summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Gilbert <floppym@gentoo.org>2022-10-15 14:46:50 -0400
committerMike Gilbert <floppym@gentoo.org>2022-10-15 14:56:29 -0400
commit7d0552dd88132307519bcb349972936dc1f32ff1 (patch)
treebca6499f8e2946ed773b8cd7ab374e3770281086 /sys-apps
parentsys-cluster/kube-scheduler: drop 1.25.0 (diff)
downloadgentoo-7d0552dd88132307519bcb349972936dc1f32ff1.tar.gz
gentoo-7d0552dd88132307519bcb349972936dc1f32ff1.tar.bz2
gentoo-7d0552dd88132307519bcb349972936dc1f32ff1.zip
sys-apps/systemd: add 252_rc1
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
Diffstat (limited to 'sys-apps')
-rw-r--r--sys-apps/systemd/Manifest1
-rw-r--r--sys-apps/systemd/files/252-rc1-cryptsetup.patch226
-rw-r--r--sys-apps/systemd/systemd-252_rc1.ebuild527
3 files changed, 754 insertions, 0 deletions
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index eccabd7097fe..2110f060a8ac 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,3 +1,4 @@
+DIST systemd-252-rc1.tar.gz 11718698 BLAKE2B 599c5c125c0fb0477ea71195491962db230cbaa2c610afbb14a475263f356f160a77ba7321f425cb6db837649ccbce971f80daaf5524ace03362777a71e7a9b5 SHA512 e249eb39da41aca1bc371c9e2b61f135227b0653e4e175c4c6453b0ca4e1cd50894c005d4ef267b5122af4f339cd9b5a4b90a98c4f84f998f96a7ca1ed637d28
DIST systemd-stable-251.3.tar.gz 11435458 BLAKE2B 544238536848ab390b2476d5ad95d33998674be50020b8db0627bb9d0c86be6576c404ce786b01ceec86f1c75b174c6fc2d7e0d7fbab802a78f48c9d0915c2b8 SHA512 fb5b8dc1742562ef95469e90d406cfb6dfcb337860ad1208b460414b88ff0565071bde797d195faa62761206abc881829de6b1009e5d727cad2dfe0764310d5f
DIST systemd-stable-251.4.tar.gz 11440203 BLAKE2B 58a0ee4adcc9d35b15b9cc98b3da81d1103b61a6c0bee722468a5113cd7d6de1d40c46ef964ba9ecc4746e81b516ae4b2f1d046874d62db066735c652592612e SHA512 7bbfadd80b88a4c3510a5e4e3572e4eab71dafbf6289da038e552988e09ee8da16da3c9bb8a4fbbde6c6236e0e3c352b0a33f9ee0b84f10241f3499383387738
DIST systemd-stable-251.5.tar.gz 11444428 BLAKE2B 96df35dae789b11ead1960e1139046972a29c41f74ca800e0fafd84e6a8c238f8d4a30e2991ee94e07e866bc0c3137774ee116f276ac1203cca85254ccf91913 SHA512 2c645a694d45a2670920115529c5f34001153dafe26e5c4e65f8d1a37922a351569d056fc002f1af72dfc173988f93e11893460f64b497e3d5fc339083dcb2fa
diff --git a/sys-apps/systemd/files/252-rc1-cryptsetup.patch b/sys-apps/systemd/files/252-rc1-cryptsetup.patch
new file mode 100644
index 000000000000..54b4ce1ea0aa
--- /dev/null
+++ b/sys-apps/systemd/files/252-rc1-cryptsetup.patch
@@ -0,0 +1,226 @@
+From bbf73b00697e77ca35ae60109418da77f257be52 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Tue, 11 Oct 2022 20:35:34 +0200
+Subject: [PATCH 1/2] cryptsetup-util: Always define dlopen_cryptsetup()
+
+---
+ src/shared/cryptsetup-util.c | 118 ++++++++++++++++++-----------------
+ src/shared/cryptsetup-util.h | 4 +-
+ 2 files changed, 63 insertions(+), 59 deletions(-)
+
+diff --git a/src/shared/cryptsetup-util.c b/src/shared/cryptsetup-util.c
+index da6dcb2f093a..401e7a3f9c7d 100644
+--- a/src/shared/cryptsetup-util.c
++++ b/src/shared/cryptsetup-util.c
+@@ -50,63 +50,6 @@ int (*sym_crypt_token_max)(const char *type);
+ crypt_token_info (*sym_crypt_token_status)(struct crypt_device *cd, int token, const char **type);
