mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-24 16:01:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
4,436 Commits 616 Branches 394 Tags
Commit Graph

3518 Commits

Author SHA1 Message Date
Matthew Garrett
c60a99dce7 Merge pull request #1947 from mjg59/selinux_enforce 
sec-policy: Permit execmem in selinux policy
 2016-05-05 23:05:11 +01:00
Michael Marineau
92059efbe1 Merge pull request #1948 from marineam/ccache 
profiles: tell ccache to rewrite paths relative to $S
 2016-05-05 12:30:35 -07:00
Michael Marineau
bb492a027e profiles: tell ccache to rewrite paths relative to $S 
There are a number of ways the absolute path to a source file can make
it into the compiler output, some of which can prevent cached results
from being used when compiling related code in different locations.
The default source directory $S contains the package version so paths
need to be relative to it in order to work between package versions.

Previously attempted in 8259b77fc8eba8cfda54da565882283953bfd61a, should
be safe now that QEMU has been upgraded to 1.5. I've been using this
setting on my Gentoo machines and haven't found any other issues.
Also reverts commit 661ceb0fa114c499fa99b653bccb6d011c0d0b49.
 2016-05-05 12:21:25 -07:00
Matthew Garrett
ce550930d0 sec-policy: Permit execmem in selinux policy 
polkit is failing when selinux is enforcing as it is attempting to mmap
pages as both writable and executable and selinux is forbidding this.
Since we want selinux for container isolation rather than general system
confinement, the easiest fix for now is to just add the selinux boolean
to permit execmem.

The selinux eclass is modified to hardcode the gentoo patchset that we're
basing our policy on - otherwise bumping the revision for our local
builds tries to pull down versions that don't exist.
 2016-05-05 13:32:57 +01:00
Matthew Garrett
71b330e9d4 sys-auth/pambase: Change pam_sss handling for account stanza 
Having this be effectively required isn't appropriate when we default to
having sssd be disabled.
 2016-05-05 13:25:52 +01:00
Alex Crawford
571317c3d3 Merge pull request #1942 from crawford/ignition 
sys-apps/ignition: bump to v0.5.0
 2016-05-04 14:50:38 -07:00
Alex Crawford
89b43c5bfa sys-apps/ignition: bump to v0.5.0 2016-05-04 13:57:21 -07:00
Alex Crawford
f4a13eedea coreos-base/coreos-cloudinit: bump to v1.10.1 2016-05-04 10:14:44 -07:00
Alex Crawford
143eeb2dc2 coreos-base/coreos-init: bump coreos-install 2016-05-04 09:46:42 -07:00
Nick Owens
d3abe73128 app-crypt/sbsigntool: fix dependency on bfd from binutils-libs 2016-05-03 18:34:34 -07:00
Michael Marineau
f04b56fc75 dev-libs/openssl: apply CoreOS changes 2016-05-03 10:31:18 -07:00
Alex Crawford
3b85977ed2 dev-libs/openssl: bump to 1.0.2h 2016-05-03 09:25:42 -07:00
Michael Marineau
0e41fcd02c coreos-init: update coreos-install to use HTTPS 2016-05-02 20:41:00 -07:00
Michael Marineau
67b14a463a coreos-init: fix ebuild name/symlink 
Previous update renamed the live ebuild instead of symlink by mistake.
 2016-05-02 20:41:00 -07:00
Nick Owens
e9dd14134d Merge pull request #1921 from mischief/rkt-1.5.0 
app-emulation/rkt: v1.5.1
 2016-05-02 20:18:13 -07:00
Nick Owens
dc56ae2912 Merge pull request #1906 from mischief/arm64-nfsd 
sys-kernel/coreos-kernel: enable kernel NFSD for arm64
 2016-05-02 18:11:25 -07:00
Matthew Garrett
f56ec1cf49 sys-apps/baselayout: Fix argument order to sed 
I've been doing this for 20 years I'm a trained professional
 2016-05-02 17:56:40 -07:00
Matthew Garrett
0e7293eb7f sys-apps/baselayout: fix arm64 builds 
The symlink for nsswitch can't be resolved during build, so use the target
instead.
 2016-05-02 16:31:49 -07:00
Matthew Garrett
5baa1b49ae Merge pull request #1927 from mjg59/sssd 
Sssd
 2016-05-02 14:27:46 -07:00
Matthew Garrett
4845527b9d sys-apps/baselayout: enable sss 
Turn on sss by default in nsswitch.conf
 2016-05-02 14:09:36 -07:00
Matthew Garrett
6c54d01946 sys-auth/pambase: enable sss 
Turn on sss by default in the PAM configuration
 2016-05-02 14:09:36 -07:00
Matthew Garrett
2a1dd03ca4 sys-auth/pambase: Sync with upstream ebuild 
We need to ship a modified PAM configuration, so pull this in.
 2016-05-02 13:46:29 -07:00
Nick Owens
176d88b841 profiles: accept jq ebuild with heap overflow fix 2016-05-02 13:44:45 -07:00
Michael Marineau
3cd2249af0 Merge pull request #1925 from marineam/fix-arm64 
profiles: disable polkit introspection for arm64
 2016-05-02 13:13:59 -07:00
Michael Marineau
4e91a9ddc0 profiles: disable polkit introspection for arm64 2016-05-02 13:11:00 -07:00
Nick Owens
262b8aebc2 app-emulation/rkt: v1.5.1 
- bump coreos stage1 flavor source to 1032.0.0 for systemd 229
- fetch image over https
 2016-05-02 12:57:01 -07:00
Michael Marineau
a71d7d2e08 Merge pull request #1924 from marineam/fix-arm64 
coreos-base/coreos: install sssd on amd64 only for now
 2016-05-02 12:29:43 -07:00
Michael Marineau
bdc764b722 coreos-base/coreos: install sssd on amd64 only for now 2016-05-02 12:26:45 -07:00
Michael Marineau
bdf69a060e Merge pull request #1923 from marineam/fix-arm64 
cyrus-sasl: drop unused -r10 ebuild
 2016-05-02 12:26:09 -07:00
Michael Marineau
9262af2ffa cyrus-sasl: drop unused -r10 ebuild 2016-05-02 12:15:20 -07:00
Matthew Garrett
d5120198b5 Disable nss utils build 
We don't need the nss utils in the product, so disable the flag.
 2016-05-02 12:13:53 -07:00
Matthew Garrett
9f3138c738 Merge pull request #1913 from mjg59/sssd 
Merge sssd
 2016-05-02 11:29:20 -07:00
Alex Crawford
711e4641cb Merge pull request #1920 from crawford/metadata 
coreos-base/coreos-metadata: bump to v0.4.0
 2016-04-29 16:36:16 -07:00
Alex Crawford
fc36463ca9 coreos-base/coreos-metadata: bump to v0.4.0 2016-04-29 16:35:54 -07:00
Matthew Garrett
6fd9bf4fd7 sys-auth/polkit: Fix cross-compilation 
Polkit makes incorrect assumptions about paths in the build root. Pull
data from the correct location.
 2016-04-28 15:20:39 -07:00
Matthew Garrett
28617532bf coreos/targets: remove necessity for net-mail/mailbase 
We don't need this and it pulls in various other things we don't need.
 2016-04-28 15:20:39 -07:00
Matthew Garrett
7477216fa1 coreos-base/coreos: Add sssd and realmd to the build 
Pull sssd and realmd into the build
 2016-04-28 15:20:39 -07:00
Matthew Garrett
10ca7a9467 coreos/base: build polkit with gobject-introspection 
We need gobject-introspection support in polkit for sssd
 2016-04-28 15:20:39 -07:00
Matthew Garrett
914cdb3ad2 sys-auth/realmd: Add ebuild 
This isn't in upstream portage, so we'll keep it in coreos-overlay
 2016-04-28 15:20:39 -07:00
Matthew Garrett
59e690fc69 sys-auth/sssd: Modify for CoreOS 
Fix the sssd build and add appropriate tmpfiles
 2016-04-28 15:20:39 -07:00
Matthew Garrett
5d296a9909 sys-auth/sssd: sync from upstream 
We need some local modifications, so import the Gentoo sssd ebuild as a
starting point.
 2016-04-28 15:20:39 -07:00
Matthew Garrett
c197a2099f coreos-devel/sdk-depends: Add NSS and gobject-introspection to SDK 
NSS needs to run some of its own tools during the build process, so we need
it to be available in the SDK. Some of the gobject-introspection tools are
expected to run on the host - pull this in as well.
 2016-04-28 15:20:39 -07:00
Matthew Garrett
d52a1c19b7 coreos/base: Set appropriate flags to build sssd 
Set up the build environment such that sssd can be built
 2016-04-28 15:20:39 -07:00
Michael Marineau
3a576cba26 google-*: import eutils, fix applying required patches 
Broken back in 02c004e846, newly installed GCE images haven't worked
right ever since then. :(
 2016-04-28 13:24:20 -07:00
Matthew Garrett
f893292955 coreos/config/env: Fix sssd cross-compilatioin 
Make sssd's configure script happy
 2016-04-27 22:03:23 -07:00
Matthew Garrett
113521e7fb coreos/config/env: Fix cross-compilation for openldap 
We can fix openldap's failure at cross compilation by overriding some
variables rather than hacking the package, so do that.
 2016-04-27 22:03:23 -07:00
Matthew Garrett
d624880eae dev-libs/cyrus-sasl: Fix cross-compilation 
cyrus-sasl is bad at supporting cross compilation. Make that work.
 2016-04-27 22:03:23 -07:00
Matthew Garrett
0e5de7a261 sys-libs/ldb: Use bundled tdb rather than failing build 
ldb is bad at finding the shipped tdb, so build it against the bundled copy.
 2016-04-27 22:03:23 -07:00
Michael Marineau
3d0e45e8de Merge pull request #1918 from marineam/storage 
profiles: fetch distfiles over https
 2016-04-27 17:19:00 -07:00
Michael Marineau
b7280c2484 profiles: fetch distfiles over https 2016-04-27 17:16:47 -07:00