This change explicitly calls python3 (instead of python) in pycmd
so portage commands work (as we ship python 2, too, and it's still
the default).
Also, 'static-libs' and 'opempn' are added to the
bootstrap emerge USE flags (stage 3 of the bootstrap-sh script,
which is run in stage 2 of the SDK catalyst bootstrapping process):
- 'static-libs' un-breaks the zlib build: zlib installed has this flag
set and zlib requested per emerge command line in
bootstrap.sh stage 3 needs this flag to prevent a slot conflict.
- 'openmp' is to honor requirements of newer versions of GCC and is
added according to Gentoo guidelines published here:
https://wiki.gentoo.org/wiki/User:Sakaki/Sakaki%27s_EFI_Install_Guide/Building_the_Gentoo_Base_System_Minus_Kernel#Gentoo_Bootstrap_Remix:_Progressing_from_Stage_1_to_Stage_2
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
As Flatcar relies on systemd-networkd for network configurations,
it is not needed to keep dhcpcd in production images at all.
According to the commit
https://github.com/kinvolk/coreos-overlay/commit/9be90f06e838 ,
it was added back in 2014 just because systemd-networkd was not mature
enough. That was already ~7 years ago, so we can safely assume that
the issue had been already gone, so we can simply use systemd-networkd.
Initially I moved the eclass to overlay and modified them there to
avoid making customizations in portage-stable, but for some reason
portage cannot locate these eclasses when building packages from
portage-stable.
This change is to avoid masked packages and resulting fromt that build
failures like:
!!! All ebuilds that could satisfy "x11-misc/makedepend" have been masked.
!!! One of the following masked packages is required to complete your request:
- x11-misc/makedepend-1.0.5::portage-stable (masked by: invalid: DEPEND: USE flag 'ppc-aix' referenced in conditional 'ppc-aix?' is not in IUSE)
Hopefully these customizations will go away once we update the
eclasses and packages that inherit these eclasses.
As `dev-libs/nss` is not used anywhere, let's simply remove nss.
The only ebuild that pulls in is `net-misc/curl`, but only if the USE
flag `nss` is enabled. As the `nss` flag is disabled for curl, we do
not need to keep `dev-libs/nss` at all.
Update dhcpcd to 8.1.9 to address the following security issues:
* CVE-2019-11577
* CVE-2019-11766
Note, dhcpcd is not a standard tool of Flatcar, because by default
networking is configured via systemd-networkd. We update the package
just for potential use cases that still depend on dhcpcd. However,
in the long term, we should not ship dhcpcd in the production images.
Now that curl has its own license file, it should be also added to
`MISC-FREE` license group, just like Gentoo.
Simply sync `license_groups` with Gentoo.
Now that curl >= 7.70 requires its own license file, we need to make
it included in the SDK, so that `/var/gentoo/repos/gentoo/licenses/curl`
can be available. Without that file, the image build step fails due to
a missing license file for curl.
We need to update net-misc/curl to 7.74.0, mainly to address the
following security issues:
* CVE-2020-8169
* CVE-2020-8231
* CVE-2020-8284
* CVE-2020-8285
* CVE-2020-8286
Github Actions for Rust started failing with following errors:
```
Error: Unable to process command '::set-env name=PULL_REQUEST_NUMBER::718' successfully.
Error: The `set-env` command is disabled. Please upgrade to using
Environment Files or opt into unsecure command execution by setting the
`ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For
more information see:
https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
```
It happens because we have used peter-evans/create-pull-request@v2,
which did not have a bug fix for the set-env issue.
The bug was fixed in create-pull-request
[v3.4.1](https://github.com/peter-evans/create-pull-request/releases/tag/v3.4.1).
So we just need to update the version to `v3`, which already includes
v3.4.1.
It is already possible to enable kernel config `CONFIG_DEBUG_INFO_BTF`
using dwarves 1.18 included in the current Flatcar SDK, as long as its
arch is amd64.
However, Kernel build fails in case of arm64, when Kernel version is
>= 5.9 and dwarves version is <= 1.18, like the following:
```
+ pahole -J .tmp_vmlinux.btf
PAHOLE: Error: Found symbol of zero size when encoding btf
(sym: '__kvm_nvhe_arm64_ssbd_callback_required', cu: '../source/arch/arm64/kernel/cpu_errata.c').
