From 4b0259d32bb654a888684e5cab017d16eece0729 Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Tue, 13 Jun 2023 08:21:47 +0200 Subject: [PATCH 1/8] .github: Sort the packages list --- .github/workflows/portage-stable-packages-list | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/portage-stable-packages-list b/.github/workflows/portage-stable-packages-list index 1d91233a09..b9ab1eb8c1 100644 --- a/.github/workflows/portage-stable-packages-list +++ b/.github/workflows/portage-stable-packages-list @@ -274,8 +274,8 @@ eclass/out-of-source-utils.eclass eclass/pam.eclass eclass/pax-utils.eclass eclass/perl-functions.eclass -eclass/portability.eclass eclass/plocale.eclass +eclass/portability.eclass eclass/prefix.eclass eclass/preserve-libs.eclass eclass/pypi.eclass @@ -417,11 +417,11 @@ sys-firmware/ipxe sys-firmware/seabios-bin sys-firmware/sgabios -sys-kernel/linux-headers - sys-fs/e2fsprogs sys-fs/multipath-tools +sys-kernel/linux-headers + sys-libs/binutils-libs sys-libs/libcap sys-libs/libcap-ng From 0a50e5a87bceeffe4bf312f09b1deb949edfc723 Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Tue, 13 Jun 2023 08:24:36 +0200 Subject: [PATCH 2/8] changelog: Put security changelog in a proper place --- .../security/2023-06-02-sudo-1.9.13p3.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename 2023-06-02-sudo-1.9.13p3.md => changelog/security/2023-06-02-sudo-1.9.13p3.md (100%) diff --git a/2023-06-02-sudo-1.9.13p3.md b/changelog/security/2023-06-02-sudo-1.9.13p3.md similarity index 100% rename from 2023-06-02-sudo-1.9.13p3.md rename to changelog/security/2023-06-02-sudo-1.9.13p3.md From 2bba99aad5c007146701ee54e37ef2229c4d096a Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Tue, 13 Jun 2023 08:32:48 +0200 Subject: [PATCH 3/8] overlay profiles: Sort entries in accept keywords files --- .../coreos/arm64/package.accept_keywords | 10 ++++----- .../coreos/base/package.accept_keywords | 21 +++++++++++-------- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords index d674bfb879..1d572ea428 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords @@ -2,8 +2,8 @@ # Keep these in alphabetical order. # needed by arm64-native SDK -=app-emulation/open-vmdk-1.0 * =app-crypt/rhash-1.4.2 ~arm64 +=app-emulation/open-vmdk-1.0 * =dev-embedded/u-boot-tools-2021.04_rc2 ~arm64 @@ -12,6 +12,9 @@ =dev-lang/yasm-1.3.0-r1 ~arm64 +# Overwrite portage-stable mask - enable ding-libs for ARM64 +=dev-libs/ding-libs-0.6.1-r1 ~arm64 + =net-dns/c-ares-1.17.2 ~arm64 =net-firewall/conntrack-tools-1.4.6-r1 ~arm64 @@ -24,8 +27,8 @@ =sec-policy/selinux-virt-2.20200818-r2 ~arm64 =sys-apps/checkpolicy-3.1 ~arm64 -=sys-apps/policycoreutils-3.1-r3 ~arm64 =sys-apps/kexec-tools-2.0.24 ~arm64 +=sys-apps/policycoreutils-3.1-r3 ~arm64 =sys-apps/semodule-utils-3.1 ~arm64 @@ -36,6 +39,3 @@ =sys-libs/libselinux-3.1-r2 ~arm64 =sys-libs/libsemanage-3.1-r1 ~arm64 =sys-libs/libsepol-3.1 ~arm64 - -# Overwrite portage-stable mask - enable ding-libs for ARM64 -=dev-libs/ding-libs-0.6.1-r1 ~arm64 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords index 4d86200e84..07d0210557 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords @@ -2,6 +2,8 @@ # Copyright (c) 2013 The CoreOS Authors. All rights reserved. # Distributed under the terms of the GNU General Public License v2 +=app-crypt/adcli-0.9.2 ~amd64 ~arm64 + # Required for addressing CVE-2022-3715. =app-shells/bash-5.2_p15-r2 ~amd64 ~arm64 @@ -9,7 +11,6 @@ # Accept unstable host Rust compilers =dev-lang/rust-1.69.0 ~amd64 ~arm64 -=virtual/rust-1.69.0 ~amd64 ~arm64 # Keep versions on both arches in sync. =dev-libs/libbsd-0.11.7-r2 ~arm64 @@ -24,25 +25,27 @@ # Required for addressing CVE-2023-28319, CVE-2023-28320, CVE-2023-28321 and CVE-2023-28322 =net-misc/curl-8.1.0 ~amd64 ~arm64 -=sys-fs/cryptsetup-2.4.1-r1 ~amd64 ~arm64 +=sys-apps/nvme-cli-2.4-r2 ~amd64 ~arm64 -# To keep the same version on both arches -=sys-fs/multipath-tools-0.9.4-r1 ~amd64 +=sys-fs/cryptsetup-2.4.1-r1 ~amd64 ~arm64 # FIPS support is still being tested =sys-fs/cryptsetup-2.4.3-r1 ~amd64 ~arm64 +# To keep the same version on both arches +=sys-fs/multipath-tools-0.9.4-r1 ~amd64 + # Needed to address CVE-2023-2602 and CVE-2023-2603 =sys-libs/libcap-2.69 ~amd64 ~arm64 -=sys-power/acpid-2.0.33 ~amd64 ~arm64 +# Overwrite portage-stable mask - use latest liburing -r2 for ARM64 and AMD64 +=sys-libs/liburing-2.1-r2 ~amd64 ~arm64 # A dependency of app-shells/bash version that we need for security # fixes. =sys-libs/readline-8.2_p1 ~amd64 ~arm64 -# Overwrite portage-stable mask - use latest liburing -r2 for ARM64 and AMD64 -=sys-libs/liburing-2.1-r2 ~amd64 ~arm64 +=sys-power/acpid-2.0.33 ~amd64 ~arm64 -=app-crypt/adcli-0.9.2 ~amd64 ~arm64 -=sys-apps/nvme-cli-2.4-r2 ~amd64 ~arm64 +# Accept unstable host Rust compilers +=virtual/rust-1.69.0 ~amd64 ~arm64 From 0f517b2d1a8d47e552963bbf82e7eeef84846d11 Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Tue, 13 Jun 2023 09:22:34 +0200 Subject: [PATCH 4/8] overlay profiles: Add comments for accept keywords --- .../coreos/arm64/package.accept_keywords | 16 ++++++-------- .../coreos/base/package.accept_keywords | 21 +++++++++++-------- .../targets/sdk/package.accept_keywords | 1 + 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords index 1d572ea428..5a355c1301 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords @@ -1,40 +1,36 @@ # arm64 keywords # Keep these in alphabetical order. -# needed by arm64-native SDK +# Needed by arm64-native SDK. =app-crypt/rhash-1.4.2 ~arm64 =app-emulation/open-vmdk-1.0 * - =dev-embedded/u-boot-tools-2021.04_rc2 ~arm64 - -# needed by arm64-native SDK =dev-lang/nasm-2.15.05 ~arm64 - =dev-lang/yasm-1.3.0-r1 ~arm64 -# Overwrite portage-stable mask - enable ding-libs for ARM64 +# Overwrite portage-stable mask - enable ding-libs for ARM64. =dev-libs/ding-libs-0.6.1-r1 ~arm64 +# Should be gone. =net-dns/c-ares-1.17.2 ~arm64 +# Keep version the same on both arches. =net-firewall/conntrack-tools-1.4.6-r1 ~arm64 =net-libs/libnetfilter_cthelper-1.0.0-r1 ~arm64 =net-libs/libnetfilter_cttimeout-1.0.0-r1 ~arm64 - =sec-policy/selinux-base-2.20200818-r2 ~arm64 =sec-policy/selinux-base-policy-2.20200818-r2 ~arm64 =sec-policy/selinux-unconfined-2.20200818-r2 ~arm64 =sec-policy/selinux-virt-2.20200818-r2 ~arm64 =sys-apps/checkpolicy-3.1 ~arm64 - =sys-apps/kexec-tools-2.0.24 ~arm64 =sys-apps/policycoreutils-3.1-r3 ~arm64 - =sys-apps/semodule-utils-3.1 ~arm64 -# needed to force enable ipvsadm for arm64 +# Needed to force enable ipvsadm for arm64. =sys-cluster/ipvsadm-1.27-r1 ** +# Keep version the same on both arches. =sys-firmware/edk2-aarch64-18.02 ** =sys-libs/libselinux-3.1-r2 ~arm64 =sys-libs/libsemanage-3.1-r1 ~arm64 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords index 07d0210557..cf0d7acfe8 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords @@ -2,50 +2,53 @@ # Copyright (c) 2013 The CoreOS Authors. All rights reserved. # Distributed under the terms of the GNU General Public License v2 +# Seems to be the only available ebuild in portage-stable right now. =app-crypt/adcli-0.9.2 ~amd64 ~arm64 # Required for addressing CVE-2022-3715. =app-shells/bash-5.2_p15-r2 ~amd64 ~arm64 +# No keyword for arm64 yet. =coreos-devel/fero-client-0.1.1 ** -# Accept unstable host Rust compilers +# Accept unstable host Rust compilers. =dev-lang/rust-1.69.0 ~amd64 ~arm64 # Keep versions on both arches in sync. =dev-libs/libbsd-0.11.7-r2 ~arm64 =dev-libs/libgcrypt-1.10.1-r3 ~arm64 -# To keep the same version on both arches +# To keep the same version on both arches. =dev-util/bpftool-6.2.1 ~arm64 # Required for addressing CVE-2023-0361. =net-libs/gnutls-3.8.0 ~amd64 ~arm64 -# Required for addressing CVE-2023-28319, CVE-2023-28320, CVE-2023-28321 and CVE-2023-28322 +# Required for addressing CVE-2023-28319, CVE-2023-28320, CVE-2023-28321 and CVE-2023-28322. =net-misc/curl-8.1.0 ~amd64 ~arm64 +# These should be gone. =sys-apps/nvme-cli-2.4-r2 ~amd64 ~arm64 - =sys-fs/cryptsetup-2.4.1-r1 ~amd64 ~arm64 -# FIPS support is still being tested +# FIPS support is still being tested. =sys-fs/cryptsetup-2.4.3-r1 ~amd64 ~arm64 -# To keep the same version on both arches +# To keep the same version on both arches. =sys-fs/multipath-tools-0.9.4-r1 ~amd64 -# Needed to address CVE-2023-2602 and CVE-2023-2603 +# Needed to address CVE-2023-2602 and CVE-2023-2603. =sys-libs/libcap-2.69 ~amd64 ~arm64 -# Overwrite portage-stable mask - use latest liburing -r2 for ARM64 and AMD64 +# Overwrite portage-stable mask - use latest liburing -r2 for ARM64 and AMD64. =sys-libs/liburing-2.1-r2 ~amd64 ~arm64 # A dependency of app-shells/bash version that we need for security # fixes. =sys-libs/readline-8.2_p1 ~amd64 ~arm64 +# ? =sys-power/acpid-2.0.33 ~amd64 ~arm64 -# Accept unstable host Rust compilers +# Accept unstable host Rust compilers. =virtual/rust-1.69.0 ~amd64 ~arm64 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.accept_keywords index 40aeb5865c..338f281b4a 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.accept_keywords @@ -1 +1,2 @@ +# Needed by arm64-native SDK. =app-crypt/efitools-1.9.2 ~arm64 From 57f010950372807408399f6c49ee4317fbc2a041 Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Tue, 13 Jun 2023 09:50:11 +0200 Subject: [PATCH 5/8] overlay profiles: Drop obsolete accept keywords --- .../profiles/coreos/arm64/package.accept_keywords | 3 --- .../profiles/coreos/base/package.accept_keywords | 8 -------- 2 files