For the less common case where binpkgs are not used, restructure
this so that it builds binpkgs in /usr/${CHOST} without installing
them, use those binpkgs to initialize /build/${BOARD}.
Since EAPI=7 was supported, portage can no longer use different
ROOT and SYSROOT values. The torcx images were installed into a
temporary root directory after being built using the board's
development files. To continue using this setup, the torcx image's
packages are built as normal binary packages for the board root
without being installed, then the binary packages are installed in
the temporary torcx root.
Since EAPI=7 was supported, portage can no longer use different
ROOT and SYSROOT values. This adjusts the paths so that the first
phase builds cross-toolchains under /usr/${CHOST}, then the native
toolchains are built under /build/${BOARD} (as was being done
previously). Now that the cross-toolchain development files can't
be used when building the native toolchain, the headers and libs
are stupidly copied into the board root to be used used and then
overwritten by the board packages as they are built. Since this is
all done in a chroot, these changes shouldn't affect the SDK host.
Add Go 1.10 to the SDK root for Docker components pinned at 1.10 to
build in torcx images, since 1.10 won't be pulled in by other SDK
dependencies now that 1.11 is the default version.
Also just add Go 1.11 now so we don't get into the same situation
when 1.12 is released.
CC_STACKPROTECTOR_STRONG was refactored in 050e9baa9d and the replacement
is enabled by default.
Several NFT_* modules were combined.
NFT_SET_* were combined into NF_TABLES_SET in e240cd0df4.
AUTOFS4_FS is a legacy alias for AUTOFS_FS as of a2225d931f.
Since the kernel is no longer buildable for arm64, disable the QEMU
targets that were used by dracut to create the arm64 initramfs.
Also disable LLVM's arm64 support to speed up SDK Rust builds.
Add a package for google cloud's oslogin functionality. This adds the
pam and nss modules but not any configuration to activate them. That
configuration will live in the coreos-base/oem-gce package.
Furthermore, despite being gce specific, this will be included in USR
since it is security critical and may need to be updated.
Also update coreos-base/coreos-oem-gce's manglefs.sh script to enable
the network daemon instead of the ip_forwarding daemon (since that was
reworked upstream).
