From ecc6d6bd3e38de4a7324ec5b2927bd6ed0de092d Mon Sep 17 00:00:00 2001
From: David Michael <dm0@redhat.com>
Date: Wed, 29 Aug 2018 18:04:55 +0000
Subject: [PATCH 1/7] build_toolchains: Stop building arm64 toolchains

---
 build_library/toolchain_util.sh | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/build_library/toolchain_util.sh b/build_library/toolchain_util.sh
index e765b343cc..d8649a12d1 100644
--- a/build_library/toolchain_util.sh
+++ b/build_library/toolchain_util.sh
@@ -15,7 +15,6 @@ TOOLCHAIN_PKGS=(
 # compiler to build a full native toolchain. Packages are not uploaded.
 declare -A CROSS_PROFILES
 CROSS_PROFILES["x86_64-cros-linux-gnu"]="coreos:coreos/amd64/generic"
-CROSS_PROFILES["aarch64-cros-linux-gnu"]="coreos:coreos/arm64/generic"
 
 # Map board names to CHOSTs and portage profiles. This is the
 # definitive list, there is assorted code new and old that either
@@ -24,9 +23,6 @@ declare -A BOARD_CHOSTS BOARD_PROFILES
 BOARD_CHOSTS["amd64-usr"]="x86_64-cros-linux-gnu"
 BOARD_PROFILES["amd64-usr"]="coreos:coreos/amd64/generic"
 
-BOARD_CHOSTS["arm64-usr"]="aarch64-cros-linux-gnu"
-BOARD_PROFILES["arm64-usr"]="coreos:coreos/arm64/generic"
-
 BOARD_NAMES=( "${!BOARD_CHOSTS[@]}" )
 
 # Declare the above globals as read-only to avoid accidental conflicts.

From afff45366a5e4b524e6fee4bb335e9f76d5610d0 Mon Sep 17 00:00:00 2001
From: David Michael <dm0@redhat.com>
Date: Mon, 27 Aug 2018 13:16:36 +0000
Subject: [PATCH 2/7] build_toolchains: Update sysroot settings for newer
 portage

Since EAPI=7 was supported, portage can no longer use different
ROOT and SYSROOT values.  This adjusts the paths so that the first
phase builds cross-toolchains under /usr/${CHOST}, then the native
toolchains are built under /build/${BOARD} (as was being done
previously).  Now that the cross-toolchain development files can't
be used when building the native toolchain, the headers and libs
are stupidly copied into the board root to be used used and then
overwritten by the board packages as they are built.  Since this is
all done in a chroot, these changes shouldn't affect the SDK host.
---
 build_library/catalyst_toolchains.sh | 9 +++++++--
 build_library/toolchain_util.sh      | 4 ++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/build_library/catalyst_toolchains.sh b/build_library/catalyst_toolchains.sh
index 07428f7350..2ab4c46dae 100644
--- a/build_library/catalyst_toolchains.sh
+++ b/build_library/catalyst_toolchains.sh
@@ -19,17 +19,22 @@ configure_target_root() {
     CBUILD="$(portageq envvar CBUILD)" \
         CHOST="${cross_chost}" \
         ROOT="/build/${board}" \
-        SYSROOT="/usr/${cross_chost}" \
+        SYSROOT="/build/${board}" \
         _configure_sysroot "${profile}"
 }
 
 build_target_toolchain() {
     local board="$1"
     local ROOT="/build/${board}"
+    local SYSROOT="/usr/$(get_board_chost "${board}")"
+
+    mkdir -p "${ROOT}/usr"
+    cp -at "${ROOT}" "${SYSROOT}"/lib*
+    cp -at "${ROOT}"/usr "${SYSROOT}"/usr/include "${SYSROOT}"/usr/lib*
 
     # --root is required because run_merge overrides ROOT=
     PORTAGE_CONFIGROOT="$ROOT" \
-        run_merge -u --root="$ROOT" "${TOOLCHAIN_PKGS[@]}"
+        run_merge -u --root="$ROOT" --sysroot="$ROOT" "${TOOLCHAIN_PKGS[@]}"
 }
 
 configure_crossdev_overlay / /tmp/crossdev
diff --git a/build_library/toolchain_util.sh b/build_library/toolchain_util.sh
index d8649a12d1..53f829a4b4 100644
--- a/build_library/toolchain_util.sh
+++ b/build_library/toolchain_util.sh
@@ -257,7 +257,7 @@ _configure_sysroot() {
     $sudo eselect profile set --force "$profile"
 
