Make sure that images built by ibcli have correct rhsm.Facts set for
distributions that set it (this is handled by the distro definition, not
by the caller of the manifest generator).
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
This commit adds error handling for the `f.Close()` errors when
we write the SBOM. Errors on close for RW fds are rare but we
should handle them so we return the result of `f.Close()` now
when returning in sbomWriter(). We still keep the `defer f.Close()`
to ensure we do not leak file descriptors when e.g. `io.Copy()`
fails. In the "happy" case f is closed without an error and
then the defer f.Close() runs and will error with "ErrClosed"
but we can ignore that.
An alternative implementaiton might be:
```golang
func sbomWriter(outputDir, filename string, content io.Reader) (err error) {
...
f, err := os.Create(p)
if err != nil {
return err
}
defer func() { err = errors.Join(err, f.Close()) }()
...
return nil
}
```
no super strong opinion here.
Thanks to Flo for finding this issues!
This new flag allows to add a file with registration data. This
is meant to eventually hold all sort of registrations like
ansible or satelite but initially only contains the redhat
subscription. Currently only JSON is supported.
It looks like:
```json:
{
"redhat": {
"subscription": {
"activation_key": "ak_123",
"organization": "org_123",
"server_url": "server_url_123",
"base_url": "base_url_123",
"insights": true,
"rhc": true,
"proxy": "proxy_123"
}
}
}
```
This is not part of the blueprint (today) because its more
ephemeral than the things we usually put into the blueprint.
This allows us to build images that are immediately registered. It
also keeps our options open in the future. If we move to a new
blueprint format where we support multiple blueprints and also
ephemeral data like this the "registrations" flag just becomes an
alias for "--blueprint".
When running `image-builder` warnings are emitted during manifest
generation. Depending on the definitions or customizations packages
can be excluded from groups which leads to:
```
No match for group package "dracut-config-rescue"
```
Interspersing with normal output. Let's pass along another byte buffer
for the warnings from manifest generation to be written into.
Note that this also needs plumbing [1] to land in `images` first.
[1]: https://github.com/osbuild/images/pull/1384
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
Allow users to define the seed that's used for manifest generation.
Regenerating an image with a given seed leads to the same manifest
(provided depsolving does the same).
The seed is normally mostly used to generate random filesystem UUIDs.
This will need a bunch of documentation in a follow up since the use
cases are meant to be advanced but it can really speed up multi-type and
rebuilds of the same image.
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
This commit tweaks the handling of the `--output-name` option so
that is a name with the same extension as the image is passed that
is just silently ignored. Its a common issue that first time
users run:
```console
$ image-builder build --output-name foo.qcow2 qcow2
```
which currently leads to a foo.qcow2.qcow2. With this commit
the expected "foo.qcow2" will appear.
A small test for a basename that includes dotted parts (as used by for
example Fedora's buildsystem).
Also some code changes to make this test pass, it seems that SBOM base
was determined based on some other filename which is now no longer
relevant?
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
This commit adds an `--force-repo` flag that can be used
to replace all the base repositories with a base url to
a repository. This is useful for testing but also dangerous
as it will not do any checks and happily use a fedora-42 repository
for centos-8 depsolving.
This will make the use-case of the koji builder easier and is
also something that the `build` tool in `images` supports.
This commit adds a new flag `--extra-repo` that can be used
to point to a repository url that is added to the base
repositories when depsolving. Note that *no* gpg checking
will be performed for such repos as there is no way to
add gpg-keys (yet) via this mechanism.
This means that with a repo created with e.g. `createrepo_c` like
```console
$ mkdir repo
$ (cd repo && dnf download hello)
$ createrepo_c ./repo
```
and a blueprint like:
```toml
[[packages]]
name = "hello"
```
a manifest is generated that gets hello from this local repo:
```console
$ image-builder --extra-repo file:$(pwd)/repo manifest qcow2 --distro centos-9 --blueprint ./bp.toml |jq|grep hello
"path": "hello-2.12.1-5.fc41.x86_64.rpm",
```
Note that this is part of the base repositories so anything with a
higher version number will get pulled from the extra-repo, even
system libraries or kernels. Note also that this repository does
not become part of the image so after the image build all rpms
from there are not updated (unless of course the normal repos
have higher versions of them).
Note as well that there is no safeguard right now against adding
extra repos for the wrong version of the distro, i.e. one could
add an extra repo build against/for fedora-42 on a fedora-40 image
which most likely will break with bad depsolve errors. But that
is okay, this option is meant for advanced users and testing.
This commit adds support for `--extra-artifacts=manifest`. If
that is given as part of the build an extra artifacts called
`<img-name>.osbuild-manifest.json` will be created in the
output directory.
Closes: https://github.com/osbuild/image-builder-cli/issues/42
This commit adds a new `--output-dir` option to override the
default output directory for the generated artifacts.
Note that this can also be used together with `manifest` when
extra artifacts (like the sbom) is requested.
This commit adds an option --extra-artifacts that can be
used to generate extra artifacts during the build or manifest
generation. Initially supported is `sbom` (but `manifest` is
planned too).
To use it run `--extra-artifacts=sbom` and it will generate
files like `centos-9-qcow2-x86_64.image-os.spdx.json` in
the output directory next to the generate runable artifact.
Closes: https://github.com/osbuild/image-builder-cli/issues/46
This commit adds a new manifestOptions struct that is passed
to generateManifest. to cleanup the signature of generateManifest().
This can then also be used to carry a new e.g. `--rpmmd/--cachedir`
option.
This commit switches to the librepo enabled `images` library via:
```
go mod -replace github.com/osbuild/iamges=github.com/mvo5/images@librepo-sources-osbuild1974
```
which in turn needs osbuild PR#1974.
With that it then adds a new `--use-librepo` switch that will
enable librepo based downloading so that people can play with
the new backend.
This commit adds integration for the ostree options. It is modelled
loosely after weldr-client/composer-cli and the
```
start-ostree --{ref,parent,url}
```
and uses
```
--ostree-{ref,parent,url}
```
A simple smoke test is provided that uses fedora-iot. Ideas welcome
for an easier way :)
