14675 Commits

Author SHA1 Message Date
Flatcar Buildbot
db98608970 Update mantle container image to latest HEAD 2022-05-06 10:35:57 +00:00
Dongsu Park
8394e3169c changelog: use a specific project name in the example
To be able to distinguish changelog entries from each other, we should
write a specific project name, e.g. portage-stable, instead of `PR`.
Changelog entries with a simple `PR` usually cause so much additional
rework when doing actual releases.
2022-05-06 12:20:03 +02:00
Dongsu Park
6bd35179ce changelog: use a specific project name in the example
To be able to distinguish changelog entries from each other, we should
write a specific project name, e.g. coreos-overlay, instead of `PR`.
Changelog entries with a simple `PR` usually cause so much additional
rework when doing actual releases.
2022-05-06 12:19:02 +02:00
Flatcar Buildbot
bef4cb276d Update mantle container image to latest HEAD 2022-05-06 09:19:43 +00:00
Dongsu Park
89db3c0785 Merge pull request #1861 from flatcar-linux/dongsu/rsync-3.2.4
profiles: accept keywords for net-misc/rsync
2022-05-06 10:59:58 +02:00
Dongsu Park
094f3c0626 Merge pull request #326 from flatcar-linux/dongsu/rsync-3.2.4
net-misc/rsync: update to 3.2.4-r1
2022-05-06 10:59:48 +02:00
Dongsu Park
4cff4fb85e Merge pull request #1860 from flatcar-linux/dongsu/git-2.35.3
profiles: accept keywords for git 2.35.3
2022-05-06 10:57:22 +02:00
Flatcar Buildbot
bed28648f6 app-emulation: Upgrade Containerd 1.6.3 to 1.6.4 2022-05-06 08:29:08 +00:00
Dongsu Park
6159fa199b profiles: accept keywords for git 2.35.3
We need to build 2.35.3 to address CVE-2022-24765.
2022-05-06 08:27:25 +02:00
flatcar-ci
36d72c4182 New version: main-3231.0.0-nightly-20220506-0155 2022-05-06 04:59:32 +00:00
Dongsu Park
6f3ce84988 changelog: add changelog for rsync 3.2.4 2022-05-05 17:30:53 +02:00
Dongsu Park
164bdd524b profiles: accept keywords for net-misc/rsync
We need to allow net-misc/rsync 3.2.4-r1, to address security issues
in its bundled zlib.
2022-05-05 17:17:55 +02:00
Dongsu Park
52fa3d1ea8 net-misc/rsync: update to v3.2.4-r1
Update net-misc/rsync to v3.2.4-r1, mainly to address CVE-2018-25032.
The CVE is actually a zlib issue, but we need to update rsync and its
bundled zlib as well, because the USE flag `system-zlib` is disabled
in Flatcar.
2022-05-05 17:13:45 +02:00
Dongsu Park
23072c77e9 changelog: add changelog for git 2.35.3 2022-05-05 15:37:59 +02:00
Dongsu Park
ae1fe3df23 dev-vcs/git: update to 2.35.3
Update dev-vcs/git to 2.35.3, mainly to address CVE-2022-24765.
2022-05-05 15:31:49 +02:00
flatcar-ci
83d707b75f New version: main-3230.0.0-nightly-20220505-0155 2022-05-05 04:47:35 +00:00
Kai Lueke
26432fe63c .github: add cacerts/kernel actions for current LTS
The GitHub Actions were defined for the LTS stream directly but we can
now follow the approach used for the other channels. This means that
in the future we could decide to create new Actions for 2022 by copying
the current one and modifying it when 2023 gets the new current LTS -
anyway some manual work would be required to set up Actions for both
old and new at the same time (we have no "previous" symlink on Origin).
We could retire the old LTS Actions immediately because the releases
don't occur on a fixed schedule but I think the automation is nice to
keep.
2022-05-04 14:24:37 +09:00
Flatcar Buildbot
7db0a98888 Update mantle container image to latest HEAD 2022-05-04 04:52:51 +00:00
flatcar-ci
464f38216e New version: main-3229.0.0-nightly-20220504-0155 2022-05-04 04:52:36 +00:00
Dongsu Park
48f7788853 Merge pull request #1857 from flatcar-linux/linux-5.15.37-main
Upgrade Linux Kernel in main from 5.15.35 to 5.15.37
2022-05-03 16:44:55 +02:00
flatcar-ci
91e96e1795 New version: main-3228.0.0-nightly-20220503-0155 2022-05-03 04:46:17 +00:00
Dongsu Park
354f881ca3 changelog: add changelog for gzip and xz-utils 2022-05-02 19:31:20 +02:00
Dongsu Park
24f5e0f1a4 Merge pull request #1858 from flatcar-linux/cacerts-3.78-main
Upgrade ca-certificates in main from 3.77 to 3.78
2022-05-02 19:19:20 +02:00
Dongsu Park
1ee44d4820 app-arch/xz-utils: update to xz-utils 5.2.5-r2
Update app-arch/xz-utils to 5.2.5-r2, mainly to address CVE-2022-1271.
2022-05-02 15:24:13 +02:00
Dongsu Park
9f3d4cb779 app-arch/gzip: update to 1.12
Update app-arch/gzip to 1.12, mainly to address CVE-2022-1271.
2022-05-02 15:22:41 +02:00
flatcar-ci
9ffeb450e5 New version: main-3227.0.0-nightly-20220502-0701 2022-05-02 09:59:55 +00:00
Flatcar Buildbot
2c01f8e685 app-misc: Upgrade ca-certificates 3.77 to 3.78 2022-05-02 07:24:12 +00:00
Flatcar Buildbot
fde16102ed sys-kernel: Upgrade Kernel 5.15.35 to 5.15.37 2022-05-02 07:24:00 +00:00
Flatcar Buildbot
59b3d4bacc app-emulation: Upgrade Containerd 1.6.2 to 1.6.3 2022-04-29 08:30:47 +00:00
flatcar-ci
54b5fedc66 New version: main-3224.0.0-nightly-20220429-0155 2022-04-29 04:49:52 +00:00
flatcar-ci
fc2b1b47c5 New version: main-3223.0.0-nightly-20220428-0155 2022-04-28 04:52:28 +00:00
Mathieu Tortuyaux
909f276006 Merge pull request #1842 from flatcar-linux/tormath1/ignition
sys-apps/ignition: use upstream
2022-04-27 10:08:54 +02:00
Flatcar Buildbot
0f0c613366 Update mantle container image to latest HEAD 2022-04-27 04:54:50 +00:00
flatcar-ci
0464fd65c3 New version: main-3222.0.0-nightly-20220427-0155 2022-04-27 04:54:33 +00:00
Mathieu Tortuyaux
208574039c sys-apps/ignition: use upstream
use upstream ignition (coreos/ignition) and apply our patches on top of
it.

