1 |
commit: 6d6384e102e34db05c2897b20d63587173f141c5 |
2 |
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Jun 28 17:01:09 2017 +0000 |
4 |
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Jun 28 17:01:44 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d6384e1 |
7 |
|
8 |
sys-apps/systemd: backport fix for CVE-2017-9445 |
9 |
|
10 |
Bug: https://bugs.gentoo.org/622874 |
11 |
Package-Manager: Portage-2.3.6_p9, Repoman-2.3.2_p77 |
12 |
|
13 |
sys-apps/systemd/files/233-CVE-2017-9445.patch | 178 ++++++++++ |
14 |
sys-apps/systemd/systemd-233-r2.ebuild | 460 +++++++++++++++++++++++++ |
15 |
2 files changed, 638 insertions(+) |
16 |
|
17 |
diff --git a/sys-apps/systemd/files/233-CVE-2017-9445.patch b/sys-apps/systemd/files/233-CVE-2017-9445.patch |
18 |
new file mode 100644 |
19 |
index 00000000000..a05c41f47b6 |
20 |
--- /dev/null |
21 |
+++ b/sys-apps/systemd/files/233-CVE-2017-9445.patch |
22 |
@@ -0,0 +1,178 @@ |
23 |
+From 29bb43cc46412366fc939c66331a916de07bfac4 Mon Sep 17 00:00:00 2001 |
24 |
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@××××××.pl> |
25 |
+Date: Sun, 18 Jun 2017 16:07:57 -0400 |
26 |
+Subject: [PATCH 1/4] resolved: simplify alloc size calculation |
27 |
+ |
28 |
+The allocation size was calculated in a complicated way, and for values |
29 |
+close to the page size we would actually allocate less than requested. |
30 |
+ |
31 |
+Reported by Chris Coulson <chris.coulson@×××××××××.com>. |
32 |
+ |
33 |
+CVE-2017-9445 |
34 |
+--- |
35 |
+ src/resolve/resolved-dns-packet.c | 8 +------- |
36 |
+ src/resolve/resolved-dns-packet.h | 2 -- |
37 |
+ 2 files changed, 1 insertion(+), 9 deletions(-) |
38 |
+ |
39 |
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c |
40 |
+index 652970284..2034e3c8c 100644 |
41 |
+--- a/src/resolve/resolved-dns-packet.c |
42 |
++++ b/src/resolve/resolved-dns-packet.c |
43 |
+@@ -47,13 +47,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) { |
44 |
+ |
45 |
+ assert(ret); |
46 |
+ |
47 |
+- if (mtu <= UDP_PACKET_HEADER_SIZE) |
48 |
+- a = DNS_PACKET_SIZE_START; |
49 |
+- else |
50 |
+- a = mtu - UDP_PACKET_HEADER_SIZE; |
51 |
+- |
52 |
+- if (a < DNS_PACKET_HEADER_SIZE) |
53 |
+- a = DNS_PACKET_HEADER_SIZE; |
54 |
++ a = MAX(mtu, DNS_PACKET_HEADER_SIZE); |
55 |
+ |
56 |
+ /* round up to next page size */ |
57 |
+ a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket)); |
58 |
+diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h |
59 |
+index 2c92392e4..3abcaf8cf 100644 |
60 |
+--- a/src/resolve/resolved-dns-packet.h |
61 |
++++ b/src/resolve/resolved-dns-packet.h |
62 |
+@@ -66,8 +66,6 @@ struct DnsPacketHeader { |
63 |
+ /* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */ |
64 |
+ #define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096 |
65 |
+ |
66 |
+-#define DNS_PACKET_SIZE_START 512 |
67 |
+- |
68 |
+ struct DnsPacket { |
69 |
+ int n_ref; |
70 |
+ DnsProtocol protocol; |
71 |
+-- |
72 |
+2.13.1 |
73 |
+ |
74 |
+ |
75 |
+From cd3d8a7ebc01cd6913eaa9a591f7d606038a7588 Mon Sep 17 00:00:00 2001 |
76 |
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@××××××.pl> |
77 |
+Date: Tue, 27 Jun 2017 14:20:00 -0400 |
78 |
+Subject: [PATCH 2/4] resolved: do not allocate packets with minimum size |
79 |
