Temporarily accept ssh-rsa algorithm in sshd_config for openssh >= 8.8,
until most ssh clients could deprecate ssh-rsa.
It is the same fix as https://github.com/flatcar-linux/init/pull/54.
However, we should do that again for GCE, because the google-oslogin
ebuild overwrites the existing sshd_config.
This pulls in https://github.com/flatcar-linux/init/pull/55 to set the
cbr0 interface to be excluded from networkd (unmanaged) because it is
set up manually by kubenet and not through DHCP.
- Drop the init.d files.
- Remove the socket unit's rate limiting.
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
Signed-off-by: Dongsu Park <dpark@linux.microsoft.com>
Add changelog for mantle 0.17.0.
Also add changelog for security updates of golang.org/x/{crypto,text}
in mantle, as well as github.com/gogo/protobuf 1.3.2.
Now that the Github org name of mantle was changed from coreos to
flatcar-linux, via https://github.com/flatcar-linux/mantle/pull/241,
we need to change the Github org name in ebuilds as well.
Update coreos-devel/mantle to 0.17.0-r1, to include the security updates
of golang.org/x/{crypto,text}, mainly to address CVE-2021-38561,
CVE-2021-43565.
Pulls in https://github.com/flatcar-linux/mantle/pull/262.
Kernel 5.15 contains enablement patches for linux as a hyper-v guest, so
move the configs to the common config so that they're enabled for both
arches.
PCI patches didn't make it.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
We always want the 'flatcar.autologin' parameter, but the ttyS0 setting is x86
PC specific. Move the generic part to linux_append variable and hide the
generic part behind a check for grub_platform. For EFI platforms the default
grub.cfg has the correct arch specific console configuration.
The console specification for grub itself is needed in either case
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
This pulls in https://github.com/flatcar-linux/init/pull/53 to add the
"flatcar-update" tool to the image, easing manual updates, rollbacks,
channel/release jumping, and airgapped updates.
We want to check if target branch exists on the repo on which the
action is being run and will get the PR in the end, not on repo with
which the SDK came. It's useful for testing github actions on personal
forks.
The function only generates the update kind of changelogs. If the
update addresses some CVE, it needs to be added manually.
The changelog generation happens only if the changelog directory
exists. Also make sure it's included in the patches.
When selecting the docker-1.12-no profile, torcx failed because the
profile looked for 19.03 instead of 20.10.
Make the docker-1.12-no profile identical to the vendor profile so
that we don't have to update it.
