diff options
author | Mike Gilbert <floppym@gentoo.org> | 2019-02-18 18:31:19 -0500 |
---|---|---|
committer | Mike Gilbert <floppym@gentoo.org> | 2019-02-18 18:31:56 -0500 |
commit | b8fdbe1769429ab4e0310916f85275f7a4e5b74e (patch) | |
tree | 299774de6e7e4aa2841bcb23d0e84c10829ffc92 | |
parent | c0e6ffa5671fad0b3830348ff960b8ec4e3d2f27 (diff) | |
download | gentoo-b8fdbe1769429ab4e0310916f85275f7a4e5b74e.tar.gz gentoo-b8fdbe1769429ab4e0310916f85275f7a4e5b74e.tar.xz |
sys-apps/systemd: apply fix for CVE-2019-6454 to 239
Bug: https://bugs.gentoo.org/677944
Package-Manager: Portage-2.3.59_p2, Repoman-2.3.12_p67
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
-rw-r--r-- | sys-apps/systemd/files/CVE-2019-6454.patch | 198 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-239-r4.ebuild | 449 |
2 files changed, 647 insertions, 0 deletions
diff --git a/sys-apps/systemd/files/CVE-2019-6454.patch b/sys-apps/systemd/files/CVE-2019-6454.patch new file mode 100644 index 00000000000..97b7d635e7d --- /dev/null +++ b/sys-apps/systemd/files/CVE-2019-6454.patch @@ -0,0 +1,198 @@ +--- a/src/libsystemd/sd-bus/bus-internal.c ++++ b/src/libsystemd/sd-bus/bus-internal.c +@@ -45,7 +45,7 @@ + if (slash) + return false; + +- return true; ++ return (q - p) <= BUS_PATH_SIZE_MAX; + } + + char* object_path_startswith(const char *a, const char *b) { +--- a/src/libsystemd/sd-bus/bus-internal.h ++++ b/src/libsystemd/sd-bus/bus-internal.h +@@ -333,6 +333,10 @@ + + #define BUS_MESSAGE_SIZE_MAX (128*1024*1024) + #define BUS_AUTH_SIZE_MAX (64*1024) ++/* Note that the D-Bus specification states that bus paths shall have no size limit. We enforce here one ++ * anyway, since truly unbounded strings are a security problem. The limit we pick is relatively large however, ++ * to not clash unnecessarily with real-life applications. */ ++#define BUS_PATH_SIZE_MAX (64*1024) + + #define BUS_CONTAINER_DEPTH 128 + +--- a/src/libsystemd/sd-bus/bus-objects.c ++++ b/src/libsystemd/sd-bus/bus-objects.c +@@ -1134,7 +1134,8 @@ + const char *path, + sd_bus_error *error) { + +- char *prefix; ++ _cleanup_free_ char *prefix = NULL; ++ size_t pl; + int r; + + assert(bus); +@@ -1150,7 +1151,12 @@ + return 0; + + /* Second, add fallback vtables registered for any of the prefixes */ +- prefix = alloca(strlen(path) + 1); ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; ++ + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + r = object_manager_serialize_path(bus, reply, prefix, path, true, error); + if (r < 0) +@@ -1346,6 +1352,7 @@ + } + + int bus_process_object(sd_bus *bus, sd_bus_message *m) { ++ _cleanup_free_ char *prefix = NULL; + int r; + size_t pl; + bool found_object = false; +@@ -1370,9 +1377,12 @@ + assert(m->member); + + pl = strlen(m->path); +- do { +- char prefix[pl+1]; ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; + ++ do { + bus->nodes_modified = false; + + r = object_find_and_run(bus, m, m->path, false, &found_object); +@@ -1499,9 +1509,15 @@ + + n = hashmap_get(bus->nodes, path); + if (!n) { +- char *prefix; ++ _cleanup_free_ char *prefix = NULL; ++ size_t pl; ++ ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; + +- prefix = alloca(strlen(path) + 1); + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + n = hashmap_get(bus->nodes, prefix); + if (n) +@@ -2091,8 +2107,9 @@ + char **names) { + + BUS_DONT_DESTROY(bus); ++ _cleanup_free_ char *prefix = NULL; + bool found_interface = false; +- char *prefix; ++ size_t pl; + int r; + + assert_return(bus, -EINVAL); +@@ -2111,6 +2128,12 @@ + if (names && names[0] == NULL) + return 0; + ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; ++ + do { + bus->nodes_modified = false; + +@@ -2120,7 +2143,6 @@ + if (bus->nodes_modified) + continue; + +- prefix = alloca(strlen(path) + 1); + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + r = emit_properties_changed_on_interface(bus, prefix, path, interface, true, &found_interface, names); + if (r != 0) +@@ -2252,7 +2274,8 @@ + + static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *path) { + _cleanup_set_free_ Set *s = NULL; +- char *prefix; ++ _cleanup_free_ char *prefix = NULL; ++ size_t pl; + int r; + + assert(bus); +@@ -2297,7 +2320,12 @@ + if (bus->nodes_modified) + return 0; + +- prefix = alloca(strlen(path) + 1); ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; ++ + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + r = object_added_append_all_prefix(bus, m, s, prefix, path, true); + if (r < 0) +@@ -2436,7 +2464,8 @@ + + static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char *path) { + _cleanup_set_free_ Set *s = NULL; +- char *prefix; ++ _cleanup_free_ char *prefix = NULL; ++ size_t pl; + int r; + + assert(bus); +@@ -2468,7 +2497,12 @@ + if (bus->nodes_modified) + return 0; + +- prefix = alloca(strlen(path) + 1); ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; ++ + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + r = object_removed_append_all_prefix(bus, m, s, prefix, path, true); + if (r < 0) +@@ -2618,7 +2652,8 @@ + const char *path, + const char *interface) { + +- char *prefix; ++ _cleanup_free_ char *prefix = NULL; ++ size_t pl; + int r; + + assert(bus); +@@ -2632,7 +2667,12 @@ + if (bus->nodes_modified) + return 0; + +- prefix = alloca(strlen(path) + 1); ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; ++ + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + r = interfaces_added_append_one_prefix(bus, m, prefix, path, interface, true); + if (r != 0) + + + diff --git a/sys-apps/systemd/systemd-239-r4.ebuild b/sys-apps/systemd/systemd-239-r4.ebuild new file mode 100644 index 00000000000..c44ada3fd2e --- /dev/null +++ b/sys-apps/systemd/systemd-239-r4.ebuild @@ -0,0 +1,449 @@ +# Copyright 2011-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="https://github.com/systemd/systemd.git" + inherit git-r3 +else + SRC_URI="https://github.com/systemd/systemd/archive/v${PV}/${P}.tar.gz + https://dev.gentoo.org/~floppym/dist/${P}-patches-2.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" +fi + +PYTHON_COMPAT=( python{3_4,3_5,3_6,3_7} ) + +inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev user + +DESCRIPTION="System and service manager for Linux" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd" + +LICENSE="GPL-2 LGPL-2.1 MIT public-domain" +SLOT="0/2" +IUSE="acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi http idn importd +kmod libidn2 +lz4 lzma nat pam pcre policykit qrcode +resolvconf +seccomp selinux +split-usr ssl +sysv-utils test vanilla xkb" + +REQUIRED_USE="importd? ( curl gcrypt lzma )" +RESTRICT="!test? ( test )" + +MINKV="3.11" + +COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] + sys-libs/libcap:0=[${MULTILIB_USEDEP}] + !<sys-libs/glibc-2.16 + acl? ( sys-apps/acl:0= ) + apparmor? ( sys-libs/libapparmor:0= ) + audit? ( >=sys-process/audit-2:0= ) + cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= ) + curl? ( net-misc/curl:0= ) + elfutils? ( >=dev-libs/elfutils-0.158:0= ) + gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) + http? ( + >=net-libs/libmicrohttpd-0.9.33:0= + ssl? ( >=net-libs/gnutls-3.1.4:0= ) + ) + idn? ( + libidn2? ( net-dns/libidn2:= ) + !libidn2? ( net-dns/libidn:= ) + ) + importd? ( + app-arch/bzip2:0= + sys-libs/zlib:0= + ) + kmod? ( >=sys-apps/kmod-15:0= ) + lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) + nat? ( net-firewall/iptables:0= ) + pam? ( virtual/pam:=[${MULTILIB_USEDEP}] ) + pcre? ( dev-libs/libpcre2 ) + qrcode? ( media-gfx/qrencode:0= ) + seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) + selinux? ( sys-libs/libselinux:0= ) + xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )" + +# baselayout-2.2 has /run +RDEPEND="${COMMON_DEPEND} + >=sys-apps/baselayout-2.2 + selinux? ( sec-policy/selinux-base-policy[systemd] ) + sysv-utils? ( !sys-apps/sysvinit ) + !sysv-utils? ( sys-apps/sysvinit ) + resolvconf? ( !net-dns/openresolv ) + !build? ( || ( + sys-apps/util-linux[kill(-)] + sys-process/procps[kill(+)] + sys-apps/coreutils[kill(-)] + ) ) + !sys-auth/nss-myhostname + !