It is a common pattern to bind mount /etc/ssl/certs from the host system
into a container. This doesn't work on CoreOS because /etc/ssl/certs is
just a pile of symlinks to /usr. If the applications in the container
use Go then binding /usr/share/ca-certificates to /etc/ssl/certs does
happen to work because Go only needs ca-certificates.crt which is in
that top level directory. This however does not work for OpenSSL
applications because it needs a whole directory of hashed certificates.
To fix this change two things:
- Remove the `mozilla` directory left over from when certs came from
multiple sources. Install certs in ca-certificates directory instead.
- Include the OpenSSL hash symlinks in ca-certificates.
This reverts commit 4dbfe48bd20b036a11c30538e3ce5cdfb5bb1715:
- remove call to crossystem
- support for payloads that include kernels
- lots of refactoring/cleanups
The support for kernel payloads broke updates on systems that did not
already have the newer /boot/coreos/vmlinuz-{a,b} kernels.
Rolling back does restore the call to /usr/bin/crossystem but that call
failing shouldn't have any adverse behavior, just it will just add yet
another useless error message to our logs.
We currenly use ${GOPATH}/bin as the path for the compiler generated executable,
but this usage does not allow ebuilds to add additional local paths to GOPATH. To
allow for this usage, change the invocation of the compiler to use ${GOBIN}.
Signed-off-by: Geoff Levand <geoff@infradead.org>
A temporary ebuild that builds the go compiler from the latest git
checkout to get support for arm64 builds. Once go-1.5 is availilable
upstream and merged to portage-stable this ebuild can be removed.
Signed-off-by: Geoff Levand <geoff@infradead.org>
When FEATURES=splitdebug is set files from both dev-lang/go and
dev-lang/go-bootstrap have the same debug info build-id which causes a
file collision in /usr/lib/debug/.build-id.
Fix an indentation error.
Also, change the keyword ~amd64 to amd64.
This is a temporary fix until an upstream fix is available.
Signed-off-by: Geoff Levand <geoff@infradead.org>
go-bootstrap is needed to build go-1.5. Since we need a local fix, import it
to coreos-overlays. Once the fix is upstream this package can be moved to
portage-stable.
Signed-off-by: Geoff Levand <geoff@infradead.org>
