gentoo auto-resync : 24:02:2024 - 17:40:43

17 files changed, 412 insertions, 1 deletions

diff --git a/sys-apps/Manifest.gz b/sys-apps/Manifest.gz
index b0cb990e4e9e..ddb4ac49c483 100644
--- a/sys-apps/Manifest.gz
+++ b/sys-apps/Manifest.gz
diff --git a/sys-apps/asahi-configs/Manifest b/sys-apps/asahi-configs/Manifest
new file mode 100644
index 000000000000..65ba292a2572
--- /dev/null
+++ b/sys-apps/asahi-configs/Manifest
@@ -0,0 +1,7 @@
+AUX baloo 35 BLAKE2B 8c14a2e39cf3abe4d5dceb0997d2a4aa5c8527397cdb09088ec106892b7d54dccdf636c288a49b46f4e517f4131b62000d4d170bb6538a49eca655b4dc083236 SHA512 43147ee74c9a0d660210cc6d4c163bab2849ef4bf373d27ceb060fa5b39c3c7e2076febbc6d1c58277092bfb8ef7e54ff7dbb9929e2cebebce81fe4e8857acae
+AUX envvars 89 BLAKE2B d06bf1f1ee246d74c9908209945cf04278234c7e9bbc51e7ba66c424f916d75d3e3982f0cbda31a951cc677cdf5819d419f4404587bc35cf771957044a31df65 SHA512 f6d830060e6a094618890d5f4472f2900513953a611ae569457fdfc5782848284f53aef327b296a92b7c281a32d99f53dccf546a157af2eaea56e0083048db48
+AUX kcminput 50 BLAKE2B 5ce56d824acea49250a5f840ed47fb0edf46095fb4fd44cfae994b3cb6e92f1919d2aa9d704206bd513d4615a05cf1a6b1bf12c2b31f8f82f4618ccc554c72ed SHA512 b6f4ec1d8d60783d10e73514006000c8fb7783644b5bcfb91ec9d814fa5c0512b0aad0155fce130c5671fb1a038f926bcb299e49b8224abb7d697f6e04d6cfe8
+AUX xorg-modeset 143 BLAKE2B 7e92f9ea7f1b056c5170dd8bffad4e0399e9b1bd09cf5d26be257278359afe96f951def5db714f1f65d535862096d76f1ad2be56e73f50f54848b4fbbf8777fd SHA512 19c75a6724705970207733952e208bfa54616549da58ba8cfb387a8905765c04f1fe4a8c4673a6d16ab5dee790b33ba0faf17fdf80fcbbab8902c797cef89d93
+AUX xorg-naturalscroll 198 BLAKE2B 2a1baad2a0eb37d5c3c92266dbaa851f101d9dbff9ba7e6d1571f1875abb99a893ff7994c6afa258974ea3c93f25cace47ecda4895cc40ca05f8ceae30d5528b SHA512 eb7685664ea9334d5ef4b09520fba85d2788b47ca9b01be5d4bb5984ef9eb7077ba2869ab4fdad972d7187e4de71c6de20dc45d02ad6689fe0ddb0f1a12a6978
+EBUILD asahi-configs-1.0.ebuild 646 BLAKE2B 1bd4d6b0e5ffbeafd20b8e390f5601021993184495d2d58b66387c34e89d6cecffdce18e9d95e52996f244bd7310d77cc2d353bbcc41263f49b95ea1d69ee51e SHA512 fa119ce994e08f1a6a8ccc3597a967e298a90fe90b3cecb7094067a710a3effedc044d0cd1e1d66adee4ed012f5ab5752e18db3def1c137e84f7aaad5361c9e7
+MISC metadata.xml 419 BLAKE2B 05aeb3ef87752317a9b717288a891da7cbda3c76ece7b9a775a4040137b5163d5e933831b6a346a36ebdd3d97d363bf487fae817d1132cf2efac8aae6002cb12 SHA512 f9fad40398ac6019c99584fd2040acf0e6b467a278d9a57e2483267a06f999c67f62e9b63ba90bff250a5cda7fb5d2ff83b32f25ff859858a090eacf74015a82
diff --git a/sys-apps/asahi-configs/asahi-configs-1.0.ebuild b/sys-apps/asahi-configs/asahi-configs-1.0.ebuild
new file mode 100644
index 000000000000..3d6c1859512a
--- /dev/null
+++ b/sys-apps/asahi-configs/asahi-configs-1.0.ebuild
@@ -0,0 +1,29 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="8"
+
+DESCRIPTION="Asahi Linux configurations"
+HOMEPAGE="https://asahilinux.org/"
