None of these modifications are Flatcar-specific. We are trying to
upstream them in https://github.com/gentoo/gentoo/pull/31615. When
they reach Gentoo, we can move net-misc/openssh to portage-stable.
An exception from above paragraph is marking the ebuild as stable on
amd64 and arm64.
```
make[1]: Leaving directory '/build/amd64-usr/var/tmp/portage/sys-kernel/coreos-modules-6.6.8/work/coreos-modules-6.6.8/build'
make: Leaving directory '/build/amd64-usr/var/tmp/portage/sys-kernel/coreos-modules-6.6.8/work/coreos-modules-6.6.8/source'
* ERROR: sys-kernel/coreos-modules-6.6.8::coreos failed (configure phase):
* Requested options not enabled in build:
* CONFIG_DEBUG_CREDENTIALS
*
* Call stack:
* ebuild.sh, line 136: Called src_configure
* environment, line 2498: Called coreos-kernel_src_configure
* environment, line 901: Called die
* The specific snippet of code:
* die "Requested options not enabled in build:
* ${missing}";
```
Upstream commit: ae1914174a
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
* sys-kernel/coreos-modules: Enable mmc_block as a module
* overlay sys-kernel/bootengine: Install mmc_block module in initrd
Signed-off-by: Pysen X <pysen@svartavillan.se>
To upgrade, the following changes were required:
* added Changelog
* switched to Linux kernel 6.6.7 sources
* reverted pahole flags - the system halts otherwise with
Linux kernel / initrd modules not found
* removed the source symlink deletion, as it the symlink
is no longer generated
* updated or removed Linux kernel configs:
* CONFIG_AUTOFS4_FS -> renamed to AUTOFS_FS
* CONFIG_IXGB -> renamed to CONFIG_IXGB
* CONFIG_EDAC_I5000 -> CONFIG_BROKEN
* CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER -> removed
* CONFIG_IP_NF_TARGET_CLUSTERIP -> removed
* CONFIG_MICROCODE_AMD -> removed
* CONFIG_NET_SCH_CBQ -> removed
* CONFIG_NET_SCH_DSMARK -> removed
* CONFIG_NFT_OBJREF -> removed
- Merge all the patches into one. Previously there were a bunch of
smaller patches, but their filenames and their contents did not
really explain what they were fixing.
- Document some of the changes that we have made. Try to put as much
information about our own modifications.
- Drop deprecated killall(kernel_t), mcs_file_read_all(kernel_t),
mcs_file_write_all(kernel_t), mcs_ptrace_all(kernel_t).
- Add more changes to cover more of the AVCs we were getting.
All the sec-policy/selinux-* packages contain policies from the same
tarball. Which means that for the sake of consistency we should be
applying our patches for every sec-policy/selinux- package. Currently
we have six such packages, so for each of those packages have a
symlink that points to the common selinux patches directory.
