mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-16 09:26:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
9,880 Commits 629 Branches 394 Tags 164 MiB
edcdfb51ea
Commit Graph

8018 Commits

Author SHA1 Message Date
Dongsu Park
83c5075143 Merge pull request #1704 from flatcar-linux/vmware-12.0.0-main 
Upgrade open-vm-tools in main from 11.3.5 to 12.0.0
 2022-03-11 09:36:43 +01:00
Mathieu Tortuyaux
a38d49869d coreos-base/coreos-init: convert back gcp to gce 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-10 11:30:49 +01:00
Mathieu Tortuyaux
ce5042743c sys-kernel/bootengine: convert gce to gcp 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-10 11:30:49 +01:00
Dongsu Park
3d3acd7a98 app-emulation/open-vm-tools: add USE flags salt-minion 
For open-vm-tools 12.0.0, add a new USE flag salt-minion.
Pass `--disable-containerinfo` to fix build issues, because it is
currently not trivial to import dependency libs grpc++ into Flatcar.
 2022-03-10 10:35:05 +01:00
Dongsu Park
461edca2d5 app-emulation/open-vm-tools: remove FUSE addition from patches 
Since open-vm-tools 12.0.0 already supports its native fuse detection
mechanism, we do not need to add another check for fuse to configure.ac.
 2022-03-10 10:35:05 +01:00
Flatcar Buildbot
8076f1638c app-emulation: Upgrade open-vm-tools 11.3.5 to 12.0.0 2022-03-10 10:35:05 +01:00
Krzesimir Nowak
90615c215e profiles: Drop dev-perl/Text-Unidecode from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
045a3e6769 profiles: Drop sys-libs/efivar from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
c6ce357d02 profiles: Sync app-eselect/eselect-pinentry version 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
31ac287ea3 profiles: Drop net-nds/rpcbind from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
9412c64ba3 profiles: Drop sys-boot/efibootmgr from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
34becb7f43 profiles: Drop virtual/krb5 from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
935353ffa6 profiles: Drop net-misc/socat from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
be20b0611b profiles: Update accept_keywords for dev-util/checkbashisms 
It's stable for amd64, but still unstable for arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
6e2cdb223c profiles: Drop dev-libs/libevent from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
c550349cb1 profiles: Drop sys-fs/dosfstools from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
03558679ab profiles: Drop virtual/libusb from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
74c48fb57d profiles: Drop sys-block/thin-provisioning-tools from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
22a4df6c05 profiles: Drop sys-fs/lsscsi from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
50e5de95c2 profiles: Drop sys-apps/man-db from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-03-09 18:05:07 +01:00
Krzesimir Nowak
ef8be94860 Merge pull request #1706 from flatcar-linux/linux-5.15.27-main 
Upgrade Linux Kernel in main from 5.15.25 to 5.15.27
 2022-03-09 17:15:38 +01:00
Dongsu Park
494ff08e9b Merge pull request #1696 from flatcar-linux/cacerts-3.76-main 
Upgrade ca-certificates in main from 3.75 to 3.76
 2022-03-09 14:44:27 +01:00
Jeremi Piotrowski
752d197781 Merge pull request #1700 from flatcar-linux/jepio/remove-rng-tools 
coreos-base/coreos: remove rng-tool dependency
 2022-03-09 14:11:26 +01:00
Jeremi Piotrowski
617f619c68 changelog: add entry for rngd.service removal 
The user visible effect of rng-tool removal is that rngd is no longer
started in the initramfs.
 2022-03-09 13:06:07 +01:00
Dongsu Park
9f7fe58ac1 Merge pull request #1691 from flatcar-linux/containerd-1.6.1-main 
Upgrade Containerd in main from 1.6.0 to 1.6.1
 2022-03-09 09:11:35 +01:00
Dongsu Park
bec04a986a changelog: add changelog for containerd 1.6.1 2022-03-09 09:09:23 +01:00
Flatcar Buildbot
fb8008aafe sys-kernel: Upgrade Kernel 5.15.25 to 5.15.27 2022-03-09 07:23:52 +00:00
Jeremi Piotrowski
b58f674576 Merge pull request #1690 from flatcar-linux/jepio/oem-azure-dep-fix 
Fix arm64 build after pro oem merge
 2022-03-08 18:41:53 +01:00
Mathieu Tortuyaux
a2e46ed803 Merge pull request #1699 from JAORMX/containerd-selinux 
containerd: Enable SELinux labeling support by default
 2022-03-08 18:02:28 +01:00
Juan Antonio Osorio
3b491d97b6 Added changelog entry for SELinux enablement in containerd 
Signed-off-by: Juan Antonio Osorio <juan.osoriorobles@eu.equinix.com>
 2022-03-08 18:07:00 +02:00
Jeremi Piotrowski
debf700a83 coreos-base/coreos: remove rng-tool dependency 
rng-tools does not appear to be necessary for booting in virtual machine
environments in 2022. Back in the day the boot process would block if
there was not enough entropy to seed the system random pool, but over
the years the linux kernel made sure that the pool is force seeded if
userspace does not do so one it's own. Remove rng-tool as it is not
needed and it would require work to make sure it works (detection of
tpm/hwrng/intel cpu instructions).
 2022-03-08 16:00:01 +01:00
Jeremi Piotrowski
a3b04c4f02 add former 'pro' packages to arm64 board/coreos dependencies 
flatcar-eks/nvidia-drivers/nvidia-metadata are now required to build
AWS/Azure images on all architectures, so we need the packages to not be
amd64-only dependencies of board-packages or coreos any longer.
 2022-03-08 10:57:12 +01:00
Jeremi Piotrowski
ec88babf35 x11-drivers/nvidia-drivers: add runtime dependency on nvidia-metadata 
setup-nvidia requires the nvidia-metadata file.
 2022-03-08 10:57:12 +01:00
Jeremi Piotrowski
a972428590 x11-drivers/nvidia-(drivers|metadata): keyword for arm64 
coreos-base/oem-azure now requires systemd units installed by
nvidia-drivers, so the nvidia-drivers package needs to be available for
both architectures. Nvidia-drivers depends on nvidia-metadata so the
same applies.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-03-08 10:57:12 +01:00
Juan Antonio Osorio
333c985cad containerd: Enable SELinux labeling support by default 
This enables containerd to do appropriate SELinux labeling of containers
and files by default. This should not be problematic as Flatcar ships with
SELinux permissive by default.

