From 0d449622573e2905172804ca725a51d3f94337a9 Mon Sep 17 00:00:00 2001 From: Vincent BENOIT Date: Wed, 18 Oct 2023 09:42:32 +0000 Subject: [PATCH] ajout des recettes yocto et scripts et confs --- conf/distro/cyber-SB-all.conf | 142 +++ conf/distro/cyber-SB-crypt.conf | 148 ++++ conf/distro/cyber-SB-fit-uboot-sign.conf | 93 ++ conf/distro/cyber-SB-fit-uboot.conf | 85 ++ .../distro/cyber-SB-fitimage-sign-verity.conf | 123 +++ conf/distro/cyber-SB-fitimage-sign.conf | 102 +++ conf/distro/cyber-SB-fitimage.conf | 77 ++ conf/distro/cyber-SB-verity.conf | 96 ++ conf/distro/cyber-secureboot.conf | 68 ++ conf/layer.conf | 14 + conf/template/bblayers.conf.sample | 25 + recipes-core/base-files/base-files_%.bbappend | 21 + recipes-core/base-files/files/fstab | 9 + recipes-core/base-files/files/hostname | 1 + recipes-core/base-files/files/hosts | 6 + recipes-core/base-files/files/locale.conf | 1 + recipes-core/base-files/files/vconsole.conf | 1 + .../core-image-minimal-initramfs.bbappend | 29 + .../images/cyber-secureboot-crypt-image.bb | 25 + recipes-core/images/cyber-secureboot-image.bb | 4 + .../images/cyber-secureboot-image.inc | 75 ++ .../images/dm-verity-image-initramfs.bbappend | 6 + recipes-core/initrdscripts/files/cryptfs | 159 ++++ recipes-core/initrdscripts/files/cryptfs_tpm2 | 22 + recipes-core/initrdscripts/files/dmverity | 69 ++ recipes-core/initrdscripts/files/rootfs | 82 ++ .../initramfs-framework_%.bbappend | 58 ++ recipes-core/systemd/systemd-boot_251.8.bb | 73 ++ recipes-core/systemd/systemd-boot_253.1.bb | 73 ++ recipes-core/systemd/systemd-bootconf_1.00.bb | 32 + recipes-core/systemd/systemd-compat-units.bb | 49 ++ .../systemd/systemd-conf/journald.conf | 3 + recipes-core/systemd/systemd-conf/logind.conf | 2 + recipes-core/systemd/systemd-conf/system.conf | 2 + .../systemd/systemd-conf/system.conf-qemuall | 3 + .../systemd/systemd-conf/wired.network | 13 + recipes-core/systemd/systemd-conf_1.0.bb | 43 + .../systemd/systemd-machine-units_1.0.bb | 13 + recipes-core/systemd/systemd-serialgetty.bb | 52 ++ .../systemd-serialgetty/serial-getty@.service | 45 + .../systemd/systemd-systemctl-native.bb | 17 + .../systemd/systemd-systemctl/systemctl | 361 ++++++++ recipes-core/systemd/systemd.inc | 24 + .../systemd/systemd/00-create-volatile.conf | 8 + .../systemd/00-hostnamed-network-user.conf | 6 + .../0001-Adjust-for-musl-headers.patch | 556 ++++++++++++ ...sysctl.d-binfmt.d-modules-load.d-to-.patch | 71 ++ ...tall-dependency-links-at-install-tim.patch | 81 ++ ...ass-correct-parameters-to-getdents64.patch | 35 + .../0002-Add-sys-stat.h-for-S_IFDIR.patch | 27 + ...tall-dependency-links-at-install-tim.patch | 83 ++ ...util-Make-STRERROR-portable-for-musl.patch | 42 + ...implment-systemd-sysv-install-for-OE.patch | 41 + ...3-missing_type.h-add-comparison_fn_t.patch | 61 ++ ...sysctl.d-binfmt.d-modules-load.d-to-.patch | 73 ++ ...k-parse_printf_format-implementation.patch | 433 +++++++++ ...ass-correct-parameters-to-getdents64.patch | 37 + ...missing.h-check-for-missing-strndupa.patch | 706 +++++++++++++++ ...trerror-is-assumed-to-be-GNU-specifi.patch | 52 ++ ...OB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch | 152 ++++ ...008-add-missing-FTW_-macros-for-musl.patch | 42 + ...implment-systemd-sysv-install-for-OE.patch | 43 + ...9-missing_type.h-add-comparison_fn_t.patch | 61 ++ ...10-Use-uintmax_t-for-handling-rlim_t.patch | 104 +++ ...k-parse_printf_format-implementation.patch | 434 +++++++++ ...missing.h-check-for-missing-strndupa.patch | 683 ++++++++++++++ ...sable-tests-for-missing-typedefs-in-.patch | 39 + ...OB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch | 155 ++++ ...T_SYMLINK_NOFOLLOW-flag-to-faccessat.patch | 97 ++ ...patible-basename-for-non-glibc-syste.patch | 32 + ...013-add-missing-FTW_-macros-for-musl.patch | 44 + ...uffering-when-writing-to-oom_score_a.patch | 39 + ...14-Use-uintmax_t-for-handling-rlim_t.patch | 106 +++ ...compliant-strerror_r-from-GNU-specif.patch | 60 ++ ...sable-tests-for-missing-typedefs-in-.patch | 41 + ...T_SYMLINK_NOFOLLOW-flag-to-faccessat.patch | 99 +++ ...patible-basename-for-non-glibc-syste.patch | 34 + ...uffering-when-writing-to-oom_score_a.patch | 41 + ...definition-of-prctl_mm_map-structure.patch | 30 + ...compliant-strerror_r-from-GNU-specif.patch | 76 ++ ...definition-of-prctl_mm_map-structure.patch | 32 + ...-not-disable-buffer-in-writing-files.patch | 448 ++++++++++ .../0022-Handle-__cpu_mask-usage.patch | 60 ++ ...-not-disable-buffer-in-writing-files.patch | 467 ++++++++++ .../systemd/0023-Handle-missing-gshadow.patch | 173 ++++ ...l.h-Define-MIPS-ABI-defines-for-musl.patch | 49 ++ .../0025-Handle-__cpu_mask-usage.patch | 58 ++ ...citly-cast-the-constants-to-uint64_t.patch | 44 + .../systemd/0026-Handle-missing-gshadow.patch | 171 ++++ ...-string.c-define-wchar_t-from-__WCHA.patch | 44 + ...l.h-Define-MIPS-ABI-defines-for-musl.patch | 47 + .../systemd/systemd/99-default.preset | 1 + recipes-core/systemd/systemd/init | 104 +++ .../org.freedesktop.hostname1_no_polkit.conf | 11 + recipes-core/systemd/systemd/systemd-pager.sh | 7 + .../systemd/systemd/touchscreen.rules | 18 + recipes-core/systemd/systemd_251.8.bb | 801 +++++++++++++++++ recipes-core/systemd/systemd_251.8.bbappend | 9 + recipes-core/systemd/systemd_253.1.bb | 832 ++++++++++++++++++ recipes-core/systemd/systemd_253.1.bbappend | 9 + recipes-crypto/cryptsetup/cryptsetup_2.6.0.bb | 107 +++ .../libpwquality/libpwquality_%.bbappend | 7 + recipes-scle/cyber-cryptfs/cyber-cryptfs.bb | 25 + recipes-scle/cyber-cryptfs/files/cryptfs | 146 +++ recipes-scle/cyber-cryptfs/files/cryptfs_tpm2 | 30 + recipes-scle/cyber-users/cyber-users.bb | 23 + .../ecryptfs-utils/ecryptfs-utils_%.bbappend | 2 + recipes-support/eltt2/eltt2.bb | 28 + recipes-tpm2/clevis/clevis_19.bb | 43 + .../files/0001-tests-depedencies-errors.patch | 10 + recipes-tpm2/jose/jose_11.bb | 29 + recipes-tpm2/luksmeta/luksmeta_9.bb | 24 + recipes-tpm2/tpm2-abrmd/tpm2-abrmd_%.bbappend | 1 + recipes-tpm2/tpm2-tools/tpm2-tools_%.bbappend | 3 + recipes-tpm2/tpm2-tss/tpm2-tss_%.bbappend | 3 + scripts/envsetup.sh | 274 ++++++ 116 files changed, 11210 insertions(+) create mode 100644 conf/distro/cyber-SB-all.conf create mode 100644 conf/distro/cyber-SB-crypt.conf create mode 100644 conf/distro/cyber-SB-fit-uboot-sign.conf create mode 100644 conf/distro/cyber-SB-fit-uboot.conf create mode 100644 conf/distro/cyber-SB-fitimage-sign-verity.conf create mode 100644 conf/distro/cyber-SB-fitimage-sign.conf create mode 100644 conf/distro/cyber-SB-fitimage.conf create mode 100644 conf/distro/cyber-SB-verity.conf create mode 100644 conf/distro/cyber-secureboot.conf create mode 100644 conf/layer.conf create mode 100644 conf/template/bblayers.conf.sample create mode 100644 recipes-core/base-files/base-files_%.bbappend create mode 100644 recipes-core/base-files/files/fstab create mode 100644 recipes-core/base-files/files/hostname create mode 100644 recipes-core/base-files/files/hosts create mode 100644 recipes-core/base-files/files/locale.conf create mode 100644 recipes-core/base-files/files/vconsole.conf create mode 100644 recipes-core/images/core-image-minimal-initramfs.bbappend create mode 100644 recipes-core/images/cyber-secureboot-crypt-image.bb create mode 100644 recipes-core/images/cyber-secureboot-image.bb create mode 100644 recipes-core/images/cyber-secureboot-image.inc create mode 100644 recipes-core/images/dm-verity-image-initramfs.bbappend create mode 100644 recipes-core/initrdscripts/files/cryptfs create mode 100644 recipes-core/initrdscripts/files/cryptfs_tpm2 create mode 100644 recipes-core/initrdscripts/files/dmverity create mode 100644 recipes-core/initrdscripts/files/rootfs create mode 100644 recipes-core/initrdscripts/initramfs-framework_%.bbappend create mode 100644 recipes-core/systemd/systemd-boot_251.8.bb create mode 100644 recipes-core/systemd/systemd-boot_253.1.bb create mode 100644 recipes-core/systemd/systemd-bootconf_1.00.bb create mode 100644 recipes-core/systemd/systemd-compat-units.bb create mode 100644 recipes-core/systemd/systemd-conf/journald.conf create mode 100644 recipes-core/systemd/systemd-conf/logind.conf create mode 100644 recipes-core/systemd/systemd-conf/system.conf create mode 100644 recipes-core/systemd/systemd-conf/system.conf-qemuall create mode 100644 recipes-core/systemd/systemd-conf/wired.network create mode 100644 recipes-core/systemd/systemd-conf_1.0.bb create mode 100644 recipes-core/systemd/systemd-machine-units_1.0.bb create mode 100644 recipes-core/systemd/systemd-serialgetty.bb create mode 100644 recipes-core/systemd/systemd-serialgetty/serial-getty@.service create mode 100644 recipes-core/systemd/systemd-systemctl-native.bb create mode 100755 recipes-core/systemd/systemd-systemctl/systemctl create mode 100644 recipes-core/systemd/systemd.inc create mode 100644 recipes-core/systemd/systemd/00-create-volatile.conf create mode 100644 recipes-core/systemd/systemd/00-hostnamed-network-user.conf create mode 100644 recipes-core/systemd/systemd/0001-Adjust-for-musl-headers.patch create mode 100644 recipes-core/systemd/systemd/0001-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch create mode 100644 recipes-core/systemd/systemd/0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch create mode 100644 recipes-core/systemd/systemd/0001-pass-correct-parameters-to-getdents64.patch create mode 100644 recipes-core/systemd/systemd/0002-Add-sys-stat.h-for-S_IFDIR.patch create mode 100644 recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch create mode 100644 recipes-core/systemd/systemd/0003-errno-util-Make-STRERROR-portable-for-musl.patch create mode 100644 recipes-core/systemd/systemd/0003-implment-systemd-sysv-install-for-OE.patch create mode 100644 recipes-core/systemd/systemd/0003-missing_type.h-add-comparison_fn_t.patch create mode 100644 recipes-core/systemd/systemd/0004-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch create mode 100644 recipes-core/systemd/systemd/0004-add-fallback-parse_printf_format-implementation.patch create mode 100644 recipes-core/systemd/systemd/0005-pass-correct-parameters-to-getdents64.patch create mode 100644 recipes-core/systemd/systemd/0005-src-basic-missing.h-check-for-missing-strndupa.patch create mode 100644 recipes-core/systemd/systemd/0006-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch create mode 100644 recipes-core/systemd/systemd/0007-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch create mode 100644 recipes-core/systemd/systemd/0008-add-missing-FTW_-macros-for-musl.patch create mode 100644 recipes-core/systemd/systemd/0008-implment-systemd-sysv-install-for-OE.patch create mode 100644 recipes-core/systemd/systemd/0009-missing_type.h-add-comparison_fn_t.patch create mode 100644 recipes-core/systemd/systemd/0010-Use-uintmax_t-for-handling-rlim_t.patch create mode 100644 recipes-core/systemd/systemd/0010-add-fallback-parse_printf_format-implementation.patch create mode 100644 recipes-core/systemd/systemd/0011-src-basic-missing.h-check-for-missing-strndupa.patch create mode 100644 recipes-core/systemd/systemd/0011-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch create mode 100644 recipes-core/systemd/systemd/0012-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch create mode 100644 recipes-core/systemd/systemd/0012-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch create mode 100644 recipes-core/systemd/systemd/0013-Define-glibc-compatible-basename-for-non-glibc-syste.patch create mode 100644 recipes-core/systemd/systemd/0013-add-missing-FTW_-macros-for-musl.patch create mode 100644 recipes-core/systemd/systemd/0014-Do-not-disable-buffering-when-writing-to-oom_score_a.patch create mode 100644 recipes-core/systemd/systemd/0014-Use-uintmax_t-for-handling-rlim_t.patch create mode 100644 recipes-core/systemd/systemd/0015-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch create mode 100644 recipes-core/systemd/systemd/0015-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch create mode 100644 recipes-core/systemd/systemd/0016-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch create mode 100644 recipes-core/systemd/systemd/0017-Define-glibc-compatible-basename-for-non-glibc-syste.patch create mode 100644 recipes-core/systemd/systemd/0018-Do-not-disable-buffering-when-writing-to-oom_score_a.patch create mode 100644 recipes-core/systemd/systemd/0018-avoid-redefinition-of-prctl_mm_map-structure.patch create mode 100644 recipes-core/systemd/systemd/0019-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch create mode 100644 recipes-core/systemd/systemd/0020-avoid-redefinition-of-prctl_mm_map-structure.patch create mode 100644 recipes-core/systemd/systemd/0021-do-not-disable-buffer-in-writing-files.patch create mode 100644 recipes-core/systemd/systemd/0022-Handle-__cpu_mask-usage.patch create mode 100644 recipes-core/systemd/systemd/0022-do-not-disable-buffer-in-writing-files.patch create mode 100644 recipes-core/systemd/systemd/0023-Handle-missing-gshadow.patch create mode 100644 recipes-core/systemd/systemd/0024-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch create mode 100644 recipes-core/systemd/systemd/0025-Handle-__cpu_mask-usage.patch create mode 100644 recipes-core/systemd/systemd/0025-systemctl-explicitly-cast-the-constants-to-uint64_t.patch create mode 100644 recipes-core/systemd/systemd/0026-Handle-missing-gshadow.patch create mode 100644 recipes-core/systemd/systemd/0026-src-boot-efi-efi-string.c-define-wchar_t-from-__WCHA.patch create mode 100644 recipes-core/systemd/systemd/0028-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch create mode 100644 recipes-core/systemd/systemd/99-default.preset create mode 100644 recipes-core/systemd/systemd/init create mode 100644 recipes-core/systemd/systemd/org.freedesktop.hostname1_no_polkit.conf create mode 100644 recipes-core/systemd/systemd/systemd-pager.sh create mode 100644 recipes-core/systemd/systemd/touchscreen.rules create mode 100644 recipes-core/systemd/systemd_251.8.bb create mode 100644 recipes-core/systemd/systemd_251.8.bbappend create mode 100644 recipes-core/systemd/systemd_253.1.bb create mode 100644 recipes-core/systemd/systemd_253.1.bbappend create mode 100644 recipes-crypto/cryptsetup/cryptsetup_2.6.0.bb create mode 100644 recipes-extended/libpwquality/libpwquality_%.bbappend create mode 100644 recipes-scle/cyber-cryptfs/cyber-cryptfs.bb create mode 100644 recipes-scle/cyber-cryptfs/files/cryptfs create mode 100644 recipes-scle/cyber-cryptfs/files/cryptfs_tpm2 create mode 100644 recipes-scle/cyber-users/cyber-users.bb create mode 100644 recipes-security/ecryptfs-utils/ecryptfs-utils_%.bbappend create mode 100644 recipes-support/eltt2/eltt2.bb create mode 100644 recipes-tpm2/clevis/clevis_19.bb create mode 100644 recipes-tpm2/clevis/files/0001-tests-depedencies-errors.patch create mode 100644 recipes-tpm2/jose/jose_11.bb create mode 100644 recipes-tpm2/luksmeta/luksmeta_9.bb create mode 100644 recipes-tpm2/tpm2-abrmd/tpm2-abrmd_%.bbappend create mode 100644 recipes-tpm2/tpm2-tools/tpm2-tools_%.bbappend create mode 100644 recipes-tpm2/tpm2-tss/tpm2-tss_%.bbappend create mode 100644 scripts/envsetup.sh diff --git a/conf/distro/cyber-SB-all.conf b/conf/distro/cyber-SB-all.conf new file mode 100644 index 0000000..41ab81a --- /dev/null +++ b/conf/distro/cyber-SB-all.conf @@ -0,0 +1,142 @@ +#@TYPE: Distribution +#@NAME: Cyber-secureboot +#@DESCRIPTION: Distribution configuration for SecureBoot Proof of Concept + +DISTRO_VERSION = "1.0.0" +DISTRO_NAME = "SCLE Cyber SecureBoot Distro" + +SDK_VENDOR = "-cyber" +SDK_VERSION = "${DISTRO_VERSION}" +MAINTENER = "vincent.benoit@scle.fr" + +# Image Rootfs type and size +WKS_FILE = "pengwyn-yocto-verity.wks.in" + +# Define a multiplier that the build system applies +IMAGE_OVERHEAD_FACTOR = "3" +# 3 Go +#IMAGE_ROOTFS_EXTRA_SPACE = "3145728" + +# mask systemd-serialgetty parsed attribute SERIAL_CONSOLES +#SERIAL_CONSOLES = "" + +########################################################## +# +# Bootloader & SPL +# +########################################################## + +# The file type for the Secondary Program Loader (SPL) +SPL_BINARY = "spl/u-boot-spl.bin" +SPL_SUFFIX = "bin" + +#********************************************************* +# U-Boot FIT Image +#********************************************************* + +# Enable use of a U-Boot fitImage +UBOOT_FITIMAGE_ENABLE = "1" +# U-Boot fitImage Hash Algo +UBOOT_FIT_HASH_ALG = "sha256" +# U-Boot fitImage Signature Algo +UBOOT_FIT_SIGN_ALG = "rsa2048" +# Generate keys for signing U-Boot fitImage +UBOOT_FIT_GENERATE_KEYS = "1" +# Size of private keys in number of bits +UBOOT_FIT_SIGN_NUMBITS = "2048" + +#********************************************************* +# U-Boot & SPL Signature +#********************************************************* + +# Localtion of the directory containing the RSA key and certificate used for signing image +UBOOT_SIGN_KEYDIR = "${PWD}/scle_keys" +# keys name in keydir (eg. "dev.crt", "dev.key") +UBOOT_SIGN_KEYNAME = "scle_kernel" +UBOOT_SIGN_ENABLE = "1" + +# Localtion of the directory containing the RSA key and certificate used for signing bootloader +SPL_SIGN_KEYDIR = "${PWD}/scle_keys" +SPL_SIGN_KEYNAME = "scle_uboot" +SPL_SIGN_ENABLE = "1" + +########################################################## +# +# Linux +# +########################################################## + +KERNEL_CLASSES ?= " kernel-fitimage " +KERNEL_IMAGETYPE = "fitImage" + +#********************************************************* +# Kernel FIT Image +#********************************************************* + +# Decides whether to generate the keys for signing fitImage if they don’t already exist +FIT_GENERATE_KEYS = "1" +# Specifies the hash algorithm used in creating the FIT Image +FIT_HASH_ALG = "sha256" +# Specifies the signature algorithm used in creating the FIT Image +FIT_SIGN_ALG = "rsa4096" +# Size of private key in number of bits used in fitImage +FIT_SIGN_NUMBITS = "4096" +# sign the kernel, dtb and ramdisk images individually in addition to signing the fitImage itself +FIT_SIGN_INDIVIDUAL = "1" + +IMAGE_BOOT_FILES = " \ + MLO \ + u-boot.${UBOOT_SUFFIX} \ + uEnv.txt \ + fitImage \ + devicetree/am335x-pengwyn.dtb \ + " + +########################################################## +# +# Device Mapper - Verity +# +########################################################## + +SCLE_DM_VERITY = "1" +IMAGE_CLASSES += " dm-verity-img" +DM_VERITY_IMAGE = "cyber-secureboot-image" +DM_VERITY_IMAGE_TYPE = "ext4" +#DM_VERITY_IMAGE_DATA_BLOCK_SIZE = "4096" + +#INITRAMFS_IMAGE = "core-image-minimal-initramfs" +INITRAMFS_IMAGE = "dm-verity-image-initramfs" +INITRAMFS_FSTYPES = "cpio.gz" +INITRAMFS_IMAGE_BUNDLE = "1" + +SDIMG_ROOTFS_TYPE = "ext4.verity" + +########################################################## +# +# Misc +# +########################################################## + +# Preferred providers for Packages +PREFERRED_RPROVIDER_libdevmapper-native = "libdevmapper-native" + +# Use systemd +DISTRO_FEATURES = "acl argp systemd usbhost ipv4 largefile usbgadget pam vfat xattr ldconfig tpm tpm2 security" + +VIRTUAL-RUNTIME_init_manager = "systemd" +VIRTUAL-RUNTIME_login_manager = "shadow-base" +VIRTUAL-RUNTIME_syslog = "rsyslog" +VIRTUAL-RUNTIME_initscripts = "systemd-compat-units" +DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit" + +IMAGE_FEATURES += " package-management ssh-server-openssh read-only-rootfs" + +# set /var/log persistent +VOLATILE_LOG_DIR = "no" + +# Use extrausers +INHERIT += "extrausers" +# mkpasswd -m sha-512 root -s sclecyber +EXTRA_USERS_PARAMS += "usermod -p '\$6\$sclecyber\$n9LKVtEnhPIDEbFdRFVPWbuRoYabzprcF0W2XuR4Tg/au6xrII8/4qBDc8vPn0z7qthIL.UMp4TlZWi9uOsFQ.' root;" + +RM_WORK_EXCLUDE += "dm-verity-image-initramfs cyber-secureboot-image" diff --git a/conf/distro/cyber-SB-crypt.conf b/conf/distro/cyber-SB-crypt.conf new file mode 100644 index 0000000..b12d3ac --- /dev/null +++ b/conf/distro/cyber-SB-crypt.conf @@ -0,0 +1,148 @@ +#@TYPE: Distribution +#@NAME: Cyber-secureboot +#@DESCRIPTION: Distribution configuration for SecureBoot Proof of Concept + +DISTRO_VERSION = "1.0.0" +DISTRO_NAME = "SCLE Cyber SecureBoot Distro" + +SDK_VENDOR = "-cyber" +SDK_VERSION = "${DISTRO_VERSION}" +MAINTENER = "vincent.benoit@scle.fr" + +# Image Rootfs type and size +WKS_FILE = "pengwyn-yocto-crypt.wks.in" + +# Define a multiplier that the build system applies +IMAGE_OVERHEAD_FACTOR = "3" +# 3 Go +#IMAGE_ROOTFS_EXTRA_SPACE = "3145728" + +# mask systemd-serialgetty parsed attribute SERIAL_CONSOLES +#SERIAL_CONSOLES = "" + +########################################################## +# +# Bootloader & SPL +# +########################################################## + +# The file type for the Secondary Program Loader (SPL) +SPL_BINARY = "spl/u-boot-spl.bin" +SPL_SUFFIX = "bin" + +#********************************************************* +# U-Boot FIT Image +#********************************************************* + +UBOOT_ENTRYPOINT = "0x81000000" +UBOOT_LOADADDRESS = "0x81000000" +UBOOT_DTB_LOADADDRESS = "0x86000000" + +# Enable use of a U-Boot fitImage +UBOOT_FITIMAGE_ENABLE = "1" +# U-Boot fitImage Hash Algo +UBOOT_FIT_HASH_ALG = "sha256" +# U-Boot fitImage Signature Algo +UBOOT_FIT_SIGN_ALG = "rsa2048" +# Generate keys for signing U-Boot fitImage +UBOOT_FIT_GENERATE_KEYS = "1" +# Size of private keys in number of bits +UBOOT_FIT_SIGN_NUMBITS = "2048" + +#********************************************************* +# U-Boot & SPL Signature +#********************************************************* + +# Localtion of the directory containing the RSA key and certificate used for signing image +UBOOT_SIGN_KEYDIR = "${PWD}/scle_keys" +# keys name in keydir (eg. "dev.crt", "dev.key") +UBOOT_SIGN_KEYNAME = "scle_kernel" +UBOOT_SIGN_ENABLE = "1" + +# Localtion of the directory containing the RSA key and certificate used for signing bootloader +SPL_SIGN_KEYDIR = "${PWD}/scle_keys" +SPL_SIGN_KEYNAME = "scle_uboot" +SPL_SIGN_ENABLE = "1" + +########################################################## +# +# Linux +# +########################################################## + +KERNEL_CLASSES ?= " kernel-fitimage " +KERNEL_IMAGETYPE = "fitImage" + +#********************************************************* +# Kernel FIT Image +#********************************************************* + +# Decides whether to generate the keys for signing fitImage if they don’t already exist +FIT_GENERATE_KEYS = "1" +# Specifies the hash algorithm used in creating the FIT Image +FIT_HASH_ALG = "sha256" +# Specifies the signature algorithm used in creating the FIT Image +FIT_SIGN_ALG = "rsa4096" +# Size of private key in number of bits used in fitImage +FIT_SIGN_NUMBITS = "4096" +# sign the kernel, dtb and ramdisk images individually in addition to signing the fitImage itself +FIT_SIGN_INDIVIDUAL = "1" + +IMAGE_BOOT_FILES = " \ + MLO \ + u-boot.${UBOOT_SUFFIX} \ + uEnv.txt \ + fitImage \ + devicetree/am335x-pengwyn.dtb \ + " + +########################################################## +# +# Device Mapper - Verity +# +########################################################## + +#SCLE_DM_VERITY = "1" +#IMAGE_CLASSES += " dm-verity-img" +#DM_VERITY_IMAGE = "cyber-secureboot-image" +#DM_VERITY_IMAGE_TYPE = "ext4" +##DM_VERITY_IMAGE_DATA_BLOCK_SIZE = "4096" +# +INITRAMFS_IMAGE = "core-image-minimal-initramfs" +#INITRAMFS_IMAGE = "dm-verity-image-initramfs" +INITRAMFS_FSTYPES = "cpio.gz" +INITRAMFS_IMAGE_BUNDLE = "1" +INITRAMFS_MAXSIZE = "300000" +# +#SDIMG_ROOTFS_TYPE = "ext4.verity" + +########################################################## +# +# Misc +# +########################################################## + +# Preferred providers for Packages +PREFERRED_RPROVIDER_libdevmapper-native = "libdevmapper-native" + +# Use systemd +DISTRO_FEATURES = "acl argp systemd usbhost ipv4 largefile usbgadget pam vfat xattr ldconfig tpm tpm2 security polkit" + +VIRTUAL-RUNTIME_init_manager = "systemd" +VIRTUAL-RUNTIME_login_manager = "shadow-base" +VIRTUAL-RUNTIME_syslog = "rsyslog" +VIRTUAL-RUNTIME_initscripts = "systemd-compat-units" +DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit" + +#IMAGE_FEATURES += " package-management ssh-server-openssh read-only-rootfs" +IMAGE_FEATURES += " package-management ssh-server-openssh" + +# set /var/log persistent +VOLATILE_LOG_DIR = "no" + +# Use extrausers +INHERIT += "extrausers" +# mkpasswd -m sha-512 root -s sclecyber +EXTRA_USERS_PARAMS += "usermod -p '\$6\$sclecyber\$n9LKVtEnhPIDEbFdRFVPWbuRoYabzprcF0W2XuR4Tg/au6xrII8/4qBDc8vPn0z7qthIL.UMp4TlZWi9uOsFQ.' root;" + +RM_WORK_EXCLUDE += "core-image-minimal-initramfs cyber-secureboot-image clevis systemd libpwquality" diff --git a/conf/distro/cyber-SB-fit-uboot-sign.conf b/conf/distro/cyber-SB-fit-uboot-sign.conf new file mode 100644 index 0000000..e465d09 --- /dev/null +++ b/conf/distro/cyber-SB-fit-uboot-sign.conf @@ -0,0 +1,93 @@ +#@TYPE: Distribution +#@NAME: Cyber-secureboot +#@DESCRIPTION: Distribution configuration for SecureBoot Proof of Concept + +DISTRO_VERSION = "1.0.0" +DISTRO_NAME = "SCLE Cyber SecureBoot Distro - FitImage U-Boot signed and Kernel" + +SDK_VENDOR = "-cyber" +SDK_VERSION = "${DISTRO_VERSION}" +MAINTENER = "vincent.benoit@scle.fr" + +# Image Rootfs type and size +WKS_FILE = "pengwyn-yocto.wks.in" + +# Define a multiplier that the build system applies +IMAGE_OVERHEAD_FACTOR = "3" + +########################################################## +# +# Bootloader & SPL +# +########################################################## + +## The file type for the Secondary Program Loader (SPL) +SPL_BINARY = "spl/u-boot-spl.bin" +SPL_SUFFIX = "bin" + +# Localization of the directory containing the RSA key and certificate used for signing bootloader +SPL_SIGN_KEYDIR = "${PWD}/scle_keys" +SPL_SIGN_KEYNAME = "scle_uboot" +SPL_SIGN_ENABLE = "1" + +#********************************************************* +# U-Boot FIT Image +#********************************************************* + +# Enable use of a U-Boot fitImage +UBOOT_FITIMAGE_ENABLE = "1" +# U-Boot fitImage Hash Algo +UBOOT_FIT_HASH_ALG = "sha256" +# U-Boot fitImage Signature Algo +UBOOT_FIT_SIGN_ALG = "rsa2048" +# Generate keys for signing U-Boot fitImage +UBOOT_FIT_GENERATE_KEYS = "1" +# Size of private keys in number of bits +UBOOT_FIT_SIGN_NUMBITS = "2048" + +########################################################## +# +# Linux +# +########################################################## + +KERNEL_CLASSES ?= " kernel-fitimage " +KERNEL_IMAGETYPE = "fitImage" + +IMAGE_BOOT_FILES = " \ + MLO \ + u-boot.${UBOOT_SUFFIX} \ + uEnv.txt \ + fitImage \ + devicetree/am335x-pengwyn.dtb \ + " + +########################################################## +# +# Misc +# +########################################################## + +# Preferred providers for Packages +PREFERRED_RPROVIDER_libdevmapper-native = "libdevmapper-native" + +# Use systemd +DISTRO_FEATURES = "acl argp systemd usbhost ipv4 largefile usbgadget pam vfat xattr ldconfig" + +VIRTUAL-RUNTIME_init_manager = "systemd" +VIRTUAL-RUNTIME_login_manager = "shadow-base" +VIRTUAL-RUNTIME_syslog = "rsyslog" +VIRTUAL-RUNTIME_initscripts = "systemd-compat-units" +DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit" + +IMAGE_FEATURES += " package-management ssh-server-openssh" + +# set /var/log persistent +VOLATILE_LOG_DIR = "no" + +# Use extrausers +INHERIT += "extrausers" +# mkpasswd -m sha-512 root -s sclecyber +EXTRA_USERS_PARAMS += "usermod -p '\$6\$sclecyber\$n9LKVtEnhPIDEbFdRFVPWbuRoYabzprcF0W2XuR4Tg/au6xrII8/4qBDc8vPn0z7qthIL.UMp4TlZWi9uOsFQ.' root;" + +RM_WORK_EXCLUDE += "cyber-secureboot-image" diff --git a/conf/distro/cyber-SB-fit-uboot.conf b/conf/distro/cyber-SB-fit-uboot.conf new file mode 100644 index 0000000..67fb4c7 --- /dev/null +++ b/conf/distro/cyber-SB-fit-uboot.conf @@ -0,0 +1,85 @@ +#@TYPE: Distribution +#@NAME: Cyber-secureboot +#@DESCRIPTION: Distribution configuration for SecureBoot Proof of Concept + +DISTRO_VERSION = "1.0.0" +DISTRO_NAME = "SCLE Cyber SecureBoot Distro - FitImage U-Boot and Kernel" + +SDK_VENDOR = "-cyber" +SDK_VERSION = "${DISTRO_VERSION}" +MAINTENER = "vincent.benoit@scle.fr" + +# Image Rootfs type and size +WKS_FILE = "pengwyn-yocto.wks.in" + +# Define a multiplier that the build system applies +IMAGE_OVERHEAD_FACTOR = "3" +# 3 Go +#IMAGE_ROOTFS_EXTRA_SPACE = "3145728" + +# mask systemd-serialgetty parsed attribute SERIAL_CONSOLES +#SERIAL_CONSOLES = "" + +########################################################## +# +# Bootloader & SPL +# +########################################################## + +## The file type for the Secondary Program Loader (SPL) +SPL_BINARY = "spl/u-boot-spl.bin" +SPL_SUFFIX = "bin" + +#********************************************************* +# U-Boot FIT Image +#********************************************************* + +# Enable use of a U-Boot fitImage +UBOOT_FITIMAGE_ENABLE = "1" + +########################################################## +# +# Linux +# +########################################################## + +KERNEL_CLASSES ?= " kernel-fitimage " +KERNEL_IMAGETYPE = "fitImage" + +IMAGE_BOOT_FILES = " \ + MLO \ + u-boot.${UBOOT_SUFFIX} \ + uEnv.txt \ + fitImage \ + devicetree/am335x-pengwyn.dtb \ + " + +########################################################## +# +# Misc +# +########################################################## + +# Preferred providers for Packages +PREFERRED_RPROVIDER_libdevmapper-native = "libdevmapper-native" + +# Use systemd +DISTRO_FEATURES = "acl argp systemd usbhost ipv4 largefile usbgadget pam vfat xattr ldconfig" + +VIRTUAL-RUNTIME_init_manager = "systemd" +VIRTUAL-RUNTIME_login_manager = "shadow-base" +VIRTUAL-RUNTIME_syslog = "rsyslog" +VIRTUAL-RUNTIME_initscripts = "systemd-compat-units" +DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit" + +IMAGE_FEATURES += " package-management ssh-server-openssh" + +# set /var/log persistent +VOLATILE_LOG_DIR = "no" + +# Use extrausers +INHERIT += "extrausers" +# mkpasswd -m sha-512 root -s sclecyber +EXTRA_USERS_PARAMS += "usermod -p '\$6\$sclecyber\$n9LKVtEnhPIDEbFdRFVPWbuRoYabzprcF0W2XuR4Tg/au6xrII8/4qBDc8vPn0z7qthIL.UMp4TlZWi9uOsFQ.' root;" + +RM_WORK_EXCLUDE += "cyber-secureboot-image" diff --git a/conf/distro/cyber-SB-fitimage-sign-verity.conf b/conf/distro/cyber-SB-fitimage-sign-verity.conf new file mode 100644 index 0000000..0855ae4 --- /dev/null +++ b/conf/distro/cyber-SB-fitimage-sign-verity.conf @@ -0,0 +1,123 @@ +#@TYPE: Distribution +#@NAME: Cyber-secureboot +#@DESCRIPTION: Distribution configuration for SecureBoot Proof of Concept + +DISTRO_VERSION = "1.0.0" +DISTRO_NAME = "SCLE Cyber SecureBoot Distro - Kernel FitImage Signed" + +SDK_VENDOR = "-cyber" +SDK_VERSION = "${DISTRO_VERSION}" +MAINTENER = "vincent.benoit@scle.fr" + +# Image Rootfs type and size +WKS_FILE = "pengwyn-yocto-verity.wks.in" + +# Define a multiplier that the build system applies +IMAGE_OVERHEAD_FACTOR = "3" +# 3 Go +#IMAGE_ROOTFS_EXTRA_SPACE = "3145728" + +# mask systemd-serialgetty parsed attribute SERIAL_CONSOLES +#SERIAL_CONSOLES = "" + +########################################################## +# +# Bootloader & SPL +# +########################################################## + +## The file type for the Secondary Program Loader (SPL) +SPL_BINARY = "MLO" + +#********************************************************* +# U-Boot Signature +#********************************************************* + +# Localtion of the directory containing the RSA key and certificate used for signing image +UBOOT_SIGN_KEYDIR = "${PWD}/scle_keys" +# keys name in keydir (eg. "dev.crt", "dev.key") +UBOOT_SIGN_KEYNAME = "scle_conf" +# keys to sign image nodes => FIT_SIGN_INDIVIDUAL = 1 +# keys used to sign images and conf nodes must be differents +UBOOT_SIGN_IMG_KEYNAME = "scle_kernel" +UBOOT_SIGN_ENABLE = "1" + +########################################################## +# +# Linux +# +########################################################## + +KERNEL_CLASSES ?= " kernel-fitimage " +KERNEL_IMAGETYPE = "fitImage" + +#********************************************************* +# Kernel FIT Image +#********************************************************* + +# Decides whether to generate the keys for signing fitImage if they don’t already exist +FIT_GENERATE_KEYS = "1" +# Specifies the hash algorithm used in creating the FIT Image +FIT_HASH_ALG = "sha256" +# Specifies the signature algorithm used in creating the FIT Image +FIT_SIGN_ALG = "rsa4096" +# Size of private key in number of bits used in fitImage +FIT_SIGN_NUMBITS = "4096" +# sign the kernel, dtb and ramdisk images individually in addition to signing the fitImage itself +FIT_SIGN_INDIVIDUAL = "1" + +IMAGE_BOOT_FILES = " \ + MLO \ + u-boot.${UBOOT_SUFFIX} \ + uEnv.txt \ + fitImage \ + devicetree/am335x-pengwyn.dtb \ + " + +########################################################## +# +# Device Mapper - Verity +# +########################################################## + +SCLE_DM_VERITY = "1" +IMAGE_CLASSES += " dm-verity-img" +DM_VERITY_IMAGE = "cyber-secureboot-image" +DM_VERITY_IMAGE_TYPE = "ext4" +#DM_VERITY_IMAGE_DATA_BLOCK_SIZE = "4096" + +INITRAMFS_IMAGE = "dm-verity-image-initramfs" +INITRAMFS_FSTYPES = "cpio.gz" +INITRAMFS_IMAGE_BUNDLE = "1" + +SDIMG_ROOTFS_TYPE = "ext4.verity" + +########################################################## +# +# Misc +# +########################################################## + +# Preferred providers for Packages +PREFERRED_RPROVIDER_libdevmapper-native = "libdevmapper-native" + +# Use systemd +DISTRO_FEATURES = "acl argp systemd usbhost ipv4 largefile usbgadget pam vfat xattr ldconfig tpm tpm2 security" + +VIRTUAL-RUNTIME_init_manager = "systemd" +VIRTUAL-RUNTIME_login_manager = "shadow-base" +VIRTUAL-RUNTIME_syslog = "rsyslog" +VIRTUAL-RUNTIME_initscripts = "systemd-compat-units" +DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit" + +IMAGE_FEATURES += " package-management ssh-server-openssh read-only-rootfs" + +# set /var/log persistent +VOLATILE_LOG_DIR = "no" + +# Use extrausers +INHERIT += "extrausers" +# mkpasswd -m sha-512 root -s sclecyber +EXTRA_USERS_PARAMS += "usermod -p '\$6\$sclecyber\$n9LKVtEnhPIDEbFdRFVPWbuRoYabzprcF0W2XuR4Tg/au6xrII8/4qBDc8vPn0z7qthIL.UMp4TlZWi9uOsFQ.' root;" + +RM_WORK_EXCLUDE += "dm-verity-image-initramfs cyber-secureboot-image" diff --git a/conf/distro/cyber-SB-fitimage-sign.conf b/conf/distro/cyber-SB-fitimage-sign.conf new file mode 100644 index 0000000..482b8d3 --- /dev/null +++ b/conf/distro/cyber-SB-fitimage-sign.conf @@ -0,0 +1,102 @@ +#@TYPE: Distribution +#@NAME: Cyber-secureboot +#@DESCRIPTION: Distribution configuration for SecureBoot Proof of Concept + +DISTRO_VERSION = "1.0.0" +DISTRO_NAME = "SCLE Cyber SecureBoot Distro - Kernel FitImage Signed" + +SDK_VENDOR = "-cyber" +SDK_VERSION = "${DISTRO_VERSION}" +MAINTENER = "vincent.benoit@scle.fr" + +# Image Rootfs type and size +WKS_FILE = "pengwyn-yocto.wks.in" + +# Define a multiplier that the build system applies +IMAGE_OVERHEAD_FACTOR = "3" +# 3 Go +#IMAGE_ROOTFS_EXTRA_SPACE = "3145728" + +# mask systemd-serialgetty parsed attribute SERIAL_CONSOLES +#SERIAL_CONSOLES = "" + +########################################################## +# +# Bootloader & SPL +# +########################################################## + +## The file type for the Secondary Program Loader (SPL) +SPL_BINARY = "MLO" + +#********************************************************* +# U-Boot Signature +#********************************************************* + +# Localtion of the directory containing the RSA key and certificate used for signing image +UBOOT_SIGN_KEYDIR = "${PWD}/scle_keys" +# keys name in keydir (eg. "dev.crt", "dev.key") +UBOOT_SIGN_KEYNAME = "scle_conf" +# keys to sign image nodes => FIT_SIGN_INDIVIDUAL = 1 +# keys used to sign images and conf nodes must be differents +UBOOT_SIGN_IMG_KEYNAME = "scle_kernel" +UBOOT_SIGN_ENABLE = "1" + +########################################################## +# +# Linux +# +########################################################## + +KERNEL_CLASSES ?= " kernel-fitimage " +KERNEL_IMAGETYPE = "fitImage" + +#********************************************************* +# Kernel FIT Image +#********************************************************* + +# Decides whether to generate the keys for signing fitImage if they don’t already exist +FIT_GENERATE_KEYS = "1" +# Specifies the hash algorithm used in creating the FIT Image +FIT_HASH_ALG = "sha256" +# Specifies the signature algorithm used in creating the FIT Image +FIT_SIGN_ALG = "rsa4096" +# Size of private key in number of bits used in fitImage +FIT_SIGN_NUMBITS = "4096" +# sign the kernel, dtb and ramdisk images individually in addition to signing the fitImage itself +FIT_SIGN_INDIVIDUAL = "1" + +IMAGE_BOOT_FILES = " \ + MLO \ + u-boot.${UBOOT_SUFFIX} \ + uEnv.txt \ + fitImage \ + devicetree/am335x-pengwyn.dtb \ + " + +########################################################## +# +# Misc +# +########################################################## + +# Use systemd +DISTRO_FEATURES = "acl argp systemd usbhost ipv4 largefile usbgadget pam vfat xattr ldconfig security" + +VIRTUAL-RUNTIME_init_manager = "systemd" +VIRTUAL-RUNTIME_login_manager = "shadow-base" +VIRTUAL-RUNTIME_syslog = "rsyslog" +VIRTUAL-RUNTIME_initscripts = "systemd-compat-units" +DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit" + +IMAGE_FEATURES += " package-management ssh-server-openssh read-only-rootfs" + +# set /var/log persistent +VOLATILE_LOG_DIR = "no" + +# Use extrausers +INHERIT += "extrausers" +# mkpasswd -m sha-512 root -s sclecyber +EXTRA_USERS_PARAMS += "usermod -p '\$6\$sclecyber\$n9LKVtEnhPIDEbFdRFVPWbuRoYabzprcF0W2XuR4Tg/au6xrII8/4qBDc8vPn0z7qthIL.UMp4TlZWi9uOsFQ.' root;" + +RM_WORK_EXCLUDE += "cyber-secureboot-image" diff --git a/conf/distro/cyber-SB-fitimage.conf b/conf/distro/cyber-SB-fitimage.conf new file mode 100644 index 0000000..55c53c4 --- /dev/null +++ b/conf/distro/cyber-SB-fitimage.conf @@ -0,0 +1,77 @@ +#@TYPE: Distribution +#@NAME: Cyber-secureboot +#@DESCRIPTION: Distribution configuration for SecureBoot Proof of Concept + +DISTRO_VERSION = "1.0.0" +DISTRO_NAME = "SCLE Cyber SecureBoot Distro - FitImage Kernel" + +SDK_VENDOR = "-cyber" +SDK_VERSION = "${DISTRO_VERSION}" +MAINTENER = "vincent.benoit@scle.fr" + +# Image Rootfs type and size +WKS_FILE = "pengwyn-yocto.wks.in" + +# Define a multiplier that the build system applies +IMAGE_OVERHEAD_FACTOR = "3" +# 3 Go +#IMAGE_ROOTFS_EXTRA_SPACE = "3145728" + +# mask systemd-serialgetty parsed attribute SERIAL_CONSOLES +#SERIAL_CONSOLES = "" + +########################################################## +# +# Bootloader & SPL +# +########################################################## + +## The file type for the Secondary Program Loader (SPL) +SPL_BINARY = "MLO" + +########################################################## +# +# Linux +# +########################################################## + +KERNEL_CLASSES ?= " kernel-fitimage " +KERNEL_IMAGETYPE = "fitImage" + +IMAGE_BOOT_FILES = " \ + MLO \ + u-boot.${UBOOT_SUFFIX} \ + uEnv.txt \ + fitImage \ + devicetree/am335x-pengwyn.dtb \ + " + +########################################################## +# +# Misc +# +########################################################## + +# Preferred providers for Packages +PREFERRED_RPROVIDER_libdevmapper-native = "libdevmapper-native" + +# Use systemd +DISTRO_FEATURES = "acl argp systemd usbhost ipv4 largefile usbgadget pam vfat xattr ldconfig tpm tpm2 security" + +VIRTUAL-RUNTIME_init_manager = "systemd" +VIRTUAL-RUNTIME_login_manager = "shadow-base" +VIRTUAL-RUNTIME_syslog = "rsyslog" +VIRTUAL-RUNTIME_initscripts = "systemd-compat-units" +DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit" + +IMAGE_FEATURES += " package-management ssh-server-openssh read-only-rootfs" + +# set /var/log persistent +VOLATILE_LOG_DIR = "no" + +# Use extrausers +INHERIT += "extrausers" +# mkpasswd -m sha-512 root -s sclecyber +EXTRA_USERS_PARAMS += "usermod -p '\$6\$sclecyber\$n9LKVtEnhPIDEbFdRFVPWbuRoYabzprcF0W2XuR4Tg/au6xrII8/4qBDc8vPn0z7qthIL.UMp4TlZWi9uOsFQ.' root;" + +RM_WORK_EXCLUDE += "dm-verity-image-initramfs cyber-secureboot-image" diff --git a/conf/distro/cyber-SB-verity.conf b/conf/distro/cyber-SB-verity.conf new file mode 100644 index 0000000..dd625f4 --- /dev/null +++ b/conf/distro/cyber-SB-verity.conf @@ -0,0 +1,96 @@ +#@TYPE: Distribution +#@NAME: Cyber-secureboot +#@DESCRIPTION: Distribution configuration for SecureBoot Proof of Concept + +DISTRO_VERSION = "1.0.0" +DISTRO_NAME = "SCLE Cyber SecureBoot Distro - Device Mapper Verity" + +SDK_VENDOR = "-cyber" +SDK_VERSION = "${DISTRO_VERSION}" +MAINTENER = "vincent.benoit@scle.fr" + +# Image Rootfs type and size +WKS_FILE = "pengwyn-yocto-verity.wks.in" + +# Define a multiplier that the build system applies +IMAGE_OVERHEAD_FACTOR = "3" +# 3 Go +#IMAGE_ROOTFS_EXTRA_SPACE = "3145728" + +# mask systemd-serialgetty parsed attribute SERIAL_CONSOLES +#SERIAL_CONSOLES = "" + +########################################################## +# +# Bootloader & SPL +# +########################################################## + +## The file type for the Secondary Program Loader (SPL) +SPL_BINARY = "MLO" +UBOOT_ENTRYPOINT = "0x81300000" +UBOOT_LOADADDRESS = "0x81300000" + +########################################################## +# +# Linux +# +########################################################## + +KERNEL_IMAGETYPE = "uImage" + +IMAGE_BOOT_FILES = " \ + MLO \ + u-boot.${UBOOT_SUFFIX} \ + uEnv.txt \ + uImage-initramfs-pengwyn.bin \ + devicetree/am335x-pengwyn.dtb \ + " + +########################################################## +# +# Device Mapper - Verity +# +########################################################## + +SCLE_DM_VERITY = "1" +IMAGE_CLASSES += " dm-verity-img" +DM_VERITY_IMAGE = "cyber-secureboot-image" +DM_VERITY_IMAGE_TYPE = "ext4" +#DM_VERITY_IMAGE_DATA_BLOCK_SIZE = "4096" + +INITRAMFS_IMAGE = "dm-verity-image-initramfs" +INITRAMFS_FSTYPES = "cpio.gz" +INITRAMFS_IMAGE_BUNDLE = "1" + +SDIMG_ROOTFS_TYPE = "ext4.verity" + +########################################################## +# +# Misc +# +########################################################## + +# Preferred providers for Packages +PREFERRED_RPROVIDER_libdevmapper-native = "libdevmapper-native" + +# Use systemd +DISTRO_FEATURES = "acl argp systemd usbhost ipv4 largefile usbgadget pam vfat xattr ldconfig tpm tpm2 security" + +VIRTUAL-RUNTIME_init_manager = "systemd" +VIRTUAL-RUNTIME_login_manager = "shadow-base" +VIRTUAL-RUNTIME_syslog = "rsyslog" +VIRTUAL-RUNTIME_initscripts = "systemd-compat-units" +DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit" + +IMAGE_FEATURES += " package-management ssh-server-openssh read-only-rootfs" + +# set /var/log persistent +VOLATILE_LOG_DIR = "no" + +# Use extrausers +INHERIT += "extrausers" +# mkpasswd -m sha-512 root -s sclecyber +EXTRA_USERS_PARAMS += "usermod -p '\$6\$sclecyber\$n9LKVtEnhPIDEbFdRFVPWbuRoYabzprcF0W2XuR4Tg/au6xrII8/4qBDc8vPn0z7qthIL.UMp4TlZWi9uOsFQ.' root;" + +RM_WORK_EXCLUDE += "dm-verity-image-initramfs cyber-secureboot-image" diff --git a/conf/distro/cyber-secureboot.conf b/conf/distro/cyber-secureboot.conf new file mode 100644 index 0000000..d5ebbd6 --- /dev/null +++ b/conf/distro/cyber-secureboot.conf @@ -0,0 +1,68 @@ +#@TYPE: Distribution +#@NAME: Cyber-secureboot +#@DESCRIPTION: Distribution configuration for SecureBoot Proof of Concept + +DISTRO_VERSION = "1.0.0" +DISTRO_NAME = "SCLE Cyber SecureBoot Distro - Stock" + +SDK_VENDOR = "-cyber" +SDK_VERSION = "${DISTRO_VERSION}" +MAINTENER = "vincent.benoit@scle.fr" + +# Image Rootfs type and size +WKS_FILE = "pengwyn-yocto.wks.in" + +# Define a multiplier that the build system applies +IMAGE_OVERHEAD_FACTOR = "3" +# 3 Go +#IMAGE_ROOTFS_EXTRA_SPACE = "3145728" + +# mask systemd-serialgetty parsed attribute SERIAL_CONSOLES +#SERIAL_CONSOLES = "" + +########################################################## +# +# Bootloader & SPL +# +########################################################## + +## The file type for the Secondary Program Loader (SPL) +SPL_BINARY = "MLO" + +########################################################## +# +# Linux +# +########################################################## + +KERNEL_IMAGETYPE = "uImage" + +########################################################## +# +# Misc +# +########################################################## + +# Preferred providers for Packages +PREFERRED_RPROVIDER_libdevmapper-native = "libdevmapper-native" + +# Use systemd +DISTRO_FEATURES = "acl argp systemd usbhost ipv4 largefile usbgadget pam vfat xattr ldconfig tpm tpm2 security" + +VIRTUAL-RUNTIME_init_manager = "systemd" +VIRTUAL-RUNTIME_login_manager = "shadow-base" +VIRTUAL-RUNTIME_syslog = "rsyslog" +VIRTUAL-RUNTIME_initscripts = "systemd-compat-units" +DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit" + +IMAGE_FEATURES += " package-management ssh-server-openssh read-only-rootfs" + +# set /var/log persistent +VOLATILE_LOG_DIR = "no" + +# Use extrausers +INHERIT += "extrausers" +# mkpasswd -m sha-512 root -s sclecyber +EXTRA_USERS_PARAMS += "usermod -p '\$6\$sclecyber\$n9LKVtEnhPIDEbFdRFVPWbuRoYabzprcF0W2XuR4Tg/au6xrII8/4qBDc8vPn0z7qthIL.UMp4TlZWi9uOsFQ.' root;" + +RM_WORK_EXCLUDE += "dm-verity-image-initramfs cyber-secureboot-image" diff --git a/conf/layer.conf b/conf/layer.conf new file mode 100644 index 0000000..a956809 --- /dev/null +++ b/conf/layer.conf @@ -0,0 +1,14 @@ +# We have a conf and classes directory, add to BBPATH +BBPATH := "${BBPATH}:${LAYERDIR}" + +# We have a packages directory, add to BBFILES +BBFILES += "${LAYERDIR}/recipes-*/*/*.bb" +BBFILES += " ${LAYERDIR}/recipes-*/*/*.bbappend" + +BBFILE_COLLECTIONS += "cyber-secureboot" +BBFILE_PATTERN_cyber-secureboot := "^${LAYERDIR}/" +BBFILE_PRIORITY_cyber-secureboot = "11" + +#LAYERDEPENDS_cyber-secureboot = "security" + +LAYERSERIES_COMPAT_cyber-secureboot = "kirkstone" diff --git a/conf/template/bblayers.conf.sample b/conf/template/bblayers.conf.sample new file mode 100644 index 0000000..20d2a2f --- /dev/null +++ b/conf/template/bblayers.conf.sample @@ -0,0 +1,25 @@ +# POKY_BBLAYERS_CONF_VERSION is increased each time build/conf/bblayers.conf +# changes incompatibly +POKY_BBLAYERS_CONF_VERSION = "2" + +BBPATH = "${TOPDIR}" +BSPPATH = "${TOPDIR}/.." +BBFILES ?= "" + +BBLAYERS ?= " \ + ${BSPPATH}/meta-pengwyn \ + ${BSPPATH}/poky/meta \ + ${BSPPATH}/poky/meta-poky \ + ${BSPPATH}/poky/meta-yocto-bsp \ + ${BSPPATH}/meta-openembedded/meta-oe \ + ${BSPPATH}/meta-openembedded/meta-python \ + ${BSPPATH}/meta-openembedded/meta-networking \ + ${BSPPATH}/meta-openembedded/meta-filesystems \ + ${BSPPATH}/meta-openembedded/meta-perl \ + ${BSPPATH}/meta-arm/meta-arm-toolchain \ + ${BSPPATH}/meta-arm/meta-arm \ + ${BSPPATH}/meta-ti/meta-ti-bsp \ + ${BSPPATH}/meta-security \ + ${BSPPATH}/meta-security/meta-tpm \ + ${BSPPATH}/meta-cyber-secureboot \ + " diff --git a/recipes-core/base-files/base-files_%.bbappend b/recipes-core/base-files/base-files_%.bbappend new file mode 100644 index 0000000..4756ee1 --- /dev/null +++ b/recipes-core/base-files/base-files_%.bbappend @@ -0,0 +1,21 @@ +# Copyright (C) 2023 Vincent BENOIT +# Release under the MIT license (see COPYING.MIT for the terms) +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +SRC_URI += "file://hostname \ + file://hosts \ + file://locale.conf \ + file://fstab \ + file://vconsole.conf" + +FILES:{PN} += "${sysconfdir}/locale.conf \ + ${sysconfdir}/vconsole.conf" + +do_install:append() { + install -m 0644 ${WORKDIR}/hostname ${D}${sysconfdir} + install -m 0644 ${WORKDIR}/hosts ${D}${sysconfdir} + install -m 0644 ${WORKDIR}/fstab ${D}${sysconfdir} + install -m 0644 ${WORKDIR}/locale.conf ${D}${sysconfdir} + install -m 0644 ${WORKDIR}/vconsole.conf ${D}${sysconfdir} + install -d ${D}/data +} diff --git a/recipes-core/base-files/files/fstab b/recipes-core/base-files/files/fstab new file mode 100644 index 0000000..dedc1f8 --- /dev/null +++ b/recipes-core/base-files/files/fstab @@ -0,0 +1,9 @@ +# stock fstab - you probably want to override this with a machine specific one + +#/dev/root / auto defaults 1 1 +/dev/mmcblk0p1 /boot vfat defaults,flush 0 2 +/dev/mmcblk0p2 / ext4 defaults,noatime 0 1 +proc /proc proc defaults 0 0 +devpts /dev/pts devpts mode=0620,ptmxmode=0666,gid=5 0 0 +tmpfs /run tmpfs mode=0755,nodev,nosuid,strictatime 0 0 +tmpfs /var/volatile tmpfs defaults 0 0 diff --git a/recipes-core/base-files/files/hostname b/recipes-core/base-files/files/hostname new file mode 100644 index 0000000..e678950 --- /dev/null +++ b/recipes-core/base-files/files/hostname @@ -0,0 +1 @@ +pengwyn diff --git a/recipes-core/base-files/files/hosts b/recipes-core/base-files/files/hosts new file mode 100644 index 0000000..e5dceb5 --- /dev/null +++ b/recipes-core/base-files/files/hosts @@ -0,0 +1,6 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + +127.0.1.1 pengwyn diff --git a/recipes-core/base-files/files/locale.conf b/recipes-core/base-files/files/locale.conf new file mode 100644 index 0000000..f81fdfc --- /dev/null +++ b/recipes-core/base-files/files/locale.conf @@ -0,0 +1 @@ +LANG=fr_FR.UTF8 diff --git a/recipes-core/base-files/files/vconsole.conf b/recipes-core/base-files/files/vconsole.conf new file mode 100644 index 0000000..27eaebb --- /dev/null +++ b/recipes-core/base-files/files/vconsole.conf @@ -0,0 +1 @@ +KEYMAP=fr-latin9 diff --git a/recipes-core/images/core-image-minimal-initramfs.bbappend b/recipes-core/images/core-image-minimal-initramfs.bbappend new file mode 100644 index 0000000..80de457 --- /dev/null +++ b/recipes-core/images/core-image-minimal-initramfs.bbappend @@ -0,0 +1,29 @@ +# Simple initramfs image. + +INITRAMFS_SCRIPTS = "\ + initramfs-framework-base \ + initramfs-module-debug \ + initramfs-module-cryptfs \ + initramfs-module-cryptfs-tpm2 \ + " + +PACKAGE_INSTALL = "\ + ${INITRAMFS_SCRIPTS} \ + ${VIRTUAL-RUNTIME_base-utils} \ + udev \ + base-passwd \ + base-files \ + bash \ + busybox \ + ${ROOTFS_BOOTSTRAP_INSTALL} \ + " + +# Do not pollute the initrd image with rootfs features +IMAGE_FEATURES = "" + +IMAGE_NAME_SUFFIX ?