particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
debian-forge-composer/vendor/github.com/osbuild/images/data/distrodefs/distros.yaml
Sanne Raymaekers d578c87ee0 go.mod: bump images to v0.178.0 
Changes with 0.178.0
----------------
  - Update osbuild dependency commit ID to latest (osbuild/images#1763)
    - Author: SchutzBot, Reviewers: Achilleas Koutsou, Simon de Vlieger
  - many: drop `ISORootKickstart` (osbuild/images#1769)
    - Author: Simon de Vlieger, Reviewers: Brian C. Lane, Tomáš Hozza
  - many: drop the workload.Workload type entirely (osbuild/images#1770)
    - Author: Michael Vogt, Reviewers: Simon de Vlieger, Tomáš Hozza
  - platform: drop hardcoded platforms and rename PlatformConf (osbuild/images#1739)
    - Author: Michael Vogt, Reviewers: Brian C. Lane, Simon de Vlieger
  - rhel: fix openscap profile allowlists (HMS-9095) (osbuild/images#1778)
    - Author: Sanne Raymaekers, Reviewers: Michael Vogt, Simon de Vlieger

— Somewhere on the Internet, 2025-08-21
2025-08-21 17:40:55 +02:00

373 lines
15 KiB
YAML
Raw Blame History

---
distros:
- &fedora_rawhide
name: fedora-43
distro_like: fedora
preview: true
os_version: 43
release_version: 43
module_platform_id: platform:f43
product: "Fedora"
ostree_ref_tmpl: "fedora/43/%s/iot"
iso_label_tmpl: "{{.Product}}-{{.Distro.MajorVersion}}-{{.ISOLabel}}-{{.Arch}}"
default_fs_type: "ext4"
defs_path: fedora
runner: &fedora_runner
name: org.osbuild.fedora43
build_packages:
- "glibc" # ldconfig
- "systemd" # systemd-tmpfiles and systemd-sysusers
- "python3" # osbuild
oscap_profiles_allowlist:
- "xccdf_org.ssgproject.content_profile_ospp"
- "xccdf_org.ssgproject.content_profile_pci-dss"
- "xccdf_org.ssgproject.content_profile_standard"
bootstrap_containers:
x86_64: "registry.fedoraproject.org/fedora-toolbox:43"
aarch64: "registry.fedoraproject.org/fedora-toolbox:43"
ppc64le: "registry.fedoraproject.org/fedora-toolbox:43"
s390x: "registry.fedoraproject.org/fedora-toolbox:43"
# XXX: remove once fedora containers are part of the upstream
# fedora registry (and can be validated via tls)
riscv64: "ghcr.io/mvo5/fedora-buildroot:43"
# XXX: add repos here too, that requires some churn, see
# https://github.com/osbuild/images/compare/main...mvo5:yaml-distroconfig?expand=1
# and we will also need to think about backward compat, as currently
# dropping "$distro-$ver.json" files into
# /etc/osbuild-composer/repositories will define what distros are
# available via images and we will need to provide compatibility for
# that.
#
# Having the repos separated means when a new fedora release is out
# we will need to update two places which is clearly a regression from
# before.
- &fedora_stable
<<: *fedora_rawhide
name: "fedora-{{.MajorVersion}}"
match: 'fedora-[1-9][0-9]+'
preview: false
os_version: "{{.MajorVersion}}"
release_version: "{{.MajorVersion}}"
module_platform_id: "platform:f{{.MajorVersion}}"
ostree_ref_tmpl: "fedora/{{.MajorVersion}}/%s/iot"
runner:
<<: *fedora_runner
name: "org.osbuild.fedora{{.MajorVersion}}"
bootstrap_containers:
x86_64: "registry.fedoraproject.org/fedora-toolbox:{{.MajorVersion}}"
aarch64: "registry.fedoraproject.org/fedora-toolbox:{{.MajorVersion}}"
ppc64le: "registry.fedoraproject.org/fedora-toolbox:{{.MajorVersion}}"
s390x: "registry.fedoraproject.org/fedora-toolbox:{{.MajorVersion}}"
# XXX: remove once fedora containers are part of the upstream
# fedora registry (and can be validated via tls)
riscv64: "ghcr.io/mvo5/fedora-buildroot:{{.MajorVersion}}"
- &rhel10
name: "rhel-{{.MajorVersion}}.{{.MinorVersion}}"
match: 'rhel-10\.[0-9]{1,2}'
distro_like: rhel-10
product: "Red Hat Enterprise Linux"
os_version: "10.{{.MinorVersion}}"
release_version: 10
module_platform_id: "platform:el10"
vendor: "redhat"
ostree_ref_tmpl: "rhel/10/%s/edge"
default_fs_type: "xfs"
defs_path: rhel-10
iso_label_tmpl: "RHEL-{{.Distro.MajorVersion}}-{{.Distro.MinorVersion}}-0-BaseOS-{{.Arch}}"
runner:
name: "org.osbuild.rhel{{.MajorVersion}}{{.MinorVersion}}"
build_packages: &rhel10_runner_build_packages
- "glibc" # ldconfig
- "platform-python" # osbuild
- "systemd" # systemd-tmpfiles and systemd-sysusers
- "python3" # osbuild stages
conditions:
"some image types are rhel-only":
when:
not_distro_name: "rhel"
ignore_image_types:
- azure-cvm
- azure-rhui
- azure-sap-rhui
- azure-sapapps-rhui
- ec2
- ec2-sap
- ec2-ha
"some image types are non-rhel-only":
when:
distro_name: "rhel"
ignore_image_types:
- azure
# rhel & centos share the same list of allowed profiles so a
# single allow list can be used
oscap_profiles_allowlist: &oscap_profile_allowlist_rhel_10
- "xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced"
- "xccdf_org.ssgproject.content_profile_anssi_bp28_high"
- "xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary"
- "xccdf_org.ssgproject.content_profile_anssi_bp28_minimal"
- "xccdf_org.ssgproject.content_profile_cis"
- "xccdf_org.ssgproject.content_profile_cis_server_l1"
- "xccdf_org.ssgproject.content_profile_cis_workstation_l1"
- "xccdf_org.ssgproject.content_profile_cis_workstation_l2"
- "xccdf_org.ssgproject.content_profile_e8"
- "xccdf_org.ssgproject.content_profile_hipaa"
- "xccdf_org.ssgproject.content_profile_ism_o"
- "xccdf_org.ssgproject.content_profile_ospp"
- "xccdf_org.ssgproject.content_profile_pci-dss"
- "xccdf_org.ssgproject.content_profile_stig"
- "xccdf_org.ssgproject.content_profile_stig_gui"
bootstrap_containers:
x86_64: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest"
aarch64: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest"
ppc64le: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest"
s390x: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest"
- <<: *rhel10
name: "almalinux-{{.MajorVersion}}.{{.MinorVersion}}"
match: 'almalinux-10\.[0-9]{1,2}'
product: "AlmaLinux"
vendor: "almalinux"
ostree_ref_tmpl: "almalinux/10/%%s/edge"
iso_label_tmpl: "AlmaLinux-{{.Distro.MajorVersion}}-{{.Distro.MinorVersion}}-{{.Arch}}-dvd"
- &centos10
<<: *rhel10
name: centos-10
distro_like: rhel-10
product: "CentOS Stream"
os_version: "10-stream"
release_version: 10
module_platform_id: "platform:el10"
vendor: "centos"
ostree_ref_tmpl: "rhel/10/%s/edge"
default_fs_type: "xfs"
defs_path: rhel-10
iso_label_tmpl: "CentOS-Stream-{{.Distro.MajorVersion}}-BaseOS-{{.Arch}}"
runner:
name: org.osbuild.centos10
build_packages: *rhel10_runner_build_packages
oscap_profiles_allowlist: *oscap_profile_allowlist_rhel_10
bootstrap_containers:
# we need the toolbox container because stock centos has e.g. no
# mount util
x86_64: "quay.io/toolbx-images/centos-toolbox:stream{{.MajorVersion}}"
