overlay sys-apps/systemd: Sync with Gentoo, bump to v255.4 and add patches for mutable overlays functionality

changelog/changes/2024-04-22-systemd-sysext.md

@@ -0,0 +1 @@
+- Backported systemd-sysext mutable overlays functionality from yet-unreleased systemd v256. ([flatcar/scripts#1753](https://github.com/flatcar/scripts/pull/1753))

changelog/updates/2024-04-22-systemd-sysext.md

@@ -0,0 +1 @@
+- systemd ([255.4](https://github.com/systemd/systemd-stable/commits/v255.4/))

sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest

@@ -1,6 +1 @@
-DIST systemd-stable-254.5.tar.gz 14334696 BLAKE2B 2f63d79ae93add69ac0b56dda9f67019340f84692de4da200557b9f5f1f16bebbad42a9a7e2d6ef7420aa37746d2ede0481fd8e39f03a31576c7e4e48e259ce3 SHA512 cac713670216add9e5473e2c86f04da441015e7cc0ac1500b9e1489a435f9b80c4c6ee24e9b22e4c4213a495bc1a0a908925df2045e344a2170d5aea6aafa16c
-DIST systemd-stable-254.7.tar.gz 14411955 BLAKE2B 1213237a001fb0aef8912637f31d7d77888bc2505e1e8d8d295642a547bdebbc3a786eed095694e6a6fe2665d6e8e45e98cd883186eedeb1b4fd73daf2520dcf SHA512 2e859813f1f52fa693631ce43466875ac2ac42e09872011ee52fe4e44727663c3de9f128a47776899423188c1e99ce73a69059426a9356c930e275037d001685
-DIST systemd-stable-254.8.tar.gz 14418468 BLAKE2B e5a151ece86e57c7224fc95bda1b4ede1277fce4a2ba28d3605ab0431a2aafe1088f90c49a20e3b53a5b56aeef7c0f1f5da0601db740150f5efdf6eae7bbde80 SHA512 a3f35d9fcafcccd8d9c33ab1047241f226146017be95562a67c7dcc9eeb4b77bded92ad80e92f4767f2bf2009df0172a621d4c54a805e07ed5a5ed03940ec28e
-DIST systemd-stable-254.9.tar.gz 14423806 BLAKE2B ab39c0a00b8451b24b40e39f4bf7ecb912ff23d9cd6f8d30fd0545e895936baa635b1ff63c02a83761682b72f44244aac8338bf6506885c9b07cd0c5247b6693 SHA512 a0300693a044cfe4c76deb0e3e48a927125eb97c3952c07ba68936f1e093c93506d8044b249b534b8e778ade6143b43194f8d6b721a8cd520bc7bb4cb3d3e5c1
-DIST systemd-stable-255.2.tar.gz 14864388 BLAKE2B 101da82a5d63eaa48c2dc4bad5ab713b4e8b544134de8216f315a97736eb699eaf756aef2d9a4e2126f0d248b3a7e28bc986ccc2154d5d110db733d114072eec SHA512 0a9a43adc6d23f52349d298cdff3f3ae6accd7e43a33253608f7a9d241699c7cba3c9f6a0fa6da3ae3cba0e246e272076bfa2cdf5bade7bc019406f407be0bb9
-DIST systemd-stable-255.3.tar.gz 14873273 BLAKE2B e22ef391c691fcf1e765c5112e1a55096d3bba61a9dae3ea1a3958add4e355892a97d5214e63c516ba3b70e2a83bb5d21254812d870f06c16c74a58d4f957d75 SHA512 c2868a53df2176649b0d0c94e5d451c46ba783bcdbc89ce12434ed2d11dba44b4854ffe4c2430f3f64eef2e214cbb51d5f740170afbd9edd66761a8851157453
+DIST systemd-stable-255.4.tar.gz 14952427 BLAKE2B 27f5080f83a9e870fbe8e3ebcb500a63c42022f1f96f26f35c76eeeea85dab691291c31ee716cab330b76df5e576910a6a82f51267eff4f766b1d4c304d815c9 SHA512 8a2bde11a55f7f788ba7751789a5e9be6ce9634e88d54e49f6e832c4c49020c6cacaf2a610fe26f92998b0cbf43c6c2150a96b2c0953d23261009f57d71ea979

sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-wait-online-set-any-by-default.patch

