From 584693874bd28d06fb7b05ea32b688844ce5accf Mon Sep 17 00:00:00 2001
From: Kai Lueke <kailuke@microsoft.com>
Date: Wed, 16 Feb 2022 14:44:32 +0100
Subject: [PATCH] Replace systemd patch by a drop-in file

This pulls in
https://github.com/flatcar-linux/init/pull/61
and
https://github.com/flatcar-linux/baselayout/pull/22
to use a drop-in file instead of the systemd patch.
---
 .../2022-02-16-networkd-foreign-routes.md     |  1 +
 .../coreos-init/coreos-init-9999.ebuild       |  2 +-
 .../baselayout/baselayout-9999.ebuild         |  2 +-
 ...-managing-of-foreign-routes-rules-by.patch | 64 -------------------
 .../sys-apps/systemd/systemd-250.3.ebuild     |  1 -
 5 files changed, 3 insertions(+), 67 deletions(-)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-02-16-networkd-foreign-routes.md
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0008-networkd-disable-managing-of-foreign-routes-rules-by.patch

diff --git a/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-02-16-networkd-foreign-routes.md b/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-02-16-networkd-foreign-routes.md
new file mode 100644
index 0000000000..8d17efc203
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-02-16-networkd-foreign-routes.md
@@ -0,0 +1 @@
+- The systemd-networkd `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` settings are now disabled through a drop-in file and thus can only be enabled again by a drop-in file under `/etc/systemd/networkd.conf.d/` because drop-in files take precedence over `/etc/systemd/networkd.conf` ([PR#61](https://github.com/flatcar-linux/init/pull/61))
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild
index ac2717050d..e7de4bf2ea 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild
@@ -10,7 +10,7 @@ CROS_WORKON_REPO="https://github.com"
 if [[ "${PV}" == 9999 ]]; then
 	KEYWORDS="~amd64 ~arm ~arm64 ~x86"
 else
-	CROS_WORKON_COMMIT="d9738cf5281d5bd9849d01e1f5f8f9391d82d13d" # flatcar-master
+	CROS_WORKON_COMMIT="f980a88ab9ff96552df0d6a484f10f93574c5c0b" # flatcar-master
 	KEYWORDS="amd64 arm arm64 x86"
 fi
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild
index a2d31c2cfd..aa07751376 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild
@@ -9,7 +9,7 @@ CROS_WORKON_REPO="https://github.com"
 if [[ "${PV}" == 9999 ]]; then
 	KEYWORDS="~amd64 ~arm ~arm64 ~x86"
 else
-	CROS_WORKON_COMMIT="c0871373412a3efb3c94b03825b64025f4f0c0fc" # flatcar-master
+	CROS_WORKON_COMMIT="ed371d9e166b86fdf181d38b273f43834e82350b" # flatcar-master
 	KEYWORDS="amd64 arm arm64 x86"
 fi
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0008-networkd-disable-managing-of-foreign-routes-rules-by.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0008-networkd-disable-managing-of-foreign-routes-rules-by.patch
deleted file mode 100644
index a1f9295f38..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0008-networkd-disable-managing-of-foreign-routes-rules-by.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From c8d3f9b0f4964115c518eb009b17f026ad356ade Mon Sep 17 00:00:00 2001
-From: Kai Lueke <kailuke@microsoft.com>
-Date: Mon, 7 Feb 2022 17:39:23 +0100
-Subject: [PATCH 8/8] networkd: disable managing of foreign routes/rules by
- default
-
-While systemd-networkd follows the principle of a declarative network
-configuration and thus needs a way to ensure that unwanted routes or
-routing policy rules get discarded, the interfacing with procedural
-network management from CNIs like Cilium is limited, so that when the
-interface is set to "unmanaged" through a networkd unit, any routing
-policies there would also be ignored and discarded unless they would
-be defined for a new unit for a dummy network interface. This means
-the only option left is to disable the discarding of foreign rules
-globally.
-
-Change the default for ManageForeignRoutes and
-ManageForeignRoutingPolicyRules to "no" to ensure that we don't
-interfere with the network management of the CNIs. Users that rely on
-the setting can still enable it again. The default networkd config
-mentions the setting with a default value but since the networkd
-config resides on "/etc" it isn't auto updated on Flatcar and users
-may still see a wrong default value annotated there.
-
-https://github.com/cilium/cilium/issues/18706
-https://github.com/flatcar-linux/Flatcar/issues/620
----
- src/network/networkd-manager.c | 4 ++--
- src/network/networkd.conf      | 4 ++--
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c
-index 7e89366ae8..714ee5c226 100644
---- a/src/network/networkd-manager.c
-+++ b/src/network/networkd-manager.c
-@@ -471,8 +471,8 @@ int manager_new(Manager **ret, bool test_mode) {
-                 .test_mode = test_mode,
-                 .speed_meter_interval_usec = SPEED_METER_DEFAULT_TIME_INTERVAL,
-                 .online_state = _LINK_ONLINE_STATE_INVALID,
--                .manage_foreign_routes = true,
--                .manage_foreign_rules = true,
-+                .manage_foreign_routes = false,
-+                .manage_foreign_rules = false,
-                 .ethtool_fd = -1,
-                 .dhcp_duid.type = DUID_TYPE_EN,
-                 .dhcp6_duid.type = DUID_TYPE_EN,
-diff --git a/src/network/networkd.conf b/src/network/networkd.conf
-index 38dc9f1f79..57c661d600 100644
---- a/src/network/networkd.conf
-+++ b/src/network/networkd.conf
-@@ -15,8 +15,8 @@
- [Network]
- #SpeedMeter=no
- #SpeedMeterIntervalSec=10sec
--#ManageForeignRoutingPolicyRules=yes
--#ManageForeignRoutes=yes
-+#ManageForeignRoutingPolicyRules=no
-+#ManageForeignRoutes=no
- #RouteTable=
- 
- [DHCPv4]
--- 
-2.35.1
-
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.3.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.3.ebuild
index 72d45b2eab..7b89a3d0a8 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.3.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.3.ebuild
@@ -249,7 +249,6 @@ src_prepare() {
 		"${FILESDIR}/0005-systemd-Disable-SELinux-permissions-checks.patch"
 		"${FILESDIR}/0006-core-handle-lookup-paths-being-symlinks.patch"
 		"${FILESDIR}/0007-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch"
-		"${FILESDIR}/0008-networkd-disable-managing-of-foreign-routes-rules-by.patch"
 	)
 
 	if ! use vanilla; then