internal/osbuild: contenturl and rhsm secrets for ostree sources
This commit is contained in:
Sanne Raymaekers
parent
5a0d286d6b
commit
500341a25f
9 changed files with 67 additions and 32 deletions
24
Schutzfile
24
Schutzfile
|
|
@ -2,7 +2,7 @@
|
|||
"fedora-35": {
|
||||
"dependencies": {
|
||||
"osbuild": {
|
||||
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8"
|
||||
"commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
|
||||
}
|
||||
},
|
||||
"repos": [
|
||||
|
|
@ -79,7 +79,7 @@
|
|||
"fedora-36": {
|
||||
"dependencies": {
|
||||
"osbuild": {
|
||||
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8"
|
||||
"commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
|
||||
}
|
||||
},
|
||||
"repos": [
|
||||
|
|
@ -156,7 +156,7 @@
|
|||
"fedora-37": {
|
||||
"dependencies": {
|
||||
"osbuild": {
|
||||
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8"
|
||||
"commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
|
||||
}
|
||||
},
|
||||
"repos": [
|
||||
|
|
@ -233,21 +233,21 @@
|
|||
"rhel-8.4": {
|
||||
"dependencies": {
|
||||
"osbuild": {
|
||||
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8"
|
||||
"commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
|
||||
}
|
||||
}
|
||||
},
|
||||
"rhel-8.6": {
|
||||
"dependencies": {
|
||||
"osbuild": {
|
||||
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8"
|
||||
"commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
|
||||
}
|
||||
}
|
||||
},
|
||||
"rhel-8.7": {
|
||||
"dependencies": {
|
||||
"osbuild": {
|
||||
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8"
|
||||
"commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
|
||||
}
|
||||
},
|
||||
"repos": [
|
||||
|
|
@ -334,14 +334,14 @@
|
|||
"rhel-9.0": {
|
||||
"dependencies": {
|
||||
"osbuild": {
|
||||
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8"
|
||||
"commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
|
||||
}
|
||||
}
|
||||
},
|
||||
"rhel-9.1": {
|
||||
"dependencies": {
|
||||
"osbuild": {
|
||||
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8"
|
||||
"commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
|
||||
}
|
||||
},
|
||||
"repos": [
|
||||
|
|
@ -428,21 +428,21 @@
|
|||
"centos-8": {
|
||||
"dependencies": {
|
||||
"osbuild": {
|
||||
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8"
|
||||
"commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
|
||||
}
|
||||
}
|
||||
},
|
||||
"centos-9": {
|
||||
"dependencies": {
|
||||
"osbuild": {
|
||||
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8"
|
||||
"commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
|
||||
}
|
||||
}
|
||||
},
|
||||
"centos-stream-9": {
|
||||
"dependencies": {
|
||||
"osbuild": {
|
||||
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8"
|
||||
"commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
|
||||
}
|
||||
},
|
||||
"repos": [
|
||||
|
|
@ -488,7 +488,7 @@
|
|||
"centos-stream-8": {
|
||||
"dependencies": {
|
||||
"osbuild": {
|
||||
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8"
|
||||
"commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
|
||||
}
|
||||
},
|
||||
"repos": [
|
||||
|
|
|
|||
|
|
@ -131,8 +131,8 @@ type ImageOptions struct {
|
|||
Facts *FactsImageOptions
|
||||
}
|
||||
|
||||
// The OSTreeImageOptions specify an ostree ref, checksum, and URL. The meaning
|
||||
// of each parameter depends on the image type being built.
|
||||
// The OSTreeImageOptions specify an ostree ref, checksum, URL, ContentURL, and RHSM. The meaning of
|
||||
// each parameter depends on the image type being built.
|
||||
type OSTreeImageOptions struct {
|
||||
// For ostree commit and container types: The ref of the new commit to be
|
||||
// built.
