CloudSigma uses a serial port to transfer metadata into a running
instance. Because the service was overwritten with the configuration
"restart" it was possible that the previous instance got interrupted.
This left the serial connection in an non-deterministic state as the
next user would get output from the previous request. The service in
general was not needed as the cloud oem is already set to cloudsigma.
This pulls in https://github.com/flatcar/init/pull/114 to
support a flag to skip providing OEM payloads, with the goal of easing
downgrades to non-sysext-OEM releases or, when backported to LTS with
the default behavior switched, to opt-in to OEM payloads for airgapped
updates that can't use the fallback download.
Update afterburn to 5.5.1, and remove the patch 0003 for fixing
cross-build issue of arm64, because the upstream fix
https://github.com/coreos/afterburn/pull/1022 is already included in
5.5.1.
- install curl before baselayout
Now that Github rejects access to an unauthenticated URL with
`git://`, we have to make git and libcurl work with
`https://`. However, during the SDK stage2, curl is not explicitly
installed, but just inherited from the stage1. As a result, curl is
built without the `ssl` USE flag. So installation of baselayout
fails with:
```
git fetch https://github.com/flatcar-linux/baselayout.git --prune +HEAD:refs/git-r3/HEAD
fatal: unable to access 'https://github.com/flatcar-linux/baselayout.git/':
Protocol "https" not supported or disabled in libcurl
```
To resolve the issue, we need to install curl with `BOOTSTRAP_USE=ssl`
before trying to install baselayout.
- update openssl before stage3
Right now our bootstrap flow is different then gentoo's - we don't
update the seed when building stage1 and use a different ebuilds
snapshot for stage1 compared to stage2 and stage3. This is causing
us trouble now, because we introduced openssl-3, but seed/stage1
still contains openssl-1.1. During `emerge -e @system` in stage3,
some packages that depend on openssl may build against the stage1
version, which results in an error during depcleaning (they would
need to be rebuilt instead). Stage3 is not extensible, so instead,
explicitly update openssl in stage2. This workaround can be removed
as soon as we release a seed with openssl-3.
Co-authored-by: Dongsu Park <dpark@linux.microsoft.com>
Co-authored-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Co-authored-by: Krzesimir Nowak <knowak@microsoft.com>
