From ca868e8a04612c9e8f4444afd54f1c05a9df08e5 Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Wed, 23 Oct 2024 14:09:51 +0000 Subject: [PATCH 1/8] sys-apps/systemd: Sync with Gentoo It's from Gentoo commit 473b0997ba121fcc629f94a480238f8e664f900d --- .../coreos-overlay/sys-apps/systemd/Manifest | 2 +- .../sys-apps/systemd/files/256-bpf-gcc.patch | 26 ++ ...temd-255.8.ebuild => systemd-256.7.ebuild} | 348 ++++-------------- 3 files changed, 107 insertions(+), 269 deletions(-) create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/256-bpf-gcc.patch rename sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/{systemd-255.8.ebuild => systemd-256.7.ebuild} (54%) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest index 540b0427488..a8594971d6f 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest @@ -1 +1 @@ -DIST systemd-stable-255.8.tar.gz 15070471 BLAKE2B b437404af7fd73ef527f80d9d14d46a781444103d1756c27494ecf2664c9c5efe1169c85b91148a3bf190dc7c5e31cf8d42a13c84102d101ea7e4a0570e8d719 SHA512 7692be761a393924669a90f6f343998a85707a9daa3ce169ce67f62ae2a39338c2c3496066b2659c6500849104fab0529fca5704a3eb32375f2f44131216d1f1 +DIST systemd-256.7.tar.gz 15672532 BLAKE2B d718b7bcbf9c3583953a9fa82319f04b32d17c5b7539a49b9999881bd8cea7fd9a06f252d763170613a6cd0fd2535762b233cba74eb87764f662c4bdf2d8c1da SHA512 2ff3805a7d97780a716b23ddeea3722a85aba6326ecee527e53e9d35510a0ffa5ec0bf0cdbf8f3409bb9c6832406916f63eb7e8305db5f67c284e5590c642422 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/256-bpf-gcc.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/256-bpf-gcc.patch new file mode 100644 index 00000000000..0570695d397 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/256-bpf-gcc.patch @@ -0,0 +1,26 @@ +https://github.com/systemd/systemd/commit/dde6f1d7456db7aa72d24b1d6956b419b6f9945c + +From dde6f1d7456db7aa72d24b1d6956b419b6f9945c Mon Sep 17 00:00:00 2001 +From: Sam James +Date: Sat, 24 Aug 2024 13:09:47 +0100 +Subject: [PATCH] meson: search for 'bpf-unknown-none' too + +We currently search for 'bpf-gcc' and 'bpf-none-gcc'. Gentoo's +sys-devel/bpf-toolchain package uses 'bpf-unknown-none-gcc', as does Fedora's +cross-binutils. Search for this name too. +--- + meson.build | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/meson.build b/meson.build +index 5e0b666c64b17..fbc2bbdf2f22f 100644 +--- a/meson.build ++++ b/meson.build +@@ -1109,6 +1109,7 @@ else + elif bpf_compiler == 'gcc' + bpf_gcc = find_program('bpf-gcc', + 'bpf-none-gcc', ++ 'bpf-unknown-none-gcc', + required : true, + version : '>= 13.1.0') + bpf_gcc_found = bpf_gcc.found() diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-255.8.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.7.ebuild similarity index 54% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-255.8.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.7.ebuild index 270e534ef83..323be45e828 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-255.8.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.7.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=8 -PYTHON_COMPAT=( python3_{10..12} ) +PYTHON_COMPAT=( python3_{10..13} ) # Avoid QA warnings TMPFILES_OPTIONAL=1 @@ -14,32 +14,26 @@ if [[ ${PV} == 9999 ]]; then EGIT_REPO_URI="https://github.com/systemd/systemd.git" inherit git-r3 else - if [[ ${PV} == *.* ]]; then - MY_PN=systemd-stable - else - MY_PN=systemd - fi MY_PV=${PV/_/-} - MY_P=${MY_PN}-${MY_PV} + MY_P=${PN}-${MY_PV} S=${WORKDIR}/${MY_P} - SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" + SRC_URI="https://github.com/systemd/${PN}/archive/refs/tags/v${MY_PV}.tar.gz -> ${MY_P}.tar.gz" if [[ ${PV} != *rc* ]] ; then - # Flatcar: mark as stable - KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" fi fi inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1 -inherit secureboot systemd tmpfiles toolchain-funcs udev +inherit secureboot systemd toolchain-funcs udev DESCRIPTION="System and service manager for Linux" -HOMEPAGE="http://systemd.io/" +HOMEPAGE="https://systemd.io/" LICENSE="GPL-2 LGPL-2.1 MIT public-domain" SLOT="0/2" IUSE=" - acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils + acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd @@ -65,6 +59,7 @@ COMMON_DEPEND=" acl? ( sys-apps/acl:0= ) apparmor? ( >=sys-libs/libapparmor-2.13:0= ) audit? ( >=sys-process/audit-2:0= ) + bpf? ( >=dev-libs/libbpf-1.4.0:0= ) cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) curl? ( >=net-misc/curl-7.32.0:0= ) elfutils? ( >=dev-libs/elfutils-0.158:0= ) @@ -102,14 +97,6 @@ DEPEND="${COMMON_DEPEND} PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' # baselayout-2.2 has /run -# -# Flatcar: Drop sec-policy/selinux-ntp from deps (under selinux use -# flag). The image stage fails with "Failed to resolve -# typeattributeset statement at -# /var/lib/selinux/mcs/tmp/modules/400/ntp/cil:120" -# -# Flatcar: Added a dep on sys-apps/kbd. It provides a loadkeys binary -# needed by dracut's systemd-vconsole-setup module. RDEPEND="${COMMON_DEPEND} >=acct-group/adm-0-r1 >=acct-group/wheel-0-r1 @@ -138,21 +125,21 @@ RDEPEND="${COMMON_DEPEND} >=acct-user/systemd-resolve-0-r1 >=acct-user/systemd-timesync-0-r1 >=sys-apps/baselayout-2.2 - sys-apps/kbd ukify? ( ${PYTHON_DEPS} $(python_gen_cond_dep "${PEFILE_DEPEND}") ) selinux? ( sec-policy/selinux-base-policy[systemd] + sec-policy/selinux-ntp ) sysv-utils? ( !sys-apps/openrc[sysv-utils(-)] + !sys-apps/openrc-navi[sysv-utils(-)] !sys-apps/sysvinit ) !sysv-utils? ( sys-apps/sysvinit ) resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] !sys-auth/nss-myhostname !sys-fs/eudev !sys-fs/udev @@ -171,6 +158,10 @@ BDEPEND=" >=sys-apps/coreutils-8.16 sys-devel/gettext virtual/pkgconfig + bpf? ( + dev-util/bpftool + sys-devel/bpf-toolchain + ) test? ( app-text/tree dev-lang/perl @@ -194,13 +185,38 @@ BDEPEND=" QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" QA_EXECSTACK="usr/lib/systemd/boot/efi/*" +check_cgroup_layout() { + # https://bugs.gentoo.org/935261 + [[ ${MERGE_TYPE} != buildonly ]] || return + [[ -z ${ROOT} ]] || return + [[ -e /sys/fs/cgroup/unified ]] || return + grep -q 'SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1' /proc/cmdline && return + + eerror "This system appears to be booted with the 'hybrid' cgroup layout." + eerror "This layout obsolete and is disabled in systemd." + + if grep -qF 'systemd.unified_cgroup_hierarchy'; then + eerror "Remove the systemd.unified_cgroup_hierarchy option" + eerror "from the kernel command line and reboot." + die "hybrid cgroup layout detected" + fi +} + pkg_pretend() { - # Flatcar: We keep using split-usr for SDK. - # if use split-usr; then - # eerror "Please complete the migration to merged-usr." - # eerror "https://wiki.gentoo.org/wiki/Merge-usr" - # die "systemd no longer supports split-usr" - # fi + if use split-usr; then + eerror "Please complete the migration to merged-usr." + eerror "https://wiki.gentoo.org/wiki/Merge-usr" + die "systemd no longer supports split-usr" + fi + + check_cgroup_layout + + if use cgroup-hybrid; then + eerror "Disable the 'cgroup-hybrid' USE flag." + eerror "Rebuild any initramfs images after rebuilding systemd." + die "cgroup-hybrid is no longer supported" + fi + if [[ ${MERGE_TYPE} != buildonly ]]; then local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE @@ -211,6 +227,7 @@ pkg_pretend() { ~!SYSFS_DEPRECATED_V2" use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" + use bpf && CONFIG_CHECK+=" ~BPF ~BPF_SYSCALL ~BPF_LSM ~DEBUG_INFO_BTF" use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" if kernel_is -ge 5 10 20; then @@ -256,42 +273,15 @@ src_unpack() { src_prepare() { local PATCHES=( "${FILESDIR}/systemd-test-process-util.patch" - # Flatcar: Adding our own patches here. - "${FILESDIR}/0001-wait-online-set-any-by-default.patch" - "${FILESDIR}/0002-networkd-default-to-kernel-IPForwarding-setting.patch" - "${FILESDIR}/0003-needs-update-don-t-require-strictly-newer-usr.patch" - "${FILESDIR}/0004-core-use-max-for-DefaultTasksMax.patch" - "${FILESDIR}/0005-systemd-Disable-SELinux-permissions-checks.patch" - "${FILESDIR}/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch" - "${FILESDIR}/0007-units-Keep-using-old-journal-file-format.patch" - # Flatcar: This can be dropped when updating to 256. - "${FILESDIR}/0008-sysext-Mutable-overlays.patch" + "${FILESDIR}/256-bpf-gcc.patch" ) if ! use vanilla; then PATCHES+=( - "${FILESDIR}/gentoo-generator-path-r2.patch" "${FILESDIR}/gentoo-journald-audit-r1.patch" ) fi - # Fails with split-usr. - sed -i -e '2i exit 77' test/test-rpm-macros.sh || die - - # Flatcar: The Kubelet takes /etc/resolv.conf for, e.g., - # CoreDNS which has dnsPolicy "default", but unless the - # kubelet --resolv-conf flag is set to point to - # /run/systemd/resolve/resolv.conf this won't work with - # /etc/resolv.conf pointing to - # /run/systemd/resolve/stub-resolv.conf which configures - # 127.0.0.53. See - # https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/#known-issues - # This means that users who need split DNS to work should - # point /etc/resolv.conf back to - # /run/systemd/resolve/stub-resolv.conf (and if using K8s - # configure the kubelet resolvConf variable/--resolv-conf flag - # to /run/systemd/resolve/resolv.conf). - sed -i -e 's,/run/systemd/resolve/stub-resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/systemd-resolve.conf || die default } @@ -304,42 +294,21 @@ src_configure() { multilib-minimal_src_configure } -# Flatcar: Our function, we use it in some places below. -get_rootprefix() { - usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr" -} - multilib_src_configure() { local myconf=( --localstatedir="${EPREFIX}/var" # default is developer, bug 918671 -Dmode=release - # Flatcar: Point to our user mailing list. - -Dsupport-url="https://groups.google.com/forum/#!forum/flatcar-linux-user" + -Dsupport-url="https://gentoo.org/support/" -Dpamlibdir="$(getpam_mod_dir)" # avoid bash-completion dep -Dbashcompletiondir="$(get_bashcompdir)" - # Flatcar: We keep using split-usr in SDK. - $(meson_use split-usr) - # Flatcar: Always set split-bin to true, we always - # have separate bin and sbin directories - -Dsplit-bin=true - # Flatcar: Use get_rootprefix. No functional change - # from upstream, just refactoring the common code used - # in some places. - # - # TODO: Drop -Drootprefix and -Drootlibdir we get rid - # of split-usr in SDK - -Drootprefix="$(get_rootprefix)" - -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" + -Dsplit-bin=false # Disable compatibility with sysvinit -Dsysvinit-path= -Dsysvrcnd-path= - # Avoid infinite exec recursion, bug 642724 - -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" # no deps -Dima=true - -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) # Match /etc/shells, bug 919749 -Ddebug-shell="${EPREFIX}/bin/sh" -Ddefault-user-shell="${EPREFIX}/bin/bash" @@ -348,6 +317,8 @@ multilib_src_configure() { $(meson_native_use_bool apparmor) $(meson_native_use_bool audit) $(meson_native_use_bool boot bootloader) + $(meson_native_use_bool bpf bpf-framework) + -Dbpf-compiler=gcc $(meson_native_use_bool cryptsetup libcryptsetup) $(meson_native_use_bool curl libcurl) $(meson_native_use_bool dns-over-tls dns-over-tls) @@ -381,11 +352,9 @@ multilib_src_configure() { $(meson_native_use_bool test dbus) $(meson_native_use_bool ukify) $(meson_native_use_bool xkb xkbcommon) - # Flatcar: Use our ntp servers. - -Dntp-servers="0.flatcar.pool.ntp.org 1.flatcar.pool.ntp.org 2.flatcar.pool.ntp.org 3.flatcar.pool.ntp.org" + -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" # Breaks screen, tmux, etc. -Ddefault-kill-user-processes=false - # Flatcar: TODO: Investigate if we want this. -Dcreate-log-dirs=false # multilib options @@ -408,45 +377,16 @@ multilib_src_configure() { $(meson_native_true timesyncd) $(meson_native_true tmpfiles) $(meson_native_true vconsole) - $(meson_native_enabled vmspawn) - # Flatcar: Specify this, or meson breaks due to no - # /etc/login.defs. - -Dsystem-gid-max=999 - -Dsystem-uid-max=999 - - # Flatcar: DBus paths. - -Ddbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services" - -Ddbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services" - - # Flatcar: PAM config directory. - -Dpamconfdir=/usr/share/pam.d - - # Flatcar: The CoreOS epoch, Mon Jul 1 00:00:00 UTC - # 2013. Used by timesyncd as a sanity check for the - # minimum acceptable time. Explicitly set to avoid - # using the current build time. - -Dtime-epoch=1372636800 - - # Flatcar: No default name servers. - -Ddns-servers= - - # Flatcar: Disable the "First Boot Wizard", it isn't - # very applicable to us. - -Dfirstboot=false - - # Flatcar: Set latest network interface naming scheme - # for https://github.com/flatcar/Flatcar/issues/36 - -Ddefault-net-naming-scheme=latest - - # Flatcar: Combined log format: name plus description - -Dstatus-unit-format-default=combined - - # Flatcar: Unported options, still needed? - -Dquotaon-path=/usr/sbin/quotaon - -Dquotacheck-path=/usr/sbin/quotacheck - -Ddefault-mdns=no ) + case $(tc-arch) in + amd64|arm|arm64|ppc|ppc64|s390|x86) + # src/vmspawn/vmspawn-util.h: QEMU_MACHINE_TYPE + myconf+=( $(meson_native_enabled vmspawn) ) ;; + *) + myconf+=( -Dvmspawn=disabled ) ;; + esac + meson_src_configure "${myconf[@]}" } @@ -467,9 +407,7 @@ multilib_src_install_all() { mv "${ED}"/usr/share/doc/{systemd,${PF}} || die einstalldocs - # Flatcar: Do not install sample nsswitch.conf, we don't - # provide it. - # dodoc "${FILESDIR}"/nsswitch.conf + dodoc "${FILESDIR}"/nsswitch.conf insinto /usr/lib/tmpfiles.d doins "${FILESDIR}"/legacy.conf @@ -487,8 +425,6 @@ multilib_src_install_all() { # https://bugs.gentoo.org/761763 rm -r "${ED}"/usr/lib/sysusers.d || die - # Flatcar: Upstream uses keepdir commands to keep some empty - # directories. We use tmpfiles. # Preserve empty dirs in /etc & /var, bug #437008 keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} keepdir /etc/kernel/install.d @@ -497,134 +433,29 @@ multilib_src_install_all() { keepdir /etc/udev/hwdb.d - # keepdir /usr/lib/systemd/{system-sleep,system-shutdown} - # keepdir /usr/lib/{binfmt.d,modules-load.d} - # keepdir /usr/lib/systemd/user-generators - # keepdir /var/lib/systemd - # keepdir /var/log/journal + keepdir /usr/lib/systemd/{system-sleep,system-shutdown} + keepdir /usr/lib/{binfmt.d,modules-load.d} + keepdir /usr/lib/systemd/user-generators + keepdir /var/lib/systemd + keepdir /var/log/journal - # if use pam; then - # newpamd "${FILESDIR}"/systemd-user.pam systemd-user - # fi + if use pam; then + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi + fi if use kernel-install; then # Dummy config, remove to make room for sys-kernel/installkernel rm "${ED}/usr/lib/kernel/install.conf" || die fi - # Flatcar: Ensure journal directory has correct ownership/mode - # in inital image. This is fixed by systemd-tmpfiles *but* - # journald starts before that and will create the journal if - # the filesystem is already read-write. Conveniently the - # systemd Makefile sets this up completely wrong. - # - # Flatcar: TODO: Is this still a problem? - dodir /var/log/journal - fowners root:systemd-journal /var/log/journal - fperms 2755 /var/log/journal - - # Flatcar: Don't prune systemd dirs. - dotmpfiles "${FILESDIR}"/systemd-flatcar.conf - # Flatcar: Add tmpfiles rule for resolv.conf. This path has - # changed after v213 so it must be handled here instead of - # baselayout now. - dotmpfiles "${FILESDIR}"/systemd-resolv.conf - - # Flatcar: Don't default to graphical.target. - local unitdir=$(builddir_systemd_get_systemunitdir) - dosym multi-user.target "${unitdir}"/default.target - - # Flatcar: Don't set any extra environment variables by default. - rm "${ED}/usr/lib/environment.d/99-environment.conf" || die - - # Flatcar: These lines more or less follow the systemd's - # preset file (90-systemd.preset). We do it that way, to avoid - # putting symlinks in /etc. Please keep the lines in the same - # order as the "enable" lines appear in the preset file. For a - # single enable line in preset, there may be more lines if the - # unit file had Also: clause which has units we enable here - # too. - - # Flatcar: enable remote-fs.target - builddir_systemd_enable_service multi-user.target remote-fs.target - # Flatcar: enable remote-cryptsetup.target - if use cryptsetup; then - builddir_systemd_enable_service multi-user.target remote-cryptsetup.target - fi - # Flatcar: enable machines.target - builddir_systemd_enable_service multi-user.target machines.target - # Flatcar: enable getty@.service - dodir "${unitdir}/getty.target.wants" - dosym ../getty@.service "${unitdir}/getty.target.wants/getty@tty1.service" - # Flatcar: enable systemd-timesyncd.service - builddir_systemd_enable_service sysinit.target systemd-timesyncd.service - # Flatcar: enable systemd-networkd.service (Also: systemd-networkd.socket, systemd-networkd-wait-online.service) - builddir_systemd_enable_service multi-user.target systemd-networkd.service - builddir_systemd_enable_service sockets.target systemd-networkd.socket - builddir_systemd_enable_service network-online.target systemd-networkd-wait-online.service - # Flatcar: enable systemd-network-generator.service - builddir_systemd_enable_service sysinit.target systemd-network-generator.service - # Flatcar: enable systemd-resolved.service - builddir_systemd_enable_service multi-user.target systemd-resolved.service - # Flatcar: enable systemd-homed.service (Also: systemd-userdbd.service [not enabled - has no WantedBy entry]) - if use homed; then - builddir_systemd_enable_service multi-user.target systemd-homed.target - fi - # Flatcar: enable systemd-userdbd.socket - builddir_systemd_enable_service sockets.target systemd-userdbd.socket - # Flatcar: enable systemd-pstore.service - builddir_systemd_enable_service sysinit.target systemd-pstore.service - # Flatcar: enable systemd-boot-update.service - if use boot; then - builddir_systemd_enable_service sysinit.target systemd-boot-update.service - fi - # Flatcar: enable reboot.target (not enabled - has no WantedBy - # entry) - - # Flatcar: enable systemd-sysext.service by default - builddir_systemd_enable_service sysinit.target systemd-sysext.service - - # Flatcar: Use an empty preset file, because systemctl - # preset-all puts symlinks in /etc, not in /usr. We don't use - # /etc, because it is not autoupdated. We do the "preset" above. - rm "${ED}/usr/lib/systemd/system-preset/90-systemd.preset" || die - insinto /usr/lib/systemd/system-preset - doins "${FILESDIR}"/99-default.preset - - # Flatcar: Do not ship distro-specific files (nsswitch.conf - # pam.d). This conflicts with our own configuration provided - # by baselayout. - rm -rf "${ED}"/usr/share/factory - sed -i "${ED}"/usr/lib/tmpfiles.d/etc.conf \ - -e '/^C!