From e1628eab3f48fbb4d7936a032ec17bd207394e17 Mon Sep 17 00:00:00 2001 From: Mathieu Tortuyaux Date: Thu, 5 Mar 2026 13:19:05 +0100 Subject: [PATCH 01/22] New version: alpha-4628.0.0 Signed-off-by: Mathieu Tortuyaux --- sdk_container/.repo/manifests/version.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sdk_container/.repo/manifests/version.txt b/sdk_container/.repo/manifests/version.txt index db18ed1bed2..befb1af2cc9 100644 --- a/sdk_container/.repo/manifests/version.txt +++ b/sdk_container/.repo/manifests/version.txt @@ -1,4 +1,4 @@ -FLATCAR_VERSION=4629.0.0+nightly-20260304-2100 -FLATCAR_VERSION_ID=4629.0.0 -FLATCAR_BUILD_ID="nightly-20260304-2100" -FLATCAR_SDK_VERSION=4629.0.0+nightly-20260304-2100 +FLATCAR_VERSION=4628.0.0 +FLATCAR_VERSION_ID=4628.0.0 +FLATCAR_BUILD_ID="" +FLATCAR_SDK_VERSION=4628.0.0 From d1a0f7c7c61be3f0d9d20a17cdf6a3abf3480cc8 Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Mon, 9 Mar 2026 16:33:43 +0000 Subject: [PATCH 02/22] Update mantle container image to latest HEAD Signed-off-by: Flatcar Buildbot --- sdk_container/.repo/manifests/mantle-container | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk_container/.repo/manifests/mantle-container b/sdk_container/.repo/manifests/mantle-container index 291a60fac6c..178f9082e5d 100644 --- a/sdk_container/.repo/manifests/mantle-container +++ b/sdk_container/.repo/manifests/mantle-container @@ -1 +1 @@ -ghcr.io/flatcar/mantle:git-f2aab0e1888699dce88490d2992e8dc8c28e041a +ghcr.io/flatcar/mantle:git-188106b2341b5392fe0d9fe03692f2ff45eeaad4 From 48000d50cbf6b4539084d2ea53bf161309e1624b Mon Sep 17 00:00:00 2001 From: Mathieu Tortuyaux Date: Mon, 9 Mar 2026 16:57:01 +0100 Subject: [PATCH 03/22] image_changes: update PATH variable For some reasons, the '#!/usr/bin/env python3' command of the 'show-fixed-kernel-cves.py' started to resolve 'python3' before reaching the 'ci-automation/python-bin' PATH location. So 'feedparser' was not installed, so it was failing. I guess we shipped some Python updates providing 'python3' resolution, or we stopped masked some Python related stuffs into the SDK. Flipping the 'ci-automation/python-bin' should fix the issue and it should not have any side-effects as this is scopped only on the 'show-changes' script call. Signed-off-by: Mathieu Tortuyaux --- ci-automation/image_changes.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci-automation/image_changes.sh b/ci-automation/image_changes.sh index 9279cdf9305..c928e147fda 100644 --- a/ci-automation/image_changes.sh +++ b/ci-automation/image_changes.sh @@ -78,7 +78,7 @@ function ricj_callback() { ) show_changes_env+=( # Provide a python3 command for the CVE DB parsing - "PATH=${PATH}:${PWD}/ci-automation/python-bin" + "PATH=${PWD}/ci-automation/python-bin:${PATH}" # Override the default locations of repositories. "SCRIPTS_REPO=." "COREOS_OVERLAY_REPO=../coreos-overlay" From b60f0d9bcdd5374729a4f65261a892a187e2130a Mon Sep 17 00:00:00 2001 From: flatcar-ci Date: Mon, 9 Mar 2026 21:00:27 +0000 Subject: [PATCH 04/22] New version: alpha-4628.0.0-nightly-20260309-2100 Signed-off-by: flatcar-ci --- sdk_container/.repo/manifests/version.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk_container/.repo/manifests/version.txt b/sdk_container/.repo/manifests/version.txt index befb1af2cc9..ebde2e268c4 100644 --- a/sdk_container/.repo/manifests/version.txt +++ b/sdk_container/.repo/manifests/version.txt @@ -1,4 +1,4 @@ -FLATCAR_VERSION=4628.0.0 +FLATCAR_VERSION=4628.0.0+nightly-20260309-2100 FLATCAR_VERSION_ID=4628.0.0 -FLATCAR_BUILD_ID="" +FLATCAR_BUILD_ID="nightly-20260309-2100" FLATCAR_SDK_VERSION=4628.0.0 From db89ea8a9083992de3861417a2257a8d0ce325f1 Mon Sep 17 00:00:00 2001 From: James Le Cuirot Date: Mon, 9 Mar 2026 09:24:18 +0000 Subject: [PATCH 05/22] sys-kernel/bootengine: Bump to address