portage-stable was updated to be in sync with upstream, so that the new
GLSA 201810-10, where systemd v238 got rejected due to security issues.
However, coreos-overlay still uses systemd v238. So we should also
follow the upstream strategy of whitelisting GLSA 201810-10, to build
Flatcar based on the current coreos-overlay.
So simply merge upstream/master into flatcar-master.
The new python script check_root uses data that portage already
maintains on what shared libraries packages need or provide instead of
re-scanning whatever ELF files that can be found. This is much more
comprehensive but there is a bit of a transition issue for folks with
long-lived SDKs: packages built with portage older than 2.2.18 do not
include this data. As such for now the check is non-fatal and provides a
command you can use to refresh locally installed packages.
The code checking for conflicts between top level directories and /usr
has also been rewritten. Both tests now are considerably faster.
