mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-09 14:06:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
27,723 Commits 621 Branches 391 Tags 160 MiB
c659faad0f
Commit Graph

19162 Commits

Author SHA1 Message Date
Flatcar Buildbot
c659faad0f app-arch/zstd: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
c6ec257470 app-arch/zip: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
6081b100a6 app-arch/xz-utils: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
f7cd168308 app-arch/unzip: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
68a6e4bae1 app-arch/tar: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
c75f004e6c app-arch/sharutils: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
8f7529dd36 app-arch/rpm2targz: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
b568c609d3 app-arch/pixz: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
42cd534fb5 app-arch/pigz: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
59b19cca1c app-arch/pbzip2: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
c869bd9dcf app-arch/ncompress: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
fd0ce9d6f8 app-arch/lzop: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
fad530d3df app-arch/lz4: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
7dde0123a8 app-arch/libarchive: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
260cab1125 app-arch/lbzip2: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
27c91f9154 app-arch/gzip: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
ee925c5372 app-arch/cpio: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
936ee24751 app-arch/bzip2: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
2d5584c80a app-alternatives/yacc: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
bb5566b851 app-alternatives/tar: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
fd72279ee0 app-alternatives/sh: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
b31e69dfaf app-alternatives/ninja: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
6903be6183 app-alternatives/lex: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
ffb2640c99 app-alternatives/gzip: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
3efda79667 app-alternatives/cpio: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:32 +02:00
Flatcar Buildbot
c37a633ac6 app-alternatives/bzip2: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:31 +02:00
Flatcar Buildbot
a037d7c6fc app-alternatives/bc: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:31 +02:00
Flatcar Buildbot
fe7194b75e app-alternatives/awk: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:31 +02:00
Flatcar Buildbot
87c6679eba app-admin/perl-cleaner: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:31 +02:00
Flatcar Buildbot
dc3e37e5c6 app-admin/eselect: Sync with Gentoo 
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
 2024-10-01 12:36:31 +02:00
flatcar-ci
db07824f82 New version: main-4109.0.0-nightly-20240930-2100 2024-09-30 21:00:25 +00:00
Flatcar Buildbot
98d6d7bec7 app-misc/ca-certificates: Update from 3.104 to 3.105 2024-09-30 07:09:35 +00:00
flatcar-ci
f06a731f7c New version: main-4105.0.0-nightly-20240926-2100 2024-09-26 21:00:25 +00:00
James Le Cuirot
d34ab03f21
Merge pull request #2333 from flatcar/chewi/grub-version 
sys-boot/grub: Adjust version string to include flatcar1 suffix
 2024-09-26 12:17:49 +01:00
flatcar-ci
743c1e2d30 New version: main-4102.0.0-nightly-20240923-2100 2024-09-23 21:00:30 +00:00
flatcar-ci
fc5f364a63 New version: main-4099.0.0-nightly-20240920-2100 2024-09-21 01:40:42 +00:00
flatcar-ci
01fe40570b New version: main-4099.0.0-nightly-20240920-2100-INTERMEDIATE 2024-09-20 21:00:27 +00:00
Mathieu Tortuyaux
3306b82576
Merge pull request #2338 from flatcar/tormath1/afterburn 
coreos-base/afterburn: bump to 5.7.0
 2024-09-20 10:00:02 +02:00
flatcar-ci
a25feb6ea6 New version: main-4098.0.0-nightly-20240919-2100 2024-09-19 21:00:29 +00:00
Flatcar Buildbot
5fb6c4e048
sys-kernel/coreos-sources: Update from 6.6.51 to 6.6.52 2024-09-19 13:46:27 +02:00
Mathieu Tortuyaux
28955f9fb8
coreos-base/afterburn: bump to 5.7.0 
This mainly pulls:
* Already upstreamed Hetzner patches
* Proxmox support

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2024-09-19 10:05:19 +02:00
flatcar-ci
8c5cd5bcfd New version: main-4097.0.0-nightly-20240918-2100 2024-09-18 21:00:24 +00:00
Flatcar Buildbot
cffbf33b13 Update mantle container image to latest HEAD 2024-09-17 21:00:44 +00:00
flatcar-ci
ad32cbd71a New version: main-4096.0.0-nightly-20240917-2100 2024-09-17 21:00:27 +00:00
James Le Cuirot
59953b79b6
sys-boot/grub: Adjust version string to include flatcar1 suffix 
We will bump this every time we or Gentoo change patches that modify
parts of GRUB that are installed to the boot partition. We will reset
the version back to 1 when the upstream GRUB version changes.

Without this, we are bound by Gentoo's PVR string, which we cannot
change when we need to make changes to our own patches. The shim review
wants to know the full version number of our GRUB build, and it would
look bad to make such changes without changing the version.

This suffix is also applied to the Flatcar entry in the SBAT, which is
especially important for the shim review.

The published binary package will still be labelled with the Gentoo PVR,
but that seems less important given that end users cannot update
individual packages on Flatcar installations.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
 2024-09-17 15:49:01 +01:00
Jeremi Piotrowski
a23e5bbed2
Merge pull request #2299 from flatcar/jepio+sayan/sboot-lockdown 
secure boot: lockdown, grub fallback, CI
 2024-09-17 13:55:49 +02:00
James Le Cuirot
ea395fe5c9
Merge pull request #2318 from flatcar/chewi/grub-2.12 
sys-boot/grub: Move to portage-stable, bump to 2.12
 2024-09-17 10:31:03 +01:00
Jeremi Piotrowski
580c181df8 sys-kernel/coreos-modules: Enable lockdown when booted with secure boot 
This is a requirement of the shim signing process.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2024-09-17 11:01:06 +02:00
Jeremi Piotrowski
8393a4cf4b sys-kernel/coreos-sources: Add secure-boot-lockdown patches 
Shim signing for secure boot requires enforcing lockdown. There are three ways
we can do this:

1. setting CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY=y. This unconditionally
   prevents loading unsigned kernel modules.
2. setting lockdown=integrity on the kernel cmdline from a signed Grub
   configuration. This would be OK, but Grub is not updated in the field right
   now, so we'd be stuck.
3. incorporate the secure-boot-lockdown patches that other major distros are using.

We're going to go with 3, because this only enforces lockdown when secure boot
is actually enabled and lets us change approach later on.

These patches are sourced from Debian:
https://sources.debian.org/src/linux/6.6.13-1~bpo12%2B1/debian/patches/features/all/lockdown/.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2024-09-17 11:01:06 +02:00
Mathieu Tortuyaux
00bd0915ce
Merge pull request #2324 from flatcar/linux-6.6.51-main 
Upgrade Linux Kernel for main from 6.6.50 to 6.6.51
 2024-09-17 09:55:13 +02:00