diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2021-09-10 04:21:55 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2021-09-10 04:21:55 +0100 |
commit | 677b7ba5c317778df2ad7e70df94b9b7eec4adbc (patch) | |
tree | 6c418a1546fff5becab5d8b9ed6803323e7f316e /sys-apps/systemd | |
parent | fbda87924e6faa7a1919f1a2b4182490bde5ec5c (diff) |
gentoo resync : 10.09.2021
Diffstat (limited to 'sys-apps/systemd')
-rw-r--r-- | sys-apps/systemd/Manifest | 12 | ||||
-rw-r--r-- | sys-apps/systemd/files/249-fido2.patch | 58 | ||||
-rw-r--r-- | sys-apps/systemd/files/249-home-secret-assert.patch | 106 | ||||
-rw-r--r-- | sys-apps/systemd/metadata.xml | 1 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-249.2-r1.ebuild (renamed from sys-apps/systemd/systemd-249.2.ebuild) | 8 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-249.4-r3.ebuild (renamed from sys-apps/systemd/systemd-248.6.ebuild) | 52 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-9999.ebuild | 10 |
7 files changed, 203 insertions, 44 deletions
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest index 474a0d182d1b..5ed8ac581587 100644 --- a/sys-apps/systemd/Manifest +++ b/sys-apps/systemd/Manifest @@ -1,12 +1,14 @@ +AUX 249-fido2.patch 2323 BLAKE2B 5977ec0bed24f25ef3c152aab8e8b40cc91c115256cad912c22d93d4ec533921124448e0bd2d994a48ea58e0d1e38cdc7a8b0281730e68b90b58fd6f7a319d69 SHA512 a385fd7889fe3e679c70d7dd62fe468da83385eb000bd3af4b2df36e836a42d1549ba90e09e57b611e5550a6e3f95d7e8cde8e749e9a85c6dff58ce88ea611f1 +AUX 249-home-secret-assert.patch 5057 BLAKE2B 59fada3228e726110ed865e80f85c62d2faca852b3c3fdc47135123da622697e448a8c2d8826c140240210513b7474d27e71383f6d41b561790135d67d9324c1 SHA512 2ad4e15a900a27c55ca32b065ff91ea51344eeb0b5508ab6310efe2537a66e5eaa80c4acd287fb57b2d531c79528577c6fd0599e29e862c05cf81dc439a6a7f6 AUX 249-libudev-static.patch 1454 BLAKE2B 420f9452066ccf951033c1ae1e215284fa9d11f24777c68ecd0178db5c7571ee881451300d409468c1ba3f3b2ad4b35adca5b2761309c84b315bbabd45f6b97f SHA512 4d616b4b02981c4622951a46f23519e03c2d1228453837d31fe060db70afa24722883ca57c08c55cd9fd35c720a5ef2ecb11ab3313867e1b3cfc3682e45e3f45 AUX gentoo-generator-path-r2.patch 994 BLAKE2B 2bfb42623221291030fa9f7310e9bf747351a26f6ffd842628298787b74d4ec562bacaa9fc5365f7e854f695dab5f74bc06883fefc1f210dce4fd415926817ac SHA512 98054222ea232e120625573b6a532c312eccc02fe657152610b7d056b964bb2165fffae9d17fd986cf547af885d44c26b117fe68df5b24e2607d37f3729d0ada AUX gentoo-journald-audit.patch 1485 BLAKE2B 9cba28ce907330bbc1eafcf04a837987ed68272fcfa9cc34a309ff5d4cc2230f71a6f7fed42c79afb1c96605df141e8e40b2d8290d12ad3c18038269814f2df8 SHA512 d77d4dae9f8a7819c6d4855476f3163ee19f52b20f66a93e25818f0747404462c47e3cafbd82ba85ce1b3d2fdbabdd96a0398b71149b318c540d82403f8ad0ad AUX gentoo-systemctl-disable-sysv-sync-r1.patch 821 BLAKE2B f5ef796725e023bb1ed83b34a3e4d45bb008de9a134892a5321b37b56809c7a44530d18e33c7877177e8b64b2d89dfc2de844bed433db6d5e57831d20fbfb456 SHA512 8d697dbd305f6b95a4ddc47cf9d99a0e954f54e161bd59164917b62a78ff5c23fa2d5be2614569c0a2297595dae59e1ee71bb04da72cbe0c0807e1abd7da974d AUX nsswitch.conf 734 BLAKE2B 5f5a7821a84f6c8aa31fe9a68c29a1a0f24be578d427a623f14a9ef795e7da481f226efe5511d92932b5edf5638fa719808a0c3a0b8fd340799dd6bcb703a0a1 SHA512 dcbd51dacaaebdff32edb3840cc7b9b47b6521009b8786690e3673a2e78bc60bfd8e591b1048c5d452117c6659b9917ae2864462f5057cc39b704b0130522e60 AUX systemd-user.pam 122 BLAKE2B cccc07cab47dfc0481438e503c34fa1a0b2c6b1f8ab282197719a523421d2a526f19230bb459e0347cbeb2046e35a407c78178a3fb5b79619e987cbc4ac7d5e4 SHA512 c5437677ff00fbb45798fe594e8d61b1c2bfc2d103105d7bd82e476240452477ac263700800f5d0ba91ddc895eb85f4517d5cb15c80611ec1680a686d47cd781 -DIST systemd-stable-248.6.tar.gz 10388927 BLAKE2B a102d0fd37a3422f673ced2bbd5bb88b6589195e1f436f43231fd91d79aaf9f548154a3ab2a62a9b409527b3f2e7a9ea735925364ece15c2e151d06c0e4f303f SHA512 35a9d4a9ae04423959c71ad0175d04a1792b9ab39897a497776b93cea166de58b8fb111207c104c0e747d3ffbd85480d8b0cab38e3dc0defbbf09b15211954ce DIST systemd-stable-249.2.tar.gz 10591728 BLAKE2B fb24c681cf2328aa26fa49a8ba20cccd1ee0fae82ec9f9931a69eaa377fc01b2ece12fdf407444514d494b8ac1418f155b0fceeff4925bebaba691f0b8a2acc8 SHA512 4f42a0b93156529a464545361436fa98193e12a7e0809315b9fdedbcf33b81dd2037acac27fb0dfefcb2679bc49ebb6da4d152ecb4b15db797c81f7ca4588a11 -EBUILD systemd-248.6.ebuild 15225 BLAKE2B e6f52236abedad5db4c80f01aeff4f5df3c9542f733945e33128e45da4ae758c2182d00583c690f359131e0bdb88968122b39360f97adf4f5b8d2ff8347c74c4 SHA512 3c03bbbb6d50b7cfb78b9f0932f988241efea10785b3f83accfe3edd9b98dd39da9572aeab5ac3779db8c72645bb1e436155b8a71800f30f12e4b1a4755428d3 -EBUILD systemd-249.2.ebuild 14928 BLAKE2B 6d2ebe202bba0e40c2ae249e1ef696370bf25383c7fedb8d025ce1f53847995f005c509bfe2a23ade70548c6852666cf8a1779166dd1a0c8292382fb36bcfbb3 SHA512 c5f8ea8a470134a38e467187dcf7bcb0144d58a7237527459fd1fc4673e5cacd383b66dc02295c5b8e6c38aa28358a26426ede6e4dc1d45800a038a0d376d29e -EBUILD systemd-9999.ebuild 14894 BLAKE2B 76c6f116a2b7a5caada2198ded3930ece45f394d77e3a5b1f148d8f274da11fbe196cd02bb36c47f31c9776214510e8600cd1eddd3ab5a441eecd43330fb9973 SHA512 781cc16951b0fdc9ffa12595a59df304bf3beb3670ee0a83e2059b9ca515a103ac84548eab2b4d387549f3cfa46b9b44ae820d20431f1636f262711fe2c696ce -MISC metadata.xml 2418 BLAKE2B bec7b05950f495cd678359bca70723286c33d4943407fee45e1214a53d9bfbbb25d3612a5b1bb51d885c38ea63719b3de2f0341d2b8aeb5d5919a29459cb89e4 SHA512 46979fbafe3561a722efefeb82e283e221cb930e56e9f43c25a47c299712dac21f6ef4c970afed86cb390e21dc8dd86b23eea310d5dd7e66a7a6fde250b929d7 +DIST systemd-stable-249.4.tar.gz 10593723 BLAKE2B 466b3cb27c4bc6c85c9ba50f6614175b2c31a4c177d452542faa1395e99511440029b1a093dc80a5a1a0135eed09d8b1849572f36dba4e18a1396230bfc31adb SHA512 5b9ec28102538bc3dcb632ee16389ff20dccf4b723186f6ae2da119a1809d84db0d8bcecf9b75c5e2da8427f5543e1da281bbed1a154e529d8a82ea5128c465c +EBUILD systemd-249.2-r1.ebuild 14898 BLAKE2B 1ae761fca577ae1b19bc36348fb949464db1b178edafe53090669e2a743fd7c94a8127361612258518cbf7224dde539bfb91515218171713c722dc9c074bbcc4 SHA512 9e1819287c349534f323a7b516d7ca62522d26be8bcc82088590ffd1980be6cd6cc0ec5c04f2ed0ca61050e99a8b7030df58d9c70404966c024c6d69dab82365 +EBUILD systemd-249.4-r3.ebuild 15063 BLAKE2B 8459ba5014bfc6fc03dedb0c38a4ad481ec63086f6ade98dde04e9468097122992302899b47c78ac056c9ef953bf0bf1a51545ad47b3189c91f336d24a78799e SHA512 ad49b476361e39d0a833d5832ac5bddfdeaf929b083cdc388321d2b1d33dd79f65c80464070ec6de5d66a6e67fa2ea408c7d1ed79014cae7fe582a3d1d35092e +EBUILD systemd-9999.ebuild 14945 BLAKE2B 20e31c4fea7aaa902f07a4bec51e864fa0597850d8a346c8391e622f57dcd9dd5ce46ac280ff34b5be685411fb373f62f81b6887257fe7bdf49ce5d209562217 SHA512 a3edc4527515791d7e508124f71ed85416f70d2ca94ccf997af5e81a93aba0d2e19de76819e78803c284aef3cf2c2a6270f2aa5d7012c0bbd02cdf98502354c2 +MISC metadata.xml 2467 BLAKE2B f4fea1d3af4d785ced74e32d5d31fd5e7d361ef1c661735e443d00828099ffb80cfde7951931b9bf0f900d06cef78923c5b198ff50678190b4ebc4befd66e6de SHA512 0abe12983b3569e58e8691a05165993d7653a1370c2c4465b926f1ec3d17d2a01897d77556fc0abe80d52b7610a52216c39a2426e8fe1db39a337c21d98a1590 diff --git a/sys-apps/systemd/files/249-fido2.patch b/sys-apps/systemd/files/249-fido2.patch new file mode 100644 index 000000000000..bbfa4afb540e --- /dev/null +++ b/sys-apps/systemd/files/249-fido2.patch @@ -0,0 +1,58 @@ +From b6aa89b0a399992c8ea762e6ec4f30cff90618f2 Mon Sep 17 00:00:00 2001 +From: pedro martelletto <pedro@yubico.com> +Date: Wed, 8 Sep 2021 10:42:56 +0200 +Subject: [PATCH] explicitly close FIDO2 devices + +FIDO2 device access is serialised by libfido2 using flock(). +Therefore, make sure to close a FIDO2 device once we are done +with it, or we risk opening it again at a later point and +deadlocking. Fixes #20664. +--- + src/shared/libfido2-util.c | 2 ++ + src/shared/libfido2-util.h | 5 ++++- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/shared/libfido2-util.c b/src/shared/libfido2-util.c +index 12c644dcfcce..6d18178b68c9 100644 +--- a/src/shared/libfido2-util.c ++++ b/src/shared/libfido2-util.c +@@ -58,6 +58,7 @@ bool (*sym_fido_dev_is_fido2)(const fido_dev_t *) = NULL; + int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char *) = NULL; + fido_dev_t* (*sym_fido_dev_new)(void) = NULL; + int (*sym_fido_dev_open)(fido_dev_t *, const char *) = NULL; ++int (*sym_fido_dev_close)(fido_dev_t *) = NULL; + const char* (*sym_fido_strerr)(int) = NULL; + + int dlopen_libfido2(void) { +@@ -106,6 +107,7 @@ int dlopen_libfido2(void) { + DLSYM_ARG(fido_dev_make_cred), + DLSYM_ARG(fido_dev_new), + DLSYM_ARG(fido_dev_open), ++ DLSYM_ARG(fido_dev_close), + DLSYM_ARG(fido_strerr)); + } + +diff --git a/src/shared/libfido2-util.h b/src/shared/libfido2-util.h +index 5640cca5e39b..4ebf8ab77509 100644 +--- a/src/shared/libfido2-util.h ++++ b/src/shared/libfido2-util.h +@@ -60,6 +60,7 @@ extern bool (*sym_fido_dev_is_fido2)(const fido_dev_t *); + extern int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char *); + extern fido_dev_t* (*sym_fido_dev_new)(void); + extern int (*sym_fido_dev_open)(fido_dev_t *, const char *); ++extern int (*sym_fido_dev_close)(fido_dev_t *); + extern const char* (*sym_fido_strerr)(int); + + int dlopen_libfido2(void); +@@ -75,8 +76,10 @@ static inline void fido_assert_free_wrapper(fido_assert_t **p) { + } + + static inline void fido_dev_free_wrapper(fido_dev_t **p) { +- if (*p) ++ if (*p) { ++ sym_fido_dev_close(*p); + sym_fido_dev_free(p); ++ } + } + + static inline void fido_cred_free_wrapper(fido_cred_t **p) { diff --git a/sys-apps/systemd/files/249-home-secret-assert.patch b/sys-apps/systemd/files/249-home-secret-assert.patch new file mode 100644 index 000000000000..e6e2a8e7cc78 --- /dev/null +++ b/sys-apps/systemd/files/249-home-secret-assert.patch @@ -0,0 +1,106 @@ +From 6a09dbb89507449d158af6c7097d2c51ce83205f Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sun, 5 Sep 2021 11:16:26 +0900 +Subject: [PATCH] home: 'secret' argument of handle_generic_user_record_error + may be null + +When RefHome() bus method is called in acquire_home(), secret is NULL. + +Fixes #20639. +--- + src/home/pam_systemd_home.c | 19 ++++++++++++++++++- + 1 file changed, 18 insertions(+), 1 deletion(-) + +diff --git a/src/home/pam_systemd_home.c b/src/home/pam_systemd_home.c +index 836ed0d5e96d..a04d50208a8e 100644 +--- a/src/home/pam_systemd_home.c ++++ b/src/home/pam_systemd_home.c +@@ -281,7 +281,6 @@ static int handle_generic_user_record_error( + const sd_bus_error *error) { + + assert(user_name); +- assert(secret); + assert(error); + + int r; +@@ -301,6 +300,8 @@ static int handle_generic_user_record_error( + } else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_PASSWORD)) { + _cleanup_(erase_and_freep) char *newp = NULL; + ++ assert(secret); ++ + /* This didn't work? Ask for an (additional?) password */ + + if (strv_isempty(secret->password)) +@@ -326,6 +327,8 @@ static int handle_generic_user_record_error( + } else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN)) { + _cleanup_(erase_and_freep) char *newp = NULL; + ++ assert(secret); ++ + if (strv_isempty(secret->password)) { + (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token of user %s not inserted.", user_name); + r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Try again with password: "); +@@ -350,6 +353,8 @@ static int handle_generic_user_record_error( + } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PIN_NEEDED)) { + _cleanup_(erase_and_freep) char *newp = NULL; + ++ assert(secret); ++ + r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Security token PIN: "); + if (r != PAM_SUCCESS) + return PAM_CONV_ERR; /* no logging here */ +@@ -367,6 +372,8 @@ static int handle_generic_user_record_error( + + } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED)) { + ++ assert(secret); ++ + (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please authenticate physically on security token of user %s.", user_name); + + r = user_record_set_pkcs11_protected_authentication_path_permitted(secret, true); +@@ -377,6 +384,8 @@ static int handle_generic_user_record_error( + + } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_USER_PRESENCE_NEEDED)) { + ++ assert(secret); ++ + (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please confirm presence on security token of user %s.", user_name); + + r = user_record_set_fido2_user_presence_permitted(secret, true); +@@ -387,6 +396,8 @@ static int handle_generic_user_record_error( + + } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_USER_VERIFICATION_NEEDED)) { + ++ assert(secret); ++ + (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please verify user on security token of user %s.", user_name); + + r = user_record_set_fido2_user_verification_permitted(secret, true); +@@ -403,6 +414,8 @@ static int handle_generic_user_record_error( + } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN)) { + _cleanup_(erase_and_freep) char *newp = NULL; + ++ assert(secret); ++ + (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN incorrect for user %s.", user_name); + r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: "); + if (r != PAM_SUCCESS) +@@ -422,6 +435,8 @@ static int handle_generic_user_record_error( + } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN_FEW_TRIES_LEFT)) { + _cleanup_(erase_and_freep) char *newp = NULL; + ++ assert(secret); ++ + (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN of user %s incorrect (only a few tries left!)", user_name); + r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: "); + if (r != PAM_SUCCESS) +@@ -441,6 +456,8 @@ static int handle_generic_user_record_error( + } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN_ONE_TRY_LEFT)) { + _cleanup_(erase_and_freep) char *newp = NULL; + ++ assert(secret); ++ + (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN of user %s incorrect (only one try left!)", user_name); + r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: "); + if (r != PAM_SUCCESS) diff --git a/sys-apps/systemd/metadata.xml b/sys-apps/systemd/metadata.xml index cb86e5b1d243..c458d3f1e3b6 100644 --- a/sys-apps/systemd/metadata.xml +++ b/sys-apps/systemd/metadata.xml @@ -17,6 +17,7 @@ <flag name="dns-over-tls">Enable DNS-over-TLS support</flag> <flag name="gnuefi">Enable EFI boot manager and stub loader (built using <pkg>sys-boot/gnu-efi</pkg>)</flag> <flag name="elfutils">Enable coredump stacktraces in the journal</flag> + <flag name="fido2">Enable FIDO2 support</flag> <flag name="gcrypt">Enable sealing of journal files using gcrypt</flag> <flag name="homed">Enable portable home directories</flag> <flag name="http">Enable embedded HTTP server in journald</flag> diff --git a/sys-apps/systemd/systemd-249.2.ebuild b/sys-apps/systemd/systemd-249.2-r1.ebuild index f55c30b02d8a..1f0dd24720fb 100644 --- a/sys-apps/systemd/systemd-249.2.ebuild +++ b/sys-apps/systemd/systemd-249.2-r1.ebuild @@ -4,6 +4,9 @@ EAPI=7 PYTHON_COMPAT=( python3_{8..10} ) +# Avoid QA warnings +TMPFILES_OPTIONAL=1 + if [[ ${PV} == 9999 ]]; then EGIT_REPO_URI="https://github.com/systemd/systemd.git" inherit git-r3 @@ -27,7 +30,7 @@ HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd" LICENSE="GPL-2 LGPL-2.1 MIT public-domain" SLOT="0/2" -IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr static-libs +sysv-utils test tpm vanilla xkb +zstd" +IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd" REQUIRED_USE=" homed? ( cryptsetup pam ) @@ -324,9 +327,6 @@ multilib_src_configure() { $(meson_native_true timesyncd) $(meson_native_true tmpfiles) $(meson_native_true vconsole) - - # static-libs - $(meson_use static-libs static-libudev) ) meson_src_configure "${myconf[@]}" diff --git a/sys-apps/systemd/systemd-248.6.ebuild b/sys-apps/systemd/systemd-249.4-r3.ebuild index 469ea95ee5be..f7381f4632b7 100644 --- a/sys-apps/systemd/systemd-248.6.ebuild +++ b/sys-apps/systemd/systemd-249.4-r3.ebuild @@ -2,6 +2,10 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=7 +PYTHON_COMPAT=( python3_{8..10} ) + +# Avoid QA warnings +TMPFILES_OPTIONAL=1 if [[ ${PV} == 9999 ]]; then EGIT_REPO_URI="https://github.com/systemd/systemd.git" @@ -16,11 +20,9 @@ else MY_P=${MY_PN}-${MY_PV} S=${WORKDIR}/${MY_P} SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~riscv sparc x86" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" fi -PYTHON_COMPAT=( python3_{7..9} ) - inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev usr-ldscript DESCRIPTION="System and service manager for Linux" @@ -28,7 +30,7 @@ HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd" LICENSE="GPL-2 LGPL-2.1 MIT public-domain" SLOT="0/2" -IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr static-libs +sysv-utils test tpm vanilla xkb +zstd" +IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils fido2 +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd" REQUIRED_USE=" homed? ( cryptsetup pam ) @@ -51,6 +53,7 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] curl? ( net-misc/curl:0= ) dns-over-tls? ( >=net-libs/gnutls-3.6.0:0= ) elfutils? ( >=dev-libs/elfutils-0.158:0= ) + fido2? ( dev-libs/libfido2:0= ) gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) homed? ( ${OPENSSL_DEP} ) http? ( @@ -133,7 +136,7 @@ RDEPEND="${COMMON_DEPEND} # sys-apps/dbus: the daemon only (+ build-time lib dep for tests) PDEPEND=">=sys-apps/dbus-1.9.8[systemd] - hwdb? ( >=sys-apps/hwids-20150417[udev] ) + hwdb? ( sys-apps/hwids[systemd(+),udev] ) >=sys-fs/udev-init-scripts-34 policykit? ( sys-auth/polkit ) !vanilla? ( sys-apps/gentoo-systemd-integration )" @@ -144,7 +147,6 @@ BDEPEND=" >=dev-util/meson-0.46 >=sys-apps/coreutils-8.16 sys-devel/gettext - sys-devel/m4 virtual/pkgconfig test? ( app-text/tree @@ -155,13 +157,18 @@ BDEPEND=" app-text/docbook-xml-dtd:4.5 app-text/docbook-xsl-stylesheets dev-libs/libxslt:0 + $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]') $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') " python_check_deps() { + has_version -b "dev-python/jinja[${PYTHON_USEDEP}]" && has_version -b "dev-python/lxml[${PYTHON_USEDEP}]" } +QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" +QA_EXECSTACK="usr/lib/systemd/boot/efi/*" + pkg_pretend() { if [[ ${MERGE_TYPE} != buildonly ]]; then if use test && has pid-sandbox ${FEATURES}; then @@ -219,6 +226,9 @@ src_prepare() { # Add local patches here PATCHES+=( + "${FILESDIR}/249-libudev-static.patch" + "${FILESDIR}/249-home-secret-assert.patch" + "${FILESDIR}/249-fido2.patch" ) if ! use vanilla; then @@ -266,6 +276,7 @@ multilib_src_configure() { $(meson_native_use_bool curl libcurl) $(meson_native_use_bool dns-over-tls dns-over-tls) $(meson_native_use_bool elfutils) + $(meson_native_use_bool fido2 libfido2) $(meson_use gcrypt) $(meson_native_use_bool gnuefi gnu-efi) -Defi-includedir="${ESYSROOT}/usr/include/efi" @@ -320,9 +331,6 @@ multilib_src_configure() { $(meson_native_true timesyncd) $(meson_native_true tmpfiles) $(meson_native_true vconsole) - - # static-libs - $(meson_use static-libs static-libudev) ) meson_src_configure "${myconf[@]}" @@ -442,19 +450,7 @@ migrate_locale() { fi } -save_enabled_units() { - ENABLED_UNITS=() - type systemctl &>/dev/null || return - for x; do - if systemctl --quiet --root="${ROOT:-/}" is-enabled "${x}"; then - ENABLED_UNITS+=( "${x}" ) - fi - done -} - pkg_preinst() { - save_enabled_units {machines,remote-{cryptsetup,fs}}.target getty@tty1.service - if ! use split-usr; then local dir for dir in bin sbin lib; do @@ -476,23 +472,17 @@ pkg_postinst() { systemd_update_catalog # Keep this here in case the database format changes so it gets updated - # when required. Despite that this file is owned by sys-apps/hwids. - if has_version "sys-apps/hwids[udev]"; then - udevadm hwdb --update --root="${EROOT}" + # when required. + if use hwdb; then + systemd-hwdb --root="${ROOT}" update fi udev_reload || FAIL=1 - # Bug 465468, make sure locales are respect, and ensure consistency + # Bug 465468, make sure locales are respected, and ensure consistency # between OpenRC & systemd migrate_locale - systemd_reenable systemd-networkd.service systemd-resolved.service - - if [[ ${ENABLED_UNITS[@]} ]]; then - systemctl --root="${ROOT:-/}" enable "${ENABLED_UNITS[@]}" - fi - if [[ -z ${REPLACING_VERSIONS} ]]; then if type systemctl &>/dev/null; then systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild index 3683686fc0d1..ee6cfbea7dad 100644 --- a/sys-apps/systemd/systemd-9999.ebuild +++ b/sys-apps/systemd/systemd-9999.ebuild @@ -4,6 +4,9 @@ EAPI=7 PYTHON_COMPAT=( python3_{8..10} ) +# Avoid QA warnings +TMPFILES_OPTIONAL=1 + if [[ ${PV} == 9999 ]]; then EGIT_REPO_URI="https://github.com/systemd/systemd.git" inherit git-r3 @@ -27,7 +30,7 @@ HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd" LICENSE="GPL-2 LGPL-2.1 MIT public-domain" SLOT="0/2" -IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr static-libs +sysv-utils test tpm vanilla xkb +zstd" +IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils fido2 +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd" REQUIRED_USE=" homed? ( cryptsetup pam ) @@ -50,6 +53,7 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] curl? ( net-misc/curl:0= ) dns-over-tls? ( >=net-libs/gnutls-3.6.0:0= ) elfutils? ( >=dev-libs/elfutils-0.158:0= ) + fido2? ( dev-libs/libfido2:0= ) gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) homed? ( ${OPENSSL_DEP} ) http? ( @@ -269,6 +273,7 @@ multilib_src_configure() { $(meson_native_use_bool curl libcurl) $(meson_native_use_bool dns-over-tls dns-over-tls) $(meson_native_use_bool elfutils) + $(meson_native_use_bool fido2 libfido2) $(meson_use gcrypt) $(meson_native_use_bool gnuefi gnu-efi) -Defi-includedir="${ESYSROOT}/usr/include/efi" @@ -323,9 +328,6 @@ multilib_src_configure() { $(meson_native_true timesyncd) $(meson_native_true tmpfiles) $(meson_native_true vconsole) - - # static-libs - $(meson_use static-libs static-libudev) ) meson_src_configure "${myconf[@]}" |