From f71638f7efc6519c32a1191e6fb0a8b9b686f132 Mon Sep 17 00:00:00 2001 From: Simon Campion Date: Wed, 13 Mar 2024 13:36:56 +0100 Subject: [PATCH 01/22] app-crypt/tpm2-tools: Add from Gentoo It's from Gentoo commit 2f6a333fb9bed9c7ab9b5a49065d157b62e48420 --- .../app-crypt/tpm2-tools/Manifest | 3 + ...ile-am-Dont-require-pandoc-for-tests.patch | 15 +++ .../files/tpm2-tools-5.6-bashism.patch | 47 +++++++ ...x-check-eventlog.sh-if-efivar.h-exis.patch | 123 ++++++++++++++++++ .../app-crypt/tpm2-tools/metadata.xml | 18 +++ .../tpm2-tools/tpm2-tools-5.5.ebuild | 66 ++++++++++ .../tpm2-tools/tpm2-tools-5.6-r1.ebuild | 79 +++++++++++ 7 files changed, 351 insertions(+) create mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/Manifest create mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.6-Makefile-am-Dont-require-pandoc-for-tests.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.6-bashism.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.6-test-eventlog-fix-check-eventlog.sh-if-efivar.h-exis.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/metadata.xml create mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.5.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.6-r1.ebuild diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/Manifest b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/Manifest new file mode 100644 index 00000000000..f9a3d2cb376 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/Manifest @@ -0,0 +1,3 @@ +DIST tpm2-tools-5.5.tar.gz 1241390 BLAKE2B 2225f9e0835988351f84ed06f914616e25fd65bacaa93b51d0bb04185314efb9a6f60eb3539b250f54b2c2ba590f1b76594df3e625e45c8d37e38d13371bea26 SHA512 24f72a3e9840d531d900e96771a863baae1c71a76fcad0fda8020dff06acd8e3b65b86401ace21f034766403caf9ae97ce710ff6013bb7ed25657a6ecf325470 +DIST tpm2-tools-5.6-tpm2_eventlog-Create-raw-and-pretty-print-format-for.patch.xz 47916 BLAKE2B 1bbc84f58ad46507417c89be1b4ce2450fb33cf3abe8f080c23890d96be85379f135ef1dbf4b580e1a386fa6d5ebc4fbaab351b5238bbf1011bb97b0f49a847b SHA512 3db0daa39a8dc756d7cb25e3673149dc3eeafd7410f2c6537464431b501e3704a886d9b7a9acd71440d6d419649dd471fd6f9247d593c89a30b05774a8d1b3de +DIST tpm2-tools-5.6.tar.gz 1266731 BLAKE2B fe88722c26d62128cd6dfbdd8ef2568656a75fe27b1443fed28387d0db1f50b7d0651819d34dfa98acde785b4cfb4e7c11420b110bb5333ed2bb6b67cdd4fc70 SHA512 14216f29ed3ecca5fbe356ed3744c8b6b25a62ff11b2aed596d11101328c8bfd29a02f6ca5a218f9a4477a5e9648c50f0ae96e71de0b4ff5ea1f98ebeeb73cd7 diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.6-Makefile-am-Dont-require-pandoc-for-tests.patch b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.6-Makefile-am-Dont-require-pandoc-for-tests.patch new file mode 100644 index 00000000000..7b6fc882194 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.6-Makefile-am-Dont-require-pandoc-for-tests.patch @@ -0,0 +1,15 @@ +diff --git a/Makefile.am b/Makefile.am +index 627983ca..d32f109c 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -659,10 +659,3 @@ else + endif + + check: prepare-check +- +-if !HAVE_PANDOC +-# If pandoc is not enabled, we want to complain that you need pandoc for make dist, +-# so hook the target and complain. +- @(>&2 echo "You do not have pandoc, a requirement for the distribution of manpages") +- @exit 1 +-endif diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.6-bashism.patch b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.6-bashism.patch new file mode 100644 index 00000000000..01ce4301d4e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.6-bashism.patch @@ -0,0 +1,47 @@ +https://github.com/tpm2-software/tpm2-tools/pull/3339 + +From 9f244c3f74747b7f79c8c6813657b2f2f8a1c844 Mon Sep 17 00:00:00 2001 +From: Sam James +Date: Sun, 21 Jan 2024 08:08:28 +0000 +Subject: [PATCH] configure.ac: fix bashisms + +configure scripts need to be runnable with a POSIX-compliant /bin/sh. + +On many (but not all!) systems, /bin/sh is provided by Bash, so errors +like this aren't spotted. Notably Debian defaults to /bin/sh provided +by dash which doesn't tolerate such bashisms as '=='. + +This retains compatibility with bash. + +Fixes configure warnings/errors like: +``` +checking for libcurl... yes +./configure: 15201: test: xauto: unexpected operator +./configure: 15286: test: xauto: unexpected operator +checking for efivar/efivar.h... yes +``` + +This fixes a build error later on too: +``` +/usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../../x86_64-pc-linux-gnu/bin/ld: lib/libcommon.a(libcommon_a-tpm2_eventlog_yaml.o): in function `yaml_devicepath': +tpm2_eventlog_yaml.c:(.text.yaml_devicepath+0x2f): undefined reference to `efidp_format_device_path' +/usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../../x86_64-pc-linux-gnu/bin/ld: tpm2_eventlog_yaml.c:(.text.yaml_devicepath+0x61): undefined reference to `efidp_format_device_path' +``` + +Bug: https://bugs.gentoo.org/922592 +Signed-off-by: Sam James +--- a/configure.ac ++++ b/configure.ac +@@ -94,9 +94,9 @@ AC_ARG_WITH([efivar], + ) + + # use the true program to avoid failing hard +-AS_IF([test "x$with_efivar" == "xauto"], ++AS_IF([test "x$with_efivar" = "xauto"], + [PKG_CHECK_MODULES([EFIVAR], [efivar], [AC_CHECK_HEADERS([efivar/efivar.h], , [true])], [true])], +- [test "x$with_efivar" == "xyes"], ++ [test "x$with_efivar" = "xyes"], + [PKG_CHECK_MODULES([EFIVAR], [efivar], [AC_CHECK_HEADERS([efivar/efivar.h])])], + ) + + diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.6-test-eventlog-fix-check-eventlog.sh-if-efivar.h-exis.patch b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.6-test-eventlog-fix-check-eventlog.sh-if-efivar.h-exis.patch new file mode 100644 index 00000000000..f24cf50aff5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.6-test-eventlog-fix-check-eventlog.sh-if-efivar.h-exis.patch @@ -0,0 +1,123 @@ +From 9cd74df24dbeee81b408e12ac10a98a088008d07 Mon Sep 17 00:00:00 2001 +From: Juergen Repp +Date: Mon, 20 Nov 2023 13:55:36 +0100 +Subject: [PATCH] test eventlog: fix check eventlog.sh if efivar.h exists + +If efivar.h exist a pretty print function for the DevicePath +is executed. Therefore two yaml test files are needed for +the bin test file uefiservices. +Fixes #3302. + +Signed-off-by: Juergen Repp +--- + Makefile.am | 13 ++++++ + configure.ac | 3 ++ + .../event-uefiservices.bin.yaml.pretty | 45 +++++++++++++++++++ + ...n.yaml => event-uefiservices.bin.yaml.raw} | 0 + 4 files changed, 61 insertions(+) + create mode 100644 test/integration/fixtures/event-uefiservices.bin.yaml.pretty + rename test/integration/fixtures/{event-uefiservices.bin.yaml => event-uefiservices.bin.yaml.raw} (100%) + +diff --git a/Makefile.am b/Makefile.am +index 413345cd..ef76dca8 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -352,6 +352,7 @@ TEST_EXTENSIONS = .sh + + check-hook: + rm -rf .lock_file ++ rm -f $(abs_top_srcdir)/test/integration/fixtures/event-uefiservices.bin.yaml + + EXTRA_DIST_IGNORE = \ + .gitignore \ +@@ -647,6 +648,18 @@ dist-hook: + for f in $(EXTRA_DIST_IGNORE); do \ + rm -rf `find $(distdir) -name $$f`; \ + done; ++ ++prepare-check: ++if HAVE_EFIVAR_H ++ cp $(abs_top_srcdir)/test/integration/fixtures/event-uefiservices.bin.yaml.pretty \ ++ $(abs_top_srcdir)/test/integration/fixtures/event-uefiservices.bin.yaml ++else ++ cp $(abs_top_srcdir)/test/integration/fixtures/event-uefiservices.bin.yaml.raw \ ++ $(abs_top_srcdir)/test/integration/fixtures/event-uefiservices.bin.yaml ++endif ++ ++check: prepare-check ++ + if !HAVE_PANDOC + # If pandoc is not enabled, we want to complain that you need pandoc for make dist, + # so hook the target and complain. +diff --git a/configure.ac b/configure.ac +index 362ae0aa..54224048 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -97,6 +97,9 @@ AS_IF([test "x$with_efivar" == "xauto"], + [PKG_CHECK_MODULES([EFIVAR], [efivar], [AC_CHECK_HEADERS([efivar/efivar.h])])], + ) + ++AC_CHECK_HEADERS([efivar/efivar.h],[efivar_h=yes ], [efivar = no ]) ++AM_CONDITIONAL([HAVE_EFIVAR_H], [test "$efivar_h" = yes]) ++ + # backwards compat with older pkg-config + # - pull in AC_DEFUN from pkg.m4 + m4_ifndef([PKG_CHECK_VAR], [ +diff --git a/test/integration/fixtures/event-uefiservices.bin.yaml.pretty b/test/integration/fixtures/event-uefiservices.bin.yaml.pretty +new file mode 100644 +index 00000000..f0819f70 +--- /dev/null ++++ b/test/integration/fixtures/event-uefiservices.bin.yaml.pretty +@@ -0,0 +1,45 @@ ++--- ++version: 1 ++events: ++- EventNum: 0 ++ PCRIndex: 0 ++ EventType: EV_NO_ACTION ++ Digest: "0000000000000000000000000000000000000000" ++ EventSize: 37 ++ SpecID: ++ - Signature: Spec ID Event03 ++ platformClass: 0 ++ specVersionMinor: 0 ++ specVersionMajor: 2 ++ specErrata: 0 ++ uintnSize: 2 ++ numberOfAlgorithms: 2 ++ Algorithms: ++ - Algorithm[0]: ++ algorithmId: sha1 ++ digestSize: 20 ++ - Algorithm[1]: ++ algorithmId: sha256 ++ digestSize: 32 ++ vendorInfoSize: 0 ++- EventNum: 1 ++ PCRIndex: 2 ++ EventType: EV_EFI_BOOT_SERVICES_DRIVER ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "855685b4dbd4b67d50e0594571055054cfe2b1e9" ++ - AlgorithmId: sha256 ++ Digest: "dd8576b4ff346c19c56c3e4f97ce55c5afa646f9c669be0a7cdd05057a0ecdf3" ++ EventSize: 84 ++ Event: ++ ImageLocationInMemory: 0x7dcf6018 ++ ImageLengthInMemory: 171464 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 52 ++ DevicePath1: 'PciRoot(0x0)/Pci(0x2,0x0)/Pci(0x0,0x0)/Offset(0x12600,0x3c3ff)' ++pcrs: ++ sha1: ++ 2 : 0x5b5f4d5c31664f01670a98a5796a36473671befc ++ sha256: ++ 2 : 0x35fcf9d737c52c971f7c74058d36937dbd7824177fa0f1de3eba3934fcb83b9d +diff --git a/test/integration/fixtures/event-uefiservices.bin.yaml b/test/integration/fixtures/event-uefiservices.bin.yaml.raw +similarity index 100% +rename from test/integration/fixtures/event-uefiservices.bin.yaml +rename to test/integration/fixtures/event-uefiservices.bin.yaml.raw +-- +2.41.0 + diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/metadata.xml b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/metadata.xml new file mode 100644 index 00000000000..655f63bb3df --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/metadata.xml @@ -0,0 +1,18 @@ + + + + + salah.coronya@gmail.com + Christopher Byrne + + + proxy-maint@gentoo.org + Proxy Maintainers + + + Enable feature API tools + + + tpm2-software/tpm2-tools + + diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.5.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.5.ebuild new file mode 100644 index 00000000000..866f1e799d2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.5.ebuild @@ -0,0 +1,66 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit bash-completion-r1 flag-o-matic python-any-r1 + +DESCRIPTION="Tools for the TPM 2.0 TSS" +HOMEPAGE="https://github.com/tpm2-software/tpm2-tools" +SRC_URI="https://github.com/tpm2-software/tpm2-tools/releases/download/${PV}/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="amd64 arm arm64 ppc64 x86" +IUSE="+fapi test" + +RESTRICT="!test? ( test )" + +RDEPEND=">=app-crypt/tpm2-tss-3.0.1:=[fapi?] + dev-libs/openssl:= + net-misc/curl + sys-libs/efivar:=" +DEPEND="${RDEPEND} + test? ( + app-crypt/swtpm + app-crypt/tpm2-abrmd + dev-util/cmocka + )" +BDEPEND="virtual/pkgconfig + dev-build/autoconf-archive + test? ( + app-editors/vim-core + dev-tcltk/expect + $(python_gen_any_dep 'dev-python/pyyaml[${PYTHON_USEDEP}]') + ) + ${PYTHON_DEPS}" + +python_check_deps() { + python_has_version "dev-python/pyyaml[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_configure() { + # tests fail with LTO enabbled. See bug 865275 and 865277 + filter-lto + econf \ + $(use_enable fapi) \ + $(use_enable test unit) \ + --with-bashcompdir=$(get_bashcompdir) \ + --enable-hardening +} + +src_install() { + default + mv "${ED}"/$(get_bashcompdir)/tpm2{_completion.bash,} || die + local utils=( "${ED}"/usr/bin/tpm2_* ) + utils=("${utils[@]##*/}") + # these utiltites don't have bash completions + local nobashcomp=( tpm2_encodeobject tpm2_getpolicydigest tpm2_sessionconfig ) + mapfile -d $'\0' -t utils < <(printf '%s\0' "${utils[@]}" | grep -Ezvw "${nobashcomp[@]/#/-e}") + bashcomp_alias tpm2 "${utils[@]}" +} diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.6-r1.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.6-r1.ebuild new file mode 100644 index 00000000000..04fb5536f1f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.6-r1.ebuild @@ -0,0 +1,79 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit autotools bash-completion-r1 flag-o-matic python-any-r1 + +DESCRIPTION="Tools for the TPM 2.0 TSS" +HOMEPAGE="https://github.com/tpm2-software/tpm2-tools" +SRC_URI="https://github.com/tpm2-software/tpm2-tools/releases/download/${PV}/${P}.tar.gz" +SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/tpm2-tools-5.6-tpm2_eventlog-Create-raw-and-pretty-print-format-for.patch.xz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" +IUSE="+fapi test" + +RESTRICT="!test? ( test )" + +RDEPEND=">=app-crypt/tpm2-tss-3.0.1:=[fapi?] + dev-libs/openssl:= + net-misc/curl + sys-libs/efivar:=" +DEPEND="${RDEPEND} + test? ( + app-crypt/swtpm + app-crypt/tpm2-abrmd + dev-util/cmocka + )" +BDEPEND="virtual/pkgconfig + dev-build/autoconf-archive + test? ( + app-editors/vim-core + dev-tcltk/expect + $(python_gen_any_dep 'dev-python/pyyaml[${PYTHON_USEDEP}]') + ) + ${PYTHON_DEPS}" + +PATCHES=( + "${FILESDIR}/${PN}-5.6-test-eventlog-fix-check-eventlog.sh-if-efivar.h-exis.patch" + "${WORKDIR}/${PN}-5.6-tpm2_eventlog-Create-raw-and-pretty-print-format-for.patch" + "${FILESDIR}/${PN}-5.6-Makefile-am-Dont-require-pandoc-for-tests.patch" + "${FILESDIR}/${PN}-5.6-bashism.patch" +) + +python_check_deps() { + python_has_version "dev-python/pyyaml[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + eautoreconf +} + +src_configure() { + # tests fail with LTO enabbled. See bug 865275 and 865277 + filter-lto + econf \ + $(use_enable fapi) \ + $(use_enable test unit) \ + --with-bashcompdir=$(get_bashcompdir) \ + --enable-hardening +} + +src_install() { + default + mv "${ED}"/$(get_bashcompdir)/tpm2{_completion.bash,} || die + local utils=( "${ED}"/usr/bin/tpm2_* ) + utils=("${utils[@]##*/}") + # these utiltites don't have bash completions + local nobashcomp=( tpm2_encodeobject tpm2_getpolicydigest tpm2_sessionconfig ) + mapfile -d $'\0' -t utils < <(printf '%s\0' "${utils[@]}" | grep -Ezvw "${nobashcomp[@]/#/-e}") + bashcomp_alias tpm2 "${utils[@]}" +} From 5d0e408434e530f4cc7f02d62239333c9d8953db Mon Sep 17 00:00:00 2001 From: Simon Campion Date: Wed, 13 Mar 2024 13:37:30 +0100 Subject: [PATCH 02/22] app-crypt/tpm2-tss: Add from Gentoo It's from Gentoo commit 2f6a333fb9bed9c7ab9b5a49065d157b62e48420 --- .../app-crypt/tpm2-tss/Manifest | 1 + ...ss-4.0.0-Dont-install-files-into-run.patch | 26 +++++ ...-failures-to-write-files-in-sys-hard.patch | 27 +++++ ...-Make-sysusers-and-tmpfiles-optional.patch | 50 ++++++++ .../app-crypt/tpm2-tss/metadata.xml | 21 ++++ .../tpm2-tss/tpm2-tss-4.0.1-r1.ebuild | 109 ++++++++++++++++++ .../app-crypt/tpm2-tss/tpm2-tss-4.0.1.ebuild | 97 ++++++++++++++++ 7 files changed, 331 insertions(+) create mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/Manifest create mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/files/tpm2-tss-4.0.0-Dont-install-files-into-run.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Do-not-consider-failures-to-write-files-in-sys-hard.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Make-sysusers-and-tmpfiles-optional.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/metadata.xml create mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/tpm2-tss-4.0.1-r1.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/tpm2-tss-4.0.1.ebuild diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/Manifest b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/Manifest new file mode 100644 index 00000000000..e5a285d2b76 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/Manifest @@ -0,0 +1 @@ +DIST tpm2-tss-4.0.1.tar.gz 1787139 BLAKE2B 627cdefeff6c64148f9da1425922a0a7a72debcee4930ffab208a3b9b66127c2d4f923e3e105bfd45410cdb13c19cb40cc15a720e9a05dd32ff622dabf5fcc32 SHA512 ed6ddc52cb0e8c1082a4bb001e1225eb9905fd2380da88db5fd69ff5b5d9d43a93eb67b634e49d53eb5d586832da3aef2c4c7e5f18d51bb730481f8913319d7d diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/files/tpm2-tss-4.0.0-Dont-install-files-into-run.patch b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/files/tpm2-tss-4.0.0-Dont-install-files-into-run.patch new file mode 100644 index 00000000000..ca51ab7f938 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/files/tpm2-tss-4.0.0-Dont-install-files-into-run.patch @@ -0,0 +1,26 @@ +diff --git a/Makefile.am b/Makefile.am +index 2c81cfa9..2673995c 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -767,13 +767,11 @@ define set_tss_permissions + endef + + define make_fapi_dirs +- ($(call make_tss_dir,$(DESTDIR)$(runstatedir)/tpm2-tss/eventlog/) || true) && \ + ($(call make_tss_dir,$(DESTDIR)$(localstatedir)/lib/tpm2-tss/system/keystore/)) + endef + + define set_fapi_permissions + if test -z "${DESTDIR}"; then \ e +- ($(call set_tss_permissions,$(DESTDIR)$(runstatedir)/tpm2-tss)) && \ + ($(call set_tss_permissions,$(DESTDIR)$(localstatedir)/lib/tpm2-tss)) \ + fi + endef +@@ -784,7 +782,6 @@ endef + + define check_fapi_dirs + if test -z "${DESTDIR}"; then \ +- ($(call check_dir,$(DESTDIR)$(runstatedir)/tpm2-tss/eventlog/)) && \ + ($(call check_dir,$(DESTDIR)$(localstatedir)/lib/tpm2-tss/system/keystore/)) \ + fi; + endef diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Do-not-consider-failures-to-write-files-in-sys-hard.patch b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Do-not-consider-failures-to-write-files-in-sys-hard.patch new file mode 100644 index 00000000000..83f123ffdc5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Do-not-consider-failures-to-write-files-in-sys-hard.patch @@ -0,0 +1,27 @@ +From 0632885d08917092ffc8d98febd158745a74465a Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 4 Aug 2023 16:07:52 +0200 +Subject: [PATCH] Do not consider failures to write files in /sys hard errors + +systemd-tmpfiles can run in containers, chroots, ... where writing to /sys will fail, so let's suffix these lines with "-" to avoid considering these cases hard errors. + +Signed-off-by: Daan De Meyer +--- + dist/tmpfiles.d/tpm2-tss-fapi.conf.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/dist/tmpfiles.d/tpm2-tss-fapi.conf.in b/dist/tmpfiles.d/tpm2-tss-fapi.conf.in +index 7ea3c652..51ff78e5 100644 +--- a/dist/tmpfiles.d/tpm2-tss-fapi.conf.in ++++ b/dist/tmpfiles.d/tpm2-tss-fapi.conf.in +@@ -3,5 +3,5 @@ d @localstatedir@/lib/tpm2-tss/system/keystore 2775 tss tss - + a+ @localstatedir@/lib/tpm2-tss/system/keystore - - - - default:group:tss:rwx + d @runstatedir@/tpm2-tss/eventlog 2775 tss tss - - + a+ @runstatedir@/tpm2-tss/eventlog - - - - default:group:tss:rwx +-z /sys/kernel/security/tpm[0-9]/binary_bios_measurements 0440 root tss - - +-z /sys/kernel/security/ima/binary_runtime_measurements 0440 root tss - - ++z- /sys/kernel/security/tpm[0-9]/binary_bios_measurements 0440 root tss - - ++z- /sys/kernel/security/ima/binary_runtime_measurements 0440 root tss - - +-- +2.43.0 + diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Make-sysusers-and-tmpfiles-optional.patch b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Make-sysusers-and-tmpfiles-optional.patch new file mode 100644 index 00000000000..d93fcf9ef2d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Make-sysusers-and-tmpfiles-optional.patch @@ -0,0 +1,50 @@ +From 75f53cf7eab591870ce735203995d01d2f577187 Mon Sep 17 00:00:00 2001 +From: Christopher Byrne +Date: Tue, 13 Jun 2023 21:40:56 -0500 +Subject: [PATCH] configure.ac: Make sysusers and tmpfiles optional + +Signed-off-by: Christopher Byrne +--- + Makefile.am | 6 +++++- + configure.ac | 4 ++-- + 2 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 2c81cfa9..98965fa7 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -563,10 +563,14 @@ fapi-config.json: dist/fapi-config.json.in + -e 's|[@]sysmeasurements@|$(sysmeasurements)|g' \ + < "$<" > "$@" + ++if SYSD_SYSUSERS + sysusers_DATA = dist/sysusers.d/tpm2-tss.conf +-tmpfiles_DATA = tpm2-tss-fapi.conf ++endif + ++if SYSD_TMPFILES ++tmpfiles_DATA = tpm2-tss-fapi.conf + CLEANFILES += tpm2-tss-fapi.conf ++endif + + # We have to do this ourselves, in order to get absolute paths + tpm2-tss-fapi.conf: dist/tmpfiles.d/tpm2-tss-fapi.conf.in +diff --git a/configure.ac b/configure.ac +index b6550278..2d478147 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -550,9 +550,9 @@ AS_IF([test "x$enable_integration" = "xyes" && test "x$enable_self_generated_cer + + # Check for systemd helper tools used by make install + AC_CHECK_PROG(systemd_sysusers, systemd-sysusers, yes) +-AM_CONDITIONAL(SYSD_SYSUSERS, test "x$systemd_sysusers" = "xyes") ++AM_CONDITIONAL([SYSD_SYSUSERS], [test "x$systemd_sysusers" = "xyes" && test "x$sysusersdir" != "xno"]) + AC_CHECK_PROG(systemd_tmpfiles, systemd-tmpfiles, yes) +-AM_CONDITIONAL(SYSD_TMPFILES, test "x$systemd_tmpfiles" = "xyes") ++AM_CONDITIONAL([SYSD_TMPFILES], [test "x$systemd_tmpfiles" = "xyes" && test "x$tmpfilesdir" != "xno"]) + + # Check all tools used by make install + AS_IF([test "$HOSTOS" = "Linux" && test "x$systemd_sysusers" != "xyes"], +-- +2.39.3 + diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/metadata.xml b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/metadata.xml new file mode 100644 index 00000000000..ada5791c33d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/metadata.xml @@ -0,0 +1,21 @@ + + + + + salah.coronya@gmail.com + Christopher Byrne + + + proxy-maint@gentoo.org + Proxy Maintainers + + + Enable feature API (requires openssl as crypto backend) + Use net-libs/mbedtls as crypto engine + Use dev-libs/openssl as crypto engine + Enable policy library (requires openssl as crypto backend) + + + tpm2-software/tpm2-tss + + diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/tpm2-tss-4.0.1-r1.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/tpm2-tss-4.0.1-r1.ebuild new file mode 100644 index 00000000000..558f221a5be --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/tpm2-tss-4.0.1-r1.ebuild @@ -0,0 +1,109 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools flag-o-matic linux-info multilib-minimal tmpfiles udev + +DESCRIPTION="TCG Trusted Platform Module 2.0 Software Stack" +HOMEPAGE="https://github.com/tpm2-software/tpm2-tss" +SRC_URI="https://github.com/tpm2-software/${PN}/releases/download/${PV}/${P}.tar.gz" + +LICENSE="BSD-2" +SLOT="0/4" +KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86" +IUSE="doc +fapi +openssl mbedtls +policy static-libs test" +RESTRICT="!test? ( test )" + +REQUIRED_USE=" + ^^ ( mbedtls openssl ) + fapi? ( openssl !mbedtls ) + policy? ( openssl !mbedtls ) +" + +RDEPEND=" + acct-group/tss + acct-user/tss + sys-apps/util-linux:=[${MULTILIB_USEDEP}] + fapi? ( + dev-libs/json-c:=[${MULTILIB_USEDEP}] + >=net-misc/curl-7.80.0[${MULTILIB_USEDEP}] + ) + mbedtls? ( net-libs/mbedtls:=[${MULTILIB_USEDEP}] ) + openssl? ( dev-libs/openssl:=[${MULTILIB_USEDEP}] ) +" + +DEPEND=" + ${RDEPEND} + test? ( app-crypt/swtpm + dev-libs/uthash + dev-util/cmocka + fapi? ( >=net-misc/curl-7.80.0 ) ) +" + +BDEPEND=" + sys-apps/acl + virtual/pkgconfig + doc? ( app-text/doxygen ) +" + +PATCHES=( + "${FILESDIR}/${PN}-4.0.0-Dont-install-files-into-run.patch" + "${FILESDIR}/${PN}-4.0.1-Make-sysusers-and-tmpfiles-optional.patch" + "${FILESDIR}/${PN}-4.0.1-Do-not-consider-failures-to-write-files-in-sys-hard.patch" +) + +pkg_setup() { + local CONFIG_CHECK="~TCG_TPM" + linux-info_pkg_setup + kernel_is ge 4 12 0 || ewarn "At least kernel 4.12.0 is required" +} + +src_prepare() { + default + eautoreconf +} + +multilib_src_configure() { + # Fails with inlining + filter-flags -fno-semantic-interposition + # tests fail with LTO enabbled. See bug 865275 and 865279 + filter-lto + + local myconf=( + --localstatedir=/var + $(multilib_native_use_enable doc doxygen-doc) + $(use_enable fapi) + $(use_enable policy) + $(use_enable static-libs static) + $(multilib_native_use_enable test unit) + $(multilib_native_use_enable test integration) + $(multilib_native_use_enable test self-generated-certificate) + --disable-tcti-libtpms + --disable-defaultflags + --disable-weakcrypto + --with-crypto="$(usex mbedtls mbed ossl)" + --with-runstatedir=/run + --with-udevrulesdir="$(get_udevdir)/rules.d" + --with-udevrulesprefix=60- + --without-sysusersdir + --with-tmpfilesdir="/usr/lib/tmpfiles.d" + ) + + ECONF_SOURCE=${S} econf "${myconf[@]}" +} + +multilib_src_install() { + default + keepdir /var/lib/tpm2-tss/system/keystore + find "${ED}" -name '*.la' -delete || die +} + +pkg_postinst() { + tmpfiles_process tpm2-tss-fapi.conf + udev_reload +} + +pkg_postrm() { + udev_reload +} diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/tpm2-tss-4.0.1.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/tpm2-tss-4.0.1.ebuild new file mode 100644 index 00000000000..d4391f09ea9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/tpm2-tss-4.0.1.ebuild @@ -0,0 +1,97 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools flag-o-matic linux-info multilib-minimal tmpfiles udev + +DESCRIPTION="TCG Trusted Platform Module 2.0 Software Stack" +HOMEPAGE="https://github.com/tpm2-software/tpm2-tss" +SRC_URI="https://github.com/tpm2-software/${PN}/releases/download/${PV}/${P}.tar.gz" + +LICENSE="BSD-2" +SLOT="0/4" +KEYWORDS="amd64 arm arm64 ~loong ppc64 ~riscv x86" +IUSE="doc +fapi +openssl mbedtls +policy static-libs test" + +RESTRICT="!test? ( test )" + +REQUIRED_USE="^^ ( mbedtls openssl ) + fapi? ( openssl !mbedtls ) + policy? ( openssl !mbedtls )" + +RDEPEND="acct-group/tss + acct-user/tss + sys-apps/util-linux:=[${MULTILIB_USEDEP}] + fapi? ( dev-libs/json-c:=[${MULTILIB_USEDEP}] + >=net-misc/curl-7.80.0[${MULTILIB_USEDEP}] ) + mbedtls? ( net-libs/mbedtls:=[${MULTILIB_USEDEP}] ) + openssl? ( dev-libs/openssl:=[${MULTILIB_USEDEP}] )" + +DEPEND="${RDEPEND} + test? ( app-crypt/swtpm + dev-libs/uthash + dev-util/cmocka + fapi? ( >=net-misc/curl-7.80.0 ) )" +BDEPEND="sys-apps/acl + virtual/pkgconfig + doc? ( app-text/doxygen )" + +PATCHES=( + "${FILESDIR}/${PN}-4.0.0-Dont-install-files-into-run.patch" + "${FILESDIR}/${PN}-4.0.1-Make-sysusers-and-tmpfiles-optional.patch" + ) + +pkg_setup() { + local CONFIG_CHECK=" \ + ~TCG_TPM + " + linux-info_pkg_setup + kernel_is ge 4 12 0 || ewarn "At least kernel 4.12.0 is required" +} + +src_prepare() { + default + eautoreconf +} + +multilib_src_configure() { + # Fails with inlining + filter-flags -fno-semantic-interposition + # tests fail with LTO enabbled. See bug 865275 and 865279 + filter-lto + + ECONF_SOURCE=${S} econf \ + --localstatedir=/var \ + $(multilib_native_use_enable doc doxygen-doc) \ + $(use_enable fapi) \ + $(use_enable policy) \ + $(use_enable static-libs static) \ + $(multilib_native_use_enable test unit) \ + $(multilib_native_use_enable test integration) \ + $(multilib_native_use_enable test self-generated-certificate) \ + --disable-tcti-libtpms \ + --disable-defaultflags \ + --disable-weakcrypto \ + --with-crypto="$(usex mbedtls mbed ossl)" \ + --with-runstatedir=/run \ + --with-udevrulesdir="$(get_udevdir)/rules.d" \ + --with-udevrulesprefix=60- \ + --without-sysusersdir \ + --with-tmpfilesdir="/usr/lib/tmpfiles.d" +} + +multilib_src_install() { + default + keepdir /var/lib/tpm2-tss/system/keystore + find "${ED}" -name '*.la' -delete || die +} + +pkg_postinst() { + tmpfiles_process tpm2-tss-fapi.conf + udev_reload +} + +pkg_postrm() { + udev_reload +} From 2c26b8efa3059809aaebb5d6ea137c49c8f5565c Mon Sep 17 00:00:00 2001 From: Simon Campion Date: Wed, 13 Mar 2024 13:37:53 +0100 Subject: [PATCH 03/22] dev-libs/libatasmart: Add from Gentoo It's from Gentoo commit 2f6a333fb9bed9c7ab9b5a49065d157b62e48420 --- .../dev-libs/libatasmart/Manifest | 2 + .../libatasmart/libatasmart-0.19_p5.ebuild | 51 +++++++++++++++++++ .../dev-libs/libatasmart/metadata.xml | 7 +++ 3 files changed, 60 insertions(+) create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/libatasmart/Manifest create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/libatasmart/libatasmart-0.19_p5.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/libatasmart/metadata.xml diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libatasmart/Manifest b/sdk_container/src/third_party/portage-stable/dev-libs/libatasmart/Manifest new file mode 100644 index 00000000000..fc6fc6b74d9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/libatasmart/Manifest @@ -0,0 +1,2 @@ +DIST libatasmart_0.19-5.debian.tar.xz 6452 BLAKE2B 09bde3d5d79062d4df82e5582e932b6b566a91607086ddd805925d1966cdee4cb4ba43863f4b7d26a98588479b117841050f762d23c6719448635bf1e681b315 SHA512 434b6ef3ea377485ce745e147da8bb72851b2eeabe6f418379511650f0161f15a9ee21f4f0b5f9beb218b99eb417c1aeafdea4640995efbaf45024f40ce71802 +DIST libatasmart_0.19.orig.tar.xz 251204 BLAKE2B 7e2a9823c27eee5a41f93464b28236239891349639162c5fdc114c241a70fb39a3046c3de16ce402787cd86e13609fff0578bd26f7a2c994fefe3c9756d45968 SHA512 ec9edb019c477873b01289ba365ad0ed0946505d651c1f6f83a63ef61b3976a5db6439c8a0c74d9a55325db9a3a587ad6f655f8d1af9387b0d08356eccabdb62 diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libatasmart/libatasmart-0.19_p5.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/libatasmart/libatasmart-0.19_p5.ebuild new file mode 100644 index 00000000000..488991a7698 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/libatasmart/libatasmart-0.19_p5.ebuild @@ -0,0 +1,51 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit toolchain-funcs + +DESCRIPTION="A small and lightweight parser library for ATA S.M.A.R.T. hard disks" +HOMEPAGE="https://salsa.debian.org/utopia-team/libatasmart" +SRC_URI="mirror://debian/pool/main/liba/${PN}/${PN}_${PV/_p*}.orig.tar.xz + mirror://debian/pool/main/liba/${PN}/${PN}_${PV/_p/-}.debian.tar.xz" + +LICENSE="LGPL-2.1" +SLOT="0/4" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv sparc x86" +IUSE="static-libs" + +RDEPEND="virtual/libudev:=" +DEPEND="${RDEPEND}" +BDEPEND="virtual/pkgconfig" + +S="${WORKDIR}/${P/_p*}" + +src_prepare() { + # https://bugs.gentoo.org/470874 + local d="${WORKDIR}/debian/patches" + sed -i -e '/#/d' \ + -e "s|^|${d}/|" "${d}"/series || die + eapply $(<"${d}"/series) + eapply_user +} + +src_configure() { + econf $(use_enable static-libs static) +} + +src_compile() { + if tc-is-cross-compiler; then + tc-export_build_env + emake -C strpool strpool \ + CFLAGS="${BUILD_CFLAGS}" \ + CPPFLAGS="${BUILD_CPPFLAGS}" \ + LDFLAGS="${BUILD_LDFLAGS}" + fi + emake +} + +src_install() { + default + find "${ED}" -type f -name "*.la" -delete || die +} diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libatasmart/metadata.xml b/sdk_container/src/third_party/portage-stable/dev-libs/libatasmart/metadata.xml new file mode 100644 index 00000000000..d0b58801b31 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/libatasmart/metadata.xml @@ -0,0 +1,7 @@ + + + + + freedesktop-bugs@gentoo.org + + From 4c9ea0c4836040cc1a076854b2e1c8a3998a428f Mon Sep 17 00:00:00 2001 From: Simon Campion Date: Wed, 13 Mar 2024 13:38:05 +0100 Subject: [PATCH 04/22] dev-libs/libbytesize: Add from Gentoo It's from Gentoo commit 2f6a333fb9bed9c7ab9b5a49065d157b62e48420 --- .../dev-libs/libbytesize/Manifest | 2 + .../files/libbytesize-2.4-no_Werror.patch | 24 +++++ .../libbytesize/libbytesize-2.10.ebuild | 88 ++++++++++++++++++ .../libbytesize/libbytesize-2.9.ebuild | 91 +++++++++++++++++++ .../dev-libs/libbytesize/metadata.xml | 11 +++ 5 files changed, 216 insertions(+) create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/Manifest create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/files/libbytesize-2.4-no_Werror.patch create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/libbytesize-2.10.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/libbytesize-2.9.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/metadata.xml diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/Manifest b/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/Manifest new file mode 100644 index 00000000000..3458e34920c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/Manifest @@ -0,0 +1,2 @@ +DIST libbytesize-2.10.tar.gz 458804 BLAKE2B 413a45bebf8394e0557c2e1ef7e1f4348fa6dfa52c697599886d70292ea8b2e1b17402e787afaeb8fecd84e3a37a6c0c39440fa22a556dcaba3f419ee17e1b0e SHA512 9e52b9a756a5b4ee6e23a7a20fd0c6ca2a65ff31f38ddc7545d6838fe9a3da0ee0bd7491cb268f071c950fbeb8d65c707423d285cc3548038b3a2d3aa7f0de48 +DIST libbytesize-2.9.tar.gz 458737 BLAKE2B d2e47b520cf2669131816f069d8ebeb946be02bc04acc676579f12e798fcb2aa176fd25e6bb77dd1e6b274ec0762498df5df18d88c627653accc426a7e268f36 SHA512 6def6bebe33344e6d6ce1a636bcd200a9d28ed5c4e5ce5dfbfd94c4d92ba37512ef1ee4f12716af0d6a402d5285e60df1ee629ecf31cf7d0b59990c524384fd1 diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/files/libbytesize-2.4-no_Werror.patch b/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/files/libbytesize-2.4-no_Werror.patch new file mode 100644 index 00000000000..827bebe3ec9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/files/libbytesize-2.4-no_Werror.patch @@ -0,0 +1,24 @@ +https://bugs.gentoo.org/744286 + +--- libbytesize-2.4/configure.ac ++++ libbytesize-2.4/configure.ac +@@ -6,7 +6,7 @@ + # This needs to be set before initializing automake + AC_DISABLE_STATIC + +-AM_INIT_AUTOMAKE([foreign -Wall -Werror -Wno-syntax -Wno-portability]) ++AM_INIT_AUTOMAKE([foreign -Wall -Wno-syntax -Wno-portability]) + AC_CONFIG_MACRO_DIR([m4]) + + # Check for the gettext programs +--- libbytesize-2.4/src/Makefile.am ++++ libbytesize-2.4/src/Makefile.am +@@ -2,7 +2,7 @@ + LDADD = $(LIBINTL) + + lib_LTLIBRARIES = libbytesize.la +-libbytesize_la_CFLAGS = -Wall -Wextra -Werror -Wno-overflow -D_GNU_SOURCE ++libbytesize_la_CFLAGS = -Wall -Wextra -Wno-overflow -D_GNU_SOURCE + libbytesize_la_LIBADD = -lgmp -lmpfr $(PCRE2_LIBS) + libbytesize_la_LDFLAGS = -version-info 1:0:0 + libbytesize_la_SOURCES = bs_size.c bs_size.h gettext.h diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/libbytesize-2.10.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/libbytesize-2.10.ebuild new file mode 100644 index 00000000000..e0ffbc9de48 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/libbytesize-2.10.ebuild @@ -0,0 +1,88 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) + +inherit autotools python-r1 + +DESCRIPTION="Tiny library providing a C \"class\" for working with arbitrary big byte sizes" +HOMEPAGE="https://github.com/storaged-project/libbytesize" +SRC_URI="https://github.com/storaged-project/libbytesize/releases/download/${PV}/${P}.tar.gz" + +LICENSE="LGPL-2+" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~loong ~mips ppc ppc64 ~riscv ~sparc x86" +IUSE="doc python test tools" +RESTRICT="!test? ( test )" + +REQUIRED_USE=" + python? ( ${PYTHON_REQUIRED_USE} ) + tools? ( python ) +" + +RDEPEND=" + dev-libs/gmp:= + dev-libs/mpfr:= + dev-libs/libpcre2:= + python? ( ${PYTHON_DEPS} ) +" +DEPEND="${RDEPEND}" +BDEPEND=" + sys-devel/gettext + doc? ( + dev-util/gtk-doc + virtual/pkgconfig + ) + test? ( + dev-python/pocketlint[${PYTHON_USEDEP}] + dev-python/polib[${PYTHON_USEDEP}] + ) +" + +PATCHES=( + "${FILESDIR}/${PN}-2.4-no_Werror.patch" +) + +python_do() { + if use python ; then + python_foreach_impl run_in_build_dir "$@" + else + "$@" + fi +} + +src_prepare() { + default + eautoreconf +} + +src_configure() { + local myeconfargs=( + $(use_with doc gtk-doc) + $(use_with python python3) + $(use_with tools) + ) + local ECONF_SOURCE="${S}" + python_do econf "${myeconfargs[@]}" +} + +src_compile() { + python_do emake +} + +src_test() { + python_do emake check +} + +install_helper() { + emake DESTDIR="${D}" install + use python && python_optimize +} + +src_install() { + python_do install_helper + einstalldocs + find "${ED}" -name "*.la" -type f -delete || die +} diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/libbytesize-2.9.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/libbytesize-2.9.ebuild new file mode 100644 index 00000000000..4cb4753960a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/libbytesize-2.9.ebuild @@ -0,0 +1,91 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# py3.12 blocked by the massive dependency tree of dev-python/pocketlint +PYTHON_COMPAT=( python3_{10..11} ) + +inherit autotools python-r1 + +DESCRIPTION="Tiny library providing a C \"class\" for working with arbitrary big byte sizes" +HOMEPAGE="https://github.com/storaged-project/libbytesize" +SRC_URI="https://github.com/storaged-project/libbytesize/releases/download/${PV}/${P}.tar.gz" + +LICENSE="LGPL-2+" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~loong ~mips ppc ppc64 ~riscv sparc x86" +IUSE="doc python test tools" +RESTRICT="!test? ( test )" + +REQUIRED_USE=" + python? ( ${PYTHON_REQUIRED_USE} ) + tools? ( python ) +" + +RDEPEND=" + dev-libs/gmp:= + dev-libs/mpfr:= + dev-libs/libpcre2:= + python? ( ${PYTHON_DEPS} ) +" +DEPEND="${RDEPEND}" +BDEPEND=" + sys-devel/gettext + doc? ( + dev-util/gtk-doc + virtual/pkgconfig + ) + test? ( + dev-python/pocketlint[${PYTHON_USEDEP}] + dev-python/polib[${PYTHON_USEDEP}] + ) +" + +DOCS=( README.md ) + +PATCHES=( + "${FILESDIR}/${PN}-2.4-no_Werror.patch" +) + +python_do() { + if use python ; then + python_foreach_impl run_in_build_dir "$@" + else + "$@" + fi +} + +src_prepare() { + default + eautoreconf +} + +src_configure() { + local myeconfargs=( + $(use_with doc gtk-doc) + $(use_with python python3) + $(use_with tools) + ) + local ECONF_SOURCE="${S}" + python_do econf "${myeconfargs[@]}" +} + +src_compile() { + python_do emake +} + +src_test() { + python_do emake check +} + +install_helper() { + emake DESTDIR="${D}" install + use python && python_optimize +} + +src_install() { + python_do install_helper + einstalldocs + find "${ED}" -name "*.la" -type f -delete || die +} diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/metadata.xml b/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/metadata.xml new file mode 100644 index 00000000000..aca3155bc46 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/metadata.xml @@ -0,0 +1,11 @@ + + + + + + Build bscalc python CLI tool + + + storaged-project/libbytesize + + From c6b88015eaef36d253dea58eb18ff3c5b00d62ec Mon Sep 17 00:00:00 2001 From: Simon Campion Date: Wed, 13 Mar 2024 13:38:21 +0100 Subject: [PATCH 05/22] dev-libs/libgudev: Add from Gentoo It's from Gentoo commit 2f6a333fb9bed9c7ab9b5a49065d157b62e48420 --- .../portage-stable/dev-libs/libgudev/Manifest | 1 + .../dev-libs/libgudev/libgudev-238-r1.ebuild | 47 +++++++++++++++++++ .../dev-libs/libgudev/metadata.xml | 14 ++++++ 3 files changed, 62 insertions(+) create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/libgudev/Manifest create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/libgudev/libgudev-238-r1.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/libgudev/metadata.xml diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libgudev/Manifest b/sdk_container/src/third_party/portage-stable/dev-libs/libgudev/Manifest new file mode 100644 index 00000000000..4b42a0c9e8b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/libgudev/Manifest @@ -0,0 +1 @@ +DIST libgudev-238.tar.xz 30548 BLAKE2B 386491e78c82081e89dad897d16ea6733430a67db3f75f2d9fdee5474b074ad6fede9f08e429f4eb6feaa9bbbb982d9d039db738aac5b5ce0ffac2d3a19430d4 SHA512 684061b4fc64a6ea3dd1ac34835279330c7eb2728fad6e3a9d34c0d501be3103d0f96c6d6866c8e257a0027e4f78a6314cb8ba81cda5ddf42ee9ea1a576ec5dc diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libgudev/libgudev-238-r1.