* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2021-09-08 18:29 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2021-09-08 18:29 UTC (permalink / raw
To: gentoo-commits
commit: b4f43b6837d616fef3678a80562b0d483d0ce7cb
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 8 18:23:16 2021 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Sep 8 18:29:25 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4f43b68
sys-apps/systemd: backport FIDO2 fix
Closes: https://bugs.gentoo.org/811864
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-apps/systemd/files/249-fido2.patch | 58 ++++++++++++++++++++++
...emd-249.4-r1.ebuild => systemd-249.4-r2.ebuild} | 1 +
2 files changed, 59 insertions(+)
diff --git a/sys-apps/systemd/files/249-fido2.patch b/sys-apps/systemd/files/249-fido2.patch
new file mode 100644
index 00000000000..bbfa4afb540
--- /dev/null
+++ b/sys-apps/systemd/files/249-fido2.patch
@@ -0,0 +1,58 @@
+From b6aa89b0a399992c8ea762e6ec4f30cff90618f2 Mon Sep 17 00:00:00 2001
+From: pedro martelletto <pedro@yubico.com>
+Date: Wed, 8 Sep 2021 10:42:56 +0200
+Subject: [PATCH] explicitly close FIDO2 devices
+
+FIDO2 device access is serialised by libfido2 using flock().
+Therefore, make sure to close a FIDO2 device once we are done
+with it, or we risk opening it again at a later point and
+deadlocking. Fixes #20664.
+---
+ src/shared/libfido2-util.c | 2 ++
+ src/shared/libfido2-util.h | 5 ++++-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/shared/libfido2-util.c b/src/shared/libfido2-util.c
+index 12c644dcfcce..6d18178b68c9 100644
+--- a/src/shared/libfido2-util.c
++++ b/src/shared/libfido2-util.c
+@@ -58,6 +58,7 @@ bool (*sym_fido_dev_is_fido2)(const fido_dev_t *) = NULL;
+ int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char *) = NULL;
+ fido_dev_t* (*sym_fido_dev_new)(void) = NULL;
+ int (*sym_fido_dev_open)(fido_dev_t *, const char *) = NULL;
++int (*sym_fido_dev_close)(fido_dev_t *) = NULL;
+ const char* (*sym_fido_strerr)(int) = NULL;
+
+ int dlopen_libfido2(void) {
+@@ -106,6 +107,7 @@ int dlopen_libfido2(void) {
+ DLSYM_ARG(fido_dev_make_cred),
+ DLSYM_ARG(fido_dev_new),
+ DLSYM_ARG(fido_dev_open),
++ DLSYM_ARG(fido_dev_close),
+ DLSYM_ARG(fido_strerr));
+ }
+
+diff --git a/src/shared/libfido2-util.h b/src/shared/libfido2-util.h
+index 5640cca5e39b..4ebf8ab77509 100644
+--- a/src/shared/libfido2-util.h
++++ b/src/shared/libfido2-util.h
+@@ -60,6 +60,7 @@ extern bool (*sym_fido_dev_is_fido2)(const fido_dev_t *);
+ extern int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char *);
+ extern fido_dev_t* (*sym_fido_dev_new)(void);
+ extern int (*sym_fido_dev_open)(fido_dev_t *, const char *);
++extern int (*sym_fido_dev_close)(fido_dev_t *);
+ extern const char* (*sym_fido_strerr)(int);
+
+ int dlopen_libfido2(void);
+@@ -75,8 +76,10 @@ static inline void fido_assert_free_wrapper(fido_assert_t **p) {
+ }
+
+ static inline void fido_dev_free_wrapper(fido_dev_t **p) {
+- if (*p)
++ if (*p) {
++ sym_fido_dev_close(*p);
+ sym_fido_dev_free(p);
++ }
+ }
+
+ static inline void fido_cred_free_wrapper(fido_cred_t **p) {
diff --git a/sys-apps/systemd/systemd-249.4-r1.ebuild b/sys-apps/systemd/systemd-249.4-r2.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-249.4-r1.ebuild
rename to sys-apps/systemd/systemd-249.4-r2.ebuild
index 6c7937f4e0e..95d20177016 100644
--- a/sys-apps/systemd/systemd-249.4-r1.ebuild
+++ b/sys-apps/systemd/systemd-249.4-r2.ebuild
@@ -226,6 +226,7 @@ src_prepare() {
# Add local patches here
PATCHES+=(
"${FILESDIR}/249-libudev-static.patch"
+ "${FILESDIR}/249-fido2.patch"
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2024-05-28 0:51 Sam James
0 siblings, 0 replies; 65+ messages in thread
From: Sam James @ 2024-05-28 0:51 UTC (permalink / raw
To: gentoo-commits
commit: 4081984af756a502e85da04e8ca5df6c760fdc21
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue May 28 00:47:40 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue May 28 00:50:51 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4081984a
sys-apps/systemd: drop 255.5, 255.5-r1, 255.5-r2
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-apps/systemd/Manifest | 1 -
sys-apps/systemd/files/255-dnssec-2.patch | 48 ---
sys-apps/systemd/files/255-dnssec-3.patch | 32 --
sys-apps/systemd/files/255-dnssec.patch | 29 --
sys-apps/systemd/systemd-255.5-r1.ebuild | 530 -----------------------------
sys-apps/systemd/systemd-255.5-r2.ebuild | 532 ------------------------------
sys-apps/systemd/systemd-255.5.ebuild | 529 -----------------------------
7 files changed, 1701 deletions(-)
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 44bac9120da5..aff852674ab4 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -4,6 +4,5 @@ DIST systemd-stable-254.13.tar.gz 14533359 BLAKE2B 6f37bf5f1868840f122652fdca270
DIST systemd-stable-254.8.tar.gz 14418468 BLAKE2B e5a151ece86e57c7224fc95bda1b4ede1277fce4a2ba28d3605ab0431a2aafe1088f90c49a20e3b53a5b56aeef7c0f1f5da0601db740150f5efdf6eae7bbde80 SHA512 a3f35d9fcafcccd8d9c33ab1047241f226146017be95562a67c7dcc9eeb4b77bded92ad80e92f4767f2bf2009df0172a621d4c54a805e07ed5a5ed03940ec28e
DIST systemd-stable-255.3.tar.gz 14873273 BLAKE2B e22ef391c691fcf1e765c5112e1a55096d3bba61a9dae3ea1a3958add4e355892a97d5214e63c516ba3b70e2a83bb5d21254812d870f06c16c74a58d4f957d75 SHA512 c2868a53df2176649b0d0c94e5d451c46ba783bcdbc89ce12434ed2d11dba44b4854ffe4c2430f3f64eef2e214cbb51d5f740170afbd9edd66761a8851157453
DIST systemd-stable-255.4.tar.gz 14952427 BLAKE2B 27f5080f83a9e870fbe8e3ebcb500a63c42022f1f96f26f35c76eeeea85dab691291c31ee716cab330b76df5e576910a6a82f51267eff4f766b1d4c304d815c9 SHA512 8a2bde11a55f7f788ba7751789a5e9be6ce9634e88d54e49f6e832c4c49020c6cacaf2a610fe26f92998b0cbf43c6c2150a96b2c0953d23261009f57d71ea979
-DIST systemd-stable-255.5.tar.gz 14976055 BLAKE2B 08e2d5e6ed340214f195e8ecc22665c572838af94c19f946de7dc710e0f5e0476dda09d313b6848a7f10f6d545b8cd6b1b7ce234b9f4aad1dbff3a065eda6b76 SHA512 9c0b39379e9ef2af983d885ec3cac0377c90435846341bb4e22abf33c00cc1c9f40abba1d6f598300ffac18e2b27bf917eea41885b1413f63cb9902d2efe9bcc
DIST systemd-stable-255.6.tar.gz 15060034 BLAKE2B 27e14a870bd8ae85e3c7679a69b7dcd6f1165430c4cdea57d3f7092a40a22085bafc3e3e397a7429b53773f7460bde0ad0af9afb6852c6d0c9cc681d25c34c03 SHA512 523c5d973e2ccd47f8ba33d1fb8264a8de58cb639fab22be0d0854f96009dce700d6f022d30aad5ab7b9292b33047cbbc1eefc3c6141328e337b9a245944c237
DIST systemd-stable-255.7.tar.gz 15068684 BLAKE2B 6fb5415d9e013bc8695ef837affce7063d214027529412a25ea73eb25473d1f07cff6ad3ea3ea18b7bbf9d73d2bb8e39838e1aeb2a14d016b3b47e4ba24d02d0 SHA512 1cd2a00f292751b923bd93c60bdcdd66d82792b45e32dce11d77e2b3b6fc5c8ba4c5db386652deffa8c24e75032af1a745700ba91f1726e249f0c447daf85c2a
diff --git a/sys-apps/systemd/files/255-dnssec-2.patch b/sys-apps/systemd/files/255-dnssec-2.patch
deleted file mode 100644
index e8eaf9782b3e..000000000000
--- a/sys-apps/systemd/files/255-dnssec-2.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-https://github.com/systemd/systemd/pull/32598
-https://github.com/systemd/systemd-stable/commit/ee15f5efaf2f6cdbb867fca601e92761276e2b1e
-
-From ee15f5efaf2f6cdbb867fca601e92761276e2b1e Mon Sep 17 00:00:00 2001
-From: Ronan Pigott <ronan@rjp.ie>
-Date: Tue, 30 Apr 2024 22:15:18 -0700
-Subject: [PATCH] resolved: probe for dnssec support in allow-downgrade mode
-
-Previously, sd-resolved unnecessarily requested SOA records for each dns
-label in the query, even though they are not needed for the chain of
-trust. Since 47690634f157, only the necessary records are queried when
-validating.
-
-This is actually a problem in allow-downgrade mode, since we will no
-longer attempt a query for a record that we know is signed a priori, and
-will therefore never update our belief about the state of dnssec support
-in the recursive resolver.
-
-Rectify this by reintroducing a query for the root zone SOA in the
-allow-downgrade case, specifically to test that the resolver attaches
-the RRSIGs which we know must exist.
-
-Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
-(cherry picked from commit 5237ffdf2b63a5afea77c3470d9981a2c29643cc)
---- a/src/resolve/resolved-dns-transaction.c
-+++ b/src/resolve/resolved-dns-transaction.c
-@@ -2622,6 +2622,21 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
- if (r < 0)
- return r;
-
-+ if (t->scope->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE && dns_name_is_root(name)) {
-+ _cleanup_(dns_resource_key_unrefp) DnsResourceKey *soa = NULL;
-+ /* We made it all the way to the root zone. If we are in allow-downgrade
-+ * mode, we need to make at least one request that we can be certain should
-+ * have been signed, to test for servers that are not dnssec aware. */
-+ soa = dns_resource_key_new(rr->key->class, DNS_TYPE_SOA, name);
-+ if (!soa)
-+ return -ENOMEM;
-+
-+ log_debug("Requesting root zone SOA to probe dnssec support.");
-+ r = dns_transaction_request_dnssec_rr(t, soa);
-+ if (r < 0)
-+ return r;
-+ }
-+
- break;
- }
-
diff --git a/sys-apps/systemd/files/255-dnssec-3.patch b/sys-apps/systemd/files/255-dnssec-3.patch
deleted file mode 100644
index 4fd231d6d157..000000000000
--- a/sys-apps/systemd/files/255-dnssec-3.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-https://github.com/systemd/systemd/pull/32593
-https://github.com/systemd/systemd-stable/commit/a1580223a5dd67ab61c5f888b114de43b65fffbf
-
-From a1580223a5dd67ab61c5f888b114de43b65fffbf Mon Sep 17 00:00:00 2001
-From: Ronan Pigott <ronan@rjp.ie>
-Date: Tue, 30 Apr 2024 13:19:14 -0700
-Subject: [PATCH] resolved: validate authentic insecure delegation to CNAME
-
-If the parent zone uses a non-opt-out method that provides authenticated
-negative DS replies, we still can't expect signatures from the child
-zone. sd-resolved was using the authenticated status of the DS reply to
-require signatures for CNAMEs, even though it had already proved that no
-signature exists.
-
-Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
-(cherry picked from commit 414a9b8e5e1e772261b0ffaedc853f5c0aba5719)
---- a/src/resolve/resolved-dns-transaction.c
-+++ b/src/resolve/resolved-dns-transaction.c
-@@ -2863,7 +2863,12 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
- if (r == 0)
- continue;
-
-- return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
-+ if (!FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED))
-+ return false;
-+
-+ /* We expect this to be signed when the DS record exists, and don't expect it to be
-+ * signed when the DS record is proven not to exist. */
-+ return dns_answer_match_key(dt->answer, dns_transaction_key(dt), NULL);
- }
-
- return true;
diff --git a/sys-apps/systemd/files/255-dnssec.patch b/sys-apps/systemd/files/255-dnssec.patch
deleted file mode 100644
index 978c26ff15f4..000000000000
--- a/sys-apps/systemd/files/255-dnssec.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-https://github.com/systemd/systemd/issues/32531
-https://github.com/systemd/systemd/commit/d840783db5208219c78d73b9b46ef5daae9fea0a
-https://github.com/systemd/systemd-stable/commit/52c17febf14c866d9808d1804f13ac98d76e665b
-
-From 52c17febf14c866d9808d1804f13ac98d76e665b Mon Sep 17 00:00:00 2001
-From: Ronan Pigott <ronan@rjp.ie>
-Date: Mon, 29 Apr 2024 02:17:23 -0700
-Subject: [PATCH] resolved: always progress DS queries
-
-If we request a DS and the resolver offers an unsigned SOA, a new
-auxiliary transaction for the DS will be rejected as a loop, and we
-might not make any progress toward finding the DS we need. Let's ensure
-that we at least always check the parent in this case.
-
-Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
-(cherry picked from commit d840783db5208219c78d73b9b46ef5daae9fea0a)
---- a/src/resolve/resolved-dns-transaction.c
-+++ b/src/resolve/resolved-dns-transaction.c
-@@ -2545,6 +2545,10 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
- return r;
- if (r == 0)
- continue;
-+
-+ /* If we were looking for the DS RR, don't request it again. */
-+ if (dns_transaction_key(t)->type == DNS_TYPE_DS)
-+ continue;
- }
-
- r = dnssec_has_rrsig(t->answer, rr->key);
diff --git a/sys-apps/systemd/systemd-255.5-r1.ebuild b/sys-apps/systemd/systemd-255.5-r1.ebuild
deleted file mode 100644
index 5b851ace01ec..000000000000
--- a/sys-apps/systemd/systemd-255.5-r1.ebuild
+++ /dev/null
@@ -1,530 +0,0 @@
-# Copyright 2011-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-PYTHON_COMPAT=( python3_{10..12} )
-
-# Avoid QA warnings
-TMPFILES_OPTIONAL=1
-UDEV_OPTIONAL=1
-
-QA_PKGCONFIG_VERSION=$(ver_cut 1)
-
-if [[ ${PV} == 9999 ]]; then
- EGIT_REPO_URI="https://github.com/systemd/systemd.git"
- inherit git-r3
-else
- if [[ ${PV} == *.* ]]; then
- MY_PN=systemd-stable
- else
- MY_PN=systemd
- fi
- MY_PV=${PV/_/-}
- MY_P=${MY_PN}-${MY_PV}
- S=${WORKDIR}/${MY_P}
- SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
-
- if [[ ${PV} != *rc* ]] ; then
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
- fi
-fi
-
-inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1
-inherit secureboot systemd toolchain-funcs udev
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="http://systemd.io/"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="
- acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
- fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod
- +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
- +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
-"
-REQUIRED_USE="
- ${PYTHON_REQUIRED_USE}
- dns-over-tls? ( || ( gnutls openssl ) )
- fido2? ( cryptsetup openssl )
- homed? ( cryptsetup pam openssl )
- importd? ( curl lzma || ( gcrypt openssl ) )
- pwquality? ( homed )
- boot? ( kernel-install )
- ukify? ( boot )
-"
-RESTRICT="!test? ( test )"
-
-MINKV="4.15"
-
-COMMON_DEPEND="
- >=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}]
- sys-libs/libcap:0=[${MULTILIB_USEDEP}]
- virtual/libcrypt:=[${MULTILIB_USEDEP}]
- acl? ( sys-apps/acl:0= )
- apparmor? ( >=sys-libs/libapparmor-2.13:0= )
- audit? ( >=sys-process/audit-2:0= )
- cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
- curl? ( >=net-misc/curl-7.32.0:0= )
- elfutils? ( >=dev-libs/elfutils-0.158:0= )
- fido2? ( dev-libs/libfido2:0= )
- gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
- gnutls? ( >=net-libs/gnutls-3.6.0:0= )
- http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
- idn? ( net-dns/libidn2:= )
- importd? (
- app-arch/bzip2:0=
- sys-libs/zlib:0=
- )
- kmod? ( >=sys-apps/kmod-15:0= )
- lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
- lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
- iptables? ( net-firewall/iptables:0= )
- openssl? ( >=dev-libs/openssl-1.1.0:0= )
- pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
- pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= )
- pcre? ( dev-libs/libpcre2 )
- pwquality? ( >=dev-libs/libpwquality-1.4.1:0= )
- qrcode? ( >=media-gfx/qrencode-3:0= )
- seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
- selinux? ( >=sys-libs/libselinux-2.1.9:0= )
- tpm? ( app-crypt/tpm2-tss:0= )
- xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
- zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
-"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
- >=sys-kernel/linux-headers-${MINKV}
-"
-
-PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
- >=acct-group/adm-0-r1
- >=acct-group/wheel-0-r1
- >=acct-group/kmem-0-r1
- >=acct-group/tty-0-r1
- >=acct-group/utmp-0-r1
- >=acct-group/audio-0-r1
- >=acct-group/cdrom-0-r1
- >=acct-group/dialout-0-r1
- >=acct-group/disk-0-r1
- >=acct-group/input-0-r1
- >=acct-group/kvm-0-r1
- >=acct-group/lp-0-r1
- >=acct-group/render-0-r1
- acct-group/sgx
- >=acct-group/tape-0-r1
- acct-group/users
- >=acct-group/video-0-r1
- >=acct-group/systemd-journal-0-r1
- >=acct-user/root-0-r1
- acct-user/nobody
- >=acct-user/systemd-journal-remote-0-r1
- >=acct-user/systemd-coredump-0-r1
- >=acct-user/systemd-network-0-r1
- acct-user/systemd-oom
- >=acct-user/systemd-resolve-0-r1
- >=acct-user/systemd-timesync-0-r1
- >=sys-apps/baselayout-2.2
- ukify? (
- ${PYTHON_DEPS}
- $(python_gen_cond_dep "${PEFILE_DEPEND}")
- )
- selinux? (
- sec-policy/selinux-base-policy[systemd]
- sec-policy/selinux-ntp
- )
- sysv-utils? (
- !sys-apps/openrc[sysv-utils(-)]
- !sys-apps/sysvinit
- )
- !sysv-utils? ( sys-apps/sysvinit )
- resolvconf? ( !net-dns/openresolv )
- !sys-apps/hwids[udev]
- !sys-auth/nss-myhostname
- !sys-fs/eudev
- !sys-fs/udev
-"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
- >=sys-fs/udev-init-scripts-34
- policykit? ( sys-auth/polkit )
- !vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-BDEPEND="
- app-arch/xz-utils:0
- dev-util/gperf
- >=dev-build/meson-0.46
- >=sys-apps/coreutils-8.16
- sys-devel/gettext
- virtual/pkgconfig
- test? (
- app-text/tree
- dev-lang/perl
- sys-apps/dbus
- )
- app-text/docbook-xml-dtd:4.2
- app-text/docbook-xml-dtd:4.5
- app-text/docbook-xsl-stylesheets
- dev-libs/libxslt:0
- ${PYTHON_DEPS}
- $(python_gen_cond_dep "
- dev-python/jinja[\${PYTHON_USEDEP}]
- dev-python/lxml[\${PYTHON_USEDEP}]
- boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] )
- ukify? ( test? ( ${PEFILE_DEPEND} ) )
- ")
-"
-
-QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
-QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
-
-pkg_pretend() {
- if use split-usr; then
- eerror "Please complete the migration to merged-usr."
- eerror "https://wiki.gentoo.org/wiki/Merge-usr"
- die "systemd no longer supports split-usr"
- fi
- if [[ ${MERGE_TYPE} != buildonly ]]; then
- local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
- ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
- ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
- ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
- ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
- ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
- ~!SYSFS_DEPRECATED_V2"
-
- use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
- use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
-
- if kernel_is -ge 5 10 20; then
- CONFIG_CHECK+=" ~KCMP"
- else
- CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
- fi
-
- if kernel_is -ge 4 18; then
- CONFIG_CHECK+=" ~AUTOFS_FS"
- else
- CONFIG_CHECK+=" ~AUTOFS4_FS"
- fi
-
- if linux_config_exists; then
- local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
- if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
- ewarn "It's recommended to set an empty value to the following kernel config option:"
- ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
- fi
- if linux_chkconfig_present X86; then
- CONFIG_CHECK+=" ~DMIID"
- fi
- fi
-
- if kernel_is -lt ${MINKV//./ }; then
- ewarn "Kernel version at least ${MINKV} required"
- fi
-
- check_extra_config
- fi
-}
-
-pkg_setup() {
- use boot && secureboot_pkg_setup
-}
-
-src_unpack() {
- default
- [[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
- local PATCHES=(
- "${FILESDIR}/systemd-test-process-util.patch"
- "${FILESDIR}/255-dnssec.patch"
- )
-
- if ! use vanilla; then
- PATCHES+=(
- "${FILESDIR}/gentoo-generator-path-r2.patch"
- "${FILESDIR}/gentoo-journald-audit-r1.patch"
- )
- fi
-
- default
-}
-
-src_configure() {
- # Prevent conflicts with i686 cross toolchain, bug 559726
- tc-export AR CC NM OBJCOPY RANLIB
-
- python_setup
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=(
- --localstatedir="${EPREFIX}/var"
- # default is developer, bug 918671
- -Dmode=release
- -Dsupport-url="https://gentoo.org/support/"
- -Dpamlibdir="$(getpam_mod_dir)"
- # avoid bash-completion dep
- -Dbashcompletiondir="$(get_bashcompdir)"
- -Dsplit-bin=false
- # Disable compatibility with sysvinit
- -Dsysvinit-path=
- -Dsysvrcnd-path=
- # Avoid infinite exec recursion, bug 642724
- -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
- # no deps
- -Dima=true
- -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
- # Match /etc/shells, bug 919749
- -Ddebug-shell="${EPREFIX}/bin/sh"
- -Ddefault-user-shell="${EPREFIX}/bin/bash"
- # Optional components/dependencies
- $(meson_native_use_bool acl)
- $(meson_native_use_bool apparmor)
- $(meson_native_use_bool audit)
- $(meson_native_use_bool boot bootloader)
- $(meson_native_use_bool cryptsetup libcryptsetup)
- $(meson_native_use_bool curl libcurl)
- $(meson_native_use_bool dns-over-tls dns-over-tls)
- $(meson_native_use_bool elfutils)
- $(meson_native_use_bool fido2 libfido2)
- $(meson_use gcrypt)
- $(meson_native_use_bool gnutls)
- $(meson_native_use_bool homed)
- $(meson_native_use_bool http microhttpd)
- $(meson_native_use_bool idn)
- $(meson_native_use_bool importd)
- $(meson_native_use_bool importd bzip2)
- $(meson_native_use_bool importd zlib)
- $(meson_native_use_bool kernel-install)
- $(meson_native_use_bool kmod)
- $(meson_use lz4)
- $(meson_use lzma xz)
- $(meson_use test tests)
- $(meson_use zstd)
- $(meson_native_use_bool iptables libiptc)
- $(meson_native_use_bool openssl)
- $(meson_use pam)
- $(meson_native_use_bool pkcs11 p11kit)
- $(meson_native_use_bool pcre pcre2)
- $(meson_native_use_bool policykit polkit)
- $(meson_native_use_bool pwquality)
- $(meson_native_use_bool qrcode qrencode)
- $(meson_native_use_bool seccomp)
- $(meson_native_use_bool selinux)
- $(meson_native_use_bool tpm tpm2)
- $(meson_native_use_bool test dbus)
- $(meson_native_use_bool ukify)
- $(meson_native_use_bool xkb xkbcommon)
- -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
- # Breaks screen, tmux, etc.
- -Ddefault-kill-user-processes=false
- -Dcreate-log-dirs=false
-
- # multilib options
- $(meson_native_true backlight)
- $(meson_native_true binfmt)
- $(meson_native_true coredump)
- $(meson_native_true environment-d)
- $(meson_native_true firstboot)
- $(meson_native_true hibernate)
- $(meson_native_true hostnamed)
- $(meson_native_true ldconfig)
- $(meson_native_true localed)
- $(meson_native_true man)
- $(meson_native_true networkd)
- $(meson_native_true quotacheck)
- $(meson_native_true randomseed)
- $(meson_native_true rfkill)
- $(meson_native_true sysusers)
- $(meson_native_true timedated)
- $(meson_native_true timesyncd)
- $(meson_native_true tmpfiles)
- $(meson_native_true vconsole)
- $(meson_native_enabled vmspawn)
- )
-
- meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_test() {
- (
- unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
- export COLUMNS=80
- addpredict /dev
- addpredict /proc
- addpredict /run
- addpredict /sys/fs/cgroup
- meson_src_test
- ) || die
-}
-
-multilib_src_install_all() {
- # meson doesn't know about docdir
- mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
-
- einstalldocs
- dodoc "${FILESDIR}"/nsswitch.conf
-
- insinto /usr/lib/tmpfiles.d
- doins "${FILESDIR}"/legacy.conf
-
- if ! use resolvconf; then
- rm -f "${ED}"/usr/bin/resolvconf || die
- fi
-
- if ! use sysv-utils; then
- rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die
- rm "${ED}"/usr/share/man/man1/init.1 || die
- rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
- fi
-
- # https://bugs.gentoo.org/761763
- rm -r "${ED}"/usr/lib/sysusers.d || die
-
- # Preserve empty dirs in /etc & /var, bug #437008
- keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
- keepdir /etc/kernel/install.d
- keepdir /etc/systemd/{network,system,user}
- keepdir /etc/udev/rules.d
-
- keepdir /etc/udev/hwdb.d
-
- keepdir /usr/lib/systemd/{system-sleep,system-shutdown}
- keepdir /usr/lib/{binfmt.d,modules-load.d}
- keepdir /usr/lib/systemd/user-generators
- keepdir /var/lib/systemd
- keepdir /var/log/journal
-
- if use pam; then
- newpamd "${FILESDIR}"/systemd-user.pam systemd-user
- fi
-
- if use kernel-install; then
- # Dummy config, remove to make room for sys-kernel/installkernel
- rm "${ED}/usr/lib/kernel/install.conf" || die
- fi
-
- use ukify && python_fix_shebang "${ED}"
- use boot && secureboot_auto_sign
-}
-
-migrate_locale() {
- local envd_locale_def="${EROOT}/etc/env.d/02locale"
- local envd_locale=( "${EROOT}"/etc/env.d/??locale )
- local locale_conf="${EROOT}/etc/locale.conf"
-
- if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
- # If locale.conf does not exist...
- if [[ -e ${envd_locale} ]]; then
- # ...either copy env.d/??locale if there's one
- ebegin "Moving ${envd_locale} to ${locale_conf}"
- mv "${envd_locale}" "${locale_conf}"
- eend ${?} || FAIL=1
- else
- # ...or create a dummy default
- ebegin "Creating ${locale_conf}"
- cat > "${locale_conf}" <<-EOF
- # This file has been created by the sys-apps/systemd ebuild.
- # See locale.conf(5) and localectl(1).
-
- # LANG=${LANG}
- EOF
- eend ${?} || FAIL=1
- fi
- fi
-
- if [[ ! -L ${envd_locale} ]]; then
- # now, if env.d/??locale is not a symlink (to locale.conf)...
- if [[ -e ${envd_locale} ]]; then
- # ...warn the user that he has duplicate locale settings
- ewarn
- ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
- ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
- ewarn "and create the symlink with the following command:"
- ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
- ewarn
- else
- # ...or just create the symlink if there's nothing here
- ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
- ln -n -s ../locale.conf "${envd_locale_def}"
- eend ${?} || FAIL=1
- fi
- fi
-}
-
-pkg_preinst() {
- if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
- # Symlink /etc/sysctl.conf for easy migration.
- dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
- fi
-
- if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
- ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
- ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
- fi
-}
-
-pkg_postinst() {
- systemd_update_catalog
-
- # Keep this here in case the database format changes so it gets updated
- # when required.
- systemd-hwdb --root="${ROOT}" update
-
- udev_reload || FAIL=1
-
- # Bug 465468, make sure locales are respected, and ensure consistency
- # between OpenRC & systemd
- migrate_locale
-
- if [[ -z ${REPLACING_VERSIONS} ]]; then
- if type systemctl &>/dev/null; then
- systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
- fi
- elog "To enable a useful set of services, run the following:"
- elog " systemctl preset-all --preset-mode=enable-only"
- fi
-
- if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
- rm "${EROOT}/var/lib/systemd/timesync"
- fi
-
- if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
- ebegin "Reexecuting system manager (systemd)"
- systemctl daemon-reexec
- eend $? || FAIL=1
- fi
-
- if [[ ${FAIL} ]]; then
- eerror "One of the postinst commands failed. Please check the postinst output"
- eerror "for errors. You may need to clean up your system and/or try installing"
- eerror "systemd again."
- eerror
- fi
-
- if use boot; then
- optfeature "installing kernels in systemd-boot's native layout and update loader entries" \
- "sys-kernel/installkernel[systemd-boot]"
- fi
- if use ukify; then
- optfeature "generating unified kernel image on each kernel installation" \
- "sys-kernel/installkernel[ukify]"
- fi
-}
-
-pkg_prerm() {
- # If removing systemd completely, remove the catalog database.
- if [[ ! ${REPLACED_BY_VERSION} ]]; then
- rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
- fi
-}
diff --git a/sys-apps/systemd/systemd-255.5-r2.ebuild b/sys-apps/systemd/systemd-255.5-r2.ebuild
deleted file mode 100644
index 533779767069..000000000000
--- a/sys-apps/systemd/systemd-255.5-r2.ebuild
+++ /dev/null
@@ -1,532 +0,0 @@
-# Copyright 2011-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-PYTHON_COMPAT=( python3_{10..12} )
-
-# Avoid QA warnings
-TMPFILES_OPTIONAL=1
-UDEV_OPTIONAL=1
-
-QA_PKGCONFIG_VERSION=$(ver_cut 1)
-
-if [[ ${PV} == 9999 ]]; then
- EGIT_REPO_URI="https://github.com/systemd/systemd.git"
- inherit git-r3
-else
- if [[ ${PV} == *.* ]]; then
- MY_PN=systemd-stable
- else
- MY_PN=systemd
- fi
- MY_PV=${PV/_/-}
- MY_P=${MY_PN}-${MY_PV}
- S=${WORKDIR}/${MY_P}
- SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
-
- if [[ ${PV} != *rc* ]] ; then
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
- fi
-fi
-
-inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1
-inherit secureboot systemd toolchain-funcs udev
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="http://systemd.io/"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="
- acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
- fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod
- +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
- +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
-"
-REQUIRED_USE="
- ${PYTHON_REQUIRED_USE}
- dns-over-tls? ( || ( gnutls openssl ) )
- fido2? ( cryptsetup openssl )
- homed? ( cryptsetup pam openssl )
- importd? ( curl lzma || ( gcrypt openssl ) )
- pwquality? ( homed )
- boot? ( kernel-install )
- ukify? ( boot )
-"
-RESTRICT="!test? ( test )"
-
-MINKV="4.15"
-
-COMMON_DEPEND="
- >=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}]
- sys-libs/libcap:0=[${MULTILIB_USEDEP}]
- virtual/libcrypt:=[${MULTILIB_USEDEP}]
- acl? ( sys-apps/acl:0= )
- apparmor? ( >=sys-libs/libapparmor-2.13:0= )
- audit? ( >=sys-process/audit-2:0= )
- cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
- curl? ( >=net-misc/curl-7.32.0:0= )
- elfutils? ( >=dev-libs/elfutils-0.158:0= )
- fido2? ( dev-libs/libfido2:0= )
- gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
- gnutls? ( >=net-libs/gnutls-3.6.0:0= )
- http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
- idn? ( net-dns/libidn2:= )
- importd? (
- app-arch/bzip2:0=
- sys-libs/zlib:0=
- )
- kmod? ( >=sys-apps/kmod-15:0= )
- lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
- lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
- iptables? ( net-firewall/iptables:0= )
- openssl? ( >=dev-libs/openssl-1.1.0:0= )
- pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
- pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= )
- pcre? ( dev-libs/libpcre2 )
- pwquality? ( >=dev-libs/libpwquality-1.4.1:0= )
- qrcode? ( >=media-gfx/qrencode-3:0= )
- seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
- selinux? ( >=sys-libs/libselinux-2.1.9:0= )
- tpm? ( app-crypt/tpm2-tss:0= )
- xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
- zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
-"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
- >=sys-kernel/linux-headers-${MINKV}
-"
-
-PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
- >=acct-group/adm-0-r1
- >=acct-group/wheel-0-r1
- >=acct-group/kmem-0-r1
- >=acct-group/tty-0-r1
- >=acct-group/utmp-0-r1
- >=acct-group/audio-0-r1
- >=acct-group/cdrom-0-r1
- >=acct-group/dialout-0-r1
- >=acct-group/disk-0-r1
- >=acct-group/input-0-r1
- >=acct-group/kvm-0-r1
- >=acct-group/lp-0-r1
- >=acct-group/render-0-r1
- acct-group/sgx
- >=acct-group/tape-0-r1
- acct-group/users
- >=acct-group/video-0-r1
- >=acct-group/systemd-journal-0-r1
- >=acct-user/root-0-r1
- acct-user/nobody
- >=acct-user/systemd-journal-remote-0-r1
- >=acct-user/systemd-coredump-0-r1
- >=acct-user/systemd-network-0-r1
- acct-user/systemd-oom
- >=acct-user/systemd-resolve-0-r1
- >=acct-user/systemd-timesync-0-r1
- >=sys-apps/baselayout-2.2
- ukify? (
- ${PYTHON_DEPS}
- $(python_gen_cond_dep "${PEFILE_DEPEND}")
- )
- selinux? (
- sec-policy/selinux-base-policy[systemd]
- sec-policy/selinux-ntp
- )
- sysv-utils? (
- !sys-apps/openrc[sysv-utils(-)]
- !sys-apps/sysvinit
- )
- !sysv-utils? ( sys-apps/sysvinit )
- resolvconf? ( !net-dns/openresolv )
- !sys-apps/hwids[udev]
- !sys-auth/nss-myhostname
- !sys-fs/eudev
- !sys-fs/udev
-"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
- >=sys-fs/udev-init-scripts-34
- policykit? ( sys-auth/polkit )
- !vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-BDEPEND="
- app-arch/xz-utils:0
- dev-util/gperf
- >=dev-build/meson-0.46
- >=sys-apps/coreutils-8.16
- sys-devel/gettext
- virtual/pkgconfig
- test? (
- app-text/tree
- dev-lang/perl
- sys-apps/dbus
- )
- app-text/docbook-xml-dtd:4.2
- app-text/docbook-xml-dtd:4.5
- app-text/docbook-xsl-stylesheets
- dev-libs/libxslt:0
- ${PYTHON_DEPS}
- $(python_gen_cond_dep "
- dev-python/jinja[\${PYTHON_USEDEP}]
- dev-python/lxml[\${PYTHON_USEDEP}]
- boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] )
- ukify? ( test? ( ${PEFILE_DEPEND} ) )
- ")
-"
-
-QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
-QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
-
-pkg_pretend() {
- if use split-usr; then
- eerror "Please complete the migration to merged-usr."
- eerror "https://wiki.gentoo.org/wiki/Merge-usr"
- die "systemd no longer supports split-usr"
- fi
- if [[ ${MERGE_TYPE} != buildonly ]]; then
- local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
- ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
- ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
- ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
- ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
- ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
- ~!SYSFS_DEPRECATED_V2"
-
- use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
- use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
-
- if kernel_is -ge 5 10 20; then
- CONFIG_CHECK+=" ~KCMP"
- else
- CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
- fi
-
- if kernel_is -ge 4 18; then
- CONFIG_CHECK+=" ~AUTOFS_FS"
- else
- CONFIG_CHECK+=" ~AUTOFS4_FS"
- fi
-
- if linux_config_exists; then
- local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
- if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
- ewarn "It's recommended to set an empty value to the following kernel config option:"
- ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
- fi
- if linux_chkconfig_present X86; then
- CONFIG_CHECK+=" ~DMIID"
- fi
- fi
-
- if kernel_is -lt ${MINKV//./ }; then
- ewarn "Kernel version at least ${MINKV} required"
- fi
-
- check_extra_config
- fi
-}
-
-pkg_setup() {
- use boot && secureboot_pkg_setup
-}
-
-src_unpack() {
- default
- [[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
- local PATCHES=(
- "${FILESDIR}/systemd-test-process-util.patch"
- "${FILESDIR}/255-dnssec.patch"
- "${FILESDIR}/255-dnssec-2.patch"
- "${FILESDIR}/255-dnssec-3.patch"
- )
-
- if ! use vanilla; then
- PATCHES+=(
- "${FILESDIR}/gentoo-generator-path-r2.patch"
- "${FILESDIR}/gentoo-journald-audit-r1.patch"
- )
- fi
-
- default
-}
-
-src_configure() {
- # Prevent conflicts with i686 cross toolchain, bug 559726
- tc-export AR CC NM OBJCOPY RANLIB
-
- python_setup
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=(
- --localstatedir="${EPREFIX}/var"
- # default is developer, bug 918671
- -Dmode=release
- -Dsupport-url="https://gentoo.org/support/"
- -Dpamlibdir="$(getpam_mod_dir)"
- # avoid bash-completion dep
- -Dbashcompletiondir="$(get_bashcompdir)"
- -Dsplit-bin=false
- # Disable compatibility with sysvinit
- -Dsysvinit-path=
- -Dsysvrcnd-path=
- # Avoid infinite exec recursion, bug 642724
- -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
- # no deps
- -Dima=true
- -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
- # Match /etc/shells, bug 919749
- -Ddebug-shell="${EPREFIX}/bin/sh"
- -Ddefault-user-shell="${EPREFIX}/bin/bash"
- # Optional components/dependencies
- $(meson_native_use_bool acl)
- $(meson_native_use_bool apparmor)
- $(meson_native_use_bool audit)
- $(meson_native_use_bool boot bootloader)
- $(meson_native_use_bool cryptsetup libcryptsetup)
- $(meson_native_use_bool curl libcurl)
- $(meson_native_use_bool dns-over-tls dns-over-tls)
- $(meson_native_use_bool elfutils)
- $(meson_native_use_bool fido2 libfido2)
- $(meson_use gcrypt)
- $(meson_native_use_bool gnutls)
- $(meson_native_use_bool homed)
- $(meson_native_use_bool http microhttpd)
- $(meson_native_use_bool idn)
- $(meson_native_use_bool importd)
- $(meson_native_use_bool importd bzip2)
- $(meson_native_use_bool importd zlib)
- $(meson_native_use_bool kernel-install)
- $(meson_native_use_bool kmod)
- $(meson_use lz4)
- $(meson_use lzma xz)
- $(meson_use test tests)
- $(meson_use zstd)
- $(meson_native_use_bool iptables libiptc)
- $(meson_native_use_bool openssl)
- $(meson_use pam)
- $(meson_native_use_bool pkcs11 p11kit)
- $(meson_native_use_bool pcre pcre2)
- $(meson_native_use_bool policykit polkit)
- $(meson_native_use_bool pwquality)
- $(meson_native_use_bool qrcode qrencode)
- $(meson_native_use_bool seccomp)
- $(meson_native_use_bool selinux)
- $(meson_native_use_bool tpm tpm2)
- $(meson_native_use_bool test dbus)
- $(meson_native_use_bool ukify)
- $(meson_native_use_bool xkb xkbcommon)
- -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
- # Breaks screen, tmux, etc.
- -Ddefault-kill-user-processes=false
- -Dcreate-log-dirs=false
-
- # multilib options
- $(meson_native_true backlight)
- $(meson_native_true binfmt)
- $(meson_native_true coredump)
- $(meson_native_true environment-d)
- $(meson_native_true firstboot)
- $(meson_native_true hibernate)
- $(meson_native_true hostnamed)
- $(meson_native_true ldconfig)
- $(meson_native_true localed)
- $(meson_native_true man)
- $(meson_native_true networkd)
- $(meson_native_true quotacheck)
- $(meson_native_true randomseed)
- $(meson_native_true rfkill)
- $(meson_native_true sysusers)
- $(meson_native_true timedated)
- $(meson_native_true timesyncd)
- $(meson_native_true tmpfiles)
- $(meson_native_true vconsole)
- $(meson_native_enabled vmspawn)
- )
-
- meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_test() {
- (
- unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
- export COLUMNS=80
- addpredict /dev
- addpredict /proc
- addpredict /run
- addpredict /sys/fs/cgroup
- meson_src_test
- ) || die
-}
-
-multilib_src_install_all() {
- # meson doesn't know about docdir
- mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
-
- einstalldocs
- dodoc "${FILESDIR}"/nsswitch.conf
-
- insinto /usr/lib/tmpfiles.d
- doins "${FILESDIR}"/legacy.conf
-
- if ! use resolvconf; then
- rm -f "${ED}"/usr/bin/resolvconf || die
- fi
-
- if ! use sysv-utils; then
- rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die
- rm "${ED}"/usr/share/man/man1/init.1 || die
- rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
- fi
-
- # https://bugs.gentoo.org/761763
- rm -r "${ED}"/usr/lib/sysusers.d || die
-
- # Preserve empty dirs in /etc & /var, bug #437008
- keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
- keepdir /etc/kernel/install.d
- keepdir /etc/systemd/{network,system,user}
- keepdir /etc/udev/rules.d
-
- keepdir /etc/udev/hwdb.d
-
- keepdir /usr/lib/systemd/{system-sleep,system-shutdown}
- keepdir /usr/lib/{binfmt.d,modules-load.d}
- keepdir /usr/lib/systemd/user-generators
- keepdir /var/lib/systemd
- keepdir /var/log/journal
-
- if use pam; then
- newpamd "${FILESDIR}"/systemd-user.pam systemd-user
- fi
-
- if use kernel-install; then
- # Dummy config, remove to make room for sys-kernel/installkernel
- rm "${ED}/usr/lib/kernel/install.conf" || die
- fi
-
- use ukify && python_fix_shebang "${ED}"
- use boot && secureboot_auto_sign
-}
-
-migrate_locale() {
- local envd_locale_def="${EROOT}/etc/env.d/02locale"
- local envd_locale=( "${EROOT}"/etc/env.d/??locale )
- local locale_conf="${EROOT}/etc/locale.conf"
-
- if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
- # If locale.conf does not exist...
- if [[ -e ${envd_locale} ]]; then
- # ...either copy env.d/??locale if there's one
- ebegin "Moving ${envd_locale} to ${locale_conf}"
- mv "${envd_locale}" "${locale_conf}"
- eend ${?} || FAIL=1
- else
- # ...or create a dummy default
- ebegin "Creating ${locale_conf}"
- cat > "${locale_conf}" <<-EOF
- # This file has been created by the sys-apps/systemd ebuild.
- # See locale.conf(5) and localectl(1).
-
- # LANG=${LANG}
- EOF
- eend ${?} || FAIL=1
- fi
- fi
-
- if [[ ! -L ${envd_locale} ]]; then
- # now, if env.d/??locale is not a symlink (to locale.conf)...
- if [[ -e ${envd_locale} ]]; then
- # ...warn the user that he has duplicate locale settings
- ewarn
- ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
- ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
- ewarn "and create the symlink with the following command:"
- ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
- ewarn
- else
- # ...or just create the symlink if there's nothing here
- ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
- ln -n -s ../locale.conf "${envd_locale_def}"
- eend ${?} || FAIL=1
- fi
- fi
-}
-
-pkg_preinst() {
- if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
- # Symlink /etc/sysctl.conf for easy migration.
- dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
- fi
-
- if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
- ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
- ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
- fi
-}
-
-pkg_postinst() {
- systemd_update_catalog
-
- # Keep this here in case the database format changes so it gets updated
- # when required.
- systemd-hwdb --root="${ROOT}" update
-
- udev_reload || FAIL=1
-
- # Bug 465468, make sure locales are respected, and ensure consistency
- # between OpenRC & systemd
- migrate_locale
-
- if [[ -z ${REPLACING_VERSIONS} ]]; then
- if type systemctl &>/dev/null; then
- systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
- fi
- elog "To enable a useful set of services, run the following:"
- elog " systemctl preset-all --preset-mode=enable-only"
- fi
-
- if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
- rm "${EROOT}/var/lib/systemd/timesync"
- fi
-
- if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
- ebegin "Reexecuting system manager (systemd)"
- systemctl daemon-reexec
- eend $? || FAIL=1
- fi
-
- if [[ ${FAIL} ]]; then
- eerror "One of the postinst commands failed. Please check the postinst output"
- eerror "for errors. You may need to clean up your system and/or try installing"
- eerror "systemd again."
- eerror
- fi
-
- if use boot; then
- optfeature "installing kernels in systemd-boot's native layout and update loader entries" \
- "sys-kernel/installkernel[systemd-boot]"
- fi
- if use ukify; then
- optfeature "generating unified kernel image on each kernel installation" \
- "sys-kernel/installkernel[ukify]"
- fi
-}
-
-pkg_prerm() {
- # If removing systemd completely, remove the catalog database.
- if [[ ! ${REPLACED_BY_VERSION} ]]; then
- rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
- fi
-}
diff --git a/sys-apps/systemd/systemd-255.5.ebuild b/sys-apps/systemd/systemd-255.5.ebuild
deleted file mode 100644
index 9ebc6c14fa23..000000000000
--- a/sys-apps/systemd/systemd-255.5.ebuild
+++ /dev/null
@@ -1,529 +0,0 @@
-# Copyright 2011-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-PYTHON_COMPAT=( python3_{10..12} )
-
-# Avoid QA warnings
-TMPFILES_OPTIONAL=1
-UDEV_OPTIONAL=1
-
-QA_PKGCONFIG_VERSION=$(ver_cut 1)
-
-if [[ ${PV} == 9999 ]]; then
- EGIT_REPO_URI="https://github.com/systemd/systemd.git"
- inherit git-r3
-else
- if [[ ${PV} == *.* ]]; then
- MY_PN=systemd-stable
- else
- MY_PN=systemd
- fi
- MY_PV=${PV/_/-}
- MY_P=${MY_PN}-${MY_PV}
- S=${WORKDIR}/${MY_P}
- SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
-
- if [[ ${PV} != *rc* ]] ; then
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
- fi
-fi
-
-inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1
-inherit secureboot systemd toolchain-funcs udev
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="http://systemd.io/"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="
- acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
- fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod
- +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
- +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
-"
-REQUIRED_USE="
- ${PYTHON_REQUIRED_USE}
- dns-over-tls? ( || ( gnutls openssl ) )
- fido2? ( cryptsetup openssl )
- homed? ( cryptsetup pam openssl )
- importd? ( curl lzma || ( gcrypt openssl ) )
- pwquality? ( homed )
- boot? ( kernel-install )
- ukify? ( boot )
-"
-RESTRICT="!test? ( test )"
-
-MINKV="4.15"
-
-COMMON_DEPEND="
- >=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}]
- sys-libs/libcap:0=[${MULTILIB_USEDEP}]
- virtual/libcrypt:=[${MULTILIB_USEDEP}]
- acl? ( sys-apps/acl:0= )
- apparmor? ( >=sys-libs/libapparmor-2.13:0= )
- audit? ( >=sys-process/audit-2:0= )
- cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
- curl? ( >=net-misc/curl-7.32.0:0= )
- elfutils? ( >=dev-libs/elfutils-0.158:0= )
- fido2? ( dev-libs/libfido2:0= )
- gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
- gnutls? ( >=net-libs/gnutls-3.6.0:0= )
- http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
- idn? ( net-dns/libidn2:= )
- importd? (
- app-arch/bzip2:0=
- sys-libs/zlib:0=
- )
- kmod? ( >=sys-apps/kmod-15:0= )
- lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
- lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
- iptables? ( net-firewall/iptables:0= )
- openssl? ( >=dev-libs/openssl-1.1.0:0= )
- pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
- pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= )
- pcre? ( dev-libs/libpcre2 )
- pwquality? ( >=dev-libs/libpwquality-1.4.1:0= )
- qrcode? ( >=media-gfx/qrencode-3:0= )
- seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
- selinux? ( >=sys-libs/libselinux-2.1.9:0= )
- tpm? ( app-crypt/tpm2-tss:0= )
- xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
- zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
-"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
- >=sys-kernel/linux-headers-${MINKV}
-"
-
-PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
- >=acct-group/adm-0-r1
- >=acct-group/wheel-0-r1
- >=acct-group/kmem-0-r1
- >=acct-group/tty-0-r1
- >=acct-group/utmp-0-r1
- >=acct-group/audio-0-r1
- >=acct-group/cdrom-0-r1
- >=acct-group/dialout-0-r1
- >=acct-group/disk-0-r1
- >=acct-group/input-0-r1
- >=acct-group/kvm-0-r1
- >=acct-group/lp-0-r1
- >=acct-group/render-0-r1
- acct-group/sgx
- >=acct-group/tape-0-r1
- acct-group/users
- >=acct-group/video-0-r1
- >=acct-group/systemd-journal-0-r1
- >=acct-user/root-0-r1
- acct-user/nobody
- >=acct-user/systemd-journal-remote-0-r1
- >=acct-user/systemd-coredump-0-r1
- >=acct-user/systemd-network-0-r1
- acct-user/systemd-oom
- >=acct-user/systemd-resolve-0-r1
- >=acct-user/systemd-timesync-0-r1
- >=sys-apps/baselayout-2.2
- ukify? (
- ${PYTHON_DEPS}
- $(python_gen_cond_dep "${PEFILE_DEPEND}")
- )
- selinux? (
- sec-policy/selinux-base-policy[systemd]
- sec-policy/selinux-ntp
- )
- sysv-utils? (
- !sys-apps/openrc[sysv-utils(-)]
- !sys-apps/sysvinit
- )
- !sysv-utils? ( sys-apps/sysvinit )
- resolvconf? ( !net-dns/openresolv )
- !sys-apps/hwids[udev]
- !sys-auth/nss-myhostname
- !sys-fs/eudev
- !sys-fs/udev
-"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
- >=sys-fs/udev-init-scripts-34
- policykit? ( sys-auth/polkit )
- !vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-BDEPEND="
- app-arch/xz-utils:0
- dev-util/gperf
- >=dev-build/meson-0.46
- >=sys-apps/coreutils-8.16
- sys-devel/gettext
- virtual/pkgconfig
- test? (
- app-text/tree
- dev-lang/perl
- sys-apps/dbus
- )
- app-text/docbook-xml-dtd:4.2
- app-text/docbook-xml-dtd:4.5
- app-text/docbook-xsl-stylesheets
- dev-libs/libxslt:0
- ${PYTHON_DEPS}
- $(python_gen_cond_dep "
- dev-python/jinja[\${PYTHON_USEDEP}]
- dev-python/lxml[\${PYTHON_USEDEP}]
- boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] )
- ukify? ( test? ( ${PEFILE_DEPEND} ) )
- ")
-"
-
-QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
-QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
-
-pkg_pretend() {
- if use split-usr; then
- eerror "Please complete the migration to merged-usr."
- eerror "https://wiki.gentoo.org/wiki/Merge-usr"
- die "systemd no longer supports split-usr"
- fi
- if [[ ${MERGE_TYPE} != buildonly ]]; then
- local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
- ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
- ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
- ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
- ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
- ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
- ~!SYSFS_DEPRECATED_V2"
-
- use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
- use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
-
- if kernel_is -ge 5 10 20; then
- CONFIG_CHECK+=" ~KCMP"
- else
- CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
- fi
-
- if kernel_is -ge 4 18; then
- CONFIG_CHECK+=" ~AUTOFS_FS"
- else
- CONFIG_CHECK+=" ~AUTOFS4_FS"
- fi
-
- if linux_config_exists; then
- local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
- if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
- ewarn "It's recommended to set an empty value to the following kernel config option:"
- ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
- fi
- if linux_chkconfig_present X86; then
- CONFIG_CHECK+=" ~DMIID"
- fi
- fi
-
- if kernel_is -lt ${MINKV//./ }; then
- ewarn "Kernel version at least ${MINKV} required"
- fi
-
- check_extra_config
- fi
-}
-
-pkg_setup() {
- use boot && secureboot_pkg_setup
-}
-
-src_unpack() {
- default
- [[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
- local PATCHES=(
- "${FILESDIR}/systemd-test-process-util.patch"
- )
-
- if ! use vanilla; then
- PATCHES+=(
- "${FILESDIR}/gentoo-generator-path-r2.patch"
- "${FILESDIR}/gentoo-journald-audit-r1.patch"
- )
- fi
-
- default
-}
-
-src_configure() {
- # Prevent conflicts with i686 cross toolchain, bug 559726
- tc-export AR CC NM OBJCOPY RANLIB
-
- python_setup
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=(
- --localstatedir="${EPREFIX}/var"
- # default is developer, bug 918671
- -Dmode=release
- -Dsupport-url="https://gentoo.org/support/"
- -Dpamlibdir="$(getpam_mod_dir)"
- # avoid bash-completion dep
- -Dbashcompletiondir="$(get_bashcompdir)"
- -Dsplit-bin=false
- # Disable compatibility with sysvinit
- -Dsysvinit-path=
- -Dsysvrcnd-path=
- # Avoid infinite exec recursion, bug 642724
- -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
- # no deps
- -Dima=true
- -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
- # Match /etc/shells, bug 919749
- -Ddebug-shell="${EPREFIX}/bin/sh"
- -Ddefault-user-shell="${EPREFIX}/bin/bash"
- # Optional components/dependencies
- $(meson_native_use_bool acl)
- $(meson_native_use_bool apparmor)
- $(meson_native_use_bool audit)
- $(meson_native_use_bool boot bootloader)
- $(meson_native_use_bool cryptsetup libcryptsetup)
- $(meson_native_use_bool curl libcurl)
- $(meson_native_use_bool dns-over-tls dns-over-tls)
- $(meson_native_use_bool elfutils)
- $(meson_native_use_bool fido2 libfido2)
- $(meson_use gcrypt)
- $(meson_native_use_bool gnutls)
- $(meson_native_use_bool homed)
- $(meson_native_use_bool http microhttpd)
- $(meson_native_use_bool idn)
- $(meson_native_use_bool importd)
- $(meson_native_use_bool importd bzip2)
- $(meson_native_use_bool importd zlib)
- $(meson_native_use_bool kernel-install)
- $(meson_native_use_bool kmod)
- $(meson_use lz4)
- $(meson_use lzma xz)
- $(meson_use test tests)
- $(meson_use zstd)
- $(meson_native_use_bool iptables libiptc)
- $(meson_native_use_bool openssl)
- $(meson_use pam)
- $(meson_native_use_bool pkcs11 p11kit)
- $(meson_native_use_bool pcre pcre2)
- $(meson_native_use_bool policykit polkit)
- $(meson_native_use_bool pwquality)
- $(meson_native_use_bool qrcode qrencode)
- $(meson_native_use_bool seccomp)
- $(meson_native_use_bool selinux)
- $(meson_native_use_bool tpm tpm2)
- $(meson_native_use_bool test dbus)
- $(meson_native_use_bool ukify)
- $(meson_native_use_bool xkb xkbcommon)
- -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
- # Breaks screen, tmux, etc.
- -Ddefault-kill-user-processes=false
- -Dcreate-log-dirs=false
-
- # multilib options
- $(meson_native_true backlight)
- $(meson_native_true binfmt)
- $(meson_native_true coredump)
- $(meson_native_true environment-d)
- $(meson_native_true firstboot)
- $(meson_native_true hibernate)
- $(meson_native_true hostnamed)
- $(meson_native_true ldconfig)
- $(meson_native_true localed)
- $(meson_native_true man)
- $(meson_native_true networkd)
- $(meson_native_true quotacheck)
- $(meson_native_true randomseed)
- $(meson_native_true rfkill)
- $(meson_native_true sysusers)
- $(meson_native_true timedated)
- $(meson_native_true timesyncd)
- $(meson_native_true tmpfiles)
- $(meson_native_true vconsole)
- $(meson_native_enabled vmspawn)
- )
-
- meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_test() {
- (
- unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
- export COLUMNS=80
- addpredict /dev
- addpredict /proc
- addpredict /run
- addpredict /sys/fs/cgroup
- meson_src_test
- ) || die
-}
-
-multilib_src_install_all() {
- # meson doesn't know about docdir
- mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
-
- einstalldocs
- dodoc "${FILESDIR}"/nsswitch.conf
-
- insinto /usr/lib/tmpfiles.d
- doins "${FILESDIR}"/legacy.conf
-
- if ! use resolvconf; then
- rm -f "${ED}"/usr/bin/resolvconf || die
- fi
-
- if ! use sysv-utils; then
- rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die
- rm "${ED}"/usr/share/man/man1/init.1 || die
- rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
- fi
-
- # https://bugs.gentoo.org/761763
- rm -r "${ED}"/usr/lib/sysusers.d || die
-
- # Preserve empty dirs in /etc & /var, bug #437008
- keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
- keepdir /etc/kernel/install.d
- keepdir /etc/systemd/{network,system,user}
- keepdir /etc/udev/rules.d
-
- keepdir /etc/udev/hwdb.d
-
- keepdir /usr/lib/systemd/{system-sleep,system-shutdown}
- keepdir /usr/lib/{binfmt.d,modules-load.d}
- keepdir /usr/lib/systemd/user-generators
- keepdir /var/lib/systemd
- keepdir /var/log/journal
-
- if use pam; then
- newpamd "${FILESDIR}"/systemd-user.pam systemd-user
- fi
-
- if use kernel-install; then
- # Dummy config, remove to make room for sys-kernel/installkernel
- rm "${ED}/usr/lib/kernel/install.conf" || die
- fi
-
- use ukify && python_fix_shebang "${ED}"
- use boot && secureboot_auto_sign
-}
-
-migrate_locale() {
- local envd_locale_def="${EROOT}/etc/env.d/02locale"
- local envd_locale=( "${EROOT}"/etc/env.d/??locale )
- local locale_conf="${EROOT}/etc/locale.conf"
-
- if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
- # If locale.conf does not exist...
- if [[ -e ${envd_locale} ]]; then
- # ...either copy env.d/??locale if there's one
- ebegin "Moving ${envd_locale} to ${locale_conf}"
- mv "${envd_locale}" "${locale_conf}"
- eend ${?} || FAIL=1
- else
- # ...or create a dummy default
- ebegin "Creating ${locale_conf}"
- cat > "${locale_conf}" <<-EOF
- # This file has been created by the sys-apps/systemd ebuild.
- # See locale.conf(5) and localectl(1).
-
- # LANG=${LANG}
- EOF
- eend ${?} || FAIL=1
- fi
- fi
-
- if [[ ! -L ${envd_locale} ]]; then
- # now, if env.d/??locale is not a symlink (to locale.conf)...
- if [[ -e ${envd_locale} ]]; then
- # ...warn the user that he has duplicate locale settings
- ewarn
- ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
- ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
- ewarn "and create the symlink with the following command:"
- ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
- ewarn
- else
- # ...or just create the symlink if there's nothing here
- ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
- ln -n -s ../locale.conf "${envd_locale_def}"
- eend ${?} || FAIL=1
- fi
- fi
-}
-
-pkg_preinst() {
- if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
- # Symlink /etc/sysctl.conf for easy migration.
- dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
- fi
-
- if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
- ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
- ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
- fi
-}
-
-pkg_postinst() {
- systemd_update_catalog
-
- # Keep this here in case the database format changes so it gets updated
- # when required.
- systemd-hwdb --root="${ROOT}" update
-
- udev_reload || FAIL=1
-
- # Bug 465468, make sure locales are respected, and ensure consistency
- # between OpenRC & systemd
- migrate_locale
-
- if [[ -z ${REPLACING_VERSIONS} ]]; then
- if type systemctl &>/dev/null; then
- systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
- fi
- elog "To enable a useful set of services, run the following:"
- elog " systemctl preset-all --preset-mode=enable-only"
- fi
-
- if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
- rm "${EROOT}/var/lib/systemd/timesync"
- fi
-
- if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
- ebegin "Reexecuting system manager (systemd)"
- systemctl daemon-reexec
- eend $? || FAIL=1
- fi
-
- if [[ ${FAIL} ]]; then
- eerror "One of the postinst commands failed. Please check the postinst output"
- eerror "for errors. You may need to clean up your system and/or try installing"
- eerror "systemd again."
- eerror
- fi
-
- if use boot; then
- optfeature "installing kernels in systemd-boot's native layout and update loader entries" \
- "sys-kernel/installkernel[systemd-boot]"
- fi
- if use ukify; then
- optfeature "generating unified kernel image on each kernel installation" \
- "sys-kernel/installkernel[ukify]"
- fi
-}
-
-pkg_prerm() {
- # If removing systemd completely, remove the catalog database.
- if [[ ! ${REPLACED_BY_VERSION} ]]; then
- rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
- fi
-}
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2024-05-05 15:43 Sam James
0 siblings, 0 replies; 65+ messages in thread
From: Sam James @ 2024-05-05 15:43 UTC (permalink / raw
To: gentoo-commits
commit: a2f26b71bd5e7b811ad0a085459c32ac149239b8
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun May 5 15:41:52 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun May 5 15:43:30 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a2f26b71
sys-apps/systemd: backport more dnssec fixes to 255.5
Followup to 1b646e8e63408abcdbf131ace4af9bb80ed5e29a.
Bug: https://bugs.gentoo.org/836341
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-apps/systemd/files/255-dnssec-2.patch | 48 +++
sys-apps/systemd/files/255-dnssec-3.patch | 32 ++
sys-apps/systemd/files/255-dnssec.patch | 8 +-
sys-apps/systemd/systemd-255.5-r2.ebuild | 532 ++++++++++++++++++++++++++++++
4 files changed, 617 insertions(+), 3 deletions(-)
diff --git a/sys-apps/systemd/files/255-dnssec-2.patch b/sys-apps/systemd/files/255-dnssec-2.patch
new file mode 100644
index 000000000000..e8eaf9782b3e
--- /dev/null
+++ b/sys-apps/systemd/files/255-dnssec-2.patch
@@ -0,0 +1,48 @@
+https://github.com/systemd/systemd/pull/32598
+https://github.com/systemd/systemd-stable/commit/ee15f5efaf2f6cdbb867fca601e92761276e2b1e
+
+From ee15f5efaf2f6cdbb867fca601e92761276e2b1e Mon Sep 17 00:00:00 2001
+From: Ronan Pigott <ronan@rjp.ie>
+Date: Tue, 30 Apr 2024 22:15:18 -0700
+Subject: [PATCH] resolved: probe for dnssec support in allow-downgrade mode
+
+Previously, sd-resolved unnecessarily requested SOA records for each dns
+label in the query, even though they are not needed for the chain of
+trust. Since 47690634f157, only the necessary records are queried when
+validating.
+
+This is actually a problem in allow-downgrade mode, since we will no
+longer attempt a query for a record that we know is signed a priori, and
+will therefore never update our belief about the state of dnssec support
+in the recursive resolver.
+
+Rectify this by reintroducing a query for the root zone SOA in the
+allow-downgrade case, specifically to test that the resolver attaches
+the RRSIGs which we know must exist.
+
+Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
+(cherry picked from commit 5237ffdf2b63a5afea77c3470d9981a2c29643cc)
+--- a/src/resolve/resolved-dns-transaction.c
++++ b/src/resolve/resolved-dns-transaction.c
+@@ -2622,6 +2622,21 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
+ if (r < 0)
+ return r;
+
++ if (t->scope->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE && dns_name_is_root(name)) {
++ _cleanup_(dns_resource_key_unrefp) DnsResourceKey *soa = NULL;
++ /* We made it all the way to the root zone. If we are in allow-downgrade
++ * mode, we need to make at least one request that we can be certain should
++ * have been signed, to test for servers that are not dnssec aware. */
++ soa = dns_resource_key_new(rr->key->class, DNS_TYPE_SOA, name);
++ if (!soa)
++ return -ENOMEM;
++
++ log_debug("Requesting root zone SOA to probe dnssec support.");
++ r = dns_transaction_request_dnssec_rr(t, soa);
++ if (r < 0)
++ return r;
++ }
++
+ break;
+ }
+
diff --git a/sys-apps/systemd/files/255-dnssec-3.patch b/sys-apps/systemd/files/255-dnssec-3.patch
new file mode 100644
index 000000000000..4fd231d6d157
--- /dev/null
+++ b/sys-apps/systemd/files/255-dnssec-3.patch
@@ -0,0 +1,32 @@
+https://github.com/systemd/systemd/pull/32593
+https://github.com/systemd/systemd-stable/commit/a1580223a5dd67ab61c5f888b114de43b65fffbf
+
+From a1580223a5dd67ab61c5f888b114de43b65fffbf Mon Sep 17 00:00:00 2001
+From: Ronan Pigott <ronan@rjp.ie>
+Date: Tue, 30 Apr 2024 13:19:14 -0700
+Subject: [PATCH] resolved: validate authentic insecure delegation to CNAME
+
+If the parent zone uses a non-opt-out method that provides authenticated
+negative DS replies, we still can't expect signatures from the child
+zone. sd-resolved was using the authenticated status of the DS reply to
+require signatures for CNAMEs, even though it had already proved that no
+signature exists.
+
+Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
+(cherry picked from commit 414a9b8e5e1e772261b0ffaedc853f5c0aba5719)
+--- a/src/resolve/resolved-dns-transaction.c
++++ b/src/resolve/resolved-dns-transaction.c
+@@ -2863,7 +2863,12 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
+ if (r == 0)
+ continue;
+
+- return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
++ if (!FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED))
++ return false;
++
++ /* We expect this to be signed when the DS record exists, and don't expect it to be
++ * signed when the DS record is proven not to exist. */
++ return dns_answer_match_key(dt->answer, dns_transaction_key(dt), NULL);
+ }
+
+ return true;
diff --git a/sys-apps/systemd/files/255-dnssec.patch b/sys-apps/systemd/files/255-dnssec.patch
index 5c720c58ce4a..978c26ff15f4 100644
--- a/sys-apps/systemd/files/255-dnssec.patch
+++ b/sys-apps/systemd/files/255-dnssec.patch
@@ -1,6 +1,8 @@
+https://github.com/systemd/systemd/issues/32531
https://github.com/systemd/systemd/commit/d840783db5208219c78d73b9b46ef5daae9fea0a
+https://github.com/systemd/systemd-stable/commit/52c17febf14c866d9808d1804f13ac98d76e665b
-From d840783db5208219c78d73b9b46ef5daae9fea0a Mon Sep 17 00:00:00 2001
+From 52c17febf14c866d9808d1804f13ac98d76e665b Mon Sep 17 00:00:00 2001
From: Ronan Pigott <ronan@rjp.ie>
Date: Mon, 29 Apr 2024 02:17:23 -0700
Subject: [PATCH] resolved: always progress DS queries
@@ -11,9 +13,10 @@ might not make any progress toward finding the DS we need. Let's ensure
that we at least always check the parent in this case.
Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
+(cherry picked from commit d840783db5208219c78d73b9b46ef5daae9fea0a)
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
-@@ -2618,6 +2618,10 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
+@@ -2545,6 +2545,10 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
return r;
if (r == 0)
continue;
@@ -24,4 +27,3 @@ Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
}
r = dnssec_has_rrsig(t->answer, rr->key);
-
diff --git a/sys-apps/systemd/systemd-255.5-r2.ebuild b/sys-apps/systemd/systemd-255.5-r2.ebuild
new file mode 100644
index 000000000000..533779767069
--- /dev/null
+++ b/sys-apps/systemd/systemd-255.5-r2.ebuild
@@ -0,0 +1,532 @@
+# Copyright 2011-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+PYTHON_COMPAT=( python3_{10..12} )
+
+# Avoid QA warnings
+TMPFILES_OPTIONAL=1
+UDEV_OPTIONAL=1
+
+QA_PKGCONFIG_VERSION=$(ver_cut 1)
+
+if [[ ${PV} == 9999 ]]; then
+ EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+ inherit git-r3
+else
+ if [[ ${PV} == *.* ]]; then
+ MY_PN=systemd-stable
+ else
+ MY_PN=systemd
+ fi
+ MY_PV=${PV/_/-}
+ MY_P=${MY_PN}-${MY_PV}
+ S=${WORKDIR}/${MY_P}
+ SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
+
+ if [[ ${PV} != *rc* ]] ; then
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+ fi
+fi
+
+inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1
+inherit secureboot systemd toolchain-funcs udev
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="http://systemd.io/"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="
+ acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
+ fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod
+ +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
+ +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
+"
+REQUIRED_USE="
+ ${PYTHON_REQUIRED_USE}
+ dns-over-tls? ( || ( gnutls openssl ) )
+ fido2? ( cryptsetup openssl )
+ homed? ( cryptsetup pam openssl )
+ importd? ( curl lzma || ( gcrypt openssl ) )
+ pwquality? ( homed )
+ boot? ( kernel-install )
+ ukify? ( boot )
+"
+RESTRICT="!test? ( test )"
+
+MINKV="4.15"
+
+COMMON_DEPEND="
+ >=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}]
+ sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+ virtual/libcrypt:=[${MULTILIB_USEDEP}]
+ acl? ( sys-apps/acl:0= )
+ apparmor? ( >=sys-libs/libapparmor-2.13:0= )
+ audit? ( >=sys-process/audit-2:0= )
+ cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
+ curl? ( >=net-misc/curl-7.32.0:0= )
+ elfutils? ( >=dev-libs/elfutils-0.158:0= )
+ fido2? ( dev-libs/libfido2:0= )
+ gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+ gnutls? ( >=net-libs/gnutls-3.6.0:0= )
+ http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
+ idn? ( net-dns/libidn2:= )
+ importd? (
+ app-arch/bzip2:0=
+ sys-libs/zlib:0=
+ )
+ kmod? ( >=sys-apps/kmod-15:0= )
+ lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+ iptables? ( net-firewall/iptables:0= )
+ openssl? ( >=dev-libs/openssl-1.1.0:0= )
+ pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
+ pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= )
+ pcre? ( dev-libs/libpcre2 )
+ pwquality? ( >=dev-libs/libpwquality-1.4.1:0= )
+ qrcode? ( >=media-gfx/qrencode-3:0= )
+ seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+ selinux? ( >=sys-libs/libselinux-2.1.9:0= )
+ tpm? ( app-crypt/tpm2-tss:0= )
+ xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
+ zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
+"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+ >=sys-kernel/linux-headers-${MINKV}
+"
+
+PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+ >=acct-group/adm-0-r1
+ >=acct-group/wheel-0-r1
+ >=acct-group/kmem-0-r1
+ >=acct-group/tty-0-r1
+ >=acct-group/utmp-0-r1
+ >=acct-group/audio-0-r1
+ >=acct-group/cdrom-0-r1
+ >=acct-group/dialout-0-r1
+ >=acct-group/disk-0-r1
+ >=acct-group/input-0-r1
+ >=acct-group/kvm-0-r1
+ >=acct-group/lp-0-r1
+ >=acct-group/render-0-r1
+ acct-group/sgx
+ >=acct-group/tape-0-r1
+ acct-group/users
+ >=acct-group/video-0-r1
+ >=acct-group/systemd-journal-0-r1
+ >=acct-user/root-0-r1
+ acct-user/nobody
+ >=acct-user/systemd-journal-remote-0-r1
+ >=acct-user/systemd-coredump-0-r1
+ >=acct-user/systemd-network-0-r1
+ acct-user/systemd-oom
+ >=acct-user/systemd-resolve-0-r1
+ >=acct-user/systemd-timesync-0-r1
+ >=sys-apps/baselayout-2.2
+ ukify? (
+ ${PYTHON_DEPS}
+ $(python_gen_cond_dep "${PEFILE_DEPEND}")
+ )
+ selinux? (
+ sec-policy/selinux-base-policy[systemd]
+ sec-policy/selinux-ntp
+ )
+ sysv-utils? (
+ !sys-apps/openrc[sysv-utils(-)]
+ !sys-apps/sysvinit
+ )
+ !sysv-utils? ( sys-apps/sysvinit )
+ resolvconf? ( !net-dns/openresolv )
+ !sys-apps/hwids[udev]
+ !sys-auth/nss-myhostname
+ !sys-fs/eudev
+ !sys-fs/udev
+"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+ >=sys-fs/udev-init-scripts-34
+ policykit? ( sys-auth/polkit )
+ !vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+BDEPEND="
+ app-arch/xz-utils:0
+ dev-util/gperf
+ >=dev-build/meson-0.46
+ >=sys-apps/coreutils-8.16
+ sys-devel/gettext
+ virtual/pkgconfig
+ test? (
+ app-text/tree
+ dev-lang/perl
+ sys-apps/dbus
+ )
+ app-text/docbook-xml-dtd:4.2
+ app-text/docbook-xml-dtd:4.5
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt:0
+ ${PYTHON_DEPS}
+ $(python_gen_cond_dep "
+ dev-python/jinja[\${PYTHON_USEDEP}]
+ dev-python/lxml[\${PYTHON_USEDEP}]
+ boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] )
+ ukify? ( test? ( ${PEFILE_DEPEND} ) )
+ ")
+"
+
+QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
+QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
+
+pkg_pretend() {
+ if use split-usr; then
+ eerror "Please complete the migration to merged-usr."
+ eerror "https://wiki.gentoo.org/wiki/Merge-usr"
+ die "systemd no longer supports split-usr"
+ fi
+ if [[ ${MERGE_TYPE} != buildonly ]]; then
+ local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
+ ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+ ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+ ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
+ ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+ ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+ ~!SYSFS_DEPRECATED_V2"
+
+ use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+ use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+
+ if kernel_is -ge 5 10 20; then
+ CONFIG_CHECK+=" ~KCMP"
+ else
+ CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
+ fi
+
+ if kernel_is -ge 4 18; then
+ CONFIG_CHECK+=" ~AUTOFS_FS"
+ else
+ CONFIG_CHECK+=" ~AUTOFS4_FS"
+ fi
+
+ if linux_config_exists; then
+ local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+ if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+ ewarn "It's recommended to set an empty value to the following kernel config option:"
+ ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+ fi
+ if linux_chkconfig_present X86; then
+ CONFIG_CHECK+=" ~DMIID"
+ fi
+ fi
+
+ if kernel_is -lt ${MINKV//./ }; then
+ ewarn "Kernel version at least ${MINKV} required"
+ fi
+
+ check_extra_config
+ fi
+}
+
+pkg_setup() {
+ use boot && secureboot_pkg_setup
+}
+
+src_unpack() {
+ default
+ [[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+ local PATCHES=(
+ "${FILESDIR}/systemd-test-process-util.patch"
+ "${FILESDIR}/255-dnssec.patch"
+ "${FILESDIR}/255-dnssec-2.patch"
+ "${FILESDIR}/255-dnssec-3.patch"
+ )
+
+ if ! use vanilla; then
+ PATCHES+=(
+ "${FILESDIR}/gentoo-generator-path-r2.patch"
+ "${FILESDIR}/gentoo-journald-audit-r1.patch"
+ )
+ fi
+
+ default
+}
+
+src_configure() {
+ # Prevent conflicts with i686 cross toolchain, bug 559726
+ tc-export AR CC NM OBJCOPY RANLIB
+
+ python_setup
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=(
+ --localstatedir="${EPREFIX}/var"
+ # default is developer, bug 918671
+ -Dmode=release
+ -Dsupport-url="https://gentoo.org/support/"
+ -Dpamlibdir="$(getpam_mod_dir)"
+ # avoid bash-completion dep
+ -Dbashcompletiondir="$(get_bashcompdir)"
+ -Dsplit-bin=false
+ # Disable compatibility with sysvinit
+ -Dsysvinit-path=
+ -Dsysvrcnd-path=
+ # Avoid infinite exec recursion, bug 642724
+ -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+ # no deps
+ -Dima=true
+ -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
+ # Match /etc/shells, bug 919749
+ -Ddebug-shell="${EPREFIX}/bin/sh"
+ -Ddefault-user-shell="${EPREFIX}/bin/bash"
+ # Optional components/dependencies
+ $(meson_native_use_bool acl)
+ $(meson_native_use_bool apparmor)
+ $(meson_native_use_bool audit)
+ $(meson_native_use_bool boot bootloader)
+ $(meson_native_use_bool cryptsetup libcryptsetup)
+ $(meson_native_use_bool curl libcurl)
+ $(meson_native_use_bool dns-over-tls dns-over-tls)
+ $(meson_native_use_bool elfutils)
+ $(meson_native_use_bool fido2 libfido2)
+ $(meson_use gcrypt)
+ $(meson_native_use_bool gnutls)
+ $(meson_native_use_bool homed)
+ $(meson_native_use_bool http microhttpd)
+ $(meson_native_use_bool idn)
+ $(meson_native_use_bool importd)
+ $(meson_native_use_bool importd bzip2)
+ $(meson_native_use_bool importd zlib)
+ $(meson_native_use_bool kernel-install)
+ $(meson_native_use_bool kmod)
+ $(meson_use lz4)
+ $(meson_use lzma xz)
+ $(meson_use test tests)
+ $(meson_use zstd)
+ $(meson_native_use_bool iptables libiptc)
+ $(meson_native_use_bool openssl)
+ $(meson_use pam)
+ $(meson_native_use_bool pkcs11 p11kit)
+ $(meson_native_use_bool pcre pcre2)
+ $(meson_native_use_bool policykit polkit)
+ $(meson_native_use_bool pwquality)
+ $(meson_native_use_bool qrcode qrencode)
+ $(meson_native_use_bool seccomp)
+ $(meson_native_use_bool selinux)
+ $(meson_native_use_bool tpm tpm2)
+ $(meson_native_use_bool test dbus)
+ $(meson_native_use_bool ukify)
+ $(meson_native_use_bool xkb xkbcommon)
+ -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+ # Breaks screen, tmux, etc.
+ -Ddefault-kill-user-processes=false
+ -Dcreate-log-dirs=false
+
+ # multilib options
+ $(meson_native_true backlight)
+ $(meson_native_true binfmt)
+ $(meson_native_true coredump)
+ $(meson_native_true environment-d)
+ $(meson_native_true firstboot)
+ $(meson_native_true hibernate)
+ $(meson_native_true hostnamed)
+ $(meson_native_true ldconfig)
+ $(meson_native_true localed)
+ $(meson_native_true man)
+ $(meson_native_true networkd)
+ $(meson_native_true quotacheck)
+ $(meson_native_true randomseed)
+ $(meson_native_true rfkill)
+ $(meson_native_true sysusers)
+ $(meson_native_true timedated)
+ $(meson_native_true timesyncd)
+ $(meson_native_true tmpfiles)
+ $(meson_native_true vconsole)
+ $(meson_native_enabled vmspawn)
+ )
+
+ meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_test() {
+ (
+ unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
+ export COLUMNS=80
+ addpredict /dev
+ addpredict /proc
+ addpredict /run
+ addpredict /sys/fs/cgroup
+ meson_src_test
+ ) || die
+}
+
+multilib_src_install_all() {
+ # meson doesn't know about docdir
+ mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
+
+ einstalldocs
+ dodoc "${FILESDIR}"/nsswitch.conf
+
+ insinto /usr/lib/tmpfiles.d
+ doins "${FILESDIR}"/legacy.conf
+
+ if ! use resolvconf; then
+ rm -f "${ED}"/usr/bin/resolvconf || die
+ fi
+
+ if ! use sysv-utils; then
+ rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die
+ rm "${ED}"/usr/share/man/man1/init.1 || die
+ rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
+ fi
+
+ # https://bugs.gentoo.org/761763
+ rm -r "${ED}"/usr/lib/sysusers.d || die
+
+ # Preserve empty dirs in /etc & /var, bug #437008
+ keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+ keepdir /etc/kernel/install.d
+ keepdir /etc/systemd/{network,system,user}
+ keepdir /etc/udev/rules.d
+
+ keepdir /etc/udev/hwdb.d
+
+ keepdir /usr/lib/systemd/{system-sleep,system-shutdown}
+ keepdir /usr/lib/{binfmt.d,modules-load.d}
+ keepdir /usr/lib/systemd/user-generators
+ keepdir /var/lib/systemd
+ keepdir /var/log/journal
+
+ if use pam; then
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
+
+ if use kernel-install; then
+ # Dummy config, remove to make room for sys-kernel/installkernel
+ rm "${ED}/usr/lib/kernel/install.conf" || die
+ fi
+
+ use ukify && python_fix_shebang "${ED}"
+ use boot && secureboot_auto_sign
+}
+
+migrate_locale() {
+ local envd_locale_def="${EROOT}/etc/env.d/02locale"
+ local envd_locale=( "${EROOT}"/etc/env.d/??locale )
+ local locale_conf="${EROOT}/etc/locale.conf"
+
+ if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+ # If locale.conf does not exist...
+ if [[ -e ${envd_locale} ]]; then
+ # ...either copy env.d/??locale if there's one
+ ebegin "Moving ${envd_locale} to ${locale_conf}"
+ mv "${envd_locale}" "${locale_conf}"
+ eend ${?} || FAIL=1
+ else
+ # ...or create a dummy default
+ ebegin "Creating ${locale_conf}"
+ cat > "${locale_conf}" <<-EOF
+ # This file has been created by the sys-apps/systemd ebuild.
+ # See locale.conf(5) and localectl(1).
+
+ # LANG=${LANG}
+ EOF
+ eend ${?} || FAIL=1
+ fi
+ fi
+
+ if [[ ! -L ${envd_locale} ]]; then
+ # now, if env.d/??locale is not a symlink (to locale.conf)...
+ if [[ -e ${envd_locale} ]]; then
+ # ...warn the user that he has duplicate locale settings
+ ewarn
+ ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+ ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+ ewarn "and create the symlink with the following command:"
+ ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+ ewarn
+ else
+ # ...or just create the symlink if there's nothing here
+ ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+ ln -n -s ../locale.conf "${envd_locale_def}"
+ eend ${?} || FAIL=1
+ fi
+ fi
+}
+
+pkg_preinst() {
+ if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
+ # Symlink /etc/sysctl.conf for easy migration.
+ dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
+ fi
+
+ if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
+ ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
+ ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
+ fi
+}
+
+pkg_postinst() {
+ systemd_update_catalog
+
+ # Keep this here in case the database format changes so it gets updated
+ # when required.
+ systemd-hwdb --root="${ROOT}" update
+
+ udev_reload || FAIL=1
+
+ # Bug 465468, make sure locales are respected, and ensure consistency
+ # between OpenRC & systemd
+ migrate_locale
+
+ if [[ -z ${REPLACING_VERSIONS} ]]; then
+ if type systemctl &>/dev/null; then
+ systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
+ fi
+ elog "To enable a useful set of services, run the following:"
+ elog " systemctl preset-all --preset-mode=enable-only"
+ fi
+
+ if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
+ rm "${EROOT}/var/lib/systemd/timesync"
+ fi
+
+ if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
+ ebegin "Reexecuting system manager (systemd)"
+ systemctl daemon-reexec
+ eend $? || FAIL=1
+ fi
+
+ if [[ ${FAIL} ]]; then
+ eerror "One of the postinst commands failed. Please check the postinst output"
+ eerror "for errors. You may need to clean up your system and/or try installing"
+ eerror "systemd again."
+ eerror
+ fi
+
+ if use boot; then
+ optfeature "installing kernels in systemd-boot's native layout and update loader entries" \
+ "sys-kernel/installkernel[systemd-boot]"
+ fi
+ if use ukify; then
+ optfeature "generating unified kernel image on each kernel installation" \
+ "sys-kernel/installkernel[ukify]"
+ fi
+}
+
+pkg_prerm() {
+ # If removing systemd completely, remove the catalog database.
+ if [[ ! ${REPLACED_BY_VERSION} ]]; then
+ rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+ fi
+}
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2024-04-18 4:20 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2024-04-18 4:20 UTC (permalink / raw
To: gentoo-commits
commit: 867009193d04369c4ca3d9f0af26c72c8ca9b82f
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 18 04:19:21 2024 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Apr 18 04:19:21 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=86700919
sys-apps/systemd: make test-process-util work with pid-sandbox
Closes: https://bugs.gentoo.org/674458
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
.../systemd/files/systemd-test-process-util.patch | 30 ++++++++++++++++++++++
sys-apps/systemd/systemd-254.10.ebuild | 6 +----
sys-apps/systemd/systemd-255.4.ebuild | 8 ++----
sys-apps/systemd/systemd-9999.ebuild | 6 +----
4 files changed, 34 insertions(+), 16 deletions(-)
diff --git a/sys-apps/systemd/files/systemd-test-process-util.patch b/sys-apps/systemd/files/systemd-test-process-util.patch
new file mode 100644
index 000000000000..ec1a766764ee
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-test-process-util.patch
@@ -0,0 +1,30 @@
+From 1d3404701bf0c27600dd44b2814cd6caffca877a Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Thu, 18 Apr 2024 00:04:44 -0400
+Subject: [PATCH] test-process-util: remove assert that fails under pid-sandbox
+
+Upstream refuses to fix this.
+
+Bug: https://bugs.gentoo.org/674458
+Bug: https://github.com/systemd/systemd/issues/25015
+---
+ src/test/test-process-util.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
+index c96bd4341b..4009cf96e2 100644
+--- a/src/test/test-process-util.c
++++ b/src/test/test-process-util.c
+@@ -92,9 +92,6 @@ static void test_pid_get_comm_one(pid_t pid) {
+ assert_se(r >= 0 || r == -EACCES);
+ log_info("PID"PID_FMT" strlen(environ): %zi", pid, env ? (ssize_t)strlen(env) : (ssize_t)-errno);
+
+- if (!detect_container())
+- assert_se(get_ctty_devnr(pid, &h) == -ENXIO || pid != 1);
+-
+ (void) getenv_for_pid(pid, "PATH", &i);
+ log_info("PID"PID_FMT" $PATH: '%s'", pid, strna(i));
+ }
+--
+2.44.0
+
diff --git a/sys-apps/systemd/systemd-254.10.ebuild b/sys-apps/systemd/systemd-254.10.ebuild
index 3428d3abc74f..c85a0b31b907 100644
--- a/sys-apps/systemd/systemd-254.10.ebuild
+++ b/sys-apps/systemd/systemd-254.10.ebuild
@@ -182,11 +182,6 @@ QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
pkg_pretend() {
if [[ ${MERGE_TYPE} != buildonly ]]; then
- if use test && has pid-sandbox ${FEATURES}; then
- ewarn "Tests are known to fail with PID sandboxing enabled."
- ewarn "See https://bugs.gentoo.org/674458."
- fi
-
local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
@@ -240,6 +235,7 @@ src_unpack() {
src_prepare() {
local PATCHES=(
+ "${FILESDIR}/systemd-test-process-util.patch"
"${FILESDIR}/systemd-253-initrd-generators.patch"
"${FILESDIR}/254-PrivateDevices-userdbd.patch"
)
diff --git a/sys-apps/systemd/systemd-255.4.ebuild b/sys-apps/systemd/systemd-255.4.ebuild
index de47dde183cf..03c7008aa486 100644
--- a/sys-apps/systemd/systemd-255.4.ebuild
+++ b/sys-apps/systemd/systemd-255.4.ebuild
@@ -190,11 +190,6 @@ pkg_pretend() {
die "systemd no longer supports split-usr"
fi
if [[ ${MERGE_TYPE} != buildonly ]]; then
- if use test && has pid-sandbox ${FEATURES}; then
- ewarn "Tests are known to fail with PID sandboxing enabled."
- ewarn "See https://bugs.gentoo.org/674458."
- fi
-
local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
@@ -248,7 +243,8 @@ src_unpack() {
src_prepare() {
local PATCHES=(
- "${FILESDIR}"/255-install-format-overflow.patch
+ "${FILESDIR}/systemd-test-process-util.patch"
+ "${FILESDIR}/255-install-format-overflow.patch"
)
if ! use vanilla; then
diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index c035b9a2cfde..9ebc6c14fa23 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -190,11 +190,6 @@ pkg_pretend() {
die "systemd no longer supports split-usr"
fi
if [[ ${MERGE_TYPE} != buildonly ]]; then
- if use test && has pid-sandbox ${FEATURES}; then
- ewarn "Tests are known to fail with PID sandboxing enabled."
- ewarn "See https://bugs.gentoo.org/674458."
- fi
-
local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
@@ -248,6 +243,7 @@ src_unpack() {
src_prepare() {
local PATCHES=(
+ "${FILESDIR}/systemd-test-process-util.patch"
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2024-03-04 2:51 Sam James
0 siblings, 0 replies; 65+ messages in thread
From: Sam James @ 2024-03-04 2:51 UTC (permalink / raw
To: gentoo-commits
commit: a25cf19d6f0dd41643c17cdfebbd87fde5e0e336
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 4 02:50:27 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Mar 4 02:51:32 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a25cf19d
sys-apps/systemd: backport another stringop-truncation fix
No revbump as this is a false positive (the stringop-* warnings are known
to be noisy/flaky).
Closes: https://bugs.gentoo.org/916518
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../files/255-install-format-overflow.patch | 43 ++++++++++++++++++++++
sys-apps/systemd/systemd-255.4.ebuild | 1 +
2 files changed, 44 insertions(+)
diff --git a/sys-apps/systemd/files/255-install-format-overflow.patch b/sys-apps/systemd/files/255-install-format-overflow.patch
new file mode 100644
index 000000000000..3dca7d8e8ec7
--- /dev/null
+++ b/sys-apps/systemd/files/255-install-format-overflow.patch
@@ -0,0 +1,43 @@
+https://github.com/systemd/systemd-stable/commit/f85d2c6d1023b1fe558142440b1d63c4fc5f7c98
+https://github.com/systemd/systemd/issues/30448
+https://bugs.gentoo.org/916518
+
+From f85d2c6d1023b1fe558142440b1d63c4fc5f7c98 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <bluca@debian.org>
+Date: Sat, 24 Feb 2024 12:05:44 +0000
+Subject: [PATCH] install: fix compiler warning about empty directive argument
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+On ppc64el with gcc 13.2 on Ubuntu 24.04:
+
+3s In file included from ../src/basic/macro.h:386,
+483s from ../src/basic/alloc-util.h:10,
+483s from ../src/shared/install.c:12:
+483s ../src/shared/install.c: In function ‘install_changes_dump’:
+483s ../src/shared/install.c:432:64: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
+483s 432 | err = log_error_errno(changes[i].type, "Failed to %s unit, unit %s does not exist.",
+483s | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+483s ../src/shared/install.c:432:75: note: format string is defined here
+483s 432 | err = log_error_errno(changes[i].type, "Failed to %s unit, unit %s does not exist.",
+
+(cherry picked from commit 8040fa55a1cbc34dede3205a902095ecd26c21e3)
+--- a/src/shared/install.c
++++ b/src/shared/install.c
+@@ -340,9 +340,12 @@ void install_changes_dump(int r, const char *verb, const InstallChange *changes,
+ assert(verb || r >= 0);
+
+ for (size_t i = 0; i < n_changes; i++) {
+- if (changes[i].type < 0)
+- assert(verb);
+ assert(changes[i].path);
++ /* This tries to tell the compiler that it's safe to use 'verb' in a string format if there
++ * was an error, but the compiler doesn't care and fails anyway, so strna(verb) is used
++ * too. */
++ assert(verb || changes[i].type >= 0);
++ verb = strna(verb);
+
+ /* When making changes here, make sure to also change install_error() in dbus-manager.c. */
+
+
diff --git a/sys-apps/systemd/systemd-255.4.ebuild b/sys-apps/systemd/systemd-255.4.ebuild
index 183166373f1d..c1d288b695d5 100644
--- a/sys-apps/systemd/systemd-255.4.ebuild
+++ b/sys-apps/systemd/systemd-255.4.ebuild
@@ -248,6 +248,7 @@ src_unpack() {
src_prepare() {
local PATCHES=(
+ "${FILESDIR}"/255-install-format-overflow.patch
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2024-02-24 15:51 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2024-02-24 15:51 UTC (permalink / raw
To: gentoo-commits
commit: 296415fa509175fd0253091697d1eec1fcf462df
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 24 15:48:45 2024 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Feb 24 15:48:45 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=296415fa
sys-apps/systemd: backport fchmodat2 support to 254.9
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
.../systemd/files/systemd-254.9-fchmodat2.patch | 255 +++++++++++++++++++++
...ystemd-254.9.ebuild => systemd-254.9-r1.ebuild} | 1 +
2 files changed, 256 insertions(+)
diff --git a/sys-apps/systemd/files/systemd-254.9-fchmodat2.patch b/sys-apps/systemd/files/systemd-254.9-fchmodat2.patch
new file mode 100644
index 000000000000..27bdd121aa60
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-254.9-fchmodat2.patch
@@ -0,0 +1,255 @@
+From 3d93b69fa558b33f1f2b52305fa4c2d836789394 Mon Sep 17 00:00:00 2001
+From: Arseny Maslennikov <arseny@altlinux.org>
+Date: Sun, 15 Oct 2023 11:00:00 +0300
+Subject: [PATCH 1/3] basic/missing_syscall: generate defs for `fchmodat2(2)`
+
+We will need this to set seccomp filters on this system call regardless
+of libseccomp or kernel support.
+
+(cherry picked from commit 3677364cc3a2c5429380cfd3a2472e2da87925c4)
+---
+ src/basic/missing_syscall_def.h | 68 +++++++++++++++++++++++++++++++++
+ src/basic/missing_syscalls.py | 1 +
+ 2 files changed, 69 insertions(+)
+
+diff --git a/src/basic/missing_syscall_def.h b/src/basic/missing_syscall_def.h
+index 402fdd00dc..b5beb434db 100644
+--- a/src/basic/missing_syscall_def.h
++++ b/src/basic/missing_syscall_def.h
+@@ -246,6 +246,74 @@ assert_cc(__NR_copy_file_range == systemd_NR_copy_file_range);
+ # endif
+ #endif
+
++#ifndef __IGNORE_fchmodat2
++# if defined(__aarch64__)
++# define systemd_NR_fchmodat2 452
++# elif defined(__alpha__)
++# define systemd_NR_fchmodat2 562
++# elif defined(__arc__) || defined(__tilegx__)
++# define systemd_NR_fchmodat2 452
++# elif defined(__arm__)
++# define systemd_NR_fchmodat2 452
++# elif defined(__i386__)
++# define systemd_NR_fchmodat2 452
++# elif defined(__ia64__)
++# define systemd_NR_fchmodat2 1476
++# elif defined(__loongarch_lp64)
++# define systemd_NR_fchmodat2 452
++# elif defined(__m68k__)
++# define systemd_NR_fchmodat2 452
++# elif defined(_MIPS_SIM)
++# if _MIPS_SIM == _MIPS_SIM_ABI32
++# define systemd_NR_fchmodat2 4452
++# elif _MIPS_SIM == _MIPS_SIM_NABI32
++# define systemd_NR_fchmodat2 6452
++# elif _MIPS_SIM == _MIPS_SIM_ABI64
++# define systemd_NR_fchmodat2 5452
++# else
++# error "Unknown MIPS ABI"
++# endif
++# elif defined(__hppa__)
++# define systemd_NR_fchmodat2 452
++# elif defined(__powerpc__)
++# define systemd_NR_fchmodat2 452
++# elif defined(__riscv)
++# if __riscv_xlen == 32
++# define systemd_NR_fchmodat2 452
++# elif __riscv_xlen == 64
++# define systemd_NR_fchmodat2 452
++# else
++# error "Unknown RISC-V ABI"
++# endif
++# elif defined(__s390__)
++# define systemd_NR_fchmodat2 452
++# elif defined(__sparc__)
++# define systemd_NR_fchmodat2 452
++# elif defined(__x86_64__)
++# if defined(__ILP32__)
++# define systemd_NR_fchmodat2 (452 | /* __X32_SYSCALL_BIT */ 0x40000000)
++# else
++# define systemd_NR_fchmodat2 452
++# endif
++# elif !defined(missing_arch_template)
++# warning "fchmodat2() syscall number is unknown for your architecture"
++# endif
++
++/* may be an (invalid) negative number due to libseccomp, see PR 13319 */
++# if defined __NR_fchmodat2 && __NR_fchmodat2 >= 0
++# if defined systemd_NR_fchmodat2
++assert_cc(__NR_fchmodat2 == systemd_NR_fchmodat2);
++# endif
++# else
++# if defined __NR_fchmodat2
++# undef __NR_fchmodat2
++# endif
++# if defined systemd_NR_fchmodat2 && systemd_NR_fchmodat2 >= 0
++# define __NR_fchmodat2 systemd_NR_fchmodat2
++# endif
++# endif
++#endif
++
+ #ifndef __IGNORE_getrandom
+ # if defined(__aarch64__)
+ # define systemd_NR_getrandom 278
+diff --git a/src/basic/missing_syscalls.py b/src/basic/missing_syscalls.py
+index 5ccf02adec..00f72dc7a8 100644
+--- a/src/basic/missing_syscalls.py
++++ b/src/basic/missing_syscalls.py
+@@ -9,6 +9,7 @@ SYSCALLS = [
+ 'bpf',
+ 'close_range',
+ 'copy_file_range',
++ 'fchmodat2',
+ 'getrandom',
+ 'memfd_create',
+ 'mount_setattr',
+--
+2.43.0
+
+
+From c1ffd32c642dcadb844b149fcc0c6fe0dbe8a292 Mon Sep 17 00:00:00 2001
+From: Arseny Maslennikov <arseny@altlinux.org>
+Date: Sun, 15 Oct 2023 11:00:00 +0300
+Subject: [PATCH 2/3] seccomp: include `fchmodat2` in `@file-system`
+
+(cherry picked from commit 6e10405aa25fe5e76b740d9ec59730e3f4470c7a)
+---
+ src/shared/seccomp-util.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
+index bd9660cb35..a9c6279b18 100644
+--- a/src/shared/seccomp-util.c
++++ b/src/shared/seccomp-util.c
+@@ -468,6 +468,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
+ "fchdir\0"
+ "fchmod\0"
+ "fchmodat\0"
++ "fchmodat2\0"
+ "fcntl\0"
+ "fcntl64\0"
+ "fgetxattr\0"
+--
+2.43.0
+
+
+From da6ec29e7f755e14655132b4e0b04f463f40af3e Mon Sep 17 00:00:00 2001
+From: Arseny Maslennikov <arseny@altlinux.org>
+Date: Sun, 15 Oct 2023 11:00:00 +0300
+Subject: [PATCH 3/3] seccomp: also check the mode parameter of `fchmodat2(2)`
+
+If there is no libseccomp support, just ban the entire syscall instead
+so wrappers will fall back to older, supported syscalls.
+Also reflect all of this in `test-seccomp.c`.
+
+(cherry picked from commit 8b45281daa3a87b4b7a3248263cd0ba929d15596)
+---
+ src/shared/seccomp-util.c | 24 +++++++++++++++++++++++-
+ src/test/test-seccomp.c | 28 ++++++++++++++++++++++++++++
+ 2 files changed, 51 insertions(+), 1 deletion(-)
+
+diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
+index a9c6279b18..12fd95d95b 100644
+--- a/src/shared/seccomp-util.c
++++ b/src/shared/seccomp-util.c
+@@ -2038,7 +2038,7 @@ int seccomp_protect_hostname(void) {
+ static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) {
+ /* Checks the mode_t parameter of the following system calls:
+ *
+- * → chmod() + fchmod() + fchmodat()
++ * → chmod() + fchmod() + fchmodat() + fchmodat2()
+ * → open() + creat() + openat()
+ * → mkdir() + mkdirat()
+ * → mknod() + mknodat()
+@@ -2081,6 +2081,28 @@ static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) {
+ else
+ any = true;
+
++#if defined(__SNR_fchmodat2)
++ r = seccomp_rule_add_exact(
++ seccomp,
++ SCMP_ACT_ERRNO(EPERM),
++ SCMP_SYS(fchmodat2),
++ 1,
++ SCMP_A2(SCMP_CMP_MASKED_EQ, m, m));
++#else
++ /* It looks like this libseccomp does not know about fchmodat2().
++ * Pretend the fchmodat2() system call is not supported at all,
++ * regardless of the kernel version. */
++ r = seccomp_rule_add_exact(
++ seccomp,
++ SCMP_ACT_ERRNO(ENOSYS),
++ __NR_fchmodat2,
++ 0);
++#endif
++ if (r < 0)
++ log_debug_errno(r, "Failed to add filter for fchmodat2: %m");
++ else
++ any = true;
++
+ r = seccomp_rule_add_exact(
+ seccomp,
+ SCMP_ACT_ERRNO(EPERM),
+diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
+index 2d06098ddd..3a73262a8b 100644
+--- a/src/test/test-seccomp.c
++++ b/src/test/test-seccomp.c
+@@ -21,6 +21,7 @@
+ #include "macro.h"
+ #include "memory-util.h"
+ #include "missing_sched.h"
++#include "missing_syscall_def.h"
+ #include "nsflags.h"
+ #include "nulstr-util.h"
+ #include "process-util.h"
+@@ -1003,6 +1004,23 @@ static int real_open(const char *path, int flags, mode_t mode) {
+ #endif
+ }
+
++static int try_fchmodat2(int dirfd, const char *path, int flags, mode_t mode) {
++ /* glibc does not provide a direct wrapper for fchmodat2(). Let's hence define our own wrapper for
++ * testing purposes that calls the real syscall, on architectures and in environments where
++ * SYS_fchmodat2 is defined. Otherwise, let's just fall back to the glibc fchmodat() call. */
++
++#if defined __NR_fchmodat2 && __NR_fchmodat2 >= 0
++ int r;
++ r = (int) syscall(__NR_fchmodat2, dirfd, path, flags, mode);
++ /* The syscall might still be unsupported by kernel or libseccomp. */
++ if (r < 0 && errno == ENOSYS)
++ return fchmodat(dirfd, path, flags, mode);
++ return r;
++#else
++ return fchmodat(dirfd, path, flags, mode);
++#endif
++}
++
+ TEST(restrict_suid_sgid) {
+ pid_t pid;
+
+@@ -1044,6 +1062,11 @@ TEST(restrict_suid_sgid) {
+ assert_se(fchmodat(AT_FDCWD, path, 0755 | S_ISGID | S_ISUID, 0) >= 0);
+ assert_se(fchmodat(AT_FDCWD, path, 0755, 0) >= 0);
+
++ assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISUID, 0) >= 0);
++ assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISGID, 0) >= 0);
++ assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISGID | S_ISUID, 0) >= 0);
++ assert_se(try_fchmodat2(AT_FDCWD, path, 0755, 0) >= 0);
++
+ k = real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID);
+ k = safe_close(k);
+ assert_se(unlink(z) >= 0);
+@@ -1145,6 +1168,11 @@ TEST(restrict_suid_sgid) {
+ assert_se(fchmodat(AT_FDCWD, path, 0755 | S_ISGID | S_ISUID, 0) < 0 && errno == EPERM);
+ assert_se(fchmodat(AT_FDCWD, path, 0755, 0) >= 0);
+
++ assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISUID, 0) < 0 && errno == EPERM);
++ assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISGID, 0) < 0 && errno == EPERM);
++ assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISGID | S_ISUID, 0) < 0 && errno == EPERM);
++ assert_se(try_fchmodat2(AT_FDCWD, path, 0755, 0) >= 0);
++
+ assert_se(real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID) < 0 && errno == EPERM);
+ assert_se(real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISGID) < 0 && errno == EPERM);
+ assert_se(real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID | S_ISGID) < 0 && errno == EPERM);
+--
+2.43.0
+
diff --git a/sys-apps/systemd/systemd-254.9.ebuild b/sys-apps/systemd/systemd-254.9-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-254.9.ebuild
rename to sys-apps/systemd/systemd-254.9-r1.ebuild
index c12a9240f822..b9a20c537da3 100644
--- a/sys-apps/systemd/systemd-254.9.ebuild
+++ b/sys-apps/systemd/systemd-254.9-r1.ebuild
@@ -242,6 +242,7 @@ src_prepare() {
local PATCHES=(
"${FILESDIR}/systemd-253-initrd-generators.patch"
"${FILESDIR}/254-PrivateDevices-userdbd.patch"
+ "${FILESDIR}/systemd-254.9-fchmodat2.patch"
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2023-12-24 11:58 Sam James
0 siblings, 0 replies; 65+ messages in thread
From: Sam James @ 2023-12-24 11:58 UTC (permalink / raw
To: gentoo-commits
commit: 795d72fab680fc06f338f4ab4db38ee10049ae1e
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 24 11:48:50 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Dec 24 11:56:30 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=795d72fa
sys-apps/systemd: add 254.8
Bug: https://bugs.gentoo.org/920331
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-apps/systemd/Manifest | 1 +
.../systemd/files/254-PrivateDevices-userdbd.patch | 242 ++++++++++
sys-apps/systemd/systemd-254.8.ebuild | 526 +++++++++++++++++++++
3 files changed, 769 insertions(+)
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 5bbbd1461af0..062d2c576f03 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -9,4 +9,5 @@ DIST systemd-stable-254.4.tar.gz 14332995 BLAKE2B 2b51ea867e142beeaf332cead5e2da
DIST systemd-stable-254.5.tar.gz 14334696 BLAKE2B 2f63d79ae93add69ac0b56dda9f67019340f84692de4da200557b9f5f1f16bebbad42a9a7e2d6ef7420aa37746d2ede0481fd8e39f03a31576c7e4e48e259ce3 SHA512 cac713670216add9e5473e2c86f04da441015e7cc0ac1500b9e1489a435f9b80c4c6ee24e9b22e4c4213a495bc1a0a908925df2045e344a2170d5aea6aafa16c
DIST systemd-stable-254.6.tar.gz 14400611 BLAKE2B 5b23131b8aaabcd386ceb9cfb4ba8e7e1c92c454dbcc2dd907fb459f3022cd324cef86d531fe296ad56349602e487544d60900f71e189aadac6ec0a361a382e3 SHA512 3ebb8c2b931d13cf6efa59842d6d7fb84410fee02f5161061900321497d33750e0b88e2366a4234ba1ab0b89b797da0b1f8b577e0924e560cd9914fde83a1e45
DIST systemd-stable-254.7.tar.gz 14411955 BLAKE2B 1213237a001fb0aef8912637f31d7d77888bc2505e1e8d8d295642a547bdebbc3a786eed095694e6a6fe2665d6e8e45e98cd883186eedeb1b4fd73daf2520dcf SHA512 2e859813f1f52fa693631ce43466875ac2ac42e09872011ee52fe4e44727663c3de9f128a47776899423188c1e99ce73a69059426a9356c930e275037d001685
+DIST systemd-stable-254.8.tar.gz 14418468 BLAKE2B e5a151ece86e57c7224fc95bda1b4ede1277fce4a2ba28d3605ab0431a2aafe1088f90c49a20e3b53a5b56aeef7c0f1f5da0601db740150f5efdf6eae7bbde80 SHA512 a3f35d9fcafcccd8d9c33ab1047241f226146017be95562a67c7dcc9eeb4b77bded92ad80e92f4767f2bf2009df0172a621d4c54a805e07ed5a5ed03940ec28e
DIST systemd-stable-255.1.tar.gz 14863856 BLAKE2B 3cf30872cf68117fea970ee2af2dad5e017bec351c866b7b22c9e2f8501c6e526421288feee7fbcf4994bba24beb4b2d98e858ac5b014dd832f9833767e28efe SHA512 ec1506b8e36c943920d8a5a8f6bbedd687d6a8cbc5cd28510485aaa65b96ad1bb58e77cf138818c95d31ea748bb65c56b95efd781d18c8936e910e222e9fdedb
diff --git a/sys-apps/systemd/files/254-PrivateDevices-userdbd.patch b/sys-apps/systemd/files/254-PrivateDevices-userdbd.patch
new file mode 100644
index 000000000000..115c831c275a
--- /dev/null
+++ b/sys-apps/systemd/files/254-PrivateDevices-userdbd.patch
@@ -0,0 +1,242 @@
+https://bugs.gentoo.org/920331
+https://github.com/systemd/systemd/issues/30535
+
+From 4a9e03aa6bb2cbd23dac00f2b2a7642cc79eaade Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Wed, 27 Sep 2023 11:55:59 +0200
+Subject: [PATCH 1/2] core: Make private /dev read-only after populating it
+
+---
+ src/core/namespace.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/core/namespace.c b/src/core/namespace.c
+index e2304f5d066da..d1153f7690140 100644
+--- a/src/core/namespace.c
++++ b/src/core/namespace.c
+@@ -995,6 +995,11 @@ static int mount_private_dev(MountEntry *m) {
+ if (r < 0)
+ log_debug_errno(r, "Failed to set up basic device tree at '%s', ignoring: %m", temporary_mount);
+
++ /* Make the bind mount read-only. */
++ r = mount_nofollow_verbose(LOG_DEBUG, NULL, dev, NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL);
++ if (r < 0)
++ return r;
++
+ /* Create the /dev directory if missing. It is more likely to be missing when the service is started
+ * with RootDirectory. This is consistent with mount units creating the mount points when missing. */
+ (void) mkdir_p_label(mount_entry_path(m), 0755);
+
+From cd7f3702eb47c82a50bf74c2b7c15c2e4e1f5c79 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Wed, 27 Sep 2023 10:52:50 +0200
+Subject: [PATCH 2/2] core: Use a subdirectory of /run/ for PrivateDevices=
+
+When we're starting early boot services such as systemd-userdbd.service,
+/tmp might not yet be mounted, so let's use a directory in /run instead
+which is guaranteed to be available.
