diff options
| -rw-r--r-- | profiles/arch/alpha/package.use.mask | 4 | ||||
| -rw-r--r-- | profiles/arch/hppa/package.use.mask | 4 | ||||
| -rw-r--r-- | profiles/arch/ia64/package.use.mask | 4 | ||||
| -rw-r--r-- | profiles/arch/loong/package.use.mask | 4 | ||||
| -rw-r--r-- | profiles/arch/s390/package.use.mask | 4 | ||||
| -rw-r--r-- | profiles/arch/sparc/package.use.mask | 4 | ||||
| -rw-r--r-- | sys-apps/systemd/files/256-bpf-gcc.patch | 26 | ||||
| -rw-r--r-- | sys-apps/systemd/metadata.xml | 1 | ||||
| -rw-r--r-- | sys-apps/systemd/systemd-256.5.ebuild | 10 | ||||
| -rw-r--r-- | sys-apps/systemd/systemd-9999.ebuild | 9 |
10 files changed, 68 insertions, 2 deletions
diff --git a/profiles/arch/alpha/package.use.mask b/profiles/arch/alpha/package.use.mask index a3fc2a240cd9..aaeb3a221a78 100644 --- a/profiles/arch/alpha/package.use.mask +++ b/profiles/arch/alpha/package.use.mask @@ -1,6 +1,10 @@ # Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 +# Sam James <sam@gentoo.org> (2024-08-23) +# dev-util/bpftool and/or sys-devel/bpf-toolchain not keyworded here +sys-apps/systemd bpf + # Hans de Graaff <graaff@gentoo.org> (2024-08-16) # Requires large parts of dev-ruby/rails to be keyworded dev-ruby/minitest-hooks test diff --git a/profiles/arch/hppa/package.use.mask b/profiles/arch/hppa/package.use.mask index 1fa92e6e97c5..dc92c7939f40 100644 --- a/profiles/arch/hppa/package.use.mask +++ b/profiles/arch/hppa/package.use.mask @@ -4,6 +4,10 @@ # NOTE: When masking a USE flag due to missing keywords, please file a keyword # request bug for the hppa arch. +# Sam James <sam@gentoo.org> (2024-08-23) +# dev-util/bpftool and/or sys-devel/bpf-toolchain not keyworded here +sys-apps/systemd bpf + # Ulrich Müller <ulm@gentoo.org> (2024-08-03) # Needs dev-libs/openspecfun which is not yet keyworded sci-visualization/gnuplot amos diff --git a/profiles/arch/ia64/package.use.mask b/profiles/arch/ia64/package.use.mask index f8f57449b9be..b906a322f814 100644 --- a/profiles/arch/ia64/package.use.mask +++ b/profiles/arch/ia64/package.use.mask @@ -1,6 +1,10 @@ # Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 +# Sam James <sam@gentoo.org> (2024-08-23) +# dev-util/bpftool and/or sys-devel/bpf-toolchain not keyworded here +sys-apps/systemd bpf + # Matt Jolly <kangie@gentoo.org> (2024-08-14) # QUIC dependencies are not keyworded net-misc/curl http3 quic curl_quic_openssl curl_quic_ngtcp2 diff --git a/profiles/arch/loong/package.use.mask b/profiles/arch/loong/package.use.mask index d2440e46553b..72ce670abb80 100644 --- a/profiles/arch/loong/package.use.mask +++ b/profiles/arch/loong/package.use.mask @@ -1,6 +1,10 @@ # Copyright 2022-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 +# Sam James <sam@gentoo.org> (2024-08-23) +# dev-util/bpftool and/or sys-devel/bpf-toolchain not keyworded here +sys-apps/systemd bpf + # WANG Xuerui <xen0n@gentoo.org> (2024-08-22) # dev-lang/spidermonkey gained JIT support for loong since version 107, # but the nearest packaged version is 115. diff --git a/profiles/arch/s390/package.use.mask b/profiles/arch/s390/package.use.mask index 442b717d7b57..833ceeabf4a5 100644 --- a/profiles/arch/s390/package.use.mask +++ b/profiles/arch/s390/package.use.mask @@ -1,6 +1,10 @@ # Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 +# Sam James <sam@gentoo.org> (2024-08-23) +# dev-util/bpftool and/or sys-devel/bpf-toolchain not keyworded here +sys-apps/systemd bpf + # Matt Jolly <kangie@gentoo.org> (2024-08-14) # QUIC dependencies are not keyworded net-misc/curl http3 quic curl_quic_openssl curl_quic_ngtcp2 diff --git a/profiles/arch/sparc/package.use.mask b/profiles/arch/sparc/package.use.mask index e7032ba9fad8..da631e3b0a79 100644 --- a/profiles/arch/sparc/package.use.mask +++ b/profiles/arch/sparc/package.use.mask @@ -1,6 +1,10 @@ # Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 +# Sam James <sam@gentoo.org> (2024-08-23) +# dev-util/bpftool and/or sys-devel/bpf-toolchain not keyworded here +sys-apps/systemd bpf + # Ulrich Müller <ulm@gentoo.org> (2024-08-03) # Needs dev-libs/openspecfun which is not yet keyworded sci-visualization/gnuplot amos diff --git a/sys-apps/systemd/files/256-bpf-gcc.patch b/sys-apps/systemd/files/256-bpf-gcc.patch new file mode 100644 index 000000000000..0570695d397c --- /dev/null +++ b/sys-apps/systemd/files/256-bpf-gcc.patch @@ -0,0 +1,26 @@ +https://github.com/systemd/systemd/commit/dde6f1d7456db7aa72d24b1d6956b419b6f9945c + +From dde6f1d7456db7aa72d24b1d6956b419b6f9945c Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Sat, 24 Aug 2024 13:09:47 +0100 +Subject: [PATCH] meson: search for 'bpf-unknown-none' too + +We currently search for 'bpf-gcc' and 'bpf-none-gcc'. Gentoo's +sys-devel/bpf-toolchain package uses 'bpf-unknown-none-gcc', as does Fedora's +cross-binutils. Search for this name too. +--- + meson.build | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/meson.build b/meson.build +index 5e0b666c64b17..fbc2bbdf2f22f 100644 +--- a/meson.build ++++ b/meson.build +@@ -1109,6 +1109,7 @@ else + elif bpf_compiler == 'gcc' + bpf_gcc = find_program('bpf-gcc', + 'bpf-none-gcc', ++ 'bpf-unknown-none-gcc', + required : true, + version : '>= 13.1.0') + bpf_gcc_found = bpf_gcc.found() diff --git a/sys-apps/systemd/metadata.xml b/sys-apps/systemd/metadata.xml index c9b8604a3c68..fea934417f1d 100644 --- a/sys-apps/systemd/metadata.xml +++ b/sys-apps/systemd/metadata.xml @@ -11,6 +11,7 @@ <use> <flag name="audit">Enable support for <pkg>sys-process/audit</pkg></flag> <flag name="boot">Enable EFI boot manager and stub loader</flag> + <flag name="bpf">Enable BPF support for sandboxing and firewalling.</flag> <flag name="cgroup-hybrid">Default to hybrid (legacy) cgroup hierarchy instead of unified (modern).</flag> <flag name="curl">Enable support for uploading journals</flag> <flag name="cryptsetup">Enable cryptsetup tools (includes unit generator for crypttab)</flag> diff --git a/sys-apps/systemd/systemd-256.5.ebuild b/sys-apps/systemd/systemd-256.5.ebuild index 3b8464645eec..1c74d39e00f8 100644 --- a/sys-apps/systemd/systemd-256.5.ebuild +++ b/sys-apps/systemd/systemd-256.5.ebuild @@ -33,7 +33,7 @@ HOMEPAGE="https://systemd.io/" LICENSE="GPL-2 LGPL-2.1 MIT public-domain" SLOT="0/2" IUSE=" - acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils + acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd @@ -158,6 +158,10 @@ BDEPEND=" >=sys-apps/coreutils-8.16 sys-devel/gettext virtual/pkgconfig + bpf? ( + dev-util/bpftool + sys-devel/bpf-toolchain + ) test? ( app-text/tree dev-lang/perl @@ -223,6 +227,7 @@ pkg_pretend() { ~!SYSFS_DEPRECATED_V2" use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" + use bpf && CONFIG_CHECK+=" ~BPF ~BPF_SYSCALL ~BPF_LSM ~DEBUG_INFO_BTF" use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" if kernel_is -ge 5 10 20; then @@ -268,6 +273,7 @@ src_unpack() { src_prepare() { local PATCHES=( "${FILESDIR}/systemd-test-process-util.patch" + "${FILESDIR}/256-bpf-gcc.patch" ) if ! use vanilla; then @@ -311,6 +317,8 @@ multilib_src_configure() { $(meson_native_use_bool apparmor) $(meson_native_use_bool audit) $(meson_native_use_bool boot bootloader) + $(meson_native_use_bool bpf bpf-framework) + -Dbpf-compiler=gcc $(meson_native_use_bool cryptsetup libcryptsetup) $(meson_native_use_bool curl libcurl) $(meson_native_use_bool dns-over-tls dns-over-tls) diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild index 3b40a5319500..f11fdab115eb 100644 --- a/sys-apps/systemd/systemd-9999.ebuild +++ b/sys-apps/systemd/systemd-9999.ebuild @@ -33,7 +33,7 @@ HOMEPAGE="https://systemd.io/" LICENSE="GPL-2 LGPL-2.1 MIT public-domain" SLOT="0/2" IUSE=" - acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils + acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd @@ -158,6 +158,10 @@ BDEPEND=" >=sys-apps/coreutils-8.16 sys-devel/gettext virtual/pkgconfig + bpf? ( + dev-util/bpftool + sys-devel/bpf-toolchain + ) test? ( app-text/tree dev-lang/perl @@ -223,6 +227,7 @@ pkg_pretend() { ~!SYSFS_DEPRECATED_V2" use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" + use bpf && CONFIG_CHECK+=" ~BPF ~BPF_SYSCALL ~BPF_LSM ~DEBUG_INFO_BTF" use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" if kernel_is -ge 5 10 20; then @@ -311,6 +316,8 @@ multilib_src_configure() { $(meson_native_use_bool apparmor) $(meson_native_use_bool audit) $(meson_native_use_bool boot bootloader) + $(meson_native_use_bool bpf bpf-framework) + -Dbpf-compiler=gcc $(meson_native_use_bool cryptsetup libcryptsetup) $(meson_native_use_bool curl libcurl) $(meson_native_use_bool dns-over-tls dns-over-tls) |