+ |
80 |
+dns_packet_new() is sometimes called with mtu == 0, and in that case we should |
81 |
+allocate more than the absolute minimum (which is the dns packet header size), |
82 |
+otherwise we have to resize immediately again after appending the first data to |
83 |
+the packet. |
84 |
+ |
85 |
+This partially reverts the previous commit. |
86 |
+--- |
87 |
+ src/resolve/resolved-dns-packet.c | 12 +++++++++++- |
88 |
+ 1 file changed, 11 insertions(+), 1 deletion(-) |
89 |
+ |
90 |
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c |
91 |
+index 2034e3c8c..9d806ab33 100644 |
92 |
+--- a/src/resolve/resolved-dns-packet.c |
93 |
++++ b/src/resolve/resolved-dns-packet.c |
94 |
+@@ -28,6 +28,9 @@ |
95 |
+ |
96 |
+ #define EDNS0_OPT_DO (1<<15) |
97 |
+ |
98 |
++#define DNS_PACKET_SIZE_START 512 |
99 |
++assert_cc(DNS_PACKET_SIZE_START > UDP_PACKET_HEADER_SIZE) |
100 |
++ |
101 |
+ typedef struct DnsPacketRewinder { |
102 |
+ DnsPacket *packet; |
103 |
+ size_t saved_rindex; |
104 |
+@@ -47,7 +50,14 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) { |
105 |
+ |
106 |
+ assert(ret); |
107 |
+ |
108 |
+- a = MAX(mtu, DNS_PACKET_HEADER_SIZE); |
109 |
++ /* When dns_packet_new() is called with mtu == 0, allocate more than the |
110 |
++ * absolute minimum (which is the dns packet header size), to avoid |
111 |
++ * resizing immediately again after appending the first data to the packet. |
112 |
++ */ |
113 |
++ if (mtu < UDP_PACKET_HEADER_SIZE) |
114 |
++ a = DNS_PACKET_SIZE_START; |
115 |
++ else |
116 |
++ a = MAX(mtu, DNS_PACKET_HEADER_SIZE); |
117 |
+ |
118 |
+ /* round up to next page size */ |
119 |
+ a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket)); |
120 |
+-- |
121 |
+2.13.1 |
122 |
+ |
123 |
+ |
124 |
+From a03fc1acd66d23e239f2545e9a6887c7d0aad7c5 Mon Sep 17 00:00:00 2001 |
125 |
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@××××××.pl> |
126 |
+Date: Tue, 27 Jun 2017 16:59:06 -0400 |
127 |
+Subject: [PATCH 3/4] resolved: define various packet sizes as unsigned |
128 |
+ |
129 |
+This seems like the right thing to do, and apparently at least some compilers |
130 |
+warn about signed/unsigned comparisons with DNS_PACKET_SIZE_MAX. |
131 |
+--- |
132 |
+ src/resolve/resolved-dns-packet.c | 2 +- |
133 |
+ src/resolve/resolved-dns-packet.h | 6 +++--- |
134 |
+ 2 files changed, 4 insertions(+), 4 deletions(-) |
135 |
+ |
136 |
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c |
137 |
+index 9d806ab33..e2285b440 100644 |
138 |
+--- a/src/resolve/resolved-dns-packet.c |
139 |
++++ b/src/resolve/resolved-dns-packet.c |
140 |
+@@ -28,7 +28,7 @@ |
141 |
+ |
142 |
+ #define EDNS0_OPT_DO (1<<15) |
143 |
+ |
144 |
+-#define DNS_PACKET_SIZE_START 512 |
145 |
++#define DNS_PACKET_SIZE_START 512u |
146 |
+ assert_cc(DNS_PACKET_SIZE_START > UDP_PACKET_HEADER_SIZE) |
147 |
+ |
148 |
+ typedef struct DnsPacketRewinder { |
149 |
+diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h |
150 |
+index 3abcaf8cf..5dff272fd 100644 |
151 |
+--- a/src/resolve/resolved-dns-packet.h |
152 |
++++ b/src/resolve/resolved-dns-packet.h |
153 |
+@@ -58,13 +58,13 @@ struct DnsPacketHeader { |
154 |
+ /* The various DNS protocols deviate in how large a packet can grow, |
155 |
