mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-23 23:41:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
30,117 Commits 616 Branches 394 Tags
Commit Graph

30117 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeremi Piotrowski
580c181df8 sys-kernel/coreos-modules: Enable lockdown when booted with secure boot 
This is a requirement of the shim signing process.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2024-09-17 11:01:06 +02:00
Jeremi Piotrowski
8393a4cf4b sys-kernel/coreos-sources: Add secure-boot-lockdown patches 
Shim signing for secure boot requires enforcing lockdown. There are three ways
we can do this:

1. setting CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY=y. This unconditionally
   prevents loading unsigned kernel modules.
2. setting lockdown=integrity on the kernel cmdline from a signed Grub
   configuration. This would be OK, but Grub is not updated in the field right
   now, so we'd be stuck.
3. incorporate the secure-boot-lockdown patches that other major distros are using.

We're going to go with 3, because this only enforces lockdown when secure boot
is actually enabled and lets us change approach later on.

These patches are sourced from Debian:
https://sources.debian.org/src/linux/6.6.13-1~bpo12%2B1/debian/patches/features/all/lockdown/.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2024-09-17 11:01:06 +02:00
Mathieu Tortuyaux
00bd0915ce
Merge pull request #2324 from flatcar/linux-6.6.51-main 
Upgrade Linux Kernel for main from 6.6.50 to 6.6.51
 2024-09-17 09:55:13 +02:00
flatcar-ci
2b10aa94a1 New version: main-4095.0.0-nightly-20240916-2100 2024-09-16 21:00:25 +00:00
Krzesimir Nowak
e9197a75da
Merge pull request #2326 from flatcar/krnowak/gh-action-linux-lts 
.github: Follow-up fix for missing app-emulation/hv-daemons
 2024-09-16 16:58:43 +02:00
Krzesimir Nowak
b108abf170 .github: Follow-up fix for missing app-emulation/hv-daemons 2024-09-16 16:53:15 +02:00
Flatcar Buildbot
bc5e1fce44 sys-kernel/coreos-sources: Update from 6.6.50 to 6.6.51 2024-09-16 14:40:58 +00:00
Krzesimir Nowak
af3b2d1323
Merge pull request #2321 from flatcar/krnowak/gh-action-linux-lts 
.github: Handle missing app-emulation/hv-daemons
 2024-09-16 16:37:42 +02:00
Krzesimir Nowak
475cb08109
.github: Make app-emulation/hv-daemons a relative link 
Co-authored-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2024-09-16 15:23:48 +02:00
Mathieu Tortuyaux
7234433f87
Merge pull request #2308 from flatcar/tormath1/ignition 
sys-kernel/bootengine: pull ignition changes
 2024-09-16 14:20:57 +02:00
Mathieu Tortuyaux
c7d080bfb6
Merge pull request #2310 from flatcar/firmware-20240909-main 
Upgrade Linux Firmware in main from 20240811 to 20240909
 2024-09-16 14:17:43 +02:00
Krzesimir Nowak
90388548d1 .github: Handle missing app-emulation/hv-daemons 
LTS channel has no such package, so the action for finding the kernel
update was failing. Fix it by updating the package only if it exists.
 2024-09-16 12:20:56 +02:00
Mathieu Tortuyaux
677bcdaa57
changelog: add entry 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2024-09-16 09:51:38 +02:00
Mathieu Tortuyaux
46d44d3b16
sys-kernel/bootengine: pull ignition changes 
this pulls Ignition reordering to fix Equinix Metal issues.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2024-09-16 09:39:09 +02:00
Mathieu Tortuyaux
e46b859e0e
Merge pull request #2316 from flatcar/mantle-update-main 
Upgrade mantle container image to latest HEAD in main
 2024-09-16 09:28:29 +02:00
Flatcar Buildbot
b7bd8570e5 Update mantle container image to latest HEAD 2024-09-14 01:56:57 +00:00
flatcar-ci
4eea8c4a3d New version: main-4092.0.0-nightly-20240913-2100 2024-09-14 01:56:41 +00:00
flatcar-ci
78210dcd9a New version: main-4092.0.0-nightly-20240913-2100-INTERMEDIATE 2024-09-13 21:00:27 +00:00
Thilo Fromm
775cbf6b3e
board-packages: add hyperv hv-daemons (#2319) 
This change adds the Azure and HyperV OEM "hv-daemons" to board-packages
so build_packages.sh will actually build these. This un-breaks a build
issue with the Azure and HyperV images.

Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
 2024-09-13 15:32:34 +02:00
Mathieu Tortuyaux
664e4271f9
Merge pull request #2311 from flatcar/tormath1/etcd 
app-admin/etcd-wrapper: bump etcd version
 2024-09-13 09:24:53 +02:00
Mathieu Tortuyaux
100a449a42
app-admin/etcd-wrapper: bump etcd version 
required for Kubernetes 1.31 external etcd

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2024-09-13 09:24:27 +02:00
flatcar-ci
95aade7c4b New version: main-4091.0.0-nightly-20240912-2100 2024-09-12 21:00:27 +00:00
Thilo Fromm
32c40fa1cb
oem-azure: add hyperv daemons (#2309) 
* oem-azure: add hyperv daemons

This change adds hyperv daemons hv_fcopy, hv_kvp, and hv_vss to the
Azure and HyperV OEM sysexts. hv_kvp specifically is needed to submit OS version
information to the Azure hypervisor.

The daemons, tough userspace programs, are built from the kernel sources
as they are included in the Linux kernel.

As the ebuild is (somewhat)  kernel specific, it should be updated when the kernel
is updated. Respective additions have been made to the kernel update GitHub actions
automation.

Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
Co-authored-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2024-09-12 16:37:25 +02:00
James Le Cuirot
9d2026b40e
sys-boot/grub: Move to portage-stable, bump to 2.12 
We can now use Gentoo's upstream ebuild, save for a few small overrides
in a separate env file.

This bumps GRUB from 2.06 to 2.12, The existing two Flatcar patches have
been rebased.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
 2024-09-12 11:55:22 +01:00
Jeremi Piotrowski
03d1f406cf
Merge pull request #2302 from flatcar/mantle-update-main 
Upgrade mantle container image to latest HEAD in main
 2024-09-12 09:23:16 +02:00
Flatcar Buildbot
eb779f0b80 sys-kernel/coreos-firmware: Update from 20240811 to 20240909 2024-09-12 07:13:34 +00:00
Flatcar Buildbot
53efe424a8 Update mantle container image to latest HEAD 2024-09-11 21:00:43 +00:00
flatcar-ci
0d122ee40f New version: main-4090.0.0-nightly-20240911-2100 2024-09-11 21:00:26 +00:00
Krzesimir Nowak
b031f0bc93
Merge pull request #2274 from flatcar/buildbot/weekly-portage-stable-package-updates-2024-09-02 
Weekly portage-stable package updates 2024-09-02
 2024-09-11 11:15:03 +02:00
flatcar-ci
34a7fbe054 New version: main-4089.0.0-nightly-20240910-2100 2024-09-10 21:00:29 +00:00
Mathieu Tortuyaux
c89130691c
Merge pull request #2296 from flatcar/linux-6.6.50-main 
Upgrade Linux Kernel for main from 6.6.48 to 6.6.50
 2024-09-10 13:43:33 +02:00
Mathieu Tortuyaux
a89ecb711a
Merge pull request #2016 from daMupfel/disable-dhcp-rapid-commit-for-cloudsigma 
changelog: disable DHCP RapidCommit for CloudSigma OEM
 2024-09-10 09:30:06 +02:00
David Eichin
557175b3df disable DHCP rapidcommit for cloudsigma 2024-09-10 07:18:52 +02:00
David Eichin
bc3aadb1bd changelog: add entry 2024-09-10 07:17:58 +02:00
flatcar-ci
512bc23af8 New version: main-4088.0.0-nightly-20240909-2100 2024-09-09 21:00:26 +00:00
Mathieu Tortuyaux
d9dcc75c36
Merge pull request #2142 from flatcar/tormath1/ci-hetzner 
ci-automation: add hetzner testing
 2024-09-09 09:46:53 +02:00
Flatcar Buildbot
02642c2260 sys-kernel/coreos-sources: Update from 6.6.48 to 6.6.50 2024-09-08 07:13:02 +00:00
flatcar-ci
7b130b23f1 New version: main-4085.0.0-nightly-20240906-2100 2024-09-07 01:58:17 +00:00
flatcar-ci
187851a0b1 New version: main-4085.0.0-nightly-20240906-2100-INTERMEDIATE 2024-09-06 21:00:27 +00:00
Mathieu Tortuyaux
ce763ff862
ci-automation: add hetzner testing 
No need for garbage collection since one temporary project is allocated with 1h of
lifespan for each run.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Co-authored-by: Julian Tölle <julian.toelle97@gmail.com>
 2024-09-06 10:58:51 +02:00
Mathieu Tortuyaux
abeddbd41b
Merge pull request #2288 from flatcar/tormath1/kernel-indentation 
eclass/coreos-kernel: add -Werror=misleading-indentation
 2024-09-06 10:28:38 +02:00
flatcar-ci
77db0fec63 New version: main-4084.0.0-nightly-20240905-2100 2024-09-05 21:00:25 +00:00
Mathieu Tortuyaux
565daaba2c
eclass/coreos-kernel: add -Werror=misleading-indentation 
To ensure that tested patches are correctly indented.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2024-09-05 16:57:23 +02:00
Krzesimir Nowak
b99e666f00
Merge pull request #2068 from flatcar/krnowak/merged-usr 
Finish merged-usr process for generic images, move SDK over to it too
 2024-09-05 15:26:13 +02:00
Krzesimir Nowak
f3f51ed2d8 changelog: Add an entry 2024-09-05 15:07:23 +02:00
Krzesimir Nowak
e893cc89bd overlay coreos/config: Drop split-usr workarounds for sys-apps/kmod 2024-09-05 14:55:31 +02:00
Krzesimir Nowak
c134baccee overlay app-admin/sudo: Keep /etc/sudoers.d directory 
It seems to be randomly kept or removed during installation, and we
need the directory when creating the SDK container.
 2024-09-05 14:55:31 +02:00
Krzesimir Nowak
c8500797ea overlay profiles: Some cleanups 
Mask split-usr globally, not only for generic images. Move some SDK
only USE flags to SDK target profile (cros_host, expat). Drop
duplicated disabling of cups USE flag.
 2024-09-05 14:55:31 +02:00
Krzesimir Nowak
c1c162e523 coreos profiles: Drop unused symlink-usr USE flag 2024-09-05 14:55:31 +02:00
Krzesimir Nowak
b0ab201807 overlay sys-kernel/coreos-modules: Drop a mention of symlink-usr 2024-09-05 14:55:31 +02:00