+++ /dev/null
-From 4df8fe8415eaf4abd5b93c3447452547c6ea9e5f Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Thu, 14 Nov 2019 17:51:30 +0100
-Subject: [PATCH] seccomp: more comprehensive protection against libseccomp's
- __NR_xyz namespace invasion
-
-A follow-up for 59b657296a2fe104f112b91bbf9301724067cc81, adding the
-same conditioning for all cases of our __NR_xyz use.
-
-Fixes: #14031
----
- src/basic/missing_syscall.h | 10 +++++-----
- src/test/test-seccomp.c | 19 ++++++++++---------
- 2 files changed, 15 insertions(+), 14 deletions(-)
-
-diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h
-index 6d9b12544d..1255d8b197 100644
---- a/src/basic/missing_syscall.h
-+++ b/src/basic/missing_syscall.h
-@@ -274,7 +274,7 @@ static inline int missing_renameat2(int oldfd, const char *oldname, int newfd, c
-
- #if !HAVE_KCMP
- static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned long idx1, unsigned long idx2) {
--# ifdef __NR_kcmp
-+# if defined __NR_kcmp && __NR_kcmp > 0
- return syscall(__NR_kcmp, pid1, pid2, type, idx1, idx2);
- # else
- errno = ENOSYS;
-@@ -289,7 +289,7 @@ static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned long i
-
- #if !HAVE_KEYCTL
- static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) {
--# ifdef __NR_keyctl
-+# if defined __NR_keyctl && __NR_keyctl > 0
- return syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5);
- # else
- errno = ENOSYS;
-@@ -300,7 +300,7 @@ static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg
- }
-
- static inline key_serial_t missing_add_key(const char *type, const char *description, const void *payload, size_t plen, key_serial_t ringid) {
--# ifdef __NR_add_key
-+# if defined __NR_add_key && __NR_add_key > 0
- return syscall(__NR_add_key, type, description, payload, plen, ringid);
- # else
- errno = ENOSYS;
-@@ -311,7 +311,7 @@ static inline key_serial_t missing_add_key(const char *type, const char *descrip
- }
-
- static inline key_serial_t missing_request_key(const char *type, const char *description, const char * callout_info, key_serial_t destringid) {
--# ifdef __NR_request_key
-+# if defined __NR_request_key && __NR_request_key > 0
- return syscall(__NR_request_key, type, description, callout_info, destringid);
- # else
- errno = ENOSYS;
-@@ -496,7 +496,7 @@ enum {
- static inline long missing_set_mempolicy(int mode, const unsigned long *nodemask,
- unsigned long maxnode) {
- long i;
--# ifdef __NR_set_mempolicy
-+# if defined __NR_set_mempolicy && __NR_set_mempolicy > 0
- i = syscall(__NR_set_mempolicy, mode, nodemask, maxnode);
- # else
- errno = ENOSYS;
-diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
-index 018c20f8be..c6692043fe 100644
---- a/src/test/test-seccomp.c
-+++ b/src/test/test-seccomp.c
-@@ -28,7 +28,8 @@
- #include "tmpfile-util.h"
- #include "virt.h"
-
--#if SCMP_SYS(socket) < 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__)
-+/* __NR_socket may be invalid due to libseccomp */
-+#if !defined(__NR_socket) || __NR_socket <= 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__)
- /* On these archs, socket() is implemented via the socketcall() syscall multiplexer,
- * and we can't restrict it hence via seccomp. */
- # define SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN 1
-@@ -304,14 +305,14 @@ static void test_protect_sysctl(void) {
- assert_se(pid >= 0);
-
- if (pid == 0) {
--#if __NR__sysctl > 0
-+#if defined __NR__sysctl && __NR__sysctl > 0
- assert_se(syscall(__NR__sysctl, NULL) < 0);
- assert_se(errno == EFAULT);
- #endif
-
- assert_se(seccomp_protect_sysctl() >= 0);
-
--#if __NR__sysctl > 0
-+#if defined __NR__sysctl && __NR__sysctl > 0
- assert_se(syscall(__NR__sysctl, 0, 0, 0) < 0);
- assert_se(errno == EPERM);
- #endif
-@@ -640,7 +641,7 @@ static void test_load_syscall_filter_set_raw(void) {
- assert_se(poll(NULL, 0, 0) == 0);
-
- assert_se(s = hashmap_new(NULL));
--#if SCMP_SYS(access) >= 0
-+#if defined __NR_access && __NR_access > 0
- assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(-1)) >= 0);
- #else
- assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(-1)) >= 0);
-@@ -656,7 +657,7 @@ static void test_load_syscall_filter_set_raw(void) {
- s = hashmap_free(s);
-
- assert_se(s = hashmap_new(NULL));
--#if SCMP_SYS(access) >= 0
-+#if defined __NR_access && __NR_access > 0
- assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(EILSEQ)) >= 0);
- #else
- assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(EILSEQ)) >= 0);
-@@ -672,7 +673,7 @@ static void test_load_syscall_filter_set_raw(void) {
- s = hashmap_free(s);
-
- assert_se(s = hashmap_new(NULL));
--#if SCMP_SYS(poll) >= 0
-+#if defined __NR_poll && __NR_poll > 0
- assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(-1)) >= 0);
- #else
- assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(-1)) >= 0);
-@@ -689,7 +690,7 @@ static void test_load_syscall_filter_set_raw(void) {
- s = hashmap_free(s);
-
- assert_se(s = hashmap_new(NULL));
--#if SCMP_SYS(poll) >= 0
-+#if defined __NR_poll && __NR_poll > 0
- assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(EILSEQ)) >= 0);
- #else
- assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(EILSEQ)) >= 0);
-@@ -767,8 +768,8 @@ static int real_open(const char *path, int flags, mode_t mode) {
- * testing purposes that calls the real syscall, on architectures where SYS_open is defined. On
- * other architectures, let's just fall back to the glibc call. */
-
--#ifdef SYS_open
-- return (int) syscall(SYS_open, path, flags, mode);
-+#if defined __NR_open && __NR_open > 0
-+ return (int) syscall(__NR_open, path, flags, mode);
- #else
- return open(path, flags, mode);
- #endif
---
-2.24.0
-
+++ /dev/null
-# Copyright 2011-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-if [[ ${PV} == 9999 ]]; then
- EGIT_REPO_URI="https://github.com/systemd/systemd.git"
- inherit git-r3
-else
- MY_PV=${PV/_/-}
- MY_P=${PN}-${MY_PV}
- S=${WORKDIR}/${MY_P}
- SRC_URI="https://github.com/systemd/systemd/archive/v${MY_PV}/${MY_P}.tar.gz"
- KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 sparc x86"
-fi
-
-PYTHON_COMPAT=( python{3_6,3_7} )
-
-inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev usr-ldscript
-
-DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
-
-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
-SLOT="0/2"
-IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi http idn importd +kmod +lz4 lzma nat pam pcre policykit qrcode +resolvconf +seccomp selinux split-usr static-libs +sysv-utils test vanilla xkb"
-
-REQUIRED_USE="importd? ( curl gcrypt lzma )"
-RESTRICT="!test? ( test )"
-
-MINKV="3.11"
-
-COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
- sys-libs/libcap:0=[${MULTILIB_USEDEP}]
- acl? ( sys-apps/acl:0= )
- apparmor? ( sys-libs/libapparmor:0= )
- audit? ( >=sys-process/audit-2:0= )
- cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
- curl? ( net-misc/curl:0= )
- dns-over-tls? ( >=net-libs/gnutls-3.5.3:0= )
- elfutils? ( >=dev-libs/elfutils-0.158:0= )
- gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
- http? (
- >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)]
- >=net-libs/gnutls-3.1.4:0=
- )
- idn? ( net-dns/libidn2:= )
- importd? (
- app-arch/bzip2:0=
- sys-libs/zlib:0=
- )
- kmod? ( >=sys-apps/kmod-15:0= )
- lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
- lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
- nat? ( net-firewall/iptables:0= )
- pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )
- pcre? ( dev-libs/libpcre2 )
- qrcode? ( media-gfx/qrencode:0= )
- seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
- selinux? ( sys-libs/libselinux:0= )
- xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )"
-
-# Newer linux-headers needed by ia64, bug #480218
-DEPEND="${COMMON_DEPEND}
- >=sys-kernel/linux-headers-${MINKV}
- gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
-"
-
-# baselayout-2.2 has /run
-RDEPEND="${COMMON_DEPEND}
- acct-group/adm
- acct-group/wheel
- acct-group/kmem
