mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-18 02:16:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
8,756 Commits 629 Branches 394 Tags 166 MiB
af9d9bc3ca
Commit Graph

7001 Commits

Author SHA1 Message Date
Sayan Chowdhury
af9d9bc3ca nvidia-{drivers, metadata}: Update NVIDIA to 470.57.02 
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
 2021-08-02 22:21:24 +05:30
Dongsu Park
349a9ba532 Merge pull request #1129 from kinvolk/dongsu/github-actions-exclude-rcbeta 
.github: list only ebuilds with a unique VERSION_OLD for runc
 2021-08-02 14:12:17 +02:00
Kai Lüke
3088fd3cac Merge pull request #1138 from kinvolk/kai/dm-verity-corruption-panic 
sys-kernel/bootengine: issue a kernel panic on dm-verity corruption
 2021-08-02 13:34:24 +02:00
Kai Lüke
ee14557288 sys-kernel/bootengine: issue a kernel panic on dm-verity corruption 
This pulls in
https://github.com/kinvolk/bootengine/pull/26
 2021-08-02 13:34:08 +02:00
Dongsu Park
40f5f348af Merge pull request #1127 from kinvolk/firmware-20210716-main 
Upgrade Linux Firmware in main from 20210511 to 20210716
 2021-08-02 12:26:29 +02:00
Kai Lüke
eb06982881 Merge pull request #1146 from kinvolk/kai/gce-oem-net-admin 
coreos-base/oem-gce: grant CAP_NET_ADMIN to set routes for LB
 2021-07-30 18:31:08 +02:00
Mathieu Tortuyaux
22c2e57360 Merge pull request #1149 from kinvolk/tormath1/fix-457 
docker/torcx: disable SELinux by default on `dockerd` wrapper script
 2021-07-30 15:00:12 +02:00
Dongsu Park
b37bce7dff sys-kernel/coreos-firmware: fix builds by updating CXGB version 
Fix build failures by updating CXGB firmware version to 1.26.0.0.
 2021-07-30 11:03:41 +02:00
Mathieu Tortuyaux
be50e579c8 app-emulation/docker: update wrapper to disable selinux 
this is now the default behavior - since this script is deprecated
we do a minimum update on it

Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
 2021-07-30 10:34:03 +02:00
Mathieu Tortuyaux
501d937d7e app-arch/torcx: update wrapper to disable selinux 
it's the default behavior now. Since this script is deprecated, we
do a minimum change on it.

Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
 2021-07-30 10:33:36 +02:00
Kai Lüke
764d5c6baf coreos-base/coreos-init: prevent networkd interference with cilium_vxlan 
This pulls in
https://github.com/kinvolk/init/pull/43
 2021-07-29 20:01:50 +02:00
Kai Lüke
daf0a01b55 coreos-base/oem-gce: grant CAP_NET_ADMIN to set routes for LB 
With the switch from rkt to systemd-nspawn the ability for the service
to set the routing entries for the TCP load balancer got lost,
resulting in an unreachable LB as reported in
https://github.com/kinvolk/Flatcar/issues/459

The fix also reported there is to retain CAP_NET_ADMIN when starting
the service.
 2021-07-29 15:30:39 +02:00
Flatcar Buildbot
990e4f82b8 sys-kernel: Upgrade Linux Firmware 20210511 to 20210716 2021-07-29 07:07:37 +00:00
Kai Lüke
622a99058c coreos-base/update_engine: support btrfs as /usr filesystem 
This pulls in
https://github.com/kinvolk/update_engine/pull/11
 2021-07-28 13:29:02 +02:00
Kai Lüke
ab2467e547 sys-apps/seismograph: support btrfs in rootdev 
This pulls in
https://github.com/kinvolk/seismograph/pull/6
 2021-07-28 13:28:55 +02:00
Kai Lüke
e45a6140d0 sys-apps/ignition: support btrfs on the OEM partition 
This pulls in
https://github.com/kinvolk/ignition/pull/21
 2021-07-28 13:28:45 +02:00
Kai Lüke
bdc7f36d4f sys-kernel/coreos-modules: use 4k pages for arm64 
Btrfs filesystems do not support a non-standard 64k page size on arm64
when the filesystem was created by a 4k page size system.