+LICENSE="MIT"
+
+SLOT="0"
+KEYWORDS="~arm64"
+
+src_unpack() {
+	mkdir "${S}" || die
+	cp "${FILESDIR}"/* "${S}/" || die
+}
+
+src_install() {
+	insinto /etc/xdg/
+	newins "${FILESDIR}/kcminput" kcminputrc
+	newins "${FILESDIR}/baloo" baloofilerc
+
+	insinto /etc/X11/xorg.conf.d/
+	newins "${FILESDIR}/xorg-modeset" 30-modesetting.conf
+	newins "${FILESDIR}/xorg-naturalscroll" 20-natural-scrolling.conf
+
+	exeinto /etc/profile.d/
+	newexe "${FILESDIR}/envvars" asahi.sh
+}
diff --git a/sys-apps/asahi-configs/files/baloo b/sys-apps/asahi-configs/files/baloo
new file mode 100644
index 000000000000..694400b83e28
--- /dev/null
+++ b/sys-apps/asahi-configs/files/baloo
@@ -0,0 +1,2 @@
+[General]
+only basic indexing=true
diff --git a/sys-apps/asahi-configs/files/envvars b/sys-apps/asahi-configs/files/envvars
new file mode 100644
index 000000000000..4368fedc51bb
--- /dev/null
+++ b/sys-apps/asahi-configs/files/envvars
@@ -0,0 +1,3 @@
+export MOZ_ENABLE_WAYLAND=1
+export QV4_FORCE_INTERPRETER=1
+export KWIN_FORCE_SW_CURSOR=1
diff --git a/sys-apps/asahi-configs/files/kcminput b/sys-apps/asahi-configs/files/kcminput
new file mode 100644
index 000000000000..6e0914e6abeb
--- /dev/null
+++ b/sys-apps/asahi-configs/files/kcminput
@@ -0,0 +1,2 @@
+[Libinput][Defaults][Touchpad]
+NaturalScroll=true
diff --git a/sys-apps/asahi-configs/files/xorg-modeset b/sys-apps/asahi-configs/files/xorg-modeset
new file mode 100644
index 000000000000..9b1caeea66d8
--- /dev/null
+++ b/sys-apps/asahi-configs/files/xorg-modeset
@@ -0,0 +1,6 @@
+Section "OutputClass"
+    Identifier "appledrm"
+    MatchDriver "apple"
+    Driver "modesetting"
+    Option "PrimaryGPU" "true"    
+EndSection
diff --git a/sys-apps/asahi-configs/files/xorg-naturalscroll b/sys-apps/asahi-configs/files/xorg-naturalscroll
new file mode 100644
index 000000000000..59fdcf12ca51
--- /dev/null
+++ b/sys-apps/asahi-configs/files/xorg-naturalscroll
@@ -0,0 +1,7 @@
+Section "InputClass"
+	Identifier "Enable natural scrolling by default"
+	MatchIsTouchpad "on"
+	MatchDevicePath "/dev/input/event*"
+	MatchDriver "libinput"
+	Option "Natural Scrolling" "on"
+EndSection
diff --git a/sys-apps/asahi-configs/metadata.xml b/sys-apps/asahi-configs/metadata.xml
new file mode 100644
index 000000000000..78cf3a46e034
--- /dev/null
+++ b/sys-apps/asahi-configs/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>jcalligeros99@gmail.com</email>
+		<name>James Calligeros</name>
+	</maintainer>
+	<maintainer type="project">
+		<email>asahi@gentoo.org</email>
+	</maintainer>
+	<upstream>
+		<remote-id type="github">AsahiLinux/PKGBUILDs</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/sys-apps/asahi-scripts/Manifest b/sys-apps/asahi-scripts/Manifest
new file mode 100644
index 000000000000..82fb8d394c3c
--- /dev/null
+++ b/sys-apps/asahi-scripts/Manifest
@@ -0,0 +1,5 @@
