mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-30 02:41:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
22,893 Commits 611 Branches 397 Tags
Commit Graph

22893 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marga Manterola
cd0f74d157 Merge pull request #777 from kinvolk/linux-5.10.7-main 
Upgrade Linux Kernel in main from 5.10.4 to 5.10.7
 2021-01-13 10:45:46 +01:00
Dongsu Park
e1a95462f8 Merge pull request #773 from kinvolk/dongsu/bsdiff-CVE-2020-14315 
dev-util/bsdiff: fix heap overflow vulnerability CVE-2020-14315
 2021-01-13 08:58:18 +01:00
Flatcar Buildbot
f8301ebf2d sys-kernel: Upgrade coreos-kernel 5.10.4 to 5.10.7 2021-01-13 07:57:23 +00:00
Dongsu Park
9a4dd68239 dev-util/bsdiff: fix heap overflow vulnerability CVE-2020-14315 
Fix a heap overflow vulnerability in bspatch included in bsdiff.

Originally the security issue was published as [FreeBSD-SA-16:29](https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc),
which pointed to a FreeBSD [patch](https://security.freebsd.org/patches/SA-16:29/bspatch.patch).
However, the patch was a set of huge changes including other unrelated
changes. That's why it was not simple at all to apply the patch to
bsdiff. Both Gentoo and Flatcar have not included the fix.

Fortunately X41 D-SEC [examined](https://www.x41-dsec.de/security/news/working/research/2020/07/15/bspatch/)
the issue again, and nailed down to a simple patch that can be easily
applied to other trees. We simply take the patch with minimal changes.

See also [CVE-2020-14315](https://nvd.nist.gov/vuln/detail/CVE-2020-14315).
 2021-01-12 17:14:44 +01:00
Dongsu Park
4f4a76a1a2 Merge pull request #772 from kinvolk/dongsu/github-actions-envvar-string 
.github: fix env vars and sed expressions
 2021-01-12 17:14:05 +01:00
Dongsu Park
b41e27188f .github: escape dot correctly in sed expressions 
So far all sed expressions have used correct regular expressions around
semantic versions, around `.`. As a result, they matched strings even
without correct dots in place.

We need to escape the dot correctly.
 2021-01-12 13:36:00 +01:00
Dongsu Park
0a93596e4a .github: pass env variables explicitly as string 
Since Kernel 5.10, Github Actions simply stopped working.
What happens is that `KV_MAIN` gets passed as environmental variable to
the inline script, but not as string but float, because it contains `.`.
Apparently the last digit of the misinterpreted float number is
afterwards simply dropped by YAML parsing library used by GA.
As a result, `KV_MAIN` becomes `5.1` instead of `5.10`, `versionMain`
becomes simply `5.10`, not `5.10.6`. Then in the next steps,
both `VERSION_NEW` and `VERSION_OLD` become `5.10`, and the script
thinks it is already the latest version, so simply does not create a new
pull request.

It was not an issue when Kernel version is <= 5.9, because no digit
got dropped from the variable. Now the hidden issue was uncovered.

Simply set `KV_MAIN` or others explicitly as strings, by adding quotes,
to avoid such issues.
 2021-01-12 13:35:50 +01:00
Kai Lüke
2c1655907e Merge pull request #771 from kinvolk/kai/containerd-default-socket 
app-emulation/containerd: Switch to default socket location
 2021-01-11 16:50:48 +01:00
Kai Lüke
0b91fe4603 app-emulation/containerd: Add upstream service file settings 
The service file was missing some options from
https://github.com/containerd/containerd/blob/master/containerd.service
 2021-01-11 12:41:23 +01:00
Kai Lüke
8727d0fc62 app-emulation/containerd: Switch to default socket location 
The upstream socket is under /run/containerd/containerd.sock which many
tools like crictl will use by default and diverging causes users to
always have to configure a non-default location.
Switch to the upstream default while still keeping a symlink so that
users are not forced to update their configurations they had to do for
the non-default location. This also keeps Docker using the old socket
location as an assertion that the symlink works. The state directory
is also switch to the default location.
 2021-01-11 12:09:41 +01:00
Kai Lüke
58579a67e4 Merge pull request #769 from kinvolk/kai/resolv-conf-no-loopback 
sys-apps/systemd: Switch back to using a merged /etc/resolv.conf
 2021-01-08 13:29:50 +01:00
Kai Lüke
e4760d942c sys-apps/systemd: Switch back to using a merged /etc/resolv.conf 
Using only 127.0.0.53 for /etc/resolv.conf causes problems for
Kubernetes which is not systemd-resolved aware yet (the kubelet passes
on /etc/resolv.conf contents to containers).
Switch back for now to merging all DNS servers into /etc/resolv.conf
which breaks split DNS and we need to document how to make split DNS
work for those that want it.
 2021-01-08 13:29:12 +01:00
Kai Lüke
28055544d9 Merge pull request #768 from kinvolk/kai/coreos-metadata-retry-remain 
coreos-base/afterburn: Restart on failure and keep unit active
 2021-01-08 11:10:43 +01:00
Kai Lüke
79878e9388 coreos-base/afterburn: Restart on failure and keep unit active 
When the metadata server is unavailable for some time the service did
not retry. Also, the service was triggered possibly multiple times
each time another service pulled it in which can cause problems if,
e.g., the service experiences a failure and corrupts the existing file
which could have been kept because rerunning wasn't needed.

