This is a new stage to be able to write a (subset) of relevant keys into
the `wsl-distribution` configuration file.
The file, and these options, are necessary for the enablement of fancy
logos and experiences in WSL2.
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
On Python 3.6 we're getting a *different* error message from other
versions in CI. Let's accept both versions.
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
For the terminal_input, terminal_output, and serial variables in the
GRUB_CFG_TEMPLATE, the keys were not set when those variables were not
defined in the options. This caused the template variables to show up
in the final file itself, which could break the config. For example,
the following line was being generated for one of our images:
serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1${terminal_input}${terminal_output}
Setting the keys to an empty string when they're not defined solves the
issue.
Since this is a stage behaviour change, the new behaviour is toggled by
an option that maintains backwards compatibility when not set.
This introduces a new convention of adding a `compat_version` number to
the stage options to control the behaviour. The value defaults to 1,
which is the old (broken) behaviour. Manifest generators should always
set it to 2 to get the correct behaviour.
Add the ability to exclude files and directories from the erofs
image. This uses the mkfs.erofs --exclude-regex feature, so simple
matches or regexes can be used.
Add the ability to exclude files and directories from the squashfs
image. This uses the mksquashfs -regex -e FILES... feature, so simple
matches or regexes can be used.
This also adds a new test for squashfs, based on the existing test for
erofs.
The `org.osbuild.tar` stage only supports auto compression which is
based on the filename. For several (newer) artifacts such as Vagrant
(`.box`) and WSL (`.wsl`) we want to explicitly give the compression
algorithm.
I've chosen a (few) commonly used compression algorithms. If others are
needed they are one-line followups away.
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
Add a new %post option to the kickstart stage that supports adding
multiple post blocks to a kickstart file, with all the options supported
by the directive.
Extend the stage to support setting new options:
- Provisioning.UseCloudInit
- Provisioning.Enabled
Extend the stage test to use them and add a simple stage unit test for
the schema.
Related to https://github.com/osbuild/images/issues/1416
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Use a temporary directory for the output of grub2-mkimage.
This makes the stage clean up the grub2-core.img from the build root
after its done. It also has the nice side-effect that unit tests that
call the stage are independent. Previously, a bug in the stage *might*
have been missed if a certain configuration of the stage was not
creating the grub2-core.img. One unit test could create an image at the fixed path
(/var/tmp/grub2-core.img) and then another one could call the stage with
the buggy configuration but the `shutil.copyfile()` call at the end of
the stage would succeed because it would find the image from the
previous stage run.
To accommodate for this change, the unit test with the mocked run call
is adjusted to intercept the random tmp output path and use it to create
a fake file for the stage to succeed.
This commit adds a test that mocks subprocess.run() so that we
can regression test the arguments passed to "grub-mkimage".
This is a regression test for
https://github.com/osbuild/osbuild/issues/2037
This commit replaces the `/usr/bin/logger` binary in the dracut
chroot with a bind mount to `/usr/bin/true` to silence the spam
that we get from dracut during initramfs generation:
```
logger: socket /dev/log: No such file or directory
```
Unfortunately I could not find a nicer way, it seems it is
not possible to simply pass `sysloglvl=0` via the commandline
or an environment.
The extra complication here is that the dracut stage mounts
`devtmpfs` which will likely include:
```
/dev/log -> /run/systemd/journal/dev-log
```
but of course inside this chroot there is no `/run` which
leads to these messages.
Closes: https://github.com/osbuild/osbuild/issues/1976
Add an additional option called `kernel_line_size`
to allow setting a maximum cmdline size check
value for custom kernels or other restrictions.
This will override the arch defaults, if not set,
then the size map is checked, and if the current
architecture is not in the map, fallback to
4096, which is the max value allowed for
COMMAND_LINE_SIZE.
Signed-off-by: Albert Esteve <aesteve@redhat.com>
Instead of passing in the path we name the file according to the module
name. Path can be reintroduced later if absolutely necessary.
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
This helps to clear a risk concern for
automotive.
Add optional flag to org.osbuild.mkfs.ext4 stage
to enable/disable both lazy_itable_init and
lazy_journal_init extended options. Both mke2fs
options are controled by the same flag, namely
`lazy_init`.
Signed-off-by: Albert Esteve <aesteve@redhat.com>
This commit adds support to run the tests on Debian/Ubuntu systems.
Here the binary is called `grub-mkimage` instead of `grub2-mkimage`,
in addition the "grub-pc-bin" package must be installed there.
Don't include the "location" offset, and use just a path for the prefix
section to set the path of the grub2 modules on the iso. eg.
{
"filename": "eltorito.img",
"platform": "i386-pc",
"core": {
"type": "mkimage",
"partlabel": "gpt",
"filesystem": "iso9660"
},
"prefix": {
"path": "/boot/grub2/"
}
}
It's a no-op nowadays, we dropped support for the custom
ostree-container signature verification status.
Signed-off-by: Colin Walters <walters@verbum.org>
This commit adds some unit tests around the coreos live-artifcats
mono stage.
- test/coreos_live_artifacts: add test for align_initrd()
- test/coreos_live_artifacts: add test for extend_initramfs()
- This actually tests the mkinitrd_pipe() function, which
extend_initramfs() calls after opening the file.
- test/coreos_live_artifacts: add test for make_stream_hash()
- test/coreos_live_artifacts: add test for make_efi_bootfile()
Co-authored-by: Achilleas Koutsou <achilleas@koutsou.net>
Add DNF5 version of the `sbom.spdx` stage, which generates an SPDX SBOM
document from a given FS tree using libdnf5 API.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Use Chroot class from osbuild.util.chroot module, instead of calling
`chroot` directly. The class handles mounting of various paths in the
chroot to make us more usable. This resolves new failure when running
the stage test on F41 results in `mkhomedir_heper` failing with `6`
return code, meaning permissions denied.
Adjust the stage unit tests, because `chroot.Chroot` can't work with
`pathlib.Path`.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The test case is skipped in the upstream CI, because the `autotailor`
executable is not installed in the `osbuild-ci` image. This will not
be the case in the future and the CI run will reveal a Python 3.6
incompatibility in the test implementation. Fix it.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
This adds support for specifying paths to operate on,
rather than just the root of the target:
```
- type: org.osbuild.selinux
options:
file_contexts: etc/selinux/targeted/contexts/files/file_contexts
target: mount://root/path/to/dir
mounts:
- name: root
source: disk
target: /
```
or
```
- type: org.osbuild.selinux
options:
labels:
mount://root/path/to/file: system_u:object_r:boot_t:s0
mount://root/path/to/other/file: system_u:object_r:var_t:s0
mounts:
- name: root
source: disk
target: /
```
Add remove-signatures option to container-deploy stage.
The option will be translated to --remove-signatures
skopeo option and passed to skopeo when copying the container.
This option must be set when deploying signed containers.
Signed-off-by: Miguel Martín <mmartinv@redhat.com>
For usecases where for example selinux is not supported,
we should expect more errors from tar so we should also accept this
when matching the string.
Kudos go to Achilleas Koutsou <achilleas@koutsou.net> for this hint
