Add suggestions by @pothos from code review
- use `cp --reflink=auto`
- spelling error fixes
Co-authored-by: Kai Lüke <pothos@users.noreply.github.com>
ci-automation builds on the SDK container and simplifies CI automation
build tasks (SDK bootstrap, SDK container, packages, image, VMs).
See ci-automation/README.md for a brief introduction.
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
This change introduces a containerised SDK as a replacement for cork SDK
operations. It also simplifies versioning by removing the need for
manifest repos as well as usage of the "repo" tool by use of git
submodules for coreos-overlay and portage-stable.
The following feature scripts are added:
- run_sdk_container: Run a command in an SDK container, using the
current scripts repo + ebuild submodules.
current scripts repo + ebuild submodules.
- bootstrap_sdk_container / build_sdk_container_image: Bootstrap a new
SDK and create an SDK container from the resulting SDK tarball.
The following additions have been made to SDK scripts:
- setup_board: add --pkgdir parameter to use a custom binary packge
directory.
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
If we use date format of DD-MM-YYYY in changelog file names, the files
will not sorted by date. e.g. 01-12-2021 will come before 25-11-2021.
Use date format of YYYY-MM-DD to make the files sorted by date.
If we use date format of DD-MM-YYYY in changelog file names, the files
will not sorted by date. e.g. 01-12-2021 will come before 25-11-2021.
Use date format of YYYY-MM-DD to make the files sorted by date.
If we use date format of DD-MM-YYYY in changelog file names, the files
will not sorted by date. e.g. 01-12-2021 will come before 25-11-2021.
Use date format of YYYY-MM-DD to make the files sorted by date.
We override `PARALLEL_TESTS`, because kola run with PARALLEL_TESTS >= 4
causes the tests to provision >= 12 ARM servers at the same time. As the
da11 region does not have that many free ARM servers, the whole tests
will fail. With PARALLEL_TESTS=2 the total number of servers stays < 10.
In addition, we override `timeout` to 10 hours, because it takes more
than 8 hours to run all tests only with 2 tests in parallel.
Flatcar is in the NIST CPE dictionary. Let's programmatically build the
`CPE_NAME` in the build process in order to be scanned.
`CPE_NAME` is part of `/etc/os-release` with the following manual entry:
```
CPE_NAME=
A CPE name for the operating system, in URI binding syntax, following the Common Platform Enumeration Specification[2] as proposed by the NIST.
This field is optional. Example: "CPE_NAME="cpe:/o:fedoraproject:fedora:17""
...
[^2]: Common Platform Enumeration Specification
http://scap.nist.gov/specifications/cpe/
```
Which indicates that the current version of CPE is 2.3.
Closes: https://github.com/flatcar-linux/Flatcar/issues/536
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
By accident the upstream files from the example folder got used,
instead of the downstream files that were added in the files/ folder.
Also, the configuration file didn't get installed.
Use the right paths to install the downstream files.
Equinix Metal ARM server are not yet hourly available in the default `sv15` region
so we override the `PACKET_REGION` to `Dallas` since it's available in this region.
We do not override `PACKET_REGION` for both board on top level because we need to keep proximity
for PXE booting.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
with this patch, we allow `unlabeled_t` to associate to tmpfs
filesystem.
It aims to solve the AVC we have with `torcx` with the
`torcx-generator`:
```
Nov 15 09:45:43 localhost audit[688]: AVC avc: denied { associate } for pid=688 comm="torcx-generator" name="docker" dev="tmpfs" ino=2 scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=0
```
It has been not been caught earlier because it occurs
when the system boots with `SELinux` in `enforcing` mode.
This denial was preventing torcx to finish correctly its setup and so
Docker was not able to start.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Since every tag of the nss Github repo has `_` delimiters, we need to
first use `sort -t_` for sorting, then after that we need to replace `_`
with `.` by calling tr. Without that conversion, the input ebuild file
name will be wrong.
We fixed the issue in all other maintenance branches, but not in main.
Fix that also in main.
Automatically update app-misc/ca-certificates , a derivative of
nss https://hg.mozilla.org/projects/nss . To make things easier,
we simply check for new releases on its Github mirror
https://github.com/nss-dev/nss . When the new latest tag is found,
simply bump the version of ca-certificates ebuild.