|
||||
|
|
@ -148,6 +148,13 @@ type OSTreeImageOptions struct {
|
|||
|
||||
// The URL from which to fetch the commit specified by the checksum.
|
||||
URL string
|
||||
|
||||
// If specified, the URL will be used only for metadata.
|
||||
ContentURL string
|
||||
|
||||
// Indicate if the 'org.osbuild.rhsm.consumer' secret should be added when pulling from the
|
||||
// remote.
|
||||
RHSM bool
|
||||
}
|
||||
|
||||
// The SubscriptionImageOptions specify subscription-specific image options
|
||||
|
|
|
|||
|
|
@ -194,8 +194,9 @@ func iotCommitImage(workload workload.Workload,
|
|||
|
||||
if options.OSTree.FetchChecksum != "" && options.OSTree.URL != "" {
|
||||
img.OSTreeParent = &ostree.CommitSpec{
|
||||
Checksum: options.OSTree.FetchChecksum,
|
||||
URL: options.OSTree.URL,
|
||||
Checksum: options.OSTree.FetchChecksum,
|
||||
URL: options.OSTree.URL,
|
||||
ContentURL: options.OSTree.ContentURL,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -223,8 +224,9 @@ func iotContainerImage(workload workload.Workload,
|
|||
|
||||
if options.OSTree.FetchChecksum != "" && options.OSTree.URL != "" {
|
||||
img.OSTreeParent = &ostree.CommitSpec{
|
||||
Checksum: options.OSTree.FetchChecksum,
|
||||
URL: options.OSTree.URL,
|
||||
Checksum: options.OSTree.FetchChecksum,
|
||||
URL: options.OSTree.URL,
|
||||
ContentURL: options.OSTree.ContentURL,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -247,9 +249,10 @@ func iotInstallerImage(workload workload.Workload,
|
|||
d := t.arch.distro
|
||||
|
||||
commit := ostree.CommitSpec{
|
||||
Ref: options.OSTree.ImageRef,
|
||||
URL: options.OSTree.URL,
|
||||
Checksum: options.OSTree.FetchChecksum,
|
||||
Ref: options.OSTree.ImageRef,
|
||||
URL: options.OSTree.URL,
|
||||
ContentURL: options.OSTree.ContentURL,
|
||||
Checksum: options.OSTree.FetchChecksum,
|
||||
}
|
||||
img := image.NewOSTreeInstaller(commit)
|
||||
|
||||
|
|
@ -278,9 +281,10 @@ func iotRawImage(workload workload.Workload,
|
|||
rng *rand.Rand) (image.ImageKind, error) {
|
||||
|
||||
commit := ostree.CommitSpec{
|
||||
Ref: options.OSTree.ImageRef,
|
||||
URL: options.OSTree.URL,
|
||||
Checksum: options.OSTree.FetchChecksum,
|
||||
Ref: options.OSTree.ImageRef,
|
||||
URL: options.OSTree.URL,
|
||||
ContentURL: options.OSTree.ContentURL,
|
||||
Checksum: options.OSTree.FetchChecksum,
|
||||
}
|
||||
img := image.NewOSTreeRawImage(commit)
|
||||
|
||||
|
|
|
|||
|
|
@ -548,7 +548,11 @@ func (t *imageType) Manifest(customizations *blueprint.Customizations,
|
|||
// handle OSTree commit inputs
|
||||
var commits []ostree.CommitSpec
|
||||
if options.OSTree.FetchChecksum != "" && options.OSTree.URL != "" {
|
||||
commits = []ostree.CommitSpec{{Checksum: options.OSTree.FetchChecksum, URL: options.OSTree.URL}}
|
||||
commit := ostree.CommitSpec{Checksum: options.OSTree.FetchChecksum, URL: options.OSTree.URL, ContentURL: options.OSTree.ContentURL}
|
||||