Signed-off-by: Juan Antonio Osorio <juan.osoriorobles@eu.equinix.com>
 2022-03-08 11:10:02 +02:00
Jeremi Piotrowski
b0bde5635a Merge pull request #1697 from flatcar-linux/go-1.17.8-main 
Upgrade Go in main from 1.17.7 to 1.17.8
 2022-03-08 08:48:30 +01:00
Mathieu Tortuyaux
d4ce290fef changelog: add entries 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Co-authored-by: Kai Lüke <pothos@users.noreply.github.com>
 2022-03-07 18:32:45 +01:00
Mathieu Tortuyaux
f383ffeac1 coreos-base/coreos-init: enable enable-oem-cloudinit 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-07 18:17:36 +01:00
Mathieu Tortuyaux
4f9b1e9e5a coreos-base/oem: remove default.ign 
With ignitionv3, there is no more `default.ign` loaded configuration. We
can safely remove this configuration since it won't be loaded anyway.

oem-cloudinit will be conditionally enabled based on `ignition`
execution result.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-07 18:17:36 +01:00
Mathieu Tortuyaux
05d1141214 sys-kernel/bootengine: update commit ID 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-03-07 18:17:36 +01:00
Mathieu Tortuyaux
57461c606c sys-apps/ignition: bump commit ID 
it mainly brings V3 support on top of V2 support for Ignition and ensure
backward compatibility with existing integration.

Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
 2022-03-07 18:17:36 +01:00
Flatcar Buildbot
2c10f4ecd8 dev-lang: Upgrade Go 1.17.7 to 1.17.8 2022-03-07 07:31:06 +00:00
Flatcar Buildbot
d89b98ad6e app-misc: Upgrade ca-certificates 3.75 to 3.76 2022-03-07 07:24:05 +00:00
Flatcar Buildbot
2d04a88857 app-emulation: Upgrade Containerd 1.6.0 to 1.6.1 2022-03-04 08:23:25 +00:00
Sayan Chowdhury
f2d24968a4 Merge pull request #1648 from flatcar-linux/sayan/update-timezone-data-2021a 
sys-libs/timezone-data: Sync with Gentoo upstream
 2022-03-03 14:36:40 +05:30
Sayan Chowdhury
3466931d5e changelog: Add the entry for the timezone-data 2021a 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-03 14:34:16 +05:30
Sayan Chowdhury
3c0597b403 sys-libs/timezone-data: Apply Flatcar patches 
Recreate the old posix symlink for compatibility, and drop all the
pkg functions that maintain /etc/localtime since we default to UTC.

