mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-10-13 16:31:30 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,385 Commits 608 Branches 413 Tags
Commit Graph

8453 Commits

Author SHA1 Message Date
Krzesimir Nowak
3f07ae6f09 Merge pull request #1708 from flatcar-linux/krnowak/pkg-updates-2019 
Profile cleanups for updated packages from 2019
 2022-03-29 15:45:09 +02:00
Krzesimir Nowak
44c82bb8c5 coreos-base/hard-host-depends: Stop pulling in intltool 
The tool is deprecated, nothing pulls that in any more and it has a
dependency on dev-perl/XML-Parser, an updated version of which would
want to pull a bunch of new packages through dev-perl/libwww-perl.
Avoid the hassle and drop the tool.
 2022-03-29 13:21:53 +02:00
Krzesimir Nowak
11917036f8 coreos-base/hard-host-depends: Sort the deps 
Otherwise no changes done here.
 2022-03-29 13:15:59 +02:00
Krzesimir Nowak
2ed433c6cc sys-auth/realmd: Add new patches, update deps 
Realmd didn't have dev-util/intltool listed as a dependency, but it
actually required it during build. Apply a patch from upstream that
converts the project from intltool to gettext in order to get rid of
the dependency on the obsolete tool. To apply the patch without
conflicts, apply also another patch from upstream that modernizes the
configure.ac file.

We also disable the i18n through the --disable-nls flag. The disabling
is not complete though, so we still need to point gettext to the ITS
rules we have installed in ROOT.
 2022-03-29 13:14:27 +02:00
Mathieu Tortuyaux
65107a9d0f sec-policy/selinux-unconfined: move to ::portage-stable 
There is no Flatcar patches for this package.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-29 10:11:23 +02:00
Krzesimir Nowak
167c1e5ebf Merge pull request #1756 from flatcar-linux/linux-5.15.31-main 
Upgrade Linux Kernel in main from 5.15.30 to 5.15.31
 2022-03-24 19:34:55 +01:00
Mathieu Tortuyaux
743f7c470f changelog: add entry 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Co-authored-by: Kai Lüke <pothos@users.noreply.github.com>
 2022-03-24 17:00:10 +01:00
Mathieu Tortuyaux
c608794004 sys-kernel/bootengine: add cryptsetup in initramfs 
this is required to run luks encryption with ignition

