From f35bb80c4f04af75cd1f3f964a0ff3479efa4bd2 Mon Sep 17 00:00:00 2001
From: David Michael <david.michael@coreos.com>
Date: Tue, 18 Oct 2016 14:52:42 -0700
Subject: [PATCH 1/3] coreos-base/coreos-oem-gce: build by default

This adds the GCE ACI meta-package to board-packages so a binary
package gets built for it on the first build_packages run.

It also moves the CoreOS-specific glibc dependencies from the GCE
Python ebuild onto the meta-package.
---
 .../google-compute-engine-20160930.ebuild                     | 4 +---
 .../coreos-base/coreos-oem-gce/coreos-oem-gce-0.0.1.ebuild    | 2 ++
 ...ackages-0.0.1-r7.ebuild => board-packages-0.0.1-r8.ebuild} | 0
 .../coreos-devel/board-packages/board-packages-0.0.1.ebuild   | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/{board-packages-0.0.1-r7.ebuild => board-packages-0.0.1-r8.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/google-compute-engine-20160930.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/google-compute-engine-20160930.ebuild
index 781470b0cb..56092ae0d3 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/google-compute-engine-20160930.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/google-compute-engine-20160930.ebuild
@@ -16,7 +16,7 @@ IUSE=""
 
 DEPEND="dev-python/setuptools"
 
-# These dependencies cover everything possibly called by the scripts.
+# These dependencies cover all commands called by the scripts.
 RDEPEND="
 	app-admin/sudo
 	dev-python/boto
@@ -26,8 +26,6 @@ RDEPEND="
 	sys-apps/grep
 	sys-apps/iproute2
 	sys-apps/shadow
-	sys-libs/glibc
-	sys-libs/nss-usrfiles
 "
 
 S="${WORKDIR}/compute-image-packages-${PV}"
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/coreos-oem-gce-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/coreos-oem-gce-0.0.1.ebuild
index f078935872..d42d1befb7 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/coreos-oem-gce-0.0.1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/coreos-oem-gce-0.0.1.ebuild
@@ -13,4 +13,6 @@ IUSE=""
 
 RDEPEND="
 	app-emulation/google-compute-engine
+	sys-libs/glibc
+	sys-libs/nss-usrfiles
 "
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1-r7.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1-r8.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1-r7.ebuild
rename to sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1-r8.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild
index 441c891069..87d2d5ab48 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild
@@ -16,9 +16,9 @@ IUSE=""
 DEPEND=""
 RDEPEND="
 	amd64? (
-		app-emulation/google-compute-engine
 		app-emulation/open-vm-tools
 		app-emulation/wa-linux-agent
+		coreos-base/coreos-oem-gce
 		coreos-base/nova-agent-container
 		coreos-base/nova-agent-watcher
 		dev-lang/python-oem

From 517455f35e8185b6849d8c3306130fd1dbc04e6a Mon Sep 17 00:00:00 2001
From: David Michael <david.michael@coreos.com>
Date: Tue, 18 Oct 2016 15:02:50 -0700
Subject: [PATCH 2/3] profiles: don't mask packages for the oem-aci sub-profile

The build complains about the wildcard masks, even though they are
explicitly listed as valid in portage(5).  Just remove them, since
the type of packages that go into containers don't tend to depend
on boot packages anyway.
---
 .../profiles/coreos/targets/generic/oem-aci/package.mask    | 6 ------
 1 file changed, 6 deletions(-)
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/oem-aci/package.mask

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/oem-aci/package.mask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/oem-aci/package.mask
deleted file mode 100644
index 8e2929318b..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/oem-aci/package.mask
+++ /dev/null
@@ -1,6 +0,0 @@
-# Packages that we do not want to ship in OEM ACI images. Masking these is
-# merely as a safe guard against pulling them in accidentally.
-
-# OEM ACIs have no reason to include boot-related packages.
-sys-boot/*
-sys-kernel/*

From f4f9107caeae362185410551e12d75c09326859d Mon Sep 17 00:00:00 2001
From: David Michael <david.michael@coreos.com>
Date: Tue, 18 Oct 2016 16:09:22 -0700
Subject: [PATCH 3/3] app-emulation/google-compute-engine: use a config
 template

The configuration template needs to be written by the service
itself in the current setup.  The host's /etc is mounted into the
ACI to provide all of the user's system configuration and to allow
the GCE scripts to make their modifications, so the template can't
be included in the ACI.  It can't be written to the host's /etc
either, since it is read-only in the SDK when OEM packages are
being installed.
---
 ...0930.ebuild => google-compute-engine-20160930-r1.ebuild} | 6 ------
 .../coreos-oem-gce/coreos-oem-gce-0.0.1-r1.ebuild           | 1 +
 .../coreos-base/coreos-oem-gce/files/manglefs.sh            | 5 +++++
 3 files changed, 6 insertions(+), 6 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/{google-compute-engine-20160930.ebuild => google-compute-engine-20160930-r1.ebuild} (83%)
 create mode 120000 sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/coreos-oem-gce-0.0.1-r1.ebuild

diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/google-compute-engine-20160930.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/google-compute-engine-20160930-r1.ebuild
similarity index 83%
rename from sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/google-compute-engine-20160930.ebuild
rename to sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/google-compute-engine-20160930-r1.ebuild
index 56092ae0d3..179bf9adbf 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/google-compute-engine-20160930.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/google-compute-engine-20160930-r1.ebuild
@@ -30,12 +30,6 @@ RDEPEND="
 
 S="${WORKDIR}/compute-image-packages-${PV}"
 
-src_prepare() {
-	# Don't attempt to mess with our host keys.
-	sed -i -e '/set_host_keys/s/true/false/i' \
-		"${S}"/google_compute_engine/instance_setup/instance_config.py
-}
-
 src_compile() {
 	(cd "${S}" && exec python setup.py build)
 }
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/coreos-oem-gce-0.0.1-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/coreos-oem-gce-0.0.1-r1.ebuild
new file mode 120000
index 0000000000..348c68c571
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/coreos-oem-gce-0.0.1-r1.ebuild
@@ -0,0 +1 @@
+coreos-oem-gce-0.0.1.ebuild
\ No newline at end of file
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/files/manglefs.sh b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/files/manglefs.sh
index cee4b02818..013b990370 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/files/manglefs.sh
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/files/manglefs.sh
@@ -7,6 +7,11 @@ set -e
 cat << 'EOF' > init.sh && chmod 755 init.sh
 #!/bin/bash -ex
 
+# Write a configuration template if it does not exist.
+[ -e /etc/default/instance_configs.cfg.template ] ||
+echo -e > /etc/default/instance_configs.cfg.template \
+    '[InstanceSetup]\nset_host_keys = false'
+
 # Run the initialization scripts.
 /usr/bin/google_instance_setup
 /usr/bin/google_network_setup