Commit 01eea0f of PR https://github.com/flatcar/scripts/pull/3555
introduced build issue for bootengine and coreos-init; the source
tarball filename reflected in the manifest does not correspond to the
filename used in the ebuild. Hence, the checksum verification fails.
Also, the version symlinks were not updated by the original change.
This change uses the correct filename and checksums and updates the
versions.
Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
For A/B-updated /etc contents we used a custom overlay mount that
provides the default files through a lowerdir loaded from /usr. Since
then we upstreamed mutable systemd-confext support and now we can switch
to it.
This pulls in https://github.com/flatcar/init/pull/138 and
https://github.com/flatcar/bootengine/pull/115 together with backported
systemd patches that have opened or merged upstream PRs to fix --root=
issues and add a refresh skip check to prevent boot disruptions due to
the multiple daemon reloads and - more important - the missing atomic
remount that would mean /etc is gone for a few milliseconds during boot.
The skip logic works best with verity hashes and thus the default
confext must be a verity extension image.
User-provided confext don't work well yet unless they use verity due to
the missing atomic remount and reliance on the skipping logic. We also
need to look into stacking order and other mutabiliy settings.
The backported systemd patches relate to the following upstream PRs:
https://github.com/systemd/systemd/pull/39843 for
vpick-Don-t-use-openat-directly-but-resolve-symlinks
discover-image-Follow-symlinks-in-a-given-root
sysext-Use-correct-image-name-for-extension-release
test-Add-tests-for-handling-symlinks-with-systemd-sy
Note that the patch in the PR relies on
0859fe3f32774f1e0c787974cc252ff922a1b868 but the backport patch not.
https://github.com/systemd/systemd/pull/39980 for
sysext-Create-mutable-directory-with-the-right-mode
sysext-Skip-refresh-if-no-changes-are-found
https://github.com/systemd/systemd/pull/39991 for
sysext-Get-verity-user-certs-from-given-root
https://github.com/systemd/systemd/pull/40063 for
sysext-Fix-config-file-support-with-root
which relies on https://github.com/systemd/systemd/pull/38250 for
man-sysext.conf-add-systemd-sysext-config-files
sysext-introduce-global-config-file
sysext-support-ImagePolicy-global-config-option
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
Most sysexts need a daemon reload to get their services (re)started when
systemd-sysext (re)loads extensions after boot. Up to now this was done
through ensure-sysext.service but only when systemd-sysext.service was
restarted. A manual invocation of systemd-sysext did not get the
daemon reload and, e.g., Docker failed to start.
Since the daemon reload is done when at least one extension needs it
and we can say that this is likely true for most of the extensions we
build, we can unconditionally set it for now and see if we need to
make it conditional per sysext later, e.g., when one could only have
plain CLI extensions and no service extensions such as Docker/containerd
or Podman (and even NVIDIA/ZFS require services after load).
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
This leverages the branding eclass that was recently added to Gentoo.
Since originally preparing this commit, these fields were added to our
make.conf, but setting them in the profile is more versatile, allowing
for downstreams.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
It was never updated in a meaningful way. It was only used directly in
lsb_release, which is a dead standard. It was included in the os-release
`PRETTY_NAME` but not as a field on its own.
Closes: https://github.com/flatcar/scripts/pull/88
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
In next weekly updates batch, pillow gained a dependency on
dev-python/pybind11, which pulls in dev-cpp/eigen, which pulls in some
eclasses and more deps. This is too annoying for a tool that is
effectively of no use for Flatcar. We should be able to get away with
just "providing" the package, since docutils (the only package that
pulls dev-python/pillow) is documented to handle missing pillow
gracefully.
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
The Portage config is visible through the sysext root directory via
overlayfs while installing packages, but the overlay gets unmounted
before equery is called. Use the board root's config instead.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
This is needed to support modern terminals like foot and Alacritty.
These take up around 7.5MB more, but the btrfs compression should reduce
this considerably.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
This time in overlaybd itself. Also regenerate the offline build
patch, so it can be easily applied using `git am`.
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
It is not exactly a cross fix, but it may serve as a single place for
photon fixes. This time overlaybd stopped compiling with gcc15 due to
missing inclusion of cstdint to get a definition of uint64_t. Most
likely some other header used to pull it in, but now it does not.
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
Looks like enabling sssd in sys-auth/pambase created a new cycle:
sys-auth/pambase[sssd] -> sys-auth/sssd -> sys-apps/shadow[pam] -> sys-auth/pambase
Let's break it up at pambase. Also fix a mistake in a comment and sort
the USE flags alphabetically.
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
Any meson package now uses sysroot.eclass as a part of the cross-file
creation and the eclass requires ld.so and ldd to be available in
${ROOT}/usr/bin, so copy over the bin and sbin directories too, just
in case.
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
In order to fix some bash-completion issues, the output of "gcc-config
-l" has changed slightly - it received one more leading space in the
output.
Old output:
[1] aarch64-cros-linux-gnu-15 *
New output:
[1] aarch64-cros-linux-gnu-15 *
This has added another field from cut's point of view, as it was
splitting the line into fields by single spaces, which means that
instead of getting "aarch64-cros-linux-gnu-15" we were getting
"[1]". This has caused grep to match nothing, setting the error status
in PIPESTATUS and finally a function failure.
Instead of fiddling with leading empty fields, just strip the leading
spaces, dammit.
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
