sys-apps/ignition: Apply oem:// and mounting fixes

Loading config from the initrd with `oem://` was broken because Ignition
was still looking in /usr/share/oem, which is now moved to /oem by the
minimal initrd.

This also fixes mounting the OEM partition when /mnt does not already
exist. This fix is slightly academic, because this currently only
happens when PXE booting, where the OEM partition won't exist anyway,
but we should fail for the right reason.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>

Author: chewi

changelog/bugfixes/2026-03-25-ignition-oem.md

@@ -0,0 +1 @@
+- Fixed loading Ignition config from the initrd with `ignition.config.url=oem:///myconf.ign`. This was broken since moving to the minimal initrd.

sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/files/0018-usr-share-oem-oem.patch

@@ -1,12 +1,16 @@
-From 12188bc2ac6220685b9a43132d0e85dce36c4ca5 Mon Sep 17 00:00:00 2001
-From: Krzesimir Nowak <knowak@microsoft.com>
-Date: Tue, 4 Apr 2023 12:12:42 +0200
-Subject: [PATCH 18/19] /usr/share/oem -> /oem
+From 8bf635277ccd8f0aeb3bb2e2c67f73dd4188e618 Mon Sep 17 00:00:00 2001
+From: James Le Cuirot <jlecuirot@microsoft.com>
+Date: Wed, 25 Mar 2026 10:55:24 +0000
+Subject: [PATCH 18/21] /usr/share/oem -> /oem
 
+Flatcar previously kept looking at the initrd's /usr/share/oem even
+after the migration for compatibility, but the minimal initrd now moves
+it to /oem before Ignition starts.
 ---
- config/util/translate.go  | 2 +-
- internal/distro/distro.go | 5 ++++-
- 2 files changed, 5 insertions(+), 2 deletions(-)
+ config/util/translate.go    | 2 +-
+ docs/supported-platforms.md | 2 +-
+ internal/distro/distro.go   | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
 
 diff --git a/config/util/translate.go b/config/util/translate.go
 index 347d148c..d4c057b2 100644
@@ -21,22 +25,32 @@ index 347d148c..d4c057b2 100644
  		} else {
  			// generate a new path
  			fsMap[name] = "/tmp/" + name + "-ign" + strconv.FormatUint(addedSuffixCounter, 10)
+diff --git a/docs/supported-platforms.md b/docs/supported-platforms.md
+index 0a30664c..1522d0ef 100644
+--- a/docs/supported-platforms.md
++++ b/docs/supported-platforms.md
+@@ -12,7 +12,7 @@ Ignition is currently supported for the following platforms:
+ * [Amazon Web Services] (`aws`) - Ignition will read its configuration from the instance userdata. Cloud SSH keys are handled separately.
+ * [Microsoft Azure] (`azure`)- Ignition will read its configuration from the custom data provided to the instance. Cloud SSH keys are handled separately.
+ * [Microsoft Azure Stack] (`azurestack`) - Ignition will read its configuration from the custom data provided to the instance. Cloud SSH keys are handled separately.
+-* Bare Metal - Use the `ignition.config.url` kernel parameter to provide a URL to the configuration. The URL can use the `http://`, `https://`, `tftp://`, `s3://`, or `gs://` schemes to specify a remote config or the `oem://` scheme to specify a local config, rooted in `/usr/share/oem`.
++* Bare Metal - Use the `ignition.config.url` kernel parameter to provide a URL to the configuration. The URL can use the `http://`, `https://`, `tftp://`, `s3://`, or `gs://` schemes to specify a remote config or the `oem://` scheme to specify a local config, rooted in `/oem`.
+ * [Brightbox] (`brightbox`) - Ignition will read its configuration from the instance userdata. Cloud SSH keys are handled separately.
+ * [CloudStack] (`cloudstack`) - Ignition will read its configuration from the instance userdata via either metadata service or config drive. Cloud SSH keys are handled separately.
+ * `cloudsigma` - Ignition will read its configuration from the instance userdata. Cloud SSH keys are handled separately.
 diff --git a/internal/distro/distro.go b/internal/distro/distro.go
-index f3c32aaf..7359eefe 100644
+index f3c32aaf..36bdf3f5 100644
 --- a/internal/distro/distro.go
 +++ b/internal/distro/distro.go
-@@ -32,7 +32,10 @@ var (
- 	bootIDPath        = "/proc/sys/kernel/random/boot_id"
+@@ -33,7 +33,7 @@ var (
  	// initramfs directory containing distro-provided base config
  	systemConfigDir = "/usr/lib/ignition"
--	// initramfs directory to check before retrieving file from OEM partition
-+	// initramfs directory to check before retrieving file from
-+	// OEM partition; note that OEM partition is mounted on /oem
-+	// on the host, but initrds still use /usr/share/oem for
-+	// backwards compatilibity
- 	oemLookasideDir = "/usr/share/oem"
+ 	// initramfs directory to check before retrieving file from OEM partition
+-	oemLookasideDir = "/usr/share/oem"
++	oemLookasideDir = "/oem"
 
