diff --git a/build_library/build_image_util.sh b/build_library/build_image_util.sh index 5769b643398..0c2729159e6 100755 --- a/build_library/build_image_util.sh +++ b/build_library/build_image_util.sh @@ -152,7 +152,12 @@ emerge_to_image() { sudo -E ROOT="${root_fs_dir}" \ FEATURES="-ebuild-locks -merge-wait" \ PORTAGE_CONFIGROOT="${BUILD_DIR}"/configroot \ - emerge --usepkgonly --jobs="${NUM_JOBS}" --verbose "$@" + emerge \ + --usepkgonly \ + --binpkg-respect-use=y \ + --jobs="${NUM_JOBS}" \ + --verbose \ + "$@" # Shortcut if this was just baselayout [[ "$*" == *sys-apps/baselayout ]] && return diff --git a/build_sdk_container_image b/build_sdk_container_image index 7bfa03de076..62146ab9b79 100755 --- a/build_sdk_container_image +++ b/build_sdk_container_image @@ -125,10 +125,6 @@ fi # -- -docker_build() { - PROGRESS_NO_TRUNC=1 $docker build --progress plain "${@}" -} - # build plain SDK container w/o board support # import_image="flatcar-sdk-import:${docker_vernum}" diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/app-shells/bash/bash-jobs-del-pid-async.patch b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/app-shells/bash/bash-jobs-del-pid-async.patch new file mode 100644 index 00000000000..5d02873cb61 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/app-shells/bash/bash-jobs-del-pid-async.patch @@ -0,0 +1,45 @@ +https://bugs.gentoo.org/970713 + +From e359bdc261f9493d91b3cf792fe4fc480ecd6dc3 Mon Sep 17 00:00:00 2001 +From: Kerin Millar +Date: Thu, 13 Nov 2025 18:39:28 +0000 +Subject: [PATCH] jobs.c: only call bgp_delete on a newly-created pid if + asynchronous + +This is a backport of the following change from the devel branch. + +jobs.c + - make_child: only call bgp_delete on a newly-created pid if that + process is asynchronous, since that is what will cause it to be + put into the bgpids table. This mostly matters for procsubs and + asynchronous jobs, but will happen for comsubs in async jobs + and coprocs as well. + +Bug: https://bugs.gentoo.org/965423 +Signed-off-by: Kerin Millar +--- + jobs.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/jobs.c b/jobs.c +index cbcc2c15..bafa7c26 100644 +--- a/jobs.c ++++ b/jobs.c +@@ -2482,9 +2482,11 @@ make_child (char *command, int flags) + been reused. */ + delete_old_job (pid); + +- /* Perform the check for pid reuse unconditionally. Some systems reuse +- PIDs before giving a process CHILD_MAX/_SC_CHILD_MAX unique ones. */ +- bgp_delete (pid); /* new process, discard any saved status */ ++ /* Perform the check for background pid reuse unconditionally. ++ Some systems reuse PIDs before giving a process ++ CHILD_MAX/_SC_CHILD_MAX unique ones. */ ++ if (async_p) ++ bgp_delete (pid); /* new background process, discard any saved status */ + + last_made_pid = pid; + +-- +2.51.2 + diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/profile.bashrc b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/profile.bashrc index c3299e99058..332ae8c3413 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/profile.bashrc +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/profile.bashrc @@ -128,7 +128,7 @@ cros_pre_pkg_setup_sysroot_build_bin_dir() { # and also remove their associated debug files to avoid wasting space. cros_post_pkg_preinst_rm_masked_debug_files() { local link debug dir=${ED}/usr/lib/debug - [[ -d ${dir}/.build-id ]] || return + [[ -d ${dir}/.build-id ]] || return 0 while read -d $'\n' -r link; do debug=$(realpath "${link}.debug") || die rm -f -- "${link}" "${link}.debug" "${debug}" || die diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild index 3bdaf2afaf6..ca9aaf1d64c 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild @@ -94,7 +94,7 @@ pkg_preinst() { libdirs=$(get_all_libdirs) emake -C "${ED}/usr/share/${PN}" DESTDIR="${EROOT}" LIBDIRS="${libdirs}" layout SYSTEMD_JOURNAL_GID=${ACCT_GROUP_SYSTEMD_JOURNAL_ID:-190} ROOT_UID=0 ROOT_GID=0 CORE_UID=500 CORE_GID=500 \ - DESTDIR=${D} "${ED}/usr/share/${PN}/dumb-tmpfiles-proc.sh" "${ED}/usr/lib/tmpfiles.d" || die + DESTDIR=${ROOT} "${ED}/usr/share/${PN}/dumb-tmpfiles-proc.sh" --exclude CZL+ "${ED}/usr/lib/tmpfiles.d" || die rm -f "${ED}/usr/share/${PN}/Makefile" "${ED}/usr/share/${PN}/dumb-tmpfiles-proc.sh" || die } diff --git a/sdk_lib/Dockerfile.sdk-import b/sdk_lib/Dockerfile.sdk-import index 10a625a319a..a8e75e5d121 100644 --- a/sdk_lib/Dockerfile.sdk-import +++ b/sdk_lib/Dockerfile.sdk-import @@ -17,11 +17,6 @@ RUN if ! grep -q portage /etc/passwd; then \ echo "portage:x:250:250:portage:/var/tmp/portage:/bin/false" >>/etc/passwd; \ fi -# fix "Unable to unshare: EPERM ..." in containers -# (see https://github.com/gentoo/gentoo-docker-images/issues/81) -RUN echo 'export FEATURES="-ipc-sandbox -network-sandbox -pid-sandbox"' \ - >> /etc/skel/.bashrc - RUN groupadd sdk RUN useradd -g sdk -G portage sdk RUN echo "sdk ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/sdk-user diff --git a/sdk_lib/Dockerfile.sdk-update b/sdk_lib/Dockerfile.sdk-update index a102b656cb5..3ddb82d1c81 100644 --- a/sdk_lib/Dockerfile.sdk-update +++ b/sdk_lib/Dockerfile.sdk-update @@ -4,22 +4,13 @@ FROM ${BASE} COPY --chown=sdk:sdk sdk_container/ /mnt/host/source COPY --chown=sdk:sdk . /mnt/host/source/src/scripts -# Disable all sandboxing for SDK updates since some core packages -# (like GO) fail to build from a permission error otherwise. -RUN cp /home/sdk/.bashrc /home/sdk/.bashrc.bak -RUN echo 'export FEATURES="-sandbox -usersandbox -ipc-sandbox -network-sandbox -pid-sandbox"' \ - >> /home/sdk/.bashrc - RUN chown sdk:sdk /mnt/host/source -RUN /home/sdk/sdk_entry.sh ./update_chroot --toolchain_boards="amd64-usr arm64-usr" +RUN FEATURES="-ipc-sandbox -network-sandbox -pid-sandbox" \ + /home/sdk/sdk_entry.sh ./update_chroot --toolchain_boards="amd64-usr arm64-usr" RUN /home/sdk/sdk_entry.sh ./setup_board --board="arm64-usr" --regen_configs RUN /home/sdk/sdk_entry.sh ./setup_board --board="amd64-usr" --regen_configs -# Restore original .bashrc to remove sandbox disablement -RUN mv /home/sdk/.bashrc.bak /home/sdk/.bashrc -RUN chown sdk:sdk /home/sdk/.bashrc - # Clean up ephemeral key directory variables that were added during build RUN sed -i -e '/export MODULE_SIGNING_KEY_DIR=/d' \ -e '/export MODULES_SIGN_KEY=/d' \ diff --git a/sdk_lib/sdk_container_common.sh b/sdk_lib/sdk_container_common.sh index b0f94cfbf67..b98be744afd 100644 --- a/sdk_lib/sdk_container_common.sh +++ b/sdk_lib/sdk_container_common.sh @@ -41,6 +41,11 @@ docker=${docker_a[*]} function call_docker() { "${docker_a[@]}" "${@}" } + +function docker_build() { + PROGRESS_NO_TRUNC=1 call_docker build --progress plain "${@}" +} + # -- # Common "echo" function diff --git a/update_sdk_container_image b/update_sdk_container_image index b11f383f573..ab126021e2b 100755 --- a/update_sdk_container_image +++ b/update_sdk_container_image @@ -75,7 +75,8 @@ fi yell "Creating new SDK container image ${new_sdk_version} from ${base_sdk_version}" create_versionfile "${new_sdk_version}" "${os_version}" -$docker build -t "${sdk_build_image}" \ +docker_build \ + -t "${sdk_build_image}" \ --build-arg BASE="$sdk_container_common_registry/flatcar-sdk-all:${base_sdk_version}" \ -f sdk_lib/Dockerfile.sdk-update \ . @@ -87,7 +88,7 @@ for a in all arm64 amd64; do arm64) rmarch="amd64-usr"; rmcross="x86_64-cros-linux-gnu";; amd64) rmarch="arm64-usr"; rmcross="aarch64-cros-linux-gnu";; esac - $docker build -t "$sdk_container_common_registry/flatcar-sdk-${a}:${docker_vernum}" \ + docker_build -t "$sdk_container_common_registry/flatcar-sdk-${a}:${docker_vernum}" \ --build-arg VERSION="${docker_vernum}" \ --build-arg RMARCH="${rmarch}" \ --build-arg RMCROSS="${rmcross}" \