Add the expiredate field to the users option in the org.osbuild.users
stage. This option maps to the --expiredate option of useradd/usermod,
which can be useful when creating users whose password must be changed
upon first login.
This is a follow up to #1550 where we enabled a `rw` permissions mode,
which is not ideal since it would theoretically be possible to set both
`ro` and `rw` modes at the same time. This commit fixes the issue by only
allowing one option at a time.
Fixes#1588
User can now customize the systemd unit load path.
User can select between etc or usr , defaults to 'usr'.
Also user can customize the scope of the service between global
or system, defaults to system.
Signed-off-by: Sayan Paul <paul.sayan@gmail.com>
With the test the helper can now be slightly simplified. Because
we only have two results it seems easier to just use them directly
than to store them in an intermediate result struct.
- Process all necessary operations related to CoreOS
platforms is crucial and specific to CoreOS. This step
is essential for CoreOS exclusively.
- Our approach to handling 'platforms.json' may change as we
advance with the OSBuild work. However, we don't have a clear
vision about how it will be in the future yet, particularly as
we also manage similar components within the osbuild composer
to configure cloud parameters. We probably will know better
when we start working with the cloud artifacts.
As a summary, let's add it know to unblock us, and if we find a
better approach in the future, we can always go back and remove it.
Signed-off-by: Renata Ravanelli <rravanel@redhat.com>
- Add functions for appending kernel parameters to the
Boot Loader Specification (BLS) as needed.
Signed-off-by: Renata Ravanelli <rravanel@redhat.com>
While integrating the changes to grub2 config stage options in the
`osbuild/images` repository, I noticed that the code for grub2.legacy
is embedding the grub2 stage config options struct in its own config
options struct [1]. However, the grub2 stage options contain also the
`default` entry, while the grub2.legacy stage does not allow this option
in its stage options.
This change fixes that and ensures that the grub2 stage options config
section is a subset of the grub2.legacy stage options config section.
[1] d5644f3115/pkg/osbuild/grub2_legacy_stage.go (L85)
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Extend the stage to allow explicitly configuring more grub2 default
config options. Preserve the defaults for options which were previously
hard-coded.
Extend the stage unit test to verify setting of the new grub2 default
config options.
Related to https://issues.redhat.com/browse/RHEL-19583
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Extend the stage to allow explicitly configuring more grub2 default
config options. Preserve the defaults for options which were previously
hard-coded.
Extend the stage unit test to verify setting of the new grub2 default
config options.
Related to https://issues.redhat.com/browse/RHEL-19583
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Small unit test for the new `org.systemd.unit.create` stage. It
will do basic schema validation checks and ensures that a simple
service definition is correctly translated to a systemd unit.
The bootc.install-to-filesystem code needs to run against the
root directory of a mounted tree, i.e. with /boot, /boot/efi
mounted. So change the code so that the target dir is the
the "mounts" paths. This is similar to how bootupd works and
the caller need to arrange the right mount setup there.
Add systemd unit files in osbuild stage
This stage creates systemd unit file in `/usr/lib/systemd/system/`.
The stage accepts filename which must end with `.service`.Section
`Unit` , `Service` , `Install` accepts various parameters as per
the systemd documentaion.`systemd-analyze verify` is be performed
after the .service file is created to check for potential errors.
Signed-off-by: Sayan Paul <paul.sayan@gmail.com>
This commit adds a test that ensures that the output of
podman mount is part of the error message. While writing
the test I also tweaked the code slightly so that we only
try to `podman umount` if we managed to successfully mount.
This commit adds example manifests for a bootc.install-to-filesystem
system. It does not do more with them because running a full test
requires a working podman which is difficult to use inside our
GH runners that are already running inside docker.
This adds a `default: true` option for all cases where OSTree
information is specified in schemas and allows for the information
to be picked up from the filesystem.
This is a safe operation because when building disk images there is
no known case where having two deployments makes sense. In the case
there ever were a case then the osname, ref, and serial options still
exist and can be used.
Co-authored-by: Luke Yang <luyang@redhat.com>
Co-authored-by: Michael Vogt <michael.vogt@gmail.com>
It seems like an artifical limitation to prevent copying from a mount
or from one location in the tree to another. It just so happens we need
this functionality when building CoreOS images because we want to take
a file embedded in the OSTree at a location and copy it to another
location in the tree. The particular example here is we want to copy
/usr/share/coreos-assembler/platforms.json -> /boot/coreos/platforms.json
See https://github.com/coreos/coreos-assembler/pull/3709
Allowing to copy from/to the tree we can now do something like:
```
- type: org.osbuild.copy
options:
paths:
- from: tree:///usr/share/coreos-assembler/platforms.json
to: tree:///boot/coreos/platforms.json
mounts:
- name: ostree.deployment
type: org.osbuild.ostree.deployment
options:
deployment:
ref: ostree/1/1/0
osname:
fedora-coreos
```
In some cases it could useful to add additional kernel options without
modifying BLS config, so any subsequent call to `zipl` would ignore them.
We are going to use this to append `ignition.firstboot` to kernel cmdline
for CoreOS on s390x.
This stage was failing for me in bib, with this change I now
get more useful information from podman's stderr, e.g.:
```
RuntimeError: Failed to mount image (125): time="2024-02-06T14:23:06Z" level=error msg="Unmounting /var/lib/containers/storage/overlay/06456126e7c06cf1b21de024e08e64eddead2b8d03779be213e63aeeea9dec94/merged: invalid argument"
Error: creating overlay mount (...snip...)
fuse: device not found, try 'modprobe fuse' first
fuse-overlayfs: cannot mount: No such file or directory
```
Runs bootupctl generate-update-metadata in the tree to transform
/usr/lib/ostree-boot into a bootupd-compatible update payload.
This stage should be run on the sysroot of an ostree deployment or
ostree-converted tree.
We only support `gpt` here so it would seem this option doesn't
make much sense to add, but it will make it so that the mpp-define-images
from osbuild-mpp can be passed in to `org.osbuild.sgdisk` just as it
can be passed in today to `org.osbuild.sfdisk`.
Partitions by default are indexed starting at 1, but in
some cases, such as CoreOS for IBM Z, it may be usefull
to set the 'partnum' for GPT disks explicitly, without
creating dummy partitions.
Now user can define an image:
```
mpp-define-images:
- id: image
size: 10737418240
table:
uuid: 00000000-0000-4000-a000-000000000001
label: gpt
partitions:
- name: boot
type: 0FC63DAF-8483-4772-8E79-3D69D8477DE4
partnum: 3
size: 786432
- name: root
type: 0FC63DAF-8483-4772-8E79-3D69D8477DE4
partnum: 4
size: 4194304
```
So target disk would look like:
```
Disklabel type: gpt
Disk identifier: 00000000-0000-4000-A000-000000000001
Device Start End Sectors Size Type
/dev/loop0p3 2048 788479 786432 384M Linux filesystem
/dev/loop0p4 788480 4982783 4194304 2G Linux filesystem
```
This patch updates the osbuild-mpp tool and the sgdisk and sfdisk
stages to support this.
Co-authored-by: Dusty Mabe <dusty@dustymabe.com>
This adds an optional `paths` option to the tar stage. If specified, the
paths will be included in the tarball in order.
The OVA image needs to have its contents in a specific order in the
archive.
Add or remove the immutable bit to the specified mount directory.
The need we have for this right now is for the CoreOS builds where
the immutable bit being set on an OSTree deployment root doesn't
survive the `cp -a --reflink=auto` in the org.osbuild.copy stage when
being copied from the directory tree into the mounted XFS filesystem
we created on the disk image. Thus we have to workaround this loss
of attribute by applying the attribute directly on the mounted
filesystem from the disk.
Introduce a 'stage_schema' fixture, which will load the stage schema
by the stage name defined in the STAGE_NAME defined in the test module
and optionally provided schema version and return it. If no schema
version is specified, version "2" is assumed. Modify all stage unit
tests to use this fixture, instead of loading the stage schema on their
own.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Introduce a 'stage_module' fixture, which will load the stage module by
its name defined in the test module STAGE_NAME variable. Modify all
stage unit tests to use this fixture, instead of loading the stage
module on their own.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add a simple unit test, which ensures that the `datasource_list` key
is dumped in the configuration file on a single line if defined in
the stage options.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The stage dumps invalid cloud-init configuration, in case the
`datasource_list` key has a value assigned. The value is supposed to be
a list, but cloud-init documentation mandates that the value is always a
single line, with no newlines. This was not true in the past.
Fix#1554
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
