diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/dev-libs/openssl b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/dev-libs/openssl index d2d30ce81b..9673ee081b 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/dev-libs/openssl +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/dev-libs/openssl @@ -1,5 +1,7 @@ # A hack to avoid rehashing certs in a nonexistent directory. -flatcar_hacked_openssl=$(command -v openssl) +if [[ -z ${flatcar_hacked_openssl:-} ]]; then + flatcar_hacked_openssl=$(command -v openssl) +fi openssl() { if [[ ${#} -gt 0 && ${1} = 'rehash' ]]; then return; diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-dns/bind b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-dns/bind index 0cb2bea848..1affd99df9 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-dns/bind +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-dns/bind @@ -22,12 +22,14 @@ unset ndb_install_mask # only files that this happens for are files that we have put into # {PKG_,}INSTALL_MASK. This will help us avoid installing # acct-user/named and acct-user/group. -fowners_script=$(command -v fowners) +if [[ -z ${flatcar_hacked_fowners:-} ]]; then + flatcar_hacked_fowners=$(command -v fowners) +fi fowners() { if [[ ${#} -gt 0 && ( ${1} = named:* || ${1} = *:named ) ]]; then return 0 fi - "${fowners_script}" "${@}" + "${flatcar_hacked_fowners}" "${@}" } # The pkg_postinst phase function wants to generate an rndc.key file diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-misc/ntp b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-misc/ntp index da0f2cd580..bc72eb5c0a 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-misc/ntp +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-misc/ntp @@ -1,9 +1,15 @@ +ntp_install_mask='' # Do not install ntpdate or sntp systemd files in /etc. -INSTALL_MASK+=" /etc/systemd" +ntp_install_mask+=" /etc/systemd" # Do not install the default ntp.conf, we provide our own in # coreos-base/misc-files. -INSTALL_MASK+=" /etc/ntp.conf" +ntp_install_mask+=" /etc/ntp.conf" # Do not install perl scripts to /usr/bin. -INSTALL_MASK+=" /usr/bin/calc_tickadj /usr/bin/ntp-wait /usr/bin/ntptrace /usr/bin/update-leap" +ntp_install_mask+=" /usr/bin/calc_tickadj /usr/bin/ntp-wait /usr/bin/ntptrace /usr/bin/update-leap" # Do not install perl package to /usr/share/ntp. -INSTALL_MASK+=" /usr/share/ntp" +ntp_install_mask+=" /usr/share/ntp" + +ntp_install_mask+=' ' +INSTALL_MASK+=${ntp_install_mask} +PKG_INSTALL_MASK+=${ntp_install_mask} +unset ntp_install_mask diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-misc/openssh b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-misc/openssh index 879f94faee..a1993ce7b4 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-misc/openssh +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-misc/openssh @@ -3,8 +3,8 @@ # Do not install the config snippet that defines a subsystem. We have # our own definition in coreos-init. if [[ $(cros_target) != "cros_host" ]] ; then - openssh_mask="/usr/lib*/misc/ssh-keysign /etc/ssh/sshd_config.d/*gentoo-subsystem.conf" - PKG_INSTALL_MASK+=" ${openssh_mask}" - INSTALL_MASK+=" ${openssh_mask}" + openssh_mask=" /usr/lib*/misc/ssh-keysign /etc/ssh/sshd_config.d/*gentoo-subsystem.conf " + PKG_INSTALL_MASK+="${openssh_mask}" + INSTALL_MASK+="${openssh_mask}" unset openssh_mask fi diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/lsb-release b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/lsb-release index 0e5a9c7ded..3f4831cb45 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/lsb-release +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/lsb-release @@ -1 +1,4 @@ -INSTALL_MASK+=" /etc/lsb-release" +lsb_release_install_mask=" /etc/lsb-release " +INSTALL_MASK+="${lsb_release_install_mask}" +PKG_INSTALL_MASK+="${lsb_release_install_mask}" +unset lsb_release_install_mask diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/policycoreutils b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/policycoreutils new file mode 100644 index 0000000000..756358188e --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/policycoreutils @@ -0,0 +1,16 @@ +# sys-apps/policycoreutils creates /var/lib/selinux directory in +# src_install and then needs it to be available when running +# pkg_postinst, because it does a policy module rebuild there. We +# initially have put /var/lib/selinux into INSTALL_MASK