aarch64: "quay.io/toolbx-images/centos-toolbox:stream{{.MajorVersion}}"
- <<: *centos10
name: "almalinux_kitten-10"
product: "AlmaLinux Kitten"
os_version: "10-kitten"
release_version: 10
module_platform_id: "platform:el10"
vendor: "almalinux"
ostree_ref_tmpl: "almalinux/10/%s/edge"
- &rhel9
name: "rhel-{{.MajorVersion}}.{{.MinorVersion}}"
# rhel9 support being named "rhel-91" for "rhel-9.1" or "rhel-910" for "rhel-9.10" etc
match: '(?P<name>rhel)-(?P<major>9)\.?(?P<minor>[0-9]{1,2})'
distro_like: rhel-9
product: "Red Hat Enterprise Linux"
os_version: "9.{{.MinorVersion}}"
release_version: 9
module_platform_id: "platform:el9"
vendor: "redhat"
ostree_ref_tmpl: "rhel/9/%s/edge"
default_fs_type: "xfs"
defs_path: rhel-9
iso_label_tmpl: "RHEL-{{.Distro.MajorVersion}}-{{.Distro.MinorVersion}}-0-BaseOS-{{.Arch}}"
conditions:
"some image types are rhel-only":
when:
not_distro_name: "rhel"
ignore_image_types:
- azure-cvm
- azure-rhui
- azure-sap-rhui
- azure-sapapps-rhui
- ec2
- ec2-sap
- ec2-ha
"some image types are non-rhel-only":
when:
distro_name: "rhel"
ignore_image_types:
- azure
"CVM is only available starting from 9.6":
when:
version_less_than: "9.6"
ignore_image_types:
- "azure-cvm"
runner:
name: "org.osbuild.rhel{{.MajorVersion}}{{.MinorVersion}}"
build_packages: &rhel9_runner_build_packages
- "glibc" # ldconfig
- "systemd" # systemd-tmpfiles and systemd-sysusers
- "platform-python" # osbuild
- "python3"
# rhel9 allow all
oscap_profiles_allowlist: &oscap_profile_allowlist_rhel_9
- "xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced"
- "xccdf_org.ssgproject.content_profile_anssi_bp28_high"
- "xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary"
- "xccdf_org.ssgproject.content_profile_anssi_bp28_minimal"
- "xccdf_org.ssgproject.content_profile_ccn_advanced"
- "xccdf_org.ssgproject.content_profile_ccn_basic"
- "xccdf_org.ssgproject.content_profile_ccn_intermediate"
- "xccdf_org.ssgproject.content_profile_cis"
- "xccdf_org.ssgproject.content_profile_cis_server_l1"
- "xccdf_org.ssgproject.content_profile_cis_workstation_l1"
- "xccdf_org.ssgproject.content_profile_cis_workstation_l2"
- "xccdf_org.ssgproject.content_profile_cui"
- "xccdf_org.ssgproject.content_profile_e8"
- "xccdf_org.ssgproject.content_profile_hipaa"
- "xccdf_org.ssgproject.content_profile_ism_o"
- "xccdf_org.ssgproject.content_profile_ospp"
- "xccdf_org.ssgproject.content_profile_pci-dss"
- "xccdf_org.ssgproject.content_profile_stig"
- "xccdf_org.ssgproject.content_profile_stig_gui"
bootstrap_containers:
x86_64: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest"
aarch64: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest"
ppc64le: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest"
s390x: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest"
- &centos9
<<: *rhel9
name: centos-9
distro_like: rhel-9
product: "CentOS Stream"
os_version: "9-stream"
vendor: "centos"
ostree_ref_tmpl: "centos/9/%s/edge"
default_fs_type: "xfs"
defs_path: rhel-9
iso_label_tmpl: "CentOS-Stream-{{.Distro.MajorVersion}}-BaseOS-{{.Arch}}"
runner:
name: org.osbuild.centos9
build_packages: *rhel9_runner_build_packages
oscap_profiles_allowlist: *oscap_profile_allowlist_rhel_9
bootstrap_containers:
# we need the toolbox container because stock centos has e.g. no
# mount util
x86_64: "quay.io/toolbx-images/centos-toolbox:stream{{.MajorVersion}}"
aarch64: "quay.io/toolbx-images/centos-toolbox:stream{{.MajorVersion}}"
- &rhel8
name: "rhel-{{.MajorVersion}}.{{.MinorVersion}}"
# rhel8 support being named "rhel-81" for "rhel-8.1" or "rhel-810" for "rhel-8.10" etc
match: '(?P<name>rhel)-(?P<major>8)\.?(?P<minor>[0-9]{1,2})'
distro_like: rhel-8
product: "Red Hat Enterprise Linux"
os_version: "8.{{.MinorVersion}}"
release_version: 8
module_platform_id: "platform:el8"
vendor: "redhat"
ostree_ref_tmpl: "rhel/8/%s/edge"
default_fs_type: "xfs"
defs_path: rhel-8
iso_label_tmpl: "RHEL-{{.Distro.MajorVersion}}-{{.Distro.MinorVersion}}-0-BaseOS-{{.Arch}}"
conditions:
"edge image types require FDO which aren't available on older versions":
when:
version_less_than: "8.6"
ignore_image_types:
- "edge-simplified-installer"
- "edge-raw-image"
"azure eap7 is only available for rhel8.6+":
when:
version_less_than: "8.6"
ignore_image_types:
- "azure-eap7-rhui"
"Azure image types require hyperv-daemons which isn't available on older versions":
when:
version_less_than: "8.6"
arch: "aarch64"
ignore_image_types:
- "azure-rhui"
- "vhd"
runner:
name: "org.osbuild.rhel{{.MajorVersion}}{{.MinorVersion}}"
