10213 Commits

Author SHA1 Message Date
Kai Lüke
dcd8f8ae40 net-misc/openssh: Apply Flatcar changes
- Drop the init.d files.
- Remove the socket unit's rate limiting.

Instead of dropping bindist, enable it with the profiles now so it
doesn't need to be modified on future updates.

Imported commit 20d298fb282ec9d5a060f12aef64c47aede0904d .
2021-09-03 10:35:28 +02:00
Dongsu Park
e0e1ad29c3 net-misc/openssh: sync with Gentoo for 8.7_p1-r1
Update net-misc/openssh to 8.7_p1-r1, mainly to address CVE-2020-15778.

Goal of the package update is to add the support of a new option `-s`
of scp, i.e. "sftp mode of scp". Openssh 8.7 started to support the
flag, but it is disabled by default. So at the moment users need to
explicitly run `scp -s` to test the feature.

Gentoo ref: 11d6f23704e7ab84191e28e034816bfdb151d406
2021-09-03 10:35:24 +02:00
Dongsu Park
2db638d652 Merge pull request #1243 from kinvolk/dongsu/glibc-2.33-r7
sys-libs/glibc: update to 2.33-r7
2021-09-03 10:05:39 +02:00
Kai Lüke
adb5726979 Merge pull request #1245 from kinvolk/kai/enable-selinux-on-all-targets-v2
profiles: Enable selinux for all targets
2021-09-02 21:14:39 +02:00
Aniruddha Basak
9210fd5beb mdadm: migrate cron.weekly to systemd.timer (#1244)
Add mdadm timer and service files and remove the unused weekly cron
2021-09-02 21:10:57 +02:00
Krzesimir Nowak
00cad56908 Merge pull request #1248 from kinvolk/krnowak/update-sys-libs-ldb
Update sys-libs/talloc and sys-libs ldb to drop python2 dependency
2021-09-02 20:55:19 +02:00
Krzesimir Nowak
0c16d504b2 Merge pull request #1236 from raballew/main
coreos-modules: add GPIO support
2021-09-02 17:56:38 +02:00
Kai Lueke
f0f9617316 profiles: Enable selinux for all targets
Move the USE options out of the amd64 path, specify selinux
packages as explicit dependency, and add accept keywords.
2021-09-02 15:13:32 +02:00
Dongsu Park
142dc04fd4 app-misc/ca-certificates: ignore UnicodeEncodeError when opening file
Now that we started encoding strings to unicode by default,
we should also take care of corner cases, where LC_CYPTE is set to a
different value from the systemd default value in `/etc/locale.gen`.

For example, under a build environment with `LC_CTYPE=C`, when the UTF-8
file name is `AC_Ra�z_Certic�mara_S.A..pem`,
build fails like that.

```
Traceback (most recent call last):
  File "/var/tmp/portage/app-misc/ca-certificates-3.27.1-r2/files/certdata2pem.py",
line 127, in <module>
    f = open(fname, 'w')
UnicodeEncodeError: 'ascii' codec can't encode character '\xed' in position 5: ordinal not in range(128)
 * ERROR: app-misc/ca-certificates-3.27.1-r2::coreos failed (compile phase):
```

