mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-26 00:41:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,829 Commits 623 Branches 402 Tags
Commit Graph

8856 Commits

Author SHA1 Message Date
jenkins
d6077e9286 profiles/coreos/base: slsa: use .git/HEAD file to fetch scripts hash 
ORIG_HEAD is the previous HEAD, so it is not what we are after. HEAD
only contains the hash if we are in a detached head situation, otherwise
it will contain a ref and we need to resolve it. `git rev-parse HEAD`
should work as well but hits an issue with git's new `safe.directory`
setting, I have not found a way to set this parameter for a signle call.

For toolchain packages are built with catalyst, and the HEAD value needs
to pre-resolved because we do not have access to the whole git
repository. So build_toolchains will need to inject the correct HEAD
file contents.
 2022-07-27 13:02:22 +02:00
jenkins
113de2ac75 profiles/coreos/base: slsa: compute ebuild file checksum for materials entry 2022-07-27 13:02:22 +02:00
Jeremi Piotrowski
fbdbd1ac19 profiles/coreos/base: slsa: revise material uri to match SPDXDownloadLocation spec 
If the uri points to a path within the repo then the format is
git+https://repo@ref#path. ORIG_HEAD is actually the previous HEAD, so read
use that to extract the correct ref.
 2022-07-27 13:02:22 +02:00
Jeremi Piotrowski
b1ce3800a5 profiles/coreos/base: slsa: sort file checksums by name 2022-07-27 13:02:22 +02:00
Jeremi Piotrowski
1a0f396be4 profile/coreos/base: slsa: switch to bz2 compression for consistency 
...and remove redundant mkdir. Mkdir is already called with the same argument a
couple of lines lower.
 2022-07-27 13:02:22 +02:00
Jeremi Piotrowski
d211a2b168 profile/core/base: slsa: use nproc instead of parsing /proc/cpuinfo 2022-07-27 13:02:22 +02:00
Jeremi Piotrowski
91b64a5587 profile/coreos/base: slsa: remove name collision between variable and function 
__slsa_provenance_report is both a variable and a function, which is confusing.
Rename the variable.
 2022-07-27 13:02:22 +02:00
jenkins
39f1d45dff profiles/coreos/base: slsa: return when disabled and use die() 2022-07-27 13:02:22 +02:00
jenkins
7bd2f19fac profiles/coreos/base: slsa: use portageq to find repository path 
This makes the lookup work within the catalyst chroot, as well as in the
SDK.
 2022-07-27 13:02:22 +02:00
Thilo Fromm
d86d5ebe3f slsa-provenance: make generation optional 2022-07-27 13:02:22 +02:00
Thilo Fromm
be46ed7bb0 profiles/coreos/base/profile.bashrc: SLSA provenance reports 
This change adds initial support for SLSA provenance report generation.
Reports are generated in package build post-install hooks after
compilation.

See https://slsa.dev/ for SLSA and https://slsa.dev/provenance/v0.2 for
the provenance report syntax.

Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
 2022-07-27 13:02:22 +02:00
Dongsu Park
0d2a3f29fb Merge pull request #2059 from flatcar-linux/rust-1.62.1-main 
Upgrade dev-lang/rust and virtual/rust in main from 1.62.0 to 1.62.1
 2022-07-26 16:58:05 +02:00
Jeremi Piotrowski
c2c7f0d504 Merge pull request #2057 from flatcar-linux/jepio/systemd-resolve.conf 
sys-apps/systemd: fix tmpfile entry for resolv.conf link
 2022-07-26 11:07:09 +02:00
Jeremi Piotrowski
36ecad566a changelog: add entry for resolv.conf bugfix 2022-07-26 11:06:27 +02:00
Jeremi Piotrowski
d9972d4ad1 sys-apps/systemd: fix tmpfile entry for resolv.conf link 
Our ebuild modifies the systemd owned tmpfiles.d entry that creates the
/etc/resolv.conf symlink to point to resolv.conf instead of stub-resolv.conf.
The file that contains that entry changed from etc.conf.in to
systemd-resolve.conf, so update the ebuild to touch that file.
 2022-07-26 10:03:13 +02:00
Flatcar Buildbot
5acb31cbab dev-lang: Upgrade dev-lang/rust 1.62.0 to 1.62.1 2022-07-26 07:37:28 +00:00
Flatcar Buildbot
6058ad50fc app-misc: Upgrade ca-certificates 3.80 to 3.81 2022-07-25 07:24:01 +00:00
Dongsu Park
cd80387051 Merge pull request #2040 from flatcar-linux/dongsu/add-Go-CVE-2022-32148 
changelog: add missing CVE for Go 1.18.4, 1.17.12
 2022-07-22 15:04:15 +02:00
Flatcar Buildbot
2568802c6e sys-kernel: Upgrade Kernel 5.15.55 to 5.15.56 2022-07-22 07:24:26 +00:00
Dongsu Park
1e1c30264e changelog: add missing CVE for Go 1.18.4, 1.17.12 
Add missing CVE-2022-32148 for Go 1.18.4, 1.17.12.
 2022-07-21 13:39:12 +02:00
Mathieu Tortuyaux
ace84f7d4f Merge pull request #2038 from flatcar-linux/tormath1/nmap 
profiles: enable symlink for nmap
 2022-07-19 14:11:09 +02:00
Mathieu Tortuyaux
f334da4fb5 changelog: add entry 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-07-19 08:45:57 +02:00
Mathieu Tortuyaux
606ba61447 profiles: enable symlink for nmap 
For compatiblity, it's good to have `nc` in the PATH too.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-07-18 11:23:09 +02:00
jenkins
a938fb9b5c app-containers/syft: apply downstream changes 
* pass additional ldflags so that `syft version` prints the package
  version.
* keyword stable for amd64 and arm64 (to reduce differences between the
  two).
 2022-07-18 07:49:27 +00:00
jenkins
e995d9a4b1 app-containers/syft: Import from Gentoo 
Upstream commit c691680319ac2f00f203533c3dca0b21ecf77f80
 2022-07-18 07:49:22 +00:00
Flatcar Buildbot
d68ffc61cc sys-kernel: Upgrade Kernel 5.15.54 to 5.15.55 2022-07-16 07:22:06 +00:00
Krzesimir Nowak
6dea2f8ae7 Merge pull request #2024 from flatcar-linux/linux-5.15.54-main 
Upgrade Linux Kernel in main from 5.15.52 to 5.15.54
 2022-07-15 16:03:41 +02:00
Sayan Chowdhury
2959870601 Merge pull request #2018 from flatcar-linux/sayan/update-sudo-1.9.10-r1 
app-admin/sudo: Sync with Gentoo upstream; updates to 1.9.10-r1
 2022-07-15 16:11:46 +05:30
Sayan Chowdhury
c605e33d23 app-admin/sudo: Add the changelog for sudo-1.9.10-r1 release 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-07-15 15:33:39 +05:30
Sayan Chowdhury
c0afb3e982 app-admin/sudo: Apply Flatcar patches 
- Remove Perl Runtime Dependency
- Remove OpenLDAP schema files for sudo
- Remove sudo.conf file as it is shipped via baselayout

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-07-15 15:33:39 +05:30
Sayan Chowdhury
46ef576243 Merge pull request #2029 from flatcar-linux/sayan/update-curl-7.84.0 
profiles: remove outdated arm64 accept_keywords for curl
 2022-07-15 15:28:28 +05:30
Dongsu Park
2ad4c0c632 Merge pull request #2028 from flatcar-linux/firmware-20220708-main 
Upgrade Linux Firmware in main from 20220610 to 20220708
 2022-07-14 13:42:34 +02:00
Kai Lüke
9d8e918968 Merge pull request #2026 from flatcar-linux/kai/kargs-nonexisting-grubcfg 
sys-kernel/bootengine: Fix ignition kargs support by creating grub.cfg
 2022-07-14 10:30:48 +02:00
Kai Lueke
b9ee2d9c4f sys-kernel/bootengine: Fix ignition kargs support by creating grub.cfg 
This pulls in
https://github.com/flatcar-linux/bootengine/pull/47
which creates the grub.cfg file if it does not exist when the Ignition
kargs directive is used, preventing an error when it tried to read the
current settings from it.
 2022-07-14 10:30:25 +02:00
Flatcar Buildbot
74073529a9 sys-kernel: Upgrade Linux Firmware 20220610 to 20220708 2022-07-14 07:11:33 +00:00
Dongsu Park
62a5dcf69b Merge pull request #2025 from flatcar-linux/go-1.17.12-and-1.18.4-main 
Upgrade Go from 1.17.11 and 1.18.3 to 1.17.12 and 1.18.4
 2022-07-13 16:37:04 +02:00
Dongsu Park
e9cf245cff changelog: add changelog for Go 1.18.4 2022-07-13 11:39:49 +02:00
Sayan Chowdhury
520b9975d9 Merge pull request #2017 from flatcar-linux/sayan/update-cifs-utils-6.15 
net-fs/cifs-utils: Add the package.accept_keywords for cifs-utils
 2022-07-13 14:30:59 +05:30
Flatcar Buildbot
224d98c21d dev-lang: Upgrade Go 1.18.3 to 1.18.4 2022-07-13 08:47:35 +00:00
Flatcar Buildbot
acf8ee4e2a dev-lang: Upgrade Go 1.17.11 to 1.17.12 2022-07-13 08:47:35 +00:00
Jeremi Piotrowski
759df3dee2 Merge pull request #1840 from flatcar-linux/jepio/nvidia-service-improvement 
nvidia driver build improvements
 2022-07-13 10:40:50 +02:00
Flatcar Buildbot
f19e737de9 sys-kernel: Upgrade Kernel 5.15.52 to 5.15.54 2022-07-13 07:22:41 +00:00
Sayan Chowdhury
18299dc636 profiles: remove outdated arm64 accept_keywords for curl 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-07-12 20:34:02 +05:30
Sayan Chowdhury
c0204785ec app-admin/sudo: Sync with Gentoo upstream; updates to 1.9.10-r1 
gentoo sync ref: 6e69c00ebc

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-07-12 19:38:59 +05:30
Dongsu Park
a023d537fe changelog: add changelog for gnupg 2.2.35 2022-07-12 11:20:56 +02:00
Dongsu Park
5725e318b5 app-crypt/gnupg: add patches for accepting without UIDs 
When the GnuPG keyserver is set to `keys.openpgp.org`, `gpg --recv-keys`
occasionally fails with the following error:

```
gpg: key E52F0DB391453C45: no user ID
```

We need to make GnuPG accept keys even without UIDs.
Original patches come from
f292beac11/debian/patches/import-merge-without-userid .
See also https://dev.gnupg.org/T4393 .

Based on commit ff9200d8d3fce1feaa1eaa751a0dd2a50acbaae0 .
 2022-07-12 11:20:53 +02:00
Sayan Chowdhury
926e4501d4 net-fs/cifs-utils: Add the package.accept_keywords for cifs-utils 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-07-12 14:14:44 +05:30
Dongsu Park
eb108906b6 app-crypt/gnupg: update to 2.2.35-r1 
Update to gnupg 2.2.35-r1, mainly to address CVE-2022-34903.

Gentoo commit: 2b8f76c36b848ee02b57c00b29fa293d0c0dfc02
 2022-07-11 13:22:20 +02:00
Krzesimir Nowak
f50d2cbb4e Merge pull request #2007 from flatcar-linux/linux-5.15.52-main 
Upgrade Linux Kernel in main from 5.15.51 to 5.15.52
 2022-07-06 15:19:28 +02:00
Flatcar Buildbot
40beab1df7 dev-lang: Upgrade dev-lang/rust 1.61.0 to 1.62.0 2022-07-05 07:39:35 +00:00