16f1c560cc
An ostree system can be identified as such by the presence of a marker file: /run/ostree-booted. The `rpm-ostree` tool also creates this marker during the _installation_ of the system[1,2]. Recently, starting with F36, the authselect package has taken has become mandatory[3] and is now owning the nsswitch config. An rpm-ostree system, which has parts of the user database in /usr, release on the nss-altfiles to read these databases. The necessary entries are added during the post-processing, which is called in our `org.osbuild.ostree.preptree` stage[4]. This installation is skipped though if the nsswitch is the file is a symlink, indicating that it is owned by some other package, like authselect. So the F36 authselect change first broke rpm- ostree[6]. The fix was to check for `/run/ostree-booted` in the authselect scriptlet and special case this situation[7,8]. Now, our `org.osbuild.rpm` stage does not yet have the ability to pretend it is a running ostree system and thus we did not get the special treatment resulting in nss-altfiles not being enabled in our ostree commits. Therefore the passwd database in /usr was not read and a lot of daemons and programs without a valid user, like e.g. `sshd`. This change introduces a new option, `ostree_booted` that if set, will create the `/run/ostree-booted` marker and thus our installation phase will get the same treatments from packages as rpm-ostree. Hopefully. [1] |
||
|---|---|---|
| .devcontainer | ||
| .github | ||
| assemblers | ||
| data | ||
| devices | ||
| docs | ||
| inputs | ||
| mounts | ||
| osbuild | ||
| runners | ||
| schemas | ||
| schutzbot | ||
| selinux | ||
| sources | ||
| stages | ||
| test | ||
| tools | ||
| .editorconfig | ||
| .gitignore | ||
| .gitlab-ci.yml | ||
| .mypy.ini | ||
| .packit.yaml | ||
| .travis.yml | ||
| LICENSE | ||
| Makefile | ||
| osbuild.spec | ||
| README.md | ||
| requirements.txt | ||
| samples | ||
| Schutzfile | ||
| setup.cfg | ||
| setup.py | ||
OSBuild
Build-Pipelines for Operating System Artifacts
OSBuild is a pipeline-based build system for operating system artifacts. It defines a universal pipeline description and a build system to execute them, producing artifacts like operating system images, working towards an image build pipeline that is more comprehensible, reproducible, and extendable.
See the osbuild(1) man-page for details on how to run osbuild, the definition
of the pipeline description, and more.
Project
- Website: https://www.osbuild.org
- Bug Tracker: https://github.com/osbuild/osbuild/issues
- IRC: #osbuild on Libera.Chat
- Changelog: https://github.com/osbuild/osbuild/releases
Contributing
Please refer to the developer guide to learn about our workflow, code style and more.
Requirements
The requirements for this project are:
bubblewrap >= 0.4.0python >= 3.7
Additionally, the built-in stages require:
bash >= 5.0coreutils >= 8.31curl >= 7.68qemu-img >= 4.2.0rpm >= 4.15tar >= 1.32util-linux >= 235skopeo
At build-time, the following software is required:
python-docutils >= 0.13pkg-config >= 0.29
Testing requires additional software:
pytest
Install
Installing osbuild requires to not only install the osbuild module, but also
additional artifacts such as tools (i.e: osbuild-mpp) sources, stages, schemas
and SELinux policies.
For this reason, doing an installation from source is not trivial and the easier way to install it is to create the set of RPMs that contain all these components.
This can be done with the rpm make target, i.e:
make rpm
A set of RPMs will be created in the ./rpmbuild/RPMS/noarch/ directory and can
be installed in the system using the distribution package manager, i.e:
sudo dnf install ./rpmbuild/RPMS/noarch/*.rpm
Repository:
- web: https://github.com/osbuild/osbuild
- https:
https://github.com/osbuild/osbuild.git - ssh:
git@github.com:osbuild/osbuild.git
License:
- Apache-2.0
- See LICENSE file for details.