Upgrade systemd from 255 to 256

sdk_container/.repo/manifests/mantle-container

@@ -1 +1 @@
-ghcr.io/flatcar/mantle:git-a3ee8554666f6052033e70168190b597fbb84989
+ghcr.io/flatcar/mantle:pr-569

sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest

@@ -1 +1 @@
-DIST systemd-stable-255.8.tar.gz 15070471 BLAKE2B b437404af7fd73ef527f80d9d14d46a781444103d1756c27494ecf2664c9c5efe1169c85b91148a3bf190dc7c5e31cf8d42a13c84102d101ea7e4a0570e8d719 SHA512 7692be761a393924669a90f6f343998a85707a9daa3ce169ce67f62ae2a39338c2c3496066b2659c6500849104fab0529fca5704a3eb32375f2f44131216d1f1
+DIST systemd-256.7.tar.gz 15672532 BLAKE2B d718b7bcbf9c3583953a9fa82319f04b32d17c5b7539a49b9999881bd8cea7fd9a06f252d763170613a6cd0fd2535762b233cba74eb87764f662c4bdf2d8c1da SHA512 2ff3805a7d97780a716b23ddeea3722a85aba6326ecee527e53e9d35510a0ffa5ec0bf0cdbf8f3409bb9c6832406916f63eb7e8305db5f67c284e5590c642422

sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0009-initrd-parse-etc.service.patch

@@ -0,0 +1,29 @@
+From 65e3f4e837001f6f00359a779b6c5801566aa750 Mon Sep 17 00:00:00 2001
+From: Adrian Vladu <[email protected]>
+Date: Wed, 25 Sep 2024 15:51:02 +0000
+Subject: [PATCH] Revert "Revert "initrd-parse-etc: override argv[0] to avoid
+ dracut issue""
+
+This reverts commit 1c585a4ccda3258088d7bc27b27a314e7ed8be80.
+---
+ units/initrd-parse-etc.service.in | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/units/initrd-parse-etc.service.in b/units/initrd-parse-etc.service.in
+index 1eef2bd9be..3dadab1123 100644
+--- a/units/initrd-parse-etc.service.in
++++ b/units/initrd-parse-etc.service.in
+@@ -23,7 +23,9 @@ OnFailureJobMode=replace-irreversibly
+ [Service]
+ Type=oneshot
+
+-ExecStart={{LIBEXECDIR}}/systemd-sysroot-fstab-check
++# FIXME: once dracut is patched to install the symlink, change to:
++# ExecStart={{LIBEXECDIR}}/systemd-sysroot-fstab-check
++ExecStart=@{{SYSTEM_GENERATOR_DIR}}/systemd-fstab-generator systemd-sysroot-fstab-check
+
+ # We want to enqueue initrd-cleanup.service/start after we finished the part
+ # above. It can't be part of the initial transaction, because non-oneshot units
+-- 
+2.34.1
+

sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/256-bpf-gcc.patch

@@ -0,0 +1,26 @@
+https://github.com/systemd/systemd/commit/dde6f1d7456db7aa72d24b1d6956b419b6f9945c
+
+From dde6f1d7456db7aa72d24b1d6956b419b6f9945c Mon Sep 17 00:00:00 2001
+From: Sam James <[email protected]>
+Date: Sat, 24 Aug 2024 13:09:47 +0100
+Subject: [PATCH] meson: search for 'bpf-unknown-none' too
+
+We currently search for 'bpf-gcc' and 'bpf-none-gcc'. Gentoo's
+sys-devel/bpf-toolchain package uses 'bpf-unknown-none-gcc', as does Fedora's
+cross-binutils. Search for this name too.
+---
+ meson.build | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/meson.build b/meson.build
+index 5e0b666c64b17..fbc2bbdf2f22f 100644
+--- a/meson.build
++++ b/meson.build
+@@ -1109,6 +1109,7 @@ else
+         elif bpf_compiler == 'gcc'
+                 bpf_gcc = find_program('bpf-gcc',
+                                        'bpf-none-gcc',
++                                       'bpf-unknown-none-gcc',
+                                        required : true,
+                                        version : '>= 13.1.0')
+                 bpf_gcc_found = bpf_gcc.found()

sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-255.8.ebuild → sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.7.ebuild

@@ -2,7 +2,7 @@
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
-PYTHON_COMPAT=( python3_{10..12} )
+PYTHON_COMPAT=( python3_{10..13} )
 
 # Avoid QA warnings
 TMPFILES_OPTIONAL=1
@@ -14,15 +14,10 @@ if [[ ${PV} == 9999 ]]; then
 	EGIT_REPO_URI="https://github.com/systemd/systemd.git"
 	inherit git-r3
 else
-	if [[ ${PV} == *.* ]]; then
-		MY_PN=systemd-stable
-	else
-		MY_PN=systemd
-	fi
 	MY_PV=${PV/_/-}
-	MY_P=${MY_PN}-${MY_PV}
+	MY_P=${PN}-${MY_PV}
 	S=${WORKDIR}/${MY_P}
-	SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz"
+	SRC_URI="https://github.com/systemd/${PN}/archive/refs/tags/v${MY_PV}.tar.gz -> ${MY_P}.tar.gz"
 
 	if [[ ${PV} != *rc* ]] ; then
 		# Flatcar: mark as stable
@@ -34,12 +29,12 @@ inherit bash-completion-r1 linux-info meson-multilib optfeature pam python-singl
 inherit secureboot systemd tmpfiles toolchain-funcs udev
 
 DESCRIPTION="System and service manager for Linux"
-HOMEPAGE="http://systemd.io/"
+HOMEPAGE="https://systemd.io/"
 
 LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
 SLOT="0/2"
 IUSE="
-	acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
+	acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
 	fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod
 	+lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
 	+resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
@@ -65,6 +60,7 @@ COMMON_DEPEND="
 	acl? ( sys-apps/acl:0= )
 	apparmor? ( >=sys-libs/libapparmor-2.13:0= )
 	audit? ( >=sys-process/audit-2:0= )
+	bpf? ( >=dev-libs/libbpf-1.4.0:0= )
 	cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= )
 	curl? ( >=net-misc/curl-7.32.0:0= )
 	elfutils? ( >=dev-libs/elfutils-0.158:0= )
@@ -148,11 +144,11 @@ RDEPEND="${COMMON_DEPEND}
 	)
 	sysv-utils? (
 		!sys-apps/openrc[sysv-utils(-)]
+		!sys-apps/openrc-navi[sysv-utils(-)]
 		!sys-apps/sysvinit
 	)
 	!sysv-utils? ( sys-apps/sysvinit )
 	resolvconf? ( !net-dns/openresolv )
-	!sys-apps/hwids[udev]
 	!sys-auth/nss-myhostname
 	!sys-fs/eudev
 	!sys-fs/udev
@@ -171,6 +167,10 @@ BDEPEND="
 	>=sys-apps/coreutils-8.16
 	sys-devel/gettext
 	virtual/pkgconfig
+	bpf? (
+		dev-util/bpftool
+		sys-devel/bpf-toolchain
+	)
 	test? (
 		app-text/tree
 		dev-lang/perl
@@ -211,6 +211,7 @@ pkg_pretend() {
 			~!SYSFS_DEPRECATED_V2"
 
 		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+		use bpf && CONFIG_CHECK+=" ~BPF ~BPF_SYSCALL ~BPF_LSM ~DEBUG_INFO_BTF"
 		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
 
 		if kernel_is -ge 5 10 20; then
@@ -256,21 +257,19 @@ src_unpack() {
 src_prepare() {
 	local PATCHES=(
 		"${FILESDIR}/systemd-test-process-util.patch"
+		"${FILESDIR}/256-bpf-gcc.patch"
 		# Flatcar: Adding our own patches here.
 		"${FILESDIR}/0001-wait-online-set-any-by-default.patch"
-		"${FILESDIR}/0002-networkd-default-to-kernel-IPForwarding-setting.patch"
 		"${FILESDIR}/0003-needs-update-don-t-require-strictly-newer-usr.patch"
 		"${FILESDIR}/0004-core-use-max-for-DefaultTasksMax.patch"
 		"${FILESDIR}/0005-systemd-Disable-SELinux-permissions-checks.patch"
 		"${FILESDIR}/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch"
 		"${FILESDIR}/0007-units-Keep-using-old-journal-file-format.patch"
-		# Flatcar: This can be dropped when updating to 256.
-		"${FILESDIR}/0008-sysext-Mutable-overlays.patch"
+		"${FILESDIR}/0009-initrd-parse-etc.service.patch"
 	)
 
 	if ! use vanilla; then
 		PATCHES+=(
-			"${FILESDIR}/gentoo-generator-path-r2.patch"
 			"${FILESDIR}/gentoo-journald-audit-r1.patch"
 		)
 	fi
@@ -335,11 +334,8 @@ multilib_src_configure() {
 		# Disable compatibility with sysvinit
 		-Dsysvinit-path=
 		-Dsysvrcnd-path=
-		# Avoid infinite exec recursion, bug 642724
-		-Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit"
 		# no deps
 		-Dima=true
-		-Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified)
 		# Match /etc/shells, bug 919749
 		-Ddebug-shell="${EPREFIX}/bin/sh"
 		-Ddefault-user-shell="${EPREFIX}/bin/bash"
@@ -348,6 +344,8 @@ multilib_src_configure() {
 		$(meson_native_use_bool apparmor)
 		$(meson_native_use_bool audit)
 		$(meson_native_use_bool boot bootloader)
+		$(meson_native_use_bool bpf bpf-framework)
+		-Dbpf-compiler=gcc
 		$(meson_native_use_bool cryptsetup libcryptsetup)
 		$(meson_native_use_bool curl libcurl)
 		$(meson_native_use_bool dns-over-tls dns-over-tls)
@@ -447,6 +445,14 @@ multilib_src_configure() {
 		-Ddefault-mdns=no
 	)
 
+	case $(tc-arch) in
+		amd64|arm|arm64|ppc|ppc64|s390|x86)
+			# src/vmspawn/vmspawn-util.h: QEMU_MACHINE_TYPE
+			myconf+=( $(meson_native_enabled vmspawn) ) ;;
+		*)
+			myconf+=( -Dvmspawn=disabled ) ;;
+	esac
+
 	meson_src_configure "${myconf[@]}"
 }
 
@@ -504,7 +510,11 @@ multilib_src_install_all() {
 	# keepdir /var/log/journal
 
 	# if use pam; then
-	# 	newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+	# 	if use selinux; then
+	# 		newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+	#	else
+	#		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+	#	fi
 	# fi
 
 	if use kernel-install; then

sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild

@@ -7,7 +7,9 @@ EGIT_REPO_URI="https://github.com/flatcar/bootengine.git"
 if [[ "${PV}" == 9999 ]]; then
 	KEYWORDS="~amd64 ~arm ~arm64 ~x86"
 else
-	EGIT_COMMIT="c9de038b73621165f81573c77ca0d0c2f9e886db" # flatcar-master
+	EGIT_COMMIT="b2c5a92797a07a0f4545326a98740535b99376dc" # flatcar-master
+	EGIT_REF="ader1990/systemd-256-live-boot"
+	EGIT_BRANCH="ader1990/systemd-256-live-boot"
 	KEYWORDS="amd64 arm arm64 x86"
 fi