--- distros: - &fedora_rawhide name: fedora-43 distro_like: fedora preview: true os_version: 43 release_version: 43 module_platform_id: platform:f43 product: "Fedora" ostree_ref_tmpl: "fedora/43/%s/iot" iso_label_tmpl: "{{.Product}}-{{.Distro.MajorVersion}}-{{.ISOLabel}}-{{.Arch}}" default_fs_type: "ext4" defs_path: fedora runner: &fedora_runner name: org.osbuild.fedora43 build_packages: - "glibc" # ldconfig - "systemd" # systemd-tmpfiles and systemd-sysusers - "python3" # osbuild oscap_profiles_allowlist: - "xccdf_org.ssgproject.content_profile_ospp" - "xccdf_org.ssgproject.content_profile_pci-dss" - "xccdf_org.ssgproject.content_profile_standard" bootstrap_containers: x86_64: "registry.fedoraproject.org/fedora-toolbox:43" aarch64: "registry.fedoraproject.org/fedora-toolbox:43" ppc64le: "registry.fedoraproject.org/fedora-toolbox:43" s390x: "registry.fedoraproject.org/fedora-toolbox:43" # XXX: remove once fedora containers are part of the upstream # fedora registry (and can be validated via tls) riscv64: "ghcr.io/mvo5/fedora-buildroot:43" # XXX: add repos here too, that requires some churn, see # https://github.com/osbuild/images/compare/main...mvo5:yaml-distroconfig?expand=1 # and we will also need to think about backward compat, as currently # dropping "$distro-$ver.json" files into # /etc/osbuild-composer/repositories will define what distros are # available via images and we will need to provide compatibility for # that. # # Having the repos separated means when a new fedora release is out # we will need to update two places which is clearly a regression from # before. - &fedora_stable <<: *fedora_rawhide name: "fedora-{{.MajorVersion}}" match: 'fedora-[1-9][0-9]+' preview: false os_version: "{{.MajorVersion}}" release_version: "{{.MajorVersion}}" module_platform_id: "platform:f{{.MajorVersion}}" ostree_ref_tmpl: "fedora/{{.MajorVersion}}/%s/iot" runner: <<: *fedora_runner name: "org.osbuild.fedora{{.MajorVersion}}" bootstrap_containers: x86_64: "registry.fedoraproject.org/fedora-toolbox:{{.MajorVersion}}" aarch64: "registry.fedoraproject.org/fedora-toolbox:{{.MajorVersion}}" ppc64le: "registry.fedoraproject.org/fedora-toolbox:{{.MajorVersion}}" s390x: "registry.fedoraproject.org/fedora-toolbox:{{.MajorVersion}}" # XXX: remove once fedora containers are part of the upstream # fedora registry (and can be validated via tls) riscv64: "ghcr.io/mvo5/fedora-buildroot:{{.MajorVersion}}" - &rhel10 name: "rhel-{{.MajorVersion}}.{{.MinorVersion}}" match: 'rhel-10\.[0-9]{1,2}' distro_like: rhel-10 product: "Red Hat Enterprise Linux" os_version: "10.{{.MinorVersion}}" release_version: 10 module_platform_id: "platform:el10" vendor: "redhat" ostree_ref_tmpl: "rhel/10/%s/edge" default_fs_type: "xfs" defs_path: rhel-10 iso_label_tmpl: "RHEL-{{.Distro.MajorVersion}}-{{.Distro.MinorVersion}}-0-BaseOS-{{.Arch}}" runner: name: "org.osbuild.rhel{{.MajorVersion}}{{.MinorVersion}}" build_packages: &rhel10_runner_build_packages - "glibc" # ldconfig - "platform-python" # osbuild - "systemd" # systemd-tmpfiles and systemd-sysusers - "python3" # osbuild stages conditions: "some image types are rhel-only": when: not_distro_name: "rhel" ignore_image_types: - azure-cvm - azure-rhui - azure-sap-rhui - azure-sapapps-rhui - ec2 - ec2-sap - ec2-ha "some image types are non-rhel-only": when: distro_name: "rhel" ignore_image_types: - azure # rhel & centos share the same list of allowed profiles so a # single allow list can be used oscap_profiles_allowlist: &oscap_profile_allowlist_rhel_10 - "xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced" - "xccdf_org.ssgproject.content_profile_anssi_bp28_high" - "xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary" - "xccdf_org.ssgproject.content_profile_anssi_bp28_minimal" - "xccdf_org.ssgproject.content_profile_cis" - "xccdf_org.ssgproject.content_profile_cis_server_l1" - "xccdf_org.ssgproject.content_profile_cis_workstation_l1" - "xccdf_org.ssgproject.content_profile_cis_workstation_l2" - "xccdf_org.ssgproject.content_profile_e8" - "xccdf_org.ssgproject.content_profile_hipaa" - "xccdf_org.ssgproject.content_profile_ism_o" - "xccdf_org.ssgproject.content_profile_ospp" - "xccdf_org.ssgproject.content_profile_pci-dss" - "xccdf_org.ssgproject.content_profile_stig" - "xccdf_org.ssgproject.content_profile_stig_gui" bootstrap_containers: x86_64: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest" aarch64: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest" ppc64le: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest" s390x: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest" - <<: *rhel10 name: "almalinux-{{.MajorVersion}}.{{.MinorVersion}}" match: 'almalinux-10\.[0-9]{1,2}' product: "AlmaLinux" vendor: "almalinux" ostree_ref_tmpl: "almalinux/10/%%s/edge" iso_label_tmpl: "AlmaLinux-{{.Distro.MajorVersion}}-{{.Distro.MinorVersion}}-{{.Arch}}-dvd" - ¢os10 <<: *rhel10 name: centos-10 distro_like: rhel-10 product: "CentOS Stream" os_version: "10-stream" release_version: 10 module_platform_id: "platform:el10" vendor: "centos" ostree_ref_tmpl: "rhel/10/%s/edge" default_fs_type: "xfs" defs_path: rhel-10 iso_label_tmpl: "CentOS-Stream-{{.Distro.MajorVersion}}-BaseOS-{{.Arch}}" runner: name: org.osbuild.centos10 build_packages: *rhel10_runner_build_packages oscap_profiles_allowlist: *oscap_profile_allowlist_rhel_10 bootstrap_containers: # we need the toolbox container because stock centos has e.g. no # mount util x86_64: "quay.io/toolbx-images/centos-toolbox:stream{{.MajorVersion}}" aarch64: "quay.io/toolbx-images/centos-toolbox:stream{{.MajorVersion}}" - <<: *centos10 name: "almalinux_kitten-10" product: "AlmaLinux Kitten" os_version: "10-kitten" release_version: 10 module_platform_id: "platform:el10" vendor: "almalinux" ostree_ref_tmpl: "almalinux/10/%s/edge" - &rhel9 name: "rhel-{{.MajorVersion}}.{{.MinorVersion}}" # rhel9 support being named "rhel-91" for "rhel-9.1" or "rhel-910" for "rhel-9.10" etc match: '(?Prhel)-(?P9)\.?(?P[0-9]{1,2})' distro_like: rhel-9 product: "Red Hat Enterprise Linux" os_version: "9.{{.MinorVersion}}" release_version: 9 module_platform_id: "platform:el9" vendor: "redhat" ostree_ref_tmpl: "rhel/9/%s/edge" default_fs_type: "xfs" defs_path: rhel-9 iso_label_tmpl: "RHEL-{{.Distro.MajorVersion}}-{{.Distro.MinorVersion}}-0-BaseOS-{{.Arch}}" conditions: "some image types are rhel-only": when: not_distro_name: "rhel" ignore_image_types: - azure-cvm - azure-rhui - azure-sap-rhui - azure-sapapps-rhui - ec2 - ec2-sap - ec2-ha "some image types are non-rhel-only": when: distro_name: "rhel" ignore_image_types: - azure "CVM is only available starting from 9.6": when: version_less_than: "9.6" ignore_image_types: - "azure-cvm" runner: name: "org.osbuild.rhel{{.MajorVersion}}{{.MinorVersion}}" build_packages: &rhel9_runner_build_packages - "glibc" # ldconfig - "systemd" # systemd-tmpfiles and systemd-sysusers - "platform-python" # osbuild - "python3" # rhel9 allow all oscap_profiles_allowlist: &oscap_profile_allowlist_rhel_9 - "xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced" - "xccdf_org.ssgproject.content_profile_anssi_bp28_high" - "xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary" - "xccdf_org.ssgproject.content_profile_anssi_bp28_minimal" - "xccdf_org.ssgproject.content_profile_ccn_advanced" - "xccdf_org.ssgproject.content_profile_ccn_basic" - "xccdf_org.ssgproject.content_profile_ccn_intermediate" - "xccdf_org.ssgproject.content_profile_cis" - "xccdf_org.ssgproject.content_profile_cis_server_l1" - "xccdf_org.ssgproject.content_profile_cis_workstation_l1" - "xccdf_org.ssgproject.content_profile_cis_workstation_l2" - "xccdf_org.ssgproject.content_profile_cui" - "xccdf_org.ssgproject.content_profile_e8" - "xccdf_org.ssgproject.content_profile_hipaa" - "xccdf_org.ssgproject.content_profile_ism_o" - "xccdf_org.ssgproject.content_profile_ospp" - "xccdf_org.ssgproject.content_profile_pci-dss" - "xccdf_org.ssgproject.content_profile_stig" - "xccdf_org.ssgproject.content_profile_stig_gui" bootstrap_containers: x86_64: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest" aarch64: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest" ppc64le: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest" s390x: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest" - ¢os9 <<: *rhel9 name: centos-9 distro_like: rhel-9 product: "CentOS Stream" os_version: "9-stream" vendor: "centos" ostree_ref_tmpl: "centos/9/%s/edge" default_fs_type: "xfs" defs_path: rhel-9 iso_label_tmpl: "CentOS-Stream-{{.Distro.MajorVersion}}-BaseOS-{{.Arch}}" runner: name: org.osbuild.centos9 build_packages: *rhel9_runner_build_packages oscap_profiles_allowlist: *oscap_profile_allowlist_rhel_9 bootstrap_containers: # we need the toolbox container because stock centos has e.g. no # mount util x86_64: "quay.io/toolbx-images/centos-toolbox:stream{{.MajorVersion}}" aarch64: "quay.io/toolbx-images/centos-toolbox:stream{{.MajorVersion}}" - &rhel8 name: "rhel-{{.MajorVersion}}.{{.MinorVersion}}" # rhel8 support being named "rhel-81" for "rhel-8.1" or "rhel-810" for "rhel-8.10" etc match: '(?Prhel)-(?P8)\.?(?P[0-9]{1,2})' distro_like: rhel-8 product: "Red Hat Enterprise Linux" os_version: "8.{{.MinorVersion}}" release_version: 8 module_platform_id: "platform:el8" vendor: "redhat" ostree_ref_tmpl: "rhel/8/%s/edge" default_fs_type: "xfs" defs_path: rhel-8 iso_label_tmpl: "RHEL-{{.Distro.MajorVersion}}-{{.Distro.MinorVersion}}-0-BaseOS-{{.Arch}}" conditions: "edge image types require FDO which aren't available on older versions": when: version_less_than: "8.6" ignore_image_types: - "edge-simplified-installer" - "edge-raw-image" "azure eap7 is only available for rhel8.6+": when: version_less_than: "8.6" ignore_image_types: - "azure-eap7-rhui" "Azure image types require hyperv-daemons which isn't available on older versions": when: version_less_than: "8.6" arch: "aarch64" ignore_image_types: - "azure-rhui" - "vhd" runner: name: "org.osbuild.rhel{{.MajorVersion}}{{.MinorVersion}}" build_packages: &rhel8_runner_build_packages - "glibc" # ldconfig - "systemd" # systemd-tmpfiles and systemd-sysusers - "platform-python" # osbuild # The RHEL 8 runner in osbuild runs with platform-python but # explicitly symlinks python 3.6 to /etc/alternatives (which in turn # is the target for /usr/bin/python3) for the stages. # https://github.com/osbuild/osbuild/blob/ea8261cad6c5c606c00c0f2824c3f483c01a0cc9/runners/org.osbuild.rhel82#L61 # Install python36 explicitly for RHEL 8. - "python36" oscap_profiles_allowlist: &oscap_profile_allowlist_rhel_8 - "xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced" - "xccdf_org.ssgproject.content_profile_anssi_bp28_high" - "xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary" - "xccdf_org.ssgproject.content_profile_anssi_bp28_minimal" - "xccdf_org.ssgproject.content_profile_cis" - "xccdf_org.ssgproject.content_profile_cis_server_l1" - "xccdf_org.ssgproject.content_profile_cis_workstation_l1" - "xccdf_org.ssgproject.content_profile_cis_workstation_l2" - "xccdf_org.ssgproject.content_profile_cui" - "xccdf_org.ssgproject.content_profile_e8" - "xccdf_org.ssgproject.content_profile_hipaa" - "xccdf_org.ssgproject.content_profile_ism_o" - "xccdf_org.ssgproject.content_profile_ospp" - "xccdf_org.ssgproject.content_profile_pci-dss" - "xccdf_org.ssgproject.content_profile_stig" - "xccdf_org.ssgproject.content_profile_stig_gui" bootstrap_containers: x86_64: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest" aarch64: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest" ppc64le: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest" s390x: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest" - ¢os8 <<: *rhel8 name: centos-8 distro_like: rhel-8 product: "CentOS Stream" os_version: "8-stream" vendor: "centos" default_fs_type: "xfs" iso_label_tmpl: "CentOS-Stream-{{.Distro.MajorVersion}}-BaseOS-{{.Arch}}" runner: name: org.osbuild.centos8 build_packages: *rhel8_runner_build_packages oscap_profiles_allowlist: *oscap_profile_allowlist_rhel_8 bootstrap_containers: # we need the toolbox container because stock centos has e.g. no # mount util x86_64: "quay.io/toolbx-images/centos-toolbox:stream{{.MajorVersion}}" aarch64: "quay.io/toolbx-images/centos-toolbox:stream{{.MajorVersion}}" - &rhel7 name: "rhel-{{.MajorVersion}}.{{.MinorVersion}}" match: 'rhel-7\.[0-9]' distro_like: rhel-7 product: "Red Hat Enterprise Linux" codename: "Maipo" os_version: "7.{{.MinorVersion}}" release_version: 7 module_platform_id: "platform:el7" vendor: "redhat" ostree_ref_tmpl: "rhel/7/%s/edge" default_fs_type: "xfs" defs_path: rhel-7 runner: name: "org.osbuild.rhel{{.MajorVersion}}{{.MinorVersion}}" build_packages: &rhel_runner_build_packages - "glibc" # ldconfig # The RHEL 8 runner in osbuild runs with platform-python but # explicitly symlinks python 3.6 to /etc/alternatives (which in turn # is the target for /usr/bin/python3) for the stages. # https://github.com/osbuild/osbuild/blob/ea8261cad6c5c606c00c0f2824c3f483c01a0cc9/runners/org.osbuild.rhel82#L61 # Install python36 explicitly for RHEL 8. - "python36" bootstrap_containers: x86_64: "registry.access.redhat.com/ubi{{.MajorVersion}}/ub i:latest" ppc64le: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest" s390x: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest"