mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-26 17:01:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
22,162 Commits 615 Branches 396 Tags
Commit Graph

14356 Commits

Author SHA1 Message Date
Dongsu Park
43bb898cbc Revert "dev-lang/yasm: update to 1.3.0-r1 to fix Github URL protocol" 
This reverts commit ea28ab385dfffa6b0cbd7267b557764e35f7b060.
 2021-11-02 18:34:42 +01:00
Dongsu Park
90bc60e15a Revert "*: use https instead of git for Github URLs" 
This reverts commit c2c0d33ed7b3481ee9ce54fb4a1618d41c5eee53.
 2021-11-02 18:31:17 +01:00
Dongsu Park
09be16c283 Revert "profiles: update dev-lang/yasm to 1.3.0-r1 for ~arm64" 
This reverts commit b79b2bb0afedefbab9381473f994d2c7375f11a0.
 2021-11-02 18:31:17 +01:00
Mathieu Tortuyaux
61b1e97237 profiles/base: enable fips for dev-libs/openssl 
enabling `fips` support will compile `fips.so` provider for user who
wants to use `fips` as OpenSSL provider.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2021-11-02 18:28:10 +01:00
Mathieu Tortuyaux
b3a9d297ee dev-libs/openssl: apply flatcar changes 
- drop `pkg_postint`
- create `/etc/ssl` with systemd-tmpfiles

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2021-11-02 18:25:55 +01:00
Mathieu Tortuyaux
ca192320b3 dev-libs/openssl: sync with upstream 
it basically brings this commit: 895d71e3d1

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2021-11-02 18:24:35 +01:00
Sayan Chowdhury
10316541c9 Merge pull request #1379 from flatcar-linux/linux-5.10.76-main 
Upgrade Linux Kernel in main from 5.10.75 to 5.10.76
 2021-11-02 20:39:14 +05:30
Dongsu Park
6e0fd76493 Merge pull request #236 from flatcar-linux/dongsu/ncurses-6.2-20210619 
*: update gptfdisk, readline, procps for ncurses 6.2_p20210619
 2021-11-02 15:15:46 +01:00
Dongsu Park
95c2a8fe10 Merge pull request #1383 from flatcar-linux/dongsu/ncurses-6.2-20210619 
sys-libs/ncurses: update to 6.2_p20210619
 2021-11-02 15:15:35 +01:00
Dongsu Park
d8a0045753 Merge pull request #233 from flatcar-linux/dongsu/wget-1.21.2 
net-misc/wget: update to 1.21.2
 2021-11-02 14:25:42 +01:00
Dongsu Park
1f8a64c14c Merge pull request #1381 from flatcar-linux/dongsu/wget-1.21.2 
profiles: accept keywords for wget 1.21.2.
 2021-11-02 14:24:41 +01:00
Dongsu Park
6e3c5a85d6 profiles: update dev-lang/yasm to 1.3.0-r1 for ~arm64 2021-11-02 08:36:05 +01:00
Dongsu Park
68bc2f4d3c *: use https instead of git for Github URLs 
Replace `git://` with `https://` for GITHUB URLs, because Github now
rejects an unauthenticated git access.

* app-admin/locksmith
* app-admin/mayday
* app-admin/sdnotify-proxy
* app-admin/toolbox
* app-admin/updateservicectl
* app-arch/torcx
* app-crypt/go-tspi
* app-emulation/acbuild
* app-emulation/actool
* coreos-base/afterburn
* coreos-base/coreos-cloudinit
* coreos-base/coreos-init
* coreos-base/emerge-gitclone
* coreos-base/nova-agent-watcher
* coreos-base/update-ssh-keys
* coreos-base/update_engine
* coreos-devel/fero-client
* coreos-devel/mantle
* sys-apps/baselayout
* sys-apps/ignition
* sys-apps/seismograph
* sys-boot/grub
* sys-boot/shim
* sys-kernel/bootengine
* sys-libs/nss-usrfiles

See also
https://github.blog/2021-09-01-improving-git-protocol-security-github/.
 2021-11-02 08:27:25 +01:00
Dongsu Park
cf88c5ca11 dev-lang/yasm: update to 1.3.0-r1 to fix Github URL protocol 
Github now rejects an unauthenticated Github URL `git://`, so we need to
replace git with https.
To do that, sync with Gentoo for dev-lang/yasm 1.3.0-r1 including fix
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0793e1ac0b7c7b3e8572443bbd33faf7ddc26813
 2021-11-02 08:25:35 +01:00
Flatcar Buildbot
4dfad63f67 Upgrade virtual Rust in main from 1.56.0 to 1.56.1 2021-11-01 13:19:50 +00:00
Flatcar Buildbot
03f98ebe38 dev-lang: Upgrade dev-lang/rust 1.56.0 to 1.56.1 2021-11-01 13:19:18 +00:00
Dongsu Park
7d2a26a07b sys-process/procps: update to 3.3.17-r1 
Now that ncurses 6.2_p20210619 dropped the USE flag 'unicode', it is
not possible to specify the flag in sys-process/procps.
We need to make the flag optional, by specifying '(+)'.