<sys-kernel/dracut-044 + !sys-fs/eudev + !sys-fs/udev" + +# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) +PDEPEND=">=sys-apps/dbus-1.9.8[systemd] + >=sys-apps/hwids-20150417[udev] + >=sys-fs/udev-init-scripts-25 + policykit? ( sys-auth/polkit ) + !vanilla? ( sys-apps/gentoo-systemd-integration )" + +# Newer linux-headers needed by ia64, bug #480218 +DEPEND="${COMMON_DEPEND} + app-arch/xz-utils:0 + dev-util/gperf + >=dev-util/intltool-0.50 + >=sys-apps/coreutils-8.16 + >=sys-kernel/linux-headers-${MINKV} + virtual/pkgconfig[${MULTILIB_USEDEP}] + gnuefi? ( >=sys-boot/gnu-efi-3.0.2 ) + test? ( sys-apps/dbus ) + app-text/docbook-xml-dtd:4.2 + app-text/docbook-xml-dtd:4.5 + app-text/docbook-xsl-stylesheets + dev-libs/libxslt:0 + $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') +" + +pkg_pretend() { + if [[ ${MERGE_TYPE} != buildonly ]]; then + local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS + ~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE + ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS + ~TIMERFD ~TMPFS_XATTR ~UNIX + ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH + ~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED + ~!SYSFS_DEPRECATED_V2" + + use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" + use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" + kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG" + kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES" + kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF" + + if linux_config_exists; then + local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) + if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then + ewarn "It's recommended to set an empty value to the following kernel config option:" + ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" + fi + if linux_chkconfig_present X86; then + CONFIG_CHECK+=" ~DMIID" + fi + fi + + if kernel_is -lt ${MINKV//./ }; then + ewarn "Kernel version at least ${MINKV} required" + fi + + check_extra_config + fi +} + +pkg_setup() { + : +} + +src_unpack() { + default + [[ ${PV} != 9999 ]] || git-r3_src_unpack +} + +src_prepare() { + # Do NOT add patches here + local PATCHES=() + + [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches ) + + # Add local patches here + PATCHES+=( + "${FILESDIR}"/239-debug-extra.patch + "${FILESDIR}"/CVE-2019-6454.patch + ) + + if ! use vanilla; then + PATCHES+=( + "${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch" + "${FILESDIR}/gentoo-systemd-user-pam.patch" + "${FILESDIR}/gentoo-uucp-group-r1.patch" + "${FILESDIR}/gentoo-generator-path.patch" + ) + fi + + default +} + +src_configure() { + # Prevent conflicts with i686 cross toolchain, bug 559726 + tc-export AR CC NM OBJCOPY RANLIB + + python_setup + + multilib-minimal_src_configure +} + +meson_use() { + usex "$1" true false +} + +meson_multilib() { + if multilib_is_native_abi; then + echo true + else + echo false + fi +} + +meson_multilib_native_use() { + if multilib_is_native_abi && use "$1"; then + echo true + else + echo false + fi +} + +multilib_src_configure() { + local myconf=( + --localstatedir="${EPREFIX}/var" + -Dpamlibdir="$(getpam_mod_dir)" + # avoid bash-completion dep + -Dbashcompletiondir="$(get_bashcompdir)" + # make