mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-19 05:21:23 +02:00
Code Issues Packages Projects Releases Wiki Activity
9,654 Commits 625 Branches 394 Tags
Commit Graph

9654 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sayan Chowdhury
75f9c43ee0 Merge pull request #1171 from kinvolk/sayan/move-expat-to-portage 
dev-libs/expat: Remove patches and move to portage-stable
 2021-08-12 09:47:10 +05:30
Kai Lueke
c9e7e6d245 coreos-base/coreos-init: embed new subkey in flatcar-install 
This pulls in
https://github.com/kinvolk/init/pull/45
but from a backport branch "flatcar-2905-backport".
 2021-08-11 18:15:55 +02:00
Mathieu Tortuyaux
8e0014e814 sec-policy/selinux-virt: allow flannel to write into /run 
flannel will write into /run/flannel/... so we need to provide
correct labelling for dir created by docker daemon

Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
 2021-08-11 17:53:58 +02:00
Mathieu Tortuyaux
0cde021595 sec-policy/selinux-virt: allow flanneld to load module 
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
 2021-08-11 17:50:29 +02:00
Dongsu Park
abf87f84dd Merge pull request #1160 from kinvolk/rust-1.54.0-main 
Upgrade dev-lang/rust in main from 1.53.0 to 1.54.0
 2021-08-11 17:06:12 +02:00
Mathieu Tortuyaux
5c5b78cb8d sec-policy/selinux-virt: fix flannel CNI creation 
flannel uses an init container to pull CNI from container to the host
system in `/etc/cni`.
With SELinux, the permission is denied because `/etc/cni` is labelled
with `etc_t` so it can't be access by Docker since it expects `svirt_lxc_file_t`.

Using `filetrans_pattern` we can define a mechanism to create `/etc/cni`
with the correct labels even if it's not yet created - which avoid to
run `restorecon` on `/etc/cni`.

Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
 2021-08-11 16:24:54 +02:00
Flatcar Buildbot
06b6e84d5c app-emulation: Upgrade Runc 1.0.0 to 1.0.1 2021-08-10 14:23:03 +02:00
Kai Lüke
37e0e8d92c Merge pull request #1170 from kinvolk/kai/sssd-faillock 
sys-apps/baselayout: fix sssd LDAP auth with sudo
 2021-08-09 17:40:11 +02:00
Kai Lueke
261ec85cfd sys-apps/baselayout: fix sssd LDAP auth with sudo 
This pulls in
https://github.com/kinvolk/baselayout/pull/18
 2021-08-09 17:38:22 +02:00
Dongsu Park
1e88f9ed1e Merge pull request #1177 from kinvolk/go-1.16.7-main 
Upgrade Go in main from 1.16.6 to 1.16.7
 2021-08-09 16:39:19 +02:00
Flatcar Buildbot
6f654df672 dev-lang: Upgrade Go 1.16.6 to 1.16.7 2021-08-09 07:25:39 +00:00
Flatcar Buildbot
7ec275e5f6 sys-kernel: Upgrade Kernel 5.10.56 to 5.10.57 2021-08-09 07:12:28 +00:00
Dongsu Park
82b0bb1bf0 Merge pull request #933 from kinvolk/dongsu/delete-ccache 
profiles: delete ccache completely
 2021-08-06 11:36:19 +02:00
Dongsu Park
942d66e678 profiles: delete ccache completely 
As we do not use ccache at all, we should simply clean up ccache from
all of the code, to shrink size of the SDK.
 2021-08-06 11:35:06 +02:00
Sayan Chowdhury
7869f54c9c Merge pull request #1152 from kinvolk/sayan/update-nvidia-470.57.02 
nvidia-{drivers, metadata}: Update NVIDIA to 470.57.02
 2021-08-06 14:37:10 +05:30
Sayan Chowdhury
86e391de6d Merge pull request #1166 from kinvolk/linux-5.10.56-main 
Upgrade Linux Kernel in main from 5.10.55 to 5.10.56
 2021-08-06 11:22:16 +05:30
Sayan Chowdhury
6c24e9d8cf dev-libs/expat: Remove patches and move to portage-stable 
The patches applies does not make sense to be removed, hence it would
be better to move `expat` back to portage-stable