= "" + +IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}" + +# Use the same restriction as initramfs-module-install +COMPATIBLE_HOST = '(arm|arm-oe-linux-gnueabi).*-linux' diff --git a/recipes-core/images/cyber-secureboot-crypt-image.bb b/recipes-core/images/cyber-secureboot-crypt-image.bb new file mode 100644 index 0000000..b775f77 --- /dev/null +++ b/recipes-core/images/cyber-secureboot-crypt-image.bb @@ -0,0 +1,25 @@ +# Copyright (C) 2023 Vincent BENOIT +# Release under the MIT license (see COPYING.MIT for the terms) +SUMMARY = "Cyber SecureBoot Image" +include cyber-secureboot-image.inc + +WKS_FILE = "pengwyn-yocto-crypt.wks.in" +#DM_VERITY_IMAGE = "cyber-secureboot-crypt-image" +# + +IMAGE_INSTALL:remove = " \ + kernel-module-libdes \ + kernel-module-libsha256 \ + kernel-module-md5 \ + kernel-module-tpm \ + kernel-module-tpm-tis-spi \ + kernel-module-tpm-tis-core \ + " + +IMAGE_INSTALL:append = " \ + cyber-cryptfs \ + e2fsprogs-resize2fs \ + ecryptfs-utils \ + glibc-utils \ + trousers \ + " diff --git a/recipes-core/images/cyber-secureboot-image.bb b/recipes-core/images/cyber-secureboot-image.bb new file mode 100644 index 0000000..1e840e5 --- /dev/null +++ b/recipes-core/images/cyber-secureboot-image.bb @@ -0,0 +1,4 @@ +# Copyright (C) 2023 Vincent BENOIT +# Release under the MIT license (see COPYING.MIT for the terms) +SUMMARY = "Cyber SecureBoot Image" +include cyber-secureboot-image.inc diff --git a/recipes-core/images/cyber-secureboot-image.inc b/recipes-core/images/cyber-secureboot-image.inc new file mode 100644 index 0000000..ad722b8 --- /dev/null +++ b/recipes-core/images/cyber-secureboot-image.inc @@ -0,0 +1,75 @@ +SUMMARY = "Cyber SecureBoot Image" +PV = "1.0.0" + +inherit core-image + +EXTRA_IMAGE_FEATURES = "" +GLIBC_GENERATE_LOCALES = "en_US.UTF-8 fr_FR.UTF-8" +IMAGE_LINGUAS = "fr-fr" + +PROCESS_INSTALL = " \ + cyber-users \ + " + +KERN_MODULES_INSTALL = " \ + kernel-module-sha1-arm \ + kernel-module-sha256-arm \ + kernel-module-sha512-arm \ + kernel-module-md5 \ + kernel-module-omap-crypto \ + kernel-module-omap-aes-driver \ + kernel-module-omap-des \ + kernel-module-libsha256 \ + kernel-module-libdes \ + kernel-module-ip-tables \ + kernel-module-iptable-nat \ + kernel-module-iptable-filter \ + kernel-module-usb-storage \ + kernel-module-usbhid \ + kernel-module-usbnet \ + kernel-module-usbcore \ + kernel-module-usb-common \ + kernel-module-usbserial \ + kernel-module-musb-am335x \ + kernel-module-musb-hdrc \ + kernel-module-musb-dsps \ + kernel-module-spidev \ + kernel-module-tpm-tis-spi \ + kernel-module-tpm-tis-core \ + kernel-module-tpm \ + kernel-module-ti-am335x-adc \ + kernel-module-ti-am335x-tsc \ + kernel-module-ti-am335x-tscadc \ + kernel-module-rtc-omap \ + kernel-module-rtc-tps6586x \ + kernel-module-rtc-tps65910 \ + kernel-module-phy-am335x \ + kernel-module-phy-am335x-control \ + " + +PYTHON_INSTALL = " \ + " + +IMAGE_INSTALL += " \ + attr \ + sudo \ + logrotate \ + rsyslog \ + iptables \ + procps \ + kbd-keymaps \ + vim \ + i2c-tools \ + ethtool \ + spidev-test \ + eltt2 \ + cryptsetup \ + clevis \ + ldd \ + e2fsprogs \ + e2fsprogs-mke2fs \ + util-linux \ + packagegroup-security-tpm2 \ + ${KERN_MODULES_INSTALL} \ + ${PROCESS_INSTALL} \ + " diff --git a/recipes-core/images/dm-verity-image-initramfs.bbappend b/recipes-core/images/dm-verity-image-initramfs.bbappend new file mode 100644 index 0000000..4e2cfd2 --- /dev/null +++ b/recipes-core/images/dm-verity-image-initramfs.bbappend @@ -0,0 +1,6 @@ +# Copyright (C) 2023 Vincent BENOIT +# Release under the MIT license (see COPYING.MIT for the terms) + +PACKAGE_INSTALL += " \ + initramfs-module-debug \ + " diff --git a/recipes-core/initrdscripts/files/cryptfs b/recipes-core/initrdscripts/files/cryptfs new file mode 100644 index 0000000..08c96e9 --- /dev/null +++ b/recipes-core/initrdscripts/files/cryptfs @@ -0,0 +1,159 @@ +#!/bin/sh +# Copyright (C) 2022 Fondries.IO +# SPDX-License-Identifier: MIT +# +# Encrypt (reencrypt) root device with LUKS2 + +fatal() { + echo "$1" + exit 1 +} + +msg() { + echo "$1" +} + +cryptfs_enabled() { + return 0 +} + +fd_check() { + if [ ! -d "/dev/fd" ]; then + `/bin/ln -s /proc/self/fd /dev/fd` + fi +} + +e2fsck_check() { + fsckret=0 + if [ -n "`which e2fsck`" ]; then + fsckout=`e2fsck -p -v ${1}` + fsckret=$? + # Avoid empty newline after summary + echo "e2fsck: ${fsckout}" >/dev/kmsg + # Return code >= 4 means uncorrected / operational error + ## TODO: force boot into a recovery mode or similar, as there is really not + ## much we can do in case the fs is corrupted in a bad way + if [ "${fsckret}" -ge "4" ]; then + echo "e2fsck: WARNING: file system errors left uncorrected: ret ${fsckret}" >/dev/kmsg + fi + fi + return "${fsckret}" +} + +cryptfs_gen_passphrase() { + # Static as at this point we just need a key for encrypting and later enrolling a new keyslot + mkdir -p /run/cryptsetup + echo -n "scle" > /run/cryptsetup/passphrase +} + +cryptfs_run() { + # Similar to rootfs, we need to wait for the device to become available + C=0 + delay=${bootparam_rootdelay:-1} + timeout=${bootparam_roottimeout:-5} + #while true; do + # if [ $(( $C * $delay )) -gt $timeout ]; then + # fatal "root '$bootparam_root' doesn't exist or does not contain a /dev." + # fi + + # if [ -n "$bootparam_root" ]; then + # root_dev="$bootparam_root" + # if [ "`echo ${bootparam_root} | cut -c1-5`" = "UUID=" ]; then + # root_uuid=`echo $bootparam_root | cut -c6-` + # root_dev=`readlink -f /dev/disk/by-uuid/$root_uuid` + # elif [ "`echo ${bootparam_root} | cut -c1-9`" = "PARTUUID=" ]; then + # root_partuuid=`echo $bootparam_root | cut -c10-` + # root_dev=`readlink -f /dev/disk/by-partuuid/$root_partuuid` + # elif [ "`echo ${bootparam_root} | cut -c1-10`" = "PARTLABEL=" ]; then + # root_partlabel=`echo $bootparam_root | cut -c11-` + # root_dev=`readlink -f /dev/disk/by-partlabel/$root_partlabel` + # elif [ "`echo ${bootparam_root} | cut -c1-6`" = "LABEL=" ]; then + # root_label=`echo $bootparam_root | cut -c7-` + # root_dev=`readlink -f /dev/disk/by-label/$root_label` + # fi + + # [ -e "$root_dev" ] && break + # fi + # debug "Sleeping for $delay second(s) to wait root to settle..." + # sleep $delay + # C=$(( $C + 1 )) + #done + + flags="" + root_dev="/dev/mmcblk0p3" + mounted_dir="/data" + key_slot=8 + + # Identify desired token format (e.g. pkcs11, tpm2, etc) and import required functions + if [ ! -d /etc/cryptfs ]; then + fatal "No initramfs cryptfs module found" + fi + luks_token=`ls /etc/cryptfs | head -n1` + if [ -z "${luks_token}" ]; then + fatal "No valid initramfs cryptfs module found" + fi + + if [ ! -d "${mounted_dir}" ]; then + /bin/mkdir -p "${mounted_dir}" + fi + + fd_check + + . /etc/cryptfs/${luks_token} + + cryptfs_check_${luks_token} + + cryptfs_gen_passphrase + + if ! cryptsetup isLuks ${root_dev}; then + # Partition not yet encrypted + msg "${root_dev} not yet encrypted, encrypting with LUKS2" + e2fsck_check ${root_dev} + block_size=`dumpe2fs -h ${root_dev} 2>/dev/null | grep "^Block size" | cut -d ':' -f 2 | tr -d ' '` + block_count=`dumpe2fs -h ${root_dev} 2>/dev/null | grep "^Block count" | cut -d ':' -f 2 | tr -d ' '` + luks_size=33554432 # 32M + new_block_count=$(($block_count - $luks_size / $block_size)) + resize2fs -p ${root_dev} ${new_block_count} + if [ $? -ne 0 ]; then + fatal "Failed to resize ${root_dev} to allow extra size required for luks support" + fi + + cat /run/cryptsetup/passphrase | cryptsetup -v luksFormat --type luks2 --key-slot ${key_slot} --disable-locks --reduce-device-size 32m ${root_dev} + + # Align label and UUID if used as boot parameter (not safe, better use the proper device path instead) + if [ -n "$root_label" ]; then + cryptsetup config --label ${root_label} ${root_dev} + fi + if [ -n "$root_uuid" ]; then + yes | cryptsetup luksUUID --uuid ${root_uuid} ${root_dev} + fi + fi + + luks_name="`basename ${root_dev}`_crypt" + + # Check if online encryption is still in progress + if cryptsetup luksDump ${root_dev} | grep -q "online-reencrypt"; then + # Run recovery process + cat /run/cryptsetup/passphrase | cryptsetup luksOpen ${root_dev} ${luks_name} + e2fsck_check /dev/mapper/${luks_name} + cat /run/cryptsetup/passphrase | cryptsetup -v reencrypt --resume-only ${root_dev} + cryptsetup close ${luks_name} + fi + + cryptfs_pre_${luks_token} + + if ! cryptsetup luksDump ${root_dev} | grep -q "clevis"; then + msg "Enrolling LUKS2 keyslot based on ${luks_token} token" + cryptfs_enroll_${luks_token} ${root_dev} ${key_slot} + fi + + cryptfs_post_${luks_token} ${root_dev} ${luks_name} + + e2fsck_check /dev/mapper/${luks_name} + if [ $? -gt "0" ]; then + /sbin/mkfs.ext4 -q -j /dev/mapper/${luks_name} + fi + + mount ${flags} /dev/mapper/${luks_name} "$ROOTFS_DIR/data" || + (cryptsetup luksClose ${luks_name} && fatal "Failed to mount LUKS ${luks_name}") +} diff --git a/recipes-core/initrdscripts/files/cryptfs_tpm2 b/recipes-core/initrdscripts/files/cryptfs_tpm2 new file mode 100644 index 0000000..b6e7848 --- /dev/null +++ b/recipes-core/initrdscripts/files/cryptfs_tpm2 @@ -0,0 +1,22 @@ +# Copyright (C) 2022 Fondries.IO +# SPDX-License-Identifier: MIT + +cryptfs_check_tpm2() { + if [ ! -e /sys/class/tpm ]; then + fatal "Linux TPM subsystem not found" + fi +} + +cryptfs_pre_tpm2() { + : +} + +cryptfs_post_tpm2() { + clevis-luks-unlock -d "$1" -n "$2" +} + +cryptfs_enroll_tpm2() { + #cat /run/cryptsetup/passphrase | clevis-luks-bind -y -d "$1" -k - tpm2 '{"pcr_bank":"sha256","pcr_ids":"10"}' + cat /run/cryptsetup/passphrase | clevis-luks-bind -y -d "$1" -k - tpm2 '{}' + cat /run/cryptsetup/passphrase | cryptsetup luksRemoveKey -v "$1" +} diff --git a/recipes-core/initrdscripts/files/dmverity b/recipes-core/initrdscripts/files/dmverity new file mode 100644 index 0000000..e252541 --- /dev/null +++ b/recipes-core/initrdscripts/files/dmverity @@ -0,0 +1,69 @@ +#!/bin/sh + +dmverity_enabled() { + return 0 +} + +dmverity_run() { + DATA_SIZE="__not_set__" + DATA_BLOCK_SIZE="__not_set__" + ROOT_HASH="__not_set__" + + . /usr/share/misc/dm-verity.env + + C=0 + delay=${bootparam_rootdelay:-1} + timeout=${bootparam_roottimeout:-5} + RDEV="$(realpath /dev/disk/by-partuuid/${bootparam_root#PARTUUID=})" + while [ ! -b "${RDEV}" ]; do + if [ $(( $C * $delay )) -gt $timeout ]; then + fatal "Root device resolution failed" + exit 1 + fi + + case "${bootparam_root}" in + ID=*) + RDEV="$(realpath /dev/disk/by-id/${bootparam_root#ID=})" + ;; + LABEL=*) + RDEV="$(realpath /dev/disk/by-label/${bootparam_root#LABEL=})" + ;; + PARTLABEL=*) + RDEV="$(realpath /dev/disk/by-partlabel/${bootparam_root#PARTLABEL=})" + ;; + PARTUUID=*) + RDEV="$(realpath /dev/disk/by-partuuid/${bootparam_root#PARTUUID=})" + ;; + PATH=*) + RDEV="$(realpath /dev/disk/by-path/${bootparam_root#PATH=})" + ;; + UUID=*) + RDEV="$(realpath /dev/disk/by-uuid/${bootparam_root#UUID=})" + ;; + *) + RDEV="${bootparam_root}" + esac + debug "Sleeping for $delay second(s) to wait root to settle..." + sleep $delay + C=$(( $C + 1 )) + + done + + veritysetup \ + --restart-on-corruption --ignore-zero-blocks \ + --data-block-size=${DATA_BLOCK_SIZE} \ + --hash-offset=${DATA_SIZE} \ + create rootfs \ + ${RDEV} \ + ${RDEV} \ + ${ROOT_HASH} + + if [ $? -ne 0 ]; then + exit 1 + fi + + mount \ + -o ro \ + /dev/mapper/rootfs \ + ${ROOTFS_DIR} || exit 2 +} diff --git a/recipes-core/initrdscripts/files/rootfs b/recipes-core/initrdscripts/files/rootfs new file mode 100644 index 0000000..5e54a72 --- /dev/null +++ b/recipes-core/initrdscripts/files/rootfs @@ -0,0 +1,82 @@ +#!/bin/sh +# Copyright (C) 2011 O.S. Systems Software LTDA. +# Licensed on MIT + +rootfs_enabled() { + return 0 +} + +e2fsck_check() { + if [ -n "`which e2fsck`" ]; then + fsckout=`e2fsck -p -v ${1}` + fsckret=$? + # Avoid empty newline after summary + echo "e2fsck: ${fsckout}" >/dev/kmsg + # Return code >= 4 means uncorrected / operational error + ## TODO: force boot into a recovery mode or similar, as there is really not + ## much we can do in case the fs is corrupted in a bad way + if [ "${fsckret}" -ge "4" ]; then + echo "e2fsck: WARNING: file system errors left uncorrected: ret ${fsckret}" >/dev/kmsg + fi + fi +} + +rootfs_run() { + if [ -z "$ROOTFS_DIR" ]; then + return + fi + C=0 + delay=${bootparam_rootdelay:-1} + timeout=${bootparam_roottimeout:-5} + while ! mountpoint -q $ROOTFS_DIR; do + if [ $(( $C * $delay )) -gt $timeout ]; then + fatal "root '$bootparam_root' doesn't exist or does not contain a /dev." + fi + + if [ -n "$bootparam_root" ]; then + debug "No e2fs compatible filesystem has been mounted, mounting $bootparam_root..." + + if [ "`echo ${bootparam_root} | cut -c1-5`" = "UUID=" ]; then + root_uuid=`echo $bootparam_root | cut -c6-` + bootparam_root="/dev/disk/by-uuid/$root_uuid" + elif [ "`echo ${bootparam_root} | cut -c1-9`" = "PARTUUID=" ]; then + root_partuuid=`echo $bootparam_root | cut -c10-` + bootparam_root="/dev/disk/by-partuuid/$root_partuuid" + elif [ "`echo ${bootparam_root} | cut -c1-10`" = "PARTLABEL=" ]; then + root_partlabel=`echo $bootparam_root | cut -c11-` + bootparam_root="/dev/disk/by-partlabel/$root_partlabel" + elif [ "`echo ${bootparam_root} | cut -c1-6`" = "LABEL=" ]; then + root_label=`echo $bootparam_root | cut -c7-` + bootparam_root="/dev/disk/by-label/$root_label" + fi + + if [ -e "$bootparam_root" ]; then + e2fsck_check ${bootparam_root} + flags="" + if [ -n "$bootparam_ro" ] && ! echo "$bootparam_rootflags" | grep -w -q "ro"; then + if [ -n "$bootparam_rootflags" ]; then + bootparam_rootflags="$bootparam_rootflags," + fi + bootparam_rootflags="${bootparam_rootflags}ro" + fi + if [ -n "$bootparam_rootflags" ]; then + flags="$flags -o$bootparam_rootflags" + fi + if [ -n "$bootparam_rootfstype" ]; then + flags="$flags -t$bootparam_rootfstype" + fi + mount $flags $bootparam_root $ROOTFS_DIR + if mountpoint -q $ROOTFS_DIR; then + break + else + # It is unlikely to change, but keep trying anyway. + # Perhaps we pick a different device next time. + umount $ROOTFS_DIR + fi + fi + fi + debug "Sleeping for $delay second(s) to wait root to settle..." + sleep $delay + C=$(( $C + 1 )) + done +} diff --git a/recipes-core/initrdscripts/initramfs-framework_%.bbappend b/recipes-core/initrdscripts/initramfs-framework_%.bbappend new file mode 100644 index 0000000..d005d2d --- /dev/null +++ b/recipes-core/initrdscripts/initramfs-framework_%.bbappend @@ -0,0 +1,58 @@ +# Copyright (C) 2023 Vincent BENOIT +# Release under the MIT license (see COPYING.MIT for the terms) +SUMMARY = "Simple init script that uses devmapper to mount the rootfs in read-only mode protected by dm-verity" +LICENSE = "CLOSED" +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +SRC_URI:append = " \ + file://dmverity \ + file://cryptfs \ + file://cryptfs_tpm2 \ + " + +PACKAGES:append = " \ + initramfs-module-verity \ + initramfs-module-cryptfs \ + initramfs-module-cryptfs-tpm2 \ + " + +do_install:append() { + # dm-verity + install ${WORKDIR}/dmverity ${D}/init.d/80-dmverity + # cryptfs + install -d ${D}/${sysconfdir}/cryptfs + install -m 0644 ${WORKDIR}/cryptfs_tpm2 ${D}/${sysconfdir}/cryptfs/tpm2 + install -m 0755 ${WORKDIR}/cryptfs ${D}/init.d/95-cryptfs +} + +SUMMARY:initramfs-module-verity = "initramfs support for dm-verity filesystems" +RDEPENDS:initramfs-module-verity = " \ + " + +FILES:initramfs-module-verity = " \ + /init.d/80-dmverity \ + " + +SUMMARY:initramfs-module-cryptfs = "initramfs support for encrypted filesystems" +RDEPENDS:initramfs-module-cryptfs = " \ + e2fsprogs-resize2fs \ + e2fsprogs-e2fsck \ + e2fsprogs \ + e2fsprogs-mke2fs \ + cryptsetup \ + clevis \ + " + +FILES:initramfs-module-cryptfs = " \ + /init.d/95-cryptfs \ + " + +SUMMARY:initramfs-module-cryptfs-tpm2 = "encrypted filesystems with support for tpm 2.0" +RDEPENDS:initramfs-module-cryptfs-tpm2 = " \ + initramfs-module-cryptfs \ + ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'libtss2 libtss2-mu libtss2-tcti-device', '', d)} \ + tpm2-tools \ + " +FILES:initramfs-module-cryptfs-tpm2 = " \ + ${sysconfdir}/cryptfs/tpm2 \ + " diff --git a/recipes-core/systemd/systemd-boot_251.8.bb b/recipes-core/systemd/systemd-boot_251.8.bb new file mode 100644 index 0000000..b67706b --- /dev/null +++ b/recipes-core/systemd/systemd-boot_251.8.bb @@ -0,0 +1,73 @@ +require systemd.inc +FILESEXTRAPATHS =. "${FILE_DIRNAME}/systemd:" + +require conf/image-uefi.conf + +DEPENDS = "intltool-native libcap util-linux gnu-efi gperf-native python3-jinja2-native" + +inherit meson pkgconfig gettext +inherit deploy + +LDFLAGS:prepend = "${@ " ".join(d.getVar('LD').split()[1:])} " + +do_write_config[vardeps] += "CC OBJCOPY" +do_write_config:append() { + cat >${WORKDIR}/meson-${PN}.cross <${WORKDIR}/meson-${PN}.cross <.*)\]") + kv_re = re.compile(r"^\s*(?P[^\s]+)\s*=\s*(?P.*)") + section = None + + if path.is_symlink(): + try: + path.resolve() + except FileNotFoundError: + # broken symlink, try relative to root + path = root / Path(os.readlink(str(path))).relative_to(ROOT) + + with path.open() as f: + for line in f: + if skip_re.match(line): + continue + + line = line.strip() + m = section_re.match(line) + if m: + if m.group('section') not in self.sections: + section = dict() + self.sections[m.group('section')] = section + else: + section = self.sections[m.group('section')] + continue + + while line.endswith("\\"): + line += f.readline().rstrip("\n") + + m = kv_re.match(line) + k = m.group('key') + v = m.group('value') + if k not in section: + section[k] = list() + + # If we come across a "key=" line for a "clearable key", then + # forget all preceding assignments. This works because we are + # processing files in correct parse order. + if k in self._clearable_keys and not v: + del section[k] + continue + + section[k].extend(v.split()) + + def get(self, section, prop): + """Get a property from section + + Args: + section: Section to retrieve property from + prop: Property to retrieve + + Returns: + List representing all properties of type prop in section. + + Raises: + KeyError: if ``section`` or ``prop`` not found + """ + return self.sections[section][prop] + + +class Presets(): + """Class representing all systemd presets""" + def __init__(self, scope, root): + self.directives = list() + self._collect_presets(scope, root) + + def _parse_presets(self, presets): + """Parse presets out of a set of preset files""" + skip_re = re.compile(r"^\s*([#;]|$)") + directive_re = re.compile(r"^\s*(?Penable|disable)\s+(?P(.+))") + + Directive = namedtuple("Directive", "action unit_name") + for preset in presets: + with preset.open() as f: + for line in f: + m = directive_re.match(line) + if m: + directive = Directive(action=m.group('action'), + unit_name=m.group('unit_name')) + self.directives.append(directive) + elif skip_re.match(line): + pass + else: + sys.exit("Unparsed preset line in {}".format(preset)) + + def _collect_presets(self, scope, root): + """Collect list of preset files""" + presets = dict() + for location in locations: + paths = (root / location / scope).glob("*.preset") + for path in paths: + # earlier names override later ones + if path.name not in presets: + presets[path.name] = path + + self._parse_presets([v for k, v in sorted(presets.items())]) + + def state(self, unit_name): + """Return state of preset for unit_name + + Args: + presets: set of presets + unit_name: name of the unit + + Returns: + None: no matching preset + `enable`: unit_name is enabled + `disable`: unit_name is disabled + """ + for directive in self.directives: + if fnmatch.fnmatch(unit_name, directive.unit_name): + return directive.action + + return None + + +def add_link(path, target): + try: + path.parent.mkdir(parents=True) + except FileExistsError: + pass + if not path.is_symlink(): + print("ln -s {} {}".format(target, path)) + path.symlink_to(target) + + +class SystemdUnitNotFoundError(Exception): + def __init__(self, path, unit): + self.path = path + self.unit = unit + + +class SystemdUnit(): + def __init__(self, root, unit): + self.root = root + self.unit = unit + self.config = None + + def _path_for_unit(self, unit): + for location in locations: + path = self.root / location / "system" / unit + if path.exists() or path.is_symlink(): + return path + + raise SystemdUnitNotFoundError(self.root, unit) + + def _process_deps(self, config, service, location, prop, dirstem, instance): + systemdir = self.root / SYSCONFDIR / "systemd" / "system" + + target = ROOT / location.relative_to(self.root) + try: + for dependent in config.get('Install', prop): + # expand any %i to instance (ignoring escape sequence %%) + dependent = re.sub("([^%](%%)*)%i", "\\g<1>{}".format(instance), dependent) + wants = systemdir / "{}.{}".format(dependent, dirstem) / service + add_link(wants, target) + + except KeyError: + pass + + def enable(self, caller_unit=None): + # if we're enabling an instance, first extract the actual instance + # then figure out what the template unit is + template = re.match(r"[^@]+@(?P[^\.]*)\.", self.unit) + instance_unit_name = None + if template: + instance = template.group('instance') + if instance != "": + instance_unit_name = self.unit + unit = re.sub(r"@[^\.]*\.", "@.", self.unit, 1) + else: + instance = None + unit = self.unit + + path = self._path_for_unit(unit) + + if path.is_symlink(): + # ignore aliases + return + + config = SystemdFile(self.root, path, instance_unit_name) + if instance == "": + try: + default_instance = config.get('Install', 'DefaultInstance')[0] + except KeyError: + # no default instance, so nothing to enable + return + + service = self.unit.replace("@.", + "@{}.".format(default_instance)) + else: + service = self.unit + + self._process_deps(config, service, path, 'WantedBy', 'wants', instance) + self._process_deps(config, service, path, 'RequiredBy', 'requires', instance) + + try: + for also in config.get('Install', 'Also'): + try: + if caller_unit != also: + SystemdUnit(self.root, also).enable(unit) + except SystemdUnitNotFoundError as e: + sys.exit("Error: Systemctl also enable issue with %s (%s)" % (service, e.unit)) + + except KeyError: + pass + + systemdir = self.root / SYSCONFDIR / "systemd" / "system" + target = ROOT / path.relative_to(self.root) + try: + for dest in config.get('Install', 'Alias'): + alias = systemdir / dest + add_link(alias, target) + + except KeyError: + pass + + def mask(self): + systemdir = self.root / SYSCONFDIR / "systemd" / "system" + add_link(systemdir / self.unit, "/dev/null") + + +def collect_services(root): + """Collect list of service files""" + services = set() + for location in locations: + paths = (root / location / "system").glob("*") + for path in paths: + if path.is_dir(): + continue + services.add(path.name) + + return services + + +def preset_all(root): + presets = Presets('system-preset', root) + services = collect_services(root) + + for service in services: + state = presets.state(service) + + if state == "enable" or state is None: + try: + SystemdUnit(root, service).enable() + except SystemdUnitNotFoundError: + sys.exit("Error: Systemctl preset_all issue in %s" % service) + + # If we populate the systemd links we also create /etc/machine-id, which + # allows systemd to boot with the filesystem read-only before generating + # a real value and then committing it back. + # + # For the stateless configuration, where /etc is generated at runtime + # (for example on a tmpfs), this script shouldn't run at all and we + # allow systemd to completely populate /etc. + (root / SYSCONFDIR / "machine-id").touch() + + +def main(): + if sys.version_info < (3, 4, 0): + sys.exit("Python 3.4 or greater is required") + + parser = argparse.ArgumentParser() + parser.add_argument('command', nargs='?', choices=['enable', 'mask', + 'preset-all']) + parser.add_argument('service', nargs=argparse.REMAINDER) + parser.add_argument('--root') + parser.add_argument('--preset-mode', + choices=['full', 'enable-only', 'disable-only'], + default='full') + + args = parser.parse_args() + + root = Path(args.root) if args.root else ROOT + + locations.append(SYSCONFDIR / "systemd") + # Handle the usrmerge case by ignoring /lib when it's a symlink + if not (root / BASE_LIBDIR).is_symlink(): + locations.append(BASE_LIBDIR / "systemd") + locations.append(LIBDIR / "systemd") + + command = args.command + if not command: + parser.print_help() + return 0 + + if command == "mask": + for service in args.service: + try: + SystemdUnit(root, service).mask() + except SystemdUnitNotFoundError as e: + sys.exit("Error: Systemctl main mask issue in %s (%s)" % (service, e.unit)) + elif command == "enable": + for service in args.service: + try: + SystemdUnit(root, service).enable() + except SystemdUnitNotFoundError as e: + sys.exit("Error: Systemctl main enable issue in %s (%s)" % (service, e.unit)) + elif command == "preset-all": + if len(args.service) != 0: + sys.exit("Too many arguments.") + if args.preset_mode != "enable-only": + sys.exit("Only enable-only is supported as preset-mode.") + preset_all(root) + else: + raise RuntimeError() + + +if __name__ == '__main__': + main() diff --git a/recipes-core/systemd/systemd.inc b/recipes-core/systemd/systemd.inc new file mode 100644 index 0000000..14608f9 --- /dev/null +++ b/recipes-core/systemd/systemd.inc @@ -0,0 +1,24 @@ +SUMMARY = "A System and service manager" +HOMEPAGE = "http://www.freedesktop.org/wiki/Software/systemd" + +DESCRIPTION = "systemd is a system and service manager for Linux, compatible with \ +SysV and LSB init scripts. systemd provides aggressive parallelization \ +capabilities, uses socket and D-Bus activation for starting services, \ +offers on-demand starting of daemons, keeps track of processes using \ +Linux cgroups, supports snapshotting and restoring of the system \ +state, maintains mount and automount points and implements an \ +elaborate transactional dependency-based service control logic. It can \ +work as a drop-in replacement for sysvinit." + +LICENSE = "GPL-2.0-only & LGPL-2.1-only" +LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \ + file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c" + +SRCREV = "6c327d74aa0d350482e82a247d7018559699798d" +SRCBRANCH = "v253-stable" +SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=https;branch=${SRCBRANCH} \ + file://0026-src-boot-efi-efi-string.c-define-wchar_t-from-__WCHA.patch \ + file://0025-systemctl-explicitly-cast-the-constants-to-uint64_t.patch \ + " + +S = "${WORKDIR}/git" diff --git a/recipes-core/systemd/systemd/00-create-volatile.conf b/recipes-core/systemd/systemd/00-create-volatile.conf new file mode 100644 index 0000000..c427722 --- /dev/null +++ b/recipes-core/systemd/systemd/00-create-volatile.conf @@ -0,0 +1,8 @@ +#This goes hand-in-hand with the base-files of OE-Core. The file must +# be sorted before 'systemd.conf' becuase this attempts to create a file +# inside /var/log. + + +d /run/lock 1777 - - - +d /var/volatile/log - - - - +d /var/volatile/tmp 1777 - - diff --git a/recipes-core/systemd/systemd/00-hostnamed-network-user.conf b/recipes-core/systemd/systemd/00-hostnamed-network-user.conf new file mode 100644 index 0000000..6b224ba --- /dev/null +++ b/recipes-core/systemd/systemd/00-hostnamed-network-user.conf @@ -0,0 +1,6 @@ +[Service] +# By running with these options instead of root, networkd is allowed to request +# a hostname change via DBUS when policykit is not present +User=systemd-network +Group=systemd-hostname +AmbientCapabilities=CAP_SYS_ADMIN diff --git a/recipes-core/systemd/systemd/0001-Adjust-for-musl-headers.patch b/recipes-core/systemd/systemd/0001-Adjust-for-musl-headers.patch new file mode 100644 index 0000000..5e9646c --- /dev/null +++ b/recipes-core/systemd/systemd/0001-Adjust-for-musl-headers.patch @@ -0,0 +1,556 @@ +From e5f067cb3dc845dd865e450f4e64077b28feb4c0 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Fri, 21 Jan 2022 22:19:37 -0800 +Subject: [PATCH] Adjust for musl headers + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Khem Raj +--- + src/libsystemd-network/sd-dhcp6-client.c | 2 +- + src/network/netdev/bareudp.c | 2 +- + src/network/netdev/batadv.c | 2 +- + src/network/netdev/bond.c | 2 +- + src/network/netdev/bridge.c | 2 +- + src/network/netdev/dummy.c | 2 +- + src/network/netdev/geneve.c | 2 +- + src/network/netdev/ifb.c | 2 +- + src/network/netdev/ipoib.c | 2 +- + src/network/netdev/ipvlan.c | 2 +- + src/network/netdev/macsec.c | 2 +- + src/network/netdev/macvlan.c | 2 +- + src/network/netdev/netdev.c | 2 +- + src/network/netdev/netdevsim.c | 2 +- + src/network/netdev/nlmon.c | 2 +- + src/network/netdev/tunnel.c | 2 +- + src/network/netdev/vcan.c | 2 +- + src/network/netdev/veth.c | 2 +- + src/network/netdev/vlan.c | 2 +- + src/network/netdev/vrf.c | 2 +- + src/network/netdev/vxcan.c | 2 +- + src/network/netdev/vxlan.c | 2 +- + src/network/netdev/wireguard.c | 2 +- + src/network/netdev/xfrm.c | 2 +- + src/network/networkd-bridge-mdb.c | 4 ++-- + src/network/networkd-dhcp-common.c | 3 ++- + src/network/networkd-dhcp-prefix-delegation.c | 4 ++-- + src/network/networkd-dhcp-server.c | 2 +- + src/network/networkd-dhcp4.c | 2 +- + src/network/networkd-ipv6ll.c | 2 +- + src/network/networkd-link.c | 2 +- + src/network/networkd-ndisc.c | 2 +- + src/network/networkd-route.c | 8 ++++---- + src/network/networkd-setlink.c | 2 +- + src/shared/linux/ethtool.h | 3 ++- + src/shared/netif-util.c | 2 +- + src/udev/udev-builtin-net_id.c | 2 +- + 37 files changed, 44 insertions(+), 42 deletions(-) + +diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c +index 57dd91f81f..2b7f4fa3a7 100644 +--- a/src/libsystemd-network/sd-dhcp6-client.c ++++ b/src/libsystemd-network/sd-dhcp6-client.c +@@ -5,7 +5,7 @@ + + #include + #include +-#include ++//#include + #include + + #include "sd-dhcp6-client.h" +diff --git a/src/network/netdev/bareudp.c b/src/network/netdev/bareudp.c +index 24d3afb877..f6241b41ee 100644 +--- a/src/network/netdev/bareudp.c ++++ b/src/network/netdev/bareudp.c +@@ -2,7 +2,7 @@ + * Copyright © 2020 VMware, Inc. */ + + #include +-#include ++//#include + + #include "bareudp.h" + #include "netlink-util.h" +diff --git a/src/network/netdev/batadv.c b/src/network/netdev/batadv.c +index 7e97619657..50fcffcfdf 100644 +--- a/src/network/netdev/batadv.c ++++ b/src/network/netdev/batadv.c +@@ -3,7 +3,7 @@ + #include + #include + #include +-#include ++//#include + + #include "batadv.h" + #include "fileio.h" +diff --git a/src/network/netdev/bond.c b/src/network/netdev/bond.c +index 601bff0a9c..dfed8d9e54 100644 +--- a/src/network/netdev/bond.c ++++ b/src/network/netdev/bond.c +@@ -1,7 +1,7 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + + #include +-#include ++//#include + + #include "alloc-util.h" + #include "bond.h" +diff --git a/src/network/netdev/bridge.c b/src/network/netdev/bridge.c +index b65c3b49fc..6875b4fbdb 100644 +--- a/src/network/netdev/bridge.c ++++ b/src/network/netdev/bridge.c +@@ -2,7 +2,7 @@ + + #include + #include +-#include ++//#include + #include + + #include "bridge.h" +diff --git a/src/network/netdev/dummy.c b/src/network/netdev/dummy.c +index 00df1d2787..77b506b422 100644 +--- a/src/network/netdev/dummy.c ++++ b/src/network/netdev/dummy.c +@@ -1,6 +1,6 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + +-#include ++//#include + + #include "dummy.h" + +diff --git a/src/network/netdev/geneve.c b/src/network/netdev/geneve.c +index 777a32d75c..73bfa2b5c1 100644 +--- a/src/network/netdev/geneve.c ++++ b/src/network/netdev/geneve.c +@@ -2,7 +2,7 @@ + + #include + #include +-#include ++//#include + + #include "alloc-util.h" + #include "conf-parser.h" +diff --git a/src/network/netdev/ifb.c b/src/network/netdev/ifb.c +index d7ff44cb9e..e037629ae4 100644 +--- a/src/network/netdev/ifb.c ++++ b/src/network/netdev/ifb.c +@@ -1,7 +1,7 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later + * Copyright © 2019 VMware, Inc. */ + +-#include ++//#include + + #include "ifb.h" + +diff --git a/src/network/netdev/ipoib.c b/src/network/netdev/ipoib.c +index 5dd9286d57..4036d66dad 100644 +--- a/src/network/netdev/ipoib.c ++++ b/src/network/netdev/ipoib.c +@@ -1,6 +1,6 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + +-#include ++//#include + #include + + #include "ipoib.h" +diff --git a/src/network/netdev/ipvlan.c b/src/network/netdev/ipvlan.c +index 058eadebd7..c470ebb6d7 100644 +--- a/src/network/netdev/ipvlan.c ++++ b/src/network/netdev/ipvlan.c +@@ -2,7 +2,7 @@ + + #include + #include +-#include ++//#include + + #include "conf-parser.h" + #include "ipvlan.h" +diff --git a/src/network/netdev/macsec.c b/src/network/netdev/macsec.c +index 0da3dd4bd2..eb20f04469 100644 +--- a/src/network/netdev/macsec.c ++++ b/src/network/netdev/macsec.c +@@ -1,7 +1,7 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + + #include +-#include ++//#include + #include + #include + #include +diff --git a/src/network/netdev/macvlan.c b/src/network/netdev/macvlan.c +index 1114bb0cb1..6c79a219a4 100644 +--- a/src/network/netdev/macvlan.c ++++ b/src/network/netdev/macvlan.c +@@ -2,7 +2,7 @@ + + #include + #include +-#include ++//#include + + #include "conf-parser.h" + #include "macvlan.h" +diff --git a/src/network/netdev/netdev.c b/src/network/netdev/netdev.c +index 038a27c118..67155f0db7 100644 +--- a/src/network/netdev/netdev.c ++++ b/src/network/netdev/netdev.c +@@ -2,7 +2,7 @@ + + #include + #include +-#include ++//#include + #include + + #include "alloc-util.h" +diff --git a/src/network/netdev/netdevsim.c b/src/network/netdev/netdevsim.c +index 15d5c132f9..a3ffa48b15 100644 +--- a/src/network/netdev/netdevsim.c ++++ b/src/network/netdev/netdevsim.c +@@ -1,6 +1,6 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + +-#include ++//#include + + #include "netdevsim.h" + +diff --git a/src/network/netdev/nlmon.c b/src/network/netdev/nlmon.c +index ff372092e6..eef66811f4 100644 +--- a/src/network/netdev/nlmon.c ++++ b/src/network/netdev/nlmon.c +@@ -1,6 +1,6 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + +-#include ++//#include + + #include "nlmon.h" + +diff --git a/src/network/netdev/tunnel.c b/src/network/netdev/tunnel.c +index 2addfeecaa..954987f26d 100644 +--- a/src/network/netdev/tunnel.c ++++ b/src/network/netdev/tunnel.c +@@ -2,7 +2,7 @@ + + #include + #include +-#include ++//#include + #include + #include + #include +diff --git a/src/network/netdev/vcan.c b/src/network/netdev/vcan.c +index 380547ee1e..137c1adf8a 100644 +--- a/src/network/netdev/vcan.c ++++ b/src/network/netdev/vcan.c +@@ -1,6 +1,6 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + +-#include ++//#include + + #include "vcan.h" + +diff --git a/src/network/netdev/veth.c b/src/network/netdev/veth.c +index fb00e6667f..f52d9ee89a 100644 +--- a/src/network/netdev/veth.c ++++ b/src/network/netdev/veth.c +@@ -3,7 +3,7 @@ + #include + #include + #include +-#include ++//#include + #include + + #include "netlink-util.h" +diff --git a/src/network/netdev/vlan.c b/src/network/netdev/vlan.c +index a3d961dac3..386b567a42 100644 +--- a/src/network/netdev/vlan.c ++++ b/src/network/netdev/vlan.c +@@ -2,7 +2,7 @@ + + #include + #include +-#include ++//#include + #include + + #include "parse-util.h" +diff --git a/src/network/netdev/vrf.c b/src/network/netdev/vrf.c +index 05ef3ff13d..825fc4a398 100644 +--- a/src/network/netdev/vrf.c ++++ b/src/network/netdev/vrf.c +@@ -2,7 +2,7 @@ + + #include + #include +-#include ++//#include + + #include "vrf.h" + +diff --git a/src/network/netdev/vxcan.c b/src/network/netdev/vxcan.c +index 83269b0707..39c6dbe29c 100644 +--- a/src/network/netdev/vxcan.c ++++ b/src/network/netdev/vxcan.c +@@ -1,7 +1,7 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + + #include +-#include ++//#include + + #include "vxcan.h" + +diff --git a/src/network/netdev/vxlan.c b/src/network/netdev/vxlan.c +index 589161938a..0ec9625b7a 100644 +--- a/src/network/netdev/vxlan.c ++++ b/src/network/netdev/vxlan.c +@@ -2,7 +2,7 @@ + + #include + #include +-#include ++//#include + + #include "conf-parser.h" + #include "alloc-util.h" +diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c +index 51e7e02990..fc36c0623a 100644 +--- a/src/network/netdev/wireguard.c ++++ b/src/network/netdev/wireguard.c +@@ -6,7 +6,7 @@ + #include + #include + #include +-#include ++//#include + #include + + #include "sd-resolve.h" +diff --git a/src/network/netdev/xfrm.c b/src/network/netdev/xfrm.c +index a961d8fef2..6c1815b257 100644 +--- a/src/network/netdev/xfrm.c ++++ b/src/network/netdev/xfrm.c +@@ -1,6 +1,6 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + +-#include ++//#include + + #include "missing_network.h" + #include "xfrm.h" +diff --git a/src/network/networkd-bridge-mdb.c b/src/network/networkd-bridge-mdb.c +index bd1a9745dc..949d3da029 100644 +--- a/src/network/networkd-bridge-mdb.c ++++ b/src/network/networkd-bridge-mdb.c +@@ -1,7 +1,5 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + +-#include +-#include + + #include "netlink-util.h" + #include "networkd-bridge-mdb.h" +@@ -11,6 +9,8 @@ + #include "networkd-queue.h" + #include "string-util.h" + #include "vlan-util.h" ++#include ++#include + + #define STATIC_BRIDGE_MDB_ENTRIES_PER_NETWORK_MAX 1024U + +diff --git a/src/network/networkd-dhcp-common.c b/src/network/networkd-dhcp-common.c +index ca9a825e7b..8735e261ad 100644 +--- a/src/network/networkd-dhcp-common.c ++++ b/src/network/networkd-dhcp-common.c +@@ -1,7 +1,8 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + + #include +-#include ++//#include ++#include + + #include "bus-error.h" + #include "bus-locator.h" +diff --git a/src/network/networkd-dhcp-prefix-delegation.c b/src/network/networkd-dhcp-prefix-delegation.c +index 66c5e979d9..581b6b8c29 100644 +--- a/src/network/networkd-dhcp-prefix-delegation.c ++++ b/src/network/networkd-dhcp-prefix-delegation.c +@@ -1,7 +1,5 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + +-#include +- + #include "sd-dhcp6-client.h" + + #include "hashmap.h" +@@ -21,6 +19,8 @@ + #include "strv.h" + #include "tunnel.h" + ++#include ++ + bool link_dhcp_pd_is_enabled(Link *link) { + assert(link); + +diff --git a/src/network/networkd-dhcp-server.c b/src/network/networkd-dhcp-server.c +index 620fbbddc7..c8af20fb34 100644 +--- a/src/network/networkd-dhcp-server.c ++++ b/src/network/networkd-dhcp-server.c +@@ -1,7 +1,7 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + + #include +-#include ++//#include + #include + + #include "sd-dhcp-server.h" +diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c +index d4b4942173..3d78da5609 100644 +--- a/src/network/networkd-dhcp4.c ++++ b/src/network/networkd-dhcp4.c +@@ -3,7 +3,7 @@ + #include + #include + #include +-#include ++//#include + + #include "alloc-util.h" + #include "dhcp-client-internal.h" +diff --git a/src/network/networkd-ipv6ll.c b/src/network/networkd-ipv6ll.c +index 32229a3fc7..662a345d6e 100644 +--- a/src/network/networkd-ipv6ll.c ++++ b/src/network/networkd-ipv6ll.c +@@ -1,7 +1,7 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + + #include +-#include ++//#include + + #include "in-addr-util.h" + #include "networkd-address.h" +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index 019bef0590..657fc41ae6 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -3,7 +3,7 @@ + #include + #include + #include +-#include ++//#include + #include + #include + #include +diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c +index 99a07e16fc..e51cd81d96 100644 +--- a/src/network/networkd-ndisc.c ++++ b/src/network/networkd-ndisc.c +@@ -6,7 +6,7 @@ + #include + #include + #include +-#include ++//#include + + #include "sd-ndisc.h" + +diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c +index 5214a8ad2c..9dd758daae 100644 +--- a/src/network/networkd-route.c ++++ b/src/network/networkd-route.c +@@ -1,9 +1,5 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + +-#include +-#include +-#include +- + #include "alloc-util.h" + #include "event-util.h" + #include "netlink-util.h" +@@ -21,6 +17,10 @@ + #include "vrf.h" + #include "wireguard.h" + ++#include ++#include ++#include ++ + int route_new(Route **ret) { + _cleanup_(route_freep) Route *route = NULL; + +diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c +index 541c4b8a72..06ebda8f0f 100644 +--- a/src/network/networkd-setlink.c ++++ b/src/network/networkd-setlink.c +@@ -2,7 +2,7 @@ + + #include + #include +-#include ++//#include + #include + + #include "missing_network.h" +diff --git a/src/shared/linux/ethtool.h b/src/shared/linux/ethtool.h +index 1458de3627..d5c2d2e0ac 100644 +--- a/src/shared/linux/ethtool.h ++++ b/src/shared/linux/ethtool.h +@@ -16,7 +16,8 @@ + + #include + #include +-#include ++#include ++//#include + + #include /* for INT_MAX */ + +diff --git a/src/shared/netif-util.c b/src/shared/netif-util.c +index f56c5646c1..5af28ff119 100644 +--- a/src/shared/netif-util.c ++++ b/src/shared/netif-util.c +@@ -1,7 +1,7 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + + #include +-#include ++//#include + + #include "arphrd-util.h" + #include "device-util.h" +diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c +index a48d5dedf8..31a8bc1b3c 100644 +--- a/src/udev/udev-builtin-net_id.c ++++ b/src/udev/udev-builtin-net_id.c +@@ -18,7 +18,7 @@ + #include + #include + #include +-#include ++//#include + #include + #include + +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0001-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch b/recipes-core/systemd/systemd/0001-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch new file mode 100644 index 0000000..0fb6efb --- /dev/null +++ b/recipes-core/systemd/systemd/0001-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch @@ -0,0 +1,71 @@ +From 258af8106cbed6fa53f7bee042bf903e58b57a41 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Tue, 29 Sep 2020 18:01:41 -0700 +Subject: [PATCH] Move sysusers.d/sysctl.d/binfmt.d/modules-load.d to /usr + +These directories are moved to /lib since systemd v246, commit +4a56315a990b ("path: use ROOTPREFIX properly"), but in oe-core/yocto, +the old /usr/lib is still being used. + +Upstream-Status: Inappropriate (OE-specific) +Signed-off-by: Khem Raj +Signed-off-by: Jiaqing Zhao + +--- + src/core/systemd.pc.in | 8 ++++---- + src/libsystemd/sd-path/sd-path.c | 8 ++++---- + 2 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in +index 693433b34b..8368a3ff02 100644 +--- a/src/core/systemd.pc.in ++++ b/src/core/systemd.pc.in +@@ -67,16 +67,16 @@ tmpfilesdir=${tmpfiles_dir} + + user_tmpfiles_dir=${prefix}/share/user-tmpfiles.d + +-sysusers_dir=${rootprefix}/lib/sysusers.d ++sysusers_dir=${prefix}/lib/sysusers.d + sysusersdir=${sysusers_dir} + +-sysctl_dir=${rootprefix}/lib/sysctl.d ++sysctl_dir=${prefix}/lib/sysctl.d + sysctldir=${sysctl_dir} + +-binfmt_dir=${rootprefix}/lib/binfmt.d ++binfmt_dir=${prefix}/lib/binfmt.d + binfmtdir=${binfmt_dir} + +-modules_load_dir=${rootprefix}/lib/modules-load.d ++modules_load_dir=${prefix}/lib/modules-load.d + modulesloaddir=${modules_load_dir} + + catalog_dir=${prefix}/lib/systemd/catalog +diff --git a/src/libsystemd/sd-path/sd-path.c b/src/libsystemd/sd-path/sd-path.c +index ac33e349c0..f0615ffb22 100644 +--- a/src/libsystemd/sd-path/sd-path.c ++++ b/src/libsystemd/sd-path/sd-path.c +@@ -362,19 +362,19 @@ static int get_path(uint64_t type, char **buffer, const char **ret) { + return 0; + + case SD_PATH_SYSUSERS: +- *ret = ROOTPREFIX_NOSLASH "/lib/sysusers.d"; ++ *ret = "/usr/lib/sysusers.d"; + return 0; + + case SD_PATH_SYSCTL: +- *ret = ROOTPREFIX_NOSLASH "/lib/sysctl.d"; ++ *ret = "/usr/lib/sysctl.d"; + return 0; + + case SD_PATH_BINFMT: +- *ret = ROOTPREFIX_NOSLASH "/lib/binfmt.d"; ++ *ret = "/usr/lib/binfmt.d"; + return 0; + + case SD_PATH_MODULES_LOAD: +- *ret = ROOTPREFIX_NOSLASH "/lib/modules-load.d"; ++ *ret = "/usr/lib/modules-load.d"; + return 0; + + case SD_PATH_CATALOG: diff --git a/recipes-core/systemd/systemd/0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch b/recipes-core/systemd/systemd/0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch new file mode 100644 index 0000000..a19a025 --- /dev/null +++ b/recipes-core/systemd/systemd/0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch @@ -0,0 +1,81 @@ +From f9974d7dc289551bfbf823b716fd32b43c54e465 Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Thu, 21 Feb 2019 16:23:24 +0800 +Subject: [PATCH] binfmt: Don't install dependency links at install time for + the binfmt services + +use [Install] blocks so that they get created when the service is enabled +like a traditional service. + +The [Install] blocks were rejected upstream as they don't have a way to +"enable" it on install without static symlinks which can't be disabled, +only masked. We however can do that in a postinst. + +Upstream-Status: Denied + +Signed-off-by: Ross Burton +Signed-off-by: Khem Raj +Signed-off-by: Chen Qi +[rebased for systemd 243] +Signed-off-by: Scott Murray + +--- + units/meson.build | 6 ++---- + units/proc-sys-fs-binfmt_misc.automount | 3 +++ + units/systemd-binfmt.service.in | 4 ++++ + 3 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/units/meson.build b/units/meson.build +index a9bf28f6d9..11d3644168 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -63,8 +63,7 @@ units = [ + ['poweroff.target', '', + (with_runlevels ? 'runlevel0.target' : '')], + ['printer.target', ''], +- ['proc-sys-fs-binfmt_misc.automount', 'ENABLE_BINFMT', +- 'sysinit.target.wants/'], ++ ['proc-sys-fs-binfmt_misc.automount', 'ENABLE_BINFMT'], + ['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'], + ['reboot.target', '', + 'ctrl-alt-del.target' + (with_runlevels ? ' runlevel6.target' : '')], +@@ -186,8 +185,7 @@ in_units = [ + ['rescue.service', ''], + ['serial-getty@.service', ''], + ['systemd-backlight@.service', 'ENABLE_BACKLIGHT'], +- ['systemd-binfmt.service', 'ENABLE_BINFMT', +- 'sysinit.target.wants/'], ++ ['systemd-binfmt.service', 'ENABLE_BINFMT'], + ['systemd-bless-boot.service', 'HAVE_GNU_EFI HAVE_BLKID'], + ['systemd-boot-check-no-failures.service', ''], + ['systemd-coredump@.service', 'ENABLE_COREDUMP'], +diff --git a/units/proc-sys-fs-binfmt_misc.automount b/units/proc-sys-fs-binfmt_misc.automount +index 172c8757ab..f65d8930c6 100644 +--- a/units/proc-sys-fs-binfmt_misc.automount ++++ b/units/proc-sys-fs-binfmt_misc.automount +@@ -19,3 +19,6 @@ ConditionPathIsReadWrite=/proc/sys/ + + [Automount] + Where=/proc/sys/fs/binfmt_misc ++ ++[Install] ++WantedBy=sysinit.target +diff --git a/units/systemd-binfmt.service.in b/units/systemd-binfmt.service.in +index 96f595ad72..7c010bb224 100644 +--- a/units/systemd-binfmt.service.in ++++ b/units/systemd-binfmt.service.in +@@ -14,6 +14,7 @@ Documentation=https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.htm + Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems + DefaultDependencies=no + Conflicts=shutdown.target ++Wants=proc-sys-fs-binfmt_misc.automount + After=proc-sys-fs-binfmt_misc.automount + After=proc-sys-fs-binfmt_misc.mount + After=local-fs.target +@@ -31,3 +32,6 @@ RemainAfterExit=yes + ExecStart={{ROOTLIBEXECDIR}}/systemd-binfmt + ExecStop={{ROOTLIBEXECDIR}}/systemd-binfmt --unregister + TimeoutSec=90s ++ ++[Install] ++WantedBy=sysinit.target diff --git a/recipes-core/systemd/systemd/0001-pass-correct-parameters-to-getdents64.patch b/recipes-core/systemd/systemd/0001-pass-correct-parameters-to-getdents64.patch new file mode 100644 index 0000000..144314c --- /dev/null +++ b/recipes-core/systemd/systemd/0001-pass-correct-parameters-to-getdents64.patch @@ -0,0 +1,35 @@ +From dab02796780f00d689cc1c7a0ba81abe7c5f28d0 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Fri, 21 Jan 2022 15:15:11 -0800 +Subject: [PATCH] pass correct parameters to getdents64 + +Fixes +../git/src/basic/recurse-dir.c:57:40: error: incompatible pointer types passing 'uint8_t *' (aka 'unsigned char *') to parameter of type 'struct dirent *' [-Werror,-Wincompatible-pointer-types] + n = getdents64(dir_fd, (uint8_t*) de->buffer + de->buffer_size, bs - de->buffer_size); + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +../git/src/basic/stat-util.c:102:28: error: incompatible pointer types passing 'union (unnamed union at ../git/src/basic/stat-util.c:78:9) *' to parameter of type 'struct dirent *' [-Werror,-Wincompatible-pointer-types] + n = getdents64(fd, &buffer, sizeof(buffer)); + ^~~~~~~ + +Upstream-Status: Inappropriate [musl specific] +Signed-off-by: Khem Raj +Signed-off-by: Jiaqing Zhao + +--- + src/basic/recurse-dir.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/recurse-dir.c b/src/basic/recurse-dir.c +index efa1797b7b..03ff10ebe9 100644 +--- a/src/basic/recurse-dir.c ++++ b/src/basic/recurse-dir.c +@@ -54,7 +54,7 @@ int readdir_all(int dir_fd, + bs = MIN(MALLOC_SIZEOF_SAFE(de) - offsetof(DirectoryEntries, buffer), (size_t) SSIZE_MAX); + assert(bs > de->buffer_size); + +- n = getdents64(dir_fd, (uint8_t*) de->buffer + de->buffer_size, bs - de->buffer_size); ++ n = getdents64(dir_fd, (struct dirent*)((uint8_t*) de->buffer + de->buffer_size), bs - de->buffer_size); + if (n < 0) + return -errno; + if (n == 0) diff --git a/recipes-core/systemd/systemd/0002-Add-sys-stat.h-for-S_IFDIR.patch b/recipes-core/systemd/systemd/0002-Add-sys-stat.h-for-S_IFDIR.patch new file mode 100644 index 0000000..58767c7 --- /dev/null +++ b/recipes-core/systemd/systemd/0002-Add-sys-stat.h-for-S_IFDIR.patch @@ -0,0 +1,27 @@ +From 4b731a5e2547b5292f9a774b849e14c0cf7b3955 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Fri, 21 Jan 2022 15:17:37 -0800 +Subject: [PATCH] Add sys/stat.h for S_IFDIR + +../git/src/shared/mkdir-label.c:13:61: error: use of undeclared identifier 'S_IFDIR' + r = mac_selinux_create_file_prepare_at(dirfd, path, S_IFDIR); + +Upstream-Status: Backport [29b7114c5d9624002aa7c17748d960cd1e45362d] +Signed-off-by: Khem Raj + +--- + src/shared/mkdir-label.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/shared/mkdir-label.c b/src/shared/mkdir-label.c +index 5b1ac5d1e0..fa5802b894 100644 +--- a/src/shared/mkdir-label.c ++++ b/src/shared/mkdir-label.c +@@ -6,6 +6,7 @@ + #include "selinux-util.h" + #include "smack-util.h" + #include "user-util.h" ++#include + + int mkdirat_label(int dirfd, const char *path, mode_t mode) { + int r; diff --git a/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch b/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch new file mode 100644 index 0000000..43611e6 --- /dev/null +++ b/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch @@ -0,0 +1,83 @@ +From ca7d9a8d9c81702af9c599bb79706f12b1a465cf Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Thu, 21 Feb 2019 16:23:24 +0800 +Subject: [PATCH] binfmt: Don't install dependency links at install time for + the binfmt services + +use [Install] blocks so that they get created when the service is enabled +like a traditional service. + +The [Install] blocks were rejected upstream as they don't have a way to +"enable" it on install without static symlinks which can't be disabled, +only masked. We however can do that in a postinst. + +Upstream-Status: Denied + +Signed-off-by: Ross Burton +Signed-off-by: Khem Raj +Signed-off-by: Chen Qi +[rebased for systemd 243] +Signed-off-by: Scott Murray +--- + units/meson.build | 6 ++---- + units/proc-sys-fs-binfmt_misc.automount | 3 +++ + units/systemd-binfmt.service.in | 4 ++++ + 3 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/units/meson.build b/units/meson.build +index c7939a10f8..219570ab19 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -62,8 +62,7 @@ units = [ + ['poweroff.target', '', + (with_runlevels ? 'runlevel0.target' : '')], + ['printer.target', ''], +- ['proc-sys-fs-binfmt_misc.automount', 'ENABLE_BINFMT', +- 'sysinit.target.wants/'], ++ ['proc-sys-fs-binfmt_misc.automount', 'ENABLE_BINFMT'], + ['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'], + ['reboot.target', '', + 'ctrl-alt-del.target' + (with_runlevels ? ' runlevel6.target' : '')], +@@ -185,8 +184,7 @@ in_units = [ + ['rescue.service', ''], + ['serial-getty@.service', ''], + ['systemd-backlight@.service', 'ENABLE_BACKLIGHT'], +- ['systemd-binfmt.service', 'ENABLE_BINFMT', +- 'sysinit.target.wants/'], ++ ['systemd-binfmt.service', 'ENABLE_BINFMT'], + ['systemd-bless-boot.service', 'HAVE_GNU_EFI HAVE_BLKID'], + ['systemd-boot-check-no-failures.service', ''], + ['systemd-coredump@.service', 'ENABLE_COREDUMP'], +diff --git a/units/proc-sys-fs-binfmt_misc.automount b/units/proc-sys-fs-binfmt_misc.automount +index 6b1bbdc91e..5ec5b8670a 100644 +--- a/units/proc-sys-fs-binfmt_misc.automount ++++ b/units/proc-sys-fs-binfmt_misc.automount +@@ -19,3 +19,6 @@ ConditionPathIsReadWrite=/proc/sys/ + + [Automount] + Where=/proc/sys/fs/binfmt_misc ++ ++[Install] ++WantedBy=sysinit.target +diff --git a/units/systemd-binfmt.service.in b/units/systemd-binfmt.service.in +index b04412e037..63f116e4fa 100644 +--- a/units/systemd-binfmt.service.in ++++ b/units/systemd-binfmt.service.in +@@ -14,6 +14,7 @@ Documentation=https://docs.kernel.org/admin-guide/binfmt-misc.html + Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems + DefaultDependencies=no + Conflicts=shutdown.target ++Wants=proc-sys-fs-binfmt_misc.automount + After=proc-sys-fs-binfmt_misc.automount + After=proc-sys-fs-binfmt_misc.mount + After=local-fs.target +@@ -31,3 +32,6 @@ RemainAfterExit=yes + ExecStart={{ROOTLIBEXECDIR}}/systemd-binfmt + ExecStop={{ROOTLIBEXECDIR}}/systemd-binfmt --unregister + TimeoutSec=90s ++ ++[Install] ++WantedBy=sysinit.target +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0003-errno-util-Make-STRERROR-portable-for-musl.patch b/recipes-core/systemd/systemd/0003-errno-util-Make-STRERROR-portable-for-musl.patch new file mode 100644 index 0000000..e9e69cb --- /dev/null +++ b/recipes-core/systemd/systemd/0003-errno-util-Make-STRERROR-portable-for-musl.patch @@ -0,0 +1,42 @@ +From f629a76e0fba300a9d511614160fee38dd4a5e57 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Mon, 23 Jan 2023 23:39:46 -0800 +Subject: [PATCH] errno-util: Make STRERROR portable for musl + +Sadly, systemd has decided to use yet another GNU extention in a macro +lets make this such that we can use XSI compliant strerror_r() for +non-glibc hosts + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Khem Raj +--- + src/basic/errno-util.h | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/basic/errno-util.h b/src/basic/errno-util.h +index 091f99c590..eb5c1f9961 100644 +--- a/src/basic/errno-util.h ++++ b/src/basic/errno-util.h +@@ -14,8 +14,16 @@ + * https://stackoverflow.com/questions/34880638/compound-literal-lifetime-and-if-blocks + * + * Note that we use the GNU variant of strerror_r() here. */ +-#define STRERROR(errnum) strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN) +- ++static inline const char * STRERROR(int errnum); ++ ++static inline const char * STRERROR(int errnum) { ++#ifdef __GLIBC__ ++ return strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN); ++#else ++ static __thread char buf[ERRNO_BUF_LEN]; ++ return strerror_r(abs(errnum), buf, ERRNO_BUF_LEN) ? "unknown error" : buf; ++#endif ++} + /* A helper to print an error message or message for functions that return 0 on EOF. + * Note that we can't use ({ … }) to define a temporary variable, so errnum is + * evaluated twice. */ +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0003-implment-systemd-sysv-install-for-OE.patch b/recipes-core/systemd/systemd/0003-implment-systemd-sysv-install-for-OE.patch new file mode 100644 index 0000000..4556ab5 --- /dev/null +++ b/recipes-core/systemd/systemd/0003-implment-systemd-sysv-install-for-OE.patch @@ -0,0 +1,41 @@ +From f9078501a1495c9991431d1435d081cd2e830328 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Sat, 5 Sep 2015 06:31:47 +0000 +Subject: [PATCH] implment systemd-sysv-install for OE + +Use update-rc.d for enabling/disabling and status command +to check the status of the sysv service + +Upstream-Status: Inappropriate [OE-Specific] + +Signed-off-by: Khem Raj + +--- + src/systemctl/systemd-sysv-install.SKELETON | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/systemctl/systemd-sysv-install.SKELETON b/src/systemctl/systemd-sysv-install.SKELETON +index a2a0059fef..7f95791d9b 100755 +--- a/src/systemctl/systemd-sysv-install.SKELETON ++++ b/src/systemctl/systemd-sysv-install.SKELETON +@@ -34,17 +34,17 @@ case "$1" in + enable) + # call the command to enable SysV init script $NAME here + # (consider optional $ROOT) +- echo "IMPLEMENT ME: enabling SysV init.d script $NAME" ++ update-rc.d -f $NAME defaults + ;; + disable) + # call the command to disable SysV init script $NAME here + # (consider optional $ROOT) +- echo "IMPLEMENT ME: disabling SysV init.d script $NAME" ++ update-rc.d -f $NAME remove + ;; + is-enabled) + # exit with 0 if $NAME is enabled, non-zero if it is disabled + # (consider optional $ROOT) +- echo "IMPLEMENT ME: checking SysV init.d script $NAME" ++ /etc/init.d/$NAME status + ;; + *) + usage ;; diff --git a/recipes-core/systemd/systemd/0003-missing_type.h-add-comparison_fn_t.patch b/recipes-core/systemd/systemd/0003-missing_type.h-add-comparison_fn_t.patch new file mode 100644 index 0000000..c28c838 --- /dev/null +++ b/recipes-core/systemd/systemd/0003-missing_type.h-add-comparison_fn_t.patch @@ -0,0 +1,61 @@ +From 5513b918d02900a3a78fd0e0300a118b163edfef Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Mon, 25 Feb 2019 13:55:12 +0800 +Subject: [PATCH] missing_type.h: add comparison_fn_t + +Make it work with musl where comparison_fn_t and is not provided. + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Alex Kiernan +[Rebased for v244] +Signed-off-by: Chen Qi +[Rebased for v242] +Signed-off-by: Andrej Valek +[Rebased for v250, Drop __compare_fn_t] +Signed-off-by: Jiaqing Zhao +--- + src/basic/missing_type.h | 4 ++++ + src/basic/sort-util.h | 1 + + src/libsystemd/sd-journal/catalog.c | 1 + + 3 files changed, 6 insertions(+) + +diff --git a/src/basic/missing_type.h b/src/basic/missing_type.h +index f6233090a9..6c0456349d 100644 +--- a/src/basic/missing_type.h ++++ b/src/basic/missing_type.h +@@ -10,3 +10,7 @@ + #if !HAVE_CHAR16_T + #define char16_t uint16_t + #endif ++ ++#ifndef __GLIBC__ ++typedef int (*comparison_fn_t)(const void *, const void *); ++#endif +diff --git a/src/basic/sort-util.h b/src/basic/sort-util.h +index 02a6784d99..0b33c83d59 100644 +--- a/src/basic/sort-util.h ++++ b/src/basic/sort-util.h +@@ -4,6 +4,7 @@ + #include + + #include "macro.h" ++#include "missing_type.h" + + /* This is the same as glibc's internal __compar_d_fn_t type. glibc exports a public comparison_fn_t, for the + * external type __compar_fn_t, but doesn't do anything similar for __compar_d_fn_t. Let's hence do that +diff --git a/src/libsystemd/sd-journal/catalog.c b/src/libsystemd/sd-journal/catalog.c +index 8fc87b131a..36a6efdbd8 100644 +--- a/src/libsystemd/sd-journal/catalog.c ++++ b/src/libsystemd/sd-journal/catalog.c +@@ -28,6 +28,7 @@ + #include "string-util.h" + #include "strv.h" + #include "tmpfile-util.h" ++#include "missing_type.h" + + const char * const catalog_file_dirs[] = { + "/usr/local/lib/systemd/catalog/", +-- +2.34.1 + diff --git a/recipes-core/systemd/systemd/0004-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch b/recipes-core/systemd/systemd/0004-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch new file mode 100644 index 0000000..aa1f3c2 --- /dev/null +++ b/recipes-core/systemd/systemd/0004-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch @@ -0,0 +1,73 @@ +From f75f03ef6bc3554068e456bed227f333d5cb8c34 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Tue, 29 Sep 2020 18:01:41 -0700 +Subject: [PATCH] Move sysusers.d/sysctl.d/binfmt.d/modules-load.d to /usr + +These directories are moved to /lib since systemd v246, commit +4a56315a990b ("path: use ROOTPREFIX properly"), but in oe-core/yocto, +the old /usr/lib is still being used. + +Upstream-Status: Inappropriate (OE-specific) +Signed-off-by: Khem Raj +Signed-off-by: Jiaqing Zhao +--- + src/core/systemd.pc.in | 8 ++++---- + src/libsystemd/sd-path/sd-path.c | 8 ++++---- + 2 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in +index 693433b34b..8368a3ff02 100644 +--- a/src/core/systemd.pc.in ++++ b/src/core/systemd.pc.in +@@ -67,16 +67,16 @@ tmpfilesdir=${tmpfiles_dir} + + user_tmpfiles_dir=${prefix}/share/user-tmpfiles.d + +-sysusers_dir=${rootprefix}/lib/sysusers.d ++sysusers_dir=${prefix}/lib/sysusers.d + sysusersdir=${sysusers_dir} + +-sysctl_dir=${rootprefix}/lib/sysctl.d ++sysctl_dir=${prefix}/lib/sysctl.d + sysctldir=${sysctl_dir} + +-binfmt_dir=${rootprefix}/lib/binfmt.d ++binfmt_dir=${prefix}/lib/binfmt.d + binfmtdir=${binfmt_dir} + +-modules_load_dir=${rootprefix}/lib/modules-load.d ++modules_load_dir=${prefix}/lib/modules-load.d + modulesloaddir=${modules_load_dir} + + catalog_dir=${prefix}/lib/systemd/catalog +diff --git a/src/libsystemd/sd-path/sd-path.c b/src/libsystemd/sd-path/sd-path.c +index 1af3a36d1d..def502b717 100644 +--- a/src/libsystemd/sd-path/sd-path.c ++++ b/src/libsystemd/sd-path/sd-path.c +@@ -362,19 +362,19 @@ static int get_path(uint64_t type, char **buffer, const char **ret) { + return 0; + + case SD_PATH_SYSUSERS: +- *ret = ROOTPREFIX_NOSLASH "/lib/sysusers.d"; ++ *ret = "/usr/lib/sysusers.d"; + return 0; + + case SD_PATH_SYSCTL: +- *ret = ROOTPREFIX_NOSLASH "/lib/sysctl.d"; ++ *ret = "/usr/lib/sysctl.d"; + return 0; + + case SD_PATH_BINFMT: +- *ret = ROOTPREFIX_NOSLASH "/lib/binfmt.d"; ++ *ret = "/usr/lib/binfmt.d"; + return 0; + + case SD_PATH_MODULES_LOAD: +- *ret = ROOTPREFIX_NOSLASH "/lib/modules-load.d"; ++ *ret = "/usr/lib/modules-load.d"; + return 0; + + case SD_PATH_CATALOG: +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0004-add-fallback-parse_printf_format-implementation.patch b/recipes-core/systemd/systemd/0004-add-fallback-parse_printf_format-implementation.patch new file mode 100644 index 0000000..0c85f2b --- /dev/null +++ b/recipes-core/systemd/systemd/0004-add-fallback-parse_printf_format-implementation.patch @@ -0,0 +1,433 @@ +From 3d9910dcda697b1e361bba49c99050ee0d116742 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin +Date: Sat, 22 May 2021 20:26:24 +0200 +Subject: [PATCH] add fallback parse_printf_format implementation + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Emil Renner Berthing +Signed-off-by: Khem Raj +Signed-off-by: Chen Qi +[rebased for systemd 243] +Signed-off-by: Scott Murray + +--- + meson.build | 1 + + src/basic/meson.build | 5 + + src/basic/parse-printf-format.c | 273 +++++++++++++++++++++++ + src/basic/parse-printf-format.h | 57 +++++ + src/basic/stdio-util.h | 2 +- + src/libsystemd/sd-journal/journal-send.c | 2 +- + 6 files changed, 338 insertions(+), 2 deletions(-) + create mode 100644 src/basic/parse-printf-format.c + create mode 100644 src/basic/parse-printf-format.h + +diff --git a/meson.build b/meson.build +index 36cbfa4893..30b5305b89 100644 +--- a/meson.build ++++ b/meson.build +@@ -694,6 +694,7 @@ endif + foreach header : ['crypt.h', + 'linux/memfd.h', + 'linux/vm_sockets.h', ++ 'printf.h', + 'sys/auxv.h', + 'valgrind/memcheck.h', + 'valgrind/valgrind.h', +diff --git a/src/basic/meson.build b/src/basic/meson.build +index 9b89fdcdea..0b1ef91016 100644 +--- a/src/basic/meson.build ++++ b/src/basic/meson.build +@@ -336,6 +336,11 @@ endforeach + + basic_sources += generated_gperf_headers + ++if conf.get('HAVE_PRINTF_H') != 1 ++ basic_sources += [files('parse-printf-format.c')] ++endif ++ ++ + ############################################################ + + arch_list = [ +diff --git a/src/basic/parse-printf-format.c b/src/basic/parse-printf-format.c +new file mode 100644 +index 0000000000..49437e5445 +--- /dev/null ++++ b/src/basic/parse-printf-format.c +@@ -0,0 +1,273 @@ ++/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ ++ ++/*** ++ This file is part of systemd. ++ ++ Copyright 2014 Emil Renner Berthing ++ ++ With parts from the musl C library ++ Copyright 2005-2014 Rich Felker, et al. ++ ++ systemd is free software; you can redistribute it and/or modify it ++ under the terms of the GNU Lesser General Public License as published by ++ the Free Software Foundation; either version 2.1 of the License, or ++ (at your option) any later version. ++ ++ systemd is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public License ++ along with systemd; If not, see . ++***/ ++ ++#include ++#include ++ ++#include "parse-printf-format.h" ++ ++static const char *consume_nonarg(const char *fmt) ++{ ++ do { ++ if (*fmt == '\0') ++ return fmt; ++ } while (*fmt++ != '%'); ++ return fmt; ++} ++ ++static const char *consume_num(const char *fmt) ++{ ++ for (;*fmt >= '0' && *fmt <= '9'; fmt++) ++ /* do nothing */; ++ return fmt; ++} ++ ++static const char *consume_argn(const char *fmt, size_t *arg) ++{ ++ const char *p = fmt; ++ size_t val = 0; ++ ++ if (*p < '1' || *p > '9') ++ return fmt; ++ do { ++ val = 10*val + (*p++ - '0'); ++ } while (*p >= '0' && *p <= '9'); ++ ++ if (*p != '$') ++ return fmt; ++ *arg = val; ++ return p+1; ++} ++ ++static const char *consume_flags(const char *fmt) ++{ ++ while (1) { ++ switch (*fmt) { ++ case '#': ++ case '0': ++ case '-': ++ case ' ': ++ case '+': ++ case '\'': ++ case 'I': ++ fmt++; ++ continue; ++ } ++ return fmt; ++ } ++} ++ ++enum state { ++ BARE, ++ LPRE, ++ LLPRE, ++ HPRE, ++ HHPRE, ++ BIGLPRE, ++ ZTPRE, ++ JPRE, ++ STOP ++}; ++ ++enum type { ++ NONE, ++ PTR, ++ INT, ++ UINT, ++ ULLONG, ++ LONG, ++ ULONG, ++ SHORT, ++ USHORT, ++ CHAR, ++ UCHAR, ++ LLONG, ++ SIZET, ++ IMAX, ++ UMAX, ++ PDIFF, ++ UIPTR, ++ DBL, ++ LDBL, ++ MAXTYPE ++}; ++ ++static const short pa_types[MAXTYPE] = { ++ [NONE] = PA_INT, ++ [PTR] = PA_POINTER, ++ [INT] = PA_INT, ++ [UINT] = PA_INT, ++ [ULLONG] = PA_INT | PA_FLAG_LONG_LONG, ++ [LONG] = PA_INT | PA_FLAG_LONG, ++ [ULONG] = PA_INT | PA_FLAG_LONG, ++ [SHORT] = PA_INT | PA_FLAG_SHORT, ++ [USHORT] = PA_INT | PA_FLAG_SHORT, ++ [CHAR] = PA_CHAR, ++ [UCHAR] = PA_CHAR, ++ [LLONG] = PA_INT | PA_FLAG_LONG_LONG, ++ [SIZET] = PA_INT | PA_FLAG_LONG, ++ [IMAX] = PA_INT | PA_FLAG_LONG_LONG, ++ [UMAX] = PA_INT | PA_FLAG_LONG_LONG, ++ [PDIFF] = PA_INT | PA_FLAG_LONG_LONG, ++ [UIPTR] = PA_INT | PA_FLAG_LONG, ++ [DBL] = PA_DOUBLE, ++ [LDBL] = PA_DOUBLE | PA_FLAG_LONG_DOUBLE ++}; ++ ++#define S(x) [(x)-'A'] ++#define E(x) (STOP + (x)) ++ ++static const unsigned char states[]['z'-'A'+1] = { ++ { /* 0: bare types */ ++ S('d') = E(INT), S('i') = E(INT), ++ S('o') = E(UINT),S('u') = E(UINT),S('x') = E(UINT), S('X') = E(UINT), ++ S('e') = E(DBL), S('f') = E(DBL), S('g') = E(DBL), S('a') = E(DBL), ++ S('E') = E(DBL), S('F') = E(DBL), S('G') = E(DBL), S('A') = E(DBL), ++ S('c') = E(CHAR),S('C') = E(INT), ++ S('s') = E(PTR), S('S') = E(PTR), S('p') = E(UIPTR),S('n') = E(PTR), ++ S('m') = E(NONE), ++ S('l') = LPRE, S('h') = HPRE, S('L') = BIGLPRE, ++ S('z') = ZTPRE, S('j') = JPRE, S('t') = ZTPRE ++ }, { /* 1: l-prefixed */ ++ S('d') = E(LONG), S('i') = E(LONG), ++ S('o') = E(ULONG),S('u') = E(ULONG),S('x') = E(ULONG),S('X') = E(ULONG), ++ S('e') = E(DBL), S('f') = E(DBL), S('g') = E(DBL), S('a') = E(DBL), ++ S('E') = E(DBL), S('F') = E(DBL), S('G') = E(DBL), S('A') = E(DBL), ++ S('c') = E(INT), S('s') = E(PTR), S('n') = E(PTR), ++ S('l') = LLPRE ++ }, { /* 2: ll-prefixed */ ++ S('d') = E(LLONG), S('i') = E(LLONG), ++ S('o') = E(ULLONG),S('u') = E(ULLONG), ++ S('x') = E(ULLONG),S('X') = E(ULLONG), ++ S('n') = E(PTR) ++ }, { /* 3: h-prefixed */ ++ S('d') = E(SHORT), S('i') = E(SHORT), ++ S('o') = E(USHORT),S('u') = E(USHORT), ++ S('x') = E(USHORT),S('X') = E(USHORT), ++ S('n') = E(PTR), ++ S('h') = HHPRE ++ }, { /* 4: hh-prefixed */ ++ S('d') = E(CHAR), S('i') = E(CHAR), ++ S('o') = E(UCHAR),S('u') = E(UCHAR), ++ S('x') = E(UCHAR),S('X') = E(UCHAR), ++ S('n') = E(PTR) ++ }, { /* 5: L-prefixed */ ++ S('e') = E(LDBL),S('f') = E(LDBL),S('g') = E(LDBL), S('a') = E(LDBL), ++ S('E') = E(LDBL),S('F') = E(LDBL),S('G') = E(LDBL), S('A') = E(LDBL), ++ S('n') = E(PTR) ++ }, { /* 6: z- or t-prefixed (assumed to be same size) */ ++ S('d') = E(PDIFF),S('i') = E(PDIFF), ++ S('o') = E(SIZET),S('u') = E(SIZET), ++ S('x') = E(SIZET),S('X') = E(SIZET), ++ S('n') = E(PTR) ++ }, { /* 7: j-prefixed */ ++ S('d') = E(IMAX), S('i') = E(IMAX), ++ S('o') = E(UMAX), S('u') = E(UMAX), ++ S('x') = E(UMAX), S('X') = E(UMAX), ++ S('n') = E(PTR) ++ } ++}; ++ ++size_t parse_printf_format(const char *fmt, size_t n, int *types) ++{ ++ size_t i = 0; ++ size_t last = 0; ++ ++ memset(types, 0, n); ++ ++ while (1) { ++ size_t arg; ++ unsigned int state; ++ ++ fmt = consume_nonarg(fmt); ++ if (*fmt == '\0') ++ break; ++ if (*fmt == '%') { ++ fmt++; ++ continue; ++ } ++ arg = 0; ++ fmt = consume_argn(fmt, &arg); ++ /* flags */ ++ fmt = consume_flags(fmt); ++ /* width */ ++ if (*fmt == '*') { ++ size_t warg = 0; ++ fmt = consume_argn(fmt+1, &warg); ++ if (warg == 0) ++ warg = ++i; ++ if (warg > last) ++ last = warg; ++ if (warg <= n && types[warg-1] == NONE) ++ types[warg-1] = INT; ++ } else ++ fmt = consume_num(fmt); ++ /* precision */ ++ if (*fmt == '.') { ++ fmt++; ++ if (*fmt == '*') { ++ size_t parg = 0; ++ fmt = consume_argn(fmt+1, &parg); ++ if (parg == 0) ++ parg = ++i; ++ if (parg > last) ++ last = parg; ++ if (parg <= n && types[parg-1] == NONE) ++ types[parg-1] = INT; ++ } else { ++ if (*fmt == '-') ++ fmt++; ++ fmt = consume_num(fmt); ++ } ++ } ++ /* length modifier and conversion specifier */ ++ state = BARE; ++ do { ++ unsigned char c = *fmt++; ++ ++ if (c < 'A' || c > 'z') ++ continue; ++ state = states[state]S(c); ++ if (state == 0) ++ continue; ++ } while (state < STOP); ++ ++ if (state == E(NONE)) ++ continue; ++ ++ if (arg == 0) ++ arg = ++i; ++ if (arg > last) ++ last = arg; ++ if (arg <= n) ++ types[arg-1] = state - STOP; ++ } ++ ++ if (last > n) ++ last = n; ++ for (i = 0; i < last; i++) ++ types[i] = pa_types[types[i]]; ++ ++ return last; ++} +diff --git a/src/basic/parse-printf-format.h b/src/basic/parse-printf-format.h +new file mode 100644 +index 0000000000..47be7522d7 +--- /dev/null ++++ b/src/basic/parse-printf-format.h +@@ -0,0 +1,57 @@ ++/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ ++ ++/*** ++ This file is part of systemd. ++ ++ Copyright 2014 Emil Renner Berthing ++ ++ With parts from the GNU C Library ++ Copyright 1991-2014 Free Software Foundation, Inc. ++ ++ systemd is free software; you can redistribute it and/or modify it ++ under the terms of the GNU Lesser General Public License as published by ++ the Free Software Foundation; either version 2.1 of the License, or ++ (at your option) any later version. ++ ++ systemd is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public License ++ along with systemd; If not, see . ++***/ ++ ++#pragma once ++ ++#include "config.h" ++ ++#if HAVE_PRINTF_H ++#include ++#else ++ ++#include ++ ++enum { /* C type: */ ++ PA_INT, /* int */ ++ PA_CHAR, /* int, cast to char */ ++ PA_WCHAR, /* wide char */ ++ PA_STRING, /* const char *, a '\0'-terminated string */ ++ PA_WSTRING, /* const wchar_t *, wide character string */ ++ PA_POINTER, /* void * */ ++ PA_FLOAT, /* float */ ++ PA_DOUBLE, /* double */ ++ PA_LAST ++}; ++ ++/* Flag bits that can be set in a type returned by `parse_printf_format'. */ ++#define PA_FLAG_MASK 0xff00 ++#define PA_FLAG_LONG_LONG (1 << 8) ++#define PA_FLAG_LONG_DOUBLE PA_FLAG_LONG_LONG ++#define PA_FLAG_LONG (1 << 9) ++#define PA_FLAG_SHORT (1 << 10) ++#define PA_FLAG_PTR (1 << 11) ++ ++size_t parse_printf_format(const char *fmt, size_t n, int *types); ++ ++#endif /* HAVE_PRINTF_H */ +diff --git a/src/basic/stdio-util.h b/src/basic/stdio-util.h +index 69d7062ec6..f55c5aab2c 100644 +--- a/src/basic/stdio-util.h ++++ b/src/basic/stdio-util.h +@@ -1,13 +1,13 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + #pragma once + +-#include + #include + #include + #include + + #include "macro.h" + #include "memory-util.h" ++#include "parse-printf-format.h" + + #define snprintf_ok(buf, len, fmt, ...) \ + ({ \ +diff --git a/src/libsystemd/sd-journal/journal-send.c b/src/libsystemd/sd-journal/journal-send.c +index 1e10ed5524..e6ceba54f9 100644 +--- a/src/libsystemd/sd-journal/journal-send.c ++++ b/src/libsystemd/sd-journal/journal-send.c +@@ -2,7 +2,6 @@ + + #include + #include +-#include + #include + #include + #include +@@ -25,6 +24,7 @@ + #include "stdio-util.h" + #include "string-util.h" + #include "tmpfile-util.h" ++#include "parse-printf-format.h" + + #define SNDBUF_SIZE (8*1024*1024) + diff --git a/recipes-core/systemd/systemd/0005-pass-correct-parameters-to-getdents64.patch b/recipes-core/systemd/systemd/0005-pass-correct-parameters-to-getdents64.patch new file mode 100644 index 0000000..c634d8e --- /dev/null +++ b/recipes-core/systemd/systemd/0005-pass-correct-parameters-to-getdents64.patch @@ -0,0 +1,37 @@ +From 17766c64ecc7dedf09ed2d361690fc4eda77bf42 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Fri, 21 Jan 2022 15:15:11 -0800 +Subject: [PATCH] pass correct parameters to getdents64 + +Fixes +../git/src/basic/recurse-dir.c:57:40: error: incompatible pointer types passing 'uint8_t *' (aka 'unsigned char *') to parameter of type 'struct dirent *' [-Werror,-Wincompatible-pointer-types] + n = getdents64(dir_fd, (uint8_t*) de->buffer + de->buffer_size, bs - de->buffer_size); + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +../git/src/basic/stat-util.c:102:28: error: incompatible pointer types passing 'union (unnamed union at ../git/src/basic/stat-util.c:78:9) *' to parameter of type 'struct dirent *' [-Werror,-Wincompatible-pointer-types] + n = getdents64(fd, &buffer, sizeof(buffer)); + ^~~~~~~ + +Upstream-Status: Inappropriate [musl specific] +Signed-off-by: Khem Raj +Signed-off-by: Jiaqing Zhao +--- + src/basic/recurse-dir.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/recurse-dir.c b/src/basic/recurse-dir.c +index 5e98b7a5d8..aef065047b 100644 +--- a/src/basic/recurse-dir.c ++++ b/src/basic/recurse-dir.c +@@ -55,7 +55,7 @@ int readdir_all(int dir_fd, + bs = MIN(MALLOC_SIZEOF_SAFE(de) - offsetof(DirectoryEntries, buffer), (size_t) SSIZE_MAX); + assert(bs > de->buffer_size); + +- n = getdents64(dir_fd, (uint8_t*) de->buffer + de->buffer_size, bs - de->buffer_size); ++ n = getdents64(dir_fd, (struct dirent*)((uint8_t*) de->buffer + de->buffer_size), bs - de->buffer_size); + if (n < 0) + return -errno; + if (n == 0) +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0005-src-basic-missing.h-check-for-missing-strndupa.patch b/recipes-core/systemd/systemd/0005-src-basic-missing.h-check-for-missing-strndupa.patch new file mode 100644 index 0000000..9e02666 --- /dev/null +++ b/recipes-core/systemd/systemd/0005-src-basic-missing.h-check-for-missing-strndupa.patch @@ -0,0 +1,706 @@ +From 106b7bd7186c9d6c1dcd72bd4ca6457d3fa72d0b Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Mon, 25 Feb 2019 14:18:21 +0800 +Subject: [PATCH] src/basic/missing.h: check for missing strndupa + +include missing.h for definition of strndupa + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Khem Raj +Signed-off-by: Chen Qi +[Rebased for v242] +Signed-off-by: Andrej Valek +[rebased for systemd 243] +Signed-off-by: Scott Murray +Signed-off-by: Alex Kiernan +[rebased for systemd 244] +[Rebased for v247] +Signed-off-by: Luca Boccassi +--- + meson.build | 1 + + src/backlight/backlight.c | 1 + + src/basic/cgroup-util.c | 1 + + src/basic/env-util.c | 1 + + src/basic/log.c | 1 + + src/basic/missing_stdlib.h | 12 ++++++++++++ + src/basic/mkdir.c | 1 + + src/basic/mountpoint-util.c | 1 + + src/basic/parse-util.c | 1 + + src/basic/path-lookup.c | 1 + + src/basic/percent-util.c | 1 + + src/basic/proc-cmdline.c | 1 + + src/basic/procfs-util.c | 1 + + src/basic/time-util.c | 1 + + src/boot/bless-boot.c | 1 + + src/core/dbus-cgroup.c | 1 + + src/core/dbus-execute.c | 1 + + src/core/dbus-util.c | 1 + + src/core/execute.c | 1 + + src/core/kmod-setup.c | 1 + + src/core/service.c | 1 + + src/coredump/coredump-vacuum.c | 1 + + src/fstab-generator/fstab-generator.c | 1 + + src/journal-remote/journal-remote-main.c | 1 + + src/journal/journalctl.c | 1 + + src/libsystemd/sd-bus/bus-message.c | 1 + + src/libsystemd/sd-bus/bus-objects.c | 1 + + src/libsystemd/sd-bus/bus-socket.c | 1 + + src/libsystemd/sd-bus/sd-bus.c | 1 + + src/libsystemd/sd-bus/test-bus-benchmark.c | 1 + + src/libsystemd/sd-journal/sd-journal.c | 1 + + src/locale/keymap-util.c | 1 + + src/login/pam_systemd.c | 1 + + src/network/generator/network-generator.c | 1 + + src/nspawn/nspawn-settings.c | 1 + + src/nss-mymachines/nss-mymachines.c | 1 + + src/portable/portable.c | 1 + + src/resolve/resolvectl.c | 1 + + src/shared/bus-get-properties.c | 1 + + src/shared/bus-unit-procs.c | 1 + + src/shared/bus-unit-util.c | 1 + + src/shared/bus-util.c | 1 + + src/shared/dns-domain.c | 1 + + src/shared/journal-importer.c | 1 + + src/shared/logs-show.c | 1 + + src/shared/pager.c | 1 + + src/shared/uid-range.c | 1 + + src/socket-proxy/socket-proxyd.c | 1 + + src/test/test-hexdecoct.c | 1 + + src/udev/udev-builtin-path_id.c | 1 + + src/udev/udev-event.c | 1 + + src/udev/udev-rules.c | 1 + + 52 files changed, 63 insertions(+) + +diff --git a/meson.build b/meson.build +index 30b5305b89..0189ef8ce6 100644 +--- a/meson.build ++++ b/meson.build +@@ -512,6 +512,7 @@ foreach ident : ['secure_getenv', '__secure_getenv'] + endforeach + + foreach ident : [ ++ ['strndupa' , '''#include '''], + ['memfd_create', '''#include '''], + ['gettid', '''#include + #include '''], +diff --git a/src/backlight/backlight.c b/src/backlight/backlight.c +index a4e5d77f6c..fc12da4c53 100644 +--- a/src/backlight/backlight.c ++++ b/src/backlight/backlight.c +@@ -20,6 +20,7 @@ + #include "strv.h" + #include "terminal-util.h" + #include "util.h" ++#include "missing_stdlib.h" + + static int help(void) { + _cleanup_free_ char *link = NULL; +diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c +index b03cc70e2e..f4615ffce1 100644 +--- a/src/basic/cgroup-util.c ++++ b/src/basic/cgroup-util.c +@@ -37,6 +37,7 @@ + #include "unit-name.h" + #include "user-util.h" + #include "xattr-util.h" ++#include "missing_stdlib.h" + + static int cg_enumerate_items(const char *controller, const char *path, FILE **_f, const char *item) { + _cleanup_free_ char *fs = NULL; +diff --git a/src/basic/env-util.c b/src/basic/env-util.c +index 885967e7f3..d0b7dc845e 100644 +--- a/src/basic/env-util.c ++++ b/src/basic/env-util.c +@@ -19,6 +19,7 @@ + #include "string-util.h" + #include "strv.h" + #include "utf8.h" ++#include "missing_stdlib.h" + + /* We follow bash for the character set. Different shells have different rules. */ + #define VALID_BASH_ENV_NAME_CHARS \ +diff --git a/src/basic/log.c b/src/basic/log.c +index 12071e2ebd..15254c7bbc 100644 +--- a/src/basic/log.c ++++ b/src/basic/log.c +@@ -36,6 +36,7 @@ + #include "terminal-util.h" + #include "time-util.h" + #include "utf8.h" ++#include "missing_stdlib.h" + + #define SNDBUF_SIZE (8*1024*1024) + +diff --git a/src/basic/missing_stdlib.h b/src/basic/missing_stdlib.h +index 8c76f93eb2..9068bfb4f0 100644 +--- a/src/basic/missing_stdlib.h ++++ b/src/basic/missing_stdlib.h +@@ -11,3 +11,15 @@ + # error "neither secure_getenv nor __secure_getenv are available" + # endif + #endif ++ ++/* string.h */ ++#if ! HAVE_STRNDUPA ++#define strndupa(s, n) \ ++ ({ \ ++ const char *__old = (s); \ ++ size_t __len = strnlen(__old, (n)); \ ++ char *__new = (char *)alloca(__len + 1); \ ++ __new[__len] = '\0'; \ ++ (char *)memcpy(__new, __old, __len); \ ++ }) ++#endif +diff --git a/src/basic/mkdir.c b/src/basic/mkdir.c +index 51a0d74e87..03569f71f8 100644 +--- a/src/basic/mkdir.c ++++ b/src/basic/mkdir.c +@@ -15,6 +15,7 @@ + #include "stat-util.h" + #include "stdio-util.h" + #include "user-util.h" ++#include "missing_stdlib.h" + + int mkdir_safe_internal( + const char *path, +diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c +index 82a33a6829..d947774b40 100644 +--- a/src/basic/mountpoint-util.c ++++ b/src/basic/mountpoint-util.c +@@ -13,6 +13,7 @@ + #include "missing_stat.h" + #include "missing_syscall.h" + #include "mkdir.h" ++#include "missing_stdlib.h" + #include "mountpoint-util.h" + #include "nulstr-util.h" + #include "parse-util.h" +diff --git a/src/basic/parse-util.c b/src/basic/parse-util.c +index 2888ab6523..d941afec2d 100644 +--- a/src/basic/parse-util.c ++++ b/src/basic/parse-util.c +@@ -18,6 +18,7 @@ + #include "stat-util.h" + #include "string-util.h" + #include "strv.h" ++#include "missing_stdlib.h" + + int parse_boolean(const char *v) { + if (!v) +diff --git a/src/basic/path-lookup.c b/src/basic/path-lookup.c +index 6fb8c40e7a..c4b59e8518 100644 +--- a/src/basic/path-lookup.c ++++ b/src/basic/path-lookup.c +@@ -16,6 +16,7 @@ + #include "strv.h" + #include "tmpfile-util.h" + #include "user-util.h" ++#include "missing_stdlib.h" + + int xdg_user_runtime_dir(char **ret, const char *suffix) { + const char *e; +diff --git a/src/basic/percent-util.c b/src/basic/percent-util.c +index cab9d0eaea..5f6ca258e9 100644 +--- a/src/basic/percent-util.c ++++ b/src/basic/percent-util.c +@@ -3,6 +3,7 @@ + #include "percent-util.h" + #include "string-util.h" + #include "parse-util.h" ++#include "missing_stdlib.h" + + static int parse_parts_value_whole(const char *p, const char *symbol) { + const char *pc, *n; +diff --git a/src/basic/proc-cmdline.c b/src/basic/proc-cmdline.c +index 410b8a3eb5..f2c4355609 100644 +--- a/src/basic/proc-cmdline.c ++++ b/src/basic/proc-cmdline.c +@@ -15,6 +15,7 @@ + #include "string-util.h" + #include "util.h" + #include "virt.h" ++#include "missing_stdlib.h" + + int proc_cmdline(char **ret) { + const char *e; +diff --git a/src/basic/procfs-util.c b/src/basic/procfs-util.c +index 65f96abb06..e485a0196b 100644 +--- a/src/basic/procfs-util.c ++++ b/src/basic/procfs-util.c +@@ -12,6 +12,7 @@ + #include "procfs-util.h" + #include "stdio-util.h" + #include "string-util.h" ++#include "missing_stdlib.h" + + int procfs_get_pid_max(uint64_t *ret) { + _cleanup_free_ char *value = NULL; +diff --git a/src/basic/time-util.c b/src/basic/time-util.c +index b659d6905d..020112be24 100644 +--- a/src/basic/time-util.c ++++ b/src/basic/time-util.c +@@ -26,6 +26,7 @@ + #include "string-util.h" + #include "strv.h" + #include "time-util.h" ++#include "missing_stdlib.h" + + static clockid_t map_clock_id(clockid_t c) { + +diff --git a/src/boot/bless-boot.c b/src/boot/bless-boot.c +index d9c901d73b..79a035274c 100644 +--- a/src/boot/bless-boot.c ++++ b/src/boot/bless-boot.c +@@ -22,6 +22,7 @@ + #include "util.h" + #include "verbs.h" + #include "virt.h" ++#include "missing_stdlib.h" + + static char **arg_path = NULL; + +diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c +index f0d8759e85..b4c1053e64 100644 +--- a/src/core/dbus-cgroup.c ++++ b/src/core/dbus-cgroup.c +@@ -21,6 +21,7 @@ + #include "parse-util.h" + #include "path-util.h" + #include "percent-util.h" ++#include "missing_stdlib.h" + #include "socket-util.h" + + BUS_DEFINE_PROPERTY_GET(bus_property_get_tasks_max, "t", TasksMax, tasks_max_resolve); +diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c +index 5c499e5d06..e7ab1bb9a5 100644 +--- a/src/core/dbus-execute.c ++++ b/src/core/dbus-execute.c +@@ -44,6 +44,7 @@ + #include "unit-printf.h" + #include "user-util.h" + #include "utf8.h" ++#include "missing_stdlib.h" + + BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_exec_output, exec_output, ExecOutput); + static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_input, exec_input, ExecInput); +diff --git a/src/core/dbus-util.c b/src/core/dbus-util.c +index 32a2ec0ff9..36be2511e4 100644 +--- a/src/core/dbus-util.c ++++ b/src/core/dbus-util.c +@@ -9,6 +9,7 @@ + #include "unit-printf.h" + #include "user-util.h" + #include "unit.h" ++#include "missing_stdlib.h" + + int bus_property_get_triggered_unit( + sd_bus *bus, +diff --git a/src/core/execute.c b/src/core/execute.c +index 2762b10287..a8aeec7f6e 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -103,6 +103,7 @@ + #include "unit-serialize.h" + #include "user-util.h" + #include "utmp-wtmp.h" ++#include "missing_stdlib.h" + + #define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC) + #define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC) +diff --git a/src/core/kmod-setup.c b/src/core/kmod-setup.c +index f4488dd692..1d331a7ee2 100644 +--- a/src/core/kmod-setup.c ++++ b/src/core/kmod-setup.c +@@ -11,6 +11,7 @@ + #include "recurse-dir.h" + #include "string-util.h" + #include "virt.h" ++#include "missing_stdlib.h" + + #if HAVE_KMOD + #include "module-util.h" +diff --git a/src/core/service.c b/src/core/service.c +index 9f7af9dffb..3ec5e30c8b 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -42,6 +42,7 @@ + #include "unit.h" + #include "utf8.h" + #include "util.h" ++#include "missing_stdlib.h" + + #define service_spawn(...) service_spawn_internal(__func__, __VA_ARGS__) + +diff --git a/src/coredump/coredump-vacuum.c b/src/coredump/coredump-vacuum.c +index c6e201ecf2..ab034475e2 100644 +--- a/src/coredump/coredump-vacuum.c ++++ b/src/coredump/coredump-vacuum.c +@@ -17,6 +17,7 @@ + #include "string-util.h" + #include "time-util.h" + #include "user-util.h" ++#include "missing_stdlib.h" + + #define DEFAULT_MAX_USE_LOWER (uint64_t) (1ULL*1024ULL*1024ULL) /* 1 MiB */ + #define DEFAULT_MAX_USE_UPPER (uint64_t) (4ULL*1024ULL*1024ULL*1024ULL) /* 4 GiB */ +diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c +index 9b32383a76..f8d3397a06 100644 +--- a/src/fstab-generator/fstab-generator.c ++++ b/src/fstab-generator/fstab-generator.c +@@ -29,6 +29,7 @@ + #include "util.h" + #include "virt.h" + #include "volatile-util.h" ++#include "missing_stdlib.h" + + typedef enum MountPointFlags { + MOUNT_NOAUTO = 1 << 0, +diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c +index 3e3646e45f..6a8fc60f6d 100644 +--- a/src/journal-remote/journal-remote-main.c ++++ b/src/journal-remote/journal-remote-main.c +@@ -24,6 +24,7 @@ + #include "stat-util.h" + #include "string-table.h" + #include "strv.h" ++#include "missing_stdlib.h" + + #define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-remote.pem" + #define CERT_FILE CERTIFICATE_ROOT "/certs/journal-remote.pem" +diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c +index cff34fd585..a5003e47e9 100644 +--- a/src/journal/journalctl.c ++++ b/src/journal/journalctl.c +@@ -74,6 +74,7 @@ + #include "unit-name.h" + #include "user-util.h" + #include "varlink.h" ++#include "missing_stdlib.h" + + #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE) + #define PROCESS_INOTIFY_INTERVAL 1024 /* Every 1,024 messages processed */ +diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c +index 96529b422b..ddb5e9c698 100644 +--- a/src/libsystemd/sd-bus/bus-message.c ++++ b/src/libsystemd/sd-bus/bus-message.c +@@ -20,6 +20,7 @@ + #include "strv.h" + #include "time-util.h" + #include "utf8.h" ++#include "missing_stdlib.h" + + static int message_append_basic(sd_bus_message *m, char type, const void *p, const void **stored); + +diff --git a/src/libsystemd/sd-bus/bus-objects.c b/src/libsystemd/sd-bus/bus-objects.c +index 909dfe4d3a..254b7ce866 100644 +--- a/src/libsystemd/sd-bus/bus-objects.c ++++ b/src/libsystemd/sd-bus/bus-objects.c +@@ -11,6 +11,7 @@ + #include "missing_capability.h" + #include "string-util.h" + #include "strv.h" ++#include "missing_stdlib.h" + + static int node_vtable_get_userdata( + sd_bus *bus, +diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c +index 14951ccb33..b7f86ca501 100644 +--- a/src/libsystemd/sd-bus/bus-socket.c ++++ b/src/libsystemd/sd-bus/bus-socket.c +@@ -28,6 +28,7 @@ + #include "string-util.h" + #include "user-util.h" + #include "utf8.h" ++#include "missing_stdlib.h" + + #define SNDBUF_SIZE (8*1024*1024) + +diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +index 9e1d29cc1d..8c3165f0ce 100644 +--- a/src/libsystemd/sd-bus/sd-bus.c ++++ b/src/libsystemd/sd-bus/sd-bus.c +@@ -43,6 +43,7 @@ + #include "string-util.h" + #include "strv.h" + #include "user-util.h" ++#include "missing_stdlib.h" + + #define log_debug_bus_message(m) \ + do { \ +diff --git a/src/libsystemd/sd-bus/test-bus-benchmark.c b/src/libsystemd/sd-bus/test-bus-benchmark.c +index 317653bedc..d028216c48 100644 +--- a/src/libsystemd/sd-bus/test-bus-benchmark.c ++++ b/src/libsystemd/sd-bus/test-bus-benchmark.c +@@ -14,6 +14,7 @@ + #include "string-util.h" + #include "time-util.h" + #include "util.h" ++#include "missing_stdlib.h" + + #define MAX_SIZE (2*1024*1024) + +diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c +index 7a6cc4aca3..b7f7cd65c5 100644 +--- a/src/libsystemd/sd-journal/sd-journal.c ++++ b/src/libsystemd/sd-journal/sd-journal.c +@@ -41,6 +41,7 @@ + #include "string-util.h" + #include "strv.h" + #include "syslog-util.h" ++#include "missing_stdlib.h" + + #define JOURNAL_FILES_MAX 7168 + +diff --git a/src/locale/keymap-util.c b/src/locale/keymap-util.c +index 10d2ed7aec..4fbe3f6b4a 100644 +--- a/src/locale/keymap-util.c ++++ b/src/locale/keymap-util.c +@@ -24,6 +24,7 @@ + #include "string-util.h" + #include "strv.h" + #include "tmpfile-util.h" ++#include "missing_stdlib.h" + + static bool startswith_comma(const char *s, const char *prefix) { + s = startswith(s, prefix); +diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c +index 5bd7efc3e8..282899601e 100644 +--- a/src/login/pam_systemd.c ++++ b/src/login/pam_systemd.c +@@ -31,6 +31,7 @@ + #include "locale-util.h" + #include "login-util.h" + #include "macro.h" ++#include "missing_stdlib.h" + #include "pam-util.h" + #include "parse-util.h" + #include "path-util.h" +diff --git a/src/network/generator/network-generator.c b/src/network/generator/network-generator.c +index 063ad08d80..f9823a433b 100644 +--- a/src/network/generator/network-generator.c ++++ b/src/network/generator/network-generator.c +@@ -13,6 +13,7 @@ + #include "string-table.h" + #include "string-util.h" + #include "strv.h" ++#include "missing_stdlib.h" + + /* + # .network +diff --git a/src/nspawn/nspawn-settings.c b/src/nspawn/nspawn-settings.c +index 1f58bf3ed4..8457a3b0e3 100644 +--- a/src/nspawn/nspawn-settings.c ++++ b/src/nspawn/nspawn-settings.c +@@ -17,6 +17,7 @@ + #include "strv.h" + #include "user-util.h" + #include "util.h" ++#include "missing_stdlib.h" + + Settings *settings_new(void) { + Settings *s; +diff --git a/src/nss-mymachines/nss-mymachines.c b/src/nss-mymachines/nss-mymachines.c +index c64e79bdff..eda26b0b9a 100644 +--- a/src/nss-mymachines/nss-mymachines.c ++++ b/src/nss-mymachines/nss-mymachines.c +@@ -21,6 +21,7 @@ + #include "nss-util.h" + #include "signal-util.h" + #include "string-util.h" ++#include "missing_stdlib.h" + + static void setup_logging_once(void) { + static pthread_once_t once = PTHREAD_ONCE_INIT; +diff --git a/src/portable/portable.c b/src/portable/portable.c +index 0e6461ba93..54148d5924 100644 +--- a/src/portable/portable.c ++++ b/src/portable/portable.c +@@ -39,6 +39,7 @@ + #include "strv.h" + #include "tmpfile-util.h" + #include "user-util.h" ++#include "missing_stdlib.h" + + /* Markers used in the first line of our 20-portable.conf unit file drop-in to determine, that a) the unit file was + * dropped there by the portable service logic and b) for which image it was dropped there. */ +diff --git a/src/resolve/resolvectl.c b/src/resolve/resolvectl.c +index 5b3ceeff36..d36d1d57ae 100644 +--- a/src/resolve/resolvectl.c ++++ b/src/resolve/resolvectl.c +@@ -43,6 +43,7 @@ + #include "utf8.h" + #include "verb-log-control.h" + #include "verbs.h" ++#include "missing_stdlib.h" + + static int arg_family = AF_UNSPEC; + static int arg_ifindex = 0; +diff --git a/src/shared/bus-get-properties.c b/src/shared/bus-get-properties.c +index 8b4f66b22e..5926e4c61b 100644 +--- a/src/shared/bus-get-properties.c ++++ b/src/shared/bus-get-properties.c +@@ -4,6 +4,7 @@ + #include "rlimit-util.h" + #include "stdio-util.h" + #include "string-util.h" ++#include "missing_stdlib.h" + + int bus_property_get_bool( + sd_bus *bus, +diff --git a/src/shared/bus-unit-procs.c b/src/shared/bus-unit-procs.c +index 87c0334fec..402ab3493b 100644 +--- a/src/shared/bus-unit-procs.c ++++ b/src/shared/bus-unit-procs.c +@@ -10,6 +10,7 @@ + #include "sort-util.h" + #include "string-util.h" + #include "terminal-util.h" ++#include "missing_stdlib.h" + + struct CGroupInfo { + char *cgroup_path; +diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c +index dcce530c99..faf5a5bda0 100644 +--- a/src/shared/bus-unit-util.c ++++ b/src/shared/bus-unit-util.c +@@ -49,6 +49,7 @@ + #include "unit-def.h" + #include "user-util.h" + #include "utf8.h" ++#include "missing_stdlib.h" + + int bus_parse_unit_info(sd_bus_message *message, UnitInfo *u) { + assert(message); +diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c +index 4a2b7684bc..ee6d687c58 100644 +--- a/src/shared/bus-util.c ++++ b/src/shared/bus-util.c +@@ -21,6 +21,7 @@ + #include "path-util.h" + #include "socket-util.h" + #include "stdio-util.h" ++#include "missing_stdlib.h" + + static int name_owner_change_callback(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) { + sd_event *e = userdata; +diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c +index f54b187a1b..299758c7e4 100644 +--- a/src/shared/dns-domain.c ++++ b/src/shared/dns-domain.c +@@ -17,6 +17,7 @@ + #include "string-util.h" + #include "strv.h" + #include "utf8.h" ++#include "missing_stdlib.h" + + int dns_label_unescape(const char **name, char *dest, size_t sz, DNSLabelFlags flags) { + const char *n; +diff --git a/src/shared/journal-importer.c b/src/shared/journal-importer.c +index c6caf9330a..ebe33bd44a 100644 +--- a/src/shared/journal-importer.c ++++ b/src/shared/journal-importer.c +@@ -15,6 +15,7 @@ + #include "parse-util.h" + #include "string-util.h" + #include "unaligned.h" ++#include "missing_stdlib.h" + + enum { + IMPORTER_STATE_LINE = 0, /* waiting to read, or reading line */ +diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c +index cf83eb6bca..e672a003a3 100644 +--- a/src/shared/logs-show.c ++++ b/src/shared/logs-show.c +@@ -42,6 +42,7 @@ + #include "utf8.h" + #include "util.h" + #include "web-util.h" ++#include "missing_stdlib.h" + + /* up to three lines (each up to 100 characters) or 300 characters, whichever is less */ + #define PRINT_LINE_THRESHOLD 3 +diff --git a/src/shared/pager.c b/src/shared/pager.c +index f75ef62d2d..530001a821 100644 +--- a/src/shared/pager.c ++++ b/src/shared/pager.c +@@ -26,6 +26,7 @@ + #include "strv.h" + #include "terminal-util.h" + #include "util.h" ++#include "missing_stdlib.h" + + static pid_t pager_pid = 0; + +diff --git a/src/shared/uid-range.c b/src/shared/uid-range.c +index 1b4396a34c..c2f72b185f 100644 +--- a/src/shared/uid-range.c ++++ b/src/shared/uid-range.c +@@ -14,6 +14,7 @@ + #include "stat-util.h" + #include "uid-range.h" + #include "user-util.h" ++#include "missing_stdlib.h" + + static bool uid_range_intersect(UidRange *range, uid_t start, uid_t nr) { + assert(range); +diff --git a/src/socket-proxy/socket-proxyd.c b/src/socket-proxy/socket-proxyd.c +index 7e9ab19666..56f619e54e 100644 +--- a/src/socket-proxy/socket-proxyd.c ++++ b/src/socket-proxy/socket-proxyd.c +@@ -26,6 +26,7 @@ + #include "socket-util.h" + #include "string-util.h" + #include "util.h" ++#include "missing_stdlib.h" + + #define BUFFER_SIZE (256 * 1024) + +diff --git a/src/test/test-hexdecoct.c b/src/test/test-hexdecoct.c +index cc9a7cb838..a679614a47 100644 +--- a/src/test/test-hexdecoct.c ++++ b/src/test/test-hexdecoct.c +@@ -7,6 +7,7 @@ + #include "macro.h" + #include "random-util.h" + #include "string-util.h" ++#include "missing_stdlib.h" + #include "tests.h" + + TEST(hexchar) { +diff --git a/src/udev/udev-builtin-path_id.c b/src/udev/udev-builtin-path_id.c +index ae92e45205..1e6f3205cb 100644 +--- a/src/udev/udev-builtin-path_id.c ++++ b/src/udev/udev-builtin-path_id.c +@@ -22,6 +22,7 @@ + #include "sysexits.h" + #include "udev-builtin.h" + #include "udev-util.h" ++#include "missing_stdlib.h" + + _printf_(2,3) + static void path_prepend(char **path, const char *fmt, ...) { +diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c +index a60e4f294c..571c43765b 100644 +--- a/src/udev/udev-event.c ++++ b/src/udev/udev-event.c +@@ -35,6 +35,7 @@ + #include "udev-util.h" + #include "udev-watch.h" + #include "user-util.h" ++#include "missing_stdlib.h" + + typedef struct Spawn { + sd_device *device; +diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c +index 1a384d6b38..0089833e3f 100644 +--- a/src/udev/udev-rules.c ++++ b/src/udev/udev-rules.c +@@ -34,6 +34,7 @@ + #include "udev-util.h" + #include "user-util.h" + #include "virt.h" ++#include "missing_stdlib.h" + + #define RULES_DIRS (const char* const*) CONF_PATHS_STRV("udev/rules.d") + diff --git a/recipes-core/systemd/systemd/0006-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch b/recipes-core/systemd/systemd/0006-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch new file mode 100644 index 0000000..96322e5 --- /dev/null +++ b/recipes-core/systemd/systemd/0006-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch @@ -0,0 +1,52 @@ +From fa598869cca684c001f3dc23ce2198f5a6169e2a Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Tue, 8 Nov 2022 13:31:34 -0800 +Subject: [PATCH] test-bus-error: strerror() is assumed to be GNU specific + version mark it so + +Upstream-Status: Inappropriate [Upstream systemd only supports glibc] + +Signed-off-by: Khem Raj +--- + src/libsystemd/sd-bus/test-bus-error.c | 2 ++ + src/test/test-errno-util.c | 3 ++- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-bus/test-bus-error.c b/src/libsystemd/sd-bus/test-bus-error.c +index a55f3f9856..4123bf3da0 100644 +--- a/src/libsystemd/sd-bus/test-bus-error.c ++++ b/src/libsystemd/sd-bus/test-bus-error.c +@@ -99,7 +99,9 @@ TEST(error) { + assert_se(!sd_bus_error_is_set(&error)); + assert_se(sd_bus_error_set_errno(&error, EBUSY) == -EBUSY); + assert_se(streq(error.name, "System.Error.EBUSY")); ++#ifdef __GLIBC__ + assert_se(streq(error.message, STRERROR(EBUSY))); ++#endif + assert_se(sd_bus_error_has_name(&error, "System.Error.EBUSY")); + assert_se(sd_bus_error_get_errno(&error) == EBUSY); + assert_se(sd_bus_error_is_set(&error)); +diff --git a/src/test/test-errno-util.c b/src/test/test-errno-util.c +index d3d022c33f..74e95c804d 100644 +--- a/src/test/test-errno-util.c ++++ b/src/test/test-errno-util.c +@@ -4,7 +4,7 @@ + #include "stdio-util.h" + #include "string-util.h" + #include "tests.h" +- ++#ifdef __GLIBC__ + TEST(strerror_not_threadsafe) { + /* Just check that strerror really is not thread-safe. */ + log_info("strerror(%d) → %s", 200, strerror(200)); +@@ -46,6 +46,7 @@ TEST(STRERROR_OR_ELSE) { + log_info("STRERROR_OR_ELSE(EPERM, \"EOF\") → %s", STRERROR_OR_EOF(EPERM)); + log_info("STRERROR_OR_ELSE(-EPERM, \"EOF\") → %s", STRERROR_OR_EOF(-EPERM)); + } ++#endif /* __GLIBC__ */ + + TEST(PROTECT_ERRNO) { + errno = 12; +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0007-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch b/recipes-core/systemd/systemd/0007-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch new file mode 100644 index 0000000..eeaaac1 --- /dev/null +++ b/recipes-core/systemd/systemd/0007-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch @@ -0,0 +1,152 @@ +From 74c664bcd6b9a5fcf3466310c07f608d12456f7f Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Mon, 25 Feb 2019 14:56:21 +0800 +Subject: [PATCH] don't fail if GLOB_BRACE and GLOB_ALTDIRFUNC is not defined + +If the standard library doesn't provide brace +expansion users just won't get it. + +Dont use GNU GLOB extentions on non-glibc systems + +Conditionalize use of GLOB_ALTDIRFUNC + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Khem Raj +Signed-off-by: Chen Qi +[rebased for systemd 243] +Signed-off-by: Scott Murray + +--- + src/basic/glob-util.c | 12 ++++++++++++ + src/test/test-glob-util.c | 16 ++++++++++++++++ + src/tmpfiles/tmpfiles.c | 10 ++++++++++ + 3 files changed, 38 insertions(+) + +diff --git a/src/basic/glob-util.c b/src/basic/glob-util.c +index e026b29478..815e56ef68 100644 +--- a/src/basic/glob-util.c ++++ b/src/basic/glob-util.c +@@ -12,6 +12,12 @@ + #include "path-util.h" + #include "strv.h" + ++/* Don't fail if the standard library ++ * doesn't provide brace expansion */ ++#ifndef GLOB_BRACE ++#define GLOB_BRACE 0 ++#endif ++ + static void closedir_wrapper(void* v) { + (void) closedir(v); + } +@@ -19,6 +25,7 @@ static void closedir_wrapper(void* v) { + int safe_glob(const char *path, int flags, glob_t *pglob) { + int k; + ++#ifdef GLOB_ALTDIRFUNC + /* We want to set GLOB_ALTDIRFUNC ourselves, don't allow it to be set. */ + assert(!(flags & GLOB_ALTDIRFUNC)); + +@@ -32,9 +39,14 @@ int safe_glob(const char *path, int flags, glob_t *pglob) { + pglob->gl_lstat = lstat; + if (!pglob->gl_stat) + pglob->gl_stat = stat; ++#endif + + errno = 0; ++#ifdef GLOB_ALTDIRFUNC + k = glob(path, flags | GLOB_ALTDIRFUNC, NULL, pglob); ++#else ++ k = glob(path, flags, NULL, pglob); ++#endif + if (k == GLOB_NOMATCH) + return -ENOENT; + if (k == GLOB_NOSPACE) +diff --git a/src/test/test-glob-util.c b/src/test/test-glob-util.c +index ec8b74f48f..d99a6095df 100644 +--- a/src/test/test-glob-util.c ++++ b/src/test/test-glob-util.c +@@ -13,6 +13,12 @@ + #include "tests.h" + #include "tmpfile-util.h" + ++/* Don't fail if the standard library ++ * doesn't provide brace expansion */ ++#ifndef GLOB_BRACE ++#define GLOB_BRACE 0 ++#endif ++ + TEST(glob_exists) { + char name[] = "/tmp/test-glob_exists.XXXXXX"; + int fd = -1; +@@ -40,11 +46,13 @@ TEST(glob_no_dot) { + const char *fn; + + _cleanup_globfree_ glob_t g = { ++#ifdef GLOB_ALTDIRFUNC + .gl_closedir = closedir_wrapper, + .gl_readdir = (struct dirent *(*)(void *)) readdir_no_dot, + .gl_opendir = (void *(*)(const char *)) opendir, + .gl_lstat = lstat, + .gl_stat = stat, ++#endif + }; + + int r; +@@ -52,11 +60,19 @@ TEST(glob_no_dot) { + assert_se(mkdtemp(template)); + + fn = strjoina(template, "/*"); ++#ifdef GLOB_ALTDIRFUNC + r = glob(fn, GLOB_NOSORT|GLOB_BRACE|GLOB_ALTDIRFUNC, NULL, &g); ++#else ++ r = glob(fn, GLOB_NOSORT|GLOB_BRACE, NULL, &g); ++#endif + assert_se(r == GLOB_NOMATCH); + + fn = strjoina(template, "/.*"); ++#ifdef GLOB_ALTDIRFUNC + r = glob(fn, GLOB_NOSORT|GLOB_BRACE|GLOB_ALTDIRFUNC, NULL, &g); ++#else ++ r = glob(fn, GLOB_NOSORT|GLOB_BRACE, NULL, &g); ++#endif + assert_se(r == GLOB_NOMATCH); + + (void) rm_rf(template, REMOVE_ROOT|REMOVE_PHYSICAL); +diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c +index fcab51c208..fdef1807ae 100644 +--- a/src/tmpfiles/tmpfiles.c ++++ b/src/tmpfiles/tmpfiles.c +@@ -67,6 +67,12 @@ + #include "umask-util.h" + #include "user-util.h" + ++/* Don't fail if the standard library ++ * doesn't provide brace expansion */ ++#ifndef GLOB_BRACE ++#define GLOB_BRACE 0 ++#endif ++ + /* This reads all files listed in /etc/tmpfiles.d/?*.conf and creates + * them in the file system. This is intended to be used to create + * properly owned directories beneath /tmp, /var/tmp, /run, which are +@@ -1934,7 +1940,9 @@ finish: + + static int glob_item(Item *i, action_t action) { + _cleanup_globfree_ glob_t g = { ++#ifdef GLOB_ALTDIRFUNC + .gl_opendir = (void *(*)(const char *)) opendir_nomod, ++#endif + }; + int r = 0, k; + +@@ -1953,7 +1961,9 @@ static int glob_item(Item *i, action_t action) { + + static int glob_item_recursively(Item *i, fdaction_t action) { + _cleanup_globfree_ glob_t g = { ++#ifdef GLOB_ALTDIRFUNC + .gl_opendir = (void *(*)(const char *)) opendir_nomod, ++#endif + }; + int r = 0, k; diff --git a/recipes-core/systemd/systemd/0008-add-missing-FTW_-macros-for-musl.patch b/recipes-core/systemd/systemd/0008-add-missing-FTW_-macros-for-musl.patch new file mode 100644 index 0000000..d1191d7 --- /dev/null +++ b/recipes-core/systemd/systemd/0008-add-missing-FTW_-macros-for-musl.patch @@ -0,0 +1,42 @@ +From a0450f7909348e7ff1d58adc0aee4119a0519c1f Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Mon, 25 Feb 2019 15:00:06 +0800 +Subject: [PATCH] add missing FTW_ macros for musl + +This is to avoid build failures like below for musl. + + locale-util.c:296:24: error: 'FTW_STOP' undeclared + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Chen Qi + +--- + src/basic/missing_type.h | 4 ++++ + src/test/test-recurse-dir.c | 1 + + 2 files changed, 5 insertions(+) + +diff --git a/src/basic/missing_type.h b/src/basic/missing_type.h +index 6c0456349d..73a5b90e3c 100644 +--- a/src/basic/missing_type.h ++++ b/src/basic/missing_type.h +@@ -14,3 +14,7 @@ + #ifndef __GLIBC__ + typedef int (*comparison_fn_t)(const void *, const void *); + #endif ++ ++#ifndef FTW_CONTINUE ++#define FTW_CONTINUE 0 ++#endif +diff --git a/src/test/test-recurse-dir.c b/src/test/test-recurse-dir.c +index 2c2120b136..bc60a178a2 100644 +--- a/src/test/test-recurse-dir.c ++++ b/src/test/test-recurse-dir.c +@@ -6,6 +6,7 @@ + #include "recurse-dir.h" + #include "strv.h" + #include "tests.h" ++#include "missing_type.h" + + static char **list_nftw = NULL; + diff --git a/recipes-core/systemd/systemd/0008-implment-systemd-sysv-install-for-OE.patch b/recipes-core/systemd/systemd/0008-implment-systemd-sysv-install-for-OE.patch new file mode 100644 index 0000000..acff18d --- /dev/null +++ b/recipes-core/systemd/systemd/0008-implment-systemd-sysv-install-for-OE.patch @@ -0,0 +1,43 @@ +From 5712d56f1cd654d2e5d2e9117ff77fe4c299f76b Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Sat, 5 Sep 2015 06:31:47 +0000 +Subject: [PATCH] implment systemd-sysv-install for OE + +Use update-rc.d for enabling/disabling and status command +to check the status of the sysv service + +Upstream-Status: Inappropriate [OE-Specific] + +Signed-off-by: Khem Raj +--- + src/systemctl/systemd-sysv-install.SKELETON | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/systemctl/systemd-sysv-install.SKELETON b/src/systemctl/systemd-sysv-install.SKELETON +index cb58d8243b..000bdf6165 100755 +--- a/src/systemctl/systemd-sysv-install.SKELETON ++++ b/src/systemctl/systemd-sysv-install.SKELETON +@@ -34,17 +34,17 @@ case "$1" in + enable) + # call the command to enable SysV init script $NAME here + # (consider optional $ROOT) +- echo "IMPLEMENT ME: enabling SysV init.d script $NAME" ++ update-rc.d -f $NAME defaults + ;; + disable) + # call the command to disable SysV init script $NAME here + # (consider optional $ROOT) +- echo "IMPLEMENT ME: disabling SysV init.d script $NAME" ++ update-rc.d -f $NAME remove + ;; + is-enabled) + # exit with 0 if $NAME is enabled, non-zero if it is disabled + # (consider optional $ROOT) +- echo "IMPLEMENT ME: checking SysV init.d script $NAME" ++ /etc/init.d/$NAME status + ;; + *) + usage ;; +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0009-missing_type.h-add-comparison_fn_t.patch b/recipes-core/systemd/systemd/0009-missing_type.h-add-comparison_fn_t.patch new file mode 100644 index 0000000..e50b47a --- /dev/null +++ b/recipes-core/systemd/systemd/0009-missing_type.h-add-comparison_fn_t.patch @@ -0,0 +1,61 @@ +From 542f999a846dfd49d9373d30fffb2a44168d7b5e Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Mon, 25 Feb 2019 13:55:12 +0800 +Subject: [PATCH] missing_type.h: add comparison_fn_t + +Make it work with musl where comparison_fn_t and is not provided. + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Alex Kiernan +[Rebased for v244] +Signed-off-by: Chen Qi +[Rebased for v242] +Signed-off-by: Andrej Valek +[Rebased for v250, Drop __compare_fn_t] +Signed-off-by: Jiaqing Zhao +--- + src/basic/missing_type.h | 4 ++++ + src/basic/sort-util.h | 1 + + src/libsystemd/sd-journal/catalog.c | 1 + + 3 files changed, 6 insertions(+) + +diff --git a/src/basic/missing_type.h b/src/basic/missing_type.h +index f6233090a9..6c0456349d 100644 +--- a/src/basic/missing_type.h ++++ b/src/basic/missing_type.h +@@ -10,3 +10,7 @@ + #if !HAVE_CHAR16_T + #define char16_t uint16_t + #endif ++ ++#ifndef __GLIBC__ ++typedef int (*comparison_fn_t)(const void *, const void *); ++#endif +diff --git a/src/basic/sort-util.h b/src/basic/sort-util.h +index f0bf246aa3..33669c7a75 100644 +--- a/src/basic/sort-util.h ++++ b/src/basic/sort-util.h +@@ -4,6 +4,7 @@ + #include + + #include "macro.h" ++#include "missing_type.h" + + /* This is the same as glibc's internal __compar_d_fn_t type. glibc exports a public comparison_fn_t, for the + * external type __compar_fn_t, but doesn't do anything similar for __compar_d_fn_t. Let's hence do that +diff --git a/src/libsystemd/sd-journal/catalog.c b/src/libsystemd/sd-journal/catalog.c +index 7527abf636..f33383e57f 100644 +--- a/src/libsystemd/sd-journal/catalog.c ++++ b/src/libsystemd/sd-journal/catalog.c +@@ -28,6 +28,7 @@ + #include "string-util.h" + #include "strv.h" + #include "tmpfile-util.h" ++#include "missing_type.h" + + const char * const catalog_file_dirs[] = { + "/usr/local/lib/systemd/catalog/", +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0010-Use-uintmax_t-for-handling-rlim_t.patch b/recipes-core/systemd/systemd/0010-Use-uintmax_t-for-handling-rlim_t.patch new file mode 100644 index 0000000..3a47d09 --- /dev/null +++ b/recipes-core/systemd/systemd/0010-Use-uintmax_t-for-handling-rlim_t.patch @@ -0,0 +1,104 @@ +From 48a791aae7a47a2a08e9e60c18054071a43b8cda Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Mon, 25 Feb 2019 15:12:41 +0800 +Subject: [PATCH] Use uintmax_t for handling rlim_t + +PRIu{32,64} is not right format to represent rlim_t type +therefore use %ju and typecast the rlim_t variables to +uintmax_t. + +Fixes portablility errors like + +execute.c:3446:36: error: format '%lu' expects argument of type 'long unsigned int', but argument 5 has type 'rlim_t {aka long long unsigned int}' [-Werror=format=] +| fprintf(f, "%s%s: " RLIM_FMT "\n", +| ^~~~~~~~ +| prefix, rlimit_to_string(i), c->rlimit[i]->rlim_max); +| ~~~~~~~~~~~~~~~~~~~~~~ + +Upstream-Status: Denied [https://github.com/systemd/systemd/pull/7199] + +Signed-off-by: Khem Raj +[Rebased for v241] +Signed-off-by: Chen Qi + +--- + src/basic/format-util.h | 8 +------- + src/basic/rlimit-util.c | 12 ++++++------ + src/core/execute.c | 4 ++-- + 3 files changed, 9 insertions(+), 15 deletions(-) + +diff --git a/src/basic/format-util.h b/src/basic/format-util.h +index 8719df3e29..9becc96066 100644 +--- a/src/basic/format-util.h ++++ b/src/basic/format-util.h +@@ -34,13 +34,7 @@ assert_cc(sizeof(gid_t) == sizeof(uint32_t)); + # error Unknown timex member size + #endif + +-#if SIZEOF_RLIM_T == 8 +-# define RLIM_FMT "%" PRIu64 +-#elif SIZEOF_RLIM_T == 4 +-# define RLIM_FMT "%" PRIu32 +-#else +-# error Unknown rlim_t size +-#endif ++#define RLIM_FMT "%ju" + + #if SIZEOF_DEV_T == 8 + # define DEV_FMT "%" PRIu64 +diff --git a/src/basic/rlimit-util.c b/src/basic/rlimit-util.c +index 33dfde9d6c..e018fd81fd 100644 +--- a/src/basic/rlimit-util.c ++++ b/src/basic/rlimit-util.c +@@ -44,7 +44,7 @@ int setrlimit_closest(int resource, const struct rlimit *rlim) { + fixed.rlim_max == highest.rlim_max) + return 0; + +- log_debug("Failed at setting rlimit " RLIM_FMT " for resource RLIMIT_%s. Will attempt setting value " RLIM_FMT " instead.", rlim->rlim_max, rlimit_to_string(resource), fixed.rlim_max); ++ log_debug("Failed at setting rlimit " RLIM_FMT " for resource RLIMIT_%s. Will attempt setting value " RLIM_FMT " instead.", (uintmax_t)rlim->rlim_max, rlimit_to_string(resource), (uintmax_t)fixed.rlim_max); + + return RET_NERRNO(setrlimit(resource, &fixed)); + } +@@ -307,13 +307,13 @@ int rlimit_format(const struct rlimit *rl, char **ret) { + if (rl->rlim_cur >= RLIM_INFINITY && rl->rlim_max >= RLIM_INFINITY) + r = free_and_strdup(&s, "infinity"); + else if (rl->rlim_cur >= RLIM_INFINITY) +- r = asprintf(&s, "infinity:" RLIM_FMT, rl->rlim_max); ++ r = asprintf(&s, "infinity:" RLIM_FMT, (uintmax_t)rl->rlim_max); + else if (rl->rlim_max >= RLIM_INFINITY) +- r = asprintf(&s, RLIM_FMT ":infinity", rl->rlim_cur); ++ r = asprintf(&s, RLIM_FMT ":infinity", (uintmax_t)rl->rlim_cur); + else if (rl->rlim_cur == rl->rlim_max) +- r = asprintf(&s, RLIM_FMT, rl->rlim_cur); ++ r = asprintf(&s, RLIM_FMT, (uintmax_t)rl->rlim_cur); + else +- r = asprintf(&s, RLIM_FMT ":" RLIM_FMT, rl->rlim_cur, rl->rlim_max); ++ r = asprintf(&s, RLIM_FMT ":" RLIM_FMT, (uintmax_t)rl->rlim_cur, (uintmax_t)rl->rlim_max); + if (r < 0) + return -ENOMEM; + +@@ -403,7 +403,7 @@ int rlimit_nofile_safe(void) { + + rl.rlim_cur = FD_SETSIZE; + if (setrlimit(RLIMIT_NOFILE, &rl) < 0) +- return log_debug_errno(errno, "Failed to lower RLIMIT_NOFILE's soft limit to " RLIM_FMT ": %m", rl.rlim_cur); ++ return log_debug_errno(errno, "Failed to lower RLIMIT_NOFILE's soft limit to " RLIM_FMT ": %m", (uintmax_t)rl.rlim_cur); + + return 1; + } +diff --git a/src/core/execute.c b/src/core/execute.c +index fccfb9268c..90f00e10a5 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -5633,9 +5633,9 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) { + for (unsigned i = 0; i < RLIM_NLIMITS; i++) + if (c->rlimit[i]) { + fprintf(f, "%sLimit%s: " RLIM_FMT "\n", +- prefix, rlimit_to_string(i), c->rlimit[i]->rlim_max); ++ prefix, rlimit_to_string(i), (uintmax_t)c->rlimit[i]->rlim_max); + fprintf(f, "%sLimit%sSoft: " RLIM_FMT "\n", +- prefix, rlimit_to_string(i), c->rlimit[i]->rlim_cur); ++ prefix, rlimit_to_string(i), (uintmax_t)c->rlimit[i]->rlim_cur); + } + + if (c->ioprio_set) { diff --git a/recipes-core/systemd/systemd/0010-add-fallback-parse_printf_format-implementation.patch b/recipes-core/systemd/systemd/0010-add-fallback-parse_printf_format-implementation.patch new file mode 100644 index 0000000..6f01721 --- /dev/null +++ b/recipes-core/systemd/systemd/0010-add-fallback-parse_printf_format-implementation.patch @@ -0,0 +1,434 @@ +From 383e85e15f16a46aac925aa439b8b60f58b40aa6 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin +Date: Sat, 22 May 2021 20:26:24 +0200 +Subject: [PATCH] add fallback parse_printf_format implementation + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Emil Renner Berthing +Signed-off-by: Khem Raj +Signed-off-by: Chen Qi +[rebased for systemd 243] +Signed-off-by: Scott Murray +--- + meson.build | 1 + + src/basic/meson.build | 5 + + src/basic/parse-printf-format.c | 273 +++++++++++++++++++++++ + src/basic/parse-printf-format.h | 57 +++++ + src/basic/stdio-util.h | 2 +- + src/libsystemd/sd-journal/journal-send.c | 2 +- + 6 files changed, 338 insertions(+), 2 deletions(-) + create mode 100644 src/basic/parse-printf-format.c + create mode 100644 src/basic/parse-printf-format.h + +diff --git a/meson.build b/meson.build +index bfc86857d6..fb96143c37 100644 +--- a/meson.build ++++ b/meson.build +@@ -755,6 +755,7 @@ endif + foreach header : ['crypt.h', + 'linux/memfd.h', + 'linux/vm_sockets.h', ++ 'printf.h', + 'sys/auxv.h', + 'valgrind/memcheck.h', + 'valgrind/valgrind.h', +diff --git a/src/basic/meson.build b/src/basic/meson.build +index 7aae031d81..1aa9f5006d 100644 +--- a/src/basic/meson.build ++++ b/src/basic/meson.build +@@ -173,6 +173,11 @@ endforeach + + basic_sources += generated_gperf_headers + ++if conf.get('HAVE_PRINTF_H') != 1 ++ basic_sources += [files('parse-printf-format.c')] ++endif ++ ++ + ############################################################ + + arch_list = [ +diff --git a/src/basic/parse-printf-format.c b/src/basic/parse-printf-format.c +new file mode 100644 +index 0000000000..49437e5445 +--- /dev/null ++++ b/src/basic/parse-printf-format.c +@@ -0,0 +1,273 @@ ++/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ ++ ++/*** ++ This file is part of systemd. ++ ++ Copyright 2014 Emil Renner Berthing ++ ++ With parts from the musl C library ++ Copyright 2005-2014 Rich Felker, et al. ++ ++ systemd is free software; you can redistribute it and/or modify it ++ under the terms of the GNU Lesser General Public License as published by ++ the Free Software Foundation; either version 2.1 of the License, or ++ (at your option) any later version. ++ ++ systemd is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public License ++ along with systemd; If not, see . ++***/ ++ ++#include ++#include ++ ++#include "parse-printf-format.h" ++ ++static const char *consume_nonarg(const char *fmt) ++{ ++ do { ++ if (*fmt == '\0') ++ return fmt; ++ } while (*fmt++ != '%'); ++ return fmt; ++} ++ ++static const char *consume_num(const char *fmt) ++{ ++ for (;*fmt >= '0' && *fmt <= '9'; fmt++) ++ /* do nothing */; ++ return fmt; ++} ++ ++static const char *consume_argn(const char *fmt, size_t *arg) ++{ ++ const char *p = fmt; ++ size_t val = 0; ++ ++ if (*p < '1' || *p > '9') ++ return fmt; ++ do { ++ val = 10*val + (*p++ - '0'); ++ } while (*p >= '0' && *p <= '9'); ++ ++ if (*p != '$') ++ return fmt; ++ *arg = val; ++ return p+1; ++} ++ ++static const char *consume_flags(const char *fmt) ++{ ++ while (1) { ++ switch (*fmt) { ++ case '#': ++ case '0': ++ case '-': ++ case ' ': ++ case '+': ++ case '\'': ++ case 'I': ++ fmt++; ++ continue; ++ } ++ return fmt; ++ } ++} ++ ++enum state { ++ BARE, ++ LPRE, ++ LLPRE, ++ HPRE, ++ HHPRE, ++ BIGLPRE, ++ ZTPRE, ++ JPRE, ++ STOP ++}; ++ ++enum type { ++ NONE, ++ PTR, ++ INT, ++ UINT, ++ ULLONG, ++ LONG, ++ ULONG, ++ SHORT, ++ USHORT, ++ CHAR, ++ UCHAR, ++ LLONG, ++ SIZET, ++ IMAX, ++ UMAX, ++ PDIFF, ++ UIPTR, ++ DBL, ++ LDBL, ++ MAXTYPE ++}; ++ ++static const short pa_types[MAXTYPE] = { ++ [NONE] = PA_INT, ++ [PTR] = PA_POINTER, ++ [INT] = PA_INT, ++ [UINT] = PA_INT, ++ [ULLONG] = PA_INT | PA_FLAG_LONG_LONG, ++ [LONG] = PA_INT | PA_FLAG_LONG, ++ [ULONG] = PA_INT | PA_FLAG_LONG, ++ [SHORT] = PA_INT | PA_FLAG_SHORT, ++ [USHORT] = PA_INT | PA_FLAG_SHORT, ++ [CHAR] = PA_CHAR, ++ [UCHAR] = PA_CHAR, ++ [LLONG] = PA_INT | PA_FLAG_LONG_LONG, ++ [SIZET] = PA_INT | PA_FLAG_LONG, ++ [IMAX] = PA_INT | PA_FLAG_LONG_LONG, ++ [UMAX] = PA_INT | PA_FLAG_LONG_LONG, ++ [PDIFF] = PA_INT | PA_FLAG_LONG_LONG, ++ [UIPTR] = PA_INT | PA_FLAG_LONG, ++ [DBL] = PA_DOUBLE, ++ [LDBL] = PA_DOUBLE | PA_FLAG_LONG_DOUBLE ++}; ++ ++#define S(x) [(x)-'A'] ++#define E(x) (STOP + (x)) ++ ++static const unsigned char states[]['z'-'A'+1] = { ++ { /* 0: bare types */ ++ S('d') = E(INT), S('i') = E(INT), ++ S('o') = E(UINT),S('u') = E(UINT),S('x') = E(UINT), S('X') = E(UINT), ++ S('e') = E(DBL), S('f') = E(DBL), S('g') = E(DBL), S('a') = E(DBL), ++ S('E') = E(DBL), S('F') = E(DBL), S('G') = E(DBL), S('A') = E(DBL), ++ S('c') = E(CHAR),S('C') = E(INT), ++ S('s') = E(PTR), S('S') = E(PTR), S('p') = E(UIPTR),S('n') = E(PTR), ++ S('m') = E(NONE), ++ S('l') = LPRE, S('h') = HPRE, S('L') = BIGLPRE, ++ S('z') = ZTPRE, S('j') = JPRE, S('t') = ZTPRE ++ }, { /* 1: l-prefixed */ ++ S('d') = E(LONG), S('i') = E(LONG), ++ S('o') = E(ULONG),S('u') = E(ULONG),S('x') = E(ULONG),S('X') = E(ULONG), ++ S('e') = E(DBL), S('f') = E(DBL), S('g') = E(DBL), S('a') = E(DBL), ++ S('E') = E(DBL), S('F') = E(DBL), S('G') = E(DBL), S('A') = E(DBL), ++ S('c') = E(INT), S('s') = E(PTR), S('n') = E(PTR), ++ S('l') = LLPRE ++ }, { /* 2: ll-prefixed */ ++ S('d') = E(LLONG), S('i') = E(LLONG), ++ S('o') = E(ULLONG),S('u') = E(ULLONG), ++ S('x') = E(ULLONG),S('X') = E(ULLONG), ++ S('n') = E(PTR) ++ }, { /* 3: h-prefixed */ ++ S('d') = E(SHORT), S('i') = E(SHORT), ++ S('o') = E(USHORT),S('u') = E(USHORT), ++ S('x') = E(USHORT),S('X') = E(USHORT), ++ S('n') = E(PTR), ++ S('h') = HHPRE ++ }, { /* 4: hh-prefixed */ ++ S('d') = E(CHAR), S('i') = E(CHAR), ++ S('o') = E(UCHAR),S('u') = E(UCHAR), ++ S('x') = E(UCHAR),S('X') = E(UCHAR), ++ S('n') = E(PTR) ++ }, { /* 5: L-prefixed */ ++ S('e') = E(LDBL),S('f') = E(LDBL),S('g') = E(LDBL), S('a') = E(LDBL), ++ S('E') = E(LDBL),S('F') = E(LDBL),S('G') = E(LDBL), S('A') = E(LDBL), ++ S('n') = E(PTR) ++ }, { /* 6: z- or t-prefixed (assumed to be same size) */ ++ S('d') = E(PDIFF),S('i') = E(PDIFF), ++ S('o') = E(SIZET),S('u') = E(SIZET), ++ S('x') = E(SIZET),S('X') = E(SIZET), ++ S('n') = E(PTR) ++ }, { /* 7: j-prefixed */ ++ S('d') = E(IMAX), S('i') = E(IMAX), ++ S('o') = E(UMAX), S('u') = E(UMAX), ++ S('x') = E(UMAX), S('X') = E(UMAX), ++ S('n') = E(PTR) ++ } ++}; ++ ++size_t parse_printf_format(const char *fmt, size_t n, int *types) ++{ ++ size_t i = 0; ++ size_t last = 0; ++ ++ memset(types, 0, n); ++ ++ while (1) { ++ size_t arg; ++ unsigned int state; ++ ++ fmt = consume_nonarg(fmt); ++ if (*fmt == '\0') ++ break; ++ if (*fmt == '%') { ++ fmt++; ++ continue; ++ } ++ arg = 0; ++ fmt = consume_argn(fmt, &arg); ++ /* flags */ ++ fmt = consume_flags(fmt); ++ /* width */ ++ if (*fmt == '*') { ++ size_t warg = 0; ++ fmt = consume_argn(fmt+1, &warg); ++ if (warg == 0) ++ warg = ++i; ++ if (warg > last) ++ last = warg; ++ if (warg <= n && types[warg-1] == NONE) ++ types[warg-1] = INT; ++ } else ++ fmt = consume_num(fmt); ++ /* precision */ ++ if (*fmt == '.') { ++ fmt++; ++ if (*fmt == '*') { ++ size_t parg = 0; ++ fmt = consume_argn(fmt+1, &parg); ++ if (parg == 0) ++ parg = ++i; ++ if (parg > last) ++ last = parg; ++ if (parg <= n && types[parg-1] == NONE) ++ types[parg-1] = INT; ++ } else { ++ if (*fmt == '-') ++ fmt++; ++ fmt = consume_num(fmt); ++ } ++ } ++ /* length modifier and conversion specifier */ ++ state = BARE; ++ do { ++ unsigned char c = *fmt++; ++ ++ if (c < 'A' || c > 'z') ++ continue; ++ state = states[state]S(c); ++ if (state == 0) ++ continue; ++ } while (state < STOP); ++ ++ if (state == E(NONE)) ++ continue; ++ ++ if (arg == 0) ++ arg = ++i; ++ if (arg > last) ++ last = arg; ++ if (arg <= n) ++ types[arg-1] = state - STOP; ++ } ++ ++ if (last > n) ++ last = n; ++ for (i = 0; i < last; i++) ++ types[i] = pa_types[types[i]]; ++ ++ return last; ++} +diff --git a/src/basic/parse-printf-format.h b/src/basic/parse-printf-format.h +new file mode 100644 +index 0000000000..47be7522d7 +--- /dev/null ++++ b/src/basic/parse-printf-format.h +@@ -0,0 +1,57 @@ ++/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ ++ ++/*** ++ This file is part of systemd. ++ ++ Copyright 2014 Emil Renner Berthing ++ ++ With parts from the GNU C Library ++ Copyright 1991-2014 Free Software Foundation, Inc. ++ ++ systemd is free software; you can redistribute it and/or modify it ++ under the terms of the GNU Lesser General Public License as published by ++ the Free Software Foundation; either version 2.1 of the License, or ++ (at your option) any later version. ++ ++ systemd is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public License ++ along with systemd; If not, see . ++***/ ++ ++#pragma once ++ ++#include "config.h" ++ ++#if HAVE_PRINTF_H ++#include ++#else ++ ++#include ++ ++enum { /* C type: */ ++ PA_INT, /* int */ ++ PA_CHAR, /* int, cast to char */ ++ PA_WCHAR, /* wide char */ ++ PA_STRING, /* const char *, a '\0'-terminated string */ ++ PA_WSTRING, /* const wchar_t *, wide character string */ ++ PA_POINTER, /* void * */ ++ PA_FLOAT, /* float */ ++ PA_DOUBLE, /* double */ ++ PA_LAST ++}; ++ ++/* Flag bits that can be set in a type returned by `parse_printf_format'. */ ++#define PA_FLAG_MASK 0xff00 ++#define PA_FLAG_LONG_LONG (1 << 8) ++#define PA_FLAG_LONG_DOUBLE PA_FLAG_LONG_LONG ++#define PA_FLAG_LONG (1 << 9) ++#define PA_FLAG_SHORT (1 << 10) ++#define PA_FLAG_PTR (1 << 11) ++ ++size_t parse_printf_format(const char *fmt, size_t n, int *types); ++ ++#endif /* HAVE_PRINTF_H */ +diff --git a/src/basic/stdio-util.h b/src/basic/stdio-util.h +index 4e93ac90c9..f9deb6f662 100644 +--- a/src/basic/stdio-util.h ++++ b/src/basic/stdio-util.h +@@ -1,12 +1,12 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + #pragma once + +-#include + #include + #include + #include + + #include "macro.h" ++#include "parse-printf-format.h" + + _printf_(3, 4) + static inline char *snprintf_ok(char *buf, size_t len, const char *format, ...) { +diff --git a/src/libsystemd/sd-journal/journal-send.c b/src/libsystemd/sd-journal/journal-send.c +index 3b74d2246e..136ebcb153 100644 +--- a/src/libsystemd/sd-journal/journal-send.c ++++ b/src/libsystemd/sd-journal/journal-send.c +@@ -2,7 +2,6 @@ + + #include + #include +-#include + #include + #include + #include +@@ -25,6 +24,7 @@ + #include "stdio-util.h" + #include "string-util.h" + #include "tmpfile-util.h" ++#include "parse-printf-format.h" + + #define SNDBUF_SIZE (8*1024*1024) + +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0011-src-basic-missing.h-check-for-missing-strndupa.patch b/recipes-core/systemd/systemd/0011-src-basic-missing.h-check-for-missing-strndupa.patch new file mode 100644 index 0000000..bd5f6a6 --- /dev/null +++ b/recipes-core/systemd/systemd/0011-src-basic-missing.h-check-for-missing-strndupa.patch @@ -0,0 +1,683 @@ +From ee5c8b494a3269edd154a0b799a03b39dba2ceb0 Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Mon, 25 Feb 2019 14:18:21 +0800 +Subject: [PATCH] src/basic/missing.h: check for missing strndupa + +include missing.h for definition of strndupa + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Khem Raj +Signed-off-by: Chen Qi +[Rebased for v242] +Signed-off-by: Andrej Valek +[rebased for systemd 243] +Signed-off-by: Scott Murray +Signed-off-by: Alex Kiernan +[rebased for systemd 244] +[Rebased for v247] +Signed-off-by: Luca Boccassi +--- + meson.build | 1 + + src/backlight/backlight.c | 1 + + src/basic/cgroup-util.c | 1 + + src/basic/env-util.c | 1 + + src/basic/log.c | 1 + + src/basic/missing_stdlib.h | 12 ++++++++++++ + src/basic/mkdir.c | 1 + + src/basic/mountpoint-util.c | 1 + + src/basic/parse-util.c | 1 + + src/basic/path-lookup.c | 1 + + src/basic/percent-util.c | 1 + + src/basic/proc-cmdline.c | 1 + + src/basic/procfs-util.c | 1 + + src/basic/time-util.c | 1 + + src/boot/bless-boot.c | 1 + + src/core/dbus-cgroup.c | 1 + + src/core/dbus-execute.c | 1 + + src/core/dbus-util.c | 1 + + src/core/execute.c | 1 + + src/core/kmod-setup.c | 1 + + src/core/service.c | 1 + + src/coredump/coredump-vacuum.c | 1 + + src/fstab-generator/fstab-generator.c | 1 + + src/journal-remote/journal-remote-main.c | 1 + + src/journal/journalctl.c | 1 + + src/libsystemd/sd-bus/bus-message.c | 1 + + src/libsystemd/sd-bus/bus-objects.c | 1 + + src/libsystemd/sd-bus/bus-socket.c | 1 + + src/libsystemd/sd-bus/sd-bus.c | 1 + + src/libsystemd/sd-bus/test-bus-benchmark.c | 1 + + src/libsystemd/sd-journal/sd-journal.c | 1 + + src/login/pam_systemd.c | 1 + + src/network/generator/network-generator.c | 1 + + src/nspawn/nspawn-settings.c | 1 + + src/nss-mymachines/nss-mymachines.c | 1 + + src/portable/portable.c | 1 + + src/resolve/resolvectl.c | 1 + + src/shared/bus-get-properties.c | 1 + + src/shared/bus-unit-procs.c | 1 + + src/shared/bus-unit-util.c | 1 + + src/shared/bus-util.c | 1 + + src/shared/dns-domain.c | 1 + + src/shared/journal-importer.c | 1 + + src/shared/logs-show.c | 1 + + src/shared/pager.c | 1 + + src/socket-proxy/socket-proxyd.c | 1 + + src/test/test-hexdecoct.c | 1 + + src/udev/udev-builtin-path_id.c | 1 + + src/udev/udev-event.c | 1 + + src/udev/udev-rules.c | 1 + + 50 files changed, 61 insertions(+) + +diff --git a/meson.build b/meson.build +index fb96143c37..739b2f7f72 100644 +--- a/meson.build ++++ b/meson.build +@@ -574,6 +574,7 @@ foreach ident : ['secure_getenv', '__secure_getenv'] + endforeach + + foreach ident : [ ++ ['strndupa' , '''#include '''], + ['memfd_create', '''#include '''], + ['gettid', '''#include + #include '''], +diff --git a/src/backlight/backlight.c b/src/backlight/backlight.c +index e66477f328..2613d1e3f9 100644 +--- a/src/backlight/backlight.c ++++ b/src/backlight/backlight.c +@@ -19,6 +19,7 @@ + #include "string-util.h" + #include "strv.h" + #include "terminal-util.h" ++#include "missing_stdlib.h" + + #define PCI_CLASS_GRAPHICS_CARD 0x30000 + +diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c +index feda596939..11b4375ed5 100644 +--- a/src/basic/cgroup-util.c ++++ b/src/basic/cgroup-util.c +@@ -37,6 +37,7 @@ + #include "unit-name.h" + #include "user-util.h" + #include "xattr-util.h" ++#include "missing_stdlib.h" + + static int cg_enumerate_items(const char *controller, const char *path, FILE **_f, const char *item) { + _cleanup_free_ char *fs = NULL; +diff --git a/src/basic/env-util.c b/src/basic/env-util.c +index 55ac11a512..7ccb1d7887 100644 +--- a/src/basic/env-util.c ++++ b/src/basic/env-util.c +@@ -19,6 +19,7 @@ + #include "string-util.h" + #include "strv.h" + #include "utf8.h" ++#include "missing_stdlib.h" + + /* We follow bash for the character set. Different shells have different rules. */ + #define VALID_BASH_ENV_NAME_CHARS \ +diff --git a/src/basic/log.c b/src/basic/log.c +index fc5793139e..515218fca8 100644 +--- a/src/basic/log.c ++++ b/src/basic/log.c +@@ -39,6 +39,7 @@ + #include "terminal-util.h" + #include "time-util.h" + #include "utf8.h" ++#include "missing_stdlib.h" + + #define SNDBUF_SIZE (8*1024*1024) + #define IOVEC_MAX 128U +diff --git a/src/basic/missing_stdlib.h b/src/basic/missing_stdlib.h +index 8c76f93eb2..9068bfb4f0 100644 +--- a/src/basic/missing_stdlib.h ++++ b/src/basic/missing_stdlib.h +@@ -11,3 +11,15 @@ + # error "neither secure_getenv nor __secure_getenv are available" + # endif + #endif ++ ++/* string.h */ ++#if ! HAVE_STRNDUPA ++#define strndupa(s, n) \ ++ ({ \ ++ const char *__old = (s); \ ++ size_t __len = strnlen(__old, (n)); \ ++ char *__new = (char *)alloca(__len + 1); \ ++ __new[__len] = '\0'; \ ++ (char *)memcpy(__new, __old, __len); \ ++ }) ++#endif +diff --git a/src/basic/mkdir.c b/src/basic/mkdir.c +index 7ad19ee33b..cc1d5e1e5b 100644 +--- a/src/basic/mkdir.c ++++ b/src/basic/mkdir.c +@@ -15,6 +15,7 @@ + #include "stat-util.h" + #include "stdio-util.h" + #include "user-util.h" ++#include "missing_stdlib.h" + + int mkdirat_safe_internal( + int dir_fd, +diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c +index bc74fbef8f..cdb609bb84 100644 +--- a/src/basic/mountpoint-util.c ++++ b/src/basic/mountpoint-util.c +@@ -13,6 +13,7 @@ + #include "missing_stat.h" + #include "missing_syscall.h" + #include "mkdir.h" ++#include "missing_stdlib.h" + #include "mountpoint-util.h" + #include "nulstr-util.h" + #include "parse-util.h" +diff --git a/src/basic/parse-util.c b/src/basic/parse-util.c +index 3445d31307..d82b4415d9 100644 +--- a/src/basic/parse-util.c ++++ b/src/basic/parse-util.c +@@ -18,6 +18,7 @@ + #include "stat-util.h" + #include "string-util.h" + #include "strv.h" ++#include "missing_stdlib.h" + + int parse_boolean(const char *v) { + if (!v) +diff --git a/src/basic/path-lookup.c b/src/basic/path-lookup.c +index c99e9d8786..71a917a0b0 100644 +--- a/src/basic/path-lookup.c ++++ b/src/basic/path-lookup.c +@@ -16,6 +16,7 @@ + #include "strv.h" + #include "tmpfile-util.h" + #include "user-util.h" ++#include "missing_stdlib.h" + + int xdg_user_runtime_dir(char **ret, const char *suffix) { + const char *e; +diff --git a/src/basic/percent-util.c b/src/basic/percent-util.c +index cab9d0eaea..5f6ca258e9 100644 +--- a/src/basic/percent-util.c ++++ b/src/basic/percent-util.c +@@ -3,6 +3,7 @@ + #include "percent-util.h" + #include "string-util.h" + #include "parse-util.h" ++#include "missing_stdlib.h" + + static int parse_parts_value_whole(const char *p, const char *symbol) { + const char *pc, *n; +diff --git a/src/basic/proc-cmdline.c b/src/basic/proc-cmdline.c +index eea70d8606..ae3abd8402 100644 +--- a/src/basic/proc-cmdline.c ++++ b/src/basic/proc-cmdline.c +@@ -15,6 +15,7 @@ + #include "special.h" + #include "string-util.h" + #include "virt.h" ++#include "missing_stdlib.h" + + int proc_cmdline(char **ret) { + const char *e; +diff --git a/src/basic/procfs-util.c b/src/basic/procfs-util.c +index bcba5a5208..64a95dd866 100644 +--- a/src/basic/procfs-util.c ++++ b/src/basic/procfs-util.c +@@ -12,6 +12,7 @@ + #include "procfs-util.h" + #include "stdio-util.h" + #include "string-util.h" ++#include "missing_stdlib.h" + + int procfs_get_pid_max(uint64_t *ret) { + _cleanup_free_ char *value = NULL; +diff --git a/src/basic/time-util.c b/src/basic/time-util.c +index b700f364ef..48a26bcec9 100644 +--- a/src/basic/time-util.c ++++ b/src/basic/time-util.c +@@ -26,6 +26,7 @@ + #include "string-util.h" + #include "strv.h" + #include "time-util.h" ++#include "missing_stdlib.h" + + static clockid_t map_clock_id(clockid_t c) { + +diff --git a/src/boot/bless-boot.c b/src/boot/bless-boot.c +index 59f02b761a..7496646350 100644 +--- a/src/boot/bless-boot.c ++++ b/src/boot/bless-boot.c +@@ -22,6 +22,7 @@ + #include "terminal-util.h" + #include "verbs.h" + #include "virt.h" ++#include "missing_stdlib.h" + + static char **arg_path = NULL; + +diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c +index b5484eda78..54ed62c790 100644 +--- a/src/core/dbus-cgroup.c ++++ b/src/core/dbus-cgroup.c +@@ -21,6 +21,7 @@ + #include "parse-util.h" + #include "path-util.h" + #include "percent-util.h" ++#include "missing_stdlib.h" + #include "socket-util.h" + + BUS_DEFINE_PROPERTY_GET(bus_property_get_tasks_max, "t", TasksMax, tasks_max_resolve); +diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c +index f514b8fd12..4febd0d496 100644 +--- a/src/core/dbus-execute.c ++++ b/src/core/dbus-execute.c +@@ -45,6 +45,7 @@ + #include "unit-printf.h" + #include "user-util.h" + #include "utf8.h" ++#include "missing_stdlib.h" + + BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_exec_output, exec_output, ExecOutput); + static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_input, exec_input, ExecInput); +diff --git a/src/core/dbus-util.c b/src/core/dbus-util.c +index edfa0eb69a..6fd2ec9062 100644 +--- a/src/core/dbus-util.c ++++ b/src/core/dbus-util.c +@@ -9,6 +9,7 @@ + #include "unit-printf.h" + #include "user-util.h" + #include "unit.h" ++#include "missing_stdlib.h" + + int bus_property_get_triggered_unit( + sd_bus *bus, +diff --git a/src/core/execute.c b/src/core/execute.c +index 853e87450f..8ef76de9ab 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -105,6 +105,7 @@ + #include "unit-serialize.h" + #include "user-util.h" + #include "utmp-wtmp.h" ++#include "missing_stdlib.h" + + #define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC) + #define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC) +diff --git a/src/core/kmod-setup.c b/src/core/kmod-setup.c +index e843743777..e149807492 100644 +--- a/src/core/kmod-setup.c ++++ b/src/core/kmod-setup.c +@@ -12,6 +12,7 @@ + #include "recurse-dir.h" + #include "string-util.h" + #include "virt.h" ++#include "missing_stdlib.h" + + #if HAVE_KMOD + #include "module-util.h" +diff --git a/src/core/service.c b/src/core/service.c +index 9ad3c3d995..b112d64919 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -42,6 +42,7 @@ + #include "unit-name.h" + #include "unit.h" + #include "utf8.h" ++#include "missing_stdlib.h" + + #define service_spawn(...) service_spawn_internal(__func__, __VA_ARGS__) + +diff --git a/src/coredump/coredump-vacuum.c b/src/coredump/coredump-vacuum.c +index c6e201ecf2..ab034475e2 100644 +--- a/src/coredump/coredump-vacuum.c ++++ b/src/coredump/coredump-vacuum.c +@@ -17,6 +17,7 @@ + #include "string-util.h" + #include "time-util.h" + #include "user-util.h" ++#include "missing_stdlib.h" + + #define DEFAULT_MAX_USE_LOWER (uint64_t) (1ULL*1024ULL*1024ULL) /* 1 MiB */ + #define DEFAULT_MAX_USE_UPPER (uint64_t) (4ULL*1024ULL*1024ULL*1024ULL) /* 4 GiB */ +diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c +index efc553b698..acea922311 100644 +--- a/src/fstab-generator/fstab-generator.c ++++ b/src/fstab-generator/fstab-generator.c +@@ -33,6 +33,7 @@ + #include "unit-name.h" + #include "virt.h" + #include "volatile-util.h" ++#include "missing_stdlib.h" + + typedef enum MountPointFlags { + MOUNT_NOAUTO = 1 << 0, +diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c +index 7df264fb53..9463a0e9fb 100644 +--- a/src/journal-remote/journal-remote-main.c ++++ b/src/journal-remote/journal-remote-main.c +@@ -25,6 +25,7 @@ + #include "stat-util.h" + #include "string-table.h" + #include "strv.h" ++#include "missing_stdlib.h" + + #define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-remote.pem" + #define CERT_FILE CERTIFICATE_ROOT "/certs/journal-remote.pem" +diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c +index da0fac548e..c1c043e0e0 100644 +--- a/src/journal/journalctl.c ++++ b/src/journal/journalctl.c +@@ -72,6 +72,7 @@ + #include "unit-name.h" + #include "user-util.h" + #include "varlink.h" ++#include "missing_stdlib.h" + + #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE) + #define PROCESS_INOTIFY_INTERVAL 1024 /* Every 1,024 messages processed */ +diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c +index 9719f97c02..75decd9834 100644 +--- a/src/libsystemd/sd-bus/bus-message.c ++++ b/src/libsystemd/sd-bus/bus-message.c +@@ -19,6 +19,7 @@ + #include "strv.h" + #include "time-util.h" + #include "utf8.h" ++#include "missing_stdlib.h" + + static int message_append_basic(sd_bus_message *m, char type, const void *p, const void **stored); + static int message_parse_fields(sd_bus_message *m); +diff --git a/src/libsystemd/sd-bus/bus-objects.c b/src/libsystemd/sd-bus/bus-objects.c +index 2ad7a9993d..bba72f99f4 100644 +--- a/src/libsystemd/sd-bus/bus-objects.c ++++ b/src/libsystemd/sd-bus/bus-objects.c +@@ -11,6 +11,7 @@ + #include "missing_capability.h" + #include "string-util.h" + #include "strv.h" ++#include "missing_stdlib.h" + + static int node_vtable_get_userdata( + sd_bus *bus, +diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c +index 64037e4fe0..9b9ce0aaa9 100644 +--- a/src/libsystemd/sd-bus/bus-socket.c ++++ b/src/libsystemd/sd-bus/bus-socket.c +@@ -27,6 +27,7 @@ + #include "string-util.h" + #include "user-util.h" + #include "utf8.h" ++#include "missing_stdlib.h" + + #define SNDBUF_SIZE (8*1024*1024) + +diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +index f6a5e4aa06..b36faa79a3 100644 +--- a/src/libsystemd/sd-bus/sd-bus.c ++++ b/src/libsystemd/sd-bus/sd-bus.c +@@ -44,6 +44,7 @@ + #include "string-util.h" + #include "strv.h" + #include "user-util.h" ++#include "missing_stdlib.h" + + #define log_debug_bus_message(m) \ + do { \ +diff --git a/src/libsystemd/sd-bus/test-bus-benchmark.c b/src/libsystemd/sd-bus/test-bus-benchmark.c +index 1eb6edd329..d434a3c178 100644 +--- a/src/libsystemd/sd-bus/test-bus-benchmark.c ++++ b/src/libsystemd/sd-bus/test-bus-benchmark.c +@@ -13,6 +13,7 @@ + #include "missing_resource.h" + #include "string-util.h" + #include "time-util.h" ++#include "missing_stdlib.h" + + #define MAX_SIZE (2*1024*1024) + +diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c +index 9947947ef2..8dc6f93159 100644 +--- a/src/libsystemd/sd-journal/sd-journal.c ++++ b/src/libsystemd/sd-journal/sd-journal.c +@@ -41,6 +41,7 @@ + #include "string-util.h" + #include "strv.h" + #include "syslog-util.h" ++#include "missing_stdlib.h" + + #define JOURNAL_FILES_RECHECK_USEC (2 * USEC_PER_SEC) + +diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c +index ba2fca32c6..e1f9caa13b 100644 +--- a/src/login/pam_systemd.c ++++ b/src/login/pam_systemd.c +@@ -32,6 +32,7 @@ + #include "locale-util.h" + #include "login-util.h" + #include "macro.h" ++#include "missing_stdlib.h" + #include "pam-util.h" + #include "parse-util.h" + #include "path-util.h" +diff --git a/src/network/generator/network-generator.c b/src/network/generator/network-generator.c +index 1090934bfc..69a77f66e2 100644 +--- a/src/network/generator/network-generator.c ++++ b/src/network/generator/network-generator.c +@@ -13,6 +13,7 @@ + #include "string-table.h" + #include "string-util.h" + #include "strv.h" ++#include "missing_stdlib.h" + + /* + # .network +diff --git a/src/nspawn/nspawn-settings.c b/src/nspawn/nspawn-settings.c +index 05bde1c756..aa29587868 100644 +--- a/src/nspawn/nspawn-settings.c ++++ b/src/nspawn/nspawn-settings.c +@@ -16,6 +16,7 @@ + #include "string-util.h" + #include "strv.h" + #include "user-util.h" ++#include "missing_stdlib.h" + + Settings *settings_new(void) { + Settings *s; +diff --git a/src/nss-mymachines/nss-mymachines.c b/src/nss-mymachines/nss-mymachines.c +index c64e79bdff..eda26b0b9a 100644 +--- a/src/nss-mymachines/nss-mymachines.c ++++ b/src/nss-mymachines/nss-mymachines.c +@@ -21,6 +21,7 @@ + #include "nss-util.h" + #include "signal-util.h" + #include "string-util.h" ++#include "missing_stdlib.h" + + static void setup_logging_once(void) { + static pthread_once_t once = PTHREAD_ONCE_INIT; +diff --git a/src/portable/portable.c b/src/portable/portable.c +index 7811833fac..c6414da91c 100644 +--- a/src/portable/portable.c ++++ b/src/portable/portable.c +@@ -39,6 +39,7 @@ + #include "strv.h" + #include "tmpfile-util.h" + #include "user-util.h" ++#include "missing_stdlib.h" + + /* Markers used in the first line of our 20-portable.conf unit file drop-in to determine, that a) the unit file was + * dropped there by the portable service logic and b) for which image it was dropped there. */ +diff --git a/src/resolve/resolvectl.c b/src/resolve/resolvectl.c +index 2638e985fb..82c903fd66 100644 +--- a/src/resolve/resolvectl.c ++++ b/src/resolve/resolvectl.c +@@ -48,6 +48,7 @@ + #include "varlink.h" + #include "verb-log-control.h" + #include "verbs.h" ++#include "missing_stdlib.h" + + static int arg_family = AF_UNSPEC; + static int arg_ifindex = 0; +diff --git a/src/shared/bus-get-properties.c b/src/shared/bus-get-properties.c +index 8b4f66b22e..5926e4c61b 100644 +--- a/src/shared/bus-get-properties.c ++++ b/src/shared/bus-get-properties.c +@@ -4,6 +4,7 @@ + #include "rlimit-util.h" + #include "stdio-util.h" + #include "string-util.h" ++#include "missing_stdlib.h" + + int bus_property_get_bool( + sd_bus *bus, +diff --git a/src/shared/bus-unit-procs.c b/src/shared/bus-unit-procs.c +index 8b462b5627..183ce1c18e 100644 +--- a/src/shared/bus-unit-procs.c ++++ b/src/shared/bus-unit-procs.c +@@ -11,6 +11,7 @@ + #include "sort-util.h" + #include "string-util.h" + #include "terminal-util.h" ++#include "missing_stdlib.h" + + struct CGroupInfo { + char *cgroup_path; +diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c +index 1e95e36678..640ee031d5 100644 +--- a/src/shared/bus-unit-util.c ++++ b/src/shared/bus-unit-util.c +@@ -50,6 +50,7 @@ + #include "unit-def.h" + #include "user-util.h" + #include "utf8.h" ++#include "missing_stdlib.h" + + int bus_parse_unit_info(sd_bus_message *message, UnitInfo *u) { + assert(message); +diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c +index d09ec5148d..f38a8f7cc1 100644 +--- a/src/shared/bus-util.c ++++ b/src/shared/bus-util.c +@@ -21,6 +21,7 @@ + #include "path-util.h" + #include "socket-util.h" + #include "stdio-util.h" ++#include "missing_stdlib.h" + + static int name_owner_change_callback(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) { + sd_event *e = ASSERT_PTR(userdata); +diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c +index 620b156563..5ee5b09186 100644 +--- a/src/shared/dns-domain.c ++++ b/src/shared/dns-domain.c +@@ -18,6 +18,7 @@ + #include "string-util.h" + #include "strv.h" + #include "utf8.h" ++#include "missing_stdlib.h" + + int dns_label_unescape(const char **name, char *dest, size_t sz, DNSLabelFlags flags) { + const char *n; +diff --git a/src/shared/journal-importer.c b/src/shared/journal-importer.c +index d9eabec886..534c6cf7e3 100644 +--- a/src/shared/journal-importer.c ++++ b/src/shared/journal-importer.c +@@ -15,6 +15,7 @@ + #include "parse-util.h" + #include "string-util.h" + #include "unaligned.h" ++#include "missing_stdlib.h" + + enum { + IMPORTER_STATE_LINE = 0, /* waiting to read, or reading line */ +diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c +index b72e516c8d..6e832b74c3 100644 +--- a/src/shared/logs-show.c ++++ b/src/shared/logs-show.c +@@ -41,6 +41,7 @@ + #include "time-util.h" + #include "utf8.h" + #include "web-util.h" ++#include "missing_stdlib.h" + + /* up to three lines (each up to 100 characters) or 300 characters, whichever is less */ + #define PRINT_LINE_THRESHOLD 3 +diff --git a/src/shared/pager.c b/src/shared/pager.c +index 6ed35a3ca9..99d9d36140 100644 +--- a/src/shared/pager.c ++++ b/src/shared/pager.c +@@ -25,6 +25,7 @@ + #include "string-util.h" + #include "strv.h" + #include "terminal-util.h" ++#include "missing_stdlib.h" + + static pid_t pager_pid = 0; + +diff --git a/src/socket-proxy/socket-proxyd.c b/src/socket-proxy/socket-proxyd.c +index 821049e667..08a5bdae3d 100644 +--- a/src/socket-proxy/socket-proxyd.c ++++ b/src/socket-proxy/socket-proxyd.c +@@ -26,6 +26,7 @@ + #include "set.h" + #include "socket-util.h" + #include "string-util.h" ++#include "missing_stdlib.h" + + #define BUFFER_SIZE (256 * 1024) + +diff --git a/src/test/test-hexdecoct.c b/src/test/test-hexdecoct.c +index 9d71db6ae1..a9938c1e6e 100644 +--- a/src/test/test-hexdecoct.c ++++ b/src/test/test-hexdecoct.c +@@ -7,6 +7,7 @@ + #include "macro.h" + #include "random-util.h" + #include "string-util.h" ++#include "missing_stdlib.h" + #include "tests.h" + + TEST(hexchar) { +diff --git a/src/udev/udev-builtin-path_id.c b/src/udev/udev-builtin-path_id.c +index 8e4d57ee72..6b4555b4d5 100644 +--- a/src/udev/udev-builtin-path_id.c ++++ b/src/udev/udev-builtin-path_id.c +@@ -22,6 +22,7 @@ + #include "sysexits.h" + #include "udev-builtin.h" + #include "udev-util.h" ++#include "missing_stdlib.h" + + _printf_(2,3) + static void path_prepend(char **path, const char *fmt, ...) { +diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c +index ec4ad30824..bc40303a46 100644 +--- a/src/udev/udev-event.c ++++ b/src/udev/udev-event.c +@@ -34,6 +34,7 @@ + #include "udev-util.h" + #include "udev-watch.h" + #include "user-util.h" ++#include "missing_stdlib.h" + + typedef struct Spawn { + sd_device *device; +diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c +index 5bd09a64d1..0ce79f815c 100644 +--- a/src/udev/udev-rules.c ++++ b/src/udev/udev-rules.c +@@ -34,6 +34,7 @@ + #include "udev-util.h" + #include "user-util.h" + #include "virt.h" ++#include "missing_stdlib.h" + + #define RULES_DIRS (const char* const*) CONF_PATHS_STRV("udev/rules.d") + +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0011-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch b/recipes-core/systemd/systemd/0011-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch new file mode 100644 index 0000000..1074866 --- /dev/null +++ b/recipes-core/systemd/systemd/0011-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch @@ -0,0 +1,39 @@ +From e8025c8eefdf1be4bba34c48f3430838f3859c52 Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Wed, 28 Feb 2018 21:25:22 -0800 +Subject: [PATCH] test-sizeof.c: Disable tests for missing typedefs in musl + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Khem Raj +Signed-off-by: Chen Qi + +--- + src/test/test-sizeof.