13035e6f4e
The original CentOS Stream GPG key uses SHA-1 in its signature. However, SHA-1 is by default not allowed by the c10s / el10 crypto policy. As a result, running the stage tests which use c9s on c10s / el10 are failing when rpmkeys tries to import the key. As part of CS-1616 [1], the CS GPG key has been resigned using SHA256, however only in c10s for now. Let's use the SHA256 signed GPG key from c10s for c9s manifests, to make tests pass also on c10s / el10. [1] https://issues.redhat.com/browse/CS-1616 Signed-off-by: Tomáš Hozza <thozza@redhat.com>
162 lines
6.1 KiB
YAML
162 lines
6.1 KiB
YAML
version: '2'
|
|
mpp-vars:
|
|
arch: x86_64
|
|
release: '9'
|
|
distribution: cs$release
|
|
releasever: el$release
|
|
snapshot: '20230202'
|
|
pipelines:
|
|
- mpp-import-pipeline:
|
|
path: centos-stream-build.mpp.yaml
|
|
id: build
|
|
runner:
|
|
mpp-format-string: org.osbuild.centos{release}
|
|
- name: tree
|
|
build: name:build
|
|
stages:
|
|
- type: org.osbuild.rpm
|
|
inputs:
|
|
packages:
|
|
type: org.osbuild.files
|
|
origin: org.osbuild.source
|
|
mpp-depsolve:
|
|
architecture: $arch
|
|
module-platform-id: $releasever
|
|
releasever: $releasever
|
|
repos:
|
|
- id: baseos
|
|
baseurl: https://rpmrepo.osbuild.org/v2/mirror/public/$releasever/$distribution-$arch-baseos-$snapshot/
|
|
- id: appstream
|
|
baseurl: https://rpmrepo.osbuild.org/v2/mirror/public/$releasever/$distribution-$arch-appstream-$snapshot/
|
|
packages:
|
|
- dnf
|
|
- rpm-ostree
|
|
- ostree
|
|
- pigz
|
|
- kernel
|
|
- kernel-modules
|
|
- kernel-modules-extra
|
|
- glibc-all-langpacks
|
|
- grub2-tools-efi
|
|
- efibootmgr
|
|
- shim-x64
|
|
- grub2-efi-x64-cdboot
|
|
- biosdevname
|
|
- memtest86+
|
|
- syslinux
|
|
- grub2-tools
|
|
- grub2-tools-minimal
|
|
- grub2-tools-extra
|
|
- dracut
|
|
- anaconda-dracut
|
|
- dracut-network
|
|
- dracut-config-generic
|
|
- initscripts
|
|
- cryptsetup
|
|
- rpcbind
|
|
- kbd
|
|
- kbd-misc
|
|
- tar
|
|
- xz
|
|
- curl
|
|
- bzip2
|
|
- systemd-sysv
|
|
- systemd-units
|
|
- rsyslog
|
|
- fcoe-utils
|
|
- net-tools
|
|
- nfs-utils
|
|
options:
|
|
gpgkeys:
|
|
- "-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v2.0.22 (GNU/Linux)\n\nmQINBFzMWxkBEADHrskpBgN9OphmhRkc7P/YrsAGSvvl7kfu+e9KAaU6f5MeAVyn\nrIoM43syyGkgFyWgjZM8/rur7EMPY2yt+2q/1ZfLVCRn9856JqTIq0XRpDUe4nKQ\n8BlA7wDVZoSDxUZkSuTIyExbDf0cpw89Tcf62Mxmi8jh74vRlPy1PgjWL5494b3X\n5fxDidH4bqPZyxTBqPrUFuo+EfUVEqiGF94Ppq6ZUvrBGOVo1V1+Ifm9CGEK597c\naevcGc1RFlgxIgN84UpuDjPR9/zSndwJ7XsXYvZ6HXcKGagRKsfYDWGPkA5cOL/e\nf+yObOnC43yPUvpggQ4KaNJ6+SMTZOKikM8yciyBwLqwrjo8FlJgkv8Vfag/2UR7\