sure we get /bin:/sbin in PATH + -Dsplit-usr=$(usex split-usr true false) + -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" + -Dsysvinit-path= + -Dsysvrcnd-path= + # Avoid infinite exec recursion, bug 642724 + -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" + # no deps + -Defi=$(meson_multilib) + -Dima=true + # Optional components/dependencies + -Dacl=$(meson_multilib_native_use acl) + -Dapparmor=$(meson_multilib_native_use apparmor) + -Daudit=$(meson_multilib_native_use audit) + -Dlibcryptsetup=$(meson_multilib_native_use cryptsetup) + -Dlibcurl=$(meson_multilib_native_use curl) + -Delfutils=$(meson_multilib_native_use elfutils) + -Dgcrypt=$(meson_use gcrypt) + -Dgnu-efi=$(meson_multilib_native_use gnuefi) + -Defi-libdir="${EPREFIX}/usr/$(get_libdir)" + -Dmicrohttpd=$(meson_multilib_native_use http) + $(usex http -Dgnutls=$(meson_multilib_native_use ssl) -Dgnutls=false) + -Dimportd=$(meson_multilib_native_use importd) + -Dbzip2=$(meson_multilib_native_use importd) + -Dzlib=$(meson_multilib_native_use importd) + -Dkmod=$(meson_multilib_native_use kmod) + -Dlz4=$(meson_use lz4) + -Dxz=$(meson_use lzma) + -Dlibiptc=$(meson_multilib_native_use nat) + -Dpam=$(meson_use pam) + -Dpcre2=$(meson_multilib_native_use pcre) + -Dpolkit=$(meson_multilib_native_use policykit) + -Dqrencode=$(meson_multilib_native_use qrcode) + -Dseccomp=$(meson_multilib_native_use seccomp) + -Dselinux=$(meson_multilib_native_use selinux) + #-Dtests=$(meson_multilib_native_use test) + -Ddbus=$(meson_multilib_native_use test) + -Dxkbcommon=$(meson_multilib_native_use xkb) + # hardcode a few paths to spare some deps + -Dkill-path=/bin/kill + -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" + # Breaks screen, tmux, etc. + -Ddefault-kill-user-processes=false + + # multilib options + -Dbacklight=$(meson_multilib) + -Dbinfmt=$(meson_multilib) + -Dcoredump=$(meson_multilib) + -Denvironment-d=$(meson_multilib) + -Dfirstboot=$(meson_multilib) + -Dhibernate=$(meson_multilib) + -Dhostnamed=$(meson_multilib) + -Dhwdb=$(meson_multilib) + -Dldconfig=$(meson_multilib) + -Dlocaled=$(meson_multilib) + -Dman=$(meson_multilib) + -Dnetworkd=$(meson_multilib) + -Dquotacheck=$(meson_multilib) + -Drandomseed=$(meson_multilib) + -Drfkill=$(meson_multilib) + -Dsysusers=$(meson_multilib) + -Dtimedated=$(meson_multilib) + -Dtimesyncd=$(meson_multilib) + -Dtmpfiles=$(meson_multilib) + -Dvconsole=$(meson_multilib) + ) + + if multilib_is_native_abi && use idn; then + myconf+=( + -Dlibidn2=$(usex libidn2 true false) + -Dlibidn=$(usex libidn2 false true) + ) + else + myconf+=( + -Dlibidn2=false + -Dlibidn=false + ) + fi + + meson_src_configure "${myconf[@]}" +} + +multilib_src_compile() { + eninja +} + +multilib_src_test() { + unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR + eninja test +} + +multilib_src_install() { + DESTDIR="${D}" eninja install +} + +multilib_src_install_all() { + local rootprefix=$(usex split-usr '' /usr) + + # meson doesn't know about docdir + mv "${ED%/}"/usr/share/doc/{systemd,${PF}} || die + + einstalldocs + dodoc "${FILESDIR}"/nsswitch.conf + + if ! use resolvconf; then + rm -f "${ED%/}${rootprefix}"/sbin/resolvconf || die + fi + + if ! use sysv-utils; then + rm "${ED%/}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die + rm "${ED%/}"/usr/share/man/man1/init.1 || die + rm "${ED%/}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die + fi + + if ! use resolvconf && ! use sysv-utils; then + rmdir "${ED%/}${rootprefix}"/sbin || die + fi + + # Preserve empty dirs in /etc & /var, bug #437008 + keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} + keepdir /etc/systemd/{ntp-units.d,user} /var/lib/systemd + keepdir /etc/udev/{hwdb.d,rules.d} + keepdir /var/log/journal/remote + + # Symlink /etc/sysctl.conf for easy migration. + dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf + + # If we install these symlinks, there is no way for the sysadmin to remove them + # permanently. + rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die + rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.network1.service || die + rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die + rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.resolve1.service || die + rm -fr "${ED%/}"/etc/systemd/system/network-online.target.wants || die + rm -fr "${ED%/}"/etc/systemd/system/sockets.target.wants || die + rm -fr "${ED%/}"/etc/systemd/system/sysinit.target.wants || die + + local udevdir=/lib/udev + use split-usr || udevdir=/usr/lib/udev + + rm -r "${ED%/}${udevdir}/hwdb.d" || die + + if use split-usr; then + # Avoid breaking boot/reboot + dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd + dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown + fi +} + +migrate_locale() { + local envd_locale_def="${EROOT%/}/etc/env.d/02locale" + local envd_locale=( "${EROOT%/}"/etc/env.d/??locale ) + local locale_conf="${EROOT%/}/etc/locale.conf" + + if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then + # If locale.conf does not exist... + if [[ -e ${envd_locale} ]]; then + # ...either copy env.d/??locale if there's one + ebegin "Moving ${envd_locale} to ${locale_conf}" + mv "${envd_locale}" "${locale_conf}" + eend ${?} || FAIL=1 + else + # ...or create a dummy default + ebegin "Creating ${locale_conf}" + cat > "${locale_conf}" <<-EOF + # This file has been created by the sys-apps/systemd ebuild. + # See locale.conf(5) and localectl(1). + + # LANG=${LANG} + EOF + eend ${?} || FAIL=1 + fi + fi + + if [[ ! -L ${envd_locale} ]]; then + # now, if env.d/??locale is not a symlink (to locale.conf)... + if [[ -e ${envd_locale} ]]; then + # ...warn the user that he has duplicate locale settings + ewarn + ewarn "To ensure consistent behavior, you should replace ${envd_locale}" + ewarn "with a symlink to ${locale_conf}. Please migrate your settings" + ewarn "and create the symlink with the following command:" + ewarn "ln -s -n -f ../locale.conf ${envd_locale}" + ewarn + else + # ...or just create the symlink if there's nothing here + ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" + ln -n -s ../locale.conf "${envd_locale_def}" + eend ${?} || FAIL=1 + fi + fi +} + +pkg_postinst() { + newusergroup() { + enewgroup "$1" + enewuser "$1" -1 -1 -1 "$1" + } + + enewgroup input + enewgroup kvm 78 + enewgroup render + enewgroup systemd-journal + newusergroup systemd-bus-proxy + newusergroup systemd-coredump + newusergroup systemd-journal-gateway + newusergroup systemd-journal-remote + newusergroup systemd-journal-upload + newusergroup systemd-network + newusergroup systemd-resolve + newusergroup systemd-timesync + + systemd_update_catalog + + # Keep this here in case the database format changes so it gets updated + # when required. Despite that this file is owned by sys-apps/hwids. + if has_version "sys-apps/hwids[udev]"; then + udevadm hwdb --update --root="${EROOT%/}" + fi + + udev_reload || FAIL=1 + + # Bug 465468, make sure locales are respect, and ensure consistency + # between OpenRC & systemd + migrate_locale + + systemd_reenable systemd-networkd.service systemd-resolved.service + + if [[ ${FAIL} ]]; then + eerror "One of the postinst commands failed. Please check the postinst output" + eerror "for errors. You may need to clean up your system and/or try installing" + eerror "systemd again." + eerror + fi +} + +pkg_prerm() { + # If removing systemd completely, remove the catalog database. + if [[ ! ${REPLACED_BY_VERSION} ]]; then + rm -f -v "${EROOT}"/var/lib/systemd/catalog/database + fi +} |