As Flatcar relies on systemd-networkd for network configurations,
it is not needed to keep dhcpcd in production images at all.
According to the commit
https://github.com/kinvolk/coreos-overlay/commit/9be90f06e838 ,
it was added back in 2014 just because systemd-networkd was not mature
enough. That was already ~7 years ago, so we can safely assume that
the issue had been already gone, so we can simply use systemd-networkd.
Initially I moved the eclass to overlay and modified them there to
avoid making customizations in portage-stable, but for some reason
portage cannot locate these eclasses when building packages from
portage-stable.
This change is to avoid masked packages and resulting fromt that build
failures like:
!!! All ebuilds that could satisfy "x11-misc/makedepend" have been masked.
!!! One of the following masked packages is required to complete your request:
- x11-misc/makedepend-1.0.5::portage-stable (masked by: invalid: DEPEND: USE flag 'ppc-aix' referenced in conditional 'ppc-aix?' is not in IUSE)
Hopefully these customizations will go away once we update the
eclasses and packages that inherit these eclasses.
As `dev-libs/nss` is not used anywhere, let's simply remove nss.
The only ebuild that pulls in is `net-misc/curl`, but only if the USE
flag `nss` is enabled. As the `nss` flag is disabled for curl, we do
not need to keep `dev-libs/nss` at all.
Update dhcpcd to 8.1.9 to address the following security issues:
* CVE-2019-11577
* CVE-2019-11766
Note, dhcpcd is not a standard tool of Flatcar, because by default
networking is configured via systemd-networkd. We update the package
just for potential use cases that still depend on dhcpcd. However,
in the long term, we should not ship dhcpcd in the production images.
Now that curl has its own license file, it should be also added to
`MISC-FREE` license group, just like Gentoo.
Simply sync `license_groups` with Gentoo.
Now that curl >= 7.70 requires its own license file, we need to make
it included in the SDK, so that `/var/gentoo/repos/gentoo/licenses/curl`
can be available. Without that file, the image build step fails due to
a missing license file for curl.
We need to update net-misc/curl to 7.74.0, mainly to address the
following security issues:
* CVE-2020-8169
* CVE-2020-8231
* CVE-2020-8284
* CVE-2020-8285
* CVE-2020-8286
Github Actions for Rust started failing with following errors:
```
Error: Unable to process command '::set-env name=PULL_REQUEST_NUMBER::718' successfully.
Error: The `set-env` command is disabled. Please upgrade to using
Environment Files or opt into unsecure command execution by setting the
`ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For
more information see:
https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
```
It happens because we have used peter-evans/create-pull-request@v2,
which did not have a bug fix for the set-env issue.
The bug was fixed in create-pull-request
[v3.4.1](https://github.com/peter-evans/create-pull-request/releases/tag/v3.4.1).
So we just need to update the version to `v3`, which already includes
v3.4.1.
