diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2020-01-15 15:51:32 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2020-01-15 15:51:32 +0000 |
commit | 21435953e16cda318a82334ddbadb3b5c36d9ea7 (patch) | |
tree | e1810a4b135afce04b34862ef0fab2bfaeb8aeca /sys-apps/systemd | |
parent | 7bc9c63c9da678a7e6fceb095d56c634afd22c56 (diff) |
gentoo resync : 15.01.2020
Diffstat (limited to 'sys-apps/systemd')
-rw-r--r-- | sys-apps/systemd/Manifest | 20 | ||||
-rw-r--r-- | sys-apps/systemd/files/242-file-max.patch | 31 | ||||
-rw-r--r-- | sys-apps/systemd/files/242-gcc-9.patch | 163 | ||||
-rw-r--r-- | sys-apps/systemd/files/242-network-domains.patch | 57 | ||||
-rw-r--r-- | sys-apps/systemd/files/242-networkd-ipv6-token.patch | 152 | ||||
-rw-r--r-- | sys-apps/systemd/files/242-rdrand-ryzen.patch | 353 | ||||
-rw-r--r-- | sys-apps/systemd/files/242-socket-util-flush-accept.patch | 46 | ||||
-rw-r--r-- | sys-apps/systemd/files/242-wireguard-listenport.patch | 49 | ||||
-rw-r--r-- | sys-apps/systemd/files/CVE-2019-15718.patch | 31 | ||||
-rw-r--r-- | sys-apps/systemd/metadata.xml | 1 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-242-r6.ebuild | 499 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-242-r7.ebuild | 500 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-243-r2.ebuild | 5 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-243.ebuild | 492 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-244.ebuild | 5 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-9999.ebuild | 5 |
16 files changed, 13 insertions, 2396 deletions
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest index 9f45950f17be..c6a564cde192 100644 --- a/sys-apps/systemd/Manifest +++ b/sys-apps/systemd/Manifest @@ -1,23 +1,11 @@ -AUX 242-file-max.patch 1314 BLAKE2B 3057d95ff701e188da4fba3b72b8a6e17dec2350a67e056cf1a2e0fa216d0b3aec22cbfbacd11e6ee17331cbda27dbf201fbc9ba2aa794fec9efbe0f612b3b43 SHA512 508a0b56b55839bccef3b3dc48f054e3d2876936cd8a36009dbadaa9a0ae85a5897f95de5c9c4b0e48d80d176e788fa342bd4235224e8cf3adacbe04dfbcebd0 -AUX 242-gcc-9.patch 7672 BLAKE2B 1cd98213f70e6813582706e7b523925fd7956507bd5bf113889189d3a5da3e0eb287163449d023755269827e3b5dc8db758a51cd9f37c3f3a69510de31b43109 SHA512 57add7e3215f25ec5547a905c7257ca06adca30d2f4a031eee9882ac16586ea5c5c9d3b50206674dffdb182c78f048834b6c73ab1490253a1ddae15c35878554 -AUX 242-network-domains.patch 2373 BLAKE2B cc9253d3d8f579ef61c2eae0e5e2446afa68a339233b10b3d184cfaa21e6b6c7c53e9d2aa824b80f46ba31a9bded0b55b9a84a8463806edf9ebed0de13f937f5 SHA512 9a3f86e306f69237ae2e3572ac2f0eba1603adff622304e676a06b51ae6f41f68e269f69bdcbbdf537c99b6a9decfdfebe0527d7c500566ae72b8170011f2e26 -AUX 242-networkd-ipv6-token.patch 6525 BLAKE2B 4bbf64154f96419df91caf03f827f37bfb84db6367cb0e618d4a1f34910c3e84793b188d85330c21005dc25300f4b7ae7182d95fe1e0b6c61168dd9d63b2a36d SHA512 e1d230c9b2f1938ff9ca22452ba88ec71454eab6d797f51110d1e80719900dbc7fcb81baced914ac2499878340723183694aca3bb00c956d8fee5cf3f0ad841c -AUX 242-rdrand-ryzen.patch 16177 BLAKE2B 7d1d3709098a233ba58727788b77c30025c0497fff9abb1df007e21160da3f93a7e9d14b0eeb7e6855bbe5fa93abfeda118156cbba355fc2976c83debcbb91d4 SHA512 38d00535a118b060accb8ed4e87681bab5e547270ef7e0abcdcf4766367e22761ffc35d0db7c829e86e0ad45f13cf4c761e71cfdfc70c2675056ef217c85618d -AUX 242-socket-util-flush-accept.patch 2123 BLAKE2B 74bfbe440ae548b96d90b41ac45c440b21a63c61ae75a9d2b725d2bdec74a03aeca7b673a656821eb925e6740d6728a41d0dc30275287a92519b47d9c477c487 SHA512 7dd0daa70de4ee264d0b3dfe6f80b5e0c563e5bb5255ca2a92f26c4a993fca178f275f85c9048305b82b258d41c9bcbb28d74f9e2b6c2a0e77748464890cb907 -AUX 242-wireguard-listenport.patch 1598 BLAKE2B 3266fe600db530ebb5b8eb726822daf14ee87292b035c09a1eb9a46638cc2dc3b8a3f11dd74684a79f3e521d3999b6b8c3a641f8f7475a5d45706567e00d26f6 SHA512 69e047000eb5ed36850bcbc6b8ef37a646b60a642a07a68547624e81aa6e49c77b848745ca4daad883151ddcaee9e7957ea6430f5a0c0c67ffc7887778f536e9 AUX 243-seccomp.patch 6293 BLAKE2B be1a78783e34d6cf8ba33f6ae6fb0e8747d414de692cf28bd9cce01ca47baf188b078171dd66c236ecf2a4a821f1dec0b7021e1298a29a3b21aacf3a9d667189 SHA512 da2cd2e11a06e0520af0ad3c6debe54c5ab046f7ee35a922c99a32924464a6b760b4620d8e511064f84d8adbf5e65db473877476a1cc36941a0420491b89cb25 -AUX CVE-2019-15718.patch 1232 BLAKE2B e5be62414a1f9c19c8834e093d166a025fbd5215223845df365c70afb35487bd393bcd5463a046107e384a43976dcbb57e9e0a4013355558982abe8b6baf35de SHA512 45017c2c6ff5b16206e4c2e78c82c231372fd13c965a64908d70c0019a0894f1599a4412df3efc1ad6b799df018c05560fbbc8a24ffb86f793a149d9aec2080f AUX gentoo-Dont-enable-audit-by-default.patch 1027 BLAKE2B 9193a409db4e5c1dec6f6b66ee6e0a4cc1ada49d41ab758c788cf12534fffb67bd7370b8558a6af56572d7f2b73cf47db255fef105e56362c15f0a426f80b256 SHA512 44e512d8bbadbc5714192896a3ba262e460af034846e4e9b9832b4143fff772e2734e655316fd88d1ef386509bd234c195dce2087348f220836b3bf4f26790e0 AUX gentoo-generator-path-r1.patch 1037 BLAKE2B 5eb80521a6726c9b4693f9b0f56d3e68fca1a49f5f5eb5a1576329d30c93d2fe7c121920099d74962eacf7ed1d3747250f103a57e4be246320a99871521a3b6a SHA512 1b0d1c2f96cb4aa95adfa5940efaeb2bd940110720399358317906d21d08b0caf625474980e101bba001afd626f8ad64367b09b40bec0b2d46b977021c4adfc5 AUX gentoo-systemd-user-pam.patch 443 BLAKE2B fad5c24f35666313efbf1e33640320058022fe17acff869a80104ed87ce0ad7ebaa1498915f8e933985e9c2d66d77172eb21ab480fc4fa857e0e5b985735831a SHA512 0a47368b1b38995a4193492e3add5c716c063366a9bc53dec03b7cb59b524da644033e095344da6e15e01dc84d8f5b335e7510442eeaba26e06918403fed0e5c AUX nsswitch.conf 734 BLAKE2B 5f5a7821a84f6c8aa31fe9a68c29a1a0f24be578d427a623f14a9ef795e7da481f226efe5511d92932b5edf5638fa719808a0c3a0b8fd340799dd6bcb703a0a1 SHA512 dcbd51dacaaebdff32edb3840cc7b9b47b6521009b8786690e3673a2e78bc60bfd8e591b1048c5d452117c6659b9917ae2864462f5057cc39b704b0130522e60 -DIST systemd-242.tar.gz 7831435 BLAKE2B 288e65d0a8e133ef5885689eb16118a83d93c730e342da63115cea0892fc999104c3a4856c83f3e7ef909ba2f3311146730b05ee02d84cc0400851ccbdcd54cd SHA512 578f68a3c8f2d454198fc04ff8d943abcfb390531d57f9603d185857f7afa7f4dc641dafecf49ce50fe22f5837b252b181400891e8efd4459fd4f69bb4283cb4 DIST systemd-243.tar.gz 8242522 BLAKE2B 89e3ebbea5a99061329f7c78220a66c1e075d5ba90dfdf5ee8d0d9b762ef4600dc82d8ca2054632e5e343b6272cd8046c92f7f99dcfa8287c5ef2b42fb96d4cb SHA512 56b52a297aa5ac04d9667eb3afb1598725b197de73ff72baa1aabbc2844e36fba7b7fccdf6d214ae8b5b926616b2b7e15772763aaa80ec938d74333ff9c8673e DIST systemd-244.tar.gz 8445963 BLAKE2B 19751fb9c058a079694ee1b991259fd3f1fa30ae98ca38bbe8caadfc5628db7848c7f742a1b11781fbd67f911adda917d7a4da1dddb63064907f86f47e5a3256 SHA512 08f260fb15b5eb273faafda826dd9154e9a02841b4c5911cc1c7e1445072ad51389f8cced7b9acf112737c20fd56b2fbf48b3f914733c934c774d38a23b616fb -EBUILD systemd-242-r6.ebuild 14157 BLAKE2B eebb763acfe83ff486867663b3485605730725b00aa7e802624ba8f04bb64e4c4e269f617ab37b5322cd29d878aa4a604919993a9767ff99be4db325503d0edd SHA512 66804d5aa53ec07c841d0d6f6bf6eeb3e610b90f43e449f84550a67a8ead10bdef34a43df2839710e4f62410c94c72478cbb4b0ab3aa4d184d58628b50f94ad6 -EBUILD systemd-242-r7.ebuild 14195 BLAKE2B 96ca4520a2eaeca5c970adad294080b06c4e928b8369f52f55e7099116864ef76c38edc387c2315654213a98dc502fb7db9d6067c9baa9462ba204d18ea9ab42 SHA512 56bcdb8ecc8cca4e68708f7b17d57592d62ccf43dc4144505251d06f8763d1e9260a1c97547d2b7889119a1e81e890061d5e73786d552c6acd7175d207ca132f -EBUILD systemd-243-r2.ebuild 14506 BLAKE2B fbca09a3218b2015535c6e84287449749e86ba294f1db4c96940596f7dda54dd96d5aef3fe556e9c27b1189a55a7ff3c896cbb5bcf5cc0ac251d5a1485938391 SHA512 2f61f619ca7afb9f8c89fb7dc8fb135fa04ee67a3094a30222a5bbb75269eff4aa9926f22e6c93119ab317fc19aefec76e2677c0cde5ae9865037b8ce12fef82 -EBUILD systemd-243.ebuild 14255 BLAKE2B bcdf5056bce2710f3c088dfdb686c001816ad5fae721c06153d0eab50ae610f49b6449f4d6b4cb0abe0546f38f76a169569886b0f2446d3248a6d8f0b4c1216e SHA512 b8459206cc0395c6755ffe74cee27e48913c979204dbb794c659ad7c2cf8005d75ff4dda5984f65341cf04b7370a8a3d83718b8f9dc7c9fc1958203f31338a52 -EBUILD systemd-244.ebuild 14457 BLAKE2B c26538d4869e2771d3a6181299d4b12f601e8f636eb964c2dbc7f75caca4679b0bd6ea45af037ed6427b7d8c851b018a345298d6d0bf7536c719353d16d5d30e SHA512 dc3debcda12b171cd99e137a0a63ba5506900a5bf39621ed64d0423eebb2b512efce9059167746171e17e63a1a35a7953be7e4b3a9406c4b9afd70cfed03e840 -EBUILD systemd-9999.ebuild 14457 BLAKE2B c26538d4869e2771d3a6181299d4b12f601e8f636eb964c2dbc7f75caca4679b0bd6ea45af037ed6427b7d8c851b018a345298d6d0bf7536c719353d16d5d30e SHA512 dc3debcda12b171cd99e137a0a63ba5506900a5bf39621ed64d0423eebb2b512efce9059167746171e17e63a1a35a7953be7e4b3a9406c4b9afd70cfed03e840 -MISC metadata.xml 2144 BLAKE2B f98da35b929799e76331e0f4957f175db15fd8766542058520aeeb1cc762f46c4e3c4d40b1dd21da50a3416807359c383e323e17de175a1439d7faa4bb4be0af SHA512 6e5847187232637a1de5f0d8fad2d6ad0515d537206ea3a7bd2ccd9f17e67789f5c80ebf295554aa135325f2e4260217de6e9a6a7f21dd70945a94ebfc3bf0de +EBUILD systemd-243-r2.ebuild 14521 BLAKE2B 1733a3484ab1caff846419e0453a07c263a32d974505abab93af09dd622e1cb68224711e64231a9156447f262d062639b89e76ad5f865bb563984f5c8acb4695 SHA512 86be07a14043096b696658e17da0abcb1a2b7426d4540502f0a6e745f7a8c2a8d3542bbee9e6607bbb5223999613175db4865e7b40a75e51dccfe87f799b9dba +EBUILD systemd-244.ebuild 14472 BLAKE2B ec0e0f0380559eebbd968dee61dd94138f8589d1c9a278b9ea94fd2962272593aec799dffdba46313106b5fd149c9b1192aa3c6754874e1b6720dee3146a80eb SHA512 c6a9220228551b483327789d36a4bd3194f9054dfd3b85d345140d715415a5d1d83dc1850e7b54705000ba7ae7f4ba9c4c24aaf8e7c631a90a2335b754f98fb0 +EBUILD systemd-9999.ebuild 14472 BLAKE2B ec0e0f0380559eebbd968dee61dd94138f8589d1c9a278b9ea94fd2962272593aec799dffdba46313106b5fd149c9b1192aa3c6754874e1b6720dee3146a80eb SHA512 c6a9220228551b483327789d36a4bd3194f9054dfd3b85d345140d715415a5d1d83dc1850e7b54705000ba7ae7f4ba9c4c24aaf8e7c631a90a2335b754f98fb0 +MISC metadata.xml 2019 BLAKE2B 84de0a0abc3f16fab60db2343d8e1f0dee8a3f03ac97bffd01167820815f4d41d87c118b81041046c8cafa6316fb7e5bfe9d6a5de550bf617ace56ccf69efb0d SHA512 086189b961c0f3be70beb1d86fd36508d0821407243e74cf896360f76ce04be544aac211d60685256080fa75e1ac0ae33211501cc11ee98913f3b8d322ac9f03 diff --git a/sys-apps/systemd/files/242-file-max.patch b/sys-apps/systemd/files/242-file-max.patch deleted file mode 100644 index 0a1fe950e298..000000000000 --- a/sys-apps/systemd/files/242-file-max.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 6e2f78948403a4cce45b9e34311c9577c624f066 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering <lennart@poettering.net> -Date: Mon, 17 Jun 2019 10:51:25 +0200 -Subject: [PATCH] core: set fs.file-max sysctl to LONG_MAX rather than - ULONG_MAX - -Since kernel 5.2 the kernel thankfully returns proper errors when we -write a value out of range to the sysctl. Which however breaks writing -ULONG_MAX to request the maximum value. Hence let's write the new -maximum value instead, LONG_MAX. ---- - src/core/main.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/core/main.c b/src/core/main.c -index b33ea1b5b52..e7f51815f07 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -1245,9 +1245,9 @@ static void bump_file_max_and_nr_open(void) { - #endif - - #if BUMP_PROC_SYS_FS_FILE_MAX -- /* I so wanted to use STRINGIFY(ULONG_MAX) here, but alas we can't as glibc/gcc define that as -- * "(0x7fffffffffffffffL * 2UL + 1UL)". Seriously. 😢 */ -- if (asprintf(&t, "%lu\n", ULONG_MAX) < 0) { -+ /* The maximum the kernel allows for this since 5.2 is LONG_MAX, use that. (Previously thing where -+ * different but the operation would fail silently.) */ -+ if (asprintf(&t, "%li\n", LONG_MAX) < 0) { - log_oom(); - return; - } diff --git a/sys-apps/systemd/files/242-gcc-9.patch b/sys-apps/systemd/files/242-gcc-9.patch deleted file mode 100644 index e9f690a65be5..000000000000 --- a/sys-apps/systemd/files/242-gcc-9.patch +++ /dev/null @@ -1,163 +0,0 @@ -From c98b3545008d8e984ab456dcf79787418fcbfe13 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> -Date: Tue, 7 May 2019 13:46:55 +0200 -Subject: [PATCH] network: remove redunant link name in message - -Fixes #12454. - -gcc was complaining that the link->ifname argument is NULL. Adding -assert(link->ifname) right before the call has no effect. It seems that -gcc is confused by the fact that log_link_warning_errno() internally -calls log_object(), with link->ifname passed as the object. log_object() -is also a macro and is does a check whether the passed object is NULL. -So we have a check if something is NULL right next an unconditional use -of it where it cannot be NULL. I think it's a bug in gcc. - -Anyway, we don't need to use link->ifname here. log_object() already prepends -the object name to the message. ---- - src/network/networkd-link.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c -index 533193ac932..6fc82940033 100644 ---- a/src/network/networkd-link.c -+++ b/src/network/networkd-link.c -@@ -338,8 +338,7 @@ static int link_enable_ipv6(Link *link) { - - r = sysctl_write_ip_property_boolean(AF_INET6, link->ifname, "disable_ipv6", disabled); - if (r < 0) -- log_link_warning_errno(link, r, "Cannot %s IPv6 for interface %s: %m", -- enable_disable(!disabled), link->ifname); -+ log_link_warning_errno(link, r, "Cannot %s IPv6: %m", enable_disable(!disabled)); - else - log_link_info(link, "IPv6 successfully %sd", enable_disable(!disabled)); - -From bcb846f30f9ca8f42e79d109706aee9f2032261b Mon Sep 17 00:00:00 2001 -From: Mike Gilbert <floppym@gentoo.org> -Date: Wed, 22 May 2019 10:31:01 -0400 -Subject: [PATCH] shared/machine-image: avoid passing NULL to log_debug_errno - -Fixes: https://github.com/systemd/systemd/issues/12534 ---- - src/shared/machine-image.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/src/shared/machine-image.c b/src/shared/machine-image.c -index 6b9d8fb97a6..6a6d952b424 100644 ---- a/src/shared/machine-image.c -+++ b/src/shared/machine-image.c -@@ -201,11 +201,13 @@ static int image_make( - Image **ret) { - - _cleanup_free_ char *pretty_buffer = NULL; -+ _cleanup_free_ char *cwd = NULL; - struct stat stbuf; - bool read_only; - int r; - - assert(dfd >= 0 || dfd == AT_FDCWD); -+ assert(path || dfd == AT_FDCWD); - assert(filename); - - /* We explicitly *do* follow symlinks here, since we want to allow symlinking trees, raw files and block -@@ -221,6 +223,9 @@ static int image_make( - st = &stbuf; - } - -+ if (!path) -+ safe_getcwd(&cwd); -+ - read_only = - (path && path_startswith(path, "/usr")) || - (faccessat(dfd, filename, W_OK, AT_EACCESS) < 0 && errno == EROFS); -@@ -359,7 +364,7 @@ static int image_make( - - block_fd = openat(dfd, filename, O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_NOCTTY); - if (block_fd < 0) -- log_debug_errno(errno, "Failed to open block device %s/%s, ignoring: %m", path, filename); -+ log_debug_errno(errno, "Failed to open block device %s/%s, ignoring: %m", path ?: strnull(cwd), filename); - else { - /* Refresh stat data after opening the node */ - if (fstat(block_fd, &stbuf) < 0) -@@ -373,13 +378,13 @@ static int image_make( - int state = 0; - - if (ioctl(block_fd, BLKROGET, &state) < 0) -- log_debug_errno(errno, "Failed to issue BLKROGET on device %s/%s, ignoring: %m", path, filename); -+ log_debug_errno(errno, "Failed to issue BLKROGET on device %s/%s, ignoring: %m", path ?: strnull(cwd), filename); - else if (state) - read_only = true; - } - - if (ioctl(block_fd, BLKGETSIZE64, &size) < 0) -- log_debug_errno(errno, "Failed to issue BLKGETSIZE64 on device %s/%s, ignoring: %m", path, filename); -+ log_debug_errno(errno, "Failed to issue BLKGETSIZE64 on device %s/%s, ignoring: %m", path ?: strnull(cwd), filename); - - block_fd = safe_close(block_fd); - } -From 2570578d908a8e010828fa1f88826b1c45d534ff Mon Sep 17 00:00:00 2001 -From: Lennart Poettering <lennart@poettering.net> -Date: Fri, 24 May 2019 10:54:09 +0200 -Subject: [PATCH] machine-image: openat() doesn't operate on the cwd if the - first argument is specified - -A fix-up for bcb846f30f9ca8f42e79d109706aee9f2032261b. ---- - src/shared/machine-image.c | 17 ++++++++++------- - 1 file changed, 10 insertions(+), 7 deletions(-) - -diff --git a/src/shared/machine-image.c b/src/shared/machine-image.c -index 6a6d952b424..55e5f08f91e 100644 ---- a/src/shared/machine-image.c -+++ b/src/shared/machine-image.c -@@ -200,8 +200,7 @@ static int image_make( - const struct stat *st, - Image **ret) { - -- _cleanup_free_ char *pretty_buffer = NULL; -- _cleanup_free_ char *cwd = NULL; -+ _cleanup_free_ char *pretty_buffer = NULL, *parent = NULL; - struct stat stbuf; - bool read_only; - int r; -@@ -223,8 +222,12 @@ static int image_make( - st = &stbuf; - } - -- if (!path) -- safe_getcwd(&cwd); -+ if (!path) { -+ if (dfd == AT_FDCWD) -+ (void) safe_getcwd(&parent); -+ else -+ (void) fd_get_path(dfd, &parent); -+ } - - read_only = - (path && path_startswith(path, "/usr")) || -@@ -364,7 +367,7 @@ static int image_make( - - block_fd = openat(dfd, filename, O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_NOCTTY); - if (block_fd < 0) -- log_debug_errno(errno, "Failed to open block device %s/%s, ignoring: %m", path ?: strnull(cwd), filename); -+ log_debug_errno(errno, "Failed to open block device %s/%s, ignoring: %m", path ?: strnull(parent), filename); - else { - /* Refresh stat data after opening the node */ - if (fstat(block_fd, &stbuf) < 0) -@@ -378,13 +381,13 @@ static int image_make( - int state = 0; - - if (ioctl(block_fd, BLKROGET, &state) < 0) -- log_debug_errno(errno, "Failed to issue BLKROGET on device %s/%s, ignoring: %m", path ?: strnull(cwd), filename); -+ log_debug_errno(errno, "Failed to issue BLKROGET on device %s/%s, ignoring: %m", path ?: strnull(parent), filename); - else if (state) - read_only = true; - } - - if (ioctl(block_fd, BLKGETSIZE64, &size) < 0) -- log_debug_errno(errno, "Failed to issue BLKGETSIZE64 on device %s/%s, ignoring: %m", path ?: strnull(cwd), filename); -+ log_debug_errno(errno, "Failed to issue BLKGETSIZE64 on device %s/%s, ignoring: %m", path ?: strnull(parent), filename); - - block_fd = safe_close(block_fd); - } diff --git a/sys-apps/systemd/files/242-network-domains.patch b/sys-apps/systemd/files/242-network-domains.patch deleted file mode 100644 index 166a8ee5b76f..000000000000 --- a/sys-apps/systemd/files/242-network-domains.patch +++ /dev/null @@ -1,57 +0,0 @@ -From fe0e16db093a7da09fcb52a2bc7017197047443d Mon Sep 17 00:00:00 2001 -From: Yu Watanabe <watanabe.yu+github@gmail.com> -Date: Mon, 13 May 2019 05:40:31 +0900 -Subject: [PATCH] network: do not use ordered_set_printf() for DOMAINS= or - ROUTE_DOMAINS= - -This partially reverts 5e2a51d588dde4b52c6017ea80b75c16e6e23431. - -Fixes #12531. ---- - src/network/networkd-link.c | 17 +++++++++++------ - 1 file changed, 11 insertions(+), 6 deletions(-) - -diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c -index f8ee48802cb..1dc10c65a1b 100644 ---- a/src/network/networkd-link.c -+++ b/src/network/networkd-link.c -@@ -3495,12 +3495,11 @@ int link_save(Link *link) { - admin_state, oper_state); - - if (link->network) { -- bool space; -+ char **dhcp6_domains = NULL, **dhcp_domains = NULL; -+ const char *dhcp_domainname = NULL, *p; - sd_dhcp6_lease *dhcp6_lease = NULL; -- const char *dhcp_domainname = NULL; -- char **dhcp6_domains = NULL; -- char **dhcp_domains = NULL; - unsigned j; -+ bool space; - - fprintf(f, "REQUIRED_FOR_ONLINE=%s\n", - yes_no(link->network->required_for_online)); -@@ -3617,7 +3616,10 @@ int link_save(Link *link) { - (void) sd_dhcp6_lease_get_domains(dhcp6_lease, &dhcp6_domains); - } - -- ordered_set_print(f, "DOMAINS=", link->network->search_domains); -+ fputs("DOMAINS=", f); -+ space = false; -+ ORDERED_SET_FOREACH(p, link->network->search_domains, i) -+ fputs_with_space(f, p, NULL, &space); - - if (link->network->dhcp_use_domains == DHCP_USE_DOMAINS_YES) { - NDiscDNSSL *dd; -@@ -3635,7 +3637,10 @@ int link_save(Link *link) { - - fputc('\n', f); - -- ordered_set_print(f, "ROUTE_DOMAINS=", link->network->route_domains); -+ fputs("ROUTE_DOMAINS=", f); -+ space = false; -+ ORDERED_SET_FOREACH(p, link->network->route_domains, i) -+ fputs_with_space(f, p, NULL, &space); - - if (link->network->dhcp_use_domains == DHCP_USE_DOMAINS_ROUTE) { - NDiscDNSSL *dd; diff --git a/sys-apps/systemd/files/242-networkd-ipv6-token.patch b/sys-apps/systemd/files/242-networkd-ipv6-token.patch deleted file mode 100644 index 87a85f6f6ab0..000000000000 --- a/sys-apps/systemd/files/242-networkd-ipv6-token.patch +++ /dev/null @@ -1,152 +0,0 @@ -From 4eb086a38712ea98faf41e075b84555b11b54362 Mon Sep 17 00:00:00 2001 -From: Susant Sahani <ssahani@gmail.com> -Date: Thu, 9 May 2019 07:35:35 +0530 -Subject: [PATCH] networkd: fix link_up() (#12505) - -Fillup IFLA_INET6_ADDR_GEN_MODE while we do link_up. - -Fixes the following error: -``` -dummy-test: Could not bring up interface: Invalid argument -``` - -After reading the kernel code when we do a link up -``` -net/core/rtnetlink.c -IFLA_AF_SPEC - af_ops->set_link_af(dev, af); - inet6_set_link_af - if (tb[IFLA_INET6_ADDR_GEN_MODE]) - Here it looks for IFLA_INET6_ADDR_GEN_MODE -``` -Since link up we didn't filling up that it's failing. - -Closes #12504. ---- - src/network/networkd-link.c | 15 +++++++++++++++ - 1 file changed, 15 insertions(+) - -diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c -index 3c8b5c5cb43..4db9f3f980f 100644 ---- a/src/network/networkd-link.c -+++ b/src/network/networkd-link.c -@@ -2031,6 +2031,8 @@ static int link_up(Link *link) { - } - - if (link_ipv6_enabled(link)) { -+ uint8_t ipv6ll_mode; -+ - r = sd_netlink_message_open_container(req, IFLA_AF_SPEC); - if (r < 0) - return log_link_error_errno(link, r, "Could not open IFLA_AF_SPEC container: %m"); -@@ -2046,6 +2048,19 @@ static int link_up(Link *link) { - return log_link_error_errno(link, r, "Could not append IFLA_INET6_TOKEN: %m"); - } - -+ if (!link_ipv6ll_enabled(link)) -+ ipv6ll_mode = IN6_ADDR_GEN_MODE_NONE; -+ else if (sysctl_read_ip_property(AF_INET6, link->ifname, "stable_secret", NULL) < 0) -+ /* The file may not exist. And event if it exists, when stable_secret is unset, -+ * reading the file fails with EIO. */ -+ ipv6ll_mode = IN6_ADDR_GEN_MODE_EUI64; -+ else -+ ipv6ll_mode = IN6_ADDR_GEN_MODE_STABLE_PRIVACY; -+ -+ r = sd_netlink_message_append_u8(req, IFLA_INET6_ADDR_GEN_MODE, ipv6ll_mode); -+ if (r < 0) -+ return log_link_error_errno(link, r, "Could not append IFLA_INET6_ADDR_GEN_MODE: %m"); -+ - r = sd_netlink_message_close_container(req); - if (r < 0) - return log_link_error_errno(link, r, "Could not close AF_INET6 container: %m"); -From 9f6e82e6eb3b6e73d66d00d1d6eee60691fb702f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe <watanabe.yu+github@gmail.com> -Date: Thu, 9 May 2019 14:39:46 +0900 -Subject: [PATCH] network: do not send ipv6 token to kernel - -We disabled kernel RA support. Then, we should not send -IFLA_INET6_TOKEN. -Thus, we do not need to send IFLA_INET6_ADDR_GEN_MODE twice. - -Follow-up for 0e2fdb83bb5e22047e0c7cc058b415d0e93f02cf and -4eb086a38712ea98faf41e075b84555b11b54362. ---- - src/network/networkd-link.c | 51 +++++-------------------------------- - 1 file changed, 6 insertions(+), 45 deletions(-) - -diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c -index 2b6ff2b6c58..b6da4ea70b7 100644 ---- a/src/network/networkd-link.c -+++ b/src/network/networkd-link.c -@@ -1954,6 +1954,9 @@ static int link_configure_addrgen_mode(Link *link) { - assert(link->manager); - assert(link->manager->rtnl); - -+ if (!socket_ipv6_is_supported()) -+ return 0; -+ - log_link_debug(link, "Setting address genmode for link"); - - r = sd_rtnl_message_new_link(link->manager->rtnl, &req, RTM_SETLINK, link->ifindex); -@@ -2047,46 +2050,6 @@ static int link_up(Link *link) { - return log_link_error_errno(link, r, "Could not set MAC address: %m"); - } - -- if (link_ipv6_enabled(link)) { -- uint8_t ipv6ll_mode; -- -- r = sd_netlink_message_open_container(req, IFLA_AF_SPEC); -- if (r < 0) -- return log_link_error_errno(link, r, "Could not open IFLA_AF_SPEC container: %m"); -- -- /* if the kernel lacks ipv6 support setting IFF_UP fails if any ipv6 options are passed */ -- r = sd_netlink_message_open_container(req, AF_INET6); -- if (r < 0) -- return log_link_error_errno(link, r, "Could not open AF_INET6 container: %m"); -- -- if (!in_addr_is_null(AF_INET6, &link->network->ipv6_token)) { -- r = sd_netlink_message_append_in6_addr(req, IFLA_INET6_TOKEN, &link->network->ipv6_token.in6); -- if (r < 0) -- return log_link_error_errno(link, r, "Could not append IFLA_INET6_TOKEN: %m"); -- } -- -- if (!link_ipv6ll_enabled(link)) -- ipv6ll_mode = IN6_ADDR_GEN_MODE_NONE; -- else if (sysctl_read_ip_property(AF_INET6, link->ifname, "stable_secret", NULL) < 0) -- /* The file may not exist. And event if it exists, when stable_secret is unset, -- * reading the file fails with EIO. */ -- ipv6ll_mode = IN6_ADDR_GEN_MODE_EUI64; -- else -- ipv6ll_mode = IN6_ADDR_GEN_MODE_STABLE_PRIVACY; -- -- r = sd_netlink_message_append_u8(req, IFLA_INET6_ADDR_GEN_MODE, ipv6ll_mode); -- if (r < 0) -- return log_link_error_errno(link, r, "Could not append IFLA_INET6_ADDR_GEN_MODE: %m"); -- -- r = sd_netlink_message_close_container(req); -- if (r < 0) -- return log_link_error_errno(link, r, "Could not close AF_INET6 container: %m"); -- -- r = sd_netlink_message_close_container(req); -- if (r < 0) -- return log_link_error_errno(link, r, "Could not close IFLA_AF_SPEC container: %m"); -- } -- - r = netlink_call_async(link->manager->rtnl, NULL, req, link_up_handler, - link_netlink_destroy_callback, link); - if (r < 0) -@@ -3226,11 +3189,9 @@ static int link_configure(Link *link) { - if (r < 0) - return r; - -- if (socket_ipv6_is_supported()) { -- r = link_configure_addrgen_mode(link); -- if (r < 0) -- return r; -- } -+ r = link_configure_addrgen_mode(link); -+ if (r < 0) -+ return r; - - return link_configure_after_setting_mtu(link); - } diff --git a/sys-apps/systemd/files/242-rdrand-ryzen.patch b/sys-apps/systemd/files/242-rdrand-ryzen.patch deleted file mode 100644 index ec690c1b3f6c..000000000000 --- a/sys-apps/systemd/files/242-rdrand-ryzen.patch +++ /dev/null @@ -1,353 +0,0 @@ -From d351699739471734666230ae3c6f9ba56ce5ce45 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering <lennart@poettering.net> -Date: Tue, 7 May 2019 16:18:13 -0400 -Subject: [PATCH 1/6] =?UTF-8?q?random-util:=20rename=20RANDOM=5FDONT=5FDRA?= - =?UTF-8?q?IN=20=E2=86=92=20RANDOM=5FMAY=5FFAIL?= -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The old flag name was a bit of a misnomer, as /dev/urandom cannot be -"drained". Once it's initialized it's initialized and then is good -forever. (Only /dev/random has a concept of 'draining', but we never use -that, as it's an obsolete interface). - -The flag is still useful though, since it allows us to suppress accesses -to the random pool while it is not initialized, as that trips up the -kernel and it logs about any such attempts, which we really don't want. - -(cherry picked from commit 1a0ffa1e737e65312abac63dcf4b44e1ac0e1642) ---- - src/basic/random-util.c | 36 +++++++++++++++++++----------------- - src/basic/random-util.h | 4 ++-- - 2 files changed, 21 insertions(+), 19 deletions(-) - -diff --git a/src/basic/random-util.c b/src/basic/random-util.c -index ca25fd2420..de29e07549 100644 ---- a/src/basic/random-util.c -+++ b/src/basic/random-util.c -@@ -71,21 +71,22 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) { - bool got_some = false; - int r; - -- /* Gathers some randomness from the kernel (or the CPU if the RANDOM_ALLOW_RDRAND flag is set). This call won't -- * block, unless the RANDOM_BLOCK flag is set. If RANDOM_DONT_DRAIN is set, an error is returned if the random -- * pool is not initialized. Otherwise it will always return some data from the kernel, regardless of whether -- * the random pool is fully initialized or not. */ -+ /* Gathers some randomness from the kernel (or the CPU if the RANDOM_ALLOW_RDRAND flag is set). This -+ * call won't block, unless the RANDOM_BLOCK flag is set. If RANDOM_MAY_FAIL is set, an error is -+ * returned if the random pool is not initialized. Otherwise it will always return some data from the -+ * kernel, regardless of whether the random pool is fully initialized or not. */ - - if (n == 0) - return 0; - - if (FLAGS_SET(flags, RANDOM_ALLOW_RDRAND)) -- /* Try x86-64' RDRAND intrinsic if we have it. We only use it if high quality randomness is not -- * required, as we don't trust it (who does?). Note that we only do a single iteration of RDRAND here, -- * even though the Intel docs suggest calling this in a tight loop of 10 invocations or so. That's -- * because we don't really care about the quality here. We generally prefer using RDRAND if the caller -- * allows us too, since this way we won't drain the kernel randomness pool if we don't need it, as the -- * pool's entropy is scarce. */ -+ /* Try x86-64' RDRAND intrinsic if we have it. We only use it if high quality randomness is -+ * not required, as we don't trust it (who does?). Note that we only do a single iteration of -+ * RDRAND here, even though the Intel docs suggest calling this in a tight loop of 10 -+ * invocations or so. That's because we don't really care about the quality here. We -+ * generally prefer using RDRAND if the caller allows us to, since this way we won't upset -+ * the kernel's random subsystem by accessing it before the pool is initialized (after all it -+ * will kmsg log about every attempt to do so)..*/ - for (;;) { - unsigned long u; - size_t m; -@@ -153,12 +154,13 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) { - break; - - } else if (errno == EAGAIN) { -- /* The kernel has no entropy whatsoever. Let's remember to use the syscall the next -- * time again though. -+ /* The kernel has no entropy whatsoever. Let's remember to use the syscall -+ * the next time again though. - * -- * If RANDOM_DONT_DRAIN is set, return an error so that random_bytes() can produce some -- * pseudo-random bytes instead. Otherwise, fall back to /dev/urandom, which we know is empty, -- * but the kernel will produce some bytes for us on a best-effort basis. */ -+ * If RANDOM_MAY_FAIL is set, return an error so that random_bytes() can -+ * produce some pseudo-random bytes instead. Otherwise, fall back to -+ * /dev/urandom, which we know is empty, but the kernel will produce some -+ * bytes for us on a best-effort basis. */ - have_syscall = true; - - if (got_some && FLAGS_SET(flags, RANDOM_EXTEND_WITH_PSEUDO)) { -@@ -167,7 +169,7 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) { - return 0; - } - -- if (FLAGS_SET(flags, RANDOM_DONT_DRAIN)) -+ if (FLAGS_SET(flags, RANDOM_MAY_FAIL)) - return -ENODATA; - - /* Use /dev/urandom instead */ -@@ -250,7 +252,7 @@ void pseudo_random_bytes(void *p, size_t n) { - - void random_bytes(void *p, size_t n) { - -- if (genuine_random_bytes(p, n, RANDOM_EXTEND_WITH_PSEUDO|RANDOM_DONT_DRAIN|RANDOM_ALLOW_RDRAND) >= 0) -+ if (genuine_random_bytes(p, n, RANDOM_EXTEND_WITH_PSEUDO|RANDOM_MAY_FAIL|RANDOM_ALLOW_RDRAND) >= 0) - return; - - /* If for some reason some user made /dev/urandom unavailable to us, or the kernel has no entropy, use a PRNG instead. */ -diff --git a/src/basic/random-util.h b/src/basic/random-util.h -index 3e8c288d3d..148b6c7813 100644 ---- a/src/basic/random-util.h -+++ b/src/basic/random-util.h -@@ -8,11 +8,11 @@ - typedef enum RandomFlags { - RANDOM_EXTEND_WITH_PSEUDO = 1 << 0, /* If we can't get enough genuine randomness, but some, fill up the rest with pseudo-randomness */ - RANDOM_BLOCK = 1 << 1, /* Rather block than return crap randomness (only if the kernel supports that) */ -- RANDOM_DONT_DRAIN = 1 << 2, /* If we can't get any randomness at all, return early with -EAGAIN */ -+ RANDOM_MAY_FAIL = 1 << 2, /* If we can't get any randomness at all, return early with -ENODATA */ - RANDOM_ALLOW_RDRAND = 1 << 3, /* Allow usage of the CPU RNG */ - } RandomFlags; - --int genuine_random_bytes(void *p, size_t n, RandomFlags flags); /* returns "genuine" randomness, optionally filled upwith pseudo random, if not enough is available */ -+int genuine_random_bytes(void *p, size_t n, RandomFlags flags); /* returns "genuine" randomness, optionally filled up with pseudo random, if not enough is available */ - void pseudo_random_bytes(void *p, size_t n); /* returns only pseudo-randommess (but possibly seeded from something better) */ - void random_bytes(void *p, size_t n); /* returns genuine randomness if cheaply available, and pseudo randomness if not. */ - --- -2.22.0 - - -From 1f492b9ecc31aa3782f9ce82058d8fb72a5c323f Mon Sep 17 00:00:00 2001 -From: Lennart Poettering <lennart@poettering.net> -Date: Tue, 7 May 2019 16:21:44 -0400 -Subject: [PATCH 2/6] random-util: use gcc's bit_RDRND definition if it exists - -(cherry picked from commit cc28145d51f62711fdc4b4c229aecd5778806419) ---- - src/basic/random-util.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/basic/random-util.c b/src/basic/random-util.c -index de29e07549..205d5501e5 100644 ---- a/src/basic/random-util.c -+++ b/src/basic/random-util.c -@@ -45,7 +45,12 @@ int rdrand(unsigned long *ret) { - return -EOPNOTSUPP; - } - -- have_rdrand = !!(ecx & (1U << 30)); -+/* Compat with old gcc where bit_RDRND didn't exist yet */ -+#ifndef bit_RDRND -+#define bit_RDRND (1U << 30) -+#endif -+ -+ have_rdrand = !!(ecx & bit_RDRND); - } - - if (have_rdrand == 0) --- -2.22.0 - - -From 6460c540e6183dd19de89b7f0672b3b47c4d41cc Mon Sep 17 00:00:00 2001 -From: Lennart Poettering <lennart@poettering.net> -Date: Tue, 7 May 2019 17:26:55 -0400 -Subject: [PATCH 3/6] random-util: hash AT_RANDOM getauxval() value before - using it - -Let's be a bit paranoid and hash the 16 bytes we get from getauxval() -before using them. AFter all they might be used by other stuff too (in -particular ASLR), and we probably shouldn't end up leaking that seed -though our crappy pseudo-random numbers. - -(cherry picked from commit 80eb560a5bd7439103036867d5e09a5e0393e5d3) ---- - src/basic/random-util.c | 18 ++++++++++++------ - 1 file changed, 12 insertions(+), 6 deletions(-) - -diff --git a/src/basic/random-util.c b/src/basic/random-util.c -index 205d5501e5..40f1928936 100644 ---- a/src/basic/random-util.c -+++ b/src/basic/random-util.c -@@ -28,6 +28,7 @@ - #include "io-util.h" - #include "missing.h" - #include "random-util.h" -+#include "siphash24.h" - #include "time-util.h" - - int rdrand(unsigned long *ret) { -@@ -203,14 +204,19 @@ void initialize_srand(void) { - return; - - #if HAVE_SYS_AUXV_H -- /* The kernel provides us with 16 bytes of entropy in auxv, so let's -- * try to make use of that to seed the pseudo-random generator. It's -- * better than nothing... */ -+ /* The kernel provides us with 16 bytes of entropy in auxv, so let's try to make use of that to seed -+ * the pseudo-random generator. It's better than nothing... But let's first hash it to make it harder -+ * to recover the original value by watching any pseudo-random bits we generate. After all the -+ * AT_RANDOM data might be used by other stuff too (in particular: ASLR), and we probably shouldn't -+ * leak the seed for that. */ - -- auxv = (const void*) getauxval(AT_RANDOM); -+ auxv = ULONG_TO_PTR(getauxval(AT_RANDOM)); - if (auxv) { -- assert_cc(sizeof(x) <= 16); -- memcpy(&x, auxv, sizeof(x)); -+ static const uint8_t auxval_hash_key[16] = { -+ 0x92, 0x6e, 0xfe, 0x1b, 0xcf, 0x00, 0x52, 0x9c, 0xcc, 0x42, 0xcf, 0xdc, 0x94, 0x1f, 0x81, 0x0f -+ }; -+ -+ x = (unsigned) siphash24(auxv, 16, auxval_hash_key); - } else - #endif - x = 0; --- -2.22.0 - - -From 17d52f6320b45d1728af6007b4df4aaccc6fdaf4 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering <lennart@poettering.net> -Date: Tue, 7 May 2019 18:51:26 -0400 -Subject: [PATCH 4/6] random-util: rename "err" to "success" - -After all rdrand returns 1 on success, and 0 on failure, hence let's -name this accordingly. - -(cherry picked from commit 328f850e36e86d14ab06d11fa8f2397e9575a7f9) ---- - src/basic/random-util.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/basic/random-util.c b/src/basic/random-util.c -index 40f1928936..7c64857592 100644 ---- a/src/basic/random-util.c -+++ b/src/basic/random-util.c -@@ -35,7 +35,7 @@ int rdrand(unsigned long *ret) { - - #if defined(__i386__) || defined(__x86_64__) - static int have_rdrand = -1; -- unsigned char err; -+ uint8_t success; - - if (have_rdrand < 0) { - uint32_t eax, ebx, ecx, edx; -@@ -60,9 +60,9 @@ int rdrand(unsigned long *ret) { - asm volatile("rdrand %0;" - "setc %1" - : "=r" (*ret), -- "=qm" (err)); -- msan_unpoison(&err, sizeof(err)); -- if (!err) -+ "=qm" (success)); -+ msan_unpoison(&success, sizeof(sucess)); -+ if (!success) - return -EAGAIN; - - return 0; --- -2.22.0 - - -From a6c72245ba5ba688cd6544650b9c6e313b39b53e Mon Sep 17 00:00:00 2001 -From: Evgeny Vereshchagin <evvers@ya.ru> -Date: Wed, 8 May 2019 15:50:53 +0200 -Subject: [PATCH 5/6] util-lib: fix a typo in rdrand - -Otherwise, the fuzzers will fail to compile with MSan: -``` -../../src/systemd/src/basic/random-util.c:64:40: error: use of undeclared identifier 'sucess'; did you mean 'success'? - msan_unpoison(&success, sizeof(sucess)); - ^~~~~~ - success -../../src/systemd/src/basic/alloc-util.h:169:50: note: expanded from macro 'msan_unpoison' - ^ -../../src/systemd/src/basic/random-util.c:38:17: note: 'success' declared here - uint8_t success; - ^ -1 error generated. -[80/545] Compiling C object 'src/basic/a6ba3eb@@basic@sta/process-util.c.o'. -ninja: build stopped: subcommand failed. -Fuzzers build failed -``` - -(cherry picked from commit 7f2cdceaed4d37c4e601e531c7d863fca1bd1460) ---- - src/basic/random-util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/random-util.c b/src/basic/random-util.c -index 7c64857592..b8bbf2d418 100644 ---- a/src/basic/random-util.c -+++ b/src/basic/random-util.c -@@ -61,7 +61,7 @@ int rdrand(unsigned long *ret) { - "setc %1" - : "=r" (*ret), - "=qm" (success)); -- msan_unpoison(&success, sizeof(sucess)); -+ msan_unpoison(&success, sizeof(success)); - if (!success) - return -EAGAIN; - --- -2.22.0 - - -From 47eec0ae61c887cb8cc05ce8d49b8d151bc4ef25 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering <lennart@poettering.net> -Date: Fri, 10 May 2019 15:16:16 -0400 -Subject: [PATCH 6/6] random-util: eat up bad RDRAND values seen on AMD CPUs - -An ugly, ugly work-around for #11810. And no, we shouldn't have to do -this. This is something for AMD, the firmware or the kernel to -fix/work-around, not us. But nonetheless, this should do it for now. - -Fixes: #11810 -(cherry picked from commit 1c53d4a070edbec8ad2d384ba0014d0eb6bae077) ---- - src/basic/random-util.c | 15 ++++++++++++++- - 1 file changed, 14 insertions(+), 1 deletion(-) - -diff --git a/src/basic/random-util.c b/src/basic/random-util.c -index b8bbf2d418..0561f0cb22 100644 ---- a/src/basic/random-util.c -+++ b/src/basic/random-util.c -@@ -35,6 +35,7 @@ int rdrand(unsigned long *ret) { - - #if defined(__i386__) || defined(__x86_64__) - static int have_rdrand = -1; -+ unsigned long v; - uint8_t success; - - if (have_rdrand < 0) { -@@ -59,12 +60,24 @@ int rdrand(unsigned long *ret) { - - asm volatile("rdrand %0;" - "setc %1" -- : "=r" (*ret), -+ : "=r" (v), - "=qm" (success)); - msan_unpoison(&success, sizeof(success)); - if (!success) - return -EAGAIN; - -+ /* Apparently on some AMD CPUs RDRAND will sometimes (after a suspend/resume cycle?) report success -+ * via the carry flag but nonetheless return the same fixed value -1 in all cases. This appears to be -+ * a bad bug in the CPU or firmware. Let's deal with that and work-around this by explicitly checking -+ * for this special value (and also 0, just to be sure) and filtering it out. This is a work-around -+ * only however and something AMD really should fix properly. The Linux kernel should probably work -+ * around this issue by turning off RDRAND altogether on those CPUs. See: -+ * https://github.com/systemd/systemd/issues/11810 */ -+ if (v == 0 || v == ULONG_MAX) -+ return log_debug_errno(SYNTHETIC_ERRNO(EUCLEAN), -+ "RDRAND returned suspicious value %lx, assuming bad hardware RNG, not using value.", v); -+ -+ *ret = v; - return 0; - #else - return -EOPNOTSUPP; --- -2.22.0 - diff --git a/sys-apps/systemd/files/242-socket-util-flush-accept.patch b/sys-apps/systemd/files/242-socket-util-flush-accept.patch deleted file mode 100644 index 4849c4c0789e..000000000000 --- a/sys-apps/systemd/files/242-socket-util-flush-accept.patch +++ /dev/null @@ -1,46 +0,0 @@ -From f3d75364fbebf2ddb6393e54db5e10b6f6234e14 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering <lennart@poettering.net> -Date: Thu, 18 Apr 2019 15:13:54 +0200 -Subject: [PATCH] socket-util: make sure flush_accept() doesn't hang on - unexpected EOPNOTSUPP - -So apparently there are two reasons why accept() can return EOPNOTSUPP: -because the socket is not a listening stream socket (or similar), or -because the incoming TCP connection for some reason wasn't acceptable to -the host. THe latter should be a transient error, as suggested on -accept(2). The former however should be considered fatal for -flush_accept(). Let's fix this by explicitly checking whether the socket -is a listening socket beforehand. ---- - src/basic/socket-util.c | 17 +++++++++++++++-- - 1 file changed, 15 insertions(+), 2 deletions(-) - -diff --git a/src/basic/socket-util.c b/src/basic/socket-util.c -index 904bafb76f9..e787d53d8f4 100644 ---- a/src/basic/socket-util.c -+++ b/src/basic/socket-util.c -@@ -1225,9 +1225,22 @@ int flush_accept(int fd) { - .fd = fd, - .events = POLLIN, - }; -- int r; -+ int r, b; -+ socklen_t l = sizeof(b); -+ -+ /* Similar to flush_fd() but flushes all incoming connection by accepting them and immediately -+ * closing them. */ -+ -+ if (getsockopt(fd, SOL_SOCKET, SO_ACCEPTCONN, &b, &l) < 0) -+ return -errno; - -- /* Similar to flush_fd() but flushes all incoming connection by accepting them and immediately closing them. */ -+ assert(l == sizeof(b)); -+ if (!b) /* Let's check if this is a socket accepting connections before calling accept(). That's -+ * because accept4() can return EOPNOTSUPP in the fd we are called on is not a listening -+ * socket, or in case the incoming TCP connection transiently triggered that (see accept(2) -+ * man page for details). The latter case is a transient error we should continue looping -+ * on. The former case however is fatal. */ -+ return -ENOTTY; - - for (;;) { - int cfd; diff --git a/sys-apps/systemd/files/242-wireguard-listenport.patch b/sys-apps/systemd/files/242-wireguard-listenport.patch deleted file mode 100644 index 39b3c7c0a54c..000000000000 --- a/sys-apps/systemd/files/242-wireguard-listenport.patch +++ /dev/null @@ -1,49 +0,0 @@ -From a62b7bb79e9a2aa683624c32cde1c756d8466fb4 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe <watanabe.yu+github@gmail.com> -Date: Thu, 25 Apr 2019 00:39:04 +0200 -Subject: [PATCH] network: fix ListenPort= in [WireGuard] section - -This fixes a bug introduced by f1368a333e5e08575f0b45dfe41e936b106a8627. - -Fixes #12377. ---- - src/network/netdev/wireguard.c | 19 ++++++++++--------- - 1 file changed, 10 insertions(+), 9 deletions(-) - -diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c -index f3084c0773f..5ebc5dfed84 100644 ---- a/src/network/netdev/wireguard.c -+++ b/src/network/netdev/wireguard.c -@@ -452,22 +452,23 @@ int config_parse_wireguard_listen_port( - void *userdata) { - - uint16_t *s = data; -- uint16_t port = 0; - int r; - - assert(rvalue); - assert(data); - -- if (!streq(rvalue, "auto")) { -- r = parse_ip_port(rvalue, s); -- if (r < 0) { -- log_syntax(unit, LOG_ERR, filename, line, r, -- "Invalid port specification, ignoring assignment: %s", rvalue); -- return 0; -- } -+ if (isempty(rvalue) || streq(rvalue, "auto")) { -+ *s = 0; -+ return 0; -+ } -+ -+ r = parse_ip_port(rvalue, s); -+ if (r < 0) { -+ log_syntax(unit, LOG_ERR, filename, line, r, -+ "Invalid port specification, ignoring assignment: %s", rvalue); -+ return 0; - } - -- *s = port; - return 0; - } - diff --git a/sys-apps/systemd/files/CVE-2019-15718.patch b/sys-apps/systemd/files/CVE-2019-15718.patch deleted file mode 100644 index 8186f7096f82..000000000000 --- a/sys-apps/systemd/files/CVE-2019-15718.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 35e528018f315798d3bffcb592b32a0d8f5162bd Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> -Date: Tue, 27 Aug 2019 19:00:34 +0200 -Subject: [PATCH] shared/but-util: drop trusted annotation from - bus_open_system_watch_bind_with_description() - -https://bugzilla.redhat.com/show_bug.cgi?id=1746057 - -This only affects systemd-resolved. bus_open_system_watch_bind_with_description() -is also used in timesyncd, but it has no methods, only read-only properties, and -in networkd, but it annotates all methods with SD_BUS_VTABLE_UNPRIVILEGED and does -polkit checks. ---- - src/shared/bus-util.c | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c -index 6af115e7aa..821339d4ae 100644 ---- a/src/shared/bus-util.c -+++ b/src/shared/bus-util.c -@@ -1705,10 +1705,6 @@ int bus_open_system_watch_bind_with_description(sd_bus **ret, const char *descri - if (r < 0) - return r; - -- r = sd_bus_set_trusted(bus, true); -- if (r < 0) -- return r; -- - r = sd_bus_negotiate_creds(bus, true, SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_EFFECTIVE_CAPS); - if (r < 0) - return r; diff --git a/sys-apps/systemd/metadata.xml b/sys-apps/systemd/metadata.xml index 540f7dbef65c..d62c5159c4bb 100644 --- a/sys-apps/systemd/metadata.xml +++ b/sys-apps/systemd/metadata.xml @@ -21,7 +21,6 @@ <flag name="http">Enable embedded HTTP server in journald</flag> <flag name="importd">Enable import daemon</flag> <flag name="kmod">Enable kernel module loading via <pkg>sys-apps/kmod</pkg></flag> - <flag name="libidn2">If IDN support is enabled, use <pkg>net-dns/libidn2</pkg> instead of <pkg>net-dns/libidn</pkg></flag> <flag name="lz4">Enable lz4 compression for the journal</flag> <flag name="nat">Enable support for network address translation in networkd</flag> <flag name="qrcode">Enable qrcode output support in journal</flag> diff --git a/sys-apps/systemd/systemd-242-r6.ebuild b/sys-apps/systemd/systemd-242-r6.ebuild deleted file mode 100644 index a60baf3e919d..000000000000 --- a/sys-apps/systemd/systemd-242-r6.ebuild +++ /dev/null @@ -1,499 +0,0 @@ -# Copyright 2011-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -if [[ ${PV} == 9999 ]]; then - EGIT_REPO_URI="https://github.com/systemd/systemd.git" - inherit git-r3 -else - MY_PV=${PV/_/-} - MY_P=${PN}-${MY_PV} - S=${WORKDIR}/${MY_P} - SRC_URI="https://github.com/systemd/systemd/archive/v${MY_PV}/${MY_P}.tar.gz" - KEYWORDS="alpha amd64 arm arm64 ~hppa ia64 ~mips ppc ppc64 sparc x86" -fi - -PYTHON_COMPAT=( python{3_5,3_6,3_7} ) - -inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev - -DESCRIPTION="System and service manager for Linux" -HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd" - -LICENSE="GPL-2 LGPL-2.1 MIT public-domain" -SLOT="0/2" -IUSE="acl apparmor audit build cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi http idn importd +kmod libidn2 +lz4 lzma nat pam pcre policykit qrcode +resolvconf +seccomp selinux split-usr +sysv-utils test vanilla xkb" - -REQUIRED_USE="importd? ( curl gcrypt lzma )" -RESTRICT="!test? ( test )" - -MINKV="3.11" - -COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] - sys-libs/libcap:0=[${MULTILIB_USEDEP}] - !<sys-libs/glibc-2.16 - acl? ( sys-apps/acl:0= ) - apparmor? ( sys-libs/libapparmor:0= ) - audit? ( >=sys-process/audit-2:0= ) - cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= ) - curl? ( net-misc/curl:0= ) - dns-over-tls? ( >=net-libs/gnutls-3.5.3:0= ) - elfutils? ( >=dev-libs/elfutils-0.158:0= ) - gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) - http? ( - >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] - >=net-libs/gnutls-3.1.4:0= - ) - idn? ( - libidn2? ( net-dns/libidn2:= ) - !libidn2? ( net-dns/libidn:= ) - ) - importd? ( - app-arch/bzip2:0= - sys-libs/zlib:0= - ) - kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - nat? ( net-firewall/iptables:0= ) - pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) - pcre? ( dev-libs/libpcre2 ) - qrcode? ( media-gfx/qrencode:0= ) - seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) - selinux? ( sys-libs/libselinux:0= ) - xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )" - -# Newer linux-headers needed by ia64, bug #480218 -DEPEND="${COMMON_DEPEND} - >=sys-kernel/linux-headers-${MINKV} - gnuefi? ( >=sys-boot/gnu-efi-3.0.2 ) -" - -# baselayout-2.2 has /run -RDEPEND="${COMMON_DEPEND} - acct-group/adm - acct-group/wheel - acct-group/kmem - acct-group/tty - acct-group/utmp - acct-group/audio - acct-group/cdrom - acct-group/dialout - acct-group/disk - acct-group/input - acct-group/kvm - acct-group/render - acct-group/tape - acct-group/video - acct-group/systemd-journal - acct-user/systemd-journal-remote - acct-user/systemd-coredump - acct-user/systemd-network - acct-user/systemd-resolve - acct-user/systemd-timesync - >=sys-apps/baselayout-2.2 - selinux? ( sec-policy/selinux-base-policy[systemd] ) - sysv-utils? ( !sys-apps/sysvinit ) - !sysv-utils? ( sys-apps/sysvinit ) - resolvconf? ( !net-dns/openresolv ) - !build? ( || ( - sys-apps/util-linux[kill(-)] - sys-process/procps[kill(+)] - sys-apps/coreutils[kill(-)] - ) ) - !sys-auth/nss-myhostname - !<sys-kernel/dracut-044 - !sys-fs/eudev - !sys-fs/udev -" - -# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -PDEPEND=">=sys-apps/dbus-1.9.8[systemd] - >=sys-apps/hwids-20150417[udev] - >=sys-fs/udev-init-scripts-25 - policykit? ( sys-auth/polkit ) - !vanilla? ( sys-apps/gentoo-systemd-integration )" - -BDEPEND=" - app-arch/xz-utils:0 - dev-util/gperf - >=dev-util/meson-0.46 - >=dev-util/intltool-0.50 - >=sys-apps/coreutils-8.16 - sys-devel/m4 - virtual/pkgconfig[${MULTILIB_USEDEP}] - test? ( sys-apps/dbus ) - app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0 - $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') -" - -pkg_pretend() { - if [[ ${MERGE_TYPE} != buildonly ]]; then - if use test && has pid-sandbox ${FEATURES}; then - ewarn "Tests are known to fail with PID sandboxing enabled." - ewarn "See https://bugs.gentoo.org/674458." - fi - - local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS - ~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE - ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS - ~TIMERFD ~TMPFS_XATTR ~UNIX - ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH - ~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED - ~!SYSFS_DEPRECATED_V2" - - use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" - use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" - kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG" - kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES" - kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF" - - if linux_config_exists; then - local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) - if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then - ewarn "It's recommended to set an empty value to the following kernel config option:" - ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" - fi - if linux_chkconfig_present X86; then - CONFIG_CHECK+=" ~DMIID" - fi - fi - - if kernel_is -lt ${MINKV//./ }; then - ewarn "Kernel version at least ${MINKV} required" - fi - - check_extra_config - fi -} - -pkg_setup() { - : -} - -src_unpack() { - default - [[ ${PV} != 9999 ]] || git-r3_src_unpack -} - -src_prepare() { - # Do NOT add patches here - local PATCHES=() - - [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches ) - - # Add local patches here - PATCHES+=( - "${FILESDIR}"/242-gcc-9.patch - "${FILESDIR}"/242-socket-util-flush-accept.patch - "${FILESDIR}"/242-wireguard-listenport.patch - "${FILESDIR}"/242-file-max.patch - "${FILESDIR}"/242-rdrand-ryzen.patch - "${FILESDIR}"/242-networkd-ipv6-token.patch - "${FILESDIR}"/242-network-domains.patch - ) - - if ! use vanilla; then - PATCHES+=( - "${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch" - "${FILESDIR}/gentoo-systemd-user-pam.patch" - "${FILESDIR}/gentoo-generator-path-r1.patch" - ) - fi - - default -} - -src_configure() { - # Prevent conflicts with i686 cross toolchain, bug 559726 - tc-export AR CC NM OBJCOPY RANLIB - - python_setup - - multilib-minimal_src_configure -} - -meson_use() { - usex "$1" true false -} - -meson_multilib() { - if multilib_is_native_abi; then - echo true - else - echo false - fi -} - -meson_multilib_native_use() { - if multilib_is_native_abi && use "$1"; then - echo true - else - echo false - fi -} - -multilib_src_configure() { - local myconf=( - --localstatedir="${EPREFIX}/var" - -Dsupport-url="https://gentoo.org/support/" - -Dpamlibdir="$(getpam_mod_dir)" - # avoid bash-completion dep - -Dbashcompletiondir="$(get_bashcompdir)" - # make sure we get /bin:/sbin in PATH - -Dsplit-usr=$(usex split-usr true false) - -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" - -Dsysvinit-path= - -Dsysvrcnd-path= - # Avoid infinite exec recursion, bug 642724 - -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" - # no deps - -Defi=$(meson_multilib) - -Dima=true - # Optional components/dependencies - -Dacl=$(meson_multilib_native_use acl) - -Dapparmor=$(meson_multilib_native_use apparmor) - -Daudit=$(meson_multilib_native_use audit) - -Dlibcryptsetup=$(meson_multilib_native_use cryptsetup) - -Dlibcurl=$(meson_multilib_native_use curl) - -Ddns-over-tls=$(meson_multilib_native_use dns-over-tls) - -Delfutils=$(meson_multilib_native_use elfutils) - -Dgcrypt=$(meson_use gcrypt) - -Dgnu-efi=$(meson_multilib_native_use gnuefi) - -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)" - -Dmicrohttpd=$(meson_multilib_native_use http) - -Dimportd=$(meson_multilib_native_use importd) - -Dbzip2=$(meson_multilib_native_use importd) - -Dzlib=$(meson_multilib_native_use importd) - -Dkmod=$(meson_multilib_native_use kmod) - -Dlz4=$(meson_use lz4) - -Dxz=$(meson_use lzma) - -Dlibiptc=$(meson_multilib_native_use nat) - -Dpam=$(meson_use pam) - -Dpcre2=$(meson_multilib_native_use pcre) - -Dpolkit=$(meson_multilib_native_use policykit) - -Dqrencode=$(meson_multilib_native_use qrcode) - -Dseccomp=$(meson_multilib_native_use seccomp) - -Dselinux=$(meson_multilib_native_use selinux) - -Ddbus=$(meson_multilib_native_use test) - -Dxkbcommon=$(meson_multilib_native_use xkb) - -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" - # Breaks screen, tmux, etc. - -Ddefault-kill-user-processes=false - -Dcreate-log-dirs=false - - # multilib options - -Dbacklight=$(meson_multilib) - -Dbinfmt=$(meson_multilib) - -Dcoredump=$(meson_multilib) - -Denvironment-d=$(meson_multilib) - -Dfirstboot=$(meson_multilib) - -Dhibernate=$(meson_multilib) - -Dhostnamed=$(meson_multilib) - -Dhwdb=$(meson_multilib) - -Dldconfig=$(meson_multilib) - -Dlocaled=$(meson_multilib) - -Dman=$(meson_multilib) - -Dnetworkd=$(meson_multilib) - -Dquotacheck=$(meson_multilib) - -Drandomseed=$(meson_multilib) - -Drfkill=$(meson_multilib) - -Dsysusers=$(meson_multilib) - -Dtimedated=$(meson_multilib) - -Dtimesyncd=$(meson_multilib) - -Dtmpfiles=$(meson_multilib) - -Dvconsole=$(meson_multilib) - ) - - if multilib_is_native_abi && use idn; then - myconf+=( - -Dlibidn2=$(usex libidn2 true false) - -Dlibidn=$(usex libidn2 false true) - ) - else - myconf+=( - -Dlibidn2=false - -Dlibidn=false - ) - fi - - meson_src_configure "${myconf[@]}" -} - -multilib_src_compile() { - eninja -} - -multilib_src_test() { - unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR - eninja test -} - -multilib_src_install() { - DESTDIR="${D}" eninja install -} - -multilib_src_install_all() { - local rootprefix=$(usex split-usr '' /usr) - - # meson doesn't know about docdir - mv "${ED}"/usr/share/doc/{systemd,${PF}} || die - - einstalldocs - dodoc "${FILESDIR}"/nsswitch.conf - - if ! use resolvconf; then - rm -f "${ED}${rootprefix}"/sbin/resolvconf || die - fi - - if ! use sysv-utils; then - rm "${ED}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die - rm "${ED}"/usr/share/man/man1/init.1 || die - rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die - fi - - if ! use resolvconf && ! use sysv-utils; then - rmdir "${ED}${rootprefix}"/sbin || die - fi - - # Preserve empty dirs in /etc & /var, bug #437008 - keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} - keepdir /etc/kernel/install.d - keepdir /etc/systemd/{network,user} - keepdir /etc/udev/{hwdb.d,rules.d} - keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} - keepdir /usr/lib/{binfmt.d,modules-load.d} - keepdir /usr/lib/systemd/user-generators - keepdir /var/lib/systemd - keepdir /var/log/journal - - # Symlink /etc/sysctl.conf for easy migration. - dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf - - local udevdir=/lib/udev - use split-usr || udevdir=/usr/lib/udev - - rm -r "${ED}${udevdir}/hwdb.d" || die - - if use split-usr; then - # Avoid breaking boot/reboot - dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd - dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown - fi -} - -migrate_locale() { - local envd_locale_def="${EROOT}/etc/env.d/02locale" - local envd_locale=( "${EROOT}"/etc/env.d/??locale ) - local locale_conf="${EROOT}/etc/locale.conf" - - if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then - # If locale.conf does not exist... - if [[ -e ${envd_locale} ]]; then - # ...either copy env.d/??locale if there's one - ebegin "Moving ${envd_locale} to ${locale_conf}" - mv "${envd_locale}" "${locale_conf}" - eend ${?} || FAIL=1 - else - # ...or create a dummy default - ebegin "Creating ${locale_conf}" - cat > "${locale_conf}" <<-EOF - # This file has been created by the sys-apps/systemd ebuild. - # See locale.conf(5) and localectl(1). - - # LANG=${LANG} - EOF - eend ${?} || FAIL=1 - fi - fi - - if [[ ! -L ${envd_locale} ]]; then - # now, if env.d/??locale is not a symlink (to locale.conf)... - if [[ -e ${envd_locale} ]]; then - # ...warn the user that he has duplicate locale settings - ewarn - ewarn "To ensure consistent behavior, you should replace ${envd_locale}" - ewarn "with a symlink to ${locale_conf}. Please migrate your settings" - ewarn "and create the symlink with the following command:" - ewarn "ln -s -n -f ../locale.conf ${envd_locale}" - ewarn - else - # ...or just create the symlink if there's nothing here - ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" - ln -n -s ../locale.conf "${envd_locale_def}" - eend ${?} || FAIL=1 - fi - fi -} - -save_enabled_units() { - ENABLED_UNITS=() - type systemctl &>/dev/null || return - for x; do - if systemctl --quiet --root="${ROOT:-/}" is-enabled "${x}"; then - ENABLED_UNITS+=( "${x}" ) - fi - done -} - -pkg_preinst() { - save_enabled_units {machines,remote-{cryptsetup,fs}}.target getty@tty1.service -} - -pkg_postinst() { - systemd_update_catalog - - # Keep this here in case the database format changes so it gets updated - # when required. Despite that this file is owned by sys-apps/hwids. - if has_version "sys-apps/hwids[udev]"; then - udevadm hwdb --update --root="${EROOT}" - fi - - udev_reload || FAIL=1 - - # Bug 465468, make sure locales are respect, and ensure consistency - # between OpenRC & systemd - migrate_locale - - systemd_reenable systemd-networkd.service systemd-resolved.service - - if [[ ${ENABLED_UNITS[@]} ]]; then - systemctl --root="${ROOT:-/}" enable "${ENABLED_UNITS[@]}" - fi - - if [[ -z ${REPLACING_VERSIONS} ]]; then - if type systemctl &>/dev/null; then - systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 - fi - elog "To enable a useful set of services, run the following:" - elog " systemctl preset-all --preset-mode=enable-only" - fi - - if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then - rm "${EROOT}/var/lib/systemd/timesync" - fi - - if [[ -z ${ROOT} && -d /run/systemd/system ]]; then - ebegin "Reexecuting system manager" - systemctl daemon-reexec - eend $? - fi - - if [[ ${FAIL} ]]; then - eerror "One of the postinst commands failed. Please check the postinst output" - eerror "for errors. You may need to clean up your system and/or try installing" - eerror "systemd again." - eerror - fi -} - -pkg_prerm() { - # If removing systemd completely, remove the catalog database. - if [[ ! ${REPLACED_BY_VERSION} ]]; then - rm -f -v "${EROOT}"/var/lib/systemd/catalog/database - fi -} diff --git a/sys-apps/systemd/systemd-242-r7.ebuild b/sys-apps/systemd/systemd-242-r7.ebuild deleted file mode 100644 index be69471c9e6e..000000000000 --- a/sys-apps/systemd/systemd-242-r7.ebuild +++ /dev/null @@ -1,500 +0,0 @@ -# Copyright 2011-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -if [[ ${PV} == 9999 ]]; then - EGIT_REPO_URI="https://github.com/systemd/systemd.git" - inherit git-r3 -else - MY_PV=${PV/_/-} - MY_P=${PN}-${MY_PV} - S=${WORKDIR}/${MY_P} - SRC_URI="https://github.com/systemd/systemd/archive/v${MY_PV}/${MY_P}.tar.gz" - KEYWORDS="alpha amd64 arm arm64 ~hppa ia64 ~mips ppc ~ppc64 sparc x86" -fi - -PYTHON_COMPAT=( python{3_5,3_6,3_7} ) - -inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev - -DESCRIPTION="System and service manager for Linux" -HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd" - -LICENSE="GPL-2 LGPL-2.1 MIT public-domain" -SLOT="0/2" -IUSE="acl apparmor audit build cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi http idn importd +kmod libidn2 +lz4 lzma nat pam pcre policykit qrcode +resolvconf +seccomp selinux split-usr +sysv-utils test vanilla xkb" - -REQUIRED_USE="importd? ( curl gcrypt lzma )" -RESTRICT="!test? ( test )" - -MINKV="3.11" - -COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] - sys-libs/libcap:0=[${MULTILIB_USEDEP}] - !<sys-libs/glibc-2.16 - acl? ( sys-apps/acl:0= ) - apparmor? ( sys-libs/libapparmor:0= ) - audit? ( >=sys-process/audit-2:0= ) - cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= ) - curl? ( net-misc/curl:0= ) - dns-over-tls? ( >=net-libs/gnutls-3.5.3:0= ) - elfutils? ( >=dev-libs/elfutils-0.158:0= ) - gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) - http? ( - >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] - >=net-libs/gnutls-3.1.4:0= - ) - idn? ( - libidn2? ( net-dns/libidn2:= ) - !libidn2? ( net-dns/libidn:= ) - ) - importd? ( - app-arch/bzip2:0= - sys-libs/zlib:0= - ) - kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - nat? ( net-firewall/iptables:0= ) - pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) - pcre? ( dev-libs/libpcre2 ) - qrcode? ( media-gfx/qrencode:0= ) - seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) - selinux? ( sys-libs/libselinux:0= ) - xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )" - -# Newer linux-headers needed by ia64, bug #480218 -DEPEND="${COMMON_DEPEND} - >=sys-kernel/linux-headers-${MINKV} - gnuefi? ( >=sys-boot/gnu-efi-3.0.2 ) -" - -# baselayout-2.2 has /run -RDEPEND="${COMMON_DEPEND} - acct-group/adm - acct-group/wheel - acct-group/kmem - acct-group/tty - acct-group/utmp - acct-group/audio - acct-group/cdrom - acct-group/dialout - acct-group/disk - acct-group/input - acct-group/kvm - acct-group/render - acct-group/tape - acct-group/video - acct-group/systemd-journal - acct-user/systemd-journal-remote - acct-user/systemd-coredump - acct-user/systemd-network - acct-user/systemd-resolve - acct-user/systemd-timesync - >=sys-apps/baselayout-2.2 - selinux? ( sec-policy/selinux-base-policy[systemd] ) - sysv-utils? ( !sys-apps/sysvinit ) - !sysv-utils? ( sys-apps/sysvinit ) - resolvconf? ( !net-dns/openresolv ) - !build? ( || ( - sys-apps/util-linux[kill(-)] - sys-process/procps[kill(+)] - sys-apps/coreutils[kill(-)] - ) ) - !sys-auth/nss-myhostname - !<sys-kernel/dracut-044 - !sys-fs/eudev - !sys-fs/udev -" - -# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -PDEPEND=">=sys-apps/dbus-1.9.8[systemd] - >=sys-apps/hwids-20150417[udev] - >=sys-fs/udev-init-scripts-25 - policykit? ( sys-auth/polkit ) - !vanilla? ( sys-apps/gentoo-systemd-integration )" - -BDEPEND=" - app-arch/xz-utils:0 - dev-util/gperf - >=dev-util/meson-0.46 - >=dev-util/intltool-0.50 - >=sys-apps/coreutils-8.16 - sys-devel/m4 - virtual/pkgconfig[${MULTILIB_USEDEP}] - test? ( sys-apps/dbus ) - app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0 - $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') -" - -pkg_pretend() { - if [[ ${MERGE_TYPE} != buildonly ]]; then - if use test && has pid-sandbox ${FEATURES}; then - ewarn "Tests are known to fail with PID sandboxing enabled." - ewarn "See https://bugs.gentoo.org/674458." - fi - - local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS - ~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE - ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS - ~TIMERFD ~TMPFS_XATTR ~UNIX - ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH - ~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED - ~!SYSFS_DEPRECATED_V2" - - use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" - use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" - kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG" - kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES" - kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF" - - if linux_config_exists; then - local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) - if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then - ewarn "It's recommended to set an empty value to the following kernel config option:" - ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" - fi - if linux_chkconfig_present X86; then - CONFIG_CHECK+=" ~DMIID" - fi - fi - - if kernel_is -lt ${MINKV//./ }; then - ewarn "Kernel version at least ${MINKV} required" - fi - - check_extra_config - fi -} - -pkg_setup() { - : -} - -src_unpack() { - default - [[ ${PV} != 9999 ]] || git-r3_src_unpack -} - -src_prepare() { - # Do NOT add patches here - local PATCHES=() - - [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches ) - - # Add local patches here - PATCHES+=( - "${FILESDIR}"/242-gcc-9.patch - "${FILESDIR}"/242-socket-util-flush-accept.patch - "${FILESDIR}"/242-wireguard-listenport.patch - "${FILESDIR}"/242-file-max.patch - "${FILESDIR}"/242-rdrand-ryzen.patch - "${FILESDIR}"/242-networkd-ipv6-token.patch - "${FILESDIR}"/242-network-domains.patch - "${FILESDIR}"/CVE-2019-15718.patch - ) - - if ! use vanilla; then - PATCHES+=( - "${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch" - "${FILESDIR}/gentoo-systemd-user-pam.patch" - "${FILESDIR}/gentoo-generator-path-r1.patch" - ) - fi - - default -} - -src_configure() { - # Prevent conflicts with i686 cross toolchain, bug 559726 - tc-export AR CC NM OBJCOPY RANLIB - - python_setup - - multilib-minimal_src_configure -} - -meson_use() { - usex "$1" true false -} - -meson_multilib() { - if multilib_is_native_abi; then - echo true - else - echo false - fi -} - -meson_multilib_native_use() { - if multilib_is_native_abi && use "$1"; then - echo true - else - echo false - fi -} - -multilib_src_configure() { - local myconf=( - --localstatedir="${EPREFIX}/var" - -Dsupport-url="https://gentoo.org/support/" - -Dpamlibdir="$(getpam_mod_dir)" - # avoid bash-completion dep - -Dbashcompletiondir="$(get_bashcompdir)" - # make sure we get /bin:/sbin in PATH - -Dsplit-usr=$(usex split-usr true false) - -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" - -Dsysvinit-path= - -Dsysvrcnd-path= - # Avoid infinite exec recursion, bug 642724 - -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" - # no deps - -Defi=$(meson_multilib) - -Dima=true - # Optional components/dependencies - -Dacl=$(meson_multilib_native_use acl) - -Dapparmor=$(meson_multilib_native_use apparmor) - -Daudit=$(meson_multilib_native_use audit) - -Dlibcryptsetup=$(meson_multilib_native_use cryptsetup) - -Dlibcurl=$(meson_multilib_native_use curl) - -Ddns-over-tls=$(meson_multilib_native_use dns-over-tls) - -Delfutils=$(meson_multilib_native_use elfutils) - -Dgcrypt=$(meson_use gcrypt) - -Dgnu-efi=$(meson_multilib_native_use gnuefi) - -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)" - -Dmicrohttpd=$(meson_multilib_native_use http) - -Dimportd=$(meson_multilib_native_use importd) - -Dbzip2=$(meson_multilib_native_use importd) - -Dzlib=$(meson_multilib_native_use importd) - -Dkmod=$(meson_multilib_native_use kmod) - -Dlz4=$(meson_use lz4) - -Dxz=$(meson_use lzma) - -Dlibiptc=$(meson_multilib_native_use nat) - -Dpam=$(meson_use pam) - -Dpcre2=$(meson_multilib_native_use pcre) - -Dpolkit=$(meson_multilib_native_use policykit) - -Dqrencode=$(meson_multilib_native_use qrcode) - -Dseccomp=$(meson_multilib_native_use seccomp) - -Dselinux=$(meson_multilib_native_use selinux) - -Ddbus=$(meson_multilib_native_use test) - -Dxkbcommon=$(meson_multilib_native_use xkb) - -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" - # Breaks screen, tmux, etc. - -Ddefault-kill-user-processes=false - -Dcreate-log-dirs=false - - # multilib options - -Dbacklight=$(meson_multilib) - -Dbinfmt=$(meson_multilib) - -Dcoredump=$(meson_multilib) - -Denvironment-d=$(meson_multilib) - -Dfirstboot=$(meson_multilib) - -Dhibernate=$(meson_multilib) - -Dhostnamed=$(meson_multilib) - -Dhwdb=$(meson_multilib) - -Dldconfig=$(meson_multilib) - -Dlocaled=$(meson_multilib) - -Dman=$(meson_multilib) - -Dnetworkd=$(meson_multilib) - -Dquotacheck=$(meson_multilib) - -Drandomseed=$(meson_multilib) - -Drfkill=$(meson_multilib) - -Dsysusers=$(meson_multilib) - -Dtimedated=$(meson_multilib) - -Dtimesyncd=$(meson_multilib) - -Dtmpfiles=$(meson_multilib) - -Dvconsole=$(meson_multilib) - ) - - if multilib_is_native_abi && use idn; then - myconf+=( - -Dlibidn2=$(usex libidn2 true false) - -Dlibidn=$(usex libidn2 false true) - ) - else - myconf+=( - -Dlibidn2=false - -Dlibidn=false - ) - fi - - meson_src_configure "${myconf[@]}" -} - -multilib_src_compile() { - eninja -} - -multilib_src_test() { - unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR - eninja test -} - -multilib_src_install() { - DESTDIR="${D}" eninja install -} - -multilib_src_install_all() { - local rootprefix=$(usex split-usr '' /usr) - - # meson doesn't know about docdir - mv "${ED}"/usr/share/doc/{systemd,${PF}} || die - - einstalldocs - dodoc "${FILESDIR}"/nsswitch.conf - - if ! use resolvconf; then - rm -f "${ED}${rootprefix}"/sbin/resolvconf || die - fi - - if ! use sysv-utils; then - rm "${ED}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die - rm "${ED}"/usr/share/man/man1/init.1 || die - rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die - fi - - if ! use resolvconf && ! use sysv-utils; then - rmdir "${ED}${rootprefix}"/sbin || die - fi - - # Preserve empty dirs in /etc & /var, bug #437008 - keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} - keepdir /etc/kernel/install.d - keepdir /etc/systemd/{network,user} - keepdir /etc/udev/{hwdb.d,rules.d} - keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} - keepdir /usr/lib/{binfmt.d,modules-load.d} - keepdir /usr/lib/systemd/user-generators - keepdir /var/lib/systemd - keepdir /var/log/journal - - # Symlink /etc/sysctl.conf for easy migration. - dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf - - local udevdir=/lib/udev - use split-usr || udevdir=/usr/lib/udev - - rm -r "${ED}${udevdir}/hwdb.d" || die - - if use split-usr; then - # Avoid breaking boot/reboot - dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd - dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown - fi -} - -migrate_locale() { - local envd_locale_def="${EROOT}/etc/env.d/02locale" - local envd_locale=( "${EROOT}"/etc/env.d/??locale ) - local locale_conf="${EROOT}/etc/locale.conf" - - if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then - # If locale.conf does not exist... - if [[ -e ${envd_locale} ]]; then - # ...either copy env.d/??locale if there's one - ebegin "Moving ${envd_locale} to ${locale_conf}" - mv "${envd_locale}" "${locale_conf}" - eend ${?} || FAIL=1 - else - # ...or create a dummy default - ebegin "Creating ${locale_conf}" - cat > "${locale_conf}" <<-EOF - # This file has been created by the sys-apps/systemd ebuild. - # See locale.conf(5) and localectl(1). - - # LANG=${LANG} - EOF - eend ${?} || FAIL=1 - fi - fi - - if [[ ! -L ${envd_locale} ]]; then - # now, if env.d/??locale is not a symlink (to locale.conf)... - if [[ -e ${envd_locale} ]]; then - # ...warn the user that he has duplicate locale settings - ewarn - ewarn "To ensure consistent behavior, you should replace ${envd_locale}" - ewarn "with a symlink to ${locale_conf}. Please migrate your settings" - ewarn "and create the symlink with the following command:" - ewarn "ln -s -n -f ../locale.conf ${envd_locale}" - ewarn - else - # ...or just create the symlink if there's nothing here - ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" - ln -n -s ../locale.conf "${envd_locale_def}" - eend ${?} || FAIL=1 - fi - fi -} - -save_enabled_units() { - ENABLED_UNITS=() - type systemctl &>/dev/null || return - for x; do - if systemctl --quiet --root="${ROOT:-/}" is-enabled "${x}"; then - ENABLED_UNITS+=( "${x}" ) - fi - done -} - -pkg_preinst() { - save_enabled_units {machines,remote-{cryptsetup,fs}}.target getty@tty1.service -} - -pkg_postinst() { - systemd_update_catalog - - # Keep this here in case the database format changes so it gets updated - # when required. Despite that this file is owned by sys-apps/hwids. - if has_version "sys-apps/hwids[udev]"; then - udevadm hwdb --update --root="${EROOT}" - fi - - udev_reload || FAIL=1 - - # Bug 465468, make sure locales are respect, and ensure consistency - # between OpenRC & systemd - migrate_locale - - systemd_reenable systemd-networkd.service systemd-resolved.service - - if [[ ${ENABLED_UNITS[@]} ]]; then - systemctl --root="${ROOT:-/}" enable "${ENABLED_UNITS[@]}" - fi - - if [[ -z ${REPLACING_VERSIONS} ]]; then - if type systemctl &>/dev/null; then - systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 - fi - elog "To enable a useful set of services, run the following:" - elog " systemctl preset-all --preset-mode=enable-only" - fi - - if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then - rm "${EROOT}/var/lib/systemd/timesync" - fi - - if [[ -z ${ROOT} && -d /run/systemd/system ]]; then - ebegin "Reexecuting system manager" - systemctl daemon-reexec - eend $? - fi - - if [[ ${FAIL} ]]; then - eerror "One of the postinst commands failed. Please check the postinst output" - eerror "for errors. You may need to clean up your system and/or try installing" - eerror "systemd again." - eerror - fi -} - -pkg_prerm() { - # If removing systemd completely, remove the catalog database. - if [[ ! ${REPLACED_BY_VERSION} ]]; then - rm -f -v "${EROOT}"/var/lib/systemd/catalog/database - fi -} diff --git a/sys-apps/systemd/systemd-243-r2.ebuild b/sys-apps/systemd/systemd-243-r2.ebuild index 7a34238c668d..28bd768a2158 100644 --- a/sys-apps/systemd/systemd-243-r2.ebuild +++ b/sys-apps/systemd/systemd-243-r2.ebuild @@ -1,4 +1,4 @@ -# Copyright 2011-2019 Gentoo Authors +# Copyright 2011-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -14,7 +14,7 @@ else KEYWORDS="alpha amd64 arm arm64 ~hppa ia64 ~mips ppc ppc64 sparc x86" fi -PYTHON_COMPAT=( python{3_5,3_6,3_7} ) +PYTHON_COMPAT=( python{3_6,3_7} ) inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev usr-ldscript @@ -237,6 +237,7 @@ multilib_src_configure() { -Dbashcompletiondir="$(get_bashcompdir)" # make sure we get /bin:/sbin in PATH -Dsplit-usr=$(usex split-usr true false) + -Dsplit-bin=true -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" -Dsysvinit-path= diff --git a/sys-apps/systemd/systemd-243.ebuild b/sys-apps/systemd/systemd-243.ebuild deleted file mode 100644 index 2332516c1aa4..000000000000 --- a/sys-apps/systemd/systemd-243.ebuild +++ /dev/null @@ -1,492 +0,0 @@ -# Copyright 2011-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -if [[ ${PV} == 9999 ]]; then - EGIT_REPO_URI="https://github.com/systemd/systemd.git" - inherit git-r3 -else - MY_PV=${PV/_/-} - MY_P=${PN}-${MY_PV} - S=${WORKDIR}/${MY_P} - SRC_URI="https://github.com/systemd/systemd/archive/v${MY_PV}/${MY_P}.tar.gz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" -fi - -PYTHON_COMPAT=( python{3_5,3_6,3_7} ) - -inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev - -DESCRIPTION="System and service manager for Linux" -HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd" - -LICENSE="GPL-2 LGPL-2.1 MIT public-domain" -SLOT="0/2" -IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi http idn importd +kmod +lz4 lzma nat pam pcre policykit qrcode +resolvconf +seccomp selinux split-usr +sysv-utils test vanilla xkb" - -REQUIRED_USE="importd? ( curl gcrypt lzma )" -RESTRICT="!test? ( test )" - -MINKV="3.11" - -COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] - sys-libs/libcap:0=[${MULTILIB_USEDEP}] - !<sys-libs/glibc-2.16 - acl? ( sys-apps/acl:0= ) - apparmor? ( sys-libs/libapparmor:0= ) - audit? ( >=sys-process/audit-2:0= ) - cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= ) - curl? ( net-misc/curl:0= ) - dns-over-tls? ( >=net-libs/gnutls-3.5.3:0= ) - elfutils? ( >=dev-libs/elfutils-0.158:0= ) - gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) - http? ( - >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] - >=net-libs/gnutls-3.1.4:0= - ) - idn? ( net-dns/libidn2:= ) - importd? ( - app-arch/bzip2:0= - sys-libs/zlib:0= - ) - kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - nat? ( net-firewall/iptables:0= ) - pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) - pcre? ( dev-libs/libpcre2 ) - qrcode? ( media-gfx/qrencode:0= ) - seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) - selinux? ( sys-libs/libselinux:0= ) - xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )" - -# Newer linux-headers needed by ia64, bug #480218 -DEPEND="${COMMON_DEPEND} - >=sys-kernel/linux-headers-${MINKV} - gnuefi? ( >=sys-boot/gnu-efi-3.0.2 ) -" - -# baselayout-2.2 has /run -RDEPEND="${COMMON_DEPEND} - acct-group/adm - acct-group/wheel - acct-group/kmem - acct-group/tty - acct-group/utmp - acct-group/audio - acct-group/cdrom - acct-group/dialout - acct-group/disk - acct-group/input - acct-group/kvm - acct-group/render - acct-group/tape - acct-group/video - acct-group/systemd-journal - acct-user/systemd-journal-remote - acct-user/systemd-coredump - acct-user/systemd-network - acct-user/systemd-resolve - acct-user/systemd-timesync - >=sys-apps/baselayout-2.2 - selinux? ( sec-policy/selinux-base-policy[systemd] ) - sysv-utils? ( !sys-apps/sysvinit ) - !sysv-utils? ( sys-apps/sysvinit ) - resolvconf? ( !net-dns/openresolv ) - !build? ( || ( - sys-apps/util-linux[kill(-)] - sys-process/procps[kill(+)] - sys-apps/coreutils[kill(-)] - ) ) - !sys-auth/nss-myhostname - !<sys-kernel/dracut-044 - !sys-fs/eudev - !sys-fs/udev -" - -# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -PDEPEND=">=sys-apps/dbus-1.9.8[systemd] - >=sys-apps/hwids-20150417[udev] - >=sys-fs/udev-init-scripts-25 - policykit? ( sys-auth/polkit ) - !vanilla? ( sys-apps/gentoo-systemd-integration )" - -BDEPEND=" - app-arch/xz-utils:0 - dev-util/gperf - >=dev-util/meson-0.46 - >=dev-util/intltool-0.50 - >=sys-apps/coreutils-8.16 - sys-devel/m4 - virtual/pkgconfig[${MULTILIB_USEDEP}] - test? ( sys-apps/dbus ) - app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0 - $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') -" - -pkg_pretend() { - if [[ ${MERGE_TYPE} != buildonly ]]; then - if use test && has pid-sandbox ${FEATURES}; then - ewarn "Tests are known to fail with PID sandboxing enabled." - ewarn "See https://bugs.gentoo.org/674458." - fi - - local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS - ~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE - ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS - ~TIMERFD ~TMPFS_XATTR ~UNIX - ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH - ~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED - ~!SYSFS_DEPRECATED_V2" - - use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" - use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" - kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG" - kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES" - kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF" - - if linux_config_exists; then - local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) - if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then - ewarn "It's recommended to set an empty value to the following kernel config option:" - ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" - fi - if linux_chkconfig_present X86; then - CONFIG_CHECK+=" ~DMIID" - fi - fi - - if kernel_is -lt ${MINKV//./ }; then - ewarn "Kernel version at least ${MINKV} required" - fi - - check_extra_config - fi -} - -pkg_setup() { - : -} - -src_unpack() { - default - [[ ${PV} != 9999 ]] || git-r3_src_unpack -} - -src_prepare() { - # Do NOT add patches here - local PATCHES=() - - [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches ) - - # Add local patches here - PATCHES+=( - ) - - if ! use vanilla; then - PATCHES+=( - "${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch" - "${FILESDIR}/gentoo-systemd-user-pam.patch" - "${FILESDIR}/gentoo-generator-path-r1.patch" - ) - fi - - default -} - -src_configure() { - # Prevent conflicts with i686 cross toolchain, bug 559726 - tc-export AR CC NM OBJCOPY RANLIB - - python_setup - - multilib-minimal_src_configure -} - -meson_use() { - usex "$1" true false -} - -meson_multilib() { - if multilib_is_native_abi; then - echo true - else - echo false - fi -} - -meson_multilib_native_use() { - if multilib_is_native_abi && use "$1"; then - echo true - else - echo false - fi -} - -multilib_src_configure() { - local myconf=( - --localstatedir="${EPREFIX}/var" - -Dsupport-url="https://gentoo.org/support/" - -Dpamlibdir="$(getpam_mod_dir)" - # avoid bash-completion dep - -Dbashcompletiondir="$(get_bashcompdir)" - # make sure we get /bin:/sbin in PATH - -Dsplit-usr=$(usex split-usr true false) - -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" - -Dsysvinit-path= - -Dsysvrcnd-path= - # Avoid infinite exec recursion, bug 642724 - -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" - # no deps - -Defi=$(meson_multilib) - -Dima=true - -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) - # Optional components/dependencies - -Dacl=$(meson_multilib_native_use acl) - -Dapparmor=$(meson_multilib_native_use apparmor) - -Daudit=$(meson_multilib_native_use audit) - -Dlibcryptsetup=$(meson_multilib_native_use cryptsetup) - -Dlibcurl=$(meson_multilib_native_use curl) - -Ddns-over-tls=$(meson_multilib_native_use dns-over-tls) - -Delfutils=$(meson_multilib_native_use elfutils) - -Dgcrypt=$(meson_use gcrypt) - -Dgnu-efi=$(meson_multilib_native_use gnuefi) - -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)" - -Dmicrohttpd=$(meson_multilib_native_use http) - -Didn=$(meson_multilib_native_use idn) - -Dimportd=$(meson_multilib_native_use importd) - -Dbzip2=$(meson_multilib_native_use importd) - -Dzlib=$(meson_multilib_native_use importd) - -Dkmod=$(meson_multilib_native_use kmod) - -Dlz4=$(meson_use lz4) - -Dxz=$(meson_use lzma) - -Dlibiptc=$(meson_multilib_native_use nat) - -Dpam=$(meson_use pam) - -Dpcre2=$(meson_multilib_native_use pcre) - -Dpolkit=$(meson_multilib_native_use policykit) - -Dqrencode=$(meson_multilib_native_use qrcode) - -Dseccomp=$(meson_multilib_native_use seccomp) - -Dselinux=$(meson_multilib_native_use selinux) - -Ddbus=$(meson_multilib_native_use test) - -Dxkbcommon=$(meson_multilib_native_use xkb) - -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" - # Breaks screen, tmux, etc. - -Ddefault-kill-user-processes=false - -Dcreate-log-dirs=false - - # multilib options - -Dbacklight=$(meson_multilib) - -Dbinfmt=$(meson_multilib) - -Dcoredump=$(meson_multilib) - -Denvironment-d=$(meson_multilib) - -Dfirstboot=$(meson_multilib) - -Dhibernate=$(meson_multilib) - -Dhostnamed=$(meson_multilib) - -Dhwdb=$(meson_multilib) - -Dldconfig=$(meson_multilib) - -Dlocaled=$(meson_multilib) - -Dman=$(meson_multilib) - -Dnetworkd=$(meson_multilib) - -Dquotacheck=$(meson_multilib) - -Drandomseed=$(meson_multilib) - -Drfkill=$(meson_multilib) - -Dsysusers=$(meson_multilib) - -Dtimedated=$(meson_multilib) - -Dtimesyncd=$(meson_multilib) - -Dtmpfiles=$(meson_multilib) - -Dvconsole=$(meson_multilib) - ) - - meson_src_configure "${myconf[@]}" -} - -multilib_src_compile() { - eninja -} - -multilib_src_test() { - unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR - meson_src_test -} - -multilib_src_install() { - DESTDIR="${D}" eninja install -} - -multilib_src_install_all() { - local rootprefix=$(usex split-usr '' /usr) - - # meson doesn't know about docdir - mv "${ED}"/usr/share/doc/{systemd,${PF}} || die - - einstalldocs - dodoc "${FILESDIR}"/nsswitch.conf - - if ! use resolvconf; then - rm -f "${ED}${rootprefix}"/sbin/resolvconf || die - fi - - if ! use sysv-utils; then - rm "${ED}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die - rm "${ED}"/usr/share/man/man1/init.1 || die - rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die - fi - - if ! use resolvconf && ! use sysv-utils; then - rmdir "${ED}${rootprefix}"/sbin || die - fi - - # Preserve empty dirs in /etc & /var, bug #437008 - keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} - keepdir /etc/kernel/install.d - keepdir /etc/systemd/{network,system,user} - keepdir /etc/udev/{hwdb.d,rules.d} - keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} - keepdir /usr/lib/{binfmt.d,modules-load.d} - keepdir /usr/lib/systemd/user-generators - keepdir /var/lib/systemd - keepdir /var/log/journal - - # Symlink /etc/sysctl.conf for easy migration. - dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf - - rm -r "${ED}${rootprefix}"/lib/udev/hwdb.d || die - - if use split-usr; then - # Avoid breaking boot/reboot - dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd - dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown - fi -} - -migrate_locale() { - local envd_locale_def="${EROOT}/etc/env.d/02locale" - local envd_locale=( "${EROOT}"/etc/env.d/??locale ) - local locale_conf="${EROOT}/etc/locale.conf" - - if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then - # If locale.conf does not exist... - if [[ -e ${envd_locale} ]]; then - # ...either copy env.d/??locale if there's one - ebegin "Moving ${envd_locale} to ${locale_conf}" - mv "${envd_locale}" "${locale_conf}" - eend ${?} || FAIL=1 - else - # ...or create a dummy default - ebegin "Creating ${locale_conf}" - cat > "${locale_conf}" <<-EOF - # This file has been created by the sys-apps/systemd ebuild. - # See locale.conf(5) and localectl(1). - - # LANG=${LANG} - EOF - eend ${?} || FAIL=1 - fi - fi - - if [[ ! -L ${envd_locale} ]]; then - # now, if env.d/??locale is not a symlink (to locale.conf)... - if [[ -e ${envd_locale} ]]; then - # ...warn the user that he has duplicate locale settings - ewarn - ewarn "To ensure consistent behavior, you should replace ${envd_locale}" - ewarn "with a symlink to ${locale_conf}. Please migrate your settings" - ewarn "and create the symlink with the following command:" - ewarn "ln -s -n -f ../locale.conf ${envd_locale}" - ewarn - else - # ...or just create the symlink if there's nothing here - ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" - ln -n -s ../locale.conf "${envd_locale_def}" - eend ${?} || FAIL=1 - fi - fi -} - -save_enabled_units() { - ENABLED_UNITS=() - type systemctl &>/dev/null || return - for x; do - if systemctl --quiet --root="${ROOT:-/}" is-enabled "${x}"; then - ENABLED_UNITS+=( "${x}" ) - fi - done -} - -pkg_preinst() { - save_enabled_units {machines,remote-{cryptsetup,fs}}.target getty@tty1.service - - if ! use split-usr; then - local dir - for dir in bin sbin lib; do - if [[ ! ${EROOT}/${dir} -ef ${EROOT}/usr/${dir} ]]; then - eerror "\"${EROOT}/${dir}\" and \"${EROOT}/usr/${dir}\" are not merged." - eerror "One of them should be a symbolic link to the other one." - FAIL=1 - fi - done - if [[ ${FAIL} ]]; then - eerror "Migration to system layout with merged directories must be performed before" - eerror "rebuilding ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage." - die "System layout with split directories still used" - fi - fi -} - -pkg_postinst() { - systemd_update_catalog - - # Keep this here in case the database format changes so it gets updated - # when required. Despite that this file is owned by sys-apps/hwids. - if has_version "sys-apps/hwids[udev]"; then - udevadm hwdb --update --root="${EROOT}" - fi - - udev_reload || FAIL=1 - - # Bug 465468, make sure locales are respect, and ensure consistency - # between OpenRC & systemd - migrate_locale - - systemd_reenable systemd-networkd.service systemd-resolved.service - - if [[ ${ENABLED_UNITS[@]} ]]; then - systemctl --root="${ROOT:-/}" enable "${ENABLED_UNITS[@]}" - fi - - if [[ -z ${REPLACING_VERSIONS} ]]; then - if type systemctl &>/dev/null; then - systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 - fi - elog "To enable a useful set of services, run the following:" - elog " systemctl preset-all --preset-mode=enable-only" - fi - - if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then - rm "${EROOT}/var/lib/systemd/timesync" - fi - - if [[ -z ${ROOT} && -d /run/systemd/system ]]; then - ebegin "Reexecuting system manager" - systemctl daemon-reexec - eend $? - fi - - if [[ ${FAIL} ]]; then - eerror "One of the postinst commands failed. Please check the postinst output" - eerror "for errors. You may need to clean up your system and/or try installing" - eerror "systemd again." - eerror - fi -} - -pkg_prerm() { - # If removing systemd completely, remove the catalog database. - if [[ ! ${REPLACED_BY_VERSION} ]]; then - rm -f -v "${EROOT}"/var/lib/systemd/catalog/database - fi -} diff --git a/sys-apps/systemd/systemd-244.ebuild b/sys-apps/systemd/systemd-244.ebuild index c9bb54c4b819..daed59e210c0 100644 --- a/sys-apps/systemd/systemd-244.ebuild +++ b/sys-apps/systemd/systemd-244.ebuild @@ -1,4 +1,4 @@ -# Copyright 2011-2019 Gentoo Authors +# Copyright 2011-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -14,7 +14,7 @@ else KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" fi -PYTHON_COMPAT=( python{3_5,3_6,3_7} ) +PYTHON_COMPAT=( python{3_6,3_7} ) inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev usr-ldscript @@ -236,6 +236,7 @@ multilib_src_configure() { -Dbashcompletiondir="$(get_bashcompdir)" # make sure we get /bin:/sbin in PATH -Dsplit-usr=$(usex split-usr true false) + -Dsplit-bin=true -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" -Dsysvinit-path= diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild index c9bb54c4b819..daed59e210c0 100644 --- a/sys-apps/systemd/systemd-9999.ebuild +++ b/sys-apps/systemd/systemd-9999.ebuild @@ -1,4 +1,4 @@ -# Copyright 2011-2019 Gentoo Authors +# Copyright 2011-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -14,7 +14,7 @@ else KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" fi -PYTHON_COMPAT=( python{3_5,3_6,3_7} ) +PYTHON_COMPAT=( python{3_6,3_7} ) inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev usr-ldscript @@ -236,6 +236,7 @@ multilib_src_configure() { -Dbashcompletiondir="$(get_bashcompdir)" # make sure we get /bin:/sbin in PATH -Dsplit-usr=$(usex split-usr true false) + -Dsplit-bin=true -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" -Dsysvinit-path= |