This is analogous to the dnf option of the same name, available in both
dnf4 and dnf5. It has the same semantics as rpm-ostree's `repos` key, so
we can map it directly.
This will make it easier in CoreOS-land to inject our own repos and
control enablement declaratively rather than have to fiddle with repo
files directly. Note also that the `config-manager` dnf plugin is not
installed by default in the base bootc image, and I would rather not
have to install that for each compose.
The `nobody` user/group is special and can't be driven from a sysusers
dropin because Fedora's systemd has a compiled-in default value
for naming the overflow user that same name and that always takes
precedence.
The problem is that due to legacy and cargo-culting, we have to deal
with a bunch of systems with the `nobody` user set to 99:99 that we
can't just ignore. We need to migrate those, but for now at least to
make `--sysusers` usable in these environments, let's add a new hidden
`--nobody-99` option which defines _only_ that entry in the hardcoded
passwd/group. This _is_ respected by systemd-sysusers.
See also: https://github.com/coreos/fedora-coreos-tracker/issues/1201
See also: https://github.com/systemd/systemd/issues/7717
This allows users to opt out of the hardcoded passwd/group files we
carry here in favour of making sysusers entries canonical.
This is especially useful with the `--add-dir` option, which allows
injecting user-owned sysusers entries to e.g. define more users or to
fixate normally floating UIDs from packages.
This uses the new `sysusers` knob in rpm-ostree. For more details, see:
https://github.com/coreos/rpm-ostree/pull/5427
chore(deps): update quay.io/bootc-devel/fedora-bootc-rawhide-compose docker tag to fedora-rawhide-20250713.n.0 (main)
See merge request fedora/bootc/base-images!241
chore(deps): update quay.io/bootc-devel/fedora-bootc-rawhide-compose docker tag to fedora-rawhide-20250711.n.0 (main)
See merge request fedora/bootc/base-images!239
Add support for Fedora 40/41 compose updates grouping
to the package rules for possible future needs
Signed-off-by: Miguel Martín <mmartinv@redhat.com>
Change the current branch creation schedule in renovate
for compose container images. Currently is using the default
renovate's configuration which is between 12:00 AM and 03:59 AM,
only on Monday.
Signed-off-by: Miguel Martín <mmartinv@redhat.com>
chore(deps): update quay.io/bootc-devel/fedora-bootc-rawhide-compose docker tag to fedora-rawhide-20250707.n.0 (main)
See merge request fedora/bootc/base-images!238
chore(deps): update quay.io/bootc-devel/fedora-bootc-42-compose docker tag to fedora-42-updates-testing-20250707.0 (main)
See merge request fedora/bootc/base-images!235
chore(deps): update quay.io/bootc-devel/fedora-bootc-rawhide-compose docker tag to fedora-rawhide-20250706.n.0 (main)
See merge request fedora/bootc/base-images!234
We need to separate renovate pipelineruns because they need a mixed
configuration from 'pull-request' and 'push' pipelineruns:
- We need the images to expire after few days
- We need to label the produced snapshot so they are not released [^1]
[^1]: https://github.com/konflux-ci/integration-service/issues/1192
Signed-off-by: Miguel Martín <mmartinv@redhat.com>
Using the on push pipelinerun has an undesired side effect of releasing
all the renovate builds before merging them into the main branch.
Use the "on pull request" pipelinerun in an attempt to avoid this.
Signed-off-by: Miguel Martín <mmartinv@redhat.com>
chore(deps): update quay.io/bootc-devel/fedora-bootc-rawhide-compose docker tag to fedora-rawhide-20250629.n.0 (main)
See merge request fedora/bootc/base-images!231