To fix that, encode filename with system encoding when opening the file.
2021-09-02 14:19:37 +02:00
Krzesimir Nowak
d4d10bceaa app-emulation/xenstore: Update to 4.14.2 2021-09-02 14:19:29 +02:00
Krzesimir Nowak
8cc524b15b sys-libs/ldb: Apply Flatcar modifications
Support python3 that we have packaged.
2021-09-02 10:22:30 +02:00
Krzesimir Nowak
d0aaf23418 sys-libs/ldb: Drop extra stuff 2021-09-02 10:22:30 +02:00
Krzesimir Nowak
c99f0113cd sys-libs/ldb: Copy from gentoo
Still contains extra stuff we are going to drop.
2021-09-02 10:22:30 +02:00
Krzesimir Nowak
8a32322830 sys-libs/ldb: Drop old
This package contained no Flatcar modifications, so in theory it could
be moved to portage-stable. But we also will want to update it to some
recent version that does not depend on python2. But the recent
versions in gentoo use python3.{7,9}, so we will need to change it for
now, since we still use python3.6.
2021-09-02 10:22:30 +02:00
Krzesimir Nowak
fd5bfc4907 sys-libs/talloc: Apply Flatcar modifications 2021-09-02 10:22:30 +02:00
Krzesimir Nowak
0c1e06d7a0 sys-libs/talloc: Drop unnecessary files 2021-09-02 10:22:30 +02:00
Krzesimir Nowak
ee50bff520 sys-libs/talloc: Add new package from gentoo
We need it for the updated sys-libs/ldb, but it depends on python we
haven't yet packaged.
2021-09-02 10:22:30 +02:00
Dongsu Park
9eb72fbc7e Merge pull request #1247 from kinvolk/dongsu/github-actions-image-key
.github: fetch the correct Flatcar image signing key
2021-09-02 09:39:42 +02:00
Dongsu Park
0565e229ef .github: fetch the correct Flatcar image signing key
`Flatcar_Image_Signing_Key.asc` on https://www.flatcar-linux.org is
outdated, expired. That's why all Github Actions failed to run.
We need to fetch the image signing key from the correct URL,
https://kinvolk.io/flatcar-container-linux/...
2021-09-02 09:34:13 +02:00
Paul Wallrabe
262c16b427 amd64: enable missing kernel config options 2021-09-01 21:23:52 +02:00
Krzesimir Nowak
cf6fe28771 Merge pull request #1219 from kinvolk/krnowak/python3-oem
Update dev-lang/python-oem to 3.6.5
2021-09-01 18:53:01 +02:00
Krzesimir Nowak
0eac3144d7 dev-python/distro-oem: Update some comments 2021-09-01 18:51:04 +02:00
Krzesimir Nowak
d6adffcdc3 app-emulation/wa-linux-agent: Update some comments 2021-09-01 18:50:49 +02:00
Krzesimir Nowak
fd0fa0b948 dev-python/distro-oem: Depend on specific version of python-oem 2021-09-01 18:46:49 +02:00
Krzesimir Nowak
357df4cebd app-emulation/wa-linux-agent: Depend on specific version of python-oem 2021-09-01 18:46:49 +02:00
Krzesimir Nowak
fe69e51906 app-emulation/wa-linux-agent: Make DIST entry in Manifest a single line 2021-09-01 18:46:49 +02:00
Krzesimir Nowak
55d5630340 app-emulation/wa-linux-agent: Patch to support flatcar 2021-09-01 18:46:49 +02:00
Krzesimir Nowak
4827507851 app-emulation/wa-linux-agent: Add dependency on dev-python/distro-oem
WALinuxAgent falls back to using the `distro` module to figure out the
distribution details in case the `get_linux_distribution` function
from the builtin `platform` module is not able to do it. With the
update of python-oem to python3, the distribution detection broke,
because we stopped carrying a patch that implemented fetching the
distribution information from `/etc/os-release`. It does not make
sense to backport that patch though, because
`platform.get_linux_distribution` is deprecated and removed in python
3.7 or 3.8. So when we update python3 to the newer version, we would
need to add the `distro` module anyway.

Maybe we can drop `distro-oem` module in future, when python-oem will
use version 3.10 and WALinuxAgent starts using the newly added
functionality in 3.10 to figure out the distribution information.
2021-09-01 18:46:49 +02:00
Krzesimir Nowak
8ff3d67fcb dev-python/distro-oem: Add new package
See README.md for details on why we add this package instead of
importing dev-python/distro from gentoo.
2021-09-01 18:46:49 +02:00
Krzesimir Nowak
0f54150fdf app-emulation/wa-linux-agent: Update the python path 2021-09-01 18:46:49 +02:00
Krzesimir Nowak
00ae3b5203 dev-lang/python-oem: Apply Flatcar modifications 2021-09-01 18:46:49 +02:00
Krzesimir Nowak
28efd0f33a dev-lang/python-oem: Copy ebuild of python 3.6.5 from portage-stable
It's the build file we are using now.
2021-09-01 18:46:49 +02:00
Krzesimir Nowak
d5283e2a11 dev-lang/python-oem: Drop old stuff 2021-09-01 18:46:49 +02:00
Krzesimir Nowak
3c1ed84ecd Merge pull request #1235 from kinvolk/krnowak/bump-git-emerge
coreos-base/git-emerge: Update links and bump commit
2021-09-01 18:03:42 +02:00
Dongsu Park
d0ce77ec8e Merge pull request #1195 from kinvolk/dongsu/mantle-20210813
coreos-devel/mantle: update to v0.16.0
2021-09-01 16:16:31 +02:00
Dongsu Park
229ab50bb0 coreos-devel/mantle: update to v0.16.0
Update mantle to 8957a93e17c7c6491ff5e95e226832032ceea576, v0.16.0,
mainly to address CVE-2021-29482 (xz), CVE-2020-27813 (websocket), and
CVE-2020-26160 (jwt).

Pulls in https://github.com/kinvolk/mantle/pull/206 and
https://github.com/kinvolk/mantle/pull/207 .
2021-09-01 13:38:18 +02:00
Thilo Fromm
35b465ad63 sys-apps/glibc: add Flatcar changes for 2.33-r7
- unmask amd64 and arm64
- remove tmpfiles from ebuild inherit so we don't run into a circular
  dep with systemd, use systemd_tmpfilesd instead
- take care of nscd.conf via systemd_tmpfilesd,
  add files/nscd-conf.tmpfiles.
- Don't run sanity checks in pkg_pretend to prevent gcc checks when
  only the binary package is installed.
- comment out 'dostrip -x' to force the OS image binaries to be stripped
- remove everything glibc wants to put under /etc since we use
  baselayout to provide that

Add flatcar specific changes to the build recipe.
Move PYTHON_DEPS to DEPEND so things can build.