- acct-group/tty
- acct-group/utmp
- acct-group/audio
- acct-group/cdrom
- acct-group/dialout
- acct-group/disk
- acct-group/input
- acct-group/kvm
- acct-group/render
- acct-group/tape
- acct-group/video
- acct-group/systemd-journal
- acct-user/systemd-journal-remote
- acct-user/systemd-coredump
- acct-user/systemd-network
- acct-user/systemd-resolve
- acct-user/systemd-timesync
- >=sys-apps/baselayout-2.2
- selinux? ( sec-policy/selinux-base-policy[systemd] )
- sysv-utils? ( !sys-apps/sysvinit )
- !sysv-utils? ( sys-apps/sysvinit )
- resolvconf? ( !net-dns/openresolv )
- !build? ( || (
- sys-apps/util-linux[kill(-)]
- sys-process/procps[kill(+)]
- sys-apps/coreutils[kill(-)]
- ) )
- !sys-auth/nss-myhostname
- !sys-fs/eudev
- !sys-fs/udev
-"
-
-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
- >=sys-apps/hwids-20150417[udev]
- >=sys-fs/udev-init-scripts-25
- policykit? ( sys-auth/polkit )
- !vanilla? ( sys-apps/gentoo-systemd-integration )"
-
-BDEPEND="
- app-arch/xz-utils:0
- dev-util/gperf
- >=dev-util/meson-0.46
- >=dev-util/intltool-0.50
- >=sys-apps/coreutils-8.16
- sys-devel/m4
- virtual/pkgconfig[${MULTILIB_USEDEP}]
- test? ( sys-apps/dbus )
- app-text/docbook-xml-dtd:4.2
- app-text/docbook-xml-dtd:4.5
- app-text/docbook-xsl-stylesheets
- dev-libs/libxslt:0
- $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
-"
-
-python_check_deps() {
- has_version -b "dev-python/lxml[${PYTHON_USEDEP}]"
-}
-
-pkg_pretend() {
- if [[ ${MERGE_TYPE} != buildonly ]]; then
- if use test && has pid-sandbox ${FEATURES}; then
- ewarn "Tests are known to fail with PID sandboxing enabled."
- ewarn "See https://bugs.gentoo.org/674458."
- fi
-
- local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
- ~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
- ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
- ~TIMERFD ~TMPFS_XATTR ~UNIX
- ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
- ~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
- ~!SYSFS_DEPRECATED_V2"
-
- use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
- use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
- kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
- kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
- kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
-
- if linux_config_exists; then
- local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
- if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
- ewarn "It's recommended to set an empty value to the following kernel config option:"
- ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
- fi
- if linux_chkconfig_present X86; then
- CONFIG_CHECK+=" ~DMIID"
- fi
- fi
-
- if kernel_is -lt ${MINKV//./ }; then
- ewarn "Kernel version at least ${MINKV} required"
- fi
-
- check_extra_config
- fi
-}
-
-pkg_setup() {
- :
-}
-
-src_unpack() {
- default
- [[ ${PV} != 9999 ]] || git-r3_src_unpack
-}
-
-src_prepare() {
- # Do NOT add patches here
- local PATCHES=()
-
- [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
- # Add local patches here
- PATCHES+=(
- "${FILESDIR}/243-seccomp.patch"
- "${FILESDIR}/245-clang-gnu11.patch"
- )
-
- if ! use vanilla; then
- PATCHES+=(
- "${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
- "${FILESDIR}/gentoo-systemd-user-pam.patch"
- "${FILESDIR}/gentoo-generator-path-r1.patch"
- )
- fi
-
- default
-}
-
-src_configure() {
- # Prevent conflicts with i686 cross toolchain, bug 559726
- tc-export AR CC NM OBJCOPY RANLIB
-
- python_setup
-
- multilib-minimal_src_configure
-}
-
-meson_use() {
- usex "$1" true false
-}
-
-meson_multilib() {
- if multilib_is_native_abi; then
- echo true
- else
- echo false
- fi
-}
-
-meson_multilib_native_use() {
- if multilib_is_native_abi && use "$1"; then
- echo true
- else
- echo false
- fi
-}
-
-multilib_src_configure() {
- local myconf=(
- --localstatedir="${EPREFIX}/var"
- -Dsupport-url="https://gentoo.org/support/"
- -Dpamlibdir="$(getpam_mod_dir)"
- # avoid bash-completion dep
