Default to always remove the destination before copying when generating
the copy stage options for custom files in the image. This will ensure
that if the destination is an existing symlink to another file, it won't
be followed.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add support for newly added `remove_destination` option in the copy
stage.
Related to https://github.com/osbuild/osbuild/pull/1241
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Expose the Directory and File customizations in the Cloud API. Also
validate the provided customizations while processing the compose
request by trying to convert them to internal representations
`fsnode.File` and `fsnode.Directory`.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add new error `ErrorInvalidCustomization` used in situations when the
user-provided customization values don't pass validation. This will be
used by the Directory / File customization.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add a default policy for custom directories and files to constrain what
users can do. The intention is to ensure that directories and files can
be created only in `/etc` and also that none of the important
configuration files can be overwritten by this customization.
Add the policy validation to all distro implementation.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add helper functions for checking directory and file blueprint
customizations against the policy of allowed paths.
These functions are not yet used in the distro definitions.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Hook up the custom BP directories and files implementation with OS
pipeline implementation. The user-provided values are now set in the OS
customizations structure and will be used by the OS pipeline generator
when adding stages to the pipeline.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add a helper function for validating the user-provided directory and
file customizations. This is necessary to fail early on invalid input,
instead of when building the image.
The function ensures that:
- No file path is a prefix of another file or directory path
- There are no duplicate file or directory paths in the
customizations
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add helper functions for converting slices of directory and file
customizations structures from the `blueprint` package to a slice of
structures from the `fsnode` package, which are used in image type
definitions.
These will be used to convert BP customizations to the os pipeline
customization then used by the pipeline generator.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Extend the Blueprint customizations with the representation for custom
Directories and Files specified by the user.
Implement custom Unmarshalers for TOML and JSON. These ensure that all
user-provided values are validated before use and also handle the fact
that user and group ownership for directories and files can be
specifies as a string or as an integer.
Implement helper functions for converting the Blueprint-specific types
for these customizations to their internal representation from `fsnode`
package.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Move the `CheckMountpoints()` implementation to `blueprint` package,
since it does not operate on any data structures from the `disk`.
Move the default mountpoint allow list policy definition to the
`pathpolicy` package.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Move the `FilesystemCustomization` structure and its custom
unmarshallers to a dedicated file. This makes `customizations.go` easier
to read.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The `PathPolicies` implements a generic concept that can be fit on more
use cases than just mountpoints. Another one would be a policy for
creating custom files and directories in the image. Having the
implementation in the `disk` package and using data structures from the
`disk` and `blueprint` packages makes it impossible to use it for any
additional BP customization due to a circular dependencies that always
occurs.
Split out the implementation into a separate package `pathpolicy` as the
first step.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Extend the `OSCustomizations` with a list of custom files and
directories, that should be created in the image. If any `Files` or
`Directories` are specified in the `OSCustomizations`, the appropriate
osbuild stages will be added to the `os` pipeline. In addition to that,
any custom files data will be returned by the `getInline()` method of
the `os` pipeline.
This customization can't be yet used by users, because the translation
from BP customization to the `OSCustomizations` is missing.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
This will allow to conveniently add multiple stages to the pipeline at
once, which is useful if a generator function wrapping some
functionality generates more than one `Stage`.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Move the handling of the list of enabled and disabled systemd services
more to the end of the `os` pipeline, just before the SELinux stage.
This has no functional effect on produced images, but it will make it
nicer once the handling of the custom files and directories will be
added to the pipeline. Specifically it should be added right before the
services stage to allow enabling custom service files, but after all
other configurations that are applied to the image.
Regenerate all manifests.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Implement helper functions for generating osbuild stages for a slices of
`fsnode` types, such as Files and Directories. The generated stages will
ensure that the provided FS nodes will be created in the FS tree and
will have their respective properties set (such as ownership, mode,
etc).
These functions are not yet used by any pipeline code, but the idea is
that they will be used in pipeline generator functions to create custom
directories and files based on the pipeline-specific customizations.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add support for files input in the copy stage. This will enable copying
inline sources as a custom files in the image filesystem tree.
Add a simple unit test covering the use of this stage input.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add an internal API for working with custom FS nodes such as Files and
Directories. This implementation is agnostic to external API, such as
Weldr API, Cloud API or osbuild stages. The purpose of it is to be the
common translation layer between all of these "external" APIs and
osbuild.
In this stage, the representation for Files and Directories is added.
The functionality is not yet used by any existing code.
Note about user/group type being `interface{}`:
I considered using the internal `users` representation for users and
groups, but it contains additional information, which are not relevant
for FS node user / group ownership representation. Therefore I didn't
use it. I also considered using separate variables for user / group
name (string) and uid / gid (int64). However, the implementation would
need to ensure that only one of these typed values is set for user /
group or ensure that it refers to the same group / user. My estimate
was that the code ensuring that only one of these typed values is set
would be probably as complex as the current implementation that checks
the types stored in `interface{}` typed variable. And ensuring that
the set user / group name and uid / gid is referring to the same user
/ group is nearly impossible to get right without actually building
the image.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Unify how are allowed options checked in distro implementation in
relation to Ignition customization. Specifically, delete `HasIgnition()`
function and replace its use by `GetIgnition()` call and checking if it is
`nil`. This approach is consistent with how this is checked for other
customizations.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The `GenCopyFSTreeOptions()` function has unused argument
`inputPipeline`. After discussing this with @achilleas-k, we determined
that it would be for the best to refactor this function and split out
the part that generates Mounts and Devices and instead return the actual
Stage from it. The reason for splitting out Mounts and Devices is that
these are then reused also by other stages when constructing pipelines
inside composer.
This would be a bigger change, so just adding the comment to the code to
capture this future work.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
There are 3 different ways for subscriptions to be setup, test the
pipeline to make sure it includes the correct commands, and check the
package set chain to make sure it includes the packages needed to
support the selected subscription mode.
When rhc is selected it will install the required packages, register
using rhc and always enable insights.
When rhc is not selected it will use subscription manager for
registration, and optionally enable insights. Also installing required
packages.
The rhui-azure-rhel8-sap-ha package is currently missing
the /etc/pki/rpm-gpg/RPM-GPG-KEY-microsoft-azure-release key.
This makes the image type unbuildable, which causes some of our tests
to fail.
Overlay the generic RHUI config, so the missing key isn't imported.
See CLOUDX-336 for more information.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
This allows verification of repository metadata signatures.
The gpgkeys field is a list of key urls, or the gpg key itself, starting
with '-----BEGIN PGP PUBLIC KEY BLOCK-----'. These will be written to a
temporary file, and that file:// url will be passed to dnf.
DNF supports more than one GPG key. It is possible that one may be used for
signing packages, and another to sign the repository metadata. This
renamed GPGKey to GPGKeys internally. It does not change the on-disk
repository json format.
When the image definitions were updated to the new framework, I failed
to update the dracut modules for Anaconda installers to match the
existing ones.
The changes in the manifest are at commit
c4af0a1886.
The nvdimm module and the additional drivers were removed.
The nvdimm module in particular is required for http boot but should
only be specified for RHEL 9. In RHEL 8 it is part of the default set
of modules.
See 02bb7a0b4f and
dc95382ba3 for the original commits that
introduced these changes.
Similarly to the change made for rhel9, adding the sos package
gives users a built-in way to gather system logs and debug info.
Signed-off-by: Irene Diez <idiez@redhat.com>
Adds the sos package to the edge commit package set so that
users have built-in way to gather system logs and debug info.
Signed-off-by: Irene Diez <idiez@redhat.com>
The previous error didn't make it clear where the issue was coming from.
Now it explains that the problem is that a partition table for a given
architecture isn't specified on the image type.
Rework the stage to not reimplement `FilesInput` as
`RPMStageInput`, but instead use the one common
`FilesInput` implementation and its supported
references.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Rework the stage to not reimplement `FilesInput` as
`IgnitionStageInput`, but instead use the one common
`FilesInput` implementation and its supported
references.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
