Port osbuild/images v0.33.0 with dot-notation to composer

Update the osbuild/images to the version which introduces "dot notation" for distro release versions. - Replace all uses of distroregistry by distrofactory. - Delete local version of reporegistry and use the one from the osbuild/images. - Weldr: unify `createWeldrAPI()` and `createWeldrAPI2()` into a single `createTestWeldrAPI()` function`. - store/fixture: rework fixtures to allow overriding the host distro name and host architecture name. A cleanup function to restore the host distro and arch names is always part of the fixture struct. - Delete `distro_mock` package, since it is no longer used. - Bump the required version of osbuild to 98, because the OSCAP customization is using the 'compress_results' stage option, which is not available in older versions of osbuild. Signed-off-by: Tomáš Hozza <thozza@redhat.com>
2024-01-08 17:58:49 +01:00 · 2024-01-08 17:58:49 +01:00 · 625b1578fa
commit 625b1578fa
parent f6ff8c40dd
1166 changed files with 154457 additions and 5508 deletions
--- a/vendor/github.com/osbuild/images/internal/common/distro.go
+++ b/vendor/github.com/osbuild/images/internal/common/distro.go
@ -1,59 +1,9 @@
 package common

 import (
-	"bufio"
-	"errors"
-	"io"
-	"os"
-	"strings"
-
 	"github.com/hashicorp/go-version"
 )

-func GetHostDistroName() (string, bool, bool, error) {
-	f, err := os.Open("/etc/os-release")
-	if err != nil {
-		return "", false, false, err
-	}
-	defer f.Close()
-	osrelease, err := readOSRelease(f)
-	if err != nil {
-		return "", false, false, err
-	}
-
-	isStream := osrelease["NAME"] == "CentOS Stream"
-
-	version := strings.Split(osrelease["VERSION_ID"], ".")
-	name := osrelease["ID"] + "-" + strings.Join(version, "")
-
-	// TODO: We should probably index these things by the full CPE
-	beta := strings.Contains(osrelease["CPE_NAME"], "beta")
-	return name, beta, isStream, nil
-}
-
-func readOSRelease(r io.Reader) (map[string]string, error) {
-	osrelease := make(map[string]string)
-	scanner := bufio.NewScanner(r)
-	for scanner.Scan() {
-		line := strings.TrimSpace(scanner.Text())
-		if len(line) == 0 {
-			continue
-		}
-
-		parts := strings.SplitN(line, "=", 2)
-		if len(parts) != 2 {
-			return nil, errors.New("readOSRelease: invalid input")
-		}
-
-		key := strings.TrimSpace(parts[0])
-		// drop all surrounding whitespace and double-quotes
-		value := strings.Trim(strings.TrimSpace(parts[1]), "\"")
-		osrelease[key] = value
-	}
-
-	return osrelease, nil
-}
-
 // Returns true if the version represented by the first argument is
 // semantically older than the second.
 //
--- a/vendor/github.com/osbuild/images/internal/common/fips.go
+++ b/vendor/github.com/osbuild/images/internal/common/fips.go
@ -0,0 +1,37 @@
+package common
+
+import (
+	"bufio"
+	"os"
+	"strings"
+)
+
+const (
+	FIPSEnabledImageWarning = `The host building this image is not ` +
+		`running in FIPS mode. The image will still be FIPS compliant. ` +
+		`If you have custom steps that generate keys or perform ` +
+		`cryptographic operations, those must be considered non-compliant.`
+)
+
+var (
+	FIPSEnabledFilePath = "/proc/sys/crypto/fips_enabled"
+)
+
+func IsBuildHostFIPSEnabled() (enabled bool) {
+	file, err := os.Open(FIPSEnabledFilePath)
+	if err != nil {
+		return
+	}
+	defer file.Close()
+	buf := []byte{}
+	_, err = file.Read(buf)
+	if err != nil {
+		return
+	}
+	scanner := bufio.NewScanner(file)
+	scanner.Scan()
+	if err := scanner.Err(); err != nil {
+		return
+	}
+	return strings.TrimSpace(scanner.Text()) == "1"
+}
--- a/vendor/github.com/osbuild/images/internal/pathpolicy/policies.go
+++ b/vendor/github.com/osbuild/images/internal/pathpolicy/policies.go
@ -1,61 +0,0 @@
-package pathpolicy
-
-// MountpointPolicies is a set of default mountpoint policies used for filesystem customizations
-var MountpointPolicies = NewPathPolicies(map[string]PathPolicy{
-	"/": {},
-	// /etc must be on the root filesystem
-	"/etc": {Deny: true},
-	// NB: any mountpoints under /usr are not supported by systemd fstab
-	// generator in initram before the switch-root, so we don't allow them.
-	"/usr": {Exact: true},
-	// API filesystems
-	"/sys":  {Deny: true},
-	"/proc": {Deny: true},
-	"/dev":  {Deny: true},
-	"/run":  {Deny: true},
-	// not allowed due to merged-usr
-	"/bin":   {Deny: true},
-	"/sbin":  {Deny: true},
-	"/lib":   {Deny: true},
-	"/lib64": {Deny: true},
-	// used by ext filesystems
-	"/lost+found": {Deny: true},
-	// used by EFI
-	"/boot/efi": {Deny: true},
-	// used by systemd / ostree
-	"/sysroot": {Deny: true},
-	// symlink to ../run which is on tmpfs
-	"/var/run": {Deny: true},
-	// symlink to ../run/lock which is on tmpfs
-	"/var/lock": {Deny: true},
-})
-
-// CustomDirectoriesPolicies is a set of default policies for custom directories
-var CustomDirectoriesPolicies = NewPathPolicies(map[string]PathPolicy{
-	"/":    {Deny: true},
-	"/etc": {},
-})
-
-// CustomFilesPolicies is a set of default policies for custom files
-var CustomFilesPolicies = NewPathPolicies(map[string]PathPolicy{
-	"/":           {Deny: true},
-	"/etc":        {},
-	"/root":       {},
-	"/etc/fstab":  {Deny: true},
-	"/etc/shadow": {Deny: true},
-	"/etc/passwd": {Deny: true},
-	"/etc/group":  {Deny: true},
-})
-
-// MountpointPolicies for ostree
-var OstreeMountpointPolicies = NewPathPolicies(map[string]PathPolicy{
-	"/":             {},
-	"/ostree":       {Deny: true},
-	"/home":         {Deny: true},
-	"/var/home":     {Deny: true},
-	"/var/opt":      {Deny: true},
-	"/var/srv":      {Deny: true},
-	"/var/roothome": {Deny: true},
-	"/var/usrlocal": {Deny: true},
-	"/var/mnt":      {Deny: true},
-})