Arm64 now supports booting a compressed kernel through EFI. This is
hidden behind the EFI_ZBOOT Kconfig option. The EFI_ZBOOT is only
enabled in the arm64 config because it is not available for x86. X86
relies on an architecture specific compression mechanism on EFI. The
KERNEL_ZSTD Kconfig option applies to both arches so move it to
commonconfig. The other change required is that the kernel image name
changes.
In my local build it looks like the kernel size goes down from 59MB to
43MB.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Apparently `local -x FOO` does not locally export an already existing
variable, but rather does some whole weird lot of nothing - it shadows
an existing variable with a new unset one, but it won't export it
until it gets assigned.
We previously did the AKV signing in the image job but temporarily
nobbled that code path while we completed the shim review.
Now the AKV signing has been split out into a separate job that will
only be invoked once changes to the jenkins-os repo have been merged.
The only thing we now need to nobble here is copying the signed shim. In
the meantime, we copy the unsigned shim instead. Revert this commit once
the shim review is complete.
We only want to do the signing in Azure, not the whole image job. This
new job downloads the unsigned image, signs it, and replaces it.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
The --extract_update option used to do exactly that, just extract the
USR-A partition for updates and no more. Now it does the same thing as
--generate_update, except it names the file flatcar_test_update.gz
rather than flatcar_production_update.gz. --generate_update is never
actually used because official update payloads are manually generated
with the generate_payload script later on.
Resolve this confusion by deduplicating the common code between them.
Any update payload produced during this stage of the build is only
useful for testing, so change --generate_update to always create
flatcar_test_update.gz. --generate_update now implies --extract_update
and both are enabled by default.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
Now that the previous git clone method does not work any more with the
current eclass, we need to download source tarball directly from GitHub
archive, and specify source directory name correspondingly.
Update ue-rs mainly to update dependency crates, as well as
to address security warning around futures-util crate.
Pulls in https://github.com/flatcar/ue-rs/pull/58
- drop `pkg_postint`
- create `/etc/ssl` with tmpfiles
- continue shipping app-misc/c_rehash
- mark as stable
- drop non-used files
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
We were supposed to collect allowed users and allowed groups into
separate arrays. Due to the copy-paste mistake, we overwrote allowed
users array with allowed groups while leaving the array for allowed
groups empty, so we ended up passing only allowed groups instead of
both.
The eclass was removed from Gentoo, so we followed suit. This broke
the pkg-auto code. Thus I imported the eclass into the impl directory
as gentoo_ver.sh, threw away all the unnecessary parts and moved some
from pkg_auto_lib.sh to the new file.
This allowed me to also drop a hack where I was grepping for the
version regexp in the eclass. Now I'm just exporting it.
