The `nobody` user/group is special and can't be driven from a sysusers
dropin because Fedora's systemd has a compiled-in default value
for naming the overflow user that same name and that always takes
precedence.
The problem is that due to legacy and cargo-culting, we have to deal
with a bunch of systems with the `nobody` user set to 99:99 that we
can't just ignore. We need to migrate those, but for now at least to
make `--sysusers` usable in these environments, let's add a new hidden
`--nobody-99` option which defines _only_ that entry in the hardcoded
passwd/group. This _is_ respected by systemd-sysusers.
See also: https://github.com/coreos/fedora-coreos-tracker/issues/1201
See also: https://github.com/systemd/systemd/issues/7717
This is generally useful for the same reason dpkg/rpm packages
have descriptions. But it's also specifically preparation
for the base image builder having a list operation to show
available configurations.
Signed-off-by: Colin Walters <walters@verbum.org>
We have a legacy of trying to support using e.g. kernel-rt. But
it adds complexity in the inheritance because minimal/manifest.yaml
isn't standalone, it also needs a kernel.
As part of custom base images I want to simplify this.
In order to use kernel-rt, we'll just say that you build a
minimal base, and then swap to kernel-rt as a secondary step
for now.
Signed-off-by: Colin Walters <walters@verbum.org>
The "tiers" nomenclature ended up being unhelpful since
we introduced "tier-x" which is between tier-0 and tier-1.
We also never exposed the tier naming outside of our source
code. In preparation for doing so, rename to tier-0 to
"minimal" which is a bit more descriptive.
Renaming the other images will follow.
Signed-off-by: Colin Walters <walters@verbum.org>
