mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-16 17:36:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
9,905 Commits 629 Branches 394 Tags 165 MiB
809e511e67
Commit Graph

8040 Commits

Author SHA1 Message Date
Jeremi Piotrowski
f5b92b623f Merge pull request #1757 from flatcar-linux/jepio/workflows-lbzip2 
.github/workflows: install lbzip2 to speed up sdk creation
 2022-03-24 10:10:54 +01:00
Jeremi Piotrowski
cdd948d1c6 .github/workflows: install lbzip2 to speed up sdk creation 
Our github actions use cork to create an sdk chroot, which pulls down bzipped
archives. The runners have 2 CPUs, so this unpacking could be faster if we
installed lbzip2. Cork transparently uses lbzip2.
 2022-03-24 09:46:25 +01:00
Kai Lüke
9fdc34e13c Merge pull request #1750 from flatcar-linux/kai/go-binary-size 
eclass/coreos-go.eclass: strip Go binaries by default
 2022-03-23 21:39:26 +01:00
Krzesimir Nowak
d4850a6c86 coreos-devel/mantle: Bump to latest commit 2022-03-23 14:01:09 +01:00
Krzesimir Nowak
4a64240099 fixup! eclass/coreos-cargo: Ensure the modified config is valid TOML 2022-03-23 13:48:52 +01:00
Kai Lueke
e73121db37 eclass/coreos-go.eclass: strip Go binaries by default 
The size contains not only of the /usr partition but also the /boot
partition require that we reduce the size of binaries as much as
possible.
Strip all Go binaries by default.
 2022-03-23 13:11:15 +01:00
Krzesimir Nowak
090680dc6d Merge pull request #1746 from flatcar-linux/krnowak/emerge-gitclone-pr-fix 
coreos-base/emerge-gitclone: Pull PRs properly
 2022-03-22 19:47:43 +01:00
Krzesimir Nowak
97e608f538 coreos-base/emerge-gitclone: Pull PRs properly 
This usually doesn't happen for releases, but for development
dev-containers it might be the case that portage-stable or
coreos-overlay commit is specified as some pull request reference -
these need to be fetched differently, as refs from refs/pull usually
are not fetched by default.
 2022-03-22 16:21:07 +01:00
Mathieu Tortuyaux
21ef6d148d changelog: add entry 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-22 13:54:19 +01:00
Mathieu Tortuyaux
4f200d79ea profiles/coreos/base: enable fips across the OS 
only support by OpenSSL and Cryptsetup for now.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-22 13:43:14 +01:00
Krzesimir Nowak
7acca26ab6 coreos-base/afterburn: Add dependency on dev-libs/openssl 
The package depends on it through the openssl crate. Without openssl,
the package would fail to build because of missing header files.
 2022-03-22 10:26:03 +01:00
Krzesimir Nowak
14ec0b2456 eclass/coreos-cargo: Ensure the modified config is valid TOML 
We were appending the [build] section, and the updated cargo eclass
already added that to the config, so we ended up with having two
[build] sections in the config file. Try to amend the section instead
of appending it to the file. While at it, do the same with the
target.${RUST_TARGET} section too to be a bit more futureproof.
 2022-03-22 10:26:03 +01:00
Krzesimir Nowak
f302e69455 coreos-base/update-ssh-keys: Bump EAPI to 8 
EAPI 6 is too old for cargo eclass that gets inherited through
coreos-cargo.
 2022-03-22 10:26:03 +01:00
Krzesimir Nowak
ab735a5df4 coreos-base/afterburn: Bump EAPI to 8 
EAPI 6 is too old for cargo eclass that gets inherited through
coreos-cargo.
 2022-03-22 10:26:03 +01:00
Krzesimir Nowak
5eccaeb306 profiles: Update accept_keywords for dev-lang/nasm 
It is available for arm64 now, but still as unstable.
 2022-03-22 10:26:03 +01:00
Krzesimir Nowak
9dec83eaa9 profiles: Drop app-misc/jq from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-22 10:26:03 +01:00
Mathieu Tortuyaux
00cbb4bb25 profiles/base: accept tested version of cryptsetup 
it's required to pull fips support