  	// Helper programs
+ 	groupaddCmd  = "groupadd"
 -- 
-2.51.0
+2.53.0
 

sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/files/0020-Create-mnt-directory-before-attempting-to-mount-OEM-.patch

@@ -0,0 +1,44 @@
+From 14b7be1a0a51408df54b36590a25d2cbab228bbc Mon Sep 17 00:00:00 2001
+From: James Le Cuirot <jlecuirot@microsoft.com>
+Date: Wed, 25 Mar 2026 11:09:40 +0000
+Subject: [PATCH 20/21] Create /mnt directory before attempting to mount OEM
+ partition
+
+This was previously fixed, but it then broke again when the /mnt/oem
+mount path was replaced with a temp directory under /mnt. Parent
+directories are not created for you when requesting a temp directory.
+---
+ internal/resource/url.go | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/internal/resource/url.go b/internal/resource/url.go
+index 4471db96..86136422 100644
+--- a/internal/resource/url.go
++++ b/internal/resource/url.go
+@@ -478,6 +478,11 @@ func (f *Fetcher) fetchFromOEM(u url.URL, dest io.Writer, opts FetchOptions) err
+ 	f.Logger.Info("oem config not found in %q, looking on oem partition",
+ 		distro.OEMLookasideDir())
+ 
++	if err := os.MkdirAll("/mnt", 0755); err != nil {
++		f.Logger.Err("failed to create /mnt directory for oem mount path: %v", err)
++		return err
++	}
++
+ 	oemMountPath, err := ioutil.TempDir("/mnt", "oem")
+ 	if err != nil {
+ 		f.Logger.Err("failed to create mount path for oem partition: %v", err)
+@@ -800,11 +805,6 @@ func (f *Fetcher) mountOEM(oemMountPath string) error {
+ 		return err
+ 	}
+ 
+-	if err := os.MkdirAll(oemMountPath, 0700); err != nil {
+-		f.Logger.Err("failed to create oem mount point: %v", err)
+-		return err
+-	}
+-
+ 	if err := f.Logger.LogOp(
+ 		func() error {
+ 			return syscall.Mount(dev[0], oemMountPath, "ext4", 0, "")
+-- 
+2.53.0
+

sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/files/0021-Replace-deprecated-ioutil.TempDir-call-with-os.Mkdir.patch

@@ -0,0 +1,34 @@
+From daab4ae13c6511183609c5160999ab1e011a0d8c Mon Sep 17 00:00:00 2001
+From: James Le Cuirot <jlecuirot@microsoft.com>
+Date: Wed, 25 Mar 2026 11:12:37 +0000
+Subject: [PATCH 21/21] Replace deprecated ioutil.TempDir call with
+ os.MkdirTemp
+
+---
+ internal/resource/url.go | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/internal/resource/url.go b/internal/resource/url.go
+index 86136422..a38f4e87 100644
+--- a/internal/resource/url.go
++++ b/internal/resource/url.go
+@@ -23,7 +23,6 @@ import (
+ 	"fmt"
+ 	"hash"
+ 	"io"
+-	"io/ioutil"
+ 	"net"
+ 	"net/http"
+ 	"net/url"
+@@ -483,7 +482,7 @@ func (f *Fetcher) fetchFromOEM(u url.URL, dest io.Writer, opts FetchOptions) err
+ 		return err
+ 	}
+ 
+-	oemMountPath, err := ioutil.TempDir("/mnt", "oem")
++	oemMountPath, err := os.MkdirTemp("/mnt", "oem")
+ 	if err != nil {
+ 		f.Logger.Err("failed to create mount path for oem partition: %v", err)
+ 		return ErrFailed
+-- 
+2.53.0
+

…sys-apps/ignition/ignition-2.24.0.ebuild …-apps/ignition/ignition-2.24.0-r1.ebuildsdk_container/src/third_party/coreos-overlay/sys-apps/ignition/ignition-2.24.0.ebuild renamed to sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/ignition-2.24.0-r1.ebuild sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/ignition-2.24.0.ebuild renamed to sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/ignition-2.24.0-r1.ebuild

@@ -35,6 +35,8 @@ else
 		"${FILESDIR}/0017-docs-Add-re-added-platforms-to-docs-to-pass-tests.patch"
 		"${FILESDIR}/0018-usr-share-oem-oem.patch"
 		"${FILESDIR}/0019-internal-exec-stages-mount-Mount-oem.patch"
+		"${FILESDIR}/0020-Create-mnt-directory-before-attempting-to-mount-OEM-.patch"
+		"${FILESDIR}/0021-Replace-deprecated-ioutil.TempDir-call-with-os.Mkdir.patch"
 	)
 fi