mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-09-26 08:01:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
30,065 Commits 630 Branches 398 Tags
Commit Graph

30065 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Michael
4c5c1fb86f profiles: sync lxml on arm64 2017-07-18 12:49:54 -07:00
Euan Kemp
cdf275cd3e Merge pull request #710 from euank/coreos-card_signing 
coreos_sign_update: Use smartcards for signing (updated)
 2017-07-18 11:35:35 -07:00
David Michael
c78baf748b Merge pull request #2652 from coreosbot/master 
Upgrade Linux in master to 4.12.2
 2017-07-17 15:37:54 -07:00
Jenkins OS
467cedff05 sys-kernel/coreos-sources: bump to 4.12.2 2017-07-17 20:23:39 +00:00
David Michael
9e399e19de Merge pull request #2648 from dm0-/dracut 
profiles: upgrade to dracut 045
 2017-07-13 18:31:11 -07:00
David Michael
a1d5775603 Merge pull request #563 from dm0-/dracut 
bump(sys-kernel/dracut): sync with upstream
 2017-07-13 18:29:28 -07:00
David Michael
44a42faa1e sys-kernel/bootengine: bump for dracut 045 2017-07-13 18:27:42 -07:00
David Michael
5446be23f3 profiles: upgrade to dracut 045 2017-07-11 18:23:39 -07:00
David Michael
125bb460d8 bump(sys-kernel/dracut): sync with upstream 2017-07-11 18:22:27 -07:00
Euan Kemp
61be39c999 core_sign_update: remain compatible with older sign.sh 
The motivation behind retaining this backwards compatibility, at least
now, is that it's actually non-trivial to revert these code changes for
a given release.

The `sign.sh` changes can easily be changed, but the `core_sign_update`
code is included in the update-specific "au_zip" file. Replacing that is
a little more fiddly.

Since it's possible we'll still want to revert to the previous signing
behavior, make it so the update payload (namely core_sign_update) should
work both under the previous `sign.sh` script, and when using the new
one.
 2017-07-11 13:55:59 -07:00
David Michael
8ac62a5664 Merge pull request #2642 from dm0-/torcx 
app-arch/torcx: bump to v0.1.0-alpha.3
 2017-07-11 12:16:25 -07:00
David Michael
9889f2681c Merge pull request #2647 from dm0-/glsa 
profiles: sync man-db version on arm64
 2017-07-10 12:36:52 -07:00
David Michael
ee7a21794d Merge pull request #562 from dm0-/glsa 
Sync GLSAs
 2017-07-10 12:36:42 -07:00
David Michael
00d0400d58 bump(dev-libs/libpipeline): sync with upstream 2017-07-09 17:44:36 -07:00
David Michael
254e6d949d profiles: sync man-db version on arm64 2017-07-09 17:39:13 -07:00
David Michael
ae4583d564 bump(app-text/manpager): sync with upstream 2017-07-09 17:29:18 -07:00
David Michael
5c70328f3f bump(sys-apps/man-db): sync with upstream 2017-07-09 17:24:50 -07:00
David Michael
2327a315bb bump(metadata/glsa): sync with upstream 2017-07-09 17:18:14 -07:00
Euan Kemp
5cbc755abc offline_signing: use a smartcard URI 2017-07-06 13:50:27 -07:00
Euan Kemp
2146975588 coreos_sign_update: return 'legacy' signing support 
We currently sign with both a devel key and a prod key. The devel key is
insecure and need not be included on a smartcard, so it makes sense to
leave it be on disk.

However, the previous commit's padding changes removed this legacy
method of signing.
For simplicity, simply re-introduce the old logic conditionally based on
whether it's a smartcard or not.

