Github Action for Go has had a bug when parsing the current Go version
from `dev-lang/go/Manifest`, only when the current ebuild file has only
major + minor versions, without patchlevel. For example, it could parse
well `1.13.15`, but not `1.15`. We need to make it deal with both
versions, `x.y.z` and `x.y`.
With this PR, for example, when `VERSION_SHORT` is `1.15` and the
Manifest includes a tarball `go1.15.src.tar.gz`, we can confirm the new
regexp works well like below:
```
$ sed -n "s/^DIST go\(1\.15\.*[0-9]*\)\.src.*/\1/p" dev-lang/go/Manifest
1.15
```
The dependency was added in commit
dddb318b9f989acba9ccca9babc4715a9075eae8. Earlier the regulator code
was only built for arm64, but since the CONFIG_AT803X_PHY variable is
specified in common config, the CONFIG_REGULATOR variables needed to
be moved to common config too.
The script sorts the lines in the config files and prints a messages
when some variable is being overridden (means that it is specified
twice in the config).
The script can be also used to check for such situations with full
configs like:
cat commonconfig-* amd64_defconfig-* >amd64fullconfig
./sort_config.sh amd64fullconfig
rm amd64fullconfig
Most of the duplicates happened to be within amd64 config. But some of
the duplicates were across the files (defined in both common and
amd64). Almost all of them were exact duplicates, so those could be
just dropped, favoring the config lines in common config to remain.
The CONFIG_CONNECTOR was different in common config (module) and in
amd64 config (builtin), so the config line was moved to arm64
config. Now amd64 has CONFIG_CONNECTOR as builtin and arm64 as a
module.
A memory corruption vulnerability in AF_PACKET causes the kernel to
panic or enter undefined behavior, tracked as CVE-2020-14386.
While the proposed patch is not included in an upstream release,
include it as downstream patch.
Further information and PoC:
https://www.openwall.com/lists/oss-security/2020/09/03/3
Now that Go [1.15](Go://go.googlesource.com/go/+/refs/tags/go1.15) has
been released, we should update the default Go version to 1.15.
Since the [EINTR issue](https://github.com/golang/go/issues/38033) was
fixed in 1.15, we can simply move from 1.13 to 1.15.
On the other hand, we should not add 1.14, as the
[EINTR bug fix](https://go-review.googlesource.com/c/go/+/232862/) was
not backported to 1.14.
With this kernel config, users can boot with fips=1 set in
`/usr/share/oem/grub.cfg`:
```
set linux_append="fips=1"
```
Which triggers various behaviors, for FIPS 200 certification.
with this config compiled in, and that boot parameter, users can can
that fips is enabled with:
```
flatcar ~ # cat /proc/sys/crypto/fips_enabled
1
```
Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
The best practice established in this repository is to reset the
package folder and import a new version from upstream without
modifications. In a separate commit the downstream changes are applied.
This makes it clear which downstream changes need to be ported when
updating to a newer version in the future. Unfortunately this is not
always done which causes confusion and more work. As first step
document the process before we later look into more automation.
This commit adds a dependency on acct-group/render to systemd.
The respective group is provided by portage-stable
(https://github.com/flatcar-linux/portage-stable
commit ID db2ed1e74a89944b1500dba1471072e8da3dddc9).
Furthermore, the baselayout commit ID is bumped to include a
change from https://github.com/flatcar-linux/baselayout - to
1d32bea2c0e4335d4a8f7e0ccd6a7b41da15e4a7 - which includes
this group in the baselayout used by initramfs.
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