changed, 11 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords index 5a355c1301..8c12f2bf2a 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords @@ -11,9 +11,6 @@ # Overwrite portage-stable mask - enable ding-libs for ARM64. =dev-libs/ding-libs-0.6.1-r1 ~arm64 -# Should be gone. -=net-dns/c-ares-1.17.2 ~arm64 - # Keep version the same on both arches. =net-firewall/conntrack-tools-1.4.6-r1 ~arm64 =net-libs/libnetfilter_cthelper-1.0.0-r1 ~arm64 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords index cf0d7acfe8..1e743a0f05 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords @@ -15,7 +15,6 @@ =dev-lang/rust-1.69.0 ~amd64 ~arm64 # Keep versions on both arches in sync. -=dev-libs/libbsd-0.11.7-r2 ~arm64 =dev-libs/libgcrypt-1.10.1-r3 ~arm64 # To keep the same version on both arches. @@ -27,10 +26,6 @@ # Required for addressing CVE-2023-28319, CVE-2023-28320, CVE-2023-28321 and CVE-2023-28322. =net-misc/curl-8.1.0 ~amd64 ~arm64 -# These should be gone. -=sys-apps/nvme-cli-2.4-r2 ~amd64 ~arm64 -=sys-fs/cryptsetup-2.4.1-r1 ~amd64 ~arm64 - # FIPS support is still being tested. =sys-fs/cryptsetup-2.4.3-r1 ~amd64 ~arm64 @@ -40,9 +35,6 @@ # Needed to address CVE-2023-2602 and CVE-2023-2603. =sys-libs/libcap-2.69 ~amd64 ~arm64 -# Overwrite portage-stable mask - use latest liburing -r2 for ARM64 and AMD64. -=sys-libs/liburing-2.1-r2 ~amd64 ~arm64 - # A dependency of app-shells/bash version that we need for security # fixes. =sys-libs/readline-8.2_p1 ~amd64 ~arm64 From b0c367067873ae7697b2c8c2370c76be23d7a865 Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Tue, 13 Jun 2023 09:59:25 +0200 Subject: [PATCH 6/8] overlay profiles: Merge accept keywords files into one The reason for keeping accept keywords in one place is two-fold: - Easier for the future automation to update it. - Stating the fact that we want to have the same version of a package to be used, regardless of the built target. If some package will be added to yet another target, we will know, that the version used will be the same as in other targets. --- .../coreos/arm64/package.accept_keywords | 34 ------------- .../coreos/base/package.accept_keywords | 49 +++++++++++++++++-- .../targets/sdk/package.accept_keywords | 2 - 3 files changed, 45 insertions(+), 40 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords delete mode 100644 sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.accept_keywords diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords deleted file mode 100644 index 8c12f2bf2a..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords +++ /dev/null @@ -1,34 +0,0 @@ -# arm64 keywords -# Keep these in alphabetical order. - -# Needed by arm64-native SDK. -=app-crypt/rhash-1.4.2 ~arm64 -=app-emulation/open-vmdk-1.0 * -=dev-embedded/u-boot-tools-2021.04_rc2 ~arm64 -=dev-lang/nasm-2.15.05 ~arm64 -=dev-lang/yasm-1.3.0-r1 ~arm64 - -# Overwrite portage-stable mask - enable ding-libs for ARM64. -=dev-libs/ding-libs-0.6.1-r1 ~arm64 - -# Keep version the same on both arches. -=net-firewall/conntrack-tools-1.4.6-r1 ~arm64 -=net-libs/libnetfilter_cthelper-1.0.0-r1 ~arm64 -=net-libs/libnetfilter_cttimeout-1.0.0-r1 ~arm64 -=sec-policy/selinux-base-2.20200818-r2 ~arm64 -=sec-policy/selinux-base-policy-2.20200818-r2 ~arm64 -=sec-policy/selinux-unconfined-2.20200818-r2 ~arm64 -=sec-policy/selinux-virt-2.20200818-r2 ~arm64 -=sys-apps/checkpolicy-3.1 ~arm64 -=sys-apps/kexec-tools-2.0.24 ~arm64 -=sys-apps/policycoreutils-3.1-r3 ~arm64 -=sys-apps/semodule-utils-3.1 ~arm64 - -# Needed to force enable ipvsadm for arm64. -=sys-cluster/ipvsadm-1.27-r1 ** - -# Keep version the same on both arches. -=sys-firmware/edk2-aarch64-18.02 ** -=sys-libs/libselinux-3.1-r2 ~arm64 -=sys-libs/libsemanage-3.1-r1 ~arm64 -=sys-libs/libsepol-3.1 ~arm64 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords index 1e743a0f05..ec10ee586c 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords @@ -1,40 +1,81 @@ # Copyright (c) 2009 The Chromium OS Authors. All rights reserved. # Copyright (c) 2013 The CoreOS Authors. All rights reserved. # Distributed under the terms of the GNU General Public License v2 +# +# Keywords for all packages used by Flatcar. # Seems to be the only available ebuild in portage-stable right now. =app-crypt/adcli-0.9.2 ~amd64 ~arm64 +# Needed by arm64-native SDK. +=app-crypt/efitools-1.9.2 ~arm64 +=app-crypt/rhash-1.4.2 ~arm64 +=app-emulation/open-vmdk-1.0 * + # Required for addressing CVE-2022-3715. =app-shells/bash-5.2_p15-r2 ~amd64 ~arm64 # No keyword for arm64 yet. =coreos-devel/fero-client-0.1.1 ** +# Needed by arm64-native SDK. +=dev-embedded/u-boot-tools-2021.04_rc2 ~arm64 +=dev-lang/nasm-2.15.05 ~arm64 + # Accept unstable host Rust compilers. =dev-lang/rust-1.69.0 ~amd64 ~arm64 -# Keep versions on both arches in sync. -=dev-libs/libgcrypt-1.10.1-r3 ~arm64 +# Needed by arm64-native SDK. +=dev-lang/yasm-1.3.0-r1 ~arm64 -# To keep the same version on both arches. +# Keep versions on both arches in sync. +=dev-libs/ding-libs-0.6.1-r1 ~arm64 +=dev-libs/libgcrypt-1.10.1-r3 ~arm64 =dev-util/bpftool-6.2.1 ~arm64 +=net-firewall/conntrack-tools-1.4.6-r1 ~arm64 # Required for addressing CVE-2023-0361. =net-libs/gnutls-3.8.0 ~amd64 ~arm64 +# Keep versions on both arches in sync. +=net-libs/libnetfilter_cthelper-1.0.0-r1 ~arm64 +=net-libs/libnetfilter_cttimeout-1.0.0-r1 ~arm64 + # Required for addressing CVE-2023-28319, CVE-2023-28320, CVE-2023-28321 and CVE-2023-28322. =net-misc/curl-8.1.0 ~amd64 ~arm64 +# Keep versions on both arches in sync. +=sec-policy/selinux-base-2.20200818-r2 ~arm64 +=sec-policy/selinux-base-policy-2.20200818-r2 ~arm64 +=sec-policy/selinux-unconfined-2.20200818-r2 ~arm64 +=sec-policy/selinux-virt-2.20200818-r2 ~arm64 +=sys-apps/checkpolicy-3.1 ~arm64 + +# Keep versions on both arches in sync. +=sys-apps/kexec-tools-2.0.24 ~arm64 +=sys-apps/policycoreutils-3.1-r3 ~arm64 +=sys-apps/semodule-utils-3.1 ~arm64 + +# Needed to force enable ipvsadm for arm64. +=sys-cluster/ipvsadm-1.27-r1 ** + +# Keep versions on both arches in sync. +=sys-firmware/edk2-aarch64-18.02 ** + # FIPS support is still being tested. =sys-fs/cryptsetup-2.4.3-r1 ~amd64 ~arm64 -# To keep the same version on both arches. +# Keep versions on both arches in sync. =sys-fs/multipath-tools-0.9.4-r1 ~amd64 # Needed to address CVE-2023-2602 and CVE-2023-2603. =sys-libs/libcap-2.69 ~amd64 ~arm64 +# Keep versions on both arches in sync. +=sys-libs/libselinux-3.1-r2 ~arm64 +=sys-libs/libsemanage-3.1-r1 ~arm64 +=sys-libs/libsepol-3.1 ~arm64 + # A dependency of app-shells/bash version that we need for security # fixes. =sys-libs/readline-8.2_p1 ~amd64 ~arm64 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.accept_keywords deleted file mode 100644 index 338f281b4a..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.accept_keywords +++ /dev/null @@ -1,2 +0,0 @@ -# Needed by arm64-native SDK. -=app-crypt/efitools-1.9.2 ~arm64 From b3f1c26c84abd72ada43aede1482bea4f100491c Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Tue, 13 Jun 2023 10:05:12 +0200 Subject: [PATCH 7/8] overlay profiles: Update some comments --- .../coreos-overlay/profiles/coreos/base/package.mask | 5 ++--- .../coreos-overlay/profiles/coreos/base/package.unmask | 3 +-- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.mask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.mask index d1c5bff76f..04124822ce 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.mask +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.mask @@ -14,10 +14,9 @@ # Overwrite portage-stable mask. We are delaying the transition to # libxcrypt, because we need to figure out how to solve the dep loop # that results from the migration (python -> virtual/libcrypt -> -# libxcrypt -> glibc -> python), and also we need to update gcc to -# version 10 or later. +# libxcrypt -> glibc -> python). >=virtual/libcrypt-2 # Python 3.11 is stable in portage-stable, so avoid picking it -# up. Drop this when we switch to it. +# up. Update this to mask later versions when we switch to 3.11. >=dev-lang/python-3.11 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask index 0463755f1b..281988a591 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask @@ -1,8 +1,7 @@ # Overwrite portage-stable mask. We are delaying the transition to # libxcrypt, because we need to figure out how to solve the dep loop # that results from the migration (python -> virtual/libcrypt -> -# libxcrypt -> glibc -> python), and also we need to update gcc to -# version 10 or later. +# libxcrypt -> glibc -> python). =virtual/libcrypt-1-r1 # Overwrite portage-stable mask. OpenSSL-3* is building fine on Flatcar From bef5413314b8efb105652843165f1cacd1e66840 Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Tue, 13 Jun 2023 10:07:51 +0200 Subject: [PATCH 8/8] overlay profiles: Drop unnecessary unmasking of dev-libs/openssl dev-libs/openssl-3* is not masked any more in portage-stable. --- .../coreos-overlay/profiles/coreos/base/package.unmask | 4 ---- 1 file changed, 4 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask index 281988a591..8f872bb0e0 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask @@ -3,7 +3,3 @@ # that results from the migration (python -> virtual/libcrypt -> # libxcrypt -> glibc -> python). =virtual/libcrypt-1-r1 - -# Overwrite portage-stable mask. OpenSSL-3* is building fine on Flatcar -# and Flatcar's dependencies are building fine against it. -=dev-libs/openssl-3.0*