mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-17 09:56:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,877 Commits 629 Branches 394 Tags 166 MiB
f51ac5097f
Commit Graph

8897 Commits

Author SHA1 Message Date
Sayan Chowdhury
487ba9efcf Merge pull request #2360 from flatcar/linux-5.15.86-main 
Upgrade Linux Kernel for main from 5.15.81 to 5.15.86
 2023-01-10 21:40:04 +05:30
Kai Lüke
32d8a64206 Merge pull request #2371 from flatcar/kai/backport-initrd-setup-root 
sys-kernel/bootengine: Always run initrd-setup-root
 2023-01-10 11:12:52 +01:00
Kai Lueke
abfaba8374 sys-kernel/bootengine: Always run initrd-setup-root 
This pulls in
c8399e42bb9651c3c108f916f6645557ab41884b which is a backport of the
relevant parts of https://github.com/flatcar/bootengine/pull/50 to fix
https://github.com/flatcar/Flatcar/issues/944
 2023-01-10 11:12:19 +01:00
Dongsu Park
285051316b Merge pull request #2370 from flatcar/cacerts-3.87-main 
Upgrade ca-certificates in main from 3.86 to 3.87
 2023-01-09 16:12:54 +01:00
Krzesimir Nowak
ba0743743d changelog: Add entries 2023-01-09 10:51:03 +01:00
Krzesimir Nowak
3b29f965e2 profiles: Cleanups for systemd 
Sort the use flags, drop obsolete ones and nonexistent packages, drop
unnecessary accept keywords file (as it would potentially introduce a
version mismatch between amd64 and arm64).
 2023-01-09 08:31:16 +01:00
Krzesimir Nowak
490ec0dc59 sys-apps/systemd: Apply Flatcar modifications 2023-01-09 08:31:16 +01:00
Krzesimir Nowak
45cc76db62 sys-apps/systemd: Sync with Gentoo 
It's from Gentoo commit ef3b51926ede813b240e807911eef302ac0c4fdb.
 2023-01-09 08:31:16 +01:00
Flatcar Buildbot
f2abbf09fe app-misc: Upgrade ca-certificates 3.86 to 3.87 2023-01-09 07:15:31 +00:00
Mathieu Tortuyaux
e9ec604f42 Merge pull request #2351 from flatcar/tormath1/ignition-vagrant 
sys-apps/ignition: bring back noop OEM
 2023-01-09 07:09:00 +01:00
Flatcar Buildbot
9ccfcc3c55 app-emulation: Upgrade Containerd 1.6.14 to 1.6.15 2023-01-06 08:22:37 +00:00
Mathieu Tortuyaux
43479cf6ae changelog: add entry 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2023-01-03 09:12:58 +01:00
Flatcar Buildbot
595603a0e6 sys-kernel: Upgrade Kernel 5.15.81 to 5.15.86 2023-01-01 07:16:32 +00:00
Flatcar Buildbot
2d2c3e61cc app-emulation: Upgrade Containerd 1.6.13 to 1.6.14 2022-12-23 08:21:45 +00:00
Mathieu Tortuyaux
8a6cbb8880 sys-apps/ignition: bring back noop OEM 
it mainly brings back Vagrant which was failing with Ignition 2.14.0
even if no Ignition is provided.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-12-21 17:28:38 +01:00
Dongsu Park
0b3beed6fe Merge pull request #2350 from flatcar/docker-20.10.22-main 
Upgrade Docker in main from 20.10.21 to 20.10.22
 2022-12-21 16:56:14 +01:00
Flatcar Buildbot
7f1d5313e7 app-emulation: Upgrade Docker 20.10.21 to 20.10.22 2022-12-21 07:45:33 +00:00
Dongsu Park
5c8d650a98 dev-lang/rust: bump version from 1.65 to 1.66 to fix build 
As the Gentoo ebuild of dev-lang/rust >= 1.65 keeps workaround that
explicitly checks for a version like 1.65, that ebuild would obviously
make the build fail with 1.66.
Update the version from 1.65 to 1.66 to fix the build.
 2022-12-20 12:10:33 +01:00
Flatcar Buildbot
f87210ba5c dev-lang: Upgrade dev-lang/rust 1.65.0 to 1.66.0 2022-12-20 07:33:57 +00:00
Krzesimir Nowak
1e5bd7893f changelog: Add an entry 2022-12-19 10:22:48 +01:00
Krzesimir Nowak
5c4757654f profiles: Update USE name for sys-apps/systemd 2022-12-19 10:22:48 +01:00
Krzesimir Nowak
d313a77d29 sys-apps/systemd: Apply Flatcar modifications 2022-12-19 10:22:48 +01:00
Krzesimir Nowak
c0b3c67e51 sys-apps/systemd: Sync with Gentoo 
It's from Gentoo commit 5ee96ebd12ec053d626f2e717bb4ba9f38991b4f.
 2022-12-19 10:22:48 +01:00
Flatcar Buildbot
0a55fafbb7 app-emulation: Upgrade Containerd 1.6.12 to 1.6.13 2022-12-16 08:21:10 +00:00
Dongsu Park
27311821b3 Merge pull request #2336 from flatcar/firmware-20221214-main 
Upgrade Linux Firmware in main from 20221109 to 20221214
 2022-12-15 15:28:24 +01:00
Mathieu Tortuyaux
fa4fac2e51 Merge pull request #2318 from flatcar/tormath1/update-engine 
coreos-base/update_engine: pull new update-engine
 2022-12-15 12:32:35 +01:00
Krzesimir Nowak
17dfbf3365 Merge pull request #2335 from flatcar/krnowak/user-patches 
coreos/user-patches: New directory for user-patches
 2022-12-15 11:06:22 +01:00
Krzesimir Nowak
68c56b0c11 coreos/user-patches: New directory for user-patches 2022-12-15 11:05:56 +01:00
Flatcar Buildbot
252d052d22 sys-kernel: Upgrade Linux Firmware 20221109 to 20221214 2022-12-15 07:11:08 +00:00
Krzesimir Nowak
bc70d8bb4e Merge pull request #2333 from flatcar/krnowak/weekly 
Changes for weekly updates (update glibc to 2.36)
 2022-12-14 14:50:21 +01:00
Dongsu Park
f7564880d7 .github: run apt-get update before installing native Ubuntu packages 
We should run apt-get update before installing native Ubuntu packages
like qemu-user-static. Otherwise apt-get install could fail like:

```
Err:1 http://azure.archive.ubuntu.com/ubuntu jammy-updates/universe
amd64 qemu-user-static amd64 1:6.2+dfsg-2ubuntu6.5
  404  Not Found [IP: 52.252.75.106 80]
```

That happens because meanwhile the qemu-user-static deb package in the
Azure mirror was updated from 6.5 to 6.6, without keeping the old
version. Its index of the Azure mirror was updated, but
setup-flatcra-sdk.sh did not sync that, as apt-get update did not run.
 2022-12-14 09:50:07 +01:00
Dongsu Park
d147ba2b79 Merge pull request #2332 from flatcar/go-1.18.9-and-1.19.4-main 
Upgrade Go from 1.19.3 and 1.18.8 to 1.19.4 and 1.18.9
 2022-12-13 10:02:04 +01:00
Krzesimir Nowak
d5244cd84b changelog: Add an entry 2022-12-12 14:52:54 +01:00
Krzesimir Nowak
1c7d3ad34d sys-libs/glibc: Apply Flatcar modifications 
- take care of nscd.conf via tmpfiles, add files/nscd-conf.tmpfiles.
  - comment out 'dostrip -x' to force the OS image binaries to be stripped
  - remove everything glibc wants to put under /etc since we use
    baselayout to provide that
 2022-12-12 14:25:09 +01:00
Dongsu Park
ec387e32fa changelog: add security changelog for Go 1.19.4, 1.18.9 2022-12-12 10:00:14 +01:00
Krzesimir Nowak
20a7d491a1 sys-libs/glibc: Sync with Gentoo 
It's from Gentoo commit aebe34585bd927ece8a8984ff9a27a4032378a6c.
 2022-12-12 09:07:16 +01:00
Flatcar Buildbot
c481e616b8 dev-lang: Upgrade Go 1.18.8 to 1.18.9 2022-12-12 07:28:28 +00:00
Flatcar Buildbot
31c8095542 dev-lang: Upgrade Go 1.19.3 to 1.19.4 2022-12-12 07:28:28 +00:00
Flatcar Buildbot
8c8f3f97ef app-misc: Upgrade ca-certificates 3.85 to 3.86 2022-12-12 07:15:27 +00:00
Dongsu Park
94ee295e6e changelog: add security changelog for containerd 1.6.12 2022-12-09 13:13:56 +01:00
Flatcar Buildbot
4f0dd682f9 app-emulation: Upgrade Containerd 1.6.10 to 1.6.12 2022-12-09 08:22:42 +00:00
Krzesimir Nowak
ec5f6ca252 Merge pull request #2317 from flatcar/krnowak/libarchive-update 
profiles: Drop accept keywords for app-arch/libarchive
 2022-12-08 12:50:24 +01:00
Mathieu Tortuyaux
1fab9ca500 coreos-base/coreos: add libsodium 
update_engine needs to access context from SHA256 to store it and
restore it for further computations on it.
With OpenSSL SHA256 v3 implementation is not possible, let's use the
libsodium implementation.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-12-08 11:18:52 +01:00
Mathieu Tortuyaux
018198129a coreos-base/update_engine: bump commit ID 
this pulls the OpenSSL 3 upgrade.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-12-08 11:18:52 +01:00
Krzesimir Nowak
246bc58053 Merge pull request #2316 from flatcar/krnowak/weekly 
Updates for weekly update 2022-12-05
 2022-12-08 09:43:33 +01:00
Mathieu Tortuyaux
c40db9d10f Revert "coreos-base/update_engine: remove -Werror flag" 
This reverts commit 5f720f7b9987bf8b7d15a9569b4a340bdf253260.
 2022-12-07 13:33:48 +01:00
Krzesimir Nowak
5cae1e12de profiles: Drop accept keywords for app-arch/libarchive 
The updated package is stable for both amd64 and arm64.
 2022-12-07 11:37:28 +01:00
Flatcar Buildbot
b134ce0bb9 sys-kernel: Upgrade Kernel 5.15.79 to 5.15.81 2022-12-07 00:22:20 +05:30
Sayan Chowdhury
bcf2bb0b77 sys-libs/pam: Apply Flatcar patches 
-  sys-libs/pam: Make /sbin/unix_chkpwd suid

This is to avoid importing fcaps eclass which adds a dependency on
sys-libs/libcap, which in turn depends on sys-libs/pam. To get out of
this conundrum, we could specify a "-filecaps" use flag for
sys-libs/pam. Problem with this solution would be no capability
override for the binary making it unable to read /etc/shadow. Thus we
make the binary suid. This is strictly less secure than overriding its
capabilities, but I have no idea how to solve it in a less hacky way.

-  sys-libs/pam: Install configuration into /usr

Also provide a tmpfiles fragment to bring it back.

- sys-libs/pam: Locked accounts functionality

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-12-06 15:06:47 +01:00
Krzesimir Nowak
ef09c88d70 sys-libs/pam: Reset to vanilla ebuild 2022-12-06 15:03:29 +01:00
Dongsu Park
eec5d85328 sys-devel/gdb: Apply Flatcar modifications 
- Fix cross build issues with configuring gmp libs

  As gdb 11 or newer requires gmp libs as dependency, a cross build of
  gdb 11.2 started to fail when its configure scripts try to detect if
  gmp exists.  The failure occurs mainly because the build still
  passes '-L/usr/lib64` to LDFLAGS. Let's say, for example, host
  toolchains outside of sysroot have amd64 libs, while the target
  inside of sysroot should have arm64 libs. However, configure scripts
  of gdb 11.2 still try to find its libs outside of sysroot,
  /usr/lib64, although it should find its libs inside of sysroot,
  e.g. /build/arm64/usr/lib64.

  To fix the cross build issues, pass --with-sysroot as well as
  --libdir, correctly with ${ESYSROOT}.

  As a side note, for some reason, upstream gdb configure scripts are
  not able to correctly make use of its gmp-specific options like
  --with-gmp or --with-gmp-lib. Passing those options does not bring
  anything.  Also configure must have both --with-sysroot and
  --libdir, to make the build work.

- Replace dependency on virtual/yacc with app-alternatives/yacc

  The former is gone in favor of the latter in Gentoo. This change
  will be dropped when we sync the package with Gentoo again.
 2022-12-06 14:53:36 +01:00
Krzesimir Nowak
1f88c934c0 sys-devel/gdb: Reset to vanilla ebuild 2022-12-06 14:51:21 +01:00
Sayan Chowdhury
f6efb50cb6 net-firewall/iptables: Apply the Flatcar patches 
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
 2022-12-06 14:49:54 +01:00
Krzesimir Nowak
fd2b43d9cf net-firewall/iptables: Reset to vanilla ebuild 2022-12-06 14:42:47 +01:00
Sayan Chowdhury
b621893c2e app-shells/bash: Apply Flatcar patches 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-12-06 14:41:10 +01:00
Krzesimir Nowak
0a0f1733f4 app-shells/bash: Reset to vanilla ebuild 2022-12-06 14:40:14 +01:00
Krzesimir Nowak
4bd509277a sys-libs/glibc: Apply Flatcar modifications 
- take care of nscd.conf via tmpfiles, add files/nscd-conf.tmpfiles.
  - comment out 'dostrip -x' to force the OS image binaries to be stripped
  - remove everything glibc wants to put under /etc since we use
    baselayout to provide that
  - replace virtual/awk with app-alternatives/awk
 2022-12-06 14:38:29 +01:00
Krzesimir Nowak
43ccab8e9d sys-libs/glibc: Reset to vanilla ebuild 2022-12-06 14:36:54 +01:00
Krzesimir Nowak
a4326957df dev-lang/python-oem: Apply Flatcar modifications 2022-12-06 14:34:48 +01:00
Krzesimir Nowak
4dc2f9a83d dev-lang/python-oem: Reset to vanilla ebuild 2022-12-06 14:32:39 +01:00
Krzesimir Nowak
f76441eaeb dev-lang/python-oem: Update dependency 
The `virtual/awk` package is replaced with `app-alternatives/awk`, so
reflect that in the ebuild.
 2022-12-06 14:32:39 +01:00
Krzesimir Nowak
33d5bace3f profiles: Do not pull in pip stuff from dev-lang/python 2022-12-06 14:32:39 +01:00
Krzesimir Nowak
990b2749a3 coreos/config: Update description for app-crypt/mit-krb5 overrides 2022-12-06 14:32:39 +01:00
Jeremi Piotrowski
1db12d110d Merge pull request #2315 from flatcar/bug-847-kernel-fix-backport 
sys-kernel/coreos-sources: Add backport of bugfix for #847
 2022-12-06 13:35:15 +01:00
Jeremi Piotrowski
b7eec9eed7 changelog: add entry for Flatcar#847 bugfix 2022-12-06 11:42:15 +01:00
Sayan Chowdhury
9700f36c3f Merge pull request #2309 from flatcar/sayan/update-sudo-1.9.12_p1 
add-admin/sudo: Sync with Gentoo upstream; updates to 1.9.12_p1
 2022-12-05 19:17:44 +05:30
Jeremi Piotrowski
61592da5ec sys-kernel/coreos-sources: Add backport of bugfix for #847 
Users reported a deadlock in ext4 that occurs under loads after kernel 5.15.72.
We debugged and found that this issue is also present upstream (6.x) and found
a fix. The fix has been validated to fix the issue, but we're still waiting for
a reponse from the ext4 maintainer.