+---
+ src/core/execute.c | 1 +
+ src/core/namespace.c | 61 +++++++++++++++++++++++++++++----------
+ src/core/namespace.h | 2 ++
+ src/test/test-namespace.c | 1 +
+ src/test/test-ns.c | 1 +
+ 5 files changed, 50 insertions(+), 16 deletions(-)
+
+diff --git a/src/core/execute.c b/src/core/execute.c
+index a52df64d01081..89c3868d55f6c 100644
+--- a/src/core/execute.c
++++ b/src/core/execute.c
+@@ -3307,6 +3307,7 @@ static int apply_mount_namespace(
+ extension_dir,
+ root_dir || root_image ? params->notify_socket : NULL,
+ host_os_release_stage,
++ params->runtime_scope,
+ error_path);
+
+ /* If we couldn't set up the namespace this is probably due to a missing capability. setup_namespace() reports
+diff --git a/src/core/namespace.c b/src/core/namespace.c
+index d1153f7690140..a0471ac8884bf 100644
+--- a/src/core/namespace.c
++++ b/src/core/namespace.c
+@@ -909,7 +909,19 @@ static int clone_device_node(
+ return 0;
+ }
+
+-static int mount_private_dev(MountEntry *m) {
++static char *settle_runtime_dir(RuntimeScope scope) {
++ char *runtime_dir;
++
++ if (scope != RUNTIME_SCOPE_USER)
++ return strdup("/run/");
++
++ if (asprintf(&runtime_dir, "/run/user/" UID_FMT, geteuid()) < 0)
++ return NULL;
++
++ return runtime_dir;
++}
++
++static int mount_private_dev(MountEntry *m, RuntimeScope scope) {
+ static const char devnodes[] =
+ "/dev/null\0"
+ "/dev/zero\0"
+@@ -918,13 +930,21 @@ static int mount_private_dev(MountEntry *m) {
+ "/dev/urandom\0"
+ "/dev/tty\0";
+
+- char temporary_mount[] = "/tmp/namespace-dev-XXXXXX";
++ _cleanup_free_ char *runtime_dir = NULL, *temporary_mount = NULL;
+ const char *dev = NULL, *devpts = NULL, *devshm = NULL, *devhugepages = NULL, *devmqueue = NULL, *devlog = NULL, *devptmx = NULL;
+ bool can_mknod = true;
+ int r;
+
+ assert(m);
+
++ runtime_dir = settle_runtime_dir(scope);
++ if (!runtime_dir)
++ return log_oom_debug();
++
++ temporary_mount = path_join(runtime_dir, "systemd/namespace-dev-XXXXXX");
++ if (!temporary_mount)
++ return log_oom_debug();
++
+ if (!mkdtemp(temporary_mount))
+ return log_debug_errno(errno, "Failed to create temporary directory '%s': %m", temporary_mount);
+
+@@ -1364,7 +1384,8 @@ static int apply_one_mount(
+ MountEntry *m,
+ const ImagePolicy *mount_image_policy,
+ const ImagePolicy *extension_image_policy,
+- const NamespaceInfo *ns_info) {
++ const NamespaceInfo *ns_info,
++ RuntimeScope scope) {
+
+ _cleanup_free_ char *inaccessible = NULL;
+ bool rbind = true, make = false;
+@@ -1379,8 +1400,7 @@ static int apply_one_mount(
+ switch (m->mode) {
+
+ case INACCESSIBLE: {
+- _cleanup_free_ char *tmp = NULL;
+- const char *runtime_dir;
++ _cleanup_free_ char *runtime_dir = NULL;
+ struct stat target;
+
+ /* First, get rid of everything that is below if there
+@@ -1396,14 +1416,14 @@ static int apply_one_mount(
+ mount_entry_path(m));
+ }
+
+- if (geteuid() == 0)
+- runtime_dir = "/run";
+- else {
+- if (asprintf(&tmp, "/run/user/" UID_FMT, geteuid()) < 0)
+- return -ENOMEM;
+-
+- runtime_dir = tmp;
+- }
++ /* We don't pass the literal runtime scope through here but one based purely on our UID. This
++ * means that the root user's --user services will use the host's inaccessible inodes rather
++ * then root's private ones. This is preferable since it means device nodes that are
++ * overmounted to make them inaccessible will be overmounted with a device node, rather than
++ * an AF_UNIX socket inode. */
++ runtime_dir = settle_runtime_dir(geteuid() == 0 ? RUNTIME_SCOPE_SYSTEM : RUNTIME_SCOPE_USER);
++ if (!runtime_dir)
++ return log_oom_debug();
+
+ r = mode_to_inaccessible_node(runtime_dir, target.st_mode, &inaccessible);
+ if (r < 0)
+@@ -1523,7 +1543,7 @@ static int apply_one_mount(
+ break;
+
+ case PRIVATE_DEV:
+- return mount_private_dev(m);
++ return mount_private_dev(m, scope);
+
+ case BIND_DEV:
+ return mount_bind_dev(m);
+@@ -1824,6 +1844,7 @@ static int apply_mounts(
+ const NamespaceInfo *ns_info,
+ MountEntry *mounts,
+ size_t *n_mounts,
++ RuntimeScope scope,
+ char **symlinks,
+ char **error_path) {
+
+@@ -1875,7 +1896,7 @@ static int apply_mounts(
+ break;
+ }
+
+- r = apply_one_mount(root, m, mount_image_policy, extension_image_policy, ns_info);
++ r = apply_one_mount(root, m, mount_image_policy, extension_image_policy, ns_info, scope);
+ if (r < 0) {
+ if (error_path && mount_entry_path(m))
+ *error_path = strdup(mount_entry_path(m));
+@@ -2030,6 +2051,7 @@ int setup_namespace(
+ const char *extension_dir,
+ const char *notify_socket,
+ const char *host_os_release_stage,
++ RuntimeScope scope,
+ char **error_path) {
+
+ _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
+@@ -2490,7 +2512,14 @@ int setup_namespace(
+ (void) base_filesystem_create(root, UID_INVALID, GID_INVALID);
+
+ /* Now make the magic happen */
+- r = apply_mounts(root, mount_image_policy, extension_image_policy, ns_info, mounts, &n_mounts, symlinks, error_path);
++ r = apply_mounts(root,
++ mount_image_policy,
++ extension_image_policy,
++ ns_info,
++ mounts, &n_mounts,
++ scope,
++ symlinks,
++ error_path);
+ if (r < 0)
+ goto finish;
+
+diff --git a/src/core/namespace.h b/src/core/namespace.h
+index b6132154c5132..581403d89826d 100644
+--- a/src/core/namespace.h
++++ b/src/core/namespace.h
+@@ -16,6 +16,7 @@ typedef struct MountImage MountImage;
+ #include "fs-util.h"
+ #include "macro.h"
+ #include "namespace-util.h"
++#include "runtime-scope.h"
+ #include "string-util.h"
+
+ typedef enum ProtectHome {
+@@ -134,6 +135,7 @@ int setup_namespace(
+ const char *extension_dir,
+ const char *notify_socket,
+ const char *host_os_release_stage,
++ RuntimeScope scope,
+ char **error_path);
+
+ #define RUN_SYSTEMD_EMPTY "/run/systemd/empty"
+diff --git a/src/test/test-namespace.c b/src/test/test-namespace.c
+index 25aafc35ca837..42ac65d08c87a 100644
+--- a/src/test/test-namespace.c
++++ b/src/test/test-namespace.c
+@@ -206,6 +206,7 @@ TEST(protect_kernel_logs) {
+ NULL,
+ NULL,
+ NULL,
++ RUNTIME_SCOPE_SYSTEM,
+ NULL);
+ assert_se(r == 0);
+
+diff --git a/src/test/test-ns.c b/src/test/test-ns.c
+index 77afd2f6b9eb8..eb3afed9e1c66 100644
+--- a/src/test/test-ns.c
++++ b/src/test/test-ns.c
+@@ -108,6 +108,7 @@ int main(int argc, char *argv[]) {
+ NULL,
+ NULL,
+ NULL,
++ RUNTIME_SCOPE_SYSTEM,
+ NULL);
+ if (r < 0) {
+ log_error_errno(r, "Failed to set up namespace: %m");
diff --git a/sys-apps/systemd/systemd-254.8.ebuild b/sys-apps/systemd/systemd-254.8.ebuild
new file mode 100644
index 000000000000..0ad5f8893f48
--- /dev/null
+++ b/sys-apps/systemd/systemd-254.8.ebuild
@@ -0,0 +1,526 @@
+# Copyright 2011-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+PYTHON_COMPAT=( python3_{10..12} )
+
+# Avoid QA warnings
+TMPFILES_OPTIONAL=1
+UDEV_OPTIONAL=1
+
+QA_PKGCONFIG_VERSION=$(ver_cut 1)
+
+if [[ ${PV} == 9999 ]]; then
+ EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+ inherit git-r3
+else
+ if [[ ${PV} == *.* ]]; then
+ MY_PN=systemd-stable
+ else
+ MY_PN=systemd
+ fi
+ MY_PV=${PV/_/-}
+ MY_P=${MY_PN}-${MY_PV}
+ S=${WORKDIR}/${MY_P}
+ SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+fi
+
+inherit bash-completion-r1 linux-info meson-multilib pam python-single-r1
+inherit secureboot systemd toolchain-funcs udev usr-ldscript
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="http://systemd.io/"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="
+ acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
+ fido2 +gcrypt gnutls homed http idn importd iptables kernel-install +kmod
+ +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
+ +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
+"
+REQUIRED_USE="
+ ${PYTHON_REQUIRED_USE}
+ dns-over-tls? ( || ( gnutls openssl ) )
+ fido2? ( cryptsetup openssl )
+ homed? ( cryptsetup pam openssl )
+ importd? ( curl lzma || ( gcrypt openssl ) )
+ pwquality? ( homed )
+ boot? ( kernel-install )
+ ukify? ( boot )
+"
+RESTRICT="!test? ( test )"
+
+MINKV="4.15"
+
+COMMON_DEPEND="
+ >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+ sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+ virtual/libcrypt:=[${MULTILIB_USEDEP}]
+ acl? ( sys-apps/acl:0= )
+ apparmor? ( sys-libs/libapparmor:0= )
+ audit? ( >=sys-process/audit-2:0= )
+ cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
+ curl? ( net-misc/curl:0= )
+ elfutils? ( >=dev-libs/elfutils-0.158:0= )
+ fido2? ( dev-libs/libfido2:0= )
+ gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+ gnutls? ( >=net-libs/gnutls-3.6.0:0= )
+ http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
+ idn? ( net-dns/libidn2:= )
+ importd? (
+ app-arch/bzip2:0=
+ sys-libs/zlib:0=
+ )
+ kmod? ( >=sys-apps/kmod-15:0= )
+ lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+ iptables? ( net-firewall/iptables:0= )
+ openssl? ( >=dev-libs/openssl-1.1.0:0= )
+ pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
+ pkcs11? ( app-crypt/p11-kit:0= )
+ pcre? ( dev-libs/libpcre2 )
+ pwquality? ( dev-libs/libpwquality:0= )
+ qrcode? ( media-gfx/qrencode:0= )
+ seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+ selinux? ( sys-libs/libselinux:0= )
+ tpm? ( app-crypt/tpm2-tss:0= )
+ xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
+ zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
+"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+ >=sys-kernel/linux-headers-${MINKV}
+"
+
+PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+ >=acct-group/adm-0-r1
+ >=acct-group/wheel-0-r1
+ >=acct-group/kmem-0-r1
+ >=acct-group/tty-0-r1
+ >=acct-group/utmp-0-r1
+ >=acct-group/audio-0-r1
+ >=acct-group/cdrom-0-r1
+ >=acct-group/dialout-0-r1
+ >=acct-group/disk-0-r1
+ >=acct-group/input-0-r1
+ >=acct-group/kvm-0-r1
+ >=acct-group/lp-0-r1
+ >=acct-group/render-0-r1
+ acct-group/sgx
+ >=acct-group/tape-0-r1
+ acct-group/users
+ >=acct-group/video-0-r1
+ >=acct-group/systemd-journal-0-r1
+ >=acct-user/root-0-r1
+ acct-user/nobody
+ >=acct-user/systemd-journal-remote-0-r1
+ >=acct-user/systemd-coredump-0-r1
+ >=acct-user/systemd-network-0-r1
+ acct-user/systemd-oom
+ >=acct-user/systemd-resolve-0-r1
+ >=acct-user/systemd-timesync-0-r1
+ >=sys-apps/baselayout-2.2
+ ukify? (
+ ${PYTHON_DEPS}
+ $(python_gen_cond_dep "${PEFILE_DEPEND}")
+ )
+ selinux? (
+ sec-policy/selinux-base-policy[systemd]
+ sec-policy/selinux-ntp
+ )
+ sysv-utils? (
+ !sys-apps/openrc[sysv-utils(-)]
+ !sys-apps/sysvinit
+ )
+ !sysv-utils? ( sys-apps/sysvinit )
+ resolvconf? ( !net-dns/openresolv )
+ !sys-apps/hwids[udev]
+ !sys-auth/nss-myhostname
+ !sys-fs/eudev
+ !sys-fs/udev
+"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+ >=sys-fs/udev-init-scripts-34
+ policykit? ( sys-auth/polkit )
+ !vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+BDEPEND="
+ app-arch/xz-utils:0
+ dev-util/gperf
+ >=dev-util/meson-0.46
+ >=sys-apps/coreutils-8.16
+ sys-devel/gettext
+ virtual/pkgconfig
+ test? (
+ app-text/tree
+ dev-lang/perl
+ sys-apps/dbus
+ )
+ app-text/docbook-xml-dtd:4.2
+ app-text/docbook-xml-dtd:4.5
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt:0
+ ${PYTHON_DEPS}
+ $(python_gen_cond_dep "
+ dev-python/jinja[\${PYTHON_USEDEP}]
+ dev-python/lxml[\${PYTHON_USEDEP}]
+ boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] )
+ ukify? ( test? ( ${PEFILE_DEPEND} ) )
+ ")
+"
+
+QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
+QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
+
+pkg_pretend() {
+ if [[ ${MERGE_TYPE} != buildonly ]]; then
+ if use test && has pid-sandbox ${FEATURES}; then
+ ewarn "Tests are known to fail with PID sandboxing enabled."
+ ewarn "See https://bugs.gentoo.org/674458."
+ fi
+
+ local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
+ ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+ ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+ ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
+ ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+ ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+ ~!SYSFS_DEPRECATED_V2"
+
+ use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+ use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+
+ if kernel_is -ge 5 10 20; then
+ CONFIG_CHECK+=" ~KCMP"
+ else
+ CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
+ fi
+
+ if kernel_is -ge 4 18; then
+ CONFIG_CHECK+=" ~AUTOFS_FS"
+ else
+ CONFIG_CHECK+=" ~AUTOFS4_FS"
+ fi
+
+ if linux_config_exists; then
+ local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+ if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+ ewarn "It's recommended to set an empty value to the following kernel config option:"
+ ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+ fi
+ if linux_chkconfig_present X86; then
+ CONFIG_CHECK+=" ~DMIID"
+ fi
+ fi
+
+ if kernel_is -lt ${MINKV//./ }; then
+ ewarn "Kernel version at least ${MINKV} required"
+ fi
+
+ check_extra_config
+ fi
+}
+
+pkg_setup() {
+ use boot && secureboot_pkg_setup
+}
+
+src_unpack() {
+ default
+ [[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+ local PATCHES=(
+ "${FILESDIR}/systemd-253-initrd-generators.patch"
+ "${FILESDIR}/254-PrivateDevices-userdbd.patch"
+ )
+
+ if ! use vanilla; then
+ PATCHES+=(
+ "${FILESDIR}/gentoo-generator-path-r2.patch"
+ "${FILESDIR}/gentoo-journald-audit-r1.patch"
+ )
+ fi
+
+ # Fails with split-usr.
+ sed -i -e '2i exit 77' test/test-rpm-macros.sh || die
+
+ default
+}
+
+src_configure() {
+ # Prevent conflicts with i686 cross toolchain, bug 559726
+ tc-export AR CC NM OBJCOPY RANLIB
+
+ python_setup
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=(
+ --localstatedir="${EPREFIX}/var"
+ -Dsupport-url="https://gentoo.org/support/"
+ -Dpamlibdir="$(getpam_mod_dir)"
+ # avoid bash-completion dep
+ -Dbashcompletiondir="$(get_bashcompdir)"
+ $(meson_use split-usr)
+ $(meson_use split-usr split-bin)
+ -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
+ -Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
+ # Disable compatibility with sysvinit
+ -Dsysvinit-path=
+ -Dsysvrcnd-path=
+ # Avoid infinite exec recursion, bug 642724
+ -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+ # no deps
+ -Dima=true
+ -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
+ # Optional components/dependencies
+ $(meson_native_use_bool acl)
+ $(meson_native_use_bool apparmor)
+ $(meson_native_use_bool audit)
+ $(meson_native_use_bool boot bootloader)
+ $(meson_native_use_bool cryptsetup libcryptsetup)
+ $(meson_native_use_bool curl libcurl)
+ $(meson_native_use_bool dns-over-tls dns-over-tls)
+ $(meson_native_use_bool elfutils)
+ $(meson_native_use_bool fido2 libfido2)
+ $(meson_use gcrypt)
+ $(meson_native_use_bool gnutls)
+ $(meson_native_use_bool homed)
+ $(meson_native_use_bool http microhttpd)
+ $(meson_native_use_bool idn)
+ $(meson_native_use_bool importd)
+ $(meson_native_use_bool importd bzip2)
+ $(meson_native_use_bool importd zlib)
+ $(meson_native_use_bool kernel-install)
+ $(meson_native_use_bool kmod)
+ $(meson_use lz4)
+ $(meson_use lzma xz)
+ $(meson_use test tests)
+ $(meson_use zstd)
+ $(meson_native_use_bool iptables libiptc)
+ $(meson_native_use_bool openssl)
+ $(meson_use pam)
+ $(meson_native_use_bool pkcs11 p11kit)
+ $(meson_native_use_bool pcre pcre2)
+ $(meson_native_use_bool policykit polkit)
+ $(meson_native_use_bool pwquality)
+ $(meson_native_use_bool qrcode qrencode)
+ $(meson_native_use_bool seccomp)
+ $(meson_native_use_bool selinux)
+ $(meson_native_use_bool tpm tpm2)
+ $(meson_native_use_bool test dbus)
+ $(meson_native_use_bool ukify)
+ $(meson_native_use_bool xkb xkbcommon)
+ -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+ # Breaks screen, tmux, etc.
+ -Ddefault-kill-user-processes=false
+ -Dcreate-log-dirs=false
+
+ # multilib options
+ $(meson_native_true backlight)
+ $(meson_native_true binfmt)
+ $(meson_native_true coredump)
+ $(meson_native_true environment-d)
+ $(meson_native_true firstboot)
+ $(meson_native_true hibernate)
+ $(meson_native_true hostnamed)
+ $(meson_native_true ldconfig)
+ $(meson_native_true localed)
+ $(meson_native_true man)
+ $(meson_native_true networkd)
+ $(meson_native_true quotacheck)
+ $(meson_native_true randomseed)
+ $(meson_native_true rfkill)
+ $(meson_native_true sysusers)
+ $(meson_native_true timedated)
+ $(meson_native_true timesyncd)
+ $(meson_native_true tmpfiles)
+ $(meson_native_true vconsole)
+ )
+
+ meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_test() {
+ unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
+ local -x COLUMNS=80
+ meson_src_test
+}
+
+multilib_src_install_all() {
+ local rootprefix=$(usex split-usr '' /usr)
+ local sbin=$(usex split-usr sbin bin)
+
+ # meson doesn't know about docdir
+ mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
+
+ einstalldocs
+ dodoc "${FILESDIR}"/nsswitch.conf
+
+ insinto /usr/lib/tmpfiles.d
+ doins "${FILESDIR}"/legacy.conf
+
+ if ! use resolvconf; then
+ rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die
+ fi
+
+ if ! use sysv-utils; then
+ rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die
+ rm "${ED}"/usr/share/man/man1/init.1 || die
+ rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
+ fi
+
+ # https://bugs.gentoo.org/761763
+ rm -r "${ED}"/usr/lib/sysusers.d || die
+
+ # Preserve empty dirs in /etc & /var, bug #437008
+ keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+ keepdir /etc/kernel/install.d
+ keepdir /etc/systemd/{network,system,user}
+ keepdir /etc/udev/rules.d
+
+ keepdir /etc/udev/hwdb.d
+
+ keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
+ keepdir /usr/lib/{binfmt.d,modules-load.d}
+ keepdir /usr/lib/systemd/user-generators
+ keepdir /var/lib/systemd
+ keepdir /var/log/journal
+
+ if use pam; then
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
+
+ if use split-usr; then
+ # Avoid breaking boot/reboot
+ dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
+ dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
+ fi
+
+ gen_usr_ldscript -a systemd udev
+
+ use ukify && python_fix_shebang "${ED}"
+ use boot && secureboot_auto_sign
+}
+
+migrate_locale() {
+ local envd_locale_def="${EROOT}/etc/env.d/02locale"
+ local envd_locale=( "${EROOT}"/etc/env.d/??locale )
+ local locale_conf="${EROOT}/etc/locale.conf"
+
+ if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+ # If locale.conf does not exist...
+ if [[ -e ${envd_locale} ]]; then
+ # ...either copy env.d/??locale if there's one
+ ebegin "Moving ${envd_locale} to ${locale_conf}"
+ mv "${envd_locale}" "${locale_conf}"
+ eend ${?} || FAIL=1
+ else
+ # ...or create a dummy default
+ ebegin "Creating ${locale_conf}"
+ cat > "${locale_conf}" <<-EOF
+ # This file has been created by the sys-apps/systemd ebuild.
+ # See locale.conf(5) and localectl(1).
+
+ # LANG=${LANG}
+ EOF
+ eend ${?} || FAIL=1
+ fi
+ fi
+
+ if [[ ! -L ${envd_locale} ]]; then
+ # now, if env.d/??locale is not a symlink (to locale.conf)...
+ if [[ -e ${envd_locale} ]]; then
+ # ...warn the user that he has duplicate locale settings
+ ewarn
+ ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+ ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+ ewarn "and create the symlink with the following command:"
+ ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+ ewarn
+ else
+ # ...or just create the symlink if there's nothing here
+ ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+ ln -n -s ../locale.conf "${envd_locale_def}"
+ eend ${?} || FAIL=1
+ fi
+ fi
+}
+
+pkg_preinst() {
+ if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
+ # Symlink /etc/sysctl.conf for easy migration.
+ dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
+ fi
+
+ if ! use split-usr; then
+ local dir
+ for dir in bin sbin lib usr/sbin; do
+ if [[ ! -L ${EROOT}/${dir} ]]; then
+ eerror "'${EROOT}/${dir}' is not a symbolic link."
+ FAIL=1
+ fi
+ done
+ if [[ ${FAIL} ]]; then
+ eerror "Migration to system layout with merged directories must be performed before"
+ eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
+ die "System layout with split directories still used"
+ fi
+ fi
+ if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
+ ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
+ ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
+ fi
+}
+
+pkg_postinst() {
+ systemd_update_catalog
+
+ # Keep this here in case the database format changes so it gets updated
+ # when required.
+ systemd-hwdb --root="${ROOT}" update
+
+ udev_reload || FAIL=1
+
+ # Bug 465468, make sure locales are respected, and ensure consistency
+ # between OpenRC & systemd
+ migrate_locale
+
+ if [[ -z ${REPLACING_VERSIONS} ]]; then
+ if type systemctl &>/dev/null; then
+ systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
+ fi
+ elog "To enable a useful set of services, run the following:"
+ elog " systemctl preset-all --preset-mode=enable-only"
+ fi
+
+ if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
+ rm "${EROOT}/var/lib/systemd/timesync"
+ fi
+
+ if [[ ${FAIL} ]]; then
+ eerror "One of the postinst commands failed. Please check the postinst output"
+ eerror "for errors. You may need to clean up your system and/or try installing"
+ eerror "systemd again."
+ eerror
+ fi
+}
+
+pkg_prerm() {
+ # If removing systemd completely, remove the catalog database.
+ if [[ ! ${REPLACED_BY_VERSION} ]]; then
+ rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+ fi
+}
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2023-12-12 2:50 Sam James
0 siblings, 0 replies; 65+ messages in thread
From: Sam James @ 2023-12-12 2:50 UTC (permalink / raw
To: gentoo-commits
commit: b62348acb65f64622e8c55722dc76e74593336f1
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 12 02:41:31 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Dec 12 02:41:47 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b62348ac
sys-apps/systemd: backport systemd-analyze regression fix (for git test suite)
Link: https://lore.kernel.org/git/20231207062752.GA777253 <AT> coredump.intra.peff.net/T/#t
Bug: https://github.com/systemd/systemd/issues/30357
Bug: https://github.com/systemd/systemd/pull/30363
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../systemd/files/255-analyze-regression.patch | 156 +++++++
sys-apps/systemd/systemd-255-r1.ebuild | 510 +++++++++++++++++++++
2 files changed, 666 insertions(+)
diff --git a/sys-apps/systemd/files/255-analyze-regression.patch b/sys-apps/systemd/files/255-analyze-regression.patch
new file mode 100644
index 000000000000..cba6a479f1a7
--- /dev/null
+++ b/sys-apps/systemd/files/255-analyze-regression.patch
@@ -0,0 +1,156 @@
+Fixes a regression in the git test suite.
+
+https://lore.kernel.org/git/20231207062752.GA777253@coredump.intra.peff.net/T/#t
+https://github.com/systemd/systemd/issues/30357
+https://github.com/systemd/systemd/pull/30363
+https://github.com/systemd/systemd/commit/bf8726d1ee33047b138f677fe4c72ca9989680e8
+
+From 6d9d55657946385916fa4db7149a9b389645ee73 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Thu, 7 Dec 2023 19:29:29 +0900
+Subject: [PATCH 1/2] analyze: also find template unit when a template instance
+ is specified
+
+Fixes a regression caused by 2f6181ad4d6c126e3ebf6880ba30b3b0059c6fc8.
+
+Fixes #30357.
+
+Co-authored-by: Jeff King <peff@peff.net>
+--- a/src/analyze/analyze-verify-util.c
++++ b/src/analyze/analyze-verify-util.c
+@@ -72,6 +72,54 @@ int verify_prepare_filename(const char *filename, char **ret) {
+ return 0;
+ }
+
++static int find_unit_directory(const char *p, char **ret) {
++ _cleanup_free_ char *a = NULL, *u = NULL, *t = NULL, *d = NULL;
++ int r;
++
++ assert(p);
++ assert(ret);
++
++ r = path_make_absolute_cwd(p, &a);
++ if (r < 0)
++ return r;
++
++ if (access(a, F_OK) >= 0) {
++ r = path_extract_directory(a, &d);
++ if (r < 0)
++ return r;
++
++ *ret = TAKE_PTR(d);
++ return 0;
++ }
++
++ r = path_extract_filename(a, &u);
++ if (r < 0)
++ return r;
++
++ if (!unit_name_is_valid(u, UNIT_NAME_INSTANCE))
++ return -ENOENT;
++
++ /* If the specified unit is an instance of a template unit, then let's try to find the template unit. */
++ r = unit_name_template(u, &t);
++ if (r < 0)
++ return r;
++
++ r = path_extract_directory(a, &d);
++ if (r < 0)
++ return r;
++
++ free(a);
++ a = path_join(d, t);
++ if (!a)
++ return -ENOMEM;
++
++ if (access(a, F_OK) < 0)
++ return -errno;
++
++ *ret = TAKE_PTR(d);
++ return 0;
++}
++
+ int verify_set_unit_path(char **filenames) {
+ _cleanup_strv_free_ char **ans = NULL;
+ _cleanup_free_ char *joined = NULL;
+@@ -79,21 +127,15 @@ int verify_set_unit_path(char **filenames) {
+ int r;
+
+ STRV_FOREACH(filename, filenames) {
+- _cleanup_free_ char *a = NULL;
+- char *t;
++ _cleanup_free_ char *t = NULL;
+
+- r = path_make_absolute_cwd(*filename, &a);
+- if (r < 0)
++ r = find_unit_directory(*filename, &t);
++ if (r == -ENOMEM)
+ return r;
+-
+- if (access(a, F_OK) < 0)
+- continue;
+-
+- r = path_extract_directory(a, &t);
+ if (r < 0)
+- return r;
++ continue;
+
+- r = strv_consume(&ans, t);
++ r = strv_consume(&ans, TAKE_PTR(t));
+ if (r < 0)
+ return r;
+ }
+
+From 9d51ab78300364c71a0e1f138e1d2cbc65771b93 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Fri, 8 Dec 2023 10:41:49 +0900
+Subject: [PATCH 2/2] test: add test cases for issue #30357
+
+--- a/test/units/testsuite-65.sh
++++ b/test/units/testsuite-65.sh
+@@ -296,6 +296,44 @@ EOF
+ # Verifies that the --offline= option works with --root=
+ systemd-analyze security --threshold=90 --offline=true --root=/tmp/img/ testfile.service
+
++cat <<EOF >/tmp/foo@.service
++[Service]
++ExecStart=ls
++EOF
++
++cat <<EOF >/tmp/hoge@test.service
++[Service]
++ExecStart=ls
++EOF
++
++# issue #30357
++pushd /tmp
++systemd-analyze verify foo@bar.service
++systemd-analyze verify foo@.service
++systemd-analyze verify hoge@test.service
++(! systemd-analyze verify hoge@nonexist.service)
++(! systemd-analyze verify hoge@.service)
++popd
++pushd /
++systemd-analyze verify tmp/foo@bar.service
++systemd-analyze verify tmp/foo@.service
++systemd-analyze verify tmp/hoge@test.service
++(! systemd-analyze verify tmp/hoge@nonexist.service)
++(! systemd-analyze verify tmp/hoge@.service)
++popd
++pushd /usr
++systemd-analyze verify ../tmp/foo@bar.service
++systemd-analyze verify ../tmp/foo@.service
++systemd-analyze verify ../tmp/hoge@test.service
++(! systemd-analyze verify ../tmp/hoge@nonexist.service)
++(! systemd-analyze verify ../tmp/hoge@.service)
++popd
++systemd-analyze verify /tmp/foo@bar.service
++systemd-analyze verify /tmp/foo@.service
++systemd-analyze verify /tmp/hoge@test.service
++(! systemd-analyze verify /tmp/hoge@nonexist.service)
++(! systemd-analyze verify /tmp/hoge@.service)
++
+ # Added an additional "INVALID_ID" id to the .json to verify that nothing breaks when input is malformed
+ # The PrivateNetwork id description and weight was changed to verify that 'security' is actually reading in
+ # values from the .json file when required. The default weight for "PrivateNetwork" is 2500, and the new weight
+
diff --git a/sys-apps/systemd/systemd-255-r1.ebuild b/sys-apps/systemd/systemd-255-r1.ebuild
new file mode 100644
index 000000000000..2c96d3c84e46
--- /dev/null
+++ b/sys-apps/systemd/systemd-255-r1.ebuild
@@ -0,0 +1,510 @@
+# Copyright 2011-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+PYTHON_COMPAT=( python3_{10..12} )
+
+# Avoid QA warnings
+TMPFILES_OPTIONAL=1
+UDEV_OPTIONAL=1
+
+QA_PKGCONFIG_VERSION=$(ver_cut 1)
+
+if [[ ${PV} == 9999 ]]; then
+ EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+ inherit git-r3
+else
+ if [[ ${PV} == *.* ]]; then
+ MY_PN=systemd-stable
+ else
+ MY_PN=systemd
+ fi
+ MY_PV=${PV/_/-}
+ MY_P=${MY_PN}-${MY_PV}
+ S=${WORKDIR}/${MY_P}
+ SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
+
+ if [[ ${PV} != *rc* ]] ; then
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+ fi
+fi
+
+inherit bash-completion-r1 linux-info meson-multilib pam python-single-r1
+inherit secureboot systemd toolchain-funcs udev
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="http://systemd.io/"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="
+ acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
+ fido2 +gcrypt gnutls homed http idn importd iptables kernel-install +kmod
+ +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
+ +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
+"
+REQUIRED_USE="
+ ${PYTHON_REQUIRED_USE}
+ dns-over-tls? ( || ( gnutls openssl ) )
+ fido2? ( cryptsetup openssl )
+ homed? ( cryptsetup pam openssl )
+ importd? ( curl lzma || ( gcrypt openssl ) )
+ pwquality? ( homed )
+ boot? ( kernel-install )
+ ukify? ( boot )
+"
+RESTRICT="!test? ( test )"
+
+MINKV="4.15"
+
+COMMON_DEPEND="
+ >=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}]
+ sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+ virtual/libcrypt:=[${MULTILIB_USEDEP}]
+ acl? ( sys-apps/acl:0= )
+ apparmor? ( >=sys-libs/libapparmor-2.13:0= )
+ audit? ( >=sys-process/audit-2:0= )
+ cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
+ curl? ( >=net-misc/curl-7.32.0:0= )
+ elfutils? ( >=dev-libs/elfutils-0.158:0= )
+ fido2? ( dev-libs/libfido2:0= )
+ gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+ gnutls? ( >=net-libs/gnutls-3.6.0:0= )
+ http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
+ idn? ( net-dns/libidn2:= )
+ importd? (
+ app-arch/bzip2:0=
+ sys-libs/zlib:0=
+ )
+ kmod? ( >=sys-apps/kmod-15:0= )
+ lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+ iptables? ( net-firewall/iptables:0= )
+ openssl? ( >=dev-libs/openssl-1.1.0:0= )
+ pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
+ pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= )
+ pcre? ( dev-libs/libpcre2 )
+ pwquality? ( >=dev-libs/libpwquality-1.4.1:0= )
+ qrcode? ( >=media-gfx/qrencode-3:0= )
+ seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+ selinux? ( >=sys-libs/libselinux-2.1.9:0= )
+ tpm? ( app-crypt/tpm2-tss:0= )
+ xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
+ zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
+"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+ >=sys-kernel/linux-headers-${MINKV}
+"
+
+PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+ >=acct-group/adm-0-r1
+ >=acct-group/wheel-0-r1
+ >=acct-group/kmem-0-r1
+ >=acct-group/tty-0-r1
+ >=acct-group/utmp-0-r1
+ >=acct-group/audio-0-r1
+ >=acct-group/cdrom-0-r1
+ >=acct-group/dialout-0-r1
+ >=acct-group/disk-0-r1
+ >=acct-group/input-0-r1
+ >=acct-group/kvm-0-r1
+ >=acct-group/lp-0-r1
+ >=acct-group/render-0-r1
+ acct-group/sgx
+ >=acct-group/tape-0-r1
+ acct-group/users
+ >=acct-group/video-0-r1
+ >=acct-group/systemd-journal-0-r1
+ >=acct-user/root-0-r1
+ acct-user/nobody
+ >=acct-user/systemd-journal-remote-0-r1
+ >=acct-user/systemd-coredump-0-r1
+ >=acct-user/systemd-network-0-r1
+ acct-user/systemd-oom
+ >=acct-user/systemd-resolve-0-r1
+ >=acct-user/systemd-timesync-0-r1
+ >=sys-apps/baselayout-2.2
+ ukify? (
+ ${PYTHON_DEPS}
+ $(python_gen_cond_dep "${PEFILE_DEPEND}")
+ )
+ selinux? (
+ sec-policy/selinux-base-policy[systemd]
+ sec-policy/selinux-ntp
+ )
+ sysv-utils? (
+ !sys-apps/openrc[sysv-utils(-)]
+ !sys-apps/sysvinit
+ )
+ !sysv-utils? ( sys-apps/sysvinit )
+ resolvconf? ( !net-dns/openresolv )
+ !sys-apps/hwids[udev]
+ !sys-auth/nss-myhostname
+ !sys-fs/eudev
+ !sys-fs/udev
+"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+ >=sys-fs/udev-init-scripts-34
+ policykit? ( sys-auth/polkit )
+ !vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+BDEPEND="
+ app-arch/xz-utils:0
+ dev-util/gperf
+ >=dev-util/meson-0.46
+ >=sys-apps/coreutils-8.16
+ sys-devel/gettext
+ virtual/pkgconfig
+ test? (
+ app-text/tree
+ dev-lang/perl
+ sys-apps/dbus
+ )
+ app-text/docbook-xml-dtd:4.2
+ app-text/docbook-xml-dtd:4.5
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt:0
+ ${PYTHON_DEPS}
+ $(python_gen_cond_dep "
+ dev-python/jinja[\${PYTHON_USEDEP}]
+ dev-python/lxml[\${PYTHON_USEDEP}]
+ boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] )
+ ukify? ( test? ( ${PEFILE_DEPEND} ) )
+ ")
+"
+
+QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
+QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
+
+pkg_pretend() {
+ if use split-usr; then
+ eerror "Please complete the migration to merged-usr."
+ eerror "https://wiki.gentoo.org/wiki/Merge-usr"
+ die "systemd no longer supports split-usr"
+ fi
+ if [[ ${MERGE_TYPE} != buildonly ]]; then
+ if use test && has pid-sandbox ${FEATURES}; then
+ ewarn "Tests are known to fail with PID sandboxing enabled."
+ ewarn "See https://bugs.gentoo.org/674458."
+ fi
+
+ local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
+ ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+ ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+ ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
+ ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+ ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+ ~!SYSFS_DEPRECATED_V2"
+
+ use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+ use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+
+ if kernel_is -ge 5 10 20; then
+ CONFIG_CHECK+=" ~KCMP"
+ else
+ CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
+ fi
+
+ if kernel_is -ge 4 18; then
+ CONFIG_CHECK+=" ~AUTOFS_FS"
+ else
+ CONFIG_CHECK+=" ~AUTOFS4_FS"
+ fi
+
+ if linux_config_exists; then
+ local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+ if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+ ewarn "It's recommended to set an empty value to the following kernel config option:"
+ ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+ fi
+ if linux_chkconfig_present X86; then
+ CONFIG_CHECK+=" ~DMIID"
+ fi
+ fi
+
+ if kernel_is -lt ${MINKV//./ }; then
+ ewarn "Kernel version at least ${MINKV} required"
+ fi
+
+ check_extra_config
+ fi
+}
+
+pkg_setup() {
+ use boot && secureboot_pkg_setup
+}
+
+src_unpack() {
+ default
+ [[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+ local PATCHES=(
+ "${FILESDIR}"/255-analyze-regression.patch
+ )
+
+ if ! use vanilla; then
+ PATCHES+=(
+ "${FILESDIR}/gentoo-generator-path-r2.patch"
+ "${FILESDIR}/gentoo-journald-audit-r1.patch"
+ )
+ fi
+
+ default
+}
+
+src_configure() {
+ # Prevent conflicts with i686 cross toolchain, bug 559726
+ tc-export AR CC NM OBJCOPY RANLIB
+
+ python_setup
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=(
+ --localstatedir="${EPREFIX}/var"
+ # default is developer, bug 918671
+ -Dmode=release
+ -Dsupport-url="https://gentoo.org/support/"
+ -Dpamlibdir="$(getpam_mod_dir)"
+ # avoid bash-completion dep
+ -Dbashcompletiondir="$(get_bashcompdir)"
+ -Dsplit-bin=false
+ # Disable compatibility with sysvinit
+ -Dsysvinit-path=
+ -Dsysvrcnd-path=
+ # Avoid infinite exec recursion, bug 642724
+ -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+ # no deps
+ -Dima=true
+ -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
+ # Optional components/dependencies
+ $(meson_native_use_bool acl)
+ $(meson_native_use_bool apparmor)
+ $(meson_native_use_bool audit)
+ $(meson_native_use_bool boot bootloader)
+ $(meson_native_use_bool cryptsetup libcryptsetup)
+ $(meson_native_use_bool curl libcurl)
+ $(meson_native_use_bool dns-over-tls dns-over-tls)
+ $(meson_native_use_bool elfutils)
+ $(meson_native_use_bool fido2 libfido2)
+ $(meson_use gcrypt)
+ $(meson_native_use_bool gnutls)
+ $(meson_native_use_bool homed)
+ $(meson_native_use_bool http microhttpd)
+ $(meson_native_use_bool idn)
+ $(meson_native_use_bool importd)
+ $(meson_native_use_bool importd bzip2)
+ $(meson_native_use_bool importd zlib)
+ $(meson_native_use_bool kernel-install)
+ $(meson_native_use_bool kmod)
+ $(meson_use lz4)
+ $(meson_use lzma xz)
+ $(meson_use test tests)
+ $(meson_use zstd)
+ $(meson_native_use_bool iptables libiptc)
+ $(meson_native_use_bool openssl)
+ $(meson_use pam)
+ $(meson_native_use_bool pkcs11 p11kit)
+ $(meson_native_use_bool pcre pcre2)
+ $(meson_native_use_bool policykit polkit)
+ $(meson_native_use_bool pwquality)
+ $(meson_native_use_bool qrcode qrencode)
+ $(meson_native_use_bool seccomp)
+ $(meson_native_use_bool selinux)
+ $(meson_native_use_bool tpm tpm2)
+ $(meson_native_use_bool test dbus)
+ $(meson_native_use_bool ukify)
+ $(meson_native_use_bool xkb xkbcommon)
+ -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+ # Breaks screen, tmux, etc.
+ -Ddefault-kill-user-processes=false
+ -Dcreate-log-dirs=false
+
+ # multilib options
+ $(meson_native_true backlight)
+ $(meson_native_true binfmt)
+ $(meson_native_true coredump)
+ $(meson_native_true environment-d)
+ $(meson_native_true firstboot)
+ $(meson_native_true hibernate)
+ $(meson_native_true hostnamed)
+ $(meson_native_true ldconfig)
+ $(meson_native_true localed)
+ $(meson_native_true man)
+ $(meson_native_true networkd)
+ $(meson_native_true quotacheck)
+ $(meson_native_true randomseed)
+ $(meson_native_true rfkill)
+ $(meson_native_true sysusers)
+ $(meson_native_true timedated)
+ $(meson_native_true timesyncd)
+ $(meson_native_true tmpfiles)
+ $(meson_native_true vconsole)
+ )
+
+ meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_test() {
+ unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
+ local -x COLUMNS=80
+ meson_src_test
+}
+
+multilib_src_install_all() {
+ # meson doesn't know about docdir
+ mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
+
+ einstalldocs
+ dodoc "${FILESDIR}"/nsswitch.conf
+
+ insinto /usr/lib/tmpfiles.d
+ doins "${FILESDIR}"/legacy.conf
+
+ if ! use resolvconf; then
+ rm -f "${ED}"/usr/bin/resolvconf || die
+ fi
+
+ if ! use sysv-utils; then
+ rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die
+ rm "${ED}"/usr/share/man/man1/init.1 || die
+ rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
+ fi
+
+ # https://bugs.gentoo.org/761763
+ rm -r "${ED}"/usr/lib/sysusers.d || die
+
+ # Preserve empty dirs in /etc & /var, bug #437008
+ keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+ keepdir /etc/kernel/install.d
+ keepdir /etc/systemd/{network,system,user}
+ keepdir /etc/udev/rules.d
+
+ keepdir /etc/udev/hwdb.d
+
+ keepdir /usr/lib/systemd/{system-sleep,system-shutdown}
+ keepdir /usr/lib/{binfmt.d,modules-load.d}
+ keepdir /usr/lib/systemd/user-generators
+ keepdir /var/lib/systemd
+ keepdir /var/log/journal
+
+ if use pam; then
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
+
+ use ukify && python_fix_shebang "${ED}"
+ use boot && secureboot_auto_sign
+}
+
+migrate_locale() {
+ local envd_locale_def="${EROOT}/etc/env.d/02locale"
+ local envd_locale=( "${EROOT}"/etc/env.d/??locale )
+ local locale_conf="${EROOT}/etc/locale.conf"
+
+ if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+ # If locale.conf does not exist...
+ if [[ -e ${envd_locale} ]]; then
+ # ...either copy env.d/??locale if there's one
+ ebegin "Moving ${envd_locale} to ${locale_conf}"
+ mv "${envd_locale}" "${locale_conf}"
+ eend ${?} || FAIL=1
+ else
+ # ...or create a dummy default
+ ebegin "Creating ${locale_conf}"
+ cat > "${locale_conf}" <<-EOF
+ # This file has been created by the sys-apps/systemd ebuild.
+ # See locale.conf(5) and localectl(1).
+
+ # LANG=${LANG}
+ EOF
+ eend ${?} || FAIL=1
+ fi
+ fi
+
+ if [[ ! -L ${envd_locale} ]]; then
+ # now, if env.d/??locale is not a symlink (to locale.conf)...
+ if [[ -e ${envd_locale} ]]; then
+ # ...warn the user that he has duplicate locale settings
+ ewarn
+ ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+ ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+ ewarn "and create the symlink with the following command:"
+ ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+ ewarn
+ else
+ # ...or just create the symlink if there's nothing here
+ ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+ ln -n -s ../locale.conf "${envd_locale_def}"
+ eend ${?} || FAIL=1
+ fi
+ fi
+}
+
+pkg_preinst() {
+ if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
+ # Symlink /etc/sysctl.conf for easy migration.
+ dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
+ fi
+
+ if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
+ ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
+ ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
+ fi
+}
+
+pkg_postinst() {
+ systemd_update_catalog
+
+ # Keep this here in case the database format changes so it gets updated
+ # when required.
+ systemd-hwdb --root="${ROOT}" update
+
+ udev_reload || FAIL=1
+
+ # Bug 465468, make sure locales are respected, and ensure consistency
+ # between OpenRC & systemd
+ migrate_locale
+
+ if [[ -z ${REPLACING_VERSIONS} ]]; then
+ if type systemctl &>/dev/null; then
+ systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
+ fi
+ elog "To enable a useful set of services, run the following:"
+ elog " systemctl preset-all --preset-mode=enable-only"
+ fi
+
+ if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
+ rm "${EROOT}/var/lib/systemd/timesync"
+ fi
+
+ if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
+ ebegin "Reexecuting system manager (systemd)"
+ systemctl daemon-reexec
+ eend $? || FAIL=1
+ fi
+
+ if [[ ${FAIL} ]]; then
+ eerror "One of the postinst commands failed. Please check the postinst output"
+ eerror "for errors. You may need to clean up your system and/or try installing"
+ eerror "systemd again."
+ eerror
+ fi
+}
+
+pkg_prerm() {
+ # If removing systemd completely, remove the catalog database.
+ if [[ ! ${REPLACED_BY_VERSION} ]]; then
+ rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+ fi
+}
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2023-08-17 1:08 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2023-08-17 1:08 UTC (permalink / raw
To: gentoo-commits
commit: 2dcfd6ce1952b2c37fefd04fe11cfbb1ef8ebe41
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 17 01:07:13 2023 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Aug 17 01:07:13 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2dcfd6ce
sys-apps/systemd: backport tmpfiles/udev fix
Closes: https://bugs.gentoo.org/911723
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
.../systemd-254.1-tmpfiles-setup-dev-early.patch | 252 +++++++++++++++++++++
...ystemd-254.1.ebuild => systemd-254.1-r1.ebuild} | 1 +
2 files changed, 253 insertions(+)
diff --git a/sys-apps/systemd/files/systemd-254.1-tmpfiles-setup-dev-early.patch b/sys-apps/systemd/files/systemd-254.1-tmpfiles-setup-dev-early.patch
new file mode 100644
index 000000000000..77f6e19fe6c8
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-254.1-tmpfiles-setup-dev-early.patch
@@ -0,0 +1,252 @@
+https://github.com/systemd/systemd/pull/28784
+https://bugs.gentoo.org/911723
+
+From bb7f485f4bddd57bbf50739bafa43d127bab59d6 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sat, 12 Aug 2023 07:54:32 +0900
+Subject: [PATCH] units: introduce systemd-tmpfiles-setup-dev-early.service
+
+This makes tmpfiles, sysusers, and udevd invoked in the following order:
+1. systemd-tmpfiles-setup-dev-early.service
+ Create device nodes gracefully, that is, create device nodes anyway
+ by ignoring unknown users and groups.
+2. systemd-sysusers.service
+ Create users and groups, to make later invocations of tmpfiles and
+ udevd can resolve necessary users and groups.
+3. systemd-tmpfiles-setup-dev.service
+ Adjust owners of previously created device nodes.
+4. systemd-udevd.service
+ Process all devices. Especially to make block devices active and can
+ be mountable.
+5. systemd-tmpfiles-setup.service
+ Setup basic filesystem.
+
+Follow-up for b42482af904ae0b94a6e4501ec595448f0ba1c06.
+
+Fixes #28653.
+Replaces #28681 and #28732.
+---
+ man/systemd-tmpfiles.xml | 3 +
+ test/TEST-17-UDEV/test.sh | 4 ++
+ test/units/testsuite-17.00.sh | 57 +++++++++++++++++++
+ units/kmod-static-nodes.service.in | 2 +-
+ units/meson.build | 5 ++
+ units/systemd-sysusers.service | 2 +
+ .../systemd-tmpfiles-setup-dev-early.service | 25 ++++++++
+ units/systemd-tmpfiles-setup-dev.service | 3 +-
+ units/systemd-tmpfiles-setup.service | 2 +-
+ 9 files changed, 100 insertions(+), 3 deletions(-)
+ create mode 100755 test/units/testsuite-17.00.sh
+ create mode 100644 units/systemd-tmpfiles-setup-dev-early.service
+
+diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml
+index decd66d5c667..0db2a4b03b46 100644
+--- a/man/systemd-tmpfiles.xml
++++ b/man/systemd-tmpfiles.xml
+@@ -19,6 +19,7 @@
+ <refnamediv>
+ <refname>systemd-tmpfiles</refname>
+ <refname>systemd-tmpfiles-setup.service</refname>
++ <refname>systemd-tmpfiles-setup-dev-early.service</refname>
+ <refname>systemd-tmpfiles-setup-dev.service</refname>
+ <refname>systemd-tmpfiles-clean.service</refname>
+ <refname>systemd-tmpfiles-clean.timer</refname>
+@@ -35,6 +36,7 @@
+
+ <para>System units:
+ <literallayout><filename>systemd-tmpfiles-setup.service</filename>
++<filename>systemd-tmpfiles-setup-dev-early.service</filename>
+ <filename>systemd-tmpfiles-setup-dev.service</filename>
+ <filename>systemd-tmpfiles-clean.service</filename>
+ <filename>systemd-tmpfiles-clean.timer</filename></literallayout></para>
+@@ -64,6 +66,7 @@
+ searched for a matching file and the file found that has the highest priority is executed.</para>
+
+ <para>System services (<filename>systemd-tmpfiles-setup.service</filename>,
++ <filename>systemd-tmpfiles-setup-dev-early.service</filename>,
+ <filename>systemd-tmpfiles-setup-dev.service</filename>,
+ <filename>systemd-tmpfiles-clean.service</filename>) invoke <command>systemd-tmpfiles</command> to create
+ system files and to perform system wide cleanup. Those services read administrator-controlled
+diff --git a/test/TEST-17-UDEV/test.sh b/test/TEST-17-UDEV/test.sh
+index 6b8f08fc328a..f7a907549607 100755
+--- a/test/TEST-17-UDEV/test.sh
++++ b/test/TEST-17-UDEV/test.sh
+@@ -8,5 +8,9 @@ TEST_NO_NSPAWN=1
+ # shellcheck source=test/test-functions
+ . "${TEST_BASE_DIR:?}/test-functions"
+
++test_append_files() {
++ instmods snd_seq snd_timer tun
++ generate_module_dependencies
++}
+
+ do_test "$@"
+diff --git a/test/units/testsuite-17.00.sh b/test/units/testsuite-17.00.sh
+new file mode 100755
+index 000000000000..d2aec60b1326
+--- /dev/null
++++ b/test/units/testsuite-17.00.sh
+@@ -0,0 +1,57 @@
++#!/usr/bin/env bash
++# SPDX-License-Identifier: LGPL-2.1-or-later
++set -ex
++set -o pipefail
++
++# shellcheck source=test/units/util.sh
++. "$(dirname "$0")"/util.sh
++
++# Tests for issue #28588 and #28653.
++
++# On boot, services need to be started in the following order:
++# 1. systemd-tmpfiles-setup-dev-early.service
++# 2. systemd-sysusers.service
++# 3. systemd-tmpfiles-setup-dev.service
++# 4. systemd-udevd.service
++
++output="$(systemctl show --property After --value systemd-udevd.service)"
++assert_in "systemd-tmpfiles-setup-dev-early.service" "$output"
++assert_in "systemd-sysusers.service" "$output"
++assert_in "systemd-tmpfiles-setup-dev.service" "$output"
++
++output="$(systemctl show --property After --value systemd-tmpfiles-setup-dev.service)"
++assert_in "systemd-tmpfiles-setup-dev-early.service" "$output"
++assert_in "systemd-sysusers.service" "$output"
++
++output="$(systemctl show --property After --value systemd-sysusers.service)"
++assert_in "systemd-tmpfiles-setup-dev-early.service" "$output"
++
++check_owner_and_mode() {
++ local dev=${1?}
++ local user=${2?}
++ local group=${3?}
++ local mode=${4:-}
++
++ if [[ -e "$dev" ]]; then
++ assert_in "$user" "$(stat --format=%U "$dev")"
++ assert_in "$group" "$(stat --format=%G "$dev")"
++ if [[ -n "$mode" ]]; then
++ assert_in "$mode" "$(stat --format=%#0a "$dev")"
++ fi
++ fi
++
++ return 0
++}
++
++# Check owner and access mode specified in static-nodes-permissions.conf
++check_owner_and_mode /dev/snd/seq root audio 0660
++check_owner_and_mode /dev/snd/timer root audio 0660
++check_owner_and_mode /dev/loop-control root disk 0660
++check_owner_and_mode /dev/net/tun root root 0666
++check_owner_and_mode /dev/fuse root root 0666
++check_owner_and_mode /dev/vfio/vfio root root 0666
++check_owner_and_mode /dev/kvm root kvm
++check_owner_and_mode /dev/vhost-net root kvm
++check_owner_and_mode /dev/vhost-vsock root kvm
++
++exit 0
+diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in
+index 777e82d16b90..70605d997e0a 100644
+--- a/units/kmod-static-nodes.service.in
++++ b/units/kmod-static-nodes.service.in
+@@ -10,7 +10,7 @@
+ [Unit]
+ Description=Create List of Static Device Nodes
+ DefaultDependencies=no
+-Before=sysinit.target systemd-tmpfiles-setup-dev.service
++Before=sysinit.target systemd-tmpfiles-setup-dev-early.service
+ ConditionCapability=CAP_SYS_MODULE
+ ConditionFileNotEmpty=/lib/modules/%v/modules.devname
+
+diff --git a/units/meson.build b/units/meson.build
+index 96ad1dc85016..20665e040874 100644
+--- a/units/meson.build
++++ b/units/meson.build
+@@ -544,6 +544,11 @@ units = [
+ 'conditions' : ['ENABLE_TMPFILES'],
+ 'symlinks' : ['timers.target.wants/'],
+ },
++ {
++ 'file' : 'systemd-tmpfiles-setup-dev-early.service',
++ 'conditions' : ['ENABLE_TMPFILES'],
++ 'symlinks' : ['sysinit.target.wants/'],
++ },
+ {
+ 'file' : 'systemd-tmpfiles-setup-dev.service',
+ 'conditions' : ['ENABLE_TMPFILES'],
+diff --git a/units/systemd-sysusers.service b/units/systemd-sysusers.service
+index 84fd66de37aa..de6c71a03825 100644
+--- a/units/systemd-sysusers.service
++++ b/units/systemd-sysusers.service
+@@ -16,6 +16,8 @@ ConditionCredential=|sysusers.extra
+
+ DefaultDependencies=no
+ After=systemd-remount-fs.service
++After=systemd-tmpfiles-setup-dev-early.service
++Before=systemd-tmpfiles-setup-dev.service
+ Before=sysinit.target systemd-update-done.service
+ Conflicts=shutdown.target initrd-switch-root.target
+ Before=shutdown.target initrd-switch-root.target
+diff --git a/units/systemd-tmpfiles-setup-dev-early.service b/units/systemd-tmpfiles-setup-dev-early.service
+new file mode 100644
+index 000000000000..0d6f0daaae32
+--- /dev/null
++++ b/units/systemd-tmpfiles-setup-dev-early.service
+@@ -0,0 +1,25 @@
++# SPDX-License-Identifier: LGPL-2.1-or-later
++#
++# This file is part of systemd.
++#
++# systemd is free software; you can redistribute it and/or modify it
++# under the terms of the GNU Lesser General Public License as published by
++# the Free Software Foundation; either version 2.1 of the License, or
++# (at your option) any later version.
++
++[Unit]
++Description=Create Static Device Nodes in /dev gracefully
++Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8)
++
++DefaultDependencies=no
++Before=sysinit.target local-fs-pre.target systemd-udevd.service
++Wants=local-fs-pre.target
++Conflicts=shutdown.target initrd-switch-root.target
++Before=shutdown.target initrd-switch-root.target
++
++[Service]
++Type=oneshot
++RemainAfterExit=yes
++ExecStart=systemd-tmpfiles --prefix=/dev --create --boot --graceful
++SuccessExitStatus=DATAERR CANTCREAT
++ImportCredential=tmpfiles.*
+diff --git a/units/systemd-tmpfiles-setup-dev.service b/units/systemd-tmpfiles-setup-dev.service
+index acaa9510aa60..3016b497493f 100644
+--- a/units/systemd-tmpfiles-setup-dev.service
++++ b/units/systemd-tmpfiles-setup-dev.service
+@@ -12,6 +12,7 @@ Description=Create Static Device Nodes in /dev
+ Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8)
+
+ DefaultDependencies=no
++After=systemd-tmpfiles-setup-dev-early.service
+ Before=sysinit.target local-fs-pre.target systemd-udevd.service
+ Wants=local-fs-pre.target
+ Conflicts=shutdown.target initrd-switch-root.target
+@@ -20,6 +21,6 @@ Before=shutdown.target initrd-switch-root.target
+ [Service]
+ Type=oneshot
+ RemainAfterExit=yes
+-ExecStart=systemd-tmpfiles --prefix=/dev --create --boot --graceful
++ExecStart=systemd-tmpfiles --prefix=/dev --create --boot
+ SuccessExitStatus=DATAERR CANTCREAT
+ ImportCredential=tmpfiles.*
+diff --git a/units/systemd-tmpfiles-setup.service b/units/systemd-tmpfiles-setup.service
+index 6c5e3de8fd96..6cae32850f4f 100644
+--- a/units/systemd-tmpfiles-setup.service
++++ b/units/systemd-tmpfiles-setup.service
+@@ -21,7 +21,7 @@ RefuseManualStop=yes
+ [Service]
+ Type=oneshot
+ RemainAfterExit=yes
+-ExecStart=systemd-tmpfiles --create --remove --boot
++ExecStart=systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev
+ SuccessExitStatus=DATAERR CANTCREAT
+ ImportCredential=tmpfiles.*
+ ImportCredential=login.motd
diff --git a/sys-apps/systemd/systemd-254.1.ebuild b/sys-apps/systemd/systemd-254.1-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-254.1.ebuild
rename to sys-apps/systemd/systemd-254.1-r1.ebuild
index a03b6cbadd51..c0ddb15afd95 100644
--- a/sys-apps/systemd/systemd-254.1.ebuild
+++ b/sys-apps/systemd/systemd-254.1-r1.ebuild
@@ -241,6 +241,7 @@ src_unpack() {
src_prepare() {
local PATCHES=(
"${FILESDIR}/systemd-253-initrd-generators.patch"
+ "${FILESDIR}/systemd-254.1-tmpfiles-setup-dev-early.patch"
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2023-08-05 23:07 Sam James
0 siblings, 0 replies; 65+ messages in thread
From: Sam James @ 2023-08-05 23:07 UTC (permalink / raw
To: gentoo-commits
commit: 939a1468f8957a670026888a01d4601a00f17142
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 5 23:06:46 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Aug 5 23:06:54 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=939a1468
sys-apps/systemd: backport tmpfiles/udev permissions race fix
Closes: https://bugs.gentoo.org/911723
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../systemd/files/systemd-254-tmpfiles-udev.patch | 88 ++++
sys-apps/systemd/systemd-254-r2.ebuild | 528 +++++++++++++++++++++
2 files changed, 616 insertions(+)
diff --git a/sys-apps/systemd/files/systemd-254-tmpfiles-udev.patch b/sys-apps/systemd/files/systemd-254-tmpfiles-udev.patch
new file mode 100644
index 000000000000..04dd166310c8
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-254-tmpfiles-udev.patch
@@ -0,0 +1,88 @@
+https://bugs.gentoo.org/911723
+https://github.com/systemd/systemd/issues/28588
+https://github.com/systemd/systemd/issues/28653
+https://github.com/systemd/systemd/pull/28681
+
+(Skipped first commit as it was a revert of https://github.com/systemd/systemd/commit/a3d610998ad3b4c88224fe89a048a84dbceb652b.patc
+which wasn't in 254.)
+
+From 31845ef554877525dc4ff4f25ad11ad805ebf81c Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sat, 5 Aug 2023 04:37:19 +0900
+Subject: [PATCH 2/4] unit: make udev rules take precesence over tmpfiles
+
+Without this change, there are no ordering between udevd and tmpfiles,
+and if tmpfiles is invoked later it may discard the permission set by
+udevd.
+
+Fixes an issue introduced by b42482af904ae0b94a6e4501ec595448f0ba1c06.
+
+Fixes #28588 and #28653.
+--- a/units/systemd-udevd.service.in
++++ b/units/systemd-udevd.service.in
+@@ -12,6 +12,7 @@ Description=Rule-based Manager for Device Events and Files
+ Documentation=man:systemd-udevd.service(8) man:udev(7)
+ DefaultDependencies=no
+ After=systemd-sysusers.service systemd-hwdb-update.service
++After=systemd-tmpfiles-setup-dev.service
+ Before=sysinit.target
+ ConditionPathIsReadWrite=/sys
+
+
+From b768379e8b494b025f41946205944a6f3a1a553f Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sat, 5 Aug 2023 04:52:16 +0900
+Subject: [PATCH 3/4] test: add short test for device node permission
+
+--- /dev/null
++++ b/test/units/testsuite-17.00.sh
+@@ -0,0 +1,18 @@
++#!/usr/bin/env bash
++# SPDX-License-Identifier: LGPL-2.1-or-later
++set -ex
++set -o pipefail
++
++# shellcheck source=test/units/util.sh
++. "$(dirname "$0")"/util.sh
++
++# Tests for issue #28588 and #28653.
++
++assert_in "systemd-tmpfiles-setup-dev.service" "$(systemctl show --property After --value systemd-udevd.service)"
++assert_in "systemd-udevd.service" "$(systemctl show --property Before --value systemd-tmpfiles-setup-dev.service)"
++
++if [[ -f /dev/vfio/vfio ]]; then
++ assert_in "crw-rw-rw-" "$(stat --format=%A /dev/vfio/vfio)"
++fi
++
++exit 0
+
+From 23acdb8d0b04d46ecdc88a45594135c321dbfd5b Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sat, 5 Aug 2023 05:03:16 +0900
+Subject: [PATCH 4/4] test: shorten timeout for 'udevadm monitor'
+
+The command should never finish, it is not necessary to wait so long.
+--- a/test/units/testsuite-17.10.sh
++++ b/test/units/testsuite-17.10.sh
+@@ -79,13 +79,13 @@ udevadm info -w /sys/class/net/$netdev
+ udevadm info --wait-for-initialization=5 /sys/class/net/$netdev
+ udevadm info -h
+
+-assert_rc 124 timeout 5 udevadm monitor
+-assert_rc 124 timeout 5 udevadm monitor -k
+-assert_rc 124 timeout 5 udevadm monitor -u
+-assert_rc 124 timeout 5 udevadm monitor -s net
+-assert_rc 124 timeout 5 udevadm monitor --subsystem-match net/$netdev
+-assert_rc 124 timeout 5 udevadm monitor -t systemd
+-assert_rc 124 timeout 5 udevadm monitor --tag-match hello
++assert_rc 124 timeout 1 udevadm monitor
++assert_rc 124 timeout 1 udevadm monitor -k
++assert_rc 124 timeout 1 udevadm monitor -u
++assert_rc 124 timeout 1 udevadm monitor -s net
++assert_rc 124 timeout 1 udevadm monitor --subsystem-match net/$netdev
++assert_rc 124 timeout 1 udevadm monitor -t systemd
++assert_rc 124 timeout 1 udevadm monitor --tag-match hello
+ udevadm monitor -h
+
+ udevadm settle
+
diff --git a/sys-apps/systemd/systemd-254-r2.ebuild b/sys-apps/systemd/systemd-254-r2.ebuild
new file mode 100644
index 000000000000..4005bb141fa7
--- /dev/null
+++ b/sys-apps/systemd/systemd-254-r2.ebuild
@@ -0,0 +1,528 @@
+# Copyright 2011-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+PYTHON_COMPAT=( python3_{10..11} )
+
+# Avoid QA warnings
+TMPFILES_OPTIONAL=1
+UDEV_OPTIONAL=1
+
+QA_PKGCONFIG_VERSION=$(ver_cut 1)
+
+if [[ ${PV} == 9999 ]]; then
+ EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+ inherit git-r3
+else
+ if [[ ${PV} == *.* ]]; then
+ MY_PN=systemd-stable
+ else
+ MY_PN=systemd
+ fi
+ MY_PV=${PV/_/-}
+ MY_P=${MY_PN}-${MY_PV}
+ S=${WORKDIR}/${MY_P}
+ SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+fi
+
+inherit bash-completion-r1 linux-info meson-multilib pam python-single-r1
+inherit secureboot systemd toolchain-funcs udev usr-ldscript
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="http://systemd.io/"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="
+ acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
+ fido2 +gcrypt gnutls homed http idn importd iptables +kmod
+ +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
+ +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd
+"
+REQUIRED_USE="
+ ${PYTHON_REQUIRED_USE}
+ dns-over-tls? ( || ( gnutls openssl ) )
+ fido2? ( cryptsetup openssl )
+ homed? ( cryptsetup pam openssl )
+ importd? ( curl lzma || ( gcrypt openssl ) )
+ pwquality? ( homed )
+"
+RESTRICT="!test? ( test )"
+
+MINKV="4.15"
+
+COMMON_DEPEND="
+ >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+ sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+ virtual/libcrypt:=[${MULTILIB_USEDEP}]
+ acl? ( sys-apps/acl:0= )
+ apparmor? ( sys-libs/libapparmor:0= )
+ audit? ( >=sys-process/audit-2:0= )
+ cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
+ curl? ( net-misc/curl:0= )
+ elfutils? ( >=dev-libs/elfutils-0.158:0= )
+ fido2? ( dev-libs/libfido2:0= )
+ gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+ gnutls? ( >=net-libs/gnutls-3.6.0:0= )
+ http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
+ idn? ( net-dns/libidn2:= )
+ importd? (
+ app-arch/bzip2:0=
+ sys-libs/zlib:0=
+ )
+ kmod? ( >=sys-apps/kmod-15:0= )
+ lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+ iptables? ( net-firewall/iptables:0= )
+ openssl? ( >=dev-libs/openssl-1.1.0:0= )
+ pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
+ pkcs11? ( app-crypt/p11-kit:0= )
+ pcre? ( dev-libs/libpcre2 )
+ pwquality? ( dev-libs/libpwquality:0= )
+ qrcode? ( media-gfx/qrencode:0= )
+ seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+ selinux? ( sys-libs/libselinux:0= )
+ tpm? ( app-crypt/tpm2-tss:0= )
+ xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
+ zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
+"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+ >=sys-kernel/linux-headers-${MINKV}
+"
+
+PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+ >=acct-group/adm-0-r1
+ >=acct-group/wheel-0-r1
+ >=acct-group/kmem-0-r1
+ >=acct-group/tty-0-r1
+ >=acct-group/utmp-0-r1
+ >=acct-group/audio-0-r1
+ >=acct-group/cdrom-0-r1
+ >=acct-group/dialout-0-r1
+ >=acct-group/disk-0-r1
+ >=acct-group/input-0-r1
+ >=acct-group/kvm-0-r1
+ >=acct-group/lp-0-r1
+ >=acct-group/render-0-r1
+ acct-group/sgx
+ >=acct-group/tape-0-r1
+ acct-group/users
+ >=acct-group/video-0-r1
+ >=acct-group/systemd-journal-0-r1
+ >=acct-user/root-0-r1
+ acct-user/nobody
+ >=acct-user/systemd-journal-remote-0-r1
+ >=acct-user/systemd-coredump-0-r1
+ >=acct-user/systemd-network-0-r1
+ acct-user/systemd-oom
+ >=acct-user/systemd-resolve-0-r1
+ >=acct-user/systemd-timesync-0-r1
+ >=sys-apps/baselayout-2.2
+ boot? (
+ ${PYTHON_DEPS}
+ $(python_gen_cond_dep "${PEFILE_DEPEND}")
+ )
+ selinux? (
+ sec-policy/selinux-base-policy[systemd]
+ sec-policy/selinux-ntp
+ )
+ sysv-utils? (
+ !sys-apps/openrc[sysv-utils(-)]
+ !sys-apps/sysvinit
+ )
+ !sysv-utils? ( sys-apps/sysvinit )
+ resolvconf? ( !net-dns/openresolv )
+ !sys-apps/hwids[udev]
+ !sys-auth/nss-myhostname
+ !sys-fs/eudev
+ !sys-fs/udev
+"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+ >=sys-fs/udev-init-scripts-34
+ policykit? ( sys-auth/polkit )
+ !vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+BDEPEND="
+ app-arch/xz-utils:0
+ dev-util/gperf
+ >=dev-util/meson-0.46
+ >=sys-apps/coreutils-8.16
+ sys-devel/gettext
+ virtual/pkgconfig
+ test? (
+ app-text/tree
+ dev-lang/perl
+ sys-apps/dbus
+ )
+ app-text/docbook-xml-dtd:4.2
+ app-text/docbook-xml-dtd:4.5
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt:0
+ ${PYTHON_DEPS}
+ $(python_gen_cond_dep "
+ dev-python/jinja[\${PYTHON_USEDEP}]
+ dev-python/lxml[\${PYTHON_USEDEP}]
+ boot? (
+ dev-python/pyelftools[\${PYTHON_USEDEP}]
+ test? ( ${PEFILE_DEPEND} )
+ )
+ ")
+"
+
+QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
+QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
+
+pkg_pretend() {
+ if [[ ${MERGE_TYPE} != buildonly ]]; then
+ if use test && has pid-sandbox ${FEATURES}; then
+ ewarn "Tests are known to fail with PID sandboxing enabled."
+ ewarn "See https://bugs.gentoo.org/674458."
+ fi
+
+ local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
+ ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+ ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+ ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
+ ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+ ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+ ~!SYSFS_DEPRECATED_V2"
+
+ use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+ use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+
+ if kernel_is -ge 5 10 20; then
+ CONFIG_CHECK+=" ~KCMP"
+ else
+ CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
+ fi
+
+ if kernel_is -ge 4 18; then
+ CONFIG_CHECK+=" ~AUTOFS_FS"
+ else
+ CONFIG_CHECK+=" ~AUTOFS4_FS"
+ fi
+
+ if linux_config_exists; then
+ local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+ if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+ ewarn "It's recommended to set an empty value to the following kernel config option:"
+ ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+ fi
+ if linux_chkconfig_present X86; then
+ CONFIG_CHECK+=" ~DMIID"
+ fi
+ fi
+
+ if kernel_is -lt ${MINKV//./ }; then
+ ewarn "Kernel version at least ${MINKV} required"
+ fi
+
+ check_extra_config
+ fi
+}
+
+pkg_setup() {
+ use boot && secureboot_pkg_setup
+}
+
+src_unpack() {
+ default
+ [[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+ local PATCHES=(
+ "${FILESDIR}/systemd-253-initrd-generators.patch"
+ "${FILESDIR}/systemd-254-dt_relr.patch"
+ "${FILESDIR}/systemd-254-varlink-allocate-heap.patch"
+ "${FILESDIR}/systemd-254-tmpfiles-udev.patch"
+ )
+
+ if ! use vanilla; then
+ PATCHES+=(
+ "${FILESDIR}/gentoo-generator-path-r2.patch"
+ "${FILESDIR}/gentoo-journald-audit-r1.patch"
+ )
+ fi
+
+ # Fails with split-usr.
+ sed -i -e '2i exit 77' test/test-rpm-macros.sh || die
+
+ default
+}
+
+src_configure() {
+ # Prevent conflicts with i686 cross toolchain, bug 559726
+ tc-export AR CC NM OBJCOPY RANLIB
+
+ python_setup
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=(
+ --localstatedir="${EPREFIX}/var"
+ -Dsupport-url="https://gentoo.org/support/"
+ -Dpamlibdir="$(getpam_mod_dir)"
+ # avoid bash-completion dep
+ -Dbashcompletiondir="$(get_bashcompdir)"
+ $(meson_use split-usr)
+ $(meson_use split-usr split-bin)
+ -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
+ -Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
+ # Disable compatibility with sysvinit
+ -Dsysvinit-path=
+ -Dsysvrcnd-path=
+ # Avoid infinite exec recursion, bug 642724
+ -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+ # no deps
+ -Dima=true
+ -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
+ # Optional components/dependencies
+ $(meson_native_use_bool acl)
+ $(meson_native_use_bool apparmor)
+ $(meson_native_use_bool audit)
+ $(meson_native_use_bool boot bootloader)
+ $(meson_native_use_bool cryptsetup libcryptsetup)
+ $(meson_native_use_bool curl libcurl)
+ $(meson_native_use_bool dns-over-tls dns-over-tls)
+ $(meson_native_use_bool elfutils)
+ $(meson_native_use_bool fido2 libfido2)
+ $(meson_use gcrypt)
+ $(meson_native_use_bool gnutls)
+ $(meson_native_use_bool homed)
+ $(meson_native_use_bool http microhttpd)
+ $(meson_native_use_bool idn)
+ $(meson_native_use_bool importd)
+ $(meson_native_use_bool importd bzip2)
+ $(meson_native_use_bool importd zlib)
+ $(meson_native_use_bool kmod)
+ $(meson_use lz4)
+ $(meson_use lzma xz)
+ $(meson_use test tests)
+ $(meson_use zstd)
+ $(meson_native_use_bool iptables libiptc)
+ $(meson_native_use_bool openssl)
+ $(meson_use pam)
+ $(meson_native_use_bool pkcs11 p11kit)
+ $(meson_native_use_bool pcre pcre2)
+ $(meson_native_use_bool policykit polkit)
+ $(meson_native_use_bool pwquality)
+ $(meson_native_use_bool qrcode qrencode)
+ $(meson_native_use_bool seccomp)
+ $(meson_native_use_bool selinux)
+ $(meson_native_use_bool tpm tpm2)
+ $(meson_native_use_bool test dbus)
+ $(meson_native_use_bool xkb xkbcommon)
+ -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+ # Breaks screen, tmux, etc.
+ -Ddefault-kill-user-processes=false
+ -Dcreate-log-dirs=false
+
+ # multilib options
+ $(meson_native_true backlight)
+ $(meson_native_true binfmt)
+ $(meson_native_true coredump)
+ $(meson_native_true environment-d)
+ $(meson_native_true firstboot)
+ $(meson_native_true hibernate)
+ $(meson_native_true hostnamed)
+ $(meson_native_true ldconfig)
+ $(meson_native_true localed)
+ $(meson_native_true man)
+ $(meson_native_true networkd)
+ $(meson_native_true quotacheck)
+ $(meson_native_true randomseed)
+ $(meson_native_true rfkill)
+ $(meson_native_true sysusers)
+ $(meson_native_true timedated)
+ $(meson_native_true timesyncd)
+ $(meson_native_true tmpfiles)
+ $(meson_native_true vconsole)
+ )
+
+ meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_test() {
+ unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
+ local -x COLUMNS=80
+ meson_src_test
+}
+
+multilib_src_install_all() {
+ local rootprefix=$(usex split-usr '' /usr)
+ local sbin=$(usex split-usr sbin bin)
+
+ # meson doesn't know about docdir
+ mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
+
+ einstalldocs
+ dodoc "${FILESDIR}"/nsswitch.conf
+
+ insinto /usr/lib/tmpfiles.d
+ doins "${FILESDIR}"/legacy.conf
+
+ if ! use resolvconf; then
+ rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die
+ fi
+
+ if ! use sysv-utils; then
+ rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die
+ rm "${ED}"/usr/share/man/man1/init.1 || die
+ rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
+ fi
+
+ # https://bugs.gentoo.org/761763
+ rm -r "${ED}"/usr/lib/sysusers.d || die
+
+ # Preserve empty dirs in /etc & /var, bug #437008
+ keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+ keepdir /etc/kernel/install.d
+ keepdir /etc/systemd/{network,system,user}
+ keepdir /etc/udev/rules.d
+
+ keepdir /etc/udev/hwdb.d
+
+ keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
+ keepdir /usr/lib/{binfmt.d,modules-load.d}
+ keepdir /usr/lib/systemd/user-generators
+ keepdir /var/lib/systemd
+ keepdir /var/log/journal
+
+ if use pam; then
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
+
+ if use split-usr; then
+ # Avoid breaking boot/reboot
+ dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
+ dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
+ fi
+
+ gen_usr_ldscript -a systemd udev
+
+ if use boot; then
+ python_fix_shebang "${ED}"
+ secureboot_auto_sign
+ fi
+}
+
+migrate_locale() {
+ local envd_locale_def="${EROOT}/etc/env.d/02locale"
+ local envd_locale=( "${EROOT}"/etc/env.d/??locale )
+ local locale_conf="${EROOT}/etc/locale.conf"
+
+ if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+ # If locale.conf does not exist...
+ if [[ -e ${envd_locale} ]]; then
+ # ...either copy env.d/??locale if there's one
+ ebegin "Moving ${envd_locale} to ${locale_conf}"
+ mv "${envd_locale}" "${locale_conf}"
+ eend ${?} || FAIL=1
+ else
+ # ...or create a dummy default
+ ebegin "Creating ${locale_conf}"
+ cat > "${locale_conf}" <<-EOF
+ # This file has been created by the sys-apps/systemd ebuild.
+ # See locale.conf(5) and localectl(1).
+
+ # LANG=${LANG}
+ EOF
+ eend ${?} || FAIL=1
+ fi
+ fi
+
+ if [[ ! -L ${envd_locale} ]]; then
+ # now, if env.d/??locale is not a symlink (to locale.conf)...
+ if [[ -e ${envd_locale} ]]; then
+ # ...warn the user that he has duplicate locale settings
+ ewarn
+ ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+ ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+ ewarn "and create the symlink with the following command:"
+ ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+ ewarn
+ else
+ # ...or just create the symlink if there's nothing here
+ ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+ ln -n -s ../locale.conf "${envd_locale_def}"
+ eend ${?} || FAIL=1
+ fi
+ fi
+}
+
+pkg_preinst() {
+ if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
+ # Symlink /etc/sysctl.conf for easy migration.
+ dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
+ fi
+
+ if ! use split-usr; then
+ local dir
+ for dir in bin sbin lib usr/sbin; do
+ if [[ ! -L ${EROOT}/${dir} ]]; then
+ eerror "'${EROOT}/${dir}' is not a symbolic link."
+ FAIL=1
+ fi
+ done
+ if [[ ${FAIL} ]]; then
+ eerror "Migration to system layout with merged directories must be performed before"
+ eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
+ die "System layout with split directories still used"
+ fi
+ fi
+ if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
+ ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
+ ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
+ fi
+}
+
+pkg_postinst() {
+ systemd_update_catalog
+
+ # Keep this here in case the database format changes so it gets updated
+ # when required.
+ systemd-hwdb --root="${ROOT}" update
+
+ udev_reload || FAIL=1
+
+ # Bug 465468, make sure locales are respected, and ensure consistency
+ # between OpenRC & systemd
+ migrate_locale
+
+ if [[ -z ${REPLACING_VERSIONS} ]]; then
+ if type systemctl &>/dev/null; then
+ systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
+ fi
+ elog "To enable a useful set of services, run the following:"
+ elog " systemctl preset-all --preset-mode=enable-only"
+ fi
+
+ if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
+ rm "${EROOT}/var/lib/systemd/timesync"
+ fi
+
+ if [[ ${FAIL} ]]; then
+ eerror "One of the postinst commands failed. Please check the postinst output"
+ eerror "for errors. You may need to clean up your system and/or try installing"
+ eerror "systemd again."
+ eerror
+ fi
+}
+
+pkg_prerm() {
+ # If removing systemd completely, remove the catalog database.
+ if [[ ! ${REPLACED_BY_VERSION} ]]; then
+ rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+ fi
+}
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2023-08-02 21:14 Sam James
0 siblings, 0 replies; 65+ messages in thread
From: Sam James @ 2023-08-02 21:14 UTC (permalink / raw
To: gentoo-commits
commit: ceaeadb34ca8a6b72f2da8131dcf69ee24d63324
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 2 21:10:54 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Aug 2 21:14:08 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ceaeadb3
sys-apps/systemd: backport nss-resolve fix
Closes: https://bugs.gentoo.org/911583
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../files/systemd-254-varlink-allocate-heap.patch | 40 ++
sys-apps/systemd/systemd-254-r1.ebuild | 527 +++++++++++++++++++++
2 files changed, 567 insertions(+)
diff --git a/sys-apps/systemd/files/systemd-254-varlink-allocate-heap.patch b/sys-apps/systemd/files/systemd-254-varlink-allocate-heap.patch
new file mode 100644
index 000000000000..85f306a175f3
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-254-varlink-allocate-heap.patch
@@ -0,0 +1,40 @@
+https://bugs.gentoo.org/911583
+https://github.com/systemd/systemd/issues/28635
+https://github.com/systemd/systemd/commit/b456f2266afd839f8817235475e57c38e9d76dc9
+
+From b456f2266afd839f8817235475e57c38e9d76dc9 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Wed, 2 Aug 2023 14:55:50 +0200
+Subject: [PATCH] varlink: allocate the buffer for varlink FDs on the heap
+
+Since it's ~16K, which might cause issues in environments with limited
+stack space.
+
+Resolves: #28635
+--- a/src/shared/varlink.c
++++ b/src/shared/varlink.c
+@@ -633,7 +633,7 @@ static int varlink_write(Varlink *v) {
+ #define VARLINK_FDS_MAX (16U*1024U)
+
+ static int varlink_read(Varlink *v) {
+- CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(int) * VARLINK_FDS_MAX)) control;
++ _cleanup_free_ struct cmsghdr *cmsg_fds = NULL;
+ struct iovec iov;
+ struct msghdr mh;
+ size_t rs;
+@@ -690,9 +690,13 @@ static int varlink_read(Varlink *v) {
+ mh = (struct msghdr) {
+ .msg_iov = &iov,
+ .msg_iovlen = 1,
+- .msg_control = &control,
+- .msg_controllen = sizeof(control),
+ };
++
++ mh.msg_controllen = CMSG_SPACE(sizeof(int) * VARLINK_FDS_MAX);
++ mh.msg_control = cmsg_fds = malloc(mh.msg_controllen);
++ if (!cmsg_fds)
++ return -ENOMEM;
++
+ n = recvmsg_safe(v->fd, &mh, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
+ } else {
+ bool prefer_read = v->prefer_read_write;
diff --git a/sys-apps/systemd/systemd-254-r1.ebuild b/sys-apps/systemd/systemd-254-r1.ebuild
new file mode 100644
index 000000000000..3ea2cd6d62b0
--- /dev/null
+++ b/sys-apps/systemd/systemd-254-r1.ebuild
@@ -0,0 +1,527 @@
+# Copyright 2011-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+PYTHON_COMPAT=( python3_{10..11} )
+
+# Avoid QA warnings
+TMPFILES_OPTIONAL=1
+UDEV_OPTIONAL=1
+
+QA_PKGCONFIG_VERSION=$(ver_cut 1)
+
+if [[ ${PV} == 9999 ]]; then
+ EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+ inherit git-r3
+else
+ if [[ ${PV} == *.* ]]; then
+ MY_PN=systemd-stable
+ else
+ MY_PN=systemd
+ fi
+ MY_PV=${PV/_/-}
+ MY_P=${MY_PN}-${MY_PV}
+ S=${WORKDIR}/${MY_P}
+ SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+fi
+
+inherit bash-completion-r1 linux-info meson-multilib pam python-single-r1
+inherit secureboot systemd toolchain-funcs udev usr-ldscript
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="http://systemd.io/"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="
+ acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
+ fido2 +gcrypt gnutls homed http idn importd iptables +kmod
+ +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
+ +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd
+"
+REQUIRED_USE="
+ ${PYTHON_REQUIRED_USE}
+ dns-over-tls? ( || ( gnutls openssl ) )
+ fido2? ( cryptsetup openssl )
+ homed? ( cryptsetup pam openssl )
+ importd? ( curl lzma || ( gcrypt openssl ) )
+ pwquality? ( homed )
+"
+RESTRICT="!test? ( test )"
+
+MINKV="4.15"
+
+COMMON_DEPEND="
+ >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+ sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+ virtual/libcrypt:=[${MULTILIB_USEDEP}]
+ acl? ( sys-apps/acl:0= )
+ apparmor? ( sys-libs/libapparmor:0= )
+ audit? ( >=sys-process/audit-2:0= )
+ cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
+ curl? ( net-misc/curl:0= )
+ elfutils? ( >=dev-libs/elfutils-0.158:0= )
+ fido2? ( dev-libs/libfido2:0= )
+ gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+ gnutls? ( >=net-libs/gnutls-3.6.0:0= )
+ http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
+ idn? ( net-dns/libidn2:= )
+ importd? (
+ app-arch/bzip2:0=
+ sys-libs/zlib:0=
+ )
+ kmod? ( >=sys-apps/kmod-15:0= )
+ lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+ iptables? ( net-firewall/iptables:0= )
+ openssl? ( >=dev-libs/openssl-1.1.0:0= )
+ pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
+ pkcs11? ( app-crypt/p11-kit:0= )
+ pcre? ( dev-libs/libpcre2 )
+ pwquality? ( dev-libs/libpwquality:0= )
+ qrcode? ( media-gfx/qrencode:0= )
+ seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+ selinux? ( sys-libs/libselinux:0= )
+ tpm? ( app-crypt/tpm2-tss:0= )
+ xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
+ zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
+"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+ >=sys-kernel/linux-headers-${MINKV}
+"
+
+PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+ >=acct-group/adm-0-r1
+ >=acct-group/wheel-0-r1
+ >=acct-group/kmem-0-r1
+ >=acct-group/tty-0-r1
+ >=acct-group/utmp-0-r1
+ >=acct-group/audio-0-r1
+ >=acct-group/cdrom-0-r1
+ >=acct-group/dialout-0-r1
+ >=acct-group/disk-0-r1
+ >=acct-group/input-0-r1
+ >=acct-group/kvm-0-r1
+ >=acct-group/lp-0-r1
+ >=acct-group/render-0-r1
+ acct-group/sgx
+ >=acct-group/tape-0-r1
+ acct-group/users
+ >=acct-group/video-0-r1
+ >=acct-group/systemd-journal-0-r1
+ >=acct-user/root-0-r1
+ acct-user/nobody
+ >=acct-user/systemd-journal-remote-0-r1
+ >=acct-user/systemd-coredump-0-r1
+ >=acct-user/systemd-network-0-r1
+ acct-user/systemd-oom
+ >=acct-user/systemd-resolve-0-r1
+ >=acct-user/systemd-timesync-0-r1
+ >=sys-apps/baselayout-2.2
+ boot? (
+ ${PYTHON_DEPS}
+ $(python_gen_cond_dep "${PEFILE_DEPEND}")
+ )
+ selinux? (
+ sec-policy/selinux-base-policy[systemd]
+ sec-policy/selinux-ntp
+ )
+ sysv-utils? (
+ !sys-apps/openrc[sysv-utils(-)]
+ !sys-apps/sysvinit
+ )
+ !sysv-utils? ( sys-apps/sysvinit )
+ resolvconf? ( !net-dns/openresolv )
+ !sys-apps/hwids[udev]
+ !sys-auth/nss-myhostname
+ !sys-fs/eudev
+ !sys-fs/udev
+"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+ >=sys-fs/udev-init-scripts-34
+ policykit? ( sys-auth/polkit )
+ !vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+BDEPEND="
+ app-arch/xz-utils:0
+ dev-util/gperf
+ >=dev-util/meson-0.46
+ >=sys-apps/coreutils-8.16
+ sys-devel/gettext
+ virtual/pkgconfig
+ test? (
+ app-text/tree
+ dev-lang/perl
+ sys-apps/dbus
+ )
+ app-text/docbook-xml-dtd:4.2
+ app-text/docbook-xml-dtd:4.5
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt:0
+ ${PYTHON_DEPS}
+ $(python_gen_cond_dep "
+ dev-python/jinja[\${PYTHON_USEDEP}]
+ dev-python/lxml[\${PYTHON_USEDEP}]
+ boot? (
+ dev-python/pyelftools[\${PYTHON_USEDEP}]
+ test? ( ${PEFILE_DEPEND} )
+ )
+ ")
+"
+
+QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
+QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
+
+pkg_pretend() {
+ if [[ ${MERGE_TYPE} != buildonly ]]; then
+ if use test && has pid-sandbox ${FEATURES}; then
+ ewarn "Tests are known to fail with PID sandboxing enabled."
+ ewarn "See https://bugs.gentoo.org/674458."
+ fi
+
+ local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
+ ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+ ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+ ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
+ ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+ ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+ ~!SYSFS_DEPRECATED_V2"
+
+ use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+ use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+
+ if kernel_is -ge 5 10 20; then
+ CONFIG_CHECK+=" ~KCMP"
+ else
+ CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
+ fi
+
+ if kernel_is -ge 4 18; then
+ CONFIG_CHECK+=" ~AUTOFS_FS"
+ else
+ CONFIG_CHECK+=" ~AUTOFS4_FS"
+ fi
+
+ if linux_config_exists; then
+ local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+ if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+ ewarn "It's recommended to set an empty value to the following kernel config option:"
+ ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+ fi
+ if linux_chkconfig_present X86; then
+ CONFIG_CHECK+=" ~DMIID"
+ fi
+ fi
+
+ if kernel_is -lt ${MINKV//./ }; then
+ ewarn "Kernel version at least ${MINKV} required"
+ fi
+
+ check_extra_config
+ fi
+}
+
+pkg_setup() {
+ use boot && secureboot_pkg_setup
+}
+
+src_unpack() {
+ default
+ [[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+ local PATCHES=(
+ "${FILESDIR}/systemd-253-initrd-generators.patch"
+ "${FILESDIR}/systemd-254-dt_relr.patch"
+ "${FILESDIR}/systemd-254-varlink-allocate-heap.patch"
+ )
+
+ if ! use vanilla; then
+ PATCHES+=(
+ "${FILESDIR}/gentoo-generator-path-r2.patch"
+ "${FILESDIR}/gentoo-journald-audit-r1.patch"
+ )
+ fi
+
+ # Fails with split-usr.
+ sed -i -e '2i exit 77' test/test-rpm-macros.sh || die
+
+ default
+}
+
+src_configure() {
+ # Prevent conflicts with i686 cross toolchain, bug 559726
+ tc-export AR CC NM OBJCOPY RANLIB
+
+ python_setup
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=(
+ --localstatedir="${EPREFIX}/var"
+ -Dsupport-url="https://gentoo.org/support/"
+ -Dpamlibdir="$(getpam_mod_dir)"
+ # avoid bash-completion dep
+ -Dbashcompletiondir="$(get_bashcompdir)"
+ $(meson_use split-usr)
+ $(meson_use split-usr split-bin)
+ -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
+ -Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
+ # Disable compatibility with sysvinit
+ -Dsysvinit-path=
+ -Dsysvrcnd-path=
+ # Avoid infinite exec recursion, bug 642724
+ -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+ # no deps
+ -Dima=true
+ -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
+ # Optional components/dependencies
+ $(meson_native_use_bool acl)
+ $(meson_native_use_bool apparmor)
+ $(meson_native_use_bool audit)
+ $(meson_native_use_bool boot bootloader)
+ $(meson_native_use_bool cryptsetup libcryptsetup)
+ $(meson_native_use_bool curl libcurl)
+ $(meson_native_use_bool dns-over-tls dns-over-tls)
+ $(meson_native_use_bool elfutils)
+ $(meson_native_use_bool fido2 libfido2)
+ $(meson_use gcrypt)
+ $(meson_native_use_bool gnutls)
+ $(meson_native_use_bool homed)
+ $(meson_native_use_bool http microhttpd)
+ $(meson_native_use_bool idn)
+ $(meson_native_use_bool importd)
+ $(meson_native_use_bool importd bzip2)
+ $(meson_native_use_bool importd zlib)
+ $(meson_native_use_bool kmod)
+ $(meson_use lz4)
+ $(meson_use lzma xz)
+ $(meson_use test tests)
+ $(meson_use zstd)
+ $(meson_native_use_bool iptables libiptc)
+ $(meson_native_use_bool openssl)
+ $(meson_use pam)
+ $(meson_native_use_bool pkcs11 p11kit)
+ $(meson_native_use_bool pcre pcre2)
+ $(meson_native_use_bool policykit polkit)
+ $(meson_native_use_bool pwquality)
+ $(meson_native_use_bool qrcode qrencode)
+ $(meson_native_use_bool seccomp)
+ $(meson_native_use_bool selinux)
+ $(meson_native_use_bool tpm tpm2)
+ $(meson_native_use_bool test dbus)
+ $(meson_native_use_bool xkb xkbcommon)
+ -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+ # Breaks screen, tmux, etc.
+ -Ddefault-kill-user-processes=false
+ -Dcreate-log-dirs=false
+
+ # multilib options
+ $(meson_native_true backlight)
+ $(meson_native_true binfmt)
+ $(meson_native_true coredump)
+ $(meson_native_true environment-d)
+ $(meson_native_true firstboot)
+ $(meson_native_true hibernate)
+ $(meson_native_true hostnamed)
+ $(meson_native_true ldconfig)
+ $(meson_native_true localed)
+ $(meson_native_true man)
+ $(meson_native_true networkd)
+ $(meson_native_true quotacheck)
+ $(meson_native_true randomseed)
+ $(meson_native_true rfkill)
+ $(meson_native_true sysusers)
+ $(meson_native_true timedated)
+ $(meson_native_true timesyncd)
+ $(meson_native_true tmpfiles)
+ $(meson_native_true vconsole)
+ )
+
+ meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_test() {
+ unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
+ local -x COLUMNS=80
+ meson_src_test
+}
+
+multilib_src_install_all() {
+ local rootprefix=$(usex split-usr '' /usr)
+ local sbin=$(usex split-usr sbin bin)
+
+ # meson doesn't know about docdir
+ mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
+
+ einstalldocs
+ dodoc "${FILESDIR}"/nsswitch.conf
+
+ insinto /usr/lib/tmpfiles.d
+ doins "${FILESDIR}"/legacy.conf
+
+ if ! use resolvconf; then
+ rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die
+ fi
+
+ if ! use sysv-utils; then
+ rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die
+ rm "${ED}"/usr/share/man/man1/init.1 || die
+ rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
+ fi
+
+ # https://bugs.gentoo.org/761763
+ rm -r "${ED}"/usr/lib/sysusers.d || die
+
+ # Preserve empty dirs in /etc & /var, bug #437008
+ keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+ keepdir /etc/kernel/install.d
+ keepdir /etc/systemd/{network,system,user}
+ keepdir /etc/udev/rules.d
+
+ keepdir /etc/udev/hwdb.d
+
+ keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
+ keepdir /usr/lib/{binfmt.d,modules-load.d}
+ keepdir /usr/lib/systemd/user-generators
+ keepdir /var/lib/systemd
+ keepdir /var/log/journal
+
+ if use pam; then
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
+
+ if use split-usr; then
+ # Avoid breaking boot/reboot
+ dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
+ dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
+ fi
+
+ gen_usr_ldscript -a systemd udev
+
+ if use boot; then
+ python_fix_shebang "${ED}"
+ secureboot_auto_sign
+ fi
+}
+
+migrate_locale() {
+ local envd_locale_def="${EROOT}/etc/env.d/02locale"
+ local envd_locale=( "${EROOT}"/etc/env.d/??locale )
+ local locale_conf="${EROOT}/etc/locale.conf"
+
+ if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+ # If locale.conf does not exist...
+ if [[ -e ${envd_locale} ]]; then
+ # ...either copy env.d/??locale if there's one
+ ebegin "Moving ${envd_locale} to ${locale_conf}"
+ mv "${envd_locale}" "${locale_conf}"
+ eend ${?} || FAIL=1
+ else
+ # ...or create a dummy default
+ ebegin "Creating ${locale_conf}"
+ cat > "${locale_conf}" <<-EOF
+ # This file has been created by the sys-apps/systemd ebuild.
+ # See locale.conf(5) and localectl(1).
+
+ # LANG=${LANG}
+ EOF
+ eend ${?} || FAIL=1
+ fi
+ fi
+
+ if [[ ! -L ${envd_locale} ]]; then
+ # now, if env.d/??locale is not a symlink (to locale.conf)...
+ if [[ -e ${envd_locale} ]]; then
+ # ...warn the user that he has duplicate locale settings
+ ewarn
+ ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+ ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+ ewarn "and create the symlink with the following command:"
+ ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+ ewarn
+ else
+ # ...or just create the symlink if there's nothing here
+ ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+ ln -n -s ../locale.conf "${envd_locale_def}"
+ eend ${?} || FAIL=1
+ fi
+ fi
+}
+
+pkg_preinst() {
+ if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
+ # Symlink /etc/sysctl.conf for easy migration.
+ dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
+ fi
+
+ if ! use split-usr; then
+ local dir
+ for dir in bin sbin lib usr/sbin; do
+ if [[ ! -L ${EROOT}/${dir} ]]; then
+ eerror "'${EROOT}/${dir}' is not a symbolic link."
+ FAIL=1
+ fi
+ done
+ if [[ ${FAIL} ]]; then
+ eerror "Migration to system layout with merged directories must be performed before"
+ eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
+ die "System layout with split directories still used"
+ fi
+ fi
+ if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
+ ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
+ ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
+ fi
+}
+
+pkg_postinst() {
+ systemd_update_catalog
+
+ # Keep this here in case the database format changes so it gets updated
+ # when required.
+ systemd-hwdb --root="${ROOT}" update
+
+ udev_reload || FAIL=1
+
+ # Bug 465468, make sure locales are respected, and ensure consistency
+ # between OpenRC & systemd
+ migrate_locale
+
+ if [[ -z ${REPLACING_VERSIONS} ]]; then
+ if type systemctl &>/dev/null; then
+ systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
+ fi
+ elog "To enable a useful set of services, run the following:"
+ elog " systemctl preset-all --preset-mode=enable-only"
+ fi
+
+ if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
+ rm "${EROOT}/var/lib/systemd/timesync"
+ fi
+
+ if [[ ${FAIL} ]]; then
+ eerror "One of the postinst commands failed. Please check the postinst output"
+ eerror "for errors. You may need to clean up your system and/or try installing"
+ eerror "systemd again."
+ eerror
+ fi
+}
+
+pkg_prerm() {
+ # If removing systemd completely, remove the catalog database.
+ if [[ ! ${REPLACED_BY_VERSION} ]]; then
+ rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+ fi
+}
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2023-07-27 22:55 Sam James
0 siblings, 0 replies; 65+ messages in thread
From: Sam James @ 2023-07-27 22:55 UTC (permalink / raw
To: gentoo-commits
commit: 0d124f17782d4b6a9e07a2a1bebc5f723e2efac6
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jul 27 22:53:10 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jul 27 22:54:48 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0d124f17
sys-apps/systemd: fix DT_RELR build w/ USE=boot
Closes: https://bugs.gentoo.org/910570
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-apps/systemd/files/systemd-254-dt_relr.patch | 26 ++++++++++++++++++++++++
sys-apps/systemd/systemd-254_rc3.ebuild | 1 +
2 files changed, 27 insertions(+)
diff --git a/sys-apps/systemd/files/systemd-254-dt_relr.patch b/sys-apps/systemd/files/systemd-254-dt_relr.patch
new file mode 100644
index 000000000000..9adfc11c1dd3
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-254-dt_relr.patch
@@ -0,0 +1,26 @@
+https://bugs.gentoo.org/910570
+https://github.com/systemd/systemd/issues/28520
+https://github.com/systemd/systemd/commit/eff91e2f3863f9e176b383e5c54741c64ca7a636
+
+From eff91e2f3863f9e176b383e5c54741c64ca7a636 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <bluca@debian.org>
+Date: Wed, 26 Jul 2023 11:29:57 +0100
+Subject: [PATCH] efi: link with -z nopack-relative-relocs
+
+elf2efi.py cannot handle DT_RELR relocations, so disable it
+if we can
+
+Fixes https://github.com/systemd/systemd/issues/28520
+--- a/src/boot/efi/meson.build
++++ b/src/boot/efi/meson.build
+@@ -174,6 +174,10 @@ efi_c_ld_args = [
+ '-T' + elf2efi_lds,
+ ]
+
++# On CentOS 8 the nopack-relative-relocs linker flag is not supported, and we get:
++# /usr/bin/ld.bfd: warning: -z nopack-relative-relocs ignored
++efi_c_ld_args += cc.get_supported_link_arguments('-Wl,-z,nopack-relative-relocs')
++
+ # efi_c_args is explicitly passed to targets so that they can override distro-provided flags
+ # that should not be used for EFI binaries.
+ efi_disabled_c_args = cc.get_supported_arguments(
diff --git a/sys-apps/systemd/systemd-254_rc3.ebuild b/sys-apps/systemd/systemd-254_rc3.ebuild
index 494249a2edd6..1333d2cd88f7 100644
--- a/sys-apps/systemd/systemd-254_rc3.ebuild
+++ b/sys-apps/systemd/systemd-254_rc3.ebuild
@@ -241,6 +241,7 @@ src_unpack() {
src_prepare() {
local PATCHES=(
"${FILESDIR}/systemd-253-initrd-generators.patch"
+ "${FILESDIR}/systemd-254-dt_relr.patch"
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2023-02-26 19:27 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2023-02-26 19:27 UTC (permalink / raw
To: gentoo-commits
commit: bfebeda18b81d781f9dcf8d12c1adddefff6b9a4
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 26 19:26:29 2023 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Feb 26 19:27:02 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bfebeda1
sys-apps/systemd: work around dracut bug with LVM
Bug: https://bugs.gentoo.org/896364
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
.../files/systemd-253-initrd-generators.patch | 34 ++++++++++++++++++++++
.../{systemd-253.ebuild => systemd-253-r1.ebuild} | 1 +
2 files changed, 35 insertions(+)
diff --git a/sys-apps/systemd/files/systemd-253-initrd-generators.patch b/sys-apps/systemd/files/systemd-253-initrd-generators.patch
new file mode 100644
index 000000000000..60e7b29d7a1f
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-253-initrd-generators.patch
@@ -0,0 +1,34 @@
+https://bugs.gentoo.org/896364
+
+Workaround for bug in sys-kernel/dracut.
+
+From 6b25470ee28843a49c50442e9d8a98edc842ceca Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Mon, 20 Feb 2023 12:00:30 +0900
+Subject: [PATCH] core/manager: run generators directly when we are in initrd
+
+Some initrd system write files at ourside of /run, /etc, or other
+allowed places. This is a kind of workaround, but in most cases, such
+sandboxing is not necessary as the filesystem is on ramfs when we are in
+initrd.
+
+Fixes #26488.
+---
+ src/core/manager.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 7b394794b0d4..306477c6e6c2 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -3822,8 +3822,8 @@ static int manager_run_generators(Manager *m) {
+ /* If we are the system manager, we fork and invoke the generators in a sanitized mount namespace. If
+ * we are the user manager, let's just execute the generators directly. We might not have the
+ * necessary privileges, and the system manager has already mounted /tmp/ and everything else for us.
+- */
+- if (MANAGER_IS_USER(m)) {
++ * If we are in initrd, let's also execute the generators directly, as we are in ramfs. */
++ if (MANAGER_IS_USER(m) || in_initrd()) {
+ r = manager_execute_generators(m, paths, /* remount_ro= */ false);
+ goto finish;
+ }
diff --git a/sys-apps/systemd/systemd-253.ebuild b/sys-apps/systemd/systemd-253-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-253.ebuild
rename to sys-apps/systemd/systemd-253-r1.ebuild
index 77c9145b2914..cb638034f21f 100644
--- a/sys-apps/systemd/systemd-253.ebuild
+++ b/sys-apps/systemd/systemd-253-r1.ebuild
@@ -231,6 +231,7 @@ src_unpack() {
src_prepare() {
local PATCHES=(
+ "${FILESDIR}/systemd-253-initrd-generators.patch"
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2022-11-07 16:15 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2022-11-07 16:15 UTC (permalink / raw
To: gentoo-commits
commit: 83353a2bfaa32fa2a5988496eb99674f711849cd
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 7 16:14:40 2022 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Nov 7 16:14:40 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83353a2b
sys-apps/systemd: backport fix for meson-0.64
Bug: https://bugs.gentoo.org/879141
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-apps/systemd/files/251-meson-0.64.patch | 26 ++++++++++++++++++++++++++
sys-apps/systemd/systemd-251.7.ebuild | 1 +
2 files changed, 27 insertions(+)
diff --git a/sys-apps/systemd/files/251-meson-0.64.patch b/sys-apps/systemd/files/251-meson-0.64.patch
new file mode 100644
index 000000000000..6cc200bbd87d
--- /dev/null
+++ b/sys-apps/systemd/files/251-meson-0.64.patch
@@ -0,0 +1,26 @@
+From cddbc850270415a818aadabd71fe12dc0dddd508 Mon Sep 17 00:00:00 2001
+From: Jan Janssen <medhefgo@web.de>
+Date: Sun, 9 Oct 2022 17:16:12 +0200
+Subject: [PATCH] meson: Fix build with --optimization=plain
+
+Note that -O0 is deliberately filtered out as we have to compile with at
+least -O1 due to #24202.