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/test/test-sizeof.c b/src/test/test-sizeof.c +index f349852553..602772227e 100644 +--- a/src/test/test-sizeof.c ++++ b/src/test/test-sizeof.c +@@ -55,8 +55,10 @@ int main(void) { + info(unsigned); + info(unsigned long); + info(unsigned long long); ++#ifdef __GLIBC__ + info(__syscall_ulong_t); + info(__syscall_slong_t); ++#endif + info(intmax_t); + info(uintmax_t); + +@@ -76,7 +78,9 @@ int main(void) { + info(ssize_t); + info(time_t); + info(usec_t); ++#ifdef __GLIBC__ + info(__time_t); ++#endif + info(pid_t); + info(uid_t); + info(gid_t); diff --git a/recipes-core/systemd/systemd/0012-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch b/recipes-core/systemd/systemd/0012-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch new file mode 100644 index 0000000..b86cc42 --- /dev/null +++ b/recipes-core/systemd/systemd/0012-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch @@ -0,0 +1,155 @@ +From 747ff78ecda6afe01c7eab4d7c27aea6af810c86 Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Mon, 25 Feb 2019 14:56:21 +0800 +Subject: [PATCH] don't fail if GLOB_BRACE and GLOB_ALTDIRFUNC is not defined + +If the standard library doesn't provide brace +expansion users just won't get it. + +Dont use GNU GLOB extentions on non-glibc systems + +Conditionalize use of GLOB_ALTDIRFUNC + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Khem Raj +Signed-off-by: Chen Qi +[rebased for systemd 243] +Signed-off-by: Scott Murray +--- + src/basic/glob-util.c | 12 ++++++++++++ + src/test/test-glob-util.c | 16 ++++++++++++++++ + src/tmpfiles/tmpfiles.c | 10 ++++++++++ + 3 files changed, 38 insertions(+) + +diff --git a/src/basic/glob-util.c b/src/basic/glob-util.c +index fd60a6eda2..c73edc41ea 100644 +--- a/src/basic/glob-util.c ++++ b/src/basic/glob-util.c +@@ -12,6 +12,12 @@ + #include "path-util.h" + #include "strv.h" + ++/* Don't fail if the standard library ++ * doesn't provide brace expansion */ ++#ifndef GLOB_BRACE ++#define GLOB_BRACE 0 ++#endif ++ + static void closedir_wrapper(void* v) { + (void) closedir(v); + } +@@ -19,6 +25,7 @@ static void closedir_wrapper(void* v) { + int safe_glob(const char *path, int flags, glob_t *pglob) { + int k; + ++#ifdef GLOB_ALTDIRFUNC + /* We want to set GLOB_ALTDIRFUNC ourselves, don't allow it to be set. */ + assert(!(flags & GLOB_ALTDIRFUNC)); + +@@ -32,9 +39,14 @@ int safe_glob(const char *path, int flags, glob_t *pglob) { + pglob->gl_lstat = lstat; + if (!pglob->gl_stat) + pglob->gl_stat = stat; ++#endif + + errno = 0; ++#ifdef GLOB_ALTDIRFUNC + k = glob(path, flags | GLOB_ALTDIRFUNC, NULL, pglob); ++#else ++ k = glob(path, flags, NULL, pglob); ++#endif + if (k == GLOB_NOMATCH) + return -ENOENT; + if (k == GLOB_NOSPACE) +diff --git a/src/test/test-glob-util.c b/src/test/test-glob-util.c +index 9b3e73cce0..3790ba3be5 100644 +--- a/src/test/test-glob-util.c ++++ b/src/test/test-glob-util.c +@@ -34,6 +34,12 @@ TEST(glob_first) { + assert_se(first == NULL); + } + ++/* Don't fail if the standard library ++ * doesn't provide brace expansion */ ++#ifndef GLOB_BRACE ++#define GLOB_BRACE 0 ++#endif ++ + TEST(glob_exists) { + char name[] = "/tmp/test-glob_exists.XXXXXX"; + int fd = -EBADF; +@@ -61,11 +67,13 @@ TEST(glob_no_dot) { + const char *fn; + + _cleanup_globfree_ glob_t g = { ++#ifdef GLOB_ALTDIRFUNC + .gl_closedir = closedir_wrapper, + .gl_readdir = (struct dirent *(*)(void *)) readdir_no_dot, + .gl_opendir = (void *(*)(const char *)) opendir, + .gl_lstat = lstat, + .gl_stat = stat, ++#endif + }; + + int r; +@@ -73,11 +81,19 @@ TEST(glob_no_dot) { + assert_se(mkdtemp(template)); + + fn = strjoina(template, "/*"); ++#ifdef GLOB_ALTDIRFUNC + r = glob(fn, GLOB_NOSORT|GLOB_BRACE|GLOB_ALTDIRFUNC, NULL, &g); ++#else ++ r = glob(fn, GLOB_NOSORT|GLOB_BRACE, NULL, &g); ++#endif + assert_se(r == GLOB_NOMATCH); + + fn = strjoina(template, "/.*"); ++#ifdef GLOB_ALTDIRFUNC + r = glob(fn, GLOB_NOSORT|GLOB_BRACE|GLOB_ALTDIRFUNC, NULL, &g); ++#else ++ r = glob(fn, GLOB_NOSORT|GLOB_BRACE, NULL, &g); ++#endif + assert_se(r == GLOB_NOMATCH); + + (void) rm_rf(template, REMOVE_ROOT|REMOVE_PHYSICAL); +diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c +index 458aed7054..2cf24b38c0 100644 +--- a/src/tmpfiles/tmpfiles.c ++++ b/src/tmpfiles/tmpfiles.c +@@ -73,6 +73,12 @@ + #include "user-util.h" + #include "virt.h" + ++/* Don't fail if the standard library ++ * doesn't provide brace expansion */ ++#ifndef GLOB_BRACE ++#define GLOB_BRACE 0 ++#endif ++ + /* This reads all files listed in /etc/tmpfiles.d/?*.conf and creates + * them in the file system. This is intended to be used to create + * properly owned directories beneath /tmp, /var/tmp, /run, which are +@@ -2194,7 +2200,9 @@ finish: + + static int glob_item(Item *i, action_t action) { + _cleanup_globfree_ glob_t g = { ++#ifdef GLOB_ALTDIRFUNC + .gl_opendir = (void *(*)(const char *)) opendir_nomod, ++#endif + }; + int r = 0, k; + +@@ -2214,7 +2222,9 @@ static int glob_item(Item *i, action_t action) { + + static int glob_item_recursively(Item *i, fdaction_t action) { + _cleanup_globfree_ glob_t g = { ++#ifdef GLOB_ALTDIRFUNC + .gl_opendir = (void *(*)(const char *)) opendir_nomod, ++#endif + }; + int r = 0, k; + +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0012-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch b/recipes-core/systemd/systemd/0012-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch new file mode 100644 index 0000000..e1a2512 --- /dev/null +++ b/recipes-core/systemd/systemd/0012-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch @@ -0,0 +1,97 @@ +From 46fdc959257d60d9b32953cae0152ae118f8564b Mon Sep 17 00:00:00 2001 +From: Andre McCurdy +Date: Tue, 10 Oct 2017 14:33:30 -0700 +Subject: [PATCH] don't pass AT_SYMLINK_NOFOLLOW flag to faccessat() + +Avoid using AT_SYMLINK_NOFOLLOW flag. It doesn't seem like the right +thing to do and it's not portable (not supported by musl). See: + + http://lists.landley.net/pipermail/toybox-landley.net/2014-September/003610.html + http://www.openwall.com/lists/musl/2015/02/05/2 + +Note that laccess() is never passing AT_EACCESS so a lot of the +discussion in the links above doesn't apply. Note also that +(currently) all systemd callers of laccess() pass mode as F_OK, so +only check for existence of a file, not access permissions. +Therefore, in this case, the only distiction between faccessat() +with (flag == 0) and (flag == AT_SYMLINK_NOFOLLOW) is the behaviour +for broken symlinks; laccess() on a broken symlink will succeed with +(flag == AT_SYMLINK_NOFOLLOW) and fail (flag == 0). + +The laccess() macros was added to systemd some time ago and it's not +clear if or why it needs to return success for broken symlinks. Maybe +just historical and not actually necessary or desired behaviour? + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Andre McCurdy + +--- + src/basic/fs-util.h | 21 ++++++++++++++++++++- + src/shared/base-filesystem.c | 6 +++--- + 2 files changed, 23 insertions(+), 4 deletions(-) + +diff --git a/src/basic/fs-util.h b/src/basic/fs-util.h +index 0bbb3f6298..3dc494dbfb 100644 +--- a/src/basic/fs-util.h ++++ b/src/basic/fs-util.h +@@ -46,8 +46,27 @@ int futimens_opath(int fd, const struct timespec ts[2]); + int fd_warn_permissions(const char *path, int fd); + int stat_warn_permissions(const char *path, const struct stat *st); + ++/* ++ Avoid using AT_SYMLINK_NOFOLLOW flag. It doesn't seem like the right thing to ++ do and it's not portable (not supported by musl). See: ++ ++ http://lists.landley.net/pipermail/toybox-landley.net/2014-September/003610.html ++ http://www.openwall.com/lists/musl/2015/02/05/2 ++ ++ Note that laccess() is never passing AT_EACCESS so a lot of the discussion in ++ the links above doesn't apply. Note also that (currently) all systemd callers ++ of laccess() pass mode as F_OK, so only check for existence of a file, not ++ access permissions. Therefore, in this case, the only distiction between ++ faccessat() with (flag == 0) and (flag == AT_SYMLINK_NOFOLLOW) is the ++ behaviour for broken symlinks; laccess() on a broken symlink will succeed ++ with (flag == AT_SYMLINK_NOFOLLOW) and fail (flag == 0). ++ ++ The laccess() macros was added to systemd some time ago and it's not clear if ++ or why it needs to return success for broken symlinks. Maybe just historical ++ and not actually necessary or desired behaviour? ++*/ + #define laccess(path, mode) \ +- RET_NERRNO(faccessat(AT_FDCWD, (path), (mode), AT_SYMLINK_NOFOLLOW)) ++ RET_NERRNO(faccessat(AT_FDCWD, (path), (mode), 0)) + + int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gid, mode_t mode); + int touch(const char *path); +diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c +index 6dacc1d20a..909a6818f6 100644 +--- a/src/shared/base-filesystem.c ++++ b/src/shared/base-filesystem.c +@@ -131,7 +131,7 @@ int base_filesystem_create(const char *root, uid_t uid, gid_t gid) { + return log_error_errno(errno, "Failed to open root file system: %m"); + + for (size_t i = 0; i < ELEMENTSOF(table); i++) { +- if (faccessat(fd, table[i].dir, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) ++ if (faccessat(fd, table[i].dir, F_OK, 0) >= 0) + continue; + + if (table[i].target) { +@@ -139,7 +139,7 @@ int base_filesystem_create(const char *root, uid_t uid, gid_t gid) { + + /* check if one of the targets exists */ + NULSTR_FOREACH(s, table[i].target) { +- if (faccessat(fd, s, F_OK, AT_SYMLINK_NOFOLLOW) < 0) ++ if (faccessat(fd, s, F_OK, 0) < 0) + continue; + + /* check if a specific file exists at the target path */ +@@ -150,7 +150,7 @@ int base_filesystem_create(const char *root, uid_t uid, gid_t gid) { + if (!p) + return log_oom(); + +- if (faccessat(fd, p, F_OK, AT_SYMLINK_NOFOLLOW) < 0) ++ if (faccessat(fd, p, F_OK, 0) < 0) + continue; + } + diff --git a/recipes-core/systemd/systemd/0013-Define-glibc-compatible-basename-for-non-glibc-syste.patch b/recipes-core/systemd/systemd/0013-Define-glibc-compatible-basename-for-non-glibc-syste.patch new file mode 100644 index 0000000..7b22d62 --- /dev/null +++ b/recipes-core/systemd/systemd/0013-Define-glibc-compatible-basename-for-non-glibc-syste.patch @@ -0,0 +1,32 @@ +From d0bdce977b7acc5e45e82cf84256c4bedc0e74c4 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Sun, 27 May 2018 08:36:44 -0700 +Subject: [PATCH] Define glibc compatible basename() for non-glibc systems + +Fixes builds with musl, even though systemd is adamant about +using non-posix basename implementation, we have a way out + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Khem Raj + +--- + src/machine/machine-dbus.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c +index 8f11afd65b..a2b57deb7a 100644 +--- a/src/machine/machine-dbus.c ++++ b/src/machine/machine-dbus.c +@@ -10,6 +10,11 @@ + #include + #undef basename + ++#if !defined(__GLIBC__) ++#include ++#define basename(src) (strrchr(src,'/') ? strrchr(src,'/')+1 : src) ++#endif ++ + #include "alloc-util.h" + #include "bus-common-errors.h" + #include "bus-get-properties.h" diff --git a/recipes-core/systemd/systemd/0013-add-missing-FTW_-macros-for-musl.patch b/recipes-core/systemd/systemd/0013-add-missing-FTW_-macros-for-musl.patch new file mode 100644 index 0000000..d6aaadc --- /dev/null +++ b/recipes-core/systemd/systemd/0013-add-missing-FTW_-macros-for-musl.patch @@ -0,0 +1,44 @@ +From efd7b41cf270c7b07ee3b9aec0fedd8e52dd422f Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Mon, 25 Feb 2019 15:00:06 +0800 +Subject: [PATCH] add missing FTW_ macros for musl + +This is to avoid build failures like below for musl. + + locale-util.c:296:24: error: 'FTW_STOP' undeclared + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Chen Qi +--- + src/basic/missing_type.h | 4 ++++ + src/test/test-recurse-dir.c | 1 + + 2 files changed, 5 insertions(+) + +diff --git a/src/basic/missing_type.h b/src/basic/missing_type.h +index 6c0456349d..73a5b90e3c 100644 +--- a/src/basic/missing_type.h ++++ b/src/basic/missing_type.h +@@ -14,3 +14,7 @@ + #ifndef __GLIBC__ + typedef int (*comparison_fn_t)(const void *, const void *); + #endif ++ ++#ifndef FTW_CONTINUE ++#define FTW_CONTINUE 0 ++#endif +diff --git a/src/test/test-recurse-dir.c b/src/test/test-recurse-dir.c +index 2c2120b136..bc60a178a2 100644 +--- a/src/test/test-recurse-dir.c ++++ b/src/test/test-recurse-dir.c +@@ -6,6 +6,7 @@ + #include "recurse-dir.h" + #include "strv.h" + #include "tests.h" ++#include "missing_type.h" + + static char **list_nftw = NULL; + +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0014-Do-not-disable-buffering-when-writing-to-oom_score_a.patch b/recipes-core/systemd/systemd/0014-Do-not-disable-buffering-when-writing-to-oom_score_a.patch new file mode 100644 index 0000000..e5e592a --- /dev/null +++ b/recipes-core/systemd/systemd/0014-Do-not-disable-buffering-when-writing-to-oom_score_a.patch @@ -0,0 +1,39 @@ +From e480d28305907c3874f4e58b722b8aa43c3ac7a2 Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Wed, 4 Jul 2018 15:00:44 +0800 +Subject: [PATCH] Do not disable buffering when writing to oom_score_adj + +On musl, disabling buffering when writing to oom_score_adj will +cause the following error. + + Failed to adjust OOM setting: Invalid argument + +This error appears for systemd-udevd.service and dbus.service. +This is because kernel receives '-' instead of the whole '-900' +if buffering is disabled. + +This is libc implementation specific, as glibc does not have this issue. + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Chen Qi +[rebased for systemd 243] +Signed-off-by: Scott Murray + +--- + src/basic/process-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/process-util.c b/src/basic/process-util.c +index 6980e0c4f6..45ec26ea45 100644 +--- a/src/basic/process-util.c ++++ b/src/basic/process-util.c +@@ -1460,7 +1460,7 @@ int set_oom_score_adjust(int value) { + xsprintf(t, "%i", value); + + return write_string_file("/proc/self/oom_score_adj", t, +- WRITE_STRING_FILE_VERIFY_ON_FAILURE|WRITE_STRING_FILE_DISABLE_BUFFER); ++ WRITE_STRING_FILE_VERIFY_ON_FAILURE); + } + + int get_oom_score_adjust(int *ret) { diff --git a/recipes-core/systemd/systemd/0014-Use-uintmax_t-for-handling-rlim_t.patch b/recipes-core/systemd/systemd/0014-Use-uintmax_t-for-handling-rlim_t.patch new file mode 100644 index 0000000..f586d3f --- /dev/null +++ b/recipes-core/systemd/systemd/0014-Use-uintmax_t-for-handling-rlim_t.patch @@ -0,0 +1,106 @@ +From 60f7d2c62bc3718023df93c01688d3ee1625d64d Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Mon, 25 Feb 2019 15:12:41 +0800 +Subject: [PATCH] Use uintmax_t for handling rlim_t + +PRIu{32,64} is not right format to represent rlim_t type +therefore use %ju and typecast the rlim_t variables to +uintmax_t. + +Fixes portablility errors like + +execute.c:3446:36: error: format '%lu' expects argument of type 'long unsigned int', but argument 5 has type 'rlim_t {aka long long unsigned int}' [-Werror=format=] +| fprintf(f, "%s%s: " RLIM_FMT "\n", +| ^~~~~~~~ +| prefix, rlimit_to_string(i), c->rlimit[i]->rlim_max); +| ~~~~~~~~~~~~~~~~~~~~~~ + +Upstream-Status: Denied [https://github.com/systemd/systemd/pull/7199] + +Signed-off-by: Khem Raj +[Rebased for v241] +Signed-off-by: Chen Qi +--- + src/basic/format-util.h | 8 +------- + src/basic/rlimit-util.c | 12 ++++++------ + src/core/execute.c | 4 ++-- + 3 files changed, 9 insertions(+), 15 deletions(-) + +diff --git a/src/basic/format-util.h b/src/basic/format-util.h +index 8719df3e29..9becc96066 100644 +--- a/src/basic/format-util.h ++++ b/src/basic/format-util.h +@@ -34,13 +34,7 @@ assert_cc(sizeof(gid_t) == sizeof(uint32_t)); + # error Unknown timex member size + #endif + +-#if SIZEOF_RLIM_T == 8 +-# define RLIM_FMT "%" PRIu64 +-#elif SIZEOF_RLIM_T == 4 +-# define RLIM_FMT "%" PRIu32 +-#else +-# error Unknown rlim_t size +-#endif ++#define RLIM_FMT "%ju" + + #if SIZEOF_DEV_T == 8 + # define DEV_FMT "%" PRIu64 +diff --git a/src/basic/rlimit-util.c b/src/basic/rlimit-util.c +index 33dfde9d6c..e018fd81fd 100644 +--- a/src/basic/rlimit-util.c ++++ b/src/basic/rlimit-util.c +@@ -44,7 +44,7 @@ int setrlimit_closest(int resource, const struct rlimit *rlim) { + fixed.rlim_max == highest.rlim_max) + return 0; + +- log_debug("Failed at setting rlimit " RLIM_FMT " for resource RLIMIT_%s. Will attempt setting value " RLIM_FMT " instead.", rlim->rlim_max, rlimit_to_string(resource), fixed.rlim_max); ++ log_debug("Failed at setting rlimit " RLIM_FMT " for resource RLIMIT_%s. Will attempt setting value " RLIM_FMT " instead.", (uintmax_t)rlim->rlim_max, rlimit_to_string(resource), (uintmax_t)fixed.rlim_max); + + return RET_NERRNO(setrlimit(resource, &fixed)); + } +@@ -307,13 +307,13 @@ int rlimit_format(const struct rlimit *rl, char **ret) { + if (rl->rlim_cur >= RLIM_INFINITY && rl->rlim_max >= RLIM_INFINITY) + r = free_and_strdup(&s, "infinity"); + else if (rl->rlim_cur >= RLIM_INFINITY) +- r = asprintf(&s, "infinity:" RLIM_FMT, rl->rlim_max); ++ r = asprintf(&s, "infinity:" RLIM_FMT, (uintmax_t)rl->rlim_max); + else if (rl->rlim_max >= RLIM_INFINITY) +- r = asprintf(&s, RLIM_FMT ":infinity", rl->rlim_cur); ++ r = asprintf(&s, RLIM_FMT ":infinity", (uintmax_t)rl->rlim_cur); + else if (rl->rlim_cur == rl->rlim_max) +- r = asprintf(&s, RLIM_FMT, rl->rlim_cur); ++ r = asprintf(&s, RLIM_FMT, (uintmax_t)rl->rlim_cur); + else +- r = asprintf(&s, RLIM_FMT ":" RLIM_FMT, rl->rlim_cur, rl->rlim_max); ++ r = asprintf(&s, RLIM_FMT ":" RLIM_FMT, (uintmax_t)rl->rlim_cur, (uintmax_t)rl->rlim_max); + if (r < 0) + return -ENOMEM; + +@@ -403,7 +403,7 @@ int rlimit_nofile_safe(void) { + + rl.rlim_cur = FD_SETSIZE; + if (setrlimit(RLIMIT_NOFILE, &rl) < 0) +- return log_debug_errno(errno, "Failed to lower RLIMIT_NOFILE's soft limit to " RLIM_FMT ": %m", rl.rlim_cur); ++ return log_debug_errno(errno, "Failed to lower RLIMIT_NOFILE's soft limit to " RLIM_FMT ": %m", (uintmax_t)rl.rlim_cur); + + return 1; + } +diff --git a/src/core/execute.c b/src/core/execute.c +index 8ef76de9ab..ea1c203e43 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -6034,9 +6034,9 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) { + for (unsigned i = 0; i < RLIM_NLIMITS; i++) + if (c->rlimit[i]) { + fprintf(f, "%sLimit%s: " RLIM_FMT "\n", +- prefix, rlimit_to_string(i), c->rlimit[i]->rlim_max); ++ prefix, rlimit_to_string(i), (uintmax_t)c->rlimit[i]->rlim_max); + fprintf(f, "%sLimit%sSoft: " RLIM_FMT "\n", +- prefix, rlimit_to_string(i), c->rlimit[i]->rlim_cur); ++ prefix, rlimit_to_string(i), (uintmax_t)c->rlimit[i]->rlim_cur); + } + + if (c->ioprio_set) { +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0015-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch b/recipes-core/systemd/systemd/0015-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch new file mode 100644 index 0000000..c563982 --- /dev/null +++ b/recipes-core/systemd/systemd/0015-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch @@ -0,0 +1,60 @@ +From 0542d27ebbb250c09bdcfcf9f2ea3d27426fe522 Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Tue, 10 Jul 2018 15:40:17 +0800 +Subject: [PATCH] distinguish XSI-compliant strerror_r from GNU-specifi + strerror_r + +XSI-compliant strerror_r and GNU-specifi strerror_r are different. + + int strerror_r(int errnum, char *buf, size_t buflen); + /* XSI-compliant */ + + char *strerror_r(int errnum, char *buf, size_t buflen); + /* GNU-specific */ + +We need to distinguish between them. Otherwise, we'll get an int value +assigned to (char *) variable, resulting in segment fault. + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Chen Qi + +--- + src/libsystemd/sd-bus/bus-error.c | 5 +++++ + src/libsystemd/sd-journal/journal-send.c | 5 +++++ + 2 files changed, 10 insertions(+) + +diff --git a/src/libsystemd/sd-bus/bus-error.c b/src/libsystemd/sd-bus/bus-error.c +index bdfa145ab7..61928f4bf3 100644 +--- a/src/libsystemd/sd-bus/bus-error.c ++++ b/src/libsystemd/sd-bus/bus-error.c +@@ -409,7 +409,12 @@ static void bus_error_strerror(sd_bus_error *e, int error) { + return; + + errno = 0; ++#ifndef __GLIBC__ ++ strerror_r(error, m, k); ++ x = m; ++#else + x = strerror_r(error, m, k); ++#endif + if (errno == ERANGE || strlen(x) >= k - 1) { + free(m); + k *= 2; +diff --git a/src/libsystemd/sd-journal/journal-send.c b/src/libsystemd/sd-journal/journal-send.c +index e6ceba54f9..285ebbc9ef 100644 +--- a/src/libsystemd/sd-journal/journal-send.c ++++ b/src/libsystemd/sd-journal/journal-send.c +@@ -370,7 +370,12 @@ static int fill_iovec_perror_and_send(const char *message, int skip, struct iove + char* j; + + errno = 0; ++#ifndef __GLIBC__ ++ strerror_r(_saved_errno_, buffer + 8 + k, n - 8 - k); ++ j = buffer + 8 + k; ++#else + j = strerror_r(_saved_errno_, buffer + 8 + k, n - 8 - k); ++#endif + if (errno == 0) { + char error[STRLEN("ERRNO=") + DECIMAL_STR_MAX(int) + 1]; + diff --git a/recipes-core/systemd/systemd/0015-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch b/recipes-core/systemd/systemd/0015-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch new file mode 100644 index 0000000..afc80b9 --- /dev/null +++ b/recipes-core/systemd/systemd/0015-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch @@ -0,0 +1,41 @@ +From 96088895149746dd2ee8e8c2e4b97972ccf44696 Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Wed, 28 Feb 2018 21:25:22 -0800 +Subject: [PATCH] test-sizeof.c: Disable tests for missing typedefs in musl + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Khem Raj +Signed-off-by: Chen Qi +--- + src/test/test-sizeof.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/test/test-sizeof.c b/src/test/test-sizeof.c +index 55bd81e22f..6cf92bffde 100644 +--- a/src/test/test-sizeof.c ++++ b/src/test/test-sizeof.c +@@ -55,8 +55,10 @@ int main(void) { + info(unsigned); + info(unsigned long); + info(unsigned long long); ++#ifdef __GLIBC__ + info(__syscall_ulong_t); + info(__syscall_slong_t); ++#endif + info(intmax_t); + info(uintmax_t); + +@@ -76,7 +78,9 @@ int main(void) { + info(ssize_t); + info(time_t); + info(usec_t); ++#ifdef __GLIBC__ + info(__time_t); ++#endif + info(pid_t); + info(uid_t); + info(gid_t); +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0016-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch b/recipes-core/systemd/systemd/0016-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch new file mode 100644 index 0000000..2f84d3d --- /dev/null +++ b/recipes-core/systemd/systemd/0016-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch @@ -0,0 +1,99 @@ +From 26b02348e39fe72b73dd61bba8a0cefb0352717d Mon Sep 17 00:00:00 2001 +From: Andre McCurdy +Date: Tue, 10 Oct 2017 14:33:30 -0700 +Subject: [PATCH] don't pass AT_SYMLINK_NOFOLLOW flag to faccessat() + +Avoid using AT_SYMLINK_NOFOLLOW flag. It doesn't seem like the right +thing to do and it's not portable (not supported by musl). See: + + http://lists.landley.net/pipermail/toybox-landley.net/2014-September/003610.html + http://www.openwall.com/lists/musl/2015/02/05/2 + +Note that laccess() is never passing AT_EACCESS so a lot of the +discussion in the links above doesn't apply. Note also that +(currently) all systemd callers of laccess() pass mode as F_OK, so +only check for existence of a file, not access permissions. +Therefore, in this case, the only distiction between faccessat() +with (flag == 0) and (flag == AT_SYMLINK_NOFOLLOW) is the behaviour +for broken symlinks; laccess() on a broken symlink will succeed with +(flag == AT_SYMLINK_NOFOLLOW) and fail (flag == 0). + +The laccess() macros was added to systemd some time ago and it's not +clear if or why it needs to return success for broken symlinks. Maybe +just historical and not actually necessary or desired behaviour? + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Andre McCurdy +--- + src/basic/fs-util.h | 21 ++++++++++++++++++++- + src/shared/base-filesystem.c | 6 +++--- + 2 files changed, 23 insertions(+), 4 deletions(-) + +diff --git a/src/basic/fs-util.h b/src/basic/fs-util.h +index 932d003f19..33215dbf5f 100644 +--- a/src/basic/fs-util.h ++++ b/src/basic/fs-util.h +@@ -50,8 +50,27 @@ int futimens_opath(int fd, const struct timespec ts[2]); + int fd_warn_permissions(const char *path, int fd); + int stat_warn_permissions(const char *path, const struct stat *st); + ++/* ++ Avoid using AT_SYMLINK_NOFOLLOW flag. It doesn't seem like the right thing to ++ do and it's not portable (not supported by musl). See: ++ ++ http://lists.landley.net/pipermail/toybox-landley.net/2014-September/003610.html ++ http://www.openwall.com/lists/musl/2015/02/05/2 ++ ++ Note that laccess() is never passing AT_EACCESS so a lot of the discussion in ++ the links above doesn't apply. Note also that (currently) all systemd callers ++ of laccess() pass mode as F_OK, so only check for existence of a file, not ++ access permissions. Therefore, in this case, the only distiction between ++ faccessat() with (flag == 0) and (flag == AT_SYMLINK_NOFOLLOW) is the ++ behaviour for broken symlinks; laccess() on a broken symlink will succeed ++ with (flag == AT_SYMLINK_NOFOLLOW) and fail (flag == 0). ++ ++ The laccess() macros was added to systemd some time ago and it's not clear if ++ or why it needs to return success for broken symlinks. Maybe just historical ++ and not actually necessary or desired behaviour? ++*/ + #define laccess(path, mode) \ +- RET_NERRNO(faccessat(AT_FDCWD, (path), (mode), AT_SYMLINK_NOFOLLOW)) ++ RET_NERRNO(faccessat(AT_FDCWD, (path), (mode), 0)) + + int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gid, mode_t mode); + +diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c +index be6dd1654a..2726dc946a 100644 +--- a/src/shared/base-filesystem.c ++++ b/src/shared/base-filesystem.c +@@ -131,7 +131,7 @@ int base_filesystem_create(const char *root, uid_t uid, gid_t gid) { + return log_error_errno(errno, "Failed to open root file system: %m"); + + for (size_t i = 0; i < ELEMENTSOF(table); i++) { +- if (faccessat(fd, table[i].dir, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) ++ if (faccessat(fd, table[i].dir, F_OK, 0) >= 0) + continue; + + if (table[i].target) { +@@ -139,7 +139,7 @@ int base_filesystem_create(const char *root, uid_t uid, gid_t gid) { + + /* check if one of the targets exists */ + NULSTR_FOREACH(s, table[i].target) { +- if (faccessat(fd, s, F_OK, AT_SYMLINK_NOFOLLOW) < 0) ++ if (faccessat(fd, s, F_OK, 0) < 0) + continue; + + /* check if a specific file exists at the target path */ +@@ -150,7 +150,7 @@ int base_filesystem_create(const char *root, uid_t uid, gid_t gid) { + if (!p) + return log_oom(); + +- if (faccessat(fd, p, F_OK, AT_SYMLINK_NOFOLLOW) < 0) ++ if (faccessat(fd, p, F_OK, 0) < 0) + continue; + } + +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0017-Define-glibc-compatible-basename-for-non-glibc-syste.patch b/recipes-core/systemd/systemd/0017-Define-glibc-compatible-basename-for-non-glibc-syste.patch new file mode 100644 index 0000000..7d74cfc --- /dev/null +++ b/recipes-core/systemd/systemd/0017-Define-glibc-compatible-basename-for-non-glibc-syste.patch @@ -0,0 +1,34 @@ +From fdc7fb940bb41020271b9db41d5608004efdbde5 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Sun, 27 May 2018 08:36:44 -0700 +Subject: [PATCH] Define glibc compatible basename() for non-glibc systems + +Fixes builds with musl, even though systemd is adamant about +using non-posix basename implementation, we have a way out + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Khem Raj +--- + src/machine/machine-dbus.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c +index 45bc056326..aee51d5da5 100644 +--- a/src/machine/machine-dbus.c ++++ b/src/machine/machine-dbus.c +@@ -4,6 +4,11 @@ + #include + #include + ++#if !defined(__GLIBC__) ++#include ++#define basename(src) (strrchr(src,'/') ? strrchr(src,'/')+1 : src) ++#endif ++ + #include "alloc-util.h" + #include "bus-common-errors.h" + #include "bus-get-properties.h" +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0018-Do-not-disable-buffering-when-writing-to-oom_score_a.patch b/recipes-core/systemd/systemd/0018-Do-not-disable-buffering-when-writing-to-oom_score_a.patch new file mode 100644 index 0000000..401a9a9 --- /dev/null +++ b/recipes-core/systemd/systemd/0018-Do-not-disable-buffering-when-writing-to-oom_score_a.patch @@ -0,0 +1,41 @@ +From 32fd0dc67b6df531f0769dbb099dbe8f30c28514 Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Wed, 4 Jul 2018 15:00:44 +0800 +Subject: [PATCH] Do not disable buffering when writing to oom_score_adj + +On musl, disabling buffering when writing to oom_score_adj will +cause the following error. + + Failed to adjust OOM setting: Invalid argument + +This error appears for systemd-udevd.service and dbus.service. +This is because kernel receives '-' instead of the whole '-900' +if buffering is disabled. + +This is libc implementation specific, as glibc does not have this issue. + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Chen Qi +[rebased for systemd 243] +Signed-off-by: Scott Murray +--- + src/basic/process-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/process-util.c b/src/basic/process-util.c +index 0747c14c1c..8d0c5aae92 100644 +--- a/src/basic/process-util.c ++++ b/src/basic/process-util.c +@@ -1405,7 +1405,7 @@ int set_oom_score_adjust(int value) { + xsprintf(t, "%i", value); + + return write_string_file("/proc/self/oom_score_adj", t, +- WRITE_STRING_FILE_VERIFY_ON_FAILURE|WRITE_STRING_FILE_DISABLE_BUFFER); ++ WRITE_STRING_FILE_VERIFY_ON_FAILURE); + } + + int get_oom_score_adjust(int *ret) { +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0018-avoid-redefinition-of-prctl_mm_map-structure.patch b/recipes-core/systemd/systemd/0018-avoid-redefinition-of-prctl_mm_map-structure.patch new file mode 100644 index 0000000..1fcba7a --- /dev/null +++ b/recipes-core/systemd/systemd/0018-avoid-redefinition-of-prctl_mm_map-structure.patch @@ -0,0 +1,30 @@ +From e1d0210b47906dd121f936f3181092835df6a95c Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Mon, 25 Feb 2019 15:44:54 +0800 +Subject: [PATCH] avoid redefinition of prctl_mm_map structure + +Fix the following compile failure: +error: redefinition of 'struct prctl_mm_map' + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Chen Qi + +--- + src/basic/missing_prctl.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/basic/missing_prctl.h b/src/basic/missing_prctl.h +index ab851306ba..5547cad875 100644 +--- a/src/basic/missing_prctl.h ++++ b/src/basic/missing_prctl.h +@@ -1,7 +1,9 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + #pragma once + ++#ifdef __GLIBC__ + #include ++#endif + + /* 58319057b7847667f0c9585b9de0e8932b0fdb08 (4.3) */ + #ifndef PR_CAP_AMBIENT diff --git a/recipes-core/systemd/systemd/0019-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch b/recipes-core/systemd/systemd/0019-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch new file mode 100644 index 0000000..48b8eda --- /dev/null +++ b/recipes-core/systemd/systemd/0019-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch @@ -0,0 +1,76 @@ +From ed46afcbc6bc1f6277a0a54c3db8cf1b056bca1e Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Tue, 10 Jul 2018 15:40:17 +0800 +Subject: [PATCH] distinguish XSI-compliant strerror_r from GNU-specifi + strerror_r + +XSI-compliant strerror_r and GNU-specifi strerror_r are different. + + int strerror_r(int errnum, char *buf, size_t buflen); + /* XSI-compliant */ + + char *strerror_r(int errnum, char *buf, size_t buflen); + /* GNU-specific */ + +We need to distinguish between them. Otherwise, we'll get an int value +assigned to (char *) variable, resulting in segment fault. + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Chen Qi +--- + src/libsystemd/sd-bus/bus-error.c | 11 ++++++++++- + src/libsystemd/sd-journal/journal-send.c | 5 +++++ + 2 files changed, 15 insertions(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-bus/bus-error.c b/src/libsystemd/sd-bus/bus-error.c +index 413e2dd43f..805e5da0c0 100644 +--- a/src/libsystemd/sd-bus/bus-error.c ++++ b/src/libsystemd/sd-bus/bus-error.c +@@ -408,7 +408,12 @@ static void bus_error_strerror(sd_bus_error *e, int error) { + return; + + errno = 0; ++#ifndef __GLIBC__ ++ strerror_r(error, m, k); ++ x = m; ++#else + x = strerror_r(error, m, k); ++#endif + if (errno == ERANGE || strlen(x) >= k - 1) { + free(m); + k *= 2; +@@ -593,8 +598,12 @@ const char* _bus_error_message(const sd_bus_error *e, int error, char buf[static + + if (e && e->message) + return e->message; +- ++#ifndef __GLIBC__ ++ strerror_r(abs(error), buf, ERRNO_BUF_LEN); ++ return buf; ++#else + return strerror_r(abs(error), buf, ERRNO_BUF_LEN); ++#endif + } + + static bool map_ok(const sd_bus_error_map *map) { +diff --git a/src/libsystemd/sd-journal/journal-send.c b/src/libsystemd/sd-journal/journal-send.c +index 136ebcb153..8a75ba4ecd 100644 +--- a/src/libsystemd/sd-journal/journal-send.c ++++ b/src/libsystemd/sd-journal/journal-send.c +@@ -381,7 +381,12 @@ static int fill_iovec_perror_and_send(const char *message, int skip, struct iove + char* j; + + errno = 0; ++#ifndef __GLIBC__ ++ strerror_r(_saved_errno_, buffer + 8 + k, n - 8 - k); ++ j = buffer + 8 + k; ++#else + j = strerror_r(_saved_errno_, buffer + 8 + k, n - 8 - k); ++#endif + if (errno == 0) { + char error[STRLEN("ERRNO=") + DECIMAL_STR_MAX(int) + 1]; + +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0020-avoid-redefinition-of-prctl_mm_map-structure.patch b/recipes-core/systemd/systemd/0020-avoid-redefinition-of-prctl_mm_map-structure.patch new file mode 100644 index 0000000..e5f0173 --- /dev/null +++ b/recipes-core/systemd/systemd/0020-avoid-redefinition-of-prctl_mm_map-structure.patch @@ -0,0 +1,32 @@ +From 277b680d07a178b8278862b60417052d05c1376f Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Mon, 25 Feb 2019 15:44:54 +0800 +Subject: [PATCH] avoid redefinition of prctl_mm_map structure + +Fix the following compile failure: +error: redefinition of 'struct prctl_mm_map' + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Chen Qi +--- + src/basic/missing_prctl.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/basic/missing_prctl.h b/src/basic/missing_prctl.h +index ab851306ba..5547cad875 100644 +--- a/src/basic/missing_prctl.h ++++ b/src/basic/missing_prctl.h +@@ -1,7 +1,9 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + #pragma once + ++#ifdef __GLIBC__ + #include ++#endif + + /* 58319057b7847667f0c9585b9de0e8932b0fdb08 (4.3) */ + #ifndef PR_CAP_AMBIENT +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0021-do-not-disable-buffer-in-writing-files.patch b/recipes-core/systemd/systemd/0021-do-not-disable-buffer-in-writing-files.patch new file mode 100644 index 0000000..46267a5 --- /dev/null +++ b/recipes-core/systemd/systemd/0021-do-not-disable-buffer-in-writing-files.patch @@ -0,0 +1,448 @@ +From aa6e5588e6d01c12e2f101d140cc710ab199df16 Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Fri, 1 Mar 2019 15:22:15 +0800 +Subject: [PATCH] do not disable buffer in writing files + +Do not disable buffer in writing files, otherwise we get +failure at boot for musl like below. + + [!!!!!!] Failed to allocate manager object. + +And there will be other failures, critical or not critical. +This is specific to musl. + +Upstream-Status: Inappropriate [musl] + +Signed-off-by: Chen Qi +[Rebased for v242] +Signed-off-by: Andrej Valek +[rebased for systemd 243] +Signed-off-by: Scott Murray +--- + src/basic/cgroup-util.c | 12 ++++++------ + src/basic/namespace-util.c | 4 ++-- + src/basic/procfs-util.c | 4 ++-- + src/basic/sysctl-util.c | 2 +- + src/binfmt/binfmt.c | 6 +++--- + src/core/cgroup.c | 2 +- + src/core/main.c | 2 +- + src/core/smack-setup.c | 8 ++++---- + src/hibernate-resume/hibernate-resume.c | 2 +- + src/home/homework.c | 2 +- + src/libsystemd/sd-device/sd-device.c | 2 +- + src/nspawn/nspawn-cgroup.c | 2 +- + src/nspawn/nspawn.c | 6 +++--- + src/shared/binfmt-util.c | 2 +- + src/shared/cgroup-setup.c | 4 ++-- + src/shared/coredump-util.c | 2 +- + src/shared/smack-util.c | 2 +- + src/sleep/sleep.c | 8 ++++---- + src/udev/udev-rules.c | 1 - + src/vconsole/vconsole-setup.c | 2 +- + 20 files changed, 37 insertions(+), 38 deletions(-) + +diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c +index 11b4375ed5..7d81a6007f 100644 +--- a/src/basic/cgroup-util.c ++++ b/src/basic/cgroup-util.c +@@ -399,7 +399,7 @@ int cg_kill_kernel_sigkill(const char *controller, const char *path) { + if (r < 0) + return r; + +- r = write_string_file(killfile, "1", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(killfile, "1", 0); + if (r < 0) + return r; + +@@ -805,7 +805,7 @@ int cg_install_release_agent(const char *controller, const char *agent) { + + sc = strstrip(contents); + if (isempty(sc)) { +- r = write_string_file(fs, agent, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(fs, agent, 0); + if (r < 0) + return r; + } else if (!path_equal(sc, agent)) +@@ -823,7 +823,7 @@ int cg_install_release_agent(const char *controller, const char *agent) { + + sc = strstrip(contents); + if (streq(sc, "0")) { +- r = write_string_file(fs, "1", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(fs, "1", 0); + if (r < 0) + return r; + +@@ -850,7 +850,7 @@ int cg_uninstall_release_agent(const char *controller) { + if (r < 0) + return r; + +- r = write_string_file(fs, "0", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(fs, "0", 0); + if (r < 0) + return r; + +@@ -860,7 +860,7 @@ int cg_uninstall_release_agent(const char *controller) { + if (r < 0) + return r; + +- r = write_string_file(fs, "", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(fs, "", 0); + if (r < 0) + return r; + +@@ -1752,7 +1752,7 @@ int cg_set_attribute(const char *controller, const char *path, const char *attri + if (r < 0) + return r; + +- return write_string_file(p, value, WRITE_STRING_FILE_DISABLE_BUFFER); ++ return write_string_file(p, value, 0); + } + + int cg_get_attribute(const char *controller, const char *path, const char *attribute, char **ret) { +diff --git a/src/basic/namespace-util.c b/src/basic/namespace-util.c +index f5c0e04cec..272b920022 100644 +--- a/src/basic/namespace-util.c ++++ b/src/basic/namespace-util.c +@@ -220,12 +220,12 @@ int userns_acquire(const char *uid_map, const char *gid_map) { + freeze(); + + xsprintf(path, "/proc/" PID_FMT "/uid_map", pid); +- r = write_string_file(path, uid_map, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(path, uid_map, 0); + if (r < 0) + return log_error_errno(r, "Failed to write UID map: %m"); + + xsprintf(path, "/proc/" PID_FMT "/gid_map", pid); +- r = write_string_file(path, gid_map, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(path, gid_map, 0); + if (r < 0) + return log_error_errno(r, "Failed to write GID map: %m"); + +diff --git a/src/basic/procfs-util.c b/src/basic/procfs-util.c +index 64a95dd866..12cd16db1c 100644 +--- a/src/basic/procfs-util.c ++++ b/src/basic/procfs-util.c +@@ -64,13 +64,13 @@ int procfs_tasks_set_limit(uint64_t limit) { + * decrease it, as threads-max is the much more relevant sysctl. */ + if (limit > pid_max-1) { + sprintf(buffer, "%" PRIu64, limit+1); /* Add one, since PID 0 is not a valid PID */ +- r = write_string_file("/proc/sys/kernel/pid_max", buffer, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/proc/sys/kernel/pid_max", buffer, 0); + if (r < 0) + return r; + } + + sprintf(buffer, "%" PRIu64, limit); +- r = write_string_file("/proc/sys/kernel/threads-max", buffer, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/proc/sys/kernel/threads-max", buffer, 0); + if (r < 0) { + uint64_t threads_max; + +diff --git a/src/basic/sysctl-util.c b/src/basic/sysctl-util.c +index b66a6622ae..8d1c93008a 100644 +--- a/src/basic/sysctl-util.c ++++ b/src/basic/sysctl-util.c +@@ -58,7 +58,7 @@ int sysctl_write(const char *property, const char *value) { + + log_debug("Setting '%s' to '%s'", p, value); + +- return write_string_file(p, value, WRITE_STRING_FILE_VERIFY_ON_FAILURE | WRITE_STRING_FILE_DISABLE_BUFFER | WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL); ++ return write_string_file(p, value, WRITE_STRING_FILE_VERIFY_ON_FAILURE | WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL); + } + + int sysctl_writef(const char *property, const char *format, ...) { +diff --git a/src/binfmt/binfmt.c b/src/binfmt/binfmt.c +index e1ddf97914..df6e156f19 100644 +--- a/src/binfmt/binfmt.c ++++ b/src/binfmt/binfmt.c +@@ -30,7 +30,7 @@ static bool arg_unregister = false; + + static int delete_rule(const char *rulename) { + const char *fn = strjoina("/proc/sys/fs/binfmt_misc/", rulename); +- return write_string_file(fn, "-1", WRITE_STRING_FILE_DISABLE_BUFFER); ++ return write_string_file(fn, "-1", 0); + } + + static int apply_rule(const char *filename, unsigned line, const char *rule) { +@@ -58,7 +58,7 @@ static int apply_rule(const char *filename, unsigned line, const char *rule) { + if (r >= 0) + log_debug("%s:%u: Rule '%s' deleted.", filename, line, rulename); + +- r = write_string_file("/proc/sys/fs/binfmt_misc/register", rule, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/proc/sys/fs/binfmt_misc/register", rule, 0); + if (r < 0) + return log_error_errno(r, "%s:%u: Failed to add binary format '%s': %m", + filename, line, rulename); +@@ -244,7 +244,7 @@ static int run(int argc, char *argv[]) { + return r; + + /* Flush out all rules */ +- r = write_string_file("/proc/sys/fs/binfmt_misc/status", "-1", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/proc/sys/fs/binfmt_misc/status", "-1", 0); + if (r < 0) + log_warning_errno(r, "Failed to flush binfmt_misc rules, ignoring: %m"); + else +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 4cac3f6a89..bebe2cd120 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -4267,7 +4267,7 @@ int unit_cgroup_freezer_action(Unit *u, FreezerAction action) { + u->freezer_state = FREEZER_THAWING; + } + +- r = write_string_file(path, one_zero(action == FREEZER_FREEZE), WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(path, one_zero(action == FREEZER_FREEZE), 0); + if (r < 0) + return r; + +diff --git a/src/core/main.c b/src/core/main.c +index c0b8126d96..fe676320ba 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -1716,7 +1716,7 @@ static void initialize_core_pattern(bool skip_setup) { + if (getpid_cached() != 1) + return; + +- r = write_string_file("/proc/sys/kernel/core_pattern", arg_early_core_pattern, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/proc/sys/kernel/core_pattern", arg_early_core_pattern, 0); + if (r < 0) + log_warning_errno(r, "Failed to write '%s' to /proc/sys/kernel/core_pattern, ignoring: %m", + arg_early_core_pattern); +diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c +index bcaa237c8d..4032bde19e 100644 +--- a/src/core/smack-setup.c ++++ b/src/core/smack-setup.c +@@ -319,17 +319,17 @@ int mac_smack_setup(bool *loaded_policy) { + } + + #if HAVE_SMACK_RUN_LABEL +- r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL, 0); + if (r < 0) + log_warning_errno(r, "Failed to set SMACK label \"" SMACK_RUN_LABEL "\" on self: %m"); +- r = write_string_file("/sys/fs/smackfs/ambient", SMACK_RUN_LABEL, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/sys/fs/smackfs/ambient", SMACK_RUN_LABEL, 0); + if (r < 0) + log_warning_errno(r, "Failed to set SMACK ambient label \"" SMACK_RUN_LABEL "\": %m"); + r = write_string_file("/sys/fs/smackfs/netlabel", +- "0.0.0.0/0 " SMACK_RUN_LABEL, WRITE_STRING_FILE_DISABLE_BUFFER); ++ "0.0.0.0/0 " SMACK_RUN_LABEL, 0); + if (r < 0) + log_warning_errno(r, "Failed to set SMACK netlabel rule \"0.0.0.0/0 " SMACK_RUN_LABEL "\": %m"); +- r = write_string_file("/sys/fs/smackfs/netlabel", "127.0.0.1 -CIPSO", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/sys/fs/smackfs/netlabel", "127.0.0.1 -CIPSO", 0); + if (r < 0) + log_warning_errno(r, "Failed to set SMACK netlabel rule \"127.0.0.1 -CIPSO\": %m"); + #endif +diff --git a/src/hibernate-resume/hibernate-resume.c b/src/hibernate-resume/hibernate-resume.c +index 9a9df5d22f..75ddec881a 100644 +--- a/src/hibernate-resume/hibernate-resume.c ++++ b/src/hibernate-resume/hibernate-resume.c +@@ -40,7 +40,7 @@ int main(int argc, char *argv[]) { + return EXIT_FAILURE; + } + +- r = write_string_file("/sys/power/resume", FORMAT_DEVNUM(st.st_rdev), WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/sys/power/resume", FORMAT_DEVNUM(st.st_rdev), 0); + if (r < 0) { + log_error_errno(r, "Failed to write '" DEVNUM_FORMAT_STR "' to /sys/power/resume: %m", DEVNUM_FORMAT_VAL(st.st_rdev)); + return EXIT_FAILURE; +diff --git a/src/home/homework.c b/src/home/homework.c +index 28907386a4..f9e45349a7 100644 +--- a/src/home/homework.c ++++ b/src/home/homework.c +@@ -278,7 +278,7 @@ static void drop_caches_now(void) { + * for details. We write "2" into /proc/sys/vm/drop_caches to ensure dentries/inodes are flushed, but + * not more. */ + +- r = write_string_file("/proc/sys/vm/drop_caches", "2\n", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/proc/sys/vm/drop_caches", "2\n", 0); + if (r < 0) + log_warning_errno(r, "Failed to drop caches, ignoring: %m"); + else +diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c +index 8c65ee3469..153edab081 100644 +--- a/src/libsystemd/sd-device/sd-device.c ++++ b/src/libsystemd/sd-device/sd-device.c +@@ -2481,7 +2481,7 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr, + if (!value) + return -ENOMEM; + +- r = write_string_file(path, value, WRITE_STRING_FILE_DISABLE_BUFFER | WRITE_STRING_FILE_NOFOLLOW); ++ r = write_string_file(path, value, 0 | WRITE_STRING_FILE_NOFOLLOW); + if (r < 0) { + /* On failure, clear cache entry, as we do not know how it fails. */ + device_remove_cached_sysattr_value(device, sysattr); +diff --git a/src/nspawn/nspawn-cgroup.c b/src/nspawn/nspawn-cgroup.c +index 0deb4ebb30..bae8eead9e 100644 +--- a/src/nspawn/nspawn-cgroup.c ++++ b/src/nspawn/nspawn-cgroup.c +@@ -122,7 +122,7 @@ int sync_cgroup(pid_t pid, CGroupUnified unified_requested, uid_t uid_shift) { + fn = strjoina(tree, cgroup, "/cgroup.procs"); + + sprintf(pid_string, PID_FMT, pid); +- r = write_string_file(fn, pid_string, WRITE_STRING_FILE_DISABLE_BUFFER|WRITE_STRING_FILE_MKDIR_0755); ++ r = write_string_file(fn, pid_string, WRITE_STRING_FILE_MKDIR_0755); + if (r < 0) { + log_error_errno(r, "Failed to move process: %m"); + goto finish; +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index 36d336dfc8..8c5c69596b 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -2771,7 +2771,7 @@ static int reset_audit_loginuid(void) { + if (streq(p, "4294967295")) + return 0; + +- r = write_string_file("/proc/self/loginuid", "4294967295", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/proc/self/loginuid", "4294967295", 0); + if (r < 0) { + log_error_errno(r, + "Failed to reset audit login UID. This probably means that your kernel is too\n" +@@ -4211,7 +4211,7 @@ static int setup_uid_map( + return log_oom(); + + xsprintf(uid_map, "/proc/" PID_FMT "/uid_map", pid); +- r = write_string_file(uid_map, s, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(uid_map, s, 0); + if (r < 0) + return log_error_errno(r, "Failed to write UID map: %m"); + +@@ -4221,7 +4221,7 @@ static int setup_uid_map( + return log_oom(); + + xsprintf(uid_map, "/proc/" PID_FMT "/gid_map", pid); +- r = write_string_file(uid_map, s, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(uid_map, s, 0); + if (r < 0) + return log_error_errno(r, "Failed to write GID map: %m"); + +diff --git a/src/shared/binfmt-util.c b/src/shared/binfmt-util.c +index a26175474b..1413a9c72c 100644 +--- a/src/shared/binfmt-util.c ++++ b/src/shared/binfmt-util.c +@@ -46,7 +46,7 @@ int disable_binfmt(void) { + return 0; + } + +- r = write_string_file("/proc/sys/fs/binfmt_misc/status", "-1", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/proc/sys/fs/binfmt_misc/status", "-1", 0); + if (r < 0) + return log_warning_errno(r, "Failed to unregister binfmt_misc entries: %m"); + +diff --git a/src/shared/cgroup-setup.c b/src/shared/cgroup-setup.c +index 2ea83f05d3..8626bb184c 100644 +--- a/src/shared/cgroup-setup.c ++++ b/src/shared/cgroup-setup.c +@@ -350,7 +350,7 @@ int cg_attach(const char *controller, const char *path, pid_t pid) { + + xsprintf(c, PID_FMT "\n", pid); + +- r = write_string_file(fs, c, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(fs, c, 0); + if (r == -EOPNOTSUPP && cg_is_threaded(controller, path) > 0) + /* When the threaded mode is used, we cannot read/write the file. Let's return recognizable error. */ + return -EUCLEAN; +@@ -887,7 +887,7 @@ int cg_enable_everywhere( + return log_debug_errno(errno, "Failed to open cgroup.subtree_control file of %s: %m", p); + } + +- r = write_string_stream(f, s, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_stream(f, s, 0); + if (r < 0) { + log_debug_errno(r, "Failed to %s controller %s for %s (%s): %m", + FLAGS_SET(mask, bit) ? "enable" : "disable", n, p, fs); +diff --git a/src/shared/coredump-util.c b/src/shared/coredump-util.c +index 3d2f179049..c1b6c170ac 100644 +--- a/src/shared/coredump-util.c ++++ b/src/shared/coredump-util.c +@@ -71,7 +71,7 @@ int set_coredump_filter(uint64_t value) { + sprintf(t, "0x%"PRIx64, value); + + return write_string_file("/proc/self/coredump_filter", t, +- WRITE_STRING_FILE_VERIFY_ON_FAILURE|WRITE_STRING_FILE_DISABLE_BUFFER); ++ 