Add a new stage to generate an OpenSCAP tailoring file. The stage
overrides a base OpenSCAP profile by enabling and disabling user
selected rules and creates a new profile name which can be used for
OpenSCAP scanning and remediation.
This will hopefully help debug problems when the signature check fails.
You need to manually take the hash and look it up in the manifest
sources list to figure out what package failed since this stage doesn't
have access to sources.
Anaconda has deprecated the `kickstart_modules` directive and instead
now has `activatable_`, `forbidden_`, and `optional_modules`. This is
available starting in Fedora 35.
This change allows frontend code (`osbuild-composer`) to put version
checks in place to write the correct keys.
This is a straightforward port of the UKI from Fedora to CentOS Stream.
Changes:
- Packages that does not exist in CS9 were removed:
- shim-ia32
- grub2-efi-ia32-cdboot
- btrfs-progs
- Squashfs compression was changed from lz4 to gzip, because lz4 for squashfs
isn't enabled in RHEL 9 kernel
Fedora and RHEL 9 kernels support it and since it's an interesting alternative
to other compression methods, we should support it in osbuild.
I also took the liberty of sorting the compression methods alphabetically.
Prior this commit, the arguments for the input service were passed inline.
However, jsoncomm uses the SOCK_SEQPACKET socket type underneath that has
a fixed maximum packet size. On my system, it's 212960 bytes. Unfortunately,
that's not enough for big inputs (e.g. when building packages with a lot
of rpms).
This commit moves all arguments to a temporary file. Then, just a file
descriptor is sent. Thus, we are now able to send arbitrarily sized args
for inputs, making osbuild work even for large image builds.
Refactor unit test implementation for `parted`, `sfdisk` and `sgdisk`
stages by extracting the common parts into a helper function. Each stage
now implements only its own function for filtering `sfdisk --json`
output and calls the common helper function.
In addition, flip the oder when comparing the expected and actual output
from `sfdisk --json`, to make it more easier to comprehend.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The `sfdisk` tool on RHEL-8 does not include the `sectorsize` in its
output when we are testing the `sgdisk` stage. As a result, the test
case fails, because the expected and actual output differs. Modify the
test to delete the `sectorsize` key from the expected output if it is
not present in the actual output.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The `sfdisk` tool on RHEL-8 does not include the `sectorsize` in its
output when we are testing the `parted` stage. As a result, the test
case fails, because the expected and actual output differs. Modify the
test to delete the `sectorsize` key from the expected output if it is
not present in the actual output.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
We have been observing a race condition in our CI when installing
packages at the beginning of the SUT setup. This happens only on RHEL
and it is caused by the `rhc` tool, which executes some Ansible
playbooks on system startup, which install packages using dnf. This
interferes with dnf commands ran by the `mockbuild.sh` script, which
results in a job failure.
Since there seems to be no way to determine if `rhc` finished "its
thing", let's retry dnf install of packages up to 5 times with
exponential backoff in between retries.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Use %forgeautosetup macro to prepare sources in the %prep phase to
auto-apply any potential downstream patches just by listing them in the
spec file using `PatchX`. Otherwise, the macro needs to be modified each
time a downstream patch needs to be applied in downstream.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The partition name in the sgdisk stage was previously quoted when
passed to sgdisk as an argument. I think that this was done because
the sgdisk man page states that:
```
If you want to set a name that includes a space, enclose it in
quotation marks, as in sgdisk -c 1:"Sample Name" /dev/sdb.
```
However, this should apply only when sgdisk is run in a shell, so that
the argument is not split by shell into multiple arguments and passes
as a single string.
The stage is executing sgdisk using Python `subprocess` module, which
does not need strings with spaces to be quoted, because they are passed
to the command as separate items which are not split in any way.
The previous behavior of the stage was that these quotes became part of
the actual partition name in the partition table.
After a discussion within the team, we determined that this is a bug.
However, fixing it would result in osbuild producing a different
artifact for the same manifest, compared to osbuild version without such
fix. This is undesired.
For backward compatibility, a new `quote_partition_name` property is
added to the stage options, which can be used to make the stage not
quote the partition name when passed to `sgdisk`. As a result, the
partition name won't be quoted in the partition table.
