mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-17 09:56:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
9,581 Commits 629 Branches 394 Tags 166 MiB
d341a5b51d
Commit Graph

7743 Commits

Author SHA1 Message Date
Krzesimir Nowak
4901c02cd6 sys-auth/realmd: Port to tmpfiles eclass 2021-12-16 19:51:47 +01:00
Krzesimir Nowak
32b5a0dee7 sys-auth/polkit: Apply Flatcar modifications 
- apply duktape patchset from
    https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/35
    (this should be re-fetched from the above MR when forward-porting
    to updated polkit versions.)
  - fix config install paths, use systemd-tmpfiles (All configs should
    be installed to /usr and tmpfiles should be used to create and fix
    directory permissions instead of the ebuild's postinst.)
 2021-12-16 19:51:47 +01:00
Krzesimir Nowak
f09c1fe20e sys-auth/polkit: Clean slate to reapply our changes 2021-12-16 19:51:47 +01:00
Krzesimir Nowak
0949fb6ee3 sys-apps/systemd: Port to tmpfiles eclass 2021-12-16 19:51:47 +01:00
Krzesimir Nowak
0a907f6ffb sys-apps/shadow: Apply Flatcar modifications 
- Carry over our custom tmpfiles and securetty files
  - Remove /etc files and install them to /usr, use tmpfiles
  - Switch /etc/login.defs edits to /usr/share/shadow/login.defs
  - Drop moving passwd out of /usr since we don't have split-usr
  - Drop pkg_postinst
 2021-12-16 19:51:46 +01:00
Krzesimir Nowak
221b8f3455 sys-apps/shadow: Clean slate to reapply our changes 2021-12-16 19:51:46 +01:00
Krzesimir Nowak
c5e8ec0fc9 sys-apps/keyutils: Apply Flatcar modifications 2021-12-16 19:51:46 +01:00
Krzesimir Nowak
f6a355da10 sys-apps/keyutils: Clean slate to reapply our changes 2021-12-16 19:51:46 +01:00
Krzesimir Nowak
03c56caf2e sys-apps/baselayout: Port to tmpfiles eclass 2021-12-16 19:51:46 +01:00
Krzesimir Nowak
3227e5614c sec-policy/selinux-base: Apply Flatcar modifications 
- run sshd (and child) as unconfined_t
  - add init.patch to allow execute_no_trans,map and exec from init to
    unconfined
  - add AVC patch for local login and journald
  - add python[lxml] to BDEPEND (not pulled through policycoreutils
    any more due to our changes there)
 2021-12-16 19:51:46 +01:00
Krzesimir Nowak
3fe352040a sec-policy/selinux-base: Clean slate to reapply our changes 2021-12-16 19:51:46 +01:00
Krzesimir Nowak
076251ff56 net-misc/ntp: Apply Flatcar modifications 
- Check out our previous ntp.conf and service units
  - Disable USE=threads
  - Add USE=perl, disabled to skip the scripts subdir
  - Do the /etc -> /usr/share + tmpfiles dance for ntp.conf
  - Drop unused init scripts and pkg_postinst
 2021-12-16 19:51:46 +01:00
Krzesimir Nowak
e5a4653591 net-misc/ntp: Clean slate to reapply our changes 2021-12-16 19:51:46 +01:00
Krzesimir Nowak
6c8076e272 net-fs/samba: Apply Flatcar modifications 
- Add a minimal USE flag for only installing libraries
  - Change the Perl and Python run-time deps to build-time only
  - Drop a bunch of dependencies with broken cross-compilation
  - Enable using bundled libraries in their place
  - Disable building libraries requiring Python
  - Use EAPI7
  - Move libsxlt and stylesheets to BDEPEND
  - Introduce some USE flags, so we don't install some tools we don't
    need
  - Limit the size of bundled libraries
  - Make it compatible with newer python versions
  - Bump to r2 because of updating EAPI to 7
 2021-12-16 19:51:46 +01:00
Krzesimir Nowak
c5eb243890 net-fs/samba: Clean slate to reapply our changes 2021-12-16 19:51:46 +01:00
Krzesimir Nowak
e2c80f8dea net-fs/nfs-utils: Apply Flatcar modifications 
- Add the tmpfiles configuration for populating /var
  - Add service compatibility symlinks (maybe time to drop them)
  - Drop moving a binary from /usr/sbin to /sbin
  - Drop populating /etc and /var
  - Drop pkg_postinst
 2021-12-16 19:51:46 +01:00
Krzesimir Nowak
63490fac0c net-fs/nfs-utils: Clean slate to reapply our changes 2021-12-16 19:51:46 +01:00
Krzesimir Nowak
cc795e270a dev-libs/openssl: Apply Flatcar modifications 
- drop `pkg_postint`
- create `/etc/ssl` with tmpfiles
 2021-12-16 19:51:46 +01:00
Krzesimir Nowak
f6983eb7b2 dev-libs/openssl: Clean slate to reapply our changes 2021-12-16 19:51:46 +01:00
Krzesimir Nowak
