flatcar-scripts

mirror of https://github.com/flatcar/scripts.git synced 2026-04-15 18:41:28 +02:00

Author	SHA1	Message	Date
Krzesimir Nowak	6accd26027	overlay coreos-dev/sdk-depends: Add dev-python/backports-zstd This is being pulled into stage1 through bootstrap use. Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	b5ce67ce94	.github: Add dev-python/backports-zstd to automation Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	1525d22c8f	dev-python/backports-zstd: Add from Gentoo It's from Gentoo commit 5867e28cbfb4bf12ac5397e9dd35fd77dbfa1aab. Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	74ba4c41ed	Force installing some selinux libraries into selinux sysext Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	3882bd2a5d	overlay profiles: Move python packages as provided to the prod profile We want to install some SELinux tools written in python to the selinux sysext. Sysexts use the generic profile, so the entries for those packages need to be moved into generic/prod profile. Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	eaaed3bba6	overlay profiles: Build only the mcs SELinux policy Building multiple policies is pointless - changing the policy at runtime would require relabeling the filesystem, which will not work, because /usr is read-only. Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	7a818b053d	build_library/extra_sysexts.sh: Add selinux sysext Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	5fa4f274ad	build_library/extra_sysexts.sh: Sort entries Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	25dfe6a771	DEBUG Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	71dc520cbc	build_library: Pass --selinux flag to build_sysext Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	c89cf7548c	build_sysext: Add --selinux flag and use it to build policies For built-in sysext, we may not have yet any policies built, so the relabeling won't work. To fix the situation, so we need to temporarily build them ourselves. Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	e0cc978690	build_sysext: Fix a crash when there were no forbidden packages Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	f1ab0601e6	build_library: Move and fix pkg_use_enabled into There were two problems with pkg_use_enabled: 1. It did not detect force-enabled or masked USE flags correctly - selinux USE flag is force-enabled and is shown in the output inside parentheses. 2. It was defined in board_options.sh which injects some command line flags and globals that are not related to the function. Since pkg_use_enabled was only used so far for checking the selinux USE flags, add a function is_selinux_enabled and use the newly added function in the currently only user of pkg_use_enabled. Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	63b06c82a2	overlay coreos/user-patches: Update patch for selinux policies Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	e7c2a0b81c	build_sysext: Factor out install root to a variable Made it easier to change its path. Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	5016569e44	build_sysexts: Relabel sysexts too Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	b3fbf3df58	overlay coreos/config: Add pam_selinux to systemd PAM configs Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	3f52571c6f	overlay profiles: Drop sec-policy/selinux-ntp from package.provided We have pulled enough policies for the build problem to go away. Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	88c7bcb097	overlay coreos/user-patches: Drop systemd patches related to SELinux issues Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	42ea00ec5e	overlay coreos/user-patches: Add a patch for crossdev Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	053f9be6d8	HACK: sys-libs/glibc: Enable selinux even when cross-compiling Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	7871c11903	overlay coreos-base/coreos: Add more selinux policy packages Some of those policies are pulled in by sysext packages. We want the policies to be in the base image, so we can build them and be applicable for sysext contents. Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	5aa4b7da2a	build_library: Forbid SELinux policy packages in sysexts Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	b84b28dc9d	build_sysext: Allow specifying forbidden packages in sysexts Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	b55be6f0d1	build_library: Relabel the whole filesystem Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	aaf5ccb019	build_library: Fix pkg_use_enabled "equery uses" ignores forced or masked USE flags by default. In our case, the selinux USE flag is forced, so stop ignoring it with --forced-masked flag. Update the regexp to catch the forced USE flags too and modernize the function a bit. Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	4008a89cd8	build_library: Building selinux policy Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	4cd4262521	overlay profiles: Move python from package.mask to package.provided for prod Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	bc301db1ed	build_toolchains: Break dep loop and handle more dependencies Switching to a selinux profile caused more USE flags to be enabled (selinux, audit, caps), thus more dependencies to be pulled. More dependencies caused two things: - cyclic dependencies appeared - sys-apps/baselayout is being pulled in Cyclic dependencies need to be handled in a similar way it was done in build_packages, thus factor out the code doing it into a separate and reusable part. The dependency on baselayout needs to be handled by installing the package as a first thing in $ROOT, followed by a more careful way of copying things from $SYSROOT to $ROOT (due to split-usr differences), followed by installing the rest of the packages. Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	fe256e30b2	build_toolchain: Do not leak variables Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	14b977cb4f	overlay profiles: Force static-libs on sys-libs/libsepol to fix bootstrap Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	d1997dbc08	overlay coreos/config: Add further Flatcar modifications for sys-apps/policycoreutils Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	764f4ede10	overlay profiles: Allow python for sys-process/audit Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	ab815e4de8	overlay coreos/config: Add further modifications to sys-process/audit Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	c868368282	.github: Add dev-python/networkx to automation Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	ad502e0a96	dev-python/networkx: Add from Gentoo It's from Gentoo commit 2d25fad95cbaa525c8945d8e582c749d49524f49. Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	a78d7205b8	.github: Add sys-apps/selinux-python to automation Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	81a1248220	sys-apps/selinux-python: Add from Gentoo It's from Gentoo commit 1f169055faba2cf169efde90fc70c0c2c657204e. Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	5181de137c	overlay profiles: Do not pull app-admin/setools into prod images Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	da96fc636e	.github: Add app-admin/setools to automation Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	7017e066d9	app-admin/setools: Add from Gentoo It's from Gentoo commit e96f3f5c911c831949de872f43bbb4ebd511fadb. Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	e63aaa2680	overlay coreos/user-patches: Drop a patch for sys-libs/libsemanage We apply the fix in a different way. Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	b677dcc5a0	overlay coreos/config: Add python stuff to install mask for prod images Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	0d02b23d97	.github: Add sys-apps/policycoreutils to automation Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	6a0a9c6295	sys-apps/policycoreutils: Sync with Gentoo It's from Gentoo commit ef1013be87a2c4ede3d16c2557881505b93c3996. Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	6ed7455518	overlay sys-apps/policycoreutils: Move to portage-stable Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	ef87014121	.github: Add sys-libs/libsemanage to automation Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	b8f205f41f	sys-libs/libsemanage: Sync with Gentoo It's from Gentoo commit 2a36cce420348509e5c8a75d75647c200f39b2bc. Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:09 +01:00
Krzesimir Nowak	c5efcd696d	overlay sys-libs/libsemanage: Move to portage-stable Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:08 +01:00
Krzesimir Nowak	01c453103b	overlay coreos/config: Add Flatcar modifications for sys-libs/libsemanage Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>	2026-03-20 15:12:08 +01:00

1 2 3 4 5 ...

34885 Commits