+ but the TCP transport has a 16bit size field, hence that appears to |
156 |
+ be the absolute maximum. */ |
157 |
+-#define DNS_PACKET_SIZE_MAX 0xFFFF |
158 |
++#define DNS_PACKET_SIZE_MAX 0xFFFFu |
159 |
+ |
160 |
+ /* RFC 1035 say 512 is the maximum, for classic unicast DNS */ |
161 |
+-#define DNS_PACKET_UNICAST_SIZE_MAX 512 |
162 |
++#define DNS_PACKET_UNICAST_SIZE_MAX 512u |
163 |
+ |
164 |
+ /* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */ |
165 |
+-#define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096 |
166 |
++#define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096u |
167 |
+ |
168 |
+ struct DnsPacket { |
169 |
+ int n_ref; |
170 |
+-- |
171 |
+2.13.1 |
172 |
+ |
173 |
+ |
174 |
+From 415871d88e0c44acf8b90dc07245809087a65d2c Mon Sep 17 00:00:00 2001 |
175 |
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@××××××.pl> |
176 |
+Date: Wed, 28 Jun 2017 12:24:37 -0400 |
177 |
+Subject: [PATCH 4/4] resolved: drop unnecessary comparison (#6220) |
178 |
+ |
179 |
+mtu is always greater than UDP_PACKET_HEADER_SIZE at this point. |
180 |
+Pointed out by Benjamin Robin. |
181 |
+--- |
182 |
+ src/resolve/resolved-dns-packet.c | 2 +- |
183 |
+ 1 file changed, 1 insertion(+), 1 deletion(-) |
184 |
+ |
185 |
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c |
186 |
+index e2285b440..738d4cc8f 100644 |
187 |
+--- a/src/resolve/resolved-dns-packet.c |
188 |
++++ b/src/resolve/resolved-dns-packet.c |
189 |
+@@ -57,7 +57,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) { |
190 |
+ if (mtu < UDP_PACKET_HEADER_SIZE) |
191 |
+ a = DNS_PACKET_SIZE_START; |
192 |
+ else |
193 |
+- a = MAX(mtu, DNS_PACKET_HEADER_SIZE); |
194 |
++ a = mtu; |
195 |
+ |
196 |
+ /* round up to next page size */ |
197 |
+ a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket)); |
198 |
+-- |
199 |
+2.13.1 |
200 |
+ |
201 |
|
202 |
diff --git a/sys-apps/systemd/systemd-233-r2.ebuild b/sys-apps/systemd/systemd-233-r2.ebuild |
203 |
new file mode 100644 |
204 |
index 00000000000..b529b98afb8 |
205 |
--- /dev/null |
206 |
+++ b/sys-apps/systemd/systemd-233-r2.ebuild |
207 |
@@ -0,0 +1,460 @@ |
208 |
+# Copyright 1999-2017 Gentoo Foundation |
209 |
+# Distributed under the terms of the GNU General Public License v2 |
210 |
+ |
211 |
+EAPI=6 |
212 |
+ |
213 |
+if [[ ${PV} == 9999 ]]; then |
214 |
+ EGIT_REPO_URI="https://github.com/systemd/systemd.git" |
215 |
+ inherit git-r3 |
216 |
+else |
217 |
+ SRC_URI="https://github.com/systemd/systemd/archive/v${PV}.tar.gz -> ${P}.tar.gz |
218 |
+ !doc? ( https://dev.gentoo.org/~floppym/dist/${P}-man.tar.gz )" |
219 |
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86" |
220 |
+fi |
221 |
+ |
222 |
+PYTHON_COMPAT=( python{3_4,3_5,3_6} ) |
223 |
+ |
224 |
+inherit autotools bash-completion-r1 linux-info multilib-minimal pam python-any-r1 systemd toolchain-funcs udev user |
225 |
+ |
226 |
+DESCRIPTION="System and service manager for Linux" |
227 |
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd" |
228 |
+ |
229 |
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain" |
230 |
+SLOT="0/2" |
231 |
+IUSE="acl apparmor audit build cryptsetup curl doc elfutils +gcrypt gnuefi http |
232 |
+ idn importd +kmod +lz4 lzma nat pam policykit |
233 |
+ qrcode +seccomp selinux ssl sysv-utils test vanilla xkb" |
234 |
+ |
235 |
+REQUIRED_USE="importd? ( curl gcrypt lzma )" |
236 |
+ |
237 |
+MINKV="3.11" |
238 |
+ |
239 |
+COMMON_DEPEND=">=sys-apps/util-linux-2.27.1:0=[${MULTILIB_USEDEP}] |
240 |
+ sys-libs/libcap:0=[${MULTILIB_USEDEP}] |
241 |
+ !<sys-libs/glibc-2.16 |
242 |
+ acl? ( sys-apps/acl:0= ) |
243 |
+ apparmor? ( sys-libs/libapparmor:0= ) |
244 |
+ audit? ( >=sys-process/audit-2:0= ) |
245 |
+ cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= ) |
246 |
+ curl? ( net-misc/curl:0= ) |
247 |
+ elfutils? ( >=dev-libs/elfutils-0.158:0= ) |
248 |
+ gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) |
249 |
+ http? ( |
250 |
+ >=net-libs/libmicrohttpd-0.9.33:0= |
251 |
+ ssl? ( >=net-libs/gnutls-3.1.4:0= ) |
252 |
+ ) |
253 |
+ idn? ( net-dns/libidn:0= ) |
254 |
+ importd? ( |
255 |
+ app-arch/bzip2:0= |
256 |
+ sys-libs/zlib:0= |
257 |
+ ) |
258 |
+ kmod? ( >=sys-apps/kmod-15:0= ) |
259 |
+ lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) |
260 |
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) |
261 |
+ nat? ( net-firewall/iptables:0= ) |
262 |
+ pam? ( virtual/pam:=[${MULTILIB_USEDEP}] ) |
263 |
+ qrcode? ( media-gfx/qrencode:0= ) |
264 |
+ seccomp? ( >=sys-libs/libseccomp-2.3.1:0= ) |
265 |
+ selinux? ( sys-libs/libselinux:0= ) |
266 |
+ sysv-utils? ( |
267 |
+ !sys-apps/systemd-sysv-utils |
268 |
+ !sys-apps/sysvinit ) |
269 |
+ xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) |
270 |
+ abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9 |
271 |
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )" |
272 |
+ |
273 |
+# baselayout-2.2 has /run |
274 |
+RDEPEND="${COMMON_DEPEND} |
275 |
+ >=sys-apps/baselayout-2.2 |
276 |
+ selinux? ( sec-policy/selinux-base-policy[systemd] ) |
277 |
+ !build? ( || ( |
278 |
+ sys-apps/util-linux[kill(-)] |
279 |
+ sys-process/procps[kill(+)] |
280 |
+ sys-apps/coreutils[kill(-)] |
281 |
+ ) ) |
282 |
+ !sys-auth/nss-myhostname |
283 |
+ !<sys-kernel/dracut-044 |
284 |
+ !sys-fs/eudev |
285 |
+ !sys-fs/udev" |
286 |
+ |
287 |
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) |
288 |
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd] |
289 |
+ >=sys-apps/hwids-20150417[udev] |
290 |
+ >=sys-fs/udev-init-scripts-25 |
291 |
+ policykit? ( sys-auth/polkit ) |
292 |
+ !vanilla? ( sys-apps/gentoo-systemd-integration )" |
293 |
+ |
294 |
+# Newer linux-headers needed by ia64, bug #480218 |
295 |
+DEPEND="${COMMON_DEPEND} |
296 |
+ app-arch/xz-utils:0 |
297 |
+ dev-util/gperf |
298 |
+ >=dev-util/intltool-0.50 |
299 |
+ >=sys-apps/coreutils-8.16 |
300 |
+ >=sys-kernel/linux-headers-${MINKV} |
301 |
+ virtual/pkgconfig |
302 |
+ gnuefi? ( >=sys-boot/gnu-efi-3.0.2 ) |
303 |
+ test? ( sys-apps/dbus ) |
304 |
+ app-text/docbook-xml-dtd:4.2 |
305 |
+ app-text/docbook-xml-dtd:4.5 |
306 |
+ app-text/docbook-xsl-stylesheets |
307 |
+ dev-libs/libxslt:0 |
308 |
+ doc? ( $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') ) |
309 |
+" |
310 |
+ |
311 |
+python_check_deps() { |
312 |
+ has_version --host-root "dev-python/lxml[${PYTHON_USEDEP}]" |
313 |
+} |
314 |
+ |
315 |
+pkg_pretend() { |
316 |
+ if [[ ${MERGE_TYPE} != buildonly ]]; then |
317 |
