mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-17 09:56:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
9,593 Commits 629 Branches 394 Tags 166 MiB
38a01288e1
Commit Graph

7754 Commits

Author SHA1 Message Date
Kai Lueke
38a01288e1 sys-kernel: allow fips mode to be enabled 
With this kernel config, users can boot with fips=1 set in
`/usr/share/oem/grub.cfg`:
```
set linux_append="fips=1"
```

Which triggers various behaviors, for FIPS 200 certification.

with this config compiled in, and that boot parameter, users can can
that fips is enabled with:
```
flatcar ~ # cat /proc/sys/crypto/fips_enabled
1
```
 2022-01-31 15:07:36 +01:00
Dongsu Park
19a486c58d Merge pull request #1596 from flatcar-linux/dongsu/glibc-2.33-r10 
sys-libs/glibc: update to 2.33-r10
 2022-01-28 16:58:45 +01:00
Krzesimir Nowak
9582e2e795 Merge pull request #1595 from flatcar-linux/linux-5.15.17-main 
Upgrade Linux Kernel in main from 5.15.16 to 5.15.17
 2022-01-28 16:13:55 +01:00
Kai Lüke
456efdeb9a Merge pull request #1589 from flatcar-linux/kai/ipv6-ra 
coreos-cloudinit and bootengine: accept IPv6 RA for default net configs
 2022-01-28 11:08:46 +01:00
Dongsu Park
27bd0429a0 changelog: add changelog for glibc 2.33-r10 2022-01-28 08:43:44 +01:00
Krzesimir Nowak
a752947aec sys-libs/glibc: Apply Flatcar modifications 
- unmask amd64 and arm64
  - take care of nscd.conf via tmpfiles, add files/nscd-conf.tmpfiles.
  - don't run sanity checks in pkg_pretend to prevent gcc checks when
    only the binary package is installed.
  - comment out 'dostrip -x' to force the OS image binaries to be stripped
  - remove everything glibc wants to put under /etc since we use
    baselayout to provide that
 2022-01-28 08:43:44 +01:00
Dongsu Park
2301479ae7 sys-libs/glibc: sync with Gentoo for 2.33-r10 
Update sys-libs/glibc to 2.33-r10, mainly to address CVE-2021-3998,
CVE-2021-3999, CVE-2022-23218, CVE-2022-23219.

Gentoo ref: 7ba56d4da4e3fd2bc0d2c1012f2dc02e448c77d4
 2022-01-28 08:43:40 +01:00
Flatcar Buildbot
e4a527aa27 sys-kernel: Upgrade Kernel 5.15.16 to 5.15.17 2022-01-28 07:22:45 +00:00
Mathieu Tortuyaux
eefde75413 changelog: add entries 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-27 18:08:23 +01:00
Mathieu Tortuyaux
0ce5422e6e sys-auth/polkit: apply Flatcar patches 
- apply duktape patchset from https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/97
 `.gitlab-ci.yml` patch has been removed since file is not shipped in
 archive.
- fix config install paths, use systemd-tmpfiles (All configs should
be installed to /usr and tmpfiles should be used to create and fix
directory permissions instead of the ebuild's postinst.)

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-27 18:08:20 +01:00
Kai Lueke
d341a5b51d coreos-cloudinit and bootengine: accept IPv6 RA for default net configs 
This pulls in
https://github.com/flatcar-linux/coreos-cloudinit/pull/12
and
https://github.com/flatcar-linux/bootengine/pull/30
(https://github.com/flatcar-linux/init/pull/51 is already in)
to also accept Router Advertisements in our default DHCP network
configurations.
 2022-01-27 17:17:12 +01:00
Mathieu Tortuyaux
3bcd2510bc sys-auth/polkit: sync with ::gentoo 
Ref-Commit: 4dbf4f80da2ee7c5e3325d4f25512dc0ed1a4b48

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-27 14:25:53 +01:00
Kai Lueke
e2d87f0d26 coreos-base/coreos-init/coreos-init: pull in latest changes 
This pulls in
https://github.com/flatcar-linux/init/pull/58
(bin/flatcar-update: don't assume $USER is set up, only use $EUID)
and
https://github.com/flatcar-linux/init/pull/51
network: Enable the RAs to fix IPv6 address assignment
 2022-01-26 17:15:03 +01:00
Dongsu Park
66e00de1db Merge pull request #1581 from flatcar-linux/rust-1.58.1-main 
Upgrade dev-lang/rust in main from 1.57.0 to 1.58.1
 2022-01-26 11:27:23 +01:00
Dongsu Park
0652a4584c changelog: add security changelog for Rust 1.58.1 2022-01-25 10:25:12 +01:00
Sayan Chowdhury
44e7c99fe3 Merge pull request #1586 from flatcar-linux/linux-5.15.16-main 
Upgrade Linux Kernel in main from 5.15.15 to 5.15.16
 2022-01-24 23:50:13 +05:30
Mathieu Tortuyaux
4842771f2f Merge pull request #1578 from flatcar-linux/tormath1/krb 
app-crypt/mit-krb5: move to `::portage-stable`
 2022-01-21 11:22:16 +01:00
Mathieu Tortuyaux
adfb599a8a app-crypt/mit-krb5: move to ::portage-stable 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-21 10:25:54 +01:00
Flatcar Buildbot
fcf915f066 sys-kernel: Upgrade Kernel 5.15.15 to 5.15.16 2022-01-21 07:22:58 +00:00
Flatcar Buildbot
0907be99dc dev-lang: Upgrade dev-lang/rust 1.57.0 to 1.58.1 2022-01-21 06:49:01 +00:00
Jeremi Piotrowski
0f908837b9 sys-kernel: backport hyper-v PCI patches from v5.17-rc1 
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-01-20 14:44:47 +00:00
Jeremi Piotrowski
d29ae37389 Merge pull request #1576 from flatcar-linux/runc-1.1.0-main 
Upgrade Runc in main from 1.0.3 to 1.1.0
 2022-01-20 11:45:59 +01:00
Krzesimir Nowak
7ae17b938f Merge pull request #1525 from flatcar-linux/krnowak/no-eapi-update 
Get rid of EAPI 0
 2022-01-20 08:17:35 +01:00
Flatcar Buildbot
cf042a7e72 app-emulation: Upgrade Runc 1.0.3 to 1.1.0 2022-01-19 11:14:29 +00:00
Mathieu Tortuyaux
746b47fc24 Merge pull request #1572 from flatcar-linux/tormath1/openssl 
dev-libs/openssl: sync with the upstream
 2022-01-18 18:05:49 +01:00
Mathieu Tortuyaux
9bb21c4ce1 profiles/keywords: remove openssl 
openssl is marked as stable directly into the Flatcar modifications
commit.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-18 17:03:58 +01:00
Mathieu Tortuyaux
6b16187adc profiles/coreos: unmask openssl-3 
upstream has masked openssl-3 for tracking build failures. Since we are
not impacted by this failures, we can safely unmask openssl-3.

See: https://github.com/flatcar-linux/Flatcar/issues/418 for Flatcar's
dependencies.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-18 16:59:40 +01:00
Mathieu Tortuyaux
b172cf5e6a changelog: add entries 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-18 16:59:40 +01:00
Mathieu Tortuyaux
1a76d69d8d dev-libs/openssl: Apply Flatcar modifications 
- drop `pkg_postint`
- create `/etc/ssl` with tmpfiles
- remove unecessary files
- mark openssl as stable for arm64 and amd64

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-18 16:59:40 +01:00
Krzesimir Nowak
b1018c0c3d Merge pull request #1573 from flatcar-linux/krnowak/eapi-update 
Changes related to app-arch updates
 2022-01-18 16:02:16 +01:00
Flatcar Buildbot
5a4e61fcd0 sys-kernel: Upgrade Kernel 5.15.14 to 5.15.15 2022-01-17 19:15:49 +01:00
Krzesimir Nowak
d4af97831d profiles: Drop keywords for app-arch/pigz 
The updated version is stable for both amd64 and arm64.
 2022-01-17 18:41:32 +01:00
Krzesimir Nowak
65d14d65d4 profiles: Drop keywords for app-arch/pbzip2 
The updated version is stable for both amd64 and arm64.
 2022-01-17 18:40:12 +01:00
Mathieu Tortuyaux
42aec3a36b dev-libs/openssl: sync with the upstream 
Commit-Ref: b258e2593e406538c8ca5029d027f315edc44843

