summaryrefslogtreecommitdiff
path: root/sys-apps
diff options
context:
space:
mode:
Diffstat (limited to 'sys-apps')
-rw-r--r--sys-apps/Manifest.gzbin49757 -> 49759 bytes
-rw-r--r--sys-apps/pv/Manifest2
-rw-r--r--sys-apps/pv/pv-1.8.0.ebuild2
-rw-r--r--sys-apps/systemd-utils/Manifest2
-rw-r--r--sys-apps/systemd-utils/systemd-utils-254.8.ebuild575
-rw-r--r--sys-apps/systemd/Manifest5
-rw-r--r--sys-apps/systemd/files/254-PrivateDevices-userdbd.patch242
-rw-r--r--sys-apps/systemd/systemd-254.8.ebuild526
-rw-r--r--sys-apps/systemd/systemd-255.2.ebuild509
9 files changed, 1861 insertions, 2 deletions
diff --git a/sys-apps/Manifest.gz b/sys-apps/Manifest.gz
index 60ac61e93a56..6e65f26704fd 100644
--- a/sys-apps/Manifest.gz
+++ b/sys-apps/Manifest.gz
Binary files differ
diff --git a/sys-apps/pv/Manifest b/sys-apps/pv/Manifest
index b271948bc07d..c2acfd731777 100644
--- a/sys-apps/pv/Manifest
+++ b/sys-apps/pv/Manifest
@@ -6,7 +6,7 @@ DIST pv-1.8.5.tar.gz 327072 BLAKE2B ef7fcf64430a72e04ca3a922115e7012c999109bb7e1
DIST pv-1.8.5.tar.gz.asc 691 BLAKE2B ac5bd2b05e145d4ea5aedbb148b39a317d68329787f06f39f808be75951da0e0f460254b4a5049a8eafabad07edfbe936be00154f5dfa660628c8a3dfa3b7ffd SHA512 8414b2485347579a54233a2f241c080ab6461799c149567ab1063ce812b08ab2293f55bf8a24bcadabf94d12ce3dce36fe57277d822d115db9e53c957fe99c20
EBUILD pv-1.6.20.ebuild 1456 BLAKE2B 055fc1d118f5f5500e3fb453d94ae40c0db8389425df249cd2cc8d9303db9a113a13d324c1b2f53d993ce455eaaaa695bc542a4c53f5bc2564d314ffbe76721d SHA512 583e35041a54b3123c757acad234afb053d00703e8b8a57efb680fc76d7738485f30d0aed94ad31bbd9d4a4db7356b72a0628ec74fffaa3388af8b7e3abf54a3
EBUILD pv-1.7.24.ebuild 1364 BLAKE2B bcf84d8ce9ef43828b060ace27d330cf452ae996539181bccc1114c111523650966d83996c7625848bb01693125ef768155ae4d958ebe1abb5e5322c04972e50 SHA512 92251054a71196ce418360c14cbcfdd1d0beec36c1420655a9cfbfb5c9c37016725e1f55f49791f95ec291f01877d937ac9d49b1c8f0c01988cffbca4324d84e
-EBUILD pv-1.8.0.ebuild 1336 BLAKE2B 048a9bf24d8b0142dc4ee5966260c3607de73153a490e79a3367d3b165ab01e93393900fe4af6ede30dba2c310b4079e5d8a4f5f0c8fcb21adbf3c533b96b69a SHA512 2ce0675b016a1a5ce2d695366d04fe51cc21cad1ece463d877c84172387344dd33ebe7831afb8e2727767f1db69a594c6c8768b56b40a4c081ebaf21a6dcd77e
+EBUILD pv-1.8.0.ebuild 1335 BLAKE2B 5d9da44641afb747a35548020b97daa756bf14e0dab16f915779fc769bd806a7f75f3b13a42d3d9ba2a501fddc87207205c40c8971f2364c4002aa0915a4913a SHA512 1da146fb42650835ccb6f6acb51ff9a95d8667123c0e00b05b031bae2c942c750154badebd0f191608d7d23a3781b2b4c47c1427e591aa77a46901ca5e6ad74d
EBUILD pv-1.8.5.ebuild 1286 BLAKE2B d706213997fa9347003871e733498eb6cd7772506d3af209f6d6114827308fe27df92baccdf0285c740fb1d8a792b965d2368bafaf855aef5ee52e804a66b5fd SHA512 435a956dedf403f7fd6710383df5e7dfe8c249b24e795c259c58b5fead2d4dddcd459005badb6ad3fb7d79576ca5d5752152446a2c17b17f2009ce6439353ad3
EBUILD pv-9999.ebuild 1286 BLAKE2B d706213997fa9347003871e733498eb6cd7772506d3af209f6d6114827308fe27df92baccdf0285c740fb1d8a792b965d2368bafaf855aef5ee52e804a66b5fd SHA512 435a956dedf403f7fd6710383df5e7dfe8c249b24e795c259c58b5fead2d4dddcd459005badb6ad3fb7d79576ca5d5752152446a2c17b17f2009ce6439353ad3
MISC metadata.xml 352 BLAKE2B 52ddc86245bfabca6612732be0e84d336ba0601d3b91d17c583025e370aeaaba0ff38ee9f2097eb0b57a434730d1b439835514488507093112d48b8ed7b36ccb SHA512 541a8d15d5810888535bec6d364dc5e319ae3960d44588660e52afafc37232b77f2f5fdbcdfec5e0dae2629f1ca2b9ca72ee1055e152b68d5b3bed8d3eff1d2a
diff --git a/sys-apps/pv/pv-1.8.0.ebuild b/sys-apps/pv/pv-1.8.0.ebuild
index b59b9f7552bc..5e7d39e35f31 100644
--- a/sys-apps/pv/pv-1.8.0.ebuild
+++ b/sys-apps/pv/pv-1.8.0.ebuild
@@ -18,7 +18,7 @@ else
verify-sig? ( https://www.ivarch.com/programs/sources/${P}.tar.gz.txt -> ${P}.tar.gz.asc )
"
- KEYWORDS="~alpha amd64 ~arm arm64 hppa ~mips ~ppc ppc64 ~riscv sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos"
+ KEYWORDS="~alpha amd64 ~arm arm64 hppa ~mips ppc ppc64 ~riscv sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos"
fi
LICENSE="GPL-3+"
diff --git a/sys-apps/systemd-utils/Manifest b/sys-apps/systemd-utils/Manifest
index 1014c7f692f3..00d96463e97c 100644
--- a/sys-apps/systemd-utils/Manifest
+++ b/sys-apps/systemd-utils/Manifest
@@ -12,10 +12,12 @@ DIST systemd-stable-253.13.tar.gz 12183733 BLAKE2B f0cf127f71a0abe2a02f5421816a6
DIST systemd-stable-254.5.tar.gz 14334696 BLAKE2B 2f63d79ae93add69ac0b56dda9f67019340f84692de4da200557b9f5f1f16bebbad42a9a7e2d6ef7420aa37746d2ede0481fd8e39f03a31576c7e4e48e259ce3 SHA512 cac713670216add9e5473e2c86f04da441015e7cc0ac1500b9e1489a435f9b80c4c6ee24e9b22e4c4213a495bc1a0a908925df2045e344a2170d5aea6aafa16c
DIST systemd-stable-254.6.tar.gz 14400611 BLAKE2B 5b23131b8aaabcd386ceb9cfb4ba8e7e1c92c454dbcc2dd907fb459f3022cd324cef86d531fe296ad56349602e487544d60900f71e189aadac6ec0a361a382e3 SHA512 3ebb8c2b931d13cf6efa59842d6d7fb84410fee02f5161061900321497d33750e0b88e2366a4234ba1ab0b89b797da0b1f8b577e0924e560cd9914fde83a1e45
DIST systemd-stable-254.7.tar.gz 14411955 BLAKE2B 1213237a001fb0aef8912637f31d7d77888bc2505e1e8d8d295642a547bdebbc3a786eed095694e6a6fe2665d6e8e45e98cd883186eedeb1b4fd73daf2520dcf SHA512 2e859813f1f52fa693631ce43466875ac2ac42e09872011ee52fe4e44727663c3de9f128a47776899423188c1e99ce73a69059426a9356c930e275037d001685
+DIST systemd-stable-254.8.tar.gz 14418468 BLAKE2B e5a151ece86e57c7224fc95bda1b4ede1277fce4a2ba28d3605ab0431a2aafe1088f90c49a20e3b53a5b56aeef7c0f1f5da0601db740150f5efdf6eae7bbde80 SHA512 a3f35d9fcafcccd8d9c33ab1047241f226146017be95562a67c7dcc9eeb4b77bded92ad80e92f4767f2bf2009df0172a621d4c54a805e07ed5a5ed03940ec28e
EBUILD systemd-utils-253.11-r1.ebuild 12608 BLAKE2B aa3fc7468ada1b120d868cdbc94eeb22a5a4ec7ddbcca37d364cd996094021c82e8c98a2ff1e42f04cf57314ceb9a48b1edf7df3976de926fbfe208f422dd459 SHA512 51739b8478efb3bbf326b8681bb51adc2e150316fcae68984d68cbc05389e09c45da06cc77bb96ff2d43ad6c1951b91e05d41377e02684aa873d7c603e183d4d
EBUILD systemd-utils-253.12-r1.ebuild 12616 BLAKE2B ba823f24fc2b19f5aa9ca1ff9df8521efe9847d5440cd3dfa35c912f5b8d32418cc13220e8e50422350f0dd1812f38a6c06c44d9e518aad3ebca9d17d4564029 SHA512 abb188db7c96f7a2afb022fb548106870f876fbeeac5cb415b2ef26fd34254ddad0568d6f74c1165dbb2549c5d144d7bfabef7aedf6ce120c1c1b339ccda4e16
EBUILD systemd-utils-253.13.ebuild 12616 BLAKE2B ba823f24fc2b19f5aa9ca1ff9df8521efe9847d5440cd3dfa35c912f5b8d32418cc13220e8e50422350f0dd1812f38a6c06c44d9e518aad3ebca9d17d4564029 SHA512 abb188db7c96f7a2afb022fb548106870f876fbeeac5cb415b2ef26fd34254ddad0568d6f74c1165dbb2549c5d144d7bfabef7aedf6ce120c1c1b339ccda4e16
EBUILD systemd-utils-254.5-r2.ebuild 13076 BLAKE2B b3da8f4d0f6ce116618e6f7885b41bc0ef5724b1ec3d58b7fd080494a29bb101dddab4e0fc278a50ba340c1988055fe6a5ee352bc1aad33012226a1ee4d15dad SHA512 90b6f053e921aa6d80b19d484a5f5ac8f74325f1d4e2e08e379a1fb53456e7250b60e9969b6b3ca7e5ce26ac6215d419742e81f36decc6ebbb3d47b2f1f35e27
EBUILD systemd-utils-254.6.ebuild 13084 BLAKE2B ee9dee6a8edce96691b88edf54fcb25a2e5e004eecf5c1cd27fa782464164ab670f11925f3f2ce9014975401571fd47f5cc3adf706c394fe61f1b8b24fd94749 SHA512 7fb74bb5532548bf41b0ce50dbb2936391c6adc140ed9ad6e3b56b30159e4e4c629a87c61602d4231fcc87c6abe288fdf305c13ff739a19e64e9bdd7347d4e6c