+ local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS |
318 |
+ ~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE |
319 |
+ ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS |
320 |
+ ~TIMERFD ~TMPFS_XATTR ~UNIX |
321 |
+ ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH |
322 |
+ ~!FW_LOADER_USER_HELPER ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED |
323 |
+ ~!SYSFS_DEPRECATED_V2" |
324 |
+ |
325 |
+ use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" |
326 |
+ use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" |
327 |
+ kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG" |
328 |
+ kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES" |
329 |
+ |
330 |
+ if linux_config_exists; then |
331 |
+ local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) |
332 |
+ if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then |
333 |
+ ewarn "It's recommended to set an empty value to the following kernel config option:" |
334 |
+ ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" |
335 |
+ fi |
336 |
+ if linux_chkconfig_present X86; then |
337 |
+ CONFIG_CHECK+=" ~DMIID" |
338 |
+ fi |
339 |
+ fi |
340 |
+ |
341 |
+ if kernel_is -lt ${MINKV//./ }; then |
342 |
+ ewarn "Kernel version at least ${MINKV} required" |
343 |
+ fi |
344 |
+ |
345 |
+ check_extra_config |
346 |
+ fi |
347 |
+} |
348 |
+ |
349 |
+pkg_setup() { |
350 |
+ : |
351 |
+} |
352 |
+ |
353 |
+src_unpack() { |
354 |
+ default |
355 |
+ [[ ${PV} != 9999 ]] || git-r3_src_unpack |
356 |
+} |
357 |
+ |
358 |
+src_prepare() { |
359 |
+ # Bug 463376 |
360 |
+ sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die |
361 |
+ |
362 |
+ local PATCHES=( |
363 |
+ "${FILESDIR}/233-0001-Avoid-strict-DM-interface-version-dependencies-5519.patch" |
364 |
+ "${FILESDIR}/233-CVE-2017-9445.patch" |
365 |
+ ) |
366 |
+ |
367 |
+ if ! use vanilla; then |
368 |
+ PATCHES+=( |
369 |
+ "${FILESDIR}/218-Dont-enable-audit-by-default.patch" |
370 |
+ "${FILESDIR}/228-noclean-tmp.patch" |
371 |
+ "${FILESDIR}/233-systemd-user-pam.patch" |
372 |
+ ) |
373 |
+ fi |
374 |
+ |
375 |
+ [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches ) |
376 |
+ |
377 |
+ default |
378 |
+ |
379 |
+ eautoreconf |
380 |
+} |
381 |
+ |
382 |
+src_configure() { |
383 |
+ # Keep using the one where the rules were installed. |
384 |
+ MY_UDEVDIR=$(get_udevdir) |
385 |
+ # Fix systems broken by bug #509454. |
386 |
+ [[ ${MY_UDEVDIR} ]] || MY_UDEVDIR=/lib/udev |
387 |
+ |
388 |
+ # Prevent conflicts with i686 cross toolchain, bug 559726 |
389 |
+ tc-export AR CC NM OBJCOPY RANLIB |
390 |
+ |
391 |
+ use doc && python_setup |
392 |
+ |
393 |
+ multilib-minimal_src_configure |
394 |
+} |
395 |
+ |
396 |
+multilib_src_configure() { |
397 |
+ local myeconfargs=( |
398 |
+ # disable -flto since it is an optimization flag |
399 |
+ # and makes distcc less effective |
400 |
+ cc_cv_CFLAGS__flto=no |
401 |
+ # disable -fuse-ld=gold since Gentoo supports explicit linker |
402 |
+ # choice and forcing gold is undesired, #539998 |
403 |
+ # ld.gold may collide with user's LDFLAGS, #545168 |
404 |
+ # ld.gold breaks sparc, #573874 |
405 |
+ cc_cv_LDFLAGS__Wl__fuse_ld_gold=no |
406 |
+ |
407 |
+ # Workaround for gcc-4.7, bug 554454. |
