- Restore openrc use flag, we don't want to pull it in.
- Change cpp #if LIVE to bash if statements to symlinks work.
- Depend on a newer libseccomp, build fails with old versions.
- Depend on lxml if python is enabled.
- Add version 209!
This pulls in the latest changes from Gentoo as of 21 Feb 2014 along
with the CoreOS changes we made in the 207 ebuild.
Hard mask kdbus flag. We don't need to tread into those waters yet.
We will be trying networkd but leave the flag disabled until someone
wants to start working with it.
libseccomp calls which in its ./configure script so when building stage3
if which isn't already there the build will fail. This is quick fix.
Reported upstream: https://bugs.gentoo.org/show_bug.cgi?id=502084
I misunderstood the documentation for systemd-tmpfiles, if a string to
write to a file is provided it will always write it, even if the file
already exists and doesn't need to be created. This means that using
tmpfiles to initialize /etc/group results appending each boot.
Instead use a little script instead, also initialize passwd and shadow
so that the `passwd` command works for the core user.
Make use of the systemd eclass where applicable.
In the last patch I modified docker-0.8.1.ebuild directly. That was
wrong. This time I copy the ebuild, add the epatch and leave
docker-0.8.0 unmodified. This also changes the patch to reflect what is
waiting for a merge upstream.
This package is based exclusively on the Mozilla certificate store
distributed in their NSS library and adopts NSS's version accordingly.
It replaces the previous Gentoo package which came directly from Debian.
The Debian package package had a couple issues we didn't like:
- Trusts the http://cacert.org root CA which isn't the worst thing in
the world to do but seems like a really bad default policy to ship.
- update-ca-certificates had a confusing configuration/hook scheme
which seemed almost useful but completely obnoxious and useless to
CoreOS at the same time. systemd-tmpfiles plus a simpler script does
a better job for us.
The python script certdata2pem.py came from Debian's source package
ca-certificates_20130119 and modified slightly. It is only used at
build-time to convert the file format used by NSS to PEM files.
The old packages used dates as the version, this one uses the NSS
library the certificate store came from as the version. This may cause
an issue if packages from Gentoo depend on >=ca-certificates-20080809 or
similar. Currently the only packages in Gentoo that do so are
sci-misc/boinc and www-client/epiphany, neither of which will ever be
needed in CoreOS so we should be OK.
Switch to portage's default (wget) for fetching. wget is nice and
reports the URL it is downloading while curl does not. This makes
understanding errors like '404' actually somewhat possible.
The --checkpoint arg to tar didn't serve much of a useful purpose as far
as I know besides adding to the build noise. Just drop it.
- Add || die to commands without them to avoid missing errors.
- Symlink resolv.conf to /run on amd64-generic images again.
- Properly sed /etc/issue out of tmpfiles.
- Fix symlinks for mtab and sudo.
- Fix directory ordering in tmpfiles.
- Update groups, a few were missing or incorrect.
- Bump coreos-base/coreos revision.
This replaces the old Gentoo baselayout and coreos-base packages.
Changes include:
- Move nss data files from /etc to /usr/share/baselayout
- Enable nss-usrfiles module to use the new location.
- Move other misc files from /etc to /usr/share/baselayout, using
compatibility symlinks in /etc generated by tmpfiles.
- All base system directories can be generated by tmpfiles.
- No more /etc/gentoo-release
- Simplified code, doesn't bother trying to migrate lib symlinks and
simply fails if the existing filesystem is incorrect.
- In /usr images the `core` user's UID/GID is now 500 to keep us within
the reserved system UID/GID space. Eventually once the SDK switches
to this the `core` user will not conflict with the local developer's
account. It also makes it clearer what range people can use when
creating accounts in /usr images. No other UID/GIDs are changing.
- New eclass to let ebuilds run the equivalent of `tmpfiles --create`.
In the future this may be replaced by calling `tmpfiles` directly
once it has a `--root` argument but I haven't pushed those patches
upstream for review yet.
This simplifies the build process, we have no need for trousers or other
tpm related things from ChromeOS. Bump vboot_reference so it no longer
needs trousers as a build dependency.
Nmap itself is excluded, just want the basic network tools.
ncat is a netcat implementation with support for fun things like SSL.
In the future we could add nping but since we already include iputils
that is not quite as important as ncat.
The nmap ebuild includes a compile fix posted here:
https://bugs.gentoo.org/show_bug.cgi?id=501136
Symlinks out of /etc to /usr should generally be relative, that way they
work regardless of whether you are based at / or dealing with a new
chroot you haven't entered yet, or a build root like /build/amd64-usr
Namely the absolute links break cros_sdk which copies skel into home.
Also switch to /usr/share/skel since other packages may need install
things to that directory in the future.
If c10n fails etcd should not start, wait until it is known if there is
a cluster config to use or not. Also now c10n may not write out a
cluster config on ec2 if there isn't a need for one. Make this case
non-fatal and start up etcd as a master node.
Includes a few other changes which are either bug fixes or doc updates:
Brandon Philips (4):
bump(README): increase the version of the README to 0.3.0
fix(README): move contact closer to contributing
feat(scripts): use zip for windows and darwin
fix(server/v1): don't fail put on new v1 key
Brian Waldon (3):
doc(CompareAndDelete): Add missing CAD docs
doc(CompareAndSwap): clarify prevIndex in CAS
chore(gofmt): gofmt compare_and_delete_command.go
Jan-Erik Rediger (1):
Change token example to use returned value only
Michael Marineau (1):
add(server/v1/tests): Port many of the v2 HTTP handler tests to v1
TANABE Ken-ichi (2):
fix(mod/lock): Use dedicated channel to shutdown goroutine properly
fix(mod/lock): Use CreatedIndex in the first node to watch
