Refactor the `composeHandler()` method to send the actual error
returned by `getImageType()` as an API response.
Modify tests to handle the changed error message in API calls.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Rename the `checkImageTypeDenylist()` method to `isImageTypeAllowed()`
and return boolean value instead of error.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Change the Image Type denylist in Weldr API from being applied to all
distributions to being distribution-specific. A special name `*`
can be used in the configuration to match any distribution
or any image type.
Modify NEWS entry and unit tests to reflect this change.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Extend Weldr API to accept a list of denied image types, which should
not be exposed via API for any supported distribution. This
functionality will be needed to not expose image types which can't be
successfully built outside of Red Hat VPN. Example of such images are
the official RHEL EC2 images, which include RHUI client packages not
available publicly.
Image Types are filters when listing available compose types and
creating a new compose using Weldr API.
Extend osbuild-composer configuration to allow specifying the list of
denied Image Types for Weldr API.
Add unit tests for implemented changes.
Add NEWS entry describing the newly introduced functionality.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
The previous manifests were generated inside a RHEL VM which means that
the selinux context mismatch check didn't run properly
(see https://bugzilla.redhat.com/show_bug.cgi?id=1973754).
Regenerating them on F34 shows some mismatches for certain image types.
Signed-off-by: Achilleas Koutsou <achilleas@koutsou.net>
In the main OS pipeline created by osPipeline(), there is often a set of
stages that are added after the common ones. The SELinux stage must
always be last in the pipeline, so it is added externally by the calling
function.
Signed-off-by: Achilleas Koutsou <achilleas@koutsou.net>
fsjobqueue_test contained tests that are generically testing the
JobQueue interface. Split those out into its own package `jobqueuetest`.
These tests will be useful when implementing a new package that conforms
to the JobQueue interface.
Cloud api now exposes user customization that let a customer able to add
a new user with a set of groups and a ssh key.
Testing:
* adds 2 users to the AWS image, accessible with a temp ssh key.
* the first one is in the group wheel, the other is not
Fixes#1574
To help along with debugging, this commit makes the worker able to print
the status of the different stages with a oneliner for each successfull
stages and a detailed message for failed ones.
Sample output:
Jul 23[..]: Build stages results:
Jul 23[..]: org.osbuild.rpm success
Jul 23[..]: org.osbuild.selinux success
Jul 23[..]: Stages results:
Jul 23[..]: org.osbuild.rpm success
Jul 23[..]: org.osbuild.fix-bls success
Jul 23[..]: org.osbuild.fstab success
Jul 23[..]: org.osbuild.grub2 success
Jul 23[..]: org.osbuild.locale success
Jul 23[..]: org.osbuild.timezone success
Jul 23[..]: org.osbuild.users failure:
Jul 23[..]: [/usr/lib/tmpfiles.d/journal-nocow.conf:26] Failed to resolve specifier: uninitialized /etc detected, skipping
Jul 23[..]: All rules containing unresolvable specifiers will be skipped.
Jul 23[..]: Failed to create file /sys/fs/selinux/checkreqprot: Read-only file system
Jul 23[..]: useradd: group 'toto' does not exist
Fixes#1584
The package set is needed by the GRUB 2 stage options function to find
the Kernel package in order to add the saved entry option. The Kernel
package is defined in the blueprints package set, not the OS package
set.
Signed-off-by: Achilleas Koutsou <achilleas@koutsou.net>
The system sources allow specification of the rhsm parameter, but it
isn't available in the sources configured over the Weldr API. This patch
implements support for it.
Previously, all sorts of tests that provided no value were run for RHEL 9.0.
This commit limits its testing to the only test that makes sense: koji.sh.
See #1461 for more details.
Fixes#1461
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
The part creating Systemd unit drop-ins was extracted from
`org.osbuild.systemd` stage to `org.osbuild.systemd.unit`,
before the osbuild v30 release. Update the composer implementation
to reflect the change.
Related to https://github.com/osbuild/osbuild/pull/739.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
The `org.osbuild.systemd-logind` stage was reworked before the osbuild
v30 release. Update the composer implementation to match the expected
schema.
Related to https://github.com/osbuild/osbuild/pull/739.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
The `org.osbuild.dracut.conf` stage was reworked before the osbuild v30
release. Update the composer implementation to match the expected
schema.
Related to https://github.com/osbuild/osbuild/pull/739.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
The `org.osbuild.modprobe` stage was reworked before the osbuild v30
release. Update the composer implementation to match the expected
schema.
Related to https://github.com/osbuild/osbuild/pull/739.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
The `org.osbuild.cloud-init` stage was reworked before the osbuild v30
release. Update the composer implementation to match the expected
schema.
Related to https://github.com/osbuild/osbuild/pull/739.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
If there's no kernel in the main package set, the standard/default
kernel will be added while depsolving. This causes issues when an
alternative kernel is selected in the blueprint. Both kernels will be
installed (one from the blueprint and one from the main OS set) which
causes issues with ostree image types.
Instead of inspecting the tarball directly, extract it and use ostree to
verify the ref and commit ID.
Adds some data to the CI artifacts directory:
- Build manifest
- Tarball file list for s3 edge commit with s3 upload
- Build metadata
When not flushed, the line often doesn't get printed until after the job
is done. Printing it before the job is useful for knowing the progress
of a multi-job run.
Since partitions without a filesystem are skipped, we need to
dynamically append to create the mounts array instead of pre-allocating
to the number of partitions.
Blueprint packages are now defined and passed into Manifest()
separately. The main osPipelines() already has an argument for
explicitly passing the blueprint packages. Added the same for the ostree
pipelines.
Previously, /boot/efi mount was specified before /. This obviously doesn't
work because we need to mount / firstly.
This commit adds explicit ordering of the mounts.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