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-22 09:55:19 +01:00
Krzesimir Nowak
32941dc278 Merge pull request #1712 from JAORMX/sssd-selinux-module 
Add sssd to list of SELinux modules enabled
 2022-03-21 18:20:08 +01:00
Dongsu Park
1385747481 Merge pull request #1742 from flatcar-linux/linux-5.15.30-main 
Upgrade Linux Kernel in main from 5.15.28 to 5.15.30
 2022-03-21 17:34:25 +01:00
Dongsu Park
62298daf6b Merge pull request #1743 from flatcar-linux/sayan/update-intel-microcode-20220207_p20220207 
sys-firmware/intel-microcode: update to 20220207_p20220207
 2022-03-21 13:57:22 +01:00
Dongsu Park
cf81bdd8ef sys-kernel/coreos-sources: delete patch for Reverting xfrm state 
The patch z0005-Revert-xfrm-state-... is already included in the
upstream v5.15.30. Delete the patch to fix build failures.
 2022-03-21 13:52:33 +01:00
Dongsu Park
ac8fcf7ea7 Merge pull request #1744 from flatcar-linux/sayan/update-pambase-20220214 
sys-auth/pambase: update stub version to 20220214
 2022-03-21 13:24:34 +01:00
Sayan Chowdhury
7e12481655 sys-auth/pambase: update stub version to 20220214 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-21 13:23:01 +01:00
Dongsu Park
1749d86e40 Merge pull request #1735 from flatcar-linux/sayan/update-pam-1.5.1_p20210622-r1 
sys-libs/pam: Update to 1.5.1_p20210622
 2022-03-21 13:21:37 +01:00
Dongsu Park
4e2bcfb9a6 changelog: add changelog for pam 1.5.1_p20210622 2022-03-21 13:19:33 +01:00
Sayan Chowdhury
8d4ee0f2d6 sys-libs/pam: Apply Flatcar patches 
-  sys-libs/pam: Make /sbin/unix_chkpwd suid

This is to avoid importing fcaps eclass which adds a dependency on
sys-libs/libcap, which in turn depends on sys-libs/pam. To get out of
this conundrum, we could specify a "-filecaps" use flag for
sys-libs/pam. Problem with this solution would be no capability
override for the binary making it unable to read /etc/shadow. Thus we
make the binary suid. This is strictly less secure than overriding its
capabilities, but I have no idea how to solve it in a less hacky way.

-  sys-libs/pam: Install configuration into /usr

Also provide a tmpfiles fragment to bring it back.

- sys-libs/pam: Locked accounts functionality

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-21 13:19:33 +01:00
Sayan Chowdhury
e1dfbe9862 sys-libs/pam: Update to 1.5.1__p20210622 
gentoo sync ref: a9be6b639c

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-21 13:19:29 +01:00
Kai Lüke
498c4a1ab5 Merge pull request #1737 from flatcar-linux/kai/mantle-bump 
coreos-devel/mantle: bump to latest commit
 2022-03-21 11:54:45 +01:00
Dongsu Park
b2711efd5e profiles: disable su USE flag for util-linux 
As sys-apps/shadow has its own su binary, sys-apps/util-linux should
not have its own su binary. Otherwise, build will simply fail.
Disable su USE flag for util-linux.
 2022-03-21 11:49:08 +01:00
Kai Lueke
d59d626d3b coreos-devel/mantle: bump to latest commit 
We have to update the commit ID now when a mantle PR gets merged
because the new pipeline uses it.
 2022-03-21 10:59:14 +01:00
Sayan Chowdhury
dce35b0a12 sys-firware/intel-microcode: Add the changelog entries for 20220207_p20220207 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-21 10:23:46 +01:00
Flatcar Buildbot
bfd4ba3a66 sys-kernel: Upgrade Kernel 5.15.28 to 5.15.30 2022-03-20 07:22:36 +00:00
Dongsu Park
f88785d939 Merge pull request #1736 from flatcar-linux/rust-1.59.0-main 
Upgrade dev-lang/rust in main from 1.58.1 to 1.59.0
 2022-03-18 18:07:20 +01:00
Dongsu Park
f21caf2d80 Merge pull request #1729 from flatcar-linux/firmware-20220310-main 
Upgrade Linux Firmware in main from 20220209 to 20220310
 2022-03-18 16:06:31 +01:00
Flatcar Buildbot
4bbf728449 dev-lang: Upgrade dev-lang/rust 1.58.1 to 1.59.0 2022-03-18 10:56:52 +00:00
Sayan Chowdhury
052c968ac8 sys-firmware/intel-microcode: Apply Flatcar patches 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-18 13:24:24 +05:30
Sayan Chowdhury
c3d8d35413 sys-firmware/intel-microcode: Sync with Gentoo upstream 
gentoo sync ref: b6146dcdce

