mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-18 21:11:08 +02:00
Code Issues Packages Projects Releases Wiki Activity
9,905 Commits 625 Branches 396 Tags
Commit Graph

8040 Commits

Author SHA1 Message Date
Dongsu Park
1f9c794749 Merge pull request #1022 from kinvolk/sayan/update-binutils-2.36 
profiles,sys-boot: fix grub2 for binutils 2.36
 2021-05-21 10:04:43 +02:00
Dongsu Park
430a8eafcc Merge pull request #1006 from kinvolk/containerd-1.5.1-main 
Upgrade Containerd in main from 1.4.4 to 1.5.2
 2021-05-21 09:28:10 +02:00
Dongsu Park
80e8ad9b35 Merge pull request #1021 from kinvolk/runc-1.0.0_rc95-main 
Upgrade Runc in main from 1.0.0_rc93 to 1.0.0_rc95
 2021-05-21 09:27:23 +02:00
Kai Lüke
4272466762 Merge pull request #1020 from kinvolk/linux-5.10.38-main 
Upgrade Linux Kernel in main from 5.10.37 to 5.10.38
 2021-05-20 16:48:48 +02:00
Dongsu Park
5700fa12e6 app-emulation/containerd: update to 1.5.2 2021-05-20 15:57:16 +02:00
Dongsu Park
e63de2ea31 app-emulation/containerd: set GOFLAGS to -mod=vendor 
Since containerd 1.5 started to turn on Go module, we need to pass
`-mod=vendor` to the go build command.
Otherwise, go build will fail because it would try to fetch missing
go deps from remote repos. It would not work inside of sandbox.

We cannot set `COREOS_GO_MOD=vendor` because containerd ebuild calls
`emake` instead of `go_build`.
 2021-05-20 15:56:39 +02:00
Flatcar Buildbot
8a0da2857b app-emulation: Upgrade Containerd 1.4.4 to 1.5.1 2021-05-20 14:13:45 +02:00
Dongsu Park
63031a2ebc app-emulation/docker-runc: adjust patches for 1.0.0-rc95 2021-05-20 14:07:09 +02:00
Flatcar Buildbot
b02b5cd0e6 app-emulation: Upgrade Runc 1.0.0_rc93 to 1.0.0_rc95 2021-05-20 13:43:39 +02:00
Dongsu Park
67b3af83f3 Revert "app-emulation/docker-runc: Embargoed patch for CVE-2021-30465" 
This reverts commit 66f77b50879dded97b48c8f95277f18c6089022c.
 2021-05-20 13:43:39 +02:00
Dongsu Park
447212cb30 sys-boot/grub: fix build error with binutils 2.36 
With binutils 2.36, build of grub fails like that:

```
ld: section .note.gnu.property VMA [0000000000400158,0000000000400187]
overlaps section .bss VMA [000000000000e000,000000000041d207]
```

It is caused by assembler, as it generates the GNU property notes section
by default. Use the assmbler option `-mx86-used-note=no` to disable the
section from being generated to workaround the ensuing linker issue.

Patch was originally written by OpenSUSE.

