baselayout no longer depends on openrc upstream so remove our
openrc/efunctions use flag and dependency. Depend on efunctions in
coreos-base instead.
Remove os-release and roll back gentoo-release since customizing them is
now handled by the set_lsb_release.
This builds the kernel as an EFI image, allowing it to be booted
directly by UEFI bioses. It also enables the efivars and efivarfs
modules so that EFI variables can be accessed properly when booted in
EFI mode.
This reverts commit b97cfe126f0934d1505e352e17f15d580879d3cc.
The minor device numbers of loop partitions are allocated dynamically
which significantly complicates dunning under Docker which uses a static
/dev. Rolling this back until we can rely on /dev being dynamic.
If git is installed via coreos-dev in the STATE partition it will need
some help finding its install location since it was built thinking it
would be installed in /usr rather than /usr/local.
If the user already exists check that the UID and GID are correct and
modify it (setting shell and home directory) to match what the SDK
expects. This avoids needlessly failing if the user calling cros_sdk is
the 'core' user on a CoreOS machine.
Change new-user creation to copy the user's full name and group instead
of using a generic name and Google's 'eng' group. Also remove the
default password for the account, it isn't needed and uses perl.
opencryptoki sometimes fails to build by trying to install something to
/var/lock which is a symlink to /run but the SDK makes no promise that
/run is mounted and populated. Instead of fixing the ebuild just drop it
and tpm-tools which depends on it since we don't actually need them.
Pair down the old unused sysctl.conf do what is useful for us and
install it into /usr/lib/sysctl.d for systemd to handle.
Installing /srv in the SDK does no harm so do so.
EAPI=5 because, better.
This duplicates sys-apps/baselayout so don't bother. Probably left over
from when baselayout wasn't properly installed with the 'build' use flag
to initialize the filesystem tree.
Remove the following unused users/groups:
- core-access
- polkituser
- pkcs11
- ipsec
- tor
- tcpdump
- debugd
- openvpn
- input
Add groups:
- docker (new group, for things like access to docker socket)
- systemd-journal (exists in sdk, not images. for journal log access)
- dialout (exists in sdk, required by default udev rules)
The core user has access to docker and systemd-journal.
The udev rules are required on our system and refer to non-existent
groups causing udev to spew a bit of useless noise on boot.
The profile.d scripts don't do anything at all.
this fixes a regression where etcd no longer listens on 127.0.0.1 and
the public ip. Fix this up because etcd needs to listen on both for user
convienence and for other cluster members to talk to it.
TODO: Add 127.0.0.1 test to ami test.
I've observed networking between ec2 instances not start working for
somewhere between 40-50 seconds earlier today which caused the test to
fail despite the fact that everything came up properly eventually.
Upping to 90 seconds should better cope with the surprises Amazon has to
offer.
