mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-16 09:26:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,368 Commits 629 Branches 394 Tags 164 MiB
d6d7f3a190
Commit Graph

8439 Commits

Author SHA1 Message Date
Kai Lüke
b9f2da8566 Merge pull request #1820 from flatcar-linux/kai/sysext-oem-partition 
coreos-base/coreos-init: add systemd-sysext.service for OEM mount
 2022-04-25 13:12:45 +09:00
Kai Lueke
a2c5b52dec coreos-base/coreos-init: add systemd-sysext.service for OEM mount 
This pulls in https://github.com/flatcar-linux/init/pull/69
to restore the OEM partition mount point after the /usr overlay is
done.
 2022-04-25 13:10:51 +09:00
Jeremi Piotrowski
f45b654daf Merge pull request #1837 from flatcar-linux/jepio/portage-fix-patches 
sys-apps/portage: refresh patches and ensure they are applied
 2022-04-22 09:15:14 +02:00
Jeremi Piotrowski
bd05d92a27 sys-apps/portage: bump revision to allow package to be automatically updated 2022-04-22 09:14:25 +02:00
Jeremi Piotrowski
b6a68c8ee7 Merge pull request #1836 from flatcar-linux/linux-5.15.35-main 
Upgrade Linux Kernel in main from 5.15.34 to 5.15.35
 2022-04-21 17:20:52 +02:00
Jeremi Piotrowski
cea47bb606 sys-kernel/coreos-sources: drop vmbus patch that is included in 5.15.35 
Patch z0007 has been released in 5.15.35 as this commit:

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=92a3499933c17b25b7c59658183bc7d23a581f5b
 2022-04-21 13:37:15 +02:00
Kai Lüke
425837d4f0 Merge pull request #1827 from flatcar-linux/kai/drop-kola-from-sdk 
Drop mantle and kola-data from the SDK
 2022-04-21 17:20:55 +09:00
Kai Lueke
87a18b79b3 Drop mantle and kola-data from the SDK 
With the new mantle container image referenced by the scripts repo we
don't need the mantle copy in the SDK anymore.
Drop the mantle package and the unused kola-data package.
 2022-04-21 17:14:38 +09:00
Jeremi Piotrowski
ab6ac4d0fd sys-apps/portage: refresh patches and ensure they are applied 
Found this while checking why I was still seeing lots of

  !!! Section 'gentoo' in repos.conf is missing location attribute

messages while building. Turns out that after the last sync of portage we
stopped applying patches from files/. This was caused by a local variable
definition of PATCHES that was overriding the global one.

This might be a sign to drop them or we can refresh them, as they do fix bugs
that have been hit in CoreOS in the past. I opted to refresh them, and inject
them into the local variable.
 2022-04-21 10:07:19 +02:00
Flatcar Buildbot
e840dc7367 sys-kernel: Upgrade Kernel 5.15.34 to 5.15.35 2022-04-21 07:22:37 +00:00
Jeremi Piotrowski
1a5796ea4f profiles: add keywords to cross-*/binutils as well 
Crossdev currently uses binutils 2.36 (stable), while the SDK and sysroot both
build binutils 2.37 due to keywording. Kernel modules built within the
developer container fail to load due to relocation errors. Add the same
keywords to cross-*/binutils packages so that the versions match.
 2022-04-21 09:03:25 +02:00
Jeremi Piotrowski
b60542c997 coreos-base/coreos-init: add gve driver to existing gcp network link rules 
Pulls in https://github.com/flatcar-linux/init/pull/67
 2022-04-20 13:13:00 +02:00
Jeremi Piotrowski
c2ff0100ad sys-kernel/coreos-modules: enable GVE NIC support for GCP 
If a GCP image is tagged with GVNIC support, GCP will replace the default
virtio nic with the more optimized GVE NIC. Enable building the kernel module
for that.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-04-20 13:13:00 +02:00
Jeremi Piotrowski
9951fc5781 Merge pull request #1813 from flatcar-linux/jepio/fix-gcp-oem 
Fix GCP OEM functionality
 2022-04-20 12:16:00 +02:00
Jeremi Piotrowski
5b34732d2c changelog: add entry for GCP OEM bugfix/upate 2022-04-20 12:14:38 +02:00
Dongsu Park
738af036e5 changelog: add changelog for Go 1.17.9 2022-04-14 17:08:58 +02:00
Dongsu Park
24b1c088c9 Merge pull request #1818 from flatcar-linux/go-1.16.15-and-1.17.9-and-1.18.1-main 
Upgrade Go from 1.17.8 to 1.17.9
 2022-04-14 17:06:26 +02:00
Dongsu Park
651164c839 Merge pull request #1816 from flatcar-linux/dongsu/libarchive-3.6.1 
profiles: accept keywords ~arm64 for app-arch/libarchive 3.6.1
 2022-04-14 17:01:10 +02:00
Krzesimir Nowak
4c115bcd25 Merge pull request #1821 from flatcar-linux/firmware-20220411-main 
Upgrade Linux Firmware in main from 20220310 to 20220411
 2022-04-14 12:56:14 +02:00
Krzesimir Nowak
5493bd6b23 Merge pull request #1825 from flatcar-linux/linux-5.15.34-main 
Upgrade Linux Kernel in main from 5.15.33 to 5.15.34
 2022-04-14 12:55:45 +02:00
Kai Lüke
6d623e5f14 Merge pull request #1817 from flatcar-linux/kai/afterburn-hostname 
sys-kernel/bootengine: rework afterburn hostname setup
 2022-04-14 17:50:44 +09:00
Kai Lueke
487d57c175 sys-kernel/bootengine: rework afterburn hostname setup 
This pulls in https://github.com/flatcar-linux/bootengine/pull/43
to remove the afterburn /etc/hostname setup for EC2 and align the
afterburn /etc/hostname setup with upstream.
 2022-04-14 17:30:44 +09:00
Flatcar Buildbot
65addced73 sys-kernel: Upgrade Kernel 5.15.33 to 5.15.34 2022-04-14 09:34:25 +02:00
Flatcar Buildbot
330277e486 sys-kernel: Upgrade Linux Firmware 20220310 to 20220411 2022-04-14 07:11:22 +00:00
Kai Lüke
b62996069f Merge pull request #1812 from flatcar-linux/kai/skip-ensure-sysext 
coreos-base/coreos-init: skip ensure-sysext unit
 2022-04-13 20:43:17 +09:00
Kai Lueke
aab279e546 sys-apps/systemd: add update checklist file for other repos 
The "init" repo has a systemd unit with lines that should be kept in
sync with upstream. Normally changes are not expected but in case there
are some, it may be good to be aware.
 2022-04-13 20:42:45 +09:00
Kai Lueke
b72f6270ae coreos-base/coreos-init: skip ensure-sysext unit 
This pulls in https://github.com/flatcar-linux/init/pull/68 to skip
the ensure-sysext unit when systemd-sysext is skipped to prevent a
dependency failure being reported.

Closes: https://github.com/flatcar-linux/Flatcar/issues/710
 2022-04-13 20:42:45 +09:00
Krzesimir Nowak
004eb51116 Merge pull request #1806 from flatcar-linux/linux-5.15.33-main 
Upgrade Linux Kernel in main from 5.15.32 to 5.15.33
 2022-04-13 13:14:04 +02:00
Flatcar Buildbot
1b0798a8cf dev-lang: Upgrade Go 1.17.8 to 1.17.9 2022-04-13 08:49:29 +00:00
Dongsu Park
3f9e8fe33d profiles: accept keywords ~arm64 for app-arch/libarchive 3.6.1 
Accept keywords ~arm64 for app-arch/libarchive 3.6.1.
 2022-04-13 10:24:47 +02:00
Jeremi Piotrowski
8127e67ec7 coreos-base/oem-gce: allow container to mess with /sys and /proc/irq 
The container performs multi-queue optimizations for ssd and network devices
which requires touching /proc and /sys/ mounts which systemd-nspawn usually
mounts readonly. Allow the container to modify those by setting the appropriate
environment variable (found via https://systemd.io/ENVIRONMENT/).
 2022-04-12 15:38:23 +02:00
Jeremi Piotrowski
2a3c23cd62 app-emulation/google-compute-engine: update to 20190124 
and add missing dependencies on dev-python/distro and sys-apps/coreutils. We
need to bump the version to 20190124 because:

* 20180611 is not compatible with python 3.9 because of missing distro module and
  trying to access os.errno (instead of importing the errno module). Also why we
  need the dependency on dev-python/distro

* 20190124 is the last version before the repo was split and reorganized which
  would require more work to the ebuilds

The coreutils dependency is necessary because the scripts call basename/nproc/cat
but previously coreutils was pulled in by the following dependency chain:

(dependency required by "app-admin/eselect-1.4.16::portage-stable" [binary])
(dependency required by "app-eselect/eselect-python-20160516::portage-stable" [binary])
(dependency required by "dev-lang/python-2.7.15::portage-stable" [binary])
(dependency required by "dev-python/boto-2.48.0::portage-stable" [binary])
(dependency required by "app-emulation/google-compute-engine-20180611::coreos" [binary])
(dependency required by "coreos-base/coreos-oem-gce-0.0.1-r5::coreos" [binary])
(dependency required by "coreos-base/coreos-oem-gce" [argument])

This chain seems to not hold any longer and we should be explicit about
dependencies.
 2022-04-12 15:34:32 +02:00
Jeremi Piotrowski
5a5e01afff profiles/.../oem-aci: allow python3 in oem-aci images 
The oem-aci profile previously removed python3 from the produced oem
images by having an entry saying dev-lang/python-3.X is provided and
removing all python3 files. This only worked as long as python2 was
available and installed instead, but since python2 was removed from the
tree these entries in the profile resulted in oem-aci having no python
at all. This prevents the oem-gce service from working, since a lot of
what it does is python.

Remove the INSTALL_MASK and package.provided entries for python3 to
allow python3 into oem-aci images.
 2022-04-12 15:32:57 +02:00
Flatcar Buildbot
cadfeeaa21 dev-lang: Upgrade dev-lang/rust 1.59.0 to 1.60.0 2022-04-11 08:32:12 +00:00
Flatcar Buildbot
d036d79ec9 sys-kernel: Upgrade Kernel 5.15.32 to 5.15.33 2022-04-09 07:22:27 +00:00
Mathieu Tortuyaux
8d414910a4 changelog: add entry 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-04-08 15:28:07 +02:00
Mathieu Tortuyaux
78aaf24880 sys-kernel/coreos-modules: build RAPL module 
This enables support for the Intel Running Average Power Limit (RAPL)
technology via MSR interface, which allows power limits to be enforced
and monitored on modern Intel processors.

