-DIST systemd-stable-254.22.tar.gz 14667273 BLAKE2B d3bfbd34ef47b73e139c37dd3e961fdc17c969e38674d84976183ecad44030fce1db073da6faf522e9ab232ae65c8e70a8d9a1f15053c57269090d3a9f1756f7 SHA512 5cef3912e68060366d7a8030c13825ae872783dd55a8a3ab15aa5ff2c397b50df8fc6e08b9bd1fdc0d54f08f3f7765484a41af0646ded238512921e3d02b553d

-DIST systemd-stable-254.24.tar.gz 14718567 BLAKE2B a3389e671f78db398d627f39761cb44a7db9904f4ca987d00073495eb0f80980118459440ee6556d4278c28939bc93167ec8e56885d14eecd17635a2d1aec7da SHA512 f2f5f30c2fd0246ca359bbf04f06fbb49685d58c0d7d4fab6031f98ffebd552141f05ea33c22aeef11338a90ad12389ccb887d9d2d2542d5124b3efd51638343

-https://bugs.gentoo.org/920331

-https://github.com/systemd/systemd/issues/30535

-

-From 4a9e03aa6bb2cbd23dac00f2b2a7642cc79eaade Mon Sep 17 00:00:00 2001

-From: Daan De Meyer <[email protected]>

-Date: Wed, 27 Sep 2023 11:55:59 +0200

-Subject: [PATCH 1/2] core: Make private /dev read-only after populating it

-

----

- src/core/namespace.c | 5 +++++

- 1 file changed, 5 insertions(+)

-

-diff --git a/src/core/namespace.c b/src/core/namespace.c

-index e2304f5d066da..d1153f7690140 100644

---- a/src/core/namespace.c

-+++ b/src/core/namespace.c

-@@ -995,6 +995,11 @@ static int mount_private_dev(MountEntry *m) {

- if (r < 0)

- log_debug_errno(r, "Failed to set up basic device tree at '%s', ignoring: %m", temporary_mount);

-

-+ /* Make the bind mount read-only. */

-+ r = mount_nofollow_verbose(LOG_DEBUG, NULL, dev, NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL);

-+ if (r < 0)

-+ return r;

-+

- /* Create the /dev directory if missing. It is more likely to be missing when the service is started

- * with RootDirectory. This is consistent with mount units creating the mount points when missing. */

- (void) mkdir_p_label(mount_entry_path(m), 0755);

-

-From cd7f3702eb47c82a50bf74c2b7c15c2e4e1f5c79 Mon Sep 17 00:00:00 2001

-From: Daan De Meyer <[email protected]>

-Date: Wed, 27 Sep 2023 10:52:50 +0200

-Subject: [PATCH 2/2] core: Use a subdirectory of /run/ for PrivateDevices=

-

-When we're starting early boot services such as systemd-userdbd.service,

-/tmp might not yet be mounted, so let's use a directory in /run instead

-which is guaranteed to be available.

----

- src/core/execute.c | 1 +

- src/core/namespace.c | 61 +++++++++++++++++++++++++++++----------

- src/core/namespace.h | 2 ++

- src/test/test-namespace.c | 1 +

- src/test/test-ns.c | 1 +

- 5 files changed, 50 insertions(+), 16 deletions(-)

-

-diff --git a/src/core/execute.c b/src/core/execute.c

-index a52df64d01081..89c3868d55f6c 100644

---- a/src/core/execute.c

-+++ b/src/core/execute.c

-@@ -3307,6 +3307,7 @@ static int apply_mount_namespace(

- extension_dir,

- root_dir || root_image ? params->notify_socket : NULL,

- host_os_release_stage,

-+ params->runtime_scope,

- error_path);

-

- /* If we couldn't set up the namespace this is probably due to a missing capability. setup_namespace() reports

-diff --git a/src/core/namespace.c b/src/core/namespace.c

-index d1153f7690140..a0471ac8884bf 100644

---- a/src/core/namespace.c

-+++ b/src/core/namespace.c

-@@ -909,7 +909,19 @@ static int clone_device_node(

- return 0;

- }

-

--static int mount_private_dev(MountEntry *m) {

-+static char *settle_runtime_dir(RuntimeScope scope) {

-+ char *runtime_dir;

-+

-+ if (scope != RUNTIME_SCOPE_USER)

-+ return strdup("/run/");

-+

-+ if (asprintf(&runtime_dir, "/run/user/" UID_FMT, geteuid()) < 0)

-+ return NULL;

-+

-+ return runtime_dir;

-+}

-+

-+static int mount_private_dev(MountEntry *m, RuntimeScope scope) {

- static const char devnodes[] =

- "/dev/null\0"

- "/dev/zero\0"

-@@ -918,13 +930,21 @@ static int mount_private_dev(MountEntry *m) {

- "/dev/urandom\0"

- "/dev/tty\0";

-

-- char temporary_mount[] = "/tmp/namespace-dev-XXXXXX";

-+ _cleanup_free_ char *runtime_dir = NULL, *temporary_mount = NULL;

- const char *dev = NULL, *devpts = NULL, *devshm = NULL, *devhugepages = NULL, *devmqueue = NULL, *devlog = NULL, *devptmx = NULL;

- bool can_mknod = true;

- int r;

-

- assert(m);

-

-+ runtime_dir = settle_runtime_dir(scope);

-+ if (!runtime_dir)

-+ return log_oom_debug();

-+

-+ temporary_mount = path_join(runtime_dir, "systemd/namespace-dev-XXXXXX");

-+ if (!temporary_mount)

-+ return log_oom_debug();

-+

- if (!mkdtemp(temporary_mount))

- return log_debug_errno(errno, "Failed to create temporary directory '%s': %m", temporary_mount);

-

-@@ -1364,7 +1384,8 @@ static int apply_one_mount(

- MountEntry *m,

- const ImagePolicy *mount_image_policy,

- const ImagePolicy *extension_image_policy,

-- const NamespaceInfo *ns_info) {

-+ const NamespaceInfo *ns_info,

-+ RuntimeScope scope) {

-

- _cleanup_free_ char *inaccessible = NULL;