The default stage behavior us kept.
Modify unit tests to use this option by default.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
util-linux 2.38.1, at least, does not accept raw bit indexes for the
reserved bits (Bit0-2). The undefined ones are out of reach as well and
will have sfdisk throw an error. Only the GUID specific ones can be
passed as raw indexes. This can be verified with the --part-attrs
option. It replicates the format of the --dump output:
$ dd if=/dev/zero of=disk.img bs=$((4<<10)) count=$((32<<10)
$ sgdisk disk.img -n 0:0:+64M -t 0:0FC63DAF-8483-4772-8E79-3D69D8477DE4 -c 0:root
$ sgdisk disk.img -A1:set:{0,1,2,3,48}
$ sfdisk --dump disk.img
label: gpt
label-id: 7484F730-3429-47BF-8A72-3A7AE1F2D86C
device: disk.img
unit: sectors
first-lba: 34
last-lba: 262110
sector-size: 512
disk.img1 : start= 2048, size= 131072, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, uuid=404694AC-247D-43B3-9907-A468E5C038A3, name="root", attrs="RequiredPartition NoBlockIOProtocol LegacyBIOSBootable GUID:48"
$ sfdisk --part-attrs disk.img 1 0
unsupported GPT attribute bit '0'
sfdisk: disk.img: partition 1: failed to set partition attributes
While the --dump output prefixes the GUID specific bits with "GUID:",
that is not necessary for setting them, which is consistent with the
man-page.
Signed-off-by: Eric Chanudet <echanude@redhat.com>
Add the translation logic to handle the attrs field of sfdisk as
supported by org.osbuild.sfdisk and documented in its schema. With the
schema taking an int array, some translation is required to populate the
sfdisk command appropriately.
Amend the example schema to reflect the change.
Signed-off-by: Eric Chanudet <echanude@redhat.com>
This fixes an issue where Fedora-38 hosts can not build CentOS-Stream-9
images due to an incompatible gpg key with the new default settings for
rpm.
On Fedora-38, rpm has changed to use a new backend for key verification
and by default does not support SHA1 anymore, although the support for
SHA1 can be re-enabled via a config file. The (current) CentOS-Stream-9
keys however still require SHA1 support in order to be importable. So
they are now unusable on Fedora-38 unless SHA1 support is re-enabled.
In OSBuild, the initial chroot does not contain the config files and so
SHA1 support is disabled when rpmkeys from the host is called. It does
not matter if the crypto-policies on the host machine is configured with
the exception to support SHA1 because the chroot filters that out. This
means it may not be possible to assemble CentOS-Stream-9 based images
without disabling the key check.
This patch adds an explicit conditional case for Fedora-38 to inject the
needed configuration file into /etc/crypto-policies/back-ends to enable
SHA1 support for rpm by default. It does this by copying the default
policies from /usr/share/crypto-policies. The result is OSBuild behaving
similar to the previous behaviour seen on Fedora-37 and earlier.
This allows enabling the ext4 "verity" feature (which is currently
default to off). This will be needed in the automotive work we're
doing.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
LOOP_CONFIGURE allows to atomically configure the decive when opening
it. This avoid the possibility of a race condition where between set_fd
and set_status some operations are already accepted by the loopback
device. See https://lwn.net/Articles/820408/
This feature was included in the linux kernel 5.8 however it is safe to
not include any kind of fallback to the previous method as @obudai
points out that:
LOOP_CONFIGURE was backported into RHEL 8 kernel in RHEL 8.4 as a part
of https://bugzilla.redhat.com/show_bug.cgi?id=1881760 (block layer:
update to upstream v5.8).
Since RHEL 8.4 is currently the oldest supported release that we support
running osbuild on, it might be just fine implementing this without the
fallback.
From a centos stream 8 container:
kernel-4.18.0-448.el8.x86_64
- loop: Fix missing discard support when using LOOP_CONFIGURE (Ming Lei) [1997338]
- [block] loop: Set correct device size when using LOOP_CONFIGURE (Ming Lei) [1881760]
- [block] loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (Ming Lei) [1881760]
- [block] loop: Add LOOP_CONFIGURE ioctl (Ming Lei) [1881760]