Signed-off-by: Sayan Chowdhury <sayan.chowdhury2012@gmail.com>
 2021-08-06 05:40:34 +00:00
Dongsu Park
e63f7ab8dc Merge pull request #1168 from kinvolk/dongsu/glibc-2.33-r5 
sys-libs/glibc: update to 2.33-r5
 2021-08-05 10:08:43 +02:00
Thilo Fromm
5210371270 sys-apps/glibc: add Flatcar changes for 2.33-r5 
- unmask amd64 and arm64
- remove tmpfiles from ebuild inherit so we don't run into a circular
  dep with systemd, use systemd_tmpfilesd instead
- take care of nscd.conf via systemd_tmpfilesd,
  add files/nscd-conf.tmpfiles.
- Don't run sanity checks in pkg_pretend to prevent gcc checks when
  only the binary package is installed.
- comment out 'dostrip -x' to force the OS image binaries to be stripped
- remove everything glibc wants to put under /etc since we use
  baselayout to provide that

Add flatcar specific changes to the build recipe.
Move PYTHON_DEPS to DEPEND so things can build.

Don't run sanity checks in pkg_pretend
(similar change as in glibc-2.29) to prevent
gcc checks when only the binary package is installed.

Based on commit 8d040f93c289.

Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
Signed-off-by: Dongsu Park <dongsupark@microsoft.com>
 2021-08-05 09:53:52 +02:00
Dongsu Park
ce63084f8e sys-libs/glibc: sync with Gentoo for 2.33-r5 
Update glibc to 2.33-r5, mainly to address CVE-2021-35942 .

Gentoo ref: 5cde29d04e2da37ded900130f0f3dea13fcc350f
 2021-08-05 09:38:10 +02:00
Flatcar Buildbot
c72b4d1450 sys-kernel: Upgrade Kernel 5.10.55 to 5.10.56 2021-08-05 07:10:12 +00:00
Jeremi Piotrowski
7cf88348f3 Merge pull request #1162 from kinvolk/jepio/amazon-ssm-agent-xcompile 
amazon-ssm-agent: re-add dependency to oem-ec2-compat
 2021-08-04 10:20:15 +02:00
Dongsu Park
ae2e9e0376 dev-lang/rust: adjust libressl patch for Rust 1.54 
We need to adjust 1.47.0-libressl.patch to Rust 1.54, to fix the build
error caused by the invalid patch.
 2021-08-04 10:19:14 +02:00
Flatcar Buildbot
89e18d585e dev-lang: Upgrade dev-lang/rust 1.53.0 to 1.54.0 2021-08-04 10:19:07 +02:00
Sayan Chowdhury
4052dc2ce5 Merge pull request #1151 from kinvolk/sayan/update-libarchive-3.5.1 
profiles: Remove libarchive-3.3.1 from ACCEPT_KEYWORDS
 2021-08-03 20:15:07 +05:30
Sayan Chowdhury
7d0075e163 Merge pull request #1150 from kinvolk/sayan/update-expat-2.4.1 
dev-libs/expat: Sync with Gentoo upstream; updates to 2.4.1
 2021-08-03 20:14:36 +05:30
Sayan Chowdhury
2726b348d6 profiles: Remove libarchive-3.3.1 from ACCEPT_KEYWORDS 
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
 2021-08-03 19:50:09 +05:30
Sayan Chowdhury
ae033984a8 Merge pull request #1157 from kinvolk/linux-5.10.55-main 
Upgrade Linux Kernel in main from 5.10.52 to 5.10.55
 2021-08-03 19:33:20 +05:30
Jeremi Piotrowski
cbc6a8fb90 coreos-base/oem-ec2-compat: make ssm agent conditional on ec2 
and properly include all deps in RDEPEND.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2021-08-03 13:32:26 +00:00
Jeremi Piotrowski
26767b01aa Revert "Revert "Build app-emulation/amazon-ssm-agent with EC2 AMI images"" 
Now that the OEM partition is a btrfs partition with compression, we have
enough space to install ssm agent.

