go.mod: update osbuild/images to v0.175.0

Signed-off-by: Tomáš Hozza <thozza@redhat.com>

go.mod

@@ -36,7 +36,7 @@ require (
 	github.com/openshift-online/ocm-sdk-go v0.1.473
 	github.com/oracle/oci-go-sdk/v54 v54.0.0
 	github.com/osbuild/blueprint v1.12.0
-	github.com/osbuild/images v0.174.0
+	github.com/osbuild/images v0.175.0
 	github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20240814102216-0239db53236d
 	github.com/prometheus/client_golang v1.23.0
 	github.com/segmentio/ksuid v1.0.4

go.sum

@@ -520,8 +520,8 @@ github.com/oracle/oci-go-sdk/v54 v54.0.0 h1:CDLjeSejv2aDpElAJrhKpi6zvT/zhZCZuXch
 github.com/oracle/oci-go-sdk/v54 v54.0.0/go.mod h1:+t+yvcFGVp+3ZnztnyxqXfQDsMlq8U25faBLa+mqCMc=
 github.com/osbuild/blueprint v1.12.0 h1:Q2VXPyOnRs9uqgH1lNsvob6PS+73oPF0K9FmsyC98RI=
 github.com/osbuild/blueprint v1.12.0/go.mod h1:HPlJzkEl7q5g8hzaGksUk7ifFAy9QFw9LmzhuFOAVm4=
-github.com/osbuild/images v0.174.0 h1:lQkRK1QENw7YtTu50bmtwsBs3HH88m7CmcRk98fbOLs=
+github.com/osbuild/images v0.175.0 h1:DQ8ckR+mjPgRdZ392FOz3GiykoBLlc5I3FNEXJKyR5c=
-github.com/osbuild/images v0.174.0/go.mod h1:EbAEDP9JEbY9Ih12Cxb5ZYke8H09ljiyjDkq3f0fv28=
+github.com/osbuild/images v0.175.0/go.mod h1:EbAEDP9JEbY9Ih12Cxb5ZYke8H09ljiyjDkq3f0fv28=
 github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20240814102216-0239db53236d h1:r9BFPDv0uuA9k1947Jybcxs36c/pTywWS1gjeizvtcQ=
 github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20240814102216-0239db53236d/go.mod h1:zR1iu/hOuf+OQNJlk70tju9IqzzM4ycq0ectkFBm94U=
 github.com/perimeterx/marshmallow v1.1.5 h1:a2LALqQ1BlHM8PZblsDdidgv1mWi1DgC2UmX50IvK2s=

vendor/github.com/osbuild/images/data/distrodefs/rhel-10/imagetypes.yaml

@@ -561,27 +561,6 @@
       serial: "serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
       timeout: 10
       timeout_style: "countdown"
-    udev_rules:
-      filename: "/etc/udev/rules.d/68-azure-sriov-nm-unmanaged.rules"
-      rules:
-        - comment:
-            - "Accelerated Networking on Azure exposes a new SRIOV interface to the VM."
-            - "This interface is transparently bonded to the synthetic interface,"
-            - "so NetworkManager should just ignore any SRIOV interfaces."
-        - rule:
-            - K: "SUBSYSTEM"
-              O: "=="
-              V: "net"
-            - K: "DRIVERS"
-              O: "=="
-              V: "hv_pci"
-            - K: "ACTION"
-              O: "=="
-              V: "add"
-            - K: "ENV"
-              A: "NM_UNMANAGED"
-              O: "="
-              V: "1"
     systemd_dropin:
       - unit: "nm-cloud-setup.service"
         dropin: "10-rh-enable-for-azure.conf"

vendor/github.com/osbuild/images/data/distrodefs/rhel-9/imagetypes.yaml

@@ -846,27 +846,6 @@
       config:
         "ResourceDisk.EnableSwap": false
         "ResourceDisk.Format": false
-    udev_rules:
-      filename: "/etc/udev/rules.d/68-azure-sriov-nm-unmanaged.rules"
-      rules:
-        - comment:
-            - "Accelerated Networking on Azure exposes a new SRIOV interface to the VM."
-            - "This interface is transparently bonded to the synthetic interface,"
-            - "so NetworkManager should just ignore any SRIOV interfaces."
-        - rule:
-            - K: "SUBSYSTEM"
-              O: "=="
-              V: "net"
-            - K: "DRIVERS"
-              O: "=="
-              V: "hv_pci"
-            - K: "ACTION"
-              O: "=="
-              V: "add"
-            - K: "ENV"
-              A: "NM_UNMANAGED"
-              O: "="
-              V: "1"
     systemd_dropin:
       - unit: "nm-cloud-setup.service"
         dropin: "10-rh-enable-for-azure.conf"
@@ -1068,6 +1047,31 @@
           grub2_config:
             <<: *azure_common_grub2_config
             terminal: ["console"]
+      "sriov udev rules are provided by WALinuxAgent on 9.6+":
+        when:
+          version_less_than: "9.6"
+        shallow_merge:
+          udev_rules:
+            filename: "/etc/udev/rules.d/68-azure-sriov-nm-unmanaged.rules"
+            rules:
+              - comment:
+                  - "Accelerated Networking on Azure exposes a new SRIOV interface to the VM."
+                  - "This interface is transparently bonded to the synthetic interface,"
+                  - "so NetworkManager should just ignore any SRIOV interfaces."
+              - rule:
+                  - K: "SUBSYSTEM"
+                    O: "=="
+                    V: "net"
+                  - K: "DRIVERS"
+                    O: "=="
+                    V: "hv_pci"
+                  - K: "ACTION"
+                    O: "=="
+                    V: "add"
+                  - K: "ENV"
+                    A: "NM_UNMANAGED"
+                    O: "="
+                    V: "1"
 
