This reverts commit b97cfe126f0934d1505e352e17f15d580879d3cc.
The minor device numbers of loop partitions are allocated dynamically
which significantly complicates dunning under Docker which uses a static
/dev. Rolling this back until we can rely on /dev being dynamic.
If git is installed via coreos-dev in the STATE partition it will need
some help finding its install location since it was built thinking it
would be installed in /usr rather than /usr/local.
If the user already exists check that the UID and GID are correct and
modify it (setting shell and home directory) to match what the SDK
expects. This avoids needlessly failing if the user calling cros_sdk is
the 'core' user on a CoreOS machine.
Change new-user creation to copy the user's full name and group instead
of using a generic name and Google's 'eng' group. Also remove the
default password for the account, it isn't needed and uses perl.
opencryptoki sometimes fails to build by trying to install something to
/var/lock which is a symlink to /run but the SDK makes no promise that
/run is mounted and populated. Instead of fixing the ebuild just drop it
and tpm-tools which depends on it since we don't actually need them.
Pair down the old unused sysctl.conf do what is useful for us and
install it into /usr/lib/sysctl.d for systemd to handle.
Installing /srv in the SDK does no harm so do so.
EAPI=5 because, better.
This duplicates sys-apps/baselayout so don't bother. Probably left over
from when baselayout wasn't properly installed with the 'build' use flag
to initialize the filesystem tree.
Remove the following unused users/groups:
- core-access
- polkituser
- pkcs11
- ipsec
- tor
- tcpdump
- debugd
- openvpn
- input
Add groups:
- docker (new group, for things like access to docker socket)
- systemd-journal (exists in sdk, not images. for journal log access)
- dialout (exists in sdk, required by default udev rules)
The core user has access to docker and systemd-journal.
The udev rules are required on our system and refer to non-existent
groups causing udev to spew a bit of useless noise on boot.
The profile.d scripts don't do anything at all.
this fixes a regression where etcd no longer listens on 127.0.0.1 and
the public ip. Fix this up because etcd needs to listen on both for user
convienence and for other cluster members to talk to it.
TODO: Add 127.0.0.1 test to ami test.
I've observed networking between ec2 instances not start working for
somewhere between 40-50 seconds earlier today which caused the test to
fail despite the fact that everything came up properly eventually.
Upping to 90 seconds should better cope with the surprises Amazon has to
offer.
This avoids the need to dd individual filesystem images into a complete
disk image, just mount the partitions directly from a loop device
covering the whole image. This does add the requirement that mkfs run as
root but that isn't a problem.
These are just cluttering things and adding an element of "how does this
work?" because base_image_util was defaulting to the "usb" layout in
some places and "base" in others.
This change removes /usr/sbin/write_gpt.sh from images which we have no
use for. This allows us to drop the indirection of writing partition
tables by first writing out a script to call. Now cgpt.py can call cgpt
directly to initialize the partition layout. This opens the way for
further improvements to how disk images are created.
This currently does nothing because our state partition is not partition
number 1. Even if it did we don't really needed it since we rely on
expanding on boot instead.
Remove --verity_*: Unused, we don't support verity
Remove --usb_disk: Unused, we use PARTUUID now.
Remove --enable_serial: Unused, and serial is enabled for syslinux