PXE OEM issue Signed-off-by: James Le Cuirot --- changelog/bugfixes/2026-03-03-pxe-oem.md | 1 + .../third_party/coreos-overlay/sys-kernel/bootengine/Manifest | 2 +- ...ootengine-0.0.38-r40.ebuild => bootengine-0.0.38-r41.ebuild} | 0 .../coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild | 2 +- 4 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 changelog/bugfixes/2026-03-03-pxe-oem.md rename sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/{bootengine-0.0.38-r40.ebuild => bootengine-0.0.38-r41.ebuild} (100%) diff --git a/changelog/bugfixes/2026-03-03-pxe-oem.md b/changelog/bugfixes/2026-03-03-pxe-oem.md new file mode 100644 index 00000000000..3f0353bc12d --- /dev/null +++ b/changelog/bugfixes/2026-03-03-pxe-oem.md @@ -0,0 +1 @@ +- Restored the ability to customize PXE images with OEM data. This was broken since moving to the minimal initrd. ([Flatcar#2023](https://github.com/flatcar/Flatcar/issues/2023)) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/Manifest index 0b5c248f249..9571449fe29 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/Manifest @@ -1 +1 @@ -DIST bootengine-e9a7ee2ee3c411b28db95d9bf826c54128c5343e.tar.gz 37230 BLAKE2B 6bf681e78612a08263865ca4be78c086a2ab150b449320ab961e443b63e592cdea2d4c2d8bbdb6038cb3a7caae007d72b14759bcfa048f6231f213b8ebeda1a9 SHA512 bcc6b0e99e99a7387060112506feec1d4ce341ba63029d6466e9822c569ff5c7b9d5267f7980fa24778181d27f91be5f82653da2e829b66e62851484e11dcac0 +DIST bootengine-9c6a9e4c03e27cdfc5056bf6a76788d2b7165cbb.tar.gz 37123 BLAKE2B a3fafdd8ca38f5eca2df8cfe7fb7825ecfa3b41146c1be327fdf261444d52fa7c582b8351239d1c50532db89d3b863dde445de5dfe60ad167c36c8c8460c2a40 SHA512 e3569138b05b7c07554a37a767a60318f1df918532317f1a9f11b2cd12fc5e7079f8c713287104169575eea93fd83c4238cf230787941341f1d157e9069527bb diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r40.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r41.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r40.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r41.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild index 03ea6c473a8..1067e454e0a 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild @@ -10,7 +10,7 @@ if [[ ${PV} == 9999 ]]; then EGIT_REPO_URI="https://github.com/flatcar/bootengine.git" inherit git-r3 else - EGIT_VERSION="e9a7ee2ee3c411b28db95d9bf826c54128c5343e" # flatcar-master + EGIT_VERSION="9c6a9e4c03e27cdfc5056bf6a76788d2b7165cbb" # flatcar-master SRC_URI="https://github.com/flatcar/bootengine/archive/${EGIT_VERSION}.tar.gz -> ${PN}-${EGIT_VERSION}.tar.gz" S="${WORKDIR}/${PN}-${EGIT_VERSION}" KEYWORDS="amd64 arm arm64 x86" From e71773ed71159b7e12bcc0c5474dfeed8f23f3ed Mon Sep 17 00:00:00 2001 From: Robin Schneider Date: Tue, 10 Mar 2026 14:07:14 +0100 Subject: [PATCH 06/22] Change shebang for run_sdk_container Signed-off-by: Robin Schneider --- run_sdk_container | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run_sdk_container b/run_sdk_container index 5c298ba2186..2943d689f7d 100755 --- a/run_sdk_container +++ b/run_sdk_container @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Copyright (c) 2021 The Flatcar Maintainers. # Use of this source code is governed by a BSD-style license that can be From 126e8e52809ad30c2ab90e0322cf93137acbaac1 Mon Sep 17 00:00:00 2001 From: James Le Cuirot Date: Tue, 10 Mar 2026 12:15:46 +0000 Subject: [PATCH 07/22] ci-automation: Allow overriding Mantle container name and tag MANTLE_REF will be optionally passed by Jenkins. Signed-off-by: James Le Cuirot --- ci-automation/test.