Don't run sanity checks in pkg_pretend
(similar change as in glibc-2.29) to prevent
gcc checks when only the binary package is installed.

Based on commit f7a8cd5f1fcc.

Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
Signed-off-by: Dongsu Park <dongsupark@microsoft.com>
2021-09-01 13:35:06 +02:00
Dongsu Park
6c0154f285 sys-libs/glibc: sync with Gentoo for 2.33-r7
Update sys-libs/glibc to 2.33-r7, mainly to address CVE-2021-38604.

Gentoo ref: 8c150cdb5bc5d9fc84079cc764957b7823c3bf43
2021-09-01 13:34:55 +02:00
Dongsu Park
ec7af9815a Merge pull request #1242 from kinvolk/dongsu/selinux-keywords-arm64
profiles: accept keyword ~arm64 for selinux
2021-09-01 13:33:17 +02:00
Dongsu Park
9eabfa5aeb profiles: accept keyword ~arm64 for selinux
Now that sys-apps/policycoreutils is pulled in explicitly for both
architectures, we should be able to pull in its dependencies, e.g.
sys-apps/semodule-utils, sys-libs/libselinux, sys-libs/libsemanage,
sys-libs/libsepol. In case of arm64, however, all the ebuilds have
only `~arm64`. So we need to enable the keywords for the ebuilds.

Without the changes, build fails like:

```
!!! All ebuilds that could satisfy
">=sys-libs/libselinux-3.1:=[python?,python_targets_python3_6(-)?,-python_single_target_python3_6(-)]"
for /build/arm64-usr/ have been masked.
!!! One of the following masked packages is required to complete your
request:
- sys-libs/libselinux-9999::coreos (masked by: missing keyword)
- sys-libs/libselinux-3.2::coreos (masked by: ~arm64 keyword)
- sys-libs/libselinux-3.1-r1::coreos (masked by: ~arm64 keyword)
```
2021-09-01 07:42:05 +02:00
Dongsu Park
f1691f3c08 Merge pull request #1241 from kinvolk/dongsu/firmware-intel-ice
sys-kernel/coreos-firmware: fix symlink to Intel ICE firmware
2021-09-01 06:55:07 +02:00
Dongsu Park
ebf22560ee sys-kernel/coreos-firmware: fix symlink to Intel ICE firmware
Now that Kernel config `CONFIG_ICE` is enabled, its corresponding
firmware file needs to be also in place. However, upstream
linux-firmware tarball does not contain a correct symlink to
`intel/ice/ddp/ice-1.3.26.0.pkg`, but `modinfo ice.ko` shows it
requires `ice.pkg`. So we need to create the symlink to avoid failures
at the firmware scanning stage like below:

```
Missing firmware: intel/ice/ddp/ice.pkg (ice.ko.xz)
```
2021-08-31 18:19:33 +02:00
Kai Lüke
e210655a05 Merge pull request #1240 from kinvolk/kai/explicit-image-contents
coreos-base/coreos/coreos: add user binaries to explicit list
2021-08-31 17:32:10 +02:00
Kai Lueke
46c86fa000 coreos-base/coreos/coreos: add user binaries to explicit list
The image contents are defined by the list in this package and the
dependencies pulled in. Once we would lose some dependency due to
a package change, that would also meant that this dependency's
binaries are not available to the user anymore. To prevent user
binaries from being lost we have to explicitly list them in this
package.
Add the packages that have binaries relevant to the user and are
currently installed (seen in flatcar_production_image_packages.txt
and checked manually). Also add sys-apps/acl which got lost when
removing rkt.
2021-08-31 17:26:01 +02:00
Krzesimir Nowak
646c9dc747 coreos-base/emerge-gitclone: Bump version 2021-08-31 17:18:21 +02:00
Krzesimir Nowak
97e416212f coreos-base/emerge-gitclone: Bump commit 2021-08-31 17:13:05 +02:00
Krzesimir Nowak
b2c3b8b235 coreos-base/emerge-gitclone: Update links 2021-08-31 17:13:05 +02:00
Kai Lüke
404cfae361 Merge pull request #1239 from kinvolk/kai/flatcar-install-oem
coreos-base/coreos-init: flatcar-install random OEM FS UUID if duplicate
2021-08-31 14:28:17 +02:00
Kai Lueke
f675979cf9 coreos-base/coreos-init: flatcar-install random OEM FS UUID if duplicate
This pulls in
https://github.com/kinvolk/init/pull/47
to randomize OEM filesystem UUID if mounting fails, and to avoid trying
to install the QEMU qcow2 images.
2021-08-31 14:25:37 +02:00
Sayan Chowdhury
52e49c4b2b Merge pull request #1227 from kinvolk/linux-5.10.61-main
Upgrade Linux Kernel in main from 5.10.59 to 5.10.61
2021-08-31 16:39:57 +05:30