This is a workaround to make the systemd believe it's firstboot
when ignition runs on real firstboot.
Right now, since we ship /etc/machine-id, systemd thinks it's not firstboot
and ignition depends on it to run on the real firstboot to enable services from presets.
Since this only applies to artifacts with ignition and changing machineid-compat at
commit creation time may have undesiderable effect, we're doing it here as a stopgap.
We may revisit this in the future.
This patch also pins the version of osbuild because it depends on a fix
for the ignition stage.
Signed-off-by: Antonio Murdaca <antoniomurdaca@gmail.com>
Default to always remove the destination before copying when generating
the copy stage options for custom files in the image. This will ensure
that if the destination is an existing symlink to another file, it won't
be followed.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add support for newly added `remove_destination` option in the copy
stage.
Related to https://github.com/osbuild/osbuild/pull/1241
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
This will allow to conveniently add multiple stages to the pipeline at
once, which is useful if a generator function wrapping some
functionality generates more than one `Stage`.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Implement helper functions for generating osbuild stages for a slices of
`fsnode` types, such as Files and Directories. The generated stages will
ensure that the provided FS nodes will be created in the FS tree and
will have their respective properties set (such as ownership, mode,
etc).
These functions are not yet used by any pipeline code, but the idea is
that they will be used in pipeline generator functions to create custom
directories and files based on the pipeline-specific customizations.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add support for files input in the copy stage. This will enable copying
inline sources as a custom files in the image filesystem tree.
Add a simple unit test covering the use of this stage input.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The `GenCopyFSTreeOptions()` function has unused argument
`inputPipeline`. After discussing this with @achilleas-k, we determined
that it would be for the best to refactor this function and split out
the part that generates Mounts and Devices and instead return the actual
Stage from it. The reason for splitting out Mounts and Devices is that
these are then reused also by other stages when constructing pipelines
inside composer.
This would be a bigger change, so just adding the comment to the code to
capture this future work.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
DNF supports more than one GPG key. It is possible that one may be used for
signing packages, and another to sign the repository metadata. This
renamed GPGKey to GPGKeys internally. It does not change the on-disk
repository json format.
Rework the stage to not reimplement `FilesInput` as
`RPMStageInput`, but instead use the one common
`FilesInput` implementation and its supported
references.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Rework the stage to not reimplement `FilesInput` as
`IgnitionStageInput`, but instead use the one common
`FilesInput` implementation and its supported
references.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Rework the stage to not reimplement `FilesInput` as `QEMUStageInput`,
but instead use the one common `FilesInput` implementation and its
supported references.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Rework the stage to not reimplement `FilesInput` as
`FDOStageInput`, but instead use the one common
`FilesInput` implementation and its supported
references.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The `FilesInputs` was since the beginning an XZ-specific implementation
of the input, but it was implemented in the `files_input.go` in a false
hope that it could be used as a generic stage inputs by any stages. It
turned out that various stages require different implementation of
its input. Specifically there is usually a stage-specific key, which has
assigned a common input type. For XZ stage, the key is `file`.
Remove `FilesInputs` and instead implement `XzStageInputs` which is now
accepted by the XZ stage.
Fix all affected pipeline implementations that use XZ stage.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Rework files input implementation to support all reference types
supported by the input schema. Also implement helper functions to
generate supported reference types. In some cases, the reference
supports e.g. referencing multiple pipelines in the stage inputs, but
this is currently not implemented, since no pipeline in composer uses
it.
Rework the files input unit tests to cover the new functionality.
Adjust all code affected by the changes made to files input.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The default value for the `os.FileMode` is zero, but the actual default
value used by the stage if no value is specified in the options is
`0777`. By using the pointer, we'll allow one to specify `0000`
permissions as a value which won't be omitted from the stage options.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add support for `exist_ok` stage option added as part of
PR#1224 [1], which allows to gracefully handle existence of a directory
path specified to the stage.
This will be helpful when creating custom directories in the image via
customizations, because one can't know in advance whether the directory
path won't be created by a package installed in the image.
Not bumping the requires on osbuild, because this new option is not yet
used by any image definition or customization.
[1] https://github.com/osbuild/osbuild/pull/1224
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The stage supports a `parents` property in stage path options, which
allows one to auto-create any parent directories as needed.