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/libgudev/libgudev-238-r1.ebuild new file mode 100644 index 00000000000..3d1e0288855 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/libgudev/libgudev-238-r1.ebuild @@ -0,0 +1,47 @@ +# Copyright 2015-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit meson-multilib + +DESCRIPTION="GObject bindings for libudev" +HOMEPAGE="https://wiki.gnome.org/Projects/libgudev" +SRC_URI="https://download.gnome.org/sources/libgudev/${PV}/${P}.tar.xz" + +LICENSE="LGPL-2.1+" +SLOT="0/0" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="introspection test" +RESTRICT="!test? ( test )" + +RDEPEND=" + >=dev-libs/glib-2.38.0:2[${MULTILIB_USEDEP}] + >=virtual/libudev-251:=[sticky-tags(+),${MULTILIB_USEDEP}] + introspection? ( >=dev-libs/gobject-introspection-1.31.1 ) +" +DEPEND="${RDEPEND} + test? ( dev-util/umockdev[${MULTILIB_USEDEP}] ) +" +BDEPEND=" + dev-util/glib-utils + virtual/pkgconfig +" + +multilib_src_configure() { + local emesonargs=( + $(meson_native_use_feature introspection) + -Dgtk_doc=false + $(meson_feature test tests) + -Dvapi=disabled + ) + meson_src_configure +} + +src_test() { + # libsandbox interferes somehow. + # There are no access violations, but tests fail. + # https://bugs.gentoo.org/805449 + local -x SANDBOX_ON=0 + meson-multilib_src_test +} diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libgudev/metadata.xml b/sdk_container/src/third_party/portage-stable/dev-libs/libgudev/metadata.xml new file mode 100644 index 00000000000..3631e95872f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/libgudev/metadata.xml @@ -0,0 +1,14 @@ + + + + + gnome@gentoo.org + Gentoo GNOME Desktop + + + systemd@gentoo.org + + + GNOME/libgudev + + From 136fcc4d1f01d8e74decb74c5fe05eaeec54bf38 Mon Sep 17 00:00:00 2001 From: Simon Campion Date: Wed, 13 Mar 2024 13:38:32 +0100 Subject: [PATCH 06/22] dev-libs/libpwquality: Add from Gentoo It's from Gentoo commit 2f6a333fb9bed9c7ab9b5a49065d157b62e48420 --- .../dev-libs/libpwquality/Manifest | 1 + ...wquality-1.4.4-pam_pwquality-include.patch | 35 ++++++++ .../libpwquality/libpwquality-1.4.5-r1.ebuild | 75 ++++++++++++++++ .../libpwquality/libpwquality-1.4.5.ebuild | 87 +++++++++++++++++++ .../dev-libs/libpwquality/metadata.xml | 11 +++ 5 files changed, 209 insertions(+) create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/Manifest create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/files/libpwquality-1.4.4-pam_pwquality-include.patch create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/libpwquality-1.4.5-r1.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/libpwquality-1.4.5.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/metadata.xml diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/Manifest b/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/Manifest new file mode 100644 index 00000000000..231099aa891 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/Manifest @@ -0,0 +1 @@ +DIST libpwquality-1.4.5.tar.bz2 433961 BLAKE2B f5326996ab607bf9d24de446d9714987ad259fd2222bc54983769abc298969e2e9a4cee78f2a5c5d963bd0e5f57ea3aa346b0ce108b465a8da82810486b37e36 SHA512 91a6febbf40047e553b6051df727857df7932c816638f15118a46b8286527a80446ca4f6a050d2b1f4e33335bf4b75290751ce358fa477cb9d06fe89a450d647 diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/files/libpwquality-1.4.4-pam_pwquality-include.patch b/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/files/libpwquality-1.4.4-pam_pwquality-include.patch new file mode 100644 index 00000000000..2ed638c1e34 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/files/libpwquality-1.4.4-pam_pwquality-include.patch @@ -0,0 +1,35 @@ +https://github.com/libpwquality/libpwquality/pull/62 + +From 27057c6cbf528108c35df934280c7dd83e8d5ce9 Mon Sep 17 00:00:00 2001 +From: Sam James +Date: Wed, 7 Sep 2022 05:42:17 +0100 +Subject: [PATCH] pam_pwquality: add include for + pam_modutil_check_user_in_passwd + +After 9084c1b032161cdb53d5f66132a91bdc207faecf, one gets: +``` +pam_pwquality.c: In function 'check_local_user': +pam_pwquality.c:102:16: error: implicit declaration of function 'pam_modutil_check_user_in_passwd' [-Werror=implicit-function-declaration] + 102 | return pam_modutil_check_user_in_passwd(pamh, user, NULL) == PAM_SUCCESS; + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +cc1: some warnings being treated as errors +make[2]: *** [Makefile:634: pam_pwquality.lo] Error 1 +make[2]: *** Waiting for unfinished jobs.... +``` + +We need to include security/pam_modutil.h when appropriate. + +Signed-off-by: Sam James +--- a/src/pam_pwquality.c ++++ b/src/pam_pwquality.c +@@ -34,6 +34,10 @@ + #include + #include + ++#ifdef HAVE_PAM_CHECK_USER_IN_PASSWD ++#include ++#endif ++ + /* argument parsing */ + #define PAM_DEBUG_ARG 0x0001 + diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/libpwquality-1.4.5-r1.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/libpwquality-1.4.5-r1.ebuild new file mode 100644 index 00000000000..86d7c956d46 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/libpwquality-1.4.5-r1.ebuild @@ -0,0 +1,75 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{9..11} ) +inherit libtool pam python-r1 + +DESCRIPTION="Library for password quality checking and generating random passwords" +HOMEPAGE="https://github.com/libpwquality/libpwquality" +SRC_URI="https://github.com/${PN}/${PN}/releases/download/${P}/${P}.tar.bz2" + +LICENSE="|| ( BSD GPL-2 )" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="pam python static-libs" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +BDEPEND=" + >=sys-devel/gettext-0.18.2 + virtual/pkgconfig +" +RDEPEND=" + >=sys-libs/cracklib-2.8:=[static-libs(+)?] + pam? ( sys-libs/pam ) + python? ( ${PYTHON_DEPS} ) +" +DEPEND="${RDEPEND}" + +src_prepare() { + default + elibtoolize + + if use python ; then + # bug #830397 + export SETUPTOOLS_USE_DISTUTILS=stdlib + python_copy_sources + fi +} + +src_configure() { + # Install library in /lib for pam + configuring() { + local sitedir + econf \ + --libdir="${EPREFIX}/usr/$(get_libdir)" \ + $(use_enable pam) \ + --with-securedir="${EPREFIX}/$(getpam_mod_dir)" \ + $(use_enable python python-bindings) \ + $(usex python "--with-pythonsitedir=$(use python && python_get_sitedir)" "") \ + $(use_enable static-libs static) + } + if_use_python_python_foreach_impl configuring +} + +src_compile() { + if_use_python_python_foreach_impl default +} + +src_test() { + if_use_python_python_foreach_impl default +} + +src_install() { + if_use_python_python_foreach_impl default + find "${ED}" -name '*.la' -delete || die +} + +if_use_python_python_foreach_impl() { + if use python; then + python_foreach_impl run_in_build_dir "$@" + else + "$@" + fi +} diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/libpwquality-1.4.5.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/libpwquality-1.4.5.ebuild new file mode 100644 index 00000000000..87db7e77e81 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/libpwquality-1.4.5.ebuild @@ -0,0 +1,87 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{9..11} ) +inherit pam python-r1 usr-ldscript + +DESCRIPTION="Library for password quality checking and generating random passwords" +HOMEPAGE="https://github.com/libpwquality/libpwquality" +SRC_URI="https://github.com/${PN}/${PN}/releases/download/${P}/${P}.tar.bz2" + +LICENSE="|| ( BSD GPL-2 )" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="pam python static-libs" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +BDEPEND=" + >=sys-devel/gettext-0.18.2 + virtual/pkgconfig +" +RDEPEND=" + >=sys-libs/cracklib-2.8:=[static-libs(+)?] + pam? ( sys-libs/pam ) + python? ( ${PYTHON_DEPS} ) +" +DEPEND="${RDEPEND}" + +PATCHES=( + "${FILESDIR}"/${PN}-1.4.4-pam_pwquality-include.patch +) + +src_prepare() { + default + # ensure pkgconfig files go in /usr + sed -e "s:\(pkgconfigdir *=\).*:\1 ${EPREFIX}/usr/$(get_libdir)/pkgconfig:" \ + -i src/Makefile.{am,in} || die "sed failed" + + if use python ; then + # bug #830397 + export SETUPTOOLS_USE_DISTUTILS=stdlib + python_copy_sources + fi +} + +src_configure() { + # Install library in /lib for pam + configuring() { + local sitedir + econf \ + --libdir="${EPREFIX}/$(get_libdir)" \ + $(use_enable pam) \ + --with-securedir="${EPREFIX}/$(getpam_mod_dir)" \ + $(use_enable python python-bindings) \ + $(usex python "--with-pythonsitedir=$(use python && python_get_sitedir)" "") \ + $(use_enable static-libs static) + } + if_use_python_python_foreach_impl configuring +} + +src_compile() { + if_use_python_python_foreach_impl default +} + +src_test() { + if_use_python_python_foreach_impl default +} + +src_install() { + if_use_python_python_foreach_impl default + if use static-libs; then + # Do not install static libs in /lib + mkdir -p "${ED}/usr/$(get_libdir)" + mv "${ED}/$(get_libdir)/libpwquality.a" "${ED}/usr/$(get_libdir)/" || die + gen_usr_ldscript libpwquality.so + fi + find "${ED}" -name '*.la' -delete || die +} + +if_use_python_python_foreach_impl() { + if use python; then + python_foreach_impl run_in_build_dir "$@" + else + "$@" + fi +} diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/metadata.xml b/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/metadata.xml new file mode 100644 index 00000000000..362c8aacbdb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/metadata.xml @@ -0,0 +1,11 @@ + + + + + gnome@gentoo.org + Gentoo GNOME Desktop + + + libpwquality/libpwquality + + From 7007d513fe719fac109b4ed51531f87707e7e5c7 Mon Sep 17 00:00:00 2001 From: Simon Campion Date: Wed, 13 Mar 2024 13:38:53 +0100 Subject: [PATCH 07/22] sys-apps/keyutils: Add from Gentoo It's from Gentoo commit 2f6a333fb9bed9c7ab9b5a49065d157b62e48420 --- .../portage-stable/sys-apps/keyutils/Manifest | 1 + .../files/keyutils-1.5.10-disable-tests.patch | 51 ++++++++ .../keyutils-1.5.9-header-extern-c.patch | 43 +++++++ .../files/keyutils-1.6-makefile-fixup.patch | 25 ++++ .../keyutils-1.6.3-fix-rpmspec-check.patch | 38 ++++++ .../keyutils/files/keyutils-1.6.3-tests.patch | 76 ++++++++++++ .../keyutils/keyutils-1.6.3-r1.ebuild | 116 ++++++++++++++++++ .../sys-apps/keyutils/metadata.xml | 17 +++ 8 files changed, 367 insertions(+) create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/keyutils/Manifest create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.5.10-disable-tests.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.5.9-header-extern-c.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6-makefile-fixup.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6.3-fix-rpmspec-check.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6.3-tests.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/keyutils/keyutils-1.6.3-r1.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/keyutils/metadata.xml diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/Manifest b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/Manifest new file mode 100644 index 00000000000..a4690bb3014 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/Manifest @@ -0,0 +1 @@ +DIST keyutils-1.6.3.tar.gz 137022 BLAKE2B b5620b1b6109415fec1268963c2c65d774f3ef7a69eb1ce8d5d8e78b4b807e4fdfda861662a1b5556975ef867add8f985362a31b6608ac2dc198c8d0395d516b SHA512 f65965b8566037078b8eeffa66c6fdbe121c8c2bea7fa5bce04cf7ba5ccc50d5b48e51f4a67ca91e4d5d9a12469e7e3eb3036c920ab25e3feba6e93b4c149cf9 diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.5.10-disable-tests.patch b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.5.10-disable-tests.patch new file mode 100644 index 00000000000..fa82792cddb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.5.10-disable-tests.patch @@ -0,0 +1,51 @@ +disable tests that mess with system wide settings + +https://bugs.gentoo.org/519062 + +--- keyutils-1.5.10/tests/bugzillas/bz1031154/runtest.sh ++++ keyutils-1.5.10/tests/bugzillas/bz1031154/runtest.sh +@@ -27,6 +27,8 @@ + + echo "++++ BEGINNING TEST" >$OUTPUTFILE + ++if false ; then ++ + # we need a reference time to scan the audit log from so as not to pick up old + # results from this test. + base_date=`date +"%x@%X"` +@@ -97,6 +99,10 @@ + fi + fi + ++else ++marker "Gentoo: skipping test due to system wide modifications" ++fi ++ + echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + + # --- then report the results in the database --- + +https://bugs.gentoo.org/522050 + +--- keyutils-1.5.10/tests/keyctl/padd/useradd/runtest.sh ++++ keyutils-1.5.10/tests/keyctl/padd/useradd/runtest.sh +@@ -40,6 +40,8 @@ + marker "UNLINK KEY" + unlink_key $keyid @s + ++if false ; then ++ + if [ $skip_root_required = 0 ] && { + [ $OSDIST = RHEL ] && ! version_less_than $OSRELEASE 6.6 || + keyutils_at_or_later_than 1.5.6 ; +@@ -85,6 +87,10 @@ + fi + fi + ++else ++marker "Gentoo: skipping test due to system wide modifications" ++fi ++ + echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + + # --- then report the results in the database --- diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.5.9-header-extern-c.patch b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.5.9-header-extern-c.patch new file mode 100644 index 00000000000..c7a4c1034c9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.5.9-header-extern-c.patch @@ -0,0 +1,43 @@ +sent upstream + +From 1f15000ad21c301a51f7746eb561659348060f45 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger +Date: Wed, 25 Jan 2017 14:06:55 -1000 +Subject: [PATCH keyutils] add extern C markings to header file for C++ users + +If people try to use keyutils from C++ code, the header doesn't work +properly because the compiler mangles the keyutils symbols. Add the +right extern markings so it works out of the box. + +Signed-off-by: Mike Frysinger +--- + keyutils.h | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/keyutils.h b/keyutils.h +index a69fa7aaa11d..d50d19d3e929 100644 +--- a/keyutils.h ++++ b/keyutils.h +@@ -15,6 +15,10 @@ + #include + #include + ++#ifdef __cplusplus ++extern "C" { ++#endif ++ + extern const char keyutils_version_string[]; + extern const char keyutils_build_string[]; + +@@ -180,4 +184,8 @@ extern int recursive_session_key_scan(recursive_key_scanner_t func, void *data); + extern key_serial_t find_key_by_type_and_desc(const char *type, const char *desc, + key_serial_t destringid); + ++#ifdef __cplusplus ++} ++#endif ++ + #endif /* KEYUTILS_H */ +-- +2.11.0 + diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6-makefile-fixup.patch b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6-makefile-fixup.patch new file mode 100644 index 00000000000..25dcdeb5fc3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6-makefile-fixup.patch @@ -0,0 +1,25 @@ +From d1a02ed81c86fe7140f93b9a160fbb53be148446 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger +Date: Fri, 16 Nov 2018 12:39:12 +0100 +Subject: [PATCH] depend on $(DEVELLIB) not -lkeyutils + +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index 33a451e..845b8fe 100644 +--- a/Makefile ++++ b/Makefile +@@ -184,7 +184,7 @@ ifeq ($(NO_SOLIB),0) + $(INSTALL) -D $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(LIBNAME) + $(LNS) $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SONAME) + mkdir -p $(DESTDIR)$(USRLIBDIR) +- $(LNS) $(LIBDIR)/$(SONAME) $(DESTDIR)$(USRLIBDIR)/$(DEVELLIB) ++ $(LNS) $(SONAME) $(DESTDIR)$(USRLIBDIR)/$(DEVELLIB) + sed \ + -e 's,@VERSION\@,$(VERSION),g' \ + -e 's,@prefix\@,$(PREFIX),g' \ +-- +2.19.1 + diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6.3-fix-rpmspec-check.patch b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6.3-fix-rpmspec-check.patch new file mode 100644 index 00000000000..3fb659712ae --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6.3-fix-rpmspec-check.patch @@ -0,0 +1,38 @@ +https://bugs.gentoo.org/760633 + +From 41077f8901b642d36b63f94b0fc62377a07fc0b2 Mon Sep 17 00:00:00 2001 +From: Adrian Ratiu +Date: Tue, 4 Jan 2022 03:51:10 +0200 +Subject: [PATCH] Makefile: only run rpmspec if it exists + +keyutils is built on many distros which do not use rpm like +Gentoo, ChromeOS or Arch. Older versions of bash silently +ignored the fact that rpmspec was missing, but newer bash +like v5.1 issue a new error: + +/bin/sh: line 1: rpmspec: command not found + +This happens every time the Makefile is parsed, including +for a simple "make" invocation or "make install" even if +a rpm package is not desired. + +Arch Linux simply ignores this new error but Gentoo and +ChromeOS fail because portage actively monitors the build +log for errors like this. See bug report [1]. + +Fix this by calling rpmspec only if it exists. + +[1] https://bugs.gentoo.org/760633 + +Signed-off-by: Adrian Ratiu +--- a/Makefile ++++ b/Makefile +@@ -285,7 +285,7 @@ SRCBALL := rpmbuild/SOURCES/$(TARBALL) + ZSRCBALL := rpmbuild/SOURCES/$(ZTARBALL) + + BUILDID := .local +-rpmver0 := $(shell rpmspec -q ./keyutils.spec --define "buildid $(BUILDID)") ++rpmver0 := $(shell if which rpmspec >/dev/null 2>&1; then rpmspec -q ./keyutils.spec --define "buildid $(BUILDID)"; fi) + rpmver1 := $(word 1,$(rpmver0)) + rpmver2 := $(subst ., ,$(rpmver1)) + rpmver3 := $(lastword $(rpmver2)) diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6.3-tests.patch b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6.3-tests.patch new file mode 100644 index 00000000000..d9414e800a6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6.3-tests.patch @@ -0,0 +1,76 @@ +https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/commit/?id=c076dff259e99d84d3822b4d2ad7f3f66532f411 + +From c076dff259e99d84d3822b4d2ad7f3f66532f411 Mon Sep 17 00:00:00 2001 +From: Pavel Reichl +Date: Tue, 20 Dec 2022 14:13:29 +0100 +Subject: test: Fix test expectation based on kernel config + +Some test results are dependent on the kernel configuration option +CONFIG_SYSTEM_BLACKLIST_AUTH_UPDATE. + +Check the kernel configuration file for its presence and expect appropriate +test results. + +Function has_kernel_config is based on its xfstsests counterpart. + +Signed-off-by: Pavel Reichl +Signed-off-by: David Howells +--- a/tests/features/builtin_trusted/runtest.sh ++++ b/tests/features/builtin_trusted/runtest.sh +@@ -33,7 +33,11 @@ expect_error EACCES + create_key --fail user a a $stk + expect_error EOPNOTSUPP + create_key --fail user a a $blk +-expect_error EACCES ++if has_kernel_config "CONFIG_SYSTEM_BLACKLIST_AUTH_UPDATE"; then ++ expect_error EOPNOTSUPP ++else ++ expect_error EACCES ++fi + + # Try adding a key to the keyrings + marker "TRY ADDING ASYMMETRIC KEYS" +@@ -89,7 +93,11 @@ expect_error EACCES + create_key --fail -x asymmetric "" "$x509" $stk + expect_error ENOKEY + create_key --fail -x asymmetric "" "$x509" $blk +-expect_error EACCES ++if has_kernel_config "CONFIG_SYSTEM_BLACKLIST_AUTH_UPDATE"; then ++ expect_error EOPNOTSUPP ++else ++ expect_error EACCES ++fi + + echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE + +--- a/tests/prepare.inc.sh ++++ b/tests/prepare.inc.sh +@@ -4,6 +4,26 @@ + includes=${BASH_SOURCE[0]} + includes=${includes%/*}/ + ++# Check if currently running kernel has option set ++function has_kernel_config() ++{ ++ local option=$1 ++ local uname=$(uname -r) ++ local config_list="$KCONFIG_PATH ++ /lib/modules/$uname/build/.config ++ /boot/config-$uname ++ /lib/kernel/config-$uname" ++ ++ for config in $config_list; do ++ [ ! -f $config ] && continue ++ grep -qE "^${option}=[my]" $config ++ return ++ done ++ ++ echo "Failed to find kernel configuration file" ++ return false ++} ++ + # --- need to run in own session keyring + watch_fd=0 + if [ "$1" != "--inside-test-session" ] +-- +cgit 1.2.3-korg diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/keyutils-1.6.3-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/keyutils-1.6.3-r1.ebuild new file mode 100644 index 00000000000..c8d82212103 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/keyutils-1.6.3-r1.ebuild @@ -0,0 +1,116 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit toolchain-funcs linux-info multilib-minimal + +DESCRIPTION="Linux Key Management Utilities" +HOMEPAGE="https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git" +SRC_URI="https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/snapshot/${P}.tar.gz" + +LICENSE="GPL-2 LGPL-2.1" +SLOT="0/1.9" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux" +IUSE="static static-libs test" +RESTRICT="!test? ( test )" + +RDEPEND="" +DEPEND="!prefix? ( >=sys-kernel/linux-headers-2.6.11 )" + +PATCHES=( + "${FILESDIR}"/${PN}-1.6-makefile-fixup.patch + "${FILESDIR}"/${PN}-1.5.10-disable-tests.patch #519062 #522050 + "${FILESDIR}"/${PN}-1.5.9-header-extern-c.patch + "${FILESDIR}"/${PN}-1.6.3-fix-rpmspec-check.patch + "${FILESDIR}"/${P}-tests.patch +) + +pkg_setup() { + # To prevent a failure in test phase and false positive bug reports + # we are enforcing the following options because testsuite expects + # that these options are available. I.e. testsuite only decides based + # on kernel version which tests will be called, no feature checking. + if use test ; then + CONFIG_CHECK="KEYS" + ERROR_KEYS="You must have CONFIG_KEYS to run the package testsuite!" + + if kernel_is -ge 2 6 10 && kernel_is -lt 4 0 0 ; then + CONFIG_CHECK="${CONFIG_CHECK} KEYS_DEBUG_PROC_KEYS" + ERROR_KEYS_DEBUG_PROC_KEYS="You must have CONFIG_KEYS_DEBUG_PROC_KEYS to run the package testsuite!" + fi + + if kernel_is -ge 4 7 ; then + CONFIG_CHECK="${CONFIG_CHECK} KEY_DH_OPERATIONS" + ERROR_KEY_DH_OPERATIONS="You must have CONFIG_KEY_DH_OPERATIONS to run the package testsuite!" + fi + else + CONFIG_CHECK="~KEYS" + ERROR_KEYS="You will be unable to use this package on this system because CONFIG_KEYS is not set!" + + if kernel_is -ge 4 7 ; then + CONFIG_CHECK="${CONFIG_CHECK} ~KEY_DH_OPERATIONS" + ERROR_KEY_DH_OPERATIONS="You will be unable to use Diffie-Hellman on this system because CONFIG_KEY_DH_OPERATIONS is not set!" + fi + fi + + linux-info_pkg_setup +} + +src_prepare() { + default + + # The lsb check is useless, so avoid spurious command not found messages. + sed -i -e 's,lsb_release,:,' tests/prepare.inc.sh || die + # Some tests call the kernel which calls userspace, but that will + # run the install keyutils rather than the locally compiled one, + # so disable round trip tests. + rm -rf tests/keyctl/requesting/{bad-args,piped,valid} + + multilib_copy_sources +} + +multilib_src_compile() { + tc-export AR CC CXX + sed -i \ + -e "1iRPATH = $(usex static -static '')" \ + -e '/^C.*FLAGS/s|:=|+=|' \ + -e 's:-Werror::' \ + -e '/^BUILDFOR/s:=.*:=:' \ + -e "/^LIBDIR/s:=.*:= /usr/$(get_libdir):" \ + -e '/^USRLIBDIR/s:=.*:=$(LIBDIR):' \ + -e "s: /: ${EPREFIX}/:g" \ + -e '/^NO_ARLIB/d' \ + Makefile || die + + # We need the static lib in order to statically link programs. + if use static ; then + export NO_ARLIB=0 + # Hack the progs to depend on the static lib instead. + sed -i \ + -e '/^.*:.*[$](DEVELLIB)$/s:$(DEVELLIB):$(ARLIB) $(SONAME):' \ + Makefile || die + else + export NO_ARLIB=$(usex static-libs 0 1) + fi + emake +} + +multilib_src_test() { + # Execute the locally compiled code rather than the + # older versions already installed in the system. + LD_LIBRARY_PATH=${BUILD_DIR} \ + PATH="${BUILD_DIR}:${PATH}" \ + emake test +} + +multilib_src_install() { + # Possibly undo the setting for USE=static (see src_compile). + export NO_ARLIB=$(usex static-libs 0 1) + + default +} + +multilib_src_install_all() { + dodoc README +} diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/metadata.xml new file mode 100644 index 00000000000..f16b3424c61 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/metadata.xml @@ -0,0 +1,17 @@ + + + + + robbat2@gentoo.org + + + base-system@gentoo.org + Gentoo Base System + + + cpe:/a:keyutils_project:keyutils + + + Reflect ABI compatibility for libkeyutils.so. + + From 90e178324108bdda8e208d1fe64a8b4b94c87555 Mon Sep 17 00:00:00 2001 From: Simon Campion Date: Wed, 13 Mar 2024 13:39:06 +0100 Subject: [PATCH 08/22] sys-auth/polkit: Add from Gentoo It's from Gentoo commit 2f6a333fb9bed9c7ab9b5a49065d157b62e48420 --- .../portage-stable/sys-auth/Manifest | 3 + .../polkit-122-libs-only-postinstall.patch | 39 +++++ .../sys-auth/files/polkit-123-mozjs-JIT.patch | 36 ++++ .../polkit-123-pkexec-uninitialized.patch | 35 ++++ .../files/polkit-124-systemd-fixup.patch | 28 +++ .../sys-auth/files/polkit-124-systemd.patch | 50 ++++++ .../portage-stable/sys-auth/metadata.xml | 15 ++ .../sys-auth/polkit-122-r1.ebuild | 160 +++++++++++++++++ .../portage-stable/sys-auth/polkit-123.ebuild | 162 +++++++++++++++++ .../sys-auth/polkit-124-r1.ebuild | 165 ++++++++++++++++++ 10 files changed, 693 insertions(+) create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/Manifest create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-122-libs-only-postinstall.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-123-mozjs-JIT.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-123-pkexec-uninitialized.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-124-systemd-fixup.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-124-systemd.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/metadata.xml create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/polkit-122-r1.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/polkit-123.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-auth/polkit-124-r1.ebuild diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/Manifest b/sdk_container/src/third_party/portage-stable/sys-auth/Manifest new file mode 100644 index 00000000000..6827b928136 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/Manifest @@ -0,0 +1,3 @@ +DIST polkit-122.tar.bz2 704972 BLAKE2B 601ed969de816d061a974b07490d64c144940898a75d4e1761462ee1ff0f00686b068298fa6fdc901879d8cd4bea4334c0187aa5bde50acf90728c37e73e21f4 SHA512 a7c0a951bbcdb09899adbc128296c74fc062441e996f4d6a782b214178f0936137e2fdc489eaa86a00599b988711735a5bd9b5c3b93bdb42fb915db9f9b04e26 +DIST polkit-123.tar.bz2 707480 BLAKE2B 27d8764606d8156118269fb4cd5eda1cfd0d56df219e4157cd78fd4c2a2d001c474271b7bb31e7e82ca376eacd26411418695058cc888700690606348b4d014a SHA512 4306363d3ed7311243de462832199bd10ddda35e36449104daff0895725d8189b07a4c88340f28607846fdf761c23470da2d43288199c46aa816426384124bb6 +DIST polkit-124.tar.bz2 715490 BLAKE2B ecfc1ec73a7e1bbdf7374642ad4e1dbe534149a27e75bb1235eaa446ff912466ee0cdd978c34b7f110bc62a49b25ffddc9011e280686e3f304a234454be85a40 SHA512 db520882b0bedf1c96052570bf4c55d7e966d8172f6d26acf0791d98c4b911fce5ee39e6d830f06122ac8df33c6b43c252cdb7ba3a54523804824ebf355405dc diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-122-libs-only-postinstall.patch b/sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-122-libs-only-postinstall.patch new file mode 100644 index 00000000000..d96b4bc4bde --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-122-libs-only-postinstall.patch @@ -0,0 +1,39 @@ +https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/149 + +From bef75fb8291b3871894d8ffe19f7242448cdb4a8 Mon Sep 17 00:00:00 2001 +From: Sam James +Date: Wed, 7 Dec 2022 13:18:09 +0000 +Subject: [PATCH] meson.build: fix install with libs_only + +Bug: https://bugs.gentoo.org/884701 +Signed-off-by: Sam James +--- a/meson.build ++++ b/meson.build +@@ -360,14 +360,17 @@ configure_file( + configuration: config_h, + ) + +-meson.add_install_script( +- 'meson_post_install.py', +- get_option('bindir'), +- pk_pkgdatadir, +- pk_libprivdir, +- pk_pkgsysconfdir, +- polkitd_user, +-) ++ ++if not libs_only ++ meson.add_install_script( ++ 'meson_post_install.py', ++ get_option('bindir'), ++ pk_pkgdatadir, ++ pk_libprivdir, ++ pk_pkgsysconfdir, ++ polkitd_user, ++ ) ++endif + + output = '\n ' + meson.project_name() + ' ' + meson.project_version() + '\n' + output += ' ============\n\n' +-- +GitLab diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-123-mozjs-JIT.patch b/sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-123-mozjs-JIT.patch new file mode 100644 index 00000000000..5b3f2c4a364 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-123-mozjs-JIT.patch @@ -0,0 +1,36 @@ +https://gitlab.freedesktop.org/polkit/polkit/-/commit/4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb + +From 4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Sat, 29 Jul 2023 17:44:58 +0800 +Subject: [PATCH] jsauthority: mozjs: Disable JIT + +The JIT compiling of mozjs needs W/X mapping, but our systemd hardening +setting does not allow it. + +For polkit, security is much more important than the speed running +Javascript code in rule files, so we should disable JIT. + +Fixes #199. +--- a/src/polkitbackend/polkitbackendjsauthority.cpp ++++ b/src/polkitbackend/polkitbackendjsauthority.cpp +@@ -56,7 +56,16 @@ + static class JsInitHelperType + { + public: +- JsInitHelperType() { JS_Init(); } ++ JsInitHelperType() ++ { ++ /* Disable JIT because it needs W/X mapping, which is not allowed by ++ * our systemd hardening setting. ++ */ ++ JS::DisableJitBackend(); ++ ++ JS_Init(); ++ } ++ + ~JsInitHelperType() { JS_ShutDown(); } + } JsInitHelper; + +-- +GitLab diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-123-pkexec-uninitialized.patch b/sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-123-pkexec-uninitialized.patch new file mode 100644 index 00000000000..f19560943c4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-123-pkexec-uninitialized.patch @@ -0,0 +1,35 @@ +https://gitlab.freedesktop.org/polkit/polkit/-/commit/c79ee5595c8d397098978ad50eb521ba2ae8467d + +From c79ee5595c8d397098978ad50eb521ba2ae8467d Mon Sep 17 00:00:00 2001 +From: Vincent Mihalkovic +Date: Wed, 16 Aug 2023 08:59:55 +0000 +Subject: [PATCH] pkexec: fix uninitialized pointer warning + +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -53,6 +53,7 @@ + static gchar *original_user_name = NULL; + static gchar *original_cwd; + static gchar *command_line = NULL; ++static gchar *cmdline_short = NULL; + static struct passwd *pw; + + #ifndef HAVE_CLEARENV +@@ -508,6 +509,7 @@ main (int argc, char *argv[]) + path = NULL; + exec_argv = NULL; + command_line = NULL; ++ cmdline_short = NULL; + opt_user = NULL; + local_agent_handle = NULL; + +@@ -802,7 +804,6 @@ main (int argc, char *argv[]) + polkit_details_insert (details, "program", path); + polkit_details_insert (details, "command_line", command_line); + +- gchar *cmdline_short = NULL; + cmdline_short = g_strdup(command_line); + if (strlen(command_line) > 80) + g_stpcpy(g_stpcpy( cmdline_short + 38, " ... " ), +-- +GitLab diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-124-systemd-fixup.patch b/sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-124-systemd-fixup.patch new file mode 100644 index 00000000000..a4dd7eafcf9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-124-systemd-fixup.patch @@ -0,0 +1,28 @@ +https://bugs.gentoo.org/922458 +https://github.com/polkit-org/polkit/pull/417/files#r1458416421 +--- a/meson.build ++++ b/meson.build +@@ -212,14 +212,17 @@ if enable_logind + config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep)) + + # systemd unit / service files +- systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + systemd_systemdsystemunitdir = get_option('systemdsystemunitdir') +- if systemd_systemdsystemunitdir == '' and session_tracking == 'libsystemd-login' +- # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used +- systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir') +- endif ++ if session_tracking == 'libsystemd-login' ++ systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + +- systemd_sysusers_dir = systemd_dep.get_pkgconfig_variable('sysusers_dir', default: '/usr/lib/sysusers.d') ++ if systemd_systemdsystemunitdir == '' ++ # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used ++ systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir') ++ endif ++ ++ systemd_sysusers_dir = systemd_dep.get_pkgconfig_variable('sysusers_dir', default: '/usr/lib/sysusers.d') ++ endif + endif + config_h.set('HAVE_LIBSYSTEMD', enable_logind) + diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-124-systemd.patch b/sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-124-systemd.patch new file mode 100644 index 00000000000..e9b10e99e5d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/files/polkit-124-systemd.patch @@ -0,0 +1,50 @@ +https://github.com/polkit-org/polkit/pull/417 + +From 69d6b94d590b4dd1fbbac22b4f4d449f46ef61aa Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Thu, 18 Jan 2024 15:07:32 +0000 +Subject: [PATCH] meson: fix build failure when -Dsystemdsystemunitdir is + specified + +When 'systemdsystemunitdir' is specified as an option the systemd_dep +variable is not defined, but the sysusers.d directory lookup uses it, +causing a build failure: + +dh_auto_configure -- \ + -Dexamples=false \ + -Dintrospection=true \ + -Dman=true \ + -Dsystemdsystemunitdir=/usr/lib/systemd/system \ + -Dtests=true \ + -Dgtk_doc=true -Dsession_tracking=libsystemd-login + cd obj-x86_64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 meson setup .. --wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=lib/x86_64-linux-gnu -Dpython.bytecompile=-1 -Dexamples=false -Dintrospection=true -Dman=true -Dsystemdsystemunitdir=/usr/lib/systemd/system -Dtests=true -Dgtk_doc=true -Dsession_tracking=libsystemd-login +The Meson build system +Version: 1.3.1 +Source dir: /builds/bluca/polkit/debian/output/source_dir +Build dir: /builds/bluca/polkit/debian/output/source_dir/obj-x86_64-linux-gnu +Build type: native build +Project name: polkit +Project version: 124 + +<...> + +Run-time dependency libsystemd found: YES 255 +Checking for function "sd_uid_get_display" with dependency libsystemd: YES +Checking for function "sd_pidfd_get_session" with dependency libsystemd: YES +../meson.build:222:37: ERROR: Unknown variable "systemd_dep". + +Follow-up for 24f1e0af3f7bd17e220cb96201f3c654e737ad34 +--- a/meson.build ++++ b/meson.build +@@ -212,9 +212,9 @@ if enable_logind + config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep)) + + # systemd unit / service files ++ systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + systemd_systemdsystemunitdir = get_option('systemdsystemunitdir') + if systemd_systemdsystemunitdir == '' and session_tracking == 'libsystemd-login' +- systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used + systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir') + endif + diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-auth/metadata.xml new file mode 100644 index 00000000000..420dae0ebcd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/metadata.xml @@ -0,0 +1,15 @@ + + + + + freedesktop-bugs@gentoo.org + + + Build polkitd in addition to libpolkit. + Use dev-lang/duktape instead of dev-lang/spidermonkey as JavaScript engine + Use sys-apps/systemd for session tracking + + + polkit-org/polkit + + diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit-122-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/polkit-122-r1.ebuild new file mode 100644 index 00000000000..fc80a36e0f1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit-122-r1.ebuild @@ -0,0 +1,160 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{9..11} ) +inherit meson pam pax-utils python-any-r1 systemd xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit" +if [[ ${PV} == *_p* ]] ; then + # Upstream don't make releases very often. Test snapshots throughly + # and review commits, but don't shy away if there's useful stuff there + # we want. + MY_COMMIT="" + SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2" + + S="${WORKDIR}"/${PN}-${MY_COMMIT} +else + SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2" +fi + +LICENSE="LGPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test" +# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction +RESTRICT="!test? ( test ) test" + +# This seems to be fixed with 121? +#if [[ ${PV} == *_p* ]] ; then +# RESTRICT="!test? ( test )" +#else +# # Tests currently don't work with meson in the dist tarballs. See +# # https://gitlab.freedesktop.org/polkit/polkit/-/issues/144 +# RESTRICT="test" +#fi + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + dev-libs/glib + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + sys-devel/gettext + virtual/pkgconfig + introspection? ( dev-libs/gobject-introspection ) + test? ( + $(python_gen_any_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/python-dbusmock[${PYTHON_USEDEP}] + ') + ) +" +DEPEND=" + dev-libs/glib:2 + dev-libs/expat + daemon? ( + duktape? ( dev-lang/duktape:= ) + !duktape? ( dev-lang/spidermonkey:102[-debug] ) + ) + pam? ( + sys-auth/pambase + sys-libs/pam + ) + !pam? ( virtual/libcrypt:= ) + systemd? ( sys-apps/systemd:0=[policykit] ) + !systemd? ( sys-auth/elogind ) +" +RDEPEND="${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING.md NEWS.md README.md ) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd +" + +PATCHES=( + "${FILESDIR}"/${PN}-122-libs-only-postinstall.patch +) + +python_check_deps() { + python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && + python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # bug #401513 + sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die +} + +src_configure() { + xdg_environment_reset + + local emesonargs=( + --localstatedir="${EPREFIX}"/var + -Dauthfw="$(usex pam pam shadow)" + -Dexamples=false + -Dgtk_doc=false + -Dman=true + -Dos_type=gentoo + -Dsession_tracking="$(usex systemd libsystemd-login libelogind)" + -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" + -Djs_engine=$(usex duktape duktape mozjs) + $(meson_use !daemon libs-only) + $(meson_use introspection) + $(meson_use test tests) + $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '') + ) + meson_src_configure +} + +src_compile() { + meson_src_compile + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest +} + +src_install() { + meson_src_install + + if use examples ; then + docinto examples + dodoc src/examples/{*.c,*.policy*} + fi + + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi +} + +pkg_postinst() { + if use daemon && [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit-123.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/polkit-123.ebuild new file mode 100644 index 00000000000..fae107ce559 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit-123.ebuild @@ -0,0 +1,162 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..11} ) +inherit meson pam pax-utils python-any-r1 systemd xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit" +if [[ ${PV} == *_p* ]] ; then + # Upstream don't make releases very often. Test snapshots throughly + # and review commits, but don't shy away if there's useful stuff there + # we want. + MY_COMMIT="" + SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2" + + S="${WORKDIR}"/${PN}-${MY_COMMIT} +else + SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2" +fi + +LICENSE="LGPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test" +# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction +RESTRICT="!test? ( test ) test" + +# This seems to be fixed with 121? +#if [[ ${PV} == *_p* ]] ; then +# RESTRICT="!test? ( test )" +#else +# # Tests currently don't work with meson in the dist tarballs. See +# # https://gitlab.freedesktop.org/polkit/polkit/-/issues/144 +# RESTRICT="test" +#fi + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + dev-libs/glib + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + sys-devel/gettext + virtual/pkgconfig + introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) + test? ( + $(python_gen_any_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/python-dbusmock[${PYTHON_USEDEP}] + ') + ) +" +DEPEND=" + >=dev-libs/glib-2.32:2 + dev-libs/expat + daemon? ( + duktape? ( dev-lang/duktape:= ) + !duktape? ( dev-lang/spidermonkey:102[-debug] ) + ) + pam? ( + sys-auth/pambase + sys-libs/pam + ) + !pam? ( virtual/libcrypt:= ) + systemd? ( sys-apps/systemd:0=[policykit] ) + !systemd? ( sys-auth/elogind ) +" +RDEPEND=" + ${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING.md NEWS.md README.md ) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd +" + +PATCHES=( + "${FILESDIR}"/${P}-mozjs-JIT.patch + "${FILESDIR}"/${P}-pkexec-uninitialized.patch +) + +python_check_deps() { + python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && + python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # bug #401513 + sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die +} + +src_configure() { + xdg_environment_reset + + local emesonargs=( + --localstatedir="${EPREFIX}"/var + -Dauthfw="$(usex pam pam shadow)" + -Dexamples=false + -Dgtk_doc=false + -Dman=true + -Dos_type=gentoo + -Dsession_tracking="$(usex systemd libsystemd-login libelogind)" + -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" + -Djs_engine=$(usex duktape duktape mozjs) + $(meson_use !daemon libs-only) + $(meson_use introspection) + $(meson_use test tests) + $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '') + ) + meson_src_configure +} + +src_compile() { + meson_src_compile + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest +} + +src_install() { + meson_src_install + + if use examples ; then + docinto examples + dodoc src/examples/{*.c,*.policy*} + fi + + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi +} + +pkg_postinst() { + if use daemon && [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit-124-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/polkit-124-r1.ebuild new file mode 100644 index 00000000000..d5ae6fcf9f5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit-124-r1.ebuild @@ -0,0 +1,165 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit meson pam pax-utils python-any-r1 systemd xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit" +if [[ ${PV} == *_p* ]] ; then + # Upstream don't make releases very often. Test snapshots throughly + # and review commits, but don't shy away if there's useful stuff there + # we want. + MY_COMMIT="" + SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2" + + S="${WORKDIR}"/${PN}-${MY_COMMIT} +else + SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2" +fi + +LICENSE="LGPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test" +# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction +RESTRICT="!test? ( test ) test" + +# This seems to be fixed with 121? +#if [[ ${PV} == *_p* ]] ; then +# RESTRICT="!test? ( test )" +#else +# # Tests currently don't work with meson in the dist tarballs. See +# # https://gitlab.freedesktop.org/polkit/polkit/-/issues/144 +# RESTRICT="test" +#fi + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + dev-libs/glib + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + sys-devel/gettext + virtual/pkgconfig + introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) + test? ( + $(python_gen_any_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/python-dbusmock[${PYTHON_USEDEP}] + ') + ) +" +DEPEND=" + >=dev-libs/glib-2.32:2 + dev-libs/expat + daemon? ( + duktape? ( dev-lang/duktape:= ) + !duktape? ( dev-lang/spidermonkey:115[-debug] ) + ) + pam? ( + sys-auth/pambase + sys-libs/pam + ) + !pam? ( virtual/libcrypt:= ) + systemd? ( sys-apps/systemd:0=[policykit] ) + !systemd? ( sys-auth/elogind ) +" +RDEPEND=" + ${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING.md NEWS.md README.md ) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd +" + +PATCHES=( + "${FILESDIR}"/${PN}-124-systemd.patch + "${FILESDIR}"/${PN}-124-systemd-fixup.patch +) + +python_check_deps() { + python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && + python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # bug #401513 + sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die +} + +src_configure() { + xdg_environment_reset + + local emesonargs=( + --localstatedir="${EPREFIX}"/var + -Dauthfw="$(usex pam pam shadow)" + -Dexamples=false + -Dgtk_doc=false + -Dman=true + -Dos_type=gentoo + -Dsession_tracking="$(usex systemd libsystemd-login libelogind)" + -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" + -Djs_engine=$(usex duktape duktape mozjs) + $(meson_use !daemon libs-only) + $(meson_use introspection) + $(meson_use test tests) + $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '') + ) + meson_src_configure +} + +src_compile() { + meson_src_compile + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest +} + +src_install() { + meson_src_install + + # acct-user/polkitd installs its own (albeit with a different filename) + rm -rf "${ED}"/usr/lib/sysusers.d || die + + if use examples ; then + docinto examples + dodoc src/examples/{*.c,*.policy*} + fi + + if use daemon; then + if [[ ${EUID} == 0 ]]; then + diropts -m 0700 -o polkitd + fi + keepdir /etc/polkit-1/rules.d + fi +} + +pkg_postinst() { + if use daemon && [[ ${EUID} == 0 ]]; then + chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + fi +} From 08233eedfb75d3911a0e1094cd8ebd8cb61242d8 Mon Sep 17 00:00:00 2001 From: Simon Campion Date: Wed, 13 Mar 2024 13:39:45 +0100 Subject: [PATCH 09/22] sys-fs/udisks: Add from Gentoo It's from Gentoo commit 2f6a333fb9bed9c7ab9b5a49065d157b62e48420 --- .../portage-stable/sys-fs/udisks/Manifest | 3 + .../udisks/files/udisks-2.9.4-undefined.patch | 143 +++++++++++++++++ .../portage-stable/sys-fs/udisks/metadata.xml | 18 +++ .../sys-fs/udisks/udisks-2.10.0.ebuild | 141 ++++++++++++++++ .../sys-fs/udisks/udisks-2.10.1.ebuild | 141 ++++++++++++++++ .../sys-fs/udisks/udisks-2.9.4-r3.ebuild | 150 ++++++++++++++++++ 6 files changed, 596 insertions(+) create mode 100644 sdk_container/src/third_party/portage-stable/sys-fs/udisks/Manifest create mode 100644 sdk_container/src/third_party/portage-stable/sys-fs/udisks/files/udisks-2.9.4-undefined.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-fs/udisks/metadata.xml create mode 100644 sdk_container/src/third_party/portage-stable/sys-fs/udisks/udisks-2.10.0.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-fs/udisks/udisks-2.10.1.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-fs/udisks/udisks-2.9.4-r3.ebuild diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/udisks/Manifest b/sdk_container/src/third_party/portage-stable/sys-fs/udisks/Manifest new file mode 100644 index 00000000000..5ab345ba851 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/udisks/Manifest @@ -0,0 +1,3 @@ +DIST udisks-2.10.0.tar.bz2 1784010 BLAKE2B a3923433408ab87448ea0b6dcafcf329b1392f5810ca6d1bcb52da90aad02578f9e533041a5ad62258c485e43b834a60b28fc66ade0aa241c1cdfafdb130bf65 SHA512 3c9dc18dd5f6d61442205f4df2592ebf79211d12d71168f96e6814c2ce16f7a46cda7c0a5ccf47b7dc8b655d8af654d5a62e54b04e5b600af0b15558442cf3ed +DIST udisks-2.10.1.tar.bz2 1896207 BLAKE2B 41282e4dbbd93e6bda2a10a6ff2f2fb82bfc83b3ccbed9450cca7888c634cde9300fcd0b7d055e0d8e4c8fc0b431a75d5612a24132ea9b2677d194529732178d SHA512 9cdaeca4306a970c85f88d406dbe5d2dad23d72f47d9ab1c021b8c2888d4c790f680eb94388d86f9255024283b4a36e98b8aee4408d193a7d4aad1e74463356a +DIST udisks-2.9.4.tar.bz2 1699288 BLAKE2B 913f6dd02988c0bded13ae15a5f05e5b3c6404f0b0d58a493601a0762c7534403f89e9fb46ec6a536b85d5f9ca1f788c7a308f5563a897b324d212da0e7bab4b SHA512 35f5429bc2a7092aa659cba9296837d127e2b17c23ab23111d0d9b230d15ef5a6965e112b1f3829748a69a52fb5b09722153f86f1ef70977b3ad7b7a4ec40ec5 diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/udisks/files/udisks-2.9.4-undefined.patch b/sdk_container/src/third_party/portage-stable/sys-fs/udisks/files/udisks-2.9.4-undefined.patch new file mode 100644 index 00000000000..271a5271e3c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/udisks/files/udisks-2.9.4-undefined.patch @@ -0,0 +1,143 @@ +Upstream-PR: https://github.com/storaged-project/udisks/pull/978 +Upstream-PR: https://github.com/storaged-project/udisks/pull/979 +Upstream-Commit: 362cc8f1613193f8e68d13a416421bb36fd7f713 +Upstream-Commit: 6cbce6602ce447127cb4f77706870b6706bf1c5f +Upstream-Commit: 97bb17425e52ee6b2f11b13b3764d0dd6e8cfc97 +From 362cc8f1613193f8e68d13a416421bb36fd7f713 Mon Sep 17 00:00:00 2001 +From: orbea +Date: Tue, 10 May 2022 09:29:10 -0700 +Subject: [PATCH 1/3] modules/btrfs: Add missing dependency + +When building udisks with --enable-btrfs using slibtool instead of GNU +libtool the build will fail with undefined references. + +This is because of a missing dependency for libudisks2_btrfs_la_LIBADD +and GNU libtool will hide this issue by silently ignoring -no-undefined +while slibtool does not. + +Gentoo Bug: https://bugs.gentoo.org/782061 +--- + modules/btrfs/Makefile.am | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/modules/btrfs/Makefile.am b/modules/btrfs/Makefile.am +index ac8c941849..f96cd16186 100644 +--- a/modules/btrfs/Makefile.am ++++ b/modules/btrfs/Makefile.am +@@ -73,6 +73,7 @@ libudisks2_btrfs_la_LDFLAGS = \ + $(NULL) + + libudisks2_btrfs_la_LIBADD = \ ++ $(top_builddir)/src/libudisks-daemon.la \ + $(GLIB_LIBS) \ + $(GIO_LIBS) \ + $(GUDEV_LIBS) \ + +From 6cbce6602ce447127cb4f77706870b6706bf1c5f Mon Sep 17 00:00:00 2001 +From: orbea +Date: Wed, 11 May 2022 07:55:13 -0700 +Subject: [PATCH 2/3] modules/bcache: Add missing dependency + +--- + modules/bcache/Makefile.am | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/modules/bcache/Makefile.am b/modules/bcache/Makefile.am +index 571541a6d4..7509205ba2 100644 +--- a/modules/bcache/Makefile.am ++++ b/modules/bcache/Makefile.am +@@ -71,6 +71,7 @@ libudisks2_bcache_la_LDFLAGS = \ + $(NULL) + + libudisks2_bcache_la_LIBADD = \ ++ $(top_builddir)/src/libudisks-daemon.la \ + $(GLIB_LIBS) \ + $(GIO_LIBS) \ + $(GUDEV_LIBS) \ + +From 97bb17425e52ee6b2f11b13b3764d0dd6e8cfc97 Mon Sep 17 00:00:00 2001 +From: orbea +Date: Wed, 11 May 2022 07:55:25 -0700 +Subject: [PATCH 3/3] modules/lvm2: Add missing dependency + +--- + modules/lvm2/Makefile.am | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/modules/lvm2/Makefile.am b/modules/lvm2/Makefile.am +index 3342ad8e9b..67b8aa6b3f 100644 +--- a/modules/lvm2/Makefile.am ++++ b/modules/lvm2/Makefile.am +@@ -76,6 +76,7 @@ libudisks2_lvm2_la_LDFLAGS = \ + $(NULL) + + libudisks2_lvm2_la_LIBADD = \ ++ $(top_builddir)/src/libudisks-daemon.la \ + $(GLIB_LIBS) \ + $(GIO_LIBS) \ + $(GUDEV_LIBS) \ +From 663f8194eeac75ec26fbfbd8855c5873315c495c Mon Sep 17 00:00:00 2001 +From: Tomas Bzatek +Date: Fri, 13 May 2022 17:04:52 +0200 +Subject: [PATCH 1/3] modules/iscsi: Add missing linker dependency + +--- + modules/iscsi/Makefile.am | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/modules/iscsi/Makefile.am b/modules/iscsi/Makefile.am +index 05af5ece29..2cecc300e9 100644 +--- a/modules/iscsi/Makefile.am ++++ b/modules/iscsi/Makefile.am +@@ -77,6 +77,7 @@ libudisks2_iscsi_la_LDFLAGS = \ + $(NULL) + + libudisks2_iscsi_la_LIBADD = \ ++ $(top_builddir)/src/libudisks-daemon.la \ + $(GLIB_LIBS) \ + $(GIO_LIBS) \ + $(GUDEV_LIBS) \ + +From 8ff2214d740f9819d6ede02534d7d0f23d6a3818 Mon Sep 17 00:00:00 2001 +From: Tomas Bzatek +Date: Fri, 13 May 2022 17:05:26 +0200 +Subject: [PATCH 2/3] modules/lsm: Add missing linker dependency + +--- + modules/lsm/Makefile.am | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/modules/lsm/Makefile.am b/modules/lsm/Makefile.am +index 2193115417..b77a9013fa 100644 +--- a/modules/lsm/Makefile.am ++++ b/modules/lsm/Makefile.am +@@ -71,6 +71,7 @@ libudisks2_lsm_la_LDFLAGS = \ + $(NULL) + + libudisks2_lsm_la_LIBADD = \ ++ $(top_builddir)/src/libudisks-daemon.la \ + $(GLIB_LIBS) \ + $(GIO_LIBS) \ + $(GUDEV_LIBS) \ + +From 4f59e7fd5b9ad94091230713c28f6a818269d48c Mon Sep 17 00:00:00 2001 +From: Tomas Bzatek +Date: Fri, 13 May 2022 17:05:43 +0200 +Subject: [PATCH 3/3] modules/zram: Add missing linker dependency + +--- + modules/zram/Makefile.am | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/modules/zram/Makefile.am b/modules/zram/Makefile.am +index 9e5e9a6315..40f929583d 100644 +--- a/modules/zram/Makefile.am ++++ b/modules/zram/Makefile.am +@@ -78,6 +78,7 @@ libudisks2_zram_la_LDFLAGS = \ + $(NULL) + + libudisks2_zram_la_LIBADD = \ ++ $(top_builddir)/src/libudisks-daemon.la \ + $(GLIB_LIBS) \ + $(GIO_LIBS) \ + $(GUDEV_LIBS) \ diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/udisks/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-fs/udisks/metadata.xml new file mode 100644 index 00000000000..8e19b03530b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/udisks/metadata.xml @@ -0,0 +1,18 @@ + + + + + freedesktop-bugs@gentoo.org + + + Build the system daemon, not just the client tool + Use sys-auth/elogind for session tracking + Add support for Logical Volume Management via sys-fs/lvm2. + Support sys-apps/systemd's logind + Enable Virtual Data Optimizer support. + Enable ZRAM support (requires sys-apps/systemd). + + + storaged-project/udisks + + diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/udisks/udisks-2.10.0.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/udisks/udisks-2.10.0.ebuild new file mode 100644 index 00000000000..b7ec7275b63 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/udisks/udisks-2.10.0.ebuild @@ -0,0 +1,141 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +inherit autotools bash-completion-r1 linux-info systemd tmpfiles udev xdg-utils + +DESCRIPTION="Daemon providing interfaces to work with storage devices" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/udisks" +SRC_URI="https://github.com/storaged-project/udisks/releases/download/${P}/${P}.tar.bz2" + +LICENSE="LGPL-2+ GPL-2+" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~loong ~mips ~ppc64 ~riscv ~x86" +IUSE="acl +daemon debug elogind +introspection lvm nls selinux systemd" + +REQUIRED_USE=" + ?? ( elogind systemd ) + elogind? ( daemon ) + systemd? ( daemon ) +" + +# See configure.ac file for the required min version +BLOCKDEV_MIN_VER="3.0" + +COMMON_DEPEND=" + >=sys-auth/polkit-0.114[daemon] + >=sys-libs/libblockdev-${BLOCKDEV_MIN_VER}:=[cryptsetup,lvm?,nvme] + virtual/udev + acl? ( virtual/acl ) + daemon? ( + >=dev-libs/glib-2.68:2 + >=dev-libs/libatasmart-0.19 + >=dev-libs/libgudev-165:= + ) + elogind? ( >=sys-auth/elogind-219 ) + introspection? ( >=dev-libs/gobject-introspection-1.30:= ) + lvm? ( sys-fs/lvm2 ) + systemd? ( >=sys-apps/systemd-209 ) +" +# util-linux -> mount, umount, swapon, swapoff (see also #403073) +RDEPEND="${COMMON_DEPEND} + >=sys-block/parted-3 + >=sys-apps/util-linux-2.30 + selinux? ( sec-policy/selinux-devicekit ) +" +DEPEND="${COMMON_DEPEND} + >=sys-kernel/linux-headers-3.1 +" +BDEPEND=" + app-text/docbook-xsl-stylesheets + >=dev-util/gdbus-codegen-2.32 + >=dev-build/gtk-doc-am-1.3 + virtual/pkgconfig + nls? ( >=sys-devel/gettext-0.19.8 ) + dev-libs/gobject-introspection-common + dev-build/autoconf-archive +" +# If adding a eautoreconf, then these might be needed at buildtime: +# dev-libs/gobject-introspection-common +# dev-build/autoconf-archive + +DOCS=( AUTHORS HACKING NEWS README.md ) + +pkg_setup() { + # Listing only major arch's here to avoid tracking kernel's defconfig + if use amd64 || use arm || use ppc || use ppc64 || use x86; then + CONFIG_CHECK="~!IDE" #319829 + CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" #412377 + CONFIG_CHECK+=" ~NLS_UTF8" #425562 + kernel_is lt 3 10 && CONFIG_CHECK+=" ~USB_SUSPEND" #331065, #477278 + linux-info_pkg_setup + fi +} + +src_prepare() { + xdg_environment_reset + default + + if ! use systemd ; then + sed -i -e 's:libsystemd-login:&disable:' configure || die + fi + + # Added for bug # 782061 + eautoreconf +} + +src_configure() { + local myeconfargs=( + --enable-btrfs + --disable-gtk-doc + --disable-static + --localstatedir="${EPREFIX}"/var + --with-html-dir="${EPREFIX}"/usr/share/gtk-doc/html + --with-modprobedir="${EPREFIX}"/lib/modprobe.d + --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" + --with-tmpfilesdir="${EPREFIX}"/usr/lib/tmpfiles.d + --with-udevdir="${EPREFIX}$(get_udevdir)" + $(use_enable acl) + $(use_enable daemon) + $(use_enable debug) + $(use_enable introspection) + $(use_enable lvm lvm2) + $(use_enable nls) + ) + econf "${myeconfargs[@]}" +} + +src_install() { + default + find "${ED}" -type f -name "*.la" -delete || die + keepdir /var/lib/udisks2 #383091 + + rm -rf "${ED}"/usr/share/bash-completion + dobashcomp data/completions/udisksctl +} + +pkg_preinst() { + # Remove gtk-doc symlink, #597628 + if [[ -L "${EROOT}"/usr/share/gtk-doc/html/udisks2 ]]; then + rm "${EROOT}"/usr/share/gtk-doc/html/udisks2 || die + fi +} + +pkg_postinst() { + udev_reload + + # TODO: obsolete with tmpfiles_process? + # mkdir -p "${EROOT}"/run #415987 + + tmpfiles_process udisks2.conf + + # See pkg_postinst() of >=sys-apps/baselayout-2.1-r1. Keep in sync? + if ! grep -qs "^tmpfs.*/run " "${EROOT}"/proc/mounts ; then + echo + ewarn "You should reboot the system now to get /run mounted with tmpfs!" + fi +} + +pkg_postrm() { + udev_reload +} diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/udisks/udisks-2.10.1.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/udisks/udisks-2.10.1.ebuild new file mode 100644 index 00000000000..550f365c02c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/udisks/udisks-2.10.1.ebuild @@ -0,0 +1,141 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +inherit autotools bash-completion-r1 linux-info systemd tmpfiles udev xdg-utils + +DESCRIPTION="Daemon providing interfaces to work with storage devices" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/udisks" +SRC_URI="https://github.com/storaged-project/udisks/releases/download/${P}/${P}.tar.bz2" + +LICENSE="LGPL-2+ GPL-2+" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~x86" +IUSE="acl +daemon debug elogind +introspection lvm nls selinux systemd" + +REQUIRED_USE=" + ?? ( elogind systemd ) + elogind? ( daemon ) + systemd? ( daemon ) +" + +# See configure.ac file for the required min version +BLOCKDEV_MIN_VER="3.0" + +COMMON_DEPEND=" + >=sys-auth/polkit-0.114[daemon] + >=sys-libs/libblockdev-${BLOCKDEV_MIN_VER}:=[cryptsetup,lvm?,nvme] + virtual/udev + acl? ( virtual/acl ) + daemon? ( + >=dev-libs/glib-2.68:2 + >=dev-libs/libatasmart-0.19 + >=dev-libs/libgudev-165:= + ) + elogind? ( >=sys-auth/elogind-219 ) + introspection? ( >=dev-libs/gobject-introspection-1.30:= ) + lvm? ( sys-fs/lvm2 ) + systemd? ( >=sys-apps/systemd-209 ) +" +# util-linux -> mount, umount, swapon, swapoff (see also #403073) +RDEPEND="${COMMON_DEPEND} + >=sys-block/parted-3 + >=sys-apps/util-linux-2.30 + selinux? ( sec-policy/selinux-devicekit ) +" +DEPEND="${COMMON_DEPEND} + >=sys-kernel/linux-headers-3.1 +" +BDEPEND=" + app-text/docbook-xsl-stylesheets + >=dev-util/gdbus-codegen-2.32 + >=dev-build/gtk-doc-am-1.3 + virtual/pkgconfig + nls? ( >=sys-devel/gettext-0.19.8 ) + dev-libs/gobject-introspection-common + dev-build/autoconf-archive +" +# If adding a eautoreconf, then these might be needed at buildtime: +# dev-libs/gobject-introspection-common +# dev-build/autoconf-archive + +DOCS=( AUTHORS HACKING NEWS README.md ) + +pkg_setup() { + # Listing only major arch's here to avoid tracking kernel's defconfig + if use amd64 || use arm || use ppc || use ppc64 || use x86; then + CONFIG_CHECK="~!IDE" #319829 + CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" #412377 + CONFIG_CHECK+=" ~NLS_UTF8" #425562 + kernel_is lt 3 10 && CONFIG_CHECK+=" ~USB_SUSPEND" #331065, #477278 + linux-info_pkg_setup + fi +} + +src_prepare() { + xdg_environment_reset + default + + if ! use systemd ; then + sed -i -e 's:libsystemd-login:&disable:' configure || die + fi + + # Added for bug # 782061 + eautoreconf +} + +src_configure() { + local myeconfargs=( + --enable-btrfs + --disable-gtk-doc + --disable-static + --localstatedir="${EPREFIX}"/var + --with-html-dir="${EPREFIX}"/usr/share/gtk-doc/html + --with-modprobedir="${EPREFIX}"/lib/modprobe.d + --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" + --with-tmpfilesdir="${EPREFIX}"/usr/lib/tmpfiles.d + --with-udevdir="${EPREFIX}$(get_udevdir)" + $(use_enable acl) + $(use_enable daemon) + $(use_enable debug) + $(use_enable introspection) + $(use_enable lvm lvm2) + $(use_enable nls) + ) + econf "${myeconfargs[@]}" +} + +src_install() { + default + find "${ED}" -type f -name "*.la" -delete || die + keepdir /var/lib/udisks2 #383091 + + rm -rf "${ED}"/usr/share/bash-completion + dobashcomp data/completions/udisksctl +} + +pkg_preinst() { + # Remove gtk-doc symlink, #597628 + if [[ -L "${EROOT}"/usr/share/gtk-doc/html/udisks2 ]]; then + rm "${EROOT}"/usr/share/gtk-doc/html/udisks2 || die + fi +} + +pkg_postinst() { + udev_reload + + # TODO: obsolete with tmpfiles_process? + # mkdir -p "${EROOT}"/run #415987 + + tmpfiles_process udisks2.conf + + # See pkg_postinst() of >=sys-apps/baselayout-2.1-r1. Keep in sync? + if ! grep -qs "^tmpfs.*/run " "${EROOT}"/proc/mounts ; then + echo + ewarn "You should reboot the system now to get /run mounted with tmpfs!" + fi +} + +pkg_postrm() { + udev_reload +} diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/udisks/udisks-2.9.4-r3.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/udisks/udisks-2.9.4-r3.ebuild new file mode 100644 index 00000000000..a33ed2e0ecc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/udisks/udisks-2.9.4-r3.ebuild @@ -0,0 +1,150 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +inherit autotools bash-completion-r1 linux-info systemd tmpfiles udev xdg-utils + +DESCRIPTION="Daemon providing interfaces to work with storage devices" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/udisks" +SRC_URI="https://github.com/storaged-project/udisks/releases/download/${P}/${P}.tar.bz2" + +LICENSE="LGPL-2+ GPL-2+" +SLOT="2" +KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~loong ~mips ppc ppc64 ~riscv sparc x86" +IUSE="acl +daemon debug elogind +introspection lvm nls selinux systemd vdo zram" + +REQUIRED_USE=" + ?? ( elogind systemd ) + elogind? ( daemon ) + systemd? ( daemon ) + zram? ( systemd ) +" + +# See configure.ac file for the required min version +BLOCKDEV_MIN_VER="2.25" + +# mount, umount, swapon, swapoff (see also #403073) +RDEPEND="${COMMON_DEPEND} + >=sys-block/parted-3 + >=sys-apps/util-linux-2.30 + selinux? ( sec-policy/selinux-devicekit ) +" +DEPEND="${COMMON_DEPEND} + >=sys-kernel/linux-headers-3.1 +" +BDEPEND=" + app-text/docbook-xsl-stylesheets + >=dev-util/gdbus-codegen-2.32 + >=dev-build/gtk-doc-am-1.3 + virtual/pkgconfig + nls? ( >=sys-devel/gettext-0.19.8 ) +" +# If adding a eautoreconf, then these might be needed at buildtime: +# dev-libs/gobject-introspection-common +# dev-build/autoconf-archive + +DOCS=( AUTHORS HACKING NEWS README.md ) + +PATCHES=( + "${FILESDIR}/${P}-undefined.patch" # 782061 +) + +pkg_setup() { + # Listing only major arch's here to avoid tracking kernel's defconfig + if use amd64 || use arm || use ppc || use ppc64 || use x86; then + CONFIG_CHECK="~!IDE" #319829 + CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" #412377 + CONFIG_CHECK+=" ~NLS_UTF8" #425562 + kernel_is lt 3 10 && CONFIG_CHECK+=" ~USB_SUSPEND" #331065, #477278 + linux-info_pkg_setup + fi +} + +src_prepare() { + xdg_environment_reset + default + + if ! use systemd ; then + sed -i -e 's:libsystemd-login:&disable:' configure || die + fi + + # Added for bug # 782061 + eautoreconf +} + +src_configure() { + local myeconfargs=( + --enable-btrfs + --disable-gtk-doc + --disable-static + --localstatedir="${EPREFIX}"/var + --with-html-dir="${EPREFIX}"/usr/share/gtk-doc/html + --with-modprobedir="${EPREFIX}"/lib/modprobe.d + --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" + --with-tmpfilesdir="${EPREFIX}"/usr/lib/tmpfiles.d + --with-udevdir="${EPREFIX}$(get_udevdir)" + $(use_enable acl) + $(use_enable daemon) + $(use_enable debug) + $(use_enable introspection) + $(use_enable lvm lvm2) + $(use_enable lvm lvmcache) + $(use_enable nls) + $(use_enable vdo) + $(use_enable zram) + ) + econf "${myeconfargs[@]}" +} + +src_install() { + default + find "${ED}" -type f -name "*.la" -delete || die + keepdir /var/lib/udisks2 #383091 + + rm -rf "${ED}"/usr/share/bash-completion + dobashcomp data/completions/udisksctl +} + +pkg_preinst() { + # Remove gtk-doc symlink, #597628 + if [[ -L "${EROOT}"/usr/share/gtk-doc/html/udisks2 ]]; then + rm "${EROOT}"/usr/share/gtk-doc/html/udisks2 || die + fi +} + +pkg_postinst() { + udev_reload + + # TODO: obsolete with tmpfiles_process? + # mkdir -p "${EROOT}"/run #415987 + + tmpfiles_process udisks2.conf + + # See pkg_postinst() of >=sys-apps/baselayout-2.1-r1. Keep in sync? + if ! grep -qs "^tmpfs.*/run " "${EROOT}"/proc/mounts ; then + echo + ewarn "You should reboot the system now to get /run mounted with tmpfs!" + fi +} + +pkg_postrm() { + udev_reload +} From f910aca38d0930969a1e3ad568cda7e351f1a914 Mon Sep 17 00:00:00 2001 From: Simon Campion Date: Wed, 13 Mar 2024 13:39:58 +0100 Subject: [PATCH 10/22] sys-libs/cracklib: Add from Gentoo It's from Gentoo commit 2f6a333fb9bed9c7ab9b5a49065d157b62e48420 --- .../portage-stable/sys-libs/cracklib/Manifest | 1 + .../sys-libs/cracklib/cracklib-2.9.11.ebuild | 130 ++++++++++++++++++ .../sys-libs/cracklib/metadata.xml | 12 ++ 3 files changed, 143 insertions(+) create mode 100644 sdk_container/src/third_party/portage-stable/sys-libs/cracklib/Manifest create mode 100644 sdk_container/src/third_party/portage-stable/sys-libs/cracklib/cracklib-2.9.11.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-libs/cracklib/metadata.xml diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/cracklib/Manifest b/sdk_container/src/third_party/portage-stable/sys-libs/cracklib/Manifest new file mode 100644 index 00000000000..f7c1656f60c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/cracklib/Manifest @@ -0,0 +1 @@ +DIST cracklib-2.9.11.tar.xz 461116 BLAKE2B 46b499e465c1c268b772781a9c8ce573a5167ae2e0ac919b403acdb9a14c35140dfb53909eef6e41600e26c2f87d905b3d6d05380c66f053d091765b58a264f4 SHA512 c32e509f757344a1f0b7032ad3b6dc47a8759852a94e511c92073d85bce55f45d48c389d9eb34c993e1d61ad5c1542150672f3e8bc147148ebbb04d3319a2409 diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/cracklib/cracklib-2.9.11.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/cracklib/cracklib-2.9.11.ebuild new file mode 100644 index 00000000000..8be12c0d344 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/cracklib/cracklib-2.9.11.ebuild @@ -0,0 +1,130 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Note: ideally bump with sys-apps/cracklib-words + +DISTUTILS_OPTIONAL=1 +DISTUTILS_USE_PEP517=setuptools +PYTHON_COMPAT=( python3_{9..11} ) +inherit distutils-r1 libtool multilib-minimal usr-ldscript + +MY_P=${P/_} +DESCRIPTION="Password Checking Library" +HOMEPAGE="https://github.com/cracklib/cracklib/" +SRC_URI="https://github.com/${PN}/${PN}/releases/download/v${PV}/${P}.tar.xz" +S="${WORKDIR}"/${MY_P} + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos" +IUSE="nls python static-libs zlib" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +RDEPEND=" + python? ( ${PYTHON_DEPS} ) + zlib? ( >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] ) +" +DEPEND=" + ${RDEPEND} + nls? ( virtual/libintl ) +" +BDEPEND=" + nls? ( sys-devel/gettext ) + python? ( ${DISTUTILS_DEPS} ) +" + +distutils_enable_tests unittest + +pkg_setup() { + # Workaround bug #195017 + if has unmerge-orphans ${FEATURES} && has_version "<${CATEGORY}/${PN}-2.8.10" ; then + eerror "Upgrade path is broken with FEATURES=unmerge-orphans" + eerror "Please run: FEATURES=-unmerge-orphans emerge cracklib" + die "Please run: FEATURES=-unmerge-orphans emerge cracklib" + fi +} + +src_prepare() { + default + + # bug #269003 + elibtoolize + + if use python ; then + distutils-r1_src_prepare + fi +} + +multilib_src_configure() { + local myeconfargs=( + # use /usr/lib so that the dictionary is shared between ABIs + --with-default-dict="/usr/lib/cracklib_dict" + --without-python + $(use_enable nls) + $(use_enable static-libs static) + ) + + export ac_cv_header_zlib_h=$(usex zlib) + export ac_cv_search_gzopen=$(usex zlib -lz no) + + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" +} + +multilib_src_compile() { + default + + if multilib_is_native_abi && use python ; then + local -x CFLAGS="${CFLAGS} -DLOCALEDIR='\"${EPREFIX}/usr/share/locale\"' -DDEFAULT_CRACKLIB_DICT=\'${EPREFIX}/usr/lib/cracklib_dict\'" + cd python || die + distutils-r1_src_compile + fi +} + +multilib_src_test() { + default + + if multilib_is_native_abi && use python ; then + distutils-r1_src_test + fi +} + +python_test() { + cd "${S}"/python || die + + # Make sure we load the freshly built library + local -x LD_LIBRARY_PATH="${BUILD_DIR/-${EPYTHON/./_}}/lib/.libs:${BUILD_DIR}/lib:${LD_LIBRARY_PATH}" + + eunittest +} + +multilib_src_install() { + default + + # Move shared libs to / + gen_usr_ldscript -a crack + + if multilib_is_native_abi && use python ; then + cd python || die + distutils-r1_src_install + fi +} + +multilib_src_install_all() { + einstalldocs + + find "${ED}" -type f -name "*.la" -delete || die + rm -r "${ED}"/usr/share/cracklib || die + + insinto /usr/share/dict + doins dicts/cracklib-small +} + +pkg_postinst() { + if [[ -z ${ROOT} ]] ; then + ebegin "Regenerating cracklib dictionary" + create-cracklib-dict "${EPREFIX}"/usr/share/dict/* > /dev/null + eend $? + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/cracklib/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-libs/cracklib/metadata.xml new file mode 100644 index 00000000000..8aacd02b19c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/cracklib/metadata.xml @@ -0,0 +1,12 @@ + + + + + base-system@gentoo.org + Gentoo Base System + + + cracklib + cracklib/cracklib + + From 7e46092fc27bc4af815c965c25b015cc98372a17 Mon Sep 17 00:00:00 2001 From: Simon Campion Date: Wed, 13 Mar 2024 13:40:06 +0100 Subject: [PATCH 11/22] sys-libs/libblockdev: Add from Gentoo It's from Gentoo commit 2f6a333fb9bed9c7ab9b5a49065d157b62e48420 --- .../sys-libs/libblockdev/Manifest | 3 + .../files/libblockdev-2.28-sh_tests.patch | 23 +++ ...d-non-systemd-method-for-distro-info.patch | 30 ++++ .../libblockdev/libblockdev-2.28-r1.ebuild | 136 ++++++++++++++++++ .../libblockdev/libblockdev-3.0.3.ebuild | 131 +++++++++++++++++ .../libblockdev/libblockdev-3.0.4.ebuild | 132 +++++++++++++++++ .../sys-libs/libblockdev/metadata.xml | 23 +++ 7 files changed, 478 insertions(+) create mode 100644 sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/Manifest create mode 100644 sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/files/libblockdev-2.28-sh_tests.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/files/libblockdev-3.0.4-add-non-systemd-method-for-distro-info.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-2.28-r1.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-3.0.3.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-3.0.4.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/metadata.xml diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/Manifest b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/Manifest new file mode 100644 index 00000000000..6b4bdd52487 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/Manifest @@ -0,0 +1,3 @@ +DIST libblockdev-2.28.tar.gz 925698 BLAKE2B 63ac7ab5bd02c1ef1848d0b252e09fe721cfe86258f063b7bab616766cbc56311707dcb2dd3a1fadf0e0840187f121aa178fd5959500cd590b846238a9d3e36e SHA512 9e01c41db4f728c8e81e710c6bb4725bbe34b3a7de25ff7f57b7b88ca6b7b5debbe858947585d314770036b2c3c533f9f8ff3d038b7ca50eee3d18f9fbe0d392 +DIST libblockdev-3.0.3.tar.gz 1048628 BLAKE2B c26a806797effc7231a0eb92f1b8cd74e548da5b1800cddd75a21e7df327be8371edabc2e9a39a727291f365b6a4f6242f78b66396adc4526b41749219f0429f SHA512 f2cc6fbe1df6fd9886016177a4a94984d704f3b402c7090344c581afb89f7cb050c9516c52974157a99ea6c6239f6a1f6079cde0b43a2336af0daca7311ca788 +DIST libblockdev-3.0.4.tar.gz 1050971 BLAKE2B e31ecb04310c2c66cbe432c1e003b3c3241f318f78916d5c61c0efca37fa677e5f857eab9b7c3bfc7c5a589350cdef12402940d28af68ab9fc95e5da6852ddf1 SHA512 82b574c1f8e301d6e9ff07f8c3d2a351a5bc966b5d65a3b578c214e03e48b54270b54176d646ac15e8119c79536d08b36415de478ffd34c8b3fe536300fc5172 diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/files/libblockdev-2.28-sh_tests.patch b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/files/libblockdev-2.28-sh_tests.patch new file mode 100644 index 00000000000..2fbeaf49f23 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/files/libblockdev-2.28-sh_tests.patch @@ -0,0 +1,23 @@ +bash is fine with "test . == ." but e.g. dash fails on not having +the two dots quoted as strings. + +--- a/docs/Makefile.am ++++ b/docs/Makefile.am +@@ -2,7 +2,7 @@ + + html-doc.stamp: ${srcdir}/libblockdev-docs.xml ${srcdir}/libblockdev-sections.txt $(wildcard ${srcdir}/../src/plugins/*.[ch]) $(wildcard ${srcdir}/../src/lib/*.[ch]) $(wildcard ${srcdir}/../src/utils/*.[ch]) + touch ${builddir}/html-doc.stamp +- test ${builddir} == ${srcdir} || cp ${srcdir}/libblockdev-sections.txt ${srcdir}/libblockdev-docs.xml ${builddir} ++ test "${builddir}" == "${srcdir}" || cp ${srcdir}/libblockdev-sections.txt ${srcdir}/libblockdev-docs.xml ${builddir} + gtkdoc-scan --rebuild-types --module=libblockdev --source-dir=${srcdir}/../src/plugins/ --source-dir=${srcdir}/../src/lib/ --source-dir=${srcdir}/../src/utils/ + gtkdoc-mkdb --module=libblockdev --output-format=xml --source-dir=${srcdir}/../src/plugins/ --source-dir=${srcdir}/../src/lib/ --source-dir=${srcdir}/../src/utils/ --source-suffixes=c,h + test -d ${builddir}/html || mkdir ${builddir}/html +@@ -13,7 +13,7 @@ + -rm -rf ${builddir}/html + -rm -rf ${builddir}/xml + test ! -f ${builddir}/html-doc.stamp || rm ${builddir}/html-doc.stamp +- test ${builddir} == ${srcdir} || rm -f ${builddir}/libblockdev-sections.txt ${builddir}/libblockdev-docs.xml ++ test "${builddir}" == "${srcdir}" || rm -f ${builddir}/libblockdev-sections.txt ${builddir}/libblockdev-docs.xml + + install-data-local: + test -d ${DESTDIR}${datadir}/gtk-doc/html/libblockdev || mkdir -p ${DESTDIR}${datadir}/gtk-doc/html/libblockdev diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/files/libblockdev-3.0.4-add-non-systemd-method-for-distro-info.patch b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/files/libblockdev-3.0.4-add-non-systemd-method-for-distro-info.patch new file mode 100644 index 00000000000..5625478c608 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/files/libblockdev-3.0.4-add-non-systemd-method-for-distro-info.patch @@ -0,0 +1,30 @@ +From ec8cab726abe60ba5c7ffcce07905b29c5376163 Mon Sep 17 00:00:00 2001 +From: Alfred Wingate +Date: Mon, 13 Nov 2023 16:21:44 +0200 +Subject: [PATCH] Add non-systemd method to get distro name and version + +--- a/tests/utils.py ++++ b/tests/utils.py +@@ -514,10 +514,16 @@ def get_version(): + """ Try to get distro and version + """ + +- bus = dbus.SystemBus() ++ try: ++ bus = dbus.SystemBus() ++ ++ # get information about the distribution from systemd (hostname1) ++ sys_info = bus.get_object("org.freedesktop.hostname1", "/org/freedesktop/hostname1") ++ except dbus.exceptions.DBusException: ++ import platform ++ info = platform.freedesktop_os_release() ++ return (info["NAME"], info["VERSION_ID"]) + +- # get information about the distribution from systemd (hostname1) +- sys_info = bus.get_object("org.freedesktop.hostname1", "/org/freedesktop/hostname1") + cpe = str(sys_info.Get("org.freedesktop.hostname1", "OperatingSystemCPEName", dbus_interface=dbus.PROPERTIES_IFACE)) + + if cpe: +-- +2.42.1 + diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-2.28-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-2.28-r1.ebuild new file mode 100644 index 00000000000..3a4d698c3f0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-2.28-r1.ebuild @@ -0,0 +1,136 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..11} ) +inherit autotools python-single-r1 xdg-utils + +DESCRIPTION="A library for manipulating block devices" +HOMEPAGE="https://github.com/storaged-project/libblockdev" +if [[ "${PV}" == *9999 ]] ; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/storaged-project/libblockdev.git" + BDEPEND=" + dev-build/autoconf-archive + " +else + MY_PV="${PV}-1" + SRC_URI="https://github.com/storaged-project/${PN}/releases/download/${MY_PV}/${P}.tar.gz" + KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~loong ~mips ppc ppc64 ~riscv sparc x86" +fi +LICENSE="LGPL-2+" +SLOT="0/2" # subslot is SOVERSION +IUSE="bcache +cryptsetup device-mapper dmraid escrow gtk-doc introspection lvm kbd test +tools vdo" +# Tests require root. In a future release, we may be able to run a smaller +# subset with new run_tests.py arguments. +RESTRICT="!test? ( test ) test" + +RDEPEND=" + >=dev-libs/glib-2.42.2 + dev-libs/libbytesize + >=sys-apps/kmod-19 + >=sys-apps/util-linux-2.27 + >=sys-block/parted-3.1 + cryptsetup? ( + escrow? ( + >=dev-libs/nss-3.18.0 + dev-libs/volume_key + ) + >=sys-fs/cryptsetup-1.6.7:= + ) + device-mapper? ( sys-fs/lvm2 ) + dmraid? ( + sys-fs/dmraid + sys-fs/lvm2 + ) + lvm? ( + sys-fs/lvm2 + virtual/udev + ) + vdo? ( dev-libs/libyaml ) + ${PYTHON_DEPS} +" + +DEPEND=" + ${RDEPEND} +" + +# TODO: relax libbytesize condition once it has gained py3.11 support +BDEPEND+=" + dev-build/gtk-doc-am + gtk-doc? ( dev-util/gtk-doc ) + introspection? ( >=dev-libs/gobject-introspection-1.3.0 ) + test? ( + $(python_gen_cond_dep ' + dev-libs/libbytesize[python,${PYTHON_USEDEP}] + ' python3_{9..10} ) + sys-block/targetcli-fb + ) +" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + escrow? ( cryptsetup )" + +PATCHES=( + "${FILESDIR}"/${PN}-2.28-sh_tests.patch +) + +pkg_setup() { + python-single-r1_pkg_setup +} + +src_prepare() { + xdg_environment_reset #623992 + default + + # https://bugs.gentoo.org/744289 + find -type f \( -name "Makefile.am" -o -name "configure.ac" \) -print0 \ + | xargs --null sed "s@ -Werror@@" -i || die + + eautoreconf +} + +src_configure() { + local myeconfargs=( + --with-btrfs + --with-fs + --with-part + --with-python3 + --without-mpath + --without-nvdimm + --without-python2 + $(use_enable introspection) + $(use_enable test tests) + $(use_with bcache) + $(use_with cryptsetup crypto) + $(use_with device-mapper dm) + $(use_with dmraid) + $(use_with escrow) + $(use_with gtk-doc) + $(use_with kbd) + $(use_with lvm lvm) + $(use_with lvm lvm-dbus) + $(use_with tools) + $(use_with vdo) + ) + econf "${myeconfargs[@]}" +} + +src_test() { + # See http://storaged.org/libblockdev/ch03.html + # The 'check' target just does Pylint. + # ... but it needs root. + emake test +} + +src_install() { + default + find "${ED}" -type f -name "*.la" -delete || die + # This is installed even with USE=-lvm, but libbd_lvm are omitted so it + # doesn't work at all. + if ! use lvm ; then + rm -f "${ED}"/usr/bin/lvm-cache-stats || die + fi + python_optimize #718576 +} diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-3.0.3.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-3.0.3.ebuild new file mode 100644 index 00000000000..88cfcd76553 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-3.0.3.ebuild @@ -0,0 +1,131 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..11} ) +inherit autotools python-single-r1 toolchain-funcs xdg-utils + +DESCRIPTION="A library for manipulating block devices" +HOMEPAGE="https://github.com/storaged-project/libblockdev" +if [[ "${PV}" == *9999 ]] ; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/storaged-project/libblockdev.git" + BDEPEND=" + dev-build/autoconf-archive + " +else + MY_PV="${PV}-1" + SRC_URI="https://github.com/storaged-project/${PN}/releases/download/${MY_PV}/${P}.tar.gz" + KEYWORDS="~alpha amd64 arm arm64 ~loong ~mips ppc64 ~riscv x86" +fi +LICENSE="LGPL-2+" +SLOT="0/3" # subslot is SOVERSION +IUSE="+cryptsetup device-mapper escrow gtk-doc introspection lvm +nvme test +tools" +# Tests require root. In a future release, we may be able to run a smaller +# subset with new run_tests.py arguments. +RESTRICT="!test? ( test ) test" + +RDEPEND=" + >=dev-libs/glib-2.42.2 + dev-libs/libbytesize + sys-apps/gptfdisk + >=sys-apps/kmod-19 + >=sys-apps/util-linux-2.27 + >=sys-block/parted-3.1 + cryptsetup? ( + escrow? ( + >=dev-libs/nss-3.18.0 + dev-libs/volume_key + ) + >=sys-apps/keyutils-1.5.0:= + >=sys-fs/cryptsetup-2.3.0:= + ) + device-mapper? ( sys-fs/lvm2 ) + lvm? ( + sys-fs/lvm2 + virtual/udev + ) + nvme? ( sys-libs/libnvme ) + ${PYTHON_DEPS} + $(python_gen_cond_dep ' + dev-python/pygobject:3[${PYTHON_USEDEP}] + ') +" + +DEPEND="${RDEPEND}" + +BDEPEND+=" + dev-build/gtk-doc-am + gtk-doc? ( dev-util/gtk-doc ) + introspection? ( >=dev-libs/gobject-introspection-1.3.0 ) + test? ( + $(python_gen_cond_dep ' + dev-libs/libbytesize[python,${PYTHON_USEDEP}] + ') + sys-block/targetcli-fb + ) +" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + escrow? ( cryptsetup )" + +pkg_setup() { + python-single-r1_pkg_setup +} + +src_prepare() { + xdg_environment_reset #623992 + default + + # https://bugs.gentoo.org/744289 + find -type f \( -name "Makefile.am" -o -name "configure.ac" \) -print0 \ + | xargs --null sed "s@ -Werror@@" -i || die + + eautoreconf +} + +src_configure() { + # Bug #910487 + if tc-ld-is-lld; then + tc-ld-force-bfd + fi + + local myeconfargs=( + --with-btrfs + --with-fs + --with-part + --with-python3 + --without-mpath + --without-nvdimm + $(use_enable introspection) + $(use_enable test tests) + $(use_with cryptsetup crypto) + $(use_with device-mapper dm) + $(use_with escrow) + $(use_with gtk-doc) + $(use_with lvm lvm) + $(use_with lvm lvm-dbus) + $(use_with nvme) + $(use_with tools) + ) + econf "${myeconfargs[@]}" +} + +src_test() { + # See http://storaged.org/libblockdev/ch03.html + # The 'check' target just does Pylint. + # ... but it needs root. + emake test +} + +src_install() { + default + find "${ED}" -type f -name "*.la" -delete || die + # This is installed even with USE=-lvm, but libbd_lvm are omitted so it + # doesn't work at all. + if ! use lvm ; then + rm -f "${ED}"/usr/bin/lvm-cache-stats || die + fi + python_optimize #718576 +} diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-3.0.4.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-3.0.4.ebuild new file mode 100644 index 00000000000..4d3b3883663 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-3.0.4.ebuild @@ -0,0 +1,132 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit autotools python-single-r1 xdg-utils + +DESCRIPTION="A library for manipulating block devices" +HOMEPAGE="https://github.com/storaged-project/libblockdev" +if [[ "${PV}" == *9999 ]] ; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/storaged-project/libblockdev.git" + BDEPEND=" + dev-build/autoconf-archive + " +else + MY_PV="${PV}-1" + SRC_URI="https://github.com/storaged-project/${PN}/releases/download/${MY_PV}/${P}.tar.gz" + KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~loong ~mips ~ppc ppc64 ~riscv x86" +fi +LICENSE="LGPL-2+" +SLOT="0/3" # subslot is SOVERSION +IUSE="+cryptsetup device-mapper escrow gtk-doc introspection lvm +nvme test +tools" +RESTRICT="!test? ( test )" + +RDEPEND=" + >=dev-libs/glib-2.42.2 + dev-libs/libbytesize + sys-apps/gptfdisk + >=sys-apps/kmod-19 + >=sys-apps/util-linux-2.27 + >=sys-block/parted-3.1 + cryptsetup? ( + escrow? ( + >=dev-libs/nss-3.18.0 + dev-libs/volume_key + ) + >=sys-apps/keyutils-1.5.0:= + >=sys-fs/cryptsetup-2.3.0:= + ) + device-mapper? ( sys-fs/lvm2 ) + lvm? ( + sys-fs/lvm2 + virtual/udev + ) + nvme? ( sys-libs/libnvme ) + ${PYTHON_DEPS} + $(python_gen_cond_dep ' + dev-python/pygobject:3[${PYTHON_USEDEP}] + ') +" + +DEPEND="${RDEPEND}" + +BDEPEND+=" + dev-build/gtk-doc-am + gtk-doc? ( dev-util/gtk-doc ) + introspection? ( >=dev-libs/gobject-introspection-1.3.0 ) + test? ( + $(python_gen_cond_dep ' + dev-libs/libbytesize[python,${PYTHON_USEDEP}] + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/pyyaml[${PYTHON_USEDEP}] + ') + sys-apps/lsb-release + sys-block/targetcli-fb + ) +" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + escrow? ( cryptsetup ) + test? ( introspection lvm ) +" + +PATCHES=( + "${FILESDIR}/libblockdev-3.0.4-add-non-systemd-method-for-distro-info.patch" +) + +pkg_setup() { + python-single-r1_pkg_setup +} + +src_prepare() { + xdg_environment_reset #623992 + default + + # https://bugs.gentoo.org/744289 + find -type f \( -name "Makefile.am" -o -name "configure.ac" \) -print0 \ + | xargs --null sed "s@ -Werror@@" -i || die + + eautoreconf +} + +src_configure() { + local myeconfargs=( + --with-btrfs + --with-fs + --with-part + --with-python3 + --without-mpath + --without-nvdimm + $(use_enable introspection) + $(use_enable test tests) + $(use_with cryptsetup crypto) + $(use_with device-mapper dm) + $(use_with escrow) + $(use_with gtk-doc) + $(use_with lvm lvm) + $(use_with lvm lvm-dbus) + $(use_with nvme) + $(use_with tools) + ) + econf "${myeconfargs[@]}" +} + +src_test() { + # See http://storaged.org/libblockdev/ch03.html + # Largest subset which doesn't require root priviledges + ${EPYTHON} tests/run_tests.py --include-tags extradeps sourceonly || die +} + +src_install() { + default + find "${ED}" -type f -name "*.la" -delete || die + # This is installed even with USE=-lvm, but libbd_lvm are omitted so it + # doesn't work at all. + if ! use lvm ; then + rm -f "${ED}"/usr/bin/lvm-cache-stats || die + fi + python_optimize #718576 +} diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/metadata.xml new file mode 100644 index 00000000000..1c865386b8f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/metadata.xml @@ -0,0 +1,23 @@ + + + + + marecki@gentoo.org + Marek Szuba + + + Enable block device cache support. + Enable sys-fs/cryptsetup support + Enable support for device-mapper from sys-fs/lvm2 + Support for dmraid devices, also known as ATA-RAID, or Fake RAID. + Support for building crypto plugin with escrow device support + Enable kernel block device support. + Enable support for Logical Volume Management via sys-fs/lvm2. + Add nvme support via sys-libs/libnvme + Build tools + Enable Virtual Data Optimizer support. + + + storaged-project/libblockdev + + From 1ca55bb8da525801cbf26bf11eba024014786ced Mon Sep 17 00:00:00 2001 From: Simon Campion Date: Wed, 13 Mar 2024 13:41:44 +0100 Subject: [PATCH 12/22] dev-libs/jose: Add from Gentoo It's from GURU commit 05abdcd720bc767a152082750d9c7a044d638059 --- .../portage-stable/dev-libs/jose/Manifest | 2 ++ .../dev-libs/jose/jose-11-r1.ebuild | 19 ++++++++++++++++ .../dev-libs/jose/jose-12.ebuild | 22 +++++++++++++++++++ .../portage-stable/dev-libs/jose/metadata.xml | 11 ++++++++++ 4 files changed, 54 insertions(+) create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/jose/Manifest create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/jose/jose-11-r1.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/jose/jose-12.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/jose/metadata.xml diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/jose/Manifest b/sdk_container/src/third_party/portage-stable/dev-libs/jose/Manifest new file mode 100644 index 00000000000..915bae9a6bf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/jose/Manifest @@ -0,0 +1,2 @@ +DIST jose-11.tar.gz 841374 BLAKE2B 5ffe35ebd48ed72d140e1dbf3ad37fcc3b4fd5534a5e1a5d9c43e82ad1901f989610baee2e2eb17209fd72f73c4f17227bed01d168bb4d243f067ec25051f913 SHA512 ffe09000837f79cefa549734d13c5d5d51042a42a055867241777ccbff3a127bac86a6155638fdf5ee52aad3598829e19724fd4e7de541117ed9b1c77c2ce457 +DIST jose-12.tar.gz 841206 BLAKE2B 32473b67b4c6235c3f7ea04295bdd44dda3fe5a51355b9880a92d0a6aada78eeba2fb027a6329e8f249f087ab7dee705d0493771b63cb463067df709b7707212 SHA512 31b7fc9354c3579f5bf904be0efd3631fe35fbbcc85455b2d414664ff2b4dbb3253b9c954229d87ca2a2e3ec382c5316bcb3f2ee424572ed25946a99fe885ada diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/jose/jose-11-r1.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/jose/jose-11-r1.ebuild new file mode 100644 index 00000000000..b8b40bb604d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/jose/jose-11-r1.ebuild @@ -0,0 +1,19 @@ +# Copyright 2022-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit meson + +DESCRIPTION="C-language implementation of Javascript Object Signing and Encryption" +HOMEPAGE="https://github.com/latchset/jose" +SRC_URI="https://github.com/latchset/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64" + +DEPEND="dev-libs/jansson" +RDEPEND="${DEPEND} + dev-libs/openssl:= +" diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/jose/jose-12.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/jose/jose-12.ebuild new file mode 100644 index 00000000000..a6ad67bdb28 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/jose/jose-12.ebuild @@ -0,0 +1,22 @@ +# Copyright 2022-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit meson + +DESCRIPTION="C-language implementation of Javascript Object Signing and Encryption" +HOMEPAGE="https://github.com/latchset/jose" +SRC_URI="https://github.com/latchset/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64" + +DEPEND=" + dev-libs/jansson + sys-libs/zlib +" +RDEPEND="${DEPEND} + dev-libs/openssl:= +" diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/jose/metadata.xml b/sdk_container/src/third_party/portage-stable/dev-libs/jose/metadata.xml new file mode 100644 index 00000000000..bfb2fba0b95 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/jose/metadata.xml @@ -0,0 +1,11 @@ + + + + + julien@jroy.ca + Julien Roy + + + latchset/jose + + From f385595ad1bda9caba69dc276b2cc952723aa327 Mon Sep 17 00:00:00 2001 From: Simon Campion Date: Wed, 13 Mar 2024 13:43:14 +0100 Subject: [PATCH 13/22] overlay profiles: Add accept keywords for dev-libs/jose --- .../profiles/coreos/base/package.accept_keywords | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords index 0aa8eab9ada..157e618e3d7 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords @@ -42,6 +42,9 @@ # Needed by arm64-native SDK. =dev-lang/yasm-1.3.0-r1 ~arm64 +# The only available ebuild (from GURU) has ~amd64 and no keyword for arm64 yet. +=dev-libs/jose-12 ** + # Keep versions on both arches in sync. =dev-libs/ding-libs-0.6.2-r1 ~arm64 From 5cc473a5c1981fa16303f5662850b3c06cdfdce9 Mon Sep 17 00:00:00 2001 From: Simon Campion Date: Wed, 13 Mar 2024 13:44:04 +0100 Subject: [PATCH 14/22] dev-libs/luksmeta: Add from Gentoo It's from GURU commit 05abdcd720bc767a152082750d9c7a044d638059 --- .../portage-stable/dev-libs/luksmeta/Manifest | 1 + .../luksmeta/files/luksmeta-tests.patch | 136 ++++++++++++++++++ .../dev-libs/luksmeta/luksmeta-9-r1.ebuild | 38 +++++ .../dev-libs/luksmeta/metadata.xml | 11 ++ 4 files changed, 186 insertions(+) create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/luksmeta/Manifest create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/luksmeta/files/luksmeta-tests.patch create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/luksmeta/luksmeta-9-r1.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/luksmeta/metadata.xml diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/luksmeta/Manifest b/sdk_container/src/third_party/portage-stable/dev-libs/luksmeta/Manifest new file mode 100644 index 00000000000..95c5937c649 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/luksmeta/Manifest @@ -0,0 +1 @@ +DIST luksmeta-9.tar.gz 27650 BLAKE2B e55796929410e9a3124c3f28066bac42b46e71df98ab7a1e58c1f973d4fda41d7c8d64b735ae0d1e192054297932951407083f89a7f255c09d22dce370865036 SHA512 874331988fe2648d4924779b348f190ed5c6e4d71da4ad027f176e3f8dcbc78fc26e9f9b8402a97437db5b884db31b72598afc70e025cd8533168a5986417a76 diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/luksmeta/files/luksmeta-tests.patch b/sdk_container/src/third_party/portage-stable/dev-libs/luksmeta/files/luksmeta-tests.patch new file mode 100644 index 00000000000..2cf4a4ae264 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/luksmeta/files/luksmeta-tests.patch @@ -0,0 +1,136 @@ +# This patch backports the master branch's test-lm-{big,one,two}.c and test-luksmeta.c +# due to failing tests on v9 tag (see https://bugs.gentoo.org/837308) + +diff --git a/test-lm-assumptions.c b/test-lm-assumptions.c +index d9ff20b..b4f293f 100644 +--- a/test-lm-assumptions.c ++++ b/test-lm-assumptions.c +@@ -28,7 +28,8 @@ main(int argc, char *argv[]) + /* Test the layout state. */ + assert(test_layout((range_t[]) { + { 0, 1024 }, /* LUKS header */ +- END(1024), /* Rest of the file */ ++ { 1024, 3072, true }, /* Keyslot Area */ ++ { 0, 0 }, + })); + + unlink(filename); +diff --git a/test-lm-big.c b/test-lm-big.c +index 6098e59..eb94d3b 100644 +--- a/test-lm-big.c ++++ b/test-lm-big.c +@@ -111,7 +111,7 @@ main(int argc, char *argv[]) + + assert(test_layout((range_t[]) { + { 0, 1024 }, /* LUKS header */ +- { 1024, offset - 1024, true }, /* Keyslot Area */ ++ { 1024, 3072, true }, /* Keyslot Area */ + { offset, 4096 }, /* luksmeta header */ + { offset + 4096, 4096 }, /* luksmeta slot 0 */ + { offset + 8192, 4096 }, /* luksmeta slot 0 (cont) */ +@@ -127,7 +127,7 @@ main(int argc, char *argv[]) + + assert(test_layout((range_t[]) { + { 0, 1024 }, /* LUKS header */ +- { 1024, offset - 1024, true }, /* Keyslot Area */ ++ { 1024, 3072, true }, /* Keyslot Area */ + { offset, 4096 }, /* luksmeta header */ + END(offset + 4096), /* Rest of the file */ + })); +diff --git a/test-lm-init.c b/test-lm-init.c +index 2a6cb45..b16d597 100644 +--- a/test-lm-init.c ++++ b/test-lm-init.c +@@ -57,7 +57,7 @@ main(int argc, char *argv[]) + /* Test the layout state. */ + assert(test_layout((range_t[]) { + { 0, 1024 }, /* LUKS header */ +- { 1024, offset - 1024, true }, /* Keyslot Area */ ++ { 1024, 3072, true }, /* Keyslot Area */ + { offset, 4096 }, /* luksmeta header */ + END(offset + 4096), /* Rest of the file */ + })); +@@ -106,7 +106,7 @@ main(int argc, char *argv[]) + assert(luksmeta_test(cd) == -ENOENT); + assert(test_layout((range_t[]) { + { 0, 1024 }, /* LUKS header */ +- { 1024, offset - 1024, true }, /* Keyslot Area */ ++ { 1024, 3072, true }, /* Keyslot Area */ + END(offset), /* Rest of the file */ + })); + +diff --git a/test-lm-one.c b/test-lm-one.c +index 8deb70a..18613e0 100644 +--- a/test-lm-one.c ++++ b/test-lm-one.c +@@ -49,7 +49,7 @@ main(int argc, char *argv[]) + /* Test the layout state. */ + assert(test_layout((range_t[]) { + { 0, 1024 }, /* LUKS header */ +- { 1024, offset - 1024, true }, /* Keyslot Area */ ++ { 1024, 3072, true }, /* Keyslot Area */ + { offset, 4096 }, /* luksmeta header */ + { offset + 4096, 4096 }, /* luksmeta slot 0 */ + END(offset + 8192), /* Rest of the file */ +@@ -68,7 +68,7 @@ main(int argc, char *argv[]) + /* Test the layout state. */ + assert(test_layout((range_t[]) { + { 0, 1024 }, /* LUKS header */ +- { 1024, offset - 1024, true }, /* Keyslot Area */ ++ { 1024, 3072, true }, /* Keyslot Area */ + { offset, 4096 }, /* luksmeta header */ + END(offset + 4096), /* Rest of the file */ + })); +diff --git a/test-lm-two.c b/test-lm-two.c +index 78fea5b..9f0b1c5 100644 +--- a/test-lm-two.c ++++ b/test-lm-two.c +@@ -53,7 +53,7 @@ main(int argc, char *argv[]) + + assert(test_layout((range_t[]) { + { 0, 1024 }, /* LUKS header */ +- { 1024, offset - 1024, true }, /* Keyslot Area */ ++ { 1024, 3072, true }, /* Keyslot Area */ + { offset, 4096 }, /* luksmeta header */ + { offset + 4096, 4096 }, /* luksmeta slot 0 */ + END(offset + 8192), /* Rest of the file */ +@@ -70,7 +70,7 @@ main(int argc, char *argv[]) + + assert(test_layout((range_t[]) { + { 0, 1024 }, /* LUKS header */ +- { 1024, offset - 1024, true }, /* Keyslot Area */ ++ { 1024, 3072, true }, /* Keyslot Area */ + { offset, 4096 }, /* luksmeta header */ + { offset + 4096, 4096 }, /* luksmeta slot 0 */ + { offset + 8192, 4096 }, /* luksmeta slot 1 */ +@@ -88,7 +88,7 @@ main(int argc, char *argv[]) + assert(luksmeta_wipe(cd, 0, UUID0) == 0); + assert(test_layout((range_t[]) { + { 0, 1024 }, /* LUKS header */ +- { 1024, offset - 1024, true }, /* Keyslot Area */ ++ { 1024, 3072, true }, /* Keyslot Area */ + { offset, 4096 }, /* luksmeta header */ + { offset + 4096, 4096, true }, /* luksmeta slot 0 */ + { offset + 8192, 4096 }, /* luksmeta slot 1 */ +@@ -99,7 +99,7 @@ main(int argc, char *argv[]) + assert(luksmeta_wipe(cd, 1, UUID1) == 0); + assert(test_layout((range_t[]) { + { 0, 1024 }, /* LUKS header */ +- { 1024, offset - 1024, true }, /* Keyslot Area */ ++ { 1024, 3072, true }, /* Keyslot Area */ + { offset, 4096 }, /* luksmeta header */ + END(offset + 4096), /* Rest of the file */ + })); +diff --git a/test-luksmeta b/test-luksmeta +index fd17ead..f1e8b2e 100755 +--- a/test-luksmeta ++++ b/test-luksmeta +@@ -11,7 +11,7 @@ function onexit() { + trap 'onexit' EXIT + + truncate -s 4M $tmp +-echo -n foo | cryptsetup luksFormat $tmp - ++echo -n foo | cryptsetup luksFormat --type luks1 $tmp - + + ! ./luksmeta test -d $tmp + diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/luksmeta/luksmeta-9-r1.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/luksmeta/luksmeta-9-r1.ebuild new file mode 100644 index 00000000000..1d04bcebd6c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/luksmeta/luksmeta-9-r1.ebuild @@ -0,0 +1,38 @@ +# Copyright 2022-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools + +DESCRIPTION="LUKSMeta is a simple library for storing metadata in the LUKSv1 header" +HOMEPAGE="https://github.com/latchset/luksmeta" +SRC_URI="https://github.com/latchset/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~amd64" +IUSE="+man" + +DEPEND="sys-fs/cryptsetup" +RDEPEND="${DEPEND}" +BDEPEND="man? ( app-text/asciidoc ) + dev-build/libtool" + +PATCHES=( + # https://bugs.gentoo.org/837308 + "${FILESDIR}/${PN}-tests.patch" +) + +src_prepare() { + default + eautoreconf + # Bug https://bugs.gentoo.org/921710 + sed -i -e '/^-Werror \\$/d' configure.ac || die +} + +src_install() { + default + # Bug https://bugs.gentoo.org/839609 + find "${ED}" -name '*.la' -delete || die +} diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/luksmeta/metadata.xml b/sdk_container/src/third_party/portage-stable/dev-libs/luksmeta/metadata.xml new file mode 100644 index 00000000000..4a0695b777b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/luksmeta/metadata.xml @@ -0,0 +1,11 @@ + + + + + julien@jroy.ca + Julien Roy + + + latchset/luksmeta + + From 78be5d5982118175faa95e5ec39496584d04e65b Mon Sep 17 00:00:00 2001 From: Simon Campion Date: Wed, 13 Mar 2024 13:45:26 +0100 Subject: [PATCH 15/22] overlay profiles: Add accept keywords for dev-libs/luksmeta --- .../profiles/coreos/base/package.accept_keywords | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords index 157e618e3d7..1fd54da9696 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords @@ -45,6 +45,9 @@ # The only available ebuild (from GURU) has ~amd64 and no keyword for arm64 yet. =dev-libs/jose-12 ** +# The only available ebuild (from GURU) has ~amd64 and no keyword for arm64 yet. +=dev-libs/luksmeta-9-r1 ** + # Keep versions on both arches in sync. =dev-libs/ding-libs-0.6.2-r1 ~arm64 From e4ebd6c302f9934d80d00a4876681269a65311e7 Mon Sep 17 00:00:00 2001 From: Simon Campion Date: Fri, 12 Jan 2024 09:36:25 +0100 Subject: [PATCH 16/22] app-crypt/clevis: Add from Gentoo --- .../coreos-overlay/app-crypt/clevis/Manifest | 1 + .../app-crypt/clevis/clevis-19-r1.ebuild | 35 +++ .../clevis/files/clevis-dracut.patch | 216 ++++++++++++++++++ .../app-crypt/clevis/files/clevis-meson.patch | 11 + .../app-crypt/clevis/metadata.xml | 15 ++ 5 files changed, 278 insertions(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/Manifest create mode 100644 sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/clevis-19-r1.ebuild create mode 100644 sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/files/clevis-dracut.