I don't think we need to be strict about installed go version
anymore. We'll just pull the latest one from Gentoo. If Gentoo's
version is too new, we can temporarily mask the update.
Also relax the dependency from depending on certain slot of
dev-lang/go to depending on any newer version of the package and any
slot (but forcing rebuild on slot change).
It's from Gentoo commit a1cbaebe28de048b8120c353b0669b3829a34d6f.
Gentoo's ebuild look mostly like our coreos-go-lang eclass, but with
possibly some improvements. The difference is in slotting - Gentoo
uses "0/${PV}" and Flatcar uses "${MAJOR}.${MINOR}/${PV}". I don't
think that there is any practical sense in diverging here - maybe it
made sense at the times when we had several version of go because some
packages were really picky about which version of go was used to build
them.
Some dependency was dropped and the man group and user packages are
not installed any more. Bring them in with an eventual goal of
dropping group and passwd from baselayout.
It's from Gentoo commit c6f66f3f44b35413f09f95ddbd52fecb19e2d8f3.
We apply modifications without changing the ebuild:
- The tmpfiles config files are not necessary any more for files in
/etc, so we just put the config there directly.
- The c_rehash dependency was moved to its actual user - the
app-misc/ca-certificates package.
- We override openssl command to make it a no-op for rehashing during
the pkg_postinst phase.
It was relying on dev-libs/openssl pulling app-misc/c_rehash. But in
Gentoo, openssl dropped its dependency on c_rehash, as openssl does
not need it. Our ca-certificates package is using c_rehash in its
systemd service, so depend on c_rehash directly.
This will remove one modification we make to openssl package.
It's from Gentoo commit e11eb4b6fbdae37dfaf9c62ce17fbd0a103bf9d7.
We apply our modifications in a bit different way to avoid modifying
the ebuild itself:
- To avoid having unstripped binaries we add a hack to make "dostrip x
-/" a noop.
- Using tmpfiles for putting the nscd config file into /etc is not
necessary any more - our overlay setup for /etc will handle it. We
add a symlink at /usr/share/baselayout/nscd.conf to point to its
flatcar-etc counterpart for backward compatibility.
- Using tmpfiles for creating a directory under /var is also not
necessary - at a later build stage we will generate such a tmpfile
for all the directories in /var.
The trigger to move the glibc to portage-stable was to update it to
address some security issue.
It's from Gentoo commit e9492217affdba34c6691244a2ff275b4d65cdb4.
We can do the move by applying our modifications in a different way:
- Instead of removing dev-lang/perl runtime dependency, we add
dev-lang/perl to package.provided for the generic profile.
- We remove OpenLDAP schema files and sudo.conf with install mask.
- We keep sudoers.d with a post-src_install hook.
The move was triggered by a need to handle the missing USE=sudo in
newer versions of sys-auth/sssd package, which is dependency of
app-admin/sudo.
