update_engine needs to access context from SHA256 to store it and
restore it for further computations on it.
With OpenSSL SHA256 v3 implementation is not possible, let's use the
libsodium implementation.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
- sys-libs/pam: Make /sbin/unix_chkpwd suid
This is to avoid importing fcaps eclass which adds a dependency on
sys-libs/libcap, which in turn depends on sys-libs/pam. To get out of
this conundrum, we could specify a "-filecaps" use flag for
sys-libs/pam. Problem with this solution would be no capability
override for the binary making it unable to read /etc/shadow. Thus we
make the binary suid. This is strictly less secure than overriding its
capabilities, but I have no idea how to solve it in a less hacky way.
- sys-libs/pam: Install configuration into /usr
Also provide a tmpfiles fragment to bring it back.
- sys-libs/pam: Locked accounts functionality
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
- Fix cross build issues with configuring gmp libs
As gdb 11 or newer requires gmp libs as dependency, a cross build of
gdb 11.2 started to fail when its configure scripts try to detect if
gmp exists. The failure occurs mainly because the build still
passes '-L/usr/lib64` to LDFLAGS. Let's say, for example, host
toolchains outside of sysroot have amd64 libs, while the target
inside of sysroot should have arm64 libs. However, configure scripts
of gdb 11.2 still try to find its libs outside of sysroot,
/usr/lib64, although it should find its libs inside of sysroot,
e.g. /build/arm64/usr/lib64.
To fix the cross build issues, pass --with-sysroot as well as
--libdir, correctly with ${ESYSROOT}.
As a side note, for some reason, upstream gdb configure scripts are
not able to correctly make use of its gmp-specific options like
--with-gmp or --with-gmp-lib. Passing those options does not bring
anything. Also configure must have both --with-sysroot and
--libdir, to make the build work.
- Replace dependency on virtual/yacc with app-alternatives/yacc
The former is gone in favor of the latter in Gentoo. This change
will be dropped when we sync the package with Gentoo again.
- take care of nscd.conf via tmpfiles, add files/nscd-conf.tmpfiles.
- comment out 'dostrip -x' to force the OS image binaries to be stripped
- remove everything glibc wants to put under /etc since we use
baselayout to provide that
- replace virtual/awk with app-alternatives/awk
Users reported a deadlock in ext4 that occurs under loads after kernel 5.15.72.
We debugged and found that this issue is also present upstream (6.x) and found
a fix. The fix has been validated to fix the issue, but we're still waiting for
a reponse from the ext4 maintainer.
In the meantime, apply the backport to our kernel sources, so that users can be
unblocked from updating. This will be released to alpha/beta first, and
hopefully by the time it is promoted to stable, the fix will be merged to the
kernel tree and backported to 5.15.