- bool rbind = true, make = false;

-@@ -1379,8 +1400,7 @@ static int apply_one_mount(

- switch (m->mode) {

-

- case INACCESSIBLE: {

-- _cleanup_free_ char *tmp = NULL;

-- const char *runtime_dir;

-+ _cleanup_free_ char *runtime_dir = NULL;

- struct stat target;

-

- /* First, get rid of everything that is below if there

-@@ -1396,14 +1416,14 @@ static int apply_one_mount(

- mount_entry_path(m));

- }

-

-- if (geteuid() == 0)

-- runtime_dir = "/run";

-- else {

-- if (asprintf(&tmp, "/run/user/" UID_FMT, geteuid()) < 0)

-- return -ENOMEM;

--

-- runtime_dir = tmp;

-- }

-+ /* We don't pass the literal runtime scope through here but one based purely on our UID. This

-+ * means that the root user's --user services will use the host's inaccessible inodes rather

-+ * then root's private ones. This is preferable since it means device nodes that are

-+ * overmounted to make them inaccessible will be overmounted with a device node, rather than

-+ * an AF_UNIX socket inode. */

-+ runtime_dir = settle_runtime_dir(geteuid() == 0 ? RUNTIME_SCOPE_SYSTEM : RUNTIME_SCOPE_USER);

-+ if (!runtime_dir)

-+ return log_oom_debug();

-

- r = mode_to_inaccessible_node(runtime_dir, target.st_mode, &inaccessible);

- if (r < 0)

-@@ -1523,7 +1543,7 @@ static int apply_one_mount(

- break;

-

- case PRIVATE_DEV:

-- return mount_private_dev(m);

-+ return mount_private_dev(m, scope);

-

- case BIND_DEV:

- return mount_bind_dev(m);

-@@ -1824,6 +1844,7 @@ static int apply_mounts(

- const NamespaceInfo *ns_info,

- MountEntry *mounts,

- size_t *n_mounts,

-+ RuntimeScope scope,

- char **symlinks,

- char **error_path) {

-

-@@ -1875,7 +1896,7 @@ static int apply_mounts(

- break;

- }

-

-- r = apply_one_mount(root, m, mount_image_policy, extension_image_policy, ns_info);

-+ r = apply_one_mount(root, m, mount_image_policy, extension_image_policy, ns_info, scope);

- if (r < 0) {

- if (error_path && mount_entry_path(m))

- *error_path = strdup(mount_entry_path(m));

-@@ -2030,6 +2051,7 @@ int setup_namespace(

- const char *extension_dir,

- const char *notify_socket,

- const char *host_os_release_stage,

-+ RuntimeScope scope,

- char **error_path) {

-

- _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;

-@@ -2490,7 +2512,14 @@ int setup_namespace(

- (void) base_filesystem_create(root, UID_INVALID, GID_INVALID);

-

- /* Now make the magic happen */

-- r = apply_mounts(root, mount_image_policy, extension_image_policy, ns_info, mounts, &n_mounts, symlinks, error_path);

-+ r = apply_mounts(root,

-+ mount_image_policy,

-+ extension_image_policy,

-+ ns_info,

-+ mounts, &n_mounts,

-+ scope,

-+ symlinks,

-+ error_path);

- if (r < 0)

- goto finish;

-

-diff --git a/src/core/namespace.h b/src/core/namespace.h

-index b6132154c5132..581403d89826d 100644

---- a/src/core/namespace.h

-+++ b/src/core/namespace.h

-@@ -16,6 +16,7 @@ typedef struct MountImage MountImage;

- #include "fs-util.h"

- #include "macro.h"

- #include "namespace-util.h"

-+#include "runtime-scope.h"

- #include "string-util.h"

-

- typedef enum ProtectHome {

-@@ -134,6 +135,7 @@ int setup_namespace(

- const char *extension_dir,

- const char *notify_socket,

- const char *host_os_release_stage,

-+ RuntimeScope scope,

- char **error_path);

-

- #define RUN_SYSTEMD_EMPTY "/run/systemd/empty"

-diff --git a/src/test/test-namespace.c b/src/test/test-namespace.c

-index 25aafc35ca837..42ac65d08c87a 100644

---- a/src/test/test-namespace.c

-+++ b/src/test/test-namespace.c

-@@ -206,6 +206,7 @@ TEST(protect_kernel_logs) {

- NULL,

- NULL,

- NULL,

-+ RUNTIME_SCOPE_SYSTEM,

- NULL);

- assert_se(r == 0);

-

-diff --git a/src/test/test-ns.c b/src/test/test-ns.c

-index 77afd2f6b9eb8..eb3afed9e1c66 100644

---- a/src/test/test-ns.c

-+++ b/src/test/test-ns.c

-@@ -108,6 +108,7 @@ int main(int argc, char *argv[]) {

- NULL,

- NULL,

- NULL,

-+ RUNTIME_SCOPE_SYSTEM,

- NULL);

- if (r < 0) {

- log_error_errno(r, "Failed to set up namespace: %m");

-https://bugs.gentoo.org/896364

-

-Workaround for bug in sys-kernel/dracut.

-

-From 6b25470ee28843a49c50442e9d8a98edc842ceca Mon Sep 17 00:00:00 2001

-From: Yu Watanabe <[email protected]>

-Date: Mon, 20 Feb 2023 12:00:30 +0900

-Subject: [PATCH] core/manager: run generators directly when we are in initrd

-

-Some initrd system write files at ourside of /run, /etc, or other

-allowed places. This is a kind of workaround, but in most cases, such

-sandboxing is not necessary as the filesystem is on ramfs when we are in

-initrd.

-

-Fixes #26488.

----

- src/core/manager.c | 4 ++--

- 1 file changed, 2 insertions(+), 2 deletions(-)

-

-diff --git a/src/core/manager.c b/src/core/manager.c

-index 7b394794b0d4..306477c6e6c2 100644

---- a/src/core/manager.c

-+++ b/src/core/manager.c

-@@ -3822,8 +3822,8 @@ static int manager_run_generators(Manager *m) {

- /* If we are the system manager, we fork and invoke the generators in a sanitized mount namespace. If

- * we are the user manager, let's just execute the generators directly. We might not have the

- * necessary privileges, and the system manager has already mounted /tmp/ and everything else for us.

-- */

-- if (MANAGER_IS_USER(m)) {

-+ * If we are in initrd, let's also execute the generators directly, as we are in ramfs. */

-+ if (MANAGER_IS_USER(m) || in_initrd()) {

- r = manager_execute_generators(m, paths, /* remount_ro= */ false);

- goto finish;

- }

-# Copyright 2011-2025 Gentoo Authors

-# Distributed under the terms of the GNU General Public License v2

-

-EAPI=8

-PYTHON_COMPAT=( python3_{10..13} )

-

-# Avoid QA warnings

-TMPFILES_OPTIONAL=1

-UDEV_OPTIONAL=1

-

-QA_PKGCONFIG_VERSION=$(ver_cut 1)

-

-if [[ ${PV} == 9999 ]]; then

- EGIT_REPO_URI="https://github.com/systemd/systemd.git"

- inherit git-r3

-else

- if [[ ${PV} == *.* ]]; then

- MY_PN=systemd-stable

- else

- MY_PN=systemd

- fi

- MY_PV=${PV/_/-}

- MY_P=${MY_PN}-${MY_PV}

- S=${WORKDIR}/${MY_P}

- SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"

- KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"

-fi

-

-inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1

-inherit secureboot systemd toolchain-funcs udev usr-ldscript

-

-DESCRIPTION="System and service manager for Linux"

-HOMEPAGE="http://systemd.io/"

-

-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"

-SLOT="0/2"

-IUSE="

- acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils

- fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod

- +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode

- +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd

-"

-REQUIRED_USE="

- ${PYTHON_REQUIRED_USE}

- dns-over-tls? ( || ( gnutls openssl ) )

- fido2? ( cryptsetup openssl )

- homed? ( cryptsetup pam openssl )

- importd? ( curl lzma || ( gcrypt openssl ) )

- pwquality? ( homed )

- boot? ( kernel-install )

- ukify? ( boot )

-"

-RESTRICT="!test? ( test )"

-

-MINKV="4.15"

-

-COMMON_DEPEND="

- >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]

- sys-libs/libcap:0=[${MULTILIB_USEDEP}]

- virtual/libcrypt:=[${MULTILIB_USEDEP}]

- acl? ( sys-apps/acl:0= )

- apparmor? ( sys-libs/libapparmor:0= )

- audit? ( >=sys-process/audit-2:0= )

- cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )

- curl? ( net-misc/curl:0= )

- elfutils? ( >=dev-libs/elfutils-0.158:0= )

- fido2? ( dev-libs/libfido2:0= )

- gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )

- gnutls? ( >=net-libs/gnutls-3.6.0:0= )

- http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )

- idn? ( net-dns/libidn2:= )

- importd? (

- app-arch/bzip2:0=

- sys-libs/zlib:0=

- )

- kmod? ( >=sys-apps/kmod-15:0= )

- lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )

- lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )

- iptables? ( net-firewall/iptables:0= )

- openssl? ( >=dev-libs/openssl-1.1.0:0= )

- pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )

- pkcs11? ( app-crypt/p11-kit:0= )

- pcre? ( dev-libs/libpcre2 )

- pwquality? ( dev-libs/libpwquality:0= )

- qrcode? ( media-gfx/qrencode:0= )

- seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )

- selinux? ( sys-libs/libselinux:0= )

- tpm? ( app-crypt/tpm2-tss:0= )

- xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )

- zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )

-"

-

-# Newer linux-headers needed by ia64, bug #480218

-DEPEND="${COMMON_DEPEND}

- >=sys-kernel/linux-headers-${MINKV}

-"

-

-PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'

-

-# baselayout-2.2 has /run

-RDEPEND="${COMMON_DEPEND}

- >=acct-group/adm-0-r1

- >=acct-group/wheel-0-r1

- >=acct-group/kmem-0-r1

- >=acct-group/tty-0-r1

- >=acct-group/utmp-0-r1

- >=acct-group/audio-0-r1

- >=acct-group/cdrom-0-r1

- >=acct-group/dialout-0-r1

- >=acct-group/disk-0-r1

- >=acct-group/input-0-r1

- >=acct-group/kvm-0-r1

- >=acct-group/lp-0-r1

- >=acct-group/render-0-r1

- acct-group/sgx

- >=acct-group/tape-0-r1

- acct-group/users

- >=acct-group/video-0-r1

- >=acct-group/systemd-journal-0-r1

- >=acct-user/root-0-r1

- acct-user/nobody

- >=acct-user/systemd-journal-remote-0-r1

- >=acct-user/systemd-coredump-0-r1

- >=acct-user/systemd-network-0-r1

- acct-user/systemd-oom

- >=acct-user/systemd-resolve-0-r1

- >=acct-user/systemd-timesync-0-r1

- >=sys-apps/baselayout-2.2

- ukify? (

- ${PYTHON_DEPS}

- $(python_gen_cond_dep "${PEFILE_DEPEND}")

- )

- selinux? (

- sec-policy/selinux-base-policy[systemd]

- sec-policy/selinux-ntp

- )

- sysv-utils? (

- !sys-apps/openrc[sysv-utils(-)]

- !sys-apps/sysvinit

- )

- !sysv-utils? ( sys-apps/sysvinit )

- resolvconf? ( !net-dns/openresolv )

- !sys-auth/nss-myhostname

- !sys-fs/eudev

- !sys-fs/udev

-"

-

-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)

-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]

- >=sys-fs/udev-init-scripts-34

- policykit? ( sys-auth/polkit )

- !vanilla? ( sys-apps/gentoo-systemd-integration )"

-

-BDEPEND="

- app-arch/xz-utils:0

- dev-util/gperf

- >=dev-build/meson-0.46

- >=sys-apps/coreutils-8.16

- sys-devel/gettext

- virtual/pkgconfig

- test? (

- app-text/tree

- dev-lang/perl

- sys-apps/dbus

- )

