mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-14 08:26:57 +02:00
Code Issues Packages Projects Releases Wiki Activity
28,798 Commits 619 Branches 394 Tags 163 MiB
85d76d4480
Commit Graph

28798 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Flatcar Buildbot
85d76d4480 app-crypt/gpgme: Sync with Gentoo 
It's from Gentoo commit 3dc06f563bff6d3e3fa81a66914362da1b15b45c.
 2024-11-18 17:05:06 +01:00
Flatcar Buildbot
23712bc3e4 app-crypt/gnupg: Sync with Gentoo 
It's from Gentoo commit 46573bad4a55a674fb24b26ec74565e988c44811.
 2024-11-18 17:05:06 +01:00
Flatcar Buildbot
0d2da09a2b app-containers/runc: Sync with Gentoo 
It's from Gentoo commit 76279d909346945aabe1fd8a54ca85f69f8cc6d1.
 2024-11-18 17:05:06 +01:00
Flatcar Buildbot
53970e3162 app-containers/podman: Sync with Gentoo 
It's from Gentoo commit 0fe064610dd3ae7e01ac4715904b0ef51f95d218.
 2024-11-18 17:05:06 +01:00
Flatcar Buildbot
5966be24fb app-containers/netavark: Sync with Gentoo 
It's from Gentoo commit 01ba4dc61965ef7658a24728841c04c9a1ce4871.
 2024-11-18 17:05:06 +01:00
Flatcar Buildbot
2c7b663582 app-containers/docker-cli: Sync with Gentoo 
It's from Gentoo commit 3f2c4112f9c886a3101b67a0808be6ce5470122c.
 2024-11-18 17:05:06 +01:00
Flatcar Buildbot
c976d3f9bd app-containers/docker: Sync with Gentoo 
It's from Gentoo commit 451103c2b42be976a005295aff6e1ca27674fa59.
 2024-11-18 17:05:06 +01:00
Flatcar Buildbot
2e4df3f5b3 app-containers/containers-storage: Sync with Gentoo 
It's from Gentoo commit 48e607e81b2b9310a950649c1884e4c02dc55184.
 2024-11-18 17:05:06 +01:00
Flatcar Buildbot
ddcf73a95f app-containers/aardvark-dns: Sync with Gentoo 
It's from Gentoo commit 01ba4dc61965ef7658a24728841c04c9a1ce4871.
 2024-11-18 17:05:06 +01:00
Flatcar Buildbot
8a6678680e app-arch/xz-utils: Sync with Gentoo 
It's from Gentoo commit 24432545a95393f99c34edbc780fc3b9892161d7.
 2024-11-18 17:05:06 +01:00
Flatcar Buildbot
27ef54ec83 app-arch/libarchive: Sync with Gentoo 
It's from Gentoo commit bd301c58e9c48c802f6889448d308131d24f431a.
 2024-11-18 17:05:06 +01:00
Flatcar Buildbot
069ca8163f app-arch/cpio: Sync with Gentoo 
It's from Gentoo commit 5f3aae3b1196484405b16d3954149c2eacbf0192.
 2024-11-18 17:05:06 +01:00
James Le Cuirot
d35954ca15
app-crypt/azure-keyvault-pkcs11: Bump to new pre-release for HSM support 
This one includes all the renaming for Azure Key Vault.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
 2024-11-18 13:33:12 +00:00
Mathieu Tortuyaux
06cc001648
Merge pull request #2449 from flatcar/linux-6.6.62-main 
Upgrade Linux Kernel for main from 6.6.60 to 6.6.62
 2024-11-18 14:32:08 +01:00
Flatcar Buildbot
90a0165d79 sys-kernel/coreos-sources: Update from 6.6.60 to 6.6.62 2024-11-18 07:08:07 +00:00
flatcar-ci
d3483178a0 New version: main-4154.0.0-nightly-20241114-2100 2024-11-14 21:00:24 +00:00
Mathieu Tortuyaux
13c2791c70
Merge pull request #2443 from flatcar/firmware-20241110-main 
Upgrade Linux Firmware in main from 20241017 to 20241110
 2024-11-14 21:12:08 +01:00
James Le Cuirot
8599de506f
Merge pull request #2441 from flatcar/chewi/akv-signing 
Add (temporary) signed shim and sign official builds with Azure Key Vault
 2024-11-14 10:58:19 +00:00
Flatcar Buildbot
f9ba1fbaf3 sys-kernel/coreos-firmware: Update from 20241017 to 20241110 2024-11-14 07:05:27 +00:00
flatcar-ci
7166dbd551 New version: main-4153.0.0-nightly-20241113-2100 2024-11-13 21:00:25 +00:00
Sayan Chowdhury
58b7eac621
sys-boot/shim: Add the README for the shim repo 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2024-11-13 23:55:34 +05:30
James Le Cuirot
101efbff39
Temporarily undo AKV signing while we complete the shim review 
We don't want to be blocked from doing releases in the meantime. Revert
this commit when ready.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
 2024-11-13 12:19:24 +00:00
James Le Cuirot
2853c77c66
ci-automation: Allow the arm64 tests to run on qemu_uefi_secure 
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
 2024-11-13 12:19:23 +00:00
James Le Cuirot
d8a8704f92
Refactor SB signing code and sign official builds with Azure Key Vault 
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
 2024-11-13 12:19:22 +00:00
James Le Cuirot
0eb1d4a287
grub_install.sh: Remove redundant BOARD_GRUB logic 
We always use the board's GRUB now.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
 2024-11-13 12:19:21 +00:00
James Le Cuirot
e3c524c91d
app-crypt/p11-kit: Use unstable 0.25.5 because we need --provider option 
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
 2024-11-13 12:19:20 +00:00
James Le Cuirot
13516911f1
app-crypt/p11-kit: Sync and move from coreos-overlay to portage-stable 
The cross issues that were previously addressed by our fork are no
longer an issue since p11-kit migrated to Meson.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
 2024-11-13 12:19:19 +00:00
James Le Cuirot
7b0a1ae4f9
coreos-devel/sdk-depends: Add azure-keyvault-pkcs11 and p11-kit 
p11-kit is a dependency of azure-keyvault-pkcs11, but we will also use
it directly to fetch the certificate from Azure Key Vault.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
 2024-11-13 12:19:18 +00:00
Sayan Chowdhury
2d73ea8fa1
profiles: Add the azure-keyvault-pkcs11 to accept_keywords 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2024-11-13 12:19:17 +00:00
Sayan Chowdhury
987a3e675f
app-crypt/azure-keyvault-pkcs11: Add new package 
It hasn't been added to Gentoo yet.
 2024-11-13 12:19:16 +00:00
Sayan Chowdhury
8ebf73f6aa
dev-cpp/azure-identity: Add from Gentoo 
It's from Gentoo commit 82ec02943f7f0ddaa87f623cee138608571a3978.
 2024-11-13 12:19:14 +00:00
Sayan Chowdhury
ecb2ee89a1
dev-cpp/azure-security-keyvault-keys: Add from Gentoo 
It's from Gentoo commit 768b3c1959debce15854362ff7db176cda76c055.
 2024-11-13 12:19:13 +00:00
Sayan Chowdhury
b8609dc2a0
dev-cpp/azure-security-keyvault-certificates: Add from Gentoo 
It's from Gentoo commit 69e4044b72d971f5603df77793db86c40e582e2e.
 2024-11-13 12:19:12 +00:00
Sayan Chowdhury
8dc736d755
dev-cpp/azure-core: Add from Gentoo 
It's from Gentoo commit d286faf494dcb60f81f0de921fa623d952962fc1.
