From ec4a94845f76a144736e85f708e4b5cdd5c5793c Mon Sep 17 00:00:00 2001 From: Sam James Date: Thu, 13 Jan 2022 00:15:37 +0000 Subject: sys-apps/systemd-tmpfiles: add 249.9 Note that systemd-tmpfiles-249.7 in Gentoo already had a backport for the CVE-2021-3997 fix, so there's no explicit _need_ to upgrade from 249.7->249.9 for the security bug. Of course, if running <249.7, please do upgrade. Anyway, this is the first release upstream packaged in Gentoo with the fix, so I'm adding it to avoid confusion and to generally minimise upstream delta so we notice issues sooner. Bug: https://bugs.gentoo.org/830967 Signed-off-by: Sam James --- sys-apps/systemd-tmpfiles/Manifest | 1 + .../systemd-tmpfiles/systemd-tmpfiles-249.9.ebuild | 257 +++++++++++++++++++++ 2 files changed, 258 insertions(+) create mode 100644 sys-apps/systemd-tmpfiles/systemd-tmpfiles-249.9.ebuild (limited to 'sys-apps/systemd-tmpfiles') diff --git a/sys-apps/systemd-tmpfiles/Manifest b/sys-apps/systemd-tmpfiles/Manifest index 8f7f65ff7640..70031c2ea400 100644 --- a/sys-apps/systemd-tmpfiles/Manifest +++ b/sys-apps/systemd-tmpfiles/Manifest @@ -2,3 +2,4 @@ DIST systemd-249.7-CVE-2021-3997.tar.gz 8431 BLAKE2B 167ae8bfb3b653fa4a7a62eee16 DIST systemd-musl-patches-249.5-r1.tar.xz 25148 BLAKE2B 6717291b5335997dcc327764beffc4ded50a5ac0e777bb3c540b5e355bee419c3d9b4a5605c239392d4c1b0e70792bc87282fa15dc9c09a0465b5608f2909006 SHA512 4bb7566437c280e75402fc435a3437aedad127f7b94c9bd54b94e9e1e7507409ad0898681f23e813b9b47414f58e4ca413b6d4e520bbbf578faec09054bf7f9b DIST systemd-stable-249.5.tar.gz 10597897 BLAKE2B 5c573322ef9bcd9d019776d6e2d8625a741c1535c0d06661b5666c2438a70cfc4dc182919bb419829de27a4d93c16717ce24e668faf9bd6b09e57f8bd88be725 SHA512 d6f1a5a6f03f0ed05b111aee75da509c5868c523af6209f33e630724dd0c7e0d0abf16920795d587e6c31a5915d247ebc613cf26d4aecf39f82ebb0690fab75f DIST systemd-stable-249.7.tar.gz 10608252 BLAKE2B a5597c4973b24c962779622cae47dbf8351af49f8cd898d9c16a967c6f3600c6feb293e9b03eab0423b860eef5b04b287185fb9827cb323429d0ab9fc6d809b2 SHA512 4daf8570621fdcda5c94d982908c64eddfeef989005f4fd79a10f199dbc6f366354177bb59dff34bcb14764fb4423a870ffabac1163849ec53592e29760105fc +DIST systemd-stable-249.9.tar.gz 10613893 BLAKE2B fc7a14fa3b0cc3d05fa9f20fde2efedd3ef0f011d9dce53b0a418994b4257cf753b228cf98f749fb2028d81db55ef30a6e3d9b138d86239cad4fc730d845f9e2 SHA512 ce57bc6c522082e55649fc1886c4dc818c89607e175df2c92feffe288dbd38757f36b30abeebe153f5be6b664a49d729405040a952473cb2133a2e39cf9cc164 diff --git a/sys-apps/systemd-tmpfiles/systemd-tmpfiles-249.9.ebuild b/sys-apps/systemd-tmpfiles/systemd-tmpfiles-249.9.ebuild new file mode 100644 index 000000000000..437f7b42c6b0 --- /dev/null +++ b/sys-apps/systemd-tmpfiles/systemd-tmpfiles-249.9.ebuild @@ -0,0 +1,257 @@ +# Copyright 2020-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +if [[ ${PV} == *.* ]]; then + MY_PN=systemd-stable +else + MY_PN=systemd +fi + +MINKV="3.11" +MUSL_PATCHSET="249.5-r1" +PYTHON_COMPAT=( python3_{8..10} ) +inherit flag-o-matic meson python-any-r1 + +DESCRIPTION="Creates, deletes and cleans up volatile and temporary files and directories" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd" +SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${PV}.tar.gz -> ${MY_PN}-${PV}.tar.gz + elibc_musl? ( + https://dev.gentoo.org/~gyakovlev/distfiles/systemd-musl-patches-${MUSL_PATCHSET}.tar.xz + https://dev.gentoo.org/~soap/distfiles/systemd-musl-patches-${MUSL_PATCHSET}.tar.xz + )" + +LICENSE="BSD-2 GPL-2 LGPL-2.1 MIT public-domain" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="selinux test" +RESTRICT="!test? ( test )" + +RDEPEND=" + sys-apps/acl:0= + >=sys-apps/util-linux-2.30:0= + sys-libs/libcap:0= + selinux? ( sys-libs/libselinux:0= ) + virtual/libcrypt:= + !sys-apps/opentmpfiles + !sys-apps/systemd +" + +DEPEND=" + ${RDEPEND} + >=sys-kernel/linux-headers-${MINKV} +" + +BDEPEND=" + ${PYTHON_DEPS} + $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]') + app-text/docbook-xml-dtd:4.2 + app-text/docbook-xml-dtd:4.5 + app-text/docbook-xsl-stylesheets + dev-libs/libxslt + dev-util/gperf + >=dev-util/meson-0.46 + >=sys-apps/coreutils-8.16 + sys-devel/gettext + virtual/pkgconfig +" + +S="${WORKDIR}/${MY_PN}-${PV}" + +python_check_deps() { + has_version -b "dev-python/jinja[${PYTHON_USEDEP}]" +} + +pkg_pretend() { + if [[ -n ${EPREFIX} ]]; then + ewarn "systemd-tmpfiles uses