This change adds a new flatcar-eks package, that ships with all scripts
needed to join a Flatcar instance to an EKS cluster.
It includes the bootstrap.sh script used on Amazon Linux, to keep
compatibility with existing provisioning tools.
The package is included from the oem-ec2-compat package, when the board
is aws_pro, and it's part of board-packages, so that it's built by the
os/board/packages job.
As `dev-libs/nss` is not used anywhere, let's simply remove nss.
The only ebuild that pulls in is `net-misc/curl`, but only if the USE
flag `nss` is enabled. As the `nss` flag is disabled for curl, we do
not need to keep `dev-libs/nss` at all.
Update dhcpcd to 8.1.9 to address the following security issues:
* CVE-2019-11577
* CVE-2019-11766
Note, dhcpcd is not a standard tool of Flatcar, because by default
networking is configured via systemd-networkd. We update the package
just for potential use cases that still depend on dhcpcd. However,
in the long term, we should not ship dhcpcd in the production images.
It used to be a dependency of upstart and ureadahead, both dropped
long long time ago. Also drop nih-dbus-tool, which was built from
upstart too.
Found this out when updated profiles in portage-stable masked the
library.
When a license file is newly added, portage may not yet have it in the
shared folder and the license inclusion step fails.
Fall back to the source repositories and look for the license file
there, too. Print a warning if not found instead of failing to build.
Replace the use of deprecated git eclass with git-r3 and bump the
commit version to latest version. This version dropped a dependency on
jq.
It is a breaking change for users of mkova.sh, since it has changed
the order of parameters to allow passing multiple vmdk files to it.
When building `net-libs/nghttp2` needed by curl 7.74, build fails
when checking for prerequisites of boost libs.
```
configure:20402: checking whether the Boost::ASIO library is available
configure:20433: x86_64-cros-linux-gnu-g++ -std=c++14 -c -O2 -pipe
-mtune=generic -g conftest.cpp >&5
configure:20433: $? = 0
configure:20447: result: yes
configure:20540: error: Could not find a version of the library!
```
To avoid such issues, we should disable the `cxx` USE flag for
`net-libs/nghttp2`.
Now that curl has its own license file, it should be also added to
`MISC-FREE` license group, just like Gentoo.
Simply sync `license_groups` with Gentoo.
Now that curl >= 7.70 requires its own license file, we need to make
it included in the SDK, so that `/var/gentoo/repos/gentoo/licenses/curl`
can be available. Without that file, the image build step fails due to
a missing license file for curl.
We need to update net-misc/curl to 7.74.0, mainly to address the
following security issues:
* CVE-2020-8169
* CVE-2020-8231
* CVE-2020-8284
* CVE-2020-8285
* CVE-2020-8286
It's really a hindrance during bootstrap, and we would be looking into
ways of making an exception for openssl anyway. Using
package.accept_restrict file does not do the trick, apparently because
of catalyst using its own portage config.
It seems that there is no "kernel" mirror specified in third party
mirrors files in profiles any more. And gentoo seems to have switched
to direct kernel.org URLs anyway, probably because kernel.org is using
also some mirroring system, so we don't have to. Also, this syslinux
version is quite old, so if its tarball ever was on distfiles mirror,
it's gone by now.