+AUX makefile.patch 175 BLAKE2B e1858dec75b6d5b285c689ea2ce5187dbbda54b3cb3f72f3df29db7dc6133f57c5a361cdb493f0fe4ea624cda5e997f102840708111ef1b3aa682c92c1610342 SHA512 805d04d990698e1bdff54433ce4eeca0e45bc4a5cde1f3b539dabe2ee48f9dda49ff1a75e4ddc08e4f335ca99a5216d41fd0232f9771732996689446614a4ffc
+AUX update-m1n1-dtbs.patch 399 BLAKE2B 610da1ca6ba4cc0d465b9c998a6a5a47931db6d0660539eabe2e6b4e73cf2fc235bccb2b30305415a8c33f5f2553e77869cfa34448e49b9c29eb2a3a99ca46f4 SHA512 3ad9fbf771a2d26b60f496c433f45495ace0d60317934221fe829a74c8621d7e13d85d3f26085aab2a44c00dc2ab8e91afbb222eba8c4d1c8526f681a4096304
+DIST asahi-scripts-20231219.1.tar.gz 10696 BLAKE2B 1a3103f093fa87f33f7bdc64340dbd61705ac88832b1a9a2cb015ae8ff7ccfc138b91d0f38505dcdb916ccef03a0f788dd2bbaac66fc32118ce8acb536791bdd SHA512 ab4462bd8b98558f57a1edb4ac9fb21535e6a2b8396f6774a3ea1160ad2de4f64ffb65a93d08e6112ea2d90050a1a368fd32d8a6e5b0d7a545961c57ac9d0639
+EBUILD asahi-scripts-20231219.1.ebuild 1276 BLAKE2B 8a7f1cc306006466bcd584a391981c05f6dea6772f2092457188532b36d9b5b82af3bcd7c85153220a3224aff66a953586d49b58d89d7e91239fa237f3ec715b SHA512 d8b99769245151ab4c1fda94e5e26819a06e36ec6ad9eebcfef355a22a10fb18f26648f505a4acd56dea9a3d28c875ea7d0ff231588790926f00e013195243c4
+MISC metadata.xml 423 BLAKE2B 4bfaa21a10fe7fd713795044151c993a1ac6bec3d266ee60ff2713e8856d19a85d3bea0806ed7f3382aa58fe7388732478ce518668f131637a8758233829adbc SHA512 1fde5b23da68b00da65f6f3c7ed2510247b6e05828d3b5b66a48e01ee8b7e6565d7b39778da42a3059ed15a5af13c4f732eb8c70cc9d30b7e617c80913956a33
diff --git a/sys-apps/asahi-scripts/asahi-scripts-20231219.1.ebuild b/sys-apps/asahi-scripts/asahi-scripts-20231219.1.ebuild
new file mode 100644
index 000000000000..4e4b1fe2eda2
--- /dev/null
+++ b/sys-apps/asahi-scripts/asahi-scripts-20231219.1.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="8"
+
+DESCRIPTION="Apple Silicon support scripts"
+HOMEPAGE="https://asahilinux.org/"
+SRC_URI="https://github.com/AsahiLinux/${PN}/archive/refs/tags/${PV}.tar.gz -> ${PN}-${PV}.tar.gz"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~arm64"
+
+PATCHES=(
+	"${FILESDIR}/makefile.patch"
+	"${FILESDIR}/update-m1n1-dtbs.patch"
+)
+
+src_install() {
+	default
+	emake DESTDIR="${D}" SYS_PREFIX="" install-dracut
+}
+
+pkg_postinst() {
+	if [[ ! -e ${ROOT}/usr/lib/asahi-boot ]]; then
+		ewarn "These scripts are intended for use on Apple Silicon"
+		ewarn "machines with the Asahi tooling installed! Please"
+		ewarn "install sys-boot/m1n1, sys-boot/u-boot and"
+		ewarn "sys-firmware/asahi-firmware!"
+	fi
+
+	if [[ -e ${ROOT}/bin/update-m1n1 ]]; then
+		ewarn "You need to remove /bin/update-m1n1."
+	fi
+
+	if [[ -e ${ROOT}/usr/local/share/asahi-scripts/functions.sh ]]; then
+		ewarn "You have upgraded to a new version of ${PN}. Please"
+		ewarn "remove /usr/local/share/asahi-scripts/,"
+		ewarn " /usr/local/bin/update-m1n1, and"
+		ewarn "/usr/local/bin/update-vendor-firmware."