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-03 14:34:16 +05:30
Sayan Chowdhury
30ef5091b3 sys-libs/timezone-data: Sync with Gentoo upstream 
upstream sync ref
e13124464c

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-03 14:34:13 +05:30
Krzesimir Nowak
7463f454ae Merge pull request #1678 from flatcar-linux/krnowak/pkg-updates-2016 
Accept keyword cleanup for packages from 2016
 2022-03-02 19:38:59 +01:00
Kai Lüke
a0378f9338 Merge pull request #1682 from flatcar-linux/kai/revert-ipsec-change 
sys-kernel: Revert change to forbid using xfrm id 0
 2022-03-02 17:49:40 +01:00
Kai Lueke
5cbb7908de sys-kernel: Revert change to forbid using xfrm id 0 in state 
The change broke userspace (e.g., Cilium is affected because it used
id 0 for the dummy state https://github.com/cilium/cilium/pull/18789)
and we decided to revert it to give the affected software more time
to adapt (cf. https://marc.info/?t=164607426900002&r=1&w=2).
 2022-03-02 17:48:30 +01:00
Jeremi Piotrowski
8a58808b9a coreos-base/coreos-init: fix commit reference to flatcar-master branch 2022-03-02 17:08:31 +01:00
Jeremi Piotrowski
14490039a5 Merge pull request #1683 from flatcar-linux/jepio/fix-cgroupv1-em 
coreos-base/coreos-init: move processes to root cgroup before unbinding controllers
 2022-03-02 17:06:22 +01:00
Jeremi Piotrowski
2d489c33a3 coreos-base/coreos-init: move processes to root cgroup before unbinding controllers 
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-03-02 13:16:41 +00:00
Sayan Chowdhury
b7e0c422d4 changelog/changes: Add the changelog entry for Flatcar Pro merge 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-02 13:59:49 +05:30
Sayan Chowdhury
7a0c4794d3 coreos-base/oem-azure: Add the nvidia.service file to start the service 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-02 13:59:49 +05:30
Sayan Chowdhury
d960acc064 x11-drivers/nvidia-drivers: Use the bucket instead of GCS 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-02 13:59:49 +05:30
Sayan Chowdhury
f076032ed5 oem-azure-pro: Move the Flatcar Pro bits in to regular image 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-02 13:59:43 +05:30
Sayan Chowdhury
5fe2ba270f x11-drivers/nvidia-drivers: Add the changelog updates for 510.47.03 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-02 13:59:21 +05:30
Sayan Chowdhury
59e4a6cfd1 x11-drivers/nvidia-{metadata,drivers}: Update to 510.47.03 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-02 13:59:21 +05:30
Sayan Chowdhury
b422471a35 oem-ec2-compat: Move the EC2 Pro features into regular images 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-02 13:59:21 +05:30
Sayan Chowdhury
aa83e2f34f coreos-base/oem-azure: Install nvidia drivers in regular images 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-03-02 13:59:18 +05:30
Jeremi Piotrowski
0f8d2ca84b Merge pull request #1666 from flatcar-linux/jepio/runtime-revert-to-cgroupv1 
bump coreos-init and bootengine commit for cgroupv1-runtime-revert support
 2022-03-01 15:29:11 +01:00
Jeremi Piotrowski
ea14a7cb10 changelog: add entry for cgroupv1 switch functionality 
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-03-01 14:28:41 +00:00
Jeremi Piotrowski
b571cd5bbb Merge pull request #1676 from flatcar-linux/jepio/azure-earlycon 
core-base/oem-azure(-pro): enable earlycon on all platforms
 2022-03-01 14:44:22 +01:00
Jeremi Piotrowski
21167bc5c3 bump coreos-init and bootengine commit for cgroupv1-runtime-revert change 
This pulls in https://github.com/flatcar-linux/bootengine/pull/35 and
https://github.com/flatcar-linux/init/pull/62, which enable boot time switching
back to legacy cgroups by creating a flag files (/etc/flatcar-cgroupv1) from
ignition.
 2022-03-01 08:12:01 +00:00
Krzesimir Nowak
f1c8620342 profiles: Drop obsolete use for net-misc/iperf 
The use flag was valid for iperf-2.x. We install iperf-3.x for a long
time already, so the flag did nothing.
 2022-02-28 16:30:28 +01:00
Krzesimir Nowak
211cd9bbe6 profiles: Drop dev-libs/liblinear from accept_keywords 
The updated package is stable on both amd64 and arm64.
 2022-02-28 16:30:28 +01:00
Krzesimir Nowak
4f2d674bbd profiles: Drop net-misc/iperf from accept_keywords 
The updated package is available for arm64 and stable on both amd64
and arm64.
 2022-02-28 16:30:28 +01:00
Krzesimir Nowak
0e61e825d8 profiles: Drop sys-apps/nvme-cli from accept_keywords 
The updated package is available now also for arm64 and stable for
both amd64 and arm64.
 2022-02-28 16:30:28 +01:00
Krzesimir Nowak
3f9ac29ebf profiles: Drop dev-util/patchelf from accept_keywords 
The updated package is available for arm64 and stable for both amd64
and arm64.
 2022-02-28 16:30:28 +01:00
Krzesimir Nowak
07c10566cc profiles: Drop dev-libs/userspace-rcu from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-02-28 16:30:28 +01:00
Krzesimir Nowak
d1f209ae0a profiles: Drop net-libs/http-parser from accept_keywords 
The updated package is stable for both amd64 and arm64.
 2022-02-28 16:30:28 +01:00
Krzesimir Nowak
d8a23cff47 Merge pull request #1674 from flatcar-linux/krnowak/pkg-updates-2015 
Accept keyword cleanup for packages from 2015
 2022-02-28 15:40:52 +01:00
owenthomas17
ae8c5b79bf Enable kerberos support for NFSv4 (#1664) 
NFS4 with Kerberos