+
+Fixes: #24323
+---
+ src/boot/efi/meson.build | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build
+index e0cd4ebad993..395386d3eda7 100644
+--- a/src/boot/efi/meson.build
++++ b/src/boot/efi/meson.build
+@@ -223,7 +223,7 @@ endif
+ if get_option('debug') and get_option('mode') == 'developer'
+ efi_cflags += ['-ggdb', '-DEFI_DEBUG']
+ endif
+-if get_option('optimization') != '0'
++if get_option('optimization') in ['1', '2', '3', 's', 'g']
+ efi_cflags += ['-O' + get_option('optimization')]
+ endif
+ if get_option('b_ndebug') == 'true' or (
diff --git a/sys-apps/systemd/systemd-251.7.ebuild b/sys-apps/systemd/systemd-251.7.ebuild
index de8a975e58e1..b08e49db559d 100644
--- a/sys-apps/systemd/systemd-251.7.ebuild
+++ b/sys-apps/systemd/systemd-251.7.ebuild
@@ -239,6 +239,7 @@ src_prepare() {
# bug #841770.
"${FILESDIR}/251-revert-fortify-source-3-fix.patch"
"${FILESDIR}/251-gpt-auto-no-cryptsetup.patch"
+ "${FILESDIR}/251-meson-0.64.patch"
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2022-10-19 18:13 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2022-10-19 18:13 UTC (permalink / raw
To: gentoo-commits
commit: fca805df7532779c8b3c312ffb7d15f019a8d642
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 19 18:12:45 2022 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Oct 19 18:13:27 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fca805df
sys-apps/systemd: add 252_rc2, drop 252_rc1
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-apps/systemd/Manifest | 2 +-
sys-apps/systemd/files/252-rc1-cryptsetup.patch | 226 ---------------------
...stemd-252_rc1.ebuild => systemd-252_rc2.ebuild} | 1 -
3 files changed, 1 insertion(+), 228 deletions(-)
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index a6bf7d23cced..b02fcebfbc4c 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,4 +1,4 @@
-DIST systemd-252-rc1.tar.gz 11718698 BLAKE2B 599c5c125c0fb0477ea71195491962db230cbaa2c610afbb14a475263f356f160a77ba7321f425cb6db837649ccbce971f80daaf5524ace03362777a71e7a9b5 SHA512 e249eb39da41aca1bc371c9e2b61f135227b0653e4e175c4c6453b0ca4e1cd50894c005d4ef267b5122af4f339cd9b5a4b90a98c4f84f998f96a7ca1ed637d28
+DIST systemd-252-rc2.tar.gz 11736313 BLAKE2B 58efe76846b034ec61136fe01f535b40aabc993ffee687d4a22a20d93a3952fd15e4ac46591934a441f4e74cffec29145f441d97a69a5c456e7a3caee92602cc SHA512 f67703dcd03b300cddc2e8bfbeb843ef66ba0b0c548973797a920c1bed9e3a14a740e08936f7d906141da714bccbae0d4fcb47a7ce13e69c8a2f17d7928e218c
DIST systemd-stable-251.4.tar.gz 11440203 BLAKE2B 58a0ee4adcc9d35b15b9cc98b3da81d1103b61a6c0bee722468a5113cd7d6de1d40c46ef964ba9ecc4746e81b516ae4b2f1d046874d62db066735c652592612e SHA512 7bbfadd80b88a4c3510a5e4e3572e4eab71dafbf6289da038e552988e09ee8da16da3c9bb8a4fbbde6c6236e0e3c352b0a33f9ee0b84f10241f3499383387738
DIST systemd-stable-251.5.tar.gz 11444428 BLAKE2B 96df35dae789b11ead1960e1139046972a29c41f74ca800e0fafd84e6a8c238f8d4a30e2991ee94e07e866bc0c3137774ee116f276ac1203cca85254ccf91913 SHA512 2c645a694d45a2670920115529c5f34001153dafe26e5c4e65f8d1a37922a351569d056fc002f1af72dfc173988f93e11893460f64b497e3d5fc339083dcb2fa
DIST systemd-stable-251.6.tar.gz 11448383 BLAKE2B 987ea88ea23662fd4119e3c796cc2e5f428fcce6cf0b033a5f8da7974c0026d41851f517e489354bbc22973b33c3932ac7280c56527f03a1fcbce3092148b638 SHA512 2da41ac7e939a893ada3ce682a6fe7dd326e8e0132221589da3d2b1d994e1a879118e0c6025f03351dac6567d754223a5f5401d64a5ca9256ab95512800370f8
diff --git a/sys-apps/systemd/files/252-rc1-cryptsetup.patch b/sys-apps/systemd/files/252-rc1-cryptsetup.patch
deleted file mode 100644
index 54b4ce1ea0aa..000000000000
--- a/sys-apps/systemd/files/252-rc1-cryptsetup.patch
+++ /dev/null
@@ -1,226 +0,0 @@
-From bbf73b00697e77ca35ae60109418da77f257be52 Mon Sep 17 00:00:00 2001
-From: Daan De Meyer <daan.j.demeyer@gmail.com>
-Date: Tue, 11 Oct 2022 20:35:34 +0200
-Subject: [PATCH 1/2] cryptsetup-util: Always define dlopen_cryptsetup()
-
----
- src/shared/cryptsetup-util.c | 118 ++++++++++++++++++-----------------
- src/shared/cryptsetup-util.h | 4 +-
- 2 files changed, 63 insertions(+), 59 deletions(-)
-
-diff --git a/src/shared/cryptsetup-util.c b/src/shared/cryptsetup-util.c
-index da6dcb2f093a..401e7a3f9c7d 100644
---- a/src/shared/cryptsetup-util.c
-+++ b/src/shared/cryptsetup-util.c
-@@ -50,63 +50,6 @@ int (*sym_crypt_token_max)(const char *type);
- crypt_token_info (*sym_crypt_token_status)(struct crypt_device *cd, int token, const char **type);
- int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size);
-
--int dlopen_cryptsetup(void) {
-- int r;
--
-- r = dlopen_many_sym_or_warn(
-- &cryptsetup_dl, "libcryptsetup.so.12", LOG_DEBUG,
-- DLSYM_ARG(crypt_activate_by_passphrase),
--#if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
-- DLSYM_ARG(crypt_activate_by_signed_key),
--#endif
-- DLSYM_ARG(crypt_activate_by_volume_key),
-- DLSYM_ARG(crypt_deactivate_by_name),
-- DLSYM_ARG(crypt_format),
-- DLSYM_ARG(crypt_free),
-- DLSYM_ARG(crypt_get_cipher),
-- DLSYM_ARG(crypt_get_cipher_mode),
-- DLSYM_ARG(crypt_get_data_offset),
-- DLSYM_ARG(crypt_get_device_name),
-- DLSYM_ARG(crypt_get_dir),
-- DLSYM_ARG(crypt_get_type),
-- DLSYM_ARG(crypt_get_uuid),
-- DLSYM_ARG(crypt_get_verity_info),
-- DLSYM_ARG(crypt_get_volume_key_size),
-- DLSYM_ARG(crypt_init),
-- DLSYM_ARG(crypt_init_by_name),
-- DLSYM_ARG(crypt_keyslot_add_by_volume_key),
-- DLSYM_ARG(crypt_keyslot_destroy),
-- DLSYM_ARG(crypt_keyslot_max),
-- DLSYM_ARG(crypt_load),
-- DLSYM_ARG(crypt_resize),
-- DLSYM_ARG(crypt_resume_by_passphrase),
-- DLSYM_ARG(crypt_set_data_device),
-- DLSYM_ARG(crypt_set_debug_level),
-- DLSYM_ARG(crypt_set_log_callback),
--#if HAVE_CRYPT_SET_METADATA_SIZE
-- DLSYM_ARG(crypt_set_metadata_size),
--#endif
-- DLSYM_ARG(crypt_set_pbkdf_type),
-- DLSYM_ARG(crypt_suspend),
-- DLSYM_ARG(crypt_token_json_get),
-- DLSYM_ARG(crypt_token_json_set),
--#if HAVE_CRYPT_TOKEN_MAX
-- DLSYM_ARG(crypt_token_max),
--#endif
-- DLSYM_ARG(crypt_token_status),
-- DLSYM_ARG(crypt_volume_key_get));
-- if (r <= 0)
-- return r;
--
-- /* Redirect the default logging calls of libcryptsetup to our own logging infra. (Note that
-- * libcryptsetup also maintains per-"struct crypt_device" log functions, which we'll also set
-- * whenever allocating a "struct crypt_device" context. Why set both? To be defensive: maybe some
-- * other code loaded into this process also changes the global log functions of libcryptsetup, who
-- * knows? And if so, we still want our own objects to log via our own infra, at the very least.) */
-- cryptsetup_enable_logging(NULL);
-- return 1;
--}
--
- static void cryptsetup_log_glue(int level, const char *msg, void *usrptr) {
-
- switch (level) {
-@@ -246,6 +189,67 @@ int cryptsetup_add_token_json(struct crypt_device *cd, JsonVariant *v) {
- }
- #endif
-
-+int dlopen_cryptsetup(void) {
-+#if HAVE_LIBCRYPTSETUP
-+ int r;
-+
-+ r = dlopen_many_sym_or_warn(
-+ &cryptsetup_dl, "libcryptsetup.so.12", LOG_DEBUG,
-+ DLSYM_ARG(crypt_activate_by_passphrase),
-+#if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
-+ DLSYM_ARG(crypt_activate_by_signed_key),
-+#endif
-+ DLSYM_ARG(crypt_activate_by_volume_key),
-+ DLSYM_ARG(crypt_deactivate_by_name),
-+ DLSYM_ARG(crypt_format),
-+ DLSYM_ARG(crypt_free),
-+ DLSYM_ARG(crypt_get_cipher),
-+ DLSYM_ARG(crypt_get_cipher_mode),
-+ DLSYM_ARG(crypt_get_data_offset),
-+ DLSYM_ARG(crypt_get_device_name),
-+ DLSYM_ARG(crypt_get_dir),
-+ DLSYM_ARG(crypt_get_type),
-+ DLSYM_ARG(crypt_get_uuid),
-+ DLSYM_ARG(crypt_get_verity_info),
-+ DLSYM_ARG(crypt_get_volume_key_size),
-+ DLSYM_ARG(crypt_init),
-+ DLSYM_ARG(crypt_init_by_name),
-+ DLSYM_ARG(crypt_keyslot_add_by_volume_key),
-+ DLSYM_ARG(crypt_keyslot_destroy),
-+ DLSYM_ARG(crypt_keyslot_max),
-+ DLSYM_ARG(crypt_load),
-+ DLSYM_ARG(crypt_resize),
-+ DLSYM_ARG(crypt_resume_by_passphrase),
-+ DLSYM_ARG(crypt_set_data_device),
-+ DLSYM_ARG(crypt_set_debug_level),
-+ DLSYM_ARG(crypt_set_log_callback),
-+#if HAVE_CRYPT_SET_METADATA_SIZE
-+ DLSYM_ARG(crypt_set_metadata_size),
-+#endif
-+ DLSYM_ARG(crypt_set_pbkdf_type),
-+ DLSYM_ARG(crypt_suspend),
-+ DLSYM_ARG(crypt_token_json_get),
-+ DLSYM_ARG(crypt_token_json_set),
-+#if HAVE_CRYPT_TOKEN_MAX
-+ DLSYM_ARG(crypt_token_max),
-+#endif
-+ DLSYM_ARG(crypt_token_status),
-+ DLSYM_ARG(crypt_volume_key_get));
-+ if (r <= 0)
-+ return r;
-+
-+ /* Redirect the default logging calls of libcryptsetup to our own logging infra. (Note that
-+ * libcryptsetup also maintains per-"struct crypt_device" log functions, which we'll also set
-+ * whenever allocating a "struct crypt_device" context. Why set both? To be defensive: maybe some
-+ * other code loaded into this process also changes the global log functions of libcryptsetup, who
-+ * knows? And if so, we still want our own objects to log via our own infra, at the very least.) */
-+ cryptsetup_enable_logging(NULL);
-+ return 1;
-+#else
-+ return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "cryptsetup support is not compiled in.");
-+#endif
-+}
-+
- int cryptsetup_get_keyslot_from_token(JsonVariant *v) {
- int keyslot, r;
- JsonVariant *w;
-diff --git a/src/shared/cryptsetup-util.h b/src/shared/cryptsetup-util.h
-index b1ce07ec8a50..b390dc9a5cbb 100644
---- a/src/shared/cryptsetup-util.h
-+++ b/src/shared/cryptsetup-util.h
-@@ -65,8 +65,6 @@ static inline int crypt_token_max(_unused_ const char *type) {
- extern crypt_token_info (*sym_crypt_token_status)(struct crypt_device *cd, int token, const char **type);
- extern int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size);
-
--int dlopen_cryptsetup(void);
--
- DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct crypt_device *, crypt_free, NULL);
- DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct crypt_device *, sym_crypt_free, NULL);
-
-@@ -91,6 +89,8 @@ static inline void sym_crypt_freep(struct crypt_device** cd) {}
-
- #endif
-
-+int dlopen_cryptsetup(void);
-+
- int cryptsetup_get_keyslot_from_token(JsonVariant *v);
-
- static inline const char *mangle_none(const char *s) {
-
-From 86bebe385f6e35ecec708e44dae2b896f5bfa770 Mon Sep 17 00:00:00 2001
-From: Daan De Meyer <daan.j.demeyer@gmail.com>
-Date: Tue, 11 Oct 2022 20:36:03 +0200
-Subject: [PATCH 2/2] repart: Always define VerityMode from/to string functions
-
----
- src/partition/repart.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/src/partition/repart.c b/src/partition/repart.c
-index a0f7d4164500..dd544d6415a9 100644
---- a/src/partition/repart.c
-+++ b/src/partition/repart.c
-@@ -255,12 +255,11 @@ static const char *verity_mode_table[_VERITY_MODE_MAX] = {
-
- #if HAVE_LIBCRYPTSETUP
- DEFINE_PRIVATE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(encrypt_mode, EncryptMode, ENCRYPT_KEY_FILE);
--DEFINE_PRIVATE_STRING_TABLE_LOOKUP(verity_mode, VerityMode);
- #else
- DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_BOOLEAN(encrypt_mode, EncryptMode, ENCRYPT_KEY_FILE);
--DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(verity_mode, VerityMode);
- #endif
-
-+DEFINE_PRIVATE_STRING_TABLE_LOOKUP(verity_mode, VerityMode);
-
- static uint64_t round_down_size(uint64_t v, uint64_t p) {
- return (v / p) * p;
-From 748367c72368031ca0ef32fadd394c4bcacc126a Mon Sep 17 00:00:00 2001
-From: David Seifert <soap@gentoo.org>
-Date: Wed, 12 Oct 2022 21:47:29 +0200
-Subject: [PATCH] gpt-auto: allow using without cryptsetup
-
-Fixes #24978
----
- src/gpt-auto-generator/gpt-auto-generator.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c
-index 31377d877d5c..5584eb22af1a 100644
---- a/src/gpt-auto-generator/gpt-auto-generator.c
-+++ b/src/gpt-auto-generator/gpt-auto-generator.c
-@@ -571,11 +571,15 @@ static int add_root_rw(DissectedPartition *p) {
-
- #if ENABLE_EFI
- static int add_root_cryptsetup(void) {
-+#if HAVE_LIBCRYPTSETUP
-
- /* If a device /dev/gpt-auto-root-luks appears, then make it pull in systemd-cryptsetup-root.service, which
- * sets it up, and causes /dev/gpt-auto-root to appear which is all we are looking for. */
-
- return add_cryptsetup("root", "/dev/gpt-auto-root-luks", true, false, NULL);
-+#else
-+ return 0;
-+#endif
- }
- #endif
-
diff --git a/sys-apps/systemd/systemd-252_rc1.ebuild b/sys-apps/systemd/systemd-252_rc2.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-252_rc1.ebuild
rename to sys-apps/systemd/systemd-252_rc2.ebuild
index 6d2654a50d90..2b38fab6fdb7 100644
--- a/sys-apps/systemd/systemd-252_rc1.ebuild
+++ b/sys-apps/systemd/systemd-252_rc2.ebuild
@@ -235,7 +235,6 @@ src_unpack() {
src_prepare() {
local PATCHES=(
- "${FILESDIR}/252-rc1-cryptsetup.patch"
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2022-05-21 22:23 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2022-05-21 22:23 UTC (permalink / raw
To: gentoo-commits
commit: c663204d5fb372f83ce48663ee06eed272ab6325
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat May 21 22:22:47 2022 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat May 21 22:23:31 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c663204d
sys-apps/systemd: drop 249.9, 249.11
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-apps/systemd/Manifest | 2 -
sys-apps/systemd/files/249.9-cross-compile.patch | 23 --
sys-apps/systemd/systemd-249.11.ebuild | 505 ----------------------
sys-apps/systemd/systemd-249.9.ebuild | 506 -----------------------
4 files changed, 1036 deletions(-)
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 7691df4ca36f..9b589c708f7e 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,5 +1,3 @@
DIST systemd-251.tar.gz 11431104 BLAKE2B da783d815adf244defc3c1ec8a788fffdff45215f5c2449c457e872ad89b8270caa3e48ecb696fa79eb1d79578ded3d098802fed0fc69a191ba2d7d6b120e068 SHA512 5a7116cfd99f7875334a1ce55a76ba1840a28b6500b02de82b879629768e10457efd8278024aa1ffefd43defe657284c4d51ab502ed3c7e6b63d5b6e0cc1f642
-DIST systemd-stable-249.11.tar.gz 10622702 BLAKE2B aa3a327ba8de73dd2ac5ecbd9065f2ca4ed56702d6bbd19de43580e6d56211be58ec7678c1609d843f7e960b71b251e0b7080c49338942cd3071076fa02f7acb SHA512 fed7f81933648945a4bfac9fb12150ecd84d32181f79be0e14e0b3a789343a87569f868670e0b8dfc2801fab39f7490f95ee8c29ba831d7611f78c14ace5ddd8
-DIST systemd-stable-249.9.tar.gz 10613893 BLAKE2B fc7a14fa3b0cc3d05fa9f20fde2efedd3ef0f011d9dce53b0a418994b4257cf753b228cf98f749fb2028d81db55ef30a6e3d9b138d86239cad4fc730d845f9e2 SHA512 ce57bc6c522082e55649fc1886c4dc818c89607e175df2c92feffe288dbd38757f36b30abeebe153f5be6b664a49d729405040a952473cb2133a2e39cf9cc164
DIST systemd-stable-250.4.tar.gz 11132786 BLAKE2B 8fdfe1bad76e572dc1be0955f3d1c4080f2beb81a2f9670f80827899f5406ab8ed8675400c2f5e8ccef44cf1bceff42ceae12a42e1b67d46c0deb523e6495f25 SHA512 307ed0920da660b6c45d909fea66864fb98db8b2f6905d629fb2012fc4bf64dd25fd61168c22bf4098200be541be9b0e815fbde98806a99c85cb33d49d8b63d0
DIST systemd-stable-250.5.tar.gz 11212059 BLAKE2B b7dbcb9e82c51e966db20a92ccd59ac19309702c481dd575c4e6367ca5ade10fe4b689925416ce1169682380cbf22d7d692b2378ef091f3007c16891992e3f92 SHA512 ad864b67bd5e2f5fd5705b636467827e4735142cefba150d24bb8e51ac0263650b2b0e53d4426eb509d1db59b83dc3b4c4bf157cc355fc2b7524db6bc4a9b5cd
diff --git a/sys-apps/systemd/files/249.9-cross-compile.patch b/sys-apps/systemd/files/249.9-cross-compile.patch
deleted file mode 100644
index e063d303c7d8..000000000000
--- a/sys-apps/systemd/files/249.9-cross-compile.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From 3d7fd38ea938ab194366f40ed7aa413ad33f2fad Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Tue, 21 Dec 2021 20:10:09 +0900
-Subject: [PATCH] meson: fix cross compiling
-
-(cherry picked from commit 3112d756a36993900b70fbff98e69a2a43b970a8)
----
- meson.build | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/meson.build b/meson.build
-index 02495d16c9..c76cab535d 100644
---- a/meson.build
-+++ b/meson.build
-@@ -442,7 +442,7 @@ conf.set('SIZEOF_DEV_T', cc.sizeof('dev_t', prefix : '#include <sys/types.h>'))
- conf.set('SIZEOF_INO_T', cc.sizeof('ino_t', prefix : '#include <sys/types.h>'))
- conf.set('SIZEOF_TIME_T', cc.sizeof('time_t', prefix : '#include <sys/time.h>'))
- conf.set('SIZEOF_RLIM_T', cc.sizeof('rlim_t', prefix : '#include <sys/resource.h>'))
--conf.set('SIZEOF_TIMEX_MEMBER', cc.sizeof('((struct timex *)0)->freq', prefix : '#include <sys/timex.h>'))
-+conf.set('SIZEOF_TIMEX_MEMBER', cc.sizeof('typeof(((struct timex *)0)->freq)', prefix : '#include <sys/timex.h>'))
-
- decl_headers = '''
- #include <uchar.h>
diff --git a/sys-apps/systemd/systemd-249.11.ebuild b/sys-apps/systemd/systemd-249.11.ebuild
deleted file mode 100644
index 79c41b24c83c..000000000000
--- a/sys-apps/systemd/systemd-249.11.ebuild
+++ /dev/null
@@ -1,505 +0,0 @@
-# Copyright 2011-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-PYTHON_COMPAT=( python3_{8..10} )
-
-# Avoid QA warnings
-TMPFILES_OPTIONAL=1
-
-if [[ ${PV} == 9999 ]]; then
- EGIT_REPO_URI="https://github.com/systemd/systemd.git"
- inherit git-r3
-else
- if [[ ${PV} == *.* ]]; then
- MY_PN=systemd-stable
- else
- MY_PN=systemd
- fi
- MY_PV=${PV/_/-}
- MY_P=${MY_PN}-${MY_PV}
- S=${WORKDIR}/${MY_P}
- SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
- KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
-fi
-
-inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev usr-ldscript
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils fido2 +gcrypt gnuefi homed http idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd"
-
-REQUIRED_USE="
- homed? ( cryptsetup pam )
- importd? ( curl gcrypt lzma )
- pwquality? ( homed )
-"
-RESTRICT="!test? ( test )"
-
-MINKV="3.11"
-
-OPENSSL_DEP=">=dev-libs/openssl-1.1.0:0="
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
- sys-libs/libcap:0=[${MULTILIB_USEDEP}]
- virtual/libcrypt:=[${MULTILIB_USEDEP}]
- acl? ( sys-apps/acl:0= )
- apparmor? ( sys-libs/libapparmor:0= )
- audit? ( >=sys-process/audit-2:0= )
- cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
- curl? ( net-misc/curl:0= )
- dns-over-tls? ( >=net-libs/gnutls-3.6.0:0= )
- elfutils? ( >=dev-libs/elfutils-0.158:0= )
- fido2? ( dev-libs/libfido2:0= )
- gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
- homed? ( ${OPENSSL_DEP} )
- http? (
- >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)]
- >=net-libs/gnutls-3.1.4:0=
- )
- idn? ( net-dns/libidn2:= )
- importd? (
- app-arch/bzip2:0=
- sys-libs/zlib:0=
- )
- kmod? ( >=sys-apps/kmod-15:0= )
- lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
- lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
- nat? ( net-firewall/iptables:0= )
- pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
- pkcs11? ( app-crypt/p11-kit:0= )
- pcre? ( dev-libs/libpcre2 )
- pwquality? ( dev-libs/libpwquality:0= )
- qrcode? ( media-gfx/qrencode:0= )
- repart? ( ${OPENSSL_DEP} )
- seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
- selinux? ( sys-libs/libselinux:0= )
- tpm? ( app-crypt/tpm2-tss:0= )
- xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
- zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
-"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
- >=sys-kernel/linux-headers-${MINKV}
- gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
-"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
- >=acct-group/adm-0-r1
- >=acct-group/wheel-0-r1
- >=acct-group/kmem-0-r1
- >=acct-group/tty-0-r1
- >=acct-group/utmp-0-r1
- >=acct-group/audio-0-r1
- >=acct-group/cdrom-0-r1
- >=acct-group/dialout-0-r1
- >=acct-group/disk-0-r1
- >=acct-group/input-0-r1
- >=acct-group/kvm-0-r1
- >=acct-group/lp-0-r1
- >=acct-group/render-0-r1
- acct-group/sgx
- >=acct-group/tape-0-r1
- acct-group/users
- >=acct-group/video-0-r1
- >=acct-group/systemd-journal-0-r1
- >=acct-user/root-0-r1
- acct-user/nobody
- >=acct-user/systemd-journal-remote-0-r1
- >=acct-user/systemd-coredump-0-r1
- >=acct-user/systemd-network-0-r1
- acct-user/systemd-oom
- >=acct-user/systemd-resolve-0-r1
- >=acct-user/systemd-timesync-0-r1
- >=sys-apps/baselayout-2.2
- selinux? ( sec-policy/selinux-base-policy[systemd] )
- sysv-utils? (
- !sys-apps/openrc[sysv-utils(-)]
- !sys-apps/sysvinit
- )
- !sysv-utils? ( sys-apps/sysvinit )
- resolvconf? ( !net-dns/openresolv )
- !build? ( || (
- sys-apps/util-linux[kill(-)]
- sys-process/procps[kill(+)]
- sys-apps/coreutils[kill(-)]
- ) )
- !sys-apps/hwids[udev]
- !sys-auth/nss-myhostname
- !sys-fs/eudev
- !sys-fs/udev
-"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
- >=sys-fs/udev-init-scripts-34
- policykit? ( sys-auth/polkit )
- !vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-BDEPEND="
- app-arch/xz-utils:0
- dev-util/gperf
- >=dev-util/meson-0.46
- >=sys-apps/coreutils-8.16
- sys-devel/gettext
- virtual/pkgconfig
- test? (
- app-text/tree
- dev-lang/perl
- sys-apps/dbus
- )
- app-text/docbook-xml-dtd:4.2
- app-text/docbook-xml-dtd:4.5
- app-text/docbook-xsl-stylesheets
- dev-libs/libxslt:0
- $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]')
- $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
-"
-
-python_check_deps() {
- has_version -b "dev-python/jinja[${PYTHON_USEDEP}]" &&
- has_version -b "dev-python/lxml[${PYTHON_USEDEP}]"
-}
-
-QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
-QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
-
-pkg_pretend() {
- if [[ ${MERGE_TYPE} != buildonly ]]; then
- if use test && has pid-sandbox ${FEATURES}; then
- ewarn "Tests are known to fail with PID sandboxing enabled."
- ewarn "See https://bugs.gentoo.org/674458."
- fi
-
- local CONFIG_CHECK="~AUTOFS4_FS ~BINFMT_MISC ~BLK_DEV_BSG ~CGROUPS
- ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
- ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
- ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
- ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
- ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
- ~!SYSFS_DEPRECATED_V2"
-
- use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
- use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
- kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
- kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
- kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
-
- if kernel_is -lt 5 10 20; then
- CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
- else
- CONFIG_CHECK+=" ~KCMP"
- fi
-
- if linux_config_exists; then
- local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
- if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
- ewarn "It's recommended to set an empty value to the following kernel config option:"
- ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
- fi
- if linux_chkconfig_present X86; then
- CONFIG_CHECK+=" ~DMIID"
- fi
- fi
-
- if kernel_is -lt ${MINKV//./ }; then
- ewarn "Kernel version at least ${MINKV} required"
- fi
-
- check_extra_config
- fi
-}
-
-pkg_setup() {
- :
-}
-
-src_unpack() {
- default
- [[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
- # Do NOT add patches here
- local PATCHES=()
-
- [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
- # Add local patches here
- PATCHES+=(
- )
-
- if ! use vanilla; then
- PATCHES+=(
- "${FILESDIR}/gentoo-generator-path-r2.patch"
- "${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
- "${FILESDIR}/gentoo-journald-audit.patch"
- )
- fi
-
- default
-}
-
-src_configure() {
- # Prevent conflicts with i686 cross toolchain, bug 559726
- tc-export AR CC NM OBJCOPY RANLIB
-
- python_setup
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=(
- --localstatedir="${EPREFIX}/var"
- -Dsupport-url="https://gentoo.org/support/"
- -Dpamlibdir="$(getpam_mod_dir)"
- # avoid bash-completion dep
- -Dbashcompletiondir="$(get_bashcompdir)"
- # make sure we get /bin:/sbin in PATH
- $(meson_use split-usr)
- -Dsplit-bin=true
- -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
- -Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
- # Avoid infinite exec recursion, bug 642724
- -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
- # no deps
- -Dima=true
- -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
- # Optional components/dependencies
- $(meson_native_use_bool acl)
- $(meson_native_use_bool apparmor)
- $(meson_native_use_bool audit)
- $(meson_native_use_bool cryptsetup libcryptsetup)
- $(meson_native_use_bool curl libcurl)
- $(meson_native_use_bool dns-over-tls dns-over-tls)
- $(meson_native_use_bool elfutils)
- $(meson_native_use_bool fido2 libfido2)
- $(meson_use gcrypt)
- $(meson_native_use_bool gnuefi gnu-efi)
- -Defi-includedir="${ESYSROOT}/usr/include/efi"
- -Defi-ld="$(tc-getLD)"
- -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)"
- $(meson_native_use_bool homed)
- $(meson_native_use_bool http microhttpd)
- $(meson_native_use_bool idn)
- $(meson_native_use_bool importd)
- $(meson_native_use_bool importd bzip2)
- $(meson_native_use_bool importd zlib)
- $(meson_native_use_bool kmod)
- $(meson_use lz4)
- $(meson_use lzma xz)
- $(meson_use zstd)
- $(meson_native_use_bool nat libiptc)
- $(meson_use pam)
- $(meson_native_use_bool pkcs11 p11kit)
- $(meson_native_use_bool pcre pcre2)
- $(meson_native_use_bool policykit polkit)
- $(meson_native_use_bool pwquality)
- $(meson_native_use_bool qrcode qrencode)
- $(meson_native_use_bool repart)
- $(meson_native_use_bool seccomp)
- $(meson_native_use_bool selinux)
- $(meson_native_use_bool tpm tpm2)
- $(meson_native_use_bool test dbus)
- $(meson_native_use_bool xkb xkbcommon)
- -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
- # Breaks screen, tmux, etc.
- -Ddefault-kill-user-processes=false
- -Dcreate-log-dirs=false
-
- # multilib options
- $(meson_native_true backlight)
- $(meson_native_true binfmt)
- $(meson_native_true coredump)
- $(meson_native_true environment-d)
- $(meson_native_true firstboot)
- $(meson_native_true hibernate)
- $(meson_native_true hostnamed)
- $(meson_native_true ldconfig)
- $(meson_native_true localed)
- $(meson_native_true man)
- $(meson_native_true networkd)
- $(meson_native_true quotacheck)
- $(meson_native_true randomseed)
- $(meson_native_true rfkill)
- $(meson_native_true sysusers)
- $(meson_native_true timedated)
- $(meson_native_true timesyncd)
- $(meson_native_true tmpfiles)
- $(meson_native_true vconsole)
- )
-
- meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_test() {
- unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
- meson_src_test
-}
-
-multilib_src_install_all() {
- local rootprefix=$(usex split-usr '' /usr)
-
- # meson doesn't know about docdir
- mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
-
- einstalldocs
- dodoc "${FILESDIR}"/nsswitch.conf
-
- if ! use resolvconf; then
- rm -f "${ED}${rootprefix}"/sbin/resolvconf || die
- fi
-
- rm "${ED}"/etc/init.d/README || die
- rm "${ED}${rootprefix}"/lib/systemd/system-generators/systemd-sysv-generator || die
-
- if ! use sysv-utils; then
- rm "${ED}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
- rm "${ED}"/usr/share/man/man1/init.1 || die
- rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
- fi
-
- if ! use resolvconf && ! use sysv-utils; then
- rmdir "${ED}${rootprefix}"/sbin || die
- fi
-
- # https://bugs.gentoo.org/761763
- rm -r "${ED}"/usr/lib/sysusers.d || die
-
- # Preserve empty dirs in /etc & /var, bug #437008
- keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
- keepdir /etc/kernel/install.d
- keepdir /etc/systemd/{network,system,user}
- keepdir /etc/udev/rules.d
-
- keepdir /etc/udev/hwdb.d
-
- keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
- keepdir /usr/lib/{binfmt.d,modules-load.d}
- keepdir /usr/lib/systemd/user-generators
- keepdir /var/lib/systemd
- keepdir /var/log/journal
-
- # Symlink /etc/sysctl.conf for easy migration.
- dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
-
- if use pam; then
- newpamd "${FILESDIR}"/systemd-user.pam systemd-user
- fi
-
- if use split-usr; then
- # Avoid breaking boot/reboot
- dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
- dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
- fi
-
- gen_usr_ldscript -a systemd udev
-}
-
-migrate_locale() {
- local envd_locale_def="${EROOT}/etc/env.d/02locale"
- local envd_locale=( "${EROOT}"/etc/env.d/??locale )
- local locale_conf="${EROOT}/etc/locale.conf"
-
- if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
- # If locale.conf does not exist...
- if [[ -e ${envd_locale} ]]; then
- # ...either copy env.d/??locale if there's one
- ebegin "Moving ${envd_locale} to ${locale_conf}"
- mv "${envd_locale}" "${locale_conf}"
- eend ${?} || FAIL=1
- else
- # ...or create a dummy default
- ebegin "Creating ${locale_conf}"
- cat > "${locale_conf}" <<-EOF
- # This file has been created by the sys-apps/systemd ebuild.
- # See locale.conf(5) and localectl(1).
-
- # LANG=${LANG}
- EOF
- eend ${?} || FAIL=1
- fi
- fi
-
- if [[ ! -L ${envd_locale} ]]; then
- # now, if env.d/??locale is not a symlink (to locale.conf)...
- if [[ -e ${envd_locale} ]]; then
- # ...warn the user that he has duplicate locale settings
- ewarn
- ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
- ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
- ewarn "and create the symlink with the following command:"
- ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
- ewarn
- else
- # ...or just create the symlink if there's nothing here
- ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
- ln -n -s ../locale.conf "${envd_locale_def}"
- eend ${?} || FAIL=1
- fi
- fi
-}
-
-pkg_preinst() {
- if ! use split-usr; then
- local dir
- for dir in bin sbin lib; do
- if [[ ! ${EROOT}/${dir} -ef ${EROOT}/usr/${dir} ]]; then
- eerror "\"${EROOT}/${dir}\" and \"${EROOT}/usr/${dir}\" are not merged."
- eerror "One of them should be a symbolic link to the other one."
- FAIL=1
- fi
- done
- if [[ ${FAIL} ]]; then
- eerror "Migration to system layout with merged directories must be performed before"
- eerror "rebuilding ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
- die "System layout with split directories still used"
- fi
- fi
-}
-
-pkg_postinst() {
- systemd_update_catalog
-
- # Keep this here in case the database format changes so it gets updated
- # when required.
- systemd-hwdb --root="${ROOT}" update
-
- udev_reload || FAIL=1
-
- # Bug 465468, make sure locales are respected, and ensure consistency
- # between OpenRC & systemd
- migrate_locale
-
- if [[ -z ${REPLACING_VERSIONS} ]]; then
- if type systemctl &>/dev/null; then
- systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
- fi
- elog "To enable a useful set of services, run the following:"
- elog " systemctl preset-all --preset-mode=enable-only"
- fi
-
- if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
- rm "${EROOT}/var/lib/systemd/timesync"
- fi
-
- if [[ ${FAIL} ]]; then
- eerror "One of the postinst commands failed. Please check the postinst output"
- eerror "for errors. You may need to clean up your system and/or try installing"
- eerror "systemd again."
- eerror
- fi
-}
-
-pkg_prerm() {
- # If removing systemd completely, remove the catalog database.
- if [[ ! ${REPLACED_BY_VERSION} ]]; then
- rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
- fi
-}
diff --git a/sys-apps/systemd/systemd-249.9.ebuild b/sys-apps/systemd/systemd-249.9.ebuild
deleted file mode 100644
index 3367ca393987..000000000000
--- a/sys-apps/systemd/systemd-249.9.ebuild
+++ /dev/null
@@ -1,506 +0,0 @@
-# Copyright 2011-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-PYTHON_COMPAT=( python3_{8..10} )
-
-# Avoid QA warnings
-TMPFILES_OPTIONAL=1
-
-if [[ ${PV} == 9999 ]]; then
- EGIT_REPO_URI="https://github.com/systemd/systemd.git"
- inherit git-r3
-else
- if [[ ${PV} == *.* ]]; then
- MY_PN=systemd-stable
- else
- MY_PN=systemd
- fi
- MY_PV=${PV/_/-}
- MY_P=${MY_PN}-${MY_PV}
- S=${WORKDIR}/${MY_P}
- SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
- KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv sparc x86"
-fi
-
-inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev usr-ldscript
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils fido2 +gcrypt gnuefi homed http idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd"
-
-REQUIRED_USE="
- homed? ( cryptsetup pam )
- importd? ( curl gcrypt lzma )
- pwquality? ( homed )
-"
-RESTRICT="!test? ( test )"
-
-MINKV="3.11"
-
-OPENSSL_DEP=">=dev-libs/openssl-1.1.0:0="
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
- sys-libs/libcap:0=[${MULTILIB_USEDEP}]
- virtual/libcrypt:=[${MULTILIB_USEDEP}]
- acl? ( sys-apps/acl:0= )
- apparmor? ( sys-libs/libapparmor:0= )
- audit? ( >=sys-process/audit-2:0= )
- cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
- curl? ( net-misc/curl:0= )
- dns-over-tls? ( >=net-libs/gnutls-3.6.0:0= )
- elfutils? ( >=dev-libs/elfutils-0.158:0= )
- fido2? ( dev-libs/libfido2:0= )
- gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
- homed? ( ${OPENSSL_DEP} )
- http? (
- >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)]
- >=net-libs/gnutls-3.1.4:0=
- )
- idn? ( net-dns/libidn2:= )
- importd? (
- app-arch/bzip2:0=
- sys-libs/zlib:0=
- )
- kmod? ( >=sys-apps/kmod-15:0= )
- lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
- lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
- nat? ( net-firewall/iptables:0= )
- pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
- pkcs11? ( app-crypt/p11-kit:0= )
- pcre? ( dev-libs/libpcre2 )
- pwquality? ( dev-libs/libpwquality:0= )
- qrcode? ( media-gfx/qrencode:0= )
- repart? ( ${OPENSSL_DEP} )
- seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
- selinux? ( sys-libs/libselinux:0= )
- tpm? ( app-crypt/tpm2-tss:0= )
- xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
- zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
-"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
- >=sys-kernel/linux-headers-${MINKV}
- gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
-"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
- >=acct-group/adm-0-r1
- >=acct-group/wheel-0-r1
- >=acct-group/kmem-0-r1
- >=acct-group/tty-0-r1
- >=acct-group/utmp-0-r1
- >=acct-group/audio-0-r1
- >=acct-group/cdrom-0-r1
- >=acct-group/dialout-0-r1
- >=acct-group/disk-0-r1
- >=acct-group/input-0-r1
- >=acct-group/kvm-0-r1
- >=acct-group/lp-0-r1
- >=acct-group/render-0-r1
- acct-group/sgx
- >=acct-group/tape-0-r1
- acct-group/users
- >=acct-group/video-0-r1
- >=acct-group/systemd-journal-0-r1
- >=acct-user/root-0-r1
- acct-user/nobody
- >=acct-user/systemd-journal-remote-0-r1
- >=acct-user/systemd-coredump-0-r1
- >=acct-user/systemd-network-0-r1
- acct-user/systemd-oom
- >=acct-user/systemd-resolve-0-r1
- >=acct-user/systemd-timesync-0-r1
- >=sys-apps/baselayout-2.2
- selinux? ( sec-policy/selinux-base-policy[systemd] )
- sysv-utils? (
- !sys-apps/openrc[sysv-utils(-)]
- !sys-apps/sysvinit
- )
- !sysv-utils? ( sys-apps/sysvinit )
- resolvconf? ( !net-dns/openresolv )
- !build? ( || (
- sys-apps/util-linux[kill(-)]
- sys-process/procps[kill(+)]
- sys-apps/coreutils[kill(-)]
- ) )
- !sys-apps/hwids[udev]
- !sys-auth/nss-myhostname
- !sys-fs/eudev
- !sys-fs/udev
-"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
- >=sys-fs/udev-init-scripts-34
- policykit? ( sys-auth/polkit )
- !vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-BDEPEND="
- app-arch/xz-utils:0
- dev-util/gperf
- >=dev-util/meson-0.46
- >=sys-apps/coreutils-8.16
- sys-devel/gettext
- virtual/pkgconfig
- test? (
- app-text/tree
- dev-lang/perl
- sys-apps/dbus
- )
- app-text/docbook-xml-dtd:4.2
- app-text/docbook-xml-dtd:4.5
- app-text/docbook-xsl-stylesheets
- dev-libs/libxslt:0
- $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]')
- $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
-"
-
-python_check_deps() {
- has_version -b "dev-python/jinja[${PYTHON_USEDEP}]" &&
- has_version -b "dev-python/lxml[${PYTHON_USEDEP}]"
-}
-
-QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
-QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
-
-pkg_pretend() {
- if [[ ${MERGE_TYPE} != buildonly ]]; then
- if use test && has pid-sandbox ${FEATURES}; then
- ewarn "Tests are known to fail with PID sandboxing enabled."
- ewarn "See https://bugs.gentoo.org/674458."
- fi
-
- local CONFIG_CHECK="~AUTOFS4_FS ~BINFMT_MISC ~BLK_DEV_BSG ~CGROUPS
- ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
- ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
- ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
- ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
- ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
- ~!SYSFS_DEPRECATED_V2"
-
- use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
- use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
- kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
- kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
- kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
-
- if kernel_is -lt 5 10 20; then
- CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
- else
- CONFIG_CHECK+=" ~KCMP"
- fi
-
- if linux_config_exists; then
- local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
- if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
- ewarn "It's recommended to set an empty value to the following kernel config option:"
- ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
- fi
- if linux_chkconfig_present X86; then
- CONFIG_CHECK+=" ~DMIID"
- fi
- fi
-
- if kernel_is -lt ${MINKV//./ }; then
- ewarn "Kernel version at least ${MINKV} required"
- fi
-
- check_extra_config
- fi
-}
-
-pkg_setup() {
- :
-}
-
-src_unpack() {
- default
- [[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
- # Do NOT add patches here
- local PATCHES=()
-
- [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
- # Add local patches here
- PATCHES+=(
- "${FILESDIR}/249.9-cross-compile.patch"
- )
-
- if ! use vanilla; then
- PATCHES+=(
- "${FILESDIR}/gentoo-generator-path-r2.patch"
- "${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
- "${FILESDIR}/gentoo-journald-audit.patch"
- )
- fi
-
- default
-}
-
-src_configure() {
- # Prevent conflicts with i686 cross toolchain, bug 559726
- tc-export AR CC NM OBJCOPY RANLIB
-
- python_setup
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=(
- --localstatedir="${EPREFIX}/var"
- -Dsupport-url="https://gentoo.org/support/"
- -Dpamlibdir="$(getpam_mod_dir)"
- # avoid bash-completion dep
- -Dbashcompletiondir="$(get_bashcompdir)"
- # make sure we get /bin:/sbin in PATH
- $(meson_use split-usr)
- -Dsplit-bin=true
- -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
- -Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
- # Avoid infinite exec recursion, bug 642724
- -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
- # no deps
- -Dima=true
- -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
- # Optional components/dependencies
- $(meson_native_use_bool acl)
- $(meson_native_use_bool apparmor)
- $(meson_native_use_bool audit)
- $(meson_native_use_bool cryptsetup libcryptsetup)
- $(meson_native_use_bool curl libcurl)
- $(meson_native_use_bool dns-over-tls dns-over-tls)
- $(meson_native_use_bool elfutils)
- $(meson_native_use_bool fido2 libfido2)
- $(meson_use gcrypt)
- $(meson_native_use_bool gnuefi gnu-efi)
- -Defi-includedir="${ESYSROOT}/usr/include/efi"
- -Defi-ld="$(tc-getLD)"
- -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)"
- $(meson_native_use_bool homed)
- $(meson_native_use_bool http microhttpd)
- $(meson_native_use_bool idn)
- $(meson_native_use_bool importd)
- $(meson_native_use_bool importd bzip2)
- $(meson_native_use_bool importd zlib)
- $(meson_native_use_bool kmod)
- $(meson_use lz4)
- $(meson_use lzma xz)
- $(meson_use zstd)
- $(meson_native_use_bool nat libiptc)
- $(meson_use pam)
- $(meson_native_use_bool pkcs11 p11kit)
- $(meson_native_use_bool pcre pcre2)
- $(meson_native_use_bool policykit polkit)
- $(meson_native_use_bool pwquality)
- $(meson_native_use_bool qrcode qrencode)
- $(meson_native_use_bool repart)
- $(meson_native_use_bool seccomp)
- $(meson_native_use_bool selinux)
- $(meson_native_use_bool tpm tpm2)
- $(meson_native_use_bool test dbus)
- $(meson_native_use_bool xkb xkbcommon)
- -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
- # Breaks screen, tmux, etc.
- -Ddefault-kill-user-processes=false
- -Dcreate-log-dirs=false
-
- # multilib options
- $(meson_native_true backlight)
- $(meson_native_true binfmt)
- $(meson_native_true coredump)
- $(meson_native_true environment-d)
- $(meson_native_true firstboot)
- $(meson_native_true hibernate)
- $(meson_native_true hostnamed)
- $(meson_native_true ldconfig)
- $(meson_native_true localed)
- $(meson_native_true man)
- $(meson_native_true networkd)
- $(meson_native_true quotacheck)
- $(meson_native_true randomseed)
- $(meson_native_true rfkill)
- $(meson_native_true sysusers)
- $(meson_native_true timedated)
- $(meson_native_true timesyncd)
- $(meson_native_true tmpfiles)
- $(meson_native_true vconsole)
- )
-
- meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_test() {
- unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
- meson_src_test
-}
-
-multilib_src_install_all() {
- local rootprefix=$(usex split-usr '' /usr)
-
- # meson doesn't know about docdir
- mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
-
- einstalldocs
- dodoc "${FILESDIR}"/nsswitch.conf
-
- if ! use resolvconf; then
- rm -f "${ED}${rootprefix}"/sbin/resolvconf || die
- fi
-
- rm "${ED}"/etc/init.d/README || die
- rm "${ED}${rootprefix}"/lib/systemd/system-generators/systemd-sysv-generator || die
-
- if ! use sysv-utils; then
- rm "${ED}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
- rm "${ED}"/usr/share/man/man1/init.1 || die
- rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
- fi
-
- if ! use resolvconf && ! use sysv-utils; then
- rmdir "${ED}${rootprefix}"/sbin || die
- fi
-
- # https://bugs.gentoo.org/761763
- rm -r "${ED}"/usr/lib/sysusers.d || die
-
- # Preserve empty dirs in /etc & /var, bug #437008
- keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
- keepdir /etc/kernel/install.d
- keepdir /etc/systemd/{network,system,user}
- keepdir /etc/udev/rules.d
-
- keepdir /etc/udev/hwdb.d
-
- keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
- keepdir /usr/lib/{binfmt.d,modules-load.d}
- keepdir /usr/lib/systemd/user-generators
- keepdir /var/lib/systemd
- keepdir /var/log/journal
-
- # Symlink /etc/sysctl.conf for easy migration.
- dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
-
- if use pam; then
- newpamd "${FILESDIR}"/systemd-user.pam systemd-user
- fi
-
- if use split-usr; then
- # Avoid breaking boot/reboot
- dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
- dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
- fi
-
- gen_usr_ldscript -a systemd udev
-}
-
-migrate_locale() {
- local envd_locale_def="${EROOT}/etc/env.d/02locale"
- local envd_locale=( "${EROOT}"/etc/env.d/??locale )
- local locale_conf="${EROOT}/etc/locale.conf"
-
- if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
- # If locale.conf does not exist...
- if [[ -e ${envd_locale} ]]; then
- # ...either copy env.d/??locale if there's one
- ebegin "Moving ${envd_locale} to ${locale_conf}"
- mv "${envd_locale}" "${locale_conf}"
- eend ${?} || FAIL=1
- else
- # ...or create a dummy default
- ebegin "Creating ${locale_conf}"
- cat > "${locale_conf}" <<-EOF
- # This file has been created by the sys-apps/systemd ebuild.
- # See locale.conf(5) and localectl(1).
-
- # LANG=${LANG}
- EOF
- eend ${?} || FAIL=1
- fi
- fi
-
- if [[ ! -L ${envd_locale} ]]; then
- # now, if env.d/??locale is not a symlink (to locale.conf)...
- if [[ -e ${envd_locale} ]]; then
- # ...warn the user that he has duplicate locale settings
- ewarn
- ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
- ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
- ewarn "and create the symlink with the following command:"
- ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
- ewarn
- else
- # ...or just create the symlink if there's nothing here
- ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
- ln -n -s ../locale.conf "${envd_locale_def}"
- eend ${?} || FAIL=1
- fi
- fi
-}
-
-pkg_preinst() {
- if ! use split-usr; then
- local dir
- for dir in bin sbin lib; do
- if [[ ! ${EROOT}/${dir} -ef ${EROOT}/usr/${dir} ]]; then
- eerror "\"${EROOT}/${dir}\" and \"${EROOT}/usr/${dir}\" are not merged."
- eerror "One of them should be a symbolic link to the other one."
- FAIL=1
- fi
- done
- if [[ ${FAIL} ]]; then
- eerror "Migration to system layout with merged directories must be performed before"
- eerror "rebuilding ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
- die "System layout with split directories still used"
- fi
- fi
-}
-
-pkg_postinst() {
- systemd_update_catalog
-
- # Keep this here in case the database format changes so it gets updated
- # when required.
- systemd-hwdb --root="${ROOT}" update
-
- udev_reload || FAIL=1
-
- # Bug 465468, make sure locales are respected, and ensure consistency
- # between OpenRC & systemd
- migrate_locale
-
- if [[ -z ${REPLACING_VERSIONS} ]]; then
- if type systemctl &>/dev/null; then
- systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
- fi
- elog "To enable a useful set of services, run the following:"
- elog " systemctl preset-all --preset-mode=enable-only"
- fi
-
- if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
- rm "${EROOT}/var/lib/systemd/timesync"
- fi
-
- if [[ ${FAIL} ]]; then
- eerror "One of the postinst commands failed. Please check the postinst output"
- eerror "for errors. You may need to clean up your system and/or try installing"
- eerror "systemd again."
- eerror
- fi
-}
-
-pkg_prerm() {
- # If removing systemd completely, remove the catalog database.
- if [[ ! ${REPLACED_BY_VERSION} ]]; then
- rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
- fi
-}
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2022-03-25 4:56 Sam James
0 siblings, 0 replies; 65+ messages in thread
From: Sam James @ 2022-03-25 4:56 UTC (permalink / raw
To: gentoo-commits
commit: 6ce7901f80b073f8206f95aadf8e119eca7695b2
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 25 04:56:04 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Mar 25 04:56:04 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ce7901f
sys-apps/systemd: backport RNG seed fix/improvements
Bug: https://github.com/systemd/systemd/issues/21983
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../systemd/files/250.4-random-seed-hash.patch | 74 +++
sys-apps/systemd/systemd-250.4-r1.ebuild | 521 +++++++++++++++++++++
2 files changed, 595 insertions(+)
diff --git a/sys-apps/systemd/files/250.4-random-seed-hash.patch b/sys-apps/systemd/files/250.4-random-seed-hash.patch
new file mode 100644
index 000000000000..efaa8cdfcaac
--- /dev/null
+++ b/sys-apps/systemd/files/250.4-random-seed-hash.patch
@@ -0,0 +1,74 @@
+https://github.com/systemd/systemd-stable/commit/ed46ff2bd6ca21d83cae4a94c3ed752ad1b64cce
+
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Mon, 3 Jan 2022 18:11:32 +0100
+Subject: [PATCH] random-seed: hash together old seed and new seed before
+ writing out file
+
+If we're consuming an on-disk seed, we usually write out a new one after
+consuming it. In that case, we might be at early boot and the randomness
+could be rather poor, and the kernel doesn't guarantee that it'll use
+the new randomness right away for us. In order to prevent the new
+entropy from getting any worse, hash together the old seed and the new
+seed, and replace the final bytes of the new seed with the hash output.
+This way, entropy strictly increases and never regresses.
+
+(cherry picked from commit da2862ef06f22fc8d31dafced6d2d6dc14f2ee0b)
+--- a/src/random-seed/random-seed.c
++++ b/src/random-seed/random-seed.c
+@@ -26,6 +26,7 @@
+ #include "random-util.h"
+ #include "string-util.h"
+ #include "sync-util.h"
++#include "sha256.h"
+ #include "util.h"
+ #include "xattr-util.h"
+
+@@ -106,9 +107,11 @@ static int run(int argc, char *argv[]) {
+ _cleanup_close_ int seed_fd = -1, random_fd = -1;
+ bool read_seed_file, write_seed_file, synchronous;
+ _cleanup_free_ void* buf = NULL;
++ struct sha256_ctx hash_state;
++ uint8_t hash[32];
+ size_t buf_size;
+ struct stat st;
+- ssize_t k;
++ ssize_t k, l;
+ int r;
+
+ log_setup();
+@@ -242,6 +245,16 @@ static int run(int argc, char *argv[]) {
+ if (r < 0)
+ log_error_errno(r, "Failed to write seed to /dev/urandom: %m");
+ }
++ /* If we're going to later write out a seed file, initialize a hash state with
++ * the contents of the seed file we just read, so that the new one can't regress
++ * in entropy. */
++ if (write_seed_file) {
++ sha256_init_ctx(&hash_state);
++ if (k < 0)
++ k = 0;
++ sha256_process_bytes(&k, sizeof(k), &hash_state);
++ sha256_process_bytes(buf, k, &hash_state);
++ }
+ }
+
+ if (write_seed_file) {
+@@ -277,6 +290,17 @@ static int run(int argc, char *argv[]) {
+ "Got EOF while reading from /dev/urandom.");
+ }
+
++ /* If we previously read in a seed file, then hash the new seed into the old one,
++ * and replace the last 32 bytes of the seed with the hash output, so that the
++ * new seed file can't regress in entropy. */
++ if (read_seed_file) {
++ sha256_process_bytes(&k, sizeof(k), &hash_state);
++ sha256_process_bytes(buf, k, &hash_state);
++ sha256_finish_ctx(&hash_state, hash);
++ l = MIN(k, 32);
++ memcpy((uint8_t *)buf + k - l, hash, l);
++ }
++
+ r = loop_write(seed_fd, buf, (size_t) k, false);
+ if (r < 0)
+ return log_error_errno(r, "Failed to write new random seed file: %m");
diff --git a/sys-apps/systemd/systemd-250.4-r1.ebuild b/sys-apps/systemd/systemd-250.4-r1.ebuild
new file mode 100644
index 000000000000..444d748cfd2b
--- /dev/null
+++ b/sys-apps/systemd/systemd-250.4-r1.ebuild
@@ -0,0 +1,521 @@
+# Copyright 2011-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+PYTHON_COMPAT=( python3_{8..10} )
+
+# Avoid QA warnings
+TMPFILES_OPTIONAL=1
+
+if [[ ${PV} == 9999 ]]; then
+ EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+ inherit git-r3
+else
+ if [[ ${PV} == *.* ]]; then
+ MY_PN=systemd-stable
+ else
+ MY_PN=systemd
+ fi
+ MY_PV=${PV/_/-}
+ MY_P=${MY_PN}-${MY_PV}
+ S=${WORKDIR}/${MY_P}
+ SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev usr-ldscript
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="
+ acl apparmor audit build cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
+ fido2 +gcrypt gnuefi gnutls homed hostnamed-fallback http idn importd +kmod
+ +lz4 lzma nat +openssl pam pcre pkcs11 policykit pwquality qrcode
+ +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd
+"
+REQUIRED_USE="
+ dns-over-tls? ( || ( gnutls openssl ) )
+ homed? ( cryptsetup pam openssl )
+ importd? ( curl lzma || ( gcrypt openssl ) )
+ policykit? ( !hostnamed-fallback )
+ pwquality? ( homed )
+"
+RESTRICT="!test? ( test )"
+
+MINKV="3.11"
+
+COMMON_DEPEND="
+ >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+ sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+ virtual/libcrypt:=[${MULTILIB_USEDEP}]
+ acl? ( sys-apps/acl:0= )
+ apparmor? ( sys-libs/libapparmor:0= )
+ audit? ( >=sys-process/audit-2:0= )
+ cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
+ curl? ( net-misc/curl:0= )
+ elfutils? ( >=dev-libs/elfutils-0.158:0= )
+ fido2? ( dev-libs/libfido2:0= )
+ gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+ gnutls? ( >=net-libs/gnutls-3.6.0:0= )
+ http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
+ idn? ( net-dns/libidn2:= )
+ importd? (
+ app-arch/bzip2:0=
+ sys-libs/zlib:0=
+ )
+ kmod? ( >=sys-apps/kmod-15:0= )
+ lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+ nat? ( net-firewall/iptables:0= )
+ openssl? ( >=dev-libs/openssl-1.1.0:0= )
+ pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
+ pkcs11? ( app-crypt/p11-kit:0= )
+ pcre? ( dev-libs/libpcre2 )
+ pwquality? ( dev-libs/libpwquality:0= )
+ qrcode? ( media-gfx/qrencode:0= )
+ seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+ selinux? ( sys-libs/libselinux:0= )
+ tpm? ( app-crypt/tpm2-tss:0= )
+ xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
+ zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
+"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+ >=sys-kernel/linux-headers-${MINKV}
+ gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
+"
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+ >=acct-group/adm-0-r1
+ >=acct-group/wheel-0-r1
+ >=acct-group/kmem-0-r1
+ >=acct-group/tty-0-r1
+ >=acct-group/utmp-0-r1
+ >=acct-group/audio-0-r1
+ >=acct-group/cdrom-0-r1
+ >=acct-group/dialout-0-r1
+ >=acct-group/disk-0-r1
+ >=acct-group/input-0-r1
+ >=acct-group/kvm-0-r1
+ >=acct-group/lp-0-r1
+ >=acct-group/render-0-r1
+ acct-group/sgx
+ >=acct-group/tape-0-r1
+ acct-group/users
+ >=acct-group/video-0-r1
+ >=acct-group/systemd-journal-0-r1
+ >=acct-user/root-0-r1
+ acct-user/nobody
+ >=acct-user/systemd-journal-remote-0-r1
+ >=acct-user/systemd-coredump-0-r1
+ >=acct-user/systemd-network-0-r1
+ acct-user/systemd-oom
+ >=acct-user/systemd-resolve-0-r1
+ >=acct-user/systemd-timesync-0-r1
+ >=sys-apps/baselayout-2.2
+ hostnamed-fallback? (
+ acct-group/systemd-hostname
+ sys-apps/dbus-broker
+ )
+ selinux? ( sec-policy/selinux-base-policy[systemd] )
+ sysv-utils? (
+ !sys-apps/openrc[sysv-utils(-)]
+ !sys-apps/sysvinit
+ )
+ !sysv-utils? ( sys-apps/sysvinit )
+ resolvconf? ( !net-dns/openresolv )
+ !build? ( || (
+ sys-apps/util-linux[kill(-)]
+ sys-process/procps[kill(+)]
+ sys-apps/coreutils[kill(-)]
+ ) )
+ !sys-apps/hwids[udev]
+ !sys-auth/nss-myhostname
+ !sys-fs/eudev
+ !sys-fs/udev
+"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+ >=sys-fs/udev-init-scripts-34
+ policykit? ( sys-auth/polkit )
+ !vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+BDEPEND="
+ app-arch/xz-utils:0
+ dev-util/gperf
+ >=dev-util/meson-0.46
+ >=sys-apps/coreutils-8.16
+ sys-devel/gettext
+ virtual/pkgconfig
+ test? (
+ app-text/tree
+ dev-lang/perl
+ sys-apps/dbus
+ )
+ app-text/docbook-xml-dtd:4.2
+ app-text/docbook-xml-dtd:4.5
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt:0
+ $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]')
+ $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
+"
+
+python_check_deps() {
+ has_version -b "dev-python/jinja[${PYTHON_USEDEP}]" &&
+ has_version -b "dev-python/lxml[${PYTHON_USEDEP}]"
+}
+
+QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
+QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
+
+pkg_pretend() {
+ if [[ ${MERGE_TYPE} != buildonly ]]; then
+ if use test && has pid-sandbox ${FEATURES}; then
+ ewarn "Tests are known to fail with PID sandboxing enabled."
+ ewarn "See https://bugs.gentoo.org/674458."
+ fi
+
+ local CONFIG_CHECK="~AUTOFS4_FS ~BINFMT_MISC ~BLK_DEV_BSG ~CGROUPS
+ ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+ ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+ ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
+ ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+ ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+ ~!SYSFS_DEPRECATED_V2"
+
+ use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+ use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+ kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
+ kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
+ kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
+
+ if kernel_is -lt 5 10 20; then
+ CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
+ else
+ CONFIG_CHECK+=" ~KCMP"
+ fi
+
+ if linux_config_exists; then
+ local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+ if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+ ewarn "It's recommended to set an empty value to the following kernel config option:"
+ ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+ fi
+ if linux_chkconfig_present X86; then
+ CONFIG_CHECK+=" ~DMIID"
+ fi
+ fi
+
+ if kernel_is -lt ${MINKV//./ }; then
+ ewarn "Kernel version at least ${MINKV} required"
+ fi
+
+ check_extra_config
+ fi
+}
+
+pkg_setup() {
+ :
+}
+
+src_unpack() {
+ default
+ [[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+ # Do NOT add patches here
+ local PATCHES=()
+
+ [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
+
+ # Add local patches here
+ PATCHES+=(
+ "${FILESDIR}/250.4-random-seed-hash.patch"
+ )
+
+ if ! use vanilla; then
+ PATCHES+=(
+ "${FILESDIR}/gentoo-generator-path-r2.patch"
+ "${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
+ "${FILESDIR}/gentoo-journald-audit.patch"
+ )
+ fi
+
+ default
+}
+
+src_configure() {
+ # Prevent conflicts with i686 cross toolchain, bug 559726
+ tc-export AR CC NM OBJCOPY RANLIB
+
+ python_setup
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=(
+ --localstatedir="${EPREFIX}/var"
+ -Dsupport-url="https://gentoo.org/support/"
+ -Dpamlibdir="$(getpam_mod_dir)"
+ # avoid bash-completion dep
+ -Dbashcompletiondir="$(get_bashcompdir)"
+ # make sure we get /bin:/sbin in PATH
+ $(meson_use split-usr)
+ -Dsplit-bin=true
+ -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
+ -Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
+ # Avoid infinite exec recursion, bug 642724
+ -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+ # no deps
+ -Dima=true
+ -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
+ # Optional components/dependencies
+ $(meson_native_use_bool acl)
+ $(meson_native_use_bool apparmor)
+ $(meson_native_use_bool audit)
+ $(meson_native_use_bool cryptsetup libcryptsetup)
+ $(meson_native_use_bool curl libcurl)
+ $(meson_native_use_bool dns-over-tls dns-over-tls)
+ $(meson_native_use_bool elfutils)
+ $(meson_native_use_bool fido2 libfido2)
+ $(meson_use gcrypt)
+ $(meson_native_use_bool gnuefi gnu-efi)
+ $(meson_native_use_bool gnutls)
+ -Defi-includedir="${ESYSROOT}/usr/include/efi"
+ -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)"
+ $(meson_native_use_bool homed)
+ $(meson_native_use_bool http microhttpd)
+ $(meson_native_use_bool idn)
+ $(meson_native_use_bool importd)
+ $(meson_native_use_bool importd bzip2)
+ $(meson_native_use_bool importd zlib)
+ $(meson_native_use_bool kmod)
+ $(meson_use lz4)
+ $(meson_use lzma xz)
+ $(meson_use zstd)
+ $(meson_native_use_bool nat libiptc)
+ $(meson_native_use_bool openssl)
+ $(meson_use pam)
+ $(meson_native_use_bool pkcs11 p11kit)
+ $(meson_native_use_bool pcre pcre2)
+ $(meson_native_use_bool policykit polkit)
+ $(meson_native_use_bool pwquality)
+ $(meson_native_use_bool qrcode qrencode)
+ $(meson_native_use_bool seccomp)
+ $(meson_native_use_bool selinux)
+ $(meson_native_use_bool tpm tpm2)
+ $(meson_native_use_bool test dbus)
+ $(meson_native_use_bool xkb xkbcommon)
+ -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+ # Breaks screen, tmux, etc.
+ -Ddefault-kill-user-processes=false
+ -Dcreate-log-dirs=false
+
+ # multilib options
+ $(meson_native_true backlight)
+ $(meson_native_true binfmt)
+ $(meson_native_true coredump)
+ $(meson_native_true environment-d)
+ $(meson_native_true firstboot)
+ $(meson_native_true hibernate)
+ $(meson_native_true hostnamed)
+ $(meson_native_true ldconfig)
+ $(meson_native_true localed)
+ $(meson_native_true man)
+ $(meson_native_true networkd)
+ $(meson_native_true quotacheck)
+ $(meson_native_true randomseed)
+ $(meson_native_true rfkill)
+ $(meson_native_true sysusers)
+ $(meson_native_true timedated)
+ $(meson_native_true timesyncd)
+ $(meson_native_true tmpfiles)
+ $(meson_native_true vconsole)
+ )
+
+ meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_test() {
+ unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
+ meson_src_test
+}
+
+multilib_src_install_all() {
+ local rootprefix=$(usex split-usr '' /usr)
+
+ # meson doesn't know about docdir
+ mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
+
+ einstalldocs
+ dodoc "${FILESDIR}"/nsswitch.conf
+
+ if ! use resolvconf; then
+ rm -f "${ED}${rootprefix}"/sbin/resolvconf || die
+ fi
+
+ rm "${ED}"/etc/init.d/README || die
+ rm "${ED}${rootprefix}"/lib/systemd/system-generators/systemd-sysv-generator || die
+
+ if ! use sysv-utils; then
+ rm "${ED}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
+ rm "${ED}"/usr/share/man/man1/init.1 || die
+ rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
+ fi
+
+ if ! use resolvconf && ! use sysv-utils; then
+ rmdir "${ED}${rootprefix}"/sbin || die
+ fi
+
+ # https://bugs.gentoo.org/761763
+ rm -r "${ED}"/usr/lib/sysusers.d || die
+
+ # Preserve empty dirs in /etc & /var, bug #437008
+ keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+ keepdir /etc/kernel/install.d
+ keepdir /etc/systemd/{network,system,user}
+ keepdir /etc/udev/rules.d
+
+ keepdir /etc/udev/hwdb.d
+
+ keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
+ keepdir /usr/lib/{binfmt.d,modules-load.d}
+ keepdir /usr/lib/systemd/user-generators
+ keepdir /var/lib/systemd
+ keepdir /var/log/journal
+
+ # Symlink /etc/sysctl.conf for easy migration.
+ dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
+
+ if use pam; then
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
+
+ if use split-usr; then
+ # Avoid breaking boot/reboot
+ dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
+ dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
+ fi
+
+ # workaround for https://github.com/systemd/systemd/issues/13501
+ if use hostnamed-fallback; then
+ # this file requires dbus-broker
+ insinto /usr/share/dbus-1/system.d/
+ doins "${FILESDIR}/org.freedesktop.hostname1_no_polkit.conf"
+
+ insinto "${rootprefix}/lib/systemd/system/systemd-hostnamed.service.d/"
+ doins "${FILESDIR}/00-hostnamed-network-user.conf"
+ fi
+
+ gen_usr_ldscript -a systemd udev
+}
+
+migrate_locale() {
+ local envd_locale_def="${EROOT}/etc/env.d/02locale"
+ local envd_locale=( "${EROOT}"/etc/env.d/??locale )
+ local locale_conf="${EROOT}/etc/locale.conf"
+
+ if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+ # If locale.conf does not exist...
+ if [[ -e ${envd_locale} ]]; then
+ # ...either copy env.d/??locale if there's one
+ ebegin "Moving ${envd_locale} to ${locale_conf}"
+ mv "${envd_locale}" "${locale_conf}"
+ eend ${?} || FAIL=1
+ else
+ # ...or create a dummy default
+ ebegin "Creating ${locale_conf}"
+ cat > "${locale_conf}" <<-EOF
+ # This file has been created by the sys-apps/systemd ebuild.
+ # See locale.conf(5) and localectl(1).
+
+ # LANG=${LANG}
+ EOF
+ eend ${?} || FAIL=1
+ fi
+ fi
+
+ if [[ ! -L ${envd_locale} ]]; then
+ # now, if env.d/??locale is not a symlink (to locale.conf)...
+ if [[ -e ${envd_locale} ]]; then
+ # ...warn the user that he has duplicate locale settings
+ ewarn
+ ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+ ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+ ewarn "and create the symlink with the following command:"
+ ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+ ewarn
+ else
+ # ...or just create the symlink if there's nothing here
+ ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+ ln -n -s ../locale.conf "${envd_locale_def}"
+ eend ${?} || FAIL=1
+ fi
+ fi
+}
+
+pkg_preinst() {
+ if ! use split-usr; then
+ local dir
+ for dir in bin sbin lib; do
+ if [[ ! ${EROOT}/${dir} -ef ${EROOT}/usr/${dir} ]]; then
+ eerror "\"${EROOT}/${dir}\" and \"${EROOT}/usr/${dir}\" are not merged."
+ eerror "One of them should be a symbolic link to the other one."
+ FAIL=1
+ fi
+ done
+ if [[ ${FAIL} ]]; then
+ eerror "Migration to system layout with merged directories must be performed before"
+ eerror "rebuilding ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
+ die "System layout with split directories still used"
+ fi
+ fi
+}
+
+pkg_postinst() {
+ systemd_update_catalog
+
+ # Keep this here in case the database format changes so it gets updated
+ # when required.
+ systemd-hwdb --root="${ROOT}" update
+
+ udev_reload || FAIL=1
+
+ # Bug 465468, make sure locales are respected, and ensure consistency
+ # between OpenRC & systemd
+ migrate_locale
+
+ if [[ -z ${REPLACING_VERSIONS} ]]; then
+ if type systemctl &>/dev/null; then
+ systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
+ fi
+ elog "To enable a useful set of services, run the following:"
+ elog " systemctl preset-all --preset-mode=enable-only"
+ fi
+
+ if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
+ rm "${EROOT}/var/lib/systemd/timesync"
+ fi
+
+ if [[ ${FAIL} ]]; then
+ eerror "One of the postinst commands failed. Please check the postinst output"
+ eerror "for errors. You may need to clean up your system and/or try installing"
+ eerror "systemd again."
+ eerror
+ fi
+}
+
+pkg_prerm() {
+ # If removing systemd completely, remove the catalog database.
+ if [[ ! ${REPLACED_BY_VERSION} ]]; then
+ rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+ fi
+}
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2021-12-25 18:20 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2021-12-25 18:20 UTC (permalink / raw
To: gentoo-commits
commit: 9a73ceca960a687e8457fa24a382fa04ef4dc6f9
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 25 18:19:04 2021 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Dec 25 18:19:04 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a73ceca
sys-apps/systemd: backport build fix for USE="-dns-over-tls -gcrypt"
Closes: https://bugs.gentoo.org/829944
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-apps/systemd/files/250-fix-openssl.patch | 102 +++++++++++++++++++++++++++
sys-apps/systemd/systemd-250.ebuild | 1 +
2 files changed, 103 insertions(+)
diff --git a/sys-apps/systemd/files/250-fix-openssl.patch b/sys-apps/systemd/files/250-fix-openssl.patch
new file mode 100644
index 000000000000..520ba0b66427
--- /dev/null
+++ b/sys-apps/systemd/files/250-fix-openssl.patch
@@ -0,0 +1,102 @@
+From 9bcf483b117b23ae25bf4a5d39ddc3eade8659a6 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Fri, 24 Dec 2021 10:06:13 +0900
+Subject: [PATCH] meson: fix build with -Dcryptolib=openssl
+ -Ddns-over-tls=false
+
+Previously, when -Ddns-over-tls=false, libopenssl was missing in the
+dependency of resolved.
+Also, this drops libgpg_error when it is not necessary.
+
+Replaces #21878.
+---
+ meson.build | 3 +--
+ src/resolve/meson.build | 9 +--------
+ 2 files changed, 2 insertions(+), 10 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index c0cbadecb123..0b7c1918ad4c 100644
+--- a/meson.build
++++ b/meson.build
+@@ -1474,7 +1474,7 @@ conf.set10('PREFER_OPENSSL',
+ opt == 'openssl' or (opt == 'auto' and conf.get('HAVE_OPENSSL') == 1 and conf.get('HAVE_GCRYPT') == 0))
+ conf.set10('HAVE_OPENSSL_OR_GCRYPT',
+ conf.get('HAVE_OPENSSL') == 1 or conf.get('HAVE_GCRYPT') == 1)
+-lib_openssl_or_gcrypt = conf.get('PREFER_OPENSSL') == 1 ? libopenssl : libgcrypt
++lib_openssl_or_gcrypt = conf.get('PREFER_OPENSSL') == 1 ? [libopenssl] : [libgcrypt, libgpg_error]
+
+ dns_over_tls = get_option('dns-over-tls')
+ if dns_over_tls != 'false'
+@@ -2200,7 +2200,6 @@ if conf.get('ENABLE_RESOLVE') == 1
+ libsystemd_resolve_core],
+ dependencies : [threads,
+ lib_openssl_or_gcrypt,
+- libgpg_error,
+ libm,
+ libidn],
+ install_rpath : rootlibexecdir,
+diff --git a/src/resolve/meson.build b/src/resolve/meson.build
+index 0580fbeec625..2cdf24b1cbef 100644
+--- a/src/resolve/meson.build
++++ b/src/resolve/meson.build
+@@ -135,7 +135,7 @@ systemd_resolved_sources += custom_target(
+ output : 'resolved-dnssd-gperf.c',
+ command : [gperf, '@INPUT@', '--output-file', '@OUTPUT@'])
+
+-systemd_resolved_dependencies = [threads, libgpg_error, libm]
++systemd_resolved_dependencies = [threads, libm] + [lib_openssl_or_gcrypt]
+ if conf.get('ENABLE_DNS_OVER_TLS') == 1
+ if conf.get('DNS_OVER_TLS_USE_GNUTLS') == 1
+ systemd_resolved_sources += files(
+@@ -178,14 +178,12 @@ tests += [
+ [libsystemd_resolve_core,
+ libshared],
+ [lib_openssl_or_gcrypt,
+- libgpg_error,
+ libm]],
+
+ [['src/resolve/test-dns-packet.c'],
+ [libsystemd_resolve_core,
+ libshared],
+ [lib_openssl_or_gcrypt,
+- libgpg_error,
+ libm]],
+
+ [['src/resolve/test-resolved-etc-hosts.c',
+@@ -194,21 +192,18 @@ tests += [
+ [libsystemd_resolve_core,
+ libshared],
+ [lib_openssl_or_gcrypt,
+- libgpg_error,
+ libm]],
+
+ [['src/resolve/test-resolved-packet.c'],
+ [libsystemd_resolve_core,
+ libshared],
+ [lib_openssl_or_gcrypt,
+- libgpg_error,
+ libm]],
+
+ [['src/resolve/test-dnssec.c'],
+ [libsystemd_resolve_core,
+ libshared],
+ [lib_openssl_or_gcrypt,
+- libgpg_error,
+ libm],
+ [], 'HAVE_OPENSSL_OR_GCRYPT'],
+
+@@ -216,7 +211,6 @@ tests += [
+ [libsystemd_resolve_core,
+ libshared],
+ [lib_openssl_or_gcrypt,
+- libgpg_error,
+ libm],
+ [], '', 'manual'],
+ ]
+@@ -226,6 +220,5 @@ fuzzers += [
+ [libsystemd_resolve_core,
+ libshared],
+ [lib_openssl_or_gcrypt,
+- libgpg_error,
+ libm]],
+ ]
diff --git a/sys-apps/systemd/systemd-250.ebuild b/sys-apps/systemd/systemd-250.ebuild
index bc4018c9efa4..26dc346527a3 100644
--- a/sys-apps/systemd/systemd-250.ebuild
+++ b/sys-apps/systemd/systemd-250.ebuild
@@ -237,6 +237,7 @@ src_prepare() {
# Add local patches here
PATCHES+=(
+ "${FILESDIR}"/250-fix-openssl.patch
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2021-12-09 19:40 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2021-12-09 19:40 UTC (permalink / raw
To: gentoo-commits
commit: 1f2e7fd084a9c6571af78262eacd9c153fbf1c3f
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 9 19:39:31 2021 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Dec 9 19:39:31 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f2e7fd0
sys-apps/systemd: drop 249.4-r4
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-apps/systemd/Manifest | 1 -
sys-apps/systemd/files/249-fido2.patch | 58 ---
.../systemd/files/249-home-secret-assert.patch | 106 -----
sys-apps/systemd/files/249-libudev-static.patch | 26 -
sys-apps/systemd/files/249-network-renaming.patch | 41 --
sys-apps/systemd/systemd-249.4-r4.ebuild | 524 ---------------------
6 files changed, 756 deletions(-)
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index b4ec49408dd1..ec8fbe294598 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,2 +1 @@
-DIST systemd-stable-249.4.tar.gz 10593723 BLAKE2B 466b3cb27c4bc6c85c9ba50f6614175b2c31a4c177d452542faa1395e99511440029b1a093dc80a5a1a0135eed09d8b1849572f36dba4e18a1396230bfc31adb SHA512 5b9ec28102538bc3dcb632ee16389ff20dccf4b723186f6ae2da119a1809d84db0d8bcecf9b75c5e2da8427f5543e1da281bbed1a154e529d8a82ea5128c465c
DIST systemd-stable-249.6.tar.gz 10599611 BLAKE2B 9c0cbaa4319f2ce9a78dbe820d1b6df5191e6c632e2eac9f71f9ff9817564d9b3fc177d2aec0c0daea8ac33bbdc2066ad68a8967cf8857f4af3668b9a3e7d3bf SHA512 7a7791dfe4923c00987b924adcb1cd08c4d17af2b17b4c6c6c701856c6810cfda61f06821c39787339fc05293853c0ea61b9973fcf4495c7bf4f8054ecfae66f
diff --git a/sys-apps/systemd/files/249-fido2.patch b/sys-apps/systemd/files/249-fido2.patch
deleted file mode 100644
index bbfa4afb540e..000000000000
--- a/sys-apps/systemd/files/249-fido2.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From b6aa89b0a399992c8ea762e6ec4f30cff90618f2 Mon Sep 17 00:00:00 2001
-From: pedro martelletto <pedro@yubico.com>
-Date: Wed, 8 Sep 2021 10:42:56 +0200
-Subject: [PATCH] explicitly close FIDO2 devices
-
-FIDO2 device access is serialised by libfido2 using flock().
-Therefore, make sure to close a FIDO2 device once we are done
-with it, or we risk opening it again at a later point and
-deadlocking. Fixes #20664.
----
- src/shared/libfido2-util.c | 2 ++
- src/shared/libfido2-util.h | 5 ++++-
- 2 files changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/src/shared/libfido2-util.c b/src/shared/libfido2-util.c
-index 12c644dcfcce..6d18178b68c9 100644
---- a/src/shared/libfido2-util.c
-+++ b/src/shared/libfido2-util.c
-@@ -58,6 +58,7 @@ bool (*sym_fido_dev_is_fido2)(const fido_dev_t *) = NULL;
- int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char *) = NULL;
- fido_dev_t* (*sym_fido_dev_new)(void) = NULL;
- int (*sym_fido_dev_open)(fido_dev_t *, const char *) = NULL;
-+int (*sym_fido_dev_close)(fido_dev_t *) = NULL;
- const char* (*sym_fido_strerr)(int) = NULL;
-
- int dlopen_libfido2(void) {
-@@ -106,6 +107,7 @@ int dlopen_libfido2(void) {
- DLSYM_ARG(fido_dev_make_cred),
- DLSYM_ARG(fido_dev_new),
- DLSYM_ARG(fido_dev_open),
-+ DLSYM_ARG(fido_dev_close),
- DLSYM_ARG(fido_strerr));
- }
-
-diff --git a/src/shared/libfido2-util.h b/src/shared/libfido2-util.h
-index 5640cca5e39b..4ebf8ab77509 100644
---- a/src/shared/libfido2-util.h
-+++ b/src/shared/libfido2-util.h
-@@ -60,6 +60,7 @@ extern bool (*sym_fido_dev_is_fido2)(const fido_dev_t *);
- extern int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char *);
- extern fido_dev_t* (*sym_fido_dev_new)(void);
- extern int (*sym_fido_dev_open)(fido_dev_t *, const char *);
-+extern int (*sym_fido_dev_close)(fido_dev_t *);
- extern const char* (*sym_fido_strerr)(int);
-
- int dlopen_libfido2(void);
-@@ -75,8 +76,10 @@ static inline void fido_assert_free_wrapper(fido_assert_t **p) {
- }
-
- static inline void fido_dev_free_wrapper(fido_dev_t **p) {
-- if (*p)
-+ if (*p) {
-+ sym_fido_dev_close(*p);
- sym_fido_dev_free(p);
-+ }
- }
-
- static inline void fido_cred_free_wrapper(fido_cred_t **p) {
diff --git a/sys-apps/systemd/files/249-home-secret-assert.patch b/sys-apps/systemd/files/249-home-secret-assert.patch
deleted file mode 100644
index e6e2a8e7cc78..000000000000
--- a/sys-apps/systemd/files/249-home-secret-assert.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From 6a09dbb89507449d158af6c7097d2c51ce83205f Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Sun, 5 Sep 2021 11:16:26 +0900
-Subject: [PATCH] home: 'secret' argument of handle_generic_user_record_error
- may be null
-
-When RefHome() bus method is called in acquire_home(), secret is NULL.
-
-Fixes #20639.
----
- src/home/pam_systemd_home.c | 19 ++++++++++++++++++-
- 1 file changed, 18 insertions(+), 1 deletion(-)
-
-diff --git a/src/home/pam_systemd_home.c b/src/home/pam_systemd_home.c
-index 836ed0d5e96d..a04d50208a8e 100644
---- a/src/home/pam_systemd_home.c
-+++ b/src/home/pam_systemd_home.c
-@@ -281,7 +281,6 @@ static int handle_generic_user_record_error(
- const sd_bus_error *error) {
-
- assert(user_name);
-- assert(secret);
- assert(error);
-
- int r;
-@@ -301,6 +300,8 @@ static int handle_generic_user_record_error(
- } else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_PASSWORD)) {
- _cleanup_(erase_and_freep) char *newp = NULL;
-
-+ assert(secret);
-+
- /* This didn't work? Ask for an (additional?) password */
-
- if (strv_isempty(secret->password))
-@@ -326,6 +327,8 @@ static int handle_generic_user_record_error(
- } else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN)) {
- _cleanup_(erase_and_freep) char *newp = NULL;
-
-+ assert(secret);
-+
- if (strv_isempty(secret->password)) {
- (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token of user %s not inserted.", user_name);
- r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Try again with password: ");
-@@ -350,6 +353,8 @@ static int handle_generic_user_record_error(
- } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PIN_NEEDED)) {
- _cleanup_(erase_and_freep) char *newp = NULL;
-
-+ assert(secret);
-+
- r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Security token PIN: ");
- if (r != PAM_SUCCESS)
- return PAM_CONV_ERR; /* no logging here */
-@@ -367,6 +372,8 @@ static int handle_generic_user_record_error(
-
- } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED)) {
-
-+ assert(secret);
-+
- (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please authenticate physically on security token of user %s.", user_name);
-
- r = user_record_set_pkcs11_protected_authentication_path_permitted(secret, true);
-@@ -377,6 +384,8 @@ static int handle_generic_user_record_error(
-
- } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_USER_PRESENCE_NEEDED)) {
-
-+ assert(secret);
-+
- (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please confirm presence on security token of user %s.", user_name);
-
- r = user_record_set_fido2_user_presence_permitted(secret, true);
-@@ -387,6 +396,8 @@ static int handle_generic_user_record_error(
-
- } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_USER_VERIFICATION_NEEDED)) {
-
-+ assert(secret);
-+
- (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please verify user on security token of user %s.", user_name);
-
- r = user_record_set_fido2_user_verification_permitted(secret, true);
-@@ -403,6 +414,8 @@ static int handle_generic_user_record_error(
- } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN)) {
- _cleanup_(erase_and_freep) char *newp = NULL;
-
-+ assert(secret);
-+
- (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN incorrect for user %s.", user_name);
- r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: ");
- if (r != PAM_SUCCESS)
-@@ -422,6 +435,8 @@ static int handle_generic_user_record_error(
- } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN_FEW_TRIES_LEFT)) {
- _cleanup_(erase_and_freep) char *newp = NULL;
-
-+ assert(secret);
-+
- (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN of user %s incorrect (only a few tries left!)", user_name);
- r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: ");
- if (r != PAM_SUCCESS)
-@@ -441,6 +456,8 @@ static int handle_generic_user_record_error(
- } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN_ONE_TRY_LEFT)) {
- _cleanup_(erase_and_freep) char *newp = NULL;
-
-+ assert(secret);
-+
- (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN of user %s incorrect (only one try left!)", user_name);
- r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: ");
- if (r != PAM_SUCCESS)
diff --git a/sys-apps/systemd/files/249-libudev-static.patch b/sys-apps/systemd/files/249-libudev-static.patch
deleted file mode 100644
index 73375b716e9b..000000000000
--- a/sys-apps/systemd/files/249-libudev-static.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From f2c57d4f3805775e0ffdc80ce578eaa737017d31 Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Fri, 9 Jul 2021 13:05:23 -0400
-Subject: [PATCH] libudev: add "Libs.private: -lrt -pthread" to libudev.pc
-
-This resolves a failure when linking cryptsetup.static against libudev.a.
-
-```
-libtool: link: x86_64-pc-linux-gnu-gcc -Wall -O2 -pipe -march=amdfam10 -static -O2 -o cryptsetup.static lib/utils_crypt.o lib/utils_loop.o lib/utils_io.o lib/utils_blkid.o src/utils_tools.o src/utils_password.o src/utils_luks2.o src/utils_blockdev.o src/cryptsetup.o -pthread -pthread -Wl,--as-needed ./.libs/libcryptsetup.a -largon2 -lrt -ljson-c -lpopt -luuid -lblkid -lssl -lcrypto -lz -ldl -ldevmapper -lm -lpthread -ludev -pthread
-/usr/lib/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../x86_64-pc-linux-gnu/bin/ld: /usr/lib/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../lib64/libudev.a(src_libsystemd_sd-daemon_sd-daemon.c.o): in function `sd_is_mq':
-(.text.sd_is_mq+0x3a): undefined reference to `mq_getattr'
-```
----
- src/libudev/libudev.pc.in | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/libudev/libudev.pc.in b/src/libudev/libudev.pc.in
-index 89028aaa6bf2..1d6487fa4084 100644
---- a/src/libudev/libudev.pc.in
-+++ b/src/libudev/libudev.pc.in
-@@ -16,4 +16,5 @@ Name: libudev
- Description: Library to access udev device information
- Version: {{PROJECT_VERSION}}
- Libs: -L${libdir} -ludev
-+Libs.private: -lrt -pthread
- Cflags: -I${includedir}
diff --git a/sys-apps/systemd/files/249-network-renaming.patch b/sys-apps/systemd/files/249-network-renaming.patch
deleted file mode 100644
index b9eecf57b10f..000000000000
--- a/sys-apps/systemd/files/249-network-renaming.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 160203e974945ce520fe8f569458634ef898c61c Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Fri, 10 Sep 2021 08:09:56 +0900
-Subject: [PATCH] network: fix handling of network interface renaming
-
-Fixes #20657.
----
- src/network/networkd-link.c | 14 +++++++++-----
- 1 file changed, 9 insertions(+), 5 deletions(-)
-
-diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
-index 4afd540d2015..caad6205ae83 100644
---- a/src/network/networkd-link.c
-+++ b/src/network/networkd-link.c
-@@ -1470,17 +1470,21 @@ static int link_initialized(Link *link, sd_device *device) {
- assert(link);
- assert(device);
-
-- if (link->state != LINK_STATE_PENDING)
-- return 0;
-+ /* Always replace with the new sd_device object. As the sysname (and possibly other properties
-+ * or sysattrs) may be outdated. */
-+ sd_device_ref(device);
-+ sd_device_unref(link->sd_device);
-+ link->sd_device = device;
-
-- if (link->sd_device)
-+ /* Do not ignore unamanaged state case here. If an interface is renamed after being once
-+ * configured, and the corresponding .network file has Name= in [Match] section, then the
-+ * interface may be already in unmanaged state. See #20657. */
-+ if (!IN_SET(link->state, LINK_STATE_PENDING, LINK_STATE_UNMANAGED))
- return 0;
-
- log_link_debug(link, "udev initialized link");
- link_set_state(link, LINK_STATE_INITIALIZED);
-
-- link->sd_device = sd_device_ref(device);
--
- /* udev has initialized the link, but we don't know if we have yet
- * processed the NEWLINK messages with the latest state. Do a GETLINK,
- * when it returns we know that the pending NEWLINKs have already been
diff --git a/sys-apps/systemd/systemd-249.4-r4.ebuild b/sys-apps/systemd/systemd-249.4-r4.ebuild
deleted file mode 100644
index 722d9f6b3f04..000000000000
--- a/sys-apps/systemd/systemd-249.4-r4.ebuild
+++ /dev/null
@@ -1,524 +0,0 @@
-# Copyright 2011-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-PYTHON_COMPAT=( python3_{8..10} )
-
-# Avoid QA warnings
-TMPFILES_OPTIONAL=1
-
-if [[ ${PV} == 9999 ]]; then
- EGIT_REPO_URI="https://github.com/systemd/systemd.git"
- inherit git-r3
-else
- if [[ ${PV} == *.* ]]; then
- MY_PN=systemd-stable
- else
- MY_PN=systemd
- fi
- MY_PV=${PV/_/-}
- MY_P=${MY_PN}-${MY_PV}
- S=${WORKDIR}/${MY_P}
- SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
- KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~riscv sparc x86"
-fi
-
-inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev usr-ldscript
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils fido2 +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd"
-
-REQUIRED_USE="
- homed? ( cryptsetup pam )
- importd? ( curl gcrypt lzma )
- pwquality? ( homed )
-"
-RESTRICT="!test? ( test )"
-
-MINKV="3.11"
-
-OPENSSL_DEP=">=dev-libs/openssl-1.1.0:0="
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
- sys-libs/libcap:0=[${MULTILIB_USEDEP}]
- virtual/libcrypt:=[${MULTILIB_USEDEP}]
- acl? ( sys-apps/acl:0= )
- apparmor? ( sys-libs/libapparmor:0= )
- audit? ( >=sys-process/audit-2:0= )
- cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
- curl? ( net-misc/curl:0= )
- dns-over-tls? ( >=net-libs/gnutls-3.6.0:0= )
- elfutils? ( >=dev-libs/elfutils-0.158:0= )
- fido2? ( dev-libs/libfido2:0= )
- gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
- homed? ( ${OPENSSL_DEP} )
- http? (
- >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)]
- >=net-libs/gnutls-3.1.4:0=
- )
- idn? ( net-dns/libidn2:= )
- importd? (
- app-arch/bzip2:0=
- sys-libs/zlib:0=
- )
- kmod? ( >=sys-apps/kmod-15:0= )
- lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
- lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
- nat? ( net-firewall/iptables:0= )
- pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
- pkcs11? ( app-crypt/p11-kit:0= )
- pcre? ( dev-libs/libpcre2 )
- pwquality? ( dev-libs/libpwquality:0= )
- qrcode? ( media-gfx/qrencode:0= )
- repart? ( ${OPENSSL_DEP} )
- seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
- selinux? ( sys-libs/libselinux:0= )
- tpm? ( app-crypt/tpm2-tss:0= )
- xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
- zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
-"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
- >=sys-kernel/linux-headers-${MINKV}
- gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
-"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
- >=acct-group/adm-0-r1
- >=acct-group/wheel-0-r1
- >=acct-group/kmem-0-r1
- >=acct-group/tty-0-r1
- >=acct-group/utmp-0-r1
- >=acct-group/audio-0-r1
- >=acct-group/cdrom-0-r1
- >=acct-group/dialout-0-r1
- >=acct-group/disk-0-r1
- >=acct-group/input-0-r1
- >=acct-group/kvm-0-r1
- >=acct-group/lp-0-r1
- >=acct-group/render-0-r1
- acct-group/sgx
- >=acct-group/tape-0-r1
- acct-group/users
- >=acct-group/video-0-r1
- >=acct-group/systemd-journal-0-r1
- >=acct-user/root-0-r1
- acct-user/nobody
- >=acct-user/systemd-journal-remote-0-r1
- >=acct-user/systemd-coredump-0-r1
- >=acct-user/systemd-network-0-r1
- acct-user/systemd-oom
- >=acct-user/systemd-resolve-0-r1
- >=acct-user/systemd-timesync-0-r1
- >=sys-apps/baselayout-2.2
- selinux? ( sec-policy/selinux-base-policy[systemd] )
- sysv-utils? (
- !sys-apps/openrc[sysv-utils(-)]
- !sys-apps/sysvinit
- )
- !sysv-utils? ( sys-apps/sysvinit )
- resolvconf? ( !net-dns/openresolv )
- !build? ( || (
- sys-apps/util-linux[kill(-)]
- sys-process/procps[kill(+)]
- sys-apps/coreutils[kill(-)]
- ) )
- !sys-auth/nss-myhostname
- !sys-fs/eudev
- !sys-fs/udev
-"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
- hwdb? ( sys-apps/hwids[systemd(+),udev] )
- >=sys-fs/udev-init-scripts-34
- policykit? ( sys-auth/polkit )
- !vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-BDEPEND="
- app-arch/xz-utils:0
- dev-util/gperf
- >=dev-util/meson-0.46
- >=sys-apps/coreutils-8.16
- sys-devel/gettext
- virtual/pkgconfig
- test? (
- app-text/tree
- dev-lang/perl
- sys-apps/dbus
- )
- app-text/docbook-xml-dtd:4.2
- app-text/docbook-xml-dtd:4.5
- app-text/docbook-xsl-stylesheets
- dev-libs/libxslt:0
- $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]')
- $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
-"
-
-python_check_deps() {
- has_version -b "dev-python/jinja[${PYTHON_USEDEP}]" &&
- has_version -b "dev-python/lxml[${PYTHON_USEDEP}]"
-}
-
-QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
-QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
-
-pkg_pretend() {
- if [[ ${MERGE_TYPE} != buildonly ]]; then
- if use test && has pid-sandbox ${FEATURES}; then
- ewarn "Tests are known to fail with PID sandboxing enabled."
- ewarn "See https://bugs.gentoo.org/674458."
- fi
-
- local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
- ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
- ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
- ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
- ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
- ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
- ~!SYSFS_DEPRECATED_V2"
-
- use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
- use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
- kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
- kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
- kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
-
- if kernel_is -lt 5 10 20; then
- CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
- else
- CONFIG_CHECK+=" ~KCMP"
- fi
-
- if linux_config_exists; then
- local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
- if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
- ewarn "It's recommended to set an empty value to the following kernel config option:"
- ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
- fi
- if linux_chkconfig_present X86; then
- CONFIG_CHECK+=" ~DMIID"
- fi
- fi
-
- if kernel_is -lt ${MINKV//./ }; then
- ewarn "Kernel version at least ${MINKV} required"
- fi
-
- check_extra_config
- fi
-}
-
-pkg_setup() {
- :
-}
-
-src_unpack() {
- default
- [[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
- # Do NOT add patches here
- local PATCHES=()
-
- [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
- # Add local patches here
- PATCHES+=(
- "${FILESDIR}/249-libudev-static.patch"
- "${FILESDIR}/249-home-secret-assert.patch"
- "${FILESDIR}/249-fido2.patch"
- "${FILESDIR}/249-network-renaming.patch"
- )
-
- if ! use vanilla; then
- PATCHES+=(
- "${FILESDIR}/gentoo-generator-path-r2.patch"
- "${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
- "${FILESDIR}/gentoo-journald-audit.patch"
- )
- fi
-
- default
-}
-
-src_configure() {
- # Prevent conflicts with i686 cross toolchain, bug 559726
- tc-export AR CC NM OBJCOPY RANLIB
-
- python_setup
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=(
- --localstatedir="${EPREFIX}/var"
- -Dsupport-url="https://gentoo.org/support/"
- -Dpamlibdir="$(getpam_mod_dir)"
- # avoid bash-completion dep
- -Dbashcompletiondir="$(get_bashcompdir)"
- # make sure we get /bin:/sbin in PATH
- $(meson_use split-usr)
- -Dsplit-bin=true
- -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
- -Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
- # Avoid infinite exec recursion, bug 642724
- -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
- # no deps
- -Dima=true
- -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
- # Optional components/dependencies
- $(meson_native_use_bool acl)
- $(meson_native_use_bool apparmor)
- $(meson_native_use_bool audit)
- $(meson_native_use_bool cryptsetup libcryptsetup)
- $(meson_native_use_bool curl libcurl)
- $(meson_native_use_bool dns-over-tls dns-over-tls)
- $(meson_native_use_bool elfutils)
- $(meson_native_use_bool fido2 libfido2)
- $(meson_use gcrypt)
- $(meson_native_use_bool gnuefi gnu-efi)
- -Defi-includedir="${ESYSROOT}/usr/include/efi"
- -Defi-ld="$(tc-getLD)"
- -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)"
- $(meson_native_use_bool homed)
- $(meson_native_use_bool hwdb)
- $(meson_native_use_bool http microhttpd)
- $(meson_native_use_bool idn)
- $(meson_native_use_bool importd)
- $(meson_native_use_bool importd bzip2)
- $(meson_native_use_bool importd zlib)
- $(meson_native_use_bool kmod)
- $(meson_use lz4)
- $(meson_use lzma xz)
- $(meson_use zstd)
- $(meson_native_use_bool nat libiptc)
- $(meson_use pam)
- $(meson_native_use_bool pkcs11 p11kit)
- $(meson_native_use_bool pcre pcre2)
- $(meson_native_use_bool policykit polkit)
- $(meson_native_use_bool pwquality)
- $(meson_native_use_bool qrcode qrencode)
- $(meson_native_use_bool repart)
- $(meson_native_use_bool seccomp)
- $(meson_native_use_bool selinux)
- $(meson_native_use_bool tpm tpm2)
- $(meson_native_use_bool test dbus)
- $(meson_native_use_bool xkb xkbcommon)
- -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
- # Breaks screen, tmux, etc.
- -Ddefault-kill-user-processes=false
- -Dcreate-log-dirs=false
-
- # multilib options
- $(meson_native_true backlight)
- $(meson_native_true binfmt)
- $(meson_native_true coredump)
- $(meson_native_true environment-d)
- $(meson_native_true firstboot)
- $(meson_native_true hibernate)
- $(meson_native_true hostnamed)
- $(meson_native_true ldconfig)
- $(meson_native_true localed)
- $(meson_native_true man)
- $(meson_native_true networkd)
- $(meson_native_true quotacheck)
- $(meson_native_true randomseed)
- $(meson_native_true rfkill)
- $(meson_native_true sysusers)
- $(meson_native_true timedated)
- $(meson_native_true timesyncd)
- $(meson_native_true tmpfiles)
- $(meson_native_true vconsole)
- )
-
- meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_test() {
- unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
- meson_src_test
-}
-
-multilib_src_install_all() {
- local rootprefix=$(usex split-usr '' /usr)
-
- # meson doesn't know about docdir
- mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
-
- einstalldocs
- dodoc "${FILESDIR}"/nsswitch.conf
-
- if ! use resolvconf; then
- rm -f "${ED}${rootprefix}"/sbin/resolvconf || die
- fi
-
- rm "${ED}"/etc/init.d/README || die
- rm "${ED}${rootprefix}"/lib/systemd/system-generators/systemd-sysv-generator || die
-
- if ! use sysv-utils; then
- rm "${ED}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
- rm "${ED}"/usr/share/man/man1/init.1 || die
- rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
- fi
-
- if ! use resolvconf && ! use sysv-utils; then
- rmdir "${ED}${rootprefix}"/sbin || die
- fi
-
- # https://bugs.gentoo.org/761763
- rm -r "${ED}"/usr/lib/sysusers.d || die
-
- # Preserve empty dirs in /etc & /var, bug #437008
- keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
- keepdir /etc/kernel/install.d
- keepdir /etc/systemd/{network,system,user}
- keepdir /etc/udev/rules.d
-
- if use hwdb; then
- keepdir /etc/udev/hwdb.d
- fi
-
- keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
- keepdir /usr/lib/{binfmt.d,modules-load.d}
- keepdir /usr/lib/systemd/user-generators
- keepdir /var/lib/systemd
- keepdir /var/log/journal
-
- # Symlink /etc/sysctl.conf for easy migration.
- dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
-
- if use pam; then
- newpamd "${FILESDIR}"/systemd-user.pam systemd-user
- fi
-
- if use hwdb; then
- rm -r "${ED}${rootprefix}"/lib/udev/hwdb.d || die
- fi
-
- if use split-usr; then
- # Avoid breaking boot/reboot
- dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
- dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
- fi
-
- gen_usr_ldscript -a systemd udev
-}
-
-migrate_locale() {
- local envd_locale_def="${EROOT}/etc/env.d/02locale"
- local envd_locale=( "${EROOT}"/etc/env.d/??locale )
- local locale_conf="${EROOT}/etc/locale.conf"
-
- if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
- # If locale.conf does not exist...
- if [[ -e ${envd_locale} ]]; then
- # ...either copy env.d/??locale if there's one
- ebegin "Moving ${envd_locale} to ${locale_conf}"
- mv "${envd_locale}" "${locale_conf}"
- eend ${?} || FAIL=1
- else
- # ...or create a dummy default
- ebegin "Creating ${locale_conf}"
- cat > "${locale_conf}" <<-EOF
- # This file has been created by the sys-apps/systemd ebuild.
- # See locale.conf(5) and localectl(1).
-
- # LANG=${LANG}
- EOF
- eend ${?} || FAIL=1
- fi
- fi
-
- if [[ ! -L ${envd_locale} ]]; then
- # now, if env.d/??locale is not a symlink (to locale.conf)...
- if [[ -e ${envd_locale} ]]; then
- # ...warn the user that he has duplicate locale settings
- ewarn
- ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
- ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
- ewarn "and create the symlink with the following command:"
- ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
- ewarn
- else
- # ...or just create the symlink if there's nothing here
- ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
- ln -n -s ../locale.conf "${envd_locale_def}"
- eend ${?} || FAIL=1
- fi
- fi
-}
-
-pkg_preinst() {
- if ! use split-usr; then
- local dir
- for dir in bin sbin lib; do
- if [[ ! ${EROOT}/${dir} -ef ${EROOT}/usr/${dir} ]]; then
- eerror "\"${EROOT}/${dir}\" and \"${EROOT}/usr/${dir}\" are not merged."
- eerror "One of them should be a symbolic link to the other one."
- FAIL=1
- fi
- done
- if [[ ${FAIL} ]]; then
- eerror "Migration to system layout with merged directories must be performed before"
- eerror "rebuilding ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
- die "System layout with split directories still used"
- fi
- fi
-}
-
-pkg_postinst() {
- systemd_update_catalog
-
- # Keep this here in case the database format changes so it gets updated
- # when required.
- if use hwdb; then
- systemd-hwdb --root="${ROOT}" update
- fi
-
- udev_reload || FAIL=1
-
- # Bug 465468, make sure locales are respected, and ensure consistency
- # between OpenRC & systemd
- migrate_locale
-
- if [[ -z ${REPLACING_VERSIONS} ]]; then
- if type systemctl &>/dev/null; then
- systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
- fi
- elog "To enable a useful set of services, run the following:"
- elog " systemctl preset-all --preset-mode=enable-only"
- fi
-
- if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
- rm "${EROOT}/var/lib/systemd/timesync"
- fi
-
- if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
- ebegin "Reexecuting system manager"
- systemctl daemon-reexec
- eend $?
- fi
-
- if [[ ${FAIL} ]]; then
- eerror "One of the postinst commands failed. Please check the postinst output"
- eerror "for errors. You may need to clean up your system and/or try installing"
- eerror "systemd again."
- eerror
- fi
-}
-
-pkg_prerm() {
- # If removing systemd completely, remove the catalog database.
- if [[ ! ${REPLACED_BY_VERSION} ]]; then
- rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
- fi
-}
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2021-11-14 23:53 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2021-11-14 23:53 UTC (permalink / raw
To: gentoo-commits
commit: fc438698ea33d1481c56dbbcdbf5623aed59a69e
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 14 23:52:53 2021 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Nov 14 23:52:53 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fc438698
sys-apps/systemd: add 249.6, drop 249.5-r1
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-apps/systemd/Manifest | 2 +-
sys-apps/systemd/files/249.5-coredumpctl.patch | 31 --
.../249.5-revert-unit-start-rate-limiting.patch | 483 ---------------------
...ystemd-249.5-r1.ebuild => systemd-249.6.ebuild} | 3 -
4 files changed, 1 insertion(+), 518 deletions(-)
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 6cbf0d852592..b4ec49408dd1 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,2 +1,2 @@
DIST systemd-stable-249.4.tar.gz 10593723 BLAKE2B 466b3cb27c4bc6c85c9ba50f6614175b2c31a4c177d452542faa1395e99511440029b1a093dc80a5a1a0135eed09d8b1849572f36dba4e18a1396230bfc31adb SHA512 5b9ec28102538bc3dcb632ee16389ff20dccf4b723186f6ae2da119a1809d84db0d8bcecf9b75c5e2da8427f5543e1da281bbed1a154e529d8a82ea5128c465c
-DIST systemd-stable-249.5.tar.gz 10597897 BLAKE2B 5c573322ef9bcd9d019776d6e2d8625a741c1535c0d06661b5666c2438a70cfc4dc182919bb419829de27a4d93c16717ce24e668faf9bd6b09e57f8bd88be725 SHA512 d6f1a5a6f03f0ed05b111aee75da509c5868c523af6209f33e630724dd0c7e0d0abf16920795d587e6c31a5915d247ebc613cf26d4aecf39f82ebb0690fab75f
+DIST systemd-stable-249.6.tar.gz 10599611 BLAKE2B 9c0cbaa4319f2ce9a78dbe820d1b6df5191e6c632e2eac9f71f9ff9817564d9b3fc177d2aec0c0daea8ac33bbdc2066ad68a8967cf8857f4af3668b9a3e7d3bf SHA512 7a7791dfe4923c00987b924adcb1cd08c4d17af2b17b4c6c6c701856c6810cfda61f06821c39787339fc05293853c0ea61b9973fcf4495c7bf4f8054ecfae66f
diff --git a/sys-apps/systemd/files/249.5-coredumpctl.patch b/sys-apps/systemd/files/249.5-coredumpctl.patch
deleted file mode 100644
index 2892f3477137..000000000000
--- a/sys-apps/systemd/files/249.5-coredumpctl.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 473627e1c9fcdf8f819ced2bb79cb7e9ff598b0c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Tue, 12 Oct 2021 19:46:25 +0200
-Subject: [PATCH] coredumpctl: stop truncating information about coredump
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-With the changes to limit that print 'Found module …' over and over, we were
-hitting the journal field message limit, effectively truncating the info output.
-
-Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1998488.
-
-(cherry picked from commit 384c6207669eb0d92aa0043dbc01957c6c7ff41e)
----
- src/coredump/coredumpctl.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/coredump/coredumpctl.c b/src/coredump/coredumpctl.c
-index 3d44e51e32..7eba8330d7 100644
---- a/src/coredump/coredumpctl.c
-+++ b/src/coredump/coredumpctl.c
-@@ -555,6 +555,8 @@ static int print_info(FILE *file, sd_journal *j, bool need_space) {
- assert(file);
- assert(j);
-
-+ (void) sd_journal_set_data_threshold(j, 0);
-+
- SD_JOURNAL_FOREACH_DATA(j, d, l) {
- RETRIEVE(d, l, "MESSAGE_ID", mid);
- RETRIEVE(d, l, "COREDUMP_PID", pid);
diff --git a/sys-apps/systemd/files/249.5-revert-unit-start-rate-limiting.patch b/sys-apps/systemd/files/249.5-revert-unit-start-rate-limiting.patch
deleted file mode 100644
index 6d070e8d30d1..000000000000
--- a/sys-apps/systemd/files/249.5-revert-unit-start-rate-limiting.patch
+++ /dev/null
@@ -1,483 +0,0 @@
-From 4fa9d8f14523982482386d398d2b2669902f2098 Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Mon, 18 Oct 2021 14:11:53 +0900
-Subject: [PATCH] Revert "core: Check unit start rate limiting earlier"
-
-This reverts commit ed8fbbf1745c6a2dc0b8cd560ac8a3353f72e979.
