln -n -s ../locale.conf "${envd_locale_def}"
+			eend ${?} || FAIL=1
+		fi
+	fi
+}
+
+migrate_net_name_slot() {
+	# If user has disabled 80-net-name-slot.rules using a empty file or a symlink to /dev/null,
+	# do the same for 80-net-setup-link.rules to keep the old behavior
+	local net_move=no
+	local net_name_slot_sym=no
+	local net_rules_path="${EROOT%/}"/etc/udev/rules.d
+	local net_name_slot="${net_rules_path}"/80-net-name-slot.rules
+	local net_setup_link="${net_rules_path}"/80-net-setup-link.rules
+	if [[ -e ${net_setup_link} ]]; then
+		net_move=no
+	elif [[ -f ${net_name_slot} && $(sed -e "/^#/d" -e "/^\W*$/d" ${net_name_slot} | wc -l) == 0 ]]; then
+		net_move=yes
+	elif [[ -L ${net_name_slot} && $(readlink ${net_name_slot}) == /dev/null ]]; then
+		net_move=yes
+		net_name_slot_sym=yes
+	fi
+	if [[ ${net_move} == yes ]]; then
+		ebegin "Copying ${net_name_slot} to ${net_setup_link}"
+
+		if [[ ${net_name_slot_sym} == yes ]]; then
+			ln -nfs /dev/null "${net_setup_link}"
+		else
+			cp "${net_name_slot}" "${net_setup_link}"
+		fi
+		eend $? || FAIL=1
+	fi
+}
+
+pkg_postinst() {
+	newusergroup() {
+		enewgroup "$1"
+		enewuser "$1" -1 -1 -1 "$1"
+	}
+
+	enewgroup input
+	enewgroup systemd-journal
+	newusergroup systemd-bus-proxy
+	newusergroup systemd-journal-gateway
+	newusergroup systemd-journal-remote
+	newusergroup systemd-journal-upload
+	newusergroup systemd-network
+	newusergroup systemd-resolve
+	newusergroup systemd-timesync
+	use http && newusergroup systemd-journal-gateway
+
+	systemd_update_catalog
+
+	# Keep this here in case the database format changes so it gets updated
+	# when required. Despite that this file is owned by sys-apps/hwids.
+	if has_version "sys-apps/hwids[udev]"; then
+		udevadm hwdb --update --root="${ROOT%/}"
+	fi
+
+	udev_reload || FAIL=1
+
+	# Bug 465468, make sure locales are respect, and ensure consistency
+	# between OpenRC & systemd
+	migrate_locale
+
+	# Migrate 80-net-name-slot.rules -> 80-net-setup-link.rules
+	migrate_net_name_slot
+
+	if [[ ${FAIL} ]]; then
+		eerror "One of the postinst commands failed. Please check the postinst output"
+		eerror "for errors. You may need to clean up your system and/or try installing"
+		eerror "systemd again."
+		eerror
+	fi
+
+	if [[ $(readlink "${ROOT}"/etc/resolv.conf) == */run/systemd/network/resolv.conf ]]; then
+		ewarn "resolv.conf is now generated by systemd-resolved. To use it, enable"
+		ewarn "systemd-resolved.service, and create a symlink from /etc/resolv.conf"
+		ewarn "to /run/systemd/resolve/resolv.conf"
+		ewarn
+	fi
+}
+
+pkg_prerm() {
+	# If removing systemd completely, remove the catalog database.
+	if [[ ! ${REPLACED_BY_VERSION} ]]; then
+		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+	fi
+}


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2015-09-25 14:52 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2015-09-25 14:52 UTC (permalink / raw
  To: gentoo-commits

commit:     884081f76bfb615b4ff37f2cbebe02195a94d6d6
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 25 14:49:55 2015 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Fri Sep 25 14:51:33 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=884081f7

sys-apps/systemd: Disable cleaning of /tmp and /var/tmp

Bug: https://bugs.gentoo.org/490676

Package-Manager: portage-2.2.21_p119

 sys-apps/systemd/files/218-noclean-tmp.patch       |  28 +++++
 sys-apps/systemd/files/226-noclean-tmp.patch       |  28 +++++
 .../{systemd-9999.ebuild => systemd-218-r4.ebuild} | 135 ++++++++++-----------
 .../{systemd-9999.ebuild => systemd-226-r1.ebuild} |   3 +-
 sys-apps/systemd/systemd-9999.ebuild               |   1 +
 5 files changed, 121 insertions(+), 74 deletions(-)

diff --git a/sys-apps/systemd/files/218-noclean-tmp.patch b/sys-apps/systemd/files/218-noclean-tmp.patch
new file mode 100644
index 0000000..5dcc4b9
--- /dev/null
+++ b/sys-apps/systemd/files/218-noclean-tmp.patch
@@ -0,0 +1,28 @@
+From 63e5f76a91e2401e8a6227d0d8ae5e75dd2213b0 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Fri, 25 Sep 2015 10:26:18 -0400
+Subject: [PATCH] tmpfiles: Disable cleaning of /tmp and /var/tmp
+
+Bug: https://bugs.gentoo.org/490676
+---
+ tmpfiles.d/tmp.conf | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tmpfiles.d/tmp.conf b/tmpfiles.d/tmp.conf
+index b80dab4..241fad5 100644
+--- a/tmpfiles.d/tmp.conf
++++ b/tmpfiles.d/tmp.conf
+@@ -8,8 +8,8 @@
+ # See tmpfiles.d(5) for details
+ 
+ # Clear tmp directories separately, to make them easier to override
+-d /tmp 1777 root root 10d
+-d /var/tmp 1777 root root 30d
++v /tmp 1777 root root
++v /var/tmp 1777 root root
+ 
+ # Exclude namespace mountpoints created with PrivateTmp=yes
+ x /tmp/systemd-private-%b-*
+-- 
+2.5.3
+

diff --git a/sys-apps/systemd/files/226-noclean-tmp.patch b/sys-apps/systemd/files/226-noclean-tmp.patch
new file mode 100644
index 0000000..290b1bd
--- /dev/null
+++ b/sys-apps/systemd/files/226-noclean-tmp.patch
@@ -0,0 +1,28 @@
+From 3a44775e2618896526d093f7142934205e46d33a Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Fri, 25 Sep 2015 10:26:18 -0400
+Subject: [PATCH] tmpfiles: Disable cleaning of /tmp and /var/tmp
+
+Bug: https://bugs.gentoo.org/490676
+---
+ tmpfiles.d/tmp.conf | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tmpfiles.d/tmp.conf b/tmpfiles.d/tmp.conf
+index ffdd82f..241fad5 100644
+--- a/tmpfiles.d/tmp.conf
++++ b/tmpfiles.d/tmp.conf
+@@ -8,8 +8,8 @@
+ # See tmpfiles.d(5) for details
+ 
+ # Clear tmp directories separately, to make them easier to override
+-v /tmp 1777 root root 10d
+-v /var/tmp 1777 root root 30d
++v /tmp 1777 root root
++v /var/tmp 1777 root root
+ 
+ # Exclude namespace mountpoints created with PrivateTmp=yes
+ x /tmp/systemd-private-%b-*
+-- 
+2.5.3
+

diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-218-r4.ebuild
similarity index 84%
copy from sys-apps/systemd/systemd-9999.ebuild
copy to sys-apps/systemd/systemd-218-r4.ebuild
index 2ec9957..7be421d 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-218-r4.ebuild
@@ -4,32 +4,27 @@
 
 EAPI=5
 
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
-	inherit git-r3
-else
-	SRC_URI="https://github.com/systemd/systemd/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-	KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86"
-fi
-
-inherit autotools bash-completion-r1 linux-info multilib \
-	multilib-minimal pam systemd toolchain-funcs udev user
+AUTOTOOLS_PRUNE_LIBTOOL_FILES=all
+PYTHON_COMPAT=( python{2_7,3_3,3_4} )
+inherit autotools-utils bash-completion-r1 linux-info multilib \
+	multilib-minimal pam python-single-r1 systemd toolchain-funcs udev \
+	user
 
 DESCRIPTION="System and service manager for Linux"
 HOMEPAGE="http://www.freedesktop.org/wiki/Software/systemd"
+SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz"
 
 LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
 SLOT="0/2"
-IUSE="acl apparmor audit cryptsetup curl elfutils gcrypt gnuefi http
-	idn importd +kdbus +kmod +lz4 lzma nat pam policykit
-	qrcode +seccomp selinux ssl sysv-utils test vanilla xkb"
-
-REQUIRED_USE="importd? ( curl gcrypt lzma )"
+KEYWORDS="alpha amd64 arm ia64 ppc ppc64 sparc x86"
+IUSE="acl apparmor audit cryptsetup curl doc elfutils gcrypt gudev http
+	idn introspection kdbus +kmod +lz4 lzma pam policykit python qrcode +seccomp
+	selinux ssl sysv-utils terminal test vanilla xkb"
 
-MINKV="3.11"
+MINKV="3.8"
 
-COMMON_DEPEND=">=sys-apps/util-linux-2.27:0=[${MULTILIB_USEDEP}]
-	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+COMMON_DEPEND=">=sys-apps/util-linux-2.25:0=
+	sys-libs/libcap:0=
 	!<sys-libs/glibc-2.16
 	acl? ( sys-apps/acl:0= )
 	apparmor? ( sys-libs/libapparmor:0= )
@@ -38,26 +33,27 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.27:0=[${MULTILIB_USEDEP}]
 	curl? ( net-misc/curl:0= )
 	elfutils? ( >=dev-libs/elfutils-0.158:0= )
 	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+	gudev? ( >=dev-libs/glib-2.34.3:2=[${MULTILIB_USEDEP}] )
 	http? (
 		>=net-libs/libmicrohttpd-0.9.33:0=
 		ssl? ( >=net-libs/gnutls-3.1.4:0= )
 	)
 	idn? ( net-dns/libidn:0= )
-	importd? (
-		app-arch/bzip2:0=
-		sys-libs/zlib:0=
-	)
+	introspection? ( >=dev-libs/gobject-introspection-1.31.1:0= )
 	kmod? ( >=sys-apps/kmod-15:0= )
 	lz4? ( >=app-arch/lz4-0_p119:0=[${MULTILIB_USEDEP}] )
 	lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
-	nat? ( net-firewall/iptables:0= )
 	pam? ( virtual/pam:= )
+	python? ( ${PYTHON_DEPS} )
 	qrcode? ( media-gfx/qrencode:0= )
 	seccomp? ( sys-libs/libseccomp:0= )
 	selinux? ( sys-libs/libselinux:0= )
 	sysv-utils? (
 		!sys-apps/systemd-sysv-utils
 		!sys-apps/sysvinit )
+	terminal? ( >=dev-libs/libevdev-1.2:0=
+		>=x11-libs/libxkbcommon-0.5:0=
+		>=x11-libs/libdrm-2.4:0= )
 	xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
 	abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
 		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
@@ -67,11 +63,12 @@ RDEPEND="${COMMON_DEPEND}
 	>=sys-apps/baselayout-2.2
 	!sys-auth/nss-myhostname
 	!sys-fs/eudev
-	!sys-fs/udev"
+	!sys-fs/udev
+	gudev? ( !dev-libs/libgudev )"
 
 # sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
 PDEPEND=">=sys-apps/dbus-1.6.8-r1:0[systemd]
-	>=sys-apps/hwids-20150417[udev]
+	>=sys-apps/hwids-20130717-r1[udev]
 	>=sys-fs/udev-init-scripts-25
 	policykit? ( sys-auth/polkit )
 	!vanilla? ( sys-apps/gentoo-systemd-integration )"
@@ -85,14 +82,16 @@ DEPEND="${COMMON_DEPEND}
 	>=sys-devel/binutils-2.23.1
 	>=sys-devel/gcc-4.6
 	>=sys-kernel/linux-headers-${MINKV}
+	ia64? ( >=sys-kernel/linux-headers-3.9 )
 	virtual/pkgconfig
-	gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
-	test? ( >=sys-apps/dbus-1.6.8-r1:0 )
-	app-text/docbook-xml-dtd:4.2
-	app-text/docbook-xml-dtd:4.5
-	app-text/docbook-xsl-stylesheets
-	dev-libs/libxslt:0
-	>=dev-libs/libgcrypt-1.4.5:0"
+	doc? ( >=dev-util/gtk-doc-1.18 )
+	python? ( dev-python/lxml[${PYTHON_USEDEP}] )
+	test? ( >=sys-apps/dbus-1.6.8-r1:0 )"
+
+PATCHES=(
+	"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
+	"${FILESDIR}/218-noclean-tmp.patch"
+)
 
 pkg_pretend() {
 	local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
@@ -133,20 +132,18 @@ pkg_pretend() {
 }
 
 pkg_setup() {
-	:
-}
-
-src_unpack() {
-	default
-	[[ ${PV} != 9999 ]] || git-r3_src_unpack
+	use python && python-single-r1_pkg_setup
 }
 
 src_prepare() {
 	# Bug 463376
 	sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
-	epatch "${FILESDIR}/218-Dont-enable-audit-by-default.patch"
-	epatch_user
-	eautoreconf
+
+	# missing in tarball
+	cp "${FILESDIR}"/217-systemd-consoled.service.in \
+		units/user/systemd-consoled.service.in || die
+
+	autotools-utils_src_prepare
 }
 
 src_configure() {
@@ -155,9 +152,6 @@ src_configure() {
 	# Fix systems broken by bug #509454.
 	[[ ${MY_UDEVDIR} ]] || MY_UDEVDIR=/lib/udev
 
-	# Prevent conflicts with i686 cross toolchain, bug 559726
-	tc-export AR CC NM OBJCOPY RANLIB
-
 	multilib-minimal_src_configure
 }
 
@@ -167,9 +161,6 @@ multilib_src_configure() {
 		# and makes distcc less effective
 		cc_cv_CFLAGS__flto=no
 
-		# Workaround for gcc-4.7, bug 554454.
-		cc_cv_CFLAGS__Werror_shadow=no
-
 		# Workaround for bug 516346
 		--enable-dependency-tracking
 
@@ -189,7 +180,6 @@ multilib_src_configure() {
 		# no deps
 		--enable-efi
 		--enable-ima
-		--without-python
 
 		# Optional components/dependencies
 		$(multilib_native_use_enable acl)
@@ -197,48 +187,59 @@ multilib_src_configure() {
 		$(multilib_native_use_enable audit)
 		$(multilib_native_use_enable cryptsetup libcryptsetup)
 		$(multilib_native_use_enable curl libcurl)
+		$(multilib_native_use_enable doc gtk-doc)
 		$(multilib_native_use_enable elfutils)
 		$(use_enable gcrypt)
-		$(multilib_native_use_enable gnuefi)
+		$(use_enable gudev)
 		$(multilib_native_use_enable http microhttpd)
 		$(usex http $(multilib_native_use_enable ssl gnutls) --disable-gnutls)
 		$(multilib_native_use_enable idn libidn)
-		$(multilib_native_use_enable importd)
-		$(multilib_native_use_enable importd bzip2)
-		$(multilib_native_use_enable importd zlib)
+		$(multilib_native_use_enable introspection)
 		$(use_enable kdbus)
 		$(multilib_native_use_enable kmod)
 		$(use_enable lz4)
 		$(use_enable lzma xz)
-		$(multilib_native_use_enable nat libiptc)
 		$(multilib_native_use_enable pam)
 		$(multilib_native_use_enable policykit polkit)
+		$(multilib_native_use_with python)
+		$(multilib_native_use_enable python python-devel)
 		$(multilib_native_use_enable qrcode qrencode)
 		$(multilib_native_use_enable seccomp)
 		$(multilib_native_use_enable selinux)
+		$(multilib_native_use_enable terminal)
 		$(multilib_native_use_enable test tests)
 		$(multilib_native_use_enable test dbus)
 		$(multilib_native_use_enable xkb xkbcommon)
 
+		# not supported (avoid automagic deps in the future)
+		--disable-chkconfig
+
 		# hardcode a few paths to spare some deps
 		QUOTAON=/usr/sbin/quotaon
 		QUOTACHECK=/usr/sbin/quotacheck
 
-		# TODO: we may need to restrict this to gcc
-		EFI_CC="$(tc-getCC)"
-
 		# dbus paths
 		--with-dbuspolicydir="${EPREFIX}/etc/dbus-1/system.d"
 		--with-dbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services"
 		--with-dbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services"
+		--with-dbusinterfacedir="${EPREFIX}/usr/share/dbus-1/interfaces"
 
 		--with-ntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
 	)
 
+	if ! multilib_is_native_abi; then
+		myeconfargs+=(
+			MOUNT_{CFLAGS,LIBS}=' '
+
+			ac_cv_search_cap_init=
+			ac_cv_header_sys_capability_h=yes
+		)
+	fi
+
 	# Work around bug 463846.
 	tc-export CC
 
-	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+	autotools-utils_src_configure
 }
 
 multilib_src_compile() {
@@ -249,6 +250,9 @@ multilib_src_compile() {
 	if multilib_is_native_abi; then
 		emake "${mymakeopts[@]}"
 	else
+		# prerequisites for gudev
+		use gudev && emake src/gudev/gudev{enumtypes,marshal}.{c,h}
+
 		echo 'gentoo: $(BUILT_SOURCES)' | \
 		emake "${mymakeopts[@]}" -f Makefile -f - gentoo
 		echo 'gentoo: $(lib_LTLIBRARIES) $(pkgconfiglib_DATA)' | \
@@ -259,10 +263,6 @@ multilib_src_compile() {
 multilib_src_test() {
 	multilib_is_native_abi || continue
 
-	# Needed for bus-related tests
-	local -x SANDBOX_WRITE=${SANDBOX_WRITE}
-	addwrite /sys/fs/kdbus
-
 	default
 }
 
@@ -285,6 +285,7 @@ multilib_src_install() {
 			install-pkgconfiglibDATA
 			install-includeHEADERS
 			# safe to call unconditionally, 'installs' empty list
+			install-libgudev_includeHEADERS
 			install-pkgincludeHEADERS
 		)
 
@@ -330,7 +331,6 @@ multilib_src_install_all() {
 	rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
 	rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
 	rm -r "${D}"/etc/systemd/system/network-online.target.wants || die
-	rm -r "${D}"/etc/systemd/system/sockets.target.wants || die
 	rm -r "${D}"/etc/systemd/system/sysinit.target.wants || die
 }
 
@@ -406,14 +406,6 @@ migrate_net_name_slot() {
 	fi
 }
 
-reenable_unit() {
-	if systemctl is-enabled --root="${ROOT}" "$1" &> /dev/null; then
-		ebegin "Re-enabling $1"
-		systemctl reenable --root="${ROOT}" "$1"
-		eend $? || FAIL=1
-	fi
-}
-
 pkg_postinst() {
 	newusergroup() {
 		enewgroup "$1"
@@ -448,9 +440,6 @@ pkg_postinst() {
 	# Migrate 80-net-name-slot.rules -> 80-net-setup-link.rules
 	migrate_net_name_slot
 
