Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Weekly portage-stable package updates 2023-11-27 #1423

Merged
merged 102 commits into from
Dec 18, 2023
Merged

Weekly portage-stable package updates 2023-11-27 #1423

merged 102 commits into from
Dec 18, 2023

Conversation

github-actions[bot]
Copy link

@github-actions github-actions bot commented Nov 27, 2023
edited by krnowak
Loading

CI:

Closes flatcar/Flatcar#1254

SELinux changes:

  • Merged all our SELinux patches into a big one.
  • Made the patch to be applied to all the sec-policy/selinux-* packages.
  • Tried to document our changes.
  • Added more changes to address AVCs popping up in our kola tests.
    • Made container_host_use_all_host_caps true by default. Maybe can be made false again when we get kubernetes policies installed and applied.

--

  • app-alternatives/gzip: [PROD] [DEV]

    • from 0 to 1
    • bump dependency on app-arch/pigz to >=2.8

  • app-arch/xz-utils: [PROD] [DEV]

  • app-crypt/pinentry: [DEV]

    • still at 1.2.1-r3
    • updated a name of one dependency

  • app-text/asciidoc: [DEV]

    • still at 10.2.0
    • bumped python compat to 3.10..3.12
    • updated metadata

  • dev-lang/lua: [DEV]

    • still at 5.4.6
    • updated keywords for other arches

  • dev-libs/elfutils: [DEV]

    • still at 0.189-r4
    • updated keywords for other arches

  • dev-libs/libgcrypt: [DEV]

    • still at 1.10.2
    • fixed running tests

  • dev-libs/libuv: [DEV]

    • still at 1.46.0
    • updated keywords for other arches

  • dev-libs/nettle: [DEV]

    • still at 3.9.1
    • updated homepage

  • dev-python/certifi:

    • from 3021.3.16-r3 to 3021.3.16-r4
    • dropped a dependency on dev-python/setuptools

  • dev-python/cython:

  • dev-python/lxml:

    • from 4.9.3-r1 to 4.9.3-r2
    • avoid suppressing compiler warnings
    • backport some patches

  • dev-util/bpftool: [PROD] [DEV]

  • dev-util/gperf: [DEV]

    • still at 3.1-r1
    • made subconfigures quicker by using common cache file

  • dev-util/meson:

  • dev-util/patchelf: [DEV]

    • still at 0.18.0
    • added alpha to keywords

  • eclass/acct-user.eclass:

    • added a warning when a user is removed from the group

  • eclass/distutils-r1.eclass:

    • silenced some noise
    • fixed running tests

  • eclass/flag-o-matic.eclass:

    • added mips errata flags to allowed set

  • eclass/git-r3.eclass:

    • added support for cloning several repos

  • eclass/java-utils-2.eclass:

    • record libdir in environment file

  • eclass/linux-mod-r1.eclass:

    • added from Gentoo

  • eclass/multibuild.eclass:

    • fixed return value handling in a loop

  • eclass/python-utils-r1.eclass:

    • fixed running tests

  • eclass/toolchain-autoconf.eclass:

    • added sorting the autoconf implementations in env.d

  • eclass/toolchain-funcs.eclass:

    • added helper functions returning pointer size

  • eclass/toolchain.eclass:

    • fixed builds with graphite
    • added filtering of too new warning flag

  • licenses:

    • added Dell-EULA
    • updated LA_OPT_BASE_LICENSE

  • net-dns/c-ares: [PROD] [DEV]

  • net-firewall/ipset: [DEV]

    • still at 7.17-r1
    • updated metadata

  • net-libs/libmicrohttpd: [DEV]

    • still at 0.9.77
    • updated keywords for other arches

  • net-misc/bridge-utils: [DEV]

    • still at 1.7.1-r1
    • updated homepage
    • changed license from GPL-2 to GPL-2+

  • net-misc/curl: [DEV]

    • still at 8.4.0
    • updated metadata

  • net-misc/ntp: [DEV]

    • still at 4.2.8_p17
    • made subconfigures quicker by using common cache file

  • net-misc/whois: [PROD] [DEV]

  • profiles:

    • added forcing of some packages to be dual-ABI (32 and 64bit on amd64), which is undone in no-multilib profiles
    • masked systemd's ukify USE in general, unmasked for amd64 and arm64
    • masked gcc <11
    • masked dev-libs/libxml2 >=2.12.0

  • sec-policy/selinux-base: [PROD] [DEV]

  • sec-policy/selinux-base-policy: [PROD] [DEV]

  • sec-policy/selinux-container: [PROD] [DEV]

  • sec-policy/selinux-dbus: [PROD] [DEV]

  • sec-policy/selinux-sssd: [PROD] [DEV]

  • sec-policy/selinux-unconfined: [PROD] [DEV]

  • sys-apps/debianutils: [DEV]

    • still at 5.8
    • handled a package rename

  • sys-apps/man-db: [DEV]

    • still at 2.12.0
    • disable cache-owner on prefix builds

  • sys-apps/smartmontools: [DEV]

    • still at 7.4
    • became stable on arm64, so dropped accept keywords from overlay profiles

  • sys-block/thin-provisioning-tools: [DEV]

    • still at 1.0.6
    • updated keywords for other arches, but still unstable for amd64

  • sys-devel/binutils: [DEV]

    • from 2.40-r5 to 2.40-r9
    • added debuginfod USE flag - enables support for debuginfo deamon (disabled)
    • unstable on arm64, so added accept keywords to overlay profiles
    • turn down the build verbosity
    • apply linker search path patch for cross-builds too
      • it makes the linker to consider -L flags too when handling DT_NEEDED

  • sys-devel/m4: [DEV]

    • still at 1.4.19-r2
    • added a patch for fixing tests

  • sys-firmware/intel-microcode: [PROD] [DEV]

  • sys-libs/binutils-libs: [PROD] [DEV]

    • from 2.40-r5 to 2.40-r7
    • unstable on arm64 so added accept keywords to overlay profiles

  • sys-libs/libnvme: [PROD] [DEV]

    • from 1.6 to 1.6-r1
    • added support for alpha and mips arches
    • fixed builds with lld 17 linker

  • sys-libs/zlib: [PROD] [DEV]

  • sys-process/procps: [DEV]

    • still at 4.0.4
    • became stable on arm64, so updated accept keywords from overlay profiles
    • still unstable for amd64