build_packages: &rhel8_runner_build_packages
- "glibc" # ldconfig
- "systemd" # systemd-tmpfiles and systemd-sysusers
- "platform-python" # osbuild
# The RHEL 8 runner in osbuild runs with platform-python but
# explicitly symlinks python 3.6 to /etc/alternatives (which in turn
# is the target for /usr/bin/python3) for the stages.
# https://github.com/osbuild/osbuild/blob/ea8261cad6c5c606c00c0f2824c3f483c01a0cc9/runners/org.osbuild.rhel82#L61
# Install python36 explicitly for RHEL 8.
- "python36"
oscap_profiles_allowlist: &oscap_profile_allowlist_rhel_8
- "xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced"
- "xccdf_org.ssgproject.content_profile_anssi_bp28_high"
- "xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary"
- "xccdf_org.ssgproject.content_profile_anssi_bp28_minimal"
- "xccdf_org.ssgproject.content_profile_cis"
- "xccdf_org.ssgproject.content_profile_cis_server_l1"
- "xccdf_org.ssgproject.content_profile_cis_workstation_l1"
- "xccdf_org.ssgproject.content_profile_cis_workstation_l2"
- "xccdf_org.ssgproject.content_profile_cui"
- "xccdf_org.ssgproject.content_profile_e8"
- "xccdf_org.ssgproject.content_profile_hipaa"
- "xccdf_org.ssgproject.content_profile_ism_o"
- "xccdf_org.ssgproject.content_profile_ospp"
- "xccdf_org.ssgproject.content_profile_pci-dss"
- "xccdf_org.ssgproject.content_profile_stig"
- "xccdf_org.ssgproject.content_profile_stig_gui"
bootstrap_containers:
x86_64: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest"
aarch64: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest"
ppc64le: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest"
s390x: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest"
- &centos8
<<: *rhel8
name: centos-8
distro_like: rhel-8
product: "CentOS Stream"
os_version: "8-stream"
vendor: "centos"
default_fs_type: "xfs"
iso_label_tmpl: "CentOS-Stream-{{.Distro.MajorVersion}}-BaseOS-{{.Arch}}"
runner:
name: org.osbuild.centos8
build_packages: *rhel8_runner_build_packages
oscap_profiles_allowlist: *oscap_profile_allowlist_rhel_8
bootstrap_containers:
# we need the toolbox container because stock centos has e.g. no
# mount util
x86_64: "quay.io/toolbx-images/centos-toolbox:stream{{.MajorVersion}}"
aarch64: "quay.io/toolbx-images/centos-toolbox:stream{{.MajorVersion}}"
- &rhel7
name: "rhel-{{.MajorVersion}}.{{.MinorVersion}}"
match: 'rhel-7\.[0-9]'
distro_like: rhel-7
product: "Red Hat Enterprise Linux"
codename: "Maipo"
os_version: "7.{{.MinorVersion}}"
release_version: 7
module_platform_id: "platform:el7"
vendor: "redhat"
ostree_ref_tmpl: "rhel/7/%s/edge"
default_fs_type: "xfs"
defs_path: rhel-7
runner:
name: "org.osbuild.rhel{{.MajorVersion}}{{.MinorVersion}}"
build_packages: &rhel_runner_build_packages
- "glibc" # ldconfig
# The RHEL 8 runner in osbuild runs with platform-python but
# explicitly symlinks python 3.6 to /etc/alternatives (which in turn
# is the target for /usr/bin/python3) for the stages.
# https://github.com/osbuild/osbuild/blob/ea8261cad6c5c606c00c0f2824c3f483c01a0cc9/runners/org.osbuild.rhel82#L61
# Install python36 explicitly for RHEL 8.
- "python36"
bootstrap_containers:
x86_64: "registry.access.redhat.com/ubi{{.MajorVersion}}/ub i:latest"
ppc64le: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest"
s390x: "registry.access.redhat.com/ubi{{.MajorVersion}}/ubi:latest"
Reference in a new issue View git blame Copy permalink