* sdk: Fix ephemeral key directory paths baked into container images
The SDK container build process was persisting temporary directory
paths for module signing keys into /home/sdk/.bashrc. This caused
all container instances to share the same ephemeral key location.
Fixed by:
- Runtime check in sdk_entry.sh to recreate stale temp directories
- Build-time cleanup in Dockerfiles to remove the variables
Each container instance now gets unique temporary directories.
Signed-off-by: Daniel Zatovic <daniel.zatovic@gmail.com>
* sdk_entry: use persistent module signing keys for unofficial builds
For official builds (COREOS_OFFICIAL=1), continue using ephemeral
temporary directories for module signing keys.
For unofficial/development builds, use a persistent directory at
/mnt/host/source/.module-signing-keys to preserve keys across
container restarts.
Signed-off-by: Daniel Zatovic <daniel.zatovic@gmail.com>
---------
Signed-off-by: Daniel Zatovic <daniel.zatovic@gmail.com>
Use the default location for pam configs. We replace them with our own
in post_src_install hook anyway.
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
We are building sssd on arm64, so drop the unnecessary code. Also
create some more compatibility symlinks.
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
This is meant to be used by packages installing pam config files. The
function should be invoked in a post src_install hook.
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
ldb was folded into samba, so it is not sys-libs/ldb that installs ldb
modules, but rather net-fs/samba. The ldb modules are needed by
sys-auth/sssd to work, so stop removing them in the post src_install
hook.
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
This pulls in https://github.com/flatcar/bootengine/pull/114
just to be sure that we tried all available modules based on the
modalias when we don't make progress in the minimal initrd. So far we
don't know if this helps (it won't for completly missing kernel modules
of course) but it's good to have this done automatically instead of
having to ask users if it helps for them when they hit an issue. It also
prints the current state again which otherwise might be a bit hidden if
a kernel message gets printed after the initial message.
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
This is a hack - the ebuild will disappear on next weekly updates,
unless Gentoo gets the 2.1.5 ebuild by then.
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
The Fusion MPT SCSI storage drivers were missing from the new minimal
initrd because they are not together with the other storage driver
modules but live in their own "message/fusion/" folder.
Add the "message/fusion/" folder to the initrd modules so that we can
load the disk. Dependencies will be resolved by dracut-install as
needed.
Fixes https://github.com/flatcar/Flatcar/issues/1924
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
- add patch for yaml-cpp to fix cmake 4.0 issues
- drop two cross patches as they are already upstreamed (keep the
cross fixes for photon, though)
- drop tcmu pin patch (upstreamed)
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