use_flags: Adding use flags for nfs-utils so that it can support kerberos and nfs4.1 along with various other tools like junctions
kernel: Including relevent kernel modules for  systemd unit

Co-authored-by: Owen Thomas <owen@owen-thomas.co.uk>
Co-authored-by: Kai Lüke <pothos@users.noreply.github.com>
 2022-02-28 15:21:33 +01:00
Kai Lueke
ee3a8a9cff coreos-devel/mantle: update to latest state 
This updates the internal kola version that is now used for tests from
the SDK container pipeline.
 2022-02-25 17:50:37 +01:00
Jeremi Piotrowski
fdf627aafe core-base/oem-azure(-pro): enable earlycon on all platforms 
Both architectures and VM generations.
 2022-02-25 13:30:46 +01:00
Jeremi Piotrowski
a2c6ea2f04 Merge pull request #1675 from flatcar-linux/jepio/build-fixes 
build fixes (shim/polkit)
 2022-02-25 12:54:42 +01:00
Dongsu Park
1ba428e499 Merge pull request #1660 from flatcar-linux/dongsu/shadow-4.11.1 
sys-apps/shadow: update to 4.11.1
 2022-02-25 09:58:11 +01:00
Jeremi Piotrowski
c34235f856 coreos-devel/sdk-depends: mark sys-boot/shim amd64 only 
The version of shim that we carry was never tested on arm64 and was
never intended to work. It also doesn't correctly link against the
newest versions of gnu-efi. Mark it amd64 to exclude it from arm64 sdk.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-02-25 09:56:10 +01:00
Jeremi Piotrowski
182e5d767f sys-auth/polkit: mark duktape dependency with := 
The ':=' slot operator forces a package to be rebuilt when a dependency
slot/subslot changes. Duktape has the slot definition '0/${PV}' and with
the upgrade to 2.7.0 the soname changed, so polkit needs rebuilding.
This is also done this way in recent upstream gentoo ebuilds for polkit.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-02-25 09:56:00 +01:00
Krzesimir Nowak
f3a63cc2e1 Merge pull request #1673 from flatcar-linux/linux-5.15.25-main 
Upgrade Linux Kernel in main from 5.15.24 to 5.15.25
 2022-02-25 09:45:52 +01:00
Krzesimir Nowak
9a5ec90d86 profiles: Drop net-misc/bridge-utils from accept_keywords 
The package is now stable for both amd64 and arm64.
 2022-02-24 15:08:05 +01:00
Krzesimir Nowak
8aef9c928f profiles: Drop pixman from accept_keywords 
It's stable now for both amd64 and arm64.
 2022-02-24 15:08:05 +01:00
Mathieu Tortuyaux
9ff06adbdd Merge pull request #1667 from flatcar-linux/tormath1/libmspack 
dev-libs/libmspack: bump to 0.10.1_alpha
 2022-02-24 10:47:38 +01:00
Mathieu Tortuyaux
a91b938aec profiles/base: stabilize libxml2 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-02-24 10:45:04 +01:00
Flatcar Buildbot
7832ee4f95 sys-kernel: Upgrade Kernel 5.15.24 to 5.15.25 2022-02-24 07:22:10 +00:00
Mathieu Tortuyaux
abef07f31a changelog: add entry 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-02-23 18:38:40 +01:00
Mathieu Tortuyaux
74ed89937c dev-libs/libmspack: apply flatcar changes 
* remove useless ebuild
* set the prefix to the OEM partition since this is vmware-only