-
-This was causing problems during boot, see
-https://bodhi.fedoraproject.org/updates/FEDORA-2021-a1a52487e6,
-https://bugzilla.redhat.com/show_bug.cgi?id=2013386.
-https://github.com/systemd/systemd/issues/21025
----
- src/core/automount.c | 23 ++++++-----------------
- src/core/mount.c | 23 ++++++-----------------
- src/core/path.c | 23 ++++++-----------------
- src/core/service.c | 25 +++++++------------------
- src/core/socket.c | 23 ++++++-----------------
- src/core/swap.c | 23 ++++++-----------------
- src/core/timer.c | 23 ++++++-----------------
- src/core/unit.c | 7 -------
- src/core/unit.h | 4 ----
- test/TEST-63-ISSUE-17433/Makefile | 1 -
- test/TEST-63-ISSUE-17433/test.sh | 9 ---------
- test/meson.build | 2 --
- test/testsuite-10.units/test10.service | 3 ---
- test/testsuite-63.units/test63.path | 2 --
- test/testsuite-63.units/test63.service | 5 -----
- test/units/testsuite-63.service | 16 ----------------
- 16 files changed, 43 insertions(+), 169 deletions(-)
- delete mode 120000 test/TEST-63-ISSUE-17433/Makefile
- delete mode 100755 test/TEST-63-ISSUE-17433/test.sh
- delete mode 100644 test/testsuite-63.units/test63.path
- delete mode 100644 test/testsuite-63.units/test63.service
- delete mode 100644 test/units/testsuite-63.service
-
-diff --git a/src/core/automount.c b/src/core/automount.c
-index 0722abef23..edc9588165 100644
---- a/src/core/automount.c
-+++ b/src/core/automount.c
-@@ -814,6 +814,12 @@ static int automount_start(Unit *u) {
- if (r < 0)
- return r;
-
-+ r = unit_test_start_limit(u);
-+ if (r < 0) {
-+ automount_enter_dead(a, AUTOMOUNT_FAILURE_START_LIMIT_HIT);
-+ return r;
-+ }
-+
- r = unit_acquire_invocation_id(u);
- if (r < 0)
- return r;
-@@ -1059,21 +1065,6 @@ static bool automount_supported(void) {
- return supported;
- }
-
--static int automount_test_start_limit(Unit *u) {
-- Automount *a = AUTOMOUNT(u);
-- int r;
--
-- assert(a);
--
-- r = unit_test_start_limit(u);
-- if (r < 0) {
-- automount_enter_dead(a, AUTOMOUNT_FAILURE_START_LIMIT_HIT);
-- return r;
-- }
--
-- return 0;
--}
--
- static const char* const automount_result_table[_AUTOMOUNT_RESULT_MAX] = {
- [AUTOMOUNT_SUCCESS] = "success",
- [AUTOMOUNT_FAILURE_RESOURCES] = "resources",
-@@ -1136,6 +1127,4 @@ const UnitVTable automount_vtable = {
- [JOB_FAILED] = "Failed to unset automount %s.",
- },
- },
--
-- .test_start_limit = automount_test_start_limit,
- };
-diff --git a/src/core/mount.c b/src/core/mount.c
-index 9bec190cb6..af39db214b 100644
---- a/src/core/mount.c
-+++ b/src/core/mount.c
-@@ -1168,6 +1168,12 @@ static int mount_start(Unit *u) {
-
- assert(IN_SET(m->state, MOUNT_DEAD, MOUNT_FAILED));
-
-+ r = unit_test_start_limit(u);
-+ if (r < 0) {
-+ mount_enter_dead(m, MOUNT_FAILURE_START_LIMIT_HIT);
-+ return r;
-+ }
-+
- r = unit_acquire_invocation_id(u);
- if (r < 0)
- return r;
-@@ -2137,21 +2143,6 @@ static int mount_can_clean(Unit *u, ExecCleanMask *ret) {
- return exec_context_get_clean_mask(&m->exec_context, ret);
- }
-
--static int mount_test_start_limit(Unit *u) {
-- Mount *m = MOUNT(u);
-- int r;
--
-- assert(m);
--
-- r = unit_test_start_limit(u);
-- if (r < 0) {
-- mount_enter_dead(m, MOUNT_FAILURE_START_LIMIT_HIT);
-- return r;
-- }
--
-- return 0;
--}
--
- static const char* const mount_exec_command_table[_MOUNT_EXEC_COMMAND_MAX] = {
- [MOUNT_EXEC_MOUNT] = "ExecMount",
- [MOUNT_EXEC_UNMOUNT] = "ExecUnmount",
-@@ -2249,6 +2240,4 @@ const UnitVTable mount_vtable = {
- [JOB_TIMEOUT] = "Timed out unmounting %s.",
- },
- },
--
-- .test_start_limit = mount_test_start_limit,
- };
-diff --git a/src/core/path.c b/src/core/path.c
-index 2b659696a4..e098e83a31 100644
---- a/src/core/path.c
-+++ b/src/core/path.c
-@@ -590,6 +590,12 @@ static int path_start(Unit *u) {
- if (r < 0)
- return r;
-
-+ r = unit_test_start_limit(u);
-+ if (r < 0) {
-+ path_enter_dead(p, PATH_FAILURE_START_LIMIT_HIT);
-+ return r;
-+ }
-+
- r = unit_acquire_invocation_id(u);
- if (r < 0)
- return r;
-@@ -805,21 +811,6 @@ static void path_reset_failed(Unit *u) {
- p->result = PATH_SUCCESS;
- }
-
--static int path_test_start_limit(Unit *u) {
-- Path *p = PATH(u);
-- int r;
--
-- assert(p);
--
-- r = unit_test_start_limit(u);
-- if (r < 0) {
-- path_enter_dead(p, PATH_FAILURE_START_LIMIT_HIT);
-- return r;
-- }
--
-- return 0;
--}
--
- static const char* const path_type_table[_PATH_TYPE_MAX] = {
- [PATH_EXISTS] = "PathExists",
- [PATH_EXISTS_GLOB] = "PathExistsGlob",
-@@ -874,6 +865,4 @@ const UnitVTable path_vtable = {
- .reset_failed = path_reset_failed,
-
- .bus_set_property = bus_path_set_property,
--
-- .test_start_limit = path_test_start_limit,
- };
-diff --git a/src/core/service.c b/src/core/service.c
-index 701c145565..7b90822f68 100644
---- a/src/core/service.c
-+++ b/src/core/service.c
-@@ -2456,6 +2456,13 @@ static int service_start(Unit *u) {
-
- assert(IN_SET(s->state, SERVICE_DEAD, SERVICE_FAILED));
-
-+ /* Make sure we don't enter a busy loop of some kind. */
-+ r = unit_test_start_limit(u);
-+ if (r < 0) {
-+ service_enter_dead(s, SERVICE_FAILURE_START_LIMIT_HIT, false);
-+ return r;
-+ }
-+
- r = unit_acquire_invocation_id(u);
- if (r < 0)
- return r;
-@@ -4451,22 +4458,6 @@ static const char *service_finished_job(Unit *u, JobType t, JobResult result) {
- return NULL;
- }
-
--static int service_test_start_limit(Unit *u) {
-- Service *s = SERVICE(u);
-- int r;
--
-- assert(s);
--
-- /* Make sure we don't enter a busy loop of some kind. */
-- r = unit_test_start_limit(u);
-- if (r < 0) {
-- service_enter_dead(s, SERVICE_FAILURE_START_LIMIT_HIT, false);
-- return r;
-- }
--
-- return 0;
--}
--
- static const char* const service_restart_table[_SERVICE_RESTART_MAX] = {
- [SERVICE_RESTART_NO] = "no",
- [SERVICE_RESTART_ON_SUCCESS] = "on-success",
-@@ -4629,6 +4620,4 @@ const UnitVTable service_vtable = {
- },
- .finished_job = service_finished_job,
- },
--
-- .test_start_limit = service_test_start_limit,
- };
-diff --git a/src/core/socket.c b/src/core/socket.c
-index 31d88b71ff..f362a5baa8 100644
---- a/src/core/socket.c
-+++ b/src/core/socket.c
-@@ -2515,6 +2515,12 @@ static int socket_start(Unit *u) {
-
- assert(IN_SET(s->state, SOCKET_DEAD, SOCKET_FAILED));
-
-+ r = unit_test_start_limit(u);
-+ if (r < 0) {
-+ socket_enter_dead(s, SOCKET_FAILURE_START_LIMIT_HIT);
-+ return r;
-+ }
-+
- r = unit_acquire_invocation_id(u);
- if (r < 0)
- return r;
-@@ -3423,21 +3429,6 @@ static int socket_can_clean(Unit *u, ExecCleanMask *ret) {
- return exec_context_get_clean_mask(&s->exec_context, ret);
- }
-
--static int socket_test_start_limit(Unit *u) {
-- Socket *s = SOCKET(u);
-- int r;
--
-- assert(s);
--
-- r = unit_test_start_limit(u);
-- if (r < 0) {
-- socket_enter_dead(s, SOCKET_FAILURE_START_LIMIT_HIT);
-- return r;
-- }
--
-- return 0;
--}
--
- static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
- [SOCKET_EXEC_START_PRE] = "ExecStartPre",
- [SOCKET_EXEC_START_CHOWN] = "ExecStartChown",
-@@ -3564,6 +3555,4 @@ const UnitVTable socket_vtable = {
- [JOB_TIMEOUT] = "Timed out stopping %s.",
- },
- },
--
-- .test_start_limit = socket_test_start_limit,
- };
-diff --git a/src/core/swap.c b/src/core/swap.c
-index b25f68fb7d..3843b19500 100644
---- a/src/core/swap.c
-+++ b/src/core/swap.c
-@@ -933,6 +933,12 @@ static int swap_start(Unit *u) {
- if (UNIT(other)->job && UNIT(other)->job->state == JOB_RUNNING)
- return -EAGAIN;
-
-+ r = unit_test_start_limit(u);
-+ if (r < 0) {
-+ swap_enter_dead(s, SWAP_FAILURE_START_LIMIT_HIT);
-+ return r;
-+ }
-+
- r = unit_acquire_invocation_id(u);
- if (r < 0)
- return r;
-@@ -1582,21 +1588,6 @@ static int swap_can_clean(Unit *u, ExecCleanMask *ret) {
- return exec_context_get_clean_mask(&s->exec_context, ret);
- }
-
--static int swap_test_start_limit(Unit *u) {
-- Swap *s = SWAP(u);
-- int r;
--
-- assert(s);
--
-- r = unit_test_start_limit(u);
-- if (r < 0) {
-- swap_enter_dead(s, SWAP_FAILURE_START_LIMIT_HIT);
-- return r;
-- }
--
-- return 0;
--}
--
- static const char* const swap_exec_command_table[_SWAP_EXEC_COMMAND_MAX] = {
- [SWAP_EXEC_ACTIVATE] = "ExecActivate",
- [SWAP_EXEC_DEACTIVATE] = "ExecDeactivate",
-@@ -1692,6 +1683,4 @@ const UnitVTable swap_vtable = {
- [JOB_TIMEOUT] = "Timed out deactivating swap %s.",
- },
- },
--
-- .test_start_limit = swap_test_start_limit,
- };
-diff --git a/src/core/timer.c b/src/core/timer.c
-index 5ecc9f35cf..e064ad9a2d 100644
---- a/src/core/timer.c
-+++ b/src/core/timer.c
-@@ -635,6 +635,12 @@ static int timer_start(Unit *u) {
- if (r < 0)
- return r;
-
-+ r = unit_test_start_limit(u);
-+ if (r < 0) {
-+ timer_enter_dead(t, TIMER_FAILURE_START_LIMIT_HIT);
-+ return r;
-+ }
-+
- r = unit_acquire_invocation_id(u);
- if (r < 0)
- return r;
-@@ -895,21 +901,6 @@ static int timer_can_clean(Unit *u, ExecCleanMask *ret) {
- return 0;
- }
-
--static int timer_test_start_limit(Unit *u) {
-- Timer *t = TIMER(u);
-- int r;
--
-- assert(t);
--
-- r = unit_test_start_limit(u);
-- if (r < 0) {
-- timer_enter_dead(t, TIMER_FAILURE_START_LIMIT_HIT);
-- return r;
-- }
--
-- return 0;
--}
--
- static const char* const timer_base_table[_TIMER_BASE_MAX] = {
- [TIMER_ACTIVE] = "OnActiveSec",
- [TIMER_BOOT] = "OnBootSec",
-@@ -969,6 +960,4 @@ const UnitVTable timer_vtable = {
- .timezone_change = timer_timezone_change,
-
- .bus_set_property = bus_timer_set_property,
--
-- .test_start_limit = timer_test_start_limit,
- };
-diff --git a/src/core/unit.c b/src/core/unit.c
-index 69ed43578e..38d3eb703f 100644
---- a/src/core/unit.c
-+++ b/src/core/unit.c
-@@ -1851,13 +1851,6 @@ int unit_start(Unit *u) {
-
- assert(u);
-
-- /* Check start rate limiting early so that failure conditions don't cause us to enter a busy loop. */
-- if (UNIT_VTABLE(u)->test_start_limit) {
-- int r = UNIT_VTABLE(u)->test_start_limit(u);
-- if (r < 0)
-- return r;
-- }
--
- /* If this is already started, then this will succeed. Note that this will even succeed if this unit
- * is not startable by the user. This is relied on to detect when we need to wait for units and when
- * waiting is finished. */
-diff --git a/src/core/unit.h b/src/core/unit.h
-index 9babd07188..759104ffa7 100644
---- a/src/core/unit.h
-+++ b/src/core/unit.h
-@@ -649,10 +649,6 @@ typedef struct UnitVTable {
- * of this type will immediately fail. */
- bool (*supported)(void);
-
-- /* If this function is set, it's invoked first as part of starting a unit to allow start rate
-- * limiting checks to occur before we do anything else. */
-- int (*test_start_limit)(Unit *u);
--
- /* The strings to print in status messages */
- UnitStatusMessageFormats status_message_formats;
-
-diff --git a/test/TEST-63-ISSUE-17433/Makefile b/test/TEST-63-ISSUE-17433/Makefile
-deleted file mode 120000
-index e9f93b1104..0000000000
---- a/test/TEST-63-ISSUE-17433/Makefile
-+++ /dev/null
-@@ -1 +0,0 @@
--../TEST-01-BASIC/Makefile
-\ No newline at end of file
-diff --git a/test/TEST-63-ISSUE-17433/test.sh b/test/TEST-63-ISSUE-17433/test.sh
-deleted file mode 100755
-index c595a9f2de..0000000000
---- a/test/TEST-63-ISSUE-17433/test.sh
-+++ /dev/null
-@@ -1,9 +0,0 @@
--#!/usr/bin/env bash
--set -e
--
--TEST_DESCRIPTION="https://github.com/systemd/systemd/issues/17433"
--
--# shellcheck source=test/test-functions
--. "${TEST_BASE_DIR:?}/test-functions"
--
--do_test "$@"
-diff --git a/test/meson.build b/test/meson.build
-index 6f8f257c2d..47c7f4d49a 100644
---- a/test/meson.build
-+++ b/test/meson.build
-@@ -33,8 +33,6 @@ if install_tests
- install_dir : testdata_dir)
- install_subdir('testsuite-52.units',
- install_dir : testdata_dir)
-- install_subdir('testsuite-63.units',
-- install_dir : testdata_dir)
-
- testsuite08_dir = testdata_dir + '/testsuite-08.units'
- install_data('testsuite-08.units/-.mount',
-diff --git a/test/testsuite-10.units/test10.service b/test/testsuite-10.units/test10.service
-index 2fb476b986..d0be786b01 100644
---- a/test/testsuite-10.units/test10.service
-+++ b/test/testsuite-10.units/test10.service
-@@ -1,9 +1,6 @@
- [Unit]
- Requires=test10.socket
- ConditionPathExistsGlob=/tmp/nonexistent
--# Make sure we hit the socket trigger limit in the test and not the service start limit.
--StartLimitInterval=1000
--StartLimitBurst=1000
-
- [Service]
- ExecStart=true
-diff --git a/test/testsuite-63.units/test63.path b/test/testsuite-63.units/test63.path
-deleted file mode 100644
-index a6573bda0a..0000000000
---- a/test/testsuite-63.units/test63.path
-+++ /dev/null
-@@ -1,2 +0,0 @@
--[Path]
--PathExists=/tmp/test63
-diff --git a/test/testsuite-63.units/test63.service b/test/testsuite-63.units/test63.service
-deleted file mode 100644
-index c83801874d..0000000000
---- a/test/testsuite-63.units/test63.service
-+++ /dev/null
-@@ -1,5 +0,0 @@
--[Unit]
--ConditionPathExists=!/tmp/nonexistent
--
--[Service]
--ExecStart=true
-diff --git a/test/units/testsuite-63.service b/test/units/testsuite-63.service
-deleted file mode 100644
-index 04122723d4..0000000000
---- a/test/units/testsuite-63.service
-+++ /dev/null
-@@ -1,16 +0,0 @@
--[Unit]
--Description=TEST-63-ISSUE-17433
--
--[Service]
--ExecStartPre=rm -f /failed /testok
--Type=oneshot
--ExecStart=rm -f /tmp/nonexistent
--ExecStart=systemctl start test63.path
--ExecStart=touch /tmp/test63
--# Make sure systemd has sufficient time to hit the start limit for test63.service.
--ExecStart=sleep 2
--ExecStart=sh -x -c 'test "$(systemctl show test63.service -P ActiveState)" = failed'
--ExecStart=sh -x -c 'test "$(systemctl show test63.service -P Result)" = start-limit-hit'
--ExecStart=sh -x -c 'test "$(systemctl show test63.path -P ActiveState)" = failed'
--ExecStart=sh -x -c 'test "$(systemctl show test63.path -P Result)" = unit-start-limit-hit'
--ExecStart=sh -x -c 'echo OK >/testok'
diff --git a/sys-apps/systemd/systemd-249.5-r1.ebuild b/sys-apps/systemd/systemd-249.6.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-249.5-r1.ebuild
rename to sys-apps/systemd/systemd-249.6.ebuild
index e47a7beaa3d1..8348517478b6 100644
--- a/sys-apps/systemd/systemd-249.5-r1.ebuild
+++ b/sys-apps/systemd/systemd-249.6.ebuild
@@ -226,9 +226,6 @@ src_prepare() {
# Add local patches here
PATCHES+=(
- "${FILESDIR}/249-libudev-static.patch"
- "${FILESDIR}/249.5-coredumpctl.patch"
- "${FILESDIR}/249.5-revert-unit-start-rate-limiting.patch"
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2021-11-07 5:27 Georgy Yakovlev
0 siblings, 0 replies; 65+ messages in thread
From: Georgy Yakovlev @ 2021-11-07 5:27 UTC (permalink / raw
To: gentoo-commits
commit: c897165ab00b566f2a21db3bb1d8da0fee67bfc8
Author: Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 1 23:33:10 2021 +0000
Commit: Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
CommitDate: Sun Nov 7 05:26:12 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c897165a
sys-apps/systemd: add hostnamed-fallback mode
this will allow networkd/hostnamed to properly set hostname
on systems without polkit.
while it's possible to set hostname/fqdn manually already, with fallback workaround
it will be possible to get hostnames from DHCP via networkd too without
using polkit->spidermonkey->rust->llvm chain of deps.
ideas and configs taken from yocto/oe
https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=3dc37c12c17d5bb6d4701a425a4f79f6e31784ee
https://github.com/systemd/systemd/issues/13501
Closes: https://github.com/gentoo/gentoo/pull/22792
Signed-off-by: Georgy Yakovlev <gyakovlev <AT> gentoo.org>
sys-apps/systemd/files/00-hostnamed-network-user.conf | 6 ++++++
.../files/org.freedesktop.hostname1_no_polkit.conf | 11 +++++++++++
sys-apps/systemd/metadata.xml | 1 +
sys-apps/systemd/systemd-9999.ebuild | 17 ++++++++++++++++-
4 files changed, 34 insertions(+), 1 deletion(-)
diff --git a/sys-apps/systemd/files/00-hostnamed-network-user.conf b/sys-apps/systemd/files/00-hostnamed-network-user.conf
new file mode 100644
index 00000000000..6b224ba9b93
--- /dev/null
+++ b/sys-apps/systemd/files/00-hostnamed-network-user.conf
@@ -0,0 +1,6 @@
+[Service]
+# By running with these options instead of root, networkd is allowed to request
+# a hostname change via DBUS when policykit is not present
+User=systemd-network
+Group=systemd-hostname
+AmbientCapabilities=CAP_SYS_ADMIN
diff --git a/sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf b/sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf
new file mode 100644
index 00000000000..f4d0271cdb6
--- /dev/null
+++ b/sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf
@@ -0,0 +1,11 @@
+<?xml version="1.0"?> <!--*-nxml-*-->
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
+<busconfig>
+ <policy group="systemd-hostname">
+ <allow own="org.freedesktop.hostname1"/>
+ <allow send_destination="org.freedesktop.hostname1"/>
+ <allow receive_sender="org.freedesktop.hostname1"/>
+ </policy>
+</busconfig>
diff --git a/sys-apps/systemd/metadata.xml b/sys-apps/systemd/metadata.xml
index b35d6bfbd41..cd0754d004d 100644
--- a/sys-apps/systemd/metadata.xml
+++ b/sys-apps/systemd/metadata.xml
@@ -20,6 +20,7 @@
<flag name="fido2">Enable FIDO2 support</flag>
<flag name="gcrypt">Enable sealing of journal files using gcrypt</flag>
<flag name="homed">Enable portable home directories</flag>
+ <flag name="hostnamed-fallback">Enable setting hostname with networkd/hostnamed without polkit (requires running <pkg>sys-apps/dbus-broker</pkg>)</flag>
<flag name="http">Enable embedded HTTP server in journald</flag>
<flag name="hwdb">Enable support for the hardware database</flag>
<flag name="importd">Enable import daemon</flag>
diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 8348517478b..485b6498181 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -30,11 +30,12 @@ HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
SLOT="0/2"
-IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils fido2 +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd"
+IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils fido2 +gcrypt gnuefi homed hostnamed-fallback http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd"
REQUIRED_USE="
homed? ( cryptsetup pam )
importd? ( curl gcrypt lzma )
+ policykit? ( !hostnamed-fallback )
pwquality? ( homed )
"
RESTRICT="!test? ( test )"
@@ -117,6 +118,10 @@ RDEPEND="${COMMON_DEPEND}
>=acct-user/systemd-resolve-0-r1
>=acct-user/systemd-timesync-0-r1
>=sys-apps/baselayout-2.2
+ hostnamed-fallback? (
+ acct-group/systemd-hostname
+ sys-apps/dbus-broker
+ )
selinux? ( sec-policy/selinux-base-policy[systemd] )
sysv-utils? (
!sys-apps/openrc[sysv-utils(-)]
@@ -400,6 +405,16 @@ multilib_src_install_all() {
dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
fi
+ # workaround for https://github.com/systemd/systemd/issues/13501
+ if use hostnamed-fallback; then
+ # this file requires dbus-broker
+ insinto /usr/share/dbus-1/system.d/
+ doins "${FILESDIR}/org.freedesktop.hostname1_no_polkit.conf"
+
+ insinto "${rootprefix}/lib/systemd/system/systemd-hostnamed.service.d/"
+ doins "${FILESDIR}/00-hostnamed-network-user.conf"
+ fi
+
gen_usr_ldscript -a systemd udev
}
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2021-09-14 23:47 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2021-09-14 23:47 UTC (permalink / raw
To: gentoo-commits
commit: 456fb26fe2564868771b7948b6049dc96743d947
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 14 23:46:05 2021 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Tue Sep 14 23:46:05 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=456fb26f
sys-apps/systemd: backport network fix
Closes: https://bugs.gentoo.org/813102
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-apps/systemd/files/249-network-renaming.patch | 41 ++++++++++++++++++++++
...emd-249.4-r3.ebuild => systemd-249.4-r4.ebuild} | 1 +
2 files changed, 42 insertions(+)
diff --git a/sys-apps/systemd/files/249-network-renaming.patch b/sys-apps/systemd/files/249-network-renaming.patch
new file mode 100644
index 00000000000..b9eecf57b10
--- /dev/null
+++ b/sys-apps/systemd/files/249-network-renaming.patch
@@ -0,0 +1,41 @@
+From 160203e974945ce520fe8f569458634ef898c61c Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Fri, 10 Sep 2021 08:09:56 +0900
+Subject: [PATCH] network: fix handling of network interface renaming
+
+Fixes #20657.
+---
+ src/network/networkd-link.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 4afd540d2015..caad6205ae83 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -1470,17 +1470,21 @@ static int link_initialized(Link *link, sd_device *device) {
+ assert(link);
+ assert(device);
+
+- if (link->state != LINK_STATE_PENDING)
+- return 0;
++ /* Always replace with the new sd_device object. As the sysname (and possibly other properties
++ * or sysattrs) may be outdated. */
++ sd_device_ref(device);
++ sd_device_unref(link->sd_device);
++ link->sd_device = device;
+
+- if (link->sd_device)
++ /* Do not ignore unamanaged state case here. If an interface is renamed after being once
++ * configured, and the corresponding .network file has Name= in [Match] section, then the
++ * interface may be already in unmanaged state. See #20657. */
++ if (!IN_SET(link->state, LINK_STATE_PENDING, LINK_STATE_UNMANAGED))
+ return 0;
+
+ log_link_debug(link, "udev initialized link");
+ link_set_state(link, LINK_STATE_INITIALIZED);
+
+- link->sd_device = sd_device_ref(device);
+-
+ /* udev has initialized the link, but we don't know if we have yet
+ * processed the NEWLINK messages with the latest state. Do a GETLINK,
+ * when it returns we know that the pending NEWLINKs have already been
diff --git a/sys-apps/systemd/systemd-249.4-r3.ebuild b/sys-apps/systemd/systemd-249.4-r4.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-249.4-r3.ebuild
rename to sys-apps/systemd/systemd-249.4-r4.ebuild
index b651ce70662..dff4c114007 100644
--- a/sys-apps/systemd/systemd-249.4-r3.ebuild
+++ b/sys-apps/systemd/systemd-249.4-r4.ebuild
@@ -229,6 +229,7 @@ src_prepare() {
"${FILESDIR}/249-libudev-static.patch"
"${FILESDIR}/249-home-secret-assert.patch"
"${FILESDIR}/249-fido2.patch"
+ "${FILESDIR}/249-network-renaming.patch"
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2021-09-08 18:29 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2021-09-08 18:29 UTC (permalink / raw
To: gentoo-commits
commit: bf8a15acdb09aef0eedfaeb743e1ae566120e0b7
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 8 18:28:49 2021 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Sep 8 18:29:25 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf8a15ac
sys-apps/systemd: backport fix for pam_systemd_home
Closes: https://bugs.gentoo.org/811093
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
.../systemd/files/249-home-secret-assert.patch | 106 +++++++++++++++++++++
sys-apps/systemd/systemd-249.4-r2.ebuild | 1 +
2 files changed, 107 insertions(+)
diff --git a/sys-apps/systemd/files/249-home-secret-assert.patch b/sys-apps/systemd/files/249-home-secret-assert.patch
new file mode 100644
index 00000000000..e6e2a8e7cc7
--- /dev/null
+++ b/sys-apps/systemd/files/249-home-secret-assert.patch
@@ -0,0 +1,106 @@
+From 6a09dbb89507449d158af6c7097d2c51ce83205f Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 5 Sep 2021 11:16:26 +0900
+Subject: [PATCH] home: 'secret' argument of handle_generic_user_record_error
+ may be null
+
+When RefHome() bus method is called in acquire_home(), secret is NULL.
+
+Fixes #20639.
+---
+ src/home/pam_systemd_home.c | 19 ++++++++++++++++++-
+ 1 file changed, 18 insertions(+), 1 deletion(-)
+
+diff --git a/src/home/pam_systemd_home.c b/src/home/pam_systemd_home.c
+index 836ed0d5e96d..a04d50208a8e 100644
+--- a/src/home/pam_systemd_home.c
++++ b/src/home/pam_systemd_home.c
+@@ -281,7 +281,6 @@ static int handle_generic_user_record_error(
+ const sd_bus_error *error) {
+
+ assert(user_name);
+- assert(secret);
+ assert(error);
+
+ int r;
+@@ -301,6 +300,8 @@ static int handle_generic_user_record_error(
+ } else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_PASSWORD)) {
+ _cleanup_(erase_and_freep) char *newp = NULL;
+
++ assert(secret);
++
+ /* This didn't work? Ask for an (additional?) password */
+
+ if (strv_isempty(secret->password))
+@@ -326,6 +327,8 @@ static int handle_generic_user_record_error(
+ } else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN)) {
+ _cleanup_(erase_and_freep) char *newp = NULL;
+
++ assert(secret);
++
+ if (strv_isempty(secret->password)) {
+ (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token of user %s not inserted.", user_name);
+ r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Try again with password: ");
+@@ -350,6 +353,8 @@ static int handle_generic_user_record_error(
+ } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PIN_NEEDED)) {
+ _cleanup_(erase_and_freep) char *newp = NULL;
+
++ assert(secret);
++
+ r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Security token PIN: ");
+ if (r != PAM_SUCCESS)
+ return PAM_CONV_ERR; /* no logging here */
+@@ -367,6 +372,8 @@ static int handle_generic_user_record_error(
+
+ } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED)) {
+
++ assert(secret);
++
+ (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please authenticate physically on security token of user %s.", user_name);
+
+ r = user_record_set_pkcs11_protected_authentication_path_permitted(secret, true);
+@@ -377,6 +384,8 @@ static int handle_generic_user_record_error(
+
+ } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_USER_PRESENCE_NEEDED)) {
+
++ assert(secret);
++
+ (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please confirm presence on security token of user %s.", user_name);
+
+ r = user_record_set_fido2_user_presence_permitted(secret, true);
+@@ -387,6 +396,8 @@ static int handle_generic_user_record_error(
+
+ } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_USER_VERIFICATION_NEEDED)) {
+
++ assert(secret);
++
+ (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please verify user on security token of user %s.", user_name);
+
+ r = user_record_set_fido2_user_verification_permitted(secret, true);
+@@ -403,6 +414,8 @@ static int handle_generic_user_record_error(
+ } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN)) {
+ _cleanup_(erase_and_freep) char *newp = NULL;
+
++ assert(secret);
++
+ (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN incorrect for user %s.", user_name);
+ r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: ");
+ if (r != PAM_SUCCESS)
+@@ -422,6 +435,8 @@ static int handle_generic_user_record_error(
+ } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN_FEW_TRIES_LEFT)) {
+ _cleanup_(erase_and_freep) char *newp = NULL;
+
++ assert(secret);
++
+ (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN of user %s incorrect (only a few tries left!)", user_name);
+ r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: ");
+ if (r != PAM_SUCCESS)
+@@ -441,6 +456,8 @@ static int handle_generic_user_record_error(
+ } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN_ONE_TRY_LEFT)) {
+ _cleanup_(erase_and_freep) char *newp = NULL;
+
++ assert(secret);
++
+ (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN of user %s incorrect (only one try left!)", user_name);
+ r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: ");
+ if (r != PAM_SUCCESS)
diff --git a/sys-apps/systemd/systemd-249.4-r2.ebuild b/sys-apps/systemd/systemd-249.4-r2.ebuild
index 95d20177016..dd5462b694d 100644
--- a/sys-apps/systemd/systemd-249.4-r2.ebuild
+++ b/sys-apps/systemd/systemd-249.4-r2.ebuild
@@ -226,6 +226,7 @@ src_prepare() {
# Add local patches here
PATCHES+=(
"${FILESDIR}/249-libudev-static.patch"
+ "${FILESDIR}/249-home-secret-assert.patch"
"${FILESDIR}/249-fido2.patch"
)
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2021-07-08 20:23 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2021-07-08 20:23 UTC (permalink / raw
To: gentoo-commits
commit: 9cb1e202e281d9fa3ebbf9f354b0672d98743d87
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Jul 8 20:22:01 2021 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Jul 8 20:22:01 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9cb1e202
sys-apps/systemd: backport fix for hostnamed
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
.../files/249-hostnamed-error-variable.patch | 50 ++++++++++++++++++++++
.../{systemd-249.ebuild => systemd-249-r1.ebuild} | 1 +
2 files changed, 51 insertions(+)
diff --git a/sys-apps/systemd/files/249-hostnamed-error-variable.patch b/sys-apps/systemd/files/249-hostnamed-error-variable.patch
new file mode 100644
index 00000000000..7fe7af73a00
--- /dev/null
+++ b/sys-apps/systemd/files/249-hostnamed-error-variable.patch
@@ -0,0 +1,50 @@
+From 105a4245ff13d588e1e848e8ee3cffd6185bd0ae Mon Sep 17 00:00:00 2001
+From: Jan Palus <jpalus@fastmail.com>
+Date: Thu, 8 Jul 2021 00:23:21 +0200
+Subject: [PATCH] hostnamed: correct variable with errno in fallback_chassis
+
+fixes assertion failure on arm:
+
+systemd-hostnamed[642]: Assertion '(_error) != 0' failed at src/hostname/hostnamed.c:207, function fallback_chassis(). Aborting.
+---
+ src/hostname/hostnamed.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
+index bd535ddc4d80..36702f2fb0cd 100644
+--- a/src/hostname/hostnamed.c
++++ b/src/hostname/hostnamed.c
+@@ -204,14 +204,14 @@ static const char* fallback_chassis(void) {
+
+ r = read_one_line_file("/sys/class/dmi/id/chassis_type", &type);
+ if (r < 0) {
+- log_debug_errno(v, "Failed to read DMI chassis type, ignoring: %m");
++ log_debug_errno(r, "Failed to read DMI chassis type, ignoring: %m");
+ goto try_acpi;
+ }
+
+ r = safe_atou(type, &t);
+ free(type);
+ if (r < 0) {
+- log_debug_errno(v, "Failed to parse DMI chassis type, ignoring: %m");
++ log_debug_errno(r, "Failed to parse DMI chassis type, ignoring: %m");
+ goto try_acpi;
+ }
+
+@@ -260,14 +260,14 @@ static const char* fallback_chassis(void) {
+ try_acpi:
+ r = read_one_line_file("/sys/firmware/acpi/pm_profile", &type);
+ if (r < 0) {
+- log_debug_errno(v, "Failed read ACPI PM profile, ignoring: %m");
++ log_debug_errno(r, "Failed read ACPI PM profile, ignoring: %m");
+ return NULL;
+ }
+
+ r = safe_atou(type, &t);
+ free(type);
+ if (r < 0) {
+- log_debug_errno(v, "Failed parse ACPI PM profile, ignoring: %m");
++ log_debug_errno(r, "Failed parse ACPI PM profile, ignoring: %m");
+ return NULL;
+ }
+
diff --git a/sys-apps/systemd/systemd-249.ebuild b/sys-apps/systemd/systemd-249-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-249.ebuild
rename to sys-apps/systemd/systemd-249-r1.ebuild
index 7b82142e7ac..3bc38914353 100644
--- a/sys-apps/systemd/systemd-249.ebuild
+++ b/sys-apps/systemd/systemd-249-r1.ebuild
@@ -218,6 +218,7 @@ src_prepare() {
# Add local patches here
PATCHES+=(
+ "${FILESDIR}/249-hostnamed-error-variable.patch"
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2021-06-20 17:18 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2021-06-20 17:18 UTC (permalink / raw
To: gentoo-commits
commit: b528f97e26fe1d046152e38cbd199355d380cc98
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 20 16:53:28 2021 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Jun 20 17:18:48 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b528f97e
sys-apps/systemd: simplify systemd-user pam config
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-apps/systemd/files/systemd-user.pam | 5 +++++
sys-apps/systemd/systemd-9999.ebuild | 5 ++++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/sys-apps/systemd/files/systemd-user.pam b/sys-apps/systemd/files/systemd-user.pam
new file mode 100644
index 00000000000..38ae3211f8d
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-user.pam
@@ -0,0 +1,5 @@
+account include system-auth
+
+session required pam_loginuid.so
+session include system-auth
+session optional pam_systemd.so
diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 3f2168e521b..41b2a1b5b70 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -223,7 +223,6 @@ src_prepare() {
"${FILESDIR}/gentoo-generator-path-r2.patch"
"${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
"${FILESDIR}/gentoo-journald-audit.patch"
- "${FILESDIR}/gentoo-pam-r1.patch"
)
fi
@@ -380,6 +379,10 @@ multilib_src_install_all() {
# Symlink /etc/sysctl.conf for easy migration.
dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
+ if use pam; then
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
+
if use hwdb; then
rm -r "${ED}${rootprefix}"/lib/udev/hwdb.d || die
fi
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2021-05-19 19:37 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2021-05-19 19:37 UTC (permalink / raw
To: gentoo-commits
commit: 802dfd1188797b98f8be573efd29feccf7ab8c2c
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed May 19 19:36:46 2021 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed May 19 19:36:46 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=802dfd11
sys-apps/systemd: update pam patch for jinja conversion
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-apps/systemd/files/gentoo-pam-r1.patch | 33 ++++++++++++++++++++++++++++++
sys-apps/systemd/systemd-9999.ebuild | 2 +-
2 files changed, 34 insertions(+), 1 deletion(-)
diff --git a/sys-apps/systemd/files/gentoo-pam-r1.patch b/sys-apps/systemd/files/gentoo-pam-r1.patch
new file mode 100644
index 00000000000..8816bae19e0
--- /dev/null
+++ b/sys-apps/systemd/files/gentoo-pam-r1.patch
@@ -0,0 +1,33 @@
+From e404e655eab9042bfc81ff5638dd54f4a5452ce0 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Wed, 19 May 2021 15:34:41 -0400
+Subject: [PATCH] pam: include system-auth for systemd --user
+
+---
+ src/login/systemd-user.in | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in
+index 343aec4a01..a18d7d43cf 100644
+--- a/src/login/systemd-user.in
++++ b/src/login/systemd-user.in
+@@ -5,7 +5,7 @@
+ {% if ENABLE_HOMED %}
+ -account sufficient pam_systemd_home.so
+ {% endif %}
+-account sufficient pam_unix.so
++account include system-auth
+ account required pam_permit.so
+
+ {% if HAVE_SELINUX %}
+@@ -13,6 +13,7 @@ session required pam_selinux.so close
+ session required pam_selinux.so nottys open
+ {% endif %}
+ session required pam_loginuid.so
++session include system-auth
+ session optional pam_keyinit.so force revoke
+ {% if ENABLE_HOMED %}
+ -session optional pam_systemd_home.so
+--
+2.31.1
+
diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 72aabc846fe..03cc0e7e225 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -223,7 +223,7 @@ src_prepare() {
"${FILESDIR}/gentoo-generator-path-r2.patch"
"${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
"${FILESDIR}/gentoo-journald-audit.patch"
- "${FILESDIR}/gentoo-pam.patch"
+ "${FILESDIR}/gentoo-pam-r1.patch"
)
fi
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2020-11-08 17:51 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2020-11-08 17:51 UTC (permalink / raw
To: gentoo-commits
commit: e25dac18a28a39570cbd3bc258be1b573c8fa9dc
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 8 17:50:35 2020 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Nov 8 17:50:50 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e25dac18
sys-apps/systemd: bump to 247-rc1
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-apps/systemd/Manifest | 1 +
.../gentoo-systemctl-disable-sysv-sync-r1.patch | 25 ++++++++++++++++++++++
...{systemd-9999.ebuild => systemd-247_rc1.ebuild} | 2 +-
sys-apps/systemd/systemd-9999.ebuild | 2 +-
4 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 470a6c699a3..530182fc3ff 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,2 +1,3 @@
DIST systemd-246.tar.gz 9534036 BLAKE2B 71b72abcd4d066d35d45d9835d41bec8faa9a7eddc80b48fe7073223f07d32f78a8442c52dc0800940f9750d9c5502123a633738981d797cf610d85df2035bf0 SHA512 7103f7da53f7ced3b5543c238f23bd11c82af8e37166c1720a90576b6b431b4329320c78726166c65a9f5e101dd465c0a86dd13c586c4e55e608a6273d8f324f
+DIST systemd-247-rc1.tar.gz 9838448 BLAKE2B 99eeafb9ef35d7786f39e8089820ea7b838e06b7ad74271a193c27e716275cb96e0cfe213fa546abc304978fdf95be37e23f31c2059aa6aff28739979a1a036d SHA512 5c04b013ceebbf466c917d093189a60a2a77c57a844eed840c911669855d4d9d783dcaec1ba6b488c5e96e7f9a9f3d4e39cff240c46c013ec2fcce5a5b7c4aee
DIST systemd-stable-246.6.tar.gz 9545237 BLAKE2B 5290736b30ca1a3188335a74d49b4f3e8b48007d9563efac1985ea6428a8b8fd6cad7ae87c35e13a32f851ebd27821829738274d35cfbff9340750bd3b086621 SHA512 1936b291d9831cf61f800fe718a4c2c2fe9b2a11fd817fe32bd48da2087a675dfc91013209a3478ea52e8ada593300ed906e248b8081dcf9141bf1cc17483ea9
diff --git a/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync-r1.patch b/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync-r1.patch
new file mode 100644
index 00000000000..a9d40be4ab7
--- /dev/null
+++ b/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync-r1.patch
@@ -0,0 +1,25 @@
+From d9059d2ef1b0d6034267cc8ff44871d0f82f840f Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Sun, 8 Nov 2020 12:34:11 -0500
+Subject: [PATCH] systemctl: disable synchronizaion of sysv init scripts
+
+---
+ src/systemctl/systemctl-sysv-compat.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/systemctl/systemctl-sysv-compat.c b/src/systemctl/systemctl-sysv-compat.c
+index 2dca9e480f..5dcf13ba17 100644
+--- a/src/systemctl/systemctl-sysv-compat.c
++++ b/src/systemctl/systemctl-sysv-compat.c
+@@ -111,7 +111,7 @@ int parse_shutdown_time_spec(const char *t, usec_t *ret) {
+ int enable_sysv_units(const char *verb, char **args) {
+ int r = 0;
+
+-#if HAVE_SYSV_COMPAT
++#if 0
+ _cleanup_(lookup_paths_free) LookupPaths paths = {};
+ unsigned f = 0;
+
+--
+2.29.0
+
diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-247_rc1.ebuild
similarity index 99%
copy from sys-apps/systemd/systemd-9999.ebuild
copy to sys-apps/systemd/systemd-247_rc1.ebuild
index 4c0c3699148..016f308320d 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-247_rc1.ebuild
@@ -208,7 +208,7 @@ src_prepare() {
if ! use vanilla; then
PATCHES+=(
"${FILESDIR}/gentoo-generator-path-r2.patch"
- "${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch"
+ "${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
"${FILESDIR}/gentoo-journald-audit.patch"
"${FILESDIR}/gentoo-pam.patch"
)
diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 4c0c3699148..016f308320d 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -208,7 +208,7 @@ src_prepare() {
if ! use vanilla; then
PATCHES+=(
"${FILESDIR}/gentoo-generator-path-r2.patch"
- "${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch"
+ "${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
"${FILESDIR}/gentoo-journald-audit.patch"
"${FILESDIR}/gentoo-pam.patch"
)
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2020-05-21 0:13 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2020-05-21 0:13 UTC (permalink / raw
To: gentoo-commits
commit: 25690985f6ec821756db3ee0af7484976005b79d
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu May 21 00:11:48 2020 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu May 21 00:12:58 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=25690985
sys-apps/systemd: remove old
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-apps/systemd/Manifest | 1 -
sys-apps/systemd/files/243-seccomp.patch | 145 ---------
sys-apps/systemd/systemd-243-r2.ebuild | 504 -------------------------------
3 files changed, 650 deletions(-)
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index fe384c4ffdc..2b7c2f78b20 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,4 +1,3 @@
-DIST systemd-243.tar.gz 8242522 BLAKE2B 89e3ebbea5a99061329f7c78220a66c1e075d5ba90dfdf5ee8d0d9b762ef4600dc82d8ca2054632e5e343b6272cd8046c92f7f99dcfa8287c5ef2b42fb96d4cb SHA512 56b52a297aa5ac04d9667eb3afb1598725b197de73ff72baa1aabbc2844e36fba7b7fccdf6d214ae8b5b926616b2b7e15772763aaa80ec938d74333ff9c8673e
DIST systemd-244.tar.gz 8445963 BLAKE2B 19751fb9c058a079694ee1b991259fd3f1fa30ae98ca38bbe8caadfc5628db7848c7f742a1b11781fbd67f911adda917d7a4da1dddb63064907f86f47e5a3256 SHA512 08f260fb15b5eb273faafda826dd9154e9a02841b4c5911cc1c7e1445072ad51389f8cced7b9acf112737c20fd56b2fbf48b3f914733c934c774d38a23b616fb
DIST systemd-245.tar.gz 8993479 BLAKE2B be0b1fca5ba8585978f570868bc9135c1fee78ea64dcdf8b1a3419e856a83da90104ed2f86e5f3e5b0b6f29d4b34f603bfe1e4cbc61ccf71bedce547db62ff35 SHA512 1b80d0e02472dfc4197f11dab4f56cf90e8a6e105ce19f837cb11335b6d8577ed49031dad94cdb41aa9bdc06ec8eec62c8e9246272b83935e7bb9dcd3cd8c012
DIST systemd-stable-244.3.tar.gz 8484735 BLAKE2B 25125ecdae59c852e8ceb45b7ed0b76631b301ab4026c4e389c4bc12090fe41f5918411a75bd20f38b6b3993445df93c850ba98f8d9b30fd24fc4e25f8355a3d SHA512 f8e83fa3e57ac8fdbed61b66bb45fd0eafa6fb36eda26f10690d93f34b03daab6ce4e7eff45b79dcaf59f11f41c1b022d1d9314f576c50ad28f6bb5901f1b18d
diff --git a/sys-apps/systemd/files/243-seccomp.patch b/sys-apps/systemd/files/243-seccomp.patch
deleted file mode 100644
index 88b129f7722..00000000000
--- a/sys-apps/systemd/files/243-seccomp.patch
+++ /dev/null
@@ -1,145 +0,0 @@
-From 4df8fe8415eaf4abd5b93c3447452547c6ea9e5f Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Thu, 14 Nov 2019 17:51:30 +0100
-Subject: [PATCH] seccomp: more comprehensive protection against libseccomp's
- __NR_xyz namespace invasion
-
-A follow-up for 59b657296a2fe104f112b91bbf9301724067cc81, adding the
-same conditioning for all cases of our __NR_xyz use.
-
-Fixes: #14031
----
- src/basic/missing_syscall.h | 10 +++++-----
- src/test/test-seccomp.c | 19 ++++++++++---------
- 2 files changed, 15 insertions(+), 14 deletions(-)
-
-diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h
-index 6d9b12544d..1255d8b197 100644
---- a/src/basic/missing_syscall.h
-+++ b/src/basic/missing_syscall.h
-@@ -274,7 +274,7 @@ static inline int missing_renameat2(int oldfd, const char *oldname, int newfd, c
-
- #if !HAVE_KCMP
- static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned long idx1, unsigned long idx2) {
--# ifdef __NR_kcmp
-+# if defined __NR_kcmp && __NR_kcmp > 0
- return syscall(__NR_kcmp, pid1, pid2, type, idx1, idx2);
- # else
- errno = ENOSYS;
-@@ -289,7 +289,7 @@ static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned long i
-
- #if !HAVE_KEYCTL
- static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) {
--# ifdef __NR_keyctl
-+# if defined __NR_keyctl && __NR_keyctl > 0
- return syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5);
- # else
- errno = ENOSYS;
-@@ -300,7 +300,7 @@ static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg
- }
-
- static inline key_serial_t missing_add_key(const char *type, const char *description, const void *payload, size_t plen, key_serial_t ringid) {
--# ifdef __NR_add_key
-+# if defined __NR_add_key && __NR_add_key > 0
- return syscall(__NR_add_key, type, description, payload, plen, ringid);
- # else
- errno = ENOSYS;
-@@ -311,7 +311,7 @@ static inline key_serial_t missing_add_key(const char *type, const char *descrip
- }
-
- static inline key_serial_t missing_request_key(const char *type, const char *description, const char * callout_info, key_serial_t destringid) {
--# ifdef __NR_request_key
-+# if defined __NR_request_key && __NR_request_key > 0
- return syscall(__NR_request_key, type, description, callout_info, destringid);
- # else
- errno = ENOSYS;
-@@ -496,7 +496,7 @@ enum {
- static inline long missing_set_mempolicy(int mode, const unsigned long *nodemask,
- unsigned long maxnode) {
- long i;
--# ifdef __NR_set_mempolicy
-+# if defined __NR_set_mempolicy && __NR_set_mempolicy > 0
- i = syscall(__NR_set_mempolicy, mode, nodemask, maxnode);
- # else
- errno = ENOSYS;
-diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
-index 018c20f8be..c6692043fe 100644
---- a/src/test/test-seccomp.c
-+++ b/src/test/test-seccomp.c
-@@ -28,7 +28,8 @@
- #include "tmpfile-util.h"
- #include "virt.h"
-
--#if SCMP_SYS(socket) < 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__)
-+/* __NR_socket may be invalid due to libseccomp */
-+#if !defined(__NR_socket) || __NR_socket <= 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__)
- /* On these archs, socket() is implemented via the socketcall() syscall multiplexer,
- * and we can't restrict it hence via seccomp. */
- # define SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN 1
-@@ -304,14 +305,14 @@ static void test_protect_sysctl(void) {
- assert_se(pid >= 0);
-
- if (pid == 0) {
--#if __NR__sysctl > 0
-+#if defined __NR__sysctl && __NR__sysctl > 0
- assert_se(syscall(__NR__sysctl, NULL) < 0);
- assert_se(errno == EFAULT);
- #endif
-
- assert_se(seccomp_protect_sysctl() >= 0);
-
--#if __NR__sysctl > 0
-+#if defined __NR__sysctl && __NR__sysctl > 0
- assert_se(syscall(__NR__sysctl, 0, 0, 0) < 0);
- assert_se(errno == EPERM);
- #endif
-@@ -640,7 +641,7 @@ static void test_load_syscall_filter_set_raw(void) {
- assert_se(poll(NULL, 0, 0) == 0);
-
- assert_se(s = hashmap_new(NULL));
--#if SCMP_SYS(access) >= 0
-+#if defined __NR_access && __NR_access > 0
- assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(-1)) >= 0);
- #else
- assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(-1)) >= 0);
-@@ -656,7 +657,7 @@ static void test_load_syscall_filter_set_raw(void) {
- s = hashmap_free(s);
-
- assert_se(s = hashmap_new(NULL));
--#if SCMP_SYS(access) >= 0
-+#if defined __NR_access && __NR_access > 0
- assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(EILSEQ)) >= 0);
- #else
- assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(EILSEQ)) >= 0);
-@@ -672,7 +673,7 @@ static void test_load_syscall_filter_set_raw(void) {
- s = hashmap_free(s);
-
- assert_se(s = hashmap_new(NULL));
--#if SCMP_SYS(poll) >= 0
-+#if defined __NR_poll && __NR_poll > 0
- assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(-1)) >= 0);
- #else
- assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(-1)) >= 0);
-@@ -689,7 +690,7 @@ static void test_load_syscall_filter_set_raw(void) {
- s = hashmap_free(s);
-
- assert_se(s = hashmap_new(NULL));
--#if SCMP_SYS(poll) >= 0
-+#if defined __NR_poll && __NR_poll > 0
- assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(EILSEQ)) >= 0);
- #else
- assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(EILSEQ)) >= 0);
-@@ -767,8 +768,8 @@ static int real_open(const char *path, int flags, mode_t mode) {
- * testing purposes that calls the real syscall, on architectures where SYS_open is defined. On
- * other architectures, let's just fall back to the glibc call. */
-
--#ifdef SYS_open
-- return (int) syscall(SYS_open, path, flags, mode);
-+#if defined __NR_open && __NR_open > 0
-+ return (int) syscall(__NR_open, path, flags, mode);
- #else
- return open(path, flags, mode);
- #endif
---
-2.24.0
-
diff --git a/sys-apps/systemd/systemd-243-r2.ebuild b/sys-apps/systemd/systemd-243-r2.ebuild
deleted file mode 100644
index 62ea76aad71..00000000000
--- a/sys-apps/systemd/systemd-243-r2.ebuild
+++ /dev/null
@@ -1,504 +0,0 @@
-# Copyright 2011-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-if [[ ${PV} == 9999 ]]; then
- EGIT_REPO_URI="https://github.com/systemd/systemd.git"
- inherit git-r3
-else
- MY_PV=${PV/_/-}
- MY_P=${PN}-${MY_PV}
- S=${WORKDIR}/${MY_P}
- SRC_URI="https://github.com/systemd/systemd/archive/v${MY_PV}/${MY_P}.tar.gz"
- KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 sparc x86"
-fi
-
-PYTHON_COMPAT=( python{3_6,3_7} )
-
-inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev usr-ldscript
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi http idn importd +kmod +lz4 lzma nat pam pcre policykit qrcode +resolvconf +seccomp selinux split-usr static-libs +sysv-utils test vanilla xkb"
-
-REQUIRED_USE="importd? ( curl gcrypt lzma )"
-RESTRICT="!test? ( test )"
-
-MINKV="3.11"
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
- sys-libs/libcap:0=[${MULTILIB_USEDEP}]
- acl? ( sys-apps/acl:0= )
- apparmor? ( sys-libs/libapparmor:0= )
- audit? ( >=sys-process/audit-2:0= )
- cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
- curl? ( net-misc/curl:0= )
- dns-over-tls? ( >=net-libs/gnutls-3.5.3:0= )
- elfutils? ( >=dev-libs/elfutils-0.158:0= )
- gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
- http? (
- >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)]
- >=net-libs/gnutls-3.1.4:0=
- )
- idn? ( net-dns/libidn2:= )
- importd? (
- app-arch/bzip2:0=
- sys-libs/zlib:0=
- )
- kmod? ( >=sys-apps/kmod-15:0= )
- lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
- lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
- nat? ( net-firewall/iptables:0= )
- pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
- pcre? ( dev-libs/libpcre2 )
- qrcode? ( media-gfx/qrencode:0= )
- seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
- selinux? ( sys-libs/libselinux:0= )
- xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
- >=sys-kernel/linux-headers-${MINKV}
- gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
-"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
- acct-group/adm
- acct-group/wheel
- acct-group/kmem
- acct-group/tty
- acct-group/utmp
- acct-group/audio
- acct-group/cdrom
- acct-group/dialout
- acct-group/disk
- acct-group/input
- acct-group/kvm
- acct-group/render
- acct-group/tape
- acct-group/video
- acct-group/systemd-journal
- acct-user/systemd-journal-remote
- acct-user/systemd-coredump
- acct-user/systemd-network
- acct-user/systemd-resolve
- acct-user/systemd-timesync
- >=sys-apps/baselayout-2.2
- selinux? ( sec-policy/selinux-base-policy[systemd] )
- sysv-utils? ( !sys-apps/sysvinit )
- !sysv-utils? ( sys-apps/sysvinit )
- resolvconf? ( !net-dns/openresolv )
- !build? ( || (
- sys-apps/util-linux[kill(-)]
- sys-process/procps[kill(+)]
- sys-apps/coreutils[kill(-)]
- ) )
- !sys-auth/nss-myhostname
- !sys-fs/eudev
- !sys-fs/udev
-"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
- >=sys-apps/hwids-20150417[udev]
- >=sys-fs/udev-init-scripts-25
- policykit? ( sys-auth/polkit )
- !vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-BDEPEND="
- app-arch/xz-utils:0
- dev-util/gperf
- >=dev-util/meson-0.46
- >=dev-util/intltool-0.50
- >=sys-apps/coreutils-8.16
- sys-devel/m4
- virtual/pkgconfig[${MULTILIB_USEDEP}]
- test? ( sys-apps/dbus )
- app-text/docbook-xml-dtd:4.2
- app-text/docbook-xml-dtd:4.5
- app-text/docbook-xsl-stylesheets
- dev-libs/libxslt:0
- $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
-"
-
-python_check_deps() {
- has_version -b "dev-python/lxml[${PYTHON_USEDEP}]"
-}
-
-pkg_pretend() {
- if [[ ${MERGE_TYPE} != buildonly ]]; then
- if use test && has pid-sandbox ${FEATURES}; then
- ewarn "Tests are known to fail with PID sandboxing enabled."
- ewarn "See https://bugs.gentoo.org/674458."
- fi
-
- local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
- ~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
- ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
- ~TIMERFD ~TMPFS_XATTR ~UNIX
- ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
- ~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
- ~!SYSFS_DEPRECATED_V2"
-
- use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
- use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
- kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
- kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
- kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
-
- if linux_config_exists; then
- local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
- if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
- ewarn "It's recommended to set an empty value to the following kernel config option:"
- ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
- fi
- if linux_chkconfig_present X86; then
- CONFIG_CHECK+=" ~DMIID"
- fi
- fi
-
- if kernel_is -lt ${MINKV//./ }; then
- ewarn "Kernel version at least ${MINKV} required"
- fi
-
- check_extra_config
- fi
-}
-
-pkg_setup() {
- :
-}
-
-src_unpack() {
- default
- [[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
- # Do NOT add patches here
- local PATCHES=()
-
- [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
- # Add local patches here
- PATCHES+=(
- "${FILESDIR}/243-seccomp.patch"
- "${FILESDIR}/245-clang-gnu11.patch"
- )
-
- if ! use vanilla; then
- PATCHES+=(
- "${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
- "${FILESDIR}/gentoo-systemd-user-pam.patch"
- "${FILESDIR}/gentoo-generator-path-r1.patch"
- )
- fi
-
- default
-}
-
-src_configure() {
- # Prevent conflicts with i686 cross toolchain, bug 559726
- tc-export AR CC NM OBJCOPY RANLIB
-
- python_setup
-
- multilib-minimal_src_configure
-}
-
-meson_use() {
- usex "$1" true false
-}
-
-meson_multilib() {
- if multilib_is_native_abi; then
- echo true
- else
- echo false
- fi
-}
-
-meson_multilib_native_use() {
- if multilib_is_native_abi && use "$1"; then
- echo true
- else
- echo false
- fi
-}
-
-multilib_src_configure() {
- local myconf=(
- --localstatedir="${EPREFIX}/var"
- -Dsupport-url="https://gentoo.org/support/"
- -Dpamlibdir="$(getpam_mod_dir)"
- # avoid bash-completion dep
- -Dbashcompletiondir="$(get_bashcompdir)"
- # make sure we get /bin:/sbin in PATH
- -Dsplit-usr=$(usex split-usr true false)
- -Dsplit-bin=true
- -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
- -Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
- -Dsysvinit-path=
- -Dsysvrcnd-path=
- # Avoid infinite exec recursion, bug 642724
- -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
- # no deps
- -Defi=$(meson_multilib)
- -Dima=true
- -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
- # Optional components/dependencies
- -Dacl=$(meson_multilib_native_use acl)
- -Dapparmor=$(meson_multilib_native_use apparmor)
- -Daudit=$(meson_multilib_native_use audit)
- -Dlibcryptsetup=$(meson_multilib_native_use cryptsetup)
- -Dlibcurl=$(meson_multilib_native_use curl)
- -Ddns-over-tls=$(meson_multilib_native_use dns-over-tls)
- -Delfutils=$(meson_multilib_native_use elfutils)
- -Dgcrypt=$(meson_use gcrypt)
- -Dgnu-efi=$(meson_multilib_native_use gnuefi)
- -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)"
- -Dmicrohttpd=$(meson_multilib_native_use http)
- -Didn=$(meson_multilib_native_use idn)
- -Dimportd=$(meson_multilib_native_use importd)
- -Dbzip2=$(meson_multilib_native_use importd)
- -Dzlib=$(meson_multilib_native_use importd)
- -Dkmod=$(meson_multilib_native_use kmod)
- -Dlz4=$(meson_use lz4)
- -Dxz=$(meson_use lzma)
- -Dlibiptc=$(meson_multilib_native_use nat)
- -Dpam=$(meson_use pam)
- -Dpcre2=$(meson_multilib_native_use pcre)
- -Dpolkit=$(meson_multilib_native_use policykit)
- -Dqrencode=$(meson_multilib_native_use qrcode)
- -Dseccomp=$(meson_multilib_native_use seccomp)
- -Dselinux=$(meson_multilib_native_use selinux)
- -Ddbus=$(meson_multilib_native_use test)
- -Dxkbcommon=$(meson_multilib_native_use xkb)
- -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
- # Breaks screen, tmux, etc.
- -Ddefault-kill-user-processes=false
- -Dcreate-log-dirs=false
-
- # multilib options
- -Dbacklight=$(meson_multilib)
- -Dbinfmt=$(meson_multilib)
- -Dcoredump=$(meson_multilib)
- -Denvironment-d=$(meson_multilib)
- -Dfirstboot=$(meson_multilib)
- -Dhibernate=$(meson_multilib)
- -Dhostnamed=$(meson_multilib)
- -Dhwdb=$(meson_multilib)
- -Dldconfig=$(meson_multilib)
- -Dlocaled=$(meson_multilib)
- -Dman=$(meson_multilib)
- -Dnetworkd=$(meson_multilib)
- -Dquotacheck=$(meson_multilib)
- -Drandomseed=$(meson_multilib)
- -Drfkill=$(meson_multilib)
- -Dsysusers=$(meson_multilib)
- -Dtimedated=$(meson_multilib)
- -Dtimesyncd=$(meson_multilib)
- -Dtmpfiles=$(meson_multilib)
- -Dvconsole=$(meson_multilib)
-
- # static-libs
- -Dstatic-libsystemd=$(usex static-libs true false)
- -Dstatic-libudev=$(usex static-libs true false)
- )
-
- meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_compile() {
- eninja
-}
-
-multilib_src_test() {
- unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
- meson_src_test
-}
-
-multilib_src_install() {
- DESTDIR="${D}" eninja install
-}
-
-multilib_src_install_all() {
- local rootprefix=$(usex split-usr '' /usr)
-
- # meson doesn't know about docdir
- mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
-
- einstalldocs
- dodoc "${FILESDIR}"/nsswitch.conf
-
- if ! use resolvconf; then
- rm -f "${ED}${rootprefix}"/sbin/resolvconf || die
- fi
-
- if ! use sysv-utils; then
- rm "${ED}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
- rm "${ED}"/usr/share/man/man1/init.1 || die
- rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
- fi
-
- if ! use resolvconf && ! use sysv-utils; then
- rmdir "${ED}${rootprefix}"/sbin || die
- fi
-
- # Preserve empty dirs in /etc & /var, bug #437008
- keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
- keepdir /etc/kernel/install.d
- keepdir /etc/systemd/{network,system,user}
- keepdir /etc/udev/{hwdb.d,rules.d}
- keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
- keepdir /usr/lib/{binfmt.d,modules-load.d}
- keepdir /usr/lib/systemd/user-generators
- keepdir /var/lib/systemd
- keepdir /var/log/journal
-
- # Symlink /etc/sysctl.conf for easy migration.
- dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
-
- rm -r "${ED}${rootprefix}"/lib/udev/hwdb.d || die
-
- if use split-usr; then
- # Avoid breaking boot/reboot
- dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
- dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
- fi
-
- gen_usr_ldscript -a systemd udev
-}
-
-migrate_locale() {
- local envd_locale_def="${EROOT}/etc/env.d/02locale"
- local envd_locale=( "${EROOT}"/etc/env.d/??locale )
- local locale_conf="${EROOT}/etc/locale.conf"
-
- if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
- # If locale.conf does not exist...
- if [[ -e ${envd_locale} ]]; then
- # ...either copy env.d/??locale if there's one
- ebegin "Moving ${envd_locale} to ${locale_conf}"
- mv "${envd_locale}" "${locale_conf}"
- eend ${?} || FAIL=1
- else
- # ...or create a dummy default
- ebegin "Creating ${locale_conf}"
- cat > "${locale_conf}" <<-EOF
- # This file has been created by the sys-apps/systemd ebuild.
- # See locale.conf(5) and localectl(1).
-
- # LANG=${LANG}
- EOF
- eend ${?} || FAIL=1
- fi
- fi
-
- if [[ ! -L ${envd_locale} ]]; then
- # now, if env.d/??locale is not a symlink (to locale.conf)...
- if [[ -e ${envd_locale} ]]; then
- # ...warn the user that he has duplicate locale settings
- ewarn
- ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
- ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
- ewarn "and create the symlink with the following command:"
- ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
- ewarn
- else
- # ...or just create the symlink if there's nothing here
- ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
- ln -n -s ../locale.conf "${envd_locale_def}"
- eend ${?} || FAIL=1
- fi
- fi
-}
-
-save_enabled_units() {
- ENABLED_UNITS=()
- type systemctl &>/dev/null || return
- for x; do
- if systemctl --quiet --root="${ROOT:-/}" is-enabled "${x}"; then
- ENABLED_UNITS+=( "${x}" )
- fi
- done
-}
-
-pkg_preinst() {
- save_enabled_units {machines,remote-{cryptsetup,fs}}.target getty@tty1.service
-
- if ! use split-usr; then
- local dir
- for dir in bin sbin lib; do
- if [[ ! ${EROOT}/${dir} -ef ${EROOT}/usr/${dir} ]]; then
- eerror "\"${EROOT}/${dir}\" and \"${EROOT}/usr/${dir}\" are not merged."
- eerror "One of them should be a symbolic link to the other one."
- FAIL=1
- fi
- done
- if [[ ${FAIL} ]]; then
- eerror "Migration to system layout with merged directories must be performed before"
- eerror "rebuilding ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
- die "System layout with split directories still used"
- fi
- fi
-}
-
-pkg_postinst() {
- systemd_update_catalog
-
- # Keep this here in case the database format changes so it gets updated
- # when required. Despite that this file is owned by sys-apps/hwids.
- if has_version "sys-apps/hwids[udev]"; then
- udevadm hwdb --update --root="${EROOT}"
- fi
-
- udev_reload || FAIL=1
-
- # Bug 465468, make sure locales are respect, and ensure consistency
- # between OpenRC & systemd
- migrate_locale
-
- systemd_reenable systemd-networkd.service systemd-resolved.service
-
- if [[ ${ENABLED_UNITS[@]} ]]; then
- systemctl --root="${ROOT:-/}" enable "${ENABLED_UNITS[@]}"
- fi
-
- if [[ -z ${REPLACING_VERSIONS} ]]; then
- if type systemctl &>/dev/null; then
- systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
- fi
- elog "To enable a useful set of services, run the following:"
- elog " systemctl preset-all --preset-mode=enable-only"
- fi
-
- if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
- rm "${EROOT}/var/lib/systemd/timesync"
- fi
-
- if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
- ebegin "Reexecuting system manager"
- systemctl daemon-reexec
- eend $?
- fi
-
- if [[ ${FAIL} ]]; then
- eerror "One of the postinst commands failed. Please check the postinst output"
- eerror "for errors. You may need to clean up your system and/or try installing"
- eerror "systemd again."
- eerror
- fi
-}
-
-pkg_prerm() {
- # If removing systemd completely, remove the catalog database.
- if [[ ! ${REPLACED_BY_VERSION} ]]; then
- rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
- fi
-}
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2020-04-27 14:41 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2020-04-27 14:41 UTC (permalink / raw
To: gentoo-commits
commit: 4b96b826237c2ba711b79c8fa5b1980004bd5d9b
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 27 14:26:44 2020 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Apr 27 14:40:51 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b96b826
sys-apps/systemd: disable sysv init script sync
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
.../files/gentoo-systemctl-disable-sysv-sync.patch | 25 ++++++++++++++++++++++
...systemd-245-r4.ebuild => systemd-245-r5.ebuild} | 1 +
sys-apps/systemd/systemd-9999.ebuild | 1 +
3 files changed, 27 insertions(+)
diff --git a/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync.patch b/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync.patch
new file mode 100644
index 00000000000..d92d2d43a0c
--- /dev/null
+++ b/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync.patch
@@ -0,0 +1,25 @@
+From 7ccd5724afc6fa83ec6cd93dbaf4faf3671c88fc Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Mon, 27 Apr 2020 10:22:03 -0400
+Subject: [PATCH] systemctl: disable synchronizaion of sysv init scripts
+
+---
+ src/systemctl/systemctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index d319d5d375..bb8419800c 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -6622,7 +6622,7 @@ static int import_environment(int argc, char *argv[], void *userdata) {
+ static int enable_sysv_units(const char *verb, char **args) {
+ int r = 0;
+
+-#if HAVE_SYSV_COMPAT
++#if 0
+ _cleanup_(lookup_paths_free) LookupPaths paths = {};
+ unsigned f = 0;
+
+--
+2.26.2
+
diff --git a/sys-apps/systemd/systemd-245-r4.ebuild b/sys-apps/systemd/systemd-245-r5.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-245-r4.ebuild
rename to sys-apps/systemd/systemd-245-r5.ebuild
index b686b0a738b..46c7844250b 100644
--- a/sys-apps/systemd/systemd-245-r4.ebuild
+++ b/sys-apps/systemd/systemd-245-r5.ebuild
@@ -209,6 +209,7 @@ src_prepare() {
"${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
"${FILESDIR}/gentoo-systemd-user-pam.patch"
"${FILESDIR}/gentoo-generator-path-r1.patch"
+ "${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch"
)
fi
diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index c692b2d9f5d..b755eb2883e 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -208,6 +208,7 @@ src_prepare() {
"${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
"${FILESDIR}/gentoo-systemd-user-pam.patch"
"${FILESDIR}/gentoo-generator-path-r2.patch"
+ "${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch"
)
fi
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2020-04-17 16:36 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2020-04-17 16:36 UTC (permalink / raw
To: gentoo-commits
commit: 0ea30d0d62cb1a52dbc575bba34e286209e6bcc4
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 17 16:35:14 2020 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Fri Apr 17 16:35:14 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ea30d0d
sys-apps/systemd: update generator-path patch
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
.../systemd/files/gentoo-generator-path-r2.patch | 26 ++++++++++++++++++++++
sys-apps/systemd/systemd-9999.ebuild | 2 +-
2 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/sys-apps/systemd/files/gentoo-generator-path-r2.patch b/sys-apps/systemd/files/gentoo-generator-path-r2.patch
new file mode 100644
index 00000000000..46e5c1dacb8
--- /dev/null
+++ b/sys-apps/systemd/files/gentoo-generator-path-r2.patch
@@ -0,0 +1,26 @@
+From 91182cc273d2dd8325d856fd683d2d8e038abd91 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Tue, 25 Dec 2018 22:52:50 -0500
+Subject: [PATCH] path-lookup: look for generators in
+ /usr/lib/systemd/system-generators
+
+Bug: https://bugs.gentoo.org/625402
+---
+ src/basic/path-lookup.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/basic/path-lookup.c b/src/basic/path-lookup.c
+index 52968dee34..0cb10b1116 100644
+--- a/src/basic/path-lookup.c
++++ b/src/basic/path-lookup.c
+@@ -798,6 +798,7 @@ char **generator_binary_paths(UnitFileScope scope) {
+ add = strv_new("/run/systemd/system-generators",
+ "/etc/systemd/system-generators",
+ "/usr/local/lib/systemd/system-generators",
++ "/usr/lib/systemd/system-generators",
+ SYSTEM_GENERATOR_DIR);
+ break;
+
+--
+2.26.1
+
diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 79adf7db45a..dcf64e48a2a 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -207,7 +207,7 @@ src_prepare() {
PATCHES+=(
"${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
"${FILESDIR}/gentoo-systemd-user-pam.patch"
- "${FILESDIR}/gentoo-generator-path-r1.patch"
+ "${FILESDIR}/gentoo-generator-path-r2.patch"
)
fi
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2020-02-06 15:24 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2020-02-06 15:24 UTC (permalink / raw
To: gentoo-commits
commit: 1f550c46e58f6d48b6072f50097e1c6d44a30485
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 6 15:24:08 2020 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Feb 6 15:24:08 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f550c46
sys-apps/systemd: fix segfault in systemd-sysctl
Closes: https://bugs.gentoo.org/708462
Package-Manager: Portage-2.3.86_p1, Repoman-2.3.20_p43
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
.../systemd/files/245-rc1-sysctl-segfault.patch | 23 ++++++++++++++++++++++
...md-245_rc1.ebuild => systemd-245_rc1-r1.ebuild} | 1 +
2 files changed, 24 insertions(+)
diff --git a/sys-apps/systemd/files/245-rc1-sysctl-segfault.patch b/sys-apps/systemd/files/245-rc1-sysctl-segfault.patch
new file mode 100644
index 00000000000..7618b2deba5
--- /dev/null
+++ b/sys-apps/systemd/files/245-rc1-sysctl-segfault.patch
@@ -0,0 +1,23 @@
+From db99904bc8482efe556bb010a8b203a3e60ee37f Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Thu, 6 Feb 2020 19:13:11 +0900
+Subject: [PATCH] sysctl: fix segfault
+
+Fixes #14801.
+---
+ src/sysctl/sysctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/sysctl/sysctl.c b/src/sysctl/sysctl.c
+index bbcf0c43235..0cdb740d218 100644
+--- a/src/sysctl/sysctl.c
++++ b/src/sysctl/sysctl.c
+@@ -257,7 +257,7 @@ static int parse_file(OrderedHashmap **sysctl_options, const char *path, bool ig
+
+ existing = ordered_hashmap_get(*sysctl_options, p);
+ if (existing) {
+- if (streq(value, existing->value)) {
++ if (streq_ptr(value, existing->value)) {
+ existing->ignore_failure = existing->ignore_failure || ignore_failure;
+ continue;
+ }
diff --git a/sys-apps/systemd/systemd-245_rc1.ebuild b/sys-apps/systemd/systemd-245_rc1-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-245_rc1.ebuild
rename to sys-apps/systemd/systemd-245_rc1-r1.ebuild
index 7bb75c3ee62..e889210fcbd 100644
--- a/sys-apps/systemd/systemd-245_rc1.ebuild
+++ b/sys-apps/systemd/systemd-245_rc1-r1.ebuild
@@ -186,6 +186,7 @@ src_prepare() {
# Add local patches here
PATCHES+=(
"${FILESDIR}"/245-rc1-network-debug.patch
+ "${FILESDIR}"/245-rc1-sysctl-segfault.patch
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2020-02-05 18:24 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2020-02-05 18:24 UTC (permalink / raw
To: gentoo-commits
commit: 7b8918d1047cd2b707ea43dc1d7afcceb761f789
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 5 18:23:54 2020 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Feb 5 18:23:54 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b8918d1
sys-apps/systemd: bump to 245-rc1
Package-Manager: Portage-2.3.86_p1, Repoman-2.3.20_p43
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-apps/systemd/Manifest | 1 +
sys-apps/systemd/files/245-rc1-network-debug.patch | 45 ++
sys-apps/systemd/systemd-245_rc1.ebuild | 500 +++++++++++++++++++++
3 files changed, 546 insertions(+)
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index ca6af94c9ac..447ac0b12db 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,2 +1,3 @@
DIST systemd-243.tar.gz 8242522 BLAKE2B 89e3ebbea5a99061329f7c78220a66c1e075d5ba90dfdf5ee8d0d9b762ef4600dc82d8ca2054632e5e343b6272cd8046c92f7f99dcfa8287c5ef2b42fb96d4cb SHA512 56b52a297aa5ac04d9667eb3afb1598725b197de73ff72baa1aabbc2844e36fba7b7fccdf6d214ae8b5b926616b2b7e15772763aaa80ec938d74333ff9c8673e
DIST systemd-244.tar.gz 8445963 BLAKE2B 19751fb9c058a079694ee1b991259fd3f1fa30ae98ca38bbe8caadfc5628db7848c7f742a1b11781fbd67f911adda917d7a4da1dddb63064907f86f47e5a3256 SHA512 08f260fb15b5eb273faafda826dd9154e9a02841b4c5911cc1c7e1445072ad51389f8cced7b9acf112737c20fd56b2fbf48b3f914733c934c774d38a23b616fb
+DIST systemd-245-rc1.tar.gz 8961356 BLAKE2B ed04166ead57c2f1cc1a1ca2f0041cae134b503d3448ea9fdd799e12d81f45721ee304d4aabd96d3eab8ea1321b283820e8d2a850b41733e40f07fd419f67b95 SHA512 2ef9a295f3897c6642a2fac2e3c73467ece9bc6fc196cc4f3707b9c23af2581eb9f74def78909d57513b67604bf1cf6dc5dbb31c6d435f7997677d09a73d006b
diff --git a/sys-apps/systemd/files/245-rc1-network-debug.patch b/sys-apps/systemd/files/245-rc1-network-debug.patch
new file mode 100644
index 00000000000..e65035f2185
--- /dev/null
+++ b/sys-apps/systemd/files/245-rc1-network-debug.patch
@@ -0,0 +1,45 @@
+From 01ec0028d97fa97d2e433659e24a1517b0e2382e Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Wed, 5 Feb 2020 11:04:50 -0500
+Subject: [PATCH] network: remove unnecessary link->ifname from debug log
+ statements
+
+Since 98b0299479a68ffd414888368907fc776a46b82a, we log the interface
+name automatically via log_link_debug().
+
+Fixes: https://github.com/systemd/systemd/issues/14782
+---
+ src/network/networkd-dhcp-server.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/network/networkd-dhcp-server.c b/src/network/networkd-dhcp-server.c
+index a6dbe2e596c..bee75a6930e 100644
+--- a/src/network/networkd-dhcp-server.c
++++ b/src/network/networkd-dhcp-server.c
+@@ -45,7 +45,7 @@ static int link_push_uplink_dns_to_dhcp_server(Link *link, sd_dhcp_server *s) {
+ size_t n_addresses = 0, n_allocated = 0;
+ unsigned i;
+
+- log_link_debug(link, "Copying DNS server information from %s", link->ifname);
++ log_link_debug(link, "Copying DNS server information from link");
+
+ if (!link->network)
+ return 0;
+@@ -99,7 +99,7 @@ static int link_push_uplink_ntp_to_dhcp_server(Link *link, sd_dhcp_server *s) {
+ if (!link->network)
+ return 0;
+
+- log_link_debug(link, "Copying NTP server information from %s", link->ifname);
++ log_link_debug(link, "Copying NTP server information from link");
+
+ STRV_FOREACH(a, link->network->ntp) {
+ union in_addr_union ia;
+@@ -148,7 +148,7 @@ static int link_push_uplink_sip_to_dhcp_server(Link *link, sd_dhcp_server *s) {
+ if (!link->network)
+ return 0;
+
+- log_link_debug(link, "Copying SIP server information from %s", link->ifname);
++ log_link_debug(link, "Copying SIP server information from link");
+
+ STRV_FOREACH(a, link->network->sip) {
+ union in_addr_union ia;
diff --git a/sys-apps/systemd/systemd-245_rc1.ebuild b/sys-apps/systemd/systemd-245_rc1.ebuild
new file mode 100644
index 00000000000..7bb75c3ee62
--- /dev/null
+++ b/sys-apps/systemd/systemd-245_rc1.ebuild
@@ -0,0 +1,500 @@
+# Copyright 2011-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+if [[ ${PV} == 9999 ]]; then
+ EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+ inherit git-r3
+else
+ MY_PV=${PV/_/-}
+ MY_P=${PN}-${MY_PV}
+ S=${WORKDIR}/${MY_P}
+ SRC_URI="https://github.com/systemd/systemd/archive/v${MY_PV}/${MY_P}.tar.gz"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+fi
+
+PYTHON_COMPAT=( python{3_6,3_7} )
+
+inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev usr-ldscript
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi http idn importd +kmod +lz4 lzma nat pam pcre policykit qrcode +resolvconf +seccomp selinux split-usr static-libs +sysv-utils test vanilla xkb"
+
+REQUIRED_USE="importd? ( curl gcrypt lzma )"
+RESTRICT="!test? ( test )"
+
+MINKV="3.11"
+
+COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+ sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+ !<sys-libs/glibc-2.16
+ acl? ( sys-apps/acl:0= )
+ apparmor? ( sys-libs/libapparmor:0= )
+ audit? ( >=sys-process/audit-2:0= )
+ cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
+ curl? ( net-misc/curl:0= )
+ dns-over-tls? ( >=net-libs/gnutls-3.5.3:0= )
+ elfutils? ( >=dev-libs/elfutils-0.158:0= )
+ gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+ http? (
+ >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)]
+ >=net-libs/gnutls-3.1.4:0=
+ )
+ idn? ( net-dns/libidn2:= )
+ importd? (
+ app-arch/bzip2:0=
+ sys-libs/zlib:0=
+ )
+ kmod? ( >=sys-apps/kmod-15:0= )
+ lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+ nat? ( net-firewall/iptables:0= )
+ pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
+ pcre? ( dev-libs/libpcre2 )
+ qrcode? ( media-gfx/qrencode:0= )
+ seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+ selinux? ( sys-libs/libselinux:0= )
+ xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+ >=sys-kernel/linux-headers-${MINKV}
+ gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
+"
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+ acct-group/adm
+ acct-group/wheel
+ acct-group/kmem
+ acct-group/tty
+ acct-group/utmp
+ acct-group/audio
+ acct-group/cdrom
+ acct-group/dialout
+ acct-group/disk
+ acct-group/input
+ acct-group/kvm
+ acct-group/render
+ acct-group/tape
+ acct-group/video
+ acct-group/systemd-journal
+ acct-user/systemd-journal-remote
+ acct-user/systemd-coredump
+ acct-user/systemd-network
+ acct-user/systemd-resolve
+ acct-user/systemd-timesync
+ >=sys-apps/baselayout-2.2
+ selinux? ( sec-policy/selinux-base-policy[systemd] )
+ sysv-utils? ( !sys-apps/sysvinit )
+ !sysv-utils? ( sys-apps/sysvinit )
+ resolvconf? ( !net-dns/openresolv )
+ !build? ( || (
+ sys-apps/util-linux[kill(-)]
+ sys-process/procps[kill(+)]
+ sys-apps/coreutils[kill(-)]
+ ) )
+ !sys-auth/nss-myhostname
+ !<sys-kernel/dracut-044
+ !sys-fs/eudev
+ !sys-fs/udev
+"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+ >=sys-apps/hwids-20150417[udev]
+ >=sys-fs/udev-init-scripts-25
+ policykit? ( sys-auth/polkit )
+ !vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+BDEPEND="
+ app-arch/xz-utils:0
+ dev-util/gperf
+ >=dev-util/meson-0.46
+ >=dev-util/intltool-0.50
+ >=sys-apps/coreutils-8.16
+ sys-devel/m4
+ virtual/pkgconfig[${MULTILIB_USEDEP}]
+ test? ( sys-apps/dbus )
+ app-text/docbook-xml-dtd:4.2
+ app-text/docbook-xml-dtd:4.5
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt:0
+ $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
+"
+
+pkg_pretend() {
+ if [[ ${MERGE_TYPE} != buildonly ]]; then
+ if use test && has pid-sandbox ${FEATURES}; then
+ ewarn "Tests are known to fail with PID sandboxing enabled."
+ ewarn "See https://bugs.gentoo.org/674458."
+ fi
+
+ local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
+ ~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+ ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+ ~TIMERFD ~TMPFS_XATTR ~UNIX
+ ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+ ~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+ ~!SYSFS_DEPRECATED_V2"
+
+ use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+ use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+ kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
+ kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
+ kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
+
+ if linux_config_exists; then
+ local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+ if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+ ewarn "It's recommended to set an empty value to the following kernel config option:"
+ ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+ fi
+ if linux_chkconfig_present X86; then
+ CONFIG_CHECK+=" ~DMIID"
+ fi
+ fi
+
+ if kernel_is -lt ${MINKV//./ }; then
+ ewarn "Kernel version at least ${MINKV} required"
+ fi
+
+ check_extra_config
+ fi
+}
+
+pkg_setup() {
+ :
+}
+
+src_unpack() {
+ default
+ [[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+ # Do NOT add patches here
+ local PATCHES=()
+
+ [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
+
+ # Add local patches here
+ PATCHES+=(
+ "${FILESDIR}"/245-rc1-network-debug.patch
+ )
+
+ if ! use vanilla; then
+ PATCHES+=(
+ "${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
+ "${FILESDIR}/gentoo-systemd-user-pam.patch"
+ "${FILESDIR}/gentoo-generator-path-r1.patch"
+ )
+ fi
+
+ default
+}
+
+src_configure() {
+ # Prevent conflicts with i686 cross toolchain, bug 559726
+ tc-export AR CC NM OBJCOPY RANLIB
+
+ python_setup
+
+ multilib-minimal_src_configure
+}
+
+meson_use() {
+ usex "$1" true false
+}
+
+meson_multilib() {
+ if multilib_is_native_abi; then
+ echo true
+ else
+ echo false
+ fi
+}
+
+meson_multilib_native_use() {
+ if multilib_is_native_abi && use "$1"; then
+ echo true
+ else
+ echo false
+ fi
+}
+
+multilib_src_configure() {
+ local myconf=(
+ --localstatedir="${EPREFIX}/var"
+ -Dsupport-url="https://gentoo.org/support/"
+ -Dpamlibdir="$(getpam_mod_dir)"
+ # avoid bash-completion dep
+ -Dbashcompletiondir="$(get_bashcompdir)"
+ # make sure we get /bin:/sbin in PATH
+ -Dsplit-usr=$(usex split-usr true false)
+ -Dsplit-bin=true
+ -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
+ -Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
+ -Dsysvinit-path=
+ -Dsysvrcnd-path=
+ # Avoid infinite exec recursion, bug 642724
+ -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+ # no deps
+ -Dima=true
+ -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
+ # Optional components/dependencies
+ -Dacl=$(meson_multilib_native_use acl)
+ -Dapparmor=$(meson_multilib_native_use apparmor)
+ -Daudit=$(meson_multilib_native_use audit)
+ -Dlibcryptsetup=$(meson_multilib_native_use cryptsetup)
+ -Dlibcurl=$(meson_multilib_native_use curl)
+ -Ddns-over-tls=$(meson_multilib_native_use dns-over-tls)
+ -Delfutils=$(meson_multilib_native_use elfutils)
+ -Dgcrypt=$(meson_use gcrypt)
+ -Dgnu-efi=$(meson_multilib_native_use gnuefi)
+ -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)"
+ -Dmicrohttpd=$(meson_multilib_native_use http)
+ -Didn=$(meson_multilib_native_use idn)
+ -Dimportd=$(meson_multilib_native_use importd)
+ -Dbzip2=$(meson_multilib_native_use importd)
+ -Dzlib=$(meson_multilib_native_use importd)
+ -Dkmod=$(meson_multilib_native_use kmod)
+ -Dlz4=$(meson_use lz4)
+ -Dxz=$(meson_use lzma)
+ -Dlibiptc=$(meson_multilib_native_use nat)
+ -Dpam=$(meson_use pam)
+ -Dpcre2=$(meson_multilib_native_use pcre)
+ -Dpolkit=$(meson_multilib_native_use policykit)
+ -Dqrencode=$(meson_multilib_native_use qrcode)
+ -Dseccomp=$(meson_multilib_native_use seccomp)
+ -Dselinux=$(meson_multilib_native_use selinux)
+ -Ddbus=$(meson_multilib_native_use test)
+ -Dxkbcommon=$(meson_multilib_native_use xkb)
+ -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+ # Breaks screen, tmux, etc.
+ -Ddefault-kill-user-processes=false
+ -Dcreate-log-dirs=false
+
+ # multilib options
+ -Dbacklight=$(meson_multilib)
+ -Dbinfmt=$(meson_multilib)
+ -Dcoredump=$(meson_multilib)
+ -Denvironment-d=$(meson_multilib)
+ -Dfirstboot=$(meson_multilib)
+ -Dhibernate=$(meson_multilib)
+ -Dhostnamed=$(meson_multilib)
+ -Dhwdb=$(meson_multilib)
+ -Dldconfig=$(meson_multilib)
+ -Dlocaled=$(meson_multilib)
+ -Dman=$(meson_multilib)
+ -Dnetworkd=$(meson_multilib)
+ -Dquotacheck=$(meson_multilib)
+ -Drandomseed=$(meson_multilib)
+ -Drfkill=$(meson_multilib)
+ -Dsysusers=$(meson_multilib)
+ -Dtimedated=$(meson_multilib)
+ -Dtimesyncd=$(meson_multilib)
+ -Dtmpfiles=$(meson_multilib)
+ -Dvconsole=$(meson_multilib)
+
+ # static-libs
+ -Dstatic-libsystemd=$(usex static-libs true false)
+ -Dstatic-libudev=$(usex static-libs true false)
+ )
+
+ meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_compile() {
+ eninja
+}
+
+multilib_src_test() {
+ unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
+ meson_src_test
+}
+
+multilib_src_install() {
+ DESTDIR="${D}" eninja install
+}
+
+multilib_src_install_all() {
+ local rootprefix=$(usex split-usr '' /usr)
+
+ # meson doesn't know about docdir
+ mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
+
+ einstalldocs
+ dodoc "${FILESDIR}"/nsswitch.conf
+
+ if ! use resolvconf; then
+ rm -f "${ED}${rootprefix}"/sbin/resolvconf || die
+ fi
+
+ if ! use sysv-utils; then
+ rm "${ED}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
+ rm "${ED}"/usr/share/man/man1/init.1 || die
+ rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
+ fi
+
+ if ! use resolvconf && ! use sysv-utils; then
+ rmdir "${ED}${rootprefix}"/sbin || die
+ fi
+
+ # Preserve empty dirs in /etc & /var, bug #437008
+ keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+ keepdir /etc/kernel/install.d
+ keepdir /etc/systemd/{network,system,user}
+ keepdir /etc/udev/{hwdb.d,rules.d}
+ keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
+ keepdir /usr/lib/{binfmt.d,modules-load.d}
+ keepdir /usr/lib/systemd/user-generators
+ keepdir /var/lib/systemd
+ keepdir /var/log/journal
+
+ # Symlink /etc/sysctl.conf for easy migration.
+ dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
+
+ rm -r "${ED}${rootprefix}"/lib/udev/hwdb.d || die
+
+ if use split-usr; then
+ # Avoid breaking boot/reboot
+ dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
+ dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
+ fi
+
+ gen_usr_ldscript -a systemd udev
+}
+
+migrate_locale() {
+ local envd_locale_def="${EROOT}/etc/env.d/02locale"
+ local envd_locale=( "${EROOT}"/etc/env.d/??locale )
+ local locale_conf="${EROOT}/etc/locale.conf"
+
+ if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+ # If locale.conf does not exist...
+ if [[ -e ${envd_locale} ]]; then
+ # ...either copy env.d/??locale if there's one
+ ebegin "Moving ${envd_locale} to ${locale_conf}"
+ mv "${envd_locale}" "${locale_conf}"
+ eend ${?} || FAIL=1
+ else
+ # ...or create a dummy default
+ ebegin "Creating ${locale_conf}"
+ cat > "${locale_conf}" <<-EOF
+ # This file has been created by the sys-apps/systemd ebuild.
+ # See locale.conf(5) and localectl(1).
+
+ # LANG=${LANG}
+ EOF
+ eend ${?} || FAIL=1
+ fi
+ fi
+
+ if [[ ! -L ${envd_locale} ]]; then
+ # now, if env.d/??locale is not a symlink (to locale.conf)...
+ if [[ -e ${envd_locale} ]]; then
+ # ...warn the user that he has duplicate locale settings
+ ewarn
+ ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+ ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+ ewarn "and create the symlink with the following command:"
+ ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+ ewarn
+ else
+ # ...or just create the symlink if there's nothing here
+ ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+ ln -n -s ../locale.conf "${envd_locale_def}"
+ eend ${?} || FAIL=1
+ fi
+ fi
+}
+
+save_enabled_units() {
+ ENABLED_UNITS=()
+ type systemctl &>/dev/null || return
+ for x; do
+ if systemctl --quiet --root="${ROOT:-/}" is-enabled "${x}"; then
+ ENABLED_UNITS+=( "${x}" )
+ fi
+ done
+}
+
+pkg_preinst() {
+ save_enabled_units {machines,remote-{cryptsetup,fs}}.target getty@tty1.service
+
+ if ! use split-usr; then
+ local dir
+ for dir in bin sbin lib; do
+ if [[ ! ${EROOT}/${dir} -ef ${EROOT}/usr/${dir} ]]; then
+ eerror "\"${EROOT}/${dir}\" and \"${EROOT}/usr/${dir}\" are not merged."
+ eerror "One of them should be a symbolic link to the other one."
+ FAIL=1
+ fi
+ done
+ if [[ ${FAIL} ]]; then
+ eerror "Migration to system layout with merged directories must be performed before"
+ eerror "rebuilding ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
+ die "System layout with split directories still used"
+ fi
+ fi
+}
+
+pkg_postinst() {
+ systemd_update_catalog
+
+ # Keep this here in case the database format changes so it gets updated
+ # when required. Despite that this file is owned by sys-apps/hwids.
+ if has_version "sys-apps/hwids[udev]"; then
+ udevadm hwdb --update --root="${EROOT}"
+ fi
+
+ udev_reload || FAIL=1
+
+ # Bug 465468, make sure locales are respect, and ensure consistency
+ # between OpenRC & systemd
+ migrate_locale
+
+ systemd_reenable systemd-networkd.service systemd-resolved.service
+
+ if [[ ${ENABLED_UNITS[@]} ]]; then
+ systemctl --root="${ROOT:-/}" enable "${ENABLED_UNITS[@]}"
+ fi
+
+ if [[ -z ${REPLACING_VERSIONS} ]]; then
+ if type systemctl &>/dev/null; then
+ systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
+ fi
+ elog "To enable a useful set of services, run the following:"
+ elog " systemctl preset-all --preset-mode=enable-only"
+ fi
+
+ if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
+ rm "${EROOT}/var/lib/systemd/timesync"
+ fi
+
+ if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
+ ebegin "Reexecuting system manager"
+ systemctl daemon-reexec
+ eend $?
+ fi
+
+ if [[ ${FAIL} ]]; then
+ eerror "One of the postinst commands failed. Please check the postinst output"
+ eerror "for errors. You may need to clean up your system and/or try installing"
+ eerror "systemd again."
+ eerror
+ fi
+}
+
+pkg_prerm() {
+ # If removing systemd completely, remove the catalog database.
+ if [[ ! ${REPLACED_BY_VERSION} ]]; then
+ rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+ fi
+}
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2019-11-17 19:56 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2019-11-17 19:56 UTC (permalink / raw
To: gentoo-commits
commit: 6b544a541f106150ecca3b94bee639792b55733c
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 17 19:56:11 2019 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Nov 17 19:56:11 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b544a54
sys-apps/systemd: backport seccomp build fix
Closes: https://bugs.gentoo.org/700200
Package-Manager: Portage-2.3.79_p3, Repoman-2.3.18_p2
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-apps/systemd/files/243-seccomp.patch | 145 +++++++++++++++++++++++++++++++
sys-apps/systemd/systemd-243-r2.ebuild | 1 +
2 files changed, 146 insertions(+)
diff --git a/sys-apps/systemd/files/243-seccomp.patch b/sys-apps/systemd/files/243-seccomp.patch
new file mode 100644
index 00000000000..88b129f7722
--- /dev/null
+++ b/sys-apps/systemd/files/243-seccomp.patch
@@ -0,0 +1,145 @@
+From 4df8fe8415eaf4abd5b93c3447452547c6ea9e5f Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 14 Nov 2019 17:51:30 +0100
+Subject: [PATCH] seccomp: more comprehensive protection against libseccomp's
+ __NR_xyz namespace invasion
+
+A follow-up for 59b657296a2fe104f112b91bbf9301724067cc81, adding the
+same conditioning for all cases of our __NR_xyz use.
+
+Fixes: #14031
+---
+ src/basic/missing_syscall.h | 10 +++++-----
+ src/test/test-seccomp.c | 19 ++++++++++---------
+ 2 files changed, 15 insertions(+), 14 deletions(-)
+
+diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h
+index 6d9b12544d..1255d8b197 100644
+--- a/src/basic/missing_syscall.h
++++ b/src/basic/missing_syscall.h
+@@ -274,7 +274,7 @@ static inline int missing_renameat2(int oldfd, const char *oldname, int newfd, c
+
+ #if !HAVE_KCMP
+ static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned long idx1, unsigned long idx2) {
+-# ifdef __NR_kcmp
++# if defined __NR_kcmp && __NR_kcmp > 0
+ return syscall(__NR_kcmp, pid1, pid2, type, idx1, idx2);
+ # else
+ errno = ENOSYS;
+@@ -289,7 +289,7 @@ static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned long i
+
+ #if !HAVE_KEYCTL
+ static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) {
+-# ifdef __NR_keyctl
++# if defined __NR_keyctl && __NR_keyctl > 0
+ return syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5);
+ # else
+ errno = ENOSYS;
+@@ -300,7 +300,7 @@ static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg
+ }
+
+ static inline key_serial_t missing_add_key(const char *type, const char *description, const void *payload, size_t plen, key_serial_t ringid) {
+-# ifdef __NR_add_key
++# if defined __NR_add_key && __NR_add_key > 0
+ return syscall(__NR_add_key, type, description, payload, plen, ringid);
+ # else
+ errno = ENOSYS;
+@@ -311,7 +311,7 @@ static inline key_serial_t missing_add_key(const char *type, const char *descrip
+ }
+
+ static inline key_serial_t missing_request_key(const char *type, const char *description, const char * callout_info, key_serial_t destringid) {
+-# ifdef __NR_request_key
++# if defined __NR_request_key && __NR_request_key > 0
+ return syscall(__NR_request_key, type, description, callout_info, destringid);
+ # else
+ errno = ENOSYS;
+@@ -496,7 +496,7 @@ enum {
+ static inline long missing_set_mempolicy(int mode, const unsigned long *nodemask,
+ unsigned long maxnode) {
+ long i;
+-# ifdef __NR_set_mempolicy
++# if defined __NR_set_mempolicy && __NR_set_mempolicy > 0
+ i = syscall(__NR_set_mempolicy, mode, nodemask, maxnode);
+ # else
+ errno = ENOSYS;
+diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
+index 018c20f8be..c6692043fe 100644
+--- a/src/test/test-seccomp.c
++++ b/src/test/test-seccomp.c
+@@ -28,7 +28,8 @@
+ #include "tmpfile-util.h"
+ #include "virt.h"
+
+-#if SCMP_SYS(socket) < 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__)
++/* __NR_socket may be invalid due to libseccomp */
++#if !defined(__NR_socket) || __NR_socket <= 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__)
+ /* On these archs, socket() is implemented via the socketcall() syscall multiplexer,
+ * and we can't restrict it hence via seccomp. */
+ # define SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN 1
+@@ -304,14 +305,14 @@ static void test_protect_sysctl(void) {
+ assert_se(pid >= 0);
+
+ if (pid == 0) {
+-#if __NR__sysctl > 0
++#if defined __NR__sysctl && __NR__sysctl > 0
+ assert_se(syscall(__NR__sysctl, NULL) < 0);
+ assert_se(errno == EFAULT);
+ #endif
+
+ assert_se(seccomp_protect_sysctl() >= 0);
+
+-#if __NR__sysctl > 0
++#if defined __NR__sysctl && __NR__sysctl > 0
+ assert_se(syscall(__NR__sysctl, 0, 0, 0) < 0);
+ assert_se(errno == EPERM);
+ #endif
+@@ -640,7 +641,7 @@ static void test_load_syscall_filter_set_raw(void) {
+ assert_se(poll(NULL, 0, 0) == 0);
+
+ assert_se(s = hashmap_new(NULL));
+-#if SCMP_SYS(access) >= 0
++#if defined __NR_access && __NR_access > 0
+ assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(-1)) >= 0);
+ #else
+ assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(-1)) >= 0);
+@@ -656,7 +657,7 @@ static void test_load_syscall_filter_set_raw(void) {
+ s = hashmap_free(s);
+
+ assert_se(s = hashmap_new(NULL));
+-#if SCMP_SYS(access) >= 0
++#if defined __NR_access && __NR_access > 0
+ assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(EILSEQ)) >= 0);
+ #else
+ assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(EILSEQ)) >= 0);
+@@ -672,7 +673,7 @@ static void test_load_syscall_filter_set_raw(void) {
+ s = hashmap_free(s);
+
+ assert_se(s = hashmap_new(NULL));
+-#if SCMP_SYS(poll) >= 0
++#if defined __NR_poll && __NR_poll > 0
+ assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(-1)) >= 0);
+ #else
+ assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(-1)) >= 0);
+@@ -689,7 +690,7 @@ static void test_load_syscall_filter_set_raw(void) {
+ s = hashmap_free(s);
+
+ assert_se(s = hashmap_new(NULL));
+-#if SCMP_SYS(poll) >= 0
++#if defined __NR_poll && __NR_poll > 0
+ assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(EILSEQ)) >= 0);
+ #else
+ assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(EILSEQ)) >= 0);
+@@ -767,8 +768,8 @@ static int real_open(const char *path, int flags, mode_t mode) {
+ * testing purposes that calls the real syscall, on architectures where SYS_open is defined. On
+ * other architectures, let's just fall back to the glibc call. */
+
+-#ifdef SYS_open
+- return (int) syscall(SYS_open, path, flags, mode);
++#if defined __NR_open && __NR_open > 0
++ return (int) syscall(__NR_open, path, flags, mode);
+ #else
+ return open(path, flags, mode);
+ #endif
+--
+2.24.0
+
diff --git a/sys-apps/systemd/systemd-243-r2.ebuild b/sys-apps/systemd/systemd-243-r2.ebuild
index bb30df33710..1b32293a17b 100644
--- a/sys-apps/systemd/systemd-243-r2.ebuild
+++ b/sys-apps/systemd/systemd-243-r2.ebuild
@@ -185,6 +185,7 @@ src_prepare() {
# Add local patches here
PATCHES+=(
+ "${FILESDIR}/243-seccomp.patch"
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2019-08-11 16:28 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2019-08-11 16:28 UTC (permalink / raw
To: gentoo-commits
commit: 35dcfcc83b7e325672f9167b5417d67deb4e3270
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 11 16:27:41 2019 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Aug 11 16:27:41 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35dcfcc8
sys-apps/systemd: backport fixes
Closes: https://bugs.gentoo.org/691232
Closes: https://bugs.gentoo.org/691280
Closes: https://bugs.gentoo.org/691502
Package-Manager: Portage-2.3.71, Repoman-2.3.16_p24
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-apps/systemd/files/243-rc1-cryptsetup.patch | 148 +++++++++++++++++++++
...243-rc1-revert-logind-remove-unused-check.patch | 31 +++++
.../systemd/files/243-rc1-udev-properties.patch | 53 ++++++++
...243_rc1-r1.ebuild => systemd-243_rc1-r2.ebuild} | 3 +
4 files changed, 235 insertions(+)
diff --git a/sys-apps/systemd/files/243-rc1-cryptsetup.patch b/sys-apps/systemd/files/243-rc1-cryptsetup.patch
new file mode 100644
index 00000000000..e922d4d29cb
--- /dev/null
+++ b/sys-apps/systemd/files/243-rc1-cryptsetup.patch
@@ -0,0 +1,148 @@
+From f4ea8432e67110b73b07dd0e47a5339d83b350fb Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 31 Jul 2019 09:38:15 +0200
+Subject: [PATCH] cryptsetup-generator: fix coverity issue
+
+Fixes coverity issue 1403772
+---
+ src/cryptsetup/cryptsetup-generator.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
+index c51bb9ae189..960f4762b7d 100644
+--- a/src/cryptsetup/cryptsetup-generator.c
++++ b/src/cryptsetup/cryptsetup-generator.c
+@@ -46,30 +46,30 @@ STATIC_DESTRUCTOR_REGISTER(arg_disks, hashmap_freep);
+ STATIC_DESTRUCTOR_REGISTER(arg_default_options, freep);
+ STATIC_DESTRUCTOR_REGISTER(arg_default_keyfile, freep);
+
+-static int split_keyspec(const char *keyspec, char **keyfile, char **keydev) {
++static int split_keyspec(const char *keyspec, char **ret_keyfile, char **ret_keydev) {
+ _cleanup_free_ char *kfile = NULL, *kdev = NULL;
+- char *c;
++ const char *c;
+
+ assert(keyspec);
+- assert(keyfile);
+- assert(keydev);
++ assert(ret_keyfile);
++ assert(ret_keydev);
+
+ c = strrchr(keyspec, ':');
+ if (c) {
+ kfile = strndup(keyspec, c-keyspec);
+ kdev = strdup(c + 1);
+- if (!*kfile || !*kdev)
++ if (!kfile || !kdev)
+ return log_oom();
+ } else {
+ /* No keydev specified */
+ kfile = strdup(keyspec);
+ kdev = NULL;
+- if (!*kfile)
++ if (!kfile)
+ return log_oom();
+ }
+
+- *keyfile = TAKE_PTR(kfile);
+- *keydev = TAKE_PTR(kdev);
++ *ret_keyfile = TAKE_PTR(kfile);
++ *ret_keydev = TAKE_PTR(kdev);
+
+ return 0;
+ }
+From 5d2100dc4c32abbce4109e75cbfbbef6e1b2b7b1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 1 Aug 2019 08:13:13 +0200
+Subject: [PATCH] cryptsetup: use unabbrieviated variable names
+
+Now that "ret_" has been added to the output variables, we can name
+the internal variables without artificial abbrevs.
+---
+ src/cryptsetup/cryptsetup-generator.c | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
+index 960f4762b7d..84483143945 100644
+--- a/src/cryptsetup/cryptsetup-generator.c
++++ b/src/cryptsetup/cryptsetup-generator.c
+@@ -47,7 +47,7 @@ STATIC_DESTRUCTOR_REGISTER(arg_default_options, freep);
+ STATIC_DESTRUCTOR_REGISTER(arg_default_keyfile, freep);
+
+ static int split_keyspec(const char *keyspec, char **ret_keyfile, char **ret_keydev) {
+- _cleanup_free_ char *kfile = NULL, *kdev = NULL;
++ _cleanup_free_ char *keyfile = NULL, *keydev = NULL;
+ const char *c;
+
+ assert(keyspec);
+@@ -56,20 +56,20 @@ static int split_keyspec(const char *keyspec, char **ret_keyfile, char **ret_key
+
+ c = strrchr(keyspec, ':');
+ if (c) {
+- kfile = strndup(keyspec, c-keyspec);
+- kdev = strdup(c + 1);
+- if (!kfile || !kdev)
++ keyfile = strndup(keyspec, c-keyspec);
++ keydev = strdup(c + 1);
++ if (!keyfile || !keydev)
+ return log_oom();
+ } else {
+ /* No keydev specified */
+- kfile = strdup(keyspec);
+- kdev = NULL;
+- if (!kfile)
++ keyfile = strdup(keyspec);
++ keydev = NULL;
++ if (!keyfile)
+ return log_oom();
+ }
+
+- *ret_keyfile = TAKE_PTR(kfile);
+- *ret_keydev = TAKE_PTR(kdev);
++ *ret_keyfile = TAKE_PTR(keyfile);
++ *ret_keydev = TAKE_PTR(keydev);
+
+ return 0;
+ }
+From fef716b28be6e866b8afe995805d5ebe2af6bbfa Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 1 Aug 2019 08:15:43 +0200
+Subject: [PATCH] cryptsetup: don't assert on variable which is optional
+
+https://github.com/systemd/systemd/commit/50d2eba27b9bfc77ef6b40e5721713846815418b#commitcomment-34519739
+
+In add_crypttab_devices() split_keyspec is called on the keyfile argument,
+which may be NULL.
