- remove explicit "-multilib" from prefix keywordsas it is set in
profile
- split heredoc for generating emerge wrapper so we don't need to
escape
- add sys-apps/bubblewrap and virtual/tmpfiles to package update
automation list
- use prefix build fix for libgpg-error from upstream
Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
This change adds experimental prefix builds to the Flatcar SDK.
Prefix builds use a custom sys prefix path and emerge all binaries and
runtime dependencies into that prefix.
This path can then e.g. be shipped as a portable sysext since it
includes all dependencies, and has libraries at a custom path so these
do not conflict with libraries on target systems.
Prefix uses a staging environment (path) featuring a full-blown
development environment, and a "final" environment for installing.
Staging and final need to be created using setup_prefix first,
which will also create an emerge wrapper to emerge ebuilds into staging
and subsequently final. The root fs in final may then e.g. be used to
create a distro independent, portable sysext.
Co-authored-by: James Le Cuirot <chewi@gentoo.org>
Co-authored-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Co-authored-by: Thilo Fromm <thilofromm@microsoft.com>
There's a bug in show-changes script where it defaults to values with
single quotes in them. So the default scripts directory is not
"scripts" but "'scripts'". This will be fixed in show-scripts, but for
now work it around here by explicitly defining the directories.
The configs provided by the openssh and Gentoo projects usually keep
everything commented out, meaning that the default values will be
used. On top of that, they will also include snippets in the snippet
directory. As such, start installing the default configs. We only mask
a snippet that defines sftp subsystem, because we provide our own
config snippet from coreos-base/misc-files that defines it.
We will be installing an sshd config snippet instead of replacing the
whole sshd config. In order to pull this off, we need to make sure
that the snippets directory exists and the main sshd config file
actually includes the snippets in the directory.
This commit updates our Flatcar patch with a code that will install an
sshd config snippet instead of editing the main sshd config file if
snippets directory exists.
The sshd config provided by this package is now marked as provided for
compatibility only - it will be there in case there is still a symlink
in /etc pointing to it. The new config snippet will be used by the
enable oslogin stuff in the updated coreos-base/oem-gce package in
following commits.
First issue is that on Jenkins, the beginning of the output seems to
be eaten, leaving us only the final part of the reports. This looks
like an issue stemming from redirecting stdout to stdout with
">/dev/stdout". Special case the stdout by not redirecting anything in
such case.
Second issue is that errors printed by the tools we use for generating
the reports go to stderr, so they don't show in the report. So
redirect their stderr to stdout, so the possible errors are visible in
the report file too. We do not want to redirect the stderr of the
print_image_reports function, because that would also capture
debugging stuff from "set -x" that GitHub Actions are using.
- Import and update configs for ssh client and daemon from the
flatcar/init repository. These configs have now became snippets that
the main configuration file will include.
- Install a drop-in file for the ssh.socket unit disabling the rate
limiting.
- Install compatibility symlinks in old ssh config locations that will
point to respective files in /usr/share/flatcar/etc.
- Make all these actions optional - openssh USE flag needs to be
enabled. That way, generic images can pull those changes, while SDK
can avoid doing so.
None of these modifications are Flatcar-specific. We are trying to
upstream them in https://github.com/gentoo/gentoo/pull/31615. When
they reach Gentoo, we can move net-misc/openssh to portage-stable.
We push a commit with the nightly SDK tag to the main branch if the
SDK was built from the main branch. Which is what happens when we
build the nightly intermediate SDK. The final nightly SDK is not built
from the main branch, but rather from the nightly intermediate SDK
tag. Both of them point to the exactly same commit, but the difference
is in what `git rev-parse --abbrev-ref HEAD` returns for each of
those. When the main branch is checked out, the command will return
"main". When the nightly intermediate SDK tag is checked out, the
command will return "HEAD". So when nightly final SDK is being built,
the command returns a string different than "main" and thus decides
not to push the commit with the final nightly SDK tag to the main
branch. Rework it to assume that if `git rev-parse HEAD` and `git
rev-parse origin/main` return the same commit hash (and it's the
nightly build and all that) then the commit should be pushed.
We use "origin/main" instead of just "main" just in case the main
branch was not checked out before, for some reason (may come up in
testing with different names for the main branch when testing).