- app-text/docbook-xml-dtd:4.2

- app-text/docbook-xml-dtd:4.5

- app-text/docbook-xsl-stylesheets

- dev-libs/libxslt:0

- ${PYTHON_DEPS}

- $(python_gen_cond_dep "

- dev-python/jinja2[\${PYTHON_USEDEP}]

- dev-python/lxml[\${PYTHON_USEDEP}]

- boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] )

- ukify? ( test? ( ${PEFILE_DEPEND} ) )

- ")

-"

-

-QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"

-QA_EXECSTACK="usr/lib/systemd/boot/efi/*"

-

-pkg_pretend() {

- if [[ ${MERGE_TYPE} != buildonly ]]; then

- local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS

- ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE

- ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS

- ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS

- ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH

- ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED

- ~!SYSFS_DEPRECATED_V2"

-

- use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"

- use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"

-

- if kernel_is -ge 5 10 20; then

- CONFIG_CHECK+=" ~KCMP"

- else

- CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"

- fi

-

- if kernel_is -ge 4 18; then

- CONFIG_CHECK+=" ~AUTOFS_FS"

- else

- CONFIG_CHECK+=" ~AUTOFS4_FS"

- fi

-

- if linux_config_exists; then

- local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)

- if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then

- ewarn "It's recommended to set an empty value to the following kernel config option:"

- ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"

- fi

- if linux_chkconfig_present X86; then

- CONFIG_CHECK+=" ~DMIID"

- fi

- fi

-

- if kernel_is -lt ${MINKV//./ }; then

- ewarn "Kernel version at least ${MINKV} required"

- fi

-

- check_extra_config

- fi

-}

-

-pkg_setup() {

- use boot && secureboot_pkg_setup

-}

-

-src_unpack() {

- default

- [[ ${PV} != 9999 ]] || git-r3_src_unpack

-}

-

-src_prepare() {

- local PATCHES=(

- "${FILESDIR}/systemd-test-process-util.patch"

- "${FILESDIR}/systemd-253-initrd-generators.patch"

- "${FILESDIR}/254-PrivateDevices-userdbd.patch"

- )

-

- if ! use vanilla; then

- PATCHES+=(

- "${FILESDIR}/gentoo-generator-path-r2.patch"

- "${FILESDIR}/gentoo-journald-audit-r1.patch"

- )

- fi

-

- # Fails with split-usr.

- sed -i -e '2i exit 77' test/test-rpm-macros.sh || die

-

- default

-}

-

-src_configure() {

- # Prevent conflicts with i686 cross toolchain, bug 559726

- tc-export AR CC NM OBJCOPY RANLIB

-

- python_setup

-

- multilib-minimal_src_configure

-}

-

-multilib_src_configure() {

- local myconf=(

- --localstatedir="${EPREFIX}/var"

- -Dsupport-url="https://gentoo.org/support/"

- -Dpamlibdir="$(getpam_mod_dir)"

- # avoid bash-completion dep

- -Dbashcompletiondir="$(get_bashcompdir)"

- $(meson_use split-usr)

- $(meson_use split-usr split-bin)

- -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"

- -Drootlibdir="${EPREFIX}/usr/$(get_libdir)"

- # Disable compatibility with sysvinit

- -Dsysvinit-path=

- -Dsysvrcnd-path=

- # Avoid infinite exec recursion, bug 642724

- -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"

- # no deps

- -Dima=true

- -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)

- # Optional components/dependencies

- $(meson_native_use_bool acl)

- $(meson_native_use_bool apparmor)

- $(meson_native_use_bool audit)

- $(meson_native_use_bool boot bootloader)

- $(meson_native_use_bool cryptsetup libcryptsetup)

- $(meson_native_use_bool curl libcurl)

- $(meson_native_use_bool dns-over-tls dns-over-tls)

- $(meson_native_use_bool elfutils)

- $(meson_native_use_bool fido2 libfido2)

- $(meson_use gcrypt)

- $(meson_native_use_bool gnutls)

- $(meson_native_use_bool homed)

- $(meson_native_use_bool http microhttpd)

- $(meson_native_use_bool idn)

- $(meson_native_use_bool importd)

- $(meson_native_use_bool importd bzip2)

- $(meson_native_use_bool importd zlib)

- $(meson_native_use_bool kernel-install)

- $(meson_native_use_bool kmod)

- $(meson_use lz4)

- $(meson_use lzma xz)

- $(meson_use test tests)

- $(meson_use zstd)

- $(meson_native_use_bool iptables libiptc)

- $(meson_native_use_bool openssl)

- $(meson_use pam)

- $(meson_native_use_bool pkcs11 p11kit)

- $(meson_native_use_bool pcre pcre2)

- $(meson_native_use_bool policykit polkit)

- $(meson_native_use_bool pwquality)

- $(meson_native_use_bool qrcode qrencode)

- $(meson_native_use_bool seccomp)

- $(meson_native_use_bool selinux)

- $(meson_native_use_bool tpm tpm2)

- $(meson_native_use_bool test dbus)

- $(meson_native_use_bool ukify)

- $(meson_native_use_bool xkb xkbcommon)

- -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"

- # Breaks screen, tmux, etc.

- -Ddefault-kill-user-processes=false

- -Dcreate-log-dirs=false

-

- # multilib options

- $(meson_native_true backlight)

- $(meson_native_true binfmt)

- $(meson_native_true coredump)

- $(meson_native_true environment-d)

- $(meson_native_true firstboot)

- $(meson_native_true hibernate)

- $(meson_native_true hostnamed)

- $(meson_native_true ldconfig)

- $(meson_native_true localed)

- $(meson_native_true man)

- $(meson_native_true networkd)

- $(meson_native_true quotacheck)

- $(meson_native_true randomseed)

- $(meson_native_true rfkill)

- $(meson_native_true sysusers)

- $(meson_native_true timedated)

- $(meson_native_true timesyncd)

- $(meson_native_true tmpfiles)

- $(meson_native_true vconsole)

- )

-

- meson_src_configure "${myconf[@]}"

-}

-

-multilib_src_test() {

- unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR

- local -x COLUMNS=80

- meson_src_test --timeout-multiplier=10

-}

-

-multilib_src_install_all() {

- local rootprefix=$(usex split-usr '' /usr)

- local sbin=$(usex split-usr sbin bin)

-

- # meson doesn't know about docdir

- mv "${ED}"/usr/share/doc/{systemd,${PF}} || die

-

- einstalldocs

- dodoc "${FILESDIR}"/nsswitch.conf

-

- insinto /usr/lib/tmpfiles.d

- doins "${FILESDIR}"/legacy.conf

-

- if ! use resolvconf; then

- rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die

- fi

-

- if ! use sysv-utils; then

- rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die

- rm "${ED}"/usr/share/man/man1/init.1 || die

- rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die

- fi

-

- # https://bugs.gentoo.org/761763

- rm -r "${ED}"/usr/lib/sysusers.d || die

-

- # Preserve empty dirs in /etc & /var, bug #437008

- keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}

- keepdir /etc/kernel/install.d

- keepdir /etc/systemd/{network,system,user}

- keepdir /etc/udev/rules.d

-

- keepdir /etc/udev/hwdb.d

-

- keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}

- keepdir /usr/lib/{binfmt.d,modules-load.d}

- keepdir /usr/lib/systemd/user-generators

- keepdir /var/lib/systemd

- keepdir /var/log/journal

-

- if use pam; then

- if use selinux; then

- newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user

- else

- newpamd "${FILESDIR}"/systemd-user.pam systemd-user

- fi

- fi

-

- if use split-usr; then

- # Avoid breaking boot/reboot

- dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd

- dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown

- fi

-

- gen_usr_ldscript -a systemd udev

-

- if use kernel-install; then

- # Dummy config, remove to make room for sys-kernel/installkernel

- rm "${ED}/usr/lib/kernel/install.conf" || die

- fi

-

- use ukify && python_fix_shebang "${ED}"

- use boot && secureboot_auto_sign

-}

-

-migrate_locale() {

- local envd_locale_def="${EROOT}/etc/env.d/02locale"

- local envd_locale=( "${EROOT}"/etc/env.d/??locale )

- local locale_conf="${EROOT}/etc/locale.conf"

-

- if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then

- # If locale.conf does not exist...

- if [[ -e ${envd_locale} ]]; then

- # ...either copy env.d/??locale if there's one

- ebegin "Moving ${envd_locale} to ${locale_conf}"

- mv "${envd_locale}" "${locale_conf}"

- eend ${?} || FAIL=1

- else

- # ...or create a dummy default

- ebegin "Creating ${locale_conf}"

- cat > "${locale_conf}" <<-EOF

- # This file has been created by the sys-apps/systemd ebuild.

- # See locale.conf(5) and localectl(1).

-

- # LANG=${LANG}

- EOF

- eend ${?} || FAIL=1

- fi

- fi

-

- if [[ ! -L ${envd_locale} ]]; then

- # now, if env.d/??locale is not a symlink (to locale.conf)...

- if [[ -e ${envd_locale} ]]; then

- # ...warn the user that he has duplicate locale settings

- ewarn

- ewarn "To ensure consistent behavior, you should replace ${envd_locale}"

- ewarn "with a symlink to ${locale_conf}. Please migrate your settings"

- ewarn "and create the symlink with the following command:"

- ewarn "ln -s -n -f ../locale.conf ${envd_locale}"

- ewarn

- else

- # ...or just create the symlink if there's nothing here

- ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"

- ln -n -s ../locale.conf "${envd_locale_def}"

- eend ${?} || FAIL=1

- fi

- fi

-}

-

-pkg_preinst() {

- if [[ -e ${EROOT}/etc/sysctl.conf ]]; then

- # Symlink /etc/sysctl.conf for easy migration.

- dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf

- fi

-

- if ! use split-usr; then

- local dir

- for dir in bin sbin lib usr/sbin; do

- if [[ ! -L ${EROOT}/${dir} ]]; then

- eerror "'${EROOT}/${dir}' is not a symbolic link."

- FAIL=1

- fi

- done

- if [[ ${FAIL} ]]; then

- eerror "Migration to system layout with merged directories must be performed before"

- eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."

- die "System layout with split directories still used"

- fi

- fi

- if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then

- ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."

- ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."

- fi

-}

-

-pkg_postinst() {

- systemd_update_catalog

-

- # Keep this here in case the database format changes so it gets updated

- # when required.

- systemd-hwdb --root="${ROOT}" update

-

- udev_reload || FAIL=1

-

- # Bug 465468, make sure locales are respected, and ensure consistency

- # between OpenRC & systemd

- migrate_locale

-

- if [[ -z ${REPLACING_VERSIONS} ]]; then

- if type systemctl &>/dev/null; then

- systemctl --root="${ROOT:-/}" enable [email protected] remote-fs.target || FAIL=1

- fi

- elog "To enable a useful set of services, run the following:"

- elog " systemctl preset-all --preset-mode=enable-only"

- fi

-

- if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then

- rm "${EROOT}/var/lib/systemd/timesync"

- fi

-

- if [[ ${FAIL} ]]; then

- eerror "One of the postinst commands failed. Please check the postinst output"

- eerror "for errors. You may need to clean up your system and/or try installing"

- eerror "systemd again."

- eerror

- fi

-

- if use boot; then

- optfeature "installing kernels in systemd-boot's native layout and update loader entries" \

- "sys-kernel/installkernel[systemd-boot]"

- fi

- if use ukify; then

- optfeature "generating unified kernel image on each kernel installation" \

- "sys-kernel/installkernel[ukify]"

- fi

-}

-

-pkg_prerm() {

- # If removing systemd completely, remove the catalog database.