EBUILD systemd-utils-254.7.ebuild 13076 BLAKE2B b3da8f4d0f6ce116618e6f7885b41bc0ef5724b1ec3d58b7fd080494a29bb101dddab4e0fc278a50ba340c1988055fe6a5ee352bc1aad33012226a1ee4d15dad SHA512 90b6f053e921aa6d80b19d484a5f5ac8f74325f1d4e2e08e379a1fb53456e7250b60e9969b6b3ca7e5ce26ac6215d419742e81f36decc6ebbb3d47b2f1f35e27
+EBUILD systemd-utils-254.8.ebuild 13084 BLAKE2B ee9dee6a8edce96691b88edf54fcb25a2e5e004eecf5c1cd27fa782464164ab670f11925f3f2ce9014975401571fd47f5cc3adf706c394fe61f1b8b24fd94749 SHA512 7fb74bb5532548bf41b0ce50dbb2936391c6adc140ed9ad6e3b56b30159e4e4c629a87c61602d4231fcc87c6abe288fdf305c13ff739a19e64e9bdd7347d4e6c
MISC metadata.xml 888 BLAKE2B b799e1d62a1208dbbec1a1cfb47592b069d5c79cb18efffef922c72b0d61e30938d26c6f4e0d3951f9c327601dd71de14062dad0a47e6b84a61b1a8b125f1a6b SHA512 6debd964f9c127ba4332e0c0b86e506d3cf10cbe3cd45442bf7955b16e790a9eccdd928d473b3722b11b4a75d34fe5bb91f4867a5dc92e786ba73d9ec3f54712
diff --git a/sys-apps/systemd-utils/systemd-utils-254.8.ebuild b/sys-apps/systemd-utils/systemd-utils-254.8.ebuild
new file mode 100644
index 000000000000..a5364fa98930
--- /dev/null
+++ b/sys-apps/systemd-utils/systemd-utils-254.8.ebuild
@@ -0,0 +1,575 @@
+# Copyright 2022-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+PYTHON_COMPAT=( python3_{10..12} )
+
+QA_PKGCONFIG_VERSION=$(ver_cut 1)
+
+inherit bash-completion-r1 flag-o-matic linux-info meson-multilib python-single-r1
+inherit secureboot toolchain-funcs udev usr-ldscript
+
+DESCRIPTION="Utilities split out from systemd for OpenRC users"
+HOMEPAGE="https://systemd.io/"
+
+if [[ ${PV} == *.* ]]; then
+ MY_P="systemd-stable-${PV}"
+ S="${WORKDIR}/${MY_P}"
+ SRC_URI="https://github.com/systemd/systemd-stable/archive/refs/tags/v${PV}.tar.gz -> ${MY_P}.tar.gz"
+else
+ MY_P="systemd-${PV}"
+ S="${WORKDIR}/${MY_P}"
+ SRC_URI="https://github.com/systemd/systemd/archive/refs/tags/v${PV}.tar.gz -> ${MY_P}.tar.gz"
+fi
+
+MUSL_PATCHSET="systemd-musl-patches-254.3"
+SRC_URI+=" elibc_musl? ( https://dev.gentoo.org/~floppym/dist/${MUSL_PATCHSET}.tar.gz )"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="+acl boot +kmod kernel-install selinux split-usr sysusers +tmpfiles test +udev ukify"
+REQUIRED_USE="
+ || ( kernel-install tmpfiles sysusers udev )
+ boot? ( kernel-install )
+ ukify? ( boot )
+ ${PYTHON_REQUIRED_USE}
+"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+ elibc_musl? ( >=sys-libs/musl-1.2.3 )
+ selinux? ( sys-libs/libselinux:0= )
+ tmpfiles? (
+ acl? ( sys-apps/acl:0= )
+ )
+ udev? (
+ >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+ sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+ virtual/libcrypt:=[${MULTILIB_USEDEP}]
+ acl? ( sys-apps/acl:0= )
+ kmod? ( >=sys-apps/kmod-15:0= )
+ )
+ !udev? (
+ >=sys-apps/util-linux-2.30:0=
+ sys-libs/libcap:0=
+ virtual/libcrypt:=
+ )
+"
+DEPEND="${COMMON_DEPEND}
+ >=sys-kernel/linux-headers-3.11
+"
+
+PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
+
+RDEPEND="${COMMON_DEPEND}
+ boot? ( !<sys-boot/systemd-boot-250 )
+ ukify? (
+ ${PYTHON_DEPS}
+ $(python_gen_cond_dep "${PEFILE_DEPEND}")
+ )
+ tmpfiles? ( !<sys-apps/systemd-tmpfiles-250 )
+ udev? (
+ acct-group/audio
+ acct-group/cdrom
+ acct-group/dialout
+ acct-group/disk
+ acct-group/floppy
+ acct-group/input
+ acct-group/kmem
+ acct-group/kvm
+ acct-group/lp
+ acct-group/render
+ acct-group/sgx
+ acct-group/tape
+ acct-group/tty
+ acct-group/usb
+ acct-group/video
+ !sys-apps/gentoo-systemd-integration
+ !sys-apps/hwids[udev]
+ !<sys-fs/udev-250
+ !sys-fs/eudev
+ )
+ !sys-apps/systemd
+"
+PDEPEND="
+ udev? ( >=sys-fs/udev-init-scripts-34 )
+"
+BDEPEND="
+ app-text/docbook-xml-dtd:4.2
+ app-text/docbook-xml-dtd:4.5
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt
+ dev-util/gperf
+ >=sys-apps/coreutils-8.16
+ sys-devel/gettext
+ virtual/pkgconfig
+ $(python_gen_cond_dep "
+ dev-python/jinja[\${PYTHON_USEDEP}]
+ dev-python/lxml[\${PYTHON_USEDEP}]
+ boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] )
+ ukify? ( test? ( ${PEFILE_DEPEND} ) )
+ ")
+"
+
+TMPFILES_OPTIONAL=1
+UDEV_OPTIONAL=1
+
+QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
+QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
+
+CONFIG_CHECK="~BLK_DEV_BSG ~DEVTMPFS ~!IDE ~INOTIFY_USER ~!SYSFS_DEPRECATED
+ ~!SYSFS_DEPRECATED_V2 ~SIGNALFD ~EPOLL ~FHANDLE ~NET ~UNIX"
+
+pkg_setup() {
+ if [[ ${MERGE_TYPE} != buildonly ]] && use udev; then
+ linux-info_pkg_setup
+ fi
+ use boot && secureboot_pkg_setup
+}
+
+src_prepare() {
+ local PATCHES=(
+ "${FILESDIR}/${PN}-254.3-add-link-kernel-install-shared-option.patch"
+ )
+
+ if use elibc_musl; then
+ PATCHES+=(
+ "${WORKDIR}/${MUSL_PATCHSET}"
+ )
+ fi
+ default
+
+ # Remove install_rpath; we link statically
+ local rpath_pattern="install_rpath : rootpkglibdir,"
+ grep -q -e "${rpath_pattern}" meson.build || die
+ sed -i -e "/${rpath_pattern}/d" meson.build || die
+}
+
+src_configure() {
+ python_setup
+ meson-multilib_src_configure
+}
+
+multilib_src_configure() {
+ local emesonargs=(
+ $(meson_use split-usr)
+ $(meson_use split-usr split-bin)
+ -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
+ -Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
+ -Dsysvinit-path=
+ $(meson_native_use_bool boot bootloader)
+ $(meson_native_use_bool kernel-install)
+ $(meson_native_use_bool selinux)
+ $(meson_native_use_bool sysusers)
+ $(meson_use test tests)
+ $(meson_native_use_bool tmpfiles)
+ $(meson_use udev hwdb)
+ $(meson_native_use_bool ukify)
+
+ # Link staticly with libsystemd-shared
+ -Dlink-boot-shared=false
+ -Dlink-kernel-install-shared=false
+ -Dlink-udev-shared=false
+
+ # systemd-tmpfiles has a separate "systemd-tmpfiles.standalone" target
+ -Dstandalone-binaries=true
+
+ # Disable all optional features
+ -Dadm-group=false
+ -Danalyze=false
+ -Dapparmor=false
+ -Daudit=false
+ -Dbacklight=false
+ -Dbinfmt=false
+ -Dbpf-framework=false
+ -Dbzip2=false
+ -Dcoredump=false
+ -Ddbus=false
+ -Delfutils=false
+ -Denvironment-d=false
+ -Dfdisk=false
+ -Dgcrypt=false
+ -Dglib=false
+ -Dgshadow=false
+ -Dgnutls=false
+ -Dhibernate=false
+ -Dhostnamed=false
+ -Didn=false
+ -Dima=false
+ -Dinitrd=false
+ -Dfirstboot=false
+ -Dldconfig=false
+ -Dlibcryptsetup=false
+ -Dlibcurl=false
+ -Dlibfido2=false
+ -Dlibidn=false
+ -Dlibidn2=false
+ -Dlibiptc=false
+ -Dlocaled=false
+ -Dlogind=false
+ -Dlz4=false
+ -Dmachined=false
+ -Dmicrohttpd=false
+ -Dnetworkd=false
+ -Dnscd=false
+ -Dnss-myhostname=false
+ -Dnss-resolve=false
+ -Dnss-systemd=false
+ -Doomd=false
+ -Dopenssl=false
+ -Dp11kit=false
+ -Dpam=false
+ -Dpcre2=false
+ -Dpolkit=false
+ -Dportabled=false
+ -Dpstore=false
+ -Dpwquality=false
+ -Drandomseed=false
+ -Dresolve=false
+ -Drfkill=false
+ -Dseccomp=false
+ -Dsmack=false
+ -Dsysext=false
+ -Dtimedated=false
+ -Dtimesyncd=false
+ -Dtpm=false
+ -Dqrencode=false
+ -Dquotacheck=false
+ -Duserdb=false
+ -Dutmp=false
+ -Dvconsole=false
+ -Dwheel-group=false
+ -Dxdg-autostart=false
+ -Dxkbcommon=false
+ -Dxz=false
+ -Dzlib=false
+ -Dzstd=false
+ )
+
+ if use tmpfiles || use udev; then
+ emesonargs+=( $(meson_native_use_bool acl) )
+ else
+ emesonargs+=( -Dacl=false )
+ fi
+
+ if use udev; then
+ emesonargs+=( $(meson_native_use_bool kmod) )
+ else
+ emesonargs+=( -Dkmod=false )
+ fi
+
+ if use elibc_musl; then
+ # Avoid redefinition of struct ethhdr.