It can be useful for energy consumption monitoring tools.

src: https://github.com/torvalds/linux/blob/master/drivers/powercap/Kconfig

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-04-08 15:27:46 +02:00
Mathieu Tortuyaux
3dcf25a213 changelog: add entry 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-04-08 11:22:44 +02:00
Mathieu Tortuyaux
fc0098caf4 coreos-base/afterburn: apply flatcar changes 
* partially revert cl-legacy feature (without update-ssh-keys dependency)
  to bring back `vagrant_virtualbox` provider and ec2, gce
  cmdline support
* backport kernel parameters patch
* backport systemd-networkd-wait-online patch
* add Alias= to services
* sed AFTERBURN -> COREOS, AWS -> EC2, GCP -> GCE
* use update-ssh-keys to generate .ssh/authorized_keys

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-04-08 11:22:41 +02:00
Mathieu Tortuyaux
60441ac4ea coreos-base/afterburn: sync with the upstream 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-04-06 16:58:15 +02:00
Krzesimir Nowak
80a6408ba5 Merge pull request #1178 from flatcar-linux/krnowak/update-go 
Update golang update job to update multiple golang versions
 2022-04-06 16:21:47 +02:00
Flatcar Buildbot
5a78721f2c app-emulation: Upgrade Runc 1.1.0 to 1.1.1 2022-04-05 12:49:16 +02:00
Kai Lüke
fbcc7639e8 Merge pull request #1794 from flatcar-linux/kai/update-ssh-keys-after-ignition 
coreos-base/coreos-init: run update-ssh-keys once after Ignition
 2022-04-04 20:35:25 +02:00
Kai Lueke
5bc2d57025 coreos-base/coreos-init: run update-ssh-keys once after Ignition 
This pulls in
https://github.com/flatcar-linux/init/pull/66
to fix the problem that Ignition keys would be lost as soon as
update-ssh-keys runs. This is done by placing Ignition's keys in as
files in the authorized_keys.d folder and calling update-ssh-keys after
Ignition ran.
 2022-04-04 20:35:07 +02:00
Krzesimir Nowak
f0240c5530 Merge pull request #1799 from flatcar-linux/cacerts-3.77-main 
Upgrade ca-certificates in main from 3.76 to 3.77
 2022-04-04 17:56:08 +02:00
Krzesimir Nowak
809e511e67 Merge pull request #1783 from flatcar-linux/krnowak/pkg-updates-2020 
Profile cleanups for package updates, 2020 edition
 2022-04-04 17:31:13 +02:00
Flatcar Buildbot
da81edf384 app-misc: Upgrade ca-certificates 3.76 to 3.77 2022-04-04 07:23:34 +00:00
Krzesimir Nowak
69ef222c6f .github: Update multiple golang versions 
Usually last two versions are supported, so make sure we keep them
both updated, not only just the latest. But try to also update the
newest unsupported version in case there was a window where the update
happened and then new major version was released.
 2022-04-01 22:25:06 +02:00
Krzesimir Nowak
5daf5eb1ca .github: Allow specifying a start number for generated patches 
When an action generates a couple of patches separately, then it might
be a good idea to specify a numbering, so applying the patches is done
in the desired order. Without that, all the generated patches would
start with "0001-" prefix.
 2022-04-01 22:15:59 +02:00
Krzesimir Nowak
caf091343a dev-lang/go: Drop the patch for go 1.12 
The patch dropped some security changes related to URL parsing in
go-1.12 to avoid breaking rkt. Since rkt is gone, the patch could be
dropped too.
 2022-04-01 21:21:35 +02:00
Flatcar Buildbot
002ea4c50e Update mantle commit to latest HEAD 2022-04-01 14:28:37 +00:00
Dongsu Park
3b9a531252 Merge pull request #1793 from flatcar-linux/dongsu/open-vmdk-remove-patch 
app-emulation/open-vmdk: remove Flatcar patch for builds with gcc 10
 2022-04-01 16:28:13 +02:00
Flatcar Buildbot
633fa3f7e3 app-emulation: Upgrade Docker 20.10.13 to 20.10.14 2022-04-01 09:17:21 +02:00
Dongsu Park
7ea2183789 Merge pull request #1758 from flatcar-linux/containerd-1.6.2-main 
Upgrade Containerd in main from 1.6.1 to 1.6.2
 2022-04-01 09:11:22 +02:00
Dongsu Park
b5be30abe4 changelog/security: add changelog for containerd 1.6.2 2022-04-01 09:08:41 +02:00
Dongsu Park
588457c6a7 app-emulation/open-vmdk: remove Flatcar patch for builds with gcc 10 
Now that the PR https://github.com/vmware/open-vmdk/pull/13 was merged,
we do not have to keep the Flatcar patch for fixing build issues with
gcc 10. Remove the patch.
 2022-04-01 08:45:20 +02:00
Sayan Chowdhury
1e84a29c4a Merge pull request #1782 from flatcar-linux/sayan/update-zlib-1.2.12 
sys-libs/zlib: Add arches to package.accept_keywords
 2022-04-01 08:08:31 +05:30
Krzesimir Nowak
2d6ebc7478 coreos/config: Workaround flaky checks in net-dns/bind-tools 
The reasoning is written in the config file. But at the same time drop
the outdated stuff - there is no such flag like --without-ecdsa any
more.
 2022-03-31 16:06:58 +02:00
Dongsu Park
dd612f8059 changelog: add changelog for mdadm 4.2 2022-03-31 12:22:59 +02:00
Aniruddha Basak
667fb34b8a mdadm: migrate cron.weekly to systemd.timer (#1244) 
Add mdadm timer and service files and remove the unused weekly cron
 2022-03-31 12:22:59 +02:00
Dongsu Park
465aad46fe sys-fs/mdadm: update keywords amd64 and arm64 for mdadm 4.2-r1 
Update keywords for amd64 and arm64 to be able to build mdadm 4.2-r1.
Update description in README as well.
 2022-03-31 12:22:48 +02:00
Dongsu Park
7f7061c829 sys-fs/mdadm: update to 4.2-r1 
Update sys-fs/mdadm to 4.2-r1, mainly to remove unnecessary third-party
Flatcar patches that are already included in the latest release 4.2.
 2022-03-31 12:14:44 +02:00
Krzesimir Nowak
1dc58fe441 Merge pull request #1761 from flatcar-linux/krnowak/move-rust 
Import virtual/rust to from portage-stable and update the rust workflow
 2022-03-31 11:28:24 +02:00
Sayan Chowdhury
e8f1e16677 sys-libs/zlib: Add arches to package.accept_keywords 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-31 10:43:27 +05:30
Krzesimir Nowak
9eba5de9ae profiles: Disable smi, ssl and samba in net-analyzer/tcpdump 
They became enabled by default after an update. We didn't need them
before, we don't need them now. Also, enabling smi pulls in
net-libs/libsmi that does not have a keyword for arm64 even.
 2022-03-30 20:03:18 +02:00
Krzesimir Nowak
bc7bfe7d01 profiles: Disable pcre16 in dev-libs/libpcre2 
It became enabled by default after an update, so revert that change in
our profiles. It was enabled upstream, because it was needed by
dev-qt/qtcore, which we don't have.
 2022-03-30 20:03:18 +02:00
Krzesimir Nowak
edcdfb51ea profiles: Drop net-libs/libnetfilter_conntrack from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-30 20:03:18 +02:00
Krzesimir Nowak
84673e50f0 profiles: Drop outdated use flag for net-dns/bind-tools 2022-03-30 20:03:18 +02:00
Krzesimir Nowak
fb869eb7a3 profiles: Drop sys-fs/multipath-tools from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-30 20:03:18 +02:00
Krzesimir Nowak
86cb489943 profiles: Drop outdated use flag for net-analyzer/tcpdump 2022-03-30 20:03:18 +02:00
Krzesimir Nowak
770e86a737 profiles: Update accept_keywords for net-firewall/conntrack-tools 2022-03-30 20:03:18 +02:00
Krzesimir Nowak
8b22921049 profiles: Drop net-libs/libnetfilter_queue from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-30 20:03:18 +02:00
Krzesimir Nowak
23e9e04eeb profiles: Drop dev-libs/elfutils from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-30 20:03:18 +02:00
Krzesimir Nowak
54180d667b Merge pull request #1724 from flatcar-linux/krnowak/drop-intltool 
coreos-base/hard-host-depends: Stop pulling in intltool
 2022-03-30 18:50:21 +02:00
Krzesimir Nowak
17936f64ed .github: Fix base branch of the work branch 
We want to base the work branch (like rust-1.59-main) on top of the
base branch from our remote, not from remote that came with SDK. This
will make the work branch creation fork-friendly.
 2022-03-30 18:44:02 +02:00
Krzesimir Nowak
482651582d .github: Checkout our base branch in SDK coreos-overlay too 2022-03-30 18:07:06 +02:00
Dongsu Park
74dd64cce9 Merge pull request #1775 from flatcar-linux/dongsu/gnutls-3.7.3 
profiles: delete keywords for gnutls
 2022-03-30 15:53:45 +02:00
Jeremi Piotrowski
163effa73b Merge pull request #1777 from flatcar-linux/jepio/coreos-sources-hyperv-backport 
coreos-sources: backport hyperv coherence fixes
 2022-03-30 15:29:52 +02:00
Jeremi Piotrowski
f49c0cfe73 Merge pull request #1765 from flatcar-linux/linux-5.15.32-main 
Upgrade Linux Kernel in main from 5.15.31 to 5.15.32
 2022-03-30 15:29:20 +02:00
Jeremi Piotrowski
e498f55aaf sys-kernel/coreos-sources: backport kernel patches that fix memory coherence on Hyper-V 
This is v3 of the patchset from here:
https://lore.kernel.org/lkml/1648138492-2191-1-git-send-email-mikelley@microsoft.com/T/#u

There was a slight merge conflict because hv_map_memory/hv_unmap_memory don't
exist in 5.15.
 2022-03-30 13:13:11 +02:00
Dongsu Park
1aa0a5b4a7 profiles: delete keywords for gnutls 
As we update gnutls to 3.7.3-r1 which is already stable, there is
no need to accept keywords for gnutls. Delete.
 2022-03-30 10:20:37 +02:00
Flatcar Buildbot
9847794b4f sys-kernel: Upgrade Kernel 5.15.31 to 5.15.32 2022-03-30 08:24:53 +02:00
Flatcar Buildbot
35ecf3f62c Update mantle commit to latest HEAD 2022-03-30 05:42:24 +00:00
Jeremi Piotrowski
cb4c868253 Merge pull request #1768 from flatcar-linux/jepio/mantle-update-action 
github/workflows: add mantle update action
 2022-03-30 07:42:07 +02:00
Jeremi Piotrowski
f33072ddfb github/workflows: add mantle update action 
This action runs over main and the release branches and creates a PR that
updates mantle reference to the latest one. By using a fixed branch name,
rerunning the action will update/close an existing PR if new mantle commits
happen or if the PR becomes obsolete.
 2022-03-29 15:59:12 +02:00
Mathieu Tortuyaux
0cbc562928 Merge pull request #1767 from flatcar-linux/tormath1/unconfined 
sec-policy/selinux-unconfined: move to ::portage-stable
 2022-03-29 15:55:39 +02:00
Krzesimir Nowak
3f07ae6f09 Merge pull request #1708 from flatcar-linux/krnowak/pkg-updates-2019 
Profile cleanups for updated packages from 2019
 2022-03-29 15:45:09 +02:00
Krzesimir Nowak
44c82bb8c5 coreos-base/hard-host-depends: Stop pulling in intltool 
The tool is deprecated, nothing pulls that in any more and it has a
dependency on dev-perl/XML-Parser, an updated version of which would
want to pull a bunch of new packages through dev-perl/libwww-perl.
Avoid the hassle and drop the tool.
 2022-03-29 13:21:53 +02:00
Krzesimir Nowak
11917036f8 coreos-base/hard-host-depends: Sort the deps 
Otherwise no changes done here.
 2022-03-29 13:15:59 +02:00
Krzesimir Nowak
2ed433c6cc sys-auth/realmd: Add new patches, update deps 
Realmd didn't have dev-util/intltool listed as a dependency, but it
actually required it during build. Apply a patch from upstream that
converts the project from intltool to gettext in order to get rid of
the dependency on the obsolete tool. To apply the patch without
conflicts, apply also another patch from upstream that modernizes the
configure.ac file.

