flatcar · chewi · Dec 29, 2025
@@ -0,0 +1 @@
+- Updated the GCE udev disk rules to include NVMe disks.
@@ -0,0 +1 @@
+DIST google-guest-configs-20251014.00.tar.gz 49030 BLAKE2B 20330b57868814e2e4278a15355d8b8a2d6f065049bbe876f8fa48c70f54f65ed98537c5a6a5603e38967c12fd4953c6d06232d6dae691ae81e0f5111108e9c6 SHA512 0040ca6cc6b18c0cb0afaa2febd1bef61a1a62e6f277ef8c9ed01254194a7802ff19baa99bcb8ba64c96e1113f6686a63a23116aa1c7cd5b6caa787ae4e107fa
@@ -0,0 +1,50 @@
+diff --git a/src/etc/sysctl.d/60-gce-network-security.conf b/src/etc/sysctl.d/60-gce-network-security.conf
+index b40085b..d89d87d 100644
+--- a/src/etc/sysctl.d/60-gce-network-security.conf
++++ b/src/etc/sysctl.d/60-gce-network-security.conf
+@@ -14,45 +14,6 @@
+ #
+ # Google-recommended kernel parameters
+
+-# Turn on SYN-flood protections.  Starting with 2.6.26, there is no loss
+-# of TCP functionality/features under normal conditions.  When flood
+-# protections kick in under high unanswered-SYN load, the system
+-# should remain more stable, with a trade off of some loss of TCP
+-# functionality/features (e.g. TCP Window scaling).
+-net.ipv4.tcp_syncookies=1
+-
+-# Ignore source-routed packets
+-net.ipv4.conf.all.accept_source_route=0
+-net.ipv4.conf.default.accept_source_route=0
+-
+-# Ignore ICMP redirects from non-GW hosts
+-net.ipv4.conf.all.accept_redirects=0
+-net.ipv4.conf.default.accept_redirects=0
+-net.ipv4.conf.all.secure_redirects=1
+-net.ipv4.conf.default.secure_redirects=1
+-
+-# Don't pass traffic between networks or act as a router
+-net.ipv4.ip_forward=0
+-net.ipv4.conf.all.send_redirects=0
+-net.ipv4.conf.default.send_redirects=0
+-
+-# Turn on Source Address Verification in all interfaces to
+-# prevent some spoofing attacks.
+-net.ipv4.conf.all.rp_filter=1
+-net.ipv4.conf.default.rp_filter=1
+-
+-# Ignore ICMP broadcasts to avoid participating in Smurf attacks
+-net.ipv4.icmp_echo_ignore_broadcasts=1
+-
+-# Ignore bad ICMP errors
+-net.ipv4.icmp_ignore_bogus_error_responses=1
+-
+ # Log spoofed, source-routed, and redirect packets
+ net.ipv4.conf.all.log_martians=1
+ net.ipv4.conf.default.log_martians=1
+-
+-# Addresses of mmap base, heap, stack and VDSO page are randomized
+-kernel.randomize_va_space=2
+-
+-# Reboot the machine soon after a kernel panic.
+-kernel.panic=10
@@ -0,0 +1,56 @@
+# Copyright 2025 The Flatcar Container Linux Maintainers
+# Distributed under the terms of the Apache License 2.0
+
+# IMPORTANT! When bumping, ensure that the Dracut modules do not install files
+# that would make runtime changes to systems to other than GCE VMs because the
+# initrd is shared between image types. The udev disk rules are currently safe.
+
+EAPI=8
+
+inherit udev
+
+DESCRIPTION="Configuration and scripts to support the Google Compute Engine guest environment"
+HOMEPAGE="http://github.com/GoogleCloudPlatform/guest-configs"
+SRC_URI="https://github.com/GoogleCloudPlatform/guest-configs/archive/${PV}.tar.gz -> ${P}.tar.gz"
+S="${WORKDIR}/guest-configs-${PV}"
+
+LICENSE="Apache-2.0 BSD ZLIB"
+SLOT="0"
+KEYWORDS="amd64"
+
+RDEPEND="
+	sys-apps/ethtool
+	sys-apps/iproute2
+	sys-apps/nvme-cli
+	!<app-emulation/google-compute-engine-20190124-r3
+"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-20211116.00-sysctl.patch
+)
+
+src_install() {
+	exeinto "$(get_udevdir)"
+	doexe src/lib/udev/google_nvme_id
+
+	udev_dorules src/lib/udev/rules.d/65-gce-disk-naming.rules
+	udev_dorules src/lib/udev/rules.d/75-gce-network.rules
+
+	insinto /usr/lib/sysctl.d
+	doins src/etc/sysctl.d/60-gce-network-security.conf
+
+	dobin src/usr/bin/google_set_multiqueue
+	dobin src/usr/bin/google_optimize_local_ssd
+	dobin src/usr/bin/gce-nic-naming
+
+	insinto /usr/lib/dracut/modules.d
+	doins -r src/lib/dracut/modules.d/*
+}
+
+pkg_postinst() {
+	udev_reload
+}
+
+pkg_postrm() {
+	udev_reload
+}
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<upstream>
+		<remote-id type="github">GoogleCloudPlatform/guest-configs</remote-id>
+	</upstream>
+</pkgmetadata>
@@ -28,3 +28,10 @@ RDEPEND="
 	sys-apps/iproute2
 	sys-apps/shadow
 "
+
+src_install() {
+	distutils-r1_src_install
+
+	# Newer versions are installed by app-admin/google-guest-configs.
+	rm -v "${ED}"/usr/bin/google_{optimize_local_ssd,set_multiqueue} || die
+}
@@ -0,0 +1,35 @@
+# Copyright (c) 2013 CoreOS, Inc.. All rights reserved.
+# Distributed under the terms of the GNU General Public License v2
+# Copyright (c) 2020 Kinvolk GmbH. All rights reserved.
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit systemd
+
+DESCRIPTION="OEM suite for Google Compute Engine images"
+HOMEPAGE="https://cloud.google.com/products/compute-engine/"
+S="${WORKDIR}"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="amd64"
+
+RDEPEND="
+	app-admin/google-guest-configs
+	app-emulation/google-compute-engine
+"
+
+OEM_NAME="Google Compute Engine"
+
+src_install() {
+	systemd_dounit "${FILESDIR}"/units/{oem-gce,oem-gce-enable-oslogin,setup-oem}.service
+	systemd_install_dropin multi-user.target "${FILESDIR}"/units/10-oem-gce.conf
+	systemd_enable_service multi-user.target ntpd.service
+
+	dobin "${FILESDIR}"/bin/{enable-oslogin,init.sh}
+
+	# These files will be symlinked to /etc via 'setup-oem.service'
+	insinto /usr/share/gce
+	doins "${FILESDIR}"/files/{google-cloud-sdk.sh,hosts}
+}
@@ -52,7 +52,10 @@ DEPEND="
 	>=sys-kernel/bootengine-0.0.38-r37:=
 	>=sys-kernel/coreos-firmware-20180103-r1:=
 	virtual/udev
-	amd64? ( sys-firmware/intel-microcode:= )
+	amd64? (
+		app-admin/google-guest-configs
+		sys-firmware/intel-microcode:=
+	)
 "
 
 src_prepare() {
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		- Updated the GCE udev disk rules to include NVMe disks.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		DIST google-guest-configs-20251014.00.tar.gz 49030 BLAKE2B 20330b57868814e2e4278a15355d8b8a2d6f065049bbe876f8fa48c70f54f65ed98537c5a6a5603e38967c12fd4953c6d06232d6dae691ae81e0f5111108e9c6 SHA512 0040ca6cc6b18c0cb0afaa2febd1bef61a1a62e6f277ef8c9ed01254194a7802ff19baa99bcb8ba64c96e1113f6686a63a23116aa1c7cd5b6caa787ae4e107fa