From 23e9e04eeba0b55b07a416d1dc25a64a14c300a8 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 9 Mar 2022 19:10:52 +0100 Subject: [PATCH 01/10] profiles: Drop dev-libs/elfutils from accept_keywords The updated package is stable for both amd64 and arm64. --- .../coreos-overlay/profiles/coreos/base/package.accept_keywords | 2 -- 1 file changed, 2 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords index f44ac0e882..2e1f0de9ad 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords @@ -12,8 +12,6 @@ =dev-lang/rust-1.59.0 ~amd64 ~arm64 =virtual/rust-1.59.0 ~amd64 ~arm64 -=dev-libs/elfutils-0.178 ~amd64 - =dev-libs/libgcrypt-1.9.4 ~amd64 ~arm64 # needed for arm64 sdk From 8b22921049ad13585aad9310efb1048c5c1a3a50 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 9 Mar 2022 19:27:14 +0100 Subject: [PATCH 02/10] profiles: Drop net-libs/libnetfilter_queue from accept_keywords The updated package is stable for both amd64 and arm64. --- .../coreos-overlay/profiles/coreos/arm64/package.accept_keywords | 1 - 1 file changed, 1 deletion(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords index 0e4dbbdce2..3da7c600f6 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords @@ -23,7 +23,6 @@ =net-libs/libnetfilter_conntrack-1.0.8 ~arm64 =net-libs/libnetfilter_cthelper-1.0.0-r1 ~arm64 =net-libs/libnetfilter_cttimeout-1.0.0-r1 ~arm64 -=net-libs/libnetfilter_queue-1.0.3 ~arm64 =net-misc/curl-7.79.1 ~arm64 =perl-core/File-Path-2.130.0 ~arm64 From 770e86a737fd11482f2be5419b645c1e3284cd36 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 9 Mar 2022 19:29:05 +0100 Subject: [PATCH 03/10] profiles: Update accept_keywords for net-firewall/conntrack-tools --- .../profiles/coreos/arm64/package.accept_keywords | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords index 3da7c600f6..a3d4b1dbb7 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords @@ -19,7 +19,7 @@ =dev-util/checkbashisms-2.21.4 ~arm64 =net-dns/c-ares-1.17.2 ~arm64 -=net-firewall/conntrack-tools-1.4.5 ~arm64 +=net-firewall/conntrack-tools-1.4.6-r1 ~arm64 =net-libs/libnetfilter_conntrack-1.0.8 ~arm64 =net-libs/libnetfilter_cthelper-1.0.0-r1 ~arm64 =net-libs/libnetfilter_cttimeout-1.0.0-r1 ~arm64 From 86cb48994383b38bf701cb28c879f0164bc345cc Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 9 Mar 2022 19:45:27 +0100 Subject: [PATCH 04/10] profiles: Drop outdated use flag for net-analyzer/tcpdump --- .../coreos-overlay/profiles/coreos/targets/generic/package.use | 1 - 1 file changed, 1 deletion(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use index a1c5d30f17..c1840be9da 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use @@ -8,7 +8,6 @@ dev-libs/dbus-glib tools dev-libs/elfutils -utils dev-libs/openssl pkcs11 dev-util/perf -doc -demangle -tui -ncurses -perl -python -net-analyzer/tcpdump -chroot net-misc/dhcp -server net-misc/ntp caps sys-apps/smartmontools -daemon -update-drivedb -systemd From fb869eb7a3534a2089d61a7b68230f079099afab Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 9 Mar 2022 19:52:41 +0100 Subject: [PATCH 05/10] profiles: Drop sys-fs/multipath-tools from accept_keywords The updated package is stable for both amd64 and arm64. --- .../coreos-overlay/profiles/coreos/base/package.accept_keywords | 2 -- 1 file changed, 2 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords index 2e1f0de9ad..aa2080d117 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords @@ -33,8 +33,6 @@ =sys-fs/cryptsetup-2.4.1-r1 ~amd64 ~arm64 -=sys-fs/multipath-tools-0.8.5 ~amd64 ~arm64 - =sys-libs/libseccomp-2.5.0 ~amd64 ~arm64 # We need 2.3.2, but it still marked as unstable on arm64. Can't From 84673e50f09283ba9c09b81f568b3e9e4960ceb3 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 9 Mar 2022 19:56:45 +0100 Subject: [PATCH 06/10] profiles: Drop outdated use flag for net-dns/bind-tools --- .../coreos-overlay/profiles/coreos/targets/generic/package.use | 3 --- 1 file changed, 3 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use index c1840be9da..5fb4a7c3d1 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use @@ -31,8 +31,5 @@ app-shells/bash -net vanilla # needed by docker sys-libs/libseccomp static-libs -# bind-tools' configure script breaks when cross-compiling