We also disable the i18n through the --disable-nls flag. The disabling
is not complete though, so we still need to point gettext to the ITS
rules we have installed in ROOT.
 2022-03-29 13:14:27 +02:00
Mathieu Tortuyaux
65107a9d0f sec-policy/selinux-unconfined: move to ::portage-stable 
There is no Flatcar patches for this package.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-29 10:11:23 +02:00
Krzesimir Nowak
167c1e5ebf Merge pull request #1756 from flatcar-linux/linux-5.15.31-main 
Upgrade Linux Kernel in main from 5.15.30 to 5.15.31
 2022-03-24 19:34:55 +01:00
Mathieu Tortuyaux
743f7c470f changelog: add entry 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Co-authored-by: Kai Lüke <pothos@users.noreply.github.com>
 2022-03-24 17:00:10 +01:00
Mathieu Tortuyaux
c608794004 sys-kernel/bootengine: add cryptsetup in initramfs 
this is required to run luks encryption with ignition

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-24 17:00:10 +01:00
Krzesimir Nowak
afe689a3e3 .github: Update rust workflow to handle virtual/rust too 2022-03-24 16:56:44 +01:00
Krzesimir Nowak
778ed62f39 virtual/rust: Move from portage-stable 
This file is modified by some automation, so move it out from
portage-stable - there shouldn't be any modified stuff there.
 2022-03-24 16:44:21 +01:00
Flatcar Buildbot
60b5b921ad sys-kernel: Upgrade Kernel 5.15.30 to 5.15.31 2022-03-24 15:14:13 +01:00
Flatcar Buildbot
70038a7667 app-emulation: Upgrade Containerd 1.6.1 to 1.6.2 2022-03-24 11:18:36 +01:00
Dongsu Park
87ed710ec2 Merge pull request #1745 from flatcar-linux/sayan/update-util-linux-2.37.4 
profiles: disable su USE flag for util-linux
 2022-03-24 10:27:32 +01:00
Jeremi Piotrowski
f5b92b623f Merge pull request #1757 from flatcar-linux/jepio/workflows-lbzip2 
.github/workflows: install lbzip2 to speed up sdk creation
 2022-03-24 10:10:54 +01:00
Jeremi Piotrowski
cdd948d1c6 .github/workflows: install lbzip2 to speed up sdk creation 
Our github actions use cork to create an sdk chroot, which pulls down bzipped
archives. The runners have 2 CPUs, so this unpacking could be faster if we
installed lbzip2. Cork transparently uses lbzip2.
 2022-03-24 09:46:25 +01:00
Kai Lüke
9fdc34e13c Merge pull request #1750 from flatcar-linux/kai/go-binary-size 
eclass/coreos-go.eclass: strip Go binaries by default
 2022-03-23 21:39:26 +01:00
Krzesimir Nowak
d4850a6c86 coreos-devel/mantle: Bump to latest commit 2022-03-23 14:01:09 +01:00
Krzesimir Nowak
4a64240099 fixup! eclass/coreos-cargo: Ensure the modified config is valid TOML 2022-03-23 13:48:52 +01:00
Kai Lueke
e73121db37 eclass/coreos-go.eclass: strip Go binaries by default 
The size contains not only of the /usr partition but also the /boot
partition require that we reduce the size of binaries as much as
possible.
Strip all Go binaries by default.
 2022-03-23 13:11:15 +01:00
Krzesimir Nowak
090680dc6d Merge pull request #1746 from flatcar-linux/krnowak/emerge-gitclone-pr-fix 
coreos-base/emerge-gitclone: Pull PRs properly
 2022-03-22 19:47:43 +01:00
Krzesimir Nowak
97e608f538 coreos-base/emerge-gitclone: Pull PRs properly 
This usually doesn't happen for releases, but for development
dev-containers it might be the case that portage-stable or
coreos-overlay commit is specified as some pull request reference -
these need to be fetched differently, as refs from refs/pull usually
are not fetched by default.
 2022-03-22 16:21:07 +01:00
Mathieu Tortuyaux
21ef6d148d changelog: add entry 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-22 13:54:19 +01:00
Mathieu Tortuyaux
4f200d79ea profiles/coreos/base: enable fips across the OS 
only support by OpenSSL and Cryptsetup for now.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-22 13:43:14 +01:00
Krzesimir Nowak
7acca26ab6 coreos-base/afterburn: Add dependency on dev-libs/openssl 
The package depends on it through the openssl crate. Without openssl,
the package would fail to build because of missing header files.
 2022-03-22 10:26:03 +01:00
Krzesimir Nowak
14ec0b2456 eclass/coreos-cargo: Ensure the modified config is valid TOML 
We were appending the [build] section, and the updated cargo eclass
already added that to the config, so we ended up with having two
[build] sections in the config file. Try to amend the section instead
of appending it to the file. While at it, do the same with the
target.${RUST_TARGET} section too to be a bit more futureproof.
 2022-03-22 10:26:03 +01:00
Krzesimir Nowak
f302e69455 coreos-base/update-ssh-keys: Bump EAPI to 8 
EAPI 6 is too old for cargo eclass that gets inherited through
coreos-cargo.
 2022-03-22 10:26:03 +01:00
Krzesimir Nowak
ab735a5df4 coreos-base/afterburn: Bump EAPI to 8 
EAPI 6 is too old for cargo eclass that gets inherited through
coreos-cargo.
 2022-03-22 10:26:03 +01:00
Krzesimir Nowak
5eccaeb306 profiles: Update accept_keywords for dev-lang/nasm 
It is available for arm64 now, but still as unstable.
 2022-03-22 10:26:03 +01:00
Krzesimir Nowak
9dec83eaa9 profiles: Drop app-misc/jq from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-22 10:26:03 +01:00
Mathieu Tortuyaux
00cbb4bb25 profiles/base: accept tested version of cryptsetup 
it's required to pull fips support

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-22 09:55:19 +01:00
Krzesimir Nowak
32941dc278 Merge pull request #1712 from JAORMX/sssd-selinux-module 
Add sssd to list of SELinux modules enabled
 2022-03-21 18:20:08 +01:00
Dongsu Park
1385747481 Merge pull request #1742 from flatcar-linux/linux-5.15.30-main 
Upgrade Linux Kernel in main from 5.15.28 to 5.15.30
 2022-03-21 17:34:25 +01:00
Dongsu Park
62298daf6b Merge pull request #1743 from flatcar-linux/sayan/update-intel-microcode-20220207_p20220207 
sys-firmware/intel-microcode: update to 20220207_p20220207
 2022-03-21 13:57:22 +01:00
Dongsu Park
cf81bdd8ef sys-kernel/coreos-sources: delete patch for Reverting xfrm state 
The patch z0005-Revert-xfrm-state-... is already included in the
upstream v5.15.30. Delete the patch to fix build failures.
 2022-03-21 13:52:33 +01:00
Dongsu Park
ac8fcf7ea7 Merge pull request #1744 from flatcar-linux/sayan/update-pambase-20220214 
sys-auth/pambase: update stub version to 20220214
 2022-03-21 13:24:34 +01:00
Sayan Chowdhury
7e12481655 sys-auth/pambase: update stub version to 20220214 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-21 13:23:01 +01:00
Dongsu Park
1749d86e40 Merge pull request #1735 from flatcar-linux/sayan/update-pam-1.5.1_p20210622-r1 
sys-libs/pam: Update to 1.5.1_p20210622
 2022-03-21 13:21:37 +01:00
Dongsu Park
4e2bcfb9a6 changelog: add changelog for pam 1.5.1_p20210622 2022-03-21 13:19:33 +01:00
Sayan Chowdhury
8d4ee0f2d6 sys-libs/pam: Apply Flatcar patches 
-  sys-libs/pam: Make /sbin/unix_chkpwd suid

This is to avoid importing fcaps eclass which adds a dependency on
sys-libs/libcap, which in turn depends on sys-libs/pam. To get out of
this conundrum, we could specify a "-filecaps" use flag for
sys-libs/pam. Problem with this solution would be no capability
override for the binary making it unable to read /etc/shadow. Thus we
make the binary suid. This is strictly less secure than overriding its
capabilities, but I have no idea how to solve it in a less hacky way.

-  sys-libs/pam: Install configuration into /usr

Also provide a tmpfiles fragment to bring it back.

- sys-libs/pam: Locked accounts functionality

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-21 13:19:33 +01:00
Sayan Chowdhury
e1dfbe9862 sys-libs/pam: Update to 1.5.1__p20210622 
gentoo sync ref: a9be6b639c

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-21 13:19:29 +01:00
Kai Lüke
498c4a1ab5 Merge pull request #1737 from flatcar-linux/kai/mantle-bump 
coreos-devel/mantle: bump to latest commit
 2022-03-21 11:54:45 +01:00
Dongsu Park
b2711efd5e profiles: disable su USE flag for util-linux 
As sys-apps/shadow has its own su binary, sys-apps/util-linux should
not have its own su binary. Otherwise, build will simply fail.
Disable su USE flag for util-linux.
 2022-03-21 11:49:08 +01:00
Kai Lueke
d59d626d3b coreos-devel/mantle: bump to latest commit 
We have to update the commit ID now when a mantle PR gets merged
because the new pipeline uses it.
 2022-03-21 10:59:14 +01:00
Sayan Chowdhury
dce35b0a12 sys-firware/intel-microcode: Add the changelog entries for 20220207_p20220207 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-21 10:23:46 +01:00
Flatcar Buildbot
bfd4ba3a66 sys-kernel: Upgrade Kernel 5.15.28 to 5.15.30 2022-03-20 07:22:36 +00:00
Dongsu Park
f88785d939 Merge pull request #1736 from flatcar-linux/rust-1.59.0-main 
Upgrade dev-lang/rust in main from 1.58.1 to 1.59.0
 2022-03-18 18:07:20 +01:00
Dongsu Park
f21caf2d80 Merge pull request #1729 from flatcar-linux/firmware-20220310-main 
Upgrade Linux Firmware in main from 20220209 to 20220310
 2022-03-18 16:06:31 +01:00
Flatcar Buildbot
4bbf728449 dev-lang: Upgrade dev-lang/rust 1.58.1 to 1.59.0 2022-03-18 10:56:52 +00:00
Sayan Chowdhury
052c968ac8 sys-firmware/intel-microcode: Apply Flatcar patches 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-18 13:24:24 +05:30
Sayan Chowdhury
c3d8d35413 sys-firmware/intel-microcode: Sync with Gentoo upstream 
gentoo sync ref: b6146dcdce

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-18 13:21:57 +05:30
Kai Lüke
28b13f4448 Merge pull request #1713 from flatcar-linux/kai/no-lib-symlink 
Split lib and lib64 for sysext support
 2022-03-17 17:06:13 +01:00
Kai Lueke
00841774c9 changelog: add entry for lib and lib64 split 2022-03-17 17:03:16 +01:00
Kai Lueke
bfbf373f20 coreos-base/coreos-oem-gce: use usr/lib/systemd folder 
The lib64/systemd location only happened to work through the used
symlink on Flatcar. The standard location is lib/systemd.
Use the standard location as we now want to split the libs folders.
 2022-03-17 17:03:16 +01:00
Kai Lueke
bc9d7af985 sys-apps/systemd: enable systemd-sysext.service 
The systemd-sysext.service activates sysext images on boot.
Enable it by default.
 2022-03-17 17:03:16 +01:00
Kai Lueke
5fc316e775 coreos-base/coreos-init: add helper service to start sysext services 
This pulls in
https://github.com/flatcar-linux/init/pull/65
 2022-03-17 17:03:16 +01:00
Dongsu Park
9989de6963 Merge pull request #1725 from flatcar-linux/docker-20.10.13-main 
Upgrade Docker in main from 20.10.12 to 20.10.13
 2022-03-17 14:30:14 +01:00
Kai Lueke
ba8aeb992a coreos-base/coreos-init: create compatibility symlinks 
The split of /usr/lib64 into /usr/lib and /usr/lib64 means that paths
to /usr/lib64/X that worked before now wouldn't.
Therefore, create compatibility symlinks.
 2022-03-17 12:15:40 +01:00
Kai Lueke
c6e427d80d profiles: disable SYMLINK_LIB 
The profile Flatcar is on had SYMLINK_LIB set for amd64 which set up
(/usr)/lib as symlink to (/usr)/lib64. This is not the case for arm64
nor common in other recent distributions and causes systemd-sysext
loading to fail.
Disable SYMLINK_LIB for the amd64 board for now, leaving the SDK as is
but we could also set it for the SDK, too. A future profile update will
also bring this change.
 2022-03-17 12:12:46 +01:00
Kai Lueke
b3f4b641ce sys-apps/baselayout: force link creation in tmpfile rule 
The /lib symlink does not point to /usr/lib but instead points to
/usr/lib64 on current releases which have a single /usr/lib64 folder
and a symlink from /usr/lib to it. This means that when they update to
a release with a split lib vs. lib64 setup, the kernel modules are not
found because /lib/modules does not exist (because /lib still points
to /usr/lib64 instead of /usr/lib).
Force link recreation to match the new layout. The system will still be
able to rollback because the link to /usr/lib is still valid because
/usr/lib is itself a link that forwards to /usr/lib64.
 2022-03-17 12:11:11 +01:00
Dongsu Park
96d59a1d55 app-emulation/docker: remove unnecessary patch for etcd 
Now that Docker 20.10.13 updated its vendored etcd to 3.3.27, it is
not necessary any more to fix F_OFD_GETLK in etcd. Simply remove it.
 2022-03-17 10:24:49 +01:00
Juan Antonio Osorio
6dadefecfb Add SELinux flag for sssd build 
Signed-off-by: Juan Antonio Osorio <juan.osoriorobles@eu.equinix.com>
 2022-03-17 09:34:51 +02:00
Flatcar Buildbot
372c62308b sys-kernel: Upgrade Linux Firmware 20220209 to 20220310 2022-03-17 07:12:09 +00:00
Mathieu Tortuyaux
20cae0b0c3 Merge pull request #1727 from flatcar-linux/tormath1/openssl 
dev-libs/openssl: bump to 3.0.2
 2022-03-16 15:59:56 +01:00
Mathieu Tortuyaux
dfbd94b035 changelog: add entries 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-16 11:07:42 +01:00
Mathieu Tortuyaux
f71a2f9e31 dev-libs/openssl: Apply Flatcar modifications 
- remove unecessary files
- drop `pkg_postint`
- create `/etc/ssl` with tmpfiles
- mark openssl as stable for arm64 and amd64

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-16 11:03:49 +01:00
Mathieu Tortuyaux
d01e5e7fa3 dev-libs/openssl: sync with ::gentoo 
Commit-Ref: ca7cd67308

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-16 10:52:22 +01:00
Flatcar Buildbot
d344be8799 app-emulation: Upgrade Docker 20.10.12 to 20.10.13 2022-03-16 07:46:49 +00:00
Jeremi Piotrowski
52971dee4b changelog: add entry for revert which fixes AWS m4 networking 2022-03-15 19:35:56 +01:00
Jeremi Piotrowski
38680b5b7a sys-kernel/coreos-sources: revert commit which breaks networking on M4 instances 
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-03-15 19:35:56 +01:00
Krzesimir Nowak
d784aa9238 coreos-base/update_engine: Drop unused alias 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
833d18a78b profiles: Add accept_keywords for app-crypt/rhash 
So the version used for the potential arm64 SDK is the same as in
amd64 SDK.
 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
9e6d34f929 profiles: Drop outdated use flag for dev-libs/protobuf 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
7f38b34ca0 profiles: Drop dev-libs/libusb from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
93237a0bf4 profiles: Drop dev-libs/libassuan from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
2021223762 profiles: Drop sys-fs/quota from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
464d0fdcd4 profiles: Update accept_keywords for app-crypt/efitools 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
8bdb5b4216 profiles: Drop sys-apps/sandbox from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
1c4c5d0a3d profiles: Drop dev-cpp/gflags from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-15 17:55:25 +01:00
Jeremi Piotrowski
ae1ca7a804 Merge pull request #1718 from flatcar-linux/linux-5.15.28-main 
Upgrade Linux Kernel in main from 5.15.27 to 5.15.28
 2022-03-15 14:17:50 +01:00
Kai Lueke
94254e2afb sys-kernel/bootengine: re-add missing modules 
This pulls in
https://github.com/flatcar-linux/bootengine/pull/40
to add the kernel modules back that disappeared compared to Stable
3033.x.y with the 5.10 kernel.
 2022-03-15 11:38:51 +01:00
Flatcar Buildbot
14e9176fa4 sys-kernel: Upgrade Kernel 5.15.27 to 5.15.28 2022-03-12 07:22:35 +00:00
Mathieu Tortuyaux
1bb3bd5375 Merge pull request #1707 from flatcar-linux/tormath1/gcp 
ignition: support `gce` as OEM ID
 2022-03-11 17:48:43 +01:00
Kai Lüke
0257fa3d84 Merge pull request #1710 from flatcar-linux/kai/ignition-link-translate 
sys-apps/ignition: fix link translation
 2022-03-11 13:23:34 +01:00
Kai Lueke
344dbf2eb0 sys-apps/ignition: fix link translation 
This pulls in https://github.com/flatcar-linux/ignition/pull/38
for https://github.com/flatcar-linux/ign-converter/pull/5
to fix https://github.com/flatcar-linux/Flatcar/issues/666 which
is about a failing translation due to a too strict check.
 2022-03-11 13:23:01 +01:00
Dongsu Park
2b21cde4d8 changelog: add security changelog for Go 1.17.8 
Add missing security changelog CVE-2022-24921 for Go 1.17.8.
 2022-03-11 10:13:22 +01:00
Dongsu Park
83c5075143 Merge pull request #1704 from flatcar-linux/vmware-12.0.0-main 
Upgrade open-vm-tools in main from 11.3.5 to 12.0.0
 2022-03-11 09:36:43 +01:00
Mathieu Tortuyaux
a38d49869d coreos-base/coreos-init: convert back gcp to gce 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-10 11:30:49 +01:00
Mathieu Tortuyaux
ce5042743c sys-kernel/bootengine: convert gce to gcp 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-10 11:30:49 +01:00
Dongsu Park
3d3acd7a98 app-emulation/open-vm-tools: add USE flags salt-minion 
For open-vm-tools 12.0.0, add a new USE flag salt-minion.
Pass `--disable-containerinfo` to fix build issues, because it is
currently not trivial to import dependency libs grpc++ into Flatcar.
 2022-03-10 10:35:05 +01:00
Dongsu Park
461edca2d5 app-emulation/open-vm-tools: remove FUSE addition from patches 
Since open-vm-tools 12.0.0 already supports its native fuse detection
mechanism, we do not need to add another check for fuse to configure.ac.
 2022-03-10 10:35:05 +01:00
Flatcar Buildbot
8076f1638c app-emulation: Upgrade open-vm-tools 11.3.5 to 12.0.0 2022-03-10 10:35:05 +01:00
Krzesimir Nowak
90615c215e profiles: Drop dev-perl/Text-Unidecode from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
045a3e6769 profiles: Drop sys-libs/efivar from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
c6ce357d02 profiles: Sync app-eselect/eselect-pinentry version 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
31ac287ea3 profiles: Drop net-nds/rpcbind from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
9412c64ba3 profiles: Drop sys-boot/efibootmgr from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
34becb7f43 profiles: Drop virtual/krb5 from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
935353ffa6 profiles: Drop net-misc/socat from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
be20b0611b profiles: Update accept_keywords for dev-util/checkbashisms 
It's stable for amd64, but still unstable for arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
6e2cdb223c profiles: Drop dev-libs/libevent from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
c550349cb1 profiles: Drop sys-fs/dosfstools from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
03558679ab profiles: Drop virtual/libusb from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
74c48fb57d profiles: Drop sys-block/thin-provisioning-tools from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
22a4df6c05 profiles: Drop sys-fs/lsscsi from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
50e5de95c2 profiles: Drop sys-apps/man-db from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
ef8be94860 Merge pull request #1706 from flatcar-linux/linux-5.15.27-main 
Upgrade Linux Kernel in main from 5.15.25 to 5.15.27
 2022-03-09 17:15:38 +01:00
Dongsu Park
494ff08e9b Merge pull request #1696 from flatcar-linux/cacerts-3.76-main 
Upgrade ca-certificates in main from 3.75 to 3.76
 2022-03-09 14:44:27 +01:00
Jeremi Piotrowski
752d197781 Merge pull request #1700 from flatcar-linux/jepio/remove-rng-tools 
coreos-base/coreos: remove rng-tool dependency
 2022-03-09 14:11:26 +01:00
Jeremi Piotrowski
617f619c68 changelog: add entry for rngd.service removal 
The user visible effect of rng-tool removal is that rngd is no longer
started in the initramfs.
 2022-03-09 13:06:07 +01:00
Dongsu Park
9f7fe58ac1 Merge pull request #1691 from flatcar-linux/containerd-1.6.1-main 
Upgrade Containerd in main from 1.6.0 to 1.6.1
 2022-03-09 09:11:35 +01:00
Dongsu Park
bec04a986a changelog: add changelog for containerd 1.6.1 2022-03-09 09:09:23 +01:00
Flatcar Buildbot
fb8008aafe sys-kernel: Upgrade Kernel 5.15.25 to 5.15.27 2022-03-09 07:23:52 +00:00
Jeremi Piotrowski
b58f674576 Merge pull request #1690 from flatcar-linux/jepio/oem-azure-dep-fix 
Fix arm64 build after pro oem merge
 2022-03-08 18:41:53 +01:00
Mathieu Tortuyaux
a2e46ed803 Merge pull request #1699 from JAORMX/containerd-selinux 
containerd: Enable SELinux labeling support by default
 2022-03-08 18:02:28 +01:00
Juan Antonio Osorio
3b491d97b6 Added changelog entry for SELinux enablement in containerd 
Signed-off-by: Juan Antonio Osorio <juan.osoriorobles@eu.equinix.com>
 2022-03-08 18:07:00 +02:00
Jeremi Piotrowski
debf700a83 coreos-base/coreos: remove rng-tool dependency 
rng-tools does not appear to be necessary for booting in virtual machine
environments in 2022. Back in the day the boot process would block if
there was not enough entropy to seed the system random pool, but over
the years the linux kernel made sure that the pool is force seeded if
userspace does not do so one it's own. Remove rng-tool as it is not
needed and it would require work to make sure it works (detection of
tpm/hwrng/intel cpu instructions).
 2022-03-08 16:00:01 +01:00
Jeremi Piotrowski
a3b04c4f02 add former 'pro' packages to arm64 board/coreos dependencies 
flatcar-eks/nvidia-drivers/nvidia-metadata are now required to build
AWS/Azure images on all architectures, so we need the packages to not be
amd64-only dependencies of board-packages or coreos any longer.
 2022-03-08 10:57:12 +01:00
Jeremi Piotrowski
ec88babf35 x11-drivers/nvidia-drivers: add runtime dependency on nvidia-metadata 
setup-nvidia requires the nvidia-metadata file.
 2022-03-08 10:57:12 +01:00
Jeremi Piotrowski
a972428590 x11-drivers/nvidia-(drivers|metadata): keyword for arm64 
coreos-base/oem-azure now requires systemd units installed by
nvidia-drivers, so the nvidia-drivers package needs to be available for
both architectures. Nvidia-drivers depends on nvidia-metadata so the
same applies.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-03-08 10:57:12 +01:00
Juan Antonio Osorio
333c985cad containerd: Enable SELinux labeling support by default 
This enables containerd to do appropriate SELinux labeling of containers
and files by default. This should not be problematic as Flatcar ships with
SELinux permissive by default.

Signed-off-by: Juan Antonio Osorio <juan.osoriorobles@eu.equinix.com>
 2022-03-08 11:10:02 +02:00
Jeremi Piotrowski
b0bde5635a Merge pull request #1697 from flatcar-linux/go-1.17.8-main 
Upgrade Go in main from 1.17.7 to 1.17.8
 2022-03-08 08:48:30 +01:00
Mathieu Tortuyaux
d4ce290fef changelog: add entries 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Co-authored-by: Kai Lüke <pothos@users.noreply.github.com>
 2022-03-07 18:32:45 +01:00
Mathieu Tortuyaux
f383ffeac1 coreos-base/coreos-init: enable enable-oem-cloudinit 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-07 18:17:36 +01:00
Mathieu Tortuyaux
4f9b1e9e5a coreos-base/oem: remove default.ign 
With ignitionv3, there is no more `default.ign` loaded configuration. We
can safely remove this configuration since it won't be loaded anyway.

oem-cloudinit will be conditionally enabled based on `ignition`
execution result.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-07 18:17:36 +01:00
Mathieu Tortuyaux
05d1141214 sys-kernel/bootengine: update commit ID 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-07 18:17:36 +01:00
Mathieu Tortuyaux
57461c606c sys-apps/ignition: bump commit ID 
it mainly brings V3 support on top of V2 support for Ignition and ensure
backward compatibility with existing integration.

Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
 2022-03-07 18:17:36 +01:00
Flatcar Buildbot
2c10f4ecd8 dev-lang: Upgrade Go 1.17.7 to 1.17.8 2022-03-07 07:31:06 +00:00
Flatcar Buildbot
d89b98ad6e app-misc: Upgrade ca-certificates 3.75 to 3.76 2022-03-07 07:24:05 +00:00
Flatcar Buildbot
2d04a88857 app-emulation: Upgrade Containerd 1.6.0 to 1.6.1 2022-03-04 08:23:25 +00:00
Sayan Chowdhury
f2d24968a4 Merge pull request #1648 from flatcar-linux/sayan/update-timezone-data-2021a 
sys-libs/timezone-data: Sync with Gentoo upstream
 2022-03-03 14:36:40 +05:30
Sayan Chowdhury
3466931d5e changelog: Add the entry for the timezone-data 2021a 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-03 14:34:16 +05:30
Sayan Chowdhury
3c0597b403 sys-libs/timezone-data: Apply Flatcar patches 
Recreate the old posix symlink for compatibility, and drop all the
pkg functions that maintain /etc/localtime since we default to UTC.

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-03 14:34:16 +05:30
Sayan Chowdhury
30ef5091b3 sys-libs/timezone-data: Sync with Gentoo upstream 
upstream sync ref
e13124464c

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-03 14:34:13 +05:30
Krzesimir Nowak
7463f454ae Merge pull request #1678 from flatcar-linux/krnowak/pkg-updates-2016 
Accept keyword cleanup for packages from 2016
 2022-03-02 19:38:59 +01:00
Kai Lüke
a0378f9338 Merge pull request #1682 from flatcar-linux/kai/revert-ipsec-change 
sys-kernel: Revert change to forbid using xfrm id 0
 2022-03-02 17:49:40 +01:00
Kai Lueke
5cbb7908de sys-kernel: Revert change to forbid using xfrm id 0 in state 
The change broke userspace (e.g., Cilium is affected because it used
id 0 for the dummy state https://github.com/cilium/cilium/pull/18789)
and we decided to revert it to give the affected software more time
to adapt (cf. https://marc.info/?t=164607426900002&r=1&w=2).
 2022-03-02 17:48:30 +01:00
Jeremi Piotrowski
8a58808b9a coreos-base/coreos-init: fix commit reference to flatcar-master branch 2022-03-02 17:08:31 +01:00
Jeremi Piotrowski
14490039a5 Merge pull request #1683 from flatcar-linux/jepio/fix-cgroupv1-em 
coreos-base/coreos-init: move processes to root cgroup before unbinding controllers
 2022-03-02 17:06:22 +01:00
Jeremi Piotrowski
2d489c33a3 coreos-base/coreos-init: move processes to root cgroup before unbinding controllers 
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-03-02 13:16:41 +00:00
Sayan Chowdhury
b7e0c422d4 changelog/changes: Add the changelog entry for Flatcar Pro merge 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-02 13:59:49 +05:30
Sayan Chowdhury
7a0c4794d3 coreos-base/oem-azure: Add the nvidia.service file to start the service 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-02 13:59:49 +05:30
Sayan Chowdhury
d960acc064 x11-drivers/nvidia-drivers: Use the bucket instead of GCS 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-02 13:59:49 +05:30
Sayan Chowdhury
f076032ed5 oem-azure-pro: Move the Flatcar Pro bits in to regular image 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-02 13:59:43 +05:30
Sayan Chowdhury
5fe2ba270f x11-drivers/nvidia-drivers: Add the changelog updates for 510.47.03 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-02 13:59:21 +05:30
Sayan Chowdhury
59e4a6cfd1 x11-drivers/nvidia-{metadata,drivers}: Update to 510.47.03 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-02 13:59:21 +05:30
Sayan Chowdhury
b422471a35 oem-ec2-compat: Move the EC2 Pro features into regular images 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-02 13:59:21 +05:30
Sayan Chowdhury
aa83e2f34f coreos-base/oem-azure: Install nvidia drivers in regular images 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-02 13:59:18 +05:30
Jeremi Piotrowski
0f8d2ca84b Merge pull request #1666 from flatcar-linux/jepio/runtime-revert-to-cgroupv1 
bump coreos-init and bootengine commit for cgroupv1-runtime-revert support
 2022-03-01 15:29:11 +01:00
Jeremi Piotrowski
ea14a7cb10 changelog: add entry for cgroupv1 switch functionality 
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-03-01 14:28:41 +00:00
Jeremi Piotrowski
b571cd5bbb Merge pull request #1676 from flatcar-linux/jepio/azure-earlycon 
core-base/oem-azure(-pro): enable earlycon on all platforms
 2022-03-01 14:44:22 +01:00
Jeremi Piotrowski
21167bc5c3 bump coreos-init and bootengine commit for cgroupv1-runtime-revert change 
This pulls in https://github.com/flatcar-linux/bootengine/pull/35 and
https://github.com/flatcar-linux/init/pull/62, which enable boot time switching
back to legacy cgroups by creating a flag files (/etc/flatcar-cgroupv1) from
ignition.
 2022-03-01 08:12:01 +00:00
Krzesimir Nowak
f1c8620342 profiles: Drop obsolete use for net-misc/iperf 
The use flag was valid for iperf-2.x. We install iperf-3.x for a long
time already, so the flag did nothing.
 2022-02-28 16:30:28 +01:00
Krzesimir Nowak
211cd9bbe6 profiles: Drop dev-libs/liblinear from accept_keywords 
The updated package is stable on both amd64 and arm64.
 2022-02-28 16:30:28 +01:00
Krzesimir Nowak
4f2d674bbd profiles: Drop net-misc/iperf from accept_keywords 
The updated package is available for arm64 and stable on both amd64
and arm64.
 2022-02-28 16:30:28 +01:00
Krzesimir Nowak
0e61e825d8 profiles: Drop sys-apps/nvme-cli from accept_keywords 
The updated package is available now also for arm64 and stable for
both amd64 and arm64.
 2022-02-28 16:30:28 +01:00
Krzesimir Nowak
3f9ac29ebf profiles: Drop dev-util/patchelf from accept_keywords 
The updated package is available for arm64 and stable for both amd64
and arm64.
 2022-02-28 16:30:28 +01:00
Krzesimir Nowak
07c10566cc profiles: Drop dev-libs/userspace-rcu from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-02-28 16:30:28 +01:00
Krzesimir Nowak
d1f209ae0a profiles: Drop net-libs/http-parser from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-02-28 16:30:28 +01:00
Krzesimir Nowak
d8a23cff47 Merge pull request #1674 from flatcar-linux/krnowak/pkg-updates-2015 
Accept keyword cleanup for packages from 2015
 2022-02-28 15:40:52 +01:00
owenthomas17
ae8c5b79bf Enable kerberos support for NFSv4 (#1664) 
NFS4 with Kerberos

use_flags: Adding use flags for nfs-utils so that it can support kerberos and nfs4.1 along with various other tools like junctions
kernel: Including relevent kernel modules for  systemd unit

Co-authored-by: Owen Thomas <owen@owen-thomas.co.uk>
Co-authored-by: Kai Lüke <pothos@users.noreply.github.com>
 2022-02-28 15:21:33 +01:00
Kai Lueke
ee3a8a9cff coreos-devel/mantle: update to latest state 
This updates the internal kola version that is now used for tests from
the SDK container pipeline.
 2022-02-25 17:50:37 +01:00
Jeremi Piotrowski
fdf627aafe core-base/oem-azure(-pro): enable earlycon on all platforms 
Both architectures and VM generations.
 2022-02-25 13:30:46 +01:00
Jeremi Piotrowski
a2c6ea2f04 Merge pull request #1675 from flatcar-linux/jepio/build-fixes 
build fixes (shim/polkit)
 2022-02-25 12:54:42 +01:00
Dongsu Park
1ba428e499 Merge pull request #1660 from flatcar-linux/dongsu/shadow-4.11.1 
sys-apps/shadow: update to 4.11.1
 2022-02-25 09:58:11 +01:00
Jeremi Piotrowski
c34235f856 coreos-devel/sdk-depends: mark sys-boot/shim amd64 only 
The version of shim that we carry was never tested on arm64 and was
never intended to work. It also doesn't correctly link against the
newest versions of gnu-efi. Mark it amd64 to exclude it from arm64 sdk.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-02-25 09:56:10 +01:00
Jeremi Piotrowski
182e5d767f sys-auth/polkit: mark duktape dependency with := 
The ':=' slot operator forces a package to be rebuilt when a dependency
slot/subslot changes. Duktape has the slot definition '0/${PV}' and with
the upgrade to 2.7.0 the soname changed, so polkit needs rebuilding.
This is also done this way in recent upstream gentoo ebuilds for polkit.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-02-25 09:56:00 +01:00
Krzesimir Nowak
f3a63cc2e1 Merge pull request #1673 from flatcar-linux/linux-5.15.25-main 
Upgrade Linux Kernel in main from 5.15.24 to 5.15.25
 2022-02-25 09:45:52 +01:00
Krzesimir Nowak
9a5ec90d86 profiles: Drop net-misc/bridge-utils from accept_keywords 
The package is now stable for both amd64 and arm64.
 2022-02-24 15:08:05 +01:00
Krzesimir Nowak
8aef9c928f profiles: Drop pixman from accept_keywords 
It's stable now for both amd64 and arm64.
 2022-02-24 15:08:05 +01:00
Mathieu Tortuyaux
9ff06adbdd Merge pull request #1667 from flatcar-linux/tormath1/libmspack 
dev-libs/libmspack: bump to 0.10.1_alpha
 2022-02-24 10:47:38 +01:00
Mathieu Tortuyaux
a91b938aec profiles/base: stabilize libxml2 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-02-24 10:45:04 +01:00
Flatcar Buildbot
7832ee4f95 sys-kernel: Upgrade Kernel 5.15.24 to 5.15.25 2022-02-24 07:22:10 +00:00
Mathieu Tortuyaux
abef07f31a changelog: add entry 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-02-23 18:38:40 +01:00
Mathieu Tortuyaux
74ed89937c dev-libs/libmspack: apply flatcar changes 
* remove useless ebuild
* set the prefix to the OEM partition since this is vmware-only

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-02-23 18:30:09 +01:00
Mathieu Tortuyaux
8deb1b043a dev-libs/libmspack: sync with ::gentoo 
Commit-Ref: f4b02380c6eb5d4829d3909694a93566b789e5d6

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-02-23 18:28:07 +01:00
Mathieu Tortuyaux
5982f75c88 profiles/base: stabilize duktape 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-02-23 16:41:01 +01:00
Dongsu Park
fe7a6c904b profiles: enable su USE flag for shadow 
Enable su USE flag for shadow, because shadow >= 4.11 does not have it
by default.
Ideally util-linux should have the su binary, but that is currently not
possible, because of a bunch of additional dependencies in SDK like
pam_sssd in baselayout.
 2022-02-22 11:54:21 +01:00
Dongsu Park
2037f0a173 changelog: add changelog for shadow 4.11.1 2022-02-21 15:51:16 +01:00
Dongsu Park
a44f3b8fbd sys-apps/shadow: Apply Flatcar modifications 
- Carry over our custom tmpfiles and securetty files
  - Remove /etc files and install them to /usr, use tmpfiles
  - Switch /etc/login.defs edits to /usr/share/shadow/login.defs
  - Drop moving passwd out of /usr since we don't have split-usr
  - Drop pkg_postinst
 2022-02-21 15:51:16 +01:00
Dongsu Park
2b733fd76a sys-apps/shadow: update to 4.11.1 
Sync with Gentoo to update sys-apps/shadow to 4.11.1, mainly to address
CVE-2013-4235.

Gentoo ref: defe2a377e43a756441b183b66e2c4aae2be27b5
 2022-02-21 15:51:16 +01:00
Kai Lueke
3d5309794a sys-apps/ignition: prevent races with udev 
This pulls in
https://github.com/flatcar-linux/ignition/pull/35
to prevent boot failures such as fsck running while udev was still
processing the disk changes, and thus failing when the /dev/disk/
symlink is shortly gone.
 2022-02-21 11:12:24 +01:00
Thilo Fromm
3219bd9035 Merge pull request #1661 from flatcar-linux/t-lo/bootengine-fix-container-build 
sys-kernel/bootengine: fix containerised builds
 2022-02-21 10:42:39 +01:00
Kai Lüke
a8c00f42d3 Merge pull request #1652 from flatcar-linux/kai/use-package-users 
sys-apps/baselayout: remove duplicates of acct-user|group
 2022-02-18 18:16:29 +01:00
Thilo Fromm
8adf98c2c8 sys-kernel/bootengine: fix containerised builds 
Bump CROS_WORKON to include
https://github.com/flatcar-linux/bootengine/pull/36
to fix an issue with dracut in containerised builds.

Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
 2022-02-18 18:00:50 +01:00
Mathieu Tortuyaux
e7923114db Merge pull request #1659 from flatcar-linux/tormath1/sqlite 
dev-db/sqlite: skip `sqlite3` installation
 2022-02-18 17:51:09 +01:00
Mathieu Tortuyaux
121cc4e28f profiles/coreos/make: add sqlite3 to INSTALL_MASK 
this prevents the installation of `/usr/bin/sqlite3` cli provided by
`dev-db/sqlite`.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-02-18 17:48:18 +01:00
Kai Lueke
14bf508412 sys-apps/baselayout: remove duplicates of acct-user|group 
This pulls in
https://github.com/flatcar-linux/baselayout/pull/23
to remove user entries which get safely created through
https://github.com/flatcar-linux/scripts/pull/227
using the acct-user ID allocations for systemd-sysusers.
 2022-02-18 10:21:11 +01:00
Dongsu Park
a85e311aca coreos-base/hard-host-depends: add docutils, patchutils 
Add dev-python/docutils, dev-util/patchutils to hard-host-depends.
Without adding those in the SDK, the new package dev-util/bpftool would
end up pulling in the new dependencies into the production images, which
should not happen.
 2022-02-17 13:52:47 +01:00
Dongsu Park
0fc96039a9 profiles: force enable bpftool for arm64 
As dev-util/bpftool does not have a keyword arm64, we need to force
enable arm64 keyword for bpftool.
 2022-02-17 13:49:22 +01:00
Dongsu Park
9b9ac5ea39 coreos-base/coreos: add dev-util/bpftool 
Get dev-util/bpftool included in the production images by default.
 2022-02-17 13:48:42 +01:00
Krzesimir Nowak
6d0d5625f1 Merge pull request #1657 from flatcar-linux/linux-5.15.24-main 
Upgrade Linux Kernel in main from 5.15.23 to 5.15.24
 2022-02-17 10:23:18 +01:00
Kai Lüke
81fd6a88a2 Merge pull request #1651 from flatcar-linux/kai/use-networkd-conf-drop-in 
Replace systemd patch by a drop-in file
 2022-02-17 10:09:32 +01:00
Kai Lueke
584693874b Replace systemd patch by a drop-in file 
This pulls in
https://github.com/flatcar-linux/init/pull/61
and
https://github.com/flatcar-linux/baselayout/pull/22
to use a drop-in file instead of the systemd patch.
 2022-02-17 10:08:43 +01:00
Dongsu Park
5b1acafa48 Merge pull request #1650 from flatcar-linux/containerd-1.6.0-main 
Upgrade Containerd in main from 1.5.9 to 1.6.0
 2022-02-17 09:12:03 +01:00
Flatcar Buildbot
52e8cfc8f2 sys-kernel: Upgrade Kernel 5.15.23 to 5.15.24 2022-02-17 07:22:23 +00:00
Flatcar Buildbot
16e00441cb app-emulation: Upgrade Containerd 1.5.9 to 1.6.0 2022-02-16 11:20:20 +00:00
Jeremi Piotrowski
5228888a5c profiles/coreos: move gnuefi systemd USE flag to target 
SDK bootstrap is failing with:

  Message: sbat-distro (from ID):

  ../systemd-stable-250.3/src/boot/efi/meson.build:189:24: ERROR: Problem encountered: Required sbat-distro option not set and autodetection failed

The gnuefi USE flag controls whether bootctl and systemd-boot are built, but we
only need those on the target. Currently the USE flag is set for SDK as well,
so move it to coreos/targets/generic.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-02-16 07:57:38 +01:00
Kai Lüke
330a7461fb Merge pull request #1636 from JAORMX/enable-auditd 
Add auditd package and systemd unit
 2022-02-15 20:38:49 +01:00
Kai Lüke
270806ad24 Update changelog/changes/2022-02-15-auditd.md 2022-02-15 20:33:33 +01:00
Krzesimir Nowak
b8505e5d89 profiles: Override UIDs and GIDs where we differ grom Gentoo 
These mostly are UIDs and GIDs that we have allocated before we picked
up changes from Gentoo.
 2022-02-15 17:35:28 +01:00
Krzesimir Nowak
f186c4720d sys-apps/baselayout: Bump 
Add missing entries to passwd and group.

Updated netperf needs netperf user and group. Updated systemd needs
various systemd users and groups. Dnsmasq also seems to require its
own user/group.

All this is added to prevent systemd-sysusers adding these to
/etc/passwd. And systemd-sysusers adds these, because the updated
user/group eclass in portage-stable now drops configuration files into
/usr/lib/sysusers.d. Maybe at some point we will switch over to
(patched?) systemd-sysusers, so this catch-up game won't be necessary,
but we are not there yet.
 2022-02-15 17:35:28 +01:00
Juan Antonio Osorio
8f1612bac2 Add changelog entry for auditd 
Co-authored-by: Kai Lüke <pothos@users.noreply.github.com>
 2022-02-15 17:44:00 +02:00
Juan Antonio Osorio
de263591ff Add auditd package and systemd unit 
This includes the `auditd` binary and systemd unit as part of the
distro. While journald is also able to handle logs from the linux audit
subsystem, auditd provides audit-specific capabilities that are
necessary in deployments subject to regulatory compliance.

For one, an administrator is able to configure audit log writing policy
to ensure that logs land on disk and nothing is missed (`flush`). We
wouldn't want such policy through journald as it woudl sync and ensure
all logs which might be undesirable and too resource intensive. In
short, this allows us to configure different management policies for
audit logs compared to general logs.

It allows us to explicitly configure the node's reaction to errors such
as the disk beign full, the disk having other issues or space constraints.

While Flatcar is not Common Criteria certified which would require the
system to shut down if audit logs present issues (not written or
collected), some FedRAMP environments do require actions such as
notifications (which could be achieved via syslog). This can be
explicitly done with auditd as well.

Co-authored-by: Kai Lüke <pothos@users.noreply.github.com>
 2022-02-15 17:43:54 +02:00
Krzesimir Nowak
d3ccff1f01 changelog: Add entries 2022-02-14 16:35:33 +01:00
Krzesimir Nowak
e349d36ba6 profiles: Update systemd use flags 
- Consolidate them (so enabling selinux and disabling hybrid cgroups
  was moved).

- Remove outdated masks (arm64 does not mask any use flags any more)
  and use flags (ssl was replaced in favor of +openssl and gnutls,
  introspection is gone).

- Add gnuefi (for bootctl, earlier it was built if we requested
  general efi support, now it's built when support also for gnu-efi is
  requested).
 2022-02-14 16:35:33 +01:00
Krzesimir Nowak
ca71cd3a3f sys-apps/systemd: Apply Flatcar modifications 2022-02-14 16:35:33 +01:00
Krzesimir Nowak
4ff26d05db sys-apps/systemd: Sync with gentoo 
It's from gentoo commit 909ff1217e19ce803fefbd16a67869426232f432.
 2022-02-14 16:35:33 +01:00
Dongsu Park
fdc395e8de Merge pull request #1647 from flatcar-linux/go-1.17.7-main 
Upgrade Go in main from 1.17.6 to 1.17.7
 2022-02-14 15:59:37 +01:00
Dongsu Park
9ceb73704f changelog: add security changelog for Go 1.17.7 2022-02-14 14:36:22 +01:00
Flatcar Buildbot
188f067dd5 dev-lang: Upgrade Go 1.17.6 to 1.17.7 2022-02-14 07:30:02 +00:00
Flatcar Buildbot
3b0af8e48a sys-kernel: Upgrade Kernel 5.15.22 to 5.15.23 2022-02-12 07:21:24 +00:00
Dongsu Park
dc408cf2fc Merge pull request #1637 from flatcar-linux/firmware-20220209-main 
Upgrade Linux Firmware in main from 20211216 to 20220209
 2022-02-11 16:03:31 +01:00
Jeremi Piotrowski
bdcac570b1 Merge pull request #1628 from flatcar-linux/jepio/aws-arm64-fix-console 
coreos-base/oem-ec2-compat: set correct console on arm64
 2022-02-11 15:44:52 +01:00
Mathieu Tortuyaux
5a53c343fa Merge pull request #1639 from flatcar-linux/tormath1/polkit 
sys-auth/polkit: remove `-Dwith-duktape`
 2022-02-11 15:39:50 +01:00
Jeremi Piotrowski
08e53ca3b4 Merge pull request #1629 from flatcar-linux/jepio/walinuxagent-update 
update WALinuxAgent to v2.6.0.2
 2022-02-11 15:36:41 +01:00
Dongsu Park
f3b79484d8 Merge pull request #1611 from flatcar-linux/dongsu/gcc-10 
Preparation for gcc 10
 2022-02-11 13:56:31 +01:00
Dongsu Park
020beddd07 sys-kernel/coreos-firmware: fix build issues with cxgb4 firmware 
Fix build issues when building firmware 20220209 by bumping the cxbg4
firmware version to 1.26.6.0. Without that, build fails like:

```
 * Scanning for files required by 5.15.22-flatcar
 * Missing firmware: cxgb4/t6fw.bin (cxgb4.ko.xz)
 * Missing firmware: cxgb4/t5fw.bin (cxgb4.ko.xz)
 * Missing firmware: cxgb4/t4fw.bin (cxgb4.ko.xz)
```
 2022-02-11 09:39:05 +01:00
Flatcar Buildbot
3f1811585f sys-kernel: Upgrade Linux Firmware 20211216 to 20220209 2022-02-11 09:39:05 +01:00
Mathieu Tortuyaux
3bf1a5fb20 sys-auth/polkit: remove -Dwith-duktape 
this option is superseeds by `js_engine` which defaults to duktape.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-02-10 18:37:56 +01:00
Dongsu Park
217a1af593 Merge pull request #1621 from flatcar-linux/cacerts-3.75-main 
Upgrade ca-certificates in main from 3.74 to 3.75
 2022-02-10 17:35:22 +01:00
Kai Lüke
3a9c9ede2d Merge pull request #1622 from flatcar-linux/kai/systemd-disable-manage-foreign-routes-and-rules 
sys-apps/systemd: add downstream patch to disable foreign route mgmt
 2022-02-10 17:33:13 +01:00
Dongsu Park
e24bb9f348 changelog: add changelog for gcc 10 preparation 2022-02-10 16:57:26 +01:00
Dongsu Park
257a513e77 app-emulation/open-vmdk: fix build issues with gcc 10 
As gcc 10 or newer defaults to `-fno-common`, we need to define only
once in a *.c file, instead of *.h that can be imported multiple times
by *.c files.

See also https://github.com/vmware/open-vmdk/pull/13.
 2022-02-10 16:57:26 +01:00
Dongsu Park
f2464ad27b coreos-base/emerge-gitclone: fetch correct commit in case of non-release 
When the given release string is for non-release like
"2022.02.02+dev-flatcar-master-4742", we should fetch release.xml from
a correct commit from e.g.
https://raw.githubusercontent.com/kinvolk/manifest-builds/dev-flatcar-master-4742/dev-flatcar-master-4742.xml.

Without that, as the default branch contains invalid source code that
was deprecated many years ago, the build could sometimes fail, e.g. when
trying to build perl 5.26.2 with gcc 10.

This pulls in https://github.com/flatcar-linux/flatcar-dev-util/pull/7.
 2022-02-10 16:57:26 +01:00
Dongsu Park
ff9098b9d4 net-fs/nfs-utils: Apply Flatcar modifications 
- Add the tmpfiles configuration for populating /var
  - Add service compatibility symlinks (maybe time to drop them)
  - Drop moving a binary from /usr/sbin to /sbin
  - Drop populating /etc and /var
  - Drop pkg_postinst

Based on commit c232e24562cfecd53cb281330e2900fcc30006f7.
 2022-02-10 16:57:26 +01:00
Dongsu Park
fad4ba41b8 net-fs/nfs-utils: update to 2.5.4-r3 
Update net-fs/nfs-utils to 2.5.4-r3, as needed by gcc 10.
Without that update, build fails like:

```
/usr/libexec/gcc/x86_64-cros-linux-gnu/ld:
../../support/export/libexport.a(xtab.o):.../support/export/xtab.c:32:
multiple definition of `v4root_needed';
mountd-v4root.o:.../utils/mountd/v4root.c:31: first defined here
```
 2022-02-10 16:57:25 +01:00
Dongsu Park
7d24586b46 profiles: Update versions of iasl, kexec-tools 
Update sys-power/iasl to 20200326 for arm64.
Update sys-apps/kexec-tools to 2.0.22 for arm64.
 2022-02-10 16:57:25 +01:00
Dongsu Park
157d83ebae profiles: remove mask for gcc-config 2 
As we need to update gcc-config to 2.5, we have to remove the old
mask that prevents gcc-config 2 from being installed.
 2022-02-10 16:57:25 +01:00
Kai Lueke
98d2469b60 coreos-base/update_engine: fix flatcar-postinst migration notice 
This pulls in
https://github.com/flatcar-linux/update_engine/pull/16
to fix a small template error in the cgroup v2 migration notice.
 2022-02-10 13:31:17 +01:00
Jeremi Piotrowski
648e129aab changelog: add entry for AWS ARM64 console fix 
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-02-10 13:30:48 +01:00
Mathieu Tortuyaux
0c2a064bfb Merge pull request #1635 from flatcar-linux/tormath1/vim 
profiles/base: stabilize vim
 2022-02-10 11:38:30 +01:00
Mathieu Tortuyaux
4f4137b33d profiles/base: stabilize vim 
this is required to pull recent versions of vim which fix CVEs.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-02-09 18:02:47 +01:00
Flatcar Buildbot
1bd580a3d6 sys-kernel: Upgrade Kernel 5.15.19 to 5.15.22 2022-02-09 16:39:45 +00:00
Jeremi Piotrowski
d30359a806 coreos-base/oem-ec2-compat: specify correct console on arm64 
The default arm64 console (console=ttyAMA0) that is set by grub is wrong for
EC2 arm64, so fix the value and enable earlycon.
 2022-02-09 17:26:11 +01:00
Jeremi Piotrowski
a76eccc6c4 changelog: add entry for WALinuxAgent 2022-02-09 11:15:23 +00:00
Jeremi Piotrowski
9ce9b93e2a coreos-base/oem-azure(-pro): inject empty eject binary into waagent PATH 
Waagent ejects the provisioning dvd, but this causes the /dev/sr0 drive
to be in a state where util-linux probing it causes the kernel to spam
"unaligned transfer" messages. This is fixed in util-linux main branch,
but it will be a while until this is released.

Create a symlink from 'eject' to '/bin/true' and modify the unit's PATH
environment variable so that this symlink is found before the eject
binary.

Additionally I added the oem python directory to PATH, so that waagent
can be start directly. This should be enough so that messages from
waagent in the journal are prefixed with 'waagent' and not 'python'.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-02-09 11:13:32 +00:00
Jeremi Piotrowski
c312e54e3e app-emulation/wa-linux-agent: update to v2.6.0.2 
v2.6.0.2 is the latest released version and contains the upstreamed
Flatcar support.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-02-09 10:27:11 +00:00
Kai Lueke
e89bb5652c sys-apps/systemd: add downstream patch to disable foreign route mgmt 
This new downstream patch disables the ManageForeignRoutes and
ManageForeignRoutingPolicyRules systemd-netword settings by default to
ensure that CNIs don't get their routes or routing policy rules
discarded on network reconfiguration events.

https://github.com/flatcar-linux/Flatcar/issues/620
 2022-02-07 17:56:54 +01:00
Flatcar Buildbot
d10829cf5f app-misc: Upgrade ca-certificates 3.74 to 3.75 2022-02-07 07:21:43 +00:00
Sayan Chowdhury
563b295ed7 Merge pull request #1610 from flatcar-linux/linux-5.15.19-main 
Upgrade Linux Kernel in main from 5.15.18 to 5.15.19
 2022-02-03 13:17:14 +05:30
Mathieu Tortuyaux
fcd640e6f0 dev-libs/cyrus-sasl: apply flatcar patches 
- remove unecessary ebuild
- apply cross compiling patch

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-02-02 13:43:03 +01:00
Flatcar Buildbot
6229b0f4d2 sys-kernel: Upgrade Kernel 5.15.18 to 5.15.19 2022-02-02 07:22:08 +00:00
Mathieu Tortuyaux
7727932905 dev-libs/cyrus-sasl: sync with ::gentoo 
Commit-Ref: c64e42b0da7ce4c4189c8868ce0a5170f044468f

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-02-01 16:37:03 +01:00
Mathieu Tortuyaux
58cfec0d2b Merge pull request #1603 from flatcar-linux/tormath1/sbsigntools 
app-crypt/sbsigntools: bump to 0.9.4
 2022-02-01 09:39:20 +01:00
Mathieu Tortuyaux
bf127a3a35 changelog: add entry 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-02-01 09:38:28 +01:00
Mathieu Tortuyaux
25c3360eee app-crypt/sbsigntools: apply flatcar changes 
- remove unecessary ebuilds
- mark sbsigntools-0.9.4.ebuild as stable for arm64/amd64
- apply OpenSSLv3 patch from: https://groups.io/g/sbsigntools/topic/patch_fix_openssl_3_0_issue/85903418?p=,,,20,0,0,0::recentpostdate/sticky,,,20,2,0,85903418,previd=1632756467394580924,nextid=1591489833755102589&previd=1632756467394580924&nextid=1591489833755102589
- remove -Werror from Makefile.am for OpenSSLv3 compilation

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-02-01 09:38:14 +01:00
Kai Lüke
51c4f8338f Merge pull request #1602 from flatcar-linux/kai/enable-fips 
sys-kernel: allow fips mode to be enabled
 2022-01-31 19:51:07 +01:00
Flatcar Buildbot
b51049bc89 sys-kernel: Upgrade Kernel 5.15.17 to 5.15.18 2022-01-31 18:48:44 +01:00
Mathieu Tortuyaux
258e8530ba app-crypt/sbsigntools: sync with ::gentoo 
Commit-Ref: bc01370226f4b5f773ae0da7d49ae09b90622666

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-31 16:59:44 +01:00
Kai Lueke
38a01288e1 sys-kernel: allow fips mode to be enabled 
With this kernel config, users can boot with fips=1 set in
`/usr/share/oem/grub.cfg`:
```
set linux_append="fips=1"
```

Which triggers various behaviors, for FIPS 200 certification.

with this config compiled in, and that boot parameter, users can can
that fips is enabled with:
```
flatcar ~ # cat /proc/sys/crypto/fips_enabled
1
```
 2022-01-31 15:07:36 +01:00
Dongsu Park
19a486c58d Merge pull request #1596 from flatcar-linux/dongsu/glibc-2.33-r10 
sys-libs/glibc: update to 2.33-r10
 2022-01-28 16:58:45 +01:00
Krzesimir Nowak
9582e2e795 Merge pull request #1595 from flatcar-linux/linux-5.15.17-main 
Upgrade Linux Kernel in main from 5.15.16 to 5.15.17
 2022-01-28 16:13:55 +01:00
Kai Lüke
456efdeb9a Merge pull request #1589 from flatcar-linux/kai/ipv6-ra 
coreos-cloudinit and bootengine: accept IPv6 RA for default net configs
 2022-01-28 11:08:46 +01:00
Dongsu Park
27bd0429a0 changelog: add changelog for glibc 2.33-r10 2022-01-28 08:43:44 +01:00
Krzesimir Nowak
a752947aec sys-libs/glibc: Apply Flatcar modifications 
- unmask amd64 and arm64
  - take care of nscd.conf via tmpfiles, add files/nscd-conf.tmpfiles.
  - don't run sanity checks in pkg_pretend to prevent gcc checks when
    only the binary package is installed.
  - comment out 'dostrip -x' to force the OS image binaries to be stripped
  - remove everything glibc wants to put under /etc since we use
    baselayout to provide that
 2022-01-28 08:43:44 +01:00
Dongsu Park
2301479ae7 sys-libs/glibc: sync with Gentoo for 2.33-r10 
Update sys-libs/glibc to 2.33-r10, mainly to address CVE-2021-3998,
CVE-2021-3999, CVE-2022-23218, CVE-2022-23219.

Gentoo ref: 7ba56d4da4e3fd2bc0d2c1012f2dc02e448c77d4
 2022-01-28 08:43:40 +01:00
Flatcar Buildbot
e4a527aa27 sys-kernel: Upgrade Kernel 5.15.16 to 5.15.17 2022-01-28 07:22:45 +00:00
Mathieu Tortuyaux
eefde75413 changelog: add entries 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-27 18:08:23 +01:00
Mathieu Tortuyaux
0ce5422e6e sys-auth/polkit: apply Flatcar patches 
- apply duktape patchset from https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/97
 `.gitlab-ci.yml` patch has been removed since file is not shipped in
 archive.
- fix config install paths, use systemd-tmpfiles (All configs should
be installed to /usr and tmpfiles should be used to create and fix
directory permissions instead of the ebuild's postinst.)

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-27 18:08:20 +01:00
Kai Lueke
d341a5b51d coreos-cloudinit and bootengine: accept IPv6 RA for default net configs 
This pulls in
https://github.com/flatcar-linux/coreos-cloudinit/pull/12
and
https://github.com/flatcar-linux/bootengine/pull/30
(https://github.com/flatcar-linux/init/pull/51 is already in)
to also accept Router Advertisements in our default DHCP network
configurations.
 2022-01-27 17:17:12 +01:00
Mathieu Tortuyaux
3bcd2510bc sys-auth/polkit: sync with ::gentoo 
Ref-Commit: 4dbf4f80da2ee7c5e3325d4f25512dc0ed1a4b48

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-27 14:25:53 +01:00
Kai Lueke
e2d87f0d26 coreos-base/coreos-init/coreos-init: pull in latest changes 
This pulls in
https://github.com/flatcar-linux/init/pull/58
(bin/flatcar-update: don't assume $USER is set up, only use $EUID)
and
https://github.com/flatcar-linux/init/pull/51
network: Enable the RAs to fix IPv6 address assignment
 2022-01-26 17:15:03 +01:00
Dongsu Park
66e00de1db Merge pull request #1581 from flatcar-linux/rust-1.58.1-main 
Upgrade dev-lang/rust in main from 1.57.0 to 1.58.1
 2022-01-26 11:27:23 +01:00
Dongsu Park
0652a4584c changelog: add security changelog for Rust 1.58.1 2022-01-25 10:25:12 +01:00
Sayan Chowdhury
44e7c99fe3 Merge pull request #1586 from flatcar-linux/linux-5.15.16-main 
Upgrade Linux Kernel in main from 5.15.15 to 5.15.16
 2022-01-24 23:50:13 +05:30
Mathieu Tortuyaux
4842771f2f Merge pull request #1578 from flatcar-linux/tormath1/krb 
app-crypt/mit-krb5: move to `::portage-stable`
 2022-01-21 11:22:16 +01:00
Mathieu Tortuyaux
adfb599a8a app-crypt/mit-krb5: move to ::portage-stable 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-21 10:25:54 +01:00
Flatcar Buildbot
fcf915f066 sys-kernel: Upgrade Kernel 5.15.15 to 5.15.16 2022-01-21 07:22:58 +00:00
Flatcar Buildbot
0907be99dc dev-lang: Upgrade dev-lang/rust 1.57.0 to 1.58.1 2022-01-21 06:49:01 +00:00
Jeremi Piotrowski
0f908837b9 sys-kernel: backport hyper-v PCI patches from v5.17-rc1 
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-01-20 14:44:47 +00:00
Jeremi Piotrowski
d29ae37389 Merge pull request #1576 from flatcar-linux/runc-1.1.0-main 
Upgrade Runc in main from 1.0.3 to 1.1.0
 2022-01-20 11:45:59 +01:00
Krzesimir Nowak
7ae17b938f Merge pull request #1525 from flatcar-linux/krnowak/no-eapi-update 
Get rid of EAPI 0
 2022-01-20 08:17:35 +01:00
Flatcar Buildbot
cf042a7e72 app-emulation: Upgrade Runc 1.0.3 to 1.1.0 2022-01-19 11:14:29 +00:00
Mathieu Tortuyaux
746b47fc24 Merge pull request #1572 from flatcar-linux/tormath1/openssl 
dev-libs/openssl: sync with the upstream
 2022-01-18 18:05:49 +01:00
Mathieu Tortuyaux
9bb21c4ce1 profiles/keywords: remove openssl 
openssl is marked as stable directly into the Flatcar modifications
commit.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-18 17:03:58 +01:00
Mathieu Tortuyaux
6b16187adc profiles/coreos: unmask openssl-3 
upstream has masked openssl-3 for tracking build failures. Since we are
not impacted by this failures, we can safely unmask openssl-3.

See: https://github.com/flatcar-linux/Flatcar/issues/418 for Flatcar's
dependencies.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-18 16:59:40 +01:00
Mathieu Tortuyaux
b172cf5e6a changelog: add entries 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-18 16:59:40 +01:00
Mathieu Tortuyaux
1a76d69d8d dev-libs/openssl: Apply Flatcar modifications 
- drop `pkg_postint`
- create `/etc/ssl` with tmpfiles
- remove unecessary files
- mark openssl as stable for arm64 and amd64

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-18 16:59:40 +01:00
Krzesimir Nowak
b1018c0c3d Merge pull request #1573 from flatcar-linux/krnowak/eapi-update 
Changes related to app-arch updates
 2022-01-18 16:02:16 +01:00
Flatcar Buildbot
5a4e61fcd0 sys-kernel: Upgrade Kernel 5.15.14 to 5.15.15 2022-01-17 19:15:49 +01:00
Krzesimir Nowak
d4af97831d profiles: Drop keywords for app-arch/pigz 
The updated version is stable for both amd64 and arm64.
 2022-01-17 18:41:32 +01:00
Krzesimir Nowak
65d14d65d4 profiles: Drop keywords for app-arch/pbzip2 
The updated version is stable for both amd64 and arm64.
 2022-01-17 18:40:12 +01:00
Mathieu Tortuyaux
42aec3a36b dev-libs/openssl: sync with the upstream 
Commit-Ref: b258e2593e406538c8ca5029d027f315edc44843

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-17 17:00:31 +01:00
Krzesimir Nowak
275990beb0 app-arch/bzip2: Move back to portage-stable 
We used to keep the package in overlay, because we dropped one Gentoo
patch to avoid some failures when applying updates when updating
payloads. This issue was fixed in bzip2 in a smarter way - we know
this, because we used 1.0.8 version with the fix and we didn't have
any problems so far. No point in keeping the package in overlay then.
 2022-01-14 20:09:41 +01:00
Krzesimir Nowak
da18e43918 sys-libs/berkdb: Drop unused package 2022-01-14 15:08:46 +01:00
Krzesimir Nowak
9fb7e90be0 profiles: Drop virtual/cdrtools keywords 
The virtual/cdrtools package is being dropped in portage-stable.
 2022-01-14 15:08:46 +01:00
Krzesimir Nowak
fd3e1e3f27 coreos-base/hard-host-depends: Replace virtual/cdrtools with app-cdr/cdrtools 
The virtual/cdrtools package is being dropped in portage-stable.
 2022-01-14 15:08:46 +01:00
Krzesimir Nowak
d98a0ac0ca Merge pull request #1548 from flatcar-linux/krnowak/update-profiles 
Drop obsolete stuff after updating profiles
 2022-01-14 14:38:23 +01:00
Jeremi Piotrowski
bdb48fd89a Merge pull request #1564 from flatcar-linux/jepio/fix-mirror-calico 
.github: find latest calico tag when mirroring
 2022-01-14 11:05:47 +01:00
Mathieu Tortuyaux
23df672492 Merge pull request #1565 from flatcar-linux/tormath1/selinux 
sys-apps/policycoreutils: fix policy root path
 2022-01-14 10:18:24 +01:00
Mathieu Tortuyaux
0659f6295f Merge pull request #1563 from flatcar-linux/tormath1/mantle 
coreos-devel/mantle: bump with 0.18.0
 2022-01-14 10:17:22 +01:00
Mathieu Tortuyaux
832bdb51fc sys-apps/policycoreutils: fix policy root path 
root needs to be specified with -p instead of -S.
The policy dir (-S) defaults to (-p) + /var/lib/selinux/ + (-s).

Picked from upstream: 54a8322d18

Closes: https://github.com/flatcar-linux/Flatcar/issues/596
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-14 09:57:39 +01:00
Jeremi Piotrowski
886b11bf1d .github: find latest calico tag from tigera operator 
The mirror-calico workflow has been failing because it currently determines
version=v3.22.0-0.dev-typha, which is not the tag used by the individual
container images. Rewrite the version logic to determine the version based on
what is in the tigera operator manifest. This is the same manifest that we use
to deploy calico in mantle.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-01-13 14:44:04 +01:00
Krzesimir Nowak
1cca5f4eeb Merge pull request #1556 from flatcar-linux/krnowak/iputils-update 
Changes for net-misc/iputils update
 2022-01-13 11:46:47 +01:00
Krzesimir Nowak
a2ff448eb2 Merge pull request #1560 from flatcar-linux/linux-5.15.14-main 
Upgrade Linux Kernel in main from 5.15.13 to 5.15.14
 2022-01-13 11:40:44 +01:00
Krzesimir Nowak
2d5ef69eed sec-policy/selinux-base-policy: Add a patch for ping 
This is to allow users to run ping -I with some IP address or network
interface.

Patch based on:

https://github.com/fedora-selinux/selinux-policy/pull/403
 2022-01-12 18:09:50 +01:00
Krzesimir Nowak
6f3975b9b1 sec-policy/selinux-base: Add patch for ping 
The patch adds stuff that another patch in
sec-policy/selinux-base-policy will use to allow user to call "ping -I
<IPADDRESS>".

Patch based on:

https://github.com/fedora-selinux/selinux-policy/pull/403
 2022-01-12 18:08:58 +01:00
Mathieu Tortuyaux
96bac22bc0 changelog: add entry 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-12 17:14:33 +01:00
Mathieu Tortuyaux
e155b78955 coreos-devel/mantle: sync with upstream release 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-01-12 17:11:30 +01:00
Kai Lueke
59ad0cd262 changelog/security: use right format for release notes 2022-01-12 17:00:26 +01:00
Kai Lueke
a7da13d660 changelog/README.md: specify current security fix section format 
The entries added in changelog/security/ do not follow our existing
security section in the release notes:
  https://www.flatcar.org/releases/#release-3033.2.0

Document the structure and an example to use the right format that we
need for release note generation.
 2022-01-12 16:53:59 +01:00
Kai Lueke
fe514f5b25 sys-kernel/bootengine: Fixed dracut emergency log printing script error 
This pulls in
https://github.com/flatcar-linux/bootengine/pull/33
to fix the cat command invocation.
 2022-01-12 16:07:58 +01:00
Krzesimir Nowak
42451654bf profiles: Update use flags for net-misc/iputils 
The net-misc/iputils package never provided the traceroute binary,
only traceroute6, which is probably why the use flag got renamed to
traceroute6 too.
 2022-01-12 15:45:26 +01:00
Flatcar Buildbot
3d01e98cdb sys-kernel: Upgrade Kernel 5.15.13 to 5.15.14 2022-01-12 07:24:30 +00:00
Krzesimir Nowak
db5f1c7e72 *: Drop mentions of elibc_FreeBSD 2022-01-11 14:15:15 +01:00
Krzesimir Nowak
09465e5a67 sys-apps/systemd: Sync hwdb bits with Gentoo 
Gentoo deprecated sys-apps/hwids and is going to drop it soon.
 2022-01-11 14:15:15 +01:00
Krzesimir Nowak
1a35d9b996 profiles: Drop sys-apps/hwids from accept_keywords 
We are replacing this package with sys-apps/hwdata. Also, no point in
using unstable versions - they are stabilized quickly enough.
 2022-01-11 14:15:15 +01:00
Krzesimir Nowak
752f695663 sys-apps/portage: Drop support for uclibc 
It was removed from Gentoo and with updated profiles, the build
started to fail with:

USE flag 'elibc_uclibc' referenced in conditional 'elibc_uclibc?' is
not in IUSE
 2022-01-11 14:15:15 +01:00
Krzesimir Nowak
158eb34f72 profiles: Keep using crypt functionality from glibc 2022-01-11 14:15:15 +01:00
Krzesimir Nowak
caf56d5b8b Merge pull request #1519 from flatcar-linux/krnowak/eclass-update 
eclass: Some updates for newer EAPI versions
 2022-01-11 13:25:42 +01:00
Krzesimir Nowak
d3247a54a2 Merge pull request #1554 from flatcar-linux/cacerts-3.74-main 
Upgrade ca-certificates in main from 3.73 to 3.74
 2022-01-10 19:19:59 +01:00
Flatcar Buildbot
24276fa7d2 dev-lang: Upgrade Go 1.17.5 to 1.17.6 2022-01-10 07:32:58 +00:00
Flatcar Buildbot
49d87d54af app-misc: Upgrade ca-certificates 3.73 to 3.74 2022-01-10 07:25:19 +00:00
Krzesimir Nowak
83fe5bffd4 sys-boot/grub: Try to force using a newer gettext infra 2022-01-07 16:11:46 +01:00