The "flatcar-linux" github org was renamed to "flatcar". There are no
github redirects in this case, thus we have to fix the links.
Left to do are the patch files.
This Flatcar dependency needs to be now explicitly pulled in the OS
since this commit: 4a06200e9d
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
To make Github Actions of LTS-2021 work with SDK containers,
checkout_branches needs to take an additional parameter
CHECKOUT_SCRIPTS. That defaults to true, but false only for LTS-2021.
To be able to make each apply patch script run with SDK containers,
we need to pass additional env variables like PACKAGES_CONTAINER or
SDK_NAME.
Note, in case of LTS-2021, we need to also pass CHECKOUT_SCRIPTS=false,
to make LTS-2021 run with the script run_sdk_container.
Now that Flatcar SDK does not support cork of mantle any more,
we need to migrate the Github Actions of coreos-overlay to the
new container SDK based approach.
Simply download a container image of the latest Flatcar release,
run the container, generate patches from there.
Note, since the Flatcar scripts repo of LTS-2021 still does not
have necessary Container SDK scripts like run_sdk_container, we
need to skip checking out a specific base branch in case of
LTS-2021.
Since rsync 3.2.4, IUSE_CPU_FLAGS_X86="sse2" does not exist any
more in upstream ebuilds. So it is not necessary to disable
`cpu_flags_x86_sse2` USE flag for avoiding cross toolchain build
failures.
- Fix config install paths, use systemd-tmpfiles (all configs should
be installed to /usr and tmpfiles should be used to create and fix
directory permissions instead of the ebuild's postinst.)
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
The m3.small.x86 instance type had no serial console output because
ttyS0 was used because the GRUB CPU check didn't trigger. It seems that
most instances had i386 reported but this new one not (maybe EFI is
used here?).
Extend the GRUB check to cover both i386 and x86_64 when setting up the
serial console. For arm64 this still shouldn't be needed and the
defaults worked so far.
- Carry over our custom tmpfiles and securetty files
- Remove /etc files and install them to /usr, use tmpfiles
- Switch /etc/login.defs edits to /usr/share/shadow/login.defs
- Drop moving passwd out of /usr since we don't have split-usr
- Drop pkg_postinst
- Make BDEPEND independent from DEPEND (The `BDEPEND` is a
build-time requirement, so it should not be included in the whole
`DEPEND` list. If it does, an installation of `sys-auth/sssd`
causes other dependencies to be installed not only in the
`/build`, but also under the SDK. That's not what we want, so we
need to exclude `BDEPEND` from the list.)
- Move runstatedir option from configure to make (Now that the
upstream sssd 2.3.1 does not support `--runstatedir` option from
its configure script, we need to remove the option, to unblock the
configure issue like `unrecognized option --runstatedir`. Instead
we need to pass `runstatedir=` to emake commands.)
- Disable realm check for nsupdate (At the moment bind-tools does
not enable `gssapi`, so its `nsupdate` tool is also not able to
run `realm` command. As a result, configure script of `sssd` fails
when running `echo realm | nsupdate`, like `syntax error`.
To avoid such issues, we need to disable the nsupdate check for
now. After we could enable `gssapi` for the SDK correctly, we can
bring back the nsupdate check in the future.)
- Add patch for CVE-2021-3621
- Set the conf dir path explicitly (Without passing the
--with-systemdconfdir flag, the configure script will query
pkg-config for the directory itself. In the cross-compilation
setup that we have, this will result in a path sysroot prepended
to the path twice. systemd.eclass has a workaround for this issue,
but it does not provide an elegant getter of the system
configuration directory, thus we call `_systemd_get_dir`
ourselves.)
- Make it compatible with newer python versions.
- Fix samba version detection by exporting the CPP variable. For
some reason it was empty after the toolchain updates.
- take care of nscd.conf via tmpfiles, add files/nscd-conf.tmpfiles.
- don't run sanity checks in pkg_pretend to prevent gcc checks when
only the binary package is installed.
- comment out 'dostrip -x' to force the OS image binaries to be stripped
- remove everything glibc wants to put under /etc since we use
baselayout to provide that