   default_installer_config: &default_installer_config
     enabled_anaconda_modules: &install_config_enabled_anaconda_modules

vendor/github.com/osbuild/images/pkg/disk/disk.go

@@ -104,6 +104,8 @@ const (
 	EFISystemPartitionUUID = "68B2905B-DF3E-4FB3-80FA-49D1E773AA33"
 
 	EFIFilesystemUUID = "7B77-95E7"
+
+	ESPFstabOptions = "defaults,uid=0,gid=0,umask=077,shortname=winnt"
 )
 
 func getPartitionTypeIDfor(ptType PartitionTableType, partTypeName string, architecture arch.Arch) (string, error) {

vendor/github.com/osbuild/images/pkg/disk/partition_table.go

@@ -1091,7 +1091,7 @@ func hasESP(disk *blueprint.DiskCustomization) bool {
 	}
 
 	for _, part := range disk.Partitions {
-		if part.Type == "plain" && part.Mountpoint == "/boot/efi" {
+		if (part.Type == "plain" || part.Type == "") && part.Mountpoint == "/boot/efi" {
 			return true
 		}
 	}
@@ -1205,7 +1205,7 @@ func mkESP(size uint64, ptType PartitionTableType) (Partition, error) {
 			UUID:         EFIFilesystemUUID,
 			Mountpoint:   "/boot/efi",
 			Label:        "ESP",
-			FSTabOptions: "defaults,uid=0,gid=0,umask=077,shortname=winnt",
+			FSTabOptions: ESPFstabOptions,
 			FSTabFreq:    0,
 			FSTabPassNo:  2,
 		},
@@ -1407,6 +1407,8 @@ func addPlainPartition(pt *PartitionTable, partition blueprint.PartitionCustomiz
 			typeName = "usr"
 		case partition.Mountpoint == "/boot":
 			typeName = "boot"
+		case partition.Mountpoint == "/boot/efi":
+			typeName = "esp"
 		case fstype == "none":
 			typeName = "data"
 		case fstype == "swap":
@@ -1431,12 +1433,20 @@ func addPlainPartition(pt *PartitionTable, partition blueprint.PartitionCustomiz
 			FSTabOptions: "defaults", // TODO: add customization
 		}
 	default:
+		fstabOptions := "defaults"
+		if partition.Mountpoint == "/boot/efi" {
+			// As long as the fstab options are not customizable, let's
+			// special-case the ESP options for consistency. Remove this when
+			// we make fstab options customizable.
+			fstabOptions = ESPFstabOptions
+		}
 		payload = &Filesystem{
 			Type:         fstype,
 			Label:        partition.Label,
 			Mountpoint:   partition.Mountpoint,
-			FSTabOptions: "defaults", // TODO: add customization
+			FSTabOptions: fstabOptions, // TODO: add customization
 		}
+
 	}
 
 	newpart := Partition{

vendor/github.com/osbuild/images/pkg/manifest/subscription.go

@@ -8,6 +8,7 @@ import (
 	"github.com/osbuild/images/pkg/customizations/fsnode"
 	"github.com/osbuild/images/pkg/customizations/subscription"
 	"github.com/osbuild/images/pkg/osbuild"
+	"github.com/osbuild/images/pkg/shutil"
 )
 
