particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

deps: update images to v0.24.0

Browse source 
Update the images dependency to v0.24.0

Includes the addition of the new FDO option
'di_mfg_string_type_mac_iface'.
This commit is contained in:
Achilleas Koutsou 2023-12-12 20:10:54 +01:00
parent c6aa7d88d2
commit 6d57e01506
69 changed files with 765 additions and 261 deletions
Download patch file Download diff file Expand all files Collapse all files

2
cmd/osbuild-playground/my-container.go
View file

@ -46,7 +46,7 @@ func (img *MyContainer) InstantiateManifest(m *manifest.Manifest,
// Let's create a simple OCI container!
// configure a build pipeline
build := manifest.NewBuild(m, runner, repos)
build := manifest.NewBuild(m, runner, repos, nil)
build.Checkpoint()
// create a minimal non-bootable OS tree

2
cmd/osbuild-playground/my-image.go
View file

@ -30,7 +30,7 @@ func (img *MyImage) InstantiateManifest(m *manifest.Manifest,
// Let's create a simple raw image!
// configure a build pipeline
build := manifest.NewBuild(m, runner, repos)
build := manifest.NewBuild(m, runner, repos, nil)
build.Checkpoint()
// create an x86_64 platform with bios boot

6
go.mod
View file

@ -12,7 +12,7 @@ require (
github.com/Azure/go-autorest/autorest v0.11.29
github.com/Azure/go-autorest/autorest/azure/auth v0.5.12
github.com/BurntSushi/toml v1.3.2
github.com/aws/aws-sdk-go v1.48.13
github.com/aws/aws-sdk-go v1.49.0
github.com/coreos/go-semver v0.3.1
github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf
github.com/deepmap/oapi-codegen v1.8.2
@ -31,7 +31,7 @@ require (
github.com/labstack/gommon v0.4.1
github.com/openshift-online/ocm-sdk-go v0.1.388
github.com/oracle/oci-go-sdk/v54 v54.0.0
github.com/osbuild/images v0.21.0
github.com/osbuild/images v0.24.0
github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20231117174845-e969a9dc3cd1
github.com/osbuild/pulp-client v0.1.0
github.com/prometheus/client_golang v1.17.0
@ -69,7 +69,7 @@ require (
github.com/beorn7/perks v1.0.1 // indirect
github.com/cenkalti/backoff/v4 v4.2.1 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/containers/common v0.57.0 // indirect
github.com/containers/common v0.57.1 // indirect
github.com/containers/image/v5 v5.29.0 // indirect
github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect
github.com/containers/ocicrypt v1.1.9 // indirect

12
go.sum
View file

@ -61,8 +61,8 @@ github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat6
github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
github.com/aws/aws-sdk-go v1.48.13 h1:6N4GTme6MpxfCisWf5pql8k3TBORiKTmbeutZCDXlG8=
github.com/aws/aws-sdk-go v1.48.13/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
github.com/aws/aws-sdk-go v1.49.0 h1:g9BkW1fo9GqKfwg2+zCD+TW/D36Ux+vtfJ8guF4AYmY=
github.com/aws/aws-sdk-go v1.49.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@ -76,8 +76,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I=
github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
github.com/containers/common v0.57.0 h1:5O/+6QUBafKK0/zeok9y1rLPukfWgdE0sT4nuzmyAqk=
github.com/containers/common v0.57.0/go.mod h1:t/Z+/sFrapvFMEJe3YnecN49/Tae2wYEQShbEN6SRaU=
github.com/containers/common v0.57.1 h1:KWAs4PMPgBFmBV4QNbXhUB8TqvlgR95BJN2sbbXkWHY=
github.com/containers/common v0.57.1/go.mod h1:t/Z+/sFrapvFMEJe3YnecN49/Tae2wYEQShbEN6SRaU=
github.com/containers/image/v5 v5.29.0 h1:9+nhS/ZM7c4Kuzu5tJ0NMpxrgoryOJ2HAYTgG8Ny7j4=
github.com/containers/image/v5 v5.29.0/go.mod h1:kQ7qcDsps424ZAz24thD+x7+dJw1vgur3A9tTDsj97E=
github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA=
@ -454,8 +454,8 @@ github.com/openshift-online/ocm-sdk-go v0.1.388 h1:c8yPCUQwJm3QhcVmnyMPFpeDtxPBa
github.com/openshift-online/ocm-sdk-go v0.1.388/go.mod h1:/+VFIw1iW2H0jEkFH4GnbL/liWareyzsL0w7mDIudB4=
github.com/oracle/oci-go-sdk/v54 v54.0.0 h1:CDLjeSejv2aDpElAJrhKpi6zvT/zhZCZuXchUUZ+LS4=
github.com/oracle/oci-go-sdk/v54 v54.0.0/go.mod h1:+t+yvcFGVp+3ZnztnyxqXfQDsMlq8U25faBLa+mqCMc=
github.com/osbuild/images v0.21.0 h1:xqW7Y6F+ihoL8x2J+S3nGDRXIqZPq//c0Q8ny3afdpo=
github.com/osbuild/images v0.21.0/go.mod h1:HtKiCjR4gQcqcd8E7i37orlFqhsjZmFCvyM89E3aeos=
github.com/osbuild/images v0.24.0 h1:EP1+9Y5IKuTIZ3Q/RmP5/MdUyjlX7zSZCS0NOXK2+Bg=
github.com/osbuild/images v0.24.0/go.mod h1:jC7HIvrDKqMJjvNOiaz+QbBJG9oz2YBZHrHsF4nQX1k=
github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20231117174845-e969a9dc3cd1 h1:UFEJIcPa46W8gtWgOYzriRKYyy1t6SWL0BI7fPTuVvc=
github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20231117174845-e969a9dc3cd1/go.mod h1:z+WA+dX6qMwc7fqY5jCzESDIlg4WR2sBQezxsoXv9Ik=
github.com/osbuild/pulp-client v0.1.0 h1:L0C4ezBJGTamN3BKdv+rKLuq/WxXJbsFwz/Hj7aEmJ8=

18
internal/blueprint/blueprint_convert_test.go
View file

@ -114,10 +114,11 @@ func TestConvert(t *testing.T) {
},
InstallationDevice: "/dev/sda",
FDO: &FDOCustomization{
ManufacturingServerURL: "http://manufacturing.fdo",
DiunPubKeyInsecure: "insecure-pubkey",
DiunPubKeyHash: "hash-pubkey",
DiunPubKeyRootCerts: "root-certs",
ManufacturingServerURL: "http://manufacturing.fdo",
DiunPubKeyInsecure: "insecure-pubkey",
DiunPubKeyHash: "hash-pubkey",
DiunPubKeyRootCerts: "root-certs",
DiMfgStringTypeMacIface: "iface",
},
OpenSCAP: &OpenSCAPCustomization{
DataStream: "stream",
@ -264,10 +265,11 @@ func TestConvert(t *testing.T) {
},
InstallationDevice: "/dev/sda",
FDO: &iblueprint.FDOCustomization{
ManufacturingServerURL: "http://manufacturing.fdo",
DiunPubKeyInsecure: "insecure-pubkey",
DiunPubKeyHash: "hash-pubkey",
DiunPubKeyRootCerts: "root-certs",
ManufacturingServerURL: "http://manufacturing.fdo",
DiunPubKeyInsecure: "insecure-pubkey",
DiunPubKeyHash: "hash-pubkey",
DiunPubKeyRootCerts: "root-certs",
DiMfgStringTypeMacIface: "iface",
},
OpenSCAP: &iblueprint.OpenSCAPCustomization{
DataStream: "stream",

5
internal/blueprint/customizations.go
View file

@ -48,8 +48,9 @@ type FDOCustomization struct {
DiunPubKeyInsecure string `json:"diun_pub_key_insecure,omitempty" toml:"diun_pub_key_insecure,omitempty"`
// This is the output of:
// echo "sha256:$(openssl x509 -fingerprint -sha256 -noout -in diun_cert.pem | cut -d"=" -f2 | sed 's/://g')"
DiunPubKeyHash string `json:"diun_pub_key_hash,omitempty" toml:"diun_pub_key_hash,omitempty"`
DiunPubKeyRootCerts string `json:"diun_pub_key_root_certs,omitempty" toml:"diun_pub_key_root_certs,omitempty"`
DiunPubKeyHash string `json:"diun_pub_key_hash,omitempty" toml:"diun_pub_key_hash,omitempty"`
DiunPubKeyRootCerts string `json:"diun_pub_key_root_certs,omitempty" toml:"diun_pub_key_root_certs,omitempty"`
DiMfgStringTypeMacIface string `json:"di_mfg_string_type_mac_iface,omitempty" toml:"di_mfg_string_type_mac_iface,omitempty"`
}
type KernelCustomization struct {

25
internal/blueprint/repository_customizations.go
View file

@ -8,18 +8,19 @@ import (
)
type RepositoryCustomization struct {
Id string `json:"id" toml:"id"`
BaseURLs []string `json:"baseurls,omitempty" toml:"baseurls,omitempty"`
GPGKeys []string `json:"gpgkeys,omitempty" toml:"gpgkeys,omitempty"`
Metalink string `json:"metalink,omitempty" toml:"metalink,omitempty"`
Mirrorlist string `json:"mirrorlist,omitempty" toml:"mirrorlist,omitempty"`
Name string `json:"name,omitempty" toml:"name,omitempty"`
Priority *int `json:"priority,omitempty" toml:"priority,omitempty"`
Enabled *bool `json:"enabled,omitempty" toml:"enabled,omitempty"`
GPGCheck *bool `json:"gpgcheck,omitempty" toml:"gpgcheck,omitempty"`
RepoGPGCheck *bool `json:"repo_gpgcheck,omitempty" toml:"repo_gpgcheck,omitempty"`
SSLVerify *bool `json:"sslverify,omitempty" toml:"sslverify,omitempty"`
Filename string `json:"filename,omitempty" toml:"filename,omitempty"`
Id string `json:"id" toml:"id"`
BaseURLs []string `json:"baseurls,omitempty" toml:"baseurls,omitempty"`
GPGKeys []string `json:"gpgkeys,omitempty" toml:"gpgkeys,omitempty"`
Metalink string `json:"metalink,omitempty" toml:"metalink,omitempty"`
Mirrorlist string `json:"mirrorlist,omitempty" toml:"mirrorlist,omitempty"`
Name string `json:"name,omitempty" toml:"name,omitempty"`
Priority *int `json:"priority,omitempty" toml:"priority,omitempty"`
Enabled *bool `json:"enabled,omitempty" toml:"enabled,omitempty"`
GPGCheck *bool `json:"gpgcheck,omitempty" toml:"gpgcheck,omitempty"`
RepoGPGCheck *bool `json:"repo_gpgcheck,omitempty" toml:"repo_gpgcheck,omitempty"`
SSLVerify *bool `json:"sslverify,omitempty" toml:"sslverify,omitempty"`
ModuleHotfixes *bool `json:"module_hotfixes,omitempty" toml:"module_hotfixes,omitempty"`
Filename string `json:"filename,omitempty" toml:"filename,omitempty"`
}
const repoFilenameRegex = "^[\\w.-]{1,250}\\.repo$"

361
vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go generated vendored
View file

@ -25843,55 +25843,123 @@ var awsPartition = partition{
endpointKey{
Region: "af-south-1",
}: endpoint{},
endpointKey{
Region: "af-south-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ap-east-1",
}: endpoint{},
endpointKey{
Region: "ap-east-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ap-northeast-1",
}: endpoint{},
endpointKey{
Region: "ap-northeast-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ap-northeast-2",
}: endpoint{},
endpointKey{
Region: "ap-northeast-2",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ap-northeast-3",
}: endpoint{},
endpointKey{
Region: "ap-northeast-3",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ap-south-1",
}: endpoint{},
endpointKey{
Region: "ap-south-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ap-southeast-1",
}: endpoint{},
endpointKey{
Region: "ap-southeast-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ap-southeast-2",
}: endpoint{},
endpointKey{
Region: "ap-southeast-2",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ap-southeast-3",
}: endpoint{},
endpointKey{
Region: "ap-southeast-3",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ca-central-1",
}: endpoint{},
endpointKey{
Region: "ca-central-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ca-central-1",
Variant: fipsVariant,
}: endpoint{},
endpointKey{
Region: "ca-central-1",
Variant: fipsVariant | dualStackVariant,
}: endpoint{},
endpointKey{
Region: "eu-central-1",
}: endpoint{},
endpointKey{
Region: "eu-central-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "eu-north-1",
}: endpoint{},
endpointKey{
Region: "eu-north-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "eu-south-1",
}: endpoint{},
endpointKey{
Region: "eu-south-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "eu-west-1",
}: endpoint{},
endpointKey{
Region: "eu-west-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "eu-west-2",
}: endpoint{},
endpointKey{
Region: "eu-west-2",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "eu-west-3",
}: endpoint{},
endpointKey{
Region: "eu-west-3",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "fips-ca-central-1",
}: endpoint{
@ -25925,40 +25993,84 @@ var awsPartition = partition{
endpointKey{
Region: "il-central-1",
}: endpoint{},
endpointKey{
Region: "il-central-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "me-south-1",
}: endpoint{},
endpointKey{
Region: "me-south-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "sa-east-1",
}: endpoint{},
endpointKey{
Region: "sa-east-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-east-1",
}: endpoint{},
endpointKey{
Region: "us-east-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-east-1",
Variant: fipsVariant,
}: endpoint{},
endpointKey{
Region: "us-east-1",
Variant: fipsVariant | dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-east-2",
}: endpoint{},
endpointKey{
Region: "us-east-2",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-east-2",
Variant: fipsVariant,
}: endpoint{},
endpointKey{
Region: "us-east-2",
Variant: fipsVariant | dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-west-1",
}: endpoint{},
endpointKey{
Region: "us-west-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-west-1",
Variant: fipsVariant,
}: endpoint{},
endpointKey{
Region: "us-west-1",
Variant: fipsVariant | dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-west-2",
}: endpoint{},
endpointKey{
Region: "us-west-2",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-west-2",
Variant: fipsVariant,
}: endpoint{},
endpointKey{
Region: "us-west-2",
Variant: fipsVariant | dualStackVariant,
}: endpoint{},
},
},
"sagemaker-geospatial": service{
@ -26187,160 +26299,267 @@ var awsPartition = partition{
endpointKey{
Region: "af-south-1",
}: endpoint{},
endpointKey{
Region: "af-south-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ap-east-1",
}: endpoint{},
endpointKey{
Region: "ap-east-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ap-northeast-1",
}: endpoint{},
endpointKey{
Region: "ap-northeast-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ap-northeast-2",
}: endpoint{},
endpointKey{
Region: "ap-northeast-2",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ap-northeast-3",
}: endpoint{},
endpointKey{
Region: "ap-northeast-3",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ap-south-1",
}: endpoint{},
endpointKey{
Region: "ap-south-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ap-south-2",
}: endpoint{},
endpointKey{
Region: "ap-south-2",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ap-southeast-1",
}: endpoint{},
endpointKey{
Region: "ap-southeast-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ap-southeast-2",
}: endpoint{},
endpointKey{
Region: "ap-southeast-2",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ap-southeast-3",
}: endpoint{},
endpointKey{
Region: "ap-southeast-3",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ap-southeast-4",
}: endpoint{},
endpointKey{
Region: "ap-southeast-4",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ca-central-1",
}: endpoint{},
endpointKey{
Region: "ca-central-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ca-central-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "secretsmanager-fips.ca-central-1.amazonaws.com",
},
}: endpoint{},
endpointKey{
Region: "ca-central-1",
Variant: fipsVariant | dualStackVariant,
}: endpoint{},
endpointKey{
Region: "ca-central-1-fips",
}: endpoint{
Hostname: "secretsmanager-fips.ca-central-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "ca-central-1",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "eu-central-1",
}: endpoint{},
endpointKey{
Region: "eu-central-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "eu-central-2",
}: endpoint{},
endpointKey{
Region: "eu-central-2",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "eu-north-1",
}: endpoint{},
endpointKey{
Region: "eu-north-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "eu-south-1",
}: endpoint{},
endpointKey{
Region: "eu-south-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "eu-south-2",
}: endpoint{},
endpointKey{
Region: "eu-south-2",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "eu-west-1",
}: endpoint{},
endpointKey{
Region: "eu-west-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "eu-west-2",
}: endpoint{},
endpointKey{
Region: "eu-west-2",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "eu-west-3",
}: endpoint{},
endpointKey{
Region: "eu-west-3",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "il-central-1",
}: endpoint{},
endpointKey{
Region: "il-central-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "me-central-1",
}: endpoint{},
endpointKey{
Region: "me-central-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "me-south-1",
}: endpoint{},
endpointKey{
Region: "me-south-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "sa-east-1",
}: endpoint{},
endpointKey{
Region: "sa-east-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-east-1",
}: endpoint{},
endpointKey{
Region: "us-east-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-east-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "secretsmanager-fips.us-east-1.amazonaws.com",
},
}: endpoint{},
endpointKey{
Region: "us-east-1",
Variant: fipsVariant | dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-east-1-fips",
}: endpoint{
Hostname: "secretsmanager-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "us-east-2",
}: endpoint{},
endpointKey{
Region: "us-east-2",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-east-2",
Variant: fipsVariant,
}: endpoint{
Hostname: "secretsmanager-fips.us-east-2.amazonaws.com",
},
}: endpoint{},
endpointKey{
Region: "us-east-2",
Variant: fipsVariant | dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-east-2-fips",
}: endpoint{
Hostname: "secretsmanager-fips.us-east-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-2",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "us-west-1",
}: endpoint{},
endpointKey{
Region: "us-west-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-west-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "secretsmanager-fips.us-west-1.amazonaws.com",
},
}: endpoint{},
endpointKey{
Region: "us-west-1",
Variant: fipsVariant | dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-west-1-fips",
}: endpoint{
Hostname: "secretsmanager-fips.us-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-1",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "us-west-2",
}: endpoint{},
endpointKey{
Region: "us-west-2",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-west-2",
Variant: fipsVariant,
}: endpoint{
Hostname: "secretsmanager-fips.us-west-2.amazonaws.com",
},
}: endpoint{},
endpointKey{
Region: "us-west-2",
Variant: fipsVariant | dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-west-2-fips",
}: endpoint{
Hostname: "secretsmanager-fips.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-2",
},
Deprecated: boxedTrue,
},
},
@ -34864,9 +35083,17 @@ var awscnPartition = partition{
endpointKey{
Region: "cn-north-1",
}: endpoint{},
endpointKey{
Region: "cn-north-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "cn-northwest-1",
}: endpoint{},
endpointKey{
Region: "cn-northwest-1",
Variant: dualStackVariant,
}: endpoint{},
},
},
"securityhub": service{
@ -38246,7 +38473,21 @@ var awsusgovPartition = partition{
},
},
"health": service{
Defaults: endpointDefaults{
defaultKey{}: endpoint{
SSLCommonName: "health.us-gov-west-1.amazonaws.com",
Protocols: []string{"https"},
},
},
Endpoints: serviceEndpoints{
endpointKey{
Region: "aws-us-gov-global",
}: endpoint{
Hostname: "global.health.us-gov.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-west-1",
},
},
endpointKey{
Region: "fips-us-gov-west-1",
}: endpoint{
@ -40488,17 +40729,33 @@ var awsusgovPartition = partition{
endpointKey{
Region: "us-gov-east-1",
}: endpoint{},
endpointKey{
Region: "us-gov-east-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-gov-east-1",
Variant: fipsVariant,
}: endpoint{},
endpointKey{
Region: "us-gov-east-1",
Variant: fipsVariant | dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-gov-west-1",
}: endpoint{},
endpointKey{
Region: "us-gov-west-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-gov-west-1",
Variant: fipsVariant,
}: endpoint{},
endpointKey{
Region: "us-gov-west-1",
Variant: fipsVariant | dualStackVariant,
}: endpoint{},
},
},
"secretsmanager": service{
@ -40506,37 +40763,43 @@ var awsusgovPartition = partition{
endpointKey{
Region: "us-gov-east-1",
}: endpoint{},
endpointKey{
Region: "us-gov-east-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-gov-east-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "secretsmanager-fips.us-gov-east-1.amazonaws.com",
},
}: endpoint{},
endpointKey{
Region: "us-gov-east-1",
Variant: fipsVariant | dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-gov-east-1-fips",
}: endpoint{
Hostname: "secretsmanager-fips.us-gov-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-east-1",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "us-gov-west-1",
}: endpoint{},
endpointKey{
Region: "us-gov-west-1",
Variant: dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-gov-west-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "secretsmanager-fips.us-gov-west-1.amazonaws.com",
},
}: endpoint{},
endpointKey{
Region: "us-gov-west-1",
Variant: fipsVariant | dualStackVariant,
}: endpoint{},
endpointKey{
Region: "us-gov-west-1-fips",
}: endpoint{
Hostname: "secretsmanager-fips.us-gov-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-west-1",
},
Deprecated: boxedTrue,
},
},

2
vendor/github.com/aws/aws-sdk-go/aws/version.go generated vendored
View file

@ -5,4 +5,4 @@ package aws
const SDKName = "aws-sdk-go"
// SDKVersion is the version of this SDK
const SDKVersion = "1.48.13"
const SDKVersion = "1.49.0"

45
vendor/github.com/aws/aws-sdk-go/service/ec2/api.go generated vendored
View file

@ -161017,6 +161017,9 @@ func (s *PrivateIpAddressSpecification) SetPrivateIpAddress(v string) *PrivateIp
type ProcessorInfo struct {
_ struct{} `type:"structure"`
// The manufacturer of the processor.
Manufacturer *string `locationName:"manufacturer" type:"string"`
// The architectures supported by the instance type.
SupportedArchitectures []*string `locationName:"supportedArchitectures" locationNameList:"item" type:"list" enum:"ArchitectureType"`
@ -161047,6 +161050,12 @@ func (s ProcessorInfo) GoString() string {
return s.String()
}
// SetManufacturer sets the Manufacturer field's value.
func (s *ProcessorInfo) SetManufacturer(v string) *ProcessorInfo {
s.Manufacturer = &v
return s
}
// SetSupportedArchitectures sets the SupportedArchitectures field's value.
func (s *ProcessorInfo) SetSupportedArchitectures(v []*string) *ProcessorInfo {
s.SupportedArchitectures = v
@ -194338,6 +194347,33 @@ const (
// InstanceTypeDl2q24xlarge is a InstanceType enum value
InstanceTypeDl2q24xlarge = "dl2q.24xlarge"
// InstanceTypeMac2M2Metal is a InstanceType enum value
InstanceTypeMac2M2Metal = "mac2-m2.metal"
// InstanceTypeI4i12xlarge is a InstanceType enum value
InstanceTypeI4i12xlarge = "i4i.12xlarge"
// InstanceTypeI4i24xlarge is a InstanceType enum value
InstanceTypeI4i24xlarge = "i4i.24xlarge"
// InstanceTypeC7iMetal24xl is a InstanceType enum value
InstanceTypeC7iMetal24xl = "c7i.metal-24xl"
// InstanceTypeC7iMetal48xl is a InstanceType enum value
InstanceTypeC7iMetal48xl = "c7i.metal-48xl"
// InstanceTypeM7iMetal24xl is a InstanceType enum value
InstanceTypeM7iMetal24xl = "m7i.metal-24xl"
// InstanceTypeM7iMetal48xl is a InstanceType enum value
InstanceTypeM7iMetal48xl = "m7i.metal-48xl"
// InstanceTypeR7iMetal24xl is a InstanceType enum value
InstanceTypeR7iMetal24xl = "r7i.metal-24xl"
// InstanceTypeR7iMetal48xl is a InstanceType enum value
InstanceTypeR7iMetal48xl = "r7i.metal-48xl"
)
// InstanceType_Values returns all elements of the InstanceType enum
@ -195115,6 +195151,15 @@ func InstanceType_Values() []string {
InstanceTypeR7i24xlarge,
InstanceTypeR7i48xlarge,
InstanceTypeDl2q24xlarge,
InstanceTypeMac2M2Metal,
InstanceTypeI4i12xlarge,
InstanceTypeI4i24xlarge,
InstanceTypeC7iMetal24xl,
InstanceTypeC7iMetal48xl,
InstanceTypeM7iMetal24xl,
InstanceTypeM7iMetal48xl,
InstanceTypeR7iMetal24xl,
InstanceTypeR7iMetal48xl,
}
}

8
vendor/github.com/osbuild/images/internal/common/constants.go generated vendored
View file

@ -11,6 +11,14 @@ const (
GibiByte = 1024 * 1024 * 1024 // GiB
TeraByte = 1000 * 1000 * 1000 * 1000 // TB
TebiByte = 1024 * 1024 * 1024 * 1024 // TiB
// shorthands
KiB = KibiByte
MB = MegaByte
MiB = MebiByte
GB = GigaByte
GiB = GibiByte
TiB = TebiByte
)
// These constants are set during buildtime using additional

5
vendor/github.com/osbuild/images/pkg/blueprint/customizations.go generated vendored
View file

@ -45,8 +45,9 @@ type FDOCustomization struct {
DiunPubKeyInsecure string `json:"diun_pub_key_insecure,omitempty" toml:"diun_pub_key_insecure,omitempty"`
// This is the output of:
// echo "sha256:$(openssl x509 -fingerprint -sha256 -noout -in diun_cert.pem | cut -d"=" -f2 | sed 's/://g')"
DiunPubKeyHash string `json:"diun_pub_key_hash,omitempty" toml:"diun_pub_key_hash,omitempty"`
DiunPubKeyRootCerts string `json:"diun_pub_key_root_certs,omitempty" toml:"diun_pub_key_root_certs,omitempty"`
DiunPubKeyHash string `json:"diun_pub_key_hash,omitempty" toml:"diun_pub_key_hash,omitempty"`
DiunPubKeyRootCerts string `json:"diun_pub_key_root_certs,omitempty" toml:"diun_pub_key_root_certs,omitempty"`
DiMfgStringTypeMacIface string `json:"di_mfg_string_type_mac_iface,omitempty" toml:"di_mfg_string_type_mac_iface,omitempty"`
}
type KernelCustomization struct {

2
vendor/github.com/osbuild/images/pkg/blueprint/fsnode_customizations.go generated vendored
View file

@ -11,8 +11,8 @@ import (
"strings"
"github.com/osbuild/images/internal/common"
"github.com/osbuild/images/internal/fsnode"
"github.com/osbuild/images/internal/pathpolicy"
"github.com/osbuild/images/pkg/customizations/fsnode"
)
// validateModeString checks that the given string is a valid mode octal number

48
vendor/github.com/osbuild/images/pkg/blueprint/repository_customizations.go generated vendored
View file

@ -7,23 +7,24 @@ import (
"strings"
"github.com/osbuild/images/internal/common"
"github.com/osbuild/images/internal/fsnode"
"github.com/osbuild/images/pkg/customizations/fsnode"
"github.com/osbuild/images/pkg/rpmmd"
)
type RepositoryCustomization struct {
Id string `json:"id" toml:"id"`
BaseURLs []string `json:"baseurls,omitempty" toml:"baseurls,omitempty"`
GPGKeys []string `json:"gpgkeys,omitempty" toml:"gpgkeys,omitempty"`
Metalink string `json:"metalink,omitempty" toml:"metalink,omitempty"`
Mirrorlist string `json:"mirrorlist,omitempty" toml:"mirrorlist,omitempty"`
Name string `json:"name,omitempty" toml:"name,omitempty"`
Priority *int `json:"priority,omitempty" toml:"priority,omitempty"`
Enabled *bool `json:"enabled,omitempty" toml:"enabled,omitempty"`
GPGCheck *bool `json:"gpgcheck,omitempty" toml:"gpgcheck,omitempty"`
RepoGPGCheck *bool `json:"repo_gpgcheck,omitempty" toml:"repo_gpgcheck,omitempty"`
SSLVerify *bool `json:"sslverify,omitempty" toml:"sslverify,omitempty"`
Filename string `json:"filename,omitempty" toml:"filename,omitempty"`
Id string `json:"id" toml:"id"`
BaseURLs []string `json:"baseurls,omitempty" toml:"baseurls,omitempty"`
GPGKeys []string `json:"gpgkeys,omitempty" toml:"gpgkeys,omitempty"`
Metalink string `json:"metalink,omitempty" toml:"metalink,omitempty"`
Mirrorlist string `json:"mirrorlist,omitempty" toml:"mirrorlist,omitempty"`
Name string `json:"name,omitempty" toml:"name,omitempty"`
Priority *int `json:"priority,omitempty" toml:"priority,omitempty"`
Enabled *bool `json:"enabled,omitempty" toml:"enabled,omitempty"`
GPGCheck *bool `json:"gpgcheck,omitempty" toml:"gpgcheck,omitempty"`
RepoGPGCheck *bool `json:"repo_gpgcheck,omitempty" toml:"repo_gpgcheck,omitempty"`
SSLVerify *bool `json:"sslverify,omitempty" toml:"sslverify,omitempty"`
ModuleHotfixes *bool `json:"module_hotfixes,omitempty" toml:"module_hotfixes,omitempty"`
Filename string `json:"filename,omitempty" toml:"filename,omitempty"`
}
const repoFilenameRegex = "^[\\w.-]{1,250}\\.repo$"
@ -117,16 +118,17 @@ func (repo RepositoryCustomization) customRepoToRepoConfig() rpmmd.RepoConfig {
copy(keys, repo.GPGKeys)
repoConfig := rpmmd.RepoConfig{
Id: repo.Id,
BaseURLs: urls,
GPGKeys: keys,
Name: repo.Name,
Metalink: repo.Metalink,
MirrorList: repo.Mirrorlist,
CheckGPG: repo.GPGCheck,
CheckRepoGPG: repo.RepoGPGCheck,
Priority: repo.Priority,
Enabled: repo.Enabled,
Id: repo.Id,
BaseURLs: urls,
GPGKeys: keys,
Name: repo.Name,
Metalink: repo.Metalink,
MirrorList: repo.Mirrorlist,
CheckGPG: repo.GPGCheck,
CheckRepoGPG: repo.RepoGPGCheck,
Priority: repo.Priority,
ModuleHotfixes: repo.ModuleHotfixes,
Enabled: repo.Enabled,
}
if repo.SSLVerify != nil {

9
vendor/github.com/osbuild/images/internal/fdo/fdo.go → vendor/github.com/osbuild/images/pkg/customizations/fdo/fdo.go generated vendored
View file

@ -3,10 +3,11 @@ package fdo
import "github.com/osbuild/images/pkg/blueprint"
type Options struct {
ManufacturingServerURL string
DiunPubKeyInsecure string
DiunPubKeyHash string
DiunPubKeyRootCerts string
ManufacturingServerURL string
DiunPubKeyInsecure string
DiunPubKeyHash string
DiunPubKeyRootCerts string
DiMfgStringTypeMacIface string
}
func FromBP(bpFDO blueprint.FDOCustomization) *Options {

0
vendor/github.com/osbuild/images/internal/fsnode/dir.go → vendor/github.com/osbuild/images/pkg/customizations/fsnode/dir.go generated vendored
View file

0
vendor/github.com/osbuild/images/internal/fsnode/file.go → vendor/github.com/osbuild/images/pkg/customizations/fsnode/file.go generated vendored
View file

0
vendor/github.com/osbuild/images/internal/fsnode/fsnode.go → vendor/github.com/osbuild/images/pkg/customizations/fsnode/fsnode.go generated vendored
View file

0
vendor/github.com/osbuild/images/internal/ignition/ignition.go → vendor/github.com/osbuild/images/pkg/customizations/ignition/ignition.go generated vendored
View file

2
vendor/github.com/osbuild/images/internal/oscap/oscap.go → vendor/github.com/osbuild/images/pkg/customizations/oscap/oscap.go generated vendored
View file

@ -5,7 +5,7 @@ import (
"path/filepath"
"strings"
"github.com/osbuild/images/internal/fsnode"
"github.com/osbuild/images/pkg/customizations/fsnode"
)
type Profile string

0
vendor/github.com/osbuild/images/internal/shell/shell.go → vendor/github.com/osbuild/images/pkg/customizations/shell/shell.go generated vendored
View file

0
vendor/github.com/osbuild/images/internal/users/users.go → vendor/github.com/osbuild/images/pkg/customizations/users/users.go generated vendored
View file

4
vendor/github.com/osbuild/images/pkg/disk/luks.go generated vendored
View file

@ -5,6 +5,8 @@ import (
"math/rand"
"github.com/google/uuid"
"github.com/osbuild/images/internal/common"
)
type Argon2id struct {
@ -96,5 +98,5 @@ func (lc *LUKSContainer) MetadataSize() uint64 {
}
// 16 MiB is the default size for the LUKS2 header
return 16 * 1024 * 1024
return 16 * common.MiB
}

2
vendor/github.com/osbuild/images/pkg/disk/lvm.go generated vendored
View file

@ -138,7 +138,7 @@ func (vg *LVMVolumeGroup) MetadataSize() uint64 {
// of the metadata and its location and thus the start of the physical
// extent. For now we assume the default which results in a start of
// the physical extent 1 MiB
return 1024 * 1024
return 1 * common.MiB
}
type LVMLogicalVolume struct {

3
vendor/github.com/osbuild/images/pkg/disk/partition_table.go generated vendored
View file

@ -7,6 +7,7 @@ import (
"github.com/google/uuid"
"github.com/osbuild/images/internal/common"
"github.com/osbuild/images/pkg/blueprint"
)
@ -630,7 +631,7 @@ func (pt *PartitionTable) ensureLVM() error {
// we need a /boot partition to boot LVM, ensure one exists
bootPath := entityPath(pt, "/boot")
if bootPath == nil {
_, err := pt.CreateMountpoint("/boot", 512*1024*1024)
_, err := pt.CreateMountpoint("/boot", 512*common.MiB)
if err != nil {
return err

7
vendor/github.com/osbuild/images/pkg/distro/fedora/distro.go generated vendored
View file

@ -8,9 +8,9 @@ import (
"github.com/osbuild/images/internal/common"
"github.com/osbuild/images/internal/environment"
"github.com/osbuild/images/internal/fsnode"
"github.com/osbuild/images/internal/oscap"
"github.com/osbuild/images/pkg/arch"
"github.com/osbuild/images/pkg/customizations/fsnode"
"github.com/osbuild/images/pkg/customizations/oscap"
"github.com/osbuild/images/pkg/distro"
"github.com/osbuild/images/pkg/osbuild"
"github.com/osbuild/images/pkg/platform"
@ -38,6 +38,9 @@ const (
// Added kernel command line options for ami, qcow2, openstack, vhd and vmdk types
cloudKernelOptions = "ro no_timer_check console=ttyS0,115200n8 biosdevname=0 net.ifnames=0"
// location for saving openscap remediation data
oscapDataDir = "/oscap_data"
)
var (

32
vendor/github.com/osbuild/images/pkg/distro/fedora/images.go generated vendored
View file

@ -5,14 +5,14 @@ import (
"math/rand"
"github.com/osbuild/images/internal/common"
"github.com/osbuild/images/internal/fdo"
"github.com/osbuild/images/internal/fsnode"
"github.com/osbuild/images/internal/ignition"
"github.com/osbuild/images/internal/oscap"
"github.com/osbuild/images/internal/users"
"github.com/osbuild/images/internal/workload"
"github.com/osbuild/images/pkg/blueprint"
"github.com/osbuild/images/pkg/container"
"github.com/osbuild/images/pkg/customizations/fdo"
"github.com/osbuild/images/pkg/customizations/fsnode"
"github.com/osbuild/images/pkg/customizations/ignition"
"github.com/osbuild/images/pkg/customizations/oscap"
"github.com/osbuild/images/pkg/customizations/users"
"github.com/osbuild/images/pkg/distro"
"github.com/osbuild/images/pkg/image"
"github.com/osbuild/images/pkg/manifest"
@ -165,14 +165,25 @@ func osCustomizations(
if t.rpmOstree {
panic("unexpected oscap options for ostree image type")
}
// although the osbuild stage will create this directory,
// it's probably better to ensure that it is created here
dataDirNode, err := fsnode.NewDirectory(oscapDataDir, nil, nil, nil, true)
if err != nil {
panic("unexpected error creating OpenSCAP data directory")
}
osc.Directories = append(osc.Directories, dataDirNode)
var datastream = oscapConfig.DataStream
if datastream == "" {
datastream = oscap.DefaultFedoraDatastream()
}
oscapStageOptions := osbuild.OscapConfig{
Datastream: datastream,
ProfileID: oscapConfig.ProfileID,
Datastream: datastream,
ProfileID: oscapConfig.ProfileID,
Compression: true,
}
if oscapConfig.Tailoring != nil {
@ -182,14 +193,15 @@ func osCustomizations(
}
tailoringOptions := osbuild.OscapAutotailorConfig{
NewProfile: newProfile,
Datastream: datastream,
ProfileID: oscapConfig.ProfileID,
Selected: oscapConfig.Tailoring.Selected,
Unselected: oscapConfig.Tailoring.Unselected,
NewProfile: newProfile,
}
osc.OpenSCAPTailorConfig = osbuild.NewOscapAutotailorStageOptions(
tailoringFilepath,
oscapStageOptions,
tailoringOptions,
)
@ -201,7 +213,7 @@ func osCustomizations(
osc.Directories = append(osc.Directories, tailoringDir)
}
osc.OpenSCAPConfig = osbuild.NewOscapRemediationStageOptions(oscapStageOptions)
osc.OpenSCAPConfig = osbuild.NewOscapRemediationStageOptions(oscapDataDir, oscapStageOptions)
}
osc.ShellInit = imageConfig.ShellInit

2
vendor/github.com/osbuild/images/pkg/distro/fedora/imagetype.go generated vendored
View file

@ -7,11 +7,11 @@ import (
"github.com/osbuild/images/internal/common"
"github.com/osbuild/images/internal/environment"
"github.com/osbuild/images/internal/oscap"
"github.com/osbuild/images/internal/pathpolicy"
"github.com/osbuild/images/internal/workload"
"github.com/osbuild/images/pkg/blueprint"
"github.com/osbuild/images/pkg/container"
"github.com/osbuild/images/pkg/customizations/oscap"
"github.com/osbuild/images/pkg/disk"
"github.com/osbuild/images/pkg/distro"
"github.com/osbuild/images/pkg/image"

4
vendor/github.com/osbuild/images/pkg/distro/image_config.go generated vendored
View file

@ -4,8 +4,8 @@ import (
"fmt"
"reflect"
"github.com/osbuild/images/internal/fsnode"
"github.com/osbuild/images/internal/shell"
"github.com/osbuild/images/pkg/customizations/fsnode"
"github.com/osbuild/images/pkg/customizations/shell"
"github.com/osbuild/images/pkg/osbuild"
"github.com/osbuild/images/pkg/subscription"
)

3
vendor/github.com/osbuild/images/pkg/distro/rhel7/distro.go generated vendored
View file

@ -22,6 +22,9 @@ const (
// blueprint package set name
blueprintPkgsKey = "blueprint"
// location for saving openscap remediation data
oscapDataDir = "/oscap_data"
)
// RHEL-based OS image configuration defaults

8
vendor/github.com/osbuild/images/pkg/distro/rhel7/images.go generated vendored
View file

@ -5,11 +5,11 @@ import (
"math/rand"
"github.com/osbuild/images/internal/common"
"github.com/osbuild/images/internal/users"
"github.com/osbuild/images/internal/workload"
"github.com/osbuild/images/pkg/arch"
"github.com/osbuild/images/pkg/blueprint"
"github.com/osbuild/images/pkg/container"
"github.com/osbuild/images/pkg/customizations/users"
"github.com/osbuild/images/pkg/distro"
"github.com/osbuild/images/pkg/image"
"github.com/osbuild/images/pkg/manifest"
@ -131,9 +131,11 @@ func osCustomizations(
if oscapConfig := c.GetOpenSCAP(); oscapConfig != nil {
osc.OpenSCAPConfig = osbuild.NewOscapRemediationStageOptions(
oscapDataDir,
osbuild.OscapConfig{
Datastream: oscapConfig.DataStream,
ProfileID: oscapConfig.ProfileID,
Datastream: oscapConfig.DataStream,
ProfileID: oscapConfig.ProfileID,
Compression: true,
},
)
}

2
vendor/github.com/osbuild/images/pkg/distro/rhel8/azure.go generated vendored
View file

@ -2,8 +2,8 @@ package rhel8
import (
"github.com/osbuild/images/internal/common"
"github.com/osbuild/images/internal/shell"
"github.com/osbuild/images/pkg/arch"
"github.com/osbuild/images/pkg/customizations/shell"
"github.com/osbuild/images/pkg/disk"
"github.com/osbuild/images/pkg/distro"
"github.com/osbuild/images/pkg/osbuild"

2
vendor/github.com/osbuild/images/pkg/distro/rhel8/distro.go generated vendored
View file

@ -7,8 +7,8 @@ import (
"strings"
"github.com/osbuild/images/internal/common"
"github.com/osbuild/images/internal/oscap"
"github.com/osbuild/images/pkg/arch"
"github.com/osbuild/images/pkg/customizations/oscap"
"github.com/osbuild/images/pkg/distro"
"github.com/osbuild/images/pkg/osbuild"
"github.com/osbuild/images/pkg/platform"

2
vendor/github.com/osbuild/images/pkg/distro/rhel8/edge.go generated vendored
View file

@ -4,8 +4,8 @@ import (
"fmt"
"github.com/osbuild/images/internal/common"
"github.com/osbuild/images/internal/fsnode"
"github.com/osbuild/images/pkg/arch"
"github.com/osbuild/images/pkg/customizations/fsnode"
"github.com/osbuild/images/pkg/distro"
"github.com/osbuild/images/pkg/rpmmd"
)

32
vendor/github.com/osbuild/images/pkg/distro/rhel8/images.go generated vendored
View file

@ -4,15 +4,15 @@ import (
"fmt"
"math/rand"
"github.com/osbuild/images/internal/fdo"
"github.com/osbuild/images/internal/fsnode"
"github.com/osbuild/images/internal/ignition"
"github.com/osbuild/images/internal/oscap"
"github.com/osbuild/images/internal/users"
"github.com/osbuild/images/internal/workload"
"github.com/osbuild/images/pkg/arch"
"github.com/osbuild/images/pkg/blueprint"
"github.com/osbuild/images/pkg/container"
"github.com/osbuild/images/pkg/customizations/fdo"
"github.com/osbuild/images/pkg/customizations/fsnode"
"github.com/osbuild/images/pkg/customizations/ignition"
"github.com/osbuild/images/pkg/customizations/oscap"
"github.com/osbuild/images/pkg/customizations/users"
"github.com/osbuild/images/pkg/distro"
"github.com/osbuild/images/pkg/image"
"github.com/osbuild/images/pkg/manifest"
@ -186,14 +186,25 @@ func osCustomizations(
if t.rpmOstree {
panic("unexpected oscap options for ostree image type")
}
// although the osbuild stage will create this directory,
// it's probably better to ensure that it is created here
dataDirNode, err := fsnode.NewDirectory(oscapDataDir, nil, nil, nil, true)
if err != nil {
panic("unexpected error creating OpenSCAP data directory")
}
osc.Directories = append(osc.Directories, dataDirNode)
var datastream = oscapConfig.DataStream
if datastream == "" {
datastream = oscap.DefaultRHEL8Datastream(t.arch.distro.isRHEL())
}
oscapStageOptions := osbuild.OscapConfig{
Datastream: datastream,
ProfileID: oscapConfig.ProfileID,
Datastream: datastream,
ProfileID: oscapConfig.ProfileID,
Compression: true,
}
if oscapConfig.Tailoring != nil {
@ -203,14 +214,15 @@ func osCustomizations(
}
tailoringOptions := osbuild.OscapAutotailorConfig{
NewProfile: newProfile,
Datastream: datastream,
ProfileID: oscapConfig.ProfileID,
Selected: oscapConfig.Tailoring.Selected,
Unselected: oscapConfig.Tailoring.Unselected,
NewProfile: newProfile,
}
osc.OpenSCAPTailorConfig = osbuild.NewOscapAutotailorStageOptions(
tailoringFilepath,
oscapStageOptions,
tailoringOptions,
)
@ -222,7 +234,7 @@ func osCustomizations(
osc.Directories = append(osc.Directories, tailoringDir)
}
osc.OpenSCAPConfig = osbuild.NewOscapRemediationStageOptions(oscapStageOptions)
osc.OpenSCAPConfig = osbuild.NewOscapRemediationStageOptions(oscapDataDir, oscapStageOptions)
}
osc.ShellInit = imageConfig.ShellInit

5
vendor/github.com/osbuild/images/pkg/distro/rhel8/imagetype.go generated vendored
View file

@ -10,11 +10,11 @@ import (
"github.com/osbuild/images/internal/common"
"github.com/osbuild/images/internal/environment"
"github.com/osbuild/images/internal/oscap"
"github.com/osbuild/images/internal/pathpolicy"
"github.com/osbuild/images/internal/workload"
"github.com/osbuild/images/pkg/blueprint"
"github.com/osbuild/images/pkg/container"
"github.com/osbuild/images/pkg/customizations/oscap"
"github.com/osbuild/images/pkg/disk"
"github.com/osbuild/images/pkg/distro"
"github.com/osbuild/images/pkg/image"
@ -37,6 +37,9 @@ const (
// blueprint package set name
blueprintPkgsKey = "blueprint"
// location for saving openscap remediation data
oscapDataDir = "/oscap_data"
)
type imageFunc func(workload workload.Workload, t *imageType, customizations *blueprint.Customizations, options distro.ImageOptions, packageSets map[string]rpmmd.PackageSet, containers []container.SourceSpec, rng *rand.Rand) (image.ImageKind, error)

2
vendor/github.com/osbuild/images/pkg/distro/rhel9/distro.go generated vendored
View file

@ -7,8 +7,8 @@ import (
"strings"
"github.com/osbuild/images/internal/common"
"github.com/osbuild/images/internal/oscap"
"github.com/osbuild/images/pkg/arch"
"github.com/osbuild/images/pkg/customizations/oscap"
"github.com/osbuild/images/pkg/distro"
"github.com/osbuild/images/pkg/osbuild"
"github.com/osbuild/images/pkg/platform"

6
vendor/github.com/osbuild/images/pkg/distro/rhel9/edge.go generated vendored
View file

@ -5,8 +5,8 @@ import (
"github.com/osbuild/images/internal/common"
"github.com/osbuild/images/internal/environment"
"github.com/osbuild/images/internal/fsnode"
"github.com/osbuild/images/pkg/arch"
"github.com/osbuild/images/pkg/customizations/fsnode"
"github.com/osbuild/images/pkg/disk"
"github.com/osbuild/images/pkg/distro"
"github.com/osbuild/images/pkg/osbuild"
@ -400,7 +400,7 @@ func edgeBasePartitionTables(t *imageType) (disk.PartitionTable, bool) {
Description: "built with lvm2 and osbuild",
LogicalVolumes: []disk.LVMLogicalVolume{
{
Size: 9 * 1024 * 1024 * 1024, // 9 GB
Size: 9 * common.GiB, // 9 GiB
Name: "rootlv",
Payload: &disk.Filesystem{
Type: "xfs",
@ -471,7 +471,7 @@ func edgeBasePartitionTables(t *imageType) (disk.PartitionTable, bool) {
Description: "built with lvm2 and osbuild",
LogicalVolumes: []disk.LVMLogicalVolume{
{
Size: 9 * 1024 * 1024 * 1024, // 9 GB
Size: 9 * common.GiB, // 9 GiB
Name: "rootlv",
Payload: &disk.Filesystem{
Type: "xfs",

32
vendor/github.com/osbuild/images/pkg/distro/rhel9/images.go generated vendored
View file

@ -5,14 +5,14 @@ import (
"math/rand"
"github.com/osbuild/images/internal/common"
"github.com/osbuild/images/internal/fdo"
"github.com/osbuild/images/internal/fsnode"
"github.com/osbuild/images/internal/ignition"
"github.com/osbuild/images/internal/oscap"
"github.com/osbuild/images/internal/users"
"github.com/osbuild/images/internal/workload"
"github.com/osbuild/images/pkg/blueprint"
"github.com/osbuild/images/pkg/container"
"github.com/osbuild/images/pkg/customizations/fdo"
"github.com/osbuild/images/pkg/customizations/fsnode"
"github.com/osbuild/images/pkg/customizations/ignition"
"github.com/osbuild/images/pkg/customizations/oscap"
"github.com/osbuild/images/pkg/customizations/users"
"github.com/osbuild/images/pkg/distro"
"github.com/osbuild/images/pkg/image"
"github.com/osbuild/images/pkg/manifest"
@ -183,14 +183,25 @@ func osCustomizations(
if t.rpmOstree {
panic("unexpected oscap options for ostree image type")
}
// although the osbuild stage will create this directory,
// it's probably better to ensure that it is created here
dataDirNode, err := fsnode.NewDirectory(oscapDataDir, nil, nil, nil, true)
if err != nil {
panic("unexpected error creating OpenSCAP data directory")
}
osc.Directories = append(osc.Directories, dataDirNode)
var datastream = oscapConfig.DataStream
if datastream == "" {
datastream = oscap.DefaultRHEL9Datastream(t.arch.distro.isRHEL())
}
oscapStageOptions := osbuild.OscapConfig{
Datastream: datastream,
ProfileID: oscapConfig.ProfileID,
Datastream: datastream,
ProfileID: oscapConfig.ProfileID,
Compression: true,
}
if oscapConfig.Tailoring != nil {
@ -200,14 +211,15 @@ func osCustomizations(
}
tailoringOptions := osbuild.OscapAutotailorConfig{
NewProfile: newProfile,
Datastream: datastream,
ProfileID: oscapConfig.ProfileID,
Selected: oscapConfig.Tailoring.Selected,
Unselected: oscapConfig.Tailoring.Unselected,
NewProfile: newProfile,
}
osc.OpenSCAPTailorConfig = osbuild.NewOscapAutotailorStageOptions(
tailoringFilepath,
oscapStageOptions,
tailoringOptions,
)
@ -219,7 +231,7 @@ func osCustomizations(
osc.Directories = append(osc.Directories, tailoringDir)
}
osc.OpenSCAPConfig = osbuild.NewOscapRemediationStageOptions(oscapStageOptions)
osc.OpenSCAPConfig = osbuild.NewOscapRemediationStageOptions(oscapDataDir, oscapStageOptions)
}
osc.ShellInit = imageConfig.ShellInit

5
vendor/github.com/osbuild/images/pkg/distro/rhel9/imagetype.go generated vendored
View file

@ -10,11 +10,11 @@ import (
"github.com/osbuild/images/internal/common"
"github.com/osbuild/images/internal/environment"
"github.com/osbuild/images/internal/oscap"
"github.com/osbuild/images/internal/pathpolicy"
"github.com/osbuild/images/internal/workload"
"github.com/osbuild/images/pkg/blueprint"
"github.com/osbuild/images/pkg/container"
"github.com/osbuild/images/pkg/customizations/oscap"
"github.com/osbuild/images/pkg/disk"
"github.com/osbuild/images/pkg/distro"
"github.com/osbuild/images/pkg/image"
@ -40,6 +40,9 @@ const (
// blueprint package set name
blueprintPkgsKey = "blueprint"
// location for saving openscap remediation data
oscapDataDir = "/oscap_data"
)
type imageFunc func(workload workload.Workload, t *imageType, customizations *blueprint.Customizations, options distro.ImageOptions, packageSets map[string]rpmmd.PackageSet, containers []container.SourceSpec, rng *rand.Rand) (image.ImageKind, error)

2
vendor/github.com/osbuild/images/pkg/image/anaconda_live_installer.go generated vendored
View file

@ -46,7 +46,7 @@ func (img *AnacondaLiveInstaller) InstantiateManifest(m *manifest.Manifest,
repos []rpmmd.RepoConfig,
runner runner.Runner,
rng *rand.Rand) (*artifact.Artifact, error) {
buildPipeline := manifest.NewBuild(m, runner, repos)
buildPipeline := manifest.NewBuild(m, runner, repos, nil)
buildPipeline.Checkpoint()
livePipeline := manifest.NewAnacondaInstaller(m,

4
vendor/github.com/osbuild/images/pkg/image/anaconda_ostree_installer.go generated vendored
View file

@ -5,9 +5,9 @@ import (
"math/rand"
"github.com/osbuild/images/internal/common"
"github.com/osbuild/images/internal/users"
"github.com/osbuild/images/pkg/arch"
"github.com/osbuild/images/pkg/artifact"
"github.com/osbuild/images/pkg/customizations/users"
"github.com/osbuild/images/pkg/disk"
"github.com/osbuild/images/pkg/manifest"
"github.com/osbuild/images/pkg/ostree"
@ -53,7 +53,7 @@ func (img *AnacondaOSTreeInstaller) InstantiateManifest(m *manifest.Manifest,
repos []rpmmd.RepoConfig,
runner runner.Runner,
rng *rand.Rand) (*artifact.Artifact, error) {
buildPipeline := manifest.NewBuild(m, runner, repos)
buildPipeline := manifest.NewBuild(m, runner, repos, nil)
buildPipeline.Checkpoint()
anacondaPipeline := manifest.NewAnacondaInstaller(m,

4
vendor/github.com/osbuild/images/pkg/image/anaconda_tar_installer.go generated vendored
View file

@ -7,10 +7,10 @@ import (
"github.com/osbuild/images/internal/common"
"github.com/osbuild/images/internal/environment"
"github.com/osbuild/images/internal/users"
"github.com/osbuild/images/internal/workload"
"github.com/osbuild/images/pkg/arch"
"github.com/osbuild/images/pkg/artifact"
"github.com/osbuild/images/pkg/customizations/users"
"github.com/osbuild/images/pkg/disk"
"github.com/osbuild/images/pkg/manifest"
"github.com/osbuild/images/pkg/platform"
@ -63,7 +63,7 @@ func (img *AnacondaTarInstaller) InstantiateManifest(m *manifest.Manifest,
repos []rpmmd.RepoConfig,
runner runner.Runner,
rng *rand.Rand) (*artifact.Artifact, error) {
buildPipeline := manifest.NewBuild(m, runner, repos)
buildPipeline := manifest.NewBuild(m, runner, repos, nil)
buildPipeline.Checkpoint()
anacondaPipeline := manifest.NewAnacondaInstaller(m,

2
vendor/github.com/osbuild/images/pkg/image/archive.go generated vendored
View file

@ -31,7 +31,7 @@ func (img *Archive) InstantiateManifest(m *manifest.Manifest,
repos []rpmmd.RepoConfig,
runner runner.Runner,
rng *rand.Rand) (*artifact.Artifact, error) {
buildPipeline := manifest.NewBuild(m, runner, repos)
buildPipeline := manifest.NewBuild(m, runner, repos, nil)
buildPipeline.Checkpoint()
osPipeline := manifest.NewOS(m, buildPipeline, img.Platform, repos)

2
vendor/github.com/osbuild/images/pkg/image/container.go generated vendored
View file

@ -31,7 +31,7 @@ func (img *BaseContainer) InstantiateManifest(m *manifest.Manifest,
repos []rpmmd.RepoConfig,
runner runner.Runner,
rng *rand.Rand) (*artifact.Artifact, error) {
buildPipeline := manifest.NewBuild(m, runner, repos)
buildPipeline := manifest.NewBuild(m, runner, repos, nil)
buildPipeline.Checkpoint()
osPipeline := manifest.NewOS(m, buildPipeline, img.Platform, repos)

2
vendor/github.com/osbuild/images/pkg/image/disk.go generated vendored
View file

@ -49,7 +49,7 @@ func (img *DiskImage) InstantiateManifest(m *manifest.Manifest,
repos []rpmmd.RepoConfig,
runner runner.Runner,
rng *rand.Rand) (*artifact.Artifact, error) {
buildPipeline := manifest.NewBuild(m, runner, repos)
buildPipeline := manifest.NewBuild(m, runner, repos, nil)
buildPipeline.Checkpoint()
osPipeline := manifest.NewOS(m, buildPipeline, img.Platform, repos)

2
vendor/github.com/osbuild/images/pkg/image/ostree_archive.go generated vendored
View file

@ -47,7 +47,7 @@ func (img *OSTreeArchive) InstantiateManifest(m *manifest.Manifest,
repos []rpmmd.RepoConfig,
runner runner.Runner,
rng *rand.Rand) (*artifact.Artifact, error) {
buildPipeline := manifest.NewBuild(m, runner, repos)
buildPipeline := manifest.NewBuild(m, runner, repos, nil)
buildPipeline.Checkpoint()
osPipeline := manifest.NewOS(m, buildPipeline, img.Platform, repos)

2
vendor/github.com/osbuild/images/pkg/image/ostree_container.go generated vendored
View file

@ -44,7 +44,7 @@ func (img *OSTreeContainer) InstantiateManifest(m *manifest.Manifest,
repos []rpmmd.RepoConfig,
runner runner.Runner,
rng *rand.Rand) (*artifact.Artifact, error) {
buildPipeline := manifest.NewBuild(m, runner, repos)
buildPipeline := manifest.NewBuild(m, runner, repos, nil)
buildPipeline.Checkpoint()
osPipeline := manifest.NewOS(m, buildPipeline, img.Platform, repos)

13
vendor/github.com/osbuild/images/pkg/image/ostree_disk.go generated vendored
View file

@ -4,11 +4,11 @@ import (
"fmt"
"math/rand"
"github.com/osbuild/images/internal/fsnode"
"github.com/osbuild/images/internal/users"
"github.com/osbuild/images/internal/workload"
"github.com/osbuild/images/pkg/artifact"
"github.com/osbuild/images/pkg/container"
"github.com/osbuild/images/pkg/customizations/fsnode"
"github.com/osbuild/images/pkg/customizations/users"
"github.com/osbuild/images/pkg/disk"
"github.com/osbuild/images/pkg/manifest"
"github.com/osbuild/images/pkg/ostree"
@ -53,6 +53,10 @@ type OSTreeDiskImage struct {
// Lock the root account in the deployment unless the user defined root
// user options in the build configuration.
LockRoot bool
// Container buildable tweaks the buildroot to be container friendly,
// i.e. to not rely on an installed osbuild-selinux
ContainerBuildable bool
}
func NewOSTreeDiskImageFromCommit(commit ostree.SourceSpec) *OSTreeDiskImage {
@ -102,11 +106,14 @@ func baseRawOstreeImage(img *OSTreeDiskImage, m *manifest.Manifest, buildPipelin
return manifest.NewRawOStreeImage(buildPipeline, osPipeline, img.Platform)
}
// replaced in testing
var manifestNewBuild = manifest.NewBuild
func (img *OSTreeDiskImage) InstantiateManifest(m *manifest.Manifest,
repos []rpmmd.RepoConfig,
runner runner.Runner,
rng *rand.Rand) (*artifact.Artifact, error) {
buildPipeline := manifest.NewBuild(m, runner, repos)
buildPipeline := manifestNewBuild(m, runner, repos, &manifest.BuildOptions{ContainerBuildable: img.ContainerBuildable})
buildPipeline.Checkpoint()
// don't support compressing non-raw images

9
vendor/github.com/osbuild/images/pkg/image/ostree_simplified_installer.go generated vendored
View file

@ -6,11 +6,11 @@ import (
"github.com/osbuild/images/internal/common"
"github.com/osbuild/images/internal/environment"
"github.com/osbuild/images/internal/fdo"
"github.com/osbuild/images/internal/ignition"
"github.com/osbuild/images/internal/workload"
"github.com/osbuild/images/pkg/arch"
"github.com/osbuild/images/pkg/artifact"
"github.com/osbuild/images/pkg/customizations/fdo"
"github.com/osbuild/images/pkg/customizations/ignition"
"github.com/osbuild/images/pkg/disk"
"github.com/osbuild/images/pkg/manifest"
"github.com/osbuild/images/pkg/platform"
@ -73,7 +73,7 @@ func (img *OSTreeSimplifiedInstaller) InstantiateManifest(m *manifest.Manifest,
repos []rpmmd.RepoConfig,
runner runner.Runner,
rng *rand.Rand) (*artifact.Artifact, error) {
buildPipeline := manifest.NewBuild(m, runner, repos)
buildPipeline := manifest.NewBuild(m, runner, repos, nil)
buildPipeline.Checkpoint()
imageFilename := "image.raw.xz"
@ -127,6 +127,9 @@ func (img *OSTreeSimplifiedInstaller) InstantiateManifest(m *manifest.Manifest,
if img.FDO.DiunPubKeyRootCerts != "" {
kernelOpts = append(kernelOpts, "fdo.diun_pub_key_root_certs=/fdo_diun_pub_key_root_certs.pem")
}
if img.FDO.DiMfgStringTypeMacIface != "" {
kernelOpts = append(kernelOpts, "fdo.di_mfg_string_type_mac_iface="+img.FDO.DiMfgStringTypeMacIface)
}
}
bootTreePipeline.KernelOpts = kernelOpts

11
vendor/github.com/osbuild/images/pkg/manifest/anaconda_installer.go generated vendored
View file

@ -4,10 +4,10 @@ import (
"fmt"
"os"
"github.com/osbuild/images/internal/fsnode"
"github.com/osbuild/images/internal/users"
"github.com/osbuild/images/pkg/arch"
"github.com/osbuild/images/pkg/container"
"github.com/osbuild/images/pkg/customizations/fsnode"
"github.com/osbuild/images/pkg/customizations/users"
"github.com/osbuild/images/pkg/osbuild"
"github.com/osbuild/images/pkg/ostree"
"github.com/osbuild/images/pkg/platform"
@ -309,14 +309,11 @@ func (p *AnacondaInstaller) serialize() osbuild.Pipeline {
if p.Type == AnacondaInstallerTypePayload {
if p.InteractiveDefaults != nil {
kickstartOptions, err := osbuild.NewKickstartStageOptions(
kickstartOptions, err := osbuild.NewKickstartStageOptionsWithLiveIMG(
"/usr/share/anaconda/interactive-defaults.ks",
p.InteractiveDefaults.TarPath,
p.Users,
p.Groups,
"",
"",
"",
p.InteractiveDefaults.TarPath,
)
if err != nil {

17
vendor/github.com/osbuild/images/pkg/manifest/anaconda_installer_iso_tree.go generated vendored
View file

@ -4,8 +4,8 @@ import (
"fmt"
"path"
"github.com/osbuild/images/internal/users"
"github.com/osbuild/images/pkg/container"
"github.com/osbuild/images/pkg/customizations/users"
"github.com/osbuild/images/pkg/disk"
"github.com/osbuild/images/pkg/osbuild"
"github.com/osbuild/images/pkg/ostree"
@ -272,7 +272,13 @@ func (p *AnacondaInstallerISOTree) serialize() osbuild.Pipeline {
))
// Configure the kickstart file with the payload and any user options
kickstartOptions, err := osbuild.NewKickstartStageOptions(p.KSPath, "", p.Users, p.Groups, makeISORootPath(p.PayloadPath), p.ostreeCommitSpec.Ref, p.OSName)
kickstartOptions, err := osbuild.NewKickstartStageOptionsWithOSTreeCommit(
p.KSPath,
p.Users,
p.Groups,
makeISORootPath(p.PayloadPath),
p.ostreeCommitSpec.Ref,
p.OSName)
if err != nil {
panic("failed to create kickstartstage options")
@ -288,7 +294,12 @@ func (p *AnacondaInstallerISOTree) serialize() osbuild.Pipeline {
// If the KSPath is set, we need to add the kickstart stage to this (bootiso-tree) pipeline.
// If it's not specified here, it should have been added to the InteractiveDefaults in the anaconda-tree.
if p.KSPath != "" {
kickstartOptions, err := osbuild.NewKickstartStageOptions(p.KSPath, makeISORootPath(p.PayloadPath), p.Users, p.Groups, "", "", p.OSName)
kickstartOptions, err := osbuild.NewKickstartStageOptionsWithLiveIMG(
p.KSPath,
p.Users,
p.Groups,
makeISORootPath(p.PayloadPath))
if err != nil {
panic("failed to create kickstartstage options")
}

20
vendor/github.com/osbuild/images/pkg/manifest/build.go generated vendored
View file