In the meantime, apply the backport to our kernel sources, so that users can be
unblocked from updating. This will be released to alpha/beta first, and
hopefully by the time it is promoted to stable, the fix will be merged to the
kernel tree and backported to 5.15.
 2022-12-05 13:31:20 +01:00
Sayan Chowdhury
f2ea162fae changelog: Update the changelog for the sudo-1.9.12_p1 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-12-02 17:22:04 +05:30
Krzesimir Nowak
7542bbf3f5 Merge pull request #2307 from flatcar/krnowak/weekly 
Changes for weekly updates
 2022-12-01 19:39:23 +01:00
Flatcar Buildbot
7b019787ee app-emulation: Upgrade open-vm-tools 12.1.0 to 12.1.5 2022-11-30 07:19:01 +00:00
Krzesimir Nowak
642a90d29b profiles: Drop accept keywords for sys-libs/zlib 
It became stable for amd64 and arm64.
 2022-11-29 15:13:45 +01:00
Krzesimir Nowak
cf28added0 profiles: Drop accept keywords for sys-fs/multipath-tools 
The updated package is now stable for both amd64 and arm64.
 2022-11-29 15:08:35 +01:00
Krzesimir Nowak
8064d1c3d5 profiles: Updated accept keywords for net-misc/curl 2022-11-29 14:13:49 +01:00
Krzesimir Nowak
33b0d3e235 coreos-devel/sdk-depends: Replace dev-util/boost-build with dev-util/b2 
dev-libs/boost now needs the latter to build.
 2022-11-29 10:58:18 +01:00
Dongsu Park
78c4fb88d1 Merge pull request #2299 from flatcar/dongsu/cpio-2.13 
profiles: accept keywords for app-arch/cpio 2.13-r3
 2022-11-23 17:32:37 +01:00
Krzesimir Nowak
bfbf8b3135 Merge pull request #2298 from flatcar/krnowak/weekly 
profiles: Updates for weekly package updates
 2022-11-23 14:32:46 +01:00
Dongsu Park
f8d0d4bd13 Merge pull request #2292 from flatcar/linux-5.15.79-main 
Upgrade Linux Kernel for main from 5.15.77 to 5.15.79
 2022-11-23 14:20:35 +01:00
Krzesimir Nowak
5b6cd2ab0a profiles: Update accept keywords for net-misc/curl 
Revision was bumped to r2, but it kept the keywords intact.
 2022-11-22 13:39:22 +01:00
Krzesimir Nowak
4c7180dca0 profiles: Update accept keywords for sys-libs/zlib 
It became stable for arm64, still unstable for amd64. Probably will be
stabilized for the latter during the week.
 2022-11-22 13:35:13 +01:00
Dongsu Park
384ce45da9 profiles: accept keywords for app-arch/cpio 2.13-r3 
Accept keywords for app-arch/cpio 2.13-r3, mainly to address
CVE-2021-38185.
 2022-11-22 11:00:41 +01:00
Dongsu Park
69e9bcc0f7 Merge pull request #2296 from flatcar/containerd-1.6.10-main 
Upgrade Containerd in main from 1.6.9 to 1.6.10
 2022-11-18 13:08:02 +01:00
Krzesimir Nowak
02b93bd55a Merge pull request #2288 from flatcar/krnowak/weekly 
profiles: Cleanups for weekly package updates
 2022-11-18 10:14:47 +01:00
Flatcar Buildbot
88af01b531 app-emulation: Upgrade Containerd 1.6.9 to 1.6.10 2022-11-18 08:24:29 +00:00
Krzesimir Nowak
052c0553ae Merge pull request #2268 from flatcar/krnowak/openssh-update 
net-misc/openssh: Bump to 9.1
 2022-11-17 11:19:32 +01:00
Krzesimir Nowak
e596583d76 profiles: Build static libraries for dev-libs/libpcre2 
app-emulation/qemu depends on dev-libs/glib preferentially built with
static libraries. The GLib library started to depend on
dev-libs/libpcre2 after the update. Since dev-libs/glib is built with
static-libs USE flag, it propagates the requirement to
dev-libs/libpcre2 too. Thus update the line with old dev-libs/libpcre
in package.use to new dev-libs/libpcre2 now. Hopefully nothing needs
static libs of old dev-libs/libpcre.
 2022-11-17 11:15:54 +01:00
Krzesimir Nowak
11d976f352 profiles: Drop arm64 from accept keywords for net-misc/curl 2022-11-17 11:15:54 +01:00
Krzesimir Nowak
8eff949fff profiles: drop dev-util/glib-utils from packages.provided 
Should not be necessary - dev-libs/glib is not pulling it anymore, and
other ebuilds needing the package pull it with BDEPEND, which means
that the package on SDK is being used.
 2022-11-17 11:15:54 +01:00
Krzesimir Nowak
1a045b9ccc profiles: Update accept keywords for app-editors/vim-core 2022-11-17 11:15:54 +01:00
Krzesimir Nowak
8957817186 profiles: Update accept keywords for app-editors/vim 2022-11-17 11:15:54 +01:00
Flatcar Buildbot
5c6e3b3fe0 sys-kernel: Upgrade Kernel 5.15.77 to 5.15.79 2022-11-17 07:19:16 +00:00
Dongsu Park
4a4289ebc8 Merge pull request #2283 from flatcar/cacerts-3.85-main 
Upgrade ca-certificates in main from 3.84 to 3.85
 2022-11-16 15:09:07 +01:00
Kai Lueke
ee0c1e654c Support Hardware Security Keys in update-ssh-keys 
This pulls in
https://github.com/flatcar/update-ssh-keys/pull/7
to support Hardware Security Keys in update-ssh-keys.
Until we have a new crates.io release of openssh-keys with
https://github.com/coreos/openssh-keys/pull/68 we need to host it on
Origin or find a way to make the eclass more flexible. Here it was
hosted on Origin (from "cargo package") and the Cargo.toml/lock patched
on build to think it would come from crates.io because the Gentoo
eclass only supports that location.
 2022-11-16 11:52:16 +01:00
Sayan Chowdhury
d340dda71a app-admin/sudo: Apply Flatcar patches 
- Remove Perl Runtime Dependency
- Remove OpenLDAP schema files for sudo
- Remove sudo.conf file as it is shipped via baselayout

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2022-11-15 05:24:42 +00:00
Sayan Chowdhury
32089482da add-admin/sudo: Sync with Gentoo upstream; updates to 1.9.12_p1 
gentoo syncref: 82f5b130cc
 2022-11-15 05:18:23 +00:00
Flatcar Buildbot
0986cc7377 app-misc: Upgrade ca-certificates 3.84 to 3.85 2022-11-14 07:17:45 +00:00
Krzesimir Nowak
db546fb6d4 changelog: Add an entry 2022-11-11 09:17:27 +01:00
Dongsu Park
340f597eae Merge pull request #2276 from flatcar/firmware-20221109-main 
Upgrade Linux Firmware in main from 20221012 to 20221109
 2022-11-11 09:13:13 +01:00
Mathieu Tortuyaux
3d882f6f73 changelog: add entry 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-11-10 17:02:28 +01:00
Mathieu Tortuyaux
3a9541cd7e sys-apps/ignition: fix OEM detection 
In case the OEM partition was specified with the name "OEM",
the btrfs format was not forced because it only considered the name "oem".