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/ci-automation/test.sh b/ci-automation/test.sh index 04890e47467..24ba85bb19e 100644 --- a/ci-automation/test.sh +++ b/ci-automation/test.sh @@ -18,7 +18,8 @@ # # 1. SDK version and OS image version are recorded in sdk_container/.repo/manifests/version.txt # 2. Scripts repo version tag of OS image version to be built is available and checked out. -# 3. Mantle container docker image reference is stored in sdk_container/.repo/manifests/mantle-container. +# 3. Mantle container name and tag is stored in sdk_container/.repo/manifests/mantle-container +# (or MANTLE_REF is set). # 4. Vendor image to run tests for are available on buildcache # ( images/[ARCH]/[FLATCAR_VERSION]/ ) # @@ -36,6 +37,7 @@ # MAX_RETRIES. Environment variable. Number of re-runs to overcome transient failures. Defaults to 20. # PARALLEL_TESTS. Environment variable. Number of test cases to run in parallel. # Default is image / vendor specific and defined in ci-automation/ci-config.env. +# MANTLE_REF. Environment variable. Overrides the Mantle container name and tag to run the tests with. # # OUTPUT: # @@ -129,8 +131,8 @@ function _test_run_impl() { get_git_channel >"${work_dir}/git_channel" local container_name="flatcar-tests-${arch}-${docker_vernum}-${image}" - local mantle_ref - mantle_ref=$(cat sdk_container/.repo/manifests/mantle-container) + local -I MANTLE_REF + : "${MANTLE_REF:=$(< sdk_container/.repo/manifests/mantle-container)}" local tap_merged_summary="results-${image}" local tap_merged_detailed="results-${image}-detailed" @@ -168,7 +170,7 @@ function _test_run_impl() { set +e touch sdk_container/.env docker run --pull always --rm --name="${container_name}" --privileged --net host -v /dev:/dev \ - -w /work -v "$PWD":/work "${mantle_ref}" \ + -w /work -v "$PWD":/work "${MANTLE_REF}" \ bash -c "git config --global --add safe.directory /work && \ source sdk_container/.env && \ ci-automation/vendor-testing/${image_escaped}.sh ${common_test_args_escaped[*]} ${tapfile_escaped} ${tests_escaped[*]}" @@ -177,7 +179,7 @@ function _test_run_impl() { # Note: git safe.directory is not set in this run as it does not use git docker run --pull always --rm --name="${container_name}" --privileged --net host -v /dev:/dev \ - -w /work -v "$PWD":/work "${mantle_ref}" \ + -w /work -v "$PWD":/work "${MANTLE_REF}" \ ci-automation/test_update_reruns.sh \ "${arch}" "${vernum}" "${image}" "${retry}" \ "${tests_dir}/${tapfile}" \ From edba5458fbca88034c81ab9b614403a7ba3e86b6 Mon Sep 17 00:00:00 2001 From: flatcar-ci Date: Tue, 10 Mar 2026 21:00:26 +0000 Subject: [PATCH 08/22] New version: alpha-4628.0.0-nightly-20260310-2100 Signed-off-by: flatcar-ci --- sdk_container/.repo/manifests/version.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk_container/.repo/manifests/version.txt b/sdk_container/.repo/manifests/version.txt index ebde2e268c4..a12cf31da4b 100644 --- a/sdk_container/.repo/manifests/version.txt +++ b/sdk_container/.repo/manifests/version.txt @@ -1,4 +1,4 @@ -FLATCAR_VERSION=4628.0.0+nightly-20260309-2100 +FLATCAR_VERSION=4628.0.0+nightly-20260310-2100 FLATCAR_VERSION_ID=4628.0.0 -FLATCAR_BUILD_ID="nightly-20260309-2100" +FLATCAR_BUILD_ID="nightly-20260310-2100" FLATCAR_SDK_VERSION=4628.0.0 From 6a9761ffcce861b95946db5dd717192627e9c887 Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Wed, 11 Mar 2026 08:43:59 +0000 Subject: [PATCH 09/22] Update mantle container image to latest HEAD Signed-off-by: Flatcar Buildbot --- sdk_container/.repo/manifests/mantle-container | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk_container/.repo/manifests/mantle-container b/sdk_container/.repo/manifests/mantle-container index 178f9082e5d..d0a919071bd 100644 --- a/sdk_container/.repo/manifests/mantle-container +++ b/sdk_container/.repo/manifests/mantle-container @@ -1 +1 @@ -ghcr.io/flatcar/mantle:git-188106b2341b5392fe0d9fe03692f2ff45eeaad4 +ghcr.io/flatcar/mantle:git-a137683fa47b986718750164b7ba15602a2bea3b From 93e3bff739951cff8a7d669ccf65dd89ac193206 Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Wed, 11 Mar 2026 