- if [[ ! ${REPLACED_BY_VERSION} ]]; then

- rm -f -v "${EROOT}"/var/lib/systemd/catalog/database

- fi

-}

-# Copyright 2011-2025 Gentoo Authors

-# Distributed under the terms of the GNU General Public License v2

-

-EAPI=8

-PYTHON_COMPAT=( python3_{10..13} )

-

-# Avoid QA warnings

-TMPFILES_OPTIONAL=1

-UDEV_OPTIONAL=1

-

-QA_PKGCONFIG_VERSION=$(ver_cut 1)

-

-if [[ ${PV} == 9999 ]]; then

- EGIT_REPO_URI="https://github.com/systemd/systemd.git"

- inherit git-r3

-else

- if [[ ${PV} == *.* ]]; then

- MY_PN=systemd-stable

- else

- MY_PN=systemd

- fi

- MY_PV=${PV/_/-}

- MY_P=${MY_PN}-${MY_PV}

- S=${WORKDIR}/${MY_P}

- SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"

- KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86"

-fi

-

-inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-single-r1

-inherit secureboot systemd toolchain-funcs udev usr-ldscript

-

-DESCRIPTION="System and service manager for Linux"

-HOMEPAGE="http://systemd.io/"

-

-LICENSE="GPL-2 LGPL-2.1 MIT public-domain"

-SLOT="0/2"

-IUSE="

- acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils

- fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod

- +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode

- +resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd

-"

-REQUIRED_USE="

- ${PYTHON_REQUIRED_USE}

- dns-over-tls? ( || ( gnutls openssl ) )

- fido2? ( cryptsetup openssl )

- homed? ( cryptsetup pam openssl )

- importd? ( curl lzma || ( gcrypt openssl ) )

- pwquality? ( homed )

- boot? ( kernel-install )

- ukify? ( boot )

-"

-RESTRICT="!test? ( test )"

-

-MINKV="4.15"

-

-COMMON_DEPEND="

- >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]

- sys-libs/libcap:0=[${MULTILIB_USEDEP}]

- virtual/libcrypt:=[${MULTILIB_USEDEP}]

- acl? ( sys-apps/acl:0= )

- apparmor? ( sys-libs/libapparmor:0= )

- audit? ( >=sys-process/audit-2:0= )

- cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )

- curl? ( net-misc/curl:0= )

- elfutils? ( >=dev-libs/elfutils-0.158:0= )

- fido2? ( dev-libs/libfido2:0= )

- gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )

- gnutls? ( >=net-libs/gnutls-3.6.0:0= )

- http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] )

- idn? ( net-dns/libidn2:= )

- importd? (

- app-arch/bzip2:0=

- sys-libs/zlib:0=

- )

- kmod? ( >=sys-apps/kmod-15:0= )

- lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )

- lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )

- iptables? ( net-firewall/iptables:0= )

- openssl? ( >=dev-libs/openssl-1.1.0:0= )

- pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] )

- pkcs11? ( app-crypt/p11-kit:0= )

- pcre? ( dev-libs/libpcre2 )

- pwquality? ( dev-libs/libpwquality:0= )

- qrcode? ( media-gfx/qrencode:0= )

- seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )

- selinux? ( sys-libs/libselinux:0= )

- tpm? ( app-crypt/tpm2-tss:0= )

- xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )

- zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] )

-"

-

-# Newer linux-headers needed by ia64, bug #480218

-DEPEND="${COMMON_DEPEND}

- >=sys-kernel/linux-headers-${MINKV}

-"

-

-PEFILE_DEPEND='dev-python/pefile[${PYTHON_USEDEP}]'

-

-# baselayout-2.2 has /run

-RDEPEND="${COMMON_DEPEND}

- >=acct-group/adm-0-r1

- >=acct-group/wheel-0-r1

- >=acct-group/kmem-0-r1

- >=acct-group/tty-0-r1

- >=acct-group/utmp-0-r1

- >=acct-group/audio-0-r1

- >=acct-group/cdrom-0-r1

- >=acct-group/dialout-0-r1

- >=acct-group/disk-0-r1

- >=acct-group/input-0-r1

- >=acct-group/kvm-0-r1

- >=acct-group/lp-0-r1

- >=acct-group/render-0-r1

- acct-group/sgx

- >=acct-group/tape-0-r1

- acct-group/users

- >=acct-group/video-0-r1

- >=acct-group/systemd-journal-0-r1

- >=acct-user/root-0-r1

- acct-user/nobody

- >=acct-user/systemd-journal-remote-0-r1

- >=acct-user/systemd-coredump-0-r1

- >=acct-user/systemd-network-0-r1

- acct-user/systemd-oom

- >=acct-user/systemd-resolve-0-r1

- >=acct-user/systemd-timesync-0-r1

- >=sys-apps/baselayout-2.2

- ukify? (

- ${PYTHON_DEPS}

- $(python_gen_cond_dep "${PEFILE_DEPEND}")

- )

- selinux? (

- sec-policy/selinux-base-policy[systemd]

- sec-policy/selinux-ntp

- )

- sysv-utils? (

- !sys-apps/openrc[sysv-utils(-)]

- !sys-apps/sysvinit

- )

- !sysv-utils? ( sys-apps/sysvinit )

- resolvconf? ( !net-dns/openresolv )

- !sys-auth/nss-myhostname

- !sys-fs/eudev

- !sys-fs/udev

-"

-

-# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)

-PDEPEND=">=sys-apps/dbus-1.9.8[systemd]

- >=sys-fs/udev-init-scripts-34

- policykit? ( sys-auth/polkit )

- !vanilla? ( sys-apps/gentoo-systemd-integration )"

-

-BDEPEND="

- app-arch/xz-utils:0

- dev-util/gperf

- >=dev-build/meson-0.46

- >=sys-apps/coreutils-8.16

- sys-devel/gettext

- virtual/pkgconfig

- test? (

- app-text/tree

- dev-lang/perl

- sys-apps/dbus

- )

- app-text/docbook-xml-dtd:4.2

- app-text/docbook-xml-dtd:4.5

- app-text/docbook-xsl-stylesheets

- dev-libs/libxslt:0

- ${PYTHON_DEPS}

- $(python_gen_cond_dep "

- dev-python/jinja2[\${PYTHON_USEDEP}]

- dev-python/lxml[\${PYTHON_USEDEP}]

- boot? ( >=dev-python/pyelftools-0.30[\${PYTHON_USEDEP}] )

- ukify? ( test? ( ${PEFILE_DEPEND} ) )

- ")

-"

-

-QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*"

-QA_EXECSTACK="usr/lib/systemd/boot/efi/*"

-

-pkg_pretend() {

- if [[ ${MERGE_TYPE} != buildonly ]]; then

- local CONFIG_CHECK="~BLK_DEV_BSG ~CGROUPS

- ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE

- ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS

- ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS

- ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH

- ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED

- ~!SYSFS_DEPRECATED_V2"

-

- use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"

- use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"

-

- if kernel_is -ge 5 10 20; then

- CONFIG_CHECK+=" ~KCMP"

- else

- CONFIG_CHECK+=" ~CHECKPOINT_RESTORE"

- fi

-

- if kernel_is -ge 4 18; then

- CONFIG_CHECK+=" ~AUTOFS_FS"

- else

- CONFIG_CHECK+=" ~AUTOFS4_FS"

- fi

-

- if linux_config_exists; then

- local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)

- if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then

- ewarn "It's recommended to set an empty value to the following kernel config option:"

- ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"

- fi

- if linux_chkconfig_present X86; then

- CONFIG_CHECK+=" ~DMIID"

- fi

- fi

-

- if kernel_is -lt ${MINKV//./ }; then

- ewarn "Kernel version at least ${MINKV} required"

- fi

-

- check_extra_config

- fi

-}

-

-pkg_setup() {

- use boot && secureboot_pkg_setup

-}

-

-src_unpack() {

- default

- [[ ${PV} != 9999 ]] || git-r3_src_unpack

-}

-

-src_prepare() {

- local PATCHES=(

- "${FILESDIR}/systemd-test-process-util.patch"

- "${FILESDIR}/systemd-253-initrd-generators.patch"

- "${FILESDIR}/254-PrivateDevices-userdbd.patch"

- )

-

- if ! use vanilla; then

- PATCHES+=(

- "${FILESDIR}/gentoo-generator-path-r2.patch"

- "${FILESDIR}/gentoo-journald-audit-r1.patch"

- )

- fi

-

- # Fails with split-usr.

- sed -i -e '2i exit 77' test/test-rpm-macros.sh || die

-

- default

-}

-

-src_configure() {

- # Prevent conflicts with i686 cross toolchain, bug 559726

- tc-export AR CC NM OBJCOPY RANLIB

-

- python_setup

-

- multilib-minimal_src_configure

-}

-

-multilib_src_configure() {

- local myconf=(

- --localstatedir="${EPREFIX}/var"

- -Dsupport-url="https://gentoo.org/support/"

- -Dpamlibdir="$(getpam_mod_dir)"

- # avoid bash-completion dep

- -Dbashcompletiondir="$(get_bashcompdir)"

- $(meson_use split-usr)

- $(meson_use split-usr split-bin)

- -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"

- -Drootlibdir="${EPREFIX}/usr/$(get_libdir)"

- # Disable compatibility with sysvinit

- -Dsysvinit-path=

- -Dsysvrcnd-path=

- # Avoid infinite exec recursion, bug 642724

- -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"

- # no deps

- -Dima=true

- -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)

- # Optional components/dependencies

- $(meson_native_use_bool acl)

- $(meson_native_use_bool apparmor)

- $(meson_native_use_bool audit)

- $(meson_native_use_bool boot bootloader)

- $(meson_native_use_bool cryptsetup libcryptsetup)

- $(meson_native_use_bool curl libcurl)

- $(meson_native_use_bool dns-over-tls dns-over-tls)

- $(meson_native_use_bool elfutils)

- $(meson_native_use_bool fido2 libfido2)

- $(meson_use gcrypt)

- $(meson_native_use_bool gnutls)

- $(meson_native_use_bool homed)

- $(meson_native_use_bool http microhttpd)

- $(meson_native_use_bool idn)

- $(meson_native_use_bool importd)

- $(meson_native_use_bool importd bzip2)

- $(meson_native_use_bool importd zlib)

- $(meson_native_use_bool kernel-install)

- $(meson_native_use_bool kmod)

- $(meson_use lz4)

- $(meson_use lzma xz)

- $(meson_use test tests)

- $(meson_use zstd)

- $(meson_native_use_bool iptables libiptc)

- $(meson_native_use_bool openssl)

- $(meson_use pam)

- $(meson_native_use_bool pkcs11 p11kit)

- $(meson_native_use_bool pcre pcre2)

- $(meson_native_use_bool policykit polkit)

- $(meson_native_use_bool pwquality)

- $(meson_native_use_bool qrcode qrencode)

- $(meson_native_use_bool seccomp)

- $(meson_native_use_bool selinux)

- $(meson_native_use_bool tpm tpm2)

- $(meson_native_use_bool test dbus)

- $(meson_native_use_bool ukify)

- $(meson_native_use_bool xkb xkbcommon)

- -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"

- # Breaks screen, tmux, etc.

- -Ddefault-kill-user-processes=false

- -Dcreate-log-dirs=false

-

- # multilib options

- $(meson_native_true backlight)

- $(meson_native_true binfmt)

- $(meson_native_true coredump)

- $(meson_native_true environment-d)

- $(meson_native_true firstboot)

- $(meson_native_true hibernate)

- $(meson_native_true hostnamed)

- $(meson_native_true ldconfig)

- $(meson_native_true localed)

- $(meson_native_true man)

- $(meson_native_true networkd)

- $(meson_native_true quotacheck)

- $(meson_native_true randomseed)

- $(meson_native_true rfkill)

- $(meson_native_true sysusers)

- $(meson_native_true timedated)

- $(meson_native_true timesyncd)

- $(meson_native_true tmpfiles)

- $(meson_native_true vconsole)

- )

-

- meson_src_configure "${myconf[@]}"

-}

-

-multilib_src_test() {

- unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR

- local -x COLUMNS=80

- meson_src_test --timeout-multiplier=10

-}

-

-multilib_src_install_all() {

- local rootprefix=$(usex split-usr '' /usr)

- local sbin=$(usex split-usr sbin bin)

-

- # meson doesn't know about docdir

- mv "${ED}"/usr/share/doc/{systemd,${PF}} || die

-

- einstalldocs

- dodoc "${FILESDIR}"/nsswitch.conf

-

- insinto /usr/lib/tmpfiles.d

- doins "${FILESDIR}"/legacy.conf

-

- if ! use resolvconf; then

- rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die

- fi

-

- if ! use sysv-utils; then

- rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,shutdown} || die

- rm "${ED}"/usr/share/man/man1/init.1 || die

- rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 || die

- fi

-

- # https://bugs.gentoo.org/761763

- rm -r "${ED}"/usr/lib/sysusers.d || die

-

- # Preserve empty dirs in /etc & /var, bug #437008

- keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}

- keepdir /etc/kernel/install.d

- keepdir /etc/systemd/{network,system,user}

- keepdir /etc/udev/rules.d

-

- keepdir /etc/udev/hwdb.d

-

- keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown}

- keepdir /usr/lib/{binfmt.d,modules-load.d}

- keepdir /usr/lib/systemd/user-generators

- keepdir /var/lib/systemd

- keepdir /var/log/journal

-

- if use pam; then

- if use selinux; then

- newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user

- else

- newpamd "${FILESDIR}"/systemd-user.pam systemd-user

- fi

- fi

-

- if use split-usr; then

- # Avoid breaking boot/reboot

- dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd

- dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown

- fi

-

- gen_usr_ldscript -a systemd udev

-

- if use kernel-install; then

- # Dummy config, remove to make room for sys-kernel/installkernel

- rm "${ED}/usr/lib/kernel/install.conf" || die

- fi

-

- use ukify && python_fix_shebang "${ED}"

- use boot && secureboot_auto_sign

-}

-

-migrate_locale() {

- local envd_locale_def="${EROOT}/etc/env.d/02locale"

- local envd_locale=( "${EROOT}"/etc/env.d/??locale )

- local locale_conf="${EROOT}/etc/locale.conf"

-

- if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then

- # If locale.conf does not exist...

- if [[ -e ${envd_locale} ]]; then

- # ...either copy env.d/??locale if there's one

- ebegin "Moving ${envd_locale} to ${locale_conf}"

- mv "${envd_locale}" "${locale_conf}"

- eend ${?} || FAIL=1

- else

- # ...or create a dummy default

- ebegin "Creating ${locale_conf}"

- cat > "${locale_conf}" <<-EOF

- # This file has been created by the sys-apps/systemd ebuild.

- # See locale.conf(5) and localectl(1).

-

- # LANG=${LANG}

- EOF

- eend ${?} || FAIL=1

- fi

- fi

-

- if [[ ! -L ${envd_locale} ]]; then

- # now, if env.d/??locale is not a symlink (to locale.conf)...

- if [[ -e ${envd_locale} ]]; then

- # ...warn the user that he has duplicate locale settings

- ewarn

- ewarn "To ensure consistent behavior, you should replace ${envd_locale}"

- ewarn "with a symlink to ${locale_conf}. Please migrate your settings"

- ewarn "and create the symlink with the following command:"

- ewarn "ln -s -n -f ../locale.conf ${envd_locale}"

- ewarn

- else

- # ...or just create the symlink if there's nothing here

- ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"

- ln -n -s ../locale.conf "${envd_locale_def}"

- eend ${?} || FAIL=1

- fi

- fi

-}

-

-pkg_preinst() {

- if [[ -e ${EROOT}/etc/sysctl.conf ]]; then

- # Symlink /etc/sysctl.conf for easy migration.

- dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf

- fi

-

- if ! use split-usr; then

- local dir

- for dir in bin sbin lib usr/sbin; do

- if [[ ! -L ${EROOT}/${dir} ]]; then

- eerror "'${EROOT}/${dir}' is not a symbolic link."

- FAIL=1

- fi

- done

- if [[ ${FAIL} ]]; then

- eerror "Migration to system layout with merged directories must be performed before"

- eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage."

- die "System layout with split directories still used"

- fi

- fi

- if ! use boot && has_version "sys-apps/systemd[gnuefi(-)]"; then

- ewarn "The 'gnuefi' USE flag has been renamed to 'boot'."

- ewarn "Make sure to enable the 'boot' USE flag if you use systemd-boot."

- fi

-}

-

-pkg_postinst() {

- systemd_update_catalog

-

- # Keep this here in case the database format changes so it gets updated

- # when required.

- systemd-hwdb --root="${ROOT}" update

-

- udev_reload || FAIL=1

-

- # Bug 465468, make sure locales are respected, and ensure consistency

- # between OpenRC & systemd

- migrate_locale

-

- if [[ -z ${REPLACING_VERSIONS} ]]; then

- if type systemctl &>/dev/null; then

- systemctl --root="${ROOT:-/}" enable [email protected] remote-fs.target || FAIL=1

- fi

- elog "To enable a useful set of services, run the following:"

- elog " systemctl preset-all --preset-mode=enable-only"

- fi

-

- if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then

- rm "${EROOT}/var/lib/systemd/timesync"

- fi

-

- if [[ ${FAIL} ]]; then

- eerror "One of the postinst commands failed. Please check the postinst output"

- eerror "for errors. You may need to clean up your system and/or try installing"

- eerror "systemd again."

- eerror

- fi

-

- if use boot; then

- optfeature "installing kernels in systemd-boot's native layout and update loader entries" \

- "sys-kernel/installkernel[systemd-boot]"

- fi

- if use ukify; then

- optfeature "generating unified kernel image on each kernel installation" \

- "sys-kernel/installkernel[ukify]"

- fi

-}

-

-pkg_prerm() {

- # If removing systemd completely, remove the catalog database.

- if [[ ! ${REPLACED_BY_VERSION} ]]; then

- rm -f -v "${EROOT}"/var/lib/systemd/catalog/database

- fi

-}