[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2024-05-27 Thread Sam James 
commit: 4081984af756a502e85da04e8ca5df6c760fdc21
Author: Sam James  gentoo  org>
AuthorDate: Tue May 28 00:47:40 2024 +
Commit: Sam James  gentoo  org>
CommitDate: Tue May 28 00:50:51 2024 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4081984a

sys-apps/systemd: drop 255.5, 255.5-r1, 255.5-r2

Signed-off-by: Sam James  gentoo.org>

 sys-apps/systemd/Manifest |   1 -
 sys-apps/systemd/files/255-dnssec-2.patch |  48 ---
 sys-apps/systemd/files/255-dnssec-3.patch |  32 --
 sys-apps/systemd/files/255-dnssec.patch   |  29 --
 sys-apps/systemd/systemd-255.5-r1.ebuild  | 530 -
 sys-apps/systemd/systemd-255.5-r2.ebuild  | 532 --
 sys-apps/systemd/systemd-255.5.ebuild | 529 -
 7 files changed, 1701 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 44bac9120da5..aff852674ab4 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -4,6 +4,5 @@ DIST systemd-stable-254.13.tar.gz 14533359 BLAKE2B 
6f37bf5f1868840f122652fdca270
 DIST systemd-stable-254.8.tar.gz 14418468 BLAKE2B 
e5a151ece86e57c7224fc95bda1b4ede1277fce4a2ba28d3605ab0431a2aafe1088f90c49a20e3b53a5b56aeef7c0f1f5da0601db740150f5efdf6eae7bbde80
 SHA512 
a3f35d9fcafcccd8d9c33ab1047241f226146017be95562a67c7dcc9eeb4b77bded92ad80e92f4767f2bf2009df0172a621d4c54a805e07ed5a5ed03940ec28e
 DIST systemd-stable-255.3.tar.gz 14873273 BLAKE2B 
e22ef391c691fcf1e765c5112e1a55096d3bba61a9dae3ea1a3958add4e355892a97d5214e63c516ba3b70e2a83bb5d21254812d870f06c16c74a58d4f957d75
 SHA512 
c2868a53df2176649b0d0c94e5d451c46ba783bcdbc89ce12434ed2d11dba44b4854ffe4c2430f3f64eef2e214cbb51d5f740170afbd9edd66761a8851157453
 DIST systemd-stable-255.4.tar.gz 14952427 BLAKE2B 
27f5080f83a9e870fbe8e3ebcb500a63c42022f1f96f26f35c76a85dab691291c31ee716cab330b76df5e576910a6a82f51267eff4f766b1d4c304d815c9
 SHA512 
8a2bde11a55f7f788ba7751789a5e9be6ce9634e88d54e49f6e832c4c49020c6cacaf2a610fe26f92998b0cbf43c6c2150a96b2c0953d23261009f57d71ea979
-DIST systemd-stable-255.5.tar.gz 14976055 BLAKE2B 
08e2d5e6ed340214f195e8ecc22665c572838af94c19f946de7dc710e0f5e0476dda09d313b6848a7f10f6d545b8cd6b1b7ce234b9f4aad1dbff3a065eda6b76
 SHA512 
9c0b39379e9ef2af983d885ec3cac0377c90435846341bb4e22abf33c00cc1c9f40abba1d6f598300ffac18e2b27bf917eea41885b1413f63cb9902d2efe9bcc
 DIST systemd-stable-255.6.tar.gz 15060034 BLAKE2B 
27e14a870bd8ae85e3c7679a69b7dcd6f1165430c4cdea57d3f7092a40a22085bafc3e3e397a7429b53773f7460bde0ad0af9afb6852c6d0c9cc681d25c34c03
 SHA512 
523c5d973e2ccd47f8ba33d1fb8264a8de58cb639fab22be0d0854f96009dce700d6f022d30aad5ab7b9292b33047cbbc1eefc3c6141328e337b9a245944c237
 DIST systemd-stable-255.7.tar.gz 15068684 BLAKE2B 
6fb5415d9e013bc8695ef837affce7063d214027529412a25ea73eb25473d1f07cff6ad3ea3ea18b7bbf9d73d2bb8e39838e1aeb2a14d016b3b47e4ba24d02d0
 SHA512 
1cd2a00f292751b923bd93c60bdcdd66d82792b45e32dce11d77e2b3b6fc5c8ba4c5db386652deffa8c24e75032af1a745700ba91f1726e249f0c447daf85c2a

diff --git a/sys-apps/systemd/files/255-dnssec-2.patch 
b/sys-apps/systemd/files/255-dnssec-2.patch
deleted file mode 100644
index e8eaf9782b3e..
--- a/sys-apps/systemd/files/255-dnssec-2.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-https://github.com/systemd/systemd/pull/32598
-https://github.com/systemd/systemd-stable/commit/ee15f5efaf2f6cdbb867fca601e92761276e2b1e
-
-From ee15f5efaf2f6cdbb867fca601e92761276e2b1e Mon Sep 17 00:00:00 2001
-From: Ronan Pigott 
-Date: Tue, 30 Apr 2024 22:15:18 -0700
-Subject: [PATCH] resolved: probe for dnssec support in allow-downgrade mode
-
-Previously, sd-resolved unnecessarily requested SOA records for each dns
-label in the query, even though they are not needed for the chain of
-trust. Since 47690634f157, only the necessary records are queried when
-validating.
-
-This is actually a problem in allow-downgrade mode, since we will no
-longer attempt a query for a record that we know is signed a priori, and
-will therefore never update our belief about the state of dnssec support
-in the recursive resolver.
-
-Rectify this by reintroducing a query for the root zone SOA in the
-allow-downgrade case, specifically to test that the resolver attaches
-the RRSIGs which we know must exist.
-
-Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
-(cherry picked from commit 5237ffdf2b63a5afea77c3470d9981a2c29643cc)
 a/src/resolve/resolved-dns-transaction.c
-+++ b/src/resolve/resolved-dns-transaction.c
-@@ -2622,6 +2622,21 @@ int dns_transaction_request_dnssec_keys(DnsTransaction 
*t) {
- if (r < 0)
- return r;
- 
-+if (t->scope->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE 
&& dns_name_is_root(name)) {
-+_cleanup_(dns_resource_key_unrefp) 
DnsResourceKey *soa = NULL;
-+/* We made it all the way to the root zone. 
If we are in

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2024-05-05 Thread Sam James 
commit: a2f26b71bd5e7b811ad0a085459c32ac149239b8
Author: Sam James  gentoo  org>
AuthorDate: Sun May  5 15:41:52 2024 +
Commit: Sam James  gentoo  org>
CommitDate: Sun May  5 15:43:30 2024 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a2f26b71

sys-apps/systemd: backport more dnssec fixes to 255.5

Followup to 1b646e8e63408abcdbf131ace4af9bb80ed5e29a.

Bug: https://bugs.gentoo.org/836341
Signed-off-by: Sam James  gentoo.org>

 sys-apps/systemd/files/255-dnssec-2.patch |  48 +++
 sys-apps/systemd/files/255-dnssec-3.patch |  32 ++
 sys-apps/systemd/files/255-dnssec.patch   |   8 +-
 sys-apps/systemd/systemd-255.5-r2.ebuild  | 532 ++
 4 files changed, 617 insertions(+), 3 deletions(-)

diff --git a/sys-apps/systemd/files/255-dnssec-2.patch 
b/sys-apps/systemd/files/255-dnssec-2.patch
new file mode 100644
index ..e8eaf9782b3e
--- /dev/null
+++ b/sys-apps/systemd/files/255-dnssec-2.patch
@@ -0,0 +1,48 @@
+https://github.com/systemd/systemd/pull/32598
+https://github.com/systemd/systemd-stable/commit/ee15f5efaf2f6cdbb867fca601e92761276e2b1e
+
+From ee15f5efaf2f6cdbb867fca601e92761276e2b1e Mon Sep 17 00:00:00 2001
+From: Ronan Pigott 
+Date: Tue, 30 Apr 2024 22:15:18 -0700
+Subject: [PATCH] resolved: probe for dnssec support in allow-downgrade mode
+
+Previously, sd-resolved unnecessarily requested SOA records for each dns
+label in the query, even though they are not needed for the chain of
+trust. Since 47690634f157, only the necessary records are queried when
+validating.
+
+This is actually a problem in allow-downgrade mode, since we will no
+longer attempt a query for a record that we know is signed a priori, and
+will therefore never update our belief about the state of dnssec support
+in the recursive resolver.
+
+Rectify this by reintroducing a query for the root zone SOA in the
+allow-downgrade case, specifically to test that the resolver attaches
+the RRSIGs which we know must exist.
+
+Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
+(cherry picked from commit 5237ffdf2b63a5afea77c3470d9981a2c29643cc)
+--- a/src/resolve/resolved-dns-transaction.c
 b/src/resolve/resolved-dns-transaction.c
+@@ -2622,6 +2622,21 @@ int dns_transaction_request_dnssec_keys(DnsTransaction 
*t) {
+ if (r < 0)
+ return r;
+ 
++if (t->scope->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE 
&& dns_name_is_root(name)) {
++_cleanup_(dns_resource_key_unrefp) 
DnsResourceKey *soa = NULL;
++/* We made it all the way to the root zone. 
If we are in allow-downgrade
++ * mode, we need to make at least one request 
that we can be certain should
++ * have been signed, to test for servers that 
are not dnssec aware. */
++soa = dns_resource_key_new(rr->key->class, 
DNS_TYPE_SOA, name);
++if (!soa)
++return -ENOMEM;
++
++log_debug("Requesting root zone SOA to probe 
dnssec support.");
++r = dns_transaction_request_dnssec_rr(t, soa);
++if (r < 0)
++return r;
++}
++
+ break;
+ }
+ 

diff --git a/sys-apps/systemd/files/255-dnssec-3.patch 
b/sys-apps/systemd/files/255-dnssec-3.patch
new file mode 100644
index ..4fd231d6d157
--- /dev/null
+++ b/sys-apps/systemd/files/255-dnssec-3.patch
@@ -0,0 +1,32 @@
+https://github.com/systemd/systemd/pull/32593
+https://github.com/systemd/systemd-stable/commit/a1580223a5dd67ab61c5f888b114de43b65fffbf
+
+From a1580223a5dd67ab61c5f888b114de43b65fffbf Mon Sep 17 00:00:00 2001
+From: Ronan Pigott 
+Date: Tue, 30 Apr 2024 13:19:14 -0700
+Subject: [PATCH] resolved: validate authentic insecure delegation to CNAME
+
+If the parent zone uses a non-opt-out method that provides authenticated
+negative DS replies, we still can't expect signatures from the child
+zone. sd-resolved was using the authenticated status of the DS reply to
+require signatures for CNAMEs, even though it had already proved that no
+signature exists.
+
+Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
+(cherry picked from commit 414a9b8e5e1e772261b0ffaedc853f5c0aba5719)
+--- a/src/resolve/resolved-dns-transaction.c
 b/src/resolve/resolved-dns-transaction.c
+@@ -2863,7 +2863,12 @@ static int 
dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
+ if (r == 0)
+ continue;
+ 
+-return FLAGS_SET(dt->answer_query_flags, 
SD_RESOLVED_AUTHENTICATED);
++if (!FLAGS_SET(dt->answer_query_flags,

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2024-04-17 Thread Mike Gilbert 
commit: 867009193d04369c4ca3d9f0af26c72c8ca9b82f
Author: Mike Gilbert  gentoo  org>
AuthorDate: Thu Apr 18 04:19:21 2024 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Thu Apr 18 04:19:21 2024 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=86700919

sys-apps/systemd: make test-process-util work with pid-sandbox

Closes: https://bugs.gentoo.org/674458
Signed-off-by: Mike Gilbert  gentoo.org>

 .../systemd/files/systemd-test-process-util.patch  | 30 ++
 sys-apps/systemd/systemd-254.10.ebuild |  6 +
 sys-apps/systemd/systemd-255.4.ebuild  |  8 ++
 sys-apps/systemd/systemd-.ebuild   |  6 +
 4 files changed, 34 insertions(+), 16 deletions(-)

diff --git a/sys-apps/systemd/files/systemd-test-process-util.patch 
b/sys-apps/systemd/files/systemd-test-process-util.patch
new file mode 100644
index ..ec1a766764ee
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-test-process-util.patch
@@ -0,0 +1,30 @@
+From 1d3404701bf0c27600dd44b2814cd6caffca877a Mon Sep 17 00:00:00 2001
+From: Mike Gilbert 
+Date: Thu, 18 Apr 2024 00:04:44 -0400
+Subject: [PATCH] test-process-util: remove assert that fails under pid-sandbox
+
+Upstream refuses to fix this.
+
+Bug: https://bugs.gentoo.org/674458
+Bug: https://github.com/systemd/systemd/issues/25015
+---
+ src/test/test-process-util.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
+index c96bd4341b..4009cf96e2 100644
+--- a/src/test/test-process-util.c
 b/src/test/test-process-util.c
+@@ -92,9 +92,6 @@ static void test_pid_get_comm_one(pid_t pid) {
+ assert_se(r >= 0 || r == -EACCES);
+ log_info("PID"PID_FMT" strlen(environ): %zi", pid, env ? 
(ssize_t)strlen(env) : (ssize_t)-errno);
+ 
+-if (!detect_container())
+-assert_se(get_ctty_devnr(pid, ) == -ENXIO || pid != 1);
+-
+ (void) getenv_for_pid(pid, "PATH", );
+ log_info("PID"PID_FMT" $PATH: '%s'", pid, strna(i));
+ }
+-- 
+2.44.0
+

diff --git a/sys-apps/systemd/systemd-254.10.ebuild 
b/sys-apps/systemd/systemd-254.10.ebuild
index 3428d3abc74f..c85a0b31b907 100644
--- a/sys-apps/systemd/systemd-254.10.ebuild
+++ b/sys-apps/systemd/systemd-254.10.ebuild
@@ -182,11 +182,6 @@ QA_EXECSTACK="usr/lib/systemd/boot/efi/*"
 
 pkg_pretend() {
if [[ ${MERGE_TYPE} != buildonly ]]; then
-   if use test && has pid-sandbox ${FEATURES}; then
-   ewarn "Tests are known to fail with PID sandboxing 
enabled."
-   ewarn "See https://bugs.gentoo.org/674458.;
-   fi
-
local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD 
~SYSFS
@@ -240,6 +235,7 @@ src_unpack() {
 
 src_prepare() {
local PATCHES=(
+   "${FILESDIR}/systemd-test-process-util.patch"
"${FILESDIR}/systemd-253-initrd-generators.patch"
"${FILESDIR}/254-PrivateDevices-userdbd.patch"
)

diff --git a/sys-apps/systemd/systemd-255.4.ebuild 
b/sys-apps/systemd/systemd-255.4.ebuild
index de47dde183cf..03c7008aa486 100644
--- a/sys-apps/systemd/systemd-255.4.ebuild
+++ b/sys-apps/systemd/systemd-255.4.ebuild
@@ -190,11 +190,6 @@ pkg_pretend() {
die "systemd no longer supports split-usr"
fi
if [[ ${MERGE_TYPE} != buildonly ]]; then
-   if use test && has pid-sandbox ${FEATURES}; then
-   ewarn "Tests are known to fail with PID sandboxing 
enabled."
-   ewarn "See https://bugs.gentoo.org/674458.;
-   fi
-
local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS
~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD 
~SYSFS
@@ -248,7 +243,8 @@ src_unpack() {
 
 src_prepare() {
local PATCHES=(
-   "${FILESDIR}"/255-install-format-overflow.patch
+   "${FILESDIR}/systemd-test-process-util.patch"
+   "${FILESDIR}/255-install-format-overflow.patch"
)
 
if ! use vanilla; then

diff --git a/sys-apps/systemd/systemd-.ebuild 
b/sys-apps/systemd/systemd-.ebuild
index c035b9a2cfde..9ebc6c14fa23 100644
--- a/sys-apps/systemd/systemd-.ebuild
+++ b/sys-apps/systemd/systemd-.ebuild
@@ -190,11 +190,6 @@ pkg_pretend() {
die "systemd no longer supports split-usr"
fi
if [[ ${MERGE_TYPE} != buildonly ]]; then
-   if use test && has pid-sandbox ${FEATURES}; then
-   ewarn "Tests are known to fail with PID sandboxing 
enabled."
-   ewarn "See https://bugs.gentoo.org/674458.;
-   fi
-
local CONFIG_CHECK="~BLK_DEV_BSG

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2024-03-03 Thread Sam James 
commit: a25cf19d6f0dd41643c17cdfebbd87fde5e0e336
Author: Sam James  gentoo  org>
AuthorDate: Mon Mar  4 02:50:27 2024 +
Commit: Sam James  gentoo  org>
CommitDate: Mon Mar  4 02:51:32 2024 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a25cf19d

sys-apps/systemd: backport another stringop-truncation fix

No revbump as this is a false positive (the stringop-* warnings are known
to be noisy/flaky).

Closes: https://bugs.gentoo.org/916518
Signed-off-by: Sam James  gentoo.org>

 .../files/255-install-format-overflow.patch| 43 ++
 sys-apps/systemd/systemd-255.4.ebuild  |  1 +
 2 files changed, 44 insertions(+)

diff --git a/sys-apps/systemd/files/255-install-format-overflow.patch 
b/sys-apps/systemd/files/255-install-format-overflow.patch
new file mode 100644
index ..3dca7d8e8ec7
--- /dev/null
+++ b/sys-apps/systemd/files/255-install-format-overflow.patch
@@ -0,0 +1,43 @@
+https://github.com/systemd/systemd-stable/commit/f85d2c6d1023b1fe558142440b1d63c4fc5f7c98
+https://github.com/systemd/systemd/issues/30448
+https://bugs.gentoo.org/916518
+
+From f85d2c6d1023b1fe558142440b1d63c4fc5f7c98 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi 
+Date: Sat, 24 Feb 2024 12:05:44 +
+Subject: [PATCH] install: fix compiler warning about empty directive argument
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+On ppc64el with gcc 13.2 on Ubuntu 24.04:
+
+3s In file included from ../src/basic/macro.h:386,
+483s  from ../src/basic/alloc-util.h:10,
+483s  from ../src/shared/install.c:12:
+483s ../src/shared/install.c: In function ‘install_changes_dump’:
+483s ../src/shared/install.c:432:64: error: ‘%s’ directive argument is null 
[-Werror=format-overflow=]
+483s   432 | err = log_error_errno(changes[i].type, 
"Failed to %s unit, unit %s does not exist.",
+483s   |
^~~~
+483s ../src/shared/install.c:432:75: note: format string is defined here
+483s   432 | err = log_error_errno(changes[i].type, 
"Failed to %s unit, unit %s does not exist.",
+
+(cherry picked from commit 8040fa55a1cbc34dede3205a902095ecd26c21e3)
+--- a/src/shared/install.c
 b/src/shared/install.c
+@@ -340,9 +340,12 @@ void install_changes_dump(int r, const char *verb, const 
InstallChange *changes,
+ assert(verb || r >= 0);
+ 
+ for (size_t i = 0; i < n_changes; i++) {
+-if (changes[i].type < 0)
+-assert(verb);
+ assert(changes[i].path);
++/* This tries to tell the compiler that it's safe to use 
'verb' in a string format if there
++ * was an error, but the compiler doesn't care and fails 
anyway, so strna(verb) is used
++ * too. */
++assert(verb || changes[i].type >= 0);
++verb = strna(verb);
+ 
+ /* When making changes here, make sure to also change 
install_error() in dbus-manager.c. */
+ 
+

diff --git a/sys-apps/systemd/systemd-255.4.ebuild 
b/sys-apps/systemd/systemd-255.4.ebuild
index 183166373f1d..c1d288b695d5 100644
--- a/sys-apps/systemd/systemd-255.4.ebuild
+++ b/sys-apps/systemd/systemd-255.4.ebuild
@@ -248,6 +248,7 @@ src_unpack() {
 
 src_prepare() {
local PATCHES=(
+   "${FILESDIR}"/255-install-format-overflow.patch
)
 
if ! use vanilla; then

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2024-02-24 Thread Mike Gilbert 
commit: 296415fa509175fd0253091697d1eec1fcf462df
Author: Mike Gilbert  gentoo  org>
AuthorDate: Sat Feb 24 15:48:45 2024 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Sat Feb 24 15:48:45 2024 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=296415fa

sys-apps/systemd: backport fchmodat2 support to 254.9

Signed-off-by: Mike Gilbert  gentoo.org>

 .../systemd/files/systemd-254.9-fchmodat2.patch| 255 +
 ...ystemd-254.9.ebuild => systemd-254.9-r1.ebuild} |   1 +
 2 files changed, 256 insertions(+)

diff --git a/sys-apps/systemd/files/systemd-254.9-fchmodat2.patch 
b/sys-apps/systemd/files/systemd-254.9-fchmodat2.patch
new file mode 100644
index ..27bdd121aa60
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-254.9-fchmodat2.patch
@@ -0,0 +1,255 @@
+From 3d93b69fa558b33f1f2b52305fa4c2d836789394 Mon Sep 17 00:00:00 2001
+From: Arseny Maslennikov 
+Date: Sun, 15 Oct 2023 11:00:00 +0300
+Subject: [PATCH 1/3] basic/missing_syscall: generate defs for `fchmodat2(2)`
+
+We will need this to set seccomp filters on this system call regardless
+of libseccomp or kernel support.
+
+(cherry picked from commit 3677364cc3a2c5429380cfd3a2472e2da87925c4)
+---
+ src/basic/missing_syscall_def.h | 68 +
+ src/basic/missing_syscalls.py   |  1 +
+ 2 files changed, 69 insertions(+)
+
+diff --git a/src/basic/missing_syscall_def.h b/src/basic/missing_syscall_def.h
+index 402fdd00dc..b5beb434db 100644
+--- a/src/basic/missing_syscall_def.h
 b/src/basic/missing_syscall_def.h
+@@ -246,6 +246,74 @@ assert_cc(__NR_copy_file_range == 
systemd_NR_copy_file_range);
+ #  endif
+ #endif
+ 
++#ifndef __IGNORE_fchmodat2
++#  if defined(__aarch64__)
++#define systemd_NR_fchmodat2 452
++#  elif defined(__alpha__)
++#define systemd_NR_fchmodat2 562
++#  elif defined(__arc__) || defined(__tilegx__)
++#define systemd_NR_fchmodat2 452
++#  elif defined(__arm__)
++#define systemd_NR_fchmodat2 452
++#  elif defined(__i386__)
++#define systemd_NR_fchmodat2 452
++#  elif defined(__ia64__)
++#define systemd_NR_fchmodat2 1476
++#  elif defined(__loongarch_lp64)
++#define systemd_NR_fchmodat2 452
++#  elif defined(__m68k__)
++#define systemd_NR_fchmodat2 452
++#  elif defined(_MIPS_SIM)
++#if _MIPS_SIM == _MIPS_SIM_ABI32
++#  define systemd_NR_fchmodat2 4452
++#elif _MIPS_SIM == _MIPS_SIM_NABI32
++#  define systemd_NR_fchmodat2 6452
++#elif _MIPS_SIM == _MIPS_SIM_ABI64
++#  define systemd_NR_fchmodat2 5452
++#else
++#  error "Unknown MIPS ABI"
++#endif
++#  elif defined(__hppa__)
++#define systemd_NR_fchmodat2 452
++#  elif defined(__powerpc__)
++#define systemd_NR_fchmodat2 452
++#  elif defined(__riscv)
++#if __riscv_xlen == 32
++#  define systemd_NR_fchmodat2 452
++#elif __riscv_xlen == 64
++#  define systemd_NR_fchmodat2 452
++#else
++#  error "Unknown RISC-V ABI"
++#endif
++#  elif defined(__s390__)
++#define systemd_NR_fchmodat2 452
++#  elif defined(__sparc__)
++#define systemd_NR_fchmodat2 452
++#  elif defined(__x86_64__)
++#if defined(__ILP32__)
++#  define systemd_NR_fchmodat2 (452 | /* __X32_SYSCALL_BIT */ 0x4000)
++#else
++#  define systemd_NR_fchmodat2 452
++#endif
++#  elif !defined(missing_arch_template)
++#warning "fchmodat2() syscall number is unknown for your architecture"
++#  endif
++
++/* may be an (invalid) negative number due to libseccomp, see PR 13319 */
++#  if defined __NR_fchmodat2 && __NR_fchmodat2 >= 0
++#if defined systemd_NR_fchmodat2
++assert_cc(__NR_fchmodat2 == systemd_NR_fchmodat2);
++#endif
++#  else
++#if defined __NR_fchmodat2
++#  undef __NR_fchmodat2
++#endif
++#if defined systemd_NR_fchmodat2 && systemd_NR_fchmodat2 >= 0
++#  define __NR_fchmodat2 systemd_NR_fchmodat2
++#endif
++#  endif
++#endif
++
+ #ifndef __IGNORE_getrandom
+ #  if defined(__aarch64__)
+ #define systemd_NR_getrandom 278
+diff --git a/src/basic/missing_syscalls.py b/src/basic/missing_syscalls.py
+index 5ccf02adec..00f72dc7a8 100644
+--- a/src/basic/missing_syscalls.py
 b/src/basic/missing_syscalls.py
+@@ -9,6 +9,7 @@ SYSCALLS = [
+ 'bpf',
+ 'close_range',
+ 'copy_file_range',
++'fchmodat2',
+ 'getrandom',
+ 'memfd_create',
+ 'mount_setattr',
+-- 
+2.43.0
+
+
+From c1ffd32c642dcadb844b149fcc0c6fe0dbe8a292 Mon Sep 17 00:00:00 2001
+From: Arseny Maslennikov 
+Date: Sun, 15 Oct 2023 11:00:00 +0300
+Subject: [PATCH 2/3] seccomp: include `fchmodat2` in `@file-system`
+
+(cherry picked from commit 6e10405aa25fe5e76b740d9ec59730e3f4470c7a)
+---
+ src/shared/seccomp-util.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
+index bd9660cb35..a9c6279b18 100644
+--- a/src/shared/seccomp-util.c
 b/src/shared/seccomp-util.c
+@@ -468,6 +468,7 @@ const SyscallFilterSet

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2023-12-24 Thread Sam James 
commit: 795d72fab680fc06f338f4ab4db38ee10049ae1e
Author: Sam James  gentoo  org>
AuthorDate: Sun Dec 24 11:48:50 2023 +
Commit: Sam James  gentoo  org>
CommitDate: Sun Dec 24 11:56:30 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=795d72fa

sys-apps/systemd: add 254.8

Bug: https://bugs.gentoo.org/920331
Signed-off-by: Sam James  gentoo.org>

 sys-apps/systemd/Manifest  |   1 +
 .../systemd/files/254-PrivateDevices-userdbd.patch | 242 ++
 sys-apps/systemd/systemd-254.8.ebuild  | 526 +
 3 files changed, 769 insertions(+)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 5bbbd1461af0..062d2c576f03 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -9,4 +9,5 @@ DIST systemd-stable-254.4.tar.gz 14332995 BLAKE2B 
2b51ea867e142beeaf332cead5e2da
 DIST systemd-stable-254.5.tar.gz 14334696 BLAKE2B 
2f63d79ae93add69ac0b56dda9f67019340f84692de4da200557b9f5f1f16bebbad42a9a7e2d6ef7420aa37746d2ede0481fd8e39f03a31576c7e4e48e259ce3
 SHA512 
cac713670216add9e5473e2c86f04da441015e7cc0ac1500b9e1489a435f9b80c4c6ee24e9b22e4c4213a495bc1a0a908925df2045e344a2170d5aea6aafa16c
 DIST systemd-stable-254.6.tar.gz 14400611 BLAKE2B 
5b23131b8aaabcd386ceb9cfb4ba8e7e1c92c454dbcc2dd907fb459f3022cd324cef86d531fe296ad56349602e487544d60900f71e189aadac6ec0a361a382e3
 SHA512 
3ebb8c2b931d13cf6efa59842d6d7fb84410fee02f5161061900321497d33750e0b88e2366a4234ba1ab0b89b797da0b1f8b577e0924e560cd9914fde83a1e45
 DIST systemd-stable-254.7.tar.gz 14411955 BLAKE2B 
1213237a001fb0aef8912637f31d7d77888bc2505e1e8d8d295642a547bdebbc3a786eed095694e6a6fe2665d6e8e45e98cd883186eedeb1b4fd73daf2520dcf
 SHA512 
2e859813f1f52fa693631ce43466875ac2ac42e09872011ee52fe4e44727663c3de9f128a47776899423188c1e99ce73a69059426a9356c930e275037d001685
+DIST systemd-stable-254.8.tar.gz 14418468 BLAKE2B 
e5a151ece86e57c7224fc95bda1b4ede1277fce4a2ba28d3605ab0431a2aafe1088f90c49a20e3b53a5b56aeef7c0f1f5da0601db740150f5efdf6eae7bbde80
 SHA512 
a3f35d9fcafcccd8d9c33ab1047241f226146017be95562a67c7dcc9eeb4b77bded92ad80e92f4767f2bf2009df0172a621d4c54a805e07ed5a5ed03940ec28e
 DIST systemd-stable-255.1.tar.gz 14863856 BLAKE2B 
3cf30872cf68117fea970ee2af2dad5e017bec351c866b7b22c9e2f8501c6e526421288feee7fbcf4994bba24beb4b2d98e858ac5b014dd832f9833767e28efe
 SHA512 
ec1506b8e36c943920d8a5a8f6bbedd687d6a8cbc5cd28510485aaa65b96ad1bb58e77cf138818c95d31ea748bb65c56b95efd781d18c8936e910e222e9fdedb

diff --git a/sys-apps/systemd/files/254-PrivateDevices-userdbd.patch 
b/sys-apps/systemd/files/254-PrivateDevices-userdbd.patch
new file mode 100644
index ..115c831c275a
--- /dev/null
+++ b/sys-apps/systemd/files/254-PrivateDevices-userdbd.patch
@@ -0,0 +1,242 @@
+https://bugs.gentoo.org/920331
+https://github.com/systemd/systemd/issues/30535
+
+From 4a9e03aa6bb2cbd23dac00f2b2a7642cc79eaade Mon Sep 17 00:00:00 2001
+From: Daan De Meyer 
+Date: Wed, 27 Sep 2023 11:55:59 +0200
+Subject: [PATCH 1/2] core: Make private /dev read-only after populating it
+
+---
+ src/core/namespace.c | 5 +
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/core/namespace.c b/src/core/namespace.c
+index e2304f5d066da..d1153f7690140 100644
+--- a/src/core/namespace.c
 b/src/core/namespace.c
+@@ -995,6 +995,11 @@ static int mount_private_dev(MountEntry *m) {
+ if (r < 0)
+ log_debug_errno(r, "Failed to set up basic device tree at 
'%s', ignoring: %m", temporary_mount);
+ 
++/* Make the bind mount read-only. */
++r = mount_nofollow_verbose(LOG_DEBUG, NULL, dev, NULL, 
MS_REMOUNT|MS_BIND|MS_RDONLY, NULL);
++if (r < 0)
++return r;
++
+ /* Create the /dev directory if missing. It is more likely to be 
missing when the service is started
+  * with RootDirectory. This is consistent with mount units creating 
the mount points when missing. */
+ (void) mkdir_p_label(mount_entry_path(m), 0755);
+
+From cd7f3702eb47c82a50bf74c2b7c15c2e4e1f5c79 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer 
+Date: Wed, 27 Sep 2023 10:52:50 +0200
+Subject: [PATCH 2/2] core: Use a subdirectory of /run/ for PrivateDevices=
+
+When we're starting early boot services such as systemd-userdbd.service,
+/tmp might not yet be mounted, so let's use a directory in /run instead
+which is guaranteed to be available.
+---
+ src/core/execute.c|  1 +
+ src/core/namespace.c  | 61 +--
+ src/core/namespace.h  |  2 ++
+ src/test/test-namespace.c |  1 +
+ src/test/test-ns.c|  1 +
+ 5 files changed, 50 insertions(+), 16 deletions(-)
+
+diff --git a/src/core/execute.c b/src/core/execute.c
+index a52df64d01081..89c3868d55f6c 100644
+--- a/src/core/execute.c
 b/src/core/execute.c
+@@ -3307,6 +3307,7 @@ static int apply_mount_namespace(
+ extension_dir,
+ root_dir || root_image ? params->notify_socket : NULL,
+

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2023-12-11 Thread Sam James 
commit: b62348acb65f64622e8c55722dc76e74593336f1
Author: Sam James  gentoo  org>
AuthorDate: Tue Dec 12 02:41:31 2023 +
Commit: Sam James  gentoo  org>
CommitDate: Tue Dec 12 02:41:47 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b62348ac

sys-apps/systemd: backport systemd-analyze regression fix (for git test suite)

Link: https://lore.kernel.org/git/20231207062752.GA777253  
coredump.intra.peff.net/T/#t
Bug: https://github.com/systemd/systemd/issues/30357
Bug: https://github.com/systemd/systemd/pull/30363
Signed-off-by: Sam James  gentoo.org>

 .../systemd/files/255-analyze-regression.patch | 156 +++
 sys-apps/systemd/systemd-255-r1.ebuild | 510 +
 2 files changed, 666 insertions(+)

diff --git a/sys-apps/systemd/files/255-analyze-regression.patch 
b/sys-apps/systemd/files/255-analyze-regression.patch
new file mode 100644
index ..cba6a479f1a7
--- /dev/null
+++ b/sys-apps/systemd/files/255-analyze-regression.patch
@@ -0,0 +1,156 @@
+Fixes a regression in the git test suite.
+
+https://lore.kernel.org/git/20231207062752.ga777...@coredump.intra.peff.net/T/#t
+https://github.com/systemd/systemd/issues/30357
+https://github.com/systemd/systemd/pull/30363
+https://github.com/systemd/systemd/commit/bf8726d1ee33047b138f677fe4c72ca9989680e8
+
+From 6d9d55657946385916fa4db7149a9b389645ee73 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe 
+Date: Thu, 7 Dec 2023 19:29:29 +0900
+Subject: [PATCH 1/2] analyze: also find template unit when a template instance
+ is specified
+
+Fixes a regression caused by 2f6181ad4d6c126e3ebf6880ba30b3b0059c6fc8.
+
+Fixes #30357.
+
+Co-authored-by: Jeff King 
+--- a/src/analyze/analyze-verify-util.c
 b/src/analyze/analyze-verify-util.c
+@@ -72,6 +72,54 @@ int verify_prepare_filename(const char *filename, char 
**ret) {
+ return 0;
+ }
+ 
++static int find_unit_directory(const char *p, char **ret) {
++_cleanup_free_ char *a = NULL, *u = NULL, *t = NULL, *d = NULL;
++int r;
++
++assert(p);
++assert(ret);
++
++r = path_make_absolute_cwd(p, );
++if (r < 0)
++return r;
++
++if (access(a, F_OK) >= 0) {
++r = path_extract_directory(a, );
++if (r < 0)
++return r;
++
++*ret = TAKE_PTR(d);
++return 0;
++}
++
++r = path_extract_filename(a, );
++if (r < 0)
++return r;
++
++if (!unit_name_is_valid(u, UNIT_NAME_INSTANCE))
++return -ENOENT;
++
++/* If the specified unit is an instance of a template unit, then 
let's try to find the template unit. */
++r = unit_name_template(u, );
++if (r < 0)
++return r;
++
++r = path_extract_directory(a, );
++if (r < 0)
++return r;
++
++free(a);
++a = path_join(d, t);
++if (!a)
++return -ENOMEM;
++
++if (access(a, F_OK) < 0)
++return -errno;
++
++*ret = TAKE_PTR(d);
++return 0;
++}
++
+ int verify_set_unit_path(char **filenames) {
+ _cleanup_strv_free_ char **ans = NULL;
+ _cleanup_free_ char *joined = NULL;
+@@ -79,21 +127,15 @@ int verify_set_unit_path(char **filenames) {
+ int r;
+ 
+ STRV_FOREACH(filename, filenames) {
+-_cleanup_free_ char *a = NULL;
+-char *t;
++_cleanup_free_ char *t = NULL;
+ 
+-r = path_make_absolute_cwd(*filename, );
+-if (r < 0)
++r = find_unit_directory(*filename, );
++if (r == -ENOMEM)
+ return r;
+-
+-if (access(a, F_OK) < 0)
+-continue;
+-
+-r = path_extract_directory(a, );
+ if (r < 0)
+-return r;
++continue;
+ 
+-r = strv_consume(, t);
++r = strv_consume(, TAKE_PTR(t));
+ if (r < 0)
+ return r;
+ }
+
+From 9d51ab78300364c71a0e1f138e1d2cbc65771b93 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe 
+Date: Fri, 8 Dec 2023 10:41:49 +0900
+Subject: [PATCH 2/2] test: add test cases for issue #30357
+
+--- a/test/units/testsuite-65.sh
 b/test/units/testsuite-65.sh
+@@ -296,6 +296,44 @@ EOF
+ # Verifies that the --offline= option works with --root=
+ systemd-analyze security --threshold=90 --offline=true --root=/tmp/img/ 
testfile.service
+ 
++cat