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/files/clevis-meson.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/metadata.xml diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/Manifest b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/Manifest new file mode 100644 index 00000000000..ead9af1f716 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/Manifest @@ -0,0 +1 @@ +DIST clevis-19.tar.gz 81324 BLAKE2B 75323940d0b53e307f5dbc197e3117e7ddc900d76ae1043bac3d17cc3af0264ba00a5f840c5c9dd3c2dd9c8fbde2cf05934b8ab3e89cd403ad8a8eb28609bb78 SHA512 dee19354c908c3843fc295a84b431780d5d6062c77766ee7ce9550636d3623d92b0cd1f6d4c40d57bef14debddc161da2b72289a5d6185cdd17b09a1ef67409a diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/clevis-19-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/clevis-19-r1.ebuild new file mode 100644 index 00000000000..37a4b60eb91 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/clevis-19-r1.ebuild @@ -0,0 +1,35 @@ +# Copyright 2022-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit meson + +DESCRIPTION="Automated Encryption Framework" +HOMEPAGE="https://github.com/latchset/clevis" +SRC_URI="https://github.com/latchset/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64" +IUSE="+luks +tpm" + +DEPEND=" + dev-libs/jose + sys-fs/cryptsetup + luks? ( + app-misc/jq + dev-libs/libpwquality + dev-libs/luksmeta + ) + tpm? ( app-crypt/tpm2-tools ) +" +RDEPEND="${DEPEND}" + +PATCHES=( + # From https://github.com/latchset/clevis/pull/347 + # Allows using dracut without systemd + "${FILESDIR}/clevis-dracut.patch" + # Fix for systemd on Gentoo + "${FILESDIR}/clevis-meson.patch" +) diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/files/clevis-dracut.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/files/clevis-dracut.patch new file mode 100644 index 00000000000..60873b84e44 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/files/clevis-dracut.patch @@ -0,0 +1,216 @@ +diff --git a/src/luks/systemd/dracut/clevis-pin-sss/meson.build b/src/dracut/clevis-pin-sss/meson.build +similarity index 100% +rename from src/luks/systemd/dracut/clevis-pin-sss/meson.build +rename to src/dracut/clevis-pin-sss/meson.build +diff --git a/src/luks/systemd/dracut/clevis-pin-sss/module-setup.sh.in b/src/dracut/clevis-pin-sss/module-setup.sh.in +similarity index 100% +rename from src/luks/systemd/dracut/clevis-pin-sss/module-setup.sh.in +rename to src/dracut/clevis-pin-sss/module-setup.sh.in +diff --git a/src/luks/systemd/dracut/clevis-pin-tang/meson.build b/src/dracut/clevis-pin-tang/meson.build +similarity index 100% +rename from src/luks/systemd/dracut/clevis-pin-tang/meson.build +rename to src/dracut/clevis-pin-tang/meson.build +diff --git a/src/luks/systemd/dracut/clevis-pin-tang/module-setup.sh.in b/src/dracut/clevis-pin-tang/module-setup.sh.in +similarity index 100% +rename from src/luks/systemd/dracut/clevis-pin-tang/module-setup.sh.in +rename to src/dracut/clevis-pin-tang/module-setup.sh.in +diff --git a/src/luks/systemd/dracut/clevis-pin-tpm2/meson.build b/src/dracut/clevis-pin-tpm2/meson.build +similarity index 100% +rename from src/luks/systemd/dracut/clevis-pin-tpm2/meson.build +rename to src/dracut/clevis-pin-tpm2/meson.build +diff --git a/src/luks/systemd/dracut/clevis-pin-tpm2/module-setup.sh.in b/src/dracut/clevis-pin-tpm2/module-setup.sh.in +similarity index 100% +rename from src/luks/systemd/dracut/clevis-pin-tpm2/module-setup.sh.in +rename to src/dracut/clevis-pin-tpm2/module-setup.sh.in +diff --git a/src/dracut/clevis/clevis-hook.sh.in b/src/dracut/clevis/clevis-hook.sh.in +new file mode 100755 +index 0000000..91ff2bd +--- /dev/null ++++ b/src/dracut/clevis/clevis-hook.sh.in +@@ -0,0 +1,3 @@ ++#!/bin/bash ++ ++@libexecdir@/clevis-luks-generic-unlocker -l +diff --git a/src/dracut/clevis/clevis-luks-generic-unlocker b/src/dracut/clevis/clevis-luks-generic-unlocker +new file mode 100755 +index 0000000..a3b9d62 +--- /dev/null ++++ b/src/dracut/clevis/clevis-luks-generic-unlocker +@@ -0,0 +1,70 @@ ++#!/bin/bash ++set -eu ++# vim: set ts=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80: ++# ++# Copyright (c) 2020-2021 Red Hat, Inc. ++# Author: Sergio Correia ++# ++# This program is free software: you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation, either version 3 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program. If not, see . ++# ++ ++. clevis-luks-common-functions ++ ++# Make sure to exit cleanly if SIGTERM is received. ++trap 'echo "Exiting due to SIGTERM" && exit 0' TERM ++ ++loop= ++while getopts ":l" o; do ++ case "${o}" in ++ l) loop=true;; ++ *) ;; ++ esac ++done ++ ++to_unlock() { ++ local _devices='' _d _uuid ++ for _d in $(lsblk -o PATH,FSTYPE,RM \ ++ | awk '$2 == "crypto_LUKS" && $3 == "0" { print $1 }' | sort -u); ++ do ++ if ! bindings="$(clevis luks list -d "${_d}" 2>/dev/null)" \ ++ || [ -z "${bindings}" ]; then ++ continue ++ fi ++ _uuid="$(cryptsetup luksUUID "${_d}")" ++ if clevis_is_luks_device_by_uuid_open "${_uuid}"; then ++ continue ++ fi ++ _devices="$(printf '%s\n%s' "${_devices}" "${_d}")" ++ done ++ echo "${_devices}" | sed -e 's/^\n$//' ++} ++ ++while true; do ++ for d in $(to_unlock); do ++ uuid="$(cryptsetup luksUUID "${d}")" ++ if ! clevis luks unlock -d "${d}"; then ++ echo "Unable to unlock ${d} (UUID=${uuid})" >&2 ++ continue ++ fi ++ echo "Unlocked ${d} (UUID=${uuid}) successfully" >&2 ++ done ++ ++ [ "${loop}" != true ] && break ++ # Checking for pending devices to be unlocked. ++ if remaining=$(to_unlock) && [ -z "${remaining}" ]; then ++ break; ++ fi ++ ++ sleep 0.5 ++done +diff --git a/src/luks/systemd/dracut/clevis/meson.build b/src/dracut/clevis/meson.build +similarity index 87% +rename from src/luks/systemd/dracut/clevis/meson.build +rename to src/dracut/clevis/meson.build +index 167e708..224e27f 100644 +--- a/src/luks/systemd/dracut/clevis/meson.build ++++ b/src/dracut/clevis/meson.build +@@ -16,6 +16,7 @@ if dracut.found() + install_dir: dracutdir, + configuration: data, + ) ++ install_data('clevis-luks-generic-unlocker', install_dir: libexecdir) + else + warning('Will not install dracut module due to missing dependencies!') + endif +diff --git a/src/luks/systemd/dracut/clevis/module-setup.sh.in b/src/dracut/clevis/module-setup.sh.in +similarity index 76% +rename from src/luks/systemd/dracut/clevis/module-setup.sh.in +rename to src/dracut/clevis/module-setup.sh.in +index bfe657c..dbce790 100755 +--- a/src/luks/systemd/dracut/clevis/module-setup.sh.in ++++ b/src/dracut/clevis/module-setup.sh.in +@@ -19,7 +19,11 @@ + # + + depends() { +- echo crypt systemd ++ local __depends=crypt ++ if dracut_module_included "systemd"; then ++ __depends=$(printf '%s systemd' "${_depends}") ++ fi ++ echo "${__depends}" + return 255 + } + +@@ -27,17 +31,24 @@ install() { + if dracut_module_included "systemd"; then + inst_multiple \ + $systemdsystemunitdir/clevis-luks-askpass.service \ +- $systemdsystemunitdir/clevis-luks-askpass.path ++ $systemdsystemunitdir/clevis-luks-askpass.path \ ++ @SYSTEMD_REPLY_PASS@ \ ++ @libexecdir@/clevis-luks-askpass + systemctl -q --root "$initdir" add-wants cryptsetup.target clevis-luks-askpass.path + else + inst_hook initqueue/online 60 "$moddir/clevis-hook.sh" + inst_hook initqueue/settled 60 "$moddir/clevis-hook.sh" ++ ++ inst_multiple \ ++ @libexecdir@/clevis-luks-generic-unlocker \ ++ clevis-luks-unlock \ ++ lsblk \ ++ sort \ ++ awk + fi + + inst_multiple \ + /etc/services \ +- @SYSTEMD_REPLY_PASS@ \ +- @libexecdir@/clevis-luks-askpass \ + clevis-luks-common-functions \ + grep sed cut \ + clevis-decrypt \ +diff --git a/src/luks/systemd/dracut/meson.build b/src/dracut/meson.build +similarity index 78% +rename from src/luks/systemd/dracut/meson.build +rename to src/dracut/meson.build +index 7ad5b14..fdb264b 100644 +--- a/src/luks/systemd/dracut/meson.build ++++ b/src/dracut/meson.build +@@ -2,4 +2,3 @@ subdir('clevis') + subdir('clevis-pin-tang') + subdir('clevis-pin-tpm2') + subdir('clevis-pin-sss') +-subdir('clevis-pin-null') +diff --git a/src/luks/systemd/dracut/clevis/clevis-hook.sh.in b/src/luks/systemd/dracut/clevis/clevis-hook.sh.in +deleted file mode 100755 +index cb257c9..0000000 +--- a/src/luks/systemd/dracut/clevis/clevis-hook.sh.in ++++ /dev/null +@@ -1,2 +0,0 @@ +-#!/bin/bash +-@libexecdir@/clevis-luks-askpass +diff --git a/src/luks/systemd/meson.build b/src/luks/systemd/meson.build +index e3b3d91..b10494e 100644 +--- a/src/luks/systemd/meson.build ++++ b/src/luks/systemd/meson.build +@@ -10,7 +10,6 @@ sd_reply_pass = find_program( + + if systemd.found() and sd_reply_pass.found() + data.set('SYSTEMD_REPLY_PASS', sd_reply_pass.path()) +- subdir('dracut') + + unitdir = systemd.get_pkgconfig_variable('systemdsystemunitdir') + +diff --git a/src/meson.build b/src/meson.build +index c4e696f..a0dff5b 100644 +--- a/src/meson.build ++++ b/src/meson.build +@@ -1,6 +1,7 @@ + subdir('bash') + subdir('luks') + subdir('pins') ++subdir('dracut') + subdir('initramfs-tools') + + bins += join_paths(meson.current_source_dir(), 'clevis-decrypt') diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/files/clevis-meson.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/files/clevis-meson.patch new file mode 100644 index 00000000000..bfd517d3e11 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/files/clevis-meson.patch @@ -0,0 +1,11 @@ +diff --git a/src/luks/systemd/meson.build b/src/luks/systemd/meson.build +index b10494e3ca4d620437aee0d5e440eecf323b03d9..09f7fb51e7320aa71e275c34baa0561233821d69 100644 +--- a/src/luks/systemd/meson.build ++++ b/src/luks/systemd/meson.build +@@ -5,6 +5,7 @@ sd_reply_pass = find_program( + join_paths(get_option('prefix'), 'lib', 'systemd', 'systemd-reply-password'), + join_paths('/', 'usr', get_option('libdir'), 'systemd', 'systemd-reply-password'), + join_paths('/', 'usr', 'lib', 'systemd', 'systemd-reply-password'), ++ join_paths('/', 'lib', 'systemd', 'systemd-reply-password'), + required: false + ) diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/metadata.xml b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/metadata.xml new file mode 100644 index 00000000000..47804fd7a1b --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/metadata.xml @@ -0,0 +1,15 @@ + + + + + julien@jroy.ca + Julien Roy + + + latchset/clevis + + + Enable LUKS support + Enable TPM support + + From 069aaf608500f7545a08aab2a20cebf39ebc9bb2 Mon Sep 17 00:00:00 2001 From: Simon Campion Date: Fri, 12 Jan 2024 10:05:19 +0100 Subject: [PATCH 17/22] app-crypt/clevis: Apply Flatcar modifications --- .../app-crypt/clevis/clevis-19-r1.ebuild | 34 ++++++++++++++++++- .../clevis/files/clevis-dracut-flatcar.patch | 25 ++++++++++++++ .../app-crypt/clevis/metadata.xml | 4 +-- 3 files changed, 60 insertions(+), 3 deletions(-) create mode 100644 sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/files/clevis-dracut-flatcar.patch diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/clevis-19-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/clevis-19-r1.ebuild index 37a4b60eb91..0f5aff23140 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/clevis-19-r1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/clevis-19-r1.ebuild @@ -3,7 +3,8 @@ EAPI=8 -inherit meson +# Flatcar: inherit from systemd because we need to use systemd_enable_service below +inherit meson systemd DESCRIPTION="Automated Encryption Framework" HOMEPAGE="https://github.com/latchset/clevis" @@ -14,9 +15,22 @@ SLOT="0" KEYWORDS="~amd64" IUSE="+luks +tpm" +# Flatcar: add dependency for Dracut module DEPEND=" dev-libs/jose sys-fs/cryptsetup + sys-kernel/dracut + luks? ( + app-misc/jq + dev-libs/libpwquality + dev-libs/luksmeta + ) + tpm? ( app-crypt/tpm2-tools ) +" +# Flatcar: The Clevis meson build will not build certain features if certain executables are not found at build time, such as `tpm2_createprimary`. +# The meson function `find_program` that checks for the existence of the executables does not seem to search paths under ${ROOT}, but rather +# under `/`. A fix to make meson find all binaries and include all desired features is to install such runtime dependencies into the SDK. +BDEPEND=" luks? ( app-misc/jq dev-libs/libpwquality @@ -32,4 +46,22 @@ PATCHES=( "${FILESDIR}/clevis-dracut.patch" # Fix for systemd on Gentoo "${FILESDIR}/clevis-meson.patch" + # Flatcar: + # * install `clevis-pin-tang` dracut module in the absence of dracut `network` + # module; Flatcar uses a custom network module + # * skip copying `/etc/services` into initramfs when installing `clevis` dracut + # module, which would fail + "${FILESDIR}/clevis-dracut-flatcar.patch" ) + +post_src_install() { + # Flatcar: the meson build for app-crypt/clevis installs some files to ${D}${ROOT}. After that, Portage + # copies from ${D} to ${ROOT}, leading to files ending up in, e.g., /build/amd64-usr/build/amd64-usr/. + # As a workaround, we move everything from ${D}${ROOT} to ${D} after the src_install phase. + rsync -av ${D}${ROOT}/ ${D} + rm -rfv ${D}${ROOT} + + # Flatcar: enable the systemd unit that triggers Clevis's automatic response to LUKS + # disk decryption password prompts. + systemd_enable_service cryptsetup.target clevis-luks-askpass.path +} \ No newline at end of file diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/files/clevis-dracut-flatcar.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/files/clevis-dracut-flatcar.patch new file mode 100644 index 00000000000..4a4c4572530 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/files/clevis-dracut-flatcar.patch @@ -0,0 +1,25 @@ +diff --git a/src/dracut/clevis-pin-tang/module-setup.sh.in b/src/dracut/clevis-pin-tang/module-setup.sh.in +index 929b878..c48e282 100755 +--- a/src/dracut/clevis-pin-tang/module-setup.sh.in ++++ b/src/dracut/clevis-pin-tang/module-setup.sh.in +@@ -19,7 +19,7 @@ + # + + depends() { +- echo clevis network ++ echo clevis + return 0 + } + +diff --git a/src/dracut/clevis/module-setup.sh.in b/src/dracut/clevis/module-setup.sh.in +index dbce790..c9581db 100755 +--- a/src/dracut/clevis/module-setup.sh.in ++++ b/src/dracut/clevis/module-setup.sh.in +@@ -48,7 +48,6 @@ install() { + fi + + inst_multiple \ +- /etc/services \ + clevis-luks-common-functions \ + grep sed cut \ + clevis-decrypt \ diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/metadata.xml b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/metadata.xml index 47804fd7a1b..18fcd69367f 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/metadata.xml @@ -2,8 +2,8 @@ - julien@jroy.ca - Julien Roy + kjain7@u.rochester.edu + Krish Jain (based off Julien Roy's work) latchset/clevis From 204f809d5b6add3d612d14c9e1e7f905ddb4e875 Mon Sep 17 00:00:00 2001 From: Simon Campion Date: Tue, 12 Mar 2024 21:39:12 +0100 Subject: [PATCH 18/22] overlay profiles: Add accept keywords for app-crypt/clevis --- .../profiles/coreos/base/package.accept_keywords | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords index 1fd54da9696..f69ccd893bb 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords @@ -14,6 +14,9 @@ # Seems to be the only available ebuild in portage-stable right now. =app-crypt/adcli-0.9.2 ~amd64 ~arm64 +# The only available ebuild (from GURU) has ~amd64 and no keyword for arm64 yet. +=app-crypt/clevis-19-r1 ** + # Needed by arm64-native SDK. =app-crypt/efitools-1.9.2-r1 ~arm64 From e00130883a695f0ab95e97dfca3b934074058b6a Mon Sep 17 00:00:00 2001 From: Simon Campion Date: Fri, 12 Jan 2024 10:10:11 +0100 Subject: [PATCH 19/22] coreos-base/coreos: add dependency to app-crypt/clevis for disk encryption --- .../coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild | 1 + 1 file changed, 1 insertion(+) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild index 8f727b93d9d..e07f311465f 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild @@ -101,6 +101,7 @@ RDEPEND="${RDEPEND} app-arch/zip app-arch/ncompress app-crypt/adcli + app-crypt/clevis app-crypt/gnupg app-crypt/go-tspi app-crypt/tpmpolicy From 1caa75b66c3c7078809e3a7c74235e2564e73d83 Mon Sep 17 00:00:00 2001 From: Simon Campion Date: Fri, 12 Jan 2024 10:11:16 +0100 Subject: [PATCH 20/22] sys-kernel/coreos-kernel: add dependency to app-crypt/clevis app-crypt/clevis includes dracut modules that must be installed before the initramfs is built --- .../sys-kernel/coreos-kernel/coreos-kernel-6.6.17.ebuild | 1 + 1 file changed, 1 insertion(+) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.6.17.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.6.17.ebuild index a49884384e6..5aad6bb2865 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.6.17.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.6.17.ebuild @@ -12,6 +12,7 @@ RDEPEND="=sys-kernel/coreos-modules-${PVR}" DEPEND="${RDEPEND} app-arch/gzip app-arch/zstd + app-crypt/clevis app-shells/bash coreos-base/coreos-init:= sys-apps/coreutils From d02dc2bf52466819e9cb7e20abab9c220ae5a194 Mon Sep 17 00:00:00 2001 From: Simon Campion Date: Fri, 12 Jan 2024 10:13:30 +0100 Subject: [PATCH 21/22] sys-kernel/bootengine: Add support for disk encryption --- .../sys-kernel/bootengine/bootengine-9999.ebuild | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild index a700dd33cd4..052c4b576de 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild @@ -10,7 +10,7 @@ CROS_WORKON_REPO="https://github.com" if [[ "${PV}" == 9999 ]]; then KEYWORDS="~amd64 ~arm ~arm64 ~x86" else - CROS_WORKON_COMMIT="08125679df614d1e95c20ea7676ba19c56838103" # flatcar-master + CROS_WORKON_COMMIT="ea430ee8ada8f3415228c185c1205d1f681c8ca4" # flatcar-master KEYWORDS="amd64 arm arm64 x86" fi @@ -38,10 +38,9 @@ src_install() { "${D}"/usr/lib/dracut/modules.d/30ignition/ignition-setup-pre.sh \ "${D}"/usr/lib/dracut/modules.d/30ignition/ignition-kargs-helper \ "${D}"/usr/lib/dracut/modules.d/30ignition/retry-umount.sh \ + "${D}"/usr/lib/dracut/modules.d/40networkd-dependency/*-generator \ "${D}"/usr/lib/dracut/modules.d/99setup-root/initrd-setup-root \ "${D}"/usr/lib/dracut/modules.d/99setup-root/initrd-setup-root-after-ignition \ "${D}"/usr/lib/dracut/modules.d/99setup-root/gpg-agent-wrapper \ - "${D}"/usr/lib/dracut/modules.d/30ignition/coreos-metadata-wrapper \ - "${D}"/usr/lib/dracut/modules.d/30ignition/ignition-wrapper \ || die chmod } From 2a5917deb9404a693ed35b48f8920ae529deb714 Mon Sep 17 00:00:00 2001 From: Simon Campion Date: Thu, 14 Mar 2024 08:29:28 +0100 Subject: [PATCH 22/22] changelog: add entry for disk encryption --- changelog/changes/2024-03-14-tpm-tang-encryption.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog/changes/2024-03-14-tpm-tang-encryption.md diff --git a/changelog/changes/2024-03-14-tpm-tang-encryption.md b/changelog/changes/2024-03-14-tpm-tang-encryption.md new file mode 100644 index 00000000000..20aa9f4a4dd --- /dev/null +++ b/changelog/changes/2024-03-14-tpm-tang-encryption.md @@ -0,0 +1 @@ +- Added Ignition Clevis support for encrypted disks unlocked with a TPM2 device or a Tang server ([scripts#1560](https://github.com/flatcar/scripts/pull/1560))