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-02-23 18:30:09 +01:00
Mathieu Tortuyaux
8deb1b043a dev-libs/libmspack: sync with ::gentoo 
Commit-Ref: f4b02380c6eb5d4829d3909694a93566b789e5d6

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-02-23 18:28:07 +01:00
Mathieu Tortuyaux
5982f75c88 profiles/base: stabilize duktape 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-02-23 16:41:01 +01:00
Dongsu Park
fe7a6c904b profiles: enable su USE flag for shadow 
Enable su USE flag for shadow, because shadow >= 4.11 does not have it
by default.
Ideally util-linux should have the su binary, but that is currently not
possible, because of a bunch of additional dependencies in SDK like
pam_sssd in baselayout.
 2022-02-22 11:54:21 +01:00
Dongsu Park
2037f0a173 changelog: add changelog for shadow 4.11.1 2022-02-21 15:51:16 +01:00
Dongsu Park
a44f3b8fbd sys-apps/shadow: Apply Flatcar modifications 
- Carry over our custom tmpfiles and securetty files
  - Remove /etc files and install them to /usr, use tmpfiles
  - Switch /etc/login.defs edits to /usr/share/shadow/login.defs
  - Drop moving passwd out of /usr since we don't have split-usr
  - Drop pkg_postinst
 2022-02-21 15:51:16 +01:00
Dongsu Park
2b733fd76a sys-apps/shadow: update to 4.11.1 
Sync with Gentoo to update sys-apps/shadow to 4.11.1, mainly to address
CVE-2013-4235.

Gentoo ref: defe2a377e43a756441b183b66e2c4aae2be27b5
 2022-02-21 15:51:16 +01:00
Kai Lueke
3d5309794a sys-apps/ignition: prevent races with udev 
This pulls in
https://github.com/flatcar-linux/ignition/pull/35
to prevent boot failures such as fsck running while udev was still
processing the disk changes, and thus failing when the /dev/disk/
symlink is shortly gone.
 2022-02-21 11:12:24 +01:00
Thilo Fromm
3219bd9035 Merge pull request #1661 from flatcar-linux/t-lo/bootengine-fix-container-build 
sys-kernel/bootengine: fix containerised builds
 2022-02-21 10:42:39 +01:00
Kai Lüke
a8c00f42d3 Merge pull request #1652 from flatcar-linux/kai/use-package-users 
sys-apps/baselayout: remove duplicates of acct-user|group
 2022-02-18 18:16:29 +01:00
Thilo Fromm
8adf98c2c8 sys-kernel/bootengine: fix containerised builds 
Bump CROS_WORKON to include
https://github.com/flatcar-linux/bootengine/pull/36
to fix an issue with dracut in containerised builds.

Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
 2022-02-18 18:00:50 +01:00
Mathieu Tortuyaux
e7923114db Merge pull request #1659 from flatcar-linux/tormath1/sqlite 
dev-db/sqlite: skip `sqlite3` installation
 2022-02-18 17:51:09 +01:00
Mathieu Tortuyaux
121cc4e28f profiles/coreos/make: add sqlite3 to INSTALL_MASK 
this prevents the installation of `/usr/bin/sqlite3` cli provided by
`dev-db/sqlite`.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-02-18 17:48:18 +01:00
Kai Lueke
14bf508412 sys-apps/baselayout: remove duplicates of acct-user|group 
This pulls in
https://github.com/flatcar-linux/baselayout/pull/23
to remove user entries which get safely created through
https://github.com/flatcar-linux/scripts/pull/227
using the acct-user ID allocations for systemd-sysusers.
 2022-02-18 10:21:11 +01:00
Dongsu Park
a85e311aca coreos-base/hard-host-depends: add docutils, patchutils 
Add dev-python/docutils, dev-util/patchutils to hard-host-depends.
Without adding those in the SDK, the new package dev-util/bpftool would
end up pulling in the new dependencies into the production images, which
should not happen.
 2022-02-17 13:52:47 +01:00
Dongsu Park
0fc96039a9 profiles: force enable bpftool for arm64 
As dev-util/bpftool does not have a keyword arm64, we need to force
enable arm64 keyword for bpftool.
 2022-02-17 13:49:22 +01:00
Dongsu Park
9b9ac5ea39 coreos-base/coreos: add dev-util/bpftool 
Get dev-util/bpftool included in the production images by default.
 2022-02-17 13:48:42 +01:00
Krzesimir Nowak
6d0d5625f1 Merge pull request #1657 from flatcar-linux/linux-5.15.24-main 
Upgrade Linux Kernel in main from 5.15.23 to 5.15.24
 2022-02-17 10:23:18 +01:00
Kai Lüke
81fd6a88a2 Merge pull request #1651 from flatcar-linux/kai/use-networkd-conf-drop-in 
Replace systemd patch by a drop-in file
 2022-02-17 10:09:32 +01:00
Kai Lueke
584693874b Replace systemd patch by a drop-in file 
This pulls in
https://github.com/flatcar-linux/init/pull/61
and
https://github.com/flatcar-linux/baselayout/pull/22
to use a drop-in file instead of the systemd patch.
 2022-02-17 10:08:43 +01:00
Dongsu Park
5b1acafa48 Merge pull request #1650 from flatcar-linux/containerd-1.6.0-main 
Upgrade Containerd in main from 1.5.9 to 1.6.0
 2022-02-17 09:12:03 +01:00
Flatcar Buildbot
52e8cfc8f2 sys-kernel: Upgrade Kernel 5.15.23 to 5.15.24 2022-02-17 07:22:23 +00:00
Flatcar Buildbot
16e00441cb app-emulation: Upgrade Containerd 1.5.9 to 1.6.0 2022-02-16 11:20:20 +00:00
Jeremi Piotrowski
5228888a5c profiles/coreos: move gnuefi systemd USE flag to target 
SDK bootstrap is failing with:

  Message: sbat-distro (from ID):

  ../systemd-stable-250.3/src/boot/efi/meson.build:189:24: ERROR: Problem encountered: Required sbat-distro option not set and autodetection failed

The gnuefi USE flag controls whether bootctl and systemd-boot are built, but we
only need those on the target. Currently the USE flag is set for SDK as well,
so move it to coreos/targets/generic.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-02-16 07:57:38 +01:00
Kai Lüke
330a7461fb Merge pull request #1636 from JAORMX/enable-auditd 
Add auditd package and systemd unit
 2022-02-15 20:38:49 +01:00
Kai Lüke
270806ad24 Update changelog/changes/2022-02-15-auditd.md 2022-02-15 20:33:33 +01:00
Krzesimir Nowak
b8505e5d89 profiles: Override UIDs and GIDs where we differ grom Gentoo 
These mostly are UIDs and GIDs that we have allocated before we picked
up changes from Gentoo.
 2022-02-15 17:35:28 +01:00
Krzesimir Nowak
f186c4720d sys-apps/baselayout: Bump 
Add missing entries to passwd and group.

Updated netperf needs netperf user and group. Updated systemd needs
various systemd users and groups. Dnsmasq also seems to require its
own user/group.

All this is added to prevent systemd-sysusers adding these to
/etc/passwd. And systemd-sysusers adds these, because the updated
user/group eclass in portage-stable now drops configuration files into
/usr/lib/sysusers.d. Maybe at some point we will switch over to
(patched?) systemd-sysusers, so this catch-up game won't be necessary,
but we are not there yet.
 2022-02-15 17:35:28 +01:00
Juan Antonio Osorio
8f1612bac2 Add changelog entry for auditd 
Co-authored-by: Kai Lüke <pothos@users.noreply.github.com>
 2022-02-15 17:44:00 +02:00
Juan Antonio Osorio
de263591ff Add auditd package and systemd unit 
This includes the `auditd` binary and systemd unit as part of the
distro. While journald is also able to handle logs from the linux audit
subsystem, auditd provides audit-specific capabilities that are
necessary in deployments subject to regulatory compliance.

For one, an administrator is able to configure audit log writing policy
to ensure that logs land on disk and nothing is missed (`flush`). We
wouldn't want such policy through journald as it woudl sync and ensure
all logs which might be undesirable and too resource intensive. In
short, this allows us to configure different management policies for
audit logs compared to general logs.

