mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-30 02:41:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
23,004 Commits 611 Branches 397 Tags
Commit Graph

23004 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dongsu Park
d58c9dc799 coreos-devel/sdk-depends: delete autoconf 2.1 for spidermonkey 
Now that we delete spidermonkey from portage-stable completely, we can
delete autoconf 2.1 as well.
 2021-11-03 18:11:33 +01:00
Dongsu Park
1c90561a17 Merge pull request #240 from flatcar-linux/dongsu/github-https 
*: fix Github URL issues in bootstrap.sh, dev-lang/yasm (take 2)
 2021-11-03 17:46:07 +01:00
Dongsu Park
5c1af6f015 Merge pull request #1394 from flatcar-linux/dongsu/github-https 
*: *: use https instead of git for Github URLs (take 2)
 2021-11-03 17:45:55 +01:00
Dongsu Park
e5790650a1 profiles: add ssl USE flag to make libcurl fetch from https:// 
Now that Github rejects access to an unauthenticated URL with `git://`,
we have to make git and libcurl work with `https://`. However, during
the SDK stage2, curl is not explicitly installed, but just inherited
from the stage1. As a result, curl is built without the `ssl` USE flag.
So installation of baselayout fails with:

```
git fetch https://github.com/flatcar-linux/baselayout.git --prune +HEAD:refs/git-r3/HEAD

fatal: unable to access 'https://github.com/flatcar-linux/baselayout.git/':
Protocol "https" not supported or disabled in libcurl
```

To resolve the issue, we need to install curl with `BOOTSTRAP_USE=ssl`
before trying to install baselayout.

Also we need to set `CURL_SSL=openssl` as required by curl.
Using a USE_EXPAND variable `curl_ssl_openssl` in `BOOTSTRAP_USE`, we
can specify the correct `CURL_SSL` variable in curl.
 2021-11-03 17:44:53 +01:00
Dongsu Park
14b3353eaa scripts: install curl before baselayout 
Now that Github rejects access to an unauthenticated URL with `git://`,
we have to make git and libcurl work with `https://`. However, during
the SDK stage2, curl is not explicitly installed, but just inherited
from the stage1. As a result, curl is built without the `ssl` USE flag.
So installation of baselayout fails with:

```
git fetch https://github.com/flatcar-linux/baselayout.git --prune +HEAD:refs/git-r3/HEAD
fatal: unable to access 'https://github.com/flatcar-linux/baselayout.git/':
Protocol "https" not supported or disabled in libcurl
```

To resolve the issue, we need to install curl with `BOOTSTRAP_USE=ssl`
before trying to install baselayout.
 2021-11-03 15:30:55 +01:00
Mathieu Tortuyaux
6ca8235abe Merge pull request #1389 from flatcar-linux/tormath1/openssl-fips 
`dev-libs/openssl`: enable `fips` support
 2021-11-03 12:15:27 +01:00
Flatcar Buildbot
bcf4fe6c2e sys-kernel: Upgrade Kernel 5.10.76 to 5.10.77 2021-11-03 07:23:42 +00:00
Dongsu Park
cfadfebd5b dev-lang/yasm: update to 1.3.0-r1 to fix Github URL protocol 
Github now rejects an unauthenticated Github URL `git://`, so we need to
replace git with https.
To do that, sync with Gentoo for dev-lang/yasm 1.3.0-r1 including fix
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0793e1ac0b7c7b3e8572443bbd33faf7ddc26813
 2021-11-03 07:17:39 +01:00
Dongsu Park
20ef77de27 profiles: update dev-lang/yasm to 1.3.0-r1 for ~arm64 2021-11-03 07:16:50 +01:00
Dongsu Park
0a6e5d41f3 *: use https instead of git for Github URLs 
Replace `git://` with `https://` for GITHUB URLs, because Github now
rejects an unauthenticated git access.

