From bccda56797daf7506836b6fed38c8beff2650047 Mon Sep 17 00:00:00 2001 From: James Le Cuirot Date: Tue, 27 Jan 2026 16:37:30 +0000 Subject: [PATCH 1/5] coreos-devel/board-packages: Drop the OEM sysext dependencies It is no longer necessary to include these as they are explicitly built with --onlydeps in build_sysext_packages(). This new approach allows a package to be installed to both /usr and sysexts with conflicting USE flags. Portage would normally refuse to do this because it would "break" what is already installed to the board root, but --ignore-world forces the breakage. It is safe in this context because the board root is not used for execution, and affected packages will be automatically rebuilt as needed, e.g. the next time you run build_packages. Signed-off-by: James Le Cuirot --- build_packages | 7 +++- .../src/third_party/coreos-overlay/README.md | 7 ++-- ...ebuild => board-packages-0.0.1-r18.ebuild} | 0 .../board-packages-0.0.1.ebuild | 40 +++---------------- 4 files changed, 15 insertions(+), 39 deletions(-) rename sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/{board-packages-0.0.1-r17.ebuild => board-packages-0.0.1-r18.ebuild} (100%) diff --git a/build_packages b/build_packages index da1d1e9b916..1cb4df92c2b 100755 --- a/build_packages +++ b/build_packages @@ -307,13 +307,17 @@ build_sysext_packages() { IFS=, for package in $package_atoms; do # --buildpkgonly does not install dependencies, so we install them - # separately before building the binary package + # separately before building the binary package. --ignore-world is needed + # to allow packages to be installed to both /usr and sysexts with + # conflicting USE flags. This will "break" the board root, but it's not + # used for execution, and affected packages will be rebuilt as needed. sudo --preserve-env=MODULES_SIGN_KEY,MODULES_SIGN_CERT \ env USE="$useflags" FEATURES="-ebuild-locks binpkg-multi-instance" "${EMERGE_CMD[@]}" \ "${EMERGE_FLAGS[@]}" \ --quiet \ --onlydeps \ --binpkg-respect-use=y \ + --ignore-world=y \ "${package}" sudo --preserve-env=MODULES_SIGN_KEY,MODULES_SIGN_CERT \ @@ -322,6 +326,7 @@ build_sysext_packages() { --quiet \ --buildpkgonly \ --binpkg-respect-use=y \ + --ignore-world=y \ "${package}" done unset IFS diff --git a/sdk_container/src/third_party/coreos-overlay/README.md b/sdk_container/src/third_party/coreos-overlay/README.md index 150fb7b6493..363fdfb20a3 100644 --- a/sdk_container/src/third_party/coreos-overlay/README.md +++ b/sdk_container/src/third_party/coreos-overlay/README.md @@ -23,13 +23,12 @@ gets built into a developer image and is not OEM specific. gets built into the Container Linux SDK. `coreos-devel/board-packages` is everything that could be built into a -development or production image, plus any OEM specific packages. +development or production image. `coreos-base/oem-*` are the OEM specific packages. They mostly install things -that belong in the OEM partition. Any RDEPENDS from these packages should -be copied to the RDEPENDS in `board-packages` to ensure they are built. +that belong in the OEM partition. -`coreos-base/coreos-oem-*` are metapackages for OEM specific ACIs. +`coreos-base/coreos-oem-*` are metapackages for OEM specific ACIs. # Updating diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1-r17.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1-r18.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1-r17.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1-r18.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild index e89d4114449..eca6b0bb1fb 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild @@ -2,47 +2,19 @@ # Distributed under the terms of the GNU General Public License v2 # $Header: $ -EAPI=7 +EAPI=8 -DESCRIPTION="Meta ebuild for building all binary packages." -HOMEPAGE="http://coreos.com/docs/sdk/" -SRC_URI="" +DESCRIPTION="Meta ebuild for building all binary packages" +HOMEPAGE="https://www.flatcar.org/" LICENSE="GPL-2" SLOT="0" KEYWORDS="amd64 arm64" -IUSE="" -# Depend on everything OEMs need, but not the OEMs themselves. -# This makes the built packages available for image_vm_util.sh but -# avoids copying the oem specific files (e.g. grub configs) before -# the oem partition is set up. -DEPEND="" RDEPEND=" - amd64? ( - app-emulation/google-compute-engine - app-emulation/open-vm-tools - coreos-base/nova-agent-container - coreos-base/nova-agent-watcher - ) + coreos-base/coreos + coreos-base/coreos-dev sys-boot/grub sys-boot/shim sys-boot/shim-signed - app-containers/containerd - app-containers/docker - app-containers/docker-buildx - app-containers/docker-cli - app-containers/incus - app-emulation/amazon-ssm-agent - app-emulation/hv-daemons - app-emulation/wa-linux-agent - coreos-base/coreos - coreos-base/coreos-dev - coreos-base/flatcar-eks - net-misc/chrony - sys-fs/zfs - app-containers/podman - net-misc/passt - dev-lang/python - dev-python/pip - " +" From fa6d111085e49a49bae2d9d3f5370ff7ffa50f3f Mon Sep 17 00:00:00 2001 From: James Le Cuirot Date: Wed, 28 Jan 2026 16:34:22 +0000 Subject: [PATCH 2/5] Replace per-OEM USE flags with a single flatcar-oem USE flag Having a USE flag per OEM is unnecessary when we only really need to know whether the package will be installed in an OEM sysext or not. The flag names were also prone to conflicts, e.g. qemu. We don't currently make use of these flags anyway, although that is about to change. Signed-off-by: James Le Cuirot --- build_library/oem_sysexts.sh | 2 +- sdk_container/src/third_party/coreos-overlay/profiles/use.desc | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 sdk_container/src/third_party/coreos-overlay/profiles/use.desc diff --git a/build_library/oem_sysexts.sh b/build_library/oem_sysexts.sh index 7d50efc4bed..ff30d07b2ca 100644 --- a/build_library/oem_sysexts.sh +++ b/build_library/oem_sysexts.sh @@ -75,7 +75,7 @@ get_oem_sysext_matrix() { local -a matrix=() local oem_id for oem_id in "${oem_ids[@]}"; do - matrix+=("oem-${oem_id}|coreos-base/oem-${oem_id}|${oem_id}") + matrix+=("oem-${oem_id}|coreos-base/oem-${oem_id}|flatcar-oem") done local -n matrix_ref="${list_var_name}" diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/use.desc b/sdk_container/src/third_party/coreos-overlay/profiles/use.desc new file mode 100644 index 00000000000..3e2055cfb89 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/profiles/use.desc @@ -0,0 +1 @@ +flatcar-oem - Configure for use in a Flatcar OEM sysext From 8846f00bc0f186e783143ae4389308fb7f45fa0c Mon Sep 17 00:00:00 2001 From: James Le Cuirot Date: Tue, 13 Jan 2026 15:04:25 +0000 Subject: [PATCH 3/5] app-admin/google-guest-configs: New package for udev rules and scripts We already have GCE disk rules in coreos-init, but a user has pointed out that the newer NVMe rules are missing. Let's take the rules directly from upstream instead. This is loosely based on the ChromiumOS package of the same name. Signed-off-by: James Le Cuirot --- changelog/bugfixes/2025-12-29-gce-udev.md | 1 + .../app-admin/google-guest-configs/Manifest | 1 + ...gle-guest-configs-20211116.00-sysctl.patch | 50 ++++++++++++++ .../google-guest-configs-dracut-deps.patch | 25 +++++++ .../google-guest-configs-20260116.00.ebuild | 66 +++++++++++++++++++ .../google-guest-configs/metadata.xml | 7 ++ ... google-compute-engine-20190124-r4.ebuild} | 7 ++ .../coreos-base/coreos/coreos-0.0.1.ebuild | 1 + .../oem-gce/oem-gce-20180823-r7.ebuild | 42 ------------ .../oem-gce/oem-gce-20260102.ebuild | 35 ++++++++++ .../coreos-kernel-6.12.66.ebuild | 5 +- 11 files changed, 197 insertions(+), 43 deletions(-) create mode 100644 changelog/bugfixes/2025-12-29-gce-udev.md create mode 100644 sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/Manifest create mode 100644 sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/files/google-guest-configs-20211116.00-sysctl.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/files/google-guest-configs-dracut-deps.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/google-guest-configs-20260116.00.ebuild create mode 100644 sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/metadata.xml rename sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/{google-compute-engine-20190124-r3.ebuild => google-compute-engine-20190124-r4.ebuild} (81%) delete mode 100644 sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r7.ebuild create mode 100644 sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20260102.ebuild diff --git a/changelog/bugfixes/2025-12-29-gce-udev.md b/changelog/bugfixes/2025-12-29-gce-udev.md new file mode 100644 index 00000000000..d8458d9f4db --- /dev/null +++ b/changelog/bugfixes/2025-12-29-gce-udev.md @@ -0,0 +1 @@ +- Updated the GCE udev disk rules to