It allows us to explicitly configure the node's reaction to errors such
as the disk beign full, the disk having other issues or space constraints.

While Flatcar is not Common Criteria certified which would require the
system to shut down if audit logs present issues (not written or
collected), some FedRAMP environments do require actions such as
notifications (which could be achieved via syslog). This can be
explicitly done with auditd as well.

Co-authored-by: Kai Lüke <pothos@users.noreply.github.com>
 2022-02-15 17:43:54 +02:00
Krzesimir Nowak
d3ccff1f01 changelog: Add entries 2022-02-14 16:35:33 +01:00
Krzesimir Nowak
e349d36ba6 profiles: Update systemd use flags 
- Consolidate them (so enabling selinux and disabling hybrid cgroups
  was moved).

- Remove outdated masks (arm64 does not mask any use flags any more)
  and use flags (ssl was replaced in favor of +openssl and gnutls,
  introspection is gone).

- Add gnuefi (for bootctl, earlier it was built if we requested
  general efi support, now it's built when support also for gnu-efi is
  requested).
 2022-02-14 16:35:33 +01:00
Krzesimir Nowak
ca71cd3a3f sys-apps/systemd: Apply Flatcar modifications 2022-02-14 16:35:33 +01:00
Krzesimir Nowak
4ff26d05db sys-apps/systemd: Sync with gentoo 
It's from gentoo commit 909ff1217e19ce803fefbd16a67869426232f432.
 2022-02-14 16:35:33 +01:00
Dongsu Park
fdc395e8de Merge pull request #1647 from flatcar-linux/go-1.17.7-main 
Upgrade Go in main from 1.17.6 to 1.17.7
 2022-02-14 15:59:37 +01:00
Dongsu Park
9ceb73704f changelog: add security changelog for Go 1.17.7 2022-02-14 14:36:22 +01:00
Flatcar Buildbot
188f067dd5 dev-lang: Upgrade Go 1.17.6 to 1.17.7 2022-02-14 07:30:02 +00:00
Flatcar Buildbot
3b0af8e48a sys-kernel: Upgrade Kernel 5.15.22 to 5.15.23 2022-02-12 07:21:24 +00:00
Dongsu Park
dc408cf2fc Merge pull request #1637 from flatcar-linux/firmware-20220209-main 
Upgrade Linux Firmware in main from 20211216 to 20220209
 2022-02-11 16:03:31 +01:00
Jeremi Piotrowski
bdcac570b1 Merge pull request #1628 from flatcar-linux/jepio/aws-arm64-fix-console 
coreos-base/oem-ec2-compat: set correct console on arm64
 2022-02-11 15:44:52 +01:00
Mathieu Tortuyaux
5a53c343fa Merge pull request #1639 from flatcar-linux/tormath1/polkit 
sys-auth/polkit: remove `-Dwith-duktape`
 2022-02-11 15:39:50 +01:00
Jeremi Piotrowski
08e53ca3b4 Merge pull request #1629 from flatcar-linux/jepio/walinuxagent-update 
update WALinuxAgent to v2.6.0.2
 2022-02-11 15:36:41 +01:00
Dongsu Park
f3b79484d8 Merge pull request #1611 from flatcar-linux/dongsu/gcc-10 
Preparation for gcc 10
 2022-02-11 13:56:31 +01:00
Dongsu Park
020beddd07 sys-kernel/coreos-firmware: fix build issues with cxgb4 firmware 
Fix build issues when building firmware 20220209 by bumping the cxbg4
firmware version to 1.26.6.0. Without that, build fails like:

```
 * Scanning for files required by 5.15.22-flatcar
 * Missing firmware: cxgb4/t6fw.bin (cxgb4.ko.xz)
 * Missing firmware: cxgb4/t5fw.bin (cxgb4.ko.xz)
 * Missing firmware: cxgb4/t4fw.bin (cxgb4.ko.xz)
```
 2022-02-11 09:39:05 +01:00
Flatcar Buildbot
3f1811585f sys-kernel: Upgrade Linux Firmware 20211216 to 20220209 2022-02-11 09:39:05 +01:00
Mathieu Tortuyaux
3bf1a5fb20 sys-auth/polkit: remove -Dwith-duktape 
this option is superseeds by `js_engine` which defaults to duktape.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-02-10 18:37:56 +01:00
Dongsu Park
217a1af593 Merge pull request #1621 from flatcar-linux/cacerts-3.75-main 
Upgrade ca-certificates in main from 3.74 to 3.75
 2022-02-10 17:35:22 +01:00
Kai Lüke
3a9c9ede2d Merge pull request #1622 from flatcar-linux/kai/systemd-disable-manage-foreign-routes-and-rules 
sys-apps/systemd: add downstream patch to disable foreign route mgmt
 2022-02-10 17:33:13 +01:00
Dongsu Park
e24bb9f348 changelog: add changelog for gcc 10 preparation 2022-02-10 16:57:26 +01:00
Dongsu Park
257a513e77 app-emulation/open-vmdk: fix build issues with gcc 10 
As gcc 10 or newer defaults to `-fno-common`, we need to define only
once in a *.c file, instead of *.h that can be imported multiple times
by *.c files.

