Gentoo Archives: gentoo-commits

From: Mike Gilbert <floppym@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd-tmpfiles/
Date: Tue, 11 Jan 2022 01:01:46
Message-Id: 1641862897.2606e84e36c1bf0515947e4d744e6990526ba366.floppym@gentoo
1 commit: 2606e84e36c1bf0515947e4d744e6990526ba366
2 Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
3 AuthorDate: Tue Jan 11 00:54:09 2022 +0000
4 Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
5 CommitDate: Tue Jan 11 01:01:37 2022 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2606e84e
7
8 sys-apps/systemd-tmpfiles: add 249.7
9
10 Includes backport for CVE-2021-3997.
11
12 Bug: https://bugs.gentoo.org/830967
13 Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
14
15 sys-apps/systemd-tmpfiles/Manifest | 2 +
16 .../systemd-tmpfiles/systemd-tmpfiles-249.7.ebuild | 260 +++++++++++++++++++++
17 2 files changed, 262 insertions(+)
18
19 diff --git a/sys-apps/systemd-tmpfiles/Manifest b/sys-apps/systemd-tmpfiles/Manifest
20 index 56ae06fe69b3..8f7f65ff7640 100644
21 --- a/sys-apps/systemd-tmpfiles/Manifest
22 +++ b/sys-apps/systemd-tmpfiles/Manifest
23 @@ -1,2 +1,4 @@
24 +DIST systemd-249.7-CVE-2021-3997.tar.gz 8431 BLAKE2B 167ae8bfb3b653fa4a7a62eee164f2a7edf2f0fb312db8ed955634030c95dfdbd747821b4652620cd34a7af38fe0b77e48ed61096b5d076c3eb2f56371e191c8 SHA512 b17a60a0862743faee0153218792a77b5d06a44876e0c53c264e98d62786442c165f47136d7bc2857edcedc24e667c220a2e7d065e77f9a957804131acb26598
25 DIST systemd-musl-patches-249.5-r1.tar.xz 25148 BLAKE2B 6717291b5335997dcc327764beffc4ded50a5ac0e777bb3c540b5e355bee419c3d9b4a5605c239392d4c1b0e70792bc87282fa15dc9c09a0465b5608f2909006 SHA512 4bb7566437c280e75402fc435a3437aedad127f7b94c9bd54b94e9e1e7507409ad0898681f23e813b9b47414f58e4ca413b6d4e520bbbf578faec09054bf7f9b
26 DIST systemd-stable-249.5.tar.gz 10597897 BLAKE2B 5c573322ef9bcd9d019776d6e2d8625a741c1535c0d06661b5666c2438a70cfc4dc182919bb419829de27a4d93c16717ce24e668faf9bd6b09e57f8bd88be725 SHA512 d6f1a5a6f03f0ed05b111aee75da509c5868c523af6209f33e630724dd0c7e0d0abf16920795d587e6c31a5915d247ebc613cf26d4aecf39f82ebb0690fab75f
27 +DIST systemd-stable-249.7.tar.gz 10608252 BLAKE2B a5597c4973b24c962779622cae47dbf8351af49f8cd898d9c16a967c6f3600c6feb293e9b03eab0423b860eef5b04b287185fb9827cb323429d0ab9fc6d809b2 SHA512 4daf8570621fdcda5c94d982908c64eddfeef989005f4fd79a10f199dbc6f366354177bb59dff34bcb14764fb4423a870ffabac1163849ec53592e29760105fc
28
29 diff --git a/sys-apps/systemd-tmpfiles/systemd-tmpfiles-249.7.ebuild b/sys-apps/systemd-tmpfiles/systemd-tmpfiles-249.7.ebuild
30 new file mode 100644
31 index 000000000000..8d386973e34a
32 --- /dev/null
33 +++ b/sys-apps/systemd-tmpfiles/systemd-tmpfiles-249.7.ebuild
34 @@ -0,0 +1,260 @@
35 +# Copyright 2020-2022 Gentoo Authors
36 +# Distributed under the terms of the GNU General Public License v2
37 +
38 +EAPI=7
39 +
