Rename "tier-1" to "standard"

Followup to the rename of "tier-0" to "minimal". The tiers nomenclature
didn't end up working out.

Signed-off-by: Colin Walters <walters@verbum.org>

standard/autoupdates.yaml

@@ -0,0 +1,9 @@
+# Enable automatic updates by default
+postprocess:
+  - |
+    #!/usr/bin/env bash
+    set -euo pipefail
+    target=/usr/lib/systemd/system/default.target.wants
+    mkdir -p $target
+    set -x
+    ln -s ../bootc-fetch-apply-updates.timer $target

standard/bootc-generic-growpart

@@ -0,0 +1,44 @@
+#!/bin/bash
+set -eu
+
+backing_device=$(findmnt -vno SOURCE /sysroot)
+echo "Backing device: ${backing_device}"
+
+# Handling devicemapper targets is a whole other thing
+case $backing_device in
+    /dev/mapper/*) echo "Not growing $backing_device"; exit 0 ;;
+esac
+
+syspath=/sys/class/block/$(basename "${backing_device}")
+if ! test -d "${syspath}"; then
+    echo "failed to find backing device ${syspath}"; exit 1
+fi
+
+
+
+# Note that we expect that the rootfs is on a partition
+partition=$(cat "${syspath}"/partition)
+
+# Walk up to find the parent blockdev
+parentpath=$(dirname "$(realpath "${syspath}")")
+devmajmin=$(cat "${parentpath}"/dev)
+parent="/dev/block/${devmajmin}"
+
+# Grow the partition
+tmpf=$(mktemp)
+# Ignore errors because growpart exits 1 if nothing changed;
+# we need to check the output for NOCHANGE:
+if ! /usr/bin/growpart "${parent}" "${partition}" > "${tmpf}"; then
+    cat "${tmpf}"
+    if grep -qEe '^NOCHANGE: ' "${tmpf}"; then
+        exit 0
+    fi
+    echo "growpart failed"
+    exit 1
+fi
+cat "${tmpf}"
+# Now, temporarily remount the sysroot writable in our mount namespace
+mount -o remount,rw /sysroot
+# And defer to systemd's growfs wrapper which handles dispatching on
+# the target filesystem type.
+/usr/lib/systemd/systemd-growfs /sysroot

standard/bootc-generic-growpart.service

@@ -0,0 +1,22 @@
+[Unit]
+Description=Bootc Fallback Root Filesystem Grow
+Documentation=https://gitlab.com/fedora/bootc/docs
+# For now we skip bare metal cases, and we also have nothing to do
+# for containers.
+ConditionVirtualization=vm
+# This helps verify that we're running in a bootc/ostree based target.
+ConditionPathIsMountPoint=/sysroot
+# For someone making a smaller image, assume they have this handled.
+ConditionPathExists=/usr/bin/growpart
+# We want to run before any e.g. large container images might be pulled.
+DefaultDependencies=no
+Requires=sysinit.target
+After=sysinit.target
+Before=basic.target
+
+[Service]
+ExecStart=/usr/libexec/bootc-generic-growpart
+# So we can temporarily remount the sysroot writable
+MountFlags=slave
+# Just to auto-cleanup our temporary files
+PrivateTmp=yes

standard/coreos-user-experience.yaml

@@ -0,0 +1,17 @@
+# This file was forked/copied from Fedora CoreOS.  TODO: resync
+# once we have a good generic mechanism for sharing.
+packages:
+  # Additional file compression/decompression
+  - bzip2 zstd
+  # Improved MOTD experience
+  - console-login-helper-messages-issuegen
+  - console-login-helper-messages-profile
+  # kdump support
+  # https://github.com/coreos/fedora-coreos-tracker/issues/622
+  - kexec-tools
+  # Container tooling
+  - toolbox
+  # nvme-cli for managing nvme disks
+  - nvme-cli
+  # Used by admins interactively
+  - lsof

standard/generic-growfs.yaml

@@ -0,0 +1,12 @@
+add-files:
+  - - bootc-generic-growpart
+    - /usr/libexec/bootc-generic-growpart
+  - - bootc-generic-growpart.service
+    - /usr/lib/systemd/system/bootc-generic-growpart.service
+
+postprocess:
+  - |
+    #!/bin/bash
+    set -euo pipefail
+    mkdir -p /usr/lib/systemd/system/local-fs.target.wants
+    ln -s ../bootc-generic-growpart.service /usr/lib/systemd/system/local-fs.target.wants/bootc-generic-growpart.service

standard/initramfs-full.yaml

@@ -0,0 +1,8 @@
+# Configuration for the initramfs
+postprocess:
+  - |
+    #!/usr/bin/env bash
+    mkdir -p /usr/lib/dracut/dracut.conf.d
+    cat > /usr/lib/dracut/dracut.conf.d/30-bootc-standard.conf << 'EOF'
+    add_dracutmodules+=" lvm crypt fips "
+    EOF

standard/manifest.yaml

@@ -0,0 +1,97 @@
+metadata:
+  summary: |
+    A relatively full, but still generic base image. Roughly
+    similar to a headless server installation. Automatic updates
+    are on by default.
+
+# Flip this back on, we're going to be a larger system
+recommends: true
+
+include:
+  - ../tier-x/manifest.yaml
+  - autoupdates.yaml
+  - networking-tools.yaml
+  - system-configuration.yaml
+  - coreos-user-experience.yaml
+  - persistent-journal.yaml
+  - initramfs-full.yaml
+  - generic-growfs.yaml
+
+packages:
+  # Include and set the default editor
+  - nano
+  - nfs-utils
+  # Additional firewall support; we aren't including these in RHCOS or they
+  # don't exist in RHEL
+  - iptables-services
+  - WALinuxAgent-udev
+  # Allow communication between sudo and SSSD
+  # for caching sudo rules by SSSD.
+  # https://github.com/coreos/fedora-coreos-tracker/issues/445
+  - libsss_sudo
+  # SSSD; we only ship a subset of the backends
+  - sssd-client sssd-ad sssd-ipa sssd-krb5 sssd-ldap
+  # Used by admins interactively
+  - openssl
+  # Provides terminal tools like clear, reset, tput, and tset
+  - ncurses
+  # i18n
+  - kbd
+  # zram-generator (but not zram-generator-defaults) for F33 change
+  # https://github.com/coreos/fedora-coreos-tracker/issues/509
+  - zram-generator
+  # This one is in Python so isn't in FCOS, but we can safely add it here.
+  - sos
+
+# These are random architecture-specific packages
+packages-x86_64:
+  - irqbalance
+packages-ppc64le:
+  - irqbalance
+  - librtas
+  - powerpc-utils-core
+  - ppc64-diag-rtas
+packages-aarch64:
+  - irqbalance
+
+postprocess:
+  # Undo RPM scripts enabling units; we want the presets to be canonical
+  # https://github.com/projectatomic/rpm-ostree/issues/1803
+  - |
+    #!/usr/bin/env bash
+    set -xeuo pipefail
+    rm -rf /etc/systemd/system/*
+    systemctl preset-all
+    rm -rf /etc/systemd/user/*
+    systemctl --user --global preset-all
+  # See: https://github.com/coreos/fedora-coreos-tracker/issues/1253
+  #      https://bugzilla.redhat.com/show_bug.cgi?id=2112857
+  #      https://github.com/coreos/rpm-ostree/issues/3918
+  # Temporary workaround to remove the SetGID binary from liblockfile that is
+  # pulled by the s390utils but not needed for /usr/sbin/zipl.
+  - |
+    #!/usr/bin/env bash
+    set -xeuo pipefail
+    rm -f /usr/bin/dotlockfile
+
+# Things we don't expect to ship on the host.  We currently
+# have recommends: false so these could only come in via
+# hard requirement, in which case the build will fail.
+exclude-packages:
+  - perl
+  - perl-interpreter
+  - nodejs
+  - grubby
+  - cowsay  # Just in case
+  # Let's make sure initscripts doesn't get pulled back in
+  # https://github.com/coreos/fedora-coreos-tracker/issues/220#issuecomment-611566254
+  - initscripts
+  # For (datacenter/cloud oriented) servers, we want to see the details by default.
+  # https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/HSMISZ3ETWQ4ETVLWZQJ55ARZT27AAV3/
+  - plymouth
+  # Do not use legacy ifcfg config format in NetworkManager
+  # See https://github.com/coreos/fedora-coreos-config/pull/1991
+  - NetworkManager-initscripts-ifcfg-rh
+  # Let's not have both legacy and nft versions in the image. Users are free to
+  # also layer legacy themselves if they want.
+  - iptables-legacy

standard/networking-tools.yaml

@@ -0,0 +1,20 @@
+# This defines a set of tools that are useful for configuring, debugging,
+# or manipulating the network of a system.  It is desired to keep this list
+# generic enough to be shared downstream with RHCOS.
+
+packages:
+  # Interactive Networking configuration during coreos-install
+  - NetworkManager-tui
+  # Support for cloud quirks and dynamic config in real rootfs:
+  # https://github.com/coreos/fedora-coreos-tracker/issues/320
+  - NetworkManager-cloud-setup
+  # Route manipulation and QoS
+  - iproute iproute-tc
+  # Firewall manipulation
+  - iptables nftables
+  # Interactive network tools for admins
+  - socat net-tools bind-utils
+
+exclude-packages:
+  # We use NetworkManager
+  - systemd-networkd

standard/persistent-journal.yaml

@@ -0,0 +1,13 @@
+# Taken from https://github.com/coreos/fedora-coreos-config/blob/aa4373201f415baff85701f7f96ab0583931af6c/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf#L5
+# Hardcode persistent journal by default. journald has this "auto" behaviour
+# that only makes logs persistent if `/var/log/journal` exists, which it won't
+# on first boot because `/var` isn't fully populated. We should be able to get
+# rid of this once we move to sysusers and create the dir in the initrd.
+
+postprocess:
+  - | #!/bin/bash
+    mkdir -p /usr/lib/systemd/journald.conf.d/
+    cat >/usr/lib/systemd/journald.conf.d/10-centos-bootc-persistent.conf << EOF
+    [Journal]
+    Storage=persistent
+    EOF

standard/system-configuration.yaml

@@ -0,0 +1,30 @@
+# These are packages that are related to configuring parts of the system.
+
+packages:
+  # Explicit dep for RHEL >= 10
+  - crypto-policies-scripts
+  # Configuring SSH keys, cloud provider check-in, etc
+  # TODO: needs Ignition kargs
+  # - afterburn afterburn-dracut
+  # NTP support
+  - chrony
+  # Storage configuration/management
+  - sg3_utils
+  ## This is generally useful... https://github.com/CentOS/centos-bootc/issues/394
+  - cloud-utils-growpart
+  # User configuration
+  - passwd
+  - shadow-utils
+  - acl
+  # Manipulating the kernel keyring; used by bootc
+  - keyutils
+  # There are things that write outside of the journal still (such as the
+  # classic wtmp, etc.). auditd also writes outside the journal but it has its
+  # own log rotation.
+  # Anything package layered will also tend to expect files dropped in
+  # /etc/logrotate.d to work. Really, this is a legacy thing, but if we don't
+  # have it then people's disks will slowly fill up with logs.
+  - logrotate
+  # Boost starving threads
+  # https://github.com/coreos/fedora-coreos-tracker/issues/753
+  - stalld