The most significant change here is to drop our manual service
enabling in favor of invoking systemctl preset-all and moving the
generated symlinks to /usr.
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
We can add sec-policy/selinux-ntp to package.provided in overlay
profiles - that way we don't need to modify the dependencies of the
sys-apps/systemd package.
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
- Drop unused systemd-256.9 ebuild.
- Drop unused patches and regenerate the rest.
- Pull in a patch from Gentoo.
- Drop Flatcar modifications related to split-usr. We kept those
because SDK used to use split-dir.
- Drop meson options related to quota utilities - the values we
specified were the same as systemd's defaults.
- Disable LLMNR and DNSSEC by default - we are disabling it with
drop-ins in the init repo. We probably could just drop them.
- Preserved keepdir for directories inside /usr and /var. For the
latter, dropped the related entries from our tmpfiles - we are
generating tmpfiles for directories inside /var during image build.
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
In Flatcar we are using modprobe helpers that run depmod in temporary
overlay. systemd-udevd.service may try to load drivers for some block
devices (e.g. ZFS), which ends up calling our helpers, which invoke
mount command. The mount syscalls are forbidden by the default
systemd-udevd syscall filter.
Signed-off-by: Daniel Zatovic <daniel.zatovic@gmail.com>
The increased /boot and /usr partitions meant that we grew all images
types. The raw image had the root partition decreased a bit but the VM
images not, and AWS and Akamai images even got aligned to also have the
larger VM rootfs instead of the raw rootfs. All image types are way
smaller than Azure with its 30 GB size and thus the size had to be
increased. For Azure, however, we already have enough free space and it
is good to avoid increasing the image size because this requires action
for those cases where users had assumed that the image fits into a
hardcoded 30 GB disk.
Reduce the root partition by the amount of blocks that is the difference
between the old and current full disk image size for Azure.
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
When --input-xml is on and --payload-url is off to pass XML data
offline, we need to set payload_url to None and continue running
the DownloadVerify builder instead of returning there.
Pulls in https://github.com/flatcar/ue-rs/pull/93.
Signed-off-by: Dongsu Park <dongsu@dpark.io>
Containerd-2.0 is out of support next week, containerd-2.1 has 6 more months of
support and requires runc-1.3. Containerd-2.1 also supports the erofs
snapshotter.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
The initrd itself is already compressed with xz, so compressing the
modules within with xz as well just makes the image bigger and slower.
Not compressing all the kernel modules in the first place is not such a
clear win because it is zlib and zstd compression that is applied
elsewhere.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
This pulls https://github.com/flatcar/bootengine/pull/113 to fix a
kernel boot warning being printed for three modules that are loaded
explicitly.
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
This is consistent with other sysexts. Note that the sysext must be
enabled at boot time for this to happen, otherwise you need to call
`systemd-tmpfiles --create` and `systemctl daemon-reload` first.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