--

  • changelog
  • image diff

@github-actions github-actions bot added the main label Nov 27, 2023
Flatcar Buildbot added 29 commits December 13, 2023 13:23
@krnowak
app-alternatives/gzip: Sync with Gentoo
748b2f6 
It's from Gentoo commit 49e5a6834a2171fae91de0a5a6e54bff492dd7fe.
@krnowak
app-arch/xz-utils: Sync with Gentoo
bdad3d5 
It's from Gentoo commit 51dc665cf37c6931981c81b7fdf7570ca592098a.
@krnowak
app-containers/docker: Sync with Gentoo
4060c7a 
It's from Gentoo commit 76b75a5dfde7470a530ddfca3bf55fd00227f951.
@krnowak
app-containers/docker-cli: Sync with Gentoo
9d26079 
It's from Gentoo commit dfa9e44f1f3e236230ebf9dc64ec3b31bd2ea070.
@krnowak
app-crypt/pinentry: Sync with Gentoo
03d74a3 
It's from Gentoo commit 347b890d7d5990eb94edc5328945abab684443ba.
@krnowak
app-editors/vim: Sync with Gentoo
289efb3 
It's from Gentoo commit 1738f215d210c3076e73ae2ee2e1c8dfc9914103.
@krnowak
app-editors/vim-core: Sync with Gentoo
dc4d02a 
It's from Gentoo commit 67e3098dacad21fd4cf7263a9caa945514c2267c.
@krnowak
app-emulation/qemu: Sync with Gentoo
e53154b 
It's from Gentoo commit d2337bc589e6659eb8589bb3885638a8d45da737.
@krnowak
app-shells/bash: Sync with Gentoo
5230e9b 
It's from Gentoo commit 9edfdc3c8998055e798eee56fa4ffd052c847b2e.
@krnowak
app-text/asciidoc: Sync with Gentoo
7192d01 
It's from Gentoo commit c8299b2f5a461ce01a5b07f24d0be379bf6ab669.
@krnowak
dev-db/sqlite: Sync with Gentoo
be558a8 
It's from Gentoo commit 8d98f55a7064939ef3f85c73c13f19de98d73763.
@krnowak
dev-lang/lua: Sync with Gentoo
4970352 
It's from Gentoo commit e4a74ba7a3439a3ce96c881eb825ddad4b35dabc.
@krnowak
dev-lang/perl: Sync with Gentoo
aa87fd5 
It's from Gentoo commit 0aa7e109c7a4d4df36e95359d928549abae45a7b.
@krnowak
dev-lang/python: Sync with Gentoo
c77d038 
It's from Gentoo commit 85073a762439ba152720026f71edfda72a486028.
@krnowak
dev-libs/elfutils: Sync with Gentoo
75e44cf 
It's from Gentoo commit fa1d095409ac018dbb423ca883d296813970804c.
@krnowak
dev-libs/libgcrypt: Sync with Gentoo
ca1eb58 
It's from Gentoo commit cc5926b529b27a0a376f745452cfa8d7f6c841df.
@krnowak
dev-libs/libksba: Sync with Gentoo
29603e4 
It's from Gentoo commit 73cc4f969276789e4d8316656cc3805d1721ed9b.
@krnowak
dev-libs/libuv: Sync with Gentoo
ff0dcc6 
It's from Gentoo commit 3331727427deec8acf5ce5826ede0e835259fc3e.
@krnowak
dev-libs/libxml2: Sync with Gentoo
fdc12f6 
It's from Gentoo commit aaa875c761a02f7fd84b0ff9bab035f1e4e4c18b.
@krnowak
dev-libs/libxslt: Sync with Gentoo
08c3785 
It's from Gentoo commit 911cd3f9a42d19db2f044bb5195810f19a41921a.
@krnowak
dev-libs/nettle: Sync with Gentoo
3a199d9 
It's from Gentoo commit 4737eab9fd99a0969f7c2e0e701a6501e31bb916.
@krnowak
dev-libs/oniguruma: Sync with Gentoo
e9d2843 
It's from Gentoo commit ba4aa6c93a7f59ae453fea0dd3377b6de512a0d1.
@krnowak
dev-libs/xmlsec: Sync with Gentoo
029dc7c 
It's from Gentoo commit ea17c1e92e82313ced2b7bc8b7eca46a510c6268.
@krnowak
dev-python/certifi: Sync with Gentoo
b15c522 
It's from Gentoo commit f562b54afc4c0f60e73cc50ac046cc43f9b9dbc5.
@krnowak
dev-python/cython: Sync with Gentoo
7891784 
It's from Gentoo commit c40a71a8d1cc75f5b256006f87366e90b897bf83.
@krnowak
dev-python/lxml: Sync with Gentoo
9ab12a8 
It's from Gentoo commit 09a48d7649ff8ec54062a0aa41d675aa3c0e88f9.
@krnowak
dev-python/packaging: Sync with Gentoo
0fd0ac9 
It's from Gentoo commit 0e053702e140119192a2d5f1cb2c2d1995d7eed1.
@krnowak
dev-python/platformdirs: Sync with Gentoo
130fa1f 
It's from Gentoo commit ff562a6365ad9f0ec33310812871bd753aeff2c0.
@krnowak
dev-python/pygments: Sync with Gentoo
4338e96 
It's from Gentoo commit a3faba9c126ecea09476926b727365f1d0df8962.
Flatcar Buildbot and others added 17 commits December 13, 2023 13:23
@krnowak
sys-devel/m4: Sync with Gentoo
780f8a6 
It's from Gentoo commit 2f50bca02b84869cd6ac5c2ba6fb5caa05fcb362.
@krnowak
sys-firmware/intel-microcode: Sync with Gentoo
dcd78c6 
It's from Gentoo commit 649feb2f9d40830700fb6b2929c1266419d37e09.
@krnowak
sys-libs/binutils-libs: Sync with Gentoo
f288930 
It's from Gentoo commit 4728e4c99ba2a88c1f068150f5bbe6607466f1fb.
@krnowak
sys-libs/libnvme: Sync with Gentoo
6e48011 
It's from Gentoo commit 522c58011e0a72e35160dc52d96e7d9e3f129ff7.
@krnowak
sys-libs/readline: Sync with Gentoo
189aedf 
It's from Gentoo commit 7fe3a4d4ad1dcf3a5c440a84ff6d434dac7aaef5.
@krnowak
sys-libs/zlib: Sync with Gentoo
e11a29a 
It's from Gentoo commit 1360a703f078299a9857a9baa706c6152b0a3c80.
@krnowak
sys-process/lsof: Sync with Gentoo
bd5afa8 
It's from Gentoo commit 668d113bf9ad3fe39bc15964900730dc869832f4.
@krnowak
sys-process/procps: Sync with Gentoo
0146d8b 
It's from Gentoo commit ba67223776736a2b8581677250d216b142500ac3.
@krnowak
eclass/linux-mod-r1: Add from Gentoo
3e7392b 
It's from Gentoo commit 017bff0a540eab67bd9657d4455f13a62dbcca28.
@krnowak
overlay profiles: Update accept keywords for dev-util/bpftool
c7c89b8
@krnowak
overlay profiles: Add accept keywords for binutils
1532883
@krnowak
overlay profiles: Drop accept keywords for sys-apps/smartmontools
8f35940
@krnowak
overlay profiles: Updated accept keywords for sys-process/procps
eda4d96
@krnowak
overlay profiles: Drop obsolete accept keywords for SELinux packages
08cd903
@krnowak
overlay coreos/user-patches: Update a patch for sec-policy/selinux-co…
a631eb0 
…ntainer

