diff options
author | V3n3RiX <venerix@koprulu.sector> | 2022-04-06 22:33:41 +0100 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2022-04-06 22:33:41 +0100 |
commit | e68d405c5d712af4387159df07e226217bdda049 (patch) | |
tree | 009ab0f3d427f0813e62930d71802cb054c07e30 /sys-apps/systemd | |
parent | 401101f9c8077911929d3f2b60a37098460a5d89 (diff) |
gentoo resync : 06.04.2022
Diffstat (limited to 'sys-apps/systemd')
-rw-r--r-- | sys-apps/systemd/Manifest | 4 | ||||
-rw-r--r-- | sys-apps/systemd/files/250.4-random-seed-hash.patch | 74 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-249.11.ebuild | 2 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-250.4-r1.ebuild | 521 |
4 files changed, 599 insertions, 2 deletions
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest index ba3a899a8321..96b31eaf1c8f 100644 --- a/sys-apps/systemd/Manifest +++ b/sys-apps/systemd/Manifest @@ -1,5 +1,6 @@ AUX 00-hostnamed-network-user.conf 227 BLAKE2B 0cc780a2ea9f31f08be01184704e4fa8b4b95e4c82b7e2dd4127f82c594a5cd7c8f865a83ae5f1284e58a7fd120ee9a9f4f586b7e479d21f1e8adf26e8e61238 SHA512 97e8decd802de8581fb546e3a714376fbd065108f3edfed54a1036d93df02f9947c358aec9aa4841a766c9120fa20c69eb7867bb4d2bd7339d8bd89c43235b2b AUX 249.9-cross-compile.patch 1070 BLAKE2B 45586e1d76f6eed0e6f4ae27c5c93f9495bfde2b2bb3b1853bdda22f341787747ea7d7a02a1d582e6ba7e113fd2aed94bfa72616a6a9139ec18c89f85d176646 SHA512 97e919c30fc5ff39f50908f63fee23371047223d12874e68fe74ae545acea7a1dd0d1f0147e2d8a95a49e1943a276148011294b33a8f7fcfa11c91f275e87194 +AUX 250.4-random-seed-hash.patch 3300 BLAKE2B 3a952e18ebc8075853943e57730b2f9cf0ac31e2161fce992d11df483a57fc777b74b212c243260ddb6255b2bfe6ac64ba4abfedd236d2cae5e18150e2e3d859 SHA512 4ade52e055d6ccd252221354125e3155c9398452a470b45dc15967fd354d94f4ef94437626c6063762c1c83243d65ec57b0b8d326b769514dbd76f2644925b39 AUX gentoo-generator-path-r2.patch 994 BLAKE2B 2bfb42623221291030fa9f7310e9bf747351a26f6ffd842628298787b74d4ec562bacaa9fc5365f7e854f695dab5f74bc06883fefc1f210dce4fd415926817ac SHA512 98054222ea232e120625573b6a532c312eccc02fe657152610b7d056b964bb2165fffae9d17fd986cf547af885d44c26b117fe68df5b24e2607d37f3729d0ada AUX gentoo-journald-audit.patch 1485 BLAKE2B 9cba28ce907330bbc1eafcf04a837987ed68272fcfa9cc34a309ff5d4cc2230f71a6f7fed42c79afb1c96605df141e8e40b2d8290d12ad3c18038269814f2df8 SHA512 d77d4dae9f8a7819c6d4855476f3163ee19f52b20f66a93e25818f0747404462c47e3cafbd82ba85ce1b3d2fdbabdd96a0398b71149b318c540d82403f8ad0ad AUX gentoo-systemctl-disable-sysv-sync-r1.patch 821 BLAKE2B f5ef796725e023bb1ed83b34a3e4d45bb008de9a134892a5321b37b56809c7a44530d18e33c7877177e8b64b2d89dfc2de844bed433db6d5e57831d20fbfb456 SHA512 8d697dbd305f6b95a4ddc47cf9d99a0e954f54e161bd59164917b62a78ff5c23fa2d5be2614569c0a2297595dae59e1ee71bb04da72cbe0c0807e1abd7da974d @@ -11,10 +12,11 @@ DIST systemd-stable-249.9.tar.gz 10613893 BLAKE2B fc7a14fa3b0cc3d05fa9f20fde2efe DIST systemd-stable-250.2.tar.gz 11121031 BLAKE2B ddbb33648dbf0442e4258bf23ace04eac6d5ab6a2434537395b900b7bd4113a86199d6d559f8d76dcbede88484240a6593439acdcc7b1801857d13840c389c6c SHA512 2f734c1d1ea98ee3f1beb00689a0d56603cd981aa938bee1655445ddd4af3b2bb6472249fa158741edcb2259ee302b625e124c38b7d2ec00c53760d6b362d5bb DIST systemd-stable-250.3.tar.gz 11125151 BLAKE2B 659c39994e76f94407dd9079e28fc644981d3475a0ed440b9895e8f201c3ce1fc47aa8c4d599ad85ed89ddfb6ca8e514aee2a739e93640745cf46647f99efe56 SHA512 81847fb088ff271138b1ea318995a2ca2ee5d4c5d839c9dd81f0210d366198049199d59c49b25ef8783df2c6b8dd9fcdf2d916777788b1a6d42deec9da8e9da5 DIST systemd-stable-250.4.tar.gz 11132786 BLAKE2B 8fdfe1bad76e572dc1be0955f3d1c4080f2beb81a2f9670f80827899f5406ab8ed8675400c2f5e8ccef44cf1bceff42ceae12a42e1b67d46c0deb523e6495f25 SHA512 307ed0920da660b6c45d909fea66864fb98db8b2f6905d629fb2012fc4bf64dd25fd61168c22bf4098200be541be9b0e815fbde98806a99c85cb33d49d8b63d0 -EBUILD systemd-249.11.ebuild 14750 BLAKE2B c68d4145202cd0bf616f2e0f6a066e7f2000f10705bcfc27f38cd8a0b0a3dc7bb8386df6473ccd821469606fb27a910e785447fd9748b8544bc157a92e6c00a6 SHA512 3c0478e0d2d5e4cf140d0657405f79645f423a6c7da76f9c62e5af56e8eb200cc2f5b4dfad27aaafeb40ed5172ac9a5b53c26952f56ddb31ebf1d4797485cb22 +EBUILD systemd-249.11.ebuild 14749 BLAKE2B 3b6ccb1617acceb9ebd90805aa7e2124be674e235094641013a665b76bf2417f250cb290e96caca6cdfa6704ee179a07057dfb820ce3a57daaecd754427a88d2 SHA512 6aa8d8428824cc8961692075a4ec34d1d5b179fef6b499c381370645259250b8c340dbb4523f4ac1c61241e844ed17c7800fc34ceb51c43fcde62562ddc350d8 EBUILD systemd-249.9.ebuild 14784 BLAKE2B ca86d60cc9890d368c269baa814c55345c05da6781dab850dc11d1ea81304e1d25319af0e3a81690df4fa178a796a54af5789dff4756c65b2bcb326f5f4bd511 SHA512 2c3166d0e8ce969b0117cd4454f7d8f71dcf6f079e7a8890cbe77c56e92e3d28d54e98ca07ed5dc0a391cd9acb0b58ce4869ee98b7d91f36fbdbfac54d01ee7f EBUILD systemd-250.2.ebuild 15249 BLAKE2B e9a1484fa9c39b55f47c680c7a4a53fdd722e4d56d3a496a06875c3782a2ab97d04b7a1475ac0b08ace87dc8d9ba939034e7b22874da110d3a5b8e6dd064265d SHA512 8e820f53362c9c2379196ae8c3bd7bd8801856331ede8ad3877e5a04c9cc2e5145ada108d8d48db09358e2335791550c49a663ae75c900eac9a5b9fe201152cc EBUILD systemd-250.3.ebuild 15249 BLAKE2B e9a1484fa9c39b55f47c680c7a4a53fdd722e4d56d3a496a06875c3782a2ab97d04b7a1475ac0b08ace87dc8d9ba939034e7b22874da110d3a5b8e6dd064265d SHA512 8e820f53362c9c2379196ae8c3bd7bd8801856331ede8ad3877e5a04c9cc2e5145ada108d8d48db09358e2335791550c49a663ae75c900eac9a5b9fe201152cc +EBUILD systemd-250.4-r1.ebuild 15294 BLAKE2B c709485d1ae97d77f58a971984e7f3258a0f624b59e11958e1cadfe1991f704ee10d8bc836770f4c98f3dc3714e2c8d9ca65d89015b575bb21b877afa44ddeae SHA512 90468976a753b773f1748821128b034c342da5dcb2646203d51b07ccf726aa0937bfe7c87166e5feee5417ed6b40e81abc534953dbbb1d359fe80b9beb6c85b7 EBUILD systemd-250.4.ebuild 15249 BLAKE2B e9a1484fa9c39b55f47c680c7a4a53fdd722e4d56d3a496a06875c3782a2ab97d04b7a1475ac0b08ace87dc8d9ba939034e7b22874da110d3a5b8e6dd064265d SHA512 8e820f53362c9c2379196ae8c3bd7bd8801856331ede8ad3877e5a04c9cc2e5145ada108d8d48db09358e2335791550c49a663ae75c900eac9a5b9fe201152cc EBUILD systemd-9999.ebuild 15249 BLAKE2B e9a1484fa9c39b55f47c680c7a4a53fdd722e4d56d3a496a06875c3782a2ab97d04b7a1475ac0b08ace87dc8d9ba939034e7b22874da110d3a5b8e6dd064265d SHA512 8e820f53362c9c2379196ae8c3bd7bd8801856331ede8ad3877e5a04c9cc2e5145ada108d8d48db09358e2335791550c49a663ae75c900eac9a5b9fe201152cc MISC metadata.xml 2627 BLAKE2B b785769f4d2d029a935d8aa4da18d2366d283565a70db63b36eccbab4213edd3c0063a61fe58b313a37cd72fa4a848f4ba12dd3761f82b862a84a3b09ce06258 SHA512 ecbc947ffc3ad23afb6c07c60907d5cbb91053c4153c6661fa26f358710e3d7ca44ae4c3b0d229b428fbe5abb63f83175448e6fae8ec11c1cbe01c1a692c873b diff --git a/sys-apps/systemd/files/250.4-random-seed-hash.patch b/sys-apps/systemd/files/250.4-random-seed-hash.patch new file mode 100644 index 000000000000..efaa8cdfcaac --- /dev/null +++ b/sys-apps/systemd/files/250.4-random-seed-hash.patch @@ -0,0 +1,74 @@ +https://github.com/systemd/systemd-stable/commit/ed46ff2bd6ca21d83cae4a94c3ed752ad1b64cce + +From: "Jason A. Donenfeld" <Jason@zx2c4.com> +Date: Mon, 3 Jan 2022 18:11:32 +0100 +Subject: [PATCH] random-seed: hash together old seed and new seed before + writing out file + +If we're consuming an on-disk seed, we usually write out a new one after +consuming it. In that case, we might be at early boot and the randomness +could be rather poor, and the kernel doesn't guarantee that it'll use +the new randomness right away for us. In order to prevent the new +entropy from getting any worse, hash together the old seed and the new +seed, and replace the final bytes of the new seed with the hash output. +This way, entropy strictly increases and never regresses. + +(cherry picked from commit da2862ef06f22fc8d31dafced6d2d6dc14f2ee0b) +--- a/src/random-seed/random-seed.c ++++ b/src/random-seed/random-seed.c +@@ -26,6 +26,7 @@ + #include "random-util.h" + #include "string-util.h" + #include "sync-util.h" ++#include "sha256.h" + #include "util.h" + #include "xattr-util.h" + +@@ -106,9 +107,11 @@ static int run(int argc, char *argv[]) { + _cleanup_close_ int seed_fd = -1, random_fd = -1; + bool read_seed_file, write_seed_file, synchronous; + _cleanup_free_ void* buf = NULL; ++ struct sha256_ctx hash_state; ++ uint8_t hash[32]; + size_t buf_size; + struct stat st; +- ssize_t k; ++ ssize_t k, l; + int r; + + log_setup(); +@@ -242,6 +245,16 @@ static int run(int argc, char *argv[]) { + if (r < 0) + log_error_errno(r, "Failed to write seed to /dev/urandom: %m"); + } ++ /* If we're going to later write out a seed file, initialize a hash state with ++ * the contents of the seed file we just read, so that the new one can't regress ++ * in entropy. */ ++ if (write_seed_file) { ++ sha256_init_ctx(&hash_state); ++ if (k < 0) ++ k = 0; ++ sha256_process_bytes(&k, sizeof(k), &hash_state); ++ sha256_process_bytes(buf, k, &hash_state); ++ } + } + + if (write_seed_file) { +@@ -277,6 +290,17 @@ static int run(int argc, char *argv[]) { + "Got EOF while reading from /dev/urandom."); + } + ++ /* If we previously read in a seed file, then hash the new seed into the old one, ++ * and replace the last 32 bytes of the seed with the hash output, so that the ++ * new seed file can't regress in entropy. */ ++ if (read_seed_file) { ++ sha256_process_bytes(&k, sizeof(k), &hash_state); ++ sha256_process_bytes(buf, k, &hash_state); ++ sha256_finish_ctx(&hash_state, hash); ++ l = MIN(k, 32); ++ memcpy((uint8_t *)buf + k - l, hash, l); ++ } ++ + r = loop_write(seed_fd, buf, (size_t) k, false); + if (r < 0) + return log_error_errno(r, "Failed to write new random seed file: %m"); diff --git a/sys-apps/systemd/systemd-249.11.ebuild b/sys-apps/systemd/systemd-249.11.ebuild index 58ec6237eb87..79c41b24c83c 100644 --- a/sys-apps/systemd/systemd-249.11.ebuild +++ b/sys-apps/systemd/systemd-249.11.ebuild @@ -20,7 +20,7 @@ else MY_P=${MY_PN}-${MY_PV} S=${WORKDIR}/${MY_P} SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" + KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" fi inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev usr-ldscript diff --git a/sys-apps/systemd/systemd-250.4-r1.ebuild b/sys-apps/systemd/systemd-250.4-r1.ebuild new file mode 100644 index 000000000000..444d748cfd2b --- /dev/null +++ b/sys-apps/systemd/systemd-250.4-r1.ebuild @@ -0,0 +1,521 @@ +# Copyright 2011-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +PYTHON_COMPAT=( python3_{8..10} ) + +# Avoid QA warnings +TMPFILES_OPTIONAL=1 + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="https://github.com/systemd/systemd.git" + inherit git-r3 +else + if [[ ${PV} == *.* ]]; then + MY_PN=systemd-stable + else + MY_PN=systemd + fi + MY_PV=${PV/_/-} + MY_P=${MY_PN}-${MY_PV} + S=${WORKDIR}/${MY_P} + SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" +fi + +inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev usr-ldscript + +DESCRIPTION="System and service manager for Linux" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd" + +LICENSE="GPL-2 LGPL-2.1 MIT public-domain" +SLOT="0/2" +IUSE=" + acl apparmor audit build cgroup-hybrid cryptsetup curl +dns-over-tls elfutils + fido2 +gcrypt gnuefi gnutls homed hostnamed-fallback http idn importd +kmod + +lz4 lzma nat +openssl pam pcre pkcs11 policykit pwquality qrcode + +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd +" +REQUIRED_USE=" + dns-over-tls? ( || ( gnutls openssl ) ) + homed? ( cryptsetup pam openssl ) + importd? ( curl lzma || ( gcrypt openssl ) ) + policykit? ( !hostnamed-fallback ) + pwquality? ( homed ) +" +RESTRICT="!test? ( test )" + +MINKV="3.11" + +COMMON_DEPEND=" + >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] + sys-libs/libcap:0=[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + acl? ( sys-apps/acl:0= ) + apparmor? ( sys-libs/libapparmor:0= ) + audit? ( >=sys-process/audit-2:0= ) + cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) + curl? ( net-misc/curl:0= ) + elfutils? ( >=dev-libs/elfutils-0.158:0= ) + fido2? ( dev-libs/libfido2:0= ) + gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) + gnutls? ( >=net-libs/gnutls-3.6.0:0= ) + http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) + idn? ( net-dns/libidn2:= ) + importd? ( + app-arch/bzip2:0= + sys-libs/zlib:0= + ) + kmod? ( >=sys-apps/kmod-15:0= ) + lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) + nat? ( net-firewall/iptables:0= ) + openssl? ( >=dev-libs/openssl-1.1.0:0= ) + pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) + pkcs11? ( app-crypt/p11-kit:0= ) + pcre? ( dev-libs/libpcre2 ) + pwquality? ( dev-libs/libpwquality:0= ) + qrcode? ( media-gfx/qrencode:0= ) + seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) + selinux? ( sys-libs/libselinux:0= ) + tpm? ( app-crypt/tpm2-tss:0= ) + xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) + zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) +" + +# Newer linux-headers needed by ia64, bug #480218 +DEPEND="${COMMON_DEPEND} + >=sys-kernel/linux-headers-${MINKV} + gnuefi? ( >=sys-boot/gnu-efi-3.0.2 ) +" + +# baselayout-2.2 has /run +RDEPEND="${COMMON_DEPEND} + >=acct-group/adm-0-r1 + >=acct-group/wheel-0-r1 + >=acct-group/kmem-0-r1 + >=acct-group/tty-0-r1 + >=acct-group/utmp-0-r1 + >=acct-group/audio-0-r1 + >=acct-group/cdrom-0-r1 + >=acct-group/dialout-0-r1 + >=acct-group/disk-0-r1 + >=acct-group/input-0-r1 + >=acct-group/kvm-0-r1 + >=acct-group/lp-0-r1 + >=acct-group/render-0-r1 + acct-group/sgx + >=acct-group/tape-0-r1 + acct-group/users + >=acct-group/video-0-r1 + >=acct-group/systemd-journal-0-r1 + >=acct-user/root-0-r1 + acct-user/nobody + >=acct-user/systemd-journal-remote-0-r1 + >=acct-user/systemd-coredump-0-r1 + >=acct-user/systemd-network-0-r1 + acct-user/systemd-oom + >=acct-user/systemd-resolve-0-r1 + >=acct-user/systemd-timesync-0-r1 + >=sys-apps/baselayout-2.2 + hostnamed-fallback? ( + acct-group/systemd-hostname + sys-apps/dbus-broker + ) + selinux? ( sec-policy/selinux-base-policy[systemd] ) + sysv-utils? ( + !sys-apps/openrc[sysv-utils(-)] + !sys-apps/sysvinit + ) + !sysv-utils? ( sys-apps/sysvinit ) + resolvconf? ( !net-dns/openresolv ) + !build? ( || ( + sys-apps/util-linux[kill(-)] + sys-process/procps[kill(+)] + sys-apps/coreutils[kill(-)] + ) ) + !sys-apps/hwids[udev] + !sys-auth/nss-myhostname + !sys-fs/eudev + !sys-fs/udev +" + +# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) +PDEPEND=">=sys-apps/dbus-1.9.8[systemd] + >=sys-fs/udev-init-scripts-34 + policykit? ( sys-auth/polkit ) + !vanilla? ( sys-apps/gentoo-systemd-integration )" + +BDEPEND=" + app-arch/xz-utils:0 + dev-util/gperf + >=dev-util/meson-0.46 + >=sys-apps/coreutils-8.16 + sys-devel/gettext + virtual/pkgconfig + test? ( + app-text/tree + dev-lang/perl + sys-apps/dbus + ) + app-text/docbook-xml-dtd:4.2 + app-text/docbook-xml-dtd:4.5 + app-text/docbook-xsl-stylesheets + dev-libs/libxslt:0 + $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]') + $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') +" + +python_check_deps() { + has_version -b "dev-python/jinja[${PYTHON_USEDEP}]" && + has_version -b "dev-python/lxml[${PYTHON_USEDEP}]" +} + +QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" +QA_EXECSTACK="usr/lib/systemd/boot/efi/*" + +pkg_pretend() { + if [[ ${MERGE_TYPE} != buildonly ]]; then + if use test && has pid-sandbox ${FEATURES}; then + ewarn "Tests are known to fail with PID sandboxing enabled." + ewarn "See https://bugs.gentoo.org/674458." + fi + + local CONFIG_CHECK="~AUTOFS4_FS ~BINFMT_MISC ~BLK_DEV_BSG ~CGROUPS + ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE + ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS + ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS + ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH + ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED + ~!SYSFS_DEPRECATED_V2" + + use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" + use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" + kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG" + kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES" + kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF" + + if kernel_is -lt 5 10 20; then + CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" + else + CONFIG_CHECK+=" ~KCMP" + fi + + if linux_config_exists; then + local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) + if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then + ewarn "It's recommended to set an empty value to the following kernel config option:" + ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" + fi + if linux_chkconfig_present X86; then + CONFIG_CHECK+=" ~DMIID" + fi + fi + + if kernel_is -lt ${MINKV//./ }; then + ewarn "Kernel version at least ${MINKV} required" + fi + + check_extra_config + fi +} + +pkg_setup() { + : +} + +src_unpack() { + default + [[ ${PV} != 9999 ]] || git-r3_src_unpack +} + +src_prepare() { + # Do NOT add patches here + local PATCHES=() + + [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches ) + + # Add local patches here + PATCHES+=( + "${FILESDIR}/250.4-random-seed-hash.patch" + ) + + if ! use vanilla; then + PATCHES+=( + "${FILESDIR}/gentoo-generator-path-r2.patch" + "${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch" + "${FILESDIR}/gentoo-journald-audit.patch" + ) + fi + + default +} + +src_configure() { + # Prevent conflicts with i686 cross toolchain, bug 559726 + tc-export AR CC NM OBJCOPY RANLIB + + python_setup + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myconf=( + --localstatedir="${EPREFIX}/var" + -Dsupport-url="https://gentoo.org/support/" + -Dpamlibdir="$(getpam_mod_dir)" + # avoid bash-completion dep + -Dbashcompletiondir="$(get_bashcompdir)" + # make sure we get /bin:/sbin in PATH + $(meson_use split-usr) + -Dsplit-bin=true + -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" + -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" + # Avoid infinite exec recursion, bug 642724 + -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" + # no deps + -Dima=true + -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) + # Optional components/dependencies + $(meson_native_use_bool acl) + $(meson_native_use_bool apparmor) + $(meson_native_use_bool audit) + $(meson_native_use_bool cryptsetup libcryptsetup) + $(meson_native_use_bool curl libcurl) + $(meson_native_use_bool dns-over-tls dns-over-tls) + $(meson_native_use_bool elfutils) + $(meson_native_use_bool fido2 libfido2) + $(meson_use gcrypt) + $(meson_native_use_bool gnuefi gnu-efi) + $(meson_native_use_bool gnutls) + -Defi-includedir="${ESYSROOT}/usr/include/efi" + -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)" + $(meson_native_use_bool homed) + $(meson_native_use_bool http microhttpd) + $(meson_native_use_bool idn) + $(meson_native_use_bool importd) + $(meson_native_use_bool importd bzip2) + $(meson_native_use_bool importd zlib) + $(meson_native_use_bool kmod) + $(meson_use lz4) + $(meson_use lzma xz) + $(meson_use zstd) + $(meson_native_use_bool nat libiptc) + $(meson_native_use_bool openssl) + $(meson_use pam) + $(meson_native_use_bool pkcs11 p11kit) + $(meson_native_use_bool pcre pcre2) + $(meson_native_use_bool policykit polkit) + $(meson_native_use_bool pwquality) + $(meson_native_use_bool qrcode qrencode) + $(meson_native_use_bool seccomp) + $(meson_native_use_bool selinux) + $(meson_native_use_bool tpm tpm2) + $(meson_native_use_bool test dbus) + $(meson_native_use_bool xkb xkbcommon) + -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" + # Breaks screen, tmux, etc. + -Ddefault-kill-user-processes=false + -Dcreate-log-dirs=false + + # multilib options + $(meson_native_true backlight) + $(meson_native_true binfmt) + $(meson_native_true coredump) + $(meson_native_true environment-d) + $(meson_native_true firstboot) + $(meson_native_true hibernate) + $(meson_native_true hostnamed) + $(meson_native_true ldconfig) + $(meson_native_true localed) + $(meson_native_true man) + $(meson_native_true networkd) + $(meson_native_true quotacheck) + $(meson_native_true randomseed) + $(meson_native_true rfkill) + $(meson_native_true sysusers) + $(meson_native_true timedated) + $(meson_native_true timesyncd) + $(meson_native_true tmpfiles) + $(meson_native_true vconsole) + ) + + meson_src_configure "${myconf[@]}" +} + +multilib_src_test() { + unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR + meson_src_test +} + +multilib_src_install_all() { + local rootprefix=$(usex split-usr '' /usr) + + # meson doesn't know about docdir + mv "${ED}"/usr/share/doc/{systemd,${PF}} || die + + einstalldocs + dodoc "${FILESDIR}"/nsswitch.conf + + if ! use resolvconf; then + rm -f "${ED}${rootprefix}"/sbin/resolvconf || die + fi + + rm "${ED}"/etc/init.d/README || die + rm "${ED}${rootprefix}"/lib/systemd/system-generators/systemd-sysv-generator || die + + if ! use sysv-utils; then + rm "${ED}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die + rm "${ED}"/usr/share/man/man1/init.1 || die + rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die + fi + + if ! use resolvconf && ! use sysv-utils; then + rmdir "${ED}${rootprefix}"/sbin || die + fi + + # https://bugs.gentoo.org/761763 + rm -r "${ED}"/usr/lib/sysusers.d || die + + # Preserve empty dirs in /etc & /var, bug #437008 + keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} + keepdir /etc/kernel/install.d + keepdir /etc/systemd/{network,system,user} + keepdir /etc/udev/rules.d + + keepdir /etc/udev/hwdb.d + + keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} + keepdir /usr/lib/{binfmt.d,modules-load.d} + keepdir /usr/lib/systemd/user-generators + keepdir /var/lib/systemd + keepdir /var/log/journal + + # Symlink /etc/sysctl.conf for easy migration. + dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf + + if use pam; then + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi + + if use split-usr; then + # Avoid breaking boot/reboot + dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd + dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown + fi + + # workaround for https://github.com/systemd/systemd/issues/13501 + if use hostnamed-fallback; then + # this file requires dbus-broker + insinto /usr/share/dbus-1/system.d/ + doins "${FILESDIR}/org.freedesktop.hostname1_no_polkit.conf" + + insinto "${rootprefix}/lib/systemd/system/systemd-hostnamed.service.d/" + doins "${FILESDIR}/00-hostnamed-network-user.conf" + fi + + gen_usr_ldscript -a systemd udev +} + +migrate_locale() { + local envd_locale_def="${EROOT}/etc/env.d/02locale" + local envd_locale=( "${EROOT}"/etc/env.d/??locale ) + local locale_conf="${EROOT}/etc/locale.conf" + + if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then + # If locale.conf does not exist... + if [[ -e ${envd_locale} ]]; then + # ...either copy env.d/??locale if there's one + ebegin "Moving ${envd_locale} to ${locale_conf}" + mv "${envd_locale}" "${locale_conf}" + eend ${?} || FAIL=1 + else + # ...or create a dummy default + ebegin "Creating ${locale_conf}" + cat > "${locale_conf}" <<-EOF + # This file has been created by the sys-apps/systemd ebuild. + # See locale.conf(5) and localectl(1). + + # LANG=${LANG} + EOF + eend ${?} || FAIL=1 + fi + fi + + if [[ ! -L ${envd_locale} ]]; then + # now, if env.d/??locale is not a symlink (to locale.conf)... + if [[ -e ${envd_locale} ]]; then + # ...warn the user that he has duplicate locale settings + ewarn + ewarn "To ensure consistent behavior, you should replace ${envd_locale}" + ewarn "with a symlink to ${locale_conf}. Please migrate your settings" + ewarn "and create the symlink with the following command:" + ewarn "ln -s -n -f ../locale.conf ${envd_locale}" + ewarn + else + # ...or just create the symlink if there's nothing here + ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" + ln -n -s ../locale.conf "${envd_locale_def}" + eend ${?} || FAIL=1 + fi + fi +} + +pkg_preinst() { + if ! use split-usr; then + local dir + for dir in bin sbin lib; do + if [[ ! ${EROOT}/${dir} -ef ${EROOT}/usr/${dir} ]]; then + eerror "\"${EROOT}/${dir}\" and \"${EROOT}/usr/${dir}\" are not merged." + eerror "One of them should be a symbolic link to the other one." + FAIL=1 + fi + done + if [[ ${FAIL} ]]; then + eerror "Migration to system layout with merged directories must be performed before" + eerror "rebuilding ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage." + die "System layout with split directories still used" + fi + fi +} + +pkg_postinst() { + systemd_update_catalog + + # Keep this here in case the database format changes so it gets updated + # when required. + systemd-hwdb --root="${ROOT}" update + + udev_reload || FAIL=1 + + # Bug 465468, make sure locales are respected, and ensure consistency + # between OpenRC & systemd + migrate_locale + + if [[ -z ${REPLACING_VERSIONS} ]]; then + if type systemctl &>/dev/null; then + systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 + fi + elog "To enable a useful set of services, run the following:" + elog " systemctl preset-all --preset-mode=enable-only" + fi + + if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then + rm "${EROOT}/var/lib/systemd/timesync" + fi + + if [[ ${FAIL} ]]; then + eerror "One of the postinst commands failed. Please check the postinst output" + eerror "for errors. You may need to clean up your system and/or try installing" + eerror "systemd again." + eerror + fi +} + +pkg_prerm() { + # If removing systemd completely, remove the catalog database. + if [[ ! ${REPLACED_BY_VERSION} ]]; then + rm -f -v "${EROOT}"/var/lib/systemd/catalog/database + fi +} |