40 +if [[ ${PV} == *.* ]]; then
41 + MY_PN=systemd-stable
42 +else
43 + MY_PN=systemd
44 +fi
45 +
46 +MINKV="3.11"
47 +MUSL_PATCHSET="249.5-r1"
48 +PYTHON_COMPAT=( python3_{8..10} )
49 +inherit flag-o-matic meson python-any-r1
50 +
51 +DESCRIPTION="Creates, deletes and cleans up volatile and temporary files and directories"
52 +HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
53 +SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${PV}.tar.gz -> ${MY_PN}-${PV}.tar.gz
54 + https://dev.gentoo.org/~floppym/dist/systemd-249.7-CVE-2021-3997.tar.gz
55 + elibc_musl? (
56 + https://dev.gentoo.org/~gyakovlev/distfiles/systemd-musl-patches-${MUSL_PATCHSET}.tar.xz
57 + https://dev.gentoo.org/~soap/distfiles/systemd-musl-patches-${MUSL_PATCHSET}.tar.xz
58 + )"
59 +
60 +LICENSE="BSD-2 GPL-2 LGPL-2.1 MIT public-domain"
61 +SLOT="0"
62 +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
63 +IUSE="selinux test"
64 +RESTRICT="!test? ( test )"
65 +
66 +RDEPEND="
67 + sys-apps/acl:0=
68 + >=sys-apps/util-linux-2.30:0=
69 + sys-libs/libcap:0=
70 + selinux? ( sys-libs/libselinux:0= )
71 + virtual/libcrypt:=
72 + !sys-apps/opentmpfiles
73 + !sys-apps/systemd
74 +"
75 +
76 +DEPEND="
77 + ${RDEPEND}
78 + >=sys-kernel/linux-headers-${MINKV}
79 +"
80 +
81 +BDEPEND="
82 + ${PYTHON_DEPS}
83 + $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]')
84 + app-text/docbook-xml-dtd:4.2
85 + app-text/docbook-xml-dtd:4.5
86 + app-text/docbook-xsl-stylesheets
87 + dev-libs/libxslt
88 + dev-util/gperf
89 + >=dev-util/meson-0.46
90 + >=sys-apps/coreutils-8.16
91 + sys-devel/gettext
92 + virtual/pkgconfig
93 +"
94 +
95 +S="${WORKDIR}/${MY_PN}-${PV}"
96 +
97 +python_check_deps() {
98 + has_version -b "dev-python/jinja[${PYTHON_USEDEP}]"
99 +}
100 +
101 +pkg_pretend() {
102 + if [[ -n ${EPREFIX} ]]; then
103 + ewarn "systemd-tmpfiles uses un-prefixed paths at runtime.".
104 + fi
105 +}
106 +
107 +pkg_setup() {
108 + python-any-r1_pkg_setup
109 +}
110 +
111 +src_prepare() {
112 + eapply "${WORKDIR}/systemd-249.7-CVE-2021-3997"
113 +
114 + # musl patchset from:
115 + # http://cgit.openembedded.org/openembedded-core/tree/meta/recipes-core/systemd/systemd
116 + # check SRC_URI_MUSL in systemd_${PV}.bb file for exact list of musl patches
117 + # we share patch tarball with sys-fs/udev
118 + if use elibc_musl; then
119 + einfo "applying musl patches and workarounds"
120 + eapply "${WORKDIR}/musl-patches"
121 +
122 + # avoids re-definition of struct ethhdr, also 0006-Include-netinet-if_ether.h.patch
123 + append-cppflags '-D__UAPI_DEF_ETHHDR=0'
124 +
125 + # src/basic/rlimit-util.c:46:19: error: format ‘%lu’ expects argument of type ‘long unsigned int’,
126 + # but argument 9 has type ‘rlim_t’ {aka ‘long long unsigned int’}
127 + # not a nice workaround, but it comes from debug messages and we don't really use this component.
128 + append-cflags '-Wno-error=format'
129 + fi
130 +
131 + default
132 +
133 + # https://bugs.gentoo.org/767403
134 + python_fix_shebang src/test/*.py
135 + python_fix_shebang test/*.py
136 + python_fix_shebang tools/*.py
137 +}
138 +
139 +src_configure() {
140 + # disable everything until configure says "enabled features: ACL, tmpfiles, standalone-binaries, static-libsystemd(true)"
141 + # and optionally selinux feature can be enabled to make tmpfiles secontext-aware
142 + local systemd_disable_options=(
143 + adm-group
144 + analyze
145 + apparmor
146 + audit
147 + backlight
148 + binfmt
149 + blkid
150 + bzip2
151 + coredump
152 + dbus
153 + efi
154 + elfutils
155 + environment-d
156 + fdisk
157 + gcrypt
158 + glib
159 + gshadow
160 + gnutls
161 + hibernate
162 + hostnamed
163 + hwdb
164 + idn
165 + ima
166 + initrd
167 + firstboot
168 + kernel-install
169 + kmod
170 + ldconfig
171 + libcryptsetup
172 + libcurl
173 + libfido2
174 + libidn
175 + libidn2
176 + libiptc
177 + link-networkd-shared
178 + link-systemctl-shared
179 + link-timesyncd-shared
180 + link-udev-shared
181 + localed
182 + logind
183 + lz4
184 + machined
185 + microhttpd
186 + networkd
187 + nscd
188 + nss-myhostname
189 + nss-resolve
190 + nss-systemd
191 + oomd
192 + openssl
193 + p11kit
194 + pam
195 + pcre2
196 + polkit
197 + portabled
198 + pstore
199 + pwquality
200 + randomseed
201 + resolve
202 + rfkill
203 + seccomp
204 + smack
205 + sysext
206 + sysusers
207 + timedated
208 + timesyncd
209 + tpm
210 + qrencode
211 + quotacheck
212 + userdb
213 + utmp
214 + vconsole
215 + wheel-group
216 + xdg-autostart
217 + xkbcommon
218 + xz
219 + zlib
220 + zstd
221 + )
222 +
223 + # prepend -D and append =false, e.g. zstd becomes -Dzstd=false
224 + systemd_disable_options=( ${systemd_disable_options[@]/#/-D} )
225 + systemd_disable_options=( ${systemd_disable_options[@]/%/=false} )
226 +
227 + local emesonargs=(
228 + -Drootprefix="${EPREFIX:-/}"
229 + -Dacl=true
230 + -Dtmpfiles=true
231 + -Dstandalone-binaries=true # this and below option does the magic
232 + -Dstatic-libsystemd=true
233 + -Dsysvinit-path=''
234 + ${systemd_disable_options[@]}
235 + $(meson_use selinux)
236 + )
237 + meson_src_configure
238 +}
239 +
240 +src_compile() {
241 + # tmpfiles and sysusers can be built as standalone and link systemd-shared in statically.
242 + # https://github.com/systemd/systemd/pull/16061 original implementation
243 + # we just need to pass -Dstandalone-binaries=true and
244 + # use <name>.standalone target below.
245 + # check meson.build for if have_standalone_binaries condition per target.
246 + local mytargets=(
247 + systemd-tmpfiles.standalone
248 + man/tmpfiles.d.5
249 + man/systemd-tmpfiles.8
250 + )
251 + meson_src_compile "${mytargets[@]}"
252 +}
253 +
254 +src_install() {
255 + # lean and mean installation, single binary and man-pages
256 + pushd "${BUILD_DIR}" > /dev/null || die
257 + into /
258 + newbin systemd-tmpfiles.standalone systemd-tmpfiles
259 +
260 + doman man/{systemd-tmpfiles.8,tmpfiles.d.5}
261 +
262 + popd > /dev/null || die
263 +
264 + # service files adapter from opentmpfiles
265 + newinitd "${FILESDIR}"/stmpfiles-dev.initd stmpfiles-dev
266 + newinitd "${FILESDIR}"/stmpfiles-setup.initd stmpfiles-setup
267 +
268 + # same content, but install as different file
269 + newconfd "${FILESDIR}"/stmpfiles.confd stmpfiles-dev
270 + newconfd "${FILESDIR}"/stmpfiles.confd stmpfiles-setup
271 +}
272 +
273 +src_test() {
274 + # 'meson test' will compile full systemd, but we can still outsmart it
275 + "${EPYTHON}" test/test-systemd-tmpfiles.py \
276 + "${BUILD_DIR}"/systemd-tmpfiles.standalone || die "${FUNCNAME} failed"
277 +}
278 +
279 +# stolen from opentmpfiles ebuild
280 +add_service() {
281 + local initd=$1
282 + local runlevel=$2
283 +
284 + elog "Auto-adding '${initd}' service to your ${runlevel} runlevel"
285 + mkdir -p "${EROOT}/etc/runlevels/${runlevel}"
286 + ln -snf "${EPREFIX}/etc/init.d/${initd}" "${EROOT}/etc/runlevels/${runlevel}/${initd}"
287 +}
288 +
289 +pkg_postinst() {
290 + if [[ -z $REPLACING_VERSIONS ]]; then
291 + add_service stmpfiles-dev sysinit
292 + add_service stmpfiles-setup boot
293 + fi
294 +}