We are going to update it to a newer version, which fixes the build
system issue that was a reason for putting the package in overlay.
This is to get rid of EAPI 5 in the package.
Incase the ebtables tables are not set, the ebuilds links the
ebtables binaries to the legacy version instead of the nft version
Moving to coreos-overlay to link it to xtables-nft-multi.
The next step could be upstream the patches, incase of the usage of
nftables USE flag.
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
We had an accept_keywords for versioned rust in base profile already,
but it was outdated due to a bug in github action. So update it and
move the lines from sdk target to base profile. The accept_keywords
for virtual/cargo package are dropped, because there is no such
package.
Replace any dev-lang/rust version with the current one, and make sure
that the modified files in the profiles directory is actually included
in the patch.
This is a backport of https://github.com/SSSD/sssd/pull/5748 adapted to 2.3.1.
A change was necessary: src/tools/sssctl/sssctl_logs.c wasn't passing
'--no-create' to truncate in 2.3.1 yet.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
- Drop the init.d files.
- Remove the socket unit's rate limiting.
Instead of dropping bindist, enable it with the profiles now so it
doesn't need to be modified on future updates.
Imported commit 20d298fb282ec9d5a060f12aef64c47aede0904d .
Update net-misc/openssh to 8.7_p1-r1, mainly to address CVE-2020-15778.
Goal of the package update is to add the support of a new option `-s`
of scp, i.e. "sftp mode of scp". Openssh 8.7 started to support the
flag, but it is disabled by default. So at the moment users need to
explicitly run `scp -s` to test the feature.
Gentoo ref: 11d6f23704e7ab84191e28e034816bfdb151d406
Now that we started encoding strings to unicode by default,
we should also take care of corner cases, where LC_CYPTE is set to a
different value from the systemd default value in `/etc/locale.gen`.
For example, under a build environment with `LC_CTYPE=C`, when the UTF-8
file name is `AC_Ra�z_Certic�mara_S.A..pem`,
build fails like that.
```
Traceback (most recent call last):
File "/var/tmp/portage/app-misc/ca-certificates-3.27.1-r2/files/certdata2pem.py",
line 127, in <module>
f = open(fname, 'w')
UnicodeEncodeError: 'ascii' codec can't encode character '\xed' in position 5: ordinal not in range(128)
* ERROR: app-misc/ca-certificates-3.27.1-r2::coreos failed (compile phase):
```
To fix that, encode filename with system encoding when opening the file.
This package contained no Flatcar modifications, so in theory it could
be moved to portage-stable. But we also will want to update it to some
recent version that does not depend on python2. But the recent
versions in gentoo use python3.{7,9}, so we will need to change it for
now, since we still use python3.6.
WALinuxAgent falls back to using the `distro` module to figure out the
distribution details in case the `get_linux_distribution` function
from the builtin `platform` module is not able to do it. With the
update of python-oem to python3, the distribution detection broke,
because we stopped carrying a patch that implemented fetching the
distribution information from `/etc/os-release`. It does not make
sense to backport that patch though, because
`platform.get_linux_distribution` is deprecated and removed in python
3.7 or 3.8. So when we update python3 to the newer version, we would
need to add the `distro` module anyway.
Maybe we can drop `distro-oem` module in future, when python-oem will
use version 3.10 and WALinuxAgent starts using the newly added
functionality in 3.10 to figure out the distribution information.
- unmask amd64 and arm64
- remove tmpfiles from ebuild inherit so we don't run into a circular
dep with systemd, use systemd_tmpfilesd instead
- take care of nscd.conf via systemd_tmpfilesd,
add files/nscd-conf.tmpfiles.
- Don't run sanity checks in pkg_pretend to prevent gcc checks when
only the binary package is installed.
- comment out 'dostrip -x' to force the OS image binaries to be stripped
- remove everything glibc wants to put under /etc since we use
baselayout to provide that
Add flatcar specific changes to the build recipe.
Move PYTHON_DEPS to DEPEND so things can build.
Don't run sanity checks in pkg_pretend
(similar change as in glibc-2.29) to prevent
gcc checks when only the binary package is installed.
Based on commit f7a8cd5f1fcc.
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
Signed-off-by: Dongsu Park <dongsupark@microsoft.com>
Now that sys-apps/policycoreutils is pulled in explicitly for both
architectures, we should be able to pull in its dependencies, e.g.
sys-apps/semodule-utils, sys-libs/libselinux, sys-libs/libsemanage,
sys-libs/libsepol. In case of arm64, however, all the ebuilds have
only `~arm64`. So we need to enable the keywords for the ebuilds.