@@ -1,7 +1,7 @@
-From 02ebe43df912c7090a155484fbd1b422c4f438f4 Mon Sep 17 00:00:00 2001
+From 98cbd0a4576464478f0f9fcd2066efc08bef9491 Mon Sep 17 00:00:00 2001
 From: David Michael <dm0@redhat.com>
 Date: Tue, 16 Apr 2019 02:44:51 +0000
-Subject: [PATCH 1/7] wait-online: set --any by default
+Subject: [PATCH 1/8] wait-online: set --any by default
 
 The systemd-networkd-wait-online command would normally continue
 waiting after a network interface is usable if other interfaces are
@@ -15,10 +15,10 @@ earlier) for the original implementation.
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/network/wait-online/wait-online.c b/src/network/wait-online/wait-online.c
-index a679b858fa..3b6dad8d1d 100644
+index 5328bba2d8..95294df607 100644
 --- a/src/network/wait-online/wait-online.c
 +++ b/src/network/wait-online/wait-online.c
-@@ -20,7 +20,7 @@ static Hashmap *arg_interfaces = NULL;
+@@ -21,7 +21,7 @@ static Hashmap *arg_interfaces = NULL;
  static char **arg_ignore = NULL;
  static LinkOperationalStateRange arg_required_operstate = { _LINK_OPERSTATE_INVALID, _LINK_OPERSTATE_INVALID };
  static AddressFamily arg_required_family = ADDRESS_FAMILY_NO;
@@ -28,5 +28,5 @@ index a679b858fa..3b6dad8d1d 100644
  STATIC_DESTRUCTOR_REGISTER(arg_interfaces, hashmap_free_free_freep);
  STATIC_DESTRUCTOR_REGISTER(arg_ignore, strv_freep);
 -- 
-2.25.1
+2.34.1
 

sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-networkd-default-to-kernel-IPForwarding-setting.patch

@@ -1,24 +1,24 @@
-From e124d3716ada4fc7c34278435a61d51b07b61024 Mon Sep 17 00:00:00 2001
+From e3fd50ec704b5d48e9d756c1cc5c40e72b7d1fa4 Mon Sep 17 00:00:00 2001
 From: Nick Owens <nick.owens@coreos.com>
 Date: Tue, 2 Jun 2015 18:22:32 -0700
-Subject: [PATCH 2/7] networkd: default to "kernel" IPForwarding setting
+Subject: [PATCH 2/8] networkd: default to "kernel" IPForwarding setting
 
 ---
  src/network/networkd-network.c | 1 +
  1 file changed, 1 insertion(+)
 
 diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
-index a6c5b44238..54f9d12fec 100644
+index dcd3e5ae12..2ae481d1ec 100644
 --- a/src/network/networkd-network.c
 +++ b/src/network/networkd-network.c
-@@ -465,6 +465,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi
+@@ -461,6 +461,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi
                  .link_local = _ADDRESS_FAMILY_INVALID,
                  .ipv6ll_address_gen_mode = _IPV6_LINK_LOCAL_ADDRESS_GEN_MODE_INVALID,
 
 +                .ip_forward = _ADDRESS_FAMILY_INVALID,
                  .ipv4_accept_local = -1,
                  .ipv4_route_localnet = -1,
-                 .ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO,
+                 .ipv6_privacy_extensions = _IPV6_PRIVACY_EXTENSIONS_INVALID,
 -- 
-2.25.1
+2.34.1
 

sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0003-needs-update-don-t-require-strictly-newer-usr.patch

@@ -1,7 +1,7 @@
-From a8366f0ddffabef08c010064ea62e64d7276a0f3 Mon Sep 17 00:00:00 2001
+From 0be1b5367c24427e3285d33fb87aa4acdf3c4dce Mon Sep 17 00:00:00 2001
 From: Alex Crawford <alex.crawford@coreos.com>
 Date: Wed, 2 Mar 2016 10:46:33 -0800
-Subject: [PATCH 3/7] needs-update: don't require strictly newer usr
+Subject: [PATCH 3/8] needs-update: don't require strictly newer usr
 
 Updates should be triggered whenever usr changes, not only when it is newer.
 ---
@@ -23,10 +23,10 @@ index 3393010ff6..5478baca25 100644
      This requires that updates to <filename>/usr/</filename> are always
      followed by an update of the modification time of
 diff --git a/src/shared/condition.c b/src/shared/condition.c
-index a23d6a3e45..8ca1f4606f 100644
+index d3446e8a9d..3f7cc9ea58 100644
 --- a/src/shared/condition.c
 +++ b/src/shared/condition.c
-@@ -792,7 +792,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
+@@ -793,7 +793,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
           * First, compare seconds as they are always accurate...
           */
          if (usr.st_mtim.tv_sec != other.st_mtim.tv_sec)
@@ -35,7 +35,7 @@ index a23d6a3e45..8ca1f4606f 100644
 
          /*
           * ...then compare nanoseconds.
-@@ -803,7 +803,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
+@@ -804,7 +804,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
           * (otherwise the filesystem supports nsec timestamps, see stat(2)).
           */
          if (usr.st_mtim.tv_nsec == 0 || other.st_mtim.tv_nsec > 0)
@@ -44,15 +44,15 @@ index a23d6a3e45..8ca1f4606f 100644
 
          _cleanup_free_ char *timestamp_str = NULL;
          r = parse_env_file(NULL, p, "TIMESTAMP_NSEC", &timestamp_str);
-@@ -823,7 +823,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
+@@ -824,7 +824,7 @@ static int condition_test_needs_update(Condition *c, char **env) {
                  return true;
          }
 
 -        return timespec_load_nsec(&usr.st_mtim) > timestamp;
 +        return timespec_load_nsec(&usr.st_mtim) != timestamp;
  }
 
- static int condition_test_first_boot(Condition *c, char **env) {
+ static bool in_first_boot(void) {
 -- 
-2.25.1
+2.34.1
 

sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-core-use-max-for-DefaultTasksMax.patch

@@ -1,7 +1,7 @@
-From 4cdbcf5df9a2fd165385465bd5be9b8cdb78f83a Mon Sep 17 00:00:00 2001
+From d21ebfcf17ffc1dba635389193f10d2b93eba730 Mon Sep 17 00:00:00 2001
 From: Adrian Vladu <avladu@cloudbasesolutions.com>
 Date: Fri, 16 Feb 2024 11:22:08 +0000
-Subject: [PATCH] [PATCH 4/7] core: use max for DefaultTasksMax
+Subject: [PATCH 4/8] core: use max for DefaultTasksMax
 
 Since systemd v228, systemd has a DefaultTasksMax which defaulted
 to 512, later 15% of the system's maximum number of PIDs.  This
@@ -21,10 +21,10 @@ Signed-off-by: Adrian Vladu <avladu@cloudbasesolutions.com>
  3 files changed, 3 insertions(+), 3 deletions(-)
 
 diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
-index 31b6421399..52819ae8b7 100644
+index 3c06b65f93..71f38692b6 100644
 --- a/man/systemd-system.conf.xml
 +++ b/man/systemd-system.conf.xml
-@@ -515,7 +515,7 @@
+@@ -501,7 +501,7 @@
          <listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
          <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
          for details. This setting applies to all unit types that support resource control settings, with the exception
@@ -34,7 +34,7 @@ index 31b6421399..52819ae8b7 100644
          Kernel has a default value for <varname>kernel.pid_max=</varname> and an algorithm of counting in case of more than 32 cores.
          For example, with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 4915,
 diff --git a/src/core/manager.c b/src/core/manager.c
-index e8c747d96d..df9269aab8 100644
+index 88eebfc626..8992c8c3e3 100644
 --- a/src/core/manager.c
 +++ b/src/core/manager.c
 @@ -114,7 +114,7 @@
@@ -47,10 +47,10 @@ index e8c747d96d..df9269aab8 100644
  static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
  static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
 diff --git a/src/core/system.conf.in b/src/core/system.conf.in
-index 9b89a6aa77..5a7e92ab5a 100644
+index 05eb681270..94d0365244 100644
 --- a/src/core/system.conf.in
 +++ b/src/core/system.conf.in
-@@ -59,7 +59,7 @@
+@@ -58,7 +58,7 @@
  #DefaultIPAccounting=no
  #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }}
  #DefaultTasksAccounting=yes

sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-systemd-Disable-SELinux-permissions-checks.patch

@@ -1,7 +1,7 @@
-From 0a5e52f5511cd7a5312d06abff12bc432bdedc96 Mon Sep 17 00:00:00 2001
+From 374cca5b2f9aea1c506352cf58b09db5c216a0d3 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <mjg59@coreos.com>
 Date: Tue, 20 Dec 2016 16:43:22 +0000
-Subject: [PATCH 5/7] systemd: Disable SELinux permissions checks
+Subject: [PATCH 5/8] systemd: Disable SELinux permissions checks
 
