[gentoo-commits] repo/gentoo:master commit in: profiles/arch/sparc/, profiles/arch/ia64/, sys-apps/systemd/files/, ...

[gentoo-commits] repo/gentoo:master commit in: profiles/arch/sparc/, profiles/arch/ia64/, sys-apps/systemd/files/, ...

[Sam James]

commit:     de67dbf4abdef923ca8f7af0e48d4fcc5b220a96
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 23 16:08:10 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Aug 25 13:56:09 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=de67dbf4

sys-apps/systemd: wire up BPF support

Clang support is not yet done.

Bug: https://bugs.gentoo.org/917228
Signed-off-by: Sam James <sam <AT> gentoo.org>

 profiles/arch/alpha/package.use.mask     |  4 ++++
 profiles/arch/hppa/package.use.mask      |  4 ++++
 profiles/arch/ia64/package.use.mask      |  4 ++++
 profiles/arch/loong/package.use.mask     |  4 ++++
 profiles/arch/s390/package.use.mask      |  4 ++++
 profiles/arch/sparc/package.use.mask     |  4 ++++
 sys-apps/systemd/files/256-bpf-gcc.patch | 26 ++++++++++++++++++++++++++
 sys-apps/systemd/metadata.xml            |  1 +
 sys-apps/systemd/systemd-256.5.ebuild    | 10 +++++++++-
 sys-apps/systemd/systemd-9999.ebuild     |  9 ++++++++-
 10 files changed, 68 insertions(+), 2 deletions(-)

diff --git a/profiles/arch/alpha/package.use.mask b/profiles/arch/alpha/package.use.mask
index a3fc2a240cd9..aaeb3a221a78 100644
--- a/profiles/arch/alpha/package.use.mask
+++ b/profiles/arch/alpha/package.use.mask
@@ -1,6 +1,10 @@
 # Copyright 1999-2024 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
+# Sam James <sam@gentoo.org> (2024-08-23)
+# dev-util/bpftool and/or sys-devel/bpf-toolchain not keyworded here
+sys-apps/systemd bpf
+
 # Hans de Graaff <graaff@gentoo.org> (2024-08-16)
 # Requires large parts of dev-ruby/rails to be keyworded
 dev-ruby/minitest-hooks test

diff --git a/profiles/arch/hppa/package.use.mask b/profiles/arch/hppa/package.use.mask
index 1fa92e6e97c5..dc92c7939f40 100644
--- a/profiles/arch/hppa/package.use.mask
+++ b/profiles/arch/hppa/package.use.mask
@@ -4,6 +4,10 @@
 # NOTE: When masking a USE flag due to missing keywords, please file a keyword
 # request bug for the hppa arch.
 
+# Sam James <sam@gentoo.org> (2024-08-23)
+# dev-util/bpftool and/or sys-devel/bpf-toolchain not keyworded here
+sys-apps/systemd bpf
+
 # Ulrich Müller <ulm@gentoo.org> (2024-08-03)
 # Needs dev-libs/openspecfun which is not yet keyworded
 sci-visualization/gnuplot amos

diff --git a/profiles/arch/ia64/package.use.mask b/profiles/arch/ia64/package.use.mask
index f8f57449b9be..b906a322f814 100644
--- a/profiles/arch/ia64/package.use.mask
+++ b/profiles/arch/ia64/package.use.mask
@@ -1,6 +1,10 @@
 # Copyright 1999-2024 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
+# Sam James <sam@gentoo.org> (2024-08-23)
+# dev-util/bpftool and/or sys-devel/bpf-toolchain not keyworded here
+sys-apps/systemd bpf
+
 # Matt Jolly <kangie@gentoo.org> (2024-08-14)
 # QUIC dependencies are not keyworded
 net-misc/curl http3 quic curl_quic_openssl curl_quic_ngtcp2

diff --git a/profiles/arch/loong/package.use.mask b/profiles/arch/loong/package.use.mask
index d2440e46553b..72ce670abb80 100644
--- a/profiles/arch/loong/package.use.mask
+++ b/profiles/arch/loong/package.use.mask
@@ -1,6 +1,10 @@
 # Copyright 2022-2024 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
+# Sam James <sam@gentoo.org> (2024-08-23)
+# dev-util/bpftool and/or sys-devel/bpf-toolchain not keyworded here
+sys-apps/systemd bpf
+
 # WANG Xuerui <xen0n@gentoo.org> (2024-08-22)
 # dev-lang/spidermonkey gained JIT support for loong since version 107,
 # but the nearest packaged version is 115.

diff --git a/profiles/arch/s390/package.use.mask b/profiles/arch/s390/package.use.mask
index 442b717d7b57..833ceeabf4a5 100644
--- a/profiles/arch/s390/package.use.mask
+++ b/profiles/arch/s390/package.use.mask
@@ -1,6 +1,10 @@
 # Copyright 1999-2024 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
+# Sam James <sam@gentoo.org> (2024-08-23)
+# dev-util/bpftool and/or sys-devel/bpf-toolchain not keyworded here
+sys-apps/systemd bpf
+
 # Matt Jolly <kangie@gentoo.org> (2024-08-14)
 # QUIC dependencies are not keyworded
 net-misc/curl http3 quic curl_quic_openssl curl_quic_ngtcp2

diff --git a/profiles/arch/sparc/package.use.mask b/profiles/arch/sparc/package.use.mask
index e7032ba9fad8..da631e3b0a79 100644
--- a/profiles/arch/sparc/package.use.mask
+++ b/profiles/arch/sparc/package.use.mask
@@ -1,6 +1,10 @@
 # Copyright 1999-2024 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
+# Sam James <sam@gentoo.org> (2024-08-23)
+# dev-util/bpftool and/or sys-devel/bpf-toolchain not keyworded here
+sys-apps/systemd bpf
+
 # Ulrich Müller <ulm@gentoo.org> (2024-08-03)
 # Needs dev-libs/openspecfun which is not yet keyworded
 sci-visualization/gnuplot amos

diff --git a/sys-apps/systemd/files/256-bpf-gcc.patch b/sys-apps/systemd/files/256-bpf-gcc.patch
new file mode 100644
index 000000000000..0570695d397c
--- /dev/null
+++ b/sys-apps/systemd/files/256-bpf-gcc.patch
@@ -0,0 +1,26 @@
+https://github.com/systemd/systemd/commit/dde6f1d7456db7aa72d24b1d6956b419b6f9945c
+
+From dde6f1d7456db7aa72d24b1d6956b419b6f9945c Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Sat, 24 Aug 2024 13:09:47 +0100
+Subject: [PATCH] meson: search for 'bpf-unknown-none' too
+
+We currently search for 'bpf-gcc' and 'bpf-none-gcc'. Gentoo's
+sys-devel/bpf-toolchain package uses 'bpf-unknown-none-gcc', as does Fedora's
+cross-binutils. Search for this name too.
+---
+ meson.build | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/meson.build b/meson.build
+index 5e0b666c64b17..fbc2bbdf2f22f 100644
+--- a/meson.build
++++ b/meson.build
+@@ -1109,6 +1109,7 @@ else
+         elif bpf_compiler == 'gcc'
+                 bpf_gcc = find_program('bpf-gcc',
+                                        'bpf-none-gcc',
++                                       'bpf-unknown-none-gcc',
+                                        required : true,
+                                        version : '>= 13.1.0')
+                 bpf_gcc_found = bpf_gcc.found()

diff --git a/sys-apps/systemd/metadata.xml b/sys-apps/systemd/metadata.xml
index c9b8604a3c68..fea934417f1d 100644
--- a/sys-apps/systemd/metadata.xml
+++ b/sys-apps/systemd/metadata.xml
@@ -11,6 +11,7 @@
 	<use>
 		<flag name="audit">Enable support for <pkg>sys-process/audit</pkg></flag>
 		<flag name="boot">Enable EFI boot manager and stub loader</flag>
+		<flag name="bpf">Enable BPF support for sandboxing and firewalling.</flag>
 		<flag name="cgroup-hybrid">Default to hybrid (legacy) cgroup hierarchy instead of unified (modern).</flag>
 		<flag name="curl">Enable support for uploading journals</flag>
 		<flag name="cryptsetup">Enable cryptsetup tools (includes unit generator for crypttab)</flag>

diff --git a/sys-apps/systemd/systemd-256.5.ebuild b/sys-apps/systemd/systemd-256.5.ebuild
index 3b8464645eec..1c74d39e00f8 100644
--- a/sys-apps/systemd/systemd-256.5.ebuild
+++ b/sys-apps/systemd/systemd-256.5.ebuild
@@ -33,7 +33,7 @@ HOMEPAGE="https://systemd.io/"
 LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
 SLOT="0/2"
 IUSE="
-	acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
+	acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
 	fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod
 	+lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
 	+resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
@@ -158,6 +158,10 @@ BDEPEND="
 	>=sys-apps/coreutils-8.16
 	sys-devel/gettext
 	virtual/pkgconfig
+	bpf? (
+		dev-util/bpftool
+		sys-devel/bpf-toolchain
+	)
 	test? (
 		app-text/tree
 		dev-lang/perl
@@ -223,6 +227,7 @@ pkg_pretend() {
 			~!SYSFS_DEPRECATED_V2"
 
 		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+		use bpf && CONFIG_CHECK+=" ~BPF ~BPF_SYSCALL ~BPF_LSM ~DEBUG_INFO_BTF"
 		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
 
 		if kernel_is -ge 5 10 20; then
@@ -268,6 +273,7 @@ src_unpack() {
 src_prepare() {
 	local PATCHES=(
 		"${FILESDIR}/systemd-test-process-util.patch"
+		"${FILESDIR}/256-bpf-gcc.patch"
 	)
 
 	if ! use vanilla; then
@@ -311,6 +317,8 @@ multilib_src_configure() {
 		$(meson_native_use_bool apparmor)
 		$(meson_native_use_bool audit)
 		$(meson_native_use_bool boot bootloader)
+		$(meson_native_use_bool bpf bpf-framework)
+		-Dbpf-compiler=gcc
 		$(meson_native_use_bool cryptsetup libcryptsetup)
 		$(meson_native_use_bool curl libcurl)
 		$(meson_native_use_bool dns-over-tls dns-over-tls)

diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 3b40a5319500..f11fdab115eb 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -33,7 +33,7 @@ HOMEPAGE="https://systemd.io/"
 LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
 SLOT="0/2"
 IUSE="
-	acl apparmor audit boot cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
+	acl apparmor audit boot bpf cgroup-hybrid cryptsetup curl +dns-over-tls elfutils
 	fido2 +gcrypt gnutls homed http idn importd iptables +kernel-install +kmod
 	+lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode
 	+resolvconf +seccomp selinux split-usr +sysv-utils test tpm ukify vanilla xkb +zstd
@@ -158,6 +158,10 @@ BDEPEND="
 	>=sys-apps/coreutils-8.16
 	sys-devel/gettext
 	virtual/pkgconfig
+	bpf? (
+		dev-util/bpftool
+		sys-devel/bpf-toolchain
+	)
 	test? (
 		app-text/tree
 		dev-lang/perl
@@ -223,6 +227,7 @@ pkg_pretend() {
 			~!SYSFS_DEPRECATED_V2"
 
 		use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+		use bpf && CONFIG_CHECK+=" ~BPF ~BPF_SYSCALL ~BPF_LSM ~DEBUG_INFO_BTF"
 		use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER"
 
 		if kernel_is -ge 5 10 20; then
@@ -311,6 +316,8 @@ multilib_src_configure() {
 		$(meson_native_use_bool apparmor)
 		$(meson_native_use_bool audit)
 		$(meson_native_use_bool boot bootloader)
+		$(meson_native_use_bool bpf bpf-framework)
+		-Dbpf-compiler=gcc
 		$(meson_native_use_bool cryptsetup libcryptsetup)
 		$(meson_native_use_bool curl libcurl)
 		$(meson_native_use_bool dns-over-tls dns-over-tls)