Cherry-picked from kinvolk/coreos-overlay@d0426cf.
Add a symlink-usr USE flag for keeping a minimal set of terminfo
files in /usr/share/terminfo.
Also allow writes to /dev/ptmx, which sometimes causes the sandbox
to fail Jenkins builds.
Check issue kinvolk/Flatcar#364 for further details.
Signed-off-by: Jose Blanquicet <blanquicet@gmail.com>
This commit synchronises ncurses with gentoo/gentoo@69bf5af thus
it updates the package from 6.1-r2 to 6.2-r1.
Check issue kinvolk/Flatcar#364 for further details.
Signed-off-by: Jose Blanquicet <blanquicet@gmail.com>
This pulls in
https://github.com/kinvolk/init/pull/38
to set predictable network interface names as alternative interface
names for virtio devices, and also add a special hardcoded ens4v1
name for GCE because the special udev rule to rename the device
stopped working after the systemd 247 update.
While the execution of the unit may succeed by finding the executables
by searching the current PATH, calling `systemd-analyze verify` on the
units fails because this requires an absolute path.
When listing kernel modules to decide which firmware should be shipped
together with the image, we need to now list both compressed and
uncompressed module.
Fixes: kinvolk/Flatcar#359
In https://github.com/kinvolk/coreos-overlay/pull/875 the repository
was switched to a fork from the archived upstream repository. However,
the ebuild was still using a reference to an old squashed Flatcar build
bot commit from the git-sync times that was only present in our old
repository.
Switch to a reference to the latest commit on the new repository which
in fact does not introduce any changes.
Since rkt will be deprecated soon, we should make toolbox run docker
instead of rkt.
Also delete dependency on `app-emulation/rkt`, and update hyperlinks.
It pulls in https://github.com/kinvolk/toolbox/pull/1 .
This change adds the USE flag cros_host to the
SDK's make.default, as part of a larger fix for the SDK bootstrap build.
The SDK bootstrap build was broken in stage 1 since package upgrades
were allowed to leak into that phase.
We now limit stage 1 to only "known good" package ebuilds, which caused
downstream breakage from missing flags in the stage 2 SDK bootstrapping.
This change fixes that breakage.
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
This change explicitly calls python3 (instead of python) in pycmd
so portage commands work (as we ship python 2, too, and it's still
the default).
Also, 'static-libs' and 'opempn' are added to the
bootstrap emerge USE flags (stage 3 of the bootstrap-sh script,
which is run in stage 2 of the SDK catalyst bootstrapping process):
- 'static-libs' un-breaks the zlib build: zlib installed has this flag
set and zlib requested per emerge command line in
bootstrap.sh stage 3 needs this flag to prevent a slot conflict.
- 'openmp' is to honor requirements of newer versions of GCC and is
added according to Gentoo guidelines published here:
https://wiki.gentoo.org/wiki/User:Sakaki/Sakaki%27s_EFI_Install_Guide/Building_the_Gentoo_Base_System_Minus_Kernel#Gentoo_Bootstrap_Remix:_Progressing_from_Stage_1_to_Stage_2
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
- Drop binddist from RESTRICT variable
- Drop pkg_postinst
- Create /etc/ssl with tmpfiles (and package it for the SDK).
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
Temporarily disable Prctl and InitSeccomp for NoNewPrivileges, to be able
to make docker/runc work with "--security-opt=no-new-privileges".
So far it has worked without disabling NoNewPrivileges until runc
1.0.0-rc92,
which allowed the "selinux" build tag. Since runc 1.0.0-rc93, however,
the selinux build tag is now gone, so selinux is always enabled.
That's why `docker run --security-opt=no-new-privileges` failed.
Until we could figure out its real reason, let's temporarily disable
NoNewPrivilges to make the CI pass.