 type Subscription struct {
@@ -126,11 +127,11 @@ func subscriptionService(
 	if subscriptionOptions.Rhc {
 		var curlToAssociateSystem string
 		// Use rhc for registration instead of subscription manager
-		rhcConnect := fmt.Sprintf("/usr/bin/rhc connect --organization=${ORG_ID} --activation-key=${ACTIVATION_KEY} --server %s", subscriptionOptions.ServerUrl)
+		rhcConnect := fmt.Sprintf(`/usr/bin/rhc connect --organization="${ORG_ID}" --activation-key="${ACTIVATION_KEY}" --server %s`, shutil.Quote(subscriptionOptions.ServerUrl))
 		if subscriptionOptions.TemplateUUID != "" {
 			curlToAssociateSystem = getCurlToAssociateSystem(subscriptionOptions)
 		} else if subscriptionOptions.TemplateName != "" {
-			rhcConnect += fmt.Sprintf(" --content-template=\"%s\"", subscriptionOptions.TemplateName)
+			rhcConnect += fmt.Sprintf(" --content-template=%s", shutil.Quote(subscriptionOptions.TemplateName))
 		}
 		commands = append(commands, rhcConnect)
 		if permissiveRHC {
@@ -151,7 +152,7 @@ func subscriptionService(
 			files = append(files, icFile)
 		}
 	} else {
-		commands = []string{fmt.Sprintf("/usr/sbin/subscription-manager register --org=${ORG_ID} --activationkey=${ACTIVATION_KEY} --serverurl %s --baseurl %s", subscriptionOptions.ServerUrl, subscriptionOptions.BaseUrl)}
+		commands = []string{fmt.Sprintf(`/usr/sbin/subscription-manager register --org="${ORG_ID}" --activationkey="${ACTIVATION_KEY}" --serverurl %s --baseurl %s`, shutil.Quote(subscriptionOptions.ServerUrl), shutil.Quote(subscriptionOptions.BaseUrl))}
 
 		// Insights is optional when using subscription-manager
 		if subscriptionOptions.Insights {
@@ -173,7 +174,7 @@ func subscriptionService(
 		}
 	}
 
-	commands = append(commands, fmt.Sprintf("/usr/bin/rm %s", subkeyFilepath))
+	commands = append(commands, fmt.Sprintf("/usr/bin/rm %s", shutil.Quote(subkeyFilepath)))
 
 	subscribeServiceFile := "osbuild-subscription-register.service"
 	regServiceStageOptions := &osbuild.SystemdUnitCreateStageOptions{
@@ -257,9 +258,9 @@ WantedBy=multi-user.target
 func getCurlToAssociateSystem(subscriptionOptions subscription.ImageOptions) string {
 	patchURL := strings.TrimSuffix(subscriptionOptions.PatchURL, "/")
 	addTemplateURL := fmt.Sprintf("%s/templates/%s/subscribed-systems", patchURL, subscriptionOptions.TemplateUUID)
-	curlToAssociateSystem := fmt.Sprintf("curl -v --retry 5 --cert /etc/pki/consumer/cert.pem --key /etc/pki/consumer/key.pem -X PATCH %s", addTemplateURL)
+	curlToAssociateSystem := fmt.Sprintf("curl -v --retry 5 --cert /etc/pki/consumer/cert.pem --key /etc/pki/consumer/key.pem -X PATCH %s", shutil.Quote(addTemplateURL))
 	if subscriptionOptions.Proxy != "" {
-		curlToAssociateSystem += fmt.Sprintf(" --proxy %s", subscriptionOptions.Proxy)
+		curlToAssociateSystem += fmt.Sprintf(" --proxy %s", shutil.Quote(subscriptionOptions.Proxy))
 	}
 	return curlToAssociateSystem
 }

vendor/github.com/osbuild/images/pkg/shutil/shlex_quote.go

@@ -0,0 +1,13 @@
+package shutil
+
+import (
+	"strings"
+)
+
+// Quote implements a variant of pythons shlex.quote()
+// in go (c.f. https://github.com/python/cpython/blob/3.14/Lib/shlex.py#L320)
+func Quote(s string) string {
+	// use single quotes, and put single quotes into double quotes
+	// the string $'b is then quoted as '$'"'"'b'
+	return `'` + strings.Replace(s, `'`, `'"'"'`, -1) + `'`
+}

vendor/modules.txt

@@ -961,7 +961,7 @@ github.com/oracle/oci-go-sdk/v54/workrequests
 ## explicit; go 1.23.9
 github.com/osbuild/blueprint/internal/common
 github.com/osbuild/blueprint/pkg/blueprint
-# github.com/osbuild/images v0.174.0
+# github.com/osbuild/images v0.175.0
 ## explicit; go 1.23.9
 github.com/osbuild/images/data/dependencies
 github.com/osbuild/images/data/distrodefs
@@ -1015,6 +1015,7 @@ github.com/osbuild/images/pkg/rhsm/facts
 github.com/osbuild/images/pkg/rpmmd
 github.com/osbuild/images/pkg/runner
 github.com/osbuild/images/pkg/sbom
+github.com/osbuild/images/pkg/shutil
 github.com/osbuild/images/pkg/upload/koji
 github.com/osbuild/images/pkg/upload/vmware
 # github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20240814102216-0239db53236d