+	fi
+
+	if [[ -e ${ROOT}/etc/dracut.conf.d/10-apple.conf ]]; then
+		ewarn "Please remove /etc/dracut.conf.d/10-apple.conf"
+	fi
+}
diff --git a/sys-apps/asahi-scripts/files/makefile.patch b/sys-apps/asahi-scripts/files/makefile.patch
new file mode 100644
index 000000000000..b7a9db6585f5
--- /dev/null
+++ b/sys-apps/asahi-scripts/files/makefile.patch
@@ -0,0 +1,6 @@
+--- a/Makefile	2022-10-31 17:46:24.536323376 +1000
++++ b/Makefile	2022-10-31 17:47:13.510116412 +1000
+@@ -1,2 +1,2 @@
+-PREFIX=/usr/local
++PREFIX=/usr
+ CONFIG_DIR=/etc/default
diff --git a/sys-apps/asahi-scripts/files/update-m1n1-dtbs.patch b/sys-apps/asahi-scripts/files/update-m1n1-dtbs.patch
new file mode 100644
index 000000000000..a1127c440fd6
--- /dev/null
+++ b/sys-apps/asahi-scripts/files/update-m1n1-dtbs.patch
@@ -0,0 +1,13 @@
+diff --git a/update-m1n1 b/update-m1n1
+index 0e55ead..f014a52 100755
+--- a/update-m1n1
++++ b/update-m1n1
+@@ -17,7 +17,7 @@ fi
+ : ${M1N1:="$SOURCE/m1n1.bin"}
+ : ${U_BOOT:="$SOURCE/u-boot-nodtb.bin"}
+ : ${TARGET:="$1"}
+-: ${DTBS:=$(/bin/ls -d /lib/modules/*-ARCH | sort -rV | head -1)/dtbs/*.dtb}
++: ${DTBS:=/usr/src/linux/arch/arm64/boot/dts/apple/*.dtb}
+ : ${CONFIG:=/etc/m1n1.conf}
+ 
+ umount=false
diff --git a/sys-apps/asahi-scripts/metadata.xml b/sys-apps/asahi-scripts/metadata.xml
new file mode 100644
index 000000000000..e0d402772ba2
--- /dev/null
+++ b/sys-apps/asahi-scripts/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>jcalligeros99@gmail.com</email>
+		<name>James Calligeros</name>
+	</maintainer>
+	<maintainer type="project">
+		<email>asahi@gentoo.org</email>
+	</maintainer>
+	<upstream>
+		<remote-id type="github">AsahiLinux/asahi-scripts</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 135d6f7dd60e..dccfc6829a3f 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -4,12 +4,13 @@ AUX gentoo-journald-audit-r1.patch 1941 BLAKE2B 93f1a0ba8dd575359e5ab4bd04f99ed3
 AUX legacy.conf 80 BLAKE2B 23eca4dd1743a5cf77767894d23d419c1663147c5aee6be971da64fdea0531eadfe97ac8bc4e63b44404dcf89940d438de6b7081158b78639945ce0fadbb103c SHA512 f74f05991102b644dee7822a80cb8e6c14cd1eb48bd9342bc662d5947b9f04d32e875d2a5e6476a67bdbface4d2b2159b99c11d72eb4658c5cb4caf595f138be
 AUX nsswitch.conf 734 BLAKE2B 5f5a7821a84f6c8aa31fe9a68c29a1a0f24be578d427a623f14a9ef795e7da481f226efe5511d92932b5edf5638fa719808a0c3a0b8fd340799dd6bcb703a0a1 SHA512 dcbd51dacaaebdff32edb3840cc7b9b47b6521009b8786690e3673a2e78bc60bfd8e591b1048c5d452117c6659b9917ae2864462f5057cc39b704b0130522e60
 AUX systemd-253-initrd-generators.patch 1486 BLAKE2B 85a7f714aa1743bd88e01b45624dc4104e4d762732745d9958019063f6ac91ffd89ae84e03f728e6040a58643f253a5ea7f77f44ef71620e686e23aed61876e4 SHA512 f8aab9f4bbf5a73c52144013fd7001dc78974211f11abb58a0f5eceff59b3ebf670409846fff854daec10219074602674176730f85583db0e81275289e89c66b
+AUX systemd-254.9-fchmodat2.patch 9696 BLAKE2B d3e3dbf5af966742c18d6710efc75f13b21e703daa256c37c8d7a2f8ec4247f67687647eb34f38675dbba3e2a9ddd6606a3ca599688d0c2115bf29406521c4b3 SHA512 b28ff60cf0eb3fb58ff26b120721efa39537d0dc10e162ac07cb415db25c98eca98103f833bffcb1b98d4cefb44af8e433c69280b88d1bcd1209944e78ce5c6c