+ append-cppflags -D__UAPI_DEF_ETHHDR=0
+ fi
+
+ if multilib_is_native_abi || use udev; then
+ meson_src_configure
+ fi
+}
+
+efi_arch() {
+ case "$(tc-arch)" in
+ amd64) echo x64 ;;
+ arm) echo arm ;;
+ arm64) echo aa64 ;;
+ x86) echo x86 ;;
+ esac
+}
+
+multilib_src_compile() {
+ local targets=()
+ if multilib_is_native_abi; then
+ if use boot; then
+ targets+=(
+ bootctl
+ man/bootctl.1
+ src/boot/efi/linux$(efi_arch).efi.stub
+ src/boot/efi/systemd-boot$(efi_arch).efi
+ )
+ fi
+ if use kernel-install; then
+ targets+=(
+ kernel-install
+ 90-loaderentry.install
+ man/kernel-install.8
+ )
+ fi
+ if use sysusers; then
+ targets+=(
+ systemd-sysusers.standalone
+ man/sysusers.d.5
+ man/systemd-sysusers.8
+ )
+ if use test; then
+ targets+=(
+ systemd-runtest.env
+ )
+ fi
+ fi
+ if use tmpfiles; then
+ targets+=(
+ systemd-tmpfiles.standalone
+ man/tmpfiles.d.5
+ man/systemd-tmpfiles.8
+ tmpfiles.d/{etc,static-nodes-permissions,var}.conf
+ )
+ if use test; then
+ targets+=( test-tmpfile-util )
+ fi
+ fi
+ if use udev; then
+ targets+=(
+ udevadm
+ systemd-hwdb
+ src/udev/ata_id
+ src/udev/cdrom_id
+ src/udev/fido_id
+ src/udev/mtd_probe
+ src/udev/scsi_id
+ src/udev/udev.pc
+ src/udev/v4l_id
+ man/udev.conf.5
+ man/systemd.link.5
+ man/hwdb.7
+ man/udev.7
+ man/systemd-hwdb.8
+ man/systemd-udevd.service.8
+ man/udevadm.8
+ man/libudev.3
+ man/udev_device_get_syspath.3
+ man/udev_device_has_tag.3
+ man/udev_device_new_from_syspath.3
+ man/udev_enumerate_add_match_subsystem.3
+ man/udev_enumerate_new.3
+ man/udev_enumerate_scan_devices.3
+ man/udev_list_entry.3
+ man/udev_monitor_filter_update.3
+ man/udev_monitor_new_from_netlink.3
+ man/udev_monitor_receive_device.3
+ man/udev_new.3
+ hwdb.d/60-autosuspend-chromiumos.hwdb
+ rules.d/50-udev-default.rules
+ rules.d/60-persistent-storage.rules
+ rules.d/64-btrfs.rules
+ )
+ if use test; then
+ targets+=(
+ test-fido-id-desc
+ test-udev-builtin
+ test-udev-event
+ test-udev-node
+ test-udev-util
+ udev-rule-runner
+ )
+ fi
+ fi
+ if use ukify; then
+ targets+=(
+ ukify
+ 60-ukify.install
+ man/ukify.1
+ )
+ fi
+ fi
+ if use udev; then
+ targets+=(
+ udev:shared_library
+ src/libudev/libudev.pc
+ )
+ if use test; then
+ targets+=(
+ test-libudev
+ test-libudev-sym
+ test-udev-device-thread
+ )
+ fi
+ fi
+ if multilib_is_native_abi || use udev; then
+ meson_src_compile "${targets[@]}"
+ fi
+}
+
+multilib_src_test() {
+ local tests=()
+ if multilib_is_native_abi; then
+ if use sysusers; then
+ tests+=(
+ test-sysusers.standalone
+ )
+ fi
+ if use tmpfiles; then
+ tests+=(
+ test-systemd-tmpfiles.standalone
+ test-tmpfile-util
+ )
+ fi
+ if use udev; then
+ tests+=(
+ rule-syntax-check
+ test-fido-id-desc
+ test-udev
+ test-udev-builtin
+ test-udev-event
+ test-udev-node
+ test-udev-util
+ )
+ fi
+ fi
+ if use udev; then
+ tests+=(
+ test-libudev
+ test-libudev-sym
+ test-udev-device-thread
+ )
+ fi
+ if [[ ${#tests[@]} -ne 0 ]]; then
+ meson_src_test "${tests[@]}"
+ fi
+}
+
+src_install() {
+ local rootprefix="$(usex split-usr '' /usr)"
+ meson-multilib_src_install
+}
+
+multilib_src_install() {
+ if multilib_is_native_abi; then
+ if use boot; then
+ into /usr
+ dobin bootctl
+ doman man/bootctl.1
+ insinto usr/lib/systemd/boot/efi
+ doins src/boot/efi/{linux$(efi_arch).{efi,elf}.stub,systemd-boot$(efi_arch).efi}
+ fi
+ if use kernel-install; then
+ dobin kernel-install
+ doman man/kernel-install.8
+ # copy the default set of plugins
+ cp "${S}/src/kernel-install/"*.install src/kernel-install || die
+ exeinto usr/lib/kernel/install.d
+ doexe src/kernel-install/*.install
+ fi
+ if use sysusers; then
+ into "${rootprefix:-/}"
+ newbin systemd-sysusers{.standalone,}
+ doman man/{systemd-sysusers.8,sysusers.d.5}
+ fi
+ if use tmpfiles; then
+ into "${rootprefix:-/}"
+ newbin systemd-tmpfiles{.standalone,}
+ doman man/{systemd-tmpfiles.8,tmpfiles.d.5}
+ insinto /usr/lib/tmpfiles.d
+ doins tmpfiles.d/{etc,static-nodes-permissions,var}.conf
+ fi
+ if use udev; then
+ into "${rootprefix:-/}"
+ dobin udevadm systemd-hwdb
+ dosym ../../bin/udevadm "${rootprefix}"/lib/systemd/systemd-udevd
+
+ exeinto "${rootprefix}"/lib/udev
+ doexe src/udev/{ata_id,cdrom_id,fido_id,mtd_probe,scsi_id,v4l_id}
+
+ rm -f rules.d/99-systemd.rules
+ insinto "${rootprefix}"/lib/udev/rules.d
+ doins rules.d/*.rules
+
+ insinto "${rootprefix}"/lib/udev/hwdb.d
+ doins hwdb.d/*.hwdb
+
+ insinto /usr/share/pkgconfig
+ doins src/udev/udev.pc
+
+ doman man/{udev.conf.5,systemd.link.5,hwdb.7,systemd-hwdb.8,udev.7,udevadm.8}
+ newman man/systemd-udevd.service.8 systemd-udevd.8
+ doman man/libudev.3
+ doman man/udev_*.3
+ fi
+ if use ukify; then
+ exeinto "${rootprefix}"/lib/systemd/
+ doexe ukify
+ doman man/ukify.1
+ fi
+ fi
+ if use udev; then
+ meson_install --no-rebuild --tags libudev
+ gen_usr_ldscript -a udev
+ insinto "/usr/$(get_libdir)/pkgconfig"
+ doins src/libudev/libudev.pc
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ if use boot; then
+ into /usr
+ exeinto usr/lib/kernel/install.d
+ doexe src/kernel-install/*.install
+ dobashcomp shell-completion/bash/bootctl
+ insinto /usr/share/zsh/site-functions
+ doins shell-completion/zsh/{_bootctl,_kernel-install}
+ fi
+ if use tmpfiles; then
+ doinitd "${FILESDIR}"/systemd-tmpfiles-setup
+ doinitd "${FILESDIR}"/systemd-tmpfiles-setup-dev
+ exeinto /etc/cron.daily
+ doexe "${FILESDIR}"/systemd-tmpfiles-clean
+ insinto /usr/share/zsh/site-functions
+ doins shell-completion/zsh/_systemd-tmpfiles
+ insinto /usr/lib/tmpfiles.d
+ doins tmpfiles.d/{tmp,x11}.conf
+ doins "${FILESDIR}"/legacy.conf
+ fi
+ if use udev; then
+ doheader src/libudev/libudev.h
+
+ insinto /etc/udev
+ doins src/udev/udev.conf
+ keepdir /etc/udev/{hwdb.d,rules.d}
+
+ insinto "${rootprefix}"/lib/systemd/network
+ doins network/99-default.link
+
+ # Remove to avoid conflict with elogind
+ # https://bugs.gentoo.org/856433
+ rm rules.d/70-power-switch.rules || die
+ insinto "${rootprefix}"/lib/udev/rules.d
+ doins rules.d/*.rules
+ doins "${FILESDIR}"/40-gentoo.rules
+
+ insinto "${rootprefix}"/lib/udev/hwdb.d
+ doins hwdb.d/*.hwdb
+
+ dobashcomp shell-completion/bash/udevadm
+
+ insinto /usr/share/zsh/site-functions
+ doins shell-completion/zsh/_udevadm
+ fi
+
+ use ukify && python_fix_shebang "${ED}"
+ use boot && secureboot_auto_sign
+}
+
+add_service() {
+ local initd=$1
+ local runlevel=$2
+
+ ebegin "Adding '${initd}' service to the '${runlevel}' runlevel"
+ mkdir -p "${EROOT}/etc/runlevels/${runlevel}" &&
+ ln -snf "${EPREFIX}/etc/init.d/${initd}" "${EROOT}/etc/runlevels/${runlevel}/${initd}"
+ eend $?
+}
+
+pkg_postinst() {
+ if [[ -z ${REPLACING_VERSIONS} ]]; then
+ add_service systemd-tmpfiles-setup-dev sysinit
+ add_service systemd-tmpfiles-setup boot
+ fi
+ if use udev; then
+ ebegin "Updating hwdb"
+ systemd-hwdb --root="${ROOT}" update
+ eend $?
