1 |
commit: 1c619374ef208df51c34c55dd0b64ef72b05d718 |
2 |
Author: Steev Klimaszewski <steev <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Apr 5 22:36:26 2012 +0000 |
4 |
Commit: Stephen Klimaszewski <steev <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Apr 5 22:36:26 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=dev/steev.git;a=commit;h=1c619374 |
7 |
|
8 |
systemd: Add systemd 44 |
9 |
|
10 |
Add systemd-44 with patch to use NAME_MAX instead of PAGE_SIZE |
11 |
|
12 |
Signed-off-by: Steev Klimaszewski <steev <AT> gentoo.org> |
13 |
|
14 |
--- |
15 |
sys-apps/systemd/Manifest | 8 + |
16 |
...l-never-follow-symlinks-in-rm_rf_children.patch | 32 ++++ |
17 |
sys-apps/systemd/files/gentoo-run.conf | 5 + |
18 |
sys-apps/systemd/files/journal-use-NAME_MAX.patch | 44 +++++ |
19 |
.../systemd/files/update-etc-systemd-symlinks.path | 5 + |
20 |
.../files/update-etc-systemd-symlinks.service | 6 + |
21 |
.../systemd/files/update-etc-systemd-symlinks.sh | 19 +++ |
22 |
sys-apps/systemd/systemd-44.ebuild | 167 ++++++++++++++++++++ |
23 |
8 files changed, 286 insertions(+), 0 deletions(-) |
24 |
|
25 |
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest |
26 |
new file mode 100644 |
27 |
index 0000000..66bccea |
28 |
--- /dev/null |
29 |
+++ b/sys-apps/systemd/Manifest |
30 |
@@ -0,0 +1,8 @@ |
31 |
+AUX 0001-util-never-follow-symlinks-in-rm_rf_children.patch 1262 RMD160 4b328f8d97887b773a95c520595ed2488a0922f7 SHA1 b212485909bae7f625e74809641385915a8bb110 SHA256 4bf6f7d0312f07614d2addece6b48f3301bb85de5f27c8b9729e11b1f4d9e36a |
32 |
+AUX gentoo-run.conf 226 RMD160 3bea7b3d3fe3b3589d8bfdeaf52112ab46a67e82 SHA1 521d0d3ff408905075f42b3b00ccc77da2355c6a SHA256 a23fa3b35b4e9d5f1c41dc77cb5be1cec492eb903a57472df3d93a053db28ca7 |
33 |
+AUX journal-use-NAME_MAX.patch 2072 RMD160 bd9b713a2d42c54cf93e69b5793fada57fdebf13 SHA1 a3056c50455f4b23ed7b652bef3680e3a4dafb1d SHA256 763a621f1f459f751377049a8f4b444107d378d59be185413beef585a427f4ea |
34 |
+AUX update-etc-systemd-symlinks.path 119 RMD160 b2512605a2313af9fca6b611a32b66e2c435577a SHA1 70ddad85c6981b9a0a81f1d0f84f4b039951c543 SHA256 4dbbe99fdc4b7922ad6fb4c6f39c975a4b139e04b04a65e3c79650b364fdc02a |
35 |
+AUX update-etc-systemd-symlinks.service 165 RMD160 aab6eb2ff82ae82be72c12682fda2bc62d7b2e51 SHA1 6a766b8ef0a97290431756c8bbabf242447c632e SHA256 77f199392367cefc6d70110b955fb5f2ebafaf21ea8ca355b1863a44f130bf69 |
36 |
+AUX update-etc-systemd-symlinks.sh 451 RMD160 94066bbc526f108e2a3a49ad3b8dc52eb1ed4ad7 SHA1 9ad3fa9e5bef1b7d10a54101ddedb299d0f875a7 SHA256 1ed27cf8c2ca5ab862b9d935eec613d1a21ceb4cc363a4bfdac6430387e350df |
37 |
+DIST systemd-44.tar.xz 885636 RMD160 d81f0b72806884628b80af5e261dddf5dbc88025 SHA1 851869f1d991343995a9ca1243616c8bf4edfdad SHA256 7a5aac4b4b8b3a82bf59292f10e43d8f2c2d7039f34e95714f81d8edcb42233c |
38 |
+EBUILD systemd-44.ebuild 5223 RMD160 98f45aefd7efed79740703e347f1a709563cb463 SHA1 133795870b6fa29f55b1bf153d576426a3c31c7b SHA256 ac6f93421966bcc0d9de95000e083eec728a1a496d1a658a97c3eee37da47735 |
39 |
|
40 |
diff --git a/sys-apps/systemd/files/0001-util-never-follow-symlinks-in-rm_rf_children.patch b/sys-apps/systemd/files/0001-util-never-follow-symlinks-in-rm_rf_children.patch |
41 |
