Skip to content

More SDK fixes#3955

Open
chewi wants to merge 6 commits intomainfrom
chewi/more-sdk-fixes
Open

More SDK fixes#3955
chewi wants to merge 6 commits intomainfrom
chewi/more-sdk-fixes

Conversation

@chewi
Copy link
Copy Markdown
Contributor

@chewi chewi commented Apr 21, 2026

  • Stops rm_masked_debug_files Portage hook from complaining when it does nothing.
  • Stops truncating the docker build output in update_sdk_container_image.
  • Stops disabling the Portage sandboxes most of the time.
  • Applies a tentative patch to Bash to try to fix this.
  • Stops build_image from installnig packages to the image with bad USE flags.
  • Fixes baselayout so that it doesn't break update_sdk_container_image.

How to use

Try running update_sdk_container_image with a baselayout bump.

Testing done

A two-phase SDK build in Jenkins has succeeded. I also did the above.

  • Changelog entries added in the respective changelog/ directory (user-facing change, bug fix, security fix, update) -- N/A
  • Inspected CI output for image differences: /boot and /usr size, packages, list files for any missing binaries, kernel modules, config files, kernel modules, etc.

chewi added 6 commits April 21, 2026 14:14
@chewi
overlay profiles: Don't complain when rm_masked_debug_files does nothing
d85bbc3 
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
@chewi
update_sdk_container_image: Don't truncate docker build output
d121b95 
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
@chewi
sdk_lib: Don't disable the Portage sandboxes most of the time
d42574d 
We have long run with the ipc, network, and pid sandboxes disabled in
the belief that these did not work in a container even if it was
privileged. I suspect it really did work back then, but it certainly
does work now regardless.

update_sdk_container_image uses Portage in an unprivileged docker build
environment, so it is still necessary to disable these here. However,
this can be done more easily through the environment, and the regular
sandbox should work fine.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
@chewi
app-shells/bash: Apply tentative patch to try to fix wait error
433f8c4 
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
@chewi
build_image_util: Don't install packages to image with bad USE flags
8f8977f 
This generally shouldn't happen, given that we mostly only keep one
instance of a bin package, but just in case.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
@chewi
sys-apps/baselayout: Modify ${ROOT} rather than ${D} in pkg_preinst
28831b5 
update_sdk_container_image failed to update baselayout because it
touched /sys, which is not allowed in an unprivileged docker build
environment.

dumb-tmpfiles-proc.sh does not touch existing directories, but it was
modifying the staging directory rather than the live filesystem, causing
Portage to record /sys in the package's CONTENTS and then make changes
to it when merging.

We only need to create the directories in pkg_preinst because the other
file types are already created in src_install.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
@chewi chewi self-assigned this Apr 21, 2026
@chewi chewi requested a review from a team as a code owner April 21, 2026 13:23
@github-actions github-actions Bot mentioned this pull request Apr 22, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@chewi chewi

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chewi