This reverts commit b6abb59c544be13e923a3e7240b5c9395c281fca.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2021-08-03 12:55:42 +00:00
Jeremi Piotrowski
0875344378 app-emulation/amazon-ssm-agent: cross-compile and use correct go version 
The ebuild was missing a call to go_export() which exports GOARCH, and so was
always built for host architecture. While COREOS_GO_VERSION was specified as
go1.12, src_compile() has to use '${EGO}' to make use of it, so we were
building with go1.16 (latest).  Upstream builds with 1.12 for this version, so
we will do the same.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2021-08-03 12:33:48 +00:00
Jeremi Piotrowski
ba7b460518 Merge pull request #1130 from kinvolk/jepio/arm64-sdk-support 
enable arm64 SDK bootstrap
 2021-08-03 14:28:15 +02:00
Kai Lüke
393a8aa440 Merge pull request #1159 from kinvolk/kai/network-cleanup-wait 
sys-kernel/bootengine: finish network-cleanup.service before rootfs switch
 2021-08-03 10:45:41 +02:00
Kai Lüke
1b2ab70890 sys-kernel/bootengine: finish network-cleanup.service before rootfs switch 
This pulls in
https://github.com/kinvolk/bootengine/pull/27
 2021-08-03 10:45:23 +02:00
Kai Lüke
2148ced2f2 Merge pull request #1153 from kinvolk/kai/ignition-oem-auto 
sys-apps/ignition: Ignore filesystem format mismatches for the OEM partition
 2021-08-03 10:39:59 +02:00
Kai Lüke
9139387127 sys-apps/ignition: Ignore filesystem format mismatches for the OEM partition 
This pulls in
https://github.com/kinvolk/ignition/pull/22
 2021-08-03 10:39:40 +02:00
Dongsu Park
c449236fb1 Merge pull request #934 from kinvolk/dongsu/delete-boost-build-1.67 
dev-util/boost-build: delete boost-build 1.67
 2021-08-03 10:26:59 +02:00
Sayan Chowdhury
39db514ce3 dev-libs/expat: Apply Flatcar changes 
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
 2021-08-02 22:22:14 +05:30
Sayan Chowdhury
564f8f7b1d dev-libs/expat: Sync with Gentoo upstream; updates to 2.4.1 
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
 2021-08-02 22:22:14 +05:30
Sayan Chowdhury
af9d9bc3ca nvidia-{drivers, metadata}: Update NVIDIA to 470.57.02 
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
 2021-08-02 22:21:24 +05:30
Dongsu Park
349a9ba532 Merge pull request #1129 from kinvolk/dongsu/github-actions-exclude-rcbeta 
.github: list only ebuilds with a unique VERSION_OLD for runc
 2021-08-02 14:12:17 +02:00
Kai Lüke
3088fd3cac Merge pull request #1138 from kinvolk/kai/dm-verity-corruption-panic 
sys-kernel/bootengine: issue a kernel panic on dm-verity corruption
 2021-08-02 13:34:24 +02:00
Kai Lüke
ee14557288 sys-kernel/bootengine: issue a kernel panic on dm-verity corruption 
This pulls in
https://github.com/kinvolk/bootengine/pull/26
 2021-08-02 13:34:08 +02:00
Dongsu Park
40f5f348af Merge pull request #1127 from kinvolk/firmware-20210716-main 
Upgrade Linux Firmware in main from 20210511 to 20210716
 2021-08-02 12:26:29 +02:00
Flatcar Buildbot
736682d437 sys-kernel: Upgrade Kernel 5.10.52 to 5.10.55 2021-07-31 07:10:22 +00:00
Kai Lüke
eb06982881 Merge pull request #1146 from kinvolk/kai/gce-oem-net-admin 
coreos-base/oem-gce: grant CAP_NET_ADMIN to set routes for LB
 2021-07-30 18:31:08 +02:00
Mathieu Tortuyaux
22c2e57360 Merge pull request #1149 from kinvolk/tormath1/fix-457 
docker/torcx: disable SELinux by default on `dockerd` wrapper script
 2021-07-30 15:00:12 +02:00
Kai Lüke
9a70c06140 Merge pull request #1145 from kinvolk/kai/cilium_vxlan 
coreos-base/coreos-init: prevent networkd interference with cilium_vxlan
 2021-07-30 14:10:49 +02:00
Dongsu Park
b37bce7dff sys-kernel/coreos-firmware: fix builds by updating CXGB version 
Fix build failures by updating CXGB firmware version to 1.26.0.0.
 2021-07-30 11:03:41 +02:00
Mathieu Tortuyaux
be50e579c8 app-emulation/docker: update wrapper to disable selinux 
this is now the default behavior - since this script is deprecated
we do a minimum update on it

Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
 2021-07-30 10:34:03 +02:00