- -Dbashcompletiondir="$(get_bashcompdir)"
- # make sure we get /bin:/sbin in PATH
- -Dsplit-usr=$(usex split-usr true false)
- -Dsplit-bin=true
- -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
- -Drootlibdir="${EPREFIX}/usr/$(get_libdir)"
- -Dsysvinit-path=
- -Dsysvrcnd-path=
- # Avoid infinite exec recursion, bug 642724
- -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
- # no deps
- -Defi=$(meson_multilib)
- -Dima=true
- -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
- # Optional components/dependencies
- -Dacl=$(meson_multilib_native_use acl)
- -Dapparmor=$(meson_multilib_native_use apparmor)
- -Daudit=$(meson_multilib_native_use audit)
- -Dlibcryptsetup=$(meson_multilib_native_use cryptsetup)
- -Dlibcurl=$(meson_multilib_native_use curl)
- -Ddns-over-tls=$(meson_multilib_native_use dns-over-tls)
- -Delfutils=$(meson_multilib_native_use elfutils)
- -Dgcrypt=$(meson_use gcrypt)
- -Dgnu-efi=$(meson_multilib_native_use gnuefi)
- -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)"
- -Dmicrohttpd=$(meson_multilib_native_use http)
- -Didn=$(meson_multilib_native_use idn)
- -Dimportd=$(meson_multilib_native_use importd)
- -Dbzip2=$(meson_multilib_native_use importd)
- -Dzlib=$(meson_multilib_native_use importd)
- -Dkmod=$(meson_multilib_native_use kmod)
- -Dlz4=$(meson_use lz4)
- -Dxz=$(meson_use lzma)
- -Dlibiptc=$(meson_multilib_native_use nat)
- -Dpam=$(meson_use pam)
- -Dpcre2=$(meson_multilib_native_use pcre)
- -Dpolkit=$(meson_multilib_native_use policykit)
- -Dqrencode=$(meson_multilib_native_use qrcode)
- -Dseccomp=$(meson_multilib_native_use seccomp)
- -Dselinux=$(meson_multilib_native_use selinux)
- -Ddbus=$(meson_multilib_native_use test)
- -Dxkbcommon=$(meson_multilib_native_use xkb)
- -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
- # Breaks screen, tmux, etc.
- -Ddefault-kill-user-processes=false
- -Dcreate-log-dirs=false
-
- # multilib options
- -Dbacklight=$(meson_multilib)
- -Dbinfmt=$(meson_multilib)
- -Dcoredump=$(meson_multilib)
- -Denvironment-d=$(meson_multilib)
- -Dfirstboot=$(meson_multilib)
- -Dhibernate=$(meson_multilib)
- -Dhostnamed=$(meson_multilib)
- -Dhwdb=$(meson_multilib)
- -Dldconfig=$(meson_multilib)
- -Dlocaled=$(meson_multilib)
- -Dman=$(meson_multilib)
- -Dnetworkd=$(meson_multilib)
- -Dquotacheck=$(meson_multilib)
- -Drandomseed=$(meson_multilib)
- -Drfkill=$(meson_multilib)
- -Dsysusers=$(meson_multilib)
- -Dtimedated=$(meson_multilib)
- -Dtimesyncd=$(meson_multilib)
- -Dtmpfiles=$(meson_multilib)
- -Dvconsole=$(meson_multilib)
-
- # static-libs
- -Dstatic-libsystemd=$(usex static-libs true false)
- -Dstatic-libudev=$(usex static-libs true false)
- )
-
- meson_src_configure "${myconf[@]}"
-}
-
-multilib_src_compile() {
- eninja
-}
-
-multilib_src_test() {
- unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
- meson_src_test
-}
-
-multilib_src_install() {
- DESTDIR="${D}" eninja install
-}
-
-multilib_src_install_all() {
- local rootprefix=$(usex split-usr '' /usr)
-
- # meson doesn't know about docdir
- mv "${ED}"/usr/share/doc/{systemd,${PF}} || die
-
- einstalldocs
- dodoc "${FILESDIR}"/nsswitch.conf
-
- if ! use resolvconf; then
- rm -f "${ED}${rootprefix}"/sbin/resolvconf || die
- fi
-
- if ! use sysv-utils; then
- rm "${ED}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
- rm "${ED}"/usr/share/man/man1/init.1 || die
- rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
- fi
-
- if ! use resolvconf && ! use sysv-utils; then
- rmdir "${ED}${rootprefix}"/sbin || die
- fi
-
- # Preserve empty dirs in /etc & /var, bug #437008
- keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
- keepdir /etc/kernel/install.d
- keepdir /etc/systemd/{network,system,user}
- keepdir /etc/udev/{hwdb.d,rules.d}
- keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}
- keepdir /usr/lib/{binfmt.d,modules-load.d}
- keepdir /usr/lib/systemd/user-generators
- keepdir /var/lib/systemd
- keepdir /var/log/journal
-
- # Symlink /etc/sysctl.conf for easy migration.
- dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
-
- rm -r "${ED}${rootprefix}"/lib/udev/hwdb.d || die
-
- if use split-usr; then
- # Avoid breaking boot/reboot
- dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
- dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
- fi
-
- gen_usr_ldscript -a systemd udev
-}
-
-migrate_locale() {
- local envd_locale_def="${EROOT}/etc/env.d/02locale"
- local envd_locale=( "${EROOT}"/etc/env.d/??locale )
- local locale_conf="${EROOT}/etc/locale.conf"
-
- if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
- # If locale.conf does not exist...
- if [[ -e ${envd_locale} ]]; then
- # ...either copy env.d/??locale if there's one
- ebegin "Moving ${envd_locale} to ${locale_conf}"
- mv "${envd_locale}" "${locale_conf}"
- eend ${?} || FAIL=1
- else
- # ...or create a dummy default
- ebegin "Creating ${locale_conf}"
- cat > "${locale_conf}" <<-EOF
- # This file has been created by the sys-apps/systemd ebuild.
- # See locale.conf(5) and localectl(1).
-
- # LANG=${LANG}
- EOF
- eend ${?} || FAIL=1
- fi
- fi
-
- if [[ ! -L ${envd_locale} ]]; then
- # now, if env.d/??locale is not a symlink (to locale.conf)...
- if [[ -e ${envd_locale} ]]; then
- # ...warn the user that he has duplicate locale settings
- ewarn
- ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
- ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
- ewarn "and create the symlink with the following command:"
- ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
- ewarn
- else
- # ...or just create the symlink if there's nothing here
- ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
- ln -n -s ../locale.conf "${envd_locale_def}"
- eend ${?} || FAIL=1
- fi
- fi
-}
-
-save_enabled_units() {
- ENABLED_UNITS=()
- type systemctl &>/dev/null || return
- for x; do
- if systemctl --quiet --root="${ROOT:-/}" is-enabled "${x}"; then
- ENABLED_UNITS+=( "${x}" )
- fi
- done
-}
-
-pkg_preinst() {
- save_enabled_units {machines,remote-{cryptsetup,fs}}.target getty@tty1.service
-
- if ! use split-usr; then
- local dir
- for dir in bin sbin lib; do
- if [[ ! ${EROOT}/${dir} -ef ${EROOT}/usr/${dir} ]]; then
- eerror "\"${EROOT}/${dir}\" and \"${EROOT}/usr/${dir}\" are not merged."
- eerror "One of them should be a symbolic link to the other one."
- FAIL=1
- fi
- done
- if [[ ${FAIL} ]]; then
- eerror "Migration to system layout with merged directories must be performed before"
- eerror "rebuilding ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."
- die "System layout with split directories still used"
- fi
- fi
-}
-
-pkg_postinst() {
- systemd_update_catalog
-
- # Keep this here in case the database format changes so it gets updated
- # when required. Despite that this file is owned by sys-apps/hwids.
- if has_version "sys-apps/hwids[udev]"; then
- udevadm hwdb --update --root="${EROOT}"
- fi
-
- udev_reload || FAIL=1
-
- # Bug 465468, make sure locales are respect, and ensure consistency
- # between OpenRC & systemd
- migrate_locale
-
- systemd_reenable systemd-networkd.service systemd-resolved.service
-
- if [[ ${ENABLED_UNITS[@]} ]]; then
- systemctl --root="${ROOT:-/}" enable "${ENABLED_UNITS[@]}"
- fi
-
- if [[ -z ${REPLACING_VERSIONS} ]]; then
- if type systemctl &>/dev/null; then
- systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1
- fi
- elog "To enable a useful set of services, run the following:"
- elog " systemctl preset-all --preset-mode=enable-only"
- fi
-
- if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then
- rm "${EROOT}/var/lib/systemd/timesync"
- fi
-
- if [[ -z ${ROOT} && -d /run/systemd/system ]]; then
- ebegin "Reexecuting system manager"
- systemctl daemon-reexec
- eend $?
- fi
-
- if [[ ${FAIL} ]]; then
- eerror "One of the postinst commands failed. Please check the postinst output"
- eerror "for errors. You may need to clean up your system and/or try installing"
- eerror "systemd again."
- eerror
- fi
-}
-
-pkg_prerm() {
- # If removing systemd completely, remove the catalog database.
- if [[ ! ${REPLACED_BY_VERSION} ]]; then
- rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
- fi
-}