+---
+ src/cryptsetup/cryptsetup-generator.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
+index 84483143945..4815ded753f 100644
+--- a/src/cryptsetup/cryptsetup-generator.c
++++ b/src/cryptsetup/cryptsetup-generator.c
+@@ -50,10 +50,14 @@ static int split_keyspec(const char *keyspec, char **ret_keyfile, char **ret_key
+ _cleanup_free_ char *keyfile = NULL, *keydev = NULL;
+ const char *c;
+
+- assert(keyspec);
+ assert(ret_keyfile);
+ assert(ret_keydev);
+
++ if (!keyspec) {
++ *ret_keyfile = *ret_keydev = NULL;
++ return 0;
++ }
++
+ c = strrchr(keyspec, ':');
+ if (c) {
+ keyfile = strndup(keyspec, c-keyspec);
+@@ -567,7 +571,7 @@ static int add_crypttab_devices(void) {
+ }
+
+ for (;;) {
+- _cleanup_free_ char *line = NULL, *name = NULL, *device = NULL, *keydev = NULL, *keyfile = NULL, *keyspec = NULL, *options = NULL;
++ _cleanup_free_ char *line = NULL, *name = NULL, *device = NULL, *keyspec = NULL, *options = NULL, *keyfile = NULL, *keydev = NULL;
+ crypto_device *d = NULL;
+ char *l, *uuid;
+ int k;
diff --git a/sys-apps/systemd/files/243-rc1-revert-logind-remove-unused-check.patch b/sys-apps/systemd/files/243-rc1-revert-logind-remove-unused-check.patch
new file mode 100644
index 00000000000..30a20c17661
--- /dev/null
+++ b/sys-apps/systemd/files/243-rc1-revert-logind-remove-unused-check.patch
@@ -0,0 +1,31 @@
+From 18f689b1fa35c53580da62bfce875fb15d20d448 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 4 Aug 2019 05:43:34 +0900
+Subject: [PATCH] Revert "logind: remove unused check"
+
+This reverts commit f2330acda408a34451d5e15380fcdd225a672473.
+
+Fixes #13255.
+---
+ src/login/logind-action.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/login/logind-action.c b/src/login/logind-action.c
+index fa92f4870a2..140953eec10 100644
+--- a/src/login/logind-action.c
++++ b/src/login/logind-action.c
+@@ -61,8 +61,12 @@ int manager_handle_action(
+ int r;
+
+ assert(m);
+- /* We should be called only with valid actions different than HANDLE_IGNORE. */
+- assert(handle > HANDLE_IGNORE && handle < _HANDLE_ACTION_MAX);
++
++ /* If the key handling is turned off, don't do anything */
++ if (handle == HANDLE_IGNORE) {
++ log_debug("Refusing operation, as it is turned off.");
++ return 0;
++ }
+
+ if (inhibit_key == INHIBIT_HANDLE_LID_SWITCH) {
+ /* If the last system suspend or startup is too close,
diff --git a/sys-apps/systemd/files/243-rc1-udev-properties.patch b/sys-apps/systemd/files/243-rc1-udev-properties.patch
new file mode 100644
index 00000000000..5e2ffa1868a
--- /dev/null
+++ b/sys-apps/systemd/files/243-rc1-udev-properties.patch
@@ -0,0 +1,53 @@
+From 41c81c4a626fda0969fc09ddeb8addb7aae6e4d9 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 4 Aug 2019 06:08:06 +0900
+Subject: [PATCH] udev: do not try to import properties on commented out lines
+
+Fixes #13257.
+---
+ src/udev/udev-rules.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
+index 3473a7eb7e5..1642f105354 100644
+--- a/src/udev/udev-rules.c
++++ b/src/udev/udev-rules.c
+@@ -1401,8 +1401,10 @@ static int get_property_from_string(char *line, char **ret_key, char **ret_value
+ key = skip_leading_chars(line, NULL);
+
+ /* comment or empty line */
+- if (IN_SET(key[0], '#', '\0'))
++ if (IN_SET(key[0], '#', '\0')) {
++ *ret_key = *ret_value = NULL;
+ return 0;
++ }
+
+ /* split key/value */
+ val = strchr(key, '=');
+@@ -1429,7 +1431,7 @@ static int get_property_from_string(char *line, char **ret_key, char **ret_value
+
+ *ret_key = key;
+ *ret_value = val;
+- return 0;
++ return 1;
+ }
+
+ static int import_parent_into_properties(sd_device *dev, const char *filter) {
+@@ -1681,6 +1683,8 @@ static int udev_rule_apply_token_to_event(
+ line);
+ continue;
+ }
++ if (r == 0)
++ continue;
+
+ r = device_add_property(dev, key, value);
+ if (r < 0)
+@@ -1719,6 +1723,8 @@ static int udev_rule_apply_token_to_event(
+ line);
+ continue;
+ }
++ if (r == 0)
++ continue;
+
+ r = device_add_property(dev, key, value);
+ if (r < 0)
diff --git a/sys-apps/systemd/systemd-243_rc1-r1.ebuild b/sys-apps/systemd/systemd-243_rc1-r2.ebuild
similarity index 98%
rename from sys-apps/systemd/systemd-243_rc1-r1.ebuild
rename to sys-apps/systemd/systemd-243_rc1-r2.ebuild
index 34b6587a0db..d67b45ec87d 100644
--- a/sys-apps/systemd/systemd-243_rc1-r1.ebuild
+++ b/sys-apps/systemd/systemd-243_rc1-r2.ebuild
@@ -186,6 +186,9 @@ src_prepare() {
# Add local patches here
PATCHES+=(
"${FILESDIR}"/243-rc1-analyze.patch
+ "${FILESDIR}"/243-rc1-cryptsetup.patch
+ "${FILESDIR}"/243-rc1-revert-logind-remove-unused-check.patch
+ "${FILESDIR}"/243-rc1-udev-properties.patch
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2019-07-10 18:21 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2019-07-10 18:21 UTC (permalink / raw
To: gentoo-commits
commit: 6be3d97505de9b79544a76fb998993886a40a9a4
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 10 18:14:37 2019 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Jul 10 18:20:54 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6be3d975
sys-apps/systemd: backport networkd fix
Closes: https://bugs.gentoo.org/687340
Package-Manager: Portage-2.3.68, Repoman-2.3.16_p2
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-apps/systemd/files/242-network-domains.patch | 57 ++++++++++++++++++++++
...systemd-242-r5.ebuild => systemd-242-r6.ebuild} | 1 +
2 files changed, 58 insertions(+)
diff --git a/sys-apps/systemd/files/242-network-domains.patch b/sys-apps/systemd/files/242-network-domains.patch
new file mode 100644
index 00000000000..166a8ee5b76
--- /dev/null
+++ b/sys-apps/systemd/files/242-network-domains.patch
@@ -0,0 +1,57 @@
+From fe0e16db093a7da09fcb52a2bc7017197047443d Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Mon, 13 May 2019 05:40:31 +0900
+Subject: [PATCH] network: do not use ordered_set_printf() for DOMAINS= or
+ ROUTE_DOMAINS=
+
+This partially reverts 5e2a51d588dde4b52c6017ea80b75c16e6e23431.
+
+Fixes #12531.
+---
+ src/network/networkd-link.c | 17 +++++++++++------
+ 1 file changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index f8ee48802cb..1dc10c65a1b 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -3495,12 +3495,11 @@ int link_save(Link *link) {
+ admin_state, oper_state);
+
+ if (link->network) {
+- bool space;
++ char **dhcp6_domains = NULL, **dhcp_domains = NULL;
++ const char *dhcp_domainname = NULL, *p;
+ sd_dhcp6_lease *dhcp6_lease = NULL;
+- const char *dhcp_domainname = NULL;
+- char **dhcp6_domains = NULL;
+- char **dhcp_domains = NULL;
+ unsigned j;
++ bool space;
+
+ fprintf(f, "REQUIRED_FOR_ONLINE=%s\n",
+ yes_no(link->network->required_for_online));
+@@ -3617,7 +3616,10 @@ int link_save(Link *link) {
+ (void) sd_dhcp6_lease_get_domains(dhcp6_lease, &dhcp6_domains);
+ }
+
+- ordered_set_print(f, "DOMAINS=", link->network->search_domains);
++ fputs("DOMAINS=", f);
++ space = false;
++ ORDERED_SET_FOREACH(p, link->network->search_domains, i)
++ fputs_with_space(f, p, NULL, &space);
+
+ if (link->network->dhcp_use_domains == DHCP_USE_DOMAINS_YES) {
+ NDiscDNSSL *dd;
+@@ -3635,7 +3637,10 @@ int link_save(Link *link) {
+
+ fputc('\n', f);
+
+- ordered_set_print(f, "ROUTE_DOMAINS=", link->network->route_domains);
++ fputs("ROUTE_DOMAINS=", f);
++ space = false;
++ ORDERED_SET_FOREACH(p, link->network->route_domains, i)
++ fputs_with_space(f, p, NULL, &space);
+
+ if (link->network->dhcp_use_domains == DHCP_USE_DOMAINS_ROUTE) {
+ NDiscDNSSL *dd;
diff --git a/sys-apps/systemd/systemd-242-r5.ebuild b/sys-apps/systemd/systemd-242-r6.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-242-r5.ebuild
rename to sys-apps/systemd/systemd-242-r6.ebuild
index ec26fa49f50..a42f1f1f5d8 100644
--- a/sys-apps/systemd/systemd-242-r5.ebuild
+++ b/sys-apps/systemd/systemd-242-r6.ebuild
@@ -173,6 +173,7 @@ src_prepare() {
"${FILESDIR}"/242-file-max.patch
"${FILESDIR}"/242-rdrand-ryzen.patch
"${FILESDIR}"/242-networkd-ipv6-token.patch
+ "${FILESDIR}"/242-network-domains.patch
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2019-07-10 15:37 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2019-07-10 15:37 UTC (permalink / raw
To: gentoo-commits
commit: d5de18bc38a164bac47401cb9fa4a73afba5d49e
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 10 15:36:54 2019 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Jul 10 15:37:03 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d5de18bc
sys-apps/systemd: backport networkd fix
Closes: https://bugs.gentoo.org/689496
Package-Manager: Portage-2.3.68, Repoman-2.3.16_p2
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
.../systemd/files/242-networkd-ipv6-token.patch | 152 +++++++++++++++++++++
...systemd-241-r3.ebuild => systemd-241-r4.ebuild} | 1 +
...systemd-242-r4.ebuild => systemd-242-r5.ebuild} | 1 +
3 files changed, 154 insertions(+)
diff --git a/sys-apps/systemd/files/242-networkd-ipv6-token.patch b/sys-apps/systemd/files/242-networkd-ipv6-token.patch
new file mode 100644
index 00000000000..87a85f6f6ab
--- /dev/null
+++ b/sys-apps/systemd/files/242-networkd-ipv6-token.patch
@@ -0,0 +1,152 @@
+From 4eb086a38712ea98faf41e075b84555b11b54362 Mon Sep 17 00:00:00 2001
+From: Susant Sahani <ssahani@gmail.com>
+Date: Thu, 9 May 2019 07:35:35 +0530
+Subject: [PATCH] networkd: fix link_up() (#12505)
+
+Fillup IFLA_INET6_ADDR_GEN_MODE while we do link_up.
+
+Fixes the following error:
+```
+dummy-test: Could not bring up interface: Invalid argument
+```
+
+After reading the kernel code when we do a link up
+```
+net/core/rtnetlink.c
+IFLA_AF_SPEC
+ af_ops->set_link_af(dev, af);
+ inet6_set_link_af
+ if (tb[IFLA_INET6_ADDR_GEN_MODE])
+ Here it looks for IFLA_INET6_ADDR_GEN_MODE
+```
+Since link up we didn't filling up that it's failing.
+
+Closes #12504.
+---
+ src/network/networkd-link.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 3c8b5c5cb43..4db9f3f980f 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -2031,6 +2031,8 @@ static int link_up(Link *link) {
+ }
+
+ if (link_ipv6_enabled(link)) {
++ uint8_t ipv6ll_mode;
++
+ r = sd_netlink_message_open_container(req, IFLA_AF_SPEC);
+ if (r < 0)
+ return log_link_error_errno(link, r, "Could not open IFLA_AF_SPEC container: %m");
+@@ -2046,6 +2048,19 @@ static int link_up(Link *link) {
+ return log_link_error_errno(link, r, "Could not append IFLA_INET6_TOKEN: %m");
+ }
+
++ if (!link_ipv6ll_enabled(link))
++ ipv6ll_mode = IN6_ADDR_GEN_MODE_NONE;
++ else if (sysctl_read_ip_property(AF_INET6, link->ifname, "stable_secret", NULL) < 0)
++ /* The file may not exist. And event if it exists, when stable_secret is unset,
++ * reading the file fails with EIO. */
++ ipv6ll_mode = IN6_ADDR_GEN_MODE_EUI64;
++ else
++ ipv6ll_mode = IN6_ADDR_GEN_MODE_STABLE_PRIVACY;
++
++ r = sd_netlink_message_append_u8(req, IFLA_INET6_ADDR_GEN_MODE, ipv6ll_mode);
++ if (r < 0)
++ return log_link_error_errno(link, r, "Could not append IFLA_INET6_ADDR_GEN_MODE: %m");
++
+ r = sd_netlink_message_close_container(req);
+ if (r < 0)
+ return log_link_error_errno(link, r, "Could not close AF_INET6 container: %m");
+From 9f6e82e6eb3b6e73d66d00d1d6eee60691fb702f Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Thu, 9 May 2019 14:39:46 +0900
+Subject: [PATCH] network: do not send ipv6 token to kernel
+
+We disabled kernel RA support. Then, we should not send
+IFLA_INET6_TOKEN.
+Thus, we do not need to send IFLA_INET6_ADDR_GEN_MODE twice.
+
+Follow-up for 0e2fdb83bb5e22047e0c7cc058b415d0e93f02cf and
+4eb086a38712ea98faf41e075b84555b11b54362.
+---
+ src/network/networkd-link.c | 51 +++++--------------------------------
+ 1 file changed, 6 insertions(+), 45 deletions(-)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 2b6ff2b6c58..b6da4ea70b7 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -1954,6 +1954,9 @@ static int link_configure_addrgen_mode(Link *link) {
+ assert(link->manager);
+ assert(link->manager->rtnl);
+
++ if (!socket_ipv6_is_supported())
++ return 0;
++
+ log_link_debug(link, "Setting address genmode for link");
+
+ r = sd_rtnl_message_new_link(link->manager->rtnl, &req, RTM_SETLINK, link->ifindex);
+@@ -2047,46 +2050,6 @@ static int link_up(Link *link) {
+ return log_link_error_errno(link, r, "Could not set MAC address: %m");
+ }
+
+- if (link_ipv6_enabled(link)) {
+- uint8_t ipv6ll_mode;
+-
+- r = sd_netlink_message_open_container(req, IFLA_AF_SPEC);
+- if (r < 0)
+- return log_link_error_errno(link, r, "Could not open IFLA_AF_SPEC container: %m");
+-
+- /* if the kernel lacks ipv6 support setting IFF_UP fails if any ipv6 options are passed */
+- r = sd_netlink_message_open_container(req, AF_INET6);
+- if (r < 0)
+- return log_link_error_errno(link, r, "Could not open AF_INET6 container: %m");
+-
+- if (!in_addr_is_null(AF_INET6, &link->network->ipv6_token)) {
+- r = sd_netlink_message_append_in6_addr(req, IFLA_INET6_TOKEN, &link->network->ipv6_token.in6);
+- if (r < 0)
+- return log_link_error_errno(link, r, "Could not append IFLA_INET6_TOKEN: %m");
+- }
+-
+- if (!link_ipv6ll_enabled(link))
+- ipv6ll_mode = IN6_ADDR_GEN_MODE_NONE;
+- else if (sysctl_read_ip_property(AF_INET6, link->ifname, "stable_secret", NULL) < 0)
+- /* The file may not exist. And event if it exists, when stable_secret is unset,
+- * reading the file fails with EIO. */
+- ipv6ll_mode = IN6_ADDR_GEN_MODE_EUI64;
+- else
+- ipv6ll_mode = IN6_ADDR_GEN_MODE_STABLE_PRIVACY;
+-
+- r = sd_netlink_message_append_u8(req, IFLA_INET6_ADDR_GEN_MODE, ipv6ll_mode);
+- if (r < 0)
+- return log_link_error_errno(link, r, "Could not append IFLA_INET6_ADDR_GEN_MODE: %m");
+-
+- r = sd_netlink_message_close_container(req);
+- if (r < 0)
+- return log_link_error_errno(link, r, "Could not close AF_INET6 container: %m");
+-
+- r = sd_netlink_message_close_container(req);
+- if (r < 0)
+- return log_link_error_errno(link, r, "Could not close IFLA_AF_SPEC container: %m");
+- }
+-
+ r = netlink_call_async(link->manager->rtnl, NULL, req, link_up_handler,
+ link_netlink_destroy_callback, link);
+ if (r < 0)
+@@ -3226,11 +3189,9 @@ static int link_configure(Link *link) {
+ if (r < 0)
+ return r;
+
+- if (socket_ipv6_is_supported()) {
+- r = link_configure_addrgen_mode(link);
+- if (r < 0)
+- return r;
+- }
++ r = link_configure_addrgen_mode(link);
++ if (r < 0)
++ return r;
+
+ return link_configure_after_setting_mtu(link);
+ }
diff --git a/sys-apps/systemd/systemd-241-r3.ebuild b/sys-apps/systemd/systemd-241-r4.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-241-r3.ebuild
rename to sys-apps/systemd/systemd-241-r4.ebuild
index bf75f7e6aa1..9ea26e0dc87 100644
--- a/sys-apps/systemd/systemd-241-r3.ebuild
+++ b/sys-apps/systemd/systemd-241-r4.ebuild
@@ -173,6 +173,7 @@ src_prepare() {
"${FILESDIR}"/242-file-max.patch
"${FILESDIR}"/241-wrapper-msan-unpoinson.patch
"${FILESDIR}"/242-rdrand-ryzen.patch
+ "${FILESDIR}"/242-networkd-ipv6-token.patch
)
if ! use vanilla; then
diff --git a/sys-apps/systemd/systemd-242-r4.ebuild b/sys-apps/systemd/systemd-242-r5.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-242-r4.ebuild
rename to sys-apps/systemd/systemd-242-r5.ebuild
index 942547ef011..50b6ad640b2 100644
--- a/sys-apps/systemd/systemd-242-r4.ebuild
+++ b/sys-apps/systemd/systemd-242-r5.ebuild
@@ -175,6 +175,7 @@ src_prepare() {
"${FILESDIR}"/242-wireguard-listenport.patch
"${FILESDIR}"/242-file-max.patch
"${FILESDIR}"/242-rdrand-ryzen.patch
+ "${FILESDIR}"/242-networkd-ipv6-token.patch
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2019-07-08 15:47 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2019-07-08 15:47 UTC (permalink / raw
To: gentoo-commits
commit: d8e9f1fc3f4d1cb207a640447f843d1fea8f941d
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 8 15:47:01 2019 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Jul 8 15:47:01 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8e9f1fc
sys-apps/systemd: backport rdrand workaround for ryzen cpus
Package-Manager: Portage-2.3.68, Repoman-2.3.16_p2
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
.../systemd/files/241-wrapper-msan-unpoinson.patch | 76 +++++
sys-apps/systemd/files/242-rdrand-ryzen.patch | 353 +++++++++++++++++++++
...systemd-241-r2.ebuild => systemd-241-r3.ebuild} | 2 +
...systemd-242-r3.ebuild => systemd-242-r4.ebuild} | 1 +
4 files changed, 432 insertions(+)
diff --git a/sys-apps/systemd/files/241-wrapper-msan-unpoinson.patch b/sys-apps/systemd/files/241-wrapper-msan-unpoinson.patch
new file mode 100644
index 00000000000..e337b4f4ca5
--- /dev/null
+++ b/sys-apps/systemd/files/241-wrapper-msan-unpoinson.patch
@@ -0,0 +1,76 @@
+From c322f379e6ca972f1c4d3409ac97828b1b838d5d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 22 Feb 2019 13:07:00 +0100
+Subject: [PATCH] Add wrapper for __msan_unpoinson() to reduce #ifdeffery
+
+This isn't really necessary for the subsequent commit, but I expect that we'll
+need to unpoison more often once we turn on msan in CI, so I think think this
+change makes sense in the long run.
+---
+ src/basic/alloc-util.h | 10 ++++++++++
+ src/basic/random-util.c | 11 ++---------
+ 2 files changed, 12 insertions(+), 9 deletions(-)
+
+diff --git a/src/basic/alloc-util.h b/src/basic/alloc-util.h
+index 893a1238ff..78ee34bb71 100644
+--- a/src/basic/alloc-util.h
++++ b/src/basic/alloc-util.h
+@@ -8,6 +8,10 @@
+
+ #include "macro.h"
+
++#if HAS_FEATURE_MEMORY_SANITIZER
++# include <sanitizer/msan_interface.h>
++#endif
++
+ typedef void (*free_func_t)(void *p);
+
+ /* If for some reason more than 4M are allocated on the stack, let's abort immediately. It's better than
+@@ -160,3 +164,9 @@ void* greedy_realloc0(void **p, size_t *allocated, size_t need, size_t size);
+ (ptr) = NULL; \
+ _ptr_; \
+ })
++
++#if HAS_FEATURE_MEMORY_SANITIZER
++# define msan_unpoison(r, s) __msan_unpoison(r, s)
++#else
++# define msan_unpoison(r, s)
++#endif
+diff --git a/src/basic/random-util.c b/src/basic/random-util.c
+index f7decf60b6..ca25fd2420 100644
+--- a/src/basic/random-util.c
++++ b/src/basic/random-util.c
+@@ -23,16 +23,13 @@
+ # include <linux/random.h>
+ #endif
+
++#include "alloc-util.h"
+ #include "fd-util.h"
+ #include "io-util.h"
+ #include "missing.h"
+ #include "random-util.h"
+ #include "time-util.h"
+
+-#if HAS_FEATURE_MEMORY_SANITIZER
+-#include <sanitizer/msan_interface.h>
+-#endif
+-
+ int rdrand(unsigned long *ret) {
+
+ #if defined(__i386__) || defined(__x86_64__)
+@@ -58,11 +55,7 @@ int rdrand(unsigned long *ret) {
+ "setc %1"
+ : "=r" (*ret),
+ "=qm" (err));
+-
+-#if HAS_FEATURE_MEMORY_SANITIZER
+- __msan_unpoison(&err, sizeof(err));
+-#endif
+-
++ msan_unpoison(&err, sizeof(err));
+ if (!err)
+ return -EAGAIN;
+
+--
+2.22.0
+
diff --git a/sys-apps/systemd/files/242-rdrand-ryzen.patch b/sys-apps/systemd/files/242-rdrand-ryzen.patch
new file mode 100644
index 00000000000..ec690c1b3f6
--- /dev/null
+++ b/sys-apps/systemd/files/242-rdrand-ryzen.patch
@@ -0,0 +1,353 @@
+From d351699739471734666230ae3c6f9ba56ce5ce45 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 7 May 2019 16:18:13 -0400
+Subject: [PATCH 1/6] =?UTF-8?q?random-util:=20rename=20RANDOM=5FDONT=5FDRA?=
+ =?UTF-8?q?IN=20=E2=86=92=20RANDOM=5FMAY=5FFAIL?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The old flag name was a bit of a misnomer, as /dev/urandom cannot be
+"drained". Once it's initialized it's initialized and then is good
+forever. (Only /dev/random has a concept of 'draining', but we never use
+that, as it's an obsolete interface).
+
+The flag is still useful though, since it allows us to suppress accesses
+to the random pool while it is not initialized, as that trips up the
+kernel and it logs about any such attempts, which we really don't want.
+
+(cherry picked from commit 1a0ffa1e737e65312abac63dcf4b44e1ac0e1642)
+---
+ src/basic/random-util.c | 36 +++++++++++++++++++-----------------
+ src/basic/random-util.h | 4 ++--
+ 2 files changed, 21 insertions(+), 19 deletions(-)
+
+diff --git a/src/basic/random-util.c b/src/basic/random-util.c
+index ca25fd2420..de29e07549 100644
+--- a/src/basic/random-util.c
++++ b/src/basic/random-util.c
+@@ -71,21 +71,22 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) {
+ bool got_some = false;
+ int r;
+
+- /* Gathers some randomness from the kernel (or the CPU if the RANDOM_ALLOW_RDRAND flag is set). This call won't
+- * block, unless the RANDOM_BLOCK flag is set. If RANDOM_DONT_DRAIN is set, an error is returned if the random
+- * pool is not initialized. Otherwise it will always return some data from the kernel, regardless of whether
+- * the random pool is fully initialized or not. */
++ /* Gathers some randomness from the kernel (or the CPU if the RANDOM_ALLOW_RDRAND flag is set). This
++ * call won't block, unless the RANDOM_BLOCK flag is set. If RANDOM_MAY_FAIL is set, an error is
++ * returned if the random pool is not initialized. Otherwise it will always return some data from the
++ * kernel, regardless of whether the random pool is fully initialized or not. */
+
+ if (n == 0)
+ return 0;
+
+ if (FLAGS_SET(flags, RANDOM_ALLOW_RDRAND))
+- /* Try x86-64' RDRAND intrinsic if we have it. We only use it if high quality randomness is not
+- * required, as we don't trust it (who does?). Note that we only do a single iteration of RDRAND here,
+- * even though the Intel docs suggest calling this in a tight loop of 10 invocations or so. That's
+- * because we don't really care about the quality here. We generally prefer using RDRAND if the caller
+- * allows us too, since this way we won't drain the kernel randomness pool if we don't need it, as the
+- * pool's entropy is scarce. */
++ /* Try x86-64' RDRAND intrinsic if we have it. We only use it if high quality randomness is
++ * not required, as we don't trust it (who does?). Note that we only do a single iteration of
++ * RDRAND here, even though the Intel docs suggest calling this in a tight loop of 10
++ * invocations or so. That's because we don't really care about the quality here. We
++ * generally prefer using RDRAND if the caller allows us to, since this way we won't upset
++ * the kernel's random subsystem by accessing it before the pool is initialized (after all it
++ * will kmsg log about every attempt to do so)..*/
+ for (;;) {
+ unsigned long u;
+ size_t m;
+@@ -153,12 +154,13 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) {
+ break;
+
+ } else if (errno == EAGAIN) {
+- /* The kernel has no entropy whatsoever. Let's remember to use the syscall the next
+- * time again though.
++ /* The kernel has no entropy whatsoever. Let's remember to use the syscall
++ * the next time again though.
+ *
+- * If RANDOM_DONT_DRAIN is set, return an error so that random_bytes() can produce some
+- * pseudo-random bytes instead. Otherwise, fall back to /dev/urandom, which we know is empty,
+- * but the kernel will produce some bytes for us on a best-effort basis. */
++ * If RANDOM_MAY_FAIL is set, return an error so that random_bytes() can
++ * produce some pseudo-random bytes instead. Otherwise, fall back to
++ * /dev/urandom, which we know is empty, but the kernel will produce some
++ * bytes for us on a best-effort basis. */
+ have_syscall = true;
+
+ if (got_some && FLAGS_SET(flags, RANDOM_EXTEND_WITH_PSEUDO)) {
+@@ -167,7 +169,7 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) {
+ return 0;
+ }
+
+- if (FLAGS_SET(flags, RANDOM_DONT_DRAIN))
++ if (FLAGS_SET(flags, RANDOM_MAY_FAIL))
+ return -ENODATA;
+
+ /* Use /dev/urandom instead */
+@@ -250,7 +252,7 @@ void pseudo_random_bytes(void *p, size_t n) {
+
+ void random_bytes(void *p, size_t n) {
+
+- if (genuine_random_bytes(p, n, RANDOM_EXTEND_WITH_PSEUDO|RANDOM_DONT_DRAIN|RANDOM_ALLOW_RDRAND) >= 0)
++ if (genuine_random_bytes(p, n, RANDOM_EXTEND_WITH_PSEUDO|RANDOM_MAY_FAIL|RANDOM_ALLOW_RDRAND) >= 0)
+ return;
+
+ /* If for some reason some user made /dev/urandom unavailable to us, or the kernel has no entropy, use a PRNG instead. */
+diff --git a/src/basic/random-util.h b/src/basic/random-util.h
+index 3e8c288d3d..148b6c7813 100644
+--- a/src/basic/random-util.h
++++ b/src/basic/random-util.h
+@@ -8,11 +8,11 @@
+ typedef enum RandomFlags {
+ RANDOM_EXTEND_WITH_PSEUDO = 1 << 0, /* If we can't get enough genuine randomness, but some, fill up the rest with pseudo-randomness */
+ RANDOM_BLOCK = 1 << 1, /* Rather block than return crap randomness (only if the kernel supports that) */
+- RANDOM_DONT_DRAIN = 1 << 2, /* If we can't get any randomness at all, return early with -EAGAIN */
++ RANDOM_MAY_FAIL = 1 << 2, /* If we can't get any randomness at all, return early with -ENODATA */
+ RANDOM_ALLOW_RDRAND = 1 << 3, /* Allow usage of the CPU RNG */
+ } RandomFlags;
+
+-int genuine_random_bytes(void *p, size_t n, RandomFlags flags); /* returns "genuine" randomness, optionally filled upwith pseudo random, if not enough is available */
++int genuine_random_bytes(void *p, size_t n, RandomFlags flags); /* returns "genuine" randomness, optionally filled up with pseudo random, if not enough is available */
+ void pseudo_random_bytes(void *p, size_t n); /* returns only pseudo-randommess (but possibly seeded from something better) */
+ void random_bytes(void *p, size_t n); /* returns genuine randomness if cheaply available, and pseudo randomness if not. */
+
+--
+2.22.0
+
+
+From 1f492b9ecc31aa3782f9ce82058d8fb72a5c323f Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 7 May 2019 16:21:44 -0400
+Subject: [PATCH 2/6] random-util: use gcc's bit_RDRND definition if it exists
+
+(cherry picked from commit cc28145d51f62711fdc4b4c229aecd5778806419)
+---
+ src/basic/random-util.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/basic/random-util.c b/src/basic/random-util.c
+index de29e07549..205d5501e5 100644
+--- a/src/basic/random-util.c
++++ b/src/basic/random-util.c
+@@ -45,7 +45,12 @@ int rdrand(unsigned long *ret) {
+ return -EOPNOTSUPP;
+ }
+
+- have_rdrand = !!(ecx & (1U << 30));
++/* Compat with old gcc where bit_RDRND didn't exist yet */
++#ifndef bit_RDRND
++#define bit_RDRND (1U << 30)
++#endif
++
++ have_rdrand = !!(ecx & bit_RDRND);
+ }
+
+ if (have_rdrand == 0)
+--
+2.22.0
+
+
+From 6460c540e6183dd19de89b7f0672b3b47c4d41cc Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 7 May 2019 17:26:55 -0400
+Subject: [PATCH 3/6] random-util: hash AT_RANDOM getauxval() value before
+ using it
+
+Let's be a bit paranoid and hash the 16 bytes we get from getauxval()
+before using them. AFter all they might be used by other stuff too (in
+particular ASLR), and we probably shouldn't end up leaking that seed
+though our crappy pseudo-random numbers.
+
+(cherry picked from commit 80eb560a5bd7439103036867d5e09a5e0393e5d3)
+---
+ src/basic/random-util.c | 18 ++++++++++++------
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/src/basic/random-util.c b/src/basic/random-util.c
+index 205d5501e5..40f1928936 100644
+--- a/src/basic/random-util.c
++++ b/src/basic/random-util.c
+@@ -28,6 +28,7 @@
+ #include "io-util.h"
+ #include "missing.h"
+ #include "random-util.h"
++#include "siphash24.h"
+ #include "time-util.h"
+
+ int rdrand(unsigned long *ret) {
+@@ -203,14 +204,19 @@ void initialize_srand(void) {
+ return;
+
+ #if HAVE_SYS_AUXV_H
+- /* The kernel provides us with 16 bytes of entropy in auxv, so let's
+- * try to make use of that to seed the pseudo-random generator. It's
+- * better than nothing... */
++ /* The kernel provides us with 16 bytes of entropy in auxv, so let's try to make use of that to seed
++ * the pseudo-random generator. It's better than nothing... But let's first hash it to make it harder
++ * to recover the original value by watching any pseudo-random bits we generate. After all the
++ * AT_RANDOM data might be used by other stuff too (in particular: ASLR), and we probably shouldn't
++ * leak the seed for that. */
+
+- auxv = (const void*) getauxval(AT_RANDOM);
++ auxv = ULONG_TO_PTR(getauxval(AT_RANDOM));
+ if (auxv) {
+- assert_cc(sizeof(x) <= 16);
+- memcpy(&x, auxv, sizeof(x));
++ static const uint8_t auxval_hash_key[16] = {
++ 0x92, 0x6e, 0xfe, 0x1b, 0xcf, 0x00, 0x52, 0x9c, 0xcc, 0x42, 0xcf, 0xdc, 0x94, 0x1f, 0x81, 0x0f
++ };
++
++ x = (unsigned) siphash24(auxv, 16, auxval_hash_key);
+ } else
+ #endif
+ x = 0;
+--
+2.22.0
+
+
+From 17d52f6320b45d1728af6007b4df4aaccc6fdaf4 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 7 May 2019 18:51:26 -0400
+Subject: [PATCH 4/6] random-util: rename "err" to "success"
+
+After all rdrand returns 1 on success, and 0 on failure, hence let's
+name this accordingly.
+
+(cherry picked from commit 328f850e36e86d14ab06d11fa8f2397e9575a7f9)
+---
+ src/basic/random-util.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/basic/random-util.c b/src/basic/random-util.c
+index 40f1928936..7c64857592 100644
+--- a/src/basic/random-util.c
++++ b/src/basic/random-util.c
+@@ -35,7 +35,7 @@ int rdrand(unsigned long *ret) {
+
+ #if defined(__i386__) || defined(__x86_64__)
+ static int have_rdrand = -1;
+- unsigned char err;
++ uint8_t success;
+
+ if (have_rdrand < 0) {
+ uint32_t eax, ebx, ecx, edx;
+@@ -60,9 +60,9 @@ int rdrand(unsigned long *ret) {
+ asm volatile("rdrand %0;"
+ "setc %1"
+ : "=r" (*ret),
+- "=qm" (err));
+- msan_unpoison(&err, sizeof(err));
+- if (!err)
++ "=qm" (success));
++ msan_unpoison(&success, sizeof(sucess));
++ if (!success)
+ return -EAGAIN;
+
+ return 0;
+--
+2.22.0
+
+
+From a6c72245ba5ba688cd6544650b9c6e313b39b53e Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Wed, 8 May 2019 15:50:53 +0200
+Subject: [PATCH 5/6] util-lib: fix a typo in rdrand
+
+Otherwise, the fuzzers will fail to compile with MSan:
+```
+../../src/systemd/src/basic/random-util.c:64:40: error: use of undeclared identifier 'sucess'; did you mean 'success'?
+ msan_unpoison(&success, sizeof(sucess));
+ ^~~~~~
+ success
+../../src/systemd/src/basic/alloc-util.h:169:50: note: expanded from macro 'msan_unpoison'
+ ^
+../../src/systemd/src/basic/random-util.c:38:17: note: 'success' declared here
+ uint8_t success;
+ ^
+1 error generated.
+[80/545] Compiling C object 'src/basic/a6ba3eb@@basic@sta/process-util.c.o'.
+ninja: build stopped: subcommand failed.
+Fuzzers build failed
+```
+
+(cherry picked from commit 7f2cdceaed4d37c4e601e531c7d863fca1bd1460)
+---
+ src/basic/random-util.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/basic/random-util.c b/src/basic/random-util.c
+index 7c64857592..b8bbf2d418 100644
+--- a/src/basic/random-util.c
++++ b/src/basic/random-util.c
+@@ -61,7 +61,7 @@ int rdrand(unsigned long *ret) {
+ "setc %1"
+ : "=r" (*ret),
+ "=qm" (success));
+- msan_unpoison(&success, sizeof(sucess));
++ msan_unpoison(&success, sizeof(success));
+ if (!success)
+ return -EAGAIN;
+
+--
+2.22.0
+
+
+From 47eec0ae61c887cb8cc05ce8d49b8d151bc4ef25 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 10 May 2019 15:16:16 -0400
+Subject: [PATCH 6/6] random-util: eat up bad RDRAND values seen on AMD CPUs
+
+An ugly, ugly work-around for #11810. And no, we shouldn't have to do
+this. This is something for AMD, the firmware or the kernel to
+fix/work-around, not us. But nonetheless, this should do it for now.
+
+Fixes: #11810
+(cherry picked from commit 1c53d4a070edbec8ad2d384ba0014d0eb6bae077)
+---
+ src/basic/random-util.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/src/basic/random-util.c b/src/basic/random-util.c
+index b8bbf2d418..0561f0cb22 100644
+--- a/src/basic/random-util.c
++++ b/src/basic/random-util.c
+@@ -35,6 +35,7 @@ int rdrand(unsigned long *ret) {
+
+ #if defined(__i386__) || defined(__x86_64__)
+ static int have_rdrand = -1;
++ unsigned long v;
+ uint8_t success;
+
+ if (have_rdrand < 0) {
+@@ -59,12 +60,24 @@ int rdrand(unsigned long *ret) {
+
+ asm volatile("rdrand %0;"
+ "setc %1"
+- : "=r" (*ret),
++ : "=r" (v),
+ "=qm" (success));
+ msan_unpoison(&success, sizeof(success));
+ if (!success)
+ return -EAGAIN;
+
++ /* Apparently on some AMD CPUs RDRAND will sometimes (after a suspend/resume cycle?) report success
++ * via the carry flag but nonetheless return the same fixed value -1 in all cases. This appears to be
++ * a bad bug in the CPU or firmware. Let's deal with that and work-around this by explicitly checking
++ * for this special value (and also 0, just to be sure) and filtering it out. This is a work-around
++ * only however and something AMD really should fix properly. The Linux kernel should probably work
++ * around this issue by turning off RDRAND altogether on those CPUs. See:
++ * https://github.com/systemd/systemd/issues/11810 */
++ if (v == 0 || v == ULONG_MAX)
++ return log_debug_errno(SYNTHETIC_ERRNO(EUCLEAN),
++ "RDRAND returned suspicious value %lx, assuming bad hardware RNG, not using value.", v);
++
++ *ret = v;
+ return 0;
+ #else
+ return -EOPNOTSUPP;
+--
+2.22.0
+
diff --git a/sys-apps/systemd/systemd-241-r2.ebuild b/sys-apps/systemd/systemd-241-r3.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-241-r2.ebuild
rename to sys-apps/systemd/systemd-241-r3.ebuild
index 36ac11f3ccd..bf75f7e6aa1 100644
--- a/sys-apps/systemd/systemd-241-r2.ebuild
+++ b/sys-apps/systemd/systemd-241-r3.ebuild
@@ -171,6 +171,8 @@ src_prepare() {
"${FILESDIR}"/241-version-dep.patch
"${FILESDIR}"/242-gcc-9.patch
"${FILESDIR}"/242-file-max.patch
+ "${FILESDIR}"/241-wrapper-msan-unpoinson.patch
+ "${FILESDIR}"/242-rdrand-ryzen.patch
)
if ! use vanilla; then
diff --git a/sys-apps/systemd/systemd-242-r3.ebuild b/sys-apps/systemd/systemd-242-r4.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-242-r3.ebuild
rename to sys-apps/systemd/systemd-242-r4.ebuild
index a5bcd952cf4..942547ef011 100644
--- a/sys-apps/systemd/systemd-242-r3.ebuild
+++ b/sys-apps/systemd/systemd-242-r4.ebuild
@@ -174,6 +174,7 @@ src_prepare() {
"${FILESDIR}"/242-socket-util-flush-accept.patch
"${FILESDIR}"/242-wireguard-listenport.patch
"${FILESDIR}"/242-file-max.patch
+ "${FILESDIR}"/242-rdrand-ryzen.patch
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2019-06-08 20:44 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2019-06-08 20:44 UTC (permalink / raw
To: gentoo-commits
commit: 3b233dd17e8806f9eed9d8fa097a653d100a788a
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 8 20:43:59 2019 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Jun 8 20:43:59 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3b233dd1
sys-apps/systemd: remove old
Package-Manager: Portage-2.3.67_p4, Repoman-2.3.13_p3
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-apps/systemd/Manifest | 2 -
| 40 --
sys-apps/systemd/files/gentoo-generator-path.patch | 27 --
sys-apps/systemd/systemd-239-r4.ebuild | 449 -------------------
sys-apps/systemd/systemd-242-r1.ebuild | 491 ---------------------
5 files changed, 1009 deletions(-)
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index ccc853651c0..e68034e7888 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,4 +1,2 @@
-DIST systemd-239-patches-2.tar.gz 33416 BLAKE2B 9602d101cbac65d3b2490f28308e843c28fcaea848dd09005abef0da0bc79ba0766a1cbe7c3cac63f796accddf0295b4eb946e601a201f7e81a48bd1720051ca SHA512 5f5a764d317c43c6b1854171a753eafaca006e12e4f91c81e6ba1d50e80bbbaca23c900fba417264bf9f0d827a73aca71a6da8f2a2043aaaefefed62f5a92b23
-DIST systemd-239.tar.gz 7157293 BLAKE2B 975f6215c8bb6662d6e161f637e1fece22930c0190b3c31a8fc4cb1a10600546a252704ac95590d9d14e495fcd06082a590e6d755e36603a41b3a396d579d8b0 SHA512 fd44590dfd148504c5ed1e67521efce50d84b627b7fc77015fa95dfa76d7a42297c56cc89eff40181809732024b16d48f2a87038cf435e0c63bc2b95ecd86b0f
DIST systemd-241.tar.gz 7640538 BLAKE2B 69d7196fee0d0ad06ea8d7c78b0299cc17517ecce3ca4c0b1181a3fbb13bc2627629156785051e2ff427dcc21414f7a078724c6409ebaa431618e4799ebcd50a SHA512 a7757574590e8aa37e1291ea0b2c5eb03a8d8062fe9462fa5b0bf50830c933e2b301d106c70d904f94afc0aa8e43a8acfd11926dfa25b1b89174580e491e545e
DIST systemd-242.tar.gz 7831435 BLAKE2B 288e65d0a8e133ef5885689eb16118a83d93c730e342da63115cea0892fc999104c3a4856c83f3e7ef909ba2f3311146730b05ee02d84cc0400851ccbdcd54cd SHA512 578f68a3c8f2d454198fc04ff8d943abcfb390531d57f9603d185857f7afa7f4dc641dafecf49ce50fe22f5837b252b181400891e8efd4459fd4f69bb4283cb4
diff --git a/sys-apps/systemd/files/239-debug-extra.patch b/sys-apps/systemd/files/239-debug-extra.patch
deleted file mode 100644
index 19db590257c..00000000000
--- a/sys-apps/systemd/files/239-debug-extra.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 8f6b442a78d0b485f044742ad90b2e8271b4e68e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Sun, 19 Aug 2018 19:11:30 +0200
-Subject: [PATCH] meson: rename -Ddebug to -Ddebug-extra
-
-Meson added -Doptimization and -Ddebug options, which obviously causes
-a conflict with our -Ddebug options. Let's rename it.
-
-Fixes #9883.
----
- meson.build | 2 +-
- meson_options.txt | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/meson.build b/meson.build
-index f79ac4b12e7..2209c935ad6 100644
---- a/meson.build
-+++ b/meson.build
-@@ -763,7 +763,7 @@ substs.set('DEBUGTTY', get_option('debug-tty'))
-
- enable_debug_hashmap = false
- enable_debug_mmap_cache = false
--foreach name : get_option('debug')
-+foreach name : get_option('debug-extra')
- if name == 'hashmap'
- enable_debug_hashmap = true
- elif name == 'mmap-cache'
-diff --git a/meson_options.txt b/meson_options.txt
-index e3140c8c110..7b1f61bf464 100644
---- a/meson_options.txt
-+++ b/meson_options.txt
-@@ -45,7 +45,7 @@ option('debug-shell', type : 'string', value : '/bin/sh',
- description : 'path to debug shell binary')
- option('debug-tty', type : 'string', value : '/dev/tty9',
- description : 'specify the tty device for debug shell')
--option('debug', type : 'array', choices : ['hashmap', 'mmap-cache'], value : [],
-+option('debug-extra', type : 'array', choices : ['hashmap', 'mmap-cache'], value : [],
- description : 'enable extra debugging')
- option('memory-accounting-default', type : 'boolean',
- description : 'enable MemoryAccounting= by default')
diff --git a/sys-apps/systemd/files/gentoo-generator-path.patch b/sys-apps/systemd/files/gentoo-generator-path.patch
deleted file mode 100644
index 6912b481f20..00000000000
--- a/sys-apps/systemd/files/gentoo-generator-path.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From d9287b10d714175521e3bcd6c53de4819b1357c5 Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Mon, 17 Jul 2017 11:21:25 -0400
-Subject: [PATCH 1/3] path-lookup: look for generators in
- {,/usr}/lib/systemd/system-generators
-
-Bug: https://bugs.gentoo.org/625402
----
- src/shared/path-lookup.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c
-index e2b3f8b74..1ee0e1cdb 100644
---- a/src/shared/path-lookup.c
-+++ b/src/shared/path-lookup.c
-@@ -821,6 +821,8 @@ char **generator_binary_paths(UnitFileScope scope) {
- return strv_new("/run/systemd/system-generators",
- "/etc/systemd/system-generators",
- "/usr/local/lib/systemd/system-generators",
-+ "/usr/lib/systemd/system-generators",
-+ "/lib/systemd/system-generators",
- SYSTEM_GENERATOR_PATH,
- NULL);
-
---
-2.14.0
-
diff --git a/sys-apps/systemd/systemd-239-r4.ebuild b/sys-apps/systemd/systemd-239-r4.ebuild
deleted file mode 100644
index 2eae2f56767..00000000000
--- a/sys-apps/systemd/systemd-239-r4.ebuild
+++ /dev/null
@@ -1,449 +0,0 @@
-# Copyright 2011-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-if [[ ${PV} == 9999 ]]; then
- EGIT_REPO_URI="https://github.com/systemd/systemd.git"
- inherit git-r3
-else
- SRC_URI="https://github.com/systemd/systemd/archive/v${PV}/${P}.tar.gz
- https://dev.gentoo.org/~floppym/dist/${P}-patches-2.tar.gz"
- KEYWORDS="alpha amd64 arm arm64 ~hppa ia64 ~mips ppc ppc64 sparc x86"
-fi
-
-PYTHON_COMPAT=( python{3_5,3_6,3_7} )
-
-inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev user
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi http idn importd +kmod libidn2 +lz4 lzma nat pam pcre policykit qrcode +resolvconf +seccomp selinux +split-usr ssl +sysv-utils test vanilla xkb"
-
-REQUIRED_USE="importd? ( curl gcrypt lzma )"
-RESTRICT="!test? ( test )"
-
-MINKV="3.11"
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
- sys-libs/libcap:0=[${MULTILIB_USEDEP}]
- !<sys-libs/glibc-2.16
- acl? ( sys-apps/acl:0= )
- apparmor? ( sys-libs/libapparmor:0= )
- audit? ( >=sys-process/audit-2:0= )
- cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
- curl? ( net-misc/curl:0= )
- elfutils? ( >=dev-libs/elfutils-0.158:0= )
- gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
- http? (
- >=net-libs/libmicrohttpd-0.9.33:0=
- ssl? ( >=net-libs/gnutls-3.1.4:0= )
- )
- idn? (
- libidn2? ( net-dns/libidn2:= )
- !libidn2? ( net-dns/libidn:= )
- )
- importd? (
- app-arch/bzip2:0=
- sys-libs/zlib:0=
- )
- kmod? ( >=sys-apps/kmod-15:0= )
- lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
- lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
- nat? ( net-firewall/iptables:0= )
- pam? ( virtual/pam:=[${MULTILIB_USEDEP}] )
- pcre? ( dev-libs/libpcre2 )
- qrcode? ( media-gfx/qrencode:0= )
- seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
- selinux? ( sys-libs/libselinux:0= )
- xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
- >=sys-apps/baselayout-2.2
- selinux? ( sec-policy/selinux-base-policy[systemd] )
- sysv-utils? ( !sys-apps/sysvinit )
- !sysv-utils? ( sys-apps/sysvinit )
- resolvconf? ( !net-dns/openresolv )
- !build? ( || (
- sys-apps/util-linux[kill(-)]
- sys-process/procps[kill(+)]
- sys-apps/coreutils[kill(-)]
- ) )
- !sys-auth/nss-myhostname
- !<sys-kernel/dracut-044
- !sys-fs/eudev
- !sys-fs/udev"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
- >=sys-apps/hwids-20150417[udev]
- >=sys-fs/udev-init-scripts-25
- policykit? ( sys-auth/polkit )
- !vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
- app-arch/xz-utils:0
- dev-util/gperf
- >=dev-util/intltool-0.50
- >=sys-apps/coreutils-8.16
- >=sys-kernel/linux-headers-${MINKV}
- virtual/pkgconfig[${MULTILIB_USEDEP}]
- gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
- test? ( sys-apps/dbus )
- app-text/docbook-xml-dtd:4.2
- app-text/docbook-xml-dtd:4.5
- app-text/docbook-xsl-stylesheets
- dev-libs/libxslt:0
- $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
-"
-
-pkg_pretend() {
- if [[ ${MERGE_TYPE} != buildonly ]]; then
- local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
- ~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
- ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
- ~TIMERFD ~TMPFS_XATTR ~UNIX
- ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
- ~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
- ~!SYSFS_DEPRECATED_V2"
-
- use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
- use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
- kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
- kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
- kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
-
- if linux_config_exists; then
- local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
- if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
- ewarn "It's recommended to set an empty value to the following kernel config option:"
- ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
- fi
- if linux_chkconfig_present X86; then
- CONFIG_CHECK+=" ~DMIID"
- fi
- fi
-
- if kernel_is -lt ${MINKV//./ }; then
- ewarn "Kernel version at least ${MINKV} required"
- fi
-
- check_extra_config
- fi
-}
-
-pkg_setup() {
- :
-}
-
-src_unpack() {
- default
- [[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
- # Do NOT add patches here
- local PATCHES=()
-
- [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
- # Add local patches here
- PATCHES+=(
- "${FILESDIR}"/239-debug-extra.patch
- "${FILESDIR}"/CVE-2019-6454.patch
- )
-
- if ! use vanilla; then
- PATCHES+=(
- "${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
- "${FILESDIR}/gentoo-systemd-user-pam.patch"
- "${FILESDIR}/gentoo-uucp-group-r1.patch"
- "${FILESDIR}/gentoo-generator-path.patch"
- )
- fi
-
- default
-}
-
-src_configure() {
- # Prevent conflicts with i686 cross toolchain, bug 559726
- tc-export AR CC NM OBJCOPY RANLIB
-
- python_setup
-
- multilib-minimal_src_configure
-}
-
-meson_use() {
- usex "$1" true false
-}
-
-meson_multilib() {
- if multilib_is_native_abi; then
- echo true
- else
- echo false
- fi
-}
-
-meson_multilib_native_use() {
- if multilib_is_native_abi && use "$1"; then
- echo true
- else
- echo false
- fi
-}
-
-multilib_src_configure() {
- local myconf=(
- --localstatedir="${EPREFIX}/var"
- -Dpamlibdir="$(getpam_mod_dir)"
- # avoid bash-completion dep
- -Dbashcompletiondir="$(get_bashcompdir)"
- # make sure we get /bin:/sbin in PATH
- -Dsplit-usr=$(usex split-usr true false)
- -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
- -Dsysvinit-path=
- -Dsysvrcnd-path=
- # Avoid infinite exec recursion, bug 642724
- -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
- # no deps
- -Defi=$(meson_multilib)
- -Dima=true
- # Optional components/dependencies
- -Dacl=$(meson_multilib_native_use acl)
- -Dapparmor=$(meson_multilib_native_use apparmor)
- -Daudit=$(meson_multilib_native_use audit)
- -Dlibcryptsetup=$(meson_multilib_native_use cryptsetup)
- -Dlibcurl=$(meson_multilib_native_use curl)
- -Delfutils=$(meson_multilib_native_use elfutils)
- -Dgcrypt=$(meson_use gcrypt)
- -Dgnu-efi=$(meson_multilib_native_use gnuefi)
- -Defi-libdir="${EPREFIX}/usr/$(get_libdir)"
- -Dmicrohttpd=$(meson_multilib_native_use http)
- $(usex http -Dgnutls=$(meson_multilib_native_use ssl) -Dgnutls=false)
- -Dimportd=$(meson_multilib_native_use importd)
- -Dbzip2=$(meson_multilib_native_use importd)
- -Dzlib=$(meson_multilib_native_use importd)
- -Dkmod=$(meson_multilib_native_use kmod)
- -Dlz4=$(meson_use lz4)
- -Dxz=$(meson_use lzma)
- -Dlibiptc=$(meson_multilib_native_use nat)
- -Dpam=$(meson_use pam)
- -Dpcre2=$(meson_multilib_native_use pcre)
- -Dpolkit=$(meson_multilib_native_use policykit)
- -Dqrencode=$(meson_multilib_native_use qrcode)
- -Dseccomp=$(meson_multilib_native_use seccomp)
- -Dselinux=$(meson_multilib_native_use selinux)
- #-Dtests=$(meson_multilib_native_use test)
- -Ddbus=$(meson_multilib_native_use test)
- -Dxkbcommon=$(meson_multilib_native_use xkb)
- # hardcode a few paths to spare some deps
- -Dkill-path=/bin/kill
- -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
- # Breaks screen, tmux, etc.
- -Ddefault-kill-user-processes=false
-
- # multilib options
- -Dbacklight=$(meson_multilib)
- -Dbinfmt=$(meson_multilib)
- -Dcoredump=$(meson_multilib)
- -Denvironment-d=$(meson_multilib)
- -Dfirstboot=$(meson_multilib)
- -Dhibernate=$(meson_multilib)
- -Dhostnamed=$(meson_multilib)
- -Dhwdb=$(meson_multilib)
- -Dldconfig=$(meson_multilib)
- -Dlocaled=$(meson_multilib)
- -Dman=$(meson_multilib)
- -Dnetworkd=$(meson_multilib)
- -Dquotacheck=$(meson_multilib)
- -Drandomseed=$(meson_multilib)
- -Drfkill=$(meson_multilib)
- -Dsysusers=$(meson_multilib)
- -Dtimedated=$(meson_multilib)
- -Dtimesyncd=$(meson_multilib)
- -Dtmpfiles=$(meson_multilib)
- -Dvconsole=$(meson_multilib)
- )
-
- if multilib_is_native_abi && use idn; then
- myconf+=(
- -Dlibidn2=$(usex libidn2 true false)
- -Dlibidn=$(usex libidn2 false true)
- )
- else
- myconf+=(
- -Dlibidn2=false
- -Dlibidn=false
- )
- fi
-
- meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_compile() {
- eninja
-}
-
-multilib_src_test() {
- unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
- eninja test
-}
-
-multilib_src_install() {
- DESTDIR="${D}" eninja install
-}
-
-multilib_src_install_all() {
- local rootprefix=$(usex split-usr '' /usr)
-
- # meson doesn't know about docdir
- mv "${ED%/}"/usr/share/doc/{systemd,${PF}} || die
-
- einstalldocs
- dodoc "${FILESDIR}"/nsswitch.conf
-
- if ! use resolvconf; then
- rm -f "${ED%/}${rootprefix}"/sbin/resolvconf || die
- fi
-
- if ! use sysv-utils; then
- rm "${ED%/}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
- rm "${ED%/}"/usr/share/man/man1/init.1 || die
- rm "${ED%/}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
- fi
-
- if ! use resolvconf && ! use sysv-utils; then
- rmdir "${ED%/}${rootprefix}"/sbin || die
- fi
-
- # Preserve empty dirs in /etc & /var, bug #437008
- keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
- keepdir /etc/systemd/{ntp-units.d,user} /var/lib/systemd
- keepdir /etc/udev/{hwdb.d,rules.d}
- keepdir /var/log/journal/remote
-
- # Symlink /etc/sysctl.conf for easy migration.
- dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
-
- # If we install these symlinks, there is no way for the sysadmin to remove them
- # permanently.
- rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
- rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.network1.service || die
- rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
- rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.resolve1.service || die
- rm -fr "${ED%/}"/etc/systemd/system/network-online.target.wants || die
- rm -fr "${ED%/}"/etc/systemd/system/sockets.target.wants || die
- rm -fr "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
-
- local udevdir=/lib/udev
- use split-usr || udevdir=/usr/lib/udev
-
- rm -r "${ED%/}${udevdir}/hwdb.d" || die
-
- if use split-usr; then
- # Avoid breaking boot/reboot
- dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
- dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
- fi
-}
-
-migrate_locale() {
- local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
- local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
- local locale_conf="${EROOT%/}/etc/locale.conf"
-
- if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
- # If locale.conf does not exist...
- if [[ -e ${envd_locale} ]]; then
- # ...either copy env.d/??locale if there's one
- ebegin "Moving ${envd_locale} to ${locale_conf}"
- mv "${envd_locale}" "${locale_conf}"
- eend ${?} || FAIL=1
- else
- # ...or create a dummy default
- ebegin "Creating ${locale_conf}"
- cat > "${locale_conf}" <<-EOF
- # This file has been created by the sys-apps/systemd ebuild.
- # See locale.conf(5) and localectl(1).
-
- # LANG=${LANG}
- EOF
- eend ${?} || FAIL=1
- fi
- fi
-
- if [[ ! -L ${envd_locale} ]]; then
- # now, if env.d/??locale is not a symlink (to locale.conf)...
- if [[ -e ${envd_locale} ]]; then
- # ...warn the user that he has duplicate locale settings
- ewarn
- ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
- ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
- ewarn "and create the symlink with the following command:"
- ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
- ewarn
- else
- # ...or just create the symlink if there's nothing here
- ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
- ln -n -s ../locale.conf "${envd_locale_def}"
- eend ${?} || FAIL=1
- fi
- fi
-}
-
-pkg_postinst() {
- newusergroup() {
- enewgroup "$1"
- enewuser "$1" -1 -1 -1 "$1"
- }
-
- enewgroup input
- enewgroup kvm 78
- enewgroup render
- enewgroup systemd-journal
- newusergroup systemd-bus-proxy
- newusergroup systemd-coredump
- newusergroup systemd-journal-gateway
- newusergroup systemd-journal-remote
- newusergroup systemd-journal-upload
- newusergroup systemd-network
- newusergroup systemd-resolve
- newusergroup systemd-timesync
-
- systemd_update_catalog
-
- # Keep this here in case the database format changes so it gets updated
- # when required. Despite that this file is owned by sys-apps/hwids.
- if has_version "sys-apps/hwids[udev]"; then
- udevadm hwdb --update --root="${EROOT%/}"
- fi
-
- udev_reload || FAIL=1
-
- # Bug 465468, make sure locales are respect, and ensure consistency
- # between OpenRC & systemd
- migrate_locale
-
- systemd_reenable systemd-networkd.service systemd-resolved.service
-
- if [[ ${FAIL} ]]; then
- eerror "One of the postinst commands failed. Please check the postinst output"
- eerror "for errors. You may need to clean up your system and/or try installing"
- eerror "systemd again."
- eerror
- fi
-}
-
-pkg_prerm() {
- # If removing systemd completely, remove the catalog database.
- if [[ ! ${REPLACED_BY_VERSION} ]]; then
- rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
- fi
-}
diff --git a/sys-apps/systemd/systemd-242-r1.ebuild b/sys-apps/systemd/systemd-242-r1.ebuild
deleted file mode 100644
index a2626727385..00000000000
--- a/sys-apps/systemd/systemd-242-r1.ebuild
+++ /dev/null
@@ -1,491 +0,0 @@
-# Copyright 2011-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-if [[ ${PV} == 9999 ]]; then
- EGIT_REPO_URI="https://github.com/systemd/systemd.git"
- inherit git-r3
-else
- MY_PV=${PV/_/-}
- MY_P=${PN}-${MY_PV}
- S=${WORKDIR}/${MY_P}
- SRC_URI="https://github.com/systemd/systemd/archive/v${MY_PV}/${MY_P}.tar.gz"
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
-fi
-
-PYTHON_COMPAT=( python{3_5,3_6,3_7} )
-
-inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev user
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit build cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi gnutls http idn importd +kmod libidn2 +lz4 lzma nat pam pcre policykit qrcode +resolvconf +seccomp selinux +split-usr +sysv-utils test vanilla xkb"
-
-REQUIRED_USE="importd? ( curl gcrypt lzma )"
-RESTRICT="!test? ( test )"
-
-MINKV="3.11"
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
- sys-libs/libcap:0=[${MULTILIB_USEDEP}]
- !<sys-libs/glibc-2.16
- acl? ( sys-apps/acl:0= )
- apparmor? ( sys-libs/libapparmor:0= )
- audit? ( >=sys-process/audit-2:0= )
- cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
- curl? ( net-misc/curl:0= )
- dns-over-tls? (
- gnutls? ( >=net-libs/gnutls-3.5.3:0= )
- !gnutls? ( >=dev-libs/openssl-1.1.0:0= )
- )
- elfutils? ( >=dev-libs/elfutils-0.158:0= )
- gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
- http? (
- >=net-libs/libmicrohttpd-0.9.33:0=
- gnutls? ( >=net-libs/gnutls-3.1.4:0= )
- )
- idn? (
- libidn2? ( net-dns/libidn2:= )
- !libidn2? ( net-dns/libidn:= )
- )
- importd? (
- app-arch/bzip2:0=
- sys-libs/zlib:0=
- )
- kmod? ( >=sys-apps/kmod-15:0= )
- lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
- lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
- nat? ( net-firewall/iptables:0= )
- pam? ( virtual/pam:=[${MULTILIB_USEDEP}] )
- pcre? ( dev-libs/libpcre2 )
- qrcode? ( media-gfx/qrencode:0= )
- seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
- selinux? ( sys-libs/libselinux:0= )
- xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
- >=sys-apps/baselayout-2.2
- selinux? ( sec-policy/selinux-base-policy[systemd] )
- sysv-utils? ( !sys-apps/sysvinit )
- !sysv-utils? ( sys-apps/sysvinit )
- resolvconf? ( !net-dns/openresolv )
- !build? ( || (
- sys-apps/util-linux[kill(-)]
- sys-process/procps[kill(+)]
- sys-apps/coreutils[kill(-)]
- ) )
- !sys-auth/nss-myhostname
- !<sys-kernel/dracut-044
- !sys-fs/eudev
- !sys-fs/udev"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
- >=sys-apps/hwids-20150417[udev]
- >=sys-fs/udev-init-scripts-25
- policykit? ( sys-auth/polkit )
- !vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="
- >=sys-kernel/linux-headers-${MINKV}
- gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
-"
-
-BDEPEND="
- app-arch/xz-utils:0
- dev-util/gperf
- >=dev-util/meson-0.46
- >=dev-util/intltool-0.50
- >=sys-apps/coreutils-8.16
- sys-devel/m4
- virtual/pkgconfig[${MULTILIB_USEDEP}]
- test? ( sys-apps/dbus )
- app-text/docbook-xml-dtd:4.2
- app-text/docbook-xml-dtd:4.5
- app-text/docbook-xsl-stylesheets
- dev-libs/libxslt:0
- $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
-"
-
-pkg_pretend() {
- if [[ ${MERGE_TYPE} != buildonly ]]; then
- if use test && has pid-sandbox ${FEATURES}; then
- ewarn "Tests are known to fail with PID sandboxing enabled."
- ewarn "See https://bugs.gentoo.org/674458."
- fi
-
- local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
- ~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
- ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
- ~TIMERFD ~TMPFS_XATTR ~UNIX
- ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
- ~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
- ~!SYSFS_DEPRECATED_V2"
-
- use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
- use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
- kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
- kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
- kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
-
- if linux_config_exists; then
- local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
- if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
- ewarn "It's recommended to set an empty value to the following kernel config option:"
- ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
- fi
- if linux_chkconfig_present X86; then
- CONFIG_CHECK+=" ~DMIID"
- fi
- fi
-
- if kernel_is -lt ${MINKV//./ }; then
- ewarn "Kernel version at least ${MINKV} required"
- fi
-
- check_extra_config
- fi
-}
-
-pkg_setup() {
- :
-}
-
-src_unpack() {
- default
- [[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
- # Do NOT add patches here
- local PATCHES=()
-
- [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
- # Add local patches here
- PATCHES+=(
- "${FILESDIR}"/242-gcc-9.patch
- "${FILESDIR}"/242-socket-util-flush-accept.patch
- )
-
- if ! use vanilla; then
- PATCHES+=(
- "${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
- "${FILESDIR}/gentoo-systemd-user-pam.patch"
- "${FILESDIR}/gentoo-uucp-group-r1.patch"
- "${FILESDIR}/gentoo-generator-path-r1.patch"
- )
- fi
-
- default
-}
-
-src_configure() {
- # Prevent conflicts with i686 cross toolchain, bug 559726
- tc-export AR CC NM OBJCOPY RANLIB
-
- python_setup
-
- multilib-minimal_src_configure
-}
-
-meson_use() {
- usex "$1" true false
-}
-
-meson_multilib() {
- if multilib_is_native_abi; then
- echo true
- else
- echo false
- fi
-}
-
-meson_multilib_native_use() {
- if multilib_is_native_abi && use "$1"; then
- echo true
- else
- echo false
- fi
-}
-
-multilib_src_configure() {
- local myconf=(
- --localstatedir="${EPREFIX}/var"
- -Dpamlibdir="$(getpam_mod_dir)"
- # avoid bash-completion dep
- -Dbashcompletiondir="$(get_bashcompdir)"
- # make sure we get /bin:/sbin in PATH
- -Dsplit-usr=$(usex split-usr true false)
- -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
- -Dsysvinit-path=
- -Dsysvrcnd-path=
- # Avoid infinite exec recursion, bug 642724
- -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
- # no deps
- -Defi=$(meson_multilib)
- -Dima=true
- # Optional components/dependencies
- -Dacl=$(meson_multilib_native_use acl)
- -Dapparmor=$(meson_multilib_native_use apparmor)
- -Daudit=$(meson_multilib_native_use audit)
- -Dlibcryptsetup=$(meson_multilib_native_use cryptsetup)
- -Dlibcurl=$(meson_multilib_native_use curl)
- -Delfutils=$(meson_multilib_native_use elfutils)
- -Dgcrypt=$(meson_use gcrypt)
- -Dgnu-efi=$(meson_multilib_native_use gnuefi)
- -Dgnutls=$(meson_multilib_native_use gnutls)
- -Defi-libdir="${EPREFIX}/usr/$(get_libdir)"
- -Dmicrohttpd=$(meson_multilib_native_use http)
- -Dimportd=$(meson_multilib_native_use importd)
- -Dbzip2=$(meson_multilib_native_use importd)
- -Dzlib=$(meson_multilib_native_use importd)
- -Dkmod=$(meson_multilib_native_use kmod)
- -Dlz4=$(meson_use lz4)
- -Dxz=$(meson_use lzma)
- -Dlibiptc=$(meson_multilib_native_use nat)
- -Dpam=$(meson_use pam)
- -Dpcre2=$(meson_multilib_native_use pcre)
- -Dpolkit=$(meson_multilib_native_use policykit)
- -Dqrencode=$(meson_multilib_native_use qrcode)
- -Dseccomp=$(meson_multilib_native_use seccomp)
- -Dselinux=$(meson_multilib_native_use selinux)
- -Ddbus=$(meson_multilib_native_use test)
- -Dxkbcommon=$(meson_multilib_native_use xkb)
- # hardcode a few paths to spare some deps
- -Dkill-path=/bin/kill
- -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
- # Breaks screen, tmux, etc.
- -Ddefault-kill-user-processes=false
-
- # multilib options
- -Dbacklight=$(meson_multilib)
- -Dbinfmt=$(meson_multilib)
- -Dcoredump=$(meson_multilib)
- -Denvironment-d=$(meson_multilib)
- -Dfirstboot=$(meson_multilib)
- -Dhibernate=$(meson_multilib)
- -Dhostnamed=$(meson_multilib)
- -Dhwdb=$(meson_multilib)
- -Dldconfig=$(meson_multilib)
- -Dlocaled=$(meson_multilib)
- -Dman=$(meson_multilib)
- -Dnetworkd=$(meson_multilib)
- -Dquotacheck=$(meson_multilib)
- -Drandomseed=$(meson_multilib)
- -Drfkill=$(meson_multilib)
- -Dsysusers=$(meson_multilib)
- -Dtimedated=$(meson_multilib)
- -Dtimesyncd=$(meson_multilib)
- -Dtmpfiles=$(meson_multilib)
- -Dvconsole=$(meson_multilib)
- )
-
- if multilib_is_native_abi && use idn; then
- myconf+=(
- -Dlibidn2=$(usex libidn2 true false)
- -Dlibidn=$(usex libidn2 false true)
- )
- else
- myconf+=(
- -Dlibidn2=false
- -Dlibidn=false
- )
- fi
-
- if multilib_is_native_abi && use dns-over-tls; then
- myconf+=(
- -Ddns-over-tls=true
- -Dopenssl=$(usex !gnutls true false)
- )
- else
- myconf+=( -Ddns-over-tls=false -Dopenssl=false )
- fi
-
- meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_compile() {
- eninja
-}
-
-multilib_src_test() {
- unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
- eninja test
-}
-
-multilib_src_install() {
- DESTDIR="${D}" eninja install
-}
-
-multilib_src_install_all() {
- local rootprefix=$(usex split-usr '' /usr)
-
- # meson doesn't know about docdir
- mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
-
- einstalldocs
- dodoc "${FILESDIR}"/nsswitch.conf
-
- if ! use resolvconf; then
- rm -f "${ED}${rootprefix}"/sbin/resolvconf || die
- fi
-
- if ! use sysv-utils; then
- rm "${ED}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
- rm "${ED}"/usr/share/man/man1/init.1 || die
- rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
- fi
-
- if ! use resolvconf && ! use sysv-utils; then
- rmdir "${ED}${rootprefix}"/sbin || die
- fi
-
- # Preserve empty dirs in /etc & /var, bug #437008
- keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
- keepdir /etc/systemd/{ntp-units.d,user} /var/lib/systemd
- keepdir /etc/udev/{hwdb.d,rules.d}
- keepdir /var/log/journal/remote
-
- # Symlink /etc/sysctl.conf for easy migration.
- dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
-
- local udevdir=/lib/udev
- use split-usr || udevdir=/usr/lib/udev
-
- rm -r "${ED}${udevdir}/hwdb.d" || die
-
- if use split-usr; then
- # Avoid breaking boot/reboot
- dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
- dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
- fi
-}
-
-migrate_locale() {
- local envd_locale_def="${EROOT}/etc/env.d/02locale"
- local envd_locale=( "${EROOT}"/etc/env.d/??locale )
- local locale_conf="${EROOT}/etc/locale.conf"
-
- if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
- # If locale.conf does not exist...
- if [[ -e ${envd_locale} ]]; then
- # ...either copy env.d/??locale if there's one
- ebegin "Moving ${envd_locale} to ${locale_conf}"
- mv "${envd_locale}" "${locale_conf}"
- eend ${?} || FAIL=1
- else
- # ...or create a dummy default
- ebegin "Creating ${locale_conf}"
- cat > "${locale_conf}" <<-EOF
- # This file has been created by the sys-apps/systemd ebuild.
- # See locale.conf(5) and localectl(1).
-
- # LANG=${LANG}
- EOF
- eend ${?} || FAIL=1
- fi
- fi
-
- if [[ ! -L ${envd_locale} ]]; then
- # now, if env.d/??locale is not a symlink (to locale.conf)...
- if [[ -e ${envd_locale} ]]; then
- # ...warn the user that he has duplicate locale settings
- ewarn
- ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
- ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
- ewarn "and create the symlink with the following command:"
- ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
- ewarn
- else
- # ...or just create the symlink if there's nothing here
- ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
- ln -n -s ../locale.conf "${envd_locale_def}"
- eend ${?} || FAIL=1
- fi
- fi
-}
-
-save_enabled_units() {
- ENABLED_UNITS=()
- type systemctl &>/dev/null || return
- for x; do
- if systemctl --quiet --root="${ROOT:-/}" is-enabled "${x}"; then
- ENABLED_UNITS+=( "${x}" )
- fi
- done
-}
-
-pkg_preinst() {
- save_enabled_units {machines,remote-{cryptsetup,fs}}.target getty@tty1.service
-}
-
-pkg_postinst() {
- newusergroup() {
- enewgroup "$1"
- enewuser "$1" -1 -1 -1 "$1"
- }
-
- enewgroup input
- enewgroup kvm 78
- enewgroup render
- enewgroup systemd-journal
- newusergroup systemd-bus-proxy
- newusergroup systemd-coredump
- newusergroup systemd-journal-gateway
- newusergroup systemd-journal-remote
- newusergroup systemd-journal-upload
- newusergroup systemd-network
- newusergroup systemd-resolve
- newusergroup systemd-timesync
-
- systemd_update_catalog
-
- # Keep this here in case the database format changes so it gets updated
- # when required. Despite that this file is owned by sys-apps/hwids.
- if has_version "sys-apps/hwids[udev]"; then
- udevadm hwdb --update --root="${EROOT}"
- fi
-
- udev_reload || FAIL=1
-
- # Bug 465468, make sure locales are respect, and ensure consistency
- # between OpenRC & systemd
- migrate_locale
-
- systemd_reenable systemd-networkd.service systemd-resolved.service
-
- if [[ ${ENABLED_UNITS[@]} ]]; then
- systemctl --root="${ROOT:-/}" enable "${ENABLED_UNITS[@]}"
- fi
-
- if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
- rm "${EROOT}/var/lib/systemd/timesync"
- fi
-
- if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
- ebegin "Reexecuting system manager"
- systemctl daemon-reexec
- eend $?
- fi
-
- if [[ ${FAIL} ]]; then
- eerror "One of the postinst commands failed. Please check the postinst output"
- eerror "for errors. You may need to clean up your system and/or try installing"
- eerror "systemd again."
- eerror
- fi
-}
-
-pkg_prerm() {
- # If removing systemd completely, remove the catalog database.
- if [[ ! ${REPLACED_BY_VERSION} ]]; then
- rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
- fi
-}
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2019-02-18 23:32 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2019-02-18 23:32 UTC (permalink / raw
To: gentoo-commits
commit: b8fdbe1769429ab4e0310916f85275f7a4e5b74e
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Feb 18 23:31:19 2019 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Feb 18 23:31:56 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b8fdbe17
sys-apps/systemd: apply fix for CVE-2019-6454 to 239
Bug: https://bugs.gentoo.org/677944
Package-Manager: Portage-2.3.59_p2, Repoman-2.3.12_p67
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-apps/systemd/files/CVE-2019-6454.patch | 198 +++++++++++++
sys-apps/systemd/systemd-239-r4.ebuild | 449 +++++++++++++++++++++++++++++
2 files changed, 647 insertions(+)
diff --git a/sys-apps/systemd/files/CVE-2019-6454.patch b/sys-apps/systemd/files/CVE-2019-6454.patch
new file mode 100644
index 00000000000..97b7d635e7d
--- /dev/null
+++ b/sys-apps/systemd/files/CVE-2019-6454.patch
@@ -0,0 +1,198 @@
+--- a/src/libsystemd/sd-bus/bus-internal.c
++++ b/src/libsystemd/sd-bus/bus-internal.c
+@@ -45,7 +45,7 @@
+ if (slash)
+ return false;
+
+- return true;
++ return (q - p) <= BUS_PATH_SIZE_MAX;
+ }
+
+ char* object_path_startswith(const char *a, const char *b) {
+--- a/src/libsystemd/sd-bus/bus-internal.h
++++ b/src/libsystemd/sd-bus/bus-internal.h
+@@ -333,6 +333,10 @@
+
+ #define BUS_MESSAGE_SIZE_MAX (128*1024*1024)
+ #define BUS_AUTH_SIZE_MAX (64*1024)
++/* Note that the D-Bus specification states that bus paths shall have no size limit. We enforce here one
++ * anyway, since truly unbounded strings are a security problem. The limit we pick is relatively large however,
++ * to not clash unnecessarily with real-life applications. */
++#define BUS_PATH_SIZE_MAX (64*1024)
+
+ #define BUS_CONTAINER_DEPTH 128
+
+--- a/src/libsystemd/sd-bus/bus-objects.c
++++ b/src/libsystemd/sd-bus/bus-objects.c
+@@ -1134,7 +1134,8 @@
+ const char *path,
+ sd_bus_error *error) {
+
+- char *prefix;
++ _cleanup_free_ char *prefix = NULL;
++ size_t pl;
+ int r;
+
+ assert(bus);
+@@ -1150,7 +1151,12 @@
+ return 0;
+
+ /* Second, add fallback vtables registered for any of the prefixes */
+- prefix = alloca(strlen(path) + 1);
++ pl = strlen(path);
++ assert(pl <= BUS_PATH_SIZE_MAX);
++ prefix = new(char, pl + 1);
++ if (!prefix)
++ return -ENOMEM;
++
+ OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+ r = object_manager_serialize_path(bus, reply, prefix, path, true, error);
+ if (r < 0)
+@@ -1346,6 +1352,7 @@
+ }
+
+ int bus_process_object(sd_bus *bus, sd_bus_message *m) {
++ _cleanup_free_ char *prefix = NULL;
+ int r;
+ size_t pl;
+ bool found_object = false;
+@@ -1370,9 +1377,12 @@
+ assert(m->member);
+
+ pl = strlen(m->path);
+- do {
+- char prefix[pl+1];
++ assert(pl <= BUS_PATH_SIZE_MAX);
++ prefix = new(char, pl + 1);
++ if (!prefix)
++ return -ENOMEM;
+
++ do {
+ bus->nodes_modified = false;
+
+ r = object_find_and_run(bus, m, m->path, false, &found_object);
+@@ -1499,9 +1509,15 @@
+
+ n = hashmap_get(bus->nodes, path);
+ if (!n) {
+- char *prefix;
++ _cleanup_free_ char *prefix = NULL;
++ size_t pl;
++
++ pl = strlen(path);
++ assert(pl <= BUS_PATH_SIZE_MAX);
++ prefix = new(char, pl + 1);
++ if (!prefix)
++ return -ENOMEM;
+
+- prefix = alloca(strlen(path) + 1);
+ OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+ n = hashmap_get(bus->nodes, prefix);
+ if (n)
+@@ -2091,8 +2107,9 @@
+ char **names) {
+
+ BUS_DONT_DESTROY(bus);
++ _cleanup_free_ char *prefix = NULL;
+ bool found_interface = false;
+- char *prefix;
++ size_t pl;
+ int r;
+
+ assert_return(bus, -EINVAL);
+@@ -2111,6 +2128,12 @@
+ if (names && names[0] == NULL)
+ return 0;
+
++ pl = strlen(path);
++ assert(pl <= BUS_PATH_SIZE_MAX);
++ prefix = new(char, pl + 1);
++ if (!prefix)
++ return -ENOMEM;
++
+ do {
+ bus->nodes_modified = false;
+
+@@ -2120,7 +2143,6 @@
+ if (bus->nodes_modified)
+ continue;
+
+- prefix = alloca(strlen(path) + 1);
+ OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+ r = emit_properties_changed_on_interface(bus, prefix, path, interface, true, &found_interface, names);
+ if (r != 0)
+@@ -2252,7 +2274,8 @@
+
+ static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *path) {
+ _cleanup_set_free_ Set *s = NULL;
+- char *prefix;
++ _cleanup_free_ char *prefix = NULL;
++ size_t pl;
+ int r;
+
+ assert(bus);
+@@ -2297,7 +2320,12 @@
+ if (bus->nodes_modified)
+ return 0;
+
+- prefix = alloca(strlen(path) + 1);
++ pl = strlen(path);
++ assert(pl <= BUS_PATH_SIZE_MAX);
++ prefix = new(char, pl + 1);
++ if (!prefix)
++ return -ENOMEM;
++
+ OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+ r = object_added_append_all_prefix(bus, m, s, prefix, path, true);
+ if (r < 0)
+@@ -2436,7 +2464,8 @@
+
+ static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char *path) {
+ _cleanup_set_free_ Set *s = NULL;
+- char *prefix;
++ _cleanup_free_ char *prefix = NULL;
++ size_t pl;
+ int r;
+
+ assert(bus);
+@@ -2468,7 +2497,12 @@
+ if (bus->nodes_modified)
+ return 0;
+
+- prefix = alloca(strlen(path) + 1);
++ pl = strlen(path);
++ assert(pl <= BUS_PATH_SIZE_MAX);
++ prefix = new(char, pl + 1);
++ if (!prefix)
++ return -ENOMEM;
++
+ OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+ r = object_removed_append_all_prefix(bus, m, s, prefix, path, true);
+ if (r < 0)
+@@ -2618,7 +2652,8 @@
+ const char *path,
+ const char *interface) {
+
+- char *prefix;
++ _cleanup_free_ char *prefix = NULL;
++ size_t pl;
+ int r;
+
+ assert(bus);
+@@ -2632,7 +2667,12 @@
+ if (bus->nodes_modified)
+ return 0;
+
+- prefix = alloca(strlen(path) + 1);
++ pl = strlen(path);
++ assert(pl <= BUS_PATH_SIZE_MAX);
++ prefix = new(char, pl + 1);
++ if (!prefix)
++ return -ENOMEM;
++
+ OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+ r = interfaces_added_append_one_prefix(bus, m, prefix, path, interface, true);
+ if (r != 0)
+
+
+
diff --git a/sys-apps/systemd/systemd-239-r4.ebuild b/sys-apps/systemd/systemd-239-r4.ebuild
new file mode 100644
index 00000000000..c44ada3fd2e
--- /dev/null
+++ b/sys-apps/systemd/systemd-239-r4.ebuild
@@ -0,0 +1,449 @@
+# Copyright 2011-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+if [[ ${PV} == 9999 ]]; then
+ EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+ inherit git-r3
+else
+ SRC_URI="https://github.com/systemd/systemd/archive/v${PV}/${P}.tar.gz
+ https://dev.gentoo.org/~floppym/dist/${P}-patches-2.tar.gz"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+fi
+
+PYTHON_COMPAT=( python{3_4,3_5,3_6,3_7} )
+
+inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev user
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi http idn importd +kmod libidn2 +lz4 lzma nat pam pcre policykit qrcode +resolvconf +seccomp selinux +split-usr ssl +sysv-utils test vanilla xkb"
+
+REQUIRED_USE="importd? ( curl gcrypt lzma )"
+RESTRICT="!test? ( test )"
+
+MINKV="3.11"
+
+COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+ sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+ !<sys-libs/glibc-2.16
+ acl? ( sys-apps/acl:0= )
+ apparmor? ( sys-libs/libapparmor:0= )
+ audit? ( >=sys-process/audit-2:0= )
+ cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
+ curl? ( net-misc/curl:0= )
+ elfutils? ( >=dev-libs/elfutils-0.158:0= )
+ gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+ http? (
+ >=net-libs/libmicrohttpd-0.9.33:0=
+ ssl? ( >=net-libs/gnutls-3.1.4:0= )
+ )
+ idn? (
+ libidn2? ( net-dns/libidn2:= )
+ !libidn2? ( net-dns/libidn:= )
+ )
+ importd? (
+ app-arch/bzip2:0=
+ sys-libs/zlib:0=
+ )
+ kmod? ( >=sys-apps/kmod-15:0= )
+ lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+ nat? ( net-firewall/iptables:0= )
+ pam? ( virtual/pam:=[${MULTILIB_USEDEP}] )
+ pcre? ( dev-libs/libpcre2 )
+ qrcode? ( media-gfx/qrencode:0= )
+ seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+ selinux? ( sys-libs/libselinux:0= )
+ xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )"
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+ >=sys-apps/baselayout-2.2
+ selinux? ( sec-policy/selinux-base-policy[systemd] )
+ sysv-utils? ( !sys-apps/sysvinit )
+ !sysv-utils? ( sys-apps/sysvinit )
+ resolvconf? ( !net-dns/openresolv )
+ !build? ( || (
+ sys-apps/util-linux[kill(-)]
+ sys-process/procps[kill(+)]
+ sys-apps/coreutils[kill(-)]
+ ) )
+ !sys-auth/nss-myhostname
+ !<sys-kernel/dracut-044
+ !sys-fs/eudev
+ !sys-fs/udev"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+ >=sys-apps/hwids-20150417[udev]
+ >=sys-fs/udev-init-scripts-25
+ policykit? ( sys-auth/polkit )
+ !vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+ app-arch/xz-utils:0
+ dev-util/gperf
+ >=dev-util/intltool-0.50
+ >=sys-apps/coreutils-8.16
+ >=sys-kernel/linux-headers-${MINKV}
+ virtual/pkgconfig[${MULTILIB_USEDEP}]
+ gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
+ test? ( sys-apps/dbus )
+ app-text/docbook-xml-dtd:4.2
+ app-text/docbook-xml-dtd:4.5
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt:0
+ $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
+"
+
+pkg_pretend() {
+ if [[ ${MERGE_TYPE} != buildonly ]]; then
+ local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
+ ~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+ ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+ ~TIMERFD ~TMPFS_XATTR ~UNIX
+ ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+ ~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+ ~!SYSFS_DEPRECATED_V2"
+
+ use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+ use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+ kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
+ kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
+ kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
+
+ if linux_config_exists; then
+ local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+ if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+ ewarn "It's recommended to set an empty value to the following kernel config option:"
+ ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+ fi
+ if linux_chkconfig_present X86; then
+ CONFIG_CHECK+=" ~DMIID"
+ fi
+ fi
+
+ if kernel_is -lt ${MINKV//./ }; then
+ ewarn "Kernel version at least ${MINKV} required"
+ fi
+
+ check_extra_config
+ fi
+}
+
+pkg_setup() {
+ :
+}
+
+src_unpack() {
+ default
+ [[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+ # Do NOT add patches here
+ local PATCHES=()
+
+ [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
+
+ # Add local patches here
+ PATCHES+=(
+ "${FILESDIR}"/239-debug-extra.patch
+ "${FILESDIR}"/CVE-2019-6454.patch
+ )
+
+ if ! use vanilla; then
+ PATCHES+=(
+ "${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
+ "${FILESDIR}/gentoo-systemd-user-pam.patch"
+ "${FILESDIR}/gentoo-uucp-group-r1.patch"
+ "${FILESDIR}/gentoo-generator-path.patch"
+ )
+ fi
+
+ default
+}
+
+src_configure() {
+ # Prevent conflicts with i686 cross toolchain, bug 559726
+ tc-export AR CC NM OBJCOPY RANLIB
+
+ python_setup
+
+ multilib-minimal_src_configure
+}
+
+meson_use() {
+ usex "$1" true false
+}
+
+meson_multilib() {
+ if multilib_is_native_abi; then
+ echo true
+ else
+ echo false
+ fi
+}
+
+meson_multilib_native_use() {
+ if multilib_is_native_abi && use "$1"; then
+ echo true
+ else
+ echo false
+ fi
+}
+
+multilib_src_configure() {
+ local myconf=(
+ --localstatedir="${EPREFIX}/var"
+ -Dpamlibdir="$(getpam_mod_dir)"
+ # avoid bash-completion dep
+ -Dbashcompletiondir="$(get_bashcompdir)"
+ # make sure we get /bin:/sbin in PATH
+ -Dsplit-usr=$(usex split-usr true false)
+ -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
+ -Dsysvinit-path=
+ -Dsysvrcnd-path=
+ # Avoid infinite exec recursion, bug 642724
+ -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+ # no deps
+ -Defi=$(meson_multilib)
+ -Dima=true
+ # Optional components/dependencies
+ -Dacl=$(meson_multilib_native_use acl)
+ -Dapparmor=$(meson_multilib_native_use apparmor)
+ -Daudit=$(meson_multilib_native_use audit)
+ -Dlibcryptsetup=$(meson_multilib_native_use cryptsetup)
+ -Dlibcurl=$(meson_multilib_native_use curl)
+ -Delfutils=$(meson_multilib_native_use elfutils)
+ -Dgcrypt=$(meson_use gcrypt)
+ -Dgnu-efi=$(meson_multilib_native_use gnuefi)
+ -Defi-libdir="${EPREFIX}/usr/$(get_libdir)"
+ -Dmicrohttpd=$(meson_multilib_native_use http)
+ $(usex http -Dgnutls=$(meson_multilib_native_use ssl) -Dgnutls=false)
+ -Dimportd=$(meson_multilib_native_use importd)
+ -Dbzip2=$(meson_multilib_native_use importd)
+ -Dzlib=$(meson_multilib_native_use importd)
+ -Dkmod=$(meson_multilib_native_use kmod)
+ -Dlz4=$(meson_use lz4)
+ -Dxz=$(meson_use lzma)
+ -Dlibiptc=$(meson_multilib_native_use nat)
+ -Dpam=$(meson_use pam)
+ -Dpcre2=$(meson_multilib_native_use pcre)
+ -Dpolkit=$(meson_multilib_native_use policykit)
+ -Dqrencode=$(meson_multilib_native_use qrcode)
+ -Dseccomp=$(meson_multilib_native_use seccomp)
+ -Dselinux=$(meson_multilib_native_use selinux)
+ #-Dtests=$(meson_multilib_native_use test)
+ -Ddbus=$(meson_multilib_native_use test)
+ -Dxkbcommon=$(meson_multilib_native_use xkb)
+ # hardcode a few paths to spare some deps
+ -Dkill-path=/bin/kill
+ -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+ # Breaks screen, tmux, etc.
+ -Ddefault-kill-user-processes=false
+
+ # multilib options
+ -Dbacklight=$(meson_multilib)
+ -Dbinfmt=$(meson_multilib)
+ -Dcoredump=$(meson_multilib)
+ -Denvironment-d=$(meson_multilib)
+ -Dfirstboot=$(meson_multilib)
+ -Dhibernate=$(meson_multilib)
+ -Dhostnamed=$(meson_multilib)
+ -Dhwdb=$(meson_multilib)
+ -Dldconfig=$(meson_multilib)
+ -Dlocaled=$(meson_multilib)
+ -Dman=$(meson_multilib)
+ -Dnetworkd=$(meson_multilib)
+ -Dquotacheck=$(meson_multilib)
+ -Drandomseed=$(meson_multilib)
+ -Drfkill=$(meson_multilib)
+ -Dsysusers=$(meson_multilib)
+ -Dtimedated=$(meson_multilib)
+ -Dtimesyncd=$(meson_multilib)
+ -Dtmpfiles=$(meson_multilib)
+ -Dvconsole=$(meson_multilib)
+ )
+
+ if multilib_is_native_abi && use idn; then
+ myconf+=(
+ -Dlibidn2=$(usex libidn2 true false)
+ -Dlibidn=$(usex libidn2 false true)
+ )
+ else
+ myconf+=(
+ -Dlibidn2=false
+ -Dlibidn=false
+ )
+ fi
+
+ meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_compile() {
+ eninja
+}
+
+multilib_src_test() {
+ unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
+ eninja test
+}
+
+multilib_src_install() {
+ DESTDIR="${D}" eninja install
+}
+
+multilib_src_install_all() {
+ local rootprefix=$(usex split-usr '' /usr)
+
+ # meson doesn't know about docdir
+ mv "${ED%/}"/usr/share/doc/{systemd,${PF}} || die
+
+ einstalldocs
+ dodoc "${FILESDIR}"/nsswitch.conf
+
+ if ! use resolvconf; then
+ rm -f "${ED%/}${rootprefix}"/sbin/resolvconf || die
+ fi
+
+ if ! use sysv-utils; then
+ rm "${ED%/}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
+ rm "${ED%/}"/usr/share/man/man1/init.1 || die
+ rm "${ED%/}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
+ fi
+
+ if ! use resolvconf && ! use sysv-utils; then
+ rmdir "${ED%/}${rootprefix}"/sbin || die
+ fi
+
+ # Preserve empty dirs in /etc & /var, bug #437008
+ keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+ keepdir /etc/systemd/{ntp-units.d,user} /var/lib/systemd
+ keepdir /etc/udev/{hwdb.d,rules.d}
+ keepdir /var/log/journal/remote
+
+ # Symlink /etc/sysctl.conf for easy migration.
+ dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
+
+ # If we install these symlinks, there is no way for the sysadmin to remove them
+ # permanently.
+ rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
+ rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.network1.service || die
+ rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
+ rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.resolve1.service || die
+ rm -fr "${ED%/}"/etc/systemd/system/network-online.target.wants || die
+ rm -fr "${ED%/}"/etc/systemd/system/sockets.target.wants || die
+ rm -fr "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
+
+ local udevdir=/lib/udev
+ use split-usr || udevdir=/usr/lib/udev
+
+ rm -r "${ED%/}${udevdir}/hwdb.d" || die
+
+ if use split-usr; then
+ # Avoid breaking boot/reboot
+ dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
+ dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
+ fi
+}
+
+migrate_locale() {
+ local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
+ local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
+ local locale_conf="${EROOT%/}/etc/locale.conf"
+
+ if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+ # If locale.conf does not exist...
+ if [[ -e ${envd_locale} ]]; then
+ # ...either copy env.d/??locale if there's one
+ ebegin "Moving ${envd_locale} to ${locale_conf}"
+ mv "${envd_locale}" "${locale_conf}"
+ eend ${?} || FAIL=1
+ else
+ # ...or create a dummy default
+ ebegin "Creating ${locale_conf}"
+ cat > "${locale_conf}" <<-EOF
+ # This file has been created by the sys-apps/systemd ebuild.
+ # See locale.conf(5) and localectl(1).
+
+ # LANG=${LANG}
+ EOF
+ eend ${?} || FAIL=1
+ fi
+ fi
+
+ if [[ ! -L ${envd_locale} ]]; then
+ # now, if env.d/??locale is not a symlink (to locale.conf)...
+ if [[ -e ${envd_locale} ]]; then
+ # ...warn the user that he has duplicate locale settings
+ ewarn
+ ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+ ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+ ewarn "and create the symlink with the following command:"
+ ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+ ewarn
+ else
+ # ...or just create the symlink if there's nothing here
+ ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+ ln -n -s ../locale.conf "${envd_locale_def}"
+ eend ${?} || FAIL=1
+ fi
+ fi
+}
+
+pkg_postinst() {
+ newusergroup() {
+ enewgroup "$1"
+ enewuser "$1" -1 -1 -1 "$1"
+ }
+
+ enewgroup input
+ enewgroup kvm 78
+ enewgroup render
+ enewgroup systemd-journal
+ newusergroup systemd-bus-proxy
+ newusergroup systemd-coredump
+ newusergroup systemd-journal-gateway
+ newusergroup systemd-journal-remote
+ newusergroup systemd-journal-upload
+ newusergroup systemd-network
+ newusergroup systemd-resolve
+ newusergroup systemd-timesync
+
+ systemd_update_catalog
+
+ # Keep this here in case the database format changes so it gets updated
+ # when required. Despite that this file is owned by sys-apps/hwids.
+ if has_version "sys-apps/hwids[udev]"; then
+ udevadm hwdb --update --root="${EROOT%/}"
+ fi
+
+ udev_reload || FAIL=1
+
+ # Bug 465468, make sure locales are respect, and ensure consistency
+ # between OpenRC & systemd
+ migrate_locale
+
+ systemd_reenable systemd-networkd.service systemd-resolved.service
+
+ if [[ ${FAIL} ]]; then
+ eerror "One of the postinst commands failed. Please check the postinst output"
+ eerror "for errors. You may need to clean up your system and/or try installing"
+ eerror "systemd again."
+ eerror
+ fi
+}
+
+pkg_prerm() {
+ # If removing systemd completely, remove the catalog database.
+ if [[ ! ${REPLACED_BY_VERSION} ]]; then
+ rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+ fi
+}
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2018-12-26 4:02 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2018-12-26 4:02 UTC (permalink / raw
To: gentoo-commits
commit: 9f1432cda09ee42e59d6f67279f09140601e8269
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Dec 26 04:02:01 2018 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Dec 26 04:02:01 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f1432cd
sys-apps/systemd: update generator-path patch
Package-Manager: Portage-2.3.52_p8, Repoman-2.3.12_p20
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
.../systemd/files/gentoo-generator-path-r1.patch | 27 ++++++++++++++++++++++
sys-apps/systemd/systemd-9999.ebuild | 2 +-
2 files changed, 28 insertions(+), 1 deletion(-)
diff --git a/sys-apps/systemd/files/gentoo-generator-path-r1.patch b/sys-apps/systemd/files/gentoo-generator-path-r1.patch
new file mode 100644
index 00000000000..459be9d99ed
--- /dev/null
+++ b/sys-apps/systemd/files/gentoo-generator-path-r1.patch
@@ -0,0 +1,27 @@
+From 3c7918deafa34313b935851171279d8fdb5cfadb Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Tue, 25 Dec 2018 22:52:50 -0500
+Subject: [PATCH] path-lookup: look for generators in
+ {,/usr}/lib/systemd/system-generators
+
+Bug: https://bugs.gentoo.org/625402
+---
+ src/shared/path-lookup.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c
+index 442fde7b2d..6814164504 100644
+--- a/src/shared/path-lookup.c
++++ b/src/shared/path-lookup.c
+@@ -888,6 +888,8 @@ char **generator_binary_paths(UnitFileScope scope) {
+ return strv_new("/run/systemd/system-generators",
+ "/etc/systemd/system-generators",
+ "/usr/local/lib/systemd/system-generators",
++ "/usr/lib/systemd/system-generators",
++ "/lib/systemd/system-generators",
+ SYSTEM_GENERATOR_PATH);
+
+ case UNIT_FILE_GLOBAL:
+--
+2.20.1
+
diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 3403bfbf099..1297d2c0d74 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -161,7 +161,7 @@ src_prepare() {
"${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
"${FILESDIR}/gentoo-systemd-user-pam.patch"
"${FILESDIR}/gentoo-uucp-group-r1.patch"
- "${FILESDIR}/gentoo-generator-path.patch"
+ "${FILESDIR}/gentoo-generator-path-r1.patch"
)
fi
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2018-05-24 20:33 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2018-05-24 20:33 UTC (permalink / raw
To: gentoo-commits
commit: ec933bb0dda9b1771bf3f53d2bfb835040dfa07a
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu May 24 20:32:44 2018 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu May 24 20:33:03 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ec933bb0
sys-apps/systemd: fix raw_clone() on sparc
Closes: https://bugs.gentoo.org/656368
Package-Manager: Portage-2.3.37, Repoman-2.3.9_p219
sys-apps/systemd/files/238-sparc-raw-clone.patch | 42 ++++++++++++++++++++++
...systemd-238-r6.ebuild => systemd-238-r7.ebuild} | 1 +
2 files changed, 43 insertions(+)
diff --git a/sys-apps/systemd/files/238-sparc-raw-clone.patch b/sys-apps/systemd/files/238-sparc-raw-clone.patch
new file mode 100644
index 00000000000..736a498e918
--- /dev/null
+++ b/sys-apps/systemd/files/238-sparc-raw-clone.patch
@@ -0,0 +1,42 @@
+From e4aa2c34d526c108dd8fa37448b19bdb38de52c9 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Thu, 24 May 2018 10:48:55 -0400
+Subject: [PATCH] basic: fix raw_clone() on 32-bit sparc
+
+The clone syscall uses the same semantics as on 64-bit. The trap number
+for syscall entry is different.
+
+Bug: https://bugs.gentoo.org/656368
+---
+ src/basic/raw-clone.h | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/basic/raw-clone.h b/src/basic/raw-clone.h
+index d8a68663180..d35540903ab 100644
+--- a/src/basic/raw-clone.h
++++ b/src/basic/raw-clone.h
+@@ -39,10 +39,10 @@ static inline pid_t raw_clone(unsigned long flags) {
+ /* On s390/s390x and cris the order of the first and second arguments
+ * of the raw clone() system call is reversed. */
+ ret = (pid_t) syscall(__NR_clone, NULL, flags);
+-#elif defined(__sparc__) && defined(__arch64__)
++#elif defined(__sparc__)
+ {
+ /**
+- * sparc64 always returns the other process id in %o0, and
++ * sparc always returns the other process id in %o0, and
+ * a boolean flag whether this is the child or the parent in
+ * %o1. Inline assembly is needed to get the flag returned
+ * in %o1.
+@@ -52,7 +52,11 @@ static inline pid_t raw_clone(unsigned long flags) {
+ asm volatile("mov %2, %%g1\n\t"
+ "mov %3, %%o0\n\t"
+ "mov 0 , %%o1\n\t"
++#if defined(__arch64__)
+ "t 0x6d\n\t"
++#else
++ "t 0x10\n\t"
++#endif
+ "mov %%o1, %0\n\t"
+ "mov %%o0, %1" :
+ "=r"(in_child), "=r"(child_pid) :
diff --git a/sys-apps/systemd/systemd-238-r6.ebuild b/sys-apps/systemd/systemd-238-r7.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-238-r6.ebuild
rename to sys-apps/systemd/systemd-238-r7.ebuild
index b015f21cb90..e65ddd901dd 100644
--- a/sys-apps/systemd/systemd-238-r6.ebuild
+++ b/sys-apps/systemd/systemd-238-r7.ebuild
@@ -154,6 +154,7 @@ src_prepare() {
"${FILESDIR}/238-initctl.patch"
"${FILESDIR}/238-nspawn-wait.patch"
"${FILESDIR}/238-timesync-connection.patch"
+ "${FILESDIR}/238-sparc-raw-clone.patch"
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2018-04-18 16:50 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2018-04-18 16:50 UTC (permalink / raw
To: gentoo-commits
commit: 92f2fa6fd24ae18ecafeab68ffd72eddc028325f
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 18 16:50:39 2018 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Apr 18 16:50:55 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=92f2fa6f
sys-apps/systemd: backport timesync fix
Package-Manager: Portage-2.3.24, Repoman-2.3.6_p81
.../systemd/files/238-timesync-connection.patch | 49 ++++++++++++++++++++++
...systemd-238-r5.ebuild => systemd-238-r6.ebuild} | 1 +
2 files changed, 50 insertions(+)
diff --git a/sys-apps/systemd/files/238-timesync-connection.patch b/sys-apps/systemd/files/238-timesync-connection.patch
new file mode 100644
index 00000000000..a48a88e9e68
--- /dev/null
+++ b/sys-apps/systemd/files/238-timesync-connection.patch
@@ -0,0 +1,49 @@
+From 6d254dba01491b994115ecef8c4017fbe5451606 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Mon, 16 Apr 2018 12:24:36 +0900
+Subject: [PATCH] timesync: establish connection when network become online and
+ the manager is not connected yet
+
+This also introduces `manager_is_connected()` helper function, which
+returns true when the manager is sending a request, resolving a server
+name, or in a poll interval.
+
+Follow-up for 3e85ec072180b6fbec82d715186985536859a29d.
+Fixes #8719.
+---
+ src/timesync/timesyncd-manager.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/timesync/timesyncd-manager.c b/src/timesync/timesyncd-manager.c
+index cfdc43b0ff2..0c5d3e2d6f7 100644
+--- a/src/timesync/timesyncd-manager.c
++++ b/src/timesync/timesyncd-manager.c
+@@ -1036,6 +1036,12 @@ static int manager_network_read_link_servers(Manager *m) {
+ return r;
+ }
+
++static bool manager_is_connected(Manager *m) {
++ /* Return true when the manager is sending a request, resolving a server name, or
++ * in a poll interval. */
++ return m->server_socket >= 0 || m->resolve_query || m->event_timer;
++}
++
+ static int manager_network_event_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
+ Manager *m = userdata;
+ bool changed, connected, online;
+@@ -1051,13 +1057,13 @@ static int manager_network_event_handler(sd_event_source *s, int fd, uint32_t re
+ online = network_is_online();
+
+ /* check if the client is currently connected */
+- connected = m->server_socket >= 0 || m->resolve_query || m->exhausted_servers;
++ connected = manager_is_connected(m);
+
+ if (connected && !online) {
+ log_info("No network connectivity, watching for changes.");
+ manager_disconnect(m);
+
+- } else if (!connected && online && changed) {
++ } else if ((!connected || changed) && online) {
+ log_info("Network configuration changed, trying to establish connection.");
+
+ if (m->current_server_address)
diff --git a/sys-apps/systemd/systemd-238-r5.ebuild b/sys-apps/systemd/systemd-238-r6.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-238-r5.ebuild
rename to sys-apps/systemd/systemd-238-r6.ebuild
index 6d0ee7602a8..8625668cfff 100644
--- a/sys-apps/systemd/systemd-238-r5.ebuild
+++ b/sys-apps/systemd/systemd-238-r6.ebuild
@@ -155,6 +155,7 @@ src_prepare() {
PATCHES+=(
"${FILESDIR}/238-initctl.patch"
"${FILESDIR}/238-nspawn-wait.patch"
+ "${FILESDIR}/238-timesync-connection.patch"
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2018-04-05 20:12 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2018-04-05 20:12 UTC (permalink / raw
To: gentoo-commits
commit: 3ffe8430672993cfc0d8d0b3abdf4d777cf3fdc1
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 5 20:11:52 2018 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Apr 5 20:11:52 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3ffe8430
sys-apps/systemd: fix regression in nspawn network setup
Closes: https://bugs.gentoo.org/652396
Package-Manager: Portage-2.3.24, Repoman-2.3.6_p81
sys-apps/systemd/files/238-nspawn-wait.patch | 83 ++++++++++++++++++++++
...systemd-238-r3.ebuild => systemd-238-r4.ebuild} | 1 +
2 files changed, 84 insertions(+)
diff --git a/sys-apps/systemd/files/238-nspawn-wait.patch b/sys-apps/systemd/files/238-nspawn-wait.patch
new file mode 100644
index 00000000000..a740e893345
--- /dev/null
+++ b/sys-apps/systemd/files/238-nspawn-wait.patch
@@ -0,0 +1,83 @@
+From 7511655807e90aa33ea7b71991401a79ec36bb41 Mon Sep 17 00:00:00 2001
+From: Philip Sequeira <phsequei@gmail.com>
+Date: Thu, 5 Apr 2018 14:04:27 +0000
+Subject: [PATCH] nspawn: wait for network namespace creation before interface
+ setup (#8633)
+
+Otherwise, network interfaces can be "moved" into the container's
+namespace while it's still the same as the host namespace, in which case
+e.g. host0 for a veth ends up on the host side instead of inside the
+container.
+
+Regression introduced in 0441378080489e4ab6704cd0a2d78cb1ceaca899.
+
+Fixes #8599.
+---
+ src/nspawn/nspawn.c | 19 +++++++++++++++----
+ 1 file changed, 15 insertions(+), 4 deletions(-)
+
+diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
+index 810f1247ea2..a5bc50c1f4c 100644
+--- a/src/nspawn/nspawn.c
++++ b/src/nspawn/nspawn.c
+@@ -2329,6 +2329,9 @@ static int inner_child(
+ r = unshare(CLONE_NEWNET);
+ if (r < 0)
+ return log_error_errno(errno, "Failed to unshare network namespace: %m");
++
++ /* Tell the parent that it can setup network interfaces. */
++ (void) barrier_place(barrier); /* #3 */
+ }
+
+ r = mount_sysfs(NULL, arg_mount_settings);
+@@ -2337,7 +2340,7 @@ static int inner_child(
+
+ /* Wait until we are cgroup-ified, so that we
+ * can mount the right cgroup path writable */
+- if (!barrier_place_and_sync(barrier)) { /* #3 */
++ if (!barrier_place_and_sync(barrier)) { /* #4 */
+ log_error("Parent died too early");
+ return -ESRCH;
+ }
+@@ -2448,7 +2451,7 @@ static int inner_child(
+ /* Let the parent know that we are ready and
+ * wait until the parent is ready with the
+ * setup, too... */
+- if (!barrier_place_and_sync(barrier)) { /* #4 */
++ if (!barrier_place_and_sync(barrier)) { /* #5 */
+ log_error("Parent died too early");
+ return -ESRCH;
+ }
+@@ -3533,6 +3536,14 @@ static int run(int master,
+
+ if (arg_private_network) {
+
++ if (!arg_network_namespace_path) {
++ /* Wait until the child has unshared its network namespace. */
++ if (!barrier_place_and_sync(&barrier)) { /* #3 */
++ log_error("Child died too early");
++ return -ESRCH;
++ }
++ }
++
+ r = move_network_interfaces(*pid, arg_network_interfaces);
+ if (r < 0)
+ return r;
+@@ -3656,7 +3667,7 @@ static int run(int master,
+ * its setup (including cgroup-ification), and that
+ * the child can now hand over control to the code to
+ * run inside the container. */
+- (void) barrier_place(&barrier); /* #3 */
++ (void) barrier_place(&barrier); /* #4 */
+
+ /* Block SIGCHLD here, before notifying child.
