summaryrefslogtreecommitdiff
path: root/sys-apps/systemd
diff options
context:
space:
mode:
authorV3n3RiX <venerix@koprulu.sector>2022-04-06 22:33:41 +0100
committerV3n3RiX <venerix@koprulu.sector>2022-04-06 22:33:41 +0100
commite68d405c5d712af4387159df07e226217bdda049 (patch)
tree009ab0f3d427f0813e62930d71802cb054c07e30 /sys-apps/systemd
parent401101f9c8077911929d3f2b60a37098460a5d89 (diff)
gentoo resync : 06.04.2022
Diffstat (limited to 'sys-apps/systemd')
-rw-r--r--sys-apps/systemd/Manifest4
-rw-r--r--sys-apps/systemd/files/250.4-random-seed-hash.patch74
-rw-r--r--sys-apps/systemd/systemd-249.11.ebuild2
-rw-r--r--sys-apps/systemd/systemd-250.4-r1.ebuild521
4 files changed, 599 insertions, 2 deletions
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index ba3a899a8321..96b31eaf1c8f 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,5 +1,6 @@
AUX 00-hostnamed-network-user.conf 227 BLAKE2B 0cc780a2ea9f31f08be01184704e4fa8b4b95e4c82b7e2dd4127f82c594a5cd7c8f865a83ae5f1284e58a7fd120ee9a9f4f586b7e479d21f1e8adf26e8e61238 SHA512 97e8decd802de8581fb546e3a714376fbd065108f3edfed54a1036d93df02f9947c358aec9aa4841a766c9120fa20c69eb7867bb4d2bd7339d8bd89c43235b2b
AUX 249.9-cross-compile.patch 1070 BLAKE2B 45586e1d76f6eed0e6f4ae27c5c93f9495bfde2b2bb3b1853bdda22f341787747ea7d7a02a1d582e6ba7e113fd2aed94bfa72616a6a9139ec18c89f85d176646 SHA512 97e919c30fc5ff39f50908f63fee23371047223d12874e68fe74ae545acea7a1dd0d1f0147e2d8a95a49e1943a276148011294b33a8f7fcfa11c91f275e87194
+AUX 250.4-random-seed-hash.patch 3300 BLAKE2B 3a952e18ebc8075853943e57730b2f9cf0ac31e2161fce992d11df483a57fc777b74b212c243260ddb6255b2bfe6ac64ba4abfedd236d2cae5e18150e2e3d859 SHA512 4ade52e055d6ccd252221354125e3155c9398452a470b45dc15967fd354d94f4ef94437626c6063762c1c83243d65ec57b0b8d326b769514dbd76f2644925b39
AUX gentoo-generator-path-r2.patch 994 BLAKE2B 2bfb42623221291030fa9f7310e9bf747351a26f6ffd842628298787b74d4ec562bacaa9fc5365f7e854f695dab5f74bc06883fefc1f210dce4fd415926817ac SHA512 98054222ea232e120625573b6a532c312eccc02fe657152610b7d056b964bb2165fffae9d17fd986cf547af885d44c26b117fe68df5b24e2607d37f3729d0ada
AUX gentoo-journald-audit.patch 1485 BLAKE2B 9cba28ce907330bbc1eafcf04a837987ed68272fcfa9cc34a309ff5d4cc2230f71a6f7fed42c79afb1c96605df141e8e40b2d8290d12ad3c18038269814f2df8 SHA512 d77d4dae9f8a7819c6d4855476f3163ee19f52b20f66a93e25818f0747404462c47e3cafbd82ba85ce1b3d2fdbabdd96a0398b71149b318c540d82403f8ad0ad
AUX gentoo-systemctl-disable-sysv-sync-r1.patch 821 BLAKE2B f5ef796725e023bb1ed83b34a3e4d45bb008de9a134892a5321b37b56809c7a44530d18e33c7877177e8b64b2d89dfc2de844bed433db6d5e57831d20fbfb456 SHA512 8d697dbd305f6b95a4ddc47cf9d99a0e954f54e161bd59164917b62a78ff5c23fa2d5be2614569c0a2297595dae59e1ee71bb04da72cbe0c0807e1abd7da974d
@@ -11,10 +12,11 @@ DIST systemd-stable-249.9.tar.gz 10613893 BLAKE2B fc7a14fa3b0cc3d05fa9f20fde2efe
DIST systemd-stable-250.2.tar.gz 11121031 BLAKE2B ddbb33648dbf0442e4258bf23ace04eac6d5ab6a2434537395b900b7bd4113a86199d6d559f8d76dcbede88484240a6593439acdcc7b1801857d13840c389c6c SHA512 2f734c1d1ea98ee3f1beb00689a0d56603cd981aa938bee1655445ddd4af3b2bb6472249fa158741edcb2259ee302b625e124c38b7d2ec00c53760d6b362d5bb
DIST systemd-stable-250.3.tar.gz 11125151 BLAKE2B 659c39994e76f94407dd9079e28fc644981d3475a0ed440b9895e8f201c3ce1fc47aa8c4d599ad85ed89ddfb6ca8e514aee2a739e93640745cf46647f99efe56 SHA512 81847fb088ff271138b1ea318995a2ca2ee5d4c5d839c9dd81f0210d366198049199d59c49b25ef8783df2c6b8dd9fcdf2d916777788b1a6d42deec9da8e9da5
DIST systemd-stable-250.4.tar.gz 11132786 BLAKE2B 8fdfe1bad76e572dc1be0955f3d1c4080f2beb81a2f9670f80827899f5406ab8ed8675400c2f5e8ccef44cf1bceff42ceae12a42e1b67d46c0deb523e6495f25 SHA512 307ed0920da660b6c45d909fea66864fb98db8b2f6905d629fb2012fc4bf64dd25fd61168c22bf4098200be541be9b0e815fbde98806a99c85cb33d49d8b63d0
-EBUILD systemd-249.11.ebuild 14750 BLAKE2B c68d4145202cd0bf616f2e0f6a066e7f2000f10705bcfc27f38cd8a0b0a3dc7bb8386df6473ccd821469606fb27a910e785447fd9748b8544bc157a92e6c00a6 SHA512 3c0478e0d2d5e4cf140d0657405f79645f423a6c7da76f9c62e5af56e8eb200cc2f5b4dfad27aaafeb40ed5172ac9a5b53c26952f56ddb31ebf1d4797485cb22
+EBUILD systemd-249.11.ebuild 14749 BLAKE2B 3b6ccb1617acceb9ebd90805aa7e2124be674e235094641013a665b76bf2417f250cb290e96caca6cdfa6704ee179a07057dfb820ce3a57daaecd754427a88d2 SHA512 6aa8d8428824cc8961692075a4ec34d1d5b179fef6b499c381370645259250b8c340dbb4523f4ac1c61241e844ed17c7800fc34ceb51c43fcde62562ddc350d8
EBUILD systemd-249.9.ebuild 14784 BLAKE2B ca86d60cc9890d368c269baa814c55345c05da6781dab850dc11d1ea81304e1d25319af0e3a81690df4fa178a796a54af5789dff4756c65b2bcb326f5f4bd511 SHA512 2c3166d0e8ce969b0117cd4454f7d8f71dcf6f079e7a8890cbe77c56e92e3d28d54e98ca07ed5dc0a391cd9acb0b58ce4869ee98b7d91f36fbdbfac54d01ee7f
EBUILD systemd-250.2.ebuild 15249 BLAKE2B e9a1484fa9c39b55f47c680c7a4a53fdd722e4d56d3a496a06875c3782a2ab97d04b7a1475ac0b08ace87dc8d9ba939034e7b22874da110d3a5b8e6dd064265d SHA512 8e820f53362c9c2379196ae8c3bd7bd8801856331ede8ad3877e5a04c9cc2e5145ada108d8d48db09358e2335791550c49a663ae75c900eac9a5b9fe201152cc
EBUILD systemd-250.3.ebuild 15249 BLAKE2B e9a1484fa9c39b55f47c680c7a4a53fdd722e4d56d3a496a06875c3782a2ab97d04b7a1475ac0b08ace87dc8d9ba939034e7b22874da110d3a5b8e6dd064265d SHA512 8e820f53362c9c2379196ae8c3bd7bd8801856331ede8ad3877e5a04c9cc2e5145ada108d8d48db09358e2335791550c49a663ae75c900eac9a5b9fe201152cc
+EBUILD systemd-250.4-r1.ebuild 15294 BLAKE2B c709485d1ae97d77f58a971984e7f3258a0f624b59e11958e1cadfe1991f704ee10d8bc836770f4c98f3dc3714e2c8d9ca65d89015b575bb21b877afa44ddeae SHA512 90468976a753b773f1748821128b034c342da5dcb2646203d51b07ccf726aa0937bfe7c87166e5feee5417ed6b40e81abc534953dbbb1d359fe80b9beb6c85b7
EBUILD systemd-250.4.ebuild 15249 BLAKE2B e9a1484fa9c39b55f47c680c7a4a53fdd722e4d56d3a496a06875c3782a2ab97d04b7a1475ac0b08ace87dc8d9ba939034e7b22874da110d3a5b8e6dd064265d SHA512 8e820f53362c9c2379196ae8c3bd7bd8801856331ede8ad3877e5a04c9cc2e5145ada108d8d48db09358e2335791550c49a663ae75c900eac9a5b9fe201152cc
EBUILD systemd-9999.ebuild 15249 BLAKE2B e9a1484fa9c39b55f47c680c7a4a53fdd722e4d56d3a496a06875c3782a2ab97d04b7a1475ac0b08ace87dc8d9ba939034e7b22874da110d3a5b8e6dd064265d SHA512 8e820f53362c9c2379196ae8c3bd7bd8801856331ede8ad3877e5a04c9cc2e5145ada108d8d48db09358e2335791550c49a663ae75c900eac9a5b9fe201152cc
MISC metadata.xml 2627 BLAKE2B b785769f4d2d029a935d8aa4da18d2366d283565a70db63b36eccbab4213edd3c0063a61fe58b313a37cd72fa4a848f4ba12dd3761f82b862a84a3b09ce06258 SHA512 ecbc947ffc3ad23afb6c07c60907d5cbb91053c4153c6661fa26f358710e3d7ca44ae4c3b0d229b428fbe5abb63f83175448e6fae8ec11c1cbe01c1a692c873b
diff --git a/sys-apps/systemd/files/250.4-random-seed-hash.patch b/sys-apps/systemd/files/250.4-random-seed-hash.patch
new file mode 100644
index 000000000000..efaa8cdfcaac
--- /dev/null
+++ b/sys-apps/systemd/files/250.4-random-seed-hash.patch
@@ -0,0 +1,74 @@
+https://github.com/systemd/systemd-stable/commit/ed46ff2bd6ca21d83cae4a94c3ed752ad1b64cce
+
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Mon, 3 Jan 2022 18:11:32 +0100
+Subject: [PATCH] random-seed: hash together old seed and new seed before
+ writing out file
+
+If we're consuming an on-disk seed, we usually write out a new one after
+consuming it. In that case, we might be at early boot and the randomness
+could be rather poor, and the kernel doesn't guarantee that it'll use
+the new randomness right away for us. In order to prevent the new
+entropy from getting any worse, hash together the old seed and the new
+seed, and replace the final bytes of the new seed with the hash output.
+This way, entropy strictly increases and never regresses.
+
+(cherry picked from commit da2862ef06f22fc8d31dafced6d2d6dc14f2ee0b)
+--- a/src/random-seed/random-seed.c
++++ b/src/random-seed/random-seed.c
+@@ -26,6 +26,7 @@
+ #include "random-util.h"
+ #include "string-util.h"
+ #include "sync-util.h"
++#include "sha256.h"
+ #include "util.h"
+ #include "xattr-util.h"
+
+@@ -106,9 +107,11 @@ static int run(int argc, char *argv[]) {
+ _cleanup_close_ int seed_fd = -1, random_fd = -1;
+ bool read_seed_file, write_seed_file, synchronous;
+ _cleanup_free_ void* buf = NULL;
++ struct sha256_ctx hash_state;
++ uint8_t hash[32];
+ size_t buf_size;
+ struct stat st;
+- ssize_t k;
++ ssize_t k, l;
+ int r;
+
+ log_setup();
+@@ -242,6 +245,16 @@ static int run(int argc, char *argv[]) {
+ if (r < 0)
+ log_error_errno(r, "Failed to write seed to /dev/urandom: %m");
+ }
++ /* If we're going to later write out a seed file, initialize a hash state with
++ * the contents of the seed file we just read, so that the new one can't regress
++ * in entropy. */
++ if (write_seed_file) {
++ sha256_init_ctx(&hash_state);
++ if (k < 0)
++ k = 0;
++ sha256_process_bytes(&k, sizeof(k), &hash_state);
++ sha256_process_bytes(buf, k, &hash_state);
++ }
+ }
+
+ if (write_seed_file) {
+@@ -277,6 +290,17 @@ static int run(int argc, char *argv[]) {
+ "Got EOF while reading from /dev/urandom.");
+ }
+
++ /* If we previously read in a seed file, then hash the new seed into the old one,
++ * and replace the last 32 bytes of the seed with the hash output, so that the
++ * new seed file can't regress in entropy. */
++ if (read_seed_file) {
++ sha256_process_bytes(&k, sizeof(k), &hash_state);
++ sha256_process_bytes(buf, k, &hash_state);
++ sha256_finish_ctx(&hash_state, hash);
++ l = MIN(k, 32);
++ memcpy((uint8_t *)buf + k - l, hash, l);
++ }
++
+ r = loop_write(seed_fd, buf, (size_t) k, false);
+ if (r < 0)
+ return log_error_errno(r, "Failed to write new random seed file: %m");
diff --git a/sys-apps/systemd/systemd-249.11.ebuild b/sys-apps/systemd/systemd-249.11.ebuild
index 58ec6237eb87..79c41b24c83c 100644
--- a/sys-apps/systemd/systemd-249.11.ebuild
+++ b/sys-apps/systemd/systemd-249.11.ebuild
@@ -20,7 +20,7 @@ else
MY_P=${MY_PN}-${MY_PV}
S=${WORKDIR}/${MY_P}
SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+ KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
fi
inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev usr-ldscript
diff --git a/sys-apps/systemd/systemd-250.4-r1.ebuild b/sys-apps/systemd/systemd-250.4-r1.ebuild
new file mode 100644
index 000000000000..444d748cfd2b
--- /dev/null
+++ b/sys-apps/systemd/systemd-250.4-r1.ebuild
@@ -0,0 +1,521 @@
+# Copyright 2011-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+PYTHON_COMPAT=( python3_{8..10} )
+
+# Avoid QA warnings
+TMPFILES_OPTIONAL=1
+
+if [[ ${PV} == 9999 ]]; then
+ EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+ inherit git-r3
+else
+ if [[ ${PV} == *.* ]]; then
+ MY_PN=systemd-stable
+ else
+ MY_PN=systemd
+ fi
+ MY_PV=${PV/_/-}
+ MY_P=${MY_PN}-${MY_PV}
+ S=${WORKDIR}/${MY_P}
+ SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev usr-ldscript
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="
+ acl apparmor audit build cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
+ fido2 +gcrypt gnuefi gnutls homed hostnamed-fallback http idn importd +kmod
+ +lz4 lzma nat +openssl pam pcre pkcs11 policykit pwquality qrcode
+ +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd
+"
+REQUIRED_USE="
+ dns-over-tls? ( || ( gnutls openssl ) )
+ homed? ( cryptsetup pam openssl )
+ importd? ( curl lzma || ( gcrypt openssl ) )
+ policykit? ( !hostnamed-fallback )
+ pwquality? ( homed )
+"
+RESTRICT="!test? ( test )"
+
+MINKV="3.11"
+
+COMMON_DEPEND="
+ >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+ sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+ virtual/libcrypt:=[${MULTILIB_USEDEP}]
+ acl? ( sys-apps/acl:0= )
+ apparmor? ( sys-libs/libapparmor:0= )
+ audit? ( >=sys-process/audit-2:0= )
+ cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
+ curl? ( net-misc/curl:0= )
+ elfutils? ( >=dev-libs/elfutils-0.158:0= )
+ fido2? ( dev-libs/libfido2:0= )
+ gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+ gnutls? ( >=net-libs/gnutls-3.6.0:0= )
+ http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
+ idn? ( net-dns/libidn2:= )
+ importd? (
+ app-arch/bzip2:0=
+ sys-libs/zlib:0=
+ )
+ kmod? ( >=sys-apps/kmod-15:0= )
+ lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+ nat? ( net-firewall/iptables:0= )
+ openssl? ( >=dev-libs/openssl-1.1.0:0= )
+ pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
+ pkcs11? ( app-crypt/p11-kit:0= )
+ pcre? ( dev-libs/libpcre2 )
+ pwquality? ( dev-libs/libpwquality:0= )
+ qrcode? ( media-gfx/qrencode:0= )
+ seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+ selinux? ( sys-libs/libselinux:0= )
+ tpm? ( app-crypt/tpm2-tss:0= )
+ xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
+ zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
+"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+ >=sys-kernel/linux-headers-${MINKV}
+ gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
+"
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+ >=acct-group/adm-0-r1
+ >=acct-group/wheel-0-r1
+ >=acct-group/kmem-0-r1
+ >=acct-group/tty-0-r1
+ >=acct-group/utmp-0-r1
+ >=acct-group/audio-0-r1
+ >=acct-group/cdrom-0-r1
+ >=acct-group/dialout-0-r1
+ >=acct-group/disk-0-r1
+ >=acct-group/input-0-r1
+ >=acct-group/kvm-0-r1
+ >=acct-group/lp-0-r1
+ >=acct-group/render-0-r1
+ acct-group/sgx
+ >=acct-group/tape-0-r1
+ acct-group/users
+ >=acct-group/video-0-r1
+ >=acct-group/systemd-journal-0-r1
+ >=acct-user/root-0-r1
+ acct-user/nobody
+ >=acct-user/systemd-journal-remote-0-r1
+ >=acct-user/systemd-coredump-0-r1
+ >=acct-user/systemd-network-0-r1
+ acct-user/systemd-oom
+ >=acct-user/systemd-resolve-0-r1
+ >=acct-user/systemd-timesync-0-r1
+ >=sys-apps/baselayout-2.2
+ hostnamed-fallback? (
+ acct-group/systemd-hostname
+ sys-apps/dbus-broker
+ )
+ selinux? ( sec-policy/selinux-base-policy[systemd] )
+ sysv-utils? (
+ !sys-apps/openrc[sysv-utils(-)]
+ !sys-apps/sysvinit
+ )
+ !sysv-utils? ( sys-apps/sysvinit )
+ resolvconf? ( !net-dns/openresolv )
+ !build? ( || (
+ sys-apps/util-linux[kill(-)]
+ sys-process/procps[kill(+)]
+ sys-apps/coreutils[kill(-)]
+ ) )
+ !sys-apps/hwids[udev]
+ !sys-auth/nss-myhostname
+ !sys-fs/eudev
+ !sys-fs/udev
+"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+ >=sys-fs/udev-init-scripts-34
+ policykit? ( sys-auth/polkit )
+ !vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+BDEPEND="
+ app-arch/xz-utils:0
+ dev-util/gperf
+ >=dev-util/meson-0.46
+ >=sys-apps/coreutils-8.16
+ sys-devel/gettext
+ virtual/pkgconfig
+ test? (
+ app-text/tree
+ dev-lang/perl
+ sys-apps/dbus
+ )
+ app-text/docbook-xml-dtd:4.2
+ app-text/docbook-xml-dtd:4.5
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt:0
+ $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]')
+ $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
+"
+
+python_check_deps() {
+ has_version -b "dev-python/jinja[${PYTHON_USEDEP}]" &&
+ has_version -b "dev-python/lxml[${PYTHON_USEDEP}]"
+}
+
+QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
+QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
+
+pkg_pretend() {
+ if [[ ${MERGE_TYPE} != buildonly ]]; then
+ if use test && has pid-sandbox ${FEATURES}; then
+ ewarn "Tests are known to fail with PID sandboxing enabled."
+ ewarn "See https://bugs.gentoo.org/674458."
+ fi
+
+ local CONFIG_CHECK="~AUTOFS4_FS ~BINFMT_MISC ~BLK_DEV_BSG ~CGROUPS
+ ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+ ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+ ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
+ ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+ ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+ ~!SYSFS_DEPRECATED_V2"
+
+ use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+ use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+ kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
+ kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
+ kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
+
+ if kernel_is -lt 5 10 20; then
+ CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
+ else
+ CONFIG_CHECK+=" ~KCMP"
+ fi
+
+ if linux_config_exists; then
+ local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+ if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+ ewarn "It's recommended to set an empty value to the following kernel config option:"
+ ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+ fi
+ if linux_chkconfig_present X86; then
+ CONFIG_CHECK+=" ~DMIID"
+ fi
+ fi
+
+ if kernel_is -lt ${MINKV//./ }; then
+ ewarn "Kernel version at least ${MINKV} required"
+ fi
+
+ check_extra_config
+ fi
+}
+
+pkg_setup() {
+ :
+}
+
+src_unpack() {
+ default
+ [[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+ # Do NOT add patches here
+ local PATCHES=()
+
+ [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
+
+ # Add local patches here
+ PATCHES+=(
+ "${FILESDIR}/250.4-random-seed-hash.patch"
+ )
+
+ if ! use vanilla; then
+ PATCHES+=(
+ "${FILESDIR}/gentoo-generator-path-r2.patch"
+ "${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
+ "${FILESDIR}/gentoo-journald-audit.patch"
+ )
+ fi
+
+ default
+}
+
+src_configure() {
+ # Prevent conflicts with i686 cross toolchain, bug 559726
+ tc-export AR CC NM OBJCOPY RANLIB
+
+ python_setup
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=(
+ --localstatedir="${EPREFIX}/var"
+ -Dsupport-url="https://gentoo.org/support/"
+ -Dpamlibdir="$(getpam_mod_dir)"
+ # avoid bash-completion dep
+ -Dbashcompletiondir="$(get_bashcompdir)"
+ # make sure we get /bin:/sbin in PATH
+ $(meson_use split-usr)
+ -Dsplit-bin=true
+ -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
+ -Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
+ # Avoid infinite exec recursion, bug 642724
+ -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+ # no deps
+ -Dima=true
+ -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
+ # Optional components/dependencies
+ $(meson_native_use_bool acl)
+ $(meson_native_use_bool apparmor)
+ $(meson_native_use_bool audit)
+ $(meson_native_use_bool cryptsetup libcryptsetup)
+ $(meson_native_use_bool curl libcurl)
+ $(meson_native_use_bool dns-over-tls dns-over-tls)
+ $(meson_native_use_bool elfutils)
+ $(meson_native_use_bool fido2 libfido2)
+ $(meson_use gcrypt)
+ $(meson_native_use_bool gnuefi gnu-efi)
+ $(meson_native_use_bool gnutls)
+ -Defi-includedir="${ESYSROOT}/usr/include/efi"
+ -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)"
+ $(meson_native_use_bool homed)
+ $(meson_native_use_bool http microhttpd)
+ $(meson_native_use_bool idn)
+ $(meson_native_use_bool importd)
+ $(meson_native_use_bool importd bzip2)
+ $(meson_native_use_bool importd zlib)
+ $(meson_native_use_bool kmod)
+ $(meson_use lz4)
+ $(meson_use lzma xz)
+ $(meson_use zstd)
+ $(meson_native_use_bool nat libiptc)
+ $(meson_native_use_bool openssl)
+ $(meson_use pam)
+ $(meson_native_use_bool pkcs11 p11kit)
+ $(meson_native_use_bool pcre pcre2)
+ $(meson_native_use_bool policykit polkit)
+ $(meson_native_use_bool pwquality)
+ $(meson_native_use_bool qrcode qrencode)
+ $(meson_native_use_bool seccomp)
+ $(meson_native_use_bool selinux)
+ $(meson_native_use_bool tpm tpm2)
+ $(meson_native_use_bool test dbus)
+ $(meson_native_use_bool xkb xkbcommon)
+ -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+ # Breaks screen, tmux, etc.
+ -Ddefault-kill-user-processes=false
+ -Dcreate-log-dirs=false
+
+ # multilib options
+ $(meson_native_true backlight)
+ $(meson_native_true binfmt)
+ $(meson_native_true coredump)
+ $(meson_native_true environment-d)
+ $(meson_native_true firstboot)
+ $(meson_native_true hibernate)
+ $(meson_native_true hostnamed)
+ $(meson_native_true ldconfig)
+ $(meson_native_true localed)
+ $(meson_native_true man)
+ $(meson_native_true networkd)
+ $(meson_native_true quotacheck)
+ $(meson_native_true randomseed)
+ $(meson_native_true rfkill)
+ $(meson_native_true sysusers)
+ $(meson_native_true timedated)
+ $(meson_native_true timesyncd)
+ $(meson_native_true tmpfiles)
+ $(meson_native_true vconsole)
+ )
+
+ meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_test() {
+ unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
+ meson_src_test
+}
+
+multilib_src_install_all() {
+ local rootprefix=$(usex split-usr '' /usr)
+
+ # meson doesn't know about docdir
+ mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
+
+ einstalldocs
+ dodoc "${FILESDIR}"/nsswitch.conf
+
+ if ! use resolvconf; then
+ rm -f "${ED}${rootprefix}"/sbin/resolvconf || die
+ fi
+
+ rm "${ED}"/etc/init.d/README || die
+ rm "${ED}${rootprefix}"/lib/systemd/system-generators/systemd-sysv-generator || die
+
+ if ! use sysv-utils; then
+ rm "${ED}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
+ rm "${ED}"/usr/share/man/man1/init.1 || die
+ rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
+ fi
+
+ if ! use resolvconf && ! use sysv-utils; then
+ rmdir "${ED}${rootprefix}"/sbin || die
+ fi
+
+ # https://bugs.gentoo.org/761763
+ rm -r "${ED}"/usr/lib/sysusers.d || die
+
+ # Preserve empty dirs in /etc & /var, bug #437008
+ keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+ keepdir /etc/kernel/install.d
+ keepdir /etc/systemd/{network,system,user}
+ keepdir /etc/udev/rules.d
+
+ keepdir /etc/udev/hwdb.d
+
+ keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
+ keepdir /usr/lib/{binfmt.d,modules-load.d}
+ keepdir /usr/lib/systemd/user-generators
+ keepdir /var/lib/systemd
+ keepdir /var/log/journal
+
+ # Symlink /etc/sysctl.conf for easy migration.
+ dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
+
+ if use pam; then
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
+
+ if use split-usr; then
+ # Avoid breaking boot/reboot
+ dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
+ dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
+ fi
+
+ # workaround for https://github.com/systemd/systemd/issues/13501
+ if use hostnamed-fallback; then
+ # this file requires dbus-broker
+ insinto /usr/share/dbus-1/system.d/
+ doins "${FILESDIR}/org.freedesktop.hostname1_no_polkit.conf"
+
+ insinto "${rootprefix}/lib/systemd/system/systemd-hostnamed.service.d/"
+ doins "${FILESDIR}/00-hostnamed-network-user.conf"
+ fi
+
+ gen_usr_ldscript -a systemd udev
+}
+
+migrate_locale() {
+ local envd_locale_def="${EROOT}/etc/env.d/02locale"
+ local envd_locale=( "${EROOT}"/etc/env.d/??locale )
+ local locale_conf="${EROOT}/etc/locale.conf"
+
+ if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+ # If locale.conf does not exist...
+ if [[ -e ${envd_locale} ]]; then
+ # ...either copy env.d/??locale if there's one
+ ebegin "Moving ${envd_locale} to ${locale_conf}"
+ mv "${envd_locale}" "${locale_conf}"
+ eend ${?} || FAIL=1
+ else
+ # ...or create a dummy default
+ ebegin "Creating ${locale_conf}"
+ cat > "${locale_conf}" <<-EOF
+ # This file has been created by the sys-apps/systemd ebuild.
+ # See locale.conf(5) and localectl(1).
+
+ # LANG=${LANG}
+ EOF
+ eend ${?} || FAIL=1
+ fi
+ fi
+
+ if [[ ! -L ${envd_locale} ]]; then
+ # now, if env.d/??locale is not a symlink (to locale.conf)...
+ if [[ -e ${envd_locale} ]]; then
+ # ...warn the user that he has duplicate locale settings
+ ewarn
+ ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+ ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+ ewarn "and create the symlink with the following command:"
+ ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+ ewarn
+ else
+ # ...or just create the symlink if there's nothing here
+ ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+ ln -n -s ../locale.conf "${envd_locale_def}"
+ eend ${?} || FAIL=1
+ fi
+ fi
+}
+
+pkg_preinst() {
+ if ! use split-usr; then
+ local dir
+ for dir in bin sbin lib; do
+ if [[ ! ${EROOT}/${dir} -ef ${EROOT}/usr/${dir} ]]; then
+ eerror "\"${EROOT}/${dir}\" and \"${EROOT}/usr/${dir}\" are not merged."
+ eerror "One of them should be a symbolic link to the other one."
+ FAIL=1
+ fi
+ done
+ if [[ ${FAIL} ]]; then
+ eerror "Migration to system layout with merged directories must be performed before"
+ eerror "rebuilding ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
+ die "System layout with split directories still used"
+ fi
+ fi
+}
+
+pkg_postinst() {
+ systemd_update_catalog
+
+ # Keep this here in case the database format changes so it gets updated
+ # when required.
+ systemd-hwdb --root="${ROOT}" update
+
+ udev_reload || FAIL=1
+
+ # Bug 465468, make sure locales are respected, and ensure consistency
+ # between OpenRC & systemd
+ migrate_locale
+
+ if [[ -z ${REPLACING_VERSIONS} ]]; then
+ if type systemctl &>/dev/null; then
+ systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
+ fi
+ elog "To enable a useful set of services, run the following:"
+ elog " systemctl preset-all --preset-mode=enable-only"
+ fi
+
+ if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
+ rm "${EROOT}/var/lib/systemd/timesync"
+ fi
+
+ if [[ ${FAIL} ]]; then
+ eerror "One of the postinst commands failed. Please check the postinst output"
+ eerror "for errors. You may need to clean up your system and/or try installing"
+ eerror "systemd again."
+ eerror
+ fi
+}
+
+pkg_prerm() {
+ # If removing systemd completely, remove the catalog database.
+ if [[ ! ${REPLACED_BY_VERSION} ]]; then
+ rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+ fi
+}