* \/etc\/nsswitch\.conf/d' \ - -e '/^C!* \/etc\/pam\.d/d' \ - -e '/^C!* \/etc\/issue/d' use ukify && python_fix_shebang "${ED}" use boot && secureboot_auto_sign } -# Flatcar: Our own version of systemd_get_systemunitdir, that returns -# a path inside /usr, not /etc. -builddir_systemd_get_systemunitdir() { - echo "$(get_rootprefix)/lib/systemd/system" -} - -# Flatcar: Our own version of systemd_enable_service, that does -# operations inside /usr, not /etc. -builddir_systemd_enable_service() { - local target=${1} - local service=${2} - local ud=$(builddir_systemd_get_systemunitdir) - local destname=${service##*/} - - dodir "${ud}"/"${target}".wants && \ - dosym ../"${service}" "${ud}"/"${target}".wants/"${destname}" - - if use boot; then - python_fix_shebang "${ED}" - secureboot_auto_sign - fi -} migrate_locale() { local envd_locale_def="${EROOT}/etc/env.d/02locale" local envd_locale=( "${EROOT}"/etc/env.d/??locale ) @@ -675,23 +506,6 @@ pkg_preinst() { dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf fi - # Flatcar: This used to be in upstream ebuild, but now it's - # gone. We should drop it once we get rid of split-usr in SDK. - if ! use split-usr; then - local dir - # Flatcar: We still use separate bin and sbin, so drop usr/sbin from the list. - for dir in bin sbin lib; do - if [[ ! -L ${EROOT}/${dir} ]]; then - eerror "'${EROOT}/${dir}' is not a symbolic link." - FAIL=1 - fi - done - if [[ ${FAIL} ]]; then - eerror "Migration to system layout with merged directories must be performed before" - eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage." - die "System layout with split directories still used" - fi - fi if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then ewarn "The 'gnuefi' USE flag has been renamed to 'boot'." ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot." @@ -711,15 +525,13 @@ pkg_postinst() { # between OpenRC & systemd migrate_locale - # Flatcar: We enable getty and remote-fs targets in /usr - # ourselves above. - # if [[ -z ${REPLACING_VERSIONS} ]]; then - # if type systemctl &>/dev/null; then - # systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 - # fi - # elog "To enable a useful set of services, run the following:" - # elog " systemctl preset-all --preset-mode=enable-only" - # fi + if [[ -z ${REPLACING_VERSIONS} ]]; then + if type systemctl &>/dev/null; then + systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 + fi + elog "To enable a useful set of services, run the following:" + elog " systemctl preset-all --preset-mode=enable-only" + fi if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then rm "${EROOT}/var/lib/systemd/timesync" From 3279f8c322a04123b204661fe76410631a76c890 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Tue, 23 Jul 2024 09:28:24 +0000 Subject: [PATCH 2/8] overlay sys-apps/systemd: Apply Flatcar modifications Signed-off-by: Adrian Vladu --- .../coreos-overlay/sys-apps/systemd/Manifest | 2 +- ...temd-256.7.ebuild => systemd-256.9.ebuild} | 314 ++++++++++++++---- 2 files changed, 258 insertions(+), 58 deletions(-) rename sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/{systemd-256.7.ebuild => systemd-256.9.ebuild} (57%) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest index a8594971d6f..08c9ddc2930 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest @@ -1 +1 @@ -DIST systemd-256.7.tar.gz 15672532 BLAKE2B d718b7bcbf9c3583953a9fa82319f04b32d17c5b7539a49b9999881bd8cea7fd9a06f252d763170613a6cd0fd2535762b233cba74eb87764f662c4bdf2d8c1da SHA512 2ff3805a7d97780a716b23ddeea3722a85aba6326ecee527e53e9d35510a0ffa5ec0bf0cdbf8f3409bb9c6832406916f63eb7e8305db5f67c284e5590c642422 +DIST systemd-256.9.tar.gz 15774953 BLAKE2B caeff33d0906583094a44ab89fe9a9c1832a665f8cc768f86c55c5100bdd5c2b1500b2cd65e9519ef21d79bff92d1da3e84240793099a0e0c508afba3669c46e SHA512 aba7a0f7149fe3d28d9f930f244d5b997c28721e93e6f0768b0f0f1c918c87a0e8b7b347cffb2faa4740ca3ee3b04984454e85757365090a2cf32aba09f70681 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.7.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9.ebuild similarity index 57% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.7.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9.ebuild index 323be45e828..c2acd0224f4 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.7.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9.ebuild @@ -20,12 +20,13 @@ else SRC_URI="https://github.com/systemd/${PN}/archive/refs/tags/v${MY_PV}.tar.gz -> ${MY_P}.tar.gz" if [[ ${PV} != *rc* ]] ; then - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" + # Flatcar: mark as stable + KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" fi fi inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1 -inherit secureboot systemd toolchain-funcs udev +inherit secureboot systemd tmpfiles toolchain-funcs udev DESCRIPTION="System and service manager for Linux" HOMEPAGE="https://systemd.io/" @@ -97,6 +98,14 @@ DEPEND="${COMMON_DEPEND} PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]' # baselayout-2.2 has /run +# +# Flatcar: Drop sec-policy/selinux-ntp from deps (under selinux use +# flag). The image stage fails with "Failed to resolve +# typeattributeset statement at +# /var/lib/selinux/mcs/tmp/modules/400/ntp/cil:120" +# +# Flatcar: Added a dep on sys-apps/kbd. It provides a loadkeys binary +# needed by dracut's systemd-vconsole-setup module. RDEPEND="${COMMON_DEPEND} >=acct-group/adm-0-r1 >=acct-group/wheel-0-r1 @@ -125,13 +134,13 @@ RDEPEND="${COMMON_DEPEND} >=acct-user/systemd-resolve-0-r1 >=acct-user/systemd-timesync-0-r1 >=sys-apps/baselayout-2.2 + sys-apps/kbd ukify? ( ${PYTHON_DEPS} $(python_gen_cond_dep "${PEFILE_DEPEND}") ) selinux? ( sec-policy/selinux-base-policy[systemd] - sec-policy/selinux-ntp ) sysv-utils? ( !sys-apps/openrc[sysv-utils(-)] @@ -185,38 +194,13 @@ BDEPEND=" QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" QA_EXECSTACK="usr/lib/systemd/boot/efi/*" -check_cgroup_layout() { - # https://bugs.gentoo.org/935261 - [[ ${MERGE_TYPE} != buildonly ]] || return - [[ -z ${ROOT} ]] || return - [[ -e /sys/fs/cgroup/unified ]] || return - grep -q 'SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1' /proc/cmdline && return - - eerror "This system appears to be booted with the 'hybrid' cgroup layout." - eerror "This layout obsolete and is disabled in systemd." - - if grep -qF 'systemd.unified_cgroup_hierarchy'; then - eerror "Remove the systemd.unified_cgroup_hierarchy option" - eerror "from the kernel command line and reboot." - die "hybrid cgroup layout detected" - fi -} - pkg_pretend() { - if use split-usr; then - eerror "Please complete the migration to merged-usr." - eerror "https://wiki.gentoo.org/wiki/Merge-usr" - die "systemd no longer supports split-usr" - fi - - check_cgroup_layout - - if use cgroup-hybrid; then - eerror "Disable the 'cgroup-hybrid' USE flag." - eerror "Rebuild any initramfs images after rebuilding systemd." - die "cgroup-hybrid is no longer supported" - fi - + # Flatcar: We keep using split-usr for SDK. + # if use split-usr; then + # eerror "Please complete the migration to merged-usr." + # eerror "https://wiki.gentoo.org/wiki/Merge-usr" + # die "systemd no longer supports split-usr" + # fi if [[ ${MERGE_TYPE} != buildonly ]]; then local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE @@ -274,6 +258,16 @@ src_prepare() { local PATCHES=( "${FILESDIR}/systemd-test-process-util.patch" "${FILESDIR}/256-bpf-gcc.patch" + # Flatcar: Adding our own patches here. + "${FILESDIR}/0001-wait-online-set-any-by-default.patch" + "${FILESDIR}/0002-networkd-default-to-kernel-IPForwarding-setting.patch" + "${FILESDIR}/0003-needs-update-don-t-require-strictly-newer-usr.patch" + "${FILESDIR}/0004-core-use-max-for-DefaultTasksMax.patch" + "${FILESDIR}/0005-systemd-Disable-SELinux-permissions-checks.patch" + "${FILESDIR}/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch" + "${FILESDIR}/0007-units-Keep-using-old-journal-file-format.patch" + # Flatcar: This can be dropped when updating to 256. + "${FILESDIR}/0008-sysext-Mutable-overlays.patch" ) if ! use vanilla; then @@ -282,6 +276,23 @@ src_prepare() { ) fi + # Fails with split-usr. + sed -i -e '2i exit 77' test/test-rpm-macros.sh || die + + # Flatcar: The Kubelet takes /etc/resolv.conf for, e.g., + # CoreDNS which has dnsPolicy "default", but unless the + # kubelet --resolv-conf flag is set to point to + # /run/systemd/resolve/resolv.conf this won't work with + # /etc/resolv.conf pointing to + # /run/systemd/resolve/stub-resolv.conf which configures + # 127.0.0.53. See + # https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/#known-issues + # This means that users who need split DNS to work should + # point /etc/resolv.conf back to + # /run/systemd/resolve/stub-resolv.conf (and if using K8s + # configure the kubelet resolvConf variable/--resolv-conf flag + # to /run/systemd/resolve/resolv.conf). + sed -i -e 's,/run/systemd/resolve/stub-resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/systemd-resolve.conf || die default } @@ -294,16 +305,34 @@ src_configure() { multilib-minimal_src_configure } +# Flatcar: Our function, we use it in some places below. +get_rootprefix() { + usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr" +} + multilib_src_configure() { local myconf=( --localstatedir="${EPREFIX}/var" # default is developer, bug 918671 -Dmode=release - -Dsupport-url="https://gentoo.org/support/" + # Flatcar: Point to our user mailing list. + -Dsupport-url="https://groups.google.com/forum/#!forum/flatcar-linux-user" -Dpamlibdir="$(getpam_mod_dir)" # avoid bash-completion dep -Dbashcompletiondir="$(get_bashcompdir)" - -Dsplit-bin=false + # Flatcar: We keep using split-usr in SDK. + $(meson_use split-usr) + # Flatcar: Always set split-bin to true, we always + # have separate bin and sbin directories + -Dsplit-bin=true + # Flatcar: Use get_rootprefix. No functional change + # from upstream, just refactoring the common code used + # in some places. + # + # TODO: Drop -Drootprefix and -Drootlibdir we get rid + # of split-usr in SDK + -Drootprefix="$(get_rootprefix)" + -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" # Disable compatibility with sysvinit -Dsysvinit-path= -Dsysvrcnd-path= @@ -352,9 +381,11 @@ multilib_src_configure() { $(meson_native_use_bool test dbus) $(meson_native_use_bool ukify) $(meson_native_use_bool xkb xkbcommon) - -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" + # Flatcar: Use our ntp servers. + -Dntp-servers="0.flatcar.pool.ntp.org 1.flatcar.pool.ntp.org 2.flatcar.pool.ntp.org 3.flatcar.pool.ntp.org" # Breaks screen, tmux, etc. -Ddefault-kill-user-processes=false + # Flatcar: TODO: Investigate if we want this. -Dcreate-log-dirs=false # multilib options @@ -377,6 +408,43 @@ multilib_src_configure() { $(meson_native_true timesyncd) $(meson_native_true tmpfiles) $(meson_native_true vconsole) + $(meson_native_enabled vmspawn) + # Flatcar: Specify this, or meson breaks due to no + # /etc/login.defs. + -Dsystem-gid-max=999 + -Dsystem-uid-max=999 + + # Flatcar: DBus paths. + -Ddbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services" + -Ddbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services" + + # Flatcar: PAM config directory. + -Dpamconfdir=/usr/share/pam.d + + # Flatcar: The CoreOS