This commit add 2 different Github actions that run once in a day,
one for Alpha, Kernel 4.19, and the other for Edge, Kernel 5.5.
Because of limitations of Github Actions, i.e. create-pull-request
actions, we cannot combine the two actions into one.
Also we need to create a patch and apply it to the top source directory,
since the create-pull-request action requires the changes in the top
directory.
Although we are not updating flatcar-master branch, (only Alpha and
Edge) the Github actions files need to be merged to flatcar-master,
because Github actions can only schedule cron jobs from the default
branch, flatcar-master.
The caching git web view which was used as source location is not
reliable because the cache can be corrupt, the gzip compression of the
snapshot can change, and the cache is produced by the web server which
is not there to give high security guarantees. We experienced cache
corruption.
Switch to the recommended mirror under
https://mirrors.edge.kernel.org/pub/linux/kernel/firmware/
which also hosts signatures and not having the downsides mentioned
above. This is a downstream change until upstream Gentoo changes the
location.
Update rust ebuild 1.44.1 to get it synced with upstream Gentoo.
Now that rust was updated to 1.44.1, we need to update patch files
and ebuilds, so that it can build without build failures.
When the GnuPG keyserver is set to `keys.openpgp.org`, `gpg --recv-keys`
occasionally fails with the following error:
```
gpg: key E52F0DB391453C45: no user ID
```
We need to make GnuPG accept keys even without UIDs.
Original patches come from
f292beac11/debian/patches/import-merge-without-userid .
See also https://dev.gnupg.org/T4393 .
Enable kernel config
[CONFIG_IKHEADERS](435faf5c21/init/Kconfig (L610-L617)
),
to make Kernel export kernel headers via `/sys/kernel/kheaders.tar.xz`.
Then bpf-related tools can be used without additional kernel headers in
userspace.
This reverts commit 517e23ebfe96137f1482ae42f8b29fc2f1b31317.
The new USE flag `ssl` for wget resulted in a strange issue.
`wget` started to pull in `dev-libs/openssl`, which has `bindist` in its
USE flag. The catalyst stages, however, need to install wget without
`bindist`. Such mismatches resulted in errors like:
```
!!! All ebuilds that could satisfy "dev-libs/openssl:0=" for /tmp/stage1root/ have been masked.
!!! One of the following masked packages is required to complete your request:
- dev-libs/openssl-1.0.2u::coreos (masked by: bindist in RESTRICT)
```
So to fix the issue, what needs to be done is basically:
```
ACCEPT_RESTRICT=bindist USE=-bindist emerge -pv openssl openssh
```
Unfortunately it is not possible to set `accept_restrict` configs
under the coreos-overlay repo. We need to have some time to investigate
why it is so.
As a hotfix, we need to revert the `ssl` USE flag for wget.