17:08:42 +0000 Subject: [PATCH 10/22] Update mantle container image to latest HEAD Signed-off-by: Flatcar Buildbot --- sdk_container/.repo/manifests/mantle-container | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk_container/.repo/manifests/mantle-container b/sdk_container/.repo/manifests/mantle-container index d0a919071bd..3fd36550277 100644 --- a/sdk_container/.repo/manifests/mantle-container +++ b/sdk_container/.repo/manifests/mantle-container @@ -1 +1 @@ -ghcr.io/flatcar/mantle:git-a137683fa47b986718750164b7ba15602a2bea3b +ghcr.io/flatcar/mantle:git-ae93fe39bddc2b568585c8cad35f403b452af9de From 9818c3321038072006f85ca1d18baa233fc78fd0 Mon Sep 17 00:00:00 2001 From: flatcar-ci Date: Wed, 11 Mar 2026 21:00:25 +0000 Subject: [PATCH 11/22] New version: alpha-4628.0.0-nightly-20260311-2100 Signed-off-by: flatcar-ci --- sdk_container/.repo/manifests/version.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk_container/.repo/manifests/version.txt b/sdk_container/.repo/manifests/version.txt index a12cf31da4b..1a545900bdc 100644 --- a/sdk_container/.repo/manifests/version.txt +++ b/sdk_container/.repo/manifests/version.txt @@ -1,4 +1,4 @@ -FLATCAR_VERSION=4628.0.0+nightly-20260310-2100 +FLATCAR_VERSION=4628.0.0+nightly-20260311-2100 FLATCAR_VERSION_ID=4628.0.0 -FLATCAR_BUILD_ID="nightly-20260310-2100" +FLATCAR_BUILD_ID="nightly-20260311-2100" FLATCAR_SDK_VERSION=4628.0.0 From 2d74b522289747537e386ec2a5d1ffc635376d82 Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Sat, 14 Mar 2026 07:16:57 +0000 Subject: [PATCH 12/22] sys-kernel/coreos-sources: Update from 6.12.74 to 6.12.77 Signed-off-by: Flatcar Buildbot --- changelog/updates/2026-03-14-linux-6.12.77-update.md | 1 + .../{hv-daemons-6.12.74.ebuild => hv-daemons-6.12.77.ebuild} | 0 ...oreos-kernel-6.12.74.ebuild => coreos-kernel-6.12.77.ebuild} | 0 ...eos-modules-6.12.74.ebuild => coreos-modules-6.12.77.ebuild} | 0 .../coreos-overlay/sys-kernel/coreos-sources/Manifest | 2 +- ...eos-sources-6.12.74.ebuild => coreos-sources-6.12.77.ebuild} | 0 6 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 changelog/updates/2026-03-14-linux-6.12.77-update.md rename sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/{hv-daemons-6.12.74.ebuild => hv-daemons-6.12.77.ebuild} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/{coreos-kernel-6.12.74.ebuild => coreos-kernel-6.12.77.ebuild} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/{coreos-modules-6.12.74.ebuild => coreos-modules-6.12.77.ebuild} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/{coreos-sources-6.12.74.ebuild => coreos-sources-6.12.77.ebuild} (100%) diff --git a/changelog/updates/2026-03-14-linux-6.12.77-update.md b/changelog/updates/2026-03-14-linux-6.12.77-update.md new file mode 100644 index 00000000000..ca4320334b8 --- /dev/null +++ b/changelog/updates/2026-03-14-linux-6.12.77-update.md @@ -0,0 +1 @@ +- Linux ([6.12.77](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.77) (includes [6.12.76](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.76), [6.12.75](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.75))) diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-6.12.74.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-6.12.77.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-6.12.74.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-6.12.77.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.12.74.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.12.77.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.12.74.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.12.77.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.12.74.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.12.77.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.12.74.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.12.77.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest index 7ac8756da11..360e28b840d 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest @@ -1,2 +1,2 @@ DIST linux-6.12.tar.xz 147906904 BLAKE2B b2ec2fc69218cacabbbe49f78384a5d259ca581b717617c12b000b16f4a4c59ee348ea886b37147f5f70fb9a7a01c1e2c8f19021078f6b23f5bc62d1c48d5e5e SHA512 a37b1823df7b4f72542f689b65882634740ba0401a42fdcf6601d9efd2e132e5a7650e70450ba76f6cd1f13ca31180f2ccee9d54fe4df89bc0000ade4380a548 -DIST patch-6.12.74.xz 3867664 BLAKE2B 1bebcfc1bdaafcfb9205870d72c815fcd69225ae6216ef859be09dab8798842559bcd9c725c039909e605085f2bf3e67ab56d2cd0baca01c475d0bc4bbd5419d SHA512 aca0c0c0ce0f2cc427aecbe55867297d013af298b3d10cafed5695166185a6933fdffec76fd3bb90a172591fbca9924ec5abd3d6b32bdf5d3eaee16a32abe76b +DIST patch-6.12.77.xz 4122856 BLAKE2B 3f4be903ad737df00882bb90a0640aacccfa9588d7c407b964897f0c10aeb6d85be5285afe56433d018bb4908cae12b2f1890469db19c3417a9e758bbfea758e SHA512 cd1b18ee8af12f0d18c17f7695cbbd74d78f9ff39cc642319b5c7c22f66ab73c83aaa1cca289004fc88d769af8df37d3664e4447854d0eaa15212d916f79d691 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.74.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.77.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.74.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.77.ebuild From 8320d1585d40771c3cb5e04e5c99746a06bcbe23 Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Mon, 16 Mar 2026 07:40:17 +0000 Subject: [PATCH 13/22] app-misc/ca-certificates: Update from 3.120 to 3.121 Signed-off-by: Flatcar Buildbot --- changelog/updates/2026-03-16-ca-certificates-3.121-update.md | 1 + .../coreos-overlay/app-misc/ca-certificates/Manifest | 2 +- ...tificates-3.120.1-r1.ebuild => ca-certificates-3.121.ebuild} | 0 3 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 changelog/updates/2026-03-16-ca-certificates-3.121-update.md rename sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/{ca-certificates-3.120.1-r1.ebuild => ca-certificates-3.121.ebuild} (100%) diff --git a/changelog/updates/2026-03-16-ca-certificates-3.121-update.md b/changelog/updates/2026-03-16-ca-certificates-3.121-update.md new file mode 100644 index 00000000000..c4e863a7182 --- /dev/null +++ b/changelog/updates/2026-03-16-ca-certificates-3.121-update.md @@ -0,0 +1 @@ +- ca-certificates ([3.121](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_121.html)) diff --git a/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/Manifest b/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/Manifest index f96931a66ba..08dcb7765d4 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/Manifest @@ -1 +1 @@ -DIST nss-3.120.1.tar.gz 77895555 BLAKE2B 01ef3591010cd33dd61962d58442c6d4eee553d38101d65f9f20a50b576f1ceef0fb9f674b2caf1eadcbef63b12d23c5e494112397cc8f546f7d48dc65ed8b47 SHA512 9eb9aaae7070f0c92612e75922d3c4646f26e989a5c4d935258cc1201ceeb72accc43cbe6af83609457991a9d1d4cb67429dc8a3f3ffeaccf15cca32689921bc +DIST nss-3.121.tar.gz 77644546 BLAKE2B 972eedd73c46655a561956ac1a38814d96ce81767392532ecf42fe143f6f256a25a640d3b4b4829f4a7553d6d1961fc3e0279e740ca35d54ab6582742788cc31 SHA512 799cfb07bb806d3ab2786f7f1e88aa20ad490a0021a931b9382c08b08b6e6728367768335b05e15229f134275ee27ff153afaad78f07b394ef4c0b0e554e130c diff --git a/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.120.1-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.121.