As `dev-libs/nss` is not used anywhere, let's simply remove nss.
The only ebuild that pulls in is `net-misc/curl`, but only if the USE
flag `nss` is enabled. As the `nss` flag is disabled for curl, we do
not need to keep `dev-libs/nss` at all.
Update dhcpcd to 8.1.9 to address the following security issues:
* CVE-2019-11577
* CVE-2019-11766
Note, dhcpcd is not a standard tool of Flatcar, because by default
networking is configured via systemd-networkd. We update the package
just for potential use cases that still depend on dhcpcd. However,
in the long term, we should not ship dhcpcd in the production images.
Now that curl has its own license file, it should be also added to
`MISC-FREE` license group, just like Gentoo.
Simply sync `license_groups` with Gentoo.
Now that curl >= 7.70 requires its own license file, we need to make
it included in the SDK, so that `/var/gentoo/repos/gentoo/licenses/curl`
can be available. Without that file, the image build step fails due to
a missing license file for curl.
We need to update net-misc/curl to 7.74.0, mainly to address the
following security issues:
* CVE-2020-8169
* CVE-2020-8231
* CVE-2020-8284
* CVE-2020-8285
* CVE-2020-8286
Github Actions for Rust started failing with following errors:
```
Error: Unable to process command '::set-env name=PULL_REQUEST_NUMBER::718' successfully.
Error: The `set-env` command is disabled. Please upgrade to using
Environment Files or opt into unsecure command execution by setting the
`ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For
more information see:
https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
```
It happens because we have used peter-evans/create-pull-request@v2,
which did not have a bug fix for the set-env issue.
The bug was fixed in create-pull-request
[v3.4.1](https://github.com/peter-evans/create-pull-request/releases/tag/v3.4.1).
So we just need to update the version to `v3`, which already includes
v3.4.1.
It is already possible to enable kernel config `CONFIG_DEBUG_INFO_BTF`
using dwarves 1.18 included in the current Flatcar SDK, as long as its
arch is amd64.
However, Kernel build fails in case of arm64, when Kernel version is
>= 5.9 and dwarves version is <= 1.18, like the following:
```
+ pahole -J .tmp_vmlinux.btf
PAHOLE: Error: Found symbol of zero size when encoding btf
(sym: '__kvm_nvhe_arm64_ssbd_callback_required', cu: '../source/arch/arm64/kernel/cpu_errata.c').
PAHOLE: Error: Use '-j' or '--force' to ignore such symbols and force emit the btf.
../source/scripts/link-vmlinux.sh: line 141: 1929102 Segmentation fault
```
The bug was fixed via
https://git.kernel.org/pub/scm/devel/pahole/pahole.git/commit/?id=2e719cca6672,
("btf_encoder: revamp how per-CPU variables are encoded").
The fix was first included in dwarves
[1.19](https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tag/?h=v1.19).
Thus we need to get dwarves 1.19 included in Flatcar SDK, so that the
next Alpha Kernels could have `CONFIG_DEBUG_INFO_BTF` enabled.
This commit introduces Flatcar specific modification
to the Gentoo recipes for updating to gcc-9.3.0 introduced
in the previous commit. The changes are required
in order to make things build with the Flatcar SDK.
The commit also removes old, stale, unused recipes.
The changes include:
dev-util/perf/perf-4.9.13.ebuild: fix binutils ebuild RDEPEND
dev-util/perf/perf-5.8.ebuild: remove python3_{8} compat; unmask arm64, amd64
sys-devel/binutils: remove old, stale versions
sys-devel/binutils/binutils-2.35.ebuild: backport to EAPI6 because our
outdated emerge does not handle BDEPEND dependencies correctly,
resulting in BDEPEND being pulled in as runtime deps.
Unmask for amd64 and arm64.
sys-devel/binutils/binutils-9999.ebuild: backport to EAPI6
net-dns/dnsmasq: remove old, stale versions
sys-devel/crossdev: remove old versions
sys-devel/gcc: remove old versions
sys-devel/gcc/gcc-9.3.0-r1.ebuild: use EAPI6 because of emerge
BDEPEND issue (see above)
sys-devel/libtool/libtool-2.4.6-r6.ebuild: use EAPI6 because of emerge
BDEPEND issue (see above)
sys-kernel/linux-headers: remove old versions
ys-kernel/linux-headers/linux-headers-5.8.ebuild: unmask for amd64, arm64
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
This commit includes the necessary changes to upgrade the SDK
compiler to gcc-9.3.0. The changes include:
eclass: update toolchain.eclass to EAPI7
acct-(user|group): add dnsmasq user / group
net-dns/dnsmasq: update to dnsmasq-2.82
dev-util/perf: update to perf-5.8.ebuild
sys-devel/binutils: update to binutils-2.35.ebuild
sys-libs/binutils-libs: update to binutils-libs-2.35.ebuild
sys-devel/crossdev: update to crossdev-20200801.ebuild
sys-devel/gcc: update to gcc-9.3.0-r1.ebuild
sys-devel/libtool: update to libtool-2.4.6-r6.ebuild
sys-kernel/linux-headers: update to linux-headers-5.9.ebuild
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
To build Kernel with `CONFIG_DEBUG_INFO_BTF`, we need to get pahole, a
part of dwarves included in the Flatcar SDK.
So simply import `dev-util/dwarves` from upstream Gentoo.