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2023-08-16 Thread Mike Gilbert 
commit: 2dcfd6ce1952b2c37fefd04fe11cfbb1ef8ebe41
Author: Mike Gilbert  gentoo  org>
AuthorDate: Thu Aug 17 01:07:13 2023 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Thu Aug 17 01:07:13 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2dcfd6ce

sys-apps/systemd: backport tmpfiles/udev fix

Closes: https://bugs.gentoo.org/911723
Signed-off-by: Mike Gilbert  gentoo.org>

 .../systemd-254.1-tmpfiles-setup-dev-early.patch   | 252 +
 ...ystemd-254.1.ebuild => systemd-254.1-r1.ebuild} |   1 +
 2 files changed, 253 insertions(+)

diff --git 
a/sys-apps/systemd/files/systemd-254.1-tmpfiles-setup-dev-early.patch 
b/sys-apps/systemd/files/systemd-254.1-tmpfiles-setup-dev-early.patch
new file mode 100644
index ..77f6e19fe6c8
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-254.1-tmpfiles-setup-dev-early.patch
@@ -0,0 +1,252 @@
+https://github.com/systemd/systemd/pull/28784
+https://bugs.gentoo.org/911723
+
+From bb7f485f4bddd57bbf50739bafa43d127bab59d6 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe 
+Date: Sat, 12 Aug 2023 07:54:32 +0900
+Subject: [PATCH] units: introduce systemd-tmpfiles-setup-dev-early.service
+
+This makes tmpfiles, sysusers, and udevd invoked in the following order:
+1. systemd-tmpfiles-setup-dev-early.service
+   Create device nodes gracefully, that is, create device nodes anyway
+   by ignoring unknown users and groups.
+2. systemd-sysusers.service
+   Create users and groups, to make later invocations of tmpfiles and
+   udevd can resolve necessary users and groups.
+3. systemd-tmpfiles-setup-dev.service
+   Adjust owners of previously created device nodes.
+4. systemd-udevd.service
+   Process all devices. Especially to make block devices active and can
+   be mountable.
+5. systemd-tmpfiles-setup.service
+   Setup basic filesystem.
+
+Follow-up for b42482af904ae0b94a6e4501ec595448f0ba1c06.
+
+Fixes #28653.
+Replaces #28681 and #28732.
+---
+ man/systemd-tmpfiles.xml  |  3 +
+ test/TEST-17-UDEV/test.sh |  4 ++
+ test/units/testsuite-17.00.sh | 57 +++
+ units/kmod-static-nodes.service.in|  2 +-
+ units/meson.build |  5 ++
+ units/systemd-sysusers.service|  2 +
+ .../systemd-tmpfiles-setup-dev-early.service  | 25 
+ units/systemd-tmpfiles-setup-dev.service  |  3 +-
+ units/systemd-tmpfiles-setup.service  |  2 +-
+ 9 files changed, 100 insertions(+), 3 deletions(-)
+ create mode 100755 test/units/testsuite-17.00.sh
+ create mode 100644 units/systemd-tmpfiles-setup-dev-early.service
+
+diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml
+index decd66d5c667..0db2a4b03b46 100644
+--- a/man/systemd-tmpfiles.xml
 b/man/systemd-tmpfiles.xml
+@@ -19,6 +19,7 @@
+   
+ systemd-tmpfiles
+ systemd-tmpfiles-setup.service
++systemd-tmpfiles-setup-dev-early.service
+ systemd-tmpfiles-setup-dev.service
+ systemd-tmpfiles-clean.service
+ systemd-tmpfiles-clean.timer
+@@ -35,6 +36,7 @@
+ 
+ System units:
+ systemd-tmpfiles-setup.service
++systemd-tmpfiles-setup-dev-early.service
+ systemd-tmpfiles-setup-dev.service
+ systemd-tmpfiles-clean.service
+ systemd-tmpfiles-clean.timer
+@@ -64,6 +66,7 @@
+ searched for a matching file and the file found that has the highest 
priority is executed.
+ 
+ System services 
(systemd-tmpfiles-setup.service,
++systemd-tmpfiles-setup-dev-early.service,
+ systemd-tmpfiles-setup-dev.service,
+ systemd-tmpfiles-clean.service) invoke 
systemd-tmpfiles to create
+ system files and to perform system wide cleanup. Those services read 
administrator-controlled
+diff --git a/test/TEST-17-UDEV/test.sh b/test/TEST-17-UDEV/test.sh
+index 6b8f08fc328a..f7a907549607 100755
+--- a/test/TEST-17-UDEV/test.sh
 b/test/TEST-17-UDEV/test.sh
+@@ -8,5 +8,9 @@ TEST_NO_NSPAWN=1
+ # shellcheck source=test/test-functions
+ . "${TEST_BASE_DIR:?}/test-functions"
+ 
++test_append_files() {
++instmods snd_seq snd_timer tun
++generate_module_dependencies
++}
+ 
+ do_test "$@"
+diff --git a/test/units/testsuite-17.00.sh b/test/units/testsuite-17.00.sh
+new file mode 100755
+index ..d2aec60b1326
+--- /dev/null
 b/test/units/testsuite-17.00.sh
+@@ -0,0 +1,57 @@
++#!/usr/bin/env bash
++# SPDX-License-Identifier: LGPL-2.1-or-later
++set -ex
++set -o pipefail
++
++# shellcheck source=test/units/util.sh
++. "$(dirname "$0")"/util.sh
++
++# Tests for issue #28588 and #28653.
++
++# On boot, services need to be started in the following order:
++# 1. systemd-tmpfiles-setup-dev-early.service
++# 2. systemd-sysusers.service
++# 3. systemd-tmpfiles-setup-dev.service
++# 4. systemd-udevd.service
++
++output="$(systemctl show --property After --value systemd-udevd.service)"
++assert_in "systemd-tmpfiles-setup-dev-early.service" "$output"
++assert_in "systemd-sysusers.service" "$output"
++assert_in

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2023-08-05 Thread Sam James 
commit: 939a1468f8957a670026888a01d4601a00f17142
Author: Sam James  gentoo  org>
AuthorDate: Sat Aug  5 23:06:46 2023 +
Commit: Sam James  gentoo  org>
CommitDate: Sat Aug  5 23:06:54 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=939a1468

sys-apps/systemd: backport tmpfiles/udev permissions race fix

Closes: https://bugs.gentoo.org/911723
Signed-off-by: Sam James  gentoo.org>

 .../systemd/files/systemd-254-tmpfiles-udev.patch  |  88 
 sys-apps/systemd/systemd-254-r2.ebuild | 528 +
 2 files changed, 616 insertions(+)

diff --git a/sys-apps/systemd/files/systemd-254-tmpfiles-udev.patch 
b/sys-apps/systemd/files/systemd-254-tmpfiles-udev.patch
new file mode 100644
index ..04dd166310c8
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-254-tmpfiles-udev.patch
@@ -0,0 +1,88 @@
+https://bugs.gentoo.org/911723
+https://github.com/systemd/systemd/issues/28588
+https://github.com/systemd/systemd/issues/28653
+https://github.com/systemd/systemd/pull/28681
+
+(Skipped first commit as it was a revert of 
https://github.com/systemd/systemd/commit/a3d610998ad3b4c88224fe89a048a84dbceb652b.patc
+which wasn't in 254.)
+
+From 31845ef554877525dc4ff4f25ad11ad805ebf81c Mon Sep 17 00:00:00 2001
+From: Yu Watanabe 
+Date: Sat, 5 Aug 2023 04:37:19 +0900
+Subject: [PATCH 2/4] unit: make udev rules take precesence over tmpfiles
+
+Without this change, there are no ordering between udevd and tmpfiles,
+and if tmpfiles is invoked later it may discard the permission set by
+udevd.
+
+Fixes an issue introduced by b42482af904ae0b94a6e4501ec595448f0ba1c06.
+
+Fixes #28588 and #28653.
+--- a/units/systemd-udevd.service.in
 b/units/systemd-udevd.service.in
+@@ -12,6 +12,7 @@ Description=Rule-based Manager for Device Events and Files
+ Documentation=man:systemd-udevd.service(8) man:udev(7)
+ DefaultDependencies=no
+ After=systemd-sysusers.service systemd-hwdb-update.service
++After=systemd-tmpfiles-setup-dev.service
+ Before=sysinit.target
+ ConditionPathIsReadWrite=/sys
+ 
+
+From b768379e8b494b025f41946205944a6f3a1a553f Mon Sep 17 00:00:00 2001
+From: Yu Watanabe 
+Date: Sat, 5 Aug 2023 04:52:16 +0900
+Subject: [PATCH 3/4] test: add short test for device node permission
+
+--- /dev/null
 b/test/units/testsuite-17.00.sh
+@@ -0,0 +1,18 @@
++#!/usr/bin/env bash
++# SPDX-License-Identifier: LGPL-2.1-or-later
++set -ex
++set -o pipefail
++
++# shellcheck source=test/units/util.sh
++. "$(dirname "$0")"/util.sh
++
++# Tests for issue #28588 and #28653.
++
++assert_in "systemd-tmpfiles-setup-dev.service" "$(systemctl show --property 
After --value systemd-udevd.service)"
++assert_in "systemd-udevd.service" "$(systemctl show --property Before --value 
systemd-tmpfiles-setup-dev.service)"
++
++if [[ -f /dev/vfio/vfio ]]; then
++   assert_in "crw-rw-rw-" "$(stat --format=%A /dev/vfio/vfio)"
++fi
++
++exit 0
+
+From 23acdb8d0b04d46ecdc88a45594135c321dbfd5b Mon Sep 17 00:00:00 2001
+From: Yu Watanabe 
+Date: Sat, 5 Aug 2023 05:03:16 +0900
+Subject: [PATCH 4/4] test: shorten timeout for 'udevadm monitor'
+
+The command should never finish, it is not necessary to wait so long.
+--- a/test/units/testsuite-17.10.sh
 b/test/units/testsuite-17.10.sh
+@@ -79,13 +79,13 @@ udevadm info -w /sys/class/net/$netdev
+ udevadm info --wait-for-initialization=5 /sys/class/net/$netdev
+ udevadm info -h
+ 
+-assert_rc 124 timeout 5 udevadm monitor
+-assert_rc 124 timeout 5 udevadm monitor -k
+-assert_rc 124 timeout 5 udevadm monitor -u
+-assert_rc 124 timeout 5 udevadm monitor -s net
+-assert_rc 124 timeout 5 udevadm monitor --subsystem-match net/$netdev
+-assert_rc 124 timeout 5 udevadm monitor -t systemd
+-assert_rc 124 timeout 5 udevadm monitor --tag-match hello
++assert_rc 124 timeout 1 udevadm monitor
++assert_rc 124 timeout 1 udevadm monitor -k
++assert_rc 124 timeout 1 udevadm monitor -u
++assert_rc 124 timeout 1 udevadm monitor -s net
++assert_rc 124 timeout 1 udevadm monitor --subsystem-match net/$netdev
++assert_rc 124 timeout 1 udevadm monitor -t systemd
++assert_rc 124 timeout 1 udevadm monitor --tag-match hello
+ udevadm monitor -h
+ 
+ udevadm settle
+

diff --git a/sys-apps/systemd/systemd-254-r2.ebuild 
b/sys-apps/systemd/systemd-254-r2.ebuild
new file mode 100644
index ..4005bb141fa7
--- /dev/null
+++ b/sys-apps/systemd/systemd-254-r2.ebuild
@@ -0,0 +1,528 @@
+# Copyright 2011-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+PYTHON_COMPAT=( python3_{10..11} )
+
+# Avoid QA warnings
+TMPFILES_OPTIONAL=1
+UDEV_OPTIONAL=1
+
+QA_PKGCONFIG_VERSION=$(ver_cut 1)
+
+if [[ ${PV} ==  ]]; then
+   EGIT_REPO_URI="https://github.com/systemd/systemd.git;
+   inherit git-r3
+else
+   if [[ ${PV} == *.* ]]; then
+   MY_PN=systemd-stable
+   else
+   MY_PN=systemd
+   fi
+   MY_PV=${PV/_/-}
+   MY_P=${MY_PN}-${MY_PV}
+   S=${WORKDIR}/${MY_P}

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2023-08-02 Thread Sam James 
commit: ceaeadb34ca8a6b72f2da8131dcf69ee24d63324
Author: Sam James  gentoo  org>
AuthorDate: Wed Aug  2 21:10:54 2023 +
Commit: Sam James  gentoo  org>
CommitDate: Wed Aug  2 21:14:08 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ceaeadb3

sys-apps/systemd: backport nss-resolve fix

Closes: https://bugs.gentoo.org/911583
Signed-off-by: Sam James  gentoo.org>

 .../files/systemd-254-varlink-allocate-heap.patch  |  40 ++
 sys-apps/systemd/systemd-254-r1.ebuild | 527 +
 2 files changed, 567 insertions(+)

diff --git a/sys-apps/systemd/files/systemd-254-varlink-allocate-heap.patch 
b/sys-apps/systemd/files/systemd-254-varlink-allocate-heap.patch
new file mode 100644
index ..85f306a175f3
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-254-varlink-allocate-heap.patch
@@ -0,0 +1,40 @@
+https://bugs.gentoo.org/911583
+https://github.com/systemd/systemd/issues/28635
+https://github.com/systemd/systemd/commit/b456f2266afd839f8817235475e57c38e9d76dc9
+
+From b456f2266afd839f8817235475e57c38e9d76dc9 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal 
+Date: Wed, 2 Aug 2023 14:55:50 +0200
+Subject: [PATCH] varlink: allocate the buffer for varlink FDs on the heap
+
+Since it's ~16K, which might cause issues in environments with limited
+stack space.
+
+Resolves: #28635
+--- a/src/shared/varlink.c
 b/src/shared/varlink.c
+@@ -633,7 +633,7 @@ static int varlink_write(Varlink *v) {
+ #define VARLINK_FDS_MAX (16U*1024U)
+ 
+ static int varlink_read(Varlink *v) {
+-CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(int) * VARLINK_FDS_MAX)) control;
++_cleanup_free_ struct cmsghdr *cmsg_fds = NULL;
+ struct iovec iov;
+ struct msghdr mh;
+ size_t rs;
+@@ -690,9 +690,13 @@ static int varlink_read(Varlink *v) {
+ mh = (struct msghdr) {
+ .msg_iov = ,
+ .msg_iovlen = 1,
+-.msg_control = ,
+-.msg_controllen = sizeof(control),
+ };
++
++mh.msg_controllen = CMSG_SPACE(sizeof(int) * VARLINK_FDS_MAX);
++mh.msg_control = cmsg_fds = malloc(mh.msg_controllen);
++if (!cmsg_fds)
++return -ENOMEM;
++
+ n = recvmsg_safe(v->fd, , MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
+ } else {
+ bool prefer_read = v->prefer_read_write;

diff --git a/sys-apps/systemd/systemd-254-r1.ebuild 
b/sys-apps/systemd/systemd-254-r1.ebuild
new file mode 100644
index ..3ea2cd6d62b0
--- /dev/null
+++ b/sys-apps/systemd/systemd-254-r1.ebuild
@@ -0,0 +1,527 @@
+# Copyright 2011-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+PYTHON_COMPAT=( python3_{10..11} )
+
+# Avoid QA warnings
+TMPFILES_OPTIONAL=1
+UDEV_OPTIONAL=1
+
+QA_PKGCONFIG_VERSION=$(ver_cut 1)
+
+if [[ ${PV} ==  ]]; then
+   EGIT_REPO_URI="https://github.com/systemd/systemd.git;
+   inherit git-r3
+else
+   if [[ ${PV} == *.* ]]; then
+   MY_PN=systemd-stable
+   else
+   MY_PN=systemd
+   fi
+   MY_PV=${PV/_/-}
+   MY_P=${MY_PN}-${MY_PV}
+   S=${WORKDIR}/${MY_P}
+   
SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz;
+   KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 
~riscv ~s390 ~sparc ~x86"
+fi
+
+inherit bash-completion-r1 linux-info meson-multilib pam python-single-r1
+inherit secureboot systemd toolchain-funcs udev usr-ldscript
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="http://systemd.io/;
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="
+   acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls 
elfutils
+   fido2 +gcrypt gnutls homed http idn importd iptables +kmod
+   +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
+   +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb 
+zstd
+"
+REQUIRED_USE="
+   ${PYTHON_REQUIRED_USE}
+   dns-over-tls? ( || ( gnutls openssl ) )
+   fido2? ( cryptsetup openssl )
+   homed? ( cryptsetup pam openssl )
+   importd? ( curl lzma || ( gcrypt openssl ) )
+   pwquality? ( homed )
+"
+RESTRICT="!test? ( test )"
+
+MINKV="4.15"
+
+COMMON_DEPEND="
+   >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+   sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+   virtual/libcrypt:=[${MULTILIB_USEDEP}]
+   acl? ( sys-apps/acl:0= )
+   apparmor? ( sys-libs/libapparmor:0= )
+   audit? ( >=sys-process/audit-2:0= )
+   cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
+   curl? ( net-misc/curl:0= )
+   elfutils? ( >=dev-libs/elfutils-0.158:0= )
+   fido2? ( dev-libs/libfido2:0= )
+   gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+   gnutls? ( >=net-libs/gnutls-3.6.0:0= )
+   http? (

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2023-07-27 Thread Sam James 
commit: 0d124f17782d4b6a9e07a2a1bebc5f723e2efac6
Author: Sam James  gentoo  org>
AuthorDate: Thu Jul 27 22:53:10 2023 +
Commit: Sam James  gentoo  org>
CommitDate: Thu Jul 27 22:54:48 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0d124f17

sys-apps/systemd: fix DT_RELR build w/ USE=boot

Closes: https://bugs.gentoo.org/910570
Signed-off-by: Sam James  gentoo.org>

 sys-apps/systemd/files/systemd-254-dt_relr.patch | 26 
 sys-apps/systemd/systemd-254_rc3.ebuild  |  1 +
 2 files changed, 27 insertions(+)

diff --git a/sys-apps/systemd/files/systemd-254-dt_relr.patch 
b/sys-apps/systemd/files/systemd-254-dt_relr.patch
new file mode 100644
index ..9adfc11c1dd3
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-254-dt_relr.patch
@@ -0,0 +1,26 @@
+https://bugs.gentoo.org/910570
+https://github.com/systemd/systemd/issues/28520
+https://github.com/systemd/systemd/commit/eff91e2f3863f9e176b383e5c54741c64ca7a636
+
+From eff91e2f3863f9e176b383e5c54741c64ca7a636 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi 
+Date: Wed, 26 Jul 2023 11:29:57 +0100
+Subject: [PATCH] efi: link with -z nopack-relative-relocs
+
+elf2efi.py cannot handle DT_RELR relocations, so disable it
+if we can
+
+Fixes https://github.com/systemd/systemd/issues/28520
+--- a/src/boot/efi/meson.build
 b/src/boot/efi/meson.build
+@@ -174,6 +174,10 @@ efi_c_ld_args = [
+ '-T' + elf2efi_lds,
+ ]
+ 
++# On CentOS 8 the nopack-relative-relocs linker flag is not supported, and we 
get:
++#   /usr/bin/ld.bfd: warning: -z nopack-relative-relocs ignored
++efi_c_ld_args += 
cc.get_supported_link_arguments('-Wl,-z,nopack-relative-relocs')
++
+ # efi_c_args is explicitly passed to targets so that they can override 
distro-provided flags
+ # that should not be used for EFI binaries.
+ efi_disabled_c_args = cc.get_supported_arguments(

diff --git a/sys-apps/systemd/systemd-254_rc3.ebuild 
b/sys-apps/systemd/systemd-254_rc3.ebuild
index 494249a2edd6..1333d2cd88f7 100644
--- a/sys-apps/systemd/systemd-254_rc3.ebuild
+++ b/sys-apps/systemd/systemd-254_rc3.ebuild
@@ -241,6 +241,7 @@ src_unpack() {
 src_prepare() {
local PATCHES=(
"${FILESDIR}/systemd-253-initrd-generators.patch"
+   "${FILESDIR}/systemd-254-dt_relr.patch"
)
 
if ! use vanilla; then

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2023-02-26 Thread Mike Gilbert 
commit: bfebeda18b81d781f9dcf8d12c1adddefff6b9a4
Author: Mike Gilbert  gentoo  org>
AuthorDate: Sun Feb 26 19:26:29 2023 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Sun Feb 26 19:27:02 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bfebeda1

sys-apps/systemd: work around dracut bug with LVM

Bug: https://bugs.gentoo.org/896364
Signed-off-by: Mike Gilbert  gentoo.org>

 .../files/systemd-253-initrd-generators.patch  | 34 ++
 .../{systemd-253.ebuild => systemd-253-r1.ebuild}  |  1 +
 2 files changed, 35 insertions(+)

diff --git a/sys-apps/systemd/files/systemd-253-initrd-generators.patch 
b/sys-apps/systemd/files/systemd-253-initrd-generators.patch
new file mode 100644
index ..60e7b29d7a1f
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-253-initrd-generators.patch
@@ -0,0 +1,34 @@
+https://bugs.gentoo.org/896364
+
+Workaround for bug in sys-kernel/dracut.
+
+From 6b25470ee28843a49c50442e9d8a98edc842ceca Mon Sep 17 00:00:00 2001
+From: Yu Watanabe 
+Date: Mon, 20 Feb 2023 12:00:30 +0900
+Subject: [PATCH] core/manager: run generators directly when we are in initrd
+
+Some initrd system write files at ourside of /run, /etc, or other
+allowed places. This is a kind of workaround, but in most cases, such
+sandboxing is not necessary as the filesystem is on ramfs when we are in
+initrd.
+
+Fixes #26488.
+---
+ src/core/manager.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 7b394794b0d4..306477c6e6c2 100644
+--- a/src/core/manager.c
 b/src/core/manager.c
+@@ -3822,8 +3822,8 @@ static int manager_run_generators(Manager *m) {
+ /* If we are the system manager, we fork and invoke the generators in 
a sanitized mount namespace. If
+  * we are the user manager, let's just execute the generators 
directly. We might not have the
+  * necessary privileges, and the system manager has already mounted 
/tmp/ and everything else for us.
+- */
+-if (MANAGER_IS_USER(m)) {
++ * If we are in initrd, let's also execute the generators directly, 
as we are in ramfs. */
++if (MANAGER_IS_USER(m) || in_initrd()) {
+ r = manager_execute_generators(m, paths, /* remount_ro= */ 
false);
+ goto finish;
+ }

diff --git a/sys-apps/systemd/systemd-253.ebuild 
b/sys-apps/systemd/systemd-253-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-253.ebuild
rename to sys-apps/systemd/systemd-253-r1.ebuild
index 77c9145b2914..cb638034f21f 100644
--- a/sys-apps/systemd/systemd-253.ebuild
+++ b/sys-apps/systemd/systemd-253-r1.ebuild
@@ -231,6 +231,7 @@ src_unpack() {
 
 src_prepare() {
local PATCHES=(
+   "${FILESDIR}/systemd-253-initrd-generators.patch"
)
 
if ! use vanilla; then

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2022-11-07 Thread Mike Gilbert 
commit: 83353a2bfaa32fa2a5988496eb99674f711849cd
Author: Mike Gilbert  gentoo  org>
AuthorDate: Mon Nov  7 16:14:40 2022 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Mon Nov  7 16:14:40 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83353a2b

sys-apps/systemd: backport fix for meson-0.64

Bug: https://bugs.gentoo.org/879141
Signed-off-by: Mike Gilbert  gentoo.org>

 sys-apps/systemd/files/251-meson-0.64.patch | 26 ++
 sys-apps/systemd/systemd-251.7.ebuild   |  1 +
 2 files changed, 27 insertions(+)

diff --git a/sys-apps/systemd/files/251-meson-0.64.patch 
b/sys-apps/systemd/files/251-meson-0.64.patch
new file mode 100644
index ..6cc200bbd87d
--- /dev/null
+++ b/sys-apps/systemd/files/251-meson-0.64.patch
@@ -0,0 +1,26 @@
+From cddbc850270415a818aadabd71fe12dc0508 Mon Sep 17 00:00:00 2001
+From: Jan Janssen 
+Date: Sun, 9 Oct 2022 17:16:12 +0200
+Subject: [PATCH] meson: Fix build with --optimization=plain
+
+Note that -O0 is deliberately filtered out as we have to compile with at
+least -O1 due to #24202.
+
+Fixes: #24323
+---
+ src/boot/efi/meson.build | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build
+index e0cd4ebad993..395386d3eda7 100644
+--- a/src/boot/efi/meson.build
 b/src/boot/efi/meson.build
+@@ -223,7 +223,7 @@ endif
+ if get_option('debug') and get_option('mode') == 'developer'
+ efi_cflags += ['-ggdb', '-DEFI_DEBUG']
+ endif
+-if get_option('optimization') != '0'
++if get_option('optimization') in ['1', '2', '3', 's', 'g']
+ efi_cflags += ['-O' + get_option('optimization')]
+ endif
+ if get_option('b_ndebug') == 'true' or (

diff --git a/sys-apps/systemd/systemd-251.7.ebuild 
b/sys-apps/systemd/systemd-251.7.ebuild
index de8a975e58e1..b08e49db559d 100644
--- a/sys-apps/systemd/systemd-251.7.ebuild
+++ b/sys-apps/systemd/systemd-251.7.ebuild
@@ -239,6 +239,7 @@ src_prepare() {
# bug #841770.
"${FILESDIR}/251-revert-fortify-source-3-fix.patch"
"${FILESDIR}/251-gpt-auto-no-cryptsetup.patch"
+   "${FILESDIR}/251-meson-0.64.patch"
)
 
if ! use vanilla; then

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2022-10-19 Thread Mike Gilbert 
commit: fca805df7532779c8b3c312ffb7d15f019a8d642
Author: Mike Gilbert  gentoo  org>
AuthorDate: Wed Oct 19 18:12:45 2022 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Wed Oct 19 18:13:27 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fca805df

sys-apps/systemd: add 252_rc2, drop 252_rc1

Signed-off-by: Mike Gilbert  gentoo.org>

 sys-apps/systemd/Manifest  |   2 +-
 sys-apps/systemd/files/252-rc1-cryptsetup.patch| 226 -
 ...stemd-252_rc1.ebuild => systemd-252_rc2.ebuild} |   1 -
 3 files changed, 1 insertion(+), 228 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index a6bf7d23cced..b02fcebfbc4c 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,4 +1,4 @@
-DIST systemd-252-rc1.tar.gz 11718698 BLAKE2B 
599c5c125c0fb0477ea71195491962db230cbaa2c610afbb14a475263f356f160a77ba7321f425cb6db837649ccbce971f80daaf5524ace03362777a71e7a9b5
 SHA512 
e249eb39da41aca1bc371c9e2b61f135227b0653e4e175c4c6453b0ca4e1cd50894c005d4ef267b5122af4f339cd9b5a4b90a98c4f84f998f96a7ca1ed637d28
+DIST systemd-252-rc2.tar.gz 11736313 BLAKE2B 
58efe76846b034ec61136fe01f535b40aabc993ffee687d4a22a20d93a3952fd15e4ac46591934a441f4e74cffec29145f441d97a69a5c456e7a3caee92602cc
 SHA512 
f67703dcd03b300cddc2e8bfbeb843ef66ba0b0c548973797a920c1bed9e3a14a740e08936f7d906141da714bccbae0d4fcb47a7ce13e69c8a2f17d7928e218c
 DIST systemd-stable-251.4.tar.gz 11440203 BLAKE2B 
58a0ee4adcc9d35b15b9cc98b3da81d1103b61a6c0bee722468a5113cd7d6de1d40c46ef964ba9ecc4746e81b516ae4b2f1d046874d62db066735c652592612e
 SHA512 
7bbfadd80b88a4c3510a5e4e3572e4eab71dafbf6289da038e552988e09ee8da16da3c9bb8a4fbbde6c6236e0e3c352b0a33f9ee0b84f10241f3499383387738
 DIST systemd-stable-251.5.tar.gz 1128 BLAKE2B 
96df35dae789b11ead1960e1139046972a29c41f74ca800e0fafd84e6a8c238f8d4a30e2991ee94e07e866bc0c3137774ee116f276ac1203cca85254ccf91913
 SHA512 
2c645a694d45a2670920115529c5f34001153dafe26e5c4e65f8d1a37922a351569d056fc002f1af72dfc173988f93e11893460f64b497e3d5fc339083dcb2fa
 DIST systemd-stable-251.6.tar.gz 11448383 BLAKE2B 
987ea88ea23662fd4119e3c796cc2e5f428fcce6cf0b033a5f8da7974c0026d41851f517e489354bbc22973b33c3932ac7280c56527f03a1fcbce3092148b638
 SHA512 
2da41ac7e939a893ada3ce682a6fe7dd326e8e0132221589da3d2b1d994e1a879118e0c6025f03351dac6567d754223a5f5401d64a5ca9256ab95512800370f8

diff --git a/sys-apps/systemd/files/252-rc1-cryptsetup.patch 
b/sys-apps/systemd/files/252-rc1-cryptsetup.patch
deleted file mode 100644
index 54b4ce1ea0aa..
--- a/sys-apps/systemd/files/252-rc1-cryptsetup.patch
+++ /dev/null
@@ -1,226 +0,0 @@
-From bbf73b00697e77ca35ae60109418da77f257be52 Mon Sep 17 00:00:00 2001
-From: Daan De Meyer 
-Date: Tue, 11 Oct 2022 20:35:34 +0200
-Subject: [PATCH 1/2] cryptsetup-util: Always define dlopen_cryptsetup()
-

- src/shared/cryptsetup-util.c | 118 ++-
- src/shared/cryptsetup-util.h |   4 +-
- 2 files changed, 63 insertions(+), 59 deletions(-)
-
-diff --git a/src/shared/cryptsetup-util.c b/src/shared/cryptsetup-util.c
-index da6dcb2f093a..401e7a3f9c7d 100644
 a/src/shared/cryptsetup-util.c
-+++ b/src/shared/cryptsetup-util.c
-@@ -50,63 +50,6 @@ int (*sym_crypt_token_max)(const char *type);
- crypt_token_info (*sym_crypt_token_status)(struct crypt_device *cd, int 
token, const char **type);
- int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char 
*volume_key, size_t *volume_key_size, const char *passphrase, size_t 
passphrase_size);
- 
--int dlopen_cryptsetup(void) {
--int r;
--
--r = dlopen_many_sym_or_warn(
--_dl, "libcryptsetup.so.12", LOG_DEBUG,
--DLSYM_ARG(crypt_activate_by_passphrase),
--#if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
--DLSYM_ARG(crypt_activate_by_signed_key),
--#endif
--DLSYM_ARG(crypt_activate_by_volume_key),
--DLSYM_ARG(crypt_deactivate_by_name),
--DLSYM_ARG(crypt_format),
--DLSYM_ARG(crypt_free),
--DLSYM_ARG(crypt_get_cipher),
--DLSYM_ARG(crypt_get_cipher_mode),
--DLSYM_ARG(crypt_get_data_offset),
--DLSYM_ARG(crypt_get_device_name),
--DLSYM_ARG(crypt_get_dir),
--DLSYM_ARG(crypt_get_type),
--DLSYM_ARG(crypt_get_uuid),
--DLSYM_ARG(crypt_get_verity_info),
--DLSYM_ARG(crypt_get_volume_key_size),
--DLSYM_ARG(crypt_init),
--DLSYM_ARG(crypt_init_by_name),
--DLSYM_ARG(crypt_keyslot_add_by_volume_key),
--DLSYM_ARG(crypt_keyslot_destroy),
--DLSYM_ARG(crypt_keyslot_max),
--DLSYM_ARG(crypt_load),
--

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2022-05-21 Thread Mike Gilbert 
commit: c663204d5fb372f83ce48663ee06eed272ab6325
Author: Mike Gilbert  gentoo  org>
AuthorDate: Sat May 21 22:22:47 2022 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Sat May 21 22:23:31 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c663204d

sys-apps/systemd: drop 249.9, 249.11

Signed-off-by: Mike Gilbert  gentoo.org>

 sys-apps/systemd/Manifest|   2 -
 sys-apps/systemd/files/249.9-cross-compile.patch |  23 --
 sys-apps/systemd/systemd-249.11.ebuild   | 505 --
 sys-apps/systemd/systemd-249.9.ebuild| 506 ---
 4 files changed, 1036 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 7691df4ca36f..9b589c708f7e 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,5 +1,3 @@
 DIST systemd-251.tar.gz 11431104 BLAKE2B 
da783d815adf244defc3c1ec8a788fffdff45215f5c2449c457e872ad89b8270caa3e48ecb696fa79eb1d79578ded3d098802fed0fc69a191ba2d7d6b120e068
 SHA512 
5a7116cfd99f7875334a1ce55a76ba1840a28b6500b02de82b879629768e10457efd8278024aa1ffefd43defe657284c4d51ab502ed3c7e6b63d5b6e0cc1f642
-DIST systemd-stable-249.11.tar.gz 10622702 BLAKE2B 
aa3a327ba8de73dd2ac5ecbd9065f2ca4ed56702d6bbd19de43580e6d56211be58ec7678c1609d843f7e960b71b251e0b7080c49338942cd3071076fa02f7acb
 SHA512 
fed7f81933648945a4bfac9fb12150ecd84d32181f79be0e14e0b3a789343a87569f868670e0b8dfc2801fab39f7490f95ee8c29ba831d7611f78c14ace5ddd8
-DIST systemd-stable-249.9.tar.gz 10613893 BLAKE2B 
fc7a14fa3b0cc3d05fa9f20fde2efedd3ef0f011d9dce53b0a418994b4257cf753b228cf98f749fb2028d81db55ef30a6e3d9b138d86239cad4fc730d845f9e2
 SHA512 
ce57bc6c522082e55649fc1886c4dc818c89607e175df2c92feffe288dbd38757f36b30abeebe153f5be6b664a49d729405040a952473cb2133a2e39cf9cc164
 DIST systemd-stable-250.4.tar.gz 11132786 BLAKE2B 
8fdfe1bad76e572dc1be0955f3d1c4080f2beb81a2f9670f80827899f5406ab8ed8675400c2f5e8ccef44cf1bceff42ceae12a42e1b67d46c0deb523e6495f25
 SHA512 
307ed0920da660b6c45d909fea66864fb98db8b2f6905d629fb2012fc4bf64dd25fd61168c22bf4098200be541be9b0e815fbde98806a99c85cb33d49d8b63d0
 DIST systemd-stable-250.5.tar.gz 11212059 BLAKE2B 
b7dbcb9e82c51e966db20a92ccd59ac19309702c481dd575c4e6367ca5ade10fe4b689925416ce1169682380cbf22d7d692b2378ef091f3007c16891992e3f92
 SHA512 
ad864b67bd5e2f5fd5705b636467827e4735142cefba150d24bb8e51ac0263650b2b0e53d4426eb509d1db59b83dc3b4c4bf157cc355fc2b7524db6bc4a9b5cd

diff --git a/sys-apps/systemd/files/249.9-cross-compile.patch 
b/sys-apps/systemd/files/249.9-cross-compile.patch
deleted file mode 100644
index e063d303c7d8..
--- a/sys-apps/systemd/files/249.9-cross-compile.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From 3d7fd38ea938ab194366f40ed7aa413ad33f2fad Mon Sep 17 00:00:00 2001
-From: Yu Watanabe 
-Date: Tue, 21 Dec 2021 20:10:09 +0900
-Subject: [PATCH] meson: fix cross compiling
-
-(cherry picked from commit 3112d756a36993900b70fbff98e69a2a43b970a8)

- meson.build | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/meson.build b/meson.build
-index 02495d16c9..c76cab535d 100644
 a/meson.build
-+++ b/meson.build
-@@ -442,7 +442,7 @@ conf.set('SIZEOF_DEV_T', cc.sizeof('dev_t', prefix : 
'#include '))
- conf.set('SIZEOF_INO_T', cc.sizeof('ino_t', prefix : '#include 
'))
- conf.set('SIZEOF_TIME_T', cc.sizeof('time_t', prefix : '#include 
'))
- conf.set('SIZEOF_RLIM_T', cc.sizeof('rlim_t', prefix : '#include 
'))
--conf.set('SIZEOF_TIMEX_MEMBER', cc.sizeof('((struct timex *)0)->freq', prefix 
: '#include '))
-+conf.set('SIZEOF_TIMEX_MEMBER', cc.sizeof('typeof(((struct timex 
*)0)->freq)', prefix : '#include '))
- 
- decl_headers = '''
- #include 

diff --git a/sys-apps/systemd/systemd-249.11.ebuild 
b/sys-apps/systemd/systemd-249.11.ebuild
deleted file mode 100644
index 79c41b24c83c..
--- a/sys-apps/systemd/systemd-249.11.ebuild
+++ /dev/null
@@ -1,505 +0,0 @@
-# Copyright 2011-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-PYTHON_COMPAT=( python3_{8..10} )
-
-# Avoid QA warnings
-TMPFILES_OPTIONAL=1
-
-if [[ ${PV} ==  ]]; then
-   EGIT_REPO_URI="https://github.com/systemd/systemd.git;
-   inherit git-r3
-else
-   if [[ ${PV} == *.* ]]; then
-   MY_PN=systemd-stable
-   else
-   MY_PN=systemd
-   fi
-   MY_PV=${PV/_/-}
-   MY_P=${MY_PN}-${MY_PV}
-   S=${WORKDIR}/${MY_P}
-   
SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz;
-   KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv 
~sparc ~x86"
-fi
-
-inherit bash-completion-r1 linux-info meson-multilib pam python-any-r1 systemd 
toolchain-funcs udev usr-ldscript
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd;
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2022-03-24 Thread Sam James 
commit: 6ce7901f80b073f8206f95aadf8e119eca7695b2
Author: Sam James  gentoo  org>
AuthorDate: Fri Mar 25 04:56:04 2022 +
Commit: Sam James  gentoo  org>
CommitDate: Fri Mar 25 04:56:04 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ce7901f

sys-apps/systemd: backport RNG seed fix/improvements

Bug: https://github.com/systemd/systemd/issues/21983
Signed-off-by: Sam James  gentoo.org>

