mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-18 02:16:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
9,990 Commits 629 Branches 394 Tags 166 MiB
a71094c33b
Commit Graph

8114 Commits

Author SHA1 Message Date
Krzesimir Nowak
482651582d .github: Checkout our base branch in SDK coreos-overlay too 2022-03-30 18:07:06 +02:00
Dongsu Park
74dd64cce9 Merge pull request #1775 from flatcar-linux/dongsu/gnutls-3.7.3 
profiles: delete keywords for gnutls
 2022-03-30 15:53:45 +02:00
Jeremi Piotrowski
163effa73b Merge pull request #1777 from flatcar-linux/jepio/coreos-sources-hyperv-backport 
coreos-sources: backport hyperv coherence fixes
 2022-03-30 15:29:52 +02:00
Jeremi Piotrowski
f49c0cfe73 Merge pull request #1765 from flatcar-linux/linux-5.15.32-main 
Upgrade Linux Kernel in main from 5.15.31 to 5.15.32
 2022-03-30 15:29:20 +02:00
Jeremi Piotrowski
e498f55aaf sys-kernel/coreos-sources: backport kernel patches that fix memory coherence on Hyper-V 
This is v3 of the patchset from here:
https://lore.kernel.org/lkml/1648138492-2191-1-git-send-email-mikelley@microsoft.com/T/#u

There was a slight merge conflict because hv_map_memory/hv_unmap_memory don't
exist in 5.15.
 2022-03-30 13:13:11 +02:00
Dongsu Park
1aa0a5b4a7 profiles: delete keywords for gnutls 
As we update gnutls to 3.7.3-r1 which is already stable, there is
no need to accept keywords for gnutls. Delete.
 2022-03-30 10:20:37 +02:00
Flatcar Buildbot
9847794b4f sys-kernel: Upgrade Kernel 5.15.31 to 5.15.32 2022-03-30 08:24:53 +02:00
Flatcar Buildbot
35ecf3f62c Update mantle commit to latest HEAD 2022-03-30 05:42:24 +00:00
Jeremi Piotrowski
cb4c868253 Merge pull request #1768 from flatcar-linux/jepio/mantle-update-action 
github/workflows: add mantle update action
 2022-03-30 07:42:07 +02:00
Jeremi Piotrowski
f33072ddfb github/workflows: add mantle update action 
This action runs over main and the release branches and creates a PR that
updates mantle reference to the latest one. By using a fixed branch name,
rerunning the action will update/close an existing PR if new mantle commits
happen or if the PR becomes obsolete.
 2022-03-29 15:59:12 +02:00
Mathieu Tortuyaux
0cbc562928 Merge pull request #1767 from flatcar-linux/tormath1/unconfined 
sec-policy/selinux-unconfined: move to ::portage-stable
 2022-03-29 15:55:39 +02:00
Krzesimir Nowak
3f07ae6f09 Merge pull request #1708 from flatcar-linux/krnowak/pkg-updates-2019 
Profile cleanups for updated packages from 2019
 2022-03-29 15:45:09 +02:00
Krzesimir Nowak
44c82bb8c5 coreos-base/hard-host-depends: Stop pulling in intltool 
The tool is deprecated, nothing pulls that in any more and it has a
dependency on dev-perl/XML-Parser, an updated version of which would
want to pull a bunch of new packages through dev-perl/libwww-perl.
Avoid the hassle and drop the tool.
 2022-03-29 13:21:53 +02:00
Krzesimir Nowak
11917036f8 coreos-base/hard-host-depends: Sort the deps 
Otherwise no changes done here.
 2022-03-29 13:15:59 +02:00
Krzesimir Nowak
2ed433c6cc sys-auth/realmd: Add new patches, update deps 
Realmd didn't have dev-util/intltool listed as a dependency, but it
actually required it during build. Apply a patch from upstream that
converts the project from intltool to gettext in order to get rid of
the dependency on the obsolete tool. To apply the patch without
conflicts, apply also another patch from upstream that modernizes the
configure.ac file.