Without the changes, build fails like:
```
!!! All ebuilds that could satisfy
">=sys-libs/libselinux-3.1:=[python?,python_targets_python3_6(-)?,-python_single_target_python3_6(-)]"
for /build/arm64-usr/ have been masked.
!!! One of the following masked packages is required to complete your
request:
- sys-libs/libselinux-9999::coreos (masked by: missing keyword)
- sys-libs/libselinux-3.2::coreos (masked by: ~arm64 keyword)
- sys-libs/libselinux-3.1-r1::coreos (masked by: ~arm64 keyword)
```
Now that Kernel config `CONFIG_ICE` is enabled, its corresponding
firmware file needs to be also in place. However, upstream
linux-firmware tarball does not contain a correct symlink to
`intel/ice/ddp/ice-1.3.26.0.pkg`, but `modinfo ice.ko` shows it
requires `ice.pkg`. So we need to create the symlink to avoid failures
at the firmware scanning stage like below:
```
Missing firmware: intel/ice/ddp/ice.pkg (ice.ko.xz)
```
The image contents are defined by the list in this package and the
dependencies pulled in. Once we would lose some dependency due to
a package change, that would also meant that this dependency's
binaries are not available to the user anymore. To prevent user
binaries from being lost we have to explicitly list them in this
package.
Add the packages that have binaries relevant to the user and are
currently installed (seen in flatcar_production_image_packages.txt
and checked manually). Also add sys-apps/acl which got lost when
removing rkt.
This pulls in
https://github.com/kinvolk/init/pull/47
to randomize OEM filesystem UUID if mounting fails, and to avoid trying
to install the QEMU qcow2 images.
Current cross builds of perl segfault on simple operations such as `perl -V`.
This appears to be due to the cross-build not getting `-fwrapv -fno-strict-aliasing`
passed from the configure script. While we try to get this fixed upstream, we
can monkeypatch our old version of perl to fix this.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
This change results in building the pam_tty_audit additionally, nothing else.
Related to https://github.com/kinvolk/Flatcar/issues/485.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
It produces files with the same contents as the python2 version of the
script, but the filename handling is a bit different wrt. filenames
with weird, non-unicode characters. But overall, it does not affect
anything.
This change adds the "slirp" use flag to qemu (SDK only), enabling
qemu's user networking. This fixes a bug where qemu is unable to start
the Flatcar qemu image:
$ ./flatcar_production_qemu.sh
qemu-system-x86_64: Parameter 'type' expects a netdev backend type
The issue has been discussed on the qemu mailing list:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg786275.html
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
It contained some chromium version of flatcar scripts, from which we
were using the common.sh script in the cros-workon script (from the
now-removed coreos-base/cros-devutils package). It's not used any more
- we updated flatcar scripts to call into its internal copy of
cros-workon.
The package contained scripts that are not used in our workflow, are
unmaintained by us for a number of years now and it presents an
obstacle in porting the packages to python3.
Our scripts are using cert-to-efi-sig-list and flash-var from
efitools, and sbsign from sbsigntools. Currently the cros-devutils
package is pulling in the efitools package, which in turn pull in the
sbsigntools package.
We plan to drop the cros-devutils package, so better be explicit about
the dependencies.
We dropped the installation of the gmerge script a while ago, because
it was not used anywhere and that made one script less to port to
python3 at the time of updating portage to a recent version. Now we
only install the emerge-gitclone script, so rename the package to
reflect this fact.
- Drop binddist from RESTRICT variable
- Drop pkg_postinst
- Create /etc/ssl with tmpfiles (and package it for the SDK).
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
These are no longer used by anything in the tree, after removing old versions
of docker-runc/docker-proxy/containerd.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Upstream builds with go1.16. Additionally fixup the VERSION variable specify the
current Flatcar Docker version 20.10.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Upstream builds go through github.com/docker/docker repo and that builds
with go1.16 with module support disabled.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
I'm not sure if we ever built it - it's not a dependency of anything
at all. Also one of its dependencies, dev-python/pyxenstore, was
dropped in 2014, so the package is broken for about seven years
now. Looks like that the rackspace oem package is rather pulling
nova-agent through the coreos-base/nova-agent-container package.
The containerd config works in mysterious ways - sometimes it acts hierarchical
with respect to the section headers, other times not. In this case, setting
runc.options resets all the fields of the runc section, including
'runtime_type'. Having an unset runtime_type causes containerd to fail to spawn
containers (but the daemon itself starts succesfully) returning the error:
kubelet[13148]: E0823 11:57:17.030551 13148 remote_runtime.go:116] "RunPodSandbox from runtime service failed" err="rpc error: code = InvalidArgument desc = failed to create containerd container: create container failed validation: container.Runtime.Name must be set: invalid argument"
Explicitly set the runtime_type in all containerd configs, and bump the config
version to 2.
Reported as https://github.com/kinvolk/Flatcar/issues/484
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Now that we have dev-util/pkgconfig 0.29.2, there is no need to
keep third-party patch for avoiding cross-build issues in
dev-util/strace. Let's simply drop the patch, and move strace to
portage-stable.
Apparently the `coreos-devel/sdk-extras` was originally meant to work
as a meta package to pull in all the optional packages in the SDK at once.
It has been unmaintained since 2~3 years, so an attempt of `emerge
coreos-devel/sdk-extras` will give you a huge list of conflicts to
resolve. It is difficult to resurrect sdk-extras at the moment.
Delete `coreos-devel/sdk-extras` completely. Doing that, we can delete
more than 20 other packages from the source tree.
Now that coreos-devel/sdk-extras are gone, delete unnecessary configs
in profiles, for app-portage/repoman, dev-go/glide, dev-go/godep,
dev-python/awscli, dev-python/botocore, dev-python/s3transfer.
This version has an officially documented support for python3, so it
plays along our plans of removing python2 in favor of python3. When
the switch actually happens, we will need to update the ebuild to
mention the correct path to python modules. The path contains python
version, which is a hindrance. Would be nice to have it hidden behind
some variable.
There is also a version 2.4.0.2, but it's marked as a prerelease on
github, so decided to package 2.3.1.1 instead.
Upstream has switched to go 1.16, but still doesn't use go modules. The ebuilds
needed fixing up after the automated PR was created.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Set PYTHON_COMPAT to python 3.6 and 3.7 to be suitable for the current
code base.
Add a custom patch to replace error with warning when running autoconf
for cross builds, because libkrb5 is not able to detect
cross-compilation.
Based on 64e33c9f826d8fd951fd58ba1ed70debaf65be8d .
The SystemdCgroup=true setting is incompatible with kubelet
cgroupDriver: cgroupfs. So to prevent kube clusters from failing, we
will be freezing a nodes config.toml during an update. For that purpose,
we install a second configuration file that can then be selected using a
systemd drop-in unit.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Now that Docker has been updated to 20.10, we can use cgroupv2 so have
systemd mount the unified cgroup hierarchy by default. Other ways of
achieving the same would have been to pass 'systemd.unified_cgroup_hierarchy=1'
on the kernel cmdline, but this way the change propagates nicely to all
OEM consumers.
Signed-off-by: Jeremi Piotrowski <jeremi.piotrowski@gmail.com>
The upstream docker repository location has changed to docker/docker.
Additionally, the cli component has been split out which which requires
fetching two hashes and updating two ebuilds. We also took the chance to
align the ebuild with gentoo's, which means there are is no more live ebuild
and no symlink.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
We are switching flatcar to cgroupv2 which is support by docker 20.10 and
kubernetes 1.19. This requires setting the systemd cgroup driver in the kubelet
config.
Due to the unified cgroup hierarchy, kubernetes <1.19 will not work so
remove all older versions.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Compared to previous torcx images the docker-cli package is a separate
package, following upstream Docker repo layout changes.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
The patches do the following:
* install flatcar specific wrappers and systemd config
* force some USE flags to default on
* allow injecting CFLAGS/LDFLAGS so that torcx can work
* force building with go1.13 (like upstream does) - this won't be
necessary next time because docker master already uses go1.16
This is the version needed by docker 20.10.7. ROADMAP.md doesn't exist so it
has been removed from src_install.
Signed-off-by: Jeremi Piotrowski <jeremi.piotrowski@gmail.com>
This is the version used by docker-19.03. We will be updating the live
ebuild to build docker 20.10 dependencies.
Signed-off-by: Jeremi Piotrowski <jeremi.piotrowski@gmail.com>
We use coreos-go* eclass so that we can override several environment
variables and build with the same go version as docker upstream. These
changes are modeled after what was previously done in app-emulation/docker,
the cli ebuild has only been split out since v20.10.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Docker upstream split the cli component into a separate repo, so there is
a separate ebuild that builds the docker utility. This is a prerequisite
of the update of docker to 20.10.
This is an import from portage commit 69d01a4273a556b1205a7a575cb3811ab7e2443d.
Signed-off-by: Jeremi Piotrowski <jeremi.piotrowski@gmail.com>
We use a custom build system to remove the cmake dependency and hardcode
relevant configuration.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Now that runc version follows simple semver semantics, we do not have to
care about number of patches up to an rc version. Remove the obsolete
comments.
flannel will write into /run/flannel/... so we need to provide
correct labelling for dir created by docker daemon
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