Use the default page size for arm64 to ensure compatibility with
btrfs filesystems created by amd64 systems.
 2021-07-28 13:28:45 +02:00
Kai Lüke
c01560ba63 coreos-base/coreos-init: support btrfs on the OEM partition 
This pulls in
https://github.com/kinvolk/init/pull/42
 2021-07-28 13:28:28 +02:00
Kai Lüke
42b4f612ca sys-kernel/bootengine: support btrfs /usr filesystems 
Pulls in https://github.com/kinvolk/bootengine/pull/25
 2021-07-28 13:28:10 +02:00
Kai Lüke
29f2903c87 sys-kernel/coreos-modules: switch to gzip/zstd compression 
With the default gzip compression the 60 MB limit for the vmlinuz
bundle of kernel+initramfs was reached. The limit comes from the size
of the /boot partition which is 128 MB large and the kernel needs to
fit twice, in addition to GRUB.

Use zstd for the initramfs as it provides a similar speed but better
compression. For the kernel we can't switch yet to zstd for arm64
but for amd64 it works.
 2021-07-27 14:48:26 +02:00
Dongsu Park
08ea76673f .github: list only ebuilds with a unique VERSION_OLD 
Due to unnecessary wildcard listings, ebuild files including all rc or
beta are being listed. Since `VERSION_OLD` is already generated as a
unique version, we do not need to list multiple files to filter by
running `head -n1` etc. We just need to use only the specific ebuild.
Simply list only the unique ebuild file.
 2021-07-22 15:31:20 +02:00
Dongsu Park
e2cd417df5 .github: make correct input for runc versions 
Before passing runc versions to `sed '/-/!{s/$/_/}'`, we need to replace
`_` with `-`, because runc tarball files already have names like
`1.0.0_rc2`. Without the fix, version sort would `1.0.0` come before
`1.0.0_rc2`, which is not expected in the later steps.
 2021-07-22 12:41:45 +02:00
Sayan Chowdhury
1b068b5186 Merge pull request #1126 from kinvolk/sayan/update-systemd-247.7 
sys-apps/systemd: Bump to v247.7
 2021-07-21 16:50:28 +05:30
Flatcar Buildbot
e1e7bd2c2c sys-kernel: Upgrade Kernel 5.10.49 to 5.10.52 2021-07-21 07:10:12 +00:00
Sayan Chowdhury
cf97d4ad91 sys-apps/systemd: Bump to v247.7 
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
 2021-07-20 23:29:14 +05:30
Dongsu Park
70bfaff439 app-emulation/containerd: update to 1.5.4 
Update app-emulation/containerd to 1.5.4, mainly to address
CVE-2021-32760.
 2021-07-20 16:36:48 +02:00
Dongsu Park
2df538b480 Merge pull request #1115 from kinvolk/go-1.16.6-main 
Upgrade Go in main from 1.16.5 to 1.16.6
 2021-07-19 18:28:20 +02:00
Dongsu Park
065661a751 Merge pull request #1113 from kinvolk/dongsu/open-vm-tools-11.3.0 
app-emulation/open-vm-tools: update to 11.3.0
 2021-07-19 12:01:03 +02:00
Flatcar Buildbot
e03a28561c dev-lang: Upgrade Go 1.16.5 to 1.16.6 2021-07-19 07:26:12 +00:00
Mathieu Tortuyaux
abd1e615c0 Merge pull request #1112 from kinvolk/containerd-1.5.3-main 
Upgrade Containerd in main from 1.5.2 to 1.5.3
 2021-07-16 15:52:27 +02:00
Jeremi Piotrowski
23d3861740 Merge pull request #1105 from kinvolk/sayan+jepio/update-dracut 
Sayan+jepio/update dracut

Closes kinvolk/Flatcar#375
 2021-07-16 15:47:17 +02:00
Dongsu Park
688eed80f3 coreos-base/oem-vmware: update to 11.3.0 
Update oem-vmware to 11.3.0, corresponding to the update of
open-vm-tools to 11.3.0.
 2021-07-16 13:54:28 +02:00
Dongsu Park
53983eb353 app-emulation/open-vm-tools: update to 11.3.0 
Update open-vm-tools 11.3.0,
https://github.com/vmware/open-vm-tools/releases/tag/stable-11.3.0 .
Update also the build number to 18090558.
 2021-07-16 13:53:51 +02:00
Mathieu Tortuyaux
aa3ad05497 Merge pull request #1048 from kinvolk/tormath1/selinux 
selinux: upgrade selinux libs
 2021-07-16 11:25:10 +02:00
Flatcar Buildbot
4309eaab99 app-emulation: Upgrade Containerd 1.5.2 to 1.5.3 2021-07-16 08:10:14 +00:00
Mathieu Tortuyaux
6841de885a Revert "app-emulation/docker: disable SELinux" 
This reverts commit 956f9757d45b7df260ed0e78213e1ad96c7409eb.
 2021-07-16 10:04:03 +02:00
Sayan Chowdhury
2a3a1c8bc8 sys-apps/dbus: Apply Flatcar patches 
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
 2021-07-16 10:04:02 +02:00
Sayan Chowdhury
d3d56cda69 sys-apps/dbus: Sync with Gentoo upstream 
Updates to dbus-1.12.20-r1

Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
 2021-07-16 10:04:02 +02:00
Mathieu Tortuyaux
8bd2eefc3f app-admin/setools: remove package 
from 4.x setools is a pure python script, we won't include it
in Flatcar anymore

Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
 2021-07-16 10:04:02 +02:00
Mathieu Tortuyaux
d86d08d640 profiles/coreos/amd64: enable selinux for runc 
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
 2021-07-16 10:04:02 +02:00
Mathieu Tortuyaux
c56eec4bb4 eclass: move selinux-policy-2 to ::portage-stable 
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
 2021-07-16 10:04:02 +02:00
Mathieu Tortuyaux
0ead201568 sec-policy/selinux-unconfined: sync with upstream 
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
 2021-07-16 10:04:02 +02:00
Mathieu Tortuyaux
e2afa149cb sec-policy/selinux-virt: apply flatcar changes 
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
 2021-07-16 10:04:02 +02:00
Mathieu Tortuyaux
e02947a905 sec-policy/selinux-virt: sync with upstream 
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
 2021-07-16 10:04:01 +02:00
Mathieu Tortuyaux
4d6ff7cfca sec-policy/selinux-base-policy: flatcar changes 
- run sshd (and child) as unconfined_t
- add init.patch to allow execute_no_trans,map and
exec from init to unconfined
- add AVC patch for local login and journald

Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
 2021-07-16 10:04:01 +02:00
Mathieu Tortuyaux
d819e2afa4 sec-policy/selinux-base-policy: sync with upstream 
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
 2021-07-16 10:03:10 +02:00
Mathieu Tortuyaux
e472af562e sec-policy/selinux-base: apply flatcar changes 
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
 2021-07-16 10:03:10 +02:00
Jeremi Piotrowski
743f86d4da sys-kernel/coreos-kernel: strip ROOT from TMPDIR before running dracut 
Update-bootengine chroots into the sysroot and runs dracut from there.
Dracut 053 has revised TMPDIR handling and the portage TMPDIR prefixed
with ROOT leaks into the chroot. This causes dracut to abort during
setup with the error message "invalid tmpdir".

Override TMPDIR before running update-bootengine to allow dracut to
function.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2021-07-15 13:40:50 +00:00
Jeremi Piotrowski
68f2867457 sys-kernel/dracut: Apply Flatcar patches to 053 
Flatcar uses custom networking scripts in initramfs, so the dracut iscsi
module needs to be patched to account for that.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2021-07-15 13:40:50 +00:00
Sayan Chowdhury
033048444f sys-kernel/dracut: Apply Flatcar patches 
Add Flatcar specific patch to enable the iscsi module

Flatcar uses its own network module instead of the Dracut one, but the
iscsi module depends on the network. So, in order to enable the iscsi
module, we need to patch the dependency

Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
 2021-07-15 13:40:50 +00:00