 .../systemd/files/250.4-random-seed-hash.patch |  74 +++
 sys-apps/systemd/systemd-250.4-r1.ebuild   | 521 +
 2 files changed, 595 insertions(+)

diff --git a/sys-apps/systemd/files/250.4-random-seed-hash.patch 
b/sys-apps/systemd/files/250.4-random-seed-hash.patch
new file mode 100644
index ..efaa8cdfcaac
--- /dev/null
+++ b/sys-apps/systemd/files/250.4-random-seed-hash.patch
@@ -0,0 +1,74 @@
+https://github.com/systemd/systemd-stable/commit/ed46ff2bd6ca21d83cae4a94c3ed752ad1b64cce
+
+From: "Jason A. Donenfeld" 
+Date: Mon, 3 Jan 2022 18:11:32 +0100
+Subject: [PATCH] random-seed: hash together old seed and new seed before
+ writing out file
+
+If we're consuming an on-disk seed, we usually write out a new one after
+consuming it. In that case, we might be at early boot and the randomness
+could be rather poor, and the kernel doesn't guarantee that it'll use
+the new randomness right away for us. In order to prevent the new
+entropy from getting any worse, hash together the old seed and the new
+seed, and replace the final bytes of the new seed with the hash output.
+This way, entropy strictly increases and never regresses.
+
+(cherry picked from commit da2862ef06f22fc8d31dafced6d2d6dc14f2ee0b)
+--- a/src/random-seed/random-seed.c
 b/src/random-seed/random-seed.c
+@@ -26,6 +26,7 @@
+ #include "random-util.h"
+ #include "string-util.h"
+ #include "sync-util.h"
++#include "sha256.h"
+ #include "util.h"
+ #include "xattr-util.h"
+ 
+@@ -106,9 +107,11 @@ static int run(int argc, char *argv[]) {
+ _cleanup_close_ int seed_fd = -1, random_fd = -1;
+ bool read_seed_file, write_seed_file, synchronous;
+ _cleanup_free_ void* buf = NULL;
++struct sha256_ctx hash_state;
++uint8_t hash[32];
+ size_t buf_size;
+ struct stat st;
+-ssize_t k;
++ssize_t k, l;
+ int r;
+ 
+ log_setup();
+@@ -242,6 +245,16 @@ static int run(int argc, char *argv[]) {
+ if (r < 0)
+ log_error_errno(r, "Failed to write seed to 
/dev/urandom: %m");
+ }
++/* If we're going to later write out a seed file, initialize 
a hash state with
++ * the contents of the seed file we just read, so that the 
new one can't regress
++ * in entropy. */
++if (write_seed_file) {
++sha256_init_ctx(_state);
++if (k < 0)
++k = 0;
++sha256_process_bytes(, sizeof(k), _state);
++sha256_process_bytes(buf, k, _state);
++}
+ }
+ 
+ if (write_seed_file) {
+@@ -277,6 +290,17 @@ static int run(int argc, char *argv[]) {
+"Got EOF while reading 
from /dev/urandom.");
+ }
+ 
++/* If we previously read in a seed file, then hash the new 
seed into the old one,
++ * and replace the last 32 bytes of the seed with the hash 
output, so that the
++ * new seed file can't regress in entropy. */
++if (read_seed_file) {
++sha256_process_bytes(, sizeof(k), _state);
++sha256_process_bytes(buf, k, _state);
++sha256_finish_ctx(_state, hash);
++l = MIN(k, 32);
++memcpy((uint8_t *)buf + k - l, hash, l);
++}
++
+ r = loop_write(seed_fd, buf, (size_t) k, false);
+ if (r < 0)
+ return log_error_errno(r, "Failed to write new random 
seed file: %m");

diff --git a/sys-apps/systemd/systemd-250.4-r1.ebuild 
b/sys-apps/systemd/systemd-250.4-r1.ebuild
new file mode 100644
index ..444d748cfd2b
--- /dev/null
+++ b/sys-apps/systemd/systemd-250.4-r1.ebuild
@@ -0,0 +1,521 @@
+# Copyright 2011-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+PYTHON_COMPAT=( python3_{8..10} )
+
+# Avoid QA warnings
+TMPFILES_OPTIONAL=1
+
+if [[ ${PV} ==  ]]; then
+   EGIT_REPO_URI="https://github.com/systemd/systemd.git;
+   inherit git-r3
+else
+   if [[ ${PV} == *.* ]]; then
+   MY_PN=systemd-stable
+   else
+   MY_PN=systemd
+   fi
+   MY_PV=${PV/_/-}
+   MY_P=${MY_PN}-${MY_PV}
+   S=${WORKDIR}/${MY_P}
+

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2021-12-25 Thread Mike Gilbert 
commit: 9a73ceca960a687e8457fa24a382fa04ef4dc6f9
Author: Mike Gilbert  gentoo  org>
AuthorDate: Sat Dec 25 18:19:04 2021 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Sat Dec 25 18:19:04 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a73ceca

sys-apps/systemd: backport build fix for USE="-dns-over-tls -gcrypt"

Closes: https://bugs.gentoo.org/829944
Signed-off-by: Mike Gilbert  gentoo.org>

 sys-apps/systemd/files/250-fix-openssl.patch | 102 +++
 sys-apps/systemd/systemd-250.ebuild  |   1 +
 2 files changed, 103 insertions(+)

diff --git a/sys-apps/systemd/files/250-fix-openssl.patch 
b/sys-apps/systemd/files/250-fix-openssl.patch
new file mode 100644
index ..520ba0b66427
--- /dev/null
+++ b/sys-apps/systemd/files/250-fix-openssl.patch
@@ -0,0 +1,102 @@
+From 9bcf483b117b23ae25bf4a5d39ddc3eade8659a6 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe 
+Date: Fri, 24 Dec 2021 10:06:13 +0900
+Subject: [PATCH] meson: fix build with -Dcryptolib=openssl
+ -Ddns-over-tls=false
+
+Previously, when -Ddns-over-tls=false, libopenssl was missing in the
+dependency of resolved.
+Also, this drops libgpg_error when it is not necessary.
+
+Replaces #21878.
+---
+ meson.build | 3 +--
+ src/resolve/meson.build | 9 +
+ 2 files changed, 2 insertions(+), 10 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index c0cbadecb123..0b7c1918ad4c 100644
+--- a/meson.build
 b/meson.build
+@@ -1474,7 +1474,7 @@ conf.set10('PREFER_OPENSSL',
+opt == 'openssl' or (opt == 'auto' and conf.get('HAVE_OPENSSL') == 
1 and conf.get('HAVE_GCRYPT') == 0))
+ conf.set10('HAVE_OPENSSL_OR_GCRYPT',
+conf.get('HAVE_OPENSSL') == 1 or conf.get('HAVE_GCRYPT') == 1)
+-lib_openssl_or_gcrypt = conf.get('PREFER_OPENSSL') == 1 ? libopenssl : 
libgcrypt
++lib_openssl_or_gcrypt = conf.get('PREFER_OPENSSL') == 1 ? [libopenssl] : 
[libgcrypt, libgpg_error]
+ 
+ dns_over_tls = get_option('dns-over-tls')
+ if dns_over_tls != 'false'
+@@ -2200,7 +2200,6 @@ if conf.get('ENABLE_RESOLVE') == 1
+  libsystemd_resolve_core],
+ dependencies : [threads,
+ lib_openssl_or_gcrypt,
+-libgpg_error,
+ libm,
+ libidn],
+ install_rpath : rootlibexecdir,
+diff --git a/src/resolve/meson.build b/src/resolve/meson.build
+index 0580fbeec625..2cdf24b1cbef 100644
+--- a/src/resolve/meson.build
 b/src/resolve/meson.build
+@@ -135,7 +135,7 @@ systemd_resolved_sources += custom_target(
+ output : 'resolved-dnssd-gperf.c',
+ command : [gperf, '@INPUT@', '--output-file', '@OUTPUT@'])
+ 
+-systemd_resolved_dependencies = [threads, libgpg_error, libm]
++systemd_resolved_dependencies = [threads, libm] + [lib_openssl_or_gcrypt]
+ if conf.get('ENABLE_DNS_OVER_TLS') == 1
+ if conf.get('DNS_OVER_TLS_USE_GNUTLS') == 1
+ systemd_resolved_sources += files(
+@@ -178,14 +178,12 @@ tests += [
+  [libsystemd_resolve_core,
+   libshared],
+  [lib_openssl_or_gcrypt,
+-  libgpg_error,
+   libm]],
+ 
+ [['src/resolve/test-dns-packet.c'],
+  [libsystemd_resolve_core,
+   libshared],
+  [lib_openssl_or_gcrypt,
+-  libgpg_error,
+   libm]],
+ 
+ [['src/resolve/test-resolved-etc-hosts.c',
+@@ -194,21 +192,18 @@ tests += [
+  [libsystemd_resolve_core,
+   libshared],
+  [lib_openssl_or_gcrypt,
+-  libgpg_error,
+   libm]],
+ 
+ [['src/resolve/test-resolved-packet.c'],
+  [libsystemd_resolve_core,
+   libshared],
+  [lib_openssl_or_gcrypt,
+-  libgpg_error,
+   libm]],
+ 
+ [['src/resolve/test-dnssec.c'],
+  [libsystemd_resolve_core,
+   libshared],
+  [lib_openssl_or_gcrypt,
+-  libgpg_error,
+   libm],
+  [], 'HAVE_OPENSSL_OR_GCRYPT'],
+ 
+@@ -216,7 +211,6 @@ tests += [
+  [libsystemd_resolve_core,
+   libshared],
+  [lib_openssl_or_gcrypt,
+-  libgpg_error,
+   libm],
+  [], '', 'manual'],
+ ]
+@@ -226,6 +220,5 @@ fuzzers += [
+  [libsystemd_resolve_core,
+   libshared],
+  [lib_openssl_or_gcrypt,
+-  libgpg_error,
+   libm]],
+ ]

diff --git a/sys-apps/systemd/systemd-250.ebuild 
b/sys-apps/systemd/systemd-250.ebuild
index bc4018c9efa4..26dc346527a3 100644
--- a/sys-apps/systemd/systemd-250.ebuild
+++ b/sys-apps/systemd/systemd-250.ebuild
@@ -237,6 +237,7 @@ src_prepare() {
 
# Add local patches here
PATCHES+=(
+   "${FILESDIR}"/250-fix-openssl.patch
)
 
if ! use vanilla; then

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2021-12-09 Thread Mike Gilbert 
commit: 1f2e7fd084a9c6571af78262eacd9c153fbf1c3f
Author: Mike Gilbert  gentoo  org>
AuthorDate: Thu Dec  9 19:39:31 2021 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Thu Dec  9 19:39:31 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f2e7fd0

sys-apps/systemd: drop 249.4-r4

Signed-off-by: Mike Gilbert  gentoo.org>

 sys-apps/systemd/Manifest  |   1 -
 sys-apps/systemd/files/249-fido2.patch |  58 ---
 .../systemd/files/249-home-secret-assert.patch | 106 -
 sys-apps/systemd/files/249-libudev-static.patch|  26 -
 sys-apps/systemd/files/249-network-renaming.patch  |  41 --
 sys-apps/systemd/systemd-249.4-r4.ebuild   | 524 -
 6 files changed, 756 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index b4ec49408dd1..ec8fbe294598 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,2 +1 @@
-DIST systemd-stable-249.4.tar.gz 10593723 BLAKE2B 
466b3cb27c4bc6c85c9ba50f6614175b2c31a4c177d452542faa1395e99511440029b1a093dc80a5a1a0135eed09d8b1849572f36dba4e18a1396230bfc31adb
 SHA512 
5b9ec28102538bc3dcb632ee16389ff20dccf4b723186f6ae2da119a1809d84db0d8bcecf9b75c5e2da8427f5543e1da281bbed1a154e529d8a82ea5128c465c
 DIST systemd-stable-249.6.tar.gz 10599611 BLAKE2B 
9c0cbaa4319f2ce9a78dbe820d1b6df5191e6c632e2eac9f71f9ff9817564d9b3fc177d2aec0c0daea8ac33bbdc2066ad68a8967cf8857f4af3668b9a3e7d3bf
 SHA512 
7a7791dfe4923c00987b924adcb1cd08c4d17af2b17b4c6c6c701856c6810cfda61f06821c39787339fc05293853c0ea61b9973fcf4495c7bf4f8054ecfae66f

diff --git a/sys-apps/systemd/files/249-fido2.patch 
b/sys-apps/systemd/files/249-fido2.patch
deleted file mode 100644
index bbfa4afb540e..
--- a/sys-apps/systemd/files/249-fido2.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From b6aa89b0a32c8ea762e6ec4f30cff90618f2 Mon Sep 17 00:00:00 2001
-From: pedro martelletto 
-Date: Wed, 8 Sep 2021 10:42:56 +0200
-Subject: [PATCH] explicitly close FIDO2 devices
-
-FIDO2 device access is serialised by libfido2 using flock().
-Therefore, make sure to close a FIDO2 device once we are done
-with it, or we risk opening it again at a later point and
-deadlocking. Fixes #20664.

- src/shared/libfido2-util.c | 2 ++
- src/shared/libfido2-util.h | 5 -
- 2 files changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/src/shared/libfido2-util.c b/src/shared/libfido2-util.c
-index 12c644dcfcce..6d18178b68c9 100644
 a/src/shared/libfido2-util.c
-+++ b/src/shared/libfido2-util.c
-@@ -58,6 +58,7 @@ bool (*sym_fido_dev_is_fido2)(const fido_dev_t *) = NULL;
- int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char *) = 
NULL;
- fido_dev_t* (*sym_fido_dev_new)(void) = NULL;
- int (*sym_fido_dev_open)(fido_dev_t *, const char *) = NULL;
-+int (*sym_fido_dev_close)(fido_dev_t *) = NULL;
- const char* (*sym_fido_strerr)(int) = NULL;
- 
- int dlopen_libfido2(void) {
-@@ -106,6 +107,7 @@ int dlopen_libfido2(void) {
- DLSYM_ARG(fido_dev_make_cred),
- DLSYM_ARG(fido_dev_new),
- DLSYM_ARG(fido_dev_open),
-+DLSYM_ARG(fido_dev_close),
- DLSYM_ARG(fido_strerr));
- }
- 
-diff --git a/src/shared/libfido2-util.h b/src/shared/libfido2-util.h
-index 5640cca5e39b..4ebf8ab77509 100644
 a/src/shared/libfido2-util.h
-+++ b/src/shared/libfido2-util.h
-@@ -60,6 +60,7 @@ extern bool (*sym_fido_dev_is_fido2)(const fido_dev_t *);
- extern int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char 
*);
- extern fido_dev_t* (*sym_fido_dev_new)(void);
- extern int (*sym_fido_dev_open)(fido_dev_t *, const char *);
-+extern int (*sym_fido_dev_close)(fido_dev_t *);
- extern const char* (*sym_fido_strerr)(int);
- 
- int dlopen_libfido2(void);
-@@ -75,8 +76,10 @@ static inline void fido_assert_free_wrapper(fido_assert_t 
**p) {
- }
- 
- static inline void fido_dev_free_wrapper(fido_dev_t **p) {
--if (*p)
-+if (*p) {
-+sym_fido_dev_close(*p);
- sym_fido_dev_free(p);
-+}
- }
- 
- static inline void fido_cred_free_wrapper(fido_cred_t **p) {

diff --git a/sys-apps/systemd/files/249-home-secret-assert.patch 
b/sys-apps/systemd/files/249-home-secret-assert.patch
deleted file mode 100644
index e6e2a8e7cc78..
--- a/sys-apps/systemd/files/249-home-secret-assert.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From 6a09dbb89507449d158af6c7097d2c51ce83205f Mon Sep 17 00:00:00 2001
-From: Yu Watanabe 
-Date: Sun, 5 Sep 2021 11:16:26 +0900
-Subject: [PATCH] home: 'secret' argument of handle_generic_user_record_error
- may be null
-
-When RefHome() bus method is called in acquire_home(), secret is NULL.
-
-Fixes #20639.

- src/home/pam_systemd_home.c | 19 ++-
- 1 file changed, 18 insertions(+), 1 deletion(-)
-
-diff --git a/src/home/pam_systemd_home.c b/src/home/pam_systemd_home.c
-index

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2021-11-14 Thread Mike Gilbert 
commit: fc438698ea33d1481c56dbbcdbf5623aed59a69e
Author: Mike Gilbert  gentoo  org>
AuthorDate: Sun Nov 14 23:52:53 2021 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Sun Nov 14 23:52:53 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fc438698

sys-apps/systemd: add 249.6, drop 249.5-r1

Signed-off-by: Mike Gilbert  gentoo.org>

 sys-apps/systemd/Manifest  |   2 +-
 sys-apps/systemd/files/249.5-coredumpctl.patch |  31 --
 .../249.5-revert-unit-start-rate-limiting.patch| 483 -
 ...ystemd-249.5-r1.ebuild => systemd-249.6.ebuild} |   3 -
 4 files changed, 1 insertion(+), 518 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 6cbf0d852592..b4ec49408dd1 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,2 +1,2 @@
 DIST systemd-stable-249.4.tar.gz 10593723 BLAKE2B 
466b3cb27c4bc6c85c9ba50f6614175b2c31a4c177d452542faa1395e99511440029b1a093dc80a5a1a0135eed09d8b1849572f36dba4e18a1396230bfc31adb
 SHA512 
5b9ec28102538bc3dcb632ee16389ff20dccf4b723186f6ae2da119a1809d84db0d8bcecf9b75c5e2da8427f5543e1da281bbed1a154e529d8a82ea5128c465c
-DIST systemd-stable-249.5.tar.gz 10597897 BLAKE2B 
5c573322ef9bcd9d019776d6e2d8625a741c1535c0d06661b5666c2438a70cfc4dc182919bb419829de27a4d93c16717ce24e668faf9bd6b09e57f8bd88be725
 SHA512 
d6f1a5a6f03f0ed05b111aee75da509c5868c523af6209f33e630724dd0c7e0d0abf16920795d587e6c31a5915d247ebc613cf26d4aecf39f82ebb0690fab75f
+DIST systemd-stable-249.6.tar.gz 10599611 BLAKE2B 
9c0cbaa4319f2ce9a78dbe820d1b6df5191e6c632e2eac9f71f9ff9817564d9b3fc177d2aec0c0daea8ac33bbdc2066ad68a8967cf8857f4af3668b9a3e7d3bf
 SHA512 
7a7791dfe4923c00987b924adcb1cd08c4d17af2b17b4c6c6c701856c6810cfda61f06821c39787339fc05293853c0ea61b9973fcf4495c7bf4f8054ecfae66f

diff --git a/sys-apps/systemd/files/249.5-coredumpctl.patch 
b/sys-apps/systemd/files/249.5-coredumpctl.patch
deleted file mode 100644
index 2892f3477137..
--- a/sys-apps/systemd/files/249.5-coredumpctl.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 473627e1c9fcdf8f819ced2bb79cb7e9ff598b0c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= 
-Date: Tue, 12 Oct 2021 19:46:25 +0200
-Subject: [PATCH] coredumpctl: stop truncating information about coredump
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-With the changes to limit that print 'Found module …' over and over, we were
-hitting the journal field message limit, effectively truncating the info 
output.
-
-Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1998488.
-
-(cherry picked from commit 384c6207669eb0d92aa0043dbc01957c6c7ff41e)

- src/coredump/coredumpctl.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/coredump/coredumpctl.c b/src/coredump/coredumpctl.c
-index 3d44e51e32..7eba8330d7 100644
 a/src/coredump/coredumpctl.c
-+++ b/src/coredump/coredumpctl.c
-@@ -555,6 +555,8 @@ static int print_info(FILE *file, sd_journal *j, bool 
need_space) {
- assert(file);
- assert(j);
- 
-+(void) sd_journal_set_data_threshold(j, 0);
-+
- SD_JOURNAL_FOREACH_DATA(j, d, l) {
- RETRIEVE(d, l, "MESSAGE_ID", mid);
- RETRIEVE(d, l, "COREDUMP_PID", pid);

diff --git a/sys-apps/systemd/files/249.5-revert-unit-start-rate-limiting.patch 
b/sys-apps/systemd/files/249.5-revert-unit-start-rate-limiting.patch
deleted file mode 100644
index 6d070e8d30d1..
--- a/sys-apps/systemd/files/249.5-revert-unit-start-rate-limiting.patch
+++ /dev/null
@@ -1,483 +0,0 @@
-From 4fa9d8f14523982482386d398d2b2669902f2098 Mon Sep 17 00:00:00 2001
-From: Yu Watanabe 
-Date: Mon, 18 Oct 2021 14:11:53 +0900
-Subject: [PATCH] Revert "core: Check unit start rate limiting earlier"
-
-This reverts commit ed8fbbf1745c6a2dc0b8cd560ac8a3353f72e979.
-
-This was causing problems during boot, see
-https://bodhi.fedoraproject.org/updates/FEDORA-2021-a1a52487e6,
-https://bugzilla.redhat.com/show_bug.cgi?id=2013386.
-https://github.com/systemd/systemd/issues/21025

- src/core/automount.c   | 23 ++-
- src/core/mount.c   | 23 ++-
- src/core/path.c| 23 ++-
- src/core/service.c | 25 +++--
- src/core/socket.c  | 23 ++-
- src/core/swap.c| 23 ++-
- src/core/timer.c   | 23 ++-
- src/core/unit.c|  7 ---
- src/core/unit.h|  4 
- test/TEST-63-ISSUE-17433/Makefile  |  1 -
- test/TEST-63-ISSUE-17433/test.sh   |  9 -
- test/meson.build   |  2 --
- test/testsuite-10.units/test10.service |  3 ---
- test/testsuite-63.units/test63.path|  2 --
-

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2021-11-06 Thread Georgy Yakovlev 
commit: c897165ab00b566f2a21db3bb1d8da0fee67bfc8
Author: Georgy Yakovlev  gentoo  org>
AuthorDate: Mon Nov  1 23:33:10 2021 +
Commit: Georgy Yakovlev  gentoo  org>
CommitDate: Sun Nov  7 05:26:12 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c897165a

sys-apps/systemd: add hostnamed-fallback mode

this will allow networkd/hostnamed to properly set hostname
on systems without polkit.

while it's possible to set hostname/fqdn manually already, with fallback 
workaround
it will be possible to get hostnames from DHCP via networkd too without
using polkit->spidermonkey->rust->llvm chain of deps.

ideas and configs taken from yocto/oe
https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=3dc37c12c17d5bb6d4701a425a4f79f6e31784ee

https://github.com/systemd/systemd/issues/13501
Closes: https://github.com/gentoo/gentoo/pull/22792
Signed-off-by: Georgy Yakovlev  gentoo.org>

 sys-apps/systemd/files/00-hostnamed-network-user.conf   |  6 ++
 .../files/org.freedesktop.hostname1_no_polkit.conf  | 11 +++
 sys-apps/systemd/metadata.xml   |  1 +
 sys-apps/systemd/systemd-.ebuild| 17 -
 4 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/sys-apps/systemd/files/00-hostnamed-network-user.conf 
b/sys-apps/systemd/files/00-hostnamed-network-user.conf
new file mode 100644
index 000..6b224ba9b93
--- /dev/null
+++ b/sys-apps/systemd/files/00-hostnamed-network-user.conf
@@ -0,0 +1,6 @@
+[Service]
+# By running with these options instead of root, networkd is allowed to request
+# a hostname change via DBUS when policykit is not present
+User=systemd-network
+Group=systemd-hostname
+AmbientCapabilities=CAP_SYS_ADMIN

diff --git a/sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf 
b/sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf
new file mode 100644
index 000..f4d0271cdb6
--- /dev/null
+++ b/sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf
@@ -0,0 +1,11 @@
+ 
+http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd;>
+
+
+
+
+
+
+
+

diff --git a/sys-apps/systemd/metadata.xml b/sys-apps/systemd/metadata.xml
index b35d6bfbd41..cd0754d004d 100644
--- a/sys-apps/systemd/metadata.xml
+++ b/sys-apps/systemd/metadata.xml
@@ -20,6 +20,7 @@
Enable FIDO2 support
Enable sealing of journal files using 
gcrypt
Enable portable home directories
+   Enable setting hostname with 
networkd/hostnamed without polkit (requires running 
sys-apps/dbus-broker)
Enable embedded HTTP server in journald
Enable support for the hardware 
database
Enable import daemon

diff --git a/sys-apps/systemd/systemd-.ebuild 
b/sys-apps/systemd/systemd-.ebuild
index 8348517478b..485b6498181 100644
--- a/sys-apps/systemd/systemd-.ebuild
+++ b/sys-apps/systemd/systemd-.ebuild
@@ -30,11 +30,12 @@ HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd;
 
 LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
 SLOT="0/2"
-IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls 
elfutils fido2 +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat 
pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux 
split-usr +sysv-utils test tpm vanilla xkb +zstd"
+IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls 
elfutils fido2 +gcrypt gnuefi homed hostnamed-fallback http +hwdb idn importd 
+kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart 
+resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd"
 
 REQUIRED_USE="
homed? ( cryptsetup pam )
importd? ( curl gcrypt lzma )
+   policykit? ( !hostnamed-fallback )
pwquality? ( homed )
 "
 RESTRICT="!test? ( test )"
@@ -117,6 +118,10 @@ RDEPEND="${COMMON_DEPEND}
>=acct-user/systemd-resolve-0-r1
>=acct-user/systemd-timesync-0-r1
>=sys-apps/baselayout-2.2
+   hostnamed-fallback? (
+   acct-group/systemd-hostname
+   sys-apps/dbus-broker
+   )
selinux? ( sec-policy/selinux-base-policy[systemd] )
sysv-utils? (
!sys-apps/openrc[sysv-utils(-)]
@@ -400,6 +405,16 @@ multilib_src_install_all() {
dosym ../../../lib/systemd/systemd-shutdown 
/usr/lib/systemd/systemd-shutdown
fi
 
+   # workaround for https://github.com/systemd/systemd/issues/13501
+   if use hostnamed-fallback; then
+   # this file requires dbus-broker
+   insinto /usr/share/dbus-1/system.d/
+   doins "${FILESDIR}/org.freedesktop.hostname1_no_polkit.conf"
+
+   insinto 
"${rootprefix}/lib/systemd/system/systemd-hostnamed.service.d/"
+   doins "${FILESDIR}/00-hostnamed-network-user.conf"
+

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2021-09-14 Thread Mike Gilbert 
commit: 456fb26fe2564868771b7948b6049dc96743d947
Author: Mike Gilbert  gentoo  org>
AuthorDate: Tue Sep 14 23:46:05 2021 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Tue Sep 14 23:46:05 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=456fb26f

sys-apps/systemd: backport network fix

Closes: https://bugs.gentoo.org/813102
Signed-off-by: Mike Gilbert  gentoo.org>

 sys-apps/systemd/files/249-network-renaming.patch  | 41 ++
 ...emd-249.4-r3.ebuild => systemd-249.4-r4.ebuild} |  1 +
 2 files changed, 42 insertions(+)

diff --git a/sys-apps/systemd/files/249-network-renaming.patch 
b/sys-apps/systemd/files/249-network-renaming.patch
new file mode 100644
index 000..b9eecf57b10
--- /dev/null
+++ b/sys-apps/systemd/files/249-network-renaming.patch
@@ -0,0 +1,41 @@
+From 160203e974945ce520fe8f569458634ef898c61c Mon Sep 17 00:00:00 2001
+From: Yu Watanabe 
+Date: Fri, 10 Sep 2021 08:09:56 +0900
+Subject: [PATCH] network: fix handling of network interface renaming
+
+Fixes #20657.
+---
+ src/network/networkd-link.c | 14 +-
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 4afd540d2015..caad6205ae83 100644
+--- a/src/network/networkd-link.c
 b/src/network/networkd-link.c
+@@ -1470,17 +1470,21 @@ static int link_initialized(Link *link, sd_device 
*device) {
+ assert(link);
+ assert(device);
+ 
+-if (link->state != LINK_STATE_PENDING)
+-return 0;
++/* Always replace with the new sd_device object. As the sysname (and 
possibly other properties
++ * or sysattrs) may be outdated. */
++sd_device_ref(device);
++sd_device_unref(link->sd_device);
++link->sd_device = device;
+ 
+-if (link->sd_device)
++/* Do not ignore unamanaged state case here. If an interface is 
renamed after being once
++ * configured, and the corresponding .network file has Name= in 
[Match] section, then the
++ * interface may be already in unmanaged state. See #20657. */
++if (!IN_SET(link->state, LINK_STATE_PENDING, LINK_STATE_UNMANAGED))
+ return 0;
+ 
+ log_link_debug(link, "udev initialized link");
+ link_set_state(link, LINK_STATE_INITIALIZED);
+ 
+-link->sd_device = sd_device_ref(device);
+-
+ /* udev has initialized the link, but we don't know if we have yet
+  * processed the NEWLINK messages with the latest state. Do a GETLINK,
+  * when it returns we know that the pending NEWLINKs have already been

diff --git a/sys-apps/systemd/systemd-249.4-r3.ebuild 
b/sys-apps/systemd/systemd-249.4-r4.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-249.4-r3.ebuild
rename to sys-apps/systemd/systemd-249.4-r4.ebuild
index b651ce70662..dff4c114007 100644
--- a/sys-apps/systemd/systemd-249.4-r3.ebuild
+++ b/sys-apps/systemd/systemd-249.4-r4.ebuild
@@ -229,6 +229,7 @@ src_prepare() {
"${FILESDIR}/249-libudev-static.patch"
"${FILESDIR}/249-home-secret-assert.patch"
"${FILESDIR}/249-fido2.patch"
+   "${FILESDIR}/249-network-renaming.patch"
)
 
if ! use vanilla; then

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2021-09-08 Thread Mike Gilbert 
commit: b4f43b6837d616fef3678a80562b0d483d0ce7cb
Author: Mike Gilbert  gentoo  org>
AuthorDate: Wed Sep  8 18:23:16 2021 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Wed Sep  8 18:29:25 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4f43b68

sys-apps/systemd: backport FIDO2 fix

Closes: https://bugs.gentoo.org/811864
Signed-off-by: Mike Gilbert  gentoo.org>

 sys-apps/systemd/files/249-fido2.patch | 58 ++
 ...emd-249.4-r1.ebuild => systemd-249.4-r2.ebuild} |  1 +
 2 files changed, 59 insertions(+)

diff --git a/sys-apps/systemd/files/249-fido2.patch 
b/sys-apps/systemd/files/249-fido2.patch
new file mode 100644
index 000..bbfa4afb540
--- /dev/null
+++ b/sys-apps/systemd/files/249-fido2.patch
@@ -0,0 +1,58 @@
+From b6aa89b0a32c8ea762e6ec4f30cff90618f2 Mon Sep 17 00:00:00 2001
+From: pedro martelletto 
+Date: Wed, 8 Sep 2021 10:42:56 +0200
+Subject: [PATCH] explicitly close FIDO2 devices
+
+FIDO2 device access is serialised by libfido2 using flock().
+Therefore, make sure to close a FIDO2 device once we are done
+with it, or we risk opening it again at a later point and
+deadlocking. Fixes #20664.
+---
+ src/shared/libfido2-util.c | 2 ++
+ src/shared/libfido2-util.h | 5 -
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/shared/libfido2-util.c b/src/shared/libfido2-util.c
+index 12c644dcfcce..6d18178b68c9 100644
+--- a/src/shared/libfido2-util.c
 b/src/shared/libfido2-util.c
+@@ -58,6 +58,7 @@ bool (*sym_fido_dev_is_fido2)(const fido_dev_t *) = NULL;
+ int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char *) = 
NULL;
+ fido_dev_t* (*sym_fido_dev_new)(void) = NULL;
+ int (*sym_fido_dev_open)(fido_dev_t *, const char *) = NULL;
++int (*sym_fido_dev_close)(fido_dev_t *) = NULL;
+ const char* (*sym_fido_strerr)(int) = NULL;
+ 
+ int dlopen_libfido2(void) {
+@@ -106,6 +107,7 @@ int dlopen_libfido2(void) {
+ DLSYM_ARG(fido_dev_make_cred),
+ DLSYM_ARG(fido_dev_new),
+ DLSYM_ARG(fido_dev_open),
++DLSYM_ARG(fido_dev_close),
+ DLSYM_ARG(fido_strerr));
+ }
+ 
+diff --git a/src/shared/libfido2-util.h b/src/shared/libfido2-util.h
+index 5640cca5e39b..4ebf8ab77509 100644
+--- a/src/shared/libfido2-util.h
 b/src/shared/libfido2-util.h
+@@ -60,6 +60,7 @@ extern bool (*sym_fido_dev_is_fido2)(const fido_dev_t *);
+ extern int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char 
*);
+ extern fido_dev_t* (*sym_fido_dev_new)(void);
+ extern int (*sym_fido_dev_open)(fido_dev_t *, const char *);
++extern int (*sym_fido_dev_close)(fido_dev_t *);
+ extern const char* (*sym_fido_strerr)(int);
+ 
+ int dlopen_libfido2(void);
+@@ -75,8 +76,10 @@ static inline void fido_assert_free_wrapper(fido_assert_t 
**p) {
+ }
+ 
+ static inline void fido_dev_free_wrapper(fido_dev_t **p) {
+-if (*p)
++if (*p) {
++sym_fido_dev_close(*p);
+ sym_fido_dev_free(p);
++}
+ }
+ 
+ static inline void fido_cred_free_wrapper(fido_cred_t **p) {

diff --git a/sys-apps/systemd/systemd-249.4-r1.ebuild 
b/sys-apps/systemd/systemd-249.4-r2.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-249.4-r1.ebuild
rename to sys-apps/systemd/systemd-249.4-r2.ebuild
index 6c7937f4e0e..95d20177016 100644
--- a/sys-apps/systemd/systemd-249.4-r1.ebuild
+++ b/sys-apps/systemd/systemd-249.4-r2.ebuild
@@ -226,6 +226,7 @@ src_prepare() {
# Add local patches here
PATCHES+=(
"${FILESDIR}/249-libudev-static.patch"
+   "${FILESDIR}/249-fido2.patch"
)
 
if ! use vanilla; then

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2021-09-08 Thread Mike Gilbert 
commit: bf8a15acdb09aef0eedfaeb743e1ae566120e0b7
Author: Mike Gilbert  gentoo  org>
AuthorDate: Wed Sep  8 18:28:49 2021 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Wed Sep  8 18:29:25 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf8a15ac

sys-apps/systemd: backport fix for pam_systemd_home

Closes: https://bugs.gentoo.org/811093
Signed-off-by: Mike Gilbert  gentoo.org>

 .../systemd/files/249-home-secret-assert.patch | 106 +
 sys-apps/systemd/systemd-249.4-r2.ebuild   |   1 +
 2 files changed, 107 insertions(+)

diff --git a/sys-apps/systemd/files/249-home-secret-assert.patch 
b/sys-apps/systemd/files/249-home-secret-assert.patch
new file mode 100644
index 000..e6e2a8e7cc7
--- /dev/null
+++ b/sys-apps/systemd/files/249-home-secret-assert.patch
@@ -0,0 +1,106 @@
+From 6a09dbb89507449d158af6c7097d2c51ce83205f Mon Sep 17 00:00:00 2001
+From: Yu Watanabe 
+Date: Sun, 5 Sep 2021 11:16:26 +0900
+Subject: [PATCH] home: 'secret' argument of handle_generic_user_record_error
+ may be null
+
+When RefHome() bus method is called in acquire_home(), secret is NULL.
+
+Fixes #20639.
+---
+ src/home/pam_systemd_home.c | 19 ++-
+ 1 file changed, 18 insertions(+), 1 deletion(-)
+
+diff --git a/src/home/pam_systemd_home.c b/src/home/pam_systemd_home.c
+index 836ed0d5e96d..a04d50208a8e 100644
+--- a/src/home/pam_systemd_home.c
 b/src/home/pam_systemd_home.c
+@@ -281,7 +281,6 @@ static int handle_generic_user_record_error(
+ const sd_bus_error *error) {
+ 
+ assert(user_name);
+-assert(secret);
+ assert(error);
+ 
+ int r;
+@@ -301,6 +300,8 @@ static int handle_generic_user_record_error(
+ } else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_PASSWORD)) {
+ _cleanup_(erase_and_freep) char *newp = NULL;
+ 
++assert(secret);
++
+ /* This didn't work? Ask for an (additional?) password */
+ 
+ if (strv_isempty(secret->password))
+@@ -326,6 +327,8 @@ static int handle_generic_user_record_error(
+ } else if (sd_bus_error_has_name(error, 
BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN)) {
+ _cleanup_(erase_and_freep) char *newp = NULL;
+ 
++assert(secret);
++
+ if (strv_isempty(secret->password)) {
+ (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, 
"Security token of user %s not inserted.", user_name);
+ r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, , 
"Try again with password: ");
+@@ -350,6 +353,8 @@ static int handle_generic_user_record_error(
+ } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PIN_NEEDED)) {
+ _cleanup_(erase_and_freep) char *newp = NULL;
+ 
++assert(secret);
++
+ r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, , "Security 
token PIN: ");
+ if (r != PAM_SUCCESS)
+ return PAM_CONV_ERR; /* no logging here */
+@@ -367,6 +372,8 @@ static int handle_generic_user_record_error(
+ 
+ } else if (sd_bus_error_has_name(error, 
BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED)) {
+ 
++assert(secret);
++
+ (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please 
authenticate physically on security token of user %s.", user_name);
+ 
+ r = 
user_record_set_pkcs11_protected_authentication_path_permitted(secret, true);
+@@ -377,6 +384,8 @@ static int handle_generic_user_record_error(
+ 
+ } else if (sd_bus_error_has_name(error, 
BUS_ERROR_TOKEN_USER_PRESENCE_NEEDED)) {
+ 
++assert(secret);
++
+ (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please 
confirm presence on security token of user %s.", user_name);
+ 
+ r = user_record_set_fido2_user_presence_permitted(secret, 
true);
+@@ -387,6 +396,8 @@ static int handle_generic_user_record_error(
+ 
+ } else if (sd_bus_error_has_name(error, 
BUS_ERROR_TOKEN_USER_VERIFICATION_NEEDED)) {
+ 
++assert(secret);
++
+ (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please verify 
user on security token of user %s.", user_name);
+ 
+ r = user_record_set_fido2_user_verification_permitted(secret, 
true);
+@@ -403,6 +414,8 @@ static int handle_generic_user_record_error(
+ } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN)) {
+ _cleanup_(erase_and_freep) char *newp = NULL;
+ 
++assert(secret);
++
+ (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security 
token PIN incorrect for user %s.", user_name);
+ r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, , "Sorry, 
retry security token PIN: ");
+ if (r != PAM_SUCCESS)
+@@ -422,6 +435,8 @@ static int handle_generic_user_record_error(
+ } else if

