This action runs over main and the release branches and creates a PR that
updates mantle reference to the latest one. By using a fixed branch name,
rerunning the action will update/close an existing PR if new mantle commits
happen or if the PR becomes obsolete.
The tool is deprecated, nothing pulls that in any more and it has a
dependency on dev-perl/XML-Parser, an updated version of which would
want to pull a bunch of new packages through dev-perl/libwww-perl.
Avoid the hassle and drop the tool.
Realmd didn't have dev-util/intltool listed as a dependency, but it
actually required it during build. Apply a patch from upstream that
converts the project from intltool to gettext in order to get rid of
the dependency on the obsolete tool. To apply the patch without
conflicts, apply also another patch from upstream that modernizes the
configure.ac file.
We also disable the i18n through the --disable-nls flag. The disabling
is not complete though, so we still need to point gettext to the ITS
rules we have installed in ROOT.
Our github actions use cork to create an sdk chroot, which pulls down bzipped
archives. The runners have 2 CPUs, so this unpacking could be faster if we
installed lbzip2. Cork transparently uses lbzip2.
The size contains not only of the /usr partition but also the /boot
partition require that we reduce the size of binaries as much as
possible.
Strip all Go binaries by default.
This usually doesn't happen for releases, but for development
dev-containers it might be the case that portage-stable or
coreos-overlay commit is specified as some pull request reference -
these need to be fetched differently, as refs from refs/pull usually
are not fetched by default.
We were appending the [build] section, and the updated cargo eclass
already added that to the config, so we ended up with having two
[build] sections in the config file. Try to amend the section instead
of appending it to the file. While at it, do the same with the
target.${RUST_TARGET} section too to be a bit more futureproof.
- sys-libs/pam: Make /sbin/unix_chkpwd suid
This is to avoid importing fcaps eclass which adds a dependency on
sys-libs/libcap, which in turn depends on sys-libs/pam. To get out of
this conundrum, we could specify a "-filecaps" use flag for
sys-libs/pam. Problem with this solution would be no capability
override for the binary making it unable to read /etc/shadow. Thus we
make the binary suid. This is strictly less secure than overriding its
capabilities, but I have no idea how to solve it in a less hacky way.
- sys-libs/pam: Install configuration into /usr
Also provide a tmpfiles fragment to bring it back.
- sys-libs/pam: Locked accounts functionality
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
