Drop unused `rhel-edge-*` requests, which are not used any more. They
have been replaced by `edge-*` requests.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add the new directories and files customization to the customized qcow2
image manifests used for testing.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Expose the Directory and File customizations in the Cloud API. Also
validate the provided customizations while processing the compose
request by trying to convert them to internal representations
`fsnode.File` and `fsnode.Directory`.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add new error `ErrorInvalidCustomization` used in situations when the
user-provided customization values don't pass validation. This will be
used by the Directory / File customization.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add a default policy for custom directories and files to constrain what
users can do. The intention is to ensure that directories and files can
be created only in `/etc` and also that none of the important
configuration files can be overwritten by this customization.
Add the policy validation to all distro implementation.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add helper functions for checking directory and file blueprint
customizations against the policy of allowed paths.
These functions are not yet used in the distro definitions.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Hook up the custom BP directories and files implementation with OS
pipeline implementation. The user-provided values are now set in the OS
customizations structure and will be used by the OS pipeline generator
when adding stages to the pipeline.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add a helper function for validating the user-provided directory and
file customizations. This is necessary to fail early on invalid input,
instead of when building the image.
The function ensures that:
- No file path is a prefix of another file or directory path
- There are no duplicate file or directory paths in the
customizations
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add helper functions for converting slices of directory and file
customizations structures from the `blueprint` package to a slice of
structures from the `fsnode` package, which are used in image type
definitions.
These will be used to convert BP customizations to the os pipeline
customization then used by the pipeline generator.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Extend the Blueprint customizations with the representation for custom
Directories and Files specified by the user.
Implement custom Unmarshalers for TOML and JSON. These ensure that all
user-provided values are validated before use and also handle the fact
that user and group ownership for directories and files can be
specifies as a string or as an integer.
Implement helper functions for converting the Blueprint-specific types
for these customizations to their internal representation from `fsnode`
package.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Move the `CheckMountpoints()` implementation to `blueprint` package,
since it does not operate on any data structures from the `disk`.
Move the default mountpoint allow list policy definition to the
`pathpolicy` package.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Move the `FilesystemCustomization` structure and its custom
unmarshallers to a dedicated file. This makes `customizations.go` easier
to read.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The `PathPolicies` implements a generic concept that can be fit on more
use cases than just mountpoints. Another one would be a policy for
creating custom files and directories in the image. Having the
implementation in the `disk` package and using data structures from the
`disk` and `blueprint` packages makes it impossible to use it for any
additional BP customization due to a circular dependencies that always
occurs.
Split out the implementation into a separate package `pathpolicy` as the
first step.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Extend the `OSCustomizations` with a list of custom files and
directories, that should be created in the image. If any `Files` or
`Directories` are specified in the `OSCustomizations`, the appropriate
osbuild stages will be added to the `os` pipeline. In addition to that,
any custom files data will be returned by the `getInline()` method of
the `os` pipeline.
This customization can't be yet used by users, because the translation
from BP customization to the `OSCustomizations` is missing.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
This will allow to conveniently add multiple stages to the pipeline at
once, which is useful if a generator function wrapping some
functionality generates more than one `Stage`.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Move the handling of the list of enabled and disabled systemd services
more to the end of the `os` pipeline, just before the SELinux stage.
This has no functional effect on produced images, but it will make it
nicer once the handling of the custom files and directories will be
added to the pipeline. Specifically it should be added right before the
services stage to allow enabling custom service files, but after all
other configurations that are applied to the image.
Regenerate all manifests.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Implement helper functions for generating osbuild stages for a slices of
`fsnode` types, such as Files and Directories. The generated stages will
ensure that the provided FS nodes will be created in the FS tree and
will have their respective properties set (such as ownership, mode,
etc).
These functions are not yet used by any pipeline code, but the idea is
that they will be used in pipeline generator functions to create custom
directories and files based on the pipeline-specific customizations.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add support for files input in the copy stage. This will enable copying
inline sources as a custom files in the image filesystem tree.
Add a simple unit test covering the use of this stage input.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add an internal API for working with custom FS nodes such as Files and
Directories. This implementation is agnostic to external API, such as
Weldr API, Cloud API or osbuild stages. The purpose of it is to be the
common translation layer between all of these "external" APIs and
osbuild.
In this stage, the representation for Files and Directories is added.
The functionality is not yet used by any existing code.
Note about user/group type being `interface{}`:
I considered using the internal `users` representation for users and
groups, but it contains additional information, which are not relevant
for FS node user / group ownership representation. Therefore I didn't
use it. I also considered using separate variables for user / group
name (string) and uid / gid (int64). However, the implementation would
need to ensure that only one of these typed values is set for user /
group or ensure that it refers to the same group / user. My estimate
was that the code ensuring that only one of these typed values is set
would be probably as complex as the current implementation that checks
the types stored in `interface{}` typed variable. And ensuring that
the set user / group name and uid / gid is referring to the same user
/ group is nearly impossible to get right without actually building
the image.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Unify how are allowed options checked in distro implementation in
relation to Ignition customization. Specifically, delete `HasIgnition()`
function and replace its use by `GetIgnition()` call and checking if it is
`nil`. This approach is consistent with how this is checked for other
customizations.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The `GenCopyFSTreeOptions()` function has unused argument
`inputPipeline`. After discussing this with @achilleas-k, we determined
that it would be for the best to refactor this function and split out
the part that generates Mounts and Devices and instead return the actual
Stage from it. The reason for splitting out Mounts and Devices is that
these are then reused also by other stages when constructing pipelines
inside composer.
This would be a bigger change, so just adding the comment to the code to
capture this future work.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Before we were invoking osbuild's stages/devices/mounter directly
without taking the time to validate that the options sent were actually
valid and supported.
This commit adds the support of the validation schema into image-info so
that we're sure we don't mess with the internals when we call them.
On the newest versions of rhel 92, 88, a change in behavior makes the
previous version of image-info failing to mount loopback devices. We've
tracked down this error to be a race condition on udev, yet without
understanding what changed for now.
Osbuild had for some time already a cleaner way to mount partitions.
osbuild has some machinery to opt out of block device handling in udev
48a4419705/devices/org.osbuild.loopback (L69)
Using this fixes the issue at hand.
This changes the way we need to mount all the partitions, including the
LVM ones. This new mechanism might also pave the way to include lusks fs.
There are 3 different ways for subscriptions to be setup, test the
pipeline to make sure it includes the correct commands, and check the
package set chain to make sure it includes the packages needed to
support the selected subscription mode.
When rhc is selected it will install the required packages, register
using rhc and always enable insights.
When rhc is not selected it will use subscription manager for
registration, and optionally enable insights. Also installing required
packages.