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2021-07-08 Thread Mike Gilbert 
commit: 9cb1e202e281d9fa3ebbf9f354b0672d98743d87
Author: Mike Gilbert  gentoo  org>
AuthorDate: Thu Jul  8 20:22:01 2021 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Thu Jul  8 20:22:01 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9cb1e202

sys-apps/systemd: backport fix for hostnamed

Signed-off-by: Mike Gilbert  gentoo.org>

 .../files/249-hostnamed-error-variable.patch   | 50 ++
 .../{systemd-249.ebuild => systemd-249-r1.ebuild}  |  1 +
 2 files changed, 51 insertions(+)

diff --git a/sys-apps/systemd/files/249-hostnamed-error-variable.patch 
b/sys-apps/systemd/files/249-hostnamed-error-variable.patch
new file mode 100644
index 000..7fe7af73a00
--- /dev/null
+++ b/sys-apps/systemd/files/249-hostnamed-error-variable.patch
@@ -0,0 +1,50 @@
+From 105a4245ff13d588e1e848e8ee3cffd6185bd0ae Mon Sep 17 00:00:00 2001
+From: Jan Palus 
+Date: Thu, 8 Jul 2021 00:23:21 +0200
+Subject: [PATCH] hostnamed: correct variable with errno in fallback_chassis
+
+fixes assertion failure on arm:
+
+systemd-hostnamed[642]: Assertion '(_error) != 0' failed at 
src/hostname/hostnamed.c:207, function fallback_chassis(). Aborting.
+---
+ src/hostname/hostnamed.c | 8 
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
+index bd535ddc4d80..36702f2fb0cd 100644
+--- a/src/hostname/hostnamed.c
 b/src/hostname/hostnamed.c
+@@ -204,14 +204,14 @@ static const char* fallback_chassis(void) {
+ 
+ r = read_one_line_file("/sys/class/dmi/id/chassis_type", );
+ if (r < 0) {
+-log_debug_errno(v, "Failed to read DMI chassis type, 
ignoring: %m");
++log_debug_errno(r, "Failed to read DMI chassis type, 
ignoring: %m");
+ goto try_acpi;
+ }
+ 
+ r = safe_atou(type, );
+ free(type);
+ if (r < 0) {
+-log_debug_errno(v, "Failed to parse DMI chassis type, 
ignoring: %m");
++log_debug_errno(r, "Failed to parse DMI chassis type, 
ignoring: %m");
+ goto try_acpi;
+ }
+ 
+@@ -260,14 +260,14 @@ static const char* fallback_chassis(void) {
+ try_acpi:
+ r = read_one_line_file("/sys/firmware/acpi/pm_profile", );
+ if (r < 0) {
+-log_debug_errno(v, "Failed read ACPI PM profile, ignoring: 
%m");
++log_debug_errno(r, "Failed read ACPI PM profile, ignoring: 
%m");
+ return NULL;
+ }
+ 
+ r = safe_atou(type, );
+ free(type);
+ if (r < 0) {
+-log_debug_errno(v, "Failed parse ACPI PM profile, ignoring: 
%m");
++log_debug_errno(r, "Failed parse ACPI PM profile, ignoring: 
%m");
+ return NULL;
+ }
+ 

diff --git a/sys-apps/systemd/systemd-249.ebuild 
b/sys-apps/systemd/systemd-249-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-249.ebuild
rename to sys-apps/systemd/systemd-249-r1.ebuild
index 7b82142e7ac..3bc38914353 100644
--- a/sys-apps/systemd/systemd-249.ebuild
+++ b/sys-apps/systemd/systemd-249-r1.ebuild
@@ -218,6 +218,7 @@ src_prepare() {
 
# Add local patches here
PATCHES+=(
+   "${FILESDIR}/249-hostnamed-error-variable.patch"
)
 
if ! use vanilla; then

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2021-06-20 Thread Mike Gilbert 
commit: b528f97e26fe1d046152e38cbd199355d380cc98
Author: Mike Gilbert  gentoo  org>
AuthorDate: Sun Jun 20 16:53:28 2021 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Sun Jun 20 17:18:48 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b528f97e

sys-apps/systemd: simplify systemd-user pam config

Signed-off-by: Mike Gilbert  gentoo.org>

 sys-apps/systemd/files/systemd-user.pam | 5 +
 sys-apps/systemd/systemd-.ebuild| 5 -
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/sys-apps/systemd/files/systemd-user.pam 
b/sys-apps/systemd/files/systemd-user.pam
new file mode 100644
index 000..38ae3211f8d
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-user.pam
@@ -0,0 +1,5 @@
+account include system-auth
+
+session required pam_loginuid.so
+session include system-auth
+session optional pam_systemd.so

diff --git a/sys-apps/systemd/systemd-.ebuild 
b/sys-apps/systemd/systemd-.ebuild
index 3f2168e521b..41b2a1b5b70 100644
--- a/sys-apps/systemd/systemd-.ebuild
+++ b/sys-apps/systemd/systemd-.ebuild
@@ -223,7 +223,6 @@ src_prepare() {
"${FILESDIR}/gentoo-generator-path-r2.patch"

"${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
"${FILESDIR}/gentoo-journald-audit.patch"
-   "${FILESDIR}/gentoo-pam-r1.patch"
)
fi
 
@@ -380,6 +379,10 @@ multilib_src_install_all() {
# Symlink /etc/sysctl.conf for easy migration.
dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
 
+   if use pam; then
+   newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+   fi
+
if use hwdb; then
rm -r "${ED}${rootprefix}"/lib/udev/hwdb.d || die
fi

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2021-05-19 Thread Mike Gilbert 
commit: 802dfd1188797b98f8be573efd29feccf7ab8c2c
Author: Mike Gilbert  gentoo  org>
AuthorDate: Wed May 19 19:36:46 2021 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Wed May 19 19:36:46 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=802dfd11

sys-apps/systemd: update pam patch for jinja conversion

Signed-off-by: Mike Gilbert  gentoo.org>

 sys-apps/systemd/files/gentoo-pam-r1.patch | 33 ++
 sys-apps/systemd/systemd-.ebuild   |  2 +-
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/sys-apps/systemd/files/gentoo-pam-r1.patch 
b/sys-apps/systemd/files/gentoo-pam-r1.patch
new file mode 100644
index 000..8816bae19e0
--- /dev/null
+++ b/sys-apps/systemd/files/gentoo-pam-r1.patch
@@ -0,0 +1,33 @@
+From e404e655eab9042bfc81ff5638dd54f4a5452ce0 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert 
+Date: Wed, 19 May 2021 15:34:41 -0400
+Subject: [PATCH] pam: include system-auth for systemd --user
+
+---
+ src/login/systemd-user.in | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in
+index 343aec4a01..a18d7d43cf 100644
+--- a/src/login/systemd-user.in
 b/src/login/systemd-user.in
+@@ -5,7 +5,7 @@
+ {% if ENABLE_HOMED %}
+ -account sufficient pam_systemd_home.so
+ {% endif %}
+-account sufficient pam_unix.so
++account include system-auth
+ account required pam_permit.so
+ 
+ {% if HAVE_SELINUX %}
+@@ -13,6 +13,7 @@ session required pam_selinux.so close
+ session required pam_selinux.so nottys open
+ {% endif %}
+ session required pam_loginuid.so
++session include system-auth
+ session optional pam_keyinit.so force revoke
+ {% if ENABLE_HOMED %}
+ -session optional pam_systemd_home.so
+-- 
+2.31.1
+

diff --git a/sys-apps/systemd/systemd-.ebuild 
b/sys-apps/systemd/systemd-.ebuild
index 72aabc846fe..03cc0e7e225 100644
--- a/sys-apps/systemd/systemd-.ebuild
+++ b/sys-apps/systemd/systemd-.ebuild
@@ -223,7 +223,7 @@ src_prepare() {
"${FILESDIR}/gentoo-generator-path-r2.patch"

"${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
"${FILESDIR}/gentoo-journald-audit.patch"
-   "${FILESDIR}/gentoo-pam.patch"
+   "${FILESDIR}/gentoo-pam-r1.patch"
)
fi

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2020-11-08 Thread Mike Gilbert 
commit: e25dac18a28a39570cbd3bc258be1b573c8fa9dc
Author: Mike Gilbert  gentoo  org>
AuthorDate: Sun Nov  8 17:50:35 2020 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Sun Nov  8 17:50:50 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e25dac18

sys-apps/systemd: bump to 247-rc1

Signed-off-by: Mike Gilbert  gentoo.org>

 sys-apps/systemd/Manifest  |  1 +
 .../gentoo-systemctl-disable-sysv-sync-r1.patch| 25 ++
 ...{systemd-.ebuild => systemd-247_rc1.ebuild} |  2 +-
 sys-apps/systemd/systemd-.ebuild   |  2 +-
 4 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 470a6c699a3..530182fc3ff 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,2 +1,3 @@
 DIST systemd-246.tar.gz 9534036 BLAKE2B 
71b72abcd4d066d35d45d9835d41bec8faa9a7eddc80b48fe7073223f07d32f78a8442c52dc0800940f9750d9c5502123a633738981d797cf610d85df2035bf0
 SHA512 
7103f7da53f7ced3b5543c238f23bd11c82af8e37166c1720a90576b6b431b4329320c78726166c65a9f5e101dd465c0a86dd13c586c4e55e608a6273d8f324f
+DIST systemd-247-rc1.tar.gz 9838448 BLAKE2B 
99eeafb9ef35d7786f39e8089820ea7b838e06b7ad74271a193c27e716275cb96e0cfe213fa546abc304978fdf95be37e23f31c2059aa6aff28739979a1a036d
 SHA512 
5c04b013ceebbf466c917d093189a60a2a77c57a844eed840c911669855d4d9d783dcaec1ba6b488c5e96e7f9a9f3d4e39cff240c46c013ec2fcce5a5b7c4aee
 DIST systemd-stable-246.6.tar.gz 9545237 BLAKE2B 
5290736b30ca1a3188335a74d49b4f3e8b48007d9563efac1985ea6428a8b8fd6cad7ae87c35e13a32f851ebd27821829738274d35cfbff9340750bd3b086621
 SHA512 
1936b291d9831cf61f800fe718a4c2c2fe9b2a11fd817fe32bd48da2087a675dfc91013209a3478ea52e8ada593300ed906e248b8081dcf9141bf1cc17483ea9

diff --git a/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync-r1.patch 
b/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync-r1.patch
new file mode 100644
index 000..a9d40be4ab7
--- /dev/null
+++ b/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync-r1.patch
@@ -0,0 +1,25 @@
+From d9059d2ef1b0d6034267cc8ff44871d0f82f840f Mon Sep 17 00:00:00 2001
+From: Mike Gilbert 
+Date: Sun, 8 Nov 2020 12:34:11 -0500
+Subject: [PATCH] systemctl: disable synchronizaion of sysv init scripts
+
+---
+ src/systemctl/systemctl-sysv-compat.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/systemctl/systemctl-sysv-compat.c 
b/src/systemctl/systemctl-sysv-compat.c
+index 2dca9e480f..5dcf13ba17 100644
+--- a/src/systemctl/systemctl-sysv-compat.c
 b/src/systemctl/systemctl-sysv-compat.c
+@@ -111,7 +111,7 @@ int parse_shutdown_time_spec(const char *t, usec_t *ret) {
+ int enable_sysv_units(const char *verb, char **args) {
+ int r = 0;
+ 
+-#if HAVE_SYSV_COMPAT
++#if 0
+ _cleanup_(lookup_paths_free) LookupPaths paths = {};
+ unsigned f = 0;
+ 
+-- 
+2.29.0
+

diff --git a/sys-apps/systemd/systemd-.ebuild 
b/sys-apps/systemd/systemd-247_rc1.ebuild
similarity index 99%
copy from sys-apps/systemd/systemd-.ebuild
copy to sys-apps/systemd/systemd-247_rc1.ebuild
index 4c0c3699148..016f308320d 100644
--- a/sys-apps/systemd/systemd-.ebuild
+++ b/sys-apps/systemd/systemd-247_rc1.ebuild
@@ -208,7 +208,7 @@ src_prepare() {
if ! use vanilla; then
PATCHES+=(
"${FILESDIR}/gentoo-generator-path-r2.patch"
-   "${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch"
+   
"${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
"${FILESDIR}/gentoo-journald-audit.patch"
"${FILESDIR}/gentoo-pam.patch"
)

diff --git a/sys-apps/systemd/systemd-.ebuild 
b/sys-apps/systemd/systemd-.ebuild
index 4c0c3699148..016f308320d 100644
--- a/sys-apps/systemd/systemd-.ebuild
+++ b/sys-apps/systemd/systemd-.ebuild
@@ -208,7 +208,7 @@ src_prepare() {
if ! use vanilla; then
PATCHES+=(
"${FILESDIR}/gentoo-generator-path-r2.patch"
-   "${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch"
+   
"${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch"
"${FILESDIR}/gentoo-journald-audit.patch"
"${FILESDIR}/gentoo-pam.patch"
)

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2020-05-20 Thread Mike Gilbert 
commit: 25690985f6ec821756db3ee0af7484976005b79d
Author: Mike Gilbert  gentoo  org>
AuthorDate: Thu May 21 00:11:48 2020 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Thu May 21 00:12:58 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=25690985

sys-apps/systemd: remove old

Signed-off-by: Mike Gilbert  gentoo.org>

 sys-apps/systemd/Manifest|   1 -
 sys-apps/systemd/files/243-seccomp.patch | 145 -
 sys-apps/systemd/systemd-243-r2.ebuild   | 504 ---
 3 files changed, 650 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index fe384c4ffdc..2b7c2f78b20 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,4 +1,3 @@
-DIST systemd-243.tar.gz 8242522 BLAKE2B 
89e3ebbea5a99061329f7c78220a66c1e075d5ba90dfdf5ee8d0d9b762ef4600dc82d8ca2054632e5e343b6272cd8046c92f7f99dcfa8287c5ef2b42fb96d4cb
 SHA512 
56b52a297aa5ac04d9667eb3afb1598725b197de73ff72baa1aabbc2844e36fba7b7fccdf6d214ae8b5b926616b2b7e15772763aaa80ec938d74333ff9c8673e
 DIST systemd-244.tar.gz 8445963 BLAKE2B 
19751fb9c058a079694ee1b991259fd3f1fa30ae98ca38bbe8caadfc5628db7848c7f742a1b11781fbd67f911adda917d7a4da1dddb63064907f86f47e5a3256
 SHA512 
08f260fb15b5eb273faafda826dd9154e9a02841b4c5911cc1c7e1445072ad51389f8cced7b9acf112737c20fd56b2fbf48b3f914733c934c774d38a23b616fb
 DIST systemd-245.tar.gz 8993479 BLAKE2B 
be0b1fca5ba8585978f570868bc9135c1fee78ea64dcdf8b1a3419e856a83da90104ed2f86e5f3e5b0b6f29d4b34f603bfe1e4cbc61ccf71bedce547db62ff35
 SHA512 
1b80d0e02472dfc4197f11dab4f56cf90e8a6e105ce19f837cb11335b6d8577ed49031dad94cdb41aa9bdc06ec8eec62c8e9246272b83935e7bb9dcd3cd8c012
 DIST systemd-stable-244.3.tar.gz 8484735 BLAKE2B 
25125ecdae59c852e8ceb45b7ed0b76631b301ab4026c4e389c4bc12090fe41f5918411a75bd20f38b6b3993445df93c850ba98f8d9b30fd24fc4e25f8355a3d
 SHA512 
f8e83fa3e57ac8fdbed61b66bb45fd0eafa6fb36eda26f10690d93f34b03daab6ce4e7eff45b79dcaf59f11f41c1b022d1d9314f576c50ad28f6bb5901f1b18d

diff --git a/sys-apps/systemd/files/243-seccomp.patch 
b/sys-apps/systemd/files/243-seccomp.patch
deleted file mode 100644
index 88b129f7722..000
--- a/sys-apps/systemd/files/243-seccomp.patch
+++ /dev/null
@@ -1,145 +0,0 @@
-From 4df8fe8415eaf4abd5b93c3447452547c6ea9e5f Mon Sep 17 00:00:00 2001
-From: Lennart Poettering 
-Date: Thu, 14 Nov 2019 17:51:30 +0100
-Subject: [PATCH] seccomp: more comprehensive protection against libseccomp's
- __NR_xyz namespace invasion
-
-A follow-up for 59b657296a2fe104f112b91bbf9301724067cc81, adding the
-same conditioning for all cases of our __NR_xyz use.
-
-Fixes: #14031

- src/basic/missing_syscall.h | 10 +-
- src/test/test-seccomp.c | 19 ++-
- 2 files changed, 15 insertions(+), 14 deletions(-)
-
-diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h
-index 6d9b12544d..1255d8b197 100644
 a/src/basic/missing_syscall.h
-+++ b/src/basic/missing_syscall.h
-@@ -274,7 +274,7 @@ static inline int missing_renameat2(int oldfd, const char 
*oldname, int newfd, c
- 
- #if !HAVE_KCMP
- static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned 
long idx1, unsigned long idx2) {
--#  ifdef __NR_kcmp
-+#  if defined __NR_kcmp && __NR_kcmp > 0
- return syscall(__NR_kcmp, pid1, pid2, type, idx1, idx2);
- #  else
- errno = ENOSYS;
-@@ -289,7 +289,7 @@ static inline int missing_kcmp(pid_t pid1, pid_t pid2, int 
type, unsigned long i
- 
- #if !HAVE_KEYCTL
- static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long 
arg3, unsigned long arg4, unsigned long arg5) {
--#  ifdef __NR_keyctl
-+#  if defined __NR_keyctl && __NR_keyctl > 0
- return syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5);
- #  else
- errno = ENOSYS;
-@@ -300,7 +300,7 @@ static inline long missing_keyctl(int cmd, unsigned long 
arg2, unsigned long arg
- }
- 
- static inline key_serial_t missing_add_key(const char *type, const char 
*description, const void *payload, size_t plen, key_serial_t ringid) {
--#  ifdef __NR_add_key
-+#  if defined __NR_add_key && __NR_add_key > 0
- return syscall(__NR_add_key, type, description, payload, plen, 
ringid);
- #  else
- errno = ENOSYS;
-@@ -311,7 +311,7 @@ static inline key_serial_t missing_add_key(const char 
*type, const char *descrip
- }
- 
- static inline key_serial_t missing_request_key(const char *type, const char 
*description, const char * callout_info, key_serial_t destringid) {
--#  ifdef __NR_request_key
-+#  if defined __NR_request_key && __NR_request_key > 0
- return syscall(__NR_request_key, type, description, callout_info, 
destringid);
- #  else
- errno = ENOSYS;
-@@ -496,7 +496,7 @@ enum {
- static inline long missing_set_mempolicy(int mode, const unsigned long 
*nodemask,
-unsigned long maxnode) {
- long i;
--#  ifdef __NR_set_mempolicy
-+#  if defined __NR_set_mempolicy && __NR_set_mempolicy >

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2020-04-27 Thread Mike Gilbert 
commit: 4b96b826237c2ba711b79c8fa5b1980004bd5d9b
Author: Mike Gilbert  gentoo  org>
AuthorDate: Mon Apr 27 14:26:44 2020 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Mon Apr 27 14:40:51 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b96b826

sys-apps/systemd: disable sysv init script sync

Signed-off-by: Mike Gilbert  gentoo.org>

 .../files/gentoo-systemctl-disable-sysv-sync.patch | 25 ++
 ...systemd-245-r4.ebuild => systemd-245-r5.ebuild} |  1 +
 sys-apps/systemd/systemd-.ebuild   |  1 +
 3 files changed, 27 insertions(+)

diff --git a/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync.patch 
b/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync.patch
new file mode 100644
index 000..d92d2d43a0c
--- /dev/null
+++ b/sys-apps/systemd/files/gentoo-systemctl-disable-sysv-sync.patch
@@ -0,0 +1,25 @@
+From 7ccd5724afc6fa83ec6cd93dbaf4faf3671c88fc Mon Sep 17 00:00:00 2001
+From: Mike Gilbert 
+Date: Mon, 27 Apr 2020 10:22:03 -0400
+Subject: [PATCH] systemctl: disable synchronizaion of sysv init scripts
+
+---
+ src/systemctl/systemctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index d319d5d375..bb8419800c 100644
+--- a/src/systemctl/systemctl.c
 b/src/systemctl/systemctl.c
+@@ -6622,7 +6622,7 @@ static int import_environment(int argc, char *argv[], 
void *userdata) {
+ static int enable_sysv_units(const char *verb, char **args) {
+ int r = 0;
+ 
+-#if HAVE_SYSV_COMPAT
++#if 0
+ _cleanup_(lookup_paths_free) LookupPaths paths = {};
+ unsigned f = 0;
+ 
+-- 
+2.26.2
+

diff --git a/sys-apps/systemd/systemd-245-r4.ebuild 
b/sys-apps/systemd/systemd-245-r5.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-245-r4.ebuild
rename to sys-apps/systemd/systemd-245-r5.ebuild
index b686b0a738b..46c7844250b 100644
--- a/sys-apps/systemd/systemd-245-r4.ebuild
+++ b/sys-apps/systemd/systemd-245-r5.ebuild
@@ -209,6 +209,7 @@ src_prepare() {
"${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
"${FILESDIR}/gentoo-systemd-user-pam.patch"
"${FILESDIR}/gentoo-generator-path-r1.patch"
+   "${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch"
)
fi
 

diff --git a/sys-apps/systemd/systemd-.ebuild 
b/sys-apps/systemd/systemd-.ebuild
index c692b2d9f5d..b755eb2883e 100644
--- a/sys-apps/systemd/systemd-.ebuild
+++ b/sys-apps/systemd/systemd-.ebuild
@@ -208,6 +208,7 @@ src_prepare() {
"${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
"${FILESDIR}/gentoo-systemd-user-pam.patch"
"${FILESDIR}/gentoo-generator-path-r2.patch"
+   "${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch"
)
fi

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2020-04-17 Thread Mike Gilbert 
commit: 0ea30d0d62cb1a52dbc575bba34e286209e6bcc4
Author: Mike Gilbert  gentoo  org>
AuthorDate: Fri Apr 17 16:35:14 2020 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Fri Apr 17 16:35:14 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ea30d0d

sys-apps/systemd: update generator-path patch

Signed-off-by: Mike Gilbert  gentoo.org>

 .../systemd/files/gentoo-generator-path-r2.patch   | 26 ++
 sys-apps/systemd/systemd-.ebuild   |  2 +-
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/sys-apps/systemd/files/gentoo-generator-path-r2.patch 
b/sys-apps/systemd/files/gentoo-generator-path-r2.patch
new file mode 100644
index 000..46e5c1dacb8
--- /dev/null
+++ b/sys-apps/systemd/files/gentoo-generator-path-r2.patch
@@ -0,0 +1,26 @@
+From 91182cc273d2dd8325d856fd683d2d8e038abd91 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert 
+Date: Tue, 25 Dec 2018 22:52:50 -0500
+Subject: [PATCH] path-lookup: look for generators in
+ /usr/lib/systemd/system-generators
+
+Bug: https://bugs.gentoo.org/625402
+---
+ src/basic/path-lookup.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/basic/path-lookup.c b/src/basic/path-lookup.c
+index 52968dee34..0cb10b1116 100644
+--- a/src/basic/path-lookup.c
 b/src/basic/path-lookup.c
+@@ -798,6 +798,7 @@ char **generator_binary_paths(UnitFileScope scope) {
+ add = strv_new("/run/systemd/system-generators",
+"/etc/systemd/system-generators",
+
"/usr/local/lib/systemd/system-generators",
++   "/usr/lib/systemd/system-generators",
+SYSTEM_GENERATOR_DIR);
+ break;
+ 
+-- 
+2.26.1
+

diff --git a/sys-apps/systemd/systemd-.ebuild 
b/sys-apps/systemd/systemd-.ebuild
index 79adf7db45a..dcf64e48a2a 100644
--- a/sys-apps/systemd/systemd-.ebuild
+++ b/sys-apps/systemd/systemd-.ebuild
@@ -207,7 +207,7 @@ src_prepare() {
PATCHES+=(
"${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
"${FILESDIR}/gentoo-systemd-user-pam.patch"
-   "${FILESDIR}/gentoo-generator-path-r1.patch"
+   "${FILESDIR}/gentoo-generator-path-r2.patch"
)
fi

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2020-02-06 Thread Mike Gilbert 
commit: 1f550c46e58f6d48b6072f50097e1c6d44a30485
Author: Mike Gilbert  gentoo  org>
AuthorDate: Thu Feb  6 15:24:08 2020 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Thu Feb  6 15:24:08 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f550c46

sys-apps/systemd: fix segfault in systemd-sysctl

Closes: https://bugs.gentoo.org/708462
Package-Manager: Portage-2.3.86_p1, Repoman-2.3.20_p43
Signed-off-by: Mike Gilbert  gentoo.org>

 .../systemd/files/245-rc1-sysctl-segfault.patch| 23 ++
 ...md-245_rc1.ebuild => systemd-245_rc1-r1.ebuild} |  1 +
 2 files changed, 24 insertions(+)

diff --git a/sys-apps/systemd/files/245-rc1-sysctl-segfault.patch 
b/sys-apps/systemd/files/245-rc1-sysctl-segfault.patch
new file mode 100644
index 000..7618b2deba5
--- /dev/null
+++ b/sys-apps/systemd/files/245-rc1-sysctl-segfault.patch
@@ -0,0 +1,23 @@
+From db99904bc8482efe556bb010a8b203a3e60ee37f Mon Sep 17 00:00:00 2001
+From: Yu Watanabe 
+Date: Thu, 6 Feb 2020 19:13:11 +0900
+Subject: [PATCH] sysctl: fix segfault
+
+Fixes #14801.
+---
+ src/sysctl/sysctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/sysctl/sysctl.c b/src/sysctl/sysctl.c
+index bbcf0c43235..0cdb740d218 100644
+--- a/src/sysctl/sysctl.c
 b/src/sysctl/sysctl.c
+@@ -257,7 +257,7 @@ static int parse_file(OrderedHashmap **sysctl_options, 
const char *path, bool ig
+ 
+ existing = ordered_hashmap_get(*sysctl_options, p);
+ if (existing) {
+-if (streq(value, existing->value)) {
++if (streq_ptr(value, existing->value)) {
+ existing->ignore_failure = 
existing->ignore_failure || ignore_failure;
+ continue;
+ }

diff --git a/sys-apps/systemd/systemd-245_rc1.ebuild 
b/sys-apps/systemd/systemd-245_rc1-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-245_rc1.ebuild
rename to sys-apps/systemd/systemd-245_rc1-r1.ebuild
index 7bb75c3ee62..e889210fcbd 100644
--- a/sys-apps/systemd/systemd-245_rc1.ebuild
+++ b/sys-apps/systemd/systemd-245_rc1-r1.ebuild
@@ -186,6 +186,7 @@ src_prepare() {
# Add local patches here
PATCHES+=(
"${FILESDIR}"/245-rc1-network-debug.patch
+   "${FILESDIR}"/245-rc1-sysctl-segfault.patch
)
 
if ! use vanilla; then

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2020-02-05 Thread Mike Gilbert 
commit: 7b8918d1047cd2b707ea43dc1d7afcceb761f789
Author: Mike Gilbert  gentoo  org>
AuthorDate: Wed Feb  5 18:23:54 2020 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Wed Feb  5 18:23:54 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b8918d1

sys-apps/systemd: bump to 245-rc1

Package-Manager: Portage-2.3.86_p1, Repoman-2.3.20_p43
Signed-off-by: Mike Gilbert  gentoo.org>

 sys-apps/systemd/Manifest  |   1 +
 sys-apps/systemd/files/245-rc1-network-debug.patch |  45 ++
 sys-apps/systemd/systemd-245_rc1.ebuild| 500 +
 3 files changed, 546 insertions(+)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index ca6af94c9ac..447ac0b12db 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,2 +1,3 @@
 DIST systemd-243.tar.gz 8242522 BLAKE2B 
89e3ebbea5a99061329f7c78220a66c1e075d5ba90dfdf5ee8d0d9b762ef4600dc82d8ca2054632e5e343b6272cd8046c92f7f99dcfa8287c5ef2b42fb96d4cb
 SHA512 
56b52a297aa5ac04d9667eb3afb1598725b197de73ff72baa1aabbc2844e36fba7b7fccdf6d214ae8b5b926616b2b7e15772763aaa80ec938d74333ff9c8673e
 DIST systemd-244.tar.gz 8445963 BLAKE2B 
19751fb9c058a079694ee1b991259fd3f1fa30ae98ca38bbe8caadfc5628db7848c7f742a1b11781fbd67f911adda917d7a4da1dddb63064907f86f47e5a3256
 SHA512 
08f260fb15b5eb273faafda826dd9154e9a02841b4c5911cc1c7e1445072ad51389f8cced7b9acf112737c20fd56b2fbf48b3f914733c934c774d38a23b616fb
+DIST systemd-245-rc1.tar.gz 8961356 BLAKE2B 
ed04166ead57c2f1cc1a1ca2f0041cae134b503d3448ea9fdd799e12d81f45721ee304d4aabd96d3eab8ea1321b283820e8d2a850b41733e40f07fd419f67b95
 SHA512 
2ef9a295f3897c6642a2fac2e3c73467ece9bc6fc196cc4f3707b9c23af2581eb9f74def78909d57513b67604bf1cf6dc5dbb31c6d435f7997677d09a73d006b

diff --git a/sys-apps/systemd/files/245-rc1-network-debug.patch 
b/sys-apps/systemd/files/245-rc1-network-debug.patch
new file mode 100644
index 000..e65035f2185
--- /dev/null
+++ b/sys-apps/systemd/files/245-rc1-network-debug.patch
@@ -0,0 +1,45 @@
+From 01ec0028d97fa97d2e433659e24a1517b0e2382e Mon Sep 17 00:00:00 2001
+From: Mike Gilbert 
+Date: Wed, 5 Feb 2020 11:04:50 -0500
+Subject: [PATCH] network: remove unnecessary link->ifname from debug log
+ statements
+
+Since 98b0299479a68ffd414888368907fc776a46b82a, we log the interface
+name automatically via log_link_debug().
+
+Fixes: https://github.com/systemd/systemd/issues/14782
+---
+ src/network/networkd-dhcp-server.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/network/networkd-dhcp-server.c 
b/src/network/networkd-dhcp-server.c
+index a6dbe2e596c..bee75a6930e 100644
+--- a/src/network/networkd-dhcp-server.c
 b/src/network/networkd-dhcp-server.c
+@@ -45,7 +45,7 @@ static int link_push_uplink_dns_to_dhcp_server(Link *link, 
sd_dhcp_server *s) {
+ size_t n_addresses = 0, n_allocated = 0;
+ unsigned i;
+ 
+-log_link_debug(link, "Copying DNS server information from %s", 
link->ifname);
++log_link_debug(link, "Copying DNS server information from link");
+ 
+ if (!link->network)
+ return 0;
+@@ -99,7 +99,7 @@ static int link_push_uplink_ntp_to_dhcp_server(Link *link, 
sd_dhcp_server *s) {
+ if (!link->network)
+ return 0;
+ 
+-log_link_debug(link, "Copying NTP server information from %s", 
link->ifname);
++log_link_debug(link, "Copying NTP server information from link");
+ 
+ STRV_FOREACH(a, link->network->ntp) {
+ union in_addr_union ia;
+@@ -148,7 +148,7 @@ static int link_push_uplink_sip_to_dhcp_server(Link *link, 
sd_dhcp_server *s) {
+ if (!link->network)
+ return 0;
+ 
+-log_link_debug(link, "Copying SIP server information from %s", 
link->ifname);
++log_link_debug(link, "Copying SIP server information from link");
+ 
+ STRV_FOREACH(a, link->network->sip) {
+ union in_addr_union ia;

diff --git a/sys-apps/systemd/systemd-245_rc1.ebuild 
b/sys-apps/systemd/systemd-245_rc1.ebuild
new file mode 100644
index 000..7bb75c3ee62
--- /dev/null
+++ b/sys-apps/systemd/systemd-245_rc1.ebuild
@@ -0,0 +1,500 @@
+# Copyright 2011-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+if [[ ${PV} ==  ]]; then
+   EGIT_REPO_URI="https://github.com/systemd/systemd.git;
+   inherit git-r3
+else
+   MY_PV=${PV/_/-}
+   MY_P=${PN}-${MY_PV}
+   S=${WORKDIR}/${MY_P}
+   
SRC_URI="https://github.com/systemd/systemd/archive/v${MY_PV}/${MY_P}.tar.gz;
+   KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 
~sparc ~x86"
+fi
+
+PYTHON_COMPAT=( python{3_6,3_7} )
+
+inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam 
python-any-r1 systemd toolchain-funcs udev usr-ldscript
+
+DESCRIPTION="System and service manager for Linux"