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-11-10 16:58:37 +01:00
Krzesimir Nowak
bbc47ca7ab profiles: Cleanup net-misc/openssh stuff 
We mark the package as stable in ebuild, so drop the accept
keywords. Also, bindist is not a thing any more.
 2022-11-10 16:11:42 +01:00
Sayan Chowdhury
9393631719 net-misc/openssh: Apply Flatcar patches 
- Drop the init.d files.
- Remove the socket unit's rate limiting.
- Mark the package as stable.

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
Signed-off-by: Dongsu Park <dpark@linux.microsoft.com>
 2022-11-10 16:11:42 +01:00
Krzesimir Nowak
8d0734b440 net-misc/openssh: Sync with Gentoo 
It's from Gentoo commit 591c528cc536c3e28daaf6356084d356c5e82eec.
 2022-11-10 16:11:42 +01:00
Flatcar Buildbot
909e4e5a85 sys-kernel: Upgrade Linux Firmware 20221012 to 20221109 2022-11-10 15:23:58 +01:00
Krzesimir Nowak
a8467c41ec Merge pull request #2266 from flatcar/krnowak/weekly 
Profile cleanups for weekly package updates
 2022-11-10 09:46:51 +01:00
Krzesimir Nowak
e6c3da9063 Merge pull request #2249 from flatcar/sync-maintainers 
Sync MAINTAINERS.md
 2022-11-09 13:26:17 +01:00
Krzesimir Nowak
1c76e1b569 profiles: Update accept keywords for net-misc/curl 2022-11-09 13:23:54 +01:00
Krzesimir Nowak
c2709f7f01 sys-devel/sysroot-wrappers: Bump to 0.2 
Pull things from flatcar org, updates the build system, so we can
depend on autoconf 2.71, install symlink for cc too.
 2022-11-08 17:42:05 +01:00
Krzesimir Nowak
4ce207765b profiles: Drop accept keywords for dev-libs/libxml2 
It became stable in portage-stable.
 2022-11-08 17:42:05 +01:00
Krzesimir Nowak
e4fbf8c8b7 profiles: Drop accept keyword for dev-util/patchelf 2022-11-08 17:42:05 +01:00
Krzesimir Nowak
78df8c3cc8 profiles: Drop accept keyword for dev-util/meson 2022-11-08 17:42:05 +01:00
Krzesimir Nowak
a4c2fc83b5 profiles: Add accept keywords for app-portage/portage-utils 
Still unstable for amd64, will likely be marked as stable by next week.
 2022-11-08 17:42:05 +01:00
Dongsu Park
9ac87490bd dev-lang/rust: Apply Flatcar modifications 
- Apply crossdev patch.
- Enable keywords again
- Remove dependency on sys-apps/lsb-release, which conflicts with
  sys-apps/baselayout of Flatcar.

Based on commit 036e8f53c2280eadb070bab9f6bd434368e56643
 2022-11-08 13:17:14 +01:00
Dongsu Park
3312437919 dev-lang/rust: update to 1.65.0, sync with Gentoo 
Sync with Gentoo to update dev-lang/rust to 1.65.0

Gentoo ref: ec128832c39662fec523d84fb344b0f4a1fbf7be
 2022-11-08 13:16:51 +01:00
Flatcar Buildbot
e3d9709ca6 dev-lang: Upgrade dev-lang/rust 1.64.0 to 1.65.0 2022-11-08 07:57:41 +00:00
Sayan Chowdhury
71174cb35e Merge pull request #2274 from flatcar/linux-5.15.77-main 
Upgrade Linux Kernel for main from 5.15.74 to 5.15.77
 2022-11-07 16:56:24 +05:30
Dongsu Park
969f346b2f Merge pull request #2269 from flatcar/dongsu/go-1.19.3-1.18.8 
dev-lang/go: add 1.19.3, update 1.18.8, remove 1.17
 2022-11-04 12:23:49 +01:00
Dongsu Park
638873e3d9 .github: add Go 1.19, remove 1.17 
Add Go 1.19 and remove 1.17 from go-releases-main.yml.
Fix a broken URL in go-apply-patch.sh, from
https://go.dev/doc/devel/release#${VERSION} to
https://go.dev/doc/devel/release#go${VERSION}.
 2022-11-04 09:10:43 +01:00
Dongsu Park
d837ff3a0c changelog: add changelog for Go 1.19.3 
Add changelog for Go 1.19.3.
Update its URL to https://go.dev/doc/devel/release#go1.19.3.
 2022-11-04 09:09:27 +01:00
Flatcar Buildbot
32d4322019 sys-kernel: Upgrade Kernel 5.15.74 to 5.15.77 2022-11-04 07:20:37 +00:00
Jeremi Piotrowski
c70a98d6d1 Sync maintainers file from flatcar/flatcar repository 2022-11-03 15:37:27 +01:00
Krzesimir Nowak
ed5a239a9a Merge pull request #2267 from flatcar/krnowak/openssl-update 
dev-libs/openssl: Bump to 3.0.7
 2022-11-03 12:24:58 +01:00
Dongsu Park
c9b1606109 coreos-base/hard-host-depends: remove Go 1.17, add Go 1.19 
Make hard-host-depends pull in dev-lang/go:1.19 instead of 1.17,
to avoid build failures.
 2022-11-03 09:38:35 +01:00
Dongsu Park
0c267f156e eclass: update list of required docs of dev-lang/go 
Now that the source tree of Go 1.19 or newer does not have files like
AUTHORS or CONTRIBUTORS, we need to remove the files from the list of
required docs of dev-lang/go.
Also add CONTRIBUTING.md to the list of docs, as all Go versions have
the file.
 2022-11-03 09:36:45 +01:00
Dongsu Park
3d8b7b67ce dev-lang/go: Add Go 1.19.3 
Add Go 1.19.3. https://go.dev/doc/devel/release#go1.19.3
Update the default Go version to 1.19.

