There was previously a bug in the Insights client configuration stage
which omitted a key [1]. A testcase hardcoded this invalid format. Let's
update it to the expected value.
[1]: 389b629ce2
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
Fedora 40 was removed from `images` as it is EOL, we can no longer use
it in our test cases. Bump to Fedora 42.
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
This commit adds error handling for the `f.Close()` errors when
we write the SBOM. Errors on close for RW fds are rare but we
should handle them so we return the result of `f.Close()` now
when returning in sbomWriter(). We still keep the `defer f.Close()`
to ensure we do not leak file descriptors when e.g. `io.Copy()`
fails. In the "happy" case f is closed without an error and
then the defer f.Close() runs and will error with "ErrClosed"
but we can ignore that.
An alternative implementaiton might be:
```golang
func sbomWriter(outputDir, filename string, content io.Reader) (err error) {
...
f, err := os.Create(p)
if err != nil {
return err
}
defer func() { err = errors.Join(err, f.Close()) }()
...
return nil
}
```
no super strong opinion here.
Thanks to Flo for finding this issues!
Add a unit test for testing that providing only the required command
line arguments produces expected output.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
This new flag allows to add a file with registration data. This
is meant to eventually hold all sort of registrations like
ansible or satelite but initially only contains the redhat
subscription. Currently only JSON is supported.
It looks like:
```json:
{
"redhat": {
"subscription": {
"activation_key": "ak_123",
"organization": "org_123",
"server_url": "server_url_123",
"base_url": "base_url_123",
"insights": true,
"rhc": true,
"proxy": "proxy_123"
}
}
}
```
This is not part of the blueprint (today) because its more
ephemeral than the things we usually put into the blueprint.
This allows us to build images that are immediately registered. It
also keeps our options open in the future. If we move to a new
blueprint format where we support multiple blueprints and also
ephemeral data like this the "registrations" flag just becomes an
alias for "--blueprint".
This commit fixes the issue that a test blueprint was not converted
from json to TOML. This was not caught in CI apparently because
our test container misses createrepo_c.
Adding the disk customization to the blueprint test helps to
ensure that strict TOML checking works as expected. There was
a (brief) regression because manifest generation with disk
toml was not tested.
The `completion` command doesn't need to be quite so discoverable. Let's
have only actual subcommands listed and mention this in (future)
documentation instead.
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
Other commands such as `manifest`, and `build` auto detect the
distribution if none is given. `describe` is the odd one out that
requires `--distro`. Let's also autoselect there.
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
Rename the `list-images` command to `list`. We don't have `-image(s)` in
our other subcommands so this is for consistency.
We keep a `list-images` alias behind for compatibility reasons.
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
When running `image-builder` warnings are emitted during manifest
generation. Depending on the definitions or customizations packages
can be excluded from groups which leads to:
```
No match for group package "dracut-config-rescue"
```
Interspersing with normal output. Let's pass along another byte buffer
for the warnings from manifest generation to be written into.
Note that this also needs plumbing [1] to land in `images` first.
[1]: https://github.com/osbuild/images/pull/1384
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
Change the progress imports to refer to `pkg/progress` inside this
repository as it was imported from `bootc-image-builder`.
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
Allow users to define the seed that's used for manifest generation.
Regenerating an image with a given seed leads to the same manifest
(provided depsolving does the same).
The seed is normally mostly used to generate random filesystem UUIDs.
This will need a bunch of documentation in a follow up since the use
cases are meant to be advanced but it can really speed up multi-type and
rebuilds of the same image.
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
This commit tweaks the handling of the `--output-name` option so
that is a name with the same extension as the image is passed that
is just silently ignored. Its a common issue that first time
users run:
```console
$ image-builder build --output-name foo.qcow2 qcow2
```
which currently leads to a foo.qcow2.qcow2. With this commit
the expected "foo.qcow2" will appear.
This commit adds the content of the output directory when a
build is finished. This is a convenient feature to make it easier
for the users.
Thanks to Simon for suggesting this!
This simplifies the way that ibcli determines if the manifest
needs a bootstrap stage or not. The logic is simple:
- when doing `image-builder manifest` we never include one
- when doing `image-builder build --arch` we add one if the
target arch and host arch differ
Instead of passing a callback this is now just a simple bool
option. Thanks to Achilleas for suggesting this.
Co-Authored-by: Achilleas Koutsou <achilleas@koutsou.net>
A small test for a basename that includes dotted parts (as used by for
example Fedora's buildsystem).
Also some code changes to make this test pass, it seems that SBOM base
was determined based on some other filename which is now no longer
relevant?
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
This commit skips the arch checks if the experimental "bootstrap"
option is used. The main use-case of this option is to bootstrap
a foreign architecture so just assume that and skip arch checks
when set.
This allows to write:
```
$ IMAGE_BUILDER_EXPERIMENTAL=bootstrap=ghcr.io/mvo5/fedora-buildroot:41 \
./image-builder build --arch=riscv64 minimal-raw --distro=fedora-41
```
and do a riscv64 cross arch build.
