RHEL-84: add gce image type

Add the `gce` image type intended for Google Compute Engine. The image
is BYOS - bring your own subscription and requires registering in order
to access Red Hat content.

Signed-off-by: Tomas Hozza <thozza@redhat.com>

internal/distro/rhel84/distro.go

@@ -7,6 +7,7 @@ import (
 	"io"
 	"math/rand"
 	"sort"
+	"strings"
 
 	"github.com/osbuild/osbuild-composer/internal/disk"
 	"github.com/osbuild/osbuild-composer/internal/distro"
@@ -180,6 +181,7 @@ func (a *architecture) addS2ImageTypes(imageTypes ...imageTypeS2) {
 			payloadPipelines:        it.payloadPipelines,
 			exports:                 it.exports,
 			pipelines:               it.pipelines,
+			partitionTableGenerator: it.partitionTableGenerator,
 		}
 	}
 }
@@ -335,6 +337,10 @@ func (d *distribution) OSTreeRef() string {
 	return d.ostreeRef
 }
 
+func (d *distribution) isRHEL() bool {
+	return strings.HasPrefix(d.name, "rhel")
+}
+
 func sources(packages []rpmmd.PackageSpec) *osbuild.Sources {
 	files := &osbuild.FilesSource{
 		URLs: make(map[string]osbuild.FileSource),
@@ -1549,6 +1555,27 @@ func newDistro(name, modulePlatformID, ostreeRef string, isCentos bool) distro.D
 		pipelines:        edgePipelines,
 	}
 
+	// This image type does not take the disabled / enabled service definitions
+	// from this structure definition, but rather from distro.ImageConfig instance
+	// defined in the gcePipelines() function. The same applies to the default
+	// target.
+	gceImgType := imageTypeS2{
+		name:     "gce",
+		filename: "image.tar.gz",
+		mimeType: "application/gzip",
+		packageSets: map[string]rpmmd.PackageSet{
+			"packages": getGcePackageSet(),
+		},
+		kernelOptions:           "net.ifnames=0 biosdevname=0 scsi_mod.use_blk_mq=Y crashkernel=auto console=ttyS0,38400n8d",
+		bootable:                true,
+		defaultSize:             20 * GigaByte,
+		pipelines:               gceByosPipelines,
+		buildPipelines:          []string{"build"},
+		payloadPipelines:        []string{"os", "image", "archive"},
+		exports:                 []string{"archive"},
+		partitionTableGenerator: defaultPartitionTable,
+	}
+
 	x8664.addImageTypes(
 		amiImgType,
 		qcow2ImageType,
@@ -1558,6 +1585,8 @@ func newDistro(name, modulePlatformID, ostreeRef string, isCentos bool) distro.D
 		vmdkImgType,
 	)
 
+	x8664.addS2ImageTypes(gceImgType)
+
 	if !isCentos {
 		x8664.addImageTypes(edgeImgTypeX86_64)
 		x8664.addS2ImageTypes(edgeOCIImgTypeX86_64, edgeInstImgTypeX86_64)

internal/distro/rhel84/distro_backports.go

@@ -0,0 +1,354 @@
+// This file contains common pipelines-related code backported form newer
+// distro definitions, mainly RHEL-8.6 / 9.0
+
+package rhel84
+
+import (
+	"fmt"
+	"path/filepath"
+
+	"github.com/osbuild/osbuild-composer/internal/blueprint"
+	"github.com/osbuild/osbuild-composer/internal/common"
+	"github.com/osbuild/osbuild-composer/internal/disk"
+	"github.com/osbuild/osbuild-composer/internal/distro"
+	osbuild "github.com/osbuild/osbuild-composer/internal/osbuild2"
+	"github.com/osbuild/osbuild-composer/internal/rpmmd"
+)
+
+func bootloaderConfigStage(t *imageTypeS2, partitionTable disk.PartitionTable, kernel *blueprint.KernelCustomization, kernelVer string, install, greenboot bool) *osbuild.Stage {
+	if t.arch.name == distro.S390xArchName {
+		return osbuild.NewZiplStage(new(osbuild.ZiplStageOptions))
+	}
+
+	kernelOptions := t.kernelOptions
+	uefi := t.arch.uefi
+	legacy := t.arch.legacy
+
+	options := osbuild.NewGrub2StageOptions(&partitionTable, kernelOptions, kernel, kernelVer, uefi, legacy, "redhat", install)
+	options.Greenboot = greenboot
+
+	return osbuild.NewGRUB2Stage(options)
+}
+
+func bootloaderInstStage(filename string, pt *disk.PartitionTable, arch *architecture, kernelVer string, devices *osbuild.Devices, mounts *osbuild.Mounts, disk *osbuild.Device) *osbuild.Stage {
+	platform := arch.legacy
+	if platform != "" {
+		return osbuild.NewGrub2InstStage(osbuild.NewGrub2InstStageOption(filename, pt, platform))
+	}
+
+	if arch.name == distro.S390xArchName {
+		return osbuild.NewZiplInstStage(osbuild.NewZiplInstStageOptions(kernelVer, pt), disk, devices, mounts)
+	}
+
+	return nil
+}
+
+func firewallStageOptions(firewall *blueprint.FirewallCustomization) *osbuild.FirewallStageOptions {
+	options := osbuild.FirewallStageOptions{
+		Ports: firewall.Ports,
+	}
+
+	if firewall.Services != nil {
+		options.EnabledServices = firewall.Services.Enabled
+		options.DisabledServices = firewall.Services.Disabled
+	}
+
+	return &options
+}
+
+func liveImagePipeline(inputPipelineName string, outputFilename string, pt *disk.PartitionTable, arch *architecture, kernelVer string) *osbuild.Pipeline {
+	p := new(osbuild.Pipeline)
+	p.Name = "image"
+	p.Build = "name:build"
+
+	for _, stage := range osbuild.GenImagePrepareStages(pt, outputFilename) {
+		p.AddStage(stage)
+	}
+
+	inputName := "root-tree"
+	copyOptions, copyDevices, copyMounts := osbuild.GenCopyFSTreeOptions(inputName, inputPipelineName, outputFilename, pt)
+	copyInputs := osbuild.NewCopyStagePipelineTreeInputs(inputName, inputPipelineName)
+	p.AddStage(osbuild.NewCopyStage(copyOptions, copyInputs, copyDevices, copyMounts))
+
+	for _, stage := range osbuild.GenImageFinishStages(pt, outputFilename) {
+		p.AddStage(stage)
+	}
+
+	loopback := osbuild.NewLoopbackDevice(&osbuild.LoopbackDeviceOptions{Filename: outputFilename})
+	p.AddStage(bootloaderInstStage(outputFilename, pt, arch, kernelVer, copyDevices, copyMounts, loopback))
+
+	return p
+}
+
+func tarArchivePipeline(name, inputPipelineName string, tarOptions *osbuild.TarStageOptions) *osbuild.Pipeline {
+	p := new(osbuild.Pipeline)
+	p.Name = name
+	p.Build = "name:build"
+	p.AddStage(osbuild.NewTarStage(tarOptions, osbuild.NewTarStagePipelineTreeInputs(inputPipelineName)))
+	return p
+}
+
+func usersFirstBootOptions(usersStageOptions *osbuild.UsersStageOptions) *osbuild.FirstBootStageOptions {
+	cmds := make([]string, 0, 3*len(usersStageOptions.Users)+2)
+	// workaround for creating authorized_keys file for user
+	// need to special case the root user, which has its home in a different place
+	varhome := filepath.Join("/var", "home")
+	roothome := filepath.Join("/var", "roothome")
+
+	for name, user := range usersStageOptions.Users {
+		if user.Key != nil {
+			var home string
+
+			if name == "root" {
+				home = roothome
+			} else {
+				home = filepath.Join(varhome, name)
+			}
+
+			sshdir := filepath.Join(home, ".ssh")
+
+			cmds = append(cmds, fmt.Sprintf("mkdir -p %s", sshdir))
+			cmds = append(cmds, fmt.Sprintf("sh -c 'echo %q >> %q'", *user.Key, filepath.Join(sshdir, "authorized_keys")))
+			cmds = append(cmds, fmt.Sprintf("chown %s:%s -Rc %s", name, name, sshdir))
+		}
+	}
+	cmds = append(cmds, fmt.Sprintf("restorecon -rvF %s", varhome))
+	cmds = append(cmds, fmt.Sprintf("restorecon -rvF %s", roothome))
+
+	options := &osbuild.FirstBootStageOptions{
+		Commands:       cmds,
+		WaitForNetwork: false,
+	}
+
+	return options
+}
+
+// osPipelineRhel86 is a backport of the osPipeline from RHEL-86
+//
+// This pipeline generator takes distro.ImageConfig instance, which
+// defines the image default configuration
+func osPipelineRhel86(t *imageTypeS2,
+	imageConfig *distro.ImageConfig,
+	repos []rpmmd.RepoConfig,
+	packages []rpmmd.PackageSpec,
+	c *blueprint.Customizations,
+	options distro.ImageOptions,
+	pt *disk.PartitionTable) (*osbuild.Pipeline, error) {
+	p := new(osbuild.Pipeline)
+	if t.rpmOstree {
+		p.Name = "ostree-tree"
+	} else {
+		p.Name = "os"
+	}
+	p.Build = "name:build"
+
+	if t.rpmOstree && options.OSTree.Parent != "" && options.OSTree.URL != "" {
+		p.AddStage(osbuild.NewOSTreePasswdStage("org.osbuild.source", options.OSTree.Parent))
+	}
+
+	p.AddStage(osbuild.NewRPMStage(t.rpmStageOptions(repos), osbuild.NewRpmStageSourceFilesInputs(packages)))
+
+	// If the /boot is on a separate partition, the prefix for the BLS stage must be ""
+	if pt == nil || pt.FindMountable("/boot") == nil {
+		p.AddStage(osbuild.NewFixBLSStage(&osbuild.FixBLSStageOptions{}))
+	} else {
+		p.AddStage(osbuild.NewFixBLSStage(&osbuild.FixBLSStageOptions{Prefix: common.StringToPtr("")}))
+	}
+
+	language, keyboard := c.GetPrimaryLocale()
+	if language != nil {
+		p.AddStage(osbuild.NewLocaleStage(&osbuild.LocaleStageOptions{Language: *language}))
+	} else {
+		p.AddStage(osbuild.NewLocaleStage(&osbuild.LocaleStageOptions{Language: imageConfig.Locale}))
+	}
+	if keyboard != nil {
+		p.AddStage(osbuild.NewKeymapStage(&osbuild.KeymapStageOptions{Keymap: *keyboard}))
+	} else if imageConfig.Keyboard != nil {
+		p.AddStage(osbuild.NewKeymapStage(imageConfig.Keyboard))
+	}
+
+	if hostname := c.GetHostname(); hostname != nil {
+		p.AddStage(osbuild.NewHostnameStage(&osbuild.HostnameStageOptions{Hostname: *hostname}))
+	}
+
+	timezone, ntpServers := c.GetTimezoneSettings()
+	if timezone != nil {
+		p.AddStage(osbuild.NewTimezoneStage(&osbuild.TimezoneStageOptions{Zone: *timezone}))
+	} else {
+		p.AddStage(osbuild.NewTimezoneStage(&osbuild.TimezoneStageOptions{Zone: imageConfig.Timezone}))
+	}
+
+	if len(ntpServers) > 0 {
+		p.AddStage(osbuild.NewChronyStage(&osbuild.ChronyStageOptions{Timeservers: ntpServers}))
+	} else if imageConfig.TimeSynchronization != nil {
+		p.AddStage(osbuild.NewChronyStage(imageConfig.TimeSynchronization))
+	}
+
+	if !t.bootISO {
+		// don't put users and groups in the payload of an installer
+		// add them via kickstart instead
+		if groups := c.GetGroups(); len(groups) > 0 {
+			p.AddStage(osbuild.NewGroupsStage(osbuild.NewGroupsStageOptions(groups)))
+		}
+
+		if userOptions, err := osbuild.NewUsersStageOptions(c.GetUsers(), false); err != nil {
+			return nil, err
+		} else if userOptions != nil {
+			if t.rpmOstree {
+				// for ostree, writing the key during user creation is
+				// redundant and can cause issues so create users without keys
+				// and write them on first boot
+				userOptionsSansKeys, err := osbuild.NewUsersStageOptions(c.GetUsers(), true)
+				if err != nil {
+					return nil, err
+				}
+				p.AddStage(osbuild.NewUsersStage(userOptionsSansKeys))
+				p.AddStage(osbuild.NewFirstBootStage(usersFirstBootOptions(userOptions)))
+			} else {
+				p.AddStage(osbuild.NewUsersStage(userOptions))
+			}
+		}
+	}
+
+	if services := c.GetServices(); services != nil || imageConfig.EnabledServices != nil ||
+		imageConfig.DisabledServices != nil || imageConfig.DefaultTarget != "" {
+		p.AddStage(osbuild.NewSystemdStage(t.systemdStageOptions(
+			imageConfig.EnabledServices,
+			imageConfig.DisabledServices,
+			services,
+			imageConfig.DefaultTarget,
+		)))
+	}
+
+	var fwStageOptions *osbuild.FirewallStageOptions
+	if firewallCustomization := c.GetFirewall(); firewallCustomization != nil {
+		fwStageOptions = firewallStageOptions(firewallCustomization)
+	}
+	if firewallConfig := imageConfig.Firewall; firewallConfig != nil {
+		// merge the user-provided firewall config with the default one
+		if fwStageOptions != nil {
