mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-16 09:26:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
9,880 Commits 629 Branches 394 Tags 164 MiB
edcdfb51ea
Commit Graph

8018 Commits

Author SHA1 Message Date
Sayan Chowdhury
7e12481655 sys-auth/pambase: update stub version to 20220214 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-21 13:23:01 +01:00
Dongsu Park
1749d86e40 Merge pull request #1735 from flatcar-linux/sayan/update-pam-1.5.1_p20210622-r1 
sys-libs/pam: Update to 1.5.1_p20210622
 2022-03-21 13:21:37 +01:00
Dongsu Park
4e2bcfb9a6 changelog: add changelog for pam 1.5.1_p20210622 2022-03-21 13:19:33 +01:00
Sayan Chowdhury
8d4ee0f2d6 sys-libs/pam: Apply Flatcar patches 
-  sys-libs/pam: Make /sbin/unix_chkpwd suid

This is to avoid importing fcaps eclass which adds a dependency on
sys-libs/libcap, which in turn depends on sys-libs/pam. To get out of
this conundrum, we could specify a "-filecaps" use flag for
sys-libs/pam. Problem with this solution would be no capability
override for the binary making it unable to read /etc/shadow. Thus we
make the binary suid. This is strictly less secure than overriding its
capabilities, but I have no idea how to solve it in a less hacky way.

-  sys-libs/pam: Install configuration into /usr

Also provide a tmpfiles fragment to bring it back.

- sys-libs/pam: Locked accounts functionality

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-21 13:19:33 +01:00
Sayan Chowdhury
e1dfbe9862 sys-libs/pam: Update to 1.5.1__p20210622 
gentoo sync ref: a9be6b639c

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-21 13:19:29 +01:00
Kai Lüke
498c4a1ab5 Merge pull request #1737 from flatcar-linux/kai/mantle-bump 
coreos-devel/mantle: bump to latest commit
 2022-03-21 11:54:45 +01:00
Dongsu Park
b2711efd5e profiles: disable su USE flag for util-linux 
As sys-apps/shadow has its own su binary, sys-apps/util-linux should
not have its own su binary. Otherwise, build will simply fail.
Disable su USE flag for util-linux.
 2022-03-21 11:49:08 +01:00
Kai Lueke
d59d626d3b coreos-devel/mantle: bump to latest commit 
We have to update the commit ID now when a mantle PR gets merged
because the new pipeline uses it.
 2022-03-21 10:59:14 +01:00
Sayan Chowdhury
dce35b0a12 sys-firware/intel-microcode: Add the changelog entries for 20220207_p20220207 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-21 10:23:46 +01:00
Flatcar Buildbot
bfd4ba3a66 sys-kernel: Upgrade Kernel 5.15.28 to 5.15.30 2022-03-20 07:22:36 +00:00
Dongsu Park
f88785d939 Merge pull request #1736 from flatcar-linux/rust-1.59.0-main 
Upgrade dev-lang/rust in main from 1.58.1 to 1.59.0
 2022-03-18 18:07:20 +01:00
Dongsu Park
f21caf2d80 Merge pull request #1729 from flatcar-linux/firmware-20220310-main 
Upgrade Linux Firmware in main from 20220209 to 20220310
 2022-03-18 16:06:31 +01:00
Flatcar Buildbot
4bbf728449 dev-lang: Upgrade dev-lang/rust 1.58.1 to 1.59.0 2022-03-18 10:56:52 +00:00
Sayan Chowdhury
052c968ac8 sys-firmware/intel-microcode: Apply Flatcar patches 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-18 13:24:24 +05:30
Sayan Chowdhury
c3d8d35413 sys-firmware/intel-microcode: Sync with Gentoo upstream 
gentoo sync ref: b6146dcdce

