mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-20 14:01:36 +02:00
Code Issues Packages Projects Releases Wiki Activity
28,179 Commits 627 Branches 394 Tags
Commit Graph

28179 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Krzesimir Nowak
88d1effdc4 .github: Add sys-process/audit and dev-lang/swig to automation 2024-03-01 16:02:19 +01:00
Krzesimir Nowak
81684a1453 sys-process/audit: Sync with Gentoo 
It's from Gentoo commit b3421946f41290093bd4bfe67fee6ecccab31bcb.
 2024-03-01 16:02:19 +01:00
Krzesimir Nowak
7d8e713009 overlay sys-process/audit: Move to portage-stable 2024-03-01 16:02:19 +01:00
Krzesimir Nowak
bad8cffcd9 overlay coreos/config: Mask some files from sys-process/audit 
We will move sys-process/audit to portage-stable. In order to do that,
we need to move the customizations out of its ebuild.
 2024-03-01 16:02:19 +01:00
Krzesimir Nowak
382ada2475 overlay profiles: Enable audit files from coreos-base/misc-files 2024-03-01 16:02:19 +01:00
Krzesimir Nowak
5cb7639e7c overlay coreos-base/misc-files: Install audit files 
We will move sys-process/audit to portage-stable. In order to do that,
we need to move the customizations out of its ebuild.
 2024-03-01 16:02:13 +01:00
Krzesimir Nowak
39bf99b420 overlay coreos-base/misc-files: Reorganize the files a bit 
The files directory of the package was getting crowded and the names
of the files weren't really saying much.
 2024-03-01 16:02:09 +01:00
Krzesimir Nowak
66811126d1 dev-lang/swig: Sync with Gentoo 
It's from Gentoo commit 8a1e6e5446c2729e93f1ad51a409862538ea34e9.
 2024-03-01 16:02:09 +01:00
Krzesimir Nowak
1017fd45e5 overlay profiles: Disable python in SELinux tools 
We never needed the python tools in Flatcar.
 2024-03-01 16:02:09 +01:00
Krzesimir Nowak
fbdf2bf74a overlay profiles: Enable policycoreutils USE flag for coreos-base/misc-files 2024-03-01 16:02:09 +01:00
Krzesimir Nowak
f5ce98288b overlay profiles: Set up SELinux policy directory 2024-03-01 16:02:09 +01:00
Krzesimir Nowak
49fb14d782 overlay coreos-base/misc-files: Recreate a symlink on filesystem wipe 
The path where the SELinux policy modules are built is normally
/var/lib/selinux. In our case we want to have those policies to be
installed somewhere under /usr. So we have a setup where
/var/lib/selinux is a symlink to /usr/lib/selinux/policy. The
/var/lib/selinux directory is normally created by
sys-apps/policycoreutils directory and we don't want to change it in
order to pursue the goal of putting the package back to
portage-stable.

On the other hand, the override of modules directory location can't
happen in the coreos-base/misc-files package, because
sys-apps/policycoreutils needs that directory to be already set up in
the package post installation time.

The override of the SELinux policy modules directory needs to be done
in the bashrc hook unfortunately. This will come in the follow-up
commit.

So the only thing left is to set up tmpfiles configuration file to
recreate the /var/lib/selinux symlink, since it can be removed when
wiping the filesystem.
 2024-03-01 16:02:09 +01:00
Mathieu Tortuyaux
d7c32b1cb0 sys-apps/policycoreutils: Apply Flatcar modifications 
Prepare the changes for upstreaming:

- Hide python dependencies behind the python USE flag.

- Allow using original sources, without Gentoo modifications with the
  vanilla USE flag.

  - This also hides app-admin/setools dependency behind this USE
    flag. I'm not sure if anything in policycoreutils requires
    anything from that package - I assumed that Gentoo-provided rlpkg
    maybe does.

- Keep using /var/lib/selinux as a SELinux policy directory. We will
  use INSTALL_MASK to skip installation of the directory and will add
  a tmpfiles config file to coreos-base/misc-files instead.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2024-03-01 15:35:50 +01:00
Krzesimir Nowak
a620286334 sys-apps/policycoreutils: Sync with Gentoo 
It's from Gentoo commit c4719a957590a9b209422d93c8136075c2781af7.
 2024-03-01 15:35:50 +01:00
Krzesimir Nowak
6c5ad82927 overlay coreos/user-patches: Add a patch for sys-libs/libsemanage 
The added patch turns on the module compression.
 2024-03-01 15:35:50 +01:00
Mathieu Tortuyaux
59b431f9d0 sys-libs/libsemanage: Apply flatcar patches 
Prepare the ebuild to be in an upstreamable state:

- hide python dependencies behind the IUSE flag

- move the semanage.conf additions to a patch

  - that way, we can add a user patch that changes compression setting
    that was added by Gentoo

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2024-03-01 15:35:50 +01:00
Krzesimir Nowak
be13723090 sys-libs/libsemanage: Sync with Gentoo 
It's from Gentoo commit e70aa9e9c0de8663fecbd59c4e26a0d17a41050d.
 2024-03-01 15:35:50 +01:00
flatcar-ci
2187d66828 New version: main-3895.0.0-nightly-20240229-2100 2024-02-29 21:00:27 +00:00
Mathieu Tortuyaux
b3aae292cc
Merge pull request #1714 from flatcar/mantle-update-main 
Upgrade mantle container image to latest HEAD in main
 2024-02-29 18:10:50 +01:00
Flatcar Buildbot
5dc24615f7 Update mantle container image to latest HEAD 2024-02-29 13:39:28 +00:00
Jeremi Piotrowski
fad49473a9
Merge pull request #1710 from flatcar/jepio/shim-fix 
sys-boot/shim: Fix parallel build
 2024-02-29 14:39:06 +01:00
Jeremi Piotrowski
26a4ed8229 sys-boot/shim: Fix parallel build 
The bundled gnu-efi build is implemented in a buggy way that can break when
built in parallel. We've hit this in the nightly sdk build. Add a patch for it.

The patch has been posted upstream at https://github.com/rhboot/shim/pull/643.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2024-02-29 14:34:11 +01:00
Krzesimir Nowak
128037e808
Merge pull request #1708 from flatcar/krnowak/prune-obsolete-overrides 
overlay coreos/config: Drop overrides for packages we do not have
 2024-02-29 12:09:33 +01:00
Jeremi Piotrowski
e2162e2008 Revert "New version: main-3894.0.0-nightly-20240228-2100" 
Last nightly SDK failed to build due to a shim error, go back to the previous
build.

This reverts commit 735b2698bac434f9827b96b132eebabb8277bf31.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2024-02-29 11:05:37 +01:00
flatcar-ci
735b2698ba New version: main-3894.0.0-nightly-20240228-2100 2024-02-28 21:00:39 +00:00
Jeremi Piotrowski
f62bdf60c4
Merge pull request #1709 from flatcar/xattr-spam-fix 
build_library: Ignore btrfs xattrs
 2024-02-28 15:08:47 +01:00
Krzesimir Nowak
f2d7be8cd9
Merge pull request #1702 from flatcar/buildbot/weekly-portage-stable-package-updates-2024-02-26 
Weekly portage-stable package updates 2024-02-26
 2024-02-28 14:51:01 +01:00
Jeremi Piotrowski
e51a90d8ed build_library: Ignore btrfs xattrs 
To prevent mksquashfs from spamming the console about btrfs.compression.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2024-02-28 12:25:06 +01:00
Krzesimir Nowak
a038fcf482 overlay coreos/config: Drop overrides for packages we do not have 2024-02-28 11:33:59 +01:00
flatcar-ci
f681d90689 New version: main-3893.0.0-nightly-20240227-2100 2024-02-27 21:00:24 +00:00
Krzesimir Nowak
8e21401fc2
Merge pull request #1704 from flatcar/krnowak/drop-docker-proxy 
Drop app-containers/docker-proxy package
 2024-02-27 07:49:50 +01:00
flatcar-ci
ddb384a1a8 New version: main-3892.0.0-nightly-20240226-2100 2024-02-26 21:00:35 +00:00
Dongsu Park
5c2799e506
Merge pull request #1691 from flatcar/mantle-update-main 
Upgrade mantle container image to latest HEAD in main
 2024-02-26 16:12:07 +01:00
Krzesimir Nowak
c7653ee64e .github: Drop app-containers/docker-proxy from automation 2024-02-26 16:03:29 +01:00
Krzesimir Nowak
74e06b1541 app-containers/docker-proxy: Drop unnecessary package 
Nothing pulls it in now. Looks like it got merged into
app-containers/docker package.
 2024-02-26 16:01:49 +01:00
Flatcar Buildbot
1c0d96b70d Update mantle container image to latest HEAD 2024-02-26 14:46:46 +00:00
Kai Lüke
d35414a2ba
Merge pull request #1589 from flatcar/sayan/secureboot-changes 
Initial implementation for Secure boot support
 2024-02-26 15:46:31 +01:00
Kai Lueke
7db81c27f9 sys-boot/shim: Update to 15.8 2024-02-26 15:46:13 +01:00
Sayan Chowdhury
3627046730 ci-automation: Update to include the qemu_uefi_secure test 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2024-02-26 15:46:13 +01:00
Sayan Chowdhury
52ce21a5ab grub_install.sh: ship mokmanager, and rename to grubx64 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2024-02-26 15:46:13 +01:00
Sayan Chowdhury
3bc6944409 .github/workflow: Add the packages to automation list 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2024-02-26 15:46:12 +01:00
Sayan Chowdhury
16b3a2a10b vendor-testing: Add qemu_uefi_secure, symlinked to qemu.sh 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2024-02-26 15:46:12 +01:00
Sayan Chowdhury
0fc380cf21 sys-boot/shim: Add the changelog for shim upgrade, and secureboot 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2024-02-26 15:46:12 +01:00
Dongsu Park
dbd40fbf90
Merge pull request #1686 from flatcar/firmware-20240220-main 
Upgrade Linux Firmware in main from 20240115 to 20240220
 2024-02-26 14:24:29 +01:00
Dongsu Park
c5aa253d10 overlay coreos-firmware: update ice ddp version to 1.3.36.0 
Fix build issues of coreos-firmware, by bumping the ice firmware version
to 1.3.36.0.
 2024-02-26 12:10:06 +01:00
Sayan Chowdhury
99bfcf5f32 shim, coreos-sb-keys, grub_install.sh: retab to spaces 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2024-02-26 12:01:10 +01:00
Sayan Chowdhury
4648be9dbb sys-boot/grub: Make sed silently fail when updating sbat 
Co-authored-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
 2024-02-26 12:01:10 +01:00
Sayan Chowdhury
97ebc770ea sys-boot/shim: Move from cros_workon to upstream 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2024-02-26 12:01:10 +01:00
Sayan Chowdhury
04005652dd build_library: Drop redundant config from grub.cfg 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2024-02-26 12:01:10 +01:00
Sayan Chowdhury
c1bdbd9d90 build_image_util: Sign the vmlinuz with the shim key 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
 2024-02-26 12:01:10 +01:00