We need to enable net_raw capability for ping inside the docker
container.
@krnowak
overlay coreos/user-patches: Shuffle the SELinux patches
4aed2a5 
All the sec-policy/selinux-* packages contain policies from the same
tarball. Which means that for the sake of consistency we should be
applying our patches for every sec-policy/selinux- package. Currently
we have six such packages, so for each of those packages have a
symlink that points to the common selinux patches directory.
@krnowak
overlay coreos/user-patches: Rework SELinux patches
18b7a0d 
- Merge all the patches into one. Previously there were a bunch of
  smaller patches, but their filenames and their contents did not
  really explain what they were fixing.

- Document some of the changes that we have made. Try to put as much
  information about our own modifications.

- Drop deprecated killall(kernel_t), mcs_file_read_all(kernel_t),
  mcs_file_write_all(kernel_t), mcs_ptrace_all(kernel_t).

- Add more changes to cover more of the AVCs we were getting.
@krnowak krnowak force-pushed the buildbot/weekly-portage-stable-package-updates-2023-11-27 branch from 61a4425 to 18b7a0d Compare December 13, 2023 12:24
@krnowak krnowak marked this pull request as ready for review December 13, 2023 12:39
@krnowak krnowak requested a review from a team December 13, 2023 12:40
@krnowak
Copy link
Member

krnowak commented Dec 13, 2023

CI passed. Pinging @tormath1 for my SELinux changes.

@github-actions GitHub Actions
Copy link
Author

Build action triggered: https://github.com/flatcar/scripts/actions/runs/7195340218

dongsupark
dongsupark approved these changes Dec 14, 2023
View reviewed changes
Copy link
Member

@dongsupark dongsupark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, but I have no idea about the SELinux part.

@dongsupark dongsupark merged commit fcb4a17 into main Dec 18, 2023
0 of 3 checks passed
@dongsupark dongsupark deleted the buildbot/weekly-portage-stable-package-updates-2023-11-27 branch December 18, 2023 13:48
@github-actions github-actions bot mentioned this pull request Dec 22, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dongsupark dongsupark dongsupark approved these changes

@tormath1 tormath1 tormath1 approved these changes

Assignees
No one assigned
Labels
main
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

update: intel-microcode
3 participants
@krnowak @dongsupark @tormath1