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-18 13:21:57 +05:30
Kai Lüke
28b13f4448 Merge pull request #1713 from flatcar-linux/kai/no-lib-symlink 
Split lib and lib64 for sysext support
 2022-03-17 17:06:13 +01:00
Kai Lueke
00841774c9 changelog: add entry for lib and lib64 split 2022-03-17 17:03:16 +01:00
Kai Lueke
bfbf373f20 coreos-base/coreos-oem-gce: use usr/lib/systemd folder 
The lib64/systemd location only happened to work through the used
symlink on Flatcar. The standard location is lib/systemd.
Use the standard location as we now want to split the libs folders.
 2022-03-17 17:03:16 +01:00
Kai Lueke
bc9d7af985 sys-apps/systemd: enable systemd-sysext.service 
The systemd-sysext.service activates sysext images on boot.
Enable it by default.
 2022-03-17 17:03:16 +01:00
Kai Lueke
5fc316e775 coreos-base/coreos-init: add helper service to start sysext services 
This pulls in
https://github.com/flatcar-linux/init/pull/65
 2022-03-17 17:03:16 +01:00
Dongsu Park
9989de6963 Merge pull request #1725 from flatcar-linux/docker-20.10.13-main 
Upgrade Docker in main from 20.10.12 to 20.10.13
 2022-03-17 14:30:14 +01:00
Kai Lueke
ba8aeb992a coreos-base/coreos-init: create compatibility symlinks 
The split of /usr/lib64 into /usr/lib and /usr/lib64 means that paths
to /usr/lib64/X that worked before now wouldn't.
Therefore, create compatibility symlinks.
 2022-03-17 12:15:40 +01:00
Kai Lueke
c6e427d80d profiles: disable SYMLINK_LIB 
The profile Flatcar is on had SYMLINK_LIB set for amd64 which set up
(/usr)/lib as symlink to (/usr)/lib64. This is not the case for arm64
nor common in other recent distributions and causes systemd-sysext
loading to fail.
Disable SYMLINK_LIB for the amd64 board for now, leaving the SDK as is
but we could also set it for the SDK, too. A future profile update will
also bring this change.
 2022-03-17 12:12:46 +01:00
Kai Lueke
b3f4b641ce sys-apps/baselayout: force link creation in tmpfile rule 
The /lib symlink does not point to /usr/lib but instead points to
/usr/lib64 on current releases which have a single /usr/lib64 folder
and a symlink from /usr/lib to it. This means that when they update to
a release with a split lib vs. lib64 setup, the kernel modules are not
found because /lib/modules does not exist (because /lib still points
to /usr/lib64 instead of /usr/lib).
Force link recreation to match the new layout. The system will still be
able to rollback because the link to /usr/lib is still valid because
/usr/lib is itself a link that forwards to /usr/lib64.
 2022-03-17 12:11:11 +01:00
Dongsu Park
96d59a1d55 app-emulation/docker: remove unnecessary patch for etcd 
Now that Docker 20.10.13 updated its vendored etcd to 3.3.27, it is
not necessary any more to fix F_OFD_GETLK in etcd. Simply remove it.
 2022-03-17 10:24:49 +01:00
Juan Antonio Osorio
6dadefecfb Add SELinux flag for sssd build 
Signed-off-by: Juan Antonio Osorio <juan.osoriorobles@eu.equinix.com>
 2022-03-17 09:34:51 +02:00
Flatcar Buildbot
372c62308b sys-kernel: Upgrade Linux Firmware 20220209 to 20220310 2022-03-17 07:12:09 +00:00
Mathieu Tortuyaux
20cae0b0c3 Merge pull request #1727 from flatcar-linux/tormath1/openssl 
dev-libs/openssl: bump to 3.0.2
 2022-03-16 15:59:56 +01:00
Mathieu Tortuyaux
dfbd94b035 changelog: add entries 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-16 11:07:42 +01:00
Mathieu Tortuyaux
f71a2f9e31 dev-libs/openssl: Apply Flatcar modifications 
- remove unecessary files
- drop `pkg_postint`
- create `/etc/ssl` with tmpfiles
- mark openssl as stable for arm64 and amd64

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-16 11:03:49 +01:00
Mathieu Tortuyaux
d01e5e7fa3 dev-libs/openssl: sync with ::gentoo 
Commit-Ref: ca7cd67308

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-16 10:52:22 +01:00
Flatcar Buildbot
d344be8799 app-emulation: Upgrade Docker 20.10.12 to 20.10.13 2022-03-16 07:46:49 +00:00
Jeremi Piotrowski
52971dee4b changelog: add entry for revert which fixes AWS m4 networking 2022-03-15 19:35:56 +01:00
Jeremi Piotrowski
38680b5b7a sys-kernel/coreos-sources: revert commit which breaks networking on M4 instances 
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-03-15 19:35:56 +01:00
Krzesimir Nowak
d784aa9238 coreos-base/update_engine: Drop unused alias 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
833d18a78b profiles: Add accept_keywords for app-crypt/rhash 
So the version used for the potential arm64 SDK is the same as in
amd64 SDK.
 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
9e6d34f929 profiles: Drop outdated use flag for dev-libs/protobuf 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
7f38b34ca0 profiles: Drop dev-libs/libusb from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
93237a0bf4 profiles: Drop dev-libs/libassuan from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
2021223762 profiles: Drop sys-fs/quota from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
464d0fdcd4 profiles: Update accept_keywords for app-crypt/efitools 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
8bdb5b4216 profiles: Drop sys-apps/sandbox from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
1c4c5d0a3d profiles: Drop dev-cpp/gflags from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-15 17:55:25 +01:00
Jeremi Piotrowski
ae1ca7a804 Merge pull request #1718 from flatcar-linux/linux-5.15.28-main 
Upgrade Linux Kernel in main from 5.15.27 to 5.15.28
 2022-03-15 14:17:50 +01:00
Kai Lueke
94254e2afb sys-kernel/bootengine: re-add missing modules 
This pulls in
https://github.com/flatcar-linux/bootengine/pull/40
to add the kernel modules back that disappeared compared to Stable
3033.x.y with the 5.10 kernel.
 2022-03-15 11:38:51 +01:00
Flatcar Buildbot
14e9176fa4 sys-kernel: Upgrade Kernel 5.15.27 to 5.15.28 2022-03-12 07:22:35 +00:00
Mathieu Tortuyaux
1bb3bd5375 Merge pull request #1707 from flatcar-linux/tormath1/gcp 
ignition: support `gce` as OEM ID
 2022-03-11 17:48:43 +01:00
Kai Lüke
0257fa3d84 Merge pull request #1710 from flatcar-linux/kai/ignition-link-translate 
sys-apps/ignition: fix link translation
 2022-03-11 13:23:34 +01:00
Kai Lueke
344dbf2eb0 sys-apps/ignition: fix link translation 
This pulls in https://github.com/flatcar-linux/ignition/pull/38
for https://github.com/flatcar-linux/ign-converter/pull/5
to fix https://github.com/flatcar-linux/Flatcar/issues/666 which
is about a failing translation due to a too strict check.
 2022-03-11 13:23:01 +01:00
Dongsu Park
2b21cde4d8 changelog: add security changelog for Go 1.17.8 
Add missing security changelog CVE-2022-24921 for Go 1.17.8.
 2022-03-11 10:13:22 +01:00
Dongsu Park
83c5075143 Merge pull request #1704 from flatcar-linux/vmware-12.0.0-main 
Upgrade open-vm-tools in main from 11.3.5 to 12.0.0
 2022-03-11 09:36:43 +01:00
Mathieu Tortuyaux
a38d49869d coreos-base/coreos-init: convert back gcp to gce 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-10 11:30:49 +01:00
Mathieu Tortuyaux
ce5042743c sys-kernel/bootengine: convert gce to gcp 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-10 11:30:49 +01:00