https://sourceware.org/bugzilla/show_bug.cgi?id=27377
https://bugzilla.opensuse.org/show_bug.cgi?id=1181741
https://build.opensuse.org/package/view_file/Base:System/grub2/0001-Fix-build-error-in-binutils-2.36.patch
 2021-05-20 09:27:49 +02:00
Sayan Chowdhury
1f7935ec72 profiles: Update the package accept_keywords 
Signed-off-by: Sayan Chowdhury <sayan.chowdhury2012@gmail.com>
 2021-05-20 09:25:30 +02:00
Dongsu Park
58ed505831 sys-kernel/coreos-firmware: fix broken symlinks to cxgb4 firmware files 
Since coreos-firmware 20210511, `cxgb4/t[4-6]fw*.bin` files have a new
version '1.25.4.0'. We need to update the file name pointed by symlinks.
Otherwise build fails due to broken symlinks.
 2021-05-20 09:18:49 +02:00
Flatcar Buildbot
aa5a113a3a sys-kernel: Upgrade Linux Firmware 20210315 to 20210511 2021-05-20 09:18:49 +02:00
Flatcar Buildbot
cbc07cd946 sys-kernel: Upgrade Kernel 5.10.37 to 5.10.38 2021-05-20 07:14:42 +00:00
Kai Lüke
9d8aa1a9a9 app-emulation/docker-runc: Embargoed patch for CVE-2021-30465 2021-05-19 22:52:27 +02:00
Dongsu Park
d7dbc6dde7 Merge pull request #997 from kinvolk/rust-1.52.1-main 
Upgrade dev-lang/rust in main from 1.51.0 to 1.52.1
 2021-05-17 19:37:30 +02:00
Dongsu Park
116fec4eef Merge pull request #1011 from kinvolk/linux-5.10.37-main 
Upgrade Linux Kernel in main from 5.10.34 to 5.10.37
 2021-05-17 16:19:14 +02:00
Kai Lüke
9f796021f9 sys-kernel/bootengine: network, don't manage the loopback interface 
This pulls in a change in the systemd network unit to ignore the
loopback interface instead of managing its state which sometimes causes
the address to be lost.
https://github.com/kinvolk/bootengine/pull/24
 2021-05-17 15:30:48 +02:00
Kai Lüke
5916bfbfa9 coreos-base/coreos-init: systemd/network, don't manage the loopback interface 
This pulls in a change in the systemd network unit to ignore the
loopback interface instead of managing its state which sometimes causes
the address to be lost.
https://github.com/kinvolk/init/pull/40
 2021-05-17 15:30:47 +02:00
Kai Lüke
81926e26ae Merge pull request #1007 from kinvolk/kai/detect-device-mapper 
coreos-base/coreos-init: flatcar-install, detect device mapper usage
 2021-05-17 14:29:07 +02:00
Kai Lüke
18be162b54 coreos-base/coreos-init: flatcar-install, detect device mapper usage 
This pulls in a behavior change in the flatcar-install script to
detect if a disk is used through a device mapper entry when searching
for free disks with -s.
https://github.com/kinvolk/init/pull/39

Fixes https://github.com/kinvolk/Flatcar/issues/332
 2021-05-17 12:39:22 +02:00
Flatcar Buildbot
28cf344ca8 dev-lang: Upgrade dev-lang/rust 1.51.0 to 1.52.1 2021-05-17 12:25:40 +02:00
Sayan Chowdhury
d1c2b78f42 x11-drivers/nvidia-{drivers,metadata}: Update the version to 460.73.01 
Update nvidia-drivers and nvidia-metadata to address security issues:
* CVE-2021-1052
* CVE-2021-1053
* CVE-2021-1056
* CVE-2021-1076
* CVE-2021-1077

Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
 2021-05-17 12:11:58 +02:00
Flatcar Buildbot
825d15b932 sys-kernel: Upgrade Kernel 5.10.34 to 5.10.37 2021-05-15 07:12:54 +00:00
Dongsu Park
feec17561b sys-apps/dbus: apply Flatcar patches 
* Drop the dependency on `sec-policy/selinux-dbus`
* Drop machine-id generation
* Stabilize both keywords `amd64` and `arm64` to build it.
* Do not add a third-party patch for CVE-2019-12749 again, as the fix is
  already included in dbus >= 1.10.29.

Loosely based on a409238795c44dabfd16e466c8433a89f5f0844f and
e458211c8418462f4bd4d4536dc96f62380a22cf .
 2021-05-11 10:07:02 +02:00
Dongsu Park
5eb623c758 sys-apps/dbus: update to 1.10.32 
Update dbus to 1.10.32, mainly to address CVE-2020-35512.
It is based on commit 71a58ff8b6cebe8b9e8aeddaf93185ecb52bdb8c of
Gentoo.
 2021-05-10 14:31:27 +02:00
Flatcar Buildbot
230d65d7e5 dev-lang: Upgrade Go 1.16.3 to 1.16.4 2021-05-10 07:29:36 +00:00
Flatcar Buildbot
04e4324f55 sys-kernel: Upgrade Kernel 5.10.32 to 5.10.34 2021-05-03 07:13:41 +00:00
Dongsu Park
c3e3a9c785 Merge pull request #972 from kinvolk/go-1.16.3-main 
Upgrade Go in main from 1.16.2 to 1.16.3
 2021-04-30 09:17:46 +02:00
Sayan Chowdhury
a61c06f47c Merge pull request #978 from kinvolk/sayan/update-systemd-247.6 
sys-app/systemd: Update systemd 247.6
 2021-04-27 20:59:49 +05:30
Sayan Chowdhury
1878be0226 sys-app/systemd: Update systemd 247.6 
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
 2021-04-27 20:34:28 +05:30
Sayan Chowdhury
c7cebb556b profiles: Update the accept keywords for curl 7.76.1 
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
 2021-04-27 19:57:11 +05:30
Sayan Chowdhury
b47b8b18b2 Merge pull request #973 from kinvolk/sayan/update-openldap-2.4.58 
profiles: Add accept keywords for openldap
 2021-04-26 22:41:59 +05:30
Sayan Chowdhury
1d6e8353fd Merge pull request #971 from kinvolk/sayan/fix-systemd-tasksmax-patch 
sys-apps/systemd: Fix the patch to update DefaultTasksMax
 2021-04-26 20:01:31 +05:30
Sayan Chowdhury
5b20d5400e sys-apps/systemd: Fix the patch to update DefaultTasksMax 
The upstream changed the way the default percentage value, and
make the property partially dynamic.

Upstream ref: https://github.com/systemd/systemd/pull/14007

Fixes #382

Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
 2021-04-26 19:33:15 +05:30
Sayan Chowdhury
eeb1964d2b Merge pull request #964 from kinvolk/sayan/update-to-qemu-5.2.0 
app-emulation: update qemu to 5.2.0
 2021-04-26 17:11:35 +05:30
Flatcar Buildbot
c1582b4c19 dev-lang: Upgrade Go 1.16.2 to 1.16.3 2021-04-26 07:29:05 +00:00
Sayan Chowdhury
dc9e44acf9 profiles: Add accept keywords for openldap 
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
 2021-04-26 06:45:00 +00:00
Dongsu Park
32db49b027 Merge pull request #970 from kinvolk/linux-5.10.32-main 
Upgrade Linux Kernel in main from 5.10.31 to 5.10.32
 2021-04-23 19:01:49 +02:00
Sayan Chowdhury
48cf59679c app-emulation/qemu: Apply Flatcar patches 
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
 2021-04-23 11:33:08 +00:00
Sayan Chowdhury
45110250e9 app-emulation/qemu: Sync with Gentoo upstream 
Link1: 3452fc9c05

Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
 2021-04-23 11:33:06 +00:00
Kai Lüke
f39655a823 Merge pull request #965 from kinvolk/kai/drop-rkt 
Drop app-emulation/rkt and app-admin/kubelet-wrapper
 2021-04-23 12:40:04 +02:00
Kai Lüke
0a0889852d Merge pull request #958 from kinvolk/kai/gce-oem-nspawn 
coreos-base/oem-gce: use systemd-nspawn to run the GCE daemon
 2021-04-23 12:39:36 +02:00
Flatcar Buildbot
349473393c sys-kernel: Upgrade Kernel 5.10.31 to 5.10.32 2021-04-22 07:15:14 +00:00
Kai Lüke
407c665d51 Drop app-emulation/rkt and app-admin/kubelet-wrapper 
The rkt container runtime is deprecated and not used anymore except
for the kubelet-wrapper script. This script can't be ported to Docker
because it is used by the user with rkt-specific arguments and it is
only a wrapper around the deprecated hyperkube images (and has been
broken for the last K8s releases). The recommended way is to run the
kubelet binary directly on the host.
 2021-04-22 00:09:04 +02:00
Kai Lüke
bc5e02d65e coreos-base/oem-gce: use systemd-nspawn to run the GCE daemon 
The GCE daemon container was run with rkt from an ACI tar ball.
To replace rkt with systemd-nspawn, extract the tar ball to an
image and run the daemon as systemd-nspawn container.
 2021-04-21 17:44:01 +02:00
Marga Manterola
d20a30d6c8 Merge pull request #961 from kinvolk/marga-kinvolk/optional-hostname 
sys-kernel/bootengine: make hostname units optional
 2021-04-21 16:32:34 +02:00
Dongsu Park
8a54f23394 Merge pull request #960 from kinvolk/dongsu/gnutls-3.7.1 
profiles: accept keywords for net-libs/gnutls
 2021-04-21 11:06:26 +02:00
Margarita Manterola
2b7b075998 sys-kernel/bootengine: make hostname units optional 
Having the hostname units as required by the initrd.target meant that if
the unit failed (for example because the network was or the metadata
service were down), the machine wouldn't start. By making it a "wants"
rather than a "requires" we allow this unit to fail without disrupting
the whole boot.
 2021-04-20 18:25:41 +02:00