Don't upgrade centos-9-stream repos in the Schutzfile, the newer ones
are broken. Considering CI is broken on main right now, that takes
priority, fixing centos-9 can be done in a followup.
The RPM GPG release key used by Red Hat to sign its content used to be
signed using SHA-1. SHA-1 is no longer accepted on RHEL-10 / c10s and as
a result, such key can't be imported during image build. The RH GPG
release key has been resigned using SHA256 some time ago. Let's use this
version of the key for all RHEL repositories.
The key is taken from:
https://access.redhat.com/security/team/key
Specifically:
https://access.redhat.com/security/data/fd431d51.txt
The second key (auxiliary key 3) was not changed.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Update RHEL 8.9 and 9.3 repo definitions to use the CDN repos, since
these are already GA.
Add SAP repositories to all RHEL repo configs, to be able to build the
SAP image for testing purposes.
Fix minor issues found in repos (e.g. 8.8 RT repo pointing to 8.7,
etc.).
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Where applicable, modify all repo config filenames to use a dot
to separate the release major and minor version. Modify test cases
to not remove dot from the distro version any more.
Existing tests will be extended (or new tests added) to explicitly test
backward compatibility and ensure that using old distro names without a
dot still works.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Check if the os has the system FIPS mode enabled
when `fips="true"` is passed as an ansible variable.
Signed-off-by: Miguel Martín <mmartinv@redhat.com>
- Add ppc64le and s390x repo URLs to Fedora repositories.
- Add Fedora 40 (rawhide) repositories.
- Update Fedora testing repositories to latest snapshots, adding new
arches and F40 repos. Basically took what is in osbuild/images repo.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Use EUS repositories for these RHEL versions, since the content of
non-EUS repos is too old for CIV to pass on images built using them.
This is caused by some bugs which are tested by CIV being fixed only in
EUS.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
1. Remove ansible-blocking-io.py workaround. It's not required.
2. Variable should be PROD_REPO_URL, not STAGE_REPO_URL in
ostree-raw-image.sh
3. Use --reboot in rpm-ostree install to reboot VM instead of
a reboot ansible task
4. Wait until config file serviceinfo_api_server.yml exists, to
avoid file not available to use flaky issue
This image type produces the same artifact as the current workstation
installer live media.
During the implementation of this new installer some names have been
changed to make a bit more sense in the source tree. Installer images
now always mention which installer they are (anaconda, etc).