See also
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ec71f8061aaa422b7eedfd090e09211736579372

Simply sync with Gentoo for 3.3.17-r1 that includes the fix.
 2021-11-01 11:44:04 +01:00
Dongsu Park
7ca4e6f137 sys-apps/gptfdisk: update to 1.0.7-r2 
Now that ncurses 6.2_p20210619 dropped the USE flag 'unicode', it is
not possible to specify the flag in sys-apps/gptfdisk.
We need to make the flag optional, by specifying '(+)'.

See also
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d0c4f07166bac4c87f7e290f049e7a1603025444

Simply sync with Gentoo for 1.0.7-r2 that includes the fix.
 2021-11-01 11:40:54 +01:00
Dongsu Park
a06e7cbe30 sys-libs/readline: update to 8.1_p1-r1 
Now that ncurses 6.2_p20210619 dropped the USE flag 'unicode', it is
not possible to specify the flag in sys-libs/readline.
We need to make the flag optional, by specifying '(+)'.

See also
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df194650455b53175ed2852547169875002b2292

Simply sync with Gentoo for readline 8.1_p1-r1 that has the fix.
 2021-11-01 11:40:49 +01:00
Dongsu Park
d2e91b9a3d app-emulation/qemu: unicode(+) for sys-libs/ncurses 
Now that sys-libs/ncurses 6.2_p20210619 dropped the USE flag 'unicode',
it is not possible to specify the flag in app-emulation/qemu.
Make the unicode flag optional, by specifying '(+)'.

See also https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=20ea02f40f21d21e584fe45c9d1c8cfb57f5acc6
 2021-11-01 11:25:34 +01:00
Dongsu Park
fcf60d15ef profiles: delete unnecessary keywords for ncurses 
Since ncurses 6.2_p20210619 does not have the USE flag `unicode`,
we should clean up from profiles.
 2021-11-01 09:40:08 +01:00
Dongsu Park
b41edc4cf1 sys-libs/ncurses: Apply Flatcar patches 
Add a symlink-usr USE flag for keeping a minimal set of terminfo
files in /usr/share/terminfo.

Also allow writes to /dev/ptmx, which sometimes causes the sandbox
to fail Jenkins builds.

Based on 9a6728f5f5d63626e4a806664c0c031e913fd758 and
380aa9c60af1e68911a479747d12b5fddaf2b1a2 .
 2021-11-01 09:40:08 +01:00
Dongsu Park
da0f8fde32 sys-libs/ncurses: update to 6.2_p20210619 
Update sys-libs/ncurses to 6.2_p20210619, mainly to address
CVE-2021-39537.
 2021-11-01 09:40:08 +01:00
Jeremi Piotrowski
2497549aa9 Update sec-policy/selinux-base/selinux-base-2.20200818-r2.ebuild 
Co-authored-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2021-10-29 12:43:04 +02:00
Jeremi Piotrowski
62a5205559 sec-policy/selinux-base: add missing BDEPEND=python[xml] 
selinux-base requires python to generate xml files, but the dependency
is implicit (through policycoreutils). Flatcar made that dependency
conditional on USE=python in policycoreutils so that we don't include
python in our images, but this causes selinux-base to fail depending on
ordering in the bootstrap process.

Fix that failure by addin an explicit dependency.
 2021-10-29 07:55:42 +00:00
Jeremi Piotrowski
3e548aca7e Revert "sec-policy/selinux-base: force sequential build in src_configure" 
This is not the cause for the build failure - a missing build time
dependency is.

This reverts commit ee3a8514ebd144f081b679225b332ef13b010e26.
 2021-10-29 07:54:25 +00:00
Dongsu Park
f6b3e2d375 sys-kernel/coreos-firmware: bump cxgb4 firmware version to 1.26.2.0 
Since linux-firmware 20211027 has a new cxgb4 firmware version 1.26.2.0,
we have to bump CXGB_VERSION, to avoid build failures.
 2021-10-28 12:39:27 +02:00
Dongsu Park
61fde6cbed profiles: accept keywords for wget 1.21.2. 
Accept both keywords ~amd64 and ~arm64, mainly to address
CVE-2021-31879.
 2021-10-28 10:19:38 +02:00
Dongsu Park
e376e392df net-misc/wget: update to 1.21.2 
Update net-misc/wget to 1.21.2, mainly to address CVE-2021-31879.
 2021-10-28 10:15:57 +02:00
Flatcar Buildbot
ff345e0697 sys-kernel: Upgrade Kernel 5.10.75 to 5.10.76 2021-10-28 07:35:14 +00:00
Flatcar Buildbot
9fa19b06ac sys-kernel: Upgrade Linux Firmware 20210919 to 20211027 2021-10-28 07:11:13 +00:00
Jeremi Piotrowski
1507a314b4 Merge pull request #1372 from flatcar-linux/jepio/selinux-base-sequential 
sec-policy/selinux-base: force sequential build in src_configure.
 2021-10-27 20:22:54 +02:00
Dongsu Park
89a86a1bf1 Merge pull request #1373 from flatcar-linux/docker-20.10.10-main 
Upgrade Docker in main from 20.10.9 to 20.10.10
 2021-10-27 14:45:14 +02:00
Jeremi Piotrowski
986a4f6a2a sec-policy/selinux-base: force sequential build in src_configure 
The build has been failing occasionally, due to some kind of race condition.
The last lines of log output look like this:

   Updating policy/booleans.conf and policy/modules.conf
   python3 -t -t -E -W error support/sedoctool.py -b policy/booleans.conf -m policy/modules.conf -x doc/policy.xml
   support/sedoctool.py exiting for: Error while parsing xml
   make: *** [Makefile:415: conf.intermediate] Error 1
    * ERROR: sec-policy/selinux-base-2.20200818-r2::coreos failed (configure phase):
    *   emake failed

Try to fix this by forcing a sequential build.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2021-10-27 10:54:00 +02:00
Flatcar Buildbot
d95a5d9826 app-emulation: Upgrade Docker 20.10.9 to 20.10.10 2021-10-27 07:47:22 +00:00
Dongsu Park
37b3325d0b dev-lang/rust: adjust ebuild for Rust 1.56.0 
To fix build failures, adjust ebuild file for Rust 1.56.0,
syncing with Gentoo.

Gentoo ref: d4e208e91591026acece35da8445b27fa20d3d5f
 2021-10-26 14:24:29 +02:00
Flatcar Buildbot
a9b55251cd Upgrade virtual Rust in main from 1.55.0 to 1.56.0 2021-10-26 12:08:10 +00:00
Flatcar Buildbot
da6611987c dev-lang: Upgrade dev-lang/rust 1.55.0 to 1.56.0 2021-10-26 12:07:39 +00:00
Jeremi Piotrowski
e31ef0ca87 Merge pull request #230 from flatcar-linux/jepio/update-gcc-deps-to-eapi-7 
update gcc deps to EAPI=7.
 2021-10-26 13:53:17 +02:00
Dongsu Park
4aa1a282d9 .github: update accept_keywords also for virtual/rust 
PR https://github.com/flatcar-linux/coreos-overlay/pull/432 started
to replace `dev-lang/rust` in accept_keywords with its new version.
However, its corresponding `virtual/rust` has never been updated.
That issue had been hidden until
4463efcfd4
started adding `virtual/rust` to accept_keywords.
Unlike `dev-lang/rust`, keywords for `virtual/rust` stayed with old
versions. As a result, subsequent Github Actions PRs for rust become
all invalid, so build failures.

Fix the issue by replacing versions of `virtual/rust` with new versions.
Also try to match with version specifiers, not only `=` but also `>=`,
'<=', '~'.
 2021-10-26 11:53:08 +02:00
Dongsu Park
739e98dc59 Merge pull request #1366 from aniruddha2000/aniruddha/remove-nmap-accept-keywords 
Remove nmap keyword from arm64/package.accept_keywords
 2021-10-25 17:27:00 +02:00
Dongsu Park
796ba1eeb5 Merge pull request #229 from aniruddha2000/aniruddha/update-nmap-7.92 
Update net-analyzer/nmap to v7.92
 2021-10-25 17:26:52 +02:00
Dongsu Park
666787c9ee Merge pull request #1367 from aniruddha2000/aniruddha/update-cryptsetup-accept-keywords 
Update accept keyword for cryptsetup 2.4.1
 2021-10-25 17:26:44 +02:00
Aniruddha Basak
ec9c9714c0 Update accept keyword for cryptsetup 2.4.1 2021-10-25 07:06:19 +00:00
Sayan Chowdhury
5d0669763a Merge pull request #1363 from flatcar-linux/linux-5.10.75-main 
Upgrade Linux Kernel in main from 5.10.74 to 5.10.75
 2021-10-23 09:55:10 +05:30
Aniruddha Basak
da44b7c24d Remove nmap keyword from arm64/package.accept_keywords 2021-10-22 14:44:44 +00:00
Sayan Chowdhury
59a8112b65 Merge pull request #1365 from flatcar-linux/sayan/skip-tcsd-for-tpm2-v249 
app-crypt/trousers: Skip tscd.service for TPM2 devices (using ConditionSecurity)
 2021-10-22 16:26:24 +05:30
Sayan Chowdhury
33107d2047 Merge pull request #1364 from flatcar-linux/sayan/skip-tcsd-for-tpm2 
app-crypt/trousers: Skip tscd.service for TPM2 devices
 2021-10-22 16:21:14 +05:30
Aniruddha Basak
261b2337df Update net-analyzer/nmap to v7.92 2021-10-22 10:39:57 +00:00
Aniruddha Basak
e24c9bbff2 Update sys-fs/cryptsetup to v2.4.1 2021-10-22 09:32:48 +00:00