mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-09-11 16:51:22 +02:00
Code Issues Packages Projects Releases Wiki Activity
23,028 Commits 618 Branches 410 Tags
Commit Graph

23028 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kai Lüke
9dda323097 Merge pull request #565 from flatcar-linux/coreos-overlay 
sys-kernel: Include patch for overflow in tpacket_rcv by pothos
 2020-09-04 18:33:16 +02:00
Kai Lüke
dd0138a9c8 sys-kernel: Include patch for overflow in tpacket_rcv 
A memory corruption vulnerability in AF_PACKET causes the kernel to
panic or enter undefined behavior, tracked as CVE-2020-14386.
While the proposed patch is not included in an upstream release,
include it as downstream patch.
Further information and PoC:
https://www.openwall.com/lists/oss-security/2020/09/03/3
 2020-09-04 18:33:16 +02:00
Marga Manterola
21bfbeb2e9 Merge pull request #564 from flatcar-linux/linux-5.4.62-main 
Upgrade Linux Kernel in main from 5.4.61 to 5.4.62
 2020-09-04 17:55:39 +02:00
Margarita Manterola
938a2b6fee Revert "sys-kernel/coreos-sources: fix vdso32 build for arm" 
This reverts commit 02a187d087c6425345e1b92bc09c1c4276651a4c.

This change is now applied upstream and we no longer need to carry a
separate patch.
 2020-09-04 17:39:28 +02:00
Flatcar Buildbot
178427ca9e sys-kernel: Upgrade coreos-kernel 5.4.61 to 5.4.62 2020-09-04 07:23:07 +00:00
Vincent Batts
a22f316c23
Merge pull request #89 from flatcar-linux/vbatts/build-host 
build_packages: export build host information
alpha-2632.0.0 		2020-09-03 08:36:52 -04:00
Dongsu Park
3db0f31ee9 Merge pull request #556 from flatcar-linux/dongsu/go-1.15 
dev-lang/go: Update the default Go version to 1.15
 2020-09-03 14:03:01 +02:00
Dongsu Park
df48b74f45 coreos-base: Allow installation to multipath target 
Allow `flatcar-install` to install Flatcar into a multipath target.

Pulls in https://github.com/flatcar-linux/init/pull/24
 2020-09-02 16:44:36 +02:00
Dongsu Park
18f00becb5 .github: update Go version 1.15 
Update the default Go version to 1.15.
 2020-09-02 14:50:02 +02:00
Dongsu Park
c174819731 dev-lang/go: Update the default Go version to 1.15 
Now that Go [1.15](Go://go.googlesource.com/go/+/refs/tags/go1.15) has
been released, we should update the default Go version to 1.15.
Since the [EINTR issue](https://github.com/golang/go/issues/38033) was
fixed in 1.15, we can simply move from 1.13 to 1.15.

On the other hand, we should not add 1.14, as the
[EINTR bug fix](https://go-review.googlesource.com/c/go/+/232862/) was
not backported to 1.14.
 2020-09-02 14:50:02 +02:00
Vincent Batts
a77e218d4d
Merge pull request #90 from flatcar-linux/vbatts/update-contrib 
contrib: allow newer ssh keys, and user-provided template
 2020-09-02 08:11:43 -04:00
Vincent Batts
acac817ea1
contrib: shellcheck lint 
Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
 2020-09-02 08:10:50 -04:00
Vincent Batts
b8360e2c20
contrib: allow newer ssh keys 
Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
 2020-09-02 08:10:47 -04:00
Vincent Batts
a43fcbb534
contrib: allow user to provide cloud-config template 
Respecting that substitutions will still be made, the user may want to
also install their own unit files or similar

Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
 2020-09-02 08:10:33 -04:00
Thilo Fromm
14bdd7bcaf Merge pull request #560 from flatcar-linux/t-lo/add-new-subkey-to-init 
coreos-init: add new subkey rsa4096/FCBEAB91
 2020-09-02 11:04:29 +02:00
Thilo Fromm
3605185e08 coreos-init: add new subkey rsa4096/FCBEAB91 
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
 2020-09-02 10:58:43 +02:00
Flatcar Buildbot
2cb1b39e52 Upgrade Cargo in main from 1.44.1 to 1.46.0 2020-09-01 07:31:46 +00:00
Flatcar Buildbot
bc90a58988 dev-lang: Upgrade Rust 1.44.1 to 1.46.0 2020-09-01 07:30:45 +00:00
Vincent Batts
a73bf603f3 Revert "sys-kernel: allow fips mode to be enabled" 
This reverts commit b5e1ce2bc48117bb56d9d992d5611da24c075b95.

Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
 2020-08-31 13:00:52 -04:00
Kai Lüke
1f6a73511e Merge pull request #542 from flatcar-linux/kai/updating-packages 
README.md: Document how	to update packages
 2020-08-31 12:41:27 +02:00
Thilo Fromm
647d411360 Merge pull request #557 from flatcar-linux/t-lo/fix-vdso32-for-arm 
sys-kernel/coreos-sources: fix vdso32 build for arm
 2020-08-31 11:27:58 +02:00
Thilo Fromm
e88f0a0575 sys-kernel/coreos-sources: fix vdso32 build for arm 
This change adds kernel 5.9 upstream patch
https://lore.kernel.org/linux-arm-kernel/20200827234012.19757-1-fllinden@amazon.com/
which fixes a vdso build error on ARM.

Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
 2020-08-31 10:24:26 +02:00
Vincent Batts
f104a53aeb
build_packages: export build host information 
Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
 2020-08-28 13:51:22 -04:00
Thilo Fromm
34305a7bbc Merge pull request #554 from flatcar-linux/vbatts/fips 
sys-kernel: allow fips mode to be enabled
 2020-08-28 14:47:56 +02:00
Thilo Fromm
ad5a7770ed Merge pull request #101 from flatcar-linux/t-lo/update-to-ipset-7.6 
net-firewall/ipset: update to ipset-7.6
 2020-08-28 13:09:33 +02:00
Vincent Batts
9eb0c12548 sys-kernel: allow fips mode to be enabled 
With this kernel config, users can boot with fips=1 set in
`/usr/share/oem/grub.cfg`:
```
set linux_append="fips=1"
```

Which triggers various behaviors, for FIPS 200 certification.

with this config compiled in, and that boot parameter, users can can
that fips is enabled with:
```
flatcar ~ # cat /proc/sys/crypto/fips_enabled
1
```

Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
 2020-08-27 22:12:26 -04:00
Thilo Fromm
8df0c7ae3d Merge pull request #550 from flatcar-linux/linux-5.4.61-main 
Upgrade Linux Kernel in main from 5.4.59 to 5.4.61
 2020-08-27 19:12:16 +02:00
Thilo Fromm
117c872148 Merge pull request #552 from flatcar-linux/dongsu/open-vm-tools-11.1.5 
app-emulation/open-vm-tools: update to 11.1.5
 2020-08-27 19:11:25 +02:00
Thilo Fromm
be6d21ef38 net-firewall/ipset: update to ipset-7.6 
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
 2020-08-27 18:58:28 +02:00
Krzesimir Nowak
31bbaa6546 Merge pull request #99 from flatcar-linux/krnowak/fix-rules 
sys-fs/mdadm: Drop it, temporarily
 2020-08-27 16:14:03 +02:00
Krzesimir Nowak
63813d3706 Merge pull request #546 from flatcar-linux/krnowak/fix-rules 
Fix udev rules in mdadm and lvm2
 2020-08-27 16:11:57 +02:00
Thilo Fromm
5ede2a63eb Merge pull request #100 from flatcar-linux/t-lo/iproute2-5.8.0-with-elf-support 
sys-apps/iproute2: bump to 5.8.0, add ELF support
 2020-08-27 13:52:25 +02:00
dongsu@kinvolk.io
ccaf2d76b8 app-emulation/open-vm-tools: bump to 11.1.5 
Update open-vm-tools 11.1.5,
https://github.com/vmware/open-vm-tools/releases/tag/stable-11.1.5 .
Update also the build number to 16724464.
 2020-08-27 13:37:41 +02:00
dongsu@kinvolk.io
ff384ca963 coreos-base/oem-vmware: update to 11.1.5 
Update oem-vmware to 11.1.5, corresponding to the update of
open-vm-tools to 11.1.5.
Update URL to flatcar-linux.
 2020-08-27 13:37:41 +02:00
Sayan Chowdhury
07dbbcdf9d Merge pull request #551 from flatcar-linux/sayan/bump-etcd-etcdctl-to-3.3.25 
Bump etcdctl and etcd-wrapper to 3.3.25
 2020-08-27 15:29:38 +05:30
Sayan Chowdhury
b4f9aba6fd dev-db/etcdctl: Bump to 3.3.25 
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
 2020-08-27 13:18:02 +05:30
Thilo Fromm
9707103932 sys-apps/iproute2: bump to 5.7.0.xx, add ELF support 
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
 2020-08-27 09:31:20 +02:00
Flatcar Buildbot
e2c3b2cd9a sys-kernel: Upgrade coreos-kernel 5.4.59 to 5.4.61 2020-08-27 07:22:04 +00:00
Sayan Chowdhury
a5e0e43ea3 app-admin/etcd-wrapper: Bump to 3.3.25 
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
 2020-08-27 12:44:49 +05:30
Thilo Fromm
2a5bf6afa5 Merge pull request #544 from flatcar-linux/t-lo/toolbox-add-bpf-mounts 
toolbox: point to flatcar-master to add bpf fs support
 2020-08-26 15:09:53 +02:00
Kai Lüke
ba95215330 Merge pull request #96 from flatcar-linux/kai/fix-old-ebuild 
net-dns/bind: Drop old ebuild file to silence warning
 2020-08-26 15:07:19 +02:00
Kai Lüke
dc0f618168 README.md: Document how to update packages 
The best practice established in this repository is to reset the
package	folder and import a new	version	from upstream without
modifications. In a separate commit the downstream changes are applied.
This makes it clear which downstream changes need to be	ported when
updating to a newer version in the future. Unfortunately this is not
always done which causes confusion and more work. As first step
document the process before we later look into more automation.
 2020-08-26 14:10:37 +02:00
Thilo Fromm
6fac33fd7a toolbox: point to flatcar-master to add bpf fs support 
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
 2020-08-26 14:03:31 +02:00
Thilo Fromm
155f09b596 Merge pull request #543 from flatcar-linux/t-lo/add-group-render-for-udev 
baselayout, systemd: add group "render" for udev
 2020-08-26 13:15:35 +02:00
Thilo Fromm
3387908122 sys-apps/baselayout: point CROS_WORKON to latest flatcar-master merge commit 
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
 2020-08-26 13:13:36 +02:00
Thilo Fromm
786e51a3d1 sys-apps/baselayout: update CROS_WORKON comment 
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
 2020-08-26 13:13:36 +02:00
Thilo Fromm
dbb097a35d sys-apps/systemd: don't depend on acct-group, use GID 30 for "render" 
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
 2020-08-26 13:13:36 +02:00
Thilo Fromm
eb9c81ee47 baselayout, systemd: add group "render" for udev 
This commit adds a dependency on acct-group/render to systemd.
The respective group is provided by portage-stable
(https://github.com/flatcar-linux/portage-stable
 commit ID db2ed1e74a89944b1500dba1471072e8da3dddc9).

Furthermore, the baselayout commit ID is bumped to include a
change from https://github.com/flatcar-linux/baselayout - to
1d32bea2c0e4335d4a8f7e0ccd6a7b41da15e4a7 - which includes
this group in the baselayout used by initramfs.

Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
 2020-08-26 13:13:30 +02:00
Krzesimir Nowak
78bd8ec9e0 sys-fs/lvm2: Add a patch dropping unsupported udev rule 
The `OPTIONS+="event_timeout=180"` rule is not supported by systemd,
and with recent update, systemd complains quite visibly in journalctl
about it. This is already fixed in lvm2 upstream, so this patch will
not be necessary when we do the update.
 2020-08-25 12:07:43 +02:00
Krzesimir Nowak
e564fa0b29 sys-fs/lvm2: Add new revision of a recipe 2020-08-25 12:04:59 +02:00