From b3f4b641ce63e35de56ea5a50b042560ce24cc3c Mon Sep 17 00:00:00 2001 From: Kai Lueke Date: Mon, 14 Mar 2022 18:55:07 +0100 Subject: [PATCH 1/7] sys-apps/baselayout: force link creation in tmpfile rule The /lib symlink does not point to /usr/lib but instead points to /usr/lib64 on current releases which have a single /usr/lib64 folder and a symlink from /usr/lib to it. This means that when they update to a release with a split lib vs. lib64 setup, the kernel modules are not found because /lib/modules does not exist (because /lib still points to /usr/lib64 instead of /usr/lib). Force link recreation to match the new layout. The system will still be able to rollback because the link to /usr/lib is still valid because /usr/lib is itself a link that forwards to /usr/lib64. --- .../coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild index ff50a0d91e..70574b6e64 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild @@ -102,7 +102,7 @@ src_compile() { local tmpfiles="${T}/baselayout-usr.conf" echo -n > ${tmpfiles} || die for sym in "${!USR_SYMS[@]}" ; do - echo "L ${sym} - - - - ${USR_SYMS[$sym]}" >> ${tmpfiles} + echo "L+ ${sym} - - - - ${USR_SYMS[$sym]}" >> ${tmpfiles} done fi } From c6e427d80dd3c22a4aa49a9bb8e4ce6ddffe8b3f Mon Sep 17 00:00:00 2001 From: Kai Lueke Date: Fri, 11 Mar 2022 14:52:28 +0100 Subject: [PATCH 2/7] profiles: disable SYMLINK_LIB The profile Flatcar is on had SYMLINK_LIB set for amd64 which set up (/usr)/lib as symlink to (/usr)/lib64. This is not the case for arm64 nor common in other recent distributions and causes systemd-sysext loading to fail. Disable SYMLINK_LIB for the amd64 board for now, leaving the SDK as is but we could also set it for the SDK, too. A future profile update will also bring this change. --- .../profiles/coreos/targets/generic/make.defaults | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults index 395339442f..c3e0e2f642 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults @@ -98,3 +98,6 @@ ACCT_USER_SYSTEMD_RESOLVE_ID=245 # tss seems to be one of those users with a mismatching UID/GID ACCT_GROUP_TSS_ID=252 ACCT_USER_TSS_ID=236 + +# Disable creation of /usr/lib as symlink +SYMLINK_LIB="no" From ba8aeb992a38ba72a7633a4867955cd6be156d3b Mon Sep 17 00:00:00 2001 From: Kai Lueke Date: Mon, 14 Mar 2022 19:39:05 +0100 Subject: [PATCH 3/7] coreos-base/coreos-init: create compatibility symlinks The split of /usr/lib64 into /usr/lib and /usr/lib64 means that paths to /usr/lib64/X that worked before now wouldn't. Therefore, create compatibility symlinks. --- .../coreos-base/coreos-init/coreos-init-9999.ebuild | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild index 6dcd0d1232..6da30a3fb7 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild @@ -52,4 +52,11 @@ src_install() { # Enable some services that aren't enabled elsewhere. systemd_enable_service rpcbind.target rpcbind.service + + # Create compatibility symlinks in case /usr/lib64/ instead of /usr/lib/ was used + local compat + # os-release symlink is set up in scripts + for compat in modules systemd flatcar coreos kernel modprobe.d pam pam.d sysctl.d udev ; do + dosym "../lib/${compat}" "/usr/lib64/${compat}" + done } From 5fc316e7759911f0f0146c1d956b214d9434f707 Mon Sep 17 00:00:00 2001 From: Kai Lueke Date: Tue, 15 Mar 2022 20:11:03 +0100 Subject: [PATCH 4/7] coreos-base/coreos-init: add helper service to start sysext services This pulls in https://github.com/flatcar-linux/init/pull/65 --- .../changelog/changes/2022-03-17-enable-systemd-sysext.md | 1 + .../coreos-base/coreos-init/coreos-init-9999.ebuild | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-03-17-enable-systemd-sysext.md diff --git a/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-03-17-enable-systemd-sysext.md b/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-03-17-enable-systemd-sysext.md new file mode 100644 index 0000000000..21bc62fe38 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-03-17-enable-systemd-sysext.md @@ -0,0 +1 @@ +- Enabled `systemd-sysext.service` to