The systemd.eclass was not finding the systemd pkg-config file to
figure out the system unit directory, so it was falling back to a
hardcoded default (`/lib/systemd/system`). In one case (when
overriding the `default.target` symlink), we tried to fix that by
specifying the `PKG_CONFIG_LIBDIR` environment variable, but that
still did not help.
Using functions from `systemd.eclass` in a systemd ebuild is working
only by chance here. This eclass is usually meant for ebuilds that
depend on systemd and rely on systemd being already installed in the
root filesystem.
The functions in `systemd.eclass` that need to figure out some values
from systemd's pkg-config file (like system unit directory) assume
that systemd is already installed in the root filesystem, which is not
the case when we actually are building and installing systemd.
To add an insult to the injury, `systemd.eclass` is not using
pkg-config directly, but rather a shell script that wraps pkg-config
(for example `/usr/bin/x86_64-cros-linux-gnu-pkg-config`). The script
clobbers the environment variables like `PKG_CONFIG_PATH` or
`PKG_CONFIG_LIBDIR`, which is why overriding them did not work when
fixing up the `default.target` symlink. Thus `systemd.eclass` was
actually falling back to a hardcoded default value. The only way to
control the script is through either SYSROOT or ROOT environment
variables. So do so.
This fixes merging the installed files into root file system using a
newer version of portage. The failure was that systemd build system
installs the `default.target` symlink in `/usr/lib/systemd/system`
pointing to `graphical.target`, while we later try to override it to
point it to `multi-user.target`. But instead of overriding a symlink,
we installed a new symlink in `/lib/systemd/system`. Both `/lib` and
`/usr/lib` are separate directories in the temporary installation
directory, but in root filesystem, both are symlinks pointing to the
same directory. Which means that we ended up with two different
symlinks in temporary installation directory, and the new portage
version could not decide which one to use during the merge into the
root filesystem. I'm not sure what old portage version did here,
likely worked by chance too.
The security patch that was brought in has stricter permission checks
which cause the service to fail:
ERROR: TCSD config file (/etc/tcsd.conf) must be user/group root/tss
Set the expected file ownership and permissions.
https://github.com/kinvolk/Flatcar/issues/335
Now that `dev-libs/nss` is removed from the depencencies list of
hard-host-depends, SDK does not include `dev-libs/nspr` any more.
As a result, `dev-lang/spidermonkey` fails to build, because it requires
`dev-libs/nspr` in the SDK. It is not sufficient to have nspr under
`/build/amd64-usr`.
Add `dev-libs/nspr` back to the dependencies of `hard-host-depends`,
to make it included in the SDK.
This change adds a new flatcar-eks package, that ships with all scripts
needed to join a Flatcar instance to an EKS cluster.
It includes the bootstrap.sh script used on Amazon Linux, to keep
compatibility with existing provisioning tools.
The package is included from the oem-ec2-compat package, when the board
is aws_pro, and it's part of board-packages, so that it's built by the
os/board/packages job.
It used to be a dependency of upstart and ureadahead, both dropped
long long time ago. Also drop nih-dbus-tool, which was built from
upstart too.
Found this out when updated profiles in portage-stable masked the
library.
Replace the use of deprecated git eclass with git-r3 and bump the
commit version to latest version. This version dropped a dependency on
jq.
It is a breaking change for users of mkova.sh, since it has changed
the order of parameters to allow passing multiple vmdk files to it.
When building `net-libs/nghttp2` needed by curl 7.74, build fails
when checking for prerequisites of boost libs.
```
configure:20402: checking whether the Boost::ASIO library is available
configure:20433: x86_64-cros-linux-gnu-g++ -std=c++14 -c -O2 -pipe
-mtune=generic -g conftest.cpp >&5
configure:20433: $? = 0
configure:20447: result: yes
configure:20540: error: Could not find a version of the library!
```
To avoid such issues, we should disable the `cxx` USE flag for
`net-libs/nghttp2`.
It's really a hindrance during bootstrap, and we would be looking into
ways of making an exception for openssl anyway. Using
package.accept_restrict file does not do the trick, apparently because
of catalyst using its own portage config.
It seems that there is no "kernel" mirror specified in third party
mirrors files in profiles any more. And gentoo seems to have switched
to direct kernel.org URLs anyway, probably because kernel.org is using
also some mirroring system, so we don't have to. Also, this syslinux
version is quite old, so if its tarball ever was on distfiles mirror,
it's gone by now.
The target methods have undergone significant refactoring. The return
value is no longer a TargetResult, it's just a Target. And also the
vendor is now part of the options.
When Docker/containerd binaries are compiled with Go 1.15 the
containers generate many signal 23 (SIGURG) events which flood
monitoring systems:
https://github.com/kubernetes/kops/issues/10388
The SIGURG signal does not kill the process but is generated by Go
runtime scheduling:
https://go.googlesource.com/proposal/+/master/design/24543-non-cooperative-preemption.md)
Because the Go runtime does not know if the process expects external
SIGURG signals, the signal is not filtered out but reported to the
process: https://github.com/golang/go/issues/37942
The process has to filter this signal out itself before forwarding it
to, e.g,. children processes or logs.
This change was introduced with the Go 1.15 update (actually Go 1.14
but Flatcar skipped that for Stable), however, while containerd has
some workarounds in place, e.g., in
https://github.com/containerd/containerd/pull/4532 but there are still
areas where the signal is not handled correctly.
Until this is the case, downgrade to use the Go 1.13 compiler for
Docker/containerd binaries.
See https://github.com/kinvolk/Flatcar/issues/315
So far all sed expressions have used correct regular expressions around
semantic versions, around `.`. As a result, they matched strings even
without correct dots in place.
We need to escape the dot correctly.
Since Kernel 5.10, Github Actions simply stopped working.
What happens is that `KV_MAIN` gets passed as environmental variable to
the inline script, but not as string but float, because it contains `.`.
Apparently the last digit of the misinterpreted float number is
afterwards simply dropped by YAML parsing library used by GA.
As a result, `KV_MAIN` becomes `5.1` instead of `5.10`, `versionMain`
becomes simply `5.10`, not `5.10.6`. Then in the next steps,
both `VERSION_NEW` and `VERSION_OLD` become `5.10`, and the script
thinks it is already the latest version, so simply does not create a new
pull request.
It was not an issue when Kernel version is <= 5.9, because no digit
got dropped from the variable. Now the hidden issue was uncovered.
Simply set `KV_MAIN` or others explicitly as strings, by adding quotes,
to avoid such issues.