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2019-11-17 Thread Mike Gilbert 
commit: 6b544a541f106150ecca3b94bee639792b55733c
Author: Mike Gilbert  gentoo  org>
AuthorDate: Sun Nov 17 19:56:11 2019 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Sun Nov 17 19:56:11 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b544a54

sys-apps/systemd: backport seccomp build fix

Closes: https://bugs.gentoo.org/700200
Package-Manager: Portage-2.3.79_p3, Repoman-2.3.18_p2
Signed-off-by: Mike Gilbert  gentoo.org>

 sys-apps/systemd/files/243-seccomp.patch | 145 +++
 sys-apps/systemd/systemd-243-r2.ebuild   |   1 +
 2 files changed, 146 insertions(+)

diff --git a/sys-apps/systemd/files/243-seccomp.patch 
b/sys-apps/systemd/files/243-seccomp.patch
new file mode 100644
index 000..88b129f7722
--- /dev/null
+++ b/sys-apps/systemd/files/243-seccomp.patch
@@ -0,0 +1,145 @@
+From 4df8fe8415eaf4abd5b93c3447452547c6ea9e5f Mon Sep 17 00:00:00 2001
+From: Lennart Poettering 
+Date: Thu, 14 Nov 2019 17:51:30 +0100
+Subject: [PATCH] seccomp: more comprehensive protection against libseccomp's
+ __NR_xyz namespace invasion
+
+A follow-up for 59b657296a2fe104f112b91bbf9301724067cc81, adding the
+same conditioning for all cases of our __NR_xyz use.
+
+Fixes: #14031
+---
+ src/basic/missing_syscall.h | 10 +-
+ src/test/test-seccomp.c | 19 ++-
+ 2 files changed, 15 insertions(+), 14 deletions(-)
+
+diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h
+index 6d9b12544d..1255d8b197 100644
+--- a/src/basic/missing_syscall.h
 b/src/basic/missing_syscall.h
+@@ -274,7 +274,7 @@ static inline int missing_renameat2(int oldfd, const char 
*oldname, int newfd, c
+ 
+ #if !HAVE_KCMP
+ static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned 
long idx1, unsigned long idx2) {
+-#  ifdef __NR_kcmp
++#  if defined __NR_kcmp && __NR_kcmp > 0
+ return syscall(__NR_kcmp, pid1, pid2, type, idx1, idx2);
+ #  else
+ errno = ENOSYS;
+@@ -289,7 +289,7 @@ static inline int missing_kcmp(pid_t pid1, pid_t pid2, int 
type, unsigned long i
+ 
+ #if !HAVE_KEYCTL
+ static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long 
arg3, unsigned long arg4, unsigned long arg5) {
+-#  ifdef __NR_keyctl
++#  if defined __NR_keyctl && __NR_keyctl > 0
+ return syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5);
+ #  else
+ errno = ENOSYS;
+@@ -300,7 +300,7 @@ static inline long missing_keyctl(int cmd, unsigned long 
arg2, unsigned long arg
+ }
+ 
+ static inline key_serial_t missing_add_key(const char *type, const char 
*description, const void *payload, size_t plen, key_serial_t ringid) {
+-#  ifdef __NR_add_key
++#  if defined __NR_add_key && __NR_add_key > 0
+ return syscall(__NR_add_key, type, description, payload, plen, 
ringid);
+ #  else
+ errno = ENOSYS;
+@@ -311,7 +311,7 @@ static inline key_serial_t missing_add_key(const char 
*type, const char *descrip
+ }
+ 
+ static inline key_serial_t missing_request_key(const char *type, const char 
*description, const char * callout_info, key_serial_t destringid) {
+-#  ifdef __NR_request_key
++#  if defined __NR_request_key && __NR_request_key > 0
+ return syscall(__NR_request_key, type, description, callout_info, 
destringid);
+ #  else
+ errno = ENOSYS;
+@@ -496,7 +496,7 @@ enum {
+ static inline long missing_set_mempolicy(int mode, const unsigned long 
*nodemask,
+unsigned long maxnode) {
+ long i;
+-#  ifdef __NR_set_mempolicy
++#  if defined __NR_set_mempolicy && __NR_set_mempolicy > 0
+ i = syscall(__NR_set_mempolicy, mode, nodemask, maxnode);
+ #  else
+ errno = ENOSYS;
+diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
+index 018c20f8be..c6692043fe 100644
+--- a/src/test/test-seccomp.c
 b/src/test/test-seccomp.c
+@@ -28,7 +28,8 @@
+ #include "tmpfile-util.h"
+ #include "virt.h"
+ 
+-#if SCMP_SYS(socket) < 0 || defined(__i386__) || defined(__s390x__) || 
defined(__s390__)
++/* __NR_socket may be invalid due to libseccomp */
++#if !defined(__NR_socket) || __NR_socket <= 0 || defined(__i386__) || 
defined(__s390x__) || defined(__s390__)
+ /* On these archs, socket() is implemented via the socketcall() syscall 
multiplexer,
+  * and we can't restrict it hence via seccomp. */
+ #  define SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN 1
+@@ -304,14 +305,14 @@ static void test_protect_sysctl(void) {
+ assert_se(pid >= 0);
+ 
+ if (pid == 0) {
+-#if __NR__sysctl > 0
++#if defined __NR__sysctl && __NR__sysctl > 0
+ assert_se(syscall(__NR__sysctl, NULL) < 0);
+ assert_se(errno == EFAULT);
+ #endif
+ 
+ assert_se(seccomp_protect_sysctl() >= 0);
+ 
+-#if __NR__sysctl > 0
++#if defined __NR__sysctl && __NR__sysctl > 0
+ assert_se(syscall(__NR__sysctl, 0, 0, 0) < 0);
+ assert_se(errno == EPERM);
+ #endif
+@@ -640,7 +641,7 @@

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2019-08-11 Thread Mike Gilbert 
commit: 35dcfcc83b7e325672f9167b5417d67deb4e3270
Author: Mike Gilbert  gentoo  org>
AuthorDate: Sun Aug 11 16:27:41 2019 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Sun Aug 11 16:27:41 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35dcfcc8

sys-apps/systemd: backport fixes

Closes: https://bugs.gentoo.org/691232
Closes: https://bugs.gentoo.org/691280
Closes: https://bugs.gentoo.org/691502
Package-Manager: Portage-2.3.71, Repoman-2.3.16_p24
Signed-off-by: Mike Gilbert  gentoo.org>

 sys-apps/systemd/files/243-rc1-cryptsetup.patch| 148 +
 ...243-rc1-revert-logind-remove-unused-check.patch |  31 +
 .../systemd/files/243-rc1-udev-properties.patch|  53 
 ...243_rc1-r1.ebuild => systemd-243_rc1-r2.ebuild} |   3 +
 4 files changed, 235 insertions(+)

diff --git a/sys-apps/systemd/files/243-rc1-cryptsetup.patch 
b/sys-apps/systemd/files/243-rc1-cryptsetup.patch
new file mode 100644
index 000..e922d4d29cb
--- /dev/null
+++ b/sys-apps/systemd/files/243-rc1-cryptsetup.patch
@@ -0,0 +1,148 @@
+From f4ea8432e67110b73b07dd0e47a5339d83b350fb Mon Sep 17 00:00:00 2001
+From: Lennart Poettering 
+Date: Wed, 31 Jul 2019 09:38:15 +0200
+Subject: [PATCH] cryptsetup-generator: fix coverity issue
+
+Fixes coverity issue 1403772
+---
+ src/cryptsetup/cryptsetup-generator.c | 16 
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/src/cryptsetup/cryptsetup-generator.c 
b/src/cryptsetup/cryptsetup-generator.c
+index c51bb9ae189..960f4762b7d 100644
+--- a/src/cryptsetup/cryptsetup-generator.c
 b/src/cryptsetup/cryptsetup-generator.c
+@@ -46,30 +46,30 @@ STATIC_DESTRUCTOR_REGISTER(arg_disks, hashmap_freep);
+ STATIC_DESTRUCTOR_REGISTER(arg_default_options, freep);
+ STATIC_DESTRUCTOR_REGISTER(arg_default_keyfile, freep);
+ 
+-static int split_keyspec(const char *keyspec, char **keyfile, char **keydev) {
++static int split_keyspec(const char *keyspec, char **ret_keyfile, char 
**ret_keydev) {
+ _cleanup_free_ char *kfile = NULL, *kdev = NULL;
+-char *c;
++const char *c;
+ 
+ assert(keyspec);
+-assert(keyfile);
+-assert(keydev);
++assert(ret_keyfile);
++assert(ret_keydev);
+ 
+ c = strrchr(keyspec, ':');
+ if (c) {
+ kfile = strndup(keyspec, c-keyspec);
+ kdev = strdup(c + 1);
+-if (!*kfile || !*kdev)
++if (!kfile || !kdev)
+ return log_oom();
+ } else {
+ /* No keydev specified */
+ kfile = strdup(keyspec);
+ kdev = NULL;
+-if (!*kfile)
++if (!kfile)
+ return log_oom();
+ }
+ 
+-*keyfile = TAKE_PTR(kfile);
+-*keydev = TAKE_PTR(kdev);
++*ret_keyfile = TAKE_PTR(kfile);
++*ret_keydev = TAKE_PTR(kdev);
+ 
+ return 0;
+ }
+From 5d2100dc4c32abbce4109e75cbfbbef6e1b2b7b1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= 
+Date: Thu, 1 Aug 2019 08:13:13 +0200
+Subject: [PATCH] cryptsetup: use unabbrieviated variable names
+
+Now that "ret_" has been added to the output variables, we can name
+the internal variables without artificial abbrevs.
+---
+ src/cryptsetup/cryptsetup-generator.c | 18 +-
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/src/cryptsetup/cryptsetup-generator.c 
b/src/cryptsetup/cryptsetup-generator.c
+index 960f4762b7d..84483143945 100644
+--- a/src/cryptsetup/cryptsetup-generator.c
 b/src/cryptsetup/cryptsetup-generator.c
+@@ -47,7 +47,7 @@ STATIC_DESTRUCTOR_REGISTER(arg_default_options, freep);
+ STATIC_DESTRUCTOR_REGISTER(arg_default_keyfile, freep);
+ 
+ static int split_keyspec(const char *keyspec, char **ret_keyfile, char 
**ret_keydev) {
+-_cleanup_free_ char *kfile = NULL, *kdev = NULL;
++_cleanup_free_ char *keyfile = NULL, *keydev = NULL;
+ const char *c;
+ 
+ assert(keyspec);
+@@ -56,20 +56,20 @@ static int split_keyspec(const char *keyspec, char 
**ret_keyfile, char **ret_key
+ 
+ c = strrchr(keyspec, ':');
+ if (c) {
+-kfile = strndup(keyspec, c-keyspec);
+-kdev = strdup(c + 1);
+-if (!kfile || !kdev)
++keyfile = strndup(keyspec, c-keyspec);
++keydev = strdup(c + 1);
++if (!keyfile || !keydev)
+ return log_oom();
+ } else {
+ /* No keydev specified */
+-kfile = strdup(keyspec);
+-kdev = NULL;
+-if (!kfile)
++keyfile = strdup(keyspec);
++keydev = NULL;
++if (!keyfile)
+ return log_oom();
+ }
+ 
+-*ret_keyfile = TAKE_PTR(kfile);
+-*ret_keydev = TAKE_PTR(kdev);
++

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2019-07-10 Thread Mike Gilbert 
commit: 6be3d97505de9b79544a76fb998993886a40a9a4
Author: Mike Gilbert  gentoo  org>
AuthorDate: Wed Jul 10 18:14:37 2019 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Wed Jul 10 18:20:54 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6be3d975

sys-apps/systemd: backport networkd fix

Closes: https://bugs.gentoo.org/687340
Package-Manager: Portage-2.3.68, Repoman-2.3.16_p2
Signed-off-by: Mike Gilbert  gentoo.org>

 sys-apps/systemd/files/242-network-domains.patch   | 57 ++
 ...systemd-242-r5.ebuild => systemd-242-r6.ebuild} |  1 +
 2 files changed, 58 insertions(+)

diff --git a/sys-apps/systemd/files/242-network-domains.patch 
b/sys-apps/systemd/files/242-network-domains.patch
new file mode 100644
index 000..166a8ee5b76
--- /dev/null
+++ b/sys-apps/systemd/files/242-network-domains.patch
@@ -0,0 +1,57 @@
+From fe0e16db093a7da09fcb52a2bc7017197047443d Mon Sep 17 00:00:00 2001
+From: Yu Watanabe 
+Date: Mon, 13 May 2019 05:40:31 +0900
+Subject: [PATCH] network: do not use ordered_set_printf() for DOMAINS= or
+ ROUTE_DOMAINS=
+
+This partially reverts 5e2a51d588dde4b52c6017ea80b75c16e6e23431.
+
+Fixes #12531.
+---
+ src/network/networkd-link.c | 17 +++--
+ 1 file changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index f8ee48802cb..1dc10c65a1b 100644
+--- a/src/network/networkd-link.c
 b/src/network/networkd-link.c
+@@ -3495,12 +3495,11 @@ int link_save(Link *link) {
+ admin_state, oper_state);
+ 
+ if (link->network) {
+-bool space;
++char **dhcp6_domains = NULL, **dhcp_domains = NULL;
++const char *dhcp_domainname = NULL, *p;
+ sd_dhcp6_lease *dhcp6_lease = NULL;
+-const char *dhcp_domainname = NULL;
+-char **dhcp6_domains = NULL;
+-char **dhcp_domains = NULL;
+ unsigned j;
++bool space;
+ 
+ fprintf(f, "REQUIRED_FOR_ONLINE=%s\n",
+ yes_no(link->network->required_for_online));
+@@ -3617,7 +3616,10 @@ int link_save(Link *link) {
+ (void) 
sd_dhcp6_lease_get_domains(dhcp6_lease, _domains);
+ }
+ 
+-ordered_set_print(f, "DOMAINS=", 
link->network->search_domains);
++fputs("DOMAINS=", f);
++space = false;
++ORDERED_SET_FOREACH(p, link->network->search_domains, i)
++fputs_with_space(f, p, NULL, );
+ 
+ if (link->network->dhcp_use_domains == DHCP_USE_DOMAINS_YES) {
+ NDiscDNSSL *dd;
+@@ -3635,7 +3637,10 @@ int link_save(Link *link) {
+ 
+ fputc('\n', f);
+ 
+-ordered_set_print(f, "ROUTE_DOMAINS=", 
link->network->route_domains);
++fputs("ROUTE_DOMAINS=", f);
++space = false;
++ORDERED_SET_FOREACH(p, link->network->route_domains, i)
++fputs_with_space(f, p, NULL, );
+ 
+ if (link->network->dhcp_use_domains == 
DHCP_USE_DOMAINS_ROUTE) {
+ NDiscDNSSL *dd;

diff --git a/sys-apps/systemd/systemd-242-r5.ebuild 
b/sys-apps/systemd/systemd-242-r6.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-242-r5.ebuild
rename to sys-apps/systemd/systemd-242-r6.ebuild
index ec26fa49f50..a42f1f1f5d8 100644
--- a/sys-apps/systemd/systemd-242-r5.ebuild
+++ b/sys-apps/systemd/systemd-242-r6.ebuild
@@ -173,6 +173,7 @@ src_prepare() {
"${FILESDIR}"/242-file-max.patch
"${FILESDIR}"/242-rdrand-ryzen.patch
"${FILESDIR}"/242-networkd-ipv6-token.patch
+   "${FILESDIR}"/242-network-domains.patch
)
 
if ! use vanilla; then

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2019-07-10 Thread Mike Gilbert 
commit: d5de18bc38a164bac47401cb9fa4a73afba5d49e
Author: Mike Gilbert  gentoo  org>
AuthorDate: Wed Jul 10 15:36:54 2019 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Wed Jul 10 15:37:03 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d5de18bc

sys-apps/systemd: backport networkd fix

Closes: https://bugs.gentoo.org/689496
Package-Manager: Portage-2.3.68, Repoman-2.3.16_p2
Signed-off-by: Mike Gilbert  gentoo.org>

 .../systemd/files/242-networkd-ipv6-token.patch| 152 +
 ...systemd-241-r3.ebuild => systemd-241-r4.ebuild} |   1 +
 ...systemd-242-r4.ebuild => systemd-242-r5.ebuild} |   1 +
 3 files changed, 154 insertions(+)

diff --git a/sys-apps/systemd/files/242-networkd-ipv6-token.patch 
b/sys-apps/systemd/files/242-networkd-ipv6-token.patch
new file mode 100644
index 000..87a85f6f6ab
--- /dev/null
+++ b/sys-apps/systemd/files/242-networkd-ipv6-token.patch
@@ -0,0 +1,152 @@
+From 4eb086a38712ea98faf41e075b84555b11b54362 Mon Sep 17 00:00:00 2001
+From: Susant Sahani 
+Date: Thu, 9 May 2019 07:35:35 +0530
+Subject: [PATCH] networkd: fix link_up() (#12505)
+
+Fillup IFLA_INET6_ADDR_GEN_MODE while we do link_up.
+
+Fixes the following error:
+```
+dummy-test: Could not bring up interface: Invalid argument
+```
+
+After reading the kernel code when we do a link up
+```
+net/core/rtnetlink.c
+IFLA_AF_SPEC
+ af_ops->set_link_af(dev, af);
+  inet6_set_link_af
+   if (tb[IFLA_INET6_ADDR_GEN_MODE])
+ Here it looks for IFLA_INET6_ADDR_GEN_MODE
+```
+Since link up we didn't filling up that it's failing.
+
+Closes #12504.
+---
+ src/network/networkd-link.c | 15 +++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 3c8b5c5cb43..4db9f3f980f 100644
+--- a/src/network/networkd-link.c
 b/src/network/networkd-link.c
+@@ -2031,6 +2031,8 @@ static int link_up(Link *link) {
+ }
+ 
+ if (link_ipv6_enabled(link)) {
++uint8_t ipv6ll_mode;
++
+ r = sd_netlink_message_open_container(req, IFLA_AF_SPEC);
+ if (r < 0)
+ return log_link_error_errno(link, r, "Could not open 
IFLA_AF_SPEC container: %m");
+@@ -2046,6 +2048,19 @@ static int link_up(Link *link) {
+ return log_link_error_errno(link, r, "Could 
not append IFLA_INET6_TOKEN: %m");
+ }
+ 
++if (!link_ipv6ll_enabled(link))
++ipv6ll_mode = IN6_ADDR_GEN_MODE_NONE;
++else if (sysctl_read_ip_property(AF_INET6, link->ifname, 
"stable_secret", NULL) < 0)
++/* The file may not exist. And event if it exists, 
when stable_secret is unset,
++ * reading the file fails with EIO. */
++ipv6ll_mode = IN6_ADDR_GEN_MODE_EUI64;
++else
++ipv6ll_mode = IN6_ADDR_GEN_MODE_STABLE_PRIVACY;
++
++r = sd_netlink_message_append_u8(req, 
IFLA_INET6_ADDR_GEN_MODE, ipv6ll_mode);
++if (r < 0)
++return log_link_error_errno(link, r, "Could not 
append IFLA_INET6_ADDR_GEN_MODE: %m");
++
+ r = sd_netlink_message_close_container(req);
+ if (r < 0)
+ return log_link_error_errno(link, r, "Could not close 
AF_INET6 container: %m");
+From 9f6e82e6eb3b6e73d66d00d1d6eee60691fb702f Mon Sep 17 00:00:00 2001
+From: Yu Watanabe 
+Date: Thu, 9 May 2019 14:39:46 +0900
+Subject: [PATCH] network: do not send ipv6 token to kernel
+
+We disabled kernel RA support. Then, we should not send
+IFLA_INET6_TOKEN.
+Thus, we do not need to send IFLA_INET6_ADDR_GEN_MODE twice.
+
+Follow-up for 0e2fdb83bb5e22047e0c7cc058b415d0e93f02cf and
+4eb086a38712ea98faf41e075b84555b11b54362.
+---
+ src/network/networkd-link.c | 51 +
+ 1 file changed, 6 insertions(+), 45 deletions(-)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 2b6ff2b6c58..b6da4ea70b7 100644
+--- a/src/network/networkd-link.c
 b/src/network/networkd-link.c
+@@ -1954,6 +1954,9 @@ static int link_configure_addrgen_mode(Link *link) {
+ assert(link->manager);
+ assert(link->manager->rtnl);
+ 
++if (!socket_ipv6_is_supported())
++return 0;
++
+ log_link_debug(link, "Setting address genmode for link");
+ 
+ r = sd_rtnl_message_new_link(link->manager->rtnl, , RTM_SETLINK, 
link->ifindex);
+@@ -2047,46 +2050,6 @@ static int link_up(Link *link) {
+ return log_link_error_errno(link, r, "Could not set 
MAC address: %m");
+ }
+ 
+-if (link_ipv6_enabled(link)) {
+-uint8_t ipv6ll_mode;
+-
+-r = sd_netlink_message_open_container(req, IFLA_AF_SPEC);
+-if (r < 0)
+-return

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2019-07-08 Thread Mike Gilbert 
commit: d8e9f1fc3f4d1cb207a640447f843d1fea8f941d
Author: Mike Gilbert  gentoo  org>
AuthorDate: Mon Jul  8 15:47:01 2019 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Mon Jul  8 15:47:01 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8e9f1fc

sys-apps/systemd: backport rdrand workaround for ryzen cpus

Package-Manager: Portage-2.3.68, Repoman-2.3.16_p2
Signed-off-by: Mike Gilbert  gentoo.org>

 .../systemd/files/241-wrapper-msan-unpoinson.patch |  76 +
 sys-apps/systemd/files/242-rdrand-ryzen.patch  | 353 +
 ...systemd-241-r2.ebuild => systemd-241-r3.ebuild} |   2 +
 ...systemd-242-r3.ebuild => systemd-242-r4.ebuild} |   1 +
 4 files changed, 432 insertions(+)

diff --git a/sys-apps/systemd/files/241-wrapper-msan-unpoinson.patch 
b/sys-apps/systemd/files/241-wrapper-msan-unpoinson.patch
new file mode 100644
index 000..e337b4f4ca5
--- /dev/null
+++ b/sys-apps/systemd/files/241-wrapper-msan-unpoinson.patch
@@ -0,0 +1,76 @@
+From c322f379e6ca972f1c4d3409ac97828b1b838d5d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= 
+Date: Fri, 22 Feb 2019 13:07:00 +0100
+Subject: [PATCH] Add wrapper for __msan_unpoinson() to reduce #ifdeffery
+
+This isn't really necessary for the subsequent commit, but I expect that we'll
+need to unpoison more often once we turn on msan in CI, so I think think this
+change makes sense in the long run.
+---
+ src/basic/alloc-util.h  | 10 ++
+ src/basic/random-util.c | 11 ++-
+ 2 files changed, 12 insertions(+), 9 deletions(-)
+
+diff --git a/src/basic/alloc-util.h b/src/basic/alloc-util.h
+index 893a1238ff..78ee34bb71 100644
+--- a/src/basic/alloc-util.h
 b/src/basic/alloc-util.h
+@@ -8,6 +8,10 @@
+ 
+ #include "macro.h"
+ 
++#if HAS_FEATURE_MEMORY_SANITIZER
++#  include 
++#endif
++
+ typedef void (*free_func_t)(void *p);
+ 
+ /* If for some reason more than 4M are allocated on the stack, let's abort 
immediately. It's better than
+@@ -160,3 +164,9 @@ void* greedy_realloc0(void **p, size_t *allocated, size_t 
need, size_t size);
+ (ptr) = NULL;   \
+ _ptr_;  \
+ })
++
++#if HAS_FEATURE_MEMORY_SANITIZER
++#  define msan_unpoison(r, s) __msan_unpoison(r, s)
++#else
++#  define msan_unpoison(r, s)
++#endif
+diff --git a/src/basic/random-util.c b/src/basic/random-util.c
+index f7decf60b6..ca25fd2420 100644
+--- a/src/basic/random-util.c
 b/src/basic/random-util.c
+@@ -23,16 +23,13 @@
+ #  include 
+ #endif
+ 
++#include "alloc-util.h"
+ #include "fd-util.h"
+ #include "io-util.h"
+ #include "missing.h"
+ #include "random-util.h"
+ #include "time-util.h"
+ 
+-#if HAS_FEATURE_MEMORY_SANITIZER
+-#include 
+-#endif
+-
+ int rdrand(unsigned long *ret) {
+ 
+ #if defined(__i386__) || defined(__x86_64__)
+@@ -58,11 +55,7 @@ int rdrand(unsigned long *ret) {
+  "setc %1"
+  : "=r" (*ret),
+"=qm" (err));
+-
+-#if HAS_FEATURE_MEMORY_SANITIZER
+-__msan_unpoison(, sizeof(err));
+-#endif
+-
++msan_unpoison(, sizeof(err));
+ if (!err)
+ return -EAGAIN;
+ 
+-- 
+2.22.0
+

diff --git a/sys-apps/systemd/files/242-rdrand-ryzen.patch 
b/sys-apps/systemd/files/242-rdrand-ryzen.patch
new file mode 100644
index 000..ec690c1b3f6
--- /dev/null
+++ b/sys-apps/systemd/files/242-rdrand-ryzen.patch
@@ -0,0 +1,353 @@
+From d351699739471734666230ae3c6f9ba56ce5ce45 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering 
+Date: Tue, 7 May 2019 16:18:13 -0400
+Subject: [PATCH 1/6] =?UTF-8?q?random-util:=20rename=20RANDOM=5FDONT=5FDRA?=
+ =?UTF-8?q?IN=20=E2=86=92=20RANDOM=5FMAY=5FFAIL?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The old flag name was a bit of a misnomer, as /dev/urandom cannot be
+"drained". Once it's initialized it's initialized and then is good
+forever. (Only /dev/random has a concept of 'draining', but we never use
+that, as it's an obsolete interface).
+
+The flag is still useful though, since it allows us to suppress accesses
+to the random pool while it is not initialized, as that trips up the
+kernel and it logs about any such attempts, which we really don't want.
+
+(cherry picked from commit 1a0ffa1e737e65312abac63dcf4b44e1ac0e1642)
+---
+ src/basic/random-util.c | 36 +++-
+ src/basic/random-util.h |  4 ++--
+ 2 files changed, 21 insertions(+), 19 deletions(-)
+
+diff --git a/src/basic/random-util.c b/src/basic/random-util.c
+index ca25fd2420..de29e07549 100644
+--- a/src/basic/random-util.c
 b/src/basic/random-util.c
+@@ -71,21 +71,22 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags 
flags) {
+ bool got_some = false;
+ int r;
+ 
+-/* Gathers some randomness from the kernel (or the CPU if the 
RANDOM_ALLOW_RDRAND flag is set). This call won't
+- *

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2019-06-08 Thread Mike Gilbert 
commit: 3b233dd17e8806f9eed9d8fa097a653d100a788a
Author: Mike Gilbert  gentoo  org>
AuthorDate: Sat Jun  8 20:43:59 2019 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Sat Jun  8 20:43:59 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3b233dd1

sys-apps/systemd: remove old

Package-Manager: Portage-2.3.67_p4, Repoman-2.3.13_p3
Signed-off-by: Mike Gilbert  gentoo.org>

 sys-apps/systemd/Manifest  |   2 -
 sys-apps/systemd/files/239-debug-extra.patch   |  40 --
 sys-apps/systemd/files/gentoo-generator-path.patch |  27 --
 sys-apps/systemd/systemd-239-r4.ebuild | 449 ---
 sys-apps/systemd/systemd-242-r1.ebuild | 491 -
 5 files changed, 1009 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index ccc853651c0..e68034e7888 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,4 +1,2 @@
-DIST systemd-239-patches-2.tar.gz 33416 BLAKE2B 
9602d101cbac65d3b2490f28308e843c28fcaea848dd09005abef0da0bc79ba0766a1cbe7c3cac63f796accddf0295b4eb946e601a201f7e81a48bd1720051ca
 SHA512 
5f5a764d317c43c6b1854171a753eafaca006e12e4f91c81e6ba1d50e80bbbaca23c900fba417264bf9f0d827a73aca71a6da8f2a2043aaaefefed62f5a92b23
-DIST systemd-239.tar.gz 7157293 BLAKE2B 
975f6215c8bb6662d6e161f637e1fece22930c0190b3c31a8fc4cb1a10600546a252704ac95590d9d14e495fcd06082a590e6d755e36603a41b3a396d579d8b0
 SHA512 
fd44590dfd148504c5ed1e67521efce50d84b627b7fc77015fa95dfa76d7a42297c56cc89eff40181809732024b16d48f2a87038cf435e0c63bc2b95ecd86b0f
 DIST systemd-241.tar.gz 7640538 BLAKE2B 
69d7196fee0d0ad06ea8d7c78b0299cc17517ecce3ca4c0b1181a3fbb13bc2627629156785051e2ff427dcc21414f7a078724c6409ebaa431618e4799ebcd50a
 SHA512 
a7757574590e8aa37e1291ea0b2c5eb03a8d8062fe9462fa5b0bf50830c933e2b301d106c70d904f94afc0aa8e43a8acfd11926dfa25b1b89174580e491e545e
 DIST systemd-242.tar.gz 7831435 BLAKE2B 
288e65d0a8e133ef5885689eb16118a83d93c730e342da63115cea0892fc999104c3a4856c83f3e7ef909ba2f3311146730b05ee02d84cc0400851ccbdcd54cd
 SHA512 
578f68a3c8f2d454198fc04ff8d943abcfb390531d57f9603d185857f7afa7f4dc641dafecf49ce50fe22f5837b252b181400891e8efd4459fd4f69bb4283cb4

diff --git a/sys-apps/systemd/files/239-debug-extra.patch 
b/sys-apps/systemd/files/239-debug-extra.patch
deleted file mode 100644
index 19db590257c..000
--- a/sys-apps/systemd/files/239-debug-extra.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 8f6b442a78d0b485f044742ad90b2e8271b4e68e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= 
-Date: Sun, 19 Aug 2018 19:11:30 +0200
-Subject: [PATCH] meson: rename -Ddebug to -Ddebug-extra
-
-Meson added -Doptimization and -Ddebug options, which obviously causes
-a conflict with our -Ddebug options. Let's rename it.
-
-Fixes #9883.

- meson.build   | 2 +-
- meson_options.txt | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/meson.build b/meson.build
-index f79ac4b12e7..2209c935ad6 100644
 a/meson.build
-+++ b/meson.build
-@@ -763,7 +763,7 @@ substs.set('DEBUGTTY', get_option('debug-tty'))
- 
- enable_debug_hashmap = false
- enable_debug_mmap_cache = false
--foreach name : get_option('debug')
-+foreach name : get_option('debug-extra')
- if name == 'hashmap'
- enable_debug_hashmap = true
- elif name == 'mmap-cache'
-diff --git a/meson_options.txt b/meson_options.txt
-index e3140c8c110..7b1f61bf464 100644
 a/meson_options.txt
-+++ b/meson_options.txt
-@@ -45,7 +45,7 @@ option('debug-shell', type : 'string', value : '/bin/sh',
-description : 'path to debug shell binary')
- option('debug-tty', type : 'string', value : '/dev/tty9',
-description : 'specify the tty device for debug shell')
--option('debug', type : 'array', choices : ['hashmap', 'mmap-cache'], value : 
[],
-+option('debug-extra', type : 'array', choices : ['hashmap', 'mmap-cache'], 
value : [],
-description : 'enable extra debugging')
- option('memory-accounting-default', type : 'boolean',
-description : 'enable MemoryAccounting= by default')

diff --git a/sys-apps/systemd/files/gentoo-generator-path.patch 
b/sys-apps/systemd/files/gentoo-generator-path.patch
deleted file mode 100644
index 6912b481f20..000
--- a/sys-apps/systemd/files/gentoo-generator-path.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From d9287b10d714175521e3bcd6c53de4819b1357c5 Mon Sep 17 00:00:00 2001
-From: Mike Gilbert 
-Date: Mon, 17 Jul 2017 11:21:25 -0400
-Subject: [PATCH 1/3] path-lookup: look for generators in
- {,/usr}/lib/systemd/system-generators
-
-Bug: https://bugs.gentoo.org/625402

- src/shared/path-lookup.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c
-index e2b3f8b74..1ee0e1cdb 100644
 a/src/shared/path-lookup.c
-+++ b/src/shared/path-lookup.c
-@@ -821,6 +821,8 @@ char **generator_binary_paths(UnitFileScope scope) {
-

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2019-02-18 Thread Mike Gilbert 
commit: b8fdbe1769429ab4e0310916f85275f7a4e5b74e
Author: Mike Gilbert  gentoo  org>
AuthorDate: Mon Feb 18 23:31:19 2019 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Mon Feb 18 23:31:56 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b8fdbe17

sys-apps/systemd: apply fix for CVE-2019-6454 to 239

Bug: https://bugs.gentoo.org/677944
Package-Manager: Portage-2.3.59_p2, Repoman-2.3.12_p67
Signed-off-by: Mike Gilbert  gentoo.org>

 sys-apps/systemd/files/CVE-2019-6454.patch | 198 +
 sys-apps/systemd/systemd-239-r4.ebuild | 449 +
 2 files changed, 647 insertions(+)

diff --git a/sys-apps/systemd/files/CVE-2019-6454.patch 
b/sys-apps/systemd/files/CVE-2019-6454.patch
new file mode 100644
index 000..97b7d635e7d
--- /dev/null
+++ b/sys-apps/systemd/files/CVE-2019-6454.patch
@@ -0,0 +1,198 @@
+--- a/src/libsystemd/sd-bus/bus-internal.c
 b/src/libsystemd/sd-bus/bus-internal.c
+@@ -45,7 +45,7 @@
+ if (slash)
+ return false;
+
+-return true;
++return (q - p) <= BUS_PATH_SIZE_MAX;
+ }
+
+ char* object_path_startswith(const char *a, const char *b) {
+--- a/src/libsystemd/sd-bus/bus-internal.h
 b/src/libsystemd/sd-bus/bus-internal.h
+@@ -333,6 +333,10 @@
+
+ #define BUS_MESSAGE_SIZE_MAX (128*1024*1024)
+ #define BUS_AUTH_SIZE_MAX (64*1024)
++/* Note that the D-Bus specification states that bus paths shall have no size 
limit. We enforce here one
++ * anyway, since truly unbounded strings are a security problem. The limit we 
pick is relatively large however,
++ * to not clash unnecessarily with real-life applications. */
++#define BUS_PATH_SIZE_MAX (64*1024)
+
+ #define BUS_CONTAINER_DEPTH 128
+
+--- a/src/libsystemd/sd-bus/bus-objects.c
 b/src/libsystemd/sd-bus/bus-objects.c
+@@ -1134,7 +1134,8 @@
+ const char *path,
+ sd_bus_error *error) {
+
+-char *prefix;
++_cleanup_free_ char *prefix = NULL;
++size_t pl;
+ int r;
+
+ assert(bus);
+@@ -1150,7 +1151,12 @@
+ return 0;
+
+ /* Second, add fallback vtables registered for any of the prefixes */
+-prefix = alloca(strlen(path) + 1);
++pl = strlen(path);
++assert(pl <= BUS_PATH_SIZE_MAX);
++prefix = new(char, pl + 1);
++if (!prefix)
++return -ENOMEM;
++
+ OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+ r = object_manager_serialize_path(bus, reply, prefix, path, 
true, error);
+ if (r < 0)
+@@ -1346,6 +1352,7 @@
+ }
+
+ int bus_process_object(sd_bus *bus, sd_bus_message *m) {
++_cleanup_free_ char *prefix = NULL;
+ int r;
+ size_t pl;
+ bool found_object = false;
+@@ -1370,9 +1377,12 @@
+ assert(m->member);
+
+ pl = strlen(m->path);
+-do {
+-char prefix[pl+1];
++assert(pl <= BUS_PATH_SIZE_MAX);
++prefix = new(char, pl + 1);
++if (!prefix)
++return -ENOMEM;
+
++do {
+ bus->nodes_modified = false;
+
+ r = object_find_and_run(bus, m, m->path, false, 
_object);
+@@ -1499,9 +1509,15 @@
+
+ n = hashmap_get(bus->nodes, path);
+ if (!n) {
+-char *prefix;
++_cleanup_free_ char *prefix = NULL;
++size_t pl;
++
++pl = strlen(path);
++assert(pl <= BUS_PATH_SIZE_MAX);
++prefix = new(char, pl + 1);
++if (!prefix)
++return -ENOMEM;
+
+-prefix = alloca(strlen(path) + 1);
+ OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+ n = hashmap_get(bus->nodes, prefix);
+ if (n)
+@@ -2091,8 +2107,9 @@
+ char **names) {
+
+ BUS_DONT_DESTROY(bus);
++_cleanup_free_ char *prefix = NULL;
+ bool found_interface = false;
+-char *prefix;
++size_t pl;
+ int r;
+
+ assert_return(bus, -EINVAL);
+@@ -2111,6 +2128,12 @@
+ if (names && names[0] == NULL)
+ return 0;
+
++pl = strlen(path);
++assert(pl <= BUS_PATH_SIZE_MAX);
++prefix = new(char, pl + 1);
++if (!prefix)
++return -ENOMEM;
++
+ do {
+ bus->nodes_modified = false;
+
+@@ -2120,7 +2143,6 @@
+ if (bus->nodes_modified)
+ continue;
+
+-prefix = alloca(strlen(path) + 1);
+ OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+ r = emit_properties_changed_on_interface(bus, prefix, 
path, interface, true, _interface, names);
+ if (r != 0)
+@@ -2252,7 +2274,8 @@
+
+ static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char 
*path) {
+ _cleanup_set_free_ Set *s

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2018-12-25 Thread Mike Gilbert 
commit: 9f1432cda09ee42e59d6f67279f09140601e8269
Author: Mike Gilbert  gentoo  org>
AuthorDate: Wed Dec 26 04:02:01 2018 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Wed Dec 26 04:02:01 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f1432cd

sys-apps/systemd: update generator-path patch

Package-Manager: Portage-2.3.52_p8, Repoman-2.3.12_p20
Signed-off-by: Mike Gilbert  gentoo.org>

