mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-09-29 01:21:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
22,792 Commits 637 Branches 398 Tags
Commit Graph

22792 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Benjamin Gilbert
ee90e8feb3 net-firewall/nftables: add package 2017-07-25 15:40:46 -07:00
Benjamin Gilbert
e32df6dbfe profiles: accept libnftnl on ARM 2017-07-25 13:05:24 -07:00
Benjamin Gilbert
894fe62e65 sys-kernel/coreos-modules: enable nftables 2017-07-25 13:03:29 -07:00
Benjamin Gilbert
4200b9840f sys-kernel/coreos-modules: enable TCP Hybla 2017-07-25 11:37:36 -07:00
David Michael
de9d663901 chore(metadata): Regenerate cache 2017-07-24 17:35:43 -07:00
David Michael
82c5f3811a chore(metadata): Regenerate cache 2017-07-24 17:35:41 -07:00
David Michael
ae835f9b29 dev-libs/yajl: drop dead package 2017-07-24 17:35:23 -07:00
David Michael
f084917d6d profiles: sync meson on arm64 2017-07-24 17:29:35 -07:00
David Michael
f5657649f2 profiles: allow building Python 3 for meson 2017-07-24 17:29:34 -07:00
Benjamin Gilbert
aaeec47fcc net-libs/libnftnl: add package 2017-07-24 14:00:01 -07:00
Benjamin Gilbert
735f46fd9e Merge pull request #2661 from coreosbot/master-4.12.3 
Upgrade Linux in master to 4.12.3
 2017-07-24 13:13:41 -07:00
Jenkins OS
527af70cc2 sys-kernel/coreos-sources: bump to 4.12.3 2017-07-24 20:08:45 +00:00
Benjamin Gilbert
33198fa0dc Merge pull request #2657 from bgilbert/bootengine 
sys-kernel/bootengine: bump for mkswap, Packet race, chmod fixup
 2017-07-21 13:51:22 -07:00
Benjamin Gilbert
8619959235 sys-kernel/bootengine: bump for mkswap, Packet race, chmod fixup 2017-07-21 13:42:49 -07:00
Benjamin Gilbert
85451cb7e4 sys-kernel/bootengine: add missing chmod 
It was performed by bootengine until
coreos/bootengine@7c7bbb8d85.
 2017-07-21 13:38:11 -07:00
David Michael
386efa4ae8 Merge pull request #2655 from dm0-/wrappers 
Bump flannel and etcd wrappers
 2017-07-20 14:57:16 -07:00
David Michael
0b033b5f8c app-admin/etcd-wrapper: bump to 3.1.10 2017-07-20 12:20:23 -07:00
David Michael
c88b4345f6 app-admin/flannel-wrapper: bump to 0.8.0 2017-07-20 12:19:28 -07:00
David Michael
15a1555043 bump(dev-util/re2c): sync with upstream 2017-07-19 13:14:12 -07:00
David Michael
379d06dec5 bump(dev-util/meson): sync with upstream 2017-07-19 13:01:01 -07:00
David Michael
47f585634e bump(dev-util/ninja): sync with upstream 2017-07-19 13:00:52 -07:00
David Michael
89cba335c5 bump(dev-lang/python): sync with upstream 2017-07-19 12:59:17 -07:00
David Michael
269204200a bump(profiles): sync with upstream 
Packages updated:
  eclass
  licenses
  profiles
  scripts
 2017-07-19 12:58:28 -07:00
Euan Kemp
50ef678e25 Merge pull request #712 from euank/fixup-core-sign-update 
core_sign_update: fix flag parsing for keys_separator
 2017-07-18 18:30:48 -07:00
Euan Kemp
e174703778 core_sign_update: fix flag parsing for keys_separator 
Introduced in #710, whoops.
 2017-07-18 18:24:38 -07:00
David Michael
341cb0dea6 Merge pull request #2653 from dm0-/systemd 
Upgrade to systemd v234
 2017-07-18 13:51:25 -07:00
David Michael
f186446b98 sys-apps/systemd: upgrade to v234 
This syncs most of the ebuild with Gentoo's, except it omits the
meson build part for now.

