`etcd` node's name was defined by `ETCD_NAME`, from `etcd/v3` the server
can't be started with both `ETCD_NAME` and `--name` supplied.
Which leads to three cases:
* `etcd-member.service` starts without further configuration, no issue
since only `ETCD_NAME=%m` is used
* `etcd-member.service` is overrided with a CLC without `name: ` key, no
issue since only `ETCD_NAME=%m` is used
* `etcd-member.service` is overrided with a CLC with a `name: ` key,
there is an issue since in the final service we will have both
`ETCD_NAME=%m` and `--name name-from-clc`
This patch conditionally unset the `ETCD_NAME` in case `--name` is
supplied.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
If we use date format of DD-MM-YYYY in changelog file names, the files
will not sorted by date. e.g. 01-12-2021 will come before 25-11-2021.
Use date format of YYYY-MM-DD to make the files sorted by date.
By accident the upstream files from the example folder got used,
instead of the downstream files that were added in the files/ folder.
Also, the configuration file didn't get installed.
Use the right paths to install the downstream files.
with this patch, we allow `unlabeled_t` to associate to tmpfs
filesystem.
It aims to solve the AVC we have with `torcx` with the
`torcx-generator`:
```
Nov 15 09:45:43 localhost audit[688]: AVC avc: denied { associate } for pid=688 comm="torcx-generator" name="docker" dev="tmpfs" ino=2 scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=0
```
It has been not been caught earlier because it occurs
when the system boots with `SELinux` in `enforcing` mode.
This denial was preventing torcx to finish correctly its setup and so
Docker was not able to start.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Since every tag of the nss Github repo has `_` delimiters, we need to
first use `sort -t_` for sorting, then after that we need to replace `_`
with `.` by calling tr. Without that conversion, the input ebuild file
name will be wrong.
We fixed the issue in all other maintenance branches, but not in main.
Fix that also in main.
Automatically update app-misc/ca-certificates , a derivative of
nss https://hg.mozilla.org/projects/nss . To make things easier,
we simply check for new releases on its Github mirror
https://github.com/nss-dev/nss . When the new latest tag is found,
simply bump the version of ca-certificates ebuild.
There usually exists a way to tell the configure script to use certain
path, so the script won't try to autodetect things. This is a case for
the systemd system unit directory, but apparently not for systemd util
directory. So for the system unit directory, we can forward the path
we received from systemd.eclass' `systemd_get_systemunitdir`, but for
the util directory, we need to hack the script with `sed`. The reason
for this is that autodetected directory will have the sysroot path
prepended twice. The systemd eclass has a workaround for this issue.