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-18 13:21:57 +05:30
Kai Lüke
28b13f4448 Merge pull request #1713 from flatcar-linux/kai/no-lib-symlink 
Split lib and lib64 for sysext support
 2022-03-17 17:06:13 +01:00
Kai Lueke
00841774c9 changelog: add entry for lib and lib64 split 2022-03-17 17:03:16 +01:00
Kai Lueke
bfbf373f20 coreos-base/coreos-oem-gce: use usr/lib/systemd folder 
The lib64/systemd location only happened to work through the used
symlink on Flatcar. The standard location is lib/systemd.
Use the standard location as we now want to split the libs folders.
 2022-03-17 17:03:16 +01:00
Kai Lueke
bc9d7af985 sys-apps/systemd: enable systemd-sysext.service 
The systemd-sysext.service activates sysext images on boot.
Enable it by default.
 2022-03-17 17:03:16 +01:00
Kai Lueke
5fc316e775 coreos-base/coreos-init: add helper service to start sysext services 
This pulls in
https://github.com/flatcar-linux/init/pull/65
 2022-03-17 17:03:16 +01:00
Dongsu Park
9989de6963 Merge pull request #1725 from flatcar-linux/docker-20.10.13-main 
Upgrade Docker in main from 20.10.12 to 20.10.13
 2022-03-17 14:30:14 +01:00
Kai Lueke
ba8aeb992a coreos-base/coreos-init: create compatibility symlinks 
The split of /usr/lib64 into /usr/lib and /usr/lib64 means that paths
to /usr/lib64/X that worked before now wouldn't.
Therefore, create compatibility symlinks.
 2022-03-17 12:15:40 +01:00
Kai Lueke
c6e427d80d profiles: disable SYMLINK_LIB 
The profile Flatcar is on had SYMLINK_LIB set for amd64 which set up
(/usr)/lib as symlink to (/usr)/lib64. This is not the case for arm64
nor common in other recent distributions and causes systemd-sysext
loading to fail.
Disable SYMLINK_LIB for the amd64 board for now, leaving the SDK as is
but we could also set it for the SDK, too. A future profile update will
also bring this change.
 2022-03-17 12:12:46 +01:00
Kai Lueke
b3f4b641ce sys-apps/baselayout: force link creation in tmpfile rule 
The /lib symlink does not point to /usr/lib but instead points to
/usr/lib64 on current releases which have a single /usr/lib64 folder
and a symlink from /usr/lib to it. This means that when they update to
a release with a split lib vs. lib64 setup, the kernel modules are not
found because /lib/modules does not exist (because /lib still points
to /usr/lib64 instead of /usr/lib).
Force link recreation to match the new layout. The system will still be
able to rollback because the link to /usr/lib is still valid because
/usr/lib is itself a link that forwards to /usr/lib64.
 2022-03-17 12:11:11 +01:00
Dongsu Park
96d59a1d55 app-emulation/docker: remove unnecessary patch for etcd 
Now that Docker 20.10.13 updated its vendored etcd to 3.3.27, it is
not necessary any more to fix F_OFD_GETLK in etcd. Simply remove it.
 2022-03-17 10:24:49 +01:00
Juan Antonio Osorio
6dadefecfb Add SELinux flag for sssd build 
Signed-off-by: Juan Antonio Osorio <juan.osoriorobles@eu.equinix.com>
 2022-03-17 09:34:51 +02:00
Flatcar Buildbot
372c62308b sys-kernel: Upgrade Linux Firmware 20220209 to 20220310 2022-03-17 07:12:09 +00:00
Mathieu Tortuyaux
20cae0b0c3 Merge pull request #1727 from flatcar-linux/tormath1/openssl 
dev-libs/openssl: bump to 3.0.2
 2022-03-16 15:59:56 +01:00
Mathieu Tortuyaux
dfbd94b035 changelog: add entries 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-16 11:07:42 +01:00
Mathieu Tortuyaux
f71a2f9e31 dev-libs/openssl: Apply Flatcar modifications 
- remove unecessary files
- drop `pkg_postint`
- create `/etc/ssl` with tmpfiles
- mark openssl as stable for arm64 and amd64

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-16 11:03:49 +01:00
Mathieu Tortuyaux
d01e5e7fa3 dev-libs/openssl: sync with ::gentoo 
Commit-Ref: ca7cd67308