+ * process_pty() will handle it with the other signals. */
+@@ -3684,7 +3695,7 @@ static int run(int master,
+ return r;
+
+ /* Let the child know that we are ready and wait that the child is completely ready now. */
+- if (!barrier_place_and_sync(&barrier)) { /* #4 */
++ if (!barrier_place_and_sync(&barrier)) { /* #5 */
+ log_error("Child died too early.");
+ return -ESRCH;
+ }
diff --git a/sys-apps/systemd/systemd-238-r3.ebuild b/sys-apps/systemd/systemd-238-r4.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-238-r3.ebuild
rename to sys-apps/systemd/systemd-238-r4.ebuild
index b68ed0bf92a..0aca5fbb302 100644
--- a/sys-apps/systemd/systemd-238-r3.ebuild
+++ b/sys-apps/systemd/systemd-238-r4.ebuild
@@ -155,6 +155,7 @@ src_prepare() {
PATCHES+=(
"${FILESDIR}/238-libmount-include.patch"
"${FILESDIR}/238-initctl.patch"
+ "${FILESDIR}/238-nspawn-wait.patch"
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2018-04-01 16:31 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2018-04-01 16:31 UTC (permalink / raw
To: gentoo-commits
commit: d323ea527c3f8e3b3803a39af5fd57254edeaadf
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 1 16:27:04 2018 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Apr 1 16:31:27 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d323ea52
sys-apps/systemd: add initctl patch
Package-Manager: Portage-2.3.24, Repoman-2.3.6_p81
sys-apps/systemd/files/238-initctl.patch | 46 ++++++++++++++++++++++++++++++++
sys-apps/systemd/systemd-238-r3.ebuild | 1 +
2 files changed, 47 insertions(+)
diff --git a/sys-apps/systemd/files/238-initctl.patch b/sys-apps/systemd/files/238-initctl.patch
new file mode 100644
index 00000000000..39991697743
--- /dev/null
+++ b/sys-apps/systemd/files/238-initctl.patch
@@ -0,0 +1,46 @@
+From 4d8c7c1b3a5feebca948a3b8663f5be887b57731 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Fri, 30 Mar 2018 11:00:17 -0400
+Subject: [PATCH] units: initctl: move the fifo to /run/initctl to match
+ sysvinit
+
+The fifo location was moved in sysvinit-2.89.
+
+http://git.savannah.nongnu.org/cgit/sysvinit.git/commit/?id=80dbcf3de3c1b83aeaa713a8fe5b8d35d8649af2
+---
+ units/systemd-initctl.service.in | 2 +-
+ units/systemd-initctl.socket | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/units/systemd-initctl.service.in b/units/systemd-initctl.service.in
+index 6cfed3da11f..2b4b957dce3 100644
+--- a/units/systemd-initctl.service.in
++++ b/units/systemd-initctl.service.in
+@@ -8,7 +8,7 @@
+ # (at your option) any later version.
+
+ [Unit]
+-Description=/dev/initctl Compatibility Daemon
++Description=initctl Compatibility Daemon
+ Documentation=man:systemd-initctl.service(8)
+ DefaultDependencies=no
+
+diff --git a/units/systemd-initctl.socket b/units/systemd-initctl.socket
+index 61f877ba7d2..9d975799081 100644
+--- a/units/systemd-initctl.socket
++++ b/units/systemd-initctl.socket
+@@ -8,12 +8,12 @@
+ # (at your option) any later version.
+
+ [Unit]
+-Description=/dev/initctl Compatibility Named Pipe
++Description=initctl Compatibility Named Pipe
+ Documentation=man:systemd-initctl.service(8)
+ DefaultDependencies=no
+ Before=sockets.target
+
+ [Socket]
+-ListenFIFO=/run/systemd/initctl/fifo
++ListenFIFO=/run/initctl
+ Symlinks=/dev/initctl
+ SocketMode=0600
diff --git a/sys-apps/systemd/systemd-238-r3.ebuild b/sys-apps/systemd/systemd-238-r3.ebuild
index 813d4f96708..b68ed0bf92a 100644
--- a/sys-apps/systemd/systemd-238-r3.ebuild
+++ b/sys-apps/systemd/systemd-238-r3.ebuild
@@ -154,6 +154,7 @@ src_prepare() {
PATCHES+=(
"${FILESDIR}/238-libmount-include.patch"
+ "${FILESDIR}/238-initctl.patch"
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2018-04-01 16:31 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2018-04-01 16:31 UTC (permalink / raw
To: gentoo-commits
commit: 2266f8440e17591fc6a4905a706c74432051854f
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 1 16:31:04 2018 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Apr 1 16:31:27 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2266f844
sys-apps/systemd: remove old
Package-Manager: Portage-2.3.24, Repoman-2.3.6_p81
sys-apps/systemd/Manifest | 5 -
.../files/237-0001-networkctl-display-type.patch | 266 ------------
sys-apps/systemd/metadata.xml | 1 -
sys-apps/systemd/systemd-233-r6.ebuild | 458 ---------------------
sys-apps/systemd/systemd-237-r2.ebuild | 440 --------------------
sys-apps/systemd/systemd-237-r3.ebuild | 442 --------------------
sys-apps/systemd/systemd-238-r1.ebuild | 437 --------------------
7 files changed, 2049 deletions(-)
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index f5ba7882937..42cccb76c59 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,9 +1,4 @@
-DIST systemd-233-man.tar.gz 31386 BLAKE2B e4947e658db3efeec6b5a6adf340d2cc8e8aff2a14db4932720f90c3dc898b1e78595db983948373a2e28191fb3b0aad234f80feb91ee8ae4b607a44038a9cae SHA512 cc5215d3590ffc3c9203a64c14d6adeb0148c421c1396b8c1e43dcb58763b687ce99bdee327dd8a00abab7198171e73b22109a3f2032e4cec6adf2dcc85acf40
-DIST systemd-233-patches.tar.gz 12553 BLAKE2B 5d19f2dc82cc6cbd9b2e9393f932dfa3c88a981358b282fe56d43cd432d0ee0c0245e9c13d5460b94d83908b84a382dad3348b999f2356ab3ef2ae2c542a867d SHA512 3081f4cf64542ba64a28fe2eff11d8040af42255eb99b5210db9d583fc4b4360a4a4bb8769a1e43d38474d69ead681974cb98d4605968b38f98fd3d9b40bf211
-DIST systemd-233.tar.gz 4660737 BLAKE2B 38cdd74543447b3c02391b328428fed169fe2cf2df6e9341dcaf2f7d3d977612ec102301e144c1cada90d61e9e9bda3b2faaef708c8ff4bd0b52b143760a83b2 SHA512 5ad5329ea116d973cf67096f7e7ad28e9ea0905696e9451291f1d25e5064f4a9bfcfae87e912996c6a38397e9f4a148d4ccecfa9b70f7ecdf04deadb61784c8e
DIST systemd-236-patches-2.tar.gz 54737 BLAKE2B bce5f9e234c975a2b6e474ca2a0c2c82e704f02cf19885134dddc5edbd0b7bfb3773d737f88f78ba2ab81093dfceeb44d76ecda99cf2b916072dcdfa84720c19 SHA512 b74ab6944135c938b2d0d2a1dd40ac4cc4ff26d072603d6bfbe4529d808b2e481eb910155895bce14607842ad6d30751aded51654a53f76278becbb5e317b875
DIST systemd-236.tar.gz 6759035 BLAKE2B 0fc26bd67fb6cc3b0565c763fc26e38186c4b05c3d38652b73a2189dfbfb46382dba239f7f6f889eec57ad1d8f69d4098745c8f4ca16a707aa23b7771f2328f3 SHA512 1a9672960e03e05c09e41fb8cfe9b0f25e867fd43f37f8371515ddddfdbd4270afd746a6da733f6d1d3b2cc43db1ecc7a9f2245f2dac2ec233db74e9e70e4f6d
-DIST systemd-237-patches-0.tar.gz 74617 BLAKE2B 52750bb08731e9e694a00fedc1e42beb7c6ad7736d3b6567f2ab094d4356506d10ec11e1c4c62623078d647c3314c71c9f141eb7c8628b610fd8a5e818b90ec6 SHA512 a6db99b330585e57c722bb0e692b0d988d5fbfef60c6cc87efbb7b903e55642c2f03bf6cdc80f15da22d0c41b5051387dac23a2f04238331f235154b17f32d1b
-DIST systemd-237.tar.gz 6871350 BLAKE2B 4734a110a297fbbd6679bced6302fcdca55ab5d4207905e8dee9f5545f1de841d5adeaa4fd89961b9e63709d04b5c862b8bc81481311cf8e72ee327e459c9d91 SHA512 15ef4b92815a6dd9a6c51672dbc00fd7cd0f08068ef0cbeaca574f68d330b28bc67ba1946f24f75ef3d9e7b63843a73eea700db54688061dbf5c9f8470394c3b
DIST systemd-238-patches-0.tar.gz 30019 BLAKE2B 0f393865cd6bcd815c1a6e932c0e5a25e125768d2bdef072d5fa7830b9ea012d0986380a1cdea8e369e1fffe89ea7657e4d55de2bae0d785ae374796a4e7c64b SHA512 f7e6fb7bf3b5cde2717a9e5dcd779a4595d6185d1ecdad8405a075edbb55b32c2573558f6af119ff50ea0df8eacef12ae7ee710fadd269f83db0985d76eb22dc
DIST systemd-238.tar.gz 6954022 BLAKE2B 9b5cc36a7234c0d037a2656ee1e5ed54186a394b8be41771ebc29c903d3efcecf7f13f004a6d1695c022923bd0d540a243e897852f07e810f73fd3163f688dde SHA512 c0f272b022308d3bd94679184e102a8dc85de55310bda205a458ea33c77c7733e5c8c8e5b15f786ba3e0ce59e7c6a9bf0d5a0950517c6b91e0f345950129b9c8
diff --git a/sys-apps/systemd/files/237-0001-networkctl-display-type.patch b/sys-apps/systemd/files/237-0001-networkctl-display-type.patch
deleted file mode 100644
index e29cf2206aa..00000000000
--- a/sys-apps/systemd/files/237-0001-networkctl-display-type.patch
+++ /dev/null
@@ -1,266 +0,0 @@
-From a18461bc7d446f8e130e9276de4397d00059267f Mon Sep 17 00:00:00 2001
-From: "Jason A. Donenfeld" <Jason@zx2c4.com>
-Date: Mon, 29 Jan 2018 20:58:24 +0100
-Subject: [PATCH 1/4] networkd: display wireguard devtype
-
-It's not useful to simply show "none", when we have more interesting
-information to display.
-
-Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
----
- src/network/networkctl.c | 22 +++++++++++++++-------
- 1 file changed, 15 insertions(+), 7 deletions(-)
-
-diff --git a/src/network/networkctl.c b/src/network/networkctl.c
-index 59ce098cd1..6ce00dff6d 100644
---- a/src/network/networkctl.c
-+++ b/src/network/networkctl.c
-@@ -62,18 +62,26 @@ static int link_get_type_string(unsigned short iftype, sd_device *d, char **ret)
-
- assert(ret);
-
-- if (iftype == ARPHRD_ETHER && d) {
-+ if (d) {
- const char *devtype = NULL, *id = NULL;
-+
-+ (void) sd_device_get_devtype(d, &devtype);
-+
- /* WLANs have iftype ARPHRD_ETHER, but we want
- * to show a more useful type string for
- * them */
-+ if (iftype == ARPHRD_ETHER) {
-+ if (streq_ptr(devtype, "wlan"))
-+ id = "wlan";
-+ else if (streq_ptr(devtype, "wwan"))
-+ id = "wwan";
-+ }
-
-- (void) sd_device_get_devtype(d, &devtype);
--
-- if (streq_ptr(devtype, "wlan"))
-- id = "wlan";
-- else if (streq_ptr(devtype, "wwan"))
-- id = "wwan";
-+ /* Likewise, WireGuard has iftype ARPHRD_NONE,
-+ * since it's layer 3, but we of course want
-+ * something more useful than that. */
-+ if (iftype == ARPHRD_NONE && streq_ptr(devtype, "wireguard"))
-+ id = "wireguard";
-
- if (id) {
- p = strdup(id);
-
-From f119082e7a1ccfbf50c30a99819b6e303cdf09a1 Mon Sep 17 00:00:00 2001
-From: "Jason A. Donenfeld" <Jason@zx2c4.com>
-Date: Mon, 29 Jan 2018 21:01:46 +0100
-Subject: [PATCH 2/4] networkd: simplify and display all devtypes
-
-Every place the kernel actually calls SET_NETDEV_DEVTYPE, it's adding a
-piece of information that looks useful and relevant for us to use. So
-let's use it when it's there.
-
-The previous matching based on the corresponding ARPHRD didn't really
-make much sense. The more sensible logic for getting a textual
-representation of the link type is to see if the kernel supplies a
-devtype. If it does, great. If not, then we can fall back on the ARPHRD,
-as before.
-
-Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
----
- src/network/networkctl.c | 23 +++--------------------
- 1 file changed, 3 insertions(+), 20 deletions(-)
-
-diff --git a/src/network/networkctl.c b/src/network/networkctl.c
-index 6ce00dff6d..8a08304240 100644
---- a/src/network/networkctl.c
-+++ b/src/network/networkctl.c
-@@ -63,28 +63,11 @@ static int link_get_type_string(unsigned short iftype, sd_device *d, char **ret)
- assert(ret);
-
- if (d) {
-- const char *devtype = NULL, *id = NULL;
-+ const char *devtype = NULL;
-
- (void) sd_device_get_devtype(d, &devtype);
--
-- /* WLANs have iftype ARPHRD_ETHER, but we want
-- * to show a more useful type string for
-- * them */
-- if (iftype == ARPHRD_ETHER) {
-- if (streq_ptr(devtype, "wlan"))
-- id = "wlan";
-- else if (streq_ptr(devtype, "wwan"))
-- id = "wwan";
-- }
--
-- /* Likewise, WireGuard has iftype ARPHRD_NONE,
-- * since it's layer 3, but we of course want
-- * something more useful than that. */
-- if (iftype == ARPHRD_NONE && streq_ptr(devtype, "wireguard"))
-- id = "wireguard";
--
-- if (id) {
-- p = strdup(id);
-+ if (!isempty(devtype)) {
-+ p = strdup(devtype);
- if (!p)
- return -ENOMEM;
-
-
-From fdce7817b9a27a370c01b7dd9da6a84fcae1038e Mon Sep 17 00:00:00 2001
-From: "Jason A. Donenfeld" <Jason@zx2c4.com>
-Date: Mon, 29 Jan 2018 21:05:36 +0100
-Subject: [PATCH 3/4] networkd: clean up link_get_type_string
-
-The return value is always ignored, so get rid of it.
-
-Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
----
- src/network/networkctl.c | 16 +++++++---------
- 1 file changed, 7 insertions(+), 9 deletions(-)
-
-diff --git a/src/network/networkctl.c b/src/network/networkctl.c
-index 8a08304240..7b33e0db17 100644
---- a/src/network/networkctl.c
-+++ b/src/network/networkctl.c
-@@ -56,7 +56,7 @@ static bool arg_no_pager = false;
- static bool arg_legend = true;
- static bool arg_all = false;
-
--static int link_get_type_string(unsigned short iftype, sd_device *d, char **ret) {
-+static void link_get_type_string(unsigned short iftype, sd_device *d, char **ret) {
- const char *t;
- char *p;
-
-@@ -69,27 +69,25 @@ static int link_get_type_string(unsigned short iftype, sd_device *d, char **ret)
- if (!isempty(devtype)) {
- p = strdup(devtype);
- if (!p)
-- return -ENOMEM;
-+ return;
-
- *ret = p;
-- return 1;
-+ return;
- }
- }
-
- t = arphrd_to_name(iftype);
- if (!t) {
- *ret = NULL;
-- return 0;
-+ return;
- }
-
- p = strdup(t);
- if (!p)
-- return -ENOMEM;
-+ return;
-
- ascii_strlower(p);
- *ret = p;
--
-- return 0;
- }
-
- static void operational_state_to_color(const char *state, const char **on, const char **off) {
-@@ -314,7 +312,7 @@ static int list_links(int argc, char *argv[], void *userdata) {
- xsprintf(devid, "n%i", links[i].ifindex);
- (void) sd_device_new_from_device_id(&d, devid);
-
-- (void) link_get_type_string(links[i].iftype, d, &t);
-+ link_get_type_string(links[i].iftype, d, &t);
-
- printf("%3i %-16s %-18s %s%-11s%s %s%-10s%s\n",
- links[i].ifindex, links[i].name, strna(t),
-@@ -807,7 +805,7 @@ static int link_status_one(
- (void) sd_device_get_property_value(d, "ID_MODEL", &model);
- }
-
-- (void) link_get_type_string(info->iftype, d, &t);
-+ link_get_type_string(info->iftype, d, &t);
-
- (void) sd_network_link_get_network_file(info->ifindex, &network);
-
-
-From b55822c349d3e0559c1efc7475fd0f74cf086453 Mon Sep 17 00:00:00 2001
-From: "Jason A. Donenfeld" <Jason@zx2c4.com>
-Date: Mon, 29 Jan 2018 21:08:39 +0100
-Subject: [PATCH 4/4] networkd: clean up link_get_type_string returns
-
-It's cleaner and more consistent to actually return what we were
-planning on returning.
-
-Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
----
- src/network/networkctl.c | 28 +++++++++-------------------
- 1 file changed, 9 insertions(+), 19 deletions(-)
-
-diff --git a/src/network/networkctl.c b/src/network/networkctl.c
-index 7b33e0db17..14d8ecb03f 100644
---- a/src/network/networkctl.c
-+++ b/src/network/networkctl.c
-@@ -56,38 +56,28 @@ static bool arg_no_pager = false;
- static bool arg_legend = true;
- static bool arg_all = false;
-
--static void link_get_type_string(unsigned short iftype, sd_device *d, char **ret) {
-+static char *link_get_type_string(unsigned short iftype, sd_device *d) {
- const char *t;
- char *p;
-
-- assert(ret);
--
- if (d) {
- const char *devtype = NULL;
-
- (void) sd_device_get_devtype(d, &devtype);
-- if (!isempty(devtype)) {
-- p = strdup(devtype);
-- if (!p)
-- return;
--
-- *ret = p;
-- return;
-- }
-+ if (!isempty(devtype))
-+ return strdup(devtype);
- }
-
- t = arphrd_to_name(iftype);
-- if (!t) {
-- *ret = NULL;
-- return;
-- }
-+ if (!t)
-+ return NULL;
-
- p = strdup(t);
- if (!p)
-- return;
-+ return NULL;
-
- ascii_strlower(p);
-- *ret = p;
-+ return p;
- }
-
- static void operational_state_to_color(const char *state, const char **on, const char **off) {
-@@ -312,7 +302,7 @@ static int list_links(int argc, char *argv[], void *userdata) {
- xsprintf(devid, "n%i", links[i].ifindex);
- (void) sd_device_new_from_device_id(&d, devid);
-
-- link_get_type_string(links[i].iftype, d, &t);
-+ t = link_get_type_string(links[i].iftype, d);
-
- printf("%3i %-16s %-18s %s%-11s%s %s%-10s%s\n",
- links[i].ifindex, links[i].name, strna(t),
-@@ -805,7 +795,7 @@ static int link_status_one(
- (void) sd_device_get_property_value(d, "ID_MODEL", &model);
- }
-
-- link_get_type_string(info->iftype, d, &t);
-+ t = link_get_type_string(info->iftype, d);
-
- (void) sd_network_link_get_network_file(info->ifindex, &network);
-
diff --git a/sys-apps/systemd/metadata.xml b/sys-apps/systemd/metadata.xml
index c0dbc0de012..d2004bef107 100644
--- a/sys-apps/systemd/metadata.xml
+++ b/sys-apps/systemd/metadata.xml
@@ -13,7 +13,6 @@
<flag name="audit">Enable support for <pkg>sys-process/audit</pkg></flag>
<flag name="curl">Enable support for uploading journals</flag>
<flag name="cryptsetup">Enable cryptsetup tools (includes unit generator for crypttab)</flag>
- <flag name="doc">Generate systemd.index.7 and systemd.directives.7</flag>
<flag name="gnuefi">Enable EFI boot manager and stub loader (built using <pkg>sys-boot/gnu-efi</pkg>)</flag>
<flag name="elfutils">Enable coredump stacktraces in the journal</flag>
<flag name="gcrypt">Enable sealing of journal files using gcrypt</flag>
diff --git a/sys-apps/systemd/systemd-233-r6.ebuild b/sys-apps/systemd/systemd-233-r6.ebuild
deleted file mode 100644
index 307333c182d..00000000000
--- a/sys-apps/systemd/systemd-233-r6.ebuild
+++ /dev/null
@@ -1,458 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-if [[ ${PV} == 9999 ]]; then
- EGIT_REPO_URI="https://github.com/systemd/systemd.git"
- inherit git-r3
-else
- SRC_URI="https://github.com/systemd/systemd/archive/v${PV}.tar.gz -> ${P}.tar.gz
- https://dev.gentoo.org/~floppym/dist/${P}-patches.tar.gz
- !doc? ( https://dev.gentoo.org/~floppym/dist/${P}-man.tar.gz )"
- KEYWORDS="alpha amd64 arm ~arm64 ia64 ppc ppc64 ~sparc x86"
-fi
-
-PYTHON_COMPAT=( python{3_4,3_5,3_6} )
-
-inherit autotools bash-completion-r1 linux-info multilib-minimal pam python-any-r1 systemd toolchain-funcs udev user
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit build cryptsetup curl doc elfutils +gcrypt gnuefi http
- idn importd +kmod +lz4 lzma nat pam policykit
- qrcode +seccomp selinux ssl sysv-utils test vanilla xkb"
-
-REQUIRED_USE="importd? ( curl gcrypt lzma )"
-
-MINKV="3.11"
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.27.1:0=[${MULTILIB_USEDEP}]
- sys-libs/libcap:0=[${MULTILIB_USEDEP}]
- !<sys-libs/glibc-2.16
- acl? ( sys-apps/acl:0= )
- apparmor? ( sys-libs/libapparmor:0= )
- audit? ( >=sys-process/audit-2:0= )
- cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
- curl? ( net-misc/curl:0= )
- elfutils? ( >=dev-libs/elfutils-0.158:0= )
- gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
- http? (
- >=net-libs/libmicrohttpd-0.9.33:0=
- ssl? ( >=net-libs/gnutls-3.1.4:0= )
- )
- idn? ( net-dns/libidn:0= )
- importd? (
- app-arch/bzip2:0=
- sys-libs/zlib:0=
- )
- kmod? ( >=sys-apps/kmod-15:0= )
- lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
- lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
- nat? ( net-firewall/iptables:0= )
- pam? ( virtual/pam:=[${MULTILIB_USEDEP}] )
- qrcode? ( media-gfx/qrencode:0= )
- seccomp? ( >=sys-libs/libseccomp-2.3.1:0= )
- selinux? ( sys-libs/libselinux:0= )
- xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
- abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
- >=sys-apps/baselayout-2.2
- selinux? ( sec-policy/selinux-base-policy[systemd] )
- sysv-utils? ( !sys-apps/sysvinit )
- !sysv-utils? ( sys-apps/sysvinit )
- !build? ( || (
- sys-apps/util-linux[kill(-)]
- sys-process/procps[kill(+)]
- sys-apps/coreutils[kill(-)]
- ) )
- !sys-auth/nss-myhostname
- !<sys-kernel/dracut-044
- !sys-fs/eudev
- !sys-fs/udev"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
- >=sys-apps/hwids-20150417[udev]
- >=sys-fs/udev-init-scripts-25
- policykit? ( sys-auth/polkit )
- !vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
- app-arch/xz-utils:0
- dev-util/gperf
- >=dev-util/intltool-0.50
- >=sys-apps/coreutils-8.16
- >=sys-kernel/linux-headers-${MINKV}
- virtual/pkgconfig
- gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
- test? ( sys-apps/dbus )
- app-text/docbook-xml-dtd:4.2
- app-text/docbook-xml-dtd:4.5
- app-text/docbook-xsl-stylesheets
- dev-libs/libxslt:0
- doc? ( $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') )
-"
-
-python_check_deps() {
- has_version --host-root "dev-python/lxml[${PYTHON_USEDEP}]"
-}
-
-pkg_pretend() {
- if [[ ${MERGE_TYPE} != buildonly ]]; then
- local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
- ~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
- ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
- ~TIMERFD ~TMPFS_XATTR ~UNIX
- ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
- ~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
- ~!SYSFS_DEPRECATED_V2"
-
- use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
- use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
- kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
- kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
-
- if linux_config_exists; then
- local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
- if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
- ewarn "It's recommended to set an empty value to the following kernel config option:"
- ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
- fi
- if linux_chkconfig_present X86; then
- CONFIG_CHECK+=" ~DMIID"
- fi
- fi
-
- if kernel_is -lt ${MINKV//./ }; then
- ewarn "Kernel version at least ${MINKV} required"
- fi
-
- check_extra_config
- fi
-}
-
-pkg_setup() {
- :
-}
-
-src_unpack() {
- default
- [[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
- # Bug 463376
- sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
-
- local PATCHES=(
- "${FILESDIR}/CVE-2017-15908.patch"
- )
-
- if ! use vanilla; then
- PATCHES+=(
- "${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
- "${FILESDIR}/gentoo-noclean-tmp.patch"
- "${FILESDIR}/gentoo-systemd-user-pam.patch"
- )
- fi
-
- [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
- default
-
- eautoreconf
-}
-
-src_configure() {
- # Keep using the one where the rules were installed.
- MY_UDEVDIR=$(get_udevdir)
- # Fix systems broken by bug #509454.
- [[ ${MY_UDEVDIR} ]] || MY_UDEVDIR=/lib/udev
-
- # Prevent conflicts with i686 cross toolchain, bug 559726
- tc-export AR CC NM OBJCOPY RANLIB
-
- use doc && python_setup
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myeconfargs=(
- # disable -flto since it is an optimization flag
- # and makes distcc less effective
- cc_cv_CFLAGS__flto=no
- # disable -fuse-ld=gold since Gentoo supports explicit linker
- # choice and forcing gold is undesired, #539998
- # ld.gold may collide with user's LDFLAGS, #545168
- # ld.gold breaks sparc, #573874
- cc_cv_LDFLAGS__Wl__fuse_ld_gold=no
-
- # Workaround for gcc-4.7, bug 554454.
- cc_cv_CFLAGS__Werror_shadow=no
-
- # Workaround for bug 516346
- --enable-dependency-tracking
-
- --disable-maintainer-mode
- --localstatedir=/var
- --with-pamlibdir=$(getpam_mod_dir)
- # avoid bash-completion dep
- --with-bashcompletiondir="$(get_bashcompdir)"
- # make sure we get /bin:/sbin in $PATH
- --enable-split-usr
- # For testing.
- --with-rootprefix="${ROOTPREFIX-/usr}"
- --with-rootlibdir="${ROOTPREFIX-/usr}/$(get_libdir)"
- # disable sysv compatibility
- --with-sysvinit-path=
- --with-sysvrcnd-path=
- # no deps
- --enable-efi
- --enable-ima
-
- # Optional components/dependencies
- $(multilib_native_use_enable acl)
- $(multilib_native_use_enable apparmor)
- $(multilib_native_use_enable audit)
- $(multilib_native_use_enable cryptsetup libcryptsetup)
- $(multilib_native_use_enable curl libcurl)
- $(multilib_native_use_enable elfutils)
- $(use_enable gcrypt)
- $(multilib_native_use_enable gnuefi)
- --with-efi-libdir="/usr/$(get_libdir)"
- $(multilib_native_use_enable http microhttpd)
- $(usex http $(multilib_native_use_enable ssl gnutls) --disable-gnutls)
- $(multilib_native_use_enable idn libidn)
- $(multilib_native_use_enable importd)
- $(multilib_native_use_enable importd bzip2)
- $(multilib_native_use_enable importd zlib)
- $(multilib_native_use_enable kmod)
- $(use_enable lz4)
- $(use_enable lzma xz)
- $(multilib_native_use_enable nat libiptc)
- $(use_enable pam)
- $(multilib_native_use_enable policykit polkit)
- $(multilib_native_use_enable qrcode qrencode)
- $(multilib_native_use_enable seccomp)
- $(multilib_native_use_enable selinux)
- $(multilib_native_use_enable test tests)
- $(multilib_native_use_enable test dbus)
- $(multilib_native_use_enable xkb xkbcommon)
- $(multilib_native_use_with doc python)
-
- # hardcode a few paths to spare some deps
- KILL=/bin/kill
- QUOTAON=/usr/sbin/quotaon
- QUOTACHECK=/usr/sbin/quotacheck
-
- # TODO: we may need to restrict this to gcc
- EFI_CC="$(tc-getCC)"
-
- # dbus paths
- --with-dbuspolicydir="${EPREFIX}/etc/dbus-1/system.d"
- --with-dbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services"
- --with-dbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services"
-
- --with-ntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
-
- # Breaks screen, tmux, etc.
- --without-kill-user-processes
- )
-
- # Work around bug 463846.
- tc-export CC
-
- ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
- local mymakeopts=(
- udevlibexecdir="${MY_UDEVDIR}"
- )
-
- if multilib_is_native_abi; then
- emake "${mymakeopts[@]}"
- else
- emake built-sources
- local targets=(
- '$(rootlib_LTLIBRARIES)'
- '$(lib_LTLIBRARIES)'
- '$(pamlib_LTLIBRARIES)'
- '$(pkgconfiglib_DATA)'
- )
- echo "gentoo: ${targets[*]}" | emake "${mymakeopts[@]}" -f Makefile -f - gentoo
- fi
-}
-
-multilib_src_test() {
- multilib_is_native_abi || return 0
- default
-}
-
-multilib_src_install() {
- local mymakeopts=(
- # automake fails with parallel libtool relinking
- # https://bugs.gentoo.org/show_bug.cgi?id=491398
- -j1
-
- udevlibexecdir="${MY_UDEVDIR}"
- dist_udevhwdb_DATA=
- DESTDIR="${D}"
- )
-
- if multilib_is_native_abi; then
- emake "${mymakeopts[@]}" install
- else
- mymakeopts+=(
- install-rootlibLTLIBRARIES
- install-libLTLIBRARIES
- install-pamlibLTLIBRARIES
- install-pkgconfiglibDATA
- install-includeHEADERS
- install-pkgincludeHEADERS
- )
-
- emake "${mymakeopts[@]}"
- fi
-}
-
-multilib_src_install_all() {
- prune_libtool_files --modules
- einstalldocs
- dodoc "${FILESDIR}"/nsswitch.conf
-
- if [[ ${PV} != 9999 ]]; then
- use doc || doman "${WORKDIR}"/man/systemd.{directives,index}.7
- fi
-
- if use sysv-utils; then
- for app in halt poweroff reboot runlevel shutdown telinit; do
- dosym "..${ROOTPREFIX-/usr}/bin/systemctl" /sbin/${app}
- done
- dosym "..${ROOTPREFIX-/usr}/lib/systemd/systemd" /sbin/init
- else
- # we just keep sysvinit tools, so no need for the mans
- rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
- || die
- rm "${D}"/usr/share/man/man1/init.1 || die
- fi
-
- # Preserve empty dirs in /etc & /var, bug #437008
- keepdir /etc/binfmt.d /etc/modules-load.d /etc/tmpfiles.d \
- /etc/systemd/ntp-units.d /etc/systemd/user /var/lib/systemd \
- /var/log/journal/remote
-
- # Symlink /etc/sysctl.conf for easy migration.
- dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
-
- # If we install these symlinks, there is no way for the sysadmin to remove them
- # permanently.
- rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
- rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.network1.service || die
- rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
- rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.resolve1.service || die
- rm -fr "${ED%/}"/etc/systemd/system/network-online.target.wants || die
- rm -fr "${ED%/}"/etc/systemd/system/sockets.target.wants || die
- rm -fr "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
-}
-
-migrate_locale() {
- local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
- local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
- local locale_conf="${EROOT%/}/etc/locale.conf"
-
- if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
- # If locale.conf does not exist...
- if [[ -e ${envd_locale} ]]; then
- # ...either copy env.d/??locale if there's one
- ebegin "Moving ${envd_locale} to ${locale_conf}"
- mv "${envd_locale}" "${locale_conf}"
- eend ${?} || FAIL=1
- else
- # ...or create a dummy default
- ebegin "Creating ${locale_conf}"
- cat > "${locale_conf}" <<-EOF
- # This file has been created by the sys-apps/systemd ebuild.
- # See locale.conf(5) and localectl(1).
-
- # LANG=${LANG}
- EOF
- eend ${?} || FAIL=1
- fi
- fi
-
- if [[ ! -L ${envd_locale} ]]; then
- # now, if env.d/??locale is not a symlink (to locale.conf)...
- if [[ -e ${envd_locale} ]]; then
- # ...warn the user that he has duplicate locale settings
- ewarn
- ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
- ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
- ewarn "and create the symlink with the following command:"
- ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
- ewarn
- else
- # ...or just create the symlink if there's nothing here
- ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
- ln -n -s ../locale.conf "${envd_locale_def}"
- eend ${?} || FAIL=1
- fi
- fi
-}
-
-pkg_postinst() {
- newusergroup() {
- enewgroup "$1"
- enewuser "$1" -1 -1 -1 "$1"
- }
-
- enewgroup input
- enewgroup systemd-journal
- newusergroup systemd-bus-proxy
- newusergroup systemd-coredump
- newusergroup systemd-journal-gateway
- newusergroup systemd-journal-remote
- newusergroup systemd-journal-upload
- newusergroup systemd-network
- newusergroup systemd-resolve
- newusergroup systemd-timesync
-
- systemd_update_catalog
-
- # Keep this here in case the database format changes so it gets updated
- # when required. Despite that this file is owned by sys-apps/hwids.
- if has_version "sys-apps/hwids[udev]"; then
- udevadm hwdb --update --root="${ROOT%/}"
- fi
-
- udev_reload || FAIL=1
-
- # Bug 465468, make sure locales are respect, and ensure consistency
- # between OpenRC & systemd
- migrate_locale
-
- systemd_reenable systemd-networkd.service systemd-resolved.service
-
- if [[ ${FAIL} ]]; then
- eerror "One of the postinst commands failed. Please check the postinst output"
- eerror "for errors. You may need to clean up your system and/or try installing"
- eerror "systemd again."
- eerror
- fi
-}
-
-pkg_prerm() {
- # If removing systemd completely, remove the catalog database.
- if [[ ! ${REPLACED_BY_VERSION} ]]; then
- rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
- fi
-}
diff --git a/sys-apps/systemd/systemd-237-r2.ebuild b/sys-apps/systemd/systemd-237-r2.ebuild
deleted file mode 100644
index 06b717f4da4..00000000000
--- a/sys-apps/systemd/systemd-237-r2.ebuild
+++ /dev/null
@@ -1,440 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-if [[ ${PV} == 9999 ]]; then
- EGIT_REPO_URI="https://github.com/systemd/systemd.git"
- inherit git-r3
-else
- SRC_URI="https://github.com/systemd/systemd/archive/v${PV}/${P}.tar.gz"
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~x86"
-fi
-
-PYTHON_COMPAT=( python{3_4,3_5,3_6} )
-
-inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev user
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi http idn importd +kmod libidn2 +lz4 lzma nat pam pcre policykit qrcode +seccomp selinux ssl +sysv-utils test usrmerge vanilla xkb"
-
-REQUIRED_USE="importd? ( curl gcrypt lzma )"
-RESTRICT="!test? ( test )"
-
-MINKV="3.11"
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
- sys-libs/libcap:0=[${MULTILIB_USEDEP}]
- !<sys-libs/glibc-2.16
- acl? ( sys-apps/acl:0= )
- apparmor? ( sys-libs/libapparmor:0= )
- audit? ( >=sys-process/audit-2:0= )
- cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
- curl? ( net-misc/curl:0= )
- elfutils? ( >=dev-libs/elfutils-0.158:0= )
- gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
- http? (
- >=net-libs/libmicrohttpd-0.9.33:0=
- ssl? ( >=net-libs/gnutls-3.1.4:0= )
- )
- idn? (
- libidn2? ( net-dns/libidn2 )
- !libidn2? ( net-dns/libidn )
- )
- importd? (
- app-arch/bzip2:0=
- sys-libs/zlib:0=
- )
- kmod? ( >=sys-apps/kmod-15:0= )
- lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
- lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
- nat? ( net-firewall/iptables:0= )
- pam? ( virtual/pam:=[${MULTILIB_USEDEP}] )
- pcre? ( dev-libs/libpcre2 )
- qrcode? ( media-gfx/qrencode:0= )
- seccomp? ( >=sys-libs/libseccomp-2.3.1:0= )
- selinux? ( sys-libs/libselinux:0= )
- xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
- abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
- >=sys-apps/baselayout-2.2
- selinux? ( sec-policy/selinux-base-policy[systemd] )
- sysv-utils? ( !sys-apps/sysvinit )
- !sysv-utils? ( sys-apps/sysvinit )
- !build? ( || (
- sys-apps/util-linux[kill(-)]
- sys-process/procps[kill(+)]
- sys-apps/coreutils[kill(-)]
- ) )
- !sys-auth/nss-myhostname
- !<sys-kernel/dracut-044
- !sys-fs/eudev
- !sys-fs/udev"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
- >=sys-apps/hwids-20150417[udev]
- >=sys-fs/udev-init-scripts-25
- policykit? ( sys-auth/polkit )
- !vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
- app-arch/xz-utils:0
- dev-util/gperf
- >=dev-util/intltool-0.50
- >=sys-apps/coreutils-8.16
- >=sys-kernel/linux-headers-${MINKV}
- virtual/pkgconfig
- gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
- test? ( sys-apps/dbus )
- app-text/docbook-xml-dtd:4.2
- app-text/docbook-xml-dtd:4.5
- app-text/docbook-xsl-stylesheets
- dev-libs/libxslt:0
- $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
-"
-
-pkg_pretend() {
- if [[ ${MERGE_TYPE} != buildonly ]]; then
- local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
- ~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
- ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
- ~TIMERFD ~TMPFS_XATTR ~UNIX
- ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
- ~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
- ~!SYSFS_DEPRECATED_V2"
-
- use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
- use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
- kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
- kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
- kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
-
- if linux_config_exists; then
- local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
- if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
- ewarn "It's recommended to set an empty value to the following kernel config option:"
- ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
- fi
- if linux_chkconfig_present X86; then
- CONFIG_CHECK+=" ~DMIID"
- fi
- fi
-
- if kernel_is -lt ${MINKV//./ }; then
- ewarn "Kernel version at least ${MINKV} required"
- fi
-
- check_extra_config
- fi
-}
-
-pkg_setup() {
- :
-}
-
-src_unpack() {
- default
- [[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
- local PATCHES=(
- "${FILESDIR}/237-0001-networkctl-display-type.patch"
- )
-
- [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
- if ! use vanilla; then
- PATCHES+=(
- "${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
- "${FILESDIR}/gentoo-systemd-user-pam.patch"
- "${FILESDIR}/gentoo-uucp-group-r1.patch"
- "${FILESDIR}/gentoo-generator-path.patch"
- )
- fi
-
- default
-}
-
-src_configure() {
- # Prevent conflicts with i686 cross toolchain, bug 559726
- tc-export AR CC NM OBJCOPY RANLIB
-
- python_setup
-
- multilib-minimal_src_configure
-}
-
-meson_use() {
- usex "$1" true false
-}
-
-meson_multilib() {
- if multilib_is_native_abi; then
- echo true
- else
- echo false
- fi
-}
-
-meson_multilib_native_use() {
- if multilib_is_native_abi && use "$1"; then
- echo true
- else
- echo false
- fi
-}
-
-multilib_src_configure() {
- local myconf=(
- --localstatedir="${EPREFIX}/var"
- -Dpamlibdir="$(getpam_mod_dir)"
- # avoid bash-completion dep
- -Dbashcompletiondir="$(get_bashcompdir)"
- # make sure we get /bin:/sbin in PATH
- -Dsplit-usr=$(usex usrmerge false true)
- -Drootprefix="$(usex usrmerge "${EPREFIX}/usr" "${EPREFIX:-/}")"
- -Dsysvinit-path=
- -Dsysvrcnd-path=
- # Avoid infinite exec recursion, bug 642724
- -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
- # no deps
- -Defi=$(meson_multilib)
- -Dima=true
- # Optional components/dependencies
- -Dacl=$(meson_multilib_native_use acl)
- -Dapparmor=$(meson_multilib_native_use apparmor)
- -Daudit=$(meson_multilib_native_use audit)
- -Dlibcryptsetup=$(meson_multilib_native_use cryptsetup)
- -Dlibcurl=$(meson_multilib_native_use curl)
- -Delfutils=$(meson_multilib_native_use elfutils)
- -Dgcrypt=$(meson_use gcrypt)
- -Dgnu-efi=$(meson_multilib_native_use gnuefi)
- -Defi-libdir="${EPREFIX}/usr/$(get_libdir)"
- -Dmicrohttpd=$(meson_multilib_native_use http)
- $(usex http -Dgnutls=$(meson_multilib_native_use ssl) -Dgnutls=false)
- -Dimportd=$(meson_multilib_native_use importd)
- -Dbzip2=$(meson_multilib_native_use importd)
- -Dzlib=$(meson_multilib_native_use importd)
- -Dkmod=$(meson_multilib_native_use kmod)
- -Dlz4=$(meson_use lz4)
- -Dxz=$(meson_use lzma)
- -Dlibiptc=$(meson_multilib_native_use nat)
- -Dpam=$(meson_use pam)
- -Dpcre2=$(meson_multilib_native_use pcre)
- -Dpolkit=$(meson_multilib_native_use policykit)
- -Dqrencode=$(meson_multilib_native_use qrcode)
- -Dseccomp=$(meson_multilib_native_use seccomp)
- -Dselinux=$(meson_multilib_native_use selinux)
- #-Dtests=$(meson_multilib_native_use test)
- -Ddbus=$(meson_multilib_native_use test)
- -Dxkbcommon=$(meson_multilib_native_use xkb)
- # hardcode a few paths to spare some deps
- -Dkill-path=/bin/kill
- -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
- # Breaks screen, tmux, etc.
- -Ddefault-kill-user-processes=false
-
- # multilib options
- -Dbacklight=$(meson_multilib)
- -Dbinfmt=$(meson_multilib)
- -Dcoredump=$(meson_multilib)
- -Denvironment-d=$(meson_multilib)
- -Dfirstboot=$(meson_multilib)
- -Dhibernate=$(meson_multilib)
- -Dhostnamed=$(meson_multilib)
- -Dhwdb=$(meson_multilib)
- -Dldconfig=$(meson_multilib)
- -Dlocaled=$(meson_multilib)
- -Dman=$(meson_multilib)
- -Dnetworkd=$(meson_multilib)
- -Dquotacheck=$(meson_multilib)
- -Drandomseed=$(meson_multilib)
- -Drfkill=$(meson_multilib)
- -Dsysusers=$(meson_multilib)
- -Dtimedated=$(meson_multilib)
- -Dtimesyncd=$(meson_multilib)
- -Dtmpfiles=$(meson_multilib)
- -Dvconsole=$(meson_multilib)
- )
-
- if multilib_is_native_abi && use idn; then
- myconf+=(
- -Dlibidn2=$(usex libidn2 true false)
- -Dlibidn=$(usex libidn2 false true)
- )
- else
- myconf+=(
- -Dlibidn2=false
- -Dlibidn=false
- )
- fi
-
- meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_compile() {
- eninja
-}
-
-multilib_src_test() {
- eninja test
-}
-
-multilib_src_install() {
- DESTDIR="${D}" eninja install
-}
-
-multilib_src_install_all() {
- # meson doesn't know about docdir
- mv "${ED%/}"/usr/share/doc/{systemd,${PF}} || die
-
- einstalldocs
- dodoc "${FILESDIR}"/nsswitch.conf
-
- if use sysv-utils; then
- local app
- for app in halt poweroff reboot runlevel shutdown telinit; do
- dosym ../bin/systemctl /sbin/${app}
- done
- dosym ../lib/systemd/systemd /sbin/init
- else
- # we just keep sysvinit tools, so no need for the mans
- rm "${ED%/}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
- || die
- rm "${ED%/}"/usr/share/man/man1/init.1 || die
- fi
-
- # Preserve empty dirs in /etc & /var, bug #437008
- keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
- keepdir /etc/systemd/{ntp-units.d,user} /var/lib/systemd
- keepdir /etc/udev/{hwdb.d,rules.d}
- keepdir /var/log/journal/remote
-
- # Symlink /etc/sysctl.conf for easy migration.
- dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
-
- # If we install these symlinks, there is no way for the sysadmin to remove them
- # permanently.
- rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
- rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.network1.service || die
- rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
- rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.resolve1.service || die
- rm -fr "${ED%/}"/etc/systemd/system/network-online.target.wants || die
- rm -fr "${ED%/}"/etc/systemd/system/sockets.target.wants || die
- rm -fr "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
-
- local udevdir=/lib/udev
- use usrmerge && udevdir=/usr/lib/udev
-
- rm -r "${ED%/}${udevdir}/hwdb.d" || die
-
- if ! use usrmerge; then
- # Avoid breaking boot/reboot
- dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
- dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
- fi
-}
-
-migrate_locale() {
- local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
- local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
- local locale_conf="${EROOT%/}/etc/locale.conf"
-
- if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
- # If locale.conf does not exist...
- if [[ -e ${envd_locale} ]]; then
- # ...either copy env.d/??locale if there's one
- ebegin "Moving ${envd_locale} to ${locale_conf}"
- mv "${envd_locale}" "${locale_conf}"
- eend ${?} || FAIL=1
- else
- # ...or create a dummy default
- ebegin "Creating ${locale_conf}"
- cat > "${locale_conf}" <<-EOF
- # This file has been created by the sys-apps/systemd ebuild.
- # See locale.conf(5) and localectl(1).
-
- # LANG=${LANG}
- EOF
- eend ${?} || FAIL=1
- fi
- fi
-
- if [[ ! -L ${envd_locale} ]]; then
- # now, if env.d/??locale is not a symlink (to locale.conf)...
- if [[ -e ${envd_locale} ]]; then
- # ...warn the user that he has duplicate locale settings
- ewarn
- ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
- ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
- ewarn "and create the symlink with the following command:"
- ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
- ewarn
- else
- # ...or just create the symlink if there's nothing here
- ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
- ln -n -s ../locale.conf "${envd_locale_def}"
- eend ${?} || FAIL=1
- fi
- fi
-}
-
-pkg_postinst() {
- newusergroup() {
- enewgroup "$1"
- enewuser "$1" -1 -1 -1 "$1"
- }
-
- enewgroup input
- enewgroup kvm 78
- enewgroup render
- enewgroup systemd-journal
- newusergroup systemd-bus-proxy
- newusergroup systemd-coredump
- newusergroup systemd-journal-gateway
- newusergroup systemd-journal-remote
- newusergroup systemd-journal-upload
- newusergroup systemd-network
- newusergroup systemd-resolve
- newusergroup systemd-timesync
-
- systemd_update_catalog
-
- # Keep this here in case the database format changes so it gets updated
- # when required. Despite that this file is owned by sys-apps/hwids.
- if has_version "sys-apps/hwids[udev]"; then
- udevadm hwdb --update --root="${EROOT%/}"
- fi
-
- udev_reload || FAIL=1
-
- # Bug 465468, make sure locales are respect, and ensure consistency
- # between OpenRC & systemd
- migrate_locale
-
- systemd_reenable systemd-networkd.service systemd-resolved.service
-
- if [[ ${FAIL} ]]; then
- eerror "One of the postinst commands failed. Please check the postinst output"
- eerror "for errors. You may need to clean up your system and/or try installing"
- eerror "systemd again."
- eerror
- fi
-}
-
-pkg_prerm() {
- # If removing systemd completely, remove the catalog database.
- if [[ ! ${REPLACED_BY_VERSION} ]]; then
- rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
- fi
-}
diff --git a/sys-apps/systemd/systemd-237-r3.ebuild b/sys-apps/systemd/systemd-237-r3.ebuild
deleted file mode 100644
index d0254ee71db..00000000000
--- a/sys-apps/systemd/systemd-237-r3.ebuild
+++ /dev/null
@@ -1,442 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-if [[ ${PV} == 9999 ]]; then
- EGIT_REPO_URI="https://github.com/systemd/systemd.git"
- inherit git-r3
-else
- SRC_URI="https://github.com/systemd/systemd/archive/v${PV}/${P}.tar.gz
- https://dev.gentoo.org/~floppym/dist/${P}-patches-0.tar.gz"
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~x86"
-fi
-
-PYTHON_COMPAT=( python{3_4,3_5,3_6} )
-
-inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev user
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi http idn importd +kmod libidn2 +lz4 lzma nat pam pcre policykit qrcode +seccomp selinux ssl +sysv-utils test usrmerge vanilla xkb"
-
-REQUIRED_USE="importd? ( curl gcrypt lzma )"
-RESTRICT="!test? ( test )"
-
-MINKV="3.11"
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
- sys-libs/libcap:0=[${MULTILIB_USEDEP}]
- !<sys-libs/glibc-2.16
- acl? ( sys-apps/acl:0= )
- apparmor? ( sys-libs/libapparmor:0= )
- audit? ( >=sys-process/audit-2:0= )
- cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
- curl? ( net-misc/curl:0= )
- elfutils? ( >=dev-libs/elfutils-0.158:0= )
- gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
- http? (
- >=net-libs/libmicrohttpd-0.9.33:0=
- ssl? ( >=net-libs/gnutls-3.1.4:0= )
- )
- idn? (
- libidn2? ( net-dns/libidn2 )
- !libidn2? ( net-dns/libidn )
- )
- importd? (
- app-arch/bzip2:0=
- sys-libs/zlib:0=
- )
- kmod? ( >=sys-apps/kmod-15:0= )
- lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
- lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
- nat? ( net-firewall/iptables:0= )
- pam? ( virtual/pam:=[${MULTILIB_USEDEP}] )
- pcre? ( dev-libs/libpcre2 )
- qrcode? ( media-gfx/qrencode:0= )
- seccomp? ( >=sys-libs/libseccomp-2.3.1:0= )
- selinux? ( sys-libs/libselinux:0= )
- xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
- abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
- >=sys-apps/baselayout-2.2
- selinux? ( sec-policy/selinux-base-policy[systemd] )
- sysv-utils? ( !sys-apps/sysvinit )
- !sysv-utils? ( sys-apps/sysvinit )
- !build? ( || (
- sys-apps/util-linux[kill(-)]
- sys-process/procps[kill(+)]
- sys-apps/coreutils[kill(-)]
- ) )
- !sys-auth/nss-myhostname
- !<sys-kernel/dracut-044
- !sys-fs/eudev
- !sys-fs/udev"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
- >=sys-apps/hwids-20150417[udev]
- >=sys-fs/udev-init-scripts-25
- policykit? ( sys-auth/polkit )
- !vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
- app-arch/xz-utils:0
- dev-util/gperf
- >=dev-util/intltool-0.50
- >=sys-apps/coreutils-8.16
- >=sys-kernel/linux-headers-${MINKV}
- virtual/pkgconfig
- gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
- test? ( sys-apps/dbus )
- app-text/docbook-xml-dtd:4.2
- app-text/docbook-xml-dtd:4.5
- app-text/docbook-xsl-stylesheets
- dev-libs/libxslt:0
- $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
-"
-
-pkg_pretend() {
- if [[ ${MERGE_TYPE} != buildonly ]]; then
- local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
- ~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
- ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
- ~TIMERFD ~TMPFS_XATTR ~UNIX
- ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
- ~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
- ~!SYSFS_DEPRECATED_V2"
-
- use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
- use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
- kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
- kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
- kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
-
- if linux_config_exists; then
- local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
- if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
- ewarn "It's recommended to set an empty value to the following kernel config option:"
- ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
- fi
- if linux_chkconfig_present X86; then
- CONFIG_CHECK+=" ~DMIID"
- fi
- fi
-
- if kernel_is -lt ${MINKV//./ }; then
- ewarn "Kernel version at least ${MINKV} required"
- fi
-
- check_extra_config
- fi
-}
-
-pkg_setup() {
- :
-}
-
-src_unpack() {
- default
- [[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
- local PATCHES=(
- "${FILESDIR}/237-0001-networkctl-display-type.patch"
- "${FILESDIR}/238-libmount-include.patch"
- )
-
- [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
- if ! use vanilla; then
- PATCHES+=(
- "${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
- "${FILESDIR}/gentoo-systemd-user-pam.patch"
- "${FILESDIR}/gentoo-uucp-group-r1.patch"
- "${FILESDIR}/gentoo-generator-path.patch"
- )
- fi
-
- default
-}
-
-src_configure() {
- # Prevent conflicts with i686 cross toolchain, bug 559726
- tc-export AR CC NM OBJCOPY RANLIB
-
- python_setup
-
- multilib-minimal_src_configure
-}
-
-meson_use() {
- usex "$1" true false
-}
-
-meson_multilib() {
- if multilib_is_native_abi; then
- echo true
- else
- echo false
- fi
-}
-
-meson_multilib_native_use() {
- if multilib_is_native_abi && use "$1"; then
- echo true
- else
- echo false
- fi
-}
-
-multilib_src_configure() {
- local myconf=(
- --localstatedir="${EPREFIX}/var"
- -Dpamlibdir="$(getpam_mod_dir)"
- # avoid bash-completion dep
- -Dbashcompletiondir="$(get_bashcompdir)"
- # make sure we get /bin:/sbin in PATH
- -Dsplit-usr=$(usex usrmerge false true)
- -Drootprefix="$(usex usrmerge "${EPREFIX}/usr" "${EPREFIX:-/}")"
- -Dsysvinit-path=
- -Dsysvrcnd-path=
- # Avoid infinite exec recursion, bug 642724
- -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
- # no deps
- -Defi=$(meson_multilib)
- -Dima=true
- # Optional components/dependencies
- -Dacl=$(meson_multilib_native_use acl)
- -Dapparmor=$(meson_multilib_native_use apparmor)
- -Daudit=$(meson_multilib_native_use audit)
- -Dlibcryptsetup=$(meson_multilib_native_use cryptsetup)
- -Dlibcurl=$(meson_multilib_native_use curl)
- -Delfutils=$(meson_multilib_native_use elfutils)
- -Dgcrypt=$(meson_use gcrypt)
- -Dgnu-efi=$(meson_multilib_native_use gnuefi)
- -Defi-libdir="${EPREFIX}/usr/$(get_libdir)"
- -Dmicrohttpd=$(meson_multilib_native_use http)
- $(usex http -Dgnutls=$(meson_multilib_native_use ssl) -Dgnutls=false)
- -Dimportd=$(meson_multilib_native_use importd)
- -Dbzip2=$(meson_multilib_native_use importd)
- -Dzlib=$(meson_multilib_native_use importd)
- -Dkmod=$(meson_multilib_native_use kmod)
- -Dlz4=$(meson_use lz4)
- -Dxz=$(meson_use lzma)
- -Dlibiptc=$(meson_multilib_native_use nat)
- -Dpam=$(meson_use pam)
- -Dpcre2=$(meson_multilib_native_use pcre)
- -Dpolkit=$(meson_multilib_native_use policykit)
- -Dqrencode=$(meson_multilib_native_use qrcode)
- -Dseccomp=$(meson_multilib_native_use seccomp)
- -Dselinux=$(meson_multilib_native_use selinux)
- #-Dtests=$(meson_multilib_native_use test)
- -Ddbus=$(meson_multilib_native_use test)
- -Dxkbcommon=$(meson_multilib_native_use xkb)
- # hardcode a few paths to spare some deps
- -Dkill-path=/bin/kill
- -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
- # Breaks screen, tmux, etc.
- -Ddefault-kill-user-processes=false
-
- # multilib options
- -Dbacklight=$(meson_multilib)
- -Dbinfmt=$(meson_multilib)
- -Dcoredump=$(meson_multilib)
- -Denvironment-d=$(meson_multilib)
- -Dfirstboot=$(meson_multilib)
- -Dhibernate=$(meson_multilib)
- -Dhostnamed=$(meson_multilib)
- -Dhwdb=$(meson_multilib)
- -Dldconfig=$(meson_multilib)
- -Dlocaled=$(meson_multilib)
- -Dman=$(meson_multilib)
- -Dnetworkd=$(meson_multilib)
- -Dquotacheck=$(meson_multilib)
- -Drandomseed=$(meson_multilib)
- -Drfkill=$(meson_multilib)
- -Dsysusers=$(meson_multilib)
- -Dtimedated=$(meson_multilib)
- -Dtimesyncd=$(meson_multilib)
- -Dtmpfiles=$(meson_multilib)
- -Dvconsole=$(meson_multilib)
- )
-
- if multilib_is_native_abi && use idn; then
- myconf+=(
- -Dlibidn2=$(usex libidn2 true false)
- -Dlibidn=$(usex libidn2 false true)
- )
- else
- myconf+=(
- -Dlibidn2=false
- -Dlibidn=false
- )
- fi
-
- meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_compile() {
- eninja
-}
-
-multilib_src_test() {
- eninja test
-}
-
-multilib_src_install() {
- DESTDIR="${D}" eninja install
-}
-
-multilib_src_install_all() {
- # meson doesn't know about docdir
- mv "${ED%/}"/usr/share/doc/{systemd,${PF}} || die
-
- einstalldocs
- dodoc "${FILESDIR}"/nsswitch.conf
-
- if use sysv-utils; then
- local app
- for app in halt poweroff reboot runlevel shutdown telinit; do
- dosym ../bin/systemctl /sbin/${app}
- done
- dosym ../lib/systemd/systemd /sbin/init
- else
- # we just keep sysvinit tools, so no need for the mans
- rm "${ED%/}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
- || die
- rm "${ED%/}"/usr/share/man/man1/init.1 || die
- fi
-
- # Preserve empty dirs in /etc & /var, bug #437008
- keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
- keepdir /etc/systemd/{ntp-units.d,user} /var/lib/systemd
- keepdir /etc/udev/{hwdb.d,rules.d}
- keepdir /var/log/journal/remote
-
- # Symlink /etc/sysctl.conf for easy migration.
- dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
-
- # If we install these symlinks, there is no way for the sysadmin to remove them
- # permanently.
- rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
- rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.network1.service || die
- rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
- rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.resolve1.service || die
- rm -fr "${ED%/}"/etc/systemd/system/network-online.target.wants || die
- rm -fr "${ED%/}"/etc/systemd/system/sockets.target.wants || die
- rm -fr "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
-
- local udevdir=/lib/udev
- use usrmerge && udevdir=/usr/lib/udev
-
- rm -r "${ED%/}${udevdir}/hwdb.d" || die
-
- if ! use usrmerge; then
- # Avoid breaking boot/reboot
- dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
- dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
- fi
-}
-
-migrate_locale() {
- local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
- local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
- local locale_conf="${EROOT%/}/etc/locale.conf"
-
- if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
- # If locale.conf does not exist...
- if [[ -e ${envd_locale} ]]; then
- # ...either copy env.d/??locale if there's one
- ebegin "Moving ${envd_locale} to ${locale_conf}"
- mv "${envd_locale}" "${locale_conf}"
- eend ${?} || FAIL=1
- else
- # ...or create a dummy default
- ebegin "Creating ${locale_conf}"
- cat > "${locale_conf}" <<-EOF
- # This file has been created by the sys-apps/systemd ebuild.
- # See locale.conf(5) and localectl(1).
-
- # LANG=${LANG}
- EOF
- eend ${?} || FAIL=1
- fi
- fi
-
- if [[ ! -L ${envd_locale} ]]; then
- # now, if env.d/??locale is not a symlink (to locale.conf)...
- if [[ -e ${envd_locale} ]]; then
- # ...warn the user that he has duplicate locale settings
- ewarn
- ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
- ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
- ewarn "and create the symlink with the following command:"
- ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
- ewarn
- else
- # ...or just create the symlink if there's nothing here
- ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
- ln -n -s ../locale.conf "${envd_locale_def}"
- eend ${?} || FAIL=1
- fi
- fi
-}
-
-pkg_postinst() {
- newusergroup() {
- enewgroup "$1"
- enewuser "$1" -1 -1 -1 "$1"
- }
-
- enewgroup input
- enewgroup kvm 78
- enewgroup render
- enewgroup systemd-journal
- newusergroup systemd-bus-proxy
- newusergroup systemd-coredump
- newusergroup systemd-journal-gateway
- newusergroup systemd-journal-remote
- newusergroup systemd-journal-upload
- newusergroup systemd-network
- newusergroup systemd-resolve
- newusergroup systemd-timesync
-
- systemd_update_catalog
-
- # Keep this here in case the database format changes so it gets updated
- # when required. Despite that this file is owned by sys-apps/hwids.
- if has_version "sys-apps/hwids[udev]"; then
- udevadm hwdb --update --root="${EROOT%/}"
- fi
-
- udev_reload || FAIL=1
-
- # Bug 465468, make sure locales are respect, and ensure consistency
- # between OpenRC & systemd
- migrate_locale
-
- systemd_reenable systemd-networkd.service systemd-resolved.service
-
- if [[ ${FAIL} ]]; then
- eerror "One of the postinst commands failed. Please check the postinst output"
- eerror "for errors. You may need to clean up your system and/or try installing"
- eerror "systemd again."
- eerror
- fi
-}
-
-pkg_prerm() {
- # If removing systemd completely, remove the catalog database.
- if [[ ! ${REPLACED_BY_VERSION} ]]; then
- rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
- fi
-}
diff --git a/sys-apps/systemd/systemd-238-r1.ebuild b/sys-apps/systemd/systemd-238-r1.ebuild
deleted file mode 100644
index 2903bb82e51..00000000000
--- a/sys-apps/systemd/systemd-238-r1.ebuild
+++ /dev/null
@@ -1,437 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-if [[ ${PV} == 9999 ]]; then
- EGIT_REPO_URI="https://github.com/systemd/systemd.git"
- inherit git-r3
-else
- SRC_URI="https://github.com/systemd/systemd/archive/v${PV}/${P}.tar.gz"
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~x86"
-fi
-
-PYTHON_COMPAT=( python{3_4,3_5,3_6} )
-
-inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev user
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi http idn importd +kmod libidn2 +lz4 lzma nat pam pcre policykit qrcode +seccomp selinux ssl +sysv-utils test usrmerge vanilla xkb"
-
-REQUIRED_USE="importd? ( curl gcrypt lzma )"
-RESTRICT="!test? ( test )"
-
-MINKV="3.11"
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
- sys-libs/libcap:0=[${MULTILIB_USEDEP}]
- !<sys-libs/glibc-2.16
- acl? ( sys-apps/acl:0= )
- apparmor? ( sys-libs/libapparmor:0= )
- audit? ( >=sys-process/audit-2:0= )
- cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
- curl? ( net-misc/curl:0= )
- elfutils? ( >=dev-libs/elfutils-0.158:0= )
- gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
- http? (
- >=net-libs/libmicrohttpd-0.9.33:0=
- ssl? ( >=net-libs/gnutls-3.1.4:0= )
- )
- idn? (
- libidn2? ( net-dns/libidn2 )
- !libidn2? ( net-dns/libidn )
- )
- importd? (
- app-arch/bzip2:0=
- sys-libs/zlib:0=
- )
- kmod? ( >=sys-apps/kmod-15:0= )
- lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
- lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
- nat? ( net-firewall/iptables:0= )
- pam? ( virtual/pam:=[${MULTILIB_USEDEP}] )
- pcre? ( dev-libs/libpcre2 )
- qrcode? ( media-gfx/qrencode:0= )
- seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
- selinux? ( sys-libs/libselinux:0= )
- xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
- abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
- >=sys-apps/baselayout-2.2
- selinux? ( sec-policy/selinux-base-policy[systemd] )
- sysv-utils? ( !sys-apps/sysvinit )
- !sysv-utils? ( sys-apps/sysvinit )
- !build? ( || (
- sys-apps/util-linux[kill(-)]
- sys-process/procps[kill(+)]
- sys-apps/coreutils[kill(-)]
- ) )
- !sys-auth/nss-myhostname
- !<sys-kernel/dracut-044
- !sys-fs/eudev
- !sys-fs/udev"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
- >=sys-apps/hwids-20150417[udev]
- >=sys-fs/udev-init-scripts-25
- policykit? ( sys-auth/polkit )
- !vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
- app-arch/xz-utils:0
- dev-util/gperf
- >=dev-util/intltool-0.50
- >=sys-apps/coreutils-8.16
- >=sys-kernel/linux-headers-${MINKV}
- virtual/pkgconfig
- gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
- test? ( sys-apps/dbus )
- app-text/docbook-xml-dtd:4.2
- app-text/docbook-xml-dtd:4.5
- app-text/docbook-xsl-stylesheets
- dev-libs/libxslt:0
- $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
-"
-
-pkg_pretend() {
- if [[ ${MERGE_TYPE} != buildonly ]]; then
- local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
- ~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
- ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
- ~TIMERFD ~TMPFS_XATTR ~UNIX
- ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
- ~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
- ~!SYSFS_DEPRECATED_V2"
-
- use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
- use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
- kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
- kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
- kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
-
- if linux_config_exists; then
- local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
- if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
- ewarn "It's recommended to set an empty value to the following kernel config option:"
- ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
- fi
- if linux_chkconfig_present X86; then
- CONFIG_CHECK+=" ~DMIID"
- fi
- fi
-
- if kernel_is -lt ${MINKV//./ }; then
- ewarn "Kernel version at least ${MINKV} required"
- fi
-
- check_extra_config
- fi
-}
-
-pkg_setup() {
- :
-}
-
-src_unpack() {
- default
- [[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
- local PATCHES=(
- "${FILESDIR}/238-0001-sd-bus-do-not-try-to-close-already-closed-fd-8392.patch"
- "${FILESDIR}/238-0002-core-do-not-free-heap-allocated-strings-8391.patch"
- "${FILESDIR}/238-libmount-include.patch"
- )
-
- [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
- if ! use vanilla; then
- PATCHES+=(
- "${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
- "${FILESDIR}/gentoo-systemd-user-pam.patch"
- "${FILESDIR}/gentoo-uucp-group-r1.patch"
- "${FILESDIR}/gentoo-generator-path.patch"
- )
- fi
-
- default
-}
-
-src_configure() {
- # Prevent conflicts with i686 cross toolchain, bug 559726
- tc-export AR CC NM OBJCOPY RANLIB
-
- python_setup
-
- multilib-minimal_src_configure
-}
-
-meson_use() {
- usex "$1" true false
-}
-
-meson_multilib() {
- if multilib_is_native_abi; then
- echo true
- else
- echo false
- fi
-}
-
-meson_multilib_native_use() {
- if multilib_is_native_abi && use "$1"; then
- echo true
- else
- echo false
- fi
-}
-
-multilib_src_configure() {
- local myconf=(
- --localstatedir="${EPREFIX}/var"
- -Dpamlibdir="$(getpam_mod_dir)"
- # avoid bash-completion dep
- -Dbashcompletiondir="$(get_bashcompdir)"
- # make sure we get /bin:/sbin in PATH
- -Dsplit-usr=$(usex usrmerge false true)
- -Drootprefix="$(usex usrmerge "${EPREFIX}/usr" "${EPREFIX:-/}")"
- -Dsysvinit-path=
- -Dsysvrcnd-path=
- # Avoid infinite exec recursion, bug 642724
- -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
- # no deps
- -Defi=$(meson_multilib)
- -Dima=true
- # Optional components/dependencies
- -Dacl=$(meson_multilib_native_use acl)
- -Dapparmor=$(meson_multilib_native_use apparmor)
- -Daudit=$(meson_multilib_native_use audit)
- -Dlibcryptsetup=$(meson_multilib_native_use cryptsetup)
- -Dlibcurl=$(meson_multilib_native_use curl)
- -Delfutils=$(meson_multilib_native_use elfutils)
- -Dgcrypt=$(meson_use gcrypt)
- -Dgnu-efi=$(meson_multilib_native_use gnuefi)
- -Defi-libdir="${EPREFIX}/usr/$(get_libdir)"
- -Dmicrohttpd=$(meson_multilib_native_use http)
- $(usex http -Dgnutls=$(meson_multilib_native_use ssl) -Dgnutls=false)
- -Dimportd=$(meson_multilib_native_use importd)
- -Dbzip2=$(meson_multilib_native_use importd)
- -Dzlib=$(meson_multilib_native_use importd)
- -Dkmod=$(meson_multilib_native_use kmod)
- -Dlz4=$(meson_use lz4)
- -Dxz=$(meson_use lzma)
- -Dlibiptc=$(meson_multilib_native_use nat)
- -Dpam=$(meson_use pam)
- -Dpcre2=$(meson_multilib_native_use pcre)
- -Dpolkit=$(meson_multilib_native_use policykit)
- -Dqrencode=$(meson_multilib_native_use qrcode)
- -Dseccomp=$(meson_multilib_native_use seccomp)
- -Dselinux=$(meson_multilib_native_use selinux)
- #-Dtests=$(meson_multilib_native_use test)
- -Ddbus=$(meson_multilib_native_use test)
- -Dxkbcommon=$(meson_multilib_native_use xkb)
- # hardcode a few paths to spare some deps
- -Dkill-path=/bin/kill
- -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
- # Breaks screen, tmux, etc.
- -Ddefault-kill-user-processes=false
-
- # multilib options
- -Dbacklight=$(meson_multilib)
- -Dbinfmt=$(meson_multilib)
- -Dcoredump=$(meson_multilib)
- -Denvironment-d=$(meson_multilib)
- -Dfirstboot=$(meson_multilib)
- -Dhibernate=$(meson_multilib)
- -Dhostnamed=$(meson_multilib)
- -Dhwdb=$(meson_multilib)
- -Dldconfig=$(meson_multilib)
- -Dlocaled=$(meson_multilib)
- -Dman=$(meson_multilib)
- -Dnetworkd=$(meson_multilib)
- -Dquotacheck=$(meson_multilib)
- -Drandomseed=$(meson_multilib)
- -Drfkill=$(meson_multilib)
- -Dsysusers=$(meson_multilib)
- -Dtimedated=$(meson_multilib)
- -Dtimesyncd=$(meson_multilib)
- -Dtmpfiles=$(meson_multilib)
- -Dvconsole=$(meson_multilib)
- )
-
- if multilib_is_native_abi && use idn; then
- myconf+=(
- -Dlibidn2=$(usex libidn2 true false)
- -Dlibidn=$(usex libidn2 false true)
- )
- else
- myconf+=(
- -Dlibidn2=false
- -Dlibidn=false
- )
- fi
-
- meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_compile() {
- eninja
-}
-
-multilib_src_test() {
- eninja test
-}
-
-multilib_src_install() {
- DESTDIR="${D}" eninja install
-}
-
-multilib_src_install_all() {
- # meson doesn't know about docdir
- mv "${ED%/}"/usr/share/doc/{systemd,${PF}} || die
-
- einstalldocs
- dodoc "${FILESDIR}"/nsswitch.conf
-
- if ! use sysv-utils; then
- local rootprefix=$(usex usrmerge /usr '')
- rm "${ED%/}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
- rmdir "${ED%/}${rootprefix}"/sbin || die
- rm "${ED%/}"/usr/share/man/man1/init.1 || die
- rm "${ED%/}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
- fi
-
- # Preserve empty dirs in /etc & /var, bug #437008
- keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
- keepdir /etc/systemd/{ntp-units.d,user} /var/lib/systemd
- keepdir /etc/udev/{hwdb.d,rules.d}
- keepdir /var/log/journal/remote
-
- # Symlink /etc/sysctl.conf for easy migration.
- dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
-
- # If we install these symlinks, there is no way for the sysadmin to remove them
- # permanently.
- rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
- rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.network1.service || die
- rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
- rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.resolve1.service || die
- rm -fr "${ED%/}"/etc/systemd/system/network-online.target.wants || die
- rm -fr "${ED%/}"/etc/systemd/system/sockets.target.wants || die
- rm -fr "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
-
- local udevdir=/lib/udev
- use usrmerge && udevdir=/usr/lib/udev
-
- rm -r "${ED%/}${udevdir}/hwdb.d" || die
-
- if ! use usrmerge; then
- # Avoid breaking boot/reboot
- dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
- dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
- fi
-}
-
-migrate_locale() {
- local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
- local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
- local locale_conf="${EROOT%/}/etc/locale.conf"
-
- if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
- # If locale.conf does not exist...
- if [[ -e ${envd_locale} ]]; then
- # ...either copy env.d/??locale if there's one
- ebegin "Moving ${envd_locale} to ${locale_conf}"
- mv "${envd_locale}" "${locale_conf}"
- eend ${?} || FAIL=1
- else
- # ...or create a dummy default
- ebegin "Creating ${locale_conf}"
- cat > "${locale_conf}" <<-EOF
- # This file has been created by the sys-apps/systemd ebuild.
- # See locale.conf(5) and localectl(1).
-
- # LANG=${LANG}
- EOF
- eend ${?} || FAIL=1
- fi
- fi
-
- if [[ ! -L ${envd_locale} ]]; then
- # now, if env.d/??locale is not a symlink (to locale.conf)...
- if [[ -e ${envd_locale} ]]; then
- # ...warn the user that he has duplicate locale settings
- ewarn
- ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
- ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
- ewarn "and create the symlink with the following command:"
- ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
- ewarn
- else
- # ...or just create the symlink if there's nothing here
- ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
- ln -n -s ../locale.conf "${envd_locale_def}"
- eend ${?} || FAIL=1
- fi
- fi
-}
-
-pkg_postinst() {
- newusergroup() {
- enewgroup "$1"
- enewuser "$1" -1 -1 -1 "$1"
- }
-
- enewgroup input
- enewgroup kvm 78
- enewgroup render
- enewgroup systemd-journal
- newusergroup systemd-bus-proxy
- newusergroup systemd-coredump
- newusergroup systemd-journal-gateway
- newusergroup systemd-journal-remote
- newusergroup systemd-journal-upload
- newusergroup systemd-network
- newusergroup systemd-resolve
- newusergroup systemd-timesync
-
- systemd_update_catalog
-
- # Keep this here in case the database format changes so it gets updated
- # when required. Despite that this file is owned by sys-apps/hwids.
- if has_version "sys-apps/hwids[udev]"; then
- udevadm hwdb --update --root="${EROOT%/}"
- fi
-
- udev_reload || FAIL=1
-
- # Bug 465468, make sure locales are respect, and ensure consistency
- # between OpenRC & systemd
- migrate_locale
-
- systemd_reenable systemd-networkd.service systemd-resolved.service
-
- if [[ ${FAIL} ]]; then
- eerror "One of the postinst commands failed. Please check the postinst output"
- eerror "for errors. You may need to clean up your system and/or try installing"
- eerror "systemd again."
- eerror
- fi
-}
-
-pkg_prerm() {
- # If removing systemd completely, remove the catalog database.
- if [[ ! ${REPLACED_BY_VERSION} ]]; then
- rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
- fi
-}
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2018-03-26 21:17 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2018-03-26 21:17 UTC (permalink / raw
To: gentoo-commits
commit: 9463c487ae1bf6a960ea83fafcda88b17c90ef06
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 26 21:17:04 2018 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Mar 26 21:17:23 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9463c487
sys-apps/systemd: fix build with util-linux-2.32
Closes: https://bugs.gentoo.org/651304
Package-Manager: Portage-2.3.24, Repoman-2.3.6_p81
sys-apps/systemd/files/238-libmount-include.patch | 72 +++++++++++++++++++++++
sys-apps/systemd/systemd-236-r5.ebuild | 1 +
sys-apps/systemd/systemd-237-r3.ebuild | 1 +
sys-apps/systemd/systemd-238-r1.ebuild | 1 +
4 files changed, 75 insertions(+)
diff --git a/sys-apps/systemd/files/238-libmount-include.patch b/sys-apps/systemd/files/238-libmount-include.patch
new file mode 100644
index 00000000000..6a02dff65e4
--- /dev/null
+++ b/sys-apps/systemd/files/238-libmount-include.patch
@@ -0,0 +1,72 @@
+From 227b8a762fea1458547be2cdf0e6e4aac0079730 Mon Sep 17 00:00:00 2001
+From: Michael Olbrich <m.olbrich@pengutronix.de>
+Date: Mon, 26 Mar 2018 17:34:53 +0200
+Subject: [PATCH] core: don't include libmount.h in a header file (#8580)
+
+linux/fs.h sys/mount.h, libmount.h and missing.h all include MS_*
+definitions.
+
+To avoid problems, only one of linux/fs.h, sys/mount.h and libmount.h
+should be included. And missing.h must be included last.
+
+Without this, building systemd may fail with:
+
+In file included from [...]/libmount/libmount.h:31:0,
+ from ../systemd-238/src/core/manager.h:23,
+ from ../systemd-238/src/core/emergency-action.h:37,
+ from ../systemd-238/src/core/unit.h:34,
+ from ../systemd-238/src/core/dbus-timer.h:25,
+ from ../systemd-238/src/core/timer.c:26:
+[...]/sys/mount.h:57:2: error: expected identifier before numeric constant
+---
+ src/core/dbus-execute.c | 1 +
+ src/core/manager.h | 3 ++-
+ src/core/mount.c | 2 ++
+ 3 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
+index 7344623ebf6..c342093bca4 100644
+--- a/src/core/dbus-execute.c
++++ b/src/core/dbus-execute.c
+@@ -18,6 +18,7 @@
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+ ***/
+
++#include <sys/mount.h>
+ #include <sys/prctl.h>
+ #include <stdio_ext.h>
+
+diff --git a/src/core/manager.h b/src/core/manager.h
+index 28c5da225b1..e09e0cdf5e9 100644
+--- a/src/core/manager.h
++++ b/src/core/manager.h
+@@ -20,7 +20,6 @@
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+ ***/
+
+-#include <libmount.h>
+ #include <stdbool.h>
+ #include <stdio.h>
+
+@@ -34,6 +33,8 @@
+ #include "list.h"
+ #include "ratelimit.h"
+
++struct libmnt_monitor;
++
+ /* Enforce upper limit how many names we allow */
+ #define MANAGER_MAX_NAMES 131072 /* 128K */
+
+diff --git a/src/core/mount.c b/src/core/mount.c
+index 0e755da5c02..0154ebda5d6 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -23,6 +23,8 @@
+ #include <stdio.h>
+ #include <sys/epoll.h>
+
++#include <libmount.h>
++
+ #include "sd-messages.h"
+
+ #include "alloc-util.h"
diff --git a/sys-apps/systemd/systemd-236-r5.ebuild b/sys-apps/systemd/systemd-236-r5.ebuild
index ed62d0a6f44..aed2113e91a 100644
--- a/sys-apps/systemd/systemd-236-r5.ebuild
+++ b/sys-apps/systemd/systemd-236-r5.ebuild
@@ -148,6 +148,7 @@ src_unpack() {
src_prepare() {
local PATCHES=(
+ "${FILESDIR}/238-libmount-include.patch"
)
[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
diff --git a/sys-apps/systemd/systemd-237-r3.ebuild b/sys-apps/systemd/systemd-237-r3.ebuild
index 466126ca683..d0254ee71db 100644
--- a/sys-apps/systemd/systemd-237-r3.ebuild
+++ b/sys-apps/systemd/systemd-237-r3.ebuild
@@ -150,6 +150,7 @@ src_unpack() {
src_prepare() {
local PATCHES=(
"${FILESDIR}/237-0001-networkctl-display-type.patch"
+ "${FILESDIR}/238-libmount-include.patch"
)
[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
diff --git a/sys-apps/systemd/systemd-238-r1.ebuild b/sys-apps/systemd/systemd-238-r1.ebuild
index 2898aa322ed..2903bb82e51 100644
--- a/sys-apps/systemd/systemd-238-r1.ebuild
+++ b/sys-apps/systemd/systemd-238-r1.ebuild
@@ -150,6 +150,7 @@ src_prepare() {
local PATCHES=(
"${FILESDIR}/238-0001-sd-bus-do-not-try-to-close-already-closed-fd-8392.patch"
"${FILESDIR}/238-0002-core-do-not-free-heap-allocated-strings-8391.patch"
+ "${FILESDIR}/238-libmount-include.patch"
)
[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2018-03-10 17:29 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2018-03-10 17:29 UTC (permalink / raw
To: gentoo-commits
commit: 7adcd630f7cdd1edbc7677d83976547506a6f661
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 10 17:29:26 2018 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Mar 10 17:29:26 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7adcd630
sys-apps/systemd: bump to 238
Package-Manager: Portage-2.3.24, Repoman-2.3.6_p81
sys-apps/systemd/Manifest | 1 +
...o-not-try-to-close-already-closed-fd-8392.patch | 26 ++
...e-do-not-free-heap-allocated-strings-8391.patch | 44 ++
sys-apps/systemd/systemd-238.ebuild | 441 +++++++++++++++++++++
4 files changed, 512 insertions(+)
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 6d774fd4839..4907d8f2d32 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -5,3 +5,4 @@ DIST systemd-236-patches-2.tar.gz 54737 BLAKE2B bce5f9e234c975a2b6e474ca2a0c2c82
DIST systemd-236.tar.gz 6759035 BLAKE2B 0fc26bd67fb6cc3b0565c763fc26e38186c4b05c3d38652b73a2189dfbfb46382dba239f7f6f889eec57ad1d8f69d4098745c8f4ca16a707aa23b7771f2328f3 SHA512 1a9672960e03e05c09e41fb8cfe9b0f25e867fd43f37f8371515ddddfdbd4270afd746a6da733f6d1d3b2cc43db1ecc7a9f2245f2dac2ec233db74e9e70e4f6d
DIST systemd-237-patches-0.tar.gz 74617 BLAKE2B 52750bb08731e9e694a00fedc1e42beb7c6ad7736d3b6567f2ab094d4356506d10ec11e1c4c62623078d647c3314c71c9f141eb7c8628b610fd8a5e818b90ec6 SHA512 a6db99b330585e57c722bb0e692b0d988d5fbfef60c6cc87efbb7b903e55642c2f03bf6cdc80f15da22d0c41b5051387dac23a2f04238331f235154b17f32d1b
DIST systemd-237.tar.gz 6871350 BLAKE2B 4734a110a297fbbd6679bced6302fcdca55ab5d4207905e8dee9f5545f1de841d5adeaa4fd89961b9e63709d04b5c862b8bc81481311cf8e72ee327e459c9d91 SHA512 15ef4b92815a6dd9a6c51672dbc00fd7cd0f08068ef0cbeaca574f68d330b28bc67ba1946f24f75ef3d9e7b63843a73eea700db54688061dbf5c9f8470394c3b
+DIST systemd-238.tar.gz 6954022 BLAKE2B 9b5cc36a7234c0d037a2656ee1e5ed54186a394b8be41771ebc29c903d3efcecf7f13f004a6d1695c022923bd0d540a243e897852f07e810f73fd3163f688dde SHA512 c0f272b022308d3bd94679184e102a8dc85de55310bda205a458ea33c77c7733e5c8c8e5b15f786ba3e0ce59e7c6a9bf0d5a0950517c6b91e0f345950129b9c8
diff --git a/sys-apps/systemd/files/238-0001-sd-bus-do-not-try-to-close-already-closed-fd-8392.patch b/sys-apps/systemd/files/238-0001-sd-bus-do-not-try-to-close-already-closed-fd-8392.patch
new file mode 100644
index 00000000000..c39575c62b6
--- /dev/null
+++ b/sys-apps/systemd/files/238-0001-sd-bus-do-not-try-to-close-already-closed-fd-8392.patch
@@ -0,0 +1,26 @@
+From 5681f772d7bc8226cb10bfc7f9fba0a29e34a54d Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Thu, 8 Mar 2018 22:19:35 +0900
+Subject: [PATCH 1/2] sd-bus: do not try to close already closed fd (#8392)
+
+Fixes #8376, which is introduced by 2b33ab0957f453a06b58e4bee482f2c2d4e100c1.
+---
+ src/libsystemd/sd-bus/bus-socket.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
+index b5160cff6..166fba157 100644
+--- a/src/libsystemd/sd-bus/bus-socket.c
++++ b/src/libsystemd/sd-bus/bus-socket.c
+@@ -960,8 +960,6 @@ int bus_socket_exec(sd_bus *b) {
+ if (r == 0) {
+ /* Child */
+
+- safe_close(s[0]);
+-
+ if (rearrange_stdio(s[1], s[1], STDERR_FILENO) < 0)
+ _exit(EXIT_FAILURE);
+
+--
+2.16.2
+
diff --git a/sys-apps/systemd/files/238-0002-core-do-not-free-heap-allocated-strings-8391.patch b/sys-apps/systemd/files/238-0002-core-do-not-free-heap-allocated-strings-8391.patch
new file mode 100644
index 00000000000..3ee2527f77d
--- /dev/null
+++ b/sys-apps/systemd/files/238-0002-core-do-not-free-heap-allocated-strings-8391.patch
@@ -0,0 +1,44 @@
+From 84c5e8010042788a03cff680592b37257b2a6de0 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Thu, 8 Mar 2018 22:21:54 +0900
+Subject: [PATCH 2/2] core: do not free heap-allocated strings (#8391)
+
+Fixes #8387.
+---
+ src/core/mount-setup.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
+index 536c17b4d..9c27972af 100644
+--- a/src/core/mount-setup.c
++++ b/src/core/mount-setup.c
+@@ -248,6 +248,7 @@ int mount_setup_early(void) {
+
+ int mount_cgroup_controllers(char ***join_controllers) {
+ _cleanup_set_free_free_ Set *controllers = NULL;
++ bool has_argument = !!join_controllers;
+ int r;
+
+ if (!cg_is_legacy_wanted())
+@@ -255,7 +256,7 @@ int mount_cgroup_controllers(char ***join_controllers) {
+
+ /* Mount all available cgroup controllers that are built into the kernel. */
+
+- if (!join_controllers)
++ if (!has_argument)
+ /* The defaults:
+ * mount "cpu" + "cpuacct" together, and "net_cls" + "net_prio".
+ *
+@@ -300,7 +301,8 @@ int mount_cgroup_controllers(char ***join_controllers) {
+
+ t = set_remove(controllers, *i);
+ if (!t) {
+- free(*i);
++ if (has_argument)
++ free(*i);
+ continue;
+ }
+ }
+--
+2.16.2
+
diff --git a/sys-apps/systemd/systemd-238.ebuild b/sys-apps/systemd/systemd-238.ebuild
new file mode 100644
index 00000000000..00e28112485
--- /dev/null
+++ b/sys-apps/systemd/systemd-238.ebuild
@@ -0,0 +1,441 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+if [[ ${PV} == 9999 ]]; then
+ EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+ inherit git-r3
+else
+ SRC_URI="https://github.com/systemd/systemd/archive/v${PV}/${P}.tar.gz"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~x86"
+fi
+
+PYTHON_COMPAT=( python{3_4,3_5,3_6} )
+
+inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev user
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi http idn importd +kmod libidn2 +lz4 lzma nat pam pcre policykit qrcode +seccomp selinux ssl +sysv-utils test usrmerge vanilla xkb"
+
+REQUIRED_USE="importd? ( curl gcrypt lzma )"
+RESTRICT="!test? ( test )"
+
+MINKV="3.11"
+
+COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+ sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+ !<sys-libs/glibc-2.16
+ acl? ( sys-apps/acl:0= )
+ apparmor? ( sys-libs/libapparmor:0= )
+ audit? ( >=sys-process/audit-2:0= )
+ cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
+ curl? ( net-misc/curl:0= )
+ elfutils? ( >=dev-libs/elfutils-0.158:0= )
+ gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+ http? (
+ >=net-libs/libmicrohttpd-0.9.33:0=
+ ssl? ( >=net-libs/gnutls-3.1.4:0= )
+ )
+ idn? (
+ libidn2? ( net-dns/libidn2 )
+ !libidn2? ( net-dns/libidn )
+ )
+ importd? (
+ app-arch/bzip2:0=
+ sys-libs/zlib:0=
+ )
+ kmod? ( >=sys-apps/kmod-15:0= )
+ lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+ nat? ( net-firewall/iptables:0= )
+ pam? ( virtual/pam:=[${MULTILIB_USEDEP}] )
+ pcre? ( dev-libs/libpcre2 )
+ qrcode? ( media-gfx/qrencode:0= )
+ seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+ selinux? ( sys-libs/libselinux:0= )
+ xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
+ abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+ >=sys-apps/baselayout-2.2
+ selinux? ( sec-policy/selinux-base-policy[systemd] )
+ sysv-utils? ( !sys-apps/sysvinit )
+ !sysv-utils? ( sys-apps/sysvinit )
+ !build? ( || (
+ sys-apps/util-linux[kill(-)]
+ sys-process/procps[kill(+)]
+ sys-apps/coreutils[kill(-)]
+ ) )
+ !sys-auth/nss-myhostname
+ !<sys-kernel/dracut-044
+ !sys-fs/eudev
+ !sys-fs/udev"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+ >=sys-apps/hwids-20150417[udev]
+ >=sys-fs/udev-init-scripts-25
+ policykit? ( sys-auth/polkit )
+ !vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+ app-arch/xz-utils:0
+ dev-util/gperf
+ >=dev-util/intltool-0.50
+ >=sys-apps/coreutils-8.16
+ >=sys-kernel/linux-headers-${MINKV}
+ virtual/pkgconfig
+ gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
+ test? ( sys-apps/dbus )
+ app-text/docbook-xml-dtd:4.2
+ app-text/docbook-xml-dtd:4.5
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt:0
+ $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
+"
+
+pkg_pretend() {
+ if [[ ${MERGE_TYPE} != buildonly ]]; then
+ local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
+ ~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+ ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+ ~TIMERFD ~TMPFS_XATTR ~UNIX
+ ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+ ~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+ ~!SYSFS_DEPRECATED_V2"
+
+ use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+ use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+ kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
+ kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
+ kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
+
+ if linux_config_exists; then
+ local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+ if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+ ewarn "It's recommended to set an empty value to the following kernel config option:"
+ ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+ fi
+ if linux_chkconfig_present X86; then
+ CONFIG_CHECK+=" ~DMIID"
+ fi
+ fi
+
+ if kernel_is -lt ${MINKV//./ }; then
+ ewarn "Kernel version at least ${MINKV} required"
+ fi
+
+ check_extra_config
+ fi
+}
+
+pkg_setup() {
+ :
+}
+
+src_unpack() {
+ default
+ [[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+ local PATCHES=(
+ "${FILESDIR}/238-0001-sd-bus-do-not-try-to-close-already-closed-fd-8392.patch"
+ "${FILESDIR}/238-0002-core-do-not-free-heap-allocated-strings-8391.patch"
+ )
+
+ [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
+
+ if ! use vanilla; then
+ PATCHES+=(
+ "${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
+ "${FILESDIR}/gentoo-systemd-user-pam.patch"
+ "${FILESDIR}/gentoo-uucp-group-r1.patch"
+ "${FILESDIR}/gentoo-generator-path.patch"
+ )
+ fi
+
+ default
+}
+
+src_configure() {
+ # Prevent conflicts with i686 cross toolchain, bug 559726
+ tc-export AR CC NM OBJCOPY RANLIB
+
+ python_setup
+
+ multilib-minimal_src_configure
+}
+
+meson_use() {
+ usex "$1" true false
+}
+
+meson_multilib() {
+ if multilib_is_native_abi; then
+ echo true
+ else
+ echo false
+ fi
+}
+
+meson_multilib_native_use() {
+ if multilib_is_native_abi && use "$1"; then
+ echo true
+ else
+ echo false
+ fi
+}
+
+multilib_src_configure() {
+ local myconf=(
+ --localstatedir="${EPREFIX}/var"
+ -Dpamlibdir="$(getpam_mod_dir)"
+ # avoid bash-completion dep
+ -Dbashcompletiondir="$(get_bashcompdir)"
+ # make sure we get /bin:/sbin in PATH
+ -Dsplit-usr=$(usex usrmerge false true)
+ -Drootprefix="$(usex usrmerge "${EPREFIX}/usr" "${EPREFIX:-/}")"
+ -Dsysvinit-path=
+ -Dsysvrcnd-path=
+ # Avoid infinite exec recursion, bug 642724
+ -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+ # no deps
+ -Defi=$(meson_multilib)
+ -Dima=true
+ # Optional components/dependencies
+ -Dacl=$(meson_multilib_native_use acl)
+ -Dapparmor=$(meson_multilib_native_use apparmor)
+ -Daudit=$(meson_multilib_native_use audit)
+ -Dlibcryptsetup=$(meson_multilib_native_use cryptsetup)
+ -Dlibcurl=$(meson_multilib_native_use curl)
+ -Delfutils=$(meson_multilib_native_use elfutils)
+ -Dgcrypt=$(meson_use gcrypt)
+ -Dgnu-efi=$(meson_multilib_native_use gnuefi)
+ -Defi-libdir="${EPREFIX}/usr/$(get_libdir)"
+ -Dmicrohttpd=$(meson_multilib_native_use http)
+ $(usex http -Dgnutls=$(meson_multilib_native_use ssl) -Dgnutls=false)
+ -Dimportd=$(meson_multilib_native_use importd)
+ -Dbzip2=$(meson_multilib_native_use importd)
+ -Dzlib=$(meson_multilib_native_use importd)
+ -Dkmod=$(meson_multilib_native_use kmod)
+ -Dlz4=$(meson_use lz4)
+ -Dxz=$(meson_use lzma)
+ -Dlibiptc=$(meson_multilib_native_use nat)
+ -Dpam=$(meson_use pam)
+ -Dpcre2=$(meson_multilib_native_use pcre)
+ -Dpolkit=$(meson_multilib_native_use policykit)
+ -Dqrencode=$(meson_multilib_native_use qrcode)
+ -Dseccomp=$(meson_multilib_native_use seccomp)
+ -Dselinux=$(meson_multilib_native_use selinux)
+ #-Dtests=$(meson_multilib_native_use test)
+ -Ddbus=$(meson_multilib_native_use test)
+ -Dxkbcommon=$(meson_multilib_native_use xkb)
+ # hardcode a few paths to spare some deps
+ -Dkill-path=/bin/kill
+ -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+ # Breaks screen, tmux, etc.
+ -Ddefault-kill-user-processes=false
+
+ # multilib options
+ -Dbacklight=$(meson_multilib)
+ -Dbinfmt=$(meson_multilib)
+ -Dcoredump=$(meson_multilib)
+ -Denvironment-d=$(meson_multilib)
+ -Dfirstboot=$(meson_multilib)
+ -Dhibernate=$(meson_multilib)
+ -Dhostnamed=$(meson_multilib)
+ -Dhwdb=$(meson_multilib)
+ -Dldconfig=$(meson_multilib)
+ -Dlocaled=$(meson_multilib)
+ -Dman=$(meson_multilib)
+ -Dnetworkd=$(meson_multilib)
+ -Dquotacheck=$(meson_multilib)
+ -Drandomseed=$(meson_multilib)
+ -Drfkill=$(meson_multilib)
+ -Dsysusers=$(meson_multilib)
+ -Dtimedated=$(meson_multilib)
+ -Dtimesyncd=$(meson_multilib)
+ -Dtmpfiles=$(meson_multilib)
+ -Dvconsole=$(meson_multilib)
+ )
+
+ if multilib_is_native_abi && use idn; then
+ myconf+=(
+ -Dlibidn2=$(usex libidn2 true false)
+ -Dlibidn=$(usex libidn2 false true)
+ )
+ else
+ myconf+=(
+ -Dlibidn2=false
+ -Dlibidn=false
+ )
+ fi
+
+ meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_compile() {
+ eninja
+}
+
+multilib_src_test() {
+ eninja test
+}
+
+multilib_src_install() {
+ DESTDIR="${D}" eninja install
+}
+
+multilib_src_install_all() {
+ # meson doesn't know about docdir
+ mv "${ED%/}"/usr/share/doc/{systemd,${PF}} || die
+
+ einstalldocs
+ dodoc "${FILESDIR}"/nsswitch.conf
+
+ if use sysv-utils; then
+ local app
+ for app in halt poweroff reboot runlevel shutdown telinit; do
+ dosym ../bin/systemctl /sbin/${app}
+ done
+ dosym ../lib/systemd/systemd /sbin/init
+ else
+ # we just keep sysvinit tools, so no need for the mans
+ rm "${ED%/}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
+ || die
+ rm "${ED%/}"/usr/share/man/man1/init.1 || die
+ fi
+
+ # Preserve empty dirs in /etc & /var, bug #437008
+ keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+ keepdir /etc/systemd/{ntp-units.d,user} /var/lib/systemd
+ keepdir /etc/udev/{hwdb.d,rules.d}
+ keepdir /var/log/journal/remote
+
+ # Symlink /etc/sysctl.conf for easy migration.
+ dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
+
+ # If we install these symlinks, there is no way for the sysadmin to remove them
+ # permanently.
+ rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
+ rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.network1.service || die
+ rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
+ rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.resolve1.service || die
+ rm -fr "${ED%/}"/etc/systemd/system/network-online.target.wants || die
+ rm -fr "${ED%/}"/etc/systemd/system/sockets.target.wants || die
+ rm -fr "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
+
+ local udevdir=/lib/udev
+ use usrmerge && udevdir=/usr/lib/udev
+
+ rm -r "${ED%/}${udevdir}/hwdb.d" || die
+
+ if ! use usrmerge; then
+ # Avoid breaking boot/reboot
+ dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
+ dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
+ fi
+}
+
+migrate_locale() {
+ local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
+ local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
+ local locale_conf="${EROOT%/}/etc/locale.conf"
+
+ if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+ # If locale.conf does not exist...
+ if [[ -e ${envd_locale} ]]; then
+ # ...either copy env.d/??locale if there's one
+ ebegin "Moving ${envd_locale} to ${locale_conf}"
+ mv "${envd_locale}" "${locale_conf}"
+ eend ${?} || FAIL=1
+ else
+ # ...or create a dummy default
+ ebegin "Creating ${locale_conf}"
+ cat > "${locale_conf}" <<-EOF
+ # This file has been created by the sys-apps/systemd ebuild.
+ # See locale.conf(5) and localectl(1).
+
+ # LANG=${LANG}
+ EOF
+ eend ${?} || FAIL=1
+ fi
+ fi
+
+ if [[ ! -L ${envd_locale} ]]; then
+ # now, if env.d/??locale is not a symlink (to locale.conf)...
+ if [[ -e ${envd_locale} ]]; then
+ # ...warn the user that he has duplicate locale settings
+ ewarn
+ ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+ ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+ ewarn "and create the symlink with the following command:"
+ ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+ ewarn
+ else
+ # ...or just create the symlink if there's nothing here
+ ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+ ln -n -s ../locale.conf "${envd_locale_def}"
+ eend ${?} || FAIL=1
+ fi
+ fi
+}
+
+pkg_postinst() {
+ newusergroup() {
+ enewgroup "$1"
+ enewuser "$1" -1 -1 -1 "$1"
+ }
+
+ enewgroup input
+ enewgroup kvm 78
+ enewgroup render
+ enewgroup systemd-journal
+ newusergroup systemd-bus-proxy
+ newusergroup systemd-coredump
+ newusergroup systemd-journal-gateway
+ newusergroup systemd-journal-remote
+ newusergroup systemd-journal-upload
+ newusergroup systemd-network
+ newusergroup systemd-resolve
+ newusergroup systemd-timesync
+
+ systemd_update_catalog
+
+ # Keep this here in case the database format changes so it gets updated
+ # when required. Despite that this file is owned by sys-apps/hwids.
+ if has_version "sys-apps/hwids[udev]"; then
+ udevadm hwdb --update --root="${EROOT%/}"
+ fi
+
+ udev_reload || FAIL=1
+
+ # Bug 465468, make sure locales are respect, and ensure consistency
+ # between OpenRC & systemd
+ migrate_locale
+
+ systemd_reenable systemd-networkd.service systemd-resolved.service
+
+ if [[ ${FAIL} ]]; then
+ eerror "One of the postinst commands failed. Please check the postinst output"
+ eerror "for errors. You may need to clean up your system and/or try installing"
+ eerror "systemd again."
+ eerror
+ fi
+}
+
+pkg_prerm() {
+ # If removing systemd completely, remove the catalog database.
+ if [[ ! ${REPLACED_BY_VERSION} ]]; then
+ rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+ fi
+}
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2018-02-08 17:17 Jason Donenfeld
0 siblings, 0 replies; 65+ messages in thread
From: Jason Donenfeld @ 2018-02-08 17:17 UTC (permalink / raw
To: gentoo-commits
commit: 701d8158f31d695a453704b1b8f8f03bda93a39f
Author: Jason A. Donenfeld <zx2c4 <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 8 17:16:49 2018 +0000
Commit: Jason Donenfeld <zx2c4 <AT> gentoo <DOT> org>
CommitDate: Thu Feb 8 17:17:18 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=701d8158
sys-apps/systemd: show proper networkctl display type
Upstream commit:
https://github.com/systemd/systemd/commit/3b8f29fd93899c4876a6ef53f9bcb6b40e1c98e7
Package-Manager: Portage-2.3.24, Repoman-2.3.6
.../files/237-0001-networkctl-display-type.patch | 266 +++++++++++++++++++++
...systemd-237-r1.ebuild => systemd-237-r2.ebuild} | 1 +
2 files changed, 267 insertions(+)
diff --git a/sys-apps/systemd/files/237-0001-networkctl-display-type.patch b/sys-apps/systemd/files/237-0001-networkctl-display-type.patch
new file mode 100644
index 00000000000..e29cf2206aa
--- /dev/null
+++ b/sys-apps/systemd/files/237-0001-networkctl-display-type.patch
@@ -0,0 +1,266 @@
+From a18461bc7d446f8e130e9276de4397d00059267f Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Mon, 29 Jan 2018 20:58:24 +0100
+Subject: [PATCH 1/4] networkd: display wireguard devtype
+
+It's not useful to simply show "none", when we have more interesting
+information to display.
+
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+---
+ src/network/networkctl.c | 22 +++++++++++++++-------
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/src/network/networkctl.c b/src/network/networkctl.c
+index 59ce098cd1..6ce00dff6d 100644
+--- a/src/network/networkctl.c
++++ b/src/network/networkctl.c
+@@ -62,18 +62,26 @@ static int link_get_type_string(unsigned short iftype, sd_device *d, char **ret)
+
+ assert(ret);
+
+- if (iftype == ARPHRD_ETHER && d) {
++ if (d) {
+ const char *devtype = NULL, *id = NULL;
++
++ (void) sd_device_get_devtype(d, &devtype);
++
+ /* WLANs have iftype ARPHRD_ETHER, but we want
+ * to show a more useful type string for
+ * them */
++ if (iftype == ARPHRD_ETHER) {
++ if (streq_ptr(devtype, "wlan"))
++ id = "wlan";
++ else if (streq_ptr(devtype, "wwan"))
++ id = "wwan";
++ }
+
+- (void) sd_device_get_devtype(d, &devtype);
+-
+- if (streq_ptr(devtype, "wlan"))
+- id = "wlan";
+- else if (streq_ptr(devtype, "wwan"))
+- id = "wwan";
++ /* Likewise, WireGuard has iftype ARPHRD_NONE,
++ * since it's layer 3, but we of course want
++ * something more useful than that. */
++ if (iftype == ARPHRD_NONE && streq_ptr(devtype, "wireguard"))
++ id = "wireguard";
+
+ if (id) {
+ p = strdup(id);
+
+From f119082e7a1ccfbf50c30a99819b6e303cdf09a1 Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Mon, 29 Jan 2018 21:01:46 +0100
+Subject: [PATCH 2/4] networkd: simplify and display all devtypes
+
+Every place the kernel actually calls SET_NETDEV_DEVTYPE, it's adding a
+piece of information that looks useful and relevant for us to use. So
+let's use it when it's there.
+
+The previous matching based on the corresponding ARPHRD didn't really
+make much sense. The more sensible logic for getting a textual
+representation of the link type is to see if the kernel supplies a
+devtype. If it does, great. If not, then we can fall back on the ARPHRD,
+as before.
+
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+---
+ src/network/networkctl.c | 23 +++--------------------
+ 1 file changed, 3 insertions(+), 20 deletions(-)
+
+diff --git a/src/network/networkctl.c b/src/network/networkctl.c
+index 6ce00dff6d..8a08304240 100644
+--- a/src/network/networkctl.c
++++ b/src/network/networkctl.c
+@@ -63,28 +63,11 @@ static int link_get_type_string(unsigned short iftype, sd_device *d, char **ret)
+ assert(ret);
+
+ if (d) {
+- const char *devtype = NULL, *id = NULL;
++ const char *devtype = NULL;
+
+ (void) sd_device_get_devtype(d, &devtype);
+-
+- /* WLANs have iftype ARPHRD_ETHER, but we want
+- * to show a more useful type string for
+- * them */
+- if (iftype == ARPHRD_ETHER) {
+- if (streq_ptr(devtype, "wlan"))
+- id = "wlan";
+- else if (streq_ptr(devtype, "wwan"))
+- id = "wwan";
+- }
+-
+- /* Likewise, WireGuard has iftype ARPHRD_NONE,
+- * since it's layer 3, but we of course want
+- * something more useful than that. */
+- if (iftype == ARPHRD_NONE && streq_ptr(devtype, "wireguard"))
+- id = "wireguard";
+-
+- if (id) {
+- p = strdup(id);
++ if (!isempty(devtype)) {
++ p = strdup(devtype);
+ if (!p)
+ return -ENOMEM;
+
+
+From fdce7817b9a27a370c01b7dd9da6a84fcae1038e Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Mon, 29 Jan 2018 21:05:36 +0100
+Subject: [PATCH 3/4] networkd: clean up link_get_type_string
+
+The return value is always ignored, so get rid of it.
+
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+---
+ src/network/networkctl.c | 16 +++++++---------
+ 1 file changed, 7 insertions(+), 9 deletions(-)
+
+diff --git a/src/network/networkctl.c b/src/network/networkctl.c
+index 8a08304240..7b33e0db17 100644
+--- a/src/network/networkctl.c
++++ b/src/network/networkctl.c
+@@ -56,7 +56,7 @@ static bool arg_no_pager = false;
+ static bool arg_legend = true;
+ static bool arg_all = false;
+
+-static int link_get_type_string(unsigned short iftype, sd_device *d, char **ret) {
++static void link_get_type_string(unsigned short iftype, sd_device *d, char **ret) {
+ const char *t;
+ char *p;
+
+@@ -69,27 +69,25 @@ static int link_get_type_string(unsigned short iftype, sd_device *d, char **ret)
+ if (!isempty(devtype)) {
+ p = strdup(devtype);
+ if (!p)
+- return -ENOMEM;
++ return;
+
+ *ret = p;
+- return 1;
++ return;
+ }
+ }
+
+ t = arphrd_to_name(iftype);
+ if (!t) {
+ *ret = NULL;
+- return 0;
++ return;
+ }
+
+ p = strdup(t);
+ if (!p)
+- return -ENOMEM;
++ return;
+
+ ascii_strlower(p);
+ *ret = p;
+-
+- return 0;
+ }
+
+ static void operational_state_to_color(const char *state, const char **on, const char **off) {
+@@ -314,7 +312,7 @@ static int list_links(int argc, char *argv[], void *userdata) {
+ xsprintf(devid, "n%i", links[i].ifindex);
+ (void) sd_device_new_from_device_id(&d, devid);
+
+- (void) link_get_type_string(links[i].iftype, d, &t);
++ link_get_type_string(links[i].iftype, d, &t);
+
+ printf("%3i %-16s %-18s %s%-11s%s %s%-10s%s\n",
+ links[i].ifindex, links[i].name, strna(t),
+@@ -807,7 +805,7 @@ static int link_status_one(
+ (void) sd_device_get_property_value(d, "ID_MODEL", &model);
+ }
+
+- (void) link_get_type_string(info->iftype, d, &t);
++ link_get_type_string(info->iftype, d, &t);
+
+ (void) sd_network_link_get_network_file(info->ifindex, &network);
+
+
+From b55822c349d3e0559c1efc7475fd0f74cf086453 Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Mon, 29 Jan 2018 21:08:39 +0100
+Subject: [PATCH 4/4] networkd: clean up link_get_type_string returns
+
+It's cleaner and more consistent to actually return what we were
+planning on returning.
+
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+---
+ src/network/networkctl.c | 28 +++++++++-------------------
+ 1 file changed, 9 insertions(+), 19 deletions(-)
+
+diff --git a/src/network/networkctl.c b/src/network/networkctl.c
+index 7b33e0db17..14d8ecb03f 100644
+--- a/src/network/networkctl.c
++++ b/src/network/networkctl.c
+@@ -56,38 +56,28 @@ static bool arg_no_pager = false;
+ static bool arg_legend = true;
+ static bool arg_all = false;
+
+-static void link_get_type_string(unsigned short iftype, sd_device *d, char **ret) {
++static char *link_get_type_string(unsigned short iftype, sd_device *d) {
+ const char *t;
+ char *p;
+
+- assert(ret);
+-
+ if (d) {
+ const char *devtype = NULL;
+
+ (void) sd_device_get_devtype(d, &devtype);
+- if (!isempty(devtype)) {
+- p = strdup(devtype);
+- if (!p)
+- return;
+-
+- *ret = p;
+- return;
+- }
++ if (!isempty(devtype))
++ return strdup(devtype);
+ }
+
+ t = arphrd_to_name(iftype);
+- if (!t) {
+- *ret = NULL;
+- return;
+- }
++ if (!t)
++ return NULL;
+
+ p = strdup(t);
+ if (!p)
+- return;
++ return NULL;
+
+ ascii_strlower(p);
+- *ret = p;
++ return p;
+ }
+
+ static void operational_state_to_color(const char *state, const char **on, const char **off) {
+@@ -312,7 +302,7 @@ static int list_links(int argc, char *argv[], void *userdata) {
+ xsprintf(devid, "n%i", links[i].ifindex);
+ (void) sd_device_new_from_device_id(&d, devid);
+
+- link_get_type_string(links[i].iftype, d, &t);
++ t = link_get_type_string(links[i].iftype, d);
+
+ printf("%3i %-16s %-18s %s%-11s%s %s%-10s%s\n",
+ links[i].ifindex, links[i].name, strna(t),
+@@ -805,7 +795,7 @@ static int link_status_one(
+ (void) sd_device_get_property_value(d, "ID_MODEL", &model);
+ }
+
+- link_get_type_string(info->iftype, d, &t);
++ t = link_get_type_string(info->iftype, d);
+
+ (void) sd_network_link_get_network_file(info->ifindex, &network);
+
diff --git a/sys-apps/systemd/systemd-237-r1.ebuild b/sys-apps/systemd/systemd-237-r2.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-237-r1.ebuild
rename to sys-apps/systemd/systemd-237-r2.ebuild
index 97ed32eebe7..71abd1c3359 100644
--- a/sys-apps/systemd/systemd-237-r1.ebuild
+++ b/sys-apps/systemd/systemd-237-r2.ebuild
@@ -148,6 +148,7 @@ src_unpack() {
src_prepare() {
local PATCHES=(
+ "${FILESDIR}/237-0001-networkctl-display-type.patch"
)
[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2017-12-19 2:01 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2017-12-19 2:01 UTC (permalink / raw
To: gentoo-commits
commit: c6bf76a0c3f92c9f9d450357e7ee08098cc7988d
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Dec 18 22:41:25 2017 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Tue Dec 19 02:01:31 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c6bf76a0
sys-apps/systemd: backport crypsetup-generator fix
Closes: https://bugs.gentoo.org/641380
Package-Manager: Portage-2.3.19_p1, Repoman-2.3.6_p35
...generator-Don-t-mistake-NULL-input-as-OOM.patch | 49 ++++++++++++++++++++++
.../{systemd-236.ebuild => systemd-236-r1.ebuild} | 1 +
2 files changed, 50 insertions(+)
diff --git a/sys-apps/systemd/files/236-0001-cryptsetup-generator-Don-t-mistake-NULL-input-as-OOM.patch b/sys-apps/systemd/files/236-0001-cryptsetup-generator-Don-t-mistake-NULL-input-as-OOM.patch
new file mode 100644
index 00000000000..d1c451835e3
--- /dev/null
+++ b/sys-apps/systemd/files/236-0001-cryptsetup-generator-Don-t-mistake-NULL-input-as-OOM.patch
@@ -0,0 +1,49 @@
+From 357ffd95294e1f9a1e91f8ca01213fb7db2b7614 Mon Sep 17 00:00:00 2001
+From: Jan Alexander Steffens <jan.steffens@gmail.com>
+Date: Mon, 18 Dec 2017 14:47:18 +0100
+Subject: [PATCH] cryptsetup-generator: Don't mistake NULL input as OOM (#7688)
+
+Since systemd v236, several Arch users complained that
+systemd-cryptsetup-generator exits with an OOM error and that it
+prevents the boot from continuing.
+
+Investigating the diff of cryptsetup-generator between v235 and v236 I
+noticed that create_disk allowed for the `password` and `filtered`
+variables to be NULL (they're handled with `strempty()`) but not their
+`*_escaped` versions, and returned OOM errors in those cases.
+
+Fix this by checking that the input string is non-NULL before deciding
+that `specifier_escape` had an OOM error.
+
+I could not test this fix myself, but some users have reported success.
+
+Downstream bug: https://bugs.archlinux.org/task/56733
+---
+ src/cryptsetup/cryptsetup-generator.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
+index 7e61332e5..f91451353 100644
+--- a/src/cryptsetup/cryptsetup-generator.c
++++ b/src/cryptsetup/cryptsetup-generator.c
+@@ -111,7 +111,7 @@ static int create_disk(
+ return log_error_errno(r, "Failed to generate unit name: %m");
+
+ password_escaped = specifier_escape(password);
+- if (!password_escaped)
++ if (password && !password_escaped)
+ return log_oom();
+
+ f = fopen(p, "wxe");
+@@ -184,7 +184,7 @@ static int create_disk(
+ return r;
+
+ filtered_escaped = specifier_escape(filtered);
+- if (!filtered_escaped)
++ if (filtered && !filtered_escaped)
+ return log_oom();
+
+ fprintf(f,
+--
+2.15.1
+
diff --git a/sys-apps/systemd/systemd-236.ebuild b/sys-apps/systemd/systemd-236-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-236.ebuild
rename to sys-apps/systemd/systemd-236-r1.ebuild
index 8142a96390b..e70e61f3fc5 100644
--- a/sys-apps/systemd/systemd-236.ebuild
+++ b/sys-apps/systemd/systemd-236-r1.ebuild
@@ -148,6 +148,7 @@ src_unpack() {
src_prepare() {
local PATCHES=(
+ "${FILESDIR}/236-0001-cryptsetup-generator-Don-t-mistake-NULL-input-as-OOM.patch"
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2017-12-17 19:03 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2017-12-17 19:03 UTC (permalink / raw
To: gentoo-commits
commit: 092463dce935d035a73bc56fd2b9ba3a73862b31
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 17 19:00:46 2017 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Dec 17 19:03:15 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=092463dc
sys-apps/systemd: move patches for 233 to a tarball
Package-Manager: Portage-2.3.19_p1, Repoman-2.3.6_p35
sys-apps/systemd/Manifest | 1 +
...ct-DM-interface-version-dependencies-5519.patch | 456 ---------------------
...ragment-refuse-units-with-errors-in-RootD.patch | 117 ------
...ragment-refuse-units-with-errors-in-certa.patch | 339 ---------------
sys-apps/systemd/files/233-CVE-2017-9445.patch | 149 -------
sys-apps/systemd/files/233-format-warnings.patch | 84 ----
sys-apps/systemd/files/CVE-2017-9217.patch | 28 --
sys-apps/systemd/systemd-233-r6.ebuild | 7 +-
8 files changed, 2 insertions(+), 1179 deletions(-)
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index ac065dd7613..78aba9661e6 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,4 +1,5 @@
DIST systemd-233-man.tar.gz 31386 BLAKE2B e4947e658db3efeec6b5a6adf340d2cc8e8aff2a14db4932720f90c3dc898b1e78595db983948373a2e28191fb3b0aad234f80feb91ee8ae4b607a44038a9cae SHA512 cc5215d3590ffc3c9203a64c14d6adeb0148c421c1396b8c1e43dcb58763b687ce99bdee327dd8a00abab7198171e73b22109a3f2032e4cec6adf2dcc85acf40
+DIST systemd-233-patches.tar.gz 12553 BLAKE2B 5d19f2dc82cc6cbd9b2e9393f932dfa3c88a981358b282fe56d43cd432d0ee0c0245e9c13d5460b94d83908b84a382dad3348b999f2356ab3ef2ae2c542a867d SHA512 3081f4cf64542ba64a28fe2eff11d8040af42255eb99b5210db9d583fc4b4360a4a4bb8769a1e43d38474d69ead681974cb98d4605968b38f98fd3d9b40bf211
DIST systemd-233.tar.gz 4660737 BLAKE2B 38cdd74543447b3c02391b328428fed169fe2cf2df6e9341dcaf2f7d3d977612ec102301e144c1cada90d61e9e9bda3b2faaef708c8ff4bd0b52b143760a83b2 SHA512 5ad5329ea116d973cf67096f7e7ad28e9ea0905696e9451291f1d25e5064f4a9bfcfae87e912996c6a38397e9f4a148d4ccecfa9b70f7ecdf04deadb61784c8e
DIST systemd-235.tar.gz 6586406 BLAKE2B f2e46a6c51fc9445800c4b7eee66f23ae83b42c2fedf2304acf612e6cb99122afe67f1b93cf72ed022b52384975afb92ab38cfb4efc6026384602c973d2eb98e SHA512 243f2eb5340fa37dd1286eaa63e83387bda9e03953af266cd6196a37535a13491482caf14c6ab10608bba4ed23b6c41923608e52017e0c26988ed72ddd2b9993
DIST systemd-236.tar.gz 6759035 BLAKE2B 0fc26bd67fb6cc3b0565c763fc26e38186c4b05c3d38652b73a2189dfbfb46382dba239f7f6f889eec57ad1d8f69d4098745c8f4ca16a707aa23b7771f2328f3 SHA512 1a9672960e03e05c09e41fb8cfe9b0f25e867fd43f37f8371515ddddfdbd4270afd746a6da733f6d1d3b2cc43db1ecc7a9f2245f2dac2ec233db74e9e70e4f6d
diff --git a/sys-apps/systemd/files/233-0001-Avoid-strict-DM-interface-version-dependencies-5519.patch b/sys-apps/systemd/files/233-0001-Avoid-strict-DM-interface-version-dependencies-5519.patch
deleted file mode 100644
index be41fc4ec22..00000000000
--- a/sys-apps/systemd/files/233-0001-Avoid-strict-DM-interface-version-dependencies-5519.patch
+++ /dev/null
@@ -1,456 +0,0 @@
-From dac3407f02116b94866224e0b5ecd46a5fa1c161 Mon Sep 17 00:00:00 2001
-From: Michael Biebl <mbiebl@gmail.com>
-Date: Thu, 2 Mar 2017 19:11:37 +0100
-Subject: [PATCH] Avoid strict DM interface version dependencies (#5519)
-
-Compiling against the dm-ioctl.h header as provided by the Linux kernel
-will embed the DM interface version number. Running an older kernel can
-result in an error like this on shutdown:
-
-Could not detach DM dm-11: ioctl mismatch, kernel(4.34.4), user(4.35.4)
-
-Work around this by shipping a local copy of dm-ioctl.h. We need at
-least the version from 3.13 for DM_DEFERRED_REMOVE [1], so bump the
-requirements in README accordingly.
-
-[1] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c140a246dc0bc085b98eddde978060fcec1080c
-
-Fixes: #5492
----
- Makefile.am | 1 +
- README | 2 +-
- src/core/umount.c | 2 +-
- src/shared/dissect-image.c | 2 +-
- src/shared/linux-3.13/dm-ioctl.h | 355 +++++++++++++++++++++++++++++++++++++++
- 5 files changed, 359 insertions(+), 3 deletions(-)
- create mode 100644 src/shared/linux-3.13/dm-ioctl.h
-
-diff --git a/Makefile.am b/Makefile.am
-index 2a5610740..65de9f16d 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -1018,6 +1018,7 @@ libshared_la_SOURCES = \
- src/shared/gpt.h \
- src/shared/udev-util.h \
- src/shared/linux/auto_dev-ioctl.h \
-+ src/shared/linux-3.13/dm-ioctl.h \
- src/shared/initreq.h \
- src/shared/dns-domain.c \
- src/shared/dns-domain.h \
-diff --git a/README b/README
-index a4a649395..30b5f7187 100644
---- a/README
-+++ b/README
-@@ -35,7 +35,7 @@ LICENSE:
- - except src/udev/* which is (currently still) GPLv2, GPLv2+
-
- REQUIREMENTS:
-- Linux kernel >= 3.12
-+ Linux kernel >= 3.13
- Linux kernel >= 4.2 for unified cgroup hierarchy support
-
- Kernel Config Options:
-diff --git a/src/core/umount.c b/src/core/umount.c
-index 2f4b12bdb..454383e7e 100644
---- a/src/core/umount.c
-+++ b/src/core/umount.c
-@@ -19,7 +19,6 @@
-
- #include <errno.h>
- #include <fcntl.h>
--#include <linux/dm-ioctl.h>
- #include <linux/loop.h>
- #include <string.h>
- #include <sys/mount.h>
-@@ -31,6 +30,7 @@
- #include "escape.h"
- #include "fd-util.h"
- #include "fstab-util.h"
-+#include "linux-3.13/dm-ioctl.h"
- #include "list.h"
- #include "mount-setup.h"
- #include "path-util.h"
-diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
-index 39e724c51..1c9d21566 100644
---- a/src/shared/dissect-image.c
-+++ b/src/shared/dissect-image.c
-@@ -20,7 +20,6 @@
- #ifdef HAVE_LIBCRYPTSETUP
- #include <libcryptsetup.h>
- #endif
--#include <linux/dm-ioctl.h>
- #include <sys/mount.h>
-
- #include "architecture.h"
-@@ -32,6 +31,7 @@
- #include "fs-util.h"
- #include "gpt.h"
- #include "hexdecoct.h"
-+#include "linux-3.13/dm-ioctl.h"
- #include "mount-util.h"
- #include "path-util.h"
- #include "stat-util.h"
-diff --git a/src/shared/linux-3.13/dm-ioctl.h b/src/shared/linux-3.13/dm-ioctl.h
-new file mode 100644
-index 000000000..c8a430209
---- /dev/null
-+++ b/src/shared/linux-3.13/dm-ioctl.h
-@@ -0,0 +1,355 @@
-+/*
-+ * Copyright (C) 2001 - 2003 Sistina Software (UK) Limited.
-+ * Copyright (C) 2004 - 2009 Red Hat, Inc. All rights reserved.
-+ *
-+ * This file is released under the LGPL.
-+ */
-+
-+#ifndef _LINUX_DM_IOCTL_V4_H
-+#define _LINUX_DM_IOCTL_V4_H
-+
-+#include <linux/types.h>
-+
-+#define DM_DIR "mapper" /* Slashes not supported */
-+#define DM_CONTROL_NODE "control"
-+#define DM_MAX_TYPE_NAME 16
-+#define DM_NAME_LEN 128
-+#define DM_UUID_LEN 129
-+
-+/*
-+ * A traditional ioctl interface for the device mapper.
-+ *
-+ * Each device can have two tables associated with it, an
-+ * 'active' table which is the one currently used by io passing
-+ * through the device, and an 'inactive' one which is a table
-+ * that is being prepared as a replacement for the 'active' one.
-+ *
-+ * DM_VERSION:
-+ * Just get the version information for the ioctl interface.
-+ *
-+ * DM_REMOVE_ALL:
-+ * Remove all dm devices, destroy all tables. Only really used
-+ * for debug.
-+ *
-+ * DM_LIST_DEVICES:
-+ * Get a list of all the dm device names.
-+ *
-+ * DM_DEV_CREATE:
-+ * Create a new device, neither the 'active' or 'inactive' table
-+ * slots will be filled. The device will be in suspended state
-+ * after creation, however any io to the device will get errored
-+ * since it will be out-of-bounds.
-+ *
-+ * DM_DEV_REMOVE:
-+ * Remove a device, destroy any tables.
-+ *
-+ * DM_DEV_RENAME:
-+ * Rename a device or set its uuid if none was previously supplied.
-+ *
-+ * DM_SUSPEND:
-+ * This performs both suspend and resume, depending which flag is
-+ * passed in.
-+ * Suspend: This command will not return until all pending io to
-+ * the device has completed. Further io will be deferred until
-+ * the device is resumed.
-+ * Resume: It is no longer an error to issue this command on an
-+ * unsuspended device. If a table is present in the 'inactive'
-+ * slot, it will be moved to the active slot, then the old table
-+ * from the active slot will be _destroyed_. Finally the device
-+ * is resumed.
-+ *
-+ * DM_DEV_STATUS:
-+ * Retrieves the status for the table in the 'active' slot.
-+ *
-+ * DM_DEV_WAIT:
-+ * Wait for a significant event to occur to the device. This
-+ * could either be caused by an event triggered by one of the
-+ * targets of the table in the 'active' slot, or a table change.
-+ *
-+ * DM_TABLE_LOAD:
-+ * Load a table into the 'inactive' slot for the device. The
-+ * device does _not_ need to be suspended prior to this command.
-+ *
-+ * DM_TABLE_CLEAR:
-+ * Destroy any table in the 'inactive' slot (ie. abort).
-+ *
-+ * DM_TABLE_DEPS:
-+ * Return a set of device dependencies for the 'active' table.
-+ *
-+ * DM_TABLE_STATUS:
-+ * Return the targets status for the 'active' table.
-+ *
-+ * DM_TARGET_MSG:
-+ * Pass a message string to the target at a specific offset of a device.
-+ *
-+ * DM_DEV_SET_GEOMETRY:
-+ * Set the geometry of a device by passing in a string in this format:
-+ *
-+ * "cylinders heads sectors_per_track start_sector"
-+ *
-+ * Beware that CHS geometry is nearly obsolete and only provided
-+ * for compatibility with dm devices that can be booted by a PC
-+ * BIOS. See struct hd_geometry for range limits. Also note that
-+ * the geometry is erased if the device size changes.
-+ */
-+
-+/*
-+ * All ioctl arguments consist of a single chunk of memory, with
-+ * this structure at the start. If a uuid is specified any
-+ * lookup (eg. for a DM_INFO) will be done on that, *not* the
-+ * name.
-+ */
-+struct dm_ioctl {
-+ /*
-+ * The version number is made up of three parts:
-+ * major - no backward or forward compatibility,
-+ * minor - only backwards compatible,
-+ * patch - both backwards and forwards compatible.
-+ *
-+ * All clients of the ioctl interface should fill in the
-+ * version number of the interface that they were
-+ * compiled with.
-+ *
-+ * All recognised ioctl commands (ie. those that don't
-+ * return -ENOTTY) fill out this field, even if the
-+ * command failed.
-+ */
-+ __u32 version[3]; /* in/out */
-+ __u32 data_size; /* total size of data passed in
-+ * including this struct */
-+
-+ __u32 data_start; /* offset to start of data
-+ * relative to start of this struct */
-+
-+ __u32 target_count; /* in/out */
-+ __s32 open_count; /* out */
-+ __u32 flags; /* in/out */
-+
-+ /*
-+ * event_nr holds either the event number (input and output) or the
-+ * udev cookie value (input only).
-+ * The DM_DEV_WAIT ioctl takes an event number as input.
-+ * The DM_SUSPEND, DM_DEV_REMOVE and DM_DEV_RENAME ioctls
-+ * use the field as a cookie to return in the DM_COOKIE
-+ * variable with the uevents they issue.
-+ * For output, the ioctls return the event number, not the cookie.
-+ */
-+ __u32 event_nr; /* in/out */
-+ __u32 padding;
-+
-+ __u64 dev; /* in/out */
-+
-+ char name[DM_NAME_LEN]; /* device name */
-+ char uuid[DM_UUID_LEN]; /* unique identifier for
-+ * the block device */
-+ char data[7]; /* padding or data */
-+};
-+
-+/*
-+ * Used to specify tables. These structures appear after the
-+ * dm_ioctl.
-+ */
-+struct dm_target_spec {
-+ __u64 sector_start;
-+ __u64 length;
-+ __s32 status; /* used when reading from kernel only */
-+
-+ /*
-+ * Location of the next dm_target_spec.
-+ * - When specifying targets on a DM_TABLE_LOAD command, this value is
-+ * the number of bytes from the start of the "current" dm_target_spec
-+ * to the start of the "next" dm_target_spec.
-+ * - When retrieving targets on a DM_TABLE_STATUS command, this value
-+ * is the number of bytes from the start of the first dm_target_spec
-+ * (that follows the dm_ioctl struct) to the start of the "next"
-+ * dm_target_spec.
-+ */
-+ __u32 next;
-+
-+ char target_type[DM_MAX_TYPE_NAME];
-+
-+ /*
-+ * Parameter string starts immediately after this object.
-+ * Be careful to add padding after string to ensure correct
-+ * alignment of subsequent dm_target_spec.
-+ */
-+};
-+
-+/*
-+ * Used to retrieve the target dependencies.
-+ */
-+struct dm_target_deps {
-+ __u32 count; /* Array size */
-+ __u32 padding; /* unused */
-+ __u64 dev[0]; /* out */
-+};
-+
-+/*
-+ * Used to get a list of all dm devices.
-+ */
-+struct dm_name_list {
-+ __u64 dev;
-+ __u32 next; /* offset to the next record from
-+ the _start_ of this */
-+ char name[0];
-+};
-+
-+/*
-+ * Used to retrieve the target versions
-+ */
-+struct dm_target_versions {
-+ __u32 next;
-+ __u32 version[3];
-+
-+ char name[0];
-+};
-+
-+/*
-+ * Used to pass message to a target
-+ */
-+struct dm_target_msg {
-+ __u64 sector; /* Device sector */
-+
-+ char message[0];
-+};
-+
-+/*
-+ * If you change this make sure you make the corresponding change
-+ * to dm-ioctl.c:lookup_ioctl()
-+ */
-+enum {
-+ /* Top level cmds */
-+ DM_VERSION_CMD = 0,
-+ DM_REMOVE_ALL_CMD,
-+ DM_LIST_DEVICES_CMD,
-+
-+ /* device level cmds */
-+ DM_DEV_CREATE_CMD,
-+ DM_DEV_REMOVE_CMD,
-+ DM_DEV_RENAME_CMD,
-+ DM_DEV_SUSPEND_CMD,
-+ DM_DEV_STATUS_CMD,
-+ DM_DEV_WAIT_CMD,
-+
-+ /* Table level cmds */
-+ DM_TABLE_LOAD_CMD,
-+ DM_TABLE_CLEAR_CMD,
-+ DM_TABLE_DEPS_CMD,
-+ DM_TABLE_STATUS_CMD,
-+
-+ /* Added later */
-+ DM_LIST_VERSIONS_CMD,
-+ DM_TARGET_MSG_CMD,
-+ DM_DEV_SET_GEOMETRY_CMD
-+};
-+
-+#define DM_IOCTL 0xfd
-+
-+#define DM_VERSION _IOWR(DM_IOCTL, DM_VERSION_CMD, struct dm_ioctl)
-+#define DM_REMOVE_ALL _IOWR(DM_IOCTL, DM_REMOVE_ALL_CMD, struct dm_ioctl)
-+#define DM_LIST_DEVICES _IOWR(DM_IOCTL, DM_LIST_DEVICES_CMD, struct dm_ioctl)
-+
-+#define DM_DEV_CREATE _IOWR(DM_IOCTL, DM_DEV_CREATE_CMD, struct dm_ioctl)
-+#define DM_DEV_REMOVE _IOWR(DM_IOCTL, DM_DEV_REMOVE_CMD, struct dm_ioctl)
-+#define DM_DEV_RENAME _IOWR(DM_IOCTL, DM_DEV_RENAME_CMD, struct dm_ioctl)
-+#define DM_DEV_SUSPEND _IOWR(DM_IOCTL, DM_DEV_SUSPEND_CMD, struct dm_ioctl)
-+#define DM_DEV_STATUS _IOWR(DM_IOCTL, DM_DEV_STATUS_CMD, struct dm_ioctl)
-+#define DM_DEV_WAIT _IOWR(DM_IOCTL, DM_DEV_WAIT_CMD, struct dm_ioctl)
-+
-+#define DM_TABLE_LOAD _IOWR(DM_IOCTL, DM_TABLE_LOAD_CMD, struct dm_ioctl)
-+#define DM_TABLE_CLEAR _IOWR(DM_IOCTL, DM_TABLE_CLEAR_CMD, struct dm_ioctl)
-+#define DM_TABLE_DEPS _IOWR(DM_IOCTL, DM_TABLE_DEPS_CMD, struct dm_ioctl)
-+#define DM_TABLE_STATUS _IOWR(DM_IOCTL, DM_TABLE_STATUS_CMD, struct dm_ioctl)
-+
-+#define DM_LIST_VERSIONS _IOWR(DM_IOCTL, DM_LIST_VERSIONS_CMD, struct dm_ioctl)
-+
-+#define DM_TARGET_MSG _IOWR(DM_IOCTL, DM_TARGET_MSG_CMD, struct dm_ioctl)
-+#define DM_DEV_SET_GEOMETRY _IOWR(DM_IOCTL, DM_DEV_SET_GEOMETRY_CMD, struct dm_ioctl)
-+
-+#define DM_VERSION_MAJOR 4
-+#define DM_VERSION_MINOR 27
-+#define DM_VERSION_PATCHLEVEL 0
-+#define DM_VERSION_EXTRA "-ioctl (2013-10-30)"
-+
-+/* Status bits */
-+#define DM_READONLY_FLAG (1 << 0) /* In/Out */
-+#define DM_SUSPEND_FLAG (1 << 1) /* In/Out */
-+#define DM_PERSISTENT_DEV_FLAG (1 << 3) /* In */
-+
-+/*
-+ * Flag passed into ioctl STATUS command to get table information
-+ * rather than current status.
-+ */
-+#define DM_STATUS_TABLE_FLAG (1 << 4) /* In */
-+
-+/*
-+ * Flags that indicate whether a table is present in either of
-+ * the two table slots that a device has.
-+ */
-+#define DM_ACTIVE_PRESENT_FLAG (1 << 5) /* Out */
-+#define DM_INACTIVE_PRESENT_FLAG (1 << 6) /* Out */
-+
-+/*
-+ * Indicates that the buffer passed in wasn't big enough for the
-+ * results.
-+ */
-+#define DM_BUFFER_FULL_FLAG (1 << 8) /* Out */
-+
-+/*
-+ * This flag is now ignored.
-+ */
-+#define DM_SKIP_BDGET_FLAG (1 << 9) /* In */
-+
-+/*
-+ * Set this to avoid attempting to freeze any filesystem when suspending.
-+ */
-+#define DM_SKIP_LOCKFS_FLAG (1 << 10) /* In */
-+
-+/*
-+ * Set this to suspend without flushing queued ios.
-+ * Also disables flushing uncommitted changes in the thin target before
-+ * generating statistics for DM_TABLE_STATUS and DM_DEV_WAIT.
-+ */
-+#define DM_NOFLUSH_FLAG (1 << 11) /* In */
-+
-+/*
-+ * If set, any table information returned will relate to the inactive
-+ * table instead of the live one. Always check DM_INACTIVE_PRESENT_FLAG
-+ * is set before using the data returned.
-+ */
-+#define DM_QUERY_INACTIVE_TABLE_FLAG (1 << 12) /* In */
-+
-+/*
-+ * If set, a uevent was generated for which the caller may need to wait.
-+ */
-+#define DM_UEVENT_GENERATED_FLAG (1 << 13) /* Out */
-+
-+/*
-+ * If set, rename changes the uuid not the name. Only permitted
-+ * if no uuid was previously supplied: an existing uuid cannot be changed.
-+ */
-+#define DM_UUID_FLAG (1 << 14) /* In */
-+
-+/*
-+ * If set, all buffers are wiped after use. Use when sending
-+ * or requesting sensitive data such as an encryption key.
-+ */
-+#define DM_SECURE_DATA_FLAG (1 << 15) /* In */
-+
-+/*
-+ * If set, a message generated output data.
-+ */
-+#define DM_DATA_OUT_FLAG (1 << 16) /* Out */
-+
-+/*
-+ * If set with DM_DEV_REMOVE or DM_REMOVE_ALL this indicates that if
-+ * the device cannot be removed immediately because it is still in use
-+ * it should instead be scheduled for removal when it gets closed.
-+ *
-+ * On return from DM_DEV_REMOVE, DM_DEV_STATUS or other ioctls, this
-+ * flag indicates that the device is scheduled to be removed when it
-+ * gets closed.
-+ */
-+#define DM_DEFERRED_REMOVE (1 << 17) /* In/Out */
-+
-+#endif /* _LINUX_DM_IOCTL_H */
---
-2.12.0
-
diff --git a/sys-apps/systemd/files/233-0002-core-load-fragment-refuse-units-with-errors-in-RootD.patch b/sys-apps/systemd/files/233-0002-core-load-fragment-refuse-units-with-errors-in-RootD.patch
deleted file mode 100644
index fe30ef9ff61..00000000000
--- a/sys-apps/systemd/files/233-0002-core-load-fragment-refuse-units-with-errors-in-RootD.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From 433e7893c6c0f6cbc98d8911fc5149ee9beedb79 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Thu, 6 Jul 2017 13:54:42 -0400
-Subject: [PATCH 2/3] core/load-fragment: refuse units with errors in
- RootDirectory/RootImage/DynamicUser
-
-Behaviour of the service is completely different with the option off, so the
-service would probably mess up state on disk and do unexpected things.
----
- src/core/load-fragment-gperf.gperf.m4 | 6 +++---
- src/core/load-fragment.c | 7 +++++--
- src/shared/conf-parser.c | 16 +++++++++++-----
- 3 files changed, 19 insertions(+), 10 deletions(-)
-
-diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
-index cb9e6fea2..d0868bf40 100644
---- a/src/core/load-fragment-gperf.gperf.m4
-+++ b/src/core/load-fragment-gperf.gperf.m4
-@@ -18,8 +18,8 @@ struct ConfigPerfItem;
- m4_dnl Define the context options only once
- m4_define(`EXEC_CONTEXT_CONFIG_ITEMS',
- `$1.WorkingDirectory, config_parse_working_directory, 0, offsetof($1, exec_context)
--$1.RootDirectory, config_parse_unit_path_printf, 0, offsetof($1, exec_context.root_directory)
--$1.RootImage, config_parse_unit_path_printf, 0, offsetof($1, exec_context.root_image)
-+$1.RootDirectory, config_parse_unit_path_printf, true, offsetof($1, exec_context.root_directory)
-+$1.RootImage, config_parse_unit_path_printf, true, offsetof($1, exec_context.root_image)
- $1.User, config_parse_user_group, 0, offsetof($1, exec_context.user)
- $1.Group, config_parse_user_group, 0, offsetof($1, exec_context.group)
- $1.SupplementaryGroups, config_parse_user_group_strv, 0, offsetof($1, exec_context.supplementary_groups)
-@@ -35,7 +35,7 @@ $1.UMask, config_parse_mode, 0,
- $1.Environment, config_parse_environ, 0, offsetof($1, exec_context.environment)
- $1.EnvironmentFile, config_parse_unit_env_file, 0, offsetof($1, exec_context.environment_files)
- $1.PassEnvironment, config_parse_pass_environ, 0, offsetof($1, exec_context.pass_environment)
--$1.DynamicUser, config_parse_bool, 0, offsetof($1, exec_context.dynamic_user)
-+$1.DynamicUser, config_parse_bool, true, offsetof($1, exec_context.dynamic_user)
- $1.StandardInput, config_parse_exec_input, 0, offsetof($1, exec_context)
- $1.StandardOutput, config_parse_exec_output, 0, offsetof($1, exec_context)
- $1.StandardError, config_parse_exec_output, 0, offsetof($1, exec_context)
-diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
-index 5b7471c0d..ae4ec5cf0 100644
---- a/src/core/load-fragment.c
-+++ b/src/core/load-fragment.c
-@@ -242,6 +242,7 @@ int config_parse_unit_path_printf(
- _cleanup_free_ char *k = NULL;
- Unit *u = userdata;
- int r;
-+ bool fatal = ltype;
-
- assert(filename);
- assert(lvalue);
-@@ -250,8 +251,10 @@ int config_parse_unit_path_printf(
-
- r = unit_full_printf(u, rvalue, &k);
- if (r < 0) {
-- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers on %s, ignoring: %m", rvalue);
-- return 0;
-+ log_syntax(unit, LOG_ERR, filename, line, r,
-+ "Failed to resolve unit specifiers on %s%s: %m",
-+ fatal ? "" : ", ignoring", rvalue);
-+ return fatal ? -ENOEXEC : 0;
- }
-
- return config_parse_path(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
-diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c
-index 265ac83dc..ffb905fb6 100644
---- a/src/shared/conf-parser.c
-+++ b/src/shared/conf-parser.c
-@@ -614,6 +614,7 @@ int config_parse_bool(const char* unit,
-
- int k;
- bool *b = data;
-+ bool fatal = ltype;
-
- assert(filename);
- assert(lvalue);
-@@ -622,8 +623,10 @@ int config_parse_bool(const char* unit,
-
- k = parse_boolean(rvalue);
- if (k < 0) {
-- log_syntax(unit, LOG_ERR, filename, line, k, "Failed to parse boolean value, ignoring: %s", rvalue);
-- return 0;
-+ log_syntax(unit, LOG_ERR, filename, line, k,
-+ "Failed to parse boolean value%s: %s",
-+ fatal ? "" : ", ignoring", rvalue);
-+ return fatal ? -ENOEXEC : 0;
- }
-
- *b = !!k;
-@@ -714,6 +717,7 @@ int config_parse_path(
- void *userdata) {
-
- char **s = data, *n;
-+ bool fatal = ltype;
-
- assert(filename);
- assert(lvalue);
-@@ -722,12 +726,14 @@ int config_parse_path(
-
- if (!utf8_is_valid(rvalue)) {
- log_syntax_invalid_utf8(unit, LOG_ERR, filename, line, rvalue);
-- return 0;
-+ return fatal ? -ENOEXEC : 0;
- }
-
- if (!path_is_absolute(rvalue)) {
-- log_syntax(unit, LOG_ERR, filename, line, 0, "Not an absolute path, ignoring: %s", rvalue);
-- return 0;
-+ log_syntax(unit, LOG_ERR, filename, line, 0,
-+ "Not an absolute path%s: %s",
-+ fatal ? "" : ", ignoring", rvalue);
-+ return fatal ? -ENOEXEC : 0;
- }
-
- n = strdup(rvalue);
---
-2.13.2
-
diff --git a/sys-apps/systemd/files/233-0003-core-load-fragment-refuse-units-with-errors-in-certa.patch b/sys-apps/systemd/files/233-0003-core-load-fragment-refuse-units-with-errors-in-certa.patch
deleted file mode 100644
index 28961b4b1e3..00000000000
--- a/sys-apps/systemd/files/233-0003-core-load-fragment-refuse-units-with-errors-in-certa.patch
+++ /dev/null
@@ -1,339 +0,0 @@
-From f135524cd4cd6b71e7f6073b02389da30c6e94d9 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Thu, 6 Jul 2017 13:28:19 -0400
-Subject: [PATCH 3/3] core/load-fragment: refuse units with errors in certain
- directives
-
-If an error is encountered in any of the Exec* lines, WorkingDirectory,
-SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket
-units), User, or Group, refuse to load the unit. If the config stanza
-has support, ignore the failure if '-' is present.
-
-For those configuration directives, even if we started the unit, it's
-pretty likely that it'll do something unexpected (like write files
-in a wrong place, or with a wrong context, or run with wrong permissions,
-etc). It seems better to refuse to start the unit and have the admin
-clean up the configuration without giving the service a chance to mess
-up stuff.
-
-Note that all "security" options that restrict what the unit can do
-(Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*,
-PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are
-only supplementary, and are not always available depending on the architecture
-and compilation options, so unit authors have to make sure that the service
-runs correctly without them anyway.
-
-Fixes #6237, #6277.
----
- src/core/load-fragment.c | 116 ++++++++++++++++++++++++++++------------------
- src/test/test-unit-file.c | 14 +++---
- 2 files changed, 78 insertions(+), 52 deletions(-)
-
-diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
-index ae4ec5cf0..f38240af3 100644
---- a/src/core/load-fragment.c
-+++ b/src/core/load-fragment.c
-@@ -637,26 +637,36 @@ int config_parse_exec(
-
- r = unit_full_printf(u, f, &path);
- if (r < 0) {
-- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers on %s, ignoring: %m", f);
-- return 0;
-+ log_syntax(unit, LOG_ERR, filename, line, r,
-+ "Failed to resolve unit specifiers on %s%s: %m",
-+ f, ignore ? ", ignoring" : "");
-+ return ignore ? 0 : -ENOEXEC;
- }
-
- if (isempty(path)) {
- /* First word is either "-" or "@" with no command. */
-- log_syntax(unit, LOG_ERR, filename, line, 0, "Empty path in command line, ignoring: \"%s\"", rvalue);
-- return 0;
-+ log_syntax(unit, LOG_ERR, filename, line, 0,
-+ "Empty path in command line%s: \"%s\"",
-+ ignore ? ", ignoring" : "", rvalue);
-+ return ignore ? 0 : -ENOEXEC;
- }
- if (!string_is_safe(path)) {
-- log_syntax(unit, LOG_ERR, filename, line, 0, "Executable path contains special characters, ignoring: %s", rvalue);
-- return 0;
-+ log_syntax(unit, LOG_ERR, filename, line, 0,
-+ "Executable path contains special characters%s: %s",
-+ ignore ? ", ignoring" : "", rvalue);
-+ return ignore ? 0 : -ENOEXEC;
- }
- if (!path_is_absolute(path)) {
-- log_syntax(unit, LOG_ERR, filename, line, 0, "Executable path is not absolute, ignoring: %s", rvalue);
-- return 0;
-+ log_syntax(unit, LOG_ERR, filename, line, 0,
-+ "Executable path is not absolute%s: %s",
-+ ignore ? ", ignoring" : "", rvalue);
-+ return ignore ? 0 : -ENOEXEC;
- }
- if (endswith(path, "/")) {
-- log_syntax(unit, LOG_ERR, filename, line, 0, "Executable path specifies a directory, ignoring: %s", rvalue);
-- return 0;
-+ log_syntax(unit, LOG_ERR, filename, line, 0,
-+ "Executable path specifies a directory%s: %s",
-+ ignore ? ", ignoring" : "", rvalue);
-+ return ignore ? 0 : -ENOEXEC;
- }
-
- if (!separate_argv0) {
-@@ -709,12 +719,14 @@ int config_parse_exec(
- if (r == 0)
- break;
- if (r < 0)
-- return 0;
-+ return ignore ? 0 : -ENOEXEC;
-
- r = unit_full_printf(u, word, &resolved);
- if (r < 0) {
-- log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to resolve unit specifiers on %s, ignoring: %m", word);
-- return 0;
-+ log_syntax(unit, LOG_ERR, filename, line, r,
-+ "Failed to resolve unit specifiers on %s%s: %m",
-+ word, ignore ? ", ignoring" : "");
-+ return ignore ? 0 : -ENOEXEC;
- }
-
- if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
-@@ -725,8 +737,10 @@ int config_parse_exec(
- }
-
- if (!n || !n[0]) {
-- log_syntax(unit, LOG_ERR, filename, line, 0, "Empty executable name or zeroeth argument, ignoring: %s", rvalue);
-- return 0;
-+ log_syntax(unit, LOG_ERR, filename, line, 0,
-+ "Empty executable name or zeroeth argument%s: %s",
-+ ignore ? ", ignoring" : "", rvalue);
-+ return ignore ? 0 : -ENOEXEC;
- }
-
- nce = new0(ExecCommand, 1);
-@@ -1333,8 +1347,10 @@ int config_parse_exec_selinux_context(
-
- r = unit_full_printf(u, rvalue, &k);
- if (r < 0) {
-- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve specifiers, ignoring: %m");
-- return 0;
-+ log_syntax(unit, LOG_ERR, filename, line, r,
-+ "Failed to resolve specifiers%s: %m",
-+ ignore ? ", ignoring" : "");
-+ return ignore ? 0 : -ENOEXEC;
- }
-
- free(c->selinux_context);
-@@ -1381,8 +1397,10 @@ int config_parse_exec_apparmor_profile(
-
- r = unit_full_printf(u, rvalue, &k);
- if (r < 0) {
-- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve specifiers, ignoring: %m");
-- return 0;
-+ log_syntax(unit, LOG_ERR, filename, line, r,
-+ "Failed to resolve specifiers%s: %m",
-+ ignore ? ", ignoring" : "");
-+ return ignore ? 0 : -ENOEXEC;
- }
-
- free(c->apparmor_profile);
-@@ -1429,8 +1447,10 @@ int config_parse_exec_smack_process_label(
-
- r = unit_full_printf(u, rvalue, &k);
- if (r < 0) {
-- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve specifiers, ignoring: %m");
-- return 0;
-+ log_syntax(unit, LOG_ERR, filename, line, r,
-+ "Failed to resolve specifiers%s: %m",
-+ ignore ? ", ignoring" : "");
-+ return ignore ? 0 : -ENOEXEC;
- }
-
- free(c->smack_process_label);
-@@ -1648,19 +1668,19 @@ int config_parse_socket_service(
-
- r = unit_name_printf(UNIT(s), rvalue, &p);
- if (r < 0) {
-- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve specifiers, ignoring: %s", rvalue);
-- return 0;
-+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve specifiers: %s", rvalue);
-+ return -ENOEXEC;
- }
-
- if (!endswith(p, ".service")) {
-- log_syntax(unit, LOG_ERR, filename, line, 0, "Unit must be of type service, ignoring: %s", rvalue);
-- return 0;
-+ log_syntax(unit, LOG_ERR, filename, line, 0, "Unit must be of type service: %s", rvalue);
-+ return -ENOEXEC;
- }
-
- r = manager_load_unit(UNIT(s)->manager, p, NULL, &error, &x);
- if (r < 0) {
-- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to load unit %s, ignoring: %s", rvalue, bus_error_message(&error, r));
-- return 0;
-+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to load unit %s: %s", rvalue, bus_error_message(&error, r));
-+ return -ENOEXEC;
- }
-
- unit_ref_set(&s->service, x);
-@@ -1911,13 +1931,13 @@ int config_parse_user_group(
-
- r = unit_full_printf(u, rvalue, &k);
- if (r < 0) {
-- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
-- return 0;
-+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", rvalue);
-+ return -ENOEXEC;
- }
-
- if (!valid_user_group_name_or_id(k)) {
-- log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID, ignoring: %s", k);
-- return 0;
-+ log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
-+ return -ENOEXEC;
- }
-
- n = k;
-@@ -1975,19 +1995,19 @@ int config_parse_user_group_strv(
- if (r == -ENOMEM)
- return log_oom();
- if (r < 0) {
-- log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
-- break;
-+ log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax: %s", rvalue);
-+ return -ENOEXEC;
- }
-
- r = unit_full_printf(u, word, &k);
- if (r < 0) {
-- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", word);
-- continue;
-+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", word);
-+ return -ENOEXEC;
- }
-
- if (!valid_user_group_name_or_id(k)) {
-- log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID, ignoring: %s", k);
-- continue;
-+ log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
-+ return -ENOEXEC;
- }
-
- r = strv_push(users, k);
-@@ -2146,25 +2166,28 @@ int config_parse_working_directory(
-
- r = unit_full_printf(u, rvalue, &k);
- if (r < 0) {
-- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in working directory path '%s', ignoring: %m", rvalue);
-- return 0;
-+ log_syntax(unit, LOG_ERR, filename, line, r,
-+ "Failed to resolve unit specifiers in working directory path '%s'%s: %m",
-+ rvalue, missing_ok ? ", ignoring" : "");
-+ return missing_ok ? 0 : -ENOEXEC;
- }
-
- path_kill_slashes(k);
-
- if (!utf8_is_valid(k)) {
- log_syntax_invalid_utf8(unit, LOG_ERR, filename, line, rvalue);
-- return 0;
-+ return missing_ok ? 0 : -ENOEXEC;
- }
-
- if (!path_is_absolute(k)) {
-- log_syntax(unit, LOG_ERR, filename, line, 0, "Working directory path '%s' is not absolute, ignoring.", rvalue);
-- return 0;
-+ log_syntax(unit, LOG_ERR, filename, line, 0,
-+ "Working directory path '%s' is not absolute%s.",
-+ rvalue, missing_ok ? ", ignoring" : "");
-+ return missing_ok ? 0 : -ENOEXEC;
- }
-
-- free_and_replace(c->working_directory, k);
--
- c->working_directory_home = false;
-+ free_and_replace(c->working_directory, k);
- }
-
- c->working_directory_missing_ok = missing_ok;
-@@ -4444,8 +4467,11 @@ int unit_load_fragment(Unit *u) {
- return r;
-
- r = load_from_path(u, k);
-- if (r < 0)
-+ if (r < 0) {
-+ if (r == -ENOEXEC)
-+ log_unit_notice(u, "Unit configuration has fatal error, unit will not be started.");
- return r;
-+ }
-
- if (u->load_state == UNIT_STUB) {
- SET_FOREACH(t, u->names, i) {
-diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c
-index 12f48bf43..fd797b587 100644
---- a/src/test/test-unit-file.c
-+++ b/src/test/test-unit-file.c
-@@ -146,7 +146,7 @@ static void test_config_parse_exec(void) {
- r = config_parse_exec(NULL, "fake", 4, "section", 1,
- "LValue", 0, "/RValue/ argv0 r1",
- &c, u);
-- assert_se(r == 0);
-+ assert_se(r == -ENOEXEC);
- assert_se(c1->command_next == NULL);
-
- log_info("/* honour_argv0 */");
-@@ -161,7 +161,7 @@ static void test_config_parse_exec(void) {
- r = config_parse_exec(NULL, "fake", 3, "section", 1,
- "LValue", 0, "@/RValue",
- &c, u);
-- assert_se(r == 0);
-+ assert_se(r == -ENOEXEC);
- assert_se(c1->command_next == NULL);
-
- log_info("/* no command, whitespace only, reset */");
-@@ -220,7 +220,7 @@ static void test_config_parse_exec(void) {
- "-@/RValue argv0 r1 ; ; "
- "/goo/goo boo",
- &c, u);
-- assert_se(r >= 0);
-+ assert_se(r == -ENOEXEC);
- c1 = c1->command_next;
- check_execcommand(c1, "/RValue", "argv0", "r1", NULL, true);
-
-@@ -374,7 +374,7 @@ static void test_config_parse_exec(void) {
- r = config_parse_exec(NULL, "fake", 4, "section", 1,
- "LValue", 0, path,
- &c, u);
-- assert_se(r == 0);
-+ assert_se(r == -ENOEXEC);
- assert_se(c1->command_next == NULL);
- }
-
-@@ -401,21 +401,21 @@ static void test_config_parse_exec(void) {
- r = config_parse_exec(NULL, "fake", 4, "section", 1,
- "LValue", 0, "/path\\",
- &c, u);
-- assert_se(r == 0);
-+ assert_se(r == -ENOEXEC);
- assert_se(c1->command_next == NULL);
-
- log_info("/* missing ending ' */");
- r = config_parse_exec(NULL, "fake", 4, "section", 1,
- "LValue", 0, "/path 'foo",
- &c, u);
-- assert_se(r == 0);
-+ assert_se(r == -ENOEXEC);
- assert_se(c1->command_next == NULL);
-
- log_info("/* missing ending ' with trailing backslash */");
- r = config_parse_exec(NULL, "fake", 4, "section", 1,
- "LValue", 0, "/path 'foo\\",
- &c, u);
-- assert_se(r == 0);
-+ assert_se(r == -ENOEXEC);
- assert_se(c1->command_next == NULL);
-
- log_info("/* invalid space between modifiers */");
---
-2.13.2
-
diff --git a/sys-apps/systemd/files/233-CVE-2017-9445.patch b/sys-apps/systemd/files/233-CVE-2017-9445.patch
deleted file mode 100644
index 22a366ceba0..00000000000
--- a/sys-apps/systemd/files/233-CVE-2017-9445.patch
+++ /dev/null
@@ -1,149 +0,0 @@
-From 29bb43cc46412366fc939c66331a916de07bfac4 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Sun, 18 Jun 2017 16:07:57 -0400
-Subject: [PATCH 1/4] resolved: simplify alloc size calculation
-
-The allocation size was calculated in a complicated way, and for values
-close to the page size we would actually allocate less than requested.
-
-Reported by Chris Coulson <chris.coulson@canonical.com>.
-
-CVE-2017-9445
----
- src/resolve/resolved-dns-packet.c | 8 +-------
- src/resolve/resolved-dns-packet.h | 2 --
- 2 files changed, 1 insertion(+), 9 deletions(-)
-
-diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
-index 652970284..2034e3c8c 100644
---- a/src/resolve/resolved-dns-packet.c
-+++ b/src/resolve/resolved-dns-packet.c
-@@ -47,13 +47,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
-
- assert(ret);
-
-- if (mtu <= UDP_PACKET_HEADER_SIZE)
-- a = DNS_PACKET_SIZE_START;
-- else
-- a = mtu - UDP_PACKET_HEADER_SIZE;
--
-- if (a < DNS_PACKET_HEADER_SIZE)
-- a = DNS_PACKET_HEADER_SIZE;
-+ a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
-
- /* round up to next page size */
- a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
-diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h
-index 2c92392e4..3abcaf8cf 100644
---- a/src/resolve/resolved-dns-packet.h
-+++ b/src/resolve/resolved-dns-packet.h
-@@ -66,8 +66,6 @@ struct DnsPacketHeader {
- /* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */
- #define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096
-
--#define DNS_PACKET_SIZE_START 512
--
- struct DnsPacket {
- int n_ref;
- DnsProtocol protocol;
---
-2.13.1
-
-
-From cd3d8a7ebc01cd6913eaa9a591f7d606038a7588 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Tue, 27 Jun 2017 14:20:00 -0400
-Subject: [PATCH 2/4] resolved: do not allocate packets with minimum size
-
-dns_packet_new() is sometimes called with mtu == 0, and in that case we should
-allocate more than the absolute minimum (which is the dns packet header size),
-otherwise we have to resize immediately again after appending the first data to
-the packet.
-
-This partially reverts the previous commit.
----
- src/resolve/resolved-dns-packet.c | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
-index 2034e3c8c..9d806ab33 100644
---- a/src/resolve/resolved-dns-packet.c
-+++ b/src/resolve/resolved-dns-packet.c
-@@ -28,6 +28,9 @@
-
- #define EDNS0_OPT_DO (1<<15)
-
-+#define DNS_PACKET_SIZE_START 512
-+assert_cc(DNS_PACKET_SIZE_START > UDP_PACKET_HEADER_SIZE)
-+
- typedef struct DnsPacketRewinder {
- DnsPacket *packet;
- size_t saved_rindex;
-@@ -47,7 +50,14 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
-
- assert(ret);
-
-- a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
-+ /* When dns_packet_new() is called with mtu == 0, allocate more than the
-+ * absolute minimum (which is the dns packet header size), to avoid
-+ * resizing immediately again after appending the first data to the packet.
-+ */
-+ if (mtu < UDP_PACKET_HEADER_SIZE)
-+ a = DNS_PACKET_SIZE_START;
-+ else
-+ a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
-
- /* round up to next page size */
- a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
---
-2.13.1
-
-
-From a03fc1acd66d23e239f2545e9a6887c7d0aad7c5 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Tue, 27 Jun 2017 16:59:06 -0400
-Subject: [PATCH 3/4] resolved: define various packet sizes as unsigned
-
-This seems like the right thing to do, and apparently at least some compilers
-warn about signed/unsigned comparisons with DNS_PACKET_SIZE_MAX.
----
- src/resolve/resolved-dns-packet.c | 2 +-
- src/resolve/resolved-dns-packet.h | 6 +++---
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
-index 9d806ab33..e2285b440 100644
---- a/src/resolve/resolved-dns-packet.c
-+++ b/src/resolve/resolved-dns-packet.c
-@@ -28,7 +28,7 @@
-
- #define EDNS0_OPT_DO (1<<15)
-
--#define DNS_PACKET_SIZE_START 512
-+#define DNS_PACKET_SIZE_START 512u
- assert_cc(DNS_PACKET_SIZE_START > UDP_PACKET_HEADER_SIZE)
-
- typedef struct DnsPacketRewinder {
-diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h
-index 3abcaf8cf..5dff272fd 100644
---- a/src/resolve/resolved-dns-packet.h
-+++ b/src/resolve/resolved-dns-packet.h
-@@ -58,13 +58,13 @@ struct DnsPacketHeader {
- /* The various DNS protocols deviate in how large a packet can grow,
- but the TCP transport has a 16bit size field, hence that appears to
- be the absolute maximum. */
--#define DNS_PACKET_SIZE_MAX 0xFFFF
-+#define DNS_PACKET_SIZE_MAX 0xFFFFu
-
- /* RFC 1035 say 512 is the maximum, for classic unicast DNS */
--#define DNS_PACKET_UNICAST_SIZE_MAX 512
-+#define DNS_PACKET_UNICAST_SIZE_MAX 512u
-
- /* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */
--#define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096
-+#define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096u
-
- struct DnsPacket {
- int n_ref;
---
-2.13.1
diff --git a/sys-apps/systemd/files/233-format-warnings.patch b/sys-apps/systemd/files/233-format-warnings.patch
deleted file mode 100644
index 7bb08f0a320..00000000000
--- a/sys-apps/systemd/files/233-format-warnings.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From 3e7d14d78c4d15ec7789299216cbf5c58e61547b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Sat, 3 Jun 2017 05:41:17 -0400
-Subject: [PATCH] sd-bus: silence format warnings in kdbus code (#6072)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The code is mostly correct, but gcc is trying to outsmart us, and emits a
-warning for a "llu vs lu" mismatch, even though they are the same size (on alpha):
-
-src/libsystemd/sd-bus/bus-control.c: In function ‘kernel_get_list’:
-src/libsystemd/sd-bus/bus-control.c:267:42: error: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64 {aka long unsigned int}’ [-Werror=format=]
- if (asprintf(&n, ":1.%llu", name->id) < 0) {
- ^
-src/libsystemd/sd-bus/bus-control.c: In function ‘bus_get_name_creds_kdbus’:
-src/libsystemd/sd-bus/bus-control.c:714:47: error: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64 {aka long unsigned int}’ [-Werror=format=]
- if (asprintf(&c->unique_name, ":1.%llu", conn_info->id) < 0) {
- ^
-This is hard to work around properly, because kdbus.h uses __u64 which is
-defined-differently-despite-being-the-same-size then uint64_t. Thus the simple
-solution of using %PRIu64 fails on amd64:
-
-src/libsystemd/sd-bus/bus-control.c:714:47: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘__u64 {aka long long unsigned int}’ [-Werror=format=]
- if (asprintf(&c->unique_name, ":1.%"PRIu64, conn_info->id) < 0) {
- ^~~~~~
-
-Let's just avoid the whole issue for now by silencing the warning.
-After the next release, we should just get rid of the kdbus code.
-
-Fixes #5561.
----
- src/libsystemd/sd-bus/bus-control.c | 6 ++++++
- src/libsystemd/sd-bus/bus-kernel.c | 2 ++
- 2 files changed, 8 insertions(+)
-
-diff --git a/src/libsystemd/sd-bus/bus-control.c b/src/libsystemd/sd-bus/bus-control.c
-index 9e58ffbd8..303ae0f23 100644
---- a/src/libsystemd/sd-bus/bus-control.c
-+++ b/src/libsystemd/sd-bus/bus-control.c
-@@ -264,10 +264,13 @@ static int kernel_get_list(sd_bus *bus, uint64_t flags, char ***x) {
- if ((flags & KDBUS_LIST_UNIQUE) && name->id != previous_id && !(name->flags & KDBUS_HELLO_ACTIVATOR)) {
- char *n;
-
-+#pragma GCC diagnostic push
-+#pragma GCC diagnostic ignored "-Wformat"
- if (asprintf(&n, ":1.%llu", name->id) < 0) {
- r = -ENOMEM;
- goto fail;
- }
-+#pragma GCC diagnostic pop
-
- r = strv_consume(x, n);
- if (r < 0)
-@@ -711,10 +714,13 @@ int bus_get_name_creds_kdbus(
- }
-
- if (mask & SD_BUS_CREDS_UNIQUE_NAME) {
-+#pragma GCC diagnostic push
-+#pragma GCC diagnostic ignored "-Wformat"
- if (asprintf(&c->unique_name, ":1.%llu", conn_info->id) < 0) {
- r = -ENOMEM;
- goto fail;
- }
-+#pragma GCC diagnostic pop
-
- c->mask |= SD_BUS_CREDS_UNIQUE_NAME;
- }
-diff --git a/src/libsystemd/sd-bus/bus-kernel.c b/src/libsystemd/sd-bus/bus-kernel.c
-index c82caeb3f..ca6aee7c0 100644
---- a/src/libsystemd/sd-bus/bus-kernel.c
-+++ b/src/libsystemd/sd-bus/bus-kernel.c
-@@ -51,6 +51,8 @@
- #include "user-util.h"
- #include "util.h"
-
-+#pragma GCC diagnostic ignored "-Wformat"
-+
- #define UNIQUE_NAME_MAX (3+DECIMAL_STR_MAX(uint64_t))
-
- int bus_kernel_parse_unique_name(const char *s, uint64_t *id) {
---
-2.13.2
-
diff --git a/sys-apps/systemd/files/CVE-2017-9217.patch b/sys-apps/systemd/files/CVE-2017-9217.patch
deleted file mode 100644
index 68d0f36d491..00000000000
--- a/sys-apps/systemd/files/CVE-2017-9217.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From a924f43f30f9c4acaf70618dd2a055f8b0f166be Mon Sep 17 00:00:00 2001
-From: Evgeny Vereshchagin <evvers@ya.ru>
-Date: Wed, 24 May 2017 08:56:48 +0300
-Subject: [PATCH] resolved: bugfix of null pointer p->question dereferencing
- (#6020)
-
-See https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396
----
- src/resolve/resolved-dns-packet.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
-index 652970284..240ee448f 100644
---- a/src/resolve/resolved-dns-packet.c
-+++ b/src/resolve/resolved-dns-packet.c
-@@ -2269,6 +2269,9 @@ int dns_packet_is_reply_for(DnsPacket *p, const DnsResourceKey *key) {
- if (r < 0)
- return r;
-
-+ if (!p->question)
-+ return 0;
-+
- if (p->question->n_keys != 1)
- return 0;
-
---
-2.15.0.rc2
-
diff --git a/sys-apps/systemd/systemd-233-r6.ebuild b/sys-apps/systemd/systemd-233-r6.ebuild
index 42b0a4eb4c6..de147be79bd 100644
--- a/sys-apps/systemd/systemd-233-r6.ebuild
+++ b/sys-apps/systemd/systemd-233-r6.ebuild
@@ -8,6 +8,7 @@ if [[ ${PV} == 9999 ]]; then
inherit git-r3
else
SRC_URI="https://github.com/systemd/systemd/archive/v${PV}.tar.gz -> ${P}.tar.gz
+ https://dev.gentoo.org/~floppym/dist/${P}-patches.tar.gz
!doc? ( https://dev.gentoo.org/~floppym/dist/${P}-man.tar.gz )"
KEYWORDS="alpha amd64 arm ~arm64 ia64 ppc ppc64 ~sparc x86"
fi
@@ -153,13 +154,7 @@ src_prepare() {
sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
local PATCHES=(
- "${FILESDIR}/233-0001-Avoid-strict-DM-interface-version-dependencies-5519.patch"
- "${FILESDIR}/233-CVE-2017-9445.patch"
- "${FILESDIR}/233-format-warnings.patch"
- "${FILESDIR}/233-0002-core-load-fragment-refuse-units-with-errors-in-RootD.patch"
- "${FILESDIR}/233-0003-core-load-fragment-refuse-units-with-errors-in-certa.patch"
"${FILESDIR}/CVE-2017-15908.patch"
- "${FILESDIR}/CVE-2017-9217.patch"
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2017-11-19 20:09 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2017-11-19 20:09 UTC (permalink / raw
To: gentoo-commits
commit: e80e2c2f3c1d692f8b7c8c584ab1a517f9624313
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 19 20:09:16 2017 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Nov 19 20:09:16 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e80e2c2f
sys-apps/systemd: update uucp group patch
Package-Manager: Portage-2.3.14_p5, Repoman-2.3.6
sys-apps/systemd/files/236-uucp-group.patch | 11 +++++++++++
sys-apps/systemd/systemd-9999.ebuild | 2 +-
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/sys-apps/systemd/files/236-uucp-group.patch b/sys-apps/systemd/files/236-uucp-group.patch
new file mode 100644
index 00000000000..9c53b8b18ab
--- /dev/null
+++ b/sys-apps/systemd/files/236-uucp-group.patch
@@ -0,0 +1,11 @@
+--- a/rules/50-udev-default.rules.in
++++ b/rules/50-udev-default.rules.in
+@@ -22,7 +22,7 @@
+ SUBSYSTEM=="tty", KERNEL=="ttysclp[0-9]*", GROUP="tty", MODE="0620"
+ SUBSYSTEM=="tty", KERNEL=="3270/tty[0-9]*", GROUP="tty", MODE="0620"
+ SUBSYSTEM=="vc", KERNEL=="vcs*|vcsa*", GROUP="tty"
+-KERNEL=="tty[A-Z]*[0-9]|ttymxc[0-9]*|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", GROUP="dialout"
++KERNEL=="tty[A-Z]*[0-9]|ttymxc[0-9]*|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", GROUP="uucp"
+
+ SUBSYSTEM=="mem", KERNEL=="mem|kmem|port", GROUP="kmem", MODE="0640"
+
diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 9f58ed53ab2..8256350c5e1 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -155,7 +155,7 @@ src_prepare() {
"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
"${FILESDIR}/228-noclean-tmp.patch"
"${FILESDIR}/233-systemd-user-pam.patch"
- "${FILESDIR}/234-uucp-group.patch"
+ "${FILESDIR}/236-uucp-group.patch"
"${FILESDIR}/generator-path.patch"
)
fi
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2017-10-26 21:37 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2017-10-26 21:37 UTC (permalink / raw
To: gentoo-commits
commit: 06c2355e8eca30994fa0416793e2e04efd652c41
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Oct 26 21:36:27 2017 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Oct 26 21:36:45 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06c2355e
sys-apps/systemd: backport fix for CVE-2017-15908
Bug: https://bugs.gentoo.org/635514
Package-Manager: Portage-2.3.11_p4, Repoman-2.3.3_p62
sys-apps/systemd/files/CVE-2017-15908.patch | 39 +++
.../{systemd-235.ebuild => systemd-233-r5.ebuild} | 313 +++++++++++----------
.../{systemd-235.ebuild => systemd-235-r1.ebuild} | 1 +
3 files changed, 204 insertions(+), 149 deletions(-)
diff --git a/sys-apps/systemd/files/CVE-2017-15908.patch b/sys-apps/systemd/files/CVE-2017-15908.patch
new file mode 100644
index 00000000000..08e5e37514c
--- /dev/null
+++ b/sys-apps/systemd/files/CVE-2017-15908.patch
@@ -0,0 +1,39 @@
+From 9f939335a07085aa9a9663efd1dca06ef6405d62 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 25 Oct 2017 11:19:19 +0200
+Subject: [PATCH] resolved: fix loop on packets with pseudo dns types
+
+Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D.
+
+https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
+---
+ src/resolve/resolved-dns-packet.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
+index e2f227bfc..35f4d0689 100644
+--- a/src/resolve/resolved-dns-packet.c
++++ b/src/resolve/resolved-dns-packet.c
+@@ -1514,7 +1514,7 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
+
+ found = true;
+
+- while (bitmask) {
++ for (; bitmask; bit++, bitmask >>= 1)
+ if (bitmap[i] & bitmask) {
+ uint16_t n;
+
+@@ -1528,10 +1528,6 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
+ if (r < 0)
+ return r;
+ }
+-
+- bit++;
+- bitmask >>= 1;
+- }
+ }
+
+ if (!found)
+--
+2.15.0.rc2
+
diff --git a/sys-apps/systemd/systemd-235.ebuild b/sys-apps/systemd/systemd-233-r5.ebuild
similarity index 59%
copy from sys-apps/systemd/systemd-235.ebuild
copy to sys-apps/systemd/systemd-233-r5.ebuild
index 6fe34a0809b..bce73fafb4f 100644
--- a/sys-apps/systemd/systemd-235.ebuild
+++ b/sys-apps/systemd/systemd-233-r5.ebuild
@@ -7,28 +7,29 @@ if [[ ${PV} == 9999 ]]; then
EGIT_REPO_URI="https://github.com/systemd/systemd.git"
inherit git-r3
else
- SRC_URI="https://github.com/systemd/systemd/archive/v${PV}.tar.gz -> ${P}.tar.gz"
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~x86"
+ SRC_URI="https://github.com/systemd/systemd/archive/v${PV}.tar.gz -> ${P}.tar.gz
+ !doc? ( https://dev.gentoo.org/~floppym/dist/${P}-man.tar.gz )"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86"
fi
PYTHON_COMPAT=( python{3_4,3_5,3_6} )
-inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev user
+inherit autotools bash-completion-r1 linux-info multilib-minimal pam python-any-r1 systemd toolchain-funcs udev user
DESCRIPTION="System and service manager for Linux"
HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
SLOT="0/2"
-IUSE="acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi http
- idn importd +kmod libidn2 +lz4 lzma nat pam policykit
+IUSE="acl apparmor audit build cryptsetup curl doc elfutils +gcrypt gnuefi http
+ idn importd +kmod +lz4 lzma nat pam policykit
qrcode +seccomp selinux ssl sysv-utils test vanilla xkb"
REQUIRED_USE="importd? ( curl gcrypt lzma )"
MINKV="3.11"
-COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+COMMON_DEPEND=">=sys-apps/util-linux-2.27.1:0=[${MULTILIB_USEDEP}]
sys-libs/libcap:0=[${MULTILIB_USEDEP}]
!<sys-libs/glibc-2.16
acl? ( sys-apps/acl:0= )
@@ -42,10 +43,7 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
>=net-libs/libmicrohttpd-0.9.33:0=
ssl? ( >=net-libs/gnutls-3.1.4:0= )
)
- idn? (
- libidn2? ( net-dns/libidn2 )
- !libidn2? ( net-dns/libidn )
- )
+ idn? ( net-dns/libidn:0= )
importd? (
app-arch/bzip2:0=
sys-libs/zlib:0=
@@ -100,9 +98,13 @@ DEPEND="${COMMON_DEPEND}
app-text/docbook-xml-dtd:4.5
app-text/docbook-xsl-stylesheets
dev-libs/libxslt:0
- $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
+ doc? ( $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') )
"
+python_check_deps() {
+ has_version --host-root "dev-python/lxml[${PYTHON_USEDEP}]"
+}
+
pkg_pretend() {
if [[ ${MERGE_TYPE} != buildonly ]]; then
local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
@@ -147,9 +149,16 @@ src_unpack() {
}
src_prepare() {
+ # Bug 463376
+ sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
+
local PATCHES=(
- "${FILESDIR}"/235-0001-test-skip-hwdb-and-sysv-generator-if-the-features-ar.patch
- "${FILESDIR}"/235-0002-networkd-Don-t-stop-networkd-if-CONFIG_FIB_RULES-n-i.patch
+ "${FILESDIR}/233-0001-Avoid-strict-DM-interface-version-dependencies-5519.patch"
+ "${FILESDIR}/233-CVE-2017-9445.patch"
+ "${FILESDIR}/233-format-warnings.patch"
+ "${FILESDIR}/233-0002-core-load-fragment-refuse-units-with-errors-in-RootD.patch"
+ "${FILESDIR}/233-0003-core-load-fragment-refuse-units-with-errors-in-certa.patch"
+ "${FILESDIR}/CVE-2017-15908.patch"
)
if ! use vanilla; then
@@ -157,159 +166,189 @@ src_prepare() {
"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
"${FILESDIR}/228-noclean-tmp.patch"
"${FILESDIR}/233-systemd-user-pam.patch"
- "${FILESDIR}/234-uucp-group.patch"
- "${FILESDIR}/generator-path.patch"
)
fi
[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
default
+
+ eautoreconf
}
src_configure() {
+ # Keep using the one where the rules were installed.
+ MY_UDEVDIR=$(get_udevdir)
+ # Fix systems broken by bug #509454.
+ [[ ${MY_UDEVDIR} ]] || MY_UDEVDIR=/lib/udev
+
# Prevent conflicts with i686 cross toolchain, bug 559726
tc-export AR CC NM OBJCOPY RANLIB
- python_setup
+ use doc && python_setup
multilib-minimal_src_configure
}
-meson_use() {
- usex "$1" true false
-}
-
-meson_multilib() {
- if multilib_is_native_abi; then
- echo true
- else
- echo false
- fi
-}
-
-meson_multilib_native_use() {
- if multilib_is_native_abi && use "$1"; then
- echo true
- else
- echo false
- fi
-}
-
multilib_src_configure() {
- local myconf=(
- --localstatedir="${EPREFIX}/var"
- -Dpamlibdir="$(getpam_mod_dir)"
+ local myeconfargs=(
+ # disable -flto since it is an optimization flag
+ # and makes distcc less effective
+ cc_cv_CFLAGS__flto=no
+ # disable -fuse-ld=gold since Gentoo supports explicit linker
+ # choice and forcing gold is undesired, #539998
+ # ld.gold may collide with user's LDFLAGS, #545168
+ # ld.gold breaks sparc, #573874
+ cc_cv_LDFLAGS__Wl__fuse_ld_gold=no
+
+ # Workaround for gcc-4.7, bug 554454.
+ cc_cv_CFLAGS__Werror_shadow=no
+
+ # Workaround for bug 516346
+ --enable-dependency-tracking
+
+ --disable-maintainer-mode
+ --localstatedir=/var
+ --with-pamlibdir=$(getpam_mod_dir)
# avoid bash-completion dep
- -Dbashcompletiondir="$(get_bashcompdir)"
+ --with-bashcompletiondir="$(get_bashcompdir)"
# make sure we get /bin:/sbin in $PATH
- -Dsplit-usr=true
- -Drootprefix="${EPREFIX}${ROOTPREFIX}"
- -Dsysvinit-path=
- -Dsysvrcnd-path=
+ --enable-split-usr
+ # For testing.
+ --with-rootprefix="${ROOTPREFIX-/usr}"
+ --with-rootlibdir="${ROOTPREFIX-/usr}/$(get_libdir)"
+ # disable sysv compatibility
+ --with-sysvinit-path=
+ --with-sysvrcnd-path=
# no deps
- -Defi=$(meson_multilib)
- -Dima=true
+ --enable-efi
+ --enable-ima
+
# Optional components/dependencies
- -Dacl=$(meson_multilib_native_use acl)
- -Dapparmor=$(meson_multilib_native_use apparmor)
- -Daudit=$(meson_multilib_native_use audit)
- -Dlibcryptsetup=$(meson_multilib_native_use cryptsetup)
- -Dlibcurl=$(meson_multilib_native_use curl)
- -Delfutils=$(meson_multilib_native_use elfutils)
- -Dgcrypt=$(meson_use gcrypt)
- -Dgnu-efi=$(meson_multilib_native_use gnuefi)
- -Defi-libdir="/usr/$(get_libdir)"
- -Dmicrohttpd=$(meson_multilib_native_use http)
- $(usex http -Dgnutls=$(meson_multilib_native_use ssl) -Dgnutls=false)
- -Dimportd=$(meson_multilib_native_use importd)
- -Dbzip2=$(meson_multilib_native_use importd)
- -Dzlib=$(meson_multilib_native_use importd)
- -Dkmod=$(meson_multilib_native_use kmod)
- -Dlz4=$(meson_use lz4)
- -Dxz=$(meson_use lzma)
- -Dlibiptc=$(meson_multilib_native_use nat)
- -Dpam=$(meson_use pam)
- -Dpolkit=$(meson_multilib_native_use policykit)
- -Dqrencode=$(meson_multilib_native_use qrcode)
- -Dseccomp=$(meson_multilib_native_use seccomp)
- -Dselinux=$(meson_multilib_native_use selinux)
- #-Dtests=$(meson_multilib_native_use test)
- -Ddbus=$(meson_multilib_native_use test)
- -Dxkbcommon=$(meson_multilib_native_use xkb)
+ $(multilib_native_use_enable acl)
+ $(multilib_native_use_enable apparmor)
+ $(multilib_native_use_enable audit)
+ $(multilib_native_use_enable cryptsetup libcryptsetup)
+ $(multilib_native_use_enable curl libcurl)
+ $(multilib_native_use_enable elfutils)
+ $(use_enable gcrypt)
+ $(multilib_native_use_enable gnuefi)
+ --with-efi-libdir="/usr/$(get_libdir)"
+ $(multilib_native_use_enable http microhttpd)
+ $(usex http $(multilib_native_use_enable ssl gnutls) --disable-gnutls)
+ $(multilib_native_use_enable idn libidn)
+ $(multilib_native_use_enable importd)
+ $(multilib_native_use_enable importd bzip2)
+ $(multilib_native_use_enable importd zlib)
+ $(multilib_native_use_enable kmod)
+ $(use_enable lz4)
+ $(use_enable lzma xz)
+ $(multilib_native_use_enable nat libiptc)
+ $(use_enable pam)
+ $(multilib_native_use_enable policykit polkit)
+ $(multilib_native_use_enable qrcode qrencode)
+ $(multilib_native_use_enable seccomp)
+ $(multilib_native_use_enable selinux)
+ $(multilib_native_use_enable test tests)
+ $(multilib_native_use_enable test dbus)
+ $(multilib_native_use_enable xkb xkbcommon)
+ $(multilib_native_use_with doc python)
+
# hardcode a few paths to spare some deps
- -Dpath-kill=/bin/kill
- -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+ KILL=/bin/kill
+ QUOTAON=/usr/sbin/quotaon
+ QUOTACHECK=/usr/sbin/quotacheck
+
+ # TODO: we may need to restrict this to gcc
+ EFI_CC="$(tc-getCC)"
+
+ # dbus paths
+ --with-dbuspolicydir="${EPREFIX}/etc/dbus-1/system.d"
+ --with-dbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services"
+ --with-dbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services"
+
+ --with-ntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+
# Breaks screen, tmux, etc.
- -Ddefault-kill-user-processes=false
-
- # multilib options
- -Dbacklight=$(meson_multilib)
- -Dbinfmt=$(meson_multilib)
- -Dcoredump=$(meson_multilib)
- -Denvironment-d=$(meson_multilib)
- -Dfirstboot=$(meson_multilib)
- -Dhibernate=$(meson_multilib)
- -Dhostnamed=$(meson_multilib)
- -Dhwdb=$(meson_multilib)
- -Dldconfig=$(meson_multilib)
- -Dlocaled=$(meson_multilib)
- -Dman=$(meson_multilib)
- -Dnetworkd=$(meson_multilib)
- -Dquotacheck=$(meson_multilib)
- -Drandomseed=$(meson_multilib)
- -Drfkill=$(meson_multilib)
- -Dsysusers=$(meson_multilib)
- -Dtimedated=$(meson_multilib)
- -Dtimesyncd=$(meson_multilib)
- -Dtmpfiles=$(meson_multilib)
- -Dvconsole=$(meson_multilib)
+ --without-kill-user-processes
)
- if multilib_is_native_abi && use idn; then
- myconf+=(
- -Dlibidn2=$(usex libidn2 true false)
- -Dlibidn=$(usex libidn2 false true)
- )
- else
- myconf+=(
- -Dlibidn2=false
- -Dlibidn=false
- )
- fi
+ # Work around bug 463846.
+ tc-export CC
- meson_src_configure "${myconf[@]}"
+ ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
}
multilib_src_compile() {
- eninja
+ local mymakeopts=(
+ udevlibexecdir="${MY_UDEVDIR}"
+ )
+
+ if multilib_is_native_abi; then
+ emake "${mymakeopts[@]}"
+ else
+ emake built-sources
+ local targets=(
+ '$(rootlib_LTLIBRARIES)'
+ '$(lib_LTLIBRARIES)'
+ '$(pamlib_LTLIBRARIES)'
+ '$(pkgconfiglib_DATA)'
+ )
+ echo "gentoo: ${targets[*]}" | emake "${mymakeopts[@]}" -f Makefile -f - gentoo
+ fi
}
multilib_src_test() {
- eninja test
+ multilib_is_native_abi || return 0
+ default
}
multilib_src_install() {
- DESTDIR="${D}" eninja install
+ local mymakeopts=(
+ # automake fails with parallel libtool relinking
+ # https://bugs.gentoo.org/show_bug.cgi?id=491398
+ -j1
+
+ udevlibexecdir="${MY_UDEVDIR}"
+ dist_udevhwdb_DATA=
+ DESTDIR="${D}"
+ )
+
+ if multilib_is_native_abi; then
+ emake "${mymakeopts[@]}" install
+ else
+ mymakeopts+=(
+ install-rootlibLTLIBRARIES
+ install-libLTLIBRARIES
+ install-pamlibLTLIBRARIES
+ install-pkgconfiglibDATA
+ install-includeHEADERS
+ install-pkgincludeHEADERS
+ )
+
+ emake "${mymakeopts[@]}"
+ fi
}
multilib_src_install_all() {
- # meson doesn't know about docdir
- mv "${ED%/}"/usr/share/doc/{systemd,${PF}} || die
-
+ prune_libtool_files --modules
einstalldocs
dodoc "${FILESDIR}"/nsswitch.conf
+ if [[ ${PV} != 9999 ]]; then
+ use doc || doman "${WORKDIR}"/man/systemd.{directives,index}.7
+ fi
+
if use sysv-utils; then
for app in halt poweroff reboot runlevel shutdown telinit; do
- dosym "${EPREFIX}${ROOTPREFIX%/}/bin/systemctl" /sbin/${app}
+ dosym "..${ROOTPREFIX-/usr}/bin/systemctl" /sbin/${app}
done
- dosym "${EPREFIX}${ROOTPREFIX%/}/lib/systemd/systemd" /sbin/init
+ dosym "..${ROOTPREFIX-/usr}/lib/systemd/systemd" /sbin/init
else
# we just keep sysvinit tools, so no need for the mans
- rm "${ED%/}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
+ rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
|| die
- rm "${ED%/}"/usr/share/man/man1/init.1 || die
+ rm "${D}"/usr/share/man/man1/init.1 || die
fi
# Preserve empty dirs in /etc & /var, bug #437008
@@ -322,21 +361,11 @@ multilib_src_install_all() {
# If we install these symlinks, there is no way for the sysadmin to remove them
# permanently.
- rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
- rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.network1.service || die
- rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
- rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.resolve1.service || die
- rm -fr "${ED%/}"/etc/systemd/system/network-online.target.wants || die
- rm -fr "${ED%/}"/etc/systemd/system/sockets.target.wants || die
- rm -fr "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
-
- rm -r "${ED%/}${ROOTPREFIX%/}/lib/udev/hwdb.d" || die
-
- if [[ ! -e "${ED%/}"/usr/lib/systemd/systemd ]]; then
- # Avoid breaking boot/reboot
- dosym "../../..${ROOTPREFIX%/}/lib/systemd/systemd" /usr/lib/systemd/systemd
- dosym "../../..${ROOTPREFIX%/}/lib/systemd/systemd-shutdown" /usr/lib/systemd/systemd-shutdown
- fi
+ rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
+ rm -f "${D}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
+ rm -r "${D}"/etc/systemd/system/network-online.target.wants || die
+ rm -r "${D}"/etc/systemd/system/sockets.target.wants || die
+ rm -r "${D}"/etc/systemd/system/sysinit.target.wants || die
}
migrate_locale() {
@@ -383,19 +412,6 @@ migrate_locale() {
fi
}
-pkg_preinst() {
- # If /lib/systemd and /usr/lib/systemd are the same directory, remove the
- # symlinks we created in src_install.
- if [[ $(realpath "${EROOT%/}${ROOTPREFIX}/lib/systemd") == $(realpath "${EROOT%/}/usr/lib/systemd") ]]; then
- if [[ -L ${ED%/}/usr/lib/systemd/systemd ]]; then
- rm "${ED%/}/usr/lib/systemd/systemd" || die
- fi
- if [[ -L ${ED%/}/usr/lib/systemd/systemd-shutdown ]]; then
- rm "${ED%/}/usr/lib/systemd/systemd-shutdown" || die
- fi
- fi
-}
-
pkg_postinst() {
newusergroup() {
enewgroup "$1"
@@ -403,7 +419,6 @@ pkg_postinst() {
}
enewgroup input
- enewgroup kvm 78
enewgroup systemd-journal
newusergroup systemd-bus-proxy
newusergroup systemd-coredump
@@ -419,7 +434,7 @@ pkg_postinst() {
# Keep this here in case the database format changes so it gets updated
# when required. Despite that this file is owned by sys-apps/hwids.
if has_version "sys-apps/hwids[udev]"; then
- udevadm hwdb --update --root="${EROOT%/}"
+ udevadm hwdb --update --root="${ROOT%/}"
fi
udev_reload || FAIL=1
diff --git a/sys-apps/systemd/systemd-235.ebuild b/sys-apps/systemd/systemd-235-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-235.ebuild
rename to sys-apps/systemd/systemd-235-r1.ebuild
index 6fe34a0809b..2bb192a49e2 100644
--- a/sys-apps/systemd/systemd-235.ebuild
+++ b/sys-apps/systemd/systemd-235-r1.ebuild
@@ -150,6 +150,7 @@ src_prepare() {
local PATCHES=(
"${FILESDIR}"/235-0001-test-skip-hwdb-and-sysv-generator-if-the-features-ar.patch
"${FILESDIR}"/235-0002-networkd-Don-t-stop-networkd-if-CONFIG_FIB_RULES-n-i.patch
+ "${FILESDIR}/CVE-2017-15908.patch"
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2017-10-08 14:40 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2017-10-08 14:40 UTC (permalink / raw
To: gentoo-commits
commit: e570678453f45c1d34a3c0cd1e12a14ade8ff9ef
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 8 14:17:16 2017 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Oct 8 14:40:08 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5706784
sys-apps/systemd: bump to 235
Closes: https://bugs.gentoo.org/633656
Package-Manager: Portage-2.3.10_p4, Repoman-2.3.3_p52
sys-apps/systemd/Manifest | 1 +
...wdb-and-sysv-generator-if-the-features-ar.patch | 44 ++++++++++++++++++++++
...sr-lib-systemd-s.patch => generator-path.patch} | 0
sys-apps/systemd/systemd-234-r4.ebuild | 2 +-
.../{systemd-9999.ebuild => systemd-235.ebuild} | 12 ++++--
sys-apps/systemd/systemd-9999.ebuild | 11 ++++--
6 files changed, 61 insertions(+), 9 deletions(-)
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index e4684c7c942..0bfb021bca2 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,3 +1,4 @@
DIST systemd-233-man.tar.gz 31386 SHA256 825e62eb82c4e23997061fc8f56f7ec9bb1e6ac1111d279c76c926cc2bfbf1dc SHA512 cc5215d3590ffc3c9203a64c14d6adeb0148c421c1396b8c1e43dcb58763b687ce99bdee327dd8a00abab7198171e73b22109a3f2032e4cec6adf2dcc85acf40 WHIRLPOOL ff1f36beff377f675047271df38503e8b71d615ea73c5fdfebf465edaf1fe29b4f89e3194d65cdf84eec9b7c3156de597627fdaffa4b86018520aaa127a7a159
DIST systemd-233.tar.gz 4660737 SHA256 8b3e99da3d4164b66581830a7f2436c0c8fe697b5fbdc3927bdb960646be0083 SHA512 5ad5329ea116d973cf67096f7e7ad28e9ea0905696e9451291f1d25e5064f4a9bfcfae87e912996c6a38397e9f4a148d4ccecfa9b70f7ecdf04deadb61784c8e WHIRLPOOL ce19f6a546b8f899cfa952e49d47f063fd29186be4a53391bc30ea2c487eb2c140a74ad843a1dc499bb61bba3e9ca055613852291e38b85af5d79c59409dc176
DIST systemd-234.tar.gz 4800186 SHA256 da3e69d10aa1c983d33833372ad4929037b411ac421fb085c8cee79ae1d80b6a SHA512 762336a7d96c6583cf71cad62efce95a0ed93cd0a0d7251f128d10dba8200c0c8df0e5a7d168179ababa5b221295a231e73b7e7ea2697cb3fb5c1b33538efa68 WHIRLPOOL 9ff9f25ce82514db969a427eee51c0483b2bcaaa611f93c1fc17c356ea25eee712217708c54101ecaafd835cd8ac988b16e8ad411b48541a32442b9a0d148f07
+DIST systemd-235.tar.gz 6586406 SHA256 25811f96f5a027bf2a4c9383495cf5b623e385d84da31e473cf375932b3e9c52 SHA512 243f2eb5340fa37dd1286eaa63e83387bda9e03953af266cd6196a37535a13491482caf14c6ab10608bba4ed23b6c41923608e52017e0c26988ed72ddd2b9993 WHIRLPOOL 05e50b31f7b3b1cd756abd1580dddae0e114953857564133784fc43b9ecd0e203ee534aaf76531ca7af5c43b03b9b73c6cbbbb1caf5afb17502555cc52fe06cd
diff --git a/sys-apps/systemd/files/235-0001-test-skip-hwdb-and-sysv-generator-if-the-features-ar.patch b/sys-apps/systemd/files/235-0001-test-skip-hwdb-and-sysv-generator-if-the-features-ar.patch
new file mode 100644
index 00000000000..bd2b3364369
--- /dev/null
+++ b/sys-apps/systemd/files/235-0001-test-skip-hwdb-and-sysv-generator-if-the-features-ar.patch
@@ -0,0 +1,44 @@
+From c013a410d0ec5f419ce8d53df19946795849591b Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Sun, 8 Oct 2017 09:47:05 -0400
+Subject: [PATCH] test: skip hwdb and sysv-generator if the features are
+ disabled
+
+---
+ test/meson.build | 16 ++++++++++------
+ 1 file changed, 10 insertions(+), 6 deletions(-)
+
+diff --git a/test/meson.build b/test/meson.build
+index 995a97177..c2df7ec22 100644
+--- a/test/meson.build
++++ b/test/meson.build
+@@ -163,9 +163,11 @@ endif
+
+ ############################################################
+
+-sysv_generator_test_py = find_program('sysv-generator-test.py')
+-test('sysv-generator-test',
+- sysv_generator_test_py)
++if conf.get('HAVE_SYSV_COMPAT') == 1
++ sysv_generator_test_py = find_program('sysv-generator-test.py')
++ test('sysv-generator-test',
++ sysv_generator_test_py)
++endif
+
+ ############################################################
+
+@@ -181,6 +183,8 @@ udev_test_pl = find_program('udev-test.pl')
+ test('udev-test',
+ udev_test_pl)
+
+-hwdb_test_sh = find_program('hwdb-test.sh')
+-test('hwdb-test',
+- hwdb_test_sh)
++if conf.get('ENABLE_HWDB') == 1
++ hwdb_test_sh = find_program('hwdb-test.sh')
++ test('hwdb-test',
++ hwdb_test_sh)
++endif
+--
+2.14.2
+
diff --git a/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch b/sys-apps/systemd/files/generator-path.patch
similarity index 100%
rename from sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
rename to sys-apps/systemd/files/generator-path.patch
diff --git a/sys-apps/systemd/systemd-234-r4.ebuild b/sys-apps/systemd/systemd-234-r4.ebuild
index 0085a0578fa..a4c94bd3a96 100644
--- a/sys-apps/systemd/systemd-234-r4.ebuild
+++ b/sys-apps/systemd/systemd-234-r4.ebuild
@@ -148,7 +148,6 @@ src_unpack() {
src_prepare() {
local PATCHES=(
- "${FILESDIR}"/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
"${FILESDIR}"/234-0002-cryptsetup-fix-infinite-timeout-6486.patch
"${FILESDIR}"/234-0003-resolved-make-sure-idn2-conversions-are-roundtrippab.patch
"${FILESDIR}"/234-0004-logind-make-sure-we-don-t-process-the-same-method-ca.patch
@@ -160,6 +159,7 @@ src_prepare() {
"${FILESDIR}/228-noclean-tmp.patch"
"${FILESDIR}/233-systemd-user-pam.patch"
"${FILESDIR}/234-uucp-group.patch"
+ "${FILESDIR}/generator-path.patch"
)
fi
diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-235.ebuild
similarity index 95%
copy from sys-apps/systemd/systemd-9999.ebuild
copy to sys-apps/systemd/systemd-235.ebuild
index 6be7da5ca64..6647d41a680 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-235.ebuild
@@ -148,6 +148,7 @@ src_unpack() {
src_prepare() {
local PATCHES=(
+ "${FILESDIR}"/235-0001-test-skip-hwdb-and-sysv-generator-if-the-features-ar.patch
)
if ! use vanilla; then
@@ -156,6 +157,7 @@ src_prepare() {
"${FILESDIR}/228-noclean-tmp.patch"
"${FILESDIR}/233-systemd-user-pam.patch"
"${FILESDIR}/234-uucp-group.patch"
+ "${FILESDIR}/generator-path.patch"
)
fi
@@ -319,11 +321,13 @@ multilib_src_install_all() {
# If we install these symlinks, there is no way for the sysadmin to remove them
# permanently.
- rm "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
+ rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
+ rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.network1.service || die
rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
- rm -r "${ED%/}"/etc/systemd/system/network-online.target.wants || die
- rm -r "${ED%/}"/etc/systemd/system/sockets.target.wants || die
- rm -r "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
+ rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.resolve1.service || die
+ rm -fr "${ED%/}"/etc/systemd/system/network-online.target.wants || die
+ rm -fr "${ED%/}"/etc/systemd/system/sockets.target.wants || die
+ rm -fr "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
rm -r "${ED%/}${ROOTPREFIX%/}/lib/udev/hwdb.d" || die
diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 6be7da5ca64..3a0d6c4312e 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -156,6 +156,7 @@ src_prepare() {
"${FILESDIR}/228-noclean-tmp.patch"
"${FILESDIR}/233-systemd-user-pam.patch"
"${FILESDIR}/234-uucp-group.patch"
+ "${FILESDIR}/generator-path.patch"
)
fi
@@ -319,11 +320,13 @@ multilib_src_install_all() {
# If we install these symlinks, there is no way for the sysadmin to remove them
# permanently.
- rm "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
+ rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
+ rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.network1.service || die
rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
- rm -r "${ED%/}"/etc/systemd/system/network-online.target.wants || die
- rm -r "${ED%/}"/etc/systemd/system/sockets.target.wants || die
- rm -r "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
+ rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.resolve1.service || die
+ rm -fr "${ED%/}"/etc/systemd/system/network-online.target.wants || die
+ rm -fr "${ED%/}"/etc/systemd/system/sockets.target.wants || die
+ rm -fr "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
rm -r "${ED%/}${ROOTPREFIX%/}/lib/udev/hwdb.d" || die
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2017-08-13 23:08 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2017-08-13 23:08 UTC (permalink / raw
To: gentoo-commits
commit: 3a1a0a2241cc8e2874ff3d85333136fc491b06ec
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 13 23:02:17 2017 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Aug 13 23:07:15 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a1a0a22
sys-apps/systemd: replace uucp sed with a patch
Bug: https://bugs.gentoo.org/625720
Package-Manager: Portage-2.3.6_p34, Repoman-2.3.3_p12
sys-apps/systemd/files/234-uucp-group.patch | 11 +++++++++++
sys-apps/systemd/systemd-234-r2.ebuild | 4 +---
sys-apps/systemd/systemd-9999.ebuild | 4 +---
3 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/sys-apps/systemd/files/234-uucp-group.patch b/sys-apps/systemd/files/234-uucp-group.patch
new file mode 100644
index 00000000000..89cf552c829
--- /dev/null
+++ b/sys-apps/systemd/files/234-uucp-group.patch
@@ -0,0 +1,11 @@
+--- a/rules/50-udev-default.rules.in
++++ b/rules/50-udev-default.rules.in
+@@ -22,7 +22,7 @@
+ SUBSYSTEM=="tty", KERNEL=="ttysclp[0-9]*", GROUP="tty", MODE="0620"
+ SUBSYSTEM=="tty", KERNEL=="3270/tty[0-9]*", GROUP="tty", MODE="0620"
+ SUBSYSTEM=="vc", KERNEL=="vcs*|vcsa*", GROUP="tty"
+-KERNEL=="tty[A-Z]*[0-9]|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", GROUP="dialout"
++KERNEL=="tty[A-Z]*[0-9]|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", GROUP="uucp"
+
+ SUBSYSTEM=="mem", KERNEL=="mem|kmem|port", GROUP="kmem", MODE="0640"
+
diff --git a/sys-apps/systemd/systemd-234-r2.ebuild b/sys-apps/systemd/systemd-234-r2.ebuild
index 9d10c9d3fe4..dceb9eda711 100644
--- a/sys-apps/systemd/systemd-234-r2.ebuild
+++ b/sys-apps/systemd/systemd-234-r2.ebuild
@@ -147,9 +147,6 @@ src_unpack() {
}
src_prepare() {
- # Bug 463376
- sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
-
local PATCHES=(
"${FILESDIR}"/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
)
@@ -159,6 +156,7 @@ src_prepare() {
"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
"${FILESDIR}/228-noclean-tmp.patch"
"${FILESDIR}/233-systemd-user-pam.patch"
+ "${FILESDIR}/234-uucp-group.patch"
)
fi
diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 78c85bbcdd1..835ac073e82 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -147,9 +147,6 @@ src_unpack() {
}
src_prepare() {
- # Bug 463376
- sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
-
local PATCHES=(
)
@@ -158,6 +155,7 @@ src_prepare() {
"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
"${FILESDIR}/228-noclean-tmp.patch"
"${FILESDIR}/233-systemd-user-pam.patch"
+ "${FILESDIR}/234-uucp-group.patch"
)
fi
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2017-07-17 15:28 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2017-07-17 15:28 UTC (permalink / raw
To: gentoo-commits
commit: 3b5be41d4d70c3761351cb4985c7da8f785858c5
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 17 15:27:38 2017 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Jul 17 15:27:38 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3b5be41d
sys-apps/systemd: look for generators in {,/usr}/lib/systemd/system-generators
Bug: https://bugs.gentoo.org/625402
Package-Manager: Portage-2.3.6_p16, Repoman-2.3.2_p84
...-look-for-generators-in-usr-lib-systemd-s.patch | 27 ++++++++++++++++++++++
.../{systemd-234.ebuild => systemd-234-r1.ebuild} | 1 +
2 files changed, 28 insertions(+)
diff --git a/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch b/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
new file mode 100644
index 00000000000..47e2730a7b3
--- /dev/null
+++ b/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
@@ -0,0 +1,27 @@
+From d9287b10d714175521e3bcd6c53de4819b1357c5 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Mon, 17 Jul 2017 11:21:25 -0400
+Subject: [PATCH] path-lookup: look for generators in
+ {,/usr}/lib/systemd/system-generators
+
+Bug: https://bugs.gentoo.org/625402
+---
+ src/shared/path-lookup.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c
+index e2b3f8b74..1ee0e1cdb 100644
+--- a/src/shared/path-lookup.c
++++ b/src/shared/path-lookup.c
+@@ -821,6 +821,8 @@ char **generator_binary_paths(UnitFileScope scope) {
+ return strv_new("/run/systemd/system-generators",
+ "/etc/systemd/system-generators",
+ "/usr/local/lib/systemd/system-generators",
++ "/usr/lib/systemd/system-generators",
++ "/lib/systemd/system-generators",
+ SYSTEM_GENERATOR_PATH,
+ NULL);
+
+--
+2.13.3
+
diff --git a/sys-apps/systemd/systemd-234.ebuild b/sys-apps/systemd/systemd-234-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-234.ebuild
rename to sys-apps/systemd/systemd-234-r1.ebuild
index c80965e1c39..6aaaaf45860 100644
--- a/sys-apps/systemd/systemd-234.ebuild
+++ b/sys-apps/systemd/systemd-234-r1.ebuild
@@ -151,6 +151,7 @@ src_prepare() {
sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
local PATCHES=(
+ "${FILESDIR}"/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2017-07-02 15:56 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2017-07-02 15:56 UTC (permalink / raw
To: gentoo-commits
commit: dc1c5167bcf33b3a500b072f5c40e8c2c7ab57c4
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 2 15:53:46 2017 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Jul 2 15:56:13 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc1c5167
sys-apps/systemd: fix build failure on ia64/alpha
Bug: https://bugs.gentoo.org/623536
Bug: https://bugs.gentoo.org/612102
Package-Manager: Portage-2.3.6_p9, Repoman-2.3.2_p77
sys-apps/systemd/files/233-format-warnings.patch | 84 ++++++++++++++++++++++++
sys-apps/systemd/systemd-233-r3.ebuild | 1 +
2 files changed, 85 insertions(+)
diff --git a/sys-apps/systemd/files/233-format-warnings.patch b/sys-apps/systemd/files/233-format-warnings.patch
new file mode 100644
index 00000000000..7bb08f0a320
--- /dev/null
+++ b/sys-apps/systemd/files/233-format-warnings.patch
@@ -0,0 +1,84 @@
+From 3e7d14d78c4d15ec7789299216cbf5c58e61547b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sat, 3 Jun 2017 05:41:17 -0400
+Subject: [PATCH] sd-bus: silence format warnings in kdbus code (#6072)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The code is mostly correct, but gcc is trying to outsmart us, and emits a
+warning for a "llu vs lu" mismatch, even though they are the same size (on alpha):
+
+src/libsystemd/sd-bus/bus-control.c: In function ‘kernel_get_list’:
+src/libsystemd/sd-bus/bus-control.c:267:42: error: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64 {aka long unsigned int}’ [-Werror=format=]
+ if (asprintf(&n, ":1.%llu", name->id) < 0) {
+ ^
+src/libsystemd/sd-bus/bus-control.c: In function ‘bus_get_name_creds_kdbus’:
+src/libsystemd/sd-bus/bus-control.c:714:47: error: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64 {aka long unsigned int}’ [-Werror=format=]
+ if (asprintf(&c->unique_name, ":1.%llu", conn_info->id) < 0) {
+ ^
+This is hard to work around properly, because kdbus.h uses __u64 which is
+defined-differently-despite-being-the-same-size then uint64_t. Thus the simple
+solution of using %PRIu64 fails on amd64:
+
+src/libsystemd/sd-bus/bus-control.c:714:47: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘__u64 {aka long long unsigned int}’ [-Werror=format=]
+ if (asprintf(&c->unique_name, ":1.%"PRIu64, conn_info->id) < 0) {
+ ^~~~~~
+
+Let's just avoid the whole issue for now by silencing the warning.
+After the next release, we should just get rid of the kdbus code.
+
+Fixes #5561.
+---
+ src/libsystemd/sd-bus/bus-control.c | 6 ++++++
+ src/libsystemd/sd-bus/bus-kernel.c | 2 ++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/src/libsystemd/sd-bus/bus-control.c b/src/libsystemd/sd-bus/bus-control.c
+index 9e58ffbd8..303ae0f23 100644
+--- a/src/libsystemd/sd-bus/bus-control.c
++++ b/src/libsystemd/sd-bus/bus-control.c
+@@ -264,10 +264,13 @@ static int kernel_get_list(sd_bus *bus, uint64_t flags, char ***x) {
+ if ((flags & KDBUS_LIST_UNIQUE) && name->id != previous_id && !(name->flags & KDBUS_HELLO_ACTIVATOR)) {
+ char *n;
+
++#pragma GCC diagnostic push
++#pragma GCC diagnostic ignored "-Wformat"
+ if (asprintf(&n, ":1.%llu", name->id) < 0) {
+ r = -ENOMEM;
+ goto fail;
+ }
++#pragma GCC diagnostic pop
+
+ r = strv_consume(x, n);
+ if (r < 0)
+@@ -711,10 +714,13 @@ int bus_get_name_creds_kdbus(
+ }
+
+ if (mask & SD_BUS_CREDS_UNIQUE_NAME) {
++#pragma GCC diagnostic push
++#pragma GCC diagnostic ignored "-Wformat"
+ if (asprintf(&c->unique_name, ":1.%llu", conn_info->id) < 0) {
+ r = -ENOMEM;
+ goto fail;
+ }
++#pragma GCC diagnostic pop
+
+ c->mask |= SD_BUS_CREDS_UNIQUE_NAME;
+ }
+diff --git a/src/libsystemd/sd-bus/bus-kernel.c b/src/libsystemd/sd-bus/bus-kernel.c
+index c82caeb3f..ca6aee7c0 100644
+--- a/src/libsystemd/sd-bus/bus-kernel.c
++++ b/src/libsystemd/sd-bus/bus-kernel.c
+@@ -51,6 +51,8 @@
+ #include "user-util.h"
+ #include "util.h"
+
++#pragma GCC diagnostic ignored "-Wformat"
++
+ #define UNIQUE_NAME_MAX (3+DECIMAL_STR_MAX(uint64_t))
+
+ int bus_kernel_parse_unique_name(const char *s, uint64_t *id) {
+--
+2.13.2
+
diff --git a/sys-apps/systemd/systemd-233-r3.ebuild b/sys-apps/systemd/systemd-233-r3.ebuild
index 8210bd8a2f9..ab19c28efc0 100644
--- a/sys-apps/systemd/systemd-233-r3.ebuild
+++ b/sys-apps/systemd/systemd-233-r3.ebuild
@@ -155,6 +155,7 @@ src_prepare() {
local PATCHES=(
"${FILESDIR}/233-0001-Avoid-strict-DM-interface-version-dependencies-5519.patch"
"${FILESDIR}/233-CVE-2017-9445.patch"
+ "${FILESDIR}/233-format-warnings.patch"
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2017-06-28 20:31 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2017-06-28 20:31 UTC (permalink / raw
To: gentoo-commits
commit: e9a542b09cb0ee4c3b085881190bed393f4ece03
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 28 20:30:47 2017 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Jun 28 20:31:08 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e9a542b0
sys-apps/systemd: update CVE-2017-9445 patch after upstream revert
Package-Manager: Portage-2.3.6_p9, Repoman-2.3.2_p77
sys-apps/systemd/files/233-CVE-2017-9445.patch | 29 ----------------------
...systemd-233-r2.ebuild => systemd-233-r3.ebuild} | 0
2 files changed, 29 deletions(-)
diff --git a/sys-apps/systemd/files/233-CVE-2017-9445.patch b/sys-apps/systemd/files/233-CVE-2017-9445.patch
index a05c41f47b6..22a366ceba0 100644
--- a/sys-apps/systemd/files/233-CVE-2017-9445.patch
+++ b/sys-apps/systemd/files/233-CVE-2017-9445.patch
@@ -147,32 +147,3 @@ index 3abcaf8cf..5dff272fd 100644
int n_ref;
--
2.13.1
-
-
-From 415871d88e0c44acf8b90dc07245809087a65d2c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Wed, 28 Jun 2017 12:24:37 -0400
-Subject: [PATCH 4/4] resolved: drop unnecessary comparison (#6220)
-
-mtu is always greater than UDP_PACKET_HEADER_SIZE at this point.
-Pointed out by Benjamin Robin.
----
- src/resolve/resolved-dns-packet.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
-index e2285b440..738d4cc8f 100644
---- a/src/resolve/resolved-dns-packet.c
-+++ b/src/resolve/resolved-dns-packet.c
-@@ -57,7 +57,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
- if (mtu < UDP_PACKET_HEADER_SIZE)
- a = DNS_PACKET_SIZE_START;
- else
-- a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
-+ a = mtu;
-
- /* round up to next page size */
- a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
---
-2.13.1
-
diff --git a/sys-apps/systemd/systemd-233-r2.ebuild b/sys-apps/systemd/systemd-233-r3.ebuild
similarity index 100%
rename from sys-apps/systemd/systemd-233-r2.ebuild
rename to sys-apps/systemd/systemd-233-r3.ebuild
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2017-01-10 22:22 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2017-01-10 22:22 UTC (permalink / raw
To: gentoo-commits
commit: de560673b0254d41cc9ba910df222cf558ceafe3
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 10 22:15:58 2017 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Tue Jan 10 22:22:54 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=de560673
sys-apps/systemd: fix build with gperf-3.1
Bug: https://bugs.gentoo.org/605022
Package-Manager: Portage-2.3.3_p25, Repoman-2.3.1_p18
...eck-for-lz4-in-the-old-and-new-numbering.patch} | 12 +-
...dd-check-for-gperf-lookup-function-signat.patch | 302 +++++++++++++++++++++
sys-apps/systemd/systemd-232.ebuild | 3 +-
3 files changed, 310 insertions(+), 7 deletions(-)
diff --git a/sys-apps/systemd/files/232-lz4-version.patch b/sys-apps/systemd/files/232-0001-build-sys-check-for-lz4-in-the-old-and-new-numbering.patch
similarity index 83%
rename from sys-apps/systemd/files/232-lz4-version.patch
rename to sys-apps/systemd/files/232-0001-build-sys-check-for-lz4-in-the-old-and-new-numbering.patch
index d99ceda..788f0aa 100644
--- a/sys-apps/systemd/files/232-lz4-version.patch
+++ b/sys-apps/systemd/files/232-0001-build-sys-check-for-lz4-in-the-old-and-new-numbering.patch
@@ -1,8 +1,8 @@
-From 3d4cf7de48a74726694abbaa09f9804b845ff3ba Mon Sep 17 00:00:00 2001
+From 63621678f44325b4c48574f9c9d7a3c499d1a608 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 23 Nov 2016 10:18:30 -0500
-Subject: [PATCH] build-sys: check for lz4 in the old and new numbering scheme
- (#4717)
+Subject: [PATCH 1/2] build-sys: check for lz4 in the old and new numbering
+ scheme (#4717)
lz4 upstream decided to switch to an incompatible numbering scheme
(1.7.3 follows 131, to match the so version).
@@ -19,12 +19,12 @@ Fixed #4690.
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
-index 65eaae1ae..5979de4dc 100644
+index 0b10fc7de..1928e65bd 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -621,10 +621,13 @@ AM_CONDITIONAL(HAVE_BZIP2, [test "$have_bzip2" = "yes"])
+@@ -623,10 +623,13 @@ AM_CONDITIONAL(HAVE_BZIP2, [test "$have_bzip2" = "yes"])
have_lz4=no
- AC_ARG_ENABLE(lz4, AS_HELP_STRING([--disable-lz4], [disable optional LZ4 support]))
+ AC_ARG_ENABLE(lz4, AS_HELP_STRING([--disable-lz4], [Disable optional LZ4 support]))
AS_IF([test "x$enable_lz4" != "xno"], [
- PKG_CHECK_MODULES(LZ4, [ liblz4 >= 125 ],
- [AC_DEFINE(HAVE_LZ4, 1, [Define in LZ4 is available])
diff --git a/sys-apps/systemd/files/232-0002-build-sys-add-check-for-gperf-lookup-function-signat.patch b/sys-apps/systemd/files/232-0002-build-sys-add-check-for-gperf-lookup-function-signat.patch
new file mode 100644
index 00000000..440ec75
--- /dev/null
+++ b/sys-apps/systemd/files/232-0002-build-sys-add-check-for-gperf-lookup-function-signat.patch
@@ -0,0 +1,302 @@
+From 016fb3b83b861cfe58694996076a9764dcb46475 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppymaster@gmail.com>
+Date: Tue, 10 Jan 2017 02:39:05 -0500
+Subject: [PATCH 2/2] build-sys: add check for gperf lookup function signature
+ (#5055)
+
+gperf-3.1 generates lookup functions that take a size_t length
+parameter instead of unsigned int. Test for this at configure time.