-	# Re-enable systemd-networkd for socket activation
-	reenable_unit systemd-networkd.service
-
 	if [[ ${FAIL} ]]; then
 		eerror "One of the postinst commands failed. Please check the postinst output"
 		eerror "for errors. You may need to clean up your system and/or try installing"

diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-226-r1.ebuild
similarity index 99%
copy from sys-apps/systemd/systemd-9999.ebuild
copy to sys-apps/systemd/systemd-226-r1.ebuild
index 2ec9957..9a7bc96 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-226-r1.ebuild
@@ -28,7 +28,7 @@ REQUIRED_USE="importd? ( curl gcrypt lzma )"
 
 MINKV="3.11"
 
-COMMON_DEPEND=">=sys-apps/util-linux-2.27:0=[${MULTILIB_USEDEP}]
+COMMON_DEPEND=">=sys-apps/util-linux-2.26:0=[${MULTILIB_USEDEP}]
 	sys-libs/libcap:0=[${MULTILIB_USEDEP}]
 	!<sys-libs/glibc-2.16
 	acl? ( sys-apps/acl:0= )
@@ -145,6 +145,7 @@ src_prepare() {
 	# Bug 463376
 	sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
 	epatch "${FILESDIR}/218-Dont-enable-audit-by-default.patch"
+	epatch "${FILESDIR}/226-noclean-tmp.patch"
 	epatch_user
 	eautoreconf
 }

diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 2ec9957..ca76f13 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -145,6 +145,7 @@ src_prepare() {
 	# Bug 463376
 	sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
 	epatch "${FILESDIR}/218-Dont-enable-audit-by-default.patch"
+	epatch "${FILESDIR}/226-noclean-tmp.patch"
 	epatch_user
 	eautoreconf
 }


^ permalink raw reply related	[flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2015-08-22 17:16 Mike Gilbert
  0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2015-08-22 17:16 UTC (permalink / raw
  To: gentoo-commits

commit:     1dbc772ea5dbbac9a8f910033d0fb5abd7b45459
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 22 17:09:48 2015 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Aug 22 17:16:24 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1dbc772e

sys-apps/systemd: Backport build fix for alpha

Bug: https://bugs.gentoo.org/543900

Package-Manager: portage-2.2.20_p134

 ...e-getxpid-syscall-on-alpha-for-raw_getpid.patch | 30 ++++++++++++++++++++++
 sys-apps/systemd/systemd-224-r1.ebuild             |  1 +
 2 files changed, 31 insertions(+)

diff --git a/sys-apps/systemd/files/224-0002-Use-getxpid-syscall-on-alpha-for-raw_getpid.patch b/sys-apps/systemd/files/224-0002-Use-getxpid-syscall-on-alpha-for-raw_getpid.patch
new file mode 100644
index 0000000..40e2d1c
--- /dev/null
+++ b/sys-apps/systemd/files/224-0002-Use-getxpid-syscall-on-alpha-for-raw_getpid.patch
@@ -0,0 +1,30 @@
+From a242a99d42276b6b764f80bd0de70c26e5c5f1d4 Mon Sep 17 00:00:00 2001
+From: Matt Turner <mattst88@gmail.com>
+Date: Tue, 4 Aug 2015 14:47:01 -0700
+Subject: [PATCH] Use getxpid syscall on alpha for raw_getpid()
+
+Alpha does not have a getpid syscall, but rather has getxpid to match
+OSF/1.
+---
+ src/basic/missing.h | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/basic/missing.h b/src/basic/missing.h
+index ed6cd80..34ab025 100644
+--- a/src/basic/missing.h
++++ b/src/basic/missing.h
+@@ -977,7 +977,11 @@ static inline int raw_clone(unsigned long flags, void *child_stack) {
+ }
+ 
+ static inline pid_t raw_getpid(void) {
++#if defined(__alpha__)
++        return (pid_t) syscall(__NR_getxpid);
++#else
+         return (pid_t) syscall(__NR_getpid);
++#endif
+ }
+ 
+ #if !HAVE_DECL_RENAMEAT2
+-- 
+2.5.0
+