Alternate options could be using `-pkcs` instead of `-raw` for both
keys, but that is a more intricate change I'd be less confident in
making.
 2017-07-06 13:50:27 -07:00
Matthew Garrett
54048fbb00 coreos_sign_update: Use smartcards for signing 
Sign updates using private keys on smartcards. This involves changing the
padding approach - rather than including the padding in the hash, ask the
card to generate the padding itself, since the card will refuse to sign
pre-padded material. Use + as a key separator rather than : as the PKCS#11
URI includes colons.
 2017-07-06 13:50:27 -07:00
David Michael
15217f8003 Merge pull request #2646 from dgonyeo/ignition 
sys-apps/ignition: 0.17.0 -> 0.17.1
 2017-07-05 15:39:44 -07:00
Derek Gonyeo
10f31b7297 sys-apps/ignition: 0.17.0 -> 0.17.1 2017-07-05 15:38:27 -07:00
David Michael
35ea95152c app-arch/torcx: bump to v0.1.0-alpha.3 2017-07-05 11:00:05 -07:00
Benjamin Gilbert
4bfb26d23e Merge pull request #2641 from bgilbert/4.12 
sys-kernel/coreos-*: bump to v4.12
 2017-07-03 18:34:01 -07:00
Benjamin Gilbert
eac64b8cd5 sys-kernel/coreos-*: bump to v4.12 
CONFIG_EDAC_MM_EDAC was merged into CONFIG_EDAC, and the latter converted
to a tristate, in e3c4ff6d8c949fa9a9ea1bd005bf1967efe09d5d.
 2017-07-03 18:08:51 -07:00
Benjamin Gilbert
ab20c61d1d Merge pull request #2628 from bgilbert/packet 
Sync with Packet provisioner
 2017-06-30 23:29:36 -07:00
David Michael
1ca83d763a Merge pull request #2640 from dm0-/install 
coreos-base/coreos-init: bump for sync fixes
 2017-06-30 18:54:58 -07:00
David Michael
832db7af43 coreos-base/coreos-init: bump for sync fixes 2017-06-30 18:42:40 -07:00
Benjamin Gilbert
e39e10d31f sys-kernel/bootengine: bump for Packet networking via coreos-metadata 2017-06-30 18:36:44 -07:00
Benjamin Gilbert
637fc28091 coreos-base/coreos-metadata: bump to v0.12.0 2017-06-30 18:34:14 -07:00
Benjamin Gilbert
b2c6b39ac7 sys-apps/baselayout: bump to disable automatic creation of bond0 2017-06-30 18:20:34 -07:00
Benjamin Gilbert
6a199b1bd5 coreos-base/oem-packet: bump version 2017-06-30 18:16:31 -07:00
Benjamin Gilbert
0379e5e336 coreos-base/oem-packet: replace deprecated vga= argument 
GRUB warns at boot:

    vga=773 is deprecated. Use set gfxpayload=1024x768x8,1024x768 before
    linux command instead.
 2017-06-30 18:16:31 -07:00
Benjamin Gilbert
22113d7983 coreos-base/oem-packet: enable coreos.autologin 
Access control for the SOS console uses the same SSH keys that are
injected into the instance. The Packet provisioner already enables
this option.
 2017-06-30 18:16:31 -07:00
Benjamin Gilbert
a0bebdd68d coreos-base/oem-packet: update console config to match Packet provisioner 
Our default console settings are fine on arm64 but not on x86.
 2017-06-30 18:16:31 -07:00
Benjamin Gilbert
0a4101e2a0 coreos-base/oem-packet: improve wording of unit description 2017-06-30 18:16:31 -07:00
Benjamin Gilbert
10730f3e3a coreos-base/oem-packet: retry phoning home until it succeeds 2017-06-30 18:16:31 -07:00
Benjamin Gilbert
60e9819077 coreos-base/oem-packet: send Content-Type when phoning home 2017-06-30 18:16:31 -07:00
David Michael
2447debece Merge pull request #705 from dm0-/jenkins 
Add Jenkins scripts
 2017-06-30 17:04:46 -07:00
David Michael
f5398d962b Merge pull request #2639 from dgonyeo/metadata 
coreos-base/coreos-metadata: v0.9.0 -> v0.11.0
 2017-06-30 15:23:24 -07:00
Derek Gonyeo
f1e659960d coreos-base/coreos-metadata: v0.9.0 -> v0.11.0 2017-06-30 15:20:00 -07:00
David Michael
b2e1d84861 Merge pull request #2638 from dgonyeo/ignition 
sys-apps/ignition: v0.16.0 -> v0.17.0
 2017-06-30 14:38:41 -07:00
Derek Gonyeo
d7f4ce99d7 sys-apps/ignition: v0.16.0 -> v0.17.0 2017-06-30 14:35:44 -07:00
David Michael
f3d8fde907 Merge pull request #2637 from AlexNPavel/vagrant-virtualbox-oem-id 
oem-vagrant-virtualbox: change vagrant-virtualbox's oem-id to "vagrant-virtualbox"
 2017-06-30 14:02:55 -07:00
David Michael
6265999206 Merge pull request #561 from dm0-/glsa 
bump(media-libs/libjpeg-turbo): sync with upstream
 2017-06-30 13:59:46 -07:00
Alexander Pavel
0e863389e8 oem-vagrant-virtualbox: update ebuild version to 0.0.2 2017-06-30 13:58:34 -07:00
David Michael
32a0bd8b52 bump(media-libs/libjpeg-turbo): sync with upstream 2017-06-30 13:22:30 -07:00
Alexander Pavel
d474a97ece oem-vagrant-virtualbox: change oem-id to "vagrant-virtualbox" 
This changes the oem-id from "virtualbox" to "vagrant-virtualbox"
to allow for more flexibility and add coreos-metadata support
for this oem
 2017-06-30 10:08:49 -07:00
David Michael
19d9423db9 Merge pull request #2636 from dm0-/install 
coreos-base/coreos-init: bump for coreos-install upgrade
 2017-06-29 19:54:33 -07:00