0); + } + + /* Turn off core dumps but only if we're running outside of a container. */ +diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c +index b3b5c905ad..bbfa1973fd 100644 +--- a/src/shared/smack-util.c ++++ b/src/shared/smack-util.c +@@ -115,7 +115,7 @@ int mac_smack_apply_pid(pid_t pid, const char *label) { + return 0; + + p = procfs_file_alloca(pid, "attr/current"); +- r = write_string_file(p, label, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(p, label, 0); + if (r < 0) + return r; + +diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c +index 765dd4974f..cd6afb001b 100644 +--- a/src/sleep/sleep.c ++++ b/src/sleep/sleep.c +@@ -50,7 +50,7 @@ static int write_hibernate_location_info(const HibernateLocation *hibernate_loca + assert(hibernate_location->swap); + + xsprintf(resume_str, "%u:%u", major(hibernate_location->devno), minor(hibernate_location->devno)); +- r = write_string_file("/sys/power/resume", resume_str, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/sys/power/resume", resume_str, 0); + if (r < 0) + return log_debug_errno(r, "Failed to write partition device to /sys/power/resume for '%s': '%s': %m", + hibernate_location->swap->device, resume_str); +@@ -77,7 +77,7 @@ static int write_hibernate_location_info(const HibernateLocation *hibernate_loca + } + + xsprintf(offset_str, "%" PRIu64, hibernate_location->offset); +- r = write_string_file("/sys/power/resume_offset", offset_str, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/sys/power/resume_offset", offset_str, 0); + if (r < 0) + return log_debug_errno(r, "Failed to write swap file offset to /sys/power/resume_offset for '%s': '%s': %m", + hibernate_location->swap->device, offset_str); +@@ -93,7 +93,7 @@ static int write_mode(char **modes) { + STRV_FOREACH(mode, modes) { + int k; + +- k = write_string_file("/sys/power/disk", *mode, WRITE_STRING_FILE_DISABLE_BUFFER); ++ k = write_string_file("/sys/power/disk", *mode, 0); + if (k >= 0) + return 0; + +@@ -114,7 +114,7 @@ static int write_state(FILE **f, char **states) { + STRV_FOREACH(state, states) { + int k; + +- k = write_string_stream(*f, *state, WRITE_STRING_FILE_DISABLE_BUFFER); ++ k = write_string_stream(*f, *state, 0); + if (k >= 0) + return 0; + log_debug_errno(k, "Failed to write '%s' to /sys/power/state: %m", *state); +diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c +index 0ce79f815c..28aab475d0 100644 +--- a/src/udev/udev-rules.c ++++ b/src/udev/udev-rules.c +@@ -2357,7 +2357,6 @@ static int udev_rule_apply_token_to_event( + log_rule_debug(dev, rules, "ATTR '%s' writing '%s'", buf, value); + r = write_string_file(buf, value, + WRITE_STRING_FILE_VERIFY_ON_FAILURE | +- WRITE_STRING_FILE_DISABLE_BUFFER | + WRITE_STRING_FILE_AVOID_NEWLINE | + WRITE_STRING_FILE_VERIFY_IGNORE_NEWLINE); + if (r < 0) +diff --git a/src/vconsole/vconsole-setup.c b/src/vconsole/vconsole-setup.c +index 7d3e9db73f..2d4a0c4c9d 100644 +--- a/src/vconsole/vconsole-setup.c ++++ b/src/vconsole/vconsole-setup.c +@@ -108,7 +108,7 @@ static int toggle_utf8_vc(const char *name, int fd, bool utf8) { + static int toggle_utf8_sysfs(bool utf8) { + int r; + +- r = write_string_file("/sys/module/vt/parameters/default_utf8", one_zero(utf8), WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/sys/module/vt/parameters/default_utf8", one_zero(utf8), 0); + if (r < 0) + return log_warning_errno(r, "Failed to %s sysfs UTF-8 flag: %m", enable_disable(utf8)); + +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0022-Handle-__cpu_mask-usage.patch b/recipes-core/systemd/systemd/0022-Handle-__cpu_mask-usage.patch new file mode 100644 index 0000000..61545f5 --- /dev/null +++ b/recipes-core/systemd/systemd/0022-Handle-__cpu_mask-usage.patch @@ -0,0 +1,60 @@ +From a50ec65dbe660421052656dda7499c925005f486 Mon Sep 17 00:00:00 2001 +From: Scott Murray +Date: Fri, 13 Sep 2019 19:26:27 -0400 +Subject: [PATCH] Handle __cpu_mask usage + +Fixes errors: + +src/test/test-cpu-set-util.c:18:54: error: '__cpu_mask' undeclared (first use in this function) +src/test/test-sizeof.c:73:14: error: '__cpu_mask' undeclared (first use in this function) + +__cpu_mask is an internal type of glibc's cpu_set implementation, not +part of the POSIX definition, which is problematic when building with +musl, which does not define a matching type. From inspection of musl's +sched.h, however, it is clear that the corresponding type would be +unsigned long, which does match glibc's actual __CPU_MASK_TYPE. So, +add a typedef to cpu-set-util.h defining __cpu_mask appropriately. + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Scott Murray +--- + src/shared/cpu-set-util.h | 2 ++ + src/test/test-sizeof.c | 2 +- + 2 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/shared/cpu-set-util.h b/src/shared/cpu-set-util.h +index 3c63a58826..4c2d4347fc 100644 +--- a/src/shared/cpu-set-util.h ++++ b/src/shared/cpu-set-util.h +@@ -6,6 +6,8 @@ + #include "macro.h" + #include "missing_syscall.h" + ++typedef unsigned long __cpu_mask; ++ + /* This wraps the libc interface with a variable to keep the allocated size. */ + typedef struct CPUSet { + cpu_set_t *set; +diff --git a/src/test/test-sizeof.c b/src/test/test-sizeof.c +index 6cf92bffde..937d26ca55 100644 +--- a/src/test/test-sizeof.c ++++ b/src/test/test-sizeof.c +@@ -1,6 +1,5 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + +-#include + #include + #include + #include +@@ -10,6 +9,7 @@ + #include + + #include "time-util.h" ++#include "cpu-set-util.h" + + /* Print information about various types. Useful when diagnosing + * gcc diagnostics on an unfamiliar architecture. */ +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0022-do-not-disable-buffer-in-writing-files.patch b/recipes-core/systemd/systemd/0022-do-not-disable-buffer-in-writing-files.patch new file mode 100644 index 0000000..00131de --- /dev/null +++ b/recipes-core/systemd/systemd/0022-do-not-disable-buffer-in-writing-files.patch @@ -0,0 +1,467 @@ +From 414e2f97008a1f3c26a260a6dc4d51a8c1fa6900 Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Fri, 1 Mar 2019 15:22:15 +0800 +Subject: [PATCH] do not disable buffer in writing files + +Do not disable buffer in writing files, otherwise we get +failure at boot for musl like below. + + [!!!!!!] Failed to allocate manager object. + +And there will be other failures, critical or not critical. +This is specific to musl. + +Upstream-Status: Inappropriate [musl] + +Signed-off-by: Chen Qi +[Rebased for v242] +Signed-off-by: Andrej Valek +[rebased for systemd 243] +Signed-off-by: Scott Murray + +--- + src/basic/cgroup-util.c | 12 ++++++------ + src/basic/namespace-util.c | 4 ++-- + src/basic/procfs-util.c | 4 ++-- + src/basic/sysctl-util.c | 2 +- + src/basic/util.c | 2 +- + src/binfmt/binfmt.c | 6 +++--- + src/core/cgroup.c | 2 +- + src/core/main.c | 4 ++-- + src/core/smack-setup.c | 8 ++++---- + src/hibernate-resume/hibernate-resume.c | 2 +- + src/home/homework.c | 2 +- + src/libsystemd/sd-device/sd-device.c | 2 +- + src/nspawn/nspawn-cgroup.c | 2 +- + src/nspawn/nspawn.c | 6 +++--- + src/shared/binfmt-util.c | 2 +- + src/shared/cgroup-setup.c | 4 ++-- + src/shared/coredump-util.c | 2 +- + src/shared/smack-util.c | 2 +- + src/sleep/sleep.c | 8 ++++---- + src/udev/udev-rules.c | 1 - + src/vconsole/vconsole-setup.c | 2 +- + 21 files changed, 39 insertions(+), 40 deletions(-) + +diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c +index f4615ffce1..07cb8ed669 100644 +--- a/src/basic/cgroup-util.c ++++ b/src/basic/cgroup-util.c +@@ -399,7 +399,7 @@ int cg_kill_kernel_sigkill(const char *controller, const char *path) { + if (r < 0) + return r; + +- r = write_string_file(killfile, "1", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(killfile, "1", 0); + if (r < 0) + return r; + +@@ -805,7 +805,7 @@ int cg_install_release_agent(const char *controller, const char *agent) { + + sc = strstrip(contents); + if (isempty(sc)) { +- r = write_string_file(fs, agent, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(fs, agent, 0); + if (r < 0) + return r; + } else if (!path_equal(sc, agent)) +@@ -823,7 +823,7 @@ int cg_install_release_agent(const char *controller, const char *agent) { + + sc = strstrip(contents); + if (streq(sc, "0")) { +- r = write_string_file(fs, "1", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(fs, "1", 0); + if (r < 0) + return r; + +@@ -850,7 +850,7 @@ int cg_uninstall_release_agent(const char *controller) { + if (r < 0) + return r; + +- r = write_string_file(fs, "0", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(fs, "0", 0); + if (r < 0) + return r; + +@@ -860,7 +860,7 @@ int cg_uninstall_release_agent(const char *controller) { + if (r < 0) + return r; + +- r = write_string_file(fs, "", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(fs, "", 0); + if (r < 0) + return r; + +@@ -1730,7 +1730,7 @@ int cg_set_attribute(const char *controller, const char *path, const char *attri + if (r < 0) + return r; + +- return write_string_file(p, value, WRITE_STRING_FILE_DISABLE_BUFFER); ++ return write_string_file(p, value, 0); + } + + int cg_get_attribute(const char *controller, const char *path, const char *attribute, char **ret) { +diff --git a/src/basic/namespace-util.c b/src/basic/namespace-util.c +index b9120a5ed0..78e460b75f 100644 +--- a/src/basic/namespace-util.c ++++ b/src/basic/namespace-util.c +@@ -202,12 +202,12 @@ int userns_acquire(const char *uid_map, const char *gid_map) { + freeze(); + + xsprintf(path, "/proc/" PID_FMT "/uid_map", pid); +- r = write_string_file(path, uid_map, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(path, uid_map, 0); + if (r < 0) + return log_error_errno(r, "Failed to write UID map: %m"); + + xsprintf(path, "/proc/" PID_FMT "/gid_map", pid); +- r = write_string_file(path, gid_map, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(path, gid_map, 0); + if (r < 0) + return log_error_errno(r, "Failed to write GID map: %m"); + +diff --git a/src/basic/procfs-util.c b/src/basic/procfs-util.c +index e485a0196b..8bff210356 100644 +--- a/src/basic/procfs-util.c ++++ b/src/basic/procfs-util.c +@@ -64,13 +64,13 @@ int procfs_tasks_set_limit(uint64_t limit) { + * decrease it, as threads-max is the much more relevant sysctl. */ + if (limit > pid_max-1) { + sprintf(buffer, "%" PRIu64, limit+1); /* Add one, since PID 0 is not a valid PID */ +- r = write_string_file("/proc/sys/kernel/pid_max", buffer, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/proc/sys/kernel/pid_max", buffer, 0); + if (r < 0) + return r; + } + + sprintf(buffer, "%" PRIu64, limit); +- r = write_string_file("/proc/sys/kernel/threads-max", buffer, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/proc/sys/kernel/threads-max", buffer, 0); + if (r < 0) { + uint64_t threads_max; + +diff --git a/src/basic/sysctl-util.c b/src/basic/sysctl-util.c +index b66a6622ae..8d1c93008a 100644 +--- a/src/basic/sysctl-util.c ++++ b/src/basic/sysctl-util.c +@@ -58,7 +58,7 @@ int sysctl_write(const char *property, const char *value) { + + log_debug("Setting '%s' to '%s'", p, value); + +- return write_string_file(p, value, WRITE_STRING_FILE_VERIFY_ON_FAILURE | WRITE_STRING_FILE_DISABLE_BUFFER | WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL); ++ return write_string_file(p, value, WRITE_STRING_FILE_VERIFY_ON_FAILURE | WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL); + } + + int sysctl_writef(const char *property, const char *format, ...) { +diff --git a/src/basic/util.c b/src/basic/util.c +index d7ef382737..31c35118d1 100644 +--- a/src/basic/util.c ++++ b/src/basic/util.c +@@ -168,7 +168,7 @@ void disable_coredumps(void) { + if (detect_container() > 0) + return; + +- r = write_string_file("/proc/sys/kernel/core_pattern", "|/bin/false", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/proc/sys/kernel/core_pattern", "|/bin/false", 0); + if (r < 0) + log_debug_errno(r, "Failed to turn off coredumps, ignoring: %m"); + } +diff --git a/src/binfmt/binfmt.c b/src/binfmt/binfmt.c +index 18231c2618..6c598d55c8 100644 +--- a/src/binfmt/binfmt.c ++++ b/src/binfmt/binfmt.c +@@ -29,7 +29,7 @@ static bool arg_unregister = false; + + static int delete_rule(const char *rulename) { + const char *fn = strjoina("/proc/sys/fs/binfmt_misc/", rulename); +- return write_string_file(fn, "-1", WRITE_STRING_FILE_DISABLE_BUFFER); ++ return write_string_file(fn, "-1", 0); + } + + static int apply_rule(const char *filename, unsigned line, const char *rule) { +@@ -59,7 +59,7 @@ static int apply_rule(const char *filename, unsigned line, const char *rule) { + if (r >= 0) + log_debug("%s:%u: Rule '%s' deleted.", filename, line, rulename); + +- r = write_string_file("/proc/sys/fs/binfmt_misc/register", rule, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/proc/sys/fs/binfmt_misc/register", rule, 0); + if (r < 0) + return log_error_errno(r, "%s:%u: Failed to add binary format '%s': %m", + filename, line, rulename); +@@ -225,7 +225,7 @@ static int run(int argc, char *argv[]) { + } + + /* Flush out all rules */ +- r = write_string_file("/proc/sys/fs/binfmt_misc/status", "-1", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/proc/sys/fs/binfmt_misc/status", "-1", 0); + if (r < 0) + log_warning_errno(r, "Failed to flush binfmt_misc rules, ignoring: %m"); + else +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 9282b1ff20..7781e0f8eb 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -4182,7 +4182,7 @@ int unit_cgroup_freezer_action(Unit *u, FreezerAction action) { + else + u->freezer_state = FREEZER_THAWING; + +- r = write_string_file(path, one_zero(action == FREEZER_FREEZE), WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(path, one_zero(action == FREEZER_FREEZE), 0); + if (r < 0) + return r; + +diff --git a/src/core/main.c b/src/core/main.c +index 409b84a006..b1631e57ce 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -1374,7 +1374,7 @@ static int bump_unix_max_dgram_qlen(void) { + if (v >= DEFAULT_UNIX_MAX_DGRAM_QLEN) + return 0; + +- r = write_string_filef("/proc/sys/net/unix/max_dgram_qlen", WRITE_STRING_FILE_DISABLE_BUFFER, ++ r = write_string_filef("/proc/sys/net/unix/max_dgram_qlen", 0, + "%lu", DEFAULT_UNIX_MAX_DGRAM_QLEN); + if (r < 0) + return log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r, +@@ -1646,7 +1646,7 @@ static void initialize_core_pattern(bool skip_setup) { + if (getpid_cached() != 1) + return; + +- r = write_string_file("/proc/sys/kernel/core_pattern", arg_early_core_pattern, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/proc/sys/kernel/core_pattern", arg_early_core_pattern, 0); + if (r < 0) + log_warning_errno(r, "Failed to write '%s' to /proc/sys/kernel/core_pattern, ignoring: %m", + arg_early_core_pattern); +diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c +index f88cb80834..68055fb64a 100644 +--- a/src/core/smack-setup.c ++++ b/src/core/smack-setup.c +@@ -320,17 +320,17 @@ int mac_smack_setup(bool *loaded_policy) { + } + + #if HAVE_SMACK_RUN_LABEL +- r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL, 0); + if (r < 0) + log_warning_errno(r, "Failed to set SMACK label \"" SMACK_RUN_LABEL "\" on self: %m"); +- r = write_string_file("/sys/fs/smackfs/ambient", SMACK_RUN_LABEL, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/sys/fs/smackfs/ambient", SMACK_RUN_LABEL, 0); + if (r < 0) + log_warning_errno(r, "Failed to set SMACK ambient label \"" SMACK_RUN_LABEL "\": %m"); + r = write_string_file("/sys/fs/smackfs/netlabel", +- "0.0.0.0/0 " SMACK_RUN_LABEL, WRITE_STRING_FILE_DISABLE_BUFFER); ++ "0.0.0.0/0 " SMACK_RUN_LABEL, 0); + if (r < 0) + log_warning_errno(r, "Failed to set SMACK netlabel rule \"0.0.0.0/0 " SMACK_RUN_LABEL "\": %m"); +- r = write_string_file("/sys/fs/smackfs/netlabel", "127.0.0.1 -CIPSO", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/sys/fs/smackfs/netlabel", "127.0.0.1 -CIPSO", 0); + if (r < 0) + log_warning_errno(r, "Failed to set SMACK netlabel rule \"127.0.0.1 -CIPSO\": %m"); + #endif +diff --git a/src/hibernate-resume/hibernate-resume.c b/src/hibernate-resume/hibernate-resume.c +index 1c7d9179d8..3ae78ee580 100644 +--- a/src/hibernate-resume/hibernate-resume.c ++++ b/src/hibernate-resume/hibernate-resume.c +@@ -40,7 +40,7 @@ int main(int argc, char *argv[]) { + return EXIT_FAILURE; + } + +- r = write_string_file("/sys/power/resume", FORMAT_DEVNUM(st.st_rdev), WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/sys/power/resume", FORMAT_DEVNUM(st.st_rdev), 0); + if (r < 0) { + log_error_errno(r, "Failed to write '" DEVNUM_FORMAT_STR "' to /sys/power/resume: %m", DEVNUM_FORMAT_VAL(st.st_rdev)); + return EXIT_FAILURE; +diff --git a/src/home/homework.c b/src/home/homework.c +index 0014a7f598..ec3e9caa1c 100644 +--- a/src/home/homework.c ++++ b/src/home/homework.c +@@ -278,7 +278,7 @@ static void drop_caches_now(void) { + * details. We write "2" into /proc/sys/vm/drop_caches to ensure dentries/inodes are flushed, but not + * more. */ + +- r = write_string_file("/proc/sys/vm/drop_caches", "2\n", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/proc/sys/vm/drop_caches", "2\n", 0); + if (r < 0) + log_warning_errno(r, "Failed to drop caches, ignoring: %m"); + else +diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c +index aaf951ced8..45a9d70f0d 100644 +--- a/src/libsystemd/sd-device/sd-device.c ++++ b/src/libsystemd/sd-device/sd-device.c +@@ -2215,7 +2215,7 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr, + if (!value) + return -ENOMEM; + +- r = write_string_file(path, value, WRITE_STRING_FILE_DISABLE_BUFFER | WRITE_STRING_FILE_NOFOLLOW); ++ r = write_string_file(path, value, 0 | WRITE_STRING_FILE_NOFOLLOW); + if (r < 0) { + /* On failure, clear cache entry, as we do not know how it fails. */ + device_remove_cached_sysattr_value(device, sysattr); +diff --git a/src/nspawn/nspawn-cgroup.c b/src/nspawn/nspawn-cgroup.c +index 9e6379ae7b..546a03a7f5 100644 +--- a/src/nspawn/nspawn-cgroup.c ++++ b/src/nspawn/nspawn-cgroup.c +@@ -123,7 +123,7 @@ int sync_cgroup(pid_t pid, CGroupUnified unified_requested, uid_t uid_shift) { + fn = strjoina(tree, cgroup, "/cgroup.procs"); + + sprintf(pid_string, PID_FMT, pid); +- r = write_string_file(fn, pid_string, WRITE_STRING_FILE_DISABLE_BUFFER|WRITE_STRING_FILE_MKDIR_0755); ++ r = write_string_file(fn, pid_string, WRITE_STRING_FILE_MKDIR_0755); + if (r < 0) { + log_error_errno(r, "Failed to move process: %m"); + goto finish; +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index c5fd978395..fefe8a21e5 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -2759,7 +2759,7 @@ static int reset_audit_loginuid(void) { + if (streq(p, "4294967295")) + return 0; + +- r = write_string_file("/proc/self/loginuid", "4294967295", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/proc/self/loginuid", "4294967295", 0); + if (r < 0) { + log_error_errno(r, + "Failed to reset audit login UID. This probably means that your kernel is too\n" +@@ -4187,7 +4187,7 @@ static int setup_uid_map( + return log_oom(); + + xsprintf(uid_map, "/proc/" PID_FMT "/uid_map", pid); +- r = write_string_file(uid_map, s, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(uid_map, s, 0); + if (r < 0) + return log_error_errno(r, "Failed to write UID map: %m"); + +@@ -4197,7 +4197,7 @@ static int setup_uid_map( + return log_oom(); + + xsprintf(uid_map, "/proc/" PID_FMT "/gid_map", pid); +- r = write_string_file(uid_map, s, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(uid_map, s, 0); + if (r < 0) + return log_error_errno(r, "Failed to write GID map: %m"); + +diff --git a/src/shared/binfmt-util.c b/src/shared/binfmt-util.c +index 724d7f27d9..dd725cff92 100644 +--- a/src/shared/binfmt-util.c ++++ b/src/shared/binfmt-util.c +@@ -26,7 +26,7 @@ int disable_binfmt(void) { + if (r < 0) + return log_warning_errno(r, "Failed to determine whether binfmt_misc is mounted: %m"); + +- r = write_string_file("/proc/sys/fs/binfmt_misc/status", "-1", WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/proc/sys/fs/binfmt_misc/status", "-1", 0); + if (r < 0) + return log_warning_errno(r, "Failed to unregister binfmt_misc entries: %m"); + +diff --git a/src/shared/cgroup-setup.c b/src/shared/cgroup-setup.c +index a1fabc73c1..c5c8fc417e 100644 +--- a/src/shared/cgroup-setup.c ++++ b/src/shared/cgroup-setup.c +@@ -344,7 +344,7 @@ int cg_attach(const char *controller, const char *path, pid_t pid) { + + xsprintf(c, PID_FMT "\n", pid); + +- r = write_string_file(fs, c, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(fs, c, 0); + if (r == -EOPNOTSUPP && cg_is_threaded(controller, path) > 0) + /* When the threaded mode is used, we cannot read/write the file. Let's return recognizable error. */ + return -EUCLEAN; +@@ -879,7 +879,7 @@ int cg_enable_everywhere( + return log_debug_errno(errno, "Failed to open cgroup.subtree_control file of %s: %m", p); + } + +- r = write_string_stream(f, s, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_stream(f, s, 0); + if (r < 0) { + log_debug_errno(r, "Failed to %s controller %s for %s (%s): %m", + FLAGS_SET(mask, bit) ? "enable" : "disable", n, p, fs); +diff --git a/src/shared/coredump-util.c b/src/shared/coredump-util.c +index a0b648bf79..13f921390d 100644 +--- a/src/shared/coredump-util.c ++++ b/src/shared/coredump-util.c +@@ -70,5 +70,5 @@ int set_coredump_filter(uint64_t value) { + sprintf(t, "0x%"PRIx64, value); + + return write_string_file("/proc/self/coredump_filter", t, +- WRITE_STRING_FILE_VERIFY_ON_FAILURE|WRITE_STRING_FILE_DISABLE_BUFFER); ++ WRITE_STRING_FILE_VERIFY_ON_FAILURE); + } +diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c +index 0df1778cb2..3b9a0c934e 100644 +--- a/src/shared/smack-util.c ++++ b/src/shared/smack-util.c +@@ -114,7 +114,7 @@ int mac_smack_apply_pid(pid_t pid, const char *label) { + return 0; + + p = procfs_file_alloca(pid, "attr/current"); +- r = write_string_file(p, label, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file(p, label, 0); + if (r < 0) + return r; + +diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c +index 7064f3a905..8f2a7d9da2 100644 +--- a/src/sleep/sleep.c ++++ b/src/sleep/sleep.c +@@ -46,7 +46,7 @@ static int write_hibernate_location_info(const HibernateLocation *hibernate_loca + assert(hibernate_location->swap); + + xsprintf(resume_str, "%u:%u", major(hibernate_location->devno), minor(hibernate_location->devno)); +- r = write_string_file("/sys/power/resume", resume_str, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/sys/power/resume", resume_str, 0); + if (r < 0) + return log_debug_errno(r, "Failed to write partition device to /sys/power/resume for '%s': '%s': %m", + hibernate_location->swap->device, resume_str); +@@ -73,7 +73,7 @@ static int write_hibernate_location_info(const HibernateLocation *hibernate_loca + } + + xsprintf(offset_str, "%" PRIu64, hibernate_location->offset); +- r = write_string_file("/sys/power/resume_offset", offset_str, WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/sys/power/resume_offset", offset_str, 0); + if (r < 0) + return log_debug_errno(r, "Failed to write swap file offset to /sys/power/resume_offset for '%s': '%s': %m", + hibernate_location->swap->device, offset_str); +@@ -89,7 +89,7 @@ static int write_mode(char **modes) { + STRV_FOREACH(mode, modes) { + int k; + +- k = write_string_file("/sys/power/disk", *mode, WRITE_STRING_FILE_DISABLE_BUFFER); ++ k = write_string_file("/sys/power/disk", *mode, 0); + if (k >= 0) + return 0; + +@@ -110,7 +110,7 @@ static int write_state(FILE **f, char **states) { + STRV_FOREACH(state, states) { + int k; + +- k = write_string_stream(*f, *state, WRITE_STRING_FILE_DISABLE_BUFFER); ++ k = write_string_stream(*f, *state, 0); + if (k >= 0) + return 0; + log_debug_errno(k, "Failed to write '%s' to /sys/power/state: %m", *state); +diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c +index cd858c9cca..0feb9669a0 100644 +--- a/src/udev/udev-rules.c ++++ b/src/udev/udev-rules.c +@@ -2335,7 +2335,6 @@ static int udev_rule_apply_token_to_event( + log_rule_debug(dev, rules, "ATTR '%s' writing '%s'", buf, value); + r = write_string_file(buf, value, + WRITE_STRING_FILE_VERIFY_ON_FAILURE | +- WRITE_STRING_FILE_DISABLE_BUFFER | + WRITE_STRING_FILE_AVOID_NEWLINE | + WRITE_STRING_FILE_VERIFY_IGNORE_NEWLINE); + if (r < 0) +diff --git a/src/vconsole/vconsole-setup.c b/src/vconsole/vconsole-setup.c +index 50930d4af3..5efd5d3728 100644 +--- a/src/vconsole/vconsole-setup.c ++++ b/src/vconsole/vconsole-setup.c +@@ -108,7 +108,7 @@ static int toggle_utf8_vc(const char *name, int fd, bool utf8) { + static int toggle_utf8_sysfs(bool utf8) { + int r; + +- r = write_string_file("/sys/module/vt/parameters/default_utf8", one_zero(utf8), WRITE_STRING_FILE_DISABLE_BUFFER); ++ r = write_string_file("/sys/module/vt/parameters/default_utf8", one_zero(utf8), 0); + if (r < 0) + return log_warning_errno(r, "Failed to %s sysfs UTF-8 flag: %m", enable_disable(utf8)); + diff --git a/recipes-core/systemd/systemd/0023-Handle-missing-gshadow.patch b/recipes-core/systemd/systemd/0023-Handle-missing-gshadow.patch new file mode 100644 index 0000000..7da8798 --- /dev/null +++ b/recipes-core/systemd/systemd/0023-Handle-missing-gshadow.patch @@ -0,0 +1,173 @@ +From ebf0f69d8614b8d86a971b97ff0d847d1e5d47c9 Mon Sep 17 00:00:00 2001 +From: Alex Kiernan +Date: Tue, 10 Mar 2020 11:05:20 +0000 +Subject: [PATCH] Handle missing gshadow + +gshadow usage is now present in the userdb code. Mask all uses of it to +allow compilation on musl + +Upstream-Status: Inappropriate [musl specific] +Signed-off-by: Alex Kiernan +[Rebased for v247] +Signed-off-by: Luca Boccassi +--- + src/shared/user-record-nss.c | 20 ++++++++++++++++++++ + src/shared/user-record-nss.h | 4 ++++ + src/shared/userdb.c | 7 ++++++- + 3 files changed, 30 insertions(+), 1 deletion(-) + +diff --git a/src/shared/user-record-nss.c b/src/shared/user-record-nss.c +index 88b8fc2f8f..a819d41bac 100644 +--- a/src/shared/user-record-nss.c ++++ b/src/shared/user-record-nss.c +@@ -331,8 +331,10 @@ int nss_group_to_group_record( + if (isempty(grp->gr_name)) + return -EINVAL; + ++#if ENABLE_GSHADOW + if (sgrp && !streq_ptr(sgrp->sg_namp, grp->gr_name)) + return -EINVAL; ++#endif + + g = group_record_new(); + if (!g) +@@ -348,6 +350,7 @@ int nss_group_to_group_record( + + g->gid = grp->gr_gid; + ++#if ENABLE_GSHADOW + if (sgrp) { + if (looks_like_hashed_password(utf8_only(sgrp->sg_passwd))) { + g->hashed_password = strv_new(sgrp->sg_passwd); +@@ -363,6 +366,7 @@ int nss_group_to_group_record( + if (r < 0) + return r; + } ++#endif + + r = json_build(&g->json, JSON_BUILD_OBJECT( + JSON_BUILD_PAIR("groupName", JSON_BUILD_STRING(g->group_name)), +@@ -388,6 +392,7 @@ int nss_sgrp_for_group(const struct group *grp, struct sgrp *ret_sgrp, char **re + assert(ret_sgrp); + assert(ret_buffer); + ++#if ENABLE_GSHADOW + for (;;) { + _cleanup_free_ char *buf = NULL; + struct sgrp sgrp, *result; +@@ -416,6 +421,9 @@ int nss_sgrp_for_group(const struct group *grp, struct sgrp *ret_sgrp, char **re + buflen *= 2; + buf = mfree(buf); + } ++#else ++ return -ESRCH; ++#endif + } + + int nss_group_record_by_name( +@@ -427,7 +435,9 @@ int nss_group_record_by_name( + struct group grp, *result; + bool incomplete = false; + size_t buflen = 4096; ++#if ENABLE_GSHADOW + struct sgrp sgrp, *sresult = NULL; ++#endif + int r; + + assert(name); +@@ -457,6 +467,7 @@ int nss_group_record_by_name( + buf = mfree(buf); + } + ++#if ENABLE_GSHADOW + if (with_shadow) { + r = nss_sgrp_for_group(result, &sgrp, &sbuf); + if (r < 0) { +@@ -468,6 +479,9 @@ int nss_group_record_by_name( + incomplete = true; + + r = nss_group_to_group_record(result, sresult, ret); ++#else ++ r = nss_group_to_group_record(result, NULL, ret); ++#endif + if (r < 0) + return r; + +@@ -484,7 +498,9 @@ int nss_group_record_by_gid( + struct group grp, *result; + bool incomplete = false; + size_t buflen = 4096; ++#if ENABLE_GSHADOW + struct sgrp sgrp, *sresult = NULL; ++#endif + int r; + + assert(ret); +@@ -512,6 +528,7 @@ int nss_group_record_by_gid( + buf = mfree(buf); + } + ++#if ENABLE_GSHADOW + if (with_shadow) { + r = nss_sgrp_for_group(result, &sgrp, &sbuf); + if (r < 0) { +@@ -523,6 +540,9 @@ int nss_group_record_by_gid( + incomplete = true; + + r = nss_group_to_group_record(result, sresult, ret); ++#else ++ r = nss_group_to_group_record(result, NULL, ret); ++#endif + if (r < 0) + return r; + +diff --git a/src/shared/user-record-nss.h b/src/shared/user-record-nss.h +index 22ab04d6ee..4e52e7a911 100644 +--- a/src/shared/user-record-nss.h ++++ b/src/shared/user-record-nss.h +@@ -2,7 +2,11 @@ + #pragma once + + #include ++#if ENABLE_GSHADOW + #include ++#else ++struct sgrp; ++#endif + #include + #include + +diff --git a/src/shared/userdb.c b/src/shared/userdb.c +index a77eff4407..955e361d3a 100644 +--- a/src/shared/userdb.c ++++ b/src/shared/userdb.c +@@ -1044,13 +1044,15 @@ int groupdb_iterator_get(UserDBIterator *iterator, GroupRecord **ret) { + if (gr) { + _cleanup_free_ char *buffer = NULL; + bool incomplete = false; ++#if ENABLE_GSHADOW + struct sgrp sgrp; +- ++#endif + if (streq_ptr(gr->gr_name, "root")) + iterator->synthesize_root = false; + if (gr->gr_gid == GID_NOBODY) + iterator->synthesize_nobody = false; + ++#if ENABLE_GSHADOW + if (!FLAGS_SET(iterator->flags, USERDB_SUPPRESS_SHADOW)) { + r = nss_sgrp_for_group(gr, &sgrp, &buffer); + if (r < 0) { +@@ -1063,6 +1065,9 @@ int groupdb_iterator_get(UserDBIterator *iterator, GroupRecord **ret) { + } + + r = nss_group_to_group_record(gr, r >= 0 ? &sgrp : NULL, ret); ++#else ++ r = nss_group_to_group_record(gr, NULL, ret); ++#endif + if (r < 0) + return r; + +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0024-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch b/recipes-core/systemd/systemd/0024-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch new file mode 100644 index 0000000..15ff6eb --- /dev/null +++ b/recipes-core/systemd/systemd/0024-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch @@ -0,0 +1,49 @@ +From a2f56a2a6cdd5137bb1e680aa9f6c40540107166 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Mon, 12 Apr 2021 23:44:53 -0700 +Subject: [PATCH] missing_syscall.h: Define MIPS ABI defines for musl + +musl does not define _MIPS_SIM_ABI32, _MIPS_SIM_NABI32, _MIPS_SIM_ABI64 +unlike glibc where these are provided by libc headers, therefore define +them here in case they are undefined + +Upstream-Status: Pending + +Signed-off-by: Khem Raj +--- + src/basic/missing_syscall.h | 6 ++++++ + src/shared/base-filesystem.c | 1 + + 2 files changed, 7 insertions(+) + +diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h +index 98cd037962..ea6a76c2e2 100644 +--- a/src/basic/missing_syscall.h ++++ b/src/basic/missing_syscall.h +@@ -20,6 +20,12 @@ + #include + #endif + ++#ifndef _MIPS_SIM_ABI32 ++#define _MIPS_SIM_ABI32 1 ++#define _MIPS_SIM_NABI32 2 ++#define _MIPS_SIM_ABI64 3 ++#endif ++ + #include "macro.h" + #include "missing_keyctl.h" + #include "missing_stat.h" +diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c +index 2726dc946a..484f63e0b4 100644 +--- a/src/shared/base-filesystem.c ++++ b/src/shared/base-filesystem.c +@@ -19,6 +19,7 @@ + #include "string-util.h" + #include "umask-util.h" + #include "user-util.h" ++#include "missing_syscall.h" + + typedef struct BaseFilesystem { + const char *dir; /* directory or symlink to create */ +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0025-Handle-__cpu_mask-usage.patch b/recipes-core/systemd/systemd/0025-Handle-__cpu_mask-usage.patch new file mode 100644 index 0000000..6981d70 --- /dev/null +++ b/recipes-core/systemd/systemd/0025-Handle-__cpu_mask-usage.patch @@ -0,0 +1,58 @@ +From 8871f78c559f37169c0cfaf20b0af1dbec0399af Mon Sep 17 00:00:00 2001 +From: Scott Murray +Date: Fri, 13 Sep 2019 19:26:27 -0400 +Subject: [PATCH] Handle __cpu_mask usage + +Fixes errors: + +src/test/test-cpu-set-util.c:18:54: error: '__cpu_mask' undeclared (first use in this function) +src/test/test-sizeof.c:73:14: error: '__cpu_mask' undeclared (first use in this function) + +__cpu_mask is an internal type of glibc's cpu_set implementation, not +part of the POSIX definition, which is problematic when building with +musl, which does not define a matching type. From inspection of musl's +sched.h, however, it is clear that the corresponding type would be +unsigned long, which does match glibc's actual __CPU_MASK_TYPE. So, +add a typedef to cpu-set-util.h defining __cpu_mask appropriately. + +Upstream-Status: Inappropriate [musl specific] + +Signed-off-by: Scott Murray + +--- + src/shared/cpu-set-util.h | 2 ++ + src/test/test-sizeof.c | 2 +- + 2 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/shared/cpu-set-util.h b/src/shared/cpu-set-util.h +index 3c63a58826..4c2d4347fc 100644 +--- a/src/shared/cpu-set-util.h ++++ b/src/shared/cpu-set-util.h +@@ -6,6 +6,8 @@ + #include "macro.h" + #include "missing_syscall.h" + ++typedef unsigned long __cpu_mask; ++ + /* This wraps the libc interface with a variable to keep the allocated size. */ + typedef struct CPUSet { + cpu_set_t *set; +diff --git a/src/test/test-sizeof.c b/src/test/test-sizeof.c +index 602772227e..7f1ed19d77 100644 +--- a/src/test/test-sizeof.c ++++ b/src/test/test-sizeof.c +@@ -1,6 +1,5 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + +-#include + #include + #include + #include +@@ -10,6 +9,7 @@ + #include + + #include "time-util.h" ++#include "cpu-set-util.h" + + /* Print information about various types. Useful when diagnosing + * gcc diagnostics on an unfamiliar architecture. */ diff --git a/recipes-core/systemd/systemd/0025-systemctl-explicitly-cast-the-constants-to-uint64_t.patch b/recipes-core/systemd/systemd/0025-systemctl-explicitly-cast-the-constants-to-uint64_t.patch new file mode 100644 index 0000000..d840de8 --- /dev/null +++ b/recipes-core/systemd/systemd/0025-systemctl-explicitly-cast-the-constants-to-uint64_t.patch @@ -0,0 +1,44 @@ +From fad29ce1f5cc7b12bc13671d9ad80775771a67eb Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Fri, 3 Mar 2023 12:17:27 +0100 +Subject: [PATCH] systemctl: explicitly cast the constants to uint64_t + +Otherwise under certain conditions `va_arg()` might get garbage instead +of the expected value, i.e.: + +$ sudo build-o0/systemctl disable asdfasfaf +sd_bus_message_appendv: Got uint64_t: 0 +Failed to disable unit: Unit file asdfasfaf.service does not exist. + +$ sudo build-o1/systemctl disable asdfasfaf +sd_bus_message_appendv: Got uint64_t: 7954875719681572864 +Failed to disable unit: Invalid argument + +(reproduced on an armv7hl machine) + +Resolves: #26568 +Follow-up to: bf1bea43f15 +Related issue: https://github.com/systemd/systemd/pull/14470#discussion_r362893735 + +Upstream-Status: Backport [https://github.com/systemd/systemd/commit/c63bfd0884cf20e48befbee49d41f667660a8802] +Signed-off-by: Alexander Kanavin +--- + src/systemctl/systemctl-enable.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/systemctl/systemctl-enable.c b/src/systemctl/systemctl-enable.c +index 86d9f602fa..f94a286122 100644 +--- a/src/systemctl/systemctl-enable.c ++++ b/src/systemctl/systemctl-enable.c +@@ -211,7 +211,7 @@ int verb_enable(int argc, char *argv[], void *userdata) { + + if (send_runtime) { + if (streq(method, "DisableUnitFilesWithFlagsAndInstallInfo")) +- r = sd_bus_message_append(m, "t", arg_runtime ? UNIT_FILE_RUNTIME : 0); ++ r = sd_bus_message_append(m, "t", arg_runtime ? (uint64_t) UNIT_FILE_RUNTIME : UINT64_C(0)); + else + r = sd_bus_message_append(m, "b", arg_runtime); + if (r < 0) +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0026-Handle-missing-gshadow.patch b/recipes-core/systemd/systemd/0026-Handle-missing-gshadow.patch new file mode 100644 index 0000000..2c56838 --- /dev/null +++ b/recipes-core/systemd/systemd/0026-Handle-missing-gshadow.patch @@ -0,0 +1,171 @@ +From ec519727bb1ceda6e7787ccf86237a6aad07137c Mon Sep 17 00:00:00 2001 +From: Alex Kiernan +Date: Tue, 10 Mar 2020 11:05:20 +0000 +Subject: [PATCH] Handle missing gshadow + +gshadow usage is now present in the userdb code. Mask all uses of it to +allow compilation on musl + +Upstream-Status: Inappropriate [musl specific] +Signed-off-by: Alex Kiernan +[Rebased for v247] +Signed-off-by: Luca Boccassi + +--- + src/shared/user-record-nss.c | 20 ++++++++++++++++++++ + src/shared/user-record-nss.h | 4 ++++ + src/shared/userdb.c | 7 ++++++- + 3 files changed, 30 insertions(+), 1 deletion(-) + +diff --git a/src/shared/user-record-nss.c b/src/shared/user-record-nss.c +index 88b8fc2f8f..a819d41bac 100644 +--- a/src/shared/user-record-nss.c ++++ b/src/shared/user-record-nss.c +@@ -331,8 +331,10 @@ int nss_group_to_group_record( + if (isempty(grp->gr_name)) + return -EINVAL; + ++#if ENABLE_GSHADOW + if (sgrp && !streq_ptr(sgrp->sg_namp, grp->gr_name)) + return -EINVAL; ++#endif + + g = group_record_new(); + if (!g) +@@ -348,6 +350,7 @@ int nss_group_to_group_record( + + g->gid = grp->gr_gid; + ++#if ENABLE_GSHADOW + if (sgrp) { + if (looks_like_hashed_password(utf8_only(sgrp->sg_passwd))) { + g->hashed_password = strv_new(sgrp->sg_passwd); +@@ -363,6 +366,7 @@ int nss_group_to_group_record( + if (r < 0) + return r; + } ++#endif + + r = json_build(&g->json, JSON_BUILD_OBJECT( + JSON_BUILD_PAIR("groupName", JSON_BUILD_STRING(g->group_name)), +@@ -388,6 +392,7 @@ int nss_sgrp_for_group(const struct group *grp, struct sgrp *ret_sgrp, char **re + assert(ret_sgrp); + assert(ret_buffer); + ++#if ENABLE_GSHADOW + for (;;) { + _cleanup_free_ char *buf = NULL; + struct sgrp sgrp, *result; +@@ -416,6 +421,9 @@ int nss_sgrp_for_group(const struct group *grp, struct sgrp *ret_sgrp, char **re + buflen *= 2; + buf = mfree(buf); + } ++#else ++ return -ESRCH; ++#endif + } + + int nss_group_record_by_name( +@@ -427,7 +435,9 @@ int nss_group_record_by_name( + struct group grp, *result; + bool incomplete = false; + size_t buflen = 4096; ++#if ENABLE_GSHADOW + struct sgrp sgrp, *sresult = NULL; ++#endif + int r; + + assert(name); +@@ -457,6 +467,7 @@ int nss_group_record_by_name( + buf = mfree(buf); + } + ++#if ENABLE_GSHADOW + if (with_shadow) { + r = nss_sgrp_for_group(result, &sgrp, &sbuf); + if (r < 0) { +@@ -468,6 +479,9 @@ int nss_group_record_by_name( + incomplete = true; + + r = nss_group_to_group_record(result, sresult, ret); ++#else ++ r = nss_group_to_group_record(result, NULL, ret); ++#endif + if (r < 0) + return r; + +@@ -484,7 +498,9 @@ int nss_group_record_by_gid( + struct group grp, *result; + bool incomplete = false; + size_t buflen = 4096; ++#if ENABLE_GSHADOW + struct sgrp sgrp, *sresult = NULL; ++#endif + int r; + + assert(ret); +@@ -512,6 +528,7 @@ int nss_group_record_by_gid( + buf = mfree(buf); + } + ++#if ENABLE_GSHADOW + if (with_shadow) { + r = nss_sgrp_for_group(result, &sgrp, &sbuf); + if (r < 0) { +@@ -523,6 +540,9 @@ int nss_group_record_by_gid( + incomplete = true; + + r = nss_group_to_group_record(result, sresult, ret); ++#else ++ r = nss_group_to_group_record(result, NULL, ret); ++#endif + if (r < 0) + return r; + +diff --git a/src/shared/user-record-nss.h b/src/shared/user-record-nss.h +index 22ab04d6ee..4e52e7a911 100644 +--- a/src/shared/user-record-nss.h ++++ b/src/shared/user-record-nss.h +@@ -2,7 +2,11 @@ + #pragma once + + #include ++#if ENABLE_GSHADOW + #include ++#else ++struct sgrp; ++#endif + #include + #include + +diff --git a/src/shared/userdb.c b/src/shared/userdb.c +index 0eddd382e6..d506b8e263 100644 +--- a/src/shared/userdb.c ++++ b/src/shared/userdb.c +@@ -1046,13 +1046,15 @@ int groupdb_iterator_get(UserDBIterator *iterator, GroupRecord **ret) { + if (gr) { + _cleanup_free_ char *buffer = NULL; + bool incomplete = false; ++#if ENABLE_GSHADOW + struct sgrp sgrp; +- ++#endif + if (streq_ptr(gr->gr_name, "root")) + iterator->synthesize_root = false; + if (gr->gr_gid == GID_NOBODY) + iterator->synthesize_nobody = false; + ++#if ENABLE_GSHADOW + if (!FLAGS_SET(iterator->flags, USERDB_SUPPRESS_SHADOW)) { + r = nss_sgrp_for_group(gr, &sgrp, &buffer); + if (r < 0) { +@@ -1065,6 +1067,9 @@ int groupdb_iterator_get(UserDBIterator *iterator, GroupRecord **ret) { + } + + r = nss_group_to_group_record(gr, r >= 0 ? &sgrp : NULL, ret); ++#else ++ r = nss_group_to_group_record(gr, NULL, ret); ++#endif + if (r < 0) + return r; + diff --git a/recipes-core/systemd/systemd/0026-src-boot-efi-efi-string.c-define-wchar_t-from-__WCHA.patch b/recipes-core/systemd/systemd/0026-src-boot-efi-efi-string.c-define-wchar_t-from-__WCHA.patch new file mode 100644 index 0000000..c7e2280 --- /dev/null +++ b/recipes-core/systemd/systemd/0026-src-boot-efi-efi-string.c-define-wchar_t-from-__WCHA.patch @@ -0,0 +1,44 @@ +From 34072f456b4fe880fbb2f18760b64a1a6c1eebb8 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin +Date: Mon, 6 Mar 2023 15:24:49 +0100 +Subject: [PATCH] src/boot/efi/efi-string.c: define wchar_t from __WCHAR_TYPE__ + +systemd-boot relies on wchar_t being 16 bit, and breaks at build time otherwise. + +To set wchar_t to 16 bit it is passing -fshort-wchar to gcc; this has the +desired effect on glibc (which sets wchar_t from __WCHAR_TYPE__) but not on +musl (which hardcodes it to 32 bit). + +This patch ensures wchar_t is set from the compiler flags on all systems; note +that systemd-boot is not actually using functions from musl or other libc, just their headers. + +Meanwhile upstream has refactored the code to not rely on libc headers at all; +however this will not be backported to v253 and we need a different fix. + +Upstream-Status: Inappropriate [fixed differently in trunk according to https://github.com/systemd/systemd/pull/26689] +Signed-off-by: Alexander Kanavin +--- + src/boot/efi/efi-string.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/boot/efi/efi-string.c b/src/boot/efi/efi-string.c +index 22923d60f6..5d09d4281f 100644 +--- a/src/boot/efi/efi-string.c ++++ b/src/boot/efi/efi-string.c +@@ -2,7 +2,13 @@ + + #include + #include ++ ++#if SD_BOOT ++typedef __WCHAR_TYPE__ wchar_t; ++#define __DEFINED_wchar_t ++#else + #include ++#endif + + #include "efi-string.h" + +-- +2.39.2 + diff --git a/recipes-core/systemd/systemd/0028-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch b/recipes-core/systemd/systemd/0028-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch new file mode 100644 index 0000000..6c97a27 --- /dev/null +++ b/recipes-core/systemd/systemd/0028-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch @@ -0,0 +1,47 @@ +From 754a16eeb255c06dbdd4655632276573f0f075ec Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Mon, 12 Apr 2021 23:44:53 -0700 +Subject: [PATCH] missing_syscall.h: Define MIPS ABI defines for musl + +musl does not define _MIPS_SIM_ABI32, _MIPS_SIM_NABI32, _MIPS_SIM_ABI64 +unlike glibc where these are provided by libc headers, therefore define +them here in case they are undefined + +Upstream-Status: Pending + +Signed-off-by: Khem Raj + +--- + src/basic/missing_syscall.h | 6 ++++++ + src/shared/base-filesystem.c | 1 + + 2 files changed, 7 insertions(+) + +diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h +index 793d111c55..9665848b88 100644 +--- a/src/basic/missing_syscall.h ++++ b/src/basic/missing_syscall.h +@@ -20,6 +20,12 @@ + #include + #endif + ++#ifndef _MIPS_SIM_ABI32 ++#define _MIPS_SIM_ABI32 1 ++#define _MIPS_SIM_NABI32 2 ++#define _MIPS_SIM_ABI64 3 ++#endif ++ + #include "macro.h" + #include "missing_keyctl.h" + #include "missing_stat.h" +diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c +index d396bc99fe..7e9c0c3412 100644 +--- a/src/shared/base-filesystem.c ++++ b/src/shared/base-filesystem.c +@@ -19,6 +19,7 @@ + #include "string-util.h" + #include "umask-util.h" + #include "user-util.h" ++#include "missing_syscall.h" + + typedef struct BaseFilesystem { + const char *dir; /* directory or symlink to create */ diff --git a/recipes-core/systemd/systemd/99-default.preset b/recipes-core/systemd/systemd/99-default.preset new file mode 100644 index 0000000..1f29b50 --- /dev/null +++ b/recipes-core/systemd/systemd/99-default.preset @@ -0,0 +1 @@ +disable * diff --git a/recipes-core/systemd/systemd/init b/recipes-core/systemd/systemd/init new file mode 100644 index 0000000..ea52be4 --- /dev/null +++ b/recipes-core/systemd/systemd/init @@ -0,0 +1,104 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: udev +# Required-Start: mountvirtfs +# Required-Stop: +# Default-Start: S +# Default-Stop: +# Short-Description: Start udevd, populate /dev and load drivers. +### END INIT INFO + +. /etc/init.d/functions + +export TZ=/etc/localtime + +[ -d /sys/class ] || exit 1 +[ -r /proc/mounts ] || exit 1 +[ -x @UDEVD@ ] || exit 1 +[ -f /etc/default/udev-cache ] && . /etc/default/udev-cache +[ -f /etc/udev/udev.conf ] && . /etc/udev/udev.conf + +readfile () { + filename=$1 + READDATA="" + if [ -r $filename ]; then + while read line; do + READDATA="$READDATA$line" + done < $filename + fi +} + +case "$1" in + start) + export ACTION=add + # propagate /dev from /sys + echo "Starting udev" + + # mount the devtmpfs on /dev, if not already done + LANG=C awk '$2 == "/dev" && ($3 == "devtmpfs") { exit 1 }' /proc/mounts && { + mount -n -o mode=0755 -t devtmpfs none "/dev" + } + [ -e /dev/pts ] || mkdir -m 0755 /dev/pts + [ -e /dev/shm ] || mkdir -m 1777 /dev/shm + mount -a -t tmpfs 2>/dev/null + + # cache handling + if [ "$DEVCACHE" != "" ]; then + readfile /proc/version + VERSION="$READDATA" + readfile /proc/cmdline + CMDLINE="$READDATA" + readfile /proc/devices + DEVICES="$READDATA" + readfile /proc/atags + ATAGS="$READDATA" + + if [ -e $DEVCACHE ]; then + readfile /etc/udev/cache.data + if [ "$READDATA" = "$VERSION$CMDLINE$DEVICES$ATAGS" ]; then + (cd /; tar xf $DEVCACHE > /dev/null 2>&1) + not_first_boot=1 + [ "$VERBOSE" != "no" ] && echo "udev: using cache file $DEVCACHE" + [ -e /dev/shm/udev.cache ] && rm -f /dev/shm/udev.cache + else + echo "$VERSION$CMDLINE$DEVICES$ATAGS" > /dev/shm/udev.cache + fi + else + echo "$VERSION$CMDLINE$DEVICES$ATAGS" > /dev/shm/udev.cache + fi + fi + + # make_extra_nodes + killproc systemd-udevd > "/dev/null" 2>&1 + + # trigger the sorted events + echo -e '\000\000\000\000' > /proc/sys/kernel/hotplug + @UDEVD@ -d + + udevadm control --env=STARTUP=1 + if [ "$not_first_boot" != "" ];then + udevadm trigger --action=add --subsystem-nomatch=tty --subsystem-nomatch=mem --subsystem-nomatch=vc --subsystem-nomatch=vtconsole --subsystem-nomatch=misc --subsystem-nomatch=dcon --subsystem-nomatch=pci_bus --subsystem-nomatch=graphics --subsystem-nomatch=backlight --subsystem-nomatch=video4linux --subsystem-nomatch=platform + (udevadm settle --timeout=3; udevadm control --env=STARTUP=)& + else + udevadm trigger --action=add + udevadm settle + fi + ;; + stop) + echo "Stopping udevd" + start-stop-daemon --stop --name systemd-udevd --quiet + ;; + restart) + $0 stop + sleep 1 + $0 start + ;; + status) + status systemd-udevd + ;; + *) + echo "Usage: $0 {start|stop|status|restart}" + exit 1 +esac +exit 0 diff --git a/recipes-core/systemd/systemd/org.freedesktop.hostname1_no_polkit.conf b/recipes-core/systemd/systemd/org.freedesktop.hostname1_no_polkit.conf new file mode 100644 index 0000000..f4d0271 --- /dev/null +++ b/recipes-core/systemd/systemd/org.freedesktop.hostname1_no_polkit.conf @@ -0,0 +1,11 @@ + + + + + + + + + + diff --git a/recipes-core/systemd/systemd/systemd-pager.sh b/recipes-core/systemd/systemd/systemd-pager.sh new file mode 100644 index 0000000..86e3e0a --- /dev/null +++ b/recipes-core/systemd/systemd/systemd-pager.sh @@ -0,0 +1,7 @@ +# Systemd expect a color capable pager, however the less provided +# by busybox is not. This make many interaction with systemd pretty +# annoying. As a workaround we disable the systemd pager if less +# is not the GNU version. +if ! less -V > /dev/null 2>&1 ; then + export SYSTEMD_PAGER= +fi diff --git a/recipes-core/systemd/systemd/touchscreen.rules b/recipes-core/systemd/systemd/touchscreen.rules new file mode 100644 index 0000000..d83fd16 --- /dev/null +++ b/recipes-core/systemd/systemd/touchscreen.rules @@ -0,0 +1,18 @@ +# There are a number of modifiers that are allowed to be used in some +# of the different fields. They provide the following subsitutions: +# +# %n the "kernel number" of the device. +# For example, 'sda3' has a "kernel number" of '3' +# %e the smallest number for that name which does not matches an existing node +# %k the kernel name for the device +# %M the kernel major number for the device +# %m the kernel minor number for the device +# %b the bus id for the device +# %c the string returned by the PROGRAM +# %s{filename} the content of a sysfs attribute +# %% the '%' char itself +# + +# Create a symlink to any touchscreen input device +SUBSYSTEM=="input", KERNEL=="event[0-9]*", ATTRS{modalias}=="input:*-e0*,3,*a0,1,*18,*", SYMLINK+="input/touchscreen0" +SUBSYSTEM=="input", KERNEL=="event[0-9]*", ATTRS{modalias}=="ads7846", SYMLINK+="input/touchscreen0" diff --git a/recipes-core/systemd/systemd_251.8.bb b/recipes-core/systemd/systemd_251.8.bb new file mode 100644 index 0000000..991da07 --- /dev/null +++ b/recipes-core/systemd/systemd_251.8.bb @@ -0,0 +1,801 @@ +require systemd.inc + +PROVIDES = "udev" + +PE = "1" + +DEPENDS = "intltool-native gperf-native libcap util-linux python3-jinja2-native" + +SECTION = "base/shell" + +inherit useradd pkgconfig meson perlnative update-rc.d update-alternatives qemu systemd gettext bash-completion manpages features_check + +# As this recipe builds udev, respect systemd being in DISTRO_FEATURES so +# that we don't build both udev and systemd in world builds. +REQUIRED_DISTRO_FEATURES = "systemd" + +SRC_URI += " \ + file://touchscreen.rules \ + file://00-create-volatile.conf \ + ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'file://org.freedesktop.hostname1_no_polkit.conf', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'file://00-hostnamed-network-user.conf', '', d)} \ + file://init \ + file://99-default.preset \ + file://systemd-pager.sh \ + file://0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch \ + file://0003-implment-systemd-sysv-install-for-OE.patch \ + file://0001-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch \ + " + +# patches needed by musl +SRC_URI:append:libc-musl = " ${SRC_URI_MUSL}" +SRC_URI_MUSL = "\ + file://0003-missing_type.h-add-comparison_fn_t.patch \ + file://0004-add-fallback-parse_printf_format-implementation.patch \ + file://0005-src-basic-missing.h-check-for-missing-strndupa.patch \ + file://0007-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch \ + file://0008-add-missing-FTW_-macros-for-musl.patch \ + file://0010-Use-uintmax_t-for-handling-rlim_t.patch \ + file://0011-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch \ + file://0012-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch \ + file://0013-Define-glibc-compatible-basename-for-non-glibc-syste.patch \ + file://0014-Do-not-disable-buffering-when-writing-to-oom_score_a.patch \ + file://0015-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch \ + file://0018-avoid-redefinition-of-prctl_mm_map-structure.patch \ + file://0022-do-not-disable-buffer-in-writing-files.patch \ + file://0025-Handle-__cpu_mask-usage.patch \ + file://0026-Handle-missing-gshadow.patch \ + file://0028-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch \ + file://0001-pass-correct-parameters-to-getdents64.patch \ + file://0002-Add-sys-stat.h-for-S_IFDIR.patch \ + file://0001-Adjust-for-musl-headers.patch \ + " + +PAM_PLUGINS = " \ + pam-plugin-unix \ + pam-plugin-loginuid \ + pam-plugin-keyinit \ +" + +PACKAGECONFIG ??