Note, we still keep COREOS_GO_VERSION=go1.18 in containerd, docker,
docker-cli, docker-proxy, docker-runc following the default version
of the upstream repos.
 2022-11-03 09:36:45 +01:00
Dongsu Park
a17469f602 dev-lang/go: update Go to 1.18.8 
Update dev-lang/go to 1.18.8.
https://go.dev/doc/devel/release#go1.18.8

Note, the security issue of the release does not affect Flatcar,
as that affects only Windows.
 2022-11-03 09:36:45 +01:00
Dongsu Park
bb67d7f126 dev-lang/go: clean up Go 1.17.13 
Go 1.17 is no longer used anywhere. Clean up.
 2022-11-03 09:36:45 +01:00
Krzesimir Nowak
38b47df9ac changelog: Add an entry 2022-11-03 08:59:44 +01:00
Krzesimir Nowak
52addedfda changelog: Add an entry 2022-11-02 16:04:19 +01:00
Krzesimir Nowak
8df2647e0e sys-libs/glibc: Apply Flatcar modifications 
- take care of nscd.conf via tmpfiles, add files/nscd-conf.tmpfiles.
  - comment out 'dostrip -x' to force the OS image binaries to be stripped
  - remove everything glibc wants to put under /etc since we use
    baselayout to provide that
 2022-11-02 16:04:19 +01:00
Krzesimir Nowak
2608c4e79c sys-libs/glibc: Sync with Gentoo 
It's from Gentoo commit a3d93f81ed9442703de09b684f309d8e1d596571.
 2022-11-02 16:04:19 +01:00
Krzesimir Nowak
4dfba02e59 Merge pull request #2238 from flatcar/krnowak/actions-update 
github: Modernize the actions a bit
 2022-11-02 15:59:45 +01:00
Mathieu Tortuyaux
c49c230f1b dev-libs/openssl: Apply Flatcar modifications 
- remove unecessary files
- drop `pkg_postint`
- create `/etc/ssl` with tmpfiles
- mark openssl as stable for arm64 and amd64

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-11-02 14:36:25 +01:00
Krzesimir Nowak
704380a2e0 dev-libs/openssl: Sync with Gentoo 
It's from Gentoo commit 9ffdcaba89a94dc933e722339fe9471ad16af62a.
 2022-11-02 14:30:31 +01:00
Dongsu Park
69e68c98c2 Merge pull request #2265 from flatcar/dongsu/multipath-tools-0.9.3 
profiles: accept keywords for multipath-tools 0.9.3
 2022-11-02 12:58:31 +01:00
Kai Lueke
8cc6058a64 dev-libs/openssl: Fix security issue 
This applies a patch to fix a security issue. There will be an upstream
release available soon and we can drop the patch after updating to it.
 2022-11-01 17:25:27 +01:00
Dongsu Park
c207188a81 profiles: accept keywords for multipath-tools 0.9.3 
Accept keywords ~amd64, ~arm64 for sys-fs/multipath-tools 0.9.3
to address CVE-2022-41973, CVE-2022-41974.
 2022-11-01 12:21:09 +01:00
Flatcar Buildbot
2c2af1fa7a app-emulation: Upgrade Containerd 1.6.8 to 1.6.9 2022-10-28 08:58:19 +00:00
Dongsu Park
9225503a6c Merge pull request #2250 from flatcar/docker-20.10.21-main 
Upgrade Docker in main from 20.10.20 to 20.10.21
 2022-10-28 10:53:55 +02:00
Kai Lueke
b5f2777a6e app-admin/toolbox: Use containerd 
This pulls in
https://github.com/flatcar/toolbox/pull/7
to download and mount the image with containerd instead of requiring
Docker.
 2022-10-27 16:13:51 +02:00
Krzesimir Nowak
47bf270880 Merge pull request #2248 from flatcar/krnowak/weekly 
Profile additions and cleanups for weekly update
 2022-10-27 12:19:29 +02:00
Krzesimir Nowak
f8a6a2be8d Merge pull request #2245 from flatcar/krnowak/net-misc-update 
Profile cleanups for net-misc packages update
 2022-10-27 12:17:29 +02:00
Flatcar Buildbot
139db5ad3f app-emulation: Upgrade Docker 20.10.20 to 20.10.21 2022-10-26 07:50:01 +00:00
Krzesimir Nowak
1bb650c94e profiles: Update accept keywords for sys-libs/zlib 
The package is still unstable and 1.2.13 is gone in favor of 1.2.13-r1.
 2022-10-24 19:16:54 +02:00
Krzesimir Nowak
8172ba5da7 profiles: Drop unnecessary unmask for dev-vcs/git 
We have updated the package to a different version now. Also, it's not
masked any more.
 2022-10-24 18:51:02 +02:00
Krzesimir Nowak
112001a419 profiles: Add accept keywords for dev-util/patchelf 2022-10-24 18:50:46 +02:00
Krzesimir Nowak
9511ff75bf profiles: Drop accept keywords for dev-util/cmake 
It became stable for amd64 too.
 2022-10-24 18:40:41 +02:00
Krzesimir Nowak
a1d4afd659 profiles: Add accept keywords for dev-util/meson 2022-10-24 18:40:12 +02:00
Krzesimir Nowak
c7d70dd1a2 profiles: Update accept keywords for dev-util/bpftool 2022-10-24 18:38:12 +02:00
Jeremi Piotrowski
369a2fd99c Merge pull request #2240 from flatcar/jepio/qemu-guest-agent 
coreos: add qemu-guest-agent to images
 2022-10-24 11:06:23 +02:00
Jeremi Piotrowski
e535a18d7c Merge pull request #2239 from flatcar/jepio/arm64-kernel-shrink 
arm64 kernel shrink by changing kernel options to module and disabling unsupported options.
 2022-10-24 09:34:43 +02:00
Jeremi Piotrowski
8f23ec18c2 Merge pull request #2197 from flatcar/jepio/arm64-parent-profile 
profile/coreos/arm64: switch parent profile to 17.0/hardened
 2022-10-24 09:32:51 +02:00
Jeremi Piotrowski
f261312db5 changelog: add entry for changes needed to bring down arm64 kernel size 2022-10-24 09:30:39 +02:00
Jeremi Piotrowski
83610f44d1 Merge pull request #2235 from Snaipe/fix-arm64-boot 
sys-kernel: enable IOMMU on arm64
 2022-10-21 14:33:22 +02:00
Mathieu Tortuyaux
16b9cbb3d3 changelog: add entry 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-10-21 14:20:48 +02:00
Mathieu Tortuyaux
503114256f coreos-base/oem-ec2-compat: pull ssh keys from metadata server 
Without this Ignition configuration, the SSH keys are
not installed from the Openstack metadata server.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-10-21 14:20:48 +02:00
Krzesimir Nowak
fd81c9ade2 Merge pull request #2210 from flatcar/krnowak/vim-update 
app-editors/vim: Move back to portage-stable
 2022-10-20 16:22:18 +02:00
Krzesimir Nowak
5c783ce9c1 profiles: Remove unnecessary package.provided for app-arch/xz-utils 
The circular dep used to be:

app-arch/xz-utils
libtool.eclass
app-portage/elt-patches
app-arch/xz-utils

The circular dep should be gone now, because app-arch/xz-utils is a
BDEPEND, so for building production images the package from SDK will
be used. For building SDK the package from seed SDK should be used.
 2022-10-20 15:20:36 +02:00
Krzesimir Nowak
830d3e424a profiles: Drop redundant package.use.force for net-misc/wget 
It already is a part of the base profile in portage-stable.
 2022-10-20 15:20:36 +02:00
Krzesimir Nowak
eea6bf76b1 profiles: Drop accept_keywords for net-misc/wget 
The updated package is stable for both amd64 and arm64.
 2022-10-20 15:20:36 +02:00
Krzesimir Nowak
1d9b15ea3e profiles: Drop obsolete USE flag for net-misc/iputils 
The net-misc/iputils package stopped providing traceroute. We are
pulling in a different package instead.
 2022-10-20 15:20:36 +02:00
Krzesimir Nowak
d87266cbf0 coreos-base/coreos{,-dev}: Add net-analyzer/traceroute 
These packages are pulling in iputils, that used to provide the
traceroute utility. The updated iputils package stopped doing that
altogether, recommending to install net-analyzer/traceroute or
net-analyzer/mtr instead. We are going with the former here.
 2022-10-20 15:19:20 +02:00
Krzesimir Nowak
9d5fc0ff03 Merge pull request #2243 from flatcar/krnowak/curl-update 
profiles: Accept keywords for curl 7.85
 2022-10-20 15:00:53 +02:00
Krzesimir Nowak
7499c24a52 changelog: Add entries 2022-10-20 14:34:18 +02:00
Sayan Chowdhury
1296ae7ef6 Merge pull request #2244 from flatcar/sayan/update-wireguard-tools-1.0.20210914 
net-vpn/wireguard-tools: Move to portage-stable
 2022-10-20 15:32:36 +05:30
Krzesimir Nowak
e4bda5bbf3 Merge pull request #2242 from flatcar/docker-20.10.20-main 
Upgrade Docker in main from 20.10.18 to 20.10.20
 2022-10-19 18:53:00 +02:00
Krzesimir Nowak
0f99e5dcf6 Merge pull request #2241 from flatcar/krnowak/weekly 
Profile changes for the weekly updates
 2022-10-19 18:12:03 +02:00
Krzesimir Nowak
092ae3d567 github: Use recommended way of setting output 2022-10-19 18:06:31 +02:00
Krzesimir Nowak
76cdd99843 github: Bump action versions 
This updates checkout and create-pull-request action versions to v3
and v4, respectively, to avoid warnings about deprecated node 12.
 2022-10-19 18:04:32 +02:00
Krzesimir Nowak
6f1a2a0cab Merge pull request #2221 from flatcar/krnowak/deduplicate-workflows 
github: Deduplicate kernel and ca-certificates workflows
 2022-10-19 18:02:32 +02:00
Krzesimir Nowak
3ce9099727 profiles: Remove obsolete USE flag of net-misc/curl 
Also drop the comment, it was related to the media-libs/mesa package
that was dropped over 9 years ago in commit
de91081f00a4ab07332759b1bbfc3072d530c9fd.
 2022-10-19 10:08:25 +02:00
Krzesimir Nowak
eb2d5da242 profiles: Add accept keywords for net-misc/curl 2022-10-19 10:08:07 +02:00
Flatcar Buildbot
7d7ff9c223 app-emulation: Upgrade Docker 20.10.18 to 20.10.20 2022-10-19 08:07:25 +00:00
Krzesimir Nowak
40e0917023 profiles: Add accept keywords for sys-libs/zlib 2022-10-19 08:51:13 +02:00
jenkins
cee408b4a6 coreos: add qemu-guest-agent to images 
Qemu-guest-agent gets activated using a udev rule, and so will only run
when the correct virtio-port name is detected. Qemu-guest-agent is used
across several oems so we include it in the usr partition.
 2022-10-18 17:01:44 +00:00
Krzesimir Nowak
9ea66f917a profiles: Drop accept keywords for dev-vcs/git 
The updated package became stable on both amd64 and arm64.
 2022-10-18 18:18:33 +02:00
Krzesimir Nowak
e7863f5ab1 profiles: Add accept keywords for dev-util/cmake 2022-10-18 18:13:43 +02:00
Krzesimir Nowak
d8f81f4442 profiles: Add accept keywords for dev-libs/libxml2 2022-10-18 18:07:24 +02:00
Krzesimir Nowak
9f7bb31f84 Merge pull request #2228 from flatcar/linux-5.15.74-main 
Upgrade Linux Kernel in main from 5.15.73 to 5.15.74
 2022-10-18 16:16:58 +02:00
Jeremi Piotrowski
99ff470847 sys-kernel/coreos-modules: make wireguard a module 
The wireguard module has some crypto dependencies, we benefit from making them
all modules so that they don't increase the arm64 kernel size.
 2022-10-18 13:12:56 +02:00
Jeremi Piotrowski
d3d07fc959 sys-kernel/coreos-modules: disable arm64 board specific kconfig settings 
Disable ARCH_QCOM, ARCH_ZYNQMP, ARCH_MEDIATEK which enable other options that
are only relevant on the respective boards, none of which are supported targets
for Flatcar. Since the arm64 kernel does not support compression, these
settings have a significant impact on kernel size. The boot partition size is
only 128MB and needs to fit 2 kernels, so we have set ourselves a target of
60MB per kernel. This commit brings down the arm64 kernel size by 3MB.

At the same time, enable the settings that are actually relevant: ARCH_BCM,
because that one is relevant for Raspberry Pi 4 that runs Linux.
 2022-10-18 13:12:01 +02:00
Krzesimir Nowak
053fe006d3 .github: Simplify kernel patch script 
No point in setting UPDATE_NEEDED to zero if we exit the script
without doing anything with the just set variable.

Also to avoid mismatches in branch names, export the branch name as a
github workflow step output, so the follow-up steps can pick it up and
use.
 2022-10-18 11:37:01 +02:00
Krzesimir Nowak
b15055684e .github: Deduplicate kernel workflows 
Also use a newer version of the create pull request action, and apply
correct labels ("alpha" or "stable" instead of "flatcar-XXXX").
 2022-10-18 11:37:01 +02:00
Krzesimir Nowak
8d00adc16c .github: Simplify ca-certificates patch script 
No point in setting UPDATE_NEEDED to zero if we exit the script
without doing anything with the just set variable.

Also fix the mismatch in branch names - we normally create a branch
like "cacerts-${NSS_VERSION}-${BRANCH}" in the last workflow step
whereas we were checking if a branch like "${NSS_VERSION}-${BRANCH}"
existed in the script. To avoid repetition, export the branch name as
a github workflow step output, so the follow-up steps can pick it up
and use.
 2022-10-18 11:37:01 +02:00
Krzesimir Nowak
c1a9aa5a97 .github: Deduplicate ca-certificates workflows 
Also use a newer version of the create pull request action, and apply
correct labels ("alpha" or "stable" instead of "flatcar-XXXX").
 2022-10-18 11:37:01 +02:00
Krzesimir Nowak
522749197c .github: Add a script for figuring out a branch from channel name 
It will be used for deduplicating the github workflows.
 2022-10-18 11:32:10 +02:00
Krzesimir Nowak
7c4b588a5c github: Make workflows fork-friendly 
This sets up the coreos-overlay submodule inside the SDK container to
use the remote of the fork and the base branch from that fork. That
way, we can test the workflows in the forks too.
 2022-10-18 11:32:10 +02:00
Franklin "Snaipe" Mathieu
81a35f0027 sys-kernel: enable IOMMU on arm64 
On Gigabyte R152-P31 arm64 servers, the Flatcar PXE images hang during the boot
process, making them unusable, while Fedora CoreOS images work.