include NVMe disks. diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/Manifest b/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/Manifest new file mode 100644 index 00000000000..d444561ad31 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/Manifest @@ -0,0 +1 @@ +DIST google-guest-configs-20260116.00.tar.gz 50190 BLAKE2B a9d546c87245114bd650c1b5116a9619b927e9afb0702adb0d3b41efeab680da65055f37490fe88d4923ceb7a5f596a3f59848f74cb9f8ce074d3f2568f40757 SHA512 995b350700feba28cdd6250c2ca0788539f1e58f3bae9d23081671fff82c7ff139ec9a0f56411e9ead6bfca62ced2c4bb729f516352982441c6a769162d9f4f2 diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/files/google-guest-configs-20211116.00-sysctl.patch b/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/files/google-guest-configs-20211116.00-sysctl.patch new file mode 100644 index 00000000000..4ac9d275cbc --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/files/google-guest-configs-20211116.00-sysctl.patch @@ -0,0 +1,50 @@ +diff --git a/src/etc/sysctl.d/60-gce-network-security.conf b/src/etc/sysctl.d/60-gce-network-security.conf +index b40085b..d89d87d 100644 +--- a/src/etc/sysctl.d/60-gce-network-security.conf ++++ b/src/etc/sysctl.d/60-gce-network-security.conf +@@ -14,45 +14,6 @@ + # + # Google-recommended kernel parameters + +-# Turn on SYN-flood protections. Starting with 2.6.26, there is no loss +-# of TCP functionality/features under normal conditions. When flood +-# protections kick in under high unanswered-SYN load, the system +-# should remain more stable, with a trade off of some loss of TCP +-# functionality/features (e.g. TCP Window scaling). +-net.ipv4.tcp_syncookies=1 +- +-# Ignore source-routed packets +-net.ipv4.conf.all.accept_source_route=0 +-net.ipv4.conf.default.accept_source_route=0 +- +-# Ignore ICMP redirects from non-GW hosts +-net.ipv4.conf.all.accept_redirects=0 +-net.ipv4.conf.default.accept_redirects=0 +-net.ipv4.conf.all.secure_redirects=1 +-net.ipv4.conf.default.secure_redirects=1 +- +-# Don't pass traffic between networks or act as a router +-net.ipv4.ip_forward=0 +-net.ipv4.conf.all.send_redirects=0 +-net.ipv4.conf.default.send_redirects=0 +- +-# Turn on Source Address Verification in all interfaces to +-# prevent some spoofing attacks. +-net.ipv4.conf.all.rp_filter=1 +-net.ipv4.conf.default.rp_filter=1 +- +-# Ignore ICMP broadcasts to avoid participating in Smurf attacks +-net.ipv4.icmp_echo_ignore_broadcasts=1 +- +-# Ignore bad ICMP errors +-net.ipv4.icmp_ignore_bogus_error_responses=1 +- + # Log spoofed, source-routed, and redirect packets + net.ipv4.conf.all.log_martians=1 + net.ipv4.conf.default.log_martians=1 +- +-# Addresses of mmap base, heap, stack and VDSO page are randomized +-kernel.randomize_va_space=2 +- +-# Reboot the machine soon after a kernel panic. +-kernel.panic=10 diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/files/google-guest-configs-dracut-deps.patch b/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/files/google-guest-configs-dracut-deps.patch new file mode 100644 index 00000000000..04be008feb3 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/files/google-guest-configs-dracut-deps.patch @@ -0,0 +1,25 @@ +From a848f8f181e2a7080a7ee06fb87ffbfe05e66a24 Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Tue, 20 Jan 2026 15:55:29 +0000 +Subject: [PATCH] dracut: Install dd and ln as these are used by google_nvme_id + +I found that the disk name symlink was missing on Flatcar due to the +lack of dd. I thought about using pure Bash, but it can't handle the +null bytes. I also thought about using tail, but this is just as likely +to be missing. + +I've also added ln for good measure. +--- a/src/lib/dracut/modules.d/30gcp-udev-rules/module-setup.sh ++++ b/src/lib/dracut/modules.d/30gcp-udev-rules/module-setup.sh +@@ -4,7 +4,7 @@ + + # called by dracut + install() { +- inst_multiple nvme grep sed ++ inst_multiple nvme dd ln grep sed + inst_simple /usr/lib/udev/google_nvme_id + inst_simple /usr/lib/udev/rules.d/65-gce-disk-naming.rules + } +-- +2.51.2 + diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/google-guest-configs-20260116.00.ebuild b/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/google-guest-configs-20260116.00.ebuild new file mode 100644 index 00000000000..0cf843420a4 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/google-guest-configs-20260116.00.ebuild @@ -0,0 +1,66 @@ +# Copyright 2026 The Flatcar Container Linux Maintainers +# Distributed under the terms of the Apache License 2.0 + +# IMPORTANT! When bumping, ensure that the Dracut modules do not install files +# that would make runtime changes to systems to other than GCE VMs because the +# initrd is shared between image types. The udev disk rules are currently safe. + +EAPI=8 + +inherit udev + +DESCRIPTION="Configuration and scripts to support the Google Compute Engine guest environment" +HOMEPAGE="http://github.com/GoogleCloudPlatform/guest-configs" +SRC_URI="https://github.com/GoogleCloudPlatform/guest-configs/archive/${PV}.tar.gz -> ${P}.tar.gz" +S="${WORKDIR}/guest-configs-${PV}" + +LICENSE="Apache-2.0 BSD ZLIB" +SLOT="0" +KEYWORDS="amd64" +IUSE="flatcar-oem" + +RDEPEND=" + ! + + + + GoogleCloudPlatform/guest-configs + + diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/google-compute-engine-20190124-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/google-compute-engine-20190124-r4.ebuild similarity index 81% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/google-compute-engine-20190124-r3.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/google-compute-engine-20190124-r4.ebuild index 2235e90a901..76c1ada09d8 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/google-compute-engine-20190124-r3.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/google-compute-engine-20190124-r4.ebuild @@ -28,3 +28,10 @@ RDEPEND=" sys-apps/iproute2 sys-apps/shadow " + +src_install() { + distutils-r1_src_install + + # Newer versions are installed by app-admin/google-guest-configs. + rm -v "${ED}"/usr/bin/google_{optimize_local_ssd,set_multiqueue} || die +} diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild index c3b64c56b9a..84598dd6cd4 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild @@ -212,6 +212,7 @@ RDEPEND="${RDEPEND} # OEM specific bits that need to go in USR RDEPEND+=" amd64? ( + app-admin/google-guest-configs[-flatcar-oem] sys-auth/google-oslogin ) " diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r7.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r7.ebuild deleted file mode 100644 index 5baa71325b6..00000000000 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r7.ebuild +++ /dev/null @@ -1,42 +0,0 @@ -# Copyright (c) 2013 CoreOS, Inc.. All rights reserved. -# Distributed under the terms of the GNU General Public License v2 -# Copyright (c) 2020 Kinvolk GmbH. All rights reserved. -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit systemd - -DESCRIPTION="OEM suite for Google Compute Engine images" -HOMEPAGE="https://cloud.google.com/products/compute-engine/" -SRC_URI="" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="amd64" -IUSE="" - -# no source directory -S="${WORKDIR}" - -RDEPEND=" - app-emulation/google-compute-engine -" - -OEM_NAME="Google Compute Engine" - -src_install() { - systemd_dounit "${FILESDIR}/units/oem-gce.service" - systemd_dounit "${FILESDIR}/units/oem-gce-enable-oslogin.service" - systemd_dounit "${FILESDIR}/units/setup-oem.service" - systemd_install_dropin "multi-user.target" "${FILESDIR}/units/10-oem-gce.conf" - systemd_enable_service "multi-user.target" "ntpd.service" - - dobin "${FILESDIR}/bin/enable-oslogin" - dobin "${FILESDIR}/bin/init.sh" - - # These files will be symlinked to /etc via 'setup-oem.service' - insinto /usr/share/gce/ - doins "${FILESDIR}/files/hosts" - doins "${FILESDIR}/files/google-cloud-sdk.sh" -} diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20260102.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20260102.ebuild new file mode 100644 index 00000000000..f8097afd48b --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20260102.ebuild @@ -0,0 +1,35 @@ +# Copyright (c) 2013 CoreOS, Inc.. All rights reserved. +# Distributed under the terms of the GNU General Public License v2 +# Copyright (c) 2020 Kinvolk GmbH. All rights reserved. +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit systemd + +DESCRIPTION="OEM suite for Google Compute Engine images" +HOMEPAGE="https://cloud.google.com/products/compute-engine/" +S="${WORKDIR}" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="amd64" + +RDEPEND=" + app-admin/google-guest-configs[flatcar-oem] + app-emulation/google-compute-engine +" + +OEM_NAME="Google Compute Engine" + +src_install() { + systemd_dounit "${FILESDIR}"/units/{oem-gce,oem-gce-enable-oslogin,setup-oem}.service + systemd_install_dropin multi-user.target "${FILESDIR}"/units/10-oem-gce.conf + systemd_enable_service multi-user.target ntpd.service + + dobin "${FILESDIR}"/bin/{enable-oslogin,init.sh} + + # These files will be symlinked to /etc via 'setup-oem.service' + insinto /usr/share/gce + doins "${FILESDIR}"/files/{google-cloud-sdk.sh,hosts} +} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.12.66.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.12.66.ebuild index 49be09709cc..5cdf8bbe068 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.12.66.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.12.66.ebuild @@ -56,7 +56,10 @@ DEPEND=" >=sys-kernel/coreos-firmware-20180103-r1:= sys-process/procps virtual/udev - amd64? ( sys-firmware/intel-microcode:= ) + amd64? ( + app-admin/google-guest-configs[-flatcar-oem] + sys-firmware/intel-microcode:= + ) " src_prepare() { From f9cc49704721f4b1a826e1e0b47c7dff995243a9 Mon Sep 17 00:00:00 2001 From: James Le Cuirot Date: Tue, 20 Jan 2026 16:11:46 +0000 Subject: [PATCH 4/5] sys-kernel/bootengine: Bump for sysctl rerun fix Signed-off-by: James Le Cuirot --- .../third_party/coreos-overlay/sys-kernel/bootengine/Manifest | 2 +- ...ootengine-0.0.38-r39.ebuild => bootengine-0.0.38-r40.ebuild} | 0 .../coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/{bootengine-0.0.38-r39.ebuild => bootengine-0.0.38-r40.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/Manifest index 611db5b5f89..8c6adc49d88 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/Manifest @@ -1 +1 @@ -DIST bootengine-7d9895ce55617b18a78294975197975ac17b5bc3.tar.gz 36752 BLAKE2B 88c0478fd368203f3184f3e98ef8b277b725b6a7da6f39198c8366e71cb587705eb3859ccd92f701b4f7da4ed9571d645ddebc32293671477fed524fe31429e7 SHA512 6f8551e9b9fac5cedd8ee9fcb6d958092032b636f64c9d15f954a64c76ad9cbd8648bbb480bc92a6e98f7503d26f49e6c47989537cb1bdfb35d21eb2859e7923 +DIST bootengine-8854e0fd9fb77bf10eb8484a989d1b76a635264c.tar.gz 36865 BLAKE2B 71d9173321eae6856fc33f01f761864f2827e445d1671d9cd8cb8563fd76c06c3361df898b902448efe0bc1661ba42fc9167d71b164ba92daddac0fa2203d130 SHA512 3fd9575e22d5808caa099425beb0911d429ff4cec6b9d86a1371cf6f437306c693cae7d6e39e4814f5d15207d9ec82c95aa037a1ad0c5bb05c675ba13137b81b diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r39.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r40.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r39.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r40.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild index 7ccfb49009c..b9bb5bc689a 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild @@ -10,7 +10,7 @@ if [[ ${PV} == 9999 ]]; then EGIT_REPO_URI="https://github.com/flatcar/bootengine.git" inherit git-r3 else - EGIT_VERSION="7d9895ce55617b18a78294975197975ac17b5bc3" # flatcar-master + EGIT_VERSION="8854e0fd9fb77bf10eb8484a989d1b76a635264c" # chewi/sysctl-rerun SRC_URI="https://github.com/flatcar/bootengine/archive/${EGIT_VERSION}.tar.gz -> ${PN}-${EGIT_VERSION}.tar.gz" S="${WORKDIR}/${PN}-${EGIT_VERSION}" KEYWORDS="amd64 arm arm64 x86" From 97f90fb1c17f394c29890bb9893b72d82cb7a93b Mon Sep 17 00:00:00 2001 From: James Le Cuirot Date: Mon, 26 Jan 2026 16:22:38 +0000 Subject: [PATCH 5/5] sys-apps/systemd: Rerun sysctl after the sysexts have been mounted It is run early from the initrd, so wait for the sysexts, which may have additional configuration, before running it again. Signed-off-by: James Le Cuirot --- .../coreos-overlay/coreos/config/env/sys-apps/systemd | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/systemd b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/systemd index defe7e8d0ba..53124d02a8a 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/systemd +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/systemd @@ -173,6 +173,16 @@ After=ensure-sysext.service EOF ) + ( + insinto "$(systemd_get_systemunitdir)/systemd-sysctl.service.d" + newins - flatcar.conf <<'EOF' +# sysctl runs early from the initrd, so wait for sysexts with additional +# configuration to be mounted before running it again. +[Unit] +After=ensure-sysext.service +EOF + ) + ( # Allow @mount syscalls for systemd-udevd.service insinto "$(systemd_get_systemunitdir)/systemd-udevd.service.d"