e8c04ce6c4 dev-libs/cyrus-sasl: Apply Flatcar modifications 2021-12-16 19:51:46 +01:00
Krzesimir Nowak
0366286350 dev-libs/cyrus-sasl: Clean slate to reapply our changes 2021-12-16 19:51:46 +01:00
Krzesimir Nowak
13bb7c3bf3 coreos-base/update_engine: Port to tmpfiles eclass 2021-12-16 19:51:46 +01:00
Krzesimir Nowak
1e5df051b4 app-misc/ca-certificates: Port to tmpfiles eclass 2021-12-16 19:51:46 +01:00
Krzesimir Nowak
d126cac468 app-crypt/trousers: Apply Flatcar modifications 2021-12-16 19:51:46 +01:00
Krzesimir Nowak
b0603768b4 app-crypt/trousers: Clean slate to reapply our changes 2021-12-16 19:51:46 +01:00
Krzesimir Nowak
36f9f88e72 app-admin/etcd-wrapper: Port to tmpfiles eclass 2021-12-16 19:51:46 +01:00
Thilo Fromm
6038166dc1 policycoreutils semodule fix: add bugfix changelog 
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
 2021-12-16 18:48:06 +01:00
Krzesimir Nowak
e90c32752e profiles: Drop keywords for sys-boot/gnu-efi 
The updated package is stable for arm64 too now.
 2021-12-16 14:03:08 +01:00
Krzesimir Nowak
de8b243fa6 profiles: Update use flags for sys-apps/smartmontools 
There is no minimal use flag any more, but it was more or less the
same as no daemon and no update drive database. We also disable
systemd integration, because it's only related to the daemon
functionality that we disabled.
 2021-12-16 14:03:08 +01:00
Krzesimir Nowak
9121acd2d5 profiles: Drop keywords for sys-apps/smartmontools 
The updated package is stable for arm64 too now.
 2021-12-16 14:03:08 +01:00
Krzesimir Nowak
d7cb798efe profiles: Drop keywords for sys-apps/pv 
The updated package is stable for arm64 too now.
 2021-12-16 14:03:08 +01:00
Krzesimir Nowak
0629654e35 profiles: Drop keywords for sys-apps/lshw 
The updated package is stable for arm64 too now.
 2021-12-16 14:03:08 +01:00
Krzesimir Nowak
05f4917972 profiles: Drop keywords for sys-apps/dtc 
The updated package is stable for arm64 too now.
 2021-12-16 14:03:08 +01:00
Krzesimir Nowak
47d0b22c6c profiles: Drop keywords for sys-apps/debianutils 
The updated package is stable for arm64 too now.
 2021-12-16 14:03:08 +01:00
Krzesimir Nowak
ae01f6c8cb profiles: Drop keywords for net-firewall/ipset 
The updated package is stable for arm64 too now.
 2021-12-16 14:03:08 +01:00
Krzesimir Nowak
6f66a9ecd9 profiles: Drop keywords for net-dialup/minicom 
The updated package is stable for arm64 too now.
 2021-12-16 14:03:08 +01:00
Krzesimir Nowak
6739933bcf profiles: Drop keywords for dev-cpp/glog 
The updated package is stable for arm64 too now.
 2021-12-16 14:03:08 +01:00
Krzesimir Nowak
94d80b99ae profiles: Drop app-misc/editor-wrapper keywords 
The old version of the package didn't have a keyword for arm64. We
just updated it and it's stable for arm64 too, rendering the entry in
accept_keyword unnecessary.
 2021-12-16 14:03:08 +01:00
Thilo Fromm
99ab4bc73c sys-apps/policycoreutils: guard against empty ${ROOT} 
Co-authored-by: Krzesimir Nowak <knowak@microsoft.com>
 2021-12-16 13:56:51 +01:00
Thilo Fromm
58294f287f sys-apps/policycoreutils: update correct SELinux store 
The policycoreutils ebuild calls `semodule` in postinst to update SELinux stores.
It does not, however, tells `semodule` the correct ROOT to use, so builds that go into `/build/[arch]-usr` end up updating the SDK's store.
Fixes 
   libsemanage.semanage_commit_sandbox: Error while renaming /var/lib/selinux/targeted/active to /var/lib/selinux/targeted/previous. (Invalid cross-device link)
observed when using the SDK Container to build the OS image.
It now also updates the correct store, which it previously did not.
 2021-12-16 13:56:51 +01:00
Dongsu Park
c9017c62b8 sys-apps/portage: update to 3.0.28-r1 for EAPI 8 
To be able to support EAPI 8 used by a few ebuilds nowadays, we need to
update sys-apps/portage to 3.0.28-r1. Simply sync with Gentoo.
 2021-12-16 13:52:59 +01:00
Mathieu Tortuyaux
46f9a0bdda Merge pull request #1484 from flatcar-linux/tormath1/mirror 
.github/wf: add mirror-calico action
 2021-12-16 13:44:07 +01:00
Mathieu Tortuyaux
748baac625 app-emulation/containerd: update manifest 
The length of the shorthand commit hash is not constant.
It varies depending on the number of commits in the repo and
it lengthens as necessary to avoid hash conflicts.