We also disable the i18n through the --disable-nls flag. The disabling
is not complete though, so we still need to point gettext to the ITS
rules we have installed in ROOT.
 2022-03-29 13:14:27 +02:00
Mathieu Tortuyaux
65107a9d0f sec-policy/selinux-unconfined: move to ::portage-stable 
There is no Flatcar patches for this package.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-29 10:11:23 +02:00
Krzesimir Nowak
167c1e5ebf Merge pull request #1756 from flatcar-linux/linux-5.15.31-main 
Upgrade Linux Kernel in main from 5.15.30 to 5.15.31
 2022-03-24 19:34:55 +01:00
Mathieu Tortuyaux
743f7c470f changelog: add entry 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Co-authored-by: Kai Lüke <pothos@users.noreply.github.com>
 2022-03-24 17:00:10 +01:00
Mathieu Tortuyaux
c608794004 sys-kernel/bootengine: add cryptsetup in initramfs 
this is required to run luks encryption with ignition

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-24 17:00:10 +01:00
Krzesimir Nowak
afe689a3e3 .github: Update rust workflow to handle virtual/rust too 2022-03-24 16:56:44 +01:00
Krzesimir Nowak
778ed62f39 virtual/rust: Move from portage-stable 
This file is modified by some automation, so move it out from
portage-stable - there shouldn't be any modified stuff there.
 2022-03-24 16:44:21 +01:00
Flatcar Buildbot
60b5b921ad sys-kernel: Upgrade Kernel 5.15.30 to 5.15.31 2022-03-24 15:14:13 +01:00
Flatcar Buildbot
70038a7667 app-emulation: Upgrade Containerd 1.6.1 to 1.6.2 2022-03-24 11:18:36 +01:00
Dongsu Park
87ed710ec2 Merge pull request #1745 from flatcar-linux/sayan/update-util-linux-2.37.4 
profiles: disable su USE flag for util-linux
 2022-03-24 10:27:32 +01:00
Jeremi Piotrowski
f5b92b623f Merge pull request #1757 from flatcar-linux/jepio/workflows-lbzip2 
.github/workflows: install lbzip2 to speed up sdk creation
 2022-03-24 10:10:54 +01:00
Jeremi Piotrowski
cdd948d1c6 .github/workflows: install lbzip2 to speed up sdk creation 
Our github actions use cork to create an sdk chroot, which pulls down bzipped
archives. The runners have 2 CPUs, so this unpacking could be faster if we
installed lbzip2. Cork transparently uses lbzip2.
 2022-03-24 09:46:25 +01:00
Kai Lüke
9fdc34e13c Merge pull request #1750 from flatcar-linux/kai/go-binary-size 
eclass/coreos-go.eclass: strip Go binaries by default
 2022-03-23 21:39:26 +01:00
Krzesimir Nowak
d4850a6c86 coreos-devel/mantle: Bump to latest commit 2022-03-23 14:01:09 +01:00
Krzesimir Nowak
4a64240099 fixup! eclass/coreos-cargo: Ensure the modified config is valid TOML 2022-03-23 13:48:52 +01:00
Kai Lueke
e73121db37 eclass/coreos-go.eclass: strip Go binaries by default 
The size contains not only of the /usr partition but also the /boot
partition require that we reduce the size of binaries as much as
possible.
Strip all Go binaries by default.
 2022-03-23 13:11:15 +01:00
Krzesimir Nowak
090680dc6d Merge pull request #1746 from flatcar-linux/krnowak/emerge-gitclone-pr-fix 
coreos-base/emerge-gitclone: Pull PRs properly
 2022-03-22 19:47:43 +01:00
Krzesimir Nowak
97e608f538 coreos-base/emerge-gitclone: Pull PRs properly 
This usually doesn't happen for releases, but for development
dev-containers it might be the case that portage-stable or
coreos-overlay commit is specified as some pull request reference -
these need to be fetched differently, as refs from refs/pull usually
are not fetched by default.
 2022-03-22 16:21:07 +01:00
Mathieu Tortuyaux
21ef6d148d changelog: add entry 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-22 13:54:19 +01:00
Mathieu Tortuyaux
4f200d79ea profiles/coreos/base: enable fips across the OS 
only support by OpenSSL and Cryptsetup for now.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-22 13:43:14 +01:00
Krzesimir Nowak
7acca26ab6 coreos-base/afterburn: Add dependency on dev-libs/openssl 
The package depends on it through the openssl crate. Without openssl,
the package would fail to build because of missing header files.
 2022-03-22 10:26:03 +01:00
Krzesimir Nowak
14ec0b2456 eclass/coreos-cargo: Ensure the modified config is valid TOML 
We were appending the [build] section, and the updated cargo eclass
already added that to the config, so we ended up with having two
[build] sections in the config file. Try to amend the section instead
of appending it to the file. While at it, do the same with the
target.${RUST_TARGET} section too to be a bit more futureproof.
 2022-03-22 10:26:03 +01:00
Krzesimir Nowak
f302e69455 coreos-base/update-ssh-keys: Bump EAPI to 8 
EAPI 6 is too old for cargo eclass that gets inherited through
coreos-cargo.
 2022-03-22 10:26:03 +01:00
Krzesimir Nowak
ab735a5df4 coreos-base/afterburn: Bump EAPI to 8 
EAPI 6 is too old for cargo eclass that gets inherited through
coreos-cargo.
 2022-03-22 10:26:03 +01:00
Krzesimir Nowak
5eccaeb306 profiles: Update accept_keywords for dev-lang/nasm 
It is available for arm64 now, but still as unstable.
 2022-03-22 10:26:03 +01:00
Krzesimir Nowak
9dec83eaa9 profiles: Drop app-misc/jq from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-22 10:26:03 +01:00
Mathieu Tortuyaux
00cbb4bb25 profiles/base: accept tested version of cryptsetup 
it's required to pull fips support

