I hadn't realised this is called for the SDK itself, i.e. without an
applicable "board". I find having the SDK's os-release to be largely the
same as the image's a little odd, but that's a different problem.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
The account is currently unavailable, if the garbage collection fails,
the following clouds are not cleaned-up (e.g stackit, akamai, etc.)
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
This change introduces the "Extensible Scheduling Class" kernel option
(https://cateee.net/lkddb/web-lkddb/SCHED_CLASS_EXT.html), essentially
enabling BPF process schedulers.
While only few actual scheduler implementations will be able to use this
at this point (most also need CONFIG_PAHOLE_HAS_BTF_TAG which is only
available when the kernel is built with CLANG), it's a step into the
right direction.
Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
Commit 01eea0f of PR https://github.com/flatcar/scripts/pull/3555
introduced build issue for bootengine and coreos-init; the source
tarball filename reflected in the manifest does not correspond to the
filename used in the ebuild. Hence, the checksum verification fails.
Also, the version symlinks were not updated by the original change.
This change uses the correct filename and checksums and updates the
versions.
Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
For A/B-updated /etc contents we used a custom overlay mount that
provides the default files through a lowerdir loaded from /usr. Since
then we upstreamed mutable systemd-confext support and now we can switch
to it.
This pulls in https://github.com/flatcar/init/pull/138 and
https://github.com/flatcar/bootengine/pull/115 together with backported
systemd patches that have opened or merged upstream PRs to fix --root=
issues and add a refresh skip check to prevent boot disruptions due to
the multiple daemon reloads and - more important - the missing atomic
remount that would mean /etc is gone for a few milliseconds during boot.
The skip logic works best with verity hashes and thus the default
confext must be a verity extension image.
User-provided confext don't work well yet unless they use verity due to
the missing atomic remount and reliance on the skipping logic. We also
need to look into stacking order and other mutabiliy settings.
The backported systemd patches relate to the following upstream PRs:
https://github.com/systemd/systemd/pull/39843 for
vpick-Don-t-use-openat-directly-but-resolve-symlinks
discover-image-Follow-symlinks-in-a-given-root
sysext-Use-correct-image-name-for-extension-release
test-Add-tests-for-handling-symlinks-with-systemd-sy
Note that the patch in the PR relies on
0859fe3f32774f1e0c787974cc252ff922a1b868 but the backport patch not.
https://github.com/systemd/systemd/pull/39980 for
sysext-Create-mutable-directory-with-the-right-mode
sysext-Skip-refresh-if-no-changes-are-found
https://github.com/systemd/systemd/pull/39991 for
sysext-Get-verity-user-certs-from-given-root
https://github.com/systemd/systemd/pull/40063 for
sysext-Fix-config-file-support-with-root
which relies on https://github.com/systemd/systemd/pull/38250 for
man-sysext.conf-add-systemd-sysext-config-files
sysext-introduce-global-config-file
sysext-support-ImagePolicy-global-config-option
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
Most sysexts need a daemon reload to get their services (re)started when
systemd-sysext (re)loads extensions after boot. Up to now this was done
through ensure-sysext.service but only when systemd-sysext.service was
restarted. A manual invocation of systemd-sysext did not get the
daemon reload and, e.g., Docker failed to start.
Since the daemon reload is done when at least one extension needs it
and we can say that this is likely true for most of the extensions we
build, we can unconditionally set it for now and see if we need to
make it conditional per sysext later, e.g., when one could only have
plain CLI extensions and no service extensions such as Docker/containerd
or Podman (and even NVIDIA/ZFS require services after load).
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
This leverages the branding eclass that was recently added to Gentoo.
Since originally preparing this commit, these fields were added to our
make.conf, but setting them in the profile is more versatile, allowing
for downstreams.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
It was never updated in a meaningful way. It was only used directly in
lsb_release, which is a dead standard. It was included in the os-release
`PRETTY_NAME` but not as a field on its own.
Closes: https://github.com/flatcar/scripts/pull/88
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
In next weekly updates batch, pillow gained a dependency on
dev-python/pybind11, which pulls in dev-cpp/eigen, which pulls in some
eclasses and more deps. This is too annoying for a tool that is
effectively of no use for Flatcar. We should be able to get away with
just "providing" the package, since docutils (the only package that
pulls dev-python/pillow) is documented to handle missing pillow
gracefully.
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
The Portage config is visible through the sysext root directory via
overlayfs while installing packages, but the overlay gets unmounted
before equery is called. Use the board root's config instead.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
This is needed to support modern terminals like foot and Alacritty.
These take up around 7.5MB more, but the btrfs compression should reduce
this considerably.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