epoch, Mon Jul 1 00:00:00 UTC + # 2013. Used by timesyncd as a sanity check for the + # minimum acceptable time. Explicitly set to avoid + # using the current build time. + -Dtime-epoch=1372636800 + + # Flatcar: No default name servers. + -Ddns-servers= + + # Flatcar: Disable the "First Boot Wizard", it isn't + # very applicable to us. + -Dfirstboot=false + + # Flatcar: Set latest network interface naming scheme + # for https://github.com/flatcar/Flatcar/issues/36 + -Ddefault-net-naming-scheme=latest + + # Flatcar: Combined log format: name plus description + -Dstatus-unit-format-default=combined + + # Flatcar: Unported options, still needed? + -Dquotaon-path=/usr/sbin/quotaon + -Dquotacheck-path=/usr/sbin/quotacheck + -Ddefault-mdns=no ) case $(tc-arch) in @@ -407,7 +475,9 @@ multilib_src_install_all() { mv "${ED}"/usr/share/doc/{systemd,${PF}} || die einstalldocs - dodoc "${FILESDIR}"/nsswitch.conf + # Flatcar: Do not install sample nsswitch.conf, we don't + # provide it. + # dodoc "${FILESDIR}"/nsswitch.conf insinto /usr/lib/tmpfiles.d doins "${FILESDIR}"/legacy.conf @@ -425,6 +495,8 @@ multilib_src_install_all() { # https://bugs.gentoo.org/761763 rm -r "${ED}"/usr/lib/sysusers.d || die + # Flatcar: Upstream uses keepdir commands to keep some empty + # directories. We use tmpfiles. # Preserve empty dirs in /etc & /var, bug #437008 keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} keepdir /etc/kernel/install.d @@ -433,29 +505,138 @@ multilib_src_install_all() { keepdir /etc/udev/hwdb.d - keepdir /usr/lib/systemd/{system-sleep,system-shutdown} - keepdir /usr/lib/{binfmt.d,modules-load.d} - keepdir /usr/lib/systemd/user-generators - keepdir /var/lib/systemd - keepdir /var/log/journal + # keepdir /usr/lib/systemd/{system-sleep,system-shutdown} + # keepdir /usr/lib/{binfmt.d,modules-load.d} + # keepdir /usr/lib/systemd/user-generators + # keepdir /var/lib/systemd + # keepdir /var/log/journal - if use pam; then - if use selinux; then - newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user - else - newpamd "${FILESDIR}"/systemd-user.pam systemd-user - fi - fi + # if use pam; then + # if use selinux; then + # newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + # else + # newpamd "${FILESDIR}"/systemd-user.pam systemd-user + # fi + # fi if use kernel-install; then # Dummy config, remove to make room for sys-kernel/installkernel rm "${ED}/usr/lib/kernel/install.conf" || die fi + # Flatcar: Ensure journal directory has correct ownership/mode + # in inital image. This is fixed by systemd-tmpfiles *but* + # journald starts before that and will create the journal if + # the filesystem is already read-write. Conveniently the + # systemd Makefile sets this up completely wrong. + # + # Flatcar: TODO: Is this still a problem? + dodir /var/log/journal + fowners root:systemd-journal /var/log/journal + fperms 2755 /var/log/journal + + # Flatcar: Don't prune systemd dirs. + dotmpfiles "${FILESDIR}"/systemd-flatcar.conf + # Flatcar: Add tmpfiles rule for resolv.conf. This path has + # changed after v213 so it must be handled here instead of + # baselayout now. + dotmpfiles "${FILESDIR}"/systemd-resolv.conf + + # Flatcar: Don't default to graphical.target. + local unitdir=$(builddir_systemd_get_systemunitdir) + dosym multi-user.target "${unitdir}"/default.target + + # Flatcar: Don't set any extra environment variables by default. + rm "${ED}/usr/lib/environment.d/99-environment.conf" || die + + # Flatcar: These lines more or less follow the systemd's + # preset file (90-systemd.preset). We do it that way, to avoid + # putting symlinks in /etc. Please keep the lines in the same + # order as the "enable" lines appear in the preset file. For a + # single enable line in preset, there may be more lines if the + # unit file had Also: clause which has units we enable here + # too. + + # Flatcar: enable remote-fs.target + builddir_systemd_enable_service multi-user.target remote-fs.target + # Flatcar: enable remote-cryptsetup.target + if use cryptsetup; then + builddir_systemd_enable_service multi-user.target remote-cryptsetup.target + fi + # Flatcar: enable machines.target + builddir_systemd_enable_service multi-user.target machines.target + # Flatcar: enable getty@.service + dodir "${unitdir}/getty.target.wants" + dosym ../getty@.service "${unitdir}/getty.target.wants/getty@tty1.service" + # Flatcar: enable systemd-timesyncd.service + builddir_systemd_enable_service sysinit.target systemd-timesyncd.service + # Flatcar: enable systemd-networkd.service (Also: systemd-networkd.socket, systemd-networkd-wait-online.service) + builddir_systemd_enable_service multi-user.target systemd-networkd.service + builddir_systemd_enable_service sockets.target systemd-networkd.socket + builddir_systemd_enable_service network-online.target systemd-networkd-wait-online.service + # Flatcar: enable systemd-network-generator.service + builddir_systemd_enable_service sysinit.target systemd-network-generator.service + # Flatcar: enable systemd-resolved.service + builddir_systemd_enable_service multi-user.target systemd-resolved.service + # Flatcar: enable systemd-homed.service (Also: systemd-userdbd.service [not enabled - has no WantedBy entry]) + if use homed; then + builddir_systemd_enable_service multi-user.target systemd-homed.target + fi + # Flatcar: enable systemd-userdbd.socket + builddir_systemd_enable_service sockets.target systemd-userdbd.socket + # Flatcar: enable systemd-pstore.service + builddir_systemd_enable_service sysinit.target systemd-pstore.service + # Flatcar: enable systemd-boot-update.service + if use boot; then + builddir_systemd_enable_service sysinit.target systemd-boot-update.service + fi + # Flatcar: enable reboot.target (not enabled - has no WantedBy + # entry) + + # Flatcar: enable systemd-sysext.service by default + builddir_systemd_enable_service sysinit.target systemd-sysext.service + + # Flatcar: Use an empty preset file, because systemctl + # preset-all puts symlinks in /etc, not in /usr. We don't use + # /etc, because it is not autoupdated. We do the "preset" above. + rm "${ED}/usr/lib/systemd/system-preset/90-systemd.preset" || die + insinto /usr/lib/systemd/system-preset + doins "${FILESDIR}"/99-default.preset + + # Flatcar: Do not ship distro-specific files (nsswitch.conf + # pam.d). This conflicts with our own configuration provided + # by baselayout. + rm -rf "${ED}"/usr/share/factory + sed -i "${ED}"/usr/lib/tmpfiles.d/etc.conf \ + -e '/^C!* \/etc\/nsswitch\.conf/d' \ + -e '/^C!* \/etc\/pam\.d/d' \ + -e '/^C!* \/etc\/issue/d' use ukify && python_fix_shebang "${ED}" use boot && secureboot_auto_sign } +# Flatcar: Our own version of systemd_get_systemunitdir, that returns +# a path inside /usr, not /etc. +builddir_systemd_get_systemunitdir() { + echo "$(get_rootprefix)/lib/systemd/system" +} + +# Flatcar: Our own version of systemd_enable_service, that does +# operations inside /usr, not /etc. +builddir_systemd_enable_service() { + local target=${1} + local service=${2} + local ud=$(builddir_systemd_get_systemunitdir) + local destname=${service##*/} + + dodir "${ud}"/"${target}".wants && \ + dosym ../"${service}" "${ud}"/"${target}".wants/"${destname}" + + if use boot; then + python_fix_shebang "${ED}" + secureboot_auto_sign + fi +} migrate_locale() { local envd_locale_def="${EROOT}/etc/env.d/02locale" local envd_locale=( "${EROOT}"/etc/env.d/??locale ) @@ -506,6 +687,23 @@ pkg_preinst() { dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf fi + # Flatcar: This used to be in upstream ebuild, but now it's + # gone. We should drop it once we get rid of split-usr in SDK. + if ! use split-usr; then + local dir + # Flatcar: We still use separate bin and sbin, so drop usr/sbin from the list. + for dir in bin sbin lib; do + if [[ ! -L ${EROOT}/${dir} ]]; then + eerror "'${EROOT}/${dir}' is not a symbolic link." + FAIL=1 + fi + done + if [[ ${FAIL} ]]; then + eerror "Migration to system layout with merged directories must be performed before" + eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage." + die "System layout with split directories still used" + fi + fi if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then ewarn "The 'gnuefi' USE flag has been renamed to 'boot'." ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot." @@ -525,13 +723,15 @@ pkg_postinst() { # between OpenRC & systemd migrate_locale - if [[ -z ${REPLACING_VERSIONS} ]]; then - if type systemctl &>/dev/null; then - systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 - fi - elog "To enable a useful set of services, run the following:" - elog " systemctl preset-all --preset-mode=enable-only" - fi + # Flatcar: We enable getty and remote-fs targets in /usr + # ourselves above. + # if [[ -z ${REPLACING_VERSIONS} ]]; then + # if type systemctl &>/dev/null; then + # systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 + # fi + # elog "To enable a useful set of services, run the following:" + # elog " systemctl preset-all --preset-mode=enable-only" + # fi if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then rm "${EROOT}/var/lib/systemd/timesync" From 4b4182da3939cf91a76c543caa0b0c05e143b886 Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Tue, 23 Jul 2024 14:27:25 +0300 Subject: [PATCH 3/8] sys-apps/systemd: remove unncessary patches --- .../coreos-overlay/sys-apps/systemd/systemd-256.9.ebuild | 3 --- 1 file changed, 3 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9.ebuild index c2acd0224f4..f466fb3fb3e 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9.ebuild @@ -260,14 +260,11 @@ src_prepare() { "${FILESDIR}/256-bpf-gcc.patch" # Flatcar: Adding our own patches here. "${FILESDIR}/0001-wait-online-set-any-by-default.patch" - "${FILESDIR}/0002-networkd-default-to-kernel-IPForwarding-setting.patch" "${FILESDIR}/0003-needs-update-don-t-require-strictly-newer-usr.patch" "${FILESDIR}/0004-core-use-max-for-DefaultTasksMax.patch" "${FILESDIR}/0005-systemd-Disable-SELinux-permissions-checks.patch" "${FILESDIR}/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch" "${FILESDIR}/0007-units-Keep-using-old-journal-file-format.patch" - # Flatcar: This can be dropped when updating to 256. - "${FILESDIR}/0008-sysext-Mutable-overlays.patch" ) if ! use vanilla; then From 97ad5436efca910899bda52ca9e6d509a1d06cad Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Thu, 26 Sep 2024 07:33:26 +0000 Subject: [PATCH 4/8] sys-apps/systemd: revert systemd patch 1c585a4ccda3258088d7bc27b27a314e7ed8be80 --- .../files/0009-initrd-parse-etc.service.patch | 29 +++++++++++++++++++ .../sys-apps/systemd/systemd-256.9.ebuild | 1 + 2 files changed, 30 insertions(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0009-initrd-parse-etc.service.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0009-initrd-parse-etc.service.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0009-initrd-parse-etc.service.patch new file mode 100644 index 00000000000..e3f00be4e3f --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0009-initrd-parse-etc.service.patch @@ -0,0 +1,29 @@ +From 65e3f4e837001f6f00359a779b6c5801566aa750 Mon Sep 17 00:00:00 2001 +From: Adrian Vladu +Date: Wed, 25 Sep 2024 15:51:02 +0000 +Subject: [PATCH] Revert "Revert "initrd-parse-etc: override argv[0] to avoid + dracut issue"" + +This reverts commit 1c585a4ccda3258088d7bc27b27a314e7ed8be80. +--- + units/initrd-parse-etc.service.in | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/units/initrd-parse-etc.service.in b/units/initrd-parse-etc.service.in +index 1eef2bd9be..3dadab1123 100644 +--- a/units/initrd-parse-etc.service.in ++++ b/units/initrd-parse-etc.service.in +@@ -23,7 +23,9 @@ OnFailureJobMode=replace-irreversibly + [Service] + Type=oneshot + +-ExecStart={{LIBEXECDIR}}/systemd-sysroot-fstab-check ++# FIXME: once dracut is patched to install the symlink, change to: ++# ExecStart={{LIBEXECDIR}}/systemd-sysroot-fstab-check ++ExecStart=@{{SYSTEM_GENERATOR_DIR}}/systemd-fstab-generator systemd-sysroot-fstab-check + + # We want to enqueue initrd-cleanup.service/start after we finished the part + # above. It can't be part of the initial transaction, because non-oneshot units +-- +2.34.