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.120.1-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.121.ebuild From ac1b08bc555990bcd17a443aab2c6421810e26e0 Mon Sep 17 00:00:00 2001 From: Mathieu Tortuyaux Date: Mon, 2 Mar 2026 15:05:38 +0100 Subject: [PATCH 14/22] Revert "app-misc/ca-certificates: use github URLs" This reverts commit 25de567365b64397fb9de6245ea80be005001768. I think that the reverted commit was trying to fix a "non-error". On Gentoo distfiles, it that seems a glitch has occured on ca-certificates-3.120.1, as the decompressed archive tree files is not consistent from one release to the other: ``` $ wget http://distfiles.gentoo.org/distfiles/37/nss-3.120.1.tar.gz $ wget http://distfiles.gentoo.org/distfiles/43/nss-3.121.tar.gz $ tar -xf nss-3.120.1.tar.gz $ tar -xf nss-3.121.tar.gz $ ls -l nss-3.121/nss total 88 drwxr-xr-x 8 tormath1 tormath1 160 Mar 2 15:00 automation -rwxr-xr-x 1 tormath1 tormath1 9183 Feb 19 10:30 build.sh ... $ ls -l nss-NSS_3_120_1_RTM/ total 88 drwxr-xr-x 8 tormath1 tormath1 160 Feb 11 19:19 automation -rwxr-xr-x 1 tormath1 tormath1 9183 Feb 11 19:19 build.sh ... ``` Signed-off-by: Mathieu Tortuyaux --- .../app-misc/ca-certificates/ca-certificates-3.121.ebuild | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.121.ebuild b/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.121.ebuild index 98c36690440..9523c71d1e4 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.121.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.121.ebuild @@ -9,11 +9,11 @@ inherit python-any-r1 systemd tmpfiles RTM_NAME="NSS_${PV//./_}_RTM" MY_PN="nss" MY_P="${MY_PN}-${PV}" -S="${WORKDIR}/${MY_PN}-${RTM_NAME}" +S="${WORKDIR}" DESCRIPTION="Mozilla's CA Certificate Store" HOMEPAGE="http://www.mozilla.org/en-US/about/governance/policies/security-group/certs/" -SRC_URI="https://github.com/nss-dev/nss/archive/refs/tags/${RTM_NAME}.tar.gz -> ${MY_P}.tar.gz" +SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${MY_P}.tar.gz" # NSS is licensed under the MPL, files/certdata2pem.py is GPL LICENSE="MPL-2.0 GPL-2" @@ -72,7 +72,7 @@ gen_tmpfiles() { } src_compile() { - local certdata="${S}/lib/ckfw/builtins/certdata.txt" + local certdata="${MY_P}/nss/lib/ckfw/builtins/certdata.txt" ${PYTHON} "${FILESDIR}/certdata2pem.py" "${certdata}" certs || die cd certs || die From c00f757d973f46d44af0a8aa7942714858aebef7 Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Mon, 16 Mar 2026 11:35:14 +0000 Subject: [PATCH 15/22] Update mantle container image to latest HEAD Signed-off-by: Flatcar Buildbot --- sdk_container/.repo/manifests/mantle-container | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk_container/.repo/manifests/mantle-container b/sdk_container/.repo/manifests/mantle-container index 3fd36550277..9f46ba2a337 100644 --- a/sdk_container/.repo/manifests/mantle-container +++ b/sdk_container/.repo/manifests/mantle-container @@ -1 +1 @@ -ghcr.io/flatcar/mantle:git-ae93fe39bddc2b568585c8cad35f403b452af9de +ghcr.io/flatcar/mantle:git-7c88868bd7fe8c481d115742e552f88b4892721c From 0f61da4fbf7576cf108196524afd282e21506a6e Mon Sep 17 00:00:00 2001 From: flatcar-ci Date: Mon, 16 Mar 2026 21:00:24 +0000 Subject: [PATCH 16/22] New version: alpha-4628.0.0-nightly-20260316-2100 Signed-off-by: flatcar-ci --- sdk_container/.repo/manifests/version.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk_container/.repo/manifests/version.txt b/sdk_container/.repo/manifests/version.txt index 1a545900bdc..8971c6d69e1 100644 --- a/sdk_container/.repo/manifests/version.txt +++ b/sdk_container/.repo/manifests/version.txt @@ -1,4 +1,4 @@ -FLATCAR_VERSION=4628.0.0+nightly-20260311-2100 +FLATCAR_VERSION=4628.0.0+nightly-20260316-2100 FLATCAR_VERSION_ID=4628.0.0 -FLATCAR_BUILD_ID="nightly-20260311-2100" +FLATCAR_BUILD_ID="nightly-20260316-2100" FLATCAR_SDK_VERSION=4628.0.0 From dc3f9c975790379aad878276e6b7254b23ca931e Mon Sep 17 00:00:00 2001 From: flatcar-ci Date: Tue, 17 Mar 2026 21:00:22 +0000 Subject: [PATCH 17/22] New version: alpha-4628.0.0-nightly-20260317-2100 Signed-off-by: flatcar-ci --- sdk_container/.repo/manifests/version.