Sync ebuild to upstream version to switch to EAPI=7, as previous
EAPIs cause issues with multilib deps when running ./build_toolchains
in the context of arm64 SDK.
Upstream commit e4adffda16496e86a61020e8569c6974f8018983
commit 5c4d184e22fd93ab926878a131150047b54d0b6c
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Fri Aug 1 14:48:59 2014 -0700
polkit: fix config install paths, use systemd-tmpfiles
All configs should be installed to /usr and tmpfiles should be used to
create and fix directory permissions instead of the ebuild's postinst.
For HTTPS to work and also for it to deliver the security promises we
need to ship the latest certificate database.
Update the package version symlink in oder to fetch the database from
the newest NSS release under
https://ftp.mozilla.org/pub/security/nss/releases/
and do a "ebuild ca-certificates-3.69.1.ebuild manifest" run.
if the test is ran for ARM64, there is no need to run `update_chroot`
since there is no SDK.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
It's from gentoo commit 05ac71ce6639a14df6af2f05db1c57d147fd0f19.
The updated sys-apps/gawk started to depend on a newer version of
sys-devel/bison, so update the latter too.
The SDK can either be a release SDK or a dev build SDK which are stored
in different paths. DOWNLOAD_ROOT_SDK should be based on the
SDK_URL_PATH value which indicates whether it's a release or dev build
path.
bootstrap_sdk runs catalyst.sh which will try to download the SDK if the
verify digest fails.
Importing the DIGEST allows to skip this step and to continue with the
previously downloaded SDK.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
When PORTAGE_REF or OVERLAY_REF are numbers, we can change the way the refspec
is constructed to allow fetching a PR instead instead of a branch. Checking for
equality using '[' works to detect numbers, bash's '[[' doesn't.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Otherwise, it was failing since we check for unbound variable:
```
/bin/bash: line 1: PORTAGE_BINHOST: unbound variable
```
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Otherwise, the variable is empty and it creates errors later. Default
value is `gs://flatcar-jenkins`. Not `GS_DEVEL_ROOT` because if we check
the previous behavior, `DOWNLOAD_ROOT` was hardcoded with:
```shell
DOWNLOAD_ROOT_SDK=https://storage.googleapis.com/flatcar-jenkins/sdk
```
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
`$verify_key` actually holds `--verify-key=verify.asc` so of course
`systemd-nspawn` fails since it does not expect `--verify-key` value.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
With the update of the sys-apps/util-linux package, another cycle has
reared its ugly head. Looks like the package got an optional
dependency on sys-fs/cryptsetup, so break it.
The catalyst build uses the same SDK version as seed as the current SDK, but
will only reuse the cached tarball if a DIGESTS file exists and is correct.
Prefetch this file to prevent the build from trying to access google storage
anonymously.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
because we need to pass google credentials to update_chroot, and 'cork update'
doesn't support that.
Add --sdk-url-path to sdk.sh for new cork default.
