The `tar` stage options contain three boolean values. All of them
default to `true` in the osbuild stage implementation [1]. However
if these values were explicitly set to `false`, they would be omitted
from the resulting JSON structure. As a result, it was impossible to use
any non-default values.
Use `*bool` instead of `bool`, to ensure that explicitly set `false`
values will end up in the JSON structure passed to osbuild.
[1] 8102f20d23/stages/org.osbuild.tar (L39-L53)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
De-duplicate the `qemuStageOptions()` implementation from many distro
implementations and move it to the `osbuild2` package as
`NewQEMUStageOptions()`.
Adjust all affected pipeline implementations.
The `NewQEMUStageOptions()` function takes an optional format-specific
options argument, instead of a dedicated format-specific options (the
previously used qcow2 compat version). This is a preparation to produce
VMDK images with a different than default subformat.
Add unit test for `NewQEMUStageOptions()`.
Support setting a specific VMDK subformat in the type format options.
The required osbuild version in the SPEC file is not bumped, since the
new functionality is currently not used by any image type.
Related to https://github.com/osbuild/osbuild/pull/999
Define a new aliased type `QEMUFormat` for the format type used by the
osbuild2 QEMU stage and define constants for all allowed values.
Use QEMU format type constants in all relevant places, instead of string
literals. Not using string literals minimizes the room for making a
typo.
Deduplicate the `rpmStageOptions()` function implemented in every distro
`stage_options.go` to `osbuild2` package.
RHEL-8.4 and code using osbuild v1 manifests are not touched.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
We should honour `pkg.CheckGPG` when creating the file inputs for the
rpm stage. This was lost in the transition from v1 to v2 manifests.
Regenerate image test manifests.
Co-authored-by: Tomas Hozza <thozza@redhat.com>
Signed-off-by: Tomas Hozza <thozza@redhat.com>
If a kernel is specified we already set the `SavedEntry`. To preserve
that the saved entry setting will survive grub2 config regeneration
we also need to set `Config.Default` to "saved". Do so. All older
pipelines have been prepared to reset this value to preserve the old
behavior. All new pipelines have been prepared to not overwrite this
setting when `ImageConfig.Grub2Config` is applied.
Use single NewAnacondaStageOptions() from osbuild2 instead of
implementing in each distro.
The new function conditionally adds the user module when there are users
that need to be created at install time (image- and edge-installers).
Use single NewGroupsStageOptions() from osbuild2 instead of implementing
in each distro.
The new function does not set the Group.Name field anymore. The field
does not exist in the osbuild schema and was silently ignored.
The field in the stage has been marked 'omitempty' and the relevant
manifests have been updated.
The `org.osbuild.rpm` stage gained a new option `gpgkeys.fromtree`
which is a list of paths with files containing gpgkeys that will
be imported after the package installation phase is done.
Since udev will probe block devices it is advisable to hold a lock
on the device when modifying its partition table or the superblock
of the filesystem (see [1]). osbuild loopback devices do support
this via the `lock` option. Set this option for all operation that
involve changing block device "metadata" that could potentionally
race with udev, such as sfdisk, mkfs, creating a luks2 container
and creating LVM2 volume groups and logical volumes.
NB: osbuild also has its own device inhibition logic to prevent
udev/lvm2 from auto activating devices and in general to limit the
interaction between the host and devices used by osbuild. See [2]
for more information.
NB: this also locks the loopback device in situation where we the
it is strickly not the right thing to do, e.g. when creating a fs
on a logical voume that is located on a loopback device, since in
this case the device we would need to lock is the logical volume.
Sadly, LVM/DM devices are exempt from block device locking. But,
due to a bug in osbuild < 50, the udev inhibitor does *not* work
for loopback devices and therefore we have to use the actual lock
to preven LVM device auto-activation via `69-dm-lvm-metad.rules`.
The change was implemented by adding a new boolean to `getDevices`
indicating if the loopback device should be locked or not. Once
we depend on osbuild 50 we can change the logic in `getDevices`
to only lock the loopback device if the number of devices is one,
i.e. we are working directly on the loopback device.
