selinux-base requires python to generate xml files, but the dependency
is implicit (through policycoreutils). Flatcar made that dependency
conditional on USE=python in policycoreutils so that we don't include
python in our images, but this causes selinux-base to fail depending on
ordering in the bootstrap process.
Fix that failure by addin an explicit dependency.
The build has been failing occasionally, due to some kind of race condition.
The last lines of log output look like this:
Updating policy/booleans.conf and policy/modules.conf
python3 -t -t -E -W error support/sedoctool.py -b policy/booleans.conf -m policy/modules.conf -x doc/policy.xml
support/sedoctool.py exiting for: Error while parsing xml
make: *** [Makefile:415: conf.intermediate] Error 1
* ERROR: sec-policy/selinux-base-2.20200818-r2::coreos failed (configure phase):
* emake failed
Try to fix this by forcing a sequential build.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
PR https://github.com/flatcar-linux/coreos-overlay/pull/432 started
to replace `dev-lang/rust` in accept_keywords with its new version.
However, its corresponding `virtual/rust` has never been updated.
That issue had been hidden until
4463efcfd4
started adding `virtual/rust` to accept_keywords.
Unlike `dev-lang/rust`, keywords for `virtual/rust` stayed with old
versions. As a result, subsequent Github Actions PRs for rust become
all invalid, so build failures.
Fix the issue by replacing versions of `virtual/rust` with new versions.
Also try to match with version specifiers, not only `=` but also `>=`,
'<=', '~'.
Currently the os/sdk and os/toolchains job perform a chroot update whose
results are immediately discarded because the rest of the build uses a fresh
chroot and catalyst. Towards the end of a release period this can extend the
build time by about an hour (longer if rust is involved).
Introduce a `--setuponly` flag that bails after the chroot configuration, and
the skips chroot update.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
and add script used for that purpose. This requires access to a github PAT
with 'repo.status' permissions.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
trousers supports TPM 1.2, and fails for TPM 2. This commits
skips the tcsd service if TPM 2 is detected.
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
with the OpenSSLv3 upgrade, `update_engine` is not fully compatible yet.
See the associated issue for more details.
Let's keep the deprecated SHA functions in the meantime to run the
build.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
trousers supports TPM 1.2, and fails for TPM 2. This commits
skips the tcsd service if TPM 2 is detected.
Uses ConditionSecurity introduced in systemd v248
Fixesflatcar-linux/Flatcar#208
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
