mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-15 17:06:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(coreos-base/coreos-base): Install sysctl, a little more cleanup.

Browse Source 
Pair down the old unused sysctl.conf do what is useful for us and
install it into /usr/lib/sysctl.d for systemd to handle.

Installing /srv in the SDK does no harm so do so.

EAPI=5 because, better.
This commit is contained in:
Michael Marineau 2013-08-22 19:07:59 -04:00
parent 898a3a3a08
commit cd40d3e46b
3 changed files with 17 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0-r65.ebuild → sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0-r66.ebuild vendored
View File

22
sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild vendored
View File

@ -1,6 +1,8 @@
# Copyright (c) 2012 The Chromium OS Authors. All rights reserved. # Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
EAPI=5
inherit useradd inherit useradd
DESCRIPTION="ChromeOS specific system setup" DESCRIPTION="ChromeOS specific system setup"
@ -30,6 +32,9 @@ RDEPEND="${DEPEND}
sys-apps/systemd sys-apps/systemd
" "
# no source directory
S="${WORKDIR}"
# Remove entry from /etc/group # Remove entry from /etc/group
# #
# $1 - Group name # $1 - Group name
@ -94,15 +99,16 @@ pkg_setup() {
} }
src_install() { src_install() {
insinto /etc dodir /usr/lib/sysctl.d
#doins "${FILESDIR}"/sysctl.conf || die insinto /usr/lib/sysctl.d
newins "${FILESDIR}"/sysctl.conf ${PN}.conf
# Add a /srv directory for mounting into later
dodir /srv
keepdir /srv
# target-specific fun # target-specific fun
if ! use cros_host ; then if ! use cros_host ; then
# Add a /srv directory for mounting into later
dodir /srv
keepdir /srv
# Make mount work in the way systemd prescribes # Make mount work in the way systemd prescribes
dosym /proc/mounts /etc/mtab dosym /proc/mounts /etc/mtab
@ -123,8 +129,8 @@ src_install() {
insinto /etc/vim insinto /etc/vim
doins "${FILESDIR}"/vimrc doins "${FILESDIR}"/vimrc
# Symlink /etc/localtime to something on the stateful partition, which we # Symlink /etc/localtime to something on the stateful partition,
# can then change around at runtime. # which we can then change around at runtime.
dosym /var/lib/timezone/localtime /etc/localtime || die dosym /var/lib/timezone/localtime /etc/localtime || die
# We use mawk in the target boards, not gawk. # We use mawk in the target boards, not gawk.

83
sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/sysctl.conf vendored
View File

@ -1,69 +1,13 @@
# /etc/sysctl.conf # sysctl defaults for CoreOS
#
# For more information on how this file works, please see
# the manpages sysctl(8) and sysctl.conf(5).
#
# In order for this file to work properly, you must first
# enable 'Sysctl support' in the kernel.
#
# Look in /proc/sys/ for all the things you can setup.
#
# # Enable IPv4 forwarding to support NAT in containers
# Original Gentoo settings: net.ipv4.ip_forward = 1
#
# Disables packet forwarding
net.ipv4.ip_forward = 0
# Disables IP dynaddr
#net.ipv4.ip_dynaddr = 0
# Disable ECN
#net.ipv4.tcp_ecn = 0
# Enables source route verification # Enables source route verification
net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1
# Enable reverse path # Enable reverse path
net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.all.rp_filter = 1
# Enable SYN cookies (yum!)
# http://cr.yp.to/syncookies.html
#net.ipv4.tcp_syncookies = 1
# Disable source route
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv4.conf.default.accept_source_route = 0
# Disable redirects
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv4.conf.default.accept_redirects = 0
# Disable secure redirects
#net.ipv4.conf.all.secure_redirects = 0
#net.ipv4.conf.default.secure_redirects = 0
# Ignore ICMP broadcasts
#net.ipv4.icmp_echo_ignore_broadcasts = 1
# Perform PLPMTUD only after detecting a "blackhole" in old-style PMTUD
net.ipv4.tcp_mtu_probing = 1
# Disables the magic-sysrq key
#kernel.sysrq = 0
# When the kernel panics, automatically reboot in 3 seconds
#kernel.panic = 3
# Allow for more PIDs (cool factor!); may break some programs
#kernel.pid_max = 999999
# You should compile nfsd into the kernel or add it
# to modules.autoload for this to work properly
# TCP Port for lock manager
#fs.nfs.nlm_tcpport = 0
# UDP Port for lock manager
#fs.nfs.nlm_udpport = 0
#
# ChromeOS specific settings:
#
# Set watchdog_thresh # Set watchdog_thresh
kernel.watchdog_thresh = 5 kernel.watchdog_thresh = 5
# When the kernel panics, automatically reboot to preserve dump in ram # When the kernel panics, automatically reboot to preserve dump in ram
@ -71,26 +15,5 @@ kernel.panic = -1
# Reboot on oops as well # Reboot on oops as well
kernel.panic_on_oops = 1 kernel.panic_on_oops = 1
# Disable shrinking the cwnd when connection is idle
net.ipv4.tcp_slow_start_after_idle = 0
# Protect working set in order to avoid thrashing.
# See http://crosbug.com/7561 for details.
vm.min_filelist_kbytes = 50000
# Allow full memory overcommit as we rather close or kill tabs than
# refuse memory to arbitrary core processes.
vm.overcommit_memory = 1
# Use laptop mode settings always
vm.dirty_background_ratio = 1
vm.dirty_expire_centisecs = 60000
vm.dirty_ratio = 60
vm.dirty_writeback_centisecs = 60000
vm.laptop_mode = 0
# Disable kernel address visibility to non-root users. # Disable kernel address visibility to non-root users.
kernel.kptr_restrict = 1 kernel.kptr_restrict = 1
# Increase shared memory segment limit for plugins rendering large areas
kernel.shmmax = 134217728