+
+Fixes: https://github.com/systemd/systemd/issues/5039
+---
+ configure.ac | 22 ++++++++++++++++++++++
+ src/basic/af-list.c | 2 +-
+ src/basic/arphrd-list.c | 2 +-
+ src/basic/cap-list.c | 2 +-
+ src/basic/errno-list.c | 2 +-
+ src/core/load-fragment.h | 2 +-
+ src/journal/journald-server.h | 2 +-
+ src/login/logind.h | 2 +-
+ src/network/networkd-conf.h | 2 +-
+ src/network/networkd-netdev.h | 2 +-
+ src/network/networkd-network.h | 2 +-
+ src/nspawn/nspawn-settings.h | 2 +-
+ src/resolve/dns-type.c | 2 +-
+ src/resolve/resolved-conf.h | 2 +-
+ src/test/test-af-list.c | 2 +-
+ src/test/test-arphrd-list.c | 2 +-
+ src/timesync/timesyncd-conf.h | 2 +-
+ src/udev/net/link-config.h | 2 +-
+ src/udev/udev-builtin-keyboard.c | 2 +-
+ 19 files changed, 40 insertions(+), 18 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 1928e65bd..5c639e32d 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -258,6 +258,28 @@ AC_CHECK_SIZEOF(rlim_t,,[
+ #include <sys/resource.h>
+ ])
+
++GPERF_TEST="$(echo foo,bar | ${GPERF} -L ANSI-C)"
++
++AC_COMPILE_IFELSE(
++ [AC_LANG_PROGRAM([
++ #include <string.h>
++ const char * in_word_set(const char *, size_t);
++ $GPERF_TEST]
++ )],
++ [GPERF_LEN_TYPE=size_t],
++ [AC_COMPILE_IFELSE(
++ [AC_LANG_PROGRAM([
++ #include <string.h>
++ const char * in_word_set(const char *, unsigned);
++ $GPERF_TEST]
++ )],
++ [GPERF_LEN_TYPE=unsigned],
++ [AC_MSG_ERROR([** unable to determine gperf len type])]
++ )]
++)
++
++AC_DEFINE_UNQUOTED([GPERF_LEN_TYPE], [$GPERF_LEN_TYPE], [gperf len type])
++
+ # ------------------------------------------------------------------------------
+ # we use python to build the man page index
+ have_python=no
+diff --git a/src/basic/af-list.c b/src/basic/af-list.c
+index 3fac9c508..4b291d177 100644
+--- a/src/basic/af-list.c
++++ b/src/basic/af-list.c
+@@ -23,7 +23,7 @@
+ #include "af-list.h"
+ #include "macro.h"
+
+-static const struct af_name* lookup_af(register const char *str, register unsigned int len);
++static const struct af_name* lookup_af(register const char *str, register GPERF_LEN_TYPE len);
+
+ #include "af-from-name.h"
+ #include "af-to-name.h"
+diff --git a/src/basic/arphrd-list.c b/src/basic/arphrd-list.c
+index 6792d1ee3..2d598dc66 100644
+--- a/src/basic/arphrd-list.c
++++ b/src/basic/arphrd-list.c
+@@ -23,7 +23,7 @@
+ #include "arphrd-list.h"
+ #include "macro.h"
+
+-static const struct arphrd_name* lookup_arphrd(register const char *str, register unsigned int len);
++static const struct arphrd_name* lookup_arphrd(register const char *str, register GPERF_LEN_TYPE len);
+
+ #include "arphrd-from-name.h"
+ #include "arphrd-to-name.h"
+diff --git a/src/basic/cap-list.c b/src/basic/cap-list.c
+index 3e773a06f..d68cc78d0 100644
+--- a/src/basic/cap-list.c
++++ b/src/basic/cap-list.c
+@@ -26,7 +26,7 @@
+ #include "parse-util.h"
+ #include "util.h"
+
+-static const struct capability_name* lookup_capability(register const char *str, register unsigned int len);
++static const struct capability_name* lookup_capability(register const char *str, register GPERF_LEN_TYPE len);
+
+ #include "cap-from-name.h"
+ #include "cap-to-name.h"
+diff --git a/src/basic/errno-list.c b/src/basic/errno-list.c
+index 31b66bad5..c6a01eec8 100644
+--- a/src/basic/errno-list.c
++++ b/src/basic/errno-list.c
+@@ -23,7 +23,7 @@
+ #include "macro.h"
+
+ static const struct errno_name* lookup_errno(register const char *str,
+- register unsigned int len);
++ register GPERF_LEN_TYPE len);
+
+ #include "errno-from-name.h"
+ #include "errno-to-name.h"
+diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h
+index c05f205c3..ede6b1f73 100644
+--- a/src/core/load-fragment.h
++++ b/src/core/load-fragment.h
+@@ -118,7 +118,7 @@ int config_parse_user_group(const char *unit, const char *filename, unsigned lin
+ int config_parse_user_group_strv(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+
+ /* gperf prototypes */
+-const struct ConfigPerfItem* load_fragment_gperf_lookup(const char *key, unsigned length);
++const struct ConfigPerfItem* load_fragment_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
+ extern const char load_fragment_gperf_nulstr[];
+
+ typedef enum Disabled {
+diff --git a/src/journal/journald-server.h b/src/journal/journald-server.h
+index 99d91496b..d1520c45d 100644
+--- a/src/journal/journald-server.h
++++ b/src/journal/journald-server.h
+@@ -179,7 +179,7 @@ void server_dispatch_message(Server *s, struct iovec *iovec, unsigned n, unsigne
+ void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) _printf_(3,0) _sentinel_;
+
+ /* gperf lookup function */
+-const struct ConfigPerfItem* journald_gperf_lookup(const char *key, unsigned length);
++const struct ConfigPerfItem* journald_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
+
+ int config_parse_storage(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+
+diff --git a/src/login/logind.h b/src/login/logind.h
+index 086fa1eeb..7556ee2e4 100644
+--- a/src/login/logind.h
++++ b/src/login/logind.h
+@@ -182,7 +182,7 @@ int manager_unit_is_active(Manager *manager, const char *unit);
+ int manager_job_is_active(Manager *manager, const char *path);
+
+ /* gperf lookup function */
+-const struct ConfigPerfItem* logind_gperf_lookup(const char *key, unsigned length);
++const struct ConfigPerfItem* logind_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
+
+ int manager_set_lid_switch_ignore(Manager *m, usec_t until);
+
+diff --git a/src/network/networkd-conf.h b/src/network/networkd-conf.h
+index c7bfb42a7..00ddb7672 100644
+--- a/src/network/networkd-conf.h
++++ b/src/network/networkd-conf.h
+@@ -23,7 +23,7 @@
+
+ int manager_parse_config_file(Manager *m);
+
+-const struct ConfigPerfItem* networkd_gperf_lookup(const char *key, unsigned length);
++const struct ConfigPerfItem* networkd_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
+
+ int config_parse_duid_type(
+ const char *unit,
+diff --git a/src/network/networkd-netdev.h b/src/network/networkd-netdev.h
+index 70ff947b9..37c743121 100644
+--- a/src/network/networkd-netdev.h
++++ b/src/network/networkd-netdev.h
+@@ -175,7 +175,7 @@ NetDevKind netdev_kind_from_string(const char *d) _pure_;
+ int config_parse_netdev_kind(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+
+ /* gperf */
+-const struct ConfigPerfItem* network_netdev_gperf_lookup(const char *key, unsigned length);
++const struct ConfigPerfItem* network_netdev_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
+
+ /* Macros which append INTERFACE= to the message */
+
+diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h
+index 42fc82d39..09c3b3a3a 100644
+--- a/src/network/networkd-network.h
++++ b/src/network/networkd-network.h
+@@ -236,7 +236,7 @@ int config_parse_dhcp_route_table(const char *unit, const char *filename, unsign
+ /* Legacy IPv4LL support */
+ int config_parse_ipv4ll(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+
+-const struct ConfigPerfItem* network_network_gperf_lookup(const char *key, unsigned length);
++const struct ConfigPerfItem* network_network_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
+
+ extern const sd_bus_vtable network_vtable[];
+
+diff --git a/src/nspawn/nspawn-settings.h b/src/nspawn/nspawn-settings.h
+index 231e6d726..4ae34f8e2 100644
+--- a/src/nspawn/nspawn-settings.h
++++ b/src/nspawn/nspawn-settings.h
+@@ -103,7 +103,7 @@ bool settings_private_network(Settings *s);
+
+ DEFINE_TRIVIAL_CLEANUP_FUNC(Settings*, settings_free);
+
+-const struct ConfigPerfItem* nspawn_gperf_lookup(const char *key, unsigned length);
++const struct ConfigPerfItem* nspawn_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
+
+ int config_parse_capability(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+ int config_parse_id128(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+diff --git a/src/resolve/dns-type.c b/src/resolve/dns-type.c
+index aaf5ed62c..d89ae28dc 100644
+--- a/src/resolve/dns-type.c
++++ b/src/resolve/dns-type.c
+@@ -29,7 +29,7 @@ typedef const struct {
+ } dns_type;
+
+ static const struct dns_type_name *
+-lookup_dns_type (register const char *str, register unsigned int len);
++lookup_dns_type (register const char *str, register GPERF_LEN_TYPE len);
+
+ #include "dns_type-from-name.h"
+ #include "dns_type-to-name.h"
+diff --git a/src/resolve/resolved-conf.h b/src/resolve/resolved-conf.h
+index fc425a36b..8184d6cad 100644
+--- a/src/resolve/resolved-conf.h
++++ b/src/resolve/resolved-conf.h
+@@ -41,7 +41,7 @@ int manager_parse_search_domains_and_warn(Manager *m, const char *string);
+ int manager_add_dns_server_by_string(Manager *m, DnsServerType type, const char *word);
+ int manager_parse_dns_server_string_and_warn(Manager *m, DnsServerType type, const char *string);
+
+-const struct ConfigPerfItem* resolved_gperf_lookup(const char *key, unsigned length);
++const struct ConfigPerfItem* resolved_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
+
+ int config_parse_dns_servers(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+ int config_parse_search_domains(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+diff --git a/src/test/test-af-list.c b/src/test/test-af-list.c
+index aeaa0929b..e2479133d 100644
+--- a/src/test/test-af-list.c
++++ b/src/test/test-af-list.c
+@@ -24,7 +24,7 @@
+ #include "string-util.h"
+ #include "util.h"
+
+-static const struct af_name* lookup_af(register const char *str, register unsigned int len);
++static const struct af_name* lookup_af(register const char *str, register GPERF_LEN_TYPE len);
+
+ #include "af-from-name.h"
+ #include "af-list.h"
+diff --git a/src/test/test-arphrd-list.c b/src/test/test-arphrd-list.c
+index f3989ad20..8f4f342fa 100644
+--- a/src/test/test-arphrd-list.c
++++ b/src/test/test-arphrd-list.c
+@@ -24,7 +24,7 @@
+ #include "string-util.h"
+ #include "util.h"
+
+-static const struct arphrd_name* lookup_arphrd(register const char *str, register unsigned int len);
++static const struct arphrd_name* lookup_arphrd(register const char *str, register GPERF_LEN_TYPE len);
+
+ #include "arphrd-from-name.h"
+ #include "arphrd-list.h"
+diff --git a/src/timesync/timesyncd-conf.h b/src/timesync/timesyncd-conf.h
+index cba0724b1..0280697e9 100644
+--- a/src/timesync/timesyncd-conf.h
++++ b/src/timesync/timesyncd-conf.h
+@@ -22,7 +22,7 @@
+ #include "conf-parser.h"
+ #include "timesyncd-manager.h"
+
+-const struct ConfigPerfItem* timesyncd_gperf_lookup(const char *key, unsigned length);
++const struct ConfigPerfItem* timesyncd_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
+
+ int manager_parse_server_string(Manager *m, ServerType type, const char *string);
+
+diff --git a/src/udev/net/link-config.h b/src/udev/net/link-config.h
+index 91cc0357c..b0d8ceb76 100644
+--- a/src/udev/net/link-config.h
++++ b/src/udev/net/link-config.h
+@@ -93,7 +93,7 @@ const char *mac_policy_to_string(MACPolicy p) _const_;
+ MACPolicy mac_policy_from_string(const char *p) _pure_;
+
+ /* gperf lookup function */
+-const struct ConfigPerfItem* link_config_gperf_lookup(const char *key, unsigned length);
++const struct ConfigPerfItem* link_config_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
+
+ int config_parse_mac_policy(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+ int config_parse_name_policy(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+diff --git a/src/udev/udev-builtin-keyboard.c b/src/udev/udev-builtin-keyboard.c
+index aa10beafb..09024116f 100644
+--- a/src/udev/udev-builtin-keyboard.c
++++ b/src/udev/udev-builtin-keyboard.c
+@@ -29,7 +29,7 @@
+ #include "string-util.h"
+ #include "udev.h"
+
+-static const struct key *keyboard_lookup_key(const char *str, unsigned len);
++static const struct key *keyboard_lookup_key(const char *str, GPERF_LEN_TYPE len);
+ #include "keyboard-keys-from-name.h"
+
+ static int install_force_release(struct udev_device *dev, const unsigned *release, unsigned release_count) {
+--
+2.11.0
+
diff --git a/sys-apps/systemd/systemd-232.ebuild b/sys-apps/systemd/systemd-232.ebuild
index d2e71ed..76f1738 100644
--- a/sys-apps/systemd/systemd-232.ebuild
+++ b/sys-apps/systemd/systemd-232.ebuild
@@ -150,7 +150,8 @@ src_prepare() {
sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
local PATCHES=(
- "${FILESDIR}/232-lz4-version.patch"
+ "${FILESDIR}"/232-0001-build-sys-check-for-lz4-in-the-old-and-new-numbering.patch
+ "${FILESDIR}"/232-0002-build-sys-add-check-for-gperf-lookup-function-signat.patch
)
if ! use vanilla; then
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2017-01-10 22:22 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2017-01-10 22:22 UTC (permalink / raw
To: gentoo-commits
commit: af7ef4577540518eb2849449d38036c222e9bc2e
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 10 22:22:20 2017 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Tue Jan 10 22:22:54 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=af7ef457
sys-apps/systemd: remove old
Package-Manager: Portage-2.3.3_p25, Repoman-2.3.1_p18
sys-apps/systemd/Manifest | 1 -
...k-for-__BYTE_ORDER-__BIG_ENDIAN-when-chec.patch | 116 ------
...icitly-include-endian.h-wherever-we-want-.patch | 53 ---
...e-MD-from-block-device-ownership-event-lo.patch | 54 ---
sys-apps/systemd/files/216-lz4-build.patch | 19 -
.../systemd/files/216-tmpfiles-setup-dev.patch | 21 -
.../systemd/files/217-systemd-consoled.service.in | 15 -
sys-apps/systemd/files/218-noclean-tmp.patch | 28 --
.../224-0001-networkd-fix-neworkd-crash.patch | 28 --
...e-getxpid-syscall-on-alpha-for-raw_getpid.patch | 30 --
sys-apps/systemd/files/229-sysmacros.patch | 79 ----
sys-apps/systemd/files/compile-unifont.py | 119 ------
| 34 --
sys-apps/systemd/metadata.xml | 2 -
sys-apps/systemd/systemd-218-r5.ebuild | 463 ---------------------
15 files changed, 1062 deletions(-)
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 2a3528a..7d29069 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,4 +1,3 @@
-DIST systemd-218.tar.xz 3782276 SHA256 1b0768b53b6c6d813a93a4b8fe1f80cf53561b09075010a97c7aa08eee3fd59b SHA512 c183cce8532ccb4716b84587c96a626eea390202a5469b9d89c8cee7f703e40d7c584e05f29501d375b8cd2a1409d011de564df16f54e27f66b3c3007a6e5bd4 WHIRLPOOL 4d0bcf3ddfecd3354d9f4ab13851f8da6baf31e89e64d3b1ac671159f16f23597d88cc2525aece2f867c140fc97e80bce086a5af91f84b8095e2503c13995e6d
DIST systemd-226.tar.gz 3914162 SHA256 baff6a938c5579769330d0224280bf1a1ff5920151d7201545fc9880b6326c67 SHA512 565331661e7d144dcdf1505f9a1a70b20a9b904567478593a8fa47ed18f9eb68a9339cf32f117ede994676a84d0cfe3fcedbc9b8d8c964445b741a32271e5584 WHIRLPOOL 9f0d7b761ad84f0bb557a22738d7fcc1b6515340db776790d9199401017747a62c24de214300c1f00fb33f86284f3498cadbece713d6e66a30903475f6bce273
DIST systemd-231-man.tar.gz 29466 SHA256 aecf91c13333e1791d026b82360d55b4783f8d281c6e80bfe9d6bbf0bac633e4 SHA512 6c359f88da3e5dc01745f7255c021aafe495d9ca16c74277cbcfa05a6903093ec2c4746a34504d04f2aff464eeaa5518519577c831a08f4336552c6b6e05fdfd WHIRLPOOL 55371b404bfc945abc38d4cef5c555223abbee0993d56b506c896a851ba9ce283f0a020fe24ea273d3674f8a9dbe79b843d32eed93a59b2597b7bad113fbc3e1
DIST systemd-231.tar.gz 4381464 SHA256 899733ad6c157cedbb89aec4efe3bc824dcfd65a1d6f6bebc7b043f7924e39b4 SHA512 199fa33a0494d1d15f7fe3c796fe14913ad386766571d4d3fbb1cb1c446e04f6d06a965213be4c594a7183e810fc2fd4804fe14f64f21b0a1278b717889811c6 WHIRLPOOL 7779291e9fb9873cb1773b8583cf6d4b7dec837363ea89c4a73c1e397a76752b66f8b57d8fc4d9cef768cc1855b5e325ad88a8a69eb5380aa924e0a6dead41b1
diff --git a/sys-apps/systemd/files/215-0001-always-check-for-__BYTE_ORDER-__BIG_ENDIAN-when-chec.patch b/sys-apps/systemd/files/215-0001-always-check-for-__BYTE_ORDER-__BIG_ENDIAN-when-chec.patch
deleted file mode 100644
index b29c10d..00000000
--- a/sys-apps/systemd/files/215-0001-always-check-for-__BYTE_ORDER-__BIG_ENDIAN-when-chec.patch
+++ /dev/null
@@ -1,116 +0,0 @@
-From 28f6bb18cdea297164763db94e2366ca4857c9c7 Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Fri, 11 Jul 2014 15:56:16 +0200
-Subject: [PATCH 1/2] always check for __BYTE_ORDER == __BIG_ENDIAN when
- checking for endianess
-
-Let's always stick to glibc's way to determine byte order, and not mix
-autoconf-specific checks with gcc checks.
----
- src/shared/architecture.h | 12 ++++++------
- src/shared/gpt.h | 4 ++--
- src/shared/time-dst.c | 6 +++---
- 3 files changed, 11 insertions(+), 11 deletions(-)
-
-diff --git a/src/shared/architecture.h b/src/shared/architecture.h
-index 4821d5d..58e97e5 100644
---- a/src/shared/architecture.h
-+++ b/src/shared/architecture.h
-@@ -80,7 +80,7 @@ Architecture uname_architecture(void);
- # define native_architecture() ARCHITECTURE_X86
- # define LIB_ARCH_TUPLE "i386-linux-gnu"
- #elif defined(__powerpc64__)
--# if defined(WORDS_BIGENDIAN)
-+# if __BYTE_ORDER == __BIG_ENDIAN
- # define native_architecture() ARCHITECTURE_PPC64
- # define LIB_ARCH_TUPLE "ppc64-linux-gnu"
- # else
-@@ -88,7 +88,7 @@ Architecture uname_architecture(void);
- # error "Missing LIB_ARCH_TUPLE for PPC64LE"
- # endif
- #elif defined(__powerpc__)
--# if defined(WORDS_BIGENDIAN)
-+# if __BYTE_ORDER == __BIG_ENDIAN
- # define native_architecture() ARCHITECTURE_PPC
- # define LIB_ARCH_TUPLE "powerpc-linux-gnu"
- # else
-@@ -117,7 +117,7 @@ Architecture uname_architecture(void);
- # define native_architecture() ARCHITECTURE_SPARC
- # define LIB_ARCH_TUPLE "sparc-linux-gnu"
- #elif defined(__mips64__)
--# if defined(WORDS_BIGENDIAN)
-+# if __BYTE_ORDER == __BIG_ENDIAN
- # define native_architecture() ARCHITECTURE_MIPS64
- # error "Missing LIB_ARCH_TUPLE for MIPS64"
- # else
-@@ -125,7 +125,7 @@ Architecture uname_architecture(void);
- # error "Missing LIB_ARCH_TUPLE for MIPS64_LE"
- # endif
- #elif defined(__mips__)
--# if defined(WORDS_BIGENDIAN)
-+# if __BYTE_ORDER == __BIG_ENDIAN
- # define native_architecture() ARCHITECTURE_MIPS
- # define LIB_ARCH_TUPLE "mips-linux-gnu"
- # else
-@@ -136,7 +136,7 @@ Architecture uname_architecture(void);
- # define native_architecture() ARCHITECTURE_ALPHA
- # define LIB_ARCH_TUPLE "alpha-linux-gnu"
- #elif defined(__aarch64__)
--# if defined(WORDS_BIGENDIAN)
-+# if __BYTE_ORDER == __BIG_ENDIAN
- # define native_architecture() ARCHITECTURE_ARM64_BE
- # define LIB_ARCH_TUPLE "aarch64_be-linux-gnu"
- # else
-@@ -144,7 +144,7 @@ Architecture uname_architecture(void);
- # define LIB_ARCH_TUPLE "aarch64-linux-gnu"
- # endif
- #elif defined(__arm__)
--# if defined(WORDS_BIGENDIAN)
-+# if __BYTE_ORDER == __BIG_ENDIAN
- # define native_architecture() ARCHITECTURE_ARM_BE
- # if defined(__ARM_EABI__)
- # if defined(__ARM_PCS_VFP)
-diff --git a/src/shared/gpt.h b/src/shared/gpt.h
-index 64090e0..278940b 100644
---- a/src/shared/gpt.h
-+++ b/src/shared/gpt.h
-@@ -42,10 +42,10 @@
- # define GPT_ROOT_NATIVE GPT_ROOT_X86
- #endif
-
--#if defined(__aarch64__) && !defined(WORDS_BIGENDIAN)
-+#if defined(__aarch64__) && (__BYTE_ORDER != __BIG_ENDIAN)
- # define GPT_ROOT_NATIVE GPT_ROOT_ARM_64
- # define GPT_ROOT_SECONDARY GPT_ROOT_ARM
--#elif defined(__arm__) && !defined(WORDS_BIGENDIAN)
-+#elif defined(__arm__) && (__BYTE_ORDER != __BIG_ENDIAN)
- # define GPT_ROOT_NATIVE GPT_ROOT_ARM
- #endif
-
-diff --git a/src/shared/time-dst.c b/src/shared/time-dst.c
-index ceca2fa..6195b11 100644
---- a/src/shared/time-dst.c
-+++ b/src/shared/time-dst.c
-@@ -207,8 +207,8 @@ read_again:
- if (type_idxs[i] >= num_types)
- return -EINVAL;
-
-- if (BYTE_ORDER == BIG_ENDIAN ? sizeof(time_t) == 8 && trans_width == 4
-- : sizeof(time_t) == 4 || trans_width == 4) {
-+ if (__BYTE_ORDER == __BIG_ENDIAN ? sizeof(time_t) == 8 && trans_width == 4
-+ : sizeof(time_t) == 4 || trans_width == 4) {
- /* Decode the transition times, stored as 4-byte integers in
- network (big-endian) byte order. We work from the end of
- the array so as not to clobber the next element to be
-@@ -216,7 +216,7 @@ read_again:
- i = num_transitions;
- while (i-- > 0)
- transitions[i] = decode((char *)transitions + i * 4);
-- } else if (BYTE_ORDER != BIG_ENDIAN && sizeof(time_t) == 8) {
-+ } else if (__BYTE_ORDER != __BIG_ENDIAN && sizeof(time_t) == 8) {
- /* Decode the transition times, stored as 8-byte integers in
- network (big-endian) byte order. */
- for (i = 0; i < num_transitions; ++i)
---
-1.8.5.5
-
diff --git a/sys-apps/systemd/files/215-0002-endian-explicitly-include-endian.h-wherever-we-want-.patch b/sys-apps/systemd/files/215-0002-endian-explicitly-include-endian.h-wherever-we-want-.patch
deleted file mode 100644
index 71acac1..00000000
--- a/sys-apps/systemd/files/215-0002-endian-explicitly-include-endian.h-wherever-we-want-.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 2281422746c00d2803911f2b4699eee6bc87ee04 Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Fri, 11 Jul 2014 16:13:13 +0200
-Subject: [PATCH 2/2] endian: explicitly include endian.h wherever we want to
- use __BYTE_ORDER
-
----
- src/libsystemd/sd-bus/bus-protocol.h | 1 +
- src/shared/architecture.h | 2 ++
- src/shared/gpt.h | 2 ++
- 3 files changed, 5 insertions(+)
-
-diff --git a/src/libsystemd/sd-bus/bus-protocol.h b/src/libsystemd/sd-bus/bus-protocol.h
-index 5046d17..4f46468 100644
---- a/src/libsystemd/sd-bus/bus-protocol.h
-+++ b/src/libsystemd/sd-bus/bus-protocol.h
-@@ -21,6 +21,7 @@
- along with systemd; If not, see <http://www.gnu.org/licenses/>.
- ***/
-
-+#include <endian.h>
-
- /* Endianness */
-
-diff --git a/src/shared/architecture.h b/src/shared/architecture.h
-index 58e97e5..38780d1 100644
---- a/src/shared/architecture.h
-+++ b/src/shared/architecture.h
-@@ -21,6 +21,8 @@
- along with systemd; If not, see <http://www.gnu.org/licenses/>.
- ***/
-
-+#include <endian.h>
-+
- #include "util.h"
-
- /* A cleaned up architecture definition. We don't want to get lost in
-diff --git a/src/shared/gpt.h b/src/shared/gpt.h
-index 278940b..ef3444f 100644
---- a/src/shared/gpt.h
-+++ b/src/shared/gpt.h
-@@ -19,6 +19,8 @@
- along with systemd; If not, see <http://www.gnu.org/licenses/>.
- ***/
-
-+#include <endian.h>
-+
- #include "sd-id128.h"
-
- /* We only support root disk discovery for x86, x86-64 and ARM for
---
-1.8.5.5
-
diff --git a/sys-apps/systemd/files/215-0003-udev-exclude-MD-from-block-device-ownership-event-lo.patch b/sys-apps/systemd/files/215-0003-udev-exclude-MD-from-block-device-ownership-event-lo.patch
deleted file mode 100644
index c730242..00000000
--- a/sys-apps/systemd/files/215-0003-udev-exclude-MD-from-block-device-ownership-event-lo.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 9d17a215fb30cb3e49db516a39c9bec2159004a7 Mon Sep 17 00:00:00 2001
-From: Kay Sievers <kay@vrfy.org>
-Date: Thu, 24 Jul 2014 23:37:35 +0200
-Subject: [PATCH 3/3] udev: exclude MD from block device ownership event
- locking
-
-MD instantiates devices at open(). This is incomptible with the
-locking logic, as the "change" event emitted when stopping a
-device will bring it back.
----
- src/udev/udevd.c | 23 +++++++----------------
- 1 file changed, 7 insertions(+), 16 deletions(-)
-
-diff --git a/src/udev/udevd.c b/src/udev/udevd.c
-index a45d324..db935d6 100644
---- a/src/udev/udevd.c
-+++ b/src/udev/udevd.c
-@@ -285,26 +285,17 @@ static void worker_new(struct event *event)
- udev_event->exec_delay = exec_delay;
-
- /*
-- * Take a "read lock" on the device node; this establishes
-+ * Take a shared lock on the device node; this establishes
- * a concept of device "ownership" to serialize device
-- * access. External processes holding a "write lock" will
-+ * access. External processes holding an exclusive lock will
- * cause udev to skip the event handling; in the case udev
-- * acquired the lock, the external process will block until
-+ * acquired the lock, the external process can block until
- * udev has finished its event handling.
- */
--
-- /*
-- * <kabi_> since we make check - device seems unused - we try
-- * ioctl to deactivate - and device is found to be opened
-- * <kay> sure, you try to take a write lock
-- * <kay> if you get it udev is out
-- * <kay> if you can't get it, udev is busy
-- * <kabi_> we cannot deactivate openned device (as it is in-use)
-- * <kay> maybe we should just exclude dm from that thing entirely
-- * <kabi_> IMHO this sounds like a good plan for this moment
-- */
-- if (streq_ptr("block", udev_device_get_subsystem(dev)) &&
-- !startswith(udev_device_get_sysname(dev), "dm-")) {
-+ if (!streq_ptr(udev_device_get_action(dev), "remove") &&
-+ streq_ptr("block", udev_device_get_subsystem(dev)) &&
-+ !startswith(udev_device_get_sysname(dev), "dm-") &&
-+ !startswith(udev_device_get_sysname(dev), "md")) {
- struct udev_device *d = dev;
-
- if (streq_ptr("partition", udev_device_get_devtype(d)))
---
-1.8.5.5
-
diff --git a/sys-apps/systemd/files/216-lz4-build.patch b/sys-apps/systemd/files/216-lz4-build.patch
deleted file mode 100644
index 65fe45c..00000000
--- a/sys-apps/systemd/files/216-lz4-build.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-commit 10893a5cfa7d792ba171282c2ec46b85ed6aae0c
-Author: Gustavo Sverzut Barbieri <gustavo.barbieri@intel.com>
-Date: Thu Sep 25 18:08:02 2014 -0300
-
- journal: build fix when LZ4 is enabled but XZ is not
-
-diff --git a/src/journal/journal-file.h b/src/journal/journal-file.h
-index da2ef3b..6b4bf0d 100644
---- a/src/journal/journal-file.h
-+++ b/src/journal/journal-file.h
-@@ -78,7 +78,7 @@ typedef struct JournalFile {
-
- Hashmap *chain_cache;
-
--#ifdef HAVE_XZ
-+#if defined(HAVE_XZ) || defined(HAVE_LZ4)
- void *compress_buffer;
- size_t compress_buffer_size;
- #endif
diff --git a/sys-apps/systemd/files/216-tmpfiles-setup-dev.patch b/sys-apps/systemd/files/216-tmpfiles-setup-dev.patch
deleted file mode 100644
index 1fa4a3e..00000000
--- a/sys-apps/systemd/files/216-tmpfiles-setup-dev.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-From 8c94052ee543c3598a3c7b0c46688150aa2c6168 Mon Sep 17 00:00:00 2001
-From: Tom Gundersen <teg@jklm.no>
-Date: Mon, 27 Oct 2014 17:15:42 +0100
-Subject: units: tmpfiles-setup-dev - allow unsafe file creation to happen in
- /dev at boot
-
-This will allow us to mark static device nodes with '!' to indicate that they should only be created at early boot.
-
-diff --git a/units/systemd-tmpfiles-setup-dev.service.in b/units/systemd-tmpfiles-setup-dev.service.in
-index f3833fd..0123a03 100644
---- a/units/systemd-tmpfiles-setup-dev.service.in
-+++ b/units/systemd-tmpfiles-setup-dev.service.in
-@@ -17,4 +17,4 @@ ConditionCapability=CAP_SYS_MODULE
- [Service]
- Type=oneshot
- RemainAfterExit=yes
--ExecStart=@rootbindir@/systemd-tmpfiles --prefix=/dev --create
-+ExecStart=@rootbindir@/systemd-tmpfiles --prefix=/dev --create --boot
---
-cgit v0.10.2
-
diff --git a/sys-apps/systemd/files/217-systemd-consoled.service.in b/sys-apps/systemd/files/217-systemd-consoled.service.in
deleted file mode 100644
index fd7938a..00000000
--- a/sys-apps/systemd/files/217-systemd-consoled.service.in
+++ /dev/null
@@ -1,15 +0,0 @@
-# This file is part of systemd.
-#
-# systemd is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation; either version 2.1 of the License, or
-# (at your option) any later version.
-
-[Unit]
-Description=Console Manager and Terminal Emulator
-
-[Service]
-Type=notify
-Restart=always
-RestartSec=0
-ExecStart=@rootlibexecdir@/systemd-consoled
diff --git a/sys-apps/systemd/files/218-noclean-tmp.patch b/sys-apps/systemd/files/218-noclean-tmp.patch
deleted file mode 100644
index b02e5c8..00000000
--- a/sys-apps/systemd/files/218-noclean-tmp.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 63e5f76a91e2401e8a6227d0d8ae5e75dd2213b0 Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Fri, 25 Sep 2015 10:26:18 -0400
-Subject: [PATCH] tmpfiles: Disable cleaning of /tmp and /var/tmp
-
-Bug: https://bugs.gentoo.org/490676
----
- tmpfiles.d/tmp.conf | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/tmpfiles.d/tmp.conf b/tmpfiles.d/tmp.conf
-index b80dab4..241fad5 100644
---- a/tmpfiles.d/tmp.conf
-+++ b/tmpfiles.d/tmp.conf
-@@ -8,8 +8,8 @@
- # See tmpfiles.d(5) for details
-
- # Clear tmp directories separately, to make them easier to override
--d /tmp 1777 root root 10d
--d /var/tmp 1777 root root 30d
-+d /tmp 1777 root root
-+d /var/tmp 1777 root root
-
- # Exclude namespace mountpoints created with PrivateTmp=yes
- x /tmp/systemd-private-%b-*
---
-2.5.3
-
diff --git a/sys-apps/systemd/files/224-0001-networkd-fix-neworkd-crash.patch b/sys-apps/systemd/files/224-0001-networkd-fix-neworkd-crash.patch
deleted file mode 100644
index 0e73dde..00000000
--- a/sys-apps/systemd/files/224-0001-networkd-fix-neworkd-crash.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 49f6e11e89b46bacf7b26f6da3921abc1c2faa80 Mon Sep 17 00:00:00 2001
-From: Susant Sahani <ssahani@gmail.com>
-Date: Sun, 2 Aug 2015 00:16:02 +0530
-Subject: [PATCH] networkd: fix neworkd crash
-
-fix issue #827
-
-hostname should be init to NULL.
----
- src/network/networkd-dhcp4.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c
-index 4aa301b..5454bdd 100644
---- a/src/network/networkd-dhcp4.c
-+++ b/src/network/networkd-dhcp4.c
-@@ -468,7 +468,7 @@ static int dhcp_lease_acquired(sd_dhcp_client *client, Link *link) {
- }
-
- if (link->network->dhcp_hostname) {
-- const char *hostname;
-+ const char *hostname = NULL;
-
- if (!link->network->hostname)
- r = sd_dhcp_lease_get_hostname(lease, &hostname);
---
-2.5.0
-
diff --git a/sys-apps/systemd/files/224-0002-Use-getxpid-syscall-on-alpha-for-raw_getpid.patch b/sys-apps/systemd/files/224-0002-Use-getxpid-syscall-on-alpha-for-raw_getpid.patch
deleted file mode 100644
index 40e2d1c..00000000
--- a/sys-apps/systemd/files/224-0002-Use-getxpid-syscall-on-alpha-for-raw_getpid.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From a242a99d42276b6b764f80bd0de70c26e5c5f1d4 Mon Sep 17 00:00:00 2001
-From: Matt Turner <mattst88@gmail.com>
-Date: Tue, 4 Aug 2015 14:47:01 -0700
-Subject: [PATCH] Use getxpid syscall on alpha for raw_getpid()
-
-Alpha does not have a getpid syscall, but rather has getxpid to match
-OSF/1.
----
- src/basic/missing.h | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/basic/missing.h b/src/basic/missing.h
-index ed6cd80..34ab025 100644
---- a/src/basic/missing.h
-+++ b/src/basic/missing.h
-@@ -977,7 +977,11 @@ static inline int raw_clone(unsigned long flags, void *child_stack) {
- }
-
- static inline pid_t raw_getpid(void) {
-+#if defined(__alpha__)
-+ return (pid_t) syscall(__NR_getxpid);
-+#else
- return (pid_t) syscall(__NR_getpid);
-+#endif
- }
-
- #if !HAVE_DECL_RENAMEAT2
---
-2.5.0
-
diff --git a/sys-apps/systemd/files/229-sysmacros.patch b/sys-apps/systemd/files/229-sysmacros.patch
deleted file mode 100644
index 7b0dfbf..00000000
--- a/sys-apps/systemd/files/229-sysmacros.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From 27d13af71c3af6b2f9b60556d2c046dbb6e36e23 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Mon, 14 Mar 2016 17:44:49 -0400
-Subject: [PATCH] include sys/sysmacros.h in more places
-
-Since glibc is moving away from implicitly including sys/sysmacros.h
-all the time via sys/types.h, include the header directly in more
-places. This seems to cover most makedev/major/minor usage.
----
- src/basic/macro.h | 1 +
- src/basic/util.h | 1 +
- src/libudev/libudev.h | 1 +
- src/systemd/sd-device.h | 1 +
- src/udev/udev.h | 1 +
- 5 files changed, 5 insertions(+)
-
-diff --git a/src/basic/macro.h b/src/basic/macro.h
-index c34441d..b36a956 100644
---- a/src/basic/macro.h
-+++ b/src/basic/macro.h
-@@ -23,6 +23,7 @@
- #include <inttypes.h>
- #include <stdbool.h>
- #include <sys/param.h>
-+#include <sys/sysmacros.h>
- #include <sys/types.h>
-
- #define _printf_(a,b) __attribute__ ((format (printf, a, b)))
-diff --git a/src/basic/util.h b/src/basic/util.h
-index e095254..286db05 100644
---- a/src/basic/util.h
-+++ b/src/basic/util.h
-@@ -36,6 +36,7 @@
- #include <sys/socket.h>
- #include <sys/stat.h>
- #include <sys/statfs.h>
-+#include <sys/sysmacros.h>
- #include <sys/types.h>
- #include <time.h>
- #include <unistd.h>
-diff --git a/src/libudev/libudev.h b/src/libudev/libudev.h
-index eb58740..3f6d0ed 100644
---- a/src/libudev/libudev.h
-+++ b/src/libudev/libudev.h
-@@ -21,6 +21,7 @@
- #define _LIBUDEV_H_
-
- #include <stdarg.h>
-+#include <sys/sysmacros.h>
- #include <sys/types.h>
-
- #ifdef __cplusplus
-diff --git a/src/systemd/sd-device.h b/src/systemd/sd-device.h
-index 5bfca6e..c1d0756 100644
---- a/src/systemd/sd-device.h
-+++ b/src/systemd/sd-device.h
-@@ -22,6 +22,7 @@
- ***/
-
- #include <inttypes.h>
-+#include <sys/sysmacros.h>
- #include <sys/types.h>
-
- #include "_sd-common.h"
-diff --git a/src/udev/udev.h b/src/udev/udev.h
-index 5659051..8433e8d 100644
---- a/src/udev/udev.h
-+++ b/src/udev/udev.h
-@@ -19,6 +19,7 @@
- */
-
- #include <sys/param.h>
-+#include <sys/sysmacros.h>
- #include <sys/types.h>
-
- #include "libudev.h"
---
-2.8.1
-
diff --git a/sys-apps/systemd/files/compile-unifont.py b/sys-apps/systemd/files/compile-unifont.py
deleted file mode 100644
index 5464c53..00000000
--- a/sys-apps/systemd/files/compile-unifont.py
+++ /dev/null
@@ -1,119 +0,0 @@
-# -*- Mode: python; coding: utf-8; indent-tabs-mode: nil -*- */
-#
-# This file is part of systemd.
-#
-# Copyright 2013-2014 David Herrmann <dh.herrmann@gmail.com>
-#
-# systemd is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation; either version 2.1 of the License, or
-# (at your option) any later version.
-#
-# systemd is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with systemd; If not, see <http://www.gnu.org/licenses/>.
-
-#
-# Parse a unifont.hex file and produce a compressed binary-format.
-#
-
-from __future__ import print_function
-import re
-import sys
-import fileinput
-import struct
-
-#
-# Write "bits" array as binary output.
-#
-
-
-write = getattr(sys.stdout, 'buffer', sys.stdout).write
-
-def write_bin_entry(entry):
- l = len(entry)
- if l != 32 and l != 64:
- entry = "0" * 64
- l = 0
- elif l < 64:
- entry += "0" * (64 - l)
-
- write(struct.pack('B', int(l / 32))) # width
- write(struct.pack('B', 0)) # padding
- write(struct.pack('H', 0)) # padding
- write(struct.pack('I', 0)) # padding
-
- i = 0
- for j in range(0, 16):
- for k in range(0, 2):
- if l <= k * 16 * 2:
- c = 0
- else:
- c = int(entry[i:i+2], 16)
- i += 2
-
- write(struct.pack('B', c))
-
-def write_bin(bits):
- write(struct.pack('B', 0x44)) # ASCII: 'D'
- write(struct.pack('B', 0x56)) # ASCII: 'V'
- write(struct.pack('B', 0x44)) # ASCII: 'D'
- write(struct.pack('B', 0x48)) # ASCII: 'H'
- write(struct.pack('B', 0x52)) # ASCII: 'R'
- write(struct.pack('B', 0x4d)) # ASCII: 'M'
- write(struct.pack('B', 0x55)) # ASCII: 'U'
- write(struct.pack('B', 0x46)) # ASCII: 'F'
- write(struct.pack('<I', 0)) # compatible-flags
- write(struct.pack('<I', 0)) # incompatible-flags
- write(struct.pack('<I', 32)) # header-size
- write(struct.pack('<H', 8)) # glyph-header-size
- write(struct.pack('<H', 2)) # glyph-stride
- write(struct.pack('<Q', 32)) # glyph-body-size
-
- # write glyphs
- for idx in range(len(bits)):
- write_bin_entry(bits[idx])
-
-#
-# Parse hex file into "bits" array
-#
-
-def parse_hex_line(bits, line):
- m = re.match(r"^([0-9A-Fa-f]+):([0-9A-Fa-f]+)$", line)
- if m == None:
- return
-
- idx = int(m.group(1), 16)
- val = m.group(2)
-
- # insert skipped lines
- for i in range(len(bits), idx):
- bits.append("")
-
- bits.insert(idx, val)
-
-def parse_hex():
- bits = []
-
- for line in sys.stdin:
- if not line:
- continue
- if line.startswith("#"):
- continue
-
- parse_hex_line(bits, line)
-
- return bits
-
-#
-# In normal mode we simply read line by line from standard-input and write the
-# binary-file to standard-output.
-#
-
-if __name__ == "__main__":
- bits = parse_hex()
- write_bin(bits)
diff --git a/sys-apps/systemd/files/linux-headers-if.h.patch b/sys-apps/systemd/files/linux-headers-if.h.patch
deleted file mode 100644
index d0c38a9..00000000
--- a/sys-apps/systemd/files/linux-headers-if.h.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 96b90055e1e21417d4beb973fcb62858d7c69c17 Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Sat, 9 Apr 2016 18:07:02 -0400
-Subject: [PATCH] Work around net/if.h / linux/if.h conflict
-
----
- src/shared/firewall-util.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c
-index 0d3da2e..521e09c 100644
---- a/src/shared/firewall-util.c
-+++ b/src/shared/firewall-util.c
-@@ -17,14 +17,16 @@
- along with systemd; If not, see <http://www.gnu.org/licenses/>.
- ***/
-
-+#define _NET_IF_H 1
-+
- #include <alloca.h>
- #include <arpa/inet.h>
- #include <endian.h>
- #include <errno.h>
--#include <net/if.h>
- #include <stddef.h>
- #include <string.h>
- #include <sys/socket.h>
-+#include <linux/if.h>
- #include <linux/netfilter_ipv4/ip_tables.h>
- #include <linux/netfilter/nf_nat.h>
- #include <linux/netfilter/xt_addrtype.h>
---
-2.8.1
-
diff --git a/sys-apps/systemd/metadata.xml b/sys-apps/systemd/metadata.xml
index d616b8f..9970bd1 100644
--- a/sys-apps/systemd/metadata.xml
+++ b/sys-apps/systemd/metadata.xml
@@ -19,7 +19,6 @@
<flag name="elfutils">Enable coredump stacktraces in the journal</flag>
<!-- TODO: drop reference to systemd-import once the oldest release in tree is >218 -->
<flag name="gcrypt">Enable sealing of journal files using gcrypt; required to build systemd-import/systemd-pull</flag>
- <flag name="gudev">enable libudev gobject interface</flag>
<flag name="http">Enable embedded HTTP server in journald</flag>
<flag name="importd">Enable import daemon</flag>
<flag name="kdbus">Connect to kernel dbus (KDBUS) instead of userspace dbus if available</flag>
@@ -28,7 +27,6 @@
<flag name="nat">Enable support for network address translation in networkd</flag>
<flag name="qrcode">Enable qrcode output support in journal</flag>
<flag name="sysv-utils">Install sysvinit compatibility symlinks and manpages for init, telinit, halt, poweroff, reboot, runlevel, and shutdown</flag>
- <flag name="terminal">Enable experimental userspace virtual terminal support</flag>
<flag name="vanilla">Disable Gentoo-specific behavior and compatibility quirks</flag>
<flag name="xkb">Validate XKB keymap in logind</flag>
</use>
diff --git a/sys-apps/systemd/systemd-218-r5.ebuild b/sys-apps/systemd/systemd-218-r5.ebuild
deleted file mode 100644
index 5ac5db2..00000000
--- a/sys-apps/systemd/systemd-218-r5.ebuild
+++ /dev/null
@@ -1,463 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-AUTOTOOLS_PRUNE_LIBTOOL_FILES=all
-PYTHON_COMPAT=( python{2_7,3_4} )
-inherit autotools-utils bash-completion-r1 linux-info multilib \
- multilib-minimal pam python-single-r1 systemd toolchain-funcs udev \
- user
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-SRC_URI="https://www.freedesktop.org/software/systemd/${P}.tar.xz"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-KEYWORDS="alpha amd64 arm ia64 ppc ppc64 sparc x86"
-IUSE="acl apparmor audit cryptsetup curl doc elfutils gcrypt gudev http
- idn introspection kdbus +kmod +lz4 lzma pam policykit python qrcode +seccomp
- selinux ssl sysv-utils terminal test vanilla xkb"
-
-MINKV="3.8"
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.25:0=
- sys-libs/libcap:0=
- !<sys-libs/glibc-2.16
- acl? ( sys-apps/acl:0= )
- apparmor? ( sys-libs/libapparmor:0= )
- audit? ( >=sys-process/audit-2:0= )
- cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
- curl? ( net-misc/curl:0= )
- elfutils? ( >=dev-libs/elfutils-0.158:0= )
- gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
- gudev? ( >=dev-libs/glib-2.34.3:2=[${MULTILIB_USEDEP}] )
- http? (
- >=net-libs/libmicrohttpd-0.9.33:0=
- ssl? ( >=net-libs/gnutls-3.1.4:0= )
- )
- idn? ( net-dns/libidn:0= )
- introspection? ( >=dev-libs/gobject-introspection-1.31.1:0= )
- kmod? ( >=sys-apps/kmod-15:0= )
- lz4? ( >=app-arch/lz4-0_p119:0=[${MULTILIB_USEDEP}] )
- lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
- pam? ( virtual/pam:= )
- python? ( ${PYTHON_DEPS} )
- qrcode? ( media-gfx/qrencode:0= )
- seccomp? ( sys-libs/libseccomp:0= )
- selinux? ( sys-libs/libselinux:0= )
- sysv-utils? (
- !sys-apps/systemd-sysv-utils
- !sys-apps/sysvinit )
- terminal? ( >=dev-libs/libevdev-1.2:0=
- >=x11-libs/libxkbcommon-0.5:0=
- >=x11-libs/libdrm-2.4:0= )
- xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
- abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
- >=sys-apps/baselayout-2.2
- !sys-auth/nss-myhostname
- !sys-fs/eudev
- !sys-fs/udev
- gudev? ( !dev-libs/libgudev )"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.6.8-r1:0[systemd]
- >=sys-apps/hwids-20130717-r1[udev]
- >=sys-fs/udev-init-scripts-25
- policykit? ( sys-auth/polkit )
- !vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
- app-arch/xz-utils:0
- dev-util/gperf
- >=dev-util/intltool-0.50
- >=sys-apps/coreutils-8.16
- >=sys-devel/binutils-2.23.1
- >=sys-devel/gcc-4.6
- >=sys-kernel/linux-headers-${MINKV}
- ia64? ( >=sys-kernel/linux-headers-3.9 )
- virtual/pkgconfig
- doc? ( >=dev-util/gtk-doc-1.18 )
- python? ( dev-python/lxml[${PYTHON_USEDEP}] )
- test? ( >=sys-apps/dbus-1.6.8-r1:0 )"
-
-PATCHES=(
- "${FILESDIR}/218-Dont-enable-audit-by-default.patch"
- "${FILESDIR}/218-noclean-tmp.patch"
-)
-
-pkg_pretend() {
- local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
- ~DEVPTS_MULTIPLE_INSTANCES ~DEVTMPFS ~DMIID ~EPOLL ~FANOTIFY ~FHANDLE
- ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SECCOMP ~SIGNALFD ~SYSFS
- ~TIMERFD ~TMPFS_XATTR ~UNIX
- ~!FW_LOADER_USER_HELPER ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
- ~!SYSFS_DEPRECATED_V2"
-
- use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
- kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
-
- if linux_config_exists; then
- local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
- if [ -n "${uevent_helper_path}" ] && [ "${uevent_helper_path}" != '""' ]; then
- ewarn "It's recommended to set an empty value to the following kernel config option:"
- ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
- fi
- fi
-
- if [[ ${MERGE_TYPE} != binary ]]; then
- if [[ $(gcc-major-version) -lt 4
- || ( $(gcc-major-version) -eq 4 && $(gcc-minor-version) -lt 6 ) ]]
- then
- eerror "systemd requires at least gcc 4.6 to build. Please switch the active"
- eerror "gcc version using gcc-config."
- die "systemd requires at least gcc 4.6"
- fi
- fi
-
- if [[ ${MERGE_TYPE} != buildonly ]]; then
- if kernel_is -lt ${MINKV//./ }; then
- ewarn "Kernel version at least ${MINKV} required"
- fi
-
- check_extra_config
- fi
-}
-
-pkg_setup() {
- use python && python-single-r1_pkg_setup
-}
-
-src_prepare() {
- # Bug 463376
- sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
-
- # missing in tarball
- cp "${FILESDIR}"/217-systemd-consoled.service.in \
- units/user/systemd-consoled.service.in || die
-
- autotools-utils_src_prepare
-}
-
-src_configure() {
- # Keep using the one where the rules were installed.
- MY_UDEVDIR=$(get_udevdir)
- # Fix systems broken by bug #509454.
- [[ ${MY_UDEVDIR} ]] || MY_UDEVDIR=/lib/udev
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myeconfargs=(
- # disable -flto since it is an optimization flag
- # and makes distcc less effective
- cc_cv_CFLAGS__flto=no
-
- # Workaround for bug 516346
- --enable-dependency-tracking
-
- --disable-maintainer-mode
- --localstatedir=/var
- --with-pamlibdir=$(getpam_mod_dir)
- # avoid bash-completion dep
- --with-bashcompletiondir="$(get_bashcompdir)"
- # make sure we get /bin:/sbin in $PATH
- --enable-split-usr
- # For testing.
- --with-rootprefix="${ROOTPREFIX-/usr}"
- --with-rootlibdir="${ROOTPREFIX-/usr}/$(get_libdir)"
- # disable sysv compatibility
- --with-sysvinit-path=
- --with-sysvrcnd-path=
- # no deps
- --enable-efi
- --enable-ima
-
- # Optional components/dependencies
- $(multilib_native_use_enable acl)
- $(multilib_native_use_enable apparmor)
- $(multilib_native_use_enable audit)
- $(multilib_native_use_enable cryptsetup libcryptsetup)
- $(multilib_native_use_enable curl libcurl)
- $(multilib_native_use_enable doc gtk-doc)
- $(multilib_native_use_enable elfutils)
- $(use_enable gcrypt)
- $(use_enable gudev)
- $(multilib_native_use_enable http microhttpd)
- $(usex http $(multilib_native_use_enable ssl gnutls) --disable-gnutls)
- $(multilib_native_use_enable idn libidn)
- $(multilib_native_use_enable introspection)
- $(use_enable kdbus)
- $(multilib_native_use_enable kmod)
- $(use_enable lz4)
- $(use_enable lzma xz)
- $(multilib_native_use_enable pam)
- $(multilib_native_use_enable policykit polkit)
- $(multilib_native_use_with python)
- $(multilib_native_use_enable python python-devel)
- $(multilib_native_use_enable qrcode qrencode)
- $(multilib_native_use_enable seccomp)
- $(multilib_native_use_enable selinux)
- $(multilib_native_use_enable terminal)
- $(multilib_native_use_enable test tests)
- $(multilib_native_use_enable test dbus)
- $(multilib_native_use_enable xkb xkbcommon)
-
- # not supported (avoid automagic deps in the future)
- --disable-chkconfig
-
- # hardcode a few paths to spare some deps
- QUOTAON=/usr/sbin/quotaon
- QUOTACHECK=/usr/sbin/quotacheck
-
- # dbus paths
- --with-dbuspolicydir="${EPREFIX}/etc/dbus-1/system.d"
- --with-dbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services"
- --with-dbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services"
- --with-dbusinterfacedir="${EPREFIX}/usr/share/dbus-1/interfaces"
-
- --with-ntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
- )
-
- if ! multilib_is_native_abi; then
- myeconfargs+=(
- MOUNT_{CFLAGS,LIBS}=' '
-
- ac_cv_search_cap_init=
- ac_cv_header_sys_capability_h=yes
- )
- fi
-
- # Work around bug 463846.
- tc-export CC
-
- autotools-utils_src_configure
-}
-
-multilib_src_compile() {
- local mymakeopts=(
- udevlibexecdir="${MY_UDEVDIR}"
- )
-
- if multilib_is_native_abi; then
- emake "${mymakeopts[@]}"
- else
- # prerequisites for gudev
- use gudev && emake src/gudev/gudev{enumtypes,marshal}.{c,h}
-
- echo 'gentoo: $(BUILT_SOURCES)' | \
- emake "${mymakeopts[@]}" -f Makefile -f - gentoo
- echo 'gentoo: $(lib_LTLIBRARIES) $(pkgconfiglib_DATA)' | \
- emake "${mymakeopts[@]}" -f Makefile -f - gentoo
- fi
-}
-
-multilib_src_test() {
- multilib_is_native_abi || continue
-
- default
-}
-
-multilib_src_install() {
- local mymakeopts=(
- # automake fails with parallel libtool relinking
- # https://bugs.gentoo.org/show_bug.cgi?id=491398
- -j1
-
- udevlibexecdir="${MY_UDEVDIR}"
- dist_udevhwdb_DATA=
- DESTDIR="${D}"
- )
-
- if multilib_is_native_abi; then
- emake "${mymakeopts[@]}" install
- else
- mymakeopts+=(
- install-libLTLIBRARIES
- install-pkgconfiglibDATA
- install-includeHEADERS
- # safe to call unconditionally, 'installs' empty list
- install-libgudev_includeHEADERS
- install-pkgincludeHEADERS
- )
-
- emake "${mymakeopts[@]}"
- fi
-
- # install compat pkg-config files
- # Change dbus to >=sys-apps/dbus-1.8.8 if/when this is dropped.
- local pcfiles=( src/compat-libs/libsystemd-{daemon,id128,journal,login}.pc )
- emake "${mymakeopts[@]}" install-pkgconfiglibDATA \
- pkgconfiglib_DATA="${pcfiles[*]}"
-}
-
-multilib_src_install_all() {
- prune_libtool_files --modules
- einstalldocs
-
- if use sysv-utils; then
- for app in halt poweroff reboot runlevel shutdown telinit; do
- dosym "..${ROOTPREFIX-/usr}/bin/systemctl" /sbin/${app}
- done
- dosym "..${ROOTPREFIX-/usr}/lib/systemd/systemd" /sbin/init
- else
- # we just keep sysvinit tools, so no need for the mans
- rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
- || die
- rm "${D}"/usr/share/man/man1/init.1 || die
- fi
-
- # Disable storing coredumps in journald, bug #433457
- mv "${D}"/usr/lib/sysctl.d/50-coredump.conf{,.disabled} || die
-
- # Preserve empty dirs in /etc & /var, bug #437008
- keepdir /etc/binfmt.d /etc/modules-load.d /etc/tmpfiles.d \
- /etc/systemd/ntp-units.d /etc/systemd/user /var/lib/systemd \
- /var/log/journal/remote
-
- # Symlink /etc/sysctl.conf for easy migration.
- dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
-
- # If we install these symlinks, there is no way for the sysadmin to remove them
- # permanently.
- rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
- rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
- rm -r "${D}"/etc/systemd/system/network-online.target.wants || die
- rm -r "${D}"/etc/systemd/system/sysinit.target.wants || die
-}
-
-migrate_locale() {
- local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
- local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
- local locale_conf="${EROOT%/}/etc/locale.conf"
-
- if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
- # If locale.conf does not exist...
- if [[ -e ${envd_locale} ]]; then
- # ...either copy env.d/??locale if there's one
- ebegin "Moving ${envd_locale} to ${locale_conf}"
- mv "${envd_locale}" "${locale_conf}"
- eend ${?} || FAIL=1
- else
- # ...or create a dummy default
- ebegin "Creating ${locale_conf}"
- cat > "${locale_conf}" <<-EOF
- # This file has been created by the sys-apps/systemd ebuild.
- # See locale.conf(5) and localectl(1).
-
- # LANG=${LANG}
- EOF
- eend ${?} || FAIL=1
- fi
- fi
-
- if [[ ! -L ${envd_locale} ]]; then
- # now, if env.d/??locale is not a symlink (to locale.conf)...
- if [[ -e ${envd_locale} ]]; then
- # ...warn the user that he has duplicate locale settings
- ewarn
- ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
- ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
- ewarn "and create the symlink with the following command:"
- ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
- ewarn
- else
- # ...or just create the symlink if there's nothing here
- ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
- ln -n -s ../locale.conf "${envd_locale_def}"
- eend ${?} || FAIL=1
- fi
- fi
-}
-
-migrate_net_name_slot() {
- # If user has disabled 80-net-name-slot.rules using a empty file or a symlink to /dev/null,
- # do the same for 80-net-setup-link.rules to keep the old behavior
- local net_move=no
- local net_name_slot_sym=no
- local net_rules_path="${EROOT%/}"/etc/udev/rules.d
- local net_name_slot="${net_rules_path}"/80-net-name-slot.rules
- local net_setup_link="${net_rules_path}"/80-net-setup-link.rules
- if [[ -e ${net_setup_link} ]]; then
- net_move=no
- elif [[ -f ${net_name_slot} && $(sed -e "/^#/d" -e "/^\W*$/d" ${net_name_slot} | wc -l) == 0 ]]; then
- net_move=yes
- elif [[ -L ${net_name_slot} && $(readlink ${net_name_slot}) == /dev/null ]]; then
- net_move=yes
- net_name_slot_sym=yes
- fi
- if [[ ${net_move} == yes ]]; then
- ebegin "Copying ${net_name_slot} to ${net_setup_link}"
-
- if [[ ${net_name_slot_sym} == yes ]]; then
- ln -nfs /dev/null "${net_setup_link}"
- else
- cp "${net_name_slot}" "${net_setup_link}"
- fi
- eend $? || FAIL=1
- fi
-}
-
-pkg_postinst() {
- newusergroup() {
- enewgroup "$1"
- enewuser "$1" -1 -1 -1 "$1"
- }
-
- enewgroup input
- enewgroup systemd-journal
- newusergroup systemd-bus-proxy
- newusergroup systemd-journal-gateway
- newusergroup systemd-journal-remote
- newusergroup systemd-journal-upload
- newusergroup systemd-network
- newusergroup systemd-resolve
- newusergroup systemd-timesync
- use http && newusergroup systemd-journal-gateway
-
- systemd_update_catalog
-
- # Keep this here in case the database format changes so it gets updated
- # when required. Despite that this file is owned by sys-apps/hwids.
- if has_version "sys-apps/hwids[udev]"; then
- udevadm hwdb --update --root="${ROOT%/}"
- fi
-
- udev_reload || FAIL=1
-
- # Bug 465468, make sure locales are respect, and ensure consistency
- # between OpenRC & systemd
- migrate_locale
-
- # Migrate 80-net-name-slot.rules -> 80-net-setup-link.rules
- migrate_net_name_slot
-
- if [[ ${FAIL} ]]; then
- eerror "One of the postinst commands failed. Please check the postinst output"
- eerror "for errors. You may need to clean up your system and/or try installing"
- eerror "systemd again."
- eerror
- fi
-
- if [[ $(readlink "${ROOT}"/etc/resolv.conf) == */run/systemd/network/resolv.conf ]]; then
- ewarn "resolv.conf is now generated by systemd-resolved. To use it, enable"
- ewarn "systemd-resolved.service, and create a symlink from /etc/resolv.conf"
- ewarn "to /run/systemd/resolve/resolv.conf"
- ewarn
- fi
-}
-
-pkg_prerm() {
- # If removing systemd completely, remove the catalog database.
- if [[ ! ${REPLACED_BY_VERSION} ]]; then
- rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
- fi
-}
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2016-11-04 1:06 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2016-11-04 1:06 UTC (permalink / raw
To: gentoo-commits
commit: 8e4e49d41e1a128a609bb4ec7646b79c5f7e8f7e
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 3 19:52:02 2016 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Fri Nov 4 01:05:57 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e4e49d4
sys-apps/systemd: add sample nsswitch.conf
Package-Manager: portage-2.3.2_p3
sys-apps/systemd/files/nsswitch.conf | 27 +++++++++++++++++++++++++++
sys-apps/systemd/systemd-9999.ebuild | 1 +
2 files changed, 28 insertions(+)
diff --git a/sys-apps/systemd/files/nsswitch.conf b/sys-apps/systemd/files/nsswitch.conf
new file mode 100644
index 00000000..00667c0
--- /dev/null
+++ b/sys-apps/systemd/files/nsswitch.conf
@@ -0,0 +1,27 @@
+# Sample nss configuration for systemd
+
+# systemd-specific modules
+# See the manual pages fore further information.
+# nss-myhostname - host resolution for the local hostname
+# nss-mymachines - host, user, group resolution for containers
+# nss-resolve - host resolution using resolved
+# nss-systemd - dynamic user/group resolution (DynamicUser in unit files)
+
+passwd: compat mymachines systemd
+shadow: compat
+group: compat mymachines systemd
+gshadow: files
+
+hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
+networks: files
+
+services: db files
+protocols: db files
+rpc: db files
+ethers: db files
+netmasks: files
+netgroup: files
+bootparams: files
+
+automount: files
+aliases: files
diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 0083535..5835868 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -326,6 +326,7 @@ multilib_src_install() {
multilib_src_install_all() {
prune_libtool_files --modules
einstalldocs
+ dodoc "${FILESDIR}"/nsswitch.conf
if [[ ${PV} != 9999 ]]; then
use doc || doman "${WORKDIR}"/man/systemd.{directives,index}.7
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2016-10-30 3:52 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2016-10-30 3:52 UTC (permalink / raw
To: gentoo-commits
commit: 448fde98950def2b1d69bd05903c8e800b3bbead
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 30 03:51:37 2016 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Oct 30 03:52:10 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=448fde98
sys-apps/systemd: call pam_limits for systemd-user
As suggested by DISTRO_PORTING.
Package-Manager: portage-2.3.2_p1
sys-apps/systemd/files/232-systemd-user-pam.patch | 8 ++++++++
sys-apps/systemd/systemd-9999.ebuild | 1 +
2 files changed, 9 insertions(+)
diff --git a/sys-apps/systemd/files/232-systemd-user-pam.patch b/sys-apps/systemd/files/232-systemd-user-pam.patch
new file mode 100644
index 00000000..a6501ba
--- /dev/null
+++ b/sys-apps/systemd/files/232-systemd-user-pam.patch
@@ -0,0 +1,8 @@
+--- a/src/login/systemd-user.m4
++++ b/src/login/systemd-user.m4
+@@ -9,4 +9,5 @@
+ session required pam_selinux.so nottys open
+ )m4_dnl
+ session required pam_loginuid.so
++session required pam_limits.so
+ session optional pam_systemd.so
diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index c0a9abc..b79eeac 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -159,6 +159,7 @@ src_prepare() {
local PATCHES=(
"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
"${FILESDIR}/228-noclean-tmp.patch"
+ "${FILESDIR}/232-systemd-user-pam.patch"
)
[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2016-04-10 1:05 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2016-04-10 1:05 UTC (permalink / raw
To: gentoo-commits
commit: c008e237dd1dfd1139373e4e6287e95f94c60346
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 10 01:05:07 2016 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Apr 10 01:05:35 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c008e237
sys-apps/systemd: Add workaround for if.h conflict
Bug: https://bugs.gentoo.org/577660
Package-Manager: portage-2.2.28_p3
| 34 +++++++++++++++++++++++++
sys-apps/systemd/systemd-229-r100.ebuild | 1 +
sys-apps/systemd/systemd-229.ebuild | 1 +
3 files changed, 36 insertions(+)
--git a/sys-apps/systemd/files/linux-headers-if.h.patch b/sys-apps/systemd/files/linux-headers-if.h.patch
new file mode 100644
index 0000000..d0c38a9
--- /dev/null
+++ b/sys-apps/systemd/files/linux-headers-if.h.patch
@@ -0,0 +1,34 @@
+From 96b90055e1e21417d4beb973fcb62858d7c69c17 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Sat, 9 Apr 2016 18:07:02 -0400
+Subject: [PATCH] Work around net/if.h / linux/if.h conflict
+
+---
+ src/shared/firewall-util.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c
+index 0d3da2e..521e09c 100644
+--- a/src/shared/firewall-util.c
++++ b/src/shared/firewall-util.c
+@@ -17,14 +17,16 @@
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+ ***/
+
++#define _NET_IF_H 1
++
+ #include <alloca.h>
+ #include <arpa/inet.h>
+ #include <endian.h>
+ #include <errno.h>
+-#include <net/if.h>
+ #include <stddef.h>
+ #include <string.h>
+ #include <sys/socket.h>
++#include <linux/if.h>
+ #include <linux/netfilter_ipv4/ip_tables.h>
+ #include <linux/netfilter/nf_nat.h>
+ #include <linux/netfilter/xt_addrtype.h>
+--
+2.8.1
+
diff --git a/sys-apps/systemd/systemd-229-r100.ebuild b/sys-apps/systemd/systemd-229-r100.ebuild
index 0a7cf4d..cd9d446 100644
--- a/sys-apps/systemd/systemd-229-r100.ebuild
+++ b/sys-apps/systemd/systemd-229-r100.ebuild
@@ -152,6 +152,7 @@ src_prepare() {
local PATCHES=(
"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
"${FILESDIR}/228-noclean-tmp.patch"
+ "${FILESDIR}/linux-headers-if.h.patch"
)
[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
diff --git a/sys-apps/systemd/systemd-229.ebuild b/sys-apps/systemd/systemd-229.ebuild
index 70ec90f..0a35d50 100644
--- a/sys-apps/systemd/systemd-229.ebuild
+++ b/sys-apps/systemd/systemd-229.ebuild
@@ -152,6 +152,7 @@ src_prepare() {
local PATCHES=(
"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
"${FILESDIR}/228-noclean-tmp.patch"
+ "${FILESDIR}/linux-headers-if.h.patch"
)
[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2015-09-26 1:53 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2015-09-26 1:53 UTC (permalink / raw
To: gentoo-commits
commit: 8595c126a7159621855791860b74f7d40b7eeed0
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 26 01:52:46 2015 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Sep 26 01:53:25 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8595c126
sys-apps/systemd: Fix noclean-tmp patch for 218
Package-Manager: portage-2.2.21_p119
sys-apps/systemd/files/218-noclean-tmp.patch | 4 +-
sys-apps/systemd/systemd-218-r5.ebuild | 463 +++++++++++++++++++++++++++
2 files changed, 465 insertions(+), 2 deletions(-)
diff --git a/sys-apps/systemd/files/218-noclean-tmp.patch b/sys-apps/systemd/files/218-noclean-tmp.patch
index 5dcc4b9..b02e5c8 100644
--- a/sys-apps/systemd/files/218-noclean-tmp.patch
+++ b/sys-apps/systemd/files/218-noclean-tmp.patch
@@ -18,8 +18,8 @@ index b80dab4..241fad5 100644
# Clear tmp directories separately, to make them easier to override
-d /tmp 1777 root root 10d
-d /var/tmp 1777 root root 30d
-+v /tmp 1777 root root
-+v /var/tmp 1777 root root
++d /tmp 1777 root root
++d /var/tmp 1777 root root
# Exclude namespace mountpoints created with PrivateTmp=yes
x /tmp/systemd-private-%b-*
diff --git a/sys-apps/systemd/systemd-218-r5.ebuild b/sys-apps/systemd/systemd-218-r5.ebuild
new file mode 100644
index 0000000..7be421d
--- /dev/null
+++ b/sys-apps/systemd/systemd-218-r5.ebuild
@@ -0,0 +1,463 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+AUTOTOOLS_PRUNE_LIBTOOL_FILES=all
+PYTHON_COMPAT=( python{2_7,3_3,3_4} )
+inherit autotools-utils bash-completion-r1 linux-info multilib \
+ multilib-minimal pam python-single-r1 systemd toolchain-funcs udev \
+ user
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="http://www.freedesktop.org/wiki/Software/systemd"
+SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+KEYWORDS="alpha amd64 arm ia64 ppc ppc64 sparc x86"
+IUSE="acl apparmor audit cryptsetup curl doc elfutils gcrypt gudev http
+ idn introspection kdbus +kmod +lz4 lzma pam policykit python qrcode +seccomp
+ selinux ssl sysv-utils terminal test vanilla xkb"
+
+MINKV="3.8"
+
+COMMON_DEPEND=">=sys-apps/util-linux-2.25:0=
+ sys-libs/libcap:0=
+ !<sys-libs/glibc-2.16
+ acl? ( sys-apps/acl:0= )
+ apparmor? ( sys-libs/libapparmor:0= )
+ audit? ( >=sys-process/audit-2:0= )
+ cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
+ curl? ( net-misc/curl:0= )
+ elfutils? ( >=dev-libs/elfutils-0.158:0= )
+ gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+ gudev? ( >=dev-libs/glib-2.34.3:2=[${MULTILIB_USEDEP}] )
+ http? (
+ >=net-libs/libmicrohttpd-0.9.33:0=
+ ssl? ( >=net-libs/gnutls-3.1.4:0= )
+ )
+ idn? ( net-dns/libidn:0= )
+ introspection? ( >=dev-libs/gobject-introspection-1.31.1:0= )
+ kmod? ( >=sys-apps/kmod-15:0= )
+ lz4? ( >=app-arch/lz4-0_p119:0=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+ pam? ( virtual/pam:= )
+ python? ( ${PYTHON_DEPS} )
+ qrcode? ( media-gfx/qrencode:0= )
+ seccomp? ( sys-libs/libseccomp:0= )
+ selinux? ( sys-libs/libselinux:0= )
+ sysv-utils? (
+ !sys-apps/systemd-sysv-utils
+ !sys-apps/sysvinit )
+ terminal? ( >=dev-libs/libevdev-1.2:0=
+ >=x11-libs/libxkbcommon-0.5:0=
+ >=x11-libs/libdrm-2.4:0= )
+ xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
+ abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+ >=sys-apps/baselayout-2.2
+ !sys-auth/nss-myhostname
+ !sys-fs/eudev
+ !sys-fs/udev
+ gudev? ( !dev-libs/libgudev )"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.6.8-r1:0[systemd]
+ >=sys-apps/hwids-20130717-r1[udev]
+ >=sys-fs/udev-init-scripts-25
+ policykit? ( sys-auth/polkit )
+ !vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+ app-arch/xz-utils:0
+ dev-util/gperf
+ >=dev-util/intltool-0.50
+ >=sys-apps/coreutils-8.16
+ >=sys-devel/binutils-2.23.1
+ >=sys-devel/gcc-4.6
+ >=sys-kernel/linux-headers-${MINKV}
+ ia64? ( >=sys-kernel/linux-headers-3.9 )
+ virtual/pkgconfig
+ doc? ( >=dev-util/gtk-doc-1.18 )
+ python? ( dev-python/lxml[${PYTHON_USEDEP}] )
+ test? ( >=sys-apps/dbus-1.6.8-r1:0 )"
+
+PATCHES=(
+ "${FILESDIR}/218-Dont-enable-audit-by-default.patch"
+ "${FILESDIR}/218-noclean-tmp.patch"
+)
+
+pkg_pretend() {
+ local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
+ ~DEVPTS_MULTIPLE_INSTANCES ~DEVTMPFS ~DMIID ~EPOLL ~FANOTIFY ~FHANDLE
+ ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SECCOMP ~SIGNALFD ~SYSFS
+ ~TIMERFD ~TMPFS_XATTR
+ ~!FW_LOADER_USER_HELPER ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+ ~!SYSFS_DEPRECATED_V2"
+
+ use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+ kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
+
+ if linux_config_exists; then
+ local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+ if [ -n "${uevent_helper_path}" ] && [ "${uevent_helper_path}" != '""' ]; then
+ ewarn "It's recommended to set an empty value to the following kernel config option:"
+ ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+ fi
+ fi
+
+ if [[ ${MERGE_TYPE} != binary ]]; then
+ if [[ $(gcc-major-version) -lt 4
+ || ( $(gcc-major-version) -eq 4 && $(gcc-minor-version) -lt 6 ) ]]
+ then
+ eerror "systemd requires at least gcc 4.6 to build. Please switch the active"
+ eerror "gcc version using gcc-config."
+ die "systemd requires at least gcc 4.6"
+ fi
+ fi
+
+ if [[ ${MERGE_TYPE} != buildonly ]]; then
+ if kernel_is -lt ${MINKV//./ }; then
+ ewarn "Kernel version at least ${MINKV} required"
+ fi
+
+ check_extra_config
+ fi
+}
+
+pkg_setup() {
+ use python && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+ # Bug 463376
+ sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
+
+ # missing in tarball
+ cp "${FILESDIR}"/217-systemd-consoled.service.in \
+ units/user/systemd-consoled.service.in || die
+
+ autotools-utils_src_prepare
+}
+
+src_configure() {
+ # Keep using the one where the rules were installed.
+ MY_UDEVDIR=$(get_udevdir)
+ # Fix systems broken by bug #509454.
+ [[ ${MY_UDEVDIR} ]] || MY_UDEVDIR=/lib/udev
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myeconfargs=(
+ # disable -flto since it is an optimization flag
+ # and makes distcc less effective
+ cc_cv_CFLAGS__flto=no
+
+ # Workaround for bug 516346
+ --enable-dependency-tracking
+
+ --disable-maintainer-mode
+ --localstatedir=/var
+ --with-pamlibdir=$(getpam_mod_dir)
+ # avoid bash-completion dep
+ --with-bashcompletiondir="$(get_bashcompdir)"
+ # make sure we get /bin:/sbin in $PATH
+ --enable-split-usr
+ # For testing.
+ --with-rootprefix="${ROOTPREFIX-/usr}"
+ --with-rootlibdir="${ROOTPREFIX-/usr}/$(get_libdir)"
+ # disable sysv compatibility
+ --with-sysvinit-path=
+ --with-sysvrcnd-path=
+ # no deps
+ --enable-efi
+ --enable-ima
+
+ # Optional components/dependencies
+ $(multilib_native_use_enable acl)
+ $(multilib_native_use_enable apparmor)
+ $(multilib_native_use_enable audit)
+ $(multilib_native_use_enable cryptsetup libcryptsetup)
+ $(multilib_native_use_enable curl libcurl)
+ $(multilib_native_use_enable doc gtk-doc)
+ $(multilib_native_use_enable elfutils)
+ $(use_enable gcrypt)
+ $(use_enable gudev)
+ $(multilib_native_use_enable http microhttpd)
+ $(usex http $(multilib_native_use_enable ssl gnutls) --disable-gnutls)
+ $(multilib_native_use_enable idn libidn)
+ $(multilib_native_use_enable introspection)
+ $(use_enable kdbus)
+ $(multilib_native_use_enable kmod)
+ $(use_enable lz4)
+ $(use_enable lzma xz)
+ $(multilib_native_use_enable pam)
+ $(multilib_native_use_enable policykit polkit)
+ $(multilib_native_use_with python)
+ $(multilib_native_use_enable python python-devel)
+ $(multilib_native_use_enable qrcode qrencode)
+ $(multilib_native_use_enable seccomp)
+ $(multilib_native_use_enable selinux)
+ $(multilib_native_use_enable terminal)
+ $(multilib_native_use_enable test tests)
+ $(multilib_native_use_enable test dbus)
+ $(multilib_native_use_enable xkb xkbcommon)
+
+ # not supported (avoid automagic deps in the future)
+ --disable-chkconfig
+
+ # hardcode a few paths to spare some deps
+ QUOTAON=/usr/sbin/quotaon
+ QUOTACHECK=/usr/sbin/quotacheck
+
+ # dbus paths
+ --with-dbuspolicydir="${EPREFIX}/etc/dbus-1/system.d"
+ --with-dbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services"
+ --with-dbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services"
+ --with-dbusinterfacedir="${EPREFIX}/usr/share/dbus-1/interfaces"
+
+ --with-ntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+ )
+
+ if ! multilib_is_native_abi; then
+ myeconfargs+=(
+ MOUNT_{CFLAGS,LIBS}=' '
+
+ ac_cv_search_cap_init=
+ ac_cv_header_sys_capability_h=yes
+ )
+ fi
+
+ # Work around bug 463846.
+ tc-export CC
+
+ autotools-utils_src_configure
+}
+
+multilib_src_compile() {
+ local mymakeopts=(
+ udevlibexecdir="${MY_UDEVDIR}"
+ )
+
+ if multilib_is_native_abi; then
+ emake "${mymakeopts[@]}"
+ else
+ # prerequisites for gudev
+ use gudev && emake src/gudev/gudev{enumtypes,marshal}.{c,h}
+
+ echo 'gentoo: $(BUILT_SOURCES)' | \
+ emake "${mymakeopts[@]}" -f Makefile -f - gentoo
+ echo 'gentoo: $(lib_LTLIBRARIES) $(pkgconfiglib_DATA)' | \
+ emake "${mymakeopts[@]}" -f Makefile -f - gentoo
+ fi
+}
+
+multilib_src_test() {
+ multilib_is_native_abi || continue
+
+ default
+}
+
+multilib_src_install() {
+ local mymakeopts=(
+ # automake fails with parallel libtool relinking
+ # https://bugs.gentoo.org/show_bug.cgi?id=491398
+ -j1
+
+ udevlibexecdir="${MY_UDEVDIR}"
+ dist_udevhwdb_DATA=
+ DESTDIR="${D}"
+ )
+
+ if multilib_is_native_abi; then
+ emake "${mymakeopts[@]}" install
+ else
+ mymakeopts+=(
+ install-libLTLIBRARIES
+ install-pkgconfiglibDATA
+ install-includeHEADERS
+ # safe to call unconditionally, 'installs' empty list
+ install-libgudev_includeHEADERS
+ install-pkgincludeHEADERS
+ )
+
+ emake "${mymakeopts[@]}"
+ fi
+
+ # install compat pkg-config files
+ # Change dbus to >=sys-apps/dbus-1.8.8 if/when this is dropped.
+ local pcfiles=( src/compat-libs/libsystemd-{daemon,id128,journal,login}.pc )
+ emake "${mymakeopts[@]}" install-pkgconfiglibDATA \
+ pkgconfiglib_DATA="${pcfiles[*]}"
+}
+
+multilib_src_install_all() {
+ prune_libtool_files --modules
+ einstalldocs
+
+ if use sysv-utils; then
+ for app in halt poweroff reboot runlevel shutdown telinit; do
+ dosym "..${ROOTPREFIX-/usr}/bin/systemctl" /sbin/${app}
+ done
+ dosym "..${ROOTPREFIX-/usr}/lib/systemd/systemd" /sbin/init
+ else
+ # we just keep sysvinit tools, so no need for the mans
+ rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
+ || die
+ rm "${D}"/usr/share/man/man1/init.1 || die
+ fi
+
+ # Disable storing coredumps in journald, bug #433457
+ mv "${D}"/usr/lib/sysctl.d/50-coredump.conf{,.disabled} || die
+
+ # Preserve empty dirs in /etc & /var, bug #437008
+ keepdir /etc/binfmt.d /etc/modules-load.d /etc/tmpfiles.d \
+ /etc/systemd/ntp-units.d /etc/systemd/user /var/lib/systemd \
+ /var/log/journal/remote
+
+ # Symlink /etc/sysctl.conf for easy migration.
+ dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
+
+ # If we install these symlinks, there is no way for the sysadmin to remove them
+ # permanently.
+ rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
+ rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
+ rm -r "${D}"/etc/systemd/system/network-online.target.wants || die
+ rm -r "${D}"/etc/systemd/system/sysinit.target.wants || die
+}
+
+migrate_locale() {
+ local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
+ local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
+ local locale_conf="${EROOT%/}/etc/locale.conf"
+
+ if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+ # If locale.conf does not exist...
+ if [[ -e ${envd_locale} ]]; then
+ # ...either copy env.d/??locale if there's one
+ ebegin "Moving ${envd_locale} to ${locale_conf}"
+ mv "${envd_locale}" "${locale_conf}"
+ eend ${?} || FAIL=1
+ else
+ # ...or create a dummy default
+ ebegin "Creating ${locale_conf}"
+ cat > "${locale_conf}" <<-EOF
+ # This file has been created by the sys-apps/systemd ebuild.
+ # See locale.conf(5) and localectl(1).
+
+ # LANG=${LANG}
+ EOF
+ eend ${?} || FAIL=1
+ fi
+ fi
+
+ if [[ ! -L ${envd_locale} ]]; then
+ # now, if env.d/??locale is not a symlink (to locale.conf)...
+ if [[ -e ${envd_locale} ]]; then
+ # ...warn the user that he has duplicate locale settings
+ ewarn
+ ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+ ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+ ewarn "and create the symlink with the following command:"
+ ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+ ewarn
+ else
+ # ...or just create the symlink if there's nothing here
+ ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+ ln -n -s ../locale.conf "${envd_locale_def}"
+ eend ${?} || FAIL=1
+ fi
+ fi
+}
+
+migrate_net_name_slot() {
+ # If user has disabled 80-net-name-slot.rules using a empty file or a symlink to /dev/null,
+ # do the same for 80-net-setup-link.rules to keep the old behavior
+ local net_move=no
+ local net_name_slot_sym=no
+ local net_rules_path="${EROOT%/}"/etc/udev/rules.d
+ local net_name_slot="${net_rules_path}"/80-net-name-slot.rules
+ local net_setup_link="${net_rules_path}"/80-net-setup-link.rules
+ if [[ -e ${net_setup_link} ]]; then
+ net_move=no
+ elif [[ -f ${net_name_slot} && $(sed -e "/^#/d" -e "/^\W*$/d" ${net_name_slot} | wc -l) == 0 ]]; then
+ net_move=yes
+ elif [[ -L ${net_name_slot} && $(readlink ${net_name_slot}) == /dev/null ]]; then
+ net_move=yes
+ net_name_slot_sym=yes
+ fi
+ if [[ ${net_move} == yes ]]; then
+ ebegin "Copying ${net_name_slot} to ${net_setup_link}"
+
+ if [[ ${net_name_slot_sym} == yes ]]; then
+ ln -nfs /dev/null "${net_setup_link}"
+ else
+ cp "${net_name_slot}" "${net_setup_link}"
+ fi
+ eend $? || FAIL=1
+ fi
+}
+
+pkg_postinst() {
+ newusergroup() {
+ enewgroup "$1"
+ enewuser "$1" -1 -1 -1 "$1"
+ }
+
+ enewgroup input
+ enewgroup systemd-journal
+ newusergroup systemd-bus-proxy
+ newusergroup systemd-journal-gateway
+ newusergroup systemd-journal-remote
+ newusergroup systemd-journal-upload
+ newusergroup systemd-network
+ newusergroup systemd-resolve
+ newusergroup systemd-timesync
+ use http && newusergroup systemd-journal-gateway
+
+ systemd_update_catalog
+
+ # Keep this here in case the database format changes so it gets updated
+ # when required. Despite that this file is owned by sys-apps/hwids.
+ if has_version "sys-apps/hwids[udev]"; then
+ udevadm hwdb --update --root="${ROOT%/}"
+ fi
+
+ udev_reload || FAIL=1
+
+ # Bug 465468, make sure locales are respect, and ensure consistency
+ # between OpenRC & systemd
+ migrate_locale
+
+ # Migrate 80-net-name-slot.rules -> 80-net-setup-link.rules
+ migrate_net_name_slot
+
+ if [[ ${FAIL} ]]; then
+ eerror "One of the postinst commands failed. Please check the postinst output"
+ eerror "for errors. You may need to clean up your system and/or try installing"
+ eerror "systemd again."
+ eerror
+ fi
+
+ if [[ $(readlink "${ROOT}"/etc/resolv.conf) == */run/systemd/network/resolv.conf ]]; then
+ ewarn "resolv.conf is now generated by systemd-resolved. To use it, enable"
+ ewarn "systemd-resolved.service, and create a symlink from /etc/resolv.conf"
+ ewarn "to /run/systemd/resolve/resolv.conf"
+ ewarn
+ fi
+}
+
+pkg_prerm() {
+ # If removing systemd completely, remove the catalog database.
+ if [[ ! ${REPLACED_BY_VERSION} ]]; then
+ rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+ fi
+}
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2015-09-25 14:52 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2015-09-25 14:52 UTC (permalink / raw
To: gentoo-commits
commit: 884081f76bfb615b4ff37f2cbebe02195a94d6d6
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 25 14:49:55 2015 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Fri Sep 25 14:51:33 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=884081f7
sys-apps/systemd: Disable cleaning of /tmp and /var/tmp
Bug: https://bugs.gentoo.org/490676
Package-Manager: portage-2.2.21_p119
sys-apps/systemd/files/218-noclean-tmp.patch | 28 +++++
sys-apps/systemd/files/226-noclean-tmp.patch | 28 +++++
.../{systemd-9999.ebuild => systemd-218-r4.ebuild} | 135 ++++++++++-----------
.../{systemd-9999.ebuild => systemd-226-r1.ebuild} | 3 +-
sys-apps/systemd/systemd-9999.ebuild | 1 +
5 files changed, 121 insertions(+), 74 deletions(-)
diff --git a/sys-apps/systemd/files/218-noclean-tmp.patch b/sys-apps/systemd/files/218-noclean-tmp.patch
new file mode 100644
index 0000000..5dcc4b9
--- /dev/null
+++ b/sys-apps/systemd/files/218-noclean-tmp.patch
@@ -0,0 +1,28 @@
+From 63e5f76a91e2401e8a6227d0d8ae5e75dd2213b0 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Fri, 25 Sep 2015 10:26:18 -0400
+Subject: [PATCH] tmpfiles: Disable cleaning of /tmp and /var/tmp
+
+Bug: https://bugs.gentoo.org/490676
+---
+ tmpfiles.d/tmp.conf | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tmpfiles.d/tmp.conf b/tmpfiles.d/tmp.conf
+index b80dab4..241fad5 100644
+--- a/tmpfiles.d/tmp.conf
++++ b/tmpfiles.d/tmp.conf
+@@ -8,8 +8,8 @@
+ # See tmpfiles.d(5) for details
+
+ # Clear tmp directories separately, to make them easier to override
+-d /tmp 1777 root root 10d
+-d /var/tmp 1777 root root 30d
++v /tmp 1777 root root
++v /var/tmp 1777 root root
+
+ # Exclude namespace mountpoints created with PrivateTmp=yes
+ x /tmp/systemd-private-%b-*
+--
+2.5.3
+
diff --git a/sys-apps/systemd/files/226-noclean-tmp.patch b/sys-apps/systemd/files/226-noclean-tmp.patch
new file mode 100644
index 0000000..290b1bd
--- /dev/null
+++ b/sys-apps/systemd/files/226-noclean-tmp.patch
@@ -0,0 +1,28 @@
+From 3a44775e2618896526d093f7142934205e46d33a Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Fri, 25 Sep 2015 10:26:18 -0400
+Subject: [PATCH] tmpfiles: Disable cleaning of /tmp and /var/tmp
+
+Bug: https://bugs.gentoo.org/490676
+---
+ tmpfiles.d/tmp.conf | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tmpfiles.d/tmp.conf b/tmpfiles.d/tmp.conf
+index ffdd82f..241fad5 100644
+--- a/tmpfiles.d/tmp.conf
++++ b/tmpfiles.d/tmp.conf
+@@ -8,8 +8,8 @@
+ # See tmpfiles.d(5) for details
+
+ # Clear tmp directories separately, to make them easier to override
+-v /tmp 1777 root root 10d
+-v /var/tmp 1777 root root 30d
++v /tmp 1777 root root
++v /var/tmp 1777 root root
+
+ # Exclude namespace mountpoints created with PrivateTmp=yes
+ x /tmp/systemd-private-%b-*
+--
+2.5.3
+
diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-218-r4.ebuild
similarity index 84%
copy from sys-apps/systemd/systemd-9999.ebuild
copy to sys-apps/systemd/systemd-218-r4.ebuild
index 2ec9957..7be421d 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-218-r4.ebuild
@@ -4,32 +4,27 @@
EAPI=5
-if [[ ${PV} == 9999 ]]; then
- EGIT_REPO_URI="https://github.com/systemd/systemd.git"
- inherit git-r3
-else
- SRC_URI="https://github.com/systemd/systemd/archive/v${PV}.tar.gz -> ${P}.tar.gz"
- KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86"
-fi
-
-inherit autotools bash-completion-r1 linux-info multilib \
- multilib-minimal pam systemd toolchain-funcs udev user
+AUTOTOOLS_PRUNE_LIBTOOL_FILES=all
+PYTHON_COMPAT=( python{2_7,3_3,3_4} )
+inherit autotools-utils bash-completion-r1 linux-info multilib \
+ multilib-minimal pam python-single-r1 systemd toolchain-funcs udev \
+ user
DESCRIPTION="System and service manager for Linux"
HOMEPAGE="http://www.freedesktop.org/wiki/Software/systemd"
+SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz"
LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
SLOT="0/2"
-IUSE="acl apparmor audit cryptsetup curl elfutils gcrypt gnuefi http
- idn importd +kdbus +kmod +lz4 lzma nat pam policykit
- qrcode +seccomp selinux ssl sysv-utils test vanilla xkb"
-
-REQUIRED_USE="importd? ( curl gcrypt lzma )"
+KEYWORDS="alpha amd64 arm ia64 ppc ppc64 sparc x86"
+IUSE="acl apparmor audit cryptsetup curl doc elfutils gcrypt gudev http
+ idn introspection kdbus +kmod +lz4 lzma pam policykit python qrcode +seccomp
+ selinux ssl sysv-utils terminal test vanilla xkb"
-MINKV="3.11"
+MINKV="3.8"
-COMMON_DEPEND=">=sys-apps/util-linux-2.27:0=[${MULTILIB_USEDEP}]
- sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+COMMON_DEPEND=">=sys-apps/util-linux-2.25:0=
+ sys-libs/libcap:0=
!<sys-libs/glibc-2.16
acl? ( sys-apps/acl:0= )
apparmor? ( sys-libs/libapparmor:0= )
@@ -38,26 +33,27 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.27:0=[${MULTILIB_USEDEP}]
curl? ( net-misc/curl:0= )
elfutils? ( >=dev-libs/elfutils-0.158:0= )
gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+ gudev? ( >=dev-libs/glib-2.34.3:2=[${MULTILIB_USEDEP}] )
http? (
>=net-libs/libmicrohttpd-0.9.33:0=
ssl? ( >=net-libs/gnutls-3.1.4:0= )
)
idn? ( net-dns/libidn:0= )
- importd? (
- app-arch/bzip2:0=
- sys-libs/zlib:0=
- )
+ introspection? ( >=dev-libs/gobject-introspection-1.31.1:0= )
kmod? ( >=sys-apps/kmod-15:0= )
lz4? ( >=app-arch/lz4-0_p119:0=[${MULTILIB_USEDEP}] )
lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
- nat? ( net-firewall/iptables:0= )
pam? ( virtual/pam:= )
+ python? ( ${PYTHON_DEPS} )
qrcode? ( media-gfx/qrencode:0= )
seccomp? ( sys-libs/libseccomp:0= )
selinux? ( sys-libs/libselinux:0= )
sysv-utils? (
!sys-apps/systemd-sysv-utils
!sys-apps/sysvinit )
+ terminal? ( >=dev-libs/libevdev-1.2:0=
+ >=x11-libs/libxkbcommon-0.5:0=
+ >=x11-libs/libdrm-2.4:0= )
xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
@@ -67,11 +63,12 @@ RDEPEND="${COMMON_DEPEND}
>=sys-apps/baselayout-2.2
!sys-auth/nss-myhostname
!sys-fs/eudev
- !sys-fs/udev"
+ !sys-fs/udev
+ gudev? ( !dev-libs/libgudev )"
# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
PDEPEND=">=sys-apps/dbus-1.6.8-r1:0[systemd]
- >=sys-apps/hwids-20150417[udev]
+ >=sys-apps/hwids-20130717-r1[udev]
>=sys-fs/udev-init-scripts-25
policykit? ( sys-auth/polkit )
!vanilla? ( sys-apps/gentoo-systemd-integration )"
@@ -85,14 +82,16 @@ DEPEND="${COMMON_DEPEND}
>=sys-devel/binutils-2.23.1
>=sys-devel/gcc-4.6
>=sys-kernel/linux-headers-${MINKV}
+ ia64? ( >=sys-kernel/linux-headers-3.9 )
virtual/pkgconfig
- gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
- test? ( >=sys-apps/dbus-1.6.8-r1:0 )
- app-text/docbook-xml-dtd:4.2
- app-text/docbook-xml-dtd:4.5
- app-text/docbook-xsl-stylesheets
- dev-libs/libxslt:0
- >=dev-libs/libgcrypt-1.4.5:0"
+ doc? ( >=dev-util/gtk-doc-1.18 )
+ python? ( dev-python/lxml[${PYTHON_USEDEP}] )
+ test? ( >=sys-apps/dbus-1.6.8-r1:0 )"
+
+PATCHES=(
+ "${FILESDIR}/218-Dont-enable-audit-by-default.patch"
+ "${FILESDIR}/218-noclean-tmp.patch"
+)
pkg_pretend() {
local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
@@ -133,20 +132,18 @@ pkg_pretend() {
}
pkg_setup() {
- :
-}
-
-src_unpack() {
- default
- [[ ${PV} != 9999 ]] || git-r3_src_unpack
+ use python && python-single-r1_pkg_setup
}
src_prepare() {
# Bug 463376
sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
- epatch "${FILESDIR}/218-Dont-enable-audit-by-default.patch"
- epatch_user
- eautoreconf
+
+ # missing in tarball
+ cp "${FILESDIR}"/217-systemd-consoled.service.in \
+ units/user/systemd-consoled.service.in || die
+
+ autotools-utils_src_prepare
}
src_configure() {
@@ -155,9 +152,6 @@ src_configure() {
# Fix systems broken by bug #509454.
[[ ${MY_UDEVDIR} ]] || MY_UDEVDIR=/lib/udev
- # Prevent conflicts with i686 cross toolchain, bug 559726
- tc-export AR CC NM OBJCOPY RANLIB
-
multilib-minimal_src_configure
}
@@ -167,9 +161,6 @@ multilib_src_configure() {
# and makes distcc less effective
cc_cv_CFLAGS__flto=no
- # Workaround for gcc-4.7, bug 554454.
- cc_cv_CFLAGS__Werror_shadow=no
-
# Workaround for bug 516346
--enable-dependency-tracking
@@ -189,7 +180,6 @@ multilib_src_configure() {
# no deps
--enable-efi
--enable-ima
- --without-python
# Optional components/dependencies
$(multilib_native_use_enable acl)
@@ -197,48 +187,59 @@ multilib_src_configure() {
$(multilib_native_use_enable audit)
$(multilib_native_use_enable cryptsetup libcryptsetup)
$(multilib_native_use_enable curl libcurl)
+ $(multilib_native_use_enable doc gtk-doc)
$(multilib_native_use_enable elfutils)
$(use_enable gcrypt)
- $(multilib_native_use_enable gnuefi)
+ $(use_enable gudev)
$(multilib_native_use_enable http microhttpd)
$(usex http $(multilib_native_use_enable ssl gnutls) --disable-gnutls)
$(multilib_native_use_enable idn libidn)
- $(multilib_native_use_enable importd)
- $(multilib_native_use_enable importd bzip2)
- $(multilib_native_use_enable importd zlib)
+ $(multilib_native_use_enable introspection)
$(use_enable kdbus)
$(multilib_native_use_enable kmod)
$(use_enable lz4)
$(use_enable lzma xz)
- $(multilib_native_use_enable nat libiptc)
$(multilib_native_use_enable pam)
$(multilib_native_use_enable policykit polkit)
+ $(multilib_native_use_with python)
+ $(multilib_native_use_enable python python-devel)
$(multilib_native_use_enable qrcode qrencode)
$(multilib_native_use_enable seccomp)
$(multilib_native_use_enable selinux)
+ $(multilib_native_use_enable terminal)
$(multilib_native_use_enable test tests)
$(multilib_native_use_enable test dbus)
$(multilib_native_use_enable xkb xkbcommon)
+ # not supported (avoid automagic deps in the future)
+ --disable-chkconfig
+
# hardcode a few paths to spare some deps
QUOTAON=/usr/sbin/quotaon
QUOTACHECK=/usr/sbin/quotacheck
- # TODO: we may need to restrict this to gcc
- EFI_CC="$(tc-getCC)"
-
# dbus paths
--with-dbuspolicydir="${EPREFIX}/etc/dbus-1/system.d"
--with-dbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services"
--with-dbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services"
+ --with-dbusinterfacedir="${EPREFIX}/usr/share/dbus-1/interfaces"
--with-ntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
)
+ if ! multilib_is_native_abi; then
+ myeconfargs+=(
+ MOUNT_{CFLAGS,LIBS}=' '
+
+ ac_cv_search_cap_init=
+ ac_cv_header_sys_capability_h=yes
+ )
+ fi
+
# Work around bug 463846.
tc-export CC
- ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+ autotools-utils_src_configure
}
multilib_src_compile() {
@@ -249,6 +250,9 @@ multilib_src_compile() {
if multilib_is_native_abi; then
emake "${mymakeopts[@]}"
else
+ # prerequisites for gudev
+ use gudev && emake src/gudev/gudev{enumtypes,marshal}.{c,h}
+
echo 'gentoo: $(BUILT_SOURCES)' | \
emake "${mymakeopts[@]}" -f Makefile -f - gentoo
echo 'gentoo: $(lib_LTLIBRARIES) $(pkgconfiglib_DATA)' | \
@@ -259,10 +263,6 @@ multilib_src_compile() {
multilib_src_test() {
multilib_is_native_abi || continue
- # Needed for bus-related tests
- local -x SANDBOX_WRITE=${SANDBOX_WRITE}
- addwrite /sys/fs/kdbus
-
default
}
@@ -285,6 +285,7 @@ multilib_src_install() {
install-pkgconfiglibDATA
install-includeHEADERS
# safe to call unconditionally, 'installs' empty list
+ install-libgudev_includeHEADERS
install-pkgincludeHEADERS
)
@@ -330,7 +331,6 @@ multilib_src_install_all() {
rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
rm -r "${D}"/etc/systemd/system/network-online.target.wants || die
- rm -r "${D}"/etc/systemd/system/sockets.target.wants || die
rm -r "${D}"/etc/systemd/system/sysinit.target.wants || die
}
@@ -406,14 +406,6 @@ migrate_net_name_slot() {
fi
}
-reenable_unit() {
- if systemctl is-enabled --root="${ROOT}" "$1" &> /dev/null; then
- ebegin "Re-enabling $1"
- systemctl reenable --root="${ROOT}" "$1"
- eend $? || FAIL=1
- fi
-}
-
pkg_postinst() {
newusergroup() {
enewgroup "$1"
@@ -448,9 +440,6 @@ pkg_postinst() {
# Migrate 80-net-name-slot.rules -> 80-net-setup-link.rules
migrate_net_name_slot
- # Re-enable systemd-networkd for socket activation
- reenable_unit systemd-networkd.service
-
if [[ ${FAIL} ]]; then
eerror "One of the postinst commands failed. Please check the postinst output"
eerror "for errors. You may need to clean up your system and/or try installing"
diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-226-r1.ebuild
similarity index 99%
copy from sys-apps/systemd/systemd-9999.ebuild
copy to sys-apps/systemd/systemd-226-r1.ebuild
index 2ec9957..9a7bc96 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-226-r1.ebuild
@@ -28,7 +28,7 @@ REQUIRED_USE="importd? ( curl gcrypt lzma )"
MINKV="3.11"
-COMMON_DEPEND=">=sys-apps/util-linux-2.27:0=[${MULTILIB_USEDEP}]
+COMMON_DEPEND=">=sys-apps/util-linux-2.26:0=[${MULTILIB_USEDEP}]
sys-libs/libcap:0=[${MULTILIB_USEDEP}]
!<sys-libs/glibc-2.16
acl? ( sys-apps/acl:0= )
@@ -145,6 +145,7 @@ src_prepare() {
# Bug 463376
sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
epatch "${FILESDIR}/218-Dont-enable-audit-by-default.patch"
+ epatch "${FILESDIR}/226-noclean-tmp.patch"
epatch_user
eautoreconf
}
diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 2ec9957..ca76f13 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -145,6 +145,7 @@ src_prepare() {
# Bug 463376
sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
epatch "${FILESDIR}/218-Dont-enable-audit-by-default.patch"
+ epatch "${FILESDIR}/226-noclean-tmp.patch"
epatch_user
eautoreconf
}
^ permalink raw reply related [flat|nested] 65+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
@ 2015-08-22 17:16 Mike Gilbert
0 siblings, 0 replies; 65+ messages in thread
From: Mike Gilbert @ 2015-08-22 17:16 UTC (permalink / raw
To: gentoo-commits
commit: 1dbc772ea5dbbac9a8f910033d0fb5abd7b45459
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 22 17:09:48 2015 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Aug 22 17:16:24 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1dbc772e
sys-apps/systemd: Backport build fix for alpha
Bug: https://bugs.gentoo.org/543900
Package-Manager: portage-2.2.20_p134
...e-getxpid-syscall-on-alpha-for-raw_getpid.patch | 30 ++++++++++++++++++++++
sys-apps/systemd/systemd-224-r1.ebuild | 1 +
2 files changed, 31 insertions(+)
diff --git a/sys-apps/systemd/files/224-0002-Use-getxpid-syscall-on-alpha-for-raw_getpid.patch b/sys-apps/systemd/files/224-0002-Use-getxpid-syscall-on-alpha-for-raw_getpid.patch
new file mode 100644
index 0000000..40e2d1c
--- /dev/null
+++ b/sys-apps/systemd/files/224-0002-Use-getxpid-syscall-on-alpha-for-raw_getpid.patch
@@ -0,0 +1,30 @@
+From a242a99d42276b6b764f80bd0de70c26e5c5f1d4 Mon Sep 17 00:00:00 2001
+From: Matt Turner <mattst88@gmail.com>
+Date: Tue, 4 Aug 2015 14:47:01 -0700
+Subject: [PATCH] Use getxpid syscall on alpha for raw_getpid()
+
+Alpha does not have a getpid syscall, but rather has getxpid to match
+OSF/1.
+---
+ src/basic/missing.h | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/basic/missing.h b/src/basic/missing.h
+index ed6cd80..34ab025 100644
+--- a/src/basic/missing.h
++++ b/src/basic/missing.h
+@@ -977,7 +977,11 @@ static inline int raw_clone(unsigned long flags, void *child_stack) {
+ }
+
+ static inline pid_t raw_getpid(void) {
++#if defined(__alpha__)
++ return (pid_t) syscall(__NR_getxpid);
++#else
+ return (pid_t) syscall(__NR_getpid);
++#endif
+ }
+
+ #if !HAVE_DECL_RENAMEAT2
+--
+2.5.0
+
diff --git a/sys-apps/systemd/systemd-224-r1.ebuild b/sys-apps/systemd/systemd-224-r1.ebuild
index 7d4b2b7..521109e 100644
--- a/sys-apps/systemd/systemd-224-r1.ebuild
+++ b/sys-apps/systemd/systemd-224-r1.ebuild
@@ -105,6 +105,7 @@ fi
PATCHES=(
"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
"${FILESDIR}/224-0001-networkd-fix-neworkd-crash.patch"
+ "${FILESDIR}/224-0002-Use-getxpid-syscall-on-alpha-for-raw_getpid.patch"
)
pkg_pretend() {
^ permalink raw reply related [flat|nested] 65+ messages in thread
end of thread, other threads:[~2024-05-28 0:51 UTC | newest]
Thread overview: 65+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-09-08 18:29 [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/ Mike Gilbert
-- strict thread matches above, loose matches on Subject: below --
2024-05-28 0:51 Sam James
2024-05-05 15:43 Sam James
2024-04-18 4:20 Mike Gilbert
2024-03-04 2:51 Sam James
2024-02-24 15:51 Mike Gilbert
2023-12-24 11:58 Sam James
2023-12-12 2:50 Sam James
2023-08-17 1:08 Mike Gilbert
2023-08-05 23:07 Sam James
2023-08-02 21:14 Sam James
2023-07-27 22:55 Sam James
2023-02-26 19:27 Mike Gilbert
2022-11-07 16:15 Mike Gilbert
2022-10-19 18:13 Mike Gilbert
2022-05-21 22:23 Mike Gilbert
2022-03-25 4:56 Sam James
2021-12-25 18:20 Mike Gilbert
2021-12-09 19:40 Mike Gilbert
2021-11-14 23:53 Mike Gilbert
2021-11-07 5:27 Georgy Yakovlev
2021-09-14 23:47 Mike Gilbert
2021-09-08 18:29 Mike Gilbert
2021-07-08 20:23 Mike Gilbert
2021-06-20 17:18 Mike Gilbert
2021-05-19 19:37 Mike Gilbert
2020-11-08 17:51 Mike Gilbert
2020-05-21 0:13 Mike Gilbert
2020-04-27 14:41 Mike Gilbert
2020-04-17 16:36 Mike Gilbert
2020-02-06 15:24 Mike Gilbert
2020-02-05 18:24 Mike Gilbert
2019-11-17 19:56 Mike Gilbert
2019-08-11 16:28 Mike Gilbert
2019-07-10 18:21 Mike Gilbert
2019-07-10 15:37 Mike Gilbert
2019-07-08 15:47 Mike Gilbert
2019-06-08 20:44 Mike Gilbert
2019-02-18 23:32 Mike Gilbert
2018-12-26 4:02 Mike Gilbert
2018-05-24 20:33 Mike Gilbert
2018-04-18 16:50 Mike Gilbert
2018-04-05 20:12 Mike Gilbert
2018-04-01 16:31 Mike Gilbert
2018-04-01 16:31 Mike Gilbert
2018-03-26 21:17 Mike Gilbert
2018-03-10 17:29 Mike Gilbert
2018-02-08 17:17 Jason Donenfeld
2017-12-19 2:01 Mike Gilbert
2017-12-17 19:03 Mike Gilbert
2017-11-19 20:09 Mike Gilbert
2017-10-26 21:37 Mike Gilbert
2017-10-08 14:40 Mike Gilbert
2017-08-13 23:08 Mike Gilbert
2017-07-17 15:28 Mike Gilbert
2017-07-02 15:56 Mike Gilbert
2017-06-28 20:31 Mike Gilbert
2017-01-10 22:22 Mike Gilbert
2017-01-10 22:22 Mike Gilbert
2016-11-04 1:06 Mike Gilbert
2016-10-30 3:52 Mike Gilbert
2016-04-10 1:05 Mike Gilbert
2015-09-26 1:53 Mike Gilbert
2015-09-25 14:52 Mike Gilbert
2015-08-22 17:16 Mike Gilbert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox