mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-22 15:01:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
3,418 Commits 616 Branches 394 Tags
Commit Graph

3418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Marineau
7fed71e9ac coreos-kernel: explicitly add -nopie for hardened compilers 
The Gentoo hardened compiler enables PIE by default unless it detects an
incompatible option. To detect kernel builds it uses -D__KERNEL__ which
is unfortunately a preprocessor option that ccache >= 3.2 will not pass
to compile-only calls, since in theory it is unnessicary and omitting
preprocessor options works around and issues in another (*cough* LLVM)
compilers. There really isn't any other alternative magic hack so go
with the plain no-magic solution. :)

Bug: https://bugs.gentoo.org/show_bug.cgi?id=535984
 2015-07-07 20:25:12 -07:00
Alex Crawford
edfd5ad012 Merge pull request #1342 from crawford/seismograph 
sys-apps/seismograph: include disk GUID feature
 2015-07-06 16:47:25 -07:00
Alex Crawford
7ac986e5ed sys-apps/seismograph: include disk GUID feature 2015-07-06 13:51:16 -07:00
Michael Marineau
1721249283 Merge pull request #1341 from coreos/revert-1337-update 
Revert "Update update_engine"
 2015-07-06 13:10:33 -07:00
Michael Marineau
9f6ef609b5 Revert "Update update_engine" 2015-07-06 06:08:46 -07:00
Michael Marineau
dcf94ca48c Merge pull request #1340 from coreos/revert-1338-fleet-0.11.0 
Revert "app-admin/fleet: bump to v0.11.0"
 2015-07-04 20:16:09 -07:00
Michael Marineau
1520766779 Revert "app-admin/fleet: bump to v0.11.0" 2015-07-04 13:14:32 -07:00
Michael Marineau
0477ee2df0 Merge pull request #1337 from marineam/update 
Update update_engine
 2015-07-03 21:46:57 -07:00
Nick Owens
c6b9fa98be Merge pull request #1339 from mischief/networkd-nat 
sys-apps/systemd: enable nat use flag for ip masquerading in networkd
 2015-07-03 18:49:53 -07:00
mischief
cd117a321e sys-apps/systemd: enable nat use flag for ip masquerading in networkd 2015-07-03 18:48:05 -07:00
Nick Owens
f15f74448c Merge pull request #1338 from mischief/fleet-0.11.0 
app-admin/fleet: bump to v0.11.0
 2015-07-03 17:24:55 -07:00
mischief
f1278017ab app-admin/fleet: bump to v0.11.0 2015-07-03 17:19:07 -07:00
Michael Marineau
f52a4cc47e Merge pull request #1328 from exoscale/master 
exoscale network workaround not needed anymore
 2015-07-02 16:37:02 -07:00
retrack
1f6a7401b8 coreos-base/oem-exoscale: network workaround not needed anymore 2015-07-03 01:15:21 +02:00
Michael Marineau
a437c096fe update_engine: update to latest, fixes kernel payload code 2015-07-02 14:09:56 -07:00
Michael Marineau
7f33fd307c Revert "Revert "update_engine: lots of updates"" 
This reverts commit 7bbc88c31ce48c6da6fb6fd1c1bf9d3927825d9f.
 2015-07-02 14:08:12 -07:00
Michael Marineau
5d4eebf714 Merge pull request #1336 from marineam/systemd 
systemd: fix systemd-escape's exit code
 2015-07-02 13:03:32 -07:00
Michael Marineau
8f935f6ebb Merge pull request #1335 from marineam/selinux 
selinux: make selinux optional based on USE flags, disable for now.
 2015-07-02 12:13:59 -07:00
Michael Marineau
bd33c8cf5d systemd: fix systemd-escape's exit code 2015-07-02 12:13:39 -07:00
Michael Marineau
e5c1d942ec selinux: make selinux optional based on USE flags, disable for now. 
Some issues still to work out with tmpfiles and logind.
 2015-07-01 22:41:43 -07:00
Nick Owens
6adadb896a Merge pull request #1332 from mischief/sfc 
sys-kernel/coreos-kernel: enable sfc and mtd drivers
 2015-07-01 18:50:15 -07:00
George Tankersley
9415e80fd1 Merge pull request #1334 from gtank/verity 
bootengine: bump ebuild for verity generator
 2015-07-01 18:35:03 -07:00
mischief
6b48095e48 sys-kernel/coreos-kernel: enable sfc and mtd drivers 2015-07-01 18:28:06 -07:00
mjg59
9c37f62093 Merge pull request #1326 from mjg59/master 
Enable kernel lockdowns in Secure Boot environments
 2015-07-01 18:09:54 -07:00
Matthew Garrett
7be98f2fdc Enable kernel lockdowns in Secure Boot environments 
Secure Boot is easy to work around unless the kernel restricts
userspace's ability to modify the kernel. Add kernel patches from Fedora
that do this.
 2015-07-01 17:45:21 -07:00
George Tankersley
37446bff38 bootengine: bump ebuild for verity generator 2015-07-01 17:31:39 -07:00
Eugene Yakubovich
1de896c887 Merge pull request #1333 from eyakubovich/flannel-0.5 
flannel: bump to v0.5.0
 2015-07-01 15:07:29 -07:00
Eugene Yakubovich
8f67ce4565 flannel: bump to v0.5.0 2015-07-01 14:44:39 -07:00
mjg59
f29fae2428 Merge pull request #1331 from mjg59/selinux 
Remove calls to host tools during selinux policy build
 2015-07-01 13:41:07 -07:00
Matthew Garrett
7d9e123f97 Remove calls to host tools during selinux policy build 
SELinux policies were attempting to run the host checkmodule and semodule
commands. The former is easy to fix via pointing them at the build root, the
latter we skip entirely because we don't want to install the policy at this
point - we'll do that during image build.
 2015-07-01 11:58:10 -07:00
Patrick Baxter
601e5f58c0 Merge pull request #1330 from pbx0/mantle 
coreos-devel/mantle: bump to latest commit
 2015-07-01 11:47:03 -07:00
mjg59
a5ac55fa1b Merge pull request #1329 from mjg59/policycoreutils 
Fix policycoreutils build
 2015-07-01 11:24:43 -07:00
Patrick Baxter
94177003ac coreos-devel/mantle: bump to latest commit 2015-07-01 11:22:12 -07:00
Matthew Garrett
15c35fa751 Fix policycoreutils build 
There was still some python leaking into this - skip building sepolicy
to avoid issues with cross-compilation.
 2015-07-01 11:21:18 -07:00
Michael Marineau
c940294b1f Merge pull request #1327 from marineam/kernel 
coreos-kernel: prepare for using patched kernels
 2015-06-30 22:11:39 -07:00
Michael Marineau
9d10bb7bd4 coreos-kernel: prepare for using patched kernels 
We will be carrying some patches so the version of the source code will
no longer be simply the upstream mainline version. A -coreos or
-coreos-r1 and so forth will be appended. A new variable defining the
source revision (e.g. -r1) has been added so we can continue to bump the
coreos-kernel revision independently of coreos-sources for minor things
like config updates.
 2015-06-30 16:30:49 -07:00
mjg59
3e1ca9c8fd Merge pull request #1325 from mjg59/selinux 
Add selinux build fixes
 2015-06-30 13:53:32 -07:00
Michael Marineau
0e5f1f28b2 Merge pull request #1324 from marineam/kernel 
coreos-kernel: slim down defconfig, bump to 4.0.7
 2015-06-30 12:21:13 -07:00
Michael Marineau
46e8ae92b0 Merge pull request #1320 from marineam/ec2 
ec2: disable new-style interface naming on Amazon
 2015-06-30 12:18:19 -07:00
mjg59
e6fbf76a0c Merge pull request #1322 from mjg59/master 
Update grub for dm-verity
 2015-06-30 12:06:10 -07:00
Matthew Garrett
01ae86a31e Add selinux build fixes 
There were a couple of build failures due to selinux packages accidentally
relying on host packages.
 2015-06-30 11:16:46 -07:00
Michael Marineau
f44a3fefb1 coreos-kernel: bump to 4.0.7 2015-06-29 17:28:12 -07:00
Michael Marineau
1fc1f49640 coreos-kernel: enable ip= kernel option 
Fixes #1154
 2015-06-29 17:28:12 -07:00
Michael Marineau
ff9b5fca12 coreos-kernel: prune amd64 down to the minimal defconfig 
This strips down the config to just the non-default options, the arm64
kernel config is already in this minimal format.
 2015-06-29 17:23:28 -07:00
Matthew Garrett
11c8fe6360 Update grub for dm-verity 
Update grub to include support for passing through the dm-verity hash
 2015-06-29 17:16:14 -07:00
mjg59
90bb5a2d94 Merge pull request #1311 from mjg59/master 
Bring in custom selinux work
 2015-06-29 17:13:34 -07:00
Michael Marineau
bbe5a5d9e3 Merge pull request #1321 from marineam/logrotate-fix 
coreos-init: fix build
 2015-06-29 16:13:43 -07:00
Michael Marineau
b5d84bf25f coreos-init: fix build 2015-06-29 16:11:57 -07:00
Matthew Garrett
193ef15b91 Fix up selinux policy 
We need some additional selinux policy to get rkt working. Right now
this is a slightly rough cut - we'll tidy this up over time and ensure
that it's not overly permissive. In addition, ensure that policy is
installed in /usr rather than /etc and /var in order to allow upgrades
to work properly.
 2015-06-29 13:36:29 -07:00
Matthew Garrett
07aa4a264b Enable selinux 
Pull in various selinux bits that need modification, and enable them.

setools: Needs patching to support cross building
policycoreutils: Needs patching to remove python runtime dependency
sec-policy/*: We need custom policy modifications

In addition, modify selinux-policy-2.eclass to support pulling in selinux
includes from the build root rather than /, enable selinux in systemd's
use flags and enable selinux support in the kernel.
 2015-06-29 13:33:45 -07:00