diff options
Diffstat (limited to 'sys-apps/systemd')
22 files changed, 821 insertions, 3180 deletions
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest index bbf9e34c46ab..e5767a50f352 100644 --- a/sys-apps/systemd/Manifest +++ b/sys-apps/systemd/Manifest @@ -1,35 +1,26 @@ AUX 254-PrivateDevices-userdbd.patch 9905 BLAKE2B ecc0cac69ddb680f57b537ac239c2b561b41635e1a6208dd72b7ae85b437f8ddfc0a026fe3530df7777b6c35f2e79edf73ab26e8ea590dd15865836e55eff3c0 SHA512 ce2b9e10854d87a6f179ed9b3ef85b5caf7b51ecd65584d70a90a3151b113158fd5565dbf9806e177f801a555161bf783e77230f9c6c67904484d04de3aac497 -AUX 255-dnssec-2.patch 2475 BLAKE2B 75378a8567786a880dae58d726e0c5dad946a58b3cb816b257b5894e87358726f80709bdd9dc08b991a05e9f980a27cd54ec4ef0fa7c479ecd5c217ce609f0ae SHA512 99cd7dd7c4139069c506dad31e3abef3b2aba849a96709ac3ea1e0d3c517d754ae3d488cf646189ebeb1830698f78df542b49c81194a47fbf50359214f0bc938 -AUX 255-dnssec-3.patch 1656 BLAKE2B 8a3556ee8338d8b3bfea178d56c843f65af8a8a92892f13d2aa7c6228cdc128a29d706cfcb2e91eb8e4be0d198a65bfcf1071c35a8c3883b68045a14d2be2101 SHA512 e6217a94e8f18b765d7088cbb570cb59c904aaf65f278e0d3dc4d0a2d8186d0b3b91f3d961e97fd84921490b2b2ae8f0afff62605e550e053b4d5606b0813aa1 -AUX 255-dnssec.patch 1476 BLAKE2B cb4406c3b19aca762557827e64e78a83bee709c596453275060d6a69b044014f92a5ccc54ea8da8a65fa1e745c3f9fe5a06d0d0519730b21deda28c6237c2239 SHA512 cfe01b27df92ad06847fd01fdbafc151a0dd39d865c95b72ce001dc130ee3bdf95f13b84cf318f0c37628477b829a406ba8c5f999a619d109f5474fad477a87f -AUX 255-install-format-overflow.patch 2190 BLAKE2B 8e0660f4b84174b0946f5f069e0d4bcf55d0c4b5964a978648364a84a3d3f04b21a8434794c58c035eac76b4114f32372ed8017de0cd77cbddcf934e60d9202b SHA512 dab24bd709c41723ddbd43cde51f525b8b959fe55ebd343e3f04d4977430d9eca5cc7c06bbc9c4ef3444747e9780621b648247cd946d3baa28820b03011e72ad +AUX 256-bpf-gcc.patch 1044 BLAKE2B 856e9ab9f7067ad616419a5ac42e84cd726c3d464cc2415bd2ea5236df9eb306f91cd54dedc3c762cfd627aba330f1c5126046a725576d8748b89d7f4485ef93 SHA512 59a3da348f68b6202062cf01024713173f3143d8413177f66833b03ca4a47ce1e3439615c7eba5c160daf45cf16d0eaae36e63e69945e4d3fc9d9a3fa14d008d AUX gentoo-generator-path-r2.patch 994 BLAKE2B 2bfb42623221291030fa9f7310e9bf747351a26f6ffd842628298787b74d4ec562bacaa9fc5365f7e854f695dab5f74bc06883fefc1f210dce4fd415926817ac SHA512 98054222ea232e120625573b6a532c312eccc02fe657152610b7d056b964bb2165fffae9d17fd986cf547af885d44c26b117fe68df5b24e2607d37f3729d0ada AUX gentoo-journald-audit-r1.patch 1941 BLAKE2B 93f1a0ba8dd575359e5ab4bd04f99ed3172dbe1ba14d8cade6fc08b0158e66847900d8531898ee9ec3855ac3857cf07a3e10804a3cb67719f0e9378437eba836 SHA512 affbe58aa65ebca7c1c6d790f9f68ffc44bda70a08165f5298ee4a84ab1c16cf534950ac50ffdb61b647e5eb068f51c333a76e39d8336e21e5d1b0199192139c AUX legacy.conf 80 BLAKE2B 23eca4dd1743a5cf77767894d23d419c1663147c5aee6be971da64fdea0531eadfe97ac8bc4e63b44404dcf89940d438de6b7081158b78639945ce0fadbb103c SHA512 f74f05991102b644dee7822a80cb8e6c14cd1eb48bd9342bc662d5947b9f04d32e875d2a5e6476a67bdbface4d2b2159b99c11d72eb4658c5cb4caf595f138be AUX nsswitch.conf 734 BLAKE2B 5f5a7821a84f6c8aa31fe9a68c29a1a0f24be578d427a623f14a9ef795e7da481f226efe5511d92932b5edf5638fa719808a0c3a0b8fd340799dd6bcb703a0a1 SHA512 dcbd51dacaaebdff32edb3840cc7b9b47b6521009b8786690e3673a2e78bc60bfd8e591b1048c5d452117c6659b9917ae2864462f5057cc39b704b0130522e60 AUX systemd-253-initrd-generators.patch 1486 BLAKE2B 85a7f714aa1743bd88e01b45624dc4104e4d762732745d9958019063f6ac91ffd89ae84e03f728e6040a58643f253a5ea7f77f44ef71620e686e23aed61876e4 SHA512 f8aab9f4bbf5a73c52144013fd7001dc78974211f11abb58a0f5eceff59b3ebf670409846fff854daec10219074602674176730f85583db0e81275289e89c66b -AUX systemd-254.9-fchmodat2.patch 9696 BLAKE2B d3e3dbf5af966742c18d6710efc75f13b21e703daa256c37c8d7a2f8ec4247f67687647eb34f38675dbba3e2a9ddd6606a3ca599688d0c2115bf29406521c4b3 SHA512 b28ff60cf0eb3fb58ff26b120721efa39537d0dc10e162ac07cb415db25c98eca98103f833bffcb1b98d4cefb44af8e433c69280b88d1bcd1209944e78ce5c6c AUX systemd-test-process-util.patch 1077 BLAKE2B 0f01ea7641366cdb01a9e310d326ea73052dd0e6fe8b4217e45d0632aa2af3f2ee33b8a8f6dfe70c3b4e3f240f0e2c738a6c4d28f6f38d9e36c4f408b2ac0202 SHA512 ca23effa72da5875ec6ee112e25db51229bf1a03b61053ce4bf2b81becceb31456c137ce9f0fa05071fe1bfc2fe705fa6b885df88d9fe093fc87970936feb071 +AUX systemd-user-selinux.pam 204 BLAKE2B cb67dbe29fba5e3f4282b3b55e2347b642ce40532fdf57c1adbfc854a1caf107868a725e170f43aad6bf14ab6163f2070839b63abdfc1f66cbbee3f706e49a33 SHA512 305dbc275d5faacb8992de04e0699dbc69033273872e0def66a663ca9ad951871e4dd22c74130d55f40f4c6698740bb039fe51dc2981c5c2cc346fb2c524cbb0 AUX systemd-user.pam 122 BLAKE2B cccc07cab47dfc0481438e503c34fa1a0b2c6b1f8ab282197719a523421d2a526f19230bb459e0347cbeb2046e35a407c78178a3fb5b79619e987cbc4ac7d5e4 SHA512 c5437677ff00fbb45798fe594e8d61b1c2bfc2d103105d7bd82e476240452477ac263700800f5d0ba91ddc895eb85f4517d5cb15c80611ec1680a686d47cd781 -DIST systemd-stable-254.10.tar.gz 14428960 BLAKE2B 488c27b9657ec7452f876ab6c18bbfe711f1351afa022801f5a646f2dd1d76d63c17e52e6ebf43b38a76807907287b654a7eaca3afdb0688f5b05839e98ad727 SHA512 0c127d38d0ade8655ae12172c2edbaa8af68bd29f42d965b988d75e74626846ae859bcf0b39b535c9a99ad8c709ad7575ed4d5ea5bc95ce8729e3caafdb32b70 -DIST systemd-stable-254.11.tar.gz 14439741 BLAKE2B 5103bad91cd01b019ebb431f54f2d795ab995359c90b5c2e7376b5c7b5aec121ea6d070143b8581e3fb0d66ad2ac7e44113fa5e5fae4cb5adbf0e996727264fe SHA512 597c559b27a2879ce3f89efded7adce55d054bbb8ce97cf35efe52b0dcacbfabcbd05b582bd7064d3ba713ec2ec7931241971e67d39f12226e477df23c0d0dc7 -DIST systemd-stable-254.12.tar.gz 14529517 BLAKE2B ed6e4a78363930840e505c4bd789d1d44c238f30d3c0768d435e1cacb43ac3ab07e0dc9085546b4142152bbb4ceb4e2c0a9560e74e1a2b8c09fc885620695e73 SHA512 fa3679915392e641bed73ccb48f5def386ab13ba5ff7efdac952214193c3311543bec4c4370d6880f9599f63e377506b343805c3c56b7dde7eb5e3bbc0dc7a87 -DIST systemd-stable-254.8.tar.gz 14418468 BLAKE2B e5a151ece86e57c7224fc95bda1b4ede1277fce4a2ba28d3605ab0431a2aafe1088f90c49a20e3b53a5b56aeef7c0f1f5da0601db740150f5efdf6eae7bbde80 SHA512 a3f35d9fcafcccd8d9c33ab1047241f226146017be95562a67c7dcc9eeb4b77bded92ad80e92f4767f2bf2009df0172a621d4c54a805e07ed5a5ed03940ec28e -DIST systemd-stable-254.9.tar.gz 14423806 BLAKE2B ab39c0a00b8451b24b40e39f4bf7ecb912ff23d9cd6f8d30fd0545e895936baa635b1ff63c02a83761682b72f44244aac8338bf6506885c9b07cd0c5247b6693 SHA512 a0300693a044cfe4c76deb0e3e48a927125eb97c3952c07ba68936f1e093c93506d8044b249b534b8e778ade6143b43194f8d6b721a8cd520bc7bb4cb3d3e5c1 -DIST systemd-stable-255.3.tar.gz 14873273 BLAKE2B e22ef391c691fcf1e765c5112e1a55096d3bba61a9dae3ea1a3958add4e355892a97d5214e63c516ba3b70e2a83bb5d21254812d870f06c16c74a58d4f957d75 SHA512 c2868a53df2176649b0d0c94e5d451c46ba783bcdbc89ce12434ed2d11dba44b4854ffe4c2430f3f64eef2e214cbb51d5f740170afbd9edd66761a8851157453 -DIST systemd-stable-255.4.tar.gz 14952427 BLAKE2B 27f5080f83a9e870fbe8e3ebcb500a63c42022f1f96f26f35c76eeeea85dab691291c31ee716cab330b76df5e576910a6a82f51267eff4f766b1d4c304d815c9 SHA512 8a2bde11a55f7f788ba7751789a5e9be6ce9634e88d54e49f6e832c4c49020c6cacaf2a610fe26f92998b0cbf43c6c2150a96b2c0953d23261009f57d71ea979 -DIST systemd-stable-255.5.tar.gz 14976055 BLAKE2B 08e2d5e6ed340214f195e8ecc22665c572838af94c19f946de7dc710e0f5e0476dda09d313b6848a7f10f6d545b8cd6b1b7ce234b9f4aad1dbff3a065eda6b76 SHA512 9c0b39379e9ef2af983d885ec3cac0377c90435846341bb4e22abf33c00cc1c9f40abba1d6f598300ffac18e2b27bf917eea41885b1413f63cb9902d2efe9bcc -DIST systemd-stable-255.6.tar.gz 15060034 BLAKE2B 27e14a870bd8ae85e3c7679a69b7dcd6f1165430c4cdea57d3f7092a40a22085bafc3e3e397a7429b53773f7460bde0ad0af9afb6852c6d0c9cc681d25c34c03 SHA512 523c5d973e2ccd47f8ba33d1fb8264a8de58cb639fab22be0d0854f96009dce700d6f022d30aad5ab7b9292b33047cbbc1eefc3c6141328e337b9a245944c237 -EBUILD systemd-254.10.ebuild 15353 BLAKE2B 7410306951f635c5642e7b319ec1bf16b895a1447106f1fef65f8a59cb2059fb181411079a7dd6552644e86e0541f3313f71651cac11d04438126425747c6993 SHA512 b4a1dcf7265f0830e12c6e8ffc825dcbe48da8fe515e91e999763b60d6b237fb78c145c7f485e29751726c9d5d1f49183caa535f1a9e69b1784b217de440cc34 -EBUILD systemd-254.11.ebuild 15360 BLAKE2B c2c14414ae0960a418d9b4bb78545a51de3576c6f1667b56c883015a8983b66084ee44fe616b563a89457cd3278689b642ec1b7fec3ff02c4a5796faca8a1db0 SHA512 f8e3bda1add84cb9ef1443e708370030aaa816ec135af17af1e059afc9b4dbbd76bb4e60fd9aeeecc44a64faf28dbea430f2710e6ec891d8eeef680b7f9c6652 -EBUILD systemd-254.12.ebuild 15360 BLAKE2B c2c14414ae0960a418d9b4bb78545a51de3576c6f1667b56c883015a8983b66084ee44fe616b563a89457cd3278689b642ec1b7fec3ff02c4a5796faca8a1db0 SHA512 f8e3bda1add84cb9ef1443e708370030aaa816ec135af17af1e059afc9b4dbbd76bb4e60fd9aeeecc44a64faf28dbea430f2710e6ec891d8eeef680b7f9c6652 -EBUILD systemd-254.8-r1.ebuild 15472 BLAKE2B 22b00b6cefce875f30858d26a8b900096a99551dddda2b2a6a9d4461ad6278bf875254d0b83eab8dbc8b68ef3c647ec1a35cb4bec9cf6d9fec6e723b2539eeaa SHA512 f70748a5b0066598e7d87ee3dc21d3b472c51f327249a0629fc77d24156294b74820442f76597fe5d7ce1d823a6680805e9b2d4aea7a9c1ad0719d494c9de27b -EBUILD systemd-254.9-r1.ebuild 15526 BLAKE2B 8dcef82b133f49b1916c107575b64e695f0aa2e37aeb41adb9f8e5f0dfa5417343dae73df750c752b85830541b0d6eac4979a432fe9b196476e6a176e93077c0 SHA512 35585c7eb25279b5d668db7ed714e81158b3df57385440225d0267a8e8b7f9f479503de18d5fdfe90c5a29f6f528dc476eb270c7fcdfafa30a5beccf6c050694 -EBUILD systemd-255.3-r1.ebuild 14914 BLAKE2B 1166b26b9b4f9149007879f9502f6923459a4eb2faa8474fc23ef66e76b81a6d8541069e3382f26b3fb75043c0cac828223632181f3007f6637ffc41a27cc37b SHA512 61b4888e9d4f208bcbd32da4c6da7b101d5b757518ff22b8013bdfcac055a70b20e43ff5cf6bd2debc14b73e97cebd1e0cc48f17b40639fefe56e4e30154fab5 -EBUILD systemd-255.4.ebuild 14942 BLAKE2B 6023a35d0614ba98ca0fe00ebce0621933d62c7d350acd992c8287e471836b61acd2a46cfd07ab918823bb16f6c18542e1e5fdfe6c1d560dc44847bb50969d36 SHA512 3a2075dfba437da5de587afe478570afc6b309d300a931c82ac3645b13d0fd08f1a56fbc49703032906aaf667b090b2aacf8f44e0849ac4015ad4ba1d5435377 -EBUILD systemd-255.5-r1.ebuild 14932 BLAKE2B 9ad711f9156e83f500d789ff07bf7bdfb573da079c7462f4fb1bab2f54a95809dc5cad2a458a112a8363053ce91762ae90589fb9ec81beb5078a85f6e5fdae77 SHA512 660de7bf8aeb0d7797ef1f27b8abe16dfac51d0d403dc1ff3e73392c4c9ecd98eec7f59d79493a0d0f14e314342a4171cf14d383bca6e5f9f175841017377c64 -EBUILD systemd-255.5-r2.ebuild 15002 BLAKE2B 9cb0ece809e4bbe8d76e3798546331e6c28fea70def1da6a030fbb3197d7cbf002565ef78f8f94b2776eca34df6e10dcc26ab6632af0398e7ed3d8633f51496c SHA512 a1cb198768f8e29972e580447938b5a2068e790069107d4e1e9e6bf5ac663291abc07ae8fcb6b08cecec302c9ca5faaeaddc13cb8082c9424876dd7d9851a0fc -EBUILD systemd-255.5.ebuild 14899 BLAKE2B 821ecbb2502896c89a293c75047b79695281127336c8fde824834ffd6390187ebb9c3563e55ae66868fc9591bb41857c9db0f54db2d086a60ef1c1f9c831de7a SHA512 faa9ea73c23062b2cd3e6ce973495364d9d410de95b2847364009fe441adff098c79cac13abd34bc52aea06a962c72ced44000e40e930470950ecc317beb154c -EBUILD systemd-255.6.ebuild 14899 BLAKE2B 821ecbb2502896c89a293c75047b79695281127336c8fde824834ffd6390187ebb9c3563e55ae66868fc9591bb41857c9db0f54db2d086a60ef1c1f9c831de7a SHA512 faa9ea73c23062b2cd3e6ce973495364d9d410de95b2847364009fe441adff098c79cac13abd34bc52aea06a962c72ced44000e40e930470950ecc317beb154c -EBUILD systemd-9999.ebuild 14899 BLAKE2B 821ecbb2502896c89a293c75047b79695281127336c8fde824834ffd6390187ebb9c3563e55ae66868fc9591bb41857c9db0f54db2d086a60ef1c1f9c831de7a SHA512 faa9ea73c23062b2cd3e6ce973495364d9d410de95b2847364009fe441adff098c79cac13abd34bc52aea06a962c72ced44000e40e930470950ecc317beb154c -MISC metadata.xml 2609 BLAKE2B 8947f3b696fbba7b90e838a54fbb4fd933c71907c8011652fc2b7d68d4ce5f78a19f350a309e4c0f66ef0159376c9064ba9c15941ecf1748c359c4ae3b072102 SHA512 dfeea24b7a93f5d4af4ac47b87ba08092d069fb1a4749c0c1f36a669be6115eaea8f67e6183b6a4f155ef90d7714f74299109420d569c2b0545d80584ed0e97e +DIST systemd-256.6.tar.gz 15667835 BLAKE2B f7c51e3e8638ec415ba46428c13de9f0ff7ac92221c5f702117f53a46ed9818d330727b90eec7f16f9fada09bdc04eff943480d26c4c2dabc8fdc94b4b9e3f6d SHA512 99d0fad02cab3559e081dabc2797d1d66bbc21daf9aaec847aeb6bce289456ff9c8599a34563c9bfa3826db36ae9ab30836b09bae00bf1a410b54d0bad9bd4dc +DIST systemd-256.7.tar.gz 15672532 BLAKE2B d718b7bcbf9c3583953a9fa82319f04b32d17c5b7539a49b9999881bd8cea7fd9a06f252d763170613a6cd0fd2535762b233cba74eb87764f662c4bdf2d8c1da SHA512 2ff3805a7d97780a716b23ddeea3722a85aba6326ecee527e53e9d35510a0ffa5ec0bf0cdbf8f3409bb9c6832406916f63eb7e8305db5f67c284e5590c642422 +DIST systemd-stable-254.17.tar.gz 14566862 BLAKE2B fca04c8db285cf22551f7c980da52a8aa3ef3eb78d6005b38cdece4b53ac43a69aa401f8498ee00fcab037dbb22c996b8c626db32c6e4be481f41f752e7a848b SHA512 11ae971e5463fb511c32fbc1ce4012765c73cf87d68ca44c36b85a2ed12f73655b6d071975008c6dd56a27963d1dff5d3c22039fc813bff30be23e6f2dd425ae +DIST systemd-stable-254.18.tar.gz 14567354 BLAKE2B 30605ae63bdb650d380bcf4697eeaaba96f5e7a32051aa103ad9f8d32bb9a0c3bd9859ca23fda6b4e6ffab98a814748bc30638a01d03473191013758a958c70b SHA512 437db125a15021a5f51f59f8cc66992c8d2d767fd3fa13331c41502d1d362a3fd0024058a708602bb2760689bd61ec656c6faffcb22932776d54e9815a43d4ed +DIST systemd-stable-255.11.tar.gz 15107037 BLAKE2B 7839323367d47dc57914fb501c7be38206f3bc882e560c4df25c65d421e5756108711b0ce57df6ad444d5eabb256d6730366e21d283cb02e1ef014b670855669 SHA512 be06010b56f4ea0651ebe921cd2a68f1794a64367fedea6752f7ba71ac5e00c5f0167d52ba5b662fd9781f5aa3f372e174b65f99a9bac66d4bf6af92caa67ba7 +DIST systemd-stable-255.12.tar.gz 15107917 BLAKE2B d3e3922e326f9a06557769800cf21b61562e4d26776be50a87ce04503e16fbcb2ee73e2a78c3ba1ce1b343f0e31bec7c2346188331c5558dcbb4cd7d023906d6 SHA512 bb31854da5a2f2ac7c2c4a5a92457352ceabcb4fc7063a08e29f0d0e500a1a684d2d76bc75695425ebff53e150986bdd925455493928df46c6b4546e1c7fcf72 +DIST systemd-stable-255.7.tar.gz 15068684 BLAKE2B 6fb5415d9e013bc8695ef837affce7063d214027529412a25ea73eb25473d1f07cff6ad3ea3ea18b7bbf9d73d2bb8e39838e1aeb2a14d016b3b47e4ba24d02d0 SHA512 1cd2a00f292751b923bd93c60bdcdd66d82792b45e32dce11d77e2b3b6fc5c8ba4c5db386652deffa8c24e75032af1a745700ba91f1726e249f0c447daf85c2a +EBUILD systemd-254.17.ebuild 15485 BLAKE2B c0f85295054844b8dcc77267e852b92889c97fd4a1e8a9cd8eeddb3ccefe19ceb67c97c4c9065639d97c14f4c47dec55a34915adef9ffd444d00f2f8586695e5 SHA512 bd0242e8133b44d7cc7b58deccf6106795ff041680277d1dc92663540b156de861f2939b86dd871fa265321375080a8a1c10860de7852e98a5843db50b83528a +EBUILD systemd-254.18.ebuild 15493 BLAKE2B e9a86bef5b3b95aedf8b34adbfbd5a7b19ba18dc1c384e06d1e71ef016cf83c906332e11f25d93fed22f84b61def0b704faa138c2f78a8d3eb8a0ad3d4bc139a SHA512 3bac97ab12de2c65c856ce6acc6ca0a124cd939997a10c93164a3f0c54822d714492b86db14852f9293828ec22b6f370b00a49b43b4a96ba893e222a9cd67c83 +EBUILD systemd-255.11.ebuild 15230 BLAKE2B 3f29ad915e4984bfa1928b68508053681030d7ca18f57aea525e959870e52d0711eb660985a3229dbdac1fc75e1072d26ea0106bdf9e5c838f4142bd73b7a41d SHA512 585b08fccfa2d0ff1caccfede77c56e34b12231a1bbc534a40e85dc807e9d3cc42e5ca9c43cabb5768cdac997c63f54c08aade4e138fd5d4a99792b0bf1c03c4 +EBUILD systemd-255.12.ebuild 15238 BLAKE2B 834f02a0001137b4435a7d90764279cc5fb4044f088258852f27b3c96b0b4986abccaffc75826944adc7a6fdee3c5e7c9599e354233a4eec5d7fb9b2cc4261d5 SHA512 170064f830a56925ac5fd70c3209131665d84195458494ef73a05f2e6c3bc438f08839bd0b5dea2eabc7b1a71ddce8ab7a5ba3e49d82ad41669be43f7e4bf110 +EBUILD systemd-255.7-r1.ebuild 15230 BLAKE2B 3f29ad915e4984bfa1928b68508053681030d7ca18f57aea525e959870e52d0711eb660985a3229dbdac1fc75e1072d26ea0106bdf9e5c838f4142bd73b7a41d SHA512 585b08fccfa2d0ff1caccfede77c56e34b12231a1bbc534a40e85dc807e9d3cc42e5ca9c43cabb5768cdac997c63f54c08aade4e138fd5d4a99792b0bf1c03c4 +EBUILD systemd-256.6.ebuild 16226 BLAKE2B 8b4c9d42c64fe0e0f3817da49dce9dcf4d1c329af71f3ebf123f09b9a8fbec71866fbf78622c337ea53f9f34b147c034c433a5bc6b58862df97a94b99f81cb18 SHA512 21150f9979ef78a8658956172c0bf27b8cbc5d6114819537cb1471a6d257744ecf0e94c271cee9a3f98ce1a050a2521f1eef902d76320be69312fc4c2d9289be +EBUILD systemd-256.7.ebuild 16226 BLAKE2B 8b4c9d42c64fe0e0f3817da49dce9dcf4d1c329af71f3ebf123f09b9a8fbec71866fbf78622c337ea53f9f34b147c034c433a5bc6b58862df97a94b99f81cb18 SHA512 21150f9979ef78a8658956172c0bf27b8cbc5d6114819537cb1471a6d257744ecf0e94c271cee9a3f98ce1a050a2521f1eef902d76320be69312fc4c2d9289be +EBUILD systemd-9999.ebuild 16204 BLAKE2B 60b1e6168ce2ed5bc0f25ee0cdd8de5fe07d492203ffb0f8fcb5db88065e0b001d5ea0141c08fddaf17b3d4afdf0c71457beb31300d493503d72589d36182f80 SHA512 c2ffec6cd8035f40c18dca4b49048cf5a14a876f3a8c06ca07f2ffa3dcbc541eec37a42f0cbe6ed38cadd6fd7ea61bb80415af458cae909c31666165c1cc3015 +MISC metadata.xml 2686 BLAKE2B cd65634500cfb85ace929a24ce7d21603d50d6f532e0445bcca9b888050f347dd162696045267995b14f3d0985a2ab0d99441b323c9e596ba68dc04d6239bc0a SHA512 7dec9047b453b28d796a5e589aabd975838f48a51ba5e1267aa5c8f91a3cca97bef33419cd38c652a522ba347e63a0a5f5a427c4894ea656cffd94e2680f8f89 diff --git a/sys-apps/systemd/files/255-dnssec-2.patch b/sys-apps/systemd/files/255-dnssec-2.patch deleted file mode 100644 index e8eaf9782b3e..000000000000 --- a/sys-apps/systemd/files/255-dnssec-2.patch +++ /dev/null @@ -1,48 +0,0 @@ -https://github.com/systemd/systemd/pull/32598 -https://github.com/systemd/systemd-stable/commit/ee15f5efaf2f6cdbb867fca601e92761276e2b1e - -From ee15f5efaf2f6cdbb867fca601e92761276e2b1e Mon Sep 17 00:00:00 2001 -From: Ronan Pigott <ronan@rjp.ie> -Date: Tue, 30 Apr 2024 22:15:18 -0700 -Subject: [PATCH] resolved: probe for dnssec support in allow-downgrade mode - -Previously, sd-resolved unnecessarily requested SOA records for each dns -label in the query, even though they are not needed for the chain of -trust. Since 47690634f157, only the necessary records are queried when -validating. - -This is actually a problem in allow-downgrade mode, since we will no -longer attempt a query for a record that we know is signed a priori, and -will therefore never update our belief about the state of dnssec support -in the recursive resolver. - -Rectify this by reintroducing a query for the root zone SOA in the -allow-downgrade case, specifically to test that the resolver attaches -the RRSIGs which we know must exist. - -Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label") -(cherry picked from commit 5237ffdf2b63a5afea77c3470d9981a2c29643cc) ---- a/src/resolve/resolved-dns-transaction.c -+++ b/src/resolve/resolved-dns-transaction.c -@@ -2622,6 +2622,21 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) { - if (r < 0) - return r; - -+ if (t->scope->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE && dns_name_is_root(name)) { -+ _cleanup_(dns_resource_key_unrefp) DnsResourceKey *soa = NULL; -+ /* We made it all the way to the root zone. If we are in allow-downgrade -+ * mode, we need to make at least one request that we can be certain should -+ * have been signed, to test for servers that are not dnssec aware. */ -+ soa = dns_resource_key_new(rr->key->class, DNS_TYPE_SOA, name); -+ if (!soa) -+ return -ENOMEM; -+ -+ log_debug("Requesting root zone SOA to probe dnssec support."); -+ r = dns_transaction_request_dnssec_rr(t, soa); -+ if (r < 0) -+ return r; -+ } -+ - break; - } - diff --git a/sys-apps/systemd/files/255-dnssec-3.patch b/sys-apps/systemd/files/255-dnssec-3.patch deleted file mode 100644 index 4fd231d6d157..000000000000 --- a/sys-apps/systemd/files/255-dnssec-3.patch +++ /dev/null @@ -1,32 +0,0 @@ -https://github.com/systemd/systemd/pull/32593 -https://github.com/systemd/systemd-stable/commit/a1580223a5dd67ab61c5f888b114de43b65fffbf - -From a1580223a5dd67ab61c5f888b114de43b65fffbf Mon Sep 17 00:00:00 2001 -From: Ronan Pigott <ronan@rjp.ie> -Date: Tue, 30 Apr 2024 13:19:14 -0700 -Subject: [PATCH] resolved: validate authentic insecure delegation to CNAME - -If the parent zone uses a non-opt-out method that provides authenticated -negative DS replies, we still can't expect signatures from the child -zone. sd-resolved was using the authenticated status of the DS reply to -require signatures for CNAMEs, even though it had already proved that no -signature exists. - -Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label") -(cherry picked from commit 414a9b8e5e1e772261b0ffaedc853f5c0aba5719) ---- a/src/resolve/resolved-dns-transaction.c -+++ b/src/resolve/resolved-dns-transaction.c -@@ -2863,7 +2863,12 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord * - if (r == 0) - continue; - -- return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED); -+ if (!FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED)) -+ return false; -+ -+ /* We expect this to be signed when the DS record exists, and don't expect it to be -+ * signed when the DS record is proven not to exist. */ -+ return dns_answer_match_key(dt->answer, dns_transaction_key(dt), NULL); - } - - return true; diff --git a/sys-apps/systemd/files/255-dnssec.patch b/sys-apps/systemd/files/255-dnssec.patch deleted file mode 100644 index 978c26ff15f4..000000000000 --- a/sys-apps/systemd/files/255-dnssec.patch +++ /dev/null @@ -1,29 +0,0 @@ -https://github.com/systemd/systemd/issues/32531 -https://github.com/systemd/systemd/commit/d840783db5208219c78d73b9b46ef5daae9fea0a -https://github.com/systemd/systemd-stable/commit/52c17febf14c866d9808d1804f13ac98d76e665b - -From 52c17febf14c866d9808d1804f13ac98d76e665b Mon Sep 17 00:00:00 2001 -From: Ronan Pigott <ronan@rjp.ie> -Date: Mon, 29 Apr 2024 02:17:23 -0700 -Subject: [PATCH] resolved: always progress DS queries - -If we request a DS and the resolver offers an unsigned SOA, a new -auxiliary transaction for the DS will be rejected as a loop, and we -might not make any progress toward finding the DS we need. Let's ensure -that we at least always check the parent in this case. - -Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label") -(cherry picked from commit d840783db5208219c78d73b9b46ef5daae9fea0a) ---- a/src/resolve/resolved-dns-transaction.c -+++ b/src/resolve/resolved-dns-transaction.c -@@ -2545,6 +2545,10 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) { - return r; - if (r == 0) - continue; -+ -+ /* If we were looking for the DS RR, don't request it again. */ -+ if (dns_transaction_key(t)->type == DNS_TYPE_DS) -+ continue; - } - - r = dnssec_has_rrsig(t->answer, rr->key); diff --git a/sys-apps/systemd/files/255-install-format-overflow.patch b/sys-apps/systemd/files/255-install-format-overflow.patch deleted file mode 100644 index 3dca7d8e8ec7..000000000000 --- a/sys-apps/systemd/files/255-install-format-overflow.patch +++ /dev/null @@ -1,43 +0,0 @@ -https://github.com/systemd/systemd-stable/commit/f85d2c6d1023b1fe558142440b1d63c4fc5f7c98 -https://github.com/systemd/systemd/issues/30448 -https://bugs.gentoo.org/916518 - -From f85d2c6d1023b1fe558142440b1d63c4fc5f7c98 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi <bluca@debian.org> -Date: Sat, 24 Feb 2024 12:05:44 +0000 -Subject: [PATCH] install: fix compiler warning about empty directive argument -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -On ppc64el with gcc 13.2 on Ubuntu 24.04: - -3s In file included from ../src/basic/macro.h:386, -483s from ../src/basic/alloc-util.h:10, -483s from ../src/shared/install.c:12: -483s ../src/shared/install.c: In function ‘install_changes_dump’: -483s ../src/shared/install.c:432:64: error: ‘%s’ directive argument is null [-Werror=format-overflow=] -483s 432 | err = log_error_errno(changes[i].type, "Failed to %s unit, unit %s does not exist.", -483s | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -483s ../src/shared/install.c:432:75: note: format string is defined here -483s 432 | err = log_error_errno(changes[i].type, "Failed to %s unit, unit %s does not exist.", - -(cherry picked from commit 8040fa55a1cbc34dede3205a902095ecd26c21e3) ---- a/src/shared/install.c -+++ b/src/shared/install.c -@@ -340,9 +340,12 @@ void install_changes_dump(int r, const char *verb, const InstallChange *changes, - assert(verb || r >= 0); - - for (size_t i = 0; i < n_changes; i++) { -- if (changes[i].type < 0) -- assert(verb); - assert(changes[i].path); -+ /* This tries to tell the compiler that it's safe to use 'verb' in a string format if there -+ * was an error, but the compiler doesn't care and fails anyway, so strna(verb) is used -+ * too. */ -+ assert(verb || changes[i].type >= 0); -+ verb = strna(verb); - - /* When making changes here, make sure to also change install_error() in dbus-manager.c. */ - - diff --git a/sys-apps/systemd/files/256-bpf-gcc.patch b/sys-apps/systemd/files/256-bpf-gcc.patch new file mode 100644 index 000000000000..0570695d397c --- /dev/null +++ b/sys-apps/systemd/files/256-bpf-gcc.patch @@ -0,0 +1,26 @@ +https://github.com/systemd/systemd/commit/dde6f1d7456db7aa72d24b1d6956b419b6f9945c + +From dde6f1d7456db7aa72d24b1d6956b419b6f9945c Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Sat, 24 Aug 2024 13:09:47 +0100 +Subject: [PATCH] meson: search for 'bpf-unknown-none' too + +We currently search for 'bpf-gcc' and 'bpf-none-gcc'. Gentoo's +sys-devel/bpf-toolchain package uses 'bpf-unknown-none-gcc', as does Fedora's +cross-binutils. Search for this name too. +--- + meson.build | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/meson.build b/meson.build +index 5e0b666c64b17..fbc2bbdf2f22f 100644 +--- a/meson.build ++++ b/meson.build +@@ -1109,6 +1109,7 @@ else + elif bpf_compiler == 'gcc' + bpf_gcc = find_program('bpf-gcc', + 'bpf-none-gcc', ++ 'bpf-unknown-none-gcc', + required : true, + version : '>= 13.1.0') + bpf_gcc_found = bpf_gcc.found() diff --git a/sys-apps/systemd/files/systemd-254.9-fchmodat2.patch b/sys-apps/systemd/files/systemd-254.9-fchmodat2.patch deleted file mode 100644 index 27bdd121aa60..000000000000 --- a/sys-apps/systemd/files/systemd-254.9-fchmodat2.patch +++ /dev/null @@ -1,255 +0,0 @@ -From 3d93b69fa558b33f1f2b52305fa4c2d836789394 Mon Sep 17 00:00:00 2001 -From: Arseny Maslennikov <arseny@altlinux.org> -Date: Sun, 15 Oct 2023 11:00:00 +0300 -Subject: [PATCH 1/3] basic/missing_syscall: generate defs for `fchmodat2(2)` - -We will need this to set seccomp filters on this system call regardless -of libseccomp or kernel support. - -(cherry picked from commit 3677364cc3a2c5429380cfd3a2472e2da87925c4) ---- - src/basic/missing_syscall_def.h | 68 +++++++++++++++++++++++++++++++++ - src/basic/missing_syscalls.py | 1 + - 2 files changed, 69 insertions(+) - -diff --git a/src/basic/missing_syscall_def.h b/src/basic/missing_syscall_def.h -index 402fdd00dc..b5beb434db 100644 ---- a/src/basic/missing_syscall_def.h -+++ b/src/basic/missing_syscall_def.h -@@ -246,6 +246,74 @@ assert_cc(__NR_copy_file_range == systemd_NR_copy_file_range); - # endif - #endif - -+#ifndef __IGNORE_fchmodat2 -+# if defined(__aarch64__) -+# define systemd_NR_fchmodat2 452 -+# elif defined(__alpha__) -+# define systemd_NR_fchmodat2 562 -+# elif defined(__arc__) || defined(__tilegx__) -+# define systemd_NR_fchmodat2 452 -+# elif defined(__arm__) -+# define systemd_NR_fchmodat2 452 -+# elif defined(__i386__) -+# define systemd_NR_fchmodat2 452 -+# elif defined(__ia64__) -+# define systemd_NR_fchmodat2 1476 -+# elif defined(__loongarch_lp64) -+# define systemd_NR_fchmodat2 452 -+# elif defined(__m68k__) -+# define systemd_NR_fchmodat2 452 -+# elif defined(_MIPS_SIM) -+# if _MIPS_SIM == _MIPS_SIM_ABI32 -+# define systemd_NR_fchmodat2 4452 -+# elif _MIPS_SIM == _MIPS_SIM_NABI32 -+# define systemd_NR_fchmodat2 6452 -+# elif _MIPS_SIM == _MIPS_SIM_ABI64 -+# define systemd_NR_fchmodat2 5452 -+# else -+# error "Unknown MIPS ABI" -+# endif -+# elif defined(__hppa__) -+# define systemd_NR_fchmodat2 452 -+# elif defined(__powerpc__) -+# define systemd_NR_fchmodat2 452 -+# elif defined(__riscv) -+# if __riscv_xlen == 32 -+# define systemd_NR_fchmodat2 452 -+# elif __riscv_xlen == 64 -+# define systemd_NR_fchmodat2 452 -+# else -+# error "Unknown RISC-V ABI" -+# endif -+# elif defined(__s390__) -+# define systemd_NR_fchmodat2 452 -+# elif defined(__sparc__) -+# define systemd_NR_fchmodat2 452 -+# elif defined(__x86_64__) -+# if defined(__ILP32__) -+# define systemd_NR_fchmodat2 (452 | /* __X32_SYSCALL_BIT */ 0x40000000) -+# else -+# define systemd_NR_fchmodat2 452 -+# endif -+# elif !defined(missing_arch_template) -+# warning "fchmodat2() syscall number is unknown for your architecture" -+# endif -+ -+/* may be an (invalid) negative number due to libseccomp, see PR 13319 */ -+# if defined __NR_fchmodat2 && __NR_fchmodat2 >= 0 -+# if defined systemd_NR_fchmodat2 -+assert_cc(__NR_fchmodat2 == systemd_NR_fchmodat2); -+# endif -+# else -+# if defined __NR_fchmodat2 -+# undef __NR_fchmodat2 -+# endif -+# if defined systemd_NR_fchmodat2 && systemd_NR_fchmodat2 >= 0 -+# define __NR_fchmodat2 systemd_NR_fchmodat2 -+# endif -+# endif -+#endif -+ - #ifndef __IGNORE_getrandom - # if defined(__aarch64__) - # define systemd_NR_getrandom 278 -diff --git a/src/basic/missing_syscalls.py b/src/basic/missing_syscalls.py -index 5ccf02adec..00f72dc7a8 100644 ---- a/src/basic/missing_syscalls.py -+++ b/src/basic/missing_syscalls.py -@@ -9,6 +9,7 @@ SYSCALLS = [ - 'bpf', - 'close_range', - 'copy_file_range', -+ 'fchmodat2', - 'getrandom', - 'memfd_create', - 'mount_setattr', --- -2.43.0 - - -From c1ffd32c642dcadb844b149fcc0c6fe0dbe8a292 Mon Sep 17 00:00:00 2001 -From: Arseny Maslennikov <arseny@altlinux.org> -Date: Sun, 15 Oct 2023 11:00:00 +0300 -Subject: [PATCH 2/3] seccomp: include `fchmodat2` in `@file-system` - -(cherry picked from commit 6e10405aa25fe5e76b740d9ec59730e3f4470c7a) ---- - src/shared/seccomp-util.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c -index bd9660cb35..a9c6279b18 100644 ---- a/src/shared/seccomp-util.c -+++ b/src/shared/seccomp-util.c -@@ -468,6 +468,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { - "fchdir\0" - "fchmod\0" - "fchmodat\0" -+ "fchmodat2\0" - "fcntl\0" - "fcntl64\0" - "fgetxattr\0" --- -2.43.0 - - -From da6ec29e7f755e14655132b4e0b04f463f40af3e Mon Sep 17 00:00:00 2001 -From: Arseny Maslennikov <arseny@altlinux.org> -Date: Sun, 15 Oct 2023 11:00:00 +0300 -Subject: [PATCH 3/3] seccomp: also check the mode parameter of `fchmodat2(2)` - -If there is no libseccomp support, just ban the entire syscall instead -so wrappers will fall back to older, supported syscalls. -Also reflect all of this in `test-seccomp.c`. - -(cherry picked from commit 8b45281daa3a87b4b7a3248263cd0ba929d15596) ---- - src/shared/seccomp-util.c | 24 +++++++++++++++++++++++- - src/test/test-seccomp.c | 28 ++++++++++++++++++++++++++++ - 2 files changed, 51 insertions(+), 1 deletion(-) - -diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c -index a9c6279b18..12fd95d95b 100644 ---- a/src/shared/seccomp-util.c -+++ b/src/shared/seccomp-util.c -@@ -2038,7 +2038,7 @@ int seccomp_protect_hostname(void) { - static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) { - /* Checks the mode_t parameter of the following system calls: - * -- * → chmod() + fchmod() + fchmodat() -+ * → chmod() + fchmod() + fchmodat() + fchmodat2() - * → open() + creat() + openat() - * → mkdir() + mkdirat() - * → mknod() + mknodat() -@@ -2081,6 +2081,28 @@ static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) { - else - any = true; - -+#if defined(__SNR_fchmodat2) -+ r = seccomp_rule_add_exact( -+ seccomp, -+ SCMP_ACT_ERRNO(EPERM), -+ SCMP_SYS(fchmodat2), -+ 1, -+ SCMP_A2(SCMP_CMP_MASKED_EQ, m, m)); -+#else -+ /* It looks like this libseccomp does not know about fchmodat2(). -+ * Pretend the fchmodat2() system call is not supported at all, -+ * regardless of the kernel version. */ -+ r = seccomp_rule_add_exact( -+ seccomp, -+ SCMP_ACT_ERRNO(ENOSYS), -+ __NR_fchmodat2, -+ 0); -+#endif -+ if (r < 0) -+ log_debug_errno(r, "Failed to add filter for fchmodat2: %m"); -+ else -+ any = true; -+ - r = seccomp_rule_add_exact( - seccomp, - SCMP_ACT_ERRNO(EPERM), -diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c -index 2d06098ddd..3a73262a8b 100644 ---- a/src/test/test-seccomp.c -+++ b/src/test/test-seccomp.c -@@ -21,6 +21,7 @@ - #include "macro.h" - #include "memory-util.h" - #include "missing_sched.h" -+#include "missing_syscall_def.h" - #include "nsflags.h" - #include "nulstr-util.h" - #include "process-util.h" -@@ -1003,6 +1004,23 @@ static int real_open(const char *path, int flags, mode_t mode) { - #endif - } - -+static int try_fchmodat2(int dirfd, const char *path, int flags, mode_t mode) { -+ /* glibc does not provide a direct wrapper for fchmodat2(). Let's hence define our own wrapper for -+ * testing purposes that calls the real syscall, on architectures and in environments where -+ * SYS_fchmodat2 is defined. Otherwise, let's just fall back to the glibc fchmodat() call. */ -+ -+#if defined __NR_fchmodat2 && __NR_fchmodat2 >= 0 -+ int r; -+ r = (int) syscall(__NR_fchmodat2, dirfd, path, flags, mode); -+ /* The syscall might still be unsupported by kernel or libseccomp. */ -+ if (r < 0 && errno == ENOSYS) -+ return fchmodat(dirfd, path, flags, mode); -+ return r; -+#else -+ return fchmodat(dirfd, path, flags, mode); -+#endif -+} -+ - TEST(restrict_suid_sgid) { - pid_t pid; - -@@ -1044,6 +1062,11 @@ TEST(restrict_suid_sgid) { - assert_se(fchmodat(AT_FDCWD, path, 0755 | S_ISGID | S_ISUID, 0) >= 0); - assert_se(fchmodat(AT_FDCWD, path, 0755, 0) >= 0); - -+ assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISUID, 0) >= 0); -+ assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISGID, 0) >= 0); -+ assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISGID | S_ISUID, 0) >= 0); -+ assert_se(try_fchmodat2(AT_FDCWD, path, 0755, 0) >= 0); -+ - k = real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID); - k = safe_close(k); - assert_se(unlink(z) >= 0); -@@ -1145,6 +1168,11 @@ TEST(restrict_suid_sgid) { - assert_se(fchmodat(AT_FDCWD, path, 0755 | S_ISGID | S_ISUID, 0) < 0 && errno == EPERM); - assert_se(fchmodat(AT_FDCWD, path, 0755, 0) >= 0); - -+ assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISUID, 0) < 0 && errno == EPERM); -+ assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISGID, 0) < 0 && errno == EPERM); -+ assert_se(try_fchmodat2(AT_FDCWD, path, 0755 | S_ISGID | S_ISUID, 0) < 0 && errno == EPERM); -+ assert_se(try_fchmodat2(AT_FDCWD, path, 0755, 0) >= 0); -+ - assert_se(real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID) < 0 && errno == EPERM); - assert_se(real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISGID) < 0 && errno == EPERM); - assert_se(real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID | S_ISGID) < 0 && errno == EPERM); --- -2.43.0 - diff --git a/sys-apps/systemd/files/systemd-user-selinux.pam b/sys-apps/systemd/files/systemd-user-selinux.pam new file mode 100644 index 000000000000..0d5d6beb34da --- /dev/null +++ b/sys-apps/systemd/files/systemd-user-selinux.pam @@ -0,0 +1,7 @@ +account include system-auth + +session required pam_selinux.so close +session required pam_selinux.so nottys open +session required pam_loginuid.so +session include system-auth +session optional pam_systemd.so diff --git a/sys-apps/systemd/metadata.xml b/sys-apps/systemd/metadata.xml index c9b8604a3c68..fea934417f1d 100644 --- a/sys-apps/systemd/metadata.xml +++ b/sys-apps/systemd/metadata.xml @@ -11,6 +11,7 @@ <use> <flag name="audit">Enable support for <pkg>sys-process/audit</pkg></flag> <flag name="boot">Enable EFI boot manager and stub loader</flag> + <flag name="bpf">Enable BPF support for sandboxing and firewalling.</flag> <flag name="cgroup-hybrid">Default to hybrid (legacy) cgroup hierarchy instead of unified (modern).</flag> <flag name="curl">Enable support for uploading journals</flag> <flag name="cryptsetup">Enable cryptsetup tools (includes unit generator for crypttab)</flag> diff --git a/sys-apps/systemd/systemd-254.12.ebuild b/sys-apps/systemd/systemd-254.12.ebuild deleted file mode 100644 index 3fe049811536..000000000000 --- a/sys-apps/systemd/systemd-254.12.ebuild +++ /dev/null @@ -1,536 +0,0 @@ -# Copyright 2011-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 -PYTHON_COMPAT=( python3_{10..12} ) - -# Avoid QA warnings -TMPFILES_OPTIONAL=1 -UDEV_OPTIONAL=1 - -QA_PKGCONFIG_VERSION=$(ver_cut 1) - -if [[ ${PV} == 9999 ]]; then - EGIT_REPO_URI="https://github.com/systemd/systemd.git" - inherit git-r3 -else - if [[ ${PV} == *.* ]]; then - MY_PN=systemd-stable - else - MY_PN=systemd - fi - MY_PV=${PV/_/-} - MY_P=${MY_PN}-${MY_PV} - S=${WORKDIR}/${MY_P} - SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" -fi - -inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1 -inherit secureboot systemd toolchain-funcs udev usr-ldscript - -DESCRIPTION="System and service manager for Linux" -HOMEPAGE="http://systemd.io/" - -LICENSE="GPL-2 LGPL-2.1 MIT public-domain" -SLOT="0/2" -IUSE=" - acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils - fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod - +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode - +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd -" -REQUIRED_USE=" - ${PYTHON_REQUIRED_USE} - dns-over-tls? ( || ( gnutls openssl ) ) - fido2? ( cryptsetup openssl ) - homed? ( cryptsetup pam openssl ) - importd? ( curl lzma || ( gcrypt openssl ) ) - pwquality? ( homed ) - boot? ( kernel-install ) - ukify? ( boot ) -" -RESTRICT="!test? ( test )" - -MINKV="4.15" - -COMMON_DEPEND=" - >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] - sys-libs/libcap:0=[${MULTILIB_USEDEP}] - virtual/libcrypt:=[${MULTILIB_USEDEP}] - acl? ( sys-apps/acl:0= ) - apparmor? ( sys-libs/libapparmor:0= ) - audit? ( >=sys-process/audit-2:0= ) - cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) - curl? ( net-misc/curl:0= ) - elfutils? ( >=dev-libs/elfutils-0.158:0= ) - fido2? ( dev-libs/libfido2:0= ) - gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) - gnutls? ( >=net-libs/gnutls-3.6.0:0= ) - http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) - idn? ( net-dns/libidn2:= ) - importd? ( - app-arch/bzip2:0= - sys-libs/zlib:0= - ) - kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - iptables? ( net-firewall/iptables:0= ) - openssl? ( >=dev-libs/openssl-1.1.0:0= ) - pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) - pkcs11? ( app-crypt/p11-kit:0= ) - pcre? ( dev-libs/libpcre2 ) - pwquality? ( dev-libs/libpwquality:0= ) - qrcode? ( media-gfx/qrencode:0= ) - seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) - selinux? ( sys-libs/libselinux:0= ) - tpm? ( app-crypt/tpm2-tss:0= ) - xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) - zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) -" - -# Newer linux-headers needed by ia64, bug #480218 -DEPEND="${COMMON_DEPEND} - >=sys-kernel/linux-headers-${MINKV} -" - -PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' - -# baselayout-2.2 has /run -RDEPEND="${COMMON_DEPEND} - >=acct-group/adm-0-r1 - >=acct-group/wheel-0-r1 - >=acct-group/kmem-0-r1 - >=acct-group/tty-0-r1 - >=acct-group/utmp-0-r1 - >=acct-group/audio-0-r1 - >=acct-group/cdrom-0-r1 - >=acct-group/dialout-0-r1 - >=acct-group/disk-0-r1 - >=acct-group/input-0-r1 - >=acct-group/kvm-0-r1 - >=acct-group/lp-0-r1 - >=acct-group/render-0-r1 - acct-group/sgx - >=acct-group/tape-0-r1 - acct-group/users - >=acct-group/video-0-r1 - >=acct-group/systemd-journal-0-r1 - >=acct-user/root-0-r1 - acct-user/nobody - >=acct-user/systemd-journal-remote-0-r1 - >=acct-user/systemd-coredump-0-r1 - >=acct-user/systemd-network-0-r1 - acct-user/systemd-oom - >=acct-user/systemd-resolve-0-r1 - >=acct-user/systemd-timesync-0-r1 - >=sys-apps/baselayout-2.2 - ukify? ( - ${PYTHON_DEPS} - $(python_gen_cond_dep "${PEFILE_DEPEND}") - ) - selinux? ( - sec-policy/selinux-base-policy[systemd] - sec-policy/selinux-ntp - ) - sysv-utils? ( - !sys-apps/openrc[sysv-utils(-)] - !sys-apps/sysvinit - ) - !sysv-utils? ( sys-apps/sysvinit ) - resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] - !sys-auth/nss-myhostname - !sys-fs/eudev - !sys-fs/udev -" - -# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -PDEPEND=">=sys-apps/dbus-1.9.8[systemd] - >=sys-fs/udev-init-scripts-34 - policykit? ( sys-auth/polkit ) - !vanilla? ( sys-apps/gentoo-systemd-integration )" - -BDEPEND=" - app-arch/xz-utils:0 - dev-util/gperf - >=dev-build/meson-0.46 - >=sys-apps/coreutils-8.16 - sys-devel/gettext - virtual/pkgconfig - test? ( - app-text/tree - dev-lang/perl - sys-apps/dbus - ) - app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0 - ${PYTHON_DEPS} - $(python_gen_cond_dep " - dev-python/jinja[\${PYTHON_USEDEP}] - dev-python/lxml[\${PYTHON_USEDEP}] - boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] ) - ukify? ( test? ( ${PEFILE_DEPEND} ) ) - ") -" - -QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" -QA_EXECSTACK="usr/lib/systemd/boot/efi/*" - -pkg_pretend() { - if [[ ${MERGE_TYPE} != buildonly ]]; then - local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS - ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE - ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS - ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS - ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH - ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED - ~!SYSFS_DEPRECATED_V2" - - use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" - use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" - - if kernel_is -ge 5 10 20; then - CONFIG_CHECK+=" ~KCMP" - else - CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" - fi - - if kernel_is -ge 4 18; then - CONFIG_CHECK+=" ~AUTOFS_FS" - else - CONFIG_CHECK+=" ~AUTOFS4_FS" - fi - - if linux_config_exists; then - local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) - if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then - ewarn "It's recommended to set an empty value to the following kernel config option:" - ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" - fi - if linux_chkconfig_present X86; then - CONFIG_CHECK+=" ~DMIID" - fi - fi - - if kernel_is -lt ${MINKV//./ }; then - ewarn "Kernel version at least ${MINKV} required" - fi - - check_extra_config - fi -} - -pkg_setup() { - use boot && secureboot_pkg_setup -} - -src_unpack() { - default - [[ ${PV} != 9999 ]] || git-r3_src_unpack -} - -src_prepare() { - local PATCHES=( - "${FILESDIR}/systemd-test-process-util.patch" - "${FILESDIR}/systemd-253-initrd-generators.patch" - "${FILESDIR}/254-PrivateDevices-userdbd.patch" - ) - - if ! use vanilla; then - PATCHES+=( - "${FILESDIR}/gentoo-generator-path-r2.patch" - "${FILESDIR}/gentoo-journald-audit-r1.patch" - ) - fi - - # Fails with split-usr. - sed -i -e '2i exit 77' test/test-rpm-macros.sh || die - - default -} - -src_configure() { - # Prevent conflicts with i686 cross toolchain, bug 559726 - tc-export AR CC NM OBJCOPY RANLIB - - python_setup - - multilib-minimal_src_configure -} - -multilib_src_configure() { - local myconf=( - --localstatedir="${EPREFIX}/var" - -Dsupport-url="https://gentoo.org/support/" - -Dpamlibdir="$(getpam_mod_dir)" - # avoid bash-completion dep - -Dbashcompletiondir="$(get_bashcompdir)" - $(meson_use split-usr) - $(meson_use split-usr split-bin) - -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" - -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" - # Disable compatibility with sysvinit - -Dsysvinit-path= - -Dsysvrcnd-path= - # Avoid infinite exec recursion, bug 642724 - -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" - # no deps - -Dima=true - -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) - # Optional components/dependencies - $(meson_native_use_bool acl) - $(meson_native_use_bool apparmor) - $(meson_native_use_bool audit) - $(meson_native_use_bool boot bootloader) - $(meson_native_use_bool cryptsetup libcryptsetup) - $(meson_native_use_bool curl libcurl) - $(meson_native_use_bool dns-over-tls dns-over-tls) - $(meson_native_use_bool elfutils) - $(meson_native_use_bool fido2 libfido2) - $(meson_use gcrypt) - $(meson_native_use_bool gnutls) - $(meson_native_use_bool homed) - $(meson_native_use_bool http microhttpd) - $(meson_native_use_bool idn) - $(meson_native_use_bool importd) - $(meson_native_use_bool importd bzip2) - $(meson_native_use_bool importd zlib) - $(meson_native_use_bool kernel-install) - $(meson_native_use_bool kmod) - $(meson_use lz4) - $(meson_use lzma xz) - $(meson_use test tests) - $(meson_use zstd) - $(meson_native_use_bool iptables libiptc) - $(meson_native_use_bool openssl) - $(meson_use pam) - $(meson_native_use_bool pkcs11 p11kit) - $(meson_native_use_bool pcre pcre2) - $(meson_native_use_bool policykit polkit) - $(meson_native_use_bool pwquality) - $(meson_native_use_bool qrcode qrencode) - $(meson_native_use_bool seccomp) - $(meson_native_use_bool selinux) - $(meson_native_use_bool tpm tpm2) - $(meson_native_use_bool test dbus) - $(meson_native_use_bool ukify) - $(meson_native_use_bool xkb xkbcommon) - -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" - # Breaks screen, tmux, etc. - -Ddefault-kill-user-processes=false - -Dcreate-log-dirs=false - - # multilib options - $(meson_native_true backlight) - $(meson_native_true binfmt) - $(meson_native_true coredump) - $(meson_native_true environment-d) - $(meson_native_true firstboot) - $(meson_native_true hibernate) - $(meson_native_true hostnamed) - $(meson_native_true ldconfig) - $(meson_native_true localed) - $(meson_native_true man) - $(meson_native_true networkd) - $(meson_native_true quotacheck) - $(meson_native_true randomseed) - $(meson_native_true rfkill) - $(meson_native_true sysusers) - $(meson_native_true timedated) - $(meson_native_true timesyncd) - $(meson_native_true tmpfiles) - $(meson_native_true vconsole) - ) - - meson_src_configure "${myconf[@]}" -} - -multilib_src_test() { - unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR - local -x COLUMNS=80 - meson_src_test -} - -multilib_src_install_all() { - local rootprefix=$(usex split-usr '' /usr) - local sbin=$(usex split-usr sbin bin) - - # meson doesn't know about docdir - mv "${ED}"/usr/share/doc/{systemd,${PF}} || die - - einstalldocs - dodoc "${FILESDIR}"/nsswitch.conf - - insinto /usr/lib/tmpfiles.d - doins "${FILESDIR}"/legacy.conf - - if ! use resolvconf; then - rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die - fi - - if ! use sysv-utils; then - rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die - rm "${ED}"/usr/share/man/man1/init.1 || die - rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die - fi - - # https://bugs.gentoo.org/761763 - rm -r "${ED}"/usr/lib/sysusers.d || die - - # Preserve empty dirs in /etc & /var, bug #437008 - keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} - keepdir /etc/kernel/install.d - keepdir /etc/systemd/{network,system,user} - keepdir /etc/udev/rules.d - - keepdir /etc/udev/hwdb.d - - keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} - keepdir /usr/lib/{binfmt.d,modules-load.d} - keepdir /usr/lib/systemd/user-generators - keepdir /var/lib/systemd - keepdir /var/log/journal - - if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user - fi - - if use split-usr; then - # Avoid breaking boot/reboot - dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd - dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown - fi - - gen_usr_ldscript -a systemd udev - - if use kernel-install; then - # Dummy config, remove to make room for sys-kernel/installkernel - rm "${ED}/usr/lib/kernel/install.conf" || die - fi - - use ukify && python_fix_shebang "${ED}" - use boot && secureboot_auto_sign -} - -migrate_locale() { - local envd_locale_def="${EROOT}/etc/env.d/02locale" - local envd_locale=( "${EROOT}"/etc/env.d/??locale ) - local locale_conf="${EROOT}/etc/locale.conf" - - if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then - # If locale.conf does not exist... - if [[ -e ${envd_locale} ]]; then - # ...either copy env.d/??locale if there's one - ebegin "Moving ${envd_locale} to ${locale_conf}" - mv "${envd_locale}" "${locale_conf}" - eend ${?} || FAIL=1 - else - # ...or create a dummy default - ebegin "Creating ${locale_conf}" - cat > "${locale_conf}" <<-EOF - # This file has been created by the sys-apps/systemd ebuild. - # See locale.conf(5) and localectl(1). - - # LANG=${LANG} - EOF - eend ${?} || FAIL=1 - fi - fi - - if [[ ! -L ${envd_locale} ]]; then - # now, if env.d/??locale is not a symlink (to locale.conf)... - if [[ -e ${envd_locale} ]]; then - # ...warn the user that he has duplicate locale settings - ewarn - ewarn "To ensure consistent behavior, you should replace ${envd_locale}" - ewarn "with a symlink to ${locale_conf}. Please migrate your settings" - ewarn "and create the symlink with the following command:" - ewarn "ln -s -n -f ../locale.conf ${envd_locale}" - ewarn - else - # ...or just create the symlink if there's nothing here - ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" - ln -n -s ../locale.conf "${envd_locale_def}" - eend ${?} || FAIL=1 - fi - fi -} - -pkg_preinst() { - if [[ -e ${EROOT}/etc/sysctl.conf ]]; then - # Symlink /etc/sysctl.conf for easy migration. - dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf - fi - - if ! use split-usr; then - local dir - for dir in bin sbin lib usr/sbin; do - if [[ ! -L ${EROOT}/${dir} ]]; then - eerror "'${EROOT}/${dir}' is not a symbolic link." - FAIL=1 - fi - done - if [[ ${FAIL} ]]; then - eerror "Migration to system layout with merged directories must be performed before" - eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage." - die "System layout with split directories still used" - fi - fi - if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then - ewarn "The 'gnuefi' USE flag has been renamed to 'boot'." - ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot." - fi -} - -pkg_postinst() { - systemd_update_catalog - - # Keep this here in case the database format changes so it gets updated - # when required. - systemd-hwdb --root="${ROOT}" update - - udev_reload || FAIL=1 - - # Bug 465468, make sure locales are respected, and ensure consistency - # between OpenRC & systemd - migrate_locale - - if [[ -z ${REPLACING_VERSIONS} ]]; then - if type systemctl &>/dev/null; then - systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 - fi - elog "To enable a useful set of services, run the following:" - elog " systemctl preset-all --preset-mode=enable-only" - fi - - if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then - rm "${EROOT}/var/lib/systemd/timesync" - fi - - if [[ ${FAIL} ]]; then - eerror "One of the postinst commands failed. Please check the postinst output" - eerror "for errors. You may need to clean up your system and/or try installing" - eerror "systemd again." - eerror - fi - - if use boot; then - optfeature "installing kernels in systemd-boot's native layout and update loader entries" \ - "sys-kernel/installkernel[systemd-boot]" - fi - if use ukify; then - optfeature "generating unified kernel image on each kernel installation" \ - "sys-kernel/installkernel[ukify]" - fi -} - -pkg_prerm() { - # If removing systemd completely, remove the catalog database. - if [[ ! ${REPLACED_BY_VERSION} ]]; then - rm -f -v "${EROOT}"/var/lib/systemd/catalog/database - fi -} diff --git a/sys-apps/systemd/systemd-254.10.ebuild b/sys-apps/systemd/systemd-254.17.ebuild index 26cf38151149..4ba06e502577 100644 --- a/sys-apps/systemd/systemd-254.10.ebuild +++ b/sys-apps/systemd/systemd-254.17.ebuild @@ -23,7 +23,7 @@ else MY_P=${MY_PN}-${MY_PV} S=${WORKDIR}/${MY_P} SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" + KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" fi inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1 @@ -136,11 +136,11 @@ RDEPEND="${COMMON_DEPEND} ) sysv-utils? ( !sys-apps/openrc[sysv-utils(-)] + !sys-apps/openrc-navi[sysv-utils(-)] !sys-apps/sysvinit ) !sysv-utils? ( sys-apps/sysvinit ) resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] !sys-auth/nss-myhostname !sys-fs/eudev !sys-fs/udev @@ -352,7 +352,7 @@ multilib_src_configure() { multilib_src_test() { unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR local -x COLUMNS=80 - meson_src_test + meson_src_test --timeout-multiplier=10 } multilib_src_install_all() { @@ -396,7 +396,11 @@ multilib_src_install_all() { keepdir /var/log/journal if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi fi if use split-usr; then diff --git a/sys-apps/systemd/systemd-254.11.ebuild b/sys-apps/systemd/systemd-254.18.ebuild index 3fe049811536..370c8c9cc4c2 100644 --- a/sys-apps/systemd/systemd-254.11.ebuild +++ b/sys-apps/systemd/systemd-254.18.ebuild @@ -23,7 +23,7 @@ else MY_P=${MY_PN}-${MY_PV} S=${WORKDIR}/${MY_P} SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" fi inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1 @@ -136,11 +136,11 @@ RDEPEND="${COMMON_DEPEND} ) sysv-utils? ( !sys-apps/openrc[sysv-utils(-)] + !sys-apps/openrc-navi[sysv-utils(-)] !sys-apps/sysvinit ) !sysv-utils? ( sys-apps/sysvinit ) resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] !sys-auth/nss-myhostname !sys-fs/eudev !sys-fs/udev @@ -352,7 +352,7 @@ multilib_src_configure() { multilib_src_test() { unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR local -x COLUMNS=80 - meson_src_test + meson_src_test --timeout-multiplier=10 } multilib_src_install_all() { @@ -396,7 +396,11 @@ multilib_src_install_all() { keepdir /var/log/journal if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi fi if use split-usr; then diff --git a/sys-apps/systemd/systemd-254.8-r1.ebuild b/sys-apps/systemd/systemd-254.8-r1.ebuild deleted file mode 100644 index d2400135d84b..000000000000 --- a/sys-apps/systemd/systemd-254.8-r1.ebuild +++ /dev/null @@ -1,540 +0,0 @@ -# Copyright 2011-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 -PYTHON_COMPAT=( python3_{10..12} ) - -# Avoid QA warnings -TMPFILES_OPTIONAL=1 -UDEV_OPTIONAL=1 - -QA_PKGCONFIG_VERSION=$(ver_cut 1) - -if [[ ${PV} == 9999 ]]; then - EGIT_REPO_URI="https://github.com/systemd/systemd.git" - inherit git-r3 -else - if [[ ${PV} == *.* ]]; then - MY_PN=systemd-stable - else - MY_PN=systemd - fi - MY_PV=${PV/_/-} - MY_P=${MY_PN}-${MY_PV} - S=${WORKDIR}/${MY_P} - SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" - KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" -fi - -inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1 -inherit secureboot systemd toolchain-funcs udev usr-ldscript - -DESCRIPTION="System and service manager for Linux" -HOMEPAGE="http://systemd.io/" - -LICENSE="GPL-2 LGPL-2.1 MIT public-domain" -SLOT="0/2" -IUSE=" - acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils - fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod - +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode - +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd -" -REQUIRED_USE=" - ${PYTHON_REQUIRED_USE} - dns-over-tls? ( || ( gnutls openssl ) ) - fido2? ( cryptsetup openssl ) - homed? ( cryptsetup pam openssl ) - importd? ( curl lzma || ( gcrypt openssl ) ) - pwquality? ( homed ) - boot? ( kernel-install ) - ukify? ( boot ) -" -RESTRICT="!test? ( test )" - -MINKV="4.15" - -COMMON_DEPEND=" - >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] - sys-libs/libcap:0=[${MULTILIB_USEDEP}] - virtual/libcrypt:=[${MULTILIB_USEDEP}] - acl? ( sys-apps/acl:0= ) - apparmor? ( sys-libs/libapparmor:0= ) - audit? ( >=sys-process/audit-2:0= ) - cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) - curl? ( net-misc/curl:0= ) - elfutils? ( >=dev-libs/elfutils-0.158:0= ) - fido2? ( dev-libs/libfido2:0= ) - gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) - gnutls? ( >=net-libs/gnutls-3.6.0:0= ) - http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) - idn? ( net-dns/libidn2:= ) - importd? ( - app-arch/bzip2:0= - sys-libs/zlib:0= - ) - kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - iptables? ( net-firewall/iptables:0= ) - openssl? ( >=dev-libs/openssl-1.1.0:0= ) - pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) - pkcs11? ( app-crypt/p11-kit:0= ) - pcre? ( dev-libs/libpcre2 ) - pwquality? ( dev-libs/libpwquality:0= ) - qrcode? ( media-gfx/qrencode:0= ) - seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) - selinux? ( sys-libs/libselinux:0= ) - tpm? ( app-crypt/tpm2-tss:0= ) - xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) - zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) -" - -# Newer linux-headers needed by ia64, bug #480218 -DEPEND="${COMMON_DEPEND} - >=sys-kernel/linux-headers-${MINKV} -" - -PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' - -# baselayout-2.2 has /run -RDEPEND="${COMMON_DEPEND} - >=acct-group/adm-0-r1 - >=acct-group/wheel-0-r1 - >=acct-group/kmem-0-r1 - >=acct-group/tty-0-r1 - >=acct-group/utmp-0-r1 - >=acct-group/audio-0-r1 - >=acct-group/cdrom-0-r1 - >=acct-group/dialout-0-r1 - >=acct-group/disk-0-r1 - >=acct-group/input-0-r1 - >=acct-group/kvm-0-r1 - >=acct-group/lp-0-r1 - >=acct-group/render-0-r1 - acct-group/sgx - >=acct-group/tape-0-r1 - acct-group/users - >=acct-group/video-0-r1 - >=acct-group/systemd-journal-0-r1 - >=acct-user/root-0-r1 - acct-user/nobody - >=acct-user/systemd-journal-remote-0-r1 - >=acct-user/systemd-coredump-0-r1 - >=acct-user/systemd-network-0-r1 - acct-user/systemd-oom - >=acct-user/systemd-resolve-0-r1 - >=acct-user/systemd-timesync-0-r1 - >=sys-apps/baselayout-2.2 - ukify? ( - ${PYTHON_DEPS} - $(python_gen_cond_dep "${PEFILE_DEPEND}") - ) - selinux? ( - sec-policy/selinux-base-policy[systemd] - sec-policy/selinux-ntp - ) - sysv-utils? ( - !sys-apps/openrc[sysv-utils(-)] - !sys-apps/sysvinit - ) - !sysv-utils? ( sys-apps/sysvinit ) - resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] - !sys-auth/nss-myhostname - !sys-fs/eudev - !sys-fs/udev -" - -# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -PDEPEND=">=sys-apps/dbus-1.9.8[systemd] - >=sys-fs/udev-init-scripts-34 - policykit? ( sys-auth/polkit ) - !vanilla? ( sys-apps/gentoo-systemd-integration )" - -BDEPEND=" - app-arch/xz-utils:0 - dev-util/gperf - >=dev-build/meson-0.46 - >=sys-apps/coreutils-8.16 - sys-devel/gettext - virtual/pkgconfig - test? ( - app-text/tree - dev-lang/perl - sys-apps/dbus - ) - app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0 - ${PYTHON_DEPS} - $(python_gen_cond_dep " - dev-python/jinja[\${PYTHON_USEDEP}] - dev-python/lxml[\${PYTHON_USEDEP}] - boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] ) - ukify? ( test? ( ${PEFILE_DEPEND} ) ) - ") -" - -QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" -QA_EXECSTACK="usr/lib/systemd/boot/efi/*" - -pkg_pretend() { - if [[ ${MERGE_TYPE} != buildonly ]]; then - if use test && has pid-sandbox ${FEATURES}; then - ewarn "Tests are known to fail with PID sandboxing enabled." - ewarn "See https://bugs.gentoo.org/674458." - fi - - local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS - ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE - ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS - ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS - ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH - ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED - ~!SYSFS_DEPRECATED_V2" - - use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" - use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" - - if kernel_is -ge 5 10 20; then - CONFIG_CHECK+=" ~KCMP" - else - CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" - fi - - if kernel_is -ge 4 18; then - CONFIG_CHECK+=" ~AUTOFS_FS" - else - CONFIG_CHECK+=" ~AUTOFS4_FS" - fi - - if linux_config_exists; then - local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) - if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then - ewarn "It's recommended to set an empty value to the following kernel config option:" - ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" - fi - if linux_chkconfig_present X86; then - CONFIG_CHECK+=" ~DMIID" - fi - fi - - if kernel_is -lt ${MINKV//./ }; then - ewarn "Kernel version at least ${MINKV} required" - fi - - check_extra_config - fi -} - -pkg_setup() { - use boot && secureboot_pkg_setup -} - -src_unpack() { - default - [[ ${PV} != 9999 ]] || git-r3_src_unpack -} - -src_prepare() { - local PATCHES=( - "${FILESDIR}/systemd-253-initrd-generators.patch" - "${FILESDIR}/254-PrivateDevices-userdbd.patch" - ) - - if ! use vanilla; then - PATCHES+=( - "${FILESDIR}/gentoo-generator-path-r2.patch" - "${FILESDIR}/gentoo-journald-audit-r1.patch" - ) - fi - - # Fails with split-usr. - sed -i -e '2i exit 77' test/test-rpm-macros.sh || die - - default -} - -src_configure() { - # Prevent conflicts with i686 cross toolchain, bug 559726 - tc-export AR CC NM OBJCOPY RANLIB - - python_setup - - multilib-minimal_src_configure -} - -multilib_src_configure() { - local myconf=( - --localstatedir="${EPREFIX}/var" - -Dsupport-url="https://gentoo.org/support/" - -Dpamlibdir="$(getpam_mod_dir)" - # avoid bash-completion dep - -Dbashcompletiondir="$(get_bashcompdir)" - $(meson_use split-usr) - $(meson_use split-usr split-bin) - -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" - -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" - # Disable compatibility with sysvinit - -Dsysvinit-path= - -Dsysvrcnd-path= - # Avoid infinite exec recursion, bug 642724 - -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" - # no deps - -Dima=true - -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) - # Optional components/dependencies - $(meson_native_use_bool acl) - $(meson_native_use_bool apparmor) - $(meson_native_use_bool audit) - $(meson_native_use_bool boot bootloader) - $(meson_native_use_bool cryptsetup libcryptsetup) - $(meson_native_use_bool curl libcurl) - $(meson_native_use_bool dns-over-tls dns-over-tls) - $(meson_native_use_bool elfutils) - $(meson_native_use_bool fido2 libfido2) - $(meson_use gcrypt) - $(meson_native_use_bool gnutls) - $(meson_native_use_bool homed) - $(meson_native_use_bool http microhttpd) - $(meson_native_use_bool idn) - $(meson_native_use_bool importd) - $(meson_native_use_bool importd bzip2) - $(meson_native_use_bool importd zlib) - $(meson_native_use_bool kernel-install) - $(meson_native_use_bool kmod) - $(meson_use lz4) - $(meson_use lzma xz) - $(meson_use test tests) - $(meson_use zstd) - $(meson_native_use_bool iptables libiptc) - $(meson_native_use_bool openssl) - $(meson_use pam) - $(meson_native_use_bool pkcs11 p11kit) - $(meson_native_use_bool pcre pcre2) - $(meson_native_use_bool policykit polkit) - $(meson_native_use_bool pwquality) - $(meson_native_use_bool qrcode qrencode) - $(meson_native_use_bool seccomp) - $(meson_native_use_bool selinux) - $(meson_native_use_bool tpm tpm2) - $(meson_native_use_bool test dbus) - $(meson_native_use_bool ukify) - $(meson_native_use_bool xkb xkbcommon) - -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" - # Breaks screen, tmux, etc. - -Ddefault-kill-user-processes=false - -Dcreate-log-dirs=false - - # multilib options - $(meson_native_true backlight) - $(meson_native_true binfmt) - $(meson_native_true coredump) - $(meson_native_true environment-d) - $(meson_native_true firstboot) - $(meson_native_true hibernate) - $(meson_native_true hostnamed) - $(meson_native_true ldconfig) - $(meson_native_true localed) - $(meson_native_true man) - $(meson_native_true networkd) - $(meson_native_true quotacheck) - $(meson_native_true randomseed) - $(meson_native_true rfkill) - $(meson_native_true sysusers) - $(meson_native_true timedated) - $(meson_native_true timesyncd) - $(meson_native_true tmpfiles) - $(meson_native_true vconsole) - ) - - meson_src_configure "${myconf[@]}" -} - -multilib_src_test() { - unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR - local -x COLUMNS=80 - meson_src_test -} - -multilib_src_install_all() { - local rootprefix=$(usex split-usr '' /usr) - local sbin=$(usex split-usr sbin bin) - - # meson doesn't know about docdir - mv "${ED}"/usr/share/doc/{systemd,${PF}} || die - - einstalldocs - dodoc "${FILESDIR}"/nsswitch.conf - - insinto /usr/lib/tmpfiles.d - doins "${FILESDIR}"/legacy.conf - - if ! use resolvconf; then - rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die - fi - - if ! use sysv-utils; then - rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die - rm "${ED}"/usr/share/man/man1/init.1 || die - rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die - fi - - # https://bugs.gentoo.org/761763 - rm -r "${ED}"/usr/lib/sysusers.d || die - - # Preserve empty dirs in /etc & /var, bug #437008 - keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} - keepdir /etc/kernel/install.d - keepdir /etc/systemd/{network,system,user} - keepdir /etc/udev/rules.d - - keepdir /etc/udev/hwdb.d - - keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} - keepdir /usr/lib/{binfmt.d,modules-load.d} - keepdir /usr/lib/systemd/user-generators - keepdir /var/lib/systemd - keepdir /var/log/journal - - if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user - fi - - if use split-usr; then - # Avoid breaking boot/reboot - dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd - dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown - fi - - gen_usr_ldscript -a systemd udev - - if use kernel-install; then - # Dummy config, remove to make room for sys-kernel/installkernel - rm "${ED}/usr/lib/kernel/install.conf" || die - fi - - use ukify && python_fix_shebang "${ED}" - use boot && secureboot_auto_sign -} - -migrate_locale() { - local envd_locale_def="${EROOT}/etc/env.d/02locale" - local envd_locale=( "${EROOT}"/etc/env.d/??locale ) - local locale_conf="${EROOT}/etc/locale.conf" - - if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then - # If locale.conf does not exist... - if [[ -e ${envd_locale} ]]; then - # ...either copy env.d/??locale if there's one - ebegin "Moving ${envd_locale} to ${locale_conf}" - mv "${envd_locale}" "${locale_conf}" - eend ${?} || FAIL=1 - else - # ...or create a dummy default - ebegin "Creating ${locale_conf}" - cat > "${locale_conf}" <<-EOF - # This file has been created by the sys-apps/systemd ebuild. - # See locale.conf(5) and localectl(1). - - # LANG=${LANG} - EOF - eend ${?} || FAIL=1 - fi - fi - - if [[ ! -L ${envd_locale} ]]; then - # now, if env.d/??locale is not a symlink (to locale.conf)... - if [[ -e ${envd_locale} ]]; then - # ...warn the user that he has duplicate locale settings - ewarn - ewarn "To ensure consistent behavior, you should replace ${envd_locale}" - ewarn "with a symlink to ${locale_conf}. Please migrate your settings" - ewarn "and create the symlink with the following command:" - ewarn "ln -s -n -f ../locale.conf ${envd_locale}" - ewarn - else - # ...or just create the symlink if there's nothing here - ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" - ln -n -s ../locale.conf "${envd_locale_def}" - eend ${?} || FAIL=1 - fi - fi -} - -pkg_preinst() { - if [[ -e ${EROOT}/etc/sysctl.conf ]]; then - # Symlink /etc/sysctl.conf for easy migration. - dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf - fi - - if ! use split-usr; then - local dir - for dir in bin sbin lib usr/sbin; do - if [[ ! -L ${EROOT}/${dir} ]]; then - eerror "'${EROOT}/${dir}' is not a symbolic link." - FAIL=1 - fi - done - if [[ ${FAIL} ]]; then - eerror "Migration to system layout with merged directories must be performed before" - eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage." - die "System layout with split directories still used" - fi - fi - if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then - ewarn "The 'gnuefi' USE flag has been renamed to 'boot'." - ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot." - fi -} - -pkg_postinst() { - systemd_update_catalog - - # Keep this here in case the database format changes so it gets updated - # when required. - systemd-hwdb --root="${ROOT}" update - - udev_reload || FAIL=1 - - # Bug 465468, make sure locales are respected, and ensure consistency - # between OpenRC & systemd - migrate_locale - - if [[ -z ${REPLACING_VERSIONS} ]]; then - if type systemctl &>/dev/null; then - systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 - fi - elog "To enable a useful set of services, run the following:" - elog " systemctl preset-all --preset-mode=enable-only" - fi - - if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then - rm "${EROOT}/var/lib/systemd/timesync" - fi - - if [[ ${FAIL} ]]; then - eerror "One of the postinst commands failed. Please check the postinst output" - eerror "for errors. You may need to clean up your system and/or try installing" - eerror "systemd again." - eerror - fi - - if use boot; then - optfeature "installing kernels in systemd-boot's native layout and update loader entries" \ - "sys-kernel/installkernel[systemd-boot]" - fi - if use ukify; then - optfeature "generating unified kernel image on each kernel installation" \ - "sys-kernel/installkernel[ukify]" - fi -} - -pkg_prerm() { - # If removing systemd completely, remove the catalog database. - if [[ ! ${REPLACED_BY_VERSION} ]]; then - rm -f -v "${EROOT}"/var/lib/systemd/catalog/database - fi -} diff --git a/sys-apps/systemd/systemd-254.9-r1.ebuild b/sys-apps/systemd/systemd-254.9-r1.ebuild deleted file mode 100644 index 58e10b48b7e1..000000000000 --- a/sys-apps/systemd/systemd-254.9-r1.ebuild +++ /dev/null @@ -1,541 +0,0 @@ -# Copyright 2011-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 -PYTHON_COMPAT=( python3_{10..12} ) - -# Avoid QA warnings -TMPFILES_OPTIONAL=1 -UDEV_OPTIONAL=1 - -QA_PKGCONFIG_VERSION=$(ver_cut 1) - -if [[ ${PV} == 9999 ]]; then - EGIT_REPO_URI="https://github.com/systemd/systemd.git" - inherit git-r3 -else - if [[ ${PV} == *.* ]]; then - MY_PN=systemd-stable - else - MY_PN=systemd - fi - MY_PV=${PV/_/-} - MY_P=${MY_PN}-${MY_PV} - S=${WORKDIR}/${MY_P} - SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" -fi - -inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1 -inherit secureboot systemd toolchain-funcs udev usr-ldscript - -DESCRIPTION="System and service manager for Linux" -HOMEPAGE="http://systemd.io/" - -LICENSE="GPL-2 LGPL-2.1 MIT public-domain" -SLOT="0/2" -IUSE=" - acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils - fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod - +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode - +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd -" -REQUIRED_USE=" - ${PYTHON_REQUIRED_USE} - dns-over-tls? ( || ( gnutls openssl ) ) - fido2? ( cryptsetup openssl ) - homed? ( cryptsetup pam openssl ) - importd? ( curl lzma || ( gcrypt openssl ) ) - pwquality? ( homed ) - boot? ( kernel-install ) - ukify? ( boot ) -" -RESTRICT="!test? ( test )" - -MINKV="4.15" - -COMMON_DEPEND=" - >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] - sys-libs/libcap:0=[${MULTILIB_USEDEP}] - virtual/libcrypt:=[${MULTILIB_USEDEP}] - acl? ( sys-apps/acl:0= ) - apparmor? ( sys-libs/libapparmor:0= ) - audit? ( >=sys-process/audit-2:0= ) - cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) - curl? ( net-misc/curl:0= ) - elfutils? ( >=dev-libs/elfutils-0.158:0= ) - fido2? ( dev-libs/libfido2:0= ) - gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) - gnutls? ( >=net-libs/gnutls-3.6.0:0= ) - http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) - idn? ( net-dns/libidn2:= ) - importd? ( - app-arch/bzip2:0= - sys-libs/zlib:0= - ) - kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - iptables? ( net-firewall/iptables:0= ) - openssl? ( >=dev-libs/openssl-1.1.0:0= ) - pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) - pkcs11? ( app-crypt/p11-kit:0= ) - pcre? ( dev-libs/libpcre2 ) - pwquality? ( dev-libs/libpwquality:0= ) - qrcode? ( media-gfx/qrencode:0= ) - seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) - selinux? ( sys-libs/libselinux:0= ) - tpm? ( app-crypt/tpm2-tss:0= ) - xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) - zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) -" - -# Newer linux-headers needed by ia64, bug #480218 -DEPEND="${COMMON_DEPEND} - >=sys-kernel/linux-headers-${MINKV} -" - -PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' - -# baselayout-2.2 has /run -RDEPEND="${COMMON_DEPEND} - >=acct-group/adm-0-r1 - >=acct-group/wheel-0-r1 - >=acct-group/kmem-0-r1 - >=acct-group/tty-0-r1 - >=acct-group/utmp-0-r1 - >=acct-group/audio-0-r1 - >=acct-group/cdrom-0-r1 - >=acct-group/dialout-0-r1 - >=acct-group/disk-0-r1 - >=acct-group/input-0-r1 - >=acct-group/kvm-0-r1 - >=acct-group/lp-0-r1 - >=acct-group/render-0-r1 - acct-group/sgx - >=acct-group/tape-0-r1 - acct-group/users - >=acct-group/video-0-r1 - >=acct-group/systemd-journal-0-r1 - >=acct-user/root-0-r1 - acct-user/nobody - >=acct-user/systemd-journal-remote-0-r1 - >=acct-user/systemd-coredump-0-r1 - >=acct-user/systemd-network-0-r1 - acct-user/systemd-oom - >=acct-user/systemd-resolve-0-r1 - >=acct-user/systemd-timesync-0-r1 - >=sys-apps/baselayout-2.2 - ukify? ( - ${PYTHON_DEPS} - $(python_gen_cond_dep "${PEFILE_DEPEND}") - ) - selinux? ( - sec-policy/selinux-base-policy[systemd] - sec-policy/selinux-ntp - ) - sysv-utils? ( - !sys-apps/openrc[sysv-utils(-)] - !sys-apps/sysvinit - ) - !sysv-utils? ( sys-apps/sysvinit ) - resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] - !sys-auth/nss-myhostname - !sys-fs/eudev - !sys-fs/udev -" - -# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -PDEPEND=">=sys-apps/dbus-1.9.8[systemd] - >=sys-fs/udev-init-scripts-34 - policykit? ( sys-auth/polkit ) - !vanilla? ( sys-apps/gentoo-systemd-integration )" - -BDEPEND=" - app-arch/xz-utils:0 - dev-util/gperf - >=dev-build/meson-0.46 - >=sys-apps/coreutils-8.16 - sys-devel/gettext - virtual/pkgconfig - test? ( - app-text/tree - dev-lang/perl - sys-apps/dbus - ) - app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0 - ${PYTHON_DEPS} - $(python_gen_cond_dep " - dev-python/jinja[\${PYTHON_USEDEP}] - dev-python/lxml[\${PYTHON_USEDEP}] - boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] ) - ukify? ( test? ( ${PEFILE_DEPEND} ) ) - ") -" - -QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" -QA_EXECSTACK="usr/lib/systemd/boot/efi/*" - -pkg_pretend() { - if [[ ${MERGE_TYPE} != buildonly ]]; then - if use test && has pid-sandbox ${FEATURES}; then - ewarn "Tests are known to fail with PID sandboxing enabled." - ewarn "See https://bugs.gentoo.org/674458." - fi - - local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS - ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE - ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS - ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS - ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH - ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED - ~!SYSFS_DEPRECATED_V2" - - use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" - use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" - - if kernel_is -ge 5 10 20; then - CONFIG_CHECK+=" ~KCMP" - else - CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" - fi - - if kernel_is -ge 4 18; then - CONFIG_CHECK+=" ~AUTOFS_FS" - else - CONFIG_CHECK+=" ~AUTOFS4_FS" - fi - - if linux_config_exists; then - local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) - if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then - ewarn "It's recommended to set an empty value to the following kernel config option:" - ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" - fi - if linux_chkconfig_present X86; then - CONFIG_CHECK+=" ~DMIID" - fi - fi - - if kernel_is -lt ${MINKV//./ }; then - ewarn "Kernel version at least ${MINKV} required" - fi - - check_extra_config - fi -} - -pkg_setup() { - use boot && secureboot_pkg_setup -} - -src_unpack() { - default - [[ ${PV} != 9999 ]] || git-r3_src_unpack -} - -src_prepare() { - local PATCHES=( - "${FILESDIR}/systemd-253-initrd-generators.patch" - "${FILESDIR}/254-PrivateDevices-userdbd.patch" - "${FILESDIR}/systemd-254.9-fchmodat2.patch" - ) - - if ! use vanilla; then - PATCHES+=( - "${FILESDIR}/gentoo-generator-path-r2.patch" - "${FILESDIR}/gentoo-journald-audit-r1.patch" - ) - fi - - # Fails with split-usr. - sed -i -e '2i exit 77' test/test-rpm-macros.sh || die - - default -} - -src_configure() { - # Prevent conflicts with i686 cross toolchain, bug 559726 - tc-export AR CC NM OBJCOPY RANLIB - - python_setup - - multilib-minimal_src_configure -} - -multilib_src_configure() { - local myconf=( - --localstatedir="${EPREFIX}/var" - -Dsupport-url="https://gentoo.org/support/" - -Dpamlibdir="$(getpam_mod_dir)" - # avoid bash-completion dep - -Dbashcompletiondir="$(get_bashcompdir)" - $(meson_use split-usr) - $(meson_use split-usr split-bin) - -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" - -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" - # Disable compatibility with sysvinit - -Dsysvinit-path= - -Dsysvrcnd-path= - # Avoid infinite exec recursion, bug 642724 - -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" - # no deps - -Dima=true - -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) - # Optional components/dependencies - $(meson_native_use_bool acl) - $(meson_native_use_bool apparmor) - $(meson_native_use_bool audit) - $(meson_native_use_bool boot bootloader) - $(meson_native_use_bool cryptsetup libcryptsetup) - $(meson_native_use_bool curl libcurl) - $(meson_native_use_bool dns-over-tls dns-over-tls) - $(meson_native_use_bool elfutils) - $(meson_native_use_bool fido2 libfido2) - $(meson_use gcrypt) - $(meson_native_use_bool gnutls) - $(meson_native_use_bool homed) - $(meson_native_use_bool http microhttpd) - $(meson_native_use_bool idn) - $(meson_native_use_bool importd) - $(meson_native_use_bool importd bzip2) - $(meson_native_use_bool importd zlib) - $(meson_native_use_bool kernel-install) - $(meson_native_use_bool kmod) - $(meson_use lz4) - $(meson_use lzma xz) - $(meson_use test tests) - $(meson_use zstd) - $(meson_native_use_bool iptables libiptc) - $(meson_native_use_bool openssl) - $(meson_use pam) - $(meson_native_use_bool pkcs11 p11kit) - $(meson_native_use_bool pcre pcre2) - $(meson_native_use_bool policykit polkit) - $(meson_native_use_bool pwquality) - $(meson_native_use_bool qrcode qrencode) - $(meson_native_use_bool seccomp) - $(meson_native_use_bool selinux) - $(meson_native_use_bool tpm tpm2) - $(meson_native_use_bool test dbus) - $(meson_native_use_bool ukify) - $(meson_native_use_bool xkb xkbcommon) - -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" - # Breaks screen, tmux, etc. - -Ddefault-kill-user-processes=false - -Dcreate-log-dirs=false - - # multilib options - $(meson_native_true backlight) - $(meson_native_true binfmt) - $(meson_native_true coredump) - $(meson_native_true environment-d) - $(meson_native_true firstboot) - $(meson_native_true hibernate) - $(meson_native_true hostnamed) - $(meson_native_true ldconfig) - $(meson_native_true localed) - $(meson_native_true man) - $(meson_native_true networkd) - $(meson_native_true quotacheck) - $(meson_native_true randomseed) - $(meson_native_true rfkill) - $(meson_native_true sysusers) - $(meson_native_true timedated) - $(meson_native_true timesyncd) - $(meson_native_true tmpfiles) - $(meson_native_true vconsole) - ) - - meson_src_configure "${myconf[@]}" -} - -multilib_src_test() { - unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR - local -x COLUMNS=80 - meson_src_test -} - -multilib_src_install_all() { - local rootprefix=$(usex split-usr '' /usr) - local sbin=$(usex split-usr sbin bin) - - # meson doesn't know about docdir - mv "${ED}"/usr/share/doc/{systemd,${PF}} || die - - einstalldocs - dodoc "${FILESDIR}"/nsswitch.conf - - insinto /usr/lib/tmpfiles.d - doins "${FILESDIR}"/legacy.conf - - if ! use resolvconf; then - rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die - fi - - if ! use sysv-utils; then - rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die - rm "${ED}"/usr/share/man/man1/init.1 || die - rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die - fi - - # https://bugs.gentoo.org/761763 - rm -r "${ED}"/usr/lib/sysusers.d || die - - # Preserve empty dirs in /etc & /var, bug #437008 - keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} - keepdir /etc/kernel/install.d - keepdir /etc/systemd/{network,system,user} - keepdir /etc/udev/rules.d - - keepdir /etc/udev/hwdb.d - - keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} - keepdir /usr/lib/{binfmt.d,modules-load.d} - keepdir /usr/lib/systemd/user-generators - keepdir /var/lib/systemd - keepdir /var/log/journal - - if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user - fi - - if use split-usr; then - # Avoid breaking boot/reboot - dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd - dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown - fi - - gen_usr_ldscript -a systemd udev - - if use kernel-install; then - # Dummy config, remove to make room for sys-kernel/installkernel - rm "${ED}/usr/lib/kernel/install.conf" || die - fi - - use ukify && python_fix_shebang "${ED}" - use boot && secureboot_auto_sign -} - -migrate_locale() { - local envd_locale_def="${EROOT}/etc/env.d/02locale" - local envd_locale=( "${EROOT}"/etc/env.d/??locale ) - local locale_conf="${EROOT}/etc/locale.conf" - - if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then - # If locale.conf does not exist... - if [[ -e ${envd_locale} ]]; then - # ...either copy env.d/??locale if there's one - ebegin "Moving ${envd_locale} to ${locale_conf}" - mv "${envd_locale}" "${locale_conf}" - eend ${?} || FAIL=1 - else - # ...or create a dummy default - ebegin "Creating ${locale_conf}" - cat > "${locale_conf}" <<-EOF - # This file has been created by the sys-apps/systemd ebuild. - # See locale.conf(5) and localectl(1). - - # LANG=${LANG} - EOF - eend ${?} || FAIL=1 - fi - fi - - if [[ ! -L ${envd_locale} ]]; then - # now, if env.d/??locale is not a symlink (to locale.conf)... - if [[ -e ${envd_locale} ]]; then - # ...warn the user that he has duplicate locale settings - ewarn - ewarn "To ensure consistent behavior, you should replace ${envd_locale}" - ewarn "with a symlink to ${locale_conf}. Please migrate your settings" - ewarn "and create the symlink with the following command:" - ewarn "ln -s -n -f ../locale.conf ${envd_locale}" - ewarn - else - # ...or just create the symlink if there's nothing here - ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" - ln -n -s ../locale.conf "${envd_locale_def}" - eend ${?} || FAIL=1 - fi - fi -} - -pkg_preinst() { - if [[ -e ${EROOT}/etc/sysctl.conf ]]; then - # Symlink /etc/sysctl.conf for easy migration. - dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf - fi - - if ! use split-usr; then - local dir - for dir in bin sbin lib usr/sbin; do - if [[ ! -L ${EROOT}/${dir} ]]; then - eerror "'${EROOT}/${dir}' is not a symbolic link." - FAIL=1 - fi - done - if [[ ${FAIL} ]]; then - eerror "Migration to system layout with merged directories must be performed before" - eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage." - die "System layout with split directories still used" - fi - fi - if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then - ewarn "The 'gnuefi' USE flag has been renamed to 'boot'." - ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot." - fi -} - -pkg_postinst() { - systemd_update_catalog - - # Keep this here in case the database format changes so it gets updated - # when required. - systemd-hwdb --root="${ROOT}" update - - udev_reload || FAIL=1 - - # Bug 465468, make sure locales are respected, and ensure consistency - # between OpenRC & systemd - migrate_locale - - if [[ -z ${REPLACING_VERSIONS} ]]; then - if type systemctl &>/dev/null; then - systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 - fi - elog "To enable a useful set of services, run the following:" - elog " systemctl preset-all --preset-mode=enable-only" - fi - - if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then - rm "${EROOT}/var/lib/systemd/timesync" - fi - - if [[ ${FAIL} ]]; then - eerror "One of the postinst commands failed. Please check the postinst output" - eerror "for errors. You may need to clean up your system and/or try installing" - eerror "systemd again." - eerror - fi - - if use boot; then - optfeature "installing kernels in systemd-boot's native layout and update loader entries" \ - "sys-kernel/installkernel[systemd-boot]" - fi - if use ukify; then - optfeature "generating unified kernel image on each kernel installation" \ - "sys-kernel/installkernel[ukify]" - fi -} - -pkg_prerm() { - # If removing systemd completely, remove the catalog database. - if [[ ! ${REPLACED_BY_VERSION} ]]; then - rm -f -v "${EROOT}"/var/lib/systemd/catalog/database - fi -} diff --git a/sys-apps/systemd/systemd-255.5.ebuild b/sys-apps/systemd/systemd-255.11.ebuild index 9ebc6c14fa23..210bbbf3c06e 100644 --- a/sys-apps/systemd/systemd-255.5.ebuild +++ b/sys-apps/systemd/systemd-255.11.ebuild @@ -25,7 +25,7 @@ else SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" if [[ ${PV} != *rc* ]] ; then - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" + KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" fi fi @@ -139,11 +139,11 @@ RDEPEND="${COMMON_DEPEND} ) sysv-utils? ( !sys-apps/openrc[sysv-utils(-)] + !sys-apps/openrc-navi[sysv-utils(-)] !sys-apps/sysvinit ) !sysv-utils? ( sys-apps/sysvinit ) resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] !sys-auth/nss-myhostname !sys-fs/eudev !sys-fs/udev @@ -175,8 +175,10 @@ BDEPEND=" $(python_gen_cond_dep " dev-python/jinja[\${PYTHON_USEDEP}] dev-python/lxml[\${PYTHON_USEDEP}] - boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] ) - ukify? ( test? ( ${PEFILE_DEPEND} ) ) + boot? ( + >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] + test? ( ${PEFILE_DEPEND} ) + ) ") " @@ -363,7 +365,7 @@ multilib_src_test() { addpredict /proc addpredict /run addpredict /sys/fs/cgroup - meson_src_test + meson_src_test --timeout-multiplier=10 ) || die } @@ -405,7 +407,11 @@ multilib_src_install_all() { keepdir /var/log/journal if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi fi if use kernel-install; then @@ -502,6 +508,11 @@ pkg_postinst() { ebegin "Reexecuting system manager (systemd)" systemctl daemon-reexec eend $? || FAIL=1 + + # https://lists.freedesktop.org/archives/systemd-devel/2024-June/050466.html + ebegin "Signaling user managers to reexec" + systemctl kill --kill-whom='main' --signal='SIGRTMIN+25' 'user@*.service' + eend $? fi if [[ ${FAIL} ]]; then diff --git a/sys-apps/systemd/systemd-255.4.ebuild b/sys-apps/systemd/systemd-255.12.ebuild index 85a4258f22bb..63f1789fde19 100644 --- a/sys-apps/systemd/systemd-255.4.ebuild +++ b/sys-apps/systemd/systemd-255.12.ebuild @@ -25,7 +25,7 @@ else SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" if [[ ${PV} != *rc* ]] ; then - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" fi fi @@ -139,11 +139,11 @@ RDEPEND="${COMMON_DEPEND} ) sysv-utils? ( !sys-apps/openrc[sysv-utils(-)] + !sys-apps/openrc-navi[sysv-utils(-)] !sys-apps/sysvinit ) !sysv-utils? ( sys-apps/sysvinit ) resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] !sys-auth/nss-myhostname !sys-fs/eudev !sys-fs/udev @@ -175,8 +175,10 @@ BDEPEND=" $(python_gen_cond_dep " dev-python/jinja[\${PYTHON_USEDEP}] dev-python/lxml[\${PYTHON_USEDEP}] - boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] ) - ukify? ( test? ( ${PEFILE_DEPEND} ) ) + boot? ( + >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] + test? ( ${PEFILE_DEPEND} ) + ) ") " @@ -244,7 +246,6 @@ src_unpack() { src_prepare() { local PATCHES=( "${FILESDIR}/systemd-test-process-util.patch" - "${FILESDIR}/255-install-format-overflow.patch" ) if ! use vanilla; then @@ -364,7 +365,7 @@ multilib_src_test() { addpredict /proc addpredict /run addpredict /sys/fs/cgroup - meson_src_test + meson_src_test --timeout-multiplier=10 ) || die } @@ -406,7 +407,11 @@ multilib_src_install_all() { keepdir /var/log/journal if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi fi if use kernel-install; then @@ -503,6 +508,11 @@ pkg_postinst() { ebegin "Reexecuting system manager (systemd)" systemctl daemon-reexec eend $? || FAIL=1 + + # https://lists.freedesktop.org/archives/systemd-devel/2024-June/050466.html + ebegin "Signaling user managers to reexec" + systemctl kill --kill-whom='main' --signal='SIGRTMIN+25' 'user@*.service' + eend $? fi if [[ ${FAIL} ]]; then diff --git a/sys-apps/systemd/systemd-255.3-r1.ebuild b/sys-apps/systemd/systemd-255.3-r1.ebuild deleted file mode 100644 index ee980ad26f52..000000000000 --- a/sys-apps/systemd/systemd-255.3-r1.ebuild +++ /dev/null @@ -1,527 +0,0 @@ -# Copyright 2011-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 -PYTHON_COMPAT=( python3_{10..12} ) - -# Avoid QA warnings -TMPFILES_OPTIONAL=1 -UDEV_OPTIONAL=1 - -QA_PKGCONFIG_VERSION=$(ver_cut 1) - -if [[ ${PV} == 9999 ]]; then - EGIT_REPO_URI="https://github.com/systemd/systemd.git" - inherit git-r3 -else - if [[ ${PV} == *.* ]]; then - MY_PN=systemd-stable - else - MY_PN=systemd - fi - MY_PV=${PV/_/-} - MY_P=${MY_PN}-${MY_PV} - S=${WORKDIR}/${MY_P} - SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" - - if [[ ${PV} != *rc* ]] ; then - KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" - fi -fi - -inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1 -inherit secureboot systemd toolchain-funcs udev - -DESCRIPTION="System and service manager for Linux" -HOMEPAGE="http://systemd.io/" - -LICENSE="GPL-2 LGPL-2.1 MIT public-domain" -SLOT="0/2" -IUSE=" - acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils - fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod - +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode - +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd -" -REQUIRED_USE=" - ${PYTHON_REQUIRED_USE} - dns-over-tls? ( || ( gnutls openssl ) ) - fido2? ( cryptsetup openssl ) - homed? ( cryptsetup pam openssl ) - importd? ( curl lzma || ( gcrypt openssl ) ) - pwquality? ( homed ) - boot? ( kernel-install ) - ukify? ( boot ) -" -RESTRICT="!test? ( test )" - -MINKV="4.15" - -COMMON_DEPEND=" - >=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}] - sys-libs/libcap:0=[${MULTILIB_USEDEP}] - virtual/libcrypt:=[${MULTILIB_USEDEP}] - acl? ( sys-apps/acl:0= ) - apparmor? ( >=sys-libs/libapparmor-2.13:0= ) - audit? ( >=sys-process/audit-2:0= ) - cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) - curl? ( >=net-misc/curl-7.32.0:0= ) - elfutils? ( >=dev-libs/elfutils-0.158:0= ) - fido2? ( dev-libs/libfido2:0= ) - gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) - gnutls? ( >=net-libs/gnutls-3.6.0:0= ) - http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) - idn? ( net-dns/libidn2:= ) - importd? ( - app-arch/bzip2:0= - sys-libs/zlib:0= - ) - kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - iptables? ( net-firewall/iptables:0= ) - openssl? ( >=dev-libs/openssl-1.1.0:0= ) - pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) - pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= ) - pcre? ( dev-libs/libpcre2 ) - pwquality? ( >=dev-libs/libpwquality-1.4.1:0= ) - qrcode? ( >=media-gfx/qrencode-3:0= ) - seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) - selinux? ( >=sys-libs/libselinux-2.1.9:0= ) - tpm? ( app-crypt/tpm2-tss:0= ) - xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) - zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) -" - -# Newer linux-headers needed by ia64, bug #480218 -DEPEND="${COMMON_DEPEND} - >=sys-kernel/linux-headers-${MINKV} -" - -PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' - -# baselayout-2.2 has /run -RDEPEND="${COMMON_DEPEND} - >=acct-group/adm-0-r1 - >=acct-group/wheel-0-r1 - >=acct-group/kmem-0-r1 - >=acct-group/tty-0-r1 - >=acct-group/utmp-0-r1 - >=acct-group/audio-0-r1 - >=acct-group/cdrom-0-r1 - >=acct-group/dialout-0-r1 - >=acct-group/disk-0-r1 - >=acct-group/input-0-r1 - >=acct-group/kvm-0-r1 - >=acct-group/lp-0-r1 - >=acct-group/render-0-r1 - acct-group/sgx - >=acct-group/tape-0-r1 - acct-group/users - >=acct-group/video-0-r1 - >=acct-group/systemd-journal-0-r1 - >=acct-user/root-0-r1 - acct-user/nobody - >=acct-user/systemd-journal-remote-0-r1 - >=acct-user/systemd-coredump-0-r1 - >=acct-user/systemd-network-0-r1 - acct-user/systemd-oom - >=acct-user/systemd-resolve-0-r1 - >=acct-user/systemd-timesync-0-r1 - >=sys-apps/baselayout-2.2 - ukify? ( - ${PYTHON_DEPS} - $(python_gen_cond_dep "${PEFILE_DEPEND}") - ) - selinux? ( - sec-policy/selinux-base-policy[systemd] - sec-policy/selinux-ntp - ) - sysv-utils? ( - !sys-apps/openrc[sysv-utils(-)] - !sys-apps/sysvinit - ) - !sysv-utils? ( sys-apps/sysvinit ) - resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] - !sys-auth/nss-myhostname - !sys-fs/eudev - !sys-fs/udev -" - -# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -PDEPEND=">=sys-apps/dbus-1.9.8[systemd] - >=sys-fs/udev-init-scripts-34 - policykit? ( sys-auth/polkit ) - !vanilla? ( sys-apps/gentoo-systemd-integration )" - -BDEPEND=" - app-arch/xz-utils:0 - dev-util/gperf - >=dev-build/meson-0.46 - >=sys-apps/coreutils-8.16 - sys-devel/gettext - virtual/pkgconfig - test? ( - app-text/tree - dev-lang/perl - sys-apps/dbus - ) - app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0 - ${PYTHON_DEPS} - $(python_gen_cond_dep " - dev-python/jinja[\${PYTHON_USEDEP}] - dev-python/lxml[\${PYTHON_USEDEP}] - boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] ) - ukify? ( test? ( ${PEFILE_DEPEND} ) ) - ") -" - -QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" -QA_EXECSTACK="usr/lib/systemd/boot/efi/*" - -pkg_pretend() { - if use split-usr; then - eerror "Please complete the migration to merged-usr." - eerror "https://wiki.gentoo.org/wiki/Merge-usr" - die "systemd no longer supports split-usr" - fi - if [[ ${MERGE_TYPE} != buildonly ]]; then - if use test && has pid-sandbox ${FEATURES}; then - ewarn "Tests are known to fail with PID sandboxing enabled." - ewarn "See https://bugs.gentoo.org/674458." - fi - - local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS - ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE - ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS - ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS - ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH - ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED - ~!SYSFS_DEPRECATED_V2" - - use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" - use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" - - if kernel_is -ge 5 10 20; then - CONFIG_CHECK+=" ~KCMP" - else - CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" - fi - - if kernel_is -ge 4 18; then - CONFIG_CHECK+=" ~AUTOFS_FS" - else - CONFIG_CHECK+=" ~AUTOFS4_FS" - fi - - if linux_config_exists; then - local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) - if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then - ewarn "It's recommended to set an empty value to the following kernel config option:" - ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" - fi - if linux_chkconfig_present X86; then - CONFIG_CHECK+=" ~DMIID" - fi - fi - - if kernel_is -lt ${MINKV//./ }; then - ewarn "Kernel version at least ${MINKV} required" - fi - - check_extra_config - fi -} - -pkg_setup() { - use boot && secureboot_pkg_setup -} - -src_unpack() { - default - [[ ${PV} != 9999 ]] || git-r3_src_unpack -} - -src_prepare() { - local PATCHES=( - ) - - if ! use vanilla; then - PATCHES+=( - "${FILESDIR}/gentoo-generator-path-r2.patch" - "${FILESDIR}/gentoo-journald-audit-r1.patch" - ) - fi - - default -} - -src_configure() { - # Prevent conflicts with i686 cross toolchain, bug 559726 - tc-export AR CC NM OBJCOPY RANLIB - - python_setup - - multilib-minimal_src_configure -} - -multilib_src_configure() { - local myconf=( - --localstatedir="${EPREFIX}/var" - # default is developer, bug 918671 - -Dmode=release - -Dsupport-url="https://gentoo.org/support/" - -Dpamlibdir="$(getpam_mod_dir)" - # avoid bash-completion dep - -Dbashcompletiondir="$(get_bashcompdir)" - -Dsplit-bin=false - # Disable compatibility with sysvinit - -Dsysvinit-path= - -Dsysvrcnd-path= - # Avoid infinite exec recursion, bug 642724 - -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" - # no deps - -Dima=true - -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) - # Match /etc/shells, bug 919749 - -Ddebug-shell="${EPREFIX}/bin/sh" - -Ddefault-user-shell="${EPREFIX}/bin/bash" - # Optional components/dependencies - $(meson_native_use_bool acl) - $(meson_native_use_bool apparmor) - $(meson_native_use_bool audit) - $(meson_native_use_bool boot bootloader) - $(meson_native_use_bool cryptsetup libcryptsetup) - $(meson_native_use_bool curl libcurl) - $(meson_native_use_bool dns-over-tls dns-over-tls) - $(meson_native_use_bool elfutils) - $(meson_native_use_bool fido2 libfido2) - $(meson_use gcrypt) - $(meson_native_use_bool gnutls) - $(meson_native_use_bool homed) - $(meson_native_use_bool http microhttpd) - $(meson_native_use_bool idn) - $(meson_native_use_bool importd) - $(meson_native_use_bool importd bzip2) - $(meson_native_use_bool importd zlib) - $(meson_native_use_bool kernel-install) - $(meson_native_use_bool kmod) - $(meson_use lz4) - $(meson_use lzma xz) - $(meson_use test tests) - $(meson_use zstd) - $(meson_native_use_bool iptables libiptc) - $(meson_native_use_bool openssl) - $(meson_use pam) - $(meson_native_use_bool pkcs11 p11kit) - $(meson_native_use_bool pcre pcre2) - $(meson_native_use_bool policykit polkit) - $(meson_native_use_bool pwquality) - $(meson_native_use_bool qrcode qrencode) - $(meson_native_use_bool seccomp) - $(meson_native_use_bool selinux) - $(meson_native_use_bool tpm tpm2) - $(meson_native_use_bool test dbus) - $(meson_native_use_bool ukify) - $(meson_native_use_bool xkb xkbcommon) - -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" - # Breaks screen, tmux, etc. - -Ddefault-kill-user-processes=false - -Dcreate-log-dirs=false - - # multilib options - $(meson_native_true backlight) - $(meson_native_true binfmt) - $(meson_native_true coredump) - $(meson_native_true environment-d) - $(meson_native_true firstboot) - $(meson_native_true hibernate) - $(meson_native_true hostnamed) - $(meson_native_true ldconfig) - $(meson_native_true localed) - $(meson_native_true man) - $(meson_native_true networkd) - $(meson_native_true quotacheck) - $(meson_native_true randomseed) - $(meson_native_true rfkill) - $(meson_native_true sysusers) - $(meson_native_true timedated) - $(meson_native_true timesyncd) - $(meson_native_true tmpfiles) - $(meson_native_true vconsole) - $(meson_native_enabled vmspawn) - ) - - meson_src_configure "${myconf[@]}" -} - -multilib_src_test() { - unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR - local -x COLUMNS=80 - meson_src_test -} - -multilib_src_install_all() { - # meson doesn't know about docdir - mv "${ED}"/usr/share/doc/{systemd,${PF}} || die - - einstalldocs - dodoc "${FILESDIR}"/nsswitch.conf - - insinto /usr/lib/tmpfiles.d - doins "${FILESDIR}"/legacy.conf - - if ! use resolvconf; then - rm -f "${ED}"/usr/bin/resolvconf || die - fi - - if ! use sysv-utils; then - rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die - rm "${ED}"/usr/share/man/man1/init.1 || die - rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die - fi - - # https://bugs.gentoo.org/761763 - rm -r "${ED}"/usr/lib/sysusers.d || die - - # Preserve empty dirs in /etc & /var, bug #437008 - keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} - keepdir /etc/kernel/install.d - keepdir /etc/systemd/{network,system,user} - keepdir /etc/udev/rules.d - - keepdir /etc/udev/hwdb.d - - keepdir /usr/lib/systemd/{system-sleep,system-shutdown} - keepdir /usr/lib/{binfmt.d,modules-load.d} - keepdir /usr/lib/systemd/user-generators - keepdir /var/lib/systemd - keepdir /var/log/journal - - if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user - fi - - if use kernel-install; then - # Dummy config, remove to make room for sys-kernel/installkernel - rm "${ED}/usr/lib/kernel/install.conf" || die - fi - - use ukify && python_fix_shebang "${ED}" - use boot && secureboot_auto_sign -} - -migrate_locale() { - local envd_locale_def="${EROOT}/etc/env.d/02locale" - local envd_locale=( "${EROOT}"/etc/env.d/??locale ) - local locale_conf="${EROOT}/etc/locale.conf" - - if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then - # If locale.conf does not exist... - if [[ -e ${envd_locale} ]]; then - # ...either copy env.d/??locale if there's one - ebegin "Moving ${envd_locale} to ${locale_conf}" - mv "${envd_locale}" "${locale_conf}" - eend ${?} || FAIL=1 - else - # ...or create a dummy default - ebegin "Creating ${locale_conf}" - cat > "${locale_conf}" <<-EOF - # This file has been created by the sys-apps/systemd ebuild. - # See locale.conf(5) and localectl(1). - - # LANG=${LANG} - EOF - eend ${?} || FAIL=1 - fi - fi - - if [[ ! -L ${envd_locale} ]]; then - # now, if env.d/??locale is not a symlink (to locale.conf)... - if [[ -e ${envd_locale} ]]; then - # ...warn the user that he has duplicate locale settings - ewarn - ewarn "To ensure consistent behavior, you should replace ${envd_locale}" - ewarn "with a symlink to ${locale_conf}. Please migrate your settings" - ewarn "and create the symlink with the following command:" - ewarn "ln -s -n -f ../locale.conf ${envd_locale}" - ewarn - else - # ...or just create the symlink if there's nothing here - ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" - ln -n -s ../locale.conf "${envd_locale_def}" - eend ${?} || FAIL=1 - fi - fi -} - -pkg_preinst() { - if [[ -e ${EROOT}/etc/sysctl.conf ]]; then - # Symlink /etc/sysctl.conf for easy migration. - dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf - fi - - if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then - ewarn "The 'gnuefi' USE flag has been renamed to 'boot'." - ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot." - fi -} - -pkg_postinst() { - systemd_update_catalog - - # Keep this here in case the database format changes so it gets updated - # when required. - systemd-hwdb --root="${ROOT}" update - - udev_reload || FAIL=1 - - # Bug 465468, make sure locales are respected, and ensure consistency - # between OpenRC & systemd - migrate_locale - - if [[ -z ${REPLACING_VERSIONS} ]]; then - if type systemctl &>/dev/null; then - systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 - fi - elog "To enable a useful set of services, run the following:" - elog " systemctl preset-all --preset-mode=enable-only" - fi - - if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then - rm "${EROOT}/var/lib/systemd/timesync" - fi - - if [[ -z ${ROOT} && -d /run/systemd/system ]]; then - ebegin "Reexecuting system manager (systemd)" - systemctl daemon-reexec - eend $? || FAIL=1 - fi - - if [[ ${FAIL} ]]; then - eerror "One of the postinst commands failed. Please check the postinst output" - eerror "for errors. You may need to clean up your system and/or try installing" - eerror "systemd again." - eerror - fi - - if use boot; then - optfeature "installing kernels in systemd-boot's native layout and update loader entries" \ - "sys-kernel/installkernel[systemd-boot]" - fi - if use ukify; then - optfeature "generating unified kernel image on each kernel installation" \ - "sys-kernel/installkernel[ukify]" - fi -} - -pkg_prerm() { - # If removing systemd completely, remove the catalog database. - if [[ ! ${REPLACED_BY_VERSION} ]]; then - rm -f -v "${EROOT}"/var/lib/systemd/catalog/database - fi -} diff --git a/sys-apps/systemd/systemd-255.6.ebuild b/sys-apps/systemd/systemd-255.6.ebuild deleted file mode 100644 index 9ebc6c14fa23..000000000000 --- a/sys-apps/systemd/systemd-255.6.ebuild +++ /dev/null @@ -1,529 +0,0 @@ -# Copyright 2011-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 -PYTHON_COMPAT=( python3_{10..12} ) - -# Avoid QA warnings -TMPFILES_OPTIONAL=1 -UDEV_OPTIONAL=1 - -QA_PKGCONFIG_VERSION=$(ver_cut 1) - -if [[ ${PV} == 9999 ]]; then - EGIT_REPO_URI="https://github.com/systemd/systemd.git" - inherit git-r3 -else - if [[ ${PV} == *.* ]]; then - MY_PN=systemd-stable - else - MY_PN=systemd - fi - MY_PV=${PV/_/-} - MY_P=${MY_PN}-${MY_PV} - S=${WORKDIR}/${MY_P} - SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" - - if [[ ${PV} != *rc* ]] ; then - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" - fi -fi - -inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1 -inherit secureboot systemd toolchain-funcs udev - -DESCRIPTION="System and service manager for Linux" -HOMEPAGE="http://systemd.io/" - -LICENSE="GPL-2 LGPL-2.1 MIT public-domain" -SLOT="0/2" -IUSE=" - acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils - fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod - +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode - +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd -" -REQUIRED_USE=" - ${PYTHON_REQUIRED_USE} - dns-over-tls? ( || ( gnutls openssl ) ) - fido2? ( cryptsetup openssl ) - homed? ( cryptsetup pam openssl ) - importd? ( curl lzma || ( gcrypt openssl ) ) - pwquality? ( homed ) - boot? ( kernel-install ) - ukify? ( boot ) -" -RESTRICT="!test? ( test )" - -MINKV="4.15" - -COMMON_DEPEND=" - >=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}] - sys-libs/libcap:0=[${MULTILIB_USEDEP}] - virtual/libcrypt:=[${MULTILIB_USEDEP}] - acl? ( sys-apps/acl:0= ) - apparmor? ( >=sys-libs/libapparmor-2.13:0= ) - audit? ( >=sys-process/audit-2:0= ) - cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) - curl? ( >=net-misc/curl-7.32.0:0= ) - elfutils? ( >=dev-libs/elfutils-0.158:0= ) - fido2? ( dev-libs/libfido2:0= ) - gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) - gnutls? ( >=net-libs/gnutls-3.6.0:0= ) - http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) - idn? ( net-dns/libidn2:= ) - importd? ( - app-arch/bzip2:0= - sys-libs/zlib:0= - ) - kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - iptables? ( net-firewall/iptables:0= ) - openssl? ( >=dev-libs/openssl-1.1.0:0= ) - pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) - pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= ) - pcre? ( dev-libs/libpcre2 ) - pwquality? ( >=dev-libs/libpwquality-1.4.1:0= ) - qrcode? ( >=media-gfx/qrencode-3:0= ) - seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) - selinux? ( >=sys-libs/libselinux-2.1.9:0= ) - tpm? ( app-crypt/tpm2-tss:0= ) - xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) - zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) -" - -# Newer linux-headers needed by ia64, bug #480218 -DEPEND="${COMMON_DEPEND} - >=sys-kernel/linux-headers-${MINKV} -" - -PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' - -# baselayout-2.2 has /run -RDEPEND="${COMMON_DEPEND} - >=acct-group/adm-0-r1 - >=acct-group/wheel-0-r1 - >=acct-group/kmem-0-r1 - >=acct-group/tty-0-r1 - >=acct-group/utmp-0-r1 - >=acct-group/audio-0-r1 - >=acct-group/cdrom-0-r1 - >=acct-group/dialout-0-r1 - >=acct-group/disk-0-r1 - >=acct-group/input-0-r1 - >=acct-group/kvm-0-r1 - >=acct-group/lp-0-r1 - >=acct-group/render-0-r1 - acct-group/sgx - >=acct-group/tape-0-r1 - acct-group/users - >=acct-group/video-0-r1 - >=acct-group/systemd-journal-0-r1 - >=acct-user/root-0-r1 - acct-user/nobody - >=acct-user/systemd-journal-remote-0-r1 - >=acct-user/systemd-coredump-0-r1 - >=acct-user/systemd-network-0-r1 - acct-user/systemd-oom - >=acct-user/systemd-resolve-0-r1 - >=acct-user/systemd-timesync-0-r1 - >=sys-apps/baselayout-2.2 - ukify? ( - ${PYTHON_DEPS} - $(python_gen_cond_dep "${PEFILE_DEPEND}") - ) - selinux? ( - sec-policy/selinux-base-policy[systemd] - sec-policy/selinux-ntp - ) - sysv-utils? ( - !sys-apps/openrc[sysv-utils(-)] - !sys-apps/sysvinit - ) - !sysv-utils? ( sys-apps/sysvinit ) - resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] - !sys-auth/nss-myhostname - !sys-fs/eudev - !sys-fs/udev -" - -# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -PDEPEND=">=sys-apps/dbus-1.9.8[systemd] - >=sys-fs/udev-init-scripts-34 - policykit? ( sys-auth/polkit ) - !vanilla? ( sys-apps/gentoo-systemd-integration )" - -BDEPEND=" - app-arch/xz-utils:0 - dev-util/gperf - >=dev-build/meson-0.46 - >=sys-apps/coreutils-8.16 - sys-devel/gettext - virtual/pkgconfig - test? ( - app-text/tree - dev-lang/perl - sys-apps/dbus - ) - app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0 - ${PYTHON_DEPS} - $(python_gen_cond_dep " - dev-python/jinja[\${PYTHON_USEDEP}] - dev-python/lxml[\${PYTHON_USEDEP}] - boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] ) - ukify? ( test? ( ${PEFILE_DEPEND} ) ) - ") -" - -QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" -QA_EXECSTACK="usr/lib/systemd/boot/efi/*" - -pkg_pretend() { - if use split-usr; then - eerror "Please complete the migration to merged-usr." - eerror "https://wiki.gentoo.org/wiki/Merge-usr" - die "systemd no longer supports split-usr" - fi - if [[ ${MERGE_TYPE} != buildonly ]]; then - local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS - ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE - ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS - ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS - ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH - ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED - ~!SYSFS_DEPRECATED_V2" - - use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" - use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" - - if kernel_is -ge 5 10 20; then - CONFIG_CHECK+=" ~KCMP" - else - CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" - fi - - if kernel_is -ge 4 18; then - CONFIG_CHECK+=" ~AUTOFS_FS" - else - CONFIG_CHECK+=" ~AUTOFS4_FS" - fi - - if linux_config_exists; then - local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) - if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then - ewarn "It's recommended to set an empty value to the following kernel config option:" - ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" - fi - if linux_chkconfig_present X86; then - CONFIG_CHECK+=" ~DMIID" - fi - fi - - if kernel_is -lt ${MINKV//./ }; then - ewarn "Kernel version at least ${MINKV} required" - fi - - check_extra_config - fi -} - -pkg_setup() { - use boot && secureboot_pkg_setup -} - -src_unpack() { - default - [[ ${PV} != 9999 ]] || git-r3_src_unpack -} - -src_prepare() { - local PATCHES=( - "${FILESDIR}/systemd-test-process-util.patch" - ) - - if ! use vanilla; then - PATCHES+=( - "${FILESDIR}/gentoo-generator-path-r2.patch" - "${FILESDIR}/gentoo-journald-audit-r1.patch" - ) - fi - - default -} - -src_configure() { - # Prevent conflicts with i686 cross toolchain, bug 559726 - tc-export AR CC NM OBJCOPY RANLIB - - python_setup - - multilib-minimal_src_configure -} - -multilib_src_configure() { - local myconf=( - --localstatedir="${EPREFIX}/var" - # default is developer, bug 918671 - -Dmode=release - -Dsupport-url="https://gentoo.org/support/" - -Dpamlibdir="$(getpam_mod_dir)" - # avoid bash-completion dep - -Dbashcompletiondir="$(get_bashcompdir)" - -Dsplit-bin=false - # Disable compatibility with sysvinit - -Dsysvinit-path= - -Dsysvrcnd-path= - # Avoid infinite exec recursion, bug 642724 - -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" - # no deps - -Dima=true - -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) - # Match /etc/shells, bug 919749 - -Ddebug-shell="${EPREFIX}/bin/sh" - -Ddefault-user-shell="${EPREFIX}/bin/bash" - # Optional components/dependencies - $(meson_native_use_bool acl) - $(meson_native_use_bool apparmor) - $(meson_native_use_bool audit) - $(meson_native_use_bool boot bootloader) - $(meson_native_use_bool cryptsetup libcryptsetup) - $(meson_native_use_bool curl libcurl) - $(meson_native_use_bool dns-over-tls dns-over-tls) - $(meson_native_use_bool elfutils) - $(meson_native_use_bool fido2 libfido2) - $(meson_use gcrypt) - $(meson_native_use_bool gnutls) - $(meson_native_use_bool homed) - $(meson_native_use_bool http microhttpd) - $(meson_native_use_bool idn) - $(meson_native_use_bool importd) - $(meson_native_use_bool importd bzip2) - $(meson_native_use_bool importd zlib) - $(meson_native_use_bool kernel-install) - $(meson_native_use_bool kmod) - $(meson_use lz4) - $(meson_use lzma xz) - $(meson_use test tests) - $(meson_use zstd) - $(meson_native_use_bool iptables libiptc) - $(meson_native_use_bool openssl) - $(meson_use pam) - $(meson_native_use_bool pkcs11 p11kit) - $(meson_native_use_bool pcre pcre2) - $(meson_native_use_bool policykit polkit) - $(meson_native_use_bool pwquality) - $(meson_native_use_bool qrcode qrencode) - $(meson_native_use_bool seccomp) - $(meson_native_use_bool selinux) - $(meson_native_use_bool tpm tpm2) - $(meson_native_use_bool test dbus) - $(meson_native_use_bool ukify) - $(meson_native_use_bool xkb xkbcommon) - -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" - # Breaks screen, tmux, etc. - -Ddefault-kill-user-processes=false - -Dcreate-log-dirs=false - - # multilib options - $(meson_native_true backlight) - $(meson_native_true binfmt) - $(meson_native_true coredump) - $(meson_native_true environment-d) - $(meson_native_true firstboot) - $(meson_native_true hibernate) - $(meson_native_true hostnamed) - $(meson_native_true ldconfig) - $(meson_native_true localed) - $(meson_native_true man) - $(meson_native_true networkd) - $(meson_native_true quotacheck) - $(meson_native_true randomseed) - $(meson_native_true rfkill) - $(meson_native_true sysusers) - $(meson_native_true timedated) - $(meson_native_true timesyncd) - $(meson_native_true tmpfiles) - $(meson_native_true vconsole) - $(meson_native_enabled vmspawn) - ) - - meson_src_configure "${myconf[@]}" -} - -multilib_src_test() { - ( - unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR - export COLUMNS=80 - addpredict /dev - addpredict /proc - addpredict /run - addpredict /sys/fs/cgroup - meson_src_test - ) || die -} - -multilib_src_install_all() { - # meson doesn't know about docdir - mv "${ED}"/usr/share/doc/{systemd,${PF}} || die - - einstalldocs - dodoc "${FILESDIR}"/nsswitch.conf - - insinto /usr/lib/tmpfiles.d - doins "${FILESDIR}"/legacy.conf - - if ! use resolvconf; then - rm -f "${ED}"/usr/bin/resolvconf || die - fi - - if ! use sysv-utils; then - rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die - rm "${ED}"/usr/share/man/man1/init.1 || die - rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die - fi - - # https://bugs.gentoo.org/761763 - rm -r "${ED}"/usr/lib/sysusers.d || die - - # Preserve empty dirs in /etc & /var, bug #437008 - keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} - keepdir /etc/kernel/install.d - keepdir /etc/systemd/{network,system,user} - keepdir /etc/udev/rules.d - - keepdir /etc/udev/hwdb.d - - keepdir /usr/lib/systemd/{system-sleep,system-shutdown} - keepdir /usr/lib/{binfmt.d,modules-load.d} - keepdir /usr/lib/systemd/user-generators - keepdir /var/lib/systemd - keepdir /var/log/journal - - if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user - fi - - if use kernel-install; then - # Dummy config, remove to make room for sys-kernel/installkernel - rm "${ED}/usr/lib/kernel/install.conf" || die - fi - - use ukify && python_fix_shebang "${ED}" - use boot && secureboot_auto_sign -} - -migrate_locale() { - local envd_locale_def="${EROOT}/etc/env.d/02locale" - local envd_locale=( "${EROOT}"/etc/env.d/??locale ) - local locale_conf="${EROOT}/etc/locale.conf" - - if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then - # If locale.conf does not exist... - if [[ -e ${envd_locale} ]]; then - # ...either copy env.d/??locale if there's one - ebegin "Moving ${envd_locale} to ${locale_conf}" - mv "${envd_locale}" "${locale_conf}" - eend ${?} || FAIL=1 - else - # ...or create a dummy default - ebegin "Creating ${locale_conf}" - cat > "${locale_conf}" <<-EOF - # This file has been created by the sys-apps/systemd ebuild. - # See locale.conf(5) and localectl(1). - - # LANG=${LANG} - EOF - eend ${?} || FAIL=1 - fi - fi - - if [[ ! -L ${envd_locale} ]]; then - # now, if env.d/??locale is not a symlink (to locale.conf)... - if [[ -e ${envd_locale} ]]; then - # ...warn the user that he has duplicate locale settings - ewarn - ewarn "To ensure consistent behavior, you should replace ${envd_locale}" - ewarn "with a symlink to ${locale_conf}. Please migrate your settings" - ewarn "and create the symlink with the following command:" - ewarn "ln -s -n -f ../locale.conf ${envd_locale}" - ewarn - else - # ...or just create the symlink if there's nothing here - ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" - ln -n -s ../locale.conf "${envd_locale_def}" - eend ${?} || FAIL=1 - fi - fi -} - -pkg_preinst() { - if [[ -e ${EROOT}/etc/sysctl.conf ]]; then - # Symlink /etc/sysctl.conf for easy migration. - dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf - fi - - if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then - ewarn "The 'gnuefi' USE flag has been renamed to 'boot'." - ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot." - fi -} - -pkg_postinst() { - systemd_update_catalog - - # Keep this here in case the database format changes so it gets updated - # when required. - systemd-hwdb --root="${ROOT}" update - - udev_reload || FAIL=1 - - # Bug 465468, make sure locales are respected, and ensure consistency - # between OpenRC & systemd - migrate_locale - - if [[ -z ${REPLACING_VERSIONS} ]]; then - if type systemctl &>/dev/null; then - systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 - fi - elog "To enable a useful set of services, run the following:" - elog " systemctl preset-all --preset-mode=enable-only" - fi - - if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then - rm "${EROOT}/var/lib/systemd/timesync" - fi - - if [[ -z ${ROOT} && -d /run/systemd/system ]]; then - ebegin "Reexecuting system manager (systemd)" - systemctl daemon-reexec - eend $? || FAIL=1 - fi - - if [[ ${FAIL} ]]; then - eerror "One of the postinst commands failed. Please check the postinst output" - eerror "for errors. You may need to clean up your system and/or try installing" - eerror "systemd again." - eerror - fi - - if use boot; then - optfeature "installing kernels in systemd-boot's native layout and update loader entries" \ - "sys-kernel/installkernel[systemd-boot]" - fi - if use ukify; then - optfeature "generating unified kernel image on each kernel installation" \ - "sys-kernel/installkernel[ukify]" - fi -} - -pkg_prerm() { - # If removing systemd completely, remove the catalog database. - if [[ ! ${REPLACED_BY_VERSION} ]]; then - rm -f -v "${EROOT}"/var/lib/systemd/catalog/database - fi -} diff --git a/sys-apps/systemd/systemd-255.5-r2.ebuild b/sys-apps/systemd/systemd-255.7-r1.ebuild index 533779767069..210bbbf3c06e 100644 --- a/sys-apps/systemd/systemd-255.5-r2.ebuild +++ b/sys-apps/systemd/systemd-255.7-r1.ebuild @@ -25,7 +25,7 @@ else SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" if [[ ${PV} != *rc* ]] ; then - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" + KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" fi fi @@ -139,11 +139,11 @@ RDEPEND="${COMMON_DEPEND} ) sysv-utils? ( !sys-apps/openrc[sysv-utils(-)] + !sys-apps/openrc-navi[sysv-utils(-)] !sys-apps/sysvinit ) !sysv-utils? ( sys-apps/sysvinit ) resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] !sys-auth/nss-myhostname !sys-fs/eudev !sys-fs/udev @@ -175,8 +175,10 @@ BDEPEND=" $(python_gen_cond_dep " dev-python/jinja[\${PYTHON_USEDEP}] dev-python/lxml[\${PYTHON_USEDEP}] - boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] ) - ukify? ( test? ( ${PEFILE_DEPEND} ) ) + boot? ( + >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] + test? ( ${PEFILE_DEPEND} ) + ) ") " @@ -244,9 +246,6 @@ src_unpack() { src_prepare() { local PATCHES=( "${FILESDIR}/systemd-test-process-util.patch" - "${FILESDIR}/255-dnssec.patch" - "${FILESDIR}/255-dnssec-2.patch" - "${FILESDIR}/255-dnssec-3.patch" ) if ! use vanilla; then @@ -366,7 +365,7 @@ multilib_src_test() { addpredict /proc addpredict /run addpredict /sys/fs/cgroup - meson_src_test + meson_src_test --timeout-multiplier=10 ) || die } @@ -408,7 +407,11 @@ multilib_src_install_all() { keepdir /var/log/journal if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi fi if use kernel-install; then @@ -505,6 +508,11 @@ pkg_postinst() { ebegin "Reexecuting system manager (systemd)" systemctl daemon-reexec eend $? || FAIL=1 + + # https://lists.freedesktop.org/archives/systemd-devel/2024-June/050466.html + ebegin "Signaling user managers to reexec" + systemctl kill --kill-whom='main' --signal='SIGRTMIN+25' 'user@*.service' + eend $? fi if [[ ${FAIL} ]]; then diff --git a/sys-apps/systemd/systemd-255.5-r1.ebuild b/sys-apps/systemd/systemd-256.6.ebuild index 5b851ace01ec..f957b4c395ee 100644 --- a/sys-apps/systemd/systemd-255.5-r1.ebuild +++ b/sys-apps/systemd/systemd-256.6.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=8 -PYTHON_COMPAT=( python3_{10..12} ) +PYTHON_COMPAT=( python3_{10..13} ) # Avoid QA warnings TMPFILES_OPTIONAL=1 @@ -14,18 +14,13 @@ if [[ ${PV} == 9999 ]]; then EGIT_REPO_URI="https://github.com/systemd/systemd.git" inherit git-r3 else - if [[ ${PV} == *.* ]]; then - MY_PN=systemd-stable - else - MY_PN=systemd - fi MY_PV=${PV/_/-} - MY_P=${MY_PN}-${MY_PV} + MY_P=${PN}-${MY_PV} S=${WORKDIR}/${MY_P} - SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" + SRC_URI="https://github.com/systemd/${PN}/archive/refs/tags/v${MY_PV}.tar.gz -> ${MY_P}.tar.gz" if [[ ${PV} != *rc* ]] ; then - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" fi fi @@ -33,12 +28,12 @@ inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-singl inherit secureboot systemd toolchain-funcs udev DESCRIPTION="System and service manager for Linux" -HOMEPAGE="http://systemd.io/" +HOMEPAGE="https://systemd.io/" LICENSE="GPL-2 LGPL-2.1 MIT public-domain" SLOT="0/2" IUSE=" - acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils + acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd @@ -64,6 +59,7 @@ COMMON_DEPEND=" acl? ( sys-apps/acl:0= ) apparmor? ( >=sys-libs/libapparmor-2.13:0= ) audit? ( >=sys-process/audit-2:0= ) + bpf? ( >=dev-libs/libbpf-1.4.0:0= ) cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) curl? ( >=net-misc/curl-7.32.0:0= ) elfutils? ( >=dev-libs/elfutils-0.158:0= ) @@ -139,11 +135,11 @@ RDEPEND="${COMMON_DEPEND} ) sysv-utils? ( !sys-apps/openrc[sysv-utils(-)] + !sys-apps/openrc-navi[sysv-utils(-)] !sys-apps/sysvinit ) !sysv-utils? ( sys-apps/sysvinit ) resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] !sys-auth/nss-myhostname !sys-fs/eudev !sys-fs/udev @@ -162,6 +158,10 @@ BDEPEND=" >=sys-apps/coreutils-8.16 sys-devel/gettext virtual/pkgconfig + bpf? ( + dev-util/bpftool + sys-devel/bpf-toolchain + ) test? ( app-text/tree dev-lang/perl @@ -175,20 +175,48 @@ BDEPEND=" $(python_gen_cond_dep " dev-python/jinja[\${PYTHON_USEDEP}] dev-python/lxml[\${PYTHON_USEDEP}] - boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] ) - ukify? ( test? ( ${PEFILE_DEPEND} ) ) + boot? ( + >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] + test? ( ${PEFILE_DEPEND} ) + ) ") " QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" QA_EXECSTACK="usr/lib/systemd/boot/efi/*" +check_cgroup_layout() { + # https://bugs.gentoo.org/935261 + [[ ${MERGE_TYPE} != buildonly ]] || return + [[ -z ${ROOT} ]] || return + [[ -e /sys/fs/cgroup/unified ]] || return + grep -q 'SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1' /proc/cmdline && return + + eerror "This system appears to be booted with the 'hybrid' cgroup layout." + eerror "This layout obsolete and is disabled in systemd." + + if grep -qF 'systemd.unified_cgroup_hierarchy'; then + eerror "Remove the systemd.unified_cgroup_hierarchy option" + eerror "from the kernel command line and reboot." + die "hybrid cgroup layout detected" + fi +} + pkg_pretend() { if use split-usr; then eerror "Please complete the migration to merged-usr." eerror "https://wiki.gentoo.org/wiki/Merge-usr" die "systemd no longer supports split-usr" fi + + check_cgroup_layout + + if use cgroup-hybrid; then + eerror "Disable the 'cgroup-hybrid' USE flag." + eerror "Rebuild any initramfs images after rebuilding systemd." + die "cgroup-hybrid is no longer supported" + fi + if [[ ${MERGE_TYPE} != buildonly ]]; then local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE @@ -199,6 +227,7 @@ pkg_pretend() { ~!SYSFS_DEPRECATED_V2" use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" + use bpf && CONFIG_CHECK+=" ~BPF ~BPF_SYSCALL ~BPF_LSM ~DEBUG_INFO_BTF" use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" if kernel_is -ge 5 10 20; then @@ -244,12 +273,11 @@ src_unpack() { src_prepare() { local PATCHES=( "${FILESDIR}/systemd-test-process-util.patch" - "${FILESDIR}/255-dnssec.patch" + "${FILESDIR}/256-bpf-gcc.patch" ) if ! use vanilla; then PATCHES+=( - "${FILESDIR}/gentoo-generator-path-r2.patch" "${FILESDIR}/gentoo-journald-audit-r1.patch" ) fi @@ -279,11 +307,8 @@ multilib_src_configure() { # Disable compatibility with sysvinit -Dsysvinit-path= -Dsysvrcnd-path= - # Avoid infinite exec recursion, bug 642724 - -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" # no deps -Dima=true - -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) # Match /etc/shells, bug 919749 -Ddebug-shell="${EPREFIX}/bin/sh" -Ddefault-user-shell="${EPREFIX}/bin/bash" @@ -292,6 +317,8 @@ multilib_src_configure() { $(meson_native_use_bool apparmor) $(meson_native_use_bool audit) $(meson_native_use_bool boot bootloader) + $(meson_native_use_bool bpf bpf-framework) + -Dbpf-compiler=gcc $(meson_native_use_bool cryptsetup libcryptsetup) $(meson_native_use_bool curl libcurl) $(meson_native_use_bool dns-over-tls dns-over-tls) @@ -350,9 +377,16 @@ multilib_src_configure() { $(meson_native_true timesyncd) $(meson_native_true tmpfiles) $(meson_native_true vconsole) - $(meson_native_enabled vmspawn) ) + case $(tc-arch) in + amd64|arm|arm64|ppc|ppc64|s390|x86) + # src/vmspawn/vmspawn-util.h: QEMU_MACHINE_TYPE + myconf+=( $(meson_native_enabled vmspawn) ) ;; + *) + myconf+=( -Dvmspawn=disabled ) ;; + esac + meson_src_configure "${myconf[@]}" } @@ -364,7 +398,7 @@ multilib_src_test() { addpredict /proc addpredict /run addpredict /sys/fs/cgroup - meson_src_test + meson_src_test --timeout-multiplier=10 ) || die } @@ -406,7 +440,11 @@ multilib_src_install_all() { keepdir /var/log/journal if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi fi if use kernel-install; then @@ -503,6 +541,11 @@ pkg_postinst() { ebegin "Reexecuting system manager (systemd)" systemctl daemon-reexec eend $? || FAIL=1 + + # https://lists.freedesktop.org/archives/systemd-devel/2024-June/050466.html + ebegin "Signaling user managers to reexec" + systemctl kill --kill-whom='main' --signal='SIGRTMIN+25' 'user@*.service' + eend $? fi if [[ ${FAIL} ]]; then diff --git a/sys-apps/systemd/systemd-256.7.ebuild b/sys-apps/systemd/systemd-256.7.ebuild new file mode 100644 index 000000000000..f957b4c395ee --- /dev/null +++ b/sys-apps/systemd/systemd-256.7.ebuild @@ -0,0 +1,573 @@ +# Copyright 2011-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +PYTHON_COMPAT=( python3_{10..13} ) + +# Avoid QA warnings +TMPFILES_OPTIONAL=1 +UDEV_OPTIONAL=1 + +QA_PKGCONFIG_VERSION=$(ver_cut 1) + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="https://github.com/systemd/systemd.git" + inherit git-r3 +else + MY_PV=${PV/_/-} + MY_P=${PN}-${MY_PV} + S=${WORKDIR}/${MY_P} + SRC_URI="https://github.com/systemd/${PN}/archive/refs/tags/v${MY_PV}.tar.gz -> ${MY_P}.tar.gz" + + if [[ ${PV} != *rc* ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" + fi +fi + +inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1 +inherit secureboot systemd toolchain-funcs udev + +DESCRIPTION="System and service manager for Linux" +HOMEPAGE="https://systemd.io/" + +LICENSE="GPL-2 LGPL-2.1 MIT public-domain" +SLOT="0/2" +IUSE=" + acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils + fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod + +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode + +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd +" +REQUIRED_USE=" + ${PYTHON_REQUIRED_USE} + dns-over-tls? ( || ( gnutls openssl ) ) + fido2? ( cryptsetup openssl ) + homed? ( cryptsetup pam openssl ) + importd? ( curl lzma || ( gcrypt openssl ) ) + pwquality? ( homed ) + boot? ( kernel-install ) + ukify? ( boot ) +" +RESTRICT="!test? ( test )" + +MINKV="4.15" + +COMMON_DEPEND=" + >=sys-apps/util-linux-2.32:0=[${MULTILIB_USEDEP}] + sys-libs/libcap:0=[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + acl? ( sys-apps/acl:0= ) + apparmor? ( >=sys-libs/libapparmor-2.13:0= ) + audit? ( >=sys-process/audit-2:0= ) + bpf? ( >=dev-libs/libbpf-1.4.0:0= ) + cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) + curl? ( >=net-misc/curl-7.32.0:0= ) + elfutils? ( >=dev-libs/elfutils-0.158:0= ) + fido2? ( dev-libs/libfido2:0= ) + gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) + gnutls? ( >=net-libs/gnutls-3.6.0:0= ) + http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) + idn? ( net-dns/libidn2:= ) + importd? ( + app-arch/bzip2:0= + sys-libs/zlib:0= + ) + kmod? ( >=sys-apps/kmod-15:0= ) + lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) + iptables? ( net-firewall/iptables:0= ) + openssl? ( >=dev-libs/openssl-1.1.0:0= ) + pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) + pkcs11? ( >=app-crypt/p11-kit-0.23.3:0= ) + pcre? ( dev-libs/libpcre2 ) + pwquality? ( >=dev-libs/libpwquality-1.4.1:0= ) + qrcode? ( >=media-gfx/qrencode-3:0= ) + seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) + selinux? ( >=sys-libs/libselinux-2.1.9:0= ) + tpm? ( app-crypt/tpm2-tss:0= ) + xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) + zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) +" + +# Newer linux-headers needed by ia64, bug #480218 +DEPEND="${COMMON_DEPEND} + >=sys-kernel/linux-headers-${MINKV} +" + +PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' + +# baselayout-2.2 has /run +RDEPEND="${COMMON_DEPEND} + >=acct-group/adm-0-r1 + >=acct-group/wheel-0-r1 + >=acct-group/kmem-0-r1 + >=acct-group/tty-0-r1 + >=acct-group/utmp-0-r1 + >=acct-group/audio-0-r1 + >=acct-group/cdrom-0-r1 + >=acct-group/dialout-0-r1 + >=acct-group/disk-0-r1 + >=acct-group/input-0-r1 + >=acct-group/kvm-0-r1 + >=acct-group/lp-0-r1 + >=acct-group/render-0-r1 + acct-group/sgx + >=acct-group/tape-0-r1 + acct-group/users + >=acct-group/video-0-r1 + >=acct-group/systemd-journal-0-r1 + >=acct-user/root-0-r1 + acct-user/nobody + >=acct-user/systemd-journal-remote-0-r1 + >=acct-user/systemd-coredump-0-r1 + >=acct-user/systemd-network-0-r1 + acct-user/systemd-oom + >=acct-user/systemd-resolve-0-r1 + >=acct-user/systemd-timesync-0-r1 + >=sys-apps/baselayout-2.2 + ukify? ( + ${PYTHON_DEPS} + $(python_gen_cond_dep "${PEFILE_DEPEND}") + ) + selinux? ( + sec-policy/selinux-base-policy[systemd] + sec-policy/selinux-ntp + ) + sysv-utils? ( + !sys-apps/openrc[sysv-utils(-)] + !sys-apps/openrc-navi[sysv-utils(-)] + !sys-apps/sysvinit + ) + !sysv-utils? ( sys-apps/sysvinit ) + resolvconf? ( !net-dns/openresolv ) + !sys-auth/nss-myhostname + !sys-fs/eudev + !sys-fs/udev +" + +# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) +PDEPEND=">=sys-apps/dbus-1.9.8[systemd] + >=sys-fs/udev-init-scripts-34 + policykit? ( sys-auth/polkit ) + !vanilla? ( sys-apps/gentoo-systemd-integration )" + +BDEPEND=" + app-arch/xz-utils:0 + dev-util/gperf + >=dev-build/meson-0.46 + >=sys-apps/coreutils-8.16 + sys-devel/gettext + virtual/pkgconfig + bpf? ( + dev-util/bpftool + sys-devel/bpf-toolchain + ) + test? ( + app-text/tree + dev-lang/perl + sys-apps/dbus + ) + app-text/docbook-xml-dtd:4.2 + app-text/docbook-xml-dtd:4.5 + app-text/docbook-xsl-stylesheets + dev-libs/libxslt:0 + ${PYTHON_DEPS} + $(python_gen_cond_dep " + dev-python/jinja[\${PYTHON_USEDEP}] + dev-python/lxml[\${PYTHON_USEDEP}] + boot? ( + >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] + test? ( ${PEFILE_DEPEND} ) + ) + ") +" + +QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" +QA_EXECSTACK="usr/lib/systemd/boot/efi/*" + +check_cgroup_layout() { + # https://bugs.gentoo.org/935261 + [[ ${MERGE_TYPE} != buildonly ]] || return + [[ -z ${ROOT} ]] || return + [[ -e /sys/fs/cgroup/unified ]] || return + grep -q 'SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1' /proc/cmdline && return + + eerror "This system appears to be booted with the 'hybrid' cgroup layout." + eerror "This layout obsolete and is disabled in systemd." + + if grep -qF 'systemd.unified_cgroup_hierarchy'; then + eerror "Remove the systemd.unified_cgroup_hierarchy option" + eerror "from the kernel command line and reboot." + die "hybrid cgroup layout detected" + fi +} + +pkg_pretend() { + if use split-usr; then + eerror "Please complete the migration to merged-usr." + eerror "https://wiki.gentoo.org/wiki/Merge-usr" + die "systemd no longer supports split-usr" + fi + + check_cgroup_layout + + if use cgroup-hybrid; then + eerror "Disable the 'cgroup-hybrid' USE flag." + eerror "Rebuild any initramfs images after rebuilding systemd." + die "cgroup-hybrid is no longer supported" + fi + + if [[ ${MERGE_TYPE} != buildonly ]]; then + local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS + ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE + ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS + ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS + ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH + ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED + ~!SYSFS_DEPRECATED_V2" + + use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" + use bpf && CONFIG_CHECK+=" ~BPF ~BPF_SYSCALL ~BPF_LSM ~DEBUG_INFO_BTF" + use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" + + if kernel_is -ge 5 10 20; then + CONFIG_CHECK+=" ~KCMP" + else + CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" + fi + + if kernel_is -ge 4 18; then + CONFIG_CHECK+=" ~AUTOFS_FS" + else + CONFIG_CHECK+=" ~AUTOFS4_FS" + fi + + if linux_config_exists; then + local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) + if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then + ewarn "It's recommended to set an empty value to the following kernel config option:" + ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" + fi + if linux_chkconfig_present X86; then + CONFIG_CHECK+=" ~DMIID" + fi + fi + + if kernel_is -lt ${MINKV//./ }; then + ewarn "Kernel version at least ${MINKV} required" + fi + + check_extra_config + fi +} + +pkg_setup() { + use boot && secureboot_pkg_setup +} + +src_unpack() { + default + [[ ${PV} != 9999 ]] || git-r3_src_unpack +} + +src_prepare() { + local PATCHES=( + "${FILESDIR}/systemd-test-process-util.patch" + "${FILESDIR}/256-bpf-gcc.patch" + ) + + if ! use vanilla; then + PATCHES+=( + "${FILESDIR}/gentoo-journald-audit-r1.patch" + ) + fi + + default +} + +src_configure() { + # Prevent conflicts with i686 cross toolchain, bug 559726 + tc-export AR CC NM OBJCOPY RANLIB + + python_setup + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myconf=( + --localstatedir="${EPREFIX}/var" + # default is developer, bug 918671 + -Dmode=release + -Dsupport-url="https://gentoo.org/support/" + -Dpamlibdir="$(getpam_mod_dir)" + # avoid bash-completion dep + -Dbashcompletiondir="$(get_bashcompdir)" + -Dsplit-bin=false + # Disable compatibility with sysvinit + -Dsysvinit-path= + -Dsysvrcnd-path= + # no deps + -Dima=true + # Match /etc/shells, bug 919749 + -Ddebug-shell="${EPREFIX}/bin/sh" + -Ddefault-user-shell="${EPREFIX}/bin/bash" + # Optional components/dependencies + $(meson_native_use_bool acl) + $(meson_native_use_bool apparmor) + $(meson_native_use_bool audit) + $(meson_native_use_bool boot bootloader) + $(meson_native_use_bool bpf bpf-framework) + -Dbpf-compiler=gcc + $(meson_native_use_bool cryptsetup libcryptsetup) + $(meson_native_use_bool curl libcurl) + $(meson_native_use_bool dns-over-tls dns-over-tls) + $(meson_native_use_bool elfutils) + $(meson_native_use_bool fido2 libfido2) + $(meson_use gcrypt) + $(meson_native_use_bool gnutls) + $(meson_native_use_bool homed) + $(meson_native_use_bool http microhttpd) + $(meson_native_use_bool idn) + $(meson_native_use_bool importd) + $(meson_native_use_bool importd bzip2) + $(meson_native_use_bool importd zlib) + $(meson_native_use_bool kernel-install) + $(meson_native_use_bool kmod) + $(meson_use lz4) + $(meson_use lzma xz) + $(meson_use test tests) + $(meson_use zstd) + $(meson_native_use_bool iptables libiptc) + $(meson_native_use_bool openssl) + $(meson_use pam) + $(meson_native_use_bool pkcs11 p11kit) + $(meson_native_use_bool pcre pcre2) + $(meson_native_use_bool policykit polkit) + $(meson_native_use_bool pwquality) + $(meson_native_use_bool qrcode qrencode) + $(meson_native_use_bool seccomp) + $(meson_native_use_bool selinux) + $(meson_native_use_bool tpm tpm2) + $(meson_native_use_bool test dbus) + $(meson_native_use_bool ukify) + $(meson_native_use_bool xkb xkbcommon) + -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" + # Breaks screen, tmux, etc. + -Ddefault-kill-user-processes=false + -Dcreate-log-dirs=false + + # multilib options + $(meson_native_true backlight) + $(meson_native_true binfmt) + $(meson_native_true coredump) + $(meson_native_true environment-d) + $(meson_native_true firstboot) + $(meson_native_true hibernate) + $(meson_native_true hostnamed) + $(meson_native_true ldconfig) + $(meson_native_true localed) + $(meson_native_true man) + $(meson_native_true networkd) + $(meson_native_true quotacheck) + $(meson_native_true randomseed) + $(meson_native_true rfkill) + $(meson_native_true sysusers) + $(meson_native_true timedated) + $(meson_native_true timesyncd) + $(meson_native_true tmpfiles) + $(meson_native_true vconsole) + ) + + case $(tc-arch) in + amd64|arm|arm64|ppc|ppc64|s390|x86) + # src/vmspawn/vmspawn-util.h: QEMU_MACHINE_TYPE + myconf+=( $(meson_native_enabled vmspawn) ) ;; + *) + myconf+=( -Dvmspawn=disabled ) ;; + esac + + meson_src_configure "${myconf[@]}" +} + +multilib_src_test() { + ( + unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR + export COLUMNS=80 + addpredict /dev + addpredict /proc + addpredict /run + addpredict /sys/fs/cgroup + meson_src_test --timeout-multiplier=10 + ) || die +} + +multilib_src_install_all() { + # meson doesn't know about docdir + mv "${ED}"/usr/share/doc/{systemd,${PF}} || die + + einstalldocs + dodoc "${FILESDIR}"/nsswitch.conf + + insinto /usr/lib/tmpfiles.d + doins "${FILESDIR}"/legacy.conf + + if ! use resolvconf; then + rm -f "${ED}"/usr/bin/resolvconf || die + fi + + if ! use sysv-utils; then + rm "${ED}"/usr/bin/{halt,init,poweroff,reboot,shutdown} || die + rm "${ED}"/usr/share/man/man1/init.1 || die + rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die + fi + + # https://bugs.gentoo.org/761763 + rm -r "${ED}"/usr/lib/sysusers.d || die + + # Preserve empty dirs in /etc & /var, bug #437008 + keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} + keepdir /etc/kernel/install.d + keepdir /etc/systemd/{network,system,user} + keepdir /etc/udev/rules.d + + keepdir /etc/udev/hwdb.d + + keepdir /usr/lib/systemd/{system-sleep,system-shutdown} + keepdir /usr/lib/{binfmt.d,modules-load.d} + keepdir /usr/lib/systemd/user-generators + keepdir /var/lib/systemd + keepdir /var/log/journal + + if use pam; then + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi + fi + + if use kernel-install; then + # Dummy config, remove to make room for sys-kernel/installkernel + rm "${ED}/usr/lib/kernel/install.conf" || die + fi + + use ukify && python_fix_shebang "${ED}" + use boot && secureboot_auto_sign +} + +migrate_locale() { + local envd_locale_def="${EROOT}/etc/env.d/02locale" + local envd_locale=( "${EROOT}"/etc/env.d/??locale ) + local locale_conf="${EROOT}/etc/locale.conf" + + if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then + # If locale.conf does not exist... + if [[ -e ${envd_locale} ]]; then + # ...either copy env.d/??locale if there's one + ebegin "Moving ${envd_locale} to ${locale_conf}" + mv "${envd_locale}" "${locale_conf}" + eend ${?} || FAIL=1 + else + # ...or create a dummy default + ebegin "Creating ${locale_conf}" + cat > "${locale_conf}" <<-EOF + # This file has been created by the sys-apps/systemd ebuild. + # See locale.conf(5) and localectl(1). + + # LANG=${LANG} + EOF + eend ${?} || FAIL=1 + fi + fi + + if [[ ! -L ${envd_locale} ]]; then + # now, if env.d/??locale is not a symlink (to locale.conf)... + if [[ -e ${envd_locale} ]]; then + # ...warn the user that he has duplicate locale settings + ewarn + ewarn "To ensure consistent behavior, you should replace ${envd_locale}" + ewarn "with a symlink to ${locale_conf}. Please migrate your settings" + ewarn "and create the symlink with the following command:" + ewarn "ln -s -n -f ../locale.conf ${envd_locale}" + ewarn + else + # ...or just create the symlink if there's nothing here + ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" + ln -n -s ../locale.conf "${envd_locale_def}" + eend ${?} || FAIL=1 + fi + fi +} + +pkg_preinst() { + if [[ -e ${EROOT}/etc/sysctl.conf ]]; then + # Symlink /etc/sysctl.conf for easy migration. + dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf + fi + + if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then + ewarn "The 'gnuefi' USE flag has been renamed to 'boot'." + ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot." + fi +} + +pkg_postinst() { + systemd_update_catalog + + # Keep this here in case the database format changes so it gets updated + # when required. + systemd-hwdb --root="${ROOT}" update + + udev_reload || FAIL=1 + + # Bug 465468, make sure locales are respected, and ensure consistency + # between OpenRC & systemd + migrate_locale + + if [[ -z ${REPLACING_VERSIONS} ]]; then + if type systemctl &>/dev/null; then + systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 + fi + elog "To enable a useful set of services, run the following:" + elog " systemctl preset-all --preset-mode=enable-only" + fi + + if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then + rm "${EROOT}/var/lib/systemd/timesync" + fi + + if [[ -z ${ROOT} && -d /run/systemd/system ]]; then + ebegin "Reexecuting system manager (systemd)" + systemctl daemon-reexec + eend $? || FAIL=1 + + # https://lists.freedesktop.org/archives/systemd-devel/2024-June/050466.html + ebegin "Signaling user managers to reexec" + systemctl kill --kill-whom='main' --signal='SIGRTMIN+25' 'user@*.service' + eend $? + fi + + if [[ ${FAIL} ]]; then + eerror "One of the postinst commands failed. Please check the postinst output" + eerror "for errors. You may need to clean up your system and/or try installing" + eerror "systemd again." + eerror + fi + + if use boot; then + optfeature "installing kernels in systemd-boot's native layout and update loader entries" \ + "sys-kernel/installkernel[systemd-boot]" + fi + if use ukify; then + optfeature "generating unified kernel image on each kernel installation" \ + "sys-kernel/installkernel[ukify]" + fi +} + +pkg_prerm() { + # If removing systemd completely, remove the catalog database. + if [[ ! ${REPLACED_BY_VERSION} ]]; then + rm -f -v "${EROOT}"/var/lib/systemd/catalog/database + fi +} diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild index 9ebc6c14fa23..013ea2fdc445 100644 --- a/sys-apps/systemd/systemd-9999.ebuild +++ b/sys-apps/systemd/systemd-9999.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=8 -PYTHON_COMPAT=( python3_{10..12} ) +PYTHON_COMPAT=( python3_{10..13} ) # Avoid QA warnings TMPFILES_OPTIONAL=1 @@ -14,18 +14,13 @@ if [[ ${PV} == 9999 ]]; then EGIT_REPO_URI="https://github.com/systemd/systemd.git" inherit git-r3 else - if [[ ${PV} == *.* ]]; then - MY_PN=systemd-stable - else - MY_PN=systemd - fi MY_PV=${PV/_/-} - MY_P=${MY_PN}-${MY_PV} + MY_P=${PN}-${MY_PV} S=${WORKDIR}/${MY_P} - SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" + SRC_URI="https://github.com/systemd/${PN}/archive/refs/tags/v${MY_PV}.tar.gz -> ${MY_P}.tar.gz" if [[ ${PV} != *rc* ]] ; then - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" fi fi @@ -33,12 +28,12 @@ inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-singl inherit secureboot systemd toolchain-funcs udev DESCRIPTION="System and service manager for Linux" -HOMEPAGE="http://systemd.io/" +HOMEPAGE="https://systemd.io/" LICENSE="GPL-2 LGPL-2.1 MIT public-domain" SLOT="0/2" IUSE=" - acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils + acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd @@ -64,6 +59,7 @@ COMMON_DEPEND=" acl? ( sys-apps/acl:0= ) apparmor? ( >=sys-libs/libapparmor-2.13:0= ) audit? ( >=sys-process/audit-2:0= ) + bpf? ( >=dev-libs/libbpf-1.4.0:0= ) cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) curl? ( >=net-misc/curl-7.32.0:0= ) elfutils? ( >=dev-libs/elfutils-0.158:0= ) @@ -139,11 +135,11 @@ RDEPEND="${COMMON_DEPEND} ) sysv-utils? ( !sys-apps/openrc[sysv-utils(-)] + !sys-apps/openrc-navi[sysv-utils(-)] !sys-apps/sysvinit ) !sysv-utils? ( sys-apps/sysvinit ) resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] !sys-auth/nss-myhostname !sys-fs/eudev !sys-fs/udev @@ -162,6 +158,10 @@ BDEPEND=" >=sys-apps/coreutils-8.16 sys-devel/gettext virtual/pkgconfig + bpf? ( + dev-util/bpftool + sys-devel/bpf-toolchain + ) test? ( app-text/tree dev-lang/perl @@ -175,20 +175,48 @@ BDEPEND=" $(python_gen_cond_dep " dev-python/jinja[\${PYTHON_USEDEP}] dev-python/lxml[\${PYTHON_USEDEP}] - boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] ) - ukify? ( test? ( ${PEFILE_DEPEND} ) ) + boot? ( + >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] + test? ( ${PEFILE_DEPEND} ) + ) ") " QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" QA_EXECSTACK="usr/lib/systemd/boot/efi/*" +check_cgroup_layout() { + # https://bugs.gentoo.org/935261 + [[ ${MERGE_TYPE} != buildonly ]] || return + [[ -z ${ROOT} ]] || return + [[ -e /sys/fs/cgroup/unified ]] || return + grep -q 'SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1' /proc/cmdline && return + + eerror "This system appears to be booted with the 'hybrid' cgroup layout." + eerror "This layout obsolete and is disabled in systemd." + + if grep -qF 'systemd.unified_cgroup_hierarchy'; then + eerror "Remove the systemd.unified_cgroup_hierarchy option" + eerror "from the kernel command line and reboot." + die "hybrid cgroup layout detected" + fi +} + pkg_pretend() { if use split-usr; then eerror "Please complete the migration to merged-usr." eerror "https://wiki.gentoo.org/wiki/Merge-usr" die "systemd no longer supports split-usr" fi + + check_cgroup_layout + + if use cgroup-hybrid; then + eerror "Disable the 'cgroup-hybrid' USE flag." + eerror "Rebuild any initramfs images after rebuilding systemd." + die "cgroup-hybrid is no longer supported" + fi + if [[ ${MERGE_TYPE} != buildonly ]]; then local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE @@ -199,6 +227,7 @@ pkg_pretend() { ~!SYSFS_DEPRECATED_V2" use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" + use bpf && CONFIG_CHECK+=" ~BPF ~BPF_SYSCALL ~BPF_LSM ~DEBUG_INFO_BTF" use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" if kernel_is -ge 5 10 20; then @@ -248,7 +277,6 @@ src_prepare() { if ! use vanilla; then PATCHES+=( - "${FILESDIR}/gentoo-generator-path-r2.patch" "${FILESDIR}/gentoo-journald-audit-r1.patch" ) fi @@ -278,11 +306,8 @@ multilib_src_configure() { # Disable compatibility with sysvinit -Dsysvinit-path= -Dsysvrcnd-path= - # Avoid infinite exec recursion, bug 642724 - -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" # no deps -Dima=true - -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) # Match /etc/shells, bug 919749 -Ddebug-shell="${EPREFIX}/bin/sh" -Ddefault-user-shell="${EPREFIX}/bin/bash" @@ -291,6 +316,8 @@ multilib_src_configure() { $(meson_native_use_bool apparmor) $(meson_native_use_bool audit) $(meson_native_use_bool boot bootloader) + $(meson_native_use_bool bpf bpf-framework) + -Dbpf-compiler=gcc $(meson_native_use_bool cryptsetup libcryptsetup) $(meson_native_use_bool curl libcurl) $(meson_native_use_bool dns-over-tls dns-over-tls) @@ -349,9 +376,16 @@ multilib_src_configure() { $(meson_native_true timesyncd) $(meson_native_true tmpfiles) $(meson_native_true vconsole) - $(meson_native_enabled vmspawn) ) + case $(tc-arch) in + amd64|arm|arm64|loong|ppc|ppc64|riscv|s390|x86) + # src/vmspawn/vmspawn-util.h: QEMU_MACHINE_TYPE + myconf+=( $(meson_native_enabled vmspawn) ) ;; + *) + myconf+=( -Dvmspawn=disabled ) ;; + esac + meson_src_configure "${myconf[@]}" } @@ -363,7 +397,7 @@ multilib_src_test() { addpredict /proc addpredict /run addpredict /sys/fs/cgroup - meson_src_test + meson_src_test --timeout-multiplier=10 ) || die } @@ -405,7 +439,11 @@ multilib_src_install_all() { keepdir /var/log/journal if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi fi if use kernel-install; then @@ -502,6 +540,11 @@ pkg_postinst() { ebegin "Reexecuting system manager (systemd)" systemctl daemon-reexec eend $? || FAIL=1 + + # https://lists.freedesktop.org/archives/systemd-devel/2024-June/050466.html + ebegin "Signaling user managers to reexec" + systemctl kill --kill-whom='main' --signal='SIGRTMIN+25' 'user@*.service' + eend $? fi if [[ ${FAIL} ]]; then |