 AUX systemd-user.pam 122 BLAKE2B cccc07cab47dfc0481438e503c34fa1a0b2c6b1f8ab282197719a523421d2a526f19230bb459e0347cbeb2046e35a407c78178a3fb5b79619e987cbc4ac7d5e4 SHA512 c5437677ff00fbb45798fe594e8d61b1c2bfc2d103105d7bd82e476240452477ac263700800f5d0ba91ddc895eb85f4517d5cb15c80611ec1680a686d47cd781
 DIST systemd-stable-254.8.tar.gz 14418468 BLAKE2B e5a151ece86e57c7224fc95bda1b4ede1277fce4a2ba28d3605ab0431a2aafe1088f90c49a20e3b53a5b56aeef7c0f1f5da0601db740150f5efdf6eae7bbde80 SHA512 a3f35d9fcafcccd8d9c33ab1047241f226146017be95562a67c7dcc9eeb4b77bded92ad80e92f4767f2bf2009df0172a621d4c54a805e07ed5a5ed03940ec28e
 DIST systemd-stable-254.9.tar.gz 14423806 BLAKE2B ab39c0a00b8451b24b40e39f4bf7ecb912ff23d9cd6f8d30fd0545e895936baa635b1ff63c02a83761682b72f44244aac8338bf6506885c9b07cd0c5247b6693 SHA512 a0300693a044cfe4c76deb0e3e48a927125eb97c3952c07ba68936f1e093c93506d8044b249b534b8e778ade6143b43194f8d6b721a8cd520bc7bb4cb3d3e5c1
 DIST systemd-stable-255.3.tar.gz 14873273 BLAKE2B e22ef391c691fcf1e765c5112e1a55096d3bba61a9dae3ea1a3958add4e355892a97d5214e63c516ba3b70e2a83bb5d21254812d870f06c16c74a58d4f957d75 SHA512 c2868a53df2176649b0d0c94e5d451c46ba783bcdbc89ce12434ed2d11dba44b4854ffe4c2430f3f64eef2e214cbb51d5f740170afbd9edd66761a8851157453
 EBUILD systemd-254.8-r1.ebuild 15523 BLAKE2B 494be6bec6adfdd00621311f85476c58d244940115a54a92314b3e66cf86af39f0a8d9f1643f7a09ab3cc70026918e185c6298e9fb42573865b106dbcc711e69 SHA512 b3abd9b1d93e49b7c4aac38cebb62ec4b02113f3f4534017b169c30e8b7579535e7a3527a96e29bab4471bdbd801f3a249d7ec23b1b6dec863bcca6a09ece24f
-EBUILD systemd-254.9.ebuild 15531 BLAKE2B 26ad4b07e8cec1673c36917b5851a03836c0bdea538be9f35397305b928df5c3f814f4a639d24e2cfe15faa526b625ce9a024d876be381b4763f9069bc4879a3 SHA512 1f89650f0ea62e8f57e7967c203cf9821dc08c3845b2a4717c8e0d552f1ab370ecf0b63a89705e2ef71cbce867c1480e0a9f8f2123fb28070d2ca0d409177d4b
+EBUILD systemd-254.9-r1.ebuild 15577 BLAKE2B 8fbfa998bbfcba77b86446b4a38dd006f109e30800cf8177cd21b02e38defa62e7aef41f0ad3bf4f68fa37583596b53130fe82f0230aa639a02946dda730e50e SHA512 1b114706349eaffebbb28bb65764b2f162dad85e24413ab97ea3709e600b415a2f9dcb71ee2b7ed8b2a9892271d8f3c9ad07fb42acccafdc7db5002d42672f59
 EBUILD systemd-255.3-r1.ebuild 14969 BLAKE2B 29235c09521b4856a770afa623a3b5b4096cc2dc965c4e2fadb75fc87f4b9864e1625c146c4c4015cd46c00b2b0ab882adc7ca418597c4fe0bb2a3453a37186d SHA512 2c393284326095d1f42ca5a29eb5ca7dcd69eecc1bab55a97a394c6c128dddbee232ead61f569d80d91ef4abd6227a475edc25148e92433b9a880fde70e44e0c
 EBUILD systemd-9999.ebuild 14973 BLAKE2B b71367b0ce0a4b12666483d32ada0f552242b4627e6cfbe068cef3a02cde3ee6869e94822b08f6e84bec32a2cf032673810aaceb9986c0fc79efe1de102431d0 SHA512 7e2ffaaaa5a2c4ff46b7136d288a1de8d65642a7b3d53ea744cd1f589bab269682efdcd79ab288192a78886ec556e3de658ea69391e01324c98323f69a7ab8f1
 MISC metadata.xml 2609 BLAKE2B 8947f3b696fbba7b90e838a54fbb4fd933c71907c8011652fc2b7d68d4ce5f78a19f350a309e4c0f66ef0159376c9064ba9c15941ecf1748c359c4ae3b072102 SHA512 dfeea24b7a93f5d4af4ac47b87ba08092d069fb1a4749c0c1f36a669be6115eaea8f67e6183b6a4f155ef90d7714f74299109420d569c2b0545d80584ed0e97e
diff --git a/sys-apps/systemd/files/systemd-254.9-fchmodat2.patch b/sys-apps/systemd/files/systemd-254.9-fchmodat2.patch
new file mode 100644
index 000000000000..27bdd121aa60
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-254.9-fchmodat2.patch
@@ -0,0 +1,255 @@
+From 3d93b69fa558b33f1f2b52305fa4c2d836789394 Mon Sep 17 00:00:00 2001
+From: Arseny Maslennikov <arseny@altlinux.org>
+Date: Sun, 15 Oct 2023 11:00:00 +0300
+Subject: [PATCH 1/3] basic/missing_syscall: generate defs for `fchmodat2(2)`
+
+We will need this to set seccomp filters on this system call regardless
+of libseccomp or kernel support.
+
+(cherry picked from commit 3677364cc3a2c5429380cfd3a2472e2da87925c4)
+---
+ src/basic/missing_syscall_def.h | 68 +++++++++++++++++++++++++++++++++
+ src/basic/missing_syscalls.py   |  1 +
+ 2 files changed, 69 insertions(+)
+
+diff --git a/src/basic/missing_syscall_def.h b/src/basic/missing_syscall_def.h
+index 402fdd00dc..b5beb434db 100644
+--- a/src/basic/missing_syscall_def.h
++++ b/src/basic/missing_syscall_def.h
+@@ -246,6 +246,74 @@ assert_cc(__NR_copy_file_range == systemd_NR_copy_file_range);
+ #  endif
+ #endif
+ 
++#ifndef __IGNORE_fchmodat2
++#  if defined(__aarch64__)
++#    define systemd_NR_fchmodat2 452
++#  elif defined(__alpha__)
++#    define systemd_NR_fchmodat2 562
++#  elif defined(__arc__) || defined(__tilegx__)
++#    define systemd_NR_fchmodat2 452
++#  elif defined(__arm__)
++#    define systemd_NR_fchmodat2 452
++#  elif defined(__i386__)
++#    define systemd_NR_fchmodat2 452
++#  elif defined(__ia64__)
++#    define systemd_NR_fchmodat2 1476
++#  elif defined(__loongarch_lp64)
++#    define systemd_NR_fchmodat2 452
++#  elif defined(__m68k__)
++#    define systemd_NR_fchmodat2 452
++#  elif defined(_MIPS_SIM)
++#    if _MIPS_SIM == _MIPS_SIM_ABI32
++#      define systemd_NR_fchmodat2 4452
++#    elif _MIPS_SIM == _MIPS_SIM_NABI32
++#      define systemd_NR_fchmodat2 6452
++#    elif _MIPS_SIM == _MIPS_SIM_ABI64
++#      define systemd_NR_fchmodat2 5452
++#    else
++#      error "Unknown MIPS ABI"
++#    endif
++#  elif defined(__hppa__)
++#    define systemd_NR_fchmodat2 452
++#  elif defined(__powerpc__)
++#    define systemd_NR_fchmodat2 452
++#  elif defined(__riscv)
++#    if __riscv_xlen == 32
++#      define systemd_NR_fchmodat2 452
++#    elif __riscv_xlen == 64
++#      define systemd_NR_fchmodat2 452
++#    else
++#      error "Unknown RISC-V ABI"
++#    endif
++#  elif defined(__s390__)
++#    define systemd_NR_fchmodat2 452
++#  elif defined(__sparc__)
++#    define systemd_NR_fchmodat2 452
++#  elif defined(__x86_64__)
++#    if defined(__ILP32__)
++#      define systemd_NR_fchmodat2 (452 | /* __X32_SYSCALL_BIT */ 0x40000000)
++#    else
++#      define systemd_NR_fchmodat2 452
++#    endif
++#  elif !defined(missing_arch_template)
++#    warning "fchmodat2() syscall number is unknown for your architecture"
++#  endif
++
++/* may be an (invalid) negative number due to libseccomp, see PR 13319 */
++#  if defined __NR_fchmodat2 && __NR_fchmodat2 >= 0
++#    if defined systemd_NR_fchmodat2
++assert_cc(__NR_fchmodat2 == systemd_NR_fchmodat2);
++#    endif
++#  else
++#    if defined __NR_fchmodat2
++#      undef __NR_fchmodat2
++#    endif
++#    if defined systemd_NR_fchmodat2 && systemd_NR_fchmodat2 >= 0