Fixes https://github.com/kinvolk/Flatcar/issues/311
 2021-01-07 20:20:41 +01:00
Kai Lüke
981b744828 Merge pull request #766 from kinvolk/kai/containerd-no-shim-debug-log 
app-emulation/containerd: Disable shim debug logs
 2021-01-06 17:00:08 +01:00
Kai Lüke
ebba6e5e1a app-emulation/containerd: Disable shim debug logs 
Debug output clutters the logs which with K8s liveness/readiness probes
quickly becomes a problem.

Fixes https://github.com/kinvolk/Flatcar/issues/313
 2021-01-06 12:49:20 +01:00
Flatcar Buildbot
28c90ee8b9 dev-lang: Upgrade dev-lang/rust 1.48.0 to 1.49.0 2021-01-05 08:02:08 +00:00
Flatcar Buildbot
d961e5519e Upgrade virtual Rust in main from 1.48.0 to 1.49.0 2021-01-05 08:00:51 +00:00
Kai Lüke
e194b4b183 Merge pull request #764 from kinvolk/kai/bump-baselayout-for-resolved 
sys-apps/baselayout: Point to latest repo state
 2021-01-04 19:16:35 +01:00
Kai Lüke
e4cfa10306 sys-apps/baselayout: Point to latest repo state 
This pulls in
https://github.com/kinvolk/baselayout/pull/10
https://github.com/kinvolk/baselayout/pull/14
https://github.com/kinvolk/baselayout/pull/11
to configure systemd-resolved.
 2021-01-04 19:14:22 +01:00
Kai Lüke
29ba53843b Merge pull request #730 from f0o/issue-285-full 
Update systemd-9999.ebuild to use systemd-resolved's stub resolver
 2021-01-04 19:10:39 +01:00
Marga Manterola
0f7d620c01 Merge pull request #759 from kinvolk/firmware-20201218-main 
Upgrade Linux Firmware in main from 20201118 to 20201218
 2021-01-04 18:53:00 +01:00
Marga Manterola
63d3279946 Merge pull request #760 from kinvolk/marga-kinvolk/linux-5.10.4 
Move main to kernel 5.10.4
 2021-01-04 18:50:14 +01:00
Margarita Manterola
015d4701ef Move to kernel 5.10 
With this change, we start tracking linux 5.10. Only a couple of config
changes were necessary:

1. Explicitly include `CONFIG_IP6_NF_IPTABLES`, as it's no longer
   implicitly included.
   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=144b0a0e608690d46e9a77819249bdd8d23bdcb6

2. Move `CONFIG_EFI_VARS` to amd64 only, as it's no longer available on
   non Intel platforms. It's been replaced by `CONFIG_EFIVARS_FS` which
   is already enabled on the common config.
   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=963fabf37f6a94214a823df0a785e653cb8ad6ea
 2021-01-04 18:49:28 +01:00
Marga Manterola
75c8758fb2 Merge pull request #763 from kinvolk/marga-kinvolk/init 
Track latest init commit
 2021-01-04 18:15:11 +01:00
Margarita Manterola
181c13bddc Track latest init commit 
Needed for kinvolk/Flatcar#278
 2021-01-04 17:44:22 +01:00
Marga Manterola
df660df80e
Merge pull request #108 from kinvolk/marga-kinvolk/gce-pro 
Add GCE Pro OEM type
alpha-2748.0.0 		2021-01-04 11:59:44 +01:00
Flatcar Buildbot
d11f86c31c sys-kernel: Upgrade Linux Firmware 20201118 to 20201218 2020-12-24 07:22:34 +00:00
Margarita Manterola
cf7f4bd4a4 Add GCE Pro OEM type 2020-12-22 13:52:52 +01:00
Dongsu Park
17befbdad6 Merge pull request #753 from kinvolk/dongsu/kernel-config-btf 
sys-kernel: enable CONFIG_DEBUG_INFO_BTF
 2020-12-18 17:28:53 +01:00
Dongsu Park
6c2015484a sys-kernel: enable CONFIG_DEBUG_INFO_BTF 
CONFIG_DEBUG_INFO_BTF enables debug info for BTF (BPF Type Format) and
CO-RE (BPF compile once, run everywhere).

See also https://github.com/kinvolk/Flatcar/issues/225.
 2020-12-18 10:44:25 +01:00
Dongsu Park
842daeb3d2 Merge pull request #747 from kinvolk/rust-1.48.0-main 
Upgrade dev-lang/rust in main from 1.47.0 to 1.48.0
 2020-12-17 12:40:51 +01:00
Dongsu Park
c0065d5e68 Merge pull request #135 from kinvolk/rust-1.48.0-main 
Upgrade virtual Rust in main from 1.47.0 to 1.48.0
 2020-12-17 12:40:37 +01:00
Dongsu Park
84b0d50108 Merge pull request #743 from kinvolk/linux-5.9.14-main 
Upgrade Linux Kernel in main from 5.9.12 to 5.9.14
 2020-12-16 08:02:51 +01:00
Vincent Batts
d46b95ba29
Merge pull request #91 from kinvolk/vbatts/arm 
qemu_template: use more cpus for ARM if available
alpha-2723.0.0 		2020-12-15 08:29:10 -05:00
Dongsu Park
8fa4a13cb5 Merge pull request #664 from kinvolk/dongsu/sqlite-gentoo 
dev-db/sqlite: move to portage-stable
 2020-12-15 14:26:03 +01:00
Dongsu Park
8b5f29caa1 Merge pull request #121 from kinvolk/dongsu/sqlite-gentoo 
dev-db/sqlite: update to 3.33.0
 2020-12-15 14:25:51 +01:00
Kai Lüke
fe479fe71c Merge pull request #748 from kinvolk/kai/set-sysctl-rp_filter 
sys-apps/baselayout: Point to latest repo state
 2020-12-15 11:57:09 +01:00
Kai Lüke
eb0bb3ba0c sys-apps/baselayout: Point to latest repo state 
This pulls in
https://github.com/kinvolk/baselayout/pull/13
to set sysctl rp_filter=0 and reorder how the configs are applied.
 2020-12-15 11:48:38 +01:00
Kai Lüke
fc82b5c839 Merge pull request #746 from kinvolk/kai/systemd-drop-sysctl-patches 
sys-apps/systemd: Drop sysctl rp_filter patches
 2020-12-15 11:16:20 +01:00
Kai Lüke
ef631cd7af
Merge pull request #106 from kinvolk/kai/aws-pro 
Add AWS Pro OEM type
 2020-12-15 11:14:25 +01:00
Dongsu Park
dc53e59e55 dev-lang/rust: adjust patches for 1.48.0 
Adjust third-party patches to fix build issues.
 2020-12-15 08:51:39 +01:00
Flatcar Buildbot
f20064e51a dev-lang: Upgrade dev-lang/rust 1.47.0 to 1.48.0 2020-12-15 07:43:37 +00:00
Flatcar Buildbot
e281533d23 Upgrade virtual Rust in main from 1.47.0 to 1.48.0 2020-12-15 07:43:14 +00:00
Dongsu Park
3455ae56ec Merge pull request #735 from kinvolk/firmware-20201118-main 
Upgrade Linux Firmware in main from 20200918 to 20201118
 2020-12-15 07:39:45 +01:00
Kai Lüke
86afa84167 sys-apps/systemd: Drop sysctl rp_filter patches 
The patches were not taking effect because they did not set
net.ipv4.conf.default.rp_filter for new interfaces. Also, they got
overwritten by the baselayout configuration which takes precedence
and is the place for Flatcar-specific sysctl settings.
The desired configuration was enfored there:
https://github.com/kinvolk/baselayout/pull/13
 2020-12-14 20:50:37 +01:00
Dongsu Park
5d698a1083 Merge pull request #740 from kinvolk/dongsu/repo-2.8 
dev-vcs/repo: update to 2.8 for python3
 2020-12-14 16:42:14 +01:00
Sayan Chowdhury
3ac8f6a5da
Merge pull request #107 from kinvolk/sayan/fix-dev-container-path 
dev_container_util.sh: Use the shflags group instead of the default flag
 2020-12-14 21:10:16 +05:30
Sayan Chowdhury
95f05a9ad6
dev_container_util.sh: Use the shflags group instead of the default flag 
The build_image script invokes the create_dev_container function, and
passes the `FLAGS_group` as param. Use the param, to generate the
binhost URL instead of using the DEFAULT_GROUP which stays as developer
always.

Fixes: kinvolk/Flatcar#298
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
 2020-12-14 19:30:08 +05:30
Flatcar Buildbot
d5d99ca731 sys-kernel: Upgrade coreos-kernel 5.9.12 to 5.9.14 2020-12-12 07:24:43 +00:00