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk_container/.repo/manifests/version.txt b/sdk_container/.repo/manifests/version.txt index 8971c6d69e1..fa44276a1d9 100644 --- a/sdk_container/.repo/manifests/version.txt +++ b/sdk_container/.repo/manifests/version.txt @@ -1,4 +1,4 @@ -FLATCAR_VERSION=4628.0.0+nightly-20260316-2100 +FLATCAR_VERSION=4628.0.0+nightly-20260317-2100 FLATCAR_VERSION_ID=4628.0.0 -FLATCAR_BUILD_ID="nightly-20260316-2100" +FLATCAR_BUILD_ID="nightly-20260317-2100" FLATCAR_SDK_VERSION=4628.0.0 From cef193d0f51fac20c279b68da422da3ac96f36cf Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Wed, 18 Mar 2026 11:24:40 +0000 Subject: [PATCH 18/22] Update mantle container image to latest HEAD Signed-off-by: Flatcar Buildbot --- sdk_container/.repo/manifests/mantle-container | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk_container/.repo/manifests/mantle-container b/sdk_container/.repo/manifests/mantle-container index 9f46ba2a337..3066df0de61 100644 --- a/sdk_container/.repo/manifests/mantle-container +++ b/sdk_container/.repo/manifests/mantle-container @@ -1 +1 @@ -ghcr.io/flatcar/mantle:git-7c88868bd7fe8c481d115742e552f88b4892721c +ghcr.io/flatcar/mantle:git-eee95857ce80d8740f8bb756ac2358a2b1dee73f From 49100100234f7d138c445903da466658c6f0a4d9 Mon Sep 17 00:00:00 2001 From: flatcar-ci Date: Wed, 18 Mar 2026 21:00:28 +0000 Subject: [PATCH 19/22] New version: alpha-4628.0.0-nightly-20260318-2100 Signed-off-by: flatcar-ci --- sdk_container/.repo/manifests/version.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk_container/.repo/manifests/version.txt b/sdk_container/.repo/manifests/version.txt index fa44276a1d9..441cbede426 100644 --- a/sdk_container/.repo/manifests/version.txt +++ b/sdk_container/.repo/manifests/version.txt @@ -1,4 +1,4 @@ -FLATCAR_VERSION=4628.0.0+nightly-20260317-2100 +FLATCAR_VERSION=4628.0.0+nightly-20260318-2100 FLATCAR_VERSION_ID=4628.0.0 -FLATCAR_BUILD_ID="nightly-20260317-2100" +FLATCAR_BUILD_ID="nightly-20260318-2100" FLATCAR_SDK_VERSION=4628.0.0 From 7b5d4182bc2e17530bd341a5450d1179548d0db1 Mon Sep 17 00:00:00 2001 From: Navaneeth Rao Date: Sat, 21 Mar 2026 05:24:51 +0000 Subject: [PATCH 20/22] feat: oraclecloud initial --- build_library/vm_image_util.sh | 9 +++++++++ .../common-oem-files-0-r11.ebuild | 1 + .../files/oraclecloud/grub.cfg.frag | 2 ++ .../oem-oraclecloud/oem-oraclecloud-0.ebuild | 15 +++++++++++++++ 4 files changed, 27 insertions(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/files/oraclecloud/grub.cfg.frag create mode 100644 sdk_container/src/third_party/coreos-overlay/coreos-base/oem-oraclecloud/oem-oraclecloud-0.ebuild diff --git a/build_library/vm_image_util.sh b/build_library/vm_image_util.sh index ba715812195..2b873838345 100644 --- a/build_library/vm_image_util.sh +++ b/build_library/vm_image_util.sh @@ -6,6 +6,7 @@ # Default values use the format IMG_DEFAULT_. VALID_IMG_TYPES=( + oraclecloud akamai ami ami_vmdk @@ -48,6 +49,7 @@ VALID_IMG_TYPES=( #list of oem package names, minus the oem- prefix VALID_OEM_PACKAGES=( + oraclecloud akamai azure cloudsigma @@ -350,6 +352,13 @@ IMG_akamai_OEM_PACKAGE=common-oem-files IMG_akamai_OEM_USE=akamai IMG_akamai_OEM_SYSEXT=oem-akamai +## Oracle Cloud +IMG_oraclecloud_DISK_FORMAT=qcow2 +IMG_oraclecloud_DISK_LAYOUT=vm +IMG_oraclecloud_OEM_PACKAGE=common-oem-files +IMG_oraclecloud_OEM_USE=oraclecloud +IMG_oraclecloud_OEM_SYSEXT=oem-oraclecloud + # proxmoxve IMG_proxmoxve_DISK_FORMAT=qcow2 IMG_proxmoxve_DISK_LAYOUT=vm diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/common-oem-files-0-r11.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/common-oem-files-0-r11.ebuild index 6bdfa95ca07..2af31858e04 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/common-oem-files-0-r11.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/common-oem-files-0-r11.ebuild @@ -29,6 +29,7 @@ if [[ ${1:-} = 'flatcar-local-variables' ]]; then fi COMMON_OEMIDS=( + oraclecloud akamai ami azure diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/files/oraclecloud/grub.cfg.frag b/sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/files/oraclecloud/grub.cfg.frag new file mode 100644 index 00000000000..2b7897ca08f --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/files/oraclecloud/grub.cfg.frag @@ -0,0 +1,2 @@ +set oem_id="oraclecloud" +set linux_append="flatcar.autologin" diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-oraclecloud/oem-oraclecloud-0.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-oraclecloud/oem-oraclecloud-0.ebuild new file mode 100644 index 00000000000..9e4c0fa1e9b --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-oraclecloud/oem-oraclecloud-0.ebuild @@ -0,0 +1,15 @@ +# Copyright (c) 2013 CoreOS, Inc.. All rights reserved. +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="OEM suite for Akamai (previously Linode)" +HOMEPAGE="https://www.linode.com" +SRC_URI="" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64" +IUSE="" + +OEM_NAME="oraclecloud" From 4b0876fa4c4781164c5b0993adc1bda7b45567c8 Mon Sep 17 00:00:00 2001 From: Navaneeth Date: Sat, 21 Mar 2026 16:53:43 +0530 Subject: [PATCH 21/22] fix: make ignition also work on oci. qemu fix --- .../common-oem-files/files/oraclecloud/grub.cfg.frag | 2 +- .../coreos-base/oem-oraclecloud/oem-oraclecloud-0.ebuild | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/files/oraclecloud/grub.cfg.frag b/sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/files/oraclecloud/grub.cfg.frag index 2b7897ca08f..31a579babb8 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/files/oraclecloud/grub.cfg.frag +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/files/oraclecloud/grub.cfg.frag @@ -1,2 +1,2 @@ set oem_id="oraclecloud" -set linux_append="flatcar.autologin" +set linux_append="flatcar.autologin flatcar.oem.id=oraclecloud" diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-oraclecloud/oem-oraclecloud-0.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-oraclecloud/oem-oraclecloud-0.ebuild index 9e4c0fa1e9b..9106ac8e437 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-oraclecloud/oem-oraclecloud-0.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-oraclecloud/oem-oraclecloud-0.ebuild @@ -3,8 +3,8 @@ EAPI=8 -DESCRIPTION="OEM suite for Akamai (previously Linode)" -HOMEPAGE="https://www.linode.com" +DESCRIPTION="OEM suite for Oracle Cloud" +HOMEPAGE="https://cloud.oracle.com/" SRC_URI="" LICENSE="GPL-2" From 53e1b2e4939cfed61777272fe631d86f4ea50221 Mon Sep 17 00:00:00 2001 From: Navaneeth Date: Sun, 22 Mar 2026 10:05:10 +0530 Subject: [PATCH 22/22] fix: suggestions --- .../coreos-base/common-oem-files/common-oem-files-0-r11.ebuild | 2 +- .../coreos-base/oem-oraclecloud/oem-oraclecloud-0.ebuild | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/common-oem-files-0-r11.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/common-oem-files-0-r11.ebuild index 2af31858e04..bc8ca067e28 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/common-oem-files-0-r11.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/common-oem-files-0-r11.ebuild @@ -29,12 +29,12 @@ if [[ ${1:-} = 'flatcar-local-variables' ]]; then fi COMMON_OEMIDS=( - oraclecloud akamai ami azure hetzner openstack + oraclecloud packet proxmoxve qemu diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-oraclecloud/oem-oraclecloud-0.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-oraclecloud/oem-oraclecloud-0.ebuild index 9106ac8e437..5bccad8ece2 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-oraclecloud/oem-oraclecloud-0.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-oraclecloud/oem-oraclecloud-0.ebuild @@ -9,7 +9,7 @@ SRC_URI="" LICENSE="GPL-2" SLOT="0" -KEYWORDS="amd64" +KEYWORDS="amd64 arm64" IUSE="" OEM_NAME="oraclecloud"