From 6d57e0150663d16bac3d2d9f2cec71d50d15d972 Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Tue, 12 Dec 2023 20:10:54 +0100 Subject: [PATCH] deps: update images to v0.24.0 Update the images dependency to v0.24.0 Includes the addition of the new FDO option 'di_mfg_string_type_mac_iface'. --- cmd/osbuild-playground/my-container.go | 2 +- cmd/osbuild-playground/my-image.go | 2 +- go.mod | 6 +- go.sum | 12 +- internal/blueprint/blueprint_convert_test.go | 18 +- internal/blueprint/customizations.go | 5 +- .../blueprint/repository_customizations.go | 25 +- .../aws/aws-sdk-go/aws/endpoints/defaults.go | 361 +++++++++++++++--- .../github.com/aws/aws-sdk-go/aws/version.go | 2 +- .../aws/aws-sdk-go/service/ec2/api.go | 45 +++ .../images/internal/common/constants.go | 8 + .../images/pkg/blueprint/customizations.go | 5 +- .../pkg/blueprint/fsnode_customizations.go | 2 +- .../blueprint/repository_customizations.go | 48 +-- .../customizations}/fdo/fdo.go | 9 +- .../customizations}/fsnode/dir.go | 0 .../customizations}/fsnode/file.go | 0 .../customizations}/fsnode/fsnode.go | 0 .../customizations}/ignition/ignition.go | 0 .../customizations}/oscap/oscap.go | 2 +- .../customizations}/shell/shell.go | 0 .../customizations}/users/users.go | 0 .../osbuild/images/pkg/disk/luks.go | 4 +- .../github.com/osbuild/images/pkg/disk/lvm.go | 2 +- .../images/pkg/disk/partition_table.go | 3 +- .../images/pkg/distro/fedora/distro.go | 7 +- .../images/pkg/distro/fedora/images.go | 32 +- .../images/pkg/distro/fedora/imagetype.go | 2 +- .../osbuild/images/pkg/distro/image_config.go | 4 +- .../osbuild/images/pkg/distro/rhel7/distro.go | 3 + .../osbuild/images/pkg/distro/rhel7/images.go | 8 +- .../osbuild/images/pkg/distro/rhel8/azure.go | 2 +- .../osbuild/images/pkg/distro/rhel8/distro.go | 2 +- .../osbuild/images/pkg/distro/rhel8/edge.go | 2 +- .../osbuild/images/pkg/distro/rhel8/images.go | 32 +- .../images/pkg/distro/rhel8/imagetype.go | 5 +- .../osbuild/images/pkg/distro/rhel9/distro.go | 2 +- .../osbuild/images/pkg/distro/rhel9/edge.go | 6 +- .../osbuild/images/pkg/distro/rhel9/images.go | 32 +- .../images/pkg/distro/rhel9/imagetype.go | 5 +- .../pkg/image/anaconda_live_installer.go | 2 +- .../pkg/image/anaconda_ostree_installer.go | 4 +- .../pkg/image/anaconda_tar_installer.go | 4 +- .../osbuild/images/pkg/image/archive.go | 2 +- .../osbuild/images/pkg/image/container.go | 2 +- .../osbuild/images/pkg/image/disk.go | 2 +- .../images/pkg/image/ostree_archive.go | 2 +- .../images/pkg/image/ostree_container.go | 2 +- .../osbuild/images/pkg/image/ostree_disk.go | 13 +- .../pkg/image/ostree_simplified_installer.go | 9 +- .../images/pkg/manifest/anaconda_installer.go | 11 +- .../manifest/anaconda_installer_iso_tree.go | 17 +- .../osbuild/images/pkg/manifest/build.go | 20 +- .../images/pkg/manifest/coi_iso_tree.go | 2 +- .../images/pkg/manifest/coreos_installer.go | 4 +- .../osbuild/images/pkg/manifest/os.go | 8 +- .../images/pkg/manifest/ostree_deployment.go | 4 +- .../osbuild/images/pkg/osbuild/fips.go | 2 +- .../osbuild/images/pkg/osbuild/fsnode.go | 2 +- .../images/pkg/osbuild/groups_stage.go | 2 +- .../images/pkg/osbuild/kickstart_stage.go | 111 +++++- .../pkg/osbuild/oscap_autotailor_stage.go | 24 +- .../pkg/osbuild/oscap_remediation_stage.go | 8 +- .../images/pkg/osbuild/shell_init_stage.go | 2 +- .../images/pkg/osbuild/skopeo_source.go | 7 +- .../osbuild/images/pkg/osbuild/users_stage.go | 2 +- .../images/pkg/osbuild/yum_repos_stage.go | 23 +- .../osbuild/images/pkg/rpmmd/repository.go | 12 +- vendor/modules.txt | 18 +- 69 files changed, 765 insertions(+), 261 deletions(-) rename vendor/github.com/osbuild/images/{internal => pkg/customizations}/fdo/fdo.go (53%) rename vendor/github.com/osbuild/images/{internal => pkg/customizations}/fsnode/dir.go (100%) rename vendor/github.com/osbuild/images/{internal => pkg/customizations}/fsnode/file.go (100%) rename vendor/github.com/osbuild/images/{internal => pkg/customizations}/fsnode/fsnode.go (100%) rename vendor/github.com/osbuild/images/{internal => pkg/customizations}/ignition/ignition.go (100%) rename vendor/github.com/osbuild/images/{internal => pkg/customizations}/oscap/oscap.go (98%) rename vendor/github.com/osbuild/images/{internal => pkg/customizations}/shell/shell.go (100%) rename vendor/github.com/osbuild/images/{internal => pkg/customizations}/users/users.go (100%) diff --git a/cmd/osbuild-playground/my-container.go b/cmd/osbuild-playground/my-container.go index f59527d8c..d8c22c7af 100644 --- a/cmd/osbuild-playground/my-container.go +++ b/cmd/osbuild-playground/my-container.go @@ -46,7 +46,7 @@ func (img *MyContainer) InstantiateManifest(m *manifest.Manifest, // Let's create a simple OCI container! // configure a build pipeline - build := manifest.NewBuild(m, runner, repos) + build := manifest.NewBuild(m, runner, repos, nil) build.Checkpoint() // create a minimal non-bootable OS tree diff --git a/cmd/osbuild-playground/my-image.go b/cmd/osbuild-playground/my-image.go index de8a0b4e0..f2e2d7c52 100644 --- a/cmd/osbuild-playground/my-image.go +++ b/cmd/osbuild-playground/my-image.go @@ -30,7 +30,7 @@ func (img *MyImage) InstantiateManifest(m *manifest.Manifest, // Let's create a simple raw image! // configure a build pipeline - build := manifest.NewBuild(m, runner, repos) + build := manifest.NewBuild(m, runner, repos, nil) build.Checkpoint() // create an x86_64 platform with bios boot diff --git a/go.mod b/go.mod index 5cc62267e..6f386283d 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 github.com/BurntSushi/toml v1.3.2 - github.com/aws/aws-sdk-go v1.48.13 + github.com/aws/aws-sdk-go v1.49.0 github.com/coreos/go-semver v0.3.1 github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf github.com/deepmap/oapi-codegen v1.8.2 @@ -31,7 +31,7 @@ require ( github.com/labstack/gommon v0.4.1 github.com/openshift-online/ocm-sdk-go v0.1.388 github.com/oracle/oci-go-sdk/v54 v54.0.0 - github.com/osbuild/images v0.21.0 + github.com/osbuild/images v0.24.0 github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20231117174845-e969a9dc3cd1 github.com/osbuild/pulp-client v0.1.0 github.com/prometheus/client_golang v1.17.0 @@ -69,7 +69,7 @@ require ( github.com/beorn7/perks v1.0.1 // indirect github.com/cenkalti/backoff/v4 v4.2.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect - github.com/containers/common v0.57.0 // indirect + github.com/containers/common v0.57.1 // indirect github.com/containers/image/v5 v5.29.0 // indirect github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect github.com/containers/ocicrypt v1.1.9 // indirect diff --git a/go.sum b/go.sum index 41e3ce4da..37a7d6338 100644 --- a/go.sum +++ b/go.sum @@ -61,8 +61,8 @@ github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat6 github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/aws/aws-sdk-go v1.48.13 h1:6N4GTme6MpxfCisWf5pql8k3TBORiKTmbeutZCDXlG8= -github.com/aws/aws-sdk-go v1.48.13/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.49.0 h1:g9BkW1fo9GqKfwg2+zCD+TW/D36Ux+vtfJ8guF4AYmY= +github.com/aws/aws-sdk-go v1.49.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk= github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -76,8 +76,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I= github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= -github.com/containers/common v0.57.0 h1:5O/+6QUBafKK0/zeok9y1rLPukfWgdE0sT4nuzmyAqk= -github.com/containers/common v0.57.0/go.mod h1:t/Z+/sFrapvFMEJe3YnecN49/Tae2wYEQShbEN6SRaU= +github.com/containers/common v0.57.1 h1:KWAs4PMPgBFmBV4QNbXhUB8TqvlgR95BJN2sbbXkWHY= +github.com/containers/common v0.57.1/go.mod h1:t/Z+/sFrapvFMEJe3YnecN49/Tae2wYEQShbEN6SRaU= github.com/containers/image/v5 v5.29.0 h1:9+nhS/ZM7c4Kuzu5tJ0NMpxrgoryOJ2HAYTgG8Ny7j4= github.com/containers/image/v5 v5.29.0/go.mod h1:kQ7qcDsps424ZAz24thD+x7+dJw1vgur3A9tTDsj97E= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA= @@ -454,8 +454,8 @@ github.com/openshift-online/ocm-sdk-go v0.1.388 h1:c8yPCUQwJm3QhcVmnyMPFpeDtxPBa github.com/openshift-online/ocm-sdk-go v0.1.388/go.mod h1:/+VFIw1iW2H0jEkFH4GnbL/liWareyzsL0w7mDIudB4= github.com/oracle/oci-go-sdk/v54 v54.0.0 h1:CDLjeSejv2aDpElAJrhKpi6zvT/zhZCZuXchUUZ+LS4= github.com/oracle/oci-go-sdk/v54 v54.0.0/go.mod h1:+t+yvcFGVp+3ZnztnyxqXfQDsMlq8U25faBLa+mqCMc= -github.com/osbuild/images v0.21.0 h1:xqW7Y6F+ihoL8x2J+S3nGDRXIqZPq//c0Q8ny3afdpo= -github.com/osbuild/images v0.21.0/go.mod h1:HtKiCjR4gQcqcd8E7i37orlFqhsjZmFCvyM89E3aeos= +github.com/osbuild/images v0.24.0 h1:EP1+9Y5IKuTIZ3Q/RmP5/MdUyjlX7zSZCS0NOXK2+Bg= +github.com/osbuild/images v0.24.0/go.mod h1:jC7HIvrDKqMJjvNOiaz+QbBJG9oz2YBZHrHsF4nQX1k= github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20231117174845-e969a9dc3cd1 h1:UFEJIcPa46W8gtWgOYzriRKYyy1t6SWL0BI7fPTuVvc= github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20231117174845-e969a9dc3cd1/go.mod h1:z+WA+dX6qMwc7fqY5jCzESDIlg4WR2sBQezxsoXv9Ik= github.com/osbuild/pulp-client v0.1.0 h1:L0C4ezBJGTamN3BKdv+rKLuq/WxXJbsFwz/Hj7aEmJ8= diff --git a/internal/blueprint/blueprint_convert_test.go b/internal/blueprint/blueprint_convert_test.go index e767d83c7..4422a21f1 100644 --- a/internal/blueprint/blueprint_convert_test.go +++ b/internal/blueprint/blueprint_convert_test.go @@ -114,10 +114,11 @@ func TestConvert(t *testing.T) { }, InstallationDevice: "/dev/sda", FDO: &FDOCustomization{ - ManufacturingServerURL: "http://manufacturing.fdo", - DiunPubKeyInsecure: "insecure-pubkey", - DiunPubKeyHash: "hash-pubkey", - DiunPubKeyRootCerts: "root-certs", + ManufacturingServerURL: "http://manufacturing.fdo", + DiunPubKeyInsecure: "insecure-pubkey", + DiunPubKeyHash: "hash-pubkey", + DiunPubKeyRootCerts: "root-certs", + DiMfgStringTypeMacIface: "iface", }, OpenSCAP: &OpenSCAPCustomization{ DataStream: "stream", @@ -264,10 +265,11 @@ func TestConvert(t *testing.T) { }, InstallationDevice: "/dev/sda", FDO: &iblueprint.FDOCustomization{ - ManufacturingServerURL: "http://manufacturing.fdo", - DiunPubKeyInsecure: "insecure-pubkey", - DiunPubKeyHash: "hash-pubkey", - DiunPubKeyRootCerts: "root-certs", + ManufacturingServerURL: "http://manufacturing.fdo", + DiunPubKeyInsecure: "insecure-pubkey", + DiunPubKeyHash: "hash-pubkey", + DiunPubKeyRootCerts: "root-certs", + DiMfgStringTypeMacIface: "iface", }, OpenSCAP: &iblueprint.OpenSCAPCustomization{ DataStream: "stream", diff --git a/internal/blueprint/customizations.go b/internal/blueprint/customizations.go index 146c3b72e..770413450 100644 --- a/internal/blueprint/customizations.go +++ b/internal/blueprint/customizations.go @@ -48,8 +48,9 @@ type FDOCustomization struct { DiunPubKeyInsecure string `json:"diun_pub_key_insecure,omitempty" toml:"diun_pub_key_insecure,omitempty"` // This is the output of: // echo "sha256:$(openssl x509 -fingerprint -sha256 -noout -in diun_cert.pem | cut -d"=" -f2 | sed 's/://g')" - DiunPubKeyHash string `json:"diun_pub_key_hash,omitempty" toml:"diun_pub_key_hash,omitempty"` - DiunPubKeyRootCerts string `json:"diun_pub_key_root_certs,omitempty" toml:"diun_pub_key_root_certs,omitempty"` + DiunPubKeyHash string `json:"diun_pub_key_hash,omitempty" toml:"diun_pub_key_hash,omitempty"` + DiunPubKeyRootCerts string `json:"diun_pub_key_root_certs,omitempty" toml:"diun_pub_key_root_certs,omitempty"` + DiMfgStringTypeMacIface string `json:"di_mfg_string_type_mac_iface,omitempty" toml:"di_mfg_string_type_mac_iface,omitempty"` } type KernelCustomization struct { diff --git a/internal/blueprint/repository_customizations.go b/internal/blueprint/repository_customizations.go index 9288b69fc..fb72bfd53 100644 --- a/internal/blueprint/repository_customizations.go +++ b/internal/blueprint/repository_customizations.go @@ -8,18 +8,19 @@ import ( ) type RepositoryCustomization struct { - Id string `json:"id" toml:"id"` - BaseURLs []string `json:"baseurls,omitempty" toml:"baseurls,omitempty"` - GPGKeys []string `json:"gpgkeys,omitempty" toml:"gpgkeys,omitempty"` - Metalink string `json:"metalink,omitempty" toml:"metalink,omitempty"` - Mirrorlist string `json:"mirrorlist,omitempty" toml:"mirrorlist,omitempty"` - Name string `json:"name,omitempty" toml:"name,omitempty"` - Priority *int `json:"priority,omitempty" toml:"priority,omitempty"` - Enabled *bool `json:"enabled,omitempty" toml:"enabled,omitempty"` - GPGCheck *bool `json:"gpgcheck,omitempty" toml:"gpgcheck,omitempty"` - RepoGPGCheck *bool `json:"repo_gpgcheck,omitempty" toml:"repo_gpgcheck,omitempty"` - SSLVerify *bool `json:"sslverify,omitempty" toml:"sslverify,omitempty"` - Filename string `json:"filename,omitempty" toml:"filename,omitempty"` + Id string `json:"id" toml:"id"` + BaseURLs []string `json:"baseurls,omitempty" toml:"baseurls,omitempty"` + GPGKeys []string `json:"gpgkeys,omitempty" toml:"gpgkeys,omitempty"` + Metalink string `json:"metalink,omitempty" toml:"metalink,omitempty"` + Mirrorlist string `json:"mirrorlist,omitempty" toml:"mirrorlist,omitempty"` + Name string `json:"name,omitempty" toml:"name,omitempty"` + Priority *int `json:"priority,omitempty" toml:"priority,omitempty"` + Enabled *bool `json:"enabled,omitempty" toml:"enabled,omitempty"` + GPGCheck *bool `json:"gpgcheck,omitempty" toml:"gpgcheck,omitempty"` + RepoGPGCheck *bool `json:"repo_gpgcheck,omitempty" toml:"repo_gpgcheck,omitempty"` + SSLVerify *bool `json:"sslverify,omitempty" toml:"sslverify,omitempty"` + ModuleHotfixes *bool `json:"module_hotfixes,omitempty" toml:"module_hotfixes,omitempty"` + Filename string `json:"filename,omitempty" toml:"filename,omitempty"` } const repoFilenameRegex = "^[\\w.-]{1,250}\\.repo$" diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go index ee1ea9b6a..cdf456abe 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go @@ -25843,55 +25843,123 @@ var awsPartition = partition{ endpointKey{ Region: "af-south-1", }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-east-1", }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ca-central-1", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "fips-ca-central-1", }: endpoint{ @@ -25925,40 +25993,84 @@ var awsPartition = partition{ endpointKey{ Region: "il-central-1", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-1", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-2", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-1", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-2", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, }, }, "sagemaker-geospatial": service{ @@ -26187,160 +26299,267 @@ var awsPartition = partition{ endpointKey{ Region: "af-south-1", }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-east-1", }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-south-2", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-4", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ca-central-1", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.ca-central-1.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ca-central-1-fips", }: endpoint{ - Hostname: "secretsmanager-fips.ca-central-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ca-central-1", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-central-2", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-south-2", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "il-central-1", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-1", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-east-1.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-1-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-2", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-east-2.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-2-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-east-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-2", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-1", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-west-1.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-1-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-1", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-2", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-west-2.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-2-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-west-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-2", - }, + Deprecated: boxedTrue, }, }, @@ -34864,9 +35083,17 @@ var awscnPartition = partition{ endpointKey{ Region: "cn-north-1", }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "cn-northwest-1", }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{}, }, }, "securityhub": service{ @@ -38246,7 +38473,21 @@ var awsusgovPartition = partition{ }, }, "health": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + SSLCommonName: "health.us-gov-west-1.amazonaws.com", + Protocols: []string{"https"}, + }, + }, Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-us-gov-global", + }: endpoint{ + Hostname: "global.health.us-gov.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, endpointKey{ Region: "fips-us-gov-west-1", }: endpoint{ @@ -40488,17 +40729,33 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-east-1", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, }, }, "secretsmanager": service{ @@ -40506,37 +40763,43 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-east-1", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-gov-east-1.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-east-1-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-gov-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-gov-east-1", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-gov-west-1.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-west-1-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-gov-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-gov-west-1", - }, + Deprecated: boxedTrue, }, }, diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index 192a3361d..06b0728a2 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.48.13" +const SDKVersion = "1.49.0" diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go index 56f6e6201..6d7aa0c0a 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go @@ -161017,6 +161017,9 @@ func (s *PrivateIpAddressSpecification) SetPrivateIpAddress(v string) *PrivateIp type ProcessorInfo struct { _ struct{} `type:"structure"` + // The manufacturer of the processor. + Manufacturer *string `locationName:"manufacturer" type:"string"` + // The architectures supported by the instance type. SupportedArchitectures []*string `locationName:"supportedArchitectures" locationNameList:"item" type:"list" enum:"ArchitectureType"` @@ -161047,6 +161050,12 @@ func (s ProcessorInfo) GoString() string { return s.String() } +// SetManufacturer sets the Manufacturer field's value. +func (s *ProcessorInfo) SetManufacturer(v string) *ProcessorInfo { + s.Manufacturer = &v + return s +} + // SetSupportedArchitectures sets the SupportedArchitectures field's value. func (s *ProcessorInfo) SetSupportedArchitectures(v []*string) *ProcessorInfo { s.SupportedArchitectures = v @@ -194338,6 +194347,33 @@ const ( // InstanceTypeDl2q24xlarge is a InstanceType enum value InstanceTypeDl2q24xlarge = "dl2q.24xlarge" + + // InstanceTypeMac2M2Metal is a InstanceType enum value + InstanceTypeMac2M2Metal = "mac2-m2.metal" + + // InstanceTypeI4i12xlarge is a InstanceType enum value + InstanceTypeI4i12xlarge = "i4i.12xlarge" + + // InstanceTypeI4i24xlarge is a InstanceType enum value + InstanceTypeI4i24xlarge = "i4i.24xlarge" + + // InstanceTypeC7iMetal24xl is a InstanceType enum value + InstanceTypeC7iMetal24xl = "c7i.metal-24xl" + + // InstanceTypeC7iMetal48xl is a InstanceType enum value + InstanceTypeC7iMetal48xl = "c7i.metal-48xl" + + // InstanceTypeM7iMetal24xl is a InstanceType enum value + InstanceTypeM7iMetal24xl = "m7i.metal-24xl" + + // InstanceTypeM7iMetal48xl is a InstanceType enum value + InstanceTypeM7iMetal48xl = "m7i.metal-48xl" + + // InstanceTypeR7iMetal24xl is a InstanceType enum value + InstanceTypeR7iMetal24xl = "r7i.metal-24xl" + + // InstanceTypeR7iMetal48xl is a InstanceType enum value + InstanceTypeR7iMetal48xl = "r7i.metal-48xl" ) // InstanceType_Values returns all elements of the InstanceType enum @@ -195115,6 +195151,15 @@ func InstanceType_Values() []string { InstanceTypeR7i24xlarge, InstanceTypeR7i48xlarge, InstanceTypeDl2q24xlarge, + InstanceTypeMac2M2Metal, + InstanceTypeI4i12xlarge, + InstanceTypeI4i24xlarge, + InstanceTypeC7iMetal24xl, + InstanceTypeC7iMetal48xl, + InstanceTypeM7iMetal24xl, + InstanceTypeM7iMetal48xl, + InstanceTypeR7iMetal24xl, + InstanceTypeR7iMetal48xl, } } diff --git a/vendor/github.com/osbuild/images/internal/common/constants.go b/vendor/github.com/osbuild/images/internal/common/constants.go index 7c570a708..3257f94f1 100644 --- a/vendor/github.com/osbuild/images/internal/common/constants.go +++ b/vendor/github.com/osbuild/images/internal/common/constants.go @@ -11,6 +11,14 @@ const ( GibiByte = 1024 * 1024 * 1024 // GiB TeraByte = 1000 * 1000 * 1000 * 1000 // TB TebiByte = 1024 * 1024 * 1024 * 1024 // TiB + + // shorthands + KiB = KibiByte + MB = MegaByte + MiB = MebiByte + GB = GigaByte + GiB = GibiByte + TiB = TebiByte ) // These constants are set during buildtime using additional diff --git a/vendor/github.com/osbuild/images/pkg/blueprint/customizations.go b/vendor/github.com/osbuild/images/pkg/blueprint/customizations.go