particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

internal/osbuild: contenturl and rhsm secrets for ostree sources

Browse source
This commit is contained in:
Sanne Raymaekers 2022-10-14 16:32:01 +02:00
parent 5a0d286d6b
commit 500341a25f
9 changed files with 67 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

24
Schutzfile
View file

@ -2,7 +2,7 @@
"fedora-35": { "fedora-35": {
"dependencies": { "dependencies": {
"osbuild": { "osbuild": {
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8" "commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
} }
}, },
"repos": [ "repos": [
@ -79,7 +79,7 @@
"fedora-36": { "fedora-36": {
"dependencies": { "dependencies": {
"osbuild": { "osbuild": {
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8" "commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
} }
}, },
"repos": [ "repos": [
@ -156,7 +156,7 @@
"fedora-37": { "fedora-37": {
"dependencies": { "dependencies": {
"osbuild": { "osbuild": {
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8" "commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
} }
}, },
"repos": [ "repos": [
@ -233,21 +233,21 @@
"rhel-8.4": { "rhel-8.4": {
"dependencies": { "dependencies": {
"osbuild": { "osbuild": {
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8" "commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
} }
} }
}, },
"rhel-8.6": { "rhel-8.6": {
"dependencies": { "dependencies": {
"osbuild": { "osbuild": {
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8" "commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
} }
} }
}, },
"rhel-8.7": { "rhel-8.7": {
"dependencies": { "dependencies": {
"osbuild": { "osbuild": {
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8" "commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
} }
}, },
"repos": [ "repos": [
@ -334,14 +334,14 @@
"rhel-9.0": { "rhel-9.0": {
"dependencies": { "dependencies": {
"osbuild": { "osbuild": {
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8" "commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
} }
} }
}, },
"rhel-9.1": { "rhel-9.1": {
"dependencies": { "dependencies": {
"osbuild": { "osbuild": {
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8" "commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
} }
}, },
"repos": [ "repos": [
@ -428,21 +428,21 @@
"centos-8": { "centos-8": {
"dependencies": { "dependencies": {
"osbuild": { "osbuild": {
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8" "commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
} }
} }
}, },
"centos-9": { "centos-9": {
"dependencies": { "dependencies": {
"osbuild": { "osbuild": {
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8" "commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
} }
} }
}, },
"centos-stream-9": { "centos-stream-9": {
"dependencies": { "dependencies": {
"osbuild": { "osbuild": {
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8" "commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
} }
}, },
"repos": [ "repos": [
@ -488,7 +488,7 @@
"centos-stream-8": { "centos-stream-8": {
"dependencies": { "dependencies": {
"osbuild": { "osbuild": {
"commit": "8a7b6d382de16b7be30c4d37e10f24c416a294f8" "commit": "976fbe178ac66ee0ba64c983d754dc4672921958"
} }
}, },
"repos": [ "repos": [

11
internal/distro/distro.go
View file

@ -131,8 +131,8 @@ type ImageOptions struct {
Facts *FactsImageOptions Facts *FactsImageOptions
} }
// The OSTreeImageOptions specify an ostree ref, checksum, and URL. The meaning // The OSTreeImageOptions specify an ostree ref, checksum, URL, ContentURL, and RHSM. The meaning of
// of each parameter depends on the image type being built. // each parameter depends on the image type being built.
type OSTreeImageOptions struct { type OSTreeImageOptions struct {
// For ostree commit and container types: The ref of the new commit to be // For ostree commit and container types: The ref of the new commit to be
// built. // built.
@ -148,6 +148,13 @@ type OSTreeImageOptions struct {
// The URL from which to fetch the commit specified by the checksum. // The URL from which to fetch the commit specified by the checksum.
URL string URL string
// If specified, the URL will be used only for metadata.
ContentURL string
// Indicate if the 'org.osbuild.rhsm.consumer' secret should be added when pulling from the
// remote.
RHSM bool
} }
// The SubscriptionImageOptions specify subscription-specific image options // The SubscriptionImageOptions specify subscription-specific image options

4
internal/distro/fedora/images.go
View file

@ -196,6 +196,7 @@ func iotCommitImage(workload workload.Workload,
img.OSTreeParent = &ostree.CommitSpec{ img.OSTreeParent = &ostree.CommitSpec{
Checksum: options.OSTree.FetchChecksum, Checksum: options.OSTree.FetchChecksum,
URL: options.OSTree.URL, URL: options.OSTree.URL,
ContentURL: options.OSTree.ContentURL,
} }
} }
@ -225,6 +226,7 @@ func iotContainerImage(workload workload.Workload,
img.OSTreeParent = &ostree.CommitSpec{ img.OSTreeParent = &ostree.CommitSpec{
Checksum: options.OSTree.FetchChecksum, Checksum: options.OSTree.FetchChecksum,
URL: options.OSTree.URL, URL: options.OSTree.URL,
ContentURL: options.OSTree.ContentURL,
} }
} }
@ -249,6 +251,7 @@ func iotInstallerImage(workload workload.Workload,
commit := ostree.CommitSpec{ commit := ostree.CommitSpec{
Ref: options.OSTree.ImageRef, Ref: options.OSTree.ImageRef,
URL: options.OSTree.URL, URL: options.OSTree.URL,
ContentURL: options.OSTree.ContentURL,
Checksum: options.OSTree.FetchChecksum, Checksum: options.OSTree.FetchChecksum,
} }
img := image.NewOSTreeInstaller(commit) img := image.NewOSTreeInstaller(commit)
@ -280,6 +283,7 @@ func iotRawImage(workload workload.Workload,
commit := ostree.CommitSpec{ commit := ostree.CommitSpec{
Ref: options.OSTree.ImageRef, Ref: options.OSTree.ImageRef,
URL: options.OSTree.URL, URL: options.OSTree.URL,
ContentURL: options.OSTree.ContentURL,
Checksum: options.OSTree.FetchChecksum, Checksum: options.OSTree.FetchChecksum,
} }
img := image.NewOSTreeRawImage(commit) img := image.NewOSTreeRawImage(commit)