 2024-11-13 12:19:11 +00:00
Sayan Chowdhury
a15ff23bdb
shim, shim-signed: Move the packages from SDK to BOARD packages 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2024-11-13 12:19:10 +00:00
James Le Cuirot
b401cee2a9
sys-boot/shim-signed: Add shim-signed package to place signed binaries 
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
 2024-11-13 12:19:09 +00:00
Sayan Chowdhury
761bc04a19
sys-boot/shim: Append the suffix to the shim binary 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2024-11-13 12:19:08 +00:00
Sayan Chowdhury
02c0bdaa28
sys-boot/shim: Include @@VERSION@@ in SBAT for version 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2024-11-13 12:19:07 +00:00
Sayan Chowdhury
eef935e596
sys-boot/shim: Add the SBAT data to shim binary 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2024-11-13 12:19:06 +00:00
Sayan Chowdhury
b8f290bae4
sys-boot/shim: Add a use flag to use a DER files for shim builds 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2024-11-13 12:18:44 +00:00
James Le Cuirot
d18a373cb7
Merge pull request #2442 from flatcar/chewi/root-deps 
Drop --root-deps and --root-deps=rdeps emerge options
 2024-11-13 09:19:23 +00:00
Flatcar Buildbot
6cb21a37e1
sys-apps/portage: Sync with Gentoo 
It's from Gentoo commit ba2693dfc0f0f5535e6371c4e4d19806109537c9.
 2024-11-12 22:08:27 +00:00
James Le Cuirot
ac9c3753b3
Drop --root-deps option from board emerge wrappers 
This option used to install build dependencies to ROOT instead of /.
This never made much sense, so the option was rendered ineffective from
EAPI 7. The number of ebuilds with older EAPIs has since dwindled to
nothing.

A recent Portage change has made this option now install build
dependencies to ROOT as well as / because this can actually be useful
and doesn't cause breakage.

However, it does make us more prone to cyclic dependencies when
initially populating the board roots. There is no reason for us to use
this option though because its main purpose is to ensure the target
environment has everything it needs to rebuild itself. Given that the
option didn't do anything recently, we evidently don't even require this
for the developer container.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
 2024-11-12 22:08:26 +00:00
James Le Cuirot
a76d1b3f1b
Drop all instances of ineffective --root-deps=rdeps option 
This option became ineffective with EAPI 7 and all trace of older EAPIs
has now gone.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
 2024-11-12 22:08:21 +00:00
flatcar-ci
9085e02c75 New version: main-4152.0.0-nightly-20241112-2100 2024-11-12 21:00:29 +00:00
James Le Cuirot
00968ba291
Merge pull request #2434 from flatcar/chewi/new-firmware 
Switch from raw to QCOW2 and 2MB to 4MB firmware, adjust firmware variables creation
 2024-11-12 12:35:17 +00:00
James Le Cuirot
010afcd35d
sys-boot/mokutil: Install on arm64 now that it supports Secure Boot 
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
 2024-11-12 12:02:01 +00:00
James Le Cuirot
5125317506
coreos-base/coreos-sb-keys: Drop unnecessary PK and KEK certificates 
These are only needed when you are going to ship DB updates to existing
systems, which we are not going to do. Our EFI variables are only for
testing. End users are expected to use EFI variables provided by their
hosts or hardware vendors. We presumably provided these before because
some PK and KEK does need to be provided, but we can now use the
Microsoft and Red Hat ones provided via Gentoo's edk2 package.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
 2024-11-12 12:02:00 +00:00
James Le Cuirot
c0b58cf56b
Reuse Secure Boot EFI variables image prepared by Gentoo 
Rather than starting with a blank image, reuse the image that already
has the Microsoft certificates and the latest DBX revocation list
applied. Gentoo also applies the Red Hat certificates, which we don't
need, but this is okay.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
 2024-11-12 12:01:59 +00:00
James Le Cuirot
e50fe0a7e4
sys-firmware/edk2-aarch64: Drop in favour of edk2-bin 
edk2-bin now supports multiple platforms, including QEMU on arm64, so we
no longer need to use Fedora's build. Note that the Secure Boot
implementation is currently insecure as it lacks SMM, which is needed to
protect the EFI variable store.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
 2024-11-12 12:01:58 +00:00