This is needed because on a mounted `bootc` container `setfiles`
without excluding `/sysroot` will create many warnings like:
```
setfiles: conflicting specifications for /run/osbuild/tree/sysroot/ostree/repo/objects/00/0ef9ada2ee87792e8ba21afd65aa00d79a1253018832652b8694862fb80e84.file and /run/osbuild/tree/usr/lib/firmware/cirrus/cs35l41-dsp1-spk-prot-103c8b8f-r1.bin.xz, using system_u:object_r:lib_t:s0.
```
but simply excluding this dir fixes them.
The issue with mocking subprocess.call() is that we will not
catch if arguments are passed as eg. integers. So instead use
the `mock_command()` helper so that a real binary is called.
The current `make_container()` helper is a bit silly (which is
entirely my fault). It requires a container tag as input but all
tests end up creating a random number for this input. So instead
just remove the input and return the container_id from the podman
build in the contextmanager and use that.
To start using the `bootc.instal-to-filesystem` stage we need
to be able to test the generated images. This requires a login
on the disk. Traditionally we did that via the `users` stage.
But on a bootc system we do not want to modify the disk after
bootc did the install to avoid messing with things like the
selinux labels or (future) fsverity setups.
So for now we will use the `--root-ssh-authorized-keys` feature
to inject support for login.
So this commit adds a new option to the stage called
`root-ssh-authorized-keys`.
Instead of always parsing the python stage to load meta information
allow the user of a new `{stage}-meta.json` file. This is a first
step towards allowing modules to be written in a different language
than python. It also has some practical advantages:
- slightly faster as it avoids calling python to output the schemas
- easier to write schemas as this can be done in a real json editor
now
- more extensible in a future where stages maybe binaries with
shlib dependencies that are only satisfied in the buildroot
but not on the host
Add the expiredate field to the users option in the org.osbuild.users
stage. This option maps to the --expiredate option of useradd/usermod,
which can be useful when creating users whose password must be changed
upon first login.
This is a follow up to #1550 where we enabled a `rw` permissions mode,
which is not ideal since it would theoretically be possible to set both
`ro` and `rw` modes at the same time. This commit fixes the issue by only
allowing one option at a time.
Fixes#1588
User can now customize the systemd unit load path.
User can select between etc or usr , defaults to 'usr'.
Also user can customize the scope of the service between global
or system, defaults to system.
Signed-off-by: Sayan Paul <paul.sayan@gmail.com>
With the test the helper can now be slightly simplified. Because
we only have two results it seems easier to just use them directly
than to store them in an intermediate result struct.
- Process all necessary operations related to CoreOS
platforms is crucial and specific to CoreOS. This step
is essential for CoreOS exclusively.
- Our approach to handling 'platforms.json' may change as we
advance with the OSBuild work. However, we don't have a clear
vision about how it will be in the future yet, particularly as
we also manage similar components within the osbuild composer
to configure cloud parameters. We probably will know better
when we start working with the cloud artifacts.
As a summary, let's add it know to unblock us, and if we find a
better approach in the future, we can always go back and remove it.
Signed-off-by: Renata Ravanelli <rravanel@redhat.com>
- Add functions for appending kernel parameters to the
Boot Loader Specification (BLS) as needed.
Signed-off-by: Renata Ravanelli <rravanel@redhat.com>
While integrating the changes to grub2 config stage options in the
`osbuild/images` repository, I noticed that the code for grub2.legacy
is embedding the grub2 stage config options struct in its own config
options struct [1]. However, the grub2 stage options contain also the
`default` entry, while the grub2.legacy stage does not allow this option
in its stage options.
This change fixes that and ensures that the grub2 stage options config
section is a subset of the grub2.legacy stage options config section.
[1] d5644f3115/pkg/osbuild/grub2_legacy_stage.go (L85)
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Extend the stage to allow explicitly configuring more grub2 default
config options. Preserve the defaults for options which were previously
hard-coded.
Extend the stage unit test to verify setting of the new grub2 default
config options.
Related to https://issues.redhat.com/browse/RHEL-19583
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Extend the stage to allow explicitly configuring more grub2 default
config options. Preserve the defaults for options which were previously
hard-coded.
Extend the stage unit test to verify setting of the new grub2 default
config options.
Related to https://issues.redhat.com/browse/RHEL-19583
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Small unit test for the new `org.systemd.unit.create` stage. It
will do basic schema validation checks and ensures that a simple
service definition is correctly translated to a systemd unit.
The bootc.install-to-filesystem code needs to run against the
root directory of a mounted tree, i.e. with /boot, /boot/efi
mounted. So change the code so that the target dir is the
the "mounts" paths. This is similar to how bootupd works and
the caller need to arrange the right mount setup there.
Add systemd unit files in osbuild stage
This stage creates systemd unit file in `/usr/lib/systemd/system/`.
The stage accepts filename which must end with `.service`.Section
`Unit` , `Service` , `Install` accepts various parameters as per
the systemd documentaion.`systemd-analyze verify` is be performed
after the .service file is created to check for potential errors.
Signed-off-by: Sayan Paul <paul.sayan@gmail.com>
This commit adds a test that ensures that the output of
podman mount is part of the error message. While writing
the test I also tweaked the code slightly so that we only
try to `podman umount` if we managed to successfully mount.
This commit adds example manifests for a bootc.install-to-filesystem
system. It does not do more with them because running a full test
requires a working podman which is difficult to use inside our
GH runners that are already running inside docker.
This adds a `default: true` option for all cases where OSTree
information is specified in schemas and allows for the information
to be picked up from the filesystem.
This is a safe operation because when building disk images there is
no known case where having two deployments makes sense. In the case
there ever were a case then the osname, ref, and serial options still
exist and can be used.
Co-authored-by: Luke Yang <luyang@redhat.com>
Co-authored-by: Michael Vogt <michael.vogt@gmail.com>
It seems like an artifical limitation to prevent copying from a mount
or from one location in the tree to another. It just so happens we need
this functionality when building CoreOS images because we want to take
a file embedded in the OSTree at a location and copy it to another
location in the tree. The particular example here is we want to copy
/usr/share/coreos-assembler/platforms.json -> /boot/coreos/platforms.json
See https://github.com/coreos/coreos-assembler/pull/3709
Allowing to copy from/to the tree we can now do something like:
```
- type: org.osbuild.copy
options:
paths:
- from: tree:///usr/share/coreos-assembler/platforms.json
to: tree:///boot/coreos/platforms.json
mounts:
- name: ostree.deployment
type: org.osbuild.ostree.deployment
options:
deployment:
ref: ostree/1/1/0
osname:
fedora-coreos
```
In some cases it could useful to add additional kernel options without
modifying BLS config, so any subsequent call to `zipl` would ignore them.
We are going to use this to append `ignition.firstboot` to kernel cmdline
for CoreOS on s390x.
This stage was failing for me in bib, with this change I now
get more useful information from podman's stderr, e.g.:
```
RuntimeError: Failed to mount image (125): time="2024-02-06T14:23:06Z" level=error msg="Unmounting /var/lib/containers/storage/overlay/06456126e7c06cf1b21de024e08e64eddead2b8d03779be213e63aeeea9dec94/merged: invalid argument"
Error: creating overlay mount (...snip...)
fuse: device not found, try 'modprobe fuse' first
fuse-overlayfs: cannot mount: No such file or directory
```