new file mode 100644 |
42 |
index 0000000..7ac9251 |
43 |
--- /dev/null |
44 |
+++ b/sys-apps/systemd/files/0001-util-never-follow-symlinks-in-rm_rf_children.patch |
45 |
@@ -0,0 +1,32 @@ |
46 |
+From 5ebff5337594d690b322078c512eb222d34aaa82 Mon Sep 17 00:00:00 2001 |
47 |
+From: Michal Schmidt <mschmidt@××××××.com> |
48 |
+Date: Fri, 2 Mar 2012 10:39:10 +0100 |
49 |
+Subject: [PATCH] util: never follow symlinks in rm_rf_children() |
50 |
+ |
51 |
+The function checks if the entry is a directory before recursing, but |
52 |
+there is a window between the check and the open, during which the |
53 |
+directory could be replaced with a symlink. |
54 |
+ |
55 |
+CVE-2012-1174 |
56 |
+https://bugzilla.redhat.com/show_bug.cgi?id=803358 |
57 |
+--- |
58 |
+ src/util.c | 3 ++- |
59 |
+ 1 file changed, 2 insertions(+), 1 deletion(-) |
60 |
+ |
61 |
+diff --git a/src/util.c b/src/util.c |
62 |
+index 20cbc2b..dfc1dc6 100644 |
63 |
+--- a/src/util.c |
64 |
++++ b/src/util.c |
65 |
+@@ -3593,7 +3593,8 @@ static int rm_rf_children(int fd, bool only_dirs, bool honour_sticky) { |
66 |
+ if (is_dir) { |
67 |
+ int subdir_fd; |
68 |
+ |
69 |
+- if ((subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC)) < 0) { |
70 |
++ subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW); |
71 |
++ if (subdir_fd < 0) { |
72 |
+ if (ret == 0 && errno != ENOENT) |
73 |
+ ret = -errno; |
74 |
+ continue; |
75 |
+-- |
76 |
+1.7.9.4 |
77 |
+ |
78 |
|
79 |
diff --git a/sys-apps/systemd/files/gentoo-run.conf b/sys-apps/systemd/files/gentoo-run.conf |
80 |
new file mode 100644 |
81 |
index 0000000..5b3bcab |
82 |
--- /dev/null |
83 |
+++ b/sys-apps/systemd/files/gentoo-run.conf |
84 |
@@ -0,0 +1,5 @@ |
85 |
+# New OpenRC versions replace /var/lock with a symlink to /run/lock. |
86 |
+# We just create that directory for now, just in case. |
87 |
+# Of course, it's not guaranteed that'll satisfy all relevant packages. |
88 |
+ |
89 |
+d /run/lock 0755 root root - |
90 |
|
91 |
diff --git a/sys-apps/systemd/files/journal-use-NAME_MAX.patch b/sys-apps/systemd/files/journal-use-NAME_MAX.patch |
92 |
new file mode 100644 |
93 |
index 0000000..623bea1 |
94 |
--- /dev/null |
95 |
+++ b/sys-apps/systemd/files/journal-use-NAME_MAX.patch |
96 |
@@ -0,0 +1,44 @@ |
97 |
+From 7264278fbbdc1dc6c30fedc902d1337594aa6ff6 Mon Sep 17 00:00:00 2001 |
98 |
+From: Lennart Poettering <lennart@××××××××××.net> |
99 |
+Date: Wed, 21 Mar 2012 22:47:44 +0000 |
100 |
+Subject: journal: PAGE_SIZE is not known on ppc and other archs |
101 |
+ |
102 |
+Let's use NAME_MAX, as suggested by Dan Walsh |
103 |
+--- |
104 |
+diff --git a/src/journal/journald.c b/src/journal/journald.c |
105 |
+index d27cb60..87390bd 100644 |
106 |
+--- a/src/journal/journald.c |
107 |
++++ b/src/journal/journald.c |
108 |
+@@ -29,7 +29,6 @@ |
109 |
+ #include <sys/ioctl.h> |
110 |
+ #include <linux/sockios.h> |
111 |
+ #include <sys/statvfs.h> |
112 |
+-#include <sys/user.h> |
113 |
+ |
114 |
+ #include <systemd/sd-journal.h> |
115 |
+ #include <systemd/sd-login.h> |
116 |
+@@ -2149,10 +2148,20 @@ static int process_event(Server *s, struct epoll_event *ev) { |
117 |
+ size_t label_len = 0; |
118 |
+ union { |
119 |
+ struct cmsghdr cmsghdr; |
120 |
++ |
121 |
++ /* We use NAME_MAX space for the |
122 |
++ * SELinux label here. The kernel |
123 |
++ * currently enforces no limit, but |
124 |
++ * according to suggestions from the |
125 |
++ * SELinux people this will change and |
126 |
++ * it will probably be identical to |
127 |
++ * NAME_MAX. For now we use that, but |
128 |
++ * this should be updated one day when |
129 |
++ * the final limit is known.*/ |
130 |
+ uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) + |
131 |
+ CMSG_SPACE(sizeof(struct timeval)) + |
132 |
+- CMSG_SPACE(sizeof(int)) + |
133 |
+- CMSG_SPACE(PAGE_SIZE)]; /* selinux label */ |
134 |
++ CMSG_SPACE(sizeof(int)) + /* fd */ |
135 |
++ CMSG_SPACE(NAME_MAX)]; /* selinux label */ |
136 |
+ } control; |
137 |
+ ssize_t n; |
138 |
+ int v; |
139 |
+-- |
140 |
+cgit v0.9.0.2-2-gbebe |
141 |
|
142 |
diff --git a/sys-apps/systemd/files/update-etc-systemd-symlinks.path b/sys-apps/systemd/files/update-etc-systemd-symlinks.path |
143 |
new file mode 100644 |
144 |
index 0000000..33a9576 |
145 |
--- /dev/null |
146 |
+++ b/sys-apps/systemd/files/update-etc-systemd-symlinks.path |
147 |
@@ -0,0 +1,5 @@ |
148 |
+[Unit] |
149 |
+Description=Update /etc/systemd/system symlinks for units moved to /usr |
150 |
+ |
151 |
+[Path] |
152 |
+PathChanged=/lib/systemd/system |
153 |
|
154 |
diff --git a/sys-apps/systemd/files/update-etc-systemd-symlinks.service b/sys-apps/systemd/files/update-etc-systemd-symlinks.service |
155 |
new file mode 100644 |
156 |
index 0000000..c05a194 |
157 |
--- /dev/null |
158 |
+++ b/sys-apps/systemd/files/update-etc-systemd-symlinks.service |
159 |
@@ -0,0 +1,6 @@ |
160 |
+[Unit] |
161 |
+Description=Update /etc/systemd/system symlinks for units moved to /usr |
162 |
+ |
163 |
+[Service] |
164 |
+Type=oneshot |
165 |
+ExecStart=/usr/libexec/systemd/update-etc-systemd-symlinks.sh |
166 |
|
167 |
diff --git a/sys-apps/systemd/files/update-etc-systemd-symlinks.sh b/sys-apps/systemd/files/update-etc-systemd-symlinks.sh |
168 |
new file mode 100755 |
169 |
index 0000000..ce81bba |
170 |
--- /dev/null |
171 |
+++ b/sys-apps/systemd/files/update-etc-systemd-symlinks.sh |
172 |
@@ -0,0 +1,19 @@ |
173 |
+#!/bin/sh |
174 |
+# Update symlinks to systemd units moved into /usr/systemd. |
175 |
+# (c) 2012 Michał Górny |
176 |
+# Released under the terms of the 2-clause BSD license |
177 |
+ |
178 |
+IFS_SAVE=${IFS} |
179 |
+IFS=' |
180 |
+' |
181 |
+# follow + symlink type will match broken symlinks only |
182 |
+set -- $(find -L /etc/systemd/system -type l -print) |
183 |
+IFS=${IFS_SAVE} |
184 |
+ |
185 |
+for f; do |
186 |
+ old_path=$(readlink "${f}") |
187 |
+ new_path=/usr/lib${old_path#/lib} |
188 |
+ if [ -f "${new_path}" ]; then |
189 |
+ ln -v -s -f "${new_path}" "${f}" |
190 |
+ fi |
191 |
+done |
192 |
|
193 |
diff --git a/sys-apps/systemd/systemd-44.ebuild b/sys-apps/systemd/systemd-44.ebuild |
194 |
new file mode 100644 |
195 |
index 0000000..39f1a9b |
196 |
--- /dev/null |
197 |
+++ b/sys-apps/systemd/systemd-44.ebuild |
198 |
@@ -0,0 +1,167 @@ |
199 |
+# Copyright 1999-2012 Gentoo Foundation |
200 |
+# Distributed under the terms of the GNU General Public License v2 |
201 |
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/systemd-44.ebuild,v 1.1 2012/04/05 11:15:27 mgorny Exp $ |
202 |
+ |
203 |
+EAPI=4 |
204 |
+ |
205 |
+inherit autotools-utils bash-completion-r1 linux-info pam systemd |
206 |
+ |
207 |
+DESCRIPTION="System and service manager for Linux" |
208 |
+HOMEPAGE="http://www.freedesktop.org/wiki/Software/systemd" |
209 |
+SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz" |
210 |
+ |
211 |
+LICENSE="GPL-2" |
212 |
+SLOT="0" |
213 |
+KEYWORDS="~amd64 ~x86" |
214 |
+IUSE="acl audit cryptsetup lzma pam plymouth selinux tcpd" |
215 |
+ |
216 |
+# We need to depend on sysvinit for sulogin which is used in the rescue |
217 |
+# mode. Bug #399615. |
218 |
+ |
219 |
+# A little higher than upstream requires |
220 |
+# but I had real trouble with 2.6.37 and systemd. |
221 |
+MINKV="2.6.38" |
222 |
+ |
223 |
+# dbus version because of systemd units |
224 |
+# sysvinit for sulogin |
225 |
+RDEPEND=">=sys-apps/dbus-1.4.10 |
226 |
+ >=sys-apps/kmod-5 |
227 |
+ sys-apps/sysvinit |
228 |
+ >=sys-apps/util-linux-2.19 |
229 |
+ >=sys-fs/udev-172 |
230 |
+ sys-libs/libcap |
231 |
+ acl? ( sys-apps/acl ) |
232 |
+ audit? ( >=sys-process/audit-2 ) |
233 |
+ cryptsetup? ( sys-fs/cryptsetup ) |
234 |
+ lzma? ( app-arch/xz-utils ) |
235 |
+ pam? ( virtual/pam ) |
236 |
+ plymouth? ( sys-boot/plymouth ) |
237 |
+ selinux? ( sys-libs/libselinux ) |
238 |
+ tcpd? ( sys-apps/tcp-wrappers )" |
239 |
+ |
240 |
+DEPEND="${RDEPEND} |
241 |
+ app-arch/xz-utils |
242 |
+ app-text/docbook-xsl-stylesheets |
243 |
+ dev-libs/libxslt |
244 |
+ dev-util/gperf |
245 |
+ dev-util/intltool |
246 |
+ >=sys-kernel/linux-headers-${MINKV}" |
247 |
+ |
248 |
+PATCHES=( |
249 |
+ # bug #408879: Session Logout File Deletion Weakness (CVE-2012-1174) |
250 |
+ "${FILESDIR}"/0001-util-never-follow-symlinks-in-rm_rf_children.patch |
251 |
+ # Not all architectures have PAGE_SIZE |
252 |
+ "${FILESDIR}"/journal-use-NAME_MAX.patch |
253 |
+) |
254 |
+ |
255 |
+pkg_setup() { |
256 |
+ enewgroup lock # used by var-lock.mount |
257 |
+ enewgroup tty 5 # used by mount-setup for /dev/pts |
258 |
+} |
259 |
+ |
260 |
+src_configure() { |
261 |
+ local myeconfargs=( |
262 |
+ --with-distro=gentoo |
263 |
+ # install everything to /usr |
264 |
+ --with-rootprefix=/usr |
265 |
+ --with-rootlibdir=/usr/$(get_libdir) |
266 |
+ # but pam modules have to lie in /lib* |
267 |
+ --with-pamlibdir=/$(get_libdir)/security |
268 |
+ --localstatedir=/var |
269 |
+ # make sure we get /bin:/sbin in $PATH |
270 |
+ --enable-split-usr |
271 |
+ $(use_enable acl) |
272 |
+ $(use_enable audit) |
273 |
+ $(use_enable cryptsetup libcryptsetup) |
274 |
+ $(use_enable lzma xz) |
275 |
+ $(use_enable pam) |
276 |
+ $(use_enable plymouth) |
277 |
+ $(use_enable selinux) |
278 |
+ $(use_enable tcpd tcpwrap) |
279 |
+ # now in sys-apps/systemd-ui |
280 |
+ --disable-gtk |
281 |
+ ) |
282 |
+ |
283 |
+ autotools-utils_src_configure |
284 |
+} |
285 |
+ |
286 |
+src_install() { |
287 |
+ autotools-utils_src_install \ |
288 |
+ bashcompletiondir=/tmp |
289 |
+ |
290 |
+ # compat for init= use |
291 |
+ dosym ../usr/lib/systemd/systemd /bin/systemd |
292 |
+ dosym ../lib/systemd/systemd /usr/bin/systemd |
293 |
+ # rsyslog.service depends on it... |
294 |
