diff --git a/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-06-14-ignition-rmcfg-vmware.md b/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-06-14-ignition-rmcfg-vmware.md new file mode 100644 index 0000000000..32889bf0ff --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-06-14-ignition-rmcfg-vmware.md @@ -0,0 +1 @@ +- VMWare: Added `ignition-delete-config.service` to remove Ignition config from VM metadata, see also [here](https://coreos.github.io/ignition/operator-notes/#automatic-config-deletion) ([coreos-overlay#1948](https://github.com/flatcar-linux/coreos-overlay/pull/1948)) diff --git a/sdk_container/src/third_party/coreos-overlay/changelog/security/2022-06-09-ignition.md b/sdk_container/src/third_party/coreos-overlay/changelog/security/2022-06-09-ignition.md new file mode 100644 index 0000000000..2477009969 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/changelog/security/2022-06-09-ignition.md @@ -0,0 +1 @@ +- ignition ([CVE-2022-1706](https://nvd.nist.gov/vuln/detail/CVE-2022-1706)) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild index ec8d6f8b04..fa7fd86e34 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild @@ -10,7 +10,7 @@ CROS_WORKON_REPO="https://github.com" if [[ "${PV}" == 9999 ]]; then KEYWORDS="~amd64 ~arm ~arm64 ~x86" else - CROS_WORKON_COMMIT="7497ac210fcb85d7670b86e21726ffe1b23549a0" # flatcar-master + CROS_WORKON_COMMIT="b9c0bc0f57c2c19122c1ec1c7fb44a2e156d311e" # flatcar-master KEYWORDS="amd64 arm arm64 x86" fi diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild index c583b3271e..f052baf90b 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild @@ -152,6 +152,7 @@ RDEPEND="${RDEPEND} sys-apps/gawk sys-apps/gptfdisk sys-apps/grep + sys-apps/ignition sys-apps/iproute2 sys-apps/kexec-tools sys-apps/keyutils diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults index 30715dc7dc..e65bd636c4 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults @@ -87,6 +87,11 @@ INSTALL_MASK=" /etc/acpi " +# Prevent 'ignition' binary from being installed from sys-apps/ignition binary package. +PKG_INSTALL_MASK=" + /usr/bin/ignition +" + # Keep the default languages small. # (not many things respect this though) LINGUAS="en" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/ignition-2.14.0-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/ignition-2.14.0-r2.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/ignition-2.14.0-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/ignition-2.14.0-r2.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/ignition-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/ignition-9999.ebuild index 9538f5c267..679d9c7263 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/ignition-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/ignition-9999.ebuild @@ -67,4 +67,7 @@ src_compile() { src_install() { newbin ${GOBIN}/internal ${PN} + + exeinto "/usr/libexec" + newexe ${GOBIN}/internal "${PN}-rmcfg" }