'norecovery' was deprecated and has been removed in kernel v6.8 so switch to
the new way of doing things.
This pulls in https://github.com/flatcar/update_engine/pull/40.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
It looks like 'norecovery' is deprecated and has been removed in the v6.8-rc1
kernel. Replace it with 'rescue=nologreplay', which is a replacement
implemented since v5.9. The standalone 'nologreplay' option is also deprecated.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
The Flatcar extension images built with build_sysext created directories
in the overlay in a way that masked contents from other layers.
Instead of fixing the way we create directories, make use of
postprocessing to avoid any similar problems show up again in the
future.
The PXE image and its helper script is a very handy way to test an image
because it does not preserve state. One can boot the same file over and
over again without having to reset the image. One can also easily pass
in additional kernel cmdline options without having to set up grub.cfg.
The path where the SELinux policy modules are built is normally
/var/lib/selinux. In our case we want to have those policies to be
installed somewhere under /usr. So we have a setup where
/var/lib/selinux is a symlink to /usr/lib/selinux/policy. The
/var/lib/selinux directory is normally created by
sys-apps/policycoreutils directory and we don't want to change it in
order to pursue the goal of putting the package back to
portage-stable.
On the other hand, the override of modules directory location can't
happen in the coreos-base/misc-files package, because
sys-apps/policycoreutils needs that directory to be already set up in
the package post installation time.
The override of the SELinux policy modules directory needs to be done
in the bashrc hook unfortunately. This will come in the follow-up
commit.
So the only thing left is to set up tmpfiles configuration file to
recreate the /var/lib/selinux symlink, since it can be removed when
wiping the filesystem.
Prepare the changes for upstreaming:
- Hide python dependencies behind the python USE flag.
- Allow using original sources, without Gentoo modifications with the
vanilla USE flag.
- This also hides app-admin/setools dependency behind this USE
flag. I'm not sure if anything in policycoreutils requires
anything from that package - I assumed that Gentoo-provided rlpkg
maybe does.
- Keep using /var/lib/selinux as a SELinux policy directory. We will
use INSTALL_MASK to skip installation of the directory and will add
a tmpfiles config file to coreos-base/misc-files instead.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
Prepare the ebuild to be in an upstreamable state:
- hide python dependencies behind the IUSE flag
- move the semanage.conf additions to a patch
- that way, we can add a user patch that changes compression setting
that was added by Gentoo
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
The bundled gnu-efi build is implemented in a buggy way that can break when
built in parallel. We've hit this in the nightly sdk build. Add a patch for it.
The patch has been posted upstream at https://github.com/rhboot/shim/pull/643.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Last nightly SDK failed to build due to a shim error, go back to the previous
build.
This reverts commit 735b2698bac434f9827b96b132eebabb8277bf31.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
