Fix the following error reported by Coverity:
```
Defect type: SUPPRESSED_ERROR
1. osbuild-composer-75/_build/src/github.com/osbuild/osbuild-composer/internal/manifest/os.go:546: suppressed_error: The error returned by the function "GetVerStrFromPackageSpecList(p.packageSpecs, "dracut-config-rescue")" is not explicitly checked.
2. osbuild-composer-75/_build/src/github.com/osbuild/osbuild-composer/internal/manifest/os.go:546: remediation: Explicitly check the return error.
544| }
545|
546|-> rescueVer, _ := rpmmd.GetVerStrFromPackageSpecList(p.packageSpecs, "dracut-config-rescue")
547| hasRescue := rescueVer != ""
548| bootloader = osbuild.NewGrub2LegacyStage(
```
Change the code to check if the called function returned an error or
not. If not error is returned, then the function returns a package
version string.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
We actually use rhui/cloud access images for rpmbuild as well. And the
sync issue between cdn and rhui repos can cause issues when rpms are
build against older packages.
This is a workaround to make the systemd believe it's firstboot
when ignition runs on real firstboot.
Right now, since we ship /etc/machine-id, systemd thinks it's not firstboot
and ignition depends on it to run on the real firstboot to enable services from presets.
Since this only applies to artifacts with ignition and changing machineid-compat at
commit creation time may have undesiderable effect, we're doing it here as a stopgap.
We may revisit this in the future.
This patch also pins the version of osbuild because it depends on a fix
for the ignition stage.
Signed-off-by: Antonio Murdaca <antoniomurdaca@gmail.com>
Tracing the package set and repository journey, I found that the
container package defined on the image type is never really used.
Added notes to fix later.
The bug wasn't caught because the PackageSets field of the repository
wasn't being copied after parsing the compose request for the test
manifest.
This should now catch future occurrences of this bug.
The value comes from the command line args of the test binary
(osbuild-composer-manifest-tests). It works in our tests because we use
the default value, but if it was set differently it would have been
ignored.
Pass through all repos to the initalizeManifest() function. Each
pipeline will then select which repositories it needs based on the
PackageSets field of each repository.
Before, we only passed global repos down to the manifest generators and
pipeline-specific repositories would only be used if they were attached
to package sets and were handled explicitly by a pipeline generator.
The repositories of the "blueprint" package set are explicitly added to
the workload and returned by the "os" pipeline.
The repositories of the "installer" package set are explicitly added to
the "anaconda-tree" pipeline.
If a repository was specified for any other pipeline, for example
"build", the repositories for the that package set were never added to
the pipeline.
Fixes#3290
Function that filters a list of repositories to return only the global
repos and any that define a given pipeline or package set name in their
list of PackageSets.
Match the key for the OS packages to the name of the OS pipeline ("os").
We will use this key to identify package sets that are returned from the
OS pipeline since the manifest returns package sets indexed by each
pipeline's name.
New test that runs through a few different scenarios of assigning
repositories to specific package sets. Each scenario defines a set of
global repositories (or none) and a set of pipeline-specific
repositories (or none) and an expected result. It then calls the
distro's PackageSets() method. The test checks that the package sets
that are returned are assigned the correct repositories based on the
test case's expected result.
A basic string-set struct is implemented to help with merging and
comparing string slices.
This test should currently fail due to #3290.
Regenerate image manifests which use the files customization and are
affected by the recent change to `osbuild/fsnode.go`, specifically to
always setting the `RemoveDestination` to `true`.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Default to always remove the destination before copying when generating
the copy stage options for custom files in the image. This will ensure
that if the destination is an existing symlink to another file, it won't
be followed.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Set the dependency to osbuild version 80, which contains the
`remove_destination` option in the copy stage.
https://github.com/osbuild/osbuild/releases/tag/v80
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add support for newly added `remove_destination` option in the copy
stage.
Related to https://github.com/osbuild/osbuild/pull/1241
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Test the directories and files customization with the ostree container
image type deployed using the (Anaconda-based) installer image.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Reformat calls of `ansible-playbook` by splitting them into multiple
lines. This makes it easier to read.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Extend the `check_ostree.yaml` to check the result of directories
and files customizations on a running ostree-based system. The test
also checks if a custom systemd unit `custom.service` got enabled
and started on boot.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Use directories and files customization in the compose request for image
types that support this customization (only ostree installer and raw
image do not support it).
Extend the instance verification to check for the custom directories and
files.
Extend the ostree commit verification to check for the custom
directories and files.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Previously, the `--format=json` was always set in the `$GCP_CMD`. This
was working OK in general, but it is creating issues when using
`$GCP_CMD compute ssh` to execute commands on the provisioned VM. In
such case, an extra `[]` is added to the output, which then causes
various checks to fail, since the captured stdout is different than
expected.
Instead remove the `--format=json` by default from `$GCP_CMD` and use it
explicitly only in cases when `jq` is used to parse the command's
output. In all other cases, it should be OK to not set the output format
to JSON and it is very much desirable to do so when SSH-ing to the VM.
Also by default pass the `--quiet` option to `gcloud` when using it from
the container. This was previously done only when using the tool
installed on the system.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add `iot-container` test manifests with customizations. Specifically with
files, directories and services.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add `edge-container` test manifests with customizations. Specifically with
files, directories and services.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add `edge-commit` test manifests with customizations. Specifically with
files, directories and services.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Drop unused `rhel-edge-*` requests, which are not used any more. They
have been replaced by `edge-*` requests.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add the new directories and files customization to the customized qcow2
image manifests used for testing.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Expose the Directory and File customizations in the Cloud API. Also
validate the provided customizations while processing the compose
request by trying to convert them to internal representations
`fsnode.File` and `fsnode.Directory`.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add new error `ErrorInvalidCustomization` used in situations when the
user-provided customization values don't pass validation. This will be
used by the Directory / File customization.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add a default policy for custom directories and files to constrain what
users can do. The intention is to ensure that directories and files can
be created only in `/etc` and also that none of the important
configuration files can be overwritten by this customization.
Add the policy validation to all distro implementation.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add helper functions for checking directory and file blueprint
customizations against the policy of allowed paths.
These functions are not yet used in the distro definitions.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Hook up the custom BP directories and files implementation with OS
pipeline implementation. The user-provided values are now set in the OS
customizations structure and will be used by the OS pipeline generator
when adding stages to the pipeline.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
