This is only needed for direct loading by the kernel, which is
dangerous, and we include all the microcode in the initrd anyway.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
The microcode was accidentally dropped from Flatcar a while back because
Gentoo started telling Dracut to not include it when USE=-initramfs.
Flatcar disabled that flag because the microcode is installed to /boot.
This is only done under the board root though, not in the final image,
so there's no harm in enabling it.
That Dracut setting also affected the AMD microcode, which is part of
coreos-firmware, so this fixes that too.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
systemd-journal's Forward Secure Sealing feature requires gcrypt, but
Flatcar doesn't need it.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
Dracut includes native binaries that are executed during the creation of
the initrd, so it always needs to be installed to /. For now, it expects
to find its modules in the sysroot, so it needs to be installed there
too, though that may change.
bootengine only needs to be installed to sysroot for its Dracut modules.
The update-bootengine tool is a Bash script, so it doesn't really need
to be installed to /.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
This is code I have submitted upstream that has not yet been merged.
This also includes a small "catch up" patch from 106 to current main for
both a clean base and because these changes actually look important.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
Flatcar can't benefit from this performance boost for several reasons,
the main one being the use of binary packages.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
Again, zstd is faster but we're getting seriously short on space. Unlike
the kernel itself, this applies to both amd64 and arm64.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
zstd is faster but we're getting seriously short on space.
Unfortunately, the arm64 kernel still cannot be compressed, but it has
benefited from another space saving measure recently, and GRUB also
takes up less space in /boot.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
We need this for dracut-install to have JSON support. It doesn't matter
that the Flatcar image will still have v256.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
These dependencies are always present in CI by the time this package
gets built, but this may not be the case when building manually. This
leads to gaps in the initrd and ultimately failed boots.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
The missing soname symlinks were causing ldconfig to create them later,
breaking the sandbox. The upstream Makefile installs them for you, so
let's use it even though it needs some taming.
This adds the systemd timer to refresh the NSS cache. This seems
important, and I can't see any reason to omit it.
This also moves the binaries from /usr/libexec to /usr/bin. Upstream has
always put them in /usr/bin, and putting them elsewhere requires tweaks.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