@ -22,17 +22,31 @@ type Build struct {
dependents []Pipeline
repos []rpmmd.RepoConfig
packageSpecs []rpmmd.PackageSpec
containerBuildable bool
}
type BuildOptions struct {
// ContainerBuildable tweaks the buildroot to be container friendly,
// i.e. to not rely on an installed osbuild-selinux
ContainerBuildable bool
}
// NewBuild creates a new build pipeline from the repositories in repos
// and the specified packages.
func NewBuild(m *Manifest, runner runner.Runner, repos []rpmmd.RepoConfig) *Build {
func NewBuild(m *Manifest, runner runner.Runner, repos []rpmmd.RepoConfig, opts *BuildOptions) *Build {
if opts == nil {
opts = &BuildOptions{}
}
name := "build"
pipeline := &Build{
Base: NewBase(m, name, nil),
runner: runner,
dependents: make([]Pipeline, 0),
repos: filterRepos(repos, name),
containerBuildable: opts.ContainerBuildable,
}
m.addPipeline(pipeline)
return pipeline
@ -109,6 +123,10 @@ func (p *Build) getSELinuxLabels() map[string]string {
switch pkg.Name {
case "coreutils":
labels["/usr/bin/cp"] = "system_u:object_r:install_exec_t:s0"
if p.containerBuildable {
labels["/usr/bin/mount"] = "system_u:object_r:install_exec_t:s0"
labels["/usr/bin/umount"] = "system_u:object_r:install_exec_t:s0"
}
case "tar":
labels["/usr/bin/tar"] = "system_u:object_r:install_exec_t:s0"
}

2
vendor/github.com/osbuild/images/pkg/manifest/coi_iso_tree.go generated vendored
View file

@ -4,7 +4,7 @@ import (
"crypto/sha256"
"fmt"
"github.com/osbuild/images/internal/users"
"github.com/osbuild/images/pkg/customizations/users"
"github.com/osbuild/images/pkg/disk"
"github.com/osbuild/images/pkg/osbuild"
)

4
vendor/github.com/osbuild/images/pkg/manifest/coreos_installer.go generated vendored
View file

@ -3,10 +3,10 @@ package manifest
import (
"fmt"
"github.com/osbuild/images/internal/fdo"
"github.com/osbuild/images/internal/ignition"
"github.com/osbuild/images/pkg/arch"
"github.com/osbuild/images/pkg/container"
"github.com/osbuild/images/pkg/customizations/fdo"
"github.com/osbuild/images/pkg/customizations/ignition"
"github.com/osbuild/images/pkg/osbuild"
"github.com/osbuild/images/pkg/ostree"
"github.com/osbuild/images/pkg/platform"

8
vendor/github.com/osbuild/images/pkg/manifest/os.go generated vendored
View file

@ -7,12 +7,12 @@ import (
"github.com/osbuild/images/internal/common"
"github.com/osbuild/images/internal/environment"
"github.com/osbuild/images/internal/fsnode"
"github.com/osbuild/images/internal/shell"
"github.com/osbuild/images/internal/users"
"github.com/osbuild/images/internal/workload"
"github.com/osbuild/images/pkg/arch"
"github.com/osbuild/images/pkg/container"
"github.com/osbuild/images/pkg/customizations/fsnode"
"github.com/osbuild/images/pkg/customizations/shell"
"github.com/osbuild/images/pkg/customizations/users"
"github.com/osbuild/images/pkg/disk"
"github.com/osbuild/images/pkg/osbuild"
"github.com/osbuild/images/pkg/ostree"
@ -220,7 +220,7 @@ func (p *OS) getPackageSetChain(Distro) []rpmmd.PackageSet {
}
if p.OpenSCAPConfig != nil {
packages = append(packages, "openscap-scanner", "scap-security-guide")
packages = append(packages, "openscap-scanner", "scap-security-guide", "xz")
}
// Make sure the right packages are included for subscriptions

4
vendor/github.com/osbuild/images/pkg/manifest/ostree_deployment.go generated vendored
View file

@ -6,9 +6,9 @@ import (
"strings"
"github.com/osbuild/images/internal/common"
"github.com/osbuild/images/internal/fsnode"
"github.com/osbuild/images/internal/users"
"github.com/osbuild/images/pkg/container"
"github.com/osbuild/images/pkg/customizations/fsnode"
"github.com/osbuild/images/pkg/customizations/users"
"github.com/osbuild/images/pkg/disk"
"github.com/osbuild/images/pkg/osbuild"
"github.com/osbuild/images/pkg/ostree"

2
vendor/github.com/osbuild/images/pkg/osbuild/fips.go generated vendored
View file

@ -4,7 +4,7 @@ import (
"os"
"github.com/osbuild/images/internal/common"
"github.com/osbuild/images/internal/fsnode"
"github.com/osbuild/images/pkg/customizations/fsnode"
"github.com/osbuild/images/pkg/disk"
)

2
vendor/github.com/osbuild/images/pkg/osbuild/fsnode.go generated vendored
View file

@ -4,7 +4,7 @@ import (
"crypto/sha256"
"fmt"
"github.com/osbuild/images/internal/fsnode"
"github.com/osbuild/images/pkg/customizations/fsnode"
)
// GenFileNodesStages generates the stages for a list of file nodes.

2
vendor/github.com/osbuild/images/pkg/osbuild/groups_stage.go generated vendored
View file

@ -1,7 +1,7 @@
package osbuild
import (
"github.com/osbuild/images/internal/users"
"github.com/osbuild/images/pkg/customizations/users"
)
type GroupsStageOptions struct {

111
vendor/github.com/osbuild/images/pkg/osbuild/kickstart_stage.go generated vendored
View file

@ -1,31 +1,40 @@
package osbuild
import "github.com/osbuild/images/internal/users"
import "github.com/osbuild/images/pkg/customizations/users"
type KickstartStageOptions struct {
// Where to place the kickstart file
Path string `json:"path"`
OSTree *OSTreeOptions `json:"ostree,omitempty"`
OSTreeCommit *OSTreeCommitOptions `json:"ostree,omitempty"`
OSTreeContainer *OSTreeContainerOptions `json:"ostreecontainer,omitempty"`
LiveIMG *LiveIMG `json:"liveimg,omitempty"`
LiveIMG *LiveIMGOptions `json:"liveimg,omitempty"`
Users map[string]UsersStageOptionsUser `json:"users,omitempty"`
Groups map[string]GroupsStageOptionsGroup `json:"groups,omitempty"`
}
type LiveIMG struct {
type LiveIMGOptions struct {
URL string `json:"url"`
}
type OSTreeOptions struct {
type OSTreeCommitOptions struct {
OSName string `json:"osname"`
URL string `json:"url"`
Ref string `json:"ref"`
GPG bool `json:"gpg"`
}
type OSTreeContainerOptions struct {
StateRoot string `json:"stateroot"`
URL string `json:"url"`
Transport string `json:"transport"`
Remote string `json:"remote"`
SignatureVerification bool `json:"signatureverification"`
}
func (KickstartStageOptions) isStageOptions() {}
// Creates an Anaconda kickstart file
@ -38,12 +47,8 @@ func NewKickstartStage(options *KickstartStageOptions) *Stage {
func NewKickstartStageOptions(
path string,
imageURL string,
userCustomizations []users.User,
groupCustomizations []users.Group,
ostreeURL string,
ostreeRef string,
osName string) (*KickstartStageOptions, error) {
groupCustomizations []users.Group) (*KickstartStageOptions, error) {
var users map[string]UsersStageOptionsUser
if usersOptions, err := NewUsersStageOptions(userCustomizations, false); err != nil {
@ -57,27 +62,91 @@ func NewKickstartStageOptions(
groups = groupsOptions.Groups
}
var ostreeOptions *OSTreeOptions
return &KickstartStageOptions{
Path: path,
OSTreeCommit: nil,
LiveIMG: nil,
Users: users,
Groups: groups,
}, nil
}
func NewKickstartStageOptionsWithOSTreeCommit(
path string,
userCustomizations []users.User,
groupCustomizations []users.Group,
ostreeURL string,
ostreeRef string,
osName string) (*KickstartStageOptions, error) {
options, err := NewKickstartStageOptions(path, userCustomizations, groupCustomizations)
if err != nil {
return nil, err
}
if ostreeURL != "" {
ostreeOptions = &OSTreeOptions{
ostreeCommitOptions := &OSTreeCommitOptions{
OSName: osName,
URL: ostreeURL,
Ref: ostreeRef,
GPG: false,
}
options.OSTreeCommit = ostreeCommitOptions
}
return options, nil
}
func NewKickstartStageOptionsWithOSTreeContainer(
path string,
userCustomizations []users.User,
groupCustomizations []users.Group,
containerURL string,
containerTransport string,
containerRemote string,
containerStateRoot string) (*KickstartStageOptions, error) {
options, err := NewKickstartStageOptions(path, userCustomizations, groupCustomizations)
if err != nil {
return nil, err
}
if containerURL != "" {
ostreeContainerOptions := &OSTreeContainerOptions{
StateRoot: containerStateRoot,
URL: containerURL,
Remote: containerRemote,
Transport: containerTransport,
SignatureVerification: false,
}
options.OSTreeContainer = ostreeContainerOptions
}
return options, nil
}
func NewKickstartStageOptionsWithLiveIMG(
path string,
userCustomizations []users.User,
groupCustomizations []users.Group,
imageURL string) (*KickstartStageOptions, error) {
options, err := NewKickstartStageOptions(path, userCustomizations, groupCustomizations)
if err != nil {
return nil, err
}
var liveImg *LiveIMG
if imageURL != "" {
liveImg = &LiveIMG{
liveImg := &LiveIMGOptions{
URL: imageURL,
}
options.LiveIMG = liveImg
}
return &KickstartStageOptions{
Path: path,
OSTree: ostreeOptions,
LiveIMG: liveImg,
Users: users,
Groups: groups,
}, nil
return options, nil
}

24
vendor/github.com/osbuild/images/pkg/osbuild/oscap_autotailor_stage.go generated vendored
View file