index c136ac01d..d83ed2ebb 100644 --- a/vendor/github.com/osbuild/images/pkg/blueprint/customizations.go +++ b/vendor/github.com/osbuild/images/pkg/blueprint/customizations.go @@ -45,8 +45,9 @@ type FDOCustomization struct { DiunPubKeyInsecure string `json:"diun_pub_key_insecure,omitempty" toml:"diun_pub_key_insecure,omitempty"` // This is the output of: // echo "sha256:$(openssl x509 -fingerprint -sha256 -noout -in diun_cert.pem | cut -d"=" -f2 | sed 's/://g')" - DiunPubKeyHash string `json:"diun_pub_key_hash,omitempty" toml:"diun_pub_key_hash,omitempty"` - DiunPubKeyRootCerts string `json:"diun_pub_key_root_certs,omitempty" toml:"diun_pub_key_root_certs,omitempty"` + DiunPubKeyHash string `json:"diun_pub_key_hash,omitempty" toml:"diun_pub_key_hash,omitempty"` + DiunPubKeyRootCerts string `json:"diun_pub_key_root_certs,omitempty" toml:"diun_pub_key_root_certs,omitempty"` + DiMfgStringTypeMacIface string `json:"di_mfg_string_type_mac_iface,omitempty" toml:"di_mfg_string_type_mac_iface,omitempty"` } type KernelCustomization struct { diff --git a/vendor/github.com/osbuild/images/pkg/blueprint/fsnode_customizations.go b/vendor/github.com/osbuild/images/pkg/blueprint/fsnode_customizations.go index 3e0b458c3..a99308ae1 100644 --- a/vendor/github.com/osbuild/images/pkg/blueprint/fsnode_customizations.go +++ b/vendor/github.com/osbuild/images/pkg/blueprint/fsnode_customizations.go @@ -11,8 +11,8 @@ import ( "strings" "github.com/osbuild/images/internal/common" - "github.com/osbuild/images/internal/fsnode" "github.com/osbuild/images/internal/pathpolicy" + "github.com/osbuild/images/pkg/customizations/fsnode" ) // validateModeString checks that the given string is a valid mode octal number diff --git a/vendor/github.com/osbuild/images/pkg/blueprint/repository_customizations.go b/vendor/github.com/osbuild/images/pkg/blueprint/repository_customizations.go index f534804cd..1159f8d76 100644 --- a/vendor/github.com/osbuild/images/pkg/blueprint/repository_customizations.go +++ b/vendor/github.com/osbuild/images/pkg/blueprint/repository_customizations.go @@ -7,23 +7,24 @@ import ( "strings" "github.com/osbuild/images/internal/common" - "github.com/osbuild/images/internal/fsnode" + "github.com/osbuild/images/pkg/customizations/fsnode" "github.com/osbuild/images/pkg/rpmmd" ) type RepositoryCustomization struct { - Id string `json:"id" toml:"id"` - BaseURLs []string `json:"baseurls,omitempty" toml:"baseurls,omitempty"` - GPGKeys []string `json:"gpgkeys,omitempty" toml:"gpgkeys,omitempty"` - Metalink string `json:"metalink,omitempty" toml:"metalink,omitempty"` - Mirrorlist string `json:"mirrorlist,omitempty" toml:"mirrorlist,omitempty"` - Name string `json:"name,omitempty" toml:"name,omitempty"` - Priority *int `json:"priority,omitempty" toml:"priority,omitempty"` - Enabled *bool `json:"enabled,omitempty" toml:"enabled,omitempty"` - GPGCheck *bool `json:"gpgcheck,omitempty" toml:"gpgcheck,omitempty"` - RepoGPGCheck *bool `json:"repo_gpgcheck,omitempty" toml:"repo_gpgcheck,omitempty"` - SSLVerify *bool `json:"sslverify,omitempty" toml:"sslverify,omitempty"` - Filename string `json:"filename,omitempty" toml:"filename,omitempty"` + Id string `json:"id" toml:"id"` + BaseURLs []string `json:"baseurls,omitempty" toml:"baseurls,omitempty"` + GPGKeys []string `json:"gpgkeys,omitempty" toml:"gpgkeys,omitempty"` + Metalink string `json:"metalink,omitempty" toml:"metalink,omitempty"` + Mirrorlist string `json:"mirrorlist,omitempty" toml:"mirrorlist,omitempty"` + Name string `json:"name,omitempty" toml:"name,omitempty"` + Priority *int `json:"priority,omitempty" toml:"priority,omitempty"` + Enabled *bool `json:"enabled,omitempty" toml:"enabled,omitempty"` + GPGCheck *bool `json:"gpgcheck,omitempty" toml:"gpgcheck,omitempty"` + RepoGPGCheck *bool `json:"repo_gpgcheck,omitempty" toml:"repo_gpgcheck,omitempty"` + SSLVerify *bool `json:"sslverify,omitempty" toml:"sslverify,omitempty"` + ModuleHotfixes *bool `json:"module_hotfixes,omitempty" toml:"module_hotfixes,omitempty"` + Filename string `json:"filename,omitempty" toml:"filename,omitempty"` } const repoFilenameRegex = "^[\\w.-]{1,250}\\.repo$" @@ -117,16 +118,17 @@ func (repo RepositoryCustomization) customRepoToRepoConfig() rpmmd.RepoConfig { copy(keys, repo.GPGKeys) repoConfig := rpmmd.RepoConfig{ - Id: repo.Id, - BaseURLs: urls, - GPGKeys: keys, - Name: repo.Name, - Metalink: repo.Metalink, - MirrorList: repo.Mirrorlist, - CheckGPG: repo.GPGCheck, - CheckRepoGPG: repo.RepoGPGCheck, - Priority: repo.Priority, - Enabled: repo.Enabled, + Id: repo.Id, + BaseURLs: urls, + GPGKeys: keys, + Name: repo.Name, + Metalink: repo.Metalink, + MirrorList: repo.Mirrorlist, + CheckGPG: repo.GPGCheck, + CheckRepoGPG: repo.RepoGPGCheck, + Priority: repo.Priority, + ModuleHotfixes: repo.ModuleHotfixes, + Enabled: repo.Enabled, } if repo.SSLVerify != nil { diff --git a/vendor/github.com/osbuild/images/internal/fdo/fdo.go b/vendor/github.com/osbuild/images/pkg/customizations/fdo/fdo.go similarity index 53% rename from vendor/github.com/osbuild/images/internal/fdo/fdo.go rename to vendor/github.com/osbuild/images/pkg/customizations/fdo/fdo.go index c047a6215..d86573bae 100644 --- a/vendor/github.com/osbuild/images/internal/fdo/fdo.go +++ b/vendor/github.com/osbuild/images/pkg/customizations/fdo/fdo.go @@ -3,10 +3,11 @@ package fdo import "github.com/osbuild/images/pkg/blueprint" type Options struct { - ManufacturingServerURL string - DiunPubKeyInsecure string - DiunPubKeyHash string - DiunPubKeyRootCerts string + ManufacturingServerURL string + DiunPubKeyInsecure string + DiunPubKeyHash string + DiunPubKeyRootCerts string + DiMfgStringTypeMacIface string } func FromBP(bpFDO blueprint.FDOCustomization) *Options { diff --git a/vendor/github.com/osbuild/images/internal/fsnode/dir.go b/vendor/github.com/osbuild/images/pkg/customizations/fsnode/dir.go similarity index 100% rename from vendor/github.com/osbuild/images/internal/fsnode/dir.go rename to vendor/github.com/osbuild/images/pkg/customizations/fsnode/dir.go diff --git a/vendor/github.com/osbuild/images/internal/fsnode/file.go b/vendor/github.com/osbuild/images/pkg/customizations/fsnode/file.go similarity index 100% rename from vendor/github.com/osbuild/images/internal/fsnode/file.go rename to vendor/github.com/osbuild/images/pkg/customizations/fsnode/file.go diff --git a/vendor/github.com/osbuild/images/internal/fsnode/fsnode.go b/vendor/github.com/osbuild/images/pkg/customizations/fsnode/fsnode.go similarity index 100% rename from vendor/github.com/osbuild/images/internal/fsnode/fsnode.go rename to vendor/github.com/osbuild/images/pkg/customizations/fsnode/fsnode.go diff --git a/vendor/github.com/osbuild/images/internal/ignition/ignition.go b/vendor/github.com/osbuild/images/pkg/customizations/ignition/ignition.go similarity index 100% rename from vendor/github.com/osbuild/images/internal/ignition/ignition.go rename to vendor/github.com/osbuild/images/pkg/customizations/ignition/ignition.go diff --git a/vendor/github.com/osbuild/images/internal/oscap/oscap.go b/vendor/github.com/osbuild/images/pkg/customizations/oscap/oscap.go similarity index 98% rename from vendor/github.com/osbuild/images/internal/oscap/oscap.go rename to vendor/github.com/osbuild/images/pkg/customizations/oscap/oscap.go index 5b36fd7c3..ffc06db9c 100644 --- a/vendor/github.com/osbuild/images/internal/oscap/oscap.go +++ b/vendor/github.com/osbuild/images/pkg/customizations/oscap/oscap.go @@ -5,7 +5,7 @@ import ( "path/filepath" "strings" - "github.com/osbuild/images/internal/fsnode" + "github.com/osbuild/images/pkg/customizations/fsnode" ) type Profile string diff --git a/vendor/github.com/osbuild/images/internal/shell/shell.go b/vendor/github.com/osbuild/images/pkg/customizations/shell/shell.go similarity index 100% rename from vendor/github.com/osbuild/images/internal/shell/shell.go rename to vendor/github.com/osbuild/images/pkg/customizations/shell/shell.go diff --git a/vendor/github.com/osbuild/images/internal/users/users.go b/vendor/github.com/osbuild/images/pkg/customizations/users/users.go similarity index 100% rename from vendor/github.com/osbuild/images/internal/users/users.go rename to vendor/github.com/osbuild/images/pkg/customizations/users/users.go diff --git a/vendor/github.com/osbuild/images/pkg/disk/luks.go b/vendor/github.com/osbuild/images/pkg/disk/luks.go index 21f7b786b..93b10b3a0 100644 --- a/vendor/github.com/osbuild/images/pkg/disk/luks.go +++ b/vendor/github.com/osbuild/images/pkg/disk/luks.go @@ -5,6 +5,8 @@ import ( "math/rand" "github.com/google/uuid" + + "github.com/osbuild/images/internal/common" ) type Argon2id struct { @@ -96,5 +98,5 @@ func (lc *LUKSContainer) MetadataSize() uint64 { } // 16 MiB is the default size for the LUKS2 header - return 16 * 1024 * 1024 + return 16 * common.MiB } diff --git a/vendor/github.com/osbuild/images/pkg/disk/lvm.go b/vendor/github.com/osbuild/images/pkg/disk/lvm.go index 13cb561ff..30118c025 100644 --- a/vendor/github.com/osbuild/images/pkg/disk/lvm.go +++ b/vendor/github.com/osbuild/images/pkg/disk/lvm.go @@ -138,7 +138,7 @@ func (vg *LVMVolumeGroup) MetadataSize() uint64 { // of the metadata and its location and thus the start of the physical // extent. For now we assume the default which results in a start of // the physical extent 1 MiB - return 1024 * 1024 + return 1 * common.MiB } type LVMLogicalVolume struct { diff --git a/vendor/github.com/osbuild/images/pkg/disk/partition_table.go b/vendor/github.com/osbuild/images/pkg/disk/partition_table.go index bc807e4e6..ceefabebe 100644 --- a/vendor/github.com/osbuild/images/pkg/disk/partition_table.go +++ b/vendor/github.com/osbuild/images/pkg/disk/partition_table.go @@ -7,6 +7,7 @@ import ( "github.com/google/uuid" + "github.com/osbuild/images/internal/common" "github.com/osbuild/images/pkg/blueprint" ) @@ -630,7 +631,7 @@ func (pt *PartitionTable) ensureLVM() error { // we need a /boot partition to boot LVM, ensure one exists bootPath := entityPath(pt, "/boot") if bootPath == nil { - _, err := pt.CreateMountpoint("/boot", 512*1024*1024) + _, err := pt.CreateMountpoint("/boot", 512*common.MiB) if err != nil { return err diff --git a/vendor/github.com/osbuild/images/pkg/distro/fedora/distro.go b/vendor/github.com/osbuild/images/pkg/distro/fedora/distro.go index 17b1d9d5f..ec397266a 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/fedora/distro.go +++ b/vendor/github.com/osbuild/images/pkg/distro/fedora/distro.go @@ -8,9 +8,9 @@ import ( "github.com/osbuild/images/internal/common" "github.com/osbuild/images/internal/environment" - "github.com/osbuild/images/internal/fsnode" - "github.com/osbuild/images/internal/oscap" "github.com/osbuild/images/pkg/arch" + "github.com/osbuild/images/pkg/customizations/fsnode" + "github.com/osbuild/images/pkg/customizations/oscap" "github.com/osbuild/images/pkg/distro" "github.com/osbuild/images/pkg/osbuild" "github.com/osbuild/images/pkg/platform" @@ -38,6 +38,9 @@ const ( // Added kernel command line options for ami, qcow2, openstack, vhd and vmdk types cloudKernelOptions = "ro no_timer_check console=ttyS0,115200n8 biosdevname=0 net.ifnames=0" + + // location for saving openscap remediation data + oscapDataDir = "/oscap_data" ) var ( diff --git a/vendor/github.com/osbuild/images/pkg/distro/fedora/images.go b/vendor/github.com/osbuild/images/pkg/distro/fedora/images.go index 2bc618177..6943789c2 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/fedora/images.go +++ b/vendor/github.com/osbuild/images/pkg/distro/fedora/images.go @@ -5,14 +5,14 @@ import ( "math/rand" "github.com/osbuild/images/internal/common" - "github.com/osbuild/images/internal/fdo" - "github.com/osbuild/images/internal/fsnode" - "github.com/osbuild/images/internal/ignition" - "github.com/osbuild/images/internal/oscap" - "github.com/osbuild/images/internal/users" "github.com/osbuild/images/internal/workload" "github.com/osbuild/images/pkg/blueprint" "github.com/osbuild/images/pkg/container" + "github.com/osbuild/images/pkg/customizations/fdo" + "github.com/osbuild/images/pkg/customizations/fsnode" + "github.com/osbuild/images/pkg/customizations/ignition" + "github.com/osbuild/images/pkg/customizations/oscap" + "github.com/osbuild/images/pkg/customizations/users" "github.com/osbuild/images/pkg/distro" "github.com/osbuild/images/pkg/image" "github.com/osbuild/images/pkg/manifest" @@ -165,14 +165,25 @@ func osCustomizations( if t.rpmOstree { panic("unexpected oscap options for ostree image type") } + + // although the osbuild stage will create this directory, + // it's probably better to ensure that it is created here + dataDirNode, err := fsnode.NewDirectory(oscapDataDir, nil, nil, nil, true) + if err != nil { + panic("unexpected error creating OpenSCAP data directory") + } + + osc.Directories = append(osc.Directories, dataDirNode) + var datastream = oscapConfig.DataStream if datastream == "" { datastream = oscap.DefaultFedoraDatastream() } oscapStageOptions := osbuild.OscapConfig{ - Datastream: datastream, - ProfileID: oscapConfig.ProfileID, + Datastream: datastream, + ProfileID: oscapConfig.ProfileID, + Compression: true, } if oscapConfig.Tailoring != nil { @@ -182,14 +193,15 @@ func osCustomizations( } tailoringOptions := osbuild.OscapAutotailorConfig{ + NewProfile: newProfile, + Datastream: datastream, + ProfileID: oscapConfig.ProfileID, Selected: oscapConfig.Tailoring.Selected, Unselected: oscapConfig.Tailoring.Unselected, - NewProfile: newProfile, } osc.OpenSCAPTailorConfig = osbuild.NewOscapAutotailorStageOptions( tailoringFilepath, - oscapStageOptions, tailoringOptions, ) @@ -201,7 +213,7 @@ func osCustomizations( osc.Directories = append(osc.Directories, tailoringDir) } - osc.OpenSCAPConfig = osbuild.NewOscapRemediationStageOptions(oscapStageOptions) + osc.OpenSCAPConfig = osbuild.NewOscapRemediationStageOptions(oscapDataDir, oscapStageOptions) } osc.ShellInit = imageConfig.ShellInit diff --git a/vendor/github.com/osbuild/images/pkg/distro/fedora/imagetype.go b/vendor/github.com/osbuild/images/pkg/distro/fedora/imagetype.go index 61031c5bc..b8a80a82e 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/fedora/imagetype.go +++ b/vendor/github.com/osbuild/images/pkg/distro/fedora/imagetype.go @@ -7,11 +7,11 @@ import ( "github.com/osbuild/images/internal/common" "github.com/osbuild/images/internal/environment" - "github.com/osbuild/images/internal/oscap" "github.com/osbuild/images/internal/pathpolicy" "github.com/osbuild/images/internal/workload" "github.com/osbuild/images/pkg/blueprint" "github.com/osbuild/images/pkg/container" + "github.com/osbuild/images/pkg/customizations/oscap" "github.com/osbuild/images/pkg/disk" "github.com/osbuild/images/pkg/distro" "github.com/osbuild/images/pkg/image" diff --git a/vendor/github.com/osbuild/images/pkg/distro/image_config.go b/vendor/github.com/osbuild/images/pkg/distro/image_config.go index dad0942fc..da62dde5f 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/image_config.go +++ b/vendor/github.com/osbuild/images/pkg/distro/image_config.go @@ -4,8 +4,8 @@ import ( "fmt" "reflect" - "github.com/osbuild/images/internal/fsnode" - "github.com/osbuild/images/internal/shell" + "github.com/osbuild/images/pkg/customizations/fsnode" + "github.com/osbuild/images/pkg/customizations/shell" "github.com/osbuild/images/pkg/osbuild" "github.com/osbuild/images/pkg/subscription" ) diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel7/distro.go b/vendor/github.com/osbuild/images/pkg/distro/rhel7/distro.go index 03c616155..797058d19 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel7/distro.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel7/distro.go @@ -22,6 +22,9 @@ const ( // blueprint package set name blueprintPkgsKey = "blueprint" + + // location for saving openscap remediation data + oscapDataDir = "/oscap_data" ) // RHEL-based OS image configuration defaults diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel7/images.go b/vendor/github.com/osbuild/images/pkg/distro/rhel7/images.go index 3aae1bc55..dfc541531 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel7/images.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel7/images.go @@ -5,11 +5,11 @@ import ( "math/rand" "github.com/osbuild/images/internal/common" - "github.com/osbuild/images/internal/users" "github.com/osbuild/images/internal/workload" "github.com/osbuild/images/pkg/arch" "github.com/osbuild/images/pkg/blueprint" "github.com/osbuild/images/pkg/container" + "github.com/osbuild/images/pkg/customizations/users" "github.com/osbuild/images/pkg/distro" "github.com/osbuild/images/pkg/image" "github.com/osbuild/images/pkg/manifest" @@ -131,9 +131,11 @@ func osCustomizations( if oscapConfig := c.GetOpenSCAP(); oscapConfig != nil { osc.OpenSCAPConfig = osbuild.NewOscapRemediationStageOptions( + oscapDataDir, osbuild.OscapConfig{ - Datastream: oscapConfig.DataStream, - ProfileID: oscapConfig.ProfileID, + Datastream: oscapConfig.DataStream, + ProfileID: oscapConfig.ProfileID, + Compression: true, }, ) } diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel8/azure.go b/vendor/github.com/osbuild/images/pkg/distro/rhel8/azure.go index df194c46c..34d464a87 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel8/azure.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel8/azure.go @@ -2,8 +2,8 @@ package rhel8 import ( "github.com/osbuild/images/internal/common" - "github.com/osbuild/images/internal/shell" "github.com/osbuild/images/pkg/arch" + "github.com/osbuild/images/pkg/customizations/shell" "github.com/osbuild/images/pkg/disk" "github.com/osbuild/images/pkg/distro" "github.com/osbuild/images/pkg/osbuild" diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel8/distro.go b/vendor/github.com/osbuild/images/pkg/distro/rhel8/distro.go index 047d4f6fc..fb14324c4 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel8/distro.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel8/distro.go @@ -7,8 +7,8 @@ import ( "strings" "github.com/osbuild/images/internal/common" - "github.com/osbuild/images/internal/oscap" "github.com/osbuild/images/pkg/arch" + "github.com/osbuild/images/pkg/customizations/oscap" "github.com/osbuild/images/pkg/distro" "github.com/osbuild/images/pkg/osbuild" "github.com/osbuild/images/pkg/platform" diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel8/edge.go b/vendor/github.com/osbuild/images/pkg/distro/rhel8/edge.go index fcda04bd4..87fa6be62 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel8/edge.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel8/edge.go @@ -4,8 +4,8 @@ import ( "fmt" "github.com/osbuild/images/internal/common" - "github.com/osbuild/images/internal/fsnode" "github.com/osbuild/images/pkg/arch" + "github.com/osbuild/images/pkg/customizations/fsnode" "github.com/osbuild/images/pkg/distro" "github.com/osbuild/images/pkg/rpmmd" ) diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel8/images.go b/vendor/github.com/osbuild/images/pkg/distro/rhel8/images.go index 5d0508beb..1eeae9a35 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel8/images.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel8/images.go @@ -4,15 +4,15 @@ import ( "fmt" "math/rand" - "github.com/osbuild/images/internal/fdo" - "github.com/osbuild/images/internal/fsnode" - "github.com/osbuild/images/internal/ignition" - "github.com/osbuild/images/internal/oscap" - "github.com/osbuild/images/internal/users" "github.com/osbuild/images/internal/workload" "github.com/osbuild/images/pkg/arch" "github.com/osbuild/images/pkg/blueprint" "github.com/osbuild/images/pkg/container" + "github.com/osbuild/images/pkg/customizations/fdo" + "github.com/osbuild/images/pkg/customizations/fsnode" + "github.com/osbuild/images/pkg/customizations/ignition" + "github.com/osbuild/images/pkg/customizations/oscap" + "github.com/osbuild/images/pkg/customizations/users" "github.com/osbuild/images/pkg/distro" "github.com/osbuild/images/pkg/image" "github.com/osbuild/images/pkg/manifest" @@ -186,14 +186,25 @@ func osCustomizations( if t.rpmOstree { panic("unexpected oscap options for ostree image type") } + + // although the osbuild stage will create this directory, + // it's probably better to ensure that it is created here + dataDirNode, err := fsnode.NewDirectory(oscapDataDir, nil, nil, nil, true) + if err != nil { + panic("unexpected error creating OpenSCAP data directory") + } + + osc.Directories = append(osc.Directories, dataDirNode) + var datastream = oscapConfig.DataStream if datastream == "" { datastream = oscap.DefaultRHEL8Datastream(t.arch.distro.isRHEL()) } oscapStageOptions := osbuild.OscapConfig{ - Datastream: datastream, - ProfileID: oscapConfig.ProfileID, + Datastream: datastream, + ProfileID: oscapConfig.ProfileID, + Compression: true, } if oscapConfig.Tailoring != nil { @@ -203,14 +214,15 @@ func osCustomizations( } tailoringOptions := osbuild.OscapAutotailorConfig{ + NewProfile: newProfile, + Datastream: datastream, + ProfileID: oscapConfig.ProfileID, Selected: oscapConfig.Tailoring.Selected, Unselected: oscapConfig.Tailoring.Unselected, - NewProfile: newProfile, } osc.OpenSCAPTailorConfig = osbuild.NewOscapAutotailorStageOptions( tailoringFilepath, - oscapStageOptions, tailoringOptions, ) @@ -222,7 +234,7 @@ func osCustomizations( osc.Directories = append(osc.Directories, tailoringDir) } - osc.OpenSCAPConfig = osbuild.NewOscapRemediationStageOptions(oscapStageOptions) + osc.OpenSCAPConfig = osbuild.NewOscapRemediationStageOptions(oscapDataDir, oscapStageOptions) } osc.ShellInit = imageConfig.ShellInit diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel8/imagetype.go b/vendor/github.com/osbuild/images/pkg/distro/rhel8/imagetype.go index edf11da9b..88bd78709 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel8/imagetype.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel8/imagetype.go @@ -10,11 +10,11 @@ import ( "github.com/osbuild/images/internal/common" "github.com/osbuild/images/internal/environment" - "github.com/osbuild/images/internal/oscap" "github.com/osbuild/images/internal/pathpolicy" "github.com/osbuild/images/internal/workload" "github.com/osbuild/images/pkg/blueprint" "github.com/osbuild/images/pkg/container" + "github.com/osbuild/images/pkg/customizations/oscap" "github.com/osbuild/images/pkg/disk" "github.com/osbuild/images/pkg/distro" "github.com/osbuild/images/pkg/image" @@ -37,6 +37,9 @@ const ( // blueprint package set name blueprintPkgsKey = "blueprint" + + // location for saving openscap remediation data + oscapDataDir = "/oscap_data" ) type imageFunc func(workload workload.Workload, t *imageType, customizations *blueprint.Customizations, options distro.ImageOptions, packageSets map[string]rpmmd.PackageSet, containers []container.SourceSpec, rng *rand.Rand) (image.ImageKind, error) diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel9/distro.go b/vendor/github.com/osbuild/images/pkg/distro/rhel9/distro.go index e84315139..92415038b 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel9/distro.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel9/distro.go @@ -7,8 +7,8 @@ import ( "strings" "github.com/osbuild/images/internal/common" - "github.com/osbuild/images/internal/oscap" "github.com/osbuild/images/pkg/arch" + "github.com/osbuild/images/pkg/customizations/oscap" "github.com/osbuild/images/pkg/distro" "github.com/osbuild/images/pkg/osbuild" "github.com/osbuild/images/pkg/platform" diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel9/edge.go b/vendor/github.com/osbuild/images/pkg/distro/rhel9/edge.go index be41c605e..280cc747b 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel9/edge.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel9/edge.go @@ -5,8 +5,8 @@ import ( "github.com/osbuild/images/internal/common" "github.com/osbuild/images/internal/environment" - "github.com/osbuild/images/internal/fsnode" "github.com/osbuild/images/pkg/arch" + "github.com/osbuild/images/pkg/customizations/fsnode" "github.com/osbuild/images/pkg/disk" "github.com/osbuild/images/pkg/distro" "github.com/osbuild/images/pkg/osbuild" @@ -400,7 +400,7 @@ func edgeBasePartitionTables(t *imageType) (disk.PartitionTable, bool) { Description: "built with lvm2 and osbuild", LogicalVolumes: []disk.LVMLogicalVolume{ { - Size: 9 * 1024 * 1024 * 1024, // 9 GB + Size: 9 * common.GiB, // 9 GiB Name: "rootlv", Payload: &disk.Filesystem{ Type: "xfs", @@ -471,7 +471,7 @@ func edgeBasePartitionTables(t *imageType) (disk.PartitionTable, bool) { Description: "built with lvm2 and osbuild", LogicalVolumes: []disk.LVMLogicalVolume{ { - Size: 9 * 1024 * 1024 * 1024, // 9 GB + Size: 9 * common.GiB, // 9 GiB Name: "rootlv", Payload: &disk.Filesystem{ Type: "xfs", diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel9/images.go b/vendor/github.com/osbuild/images/pkg/distro/rhel9/images.go index 9d9ff97f0..225e7a06b 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel9/images.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel9/images.go @@ -5,14 +5,14 @@ import ( "math/rand" "github.com/osbuild/images/internal/common" - "github.com/osbuild/images/internal/fdo" - "github.com/osbuild/images/internal/fsnode" - "github.com/osbuild/images/internal/ignition" - "github.com/osbuild/images/internal/oscap" - "github.com/osbuild/images/internal/users" "github.com/osbuild/images/internal/workload" "github.com/osbuild/images/pkg/blueprint" "github.com/osbuild/images/pkg/container" + "github.com/osbuild/images/pkg/customizations/fdo" + "github.com/osbuild/images/pkg/customizations/fsnode" + "github.com/osbuild/images/pkg/customizations/ignition" + "github.com/osbuild/images/pkg/customizations/oscap" + "github.com/osbuild/images/pkg/customizations/users" "github.com/osbuild/images/pkg/distro" "github.com/osbuild/images/pkg/image" "github.com/osbuild/images/pkg/manifest" @@ -183,14 +183,25 @@ func osCustomizations( if t.rpmOstree { panic("unexpected oscap options for ostree image type") } + + // although the osbuild stage will create this directory, + // it's probably better to ensure that it is created here + dataDirNode, err := fsnode.NewDirectory(oscapDataDir, nil, nil, nil, true) + if err != nil { + panic("unexpected error creating OpenSCAP data directory") + } + + osc.Directories = append(osc.Directories, dataDirNode) + var datastream = oscapConfig.DataStream if datastream == "" { datastream = oscap.DefaultRHEL9Datastream(t.arch.distro.isRHEL()) } oscapStageOptions := osbuild.OscapConfig{ - Datastream: datastream, - ProfileID: oscapConfig.ProfileID, + Datastream: datastream, + ProfileID: oscapConfig.ProfileID, + Compression: true, } if oscapConfig.Tailoring != nil { @@ -200,14 +211,15 @@ func osCustomizations( } tailoringOptions := osbuild.OscapAutotailorConfig{ + NewProfile: newProfile, + Datastream: datastream, + ProfileID: oscapConfig.ProfileID, Selected: oscapConfig.Tailoring.Selected, Unselected: oscapConfig.Tailoring.Unselected, - NewProfile: newProfile, } osc.OpenSCAPTailorConfig = osbuild.NewOscapAutotailorStageOptions( tailoringFilepath, - oscapStageOptions, tailoringOptions, ) @@ -219,7 +231,7 @@ func osCustomizations( osc.Directories = append(osc.Directories, tailoringDir) } - osc.OpenSCAPConfig = osbuild.NewOscapRemediationStageOptions(oscapStageOptions) + osc.OpenSCAPConfig = osbuild.NewOscapRemediationStageOptions(oscapDataDir, oscapStageOptions) } osc.ShellInit = imageConfig.ShellInit diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel9/imagetype.go b/vendor/github.com/osbuild/images/pkg/distro/rhel9/imagetype.go index a307caec3..6d8b6e9dc 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel9/imagetype.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel9/imagetype.go @@ -10,11 +10,11 @@ import ( "github.com/osbuild/images/internal/common" "github.com/osbuild/images/internal/environment" - "github.com/osbuild/images/internal/oscap" "github.com/osbuild/images/internal/pathpolicy" "github.com/osbuild/images/internal/workload" "github.com/osbuild/images/pkg/blueprint" "github.com/osbuild/images/pkg/container" + "github.com/osbuild/images/pkg/customizations/oscap" "github.com/osbuild/images/pkg/disk" "github.com/osbuild/images/pkg/distro" "github.com/osbuild/images/pkg/image" @@ -40,6 +40,9 @@ const ( // blueprint package set name blueprintPkgsKey = "blueprint" + + // location for saving openscap remediation data + oscapDataDir = "/oscap_data" ) type imageFunc func(workload workload.Workload, t *imageType, customizations *blueprint.Customizations, options distro.ImageOptions, packageSets map[string]rpmmd.PackageSet, containers []container.SourceSpec, rng *rand.Rand) (image.ImageKind, error) diff --git a/vendor/github.com/osbuild/images/pkg/image/anaconda_live_installer.go b/vendor/github.com/osbuild/images/pkg/image/anaconda_live_installer.go index 2487e16b6..97bcea742 100644 --- a/vendor/github.com/osbuild/images/pkg/image/anaconda_live_installer.go +++ b/vendor/github.com/osbuild/images/pkg/image/anaconda_live_installer.go @@ -46,7 +46,7 @@ func (img *AnacondaLiveInstaller) InstantiateManifest(m *manifest.Manifest, repos []rpmmd.RepoConfig, runner runner.Runner, rng *rand.Rand) (*artifact.Artifact, error) { - buildPipeline := manifest.NewBuild(m, runner, repos) + buildPipeline := manifest.NewBuild(m, runner, repos, nil) buildPipeline.Checkpoint() livePipeline := manifest.NewAnacondaInstaller(m, diff --git a/vendor/github.com/osbuild/images/pkg/image/anaconda_ostree_installer.go b/vendor/github.com/osbuild/images/pkg/image/anaconda_ostree_installer.go index 5636b4616..bea9c13a7 100644 --- a/vendor/github.com/osbuild/images/pkg/image/anaconda_ostree_installer.go +++ b/vendor/github.com/osbuild/images/pkg/image/anaconda_ostree_installer.go @@ -5,9 +5,9 @@ import ( "math/rand" "github.com/osbuild/images/internal/common" - "github.com/osbuild/images/internal/users" "github.com/osbuild/images/pkg/arch" "github.com/osbuild/images/pkg/artifact" + "github.com/osbuild/images/pkg/customizations/users" "github.com/osbuild/images/pkg/disk" "github.com/osbuild/images/pkg/manifest" "github.com/osbuild/images/pkg/ostree" @@ -53,7 +53,7 @@ func (img *AnacondaOSTreeInstaller) InstantiateManifest(m *manifest.Manifest, repos []rpmmd.RepoConfig, runner runner.Runner, rng *rand.Rand) (*artifact.Artifact, error) { - buildPipeline := manifest.NewBuild(m, runner, repos) + buildPipeline := manifest.NewBuild(m, runner, repos, nil) buildPipeline.Checkpoint() anacondaPipeline := manifest.NewAnacondaInstaller(m, diff --git a/vendor/github.com/osbuild/images/pkg/image/anaconda_tar_installer.go b/vendor/github.com/osbuild/images/pkg/image/anaconda_tar_installer.go index 46d34d4e2..83c073e92 100644 --- a/vendor/github.com/osbuild/images/pkg/image/anaconda_tar_installer.go +++ b/vendor/github.com/osbuild/images/pkg/image/anaconda_tar_installer.go @@ -7,10 +7,10 @@ import ( "github.com/osbuild/images/internal/common" "github.com/osbuild/images/internal/environment" - "github.com/osbuild/images/internal/users" "github.com/osbuild/images/internal/workload" "github.com/osbuild/images/pkg/arch" "github.com/osbuild/images/pkg/artifact" + "github.com/osbuild/images/pkg/customizations/users" "github.com/osbuild/images/pkg/disk" "github.com/osbuild/images/pkg/manifest" "github.com/osbuild/images/pkg/platform" @@ -63,7 +63,7 @@ func (img *AnacondaTarInstaller) InstantiateManifest(m *manifest.Manifest, repos []rpmmd.RepoConfig, runner runner.Runner, rng *rand.Rand) (*artifact.Artifact, error) { - buildPipeline := manifest.NewBuild(m, runner, repos) + buildPipeline := manifest.NewBuild(m, runner, repos, nil) buildPipeline.Checkpoint() anacondaPipeline := manifest.NewAnacondaInstaller(m, diff --git a/vendor/github.com/osbuild/images/pkg/image/archive.go b/vendor/github.com/osbuild/images/pkg/image/archive.go index edf30a0a9..85767c05d 100644 --- a/vendor/github.com/osbuild/images/pkg/image/archive.go +++ b/vendor/github.com/osbuild/images/pkg/image/archive.go @@ -31,7 +31,7 @@ func (img *Archive) InstantiateManifest(m *manifest.Manifest, repos []rpmmd.RepoConfig, runner runner.Runner, rng *rand.Rand) (*artifact.Artifact, error) { - buildPipeline := manifest.NewBuild(m, runner, repos) + buildPipeline := manifest.NewBuild(m, runner, repos, nil) buildPipeline.Checkpoint() osPipeline := manifest.NewOS(m, buildPipeline, img.Platform, repos) diff --git a/vendor/github.com/osbuild/images/pkg/image/container.go b/vendor/github.com/osbuild/images/pkg/image/container.go index c967ea596..977feab52 100644 --- a/vendor/github.com/osbuild/images/pkg/image/container.go +++ b/vendor/github.com/osbuild/images/pkg/image/container.go @@ -31,7 +31,7 @@ func (img *BaseContainer) InstantiateManifest(m *manifest.Manifest, repos []rpmmd.RepoConfig, runner runner.Runner, rng *rand.Rand) (*artifact.Artifact, error) { - buildPipeline := manifest.NewBuild(m, runner, repos) + buildPipeline := manifest.NewBuild(m, runner, repos, nil) buildPipeline.Checkpoint() osPipeline := manifest.NewOS(m, buildPipeline, img.Platform, repos) diff --git a/vendor/github.com/osbuild/images/pkg/image/disk.go b/vendor/github.com/osbuild/images/pkg/image/disk.go index 2669ed128..45f5b3079 100644 --- a/vendor/github.com/osbuild/images/pkg/image/disk.go +++ b/vendor/github.com/osbuild/images/pkg/image/disk.go @@ -49,7 +49,7 @@ func (img *DiskImage) InstantiateManifest(m *manifest.Manifest, repos []rpmmd.RepoConfig, runner runner.Runner, rng *rand.Rand) (*artifact.Artifact, error) { - buildPipeline := manifest.NewBuild(m, runner, repos) + buildPipeline := manifest.NewBuild(m, runner, repos, nil) buildPipeline.Checkpoint() osPipeline := manifest.NewOS(m, buildPipeline, img.Platform, repos) diff --git a/vendor/github.com/osbuild/images/pkg/image/ostree_archive.go b/vendor/github.com/osbuild/images/pkg/image/ostree_archive.go index d0deff6ee..5cd02dddc 100644 --- a/vendor/github.com/osbuild/images/pkg/image/ostree_archive.go +++ b/vendor/github.com/osbuild/images/pkg/image/ostree_archive.go @@ -47,7 +47,7 @@ func (img *OSTreeArchive) InstantiateManifest(m *manifest.Manifest, repos []rpmmd.RepoConfig, runner runner.Runner, rng *rand.Rand) (*artifact.Artifact, error) { - buildPipeline := manifest.NewBuild(m, runner, repos) + buildPipeline := manifest.NewBuild(m, runner, repos, nil) buildPipeline.Checkpoint() osPipeline := manifest.NewOS(m, buildPipeline, img.Platform, repos) diff --git a/vendor/github.com/osbuild/images/pkg/image/ostree_container.go b/vendor/github.com/osbuild/images/pkg/image/ostree_container.go index 75373e31f..16e2f7ef2 100644 --- a/vendor/github.com/osbuild/images/pkg/image/ostree_container.go +++ b/vendor/github.com/osbuild/images/pkg/image/ostree_container.go @@ -44,7 +44,7 @@ func (img *OSTreeContainer) InstantiateManifest(m *manifest.Manifest, repos []rpmmd.RepoConfig, runner runner.Runner, rng *rand.Rand) (*artifact.Artifact, error) { - buildPipeline := manifest.NewBuild(m, runner, repos) + buildPipeline := manifest.NewBuild(m, runner, repos, nil) buildPipeline.Checkpoint() osPipeline := manifest.NewOS(m, buildPipeline, img.Platform, repos) diff --git a/vendor/github.com/osbuild/images/pkg/image/ostree_disk.go b/vendor/github.com/osbuild/images/pkg/image/ostree_disk.go index 19e8c105f..ca418a313 100644 --- a/vendor/github.com/osbuild/images/pkg/image/ostree_disk.go +++ b/vendor/github.com/osbuild/images/pkg/image/ostree_disk.go @@ -4,11 +4,11 @@ import ( "fmt" "math/rand" - "github.com/osbuild/images/internal/fsnode" - "github.com/osbuild/images/internal/users" "github.com/osbuild/images/internal/workload" "github.com/osbuild/images/pkg/artifact" "github.com/osbuild/images/pkg/container" + "github.com/osbuild/images/pkg/customizations/fsnode" + "github.com/osbuild/images/pkg/customizations/users" "github.com/osbuild/images/pkg/disk" "github.com/osbuild/images/pkg/manifest" "github.com/osbuild/images/pkg/ostree" @@ -53,6 +53,10 @@ type OSTreeDiskImage struct { // Lock the root account in the deployment unless the user defined root // user options in the build configuration. LockRoot bool + + // Container buildable tweaks the buildroot to be container friendly, + // i.e. to not rely on an installed osbuild-selinux + ContainerBuildable bool } func NewOSTreeDiskImageFromCommit(commit ostree.SourceSpec) *OSTreeDiskImage { @@ -102,11 +106,14 @@ func baseRawOstreeImage(img *OSTreeDiskImage, m *manifest.Manifest, buildPipelin return manifest.NewRawOStreeImage(buildPipeline, osPipeline, img.Platform) } +// replaced in testing +var manifestNewBuild = manifest.NewBuild + func (img *OSTreeDiskImage) InstantiateManifest(m *manifest.Manifest, repos []rpmmd.RepoConfig, runner runner.Runner, rng *rand.Rand) (*artifact.Artifact, error) { - buildPipeline := manifest.NewBuild(m, runner, repos) + buildPipeline := manifestNewBuild(m, runner, repos, &manifest.BuildOptions{ContainerBuildable: img.ContainerBuildable}) buildPipeline.Checkpoint() // don't support compressing non-raw images diff --git a/vendor/github.com/osbuild/images/pkg/image/ostree_simplified_installer.go b/vendor/github.com/osbuild/images/pkg/image/ostree_simplified_installer.go index abb59e79e..151b8abe6 100644 --- a/vendor/github.com/osbuild/images/pkg/image/ostree_simplified_installer.go +++ b/vendor/github.com/osbuild/images/pkg/image/ostree_simplified_installer.go @@ -6,11 +6,11 @@ import ( "github.com/osbuild/images/internal/common" "github.com/osbuild/images/internal/environment" - "github.com/osbuild/images/internal/fdo" - "github.com/osbuild/images/internal/ignition" "github.com/osbuild/images/internal/workload" "github.com/osbuild/images/pkg/arch" "github.com/osbuild/images/pkg/artifact" + "github.com/osbuild/images/pkg/customizations/fdo" + "github.com/osbuild/images/pkg/customizations/ignition" "github.com/osbuild/images/pkg/disk" "github.com/osbuild/images/pkg/manifest" "github.com/osbuild/images/pkg/platform" @@ -73,7 +73,7 @@ func (img *OSTreeSimplifiedInstaller) InstantiateManifest(m *manifest.Manifest, repos []rpmmd.RepoConfig, runner runner.Runner, rng *rand.Rand) (*artifact.Artifact, error) { - buildPipeline := manifest.NewBuild(m, runner, repos) + buildPipeline := manifest.NewBuild(m, runner, repos, nil) buildPipeline.Checkpoint() imageFilename := "image.raw.xz" @@ -127,6 +127,9 @@ func (img *OSTreeSimplifiedInstaller) InstantiateManifest(m *manifest.Manifest, if img.FDO.DiunPubKeyRootCerts != "" { kernelOpts = append(kernelOpts, "fdo.diun_pub_key_root_certs=/fdo_diun_pub_key_root_certs.pem") } + if img.FDO.DiMfgStringTypeMacIface != "" { + kernelOpts = append(kernelOpts, "fdo.di_mfg_string_type_mac_iface="+img.FDO.DiMfgStringTypeMacIface) + } } bootTreePipeline.KernelOpts = kernelOpts diff --git a/vendor/github.com/osbuild/images/pkg/manifest/anaconda_installer.go b/vendor/github.com/osbuild/images/pkg/manifest/anaconda_installer.go index 3046e623f..958f77b24 100644 --- a/vendor/github.com/osbuild/images/pkg/manifest/anaconda_installer.go +++ b/vendor/github.com/osbuild/images/pkg/manifest/anaconda_installer.go @@ -4,10 +4,10 @@ import ( "fmt" "os" - "github.com/osbuild/images/internal/fsnode" - "github.com/osbuild/images/internal/users" "github.com/osbuild/images/pkg/arch" "github.com/osbuild/images/pkg/container" + "github.com/osbuild/images/pkg/customizations/fsnode" + "github.com/osbuild/images/pkg/customizations/users" "github.com/osbuild/images/pkg/osbuild" "github.com/osbuild/images/pkg/ostree" "github.com/osbuild/images/pkg/platform" @@ -309,14 +309,11 @@ func (p *AnacondaInstaller) serialize() osbuild.Pipeline { if p.Type == AnacondaInstallerTypePayload { if p.InteractiveDefaults != nil { - kickstartOptions, err := osbuild.NewKickstartStageOptions( + kickstartOptions, err := osbuild.NewKickstartStageOptionsWithLiveIMG( "/usr/share/anaconda/interactive-defaults.ks", - p.InteractiveDefaults.TarPath, p.Users, p.Groups, - "", - "", - "", + p.InteractiveDefaults.TarPath, ) if err != nil { diff --git a/vendor/github.com/osbuild/images/pkg/manifest/anaconda_installer_iso_tree.go b/vendor/github.com/osbuild/images/pkg/manifest/anaconda_installer_iso_tree.go index 8fc5461de..cb209de4d 100644 --- a/vendor/github.com/osbuild/images/pkg/manifest/anaconda_installer_iso_tree.go +++ b/vendor/github.com/osbuild/images/pkg/manifest/anaconda_installer_iso_tree.go @@ -4,8 +4,8 @@ import ( "fmt" "path" - "github.com/osbuild/images/internal/users" "github.com/osbuild/images/pkg/container" + "github.com/osbuild/images/pkg/customizations/users" "github.com/osbuild/images/pkg/disk" "github.com/osbuild/images/pkg/osbuild" "github.com/osbuild/images/pkg/ostree" @@ -272,7 +272,13 @@ func (p *AnacondaInstallerISOTree) serialize() osbuild.Pipeline { )) // Configure the kickstart file with the payload and any user options - kickstartOptions, err := osbuild.NewKickstartStageOptions(p.KSPath, "", p.Users, p.Groups, makeISORootPath(p.PayloadPath), p.ostreeCommitSpec.Ref, p.OSName) + kickstartOptions, err := osbuild.NewKickstartStageOptionsWithOSTreeCommit( + p.KSPath, + p.Users, + p.Groups, + makeISORootPath(p.PayloadPath), + p.ostreeCommitSpec.Ref, + p.OSName) if err != nil { panic("failed to create kickstartstage options") @@ -288,7 +294,12 @@ func (p *AnacondaInstallerISOTree) serialize() osbuild.Pipeline { // If the KSPath is set, we need to add the kickstart stage to this (bootiso-tree) pipeline. // If it's not specified here, it should have been added to the InteractiveDefaults in the anaconda-tree. if p.KSPath != "" { - kickstartOptions, err := osbuild.NewKickstartStageOptions(p.KSPath, makeISORootPath(p.PayloadPath), p.Users, p.Groups, "", "", p.OSName) + kickstartOptions, err := osbuild.NewKickstartStageOptionsWithLiveIMG( + p.KSPath, + p.Users, + p.Groups, + makeISORootPath(p.PayloadPath)) + if err != nil { panic("failed to create kickstartstage options") } diff --git a/vendor/github.com/osbuild/images/pkg/manifest/build.go b/vendor/github.com/osbuild/images/pkg/manifest/build.go index 65e5b6aa1..05b532f5f 100644 --- a/vendor/github.com/osbuild/images/pkg/manifest/build.go +++ b/vendor/github.com/osbuild/images/pkg/manifest/build.go @@ -22,17 +22,31 @@ type Build struct { dependents []Pipeline repos []rpmmd.RepoConfig packageSpecs []rpmmd.PackageSpec + + containerBuildable bool +} + +type BuildOptions struct { + // ContainerBuildable tweaks the buildroot to be container friendly, + // i.e. to not rely on an installed osbuild-selinux + ContainerBuildable bool } // NewBuild creates a new build pipeline from the repositories in repos // and the specified packages. -func NewBuild(m *Manifest, runner runner.Runner, repos []rpmmd.RepoConfig) *Build { +func NewBuild(m *Manifest, runner runner.Runner, repos []rpmmd.RepoConfig, opts *BuildOptions) *Build { + if opts == nil { + opts = &BuildOptions{} + } + name := "build" pipeline := &Build{ Base: NewBase(m, name, nil), runner: runner, dependents: make([]Pipeline, 0), repos: filterRepos(repos, name), + + containerBuildable: opts.ContainerBuildable, } m.addPipeline(pipeline) return pipeline @@ -109,6 +123,10 @@ func (p *Build) getSELinuxLabels() map[string]string { switch pkg.Name { case "coreutils": labels["/usr/bin/cp"] = "system_u:object_r:install_exec_t:s0" + if p.containerBuildable { + labels["/usr/bin/mount"] = "system_u:object_r:install_exec_t:s0" + labels["/usr/bin/umount"] = "system_u:object_r:install_exec_t:s0" + } case "tar": labels["/usr/bin/tar"] = "system_u:object_r:install_exec_t:s0" } diff --git a/vendor/github.com/osbuild/images/pkg/manifest/coi_iso_tree.go b/vendor/github.com/osbuild/images/pkg/manifest/coi_iso_tree.go index 269f97737..9c3fca9a0 100644 --- a/vendor/github.com/osbuild/images/pkg/manifest/coi_iso_tree.go +++ b/vendor/github.com/osbuild/images/pkg/manifest/coi_iso_tree.go @@ -4,7 +4,7 @@ import ( "crypto/sha256" "fmt" - "github.com/osbuild/images/internal/users" + "github.com/osbuild/images/pkg/customizations/users" "github.com/osbuild/images/pkg/disk" "github.com/osbuild/images/pkg/osbuild" ) diff --git a/vendor/github.com/osbuild/images/pkg/manifest/coreos_installer.go b/vendor/github.com/osbuild/images/pkg/manifest/coreos_installer.go index 24206561e..a469911e6 100644 --- a/vendor/github.com/osbuild/images/pkg/manifest/coreos_installer.go +++ b/vendor/github.com/osbuild/images/pkg/manifest/coreos_installer.go @@ -3,10 +3,10 @@ package manifest import ( "fmt" - "github.com/osbuild/images/internal/fdo" - "github.com/osbuild/images/internal/ignition" "github.com/osbuild/images/pkg/arch" "github.com/osbuild/images/pkg/container" + "github.com/osbuild/images/pkg/customizations/fdo" + "github.com/osbuild/images/pkg/customizations/ignition" "github.com/osbuild/images/pkg/osbuild" "github.com/osbuild/images/pkg/ostree" "github.com/osbuild/images/pkg/platform" diff --git a/vendor/github.com/osbuild/images/pkg/manifest/os.go b/vendor/github.com/osbuild/images/pkg/manifest/os.go index 95f95051e..2e0317466 100644 --- a/vendor/github.com/osbuild/images/pkg/manifest/os.go +++ b/vendor/github.com/osbuild/images/pkg/manifest/os.go @@ -7,12 +7,12 @@ import ( "github.com/osbuild/images/internal/common" "github.com/osbuild/images/internal/environment" - "github.com/osbuild/images/internal/fsnode" - "github.com/osbuild/images/internal/shell" - "github.com/osbuild/images/internal/users" "github.com/osbuild/images/internal/workload" "github.com/osbuild/images/pkg/arch" "github.com/osbuild/images/pkg/container" + "github.com/osbuild/images/pkg/customizations/fsnode" + "github.com/osbuild/images/pkg/customizations/shell" + "github.com/osbuild/images/pkg/customizations/users" "github.com/osbuild/images/pkg/disk" "github.com/osbuild/images/pkg/osbuild" "github.com/osbuild/images/pkg/ostree" @@ -220,7 +220,7 @@ func (p *OS) getPackageSetChain(Distro) []rpmmd.PackageSet { } if p.OpenSCAPConfig != nil { - packages = append(packages, "openscap-scanner", "scap-security-guide") + packages = append(packages, "openscap-scanner", "scap-security-guide", "xz") } // Make sure the right packages are included for subscriptions diff --git a/vendor/github.com/osbuild/images/pkg/manifest/ostree_deployment.go b/vendor/github.com/osbuild/images/pkg/manifest/ostree_deployment.go index f34cdedab..52e97c174 100644 --- a/vendor/github.com/osbuild/images/pkg/manifest/ostree_deployment.go +++ b/vendor/github.com/osbuild/images/pkg/manifest/ostree_deployment.go @@ -6,9 +6,9 @@ import ( "strings" "github.com/osbuild/images/internal/common" - "github.com/osbuild/images/internal/fsnode" - "github.com/osbuild/images/internal/users" "github.com/osbuild/images/pkg/container" + "github.com/osbuild/images/pkg/customizations/fsnode" + "github.com/osbuild/images/pkg/customizations/users" "github.com/osbuild/images/pkg/disk" "github.com/osbuild/images/pkg/osbuild" "github.com/osbuild/images/pkg/ostree" diff --git a/vendor/github.com/osbuild/images/pkg/osbuild/fips.go b/vendor/github.com/osbuild/images/pkg/osbuild/fips.go index 91ffed800..8cf447e56 100644 --- a/vendor/github.com/osbuild/images/pkg/osbuild/fips.go +++ b/vendor/github.com/osbuild/images/pkg/osbuild/fips.go @@ -4,7 +4,7 @@ import ( "os" "github.com/osbuild/images/internal/common" - "github.com/osbuild/images/internal/fsnode" + "github.com/osbuild/images/pkg/customizations/fsnode" "github.com/osbuild/images/pkg/disk" ) diff --git a/vendor/github.com/osbuild/images/pkg/osbuild/fsnode.go b/vendor/github.com/osbuild/images/pkg/osbuild/fsnode.go index 9345f82c6..f5399d6b8 100644 --- a/vendor/github.com/osbuild/images/pkg/osbuild/fsnode.go +++ b/vendor/github.com/osbuild/images/pkg/osbuild/fsnode.go @@ -4,7 +4,7 @@ import ( "crypto/sha256" "fmt" - "github.com/osbuild/images/internal/fsnode" + "github.com/osbuild/images/pkg/customizations/fsnode" ) // GenFileNodesStages generates the stages for a list of file nodes. diff --git a/vendor/github.com/osbuild/images/pkg/osbuild/groups_stage.go b/vendor/github.com/osbuild/images/pkg/osbuild/groups_stage.go index 97350807b..7f8982348 100644 --- a/vendor/github.com/osbuild/images/pkg/osbuild/groups_stage.go +++ b/vendor/github.com/osbuild/images/pkg/osbuild/groups_stage.go @@ -1,7 +1,7 @@ package osbuild import ( - "github.com/osbuild/images/internal/users" + "github.com/osbuild/images/pkg/customizations/users" ) type GroupsStageOptions struct { diff --git a/vendor/github.com/osbuild/images/pkg/osbuild/kickstart_stage.go b/vendor/github.com/osbuild/images/pkg/osbuild/kickstart_stage.go index 0f41baca5..3ad57115d 100644 --- a/vendor/github.com/osbuild/images/pkg/osbuild/kickstart_stage.go +++ b/vendor/github.com/osbuild/images/pkg/osbuild/kickstart_stage.go @@ -1,31 +1,40 @@ package osbuild -import "github.com/osbuild/images/internal/users" +import "github.com/osbuild/images/pkg/customizations/users" type KickstartStageOptions struct { // Where to place the kickstart file Path string `json:"path"` - OSTree *OSTreeOptions `json:"ostree,omitempty"` + OSTreeCommit *OSTreeCommitOptions `json:"ostree,omitempty"` + OSTreeContainer *OSTreeContainerOptions `json:"ostreecontainer,omitempty"` - LiveIMG *LiveIMG `json:"liveimg,omitempty"` + LiveIMG *LiveIMGOptions `json:"liveimg,omitempty"` Users map[string]UsersStageOptionsUser `json:"users,omitempty"` Groups map[string]GroupsStageOptionsGroup `json:"groups,omitempty"` } -type LiveIMG struct { +type LiveIMGOptions struct { URL string `json:"url"` } -type OSTreeOptions struct { +type OSTreeCommitOptions struct { OSName string `json:"osname"` URL string `json:"url"` Ref string `json:"ref"` GPG bool `json:"gpg"` } +type OSTreeContainerOptions struct { + StateRoot string `json:"stateroot"` + URL string `json:"url"` + Transport string `json:"transport"` + Remote string `json:"remote"` + SignatureVerification bool `json:"signatureverification"` +} + func (KickstartStageOptions) isStageOptions() {} // Creates an Anaconda kickstart file @@ -38,12 +47,8 @@ func NewKickstartStage(options *KickstartStageOptions) *Stage { func NewKickstartStageOptions( path string, - imageURL string, userCustomizations []users.User, - groupCustomizations []users.Group, - ostreeURL string, - ostreeRef string, - osName string) (*KickstartStageOptions, error) { + groupCustomizations []users.Group) (*KickstartStageOptions, error) { var users map[string]UsersStageOptionsUser if usersOptions, err := NewUsersStageOptions(userCustomizations, false); err != nil { @@ -57,27 +62,91 @@ func NewKickstartStageOptions( groups = groupsOptions.Groups } - var ostreeOptions *OSTreeOptions + return &KickstartStageOptions{ + Path: path, + OSTreeCommit: nil, + LiveIMG: nil, + Users: users, + Groups: groups, + }, nil +} + +func NewKickstartStageOptionsWithOSTreeCommit( + path string, + userCustomizations []users.User, + groupCustomizations []users.Group, + ostreeURL string, + ostreeRef string, + osName string) (*KickstartStageOptions, error) { + + options, err := NewKickstartStageOptions(path, userCustomizations, groupCustomizations) + + if err != nil { + return nil, err + } + if ostreeURL != "" { - ostreeOptions = &OSTreeOptions{ + ostreeCommitOptions := &OSTreeCommitOptions{ OSName: osName, URL: ostreeURL, Ref: ostreeRef, GPG: false, } + + options.OSTreeCommit = ostreeCommitOptions + } + + return options, nil +} + +func NewKickstartStageOptionsWithOSTreeContainer( + path string, + userCustomizations []users.User, + groupCustomizations []users.Group, + containerURL string, + containerTransport string, + containerRemote string, + containerStateRoot string) (*KickstartStageOptions, error) { + + options, err := NewKickstartStageOptions(path, userCustomizations, groupCustomizations) + + if err != nil { + return nil, err + } + + if containerURL != "" { + ostreeContainerOptions := &OSTreeContainerOptions{ + StateRoot: containerStateRoot, + URL: containerURL, + Remote: containerRemote, + Transport: containerTransport, + SignatureVerification: false, + } + + options.OSTreeContainer = ostreeContainerOptions + } + + return options, nil +} + +func NewKickstartStageOptionsWithLiveIMG( + path string, + userCustomizations []users.User, + groupCustomizations []users.Group, + imageURL string) (*KickstartStageOptions, error) { + + options, err := NewKickstartStageOptions(path, userCustomizations, groupCustomizations) + + if err != nil { + return nil, err } - var liveImg *LiveIMG if imageURL != "" { - liveImg = &LiveIMG{ + liveImg := &LiveIMGOptions{ URL: imageURL, } + options.LiveIMG = liveImg } - return &KickstartStageOptions{ - Path: path, - OSTree: ostreeOptions, - LiveIMG: liveImg, - Users: users, - Groups: groups, - }, nil + + return options, nil } diff --git a/vendor/github.com/osbuild/images/pkg/osbuild/oscap_autotailor_stage.go b/vendor/github.com/osbuild/images/pkg/osbuild/oscap_autotailor_stage.go index fae8aef87..36b3d6544 100644 --- a/vendor/github.com/osbuild/images/pkg/osbuild/oscap_autotailor_stage.go +++ b/vendor/github.com/osbuild/images/pkg/osbuild/oscap_autotailor_stage.go @@ -6,9 +6,11 @@ type OscapAutotailorStageOptions struct { Filepath string `json:"filepath"` Config OscapAutotailorConfig `json:"config"` } + type OscapAutotailorConfig struct { - OscapConfig NewProfile string `json:"new_profile"` + Datastream string `json:"datastream" toml:"datastream"` + ProfileID string `json:"profile_id" toml:"profile_id"` Selected []string `json:"selected,omitempty"` Unselected []string `json:"unselected,omitempty"` } @@ -16,11 +18,16 @@ type OscapAutotailorConfig struct { func (OscapAutotailorStageOptions) isStageOptions() {} func (c OscapAutotailorConfig) validate() error { + if c.Datastream == "" { + return fmt.Errorf("'datastream' must be specified") + } + if c.ProfileID == "" { + return fmt.Errorf("'profile_id' must be specified") + } if c.NewProfile == "" { return fmt.Errorf("'new_profile' must be specified") } - // reuse the oscap validation - return c.OscapConfig.validate() + return nil } func NewOscapAutotailorStage(options *OscapAutotailorStageOptions) *Stage { @@ -34,14 +41,15 @@ func NewOscapAutotailorStage(options *OscapAutotailorStageOptions) *Stage { } } -func NewOscapAutotailorStageOptions(filepath string, oscapOptions OscapConfig, autotailorOptions OscapAutotailorConfig) *OscapAutotailorStageOptions { +func NewOscapAutotailorStageOptions(filepath string, autotailorOptions OscapAutotailorConfig) *OscapAutotailorStageOptions { return &OscapAutotailorStageOptions{ Filepath: filepath, Config: OscapAutotailorConfig{ - OscapConfig: oscapOptions, - NewProfile: autotailorOptions.NewProfile, - Selected: autotailorOptions.Selected, - Unselected: autotailorOptions.Unselected, + NewProfile: autotailorOptions.NewProfile, + Datastream: autotailorOptions.Datastream, + ProfileID: autotailorOptions.ProfileID, + Selected: autotailorOptions.Selected, + Unselected: autotailorOptions.Unselected, }, } } diff --git a/vendor/github.com/osbuild/images/pkg/osbuild/oscap_remediation_stage.go b/vendor/github.com/osbuild/images/pkg/osbuild/oscap_remediation_stage.go index 7c1916b32..b1408218b 100644 --- a/vendor/github.com/osbuild/images/pkg/osbuild/oscap_remediation_stage.go +++ b/vendor/github.com/osbuild/images/pkg/osbuild/oscap_remediation_stage.go @@ -15,6 +15,7 @@ type OscapRemediationStageOptions struct { DataDir string `json:"data_dir,omitempty"` Config OscapConfig `json:"config"` } + type OscapConfig struct { Datastream string `json:"datastream" toml:"datastream"` ProfileID string `json:"profile_id" toml:"profile_id"` @@ -23,10 +24,11 @@ type OscapConfig struct { BenchmarkID string `json:"benchmark_id,omitempty" toml:"benchmark_id,omitempty"` Tailoring string `json:"tailoring,omitempty" toml:"tailoring,omitempty"` TailoringID string `json:"tailoring_id,omitempty" toml:"tailoring_id,omitempty"` - ArfResult string `json:"arf_result,omitempty" toml:"arf_result,omitempty"` + ArfResult string `json:"arf_results,omitempty" toml:"arf_results,omitempty"` HtmlReport string `json:"html_report,omitempty" toml:"html_report,omitempty"` VerboseLog string `json:"verbose_log,omitempty" toml:"verbose_log,omitempty"` VerboseLevel OscapVerbosityLevel `json:"verbose_level,omitempty" toml:"verbose_level,omitempty"` + Compression bool `json:"compress_results,omitempty" toml:"compress_results,omitempty"` } func (OscapRemediationStageOptions) isStageOptions() {} @@ -70,8 +72,9 @@ func NewOscapRemediationStage(options *OscapRemediationStageOptions) *Stage { } } -func NewOscapRemediationStageOptions(options OscapConfig) *OscapRemediationStageOptions { +func NewOscapRemediationStageOptions(dataDir string, options OscapConfig) *OscapRemediationStageOptions { return &OscapRemediationStageOptions{ + DataDir: dataDir, Config: OscapConfig{ ProfileID: options.ProfileID, Datastream: options.Datastream, @@ -83,6 +86,7 @@ func NewOscapRemediationStageOptions(options OscapConfig) *OscapRemediationStage HtmlReport: options.HtmlReport, VerboseLog: options.VerboseLog, VerboseLevel: options.VerboseLevel, + Compression: options.Compression, }, } } diff --git a/vendor/github.com/osbuild/images/pkg/osbuild/shell_init_stage.go b/vendor/github.com/osbuild/images/pkg/osbuild/shell_init_stage.go index f3cfdf6a8..969e8b727 100644 --- a/vendor/github.com/osbuild/images/pkg/osbuild/shell_init_stage.go +++ b/vendor/github.com/osbuild/images/pkg/osbuild/shell_init_stage.go @@ -4,7 +4,7 @@ import ( "fmt" "regexp" - "github.com/osbuild/images/internal/shell" + "github.com/osbuild/images/pkg/customizations/shell" ) const filenameRegex = "^[a-zA-Z0-9\\.\\-_]{1,250}$" diff --git a/vendor/github.com/osbuild/images/pkg/osbuild/skopeo_source.go b/vendor/github.com/osbuild/images/pkg/osbuild/skopeo_source.go index 857d447fb..6852ec647 100644 --- a/vendor/github.com/osbuild/images/pkg/osbuild/skopeo_source.go +++ b/vendor/github.com/osbuild/images/pkg/osbuild/skopeo_source.go @@ -39,13 +39,12 @@ func NewSkopeoSourceItem(name, digest string, tlsVerify *bool) SkopeoSourceItem } func (item SkopeoSourceItem) validate() error { - if item.Image.Name == "" { - return fmt.Errorf("source item has empty name") + return fmt.Errorf("source item %#v has empty name", item) } if !skopeoDigestPattern.MatchString(item.Image.Digest) { - return fmt.Errorf("source item has invalid digest") + return fmt.Errorf("source item %#v has invalid digest", item) } return nil @@ -63,7 +62,7 @@ func NewSkopeoSource() *SkopeoSource { func (source *SkopeoSource) AddItem(name, digest, image string, tlsVerify *bool) { item := NewSkopeoSourceItem(name, digest, tlsVerify) if !skopeoDigestPattern.MatchString(image) { - panic("item has invalid image id") + panic(fmt.Errorf("item %#v has invalid image id", image)) } source.Items[image] = item } diff --git a/vendor/github.com/osbuild/images/pkg/osbuild/users_stage.go b/vendor/github.com/osbuild/images/pkg/osbuild/users_stage.go index cd9f77d02..6d2a6ef98 100644 --- a/vendor/github.com/osbuild/images/pkg/osbuild/users_stage.go +++ b/vendor/github.com/osbuild/images/pkg/osbuild/users_stage.go @@ -1,8 +1,8 @@ package osbuild import ( - "github.com/osbuild/images/internal/users" "github.com/osbuild/images/pkg/crypt" + "github.com/osbuild/images/pkg/customizations/users" ) type UsersStageOptions struct { diff --git a/vendor/github.com/osbuild/images/pkg/osbuild/yum_repos_stage.go b/vendor/github.com/osbuild/images/pkg/osbuild/yum_repos_stage.go index 297811865..cf2995e25 100644 --- a/vendor/github.com/osbuild/images/pkg/osbuild/yum_repos_stage.go +++ b/vendor/github.com/osbuild/images/pkg/osbuild/yum_repos_stage.go @@ -99,17 +99,18 @@ func repoConfigToYumRepository(repo rpmmd.RepoConfig) YumRepository { } yumRepo := YumRepository{ - Id: repo.Id, - Name: repo.Name, - Mirrorlist: repo.MirrorList, - Metalink: repo.Metalink, - BaseURLs: urls, - GPGKey: keys, - GPGCheck: repo.CheckGPG, - RepoGPGCheck: repo.CheckRepoGPG, - Enabled: repo.Enabled, - Priority: repo.Priority, - SSLVerify: sslVerify, + Id: repo.Id, + Name: repo.Name, + Mirrorlist: repo.MirrorList, + Metalink: repo.Metalink, + BaseURLs: urls, + GPGKey: keys, + GPGCheck: repo.CheckGPG, + RepoGPGCheck: repo.CheckRepoGPG, + Enabled: repo.Enabled, + Priority: repo.Priority, + SSLVerify: sslVerify, + ModuleHotfixes: repo.ModuleHotfixes, } return yumRepo diff --git a/vendor/github.com/osbuild/images/pkg/rpmmd/repository.go b/vendor/github.com/osbuild/images/pkg/rpmmd/repository.go index b185864e0..be264d7c0 100644 --- a/vendor/github.com/osbuild/images/pkg/rpmmd/repository.go +++ b/vendor/github.com/osbuild/images/pkg/rpmmd/repository.go @@ -23,6 +23,7 @@ type repository struct { CheckGPG bool `json:"check_gpg,omitempty"` IgnoreSSL bool `json:"ignore_ssl,omitempty"` RHSM bool `json:"rhsm,omitempty"` + ModuleHotfixes *bool `json:"module_hotfixes,omitempty"` MetadataExpire string `json:"metadata_expire,omitempty"` ImageTypeTags []string `json:"image_type_tags,omitempty"` } @@ -42,6 +43,7 @@ type RepoConfig struct { Priority *int `json:"priority,omitempty"` IgnoreSSL *bool `json:"ignore_ssl,omitempty"` MetadataExpire string `json:"metadata_expire,omitempty"` + ModuleHotfixes *bool `json:"module_hotfixes,omitempty"` RHSM bool `json:"rhsm,omitempty"` Enabled *bool `json:"enabled,omitempty"` ImageTypeTags []string `json:"image_type_tags,omitempty"` @@ -58,6 +60,12 @@ func (r *RepoConfig) Hash() string { bpts := func(b *bool) string { return fmt.Sprintf("%T", b) } + bptsIgnoreNil := func(b *bool) string { + if b == nil { + return "" + } + return bts(*b) + } ats := func(s []string) string { return strings.Join(s, "") } @@ -69,7 +77,8 @@ func (r *RepoConfig) Hash() string { bpts(r.CheckRepoGPG)+ bpts(r.IgnoreSSL)+ r.MetadataExpire+ - bts(r.RHSM)))) + bts(r.RHSM)+ + bptsIgnoreNil(r.ModuleHotfixes)))) } type DistrosRepoConfigs map[string]map[string][]RepoConfig @@ -245,6 +254,7 @@ func loadRepositoriesFromFile(filename string) (map[string][]RepoConfig, error) CheckGPG: &repo.CheckGPG, RHSM: repo.RHSM, MetadataExpire: repo.MetadataExpire, + ModuleHotfixes: repo.ModuleHotfixes, ImageTypeTags: repo.ImageTypeTags, } diff --git a/vendor/modules.txt b/vendor/modules.txt index 3605ad984..db0d250b4 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -119,7 +119,7 @@ github.com/acarl005/stripansi # github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 ## explicit; go 1.13 github.com/asaskevich/govalidator -# github.com/aws/aws-sdk-go v1.48.13 +# github.com/aws/aws-sdk-go v1.49.0 ## explicit; go 1.19 github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws/arn @@ -190,7 +190,7 @@ github.com/cenkalti/backoff/v4 # github.com/cespare/xxhash/v2 v2.2.0 ## explicit; go 1.11 github.com/cespare/xxhash/v2 -# github.com/containers/common v0.57.0 +# github.com/containers/common v0.57.1 ## explicit; go 1.18 github.com/containers/common/pkg/retry # github.com/containers/image/v5 v5.29.0 @@ -656,23 +656,23 @@ github.com/oracle/oci-go-sdk/v54/identity github.com/oracle/oci-go-sdk/v54/objectstorage github.com/oracle/oci-go-sdk/v54/objectstorage/transfer github.com/oracle/oci-go-sdk/v54/workrequests -# github.com/osbuild/images v0.21.0 +# github.com/osbuild/images v0.24.0 ## explicit; go 1.19 github.com/osbuild/images/internal/common github.com/osbuild/images/internal/environment -github.com/osbuild/images/internal/fdo -github.com/osbuild/images/internal/fsnode -github.com/osbuild/images/internal/ignition -github.com/osbuild/images/internal/oscap github.com/osbuild/images/internal/pathpolicy -github.com/osbuild/images/internal/shell -github.com/osbuild/images/internal/users github.com/osbuild/images/internal/workload github.com/osbuild/images/pkg/arch github.com/osbuild/images/pkg/artifact github.com/osbuild/images/pkg/blueprint github.com/osbuild/images/pkg/container github.com/osbuild/images/pkg/crypt +github.com/osbuild/images/pkg/customizations/fdo +github.com/osbuild/images/pkg/customizations/fsnode +github.com/osbuild/images/pkg/customizations/ignition +github.com/osbuild/images/pkg/customizations/oscap +github.com/osbuild/images/pkg/customizations/shell +github.com/osbuild/images/pkg/customizations/users github.com/osbuild/images/pkg/disk github.com/osbuild/images/pkg/distro github.com/osbuild/images/pkg/distro/fedora