+ int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size);
+
+-int dlopen_cryptsetup(void) {
+- int r;
+-
+- r = dlopen_many_sym_or_warn(
+- &cryptsetup_dl, "libcryptsetup.so.12", LOG_DEBUG,
+- DLSYM_ARG(crypt_activate_by_passphrase),
+-#if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
+- DLSYM_ARG(crypt_activate_by_signed_key),
+-#endif
+- DLSYM_ARG(crypt_activate_by_volume_key),
+- DLSYM_ARG(crypt_deactivate_by_name),
+- DLSYM_ARG(crypt_format),
+- DLSYM_ARG(crypt_free),
+- DLSYM_ARG(crypt_get_cipher),
+- DLSYM_ARG(crypt_get_cipher_mode),
+- DLSYM_ARG(crypt_get_data_offset),
+- DLSYM_ARG(crypt_get_device_name),
+- DLSYM_ARG(crypt_get_dir),
+- DLSYM_ARG(crypt_get_type),
+- DLSYM_ARG(crypt_get_uuid),
+- DLSYM_ARG(crypt_get_verity_info),
+- DLSYM_ARG(crypt_get_volume_key_size),
+- DLSYM_ARG(crypt_init),
+- DLSYM_ARG(crypt_init_by_name),
+- DLSYM_ARG(crypt_keyslot_add_by_volume_key),
+- DLSYM_ARG(crypt_keyslot_destroy),
+- DLSYM_ARG(crypt_keyslot_max),
+- DLSYM_ARG(crypt_load),
+- DLSYM_ARG(crypt_resize),
+- DLSYM_ARG(crypt_resume_by_passphrase),
+- DLSYM_ARG(crypt_set_data_device),
+- DLSYM_ARG(crypt_set_debug_level),
+- DLSYM_ARG(crypt_set_log_callback),
+-#if HAVE_CRYPT_SET_METADATA_SIZE
+- DLSYM_ARG(crypt_set_metadata_size),
+-#endif
+- DLSYM_ARG(crypt_set_pbkdf_type),
+- DLSYM_ARG(crypt_suspend),
+- DLSYM_ARG(crypt_token_json_get),
+- DLSYM_ARG(crypt_token_json_set),
+-#if HAVE_CRYPT_TOKEN_MAX
+- DLSYM_ARG(crypt_token_max),
+-#endif
+- DLSYM_ARG(crypt_token_status),
+- DLSYM_ARG(crypt_volume_key_get));
+- if (r <= 0)
+- return r;
+-
+- /* Redirect the default logging calls of libcryptsetup to our own logging infra. (Note that
+- * libcryptsetup also maintains per-"struct crypt_device" log functions, which we'll also set
+- * whenever allocating a "struct crypt_device" context. Why set both? To be defensive: maybe some
+- * other code loaded into this process also changes the global log functions of libcryptsetup, who
+- * knows? And if so, we still want our own objects to log via our own infra, at the very least.) */
+- cryptsetup_enable_logging(NULL);
+- return 1;
+-}
+-
+ static void cryptsetup_log_glue(int level, const char *msg, void *usrptr) {
+
+ switch (level) {
+@@ -246,6 +189,67 @@ int cryptsetup_add_token_json(struct crypt_device *cd, JsonVariant *v) {
+ }
+ #endif
+
++int dlopen_cryptsetup(void) {
++#if HAVE_LIBCRYPTSETUP
++ int r;
++
++ r = dlopen_many_sym_or_warn(
++ &cryptsetup_dl, "libcryptsetup.so.12", LOG_DEBUG,
++ DLSYM_ARG(crypt_activate_by_passphrase),
++#if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
++ DLSYM_ARG(crypt_activate_by_signed_key),
++#endif
++ DLSYM_ARG(crypt_activate_by_volume_key),
++ DLSYM_ARG(crypt_deactivate_by_name),
++ DLSYM_ARG(crypt_format),
++ DLSYM_ARG(crypt_free),
++ DLSYM_ARG(crypt_get_cipher),
++ DLSYM_ARG(crypt_get_cipher_mode),
++ DLSYM_ARG(crypt_get_data_offset),
++ DLSYM_ARG(crypt_get_device_name),
++ DLSYM_ARG(crypt_get_dir),
++ DLSYM_ARG(crypt_get_type),
++ DLSYM_ARG(crypt_get_uuid),
++ DLSYM_ARG(crypt_get_verity_info),
++ DLSYM_ARG(crypt_get_volume_key_size),
++ DLSYM_ARG(crypt_init),
++ DLSYM_ARG(crypt_init_by_name),
++ DLSYM_ARG(crypt_keyslot_add_by_volume_key),
++ DLSYM_ARG(crypt_keyslot_destroy),
++ DLSYM_ARG(crypt_keyslot_max),
++ DLSYM_ARG(crypt_load),
++ DLSYM_ARG(crypt_resize),
++ DLSYM_ARG(crypt_resume_by_passphrase),
++ DLSYM_ARG(crypt_set_data_device),
++ DLSYM_ARG(crypt_set_debug_level),
++ DLSYM_ARG(crypt_set_log_callback),
++#if HAVE_CRYPT_SET_METADATA_SIZE
++ DLSYM_ARG(crypt_set_metadata_size),
++#endif
++ DLSYM_ARG(crypt_set_pbkdf_type),
++ DLSYM_ARG(crypt_suspend),
++ DLSYM_ARG(crypt_token_json_get),
++ DLSYM_ARG(crypt_token_json_set),
++#if HAVE_CRYPT_TOKEN_MAX
++ DLSYM_ARG(crypt_token_max),
++#endif
++ DLSYM_ARG(crypt_token_status),
++ DLSYM_ARG(crypt_volume_key_get));
++ if (r <= 0)
++ return r;
++
++ /* Redirect the default logging calls of libcryptsetup to our own logging infra. (Note that
++ * libcryptsetup also maintains per-"struct crypt_device" log functions, which we'll also set
++ * whenever allocating a "struct crypt_device" context. Why set both? To be defensive: maybe some
++ * other code loaded into this process also changes the global log functions of libcryptsetup, who
++ * knows? And if so, we still want our own objects to log via our own infra, at the very least.) */
++ cryptsetup_enable_logging(NULL);
++ return 1;
++#else
++ return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "cryptsetup support is not compiled in.");
++#endif
++}
++
+ int cryptsetup_get_keyslot_from_token(JsonVariant *v) {
+ int keyslot, r;
+ JsonVariant *w;
+diff --git a/src/shared/cryptsetup-util.h b/src/shared/cryptsetup-util.h
+index b1ce07ec8a50..b390dc9a5cbb 100644
+--- a/src/shared/cryptsetup-util.h
++++ b/src/shared/cryptsetup-util.h
+@@ -65,8 +65,6 @@ static inline int crypt_token_max(_unused_ const char *type) {
+ extern crypt_token_info (*sym_crypt_token_status)(struct crypt_device *cd, int token, const char **type);
+ extern int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size);
+
+-int dlopen_cryptsetup(void);
+-
+ DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct crypt_device *, crypt_free, NULL);
+ DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct crypt_device *, sym_crypt_free, NULL);
+
+@@ -91,6 +89,8 @@ static inline void sym_crypt_freep(struct crypt_device** cd) {}
+
+ #endif
+
++int dlopen_cryptsetup(void);
++
+ int cryptsetup_get_keyslot_from_token(JsonVariant *v);
+
+ static inline const char *mangle_none(const char *s) {
+
+From 86bebe385f6e35ecec708e44dae2b896f5bfa770 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Tue, 11 Oct 2022 20:36:03 +0200
+Subject: [PATCH 2/2] repart: Always define VerityMode from/to string functions
+
+---
+ src/partition/repart.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/partition/repart.c b/src/partition/repart.c
+index a0f7d4164500..dd544d6415a9 100644
+--- a/src/partition/repart.c
++++ b/src/partition/repart.c
+@@ -255,12 +255,11 @@ static const char *verity_mode_table[_VERITY_MODE_MAX] = {
+
+ #if HAVE_LIBCRYPTSETUP
+ DEFINE_PRIVATE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(encrypt_mode, EncryptMode, ENCRYPT_KEY_FILE);
+-DEFINE_PRIVATE_STRING_TABLE_LOOKUP(verity_mode, VerityMode);
+ #else
+ DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_BOOLEAN(encrypt_mode, EncryptMode, ENCRYPT_KEY_FILE);
+-DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(verity_mode, VerityMode);
+ #endif
+
++DEFINE_PRIVATE_STRING_TABLE_LOOKUP(verity_mode, VerityMode);
+
+ static uint64_t round_down_size(uint64_t v, uint64_t p) {
+ return (v / p) * p;
+From 748367c72368031ca0ef32fadd394c4bcacc126a Mon Sep 17 00:00:00 2001
+From: David Seifert <soap@gentoo.org>
+Date: Wed, 12 Oct 2022 21:47:29 +0200
+Subject: [PATCH] gpt-auto: allow using without cryptsetup
+
+Fixes #24978
+---
+ src/gpt-auto-generator/gpt-auto-generator.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c
+index 31377d877d5c..5584eb22af1a 100644
+--- a/src/gpt-auto-generator/gpt-auto-generator.c
++++ b/src/gpt-auto-generator/gpt-auto-generator.c
+@@ -571,11 +571,15 @@ static int add_root_rw(DissectedPartition *p) {
+
+ #if ENABLE_EFI
+ static int add_root_cryptsetup(void) {
++#if HAVE_LIBCRYPTSETUP
+
+ /* If a device /dev/gpt-auto-root-luks appears, then make it pull in systemd-cryptsetup-root.service, which
+ * sets it up, and causes /dev/gpt-auto-root to appear which is all we are looking for. */
+
+ return add_cryptsetup("root", "/dev/gpt-auto-root-luks", true, false, NULL);
++#else
++ return 0;
++#endif
+ }
+ #endif
+
diff --git a/sys-apps/systemd/systemd-252_rc1.ebuild b/sys-apps/systemd/systemd-252_rc1.ebuild
new file mode 100644
index 000000000000..6d2654a50d90
--- /dev/null
+++ b/sys-apps/systemd/systemd-252_rc1.ebuild
@@ -0,0 +1,527 @@
+# Copyright 2011-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+PYTHON_COMPAT=( python3_{8..11} )
+
+# Avoid QA warnings
+TMPFILES_OPTIONAL=1
+UDEV_OPTIONAL=1
+
+QA_PKGCONFIG_VERSION=$(ver_cut 1)
+
+if [[ ${PV} == 9999 ]]; then
+ EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+ inherit git-r3
+else
+ if [[ ${PV} == *.* ]]; then
+ MY_PN=systemd-stable
+ else
+ MY_PN=systemd
+ fi
+ MY_PV=${PV/_/-}
+ MY_P=${MY_PN}-${MY_PV}
+ S=${WORKDIR}/${MY_P}
+ SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
+ #KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+fi
+
+inherit bash-completion-r1 flag-o-matic linux-info meson-multilib pam python-any-r1 systemd toolchain-funcs udev usr-ldscript
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="http://systemd.io/"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="
+ acl apparmor audit build cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
+ fido2 +gcrypt gnuefi gnutls homed http idn importd iptables +kmod
+ +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
+ +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd
+"
+REQUIRED_USE="
+ dns-over-tls? ( || ( gnutls openssl ) )
+ homed? ( cryptsetup pam openssl )
+ importd? ( curl lzma || ( gcrypt openssl ) )
+ pwquality? ( homed )
+"
+RESTRICT="!test? ( test )"
+
+MINKV="4.15"
+
+COMMON_DEPEND="
+ >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+ sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+ virtual/libcrypt:=[${MULTILIB_USEDEP}]
+ acl? ( sys-apps/acl:0= )
+ apparmor? ( sys-libs/libapparmor:0= )
+ audit? ( >=sys-process/audit-2:0= )
+ cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
+ curl? ( net-misc/curl:0= )
+ elfutils? ( >=dev-libs/elfutils-0.158:0= )
+ fido2? ( dev-libs/libfido2:0= )
+ gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+ gnutls? ( >=net-libs/gnutls-3.6.0:0= )
+ http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )
+ idn? ( net-dns/libidn2:= )
+ importd? (
+ app-arch/bzip2:0=
+ sys-libs/zlib:0=
+ )
+ kmod? ( >=sys-apps/kmod-15:0= )
+ lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+ iptables? ( net-firewall/iptables:0= )
+ openssl? ( >=dev-libs/openssl-1.1.0:0= )
+ pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
+ pkcs11? ( app-crypt/p11-kit:0= )
+ pcre? ( dev-libs/libpcre2 )
+ pwquality? ( dev-libs/libpwquality:0= )
+ qrcode? ( media-gfx/qrencode:0= )
+ seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+ selinux? ( sys-libs/libselinux:0= )
+ tpm? ( app-crypt/tpm2-tss:0= )
+ xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
+ zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )
+"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+ >=sys-kernel/linux-headers-${MINKV}
+ gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
+"
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+ >=acct-group/adm-0-r1
+ >=acct-group/wheel-0-r1
+ >=acct-group/kmem-0-r1
+ >=acct-group/tty-0-r1
+ >=acct-group/utmp-0-r1
+ >=acct-group/audio-0-r1
+ >=acct-group/cdrom-0-r1
+ >=acct-group/dialout-0-r1
+ >=acct-group/disk-0-r1
+ >=acct-group/input-0-r1
+ >=acct-group/kvm-0-r1
+ >=acct-group/lp-0-r1
+ >=acct-group/render-0-r1
+ acct-group/sgx
+ >=acct-group/tape-0-r1
+ acct-group/users
+ >=acct-group/video-0-r1
+ >=acct-group/systemd-journal-0-r1
+ >=acct-user/root-0-r1
+ acct-user/nobody
+ >=acct-user/systemd-journal-remote-0-r1
+ >=acct-user/systemd-coredump-0-r1
+ >=acct-user/systemd-network-0-r1
+ acct-user/systemd-oom
+ >=acct-user/systemd-resolve-0-r1
+ >=acct-user/systemd-timesync-0-r1
+ >=sys-apps/baselayout-2.2
+ selinux? (
+ sec-policy/selinux-base-policy[systemd]
+ sec-policy/selinux-ntp
+ )
+ sysv-utils? (
+ !sys-apps/openrc[sysv-utils(-)]
+ !sys-apps/sysvinit
+ )
+ !sysv-utils? ( sys-apps/sysvinit )
+ resolvconf? ( !net-dns/openresolv )
+ !build? ( || (
+ sys-apps/util-linux[kill(-)]
+ sys-process/procps[kill(+)]
+ sys-apps/coreutils[kill(-)]
+ ) )
+ !sys-apps/hwids[udev]
+ !sys-auth/nss-myhostname
+ !sys-fs/eudev
+ !sys-fs/udev
+"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+ >=sys-fs/udev-init-scripts-34
+ policykit? ( sys-auth/polkit )
+ !vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+BDEPEND="
+ app-arch/xz-utils:0
+ dev-util/gperf
+ >=dev-util/meson-0.46
+ >=sys-apps/coreutils-8.16
+ sys-devel/gettext
+ virtual/pkgconfig
+ test? (
+ app-text/tree
+ dev-lang/perl
+ sys-apps/dbus
+ )
+ app-text/docbook-xml-dtd:4.2
+ app-text/docbook-xml-dtd:4.5
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt:0
+ $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]')
+ $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
+"
+
+python_check_deps() {
+ python_has_version "dev-python/jinja[${PYTHON_USEDEP}]" &&
+ python_has_version "dev-python/lxml[${PYTHON_USEDEP}]"
+}
+
+QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"
+QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
+
+pkg_pretend() {
+ if [[ ${MERGE_TYPE} != buildonly ]]; then
+ if use test && has pid-sandbox ${FEATURES}; then
+ ewarn "Tests are known to fail with PID sandboxing enabled."
+ ewarn "See https://bugs.gentoo.org/674458."
+ fi
+
+ local CONFIG_CHECK=" ~BINFMT_MISC ~BLK_DEV_BSG ~CGROUPS
+ ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+ ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+ ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS
+ ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+ ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+ ~!SYSFS_DEPRECATED_V2"
+
+ use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+ use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+
+ if kernel_is -ge 5 10 20; then
+ CONFIG_CHECK+=" ~KCMP"
+ else
+ CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"
+ fi
+
+ if kernel_is -ge 4 18; then
+ CONFIG_CHECK+=" ~AUTOFS_FS"
+ else
+ CONFIG_CHECK+=" ~AUTOFS4_FS"
+ fi
+
+ if linux_config_exists; then
+ local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+ if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+ ewarn "It's recommended to set an empty value to the following kernel config option:"
+ ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+ fi
+ if linux_chkconfig_present X86; then
+ CONFIG_CHECK+=" ~DMIID"
+ fi
+ fi
+
+ if kernel_is -lt ${MINKV//./ }; then
+ ewarn "Kernel version at least ${MINKV} required"
+ fi
+
+ check_extra_config
+ fi
+}
+
+pkg_setup() {
+ :
+}
+
+src_unpack() {
+ default
+ [[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+ local PATCHES=(
+ "${FILESDIR}/252-rc1-cryptsetup.patch"
+ )
+
+ if ! use vanilla; then
+ PATCHES+=(
+ "${FILESDIR}/gentoo-generator-path-r2.patch"
+ "${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
+ "${FILESDIR}/gentoo-journald-audit.patch"
+ )
+ fi
+
+ # Fails with split-usr.
+ sed -i -e '2i exit 77' test/test-rpm-macros.sh || die
+
+ default
+}
+
+src_configure() {
+ # Prevent conflicts with i686 cross toolchain, bug 559726
+ tc-export AR CC NM OBJCOPY RANLIB
+
+ # Broken with FORTIFY_SOURCE=3 without a patch. We have to revert
+ # the upstream patch for it because it breaks Clang: bug #841770.
+ #
+ # Our toolchain sets F_S=2 by default w/ >= -O2, so we need
+ # to unset F_S first, then explicitly set 2, to negate any default
+ # and anything set by the user if they're choosing 3 (or if they've
+ # modified GCC to set 3).
+ #
+ if is-flagq '-O[23]' || is-flagq '-Ofast' ; then
+ # We can't unconditionally do this b/c we fortify needs
+ # some level of optimisation.