+ dosym ../usr/bin/systemctl /bin/systemctl |
295 |
+ |
296 |
+ # move files as necessary |
297 |
+ newbashcomp "${D}"/tmp/systemd-bash-completion.sh ${PN} |
298 |
+ rm -r "${D}"/tmp || die |
299 |
+ |
300 |
+ # we just keep sysvinit tools, so no need for the mans |
301 |
+ rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \ |
302 |
+ || die |
303 |
+ rm "${D}"/usr/share/man/man1/init.1 || die |
304 |
+ |
305 |
+ # Create /run/lock as required by new baselay/OpenRC compat. |
306 |
+ insinto /usr/lib/tmpfiles.d |
307 |
+ doins "${FILESDIR}"/gentoo-run.conf |
308 |
+ |
309 |
+ # Migration helpers. |
310 |
+ exeinto /usr/libexec/systemd |
311 |
+ doexe "${FILESDIR}"/update-etc-systemd-symlinks.sh |
312 |
+ systemd_dounit "${FILESDIR}"/update-etc-systemd-symlinks.{service,path} |
313 |
+ systemd_enable_service sysinit.target update-etc-systemd-symlinks.path |
314 |
+} |
315 |
+ |
316 |
+pkg_preinst() { |
317 |
+ local CONFIG_CHECK="~AUTOFS4_FS ~CGROUPS ~DEVTMPFS ~FANOTIFY ~IPV6" |
318 |
+ kernel_is -ge ${MINKV//./ } || ewarn "Kernel version at least ${MINKV} required" |
319 |
+ check_extra_config |
320 |
+} |
321 |
+ |
322 |
+optfeature() { |
323 |
+ elog " [\e[1m$(has_version ${1} && echo I || echo ' ')\e[0m] ${1} (${2})" |
324 |
+} |
325 |
+ |
326 |
+pkg_postinst() { |
327 |
+ mkdir -p "${ROOT}"/run || ewarn "Unable to mkdir /run, this could mean trouble." |
328 |
+ if [[ ! -L "${ROOT}"/etc/mtab ]]; then |
329 |
+ ewarn "Upstream suggests that the /etc/mtab file should be a symlink to /proc/mounts." |
330 |
+ ewarn "It is known to cause users being unable to unmount user mounts. If you don't" |
331 |
+ ewarn "require that specific feature, please call:" |
332 |
+ ewarn " $ ln -sf '${ROOT}proc/self/mounts' '${ROOT}etc/mtab'" |
333 |
+ ewarn |
334 |
+ fi |
335 |
+ |
336 |
+ elog "You may need to perform some additional configuration for some programs" |
337 |
+ elog "to work, see the systemd manpages for loading modules and handling tmpfiles:" |
338 |
+ elog " $ man modules-load.d" |
339 |
+ elog " $ man tmpfiles.d" |
340 |
+ elog |
341 |
+ |
342 |
+ elog "To get additional features, a number of optional runtime dependencies may" |
343 |
+ elog "be installed:" |
344 |
+ optfeature 'dev-python/dbus-python' 'for systemd-analyze' |
345 |
+ optfeature 'dev-python/pycairo[svg]' 'for systemd-analyze plotting ability' |
346 |
+ optfeature 'sys-apps/systemd-ui' 'for GTK+ systemadm UI and gnome-ask-password-agent' |
347 |
+ elog |
348 |
+ |
349 |
+ ewarn "Please note this is a work-in-progress and many packages in Gentoo" |
350 |
+ ewarn "do not supply systemd unit files yet. You are testing it on your own" |
351 |
+ ewarn "responsibility. Please remember than you can pass:" |
352 |
+ ewarn " init=/sbin/init" |
353 |
+ ewarn "to your kernel to boot using sysvinit / OpenRC." |
354 |
+ |
355 |
+ # Don't run it if we're outta / |
356 |
+ if [[ ! ${ROOT%/} ]]; then |
357 |
+ # Update symlinks to moved units. |
358 |
+ sh "${FILESDIR}"/update-etc-systemd-symlinks.sh |
359 |
+ |
360 |
+ # Try to start migration unit. |
361 |
+ ebegin "Trying to start migration helper path monitoring." |
362 |
+ systemctl --system start update-etc-systemd-symlinks.path 2>/dev/null |
363 |
+ eend ${?} |
364 |
+ fi |
365 |
+} |