Add the property to stage options implementation.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The plain `Path` name was a bit unfortunate, since it was specific to
the `mkdir` stage, but it was used outside of the `osbuild` package as
`osbuild.Path` which was making a wrong impression of it being a generic
path structure. This is not true.
Rename the structure to contain the stage name.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
After introducing Go 1.18 to a project, it's required by law to convert at
least one method to a generic one.
Everyone hates IntToPtr, StringToPtr, BoolToPtr and Uint64ToPtr, so let's
convert them to the ultimate generic ToPtr one.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
Updates firewall stage customizations to allow zones
as per the changes made on osbuild/osbuild#1157
Relevant tests and pipelines for rhel8+9 updated.
Signed-off-by: Irene Diez <idiez@redhat.com>
Creates new stage to configure
journald to persist the journal.
Instead of creating the `/var/log/journal`
directory we explicitly configure journald
via the new stage.This is done in
according to the FCOS norms.
Unit tests also added for functionality
check.
Co-authored-by: Irene Diez <idiez@redhat.com>
Signed-off-by: Sayan Paul <saypaul@redhat.com>
The org.osbuild.chrony stage was extended to allow additional directives
alongside time servers [1]. The old Timeservers string slice was kept
for backwards compatibility. Removing support for it in
osbuild-composer makes working with the stage's options simpler. Using
the new struct slice Servers field and only specifying a Hostname for
each element is equivalent to the old behaviour, so no functionality is
lost.
This simplifies the chrony stage since no validation is required
anymore.
It also simplifies the propagation of configuration options through the
pipeline generation code which doesn't need to check for both types of
stage options.
[1] https://github.com/osbuild/osbuild/pull/692
This adds the `fedora-image-installer` and
`fedora-image-installer-preview` images.
The image installer type installs anaconda-webui on Fedora >= 38 to use
the new UI. It also writes its setting to
`/usr/share/anaconda/interactive-defaults.ks` as the current
anaconda-webui has not yet been tested in kickstart mode.
To do so manifest.Anaconda was expanded to take a (subset) of options
for a KickstartStage which is will write into interactive-defaults.ks.
And to take a list of additional modules to enable, so we can set up
Anaconda with all default modules.
The CommitSource was used to specify the source URL and checksum of a
commit for use in manifest sources. Renaming to CommitSpec and adding a
Ref parameter generalises the type so that we can use it to specify
commits in various situations. This is building towards separating when
ostree parameters are used for fetching a commit, fetching a parent
commit, and building one.
The CommitSpec is (very roughly) analogous to the rpmmd.PackageSpec.
Don't pass blueprint Users and Groups options all the way down to the
osbuild stage bindings. Instead, convert them to the internal
users.User and users.Group structs.
Ideally we would do this even higher up in the code path, before
reaching the distro, but this is the first step towards that.
- Remove stage-specific input types when they are org.osbuild.tree input
types.
- Use PipelineTreeInputs when stage requires a single tree input
reference with an arbitrary key.
- For Stages that require a specific key with a tree input, make the key
part of the NewXStage() function and only allow specifying the name of
the pipeline from which to copy the tree as part of the function
arguments.
Convenience function for creating a map with a single input pointing to
a pipeline's tree with a given key.
Different stages use different keys in the map (often "tree").
Functions will be added for each stage to create a map with the
appropriate key when necessary.
The references field in org.osbuild.tree inputs currently supports one
of three forms, all of which are functionally equivalent:
- Array of one string
- Array of one object with key "id" and string value
- Single object with no properties (only key/name)
We use the first form which is the simplest.
The string should refer to a pipeline by name (as name:<pipelinename>),
which means the input refer to the final tree of the named pipeline.
Change partition tables on edgeBase images to use
'LVM partitioning'. We need to ensure that LVM
stages are done before LUKS stages (e.g. remove-key)
or the pipelines will break (we cannot open a device
when its password has changed).
Add relevant tests on device_test.go plus a new
test partition table on common_test.go
Generators for creating UsersStage and GroupsStage from the new internal
types.
These are almost identical to the existing stage option creation
functions. Those will be removed once every use is replaced with the
new generators.
New mount type added: org.osbuild.ostree.deployment.
Adding this to a stage will setup all needed bind mounts so that a given
`tree` will look like an active OSTree deployment, very much as OSTree
does during early boot.
This is often necessary when making changes to files in /etc for an
ostree image.