See also https://github.com/vmware/open-vmdk/pull/13.
 2022-02-10 16:57:26 +01:00
Dongsu Park
f2464ad27b coreos-base/emerge-gitclone: fetch correct commit in case of non-release 
When the given release string is for non-release like
"2022.02.02+dev-flatcar-master-4742", we should fetch release.xml from
a correct commit from e.g.
https://raw.githubusercontent.com/kinvolk/manifest-builds/dev-flatcar-master-4742/dev-flatcar-master-4742.xml.

Without that, as the default branch contains invalid source code that
was deprecated many years ago, the build could sometimes fail, e.g. when
trying to build perl 5.26.2 with gcc 10.

This pulls in https://github.com/flatcar-linux/flatcar-dev-util/pull/7.
 2022-02-10 16:57:26 +01:00
Dongsu Park
ff9098b9d4 net-fs/nfs-utils: Apply Flatcar modifications 
- Add the tmpfiles configuration for populating /var
  - Add service compatibility symlinks (maybe time to drop them)
  - Drop moving a binary from /usr/sbin to /sbin
  - Drop populating /etc and /var
  - Drop pkg_postinst

Based on commit c232e24562cfecd53cb281330e2900fcc30006f7.
 2022-02-10 16:57:26 +01:00
Dongsu Park
fad4ba41b8 net-fs/nfs-utils: update to 2.5.4-r3 
Update net-fs/nfs-utils to 2.5.4-r3, as needed by gcc 10.
Without that update, build fails like:

```
/usr/libexec/gcc/x86_64-cros-linux-gnu/ld:
../../support/export/libexport.a(xtab.o):.../support/export/xtab.c:32:
multiple definition of `v4root_needed';
mountd-v4root.o:.../utils/mountd/v4root.c:31: first defined here
```
 2022-02-10 16:57:25 +01:00
Dongsu Park
7d24586b46 profiles: Update versions of iasl, kexec-tools 
Update sys-power/iasl to 20200326 for arm64.
Update sys-apps/kexec-tools to 2.0.22 for arm64.
 2022-02-10 16:57:25 +01:00
Dongsu Park
157d83ebae profiles: remove mask for gcc-config 2 
As we need to update gcc-config to 2.5, we have to remove the old
mask that prevents gcc-config 2 from being installed.
 2022-02-10 16:57:25 +01:00
Kai Lueke
98d2469b60 coreos-base/update_engine: fix flatcar-postinst migration notice 
This pulls in
https://github.com/flatcar-linux/update_engine/pull/16
to fix a small template error in the cgroup v2 migration notice.
 2022-02-10 13:31:17 +01:00
Jeremi Piotrowski
648e129aab changelog: add entry for AWS ARM64 console fix 
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-02-10 13:30:48 +01:00
Mathieu Tortuyaux
0c2a064bfb Merge pull request #1635 from flatcar-linux/tormath1/vim 
profiles/base: stabilize vim
 2022-02-10 11:38:30 +01:00
Mathieu Tortuyaux
4f4137b33d profiles/base: stabilize vim 
this is required to pull recent versions of vim which fix CVEs.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-02-09 18:02:47 +01:00
Flatcar Buildbot
1bd580a3d6 sys-kernel: Upgrade Kernel 5.15.19 to 5.15.22 2022-02-09 16:39:45 +00:00
Jeremi Piotrowski
d30359a806 coreos-base/oem-ec2-compat: specify correct console on arm64 
The default arm64 console (console=ttyAMA0) that is set by grub is wrong for
EC2 arm64, so fix the value and enable earlycon.
 2022-02-09 17:26:11 +01:00
Jeremi Piotrowski
a76eccc6c4 changelog: add entry for WALinuxAgent 2022-02-09 11:15:23 +00:00