408 |
+ cc_cv_CFLAGS__Werror_shadow=no |
409 |
+ |
410 |
+ # Workaround for bug 516346 |
411 |
+ --enable-dependency-tracking |
412 |
+ |
413 |
+ --disable-maintainer-mode |
414 |
+ --localstatedir=/var |
415 |
+ --with-pamlibdir=$(getpam_mod_dir) |
416 |
+ # avoid bash-completion dep |
417 |
+ --with-bashcompletiondir="$(get_bashcompdir)" |
418 |
+ # make sure we get /bin:/sbin in $PATH |
419 |
+ --enable-split-usr |
420 |
+ # For testing. |
421 |
+ --with-rootprefix="${ROOTPREFIX-/usr}" |
422 |
+ --with-rootlibdir="${ROOTPREFIX-/usr}/$(get_libdir)" |
423 |
+ # disable sysv compatibility |
424 |
+ --with-sysvinit-path= |
425 |
+ --with-sysvrcnd-path= |
426 |
+ # no deps |
427 |
+ --enable-efi |
428 |
+ --enable-ima |
429 |
+ |
430 |
+ # Optional components/dependencies |
431 |
+ $(multilib_native_use_enable acl) |
432 |
+ $(multilib_native_use_enable apparmor) |
433 |
+ $(multilib_native_use_enable audit) |
434 |
+ $(multilib_native_use_enable cryptsetup libcryptsetup) |
435 |
+ $(multilib_native_use_enable curl libcurl) |
436 |
+ $(multilib_native_use_enable elfutils) |
437 |
+ $(use_enable gcrypt) |
438 |
+ $(multilib_native_use_enable gnuefi) |
439 |
+ --with-efi-libdir="/usr/$(get_libdir)" |
440 |
+ $(multilib_native_use_enable http microhttpd) |
441 |
+ $(usex http $(multilib_native_use_enable ssl gnutls) --disable-gnutls) |
442 |
+ $(multilib_native_use_enable idn libidn) |
443 |
+ $(multilib_native_use_enable importd) |
444 |
+ $(multilib_native_use_enable importd bzip2) |
445 |
+ $(multilib_native_use_enable importd zlib) |
446 |
+ $(multilib_native_use_enable kmod) |
447 |
+ $(use_enable lz4) |
448 |
+ $(use_enable lzma xz) |
449 |
+ $(multilib_native_use_enable nat libiptc) |
450 |
+ $(use_enable pam) |
451 |
+ $(multilib_native_use_enable policykit polkit) |
452 |
+ $(multilib_native_use_enable qrcode qrencode) |
453 |
+ $(multilib_native_use_enable seccomp) |
454 |
+ $(multilib_native_use_enable selinux) |
455 |
+ $(multilib_native_use_enable test tests) |
456 |
+ $(multilib_native_use_enable test dbus) |
457 |
+ $(multilib_native_use_enable xkb xkbcommon) |
458 |
+ $(multilib_native_use_with doc python) |
459 |
+ |
460 |
+ # hardcode a few paths to spare some deps |
461 |
+ KILL=/bin/kill |
462 |
+ QUOTAON=/usr/sbin/quotaon |
463 |
+ QUOTACHECK=/usr/sbin/quotacheck |
464 |
+ |
465 |
+ # TODO: we may need to restrict this to gcc |
466 |
+ EFI_CC="$(tc-getCC)" |
467 |
+ |
468 |
+ # dbus paths |
469 |
+ --with-dbuspolicydir="${EPREFIX}/etc/dbus-1/system.d" |
470 |
+ --with-dbussessionservicedir="${EPREFIX}/usr/share/dbus-1/services" |
471 |
+ --with-dbussystemservicedir="${EPREFIX}/usr/share/dbus-1/system-services" |
472 |
+ |
473 |
+ --with-ntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" |
474 |
+ |
475 |
+ # Breaks screen, tmux, etc. |
476 |
+ --without-kill-user-processes |
477 |
+ ) |
478 |
+ |
479 |
+ # Work around bug 463846. |
480 |
+ tc-export CC |
481 |
+ |
482 |
+ ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" |
483 |
+} |
484 |
+ |
485 |
+multilib_src_compile() { |
486 |
+ local mymakeopts=( |
487 |
+ udevlibexecdir="${MY_UDEVDIR}" |
488 |
+ ) |
489 |
+ |
490 |
+ if multilib_is_native_abi; then |
491 |
+ emake "${mymakeopts[@]}" |
492 |
+ else |
