Pull in this PR https://github.com/flatcar/bootengine/pull/74 to disable a
systemd-networkd setting causing unexpected routes to appear.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Pull in this PR https://github.com/flatcar/init/pull/109/ to disable a
systemd-networkd setting causing unexpected routes to appear.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Switch to using a managed identity instead of file based credentials for
running kola/ore (not plume). This covers our test subscription, but not our
publishing subscription.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
In the past user had to customize Kubernetes or use a bind mount to make
writing the default /usr/libexec/kubernetes/ path work. With
systemd-sysext on by default the bind mount doesn't work anymore because
it can get lost. A newer workaround is to use a systemd-sysext image
that creates a symlink in /usr/libexec/... to redirect to somewhere
under /var/.
Instead of relying on workarounds, make Kubernetes work by default on
Flatcar by having the symlink be part of the generic image. The target
folder will be created through a tmpfiles rule.
Starting from gcc 13, it is required to explicitly include cstdint, as
other standard library header files will not include other headers that
were being used internally by the library. So update_engine also has to
explicitly include cstdint to avoid build errors.
Pulls in https://github.com/flatcar/update_engine/pull/27
- remove explicit "-multilib" from prefix keywordsas it is set in
profile
- split heredoc for generating emerge wrapper so we don't need to
escape
- add sys-apps/bubblewrap and virtual/tmpfiles to package update
automation list
- use prefix build fix for libgpg-error from upstream
Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
This change adds experimental prefix builds to the Flatcar SDK.
Prefix builds use a custom sys prefix path and emerge all binaries and
runtime dependencies into that prefix.
This path can then e.g. be shipped as a portable sysext since it
includes all dependencies, and has libraries at a custom path so these
do not conflict with libraries on target systems.
Prefix uses a staging environment (path) featuring a full-blown
development environment, and a "final" environment for installing.
Staging and final need to be created using setup_prefix first,
which will also create an emerge wrapper to emerge ebuilds into staging
and subsequently final. The root fs in final may then e.g. be used to
create a distro independent, portable sysext.
Co-authored-by: James Le Cuirot <chewi@gentoo.org>
Co-authored-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Co-authored-by: Thilo Fromm <thilofromm@microsoft.com>
There's a bug in show-changes script where it defaults to values with
single quotes in them. So the default scripts directory is not
"scripts" but "'scripts'". This will be fixed in show-scripts, but for
now work it around here by explicitly defining the directories.
The configs provided by the openssh and Gentoo projects usually keep
everything commented out, meaning that the default values will be
used. On top of that, they will also include snippets in the snippet
directory. As such, start installing the default configs. We only mask
a snippet that defines sftp subsystem, because we provide our own
config snippet from coreos-base/misc-files that defines it.
We will be installing an sshd config snippet instead of replacing the
whole sshd config. In order to pull this off, we need to make sure
that the snippets directory exists and the main sshd config file
actually includes the snippets in the directory.
This commit updates our Flatcar patch with a code that will install an
sshd config snippet instead of editing the main sshd config file if
snippets directory exists.