@ -6,9 +6,11 @@ type OscapAutotailorStageOptions struct {
Filepath string `json:"filepath"`
Config OscapAutotailorConfig `json:"config"`
}
type OscapAutotailorConfig struct {
OscapConfig
NewProfile string `json:"new_profile"`
Datastream string `json:"datastream" toml:"datastream"`
ProfileID string `json:"profile_id" toml:"profile_id"`
Selected []string `json:"selected,omitempty"`
Unselected []string `json:"unselected,omitempty"`
}
@ -16,11 +18,16 @@ type OscapAutotailorConfig struct {
func (OscapAutotailorStageOptions) isStageOptions() {}
func (c OscapAutotailorConfig) validate() error {
if c.Datastream == "" {
return fmt.Errorf("'datastream' must be specified")
}
if c.ProfileID == "" {
return fmt.Errorf("'profile_id' must be specified")
}
if c.NewProfile == "" {
return fmt.Errorf("'new_profile' must be specified")
}
// reuse the oscap validation
return c.OscapConfig.validate()
return nil
}
func NewOscapAutotailorStage(options *OscapAutotailorStageOptions) *Stage {
@ -34,14 +41,15 @@ func NewOscapAutotailorStage(options *OscapAutotailorStageOptions) *Stage {
}
}
func NewOscapAutotailorStageOptions(filepath string, oscapOptions OscapConfig, autotailorOptions OscapAutotailorConfig) *OscapAutotailorStageOptions {
func NewOscapAutotailorStageOptions(filepath string, autotailorOptions OscapAutotailorConfig) *OscapAutotailorStageOptions {
return &OscapAutotailorStageOptions{
Filepath: filepath,
Config: OscapAutotailorConfig{
OscapConfig: oscapOptions,
NewProfile: autotailorOptions.NewProfile,
Selected: autotailorOptions.Selected,
Unselected: autotailorOptions.Unselected,
NewProfile: autotailorOptions.NewProfile,
Datastream: autotailorOptions.Datastream,
ProfileID: autotailorOptions.ProfileID,
Selected: autotailorOptions.Selected,
Unselected: autotailorOptions.Unselected,
},
}
}

8
vendor/github.com/osbuild/images/pkg/osbuild/oscap_remediation_stage.go generated vendored
View file

@ -15,6 +15,7 @@ type OscapRemediationStageOptions struct {
DataDir string `json:"data_dir,omitempty"`
Config OscapConfig `json:"config"`
}
type OscapConfig struct {
Datastream string `json:"datastream" toml:"datastream"`
ProfileID string `json:"profile_id" toml:"profile_id"`
@ -23,10 +24,11 @@ type OscapConfig struct {
BenchmarkID string `json:"benchmark_id,omitempty" toml:"benchmark_id,omitempty"`
Tailoring string `json:"tailoring,omitempty" toml:"tailoring,omitempty"`
TailoringID string `json:"tailoring_id,omitempty" toml:"tailoring_id,omitempty"`
ArfResult string `json:"arf_result,omitempty" toml:"arf_result,omitempty"`
ArfResult string `json:"arf_results,omitempty" toml:"arf_results,omitempty"`
HtmlReport string `json:"html_report,omitempty" toml:"html_report,omitempty"`
VerboseLog string `json:"verbose_log,omitempty" toml:"verbose_log,omitempty"`
VerboseLevel OscapVerbosityLevel `json:"verbose_level,omitempty" toml:"verbose_level,omitempty"`
Compression bool `json:"compress_results,omitempty" toml:"compress_results,omitempty"`
}
func (OscapRemediationStageOptions) isStageOptions() {}
@ -70,8 +72,9 @@ func NewOscapRemediationStage(options *OscapRemediationStageOptions) *Stage {
}
}
func NewOscapRemediationStageOptions(options OscapConfig) *OscapRemediationStageOptions {
func NewOscapRemediationStageOptions(dataDir string, options OscapConfig) *OscapRemediationStageOptions {
return &OscapRemediationStageOptions{
DataDir: dataDir,
Config: OscapConfig{
ProfileID: options.ProfileID,
Datastream: options.Datastream,
@ -83,6 +86,7 @@ func NewOscapRemediationStageOptions(options OscapConfig) *OscapRemediationStage
HtmlReport: options.HtmlReport,
VerboseLog: options.VerboseLog,
VerboseLevel: options.VerboseLevel,
Compression: options.Compression,
},
}
}

2
vendor/github.com/osbuild/images/pkg/osbuild/shell_init_stage.go generated vendored
View file

@ -4,7 +4,7 @@ import (
"fmt"
"regexp"
"github.com/osbuild/images/internal/shell"
"github.com/osbuild/images/pkg/customizations/shell"
)
const filenameRegex = "^[a-zA-Z0-9\\.\\-_]{1,250}$"

7
vendor/github.com/osbuild/images/pkg/osbuild/skopeo_source.go generated vendored
View file

@ -39,13 +39,12 @@ func NewSkopeoSourceItem(name, digest string, tlsVerify *bool) SkopeoSourceItem
}
func (item SkopeoSourceItem) validate() error {
if item.Image.Name == "" {
return fmt.Errorf("source item has empty name")
return fmt.Errorf("source item %#v has empty name", item)
}
if !skopeoDigestPattern.MatchString(item.Image.Digest) {
return fmt.Errorf("source item has invalid digest")
return fmt.Errorf("source item %#v has invalid digest", item)
}
return nil
@ -63,7 +62,7 @@ func NewSkopeoSource() *SkopeoSource {
func (source *SkopeoSource) AddItem(name, digest, image string, tlsVerify *bool) {
item := NewSkopeoSourceItem(name, digest, tlsVerify)
if !skopeoDigestPattern.MatchString(image) {
panic("item has invalid image id")
panic(fmt.Errorf("item %#v has invalid image id", image))
}
source.Items[image] = item
}

2
vendor/github.com/osbuild/images/pkg/osbuild/users_stage.go generated vendored
View file

@ -1,8 +1,8 @@
package osbuild
import (
"github.com/osbuild/images/internal/users"
"github.com/osbuild/images/pkg/crypt"
"github.com/osbuild/images/pkg/customizations/users"
)
type UsersStageOptions struct {

23
vendor/github.com/osbuild/images/pkg/osbuild/yum_repos_stage.go generated vendored
View file

@ -99,17 +99,18 @@ func repoConfigToYumRepository(repo rpmmd.RepoConfig) YumRepository {
}
yumRepo := YumRepository{
Id: repo.Id,
Name: repo.Name,
Mirrorlist: repo.MirrorList,
Metalink: repo.Metalink,
BaseURLs: urls,
GPGKey: keys,
GPGCheck: repo.CheckGPG,
RepoGPGCheck: repo.CheckRepoGPG,
Enabled: repo.Enabled,
Priority: repo.Priority,
SSLVerify: sslVerify,
Id: repo.Id,
Name: repo.Name,
Mirrorlist: repo.MirrorList,
Metalink: repo.Metalink,
BaseURLs: urls,
GPGKey: keys,
GPGCheck: repo.CheckGPG,
RepoGPGCheck: repo.CheckRepoGPG,
Enabled: repo.Enabled,
Priority: repo.Priority,
SSLVerify: sslVerify,
ModuleHotfixes: repo.ModuleHotfixes,
}
return yumRepo

12
vendor/github.com/osbuild/images/pkg/rpmmd/repository.go generated vendored
View file

@ -23,6 +23,7 @@ type repository struct {
CheckGPG bool `json:"check_gpg,omitempty"`
IgnoreSSL bool `json:"ignore_ssl,omitempty"`
RHSM bool `json:"rhsm,omitempty"`
ModuleHotfixes *bool `json:"module_hotfixes,omitempty"`
MetadataExpire string `json:"metadata_expire,omitempty"`
ImageTypeTags []string `json:"image_type_tags,omitempty"`
}
@ -42,6 +43,7 @@ type RepoConfig struct {
Priority *int `json:"priority,omitempty"`
IgnoreSSL *bool `json:"ignore_ssl,omitempty"`
MetadataExpire string `json:"metadata_expire,omitempty"`
ModuleHotfixes *bool `json:"module_hotfixes,omitempty"`
RHSM bool `json:"rhsm,omitempty"`
Enabled *bool `json:"enabled,omitempty"`
ImageTypeTags []string `json:"image_type_tags,omitempty"`
@ -58,6 +60,12 @@ func (r *RepoConfig) Hash() string {
bpts := func(b *bool) string {
return fmt.Sprintf("%T", b)
}
bptsIgnoreNil := func(b *bool) string {
if b == nil {
return ""
}
return bts(*b)
}
ats := func(s []string) string {
return strings.Join(s, "")
}
@ -69,7 +77,8 @@ func (r *RepoConfig) Hash() string {
bpts(r.CheckRepoGPG)+
bpts(r.IgnoreSSL)+
r.MetadataExpire+
bts(r.RHSM))))
bts(r.RHSM)+
bptsIgnoreNil(r.ModuleHotfixes))))
}
type DistrosRepoConfigs map[string]map[string][]RepoConfig
@ -245,6 +254,7 @@ func loadRepositoriesFromFile(filename string) (map[string][]RepoConfig, error)
CheckGPG: &repo.CheckGPG,
RHSM: repo.RHSM,
MetadataExpire: repo.MetadataExpire,
ModuleHotfixes: repo.ModuleHotfixes,
ImageTypeTags: repo.ImageTypeTags,
}

18
vendor/modules.txt vendored
View file

@ -119,7 +119,7 @@ github.com/acarl005/stripansi
# github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2
## explicit; go 1.13
github.com/asaskevich/govalidator
# github.com/aws/aws-sdk-go v1.48.13
# github.com/aws/aws-sdk-go v1.49.0
## explicit; go 1.19
github.com/aws/aws-sdk-go/aws
github.com/aws/aws-sdk-go/aws/arn
@ -190,7 +190,7 @@ github.com/cenkalti/backoff/v4
# github.com/cespare/xxhash/v2 v2.2.0
## explicit; go 1.11
github.com/cespare/xxhash/v2
# github.com/containers/common v0.57.0
# github.com/containers/common v0.57.1
## explicit; go 1.18
github.com/containers/common/pkg/retry
# github.com/containers/image/v5 v5.29.0
@ -656,23 +656,23 @@ github.com/oracle/oci-go-sdk/v54/identity
github.com/oracle/oci-go-sdk/v54/objectstorage
github.com/oracle/oci-go-sdk/v54/objectstorage/transfer
github.com/oracle/oci-go-sdk/v54/workrequests
# github.com/osbuild/images v0.21.0
# github.com/osbuild/images v0.24.0
## explicit; go 1.19
github.com/osbuild/images/internal/common
github.com/osbuild/images/internal/environment
github.com/osbuild/images/internal/fdo
github.com/osbuild/images/internal/fsnode
github.com/osbuild/images/internal/ignition
github.com/osbuild/images/internal/oscap
github.com/osbuild/images/internal/pathpolicy
github.com/osbuild/images/internal/shell
github.com/osbuild/images/internal/users
github.com/osbuild/images/internal/workload
github.com/osbuild/images/pkg/arch
github.com/osbuild/images/pkg/artifact
github.com/osbuild/images/pkg/blueprint
github.com/osbuild/images/pkg/container
github.com/osbuild/images/pkg/crypt
github.com/osbuild/images/pkg/customizations/fdo
github.com/osbuild/images/pkg/customizations/fsnode
github.com/osbuild/images/pkg/customizations/ignition
github.com/osbuild/images/pkg/customizations/oscap
github.com/osbuild/images/pkg/customizations/shell
github.com/osbuild/images/pkg/customizations/users
github.com/osbuild/images/pkg/disk
github.com/osbuild/images/pkg/distro
github.com/osbuild/images/pkg/distro/fedora