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-17 17:00:31 +01:00
Krzesimir Nowak
275990beb0 app-arch/bzip2: Move back to portage-stable 
We used to keep the package in overlay, because we dropped one Gentoo
patch to avoid some failures when applying updates when updating
payloads. This issue was fixed in bzip2 in a smarter way - we know
this, because we used 1.0.8 version with the fix and we didn't have
any problems so far. No point in keeping the package in overlay then.
 2022-01-14 20:09:41 +01:00
Krzesimir Nowak
da18e43918 sys-libs/berkdb: Drop unused package 2022-01-14 15:08:46 +01:00
Krzesimir Nowak
9fb7e90be0 profiles: Drop virtual/cdrtools keywords 
The virtual/cdrtools package is being dropped in portage-stable.
 2022-01-14 15:08:46 +01:00
Krzesimir Nowak
fd3e1e3f27 coreos-base/hard-host-depends: Replace virtual/cdrtools with app-cdr/cdrtools 
The virtual/cdrtools package is being dropped in portage-stable.
 2022-01-14 15:08:46 +01:00
Krzesimir Nowak
d98a0ac0ca Merge pull request #1548 from flatcar-linux/krnowak/update-profiles 
Drop obsolete stuff after updating profiles
 2022-01-14 14:38:23 +01:00
Jeremi Piotrowski
bdb48fd89a Merge pull request #1564 from flatcar-linux/jepio/fix-mirror-calico 
.github: find latest calico tag when mirroring
 2022-01-14 11:05:47 +01:00
Mathieu Tortuyaux
23df672492 Merge pull request #1565 from flatcar-linux/tormath1/selinux 
sys-apps/policycoreutils: fix policy root path
 2022-01-14 10:18:24 +01:00
Mathieu Tortuyaux
0659f6295f Merge pull request #1563 from flatcar-linux/tormath1/mantle 
coreos-devel/mantle: bump with 0.18.0
 2022-01-14 10:17:22 +01:00
Mathieu Tortuyaux
832bdb51fc sys-apps/policycoreutils: fix policy root path 
root needs to be specified with -p instead of -S.
The policy dir (-S) defaults to (-p) + /var/lib/selinux/ + (-s).

Picked from upstream: 54a8322d18

Closes: https://github.com/flatcar-linux/Flatcar/issues/596
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-14 09:57:39 +01:00
Jeremi Piotrowski
886b11bf1d .github: find latest calico tag from tigera operator 
The mirror-calico workflow has been failing because it currently determines
version=v3.22.0-0.dev-typha, which is not the tag used by the individual
container images. Rewrite the version logic to determine the version based on
what is in the tigera operator manifest. This is the same manifest that we use
to deploy calico in mantle.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-01-13 14:44:04 +01:00
Krzesimir Nowak
1cca5f4eeb Merge pull request #1556 from flatcar-linux/krnowak/iputils-update 
Changes for net-misc/iputils update
 2022-01-13 11:46:47 +01:00
Krzesimir Nowak
a2ff448eb2 Merge pull request #1560 from flatcar-linux/linux-5.15.14-main 
Upgrade Linux Kernel in main from 5.15.13 to 5.15.14
 2022-01-13 11:40:44 +01:00
Krzesimir Nowak
2d5ef69eed sec-policy/selinux-base-policy: Add a patch for ping 
This is to allow users to run ping -I with some IP address or network
interface.

Patch based on:

https://github.com/fedora-selinux/selinux-policy/pull/403
 2022-01-12 18:09:50 +01:00
Krzesimir Nowak
6f3975b9b1 sec-policy/selinux-base: Add patch for ping 
The patch adds stuff that another patch in
sec-policy/selinux-base-policy will use to allow user to call "ping -I
<IPADDRESS>".

Patch based on:

https://github.com/fedora-selinux/selinux-policy/pull/403
 2022-01-12 18:08:58 +01:00
Mathieu Tortuyaux
96bac22bc0 changelog: add entry 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-12 17:14:33 +01:00
Mathieu Tortuyaux
e155b78955 coreos-devel/mantle: sync with upstream release 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-12 17:11:30 +01:00