This testcase tested for a / size of 1 GiB but better is to test for a
minimal size of 4 GiB which is the actual lower limit when the required
sizes are added together.
For parity with ImageFactory built images there should be only a DOS
partition table in the raw images, with a non-standard ID set for the
boot partition for Raspberry Pi compatibility.
This only applies to the aarch64 images.
As noted in #3220.
These RequiredSizes are a map that is passed on to the partition table
logic which had hardcoded defaults. This makes it possible to define
either no RequiredSizes (`nil`) or empty RequiredSizes which means no
further constraint checks or partition resizes will be done.
Create a resolver to fetch the contents of a
remote file which can be used at build time.
The initial usecase for this resolver is to
resolve remote gpgkeys but the resolver has
been made more generic for general files.
Only add the arch label for osbuild job types, as the finish metrics
behave similarly. Having arch labels on dequeue metrics for any other
job type (but not on the finish metrics) would produce weird results.
With the addition of the minimal rpm package set and image type in #3181
the previously added bare metal package set is a duplicate. It's not
used elsewhere within fedora and the minimal rpm package set is
officially defined.
ioutil has been deprecated since go 1.16, this fixes all of the
deprecated functions we are using:
ioutil.ReadFile -> os.ReadFile
ioutil.ReadAll -> io.ReadAll
ioutil.WriteFile -> os.WriteFile
ioutil.TempFile -> os.CreateTemp
ioutil.TempDir -> os.MkdirTemp
All of the above are a simple name change, the function arguments and
results are exactly the same as before.
ioutil.ReadDir -> os.ReadDir
now returns a os.DirEntry but the IsDir and Name functions work the
same. The difference is that the FileInfo must be retrieved with the
Info() function which can also return an error.
These were identified by running:
golangci-lint run --build-tags=integration ./...
Fix the following error reported by Coverity:
```
Defect type: SUPPRESSED_ERROR
1. osbuild-composer-75/_build/src/github.com/osbuild/osbuild-composer/internal/manifest/os.go:546: suppressed_error: The error returned by the function "GetVerStrFromPackageSpecList(p.packageSpecs, "dracut-config-rescue")" is not explicitly checked.
2. osbuild-composer-75/_build/src/github.com/osbuild/osbuild-composer/internal/manifest/os.go:546: remediation: Explicitly check the return error.
544| }
545|
546|-> rescueVer, _ := rpmmd.GetVerStrFromPackageSpecList(p.packageSpecs, "dracut-config-rescue")
547| hasRescue := rescueVer != ""
548| bootloader = osbuild.NewGrub2LegacyStage(
```
Change the code to check if the called function returned an error or
not. If not error is returned, then the function returns a package
version string.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
This is a workaround to make the systemd believe it's firstboot
when ignition runs on real firstboot.
Right now, since we ship /etc/machine-id, systemd thinks it's not firstboot
and ignition depends on it to run on the real firstboot to enable services from presets.
Since this only applies to artifacts with ignition and changing machineid-compat at
commit creation time may have undesiderable effect, we're doing it here as a stopgap.
We may revisit this in the future.
This patch also pins the version of osbuild because it depends on a fix
for the ignition stage.
Signed-off-by: Antonio Murdaca <antoniomurdaca@gmail.com>
Tracing the package set and repository journey, I found that the
container package defined on the image type is never really used.
Added notes to fix later.
The value comes from the command line args of the test binary
(osbuild-composer-manifest-tests). It works in our tests because we use
the default value, but if it was set differently it would have been
ignored.
Pass through all repos to the initalizeManifest() function. Each
pipeline will then select which repositories it needs based on the
PackageSets field of each repository.
Before, we only passed global repos down to the manifest generators and
pipeline-specific repositories would only be used if they were attached
to package sets and were handled explicitly by a pipeline generator.
The repositories of the "blueprint" package set are explicitly added to
the workload and returned by the "os" pipeline.
The repositories of the "installer" package set are explicitly added to
the "anaconda-tree" pipeline.
If a repository was specified for any other pipeline, for example
"build", the repositories for the that package set were never added to
the pipeline.
Fixes#3290
Function that filters a list of repositories to return only the global
repos and any that define a given pipeline or package set name in their
list of PackageSets.
Match the key for the OS packages to the name of the OS pipeline ("os").
We will use this key to identify package sets that are returned from the
OS pipeline since the manifest returns package sets indexed by each
pipeline's name.
New test that runs through a few different scenarios of assigning
repositories to specific package sets. Each scenario defines a set of
global repositories (or none) and a set of pipeline-specific
repositories (or none) and an expected result. It then calls the
distro's PackageSets() method. The test checks that the package sets
that are returned are assigned the correct repositories based on the
test case's expected result.
A basic string-set struct is implemented to help with merging and
comparing string slices.
This test should currently fail due to #3290.
Default to always remove the destination before copying when generating
the copy stage options for custom files in the image. This will ensure
that if the destination is an existing symlink to another file, it won't
be followed.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add support for newly added `remove_destination` option in the copy
stage.
Related to https://github.com/osbuild/osbuild/pull/1241
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Expose the Directory and File customizations in the Cloud API. Also
validate the provided customizations while processing the compose
request by trying to convert them to internal representations
`fsnode.File` and `fsnode.Directory`.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add new error `ErrorInvalidCustomization` used in situations when the
user-provided customization values don't pass validation. This will be
used by the Directory / File customization.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add a default policy for custom directories and files to constrain what
users can do. The intention is to ensure that directories and files can
be created only in `/etc` and also that none of the important
configuration files can be overwritten by this customization.
Add the policy validation to all distro implementation.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add helper functions for checking directory and file blueprint
customizations against the policy of allowed paths.
These functions are not yet used in the distro definitions.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Hook up the custom BP directories and files implementation with OS
pipeline implementation. The user-provided values are now set in the OS
customizations structure and will be used by the OS pipeline generator
when adding stages to the pipeline.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add a helper function for validating the user-provided directory and
file customizations. This is necessary to fail early on invalid input,
instead of when building the image.
The function ensures that:
- No file path is a prefix of another file or directory path
- There are no duplicate file or directory paths in the
customizations
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add helper functions for converting slices of directory and file
customizations structures from the `blueprint` package to a slice of
structures from the `fsnode` package, which are used in image type
definitions.
These will be used to convert BP customizations to the os pipeline
customization then used by the pipeline generator.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Extend the Blueprint customizations with the representation for custom
Directories and Files specified by the user.
Implement custom Unmarshalers for TOML and JSON. These ensure that all
user-provided values are validated before use and also handle the fact
that user and group ownership for directories and files can be
specifies as a string or as an integer.
Implement helper functions for converting the Blueprint-specific types
for these customizations to their internal representation from `fsnode`
package.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Move the `CheckMountpoints()` implementation to `blueprint` package,
since it does not operate on any data structures from the `disk`.
Move the default mountpoint allow list policy definition to the
`pathpolicy` package.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Move the `FilesystemCustomization` structure and its custom
unmarshallers to a dedicated file. This makes `customizations.go` easier
to read.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The `PathPolicies` implements a generic concept that can be fit on more
use cases than just mountpoints. Another one would be a policy for
creating custom files and directories in the image. Having the
implementation in the `disk` package and using data structures from the
`disk` and `blueprint` packages makes it impossible to use it for any
additional BP customization due to a circular dependencies that always
occurs.
Split out the implementation into a separate package `pathpolicy` as the
first step.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Extend the `OSCustomizations` with a list of custom files and
directories, that should be created in the image. If any `Files` or
`Directories` are specified in the `OSCustomizations`, the appropriate
osbuild stages will be added to the `os` pipeline. In addition to that,
any custom files data will be returned by the `getInline()` method of
the `os` pipeline.
This customization can't be yet used by users, because the translation
from BP customization to the `OSCustomizations` is missing.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
This will allow to conveniently add multiple stages to the pipeline at
once, which is useful if a generator function wrapping some
functionality generates more than one `Stage`.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