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-22 09:55:19 +01:00
Krzesimir Nowak
32941dc278 Merge pull request #1712 from JAORMX/sssd-selinux-module 
Add sssd to list of SELinux modules enabled
 2022-03-21 18:20:08 +01:00
Dongsu Park
1385747481 Merge pull request #1742 from flatcar-linux/linux-5.15.30-main 
Upgrade Linux Kernel in main from 5.15.28 to 5.15.30
 2022-03-21 17:34:25 +01:00
Dongsu Park
62298daf6b Merge pull request #1743 from flatcar-linux/sayan/update-intel-microcode-20220207_p20220207 
sys-firmware/intel-microcode: update to 20220207_p20220207
 2022-03-21 13:57:22 +01:00
Dongsu Park
cf81bdd8ef sys-kernel/coreos-sources: delete patch for Reverting xfrm state 
The patch z0005-Revert-xfrm-state-... is already included in the
upstream v5.15.30. Delete the patch to fix build failures.
 2022-03-21 13:52:33 +01:00
Dongsu Park
ac8fcf7ea7 Merge pull request #1744 from flatcar-linux/sayan/update-pambase-20220214 
sys-auth/pambase: update stub version to 20220214
 2022-03-21 13:24:34 +01:00
Sayan Chowdhury
7e12481655 sys-auth/pambase: update stub version to 20220214 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-21 13:23:01 +01:00
Dongsu Park
1749d86e40 Merge pull request #1735 from flatcar-linux/sayan/update-pam-1.5.1_p20210622-r1 
sys-libs/pam: Update to 1.5.1_p20210622
 2022-03-21 13:21:37 +01:00
Dongsu Park
4e2bcfb9a6 changelog: add changelog for pam 1.5.1_p20210622 2022-03-21 13:19:33 +01:00
Sayan Chowdhury
8d4ee0f2d6 sys-libs/pam: Apply Flatcar patches 
-  sys-libs/pam: Make /sbin/unix_chkpwd suid

This is to avoid importing fcaps eclass which adds a dependency on
sys-libs/libcap, which in turn depends on sys-libs/pam. To get out of
this conundrum, we could specify a "-filecaps" use flag for
sys-libs/pam. Problem with this solution would be no capability
override for the binary making it unable to read /etc/shadow. Thus we
make the binary suid. This is strictly less secure than overriding its
capabilities, but I have no idea how to solve it in a less hacky way.