un-prefixed paths at runtime.". + fi +} + +pkg_setup() { + python-any-r1_pkg_setup +} + +src_prepare() { + # musl patchset from: + # http://cgit.openembedded.org/openembedded-core/tree/meta/recipes-core/systemd/systemd + # check SRC_URI_MUSL in systemd_${PV}.bb file for exact list of musl patches + # we share patch tarball with sys-fs/udev + if use elibc_musl; then + einfo "applying musl patches and workarounds" + eapply "${WORKDIR}/musl-patches" + + # avoids re-definition of struct ethhdr, also 0006-Include-netinet-if_ether.h.patch + append-cppflags '-D__UAPI_DEF_ETHHDR=0' + + # src/basic/rlimit-util.c:46:19: error: format ‘%lu’ expects argument of type ‘long unsigned int’, + # but argument 9 has type ‘rlim_t’ {aka ‘long long unsigned int’} + # not a nice workaround, but it comes from debug messages and we don't really use this component. + append-cflags '-Wno-error=format' + fi + + default + + # https://bugs.gentoo.org/767403 + python_fix_shebang src/test/*.py + python_fix_shebang test/*.py + python_fix_shebang tools/*.py +} + +src_configure() { + # disable everything until configure says "enabled features: ACL, tmpfiles, standalone-binaries, static-libsystemd(true)" + # and optionally selinux feature can be enabled to make tmpfiles secontext-aware + local systemd_disable_options=( + adm-group + analyze + apparmor + audit + backlight + binfmt + blkid + bzip2 + coredump + dbus + efi + elfutils + environment-d + fdisk + gcrypt + glib + gshadow + gnutls + hibernate + hostnamed + hwdb + idn + ima + initrd + firstboot + kernel-install + kmod + ldconfig + libcryptsetup + libcurl + libfido2 + libidn + libidn2 + libiptc + link-networkd-shared + link-systemctl-shared + link-timesyncd-shared + link-udev-shared + localed + logind + lz4 + machined + microhttpd + networkd + nscd + nss-myhostname + nss-resolve + nss-systemd + oomd + openssl + p11kit + pam + pcre2 + polkit + portabled + pstore + pwquality + randomseed + resolve + rfkill + seccomp + smack + sysext + sysusers + timedated + timesyncd + tpm + qrencode + quotacheck + userdb + utmp + vconsole + wheel-group + xdg-autostart + xkbcommon + xz + zlib + zstd + ) + + # prepend -D and append =false, e.g. zstd becomes -Dzstd=false + systemd_disable_options=( ${systemd_disable_options[@]/#/-D} ) + systemd_disable_options=( ${systemd_disable_options[@]/%/=false} ) + + local emesonargs=( + -Drootprefix="${EPREFIX:-/}" + -Dacl=true + -Dtmpfiles=true + -Dstandalone-binaries=true # this and below option does the magic + -Dstatic-libsystemd=true + -Dsysvinit-path='' + ${systemd_disable_options[@]} + $(meson_use selinux) + ) + meson_src_configure +} + +src_compile() { + # tmpfiles and sysusers can be built as standalone and link systemd-shared in statically. + # https://github.com/systemd/systemd/pull/16061 original implementation + # we just need to pass -Dstandalone-binaries=true and + # use .standalone target below. + # check meson.build for if have_standalone_binaries condition per target. + local mytargets=( + systemd-tmpfiles.standalone + man/tmpfiles.d.5 + man/systemd-tmpfiles.8 + ) + meson_src_compile "${mytargets[@]}" +} + +src_install() { + # lean and mean installation, single binary and man-pages + pushd "${BUILD_DIR}" > /dev/null || die + into / + newbin systemd-tmpfiles.standalone systemd-tmpfiles + + doman man/{systemd-tmpfiles.8,tmpfiles.d.5} + + popd > /dev/null || die + + # service files adapter from opentmpfiles + newinitd "${FILESDIR}"/stmpfiles-dev.initd stmpfiles-dev + newinitd "${FILESDIR}"/stmpfiles-setup.initd stmpfiles-setup + + # same content, but install as different file + newconfd "${FILESDIR}"/stmpfiles.confd stmpfiles-dev + newconfd "${FILESDIR}"/stmpfiles.confd stmpfiles-setup +} + +src_test() { + # 'meson test' will compile full systemd, but we can still outsmart it + "${EPYTHON}" test/test-systemd-tmpfiles.py \ + "${BUILD_DIR}"/systemd-tmpfiles.standalone || die "${FUNCNAME} failed" +} + +# stolen from opentmpfiles ebuild +add_service() { + local initd=$1 + local runlevel=$2 + + elog "Auto-adding '${initd}' service to your ${runlevel} runlevel" + mkdir -p "${EROOT}/etc/runlevels/${runlevel}" + ln -snf "${EPREFIX}/etc/init.d/${initd}" "${EROOT}/etc/runlevels/${runlevel}/${initd}" +} + +pkg_postinst() { + if [[ -z $REPLACING_VERSIONS ]]; then + add_service stmpfiles-dev sysinit + add_service stmpfiles-setup boot + fi +} -- cgit v1.2.3-65-gdbad