1 |
commit: 2606e84e36c1bf0515947e4d744e6990526ba366 |
2 |
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Jan 11 00:54:09 2022 +0000 |
4 |
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Jan 11 01:01:37 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2606e84e |
7 |
|
8 |
sys-apps/systemd-tmpfiles: add 249.7 |
9 |
|
10 |
Includes backport for CVE-2021-3997. |
11 |
|
12 |
Bug: https://bugs.gentoo.org/830967 |
13 |
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> |
14 |
|
15 |
sys-apps/systemd-tmpfiles/Manifest | 2 + |
16 |
.../systemd-tmpfiles/systemd-tmpfiles-249.7.ebuild | 260 +++++++++++++++++++++ |
17 |
2 files changed, 262 insertions(+) |
18 |
|
19 |
diff --git a/sys-apps/systemd-tmpfiles/Manifest b/sys-apps/systemd-tmpfiles/Manifest |
20 |
index 56ae06fe69b3..8f7f65ff7640 100644 |
21 |
--- a/sys-apps/systemd-tmpfiles/Manifest |
22 |
+++ b/sys-apps/systemd-tmpfiles/Manifest |
23 |
@@ -1,2 +1,4 @@ |
24 |
+DIST systemd-249.7-CVE-2021-3997.tar.gz 8431 BLAKE2B 167ae8bfb3b653fa4a7a62eee164f2a7edf2f0fb312db8ed955634030c95dfdbd747821b4652620cd34a7af38fe0b77e48ed61096b5d076c3eb2f56371e191c8 SHA512 b17a60a0862743faee0153218792a77b5d06a44876e0c53c264e98d62786442c165f47136d7bc2857edcedc24e667c220a2e7d065e77f9a957804131acb26598 |
25 |
DIST systemd-musl-patches-249.5-r1.tar.xz 25148 BLAKE2B 6717291b5335997dcc327764beffc4ded50a5ac0e777bb3c540b5e355bee419c3d9b4a5605c239392d4c1b0e70792bc87282fa15dc9c09a0465b5608f2909006 SHA512 4bb7566437c280e75402fc435a3437aedad127f7b94c9bd54b94e9e1e7507409ad0898681f23e813b9b47414f58e4ca413b6d4e520bbbf578faec09054bf7f9b |
26 |
DIST systemd-stable-249.5.tar.gz 10597897 BLAKE2B 5c573322ef9bcd9d019776d6e2d8625a741c1535c0d06661b5666c2438a70cfc4dc182919bb419829de27a4d93c16717ce24e668faf9bd6b09e57f8bd88be725 SHA512 d6f1a5a6f03f0ed05b111aee75da509c5868c523af6209f33e630724dd0c7e0d0abf16920795d587e6c31a5915d247ebc613cf26d4aecf39f82ebb0690fab75f |
27 |
+DIST systemd-stable-249.7.tar.gz 10608252 BLAKE2B a5597c4973b24c962779622cae47dbf8351af49f8cd898d9c16a967c6f3600c6feb293e9b03eab0423b860eef5b04b287185fb9827cb323429d0ab9fc6d809b2 SHA512 4daf8570621fdcda5c94d982908c64eddfeef989005f4fd79a10f199dbc6f366354177bb59dff34bcb14764fb4423a870ffabac1163849ec53592e29760105fc |
28 |
|
29 |
diff --git a/sys-apps/systemd-tmpfiles/systemd-tmpfiles-249.7.ebuild b/sys-apps/systemd-tmpfiles/systemd-tmpfiles-249.7.ebuild |
30 |
new file mode 100644 |
31 |
index 000000000000..8d386973e34a |
32 |
--- /dev/null |
33 |
+++ b/sys-apps/systemd-tmpfiles/systemd-tmpfiles-249.7.ebuild |
34 |
@@ -0,0 +1,260 @@ |
35 |
+# Copyright 2020-2022 Gentoo Authors |
36 |
+# Distributed under the terms of the GNU General Public License v2 |
37 |
+ |
38 |
+EAPI=7 |
39 |
+ |
40 |
+if [[ ${PV} == *.* ]]; then |
41 |
+ MY_PN=systemd-stable |
42 |
+else |
43 |
+ MY_PN=systemd |
44 |
+fi |
45 |
+ |
46 |
+MINKV="3.11" |
47 |
+MUSL_PATCHSET="249.5-r1" |
48 |
+PYTHON_COMPAT=( python3_{8..10} ) |
49 |
+inherit flag-o-matic meson python-any-r1 |
50 |
+ |
51 |
+DESCRIPTION="Creates, deletes and cleans up volatile and temporary files and directories" |
52 |
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd" |
53 |
+SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${PV}.tar.gz -> ${MY_PN}-${PV}.tar.gz |
54 |
+ https://dev.gentoo.org/~floppym/dist/systemd-249.7-CVE-2021-3997.tar.gz |
55 |
+ elibc_musl? ( |
56 |
+ https://dev.gentoo.org/~gyakovlev/distfiles/systemd-musl-patches-${MUSL_PATCHSET}.tar.xz |
57 |
+ https://dev.gentoo.org/~soap/distfiles/systemd-musl-patches-${MUSL_PATCHSET}.tar.xz |
58 |
+ )" |
59 |
+ |
60 |
+LICENSE="BSD-2 GPL-2 LGPL-2.1 MIT public-domain" |
61 |
+SLOT="0" |
62 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" |
63 |
+IUSE="selinux test" |
64 |
+RESTRICT="!test? ( test )" |
65 |
+ |
66 |
+RDEPEND=" |
67 |
+ sys-apps/acl:0= |
68 |
+ >=sys-apps/util-linux-2.30:0= |
69 |
+ sys-libs/libcap:0= |
70 |
+ selinux? ( sys-libs/libselinux:0= ) |
71 |
+ virtual/libcrypt:= |
72 |
+ !sys-apps/opentmpfiles |
73 |
+ !sys-apps/systemd |
74 |
+" |
75 |
+ |
76 |
+DEPEND=" |
77 |
+ ${RDEPEND} |
78 |
+ >=sys-kernel/linux-headers-${MINKV} |
79 |
+" |
80 |
+ |
81 |
+BDEPEND=" |
82 |
+ ${PYTHON_DEPS} |
83 |
+ $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]') |
84 |
+ app-text/docbook-xml-dtd:4.2 |
85 |
+ app-text/docbook-xml-dtd:4.5 |
86 |
+ app-text/docbook-xsl-stylesheets |
87 |
+ dev-libs/libxslt |
88 |
+ dev-util/gperf |
89 |
+ >=dev-util/meson-0.46 |
90 |
+ >=sys-apps/coreutils-8.16 |
91 |
+ sys-devel/gettext |
92 |
+ virtual/pkgconfig |
93 |
+" |
94 |
+ |
95 |
+S="${WORKDIR}/${MY_PN}-${PV}" |
96 |
+ |
97 |
+python_check_deps() { |
98 |
+ has_version -b "dev-python/jinja[${PYTHON_USEDEP}]" |
99 |
+} |
100 |
+ |
101 |
+pkg_pretend() { |
102 |
+ if [[ -n ${EPREFIX} ]]; then |
103 |
+ ewarn "systemd-tmpfiles uses un-prefixed paths at runtime.". |
104 |
+ fi |
105 |
+} |
106 |
+ |
107 |
+pkg_setup() { |
108 |
+ python-any-r1_pkg_setup |
109 |
+} |
110 |
+ |
111 |
+src_prepare() { |
112 |
+ eapply "${WORKDIR}/systemd-249.7-CVE-2021-3997" |
113 |
+ |
114 |
+ # musl patchset from: |
115 |
+ # http://cgit.openembedded.org/openembedded-core/tree/meta/recipes-core/systemd/systemd |
116 |
+ # check SRC_URI_MUSL in systemd_${PV}.bb file for exact list of musl patches |
117 |
+ # we share patch tarball with sys-fs/udev |
118 |
+ if use elibc_musl; then |
119 |
+ einfo "applying musl patches and workarounds" |
120 |
+ eapply "${WORKDIR}/musl-patches" |
121 |
+ |
122 |
+ # avoids re-definition of struct ethhdr, also 0006-Include-netinet-if_ether.h.patch |
123 |
+ append-cppflags '-D__UAPI_DEF_ETHHDR=0' |
124 |
+ |
125 |
+ # src/basic/rlimit-util.c:46:19: error: format ‘%lu’ expects argument of type ‘long unsigned int’, |
126 |
+ # but argument 9 has type ‘rlim_t’ {aka ‘long long unsigned int’} |
127 |
+ # not a nice workaround, but it comes from debug messages and we don't really use this component. |
128 |
+ append-cflags '-Wno-error=format' |
129 |
+ fi |
130 |
+ |
131 |
+ default |
132 |
+ |
133 |
+ # https://bugs.gentoo.org/767403 |
134 |
+ python_fix_shebang src/test/*.py |
135 |
+ python_fix_shebang test/*.py |
136 |
+ python_fix_shebang tools/*.py |
137 |
+} |
138 |
+ |
139 |
+src_configure() { |
140 |
+ # disable everything until configure says "enabled features: ACL, tmpfiles, standalone-binaries, static-libsystemd(true)" |
141 |
+ # and optionally selinux feature can be enabled to make tmpfiles secontext-aware |
142 |
+ local systemd_disable_options=( |
143 |
+ adm-group |
144 |
+ analyze |
145 |
+ apparmor |
146 |
+ audit |
147 |
+ backlight |
148 |
+ binfmt |
149 |
+ blkid |
150 |
+ bzip2 |
151 |
+ coredump |
152 |
+ dbus |
153 |
+ efi |
154 |
+ elfutils |
155 |
+ environment-d |
156 |
+ fdisk |
157 |
+ gcrypt |
158 |
+ glib |
159 |
+ gshadow |
160 |
+ gnutls |
161 |
+ hibernate |
162 |
+ hostnamed |
163 |
+ hwdb |
164 |
+ idn |
165 |
+ ima |
166 |
+ initrd |
167 |
+ firstboot |
168 |
+ kernel-install |
169 |
+ kmod |
170 |
+ ldconfig |
171 |
+ libcryptsetup |
172 |
+ libcurl |
173 |
+ libfido2 |
174 |
+ libidn |
175 |
+ libidn2 |
176 |
+ libiptc |
177 |
+ link-networkd-shared |
178 |
+ link-systemctl-shared |
179 |
+ link-timesyncd-shared |
180 |
+ link-udev-shared |
181 |
+ localed |
182 |
+ logind |
183 |
+ lz4 |
184 |
+ machined |
185 |
+ microhttpd |
186 |
+ networkd |
187 |
+ nscd |
188 |
+ nss-myhostname |
189 |
+ nss-resolve |
190 |
+ nss-systemd |
191 |
+ oomd |
192 |
+ openssl |
193 |
+ p11kit |
194 |
+ pam |
195 |
+ pcre2 |
196 |
+ polkit |
197 |
+ portabled |
198 |
+ pstore |
199 |
+ pwquality |
200 |
+ randomseed |
201 |
+ resolve |
202 |
+ rfkill |
203 |
+ seccomp |
204 |
+ smack |
205 |
+ sysext |
206 |
+ sysusers |
207 |
+ timedated |
208 |
+ timesyncd |
209 |
+ tpm |
210 |
+ qrencode |
211 |
+ quotacheck |
212 |
+ userdb |
213 |
+ utmp |
214 |
+ vconsole |
215 |
+ wheel-group |
216 |
+ xdg-autostart |
217 |
+ xkbcommon |
218 |
+ xz |
219 |
+ zlib |
220 |
+ zstd |
221 |
+ ) |
222 |
+ |
223 |
+ # prepend -D and append =false, e.g. zstd becomes -Dzstd=false |
224 |
+ systemd_disable_options=( ${systemd_disable_options[@]/#/-D} ) |
225 |
+ systemd_disable_options=( ${systemd_disable_options[@]/%/=false} ) |
226 |
+ |
227 |
+ local emesonargs=( |
228 |
+ -Drootprefix="${EPREFIX:-/}" |
229 |
+ -Dacl=true |
230 |
+ -Dtmpfiles=true |
231 |
+ -Dstandalone-binaries=true # this and below option does the magic |
232 |
+ -Dstatic-libsystemd=true |
233 |
+ -Dsysvinit-path='' |
234 |
+ ${systemd_disable_options[@]} |
235 |
+ $(meson_use selinux) |
236 |
+ ) |
237 |
+ meson_src_configure |
238 |
+} |
239 |
+ |
240 |
+src_compile() { |
241 |
+ # tmpfiles and sysusers can be built as standalone and link systemd-shared in statically. |
242 |
+ # https://github.com/systemd/systemd/pull/16061 original implementation |
243 |
+ # we just need to pass -Dstandalone-binaries=true and |
244 |
+ # use <name>.standalone target below. |
245 |
+ # check meson.build for if have_standalone_binaries condition per target. |
246 |
+ local mytargets=( |
247 |
+ systemd-tmpfiles.standalone |
248 |
+ man/tmpfiles.d.5 |
249 |
+ man/systemd-tmpfiles.8 |
250 |
+ ) |
251 |
+ meson_src_compile "${mytargets[@]}" |
252 |
+} |
253 |
+ |
254 |
+src_install() { |
255 |
+ # lean and mean installation, single binary and man-pages |
256 |
+ pushd "${BUILD_DIR}" > /dev/null || die |
257 |
+ into / |
258 |
+ newbin systemd-tmpfiles.standalone systemd-tmpfiles |
259 |
+ |
260 |
+ doman man/{systemd-tmpfiles.8,tmpfiles.d.5} |
261 |
+ |
262 |
+ popd > /dev/null || die |
263 |
+ |
264 |
+ # service files adapter from opentmpfiles |
265 |
+ newinitd "${FILESDIR}"/stmpfiles-dev.initd stmpfiles-dev |
266 |
+ newinitd "${FILESDIR}"/stmpfiles-setup.initd stmpfiles-setup |
267 |
+ |
268 |
+ # same content, but install as different file |
269 |
+ newconfd "${FILESDIR}"/stmpfiles.confd stmpfiles-dev |
270 |
+ newconfd "${FILESDIR}"/stmpfiles.confd stmpfiles-setup |
271 |
+} |
272 |
+ |
273 |
+src_test() { |
274 |
+ # 'meson test' will compile full systemd, but we can still outsmart it |
275 |
+ "${EPYTHON}" test/test-systemd-tmpfiles.py \ |
276 |
+ "${BUILD_DIR}"/systemd-tmpfiles.standalone || die "${FUNCNAME} failed" |
277 |
+} |
278 |
+ |
279 |
+# stolen from opentmpfiles ebuild |
280 |
+add_service() { |
281 |
+ local initd=$1 |
282 |
+ local runlevel=$2 |
283 |
+ |
284 |
+ elog "Auto-adding '${initd}' service to your ${runlevel} runlevel" |
285 |
+ mkdir -p "${EROOT}/etc/runlevels/${runlevel}" |
286 |
+ ln -snf "${EPREFIX}/etc/init.d/${initd}" "${EROOT}/etc/runlevels/${runlevel}/${initd}" |
287 |
+} |
288 |
+ |
289 |
+pkg_postinst() { |
290 |
+ if [[ -z $REPLACING_VERSIONS ]]; then |
291 |
+ add_service stmpfiles-dev sysinit |
292 |
+ add_service stmpfiles-setup boot |
293 |
+ fi |
294 |
+} |