-  sys-libs/pam: Install configuration into /usr

Also provide a tmpfiles fragment to bring it back.

- sys-libs/pam: Locked accounts functionality

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-21 13:19:33 +01:00
Sayan Chowdhury
e1dfbe9862 sys-libs/pam: Update to 1.5.1__p20210622 
gentoo sync ref: a9be6b639c

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-21 13:19:29 +01:00
Kai Lüke
498c4a1ab5 Merge pull request #1737 from flatcar-linux/kai/mantle-bump 
coreos-devel/mantle: bump to latest commit
 2022-03-21 11:54:45 +01:00
Dongsu Park
b2711efd5e profiles: disable su USE flag for util-linux 
As sys-apps/shadow has its own su binary, sys-apps/util-linux should
not have its own su binary. Otherwise, build will simply fail.
Disable su USE flag for util-linux.
 2022-03-21 11:49:08 +01:00
Kai Lueke
d59d626d3b coreos-devel/mantle: bump to latest commit 
We have to update the commit ID now when a mantle PR gets merged
because the new pipeline uses it.
 2022-03-21 10:59:14 +01:00
Sayan Chowdhury
dce35b0a12 sys-firware/intel-microcode: Add the changelog entries for 20220207_p20220207 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-21 10:23:46 +01:00
Flatcar Buildbot
bfd4ba3a66 sys-kernel: Upgrade Kernel 5.15.28 to 5.15.30 2022-03-20 07:22:36 +00:00
Dongsu Park
f88785d939 Merge pull request #1736 from flatcar-linux/rust-1.59.0-main 
Upgrade dev-lang/rust in main from 1.58.1 to 1.59.0
 2022-03-18 18:07:20 +01:00
Dongsu Park
f21caf2d80 Merge pull request #1729 from flatcar-linux/firmware-20220310-main 
Upgrade Linux Firmware in main from 20220209 to 20220310
 2022-03-18 16:06:31 +01:00
Flatcar Buildbot
4bbf728449 dev-lang: Upgrade dev-lang/rust 1.58.1 to 1.59.0 2022-03-18 10:56:52 +00:00
Sayan Chowdhury
052c968ac8 sys-firmware/intel-microcode: Apply Flatcar patches 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-18 13:24:24 +05:30
Sayan Chowdhury
c3d8d35413 sys-firmware/intel-microcode: Sync with Gentoo upstream 
gentoo sync ref: b6146dcdce

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-18 13:21:57 +05:30
Kai Lüke
28b13f4448 Merge pull request #1713 from flatcar-linux/kai/no-lib-symlink 
Split lib and lib64 for sysext support
 2022-03-17 17:06:13 +01:00
Kai Lueke
00841774c9 changelog: add entry for lib and lib64 split 2022-03-17 17:03:16 +01:00
Kai Lueke
bfbf373f20 coreos-base/coreos-oem-gce: use usr/lib/systemd folder 
The lib64/systemd location only happened to work through the used
symlink on Flatcar. The standard location is lib/systemd.
Use the standard location as we now want to split the libs folders.
 2022-03-17 17:03:16 +01:00
Kai Lueke
bc9d7af985 sys-apps/systemd: enable systemd-sysext.service 
The systemd-sysext.service activates sysext images on boot.
Enable it by default.
 2022-03-17 17:03:16 +01:00
Kai Lueke
5fc316e775 coreos-base/coreos-init: add helper service to start sysext services 
This pulls in
https://github.com/flatcar-linux/init/pull/65
 2022-03-17 17:03:16 +01:00
Dongsu Park
9989de6963 Merge pull request #1725 from flatcar-linux/docker-20.10.13-main 
Upgrade Docker in main from 20.10.12 to 20.10.13
 2022-03-17 14:30:14 +01:00
Kai Lueke
ba8aeb992a coreos-base/coreos-init: create compatibility symlinks 
The split of /usr/lib64 into /usr/lib and /usr/lib64 means that paths
to /usr/lib64/X that worked before now wouldn't.
Therefore, create compatibility symlinks.
 2022-03-17 12:15:40 +01:00
Kai Lueke
c6e427d80d profiles: disable SYMLINK_LIB 
The profile Flatcar is on had SYMLINK_LIB set for amd64 which set up
(/usr)/lib as symlink to (/usr)/lib64. This is not the case for arm64
nor common in other recent distributions and causes systemd-sysext
loading to fail.
Disable SYMLINK_LIB for the amd64 board for now, leaving the SDK as is
but we could also set it for the SDK, too. A future profile update will
also bring this change.
 2022-03-17 12:12:46 +01:00
Kai Lueke
b3f4b641ce sys-apps/baselayout: force link creation in tmpfile rule 
The /lib symlink does not point to /usr/lib but instead points to
/usr/lib64 on current releases which have a single /usr/lib64 folder
and a symlink from /usr/lib to it. This means that when they update to
a release with a split lib vs. lib64 setup, the kernel modules are not
found because /lib/modules does not exist (because /lib still points
to /usr/lib64 instead of /usr/lib).
Force link recreation to match the new layout. The system will still be
able to rollback because the link to /usr/lib is still valid because
/usr/lib is itself a link that forwards to /usr/lib64.
 2022-03-17 12:11:11 +01:00
Dongsu Park
96d59a1d55 app-emulation/docker: remove unnecessary patch for etcd 
Now that Docker 20.10.13 updated its vendored etcd to 3.3.27, it is
not necessary any more to fix F_OFD_GETLK in etcd. Simply remove it.
 2022-03-17 10:24:49 +01:00
Juan Antonio Osorio
6dadefecfb Add SELinux flag for sssd build 
Signed-off-by: Juan Antonio Osorio <juan.osoriorobles@eu.equinix.com>
 2022-03-17 09:34:51 +02:00
Flatcar Buildbot
372c62308b sys-kernel: Upgrade Linux Firmware 20220209 to 20220310 2022-03-17 07:12:09 +00:00
Mathieu Tortuyaux
20cae0b0c3 Merge pull request #1727 from flatcar-linux/tormath1/openssl 
dev-libs/openssl: bump to 3.0.2
 2022-03-16 15:59:56 +01:00
Mathieu Tortuyaux
dfbd94b035 changelog: add entries 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-16 11:07:42 +01:00
Mathieu Tortuyaux
f71a2f9e31 dev-libs/openssl: Apply Flatcar modifications 
- remove unecessary files
- drop `pkg_postint`
- create `/etc/ssl` with tmpfiles
- mark openssl as stable for arm64 and amd64

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-16 11:03:49 +01:00
Mathieu Tortuyaux
d01e5e7fa3 dev-libs/openssl: sync with ::gentoo 
Commit-Ref: ca7cd67308

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-16 10:52:22 +01:00
Flatcar Buildbot
d344be8799 app-emulation: Upgrade Docker 20.10.12 to 20.10.13 2022-03-16 07:46:49 +00:00
Jeremi Piotrowski
52971dee4b changelog: add entry for revert which fixes AWS m4 networking 2022-03-15 19:35:56 +01:00
Jeremi Piotrowski
38680b5b7a sys-kernel/coreos-sources: revert commit which breaks networking on M4 instances 
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-03-15 19:35:56 +01:00
Krzesimir Nowak
d784aa9238 coreos-base/update_engine: Drop unused alias 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
833d18a78b profiles: Add accept_keywords for app-crypt/rhash 
So the version used for the potential arm64 SDK is the same as in
amd64 SDK.
 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
9e6d34f929 profiles: Drop outdated use flag for dev-libs/protobuf 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
7f38b34ca0 profiles: Drop dev-libs/libusb from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
93237a0bf4 profiles: Drop dev-libs/libassuan from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
2021223762 profiles: Drop sys-fs/quota from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
464d0fdcd4 profiles: Update accept_keywords for app-crypt/efitools 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
8bdb5b4216 profiles: Drop sys-apps/sandbox from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
1c4c5d0a3d profiles: Drop dev-cpp/gflags from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-15 17:55:25 +01:00
Jeremi Piotrowski
ae1ca7a804 Merge pull request #1718 from flatcar-linux/linux-5.15.28-main 
Upgrade Linux Kernel in main from 5.15.27 to 5.15.28
 2022-03-15 14:17:50 +01:00
Kai Lueke
94254e2afb sys-kernel/bootengine: re-add missing modules 
This pulls in
https://github.com/flatcar-linux/bootengine/pull/40
to add the kernel modules back that disappeared compared to Stable
3033.x.y with the 5.10 kernel.
 2022-03-15 11:38:51 +01:00
Flatcar Buildbot
14e9176fa4 sys-kernel: Upgrade Kernel 5.15.27 to 5.15.28 2022-03-12 07:22:35 +00:00
Mathieu Tortuyaux
1bb3bd5375 Merge pull request #1707 from flatcar-linux/tormath1/gcp 
ignition: support `gce` as OEM ID
 2022-03-11 17:48:43 +01:00
Kai Lüke
0257fa3d84 Merge pull request #1710 from flatcar-linux/kai/ignition-link-translate 
sys-apps/ignition: fix link translation
 2022-03-11 13:23:34 +01:00
Kai Lueke
344dbf2eb0 sys-apps/ignition: fix link translation 
This pulls in https://github.com/flatcar-linux/ignition/pull/38
for https://github.com/flatcar-linux/ign-converter/pull/5
to fix https://github.com/flatcar-linux/Flatcar/issues/666 which
is about a failing translation due to a too strict check.
 2022-03-11 13:23:01 +01:00
Dongsu Park
2b21cde4d8 changelog: add security changelog for Go 1.17.8 
Add missing security changelog CVE-2022-24921 for Go 1.17.8.
 2022-03-11 10:13:22 +01:00
Dongsu Park
83c5075143 Merge pull request #1704 from flatcar-linux/vmware-12.0.0-main 
Upgrade open-vm-tools in main from 11.3.5 to 12.0.0
 2022-03-11 09:36:43 +01:00
Mathieu Tortuyaux
a38d49869d coreos-base/coreos-init: convert back gcp to gce 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-10 11:30:49 +01:00
Mathieu Tortuyaux
ce5042743c sys-kernel/bootengine: convert gce to gcp 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-10 11:30:49 +01:00
Dongsu Park
3d3acd7a98 app-emulation/open-vm-tools: add USE flags salt-minion 
For open-vm-tools 12.0.0, add a new USE flag salt-minion.
Pass `--disable-containerinfo` to fix build issues, because it is
currently not trivial to import dependency libs grpc++ into Flatcar.
 2022-03-10 10:35:05 +01:00
Dongsu Park
461edca2d5 app-emulation/open-vm-tools: remove FUSE addition from patches 
Since open-vm-tools 12.0.0 already supports its native fuse detection
mechanism, we do not need to add another check for fuse to configure.ac.
 2022-03-10 10:35:05 +01:00
Flatcar Buildbot
8076f1638c app-emulation: Upgrade open-vm-tools 11.3.5 to 12.0.0 2022-03-10 10:35:05 +01:00
Krzesimir Nowak
90615c215e profiles: Drop dev-perl/Text-Unidecode from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
045a3e6769 profiles: Drop sys-libs/efivar from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
c6ce357d02 profiles: Sync app-eselect/eselect-pinentry version 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