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-24 17:00:10 +01:00
Krzesimir Nowak
afe689a3e3 .github: Update rust workflow to handle virtual/rust too 2022-03-24 16:56:44 +01:00
Krzesimir Nowak
778ed62f39 virtual/rust: Move from portage-stable 
This file is modified by some automation, so move it out from
portage-stable - there shouldn't be any modified stuff there.
 2022-03-24 16:44:21 +01:00
Flatcar Buildbot
60b5b921ad sys-kernel: Upgrade Kernel 5.15.30 to 5.15.31 2022-03-24 15:14:13 +01:00
Flatcar Buildbot
70038a7667 app-emulation: Upgrade Containerd 1.6.1 to 1.6.2 2022-03-24 11:18:36 +01:00
Dongsu Park
87ed710ec2 Merge pull request #1745 from flatcar-linux/sayan/update-util-linux-2.37.4 
profiles: disable su USE flag for util-linux
 2022-03-24 10:27:32 +01:00
Jeremi Piotrowski
f5b92b623f Merge pull request #1757 from flatcar-linux/jepio/workflows-lbzip2 
.github/workflows: install lbzip2 to speed up sdk creation
 2022-03-24 10:10:54 +01:00
Jeremi Piotrowski
cdd948d1c6 .github/workflows: install lbzip2 to speed up sdk creation 
Our github actions use cork to create an sdk chroot, which pulls down bzipped
archives. The runners have 2 CPUs, so this unpacking could be faster if we
installed lbzip2. Cork transparently uses lbzip2.
 2022-03-24 09:46:25 +01:00
Kai Lüke
9fdc34e13c Merge pull request #1750 from flatcar-linux/kai/go-binary-size 
eclass/coreos-go.eclass: strip Go binaries by default
 2022-03-23 21:39:26 +01:00
Krzesimir Nowak
d4850a6c86 coreos-devel/mantle: Bump to latest commit 2022-03-23 14:01:09 +01:00
Krzesimir Nowak
4a64240099 fixup! eclass/coreos-cargo: Ensure the modified config is valid TOML 2022-03-23 13:48:52 +01:00
Kai Lueke
e73121db37 eclass/coreos-go.eclass: strip Go binaries by default 
The size contains not only of the /usr partition but also the /boot
partition require that we reduce the size of binaries as much as
possible.
Strip all Go binaries by default.
 2022-03-23 13:11:15 +01:00
Krzesimir Nowak
090680dc6d Merge pull request #1746 from flatcar-linux/krnowak/emerge-gitclone-pr-fix 
coreos-base/emerge-gitclone: Pull PRs properly
 2022-03-22 19:47:43 +01:00
Krzesimir Nowak
97e608f538 coreos-base/emerge-gitclone: Pull PRs properly 
This usually doesn't happen for releases, but for development
dev-containers it might be the case that portage-stable or
coreos-overlay commit is specified as some pull request reference -
these need to be fetched differently, as refs from refs/pull usually
are not fetched by default.
 2022-03-22 16:21:07 +01:00
Mathieu Tortuyaux
21ef6d148d changelog: add entry 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-22 13:54:19 +01:00
Mathieu Tortuyaux
4f200d79ea profiles/coreos/base: enable fips across the OS 
only support by OpenSSL and Cryptsetup for now.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-22 13:43:14 +01:00
Krzesimir Nowak
7acca26ab6 coreos-base/afterburn: Add dependency on dev-libs/openssl 
The package depends on it through the openssl crate. Without openssl,
the package would fail to build because of missing header files.
 2022-03-22 10:26:03 +01:00
Krzesimir Nowak
14ec0b2456 eclass/coreos-cargo: Ensure the modified config is valid TOML 
We were appending the [build] section, and the updated cargo eclass
already added that to the config, so we ended up with having two
[build] sections in the config file. Try to amend the section instead
of appending it to the file. While at it, do the same with the
target.${RUST_TARGET} section too to be a bit more futureproof.
 2022-03-22 10:26:03 +01:00
Krzesimir Nowak
f302e69455 coreos-base/update-ssh-keys: Bump EAPI to 8 
EAPI 6 is too old for cargo eclass that gets inherited through
coreos-cargo.
 2022-03-22 10:26:03 +01:00
Krzesimir Nowak
ab735a5df4 coreos-base/afterburn: Bump EAPI to 8 
EAPI 6 is too old for cargo eclass that gets inherited through
coreos-cargo.
 2022-03-22 10:26:03 +01:00
Krzesimir Nowak
5eccaeb306 profiles: Update accept_keywords for dev-lang/nasm 
It is available for arm64 now, but still as unstable.
 2022-03-22 10:26:03 +01:00
Krzesimir Nowak
9dec83eaa9 profiles: Drop app-misc/jq from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-22 10:26:03 +01:00
Mathieu Tortuyaux
00cbb4bb25 profiles/base: accept tested version of cryptsetup 
it's required to pull fips support

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-22 09:55:19 +01:00
Krzesimir Nowak
32941dc278 Merge pull request #1712 from JAORMX/sssd-selinux-module 
Add sssd to list of SELinux modules enabled
 2022-03-21 18:20:08 +01:00
Dongsu Park
1385747481 Merge pull request #1742 from flatcar-linux/linux-5.15.30-main 
Upgrade Linux Kernel in main from 5.15.28 to 5.15.30
 2022-03-21 17:34:25 +01:00
Dongsu Park
62298daf6b Merge pull request #1743 from flatcar-linux/sayan/update-intel-microcode-20220207_p20220207 
sys-firmware/intel-microcode: update to 20220207_p20220207
 2022-03-21 13:57:22 +01:00
Dongsu Park
cf81bdd8ef sys-kernel/coreos-sources: delete patch for Reverting xfrm state 
The patch z0005-Revert-xfrm-state-... is already included in the
upstream v5.15.30. Delete the patch to fix build failures.
 2022-03-21 13:52:33 +01:00
Dongsu Park
ac8fcf7ea7 Merge pull request #1744 from flatcar-linux/sayan/update-pambase-20220214 
sys-auth/pambase: update stub version to 20220214
 2022-03-21 13:24:34 +01:00
Sayan Chowdhury
7e12481655 sys-auth/pambase: update stub version to 20220214 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-21 13:23:01 +01:00
Dongsu Park
1749d86e40 Merge pull request #1735 from flatcar-linux/sayan/update-pam-1.5.1_p20210622-r1 
sys-libs/pam: Update to 1.5.1_p20210622
 2022-03-21 13:21:37 +01:00
Dongsu Park
4e2bcfb9a6 changelog: add changelog for pam 1.5.1_p20210622 2022-03-21 13:19:33 +01:00
Sayan Chowdhury
8d4ee0f2d6 sys-libs/pam: Apply Flatcar patches 
-  sys-libs/pam: Make /sbin/unix_chkpwd suid

This is to avoid importing fcaps eclass which adds a dependency on
sys-libs/libcap, which in turn depends on sys-libs/pam. To get out of
this conundrum, we could specify a "-filecaps" use flag for
sys-libs/pam. Problem with this solution would be no capability
override for the binary making it unable to read /etc/shadow. Thus we
make the binary suid. This is strictly less secure than overriding its
capabilities, but I have no idea how to solve it in a less hacky way.

-  sys-libs/pam: Install configuration into /usr

Also provide a tmpfiles fragment to bring it back.

- sys-libs/pam: Locked accounts functionality

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-21 13:19:33 +01:00
Sayan Chowdhury
e1dfbe9862 sys-libs/pam: Update to 1.5.1__p20210622 
gentoo sync ref: a9be6b639c

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-21 13:19:29 +01:00
Kai Lüke
498c4a1ab5 Merge pull request #1737 from flatcar-linux/kai/mantle-bump 
coreos-devel/mantle: bump to latest commit
 2022-03-21 11:54:45 +01:00
Dongsu Park
b2711efd5e profiles: disable su USE flag for util-linux 
As sys-apps/shadow has its own su binary, sys-apps/util-linux should
not have its own su binary. Otherwise, build will simply fail.
Disable su USE flag for util-linux.
 2022-03-21 11:49:08 +01:00
Kai Lueke
d59d626d3b coreos-devel/mantle: bump to latest commit 
We have to update the commit ID now when a mantle PR gets merged
because the new pipeline uses it.
 2022-03-21 10:59:14 +01:00
Sayan Chowdhury
dce35b0a12 sys-firware/intel-microcode: Add the changelog entries for 20220207_p20220207 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-21 10:23:46 +01:00
Flatcar Buildbot
bfd4ba3a66 sys-kernel: Upgrade Kernel 5.15.28 to 5.15.30 2022-03-20 07:22:36 +00:00
Dongsu Park
f88785d939 Merge pull request #1736 from flatcar-linux/rust-1.59.0-main 
Upgrade dev-lang/rust in main from 1.58.1 to 1.59.0
 2022-03-18 18:07:20 +01:00
Dongsu Park
f21caf2d80 Merge pull request #1729 from flatcar-linux/firmware-20220310-main 
Upgrade Linux Firmware in main from 20220209 to 20220310
 2022-03-18 16:06:31 +01:00
Flatcar Buildbot
4bbf728449 dev-lang: Upgrade dev-lang/rust 1.58.1 to 1.59.0 2022-03-18 10:56:52 +00:00
Sayan Chowdhury
052c968ac8 sys-firmware/intel-microcode: Apply Flatcar patches 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-18 13:24:24 +05:30
Sayan Chowdhury
c3d8d35413 sys-firmware/intel-microcode: Sync with Gentoo upstream 
gentoo sync ref: b6146dcdce

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-18 13:21:57 +05:30