493 |
+ emake built-sources |
494 |
+ local targets=( |
495 |
+ '$(rootlib_LTLIBRARIES)' |
496 |
+ '$(lib_LTLIBRARIES)' |
497 |
+ '$(pamlib_LTLIBRARIES)' |
498 |
+ '$(pkgconfiglib_DATA)' |
499 |
+ ) |
500 |
+ echo "gentoo: ${targets[*]}" | emake "${mymakeopts[@]}" -f Makefile -f - gentoo |
501 |
+ fi |
502 |
+} |
503 |
+ |
504 |
+multilib_src_test() { |
505 |
+ multilib_is_native_abi || return 0 |
506 |
+ default |
507 |
+} |
508 |
+ |
509 |
+multilib_src_install() { |
510 |
+ local mymakeopts=( |
511 |
+ # automake fails with parallel libtool relinking |
512 |
+ # https://bugs.gentoo.org/show_bug.cgi?id=491398 |
513 |
+ -j1 |
514 |
+ |
515 |
+ udevlibexecdir="${MY_UDEVDIR}" |
516 |
+ dist_udevhwdb_DATA= |
517 |
+ DESTDIR="${D}" |
518 |
+ ) |
519 |
+ |
520 |
+ if multilib_is_native_abi; then |
521 |
+ emake "${mymakeopts[@]}" install |
522 |
+ else |
523 |
+ mymakeopts+=( |
524 |
+ install-rootlibLTLIBRARIES |
525 |
+ install-libLTLIBRARIES |
526 |
+ install-pamlibLTLIBRARIES |
527 |
+ install-pkgconfiglibDATA |
528 |
+ install-includeHEADERS |
529 |
+ install-pkgincludeHEADERS |
530 |
+ ) |
531 |
+ |
532 |
+ emake "${mymakeopts[@]}" |
533 |
+ fi |
534 |
+} |
535 |
+ |
536 |
+multilib_src_install_all() { |
537 |
+ prune_libtool_files --modules |
538 |
+ einstalldocs |
539 |
+ dodoc "${FILESDIR}"/nsswitch.conf |
540 |
+ |
541 |
+ if [[ ${PV} != 9999 ]]; then |
542 |
+ use doc || doman "${WORKDIR}"/man/systemd.{directives,index}.7 |
543 |
+ fi |
544 |
+ |
545 |
+ if use sysv-utils; then |
546 |
+ for app in halt poweroff reboot runlevel shutdown telinit; do |
547 |
+ dosym "..${ROOTPREFIX-/usr}/bin/systemctl" /sbin/${app} |
548 |
+ done |
549 |
+ dosym "..${ROOTPREFIX-/usr}/lib/systemd/systemd" /sbin/init |
550 |
+ else |
551 |
+ # we just keep sysvinit tools, so no need for the mans |
552 |
+ rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \ |
553 |
+ || die |
554 |
+ rm "${D}"/usr/share/man/man1/init.1 || die |
555 |
+ fi |
556 |
+ |
557 |
+ # Preserve empty dirs in /etc & /var, bug #437008 |
558 |
+ keepdir /etc/binfmt.d /etc/modules-load.d /etc/tmpfiles.d \ |
559 |
+ /etc/systemd/ntp-units.d /etc/systemd/user /var/lib/systemd \ |
560 |
+ /var/log/journal/remote |
561 |
+ |
562 |
+ # Symlink /etc/sysctl.conf for easy migration. |
563 |
+ dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf |
564 |
+ |
565 |
+ # If we install these symlinks, there is no way for the sysadmin to remove them |
566 |
+ # permanently. |
567 |
+ rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die |
568 |
+ rm -f "${D}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die |
569 |
+ rm -r "${D}"/etc/systemd/system/network-online.target.wants || die |
570 |
+ rm -r "${D}"/etc/systemd/system/sockets.target.wants || die |
571 |
+ rm -r "${D}"/etc/systemd/system/sysinit.target.wants || die |
572 |
+} |
573 |
+ |
574 |
+migrate_locale() { |
575 |
+ local envd_locale_def="${EROOT%/}/etc/env.d/02locale" |
576 |
+ local envd_locale=( "${EROOT%/}"/etc/env.d/??locale ) |
577 |
+ local locale_conf="${EROOT%/}/etc/locale.conf" |
578 |
+ |
579 |
+ if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then |
580 |
+ # If locale.conf does not exist... |
581 |
+ if [[ -e ${envd_locale} ]]; then |
582 |
+ # ...either copy env.d/??locale if there's one |
583 |
+ ebegin "Moving ${envd_locale} to ${locale_conf}" |
584 |
+ mv "${envd_locale}" "${locale_conf}" |
585 |
+ eend ${?} || FAIL=1 |
586 |
+ else |
587 |
+ # ...or create a dummy default |
588 |
+ ebegin "Creating ${locale_conf}" |
589 |
+ cat > "${locale_conf}" <<-EOF |
590 |
+ # This file has been created by the sys-apps/systemd ebuild. |
591 |
+ # See locale.conf(5) and localectl(1). |
592 |
+ |
593 |
+ # LANG=${LANG} |
594 |
+ EOF |
595 |
+ eend ${?} || FAIL=1 |
596 |
+ fi |
597 |
+ fi |
598 |
+ |
599 |
+ if [[ ! -L ${envd_locale} ]]; then |
600 |
+ # now, if env.d/??locale is not a symlink (to locale.conf)... |
601 |
+ if [[ -e ${envd_locale} ]]; then |
602 |
+ # ...warn the user that he has duplicate locale settings |
603 |
+ ewarn |
604 |
+ ewarn "To ensure consistent behavior, you should replace ${envd_locale}" |
605 |
+ ewarn "with a symlink to ${locale_conf}. Please migrate your settings" |
606 |
+ ewarn "and create the symlink with the following command:" |
607 |
+ ewarn "ln -s -n -f ../locale.conf ${envd_locale}" |
608 |
+ ewarn |
609 |
+ else |
610 |
+ # ...or just create the symlink if there's nothing here |
611 |
+ ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" |
612 |
+ ln -n -s ../locale.conf "${envd_locale_def}" |
613 |
+ eend ${?} || FAIL=1 |
614 |
+ fi |
615 |
+ fi |
616 |
+} |
617 |
+ |
618 |
+pkg_postinst() { |
619 |
+ newusergroup() { |
620 |
+ enewgroup "$1" |
621 |
+ enewuser "$1" -1 -1 -1 "$1" |
622 |
+ } |
623 |
+ |
624 |
+ enewgroup input |
625 |
+ enewgroup systemd-journal |
626 |
+ newusergroup systemd-bus-proxy |
627 |
+ newusergroup systemd-coredump |
628 |
+ newusergroup systemd-journal-gateway |
629 |
+ newusergroup systemd-journal-remote |
630 |
+ newusergroup systemd-journal-upload |
631 |
+ newusergroup systemd-network |
632 |
+ newusergroup systemd-resolve |
633 |
+ newusergroup systemd-timesync |
634 |
+ |
635 |
+ systemd_update_catalog |
636 |
+ |
637 |
+ # Keep this here in case the database format changes so it gets updated |
638 |
+ # when required. Despite that this file is owned by sys-apps/hwids. |
639 |
+ if has_version "sys-apps/hwids[udev]"; then |
640 |
+ udevadm hwdb --update --root="${ROOT%/}" |
641 |
+ fi |
642 |
+ |
643 |
+ udev_reload || FAIL=1 |
644 |
+ |
645 |
+ # Bug 465468, make sure locales are respect, and ensure consistency |
646 |
+ # between OpenRC & systemd |
647 |
+ migrate_locale |
648 |
+ |
649 |
+ if [[ ${FAIL} ]]; then |
650 |
+ eerror "One of the postinst commands failed. Please check the postinst output" |
651 |
+ eerror "for errors. You may need to clean up your system and/or try installing" |
652 |
+ eerror "systemd again." |
653 |
+ eerror |
654 |
+ fi |
655 |
+ |
656 |
+ if [[ $(readlink "${ROOT}"etc/resolv.conf) == */run/systemd/* ]]; then |
657 |
+ ewarn "You should replace the resolv.conf symlink:" |
658 |
+ ewarn "ln -snf ${ROOTPREFIX-/usr}/lib/systemd/resolv.conf ${ROOT}etc/resolv.conf" |
659 |
+ fi |
660 |
+} |
661 |
+ |
662 |
+pkg_prerm() { |
663 |
+ # If removing systemd completely, remove the catalog database. |
664 |
+ if [[ ! ${REPLACED_BY_VERSION} ]]; then |
665 |
+ rm -f -v "${EROOT}"/var/lib/systemd/catalog/database |
666 |
+ fi |
667 |
+} |