Move all the global code into a `main` function and call that. This
fixes a lot of pylint warnings where variable names were re-used
from the main, and thus global, context.
Create a DepSolver class that carries the global state such as dirs
and subscription information, as well as local state, like the
repositories and basedir. The latter can be reset so the class can
easily be re-used for all dep-solve sections.
This avoids having any global state.
Sort the checksum: urls dictionary via the url, so that no matter
where the urls came from (import or any dep-solve section), the
checksum: url dict is the same for the same set of urls.
Add support for additional paths that are searched when trying to
load a manifest. Currently only the path of the manifest that has
the include is searched. With this changed additional directories
will be included after that, in the order they were given ton the
command line.
Both v1 and v2 code paths used the same logic to add the resolved
dependencies to the `source_urls` dict, which is already stored
in the base class. Move the logic into the base class too.
Rewrite image pre-processor to single tool so that it is easier to use.
Now also supports `ignore-weak-deps` when dep-solving and supports
relative paths for local files.
Also create a symlink to the osbuild package, so that the tools can be
run from the source checkout and have access to the osbuild package.
In the function `treeid_from_manifest`, use dynamic format detection
instead of hard-coding the use of the version 1 format. Additionally,
directly access the `tree` pipeline and its `id` instead of going
via the `get_ids` helper function, which is only present in v1.py.
Add a new `org.osbuild.authselect` stage for configuring system identity
and authentication sources using `authselect`. The stage runs
`authselect select` command from the image in a chroot to set the
desired 'profile_id' profile. Optionally, a list of specific profile
features to enable can be passed using the 'features' option.
Add a test case for the new stage.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Add a new option 'x11-keymap' for configuring the X11 keyboard settings.
The value of the option is a dictionary with keys representing settings
which can be configured. Currently, only the 'layouts' setting can be
configured. Its value is a list of strings, representing the specific
layouts, which should be configured for the X11 keyboard.
Update the stage test case with the new option 'x11-keymap'.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Checks if one path is a child of a second one. Useful for checking if
paths defined in a manifest exist inside the tree.
Optionally checks if the target path exists.
This will prevent any modification of anything in `/sys`. It will
also prevent `udevadm tigger` to run, which needs /sys writeable.
This is a desired effect, since uevents are not delivered to the
contained environment, so `udevadm trigger` might hang.
The `org.osbuild.chrony` stage currently supports only a single option
'timeservers' which does not allow specifying additional options for the
configured timeservers. The option can not be easily extended to allow
specifying additional options and at the same time keep the backward
compatibility with old manifests.
The need for a lower-level stage option allowing to configure additional
options of the 'server' directive is required by RHEL AMI images, which
use 'maxpoll', 'minpoll' and 'prefered' options.
Extend the `org.osbuild.chrony` stage with two additional options. The
'servers' option accepts a list of dictionaries specifying timeservers
to be configured using the 'server' directive, including a subset of the
directive options. The 'servers' option can not be used at the same time
in the stage options as the 'timeservers' option.
The second added option is 'leapsectz' corresponding with a directive of
the same name. The value of the option is a string. If the provided
string is empty, then all occurrences of the 'leapsectz' directive are
removed from the `chrony.conf`. Otherwise, the 'leapsectz' directive is
added to the `chrony.conf` with the provided value, while all original
occurrences of the option are removed.
Add a new stage test case under `test/data/stages/chrony-servers` to
test the new variant of the stage options. The reason is that the
'timeservers' option conflicts with 'servers' option, which makes it
impossible to test both of them in the same test case.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Add new `org.osbuild.cloud-init` stage, which currently allows to create
configuration files for cloud-init under `/etc/cloud/cloud.cfg.d`. The
stage supports only a very limited subset of cloud-init configuration
options, which is covering needs of RHEL AMI images.
The schema mandates that if the 'configuration_files' option is
specified, then at least one configuration file must be defined. In
addition each section of the configuration must contain at least one
property (section or configuration option).
Add `python3-pyyaml` package to the `F34-build` testing manifest,
because it is required for running and testing the new stage.
Regenerate all affected manifests.
Add test for the new stage.
Update the `osbuild-ci` container image used for testing to a new tag,
which includes python3-pyyaml, the dependency of the new stage.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Add new `org.osbuild.dracut.conf` stage. The option
'configuration_files' allows to create dracut configuration files under
`/usr/lib/dracut/dracut.conf.d` and thus make the
configuration persistent. The stage supports only a subset of all
configuration options allowed in dracut configuration. The intention is
to provide almost functional parity with the options supported by
`org.osbuild.dracut` stage.
The schema mandates that at least one configuration file must be defined
in the stage options. In addition, each configuration file must contain
at least one configuration option.
Add test for the new stage.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
In the object store, temporary bind mounts are used when accessing the
content, i.e. the individual trees. Their unmount is currently done
with the `--lazy` flag. The use of this flag goes way back to commit
da121beda1, which sadly does not mention
why the flag was introduced. Since the tree and files in the tree will
be used by consequent stages it seems reasonable to do the un-mounting
eagerly and thus this reverts back to that behavior.
The logic to sort urls was added globally in `mpp-import-pipeline`
but only the in the v1 code path was the `state.manifest_urls`
variable set and thus for v2 the actual sorting did not happen.
Fix this and set the `manifest_urls` to the `org.osbuild.curl`
items, which makes sense because we only know how to sort those.
For `setfiles` in the `org.osbuild.selinux` to work properly it
needs itself have the correct labels. This is true for setfiles
on the host, but also needs to be true for the `setfiles` that
is located in the build root. Therefore we need to label the
build root via `org.osbuild.selinux`. Additionally re-label
the `cp` and `tar` binary to have the `install_exec_t` which is
needed to read and write unknown labels (to the host). Since
`cp` and `tar` are used to read (and write) files inside stages
and assemblers they need to have the special label.
The commit that added the ostree tarball to manifest version 2
went in after the PR to sort the urls and thus the source urls
for that manifest were not sorted. This of course no breaks ci
which makes sure that the test data up to date. I blame the
ci model used by github but I am also sorry.
In the ostree assembler, `var`, `usr` and `boot` are copied from
the built tree to a newly initialized and ostree-conforming root
filesystem. The way in which `cp` was called resulted in the
source being created inside the target, if the latter existed.
This was the case for `var` resulting in `var/var`.
Use `cp ${source}/. {target}` to fix that.
Reported-by: Luca Bruno <luca.bruno@coreos.com>
Convert the test to use `pytest` and split out the individual
tests. The temp-directory fixture has the session scope so
that checkpoints can be shared between the individual tests.