From 35325ae5c6cc25debd53f657588c476859bc8595 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Fri, 28 Jun 2024 11:49:41 +0200 Subject: [PATCH 1/8] overlay sys-apps/baselayout: Refactor and complete merged-usr process The initial goals of this commit were: - drop symlink-usr USE flag and keep the code paths where symlink-usr was evaluated to true, - make sbin a symlink to its bin counterpart, effectively doing the merged-sbin process too - unify filesystem layouts of the SDK and generic images. But over the course, more changes have accumulated: - use EAPI 8, - drop the check_sym function - it never worked due to typos (real_path and real_value versus read_path and read_value), - do the SDK-specific or generic-image-specific customizations in the src_prepare phase, - follow the changes made in the baselayout repository: - remove unnecessary tmpfiles.d conf files instead of fiddling with sed to edit them: - in the baselayout repo, the conf files were split to make it possible, - use tmpfiles.d to create core home directory: - used to be done differently for generic images and for SDKs, - use dumb-tmpfiles-proc.sh instead of systemd's tmpfile processor: - this removes the need to install valid passwd and group files into /etc before, - also it seems to be fixing some issues with installing files for users and groups that weren't there anyway, - drop generating of baselayout-usr in src_compile, and creating debug directories in pkg_preinst, these are handled by the Makefile now - this made inheriting systemd and tmpfiles eclasses unnecessary - install files in the src_install phase and install the directory structure in the pkg_preinst phase: - empty directories created in src_install are not guaranteed to be preserved, and indeed at some point /usr/local/bin was not installed on the final rootfs, - currently installed /etc/passwd and /etc/group are now empty - drop DEPEND variable entirely - systemd isn't really needed, I don't know what was the point of depending on libidn2, and the rest were conflicts with some old versions of packages. --- .../sys-apps/baselayout/Manifest | 2 +- ...r15.ebuild => baselayout-3.6.8-r16.ebuild} | 0 .../baselayout/baselayout-9999.ebuild | 223 +++++------------- 3 files changed, 59 insertions(+), 166 deletions(-) rename sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/{baselayout-3.6.8-r15.ebuild => baselayout-3.6.8-r16.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/Manifest index 3cef69bee57..c1225afd914 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/Manifest @@ -1 +1 @@ -DIST flatcar-baselayout-937a45faef0f7fa88d3d2c3f7ba60a7f3e2e82f7.tar.gz 34560 BLAKE2B f4204cdabb87cc1618d7adcc0f3b0103686d60d1073c7539ffb1e4c0c264308b42cac1a2aaab0153c9762935d1cbf81c0e061a1aaeb53980d6ff278a6d26290b SHA512 9ca214c698fcd144c7dabcbda2226af7d2126b5d104ceb1eab7234a41326cc6a469ebaf2528709234d59019c84e277925e66309f4cb62b17f48be8834f6b611a +DIST flatcar-baselayout-1ad3846c507888ffbb4209f6eaf294a60cda5fe6.tar.gz 36931 BLAKE2B e354aabaf99b2c0c50c05d377e3b51c33b2924640dbc9c49c359e3a50a18d7c6067e5e901f090deb181c787ba7b437d72e5a7a5d477682794d7f9e5b12f10966 SHA512 036c3d174afcf3e81a11ff0b6cf1b9ad4b16e70eeabc68d739eef24c18e8269a27d3f7aa236c885ba6ccf5f6450ee034a553d6017b26902d75274e476a211f87 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-3.6.8-r15.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-3.6.8-r16.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-3.6.8-r15.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-3.6.8-r16.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild index a3e34421f1b..3a266b0c9c8 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild @@ -1,138 +1,60 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 EGIT_REPO_URI="https://github.com/flatcar/baselayout.git" if [[ "${PV}" == 9999 ]]; then inherit git-r3 - KEYWORDS="~amd64 ~arm ~arm64 ~x86" + KEYWORDS="~amd64 ~arm64" else - EGIT_COMMIT="937a45faef0f7fa88d3d2c3f7ba60a7f3e2e82f7" # flatcar-master + EGIT_COMMIT="1ad3846c507888ffbb4209f6eaf294a60cda5fe6" # flatcar-master SRC_URI="https://github.com/flatcar/baselayout/archive/${EGIT_COMMIT}.tar.gz -> flatcar-${PN}-${EGIT_COMMIT}.tar.gz" S="${WORKDIR}/${PN}-${EGIT_COMMIT}" - KEYWORDS="amd64 arm arm64 x86" + KEYWORDS="amd64 arm64" fi -TMPFILES_OPTIONAL=1 -inherit multilib systemd tmpfiles +inherit multilib -DESCRIPTION="Filesystem baselayout for CoreOS" -HOMEPAGE="http://www.coreos.com/" +DESCRIPTION="Filesystem baselayout for Flatcar" +HOMEPAGE="https://www.flatcar.org/" LICENSE="GPL-2" SLOT="0" -IUSE="cros_host symlink-usr" - -# This version of baselayout replaces coreos-base -DEPEND="sys-apps/systemd - net-dns/libidn2:= - !coreos-base/coreos-base - !=sys-apps/gentoo-functions-0.10 - cros_host? ( !coreos-base/coreos-init )" - -MOUNT_POINTS=( - /dev - /proc - /sys -) - -declare -A USR_SYMS # list of /foo->usr/foo symlinks -declare -a BASE_DIRS # list of absolute paths that should be directories - -# Check that a pre-existing symlink is correct -check_sym() { - local path="$1" value="$2" - local real_path=$(readlink -f "${ROOT}${path}") - local real_value=$(readlink -f "${ROOT}${path%/*}/${value}") - if [[ -e "${read_path}" && "${read_path}" != "${read_value}" ]]; then - die "${path} is not a symlink to ${value}" - fi -} - -pkg_setup() { - local libdirs=$(get_all_libdirs) - - if [[ -z "${libdirs}" ]]; then - die "your DEFAULT_ABI=$DEFAULT_ABI appears to be invalid" - fi - - # figure out which paths should be symlinks and which should be directories - local d - for d in bin sbin ${libdirs} ; do - if use symlink-usr; then - USR_SYMS["/$d"]="usr/$d" - BASE_DIRS+=( "/usr/$d" "/usr/local/$d" ) - else - BASE_DIRS+=( "/$d" "/usr/$d" "/usr/local/$d" ) - fi - done + cros_host? ( !coreos-base/coreos-init ) +" - # make sure any pre-existing symlinks map to the expected locations. - local sym - if use symlink-usr; then - for sym in "${!USR_SYMS[@]}" ; do - check_sym "${sym}" "${USR_SYMS[$sym]}" - done - fi -} - -src_compile() { +src_prepare() { default - # generate a tmpfiles.d config to cover our /usr symlinks - if use symlink-usr; then - local tmpfiles="${T}/baselayout-usr.conf" - echo -n > ${tmpfiles} || die - for sym in "${!USR_SYMS[@]}" ; do - echo "L+ ${sym} - - - - ${USR_SYMS[$sym]}" >> ${tmpfiles} - done - fi -} - -src_install() { - dodir "${BASE_DIRS[@]}" - if use cros_host; then - # Since later systemd-tmpfiles --root is used only users from - # /etc/passwd are considered but we don't want to add core there - # because it would make emerge overwrite the system's database on - # installation when the SDK user is already there. Instead, just - # create the folder manually and remove the tmpfile directive. - rm "${S}/tmpfiles.d/baselayout-home.conf" - mkdir -p "${D}"/home/core - chown 500:500 "${D}"/home/core + # Undesirable in the SDK + rm -f lib/tmpfiles.d/baselayout-etc-profile-flatcar-profile.conf || die + # Provided by vim in the SDK + rm -f lib/tmpfiles.d/baselayout-etc-vim.conf || die + # Don't initialize /etc/passwd, group, and friends on boot. + rm -rf bin || die + rm -rf lib/systemd || die + # Inject custom SSL configuration required for signing + # payloads from the SDK container using OpenSSL. + mkdir -p etc/ssl || die + cp -a share/baselayout/pkcs11.cnf etc/ssl || die else - # Initialize /etc/passwd, group, and friends now, so - # systemd-tmpfiles can resolve user information in ${D} - # rootfs. - bash "scripts/flatcar-tmpfiles" "${D}" "${S}/baselayout" || die + # Don't install /etc/issue since it is handled by coreos-init right now + rm -f lib/tmpfiles.d/baselayout-etc-issue.conf || die fi - if use symlink-usr; then - dotmpfiles "${T}/baselayout-usr.conf" - systemd-tmpfiles --root="${D}" --create + # sssd not yet building on arm64 + if use arm64; then + sed -i -e 's/ sss//' share/baselayout/nsswitch.conf || die + sed -i -e '/pam_sss.so/d' lib/pam.d/* || die fi - emake DESTDIR="${D}" install - - # Fill in all other paths defined in tmpfiles configs - systemd-tmpfiles --root="${D}" --create - - # The above created a few mount points but leave those out of the - # package since they may be mounted read-only. postinst can make them. - local mnt - for mnt in "${MOUNT_POINTS[@]}"; do - rmdir "${D}${mnt}" || die - done - - doenvd "env.d/99flatcar_ldpath" - # handle multilib paths. do it here because we want this behavior # regardless of the C library that you're using. we do explicitly # list paths which the native ldconfig searches, but this isn't @@ -141,9 +63,10 @@ src_install() { # path and the symlinked path doesn't change the resulting cache. local libdir ldpaths for libdir in $(get_all_libdirs) ; do - ldpaths+=":/${libdir}:/usr/${libdir}:/usr/local/${libdir}" + ldpaths+=":${EPREFIX}/usr/${libdir}" + ldpaths+=":${EPREFIX}/usr/local/${libdir}" done - echo "LDPATH='${ldpaths#:}'" >> "${D}"/etc/env.d/00basic || die + echo "LDPATH='${ldpaths#:}'" >> etc/env.d/00basic || die # Add oem/lib64 to search path towards end of the system's list. # This simplifies the configuration of OEMs with dynamic libs. @@ -151,70 +74,40 @@ src_install() { for libdir in $(get_all_libdirs) ; do ldpaths+=":/oem/${libdir}" done - echo "LDPATH='${ldpaths#:}'" >> "${D}"/etc/env.d/80oem || die + echo "LDPATH='${ldpaths#:}'" >> etc/env.d/80oem || die +} - if ! use symlink-usr ; then - # modprobe uses /lib instead of /usr/lib - mv "${D}"/usr/lib/modprobe.d "${D}"/lib/modprobe.d || die - fi +src_compile() { + local libdirs - if use arm64; then - sed -i 's/ sss//' "${D}"/usr/share/baselayout/nsswitch.conf || die - fi + libdirs=$(get_all_libdirs) + emake LIBDIRS="${libdirs}" all +} - if use cros_host; then - # Provided by vim in the SDK - rm -r "${D}"/etc/vim || die - # Undesirable in the SDK - rm "${D}"/etc/profile.d/flatcar-profile.sh || die - else - # Don't install /etc/issue since it is handled by coreos-init right now - rm "${D}"/etc/issue || die - sed -i -e '/\/etc\/issue/d' \ - "${D}"/usr/lib/tmpfiles.d/baselayout-etc.conf || die - - # Initialize /etc/passwd, group, and friends on boot. - dosbin "scripts/flatcar-tmpfiles" - systemd_dounit "scripts/flatcar-tmpfiles.service" - systemd_enable_service sysinit.target flatcar-tmpfiles.service - fi +src_install() { + emake DESTDIR="${ED}" install + # GID 190 is taken from acct-group/systemd-journal eclass + SYSTEMD_JOURNAL_GID=${ACCT_GROUP_SYSTEMD_JOURNAL_ID:-190} ROOT_UID=0 ROOT_GID=0 CORE_UID=500 CORE_GID=500 DESTDIR=${D} ./dumb-tmpfiles-proc.sh --exclude d "${ED}/usr/lib/tmpfiles.d" || die + + insinto /usr/share/baselayout + doins Makefile + exeinto /usr/share/baselayout + doexe dumb-tmpfiles-proc.sh +} - # sssd not yet building on arm64 - if use arm64; then - sed -i -e '/pam_sss.so/d' "${D}"/usr/lib/pam.d/* || die - fi +pkg_preinst() { + local libdirs + libdirs=$(get_all_libdirs) + emake -C "${ED}/usr/share/${PN}" DESTDIR="${EROOT}" LIBDIRS="${libdirs}" layout + SYSTEMD_JOURNAL_GID=${ACCT_GROUP_SYSTEMD_JOURNAL_ID:-190} ROOT_UID=0 ROOT_GID=0 CORE_UID=500 CORE_GID=500 DESTDIR=${D} "${ED}/usr/share/${PN}/dumb-tmpfiles-proc.sh" "${ED}/usr/lib/tmpfiles.d" || die + rm -f "${ED}/usr/share/${PN}/Makefile" "${ED}/usr/share/${PN}/dumb-tmpfiles-proc.sh" || die - if use cros_host; then - # inject custom SSL configuration required for signing payloads from the SDK container using OpenSSL. - insinto "/etc/ssl/" - doins "${S}/baselayout/pkcs11.cnf" - fi + # The default passwd/group files must exist for some ebuilds + touch "${ED}/etc/"{group,gshadow,passwd,shadow} + chmod 640 "${ED}/etc/"{gshadow,shadow} } pkg_postinst() { - # best-effort creation of mount points - local mnt - for mnt in "${MOUNT_POINTS[@]}"; do - [[ -d "${ROOT}${mnt}" ]] || mkdir "${ROOT}${mnt}" - done - # Set up /usr/lib/debug to match the root filesystem layout - # FIXME: This is done in postinst right now and all errors are ignored - # as a transitional scheme, this isn't important enough to migrate - # existing SDK environments. - local dir - for dir in "${BASE_DIRS[@]}"; do - mkdir -p "${ROOT}/usr/lib/debug/${dir}" - done - if use symlink-usr; then - for sym in "${!USR_SYMS[@]}" ; do - ln -sfT "${USR_SYMS[$sym]}" "${ROOT}/usr/lib/debug/${sym}" - done - fi - # The default passwd/group files must exist in the SDK for some ebuilds - if use cros_host; then - touch "${ROOT}/etc/"{group,gshadow,passwd,shadow} - chmod 640 "${ROOT}/etc/"{gshadow,shadow} - fi # compat symlink for packages that haven't migrated to gentoo-functions local func=../../lib/gentoo/functions.sh if [[ "$(readlink "${ROOT}/etc/init.d/functions.sh")" != "${func}" ]]; then From 83341df9df8bb57c9f09cc233d381f58ec17bff9 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Fri, 28 Jun 2024 11:53:21 +0200 Subject: [PATCH 2/8] overlay coreos-base/update_engine: Drop symlink-usr USE flag It's gone, assuming its enabled. --- ...-0.4.10-r22.ebuild => update_engine-0.4.10-r23.ebuild} | 0 .../coreos-base/update_engine/update_engine-9999.ebuild | 8 ++------ 2 files changed, 2 insertions(+), 6 deletions(-) rename sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/{update_engine-0.4.10-r22.ebuild => update_engine-0.4.10-r23.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-0.4.10-r22.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-0.4.10-r23.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-0.4.10-r22.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-0.4.10-r23.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-9999.ebuild index a1ac22338ec..9606b720bcd 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-9999.ebuild @@ -20,7 +20,7 @@ SRC_URI="" LICENSE="BSD" SLOT="0" -IUSE="cros_host +debug -delta_generator symlink-usr" +IUSE="cros_host +debug -delta_generator" RDEPEND="!coreos-base/coreos-installer app-arch/bzip2 @@ -85,11 +85,7 @@ src_test() { src_install() { default - if use symlink-usr; then - dosym sbin/flatcar-postinst /usr/postinst - else - dosym usr/sbin/flatcar-postinst /postinst - fi + dosym bin/flatcar-postinst /usr/postinst systemd_dounit systemd/update-engine.service systemd_dounit systemd/update-engine-stub.service From b0ab2018077e68bea716e79cfc8cf41c93344da9 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Fri, 28 Jun 2024 11:54:45 +0200 Subject: [PATCH 3/8] overlay sys-kernel/coreos-modules: Drop a mention of symlink-usr --- .../sys-kernel/coreos-modules/coreos-modules-6.6.48.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.6.48.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.6.48.ebuild index 910bceba94d..d68540c22ad 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.6.48.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.6.48.ebuild @@ -35,7 +35,7 @@ src_compile() { } src_install() { - # Install modules to /usr, assuming USE=symlink-usr + # Install modules to /usr. # Install firmware to a temporary (bogus) location. # The linux-firmware package will be used instead. # Stripping must be done here, not portage, to preserve sigs. From c1c162e523f6b4cece65df3f1c6abf21d09b7c95 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Fri, 28 Jun 2024 11:55:35 +0200 Subject: [PATCH 4/8] coreos profiles: Drop unused symlink-usr USE flag --- .../profiles/coreos/targets/generic/make.defaults | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults index b2e42a0e2f8..4e24e741a16 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults @@ -1,7 +1,7 @@ # Copyright (c) 2012 The Chromium OS Authors. All rights reserved. # Distributed under the terms of the GNU General Public License v2 -USE="acpi usb symlink-usr cryptsetup policykit" +USE="acpi usb cryptsetup policykit" USE="${USE} -split-usr -cros_host -expat -cairo -X -man" USE="${USE} -acl -gpm -python" USE="${USE} -fortran -abiword -perl -cups -poppler-data" From c8500797ea3f4a68206b3f66390a4487ca4c97e5 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Fri, 28 Jun 2024 12:21:33 +0200 Subject: [PATCH 5/8] overlay profiles: Some cleanups Mask split-usr globally, not only for generic images. Move some SDK only USE flags to SDK target profile (cros_host, expat). Drop duplicated disabling of cups USE flag. --- .../coreos-overlay/profiles/coreos/base/make.defaults | 3 +-- .../profiles/coreos/{targets/generic => base}/use.force | 3 +++ .../coreos-overlay/profiles/coreos/base/use.mask | 8 ++++++++ .../profiles/coreos/targets/generic/make.defaults | 4 ++-- .../profiles/coreos/targets/generic/use.mask | 4 ---- .../profiles/coreos/targets/sdk/make.defaults | 2 +- 6 files changed, 15 insertions(+), 9 deletions(-) rename sdk_container/src/third_party/coreos-overlay/profiles/coreos/{targets/generic => base}/use.force (63%) delete mode 100644 sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/use.mask diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults index 9fb8af5bf4a..fb878274b8f 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults @@ -8,8 +8,7 @@ USE_EXPAND="${USE_EXPAND} TESTS" # For now this is only informational and set by coreos-go.eclass USE_EXPAND="${USE_EXPAND} GO_VERSION" -# Extra use flags for CoreOS SDK -USE="${USE} cros_host expat -cracklib -introspection -cups -tcpd -berkdb" +USE="${USE} -cracklib -introspection -cups -tcpd -berkdb" # Use Python 3 as the default version USE="${USE} -python_single_target_python2_7 python_single_target_python3_11" diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/use.force b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/use.force similarity index 63% rename from sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/use.force rename to sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/use.force index f29fb18c73e..506c18cf11e 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/use.force +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/use.force @@ -1,4 +1,7 @@ # We don't have a separate /{bin,lib} and /usr/{bin,lib}. But the base # profile in portage-stable forces split-usr, so here we unforce it # and in use.mask we mask it. +# +# TODO: Drop it when we move to +# default/linux/{amd64,arm64}/23.0/hardened/selinux/systemd profile -split-usr diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/use.mask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/use.mask index 726c8edc2e4..955ab8e276b 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/use.mask +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/use.mask @@ -21,3 +21,11 @@ python_single_target_python3_13 # We don't care about i10n, takes too much space, pulls in too many # extra dependencies. nls + +# We don't have a separate /{bin,lib} and /usr/{bin,lib}. But the base +# profile in portage-stable forces split-usr, so in use.force we +# unforce it and here we mask it. +# +# TODO: Drop it when we move to +# default/linux/{amd64,arm64}/23.0/hardened/selinux/systemd profile +split-usr diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults index 4e24e741a16..30b3d41305e 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults @@ -2,9 +2,9 @@ # Distributed under the terms of the GNU General Public License v2 USE="acpi usb cryptsetup policykit" -USE="${USE} -split-usr -cros_host -expat -cairo -X -man" +USE="${USE} -cros_host -expat -cairo -X -man" USE="${USE} -acl -gpm -python" -USE="${USE} -fortran -abiword -perl -cups -poppler-data" +USE="${USE} -fortran -abiword -perl -poppler-data" # Exclude documentation FEATURES="nodoc noinfo noman" diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/use.mask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/use.mask deleted file mode 100644 index 9a467dab418..00000000000 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/use.mask +++ /dev/null @@ -1,4 +0,0 @@ -# We don't have a separate /{bin,lib} and /usr/{bin,lib}. But the base -# profile in portage-stable forces split-usr, so in use.force we -# unforce it and here we mask it. -split-usr diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/make.defaults b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/make.defaults index 4017242e593..b55f758adf8 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/make.defaults +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/make.defaults @@ -1,4 +1,4 @@ -USE="man -pam" +USE="cros_host expat man -pam" # Used by some old goo in profiles/coreos/base/profile.bashrc # TODO: clean up that old goo From c134baccee48025eda488425b445cdfb536a1f65 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Mon, 1 Jul 2024 15:21:28 +0200 Subject: [PATCH 6/8] overlay app-admin/sudo: Keep /etc/sudoers.d directory It seems to be randomly kept or removed during installation, and we need the directory when creating the SDK container. --- .../coreos-overlay/app-admin/sudo/sudo-1.9.15_p5.ebuild | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.15_p5.ebuild b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.15_p5.ebuild index b97a63f7688..376fb5ea529 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.15_p5.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.15_p5.ebuild @@ -240,6 +240,11 @@ src_install() { # Flatcar: Remove sudo.conf as it is shipped via baselayout rm "${ED}/etc/sudo.conf" || die + # Flatcar: Build system installs /etc/sudoers.d, let's make + # sure we keep having it. + # + # Upstream PR: https://github.com/gentoo/gentoo/pull/37397 + keepdir /etc/sudoers.d } pkg_postinst() { From e893cc89bd1bc1744c21c691f443905ce1ef68e5 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 4 Sep 2024 16:23:33 +0200 Subject: [PATCH 7/8] overlay coreos/config: Drop split-usr workarounds for sys-apps/kmod --- .../coreos/config/env/sys-apps/kmod | 20 ------------------- 1 file changed, 20 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/kmod diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/kmod b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/kmod deleted file mode 100644 index 58eaab0a2e4..00000000000 --- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/kmod +++ /dev/null @@ -1,20 +0,0 @@ -# sbin and bin are still separate directories and the build system of -# kmod puts the tool symlinks into bin, whereas most places that use -# absolute paths to the tools expect them to be in sbin. Move them -# there. This can be removed if we merge bin and sbin directories -# (likely to happen when we migrate to 23.0 profiles). -cros_post_src_install_move_kmod_tools_symlinks() { - local kmod tool - - # path to kmod relative to sbin - if [[ -x "${ED}/usr/sbin/kmod" ]]; then - kmod=kmod - else - kmod=../bin/kmod - fi - mkdir -p "${ED}/usr/sbin" - for tool in modprobe rmmod insmod depmod; do - rm -f "${ED}/usr/bin/${tool}" "${ED}/bin/${tool}" - ln -sf "${kmod}" "${ED}/usr/sbin/${tool}" - done -} From f3f51ed2d88bf7ee3f79d74e9b8c76dd15726adc Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Thu, 5 Sep 2024 15:07:23 +0200 Subject: [PATCH 8/8] changelog: Add an entry --- changelog/changes/2024-09-05-sbin-merge.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog/changes/2024-09-05-sbin-merge.md diff --git a/changelog/changes/2024-09-05-sbin-merge.md b/changelog/changes/2024-09-05-sbin-merge.md new file mode 100644 index 00000000000..269d14450cd --- /dev/null +++ b/changelog/changes/2024-09-05-sbin-merge.md @@ -0,0 +1 @@ +- The `/usr/sbin` directory is now merged into `/usr/bin`, so the former became a symlink to the latter. The SDK now has the same base layout as the generic images. ([flatcar/scripts#2068](https://github.com/flatcar/scripts/pull/2068))