diff --git a/sys-apps/systemd/systemd-224-r1.ebuild b/sys-apps/systemd/systemd-224-r1.ebuild
index 7d4b2b7..521109e 100644
--- a/sys-apps/systemd/systemd-224-r1.ebuild
+++ b/sys-apps/systemd/systemd-224-r1.ebuild
@@ -105,6 +105,7 @@ fi
 PATCHES=(
 	"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
 	"${FILESDIR}/224-0001-networkd-fix-neworkd-crash.patch"
+	"${FILESDIR}/224-0002-Use-getxpid-syscall-on-alpha-for-raw_getpid.patch"
 )
 
 pkg_pretend() {


^ permalink raw reply related	[flat|nested] 65+ messages in thread

end of thread, other threads:[~2024-05-28  0:51 UTC | newest]

Thread overview: 65+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-09-08 18:29 [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/ Mike Gilbert
  -- strict thread matches above, loose matches on Subject: below --
2024-05-28  0:51 Sam James
2024-05-05 15:43 Sam James
2024-04-18  4:20 Mike Gilbert
2024-03-04  2:51 Sam James
2024-02-24 15:51 Mike Gilbert
2023-12-24 11:58 Sam James
2023-12-12  2:50 Sam James
2023-08-17  1:08 Mike Gilbert
2023-08-05 23:07 Sam James
2023-08-02 21:14 Sam James
2023-07-27 22:55 Sam James
2023-02-26 19:27 Mike Gilbert
2022-11-07 16:15 Mike Gilbert
2022-10-19 18:13 Mike Gilbert
2022-05-21 22:23 Mike Gilbert
2022-03-25  4:56 Sam James
2021-12-25 18:20 Mike Gilbert
2021-12-09 19:40 Mike Gilbert
2021-11-14 23:53 Mike Gilbert
2021-11-07  5:27 Georgy Yakovlev
2021-09-14 23:47 Mike Gilbert
2021-09-08 18:29 Mike Gilbert
2021-07-08 20:23 Mike Gilbert
2021-06-20 17:18 Mike Gilbert
2021-05-19 19:37 Mike Gilbert
2020-11-08 17:51 Mike Gilbert
2020-05-21  0:13 Mike Gilbert
2020-04-27 14:41 Mike Gilbert
2020-04-17 16:36 Mike Gilbert
2020-02-06 15:24 Mike Gilbert
2020-02-05 18:24 Mike Gilbert
2019-11-17 19:56 Mike Gilbert
2019-08-11 16:28 Mike Gilbert
2019-07-10 18:21 Mike Gilbert
2019-07-10 15:37 Mike Gilbert
2019-07-08 15:47 Mike Gilbert
2019-06-08 20:44 Mike Gilbert
2019-02-18 23:32 Mike Gilbert
2018-12-26  4:02 Mike Gilbert
2018-05-24 20:33 Mike Gilbert
2018-04-18 16:50 Mike Gilbert
2018-04-05 20:12 Mike Gilbert
2018-04-01 16:31 Mike Gilbert
2018-04-01 16:31 Mike Gilbert
2018-03-26 21:17 Mike Gilbert
2018-03-10 17:29 Mike Gilbert
2018-02-08 17:17 Jason Donenfeld
2017-12-19  2:01 Mike Gilbert
2017-12-17 19:03 Mike Gilbert
2017-11-19 20:09 Mike Gilbert
2017-10-26 21:37 Mike Gilbert
2017-10-08 14:40 Mike Gilbert
2017-08-13 23:08 Mike Gilbert
2017-07-17 15:28 Mike Gilbert
2017-07-02 15:56 Mike Gilbert
2017-06-28 20:31 Mike Gilbert
2017-01-10 22:22 Mike Gilbert
2017-01-10 22:22 Mike Gilbert
2016-11-04  1:06 Mike Gilbert
2016-10-30  3:52 Mike Gilbert
2016-04-10  1:05 Mike Gilbert
2015-09-26  1:53 Mike Gilbert
2015-09-25 14:52 Mike Gilbert
2015-08-22 17:16 Mike Gilbert

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox