diff options
Diffstat (limited to 'sys-apps')
-rw-r--r-- | sys-apps/Manifest.gz | bin | 49757 -> 49759 bytes | |||
-rw-r--r-- | sys-apps/pv/Manifest | 2 | ||||
-rw-r--r-- | sys-apps/pv/pv-1.8.0.ebuild | 2 | ||||
-rw-r--r-- | sys-apps/systemd-utils/Manifest | 2 | ||||
-rw-r--r-- | sys-apps/systemd-utils/systemd-utils-254.8.ebuild | 575 | ||||
-rw-r--r-- | sys-apps/systemd/Manifest | 5 | ||||
-rw-r--r-- | sys-apps/systemd/files/254-PrivateDevices-userdbd.patch | 242 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-254.8.ebuild | 526 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-255.2.ebuild | 509 |
9 files changed, 1861 insertions, 2 deletions
diff --git a/sys-apps/Manifest.gz b/sys-apps/Manifest.gz Binary files differindex 60ac61e93a56..6e65f26704fd 100644 --- a/sys-apps/Manifest.gz +++ b/sys-apps/Manifest.gz diff --git a/sys-apps/pv/Manifest b/sys-apps/pv/Manifest index b271948bc07d..c2acfd731777 100644 --- a/sys-apps/pv/Manifest +++ b/sys-apps/pv/Manifest @@ -6,7 +6,7 @@ DIST pv-1.8.5.tar.gz 327072 BLAKE2B ef7fcf64430a72e04ca3a922115e7012c999109bb7e1 DIST pv-1.8.5.tar.gz.asc 691 BLAKE2B ac5bd2b05e145d4ea5aedbb148b39a317d68329787f06f39f808be75951da0e0f460254b4a5049a8eafabad07edfbe936be00154f5dfa660628c8a3dfa3b7ffd SHA512 8414b2485347579a54233a2f241c080ab6461799c149567ab1063ce812b08ab2293f55bf8a24bcadabf94d12ce3dce36fe57277d822d115db9e53c957fe99c20 EBUILD pv-1.6.20.ebuild 1456 BLAKE2B 055fc1d118f5f5500e3fb453d94ae40c0db8389425df249cd2cc8d9303db9a113a13d324c1b2f53d993ce455eaaaa695bc542a4c53f5bc2564d314ffbe76721d SHA512 583e35041a54b3123c757acad234afb053d00703e8b8a57efb680fc76d7738485f30d0aed94ad31bbd9d4a4db7356b72a0628ec74fffaa3388af8b7e3abf54a3 EBUILD pv-1.7.24.ebuild 1364 BLAKE2B bcf84d8ce9ef43828b060ace27d330cf452ae996539181bccc1114c111523650966d83996c7625848bb01693125ef768155ae4d958ebe1abb5e5322c04972e50 SHA512 92251054a71196ce418360c14cbcfdd1d0beec36c1420655a9cfbfb5c9c37016725e1f55f49791f95ec291f01877d937ac9d49b1c8f0c01988cffbca4324d84e -EBUILD pv-1.8.0.ebuild 1336 BLAKE2B 048a9bf24d8b0142dc4ee5966260c3607de73153a490e79a3367d3b165ab01e93393900fe4af6ede30dba2c310b4079e5d8a4f5f0c8fcb21adbf3c533b96b69a SHA512 2ce0675b016a1a5ce2d695366d04fe51cc21cad1ece463d877c84172387344dd33ebe7831afb8e2727767f1db69a594c6c8768b56b40a4c081ebaf21a6dcd77e +EBUILD pv-1.8.0.ebuild 1335 BLAKE2B 5d9da44641afb747a35548020b97daa756bf14e0dab16f915779fc769bd806a7f75f3b13a42d3d9ba2a501fddc87207205c40c8971f2364c4002aa0915a4913a SHA512 1da146fb42650835ccb6f6acb51ff9a95d8667123c0e00b05b031bae2c942c750154badebd0f191608d7d23a3781b2b4c47c1427e591aa77a46901ca5e6ad74d EBUILD pv-1.8.5.ebuild 1286 BLAKE2B d706213997fa9347003871e733498eb6cd7772506d3af209f6d6114827308fe27df92baccdf0285c740fb1d8a792b965d2368bafaf855aef5ee52e804a66b5fd SHA512 435a956dedf403f7fd6710383df5e7dfe8c249b24e795c259c58b5fead2d4dddcd459005badb6ad3fb7d79576ca5d5752152446a2c17b17f2009ce6439353ad3 EBUILD pv-9999.ebuild 1286 BLAKE2B d706213997fa9347003871e733498eb6cd7772506d3af209f6d6114827308fe27df92baccdf0285c740fb1d8a792b965d2368bafaf855aef5ee52e804a66b5fd SHA512 435a956dedf403f7fd6710383df5e7dfe8c249b24e795c259c58b5fead2d4dddcd459005badb6ad3fb7d79576ca5d5752152446a2c17b17f2009ce6439353ad3 MISC metadata.xml 352 BLAKE2B 52ddc86245bfabca6612732be0e84d336ba0601d3b91d17c583025e370aeaaba0ff38ee9f2097eb0b57a434730d1b439835514488507093112d48b8ed7b36ccb SHA512 541a8d15d5810888535bec6d364dc5e319ae3960d44588660e52afafc37232b77f2f5fdbcdfec5e0dae2629f1ca2b9ca72ee1055e152b68d5b3bed8d3eff1d2a diff --git a/sys-apps/pv/pv-1.8.0.ebuild b/sys-apps/pv/pv-1.8.0.ebuild index b59b9f7552bc..5e7d39e35f31 100644 --- a/sys-apps/pv/pv-1.8.0.ebuild +++ b/sys-apps/pv/pv-1.8.0.ebuild @@ -18,7 +18,7 @@ else verify-sig? ( https://www.ivarch.com/programs/sources/${P}.tar.gz.txt -> ${P}.tar.gz.asc ) " - KEYWORDS="~alpha amd64 ~arm arm64 hppa ~mips ~ppc ppc64 ~riscv sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos" + KEYWORDS="~alpha amd64 ~arm arm64 hppa ~mips ppc ppc64 ~riscv sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos" fi LICENSE="GPL-3+" diff --git a/sys-apps/systemd-utils/Manifest b/sys-apps/systemd-utils/Manifest index 1014c7f692f3..00d96463e97c 100644 --- a/sys-apps/systemd-utils/Manifest +++ b/sys-apps/systemd-utils/Manifest @@ -12,10 +12,12 @@ DIST systemd-stable-253.13.tar.gz 12183733 BLAKE2B f0cf127f71a0abe2a02f5421816a6 DIST systemd-stable-254.5.tar.gz 14334696 BLAKE2B 2f63d79ae93add69ac0b56dda9f67019340f84692de4da200557b9f5f1f16bebbad42a9a7e2d6ef7420aa37746d2ede0481fd8e39f03a31576c7e4e48e259ce3 SHA512 cac713670216add9e5473e2c86f04da441015e7cc0ac1500b9e1489a435f9b80c4c6ee24e9b22e4c4213a495bc1a0a908925df2045e344a2170d5aea6aafa16c DIST systemd-stable-254.6.tar.gz 14400611 BLAKE2B 5b23131b8aaabcd386ceb9cfb4ba8e7e1c92c454dbcc2dd907fb459f3022cd324cef86d531fe296ad56349602e487544d60900f71e189aadac6ec0a361a382e3 SHA512 3ebb8c2b931d13cf6efa59842d6d7fb84410fee02f5161061900321497d33750e0b88e2366a4234ba1ab0b89b797da0b1f8b577e0924e560cd9914fde83a1e45 DIST systemd-stable-254.7.tar.gz 14411955 BLAKE2B 1213237a001fb0aef8912637f31d7d77888bc2505e1e8d8d295642a547bdebbc3a786eed095694e6a6fe2665d6e8e45e98cd883186eedeb1b4fd73daf2520dcf SHA512 2e859813f1f52fa693631ce43466875ac2ac42e09872011ee52fe4e44727663c3de9f128a47776899423188c1e99ce73a69059426a9356c930e275037d001685 +DIST systemd-stable-254.8.tar.gz 14418468 BLAKE2B e5a151ece86e57c7224fc95bda1b4ede1277fce4a2ba28d3605ab0431a2aafe1088f90c49a20e3b53a5b56aeef7c0f1f5da0601db740150f5efdf6eae7bbde80 SHA512 a3f35d9fcafcccd8d9c33ab1047241f226146017be95562a67c7dcc9eeb4b77bded92ad80e92f4767f2bf2009df0172a621d4c54a805e07ed5a5ed03940ec28e EBUILD systemd-utils-253.11-r1.ebuild 12608 BLAKE2B aa3fc7468ada1b120d868cdbc94eeb22a5a4ec7ddbcca37d364cd996094021c82e8c98a2ff1e42f04cf57314ceb9a48b1edf7df3976de926fbfe208f422dd459 SHA512 51739b8478efb3bbf326b8681bb51adc2e150316fcae68984d68cbc05389e09c45da06cc77bb96ff2d43ad6c1951b91e05d41377e02684aa873d7c603e183d4d EBUILD systemd-utils-253.12-r1.ebuild 12616 BLAKE2B ba823f24fc2b19f5aa9ca1ff9df8521efe9847d5440cd3dfa35c912f5b8d32418cc13220e8e50422350f0dd1812f38a6c06c44d9e518aad3ebca9d17d4564029 SHA512 abb188db7c96f7a2afb022fb548106870f876fbeeac5cb415b2ef26fd34254ddad0568d6f74c1165dbb2549c5d144d7bfabef7aedf6ce120c1c1b339ccda4e16 EBUILD systemd-utils-253.13.ebuild 12616 BLAKE2B ba823f24fc2b19f5aa9ca1ff9df8521efe9847d5440cd3dfa35c912f5b8d32418cc13220e8e50422350f0dd1812f38a6c06c44d9e518aad3ebca9d17d4564029 SHA512 abb188db7c96f7a2afb022fb548106870f876fbeeac5cb415b2ef26fd34254ddad0568d6f74c1165dbb2549c5d144d7bfabef7aedf6ce120c1c1b339ccda4e16 EBUILD systemd-utils-254.5-r2.ebuild 13076 BLAKE2B b3da8f4d0f6ce116618e6f7885b41bc0ef5724b1ec3d58b7fd080494a29bb101dddab4e0fc278a50ba340c1988055fe6a5ee352bc1aad33012226a1ee4d15dad SHA512 90b6f053e921aa6d80b19d484a5f5ac8f74325f1d4e2e08e379a1fb53456e7250b60e9969b6b3ca7e5ce26ac6215d419742e81f36decc6ebbb3d47b2f1f35e27 EBUILD systemd-utils-254.6.ebuild 13084 BLAKE2B ee9dee6a8edce96691b88edf54fcb25a2e5e004eecf5c1cd27fa782464164ab670f11925f3f2ce9014975401571fd47f5cc3adf706c394fe61f1b8b24fd94749 SHA512 7fb74bb5532548bf41b0ce50dbb2936391c6adc140ed9ad6e3b56b30159e4e4c629a87c61602d4231fcc87c6abe288fdf305c13ff739a19e64e9bdd7347d4e6c EBUILD systemd-utils-254.7.ebuild 13076 BLAKE2B b3da8f4d0f6ce116618e6f7885b41bc0ef5724b1ec3d58b7fd080494a29bb101dddab4e0fc278a50ba340c1988055fe6a5ee352bc1aad33012226a1ee4d15dad SHA512 90b6f053e921aa6d80b19d484a5f5ac8f74325f1d4e2e08e379a1fb53456e7250b60e9969b6b3ca7e5ce26ac6215d419742e81f36decc6ebbb3d47b2f1f35e27 +EBUILD systemd-utils-254.8.ebuild 13084 BLAKE2B ee9dee6a8edce96691b88edf54fcb25a2e5e004eecf5c1cd27fa782464164ab670f11925f3f2ce9014975401571fd47f5cc3adf706c394fe61f1b8b24fd94749 SHA512 7fb74bb5532548bf41b0ce50dbb2936391c6adc140ed9ad6e3b56b30159e4e4c629a87c61602d4231fcc87c6abe288fdf305c13ff739a19e64e9bdd7347d4e6c MISC metadata.xml 888 BLAKE2B b799e1d62a1208dbbec1a1cfb47592b069d5c79cb18efffef922c72b0d61e30938d26c6f4e0d3951f9c327601dd71de14062dad0a47e6b84a61b1a8b125f1a6b SHA512 6debd964f9c127ba4332e0c0b86e506d3cf10cbe3cd45442bf7955b16e790a9eccdd928d473b3722b11b4a75d34fe5bb91f4867a5dc92e786ba73d9ec3f54712 diff --git a/sys-apps/systemd-utils/systemd-utils-254.8.ebuild b/sys-apps/systemd-utils/systemd-utils-254.8.ebuild new file mode 100644 index 000000000000..a5364fa98930 --- /dev/null +++ b/sys-apps/systemd-utils/systemd-utils-254.8.ebuild @@ -0,0 +1,575 @@ +# Copyright 2022-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +PYTHON_COMPAT=( python3_{10..12} ) + +QA_PKGCONFIG_VERSION=$(ver_cut 1) + +inherit bash-completion-r1 flag-o-matic linux-info meson-multilib python-single-r1 +inherit secureboot toolchain-funcs udev usr-ldscript + +DESCRIPTION="Utilities split out from systemd for OpenRC users" +HOMEPAGE="https://systemd.io/" + +if [[ ${PV} == *.* ]]; then + MY_P="systemd-stable-${PV}" + S="${WORKDIR}/${MY_P}" + SRC_URI="https://github.com/systemd/systemd-stable/archive/refs/tags/v${PV}.tar.gz -> ${MY_P}.tar.gz" +else + MY_P="systemd-${PV}" + S="${WORKDIR}/${MY_P}" + SRC_URI="https://github.com/systemd/systemd/archive/refs/tags/v${PV}.tar.gz -> ${MY_P}.tar.gz" +fi + +MUSL_PATCHSET="systemd-musl-patches-254.3" +SRC_URI+=" elibc_musl? ( https://dev.gentoo.org/~floppym/dist/${MUSL_PATCHSET}.tar.gz )" + +LICENSE="GPL-2 LGPL-2.1 MIT public-domain" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="+acl boot +kmod kernel-install selinux split-usr sysusers +tmpfiles test +udev ukify" +REQUIRED_USE=" + || ( kernel-install tmpfiles sysusers udev ) + boot? ( kernel-install ) + ukify? ( boot ) + ${PYTHON_REQUIRED_USE} +" +RESTRICT="!test? ( test )" + +COMMON_DEPEND=" + elibc_musl? ( >=sys-libs/musl-1.2.3 ) + selinux? ( sys-libs/libselinux:0= ) + tmpfiles? ( + acl? ( sys-apps/acl:0= ) + ) + udev? ( + >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] + sys-libs/libcap:0=[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + acl? ( sys-apps/acl:0= ) + kmod? ( >=sys-apps/kmod-15:0= ) + ) + !udev? ( + >=sys-apps/util-linux-2.30:0= + sys-libs/libcap:0= + virtual/libcrypt:= + ) +" +DEPEND="${COMMON_DEPEND} + >=sys-kernel/linux-headers-3.11 +" + +PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' + +RDEPEND="${COMMON_DEPEND} + boot? ( !<sys-boot/systemd-boot-250 ) + ukify? ( + ${PYTHON_DEPS} + $(python_gen_cond_dep "${PEFILE_DEPEND}") + ) + tmpfiles? ( !<sys-apps/systemd-tmpfiles-250 ) + udev? ( + acct-group/audio + acct-group/cdrom + acct-group/dialout + acct-group/disk + acct-group/floppy + acct-group/input + acct-group/kmem + acct-group/kvm + acct-group/lp + acct-group/render + acct-group/sgx + acct-group/tape + acct-group/tty + acct-group/usb + acct-group/video + !sys-apps/gentoo-systemd-integration + !sys-apps/hwids[udev] + !<sys-fs/udev-250 + !sys-fs/eudev + ) + !sys-apps/systemd +" +PDEPEND=" + udev? ( >=sys-fs/udev-init-scripts-34 ) +" +BDEPEND=" + app-text/docbook-xml-dtd:4.2 + app-text/docbook-xml-dtd:4.5 + app-text/docbook-xsl-stylesheets + dev-libs/libxslt + dev-util/gperf + >=sys-apps/coreutils-8.16 + sys-devel/gettext + virtual/pkgconfig + $(python_gen_cond_dep " + dev-python/jinja[\${PYTHON_USEDEP}] + dev-python/lxml[\${PYTHON_USEDEP}] + boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] ) + ukify? ( test? ( ${PEFILE_DEPEND} ) ) + ") +" + +TMPFILES_OPTIONAL=1 +UDEV_OPTIONAL=1 + +QA_EXECSTACK="usr/lib/systemd/boot/efi/*" +QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" + +CONFIG_CHECK="~BLK_DEV_BSG ~DEVTMPFS ~!IDE ~INOTIFY_USER ~!SYSFS_DEPRECATED + ~!SYSFS_DEPRECATED_V2 ~SIGNALFD ~EPOLL ~FHANDLE ~NET ~UNIX" + +pkg_setup() { + if [[ ${MERGE_TYPE} != buildonly ]] && use udev; then + linux-info_pkg_setup + fi + use boot && secureboot_pkg_setup +} + +src_prepare() { + local PATCHES=( + "${FILESDIR}/${PN}-254.3-add-link-kernel-install-shared-option.patch" + ) + + if use elibc_musl; then + PATCHES+=( + "${WORKDIR}/${MUSL_PATCHSET}" + ) + fi + default + + # Remove install_rpath; we link statically + local rpath_pattern="install_rpath : rootpkglibdir," + grep -q -e "${rpath_pattern}" meson.build || die + sed -i -e "/${rpath_pattern}/d" meson.build || die +} + +src_configure() { + python_setup + meson-multilib_src_configure +} + +multilib_src_configure() { + local emesonargs=( + $(meson_use split-usr) + $(meson_use split-usr split-bin) + -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" + -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" + -Dsysvinit-path= + $(meson_native_use_bool boot bootloader) + $(meson_native_use_bool kernel-install) + $(meson_native_use_bool selinux) + $(meson_native_use_bool sysusers) + $(meson_use test tests) + $(meson_native_use_bool tmpfiles) + $(meson_use udev hwdb) + $(meson_native_use_bool ukify) + + # Link staticly with libsystemd-shared + -Dlink-boot-shared=false + -Dlink-kernel-install-shared=false + -Dlink-udev-shared=false + + # systemd-tmpfiles has a separate "systemd-tmpfiles.standalone" target + -Dstandalone-binaries=true + + # Disable all optional features + -Dadm-group=false + -Danalyze=false + -Dapparmor=false + -Daudit=false + -Dbacklight=false + -Dbinfmt=false + -Dbpf-framework=false + -Dbzip2=false + -Dcoredump=false + -Ddbus=false + -Delfutils=false + -Denvironment-d=false + -Dfdisk=false + -Dgcrypt=false + -Dglib=false + -Dgshadow=false + -Dgnutls=false + -Dhibernate=false + -Dhostnamed=false + -Didn=false + -Dima=false + -Dinitrd=false + -Dfirstboot=false + -Dldconfig=false + -Dlibcryptsetup=false + -Dlibcurl=false + -Dlibfido2=false + -Dlibidn=false + -Dlibidn2=false + -Dlibiptc=false + -Dlocaled=false + -Dlogind=false + -Dlz4=false + -Dmachined=false + -Dmicrohttpd=false + -Dnetworkd=false + -Dnscd=false + -Dnss-myhostname=false + -Dnss-resolve=false + -Dnss-systemd=false + -Doomd=false + -Dopenssl=false + -Dp11kit=false + -Dpam=false + -Dpcre2=false + -Dpolkit=false + -Dportabled=false + -Dpstore=false + -Dpwquality=false + -Drandomseed=false + -Dresolve=false + -Drfkill=false + -Dseccomp=false + -Dsmack=false + -Dsysext=false + -Dtimedated=false + -Dtimesyncd=false + -Dtpm=false + -Dqrencode=false + -Dquotacheck=false + -Duserdb=false + -Dutmp=false + -Dvconsole=false + -Dwheel-group=false + -Dxdg-autostart=false + -Dxkbcommon=false + -Dxz=false + -Dzlib=false + -Dzstd=false + ) + + if use tmpfiles || use udev; then + emesonargs+=( $(meson_native_use_bool acl) ) + else + emesonargs+=( -Dacl=false ) + fi + + if use udev; then + emesonargs+=( $(meson_native_use_bool kmod) ) + else + emesonargs+=( -Dkmod=false ) + fi + + if use elibc_musl; then + # Avoid redefinition of struct ethhdr. + append-cppflags -D__UAPI_DEF_ETHHDR=0 + fi + + if multilib_is_native_abi || use udev; then + meson_src_configure + fi +} + +efi_arch() { + case "$(tc-arch)" in + amd64) echo x64 ;; + arm) echo arm ;; + arm64) echo aa64 ;; + x86) echo x86 ;; + esac +} + +multilib_src_compile() { + local targets=() + if multilib_is_native_abi; then + if use boot; then + targets+=( + bootctl + man/bootctl.1 + src/boot/efi/linux$(efi_arch).efi.stub + src/boot/efi/systemd-boot$(efi_arch).efi + ) + fi + if use kernel-install; then + targets+=( + kernel-install + 90-loaderentry.install + man/kernel-install.8 + ) + fi + if use sysusers; then + targets+=( + systemd-sysusers.standalone + man/sysusers.d.5 + man/systemd-sysusers.8 + ) + if use test; then + targets+=( + systemd-runtest.env + ) + fi + fi + if use tmpfiles; then + targets+=( + systemd-tmpfiles.standalone + man/tmpfiles.d.5 + man/systemd-tmpfiles.8 + tmpfiles.d/{etc,static-nodes-permissions,var}.conf + ) + if use test; then + targets+=( test-tmpfile-util ) + fi + fi + if use udev; then + targets+=( + udevadm + systemd-hwdb + src/udev/ata_id + src/udev/cdrom_id + src/udev/fido_id + src/udev/mtd_probe + src/udev/scsi_id + src/udev/udev.pc + src/udev/v4l_id + man/udev.conf.5 + man/systemd.link.5 + man/hwdb.7 + man/udev.7 + man/systemd-hwdb.8 + man/systemd-udevd.service.8 + man/udevadm.8 + man/libudev.3 + man/udev_device_get_syspath.3 + man/udev_device_has_tag.3 + man/udev_device_new_from_syspath.3 + man/udev_enumerate_add_match_subsystem.3 + man/udev_enumerate_new.3 + man/udev_enumerate_scan_devices.3 + man/udev_list_entry.3 + man/udev_monitor_filter_update.3 + man/udev_monitor_new_from_netlink.3 + man/udev_monitor_receive_device.3 + man/udev_new.3 + hwdb.d/60-autosuspend-chromiumos.hwdb + rules.d/50-udev-default.rules + rules.d/60-persistent-storage.rules + rules.d/64-btrfs.rules + ) + if use test; then + targets+=( + test-fido-id-desc + test-udev-builtin + test-udev-event + test-udev-node + test-udev-util + udev-rule-runner + ) + fi + fi + if use ukify; then + targets+=( + ukify + 60-ukify.install + man/ukify.1 + ) + fi + fi + if use udev; then + targets+=( + udev:shared_library + src/libudev/libudev.pc + ) + if use test; then + targets+=( + test-libudev + test-libudev-sym + test-udev-device-thread + ) + fi + fi + if multilib_is_native_abi || use udev; then + meson_src_compile "${targets[@]}" + fi +} + +multilib_src_test() { + local tests=() + if multilib_is_native_abi; then + if use sysusers; then + tests+=( + test-sysusers.standalone + ) + fi + if use tmpfiles; then + tests+=( + test-systemd-tmpfiles.standalone + test-tmpfile-util + ) + fi + if use udev; then + tests+=( + rule-syntax-check + test-fido-id-desc + test-udev + test-udev-builtin + test-udev-event + test-udev-node + test-udev-util + ) + fi + fi + if use udev; then + tests+=( + test-libudev + test-libudev-sym + test-udev-device-thread + ) + fi + if [[ ${#tests[@]} -ne 0 ]]; then + meson_src_test "${tests[@]}" + fi +} + +src_install() { + local rootprefix="$(usex split-usr '' /usr)" + meson-multilib_src_install +} + +multilib_src_install() { + if multilib_is_native_abi; then + if use boot; then + into /usr + dobin bootctl + doman man/bootctl.1 + insinto usr/lib/systemd/boot/efi + doins src/boot/efi/{linux$(efi_arch).{efi,elf}.stub,systemd-boot$(efi_arch).efi} + fi + if use kernel-install; then + dobin kernel-install + doman man/kernel-install.8 + # copy the default set of plugins + cp "${S}/src/kernel-install/"*.install src/kernel-install || die + exeinto usr/lib/kernel/install.d + doexe src/kernel-install/*.install + fi + if use sysusers; then + into "${rootprefix:-/}" + newbin systemd-sysusers{.standalone,} + doman man/{systemd-sysusers.8,sysusers.d.5} + fi + if use tmpfiles; then + into "${rootprefix:-/}" + newbin systemd-tmpfiles{.standalone,} + doman man/{systemd-tmpfiles.8,tmpfiles.d.5} + insinto /usr/lib/tmpfiles.d + doins tmpfiles.d/{etc,static-nodes-permissions,var}.conf + fi + if use udev; then + into "${rootprefix:-/}" + dobin udevadm systemd-hwdb + dosym ../../bin/udevadm "${rootprefix}"/lib/systemd/systemd-udevd + + exeinto "${rootprefix}"/lib/udev + doexe src/udev/{ata_id,cdrom_id,fido_id,mtd_probe,scsi_id,v4l_id} + + rm -f rules.d/99-systemd.rules + insinto "${rootprefix}"/lib/udev/rules.d + doins rules.d/*.rules + + insinto "${rootprefix}"/lib/udev/hwdb.d + doins hwdb.d/*.hwdb + + insinto /usr/share/pkgconfig + doins src/udev/udev.pc + + doman man/{udev.conf.5,systemd.link.5,hwdb.7,systemd-hwdb.8,udev.7,udevadm.8} + newman man/systemd-udevd.service.8 systemd-udevd.8 + doman man/libudev.3 + doman man/udev_*.3 + fi + if use ukify; then + exeinto "${rootprefix}"/lib/systemd/ + doexe ukify + doman man/ukify.1 + fi + fi + if use udev; then + meson_install --no-rebuild --tags libudev + gen_usr_ldscript -a udev + insinto "/usr/$(get_libdir)/pkgconfig" + doins src/libudev/libudev.pc + fi +} + +multilib_src_install_all() { + einstalldocs + if use boot; then + into /usr + exeinto usr/lib/kernel/install.d + doexe src/kernel-install/*.install + dobashcomp shell-completion/bash/bootctl + insinto /usr/share/zsh/site-functions + doins shell-completion/zsh/{_bootctl,_kernel-install} + fi + if use tmpfiles; then + doinitd "${FILESDIR}"/systemd-tmpfiles-setup + doinitd "${FILESDIR}"/systemd-tmpfiles-setup-dev + exeinto /etc/cron.daily + doexe "${FILESDIR}"/systemd-tmpfiles-clean + insinto /usr/share/zsh/site-functions + doins shell-completion/zsh/_systemd-tmpfiles + insinto /usr/lib/tmpfiles.d + doins tmpfiles.d/{tmp,x11}.conf + doins "${FILESDIR}"/legacy.conf + fi + if use udev; then + doheader src/libudev/libudev.h + + insinto /etc/udev + doins src/udev/udev.conf + keepdir /etc/udev/{hwdb.d,rules.d} + + insinto "${rootprefix}"/lib/systemd/network + doins network/99-default.link + + # Remove to avoid conflict with elogind + # https://bugs.gentoo.org/856433 + rm rules.d/70-power-switch.rules || die + insinto "${rootprefix}"/lib/udev/rules.d + doins rules.d/*.rules + doins "${FILESDIR}"/40-gentoo.rules + + insinto "${rootprefix}"/lib/udev/hwdb.d + doins hwdb.d/*.hwdb + + dobashcomp shell-completion/bash/udevadm + + insinto /usr/share/zsh/site-functions + doins shell-completion/zsh/_udevadm + fi + + use ukify && python_fix_shebang "${ED}" + use boot && secureboot_auto_sign +} + +add_service() { + local initd=$1 + local runlevel=$2 + + ebegin "Adding '${initd}' service to the '${runlevel}' runlevel" + mkdir -p "${EROOT}/etc/runlevels/${runlevel}" && + ln -snf "${EPREFIX}/etc/init.d/${initd}" "${EROOT}/etc/runlevels/${runlevel}/${initd}" + eend $? +} + +pkg_postinst() { + if [[ -z ${REPLACING_VERSIONS} ]]; then + add_service systemd-tmpfiles-setup-dev sysinit + add_service systemd-tmpfiles-setup boot + fi + if use udev; then + ebegin "Updating hwdb" + systemd-hwdb --root="${ROOT}" update + eend $? + udev_reload + fi +} diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest index 17c437ae0983..d749f170bf1b 100644 --- a/sys-apps/systemd/Manifest +++ b/sys-apps/systemd/Manifest @@ -1,3 +1,4 @@ +AUX 254-PrivateDevices-userdbd.patch 9905 BLAKE2B ecc0cac69ddb680f57b537ac239c2b561b41635e1a6208dd72b7ae85b437f8ddfc0a026fe3530df7777b6c35f2e79edf73ab26e8ea590dd15865836e55eff3c0 SHA512 ce2b9e10854d87a6f179ed9b3ef85b5caf7b51ecd65584d70a90a3151b113158fd5565dbf9806e177f801a555161bf783e77230f9c6c67904484d04de3aac497 AUX 255-analyze-regression.patch 5012 BLAKE2B d879d01584501351cc865d0e593b78e176173686e2421c96a614453e92eca5199e2608cab9bff7c3fa635cb86fffbaf1e68099060a733940de916b237f485d43 SHA512 02de204c7f1d589b194bf75698cc0f3c473b155f1fb2a351d4ab335f589869c4b0cae2812c753ebec0463d1d6e714e927224bb56f271aba959ed28c2c09a678e AUX gentoo-generator-path-r2.patch 994 BLAKE2B 2bfb42623221291030fa9f7310e9bf747351a26f6ffd842628298787b74d4ec562bacaa9fc5365f7e854f695dab5f74bc06883fefc1f210dce4fd415926817ac SHA512 98054222ea232e120625573b6a532c312eccc02fe657152610b7d056b964bb2165fffae9d17fd986cf547af885d44c26b117fe68df5b24e2607d37f3729d0ada AUX gentoo-journald-audit-r1.patch 1941 BLAKE2B 93f1a0ba8dd575359e5ab4bd04f99ed3172dbe1ba14d8cade6fc08b0158e66847900d8531898ee9ec3855ac3857cf07a3e10804a3cb67719f0e9378437eba836 SHA512 affbe58aa65ebca7c1c6d790f9f68ffc44bda70a08165f5298ee4a84ab1c16cf534950ac50ffdb61b647e5eb068f51c333a76e39d8336e21e5d1b0199192139c @@ -16,7 +17,9 @@ DIST systemd-stable-254.4.tar.gz 14332995 BLAKE2B 2b51ea867e142beeaf332cead5e2da DIST systemd-stable-254.5.tar.gz 14334696 BLAKE2B 2f63d79ae93add69ac0b56dda9f67019340f84692de4da200557b9f5f1f16bebbad42a9a7e2d6ef7420aa37746d2ede0481fd8e39f03a31576c7e4e48e259ce3 SHA512 cac713670216add9e5473e2c86f04da441015e7cc0ac1500b9e1489a435f9b80c4c6ee24e9b22e4c4213a495bc1a0a908925df2045e344a2170d5aea6aafa16c DIST systemd-stable-254.6.tar.gz 14400611 BLAKE2B 5b23131b8aaabcd386ceb9cfb4ba8e7e1c92c454dbcc2dd907fb459f3022cd324cef86d531fe296ad56349602e487544d60900f71e189aadac6ec0a361a382e3 SHA512 3ebb8c2b931d13cf6efa59842d6d7fb84410fee02f5161061900321497d33750e0b88e2366a4234ba1ab0b89b797da0b1f8b577e0924e560cd9914fde83a1e45 DIST systemd-stable-254.7.tar.gz 14411955 BLAKE2B 1213237a001fb0aef8912637f31d7d77888bc2505e1e8d8d295642a547bdebbc3a786eed095694e6a6fe2665d6e8e45e98cd883186eedeb1b4fd73daf2520dcf SHA512 2e859813f1f52fa693631ce43466875ac2ac42e09872011ee52fe4e44727663c3de9f128a47776899423188c1e99ce73a69059426a9356c930e275037d001685 +DIST systemd-stable-254.8.tar.gz 14418468 BLAKE2B e5a151ece86e57c7224fc95bda1b4ede1277fce4a2ba28d3605ab0431a2aafe1088f90c49a20e3b53a5b56aeef7c0f1f5da0601db740150f5efdf6eae7bbde80 SHA512 a3f35d9fcafcccd8d9c33ab1047241f226146017be95562a67c7dcc9eeb4b77bded92ad80e92f4767f2bf2009df0172a621d4c54a805e07ed5a5ed03940ec28e DIST systemd-stable-255.1.tar.gz 14863856 BLAKE2B 3cf30872cf68117fea970ee2af2dad5e017bec351c866b7b22c9e2f8501c6e526421288feee7fbcf4994bba24beb4b2d98e858ac5b014dd832f9833767e28efe SHA512 ec1506b8e36c943920d8a5a8f6bbedd687d6a8cbc5cd28510485aaa65b96ad1bb58e77cf138818c95d31ea748bb65c56b95efd781d18c8936e910e222e9fdedb +DIST systemd-stable-255.2.tar.gz 14864388 BLAKE2B 101da82a5d63eaa48c2dc4bad5ab713b4e8b544134de8216f315a97736eb699eaf756aef2d9a4e2126f0d248b3a7e28bc986ccc2154d5d110db733d114072eec SHA512 0a9a43adc6d23f52349d298cdff3f3ae6accd7e43a33253608f7a9d241699c7cba3c9f6a0fa6da3ae3cba0e246e272076bfa2cdf5bade7bc019406f407be0bb9 EBUILD systemd-253.11.ebuild 14661 BLAKE2B 4d08e0b78f8748ae78b9eaded181c740bc5c5f78f83fe7dc61cc9738658bedd6811e0d214c32e719e96898ad70008d15e527e12b7df17b122f3d9ce45505e94a SHA512 1d5ee451cf3a0494399c2f30c9cf5e93be11bcfce4c5a834521b4a2de1da7c80ba60b1195d142fb92ffbaf1a69e524849c15bb729ba2dbcab9f2956c08a559de EBUILD systemd-253.12.ebuild 14669 BLAKE2B 106db6ca3073de27cd0f7c72b30397da77cbd98dfe1d1357f67d39f61e722c47d7fd5b3b7378e329883e9894cfe90159f3db50400ca5d791b438907b00b797b3 SHA512 56e632a1f7d396607df97f3bfbde8e85ed4534b69b341e196356adf26f932f54db0bde0365ea5e4ef8c84e36662b61b7465ba4b3336c0eebbaa3932554c13eaa EBUILD systemd-253.13.ebuild 14669 BLAKE2B 106db6ca3073de27cd0f7c72b30397da77cbd98dfe1d1357f67d39f61e722c47d7fd5b3b7378e329883e9894cfe90159f3db50400ca5d791b438907b00b797b3 SHA512 56e632a1f7d396607df97f3bfbde8e85ed4534b69b341e196356adf26f932f54db0bde0365ea5e4ef8c84e36662b61b7465ba4b3336c0eebbaa3932554c13eaa @@ -27,8 +30,10 @@ EBUILD systemd-254.4.ebuild 14824 BLAKE2B 30302795c1190012a9ea1540fc4f6b04d35d27 EBUILD systemd-254.5-r1.ebuild 14962 BLAKE2B fe76fdf8c0bbd48a3c1f16e52680783cc19823d2979f45bd466882631c041b3d722156d264b3ff6e7b06cff6f605abc7762bc33cf3af23fb5016fd318cf2fa4c SHA512 86f770447a401de29dfc517dd1e958145396141c63f0b01485f7175b0bd5ab2ffb00f71c327e746891503526b284243c39bd5adb2053f87163bed79bb1f1509e EBUILD systemd-254.6.ebuild 14969 BLAKE2B c520398d1ca9398cc5021b6abfb43521d588e0777ae711239e6a0ccaedcbf2f5ac4565a40f94ca06a6c951e9a95505c627def769c8f336f245b78fa9ce29e0be SHA512 0795cea8e391d38e6fd1df8a814d9b6922e90e59ec646b9f5764e7e09cd221fffa4e377ec3cf182231a87ac2835b4b6c2cae607acc5870964a37055d84455966 EBUILD systemd-254.7.ebuild 14969 BLAKE2B c520398d1ca9398cc5021b6abfb43521d588e0777ae711239e6a0ccaedcbf2f5ac4565a40f94ca06a6c951e9a95505c627def769c8f336f245b78fa9ce29e0be SHA512 0795cea8e391d38e6fd1df8a814d9b6922e90e59ec646b9f5764e7e09cd221fffa4e377ec3cf182231a87ac2835b4b6c2cae607acc5870964a37055d84455966 +EBUILD systemd-254.8.ebuild 15018 BLAKE2B 8c0d4e72872ab6c29d51a4d054982de58bd4c9a41d46ad87d52216bed2331cc65794094ac197ed5082d2502bfb9c6028eb2b9ec839397b9e1a7604dc036c111b SHA512 2c13f22ef4ba43442eee337dc6950b2a85155cd173aecf0926bade149f69caace592f8970475b964a437aa7cee9cec354a2d595435f8310c99361abacd7bf39a EBUILD systemd-255-r1.ebuild 14356 BLAKE2B d2566ccd21c5653059249061afd547211161647218d631ffb236fa468be157ed7cb81ccc56b56e9eea0a081d8d938ce571961bf2bb5cda65006a5d2cbf07f13d SHA512 3af30336d2713e898b9b4e1d49106ef89137b1d69d5e69c0a6d28190bc983816f916e884b7718e6dd90f7e19bb188f22ea35ee70dee69febf1d24f251b1292a0 EBUILD systemd-255.1.ebuild 14311 BLAKE2B 280ce9381288dc3b33bf8fa0200d3b3feba964f096aa3e63020c45ac2c8506e90b6175d81b048b56ac079237f4cea7605d4b3f1817adedcab007358b4a91dfce SHA512 abd92e6eac79e96f8ddeafec61a8cf4c9c9a3def31db1e5234d19c5b9c5ea19d41d1ec3e366584637a3790befa917b75230051cceb3302c7359a8fca607c79f6 +EBUILD systemd-255.2.ebuild 14311 BLAKE2B 280ce9381288dc3b33bf8fa0200d3b3feba964f096aa3e63020c45ac2c8506e90b6175d81b048b56ac079237f4cea7605d4b3f1817adedcab007358b4a91dfce SHA512 abd92e6eac79e96f8ddeafec61a8cf4c9c9a3def31db1e5234d19c5b9c5ea19d41d1ec3e366584637a3790befa917b75230051cceb3302c7359a8fca607c79f6 EBUILD systemd-255.ebuild 14311 BLAKE2B 280ce9381288dc3b33bf8fa0200d3b3feba964f096aa3e63020c45ac2c8506e90b6175d81b048b56ac079237f4cea7605d4b3f1817adedcab007358b4a91dfce SHA512 abd92e6eac79e96f8ddeafec61a8cf4c9c9a3def31db1e5234d19c5b9c5ea19d41d1ec3e366584637a3790befa917b75230051cceb3302c7359a8fca607c79f6 EBUILD systemd-9999.ebuild 14311 BLAKE2B 280ce9381288dc3b33bf8fa0200d3b3feba964f096aa3e63020c45ac2c8506e90b6175d81b048b56ac079237f4cea7605d4b3f1817adedcab007358b4a91dfce SHA512 abd92e6eac79e96f8ddeafec61a8cf4c9c9a3def31db1e5234d19c5b9c5ea19d41d1ec3e366584637a3790befa917b75230051cceb3302c7359a8fca607c79f6 MISC metadata.xml 2720 BLAKE2B 44456625ba29d7e5929d9f778bf5559a52a480eb10630b870029280532ea8ee204572161d55337d1b4dcfd7c4e20636f7f84a55326612b469b010a344eca0f14 SHA512 748db9ab9d477583377c55fad5ad5417f94b598f3c1479aac3735465a85a1004c9395d929450b3078f9d08f76963a4d5583333da0e81e2f8dbd8d5cb74882275 diff --git a/sys-apps/systemd/files/254-PrivateDevices-userdbd.patch b/sys-apps/systemd/files/254-PrivateDevices-userdbd.patch new file mode 100644 index 000000000000..115c831c275a --- /dev/null +++ b/sys-apps/systemd/files/254-PrivateDevices-userdbd.patch @@ -0,0 +1,242 @@ +https://bugs.gentoo.org/920331 +https://github.com/systemd/systemd/issues/30535 + +From 4a9e03aa6bb2cbd23dac00f2b2a7642cc79eaade Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Wed, 27 Sep 2023 11:55:59 +0200 +Subject: [PATCH 1/2] core: Make private /dev read-only after populating it + +--- + src/core/namespace.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/core/namespace.c b/src/core/namespace.c +index e2304f5d066da..d1153f7690140 100644 +--- a/src/core/namespace.c ++++ b/src/core/namespace.c +@@ -995,6 +995,11 @@ static int mount_private_dev(MountEntry *m) { + if (r < 0) + log_debug_errno(r, "Failed to set up basic device tree at '%s', ignoring: %m", temporary_mount); + ++ /* Make the bind mount read-only. */ ++ r = mount_nofollow_verbose(LOG_DEBUG, NULL, dev, NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL); ++ if (r < 0) ++ return r; ++ + /* Create the /dev directory if missing. It is more likely to be missing when the service is started + * with RootDirectory. This is consistent with mount units creating the mount points when missing. */ + (void) mkdir_p_label(mount_entry_path(m), 0755); + +From cd7f3702eb47c82a50bf74c2b7c15c2e4e1f5c79 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Wed, 27 Sep 2023 10:52:50 +0200 +Subject: [PATCH 2/2] core: Use a subdirectory of /run/ for PrivateDevices= + +When we're starting early boot services such as systemd-userdbd.service, +/tmp might not yet be mounted, so let's use a directory in /run instead +which is guaranteed to be available. +--- + src/core/execute.c | 1 + + src/core/namespace.c | 61 +++++++++++++++++++++++++++++---------- + src/core/namespace.h | 2 ++ + src/test/test-namespace.c | 1 + + src/test/test-ns.c | 1 + + 5 files changed, 50 insertions(+), 16 deletions(-) + +diff --git a/src/core/execute.c b/src/core/execute.c +index a52df64d01081..89c3868d55f6c 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -3307,6 +3307,7 @@ static int apply_mount_namespace( + extension_dir, + root_dir || root_image ? params->notify_socket : NULL, + host_os_release_stage, ++ params->runtime_scope, + error_path); + + /* If we couldn't set up the namespace this is probably due to a missing capability. setup_namespace() reports +diff --git a/src/core/namespace.c b/src/core/namespace.c +index d1153f7690140..a0471ac8884bf 100644 +--- a/src/core/namespace.c ++++ b/src/core/namespace.c +@@ -909,7 +909,19 @@ static int clone_device_node( + return 0; + } + +-static int mount_private_dev(MountEntry *m) { ++static char *settle_runtime_dir(RuntimeScope scope) { ++ char *runtime_dir; ++ ++ if (scope != RUNTIME_SCOPE_USER) ++ return strdup("/run/"); ++ ++ if (asprintf(&runtime_dir, "/run/user/" UID_FMT, geteuid()) < 0) ++ return NULL; ++ ++ return runtime_dir; ++} ++ ++static int mount_private_dev(MountEntry *m, RuntimeScope scope) { + static const char devnodes[] = + "/dev/null\0" + "/dev/zero\0" +@@ -918,13 +930,21 @@ static int mount_private_dev(MountEntry *m) { + "/dev/urandom\0" + "/dev/tty\0"; + +- char temporary_mount[] = "/tmp/namespace-dev-XXXXXX"; ++ _cleanup_free_ char *runtime_dir = NULL, *temporary_mount = NULL; + const char *dev = NULL, *devpts = NULL, *devshm = NULL, *devhugepages = NULL, *devmqueue = NULL, *devlog = NULL, *devptmx = NULL; + bool can_mknod = true; + int r; + + assert(m); + ++ runtime_dir = settle_runtime_dir(scope); ++ if (!runtime_dir) ++ return log_oom_debug(); ++ ++ temporary_mount = path_join(runtime_dir, "systemd/namespace-dev-XXXXXX"); ++ if (!temporary_mount) ++ return log_oom_debug(); ++ + if (!mkdtemp(temporary_mount)) + return log_debug_errno(errno, "Failed to create temporary directory '%s': %m", temporary_mount); + +@@ -1364,7 +1384,8 @@ static int apply_one_mount( + MountEntry *m, + const ImagePolicy *mount_image_policy, + const ImagePolicy *extension_image_policy, +- const NamespaceInfo *ns_info) { ++ const NamespaceInfo *ns_info, ++ RuntimeScope scope) { + + _cleanup_free_ char *inaccessible = NULL; + bool rbind = true, make = false; +@@ -1379,8 +1400,7 @@ static int apply_one_mount( + switch (m->mode) { + + case INACCESSIBLE: { +- _cleanup_free_ char *tmp = NULL; +- const char *runtime_dir; ++ _cleanup_free_ char *runtime_dir = NULL; + struct stat target; + + /* First, get rid of everything that is below if there +@@ -1396,14 +1416,14 @@ static int apply_one_mount( + mount_entry_path(m)); + } + +- if (geteuid() == 0) +- runtime_dir = "/run"; +- else { +- if (asprintf(&tmp, "/run/user/" UID_FMT, geteuid()) < 0) +- return -ENOMEM; +- +- runtime_dir = tmp; +- } ++ /* We don't pass the literal runtime scope through here but one based purely on our UID. This ++ * means that the root user's --user services will use the host's inaccessible inodes rather ++ * then root's private ones. This is preferable since it means device nodes that are ++ * overmounted to make them inaccessible will be overmounted with a device node, rather than ++ * an AF_UNIX socket inode. */ ++ runtime_dir = settle_runtime_dir(geteuid() == 0 ? RUNTIME_SCOPE_SYSTEM : RUNTIME_SCOPE_USER); ++ if (!runtime_dir) ++ return log_oom_debug(); + + r = mode_to_inaccessible_node(runtime_dir, target.st_mode, &inaccessible); + if (r < 0) +@@ -1523,7 +1543,7 @@ static int apply_one_mount( + break; + + case PRIVATE_DEV: +- return mount_private_dev(m); ++ return mount_private_dev(m, scope); + + case BIND_DEV: + return mount_bind_dev(m); +@@ -1824,6 +1844,7 @@ static int apply_mounts( + const NamespaceInfo *ns_info, + MountEntry *mounts, + size_t *n_mounts, ++ RuntimeScope scope, + char **symlinks, + char **error_path) { + +@@ -1875,7 +1896,7 @@ static int apply_mounts( + break; + } + +- r = apply_one_mount(root, m, mount_image_policy, extension_image_policy, ns_info); ++ r = apply_one_mount(root, m, mount_image_policy, extension_image_policy, ns_info, scope); + if (r < 0) { + if (error_path && mount_entry_path(m)) + *error_path = strdup(mount_entry_path(m)); +@@ -2030,6 +2051,7 @@ int setup_namespace( + const char *extension_dir, + const char *notify_socket, + const char *host_os_release_stage, ++ RuntimeScope scope, + char **error_path) { + + _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL; +@@ -2490,7 +2512,14 @@ int setup_namespace( + (void) base_filesystem_create(root, UID_INVALID, GID_INVALID); + + /* Now make the magic happen */ +- r = apply_mounts(root, mount_image_policy, extension_image_policy, ns_info, mounts, &n_mounts, symlinks, error_path); ++ r = apply_mounts(root, ++ mount_image_policy, ++ extension_image_policy, ++ ns_info, ++ mounts, &n_mounts, ++ scope, ++ symlinks, ++ error_path); + if (r < 0) + goto finish; + +diff --git a/src/core/namespace.h b/src/core/namespace.h +index b6132154c5132..581403d89826d 100644 +--- a/src/core/namespace.h ++++ b/src/core/namespace.h +@@ -16,6 +16,7 @@ typedef struct MountImage MountImage; + #include "fs-util.h" + #include "macro.h" + #include "namespace-util.h" ++#include "runtime-scope.h" + #include "string-util.h" + + typedef enum ProtectHome { +@@ -134,6 +135,7 @@ int setup_namespace( + const char *extension_dir, + const char *notify_socket, + const char *host_os_release_stage, ++ RuntimeScope scope, + char **error_path); + + #define RUN_SYSTEMD_EMPTY "/run/systemd/empty" +diff --git a/src/test/test-namespace.c b/src/test/test-namespace.c +index 25aafc35ca837..42ac65d08c87a 100644 +--- a/src/test/test-namespace.c ++++ b/src/test/test-namespace.c +@@ -206,6 +206,7 @@ TEST(protect_kernel_logs) { + NULL, + NULL, + NULL, ++ RUNTIME_SCOPE_SYSTEM, + NULL); + assert_se(r == 0); + +diff --git a/src/test/test-ns.c b/src/test/test-ns.c +index 77afd2f6b9eb8..eb3afed9e1c66 100644 +--- a/src/test/test-ns.c ++++ b/src/test/test-ns.c +@@ -108,6 +108,7 @@ int main(int argc, char *argv[]) { + NULL, + NULL, + NULL, ++ RUNTIME_SCOPE_SYSTEM, + NULL); + if (r < 0) { + log_error_errno(r, "Failed to set up namespace: %m"); diff --git a/sys-apps/systemd/systemd-254.8.ebuild b/sys-apps/systemd/systemd-254.8.ebuild new file mode 100644 index 000000000000..0ad5f8893f48 --- /dev/null +++ b/sys-apps/systemd/systemd-254.8.ebuild @@ -0,0 +1,526 @@ +# Copyright 2011-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +PYTHON_COMPAT=( python3_{10..12} ) + +# Avoid QA warnings +TMPFILES_OPTIONAL=1 +UDEV_OPTIONAL=1 + +QA_PKGCONFIG_VERSION=$(ver_cut 1) + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="https://github.com/systemd/systemd.git" + inherit git-r3 +else + if [[ ${PV} == *.* ]]; then + MY_PN=systemd-stable + else + MY_PN=systemd + fi + MY_PV=${PV/_/-} + MY_P=${MY_PN}-${MY_PV} + S=${WORKDIR}/${MY_P} + SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi + +inherit bash-completion-r1 linux-info meson-multilib pam python-single-r1 +inherit secureboot systemd toolchain-funcs udev usr-ldscript + +DESCRIPTION="System and service manager for Linux" +HOMEPAGE="http://systemd.io/" + +LICENSE="GPL-2 LGPL-2.1 MIT public-domain" +SLOT="0/2" +IUSE=" + acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils + fido2 +gcrypt gnutls homed http idn importd iptables kernel-install +kmod + +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode + +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd +" +REQUIRED_USE=" + ${PYTHON_REQUIRED_USE} + dns-over-tls? ( || ( gnutls openssl ) ) + fido2? ( cryptsetup openssl ) + homed? ( cryptsetup pam openssl ) + importd? ( curl lzma || ( gcrypt openssl ) ) + pwquality? ( homed ) + boot? ( kernel-install ) + ukify? ( boot ) +" +RESTRICT="!test? ( test )" + +MINKV="4.15" + +COMMON_DEPEND=" + >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] + sys-libs/libcap:0=[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + acl? ( sys-apps/acl:0= ) + apparmor? ( sys-libs/libapparmor:0= ) + audit? ( >=sys-process/audit-2:0= ) + cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) + curl? ( net-misc/curl:0= ) + elfutils? ( >=dev-libs/elfutils-0.158:0= ) + fido2? ( dev-libs/libfido2:0= ) + gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) + gnutls? ( >=net-libs/gnutls-3.6.0:0= ) + http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) + idn? ( net-dns/libidn2:= ) + importd? ( + app-arch/bzip2:0= + sys-libs/zlib:0= + ) + kmod? ( >=sys-apps/kmod-15:0= ) + lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) + iptables? ( net-firewall/iptables:0= ) + openssl? ( >=dev-libs/openssl-1.1.0:0= ) + pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) + pkcs11? ( app-crypt/p11-kit:0= ) + pcre? ( dev-libs/libpcre2 ) + pwquality? ( dev-libs/libpwquality:0= ) + qrcode? ( media-gfx/qrencode:0= ) + seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) + selinux? ( sys-libs/libselinux:0= ) + tpm? ( app-crypt/tpm2-tss:0= ) + xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) + zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) +" + +# Newer linux-headers needed by ia64, bug #480218 +DEPEND="${COMMON_DEPEND} + >=sys-kernel/linux-headers-${MINKV} +" + +PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' + +# baselayout-2.2 has /run +RDEPEND="${COMMON_DEPEND} + >=acct-group/adm-0-r1 + >=acct-group/wheel-0-r1 + >=acct-group/kmem-0-r1 + >=acct-group/tty-0-r1 + >=acct-group/utmp-0-r1 + >=acct-group/audio-0-r1 + >=acct-group/cdrom-0-r1 + >=acct-group/dialout-0-r1 + >=acct-group/disk-0-r1 + >=acct-group/input-0-r1 + >=acct-group/kvm-0-r1 + >=acct-group/lp-0-r1 + >=acct-group/render-0-r1 + acct-group/sgx + >=acct-group/tape-0-r1 + acct-group/users + >=acct-group/video-0-r1 + >=acct-group/systemd-journal-0-r1 + >=acct-user/root-0-r1 + acct-user/nobody + >=acct-user/systemd-journal-remote-0-r1 + >=acct-user/systemd-coredump-0-r1 + >=acct-user/systemd-network-0-r1 + acct-user/systemd-oom + >=acct-user/systemd-resolve-0-r1 + >=acct-user/systemd-timesync-0-r1 + >=sys-apps/baselayout-2.2 + ukify? ( + ${PYTHON_DEPS} + $(python_gen_cond_dep "${PEFILE_DEPEND}") + ) + selinux? ( + sec-policy/selinux-base-policy[systemd] + sec-policy/selinux-ntp + ) + sysv-utils? ( + !sys-apps/openrc[sysv-utils(-)] + !sys-apps/sysvinit + ) + !sysv-utils? ( sys-apps/sysvinit ) + resolvconf? ( !net-dns/openresolv ) + !sys-apps/hwids[udev] + !sys-auth/nss-myhostname + !sys-fs/eudev + !sys-fs/udev +" + +# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) +PDEPEND=">=sys-apps/dbus-1.9.8[systemd] + >=sys-fs/udev-init-scripts-34 + policykit? ( sys-auth/polkit ) + !vanilla? ( sys-apps/gentoo-systemd-integration )" + +BDEPEND=" + app-arch/xz-utils:0 + dev-util/gperf + >=dev-util/meson-0.46 + >=sys-apps/coreutils-8.16 + sys-devel/gettext + virtual/pkgconfig + test? ( + app-text/tree + dev-lang/perl + sys-apps/dbus + ) + app-text/docbook-xml-dtd:4.2 + app-text/docbook-xml-dtd:4.5 + app-text/docbook-xsl-stylesheets + dev-libs/libxslt:0 + ${PYTHON_DEPS} + $(python_gen_cond_dep " + dev-python/jinja[\${PYTHON_USEDEP}] + dev-python/lxml[\${PYTHON_USEDEP}] + boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] ) + ukify? ( test? ( ${PEFILE_DEPEND} ) ) + ") +" + +QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" +QA_EXECSTACK="usr/lib/systemd/boot/efi/*" + +pkg_pretend() { + if [[ ${MERGE_TYPE} != buildonly ]]; then + if use test && has pid-sandbox ${FEATURES}; then + ewarn "Tests are known to fail with PID sandboxing enabled." + ewarn "See https://bugs.gentoo.org/674458." + fi + + local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS + ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE + ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS + ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS + ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH + ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED + ~!SYSFS_DEPRECATED_V2" + + use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" + use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" + + if kernel_is -ge 5 10 20; then + CONFIG_CHECK+=" ~KCMP" + else + CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" + fi + + if kernel_is -ge 4 18; then + CONFIG_CHECK+=" ~AUTOFS_FS" + else + CONFIG_CHECK+=" ~AUTOFS4_FS" + fi + + if linux_config_exists; then + local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) + if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then + ewarn "It's recommended to set an empty value to the following kernel config option:" + ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" + fi + if linux_chkconfig_present X86; then + CONFIG_CHECK+=" ~DMIID" + fi + fi + + if kernel_is -lt ${MINKV//./ }; then + ewarn "Kernel version at least ${MINKV} required" + fi + + check_extra_config + fi +} + +pkg_setup() { + use boot && secureboot_pkg_setup +} + +src_unpack() { + default + [[ ${PV} != 9999 ]] || git-r3_src_unpack +} + +src_prepare() { + local PATCHES=( + "${FILESDIR}/systemd-253-initrd-generators.patch" + "${FILESDIR}/254-PrivateDevices-userdbd.patch" + ) + + if ! use vanilla; then + PATCHES+=( + "${FILESDIR}/gentoo-generator-path-r2.patch" + "${FILESDIR}/gentoo-journald-audit-r1.patch" + ) + fi + + # Fails with split-usr. + sed -i -e '2i exit 77' test/test-rpm-macros.sh || die + + default +} + +src_configure() { + # Prevent conflicts with i686 cross toolchain, bug 559726 + tc-export AR CC NM OBJCOPY RANLIB + + python_setup + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myconf=( + --localstatedir="${EPREFIX}/var" + -Dsupport-url="https://gentoo.org/support/" + -Dpamlibdir="$(getpam_mod_dir)" + # avoid bash-completion dep + -Dbashcompletiondir="$(get_bashcompdir)" + $(meson_use split-usr) + $(meson_use split-usr split-bin) + -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" + -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" + # Disable compatibility with sysvinit + -Dsysvinit-path= + -Dsysvrcnd-path= + # Avoid infinite exec recursion, bug 642724 + -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" + # no deps + -Dima=true + -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) + # Optional components/dependencies + $(meson_native_use_bool acl) + $(meson_native_use_bool apparmor) + $(meson_native_use_bool audit) + $(meson_native_use_bool boot bootloader) + $(meson_native_use_bool cryptsetup libcryptsetup) + $(meson_native_use_bool curl libcurl) + $(meson_native_use_bool dns-over-tls dns-over-tls) + $(meson_native_use_bool elfutils) + $(meson_native_use_bool fido2 libfido2) + $(meson_use gcrypt) + $(meson_native_use_bool gnutls) + $(meson_native_use_bool homed) + $(meson_native_use_bool http microhttpd) + $(meson_native_use_bool idn) + $(meson_native_use_bool importd) + $(meson_native_use_bool importd bzip2) + $(meson_native_use_bool importd zlib) + $(meson_native_use_bool kernel-install) + $(meson_native_use_bool kmod) + $(meson_use lz4) + $(meson_use lzma xz) + $(meson_use test tests) + $(meson_use zstd) + $(meson_native_use_bool iptables libiptc) + $(meson_native_use_bool openssl) + $(meson_use pam) + $(meson_native_use_bool pkcs11 p11kit) + $(meson_native_use_bool pcre pcre2) + $(meson_native_use_bool policykit polkit) + $(meson_native_use_bool pwquality) + $(meson_native_use_bool qrcode qrencode) + $(meson_native_use_bool seccomp) + $(meson_native_use_bool selinux) + $(meson_native_use_bool tpm tpm2) + $(meson_native_use_bool test dbus) + $(meson_native_use_bool ukify) + $(meson_native_use_bool xkb xkbcommon) + -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" + # Breaks screen, tmux, etc. + -Ddefault-kill-user-processes=false + -Dcreate-log-dirs=false + + # multilib options + $(meson_native_true backlight) + $(meson_native_true binfmt) + $(meson_native_true coredump) + $(meson_native_true environment-d) + $(meson_native_true firstboot) + $(meson_native_true hibernate) + $(meson_native_true hostnamed) + $(meson_native_true ldconfig) + $(meson_native_true localed) + $(meson_native_true man) + $(meson_native_true networkd) + $(meson_native_true quotacheck) + $(meson_native_true randomseed) + $(meson_native_true rfkill) + $(meson_native_true sysusers) + $(meson_native_true timedated) + $(meson_native_true timesyncd) + $(meson_native_true tmpfiles) + $(meson_native_true vconsole) + ) + + meson_src_configure "${myconf[@]}" +} + +multilib_src_test() { + unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR + local -x COLUMNS=80 + meson_src_test +} + +multilib_src_install_all() { + local rootprefix=$(usex split-usr '' /usr) + local sbin=$(usex split-usr sbin bin) + + # meson doesn't know about docdir + mv "${ED}"/usr/share/doc/{systemd,${PF}} || die + + einstalldocs + dodoc "${FILESDIR}"/nsswitch.conf + + insinto /usr/lib/tmpfiles.d + doins "${FILESDIR}"/legacy.conf + + if ! use resolvconf; then + rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die + fi + + if ! use sysv-utils; then + rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die + rm "${ED}"/usr/share/man/man1/init.1 || die + rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die + fi + + # https://bugs.gentoo.org/761763 + rm -r "${ED}"/usr/lib/sysusers.d || die + + # Preserve empty dirs in /etc & /var, bug #437008 + keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} + keepdir /etc/kernel/install.d + keepdir /etc/systemd/{network,system,user} + keepdir /etc/udev/rules.d + + keepdir /etc/udev/hwdb.d + + keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} + keepdir /usr/lib/{binfmt.d,modules-load.d} + keepdir /usr/lib/systemd/user-generators + keepdir /var/lib/systemd + keepdir /var/log/journal + + if use pam; then + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi + + if use split-usr; then + # Avoid breaking boot/reboot + dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd + dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown + fi + + gen_usr_ldscript -a systemd udev + + use ukify && python_fix_shebang "${ED}" + use boot && secureboot_auto_sign +} + +migrate_locale() { + local envd_locale_def="${EROOT}/etc/env.d/02locale" + local envd_locale=( "${EROOT}"/etc/env.d/??locale ) + local locale_conf="${EROOT}/etc/locale.conf" + + if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then + # If locale.conf does not exist... + if [[ -e ${envd_locale} ]]; then + # ...either copy env.d/??locale if there's one + ebegin "Moving ${envd_locale} to ${locale_conf}" + mv "${envd_locale}" "${locale_conf}" + eend ${?} || FAIL=1 + else + # ...or create a dummy default + ebegin "Creating ${locale_conf}" + cat > "${locale_conf}" <<-EOF + # This file has been created by the sys-apps/systemd ebuild. + # See locale.conf(5) and localectl(1). + + # LANG=${LANG} + EOF + eend ${?} || FAIL=1 + fi + fi + + if [[ ! -L ${envd_locale} ]]; then + # now, if env.d/??locale is not a symlink (to locale.conf)... + if [[ -e ${envd_locale} ]]; then + # ...warn the user that he has duplicate locale settings + ewarn + ewarn "To ensure consistent behavior, you should replace ${envd_locale}" + ewarn "with a symlink to ${locale_conf}. Please migrate your settings" + ewarn "and create the symlink with the following command:" + ewarn "ln -s -n -f ../locale.conf ${envd_locale}" + ewarn + else + # ...or just create the symlink if there's nothing here + ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" + ln -n -s ../locale.conf "${envd_locale_def}" + eend ${?} || FAIL=1 + fi + fi +} + +pkg_preinst() { + if [[ -e ${EROOT}/etc/sysctl.conf ]]; then + # Symlink /etc/sysctl.conf for easy migration. + dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf + fi + + if ! use split-usr; then + local dir + for dir in bin sbin lib usr/sbin; do + if [[ ! -L ${EROOT}/${dir} ]]; then + eerror "'${EROOT}/${dir}' is not a symbolic link." + FAIL=1 + fi + done + if [[ ${FAIL} ]]; then + eerror "Migration to system layout with merged directories must be performed before" + eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage." + die "System layout with split directories still used" + fi + fi + if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then + ewarn "The 'gnuefi' USE flag has been renamed to 'boot'." + ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot." + fi +} + +pkg_postinst() { + systemd_update_catalog + + # Keep this here in case the database format changes so it gets updated + # when required. + systemd-hwdb --root="${ROOT}" update + + udev_reload || FAIL=1 + + # Bug 465468, make sure locales are respected, and ensure consistency + # between OpenRC & systemd + migrate_locale + + if [[ -z ${REPLACING_VERSIONS} ]]; then + if type systemctl &>/dev/null; then + systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 + fi + elog "To enable a useful set of services, run the following:" + elog " systemctl preset-all --preset-mode=enable-only" + fi + + if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then + rm "${EROOT}/var/lib/systemd/timesync" + fi + + if [[ ${FAIL} ]]; then + eerror "One of the postinst commands failed. Please check the postinst output" + eerror "for errors. You may need to clean up your system and/or try installing" + eerror "systemd again." + eerror + fi +} + +pkg_prerm() { + # If removing systemd completely, remove the catalog database. + if [[ ! ${REPLACED_BY_VERSION} ]]; then + rm -f -v "${EROOT}"/var/lib/systemd/catalog/database + fi +} diff --git a/sys-apps/systemd/systemd-255.2.ebuild b/sys-apps/systemd/systemd-255.2.ebuild new file mode 100644 index 000000000000..a5c20a8b0bde --- /dev/null +++ b/sys-apps/systemd/systemd-255.2.ebuild @@ -0,0 +1,509 @@ +# Copyright 2011-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +PYTHON_COMPAT=( python3_{10..12} ) + +# Avoid QA warnings +TMPFILES_OPTIONAL=1 +UDEV_OPTIONAL=1 + +QA_PKGCONFIG_VERSION=$(ver_cut 1) + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="https://github.com/systemd/systemd.git" + inherit git-r3 +else + if [[ ${PV} == *.* ]]; then + MY_PN=systemd-stable + else + MY_PN=systemd + fi + MY_PV=${PV/_/-} + MY_P=${MY_PN}-${MY_PV} + S=${WORKDIR}/${MY_P} + SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" + + if [[ ${PV} != *rc* ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" + fi +fi + +inherit bash-completion-r1 linux-info meson-multilib pam python-single-r1 +inherit secureboot systemd toolchain-funcs udev + +DESCRIPTION="System and service manager for Linux" +HOMEPAGE="http://systemd.io/" + +LICENSE="GPL-2 LGPL-2.1 MIT public-domain" +SLOT="0/2" +IUSE=" + acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils + fido2 +gcrypt gnutls homed http idn importd iptables kernel-install +kmod + +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode + +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd +" +REQUIRED_USE=" + ${PYTHON_REQUIRED_USE} + dns-over-tls? ( || ( gnutls openssl ) ) + fido2? ( cryptsetup openssl ) + homed? ( cryptsetup pam openssl ) + importd? ( curl lzma || ( gcrypt openssl ) ) + pwquality? ( homed ) + boot? ( kernel-install ) + ukify? ( boot ) +" +RESTRICT="!test? ( test )" + +MINKV="4.15" + +COMMON_DEPEND=" + >=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}] + sys-libs/libcap:0=[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + acl? ( sys-apps/acl:0= ) + apparmor? ( >=sys-libs/libapparmor-2.13:0= ) + audit? ( >=sys-process/audit-2:0= ) + cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) + curl? ( >=net-misc/curl-7.32.0:0= ) + elfutils? ( >=dev-libs/elfutils-0.158:0= ) + fido2? ( dev-libs/libfido2:0= ) + gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) + gnutls? ( >=net-libs/gnutls-3.6.0:0= ) + http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) + idn? ( net-dns/libidn2:= ) + importd? ( + app-arch/bzip2:0= + sys-libs/zlib:0= + ) + kmod? ( >=sys-apps/kmod-15:0= ) + lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) + iptables? ( net-firewall/iptables:0= ) + openssl? ( >=dev-libs/openssl-1.1.0:0= ) + pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) + pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= ) + pcre? ( dev-libs/libpcre2 ) + pwquality? ( >=dev-libs/libpwquality-1.4.1:0= ) + qrcode? ( >=media-gfx/qrencode-3:0= ) + seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) + selinux? ( >=sys-libs/libselinux-2.1.9:0= ) + tpm? ( app-crypt/tpm2-tss:0= ) + xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) + zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) +" + +# Newer linux-headers needed by ia64, bug #480218 +DEPEND="${COMMON_DEPEND} + >=sys-kernel/linux-headers-${MINKV} +" + +PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' + +# baselayout-2.2 has /run +RDEPEND="${COMMON_DEPEND} + >=acct-group/adm-0-r1 + >=acct-group/wheel-0-r1 + >=acct-group/kmem-0-r1 + >=acct-group/tty-0-r1 + >=acct-group/utmp-0-r1 + >=acct-group/audio-0-r1 + >=acct-group/cdrom-0-r1 + >=acct-group/dialout-0-r1 + >=acct-group/disk-0-r1 + >=acct-group/input-0-r1 + >=acct-group/kvm-0-r1 + >=acct-group/lp-0-r1 + >=acct-group/render-0-r1 + acct-group/sgx + >=acct-group/tape-0-r1 + acct-group/users + >=acct-group/video-0-r1 + >=acct-group/systemd-journal-0-r1 + >=acct-user/root-0-r1 + acct-user/nobody + >=acct-user/systemd-journal-remote-0-r1 + >=acct-user/systemd-coredump-0-r1 + >=acct-user/systemd-network-0-r1 + acct-user/systemd-oom + >=acct-user/systemd-resolve-0-r1 + >=acct-user/systemd-timesync-0-r1 + >=sys-apps/baselayout-2.2 + ukify? ( + ${PYTHON_DEPS} + $(python_gen_cond_dep "${PEFILE_DEPEND}") + ) + selinux? ( + sec-policy/selinux-base-policy[systemd] + sec-policy/selinux-ntp + ) + sysv-utils? ( + !sys-apps/openrc[sysv-utils(-)] + !sys-apps/sysvinit + ) + !sysv-utils? ( sys-apps/sysvinit ) + resolvconf? ( !net-dns/openresolv ) + !sys-apps/hwids[udev] + !sys-auth/nss-myhostname + !sys-fs/eudev + !sys-fs/udev +" + +# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) +PDEPEND=">=sys-apps/dbus-1.9.8[systemd] + >=sys-fs/udev-init-scripts-34 + policykit? ( sys-auth/polkit ) + !vanilla? ( sys-apps/gentoo-systemd-integration )" + +BDEPEND=" + app-arch/xz-utils:0 + dev-util/gperf + >=dev-util/meson-0.46 + >=sys-apps/coreutils-8.16 + sys-devel/gettext + virtual/pkgconfig + test? ( + app-text/tree + dev-lang/perl + sys-apps/dbus + ) + app-text/docbook-xml-dtd:4.2 + app-text/docbook-xml-dtd:4.5 + app-text/docbook-xsl-stylesheets + dev-libs/libxslt:0 + ${PYTHON_DEPS} + $(python_gen_cond_dep " + dev-python/jinja[\${PYTHON_USEDEP}] + dev-python/lxml[\${PYTHON_USEDEP}] + boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] ) + ukify? ( test? ( ${PEFILE_DEPEND} ) ) + ") +" + +QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" +QA_EXECSTACK="usr/lib/systemd/boot/efi/*" + +pkg_pretend() { + if use split-usr; then + eerror "Please complete the migration to merged-usr." + eerror "https://wiki.gentoo.org/wiki/Merge-usr" + die "systemd no longer supports split-usr" + fi + if [[ ${MERGE_TYPE} != buildonly ]]; then + if use test && has pid-sandbox ${FEATURES}; then + ewarn "Tests are known to fail with PID sandboxing enabled." + ewarn "See https://bugs.gentoo.org/674458." + fi + + local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS + ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE + ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS + ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS + ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH + ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED + ~!SYSFS_DEPRECATED_V2" + + use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" + use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" + + if kernel_is -ge 5 10 20; then + CONFIG_CHECK+=" ~KCMP" + else + CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" + fi + + if kernel_is -ge 4 18; then + CONFIG_CHECK+=" ~AUTOFS_FS" + else + CONFIG_CHECK+=" ~AUTOFS4_FS" + fi + + if linux_config_exists; then + local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) + if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then + ewarn "It's recommended to set an empty value to the following kernel config option:" + ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" + fi + if linux_chkconfig_present X86; then + CONFIG_CHECK+=" ~DMIID" + fi + fi + + if kernel_is -lt ${MINKV//./ }; then + ewarn "Kernel version at least ${MINKV} required" + fi + + check_extra_config + fi +} + +pkg_setup() { + use boot && secureboot_pkg_setup +} + +src_unpack() { + default + [[ ${PV} != 9999 ]] || git-r3_src_unpack +} + +src_prepare() { + local PATCHES=( + ) + + if ! use vanilla; then + PATCHES+=( + "${FILESDIR}/gentoo-generator-path-r2.patch" + "${FILESDIR}/gentoo-journald-audit-r1.patch" + ) + fi + + default +} + +src_configure() { + # Prevent conflicts with i686 cross toolchain, bug 559726 + tc-export AR CC NM OBJCOPY RANLIB + + python_setup + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myconf=( + --localstatedir="${EPREFIX}/var" + # default is developer, bug 918671 + -Dmode=release + -Dsupport-url="https://gentoo.org/support/" + -Dpamlibdir="$(getpam_mod_dir)" + # avoid bash-completion dep + -Dbashcompletiondir="$(get_bashcompdir)" + -Dsplit-bin=false + # Disable compatibility with sysvinit + -Dsysvinit-path= + -Dsysvrcnd-path= + # Avoid infinite exec recursion, bug 642724 + -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" + # no deps + -Dima=true + -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) + # Optional components/dependencies + $(meson_native_use_bool acl) + $(meson_native_use_bool apparmor) + $(meson_native_use_bool audit) + $(meson_native_use_bool boot bootloader) + $(meson_native_use_bool cryptsetup libcryptsetup) + $(meson_native_use_bool curl libcurl) + $(meson_native_use_bool dns-over-tls dns-over-tls) + $(meson_native_use_bool elfutils) + $(meson_native_use_bool fido2 libfido2) + $(meson_use gcrypt) + $(meson_native_use_bool gnutls) + $(meson_native_use_bool homed) + $(meson_native_use_bool http microhttpd) + $(meson_native_use_bool idn) + $(meson_native_use_bool importd) + $(meson_native_use_bool importd bzip2) + $(meson_native_use_bool importd zlib) + $(meson_native_use_bool kernel-install) + $(meson_native_use_bool kmod) + $(meson_use lz4) + $(meson_use lzma xz) + $(meson_use test tests) + $(meson_use zstd) + $(meson_native_use_bool iptables libiptc) + $(meson_native_use_bool openssl) + $(meson_use pam) + $(meson_native_use_bool pkcs11 p11kit) + $(meson_native_use_bool pcre pcre2) + $(meson_native_use_bool policykit polkit) + $(meson_native_use_bool pwquality) + $(meson_native_use_bool qrcode qrencode) + $(meson_native_use_bool seccomp) + $(meson_native_use_bool selinux) + $(meson_native_use_bool tpm tpm2) + $(meson_native_use_bool test dbus) + $(meson_native_use_bool ukify) + $(meson_native_use_bool xkb xkbcommon) + -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" + # Breaks screen, tmux, etc. + -Ddefault-kill-user-processes=false + -Dcreate-log-dirs=false + + # multilib options + $(meson_native_true backlight) + $(meson_native_true binfmt) + $(meson_native_true coredump) + $(meson_native_true environment-d) + $(meson_native_true firstboot) + $(meson_native_true hibernate) + $(meson_native_true hostnamed) + $(meson_native_true ldconfig) + $(meson_native_true localed) + $(meson_native_true man) + $(meson_native_true networkd) + $(meson_native_true quotacheck) + $(meson_native_true randomseed) + $(meson_native_true rfkill) + $(meson_native_true sysusers) + $(meson_native_true timedated) + $(meson_native_true timesyncd) + $(meson_native_true tmpfiles) + $(meson_native_true vconsole) + ) + + meson_src_configure "${myconf[@]}" +} + +multilib_src_test() { + unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR + local -x COLUMNS=80 + meson_src_test +} + +multilib_src_install_all() { + # meson doesn't know about docdir + mv "${ED}"/usr/share/doc/{systemd,${PF}} || die + + einstalldocs + dodoc "${FILESDIR}"/nsswitch.conf + + insinto /usr/lib/tmpfiles.d + doins "${FILESDIR}"/legacy.conf + + if ! use resolvconf; then + rm -f "${ED}"/usr/bin/resolvconf || die + fi + + if ! use sysv-utils; then + rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die + rm "${ED}"/usr/share/man/man1/init.1 || die + rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die + fi + + # https://bugs.gentoo.org/761763 + rm -r "${ED}"/usr/lib/sysusers.d || die + + # Preserve empty dirs in /etc & /var, bug #437008 + keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} + keepdir /etc/kernel/install.d + keepdir /etc/systemd/{network,system,user} + keepdir /etc/udev/rules.d + + keepdir /etc/udev/hwdb.d + + keepdir /usr/lib/systemd/{system-sleep,system-shutdown} + keepdir /usr/lib/{binfmt.d,modules-load.d} + keepdir /usr/lib/systemd/user-generators + keepdir /var/lib/systemd + keepdir /var/log/journal + + if use pam; then + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi + + use ukify && python_fix_shebang "${ED}" + use boot && secureboot_auto_sign +} + +migrate_locale() { + local envd_locale_def="${EROOT}/etc/env.d/02locale" + local envd_locale=( "${EROOT}"/etc/env.d/??locale ) + local locale_conf="${EROOT}/etc/locale.conf" + + if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then + # If locale.conf does not exist... + if [[ -e ${envd_locale} ]]; then + # ...either copy env.d/??locale if there's one + ebegin "Moving ${envd_locale} to ${locale_conf}" + mv "${envd_locale}" "${locale_conf}" + eend ${?} || FAIL=1 + else + # ...or create a dummy default + ebegin "Creating ${locale_conf}" + cat > "${locale_conf}" <<-EOF + # This file has been created by the sys-apps/systemd ebuild. + # See locale.conf(5) and localectl(1). + + # LANG=${LANG} + EOF + eend ${?} || FAIL=1 + fi + fi + + if [[ ! -L ${envd_locale} ]]; then + # now, if env.d/??locale is not a symlink (to locale.conf)... + if [[ -e ${envd_locale} ]]; then + # ...warn the user that he has duplicate locale settings + ewarn + ewarn "To ensure consistent behavior, you should replace ${envd_locale}" + ewarn "with a symlink to ${locale_conf}. Please migrate your settings" + ewarn "and create the symlink with the following command:" + ewarn "ln -s -n -f ../locale.conf ${envd_locale}" + ewarn + else + # ...or just create the symlink if there's nothing here + ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" + ln -n -s ../locale.conf "${envd_locale_def}" + eend ${?} || FAIL=1 + fi + fi +} + +pkg_preinst() { + if [[ -e ${EROOT}/etc/sysctl.conf ]]; then + # Symlink /etc/sysctl.conf for easy migration. + dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf + fi + + if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then + ewarn "The 'gnuefi' USE flag has been renamed to 'boot'." + ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot." + fi +} + +pkg_postinst() { + systemd_update_catalog + + # Keep this here in case the database format changes so it gets updated + # when required. + systemd-hwdb --root="${ROOT}" update + + udev_reload || FAIL=1 + + # Bug 465468, make sure locales are respected, and ensure consistency + # between OpenRC & systemd + migrate_locale + + if [[ -z ${REPLACING_VERSIONS} ]]; then + if type systemctl &>/dev/null; then + systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 + fi + elog "To enable a useful set of services, run the following:" + elog " systemctl preset-all --preset-mode=enable-only" + fi + + if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then + rm "${EROOT}/var/lib/systemd/timesync" + fi + + if [[ -z ${ROOT} && -d /run/systemd/system ]]; then + ebegin "Reexecuting system manager (systemd)" + systemctl daemon-reexec + eend $? || FAIL=1 + fi + + if [[ ${FAIL} ]]; then + eerror "One of the postinst commands failed. Please check the postinst output" + eerror "for errors. You may need to clean up your system and/or try installing" + eerror "systemd again." + eerror + fi +} + +pkg_prerm() { + # If removing systemd completely, remove the catalog database. + if [[ ! ${REPLACED_BY_VERSION} ]]; then + rm -f -v "${EROOT}"/var/lib/systemd/catalog/database + fi +} |