This change explicitly calls python3 (instead of python) in pycmd
so portage commands work (as we ship python 2, too, and it's still
the default).
Also, 'static-libs' and 'opempn' are added to the
bootstrap emerge USE flags (stage 3 of the bootstrap-sh script,
which is run in stage 2 of the SDK catalyst bootstrapping process):
- 'static-libs' un-breaks the zlib build: zlib installed has this flag
set and zlib requested per emerge command line in
bootstrap.sh stage 3 needs this flag to prevent a slot conflict.
- 'openmp' is to honor requirements of newer versions of GCC and is
added according to Gentoo guidelines published here:
https://wiki.gentoo.org/wiki/User:Sakaki/Sakaki%27s_EFI_Install_Guide/Building_the_Gentoo_Base_System_Minus_Kernel#Gentoo_Bootstrap_Remix:_Progressing_from_Stage_1_to_Stage_2
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
- Drop binddist from RESTRICT variable
- Drop pkg_postinst
- Create /etc/ssl with tmpfiles (and package it for the SDK).
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
Temporarily disable Prctl and InitSeccomp for NoNewPrivileges, to be able
to make docker/runc work with "--security-opt=no-new-privileges".
So far it has worked without disabling NoNewPrivileges until runc
1.0.0-rc92,
which allowed the "selinux" build tag. Since runc 1.0.0-rc93, however,
the selinux build tag is now gone, so selinux is always enabled.
That's why `docker run --security-opt=no-new-privileges` failed.
Until we could figure out its real reason, let's temporarily disable
NoNewPrivilges to make the CI pass.
Introduce a USE flag spotlight, to be able to disable the spotlight
backend by default, as it is not needed by Linux.
Introduce a USE flag rededit, to be able to disable the rededit
tool if needed.
Introduce a USE flag glusterfs, to be able to disable the glusterfs
by default.
Introduce a USE flag ntvfs, to be able to disable the ntvfs-fileserver
by default.
Since the docbook-xsl-stylesheets and libxslt are needed only
at build time, we should move those deps to BDEPEND.
Now that portage was updated to the latest version, we should update
EAPI to 7. It is mainly to allow ebuilds to make BDEPEND contain real
build-time dependencies, not runtime ones.
Each Flatcar production image includes a binary `containerd-stress`,
as a part of torcx tarballs.
However it does not seem to be used anywhere.
It looks like a stress testing tool for containerd, so I don't see a
good reason to keep it.
The binary was there since the beginning, via commit
[fdd926949a10](fdd926949a),
but there is no comment or messages why it was needed.
We can simply remove `containerd-stress`.
As Flatcar relies on systemd-networkd for network configurations,
it is not needed to keep dhcpcd in production images at all.
According to the commit
https://github.com/kinvolk/coreos-overlay/commit/9be90f06e838 ,
it was added back in 2014 just because systemd-networkd was not mature
enough. That was already ~7 years ago, so we can safely assume that
the issue had been already gone, so we can simply use systemd-networkd.