The kernel seems to start correctly, however it invariably ends up printing
this message and hanging:

    ata1.00: qc timeout (cmd 0xec)
    ahci 000c:01:00.0: AHCI controller unavailable!
    pcieport 000c:00:01.0: AER: Uncorrected (Non-Fatal) error received: 000c:00:00.0
    ata1.00: failed to IDENTIFY (I/O error, err_mask=0x4)
    pcieport 000c:00:01.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
    pcieport 000c:00:01.0:   device [1def:e101] error status/mask=00004000/00400000
    pcieport 000c:00:01.0:    [14] CmpltTO                (First)
    ahci 000c:01:00.0: AHCI controller unavailable!
    ahci 000c:01:00.0: AER: can't recover (no error_detected callback)
    pcieport 000c:00:01.0: AER: device recovery failed
    pcieport 000c:00:01.0: AER: Multiple Uncorrected (Non-Fatal) error received: 000c:00:00.0

Enabling IOMMU seems to make the problem disappear.
 2022-10-17 16:50:07 +02:00
Flatcar Buildbot
1166d236f9 app-misc: Upgrade ca-certificates 3.83 to 3.84 2022-10-17 07:53:26 +00:00
Flatcar Buildbot
c3d3fe075f sys-kernel: Upgrade Kernel 5.15.73 to 5.15.74 2022-10-15 07:31:35 +00:00
Krzesimir Nowak
78429927ca Merge pull request #2209 from flatcar/krnowak/weekly-package-updates 
Profile changes for weekly package updates
 2022-10-14 13:06:12 +02:00
Sayan Chowdhury
937fac6d07 net-vpn/wireguard-tools: Move to portage-stable 2022-10-14 10:38:46 +00:00
Dongsu Park
4388c058bb Merge pull request #2216 from flatcar/firmware-20221012-main 
Upgrade Linux Firmware in main from 20220913 to 20221012
 2022-10-13 16:55:12 +02:00
Krzesimir Nowak
977e0affcc changelog: Fix a link 2022-10-13 10:47:34 +02:00
Dongsu Park
75b7a21d40 sys-kernel/coreos-firmware: update cxgb4 version to 1.27.0.0 
Fix build issues of coreos-firmware, by bumping the cxgb4 firmware
version to 1.27.0.0.
 2022-10-13 09:46:52 +02:00
Flatcar Buildbot
c1c8edd5a0 sys-kernel: Upgrade Kernel 5.15.72 to 5.15.73 2022-10-13 07:40:15 +00:00
Flatcar Buildbot
de054baecd sys-kernel: Upgrade Linux Firmware 20220913 to 20221012 2022-10-13 07:29:55 +00:00
Krzesimir Nowak
13e5c2598f changelog: Add entries 2022-10-12 12:41:49 +02:00
Aniruddha Basak
a1a96c009d app-admin/logrotate: Apply Flatcar modifications 2022-10-12 12:41:49 +02:00
Krzesimir Nowak
40e891505e app-admin/logrotate: Sync with Gentoo 
It's from Gentoo commit fef4d6517bb66698022978cd835a56d5701e318a.
 2022-10-12 12:24:45 +02:00
Krzesimir Nowak
8a6b90ffc1 Merge pull request #2211 from flatcar/krnowak/dbus-update 
sys-apps/dbus: Update to 1.14.4
 2022-10-12 12:09:02 +02:00
Dongsu Park
8394036bc7 Merge pull request #2188 from flatcar/rust-1.64.0-main 
Upgrade dev-lang/rust and virtual/rust in main from 1.63.0 to 1.64.0
 2022-10-12 10:31:17 +02:00
Dongsu Park
835970dc2c coreos-base/update_engine: check ld-linux-*.so.2 for glibc 2.34 
While glibc 2.33 has /lib64/ld-2.33.so, glibc 2.34 does not have that,
but only /lib64/ld-linux-x86-64.so.2. So we should also check ld-linux-*
as well.

Pulls in https://github.com/flatcar-linux/update_engine/pull/17.
 2022-10-11 17:06:44 +02:00
Dongsu Park
448e9aca9b changelog: add changelog for glibc 2.34 2022-10-11 16:11:53 +02:00
Krzesimir Nowak
176b1cc152 sys-libs/glibc: Apply Flatcar modifications 
- take care of nscd.conf via tmpfiles, add files/nscd-conf.tmpfiles.
  - don't run sanity checks in pkg_pretend to prevent gcc checks when
    only the binary package is installed.
  - comment out 'dostrip -x' to force the OS image binaries to be stripped
  - remove everything glibc wants to put under /etc since we use
    baselayout to provide that
 2022-10-11 16:11:53 +02:00
Krzesimir Nowak
f2f8da03f9 sys-libs/glibc: Sync with Gentoo 
It's from Gentoo commit a3d93f81ed9442703de09b684f309d8e1d596571.
 2022-10-11 16:11:52 +02:00
Krzesimir Nowak
0a266b2209 changelog: Add entries 2022-10-11 14:04:55 +02:00
Dongsu Park
8e82ad0b20 changelog: add changelog for Rust 1.64.0 2022-10-11 13:41:32 +02:00
Flatcar Buildbot
0dc33cdd0c dev-lang: Upgrade dev-lang/rust 1.63.0 to 1.64.0 2022-10-11 13:41:32 +02:00
Krzesimir Nowak
9d3024be79 changelog: Add an entry 2022-10-11 13:03:03 +02:00
Krzesimir Nowak
6128c49a80 Merge pull request #2208 from flatcar/go-1.17.13-and-1.18.7-main 
Upgrade Go from 1.18.6 to 1.18.7
 2022-10-11 12:55:33 +02:00
Kai Lüke
ff185a491c Merge pull request #2207 from genesiscloud/nftables-bridge-conntrack-meta 
Enable nf_conntrack_bridge and nft_meta_bridge kernel modules
 2022-10-11 11:28:37 +02:00
Lukas Stockner
46ff05ed65 Update changelog 
Co-authored-by: Kai Lüke <pothos@users.noreply.github.com>
 2022-10-11 11:23:32 +02:00
Krzesimir Nowak
f3a354c8d1 sys-apps/dbus: Apply Flatcar modifications 2022-10-10 11:59:12 +02:00
Krzesimir Nowak
0d9aaf7b05 sys-apps/dbus: Sync with Gentoo 
It's from Gentoo commit 42b645e918ddd5fd999926bc8c0a417a9f8c3be4.
 2022-10-10 11:59:12 +02:00
Krzesimir Nowak
5be55ae97d profiles: Add accept keywords for app-editors/{vim,vim-core} 2022-10-10 11:29:55 +02:00
Krzesimir Nowak
48bf9a6645 app-editors/{vim,vim-core}: Move back to portage-stable 2022-10-10 11:29:34 +02:00
Krzesimir Nowak
de55948ac3 profiles: Disable python stuff for dev-libs/libxslt 
The libxslt upstream fixed their python bindings, so they are not
python2 only. Gentoo then started to build them. Since we have fared
well so far without the bindings, keep on not building them.
 2022-10-10 10:28:26 +02:00
Krzesimir Nowak
1d3daed50a profiles: Update accept keywords for dev-util/bpftool 
Bpftool 5.18.11 is gone from portage-stable, 5.19.2 is the new stable
version for amd64. There's still no keyword for arm64, so we need to
keep the entry in the profiles for arm64.
 2022-10-10 10:14:20 +02:00
Krzesimir Nowak
501c6ca99c profiles: Drop accept keywords for dev-libs/libxml2 
The updated package became stable for both amd64 and arm64.
 2022-10-10 10:05:46 +02:00
Flatcar Buildbot
d4ead663b9 dev-lang: Upgrade Go 1.18.6 to 1.18.7 2022-10-10 07:54:23 +00:00
Lukas Stockner
74ee472821 Enable nf_conntrack_bridge and nft_meta_bridge kernel modules 
This allows to use conntrack rules for bridges in nftables
and to match on bridge interface names.
 2022-10-07 15:56:07 +02:00
Flatcar Buildbot
7294ee7abe sys-kernel: Upgrade Kernel 5.15.71 to 5.15.72 2022-10-06 07:32:31 +00:00
Jeremi Piotrowski
4f01a18c37 profile/coreos/arm64: switch parent profile to 17.0/hardened 
This was left as a 'TODO', but finally showed up when building the arm64 SDK.
The generic parent profile caused arm64 SDK (but also production images) to
have several USE flags missing, most importantly acl. Without acl, `usermod -m`
fails to correctly copy skeleton files when creating a new user.