PAHOLE: Error: Use '-j' or '--force' to ignore such symbols and force emit the btf.
../source/scripts/link-vmlinux.sh: line 141: 1929102 Segmentation fault
```
The bug was fixed via
https://git.kernel.org/pub/scm/devel/pahole/pahole.git/commit/?id=2e719cca6672,
("btf_encoder: revamp how per-CPU variables are encoded").
The fix was first included in dwarves
[1.19](https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tag/?h=v1.19).
Thus we need to get dwarves 1.19 included in Flatcar SDK, so that the
next Alpha Kernels could have `CONFIG_DEBUG_INFO_BTF` enabled.
This commit introduces Flatcar specific modification
to the Gentoo recipes for updating to gcc-9.3.0 introduced
in the previous commit. The changes are required
in order to make things build with the Flatcar SDK.
The commit also removes old, stale, unused recipes.
The changes include:
dev-util/perf/perf-4.9.13.ebuild: fix binutils ebuild RDEPEND
dev-util/perf/perf-5.8.ebuild: remove python3_{8} compat; unmask arm64, amd64
sys-devel/binutils: remove old, stale versions
sys-devel/binutils/binutils-2.35.ebuild: backport to EAPI6 because our
outdated emerge does not handle BDEPEND dependencies correctly,
resulting in BDEPEND being pulled in as runtime deps.
Unmask for amd64 and arm64.
sys-devel/binutils/binutils-9999.ebuild: backport to EAPI6
net-dns/dnsmasq: remove old, stale versions
sys-devel/crossdev: remove old versions
sys-devel/gcc: remove old versions
sys-devel/gcc/gcc-9.3.0-r1.ebuild: use EAPI6 because of emerge
BDEPEND issue (see above)
sys-devel/libtool/libtool-2.4.6-r6.ebuild: use EAPI6 because of emerge
BDEPEND issue (see above)
sys-kernel/linux-headers: remove old versions
ys-kernel/linux-headers/linux-headers-5.8.ebuild: unmask for amd64, arm64
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
This commit includes the necessary changes to upgrade the SDK
compiler to gcc-9.3.0. The changes include:
eclass: update toolchain.eclass to EAPI7
acct-(user|group): add dnsmasq user / group
net-dns/dnsmasq: update to dnsmasq-2.82
dev-util/perf: update to perf-5.8.ebuild
sys-devel/binutils: update to binutils-2.35.ebuild
sys-libs/binutils-libs: update to binutils-libs-2.35.ebuild
sys-devel/crossdev: update to crossdev-20200801.ebuild
sys-devel/gcc: update to gcc-9.3.0-r1.ebuild
sys-devel/libtool: update to libtool-2.4.6-r6.ebuild
sys-kernel/linux-headers: update to linux-headers-5.9.ebuild
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
To build Kernel with `CONFIG_DEBUG_INFO_BTF`, we need to get pahole, a
part of dwarves included in the Flatcar SDK.
So simply import `dev-util/dwarves` from upstream Gentoo.
To be able to build `net-fs/samba` 4.11, we need to import
`net-libs/gnutls` from upstream Gentoo. Since gnutls is one of the
hard requirements of upstream Samba, we are not able to disable the
dependency on gnutls.
Now that `dev-lang/tcl` is included in SDK, we can now build
dev-db/sqlite without having to rely on third-party patches
in coreos-overlay.
So simply sync sqlite with Gentoo upstream, and update to the latest
version 3.33.0.
Now that dev-libs/glib was updated to 2.64.5, we need to also update
dev-util/gdbus-codegen to 2.64.5.
Otherwise we would see strange slot conflicts like:
```
* Error: The above package list contains packages which cannot be
* installed at the same time on the same system.
(dev-libs/glib-2.64.5:2/2::portage-stable, ebuild scheduled for merge) pulled in by
>=dev-libs/glib-2.58.3:2 required by (dev-util/gdbus-codegen-2.58.3:0/0::portage-stable, binary scheduled for merge)
(dev-util/gdbus-codegen-2.58.3:0/0::portage-stable, binary scheduled for merge) pulled in by
dev-util/gdbus-codegen required by (coreos-base/hard-host-depends-0.0.1-r194:0/0::coreos, binary scheduled for merge)
```
