this does two things; reduces the logging output and updates the
dependencies to the latest to fix an issue with openssh-keys where it
didn't parse authorized_keys files correctly
Portage did not strip the xpak trailer off .tbz2 files, which caused it
to fail when using compression methods other than bzip. Backport the
fixes for this.
When telinit is run and doesn't detect the host systemd, it falls
back to executing a default fallback program that is detected by
meson. In this case, it detects itself at /sbin/telinit, so it
enters an infinite exec loop. Change the default fallback program
to a non-existent path so that telinit just fails in the SDK.
Drop EFI lockdown patches and options to reduce maintenance overhead.
They can be re-added from Fedora's efi-lockdown.patch when we pick up
the Secure Boot work again.
BLK_CPQ_CISS_DA was removed in 253d2464df446456c0bba5ed4137a7be0b278aa8
in favor of SCSI_HPSA. /dev/cciss/* devices will be remapped to /dev/sd*.
NFT_FIB_NETDEV is a new nftables lookup type.
SLAB_FREELIST_HARDENED obfuscates pointers in the slab cache freelists.
RC_CORE enables support for IR and RF transceivers, and is enabled by
defconfig.
This should be a no-op for what is actually built into the images, but
we should aim to have correct ebuilds. It also ensures Ignition is
emerged after util-linux.
iproute was in the overlay for a patch, but as of 4.13 that patch has
been merged upstream (commit d6a4076b6ba6547d7e52c377a7c58c56eb5ea16e).
Move iproute2 back to portage-stable.
coreos-init versions older than 0.0.1-r152 still have the
update-ssh-keys shell script which means the update-ssh-keys package
fails to install. to fix this, we make coreos-base/update-ssh-keys block
on versions of coreos-init that are too old.
This is being added in no small part to better support running the
kubelet in more ways.
It adds up to a few hundred kbs of disk usage, and the benefit is some
tooling which desires to install the kubelet as a static binary on the
host can do so with fewer problems.
We could have picked either readline or ssl as a thing to remove in
package.use since the license issue is ssl XOR readline.
I arbitrarily picked ssl. The primary consumer of socat, the kubelet,
needs neither.