     $sudo tee "${ROOT}/etc/portage/make.conf" >/dev/null <<EOF
-$(portageq envvar -v CHOST CBUILD ROOT SYSROOT \
+$(portageq envvar -v CHOST CBUILD ROOT \
     PORTDIR PORTDIR_OVERLAY DISTDIR PKGDIR)
 HOSTCC=\${CBUILD}-gcc
 PKG_CONFIG_PATH="\${SYSROOT}/usr/lib/pkgconfig/"
@@ -372,7 +372,7 @@ install_cross_libs() {
     done | $sudo tee "${package_provided}/cross-${cross_chost}" >/dev/null
 
     # OK, clear as mud? Install those dependencies now!
-    PORTAGE_CONFIGROOT="$ROOT" ROOT="$ROOT" $sudo emerge "$@" -u $cross_deps
+    PORTAGE_CONFIGROOT="$ROOT" $sudo emerge --root="$ROOT" --sysroot="$ROOT" "$@" -u $cross_deps
 }
 
 # Get the latest GCC profile for a given CHOST

From 8556474e6a4b13967a2cb029773008cc39cbea0f Mon Sep 17 00:00:00 2001
From: David Michael <dm0@redhat.com>
Date: Tue, 28 Aug 2018 02:39:59 +0000
Subject: [PATCH 3/7] build_torcx_store: Update for newer portage versions

Since EAPI=7 was supported, portage can no longer use different
ROOT and SYSROOT values.  The torcx images were installed into a
temporary root directory after being built using the board's
development files.  To continue using this setup, the torcx image's
packages are built as normal binary packages for the board root
without being installed, then the binary packages are installed in
the temporary torcx root.
---
 build_torcx_store | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/build_torcx_store b/build_torcx_store
index b17a027775..3e1d59a9ec 100755
--- a/build_torcx_store
+++ b/build_torcx_store
@@ -79,12 +79,25 @@ function torcx_build() (
         [ -s "${tmproot}/etc/portage/bashrc" ] &&
         . "${tmproot}/etc/portage/bashrc"
 
+        # Build binary packages using dev files in the board root.
+        emerge-${BOARD} \
+            --buildpkg \
+            --buildpkgonly \
+            --nodeps \
+            --oneshot \
+            --quiet \
+            --root-deps=rdeps \
+            "${pkg}"
+
+        # Install the binary packages in the temporary torcx image root.
         emerge-${BOARD} \
             --nodeps \
             --oneshot \
+            --quiet \
             --root="${tmproot}" \
             --root-deps=rdeps \
-            --quiet \
+            --sysroot="${tmproot}" \
+            --usepkgonly \
             "${pkg}"
 )
 

From ce2e7e8a17a8026d5681d771f34df633ac6aec98 Mon Sep 17 00:00:00 2001
From: David Michael <dm0@redhat.com>
Date: Tue, 28 Aug 2018 13:46:27 +0000
Subject: [PATCH 4/7] setup_board: Drop needless SYSROOT when installing
 binpkgs

For the less common case where binpkgs are not used, restructure
this so that it builds binpkgs in /usr/${CHOST} without installing
them, use those binpkgs to initialize /build/${BOARD}.
---
 setup_board | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/setup_board b/setup_board
index ec6129a8fe..6e16283f8a 100755
--- a/setup_board
+++ b/setup_board
@@ -305,19 +305,28 @@ if [[ ${FLAGS_regen_configs} -eq ${FLAGS_FALSE} ]]; then
       EMERGE_FLAGS+=" --usepkg"
     fi
     EMERGE_FLAGS+=" --getbinpkg"
-    EMERGE_TOOLCHAIN_FLAGS+=" --usepkgonly --getbinpkg --rebuilt-binaries n"
-  else
-    # When binary packages are disabled we need to make sure the cross
-    # sysroot includes any build dependencies for the toolchain.
-    info "Installing toolchain build dependencies"
-    install_cross_libs "${BOARD_CHOST}" ${EMERGE_FLAGS} --buildpkg=n
   fi
 
   info "Installing baselayout"
   "${EMERGE_WRAPPER}" ${EMERGE_FLAGS} --nodeps sys-apps/baselayout
 
+  if [[ "${FLAGS_usepkg}" -ne "${FLAGS_TRUE}" ||
+        "${FLAGS_getbinpkg}" -ne "${FLAGS_TRUE}" ]]
+  then
+    # When binary packages are disabled we need to make sure the cross
+    # sysroot includes any build dependencies for the toolchain.
+    info "Installing toolchain build dependencies"
+    install_cross_libs "${BOARD_CHOST}" ${EMERGE_FLAGS} --buildpkg=n
+
+    info "Building toolchain"
+    "${EMERGE_WRAPPER}" --buildpkg --buildpkgonly \
+        --root="/usr/${BOARD_CHOST}" --sysroot="/usr/${BOARD_CHOST}" \
+	${EMERGE_TOOLCHAIN_FLAGS} "${TOOLCHAIN_PKGS[@]}"
+  fi
+
   info "Installing toolchain"
-  SYSROOT="/usr/${BOARD_CHOST}" "${EMERGE_WRAPPER}" \
+  "${EMERGE_WRAPPER}" \
+      --usepkgonly --getbinpkg --rebuilt-binaries n \
       ${EMERGE_TOOLCHAIN_FLAGS} "${TOOLCHAIN_PKGS[@]}"
 fi
 

From 5ffb93893438395e2f9558e3744fc149670b87e8 Mon Sep 17 00:00:00 2001
From: David Michael <dm0@redhat.com>
Date: Thu, 30 Aug 2018 00:53:17 +0000
Subject: [PATCH 5/7] image_to_vm: Fix OEM install roots for new portage

---
 build_library/vm_image_util.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/build_library/vm_image_util.sh b/build_library/vm_image_util.sh
index 7fd5408124..2732ac2391 100644
--- a/build_library/vm_image_util.sh
+++ b/build_library/vm_image_util.sh
@@ -464,7 +464,7 @@ install_oem_package() {
     # build anything else from source here. emerge doesn't have a way to
     # enforce this in a single command.
     info "Building ${oem_pkg}"
-    USE="${oem_use}" emerge-${BOARD} --root="${oem_tmp}" \
+    USE="${oem_use}" emerge-${BOARD} \
         --nodeps --buildpkgonly --usepkg n \
         --quiet "${oem_pkg}"
 
@@ -474,7 +474,8 @@ install_oem_package() {
     fi
 
     info "Installing ${oem_pkg} to OEM partition"
-    USE="${oem_use}" emerge-${BOARD} --root="${oem_tmp}" \
+    USE="${oem_use}" emerge-${BOARD} \
+        --root="${oem_tmp}" --sysroot="${oem_tmp}" \
         --root-deps=rdeps --usepkgonly ${getbinpkg} \
         --quiet --jobs=2 "${oem_pkg}"
     sudo rsync -a "${oem_tmp}/usr/share/oem/" "${VM_TMP_ROOT}/usr/share/oem/"

From 40e5c11c6979a5db0457fcd453bb1d90a4b5cd22 Mon Sep 17 00:00:00 2001
From: David Michael <dm0@redhat.com>
Date: Fri, 31 Aug 2018 17:43:13 +0000
Subject: [PATCH 6/7] kernel_menuconfig: Drop unused script

No one is known to be using this script, and it no longer works.
If it turns out to have users, the script will need to be updated
to work with the current config file format before re-adding it.
---
 kernel_menuconfig | 85 -----------------------------------------------
 1 file changed, 85 deletions(-)
 delete mode 100755 kernel_menuconfig

diff --git a/kernel_menuconfig b/kernel_menuconfig
deleted file mode 100755
index 39da3e2127..0000000000
--- a/kernel_menuconfig
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/bin/bash
-
-# Copyright (c) 2015 The CoreOS Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-SCRIPT_ROOT=$(dirname "$(readlink -f "$0")")
-. "${SCRIPT_ROOT}/common.sh" || exit 1
-
-# Script must run inside the chroot
-assert_inside_chroot
-
-assert_not_root_user
-
-# Flags
-DEFINE_string board "${DEFAULT_BOARD}" \
-  "Board to use for kernel source and architecture."
-DEFINE_string overlay "coreos" \
-  "Portage repo containing the kernel ebuild."
-DEFINE_string package "sys-kernel/coreos-modules" \
-  "Portage ebuild name for the kernel."
-
-# Parse command line
-FLAGS "$@" || exit 1
-eval set -- "${FLAGS_ARGV}"
-
-# Die on any errors.
-switch_to_strict_mode
-
-if [[ -z "${FLAGS_board}" ]] ; then
-  die_notrace "--board is required."
-fi
-
-. "${BUILD_LIBRARY_DIR}/toolchain_util.sh"
-. "${BUILD_LIBRARY_DIR}/board_options.sh"
-
-KERNEL_ARCH=$(get_kernel_arch "${CHOST}")
-KERNEL_CLFAGS="-nopie -fstack-check=no"
-KERNEL_SRC="${BOARD_ROOT}/usr/src/linux"
-if [[ ! -f "${KERNEL_SRC}/Makefile" ]]; then
-  die_notrace "No kernel source found at ${KERNEL_SRC}"
-fi
-
-KERNEL_BUILD=$(mktemp -d)
-trap "rm -rf '${KERNEL_BUILD}'" EXIT
-
-# Set up a ccache friendly build tree
-mkdir -p "${KERNEL_BUILD}/build"
-ln -s "${KERNEL_SRC}"/* "${KERNEL_BUILD}"
-
-if [[ -d /usr/lib/ccache/bin ]]; then
-  export PATH="/usr/lib/ccache/bin:${PATH}"
-  export CCACHE_BASEDIR="${KERNEL_BUILD}"
-fi
-
-kmake() {
-  make -C "${KERNEL_BUILD}" \
-    ARCH="${KERNEL_ARCH}" \
-    CROSS_COMPILE="${CHOST}-" \
-    KBUILD_OUTPUT="build" \
-    KCFLAGS="${KERNEL_CFLAGS}" \
-    LDFLAGS="" \
-    "$@"
-}
-
-kmake_var() {
-  echo -e "e:\\n\\t@echo \$(${1})\\ninclude Makefile" | kmake -s -f -
-}
-
-KERNEL_MAJOR=$(kmake_var VERSION)
-KERNEL_MINOR=$(kmake_var PATCHLEVEL)
-
-OVERLAY=$(portageq get_repo_path / "${FLAGS_overlay}")
-FILESDIR="${OVERLAY}/${FLAGS_package}/files"
-DEFCONFIG_NAME="${ARCH}_defconfig-${KERNEL_MAJOR}.${KERNEL_MINOR}"
-DEFCONFIG_PATH="${FILESDIR}/${DEFCONFIG_NAME}"
-COMMONCONFIG_NAME="commonconfig-${KERNEL_MAJOR}.${KERNEL_MINOR}"
-COMMONCONFIG_PATH="${FILESDIR}/${COMMONCONFIG_NAME}"
-
-cat "${DEFCONFIG_PATH}" "${COMMONCONFIG_PATH}" > "${KERNEL_BUILD}/build/.config"
-kmake olddefconfig
-cp "${KERNEL_BUILD}/build/.config" "${KERNEL_BUILD}/build/.config.bak"
-kmake menuconfig
-kmake savedefconfig
-diff -u "${KERNEL_BUILD}/build/.config.bak" "${KERNEL_BUILD}/build/.config" || true

From 756112f24589bd59d33ecf0a8a9e475aecf25333 Mon Sep 17 00:00:00 2001
From: Andrew Jeddeloh <andrew.jeddeloh@coreos.com>
Date: Tue, 25 Sep 2018 15:44:23 -0700
Subject: [PATCH 7/7] signing/sign.sh: update to use correct keys/ips

Update to use the actual key names and IPs.
---
 signing/sign.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/signing/sign.sh b/signing/sign.sh
index 3b99426ca5..fdc61dd458 100755
--- a/signing/sign.sh
+++ b/signing/sign.sh
@@ -10,7 +10,7 @@ fi
 DATA_DIR="$(readlink -f "$1")"
 KEYS_DIR="$(readlink -f "$(dirname "$0")")"
 SIGS_DIR="$(readlink -f "$2")"
-SERVER_ADDR="${3:-10.7.16.138}"
+SERVER_ADDR="${3:-10.7.68.100}"
 SERVER_PORT="${4:-50051}"
 
 echo "===     Verifying update payload...     ==="
@@ -32,7 +32,7 @@ pushd "${DATA_DIR}"
 	--image "${DATA_DIR}/coreos_production_update.bin" \
 	--kernel "${DATA_DIR}/coreos_production_image.vmlinuz" \
 	--output "${DATA_DIR}/coreos_production_update.gz" \
-	--private_keys "${KEYS_DIR}/devel.key.pem+fero:coreos-update-prod" \
+	--private_keys "${KEYS_DIR}/devel.key.pem+fero:coreos-image-signing-key" \
 	--public_keys  "${KEYS_DIR}/devel.pub.pem+${KEYS_DIR}/prod-2.pub.pem" \
 	--keys_separator "+" \
 	--signing_server_address "$SERVER_ADDR" \
@@ -53,7 +53,7 @@ fero-client \
 	sign \
 	--file "${DATA_DIR}/torcx_manifest.json" \
 	--output "${DATA_DIR}/torcx_manifest.json.sig-fero" \
-	--secret-key coreos-torcx \
+	--secret-key coreos-app-signing-key \
 	${torcx_signature_arg}
 gpg2 --enarmor \
 	--output "${DATA_DIR}/torcx_manifest.json.asc" \