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-16 10:52:22 +01:00
Flatcar Buildbot
d344be8799 app-emulation: Upgrade Docker 20.10.12 to 20.10.13 2022-03-16 07:46:49 +00:00
Jeremi Piotrowski
52971dee4b changelog: add entry for revert which fixes AWS m4 networking 2022-03-15 19:35:56 +01:00
Jeremi Piotrowski
38680b5b7a sys-kernel/coreos-sources: revert commit which breaks networking on M4 instances 
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-03-15 19:35:56 +01:00
Krzesimir Nowak
d784aa9238 coreos-base/update_engine: Drop unused alias 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
833d18a78b profiles: Add accept_keywords for app-crypt/rhash 
So the version used for the potential arm64 SDK is the same as in
amd64 SDK.
 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
9e6d34f929 profiles: Drop outdated use flag for dev-libs/protobuf 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
7f38b34ca0 profiles: Drop dev-libs/libusb from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
93237a0bf4 profiles: Drop dev-libs/libassuan from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
2021223762 profiles: Drop sys-fs/quota from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
464d0fdcd4 profiles: Update accept_keywords for app-crypt/efitools 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
8bdb5b4216 profiles: Drop sys-apps/sandbox from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-15 17:55:25 +01:00
Krzesimir Nowak
1c4c5d0a3d profiles: Drop dev-cpp/gflags from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-15 17:55:25 +01:00
Jeremi Piotrowski
ae1ca7a804 Merge pull request #1718 from flatcar-linux/linux-5.15.28-main 
Upgrade Linux Kernel in main from 5.15.27 to 5.15.28
 2022-03-15 14:17:50 +01:00
Kai Lueke
94254e2afb sys-kernel/bootengine: re-add missing modules 
This pulls in
https://github.com/flatcar-linux/bootengine/pull/40
to add the kernel modules back that disappeared compared to Stable
3033.x.y with the 5.10 kernel.
 2022-03-15 11:38:51 +01:00
Flatcar Buildbot
14e9176fa4 sys-kernel: Upgrade Kernel 5.15.27 to 5.15.28 2022-03-12 07:22:35 +00:00
Mathieu Tortuyaux
1bb3bd5375 Merge pull request #1707 from flatcar-linux/tormath1/gcp 
ignition: support `gce` as OEM ID
 2022-03-11 17:48:43 +01:00
Kai Lüke
0257fa3d84 Merge pull request #1710 from flatcar-linux/kai/ignition-link-translate 
sys-apps/ignition: fix link translation
 2022-03-11 13:23:34 +01:00
Kai Lueke
344dbf2eb0 sys-apps/ignition: fix link translation 
This pulls in https://github.com/flatcar-linux/ignition/pull/38
for https://github.com/flatcar-linux/ign-converter/pull/5
to fix https://github.com/flatcar-linux/Flatcar/issues/666 which
is about a failing translation due to a too strict check.
 2022-03-11 13:23:01 +01:00
Dongsu Park
2b21cde4d8 changelog: add security changelog for Go 1.17.8 
Add missing security changelog CVE-2022-24921 for Go 1.17.8.
 2022-03-11 10:13:22 +01:00
Dongsu Park
83c5075143 Merge pull request #1704 from flatcar-linux/vmware-12.0.0-main 
Upgrade open-vm-tools in main from 11.3.5 to 12.0.0
 2022-03-11 09:36:43 +01:00
Mathieu Tortuyaux
a38d49869d coreos-base/coreos-init: convert back gcp to gce 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-10 11:30:49 +01:00
Mathieu Tortuyaux
ce5042743c sys-kernel/bootengine: convert gce to gcp 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-10 11:30:49 +01:00
Dongsu Park
3d3acd7a98 app-emulation/open-vm-tools: add USE flags salt-minion 
For open-vm-tools 12.0.0, add a new USE flag salt-minion.
Pass `--disable-containerinfo` to fix build issues, because it is
currently not trivial to import dependency libs grpc++ into Flatcar.
 2022-03-10 10:35:05 +01:00
Dongsu Park
461edca2d5 app-emulation/open-vm-tools: remove FUSE addition from patches 
Since open-vm-tools 12.0.0 already supports its native fuse detection
mechanism, we do not need to add another check for fuse to configure.ac.
 2022-03-10 10:35:05 +01:00
Flatcar Buildbot
8076f1638c app-emulation: Upgrade open-vm-tools 11.3.5 to 12.0.0 2022-03-10 10:35:05 +01:00
Krzesimir Nowak
90615c215e profiles: Drop dev-perl/Text-Unidecode from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
045a3e6769 profiles: Drop sys-libs/efivar from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
c6ce357d02 profiles: Sync app-eselect/eselect-pinentry version 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
