Merge branch 'main' into feature/enable-rockchip-in-kernel

Author: ader1990

build_image

@@ -177,7 +177,8 @@ if [[ "${PROD_IMAGE}" -eq 1 ]]; then
   if [[ ${FLAGS_extract_update} -eq ${FLAGS_TRUE} ]]; then
     extract_update "${FLATCAR_PRODUCTION_IMAGE_NAME}" "${DISK_LAYOUT}"
   fi
-  if [[ ${FLAGS_generate_update} -eq ${FLAGS_TRUE} ]]; then
+  # TODO: Un-nobble this later when we have passed the shim review.
+  if [[ ${FLAGS_generate_update} -eq ${FLAGS_TRUE} ]]; then # && ${COREOS_OFFICIAL:-0} -ne 1 ]]; then
     generate_update "${FLATCAR_PRODUCTION_IMAGE_NAME}" "${DISK_LAYOUT}"
   fi
   if [[ "${PROD_TAR}" -eq 1 ]]; then

build_library/build_image_util.sh

@@ -79,7 +79,9 @@ generate_update() {
   local devkey="/usr/share/update_engine/update-payload-key.key.pem"
 
   # Extract the partition if it isn't extracted already.
-  [[ -s ${update} ]] || extract_update "${image_name}" "${disk_layout}"
+  [[ -s ${update} ]] ||
+    "${BUILD_LIBRARY_DIR}/disk_util" --disk_layout="${disk_layout}" \
+      extract "${BUILD_DIR}/${image_name}" "USR-A" "${update}"
 
   echo "Generating update payload, signed with a dev key"
   delta_generator \

changelog/updates/2024-12-28-linux-6.6.68-update.md

@@ -0,0 +1 @@
+- Linux ([6.6.68](https://lwn.net/Articles/1003609))

changelog/updates/2025-01-03-linux-6.6.69-update.md

@@ -0,0 +1 @@
+- Linux ([6.6.69](https://lwn.net/Articles/1003986))

ci-automation/sbsign_image.sh

@@ -82,14 +82,17 @@ function _sbsign_image_impl() {
     local sdk_image="$(docker_image_fullname "${sdk_name}" "${docker_sdk_vernum}")"
     echo "docker image rm -f '${sdk_image}'" >> ./ci-cleanup.sh
 
-    ./run_sdk_container -x ./ci-cleanup.sh -v "${FLATCAR_VERSION}" -U -C "${sdk_image}" \
+    local docker_vernum="$(vernum_to_docker_image_version "${FLATCAR_VERSION}")"
+    local sbsign_container="flatcar-sbsign-image-${arch}-${docker_vernum}"
+    ./run_sdk_container -x ./ci-cleanup.sh -n "${sbsign_container}" -v "${FLATCAR_VERSION}" -U -C "${sdk_image}" \
         ./sbsign_image --board="${arch}-usr" \
                        --group="${channel}" --version="${FLATCAR_VERSION}" \
                        --output_root="${CONTAINER_IMAGE_ROOT}" \
                        --only_store_compressed
 
     # Delete uncompressed generic image before signing and upload
-    rm "${images_local}/flatcar_production_image.bin"
+    # Also delete update image because it will be unchanged
+    rm "${images_local}"/flatcar_production_{image,update}.bin
     create_digests "${SIGNER}" "${images_local}"/*
     sign_artifacts "${SIGNER}" "${images_local}"/*
     copy_to_buildcache "${images_remote}"/ "${images_local}"/*

run_sdk_container

@@ -22,7 +22,7 @@ mounts=()
 
 usage() {
     echo "  Usage:"
-    echo "  $0 [-t] [-v <version>] [-V <SDK version>] [-a <amd64|arm64|all>] [-n <name> ] [-x <script>] [-C <custom-container>] [--rm] [-U] [-m <src>:<dest>] [<container-command>]"
+    echo "  $0 [-t] [-v <version>] [-V <SDK version>] [-a <amd64|arm64|all>] [-n <name> ] [-x <script>] [-C <custom-container>] [--rm] [-U] [-m <src>:<dest>] [--] [<container-command>]"
     echo "       Start an SDK container of a given SDK release version."
     echo "       This will create the container if it does not exist, otherwise start the existing container."
     echo "       If the container is already running then it will exec into the container."
@@ -49,6 +49,7 @@ usage() {
     echo "      -U             Do not update the versionfile. Instead, use the version from the versionfile as-is."
     echo "      -m <src>:<dest> - Mount local file or directory inside the container."
     echo "                     Can be specified multiple times."
+    echo "      --             Stop parsing options at this point, pass the rest as the container command."
     echo "      -h             Print this help."
     echo
 }
@@ -72,6 +73,8 @@ while [[ $# -gt 0 ]] ; do
         update_versionfile=
         shift;;
     -m) mounts+=( -v "$2" ); shift; shift;;
+    --) shift; break;;
+    -*) echo "Unknown flag ${1@Q}, use '-h' or '--help' for usage"; exit 1;;
     *) break;;
     esac
 done

sbsign_image

@@ -61,8 +61,11 @@ switch_to_strict_mode
 # Create the output directory and temporary mount points.
 mkdir -p "${BUILD_DIR}"
 
+DISK_LAYOUT="${FLAGS_disk_layout:-base}"
+
 fix_mtab
-sbsign_prod_image "${FLATCAR_PRODUCTION_IMAGE_NAME}" "${FLAGS_disk_layout:-base}"
+sbsign_prod_image "${FLATCAR_PRODUCTION_IMAGE_NAME}" "${DISK_LAYOUT}"
+generate_update "${FLATCAR_PRODUCTION_IMAGE_NAME}" "${DISK_LAYOUT}"
 
 echo "Done. ${FLATCAR_PRODUCTION_IMAGE_NAME} and associated files are now signed for Secure Boot in ${BUILD_DIR}."
 command_completed

sdk_container/.repo/manifests/mantle-container

@@ -1 +1 @@
-ghcr.io/flatcar/mantle:git-af7d6c16f4c5b22f309daefbed1eae968e9d2f67
+ghcr.io/flatcar/mantle:git-08b9b0ea99d42185e08ed881cdf6479d6f423b0f

sdk_container/.repo/manifests/version.txt

@@ -1,4 +1,4 @@
-FLATCAR_VERSION=4200.0.0+nightly-20251230-2100
-FLATCAR_VERSION_ID=4200.0.0
-FLATCAR_BUILD_ID="nightly-20251230-2100"
-FLATCAR_SDK_VERSION=4200.0.0+nightly-20251230-2100
+FLATCAR_VERSION=4211.0.0+nightly-20250110-2100
+FLATCAR_VERSION_ID=4211.0.0
+FLATCAR_BUILD_ID="nightly-20250110-2100"
+FLATCAR_SDK_VERSION=4211.0.0+nightly-20250110-2100