It's currently done in the same way with coreos/afterburn.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
2022-04-26 15:27:23 +02:00
Kai Lueke
8ee228d5ce Move mantle's dnsmasq dependency to the SDK dependencies
The removal of the mantle ebuild file also meant that dnsmasq isn't
installed into the SDK anymore, yet we actually need it to run kola
QEMU tests in the SDK on the original CI pipeline. As long as the
original CI pipeline is kept, we have to keep kola's dependencies
like QEMU and dnsmasq around.
2022-04-26 15:09:13 +09:00
flatcar-ci
8aaa851d55 New version: main-3221.0.0-nightly-20220426-0155 2022-04-26 04:52:10 +00:00
Jeremi Piotrowski
c5e7ff8c9e Add missing pahole dependencies
pahole is a build-time dependency of our kernel build, due to us setting
CONFIG_BTF_DEBUG_INFO. If pahole is missing, a `make modules_prepare` with our
kernel config results in symbols in the config changing. This will affect
people building kernel modules against coreos-sources in the developer
container, but not the SDK because pahole is already in sdk-depends.

pahole is now an (explicit) BDEPEND of all the coreos-kernel/coreos-modules
packages, and we'll make it an RDEPEND of coreos-sources so that it is pulled
in whenever it might be necessary.  Also add it to the coreos-dev package so
that it is included in developer container by default, uncompressed size
increase is <1MB.
2022-04-25 14:28:02 +02:00
Jeremi Piotrowski
76c3130791 x11-drivers/nvidia-drivers: add more device node creation
This is the fallback path that nvidia publishes for verifying device node
creation was successful. It now handles multiple gpus and creating the
nvidia-uvm node, with a dynamic major.

The weird thing is that nvidia-smi and nvidia-modprobe also create some device
nodes and files under /dev, but this does not appear to be well documented. So
keep the static creation.
2022-04-25 14:24:22 +02:00
Jeremi Piotrowski
a6c4454b36 x11-drivers/nvidia-drivers: rework install paths of files to match OS
This involves putting libraries under /usr/lib64 and kernel modules under
/usr/lib/module. This is an experiment at making the nvidia installation work
as a sysext as well, but there are still some issues around that. The major
issue was that `systemd-sysext refresh` would remove the OEM symlink and I
don't feel comfortable with `systemctl restart systemd-sysext` from within
another unit.

If anyone wants to try it, it's now a matter of:

  ln -s /opt/nvidia/current /run/extensions/nvidia-driver

Bonus points for moving nvidia binaries from /opt/bin to
/opt/nvidia/current/usr/bin.
2022-04-25 14:00:09 +02:00
Jeremi Piotrowski
08b86ad7dd x11-drivers/nvidia-drivers: keep developer container image read-only
Since we no longer need to run emerge in the developer container, we can as
well just treat the developer container more like a container image and use an
ephemeral overlay.
2022-04-25 13:54:51 +02:00
Jeremi Piotrowski
d01ecae74c x11-drivers/nvidia-drivers: make service re-entrant
Currently the setup-nvidia script fails when re-executed. It should work in
cases when the driver is already built and just needs to be loaded, or when it
needs to be rebuilt for a new kernel (but driver version may not have changed).

To make this work, several changes where necessary:

* `./nvidia*.run -x -s` fails when already unpacked. Allow it so that we can
  rebuild
* there are several module dependencies for nvidia modules that are implicit,
  related to i2c/ipmi. Probe those explicitly.
* `[ -f /dev/nvidia* ]` fails because those are character devices, so need a
  `[ -c ...]` check.
* `nvidia-modprobe` previously always failed, because it doesn't actually know
  the location of the modules and can only call modprobe (modprobe looks into
  /lib/modules/). We now explicitly probe the important modules, at that point
  nvidia-modprobe just creates additional device nodes.
* `is_nvidia_installation_required` checks whether building and loading is needed.
  Factor out the loading check so that we can reload the module after an update.
2022-04-25 12:35:29 +02:00
Jeremi Piotrowski
67bf5476c3 x11-drivers/nvidia-drivers: use versioned developer container filenames
Currently the script will reuse a developer container that was downloaded once,
without ensuring that the same version is used as the running image. This works
on the first boot, but wouldn't be correct after an OS update.

To resolve this, add a version number to the downloaded filename, and check for
the versioned dev container file. When the file is missing we also cleanup all
other dev container files via glob remove.
2022-04-25 10:34:43 +02:00
Jeremi Piotrowski
a4ac14c66c x11-drivers/nvidia-drivers: use lbzip2 to speed up developer container decompression 2022-04-25 10:26:36 +02:00
Jeremi Piotrowski
d6ea20ddd6 x11-drivers/nvidia-drivers: allow user to override nvidia-metadata
...by providing /etc/flatcar/nvidia-metadata. Newer driver packages do not
support some older Nvidia cards. An example is the Tesla K80 cards in
Standard_NC6 VMs on Azure, which are only supported up to the 470.x driver
version. To allow users to continue using those, give them a way to override
the driver version through /etc/flatcar/nvidia-metadata. For example, this
entry could be used to pin a specific driver version:

NVIDIA_DRIVER_VERSION=470.103.01
2022-04-25 10:22:45 +02:00
Jeremi Piotrowski
85f7b86c00 x11-drivers/nvidia-drivers: build driver against /lib/modules
There are two ways to build the nvidia-driver - either against a full kernel
source tree in /usr/src/linux, or against a slim kernel-devel equivalent in
/lib/modules/*/build. The /lib/modules/*/build is provided by
sys-kernel/coreos-module, see `install_build_source`. The interesting thing is
that in absence of --kernel-source-path, nvidia-installer will autodetect which
to use and already builds against /lib/modules/*/build on Flatcar right now. By
passing --kernel-name, we make that choice explicit and this allows us to skip
the emerge steps of the build.

Since this runs in the developer container, there is also no point in trying to
execute systemctl or depmod, so pass the flags to disable usage of those.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
2022-04-25 09:53:24 +02:00
Flatcar Buildbot
571ab52d16 Update mantle container image to latest HEAD 2022-04-25 07:11:20 +00:00
Kai Lüke
b9f2da8566 Merge pull request #1820 from flatcar-linux/kai/sysext-oem-partition
coreos-base/coreos-init: add systemd-sysext.service for OEM mount
2022-04-25 13:12:45 +09:00
Kai Lueke
a2c5b52dec coreos-base/coreos-init: add systemd-sysext.service for OEM mount
This pulls in https://github.com/flatcar-linux/init/pull/69
to restore the OEM partition mount point after the /usr overlay is
done.
2022-04-25 13:10:51 +09:00
flatcar-ci
343807d40e New version: main-3218.0.0-nightly-20220423-0155 2022-04-23 04:48:01 +00:00