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9.ebuild index f466fb3fb3e..92489ad0a18 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9.ebuild @@ -265,6 +265,7 @@ src_prepare() { "${FILESDIR}/0005-systemd-Disable-SELinux-permissions-checks.patch" "${FILESDIR}/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch" "${FILESDIR}/0007-units-Keep-using-old-journal-file-format.patch" + "${FILESDIR}/0009-initrd-parse-etc.service.patch" ) if ! use vanilla; then From b2fd2c68554e81c92431711238f35f0687f1f725 Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Tue, 17 Dec 2024 09:42:16 +0000 Subject: [PATCH 5/8] bootengine: use latest upstream Use https://github.com/flatcar/bootengine/pull/101, that fixes systemd 256 Ignition quirk. See: https://github.com/coreos/fedora-coreos-config/commit/44d0ff881956c019cea0d8ede9fc5f03938b0436 --- ...ootengine-0.0.38-r34.ebuild => bootengine-0.0.38-r35.ebuild} | 0 .../coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/{bootengine-0.0.38-r34.ebuild => bootengine-0.0.38-r35.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r34.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r35.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r34.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r35.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild index edf2ceed2b0..f73d84bb9f8 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild @@ -7,7 +7,7 @@ EGIT_REPO_URI="https://github.com/flatcar/bootengine.git" if [[ "${PV}" == 9999 ]]; then KEYWORDS="~amd64 ~arm ~arm64 ~x86" else - EGIT_COMMIT="c9de038b73621165f81573c77ca0d0c2f9e886db" # flatcar-master + EGIT_COMMIT="229e279c1e1e480ccbfb33f254c23068941b1518" # flatcar-master KEYWORDS="amd64 arm arm64 x86" fi From e8996b1b79f37250678454aa37024d25a81fcbdd Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Tue, 17 Dec 2024 14:47:01 +0000 Subject: [PATCH 6/8] sys-apps/systemd: remove the networkd-default-to-kernel-IPForwarding-setting.patch According to https://github.com/systemd/systemd-stable/blob/v256/src/network/networkd-network.c#L470, the forwarding settings have changed on systemd 256. From the discussions upstream, if a systemd is configured to manage an interface, it will manage it completely, and it will set that interface to not forward packets by default. From the current systemd code, it would be easy to either enable the forwarding or disable it, but there does not seem to be a way now to inherit it from the sysctl / kernel implementation. --- ...fault-to-kernel-IPForwarding-setting.patch | 24 ------------------- 1 file changed, 24 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-networkd-default-to-kernel-IPForwarding-setting.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-networkd-default-to-kernel-IPForwarding-setting.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-networkd-default-to-kernel-IPForwarding-setting.patch deleted file mode 100644 index de0955b8018..00000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-networkd-default-to-kernel-IPForwarding-setting.patch +++ /dev/null @@ -1,24 +0,0 @@ -From e3fd50ec704b5d48e9d756c1cc5c40e72b7d1fa4 Mon Sep 17 00:00:00 2001 -From: Nick Owens -Date: Tue, 2 Jun 2015 18:22:32 -0700 -Subject: [PATCH 2/8] networkd: default to "kernel" IPForwarding setting - ---- - src/network/networkd-network.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c -index dcd3e5ae12..2ae481d1ec 100644 ---- a/src/network/networkd-network.c -+++ b/src/network/networkd-network.c -@@ -461,6 +461,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi - .link_local = _ADDRESS_FAMILY_INVALID, - .ipv6ll_address_gen_mode = _IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_INVALID, - -+ .ip_forward = _ADDRESS_FAMILY_INVALID, - .ipv4_accept_local = -1, - .ipv4_route_localnet = -1, - .ipv6_privacy_extensions = _IPV6_PRIVACY_EXTENSIONS_INVALID, --- -2.34.1 - From 6ee1d50d5f5eddb9e0561bf1baafd2282452b73c Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Wed, 18 Dec 2024 09:33:51 +0000 Subject: [PATCH 7/8] sys-apps/systemd: add changelog 255.8 -> 256.9 --- changelog/updates/2024-12-18-systemd-upgrade-from-255-to-256.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog/updates/2024-12-18-systemd-upgrade-from-255-to-256.md diff --git a/changelog/updates/2024-12-18-systemd-upgrade-from-255-to-256.md b/changelog/updates/2024-12-18-systemd-upgrade-from-255-to-256.md new file mode 100644 index 00000000000..1f176b4c1ad --- /dev/null +++ b/changelog/updates/2024-12-18-systemd-upgrade-from-255-to-256.md @@ -0,0 +1 @@ +- systemd ([256.9](https://github.com/systemd/system/releases/tag/v256.9) (from 255.8)) From 089df8894ebb74b407d6146cc4b4f7d9b403a2f9 Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Wed, 18 Dec 2024 10:06:49 +0000 Subject: [PATCH 8/8] coreos-base/update_engine: fail upgrade if cgroupv1 is enabled See: https://github.com/flatcar/update_engine/pull/41 --- ...engine-0.4.10-r23.ebuild => update_engine-0.4.10-r24.ebuild} | 0 .../coreos-base/update_engine/update_engine-9999.ebuild | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/{update_engine-0.4.10-r23.ebuild => update_engine-0.4.10-r24.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-0.4.10-r23.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-0.4.10-r24.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-0.4.10-r23.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-0.4.10-r24.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-9999.ebuild index 9606b720bcd..85d1120695a 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-9999.ebuild @@ -7,7 +7,7 @@ EGIT_REPO_URI="https://github.com/flatcar/update_engine.git" if [[ "${PV}" == 9999 ]]; then KEYWORDS="~amd64 ~arm ~arm64 ~x86" else - EGIT_COMMIT="541576a4dcd56397597abef7d9ce4c539631ed65" # flatcar-master + EGIT_COMMIT="46e1984f2c91e3d14bad9323a6bf32a9c6662fbc" # flatcar-master KEYWORDS="amd64 arm64" fi