A side effect of this is that lxml will be built as a dependency,
but it is not used since systemd now requires Python 3.  This will
be fixed with meson support, since meson requires Python 3 as well.
 2017-07-18 12:54:06 -07:00
David Michael
4c5c1fb86f profiles: sync lxml on arm64 2017-07-18 12:49:54 -07:00
Euan Kemp
cdf275cd3e Merge pull request #710 from euank/coreos-card_signing 
coreos_sign_update: Use smartcards for signing (updated)
 2017-07-18 11:35:35 -07:00
David Michael
c78baf748b Merge pull request #2652 from coreosbot/master 
Upgrade Linux in master to 4.12.2
 2017-07-17 15:37:54 -07:00
Jenkins OS
467cedff05 sys-kernel/coreos-sources: bump to 4.12.2 2017-07-17 20:23:39 +00:00
David Michael
9e399e19de Merge pull request #2648 from dm0-/dracut 
profiles: upgrade to dracut 045
 2017-07-13 18:31:11 -07:00
David Michael
a1d5775603 Merge pull request #563 from dm0-/dracut 
bump(sys-kernel/dracut): sync with upstream
 2017-07-13 18:29:28 -07:00
David Michael
44a42faa1e sys-kernel/bootengine: bump for dracut 045 2017-07-13 18:27:42 -07:00
David Michael
5446be23f3 profiles: upgrade to dracut 045 2017-07-11 18:23:39 -07:00
David Michael
125bb460d8 bump(sys-kernel/dracut): sync with upstream 2017-07-11 18:22:27 -07:00
Euan Kemp
61be39c999 core_sign_update: remain compatible with older sign.sh 
The motivation behind retaining this backwards compatibility, at least
now, is that it's actually non-trivial to revert these code changes for
a given release.

The `sign.sh` changes can easily be changed, but the `core_sign_update`
code is included in the update-specific "au_zip" file. Replacing that is
a little more fiddly.

Since it's possible we'll still want to revert to the previous signing
behavior, make it so the update payload (namely core_sign_update) should
work both under the previous `sign.sh` script, and when using the new
one.
 2017-07-11 13:55:59 -07:00
David Michael
8ac62a5664 Merge pull request #2642 from dm0-/torcx 
app-arch/torcx: bump to v0.1.0-alpha.3
 2017-07-11 12:16:25 -07:00
David Michael
9889f2681c Merge pull request #2647 from dm0-/glsa 
profiles: sync man-db version on arm64
 2017-07-10 12:36:52 -07:00
David Michael
ee7a21794d Merge pull request #562 from dm0-/glsa 
Sync GLSAs
 2017-07-10 12:36:42 -07:00
David Michael
00d0400d58 bump(dev-libs/libpipeline): sync with upstream 2017-07-09 17:44:36 -07:00
David Michael
254e6d949d profiles: sync man-db version on arm64 2017-07-09 17:39:13 -07:00
David Michael
ae4583d564 bump(app-text/manpager): sync with upstream 2017-07-09 17:29:18 -07:00
David Michael
5c70328f3f bump(sys-apps/man-db): sync with upstream 2017-07-09 17:24:50 -07:00
David Michael
2327a315bb bump(metadata/glsa): sync with upstream 2017-07-09 17:18:14 -07:00
Euan Kemp
5cbc755abc offline_signing: use a smartcard URI 2017-07-06 13:50:27 -07:00
Euan Kemp
2146975588 coreos_sign_update: return 'legacy' signing support 
We currently sign with both a devel key and a prod key. The devel key is
insecure and need not be included on a smartcard, so it makes sense to
leave it be on disk.

However, the previous commit's padding changes removed this legacy
method of signing.
For simplicity, simply re-introduce the old logic conditionally based on
whether it's a smartcard or not.

Alternate options could be using `-pkcs` instead of `-raw` for both
keys, but that is a more intricate change I'd be less confident in
making.
 2017-07-06 13:50:27 -07:00
Matthew Garrett
54048fbb00 coreos_sign_update: Use smartcards for signing 
Sign updates using private keys on smartcards. This involves changing the
padding approach - rather than including the padding in the hash, ask the
card to generate the padding itself, since the card will refuse to sign
pre-padded material. Use + as a key separator rather than : as the PKCS#11
URI includes colons.
 2017-07-06 13:50:27 -07:00
David Michael
15217f8003 Merge pull request #2646 from dgonyeo/ignition 
sys-apps/ignition: 0.17.0 -> 0.17.1
 2017-07-05 15:39:44 -07:00
Derek Gonyeo
10f31b7297 sys-apps/ignition: 0.17.0 -> 0.17.1 2017-07-05 15:38:27 -07:00