 .../systemd/files/gentoo-generator-path-r1.patch   | 27 ++
 sys-apps/systemd/systemd-.ebuild   |  2 +-
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/sys-apps/systemd/files/gentoo-generator-path-r1.patch 
b/sys-apps/systemd/files/gentoo-generator-path-r1.patch
new file mode 100644
index 000..459be9d99ed
--- /dev/null
+++ b/sys-apps/systemd/files/gentoo-generator-path-r1.patch
@@ -0,0 +1,27 @@
+From 3c7918deafa34313b935851171279d8fdb5cfadb Mon Sep 17 00:00:00 2001
+From: Mike Gilbert 
+Date: Tue, 25 Dec 2018 22:52:50 -0500
+Subject: [PATCH] path-lookup: look for generators in
+ {,/usr}/lib/systemd/system-generators
+
+Bug: https://bugs.gentoo.org/625402
+---
+ src/shared/path-lookup.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c
+index 442fde7b2d..6814164504 100644
+--- a/src/shared/path-lookup.c
 b/src/shared/path-lookup.c
+@@ -888,6 +888,8 @@ char **generator_binary_paths(UnitFileScope scope) {
+ return strv_new("/run/systemd/system-generators",
+ "/etc/systemd/system-generators",
+ "/usr/local/lib/systemd/system-generators",
++"/usr/lib/systemd/system-generators",
++"/lib/systemd/system-generators",
+ SYSTEM_GENERATOR_PATH);
+ 
+ case UNIT_FILE_GLOBAL:
+-- 
+2.20.1
+

diff --git a/sys-apps/systemd/systemd-.ebuild 
b/sys-apps/systemd/systemd-.ebuild
index 3403bfbf099..1297d2c0d74 100644
--- a/sys-apps/systemd/systemd-.ebuild
+++ b/sys-apps/systemd/systemd-.ebuild
@@ -161,7 +161,7 @@ src_prepare() {
"${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
"${FILESDIR}/gentoo-systemd-user-pam.patch"
"${FILESDIR}/gentoo-uucp-group-r1.patch"
-   "${FILESDIR}/gentoo-generator-path.patch"
+   "${FILESDIR}/gentoo-generator-path-r1.patch"
)
fi

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2018-05-24 Thread Mike Gilbert 
commit: ec933bb0dda9b1771bf3f53d2bfb835040dfa07a
Author: Mike Gilbert  gentoo  org>
AuthorDate: Thu May 24 20:32:44 2018 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Thu May 24 20:33:03 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ec933bb0

sys-apps/systemd: fix raw_clone() on sparc

Closes: https://bugs.gentoo.org/656368
Package-Manager: Portage-2.3.37, Repoman-2.3.9_p219

 sys-apps/systemd/files/238-sparc-raw-clone.patch   | 42 ++
 ...systemd-238-r6.ebuild => systemd-238-r7.ebuild} |  1 +
 2 files changed, 43 insertions(+)

diff --git a/sys-apps/systemd/files/238-sparc-raw-clone.patch 
b/sys-apps/systemd/files/238-sparc-raw-clone.patch
new file mode 100644
index 000..736a498e918
--- /dev/null
+++ b/sys-apps/systemd/files/238-sparc-raw-clone.patch
@@ -0,0 +1,42 @@
+From e4aa2c34d526c108dd8fa37448b19bdb38de52c9 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert 
+Date: Thu, 24 May 2018 10:48:55 -0400
+Subject: [PATCH] basic: fix raw_clone() on 32-bit sparc
+
+The clone syscall uses the same semantics as on 64-bit. The trap number
+for syscall entry is different.
+
+Bug: https://bugs.gentoo.org/656368
+---
+ src/basic/raw-clone.h | 8 ++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/basic/raw-clone.h b/src/basic/raw-clone.h
+index d8a68663180..d35540903ab 100644
+--- a/src/basic/raw-clone.h
 b/src/basic/raw-clone.h
+@@ -39,10 +39,10 @@ static inline pid_t raw_clone(unsigned long flags) {
+ /* On s390/s390x and cris the order of the first and second arguments
+  * of the raw clone() system call is reversed. */
+ ret = (pid_t) syscall(__NR_clone, NULL, flags);
+-#elif defined(__sparc__) && defined(__arch64__)
++#elif defined(__sparc__)
+ {
+ /**
+- * sparc64 always returns the other process id in %o0, and
++ * sparc always returns the other process id in %o0, and
+  * a boolean flag whether this is the child or the parent in
+  * %o1. Inline assembly is needed to get the flag returned
+  * in %o1.
+@@ -52,7 +52,11 @@ static inline pid_t raw_clone(unsigned long flags) {
+ asm volatile("mov %2, %%g1\n\t"
+  "mov %3, %%o0\n\t"
+  "mov 0 , %%o1\n\t"
++#if defined(__arch64__)
+  "t 0x6d\n\t"
++#else
++ "t 0x10\n\t"
++#endif
+  "mov %%o1, %0\n\t"
+  "mov %%o0, %1" :
+  "=r"(in_child), "=r"(child_pid) :

diff --git a/sys-apps/systemd/systemd-238-r6.ebuild 
b/sys-apps/systemd/systemd-238-r7.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-238-r6.ebuild
rename to sys-apps/systemd/systemd-238-r7.ebuild
index b015f21cb90..e65ddd901dd 100644
--- a/sys-apps/systemd/systemd-238-r6.ebuild
+++ b/sys-apps/systemd/systemd-238-r7.ebuild
@@ -154,6 +154,7 @@ src_prepare() {
"${FILESDIR}/238-initctl.patch"
"${FILESDIR}/238-nspawn-wait.patch"
"${FILESDIR}/238-timesync-connection.patch"
+   "${FILESDIR}/238-sparc-raw-clone.patch"
)
 
if ! use vanilla; then

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2018-04-18 Thread Mike Gilbert 
commit: 92f2fa6fd24ae18ecafeab68ffd72eddc028325f
Author: Mike Gilbert  gentoo  org>
AuthorDate: Wed Apr 18 16:50:39 2018 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Wed Apr 18 16:50:55 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=92f2fa6f

sys-apps/systemd: backport timesync fix

Package-Manager: Portage-2.3.24, Repoman-2.3.6_p81

 .../systemd/files/238-timesync-connection.patch| 49 ++
 ...systemd-238-r5.ebuild => systemd-238-r6.ebuild} |  1 +
 2 files changed, 50 insertions(+)

diff --git a/sys-apps/systemd/files/238-timesync-connection.patch 
b/sys-apps/systemd/files/238-timesync-connection.patch
new file mode 100644
index 000..a48a88e9e68
--- /dev/null
+++ b/sys-apps/systemd/files/238-timesync-connection.patch
@@ -0,0 +1,49 @@
+From 6d254dba01491b994115ecef8c4017fbe5451606 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe 
+Date: Mon, 16 Apr 2018 12:24:36 +0900
+Subject: [PATCH] timesync: establish connection when network become online and
+ the manager is not connected yet
+
+This also introduces `manager_is_connected()` helper function, which
+returns true when the manager is sending a request, resolving a server
+name, or in a poll interval.
+
+Follow-up for 3e85ec072180b6fbec82d715186985536859a29d.
+Fixes #8719.
+---
+ src/timesync/timesyncd-manager.c | 10 --
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/timesync/timesyncd-manager.c 
b/src/timesync/timesyncd-manager.c
+index cfdc43b0ff2..0c5d3e2d6f7 100644
+--- a/src/timesync/timesyncd-manager.c
 b/src/timesync/timesyncd-manager.c
+@@ -1036,6 +1036,12 @@ static int manager_network_read_link_servers(Manager 
*m) {
+ return r;
+ }
+ 
++static bool manager_is_connected(Manager *m) {
++/* Return true when the manager is sending a request, resolving a 
server name, or
++ * in a poll interval. */
++return m->server_socket >= 0 || m->resolve_query || m->event_timer;
++}
++
+ static int manager_network_event_handler(sd_event_source *s, int fd, uint32_t 
revents, void *userdata) {
+ Manager *m = userdata;
+ bool changed, connected, online;
+@@ -1051,13 +1057,13 @@ static int 
manager_network_event_handler(sd_event_source *s, int fd, uint32_t re
+ online = network_is_online();
+ 
+ /* check if the client is currently connected */
+-connected = m->server_socket >= 0 || m->resolve_query || 
m->exhausted_servers;
++connected = manager_is_connected(m);
+ 
+ if (connected && !online) {
+ log_info("No network connectivity, watching for changes.");
+ manager_disconnect(m);
+ 
+-} else if (!connected && online && changed) {
++} else if ((!connected || changed) && online) {
+ log_info("Network configuration changed, trying to establish 
connection.");
+ 
+ if (m->current_server_address)

diff --git a/sys-apps/systemd/systemd-238-r5.ebuild 
b/sys-apps/systemd/systemd-238-r6.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-238-r5.ebuild
rename to sys-apps/systemd/systemd-238-r6.ebuild
index 6d0ee7602a8..8625668cfff 100644
--- a/sys-apps/systemd/systemd-238-r5.ebuild
+++ b/sys-apps/systemd/systemd-238-r6.ebuild
@@ -155,6 +155,7 @@ src_prepare() {
PATCHES+=(
"${FILESDIR}/238-initctl.patch"
"${FILESDIR}/238-nspawn-wait.patch"
+   "${FILESDIR}/238-timesync-connection.patch"
)
 
if ! use vanilla; then

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2018-04-05 Thread Mike Gilbert 
commit: 3ffe8430672993cfc0d8d0b3abdf4d777cf3fdc1
Author: Mike Gilbert  gentoo  org>
AuthorDate: Thu Apr  5 20:11:52 2018 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Thu Apr  5 20:11:52 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3ffe8430

sys-apps/systemd: fix regression in nspawn network setup

Closes: https://bugs.gentoo.org/652396
Package-Manager: Portage-2.3.24, Repoman-2.3.6_p81

 sys-apps/systemd/files/238-nspawn-wait.patch   | 83 ++
 ...systemd-238-r3.ebuild => systemd-238-r4.ebuild} |  1 +
 2 files changed, 84 insertions(+)

diff --git a/sys-apps/systemd/files/238-nspawn-wait.patch 
b/sys-apps/systemd/files/238-nspawn-wait.patch
new file mode 100644
index 000..a740e893345
--- /dev/null
+++ b/sys-apps/systemd/files/238-nspawn-wait.patch
@@ -0,0 +1,83 @@
+From 7511655807e90aa33ea7b71991401a79ec36bb41 Mon Sep 17 00:00:00 2001
+From: Philip Sequeira 
+Date: Thu, 5 Apr 2018 14:04:27 +
+Subject: [PATCH] nspawn: wait for network namespace creation before interface
+ setup (#8633)
+
+Otherwise, network interfaces can be "moved" into the container's
+namespace while it's still the same as the host namespace, in which case
+e.g. host0 for a veth ends up on the host side instead of inside the
+container.
+
+Regression introduced in 0441378080489e4ab6704cd0a2d78cb1ceaca899.
+
+Fixes #8599.
+---
+ src/nspawn/nspawn.c | 19 +++
+ 1 file changed, 15 insertions(+), 4 deletions(-)
+
+diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
+index 810f1247ea2..a5bc50c1f4c 100644
+--- a/src/nspawn/nspawn.c
 b/src/nspawn/nspawn.c
+@@ -2329,6 +2329,9 @@ static int inner_child(
+ r = unshare(CLONE_NEWNET);
+ if (r < 0)
+ return log_error_errno(errno, "Failed to unshare 
network namespace: %m");
++
++/* Tell the parent that it can setup network interfaces. */
++(void) barrier_place(barrier); /* #3 */
+ }
+ 
+ r = mount_sysfs(NULL, arg_mount_settings);
+@@ -2337,7 +2340,7 @@ static int inner_child(
+ 
+ /* Wait until we are cgroup-ified, so that we
+  * can mount the right cgroup path writable */
+-if (!barrier_place_and_sync(barrier)) { /* #3 */
++if (!barrier_place_and_sync(barrier)) { /* #4 */
+ log_error("Parent died too early");
+ return -ESRCH;
+ }
+@@ -2448,7 +2451,7 @@ static int inner_child(
+ /* Let the parent know that we are ready and
+  * wait until the parent is ready with the
+  * setup, too... */
+-if (!barrier_place_and_sync(barrier)) { /* #4 */
++if (!barrier_place_and_sync(barrier)) { /* #5 */
+ log_error("Parent died too early");
+ return -ESRCH;
+ }
+@@ -3533,6 +3536,14 @@ static int run(int master,
+ 
+ if (arg_private_network) {
+ 
++if (!arg_network_namespace_path) {
++/* Wait until the child has unshared its network 
namespace. */
++if (!barrier_place_and_sync()) { /* #3 */
++log_error("Child died too early");
++return -ESRCH;
++}
++}
++
+ r = move_network_interfaces(*pid, arg_network_interfaces);
+ if (r < 0)
+ return r;
+@@ -3656,7 +3667,7 @@ static int run(int master,
+  * its setup (including cgroup-ification), and that
+  * the child can now hand over control to the code to
+  * run inside the container. */
+-(void) barrier_place(); /* #3 */
++(void) barrier_place(); /* #4 */
+ 
+ /* Block SIGCHLD here, before notifying child.
+  * process_pty() will handle it with the other signals. */
+@@ -3684,7 +3695,7 @@ static int run(int master,
+ return r;
+ 
+ /* Let the child know that we are ready and wait that the child is 
completely ready now. */
+-if (!barrier_place_and_sync()) { /* #4 */
++if (!barrier_place_and_sync()) { /* #5 */
+ log_error("Child died too early.");
+ return -ESRCH;
+ }

diff --git a/sys-apps/systemd/systemd-238-r3.ebuild 
b/sys-apps/systemd/systemd-238-r4.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-238-r3.ebuild
rename to sys-apps/systemd/systemd-238-r4.ebuild
index b68ed0bf92a..0aca5fbb302 100644
--- a/sys-apps/systemd/systemd-238-r3.ebuild
+++ b/sys-apps/systemd/systemd-238-r4.ebuild
@@ -155,6 +155,7 @@ src_prepare() {
PATCHES+=(
"${FILESDIR}/238-libmount-include.patch"
"${FILESDIR}/238-initctl.patch"
+   "${FILESDIR}/238-nspawn-wait.patch"
)
 
if ! use vanilla; then

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2018-04-01 Thread Mike Gilbert 
commit: 2266f8440e17591fc6a4905a706c74432051854f
Author: Mike Gilbert  gentoo  org>
AuthorDate: Sun Apr  1 16:31:04 2018 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Sun Apr  1 16:31:27 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2266f844

sys-apps/systemd: remove old

Package-Manager: Portage-2.3.24, Repoman-2.3.6_p81

 sys-apps/systemd/Manifest  |   5 -
 .../files/237-0001-networkctl-display-type.patch   | 266 
 sys-apps/systemd/metadata.xml  |   1 -
 sys-apps/systemd/systemd-233-r6.ebuild | 458 -
 sys-apps/systemd/systemd-237-r2.ebuild | 440 
 sys-apps/systemd/systemd-237-r3.ebuild | 442 
 sys-apps/systemd/systemd-238-r1.ebuild | 437 
 7 files changed, 2049 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index f5ba7882937..42cccb76c59 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,9 +1,4 @@
-DIST systemd-233-man.tar.gz 31386 BLAKE2B 
e4947e658db3efeec6b5a6adf340d2cc8e8aff2a14db4932720f90c3dc898b1e78595db983948373a2e28191fb3b0aad234f80feb91ee8ae4b607a44038a9cae
 SHA512 
cc5215d3590ffc3c9203a64c14d6adeb0148c421c1396b8c1e43dcb58763b687ce99bdee327dd8a00abab7198171e73b22109a3f2032e4cec6adf2dcc85acf40
-DIST systemd-233-patches.tar.gz 12553 BLAKE2B 
5d19f2dc82cc6cbd9b2e9393f932dfa3c88a981358b282fe56d43cd432d0ee0c0245e9c13d5460b94d83908b84a382dad3348b999f2356ab3ef2ae2c542a867d
 SHA512 
3081f4cf64542ba64a28fe2eff11d8040af42255eb99b5210db9d583fc4b4360a4a4bb8769a1e43d38474d69ead681974cb98d4605968b38f98fd3d9b40bf211
-DIST systemd-233.tar.gz 4660737 BLAKE2B 
38cdd74543447b3c02391b328428fed169fe2cf2df6e9341dcaf2f7d3d977612ec102301e144c1cada90d61e9e9bda3b2faaef708c8ff4bd0b52b143760a83b2
 SHA512 
5ad5329ea116d973cf67096f7e7ad28e9ea0905696e9451291f1d25e5064f4a9bfcfae87e912996c6a38397e9f4a148d4ccecfa9b70f7ecdf04deadb61784c8e
 DIST systemd-236-patches-2.tar.gz 54737 BLAKE2B 
bce5f9e234c975a2b6e474ca2a0c2c82e704f02cf19885134dddc5edbd0b7bfb3773d737f88f78ba2ab81093dfceeb44d76ecda99cf2b916072dcdfa84720c19
 SHA512 
b74ab6944135c938b2d0d2a1dd40ac4cc4ff26d072603d6bfbe4529d808b2e481eb910155895bce14607842ad6d30751aded51654a53f76278becbb5e317b875
 DIST systemd-236.tar.gz 6759035 BLAKE2B 
0fc26bd67fb6cc3b0565c763fc26e38186c4b05c3d38652b73a2189dfbfb46382dba239f7f6f889eec57ad1d8f69d4098745c8f4ca16a707aa23b7771f2328f3
 SHA512 
1a9672960e03e05c09e41fb8cfe9b0f25e867fd43f37f8371515fdbd4270afd746a6da733f6d1d3b2cc43db1ecc7a9f2245f2dac2ec233db74e9e70e4f6d
-DIST systemd-237-patches-0.tar.gz 74617 BLAKE2B 
52750bb08731e9e694a00fedc1e42beb7c6ad7736d3b6567f2ab094d4356506d10ec11e1c4c62623078d647c3314c71c9f141eb7c8628b610fd8a5e818b90ec6
 SHA512 
a6db99b330585e57c722bb0e692b0d988d5fbfef60c6cc87efbb7b903e55642c2f03bf6cdc80f15da22d0c41b5051387dac23a2f04238331f235154b17f32d1b
-DIST systemd-237.tar.gz 6871350 BLAKE2B 
4734a110a297fbbd6679bced6302fcdca55ab5d4207905e8dee9f5545f1de841d5adeaa4fd89961b9e63709d04b5c862b8bc81481311cf8e72ee327e459c9d91
 SHA512 
15ef4b92815a6dd9a6c51672dbc00fd7cd0f08068ef0cbeaca574f68d330b28bc67ba1946f24f75ef3d9e7b63843a73eea700db54688061dbf5c9f8470394c3b
 DIST systemd-238-patches-0.tar.gz 30019 BLAKE2B 
0f393865cd6bcd815c1a6e932c0e5a25e125768d2bdef072d5fa7830b9ea012d0986380a1cdea8e369e1fffe89ea7657e4d55de2bae0d785ae374796a4e7c64b
 SHA512 
f7e6fb7bf3b5cde2717a9e5dcd779a4595d6185d1ecdad8405a075edbb55b32c2573558f6af119ff50ea0df8eacef12ae7ee710fadd269f83db0985d76eb22dc
 DIST systemd-238.tar.gz 6954022 BLAKE2B 
9b5cc36a7234c0d037a2656ee1e5ed54186a394b8be41771ebc29c903d3efcecf7f13f004a6d1695c022923bd0d540a243e897852f07e810f73fd3163f688dde
 SHA512 
c0f272b022308d3bd94679184e102a8dc85de55310bda205a458ea33c77c7733e5c8c8e5b15f786ba3e0ce59e7c6a9bf0d5a0950517c6b91e0f345950129b9c8

diff --git a/sys-apps/systemd/files/237-0001-networkctl-display-type.patch 
b/sys-apps/systemd/files/237-0001-networkctl-display-type.patch
deleted file mode 100644
index e29cf2206aa..000
--- a/sys-apps/systemd/files/237-0001-networkctl-display-type.patch
+++ /dev/null
@@ -1,266 +0,0 @@
-From a18461bc7d446f8e130e9276de4397d00059267f Mon Sep 17 00:00:00 2001
-From: "Jason A. Donenfeld" 
-Date: Mon, 29 Jan 2018 20:58:24 +0100
-Subject: [PATCH 1/4] networkd: display wireguard devtype
-
-It's not useful to simply show "none", when we have more interesting
-information to display.
-
-Signed-off-by: Jason A. Donenfeld 

- src/network/networkctl.c | 22 +++---
- 1 file changed, 15 insertions(+), 7 deletions(-)
-
-diff --git a/src/network/networkctl.c b/src/network/networkctl.c
-index 59ce098cd1..6ce00dff6d 100644
 a/src/network/networkctl.c
-+++ b/src/network/networkctl.c
-@@ -62,18 +62,26 @@ static int link_get_type_string(unsigned short iftype, 
sd_device *d, char **ret)
- 
- assert(ret);
- 
--

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2018-04-01 Thread Mike Gilbert 
commit: d323ea527c3f8e3b3803a39af5fd57254edeaadf
Author: Mike Gilbert  gentoo  org>
AuthorDate: Sun Apr  1 16:27:04 2018 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Sun Apr  1 16:31:27 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d323ea52

sys-apps/systemd: add initctl patch

Package-Manager: Portage-2.3.24, Repoman-2.3.6_p81

 sys-apps/systemd/files/238-initctl.patch | 46 
 sys-apps/systemd/systemd-238-r3.ebuild   |  1 +
 2 files changed, 47 insertions(+)

diff --git a/sys-apps/systemd/files/238-initctl.patch 
b/sys-apps/systemd/files/238-initctl.patch
new file mode 100644
index 000..39991697743
--- /dev/null
+++ b/sys-apps/systemd/files/238-initctl.patch
@@ -0,0 +1,46 @@
+From 4d8c7c1b3a5feebca948a3b8663f5be887b57731 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert 
+Date: Fri, 30 Mar 2018 11:00:17 -0400
+Subject: [PATCH] units: initctl: move the fifo to /run/initctl to match
+ sysvinit
+
+The fifo location was moved in sysvinit-2.89.
+
+http://git.savannah.nongnu.org/cgit/sysvinit.git/commit/?id=80dbcf3de3c1b83aeaa713a8fe5b8d35d8649af2
+---
+ units/systemd-initctl.service.in | 2 +-
+ units/systemd-initctl.socket | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/units/systemd-initctl.service.in 
b/units/systemd-initctl.service.in
+index 6cfed3da11f..2b4b957dce3 100644
+--- a/units/systemd-initctl.service.in
 b/units/systemd-initctl.service.in
+@@ -8,7 +8,7 @@
+ #  (at your option) any later version.
+ 
+ [Unit]
+-Description=/dev/initctl Compatibility Daemon
++Description=initctl Compatibility Daemon
+ Documentation=man:systemd-initctl.service(8)
+ DefaultDependencies=no
+ 
+diff --git a/units/systemd-initctl.socket b/units/systemd-initctl.socket
+index 61f877ba7d2..9d975799081 100644
+--- a/units/systemd-initctl.socket
 b/units/systemd-initctl.socket
+@@ -8,12 +8,12 @@
+ #  (at your option) any later version.
+ 
+ [Unit]
+-Description=/dev/initctl Compatibility Named Pipe
++Description=initctl Compatibility Named Pipe
+ Documentation=man:systemd-initctl.service(8)
+ DefaultDependencies=no
+ Before=sockets.target
+ 
+ [Socket]
+-ListenFIFO=/run/systemd/initctl/fifo
++ListenFIFO=/run/initctl
+ Symlinks=/dev/initctl
+ SocketMode=0600

diff --git a/sys-apps/systemd/systemd-238-r3.ebuild 
b/sys-apps/systemd/systemd-238-r3.ebuild
index 813d4f96708..b68ed0bf92a 100644
--- a/sys-apps/systemd/systemd-238-r3.ebuild
+++ b/sys-apps/systemd/systemd-238-r3.ebuild
@@ -154,6 +154,7 @@ src_prepare() {
 
PATCHES+=(
"${FILESDIR}/238-libmount-include.patch"
+   "${FILESDIR}/238-initctl.patch"
)
 
if ! use vanilla; then

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2018-03-26 Thread Mike Gilbert 
commit: 9463c487ae1bf6a960ea83fafcda88b17c90ef06
Author: Mike Gilbert  gentoo  org>
AuthorDate: Mon Mar 26 21:17:04 2018 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Mon Mar 26 21:17:23 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9463c487

sys-apps/systemd: fix build with util-linux-2.32

Closes: https://bugs.gentoo.org/651304
Package-Manager: Portage-2.3.24, Repoman-2.3.6_p81

 sys-apps/systemd/files/238-libmount-include.patch | 72 +++
 sys-apps/systemd/systemd-236-r5.ebuild|  1 +
 sys-apps/systemd/systemd-237-r3.ebuild|  1 +
 sys-apps/systemd/systemd-238-r1.ebuild|  1 +
 4 files changed, 75 insertions(+)

diff --git a/sys-apps/systemd/files/238-libmount-include.patch 
b/sys-apps/systemd/files/238-libmount-include.patch
new file mode 100644
index 000..6a02dff65e4
--- /dev/null
+++ b/sys-apps/systemd/files/238-libmount-include.patch
@@ -0,0 +1,72 @@
+From 227b8a762fea1458547be2cdf0e6e4aac0079730 Mon Sep 17 00:00:00 2001
+From: Michael Olbrich 
+Date: Mon, 26 Mar 2018 17:34:53 +0200
+Subject: [PATCH] core: don't include libmount.h in a header file (#8580)
+
+linux/fs.h sys/mount.h, libmount.h and missing.h all include MS_*
+definitions.
+
+To avoid problems, only one of linux/fs.h, sys/mount.h and libmount.h
+should be included. And missing.h must be included last.
+
+Without this, building systemd may fail with:
+
+In file included from [...]/libmount/libmount.h:31:0,
+ from ../systemd-238/src/core/manager.h:23,
+ from ../systemd-238/src/core/emergency-action.h:37,
+ from ../systemd-238/src/core/unit.h:34,
+ from ../systemd-238/src/core/dbus-timer.h:25,
+ from ../systemd-238/src/core/timer.c:26:
+[...]/sys/mount.h:57:2: error: expected identifier before numeric constant
+---
+ src/core/dbus-execute.c | 1 +
+ src/core/manager.h  | 3 ++-
+ src/core/mount.c| 2 ++
+ 3 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
+index 7344623ebf6..c342093bca4 100644
+--- a/src/core/dbus-execute.c
 b/src/core/dbus-execute.c
+@@ -18,6 +18,7 @@
+   along with systemd; If not, see .
+ ***/
+ 
++#include 
+ #include 
+ #include 
+ 
+diff --git a/src/core/manager.h b/src/core/manager.h
+index 28c5da225b1..e09e0cdf5e9 100644
+--- a/src/core/manager.h
 b/src/core/manager.h
+@@ -20,7 +20,6 @@
+   along with systemd; If not, see .
+ ***/
+ 
+-#include 
+ #include 
+ #include 
+ 
+@@ -34,6 +33,8 @@
+ #include "list.h"
+ #include "ratelimit.h"
+ 
++struct libmnt_monitor;
++
+ /* Enforce upper limit how many names we allow */
+ #define MANAGER_MAX_NAMES 131072 /* 128K */
+ 
+diff --git a/src/core/mount.c b/src/core/mount.c
+index 0e755da5c02..0154ebda5d6 100644
+--- a/src/core/mount.c
 b/src/core/mount.c
+@@ -23,6 +23,8 @@
+ #include 
+ #include 
+ 
++#include 
++
+ #include "sd-messages.h"
+ 
+ #include "alloc-util.h"

diff --git a/sys-apps/systemd/systemd-236-r5.ebuild 
b/sys-apps/systemd/systemd-236-r5.ebuild
index ed62d0a6f44..aed2113e91a 100644
--- a/sys-apps/systemd/systemd-236-r5.ebuild
+++ b/sys-apps/systemd/systemd-236-r5.ebuild
@@ -148,6 +148,7 @@ src_unpack() {
 
 src_prepare() {
local PATCHES=(
+   "${FILESDIR}/238-libmount-include.patch"
)
 
[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )

diff --git a/sys-apps/systemd/systemd-237-r3.ebuild 
b/sys-apps/systemd/systemd-237-r3.ebuild
index 466126ca683..d0254ee71db 100644
--- a/sys-apps/systemd/systemd-237-r3.ebuild
+++ b/sys-apps/systemd/systemd-237-r3.ebuild
@@ -150,6 +150,7 @@ src_unpack() {
 src_prepare() {
local PATCHES=(
"${FILESDIR}/237-0001-networkctl-display-type.patch"
+   "${FILESDIR}/238-libmount-include.patch"
)
 
[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )

diff --git a/sys-apps/systemd/systemd-238-r1.ebuild 
b/sys-apps/systemd/systemd-238-r1.ebuild
index 2898aa322ed..2903bb82e51 100644
--- a/sys-apps/systemd/systemd-238-r1.ebuild
+++ b/sys-apps/systemd/systemd-238-r1.ebuild
@@ -150,6 +150,7 @@ src_prepare() {
local PATCHES=(

"${FILESDIR}/238-0001-sd-bus-do-not-try-to-close-already-closed-fd-8392.patch"

"${FILESDIR}/238-0002-core-do-not-free-heap-allocated-strings-8391.patch"
+   "${FILESDIR}/238-libmount-include.patch"
)
 
[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2018-03-10 Thread Mike Gilbert 
commit: 7adcd630f7cdd1edbc7677d83976547506a6f661
Author: Mike Gilbert  gentoo  org>
AuthorDate: Sat Mar 10 17:29:26 2018 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Sat Mar 10 17:29:26 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7adcd630

sys-apps/systemd: bump to 238

Package-Manager: Portage-2.3.24, Repoman-2.3.6_p81

 sys-apps/systemd/Manifest  |   1 +
 ...o-not-try-to-close-already-closed-fd-8392.patch |  26 ++
 ...e-do-not-free-heap-allocated-strings-8391.patch |  44 ++
 sys-apps/systemd/systemd-238.ebuild| 441 +
 4 files changed, 512 insertions(+)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 6d774fd4839..4907d8f2d32 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -5,3 +5,4 @@ DIST systemd-236-patches-2.tar.gz 54737 BLAKE2B 
bce5f9e234c975a2b6e474ca2a0c2c82
 DIST systemd-236.tar.gz 6759035 BLAKE2B 
0fc26bd67fb6cc3b0565c763fc26e38186c4b05c3d38652b73a2189dfbfb46382dba239f7f6f889eec57ad1d8f69d4098745c8f4ca16a707aa23b7771f2328f3
 SHA512 
1a9672960e03e05c09e41fb8cfe9b0f25e867fd43f37f8371515fdbd4270afd746a6da733f6d1d3b2cc43db1ecc7a9f2245f2dac2ec233db74e9e70e4f6d
 DIST systemd-237-patches-0.tar.gz 74617 BLAKE2B 
52750bb08731e9e694a00fedc1e42beb7c6ad7736d3b6567f2ab094d4356506d10ec11e1c4c62623078d647c3314c71c9f141eb7c8628b610fd8a5e818b90ec6
 SHA512 
a6db99b330585e57c722bb0e692b0d988d5fbfef60c6cc87efbb7b903e55642c2f03bf6cdc80f15da22d0c41b5051387dac23a2f04238331f235154b17f32d1b
 DIST systemd-237.tar.gz 6871350 BLAKE2B 
4734a110a297fbbd6679bced6302fcdca55ab5d4207905e8dee9f5545f1de841d5adeaa4fd89961b9e63709d04b5c862b8bc81481311cf8e72ee327e459c9d91
 SHA512 
15ef4b92815a6dd9a6c51672dbc00fd7cd0f08068ef0cbeaca574f68d330b28bc67ba1946f24f75ef3d9e7b63843a73eea700db54688061dbf5c9f8470394c3b
+DIST systemd-238.tar.gz 6954022 BLAKE2B 
9b5cc36a7234c0d037a2656ee1e5ed54186a394b8be41771ebc29c903d3efcecf7f13f004a6d1695c022923bd0d540a243e897852f07e810f73fd3163f688dde
 SHA512 
c0f272b022308d3bd94679184e102a8dc85de55310bda205a458ea33c77c7733e5c8c8e5b15f786ba3e0ce59e7c6a9bf0d5a0950517c6b91e0f345950129b9c8

diff --git 
a/sys-apps/systemd/files/238-0001-sd-bus-do-not-try-to-close-already-closed-fd-8392.patch
 
b/sys-apps/systemd/files/238-0001-sd-bus-do-not-try-to-close-already-closed-fd-8392.patch
new file mode 100644
index 000..c39575c62b6
--- /dev/null
+++ 
b/sys-apps/systemd/files/238-0001-sd-bus-do-not-try-to-close-already-closed-fd-8392.patch
@@ -0,0 +1,26 @@
+From 5681f772d7bc8226cb10bfc7f9fba0a29e34a54d Mon Sep 17 00:00:00 2001
+From: Yu Watanabe 
+Date: Thu, 8 Mar 2018 22:19:35 +0900
+Subject: [PATCH 1/2] sd-bus: do not try to close already closed fd (#8392)
+
+Fixes #8376, which is introduced by 2b33ab0957f453a06b58e4bee482f2c2d4e100c1.
+---
+ src/libsystemd/sd-bus/bus-socket.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/src/libsystemd/sd-bus/bus-socket.c 
b/src/libsystemd/sd-bus/bus-socket.c
+index b5160cff6..166fba157 100644
+--- a/src/libsystemd/sd-bus/bus-socket.c
 b/src/libsystemd/sd-bus/bus-socket.c
+@@ -960,8 +960,6 @@ int bus_socket_exec(sd_bus *b) {
+ if (r == 0) {
+ /* Child */
+ 
+-safe_close(s[0]);
+-
+ if (rearrange_stdio(s[1], s[1], STDERR_FILENO) < 0)
+ _exit(EXIT_FAILURE);
+ 
+-- 
+2.16.2
+

diff --git 
a/sys-apps/systemd/files/238-0002-core-do-not-free-heap-allocated-strings-8391.patch
 
b/sys-apps/systemd/files/238-0002-core-do-not-free-heap-allocated-strings-8391.patch
new file mode 100644
index 000..3ee2527f77d
--- /dev/null
+++ 
b/sys-apps/systemd/files/238-0002-core-do-not-free-heap-allocated-strings-8391.patch
@@ -0,0 +1,44 @@
+From 84c5e8010042788a03cff680592b37257b2a6de0 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe 
+Date: Thu, 8 Mar 2018 22:21:54 +0900
+Subject: [PATCH 2/2] core: do not free heap-allocated strings (#8391)
+
+Fixes #8387.
+---
+ src/core/mount-setup.c | 6 --
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
+index 536c17b4d..9c27972af 100644
+--- a/src/core/mount-setup.c
 b/src/core/mount-setup.c
+@@ -248,6 +248,7 @@ int mount_setup_early(void) {
+ 
+ int mount_cgroup_controllers(char ***join_controllers) {
+ _cleanup_set_free_free_ Set *controllers = NULL;
++bool has_argument = !!join_controllers;
+ int r;
+ 
+ if (!cg_is_legacy_wanted())
+@@ -255,7 +256,7 @@ int mount_cgroup_controllers(char ***join_controllers) {
+ 
+ /* Mount all available cgroup controllers that are built into the 
kernel. */
+ 
+-if (!join_controllers)
++if (!has_argument)
+ /* The defaults:
+  * mount "cpu" + "cpuacct" together, and "net_cls" + 
"net_prio".
+  *
+@@ -300,7 +301,8 @@ int

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2018-02-08 Thread Jason Donenfeld 
commit: 701d8158f31d695a453704b1b8f8f03bda93a39f
Author: Jason A. Donenfeld  gentoo  org>
AuthorDate: Thu Feb  8 17:16:49 2018 +
Commit: Jason Donenfeld  gentoo  org>
CommitDate: Thu Feb  8 17:17:18 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=701d8158

sys-apps/systemd: show proper networkctl display type

Upstream commit:
https://github.com/systemd/systemd/commit/3b8f29fd93899c4876a6ef53f9bcb6b40e1c98e7