+			fwStageOptions = &osbuild.FirewallStageOptions{
+				// Prefer the firewall ports and services settings provided
+				// via BP customization.
+				Ports:            fwStageOptions.Ports,
+				EnabledServices:  fwStageOptions.EnabledServices,
+				DisabledServices: fwStageOptions.DisabledServices,
+				// Default zone can not be set using BP customizations, therefore
+				// default to the one provided in the default image configuration.
+				DefaultZone: firewallConfig.DefaultZone,
+			}
+		} else {
+			fwStageOptions = firewallConfig
+		}
+	}
+	if fwStageOptions != nil {
+		p.AddStage(osbuild.NewFirewallStage(fwStageOptions))
+	}
+
+	for _, sysconfigConfig := range imageConfig.Sysconfig {
+		p.AddStage(osbuild.NewSysconfigStage(sysconfigConfig))
+	}
+
+	if t.arch.distro.isRHEL() {
+		if options.Subscription != nil {
+			commands := []string{
+				fmt.Sprintf("/usr/sbin/subscription-manager register --org=%s --activationkey=%s --serverurl %s --baseurl %s", options.Subscription.Organization, options.Subscription.ActivationKey, options.Subscription.ServerUrl, options.Subscription.BaseUrl),
+			}
+			if options.Subscription.Insights {
+				commands = append(commands, "/usr/bin/insights-client --register")
+			}
+			p.AddStage(osbuild.NewFirstBootStage(&osbuild.FirstBootStageOptions{
+				Commands:       commands,
+				WaitForNetwork: true,
+			}))
+
+			if rhsmConfig, exists := imageConfig.RHSMConfig[distro.RHSMConfigWithSubscription]; exists {
+				p.AddStage(osbuild.NewRHSMStage(rhsmConfig))
+			}
+		} else {
+			if rhsmConfig, exists := imageConfig.RHSMConfig[distro.RHSMConfigNoSubscription]; exists {
+				p.AddStage(osbuild.NewRHSMStage(rhsmConfig))
+			}
+		}
+	}
+
+	for _, systemdLogindConfig := range imageConfig.SystemdLogind {
+		p.AddStage(osbuild.NewSystemdLogindStage(systemdLogindConfig))
+	}
+
+	for _, cloudInitConfig := range imageConfig.CloudInit {
+		p.AddStage(osbuild.NewCloudInitStage(cloudInitConfig))
+	}
+
+	for _, modprobeConfig := range imageConfig.Modprobe {
+		p.AddStage(osbuild.NewModprobeStage(modprobeConfig))
+	}
+
+	for _, dracutConfConfig := range imageConfig.DracutConf {
+		p.AddStage(osbuild.NewDracutConfStage(dracutConfConfig))
+	}
+
+	for _, systemdUnitConfig := range imageConfig.SystemdUnit {
+		p.AddStage(osbuild.NewSystemdUnitStage(systemdUnitConfig))
+	}
+
+	if authselectConfig := imageConfig.Authselect; authselectConfig != nil {
+		p.AddStage(osbuild.NewAuthselectStage(authselectConfig))
+	}
+
+	if seLinuxConfig := imageConfig.SELinuxConfig; seLinuxConfig != nil {
+		p.AddStage(osbuild.NewSELinuxConfigStage(seLinuxConfig))
+	}
+
+	if tunedConfig := imageConfig.Tuned; tunedConfig != nil {
+		p.AddStage(osbuild.NewTunedStage(tunedConfig))
+	}
+
+	for _, tmpfilesdConfig := range imageConfig.Tmpfilesd {
+		p.AddStage(osbuild.NewTmpfilesdStage(tmpfilesdConfig))
+	}
+
+	for _, pamLimitsConfConfig := range imageConfig.PamLimitsConf {
+		p.AddStage(osbuild.NewPamLimitsConfStage(pamLimitsConfConfig))
+	}
+
+	for _, sysctldConfig := range imageConfig.Sysctld {
+		p.AddStage(osbuild.NewSysctldStage(sysctldConfig))
+	}
+
+	for _, dnfConfig := range imageConfig.DNFConfig {
+		p.AddStage(osbuild.NewDNFConfigStage(dnfConfig))
+	}
+
+	if sshdConfig := imageConfig.SshdConfig; sshdConfig != nil {
+		p.AddStage((osbuild.NewSshdConfigStage(sshdConfig)))
+	}
+
+	if dnfAutomaticConfig := imageConfig.DNFAutomaticConfig; dnfAutomaticConfig != nil {
+		p.AddStage(osbuild.NewDNFAutomaticConfigStage(dnfAutomaticConfig))
+	}
+
+	for _, yumRepo := range imageConfig.YUMRepos {
+		p.AddStage(osbuild.NewYumReposStage(yumRepo))
+	}
+
+	if pt != nil {
+		p = t.prependKernelCmdlineStage(p, pt)
+		p.AddStage(osbuild.NewFSTabStage(osbuild.NewFSTabStageOptions(pt)))
+		kernelVer := rpmmd.GetVerStrFromPackageSpecListPanic(packages, c.GetKernel().Name)
+		p.AddStage(bootloaderConfigStage(t, *pt, c.GetKernel(), kernelVer, false, false))
+	}
+
+	p.AddStage(osbuild.NewSELinuxStage(t.selinuxStageOptions()))
+
+	if t.rpmOstree {
+		p.AddStage(osbuild.NewOSTreePrepTreeStage(&osbuild.OSTreePrepTreeStageOptions{
+			EtcGroupMembers: []string{
+				// NOTE: We may want to make this configurable.
+				"wheel", "docker",
+			},
+		}))
+	}
+
+	return p, nil
+}

internal/distro/rhel84/distro_test.go

@@ -76,6 +76,12 @@ func TestFilenameFromType(t *testing.T) {
 			want:  "disk.vmdk",
 			want1: "application/x-vmdk",
 		},
+		{
+			name:  "gce",
+			args:  args{"gce"},
+			want:  "image.tar.gz",
+			want1: "application/gzip",
+		},
 		{
 			name:    "invalid-output-type",
 			args:    args{"foobar"},
@@ -440,7 +446,8 @@ func TestDistro_ManifestError(t *testing.T) {
 			imgOpts := distro.ImageOptions{
 				Size: imgType.Size(0),
 			}
-			_, err := imgType.Manifest(bp.Customizations, imgOpts, nil, nil, 0)
+			testPackageSpecSets := distro_test_common.GetTestingPackageSpecSets("kernel", arch.Name(), imgType.PayloadPackageSets())
+			_, err := imgType.Manifest(bp.Customizations, imgOpts, nil, testPackageSpecSets, 0)
 			if imgTypeName == "rhel-edge-commit" || imgTypeName == "rhel-edge-container" {
 				assert.EqualError(t, err, "kernel boot parameter customizations are not supported for ostree types")
 			} else if imgTypeName == "rhel-edge-installer" {
@@ -467,6 +474,7 @@ func TestArchitecture_ListImageTypes(t *testing.T) {
 				"tar",
 				"vhd",
 				"vmdk",
+				"gce",
 			},
 			rhelAdditionalImageTypes: []string{"rhel-edge-commit", "rhel-edge-container", "rhel-edge-installer"},
 		},
@@ -615,7 +623,8 @@ func TestDistro_CustomFileSystemManifestError(t *testing.T) {
 					imgOpts := distro.ImageOptions{
 						Size: imgType.Size(0),
 					}
-					_, err := imgType.Manifest(bp.Customizations, imgOpts, nil, nil, 0)
+					testPackageSpecSets := distro_test_common.GetTestingPackageSpecSets("kernel", arch.Name(), imgType.PayloadPackageSets())
+					_, err := imgType.Manifest(bp.Customizations, imgOpts, nil, testPackageSpecSets, 0)
 					if imgTypeName == "rhel-edge-commit" || imgTypeName == "rhel-edge-container" {
 						assert.EqualError(t, err, "Custom mountpoints are not supported for ostree types")
 					} else {
@@ -651,7 +660,8 @@ func TestDistro_TestRootMountPoint(t *testing.T) {
 					imgOpts := distro.ImageOptions{
 						Size: imgType.Size(0),
 					}
-					_, err := imgType.Manifest(bp.Customizations, imgOpts, nil, nil, 0)
+					testPackageSpecSets := distro_test_common.GetTestingPackageSpecSets("kernel", arch.Name(), imgType.PayloadPackageSets())
+					_, err := imgType.Manifest(bp.Customizations, imgOpts, nil, testPackageSpecSets, 0)
 					if imgTypeName == "rhel-edge-commit" || imgTypeName == "rhel-edge-container" {
 						assert.EqualError(t, err, "Custom mountpoints are not supported for ostree types")
 					} else {

internal/distro/rhel84/distro_v2.go

@@ -7,6 +7,7 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/osbuild/osbuild-composer/internal/disk"
 	"github.com/osbuild/osbuild-composer/internal/distro"
 	osbuild "github.com/osbuild/osbuild-composer/internal/osbuild2"
 
@@ -37,6 +38,7 @@ type imageTypeS2 struct {
 	buildPipelines          []string
 	payloadPipelines        []string
 	exports                 []string
+	partitionTableGenerator func(imageSize uint64, arch distro.Arch, rng *rand.Rand) disk.PartitionTable
 	pipelines               pipelinesFunc
 }
 
@@ -151,6 +153,11 @@ func (t *imageTypeS2) Manifest(c *blueprint.Customizations,
 	repos []rpmmd.RepoConfig,
 	packageSpecSets map[string][]rpmmd.PackageSpec,
 	seed int64) (distro.Manifest, error) {
+
+	if err := t.checkOptions(c, options); err != nil {
+		return distro.Manifest{}, err
+	}
+
 	source := rand.NewSource(seed)
 	// math/rand is good enough in this case
 	/* #nosec G404 */
@@ -220,40 +227,6 @@ func (t *imageTypeS2) sources(packages []rpmmd.PackageSpec, ostreeCommits []ostr
 }
 
 func edgePipelines(t *imageTypeS2, customizations *blueprint.Customizations, options distro.ImageOptions, repos []rpmmd.RepoConfig, packageSetSpecs map[string][]rpmmd.PackageSpec, rng *rand.Rand) ([]osbuild.Pipeline, error) {
-
-	if t.bootISO {
-		if options.OSTree.Parent == "" {
-			return nil, fmt.Errorf("boot ISO image type %q requires specifying a URL from which to retrieve the OSTree commit", t.name)
-		}
-		if t.name == "rhel-edge-installer" {
-			allowed := []string{"User", "Group"}
-			if err := customizations.CheckAllowed(allowed...); err != nil {
-				return nil, fmt.Errorf("unsupported blueprint customizations found for boot ISO image type %q: (allowed: %s)", t.name, strings.Join(allowed, ", "))
-			}
-		}
-	}
-
-	if kernelOpts := customizations.GetKernel(); kernelOpts.Append != "" && t.rpmOstree {
-		return nil, fmt.Errorf("kernel boot parameter customizations are not supported for ostree types")
-	}
-
-	mountpoints := customizations.GetFilesystems()
-
-	if mountpoints != nil && t.rpmOstree {
-		return nil, fmt.Errorf("Custom mountpoints are not supported for ostree types")
-	}
-
-	invalidMountpoints := []string{}
-	for _, m := range mountpoints {
-		if m.Mountpoint != "/" {
-			invalidMountpoints = append(invalidMountpoints, m.Mountpoint)
-		}
-	}
-
-	if len(invalidMountpoints) > 0 {
-		return nil, fmt.Errorf("The following custom mountpoints are not supported %+q", invalidMountpoints)
-	}
-
 	pipelines := make([]osbuild.Pipeline, 0)
 
 	pipelines = append(pipelines, *t.buildPipeline(repos, packageSetSpecs["build-packages"]))
@@ -728,3 +701,58 @@ func (t *imageTypeS2) xorrisofsStageOptions() *osbuild.XorrisofsStageOptions {
 		IsohybridMBR: "/usr/share/syslinux/isohdpfx.bin",
 	}
 }
+
+func (t *imageTypeS2) checkOptions(customizations *blueprint.Customizations, options distro.ImageOptions) error {
+	if t.bootISO {
+		if options.OSTree.Parent == "" {
+			return fmt.Errorf("boot ISO image type %q requires specifying a URL from which to retrieve the OSTree commit", t.name)
+		}
+		if t.name == "rhel-edge-installer" {
+			allowed := []string{"User", "Group"}
+			if err := customizations.CheckAllowed(allowed...); err != nil {
+				return fmt.Errorf("unsupported blueprint customizations found for boot ISO image type %q: (allowed: %s)", t.name, strings.Join(allowed, ", "))
+			}
+		}
+	}
+
+	if kernelOpts := customizations.GetKernel(); kernelOpts.Append != "" && t.rpmOstree {
+		return fmt.Errorf("kernel boot parameter customizations are not supported for ostree types")
+	}
+
+	mountpoints := customizations.GetFilesystems()
+
+	if mountpoints != nil && t.rpmOstree {
+		return fmt.Errorf("Custom mountpoints are not supported for ostree types")
+	}
+
+	invalidMountpoints := []string{}
+	for _, m := range mountpoints {
+		if m.Mountpoint != "/" {
+			invalidMountpoints = append(invalidMountpoints, m.Mountpoint)
+		}
+	}
+
+	if len(invalidMountpoints) > 0 {
+		return fmt.Errorf("The following custom mountpoints are not supported %+q", invalidMountpoints)
+	}
+
+	return nil
+}
+
+func (t *imageTypeS2) prependKernelCmdlineStage(pipeline *osbuild.Pipeline, pt *disk.PartitionTable) *osbuild.Pipeline {
+	if t.arch.name == distro.S390xArchName {
+		rootFs := pt.FindMountable("/")
+		if rootFs == nil {
+			panic("s390x image must have a root partition, this is a programming error")
+		}
+		kernelStage := osbuild.NewKernelCmdlineStage(osbuild.NewKernelCmdlineStageOptions(rootFs.GetFSSpec().UUID, t.kernelOptions))
+		pipeline.Stages = append([]*osbuild.Stage{kernelStage}, pipeline.Stages...)
+	}
+	return pipeline
+}
+
+func (t *imageTypeS2) getPartitionTable(options distro.ImageOptions, rng *rand.Rand) (*disk.PartitionTable, error) {
+	basePartitionTable := t.partitionTableGenerator(options.Size, t.Arch(), rng)
+	pt, err := disk.NewPartitionTable(&basePartitionTable, nil, options.Size, false, rng)
+	return pt, err
+}