Dongsu Park
3d3acd7a98 app-emulation/open-vm-tools: add USE flags salt-minion 
For open-vm-tools 12.0.0, add a new USE flag salt-minion.
Pass `--disable-containerinfo` to fix build issues, because it is
currently not trivial to import dependency libs grpc++ into Flatcar.
 2022-03-10 10:35:05 +01:00
Dongsu Park
461edca2d5 app-emulation/open-vm-tools: remove FUSE addition from patches 
Since open-vm-tools 12.0.0 already supports its native fuse detection
mechanism, we do not need to add another check for fuse to configure.ac.
 2022-03-10 10:35:05 +01:00
Flatcar Buildbot
8076f1638c app-emulation: Upgrade open-vm-tools 11.3.5 to 12.0.0 2022-03-10 10:35:05 +01:00
Krzesimir Nowak
90615c215e profiles: Drop dev-perl/Text-Unidecode from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
045a3e6769 profiles: Drop sys-libs/efivar from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
c6ce357d02 profiles: Sync app-eselect/eselect-pinentry version 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
31ac287ea3 profiles: Drop net-nds/rpcbind from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
9412c64ba3 profiles: Drop sys-boot/efibootmgr from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
34becb7f43 profiles: Drop virtual/krb5 from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
935353ffa6 profiles: Drop net-misc/socat from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
be20b0611b profiles: Update accept_keywords for dev-util/checkbashisms 
It's stable for amd64, but still unstable for arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
6e2cdb223c profiles: Drop dev-libs/libevent from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
c550349cb1 profiles: Drop sys-fs/dosfstools from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
03558679ab profiles: Drop virtual/libusb from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
74c48fb57d profiles: Drop sys-block/thin-provisioning-tools from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
22a4df6c05 profiles: Drop sys-fs/lsscsi from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
50e5de95c2 profiles: Drop sys-apps/man-db from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
ef8be94860 Merge pull request #1706 from flatcar-linux/linux-5.15.27-main 
Upgrade Linux Kernel in main from 5.15.25 to 5.15.27
 2022-03-09 17:15:38 +01:00
Dongsu Park
494ff08e9b Merge pull request #1696 from flatcar-linux/cacerts-3.76-main 
Upgrade ca-certificates in main from 3.75 to 3.76
 2022-03-09 14:44:27 +01:00
Jeremi Piotrowski
752d197781 Merge pull request #1700 from flatcar-linux/jepio/remove-rng-tools 
coreos-base/coreos: remove rng-tool dependency
 2022-03-09 14:11:26 +01:00
Jeremi Piotrowski
617f619c68 changelog: add entry for rngd.service removal 
The user visible effect of rng-tool removal is that rngd is no longer
started in the initramfs.
 2022-03-09 13:06:07 +01:00
Dongsu Park
9f7fe58ac1 Merge pull request #1691 from flatcar-linux/containerd-1.6.1-main 
Upgrade Containerd in main from 1.6.0 to 1.6.1
 2022-03-09 09:11:35 +01:00
Dongsu Park
bec04a986a changelog: add changelog for containerd 1.6.1 2022-03-09 09:09:23 +01:00
Flatcar Buildbot
fb8008aafe sys-kernel: Upgrade Kernel 5.15.25 to 5.15.27 2022-03-09 07:23:52 +00:00
Jeremi Piotrowski
b58f674576 Merge pull request #1690 from flatcar-linux/jepio/oem-azure-dep-fix 
Fix arm64 build after pro oem merge
 2022-03-08 18:41:53 +01:00