[1] https://systemd.io/BLOCK_DEVICE_LOCKING/
[2] /usr/lib/udev/rules.d/10-osbuild-inhibitor.rules
Add a new parameter `lvmify` to `NewPartitionTable` that, if set to
`true`, will cause the root partition to be wrapped in LVM in case
it is not in a LVM volume group. Set this to `false` for now so no
actual change should happen anywhere. Layouts where the root is
directly on a LUKS container are not yet supported.
Add tests for this.
The previous code assumed that the first partition is the location to
write the grub2 core image, implying it needs to always be a PReP or
BIOS-Boot partition. This is not an assumption we can easily make;
instead we now try to detect the correct partition based on its type.
The stage takes no options but a single file input that contains the
root certs.
Add the stage with a helper constructor that will generate the needed
reference based on the actual certificate data.
Add corresponding tests.
Add support for the `org.osbuild.inline` source via a new `InlineSource`
and the corresponding `InlineSourceItem`. A utility function `AddItem`
can be used to conveniently add items based on data (as strings).
New constructor for unified grub2 setups [0]. Having this separate
constructor lets us have different logic for unified and non-unified
cases and also have fewer function parameters.
[0] https://fedoraproject.org/wiki/Changes/UnifyGrubConfig
Co-Authored-By: Christian Kellner <christian@kellner.me>
The Legacy stage option is always set to the value from the function
argument unconditionally. This condition is useless.
Co-Authored-By: Christian Kellner <christian@kellner.me>
Add new helper functions that will return the necessary stages to
prepare a disk image, i.e. take care of creating the raw image
file, partitioning it, creating the devices on it (LUKS2, LVM2),
and formatting all the file systems: `GenImageStagesPrepare`.
Additionally, some partition layouts require some post-processing,
e.g. LVM2 where the volume group needs to be renamed "offline".
For this the `GenImageFinishStages` was added.
Co-Authored-By: Achilleas Koutsou <achilleas@koutsou.net>
This should be called at the end of the pipeline that creates an
image, to add stages that are needed to finish up the image.
Currently the only stage that will be added is the `lvm2.metadata`
stage in the case the partition layout contains LVM2.
Co-Authored-By: Achilleas Koutsou <achilleas@koutsou.net>
It is ok to not pass the creation time to osbuild, i.e. it can be
empty. If so, don't validate it.
Co-Authored-By: Achilleas Koutsou <achilleas@koutsou.net>
Instead of just passing in a single device, pass in a `Devices`
type, i.e. a map of devices, since the LVM can be located on a
LUKS2 container which is located inside a partition so multiple
devices are needed to access it.
Co-Authored-By: Achilleas Koutsou <achilleas@koutsou.net>
The only thing we needed from the passed in device was the filename,
so just pass in that directly.
Co-Authored-By: Achilleas Koutsou <achilleas@koutsou.net>
Verify that we get the necessary "luks2.format" and "lvm2.create"
stages for a partition table that has LVM2 on top of LUKS2.
Co-Authored-By: Achilleas Koutsou <achilleas@koutsou.net>
Partition.Payload now supports every type of disk.Entity which enables
creating PartitionTables with LUKS, LVM, and Btrfs. \o/
Co-Authored-By: Achilleas Koutsou <achilleas@koutsou.net>
Use single NewGrub2StageOptions() and NewGrub2InstStageOptions()
functions from osbuild2 instead of implementing them in distros.
A small option flip is required outside the function for RHEL 8.5 and
RHEL 8.6 to maintain the old behaviour.
Co-Authored-By: Christian Kellner <christian@kellner.me>
Add a new method to create all necessary stages to create the
devices for a given `PartitionTable`.
Co-Authored-By: Achilleas Koutsou <achilleas@koutsou.net>
This is needed so we can have LVM be contained inside a LUKS
container, which is inside a partition; i.e. multiple devices
are needed to get to the target device.
Co-Authored-By: Achilleas Koutsou <achilleas@koutsou.net>
Use entity based method `ForEachMountable` and `getDevices` to generate
all mounts and devices in a generic way, which then allows for mounts on
arbitrarily nested devices.
Update manifests and image info:
- New device names generated by `pathdot()` to avoid basename
collisions.
- Some partitions are generated in a different order now which changes
the order they appear in the manifest and their UUIDs.
Co-Authored-By: Christian Kellner <christian@kellner.me>
