Disable host-only mode when running dracut and generate reproducible
images by default.
Suggested-by: gicmo
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Define a set of pre-defined ostree related annotations that can
and should be used to indicate that a container image contains
an OSTree commit. This can be used by other tools to inspect and
extract the commit more easily.
Add support for arbitrary manifest annotations: allow anything
with the exception of the `org.osbuild` and `org.opencontainer`
prefixes. The former is reserved by us, the latter by the OCI
image specification. The latter specifies a set of pre defined
keys, which are not yet supported by osbuild but will be in the
future, partly via more generic options (creation time).
According to the OCI Image Format Specification[1] history entries
for layers in the container are optional; but when trying to push
a container quay.io via skopeo (copy oci-archive:… docker://quay)
it will fail with "Cannot convert an image with 0 history entries".
This seems to come from the containers/image[2] library when the
container is converted back from the docker distribution format
to oci-archive on quay.io. Thus it seems that when skopeo converts
the image to the docker format for the distribution it does not
fill any the history entries, which are then assumed and required
to be there when converting back.
To fix this, insert history entries for each layer that is created.
[1] https://github.com/opencontainers/image-spec/blob/master/config.md
[2] https://github.com/containers/image/
Only include a very specific set of extended attributes:
- user.*: user specified extended attributes
- security.ima: Integrity Measurement Architecture (IMA)
- security.capability: Linux capabilities(7)
This follows what containers/storage[1] and containers/buildah[2]
are doing. It is important to note that we DO NOT want selinux
related extended attributes (`security.selinux`) in there, which
seems to be pulled in by some versions of `tar` even if that was
seemingly excluded via `--no-selinux`. Therefore we also exclude
selinux and xattrs explicitly from the wrapping container to
make sure they are never included.
[1] 35ebda8ae2/pkg/archive/archive.go (L399)
[2] 214e4c9335/copier/xattrs.go (L19)
This reverts commit 59184b23a2.
This change breaks current testing and is not critical.
We will reintroduce it later when there is time to adapt the tests.
Instead of deleting and re-creating /etc/machine-id, just truncate
it to an empty file. This should let the mode be 0444, which is
the mode that systemd also creates it with.
In order to have a more stable package metadata representation,
sort the generated metadata by name. Adapt the tests' metadata
file to reflect that change.
Since `/home` will not end up in the commit¹ move the home
directories to `/var/home`. This is done after the new root
file system has been initialized, and only if `/home` is not
empty.
¹ it is neither copied back in the preptree stage itself, nor
would it be picked up by rpm-ostree compose tree postprocess
were it copied back.
Set the "GRUB_CMDLINE_LINUX" variable in /etc/default/grub to the
kernel command line options. This is used by `grub2-mkconfig` to
assemble the full kernel command line when generating the menu
entires. NB: `GRUB_CMDLINE_LINUX` does NOT include the root fs
bits (`root=...`), since that is generated by grub2-mkconfig
itself.
Do the check if there is a /etc/machine-id before moving /etc to
/usr/etc, because otherwise /etc/machine-id will obviously not
exist and thus the detection is broken.
Instead of including SELinux labels for the content layers via the
`--selinux` tar option, make sure selinux labels are not included by
using the `--no-selinux` option.
The inclusion of the labels was a mistake, since they should be
determined by the target system because selinux labels are not
namespaced. On RHEL/Fedora the SELinux label used is something like
`system_u:object_r:container_ro_file_t:s0` for all the files in the
container.
Including the label was leading to permission problems because
the files had a different label on the host and programs inside
the container get `EACCES`, i.e. Permission denied, errors when
accessing files with the different label.
Interestingly this does not happen on Fedora 33 but only on RHEL.
One possibility is that the overlayfs kernel driver in RHEL is
behaving differently on RHEL than on Fedora.
Port the org.osbuild.tar assembler to a new assembler like stage,
that takes a tree input. The only real change is that instead of
having a compression argument, the compression is now based on
the file ending.
Add support for the 'liveimg' kickstart command, which can be used
with tar payloads included in the installer image, to install
pre-built image archives.
New stage that uses the implantisomd5(1) to implant MD5 checksums
into an ISO. This is then used by a dracut module in the installer
ISO to check the installation medium.
Add a new stage that uses the `xorrisofs`(1) command line utility
to assemble a. The iso can be made bootable by specifying a
combination of the `boot` and `efi` options.
Add a new stage that prepares a bootable file system tree suitable
for writing to an ISO file system. It currently only supports
EFI and PC-BIOS boot. It takes a tree input which will be wrapped
into a ext4 file-system wrapped into a squashfs image.
Add a new stage that uses the recently added lorax template
helpers to execute such a template. The template itself will
be search in the build root, but the command of the script
will operate on the tree.
Add a stage to create a buildstamp file, which is required by
anaconda to properly function, since it configures varies
aspects of the installation target (product, build arch, ...).
Add a stage to configure anaconda. For now only the enabled
kickstart modules can be configured. This is done by dropping
a file "90-osbuild.conf" in `/etc/anaconda/conf.d`.
The current grub configuration has no logic to select the default
boot entry, which means the next boot entry is chosen by grub2
by the sort order of available entries. This will break tooling
like grub2-set-default and grub2-reboot that set on a specific
variable `saved_entry` in the grub environment file `grubenv` to
to point to the select boot entry.
Change our grub configuration file to use that `saved_entry` var
to select the next boot entry to unbreak the tooling.
In addition to the aforementioned tools, the saved_entry is also
updated by the kernel install scripts when new kernel is installed,
but only if the newly installed kernel is the selected default.
Thus not respecting the `saved_entry` variable might cause a bug
where a newly installed non-default kernel gets selected by grub2.
In addition to the required base layer, provided via the the input
of the same name, the oci-archive stage now accepts up to nine
additional layers that get added on top of each other, sorted in
ascending order, i.e. `layer.1` to `layer.9`.
Adapt the `fedora-ostree-container` example manifest so that the
ostree commit is now in a separate layer, which makes it possible
to share the base layer between different commits container.
Should enable greater flexibility of how the initial ram disk is
created. Most importantly it runs dracut by default in no-host-
mode, which is the mode where dracut only includes the drivers
its needs for the currently running system. This mode obviously
does not make much sense in the installer.
The naming of the options follows the dracut nomenclature.
If the run of dracut has been disabled via installing a link to
/dev/null in /etc/kernel/install.d and after the installation of
the packages the /etc/kernel directory is not owned by any newly
installed packages, remove it again.
Add the ability to prevent `dracut` from running via the post
install scripts. This is done by installing symlinks named
like the dracut scripts in `/usr/lib/kernel/install.d/` in
`/etc/kernel/install.d`. They symlinks point to `/dev/null`
and since the ones in `/etc` takes precedent over the system
ones they effectively disable dracut from running.
After the run is completed the symlinks are removed and the
original files thus unmasked.
Port the `org.osbuild.ostree.commit` assembler to a new assembler
like stage. The notable differences are: the fs tree preparation
now happens in the `ostree.preptree` stage and there is no option
to create a tarball, since that should be handled by a tar stage.
This new stage is a combination of the existing `rpm-ostree` stage
and the old `ostree.commit` assembler. It first does prepare a new
OSTree compliant root fs (previously done in `ostree.commit`) and
then uses `rpm-ostree tree postprocess` to perform various post-
processing on the tree to make it fully OSTree compliant.
Explicitly declare the schema for version 2. Notable differences
are the declaration of the `packages` input as well is the lack
of that property in `options`.
Convert the `org.osbuild.ostree` stage to use inputs instead of
sources. In the format (version 1) loading code, convert the
stage to use an input based on the existing stage options.
The stage was structured in a way so that it supports many different
inputs, like, `archive` and in the future maybe trees, git checkouts.
This does not fit very well into the new input model, where instead
seperate `copy.tree` and `copy.files` stages might make more sense.
Since the stage is not been used anywhere, and mainly got added
as a way to get the ignition dracut module via an archive of a git
repo, remove the stage for now. A replacement will be brought back
in the future.
The sysconfig directory contains a variety of system configuration files. The
values found in each of the configuration files may need to be specified
before first boot.
Currently, only the kernel and network configs can be modified and will
override existing files.
Add new org.osbuild.rhsm stage to configure to configure RHSM DNF
plugins. The stage currently supports only enabling / disabling the DNF
plugins. The stage's configuration schema allows extending it in the
future to configure other aspects of RHSM if needed.
The schema specifies each DNF plugin as an explicit object. The reason
is that although currently only setting of one common option (enabled)
is allowed, the 'subscription-manager' plugin's configuration actually
allows one additional plugin-specific option. The stage may support
setting it in the future, which will be easier with distinct objects for
each plugin.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Instead of reading the arguments from sys.stdin, which requires
that stdin is setup properly for that in the runner, use the new
api.arguments() method to directly fetch the arguments.
Also fix missing newlines between imports and methods to be more
PEP-8 complaint, where needed.
Generate and report metadata about all the packages that were
installed. This information will be needed by composer, especially
the 'sigmd5' bit, for integration with koji[1].
[1] https://docs.pagure.org/koji/content_generator_metadata/
The `script` and `test` stages should not be used in produciton, and
their use should be discouraged in general. They may make sense for
debugging, but should not be shipped.
The test stage is still used by the boot tests, so leave that for now,
and only drop the scripts stage.
Signed-off-by: Tom Gundersen <teg@jlkm.no>
