thozza pointed out that `int` is platform dependent which results in
a fs size that is too small for 32-bit machines. This commit changes
the filesystem custimizations to use `uint64` instead of `int`
Use the new bootloader config for OSTree deployments to set the
bootloader backend to `none` since we use grub2 and BLS in all
currentlysupported architectures. In fact, not setting it to
`none`, will use the default `auto`, which will result in the
run of `grub2-mkconfig`, which is not what we want and might
even fail for us.
Expose the new (osbuild > 36) `sysroot.bootloader` option to
configure the bootloader backend for OSTree deployments.
Normally, this should be set to `none` for modern bootloader
that use the BLS, since the BLS snippets are always generated.
The main changes are:
- Kind, Href, Id fields for every object returned
- Attach operationIds to each request, return it for errors
- Errors are predefined and queryable
The variables are set to the git revision from which the build is
triggered and rpm version from the spec file, if it is build using RPM.
This can be later used to query exact source version while
running osbuild-composer.
It is necessary to use both, because none of them is available in all
possible scenarios.
Use either git-rev (preferably) or RPM version (NEVRA) instead of the
"devel" build type. It was just a placeholder.
recover from panics such as out-of-bounds array access & nil
pointer access, print a stack trace and return 5xx error
instead of the service crashing and relying on Execution
framework to handle crashes
The `nss-altfiles` package is actually needed for OSTree based
systems, since in those the user/groups database is located in
the /usr/lib directory (in addition to /etc). It was removed
because it was not available in RHEL 9 (rhbz#1916260). This has
been fixed, so we need to re-include the package.
Add support for a new osbuild stage `org.osbuild.tuned`, for
setting TuneD profile.
Add unit tests for the new stage.
Related to https://github.com/osbuild/osbuild/pull/797.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Add support for a new osbuild stage `org.osbuild.dnf.config`, for
configuring DNF.
Add unit tests for the new stage.
Related to https://github.com/osbuild/osbuild/pull/798.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Add support for a new osbuild stage `org.osbuild.sysctld`, for
creating tmpfiles.d configuration files.
Add unit tests for the new stage.
Related to https://github.com/osbuild/osbuild/pull/804.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Add support for a new osbuild stage `org.osbuild.tmpfilesd`, for
creating tmpfiles.d configuration files.
Add unit tests for the new stage.
Related to https://github.com/osbuild/osbuild/pull/801.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Add support for a new osbuid stage `org.osbuild.selinux.config`,
for setting the desired SELinux policy state and type on the system.
Add unit tests for the new stage.
Related to https://github.com/osbuild/osbuild/pull/799.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
When we firstly introduced the v2 manifests, we excluded docs from all rpm
stages because it doesn't make sense to include docs in edge images.
However, when we ported the other image types to v2, we left the flag on.
The side effect of --excludedocs is that we no longer install man pages into
the image. This the default behaviour of rpm and can be seen here:
b88f43b9a3/macros.in (L555)
This is actually quite a major regression in non-edge images, thus this commit
reverts this setting. It would be great to have the option not to install
docs in some rpm stages but as this is a difficult topic and we're already
past the deadline, we will consider this in the future.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
When we firstly introduced the v2 manifests, we excluded docs from all rpm
stages because it doesn't make sense to include docs in edge images.
However, when we ported the other image types to v2, we left the flag on.
The side effect of --excludedocs is that we no longer install man pages into
the image. This the default behaviour of rpm and can be seen here:
b88f43b9a3/macros.in (L555)
This is actually quite a major regression in non-edge images, thus this commit
reverts this setting. It would be great to have the option not to install
docs in some rpm stages but as this is a difficult topic and we're already
past the deadline, we will consider this in the future.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
Previously it was only possible to configure separate partitions
for mountpoints in the allow list and their immediate subdirectories
only i.e. /var & /var/log
This fix allows for an arbitrary level of mountpoints, i.e. /var/log/audit,
/var/a/b/c/d/e and so on
Previously it was only possible to configure separate partitions
for mountpoints in the allow list and their immediate subdirectories
only i.e. /var & /var/log
This fix allows for an arbitrary level of mountpoints, i.e. /var/log/audit,
/var/a/b/c/d/e and so on
V2 is compliant with api.openshift.com design guidelines.
Errors are predefined, have codes, and are queryable.
All requests have an operationId set: a unique identifier which is
sortable by time. This is added to the response in case of an error.
All returned objects have the href, id, and kind field set.
The RHSM DNF plugins `product-id` and `subscription-manager` are now
by default enabled on the RHEL-8.5 and RHEL-9.0 `ec2`, `ec2-ha` and
`ami` images.
The desired default state of the RHSM DNF plugins has been decided by
the RHSM team.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1996670
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2 configurations for the listeners are now possible:
- enableJWT=false with client ssl auth
- enableJWT=true with https
Actual verification of the tokens is handled by
https://github.com/openshift-online/ocm-sdk-go.
An authentication handler is run as the top level handler, before any
routing is done. Routes which do not require authentication should be
listed as exceptions.
Authentication can be restricted using an ACL file which allows
filtering based on JWT claims. For more information see the inline
comments in ocm-sdk/authentication.
As an added quirk the `-v` flag for the osbuild-composer executable was
changed to `-verbose` to avoid flag collision with glog which declares
the `-v` flag in the package `init()` function. The ocm-sdk depends on
glog and pulls it in.
Move the ostree repository and the tar image to the root of the
boot iso. This has several advantages: we do no longer have to
correctly guess the size of the anaconda image. Also we do not
need to compress the payload within the squashfs.
Update the image installer's test data. NB: the changes to the
package list were introduced earlier and should mostly affect
the build pipeline. Should have caught is in the corresponding
change, but was apparently not picked up by CI.
OSBuild Composer can now build the RHEL 8.5 Raw Images. This images are
compressed raw images, i.e. a file that has a partition layout with an
deployed OSTree commit in it. It can be used to flash onto a hard drive
or booted in a virtual machine. An existing OSTree commit needs to
be provided.
The following image new types are supported: edge-raw-image.
Instead of using package sets at the distro, arch and image type
level and then merging them in `PackageSets`, store the function
that generates the package set in the image type and have them
return all the package set. In order to do so, they now take an
imageType parameter so that they can also return architecture
dependent packages.
Instead of having a common build package set defined at distro
struct level and merging them together with build packages in
the image type (and arches), we do the "inheritance" at the
package set level and append more specific packages to base
sets there. We also now ensure that each image type does have
a build package set defined.
The actual package set should not change for anything due to
this commit.