++#      define __NR_fchmodat2 systemd_NR_fchmodat2
++#    endif
++#  endif
++#endif
++
+ #ifndef __IGNORE_getrandom
+ #  if defined(__aarch64__)
+ #    define systemd_NR_getrandom 278
+diff --git a/src/basic/missing_syscalls.py b/src/basic/missing_syscalls.py
+index 5ccf02adec..00f72dc7a8 100644
+--- a/src/basic/missing_syscalls.py
++++ b/src/basic/missing_syscalls.py
+@@ -9,6 +9,7 @@ SYSCALLS = [
+     'bpf',
+     'close_range',
+     'copy_file_range',
++    'fchmodat2',
+     'getrandom',
+     'memfd_create',
+     'mount_setattr',
+-- 
+2.43.0
+
+
+From c1ffd32c642dcadb844b149fcc0c6fe0dbe8a292 Mon Sep 17 00:00:00 2001
+From: Arseny Maslennikov <arseny@altlinux.org>
+Date: Sun, 15 Oct 2023 11:00:00 +0300
+Subject: [PATCH 2/3] seccomp: include `fchmodat2` in `@file-system`
+
+(cherry picked from commit 6e10405aa25fe5e76b740d9ec59730e3f4470c7a)
+---
+ src/shared/seccomp-util.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
+index bd9660cb35..a9c6279b18 100644
+--- a/src/shared/seccomp-util.c
++++ b/src/shared/seccomp-util.c
+@@ -468,6 +468,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
+                 "fchdir\0"
+                 "fchmod\0"
+                 "fchmodat\0"
++                "fchmodat2\0"
+                 "fcntl\0"
+                 "fcntl64\0"
+                 "fgetxattr\0"
+-- 
+2.43.0
+
+
+From da6ec29e7f755e14655132b4e0b04f463f40af3e Mon Sep 17 00:00:00 2001
+From: Arseny Maslennikov <arseny@altlinux.org>
+Date: Sun, 15 Oct 2023 11:00:00 +0300
+Subject: [PATCH 3/3] seccomp: also check the mode parameter of `fchmodat2(2)`
+
+If there is no libseccomp support, just ban the entire syscall instead
+so wrappers will fall back to older, supported syscalls.
+Also reflect all of this in `test-seccomp.c`.
+
+(cherry picked from commit 8b45281daa3a87b4b7a3248263cd0ba929d15596)
+---
+ src/shared/seccomp-util.c | 24 +++++++++++++++++++++++-
+ src/test/test-seccomp.c   | 28 ++++++++++++++++++++++++++++
+ 2 files changed, 51 insertions(+), 1 deletion(-)
+
+diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
+index a9c6279b18..12fd95d95b 100644
+--- a/src/shared/seccomp-util.c
++++ b/src/shared/seccomp-util.c
+@@ -2038,7 +2038,7 @@ int seccomp_protect_hostname(void) {
+ static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) {
+         /* Checks the mode_t parameter of the following system calls:
+          *
+-         *       → chmod() + fchmod() + fchmodat()
++         *       → chmod() + fchmod() + fchmodat() + fchmodat2()
+          *       → open() + creat() + openat()
+          *       → mkdir() + mkdirat()
+          *       → mknod() + mknodat()
+@@ -2081,6 +2081,28 @@ static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) {
+         else
+                 any = true;
+ 
++#if defined(__SNR_fchmodat2)
++        r = seccomp_rule_add_exact(
++                        seccomp,
++                        SCMP_ACT_ERRNO(EPERM),
++                        SCMP_SYS(fchmodat2),
++                        1,
++                        SCMP_A2(SCMP_CMP_MASKED_EQ, m, m));
++#else
++        /* It looks like this libseccomp does not know about fchmodat2().
++         * Pretend the fchmodat2() system call is not supported at all,
++         * regardless of the kernel version. */
++        r = seccomp_rule_add_exact(
++                        seccomp,
++                        SCMP_ACT_ERRNO(ENOSYS),
++                        __NR_fchmodat2,
++                        0);
++#endif
++        if (r < 0)
++                log_debug_errno(r, "Failed to add filter for fchmodat2: %m");
++        else
++                any = true;
++
+         r = seccomp_rule_add_exact(
+                         seccomp,
+                         SCMP_ACT_ERRNO(EPERM),
+diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
+index 2d06098ddd..3a73262a8b 100644
+--- a/src/test/test-seccomp.c
++++ b/src/test/test-seccomp.c
+@@ -21,6 +21,7 @@
+ #include "macro.h"
+ #include "memory-util.h"
+ #include "missing_sched.h"
++#include "missing_syscall_def.h"
+ #include "nsflags.h"
+ #include "nulstr-util.h"
+ #include "process-util.h"
+@@ -1003,6 +1004,23 @@ static int real_open(const char *path, int flags, mode_t mode) {
+ #endif
+ }
+ 
++static int try_fchmodat2(int dirfd, const char *path, int flags, mode_t mode) {
++        /* glibc does not provide a direct wrapper for fchmodat2(). Let's hence define our own wrapper for
++         * testing purposes that calls the real syscall, on architectures and in environments where
++         * SYS_fchmodat2 is defined. Otherwise, let's just fall back to the glibc fchmodat() call. */
++
++#if defined __NR_fchmodat2 && __NR_fchmodat2 >= 0
++        int r;
++        r = (int) syscall(__NR_fchmodat2, dirfd, path, flags, mode);
++        /* The syscall might still be unsupported by kernel or libseccomp. */
++        if (r < 0 && errno == ENOSYS)
++                return fchmodat(dirfd, path, flags, mode);
++        return r;
++#else
++        return fchmodat(dirfd, path, flags, mode);
++#endif
++}
++
+ TEST(restrict_suid_sgid) {
+         pid_t pid;
+ 
+@@ -1044,6 +1062,11 @@ TEST(restrict_suid_sgid) {
+                 assert_se(fchmodat(AT_FDCWD, path, 0755 | S_ISGID | S_ISUID, 0) >= 0);
+                 assert_se(fchmodat(AT_FDCWD, path, 0755, 0) >= 0);
+ 
++                assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISUID, 0) >= 0);
++                assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISGID, 0) >= 0);
++                assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISGID | S_ISUID, 0) >= 0);
++                assert_se(try_fchmodat2(AT_FDCWD, path, 0755, 0) >= 0);
++
+                 k = real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID);
+                 k = safe_close(k);
+                 assert_se(unlink(z) >= 0);
+@@ -1145,6 +1168,11 @@ TEST(restrict_suid_sgid) {
+                 assert_se(fchmodat(AT_FDCWD, path, 0755 | S_ISGID | S_ISUID, 0) < 0 && errno == EPERM);
+                 assert_se(fchmodat(AT_FDCWD, path, 0755, 0) >= 0);
+ 
++                assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISUID, 0) < 0 && errno == EPERM);
++                assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISGID, 0) < 0 && errno == EPERM);
++                assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISGID | S_ISUID, 0) < 0 && errno == EPERM);
++                assert_se(try_fchmodat2(AT_FDCWD, path, 0755, 0) >= 0);
++
+                 assert_se(real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID) < 0 && errno == EPERM);
+                 assert_se(real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISGID) < 0 && errno == EPERM);
+                 assert_se(real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID | S_ISGID) < 0 && errno == EPERM);
+-- 
+2.43.0
+
diff --git a/sys-apps/systemd/systemd-254.9.ebuild b/sys-apps/systemd/systemd-254.9-r1.ebuild
index c12a9240f822..b9a20c537da3 100644
--- a/sys-apps/systemd/systemd-254.9.ebuild
+++ b/sys-apps/systemd/systemd-254.9-r1.ebuild
@@ -242,6 +242,7 @@ src_prepare() {
 	local PATCHES=(
 		"${FILESDIR}/systemd-253-initrd-generators.patch"
 		"${FILESDIR}/254-PrivateDevices-userdbd.patch"
+		"${FILESDIR}/systemd-254.9-fchmodat2.patch"
 	)
 
 	if ! use vanilla; then