+ filter-flags -D_FORTIFY_SOURCE=3
+ append-cppflags -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
+ fi
+
+ python_setup
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=(
+ --localstatedir="${EPREFIX}/var"
+ -Dsupport-url="https://gentoo.org/support/"
+ -Dpamlibdir="$(getpam_mod_dir)"
+ # avoid bash-completion dep
+ -Dbashcompletiondir="$(get_bashcompdir)"
+ $(meson_use split-usr)
+ $(meson_use split-usr split-bin)
+ -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
+ -Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
+ # Avoid infinite exec recursion, bug 642724
+ -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+ # no deps
+ -Dima=true
+ -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
+ # Optional components/dependencies
+ $(meson_native_use_bool acl)
+ $(meson_native_use_bool apparmor)
+ $(meson_native_use_bool audit)
+ $(meson_native_use_bool cryptsetup libcryptsetup)
+ $(meson_native_use_bool curl libcurl)
+ $(meson_native_use_bool dns-over-tls dns-over-tls)
+ $(meson_native_use_bool elfutils)
+ $(meson_native_use_bool fido2 libfido2)
+ $(meson_use gcrypt)
+ $(meson_native_use_bool gnuefi gnu-efi)
+ $(meson_native_use_bool gnutls)
+ -Defi-includedir="${ESYSROOT}/usr/include/efi"
+ -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)"
+ $(meson_native_use_bool homed)
+ $(meson_native_use_bool http microhttpd)
+ $(meson_native_use_bool idn)
+ $(meson_native_use_bool importd)
+ $(meson_native_use_bool importd bzip2)
+ $(meson_native_use_bool importd zlib)
+ $(meson_native_use_bool kmod)
+ $(meson_use lz4)
+ $(meson_use lzma xz)
+ $(meson_use zstd)
+ $(meson_native_use_bool iptables libiptc)
+ $(meson_native_use_bool openssl)
+ $(meson_use pam)
+ $(meson_native_use_bool pkcs11 p11kit)
+ $(meson_native_use_bool pcre pcre2)
+ $(meson_native_use_bool policykit polkit)
+ $(meson_native_use_bool pwquality)
+ $(meson_native_use_bool qrcode qrencode)
+ $(meson_native_use_bool seccomp)
+ $(meson_native_use_bool selinux)
+ $(meson_native_use_bool tpm tpm2)
+ $(meson_native_use_bool test dbus)
+ $(meson_native_use_bool xkb xkbcommon)
+ -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+ # Breaks screen, tmux, etc.
+ -Ddefault-kill-user-processes=false
+ -Dcreate-log-dirs=false
+
+ # multilib options
+ $(meson_native_true backlight)
+ $(meson_native_true binfmt)
+ $(meson_native_true coredump)
+ $(meson_native_true environment-d)
+ $(meson_native_true firstboot)
+ $(meson_native_true hibernate)
+ $(meson_native_true hostnamed)
+ $(meson_native_true ldconfig)
+ $(meson_native_true localed)
+ $(meson_native_true man)
+ $(meson_native_true networkd)
+ $(meson_native_true quotacheck)
+ $(meson_native_true randomseed)
+ $(meson_native_true rfkill)
+ $(meson_native_true sysusers)
+ $(meson_native_true timedated)
+ $(meson_native_true timesyncd)
+ $(meson_native_true tmpfiles)
+ $(meson_native_true vconsole)
+ )
+
+ meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_test() {
+ unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
+ meson_src_test
+}
+
+multilib_src_install_all() {
+ local rootprefix=$(usex split-usr '' /usr)
+ local sbin=$(usex split-usr sbin bin)
+
+ # meson doesn't know about docdir
+ mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
+
+ einstalldocs
+ dodoc "${FILESDIR}"/nsswitch.conf
+
+ if ! use resolvconf; then
+ rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die
+ fi
+
+ rm "${ED}"/etc/init.d/README || die
+ rm "${ED}${rootprefix}"/lib/systemd/system-generators/systemd-sysv-generator || die
+
+ if ! use sysv-utils; then
+ rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
+ rm "${ED}"/usr/share/man/man1/init.1 || die
+ rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
+ fi
+
+ if ! use resolvconf && ! use sysv-utils && use split-usr; then
+ rmdir "${ED}${rootprefix}"/sbin || die
+ fi
+
+ # https://bugs.gentoo.org/761763
+ rm -r "${ED}"/usr/lib/sysusers.d || die
+
+ # Preserve empty dirs in /etc & /var, bug #437008
+ keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+ keepdir /etc/kernel/install.d
+ keepdir /etc/systemd/{network,system,user}
+ keepdir /etc/udev/rules.d
+
+ keepdir /etc/udev/hwdb.d
+
+ keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
+ keepdir /usr/lib/{binfmt.d,modules-load.d}
+ keepdir /usr/lib/systemd/user-generators
+ keepdir /var/lib/systemd
+ keepdir /var/log/journal
+
+ # Symlink /etc/sysctl.conf for easy migration.
+ dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf
+
+ if use pam; then
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
+
+ if use split-usr; then
+ # Avoid breaking boot/reboot
+ dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
+ dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
+ fi
+
+ gen_usr_ldscript -a systemd udev
+}
+
+migrate_locale() {
+ local envd_locale_def="${EROOT}/etc/env.d/02locale"
+ local envd_locale=( "${EROOT}"/etc/env.d/??locale )
+ local locale_conf="${EROOT}/etc/locale.conf"
+
+ if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+ # If locale.conf does not exist...
+ if [[ -e ${envd_locale} ]]; then
+ # ...either copy env.d/??locale if there's one
+ ebegin "Moving ${envd_locale} to ${locale_conf}"
+ mv "${envd_locale}" "${locale_conf}"
+ eend ${?} || FAIL=1
+ else
+ # ...or create a dummy default
+ ebegin "Creating ${locale_conf}"
+ cat > "${locale_conf}" <<-EOF
+ # This file has been created by the sys-apps/systemd ebuild.
+ # See locale.conf(5) and localectl(1).
+
+ # LANG=${LANG}
+ EOF
+ eend ${?} || FAIL=1
+ fi
+ fi
+
+ if [[ ! -L ${envd_locale} ]]; then
+ # now, if env.d/??locale is not a symlink (to locale.conf)...
+ if [[ -e ${envd_locale} ]]; then
+ # ...warn the user that he has duplicate locale settings
+ ewarn
+ ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+ ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+ ewarn "and create the symlink with the following command:"
+ ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+ ewarn
+ else
+ # ...or just create the symlink if there's nothing here
+ ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+ ln -n -s ../locale.conf "${envd_locale_def}"
+ eend ${?} || FAIL=1
+ fi
+ fi
+}
+
+pkg_preinst() {
+ if ! use split-usr; then
+ local dir
+ for dir in bin sbin lib; do
+ if [[ ! ${EROOT}/${dir} -ef ${EROOT}/usr/${dir} ]]; then
+ eerror "\"${EROOT}/${dir}\" and \"${EROOT}/usr/${dir}\" are not merged."
+ eerror "One of them should be a symbolic link to the other one."
+ FAIL=1
+ fi
+ done
+ if [[ ${FAIL} ]]; then
+ eerror "Migration to system layout with merged directories must be performed before"
+ eerror "rebuilding ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
+ die "System layout with split directories still used"
+ fi
+ fi
+}
+
+pkg_postinst() {
+ systemd_update_catalog
+
+ # Keep this here in case the database format changes so it gets updated
+ # when required.
+ systemd-hwdb --root="${ROOT}" update
+
+ udev_reload || FAIL=1
+
+ # Bug 465468, make sure locales are respected, and ensure consistency
+ # between OpenRC & systemd
+ migrate_locale
+
+ if [[ -z ${REPLACING_VERSIONS} ]]; then
+ if type systemctl &>/dev/null; then
+ systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
+ fi
+ elog "To enable a useful set of services, run the following:"
+ elog " systemctl preset-all --preset-mode=enable-only"
+ fi
+
+ if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
+ rm "${EROOT}/var/lib/systemd/timesync"
+ fi
+
+ if [[ ${FAIL} ]]; then
+ eerror "One of the postinst commands failed. Please check the postinst output"
+ eerror "for errors. You may need to clean up your system and/or try installing"
+ eerror "systemd again."
+ eerror
+ fi
+}
+
+pkg_prerm() {
+ # If removing systemd completely, remove the catalog database.
+ if [[ ! ${REPLACED_BY_VERSION} ]]; then
+ rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+ fi
+}