* app-admin/locksmith
* app-admin/mayday
* app-admin/sdnotify-proxy
* app-admin/toolbox
* app-admin/updateservicectl
* app-arch/torcx
* app-crypt/go-tspi
* app-emulation/acbuild
* app-emulation/actool
* coreos-base/afterburn
* coreos-base/coreos-cloudinit
* coreos-base/coreos-init
* coreos-base/emerge-gitclone
* coreos-base/nova-agent-watcher
* coreos-base/update-ssh-keys
* coreos-base/update_engine
* coreos-devel/fero-client
* coreos-devel/mantle
* sys-apps/baselayout
* sys-apps/ignition
* sys-apps/seismograph
* sys-boot/grub
* sys-boot/shim
* sys-kernel/bootengine
* sys-libs/nss-usrfiles

See also
https://github.blog/2021-09-01-improving-git-protocol-security-github/.
 2021-11-03 07:16:37 +01:00
Dongsu Park
ed1951fe87 Merge pull request #239 from flatcar-linux/dongsu/revert-github-https 
Revert "dev-lang/yasm: update to 1.3.0-r1 to fix Github URL protocol"
 2021-11-02 18:39:20 +01:00
Dongsu Park
56695d4fbf Merge pull request #1388 from flatcar-linux/dongsu/revert-github-https 
Revert back to git:// URLs
 2021-11-02 18:39:08 +01:00
Dongsu Park
43bb898cbc Revert "dev-lang/yasm: update to 1.3.0-r1 to fix Github URL protocol" 
This reverts commit ea28ab385dfffa6b0cbd7267b557764e35f7b060.
 2021-11-02 18:34:42 +01:00
Dongsu Park
90bc60e15a Revert "*: use https instead of git for Github URLs" 
This reverts commit c2c0d33ed7b3481ee9ce54fb4a1618d41c5eee53.
 2021-11-02 18:31:17 +01:00
Dongsu Park
09be16c283 Revert "profiles: update dev-lang/yasm to 1.3.0-r1 for ~arm64" 
This reverts commit b79b2bb0afedefbab9381473f994d2c7375f11a0.
 2021-11-02 18:31:17 +01:00
Mathieu Tortuyaux
61b1e97237 profiles/base: enable fips for dev-libs/openssl 
enabling `fips` support will compile `fips.so` provider for user who
wants to use `fips` as OpenSSL provider.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2021-11-02 18:28:10 +01:00
Mathieu Tortuyaux
b3a9d297ee dev-libs/openssl: apply flatcar changes 
- drop `pkg_postint`
- create `/etc/ssl` with systemd-tmpfiles

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2021-11-02 18:25:55 +01:00
Mathieu Tortuyaux
ca192320b3 dev-libs/openssl: sync with upstream 
it basically brings this commit: 895d71e3d1

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2021-11-02 18:24:35 +01:00
Sayan Chowdhury
10316541c9 Merge pull request #1379 from flatcar-linux/linux-5.10.76-main 
Upgrade Linux Kernel in main from 5.10.75 to 5.10.76
 2021-11-02 20:39:14 +05:30
Dongsu Park
6e0fd76493 Merge pull request #236 from flatcar-linux/dongsu/ncurses-6.2-20210619 
*: update gptfdisk, readline, procps for ncurses 6.2_p20210619
 2021-11-02 15:15:46 +01:00
Dongsu Park
95c2a8fe10 Merge pull request #1383 from flatcar-linux/dongsu/ncurses-6.2-20210619 
sys-libs/ncurses: update to 6.2_p20210619
 2021-11-02 15:15:35 +01:00
Dongsu Park
d8a0045753 Merge pull request #233 from flatcar-linux/dongsu/wget-1.21.2 
net-misc/wget: update to 1.21.2
 2021-11-02 14:25:42 +01:00
Dongsu Park
1f8a64c14c Merge pull request #1381 from flatcar-linux/dongsu/wget-1.21.2 
profiles: accept keywords for wget 1.21.2.
 2021-11-02 14:24:41 +01:00
Dongsu Park
35d1244b61 Merge pull request #238 from flatcar-linux/dongsu/github-https 
dev-lang/yasm: update to 1.3.0-r1 to fix Github URL protocol
 2021-11-02 14:02:59 +01:00
Dongsu Park
524afe8ae2 Merge pull request #1386 from flatcar-linux/dongsu/github-https 
*: use https instead of git for Github URLs
 2021-11-02 14:02:51 +01:00
Dongsu Park
6e3c5a85d6 profiles: update dev-lang/yasm to 1.3.0-r1 for ~arm64 2021-11-02 08:36:05 +01:00
Dongsu Park
68bc2f4d3c *: use https instead of git for Github URLs 
Replace `git://` with `https://` for GITHUB URLs, because Github now
rejects an unauthenticated git access.

* app-admin/locksmith
* app-admin/mayday
* app-admin/sdnotify-proxy
* app-admin/toolbox
* app-admin/updateservicectl
* app-arch/torcx
* app-crypt/go-tspi
* app-emulation/acbuild
* app-emulation/actool
* coreos-base/afterburn
* coreos-base/coreos-cloudinit
* coreos-base/coreos-init
* coreos-base/emerge-gitclone
* coreos-base/nova-agent-watcher
* coreos-base/update-ssh-keys
* coreos-base/update_engine
* coreos-devel/fero-client
* coreos-devel/mantle
* sys-apps/baselayout
* sys-apps/ignition
* sys-apps/seismograph
* sys-boot/grub
* sys-boot/shim
* sys-kernel/bootengine
* sys-libs/nss-usrfiles

See also
https://github.blog/2021-09-01-improving-git-protocol-security-github/.
 2021-11-02 08:27:25 +01:00
Dongsu Park
cf88c5ca11 dev-lang/yasm: update to 1.3.0-r1 to fix Github URL protocol 
Github now rejects an unauthenticated Github URL `git://`, so we need to
replace git with https.
To do that, sync with Gentoo for dev-lang/yasm 1.3.0-r1 including fix
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0793e1ac0b7c7b3e8572443bbd33faf7ddc26813
 2021-11-02 08:25:35 +01:00
Dongsu Park
bb68d68953 Merge pull request #237 from flatcar-linux/rust-1.56.1-main 
Upgrade virtual Rust in main from 1.56.0 to 1.56.1
 2021-11-01 17:25:35 +01:00
Dongsu Park
0072354ed4 Merge pull request #1385 from flatcar-linux/rust-1.56.1-main 
Upgrade dev-lang/rust in main from 1.56.0 to 1.56.1
 2021-11-01 17:25:25 +01:00
Flatcar Buildbot
4dfad63f67 Upgrade virtual Rust in main from 1.56.0 to 1.56.1 2021-11-01 13:19:50 +00:00
Flatcar Buildbot
03f98ebe38 dev-lang: Upgrade dev-lang/rust 1.56.0 to 1.56.1 2021-11-01 13:19:18 +00:00
Dongsu Park
7d2a26a07b sys-process/procps: update to 3.3.17-r1 
Now that ncurses 6.2_p20210619 dropped the USE flag 'unicode', it is
not possible to specify the flag in sys-process/procps.
We need to make the flag optional, by specifying '(+)'.

See also
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ec71f8061aaa422b7eedfd090e09211736579372

Simply sync with Gentoo for 3.3.17-r1 that includes the fix.
 2021-11-01 11:44:04 +01:00
Dongsu Park
7ca4e6f137 sys-apps/gptfdisk: update to 1.0.7-r2 
Now that ncurses 6.2_p20210619 dropped the USE flag 'unicode', it is
not possible to specify the flag in sys-apps/gptfdisk.
We need to make the flag optional, by specifying '(+)'.

See also
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d0c4f07166bac4c87f7e290f049e7a1603025444

Simply sync with Gentoo for 1.0.7-r2 that includes the fix.
 2021-11-01 11:40:54 +01:00
Dongsu Park
a06e7cbe30 sys-libs/readline: update to 8.1_p1-r1 
Now that ncurses 6.2_p20210619 dropped the USE flag 'unicode', it is
not possible to specify the flag in sys-libs/readline.
We need to make the flag optional, by specifying '(+)'.

See also
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df194650455b53175ed2852547169875002b2292

Simply sync with Gentoo for readline 8.1_p1-r1 that has the fix.
 2021-11-01 11:40:49 +01:00
Dongsu Park
d2e91b9a3d app-emulation/qemu: unicode(+) for sys-libs/ncurses 
Now that sys-libs/ncurses 6.2_p20210619 dropped the USE flag 'unicode',
it is not possible to specify the flag in app-emulation/qemu.
Make the unicode flag optional, by specifying '(+)'.

See also https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=20ea02f40f21d21e584fe45c9d1c8cfb57f5acc6
 2021-11-01 11:25:34 +01:00
Dongsu Park
fcf60d15ef profiles: delete unnecessary keywords for ncurses 
Since ncurses 6.2_p20210619 does not have the USE flag `unicode`,
we should clean up from profiles.
 2021-11-01 09:40:08 +01:00
Dongsu Park
b41edc4cf1 sys-libs/ncurses: Apply Flatcar patches 
Add a symlink-usr USE flag for keeping a minimal set of terminfo
files in /usr/share/terminfo.

Also allow writes to /dev/ptmx, which sometimes causes the sandbox
to fail Jenkins builds.

Based on 9a6728f5f5d63626e4a806664c0c031e913fd758 and
380aa9c60af1e68911a479747d12b5fddaf2b1a2 .
 2021-11-01 09:40:08 +01:00
Dongsu Park
da0f8fde32 sys-libs/ncurses: update to 6.2_p20210619 
Update sys-libs/ncurses to 6.2_p20210619, mainly to address
CVE-2021-39537.
 2021-11-01 09:40:08 +01:00
Dongsu Park
49eaaefc82 Merge pull request #1382 from flatcar-linux/jepio/selinux-base-bootstrap-fix 
selinux-base: fix build issue during boostrap
 2021-11-01 09:32:06 +01:00
Jeremi Piotrowski
2497549aa9 Update sec-policy/selinux-base/selinux-base-2.20200818-r2.ebuild 
Co-authored-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2021-10-29 12:43:04 +02:00
Jeremi Piotrowski
62a5205559 sec-policy/selinux-base: add missing BDEPEND=python[xml] 
selinux-base requires python to generate xml files, but the dependency
is implicit (through policycoreutils). Flatcar made that dependency
conditional on USE=python in policycoreutils so that we don't include
python in our images, but this causes selinux-base to fail depending on
ordering in the bootstrap process.

Fix that failure by addin an explicit dependency.
 2021-10-29 07:55:42 +00:00
Jeremi Piotrowski
3e548aca7e Revert "sec-policy/selinux-base: force sequential build in src_configure" 
This is not the cause for the build failure - a missing build time
dependency is.

This reverts commit ee3a8514ebd144f081b679225b332ef13b010e26.
 2021-10-29 07:54:25 +00:00
Kai Lüke
e5d3c03b00
Merge pull request #171 from flatcar-linux/kai/bucket-packages 
set_version: Document the bucket cache for packages
alpha-3046.0.0 		2021-10-28 18:07:19 +02:00
Kai Lueke
af8daf7dc8 set_version: Document the bucket cache for packages 
Dev builds need to use the bucket cache instead of the release
binary package mirror.
Document how the user can select the bucket cache.
 2021-10-28 17:45:48 +02:00
Dongsu Park
6b1f6ff813 Merge pull request #1375 from flatcar-linux/firmware-20211027-main 
Upgrade Linux Firmware in main from 20210919 to 20211027
 2021-10-28 16:49:17 +02:00
Dongsu Park
f6b3e2d375 sys-kernel/coreos-firmware: bump cxgb4 firmware version to 1.26.2.0 
Since linux-firmware 20211027 has a new cxgb4 firmware version 1.26.2.0,
we have to bump CXGB_VERSION, to avoid build failures.
 2021-10-28 12:39:27 +02:00
Dongsu Park
61fde6cbed profiles: accept keywords for wget 1.21.2. 
Accept both keywords ~amd64 and ~arm64, mainly to address
CVE-2021-31879.
 2021-10-28 10:19:38 +02:00
Dongsu Park
e376e392df net-misc/wget: update to 1.21.2 
Update net-misc/wget to 1.21.2, mainly to address CVE-2021-31879.
 2021-10-28 10:15:57 +02:00
Flatcar Buildbot
ff345e0697 sys-kernel: Upgrade Kernel 5.10.75 to 5.10.76 2021-10-28 07:35:14 +00:00