6732 Commits

Author SHA1 Message Date
Dongsu Park
4cf90db4bf Merge pull request #600 from flatcar-linux/dongsu/sqlite-3.32.3
dev-db/sqlite: update to 3.32.3 to keep non-full archive
2020-09-23 14:39:56 +02:00
Flatcar Buildbot
c197a0fdab app-emulation: Upgrade Docker 19.03.12 to 19.03.13 2020-09-23 07:44:01 +00:00
Kai Lüke
9c118932e0 Merge pull request #601 from flatcar-linux/kai/bump-init
coreos-base/coreos-init: Point to latest flatcar-master
2020-09-22 14:49:27 +02:00
Marga Manterola
084608643c Merge pull request #592 from flatcar-linux/marga-kinvolk/gce-image
Improve Flatcar behavior on GCE when using oslogin
2020-09-22 14:41:51 +02:00
Kai Lüke
da030f0543 coreos-base/coreos-init: Point to latest flatcar-master
This pulls in
https://github.com/flatcar-linux/init/pull/27
2020-09-22 14:28:30 +02:00
Dongsu Park
aa72d9e918 dev-db/sqlite: add README.md
Try to elaborate reasons why we need this fork of Gentoo ebuilds.
2020-09-22 09:54:25 +02:00
Dongsu Park
902d322ed8 dev-db/sqlite: Bring back builds for non-full archive
Since sqlite 3.32.0, Gentoo ebuild does not deal with non-full archive,
but fetches only full archive. On top of that, the upstream sqlite's
full archive requires `tclsh` to be installed on the host system. Since
Flatcar SDK does not include `dev-lang/tcl`, it is not possible to build
sqlite from the full-archive. It means that we need to either make the
Flatcar SDK include `dev-lang/tcl`, (which takes time) or bring back the
non-full archive mechanism just like ebuilds from sqlite 3.31.x.

So adapt the full-archive patches on top of the non-full archive.
Make the ebuild fetch the non-full archive.
2020-09-21 14:02:34 +02:00
Margarita Manterola
38935a5e75 coreos-base/oem-gce: add Python aliases
GCE recommends images to ship Python in them.  Instead of shipping the
binaries inside our vendor partition, install an alias that will
download the latest official container, for both python2 and python3.
2020-09-18 18:29:17 +02:00
Dongsu Park
2f87fbff5d dev-db/sqlite: sync with Gentoo upstream
Simply sync dev-db/sqlite with Gentoo upstream.

Mainly to update to 3.32.3-r1, to address CVE-2020-11656.
2020-09-18 17:49:43 +02:00
Margarita Manterola
11d56330bd sys-kernel/coreos-modules: remove deprecated config
We were setting `CONFIG_VGACON_SOFT_SCROLLBACK=y`, but this config
option was deleted with 20782abbbdfe922496a28f9cc0c3c0030f7dfb8f, due to
security issues.

Remove the config to let the kernel image build again.
2020-09-18 14:07:19 +02:00
Margarita Manterola
db3bd0f9f8 coreos-base/google-oslogin: Update to 20200910
This change updates to the latest oslogin version provided by Google.
Since our last update, this was split into a different repo and the
directory structure changed significantly.

It also added group support, which needed to be added to the
nsswitch.conf file that we ship.

Flatcar users require docker group permissions, so ensure oslogin gives
that permission by shipping a separate group.conf file that gets
installed when oslogin is enabled.
2020-09-18 13:41:12 +02:00
Thilo Fromm
ecc026209b Merge pull request #596 from flatcar-linux/linux-5.8.10-main
Upgrade Linux Kernel in main from 5.8.9 to 5.8.10
2020-09-18 11:35:25 +02:00
Dongsu Park
c58f7dbfbc Merge pull request #590 from flatcar-linux/dongsu/update-pkgs-20200917
profile: adjust profiles for jq, rsync
2020-09-18 10:29:24 +02:00
Flatcar Buildbot
4498afdfd1 app-emulation: Upgrade Containerd 1.3.7 to 1.4.1 2020-09-18 08:20:50 +00:00
Flatcar Buildbot
2b3e80a5dd sys-kernel: Upgrade coreos-kernel 5.8.9 to 5.8.10 2020-09-18 08:13:46 +00:00
Margarita Manterola
39c2c411c1 app-emulation/qemu: Fix building errors
The qemu update caused several errors:

* We currently don't have Python 3.8 available in the SDK, so adding it in
  the PYTHON_COMPAT field causes a build failure.
* The manifest needed to be updated
* A patch file was missing

This commit fixes these errors and makes the package build.
2020-09-17 16:42:19 +02:00
Dongsu Park
8956a52b6a profiles: disable sse2 from CPU_FLAGS_X86 for rsync
Since rsync 3.2.0, the ebuild sets `--enable-simd` option in case of
amd64. However, the cross toolchain in Flatcar SDK is not able to deal
with the SIMD feature, so configure in rsync fails like:

```
gcc version 8.3.0 (Gentoo Hardened 8.3.0-r1 p1.1)
configure.sh:3774: $? = 0
configure.sh:3763: x86_64-cros-linux-gnu-g++ -V >&5
x86_64-cros-linux-gnu-g++: error: unrecognized command line option '-V'
x86_64-cros-linux-gnu-g++: fatal error: no input files
compilation terminated.
```

Until we could resolve the toolchain issue, we should disable
`cpu_flags_x86_sse2`, to disable simd for rsync.
2020-09-17 15:54:38 +02:00
Dongsu Park
700f7a9024 profiles: update keywords for app-misc/jq
Update version of app-misc/jq to 1.6-r3 as well in accept_keywords,
since app-misc/jq in portage-stable was updated to 1.6-r3.
2020-09-17 15:54:35 +02:00
Sayan Chowdhury
d953761aea app-emulation/qemu: Drop old; qemu-4.2.0-r2
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
2020-09-17 12:07:35 +05:30
Sayan Chowdhury
fc9417e810 app-emulation/qemu: Upgrade qemu to 5.0.0
Upgrade QEMU to 5.0.0 to fix the following security issues:

- [CVE-2020-11102](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11102)
- [CVE-2020-1711](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1711)
- [CVE-2020-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7039)

Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
2020-09-17 12:07:32 +05:30
Dongsu Park
2cd4943889 Merge pull request #525 from flatcar-linux/runc-1.0.0_rc92-main
Upgrade Runc in main from 1.0.0_rc90 to 1.0.0_rc92
2020-09-16 15:06:44 +02:00
Kai Lüke
7aa31a28b8 coreos-base/update_engine: Point to latest flatcar-master
This pulls in
https://github.com/flatcar-linux/update_engine/pull/7
2020-09-14 16:06:08 +02:00
Dongsu Park
e6b8d5175a app-emulation/docker-runc: adapt patches for runc 1.0.0-rc91
To fix builds, adapt patches for runc 1.0.0-rc91.
2020-09-14 15:57:17 +02:00
Flatcar Buildbot
63adddc590 app-emulation: Upgrade Runc 1.0.0_rc90 to 1.0.0_rc92 2020-09-14 15:57:17 +02:00
Krzesimir Nowak
441b3d2d7b sys-kernel/coreos-sources: Regenerate the patches against 5.8.9
These used to apply just fine with the patch utility, but git am was
complaining.
2020-09-14 14:58:39 +02:00
Flatcar Buildbot
cb9f047507 sys-kernel: Upgrade coreos-kernel 5.8.8 to 5.8.9 2020-09-13 07:22:25 +00:00
Kai Lüke
6212d698d2 coreos-base/coreos-init: Update to include Calico tunl0 networkd units
This pulls in
https://github.com/flatcar-linux/init/pull/26
2020-09-11 15:20:56 +02:00
Vincent Batts
cc40759565 Merge pull request #553 from flatcar-linux/vbatts/lockdown
sys-kernel: make lockdown available
2020-09-11 07:01:46 -04:00
Dongsu Park
c30c27d91d Merge pull request #574 from flatcar-linux/dongsu/go-1.15.1
dev-lang: Upgrade Go 1.15 to 1.15.2
2020-09-11 09:48:45 +02:00
Thilo Fromm
df132df652 sys-apps/systemd: use latest v245-flatcar
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
2020-09-10 17:32:01 +02:00
Thilo Fromm
76be146d00 Merge pull request #580 from flatcar-linux/linux-5.8.8-main
Upgrade Linux Kernel in main from 5.8.6 to 5.8.8
2020-09-10 13:21:02 +02:00
Thilo Fromm
6ac9fd4bd5 sys-kernel/coreos-sources-5.8.8: remove tpacket patch since it's in .8 upstream
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
2020-09-10 13:18:52 +02:00
Dongsu Park
697d475b2d dev-lang: Upgrade Go 1.15 to 1.15.2
Upgrade Go to 1.15.2, to address issues like potential cross-site scripting
vulnerability, as described in
https://groups.google.com/g/golang-announce/c/8wqlSbkLdPs .
2020-09-10 10:34:52 +02:00
Dongsu Park
0bdb485bea Merge pull request #575 from flatcar-linux/dongsu/github-action-rust-body
.github: improve body text of PR for dev-lang/rust
2020-09-10 10:31:03 +02:00
Flatcar Buildbot
1036d87f6d sys-kernel: Upgrade coreos-kernel 5.8.6 to 5.8.8 2020-09-10 07:22:52 +00:00
Margarita Manterola
21e3dd302b coreos-devel/mantle: update to v0.15.0 2020-09-09 21:57:57 +02:00
Kai Lüke
0e7039eceb Merge pull request #572 from flatcar-linux/kai/update-update_engine
coreos-base/update_engine: Point to latest flatcar-master
2020-09-09 21:32:28 +02:00
Dongsu Park
d238385c36 .github: improve body text of PR for dev-lang/rust
Improve body text of each PR for `dev-lang/rust`, by mentioning that
it should be merged together with its paired PR in portage-stable.

Explicitly name `dev-lang/rust` instead of `Rust`, because now there are
`dev-lang/rust` as well as `virtual/rust`.

Rename the dispatched event-type name to `rust-pull-request-main`, as
`cargo` has already disappeared.

Make the repository-dispatch action send additional client-payload with
a field `coreos-overlay-pull-request-number`, which will be later used
by the corresponding PR in portage-stable for adding a link back to the
PR in coreos-overlay.
2020-09-09 11:56:29 +02:00
Vincent Batts
342e858d66 sys-kernel: make lockdown available
This will not be enabled by default, and still requires the "lockdown"
kernel parameter. Users can test by setting in
`/usr/share/oem/grub.cfg`:
```
set linux_append="lockdown=integrity"
```

After this is set, dmesg output you'll see:
```
[    0.000000] Kernel is locked down from command line; see man
kernel_lockdown.7
```

Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
2020-09-08 13:22:51 -04:00
Marga Manterola
ea32f00966 Merge pull request #559 from flatcar-linux/rust-1.46.0-main
Upgrade Rust in main from 1.44.1 to 1.46.0
2020-09-08 14:03:43 +02:00
Dongsu Park
0af204196a Merge pull request #571 from flatcar-linux/dongsu/github-action-fix-go115
.github: fix regexp to get correct semver from Go ebuilds
2020-09-08 10:02:51 +02:00
Kai Lüke
331b877958 coreos-base/update_engine: Point to latest flatcar-master
This pulls in
https://github.com/flatcar-linux/update_engine/pull/6
for rollback detection.
2020-09-07 18:52:45 +02:00
Dongsu Park
01ee4dd82f .github: fix regexp to get correct semver from Go ebuilds
Github Action for Go has had a bug when parsing the current Go version
from `dev-lang/go/Manifest`, only when the current ebuild file has only
major + minor versions, without patchlevel. For example, it could parse
well `1.13.15`, but not `1.15`. We need to make it deal with both
versions, `x.y.z` and `x.y`.

With this PR, for example, when `VERSION_SHORT` is `1.15` and the
Manifest includes a tarball `go1.15.src.tar.gz`, we can confirm the new
regexp works well like below:

```
$ sed -n "s/^DIST go\(1\.15\.*[0-9]*\)\.src.*/\1/p" dev-lang/go/Manifest
1.15
```
2020-09-07 16:23:29 +02:00
Dongsu Park
54cd827f05 Merge pull request #561 from flatcar-linux/dongsu/flatcar-install-multipath
coreos-base: Allow installation to multipath target
2020-09-07 15:08:32 +02:00
Krzesimir Nowak
fddbd9defe .github: Update KV_MAIN to 5.8 2020-09-07 12:58:11 +02:00
Krzesimir Nowak
36cf4b16e9 sys-kernel/coreos-firmware: Update to 20200817
Also sync with upstream.
2020-09-04 21:10:21 +02:00
Krzesimir Nowak
4e7dfb9c50 sys-kernel/coreos-modules: Drop OPTIMIZE_INLINING - removed upstream
Dropped in commit 889b3c1245de48ed0cacf7aebb25c489d3e4a3e9.
2020-09-04 21:10:08 +02:00
Krzesimir Nowak
5ad0aa9055 sys-kernel/coreos-modules: Drop NF_TABLES_SET - removed upstream
Dropped in commit e32a4dc6512ce3c1a1920531246e7037896e510a.
2020-09-04 21:10:01 +02:00
Krzesimir Nowak
a6d811b5ca sys-kernel/coreos-modules: Add deps for NETFILTER_XT_MATCH_PHYSDEV
Not sure what and when new deps were added, but adding those config
variables made the build move forward.
2020-09-04 21:09:50 +02:00
Krzesimir Nowak
92828c0a32 sys-kernel/coreos-modules: Drop INFINIBAND_CXGB3 - removed upstream
Dropped in commit 30e0f6cf5acb39cd04316d1eecbf4c6087c7ee02.
2020-09-04 21:09:38 +02:00