We rely on this setting to make iPXE booting work on EFI platforms. In iPXE we
use 2 initramfs': the kernel builtin one and a pxe specific one that contains
the contents of the usr partition. This appears to rely on the EFI stub, which
unpacks the second one based on the passed commandline parameter (initrd=).
This affects arm64 kernels after v5.11 because of this commit:
6edcf9dc2e
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
The changelog entries should be directly used for the release notes,
thus they need to be short and hold only information relevant to the
end user, and should be in the markdown bullet point format.
The used changelog entry format in
https://github.com/flatcar-linux/coreos-overlay/pull/1502 is not really
useful for the release notes. This paragraph is good for the PR
description or a commit message, but here should be a bullet point for
the release notes.
Replace the paragraph by a release notes bullet point.
All runs of the GitHub Action to update the kernel used the same
changelog name, which is a bit confusing when comparing the releases.
Append the version to the filename to avoid using the same name for the
maintenance updates of a channel releases and for the introduction of a
kernel update in main.
Unlike with Kernel 5.10, dracut does not automatically install `loop.ko`
with Kernel 5.15.
Explicitly install the loop module from the dracut command line.
Pulls in https://github.com/flatcar-linux/bootengine/pull/32
`net-libs/libnetfilter_cthelper` needs CONFIG_NF_CT_NETLINK_HELPER.
CONFIG_NET_VRF was requested by a user. CONFIG_KEY_DH_OPERATIONS is
useful for `sys-apps/keyutils`. Rest of the added configs are
dependencies.
enables ELF support to e.g. allow tc to handle BPF filters.
It has been dropped in this commit: 406576c5e5
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
It happens that kernel update PRs are created faster than we merge
them. In such case we create version gaps in the changelog. Remedy
that by adding links to all the released kernel versions between the
current one and the just released one.
This pulls in https://github.com/flatcar-linux/init/pull/56
to find a generic way of preventing conflicts with CNI interfaces that
shouldn't use DHCP and were matched by name to be set Unmanaged.
Add xml USE flag for dev-lang/python to avoid build failures during SDK
stage2. We need to add that to BOOTSTRAP_USE, not ordinary USE flags:
```
The following USE changes are necessary to proceed:
(see "package.use" in the portage(5) man page for more details)
# required by dev-python/setuptools-57.5.0::portage-stable[python_targets_python3_9]
# required by dev-python/pyparsing-2.4.7-r1::portage-stable
# required by dev-python/packaging-21.0::portage-stable
# required by dev-python/setuptools_scm-6.3.2::portage-stable
>=dev-lang/python-3.9.8 xml
```
- unmask amd64 and arm64
- take care of nscd.conf via tmpfiles, add files/nscd-conf.tmpfiles.
- don't run sanity checks in pkg_pretend to prevent gcc checks when
only the binary package is installed.
- comment out 'dostrip -x' to force the OS image binaries to be stripped
- remove everything glibc wants to put under /etc since we use
baselayout to provide that
- Make BDEPEND independent from DEPEND (The `BDEPEND` is a
build-time requirement, so it should not be included in the whole
`DEPEND` list. If it does, an installation of `sys-auth/sssd`
causes other dependencies to be installed not only in the
`/build`, but also under the SDK. That's not what we want, so we
need to exclude `BDEPEND` from the list.)
- Move runstatedir option from configure to make (Now that the
upstream sssd 2.3.1 does not support `--runstatedir` option from
its configure script, we need to remove the option, to unblock the
configure issue like `unrecognized option --runstatedir`. Instead
we need to pass `runstatedir=` to emake commands.)
- Disable realm check for nsupdate (At the moment bind-tools does
not enable `gssapi`, so its `nsupdate` tool is also not able to
run `realm` command. As a result, configure script of `sssd` fails
when running `echo realm | nsupdate`, like `syntax error`.
To avoid such issues, we need to disable the nsupdate check for
now. After we could enable `gssapi` for the SDK correctly, we can
bring back the nsupdate check in the future.)
- Add patch for CVE-2021-3621
- Set the conf dir path explicitly (Without passing the
--with-systemdconfdir flag, the configure script will query
pkg-config for the directory itself. In the cross-compilation
setup that we have, this will result in a path sysroot prepended
to the path twice. systemd.eclass has a workaround for this issue,
but it does not provide an elegant getter of the system
configuration directory, thus we call `_systemd_get_dir`
ourselves.)
- Make it compatible with newer python versions.
- apply duktape patchset from
https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/35
(this should be re-fetched from the above MR when forward-porting
to updated polkit versions.)
- fix config install paths, use systemd-tmpfiles (All configs should
be installed to /usr and tmpfiles should be used to create and fix
directory permissions instead of the ebuild's postinst.)
- Carry over our custom tmpfiles and securetty files
- Remove /etc files and install them to /usr, use tmpfiles
- Switch /etc/login.defs edits to /usr/share/shadow/login.defs
- Drop moving passwd out of /usr since we don't have split-usr
- Drop pkg_postinst
