mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-10-13 16:31:30 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,840 Commits 608 Branches 413 Tags
Commit Graph

8866 Commits

Author SHA1 Message Date
Krzesimir Nowak
b15055684e .github: Deduplicate kernel workflows 
Also use a newer version of the create pull request action, and apply
correct labels ("alpha" or "stable" instead of "flatcar-XXXX").
 2022-10-18 11:37:01 +02:00
Krzesimir Nowak
8d00adc16c .github: Simplify ca-certificates patch script 
No point in setting UPDATE_NEEDED to zero if we exit the script
without doing anything with the just set variable.

Also fix the mismatch in branch names - we normally create a branch
like "cacerts-${NSS_VERSION}-${BRANCH}" in the last workflow step
whereas we were checking if a branch like "${NSS_VERSION}-${BRANCH}"
existed in the script. To avoid repetition, export the branch name as
a github workflow step output, so the follow-up steps can pick it up
and use.
 2022-10-18 11:37:01 +02:00
Krzesimir Nowak
c1a9aa5a97 .github: Deduplicate ca-certificates workflows 
Also use a newer version of the create pull request action, and apply
correct labels ("alpha" or "stable" instead of "flatcar-XXXX").
 2022-10-18 11:37:01 +02:00
Krzesimir Nowak
522749197c .github: Add a script for figuring out a branch from channel name 
It will be used for deduplicating the github workflows.
 2022-10-18 11:32:10 +02:00
Krzesimir Nowak
7c4b588a5c github: Make workflows fork-friendly 
This sets up the coreos-overlay submodule inside the SDK container to
use the remote of the fork and the base branch from that fork. That
way, we can test the workflows in the forks too.
 2022-10-18 11:32:10 +02:00
Franklin "Snaipe" Mathieu
81a35f0027 sys-kernel: enable IOMMU on arm64 
On Gigabyte R152-P31 arm64 servers, the Flatcar PXE images hang during the boot
process, making them unusable, while Fedora CoreOS images work.

The kernel seems to start correctly, however it invariably ends up printing
this message and hanging:

    ata1.00: qc timeout (cmd 0xec)
    ahci 000c:01:00.0: AHCI controller unavailable!
    pcieport 000c:00:01.0: AER: Uncorrected (Non-Fatal) error received: 000c:00:00.0
    ata1.00: failed to IDENTIFY (I/O error, err_mask=0x4)
    pcieport 000c:00:01.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
    pcieport 000c:00:01.0:   device [1def:e101] error status/mask=00004000/00400000
    pcieport 000c:00:01.0:    [14] CmpltTO                (First)
    ahci 000c:01:00.0: AHCI controller unavailable!
    ahci 000c:01:00.0: AER: can't recover (no error_detected callback)
    pcieport 000c:00:01.0: AER: device recovery failed
    pcieport 000c:00:01.0: AER: Multiple Uncorrected (Non-Fatal) error received: 000c:00:00.0

Enabling IOMMU seems to make the problem disappear.
 2022-10-17 16:50:07 +02:00
Flatcar Buildbot
1166d236f9 app-misc: Upgrade ca-certificates 3.83 to 3.84 2022-10-17 07:53:26 +00:00
Flatcar Buildbot
c3d3fe075f sys-kernel: Upgrade Kernel 5.15.73 to 5.15.74 2022-10-15 07:31:35 +00:00
Krzesimir Nowak
78429927ca Merge pull request #2209 from flatcar/krnowak/weekly-package-updates 
Profile changes for weekly package updates
 2022-10-14 13:06:12 +02:00
Sayan Chowdhury
937fac6d07 net-vpn/wireguard-tools: Move to portage-stable 2022-10-14 10:38:46 +00:00
Dongsu Park
4388c058bb Merge pull request #2216 from flatcar/firmware-20221012-main 
Upgrade Linux Firmware in main from 20220913 to 20221012
 2022-10-13 16:55:12 +02:00
Krzesimir Nowak
977e0affcc changelog: Fix a link 2022-10-13 10:47:34 +02:00
Dongsu Park
75b7a21d40 sys-kernel/coreos-firmware: update cxgb4 version to 1.27.0.0 
Fix build issues of coreos-firmware, by bumping the cxgb4 firmware
version to 1.27.0.0.
 2022-10-13 09:46:52 +02:00
Flatcar Buildbot
c1c8edd5a0 sys-kernel: Upgrade Kernel 5.15.72 to 5.15.73 2022-10-13 07:40:15 +00:00
Flatcar Buildbot
de054baecd sys-kernel: Upgrade Linux Firmware 20220913 to 20221012 2022-10-13 07:29:55 +00:00
Krzesimir Nowak
13e5c2598f changelog: Add entries 2022-10-12 12:41:49 +02:00
Aniruddha Basak
a1a96c009d app-admin/logrotate: Apply Flatcar modifications 2022-10-12 12:41:49 +02:00
Krzesimir Nowak
40e891505e app-admin/logrotate: Sync with Gentoo 
It's from Gentoo commit fef4d6517bb66698022978cd835a56d5701e318a.
 2022-10-12 12:24:45 +02:00
Krzesimir Nowak
8a6b90ffc1 Merge pull request #2211 from flatcar/krnowak/dbus-update 
sys-apps/dbus: Update to 1.14.4
 2022-10-12 12:09:02 +02:00
Dongsu Park
8394036bc7 Merge pull request #2188 from flatcar/rust-1.64.0-main 
Upgrade dev-lang/rust and virtual/rust in main from 1.63.0 to 1.64.0
 2022-10-12 10:31:17 +02:00
Dongsu Park
835970dc2c coreos-base/update_engine: check ld-linux-*.so.2 for glibc 2.34 
While glibc 2.33 has /lib64/ld-2.33.so, glibc 2.34 does not have that,
but only /lib64/ld-linux-x86-64.so.2. So we should also check ld-linux-*
as well.

Pulls in https://github.com/flatcar-linux/update_engine/pull/17.
 2022-10-11 17:06:44 +02:00
Dongsu Park
448e9aca9b changelog: add changelog for glibc 2.34 2022-10-11 16:11:53 +02:00
Krzesimir Nowak
176b1cc152 sys-libs/glibc: Apply Flatcar modifications 
- take care of nscd.conf via tmpfiles, add files/nscd-conf.tmpfiles.
  - don't run sanity checks in pkg_pretend to prevent gcc checks when
    only the binary package is installed.
  - comment out 'dostrip -x' to force the OS image binaries to be stripped
  - remove everything glibc wants to put under /etc since we use
    baselayout to provide that
 2022-10-11 16:11:53 +02:00
Krzesimir Nowak
f2f8da03f9 sys-libs/glibc: Sync with Gentoo 
It's from Gentoo commit a3d93f81ed9442703de09b684f309d8e1d596571.
 2022-10-11 16:11:52 +02:00
Krzesimir Nowak
0a266b2209 changelog: Add entries 2022-10-11 14:04:55 +02:00
Dongsu Park
8e82ad0b20 changelog: add changelog for Rust 1.64.0 2022-10-11 13:41:32 +02:00
Flatcar Buildbot
0dc33cdd0c dev-lang: Upgrade dev-lang/rust 1.63.0 to 1.64.0 2022-10-11 13:41:32 +02:00
Krzesimir Nowak
9d3024be79 changelog: Add an entry 2022-10-11 13:03:03 +02:00
Krzesimir Nowak
6128c49a80 Merge pull request #2208 from flatcar/go-1.17.13-and-1.18.7-main 
Upgrade Go from 1.18.6 to 1.18.7
 2022-10-11 12:55:33 +02:00
Kai Lüke
ff185a491c Merge pull request #2207 from genesiscloud/nftables-bridge-conntrack-meta 
Enable nf_conntrack_bridge and nft_meta_bridge kernel modules
 2022-10-11 11:28:37 +02:00
Lukas Stockner
46ff05ed65 Update changelog 
Co-authored-by: Kai Lüke <pothos@users.noreply.github.com>
 2022-10-11 11:23:32 +02:00
Krzesimir Nowak
f3a354c8d1 sys-apps/dbus: Apply Flatcar modifications 2022-10-10 11:59:12 +02:00
Krzesimir Nowak
0d9aaf7b05 sys-apps/dbus: Sync with Gentoo 
It's from Gentoo commit 42b645e918ddd5fd999926bc8c0a417a9f8c3be4.
 2022-10-10 11:59:12 +02:00
Krzesimir Nowak
5be55ae97d profiles: Add accept keywords for app-editors/{vim,vim-core} 2022-10-10 11:29:55 +02:00
Krzesimir Nowak
48bf9a6645 app-editors/{vim,vim-core}: Move back to portage-stable 2022-10-10 11:29:34 +02:00
Krzesimir Nowak
de55948ac3 profiles: Disable python stuff for dev-libs/libxslt 
The libxslt upstream fixed their python bindings, so they are not
python2 only. Gentoo then started to build them. Since we have fared
well so far without the bindings, keep on not building them.
 2022-10-10 10:28:26 +02:00
Krzesimir Nowak
1d3daed50a profiles: Update accept keywords for dev-util/bpftool 
Bpftool 5.18.11 is gone from portage-stable, 5.19.2 is the new stable
version for amd64. There's still no keyword for arm64, so we need to
keep the entry in the profiles for arm64.
 2022-10-10 10:14:20 +02:00
Krzesimir Nowak
501c6ca99c profiles: Drop accept keywords for dev-libs/libxml2 
The updated package became stable for both amd64 and arm64.
 2022-10-10 10:05:46 +02:00
Flatcar Buildbot
d4ead663b9 dev-lang: Upgrade Go 1.18.6 to 1.18.7 2022-10-10 07:54:23 +00:00
Lukas Stockner
74ee472821 Enable nf_conntrack_bridge and nft_meta_bridge kernel modules 
This allows to use conntrack rules for bridges in nftables
and to match on bridge interface names.
 2022-10-07 15:56:07 +02:00
Flatcar Buildbot
7294ee7abe sys-kernel: Upgrade Kernel 5.15.71 to 5.15.72 2022-10-06 07:32:31 +00:00
Jeremi Piotrowski
4f01a18c37 profile/coreos/arm64: switch parent profile to 17.0/hardened 
This was left as a 'TODO', but finally showed up when building the arm64 SDK.
The generic parent profile caused arm64 SDK (but also production images) to
have several USE flags missing, most importantly acl. Without acl, `usermod -m`
fails to correctly copy skeleton files when creating a new user.

Switch to parent profile to one matching the amd64 parent profile, which brings
the two arches closer together.
 2022-10-05 16:40:11 +02:00
Flatcar Buildbot
fd4783ca0a sys-kernel: Upgrade Kernel 5.15.70 to 5.15.71 2022-10-05 14:54:26 +02:00
Krzesimir Nowak
13e9213d84 Merge pull request #2180 from flatcar/krnowak/dev-util-update 
Development utilities update
 2022-10-05 11:32:37 +02:00
Krzesimir Nowak
aa403ffeea changelog: Add an entry 2022-10-04 16:37:41 +02:00
Krzesimir Nowak
2e726adb32 coreos-base/coreos-init: Bring in the port customization changes 2022-10-04 15:07:17 +02:00
Krzesimir Nowak
ff6227115d coreos-base/hard-host-depends: Drop dev-util/scons 
There isn't anything that uses scons, so drop it from SDK.
 2022-10-04 14:52:10 +02:00
Krzesimir Nowak
ade775850b coreos/config: Drop overrides for dev-util/dialog 
It's not packaged in neither in overlay nor in portage-stable.
 2022-10-04 14:52:10 +02:00
Dongsu Park
70e0da0687 dev-util/bsdiff: Apply Flatcar modifications 
Apply existing Flatcar changes on top of vanilla Gentoo ebuilds:
- add arm64 keyword
- apply the sais patch
- fix a heap overflow vulnerability in bspatch included in bsdiff.

Originally the security issue was published as [FreeBSD-SA-16:29](https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc),
which pointed to a FreeBSD [patch](https://security.freebsd.org/patches/SA-16:29/bspatch.patch).
However, the patch was a set of huge changes including other unrelated
changes. That's why it was not simple at all to apply the patch to
bsdiff. Both Gentoo and Flatcar have not included the fix.

Fortunately X41 D-SEC [examined](https://www.x41-dsec.de/security/news/working/research/2020/07/15/bspatch/)
the issue again, and nailed down to a simple patch that can be easily
applied to other trees. We simply take the patch with minimal changes.

See also [CVE-2020-14315](https://nvd.nist.gov/vuln/detail/CVE-2020-14315).

It is based on the following commits:

[4ee6aa895a02](https://github.com/kinvolk/coreos-overlay/commit/4ee6aa895a02) ("Add arm64 keywords")
[60d47e7359d1](https://github.com/kinvolk/coreos-overlay/commit/60d47e7359d1) ("Change suffix sort to sais-lite")
[7d3ac2a049dd](https://github.com/kinvolk/coreos-overlay/commit/7d3ac2a049dd) ("fix heap overflow vulnerability CVE-2020-14315")
 2022-10-04 14:52:10 +02:00
Krzesimir Nowak
e358a89307 dev-util/bsdiff: Sync with Gentoo 
It's from Gentoo commit 98ef629ba44e42abf5dd75e2e2c44994d85bc409.
 2022-10-04 14:52:10 +02:00