= " \ + ${@bb.utils.filter('DISTRO_FEATURES', 'acl audit efi ldconfig pam selinux smack usrmerge polkit seccomp', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'wifi', 'rfkill', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'xkbcommon', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', '', 'link-udev-shared', d)} \ + backlight \ + binfmt \ + gshadow \ + hibernate \ + hostnamed \ + idn \ + ima \ + kmod \ + localed \ + logind \ + machined \ + myhostname \ + networkd \ + nss \ + nss-mymachines \ + nss-resolve \ + quotacheck \ + randomseed \ + resolved \ + set-time-epoch \ + sysusers \ + sysvinit \ + timedated \ + timesyncd \ + userdb \ + utmp \ + vconsole \ + wheel-group \ + zstd \ +" + +PACKAGECONFIG:remove:libc-musl = " \ + gshadow \ + idn \ + localed \ + myhostname \ + nss \ + nss-mymachines \ + nss-resolve \ + sysusers \ + userdb \ + utmp \ +" + +# https://github.com/seccomp/libseccomp/issues/347 +PACKAGECONFIG:remove:mipsarch = "seccomp" + +CFLAGS:append:libc-musl = " -D__UAPI_DEF_ETHHDR=0 " + +# Some of the dependencies are weak-style recommends - if not available at runtime, +# systemd won't fail but the library-related feature will be skipped with a warning. + +# Use the upstream systemd serial-getty@.service and rely on +# systemd-getty-generator instead of using the OE-core specific +# systemd-serialgetty.bb - not enabled by default. +PACKAGECONFIG[serial-getty-generator] = "" + +PACKAGECONFIG[acl] = "-Dacl=true,-Dacl=false,acl" +PACKAGECONFIG[audit] = "-Daudit=true,-Daudit=false,audit" +PACKAGECONFIG[backlight] = "-Dbacklight=true,-Dbacklight=false" +PACKAGECONFIG[binfmt] = "-Dbinfmt=true,-Dbinfmt=false" +PACKAGECONFIG[bzip2] = "-Dbzip2=true,-Dbzip2=false,bzip2" +PACKAGECONFIG[cgroupv2] = "-Ddefault-hierarchy=unified,-Ddefault-hierarchy=hybrid" +PACKAGECONFIG[coredump] = "-Dcoredump=true,-Dcoredump=false" +PACKAGECONFIG[cryptsetup] = "-Dlibcryptsetup=true,-Dlibcryptsetup=false,cryptsetup,,cryptsetup" +PACKAGECONFIG[tpm2] = "-Dtpm2=true,-Dtpm2=false,tpm2-tss,tpm2-tss libtss2 libtss2-tcti-device" +PACKAGECONFIG[dbus] = "-Ddbus=true,-Ddbus=false,dbus" +PACKAGECONFIG[efi] = "-Defi=true,-Defi=false" +PACKAGECONFIG[gnu-efi] = "-Dgnu-efi=true -Defi-libdir=${STAGING_LIBDIR} -Defi-includedir=${STAGING_INCDIR}/efi,-Dgnu-efi=false,gnu-efi" +PACKAGECONFIG[elfutils] = "-Delfutils=true,-Delfutils=false,elfutils" +PACKAGECONFIG[firstboot] = "-Dfirstboot=true,-Dfirstboot=false" +PACKAGECONFIG[repart] = "-Drepart=true,-Drepart=false" +PACKAGECONFIG[homed] = "-Dhomed=true,-Dhomed=false" +# Sign the journal for anti-tampering +PACKAGECONFIG[gcrypt] = "-Dgcrypt=true,-Dgcrypt=false,libgcrypt" +PACKAGECONFIG[gnutls] = "-Dgnutls=true,-Dgnutls=false,gnutls" +PACKAGECONFIG[gshadow] = "-Dgshadow=true,-Dgshadow=false" +PACKAGECONFIG[hibernate] = "-Dhibernate=true,-Dhibernate=false" +PACKAGECONFIG[hostnamed] = "-Dhostnamed=true,-Dhostnamed=false" +PACKAGECONFIG[idn] = "-Didn=true,-Didn=false" +PACKAGECONFIG[ima] = "-Dima=true,-Dima=false" +# importd requires journal-upload/xz/zlib/bzip2/gcrypt +PACKAGECONFIG[importd] = "-Dimportd=true,-Dimportd=false,glib-2.0" +# Update NAT firewall rules +PACKAGECONFIG[iptc] = "-Dlibiptc=true,-Dlibiptc=false,iptables" +PACKAGECONFIG[journal-upload] = "-Dlibcurl=true,-Dlibcurl=false,curl" +PACKAGECONFIG[kmod] = "-Dkmod=true,-Dkmod=false,kmod" +PACKAGECONFIG[ldconfig] = "-Dldconfig=true,-Dldconfig=false,,ldconfig" +PACKAGECONFIG[libidn] = "-Dlibidn=true,-Dlibidn=false,libidn,,libidn" +PACKAGECONFIG[libidn2] = "-Dlibidn2=true,-Dlibidn2=false,libidn2,,libidn2" +# Link udev shared with systemd helper library. +# If enabled the udev package depends on the systemd package (which has the needed shared library). +PACKAGECONFIG[link-udev-shared] = "-Dlink-udev-shared=true,-Dlink-udev-shared=false" +PACKAGECONFIG[localed] = "-Dlocaled=true,-Dlocaled=false" +PACKAGECONFIG[logind] = "-Dlogind=true,-Dlogind=false" +PACKAGECONFIG[lz4] = "-Dlz4=true,-Dlz4=false,lz4" +PACKAGECONFIG[machined] = "-Dmachined=true,-Dmachined=false" +PACKAGECONFIG[manpages] = "-Dman=true,-Dman=false,libxslt-native xmlto-native docbook-xml-dtd4-native docbook-xsl-stylesheets-native" +PACKAGECONFIG[microhttpd] = "-Dmicrohttpd=true,-Dmicrohttpd=false,libmicrohttpd" +PACKAGECONFIG[myhostname] = "-Dnss-myhostname=true,-Dnss-myhostname=false,,libnss-myhostname" +PACKAGECONFIG[networkd] = "-Dnetworkd=true,-Dnetworkd=false" +PACKAGECONFIG[no-dns-fallback] = "-Ddns-servers=" +PACKAGECONFIG[nss] = "-Dnss-systemd=true,-Dnss-systemd=false" +PACKAGECONFIG[nss-mymachines] = "-Dnss-mymachines=true,-Dnss-mymachines=false" +PACKAGECONFIG[nss-resolve] = "-Dnss-resolve=true,-Dnss-resolve=false" +PACKAGECONFIG[oomd] = "-Doomd=true,-Doomd=false" +PACKAGECONFIG[openssl] = "-Dopenssl=true,-Dopenssl=false,openssl" +PACKAGECONFIG[pam] = "-Dpam=true,-Dpam=false,libpam,${PAM_PLUGINS}" +PACKAGECONFIG[pcre2] = "-Dpcre2=true,-Dpcre2=false,libpcre2" +PACKAGECONFIG[polkit] = "-Dpolkit=true,-Dpolkit=false" +# If polkit is disabled and networkd+hostnamed are in use, enabling this option and +# using dbus-broker will allow networkd to be authorized to change the +# hostname without acquiring additional privileges +PACKAGECONFIG[polkit_hostnamed_fallback] = ",,,,dbus-broker,polkit" +PACKAGECONFIG[portabled] = "-Dportabled=true,-Dportabled=false" +PACKAGECONFIG[qrencode] = "-Dqrencode=true,-Dqrencode=false,qrencode,,qrencode" +PACKAGECONFIG[quotacheck] = "-Dquotacheck=true,-Dquotacheck=false" +PACKAGECONFIG[randomseed] = "-Drandomseed=true,-Drandomseed=false" +PACKAGECONFIG[resolved] = "-Dresolve=true,-Dresolve=false" +PACKAGECONFIG[rfkill] = "-Drfkill=true,-Drfkill=false" +PACKAGECONFIG[seccomp] = "-Dseccomp=true,-Dseccomp=false,libseccomp" +PACKAGECONFIG[selinux] = "-Dselinux=true,-Dselinux=false,libselinux,initscripts-sushell" +PACKAGECONFIG[smack] = "-Dsmack=true,-Dsmack=false" +PACKAGECONFIG[sysext] = "-Dsysext=true, -Dsysext=false" +PACKAGECONFIG[sysusers] = "-Dsysusers=true,-Dsysusers=false" +PACKAGECONFIG[sysvinit] = "-Dsysvinit-path=${sysconfdir}/init.d -Dsysvrcnd-path=${sysconfdir},-Dsysvinit-path= -Dsysvrcnd-path=,,systemd-compat-units update-rc.d" +# When enabled use reproducble build timestamp if set as time epoch, +# or build time if not. When disabled, time epoch is unset. +def build_epoch(d): + epoch = d.getVar('SOURCE_DATE_EPOCH') or "-1" + return '-Dtime-epoch=%d' % int(epoch) +PACKAGECONFIG[set-time-epoch] = "${@build_epoch(d)},-Dtime-epoch=0" +PACKAGECONFIG[timedated] = "-Dtimedated=true,-Dtimedated=false" +PACKAGECONFIG[timesyncd] = "-Dtimesyncd=true,-Dtimesyncd=false" +PACKAGECONFIG[usrmerge] = "-Dsplit-usr=false,-Dsplit-usr=true" +PACKAGECONFIG[sbinmerge] = "-Dsplit-bin=false,-Dsplit-bin=true" +PACKAGECONFIG[userdb] = "-Duserdb=true,-Duserdb=false" +PACKAGECONFIG[utmp] = "-Dutmp=true,-Dutmp=false" +PACKAGECONFIG[valgrind] = "-DVALGRIND=1,,valgrind" +PACKAGECONFIG[vconsole] = "-Dvconsole=true,-Dvconsole=false,,${PN}-vconsole-setup" +PACKAGECONFIG[wheel-group] = "-Dwheel-group=true, -Dwheel-group=false" +PACKAGECONFIG[xdg-autostart] = "-Dxdg-autostart=true,-Dxdg-autostart=false" +# Verify keymaps on locale change +PACKAGECONFIG[xkbcommon] = "-Dxkbcommon=true,-Dxkbcommon=false,libxkbcommon" +PACKAGECONFIG[xz] = "-Dxz=true,-Dxz=false,xz" +PACKAGECONFIG[zlib] = "-Dzlib=true,-Dzlib=false,zlib" +PACKAGECONFIG[zstd] = "-Dzstd=true,-Dzstd=false,zstd" + +# Helper variables to clarify locations. This mirrors the logic in systemd's +# build system. +rootprefix ?= "${root_prefix}" +rootlibdir ?= "${base_libdir}" +rootlibexecdir = "${rootprefix}/lib" + +EXTRA_OEMESON += "-Dnobody-user=nobody \ + -Dnobody-group=nogroup \ + -Drootlibdir=${rootlibdir} \ + -Drootprefix=${rootprefix} \ + -Ddefault-locale=C \ + -Dmode=release \ + -Dsystem-alloc-uid-min=101 \ + -Dsystem-uid-max=999 \ + -Dsystem-alloc-gid-min=101 \ + -Dsystem-gid-max=999 \ + " + +# Hardcode target binary paths to avoid using paths from sysroot +EXTRA_OEMESON += "-Dkexec-path=${sbindir}/kexec \ + -Dkmod-path=${base_bindir}/kmod \ + -Dmount-path=${base_bindir}/mount \ + -Dquotacheck-path=${sbindir}/quotacheck \ + -Dquotaon-path=${sbindir}/quotaon \ + -Dsulogin-path=${base_sbindir}/sulogin \ + -Dnologin-path=${base_sbindir}/nologin \ + -Dumount-path=${base_bindir}/umount" + +# The 60 seconds is watchdog's default vaule. +WATCHDOG_TIMEOUT ??= "60" + +do_install() { + meson_do_install + install -d ${D}/${base_sbindir} + if ${@bb.utils.contains('PACKAGECONFIG', 'serial-getty-generator', 'false', 'true', d)}; then + # Provided by a separate recipe + rm ${D}${systemd_system_unitdir}/serial-getty* -f + fi + + # Provide support for initramfs + [ ! -e ${D}/init ] && ln -s ${rootlibexecdir}/systemd/systemd ${D}/init + [ ! -e ${D}/${base_sbindir}/udevd ] && ln -s ${rootlibexecdir}/systemd/systemd-udevd ${D}/${base_sbindir}/udevd + + install -d ${D}${sysconfdir}/udev/rules.d/ + install -d ${D}${sysconfdir}/tmpfiles.d + for rule in $(find ${WORKDIR} -maxdepth 1 -type f -name "*.rules"); do + install -m 0644 $rule ${D}${sysconfdir}/udev/rules.d/ + done + + install -m 0644 ${WORKDIR}/00-create-volatile.conf ${D}${sysconfdir}/tmpfiles.d/ + + if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/systemd-udevd + sed -i s%@UDEVD@%${rootlibexecdir}/systemd/systemd-udevd% ${D}${sysconfdir}/init.d/systemd-udevd + install -Dm 0755 ${S}/src/systemctl/systemd-sysv-install.SKELETON ${D}${systemd_unitdir}/systemd-sysv-install + fi + + if "${@'true' if oe.types.boolean(d.getVar('VOLATILE_LOG_DIR')) else 'false'}"; then + # /var/log is typically a symbolic link to inside /var/volatile, + # which is expected to be empty. + rm -rf ${D}${localstatedir}/log + else + chown root:systemd-journal ${D}${localstatedir}/log/journal + + # journal-remote creates this at start + rm -rf ${D}${localstatedir}/log/journal/remote + fi + + install -d ${D}${systemd_system_unitdir}/graphical.target.wants + install -d ${D}${systemd_system_unitdir}/multi-user.target.wants + install -d ${D}${systemd_system_unitdir}/poweroff.target.wants + install -d ${D}${systemd_system_unitdir}/reboot.target.wants + install -d ${D}${systemd_system_unitdir}/rescue.target.wants + + # Create symlinks for systemd-update-utmp-runlevel.service + if ${@bb.utils.contains('PACKAGECONFIG', 'utmp', 'true', 'false', d)}; then + ln -sf ../systemd-update-utmp-runlevel.service ${D}${systemd_system_unitdir}/graphical.target.wants/systemd-update-utmp-runlevel.service + ln -sf ../systemd-update-utmp-runlevel.service ${D}${systemd_system_unitdir}/multi-user.target.wants/systemd-update-utmp-runlevel.service + ln -sf ../systemd-update-utmp-runlevel.service ${D}${systemd_system_unitdir}/poweroff.target.wants/systemd-update-utmp-runlevel.service + ln -sf ../systemd-update-utmp-runlevel.service ${D}${systemd_system_unitdir}/reboot.target.wants/systemd-update-utmp-runlevel.service + ln -sf ../systemd-update-utmp-runlevel.service ${D}${systemd_system_unitdir}/rescue.target.wants/systemd-update-utmp-runlevel.service + fi + + # this file is needed to exist if networkd is disabled but timesyncd is still in use since timesyncd checks it + # for existence else it fails + if [ -s ${D}${exec_prefix}/lib/tmpfiles.d/systemd.conf ] && + ! ${@bb.utils.contains('PACKAGECONFIG', 'networkd', 'true', 'false', d)}; then + echo 'd /run/systemd/netif/links 0755 root root -' >>${D}${exec_prefix}/lib/tmpfiles.d/systemd.conf + fi + if ! ${@bb.utils.contains('PACKAGECONFIG', 'resolved', 'true', 'false', d)}; then + echo 'L! ${sysconfdir}/resolv.conf - - - - ../run/systemd/resolve/resolv.conf' >>${D}${exec_prefix}/lib/tmpfiles.d/etc.conf + echo 'd /run/systemd/resolve 0755 root root -' >>${D}${exec_prefix}/lib/tmpfiles.d/systemd.conf + echo 'f /run/systemd/resolve/resolv.conf 0644 root root' >>${D}${exec_prefix}/lib/tmpfiles.d/systemd.conf + ln -s ../run/systemd/resolve/resolv.conf ${D}${sysconfdir}/resolv-conf.systemd + else + sed -i -e "s%^L! /etc/resolv.conf.*$%L! /etc/resolv.conf - - - - ../run/systemd/resolve/resolv.conf%g" ${D}${exec_prefix}/lib/tmpfiles.d/etc.conf + ln -s ../run/systemd/resolve/resolv.conf ${D}${sysconfdir}/resolv-conf.systemd + fi + if ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'false', 'true', d)}; then + rm ${D}${exec_prefix}/lib/tmpfiles.d/x11.conf + rm -r ${D}${sysconfdir}/X11 + fi + + # If polkit is setup fixup permissions and ownership + if ${@bb.utils.contains('PACKAGECONFIG', 'polkit', 'true', 'false', d)}; then + if [ -d ${D}${datadir}/polkit-1/rules.d ]; then + chmod 700 ${D}${datadir}/polkit-1/rules.d + chown polkitd:root ${D}${datadir}/polkit-1/rules.d + fi + fi + + # If polkit is not available and a fallback was requested, install a drop-in that allows networkd to + # request hostname changes via DBUS without elevating its privileges + if ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'true', 'false', d)}; then + install -d ${D}${systemd_system_unitdir}/systemd-hostnamed.service.d/ + install -m 0644 ${WORKDIR}/00-hostnamed-network-user.conf ${D}${systemd_system_unitdir}/systemd-hostnamed.service.d/ + install -d ${D}${datadir}/dbus-1/system.d/ + install -m 0644 ${WORKDIR}/org.freedesktop.hostname1_no_polkit.conf ${D}${datadir}/dbus-1/system.d/ + fi + + # create link for existing udev rules + ln -s ${base_bindir}/udevadm ${D}${base_sbindir}/udevadm + + # install default policy for presets + # https://www.freedesktop.org/wiki/Software/systemd/Preset/#howto + install -Dm 0644 ${WORKDIR}/99-default.preset ${D}${systemd_unitdir}/system-preset/99-default.preset + + # add a profile fragment to disable systemd pager with busybox less + install -Dm 0644 ${WORKDIR}/systemd-pager.sh ${D}${sysconfdir}/profile.d/systemd-pager.sh + + if [ -n "${WATCHDOG_TIMEOUT}" ]; then + sed -i -e 's/#RebootWatchdogSec=10min/RebootWatchdogSec=${WATCHDOG_TIMEOUT}/' \ + ${D}/${sysconfdir}/systemd/system.conf + fi +} + +python populate_packages:prepend (){ + systemdlibdir = d.getVar("rootlibdir") + do_split_packages(d, systemdlibdir, r'^lib(.*)\.so\.*', 'lib%s', 'Systemd %s library', extra_depends='', allow_links=True) +} +PACKAGES_DYNAMIC += "^lib(udev|systemd|nss).*" + +PACKAGE_BEFORE_PN = "\ + ${PN}-gui \ + ${PN}-vconsole-setup \ + ${PN}-initramfs \ + ${PN}-analyze \ + ${PN}-kernel-install \ + ${PN}-rpm-macros \ + ${PN}-binfmt \ + ${PN}-zsh-completion \ + ${PN}-container \ + ${PN}-journal-gatewayd \ + ${PN}-journal-upload \ + ${PN}-journal-remote \ + ${PN}-extra-utils \ + ${PN}-udev-rules \ + libsystemd-shared \ + udev \ + udev-hwdb \ +" + +SUMMARY:${PN}-container = "Tools for containers and VMs" +DESCRIPTION:${PN}-container = "Systemd tools to spawn and manage containers and virtual machines." + +SUMMARY:${PN}-journal-gatewayd = "HTTP server for journal events" +DESCRIPTION:${PN}-journal-gatewayd = "systemd-journal-gatewayd serves journal events over the network. Clients must connect using HTTP. The server listens on port 19531 by default." + +SUMMARY:${PN}-journal-upload = "Send journal messages over the network" +DESCRIPTION:${PN}-journal-upload = "systemd-journal-upload uploads journal entries to a specified URL." + +SUMMARY:${PN}-journal-remote = "Receive journal messages over the network" +DESCRIPTION:${PN}-journal-remote = "systemd-journal-remote is a command to receive serialized journal events and store them to journal files." + +SUMMARY:libsystemd-shared = "Systemd shared library" + +SYSTEMD_PACKAGES = "${@bb.utils.contains('PACKAGECONFIG', 'binfmt', '${PN}-binfmt', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-gatewayd', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-remote', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'journal-upload', '${PN}-journal-upload', '', d)} \ +" +SYSTEMD_SERVICE:${PN}-binfmt = "systemd-binfmt.service" + +USERADD_PACKAGES = "${PN} ${PN}-extra-utils \ + udev \ + ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-gatewayd', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-remote', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'journal-upload', '${PN}-journal-upload', '', d)} \ +" +GROUPADD_PARAM:${PN} = "-r systemd-journal;" +GROUPADD_PARAM:udev = "-r render;-r sgx;" +GROUPADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', '-r systemd-hostname;', '', d)}" +USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /sbin/nologin systemd-coredump;', '', d)}" +USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '--system -d / -M --shell /sbin/nologin systemd-network;', '', d)}" +USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit', '--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd;', '', d)}" +USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'resolved', '--system -d / -M --shell /sbin/nologin systemd-resolve;', '', d)}" +USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'timesyncd', '--system -d / -M --shell /sbin/nologin systemd-timesync;', '', d)}" +USERADD_PARAM:${PN}-extra-utils = "--system -d / -M --shell /sbin/nologin systemd-bus-proxy" +USERADD_PARAM:${PN}-journal-gatewayd = "--system -d / -M --shell /sbin/nologin systemd-journal-gateway" +USERADD_PARAM:${PN}-journal-remote = "--system -d / -M --shell /sbin/nologin systemd-journal-remote" +USERADD_PARAM:${PN}-journal-upload = "--system -d / -M --shell /sbin/nologin systemd-journal-upload" + +FILES:${PN}-analyze = "${bindir}/systemd-analyze" + +FILES:${PN}-initramfs = "/init" +RDEPENDS:${PN}-initramfs = "${PN}" + +FILES:${PN}-gui = "${bindir}/systemadm" + +FILES:${PN}-vconsole-setup = "${rootlibexecdir}/systemd/systemd-vconsole-setup \ + ${systemd_system_unitdir}/systemd-vconsole-setup.service \ + ${systemd_system_unitdir}/sysinit.target.wants/systemd-vconsole-setup.service" + +RDEPENDS:${PN}-kernel-install += "bash" +FILES:${PN}-kernel-install = "${bindir}/kernel-install \ + ${sysconfdir}/kernel/ \ + ${exec_prefix}/lib/kernel \ + " +FILES:${PN}-rpm-macros = "${exec_prefix}/lib/rpm \ + " + +FILES:${PN}-zsh-completion = "${datadir}/zsh/site-functions" + +FILES:${PN}-binfmt = "${sysconfdir}/binfmt.d/ \ + ${exec_prefix}/lib/binfmt.d \ + ${rootlibexecdir}/systemd/systemd-binfmt \ + ${systemd_system_unitdir}/proc-sys-fs-binfmt_misc.* \ + ${systemd_system_unitdir}/systemd-binfmt.service" +RRECOMMENDS:${PN}-binfmt = "${@bb.utils.contains('PACKAGECONFIG', 'binfmt', 'kernel-module-binfmt-misc', '', d)}" + +RRECOMMENDS:${PN}-vconsole-setup = "${@bb.utils.contains('PACKAGECONFIG', 'vconsole', 'kbd kbd-consolefonts kbd-keymaps', '', d)}" + + +FILES:${PN}-journal-gatewayd = "${rootlibexecdir}/systemd/systemd-journal-gatewayd \ + ${systemd_system_unitdir}/systemd-journal-gatewayd.service \ + ${systemd_system_unitdir}/systemd-journal-gatewayd.socket \ + ${systemd_system_unitdir}/sockets.target.wants/systemd-journal-gatewayd.socket \ + ${datadir}/systemd/gatewayd/browse.html \ + " +SYSTEMD_SERVICE:${PN}-journal-gatewayd = "systemd-journal-gatewayd.socket" + +FILES:${PN}-journal-upload = "${rootlibexecdir}/systemd/systemd-journal-upload \ + ${systemd_system_unitdir}/systemd-journal-upload.service \ + ${sysconfdir}/systemd/journal-upload.conf \ + " +SYSTEMD_SERVICE:${PN}-journal-upload = "systemd-journal-upload.service" + +FILES:${PN}-journal-remote = "${rootlibexecdir}/systemd/systemd-journal-remote \ + ${sysconfdir}/systemd/journal-remote.conf \ + ${systemd_system_unitdir}/systemd-journal-remote.service \ + ${systemd_system_unitdir}/systemd-journal-remote.socket \ + " +SYSTEMD_SERVICE:${PN}-journal-remote = "systemd-journal-remote.socket" + + +FILES:${PN}-container = "${sysconfdir}/dbus-1/system.d/org.freedesktop.import1.conf \ + ${sysconfdir}/dbus-1/system.d/org.freedesktop.machine1.conf \ + ${sysconfdir}/systemd/system/multi-user.target.wants/machines.target \ + ${base_bindir}/machinectl \ + ${bindir}/systemd-nspawn \ + ${nonarch_libdir}/systemd/import-pubring.gpg \ + ${systemd_system_unitdir}/busnames.target.wants/org.freedesktop.import1.busname \ + ${systemd_system_unitdir}/busnames.target.wants/org.freedesktop.machine1.busname \ + ${systemd_system_unitdir}/local-fs.target.wants/var-lib-machines.mount \ + ${systemd_system_unitdir}/machines.target.wants/var-lib-machines.mount \ + ${systemd_system_unitdir}/remote-fs.target.wants/var-lib-machines.mount \ + ${systemd_system_unitdir}/machine.slice \ + ${systemd_system_unitdir}/machines.target \ + ${systemd_system_unitdir}/org.freedesktop.import1.busname \ + ${systemd_system_unitdir}/org.freedesktop.machine1.busname \ + ${systemd_system_unitdir}/systemd-importd.service \ + ${systemd_system_unitdir}/systemd-machined.service \ + ${systemd_system_unitdir}/dbus-org.freedesktop.machine1.service \ + ${systemd_system_unitdir}/var-lib-machines.mount \ + ${rootlibexecdir}/systemd/systemd-import \ + ${rootlibexecdir}/systemd/systemd-importd \ + ${rootlibexecdir}/systemd/systemd-machined \ + ${rootlibexecdir}/systemd/systemd-pull \ + ${exec_prefix}/lib/tmpfiles.d/systemd-nspawn.conf \ + ${exec_prefix}/lib/tmpfiles.d/README \ + ${systemd_system_unitdir}/systemd-nspawn@.service \ + ${libdir}/libnss_mymachines.so.2 \ + ${datadir}/dbus-1/system-services/org.freedesktop.import1.service \ + ${datadir}/dbus-1/system-services/org.freedesktop.machine1.service \ + ${datadir}/dbus-1/system.d/org.freedesktop.import1.conf \ + ${datadir}/dbus-1/system.d/org.freedesktop.machine1.conf \ + ${datadir}/polkit-1/actions/org.freedesktop.import1.policy \ + ${datadir}/polkit-1/actions/org.freedesktop.machine1.policy \ + " + +# "machinectl import-tar" uses "tar --numeric-owner", not supported by busybox. +RRECOMMENDS:${PN}-container += "\ + ${PN}-journal-gatewayd \ + ${PN}-journal-remote \ + ${PN}-journal-upload \ + kernel-module-dm-mod \ + kernel-module-loop \ + kernel-module-tun \ + tar \ + " + +FILES:${PN}-extra-utils = "\ + ${base_bindir}/systemd-escape \ + ${base_bindir}/systemd-inhibit \ + ${bindir}/systemd-detect-virt \ + ${bindir}/systemd-dissect \ + ${bindir}/systemd-path \ + ${bindir}/systemd-run \ + ${bindir}/systemd-cat \ + ${bindir}/systemd-creds \ + ${bindir}/systemd-cryptenroll \ + ${bindir}/systemd-delta \ + ${bindir}/systemd-cgls \ + ${bindir}/systemd-cgtop \ + ${bindir}/systemd-stdio-bridge \ + ${base_bindir}/systemd-ask-password \ + ${base_bindir}/systemd-tty-ask-password-agent \ + ${systemd_system_unitdir}/systemd-ask-password-console.path \ + ${systemd_system_unitdir}/systemd-ask-password-console.service \ + ${systemd_system_unitdir}/systemd-ask-password-wall.path \ + ${systemd_system_unitdir}/systemd-ask-password-wall.service \ + ${systemd_system_unitdir}/sysinit.target.wants/systemd-ask-password-console.path \ + ${systemd_system_unitdir}/sysinit.target.wants/systemd-ask-password-wall.path \ + ${systemd_system_unitdir}/multi-user.target.wants/systemd-ask-password-wall.path \ + ${rootlibexecdir}/systemd/systemd-resolve-host \ + ${rootlibexecdir}/systemd/systemd-ac-power \ + ${rootlibexecdir}/systemd/systemd-activate \ + ${rootlibexecdir}/systemd/systemd-bus-proxyd \ + ${systemd_system_unitdir}/systemd-bus-proxyd.service \ + ${systemd_system_unitdir}/systemd-bus-proxyd.socket \ + ${rootlibexecdir}/systemd/systemd-socket-proxyd \ + ${rootlibexecdir}/systemd/systemd-reply-password \ + ${rootlibexecdir}/systemd/systemd-sleep \ + ${rootlibexecdir}/systemd/system-sleep \ + ${systemd_system_unitdir}/systemd-hibernate.service \ + ${systemd_system_unitdir}/systemd-hybrid-sleep.service \ + ${systemd_system_unitdir}/systemd-suspend.service \ + ${systemd_system_unitdir}/sleep.target \ + ${rootlibexecdir}/systemd/systemd-initctl \ + ${systemd_system_unitdir}/systemd-initctl.service \ + ${systemd_system_unitdir}/systemd-initctl.socket \ + ${systemd_system_unitdir}/sockets.target.wants/systemd-initctl.socket \ + ${rootlibexecdir}/systemd/system-generators/systemd-gpt-auto-generator \ + ${rootlibexecdir}/systemd/systemd-cgroups-agent \ +" + +FILES:${PN}-udev-rules = "\ + ${rootlibexecdir}/udev/rules.d/70-uaccess.rules \ + ${rootlibexecdir}/udev/rules.d/71-seat.rules \ + ${rootlibexecdir}/udev/rules.d/73-seat-late.rules \ + ${rootlibexecdir}/udev/rules.d/99-systemd.rules \ +" + +CONFFILES:${PN} = "${sysconfdir}/systemd/coredump.conf \ + ${sysconfdir}/systemd/journald.conf \ + ${sysconfdir}/systemd/logind.conf \ + ${sysconfdir}/systemd/networkd.conf \ + ${sysconfdir}/systemd/pstore.conf \ + ${sysconfdir}/systemd/resolved.conf \ + ${sysconfdir}/systemd/sleep.conf \ + ${sysconfdir}/systemd/system.conf \ + ${sysconfdir}/systemd/timesyncd.conf \ + ${sysconfdir}/systemd/user.conf \ +" + +FILES:${PN} = " ${base_bindir}/* \ + ${base_sbindir}/shutdown \ + ${base_sbindir}/halt \ + ${base_sbindir}/poweroff \ + ${base_sbindir}/runlevel \ + ${base_sbindir}/telinit \ + ${base_sbindir}/resolvconf \ + ${base_sbindir}/reboot \ + ${base_sbindir}/init \ + ${datadir}/dbus-1/services \ + ${datadir}/dbus-1/system-services \ + ${datadir}/polkit-1 \ + ${datadir}/${BPN} \ + ${datadir}/factory \ + ${sysconfdir}/dbus-1/ \ + ${sysconfdir}/modules-load.d/ \ + ${sysconfdir}/pam.d/ \ + ${sysconfdir}/profile.d/ \ + ${sysconfdir}/sysctl.d/ \ + ${sysconfdir}/systemd/ \ + ${sysconfdir}/tmpfiles.d/ \ + ${sysconfdir}/xdg/ \ + ${sysconfdir}/init.d/README \ + ${sysconfdir}/resolv-conf.systemd \ + ${sysconfdir}/X11/xinit/xinitrc.d/* \ + ${rootlibexecdir}/systemd/* \ + ${libdir}/pam.d \ + ${nonarch_libdir}/pam.d \ + ${systemd_unitdir}/* \ + ${base_libdir}/security/*.so \ + /cgroup \ + ${bindir}/systemd* \ + ${bindir}/busctl \ + ${bindir}/coredumpctl \ + ${bindir}/localectl \ + ${bindir}/hostnamectl \ + ${bindir}/resolvectl \ + ${bindir}/timedatectl \ + ${bindir}/bootctl \ + ${bindir}/oomctl \ + ${exec_prefix}/lib/tmpfiles.d/*.conf \ + ${exec_prefix}/lib/systemd \ + ${exec_prefix}/lib/modules-load.d \ + ${exec_prefix}/lib/sysctl.d \ + ${exec_prefix}/lib/sysusers.d \ + ${exec_prefix}/lib/environment.d \ + ${localstatedir} \ + ${rootlibexecdir}/modprobe.d/systemd.conf \ + ${rootlibexecdir}/modprobe.d/README \ + ${datadir}/dbus-1/system.d/org.freedesktop.timedate1.conf \ + ${datadir}/dbus-1/system.d/org.freedesktop.locale1.conf \ + ${datadir}/dbus-1/system.d/org.freedesktop.network1.conf \ + ${datadir}/dbus-1/system.d/org.freedesktop.resolve1.conf \ + ${datadir}/dbus-1/system.d/org.freedesktop.systemd1.conf \ + ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', '${datadir}/dbus-1/system.d/org.freedesktop.hostname1_no_polkit.conf', '', d)} \ + ${datadir}/dbus-1/system.d/org.freedesktop.hostname1.conf \ + ${datadir}/dbus-1/system.d/org.freedesktop.login1.conf \ + ${datadir}/dbus-1/system.d/org.freedesktop.timesync1.conf \ + ${datadir}/dbus-1/system.d/org.freedesktop.portable1.conf \ + ${datadir}/dbus-1/system.d/org.freedesktop.oom1.conf \ + ${datadir}/dbus-1/system.d/org.freedesktop.home1.conf \ + " + +FILES:${PN}-dev += "${base_libdir}/security/*.la ${datadir}/dbus-1/interfaces/ ${sysconfdir}/rpm/macros.systemd" + +RDEPENDS:${PN} += "kmod dbus util-linux-mount util-linux-umount udev (= ${EXTENDPKGV}) systemd-udev-rules util-linux-agetty util-linux-fsck" +RDEPENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'serial-getty-generator', '', 'systemd-serialgetty', d)}" +RDEPENDS:${PN} += "volatile-binds" + +RRECOMMENDS:${PN} += "systemd-extra-utils \ + udev-hwdb \ + e2fsprogs-e2fsck \ + kernel-module-autofs4 kernel-module-unix kernel-module-ipv6 kernel-module-sch-fq-codel \ + os-release \ + systemd-conf \ +" + +INSANE_SKIP:${PN} += "dev-so libdir" +INSANE_SKIP:${PN}-dbg += "libdir" +INSANE_SKIP:${PN}-doc += " libdir" +INSANE_SKIP:libsystemd-shared += "libdir" + +FILES:libsystemd-shared = "${rootlibexecdir}/systemd/libsystemd-shared*.so" + +RPROVIDES:udev = "hotplug" + +RDEPENDS:udev-hwdb += "udev" + +FILES:udev += "${base_sbindir}/udevd \ + ${rootlibexecdir}/systemd/network/99-default.link \ + ${rootlibexecdir}/systemd/systemd-udevd \ + ${rootlibexecdir}/udev/accelerometer \ + ${rootlibexecdir}/udev/ata_id \ + ${rootlibexecdir}/udev/cdrom_id \ + ${rootlibexecdir}/udev/collect \ + ${rootlibexecdir}/udev/dmi_memory_id \ + ${rootlibexecdir}/udev/fido_id \ + ${rootlibexecdir}/udev/findkeyboards \ + ${rootlibexecdir}/udev/keyboard-force-release.sh \ + ${rootlibexecdir}/udev/keymap \ + ${rootlibexecdir}/udev/mtd_probe \ + ${rootlibexecdir}/udev/scsi_id \ + ${rootlibexecdir}/udev/v4l_id \ + ${rootlibexecdir}/udev/keymaps \ + ${rootlibexecdir}/udev/rules.d/50-udev-default.rules \ + ${rootlibexecdir}/udev/rules.d/60-autosuspend.rules \ + ${rootlibexecdir}/udev/rules.d/60-autosuspend-chromiumos.rules \ + ${rootlibexecdir}/udev/rules.d/60-block.rules \ + ${rootlibexecdir}/udev/rules.d/60-cdrom_id.rules \ + ${rootlibexecdir}/udev/rules.d/60-drm.rules \ + ${rootlibexecdir}/udev/rules.d/60-evdev.rules \ + ${rootlibexecdir}/udev/rules.d/60-fido-id.rules \ + ${rootlibexecdir}/udev/rules.d/60-input-id.rules \ + ${rootlibexecdir}/udev/rules.d/60-persistent-alsa.rules \ + ${rootlibexecdir}/udev/rules.d/60-persistent-input.rules \ + ${rootlibexecdir}/udev/rules.d/60-persistent-storage.rules \ + ${rootlibexecdir}/udev/rules.d/60-persistent-storage-tape.rules \ + ${rootlibexecdir}/udev/rules.d/60-persistent-v4l.rules \ + ${rootlibexecdir}/udev/rules.d/60-sensor.rules \ + ${rootlibexecdir}/udev/rules.d/60-serial.rules \ + ${rootlibexecdir}/udev/rules.d/61-autosuspend-manual.rules \ + ${rootlibexecdir}/udev/rules.d/64-btrfs.rules \ + ${rootlibexecdir}/udev/rules.d/70-camera.rules \ + ${rootlibexecdir}/udev/rules.d/70-joystick.rules \ + ${rootlibexecdir}/udev/rules.d/70-memory.rules \ + ${rootlibexecdir}/udev/rules.d/70-mouse.rules \ + ${rootlibexecdir}/udev/rules.d/70-power-switch.rules \ + ${rootlibexecdir}/udev/rules.d/70-touchpad.rules \ + ${rootlibexecdir}/udev/rules.d/75-net-description.rules \ + ${rootlibexecdir}/udev/rules.d/75-probe_mtd.rules \ + ${rootlibexecdir}/udev/rules.d/78-sound-card.rules \ + ${rootlibexecdir}/udev/rules.d/80-drivers.rules \ + ${rootlibexecdir}/udev/rules.d/80-net-setup-link.rules \ + ${rootlibexecdir}/udev/rules.d/81-net-dhcp.rules \ + ${rootlibexecdir}/udev/rules.d/90-vconsole.rules \ + ${rootlibexecdir}/udev/rules.d/README \ + ${sysconfdir}/udev \ + ${sysconfdir}/init.d/systemd-udevd \ + ${systemd_system_unitdir}/*udev* \ + ${systemd_system_unitdir}/*.wants/*udev* \ + ${base_bindir}/systemd-hwdb \ + ${base_bindir}/udevadm \ + ${base_sbindir}/udevadm \ + ${datadir}/bash-completion/completions/udevadm \ + ${systemd_system_unitdir}/systemd-hwdb-update.service \ + " + +FILES:udev-hwdb = "${rootlibexecdir}/udev/hwdb.d \ + " + +RCONFLICTS:${PN} = "tiny-init ${@bb.utils.contains('PACKAGECONFIG', 'resolved', 'resolvconf', '', d)}" + +INITSCRIPT_PACKAGES = "udev" +INITSCRIPT_NAME:udev = "systemd-udevd" +INITSCRIPT_PARAMS:udev = "start 03 S ." + +python __anonymous() { + if not bb.utils.contains('DISTRO_FEATURES', 'sysvinit', True, False, d): + d.setVar("INHIBIT_UPDATERCD_BBCLASS", "1") + + if bb.utils.contains('PACKAGECONFIG', 'repart', True, False, d) and not bb.utils.contains('PACKAGECONFIG', 'openssl', True, False, d): + bb.error("PACKAGECONFIG[repart] requires PACKAGECONFIG[openssl]") + + if bb.utils.contains('PACKAGECONFIG', 'homed', True, False, d) and not bb.utils.contains('PACKAGECONFIG', 'userdb openssl cryptsetup', True, False, d): + bb.error("PACKAGECONFIG[homed] requires PACKAGECONFIG[userdb], PACKAGECONFIG[openssl] and PACKAGECONFIG[cryptsetup]") +} + +python do_warn_musl() { + if d.getVar('TCLIBC') == "musl": + bb.warn("Using systemd with musl is not recommended since it is not supported upstream and some patches are known to be problematic.") +} +addtask warn_musl before do_configure + +ALTERNATIVE:${PN} = "halt reboot shutdown poweroff runlevel ${@bb.utils.contains('PACKAGECONFIG', 'resolved', 'resolv-conf', '', d)}" + +ALTERNATIVE_TARGET[resolv-conf] = "${sysconfdir}/resolv-conf.systemd" +ALTERNATIVE_LINK_NAME[resolv-conf] = "${sysconfdir}/resolv.conf" +ALTERNATIVE_PRIORITY[resolv-conf] ?= "50" + +ALTERNATIVE_TARGET[halt] = "${base_bindir}/systemctl" +ALTERNATIVE_LINK_NAME[halt] = "${base_sbindir}/halt" +ALTERNATIVE_PRIORITY[halt] ?= "300" + +ALTERNATIVE_TARGET[reboot] = "${base_bindir}/systemctl" +ALTERNATIVE_LINK_NAME[reboot] = "${base_sbindir}/reboot" +ALTERNATIVE_PRIORITY[reboot] ?= "300" + +ALTERNATIVE_TARGET[shutdown] = "${base_bindir}/systemctl" +ALTERNATIVE_LINK_NAME[shutdown] = "${base_sbindir}/shutdown" +ALTERNATIVE_PRIORITY[shutdown] ?= "300" + +ALTERNATIVE_TARGET[poweroff] = "${base_bindir}/systemctl" +ALTERNATIVE_LINK_NAME[poweroff] = "${base_sbindir}/poweroff" +ALTERNATIVE_PRIORITY[poweroff] ?= "300" + +ALTERNATIVE_TARGET[runlevel] = "${base_bindir}/systemctl" +ALTERNATIVE_LINK_NAME[runlevel] = "${base_sbindir}/runlevel" +ALTERNATIVE_PRIORITY[runlevel] ?= "300" + +pkg_postinst:${PN}:libc-glibc () { + sed -e '/^hosts:/s/\s*\//' \ + -e 's/\(^hosts:.*\)\(\\)\(.*\)\(\\)\(.*\)/\1\2 myhostname \3\4\5/' \ + -i $D${sysconfdir}/nsswitch.conf +} + +pkg_prerm:${PN}:libc-glibc () { + sed -e '/^hosts:/s/\s*\//' \ + -e '/^hosts:/s/\s*myhostname//' \ + -i $D${sysconfdir}/nsswitch.conf +} + +PACKAGE_WRITE_DEPS += "qemu-native" +pkg_postinst:udev-hwdb () { + if test -n "$D"; then + $INTERCEPT_DIR/postinst_intercept update_udev_hwdb ${PKG} mlprefix=${MLPREFIX} binprefix=${MLPREFIX} rootlibexecdir="${rootlibexecdir}" PREFERRED_PROVIDER_udev="${PREFERRED_PROVIDER_udev}" base_bindir="${base_bindir}" + else + udevadm hwdb --update + fi +} + +pkg_prerm:udev-hwdb () { + rm -f $D${sysconfdir}/udev/hwdb.bin +} diff --git a/recipes-core/systemd/systemd_251.8.bbappend b/recipes-core/systemd/systemd_251.8.bbappend new file mode 100644 index 0000000..44e4987 --- /dev/null +++ b/recipes-core/systemd/systemd_251.8.bbappend @@ -0,0 +1,9 @@ +PACKAGECONFIG:append = " \ + tpm2 \ + cryptsetup \ + openssl \ + " + +FILES:${PN}-extra-utils:append = " \ + ${base_libdir}/cryptsetup/libcryptsetup-token-systemd-tpm2.so \ + " diff --git a/recipes-core/systemd/systemd_253.1.bb b/recipes-core/systemd/systemd_253.1.bb new file mode 100644 index 0000000..f306765 --- /dev/null +++ b/recipes-core/systemd/systemd_253.1.bb @@ -0,0 +1,832 @@ +require systemd.inc + +PROVIDES = "udev" + +PE = "1" + +DEPENDS = "intltool-native gperf-native libcap util-linux python3-jinja2-native" + +SECTION = "base/shell" + +inherit useradd pkgconfig meson perlnative update-rc.d update-alternatives qemu systemd gettext bash-completion manpages features_check + +# As this recipe builds udev, respect systemd being in DISTRO_FEATURES so +# that we don't build both udev and systemd in world builds. +REQUIRED_DISTRO_FEATURES = "systemd" + +SRC_URI += " \ + file://touchscreen.rules \ + file://00-create-volatile.conf \ + ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'file://org.freedesktop.hostname1_no_polkit.conf', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'file://00-hostnamed-network-user.conf', '', d)} \ + file://init \ + file://99-default.preset \ + file://systemd-pager.sh \ + file://0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch \ + file://0008-implment-systemd-sysv-install-for-OE.patch \ + file://0004-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch \ + " + +# patches needed by musl +SRC_URI:append:libc-musl = " ${SRC_URI_MUSL}" +SRC_URI_MUSL = "\ + file://0009-missing_type.h-add-comparison_fn_t.patch \ + file://0010-add-fallback-parse_printf_format-implementation.patch \ + file://0011-src-basic-missing.h-check-for-missing-strndupa.patch \ + file://0012-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch \ + file://0013-add-missing-FTW_-macros-for-musl.patch \ + file://0014-Use-uintmax_t-for-handling-rlim_t.patch \ + file://0015-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch \ + file://0016-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch \ + file://0017-Define-glibc-compatible-basename-for-non-glibc-syste.patch \ + file://0018-Do-not-disable-buffering-when-writing-to-oom_score_a.patch \ + file://0019-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch \ + file://0020-avoid-redefinition-of-prctl_mm_map-structure.patch \ + file://0021-do-not-disable-buffer-in-writing-files.patch \ + file://0022-Handle-__cpu_mask-usage.patch \ + file://0023-Handle-missing-gshadow.patch \ + file://0024-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch \ + file://0005-pass-correct-parameters-to-getdents64.patch \ + file://0001-Adjust-for-musl-headers.patch \ + file://0006-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch \ + file://0003-errno-util-Make-STRERROR-portable-for-musl.patch \ + " + +PAM_PLUGINS = " \ + pam-plugin-unix \ + pam-plugin-loginuid \ + pam-plugin-keyinit \ + pam-plugin-namespace \ +" + +PACKAGECONFIG ??= " \ + ${@bb.utils.filter('DISTRO_FEATURES', 'acl audit efi ldconfig pam selinux smack usrmerge polkit seccomp', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'wifi', 'rfkill', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'xkbcommon', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', '', 'link-udev-shared', d)} \ + backlight \ + binfmt \ + gshadow \ + hibernate \ + hostnamed \ + idn \ + ima \ + kmod \ + localed \ + logind \ + machined \ + myhostname \ + networkd \ + nss \ + nss-mymachines \ + nss-resolve \ + quotacheck \ + randomseed \ + resolved \ + set-time-epoch \ + sysusers \ + sysvinit \ + timedated \ + timesyncd \ + userdb \ + utmp \ + vconsole \ + wheel-group \ + zstd \ +" + +PACKAGECONFIG:remove:libc-musl = " \ + gshadow \ + idn \ + localed \ + myhostname \ + nss \ + nss-mymachines \ + nss-resolve \ + sysusers \ + userdb \ + utmp \ +" + +# https://github.com/seccomp/libseccomp/issues/347 +PACKAGECONFIG:remove:mipsarch = "seccomp" + +TARGET_CC_ARCH:append:libc-musl = " -D__UAPI_DEF_ETHHDR=0 -D_LARGEFILE64_SOURCE" + +# Some of the dependencies are weak-style recommends - if not available at runtime, +# systemd won't fail but the library-related feature will be skipped with a warning. + +# Use the upstream systemd serial-getty@.service and rely on +# systemd-getty-generator instead of using the OE-core specific +# systemd-serialgetty.bb - not enabled by default. +PACKAGECONFIG[serial-getty-generator] = "" + +PACKAGECONFIG[acl] = "-Dacl=true,-Dacl=false,acl" +PACKAGECONFIG[audit] = "-Daudit=true,-Daudit=false,audit" +PACKAGECONFIG[backlight] = "-Dbacklight=true,-Dbacklight=false" +PACKAGECONFIG[binfmt] = "-Dbinfmt=true,-Dbinfmt=false" +PACKAGECONFIG[bzip2] = "-Dbzip2=true,-Dbzip2=false,bzip2" +PACKAGECONFIG[cgroupv2] = "-Ddefault-hierarchy=unified,-Ddefault-hierarchy=hybrid" +PACKAGECONFIG[coredump] = "-Dcoredump=true,-Dcoredump=false" +PACKAGECONFIG[cryptsetup] = "-Dlibcryptsetup=true,-Dlibcryptsetup=false,cryptsetup,,cryptsetup" +PACKAGECONFIG[tpm2] = "-Dtpm2=true,-Dtpm2=false,tpm2-tss,tpm2-tss libtss2 libtss2-tcti-device" +# If multiple compression libraries are enabled, the format to use for compression is chosen implicitly, +# so if you want to compress with e.g. lz4 you cannot enable zstd, so you cannot read zstd-compressed journal files. +# This option allows to enable all compression formats for reading, but choosing a specific one for writing. +PACKAGECONFIG[default-compression-lz4] = "-Dlz4=true -Ddefault-compression=lz4,,lz4" +PACKAGECONFIG[default-compression-xz] = "-Dxz=true -Ddefault-compression=xz,,xz" +PACKAGECONFIG[default-compression-zstd] = "-Dzstd=true -Ddefault-compression=zstd,,zstd" +PACKAGECONFIG[dbus] = "-Ddbus=true,-Ddbus=false,dbus" +PACKAGECONFIG[efi] = "-Defi=true,-Defi=false" +PACKAGECONFIG[gnu-efi] = "-Dgnu-efi=true -Defi-libdir=${STAGING_LIBDIR} -Defi-includedir=${STAGING_INCDIR}/efi,-Dgnu-efi=false,gnu-efi" +PACKAGECONFIG[elfutils] = "-Delfutils=true,-Delfutils=false,elfutils" +PACKAGECONFIG[firstboot] = "-Dfirstboot=true,-Dfirstboot=false" +PACKAGECONFIG[repart] = "-Drepart=true,-Drepart=false" +PACKAGECONFIG[homed] = "-Dhomed=true,-Dhomed=false" +# Sign the journal for anti-tampering +PACKAGECONFIG[gcrypt] = "-Dgcrypt=true,-Dgcrypt=false,libgcrypt" +PACKAGECONFIG[gnutls] = "-Dgnutls=true,-Dgnutls=false,gnutls" +PACKAGECONFIG[gshadow] = "-Dgshadow=true,-Dgshadow=false" +PACKAGECONFIG[hibernate] = "-Dhibernate=true,-Dhibernate=false" +PACKAGECONFIG[hostnamed] = "-Dhostnamed=true,-Dhostnamed=false" +PACKAGECONFIG[idn] = "-Didn=true,-Didn=false" +PACKAGECONFIG[ima] = "-Dima=true,-Dima=false" +# importd requires journal-upload/xz/zlib/bzip2/gcrypt +PACKAGECONFIG[importd] = "-Dimportd=true,-Dimportd=false,glib-2.0" +# Update NAT firewall rules +PACKAGECONFIG[iptc] = "-Dlibiptc=true,-Dlibiptc=false,iptables" +PACKAGECONFIG[journal-upload] = "-Dlibcurl=true,-Dlibcurl=false,curl" +PACKAGECONFIG[kmod] = "-Dkmod=true,-Dkmod=false,kmod" +PACKAGECONFIG[ldconfig] = "-Dldconfig=true,-Dldconfig=false,,ldconfig" +PACKAGECONFIG[libidn] = "-Dlibidn=true,-Dlibidn=false,libidn,,libidn" +PACKAGECONFIG[libidn2] = "-Dlibidn2=true,-Dlibidn2=false,libidn2,,libidn2" +# Link udev shared with systemd helper library. +# If enabled the udev package depends on the systemd package (which has the needed shared library). +PACKAGECONFIG[link-udev-shared] = "-Dlink-udev-shared=true,-Dlink-udev-shared=false" +PACKAGECONFIG[localed] = "-Dlocaled=true,-Dlocaled=false" +PACKAGECONFIG[logind] = "-Dlogind=true,-Dlogind=false" +PACKAGECONFIG[lz4] = "-Dlz4=true,-Dlz4=false,lz4" +PACKAGECONFIG[machined] = "-Dmachined=true,-Dmachined=false" +PACKAGECONFIG[manpages] = "-Dman=true,-Dman=false,libxslt-native xmlto-native docbook-xml-dtd4-native docbook-xsl-stylesheets-native" +PACKAGECONFIG[microhttpd] = "-Dmicrohttpd=true,-Dmicrohttpd=false,libmicrohttpd" +PACKAGECONFIG[myhostname] = "-Dnss-myhostname=true,-Dnss-myhostname=false,,libnss-myhostname" +PACKAGECONFIG[networkd] = "-Dnetworkd=true,-Dnetworkd=false" +PACKAGECONFIG[no-dns-fallback] = "-Ddns-servers=" +PACKAGECONFIG[nss] = "-Dnss-systemd=true,-Dnss-systemd=false" +PACKAGECONFIG[nss-mymachines] = "-Dnss-mymachines=true,-Dnss-mymachines=false" +PACKAGECONFIG[nss-resolve] = "-Dnss-resolve=true,-Dnss-resolve=false" +PACKAGECONFIG[oomd] = "-Doomd=true,-Doomd=false" +PACKAGECONFIG[openssl] = "-Dopenssl=true,-Dopenssl=false,openssl" +PACKAGECONFIG[pam] = "-Dpam=true,-Dpam=false,libpam,${PAM_PLUGINS}" +PACKAGECONFIG[pcre2] = "-Dpcre2=true,-Dpcre2=false,libpcre2" +PACKAGECONFIG[polkit] = "-Dpolkit=true,-Dpolkit=false" +# If polkit is disabled and networkd+hostnamed are in use, enabling this option and +# using dbus-broker will allow networkd to be authorized to change the +# hostname without acquiring additional privileges +PACKAGECONFIG[polkit_hostnamed_fallback] = ",,,,dbus-broker,polkit" +PACKAGECONFIG[portabled] = "-Dportabled=true,-Dportabled=false" +PACKAGECONFIG[pstore] = "-Dpstore=true,-Dpstore=false" +PACKAGECONFIG[qrencode] = "-Dqrencode=true,-Dqrencode=false,qrencode,,qrencode" +PACKAGECONFIG[quotacheck] = "-Dquotacheck=true,-Dquotacheck=false" +PACKAGECONFIG[randomseed] = "-Drandomseed=true,-Drandomseed=false" +PACKAGECONFIG[resolved] = "-Dresolve=true,-Dresolve=false" +PACKAGECONFIG[rfkill] = "-Drfkill=true,-Drfkill=false" +PACKAGECONFIG[seccomp] = "-Dseccomp=true,-Dseccomp=false,libseccomp" +PACKAGECONFIG[selinux] = "-Dselinux=true,-Dselinux=false,libselinux,initscripts-sushell" +PACKAGECONFIG[smack] = "-Dsmack=true,-Dsmack=false" +PACKAGECONFIG[sysext] = "-Dsysext=true, -Dsysext=false" +PACKAGECONFIG[sysusers] = "-Dsysusers=true,-Dsysusers=false" +PACKAGECONFIG[sysvinit] = "-Dsysvinit-path=${sysconfdir}/init.d -Dsysvrcnd-path=${sysconfdir},-Dsysvinit-path= -Dsysvrcnd-path=,,systemd-compat-units update-rc.d" +# When enabled use reproducble build timestamp if set as time epoch, +# or build time if not. When disabled, time epoch is unset. +def build_epoch(d): + epoch = d.getVar('SOURCE_DATE_EPOCH') or "-1" + return '-Dtime-epoch=%d' % int(epoch) +PACKAGECONFIG[set-time-epoch] = "${@build_epoch(d)},-Dtime-epoch=0" +PACKAGECONFIG[timedated] = "-Dtimedated=true,-Dtimedated=false" +PACKAGECONFIG[timesyncd] = "-Dtimesyncd=true,-Dtimesyncd=false" +PACKAGECONFIG[usrmerge] = "-Dsplit-usr=false,-Dsplit-usr=true" +PACKAGECONFIG[sbinmerge] = "-Dsplit-bin=false,-Dsplit-bin=true" +PACKAGECONFIG[userdb] = "-Duserdb=true,-Duserdb=false" +PACKAGECONFIG[utmp] = "-Dutmp=true,-Dutmp=false" +PACKAGECONFIG[valgrind] = "-DVALGRIND=1,,valgrind" +PACKAGECONFIG[vconsole] = "-Dvconsole=true,-Dvconsole=false,,${PN}-vconsole-setup" +PACKAGECONFIG[wheel-group] = "-Dwheel-group=true, -Dwheel-group=false" +PACKAGECONFIG[xdg-autostart] = "-Dxdg-autostart=true,-Dxdg-autostart=false" +# Verify keymaps on locale change +PACKAGECONFIG[xkbcommon] = "-Dxkbcommon=true,-Dxkbcommon=false,libxkbcommon" +PACKAGECONFIG[xz] = "-Dxz=true,-Dxz=false,xz" +PACKAGECONFIG[zlib] = "-Dzlib=true,-Dzlib=false,zlib" +PACKAGECONFIG[zstd] = "-Dzstd=true,-Dzstd=false,zstd" + +# Helper variables to clarify locations. This mirrors the logic in systemd's +# build system. +rootprefix ?= "${root_prefix}" +rootlibdir ?= "${base_libdir}" +rootlibexecdir = "${rootprefix}/lib" + +EXTRA_OEMESON += "-Dnobody-user=nobody \ + -Dnobody-group=nogroup \ + -Drootlibdir=${rootlibdir} \ + -Drootprefix=${rootprefix} \ + -Ddefault-locale=C \ + -Dmode=release \ + -Dsystem-alloc-uid-min=101 \ + -Dsystem-uid-max=999 \ + -Dsystem-alloc-gid-min=101 \ + -Dsystem-gid-max=999 \ + " + +# Hardcode target binary paths to avoid using paths from sysroot +EXTRA_OEMESON += "-Dkexec-path=${sbindir}/kexec \ + -Dkmod-path=${base_bindir}/kmod \ + -Dmount-path=${base_bindir}/mount \ + -Dquotacheck-path=${sbindir}/quotacheck \ + -Dquotaon-path=${sbindir}/quotaon \ + -Dsulogin-path=${base_sbindir}/sulogin \ + -Dnologin-path=${base_sbindir}/nologin \ + -Dumount-path=${base_bindir}/umount" + +# The 60 seconds is watchdog's default vaule. +WATCHDOG_TIMEOUT ??