diff --git a/changelog/updates/2024-12-18-systemd-upgrade-from-255-to-256.md b/changelog/updates/2024-12-18-systemd-upgrade-from-255-to-256.md new file mode 100644 index 00000000000..1f176b4c1ad --- /dev/null +++ b/changelog/updates/2024-12-18-systemd-upgrade-from-255-to-256.md @@ -0,0 +1 @@ +- systemd ([256.9](https://github.com/systemd/system/releases/tag/v256.9) (from 255.8)) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-0.4.10-r23.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-0.4.10-r24.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-0.4.10-r23.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-0.4.10-r24.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-9999.ebuild index 9606b720bcd..85d1120695a 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-9999.ebuild @@ -7,7 +7,7 @@ EGIT_REPO_URI="https://github.com/flatcar/update_engine.git" if [[ "${PV}" == 9999 ]]; then KEYWORDS="~amd64 ~arm ~arm64 ~x86" else - EGIT_COMMIT="541576a4dcd56397597abef7d9ce4c539631ed65" # flatcar-master + EGIT_COMMIT="46e1984f2c91e3d14bad9323a6bf32a9c6662fbc" # flatcar-master KEYWORDS="amd64 arm64" fi diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest index 540b0427488..08c9ddc2930 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest @@ -1 +1 @@ -DIST systemd-stable-255.8.tar.gz 15070471 BLAKE2B b437404af7fd73ef527f80d9d14d46a781444103d1756c27494ecf2664c9c5efe1169c85b91148a3bf190dc7c5e31cf8d42a13c84102d101ea7e4a0570e8d719 SHA512 7692be761a393924669a90f6f343998a85707a9daa3ce169ce67f62ae2a39338c2c3496066b2659c6500849104fab0529fca5704a3eb32375f2f44131216d1f1 +DIST systemd-256.9.tar.gz 15774953 BLAKE2B caeff33d0906583094a44ab89fe9a9c1832a665f8cc768f86c55c5100bdd5c2b1500b2cd65e9519ef21d79bff92d1da3e84240793099a0e0c508afba3669c46e SHA512 aba7a0f7149fe3d28d9f930f244d5b997c28721e93e6f0768b0f0f1c918c87a0e8b7b347cffb2faa4740ca3ee3b04984454e85757365090a2cf32aba09f70681 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-networkd-default-to-kernel-IPForwarding-setting.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-networkd-default-to-kernel-IPForwarding-setting.patch deleted file mode 100644 index de0955b8018..00000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-networkd-default-to-kernel-IPForwarding-setting.patch +++ /dev/null @@ -1,24 +0,0 @@ -From e3fd50ec704b5d48e9d756c1cc5c40e72b7d1fa4 Mon Sep 17 00:00:00 2001 -From: Nick Owens -Date: Tue, 2 Jun 2015 18:22:32 -0700 -Subject: [PATCH 2/8] networkd: default to "kernel" IPForwarding setting - ---- - src/network/networkd-network.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c -index dcd3e5ae12..2ae481d1ec 100644 ---- a/src/network/networkd-network.c -+++ b/src/network/networkd-network.c -@@ -461,6 +461,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi - .link_local = _ADDRESS_FAMILY_INVALID, - .ipv6ll_address_gen_mode = _IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_INVALID, - -+ .ip_forward = _ADDRESS_FAMILY_INVALID, - .ipv4_accept_local = -1, - .ipv4_route_localnet = -1, - .ipv6_privacy_extensions = _IPV6_PRIVACY_EXTENSIONS_INVALID, --- -2.34.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0009-initrd-parse-etc.service.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0009-initrd-parse-etc.service.patch new file mode 100644 index 00000000000..e3f00be4e3f --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0009-initrd-parse-etc.service.patch @@ -0,0 +1,29 @@ +From 65e3f4e837001f6f00359a779b6c5801566aa750 Mon Sep 17 00:00:00 2001 +From: Adrian Vladu +Date: Wed, 25 Sep 2024 15:51:02 +0000 +Subject: [PATCH] Revert "Revert "initrd-parse-etc: override argv[0] to avoid + dracut issue"" + +This reverts commit 1c585a4ccda3258088d7bc27b27a314e7ed8be80. +--- + units/initrd-parse-etc.service.in | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/units/initrd-parse-etc.service.in b/units/initrd-parse-etc.service.in +index 1eef2bd9be..3dadab1123 100644 +--- a/units/initrd-parse-etc.service.in ++++ b/units/initrd-parse-etc.service.in +@@ -23,7 +23,9 @@ OnFailureJobMode=replace-irreversibly + [Service] + Type=oneshot + +-ExecStart={{LIBEXECDIR}}/systemd-sysroot-fstab-check ++# FIXME: once dracut is patched to install the symlink, change to: ++# ExecStart={{LIBEXECDIR}}/systemd-sysroot-fstab-check ++ExecStart=@{{SYSTEM_GENERATOR_DIR}}/systemd-fstab-generator systemd-sysroot-fstab-check + + # We want to enqueue initrd-cleanup.service/start after we finished the part + # above. It can't be part of the initial transaction, because non-oneshot units +-- +2.34.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/256-bpf-gcc.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/256-bpf-gcc.patch new file mode 100644 index 00000000000..0570695d397 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/256-bpf-gcc.patch @@ -0,0 +1,26 @@ +https://github.com/systemd/systemd/commit/dde6f1d7456db7aa72d24b1d6956b419b6f9945c + +From dde6f1d7456db7aa72d24b1d6956b419b6f9945c Mon Sep 17 00:00:00 2001 +From: Sam James +Date: Sat, 24 Aug 2024 13:09:47 +0100 +Subject: [PATCH] meson: search for 'bpf-unknown-none' too + +We currently search for 'bpf-gcc' and 'bpf-none-gcc'. Gentoo's +sys-devel/bpf-toolchain package uses 'bpf-unknown-none-gcc', as does Fedora's +cross-binutils. Search for this name too. +--- + meson.build | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/meson.build b/meson.build +index 5e0b666c64b17..fbc2bbdf2f22f 100644 +--- a/meson.build ++++ b/meson.build +@@ -1109,6 +1109,7 @@ else + elif bpf_compiler == 'gcc' + bpf_gcc = find_program('bpf-gcc', + 'bpf-none-gcc', ++ 'bpf-unknown-none-gcc', + required : true, + version : '>= 13.1.0') + bpf_gcc_found = bpf_gcc.found() diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-255.8.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9.ebuild similarity index 95% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-255.8.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9.ebuild index 270e534ef83..92489ad0a18 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-255.8.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=8 -PYTHON_COMPAT=( python3_{10..12} ) +PYTHON_COMPAT=( python3_{10..13} ) # Avoid QA warnings TMPFILES_OPTIONAL=1 @@ -14,15 +14,10 @@ if [[ ${PV} == 9999 ]]; then EGIT_REPO_URI="https://github.com/systemd/systemd.git" inherit git-r3 else - if [[ ${PV} == *.* ]]; then - MY_PN=systemd-stable - else - MY_PN=systemd - fi MY_PV=${PV/_/-} - MY_P=${MY_PN}-${MY_PV} + MY_P=${PN}-${MY_PV} S=${WORKDIR}/${MY_P} - SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" + SRC_URI="https://github.com/systemd/${PN}/archive/refs/tags/v${MY_PV}.tar.gz -> ${MY_P}.tar.gz" if [[ ${PV} != *rc* ]] ; then # Flatcar: mark as stable @@ -34,12 +29,12 @@ inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-singl inherit secureboot systemd tmpfiles toolchain-funcs udev DESCRIPTION="System and service manager for Linux" -HOMEPAGE="http://systemd.io/" +HOMEPAGE="https://systemd.io/" LICENSE="GPL-2 LGPL-2.1 MIT public-domain" SLOT="0/2" IUSE=" - acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils + acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd @@ -65,6 +60,7 @@ COMMON_DEPEND=" acl? ( sys-apps/acl:0= ) apparmor? ( >=sys-libs/libapparmor-2.13:0= ) audit? ( >=sys-process/audit-2:0= ) + bpf? ( >=dev-libs/libbpf-1.4.0:0= ) cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) curl? ( >=net-misc/curl-7.32.0:0= ) elfutils? ( >=dev-libs/elfutils-0.158:0= ) @@ -148,11 +144,11 @@ RDEPEND="${COMMON_DEPEND} ) sysv-utils? ( !sys-apps/openrc[sysv-utils(-)] + !sys-apps/openrc-navi[sysv-utils(-)] !sys-apps/sysvinit ) !sysv-utils? ( sys-apps/sysvinit ) resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] !sys-auth/nss-myhostname !sys-fs/eudev !sys-fs/udev @@ -171,6 +167,10 @@ BDEPEND=" >=sys-apps/coreutils-8.16 sys-devel/gettext virtual/pkgconfig + bpf? ( + dev-util/bpftool + sys-devel/bpf-toolchain + ) test? ( app-text/tree dev-lang/perl @@ -211,6 +211,7 @@ pkg_pretend() { ~!SYSFS_DEPRECATED_V2" use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" + use bpf && CONFIG_CHECK+=" ~BPF ~BPF_SYSCALL ~BPF_LSM ~DEBUG_INFO_BTF" use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" if kernel_is -ge 5 10 20; then @@ -256,21 +257,19 @@ src_unpack() { src_prepare() { local PATCHES=( "${FILESDIR}/systemd-test-process-util.patch" + "${FILESDIR}/256-bpf-gcc.patch" # Flatcar: Adding our own patches here. "${FILESDIR}/0001-wait-online-set-any-by-default.patch" - "${FILESDIR}/0002-networkd-default-to-kernel-IPForwarding-setting.patch" "${FILESDIR}/0003-needs-update-don-t-require-strictly-newer-usr.patch" "${FILESDIR}/0004-core-use-max-for-DefaultTasksMax.patch" "${FILESDIR}/0005-systemd-Disable-SELinux-permissions-checks.patch" "${FILESDIR}/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch" "${FILESDIR}/0007-units-Keep-using-old-journal-file-format.patch" - # Flatcar: This can be dropped when updating to 256. - "${FILESDIR}/0008-sysext-Mutable-overlays.patch" + "${FILESDIR}/0009-initrd-parse-etc.service.patch" ) if ! use vanilla; then PATCHES+=( - "${FILESDIR}/gentoo-generator-path-r2.patch" "${FILESDIR}/gentoo-journald-audit-r1.patch" ) fi @@ -335,11 +334,8 @@ multilib_src_configure() { # Disable compatibility with sysvinit -Dsysvinit-path= -Dsysvrcnd-path= - # Avoid infinite exec recursion, bug 642724 - -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" # no deps -Dima=true - -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) # Match /etc/shells, bug 919749 -Ddebug-shell="${EPREFIX}/bin/sh" -Ddefault-user-shell="${EPREFIX}/bin/bash" @@ -348,6 +344,8 @@ multilib_src_configure() { $(meson_native_use_bool apparmor) $(meson_native_use_bool audit) $(meson_native_use_bool boot bootloader) + $(meson_native_use_bool bpf bpf-framework) + -Dbpf-compiler=gcc $(meson_native_use_bool cryptsetup libcryptsetup) $(meson_native_use_bool curl libcurl) $(meson_native_use_bool dns-over-tls dns-over-tls) @@ -447,6 +445,14 @@ multilib_src_configure() { -Ddefault-mdns=no ) + case $(tc-arch) in + amd64|arm|arm64|ppc|ppc64|s390|x86) + # src/vmspawn/vmspawn-util.h: QEMU_MACHINE_TYPE + myconf+=( $(meson_native_enabled vmspawn) ) ;; + *) + myconf+=( -Dvmspawn=disabled ) ;; + esac + meson_src_configure "${myconf[@]}" } @@ -504,7 +510,11 @@ multilib_src_install_all() { # keepdir /var/log/journal # if use pam; then - # newpamd "${FILESDIR}"/systemd-user.pam systemd-user + # if use selinux; then + # newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + # else + # newpamd "${FILESDIR}"/systemd-user.pam systemd-user + # fi # fi if use kernel-install; then diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r34.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r35.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r34.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r35.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild index edf2ceed2b0..f73d84bb9f8 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild @@ -7,7 +7,7 @@ EGIT_REPO_URI="https://github.com/flatcar/bootengine.git" if [[ "${PV}" == 9999 ]]; then KEYWORDS="~amd64 ~arm ~arm64 ~x86" else - EGIT_COMMIT="c9de038b73621165f81573c77ca0d0c2f9e886db" # flatcar-master + EGIT_COMMIT="229e279c1e1e480ccbfb33f254c23068941b1518" # flatcar-master KEYWORDS="amd64 arm arm64 x86" fi