The next commit will add a stage test that requires erofs-utils. Let's add it
into the buildroot in a separate commit, so the history is more readable.
This should just defer to rpm-ostree.
xref https://github.com/coreos/rpm-ostree/issues/4530
(If someone cares about reproducibility here, they can specify it;
alternatively and more reliably, they can create builder container
images and pin to those)
rpm-ostree 2023.2 dropped the `rpm-ostree container-encapsulate` entrypoint.
Instead, we have to use `rpm-ostree compose container-encapsulate`.
Adjust the code that it selects the correct entrypoint based on the rpm-ostree
version.
Since the new stage now requires python-yaml, add it to the buildroot and
regenerate all manifests.
This commit changes these manifests to use the new fedora-vars.ipp and
fedora-build-v2.ipp infrastructure to remove all hardcoded Fedora versions.
Note that this is currently limited only to stage tests that already use v2
manifests. v1 manifests will come later.
Notes:
The buildroot needs additional packages: zstd and openscap-utils. Thus,
all manifests had to be regenerated.
GPG keys were added where missing.
The oscap.remediation stage now creates a bunch of files with timestamps in
their names under /var/lib/authselect/backups. Thus, the newly introduced
`added_directories` directive is used to handle them.
I reviewed all changes in `diff.json` files, and they all seem sane given
that we jumped 4 releases forward.
What? I can just edit variables in one files and all(*) manifests get updated
content? That's impressive.
(*) We will be able to do all once we migrate all to the new format. For now,
the usual disclaimer applies:
This change is applied only to manifests based on fedora-build-v2 for now.