Switch to parent profile to one matching the amd64 parent profile, which brings
the two arches closer together.
 2022-10-05 16:40:11 +02:00
Flatcar Buildbot
fd4783ca0a sys-kernel: Upgrade Kernel 5.15.70 to 5.15.71 2022-10-05 14:54:26 +02:00
Krzesimir Nowak
13e9213d84 Merge pull request #2180 from flatcar/krnowak/dev-util-update 
Development utilities update
 2022-10-05 11:32:37 +02:00
Krzesimir Nowak
aa403ffeea changelog: Add an entry 2022-10-04 16:37:41 +02:00
Krzesimir Nowak
2e726adb32 coreos-base/coreos-init: Bring in the port customization changes 2022-10-04 15:07:17 +02:00
Krzesimir Nowak
ff6227115d coreos-base/hard-host-depends: Drop dev-util/scons 
There isn't anything that uses scons, so drop it from SDK.
 2022-10-04 14:52:10 +02:00
Krzesimir Nowak
ade775850b coreos/config: Drop overrides for dev-util/dialog 
It's not packaged in neither in overlay nor in portage-stable.
 2022-10-04 14:52:10 +02:00
Dongsu Park
70e0da0687 dev-util/bsdiff: Apply Flatcar modifications 
Apply existing Flatcar changes on top of vanilla Gentoo ebuilds:
- add arm64 keyword
- apply the sais patch
- fix a heap overflow vulnerability in bspatch included in bsdiff.

Originally the security issue was published as [FreeBSD-SA-16:29](https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc),
which pointed to a FreeBSD [patch](https://security.freebsd.org/patches/SA-16:29/bspatch.patch).
However, the patch was a set of huge changes including other unrelated
changes. That's why it was not simple at all to apply the patch to
bsdiff. Both Gentoo and Flatcar have not included the fix.

Fortunately X41 D-SEC [examined](https://www.x41-dsec.de/security/news/working/research/2020/07/15/bspatch/)
the issue again, and nailed down to a simple patch that can be easily
applied to other trees. We simply take the patch with minimal changes.

See also [CVE-2020-14315](https://nvd.nist.gov/vuln/detail/CVE-2020-14315).

It is based on the following commits:

[4ee6aa895a02](https://github.com/kinvolk/coreos-overlay/commit/4ee6aa895a02) ("Add arm64 keywords")
[60d47e7359d1](https://github.com/kinvolk/coreos-overlay/commit/60d47e7359d1) ("Change suffix sort to sais-lite")
[7d3ac2a049dd](https://github.com/kinvolk/coreos-overlay/commit/7d3ac2a049dd) ("fix heap overflow vulnerability CVE-2020-14315")
 2022-10-04 14:52:10 +02:00
Krzesimir Nowak
e358a89307 dev-util/bsdiff: Sync with Gentoo 
It's from Gentoo commit 98ef629ba44e42abf5dd75e2e2c44994d85bc409.
 2022-10-04 14:52:10 +02:00
Krzesimir Nowak
e64412782e profiles: Drop outdated or redundant USE flags for dev-util/perf 2022-10-04 14:52:10 +02:00
Krzesimir Nowak
a8f0638d7f profiles: Drop accept_keywords for dev-util/perf 
Updated package is stable for both amd64 and arm64.
 2022-10-04 14:52:10 +02:00
Krzesimir Nowak
f8fac84130 profiles: Drop accept_keywords for dev-util/pahole 
Updated package is stable for both amd64 and arm64.
 2022-10-04 14:52:10 +02:00
Krzesimir Nowak
0d7e9d0971 profiles: Drop cmake from provided packages 
It should cross-compile just fine, but let's see if it ends up being
on the production image.
 2022-10-04 14:52:10 +02:00
Krzesimir Nowak
0a6a8aa7d4 profiles: Drop keywords for dev-util/checkbashisms 
The updated package is stable for both amd64 and arm64.
 2022-10-04 14:52:10 +02:00
Krzesimir Nowak
aa36317220 profiles: Update keywords for dev-util/bpftool 2022-10-04 14:52:10 +02:00
Krzesimir Nowak
b22334fd58 coreos/config: Drop fixes for cmake 2022-10-04 14:52:10 +02:00
Krzesimir Nowak
678d0788ef Merge pull request #2189 from flatcar/krnowak/update-and-fill 
Profiles and environment overrides for packages refresh
 2022-10-04 10:19:42 +02:00
Jeremi Piotrowski
1b3ddd7133 changelog: add entry for coreos-modules strip change 2022-09-30 13:10:04 +02:00
Jeremi Piotrowski
aa7aa7f13c sys-kernel/coreos-module: use strip-debug instead of strip-unneeded 
With `--strip-unneeded` some static symbols are also stripped from modules, making stacktraces
incomplete, and making it harder to debug kernel issues. Switch to the default setting of
`--strip-debug`, which keeps symbols intact and does not appear to lead to a measurable
size increase of the /usr partition.
 2022-09-29 15:34:40 +02:00
Krzesimir Nowak
d39991c538 coreos/config: Drop linking workarounds for net-misc/curl 
Let's see if those are fixed by now.
 2022-09-29 11:58:11 +02:00
Krzesimir Nowak
8a0db2516b profiles: Drop accept keywords for net-fs/cifs-utils 
The updated package is stable for both amd64 and arm64.
 2022-09-29 11:58:11 +02:00
Krzesimir Nowak
5d556e801f profiles: Update keywords and unmask for new version of dev-vcs/git 2022-09-29 11:58:11 +02:00
Krzesimir Nowak
8400b95681 profiles: Drop accept keywords for sys-devel/crossdev 
The updated package is stable for both amd64 and arm64.
 2022-09-29 11:58:11 +02:00
Krzesimir Nowak
e84867785e Merge pull request #2140 from flatcar/krnowak/vim-update 
Update vim to v9.0.0469
 2022-09-29 11:18:54 +02:00
Mathieu Tortuyaux
a8a793fa94 changelog: add entry 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-09-27 11:48:00 +02:00
Mathieu Tortuyaux
3e50a7fd12 sys-apps/ignition: rework ignition patches 
`ign-converter` is now part of the Ignition codebase, it should ease the
maintaining of these patches.

Only the v24tov31 translation (and its tests) has been ported to the codebase.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2022-09-27 11:48:00 +02:00
Dongsu Park
5e7729a745 Merge pull request #2185 from flatcar/linux-5.15.70-main 
Upgrade Linux Kernel in main from 5.15.67 to 5.15.70
 2022-09-27 09:09:07 +02:00
Krzesimir Nowak
610c41bcc5 .github: Partially revert some changes 
It partially reverts commits 9ecbd31df40e8cf4361db7f638c089e4df3dc503
and 1b08c65f7b5797dd153898f148b98429feeacd2c. The reverted parts were
workarounds for old LTS, which used to have no run_sdk_container
stuff.
 2022-09-26 14:43:36 +02:00