internal/distro/rhel84/gce.go

@@ -0,0 +1,254 @@
+package rhel84
+
+import (
+	"fmt"
+	"math/rand"
+
+	"github.com/osbuild/osbuild-composer/internal/blueprint"
+	"github.com/osbuild/osbuild-composer/internal/common"
+	"github.com/osbuild/osbuild-composer/internal/distro"
+	osbuild "github.com/osbuild/osbuild-composer/internal/osbuild2"
+	"github.com/osbuild/osbuild-composer/internal/rpmmd"
+)
+
+// common GCE image
+func getGceCommonPackageSet() rpmmd.PackageSet {
+	return rpmmd.PackageSet{
+		Include: []string{
+			"@core",
+			"langpacks-en", // not in Google's KS
+			"acpid",
+			"dhcp-client",
+			"dnf-automatic",
+			"net-tools",
+			//"openssh-server", included in core
+			"python3",
+			"rng-tools",
+			"tar",
+			"vim",
+
+			// GCE guest tools
+			"google-compute-engine",
+			"google-osconfig-agent",
+			"gce-disk-expand",
+			// GCP SDK
+			"google-cloud-sdk",
+
+			// Not explicitly included in GCP kickstart, but present on the image
+			// for time synchronization
+			"chrony",
+			"timedatex",
+			// Detected Platform requirements by Anaconda
+			"qemu-guest-agent",
+			// EFI
+			"grub2-tools-efi",
+		},
+		Exclude: []string{
+			"alsa-utils",
+			"b43-fwcutter",
+			"dmraid",
+			"eject",
+			"gpm",
+			"irqbalance",
+			"microcode_ctl",
+			"smartmontools",
+			"aic94xx-firmware",
+			"atmel-firmware",
+			"b43-openfwwf",
+			"bfa-firmware",
+			"ipw2100-firmware",
+			"ipw2200-firmware",
+			"ivtv-firmware",
+			"iwl100-firmware",
+			"iwl1000-firmware",
+			"iwl3945-firmware",
+			"iwl4965-firmware",
+			"iwl5000-firmware",
+			"iwl5150-firmware",
+			"iwl6000-firmware",
+			"iwl6000g2a-firmware",
+			"iwl6050-firmware",
+			"kernel-firmware",
+			"libertas-usb8388-firmware",
+			"ql2100-firmware",
+			"ql2200-firmware",
+			"ql23xx-firmware",
+			"ql2400-firmware",
+			"ql2500-firmware",
+			"rt61pci-firmware",
+			"rt73usb-firmware",
+			"xorg-x11-drv-ati-firmware",
+			"zd1211-firmware",
+		},
+	}
+}
+
+// GCE BYOS image
+func getGcePackageSet() rpmmd.PackageSet {
+	return getGceCommonPackageSet()
+}
+
+// gcePipelinesRhel86 is a slightly modified RHEL-86 version of gcePipelines() function
+func gcePipelinesRhel86(t *imageTypeS2, imageConfig *distro.ImageConfig, customizations *blueprint.Customizations, options distro.ImageOptions, repos []rpmmd.RepoConfig, packageSetSpecs map[string][]rpmmd.PackageSpec, rng *rand.Rand) ([]osbuild.Pipeline, error) {
+	pipelines := make([]osbuild.Pipeline, 0)
+	pipelines = append(pipelines, *t.buildPipeline(repos, packageSetSpecs["build-packages"]))
+
+	partitionTable, err := t.getPartitionTable(options, rng)
+	if err != nil {
+		return nil, err
+	}
+
+	treePipeline, err := osPipelineRhel86(t, imageConfig, repos, packageSetSpecs["packages"], customizations, options, partitionTable)
+	if err != nil {
+		return nil, err
+	}
+	pipelines = append(pipelines, *treePipeline)
+
+	diskfile := "disk.raw"
+	kernelVer, err := rpmmd.GetVerStrFromPackageSpecList(packageSetSpecs["packages"], customizations.GetKernel().Name)
+	if err != nil {
+		panic(fmt.Sprintf("kernel package %q not found", customizations.GetKernel().Name))
+	}
+	imagePipeline := liveImagePipeline(treePipeline.Name, diskfile, partitionTable, t.arch, kernelVer)
+	pipelines = append(pipelines, *imagePipeline)
+
+	archivePipeline := tarArchivePipeline("archive", imagePipeline.Name, &osbuild.TarStageOptions{
+		Filename: t.Filename(),
+		Format:   osbuild.TarArchiveFormatOldgnu,
+		RootNode: osbuild.TarRootNodeOmit,
+		// import of the image to GCP fails in case the options below are enabled, which is the default
+		ACLs:    common.BoolToPtr(false),
+		SELinux: common.BoolToPtr(false),
+		Xattrs:  common.BoolToPtr(false),
+	})
+	pipelines = append(pipelines, *archivePipeline)
+
+	return pipelines, nil
+}
+
+func getDefaultGceByosImageConfig() *distro.ImageConfig {
+	return &distro.ImageConfig{
+		Timezone: "UTC",
+		TimeSynchronization: &osbuild.ChronyStageOptions{
+			Timeservers: []string{"metadata.google.internal"},
+		},
+		Firewall: &osbuild.FirewallStageOptions{
+			DefaultZone: "trusted",
+		},
+		EnabledServices: []string{
+			"sshd",
+			"rngd",
+			"dnf-automatic.timer",
+		},
+		DisabledServices: []string{
+			"sshd-keygen@",
+			"reboot.target",
+		},
+		DefaultTarget: "multi-user.target",
+		Locale:        "en_US.UTF-8",
+		Keyboard: &osbuild.KeymapStageOptions{
+			Keymap: "us",
+		},
+		DNFConfig: []*osbuild.DNFConfigStageOptions{
+			{
+				Config: &osbuild.DNFConfig{
+					Main: &osbuild.DNFConfigMain{
+						IPResolve: "4",
+					},
+				},
+			},
+		},
+		DNFAutomaticConfig: &osbuild.DNFAutomaticConfigStageOptions{
+			Config: &osbuild.DNFAutomaticConfig{
+				Commands: &osbuild.DNFAutomaticConfigCommands{
+					ApplyUpdates: common.BoolToPtr(true),
+					UpgradeType:  osbuild.DNFAutomaticUpgradeTypeSecurity,
+				},
+			},
+		},
+		YUMRepos: []*osbuild.YumReposStageOptions{
+			{
+				Filename: "google-cloud.repo",
+				Repos: []osbuild.YumRepository{
+					{
+						Id:           "google-compute-engine",
+						Name:         "Google Compute Engine",
+						BaseURL:      []string{"https://packages.cloud.google.com/yum/repos/google-compute-engine-el8-x86_64-stable"},
+						Enabled:      common.BoolToPtr(true),
+						GPGCheck:     common.BoolToPtr(true),
+						RepoGPGCheck: common.BoolToPtr(false),
+						GPGKey: []string{
+							"https://packages.cloud.google.com/yum/doc/yum-key.gpg",
+							"https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg",
+						},
+					},
+					{
+						Id:           "google-cloud-sdk",
+						Name:         "Google Cloud SDK",
+						BaseURL:      []string{"https://packages.cloud.google.com/yum/repos/cloud-sdk-el8-x86_64"},
+						Enabled:      common.BoolToPtr(true),
+						GPGCheck:     common.BoolToPtr(true),
+						RepoGPGCheck: common.BoolToPtr(false),
+						GPGKey: []string{
+							"https://packages.cloud.google.com/yum/doc/yum-key.gpg",
+							"https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg",
+						},
+					},
+				},
+			},
+		},
+		RHSMConfig: map[distro.RHSMSubscriptionStatus]*osbuild.RHSMStageOptions{
+			distro.RHSMConfigNoSubscription: {
+				SubMan: &osbuild.RHSMStageOptionsSubMan{
+					Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{
+						AutoRegistration: common.BoolToPtr(true),
+					},
+					// Don't disable RHSM redhat.repo management on the GCE
+					// image, which is BYOS and does not use RHUI for content.
+					// Otherwise subscribing the system manually after booting
+					// it would result in empty redhat.repo. Without RHUI, such
+					// system would have no way to get Red Hat content, but
+					// enable the repo management manually, which would be very
+					// confusing.
+				},
+			},
+			distro.RHSMConfigWithSubscription: {
+				SubMan: &osbuild.RHSMStageOptionsSubMan{
+					Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{
+						AutoRegistration: common.BoolToPtr(true),
+					},
+					// do not disable the redhat.repo management if the user
+					// explicitly request the system to be subscribed
+				},
+			},
+		},
+		SshdConfig: &osbuild.SshdConfigStageOptions{
+			Config: osbuild.SshdConfigConfig{
+				PasswordAuthentication: common.BoolToPtr(false),
+				ClientAliveInterval:    common.IntToPtr(420),
+				PermitRootLogin:        osbuild.PermitRootLoginValueNo,
+			},
+		},
+		Sysconfig: []*osbuild.SysconfigStageOptions{
+			{
+				Kernel: &osbuild.SysconfigKernelOptions{
+					DefaultKernel: "kernel-core",
+					UpdateDefault: true,
+				},
+			},
+		},
+		Modprobe: []*osbuild.ModprobeStageOptions{
+			{
+				Filename: "blacklist-floppy.conf",
+				Commands: osbuild.ModprobeConfigCmdList{
+					osbuild.NewModprobeConfigCmdBlacklist("floppy"),
+				},
+			},
+		},
+	}
+}
+
+// GCE BYOS image
+func gceByosPipelines(t *imageTypeS2, customizations *blueprint.Customizations, options distro.ImageOptions, repos []rpmmd.RepoConfig, packageSetSpecs map[string][]rpmmd.PackageSpec, rng *rand.Rand) ([]osbuild.Pipeline, error) {
+	return gcePipelinesRhel86(t, getDefaultGceByosImageConfig(), customizations, options, repos, packageSetSpecs, rng)
+}

tools/test-case-generators/distro-arch-imagetype-map.json

@@ -95,6 +95,7 @@
     "rhel-84": {
         "x86_64": [
             "ami",
+            "gce",
             "openstack",
             "tar",
             "qcow2",