activate systemd-sysext images on boot, to disable you will need to mask it. Also added a helper service `ensure-sysext.service` which reloads the systemd units to reevaluate the `sockets`, `timers`, and `multi-user` targets when `systemd-sysext.service` is (re)started, making it possible to enable units that are part of a sysext image ([PR#65](https://github.com/flatcar-linux/init/pull/65)) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild index 6da30a3fb7..dc09f9b3d2 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild @@ -10,7 +10,7 @@ CROS_WORKON_REPO="https://github.com" if [[ "${PV}" == 9999 ]]; then KEYWORDS="~amd64 ~arm ~arm64 ~x86" else - CROS_WORKON_COMMIT="2231de798a7393dd8e864ff2ee5409484a81c1d3" # flatcar-master + CROS_WORKON_COMMIT="a22b550c7cf689661970a2a23dd457870dd84c97" # flatcar-master KEYWORDS="amd64 arm arm64 x86" fi From bc9d7af9855b8c976a87a649eb079b3f2c4375a5 Mon Sep 17 00:00:00 2001 From: Kai Lueke Date: Thu, 10 Mar 2022 15:36:08 +0100 Subject: [PATCH 5/7] sys-apps/systemd: enable systemd-sysext.service The systemd-sysext.service activates sysext images on boot. Enable it by default. --- .../coreos-overlay/sys-apps/systemd/systemd-250.3.ebuild | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.3.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.3.ebuild index 7b89a3d0a8..a1a32828b0 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.3.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.3.ebuild @@ -563,6 +563,9 @@ multilib_src_install_all() { # Flatcar: enable reboot.target (not enabled - has no WantedBy # entry) + # Flatcar: enable systemd-sysext.service by default + builddir_systemd_enable_service sysinit.target systemd-sysext.service + # Flatcar: Use an empty preset file, because systemctl # preset-all puts symlinks in /etc, not in /usr. We don't use # /etc, because it is not autoupdated. We do the "preset" above. From bfbf373f201c86ea2b7e9c553df88935623d8f0c Mon Sep 17 00:00:00 2001 From: Kai Lueke Date: Wed, 16 Mar 2022 16:21:08 +0100 Subject: [PATCH 6/7] coreos-base/coreos-oem-gce: use usr/lib/systemd folder The lib64/systemd location only happened to work through the used symlink on Flatcar. The standard location is lib/systemd. Use the standard location as we now want to split the libs folders. --- .../coreos-base/coreos-oem-gce/files/manglefs.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/files/manglefs.sh b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/files/manglefs.sh index 82d80c3922..ac499577bb 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/files/manglefs.sh +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/files/manglefs.sh @@ -50,5 +50,5 @@ session optional pam_permit.so EOF # Don't bundle these paths, since they are useless to us. -mv usr/lib64/systemd/lib*.so* usr/lib64/ -rm -fr boot etc/* usr/lib64/systemd var/db/pkg +mv usr/lib/systemd/lib*.so* usr/lib64/ +rm -fr boot etc/* usr/lib/systemd var/db/pkg From 00841774c97fb78f06eca4d099285a0f11a6165d Mon Sep 17 00:00:00 2001 From: Kai Lueke Date: Thu, 17 Mar 2022 12:19:46 +0100 Subject: [PATCH 7/7] changelog: add entry for lib and lib64 split --- .../changelog/changes/2022-03-17-lib-and-lib64-split.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-03-17-lib-and-lib64-split.md diff --git a/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-03-17-lib-and-lib64-split.md b/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-03-17-lib-and-lib64-split.md new file mode 100644 index 0000000000..d09e951e60 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-03-17-lib-and-lib64-split.md @@ -0,0 +1 @@ +- For amd64 `/usr/lib` used to be a symlink to `/usr/lib64` but now they became two separate folders as common in other distributions (and was the case for arm64 already). Compatibility symlinks exist in case `/usr/lib64` was used to access, e.g., the `modules` folder or the `systemd` folder ([PR#1713](https://github.com/flatcar-linux/coreos-overlay/pull/1713), [PR#255](https://github.com/flatcar-linux/scripts/pull/255))