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 .../files/237-0001-networkctl-display-type.patch   | 266 +
 ...systemd-237-r1.ebuild => systemd-237-r2.ebuild} |   1 +
 2 files changed, 267 insertions(+)

diff --git a/sys-apps/systemd/files/237-0001-networkctl-display-type.patch 
b/sys-apps/systemd/files/237-0001-networkctl-display-type.patch
new file mode 100644
index 000..e29cf2206aa
--- /dev/null
+++ b/sys-apps/systemd/files/237-0001-networkctl-display-type.patch
@@ -0,0 +1,266 @@
+From a18461bc7d446f8e130e9276de4397d00059267f Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" 
+Date: Mon, 29 Jan 2018 20:58:24 +0100
+Subject: [PATCH 1/4] networkd: display wireguard devtype
+
+It's not useful to simply show "none", when we have more interesting
+information to display.
+
+Signed-off-by: Jason A. Donenfeld 
+---
+ src/network/networkctl.c | 22 +++---
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/src/network/networkctl.c b/src/network/networkctl.c
+index 59ce098cd1..6ce00dff6d 100644
+--- a/src/network/networkctl.c
 b/src/network/networkctl.c
+@@ -62,18 +62,26 @@ static int link_get_type_string(unsigned short iftype, 
sd_device *d, char **ret)
+ 
+ assert(ret);
+ 
+-if (iftype == ARPHRD_ETHER && d) {
++if (d) {
+ const char *devtype = NULL, *id = NULL;
++
++(void) sd_device_get_devtype(d, );
++
+ /* WLANs have iftype ARPHRD_ETHER, but we want
+  * to show a more useful type string for
+  * them */
++if (iftype == ARPHRD_ETHER) {
++if (streq_ptr(devtype, "wlan"))
++id = "wlan";
++else if (streq_ptr(devtype, "wwan"))
++id = "wwan";
++}
+ 
+-(void) sd_device_get_devtype(d, );
+-
+-if (streq_ptr(devtype, "wlan"))
+-id = "wlan";
+-else if (streq_ptr(devtype, "wwan"))
+-id = "wwan";
++/* Likewise, WireGuard has iftype ARPHRD_NONE,
++ * since it's layer 3, but we of course want
++ * something more useful than that. */
++if (iftype == ARPHRD_NONE && streq_ptr(devtype, "wireguard"))
++id = "wireguard";
+ 
+ if (id) {
+ p = strdup(id);
+
+From f119082e7a1ccfbf50c30a99819b6e303cdf09a1 Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" 
+Date: Mon, 29 Jan 2018 21:01:46 +0100
+Subject: [PATCH 2/4] networkd: simplify and display all devtypes
+
+Every place the kernel actually calls SET_NETDEV_DEVTYPE, it's adding a
+piece of information that looks useful and relevant for us to use. So
+let's use it when it's there.
+
+The previous matching based on the corresponding ARPHRD didn't really
+make much sense. The more sensible logic for getting a textual
+representation of the link type is to see if the kernel supplies a
+devtype. If it does, great. If not, then we can fall back on the ARPHRD,
+as before.
+
+Signed-off-by: Jason A. Donenfeld 
+---
+ src/network/networkctl.c | 23 +++
+ 1 file changed, 3 insertions(+), 20 deletions(-)
+
+diff --git a/src/network/networkctl.c b/src/network/networkctl.c
+index 6ce00dff6d..8a08304240 100644
+--- a/src/network/networkctl.c
 b/src/network/networkctl.c
+@@ -63,28 +63,11 @@ static int link_get_type_string(unsigned short iftype, 
sd_device *d, char **ret)
+ assert(ret);
+ 
+ if (d) {
+-const char *devtype = NULL, *id = NULL;
++const char *devtype = NULL;
+ 
+ (void) sd_device_get_devtype(d, );
+-
+-/* WLANs have iftype ARPHRD_ETHER, but we want
+- * to show a more useful type string for
+- * them */
+-if (iftype == ARPHRD_ETHER) {
+-if (streq_ptr(devtype, "wlan"))
+-id = "wlan";
+-else if (streq_ptr(devtype, "wwan"))
+-id = "wwan";
+-}
+-
+-/* Likewise, WireGuard has iftype ARPHRD_NONE,
+- * since it's layer 3, but we of course want
+- * something more useful than that. */
+-if (iftype ==

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2017-12-18 Thread Mike Gilbert 
commit: c6bf76a0c3f92c9f9d450357e7ee08098cc7988d
Author: Mike Gilbert  gentoo  org>
AuthorDate: Mon Dec 18 22:41:25 2017 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Tue Dec 19 02:01:31 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c6bf76a0

sys-apps/systemd: backport crypsetup-generator fix

Closes: https://bugs.gentoo.org/641380
Package-Manager: Portage-2.3.19_p1, Repoman-2.3.6_p35

 ...generator-Don-t-mistake-NULL-input-as-OOM.patch | 49 ++
 .../{systemd-236.ebuild => systemd-236-r1.ebuild}  |  1 +
 2 files changed, 50 insertions(+)

diff --git 
a/sys-apps/systemd/files/236-0001-cryptsetup-generator-Don-t-mistake-NULL-input-as-OOM.patch
 
b/sys-apps/systemd/files/236-0001-cryptsetup-generator-Don-t-mistake-NULL-input-as-OOM.patch
new file mode 100644
index 000..d1c451835e3
--- /dev/null
+++ 
b/sys-apps/systemd/files/236-0001-cryptsetup-generator-Don-t-mistake-NULL-input-as-OOM.patch
@@ -0,0 +1,49 @@
+From 357ffd95294e1f9a1e91f8ca01213fb7db2b7614 Mon Sep 17 00:00:00 2001
+From: Jan Alexander Steffens 
+Date: Mon, 18 Dec 2017 14:47:18 +0100
+Subject: [PATCH] cryptsetup-generator: Don't mistake NULL input as OOM (#7688)
+
+Since systemd v236, several Arch users complained that
+systemd-cryptsetup-generator exits with an OOM error and that it
+prevents the boot from continuing.
+
+Investigating the diff of cryptsetup-generator between v235 and v236 I
+noticed that create_disk allowed for the `password` and `filtered`
+variables to be NULL (they're handled with `strempty()`) but not their
+`*_escaped` versions, and returned OOM errors in those cases.
+
+Fix this by checking that the input string is non-NULL before deciding
+that `specifier_escape` had an OOM error.
+
+I could not test this fix myself, but some users have reported success.
+
+Downstream bug: https://bugs.archlinux.org/task/56733
+---
+ src/cryptsetup/cryptsetup-generator.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/cryptsetup/cryptsetup-generator.c 
b/src/cryptsetup/cryptsetup-generator.c
+index 7e61332e5..f91451353 100644
+--- a/src/cryptsetup/cryptsetup-generator.c
 b/src/cryptsetup/cryptsetup-generator.c
+@@ -111,7 +111,7 @@ static int create_disk(
+ return log_error_errno(r, "Failed to generate unit name: %m");
+ 
+ password_escaped = specifier_escape(password);
+-if (!password_escaped)
++if (password && !password_escaped)
+ return log_oom();
+ 
+ f = fopen(p, "wxe");
+@@ -184,7 +184,7 @@ static int create_disk(
+ return r;
+ 
+ filtered_escaped = specifier_escape(filtered);
+-if (!filtered_escaped)
++if (filtered && !filtered_escaped)
+ return log_oom();
+ 
+ fprintf(f,
+-- 
+2.15.1
+

diff --git a/sys-apps/systemd/systemd-236.ebuild 
b/sys-apps/systemd/systemd-236-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-236.ebuild
rename to sys-apps/systemd/systemd-236-r1.ebuild
index 8142a96390b..e70e61f3fc5 100644
--- a/sys-apps/systemd/systemd-236.ebuild
+++ b/sys-apps/systemd/systemd-236-r1.ebuild
@@ -148,6 +148,7 @@ src_unpack() {
 
 src_prepare() {
local PATCHES=(
+   
"${FILESDIR}/236-0001-cryptsetup-generator-Don-t-mistake-NULL-input-as-OOM.patch"
)
 
if ! use vanilla; then

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2017-12-17 Thread Mike Gilbert 
commit: 092463dce935d035a73bc56fd2b9ba3a73862b31
Author: Mike Gilbert  gentoo  org>
AuthorDate: Sun Dec 17 19:00:46 2017 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Sun Dec 17 19:03:15 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=092463dc

sys-apps/systemd: move patches for 233 to a tarball

Package-Manager: Portage-2.3.19_p1, Repoman-2.3.6_p35

 sys-apps/systemd/Manifest  |   1 +
 ...ct-DM-interface-version-dependencies-5519.patch | 456 -
 ...ragment-refuse-units-with-errors-in-RootD.patch | 117 --
 ...ragment-refuse-units-with-errors-in-certa.patch | 339 ---
 sys-apps/systemd/files/233-CVE-2017-9445.patch | 149 ---
 sys-apps/systemd/files/233-format-warnings.patch   |  84 
 sys-apps/systemd/files/CVE-2017-9217.patch |  28 --
 sys-apps/systemd/systemd-233-r6.ebuild |   7 +-
 8 files changed, 2 insertions(+), 1179 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index ac065dd7613..78aba9661e6 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,4 +1,5 @@
 DIST systemd-233-man.tar.gz 31386 BLAKE2B 
e4947e658db3efeec6b5a6adf340d2cc8e8aff2a14db4932720f90c3dc898b1e78595db983948373a2e28191fb3b0aad234f80feb91ee8ae4b607a44038a9cae
 SHA512 
cc5215d3590ffc3c9203a64c14d6adeb0148c421c1396b8c1e43dcb58763b687ce99bdee327dd8a00abab7198171e73b22109a3f2032e4cec6adf2dcc85acf40
+DIST systemd-233-patches.tar.gz 12553 BLAKE2B 
5d19f2dc82cc6cbd9b2e9393f932dfa3c88a981358b282fe56d43cd432d0ee0c0245e9c13d5460b94d83908b84a382dad3348b999f2356ab3ef2ae2c542a867d
 SHA512 
3081f4cf64542ba64a28fe2eff11d8040af42255eb99b5210db9d583fc4b4360a4a4bb8769a1e43d38474d69ead681974cb98d4605968b38f98fd3d9b40bf211
 DIST systemd-233.tar.gz 4660737 BLAKE2B 
38cdd74543447b3c02391b328428fed169fe2cf2df6e9341dcaf2f7d3d977612ec102301e144c1cada90d61e9e9bda3b2faaef708c8ff4bd0b52b143760a83b2
 SHA512 
5ad5329ea116d973cf67096f7e7ad28e9ea0905696e9451291f1d25e5064f4a9bfcfae87e912996c6a38397e9f4a148d4ccecfa9b70f7ecdf04deadb61784c8e
 DIST systemd-235.tar.gz 6586406 BLAKE2B 
f2e46a6c51fc9445800c4b7eee66f23ae83b42c2fedf2304acf612e6cb99122afe67f1b93cf72ed022b52384975afb92ab38cfb4efc6026384602c973d2eb98e
 SHA512 
243f2eb5340fa37dd1286eaa63e83387bda9e03953af266cd6196a37535a13491482caf14c6ab10608bba4ed23b6c41923608e52017e0c26988ed72ddd2b9993
 DIST systemd-236.tar.gz 6759035 BLAKE2B 
0fc26bd67fb6cc3b0565c763fc26e38186c4b05c3d38652b73a2189dfbfb46382dba239f7f6f889eec57ad1d8f69d4098745c8f4ca16a707aa23b7771f2328f3
 SHA512 
1a9672960e03e05c09e41fb8cfe9b0f25e867fd43f37f8371515fdbd4270afd746a6da733f6d1d3b2cc43db1ecc7a9f2245f2dac2ec233db74e9e70e4f6d

diff --git 
a/sys-apps/systemd/files/233-0001-Avoid-strict-DM-interface-version-dependencies-5519.patch
 
b/sys-apps/systemd/files/233-0001-Avoid-strict-DM-interface-version-dependencies-5519.patch
deleted file mode 100644
index be41fc4ec22..000
--- 
a/sys-apps/systemd/files/233-0001-Avoid-strict-DM-interface-version-dependencies-5519.patch
+++ /dev/null
@@ -1,456 +0,0 @@
-From dac3407f02116b94866224e0b5ecd46a5fa1c161 Mon Sep 17 00:00:00 2001
-From: Michael Biebl 
-Date: Thu, 2 Mar 2017 19:11:37 +0100
-Subject: [PATCH] Avoid strict DM interface version dependencies (#5519)
-
-Compiling against the dm-ioctl.h header as provided by the Linux kernel
-will embed the DM interface version number. Running an older kernel can
-result in an error like this on shutdown:
-
-Could not detach DM dm-11: ioctl mismatch, kernel(4.34.4), user(4.35.4)
-
-Work around this by shipping a local copy of dm-ioctl.h. We need at
-least the version from 3.13 for DM_DEFERRED_REMOVE [1], so bump the
-requirements in README accordingly.
-
-[1] 
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c140a246dc0bc085b98eddde978060fcec1080c
-
-Fixes: #5492

- Makefile.am  |   1 +
- README   |   2 +-
- src/core/umount.c|   2 +-
- src/shared/dissect-image.c   |   2 +-
- src/shared/linux-3.13/dm-ioctl.h | 355 +++
- 5 files changed, 359 insertions(+), 3 deletions(-)
- create mode 100644 src/shared/linux-3.13/dm-ioctl.h
-
-diff --git a/Makefile.am b/Makefile.am
-index 2a5610740..65de9f16d 100644
 a/Makefile.am
-+++ b/Makefile.am
-@@ -1018,6 +1018,7 @@ libshared_la_SOURCES = \
-   src/shared/gpt.h \
-   src/shared/udev-util.h \
-   src/shared/linux/auto_dev-ioctl.h \
-+  src/shared/linux-3.13/dm-ioctl.h \
-   src/shared/initreq.h \
-   src/shared/dns-domain.c \
-   src/shared/dns-domain.h \
-diff --git a/README b/README
-index a4a649395..30b5f7187 100644
 a/README
-+++ b/README
-@@ -35,7 +35,7 @@ LICENSE:
- - except src/udev/* which is (currently still) GPLv2, GPLv2+
- 
- REQUIREMENTS:
--Linux kernel >= 3.12
-+Linux kernel >= 3.13
- Linux kernel >= 4.2 for

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2017-11-19 Thread Mike Gilbert 
commit: e80e2c2f3c1d692f8b7c8c584ab1a517f9624313
Author: Mike Gilbert  gentoo  org>
AuthorDate: Sun Nov 19 20:09:16 2017 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Sun Nov 19 20:09:16 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e80e2c2f

sys-apps/systemd: update uucp group patch

Package-Manager: Portage-2.3.14_p5, Repoman-2.3.6

 sys-apps/systemd/files/236-uucp-group.patch | 11 +++
 sys-apps/systemd/systemd-.ebuild|  2 +-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/sys-apps/systemd/files/236-uucp-group.patch 
b/sys-apps/systemd/files/236-uucp-group.patch
new file mode 100644
index 000..9c53b8b18ab
--- /dev/null
+++ b/sys-apps/systemd/files/236-uucp-group.patch
@@ -0,0 +1,11 @@
+--- a/rules/50-udev-default.rules.in
 b/rules/50-udev-default.rules.in
+@@ -22,7 +22,7 @@
+ SUBSYSTEM=="tty", KERNEL=="ttysclp[0-9]*", GROUP="tty", MODE="0620"
+ SUBSYSTEM=="tty", KERNEL=="3270/tty[0-9]*", GROUP="tty", MODE="0620"
+ SUBSYSTEM=="vc", KERNEL=="vcs*|vcsa*", GROUP="tty"
+-KERNEL=="tty[A-Z]*[0-9]|ttymxc[0-9]*|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*",
 GROUP="dialout"
++KERNEL=="tty[A-Z]*[0-9]|ttymxc[0-9]*|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*",
 GROUP="uucp"
+ 
+ SUBSYSTEM=="mem", KERNEL=="mem|kmem|port", GROUP="kmem", MODE="0640"
+ 

diff --git a/sys-apps/systemd/systemd-.ebuild 
b/sys-apps/systemd/systemd-.ebuild
index 9f58ed53ab2..8256350c5e1 100644
--- a/sys-apps/systemd/systemd-.ebuild
+++ b/sys-apps/systemd/systemd-.ebuild
@@ -155,7 +155,7 @@ src_prepare() {
"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
"${FILESDIR}/228-noclean-tmp.patch"
"${FILESDIR}/233-systemd-user-pam.patch"
-   "${FILESDIR}/234-uucp-group.patch"
+   "${FILESDIR}/236-uucp-group.patch"
"${FILESDIR}/generator-path.patch"
)
fi

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2017-10-26 Thread Mike Gilbert 
commit: 06c2355e8eca30994fa0416793e2e04efd652c41
Author: Mike Gilbert  gentoo  org>
AuthorDate: Thu Oct 26 21:36:27 2017 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Thu Oct 26 21:36:45 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06c2355e

sys-apps/systemd: backport fix for CVE-2017-15908

Bug: https://bugs.gentoo.org/635514
Package-Manager: Portage-2.3.11_p4, Repoman-2.3.3_p62

 sys-apps/systemd/files/CVE-2017-15908.patch|  39 +++
 .../{systemd-235.ebuild => systemd-233-r5.ebuild}  | 313 +++--
 .../{systemd-235.ebuild => systemd-235-r1.ebuild}  |   1 +
 3 files changed, 204 insertions(+), 149 deletions(-)

diff --git a/sys-apps/systemd/files/CVE-2017-15908.patch 
b/sys-apps/systemd/files/CVE-2017-15908.patch
new file mode 100644
index 000..08e5e37514c
--- /dev/null
+++ b/sys-apps/systemd/files/CVE-2017-15908.patch
@@ -0,0 +1,39 @@
+From 9f939335a07085aa9a9663efd1dca06ef6405d62 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= 
+Date: Wed, 25 Oct 2017 11:19:19 +0200
+Subject: [PATCH] resolved: fix loop on packets with pseudo dns types
+
+Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R
+
+https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
+---
+ src/resolve/resolved-dns-packet.c | 6 +-
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/src/resolve/resolved-dns-packet.c 
b/src/resolve/resolved-dns-packet.c
+index e2f227bfc..35f4d0689 100644
+--- a/src/resolve/resolved-dns-packet.c
 b/src/resolve/resolved-dns-packet.c
+@@ -1514,7 +1514,7 @@ static int dns_packet_read_type_window(DnsPacket *p, 
Bitmap **types, size_t *sta
+ 
+ found = true;
+ 
+-while (bitmask) {
++for (; bitmask; bit++, bitmask >>= 1)
+ if (bitmap[i] & bitmask) {
+ uint16_t n;
+ 
+@@ -1528,10 +1528,6 @@ static int dns_packet_read_type_window(DnsPacket *p, 
Bitmap **types, size_t *sta
+ if (r < 0)
+ return r;
+ }
+-
+-bit++;
+-bitmask >>= 1;
+-}
+ }
+ 
+ if (!found)
+-- 
+2.15.0.rc2
+

diff --git a/sys-apps/systemd/systemd-235.ebuild 
b/sys-apps/systemd/systemd-233-r5.ebuild
similarity index 59%
copy from sys-apps/systemd/systemd-235.ebuild
copy to sys-apps/systemd/systemd-233-r5.ebuild
index 6fe34a0809b..bce73fafb4f 100644
--- a/sys-apps/systemd/systemd-235.ebuild
+++ b/sys-apps/systemd/systemd-233-r5.ebuild
@@ -7,28 +7,29 @@ if [[ ${PV} ==  ]]; then
EGIT_REPO_URI="https://github.com/systemd/systemd.git;
inherit git-r3
 else
-   SRC_URI="https://github.com/systemd/systemd/archive/v${PV}.tar.gz -> 
${P}.tar.gz"
-   KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~x86"
+   SRC_URI="https://github.com/systemd/systemd/archive/v${PV}.tar.gz -> 
${P}.tar.gz
+   !doc? ( https://dev.gentoo.org/~floppym/dist/${P}-man.tar.gz )"
+   KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86"
 fi
 
 PYTHON_COMPAT=( python{3_4,3_5,3_6} )
 
-inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam 
python-any-r1 systemd toolchain-funcs udev user
+inherit autotools bash-completion-r1 linux-info multilib-minimal pam 
python-any-r1 systemd toolchain-funcs udev user
 
 DESCRIPTION="System and service manager for Linux"
 HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd;
 
 LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
 SLOT="0/2"
-IUSE="acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi http
-   idn importd +kmod libidn2 +lz4 lzma nat pam policykit
+IUSE="acl apparmor audit build cryptsetup curl doc elfutils +gcrypt gnuefi http
+   idn importd +kmod +lz4 lzma nat pam policykit
qrcode +seccomp selinux ssl sysv-utils test vanilla xkb"
 
 REQUIRED_USE="importd? ( curl gcrypt lzma )"
 
 MINKV="3.11"
 
-COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+COMMON_DEPEND=">=sys-apps/util-linux-2.27.1:0=[${MULTILIB_USEDEP}]
sys-libs/libcap:0=[${MULTILIB_USEDEP}]
!https://bugs.gentoo.org/show_bug.cgi?id=491398
+   -j1
+
+   udevlibexecdir="${MY_UDEVDIR}"
+   dist_udevhwdb_DATA=
+   DESTDIR="${D}"
+   )
+
+   if multilib_is_native_abi; then
+   emake "${mymakeopts[@]}" install
+   else
+   mymakeopts+=(
+   install-rootlibLTLIBRARIES
+   install-libLTLIBRARIES
+   install-pamlibLTLIBRARIES
+   install-pkgconfiglibDATA
+   install-includeHEADERS
+   install-pkgincludeHEADERS
+   )
+
+   emake "${mymakeopts[@]}"
+   fi
 }

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2017-10-08 Thread Mike Gilbert 
commit: e570678453f45c1d34a3c0cd1e12a14ade8ff9ef
Author: Mike Gilbert  gentoo  org>
AuthorDate: Sun Oct  8 14:17:16 2017 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Sun Oct  8 14:40:08 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5706784

sys-apps/systemd: bump to 235

Closes: https://bugs.gentoo.org/633656
Package-Manager: Portage-2.3.10_p4, Repoman-2.3.3_p52

 sys-apps/systemd/Manifest  |  1 +
 ...wdb-and-sysv-generator-if-the-features-ar.patch | 44 ++
 ...sr-lib-systemd-s.patch => generator-path.patch} |  0
 sys-apps/systemd/systemd-234-r4.ebuild |  2 +-
 .../{systemd-.ebuild => systemd-235.ebuild}| 12 --
 sys-apps/systemd/systemd-.ebuild   | 11 --
 6 files changed, 61 insertions(+), 9 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index e4684c7c942..0bfb021bca2 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,3 +1,4 @@
 DIST systemd-233-man.tar.gz 31386 SHA256 
825e62eb82c4e23997061fc8f56f7ec9bb1e6acd279c76c926cc2bfbf1dc SHA512 
cc5215d3590ffc3c9203a64c14d6adeb0148c421c1396b8c1e43dcb58763b687ce99bdee327dd8a00abab7198171e73b22109a3f2032e4cec6adf2dcc85acf40
 WHIRLPOOL 
ff1f36beff377f675047271df38503e8b71d615ea73c5fdfebf465edaf1fe29b4f89e3194d65cdf84eec9b7c3156de597627fdaffa4b86018520aaa127a7a159
 DIST systemd-233.tar.gz 4660737 SHA256 
8b3e99da3d4164b66581830a7f2436c0c8fe697b5fbdc3927bdb960646be0083 SHA512 
5ad5329ea116d973cf67096f7e7ad28e9ea0905696e9451291f1d25e5064f4a9bfcfae87e912996c6a38397e9f4a148d4ccecfa9b70f7ecdf04deadb61784c8e
 WHIRLPOOL 
ce19f6a546b8f899cfa952e49d47f063fd29186be4a53391bc30ea2c487eb2c140a74ad843a1dc499bb61bba3e9ca055613852291e38b85af5d79c59409dc176
 DIST systemd-234.tar.gz 4800186 SHA256 
da3e69d10aa1c983d33833372ad4929037b411ac421fb085c8cee79ae1d80b6a SHA512 
762336a7d96c6583cf71cad62efce95a0ed93cd0a0d7251f128d10dba8200c0c8df0e5a7d168179ababa5b221295a231e73b7e7ea2697cb3fb5c1b33538efa68
 WHIRLPOOL 
9ff9f25ce82514db969a427eee51c0483b2bcaaa611f93c1fc17c356ea25eee712217708c54101ecaafd835cd8ac988b16e8ad411b48541a32442b9a0d148f07
+DIST systemd-235.tar.gz 6586406 SHA256 
25811f96f5a027bf2a4c9383495cf5b623e385d84da31e473cf375932b3e9c52 SHA512 
243f2eb5340fa37dd1286eaa63e83387bda9e03953af266cd6196a37535a13491482caf14c6ab10608bba4ed23b6c41923608e52017e0c26988ed72ddd2b9993
 WHIRLPOOL 
05e50b31f7b3b1cd756abd1580dddae0e114953857564133784fc43b9ecd0e203ee534aaf76531ca7af5c43b03b9b73c6c1caf5afb17502555cc52fe06cd

diff --git 
a/sys-apps/systemd/files/235-0001-test-skip-hwdb-and-sysv-generator-if-the-features-ar.patch
 
b/sys-apps/systemd/files/235-0001-test-skip-hwdb-and-sysv-generator-if-the-features-ar.patch
new file mode 100644
index 000..bd2b3364369
--- /dev/null
+++ 
b/sys-apps/systemd/files/235-0001-test-skip-hwdb-and-sysv-generator-if-the-features-ar.patch
@@ -0,0 +1,44 @@
+From c013a410d0ec5f419ce8d53df19946795849591b Mon Sep 17 00:00:00 2001
+From: Mike Gilbert 
+Date: Sun, 8 Oct 2017 09:47:05 -0400
+Subject: [PATCH] test: skip hwdb and sysv-generator if the features are
+ disabled
+
+---
+ test/meson.build | 16 ++--
+ 1 file changed, 10 insertions(+), 6 deletions(-)
+
+diff --git a/test/meson.build b/test/meson.build
+index 995a97177..c2df7ec22 100644
+--- a/test/meson.build
 b/test/meson.build
+@@ -163,9 +163,11 @@ endif
+ 
+ 
+ 
+-sysv_generator_test_py = find_program('sysv-generator-test.py')
+-test('sysv-generator-test',
+- sysv_generator_test_py)
++if conf.get('HAVE_SYSV_COMPAT') == 1
++sysv_generator_test_py = find_program('sysv-generator-test.py')
++test('sysv-generator-test',
++ sysv_generator_test_py)
++endif
+ 
+ 
+ 
+@@ -181,6 +183,8 @@ udev_test_pl = find_program('udev-test.pl')
+ test('udev-test',
+  udev_test_pl)
+ 
+-hwdb_test_sh = find_program('hwdb-test.sh')
+-test('hwdb-test',
+- hwdb_test_sh)
++if conf.get('ENABLE_HWDB') == 1
++hwdb_test_sh = find_program('hwdb-test.sh')
++test('hwdb-test',
++ hwdb_test_sh)
++endif
+-- 
+2.14.2
+

diff --git 
a/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
 b/sys-apps/systemd/files/generator-path.patch
similarity index 100%
rename from 
sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
rename to sys-apps/systemd/files/generator-path.patch

diff --git a/sys-apps/systemd/systemd-234-r4.ebuild 
b/sys-apps/systemd/systemd-234-r4.ebuild
index 0085a0578fa..a4c94bd3a96 100644
--- a/sys-apps/systemd/systemd-234-r4.ebuild
+++ b/sys-apps/systemd/systemd-234-r4.ebuild
@@ -148,7 +148,6 @@ src_unpack() {
 
 src_prepare() {
local PATCHES=(
-

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2017-08-13 Thread Mike Gilbert 
commit: 3a1a0a2241cc8e2874ff3d85333136fc491b06ec
Author: Mike Gilbert  gentoo  org>
AuthorDate: Sun Aug 13 23:02:17 2017 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Sun Aug 13 23:07:15 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a1a0a22

sys-apps/systemd: replace uucp sed with a patch

Bug: https://bugs.gentoo.org/625720
Package-Manager: Portage-2.3.6_p34, Repoman-2.3.3_p12

 sys-apps/systemd/files/234-uucp-group.patch | 11 +++
 sys-apps/systemd/systemd-234-r2.ebuild  |  4 +---
 sys-apps/systemd/systemd-.ebuild|  4 +---
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/sys-apps/systemd/files/234-uucp-group.patch 
b/sys-apps/systemd/files/234-uucp-group.patch
new file mode 100644
index 000..89cf552c829
--- /dev/null
+++ b/sys-apps/systemd/files/234-uucp-group.patch
@@ -0,0 +1,11 @@
+--- a/rules/50-udev-default.rules.in
 b/rules/50-udev-default.rules.in
+@@ -22,7 +22,7 @@
+ SUBSYSTEM=="tty", KERNEL=="ttysclp[0-9]*", GROUP="tty", MODE="0620"
+ SUBSYSTEM=="tty", KERNEL=="3270/tty[0-9]*", GROUP="tty", MODE="0620"
+ SUBSYSTEM=="vc", KERNEL=="vcs*|vcsa*", GROUP="tty"
+-KERNEL=="tty[A-Z]*[0-9]|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", 
GROUP="dialout"
++KERNEL=="tty[A-Z]*[0-9]|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", 
GROUP="uucp"
+ 
+ SUBSYSTEM=="mem", KERNEL=="mem|kmem|port", GROUP="kmem", MODE="0640"
+ 

diff --git a/sys-apps/systemd/systemd-234-r2.ebuild 
b/sys-apps/systemd/systemd-234-r2.ebuild
index 9d10c9d3fe4..dceb9eda711 100644
--- a/sys-apps/systemd/systemd-234-r2.ebuild
+++ b/sys-apps/systemd/systemd-234-r2.ebuild
@@ -147,9 +147,6 @@ src_unpack() {
 }
 
 src_prepare() {
-   # Bug 463376
-   sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
-
local PATCHES=(

"${FILESDIR}"/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
)
@@ -159,6 +156,7 @@ src_prepare() {
"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
"${FILESDIR}/228-noclean-tmp.patch"
"${FILESDIR}/233-systemd-user-pam.patch"
+   "${FILESDIR}/234-uucp-group.patch"
)
fi
 

diff --git a/sys-apps/systemd/systemd-.ebuild 
b/sys-apps/systemd/systemd-.ebuild
index 78c85bbcdd1..835ac073e82 100644
--- a/sys-apps/systemd/systemd-.ebuild
+++ b/sys-apps/systemd/systemd-.ebuild
@@ -147,9 +147,6 @@ src_unpack() {
 }
 
 src_prepare() {
-   # Bug 463376
-   sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
-
local PATCHES=(
)
 
@@ -158,6 +155,7 @@ src_prepare() {
"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
"${FILESDIR}/228-noclean-tmp.patch"
"${FILESDIR}/233-systemd-user-pam.patch"
+   "${FILESDIR}/234-uucp-group.patch"
)
fi

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2017-07-17 Thread Mike Gilbert 
commit: 3b5be41d4d70c3761351cb4985c7da8f785858c5
Author: Mike Gilbert  gentoo  org>
AuthorDate: Mon Jul 17 15:27:38 2017 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Mon Jul 17 15:27:38 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3b5be41d

sys-apps/systemd: look for generators in {,/usr}/lib/systemd/system-generators

Bug: https://bugs.gentoo.org/625402
Package-Manager: Portage-2.3.6_p16, Repoman-2.3.2_p84

 ...-look-for-generators-in-usr-lib-systemd-s.patch | 27 ++
 .../{systemd-234.ebuild => systemd-234-r1.ebuild}  |  1 +
 2 files changed, 28 insertions(+)

diff --git 
a/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
 
b/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
new file mode 100644
index 000..47e2730a7b3
--- /dev/null
+++ 
b/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
@@ -0,0 +1,27 @@
+From d9287b10d714175521e3bcd6c53de4819b1357c5 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert 
+Date: Mon, 17 Jul 2017 11:21:25 -0400
+Subject: [PATCH] path-lookup: look for generators in
+ {,/usr}/lib/systemd/system-generators
+
+Bug: https://bugs.gentoo.org/625402
+---
+ src/shared/path-lookup.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c
+index e2b3f8b74..1ee0e1cdb 100644
+--- a/src/shared/path-lookup.c
 b/src/shared/path-lookup.c
+@@ -821,6 +821,8 @@ char **generator_binary_paths(UnitFileScope scope) {
+ return strv_new("/run/systemd/system-generators",
+ "/etc/systemd/system-generators",
+ "/usr/local/lib/systemd/system-generators",
++"/usr/lib/systemd/system-generators",
++"/lib/systemd/system-generators",
+ SYSTEM_GENERATOR_PATH,
+ NULL);
+ 
+-- 
+2.13.3
+

diff --git a/sys-apps/systemd/systemd-234.ebuild 
b/sys-apps/systemd/systemd-234-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-234.ebuild
rename to sys-apps/systemd/systemd-234-r1.ebuild
index c80965e1c39..6f45860 100644
--- a/sys-apps/systemd/systemd-234.ebuild
+++ b/sys-apps/systemd/systemd-234-r1.ebuild
@@ -151,6 +151,7 @@ src_prepare() {
sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
 
local PATCHES=(
+   
"${FILESDIR}"/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
)
 
if ! use vanilla; then

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2017-07-02 Thread Mike Gilbert 
commit: dc1c5167bcf33b3a500b072f5c40e8c2c7ab57c4
Author: Mike Gilbert  gentoo  org>
AuthorDate: Sun Jul  2 15:53:46 2017 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Sun Jul  2 15:56:13 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc1c5167

sys-apps/systemd: fix build failure on ia64/alpha

Bug: https://bugs.gentoo.org/623536
Bug: https://bugs.gentoo.org/612102
Package-Manager: Portage-2.3.6_p9, Repoman-2.3.2_p77

 sys-apps/systemd/files/233-format-warnings.patch | 84 
 sys-apps/systemd/systemd-233-r3.ebuild   |  1 +
 2 files changed, 85 insertions(+)

diff --git a/sys-apps/systemd/files/233-format-warnings.patch 
b/sys-apps/systemd/files/233-format-warnings.patch
new file mode 100644
index 000..7bb08f0a320
--- /dev/null
+++ b/sys-apps/systemd/files/233-format-warnings.patch
@@ -0,0 +1,84 @@
+From 3e7d14d78c4d15ec7789299216cbf5c58e61547b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= 
+Date: Sat, 3 Jun 2017 05:41:17 -0400
+Subject: [PATCH] sd-bus: silence format warnings in kdbus code (#6072)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The code is mostly correct, but gcc is trying to outsmart us, and emits a
+warning for a "llu vs lu" mismatch, even though they are the same size (on 
alpha):
+
+src/libsystemd/sd-bus/bus-control.c: In function ‘kernel_get_list’:
+src/libsystemd/sd-bus/bus-control.c:267:42: error: format ‘%llu’ expects 
argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64 {aka 
long unsigned int}’ [-Werror=format=]
+ if (asprintf(, ":1.%llu", name->id) < 0) {
+  ^
+src/libsystemd/sd-bus/bus-control.c: In function ‘bus_get_name_creds_kdbus’:
+src/libsystemd/sd-bus/bus-control.c:714:47: error: format ‘%llu’ expects 
argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64 {aka 
long unsigned int}’ [-Werror=format=]
+ if (asprintf(>unique_name, ":1.%llu", conn_info->id) < 0) {
+   ^
+This is hard to work around properly, because kdbus.h uses __u64 which is
+defined-differently-despite-being-the-same-size then uint64_t. Thus the simple
+solution of using %PRIu64 fails on amd64:
+
+src/libsystemd/sd-bus/bus-control.c:714:47: error: format ‘%lu’ expects 
argument of type ‘long unsigned int’, but argument 3 has type ‘__u64 {aka long 
long unsigned int}’ [-Werror=format=]
+ if (asprintf(>unique_name, ":1.%"PRIu64, conn_info->id) < 
0) {
+   ^~
+
+Let's just avoid the whole issue for now by silencing the warning.
+After the next release, we should just get rid of the kdbus code.
+
+Fixes #5561.
+---
+ src/libsystemd/sd-bus/bus-control.c | 6 ++
+ src/libsystemd/sd-bus/bus-kernel.c  | 2 ++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/src/libsystemd/sd-bus/bus-control.c 
b/src/libsystemd/sd-bus/bus-control.c
+index 9e58ffbd8..303ae0f23 100644
+--- a/src/libsystemd/sd-bus/bus-control.c
 b/src/libsystemd/sd-bus/bus-control.c
+@@ -264,10 +264,13 @@ static int kernel_get_list(sd_bus *bus, uint64_t flags, 
char ***x) {
+ if ((flags & KDBUS_LIST_UNIQUE) && name->id != previous_id && 
!(name->flags & KDBUS_HELLO_ACTIVATOR)) {
+ char *n;
+ 
++#pragma GCC diagnostic push
++#pragma GCC diagnostic ignored "-Wformat"
+ if (asprintf(, ":1.%llu", name->id) < 0) {
+ r = -ENOMEM;
+ goto fail;
+ }
++#pragma GCC diagnostic pop
+ 
+ r = strv_consume(x, n);
+ if (r < 0)
+@@ -711,10 +714,13 @@ int bus_get_name_creds_kdbus(
+ }
+ 
+ if (mask & SD_BUS_CREDS_UNIQUE_NAME) {
++#pragma GCC diagnostic push
++#pragma GCC diagnostic ignored "-Wformat"
+ if (asprintf(>unique_name, ":1.%llu", conn_info->id) < 0) {
+ r = -ENOMEM;
+ goto fail;
+ }
++#pragma GCC diagnostic pop
+ 
+ c->mask |= SD_BUS_CREDS_UNIQUE_NAME;
+ }
+diff --git a/src/libsystemd/sd-bus/bus-kernel.c 
b/src/libsystemd/sd-bus/bus-kernel.c
+index c82caeb3f..ca6aee7c0 100644
+--- a/src/libsystemd/sd-bus/bus-kernel.c
 b/src/libsystemd/sd-bus/bus-kernel.c
+@@ -51,6 +51,8 @@
+ #include "user-util.h"
+ #include "util.h"
+ 
++#pragma GCC diagnostic ignored "-Wformat"
++
+ #define UNIQUE_NAME_MAX (3+DECIMAL_STR_MAX(uint64_t))
+ 
+ int bus_kernel_parse_unique_name(const char *s, uint64_t *id) {
+-- 
+2.13.2
+

diff --git a/sys-apps/systemd/systemd-233-r3.ebuild 
b/sys-apps/systemd/systemd-233-r3.ebuild
index 8210bd8a2f9..ab19c28efc0 100644
--- a/sys-apps/systemd/systemd-233-r3.ebuild
+++ b/sys-apps/systemd/systemd-233-r3.ebuild
@@

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2017-06-28 Thread Mike Gilbert 
commit: e9a542b09cb0ee4c3b085881190bed393f4ece03
Author: Mike Gilbert  gentoo  org>
AuthorDate: Wed Jun 28 20:30:47 2017 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Wed Jun 28 20:31:08 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e9a542b0

sys-apps/systemd: update CVE-2017-9445 patch after upstream revert

Package-Manager: Portage-2.3.6_p9, Repoman-2.3.2_p77

 sys-apps/systemd/files/233-CVE-2017-9445.patch | 29 --
 ...systemd-233-r2.ebuild => systemd-233-r3.ebuild} |  0
 2 files changed, 29 deletions(-)

diff --git a/sys-apps/systemd/files/233-CVE-2017-9445.patch 
b/sys-apps/systemd/files/233-CVE-2017-9445.patch
index a05c41f47b6..22a366ceba0 100644
--- a/sys-apps/systemd/files/233-CVE-2017-9445.patch
+++ b/sys-apps/systemd/files/233-CVE-2017-9445.patch
@@ -147,32 +147,3 @@ index 3abcaf8cf..5dff272fd 100644
  int n_ref;
 -- 
 2.13.1
-
-
-From 415871d88e0c44acf8b90dc07245809087a65d2c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= 
-Date: Wed, 28 Jun 2017 12:24:37 -0400
-Subject: [PATCH 4/4] resolved: drop unnecessary comparison (#6220)
-
-mtu is always greater than UDP_PACKET_HEADER_SIZE at this point.
-Pointed out by Benjamin Robin.

- src/resolve/resolved-dns-packet.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/resolve/resolved-dns-packet.c 
b/src/resolve/resolved-dns-packet.c
-index e2285b440..738d4cc8f 100644
 a/src/resolve/resolved-dns-packet.c
-+++ b/src/resolve/resolved-dns-packet.c
-@@ -57,7 +57,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, 
size_t mtu) {
- if (mtu < UDP_PACKET_HEADER_SIZE)
- a = DNS_PACKET_SIZE_START;
- else
--a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
-+a = mtu;
- 
- /* round up to next page size */
- a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - 
ALIGN(sizeof(DnsPacket));
--- 
-2.13.1
-

diff --git a/sys-apps/systemd/systemd-233-r2.ebuild 
b/sys-apps/systemd/systemd-233-r3.ebuild
similarity index 100%
rename from sys-apps/systemd/systemd-233-r2.ebuild
rename to sys-apps/systemd/systemd-233-r3.ebuild

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2017-01-10 Thread Mike Gilbert 
commit: de560673b0254d41cc9ba910df222cf558ceafe3
Author: Mike Gilbert  gentoo  org>
AuthorDate: Tue Jan 10 22:15:58 2017 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Tue Jan 10 22:22:54 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=de560673

sys-apps/systemd: fix build with gperf-3.1

Bug: https://bugs.gentoo.org/605022

Package-Manager: Portage-2.3.3_p25, Repoman-2.3.1_p18

 ...eck-for-lz4-in-the-old-and-new-numbering.patch} |  12 +-
 ...dd-check-for-gperf-lookup-function-signat.patch | 302 +
 sys-apps/systemd/systemd-232.ebuild|   3 +-
 3 files changed, 310 insertions(+), 7 deletions(-)

diff --git a/sys-apps/systemd/files/232-lz4-version.patch 
b/sys-apps/systemd/files/232-0001-build-sys-check-for-lz4-in-the-old-and-new-numbering.patch
similarity index 83%
rename from sys-apps/systemd/files/232-lz4-version.patch
rename to 
sys-apps/systemd/files/232-0001-build-sys-check-for-lz4-in-the-old-and-new-numbering.patch
index d99ceda..788f0aa 100644
--- a/sys-apps/systemd/files/232-lz4-version.patch
+++ 
b/sys-apps/systemd/files/232-0001-build-sys-check-for-lz4-in-the-old-and-new-numbering.patch
@@ -1,8 +1,8 @@
-From 3d4cf7de48a74726694abbaa09f9804b845ff3ba Mon Sep 17 00:00:00 2001
+From 63621678f44325b4c48574f9c9d7a3c499d1a608 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= 
 Date: Wed, 23 Nov 2016 10:18:30 -0500
-Subject: [PATCH] build-sys: check for lz4 in the old and new numbering scheme
- (#4717)
+Subject: [PATCH 1/2] build-sys: check for lz4 in the old and new numbering
+ scheme (#4717)
 
 lz4 upstream decided to switch to an incompatible numbering scheme
 (1.7.3 follows 131, to match the so version).
@@ -19,12 +19,12 @@ Fixed #4690.
  1 file changed, 6 insertions(+), 3 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index 65eaae1ae..5979de4dc 100644
+index 0b10fc7de..1928e65bd 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -621,10 +621,13 @@ AM_CONDITIONAL(HAVE_BZIP2, [test "$have_bzip2" = "yes"])
+@@ -623,10 +623,13 @@ AM_CONDITIONAL(HAVE_BZIP2, [test "$have_bzip2" = "yes"])
  have_lz4=no
- AC_ARG_ENABLE(lz4, AS_HELP_STRING([--disable-lz4], [disable optional LZ4 
support]))
+ AC_ARG_ENABLE(lz4, AS_HELP_STRING([--disable-lz4], [Disable optional LZ4 
support]))
  AS_IF([test "x$enable_lz4" != "xno"], [
 -PKG_CHECK_MODULES(LZ4, [ liblz4 >= 125 ],
 -   [AC_DEFINE(HAVE_LZ4, 1, [Define in LZ4 is available])

diff --git 
a/sys-apps/systemd/files/232-0002-build-sys-add-check-for-gperf-lookup-function-signat.patch
 
b/sys-apps/systemd/files/232-0002-build-sys-add-check-for-gperf-lookup-function-signat.patch
new file mode 100644
index ..440ec75
--- /dev/null
+++ 
b/sys-apps/systemd/files/232-0002-build-sys-add-check-for-gperf-lookup-function-signat.patch
@@ -0,0 +1,302 @@
+From 016fb3b83b861cfe58694996076a9764dcb46475 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert 
+Date: Tue, 10 Jan 2017 02:39:05 -0500
+Subject: [PATCH 2/2] build-sys: add check for gperf lookup function signature
+ (#5055)
+
+gperf-3.1 generates lookup functions that take a size_t length
+parameter instead of unsigned int. Test for this at configure time.
+
+Fixes: https://github.com/systemd/systemd/issues/5039
+---
+ configure.ac | 22 ++
+ src/basic/af-list.c  |  2 +-
+ src/basic/arphrd-list.c  |  2 +-
+ src/basic/cap-list.c |  2 +-
+ src/basic/errno-list.c   |  2 +-
+ src/core/load-fragment.h |  2 +-
+ src/journal/journald-server.h|  2 +-
+ src/login/logind.h   |  2 +-
+ src/network/networkd-conf.h  |  2 +-
+ src/network/networkd-netdev.h|  2 +-
+ src/network/networkd-network.h   |  2 +-
+ src/nspawn/nspawn-settings.h |  2 +-
+ src/resolve/dns-type.c   |  2 +-
+ src/resolve/resolved-conf.h  |  2 +-
+ src/test/test-af-list.c  |  2 +-
+ src/test/test-arphrd-list.c  |  2 +-
+ src/timesync/timesyncd-conf.h|  2 +-
+ src/udev/net/link-config.h   |  2 +-
+ src/udev/udev-builtin-keyboard.c |  2 +-
+ 19 files changed, 40 insertions(+), 18 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 1928e65bd..5c639e32d 100644
+--- a/configure.ac
 b/configure.ac
+@@ -258,6 +258,28 @@ AC_CHECK_SIZEOF(rlim_t,,[
+#include 
+ ])
+ 
++GPERF_TEST="$(echo foo,bar | ${GPERF} -L ANSI-C)"
++
++AC_COMPILE_IFELSE(
++[AC_LANG_PROGRAM([
++#include 
++const char * in_word_set(const char *, size_t);
++$GPERF_TEST]
++)],
++[GPERF_LEN_TYPE=size_t],
++[AC_COMPILE_IFELSE(
++[AC_LANG_PROGRAM([
++#include 
++const char * in_word_set(const char *, unsigned);
++$GPERF_TEST]
++)],
++[GPERF_LEN_TYPE=unsigned],
++

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2017-01-10 Thread Mike Gilbert 
commit: af7ef4577540518eb2849449d38036c222e9bc2e
Author: Mike Gilbert  gentoo  org>
AuthorDate: Tue Jan 10 22:22:20 2017 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Tue Jan 10 22:22:54 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=af7ef457

sys-apps/systemd: remove old

Package-Manager: Portage-2.3.3_p25, Repoman-2.3.1_p18

 sys-apps/systemd/Manifest  |   1 -
 ...k-for-__BYTE_ORDER-__BIG_ENDIAN-when-chec.patch | 116 --
 ...icitly-include-endian.h-wherever-we-want-.patch |  53 ---
 ...e-MD-from-block-device-ownership-event-lo.patch |  54 ---
 sys-apps/systemd/files/216-lz4-build.patch |  19 -
 .../systemd/files/216-tmpfiles-setup-dev.patch |  21 -
 .../systemd/files/217-systemd-consoled.service.in  |  15 -
 sys-apps/systemd/files/218-noclean-tmp.patch   |  28 --
 .../224-0001-networkd-fix-neworkd-crash.patch  |  28 --
 ...e-getxpid-syscall-on-alpha-for-raw_getpid.patch |  30 --
 sys-apps/systemd/files/229-sysmacros.patch |  79 
 sys-apps/systemd/files/compile-unifont.py  | 119 --
 sys-apps/systemd/files/linux-headers-if.h.patch|  34 --
 sys-apps/systemd/metadata.xml  |   2 -
 sys-apps/systemd/systemd-218-r5.ebuild | 463 -
 15 files changed, 1062 deletions(-)

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index 2a3528a..7d29069 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,4 +1,3 @@
-DIST systemd-218.tar.xz 3782276 SHA256 
1b0768b53b6c6d813a93a4b8fe1f80cf53561b09075010a97c7aa08eee3fd59b SHA512 
c183cce8532ccb4716b84587c96a626eea390202a5469b9d89c8cee7f703e40d7c584e05f29501d375b8cd2a1409d011de564df16f54e27f66b3c3007a6e5bd4
 WHIRLPOOL 
4d0bcf3ddfecd3354d9f4ab13851f8da6baf31e89e64d3b1ac671159f16f23597d88cc2525aece2f867c140fc97e80bce086a5af91f84b8095e2503c13995e6d
 DIST systemd-226.tar.gz 3914162 SHA256 
baff6a938c5579769330d0224280bf1a1ff5920151d7201545fc9880b6326c67 SHA512 
565331661e7d144dcdf1505f9a1a70b20a9b904567478593a8fa47ed18f9eb68a9339cf32f117ede994676a84d0cfe3fcedbc9b8d8c964445b741a32271e5584
 WHIRLPOOL 
9f0d7b761ad84f0bb557a22738d7fcc1b6515340db776790d9199401017747a62c24de214300c1f00fb33f86284f3498cadbece713d6e66a30903475f6bce273
 DIST systemd-231-man.tar.gz 29466 SHA256 
aecf91c1e1791d026b82360d55b4783f8d281c6e80bfe9d6bbf0bac633e4 SHA512 
6c359f88da3e5dc01745f7255c021aafe495d9ca16c74277cbcfa05a6903093ec2c4746a34504d04f2aff464eeaa5518519577c831a08f4336552c6b6e05fdfd
 WHIRLPOOL 
55371b404bfc945abc38d4cef5c555223abbee0993d56b506c896a851ba9ce283f0a020fe24ea273d3674f8a9dbe79b843d32eed93a59b2597b7bad113fbc3e1
 DIST systemd-231.tar.gz 4381464 SHA256 
899733ad6c157cedbb89aec4efe3bc824dcfd65a1d6f6bebc7b043f7924e39b4 SHA512 
199fa33a0494d1d15f7fe3c796fe14913ad386766571d4d3fbb1cb1c446e04f6d06a965213be4c594a7183e810fc2fd4804fe14f64f21b0a1278b717889811c6
 WHIRLPOOL 
7779291e9fb9873cb1773b8583cf6d4b7dec837363ea89c4a73c1e397a76752b66f8b57d8fc4d9cef768cc1855b5e325ad88a8a69eb5380aa924e0a6dead41b1

diff --git 
a/sys-apps/systemd/files/215-0001-always-check-for-__BYTE_ORDER-__BIG_ENDIAN-when-chec.patch
 
b/sys-apps/systemd/files/215-0001-always-check-for-__BYTE_ORDER-__BIG_ENDIAN-when-chec.patch
deleted file mode 100644
index b29c10d..
--- 
a/sys-apps/systemd/files/215-0001-always-check-for-__BYTE_ORDER-__BIG_ENDIAN-when-chec.patch
+++ /dev/null
@@ -1,116 +0,0 @@
-From 28f6bb18cdea297164763db94e2366ca4857c9c7 Mon Sep 17 00:00:00 2001
-From: Lennart Poettering 
-Date: Fri, 11 Jul 2014 15:56:16 +0200
-Subject: [PATCH 1/2] always check for __BYTE_ORDER == __BIG_ENDIAN when
- checking for endianess
-
-Let's always stick to glibc's way to determine byte order, and not mix
-autoconf-specific checks with gcc checks.

- src/shared/architecture.h | 12 ++--
- src/shared/gpt.h  |  4 ++--
- src/shared/time-dst.c |  6 +++---
- 3 files changed, 11 insertions(+), 11 deletions(-)
-
-diff --git a/src/shared/architecture.h b/src/shared/architecture.h
-index 4821d5d..58e97e5 100644
 a/src/shared/architecture.h
-+++ b/src/shared/architecture.h
-@@ -80,7 +80,7 @@ Architecture uname_architecture(void);
- #  define native_architecture() ARCHITECTURE_X86
- #  define LIB_ARCH_TUPLE "i386-linux-gnu"
- #elif defined(__powerpc64__)
--#  if defined(WORDS_BIGENDIAN)
-+#  if __BYTE_ORDER == __BIG_ENDIAN
- #define native_architecture() ARCHITECTURE_PPC64
- #define LIB_ARCH_TUPLE "ppc64-linux-gnu"
- #  else
-@@ -88,7 +88,7 @@ Architecture uname_architecture(void);
- #error "Missing LIB_ARCH_TUPLE for PPC64LE"
- #  endif
- #elif defined(__powerpc__)
--#  if defined(WORDS_BIGENDIAN)
-+#  if __BYTE_ORDER == __BIG_ENDIAN
- #define native_architecture() ARCHITECTURE_PPC
- #define LIB_ARCH_TUPLE "powerpc-linux-gnu"
- #  else
-@@ -117,7 +117,7 @@ Architecture uname_architecture(void);
- #  define native_architecture() ARCHITECTURE_SPARC
- #  define

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2016-11-03 Thread Mike Gilbert 
commit: 8e4e49d41e1a128a609bb4ec7646b79c5f7e8f7e
Author: Mike Gilbert  gentoo  org>
AuthorDate: Thu Nov  3 19:52:02 2016 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Fri Nov  4 01:05:57 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e4e49d4

sys-apps/systemd: add sample nsswitch.conf

Package-Manager: portage-2.3.2_p3

 sys-apps/systemd/files/nsswitch.conf | 27 +++
 sys-apps/systemd/systemd-.ebuild |  1 +
 2 files changed, 28 insertions(+)

diff --git a/sys-apps/systemd/files/nsswitch.conf 
b/sys-apps/systemd/files/nsswitch.conf
new file mode 100644
index ..00667c0
--- /dev/null
+++ b/sys-apps/systemd/files/nsswitch.conf
@@ -0,0 +1,27 @@
+# Sample nss configuration for systemd
+
+# systemd-specific modules
+# See the manual pages fore further information.
+# nss-myhostname - host resolution for the local hostname
+# nss-mymachines - host, user, group resolution for containers
+# nss-resolve - host resolution using resolved
+# nss-systemd - dynamic user/group resolution (DynamicUser in unit files)
+
+passwd:compat mymachines systemd
+shadow:compat
+group: compat mymachines systemd
+gshadow:   files
+
+hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
+networks:  files
+
+services:  db files
+protocols: db files
+rpc:   db files
+ethers:db files
+netmasks:  files
+netgroup:  files
+bootparams:files
+
+automount: files
+aliases:   files

diff --git a/sys-apps/systemd/systemd-.ebuild 
b/sys-apps/systemd/systemd-.ebuild
index 0083535..5835868 100644
--- a/sys-apps/systemd/systemd-.ebuild
+++ b/sys-apps/systemd/systemd-.ebuild
@@ -326,6 +326,7 @@ multilib_src_install() {
 multilib_src_install_all() {
prune_libtool_files --modules
einstalldocs
+   dodoc "${FILESDIR}"/nsswitch.conf
 
if [[ ${PV} !=  ]]; then
use doc || doman "${WORKDIR}"/man/systemd.{directives,index}.7

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2016-10-29 Thread Mike Gilbert 
commit: 448fde98950def2b1d69bd05903c8e800b3bbead
Author: Mike Gilbert  gentoo  org>
AuthorDate: Sun Oct 30 03:51:37 2016 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Sun Oct 30 03:52:10 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=448fde98

sys-apps/systemd: call pam_limits for systemd-user

As suggested by DISTRO_PORTING.

Package-Manager: portage-2.3.2_p1

 sys-apps/systemd/files/232-systemd-user-pam.patch | 8 
 sys-apps/systemd/systemd-.ebuild  | 1 +
 2 files changed, 9 insertions(+)

diff --git a/sys-apps/systemd/files/232-systemd-user-pam.patch 
b/sys-apps/systemd/files/232-systemd-user-pam.patch
new file mode 100644
index ..a6501ba
--- /dev/null
+++ b/sys-apps/systemd/files/232-systemd-user-pam.patch
@@ -0,0 +1,8 @@
+--- a/src/login/systemd-user.m4
 b/src/login/systemd-user.m4
+@@ -9,4 +9,5 @@
+ session  required pam_selinux.so nottys open
+ )m4_dnl
+ session  required pam_loginuid.so
++session required pam_limits.so
+ session optional pam_systemd.so

diff --git a/sys-apps/systemd/systemd-.ebuild 
b/sys-apps/systemd/systemd-.ebuild
index c0a9abc..b79eeac 100644
--- a/sys-apps/systemd/systemd-.ebuild
+++ b/sys-apps/systemd/systemd-.ebuild
@@ -159,6 +159,7 @@ src_prepare() {
local PATCHES=(
"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
"${FILESDIR}/228-noclean-tmp.patch"
+   "${FILESDIR}/232-systemd-user-pam.patch"
)
[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2016-04-09 Thread Mike Gilbert 
commit: c008e237dd1dfd1139373e4e6287e95f94c60346
Author: Mike Gilbert  gentoo  org>
AuthorDate: Sun Apr 10 01:05:07 2016 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Sun Apr 10 01:05:35 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c008e237

sys-apps/systemd: Add workaround for if.h conflict

Bug: https://bugs.gentoo.org/577660

Package-Manager: portage-2.2.28_p3

 sys-apps/systemd/files/linux-headers-if.h.patch | 34 +
 sys-apps/systemd/systemd-229-r100.ebuild|  1 +
 sys-apps/systemd/systemd-229.ebuild |  1 +
 3 files changed, 36 insertions(+)

diff --git a/sys-apps/systemd/files/linux-headers-if.h.patch 
b/sys-apps/systemd/files/linux-headers-if.h.patch
new file mode 100644
index 000..d0c38a9
--- /dev/null
+++ b/sys-apps/systemd/files/linux-headers-if.h.patch
@@ -0,0 +1,34 @@
+From 96b90055e1e21417d4beb973fcb62858d7c69c17 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert 
+Date: Sat, 9 Apr 2016 18:07:02 -0400
+Subject: [PATCH] Work around net/if.h / linux/if.h conflict
+
+---
+ src/shared/firewall-util.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c
+index 0d3da2e..521e09c 100644
+--- a/src/shared/firewall-util.c
 b/src/shared/firewall-util.c
+@@ -17,14 +17,16 @@
+   along with systemd; If not, see .
+ ***/
+ 
++#define _NET_IF_H 1
++
+ #include 
+ #include 
+ #include 
+ #include 
+-#include 
+ #include 
+ #include 
+ #include 
++#include 
+ #include 
+ #include 
+ #include 
+-- 
+2.8.1
+

diff --git a/sys-apps/systemd/systemd-229-r100.ebuild 
b/sys-apps/systemd/systemd-229-r100.ebuild
index 0a7cf4d..cd9d446 100644
--- a/sys-apps/systemd/systemd-229-r100.ebuild
+++ b/sys-apps/systemd/systemd-229-r100.ebuild
@@ -152,6 +152,7 @@ src_prepare() {
local PATCHES=(
"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
"${FILESDIR}/228-noclean-tmp.patch"
+   "${FILESDIR}/linux-headers-if.h.patch"
)
[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
 

diff --git a/sys-apps/systemd/systemd-229.ebuild 
b/sys-apps/systemd/systemd-229.ebuild
index 70ec90f..0a35d50 100644
--- a/sys-apps/systemd/systemd-229.ebuild
+++ b/sys-apps/systemd/systemd-229.ebuild
@@ -152,6 +152,7 @@ src_prepare() {
local PATCHES=(
"${FILESDIR}/218-Dont-enable-audit-by-default.patch"
"${FILESDIR}/228-noclean-tmp.patch"
+   "${FILESDIR}/linux-headers-if.h.patch"
)
[[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2015-09-25 Thread Mike Gilbert 
commit: 884081f76bfb615b4ff37f2cbebe02195a94d6d6
Author: Mike Gilbert  gentoo  org>
AuthorDate: Fri Sep 25 14:49:55 2015 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Fri Sep 25 14:51:33 2015 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=884081f7

sys-apps/systemd: Disable cleaning of /tmp and /var/tmp

Bug: https://bugs.gentoo.org/490676

Package-Manager: portage-2.2.21_p119

 sys-apps/systemd/files/218-noclean-tmp.patch   |  28 +
 sys-apps/systemd/files/226-noclean-tmp.patch   |  28 +
 .../{systemd-.ebuild => systemd-218-r4.ebuild} | 135 ++---
 .../{systemd-.ebuild => systemd-226-r1.ebuild} |   3 +-
 sys-apps/systemd/systemd-.ebuild   |   1 +
 5 files changed, 121 insertions(+), 74 deletions(-)

diff --git a/sys-apps/systemd/files/218-noclean-tmp.patch 
b/sys-apps/systemd/files/218-noclean-tmp.patch
new file mode 100644
index 000..5dcc4b9
--- /dev/null
+++ b/sys-apps/systemd/files/218-noclean-tmp.patch
@@ -0,0 +1,28 @@
+From 63e5f76a91e2401e8a6227d0d8ae5e75dd2213b0 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert 
+Date: Fri, 25 Sep 2015 10:26:18 -0400
+Subject: [PATCH] tmpfiles: Disable cleaning of /tmp and /var/tmp
+
+Bug: https://bugs.gentoo.org/490676
+---
+ tmpfiles.d/tmp.conf | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tmpfiles.d/tmp.conf b/tmpfiles.d/tmp.conf
+index b80dab4..241fad5 100644
+--- a/tmpfiles.d/tmp.conf
 b/tmpfiles.d/tmp.conf
+@@ -8,8 +8,8 @@
+ # See tmpfiles.d(5) for details
+ 
+ # Clear tmp directories separately, to make them easier to override
+-d /tmp 1777 root root 10d
+-d /var/tmp 1777 root root 30d
++v /tmp 1777 root root
++v /var/tmp 1777 root root
+ 
+ # Exclude namespace mountpoints created with PrivateTmp=yes
+ x /tmp/systemd-private-%b-*
+-- 
+2.5.3
+

diff --git a/sys-apps/systemd/files/226-noclean-tmp.patch 
b/sys-apps/systemd/files/226-noclean-tmp.patch
new file mode 100644
index 000..290b1bd
--- /dev/null
+++ b/sys-apps/systemd/files/226-noclean-tmp.patch
@@ -0,0 +1,28 @@
+From 3a44775e2618896526d093f7142934205e46d33a Mon Sep 17 00:00:00 2001
+From: Mike Gilbert 
+Date: Fri, 25 Sep 2015 10:26:18 -0400
+Subject: [PATCH] tmpfiles: Disable cleaning of /tmp and /var/tmp
+
+Bug: https://bugs.gentoo.org/490676
+---
+ tmpfiles.d/tmp.conf | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tmpfiles.d/tmp.conf b/tmpfiles.d/tmp.conf
+index ffdd82f..241fad5 100644
+--- a/tmpfiles.d/tmp.conf
 b/tmpfiles.d/tmp.conf
+@@ -8,8 +8,8 @@
+ # See tmpfiles.d(5) for details
+ 
+ # Clear tmp directories separately, to make them easier to override
+-v /tmp 1777 root root 10d
+-v /var/tmp 1777 root root 30d
++v /tmp 1777 root root
++v /var/tmp 1777 root root
+ 
+ # Exclude namespace mountpoints created with PrivateTmp=yes
+ x /tmp/systemd-private-%b-*
+-- 
+2.5.3
+

diff --git a/sys-apps/systemd/systemd-.ebuild 
b/sys-apps/systemd/systemd-218-r4.ebuild
similarity index 84%
copy from sys-apps/systemd/systemd-.ebuild
copy to sys-apps/systemd/systemd-218-r4.ebuild
index 2ec9957..7be421d 100644
--- a/sys-apps/systemd/systemd-.ebuild
+++ b/sys-apps/systemd/systemd-218-r4.ebuild
@@ -4,32 +4,27 @@
 
 EAPI=5
 
-if [[ ${PV} ==  ]]; then
-   EGIT_REPO_URI="https://github.com/systemd/systemd.git;
-   inherit git-r3
-else
-   SRC_URI="https://github.com/systemd/systemd/archive/v${PV}.tar.gz -> 
${P}.tar.gz"
-   KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86"
-fi
-
-inherit autotools bash-completion-r1 linux-info multilib \
-   multilib-minimal pam systemd toolchain-funcs udev user
+AUTOTOOLS_PRUNE_LIBTOOL_FILES=all
+PYTHON_COMPAT=( python{2_7,3_3,3_4} )
+inherit autotools-utils bash-completion-r1 linux-info multilib \
+   multilib-minimal pam python-single-r1 systemd toolchain-funcs udev \
+   user
 
 DESCRIPTION="System and service manager for Linux"
 HOMEPAGE="http://www.freedesktop.org/wiki/Software/systemd;
+SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz;
 
 LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
 SLOT="0/2"
-IUSE="acl apparmor audit cryptsetup curl elfutils gcrypt gnuefi http
-   idn importd +kdbus +kmod +lz4 lzma nat pam policykit
-   qrcode +seccomp selinux ssl sysv-utils test vanilla xkb"
-
-REQUIRED_USE="importd? ( curl gcrypt lzma )"
+KEYWORDS="alpha amd64 arm ia64 ppc ppc64 sparc x86"
+IUSE="acl apparmor audit cryptsetup curl doc elfutils gcrypt gudev http
+   idn introspection kdbus +kmod +lz4 lzma pam policykit python qrcode 
+seccomp
+   selinux ssl sysv-utils terminal test vanilla xkb"
 
-MINKV="3.11"
+MINKV="3.8"
 
-COMMON_DEPEND=">=sys-apps/util-linux-2.27:0=[${MULTILIB_USEDEP}]
-   sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+COMMON_DEPEND=">=sys-apps/util-linux-2.25:0=
+   sys-libs/libcap:0=
!=dev-util/gtk-doc-1.18 )
+   python? ( dev-python/lxml[${PYTHON_USEDEP}] )
+

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2015-09-25 Thread Mike Gilbert 
commit: 8595c126a7159621855791860b74f7d40b7eeed0
Author: Mike Gilbert  gentoo  org>
AuthorDate: Sat Sep 26 01:52:46 2015 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Sat Sep 26 01:53:25 2015 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8595c126

sys-apps/systemd: Fix noclean-tmp patch for 218

Package-Manager: portage-2.2.21_p119

 sys-apps/systemd/files/218-noclean-tmp.patch |   4 +-
 sys-apps/systemd/systemd-218-r5.ebuild   | 463 +++
 2 files changed, 465 insertions(+), 2 deletions(-)

diff --git a/sys-apps/systemd/files/218-noclean-tmp.patch 
b/sys-apps/systemd/files/218-noclean-tmp.patch
index 5dcc4b9..b02e5c8 100644
--- a/sys-apps/systemd/files/218-noclean-tmp.patch
+++ b/sys-apps/systemd/files/218-noclean-tmp.patch
@@ -18,8 +18,8 @@ index b80dab4..241fad5 100644
  # Clear tmp directories separately, to make them easier to override
 -d /tmp 1777 root root 10d
 -d /var/tmp 1777 root root 30d
-+v /tmp 1777 root root
-+v /var/tmp 1777 root root
++d /tmp 1777 root root
++d /var/tmp 1777 root root
  
  # Exclude namespace mountpoints created with PrivateTmp=yes
  x /tmp/systemd-private-%b-*

diff --git a/sys-apps/systemd/systemd-218-r5.ebuild 
b/sys-apps/systemd/systemd-218-r5.ebuild
new file mode 100644
index 000..7be421d
--- /dev/null
+++ b/sys-apps/systemd/systemd-218-r5.ebuild
@@ -0,0 +1,463 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+AUTOTOOLS_PRUNE_LIBTOOL_FILES=all
+PYTHON_COMPAT=( python{2_7,3_3,3_4} )
+inherit autotools-utils bash-completion-r1 linux-info multilib \
+   multilib-minimal pam python-single-r1 systemd toolchain-funcs udev \
+   user
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="http://www.freedesktop.org/wiki/Software/systemd;
+SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz;
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+KEYWORDS="alpha amd64 arm ia64 ppc ppc64 sparc x86"
+IUSE="acl apparmor audit cryptsetup curl doc elfutils gcrypt gudev http
+   idn introspection kdbus +kmod +lz4 lzma pam policykit python qrcode 
+seccomp
+   selinux ssl sysv-utils terminal test vanilla xkb"
+
+MINKV="3.8"
+
+COMMON_DEPEND=">=sys-apps/util-linux-2.25:0=
+   sys-libs/libcap:0=
+   !=sys-process/audit-2:0= )
+   cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
+   curl? ( net-misc/curl:0= )
+   elfutils? ( >=dev-libs/elfutils-0.158:0= )
+   gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+   gudev? ( >=dev-libs/glib-2.34.3:2=[${MULTILIB_USEDEP}] )
+   http? (
+   >=net-libs/libmicrohttpd-0.9.33:0=
+   ssl? ( >=net-libs/gnutls-3.1.4:0= )
+   )
+   idn? ( net-dns/libidn:0= )
+   introspection? ( >=dev-libs/gobject-introspection-1.31.1:0= )
+   kmod? ( >=sys-apps/kmod-15:0= )
+   lz4? ( >=app-arch/lz4-0_p119:0=[${MULTILIB_USEDEP}] )
+   lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+   pam? ( virtual/pam:= )
+   python? ( ${PYTHON_DEPS} )
+   qrcode? ( media-gfx/qrencode:0= )
+   seccomp? ( sys-libs/libseccomp:0= )
+   selinux? ( sys-libs/libselinux:0= )
+   sysv-utils? (
+   !sys-apps/systemd-sysv-utils
+   !sys-apps/sysvinit )
+   terminal? ( >=dev-libs/libevdev-1.2:0=
+   >=x11-libs/libxkbcommon-0.5:0=
+   >=x11-libs/libdrm-2.4:0= )
+   xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )
+   abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
+   !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+   >=sys-apps/baselayout-2.2
+   !sys-auth/nss-myhostname
+   !sys-fs/eudev
+   !sys-fs/udev
+   gudev? ( !dev-libs/libgudev )"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.6.8-r1:0[systemd]
+   >=sys-apps/hwids-20130717-r1[udev]
+   >=sys-fs/udev-init-scripts-25
+   policykit? ( sys-auth/polkit )
+   !vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+   app-arch/xz-utils:0
+   dev-util/gperf
+   >=dev-util/intltool-0.50
+   >=sys-apps/coreutils-8.16
+   >=sys-devel/binutils-2.23.1
+   >=sys-devel/gcc-4.6
+   >=sys-kernel/linux-headers-${MINKV}
+   ia64? ( >=sys-kernel/linux-headers-3.9 )
+   virtual/pkgconfig
+   doc? ( >=dev-util/gtk-doc-1.18 )
+   python? ( dev-python/lxml[${PYTHON_USEDEP}] )
+   test? ( >=sys-apps/dbus-1.6.8-r1:0 )"
+
+PATCHES=(
+   "${FILESDIR}/218-Dont-enable-audit-by-default.patch"
+   "${FILESDIR}/218-noclean-tmp.patch"
+)
+
+pkg_pretend() {
+   local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
+   ~DEVPTS_MULTIPLE_INSTANCES ~DEVTMPFS ~DMIID ~EPOLL

[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

2015-08-22 Thread Mike Gilbert 
commit: 1dbc772ea5dbbac9a8f910033d0fb5abd7b45459
Author: Mike Gilbert floppym AT gentoo DOT org
AuthorDate: Sat Aug 22 17:09:48 2015 +
Commit: Mike Gilbert floppym AT gentoo DOT org
CommitDate: Sat Aug 22 17:16:24 2015 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1dbc772e

sys-apps/systemd: Backport build fix for alpha

Bug: https://bugs.gentoo.org/543900

Package-Manager: portage-2.2.20_p134

 ...e-getxpid-syscall-on-alpha-for-raw_getpid.patch | 30 ++
 sys-apps/systemd/systemd-224-r1.ebuild |  1 +
 2 files changed, 31 insertions(+)

diff --git 
a/sys-apps/systemd/files/224-0002-Use-getxpid-syscall-on-alpha-for-raw_getpid.patch
 
b/sys-apps/systemd/files/224-0002-Use-getxpid-syscall-on-alpha-for-raw_getpid.patch
new file mode 100644
index 000..40e2d1c
--- /dev/null
+++ 
b/sys-apps/systemd/files/224-0002-Use-getxpid-syscall-on-alpha-for-raw_getpid.patch
@@ -0,0 +1,30 @@
+From a242a99d42276b6b764f80bd0de70c26e5c5f1d4 Mon Sep 17 00:00:00 2001
+From: Matt Turner matts...@gmail.com
+Date: Tue, 4 Aug 2015 14:47:01 -0700
+Subject: [PATCH] Use getxpid syscall on alpha for raw_getpid()
+
+Alpha does not have a getpid syscall, but rather has getxpid to match
+OSF/1.
+---
+ src/basic/missing.h | 4 
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/basic/missing.h b/src/basic/missing.h
+index ed6cd80..34ab025 100644
+--- a/src/basic/missing.h
 b/src/basic/missing.h
+@@ -977,7 +977,11 @@ static inline int raw_clone(unsigned long flags, void 
*child_stack) {
+ }
+ 
+ static inline pid_t raw_getpid(void) {
++#if defined(__alpha__)
++return (pid_t) syscall(__NR_getxpid);
++#else
+ return (pid_t) syscall(__NR_getpid);
++#endif
+ }
+ 
+ #if !HAVE_DECL_RENAMEAT2
+-- 
+2.5.0
+

diff --git a/sys-apps/systemd/systemd-224-r1.ebuild 
b/sys-apps/systemd/systemd-224-r1.ebuild
index 7d4b2b7..521109e 100644
--- a/sys-apps/systemd/systemd-224-r1.ebuild
+++ b/sys-apps/systemd/systemd-224-r1.ebuild
@@ -105,6 +105,7 @@ fi
 PATCHES=(
${FILESDIR}/218-Dont-enable-audit-by-default.patch
${FILESDIR}/224-0001-networkd-fix-neworkd-crash.patch
+   ${FILESDIR}/224-0002-Use-getxpid-syscall-on-alpha-for-raw_getpid.patch
 )
 
 pkg_pretend() {