summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Gilbert <floppym@gentoo.org>2019-02-18 18:31:19 -0500
committerMike Gilbert <floppym@gentoo.org>2019-02-18 18:31:56 -0500
commitb8fdbe1769429ab4e0310916f85275f7a4e5b74e (patch)
tree299774de6e7e4aa2841bcb23d0e84c10829ffc92
parentc0e6ffa5671fad0b3830348ff960b8ec4e3d2f27 (diff)
downloadgentoo-b8fdbe1769429ab4e0310916f85275f7a4e5b74e.tar.gz
gentoo-b8fdbe1769429ab4e0310916f85275f7a4e5b74e.tar.xz
sys-apps/systemd: apply fix for CVE-2019-6454 to 239
Bug: https://bugs.gentoo.org/677944 Package-Manager: Portage-2.3.59_p2, Repoman-2.3.12_p67 Signed-off-by: Mike Gilbert <floppym@gentoo.org>
-rw-r--r--sys-apps/systemd/files/CVE-2019-6454.patch198
-rw-r--r--sys-apps/systemd/systemd-239-r4.ebuild449
2 files changed, 647 insertions, 0 deletions
diff --git a/sys-apps/systemd/files/CVE-2019-6454.patch b/sys-apps/systemd/files/CVE-2019-6454.patch
new file mode 100644
index 00000000000..97b7d635e7d
--- /dev/null
+++ b/sys-apps/systemd/files/CVE-2019-6454.patch
@@ -0,0 +1,198 @@
+--- a/src/libsystemd/sd-bus/bus-internal.c
++++ b/src/libsystemd/sd-bus/bus-internal.c
+@@ -45,7 +45,7 @@
+ if (slash)
+ return false;
+
+- return true;
++ return (q - p) <= BUS_PATH_SIZE_MAX;
+ }
+
+ char* object_path_startswith(const char *a, const char *b) {
+--- a/src/libsystemd/sd-bus/bus-internal.h
++++ b/src/libsystemd/sd-bus/bus-internal.h
+@@ -333,6 +333,10 @@
+
+ #define BUS_MESSAGE_SIZE_MAX (128*1024*1024)
+ #define BUS_AUTH_SIZE_MAX (64*1024)
++/* Note that the D-Bus specification states that bus paths shall have no size limit. We enforce here one
++ * anyway, since truly unbounded strings are a security problem. The limit we pick is relatively large however,
++ * to not clash unnecessarily with real-life applications. */
++#define BUS_PATH_SIZE_MAX (64*1024)
+
+ #define BUS_CONTAINER_DEPTH 128
+
+--- a/src/libsystemd/sd-bus/bus-objects.c
++++ b/src/libsystemd/sd-bus/bus-objects.c
+@@ -1134,7 +1134,8 @@
+ const char *path,
+ sd_bus_error *error) {
+
+- char *prefix;
++ _cleanup_free_ char *prefix = NULL;
++ size_t pl;
+ int r;
+
+ assert(bus);
+@@ -1150,7 +1151,12 @@
+ return 0;
+
+ /* Second, add fallback vtables registered for any of the prefixes */
+- prefix = alloca(strlen(path) + 1);
++ pl = strlen(path);
++ assert(pl <= BUS_PATH_SIZE_MAX);
++ prefix = new(char, pl + 1);
++ if (!prefix)
++ return -ENOMEM;
++
+ OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+ r = object_manager_serialize_path(bus, reply, prefix, path, true, error);
+ if (r < 0)
+@@ -1346,6 +1352,7 @@
+ }
+
+ int bus_process_object(sd_bus *bus, sd_bus_message *m) {
++ _cleanup_free_ char *prefix = NULL;
+ int r;
+ size_t pl;
+ bool found_object = false;
+@@ -1370,9 +1377,12 @@
+ assert(m->member);
+
+ pl = strlen(m->path);
+- do {
+- char prefix[pl+1];
++ assert(pl <= BUS_PATH_SIZE_MAX);
++ prefix = new(char, pl + 1);
++ if (!prefix)
++ return -ENOMEM;
+
++ do {
+ bus->nodes_modified = false;
+
+ r = object_find_and_run(bus, m, m->path, false, &found_object);
+@@ -1499,9 +1509,15 @@
+
+ n = hashmap_get(bus->nodes, path);
+ if (!n) {
+- char *prefix;
++ _cleanup_free_ char *prefix = NULL;
++ size_t pl;
++
++ pl = strlen(path);
++ assert(pl <= BUS_PATH_SIZE_MAX);
++ prefix = new(char, pl + 1);
++ if (!prefix)
++ return -ENOMEM;
+
+- prefix = alloca(strlen(path) + 1);
+ OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+ n = hashmap_get(bus->nodes, prefix);
+ if (n)
+@@ -2091,8 +2107,9 @@
+ char **names) {
+
+ BUS_DONT_DESTROY(bus);
++ _cleanup_free_ char *prefix = NULL;
+ bool found_interface = false;
+- char *prefix;
++ size_t pl;
+ int r;
+
+ assert_return(bus, -EINVAL);
+@@ -2111,6 +2128,12 @@
+ if (names && names[0] == NULL)
+ return 0;
+
++ pl = strlen(path);
++ assert(pl <= BUS_PATH_SIZE_MAX);
++ prefix = new(char, pl + 1);
++ if (!prefix)
++ return -ENOMEM;
++
+ do {
+ bus->nodes_modified = false;
+
+@@ -2120,7 +2143,6 @@
+ if (bus->nodes_modified)
+ continue;
+
+- prefix = alloca(strlen(path) + 1);
+ OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+ r = emit_properties_changed_on_interface(bus, prefix, path, interface, true, &found_interface, names);
+ if (r != 0)
+@@ -2252,7 +2274,8 @@
+
+ static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *path) {
+ _cleanup_set_free_ Set *s = NULL;
+- char *prefix;
++ _cleanup_free_ char *prefix = NULL;
++ size_t pl;
+ int r;
+
+ assert(bus);
+@@ -2297,7 +2320,12 @@
+ if (bus->nodes_modified)
+ return 0;
+
+- prefix = alloca(strlen(path) + 1);
++ pl = strlen(path);
++ assert(pl <= BUS_PATH_SIZE_MAX);
++ prefix = new(char, pl + 1);
++ if (!prefix)
++ return -ENOMEM;
++
+ OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+ r = object_added_append_all_prefix(bus, m, s, prefix, path, true);
+ if (r < 0)
+@@ -2436,7 +2464,8 @@
+
+ static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char *path) {
+ _cleanup_set_free_ Set *s = NULL;
+- char *prefix;
++ _cleanup_free_ char *prefix = NULL;
++ size_t pl;
+ int r;
+
+ assert(bus);
+@@ -2468,7 +2497,12 @@
+ if (bus->nodes_modified)
+ return 0;
+
+- prefix = alloca(strlen(path) + 1);
++ pl = strlen(path);
++ assert(pl <= BUS_PATH_SIZE_MAX);
++ prefix = new(char, pl + 1);
++ if (!prefix)
++ return -ENOMEM;
++
+ OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+ r = object_removed_append_all_prefix(bus, m, s, prefix, path, true);
+ if (r < 0)
+@@ -2618,7 +2652,8 @@
+ const char *path,
+ const char *interface) {
+
+- char *prefix;
++ _cleanup_free_ char *prefix = NULL;
++ size_t pl;
+ int r;
+
+ assert(bus);
+@@ -2632,7 +2667,12 @@
+ if (bus->nodes_modified)
+ return 0;
+
+- prefix = alloca(strlen(path) + 1);
++ pl = strlen(path);
++ assert(pl <= BUS_PATH_SIZE_MAX);
++ prefix = new(char, pl + 1);
++ if (!prefix)
++ return -ENOMEM;
++
+ OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+ r = interfaces_added_append_one_prefix(bus, m, prefix, path, interface, true);
+ if (r != 0)
+
+
+
diff --git a/sys-apps/systemd/systemd-239-r4.ebuild b/sys-apps/systemd/systemd-239-r4.ebuild
new file mode 100644
index 00000000000..c44ada3fd2e
--- /dev/null
+++ b/sys-apps/systemd/systemd-239-r4.ebuild
@@ -0,0 +1,449 @@
+# Copyright 2011-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+if [[ ${PV} == 9999 ]]; then
+ EGIT_REPO_URI="https://github.com/systemd/systemd.git"
+ inherit git-r3
+else
+ SRC_URI="https://github.com/systemd/systemd/archive/v${PV}/${P}.tar.gz
+ https://dev.gentoo.org/~floppym/dist/${P}-patches-2.tar.gz"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+fi
+
+PYTHON_COMPAT=( python{3_4,3_5,3_6,3_7} )
+
+inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev user
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+IUSE="acl apparmor audit build cryptsetup curl elfutils +gcrypt gnuefi http idn importd +kmod libidn2 +lz4 lzma nat pam pcre policykit qrcode +resolvconf +seccomp selinux +split-usr ssl +sysv-utils test vanilla xkb"
+
+REQUIRED_USE="importd? ( curl gcrypt lzma )"
+RESTRICT="!test? ( test )"
+
+MINKV="3.11"
+
+COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}]
+ sys-libs/libcap:0=[${MULTILIB_USEDEP}]
+ !<sys-libs/glibc-2.16
+ acl? ( sys-apps/acl:0= )
+ apparmor? ( sys-libs/libapparmor:0= )
+ audit? ( >=sys-process/audit-2:0= )
+ cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
+ curl? ( net-misc/curl:0= )
+ elfutils? ( >=dev-libs/elfutils-0.158:0= )
+ gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] )
+ http? (
+ >=net-libs/libmicrohttpd-0.9.33:0=
+ ssl? ( >=net-libs/gnutls-3.1.4:0= )
+ )
+ idn? (
+ libidn2? ( net-dns/libidn2:= )
+ !libidn2? ( net-dns/libidn:= )
+ )
+ importd? (
+ app-arch/bzip2:0=
+ sys-libs/zlib:0=
+ )
+ kmod? ( >=sys-apps/kmod-15:0= )
+ lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] )
+ nat? ( net-firewall/iptables:0= )
+ pam? ( virtual/pam:=[${MULTILIB_USEDEP}] )
+ pcre? ( dev-libs/libpcre2 )
+ qrcode? ( media-gfx/qrencode:0= )
+ seccomp? ( >=sys-libs/libseccomp-2.3.3:0= )
+ selinux? ( sys-libs/libselinux:0= )
+ xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )"
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+ >=sys-apps/baselayout-2.2
+ selinux? ( sec-policy/selinux-base-policy[systemd] )
+ sysv-utils? ( !sys-apps/sysvinit )
+ !sysv-utils? ( sys-apps/sysvinit )
+ resolvconf? ( !net-dns/openresolv )
+ !build? ( || (
+ sys-apps/util-linux[kill(-)]
+ sys-process/procps[kill(+)]
+ sys-apps/coreutils[kill(-)]
+ ) )
+ !sys-auth/nss-myhostname
+ !<sys-kernel/dracut-044
+ !sys-fs/eudev
+ !sys-fs/udev"
+
+# sys-apps/dbus: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.9.8[systemd]
+ >=sys-apps/hwids-20150417[udev]
+ >=sys-fs/udev-init-scripts-25
+ policykit? ( sys-auth/polkit )
+ !vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+ app-arch/xz-utils:0
+ dev-util/gperf
+ >=dev-util/intltool-0.50
+ >=sys-apps/coreutils-8.16
+ >=sys-kernel/linux-headers-${MINKV}
+ virtual/pkgconfig[${MULTILIB_USEDEP}]
+ gnuefi? ( >=sys-boot/gnu-efi-3.0.2 )
+ test? ( sys-apps/dbus )
+ app-text/docbook-xml-dtd:4.2
+ app-text/docbook-xml-dtd:4.5
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt:0
+ $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]')
+"
+
+pkg_pretend() {
+ if [[ ${MERGE_TYPE} != buildonly ]]; then
+ local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS
+ ~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE
+ ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS
+ ~TIMERFD ~TMPFS_XATTR ~UNIX
+ ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH
+ ~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED
+ ~!SYSFS_DEPRECATED_V2"
+
+ use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+ use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
+ kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
+ kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES"
+ kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"
+
+ if linux_config_exists; then
+ local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+ if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then
+ ewarn "It's recommended to set an empty value to the following kernel config option:"
+ ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+ fi
+ if linux_chkconfig_present X86; then
+ CONFIG_CHECK+=" ~DMIID"
+ fi
+ fi
+
+ if kernel_is -lt ${MINKV//./ }; then
+ ewarn "Kernel version at least ${MINKV} required"
+ fi
+
+ check_extra_config
+ fi
+}
+
+pkg_setup() {
+ :
+}
+
+src_unpack() {
+ default
+ [[ ${PV} != 9999 ]] || git-r3_src_unpack
+}
+
+src_prepare() {
+ # Do NOT add patches here
+ local PATCHES=()
+
+ [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
+
+ # Add local patches here
+ PATCHES+=(
+ "${FILESDIR}"/239-debug-extra.patch
+ "${FILESDIR}"/CVE-2019-6454.patch
+ )
+
+ if ! use vanilla; then
+ PATCHES+=(
+ "${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch"
+ "${FILESDIR}/gentoo-systemd-user-pam.patch"
+ "${FILESDIR}/gentoo-uucp-group-r1.patch"
+ "${FILESDIR}/gentoo-generator-path.patch"
+ )
+ fi
+
+ default
+}
+
+src_configure() {
+ # Prevent conflicts with i686 cross toolchain, bug 559726
+ tc-export AR CC NM OBJCOPY RANLIB
+
+ python_setup
+
+ multilib-minimal_src_configure
+}
+
+meson_use() {
+ usex "$1" true false
+}
+
+meson_multilib() {
+ if multilib_is_native_abi; then
+ echo true
+ else
+ echo false
+ fi
+}
+
+meson_multilib_native_use() {
+ if multilib_is_native_abi && use "$1"; then
+ echo true
+ else
+ echo false
+ fi
+}
+
+multilib_src_configure() {
+ local myconf=(
+ --localstatedir="${EPREFIX}/var"
+ -Dpamlibdir="$(getpam_mod_dir)"
+ # avoid bash-completion dep
+ -Dbashcompletiondir="$(get_bashcompdir)"
+ # make sure we get /bin:/sbin in PATH
+ -Dsplit-usr=$(usex split-usr true false)
+ -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")"
+ -Dsysvinit-path=
+ -Dsysvrcnd-path=
+ # Avoid infinite exec recursion, bug 642724
+ -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
+ # no deps
+ -Defi=$(meson_multilib)
+ -Dima=true
+ # Optional components/dependencies
+ -Dacl=$(meson_multilib_native_use acl)
+ -Dapparmor=$(meson_multilib_native_use apparmor)
+ -Daudit=$(meson_multilib_native_use audit)
+ -Dlibcryptsetup=$(meson_multilib_native_use cryptsetup)
+ -Dlibcurl=$(meson_multilib_native_use curl)
+ -Delfutils=$(meson_multilib_native_use elfutils)
+ -Dgcrypt=$(meson_use gcrypt)
+ -Dgnu-efi=$(meson_multilib_native_use gnuefi)
+ -Defi-libdir="${EPREFIX}/usr/$(get_libdir)"
+ -Dmicrohttpd=$(meson_multilib_native_use http)
+ $(usex http -Dgnutls=$(meson_multilib_native_use ssl) -Dgnutls=false)
+ -Dimportd=$(meson_multilib_native_use importd)
+ -Dbzip2=$(meson_multilib_native_use importd)
+ -Dzlib=$(meson_multilib_native_use importd)
+ -Dkmod=$(meson_multilib_native_use kmod)
+ -Dlz4=$(meson_use lz4)
+ -Dxz=$(meson_use lzma)
+ -Dlibiptc=$(meson_multilib_native_use nat)
+ -Dpam=$(meson_use pam)
+ -Dpcre2=$(meson_multilib_native_use pcre)
+ -Dpolkit=$(meson_multilib_native_use policykit)
+ -Dqrencode=$(meson_multilib_native_use qrcode)
+ -Dseccomp=$(meson_multilib_native_use seccomp)
+ -Dselinux=$(meson_multilib_native_use selinux)
+ #-Dtests=$(meson_multilib_native_use test)
+ -Ddbus=$(meson_multilib_native_use test)
+ -Dxkbcommon=$(meson_multilib_native_use xkb)
+ # hardcode a few paths to spare some deps
+ -Dkill-path=/bin/kill
+ -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+ # Breaks screen, tmux, etc.
