The prow/validate job does some various whitespace checks and
was complaining about these so I guess I'll try to make it happy:
```
[+] Found files with whitespace at the end of line
./fedora-coreos-config/fedora-bootc/.gitlab-ci.yml
./fedora-coreos-config/fedora-bootc/bootc-base-imagectl.md
./fedora-coreos-config/fedora-bootc/fedora-iot.yaml
./fedora-coreos-config/fedora-bootc/iot/manifest.yaml
[+] Found files with missing empty line at end of file
./fedora-coreos-config/fedora-bootc/bootc-base-imagectl
./fedora-coreos-config/fedora-bootc/fedora-iot.yaml
./fedora-coreos-config/fedora-bootc/iot/manifest.yaml
```
When we renamed tier-0 → minimal and tier-1 → standard, the
naming of tier-x became obsolete. Complete the nomenclature
update.
Closes: https://gitlab.com/fedora/bootc/base-images/-/issues/24
Signed-off-by: Colin Walters <walters@verbum.org>
I just saw the sqlite-shm corruption in
https://gitlab.com/redhat/centos-stream/containers/bootc/-/merge_requests/437#note_2372766792
so let's just go ahead and turn on rpmdb_normalize which
also aids the reproducibility of the rpmdb.
While we're here let's also add a long overdue "unit test" for
the rootfs. This operates as a container build that mounts
the container-under-test as part of a multi-stage build.
Signed-off-by: Colin Walters <walters@verbum.org>
As part of all of this we're de-emphasizing "tier-x" and focusing
on making it ergonomic to either build up from minimal, or down+up
from standard.
Second, also add a CI test for our derived image.
Signed-off-by: Colin Walters <walters@verbum.org>
- Embed the manifests into the container image
- Add bootc-base-imagectl which is a tightly controlled frontend
to execute on those manifests.
For now, we don't attempt to rework how we build the standard
image to actually look like `dnf install`, but we show that
it can work.
Signed-off-by: Colin Walters <walters@verbum.org>
The "tiers" nomenclature ended up being unhelpful since
we introduced "tier-x" which is between tier-0 and tier-1.
We also never exposed the tier naming outside of our source
code. In preparation for doing so, rename to tier-0 to
"minimal" which is a bit more descriptive.
Renaming the other images will follow.
Signed-off-by: Colin Walters <walters@verbum.org>
The platform-engineering include is using a truly ancient buildah
image. Stop including that and bump to the latest.
Signed-off-by: Colin Walters <walters@verbum.org>
Let's at least verify tier-0 and tier-x can build fine. Ideally in the
future we actually run some tests on the resulting image, though let's
wait until this CI is migrated to Konflux before doing that.
Ultimately we expect these images to be produced by the OS build
lifecycle, not via our CI. That's in flight now. Our primary
targets will anyways be eln and c9s; released Fedora actually
moves more slowly in many cases and that's not what we need
or are interested in here.
This is basically just:
- kernel
- systemd
- selinux-policy-targeted
- bootc
Notably it doesn't have `rpm-ostree` or `rpm`, or many other things.
It also doesn't even have `linux-firmware`.
And no `openssh`!
It's almost certain that you need to derive from this, but
it should be a suitable starting point.
TODO: Add something like
```
$ dnf-system-bootstrap
Installing packaging tools from quay.io/fedora/fedora-boot-dnf@sha256:abcd...)
# This would be basically all the packages not in tier-0 that
# are enough to give `dnf install`
$ dnf install cowsay
# Install critical stuff
$ dnf system-bootstrap remove
# Remove everything that we added for the package system, that isn't
# a dependency of what the user wants!
```
(In theory we could make this work with multi-stage builds, but
it's a little hard)