with seccomp enabled -net-dns/bind-tools -seccomp - # Gentoo's new hardened profile disables PIC, but open-vm-tools needs it app-emulation/open-vm-tools pic From edcdfb51ea70ade9dc3d0ffafc5a118ca0d74ee5 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 9 Mar 2022 20:06:09 +0100 Subject: [PATCH 07/10] profiles: Drop net-libs/libnetfilter_conntrack from accept_keywords The updated package is stable for both amd64 and arm64. --- .../coreos-overlay/profiles/coreos/arm64/package.accept_keywords | 1 - 1 file changed, 1 deletion(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords index a3d4b1dbb7..94159aa528 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords @@ -20,7 +20,6 @@ =net-dns/c-ares-1.17.2 ~arm64 =net-firewall/conntrack-tools-1.4.6-r1 ~arm64 -=net-libs/libnetfilter_conntrack-1.0.8 ~arm64 =net-libs/libnetfilter_cthelper-1.0.0-r1 ~arm64 =net-libs/libnetfilter_cttimeout-1.0.0-r1 ~arm64 =net-misc/curl-7.79.1 ~arm64 From bc7bfe7d019b07ae8662efc76216388efa5660da Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Tue, 29 Mar 2022 16:58:50 +0200 Subject: [PATCH 08/10] profiles: Disable pcre16 in dev-libs/libpcre2 It became enabled by default after an update, so revert that change in our profiles. It was enabled upstream, because it was needed by dev-qt/qtcore, which we don't have. --- .../coreos-overlay/profiles/coreos/base/package.use | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use index 8dee36e40f..dcd6cfc3e7 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use @@ -150,3 +150,7 @@ sys-apps/util-linux -su # Enable kerberos support for NFS net-fs/nfs-utils kerberos nfsv41 nfsv4 junction ldap libmount nfsdcld uuid net-libs/libtirpc kerberos + +# Disable enabled-by-default support for 16-bit characters, we didn't +# need it before, so we don't need it now. +dev-libs/libpcre2 -pcre16 From 9eba5de9ae5a2df7e9160603d7c32feab9bc6015 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Tue, 29 Mar 2022 17:39:29 +0200 Subject: [PATCH 09/10] profiles: Disable smi, ssl and samba in net-analyzer/tcpdump They became enabled by default after an update. We didn't need them before, we don't need them now. Also, enabling smi pulls in net-libs/libsmi that does not have a keyword for arm64 even. --- .../coreos-overlay/profiles/coreos/base/package.use | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use index dcd6cfc3e7..6bceb01650 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use @@ -154,3 +154,8 @@ net-libs/libtirpc kerberos # Disable enabled-by-default support for 16-bit characters, we didn't # need it before, so we don't need it now. dev-libs/libpcre2 -pcre16 + +# Disable extra stuff for tcpdump, there was no explanation why it was +# enabled by upstream. Samba was enabled to make some tests pass. But +# smi and ssl, no clue. +net-analyzer/tcpdump -ssl -smi -samba From 2d6ebc7478b1558c3dbdf80a237de9b9641df36d Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Thu, 31 Mar 2022 15:51:15 +0200 Subject: [PATCH 10/10] coreos/config: Workaround flaky checks in net-dns/bind-tools The reasoning is written in the config file. But at the same time drop the outdated stuff - there is no such flag like --without-ecdsa any more. --- .../coreos/config/env/net-dns/bind-tools | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-dns/bind-tools b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-dns/bind-tools index 4f1c422d57..73ec86627f 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-dns/bind-tools +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-dns/bind-tools @@ -1,2 +1,10 @@ -# Work around failing OpenSSL feature detection. -EXTRA_ECONF="--without-ecdsa" +# Work around lame function attribute checks when cross-compiling. +# Linker emits a bunch of irrelevant warnings and that trips configure +# script up into thinking that those attributes are not +# supported. Upstream bind-tools already fixed that by being smarter +# and grepping for -Wattributes instead, but we are not yet packaging +# it. We also know that constructor and destructor attributes are +# supported - they are available since at least gcc 3.4. + +EXTRA_ECONF+=" ax_cv_have_func_attribute_constructor=yes" +EXTRA_ECONF+=" ax_cv_have_func_attribute_destructor=yes"