+ -Ddefault-kill-user-processes=false
+
+ # multilib options
+ -Dbacklight=$(meson_multilib)
+ -Dbinfmt=$(meson_multilib)
+ -Dcoredump=$(meson_multilib)
+ -Denvironment-d=$(meson_multilib)
+ -Dfirstboot=$(meson_multilib)
+ -Dhibernate=$(meson_multilib)
+ -Dhostnamed=$(meson_multilib)
+ -Dhwdb=$(meson_multilib)
+ -Dldconfig=$(meson_multilib)
+ -Dlocaled=$(meson_multilib)
+ -Dman=$(meson_multilib)
+ -Dnetworkd=$(meson_multilib)
+ -Dquotacheck=$(meson_multilib)
+ -Drandomseed=$(meson_multilib)
+ -Drfkill=$(meson_multilib)
+ -Dsysusers=$(meson_multilib)
+ -Dtimedated=$(meson_multilib)
+ -Dtimesyncd=$(meson_multilib)
+ -Dtmpfiles=$(meson_multilib)
+ -Dvconsole=$(meson_multilib)
+ )
+
+ if multilib_is_native_abi && use idn; then
+ myconf+=(
+ -Dlibidn2=$(usex libidn2 true false)
+ -Dlibidn=$(usex libidn2 false true)
+ )
+ else
+ myconf+=(
+ -Dlibidn2=false
+ -Dlibidn=false
+ )
+ fi
+
+ meson_src_configure "${myconf[@]}"
+}
+
+multilib_src_compile() {
+ eninja
+}
+
+multilib_src_test() {
+ unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR
+ eninja test
+}
+
+multilib_src_install() {
+ DESTDIR="${D}" eninja install
+}
+
+multilib_src_install_all() {
+ local rootprefix=$(usex split-usr '' /usr)
+
+ # meson doesn't know about docdir
+ mv "${ED%/}"/usr/share/doc/{systemd,${PF}} || die
+
+ einstalldocs
+ dodoc "${FILESDIR}"/nsswitch.conf
+
+ if ! use resolvconf; then
+ rm -f "${ED%/}${rootprefix}"/sbin/resolvconf || die
+ fi
+
+ if ! use sysv-utils; then
+ rm "${ED%/}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die
+ rm "${ED%/}"/usr/share/man/man1/init.1 || die
+ rm "${ED%/}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die
+ fi
+
+ if ! use resolvconf && ! use sysv-utils; then
+ rmdir "${ED%/}${rootprefix}"/sbin || die
+ fi
+
+ # Preserve empty dirs in /etc & /var, bug #437008
+ keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d}
+ keepdir /etc/systemd/{ntp-units.d,user} /var/lib/systemd
+ keepdir /etc/udev/{hwdb.d,rules.d}
+ keepdir /var/log/journal/remote
+
+ # Symlink /etc/sysctl.conf for easy migration.
+ dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf
+
+ # If we install these symlinks, there is no way for the sysadmin to remove them
+ # permanently.
+ rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
+ rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.network1.service || die
+ rm -f "${ED%/}"/etc/systemd/system/multi-user.target.wants/systemd-resolved.service || die
+ rm -f "${ED%/}"/etc/systemd/system/dbus-org.freedesktop.resolve1.service || die
+ rm -fr "${ED%/}"/etc/systemd/system/network-online.target.wants || die
+ rm -fr "${ED%/}"/etc/systemd/system/sockets.target.wants || die
+ rm -fr "${ED%/}"/etc/systemd/system/sysinit.target.wants || die
+
+ local udevdir=/lib/udev
+ use split-usr || udevdir=/usr/lib/udev
+
+ rm -r "${ED%/}${udevdir}/hwdb.d" || die
+
+ if use split-usr; then
+ # Avoid breaking boot/reboot
+ dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd
+ dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
+ fi
+}
+
+migrate_locale() {
+ local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
+ local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
+ local locale_conf="${EROOT%/}/etc/locale.conf"
+
+ if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+ # If locale.conf does not exist...
+ if [[ -e ${envd_locale} ]]; then
+ # ...either copy env.d/??locale if there's one
+ ebegin "Moving ${envd_locale} to ${locale_conf}"
+ mv "${envd_locale}" "${locale_conf}"
+ eend ${?} || FAIL=1
+ else
+ # ...or create a dummy default
+ ebegin "Creating ${locale_conf}"
+ cat > "${locale_conf}" <<-EOF
+ # This file has been created by the sys-apps/systemd ebuild.
+ # See locale.conf(5) and localectl(1).
+
+ # LANG=${LANG}
+ EOF
+ eend ${?} || FAIL=1
+ fi
+ fi
+
+ if [[ ! -L ${envd_locale} ]]; then
+ # now, if env.d/??locale is not a symlink (to locale.conf)...
+ if [[ -e ${envd_locale} ]]; then
+ # ...warn the user that he has duplicate locale settings
+ ewarn
+ ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+ ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+ ewarn "and create the symlink with the following command:"
+ ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+ ewarn
+ else
+ # ...or just create the symlink if there's nothing here
+ ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+ ln -n -s ../locale.conf "${envd_locale_def}"
+ eend ${?} || FAIL=1
+ fi
+ fi
+}
+
+pkg_postinst() {
+ newusergroup() {
+ enewgroup "$1"
+ enewuser "$1" -1 -1 -1 "$1"
+ }
+
+ enewgroup input
+ enewgroup kvm 78
+ enewgroup render
+ enewgroup systemd-journal
+ newusergroup systemd-bus-proxy
+ newusergroup systemd-coredump
+ newusergroup systemd-journal-gateway
+ newusergroup systemd-journal-remote
+ newusergroup systemd-journal-upload
+ newusergroup systemd-network
+ newusergroup systemd-resolve
+ newusergroup systemd-timesync
+
+ systemd_update_catalog
+
+ # Keep this here in case the database format changes so it gets updated
+ # when required. Despite that this file is owned by sys-apps/hwids.
+ if has_version "sys-apps/hwids[udev]"; then
+ udevadm hwdb --update --root="${EROOT%/}"
+ fi
+
+ udev_reload || FAIL=1
+
+ # Bug 465468, make sure locales are respect, and ensure consistency
+ # between OpenRC & systemd
+ migrate_locale
+
+ systemd_reenable systemd-networkd.service systemd-resolved.service
+
+ if [[ ${FAIL} ]]; then
+ eerror "One of the postinst commands failed. Please check the postinst output"
+ eerror "for errors. You may need to clean up your system and/or try installing"
+ eerror "systemd again."
+ eerror
+ fi
+}
+
+pkg_prerm() {
+ # If removing systemd completely, remove the catalog database.
+ if [[ ! ${REPLACED_BY_VERSION} ]]; then
+ rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+ fi
+}