From b0c367067873ae7697b2c8c2370c76be23d7a865 Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Tue, 13 Jun 2023 09:59:25 +0200 Subject: [PATCH] overlay profiles: Merge accept keywords files into one The reason for keeping accept keywords in one place is two-fold: - Easier for the future automation to update it. - Stating the fact that we want to have the same version of a package to be used, regardless of the built target. If some package will be added to yet another target, we will know, that the version used will be the same as in other targets. --- .../coreos/arm64/package.accept_keywords | 34 ------------- .../coreos/base/package.accept_keywords | 49 +++++++++++++++++-- .../targets/sdk/package.accept_keywords | 2 - 3 files changed, 45 insertions(+), 40 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords delete mode 100644 sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.accept_keywords diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords deleted file mode 100644 index 8c12f2bf2a..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords +++ /dev/null @@ -1,34 +0,0 @@ -# arm64 keywords -# Keep these in alphabetical order. - -# Needed by arm64-native SDK. -=app-crypt/rhash-1.4.2 ~arm64 -=app-emulation/open-vmdk-1.0 * -=dev-embedded/u-boot-tools-2021.04_rc2 ~arm64 -=dev-lang/nasm-2.15.05 ~arm64 -=dev-lang/yasm-1.3.0-r1 ~arm64 - -# Overwrite portage-stable mask - enable ding-libs for ARM64. -=dev-libs/ding-libs-0.6.1-r1 ~arm64 - -# Keep version the same on both arches. -=net-firewall/conntrack-tools-1.4.6-r1 ~arm64 -=net-libs/libnetfilter_cthelper-1.0.0-r1 ~arm64 -=net-libs/libnetfilter_cttimeout-1.0.0-r1 ~arm64 -=sec-policy/selinux-base-2.20200818-r2 ~arm64 -=sec-policy/selinux-base-policy-2.20200818-r2 ~arm64 -=sec-policy/selinux-unconfined-2.20200818-r2 ~arm64 -=sec-policy/selinux-virt-2.20200818-r2 ~arm64 -=sys-apps/checkpolicy-3.1 ~arm64 -=sys-apps/kexec-tools-2.0.24 ~arm64 -=sys-apps/policycoreutils-3.1-r3 ~arm64 -=sys-apps/semodule-utils-3.1 ~arm64 - -# Needed to force enable ipvsadm for arm64. -=sys-cluster/ipvsadm-1.27-r1 ** - -# Keep version the same on both arches. -=sys-firmware/edk2-aarch64-18.02 ** -=sys-libs/libselinux-3.1-r2 ~arm64 -=sys-libs/libsemanage-3.1-r1 ~arm64 -=sys-libs/libsepol-3.1 ~arm64 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords index 1e743a0f05..ec10ee586c 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords @@ -1,40 +1,81 @@ # Copyright (c) 2009 The Chromium OS Authors. All rights reserved. # Copyright (c) 2013 The CoreOS Authors. All rights reserved. # Distributed under the terms of the GNU General Public License v2 +# +# Keywords for all packages used by Flatcar. # Seems to be the only available ebuild in portage-stable right now. =app-crypt/adcli-0.9.2 ~amd64 ~arm64 +# Needed by arm64-native SDK. +=app-crypt/efitools-1.9.2 ~arm64 +=app-crypt/rhash-1.4.2 ~arm64 +=app-emulation/open-vmdk-1.0 * + # Required for addressing CVE-2022-3715. =app-shells/bash-5.2_p15-r2 ~amd64 ~arm64 # No keyword for arm64 yet. =coreos-devel/fero-client-0.1.1 ** +# Needed by arm64-native SDK. +=dev-embedded/u-boot-tools-2021.04_rc2 ~arm64 +=dev-lang/nasm-2.15.05 ~arm64 + # Accept unstable host Rust compilers. =dev-lang/rust-1.69.0 ~amd64 ~arm64 -# Keep versions on both arches in sync. -=dev-libs/libgcrypt-1.10.1-r3 ~arm64 +# Needed by arm64-native SDK. +=dev-lang/yasm-1.3.0-r1 ~arm64 -# To keep the same version on both arches. +# Keep versions on both arches in sync. +=dev-libs/ding-libs-0.6.1-r1 ~arm64 +=dev-libs/libgcrypt-1.10.1-r3 ~arm64 =dev-util/bpftool-6.2.1 ~arm64 +=net-firewall/conntrack-tools-1.4.6-r1 ~arm64 # Required for addressing CVE-2023-0361. =net-libs/gnutls-3.8.0 ~amd64 ~arm64 +# Keep versions on both arches in sync. +=net-libs/libnetfilter_cthelper-1.0.0-r1 ~arm64 +=net-libs/libnetfilter_cttimeout-1.0.0-r1 ~arm64 + # Required for addressing CVE-2023-28319, CVE-2023-28320, CVE-2023-28321 and CVE-2023-28322. =net-misc/curl-8.1.0 ~amd64 ~arm64 +# Keep versions on both arches in sync. +=sec-policy/selinux-base-2.20200818-r2 ~arm64 +=sec-policy/selinux-base-policy-2.20200818-r2 ~arm64 +=sec-policy/selinux-unconfined-2.20200818-r2 ~arm64 +=sec-policy/selinux-virt-2.20200818-r2 ~arm64 +=sys-apps/checkpolicy-3.1 ~arm64 + +# Keep versions on both arches in sync. +=sys-apps/kexec-tools-2.0.24 ~arm64 +=sys-apps/policycoreutils-3.1-r3 ~arm64 +=sys-apps/semodule-utils-3.1 ~arm64 + +# Needed to force enable ipvsadm for arm64. +=sys-cluster/ipvsadm-1.27-r1 ** + +# Keep versions on both arches in sync. +=sys-firmware/edk2-aarch64-18.02 ** + # FIPS support is still being tested. =sys-fs/cryptsetup-2.4.3-r1 ~amd64 ~arm64 -# To keep the same version on both arches. +# Keep versions on both arches in sync. =sys-fs/multipath-tools-0.9.4-r1 ~amd64 # Needed to address CVE-2023-2602 and CVE-2023-2603. =sys-libs/libcap-2.69 ~amd64 ~arm64 +# Keep versions on both arches in sync. +=sys-libs/libselinux-3.1-r2 ~arm64 +=sys-libs/libsemanage-3.1-r1 ~arm64 +=sys-libs/libsepol-3.1 ~arm64 + # A dependency of app-shells/bash version that we need for security # fixes. =sys-libs/readline-8.2_p1 ~amd64 ~arm64 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.accept_keywords deleted file mode 100644 index 338f281b4a..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.accept_keywords +++ /dev/null @@ -1,2 +0,0 @@ -# Needed by arm64-native SDK. -=app-crypt/efitools-1.9.2 ~arm64