31ac287ea3 profiles: Drop net-nds/rpcbind from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
9412c64ba3 profiles: Drop sys-boot/efibootmgr from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
34becb7f43 profiles: Drop virtual/krb5 from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
935353ffa6 profiles: Drop net-misc/socat from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
be20b0611b profiles: Update accept_keywords for dev-util/checkbashisms 
It's stable for amd64, but still unstable for arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
6e2cdb223c profiles: Drop dev-libs/libevent from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
c550349cb1 profiles: Drop sys-fs/dosfstools from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
03558679ab profiles: Drop virtual/libusb from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
74c48fb57d profiles: Drop sys-block/thin-provisioning-tools from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
22a4df6c05 profiles: Drop sys-fs/lsscsi from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
50e5de95c2 profiles: Drop sys-apps/man-db from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
ef8be94860 Merge pull request #1706 from flatcar-linux/linux-5.15.27-main 
Upgrade Linux Kernel in main from 5.15.25 to 5.15.27
 2022-03-09 17:15:38 +01:00
Dongsu Park
494ff08e9b Merge pull request #1696 from flatcar-linux/cacerts-3.76-main 
Upgrade ca-certificates in main from 3.75 to 3.76
 2022-03-09 14:44:27 +01:00
Jeremi Piotrowski
752d197781 Merge pull request #1700 from flatcar-linux/jepio/remove-rng-tools 
coreos-base/coreos: remove rng-tool dependency
 2022-03-09 14:11:26 +01:00
Jeremi Piotrowski
617f619c68 changelog: add entry for rngd.service removal 
The user visible effect of rng-tool removal is that rngd is no longer
started in the initramfs.
 2022-03-09 13:06:07 +01:00
Dongsu Park
9f7fe58ac1 Merge pull request #1691 from flatcar-linux/containerd-1.6.1-main 
Upgrade Containerd in main from 1.6.0 to 1.6.1
 2022-03-09 09:11:35 +01:00
Dongsu Park
bec04a986a changelog: add changelog for containerd 1.6.1 2022-03-09 09:09:23 +01:00
Flatcar Buildbot
fb8008aafe sys-kernel: Upgrade Kernel 5.15.25 to 5.15.27 2022-03-09 07:23:52 +00:00
Jeremi Piotrowski
b58f674576 Merge pull request #1690 from flatcar-linux/jepio/oem-azure-dep-fix 
Fix arm64 build after pro oem merge
 2022-03-08 18:41:53 +01:00
Mathieu Tortuyaux
a2e46ed803 Merge pull request #1699 from JAORMX/containerd-selinux 
containerd: Enable SELinux labeling support by default
 2022-03-08 18:02:28 +01:00
Juan Antonio Osorio
3b491d97b6 Added changelog entry for SELinux enablement in containerd 
Signed-off-by: Juan Antonio Osorio <juan.osoriorobles@eu.equinix.com>
 2022-03-08 18:07:00 +02:00
Jeremi Piotrowski
debf700a83 coreos-base/coreos: remove rng-tool dependency 
rng-tools does not appear to be necessary for booting in virtual machine
environments in 2022. Back in the day the boot process would block if
there was not enough entropy to seed the system random pool, but over
the years the linux kernel made sure that the pool is force seeded if
userspace does not do so one it's own. Remove rng-tool as it is not
needed and it would require work to make sure it works (detection of
tpm/hwrng/intel cpu instructions).
 2022-03-08 16:00:01 +01:00
Jeremi Piotrowski
a3b04c4f02 add former 'pro' packages to arm64 board/coreos dependencies 
flatcar-eks/nvidia-drivers/nvidia-metadata are now required to build
AWS/Azure images on all architectures, so we need the packages to not be
amd64-only dependencies of board-packages or coreos any longer.
 2022-03-08 10:57:12 +01:00
Jeremi Piotrowski
ec88babf35 x11-drivers/nvidia-drivers: add runtime dependency on nvidia-metadata 
setup-nvidia requires the nvidia-metadata file.
 2022-03-08 10:57:12 +01:00
Jeremi Piotrowski
a972428590 x11-drivers/nvidia-(drivers|metadata): keyword for arm64 
coreos-base/oem-azure now requires systemd units installed by
nvidia-drivers, so the nvidia-drivers package needs to be available for
both architectures. Nvidia-drivers depends on nvidia-metadata so the
same applies.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-03-08 10:57:12 +01:00
Juan Antonio Osorio
333c985cad containerd: Enable SELinux labeling support by default 
This enables containerd to do appropriate SELinux labeling of containers
and files by default. This should not be problematic as Flatcar ships with
SELinux permissive by default.

Signed-off-by: Juan Antonio Osorio <juan.osoriorobles@eu.equinix.com>
 2022-03-08 11:10:02 +02:00
Jeremi Piotrowski
b0bde5635a Merge pull request #1697 from flatcar-linux/go-1.17.8-main 
Upgrade Go in main from 1.17.7 to 1.17.8
 2022-03-08 08:48:30 +01:00
Mathieu Tortuyaux
d4ce290fef changelog: add entries 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Co-authored-by: Kai Lüke <pothos@users.noreply.github.com>
 2022-03-07 18:32:45 +01:00
Mathieu Tortuyaux
f383ffeac1 coreos-base/coreos-init: enable enable-oem-cloudinit 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-07 18:17:36 +01:00
Mathieu Tortuyaux
4f9b1e9e5a coreos-base/oem: remove default.ign 
With ignitionv3, there is no more `default.ign` loaded configuration. We
can safely remove this configuration since it won't be loaded anyway.

oem-cloudinit will be conditionally enabled based on `ignition`
execution result.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-07 18:17:36 +01:00
Mathieu Tortuyaux
05d1141214 sys-kernel/bootengine: update commit ID 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-07 18:17:36 +01:00
Mathieu Tortuyaux
57461c606c sys-apps/ignition: bump commit ID 
it mainly brings V3 support on top of V2 support for Ignition and ensure
backward compatibility with existing integration.

Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
 2022-03-07 18:17:36 +01:00
Flatcar Buildbot
2c10f4ecd8 dev-lang: Upgrade Go 1.17.7 to 1.17.8 2022-03-07 07:31:06 +00:00
Flatcar Buildbot
d89b98ad6e app-misc: Upgrade ca-certificates 3.75 to 3.76 2022-03-07 07:24:05 +00:00
Flatcar Buildbot
2d04a88857 app-emulation: Upgrade Containerd 1.6.0 to 1.6.1 2022-03-04 08:23:25 +00:00
Sayan Chowdhury
f2d24968a4 Merge pull request #1648 from flatcar-linux/sayan/update-timezone-data-2021a 
sys-libs/timezone-data: Sync with Gentoo upstream
 2022-03-03 14:36:40 +05:30
Sayan Chowdhury
3466931d5e changelog: Add the entry for the timezone-data 2021a 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-03 14:34:16 +05:30
Sayan Chowdhury
3c0597b403 sys-libs/timezone-data: Apply Flatcar patches 
Recreate the old posix symlink for compatibility, and drop all the
pkg functions that maintain /etc/localtime since we default to UTC.

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-03 14:34:16 +05:30
Sayan Chowdhury
30ef5091b3 sys-libs/timezone-data: Sync with Gentoo upstream 
upstream sync ref
e13124464c

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-03 14:34:13 +05:30
Krzesimir Nowak
7463f454ae Merge pull request #1678 from flatcar-linux/krnowak/pkg-updates-2016 
Accept keyword cleanup for packages from 2016
 2022-03-02 19:38:59 +01:00
Kai Lüke
a0378f9338 Merge pull request #1682 from flatcar-linux/kai/revert-ipsec-change 
sys-kernel: Revert change to forbid using xfrm id 0
 2022-03-02 17:49:40 +01:00
Kai Lueke
5cbb7908de sys-kernel: Revert change to forbid using xfrm id 0 in state 
The change broke userspace (e.g., Cilium is affected because it used
id 0 for the dummy state https://github.com/cilium/cilium/pull/18789)
and we decided to revert it to give the affected software more time
to adapt (cf. https://marc.info/?t=164607426900002&r=1&w=2).
 2022-03-02 17:48:30 +01:00
Jeremi Piotrowski
8a58808b9a coreos-base/coreos-init: fix commit reference to flatcar-master branch 2022-03-02 17:08:31 +01:00
Jeremi Piotrowski
14490039a5 Merge pull request #1683 from flatcar-linux/jepio/fix-cgroupv1-em 
coreos-base/coreos-init: move processes to root cgroup before unbinding controllers
 2022-03-02 17:06:22 +01:00
Jeremi Piotrowski
2d489c33a3 coreos-base/coreos-init: move processes to root cgroup before unbinding controllers 
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-03-02 13:16:41 +00:00