= "60" + +do_install() { + meson_do_install + install -d ${D}/${base_sbindir} + if ${@bb.utils.contains('PACKAGECONFIG', 'serial-getty-generator', 'false', 'true', d)}; then + # Provided by a separate recipe + rm ${D}${systemd_system_unitdir}/serial-getty* -f + fi + + # Provide support for initramfs + [ ! -e ${D}/init ] && ln -s ${rootlibexecdir}/systemd/systemd ${D}/init + [ ! -e ${D}/${base_sbindir}/udevd ] && ln -s ${rootlibexecdir}/systemd/systemd-udevd ${D}/${base_sbindir}/udevd + + install -d ${D}${sysconfdir}/udev/rules.d/ + install -d ${D}${sysconfdir}/tmpfiles.d + for rule in $(find ${WORKDIR} -maxdepth 1 -type f -name "*.rules"); do + install -m 0644 $rule ${D}${sysconfdir}/udev/rules.d/ + done + + install -m 0644 ${WORKDIR}/00-create-volatile.conf ${D}${sysconfdir}/tmpfiles.d/ + + if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/systemd-udevd + sed -i s%@UDEVD@%${rootlibexecdir}/systemd/systemd-udevd% ${D}${sysconfdir}/init.d/systemd-udevd + install -Dm 0755 ${S}/src/systemctl/systemd-sysv-install.SKELETON ${D}${systemd_unitdir}/systemd-sysv-install + fi + + if "${@'true' if oe.types.boolean(d.getVar('VOLATILE_LOG_DIR')) else 'false'}"; then + # /var/log is typically a symbolic link to inside /var/volatile, + # which is expected to be empty. + rm -rf ${D}${localstatedir}/log + else + chown root:systemd-journal ${D}${localstatedir}/log/journal + + # journal-remote creates this at start + rm -rf ${D}${localstatedir}/log/journal/remote + fi + + # if the user requests /tmp be on persistent storage (i.e. not volatile) + # then don't use a tmpfs for /tmp + if [ "${VOLATILE_TMP_DIR}" != "yes" ]; then + rm -f ${D}${rootlibdir}/systemd/system/tmp.mount + rm -f ${D}${rootlibdir}/systemd/system/local-fs.target.wants/tmp.mount + fi + + install -d ${D}${systemd_system_unitdir}/graphical.target.wants + install -d ${D}${systemd_system_unitdir}/multi-user.target.wants + install -d ${D}${systemd_system_unitdir}/poweroff.target.wants + install -d ${D}${systemd_system_unitdir}/reboot.target.wants + install -d ${D}${systemd_system_unitdir}/rescue.target.wants + + # Create symlinks for systemd-update-utmp-runlevel.service + if ${@bb.utils.contains('PACKAGECONFIG', 'utmp', 'true', 'false', d)}; then + ln -sf ../systemd-update-utmp-runlevel.service ${D}${systemd_system_unitdir}/graphical.target.wants/systemd-update-utmp-runlevel.service + ln -sf ../systemd-update-utmp-runlevel.service ${D}${systemd_system_unitdir}/multi-user.target.wants/systemd-update-utmp-runlevel.service + ln -sf ../systemd-update-utmp-runlevel.service ${D}${systemd_system_unitdir}/poweroff.target.wants/systemd-update-utmp-runlevel.service + ln -sf ../systemd-update-utmp-runlevel.service ${D}${systemd_system_unitdir}/reboot.target.wants/systemd-update-utmp-runlevel.service + ln -sf ../systemd-update-utmp-runlevel.service ${D}${systemd_system_unitdir}/rescue.target.wants/systemd-update-utmp-runlevel.service + fi + + # this file is needed to exist if networkd is disabled but timesyncd is still in use since timesyncd checks it + # for existence else it fails + if [ -s ${D}${exec_prefix}/lib/tmpfiles.d/systemd.conf ] && + ! ${@bb.utils.contains('PACKAGECONFIG', 'networkd', 'true', 'false', d)}; then + echo 'd /run/systemd/netif/links 0755 root root -' >>${D}${exec_prefix}/lib/tmpfiles.d/systemd.conf + fi + if ! ${@bb.utils.contains('PACKAGECONFIG', 'resolved', 'true', 'false', d)}; then + echo 'L! ${sysconfdir}/resolv.conf - - - - ../run/systemd/resolve/resolv.conf' >>${D}${exec_prefix}/lib/tmpfiles.d/etc.conf + echo 'd /run/systemd/resolve 0755 root root -' >>${D}${exec_prefix}/lib/tmpfiles.d/systemd.conf + echo 'f /run/systemd/resolve/resolv.conf 0644 root root' >>${D}${exec_prefix}/lib/tmpfiles.d/systemd.conf + ln -s ../run/systemd/resolve/resolv.conf ${D}${sysconfdir}/resolv-conf.systemd + else + sed -i -e "s%^L! /etc/resolv.conf.*$%L! /etc/resolv.conf - - - - ../run/systemd/resolve/resolv.conf%g" ${D}${exec_prefix}/lib/tmpfiles.d/etc.conf + ln -s ../run/systemd/resolve/resolv.conf ${D}${sysconfdir}/resolv-conf.systemd + fi + if ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'false', 'true', d)}; then + rm ${D}${exec_prefix}/lib/tmpfiles.d/x11.conf + rm -r ${D}${sysconfdir}/X11 + fi + + # If polkit is setup fixup permissions and ownership + if ${@bb.utils.contains('PACKAGECONFIG', 'polkit', 'true', 'false', d)}; then + if [ -d ${D}${datadir}/polkit-1/rules.d ]; then + chmod 700 ${D}${datadir}/polkit-1/rules.d + chown polkitd:root ${D}${datadir}/polkit-1/rules.d + fi + fi + + # If polkit is not available and a fallback was requested, install a drop-in that allows networkd to + # request hostname changes via DBUS without elevating its privileges + if ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'true', 'false', d)}; then + install -d ${D}${systemd_system_unitdir}/systemd-hostnamed.service.d/ + install -m 0644 ${WORKDIR}/00-hostnamed-network-user.conf ${D}${systemd_system_unitdir}/systemd-hostnamed.service.d/ + install -d ${D}${datadir}/dbus-1/system.d/ + install -m 0644 ${WORKDIR}/org.freedesktop.hostname1_no_polkit.conf ${D}${datadir}/dbus-1/system.d/ + fi + + # create link for existing udev rules + ln -s ${base_bindir}/udevadm ${D}${base_sbindir}/udevadm + + # install default policy for presets + # https://www.freedesktop.org/wiki/Software/systemd/Preset/#howto + install -Dm 0644 ${WORKDIR}/99-default.preset ${D}${systemd_unitdir}/system-preset/99-default.preset + + # add a profile fragment to disable systemd pager with busybox less + install -Dm 0644 ${WORKDIR}/systemd-pager.sh ${D}${sysconfdir}/profile.d/systemd-pager.sh + + if [ -n "${WATCHDOG_TIMEOUT}" ]; then + sed -i -e 's/#RebootWatchdogSec=10min/RebootWatchdogSec=${WATCHDOG_TIMEOUT}/' \ + ${D}/${sysconfdir}/systemd/system.conf + fi +} + +python populate_packages:prepend (){ + systemdlibdir = d.getVar("rootlibdir") + do_split_packages(d, systemdlibdir, r'^lib(.*)\.so\.*', 'lib%s', 'Systemd %s library', extra_depends='', allow_links=True) +} +PACKAGES_DYNAMIC += "^lib(udev|systemd|nss).*" + +PACKAGE_BEFORE_PN = "\ + ${PN}-gui \ + ${PN}-vconsole-setup \ + ${PN}-initramfs \ + ${PN}-analyze \ + ${PN}-kernel-install \ + ${PN}-rpm-macros \ + ${PN}-binfmt \ + ${PN}-zsh-completion \ + ${PN}-container \ + ${PN}-journal-gatewayd \ + ${PN}-journal-upload \ + ${PN}-journal-remote \ + ${PN}-extra-utils \ + ${PN}-udev-rules \ + libsystemd-shared \ + udev \ + udev-hwdb \ +" + +SUMMARY:${PN}-container = "Tools for containers and VMs" +DESCRIPTION:${PN}-container = "Systemd tools to spawn and manage containers and virtual machines." + +SUMMARY:${PN}-journal-gatewayd = "HTTP server for journal events" +DESCRIPTION:${PN}-journal-gatewayd = "systemd-journal-gatewayd serves journal events over the network. Clients must connect using HTTP. The server listens on port 19531 by default." + +SUMMARY:${PN}-journal-upload = "Send journal messages over the network" +DESCRIPTION:${PN}-journal-upload = "systemd-journal-upload uploads journal entries to a specified URL." + +SUMMARY:${PN}-journal-remote = "Receive journal messages over the network" +DESCRIPTION:${PN}-journal-remote = "systemd-journal-remote is a command to receive serialized journal events and store them to journal files." + +SUMMARY:libsystemd-shared = "Systemd shared library" + +SYSTEMD_PACKAGES = "${@bb.utils.contains('PACKAGECONFIG', 'binfmt', '${PN}-binfmt', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-gatewayd', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-remote', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'journal-upload', '${PN}-journal-upload', '', d)} \ +" +SYSTEMD_SERVICE:${PN}-binfmt = "systemd-binfmt.service" + +USERADD_PACKAGES = "${PN} ${PN}-extra-utils \ + udev \ + ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-gatewayd', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-remote', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'journal-upload', '${PN}-journal-upload', '', d)} \ +" +GROUPADD_PARAM:${PN} = "-r systemd-journal;" +GROUPADD_PARAM:udev = "-r render;-r sgx;" +GROUPADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', '-r systemd-hostname;', '', d)}" +USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /sbin/nologin systemd-coredump;', '', d)}" +USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '--system -d / -M --shell /sbin/nologin systemd-network;', '', d)}" +USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit', '--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd;', '', d)}" +USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'resolved', '--system -d / -M --shell /sbin/nologin systemd-resolve;', '', d)}" +USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'timesyncd', '--system -d / -M --shell /sbin/nologin systemd-timesync;', '', d)}" +USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'oomd', '--system -d / -M --shell /sbin/nologin systemd-oom;', '', d)}" +USERADD_PARAM:${PN}-extra-utils = "--system -d / -M --shell /sbin/nologin systemd-bus-proxy" +USERADD_PARAM:${PN}-journal-gatewayd = "--system -d / -M --shell /sbin/nologin systemd-journal-gateway" +USERADD_PARAM:${PN}-journal-remote = "--system -d / -M --shell /sbin/nologin systemd-journal-remote" +USERADD_PARAM:${PN}-journal-upload = "--system -d / -M --shell /sbin/nologin systemd-journal-upload" + +FILES:${PN}-analyze = "${bindir}/systemd-analyze" + +FILES:${PN}-initramfs = "/init" +RDEPENDS:${PN}-initramfs = "${PN}" + +FILES:${PN}-gui = "${bindir}/systemadm" + +FILES:${PN}-vconsole-setup = "${rootlibexecdir}/systemd/systemd-vconsole-setup \ + ${systemd_system_unitdir}/systemd-vconsole-setup.service \ + ${systemd_system_unitdir}/sysinit.target.wants/systemd-vconsole-setup.service" + +RDEPENDS:${PN}-kernel-install += "bash" +FILES:${PN}-kernel-install = "${bindir}/kernel-install \ + ${sysconfdir}/kernel/ \ + ${exec_prefix}/lib/kernel \ + " +FILES:${PN}-rpm-macros = "${exec_prefix}/lib/rpm \ + " + +FILES:${PN}-zsh-completion = "${datadir}/zsh/site-functions" + +FILES:${PN}-binfmt = "${sysconfdir}/binfmt.d/ \ + ${exec_prefix}/lib/binfmt.d \ + ${rootlibexecdir}/systemd/systemd-binfmt \ + ${systemd_system_unitdir}/proc-sys-fs-binfmt_misc.* \ + ${systemd_system_unitdir}/systemd-binfmt.service" +RRECOMMENDS:${PN}-binfmt = "${@bb.utils.contains('PACKAGECONFIG', 'binfmt', 'kernel-module-binfmt-misc', '', d)}" + +RRECOMMENDS:${PN}-vconsole-setup = "${@bb.utils.contains('PACKAGECONFIG', 'vconsole', 'kbd kbd-consolefonts kbd-keymaps', '', d)}" + + +FILES:${PN}-journal-gatewayd = "${rootlibexecdir}/systemd/systemd-journal-gatewayd \ + ${systemd_system_unitdir}/systemd-journal-gatewayd.service \ + ${systemd_system_unitdir}/systemd-journal-gatewayd.socket \ + ${systemd_system_unitdir}/sockets.target.wants/systemd-journal-gatewayd.socket \ + ${datadir}/systemd/gatewayd/browse.html \ + " +SYSTEMD_SERVICE:${PN}-journal-gatewayd = "systemd-journal-gatewayd.socket" + +FILES:${PN}-journal-upload = "${rootlibexecdir}/systemd/systemd-journal-upload \ + ${systemd_system_unitdir}/systemd-journal-upload.service \ + ${sysconfdir}/systemd/journal-upload.conf \ + " +SYSTEMD_SERVICE:${PN}-journal-upload = "systemd-journal-upload.service" + +FILES:${PN}-journal-remote = "${rootlibexecdir}/systemd/systemd-journal-remote \ + ${sysconfdir}/systemd/journal-remote.conf \ + ${systemd_system_unitdir}/systemd-journal-remote.service \ + ${systemd_system_unitdir}/systemd-journal-remote.socket \ + " +SYSTEMD_SERVICE:${PN}-journal-remote = "systemd-journal-remote.socket" + + +FILES:${PN}-container = "${sysconfdir}/dbus-1/system.d/org.freedesktop.import1.conf \ + ${sysconfdir}/dbus-1/system.d/org.freedesktop.machine1.conf \ + ${sysconfdir}/systemd/system/multi-user.target.wants/machines.target \ + ${base_bindir}/machinectl \ + ${bindir}/systemd-nspawn \ + ${nonarch_libdir}/systemd/import-pubring.gpg \ + ${systemd_system_unitdir}/busnames.target.wants/org.freedesktop.import1.busname \ + ${systemd_system_unitdir}/busnames.target.wants/org.freedesktop.machine1.busname \ + ${systemd_system_unitdir}/local-fs.target.wants/var-lib-machines.mount \ + ${systemd_system_unitdir}/machines.target.wants/var-lib-machines.mount \ + ${systemd_system_unitdir}/remote-fs.target.wants/var-lib-machines.mount \ + ${systemd_system_unitdir}/machine.slice \ + ${systemd_system_unitdir}/machines.target \ + ${systemd_system_unitdir}/org.freedesktop.import1.busname \ + ${systemd_system_unitdir}/org.freedesktop.machine1.busname \ + ${systemd_system_unitdir}/systemd-importd.service \ + ${systemd_system_unitdir}/systemd-machined.service \ + ${systemd_system_unitdir}/dbus-org.freedesktop.machine1.service \ + ${systemd_system_unitdir}/var-lib-machines.mount \ + ${rootlibexecdir}/systemd/systemd-import \ + ${rootlibexecdir}/systemd/systemd-importd \ + ${rootlibexecdir}/systemd/systemd-machined \ + ${rootlibexecdir}/systemd/systemd-pull \ + ${exec_prefix}/lib/tmpfiles.d/systemd-nspawn.conf \ + ${exec_prefix}/lib/tmpfiles.d/README \ + ${systemd_system_unitdir}/systemd-nspawn@.service \ + ${libdir}/libnss_mymachines.so.2 \ + ${datadir}/dbus-1/system-services/org.freedesktop.import1.service \ + ${datadir}/dbus-1/system-services/org.freedesktop.machine1.service \ + ${datadir}/dbus-1/system.d/org.freedesktop.import1.conf \ + ${datadir}/dbus-1/system.d/org.freedesktop.machine1.conf \ + ${datadir}/polkit-1/actions/org.freedesktop.import1.policy \ + ${datadir}/polkit-1/actions/org.freedesktop.machine1.policy \ + " + +# "machinectl import-tar" uses "tar --numeric-owner", not supported by busybox. +RRECOMMENDS:${PN}-container += "\ + ${PN}-journal-gatewayd \ + ${PN}-journal-remote \ + ${PN}-journal-upload \ + kernel-module-dm-mod \ + kernel-module-loop \ + kernel-module-tun \ + tar \ + " + +FILES:${PN}-extra-utils = "\ + ${base_bindir}/systemd-escape \ + ${base_bindir}/systemd-inhibit \ + ${bindir}/systemd-detect-virt \ + ${bindir}/systemd-dissect \ + ${bindir}/systemd-path \ + ${bindir}/systemd-run \ + ${bindir}/systemd-cat \ + ${bindir}/systemd-creds \ + ${bindir}/systemd-cryptenroll \ + ${bindir}/systemd-delta \ + ${bindir}/systemd-cgls \ + ${bindir}/systemd-cgtop \ + ${bindir}/systemd-stdio-bridge \ + ${base_bindir}/systemd-ask-password \ + ${base_bindir}/systemd-tty-ask-password-agent \ + ${systemd_system_unitdir}/initrd.target.wants/systemd-pcrphase-initrd.path \ + ${systemd_system_unitdir}/systemd-ask-password-console.path \ + ${systemd_system_unitdir}/systemd-ask-password-console.service \ + ${systemd_system_unitdir}/systemd-ask-password-wall.path \ + ${systemd_system_unitdir}/systemd-ask-password-wall.service \ + ${systemd_system_unitdir}/sysinit.target.wants/systemd-ask-password-console.path \ + ${systemd_system_unitdir}/sysinit.target.wants/systemd-ask-password-wall.path \ + ${systemd_system_unitdir}/sysinit.target.wants/systemd-pcrphase.path \ + ${systemd_system_unitdir}/sysinit.target.wants/systemd-pcrphase-sysinit.path \ + ${systemd_system_unitdir}/multi-user.target.wants/systemd-ask-password-wall.path \ + ${rootlibexecdir}/systemd/systemd-resolve-host \ + ${rootlibexecdir}/systemd/systemd-ac-power \ + ${rootlibexecdir}/systemd/systemd-activate \ + ${rootlibexecdir}/systemd/systemd-bus-proxyd \ + ${systemd_system_unitdir}/systemd-bus-proxyd.service \ + ${systemd_system_unitdir}/systemd-bus-proxyd.socket \ + ${rootlibexecdir}/systemd/systemd-measure \ + ${rootlibexecdir}/systemd/systemd-pcrphase \ + ${rootlibexecdir}/systemd/systemd-socket-proxyd \ + ${rootlibexecdir}/systemd/systemd-reply-password \ + ${rootlibexecdir}/systemd/systemd-sleep \ + ${rootlibexecdir}/systemd/system-sleep \ + ${systemd_system_unitdir}/systemd-hibernate.service \ + ${systemd_system_unitdir}/systemd-hybrid-sleep.service \ + ${systemd_system_unitdir}/systemd-pcrphase-initrd.service \ + ${systemd_system_unitdir}/systemd-pcrphase.service \ + ${systemd_system_unitdir}/systemd-pcrphase-sysinit.service \ + ${systemd_system_unitdir}/systemd-suspend.service \ + ${systemd_system_unitdir}/sleep.target \ + ${rootlibexecdir}/systemd/systemd-initctl \ + ${systemd_system_unitdir}/systemd-initctl.service \ + ${systemd_system_unitdir}/systemd-initctl.socket \ + ${systemd_system_unitdir}/sockets.target.wants/systemd-initctl.socket \ + ${rootlibexecdir}/systemd/system-generators/systemd-gpt-auto-generator \ + ${rootlibexecdir}/systemd/systemd-cgroups-agent \ +" + +FILES:${PN}-udev-rules = "\ + ${rootlibexecdir}/udev/rules.d/70-uaccess.rules \ + ${rootlibexecdir}/udev/rules.d/71-seat.rules \ + ${rootlibexecdir}/udev/rules.d/73-seat-late.rules \ + ${rootlibexecdir}/udev/rules.d/99-systemd.rules \ +" + +CONFFILES:${PN} = "${sysconfdir}/systemd/coredump.conf \ + ${sysconfdir}/systemd/journald.conf \ + ${sysconfdir}/systemd/logind.conf \ + ${sysconfdir}/systemd/networkd.conf \ + ${sysconfdir}/systemd/pstore.conf \ + ${sysconfdir}/systemd/resolved.conf \ + ${sysconfdir}/systemd/sleep.conf \ + ${sysconfdir}/systemd/system.conf \ + ${sysconfdir}/systemd/timesyncd.conf \ + ${sysconfdir}/systemd/user.conf \ +" + +FILES:${PN} = " ${base_bindir}/* \ + ${base_sbindir}/shutdown \ + ${base_sbindir}/halt \ + ${base_sbindir}/poweroff \ + ${base_sbindir}/runlevel \ + ${base_sbindir}/telinit \ + ${base_sbindir}/resolvconf \ + ${base_sbindir}/reboot \ + ${base_sbindir}/init \ + ${datadir}/dbus-1/services \ + ${datadir}/dbus-1/system-services \ + ${datadir}/polkit-1 \ + ${datadir}/${BPN} \ + ${datadir}/factory \ + ${sysconfdir}/dbus-1/ \ + ${sysconfdir}/modules-load.d/ \ + ${sysconfdir}/pam.d/ \ + ${sysconfdir}/profile.d/ \ + ${sysconfdir}/sysctl.d/ \ + ${sysconfdir}/systemd/ \ + ${sysconfdir}/tmpfiles.d/ \ + ${sysconfdir}/xdg/ \ + ${sysconfdir}/init.d/README \ + ${sysconfdir}/resolv-conf.systemd \ + ${sysconfdir}/X11/xinit/xinitrc.d/* \ + ${rootlibexecdir}/systemd/* \ + ${rootlibdir}/systemd/libsystemd-core* \ + ${libdir}/pam.d \ + ${nonarch_libdir}/pam.d \ + ${systemd_unitdir}/* \ + ${base_libdir}/security/*.so \ + /cgroup \ + ${bindir}/systemd* \ + ${bindir}/busctl \ + ${bindir}/coredumpctl \ + ${bindir}/localectl \ + ${bindir}/hostnamectl \ + ${bindir}/resolvectl \ + ${bindir}/timedatectl \ + ${bindir}/bootctl \ + ${bindir}/oomctl \ + ${bindir}/userdbctl \ + ${exec_prefix}/lib/tmpfiles.d/*.conf \ + ${exec_prefix}/lib/systemd \ + ${exec_prefix}/lib/modules-load.d \ + ${exec_prefix}/lib/sysctl.d \ + ${exec_prefix}/lib/sysusers.d \ + ${exec_prefix}/lib/environment.d \ + ${localstatedir} \ + ${rootlibexecdir}/modprobe.d/systemd.conf \ + ${rootlibexecdir}/modprobe.d/README \ + ${datadir}/dbus-1/system.d/org.freedesktop.timedate1.conf \ + ${datadir}/dbus-1/system.d/org.freedesktop.locale1.conf \ + ${datadir}/dbus-1/system.d/org.freedesktop.network1.conf \ + ${datadir}/dbus-1/system.d/org.freedesktop.resolve1.conf \ + ${datadir}/dbus-1/system.d/org.freedesktop.systemd1.conf \ + ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', '${datadir}/dbus-1/system.d/org.freedesktop.hostname1_no_polkit.conf', '', d)} \ + ${datadir}/dbus-1/system.d/org.freedesktop.hostname1.conf \ + ${datadir}/dbus-1/system.d/org.freedesktop.login1.conf \ + ${datadir}/dbus-1/system.d/org.freedesktop.timesync1.conf \ + ${datadir}/dbus-1/system.d/org.freedesktop.portable1.conf \ + ${datadir}/dbus-1/system.d/org.freedesktop.oom1.conf \ + ${datadir}/dbus-1/system.d/org.freedesktop.home1.conf \ + " + +FILES:${PN}-dev += "${base_libdir}/security/*.la ${datadir}/dbus-1/interfaces/ ${sysconfdir}/rpm/macros.systemd" + +RDEPENDS:${PN} += "kmod dbus util-linux-mount util-linux-umount udev (= ${EXTENDPKGV}) systemd-udev-rules util-linux-agetty util-linux-fsck" +RDEPENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'serial-getty-generator', '', 'systemd-serialgetty', d)}" +RDEPENDS:${PN} += "volatile-binds" + +RRECOMMENDS:${PN} += "systemd-extra-utils \ + udev-hwdb \ + e2fsprogs-e2fsck \ + kernel-module-autofs4 kernel-module-unix kernel-module-ipv6 kernel-module-sch-fq-codel \ + os-release \ + systemd-conf \ +" + +INSANE_SKIP:${PN} += "dev-so libdir" +INSANE_SKIP:${PN}-dbg += "libdir" +INSANE_SKIP:${PN}-doc += " libdir" +INSANE_SKIP:libsystemd-shared += "libdir" + +FILES:libsystemd-shared = "${rootlibdir}/systemd/libsystemd-shared*.so" + +RPROVIDES:udev = "hotplug" + +RDEPENDS:udev-hwdb += "udev" + +FILES:udev += "${base_sbindir}/udevd \ + ${rootlibexecdir}/systemd/network/99-default.link \ + ${rootlibexecdir}/systemd/systemd-udevd \ + ${rootlibexecdir}/udev/accelerometer \ + ${rootlibexecdir}/udev/ata_id \ + ${rootlibexecdir}/udev/cdrom_id \ + ${rootlibexecdir}/udev/collect \ + ${rootlibexecdir}/udev/dmi_memory_id \ + ${rootlibexecdir}/udev/fido_id \ + ${rootlibexecdir}/udev/findkeyboards \ + ${rootlibexecdir}/udev/keyboard-force-release.sh \ + ${rootlibexecdir}/udev/keymap \ + ${rootlibexecdir}/udev/mtd_probe \ + ${rootlibexecdir}/udev/scsi_id \ + ${rootlibexecdir}/udev/v4l_id \ + ${rootlibexecdir}/udev/keymaps \ + ${rootlibexecdir}/udev/rules.d/50-udev-default.rules \ + ${rootlibexecdir}/udev/rules.d/60-autosuspend.rules \ + ${rootlibexecdir}/udev/rules.d/60-autosuspend-chromiumos.rules \ + ${rootlibexecdir}/udev/rules.d/60-block.rules \ + ${rootlibexecdir}/udev/rules.d/60-cdrom_id.rules \ + ${rootlibexecdir}/udev/rules.d/60-drm.rules \ + ${rootlibexecdir}/udev/rules.d/60-evdev.rules \ + ${rootlibexecdir}/udev/rules.d/60-fido-id.rules \ + ${rootlibexecdir}/udev/rules.d/60-infiniband.rules \ + ${rootlibexecdir}/udev/rules.d/60-input-id.rules \ + ${rootlibexecdir}/udev/rules.d/60-persistent-alsa.rules \ + ${rootlibexecdir}/udev/rules.d/60-persistent-input.rules \ + ${rootlibexecdir}/udev/rules.d/60-persistent-storage.rules \ + ${rootlibexecdir}/udev/rules.d/60-persistent-storage-tape.rules \ + ${rootlibexecdir}/udev/rules.d/60-persistent-v4l.rules \ + ${rootlibexecdir}/udev/rules.d/60-sensor.rules \ + ${rootlibexecdir}/udev/rules.d/60-serial.rules \ + ${rootlibexecdir}/udev/rules.d/61-autosuspend-manual.rules \ + ${rootlibexecdir}/udev/rules.d/64-btrfs.rules \ + ${rootlibexecdir}/udev/rules.d/70-camera.rules \ + ${rootlibexecdir}/udev/rules.d/70-joystick.rules \ + ${rootlibexecdir}/udev/rules.d/70-memory.rules \ + ${rootlibexecdir}/udev/rules.d/70-mouse.rules \ + ${rootlibexecdir}/udev/rules.d/70-power-switch.rules \ + ${rootlibexecdir}/udev/rules.d/70-touchpad.rules \ + ${rootlibexecdir}/udev/rules.d/75-net-description.rules \ + ${rootlibexecdir}/udev/rules.d/75-probe_mtd.rules \ + ${rootlibexecdir}/udev/rules.d/78-sound-card.rules \ + ${rootlibexecdir}/udev/rules.d/80-drivers.rules \ + ${rootlibexecdir}/udev/rules.d/80-net-setup-link.rules \ + ${rootlibexecdir}/udev/rules.d/81-net-dhcp.rules \ + ${rootlibexecdir}/udev/rules.d/90-vconsole.rules \ + ${rootlibexecdir}/udev/rules.d/README \ + ${sysconfdir}/udev \ + ${sysconfdir}/init.d/systemd-udevd \ + ${systemd_system_unitdir}/*udev* \ + ${systemd_system_unitdir}/*.wants/*udev* \ + ${base_bindir}/systemd-hwdb \ + ${base_bindir}/udevadm \ + ${base_sbindir}/udevadm \ + ${datadir}/bash-completion/completions/udevadm \ + ${systemd_system_unitdir}/systemd-hwdb-update.service \ + " + +FILES:udev-hwdb = "${rootlibexecdir}/udev/hwdb.d \ + " + +RCONFLICTS:${PN} = "tiny-init ${@bb.utils.contains('PACKAGECONFIG', 'resolved', 'resolvconf', '', d)}" + +INITSCRIPT_PACKAGES = "udev" +INITSCRIPT_NAME:udev = "systemd-udevd" +INITSCRIPT_PARAMS:udev = "start 03 S ." + +python __anonymous() { + if not bb.utils.contains('DISTRO_FEATURES', 'sysvinit', True, False, d): + d.setVar("INHIBIT_UPDATERCD_BBCLASS", "1") + + if bb.utils.contains('PACKAGECONFIG', 'repart', True, False, d) and not bb.utils.contains('PACKAGECONFIG', 'openssl', True, False, d): + bb.error("PACKAGECONFIG[repart] requires PACKAGECONFIG[openssl]") + + if bb.utils.contains('PACKAGECONFIG', 'homed', True, False, d) and not bb.utils.contains('PACKAGECONFIG', 'userdb openssl cryptsetup', True, False, d): + bb.error("PACKAGECONFIG[homed] requires PACKAGECONFIG[userdb], PACKAGECONFIG[openssl] and PACKAGECONFIG[cryptsetup]") +} + +python do_warn_musl() { + if d.getVar('TCLIBC') == "musl": + bb.warn("Using systemd with musl is not recommended since it is not supported upstream and some patches are known to be problematic.") +} +addtask warn_musl before do_configure + +ALTERNATIVE:${PN} = "halt reboot shutdown poweroff runlevel ${@bb.utils.contains('PACKAGECONFIG', 'resolved', 'resolv-conf', '', d)}" + +ALTERNATIVE_TARGET[resolv-conf] = "${sysconfdir}/resolv-conf.systemd" +ALTERNATIVE_LINK_NAME[resolv-conf] = "${sysconfdir}/resolv.conf" +ALTERNATIVE_PRIORITY[resolv-conf] ?= "50" + +ALTERNATIVE_TARGET[halt] = "${base_bindir}/systemctl" +ALTERNATIVE_LINK_NAME[halt] = "${base_sbindir}/halt" +ALTERNATIVE_PRIORITY[halt] ?= "300" + +ALTERNATIVE_TARGET[reboot] = "${base_bindir}/systemctl" +ALTERNATIVE_LINK_NAME[reboot] = "${base_sbindir}/reboot" +ALTERNATIVE_PRIORITY[reboot] ?= "300" + +ALTERNATIVE_TARGET[shutdown] = "${base_bindir}/systemctl" +ALTERNATIVE_LINK_NAME[shutdown] = "${base_sbindir}/shutdown" +ALTERNATIVE_PRIORITY[shutdown] ?= "300" + +ALTERNATIVE_TARGET[poweroff] = "${base_bindir}/systemctl" +ALTERNATIVE_LINK_NAME[poweroff] = "${base_sbindir}/poweroff" +ALTERNATIVE_PRIORITY[poweroff] ?= "300" + +ALTERNATIVE_TARGET[runlevel] = "${base_bindir}/systemctl" +ALTERNATIVE_LINK_NAME[runlevel] = "${base_sbindir}/runlevel" +ALTERNATIVE_PRIORITY[runlevel] ?= "300" + +pkg_postinst:${PN}:libc-glibc () { + sed -e '/^hosts:/s/\s*\//' \ + -e 's/\(^hosts:.*\)\(\\)\(.*\)\(\\)\(.*\)/\1\2 myhostname \3\4\5/' \ + -i $D${sysconfdir}/nsswitch.conf +} + +pkg_prerm:${PN}:libc-glibc () { + sed -e '/^hosts:/s/\s*\//' \ + -e '/^hosts:/s/\s*myhostname//' \ + -i $D${sysconfdir}/nsswitch.conf +} + +PACKAGE_WRITE_DEPS += "qemu-native" +pkg_postinst:udev-hwdb () { + if test -n "$D"; then + $INTERCEPT_DIR/postinst_intercept update_udev_hwdb ${PKG} mlprefix=${MLPREFIX} binprefix=${MLPREFIX} rootlibexecdir="${rootlibexecdir}" PREFERRED_PROVIDER_udev="${PREFERRED_PROVIDER_udev}" base_bindir="${base_bindir}" + else + udevadm hwdb --update + fi +} + +pkg_prerm:udev-hwdb () { + rm -f $D${sysconfdir}/udev/hwdb.bin +} + +# This was also fixed in 252.4 with 9b75a3d0 +CVE_CHECK_IGNORE += "CVE-2022-4415" diff --git a/recipes-core/systemd/systemd_253.1.bbappend b/recipes-core/systemd/systemd_253.1.bbappend new file mode 100644 index 0000000..44e4987 --- /dev/null +++ b/recipes-core/systemd/systemd_253.1.bbappend @@ -0,0 +1,9 @@ +PACKAGECONFIG:append = " \ + tpm2 \ + cryptsetup \ + openssl \ + " + +FILES:${PN}-extra-utils:append = " \ + ${base_libdir}/cryptsetup/libcryptsetup-token-systemd-tpm2.so \ + " diff --git a/recipes-crypto/cryptsetup/cryptsetup_2.6.0.bb b/recipes-crypto/cryptsetup/cryptsetup_2.6.0.bb new file mode 100644 index 0000000..70e48a7 --- /dev/null +++ b/recipes-crypto/cryptsetup/cryptsetup_2.6.0.bb @@ -0,0 +1,107 @@ +SUMMARY = "Manage plain dm-crypt and LUKS encrypted volumes" +DESCRIPTION = "Cryptsetup is used to conveniently setup dm-crypt managed \ +device-mapper mappings. These include plain dm-crypt volumes and \ +LUKS volumes. The difference is that LUKS uses a metadata header \ +and can hence offer more features than plain dm-crypt. On the other \ +hand, the header is visible and vulnerable to damage." +HOMEPAGE = "https://gitlab.com/cryptsetup/cryptsetup" +SECTION = "console" +LICENSE = "GPL-2.0-with-OpenSSL-exception" +LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326" + +DEPENDS = " \ + json-c \ + libdevmapper \ + popt \ + util-linux-libuuid \ +" + +DEPENDS:append:libc-musl = " argp-standalone" +LDFLAGS:append:libc-musl = " -largp" + +SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz" +SRC_URI[sha256sum] = "44397ba76e75a9cde5b02177bc63cd7af428a785788e3a7067733e7761842735" + +inherit autotools gettext pkgconfig + +# Use openssl because libgcrypt drops root privileges +# if libgcrypt is linked with libcap support +PACKAGECONFIG ??= " \ + keyring \ + cryptsetup \ + veritysetup \ + cryptsetup-reencrypt \ + integritysetup \ + ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \ + kernel_crypto \ + internal-argon2 \ + blkid \ + luks-adjust-xts-keysize \ + openssl \ + ssh-token \ +" +PACKAGECONFIG:append:class-target = " \ + udev \ +" + +PACKAGECONFIG[keyring] = "--enable-keyring,--disable-keyring" +PACKAGECONFIG[fips] = "--enable-fips,--disable-fips" +PACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-pwquality,libpwquality" +PACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-passwdqc,passwdqc" +PACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-cryptsetup" +PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-veritysetup" +PACKAGECONFIG[cryptsetup-reencrypt] = "--enable-luks2-reencryption,--disable-luks2-reencryption" +PACKAGECONFIG[integritysetup] = "--enable-integritysetup,--disable-integritysetup" +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux" +PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,udev lvm2-udevrules" +PACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--disable-kernel_crypto" +# gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the flag isn't +# recognized. +PACKAGECONFIG[gcrypt-pbkdf2] = "--enable-gcrypt-pbkdf2" +PACKAGECONFIG[internal-argon2] = "--enable-internal-argon2,--disable-internal-argon2" +PACKAGECONFIG[internal-sse-argon2] = "--enable-internal-sse-argon2,--disable-internal-sse-argon2" +PACKAGECONFIG[blkid] = "--enable-blkid,--disable-blkid,util-linux" +PACKAGECONFIG[dev-random] = "--enable-dev-random,--disable-dev-random" +PACKAGECONFIG[luks-adjust-xts-keysize] = "--enable-luks-adjust-xts-keysize,--disable-luks-adjust-xts-keysize" +PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl" +PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt" +PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss" +PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel" +PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle" +PACKAGECONFIG[luks2] = "--with-default-luks-format=LUKS2,--with-default-luks-format=LUKS1" +PACKAGECONFIG[ssh-token] = "--enable-ssh-token,--disable-ssh-token,libssh" + +EXTRA_OECONF = "--enable-static" +# Building without largefile is not supported by upstream +EXTRA_OECONF += "--enable-largefile" +# Requires a static popt library +EXTRA_OECONF += "--disable-static-cryptsetup" +# There's no recipe for libargon2 yet +EXTRA_OECONF += "--disable-libargon2" +# Disable asciidoc manual pages +EXTRA_OECONF += "--disable-asciidoc" + +do_install:append() { + # The /usr/lib/cryptsetup directory is always created, even when ssh-token + # is disabled. In that case it is empty and causes a packaging error. Since + # there is no reason to distribute the empty directory, the easiest solution + # is to remove it if it is empty. + rmdir -p --ignore-fail-on-non-empty ${D}${libdir}/${BPN} +} + +FILES:${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}" + +RDEPENDS:${PN} = " \ + libdevmapper \ +" + +RRECOMMENDS:${PN}:class-target = " \ + kernel-module-aes-generic \ + kernel-module-dm-crypt \ + kernel-module-md5 \ + kernel-module-cbc \ + kernel-module-sha256-generic \ + kernel-module-xts \ +" + +BBCLASSEXTEND = "native nativesdk" diff --git a/recipes-extended/libpwquality/libpwquality_%.bbappend b/recipes-extended/libpwquality/libpwquality_%.bbappend new file mode 100644 index 0000000..1ccf1cb --- /dev/null +++ b/recipes-extended/libpwquality/libpwquality_%.bbappend @@ -0,0 +1,7 @@ +# Copyright (C) 2023 Vincent BENOIT +# Release under the MIT license (see COPYING.MIT for the terms) + +FILES:${PN} += "/usr/bin/pwmake" + +BBCLASSEXTEND = "native" +#FILES:${PN}-dev += "/usr/bin/pwmake" diff --git a/recipes-scle/cyber-cryptfs/cyber-cryptfs.bb b/recipes-scle/cyber-cryptfs/cyber-cryptfs.bb new file mode 100644 index 0000000..435ff0c --- /dev/null +++ b/recipes-scle/cyber-cryptfs/cyber-cryptfs.bb @@ -0,0 +1,25 @@ +# Copyright (C) 2023 Vincent BENOIT +# Release under the MIT license (see COPYING.MIT for the terms) + +SUMMARY = "Cryptfs files" +MAINTAINER = "Vincent BENOIT " +LICENSE = "CLOSED" + +SRC_URI = " \ + file://cryptfs \ + file://cryptfs_tpm2 \ + " + +S = "${WORKDIR}" + +do_install() { + install -d ${D}${sysconfdir}/cryptfs + install -m 0644 ${S}/cryptfs_tpm2 ${D}${sysconfdir}/cryptfs/tpm2 + install -d ${D}${bindir} + install -m 0755 ${S}/cryptfs ${D}${bindir}/cryptfs +} + +FILES:${PN} = " \ + ${sysconfdir}/cryptfs/tpm2 \ + ${bindir}/cryptfs \ + " diff --git a/recipes-scle/cyber-cryptfs/files/cryptfs b/recipes-scle/cyber-cryptfs/files/cryptfs new file mode 100644 index 0000000..aeb9252 --- /dev/null +++ b/recipes-scle/cyber-cryptfs/files/cryptfs @@ -0,0 +1,146 @@ +#!/bin/sh +# Copyright (C) 2022 Fondries.IO +# SPDX-License-Identifier: MIT +# +# Encrypt (reencrypt) root device with LUKS2 + +fatal() { + echo "$1" + exit 1 +} + +msg() { + echo "$1" +} + +cryptfs_enabled() { + return 0 +} + +e2fsck_check() { + if [ -n "`which e2fsck`" ]; then + fsckout=`e2fsck -p -v ${1}` + fsckret=$? + # Avoid empty newline after summary + echo "e2fsck: ${fsckout}" >/dev/kmsg + # Return code >= 4 means uncorrected / operational error + ## TODO: force boot into a recovery mode or similar, as there is really not + ## much we can do in case the fs is corrupted in a bad way + if [ "${fsckret}" -ge "4" ]; then + echo "e2fsck: WARNING: file system errors left uncorrected: ret ${fsckret}" >/dev/kmsg + fi + fi +} + +cryptfs_gen_passphrase() { + # Static as at this point we just need a key for encrypting and later enrolling a new keyslot + mkdir -p /run/cryptsetup + echo -n "scle" > /run/cryptsetup/passphrase +} + +cryptfs_run() { + # Similar to rootfs, we need to wait for the device to become available + C=0 + delay=${bootparam_rootdelay:-1} + timeout=${bootparam_roottimeout:-5} + #while true; do + # if [ $(( $C * $delay )) -gt $timeout ]; then + # fatal "root '$bootparam_root' doesn't exist or does not contain a /dev." + # fi + + # if [ -n "$bootparam_root" ]; then + # root_dev="$bootparam_root" + # if [ "`echo ${bootparam_root} | cut -c1-5`" = "UUID=" ]; then + # root_uuid=`echo $bootparam_root | cut -c6-` + # root_dev=`readlink -f /dev/disk/by-uuid/$root_uuid` + # elif [ "`echo ${bootparam_root} | cut -c1-9`" = "PARTUUID=" ]; then + # root_partuuid=`echo $bootparam_root | cut -c10-` + # root_dev=`readlink -f /dev/disk/by-partuuid/$root_partuuid` + # elif [ "`echo ${bootparam_root} | cut -c1-10`" = "PARTLABEL=" ]; then + # root_partlabel=`echo $bootparam_root | cut -c11-` + # root_dev=`readlink -f /dev/disk/by-partlabel/$root_partlabel` + # elif [ "`echo ${bootparam_root} | cut -c1-6`" = "LABEL=" ]; then + # root_label=`echo $bootparam_root | cut -c7-` + # root_dev=`readlink -f /dev/disk/by-label/$root_label` + # fi + + # [ -e "$root_dev" ] && break + # fi + # debug "Sleeping for $delay second(s) to wait root to settle..." + # sleep $delay + # C=$(( $C + 1 )) + #done + + flags="" + root_dev="/dev/mmcblk0p3" + ROOTFS_DIR="/data" + key_slot=8 + + # Identify desired token format (e.g. pkcs11, tpm2, etc) and import required functions + if [ ! -d /etc/cryptfs ]; then + fatal "No initramfs cryptfs module found" + fi + luks_token=`ls /etc/cryptfs | head -n1` + if [ -z "${luks_token}" ]; then + fatal "No valid initramfs cryptfs module found" + fi + . /etc/cryptfs/${luks_token} + + cryptfs_check_${luks_token} + + cryptfs_gen_passphrase + + if ! cryptsetup isLuks ${root_dev}; then + # Partition not yet encrypted + msg "${root_dev} not yet encrypted, encrypting with LUKS2" + e2fsck_check ${root_dev} + block_size=`dumpe2fs -h ${root_dev} 2>/dev/null | grep "^Block size" | cut -d ':' -f 2 | tr -d ' '` + block_count=`dumpe2fs -h ${root_dev} 2>/dev/null | grep "^Block count" | cut -d ':' -f 2 | tr -d ' '` + luks_size=33554432 # 32M + new_block_count=$(($block_count - $luks_size / $block_size)) + resize2fs -p ${root_dev} ${new_block_count} + if [ $? -ne 0 ]; then + fatal "Failed to resize ${root_dev} to allow extra size required for luks support" + fi + + cat /run/cryptsetup/passphrase | cryptsetup -v luksFormat --type luks2 --key-slot ${key_slot} --disable-locks --reduce-device-size 32m ${root_dev} + + # Align label and UUID if used as boot parameter (not safe, better use the proper device path instead) + if [ -n "$root_label" ]; then + cryptsetup config --label ${root_label} ${root_dev} + fi + if [ -n "$root_uuid" ]; then + yes | cryptsetup luksUUID --uuid ${root_uuid} ${root_dev} + fi + fi + + luks_name="`basename ${root_dev}`_crypt" + + # Check if online encryption is still in progress + if cryptsetup luksDump ${root_dev} | grep -q "online-reencrypt"; then + # Run recovery process + cat /run/cryptsetup/passphrase | cryptsetup luksOpen ${root_dev} ${luks_name} + e2fsck_check /dev/mapper/${luks_name} + cat /run/cryptsetup/passphrase | cryptsetup -v reencrypt --resume-only ${root_dev} + cryptsetup close ${luks_name} + fi + + cryptfs_pre_${luks_token} + + if ! cryptsetup luksDump ${root_dev} | grep -q "clevis"; then + msg "Enrolling LUKS2 keyslot based on ${luks_token} token" + cryptfs_enroll_${luks_token} ${root_dev} ${key_slot} + fi + +# ! cryptsetup luksOpen ${root_dev} ${luks_name} && +# fatal "Unable to open the LUKS partition ${root_dev} with the enrolled ${luks_token} token" + + cryptfs_post_${luks_token} ${root_dev} ${luks_name} + + e2fsck_check /dev/mapper/${luks_name} + + mount ${flags} /dev/mapper/${luks_name} ${ROOTFS_DIR} || + (cryptsetup luksClose ${luks_name} && fatal "Failed to mount LUKS ${luks_name}") +} + +cryptfs_run diff --git a/recipes-scle/cyber-cryptfs/files/cryptfs_tpm2 b/recipes-scle/cyber-cryptfs/files/cryptfs_tpm2 new file mode 100644 index 0000000..9f6f3d5 --- /dev/null +++ b/recipes-scle/cyber-cryptfs/files/cryptfs_tpm2 @@ -0,0 +1,30 @@ +# Copyright (C) 2022 Fondries.IO +# SPDX-License-Identifier: MIT + +cryptfs_check_tpm2() { +# [ ! -d /sys/firmware/efi/efivars ] && fatal "EFI vars sysfs mount point not found" +# +# # Check for SecureBoot support as PCR 7 differs based on its state +# efi_secure=`hexdump /sys/firmware/efi/efivars/SecureBoot-* | head -n1 | awk '{print $4}'` +# efi_mode=`hexdump /sys/firmware/efi/efivars/SetupMode-* | head -n1 | awk '{print $4}'` +# if [ "${efi_secure}" != "0001" ] || [ "${efi_mode}" != "0000" ]; then +# fatal "UEFI SecureBoot not enabled (required due PCR 7)" +# fi + + if [ ! -e /sys/class/tpm ]; then + fatal "Linux TPM subsystem not found" + fi +} + +cryptfs_pre_tpm2() { + : +} + +cryptfs_post_tpm2() { + clevis-luks-unlock -d "$1" -n "$2" +} + +cryptfs_enroll_tpm2() { + cat /run/cryptsetup/passphrase | clevis-luks-bind -y -d "$1" -k - tpm2 '{"pcr_bank":"sha256","pcr_ids":"10"}' + cat /run/cryptsetup/passphrase | cryptsetup luksRemoveKey -v "$1" +} diff --git a/recipes-scle/cyber-users/cyber-users.bb b/recipes-scle/cyber-users/cyber-users.bb new file mode 100644 index 0000000..4e58538 --- /dev/null +++ b/recipes-scle/cyber-users/cyber-users.bb @@ -0,0 +1,23 @@ +# Copyright (C) 2023 Vincent BENOIT +# Release under the MIT license (see COPYING.MIT for the terms) + +SUMMARY = "KineIntercom Users" +MAINTAINER = "Vincent BENOIT " +LICENSE = "CLOSED" + +DEPENDS_${PN} = "base-files" + +S = "${WORKDIR}" + +inherit useradd + +USERADD_PACKAGES = "${PN}" + +GROUPADD_PARAM:${PN} = "--system sudo; --system adm; --system crontab; --system gpio; --system dialout;" + +# To change the password use something like this : "mkpasswd -m sha-512 p@ssw0rd -s 'seed'" +# mkpasswd from 'whois' debian package +USERADD_PARAM:${PN} = "--home-dir /home/scle --groups 'sudo,adm,gpio,dialout' --shell /bin/bash --password '\$6\$sclecyber\$IwTxwtX.g2jkN7/6e5ps0lKLJgMNt0C8VRNZPkTc0iMKDIL/HZYcRrMgiB0sBrw8vNWGFRmryJIiqVoFuVb5T/' scle;" + +# Specify whether to produce an output package even if it is empty +ALLOW_EMPTY:${PN} = "1" diff --git a/recipes-security/ecryptfs-utils/ecryptfs-utils_%.bbappend b/recipes-security/ecryptfs-utils/ecryptfs-utils_%.bbappend new file mode 100644 index 0000000..65e22a5 --- /dev/null +++ b/recipes-security/ecryptfs-utils/ecryptfs-utils_%.bbappend @@ -0,0 +1,2 @@ +# Copyright (C) 2023 Vincent BENOIT +# Release under the MIT license (see COPYING.MIT for the terms) diff --git a/recipes-support/eltt2/eltt2.bb b/recipes-support/eltt2/eltt2.bb new file mode 100644 index 0000000..6d9cabb --- /dev/null +++ b/recipes-support/eltt2/eltt2.bb @@ -0,0 +1,28 @@ +# Copyright (C) 2023 Vincent BENOIT +# Release under the MIT license (see COPYING.MIT for the terms) + +SUMMARY = "Infineon Embedded Linux TPM Toolbox 2 (ELTT2) for TPM 2.0" +MAINTAINER = "Vincent BENOIT " +LICENSE = "CLOSED" + +SRC_URI = "git://github.com/Infineon/eltt2.git;protocol=https;branch=master" +SRC_URI[sha256sum] = "81a71c03c09116f81c90ca4721ab7e6f9ca0beaec381edf7880a85ef04820632" + +SRCREV = "3d55476179da9bd61c2df1ba1ef010afe27e7776" +PV = "1.0" + +S = "${WORKDIR}/git" + +FILES:${PN} += "${bindir}/eltt2" + +EXTRA_OEMAKE = "'CC=${CC}' 'CFLAGS=${CFLAGS}'" +TARGET_CC_ARCH += "${LDFLAGS}" + +do_compile() { + oe_runmake +} + +do_install() { + install -d ${D}${bindir} + install -m 0755 ${S}/eltt2 ${D}${bindir}/ +} diff --git a/recipes-tpm2/clevis/clevis_19.bb b/recipes-tpm2/clevis/clevis_19.bb new file mode 100644 index 0000000..4cb9a93 --- /dev/null +++ b/recipes-tpm2/clevis/clevis_19.bb @@ -0,0 +1,43 @@ +# Copyright (C) 2023 Vincent BENOIT +# Release under the MIT license (see COPYING.MIT for the terms) + +SUMMARY = "Clevis is a pluggable framework for automated decryption. It can be used to provide automated decryption of data or even automated unlocking of LUKS volumes" +MAINTAINER = "Vincent BENOIT " +LICENSE = "GPL-3.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" + +DEPENDS = " \ + cmake-native \ + jansson \ + jose \ + cryptsetup \ + systemd \ + curl-native \ + tpm2-tools-native \ + luksmeta \ + libpwquality-native \ + udisks2 \ + audit \ + " + +RDEPENDS:${PN} += "bash libpwquality cryptsetup udisks2 audit" + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" +SRC_URI = " \ + git://github.com/latchset/clevis.git;protocol=https;branch=master \ + file://0001-tests-depedencies-errors.patch \ + " +SRC_URI[sha256sum] = "" + +SRCREV = "0bb86d3714befc29b6de5e1d4f7911635eeab56e" +PV = "19" + +S = "${WORKDIR}/git" + +inherit meson pkgconfig + +FILES:${PN} += " /lib/systemd/system/clevis-*" + +FILES:${PN}-doc = " \ + /usr/share/bash-completion/* \ + " diff --git a/recipes-tpm2/clevis/files/0001-tests-depedencies-errors.patch b/recipes-tpm2/clevis/files/0001-tests-depedencies-errors.patch new file mode 100644 index 0000000..3b0bc33 --- /dev/null +++ b/recipes-tpm2/clevis/files/0001-tests-depedencies-errors.patch @@ -0,0 +1,10 @@ +diff --git a/src/luks/meson.build b/src/luks/meson.build +index 3d35e48..b7d9ee8 100644 +--- a/src/luks/meson.build ++++ b/src/luks/meson.build +@@ -69,4 +69,4 @@ else + endif + + # Tests. +-subdir('tests') ++#subdir('tests') diff --git a/recipes-tpm2/jose/jose_11.bb b/recipes-tpm2/jose/jose_11.bb new file mode 100644 index 0000000..6fb3a95 --- /dev/null +++ b/recipes-tpm2/jose/jose_11.bb @@ -0,0 +1,29 @@ +# Copyright (C) 2023 Vincent BENOIT +# Release under the MIT license (see COPYING.MIT for the terms) + +SUMMARY = "José is a C-language implementation of the Javascript Object Signing and Encryption standards" +MAINTAINER = "Vincent BENOIT " +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=34400b68072d710fecd0a2940a0d1658" + +DEPENDS = " \ + zlib \ + jansson \ + openssl \ + cryptsetup \ + " + +SRC_URI = "git://github.com/latchset/jose.git;protocol=https;branch=master" +SRC_URI[sha256sum] = "" + +SRCREV = "145c41a4ec70c15f6f8aa12a915e16cb60f0991f" +PV = "11" + +S = "${WORKDIR}/git" + +inherit meson pkgconfig + +FILES:${PN}-doc = " \ + /usr/share/licenses/jose/COPYING \ + /usr/share/man/man3/* \ + " diff --git a/recipes-tpm2/luksmeta/luksmeta_9.bb b/recipes-tpm2/luksmeta/luksmeta_9.bb new file mode 100644 index 0000000..c5c24e1 --- /dev/null +++ b/recipes-tpm2/luksmeta/luksmeta_9.bb @@ -0,0 +1,24 @@ +# Copyright (C) 2023 Vincent BENOIT +# Release under the MIT license (see COPYING.MIT for the terms) + +SUMMARY = "LUKSMeta is a simple library for storing metadata in the LUKSv1 header" +MAINTAINER = "Vincent BENOIT " +LICENSE = "LGPL-2.1-or-later" +LIC_FILES_CHKSUM = "file://COPYING;md5=4e9dfcb21c14eb0c40ae8ba436d3bb7a" + +DEPENDS = " \ + cryptsetup \ + " + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" +SRC_URI = " \ + git://github.com/latchset/luksmeta.git;protocol=https;branch=master \ + " +SRC_URI[sha256sum] = "" + +SRCREV = "3e3cba3944703b12b0010154654b032c78aaa94c" +PV = "9" + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig diff --git a/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_%.bbappend b/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_%.bbappend new file mode 100644 index 0000000..af08aa5 --- /dev/null +++ b/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_%.bbappend @@ -0,0 +1 @@ +RDEPENDS:${PN} += "libtss2-tcti-device" diff --git a/recipes-tpm2/tpm2-tools/tpm2-tools_%.bbappend b/recipes-tpm2/tpm2-tools/tpm2-tools_%.bbappend new file mode 100644 index 0000000..0e8c92d --- /dev/null +++ b/recipes-tpm2/tpm2-tools/tpm2-tools_%.bbappend @@ -0,0 +1,3 @@ +# Copyright (C) 2023 Vincent BENOIT +# Release under the MIT license (see COPYING.MIT for the terms) +BBCLASSEXTEND = "native" diff --git a/recipes-tpm2/tpm2-tss/tpm2-tss_%.bbappend b/recipes-tpm2/tpm2-tss/tpm2-tss_%.bbappend new file mode 100644 index 0000000..0e8c92d --- /dev/null +++ b/recipes-tpm2/tpm2-tss/tpm2-tss_%.bbappend @@ -0,0 +1,3 @@ +# Copyright (C) 2023 Vincent BENOIT +# Release under the MIT license (see COPYING.MIT for the terms) +BBCLASSEXTEND = "native" diff --git a/scripts/envsetup.sh b/scripts/envsetup.sh new file mode 100644 index 0000000..d810d9a --- /dev/null +++ b/scripts/envsetup.sh @@ -0,0 +1,274 @@ +#!/bin/bash + +#---------------------------------------------- +# Make sure script has been sourced +# +if [ "$0" = "$BASH_SOURCE" ]; then + echo "###################################" + echo "ERROR: YOU MUST SOURCE the script" + echo "###################################" + exit 1 +fi + +BUILD_DIR=$1 + +# Init env var +SCLE_ROOT_DIR=`realpath $PWD` +SCLE_DIR="meta-cyber-secureboot" + +if [ "a${SCLE_DL_DIR}" = "a" ]; then + SCLE_DL_DIR="$SCLE_ROOT_DIR/oe-downloads" +fi + +if [ "a${SCLE_SSTATE_DIR}" = "a" ]; then + SCLE_SSTATE_DIR="${SCLE_ROOT_DIR}/sstate-cache" +fi + +# Use utf-8 encoding +if ! echo $LANG | grep -q "en_US.UTF-8" +then + export LANG="en_US.UTF-8" +fi + +if [ "a${DISTRO}" = "a" ]; then + DISTRO="cyber-secureboot" +fi + +if [ "a${MACHINE}" = "a" ]; then + MACHINE="pengwyn" +fi + +if [ "a${VERS}" = "a" ]; then + VERS="none" +fi + +if [ "a${REV}" = "a" ]; then + REV="0" +fi + +_TEMPLATECONF="$SCLE_ROOT_DIR/${SCLE_DIR}/conf/template/" + +#---------------------------------------------- +# Standard Openembedded init +# +echo -e "[source $SCLE_ROOT_DIR/poky/oe-init-build-env]" +TEMPLATECONF=${_TEMPLATECONF} source $SCLE_ROOT_DIR/poky/oe-init-build-env ${BUILD_DIR} > /dev/null 2> /dev/null + +_FORMAT_PATTERN='::-::' +###################################################### +# Make selection for requested from provided using shell or ui choice +# +_choice_shell() { + #format list to have display aligned on column with '-' separation between name and description + local options=$(echo "$2" | column -t -s "::") + if [ "z$ZSH_NAME" != "z" ] + then + # zsh don't split string as expected (see http://zsh.sourceforge.net/FAQ/zshfaq03.html) + eval "options=($options)" + fi + + #change separator from 'space' to 'end of line' for 'select' command + old_IFS=$IFS + IFS=$'\n' + local i=1 + unset LAUNCH_MENU_CHOICES + for opt in $options; do + printf "%3.3s. %s\n" $i $opt + LAUNCH_MENU_CHOICES=(${LAUNCH_MENU_CHOICES[@]} $opt) + i=$(($i+1)) + done + IFS=$old_IFS + # Item selection from list + local selection="" + while [ -z "$selection" ]; do + echo -n "Please enter your choice of $1 (1-$(echo "$options" | wc -l)): " + read answer + if [[ $answer =~ ^[0-9]+$ ]]; then + if [ $answer -gt 0 ] && [ $answer -le ${#LAUNCH_MENU_CHOICES[@]} ]; then + if [ "z$ZSH_NAME" != "z" ] + then + selection=${LAUNCH_MENU_CHOICES[$(($answer))]} + else + selection=${LAUNCH_MENU_CHOICES[$(($answer-1))]} + fi + break + fi + fi + echo "Invalid choice: $answer" + done + eval $1=$(echo $selection | cut -d' ' -f1) +} + +_choice_ui() { + local target="" + #change separator from 'space' to 'end of line' to get full line + old_IFS=$IFS + IFS=$'\n' + for ITEM in $2; do + local target_name=$(echo $ITEM | awk -F''"${_FORMAT_PATTERN}"'' '{print $1}') + local target_desc=$(echo $ITEM | awk -F''"${_FORMAT_PATTERN}"'' '{print $NF}') + TARGETTABLE+=($target_name "$target_desc" OFF) + done + IFS=$old_IFS + while [[ -z $target ]] + do + target=$(${UI_CMD} --title "Available $1" --radiolist "Please choose a $1" 0 0 0 "${TARGETTABLE[@]}" 3>&1 1>&2 2>&3) + test -z $target || break + #display dialog box to provide some help to user + ${UI_CMD} --title "How to select $1" --msgbox "Keyboard usage:\n\n'ENTER' to validate\n'SPACE' to select\n 'TAB' to navigate" 0 0 + done + unset TARGETTABLE + unset ITEM + eval $1=$target +} + +choice() { + local __TARGET=$1 + local choices="$2" + echo "[$__TARGET configuration]" + if [ $(echo "$choices" | wc -l) -eq 1 ]; then + eval $__TARGET=$(echo $choices | awk -F''"${_FORMAT_PATTERN}"'' '{print $1}') + else + if ! [[ -z $DISPLAY ]] && ! [[ -z ${UI_CMD} ]]; then + _choice_ui $__TARGET "$choices" + else + _choice_shell $__TARGET "$choices" + fi + fi + echo "Selected $__TARGET: $(eval echo \$$__TARGET)" + echo "" +} + +###################################################### +# Choose target machine +# +conf_machine() +{ + local choices=$(find ${SCLE_ROOT_DIR}/${SCLE_DIR}/conf/machine/ -name "*.conf" 2>/dev/null | sort | uniq) + + for ITEM in $choices + do + if [[ -z $(grep "#@DESCRIPTION" $ITEM) ]]; then + echo "" + echo "ERROR: No '#@DESCRIPTION' field available in $__CONGIG file:" + echo "$ITEM" + echo "" + return 1 + fi + done + unset ITEM + if [ $(echo $choices | wc -l) -eq 1 ]; then + # return only file name (distro or machine) + echo "$(echo $choices | sed 's|^.*/\(.*\)\.conf|\1|')" + else + echo "$(echo $choices | xargs grep "#@DESCRIPTION" | sed 's|^.*/\(.*\)\.conf:#@DESCRIPTION:[ \t]*\(.*$\)|\1'"${_FORMAT_PATTERN}"'\2|')" + fi +} + + +###################################################### +# Apply configuration to site.conf file +# +conf_siteconf() +{ + _NCPU=$(grep '^processor' /proc/cpuinfo 2>/dev/null | wc -l) + # Sanity check that we have a valid number, if not then fallback to a safe default + [ "$_NCPU" -ge 1 ] 2>/dev/null || _NCPU=2 + + cat > conf/site.conf < !!!! [WARNING] site.conf already exists. Nothing done... !!!!" +else + conf_siteconf +fi + +update_layerconf ${SCLE_ROOT_DIR}/${SCLE_DIR} + +list_images ${SCLE_DIR}