and told +# coreos-base/misc-files to install the directory at +# /usr/lib/selinux/policy together with a symlink at /var/lib/selinux +# pointing to the directory. But this is done too late - at +# sys-apps/policycoreutils' pkg_postinst time, /var/lib/selinux does +# not exist, because coreos-base/misc-files was not yet emerged. So we +# need to fall back to this hack, where we set up /var/lib/selinux and +# /usr/lib/selinux/policy the way we want. +cros_post_src_install_set_up_var_lib_selinux() { + dodir /usr/lib/selinux + mv "${ED}/var/lib/selinux" "${ED}/usr/lib/selinux/policy" + dosym -r /usr/lib/selinux/policy /var/lib/selinux +} diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-boot/grub b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-boot/grub index 75bb8c8252..932b56a943 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-boot/grub +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-boot/grub @@ -50,5 +50,7 @@ cros_post_src_install_sbat() { # Flatcar does not use grub-install or grub-mkconfig. All the files under /etc # relate to grub-mkconfig. -INSTALL_MASK+=" ${EPREFIX}/etc/ *grub-install* *mkconfig*" -PKG_INSTALL_MASK+=" ${EPREFIX}/etc/ *grub-install* *mkconfig*" +grub_install_mask=" ${EPREFIX}/etc/ *grub-install* *mkconfig* " +INSTALL_MASK+="${grub_install_mask}" +PKG_INSTALL_MASK+="${grub_install_mask}" +unset grub_install_mask diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-libs/glibc b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-libs/glibc index 75cc098bff..87a9626ef9 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-libs/glibc +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-libs/glibc @@ -1,7 +1,9 @@ # A terrible hack to actually strip our binaries. We want to make # "dostrip -x /" a no-op, otherwise pass everything to the original # dostrip. -eval "$(echo 'flatcar_hacked_dostrip()'; declare -pf dostrip | tail -n + 2)" +if ! declare -pf flatcar_hacked_dostrip >/dev/null 2>&1; then + eval "$(echo 'flatcar_hacked_dostrip()'; declare -pf dostrip | tail -n +2)" +fi dostrip() { if [[ ${#} = 2 && ${1} = '-x' && ${2} = '/' ]]; then return diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-process/audit b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-process/audit index 4f8e6e6f41..52fc0e0aad 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-process/audit +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-process/audit @@ -1,11 +1,7 @@ # Do not install Gentoo-provided audit rules, we will install our own # in coreos-base/misc-files. Also skip installing legacy initscripts # stuff in /usr/libexec. -INSTALL_MASK+=" -/etc/audit/audit.rules* -/usr/libexec -" -PKG_INSTALL_MASK+=" -/etc/audit/audit.rules* -/usr/libexec -" +audit_install_mask=" /etc/audit/audit.rules* /usr/libexec " +INSTALL_MASK+="${audit_install_mask}" +PKG_INSTALL_MASK+="${audit_install_mask}" +unset audit_install_mask diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/profile.bashrc b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/profile.bashrc index 06def4ad28..0471f8e6ec 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/profile.bashrc +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/profile.bashrc @@ -87,26 +87,6 @@ cros_pre_pkg_postinst_no_modifications_of_users() { export ACCT_USER_NO_MODIFY=x } -# sys-apps/policycoreutils creates /var/lib/selinux directory in -# src_install and then needs it to be available when running -# pkg_postinst, because it does a policy module rebuild there. We -# initially have put /var/lib/selinux into INSTALL_MASK and told -# coreos-base/misc-files to install the directory at -# /usr/lib/selinux/policy together with a symlink at /var/lib/selinux -# pointing to the directory. But this is done too late - at -# sys-apps/policycoreutils' pkg_postinst time, /var/lib/selinux does -# not exist, because coreos-base/misc-files was not yet emerged. So we -# need to fall back to this hack, where we set up /var/lib/selinux and -# /usr/lib/selinux/policy the way we want. -cros_post_src_install_set_up_var_lib_selinux() { - if [[ ${CATEGORY} != 'sys-apps' ]] || [[ ${PN} != 'policycoreutils' ]]; then - return 0; - fi - dodir /usr/lib/selinux - mv "${ED}/var/lib/selinux" "${ED}/usr/lib/selinux/policy" - dosym ../../usr/lib/selinux/policy /var/lib/selinux -} - # Source hooks for SLSA build provenance report generation source "${BASH_SOURCE[0]}.slsa-provenance"