This commit adds an `--force-repo` flag that can be used
to replace all the base repositories with a base url to
a repository. This is useful for testing but also dangerous
as it will not do any checks and happily use a fedora-42 repository
for centos-8 depsolving.
This will make the use-case of the koji builder easier and is
also something that the `build` tool in `images` supports.
This commit reworks the `newRepoRegistry` func so that its easier
to see that it is a variable so that it can be overriden by the
tests. In the tests we want to use the `testrepos` we get from
images and in the real implementation we want to use the full
repo loader with search-paths and extra repos.
This commit adds a new flag `--extra-repo` that can be used
to point to a repository url that is added to the base
repositories when depsolving. Note that *no* gpg checking
will be performed for such repos as there is no way to
add gpg-keys (yet) via this mechanism.
This means that with a repo created with e.g. `createrepo_c` like
```console
$ mkdir repo
$ (cd repo && dnf download hello)
$ createrepo_c ./repo
```
and a blueprint like:
```toml
[[packages]]
name = "hello"
```
a manifest is generated that gets hello from this local repo:
```console
$ image-builder --extra-repo file:$(pwd)/repo manifest qcow2 --distro centos-9 --blueprint ./bp.toml |jq|grep hello
"path": "hello-2.12.1-5.fc41.x86_64.rpm",
```
Note that this is part of the base repositories so anything with a
higher version number will get pulled from the extra-repo, even
system libraries or kernels. Note also that this repository does
not become part of the image so after the image build all rpms
from there are not updated (unless of course the normal repos
have higher versions of them).
Note as well that there is no safeguard right now against adding
extra repos for the wrong version of the distro, i.e. one could
add an extra repo build against/for fedora-42 on a fedora-40 image
which most likely will break with bad depsolve errors. But that
is okay, this option is meant for advanced users and testing.
This commit adds support to upload the build image directly to
the target cloud. Currently only ami/AWS is supported.
If the cloud specific configuration is given at the commandline
and the image type is a cloud image the cloud upload will happen
automatically (just like with bib). Incomplete upload config is
an error.
This commit adds a new `upload` command that can be used to
upload a raw image to the cloud. Currently only AWS is
supported but as images adds more clouds to the uploader interfac
we can easily expand more.
The cloud is currently detected via the file extension, that
mapping probably should also go into the `images` library.
This commit updates ibcli for the new API in images for the
`reporegistry.New()`. The main incompatible change is that the
`/repositories` part is not longer automatically added inside
the library so we need to add it on the call-site.
This needs https://github.com/osbuild/images/pull/1179
This commit fixes the issue that on `CTRL-C` (SIGINT) the progress
is not properly cleared. It also catches SIGTERM for good measure.
No test right now as this is hard to test automatically :/
Closes: https://github.com/osbuild/image-builder-cli/issues/123
This commit fixes the issue that the auto-detect distro is not
visible in the progress message. It also tweaks the order of
the message to show:
```
Building manifest for <distro>-<img-type>
```
to be more conistent.
Closes: https://github.com/osbuild/image-builder-cli/issues/121
This commit adds a new `describe-image` comamnd that contains
the details about the given image type. The output is yaml as
it is both nicely human readable and also machine readable.
Note that this version carries an invalid yaml header on
purpose to avoid people replying on the feature for scripts
before it is stable.
The output looks like this:
```yaml
$ ./image-builder describe-image rhel-9.1 tar
@WARNING - the output format is not stable yet and may change
distro: rhel-9.1
type: tar
arch: x86_64
os_vesion: "9.1"
bootmode: none
partition_type: ""
default_filename: root.tar.xz
packages:
include:
- policycoreutils
- selinux-policy-targeted
- selinux-policy-targeted
exclude:
- rng-tools
```
Thanks to Ondrej Budai for the idea and the example.
This commit silences logrus logging for now by just dicarding
everything from it. The rational is that the underlying libraries
produce a lot of output, e.g. every build currently results in
```console
$ image-builder build qcow2
WARN[0000] Failed to load consumer certs: no consumer key found
...
```
which is confusing to our users. What is worse is that containers
also uses logrus so we can get random warnings without context
from there too. Until we have a way to filter log messages this
seems to be the most practical way.
We can add `--verbose` or `--debug` later to enable these kinds
of messages.
This commit tweaks the help output for the manifest and build
commands to make clear that only the image type is a required
argument but the rest can be overriden via extra flags.
Thanks to Achilleas for noticing.
This commit updates the tests for the error reporting. Since
we are now using the new "progress" module we can no longer
directly mock osStderr. So this now uses the new testutil
helper `CaptureStdio`.
Note also that the behavior of `verbose` and `term` is slightly
different - for backward compatibility in `verbose` mode the
stderr from osbuild is directly connected to the caller stderr.
For term mode this is not done to prevent spurious message from
leaking into the terminal progress and the full error is available
from the actual go error as captured output.
This commit add progress reporting similar to what `bib` is doing.
It imports the progress from `bootc-image-builder` for now. There
is an open PR for moving this to images but there are some
concerns about moving it there so for now we just use bib.
This is not too bad because eventually bib and ibcli will merge.