 We don't care about the interaction between systemd and SELinux policy, so
 let's just disable these checks rather than having to incorporate policy
@@ -12,7 +12,7 @@ to limit containers and not anything running directly on the host.
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
-index 11dbf4640e..c839a4f39e 100644
+index 62181a6309..448f9211d6 100644
 --- a/src/core/selinux-access.c
 +++ b/src/core/selinux-access.c
 @@ -2,7 +2,7 @@
@@ -25,5 +25,5 @@ index 11dbf4640e..c839a4f39e 100644
  #include <errno.h>
  #include <selinux/avc.h>
 -- 
-2.25.1
+2.34.1
 

sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch

@@ -1,7 +1,7 @@
-From ede353ea720f07b7b19fa638d5a59a7471237e2d Mon Sep 17 00:00:00 2001
+From bffb2a48796a2736d7fb7328d2a88b1cbb812b12 Mon Sep 17 00:00:00 2001
 From: Sayan Chowdhury <schowdhury@microsoft.com>
 Date: Fri, 16 Dec 2022 16:28:26 +0530
-Subject: [PATCH 6/7] Revert "getty: Pass tty to use by agetty via stdin"
+Subject: [PATCH 6/8] Revert "getty: Pass tty to use by agetty via stdin"
 
 This reverts commit b4bf9007cbee7dc0b1356897344ae2a7890df84c.
 
@@ -17,7 +17,7 @@ Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
  4 files changed, 4 insertions(+), 12 deletions(-)
 
 diff --git a/units/console-getty.service.in b/units/console-getty.service.in
-index 606b7dbe16..54fd7c292d 100644
+index d64112be5e..b908708d8c 100644
 --- a/units/console-getty.service.in
 +++ b/units/console-getty.service.in
 @@ -22,12 +22,10 @@ ConditionPathExists=/dev/console
@@ -35,7 +35,7 @@ index 606b7dbe16..54fd7c292d 100644
  TTYReset=yes
  TTYVHangup=yes
 diff --git a/units/container-getty@.service.in b/units/container-getty@.service.in
-index 8d7e20d5ec..5f095f48b0 100644
+index 8847d735fb..8be25663f5 100644
 --- a/units/container-getty@.service.in
 +++ b/units/container-getty@.service.in
 @@ -27,13 +27,11 @@ Before=rescue.service
@@ -54,7 +54,7 @@ index 8d7e20d5ec..5f095f48b0 100644
  TTYReset=yes
  TTYVHangup=yes
 diff --git a/units/getty@.service.in b/units/getty@.service.in
-index 21d66f9367..78deb7cffe 100644
+index 80b8f3e922..b57666c123 100644
 --- a/units/getty@.service.in
 +++ b/units/getty@.service.in
 @@ -38,13 +38,11 @@ ConditionPathExists=/dev/tty0
@@ -73,7 +73,7 @@ index 21d66f9367..78deb7cffe 100644
  TTYReset=yes
  TTYVHangup=yes
 diff --git a/units/serial-getty@.service.in b/units/serial-getty@.service.in
-index 2433124c55..bb7af3105d 100644
+index 6bf101eac9..479b8759a9 100644
 --- a/units/serial-getty@.service.in
 +++ b/units/serial-getty@.service.in
 @@ -33,12 +33,10 @@ Before=rescue.service
@@ -91,5 +91,5 @@ index 2433124c55..bb7af3105d 100644
  TTYReset=yes
  TTYVHangup=yes
 -- 
-2.25.1
+2.34.1
 

sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-units-Keep-using-old-journal-file-format.patch

@@ -1,7 +1,7 @@
-From 44374d98fb65ff5fdbc2a7d07a076b50b8f2b003 Mon Sep 17 00:00:00 2001
+From 6a4c6f97742afc9ca5de40335b2d041095990aa2 Mon Sep 17 00:00:00 2001
 From: Adrian Vladu <avladu@cloudbasesolutions.com>
 Date: Fri, 16 Feb 2024 11:29:04 +0000
-Subject: [PATCH] [PATCH 7/7] units: Keep using old journal file format
+Subject: [PATCH 7/8] units: Keep using old journal file format
 
 Systemd 252 made an incompatible change in journal file format. Temporarily
 force journald to use the old journal format to give logging containers more