6
internal/distro/rhel8/distro.go
View file

@ -548,7 +548,11 @@ func (t *imageType) Manifest(customizations *blueprint.Customizations,
// handle OSTree commit inputs // handle OSTree commit inputs
var commits []ostree.CommitSpec var commits []ostree.CommitSpec
if options.OSTree.FetchChecksum != "" && options.OSTree.URL != "" { if options.OSTree.FetchChecksum != "" && options.OSTree.URL != "" {
commits = []ostree.CommitSpec{{Checksum: options.OSTree.FetchChecksum, URL: options.OSTree.URL}} commit := ostree.CommitSpec{Checksum: options.OSTree.FetchChecksum, URL: options.OSTree.URL, ContentURL: options.OSTree.ContentURL}
if options.OSTree.RHSM {
commit.Secrets = "org.osbuild.rhsm.consumer"
}
commits = []ostree.CommitSpec{commit}
} }
// handle inline sources // handle inline sources

6
internal/distro/rhel9/distro.go
View file

@ -514,7 +514,11 @@ func (t *imageType) Manifest(customizations *blueprint.Customizations,
// handle OSTree commit inputs // handle OSTree commit inputs
var commits []ostree.CommitSpec var commits []ostree.CommitSpec
if options.OSTree.FetchChecksum != "" && options.OSTree.URL != "" { if options.OSTree.FetchChecksum != "" && options.OSTree.URL != "" {
commits = []ostree.CommitSpec{{Checksum: options.OSTree.FetchChecksum, URL: options.OSTree.URL}} commit := ostree.CommitSpec{Checksum: options.OSTree.FetchChecksum, URL: options.OSTree.URL, ContentURL: options.OSTree.ContentURL}
if options.OSTree.RHSM {
commit.Secrets = "org.osbuild.rhsm.consumer"
}
commits = []ostree.CommitSpec{commit}
} }
// handle inline sources // handle inline sources

6
internal/osbuild/ostree_source.go
View file

@ -14,6 +14,12 @@ type OSTreeSourceItem struct {
type OSTreeSourceRemote struct { type OSTreeSourceRemote struct {
// URL of the repository. // URL of the repository.
URL string `json:"url"` URL string `json:"url"`
ContentURL string `json:"contenturl,omitempty"`
// GPG keys to verify the commits // GPG keys to verify the commits
GPGKeys []string `json:"gpgkeys,omitempty"` GPGKeys []string `json:"gpgkeys,omitempty"`
Secrets *OSTreeSourceRemoteSecrets `json:"secrets,omitempty"`
}
type OSTreeSourceRemoteSecrets struct {
Name string `json:"name"`
} }

6
internal/osbuild/source.go
View file

@ -80,6 +80,12 @@ func GenSources(packages []rpmmd.PackageSpec, ostreeCommits []ostree.CommitSpec,
for _, commit := range ostreeCommits { for _, commit := range ostreeCommits {
item := new(OSTreeSourceItem) item := new(OSTreeSourceItem)
item.Remote.URL = commit.URL item.Remote.URL = commit.URL
item.Remote.ContentURL = commit.ContentURL
if commit.Secrets == "org.osbuild.rhsm.consumer" {
item.Remote.Secrets = &OSTreeSourceRemoteSecrets{
Name: "org.osbuild.rhsm.consumer",
}
}
ostree.Items[commit.Checksum] = *item ostree.Items[commit.Checksum] = *item
} }
if len(ostree.Items) > 0 { if len(ostree.Items) > 0 {

4
internal/ostree/ostree.go
View file

@ -27,6 +27,10 @@ type CommitSpec struct {
// URL of the repo where the commit can be fetched, if available. // URL of the repo where the commit can be fetched, if available.
URL string URL string
ContentURL string
Secrets string
// Checksum of the commit. // Checksum of the commit.
Checksum string Checksum string
} }

8
osbuild-composer.spec
View file

@ -306,10 +306,10 @@ The core osbuild-composer binary. This is suitable both for spawning in containe
Summary: The worker for osbuild-composer Summary: The worker for osbuild-composer
Requires: systemd Requires: systemd
Requires: qemu-img Requires: qemu-img
Requires: osbuild >= 69 Requires: osbuild >= 70
Requires: osbuild-ostree >= 69 Requires: osbuild-ostree >= 70
Requires: osbuild-lvm2 >= 69 Requires: osbuild-lvm2 >= 70
Requires: osbuild-luks2 >= 69 Requires: osbuild-luks2 >= 70
Requires: %{name}-dnf-json = %{version}-%{release} Requires: %{name}-dnf-json = %{version}-%{release}
%description worker %description worker