When you download GitHub achives, these values are filled.

See also:
* https://github.com/containerd/containerd/discussions/6382
* https://github.com/google/ko/issues/315#issuecomment-783718564

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2021-12-16 11:08:14 +01:00
Dongsu Park
4240f03432 Merge pull request #1495 from flatcar-linux/dongsu/gce-oslogin-sshd-config 
sys-auth/google-oslogin: accept ssh-rsa in sshd_config for openssh 8.8
 2021-12-13 19:09:25 +01:00
Dongsu Park
ac7e8b2232 sys-auth/google-oslogin: accept ssh-rsa in sshd_config for openssh 8.8 
Temporarily accept ssh-rsa algorithm in sshd_config for openssh >= 8.8,
until most ssh clients could deprecate ssh-rsa.

It is the same fix as https://github.com/flatcar-linux/init/pull/54.
However, we should do that again for GCE, because the google-oslogin
ebuild overwrites the existing sshd_config.
 2021-12-13 15:10:24 +01:00
Krzesimir Nowak
d61e4c0da5 changelog: Add entry for update of python 2021-12-10 17:31:12 +01:00
Krzesimir Nowak
659054b567 app-emulation/qemu: Move to portage-stable 
The ebuild has no Flatcar modifications now.
 2021-12-10 17:26:19 +01:00
Krzesimir Nowak
766b1a9d6b dev-python/boto: Apply Flatcar modifications 2021-12-10 17:26:19 +01:00
Krzesimir Nowak
3598bbbe98 dev-python/boto: Import from portage-stable 2021-12-10 17:26:19 +01:00
Krzesimir Nowak
03048d2445 dev-python/distro-oem: Depend on new version of python-oem 2021-12-10 17:26:19 +01:00
Krzesimir Nowak
2bc34d1da7 app-emulation/wa-linux-agent: Depend on new version of python-oem 2021-12-10 17:26:19 +01:00
Krzesimir Nowak
d19d339f88 coreos-devel/sdk-depends: Add app-eselect/eselect-python to deps 
It used to be pulled in by dev-lang/python, but not any more. It is
needed for running fsscript during stage4 of SDK build to set up the
default python interpreter.
 2021-12-10 17:26:19 +01:00
Krzesimir Nowak
4c4b6192f9 net-misc/google-cloud-sdk: Properly use the python single eclass 
If python-single-r1.eclass is inherited, then PYTHON_USEDEP can't be
used directly inside dependency variable - either PYTHON_SINGLE_USEDEP
(for single-python-impl packages) should be used or the dependency
should be wrapped into python_gen_cond_dep function (for
multi-python-impl packages). crcmod is a multi-python-impl package, so
use the latter.

Also follow the practice of specifying the BDEPEND in terms of
RDEPEND. For this, we need to bump the EAPI to 7.
 2021-12-10 17:26:19 +01:00
Krzesimir Nowak
54dbfd2cf4 sys-auth/sssd: Make PYTHON_COMPAT a bit more future-proof 2021-12-10 17:26:19 +01:00
Krzesimir Nowak
08b4623745 sys-apps/systemd: Make PYTHON_COMPAT a bit more future-proof 2021-12-10 17:26:19 +01:00
Krzesimir Nowak
9b5573feba net-firewall/nftables: Make PYTHON_COMPAT a bit more future-proof 2021-12-10 17:26:19 +01:00
Krzesimir Nowak
7888ad939b sys-apps/dbus: Make PYTHON_COMPAT a bit more future-proof 2021-12-10 17:26:19 +01:00
Krzesimir Nowak
735bb27c90 sys-libs/libsemanage: Make PYTHON_COMPAT a bit more future-proof 2021-12-10 17:26:19 +01:00
Krzesimir Nowak
204a36b601 sys-libs/libselinux: Make PYTHON_COMPAT a bit more future-proof 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
3431da6375 sys-libs/ldb: Make PYTHON_COMPAT a bit more future-proof 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
0897fcb98f sys-libs/glibc: Make PYTHON_COMPAT a bit more future-proof 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
b2b15c3006 sys-devel/gdb: Make PYTHON_COMPAT a bit more future-proof 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
162d0d434e sys-boot/grub: Make PYTHON_COMPAT a bit more future-proof 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
46c9711979 sys-apps/portage: Make PYTHON_COMPAT a bit more future-proof 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
3b9e88d78a sys-apps/policycoreutils: Make PYTHON_COMPAT a bit more future-proof 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
930e8b1d3a net-misc/google-cloud-sdk: Make PYTHON_COMPAT a bit more future-proof 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
bea9ffd812 net-fs/samba: Make PYTHON_COMPAT a bit more future-proof 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
e39e8216bf dev-vcs/repo: Move it back to portage-stable 
We are dropping python2, making python3 the default, so there is no
reason to keep this old version of repo in overlay any more.
 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
6dd1e7433d dev-util/catalyst: Drop the package 
The reason for keeping it was that the package assumed that
unversioned python will point to python3 which wasn't the case in
Flatcar. Now that we updated python and made python3 the default, we
can move this package back to portage-stable and update it there.
 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
2303c61bd8 dev-lang/rust: Make PYTHON_COMPAT a bit more future-proof 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
0562a13b0e coreos-base/emerge-gitclone: Make PYTHON_COMPAT a bit more future-proof 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
a7abaa2ae1 coreos-base/coreos-init: Make PYTHON_COMPAT a bit more future-proof 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
2e2da29c85 app-misc/ca-certificates: Make PYTHON_COMPAT a bit more future-proof 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
30a1ecd137 app-emulation/xenstore: Make PYTHON_COMPAT a bit more future-proof 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
be8f416527 app-emulation/qemu: Revert the PYTHON_COMPAT changes 
We are updating python, so this modification is not needed any
more. This also seems to be the only modification we have made in this
ebuild, so we will move it back to portage-stable shortly.
 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
34c4919983 app-crypt/mit-krb5: Revert the PYTHON_COMPAT changes 
We are updating python, so this modification is not needed any more.
 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
f6c136bfa8 profiles: Update keywords for dev-util/pahole 
The pahole package now has a keyword for arm64, but it's still
unstable. It's stable for amd64 so no keyword for it is needed.
 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
a896c6d603 coreos-devel/sdk-depends: Update a dependency on dev-util/dwarves 
`dev-util/dwarves` got renamed to `dev-util/pahole`. Reflect that here
too.
 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
ba710e1c18 profiles: Switch to python 3.9 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
7879ac6535 dev-lang/python-oem: Apply Flatcar modifications 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
552455fb67 dev-lang/python-oem: Copy ebuild of python 3.9.8 from gentoo 
This is the latest stable version at the moment.
 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
5197208ce6 profiles: Drop entry for dev-util/perf-next 
There is no such package, even gentoo does not have it.
 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
0bd3e6595d app-emulation/google-compute-engine: Use python3 explicitly 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
6c4dd2023c profiles: Drop sys-libs/libcap-ng from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
666d39d4e5 profiles: Drop sys-apps/i2c-tools from accept_keywords 
The updated package is stable also for arm64 now.
 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
cbcb1c10a2 profiles: Update USE flags for net-analyzer/nmap 
The USE flag to disable lua in nmap is now system-lua. We still are
not packaging lua, so keep it disabled.
 2021-12-10 17:26:18 +01:00
Krzesimir Nowak
0194e32be5 profiles: Drop dev-util/ninja from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2021-12-10 17:23:37 +01:00
Krzesimir Nowak
6e870b5abb profiles: Drop dev-python/ctypesgen from accept_keywords 
We probably don't need this package.
 2021-12-10 17:23:37 +01:00
Krzesimir Nowak
4cb1a68177 coreos-base/hard-host-depends: Drop dev-python/ctypesgen 
See if it is really needed for building cross-compiled packages.
 2021-12-10 17:23:37 +01:00
Krzesimir Nowak
8b59174827 profiles: Drop dev-python/wrapt from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2021-12-10 17:23:37 +01:00
Krzesimir Nowak
6ebf34aa27 profiles: Drop dev-python/pyflakes from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2021-12-10 17:23:36 +01:00
Krzesimir Nowak
5bc8d6838f profiles: Drop dev-python/pep8 from accept_keywords 
The package is dropped.
 2021-12-10 17:23:36 +01:00
Krzesimir Nowak
0ccb19c5c7 profiles: Drop dev-python/mccabe from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2021-12-10 17:23:36 +01:00
Krzesimir Nowak
05d2da720b profiles: Drop dev-python/mako from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2021-12-10 17:23:36 +01:00
Krzesimir Nowak
29594a8544 profiles: Drop dev-python/lazy-object-proxy from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2021-12-10 17:23:36 +01:00
Krzesimir Nowak
a86c22adb4 profiles: Drop dev-python/flake8 from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2021-12-10 17:23:36 +01:00
Krzesimir Nowak
586e73a438 profiles: Drop dev-python/isort from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2021-12-10 17:23:36 +01:00
Krzesimir Nowak
53779e31b2 profiles: Drop dev-python/configparser from accept_keywords 
The package is dropped.
 2021-12-10 17:23:36 +01:00
Krzesimir Nowak
ee6d364084 profiles: Drop dev-python/boto from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2021-12-10 17:23:36 +01:00
Krzesimir Nowak
86eb65aecf profiles: Drop dev-python/backports-functools-lru-cache from accept_keywords 
The package got dropped.
 2021-12-10 17:23:36 +01:00
Krzesimir Nowak
2fe7a4eeb5 profiles: Drop dev-python/pylint from accept_keywords 
The updated package is stable for arm64
 2021-12-10 17:23:36 +01:00
Krzesimir Nowak
ed3924c26b profiles: Drop dev-python/astroid from accept_keywords 
Update version of the package is stable for arm64.
 2021-12-10 17:23:36 +01:00
Krzesimir Nowak
b5f7dac4c4 profiles: Drop dev-libs/libxml2 from accept_keywords 
The updated version is stable on both amd64 and arm64.
 2021-12-10 17:23:36 +01:00
Krzesimir Nowak
529b7e5018 profiles: Drop dev-libs/libnl from accept_keywords 
The updated version is stable for arm64 too.
 2021-12-10 17:23:36 +01:00
Krzesimir Nowak
afd7c488d6 profiles: Drop gobject-introspection from arm64 provides 
The updated version of gobject-introspection has arm64 keyword.
 2021-12-10 17:23:36 +01:00
Krzesimir Nowak
237d5492a1 profiles: Update mask for dev-lang/yasm 
The updated version of yasm dropped python use flag and disabled
python support for good, since it was only supporting python 2.
 2021-12-10 17:23:36 +01:00
Krzesimir Nowak
c3db5665e5 profiles: Drop accept_keywords for app-text/asciidoc 
We are about to update it to 9.0.5-r1, which is stabilized for arm64
too.
 2021-12-10 17:23:36 +01:00
Krzesimir Nowak
fda96c6b53 profiles: Drop superfluous python single target uses 
We default now to python 3.6.
 2021-12-10 17:23:36 +01:00
Krzesimir Nowak
27c1ae3441 profiles: Default to python 3 2021-12-10 17:23:36 +01:00
Krzesimir Nowak
d02ba21c42 coreos-base/hard-host-depends: Pull python3 instead of python2 2021-12-10 17:23:36 +01:00
Kai Lueke
8667d7f3fc coreos-base/coreos-init: prevent networkd interference with cbr0 iface 
This pulls in https://github.com/flatcar-linux/init/pull/55 to set the
cbr0 interface to be excluded from networkd (unmanaged) because it is
set up manually by kubenet and not through DHCP.
 2021-12-10 15:13:54 +01:00
Dongsu Park
63eff423bb Merge pull request #1489 from flatcar-linux/linux-5.15.7-main 
Upgrade Linux Kernel in main from 5.15.5 to 5.15.7
 2021-12-10 14:52:44 +01:00
Dongsu Park
89715ea257 changelog: add security changelog for Go 1.17.5 2021-12-10 08:55:21 +01:00
Flatcar Buildbot
bdc319b1d4 dev-lang: Upgrade Go 1.17.4 to 1.17.5 2021-12-09 15:32:39 +00:00
Dongsu Park
88306198ca Merge pull request #1344 from flatcar-linux/sayan/update-openssh-8.8 
net-misc/openssh: Sync with Gentoo upstream; updates to openssh 8.8_p1
 2021-12-09 14:11:12 +01:00
Dongsu Park
ae8d586b10 changelog: add changelog for openssh 8.8 2021-12-09 14:10:07 +01:00
Dongsu Park
9f31ccc3da coreos-base/coreos-init: allow ssh-rsa in sshd_config 
Temporarily accept ssh-rsa algorithm in sshd_config for openssh >= 8.8,
until most ssh clients could deprecate ssh-rsa.

Pulls in https://github.com/flatcar-linux/init/pull/54 .
 2021-12-09 14:10:06 +01:00
Sayan Chowdhury
169872fa32 net-misc/openssh: Apply Flatcar patches 
- Drop the init.d files.
- Remove the socket unit's rate limiting.

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
Signed-off-by: Dongsu Park <dpark@linux.microsoft.com>
 2021-12-09 14:10:04 +01:00
Sayan Chowdhury
884b45b252 profiles: accept ~arm64, ~amd64 for openssh 8.8_p1 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2021-12-09 14:10:02 +01:00
Dongsu Park
4f55795c91 net-misc/openssh: Sync with Gentoo upstream; updates to 8.8_p1 
gentoo ref: 91c1a70f4c

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
Signed-off-by: Dongsu Park <dpark@linux.microsoft.com>
 2021-12-09 14:09:55 +01:00
Flatcar Buildbot
896c2f4622 sys-kernel: Upgrade Kernel 5.15.5 to 5.15.7 2021-12-09 07:24:27 +00:00
Dongsu Park
56fd2bd9eb changelog: add missing CVE for golang.org/x/text in ignition 
We missed CVE-2021-38561 when updating golang.org/x/text to 0.3.7 in
ignition.
 2021-12-08 09:55:01 +01:00
Kai Lüke
8ad19b061b Merge pull request #1482 from flatcar-linux/kai/kured 
coreos-base/update_engine: Create reboot flag file for kured
 2021-12-07 17:47:20 +01:00
Kai Lueke
5223857b20 coreos-base/update_engine: Create reboot flag file for kured 
This pulls in
https://github.com/flatcar-linux/update_engine/pull/15 to create the
Ubuntu-compatible /run/reboot-required flag file for kured.
 2021-12-07 17:20:09 +01:00
Dongsu Park
a58b53ff03 Merge pull request #1483 from flatcar-linux/rust-1.57.0-main 
Upgrade dev-lang/rust in main from 1.56.1 to 1.57.0
 2021-12-07 17:08:58 +01:00
Mathieu Tortuyaux
7e093370a0 .github/wf: add mirror-calico action 
this action will sync our ghcr calico images with upstream docker
images.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2021-12-07 16:53:03 +01:00
Mathieu Tortuyaux
8ec706219b .github/wf: add mirror scripts from stash 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2021-12-07 16:53:03 +01:00
Dongsu Park
88329aea97 Merge pull request #1474 from flatcar-linux/dongsu/mantle-golang-crypto-text 
coreos-devel/mantle: update to 0.17.0-r1 for golang.org/x/{crypto,text}
 2021-12-07 10:50:02 +01:00
Dongsu Park
36df933e3c changelog: add changelog for mantle 0.17.0 
Add changelog for mantle 0.17.0.
Also add changelog for security updates of golang.org/x/{crypto,text}
in mantle, as well as github.com/gogo/protobuf 1.3.2.
 2021-12-07 10:03:11 +01:00
Flatcar Buildbot
309b013dcb dev-lang: Upgrade dev-lang/rust 1.56.1 to 1.57.0 2021-12-07 07:44:47 +00:00
Dongsu Park
fbaae760e2 Merge pull request #1481 from flatcar-linux/runc-1.0.3-main 
Upgrade Runc in main from 1.0.2 to 1.0.3
 2021-12-06 14:31:44 +01:00
Dongsu Park
41ee028996 Merge pull request #1480 from flatcar-linux/cacerts-3.73-main 
Upgrade ca-certificates in main from 3.72 to 3.73
 2021-12-06 14:27:32 +01:00
Jeremi Piotrowski
3fd4bef291 Merge pull request #1454 from flatcar-linux/jepio+sayan/hyperv-arm64 
Enable running as ARM64 HyperV guest
 2021-12-06 09:59:56 +01:00
Dongsu Park
97a4fd9e4d Merge pull request #1469 from flatcar-linux/dongsu/qemu-6.1.0 
app-emulation/qemu: update to 6.1.0
 2021-12-06 09:22:09 +01:00
Flatcar Buildbot
e2d9556c3f app-emulation: Upgrade Runc 1.0.2 to 1.0.3 2021-12-06 08:16:02 +00:00
Flatcar Buildbot
bea6aeda22 app-misc: Upgrade ca-certificates 3.72 to 3.73 2021-12-06 07:24:43 +00:00
Dongsu Park
82370a5847 coreos-devel/mantle: fix Github org name 
Now that the Github org name of mantle was changed from coreos to
flatcar-linux, via https://github.com/flatcar-linux/mantle/pull/241,
we need to change the Github org name in ebuilds as well.
 2021-12-03 16:11:51 +01:00
Dongsu Park
5b3bd625f9 coreos-devel/mantle: update to 0.17.0-r1 for golang.org/x/{crypto,text} 
Update coreos-devel/mantle to 0.17.0-r1, to include the security updates
of golang.org/x/{crypto,text}, mainly to address CVE-2021-38561,
CVE-2021-43565.

Pulls in https://github.com/flatcar-linux/mantle/pull/262.
 2021-12-03 16:10:46 +01:00
Dongsu Park
219c7681b4 changelog: add changelog for golang.org/x/{crypto,text} in torcx 2021-12-03 15:14:12 +01:00
Dongsu Park
709e550b48 app-arch/torcx: update golang.org/x/{text,crypto} 
Update golang.org/x/{text,crypto} mainly to address CVE-2021-38561,
CVE-2021-43565.

Pulls in https://github.com/flatcar-linux/torcx/pull/11 .
 2021-12-03 15:14:03 +01:00
Krzesimir Nowak
1cf18fec64 Merge pull request #1470 from flatcar-linux/krnowak/bot-changelog 
.github: Try to get a lwn link for kernel release
 2021-12-03 14:44:03 +01:00
Dongsu Park
062afe6182 changelog: add changelog for qemu 6.1.0 2021-12-03 10:25:16 +01:00
Dongsu Park
7d3f49acdc profiles: remove ~arm64 keywords for edk2-ovmf, ipxe, seabios, sgabios 
As new versions of edk2-ovmf, ipxe, seabios, sgabios are already stable,
we do not need to keep the accept keywords. Delete them.
 2021-12-03 10:24:29 +01:00
Dongsu Park
105d61c8d1 profiles: accept keywords for qemu 6.1.0-r1 
Accept keywords for app-emulation/qemu 6.1.0-r1 for both ~amd64 and
~arm64.
 2021-12-03 10:23:55 +01:00
Sayan Chowdhury
e127dfd040 app-emulation/qemu: Apply Flatcar patches 
Allow python 3.6 in PYTHON_COMPAT for now.
Based on b541e937049757d5dd044ca2692036fc1805bd52.
 2021-12-03 10:21:59 +01:00
Dongsu Park
ce3f18f6fa app-emulation/qemu: update to 6.1.0 
Update app-emulation/qemu to 6.1.0, mainly to address security issues
like CVE-2021-3682 .
 2021-12-03 10:21:22 +01:00
Jeremi Piotrowski
ace70601c4 sys-kernel/coreos-modules: enable Microsoft MANA driver for amd64 
New networking driver present in 5.15 that might be useful some day.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2021-12-03 09:03:23 +00:00
Jeremi Piotrowski
e75a689623 sys-kernel/coreos-modules: move HYPERV config options to commonconfig 
Kernel 5.15 contains enablement patches for linux as a hyper-v guest, so
move the configs to the common config so that they're enabled for both
arches.

PCI patches didn't make it.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2021-12-03 09:03:23 +00:00
Jeremi Piotrowski
20be55473f coreos-base/oem-azure: refactor grub.cfg to apply console override only on PC 
We always want the 'flatcar.autologin' parameter, but the ttyS0 setting is x86
PC specific. Move the generic part to linux_append variable and hide the
generic part behind a check for grub_platform. For EFI platforms the default
grub.cfg has the correct arch specific console configuration.

The console specification for grub itself is needed in either case

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2021-12-03 09:02:51 +00:00
Krzesimir Nowak
ac0c89da45 .github: Fail curl in kernel job on server errors too 
Co-authored-by: Kai Lüke <pothos@users.noreply.github.com>
 2021-12-03 08:52:09 +01:00