+ udev_reload
+ fi
+}
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 17c437ae0983..d749f170bf1b 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,3 +1,4 @@
+AUX 254-PrivateDevices-userdbd.patch 9905 BLAKE2B ecc0cac69ddb680f57b537ac239c2b561b41635e1a6208dd72b7ae85b437f8ddfc0a026fe3530df7777b6c35f2e79edf73ab26e8ea590dd15865836e55eff3c0 SHA512 ce2b9e10854d87a6f179ed9b3ef85b5caf7b51ecd65584d70a90a3151b113158fd5565dbf9806e177f801a555161bf783e77230f9c6c67904484d04de3aac497
AUX 255-analyze-regression.patch 5012 BLAKE2B d879d01584501351cc865d0e593b78e176173686e2421c96a614453e92eca5199e2608cab9bff7c3fa635cb86fffbaf1e68099060a733940de916b237f485d43 SHA512 02de204c7f1d589b194bf75698cc0f3c473b155f1fb2a351d4ab335f589869c4b0cae2812c753ebec0463d1d6e714e927224bb56f271aba959ed28c2c09a678e
AUX gentoo-generator-path-r2.patch 994 BLAKE2B 2bfb42623221291030fa9f7310e9bf747351a26f6ffd842628298787b74d4ec562bacaa9fc5365f7e854f695dab5f74bc06883fefc1f210dce4fd415926817ac SHA512 98054222ea232e120625573b6a532c312eccc02fe657152610b7d056b964bb2165fffae9d17fd986cf547af885d44c26b117fe68df5b24e2607d37f3729d0ada
AUX gentoo-journald-audit-r1.patch 1941 BLAKE2B 93f1a0ba8dd575359e5ab4bd04f99ed3172dbe1ba14d8cade6fc08b0158e66847900d8531898ee9ec3855ac3857cf07a3e10804a3cb67719f0e9378437eba836 SHA512 affbe58aa65ebca7c1c6d790f9f68ffc44bda70a08165f5298ee4a84ab1c16cf534950ac50ffdb61b647e5eb068f51c333a76e39d8336e21e5d1b0199192139c
@@ -16,7 +17,9 @@ DIST systemd-stable-254.4.tar.gz 14332995 BLAKE2B 2b51ea867e142beeaf332cead5e2da
DIST systemd-stable-254.5.tar.gz 14334696 BLAKE2B 2f63d79ae93add69ac0b56dda9f67019340f84692de4da200557b9f5f1f16bebbad42a9a7e2d6ef7420aa37746d2ede0481fd8e39f03a31576c7e4e48e259ce3 SHA512 cac713670216add9e5473e2c86f04da441015e7cc0ac1500b9e1489a435f9b80c4c6ee24e9b22e4c4213a495bc1a0a908925df2045e344a2170d5aea6aafa16c
DIST systemd-stable-254.6.tar.gz 14400611 BLAKE2B 5b23131b8aaabcd386ceb9cfb4ba8e7e1c92c454dbcc2dd907fb459f3022cd324cef86d531fe296ad56349602e487544d60900f71e189aadac6ec0a361a382e3 SHA512 3ebb8c2b931d13cf6efa59842d6d7fb84410fee02f5161061900321497d33750e0b88e2366a4234ba1ab0b89b797da0b1f8b577e0924e560cd9914fde83a1e45
DIST systemd-stable-254.7.tar.gz 14411955 BLAKE2B 1213237a001fb0aef8912637f31d7d77888bc2505e1e8d8d295642a547bdebbc3a786eed095694e6a6fe2665d6e8e45e98cd883186eedeb1b4fd73daf2520dcf SHA512 2e859813f1f52fa693631ce43466875ac2ac42e09872011ee52fe4e44727663c3de9f128a47776899423188c1e99ce73a69059426a9356c930e275037d001685
+DIST systemd-stable-254.8.tar.gz 14418468 BLAKE2B e5a151ece86e57c7224fc95bda1b4ede1277fce4a2ba28d3605ab0431a2aafe1088f90c49a20e3b53a5b56aeef7c0f1f5da0601db740150f5efdf6eae7bbde80 SHA512 a3f35d9fcafcccd8d9c33ab1047241f226146017be95562a67c7dcc9eeb4b77bded92ad80e92f4767f2bf2009df0172a621d4c54a805e07ed5a5ed03940ec28e
DIST systemd-stable-255.1.tar.gz 14863856 BLAKE2B 3cf30872cf68117fea970ee2af2dad5e017bec351c866b7b22c9e2f8501c6e526421288feee7fbcf4994bba24beb4b2d98e858ac5b014dd832f9833767e28efe SHA512 ec1506b8e36c943920d8a5a8f6bbedd687d6a8cbc5cd28510485aaa65b96ad1bb58e77cf138818c95d31ea748bb65c56b95efd781d18c8936e910e222e9fdedb
+DIST systemd-stable-255.2.tar.gz 14864388 BLAKE2B 101da82a5d63eaa48c2dc4bad5ab713b4e8b544134de8216f315a97736eb699eaf756aef2d9a4e2126f0d248b3a7e28bc986ccc2154d5d110db733d114072eec SHA512 0a9a43adc6d23f52349d298cdff3f3ae6accd7e43a33253608f7a9d241699c7cba3c9f6a0fa6da3ae3cba0e246e272076bfa2cdf5bade7bc019406f407be0bb9
EBUILD systemd-253.11.ebuild 14661 BLAKE2B 4d08e0b78f8748ae78b9eaded181c740bc5c5f78f83fe7dc61cc9738658bedd6811e0d214c32e719e96898ad70008d15e527e12b7df17b122f3d9ce45505e94a SHA512 1d5ee451cf3a0494399c2f30c9cf5e93be11bcfce4c5a834521b4a2de1da7c80ba60b1195d142fb92ffbaf1a69e524849c15bb729ba2dbcab9f2956c08a559de
EBUILD systemd-253.12.ebuild 14669 BLAKE2B 106db6ca3073de27cd0f7c72b30397da77cbd98dfe1d1357f67d39f61e722c47d7fd5b3b7378e329883e9894cfe90159f3db50400ca5d791b438907b00b797b3 SHA512 56e632a1f7d396607df97f3bfbde8e85ed4534b69b341e196356adf26f932f54db0bde0365ea5e4ef8c84e36662b61b7465ba4b3336c0eebbaa3932554c13eaa
EBUILD systemd-253.13.ebuild 14669 BLAKE2B 106db6ca3073de27cd0f7c72b30397da77cbd98dfe1d1357f67d39f61e722c47d7fd5b3b7378e329883e9894cfe90159f3db50400ca5d791b438907b00b797b3 SHA512 56e632a1f7d396607df97f3bfbde8e85ed4534b69b341e196356adf26f932f54db0bde0365ea5e4ef8c84e36662b61b7465ba4b3336c0eebbaa3932554c13eaa
@@ -27,8 +30,10 @@ EBUILD systemd-254.4.ebuild 14824 BLAKE2B 30302795c1190012a9ea1540fc4f6b04d35d27
EBUILD systemd-254.5-r1.ebuild 14962 BLAKE2B fe76fdf8c0bbd48a3c1f16e52680783cc19823d2979f45bd466882631c041b3d722156d264b3ff6e7b06cff6f605abc7762bc33cf3af23fb5016fd318cf2fa4c SHA512 86f770447a401de29dfc517dd1e958145396141c63f0b01485f7175b0bd5ab2ffb00f71c327e746891503526b284243c39bd5adb2053f87163bed79bb1f1509e
EBUILD systemd-254.6.ebuild 14969 BLAKE2B c520398d1ca9398cc5021b6abfb43521d588e0777ae711239e6a0ccaedcbf2f5ac4565a40f94ca06a6c951e9a95505c627def769c8f336f245b78fa9ce29e0be SHA512 0795cea8e391d38e6fd1df8a814d9b6922e90e59ec646b9f5764e7e09cd221fffa4e377ec3cf182231a87ac2835b4b6c2cae607acc5870964a37055d84455966
EBUILD systemd-254.7.ebuild 14969 BLAKE2B c520398d1ca9398cc5021b6abfb43521d588e0777ae711239e6a0ccaedcbf2f5ac4565a40f94ca06a6c951e9a95505c627def769c8f336f245b78fa9ce29e0be SHA512 0795cea8e391d38e6fd1df8a814d9b6922e90e59ec646b9f5764e7e09cd221fffa4e377ec3cf182231a87ac2835b4b6c2cae607acc5870964a37055d84455966
+EBUILD systemd-254.8.ebuild 15018 BLAKE2B 8c0d4e72872ab6c29d51a4d054982de58bd4c9a41d46ad87d52216bed2331cc65794094ac197ed5082d2502bfb9c6028eb2b9ec839397b9e1a7604dc036c111b SHA512 2c13f22ef4ba43442eee337dc6950b2a85155cd173aecf0926bade149f69caace592f8970475b964a437aa7cee9cec354a2d595435f8310c99361abacd7bf39a
EBUILD systemd-255-r1.ebuild 14356 BLAKE2B d2566ccd21c5653059249061afd547211161647218d631ffb236fa468be157ed7cb81ccc56b56e9eea0a081d8d938ce571961bf2bb5cda65006a5d2cbf07f13d SHA512 3af30336d2713e898b9b4e1d49106ef89137b1d69d5e69c0a6d28190bc983816f916e884b7718e6dd90f7e19bb188f22ea35ee70dee69febf1d24f251b1292a0
EBUILD systemd-255.1.ebuild 14311 BLAKE2B 280ce9381288dc3b33bf8fa0200d3b3feba964f096aa3e63020c45ac2c8506e90b6175d81b048b56ac079237f4cea7605d4b3f1817adedcab007358b4a91dfce SHA512 abd92e6eac79e96f8ddeafec61a8cf4c9c9a3def31db1e5234d19c5b9c5ea19d41d1ec3e366584637a3790befa917b75230051cceb3302c7359a8fca607c79f6
+EBUILD systemd-255.2.ebuild 14311 BLAKE2B 280ce9381288dc3b33bf8fa0200d3b3feba964f096aa3e63020c45ac2c8506e90b6175d81b048b56ac079237f4cea7605d4b3f1817adedcab007358b4a91dfce SHA512 abd92e6eac79e96f8ddeafec61a8cf4c9c9a3def31db1e5234d19c5b9c5ea19d41d1ec3e366584637a3790befa917b75230051cceb3302c7359a8fca607c79f6
EBUILD systemd-255.ebuild 14311 BLAKE2B 280ce9381288dc3b33bf8fa0200d3b3feba964f096aa3e63020c45ac2c8506e90b6175d81b048b56ac079237f4cea7605d4b3f1817adedcab007358b4a91dfce SHA512 abd92e6eac79e96f8ddeafec61a8cf4c9c9a3def31db1e5234d19c5b9c5ea19d41d1ec3e366584637a3790befa917b75230051cceb3302c7359a8fca607c79f6
EBUILD systemd-9999.ebuild 14311 BLAKE2B 280ce9381288dc3b33bf8fa0200d3b3feba964f096aa3e63020c45ac2c8506e90b6175d81b048b56ac079237f4cea7605d4b3f1817adedcab007358b4a91dfce SHA512 abd92e6eac79e96f8ddeafec61a8cf4c9c9a3def31db1e5234d19c5b9c5ea19d41d1ec3e366584637a3790befa917b75230051cceb3302c7359a8fca607c79f6
MISC metadata.xml 2720 BLAKE2B 44456625ba29d7e5929d9f778bf5559a52a480eb10630b870029280532ea8ee204572161d55337d1b4dcfd7c4e20636f7f84a55326612b469b010a344eca0f14 SHA512 748db9ab9d477583377c55fad5ad5417f94b598f3c1479aac3735465a85a1004c9395d929450b3078f9d08f76963a4d5583333da0e81e2f8dbd8d5cb74882275
diff --git a/sys-apps/systemd/files/254-PrivateDevices-userdbd.patch b/sys-apps/systemd/files/254-PrivateDevices-userdbd.patch
new file mode 100644
index 000000000000..115c831c275a
--- /dev/null
+++ b/sys-apps/systemd/files/254-PrivateDevices-userdbd.patch
@@ -0,0 +1,242 @@
+https://bugs.gentoo.org/920331
+https://github.com/systemd/systemd/issues/30535
+
+From 4a9e03aa6bb2cbd23dac00f2b2a7642cc79eaade Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Wed, 27 Sep 2023 11:55:59 +0200
+Subject: [PATCH 1/2] core: Make private /dev read-only after populating it
+
+---
+ src/core/namespace.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/core/namespace.c b/src/core/namespace.c
+index e2304f5d066da..d1153f7690140 100644
+--- a/src/core/namespace.c
++++ b/src/core/namespace.c
+@@ -995,6 +995,11 @@ static int mount_private_dev(MountEntry *m) {
+ if (r < 0)
+ log_debug_errno(r, "Failed to set up basic device tree at '%s', ignoring: %m", temporary_mount);
+
++ /* Make the bind mount read-only. */
++ r = mount_nofollow_verbose(LOG_DEBUG, NULL, dev, NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL);
++ if (r < 0)
++ return r;
++
+ /* Create the /dev directory if missing. It is more likely to be missing when the service is started
+ * with RootDirectory. This is consistent with mount units creating the mount points when missing. */
+ (void) mkdir_p_label(mount_entry_path(m), 0755);
+
+From cd7f3702eb47c82a50bf74c2b7c15c2e4e1f5c79 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Wed, 27 Sep 2023 10:52:50 +0200
+Subject: [PATCH 2/2] core: Use a subdirectory of /run/ for PrivateDevices=
+
+When we're starting early boot services such as systemd-userdbd.service,
+/tmp might not yet be mounted, so let's use a directory in /run instead
+which is guaranteed to be available.
+---
+ src/core/execute.c | 1 +
+ src/core/namespace.c | 61 +++++++++++++++++++++++++++++----------
+ src/core/namespace.h | 2 ++
+ src/test/test-namespace.c | 1 +
+ src/test/test-ns.c | 1 +
+ 5 files changed, 50 insertions(+), 16 deletions(-)
+
+diff --git a/src/core/execute.c b/src/core/execute.c
+index a52df64d01081..89c3868d55f6c 100644
+--- a/src/core/execute.c
++++ b/src/core/execute.c
+@@ -3307,6 +3307,7 @@ static int apply_mount_namespace(
+ extension_dir,
+ root_dir || root_image ? params->notify_socket : NULL,
+ host_os_release_stage,
++ params->runtime_scope,
+ error_path);
+
+ /* If we couldn't set up the namespace this is probably due to a missing capability. setup_namespace() reports
+diff --git a/src/core/namespace.c b/src/core/namespace.c
+index d1153f7690140..a0471ac8884bf 100644
+--- a/src/core/namespace.c
++++ b/src/core/namespace.c
+@@ -909,7 +909,19 @@ static int clone_device_node(
+ return 0;
+ }
+
+-static int mount_private_dev(MountEntry *m) {
++static char *settle_runtime_dir(RuntimeScope scope) {
++ char *runtime_dir;
++
++ if (scope != RUNTIME_SCOPE_USER)
++ return strdup("/run/");
++
++ if (asprintf(&runtime_dir, "/run/user/" UID_FMT, geteuid()) < 0)
++ return NULL;
++
++ return runtime_dir;
++}
++
++static int mount_private_dev(MountEntry *m, RuntimeScope scope) {
+ static const char devnodes[] =
+ "/dev/null\0"
+ "/dev/zero\0"
+@@ -918,13 +930,21 @@ static int mount_private_dev(MountEntry *m) {
+ "/dev/urandom\0"
+ "/dev/tty\0";
+
+- char temporary_mount[] = "/tmp/namespace-dev-XXXXXX";
++ _cleanup_free_ char *runtime_dir = NULL, *temporary_mount = NULL;
+ const char *dev = NULL, *devpts = NULL, *devshm = NULL, *devhugepages = NULL, *devmqueue = NULL, *devlog = NULL, *devptmx = NULL;
+ bool can_mknod = true;
+ int r;
+
+ assert(m);
+
++ runtime_dir = settle_runtime_dir(scope);
++ if (!runtime_dir)
++ return log_oom_debug();
++
++ temporary_mount = path_join(runtime_dir, "systemd/namespace-dev-XXXXXX");
++ if (!temporary_mount)
++ return log_oom_debug();
++
+ if (!mkdtemp(temporary_mount))
+ return log_debug_errno(errno, "Failed to create temporary directory '%s': %m", temporary_mount);
+
+@@ -1364,7 +1384,8 @@ static int apply_one_mount(
+ MountEntry *m,
+ const ImagePolicy *mount_image_policy,
+ const ImagePolicy *extension_image_policy,
+- const NamespaceInfo *ns_info) {
++ const NamespaceInfo *ns_info,
++ RuntimeScope scope) {
+
+ _cleanup_free_ char *inaccessible = NULL;
+ bool rbind = true, make = false;
+@@ -1379,8 +1400,7 @@ static int apply_one_mount(
+ switch (m->mode) {
+
+ case INACCESSIBLE: {
+- _cleanup_free_ char *tmp = NULL;
+- const char *runtime_dir;
++ _cleanup_free_ char *runtime_dir = NULL;
+ struct stat target;
+
+ /* First, get rid of everything that is below if there
+@@ -1396,14 +1416,14 @@ static int apply_one_mount(
+ mount_entry_path(m));
+ }
+
+- if (geteuid() == 0)
+- runtime_dir = "/run";
+- else {
+- if (asprintf(&tmp, "/run/user/" UID_FMT, geteuid()) < 0)
+- return -ENOMEM;
+-
+- runtime_dir = tmp;
+- }
++ /* We don't pass the literal runtime scope through here but one based purely on our UID. This
++ * means that the root user's --user services will use the host's inaccessible inodes rather
++ * then root's private ones. This is preferable since it means device nodes that are
++ * overmounted to make them inaccessible will be overmounted with a device node, rather than
++ * an AF_UNIX socket inode. */
++ runtime_dir = settle_runtime_dir(geteuid() == 0 ? RUNTIME_SCOPE_SYSTEM : RUNTIME_SCOPE_USER);
++ if (!runtime_dir)
++ return log_oom_debug();
+
+ r = mode_to_inaccessible_node(runtime_dir, target.st_mode, &inaccessible);
+ if (r < 0)
+@@ -1523,7 +1543,7 @@ static int apply_one_mount(
+ break;
+
+ case PRIVATE_DEV:
+- return mount_private_dev(m);
++ return mount_private_dev(m, scope);
+
+ case BIND_DEV:
+ return mount_bind_dev(m);
+@@ -1824,6 +1844,7 @@ static int apply_mounts(
+ const NamespaceInfo *ns_info,
+ MountEntry *mounts,
+ size_t *n_mounts,
++ RuntimeScope scope,
+ char **symlinks,
+ char **error_path) {
+
+@@ -1875,7 +1896,7 @@ static int apply_mounts(
+ break;
+ }
+
+- r = apply_one_mount(root, m, mount_image_policy, extension_image_policy, ns_info);
++ r = apply_one_mount(root, m, mount_image_policy, extension_image_policy, ns_info, scope);
+ if (r < 0) {
+ if (error_path && mount_entry_path(m))
+ *error_path = strdup(mount_entry_path(m));
+@@ -2030,6 +2051,7 @@ int setup_namespace(
+ const char *extension_dir,
+ const char *notify_socket,
+ const char *host_os_release_stage,
++ RuntimeScope scope,
+ char **error_path) {
+
+ _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
+@@ -2490,7 +2512,14 @@ int setup_namespace(
+ (void) base_filesystem_create(root, UID_INVALID, GID_INVALID);
+
+ /* Now make the magic happen */
+- r = apply_mounts(root, mount_image_policy, extension_image_policy, ns_info, mounts, &n_mounts, symlinks, error_path);
++ r = apply_mounts(root,
++ mount_image_policy,
++ extension_image_policy,
++ ns_info,
++ mounts, &n_mounts,
++ scope,
++ symlinks,
++ error_path);
+ if (r < 0)
+ goto finish;
+
+diff --git a/src/core/namespace.h b/src/core/namespace.h
+index b6132154c5132..581403d89826d 100644
+--- a/src/core/namespace.h
++++ b/src/core/namespace.h
+@@ -16,6 +16,7 @@ typedef struct MountImage MountImage;
+ #include "fs-util.h"
+ #include "macro.h"
+ #include "namespace-util.h"
++#include "runtime-scope.h"
+ #include "string-util.h"
+
+ typedef enum ProtectHome {
+@@ -134,6 +135,7 @@ int setup_namespace(
+ const char *extension_dir,
+ const char *notify_socket,
+ const char *host_os_release_stage,
++ RuntimeScope scope,
+ char **error_path);
+
+ #define RUN_SYSTEMD_EMPTY "/run/systemd/empty"
+diff --git a/src/test/test-namespace.c b/src/test/test-namespace.c
+index 25aafc35ca837..42ac65d08c87a 100644
+--- a/src/test/test-namespace.c
++++ b/src/test/test-namespace.c
+@@ -206,6 +206,7 @@ TEST(protect_kernel_logs) {
+ NULL,
+ NULL,
+ NULL,
++ RUNTIME_SCOPE_SYSTEM,
+ NULL);
+ assert_se(r == 0);
+
+diff --git a/src/test/test-ns.c b/src/test/test-ns.c
+index 77afd2f6b9eb8..eb3afed9e1c66 100644
+--- a/src/test/test-ns.c
++++ b/src/test/test-ns.c
+@@ -108,6 +108,7 @@ int main(int argc, char *argv[]) {
+ NULL,
+ NULL,
+ NULL,
++ RUNTIME_SCOPE_SYSTEM,
+ NULL);
+ if (r < 0) {
+ log_error_errno(r, "Failed to set up namespace: %m");
diff --git a/sys-apps/systemd/systemd-254.8.ebuild b/sys-apps/systemd/systemd-254.8.ebuild
new file mode 100644
index 000000000000..0ad5f8893f48
--- /dev/null
+++ b/sys-apps/systemd/systemd-254.8.ebuild
@@ -0,0 +1,526 @@
+# Copyright 2011-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+PYTHON_COMPAT=( python3_{10..12} )
+
+# Avoid QA warnings
+TMPFILES_OPTIONAL=1
+UDEV_OPTIONAL=1
+
+QA_PKGCONFIG_VERSION=$(ver_cut 1)
+
+if [[ ${PV} == 9999 ]]; then
+ EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+ inherit git-r3
+else
+ if [[ ${PV} == *.* ]]; then
+ MY_PN=systemd-stable
+ else
+ MY_PN=systemd
+ fi
+ MY_PV=${PV/_/-}
+ MY_P=${MY_PN}-${MY_PV}
+ S=${WORKDIR}/${MY_P}
+ SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+fi
+
+inherit bash-completion-r1 linux-info meson-multilib pam python-single-r1
+inherit secureboot systemd toolchain-funcs udev usr-ldscript
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="http://systemd.io/"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="
+ acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
+ fido2 +gcrypt gnutls homed http idn importd iptables kernel-install +kmod
+ +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
+ +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
+"
+REQUIRED_USE="
+ ${PYTHON_REQUIRED_USE}
+ dns-over-tls? ( || ( gnutls openssl ) )
+ fido2? ( cryptsetup openssl )
+ homed? ( cryptsetup pam openssl )
+ importd? ( curl lzma || ( gcrypt openssl ) )
+ pwquality? ( homed )
+ boot? ( kernel-install )
+ ukify? ( boot )
+"
+RESTRICT="!test? ( test )"
+
+MINKV="4.15"
+
+COMMON_DEPEND="
+ >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+ sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+ virtual/libcrypt:=[${MULTILIB_USEDEP}]
+ acl? ( sys-apps/acl:0= )
+ apparmor? ( sys-libs/libapparmor:0= )
+ audit? ( >=sys-process/audit-2:0= )
+ cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
+ curl? ( net-misc/curl:0= )
+ elfutils? ( >=dev-libs/elfutils-0.158:0= )
+ fido2? ( dev-libs/libfido2:0= )
+ gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+ gnutls? ( >=net-libs/gnutls-3.6.0:0= )
+ http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
+ idn? ( net-dns/libidn2:= )
+ importd? (
+ app-arch/bzip2:0=
+ sys-libs/zlib:0=
+ )
+ kmod? ( >=sys-apps/kmod-15:0= )
+ lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+ iptables? ( net-firewall/iptables:0= )
+ openssl? ( >=dev-libs/openssl-1.1.0:0= )
+ pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
+ pkcs11? ( app-crypt/p11-kit:0= )
+ pcre? ( dev-libs/libpcre2 )
+ pwquality? ( dev-libs/libpwquality:0= )
+ qrcode? ( media-gfx/qrencode:0= )
+ seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+ selinux? ( sys-libs/libselinux:0= )
+ tpm? ( app-crypt/tpm2-tss:0= )
+ xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
+ zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
+"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+ >=sys-kernel/linux-headers-${MINKV}
+"
+
+PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+ >=acct-group/adm-0-r1
+ >=acct-group/wheel-0-r1
+ >=acct-group/kmem-0-r1
+ >=acct-group/tty-0-r1
+ >=acct-group/utmp-0-r1
+ >=acct-group/audio-0-r1
+ >=acct-group/cdrom-0-r1
+ >=acct-group/dialout-0-r1
+ >=acct-group/disk-0-r1
+ >=acct-group/input-0-r1
+ >=acct-group/kvm-0-r1
+ >=acct-group/lp-0-r1
+ >=acct-group/render-0-r1
+ acct-group/sgx
+ >=acct-group/tape-0-r1
+ acct-group/users
+ >=acct-group/video-0-r1
+ >=acct-group/systemd-journal-0-r1
+ >=acct-user/root-0-r1
+ acct-user/nobody
+ >=acct-user/systemd-journal-remote-0-r1
+ >=acct-user/systemd-coredump-0-r1
+ >=acct-user/systemd-network-0-r1
+ acct-user/systemd-oom
+ >=acct-user/systemd-resolve-0-r1
+ >=acct-user/systemd-timesync-0-r1
+ >=sys-apps/baselayout-2.2
+ ukify? (
+ ${PYTHON_DEPS}
+ $(python_gen_cond_dep "${PEFILE_DEPEND}")
+ )
+ selinux? (
+ sec-policy/selinux-base-policy[systemd]
+ sec-policy/selinux-ntp
+ )
+ sysv-utils? (
+ !sys-apps/openrc[sysv-utils(-)]
+ !sys-apps/sysvinit
+ )
+ !sysv-utils? ( sys-apps/sysvinit )
+ resolvconf? ( !net-dns/openresolv )
+ !sys-apps/hwids[udev]
+ !sys-auth/nss-myhostname
+ !sys-fs/eudev
+ !sys-fs/udev
+"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+ >=sys-fs/udev-init-scripts-34
+ policykit? ( sys-auth/polkit )
+ !vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+BDEPEND="
+ app-arch/xz-utils:0
+ dev-util/gperf
+ >=dev-util/meson-0.46
+ >=sys-apps/coreutils-8.16
+ sys-devel/gettext
+ virtual/pkgconfig
+ test? (
+ app-text/tree
+ dev-lang/perl
+ sys-apps/dbus
+ )
+ app-text/docbook-xml-dtd:4.2
+ app-text/docbook-xml-dtd:4.5
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt:0
+ ${PYTHON_DEPS}
+ $(python_gen_cond_dep "
+ dev-python/jinja[\${PYTHON_USEDEP}]
+ dev-python/lxml[\${PYTHON_USEDEP}]
+ boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] )
+ ukify? ( test? ( ${PEFILE_DEPEND} ) )
+ ")
+"
+
+QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
+QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
+
+pkg_pretend() {
+ if [[ ${MERGE_TYPE} != buildonly ]]; then
+ if use test && has pid-sandbox ${FEATURES}; then
+ ewarn "Tests are known to fail with PID sandboxing enabled."
+ ewarn "See https://bugs.gentoo.org/674458."
+ fi
+
+ local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
+ ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+ ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+ ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
+ ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+ ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+ ~!SYSFS_DEPRECATED_V2"
+
+ use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+ use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+
+ if kernel_is -ge 5 10 20; then
+ CONFIG_CHECK+=" ~KCMP"
+ else
+ CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
+ fi
+
+ if kernel_is -ge 4 18; then
+ CONFIG_CHECK+=" ~AUTOFS_FS"
+ else
+ CONFIG_CHECK+=" ~AUTOFS4_FS"
+ fi
+
+ if linux_config_exists; then
+ local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+ if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+ ewarn "It's recommended to set an empty value to the following kernel config option:"
+ ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+ fi
+ if linux_chkconfig_present X86; then
+ CONFIG_CHECK+=" ~DMIID"
+ fi
+ fi
+
+ if kernel_is -lt ${MINKV//./ }; then
+ ewarn "Kernel version at least ${MINKV} required"
+ fi
+
+ check_extra_config
+ fi
+}
+
+pkg_setup() {
+ use boot && secureboot_pkg_setup
+}
+
+src_unpack() {
+ default
+ [[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+ local PATCHES=(
+ "${FILESDIR}/systemd-253-initrd-generators.patch"
+ "${FILESDIR}/254-PrivateDevices-userdbd.patch"
+ )
+
+ if ! use vanilla; then
+ PATCHES+=(
+ "${FILESDIR}/gentoo-generator-path-r2.patch"
+ "${FILESDIR}/gentoo-journald-audit-r1.patch"
+ )
+ fi
+
+ # Fails with split-usr.
+ sed -i -e '2i exit 77' test/test-rpm-macros.sh || die
+
+ default
+}
+
+src_configure() {
+ # Prevent conflicts with i686 cross toolchain, bug 559726
+ tc-export AR CC NM OBJCOPY RANLIB
+
+ python_setup
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=(
+ --localstatedir="${EPREFIX}/var"
+ -Dsupport-url="https://gentoo.org/support/"
+ -Dpamlibdir="$(getpam_mod_dir)"
+ # avoid bash-completion dep
+ -Dbashcompletiondir="$(get_bashcompdir)"
+ $(meson_use split-usr)
+ $(meson_use split-usr split-bin)
+ -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
+ -Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
+ # Disable compatibility with sysvinit
+ -Dsysvinit-path=
+ -Dsysvrcnd-path=
+ # Avoid infinite exec recursion, bug 642724
+ -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+ # no deps
+ -Dima=true
+ -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
+ # Optional components/dependencies
+ $(meson_native_use_bool acl)
+ $(meson_native_use_bool apparmor)
+ $(meson_native_use_bool audit)
+ $(meson_native_use_bool boot bootloader)
+ $(meson_native_use_bool cryptsetup libcryptsetup)
+ $(meson_native_use_bool curl libcurl)
+ $(meson_native_use_bool dns-over-tls dns-over-tls)
+ $(meson_native_use_bool elfutils)
+ $(meson_native_use_bool fido2 libfido2)
+ $(meson_use gcrypt)
+ $(meson_native_use_bool gnutls)
+ $(meson_native_use_bool homed)
+ $(meson_native_use_bool http microhttpd)
+ $(meson_native_use_bool idn)
+ $(meson_native_use_bool importd)
+ $(meson_native_use_bool importd bzip2)
+ $(meson_native_use_bool importd zlib)
+ $(meson_native_use_bool kernel-install)
+ $(meson_native_use_bool kmod)
+ $(meson_use lz4)
+ $(meson_use lzma xz)
+ $(meson_use test tests)
+ $(meson_use zstd)
+ $(meson_native_use_bool iptables libiptc)
+ $(meson_native_use_bool openssl)
+ $(meson_use pam)
+ $(meson_native_use_bool pkcs11 p11kit)
+ $(meson_native_use_bool pcre pcre2)
+ $(meson_native_use_bool policykit polkit)
+ $(meson_native_use_bool pwquality)
+ $(meson_native_use_bool qrcode qrencode)
+ $(meson_native_use_bool seccomp)
+ $(meson_native_use_bool selinux)
+ $(meson_native_use_bool tpm tpm2)
+ $(meson_native_use_bool test dbus)
+ $(meson_native_use_bool ukify)
+ $(meson_native_use_bool xkb xkbcommon)
+ -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+ # Breaks screen, tmux, etc.
+ -Ddefault-kill-user-processes=false
+ -Dcreate-log-dirs=false
+
+ # multilib options
+ $(meson_native_true backlight)
+ $(meson_native_true binfmt)
+ $(meson_native_true coredump)
+ $(meson_native_true environment-d)
+ $(meson_native_true firstboot)
+ $(meson_native_true hibernate)
+ $(meson_native_true hostnamed)
+ $(meson_native_true ldconfig)
+ $(meson_native_true localed)
+ $(meson_native_true man)
+ $(meson_native_true networkd)
+ $(meson_native_true quotacheck)
+ $(meson_native_true randomseed)
+ $(meson_native_true rfkill)
+ $(meson_native_true sysusers)
+ $(meson_native_true timedated)
+ $(meson_native_true timesyncd)
+ $(meson_native_true tmpfiles)
+ $(meson_native_true vconsole)
+ )
+
+ meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_test() {
+ unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
+ local -x COLUMNS=80
+ meson_src_test
+}
+
+multilib_src_install_all() {
+ local rootprefix=$(usex split-usr '' /usr)
+ local sbin=$(usex split-usr sbin bin)
+
+ # meson doesn't know about docdir
+ mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
+
+ einstalldocs
+ dodoc "${FILESDIR}"/nsswitch.conf
+
+ insinto /usr/lib/tmpfiles.d
+ doins "${FILESDIR}"/legacy.conf
+
+ if ! use resolvconf; then
+ rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die
+ fi
+
+ if ! use sysv-utils; then
+ rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die
+ rm "${ED}"/usr/share/man/man1/init.1 || die
+ rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
+ fi
+
+ # https://bugs.gentoo.org/761763
+ rm -r "${ED}"/usr/lib/sysusers.d || die
+
+ # Preserve empty dirs in /etc & /var, bug #437008
+ keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+ keepdir /etc/kernel/install.d
+ keepdir /etc/systemd/{network,system,user}
+ keepdir /etc/udev/rules.d
+
+ keepdir /etc/udev/hwdb.d
+
+ keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
+ keepdir /usr/lib/{binfmt.d,modules-load.d}
+ keepdir /usr/lib/systemd/user-generators
+ keepdir /var/lib/systemd
+ keepdir /var/log/journal
+
+ if use pam; then
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
+
+ if use split-usr; then
+ # Avoid breaking boot/reboot
+ dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
+ dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
+ fi
+
+ gen_usr_ldscript -a systemd udev
+
+ use ukify && python_fix_shebang "${ED}"
+ use boot && secureboot_auto_sign
+}
+
+migrate_locale() {
+ local envd_locale_def="${EROOT}/etc/env.d/02locale"
+ local envd_locale=( "${EROOT}"/etc/env.d/??locale )
+ local locale_conf="${EROOT}/etc/locale.conf"
+
+ if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+ # If locale.conf does not exist...
+ if [[ -e ${envd_locale} ]]; then
+ # ...either copy env.d/??locale if there's one
+ ebegin "Moving ${envd_locale} to ${locale_conf}"
+ mv "${envd_locale}" "${locale_conf}"
+ eend ${?} || FAIL=1
+ else
+ # ...or create a dummy default
+ ebegin "Creating ${locale_conf}"
+ cat > "${locale_conf}" <<-EOF
+ # This file has been created by the sys-apps/systemd ebuild.
+ # See locale.conf(5) and localectl(1).
+
+ # LANG=${LANG}
+ EOF
+ eend ${?} || FAIL=1
+ fi
+ fi
+
+ if [[ ! -L ${envd_locale} ]]; then
+ # now, if env.d/??locale is not a symlink (to locale.conf)...
+ if [[ -e ${envd_locale} ]]; then
+ # ...warn the user that he has duplicate locale settings
+ ewarn
+ ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+ ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+ ewarn "and create the symlink with the following command:"
+ ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+ ewarn
+ else
+ # ...or just create the symlink if there's nothing here
+ ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+ ln -n -s ../locale.conf "${envd_locale_def}"
+ eend ${?} || FAIL=1
+ fi
+ fi
+}
+
+pkg_preinst() {
+ if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
+ # Symlink /etc/sysctl.conf for easy migration.
+ dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
+ fi
+
+ if ! use split-usr; then
+ local dir
+ for dir in bin sbin lib usr/sbin; do
+ if [[ ! -L ${EROOT}/${dir} ]]; then
+ eerror "'${EROOT}/${dir}' is not a symbolic link."
+ FAIL=1
+ fi
+ done
+ if [[ ${FAIL} ]]; then
+ eerror "Migration to system layout with merged directories must be performed before"
+ eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
+ die "System layout with split directories still used"
+ fi
+ fi
+ if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
+ ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
+ ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
+ fi
+}
+
+pkg_postinst() {
+ systemd_update_catalog
+
+ # Keep this here in case the database format changes so it gets updated
+ # when required.
+ systemd-hwdb --root="${ROOT}" update
+
+ udev_reload || FAIL=1
+
+ # Bug 465468, make sure locales are respected, and ensure consistency
+ # between OpenRC & systemd
+ migrate_locale
+
+ if [[ -z ${REPLACING_VERSIONS} ]]; then
+ if type systemctl &>/dev/null; then
+ systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
+ fi
+ elog "To enable a useful set of services, run the following:"
+ elog " systemctl preset-all --preset-mode=enable-only"
+ fi
+
+ if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
+ rm "${EROOT}/var/lib/systemd/timesync"
+ fi
+
+ if [[ ${FAIL} ]]; then
+ eerror "One of the postinst commands failed. Please check the postinst output"
+ eerror "for errors. You may need to clean up your system and/or try installing"
+ eerror "systemd again."
+ eerror
+ fi
+}
+
+pkg_prerm() {
+ # If removing systemd completely, remove the catalog database.
+ if [[ ! ${REPLACED_BY_VERSION} ]]; then
+ rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+ fi
+}
diff --git a/sys-apps/systemd/systemd-255.2.ebuild b/sys-apps/systemd/systemd-255.2.ebuild
new file mode 100644
index 000000000000..a5c20a8b0bde
--- /dev/null
+++ b/sys-apps/systemd/systemd-255.2.ebuild
@@ -0,0 +1,509 @@
+# Copyright 2011-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+PYTHON_COMPAT=( python3_{10..12} )
+
+# Avoid QA warnings
+TMPFILES_OPTIONAL=1
+UDEV_OPTIONAL=1
+
+QA_PKGCONFIG_VERSION=$(ver_cut 1)
+
+if [[ ${PV} == 9999 ]]; then
+ EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+ inherit git-r3
+else
+ if [[ ${PV} == *.* ]]; then
+ MY_PN=systemd-stable
+ else
+ MY_PN=systemd
+ fi
+ MY_PV=${PV/_/-}
+ MY_P=${MY_PN}-${MY_PV}
+ S=${WORKDIR}/${MY_P}
+ SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
+
+ if [[ ${PV} != *rc* ]] ; then
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+ fi
+fi
+
+inherit bash-completion-r1 linux-info meson-multilib pam python-single-r1
+inherit secureboot systemd toolchain-funcs udev
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="http://systemd.io/"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="
+ acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
+ fido2 +gcrypt gnutls homed http idn importd iptables kernel-install +kmod
+ +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
+ +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
+"
+REQUIRED_USE="
+ ${PYTHON_REQUIRED_USE}
+ dns-over-tls? ( || ( gnutls openssl ) )
+ fido2? ( cryptsetup openssl )
+ homed? ( cryptsetup pam openssl )
+ importd? ( curl lzma || ( gcrypt openssl ) )
+ pwquality? ( homed )
+ boot? ( kernel-install )
+ ukify? ( boot )
+"
+RESTRICT="!test? ( test )"
+
+MINKV="4.15"
+
+COMMON_DEPEND="
+ >=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}]
+ sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+ virtual/libcrypt:=[${MULTILIB_USEDEP}]
+ acl? ( sys-apps/acl:0= )
+ apparmor? ( >=sys-libs/libapparmor-2.13:0= )
+ audit? ( >=sys-process/audit-2:0= )
+ cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
+ curl? ( >=net-misc/curl-7.32.0:0= )
+ elfutils? ( >=dev-libs/elfutils-0.158:0= )
+ fido2? ( dev-libs/libfido2:0= )
+ gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+ gnutls? ( >=net-libs/gnutls-3.6.0:0= )
+ http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
+ idn? ( net-dns/libidn2:= )
+ importd? (
+ app-arch/bzip2:0=
+ sys-libs/zlib:0=
+ )
+ kmod? ( >=sys-apps/kmod-15:0= )
+ lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+ iptables? ( net-firewall/iptables:0= )
+ openssl? ( >=dev-libs/openssl-1.1.0:0= )
+ pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
+ pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= )
+ pcre? ( dev-libs/libpcre2 )
+ pwquality? ( >=dev-libs/libpwquality-1.4.1:0= )
+ qrcode? ( >=media-gfx/qrencode-3:0= )
+ seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+ selinux? ( >=sys-libs/libselinux-2.1.9:0= )
+ tpm? ( app-crypt/tpm2-tss:0= )
+ xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
+ zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
+"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+ >=sys-kernel/linux-headers-${MINKV}
+"
+
+PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+ >=acct-group/adm-0-r1
+ >=acct-group/wheel-0-r1
+ >=acct-group/kmem-0-r1
+ >=acct-group/tty-0-r1
+ >=acct-group/utmp-0-r1
+ >=acct-group/audio-0-r1
+ >=acct-group/cdrom-0-r1
+ >=acct-group/dialout-0-r1
+ >=acct-group/disk-0-r1
+ >=acct-group/input-0-r1
+ >=acct-group/kvm-0-r1
+ >=acct-group/lp-0-r1
+ >=acct-group/render-0-r1
+ acct-group/sgx
+ >=acct-group/tape-0-r1
+ acct-group/users
+ >=acct-group/video-0-r1
+ >=acct-group/systemd-journal-0-r1
+ >=acct-user/root-0-r1
+ acct-user/nobody
+ >=acct-user/systemd-journal-remote-0-r1
+ >=acct-user/systemd-coredump-0-r1
+ >=acct-user/systemd-network-0-r1
+ acct-user/systemd-oom
+ >=acct-user/systemd-resolve-0-r1
+ >=acct-user/systemd-timesync-0-r1
+ >=sys-apps/baselayout-2.2
+ ukify? (
+ ${PYTHON_DEPS}
+ $(python_gen_cond_dep "${PEFILE_DEPEND}")
+ )
+ selinux? (
+ sec-policy/selinux-base-policy[systemd]
+ sec-policy/selinux-ntp
+ )
+ sysv-utils? (
+ !sys-apps/openrc[sysv-utils(-)]
+ !sys-apps/sysvinit
+ )
+ !sysv-utils? ( sys-apps/sysvinit )
+ resolvconf? ( !net-dns/openresolv )
+ !sys-apps/hwids[udev]
+ !sys-auth/nss-myhostname
+ !sys-fs/eudev
+ !sys-fs/udev
+"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+ >=sys-fs/udev-init-scripts-34
+ policykit? ( sys-auth/polkit )
+ !vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+BDEPEND="
+ app-arch/xz-utils:0
+ dev-util/gperf
+ >=dev-util/meson-0.46
+ >=sys-apps/coreutils-8.16
+ sys-devel/gettext
+ virtual/pkgconfig
+ test? (
+ app-text/tree
+ dev-lang/perl
+ sys-apps/dbus
+ )
+ app-text/docbook-xml-dtd:4.2
+ app-text/docbook-xml-dtd:4.5
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt:0
+ ${PYTHON_DEPS}
+ $(python_gen_cond_dep "
+ dev-python/jinja[\${PYTHON_USEDEP}]
+ dev-python/lxml[\${PYTHON_USEDEP}]
+ boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] )
+ ukify? ( test? ( ${PEFILE_DEPEND} ) )
+ ")
+"
+
+QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
+QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
+
+pkg_pretend() {
+ if use split-usr; then
+ eerror "Please complete the migration to merged-usr."
+ eerror "https://wiki.gentoo.org/wiki/Merge-usr"
+ die "systemd no longer supports split-usr"
+ fi
+ if [[ ${MERGE_TYPE} != buildonly ]]; then
+ if use test && has pid-sandbox ${FEATURES}; then
+ ewarn "Tests are known to fail with PID sandboxing enabled."
+ ewarn "See https://bugs.gentoo.org/674458."
+ fi
+
+ local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
+ ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+ ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+ ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
+ ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+ ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+ ~!SYSFS_DEPRECATED_V2"
+
+ use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+ use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+
+ if kernel_is -ge 5 10 20; then
+ CONFIG_CHECK+=" ~KCMP"
+ else
+ CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
+ fi
+
+ if kernel_is -ge 4 18; then
+ CONFIG_CHECK+=" ~AUTOFS_FS"
+ else
+ CONFIG_CHECK+=" ~AUTOFS4_FS"
+ fi
+
+ if linux_config_exists; then
+ local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+ if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+ ewarn "It's recommended to set an empty value to the following kernel config option:"
+ ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+ fi
+ if linux_chkconfig_present X86; then
+ CONFIG_CHECK+=" ~DMIID"
+ fi
+ fi
+
+ if kernel_is -lt ${MINKV//./ }; then
+ ewarn "Kernel version at least ${MINKV} required"
+ fi
+
+ check_extra_config
+ fi
+}
+
+pkg_setup() {
+ use boot && secureboot_pkg_setup
+}
+
+src_unpack() {
+ default
+ [[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+ local PATCHES=(
+ )
+
+ if ! use vanilla; then
+ PATCHES+=(
+ "${FILESDIR}/gentoo-generator-path-r2.patch"
+ "${FILESDIR}/gentoo-journald-audit-r1.patch"
+ )
+ fi
+
+ default
+}
+
+src_configure() {
+ # Prevent conflicts with i686 cross toolchain, bug 559726
+ tc-export AR CC NM OBJCOPY RANLIB
+
+ python_setup
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=(
+ --localstatedir="${EPREFIX}/var"
+ # default is developer, bug 918671
+ -Dmode=release
+ -Dsupport-url="https://gentoo.org/support/"
+ -Dpamlibdir="$(getpam_mod_dir)"
+ # avoid bash-completion dep
+ -Dbashcompletiondir="$(get_bashcompdir)"
+ -Dsplit-bin=false
+ # Disable compatibility with sysvinit
+ -Dsysvinit-path=
+ -Dsysvrcnd-path=
+ # Avoid infinite exec recursion, bug 642724
+ -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+ # no deps
+ -Dima=true
+ -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
+ # Optional components/dependencies
+ $(meson_native_use_bool acl)
+ $(meson_native_use_bool apparmor)
+ $(meson_native_use_bool audit)
+ $(meson_native_use_bool boot bootloader)
+ $(meson_native_use_bool cryptsetup libcryptsetup)
+ $(meson_native_use_bool curl libcurl)
+ $(meson_native_use_bool dns-over-tls dns-over-tls)
+ $(meson_native_use_bool elfutils)
+ $(meson_native_use_bool fido2 libfido2)
+ $(meson_use gcrypt)
+ $(meson_native_use_bool gnutls)
+ $(meson_native_use_bool homed)
+ $(meson_native_use_bool http microhttpd)
+ $(meson_native_use_bool idn)
+ $(meson_native_use_bool importd)
+ $(meson_native_use_bool importd bzip2)
+ $(meson_native_use_bool importd zlib)
+ $(meson_native_use_bool kernel-install)
+ $(meson_native_use_bool kmod)
+ $(meson_use lz4)
+ $(meson_use lzma xz)
+ $(meson_use test tests)
+ $(meson_use zstd)
+ $(meson_native_use_bool iptables libiptc)
+ $(meson_native_use_bool openssl)
+ $(meson_use pam)
+ $(meson_native_use_bool pkcs11 p11kit)
+ $(meson_native_use_bool pcre pcre2)
+ $(meson_native_use_bool policykit polkit)
+ $(meson_native_use_bool pwquality)
+ $(meson_native_use_bool qrcode qrencode)
+ $(meson_native_use_bool seccomp)
+ $(meson_native_use_bool selinux)
+ $(meson_native_use_bool tpm tpm2)
+ $(meson_native_use_bool test dbus)
+ $(meson_native_use_bool ukify)
+ $(meson_native_use_bool xkb xkbcommon)
+ -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+ # Breaks screen, tmux, etc.
+ -Ddefault-kill-user-processes=false
+ -Dcreate-log-dirs=false
+
+ # multilib options
+ $(meson_native_true backlight)
+ $(meson_native_true binfmt)
+ $(meson_native_true coredump)
+ $(meson_native_true environment-d)
+ $(meson_native_true firstboot)
+ $(meson_native_true hibernate)
+ $(meson_native_true hostnamed)
+ $(meson_native_true ldconfig)
+ $(meson_native_true localed)
+ $(meson_native_true man)
+ $(meson_native_true networkd)
+ $(meson_native_true quotacheck)
+ $(meson_native_true randomseed)
+ $(meson_native_true rfkill)
+ $(meson_native_true sysusers)
+ $(meson_native_true timedated)
+ $(meson_native_true timesyncd)
+ $(meson_native_true tmpfiles)
+ $(meson_native_true vconsole)
+ )
+
+ meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_test() {
+ unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
+ local -x COLUMNS=80
+ meson_src_test
+}
+
+multilib_src_install_all() {
+ # meson doesn't know about docdir
+ mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
+
+ einstalldocs
+ dodoc "${FILESDIR}"/nsswitch.conf
+
+ insinto /usr/lib/tmpfiles.d
+ doins "${FILESDIR}"/legacy.conf
+
+ if ! use resolvconf; then
+ rm -f "${ED}"/usr/bin/resolvconf || die
+ fi
+
+ if ! use sysv-utils; then
+ rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die
+ rm "${ED}"/usr/share/man/man1/init.1 || die
+ rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die
+ fi
+
+ # https://bugs.gentoo.org/761763
+ rm -r "${ED}"/usr/lib/sysusers.d || die
+
+ # Preserve empty dirs in /etc & /var, bug #437008
+ keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+ keepdir /etc/kernel/install.d
+ keepdir /etc/systemd/{network,system,user}
+ keepdir /etc/udev/rules.d
+
+ keepdir /etc/udev/hwdb.d
+
+ keepdir /usr/lib/systemd/{system-sleep,system-shutdown}
+ keepdir /usr/lib/{binfmt.d,modules-load.d}
+ keepdir /usr/lib/systemd/user-generators
+ keepdir /var/lib/systemd
+ keepdir /var/log/journal
+
+ if use pam; then
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
+
+ use ukify && python_fix_shebang "${ED}"
+ use boot && secureboot_auto_sign
+}
+
+migrate_locale() {
+ local envd_locale_def="${EROOT}/etc/env.d/02locale"
+ local envd_locale=( "${EROOT}"/etc/env.d/??locale )
+ local locale_conf="${EROOT}/etc/locale.conf"
+
+ if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+ # If locale.conf does not exist...
+ if [[ -e ${envd_locale} ]]; then
+ # ...either copy env.d/??locale if there's one
+ ebegin "Moving ${envd_locale} to ${locale_conf}"
+ mv "${envd_locale}" "${locale_conf}"
+ eend ${?} || FAIL=1
+ else
+ # ...or create a dummy default
+ ebegin "Creating ${locale_conf}"
+ cat > "${locale_conf}" <<-EOF
+ # This file has been created by the sys-apps/systemd ebuild.
+ # See locale.conf(5) and localectl(1).
+
+ # LANG=${LANG}
+ EOF
+ eend ${?} || FAIL=1
+ fi
+ fi
+
+ if [[ ! -L ${envd_locale} ]]; then
+ # now, if env.d/??locale is not a symlink (to locale.conf)...
+ if [[ -e ${envd_locale} ]]; then
+ # ...warn the user that he has duplicate locale settings
+ ewarn
+ ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+ ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+ ewarn "and create the symlink with the following command:"
+ ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+ ewarn
+ else
+ # ...or just create the symlink if there's nothing here
+ ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+ ln -n -s ../locale.conf "${envd_locale_def}"
+ eend ${?} || FAIL=1
+ fi
+ fi
+}
+
+pkg_preinst() {
+ if [[ -e ${EROOT}/etc/sysctl.conf ]]; then
+ # Symlink /etc/sysctl.conf for easy migration.
+ dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
+ fi
+
+ if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then
+ ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."
+ ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."
+ fi
+}
+
+pkg_postinst() {
+ systemd_update_catalog
+
+ # Keep this here in case the database format changes so it gets updated
+ # when required.
+ systemd-hwdb --root="${ROOT}" update
+
+ udev_reload || FAIL=1
+
+ # Bug 465468, make sure locales are respected, and ensure consistency
+ # between OpenRC & systemd
+ migrate_locale
+
+ if [[ -z ${REPLACING_VERSIONS} ]]; then
+ if type systemctl &>/dev/null; then
+ systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
+ fi
+ elog "To enable a useful set of services, run the following:"
+ elog " systemctl preset-all --preset-mode=enable-only"
+ fi
+
+ if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
+ rm "${EROOT}/var/lib/systemd/timesync"
+ fi
+
+ if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
+ ebegin "Reexecuting system manager (systemd)"
+ systemctl daemon-reexec
+ eend $? || FAIL=1
+ fi
+
+ if [[ ${FAIL} ]]; then
+ eerror "One of the postinst commands failed. Please check the postinst output"
+ eerror "for errors. You may need to clean up your system and/or try installing"
+ eerror "systemd again."
+ eerror
+ fi
+}
+
+pkg_prerm() {
+ # If removing systemd completely, remove the catalog database.
+ if [[ ! ${REPLACED_BY_VERSION} ]]; then
+ rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+ fi
+}