Sort the use flags, drop obsolete ones and nonexistent packages, drop
unnecessary accept keywords file (as it would potentially introduce a
version mismatch between amd64 and arm64).
it mainly brings back Vagrant which was failing with Ignition 2.14.0
even if no Ignition is provided.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
As the Gentoo ebuild of dev-lang/rust >= 1.65 keeps workaround that
explicitly checks for a version like 1.65, that ebuild would obviously
make the build fail with 1.66.
Update the version from 1.65 to 1.66 to fix the build.
We should run apt-get update before installing native Ubuntu packages
like qemu-user-static. Otherwise apt-get install could fail like:
```
Err:1 http://azure.archive.ubuntu.com/ubuntu jammy-updates/universe
amd64 qemu-user-static amd64 1:6.2+dfsg-2ubuntu6.5
404 Not Found [IP: 52.252.75.106 80]
```
That happens because meanwhile the qemu-user-static deb package in the
Azure mirror was updated from 6.5 to 6.6, without keeping the old
version. Its index of the Azure mirror was updated, but
setup-flatcra-sdk.sh did not sync that, as apt-get update did not run.
- take care of nscd.conf via tmpfiles, add files/nscd-conf.tmpfiles.
- comment out 'dostrip -x' to force the OS image binaries to be stripped
- remove everything glibc wants to put under /etc since we use
baselayout to provide that
update_engine needs to access context from SHA256 to store it and
restore it for further computations on it.
With OpenSSL SHA256 v3 implementation is not possible, let's use the
libsodium implementation.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
- sys-libs/pam: Make /sbin/unix_chkpwd suid
This is to avoid importing fcaps eclass which adds a dependency on
sys-libs/libcap, which in turn depends on sys-libs/pam. To get out of
this conundrum, we could specify a "-filecaps" use flag for
sys-libs/pam. Problem with this solution would be no capability
override for the binary making it unable to read /etc/shadow. Thus we
make the binary suid. This is strictly less secure than overriding its
capabilities, but I have no idea how to solve it in a less hacky way.
- sys-libs/pam: Install configuration into /usr
Also provide a tmpfiles fragment to bring it back.
- sys-libs/pam: Locked accounts functionality
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