if options.OSTree.RHSM {
|
||||
commit.Secrets = "org.osbuild.rhsm.consumer"
|
||||
}
|
||||
commits = []ostree.CommitSpec{commit}
|
||||
}
|
||||
|
||||
// handle inline sources
|
||||
|
|
|
|||
|
|
@ -514,7 +514,11 @@ func (t *imageType) Manifest(customizations *blueprint.Customizations,
|
|||
// handle OSTree commit inputs
|
||||
var commits []ostree.CommitSpec
|
||||
if options.OSTree.FetchChecksum != "" && options.OSTree.URL != "" {
|
||||
commits = []ostree.CommitSpec{{Checksum: options.OSTree.FetchChecksum, URL: options.OSTree.URL}}
|
||||
commit := ostree.CommitSpec{Checksum: options.OSTree.FetchChecksum, URL: options.OSTree.URL, ContentURL: options.OSTree.ContentURL}
|
||||
if options.OSTree.RHSM {
|
||||
commit.Secrets = "org.osbuild.rhsm.consumer"
|
||||
}
|
||||
commits = []ostree.CommitSpec{commit}
|
||||
}
|
||||
|
||||
// handle inline sources
|
||||
|
|
|
|||
|
|
@ -13,7 +13,13 @@ type OSTreeSourceItem struct {
|
|||
|
||||
type OSTreeSourceRemote struct {
|
||||
// URL of the repository.
|
||||
URL string `json:"url"`
|
||||
URL string `json:"url"`
|
||||
ContentURL string `json:"contenturl,omitempty"`
|
||||
// GPG keys to verify the commits
|
||||
GPGKeys []string `json:"gpgkeys,omitempty"`
|
||||
GPGKeys []string `json:"gpgkeys,omitempty"`
|
||||
Secrets *OSTreeSourceRemoteSecrets `json:"secrets,omitempty"`
|
||||
}
|
||||
|
||||
type OSTreeSourceRemoteSecrets struct {
|
||||
Name string `json:"name"`
|
||||
}
|
||||
|
|
|
|||
|
|
@ -80,6 +80,12 @@ func GenSources(packages []rpmmd.PackageSpec, ostreeCommits []ostree.CommitSpec,
|
|||
for _, commit := range ostreeCommits {
|
||||
item := new(OSTreeSourceItem)
|
||||
item.Remote.URL = commit.URL
|
||||
item.Remote.ContentURL = commit.ContentURL
|
||||
if commit.Secrets == "org.osbuild.rhsm.consumer" {
|
||||
item.Remote.Secrets = &OSTreeSourceRemoteSecrets{
|
||||
Name: "org.osbuild.rhsm.consumer",
|
||||
}
|
||||
}
|
||||
ostree.Items[commit.Checksum] = *item
|
||||
}
|
||||
if len(ostree.Items) > 0 {
|
||||
|
|
|
|||
|
|
@ -27,6 +27,10 @@ type CommitSpec struct {
|
|||
// URL of the repo where the commit can be fetched, if available.
|
||||
URL string
|
||||
|
||||
ContentURL string
|
||||
|
||||
Secrets string
|
||||
|
||||
// Checksum of the commit.
|
||||
Checksum string
|
||||
}
|
||||
|
|
|
|||
|
|
@ -306,10 +306,10 @@ The core osbuild-composer binary. This is suitable both for spawning in containe
|
|||
Summary: The worker for osbuild-composer
|
||||
Requires: systemd
|
||||
Requires: qemu-img
|
||||
Requires: osbuild >= 69
|
||||
Requires: osbuild-ostree >= 69
|
||||
Requires: osbuild-lvm2 >= 69
|
||||
Requires: osbuild-luks2 >= 69
|
||||
Requires: osbuild >= 70
|
||||
Requires: osbuild-ostree >= 70
|
||||
Requires: osbuild-lvm2 >= 70
|
||||
Requires: osbuild-luks2 >= 70
|
||||
Requires: %{name}-dnf-json = %{version}-%{release}
|
||||
|
||||
%description worker
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue