it mainly brings back Vagrant which was failing with Ignition 2.14.0
even if no Ignition is provided.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
As the Gentoo ebuild of dev-lang/rust >= 1.65 keeps workaround that
explicitly checks for a version like 1.65, that ebuild would obviously
make the build fail with 1.66.
Update the version from 1.65 to 1.66 to fix the build.
We should run apt-get update before installing native Ubuntu packages
like qemu-user-static. Otherwise apt-get install could fail like:
```
Err:1 http://azure.archive.ubuntu.com/ubuntu jammy-updates/universe
amd64 qemu-user-static amd64 1:6.2+dfsg-2ubuntu6.5
404 Not Found [IP: 52.252.75.106 80]
```
That happens because meanwhile the qemu-user-static deb package in the
Azure mirror was updated from 6.5 to 6.6, without keeping the old
version. Its index of the Azure mirror was updated, but
setup-flatcra-sdk.sh did not sync that, as apt-get update did not run.
- take care of nscd.conf via tmpfiles, add files/nscd-conf.tmpfiles.
- comment out 'dostrip -x' to force the OS image binaries to be stripped
- remove everything glibc wants to put under /etc since we use
baselayout to provide that
update_engine needs to access context from SHA256 to store it and
restore it for further computations on it.
With OpenSSL SHA256 v3 implementation is not possible, let's use the
libsodium implementation.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
- sys-libs/pam: Make /sbin/unix_chkpwd suid
This is to avoid importing fcaps eclass which adds a dependency on
sys-libs/libcap, which in turn depends on sys-libs/pam. To get out of
this conundrum, we could specify a "-filecaps" use flag for
sys-libs/pam. Problem with this solution would be no capability
override for the binary making it unable to read /etc/shadow. Thus we
make the binary suid. This is strictly less secure than overriding its
capabilities, but I have no idea how to solve it in a less hacky way.
- sys-libs/pam: Install configuration into /usr
Also provide a tmpfiles fragment to bring it back.
- sys-libs/pam: Locked accounts functionality
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
- Fix cross build issues with configuring gmp libs
As gdb 11 or newer requires gmp libs as dependency, a cross build of
gdb 11.2 started to fail when its configure scripts try to detect if
gmp exists. The failure occurs mainly because the build still
passes '-L/usr/lib64` to LDFLAGS. Let's say, for example, host
toolchains outside of sysroot have amd64 libs, while the target
inside of sysroot should have arm64 libs. However, configure scripts
of gdb 11.2 still try to find its libs outside of sysroot,
/usr/lib64, although it should find its libs inside of sysroot,
e.g. /build/arm64/usr/lib64.
To fix the cross build issues, pass --with-sysroot as well as
--libdir, correctly with ${ESYSROOT}.
As a side note, for some reason, upstream gdb configure scripts are
not able to correctly make use of its gmp-specific options like
--with-gmp or --with-gmp-lib. Passing those options does not bring
anything. Also configure must have both --with-sysroot and
--libdir, to make the build work.
- Replace dependency on virtual/yacc with app-alternatives/yacc
The former is gone in favor of the latter in Gentoo. This change
will be dropped when we sync the package with Gentoo again.
- take care of nscd.conf via tmpfiles, add files/nscd-conf.tmpfiles.
- comment out 'dostrip -x' to force the OS image binaries to be stripped
- remove everything glibc wants to put under /etc since we use
baselayout to provide that
- replace virtual/awk with app-alternatives/awk
Users reported a deadlock in ext4 that occurs under loads after kernel 5.15.72.
We debugged and found that this issue is also present upstream (6.x) and found
a fix. The fix has been validated to fix the issue, but we're still waiting for
a reponse from the ext4 maintainer.
In the meantime, apply the backport to our kernel sources, so that users can be
unblocked from updating. This will be released to alpha/beta first, and
hopefully by the time it is promoted to stable, the fix will be merged to the
kernel tree and backported to 5.15.
app-emulation/qemu depends on dev-libs/glib preferentially built with
static libraries. The GLib library started to depend on
dev-libs/libpcre2 after the update. Since dev-libs/glib is built with
static-libs USE flag, it propagates the requirement to
dev-libs/libpcre2 too. Thus update the line with old dev-libs/libpcre
in package.use to new dev-libs/libpcre2 now. Hopefully nothing needs
static libs of old dev-libs/libpcre.
Should not be necessary - dev-libs/glib is not pulling it anymore, and
other ebuilds needing the package pull it with BDEPEND, which means
that the package on SDK is being used.
This pulls in
https://github.com/flatcar/update-ssh-keys/pull/7
to support Hardware Security Keys in update-ssh-keys.
Until we have a new crates.io release of openssh-keys with
https://github.com/coreos/openssh-keys/pull/68 we need to host it on
Origin or find a way to make the eclass more flexible. Here it was
hosted on Origin (from "cargo package") and the Cargo.toml/lock patched
on build to think it would come from crates.io because the Gentoo
eclass only supports that location.
In case the OEM partition was specified with the name "OEM",
the btrfs format was not forced because it only considered the name "oem".
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
- Drop the init.d files.
- Remove the socket unit's rate limiting.
- Mark the package as stable.
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
Signed-off-by: Dongsu Park <dpark@linux.microsoft.com>
- Apply crossdev patch.
- Enable keywords again
- Remove dependency on sys-apps/lsb-release, which conflicts with
sys-apps/baselayout of Flatcar.
Based on commit 036e8f53c2280eadb070bab9f6bd434368e56643
Now that the source tree of Go 1.19 or newer does not have files like
AUTHORS or CONTRIBUTORS, we need to remove the files from the list of
required docs of dev-lang/go.
Also add CONTRIBUTING.md to the list of docs, as all Go versions have
the file.
Add Go 1.19.3. https://go.dev/doc/devel/release#go1.19.3
Update the default Go version to 1.19.
Note, we still keep COREOS_GO_VERSION=go1.18 in containerd, docker,
docker-cli, docker-proxy, docker-runc following the default version
of the upstream repos.
Update dev-lang/go to 1.18.8.
https://go.dev/doc/devel/release#go1.18.8
Note, the security issue of the release does not affect Flatcar,
as that affects only Windows.
- take care of nscd.conf via tmpfiles, add files/nscd-conf.tmpfiles.
- comment out 'dostrip -x' to force the OS image binaries to be stripped
- remove everything glibc wants to put under /etc since we use
baselayout to provide that
- remove unecessary files
- drop `pkg_postint`
- create `/etc/ssl` with tmpfiles
- mark openssl as stable for arm64 and amd64
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Without this Ignition configuration, the SSH keys are
not installed from the Openstack metadata server.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
The circular dep used to be:
app-arch/xz-utils
libtool.eclass
app-portage/elt-patches
app-arch/xz-utils
The circular dep should be gone now, because app-arch/xz-utils is a
BDEPEND, so for building production images the package from SDK will
be used. For building SDK the package from seed SDK should be used.
These packages are pulling in iputils, that used to provide the
traceroute utility. The updated iputils package stopped doing that
altogether, recommending to install net-analyzer/traceroute or
net-analyzer/mtr instead. We are going with the former here.
Also drop the comment, it was related to the media-libs/mesa package
that was dropped over 9 years ago in commit
de91081f00a4ab07332759b1bbfc3072d530c9fd.
Qemu-guest-agent gets activated using a udev rule, and so will only run
when the correct virtio-port name is detected. Qemu-guest-agent is used
across several oems so we include it in the usr partition.
Disable ARCH_QCOM, ARCH_ZYNQMP, ARCH_MEDIATEK which enable other options that
are only relevant on the respective boards, none of which are supported targets
for Flatcar. Since the arm64 kernel does not support compression, these
settings have a significant impact on kernel size. The boot partition size is
only 128MB and needs to fit 2 kernels, so we have set ourselves a target of
60MB per kernel. This commit brings down the arm64 kernel size by 3MB.
At the same time, enable the settings that are actually relevant: ARCH_BCM,
because that one is relevant for Raspberry Pi 4 that runs Linux.
No point in setting UPDATE_NEEDED to zero if we exit the script
without doing anything with the just set variable.
Also to avoid mismatches in branch names, export the branch name as a
github workflow step output, so the follow-up steps can pick it up and
use.
No point in setting UPDATE_NEEDED to zero if we exit the script
without doing anything with the just set variable.
Also fix the mismatch in branch names - we normally create a branch
like "cacerts-${NSS_VERSION}-${BRANCH}" in the last workflow step
whereas we were checking if a branch like "${NSS_VERSION}-${BRANCH}"
existed in the script. To avoid repetition, export the branch name as
a github workflow step output, so the follow-up steps can pick it up
and use.
This sets up the coreos-overlay submodule inside the SDK container to
use the remote of the fork and the base branch from that fork. That
way, we can test the workflows in the forks too.
While glibc 2.33 has /lib64/ld-2.33.so, glibc 2.34 does not have that,
but only /lib64/ld-linux-x86-64.so.2. So we should also check ld-linux-*
as well.
Pulls in https://github.com/flatcar-linux/update_engine/pull/17.
- take care of nscd.conf via tmpfiles, add files/nscd-conf.tmpfiles.
- don't run sanity checks in pkg_pretend to prevent gcc checks when
only the binary package is installed.
- comment out 'dostrip -x' to force the OS image binaries to be stripped
- remove everything glibc wants to put under /etc since we use
baselayout to provide that