31ac287ea3 profiles: Drop net-nds/rpcbind from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
9412c64ba3 profiles: Drop sys-boot/efibootmgr from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
34becb7f43 profiles: Drop virtual/krb5 from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
935353ffa6 profiles: Drop net-misc/socat from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
be20b0611b profiles: Update accept_keywords for dev-util/checkbashisms 
It's stable for amd64, but still unstable for arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
6e2cdb223c profiles: Drop dev-libs/libevent from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
c550349cb1 profiles: Drop sys-fs/dosfstools from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
03558679ab profiles: Drop virtual/libusb from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
74c48fb57d profiles: Drop sys-block/thin-provisioning-tools from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
22a4df6c05 profiles: Drop sys-fs/lsscsi from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
50e5de95c2 profiles: Drop sys-apps/man-db from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
ef8be94860 Merge pull request #1706 from flatcar-linux/linux-5.15.27-main 
Upgrade Linux Kernel in main from 5.15.25 to 5.15.27
 2022-03-09 17:15:38 +01:00
Dongsu Park
494ff08e9b Merge pull request #1696 from flatcar-linux/cacerts-3.76-main 
Upgrade ca-certificates in main from 3.75 to 3.76
 2022-03-09 14:44:27 +01:00
Jeremi Piotrowski
752d197781 Merge pull request #1700 from flatcar-linux/jepio/remove-rng-tools 
coreos-base/coreos: remove rng-tool dependency
 2022-03-09 14:11:26 +01:00
Jeremi Piotrowski
617f619c68 changelog: add entry for rngd.service removal 
The user visible effect of rng-tool removal is that rngd is no longer
started in the initramfs.
 2022-03-09 13:06:07 +01:00
Dongsu Park
9f7fe58ac1 Merge pull request #1691 from flatcar-linux/containerd-1.6.1-main 
Upgrade Containerd in main from 1.6.0 to 1.6.1
 2022-03-09 09:11:35 +01:00
Dongsu Park
bec04a986a changelog: add changelog for containerd 1.6.1 2022-03-09 09:09:23 +01:00
Flatcar Buildbot
fb8008aafe sys-kernel: Upgrade Kernel 5.15.25 to 5.15.27 2022-03-09 07:23:52 +00:00
Jeremi Piotrowski
b58f674576 Merge pull request #1690 from flatcar-linux/jepio/oem-azure-dep-fix 
Fix arm64 build after pro oem merge
 2022-03-08 18:41:53 +01:00
Mathieu Tortuyaux
a2e46ed803 Merge pull request #1699 from JAORMX/containerd-selinux 
containerd: Enable SELinux labeling support by default
 2022-03-08 18:02:28 +01:00
Juan Antonio Osorio
3b491d97b6 Added changelog entry for SELinux enablement in containerd 
Signed-off-by: Juan Antonio Osorio <juan.osoriorobles@eu.equinix.com>
 2022-03-08 18:07:00 +02:00
Jeremi Piotrowski
debf700a83 coreos-base/coreos: remove rng-tool dependency 
rng-tools does not appear to be necessary for booting in virtual machine
environments in 2022. Back in the day the boot process would block if
there was not enough entropy to seed the system random pool, but over
the years the linux kernel made sure that the pool is force seeded if
userspace does not do so one it's own. Remove rng-tool as it is not
needed and it would require work to make sure it works (detection of
tpm/hwrng/intel cpu instructions).
 2022-03-08 16:00:01 +01:00
Jeremi Piotrowski
a3b04c4f02 add former 'pro' packages to arm64 board/coreos dependencies 
flatcar-eks/nvidia-drivers/nvidia-metadata are now required to build
AWS/Azure images on all architectures, so we need the packages to not be
amd64-only dependencies of board-packages or coreos any longer.
 2022-03-08 10:57:12 +01:00
Jeremi Piotrowski
ec88babf35 x11-drivers/nvidia-drivers: add runtime dependency on nvidia-metadata 
setup-nvidia requires the nvidia-metadata file.
 2022-03-08 10:57:12 +01:00
Jeremi Piotrowski
a972428590 x11-drivers/nvidia-(drivers|metadata): keyword for arm64 
coreos-base/oem-azure now requires systemd units installed by
nvidia-drivers, so the nvidia-drivers package needs to be available for
both architectures. Nvidia-drivers depends on nvidia-metadata so the
same applies.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-03-08 10:57:12 +01:00
Juan Antonio Osorio
333c985cad containerd: Enable SELinux labeling support by default 
This enables containerd to do appropriate SELinux labeling of containers
and files by default. This should not be problematic as Flatcar ships with
SELinux permissive by default.

Signed-off-by: Juan Antonio Osorio <juan.osoriorobles@eu.equinix.com>
 2022-03-08 11:10:02 +02:00
Jeremi Piotrowski
b0bde5635a Merge pull request #1697 from flatcar-linux/go-1.17.8-main 
Upgrade Go in main from 1.17.7 to 1.17.8
 2022-03-08 08:48:30 +01:00
Mathieu Tortuyaux
d4ce290fef changelog: add entries 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Co-authored-by: Kai Lüke <pothos@users.noreply.github.com>
 2022-03-07 18:32:45 +01:00
Mathieu Tortuyaux
f383ffeac1 coreos-base/coreos-init: enable enable-oem-cloudinit 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-07 18:17:36 +01:00
Mathieu Tortuyaux
4f9b1e9e5a coreos-base/oem: remove default.ign 
With ignitionv3, there is no more `default.ign` loaded configuration. We
can safely remove this configuration since it won't be loaded anyway.

oem-cloudinit will be conditionally enabled based on `ignition`
execution result.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-07 18:17:36 +01:00
Mathieu Tortuyaux
05d1141214 sys-kernel/bootengine: update commit ID 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-07 18:17:36 +01:00
Mathieu Tortuyaux
57461c606c sys-apps/ignition: bump commit ID 
it mainly brings V3 support on top of V2 support for Ignition and ensure
backward compatibility with existing integration.

Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
 2022-03-07 18:17:36 +01:00
Flatcar Buildbot
2c10f4ecd8 dev-lang: Upgrade Go 1.17.7 to 1.17.8 2022-03-07 07:31:06 +00:00
Flatcar Buildbot
d89b98ad6e app-misc: Upgrade ca-certificates 3.75 to 3.76 2022-03-07 07:24:05 +00:00
Flatcar Buildbot
2d04a88857 app-emulation: Upgrade Containerd 1.6.0 to 1.6.1 2022-03-04 08:23:25 +00:00
Sayan Chowdhury
f2d24968a4 Merge pull request #1648 from flatcar-linux/sayan/update-timezone-data-2021a 
sys-libs/timezone-data: Sync with Gentoo upstream
 2022-03-03 14:36:40 +05:30
Sayan Chowdhury
3466931d5e changelog: Add the entry for the timezone-data 2021a 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-03 14:34:16 +05:30
Sayan Chowdhury
3c0597b403 sys-libs/timezone-data: Apply Flatcar patches 
Recreate the old posix symlink for compatibility, and drop all the
pkg functions that maintain /etc/localtime since we default to UTC.

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-03 14:34:16 +05:30
Sayan Chowdhury
30ef5091b3 sys-libs/timezone-data: Sync with Gentoo upstream 
upstream sync ref
e13124464c

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-03 14:34:13 +05:30
Krzesimir Nowak
7463f454ae Merge pull request #1678 from flatcar-linux/krnowak/pkg-updates-2016 
Accept keyword cleanup for packages from 2016
 2022-03-02 19:38:59 +01:00
Kai Lüke
a0378f9338 Merge pull request #1682 from flatcar-linux/kai/revert-ipsec-change 
sys-kernel: Revert change to forbid using xfrm id 0
 2022-03-02 17:49:40 +01:00