nJINbyqHHoLUhQ2m6HXSwK4YjtwidF9EUkaBZWrrskYR3IRZLXlWqeOi/+ezYOW0m\nvufrkcvsh+TKlVVnuwmEPjJ8mwUSpsLdfPJo1DHsd8FS03SCKPaXFdD7ePfEjiYk\nnHpQaKE01aWVSLUiygn7F7rYemGqV9Vt7tBw5pz0vqSC72a5E3zFzIIuHx6aANry\nGat3aqU3qtBXOrA/dPkX9cWE+UR5wo/A2UdKJZLlGhM2WRJ3ltmGT48V9CeS6N9Y\nm4CKdzvg7EWjlTlFrd/8WJ2KoqOE9leDPeXRPncubJfJ6LLIHyG09h9kKQARAQAB\ntDpDZW50T1MgKENlbnRPUyBPZmZpY2lhbCBTaWduaW5nIEtleSkgPHNlY3VyaXR5\nQGNlbnRvcy5vcmc+iQI3BBMBCAAhAhsDBgsJCAcDAgYVCAIJCgsDFgIBAh4BAheA\nBQJczFsaAAoJEAW1VbOEg8ZdvOgQAMFTGIQokADy5+CynFKjfO7R0VVpJxmYGVr1\nTjnKaHmjxnJaYqoha9ukGgmLu0r+lJ42Kk6nREk1vlxfRAfiWd00Zkm+K3IMq1/D\nE0heC2vX8qqjsLJs3jzq0hgNvo9X0uHDaA4J1BHsD8sE5in/f4SivjbngvFovRGU\n1XLNCgoqpFNcROP18LqKUw8WtqgWdnYBa5i6D5qx+WMRX0NHNwcCMy1lz+sTFxIU\n9mW6cLsMaacPGD8pUXIVli8P9Vlv3jBk1wFIqRgQPW01ph/3bM7pf9hyM9FAfU4X\nAFcyb1oYI4/82EkICUe6jeuZrz67dPeLVAlYrGW4hp/825g0fqJHxPDp25GS4rAa\n4RqyibLzNjSGdXYeLj2NcB/8OqaP+T1hv3JDaqe70QoYa/GIC4rh15NyXVbUP+LG\nV4vUiL7mb9ynzvF5zYHJbcg4R7dOsiZHrMFwy7FZesQaVrXeJlxRcEj65rpm1ZtZ\nmwAE1k2LsRkvLyr9hpZkXnMeOKYIPwpdmBjXNVNVbq7097OxZOYPPos+iZKMWfl4\nUQnMsCVxonZtamdI4qEc3jMkSZPJKgOplGOms5jdY+EdSvsFWEQ0Snd3dChfU7DV\no4Rbcy5klwHrvuZIOLaovhyxuRPhP6gV9+gzpTK/7vrvDlFbbZE6s212mDZ13RWB\nmTfAxz4h\n=agO/\n-----END PGP PUBLIC KEY BLOCK-----\n"
|
|
exclude:
|
|
docs: true
|
|
disable_dracut: true
|
|
- type: org.osbuild.dracut
|
|
options:
|
|
kernel:
|
|
- mpp-format-string: '{rpms[''tree''][''kernel''].evra}'
|
|
add_modules:
|
|
- convertfs
|
|
- dmsquash-live
|
|
- livenet
|
|
- pollcdrom
|
|
- qemu
|
|
- qemu-net
|
|
- type: org.osbuild.locale
|
|
options:
|
|
language: en_US.UTF-8
|
|
- type: org.osbuild.users
|
|
options:
|
|
users:
|
|
root:
|
|
password: ''
|
|
- name: image
|
|
build: name:build
|
|
stages:
|
|
- type: org.osbuild.squashfs
|
|
inputs:
|
|
tree:
|
|
type: org.osbuild.tree
|
|
origin: org.osbuild.pipeline
|
|
references:
|
|
- name:tree
|
|
options:
|
|
filename: rootfs.img
|
|
compression:
|
|
method: gzip
|
|
- name: initrd
|
|
build: name:build
|
|
stages:
|
|
- type: org.osbuild.gunzip
|
|
inputs:
|
|
file:
|
|
type: org.osbuild.files
|
|
origin: org.osbuild.pipeline
|
|
references:
|
|
name:tree:
|
|
file:
|
|
mpp-format-string: /boot/initramfs-{rpms['tree']['kernel'].evra}.img
|
|
options:
|
|
path: initramfs.img
|
|
- type: org.osbuild.cpio.out
|
|
options:
|
|
filename: initramfs.img
|
|
append: true
|
|
inputs:
|
|
tree:
|
|
type: org.osbuild.tree
|
|
origin: org.osbuild.pipeline
|
|
references:
|
|
- name:image
|
|
- name: uki
|
|
build: name:build
|
|
stages:
|
|
- type: org.osbuild.uki
|
|
options:
|
|
filename: linux.efi
|
|
kernel:
|
|
opts:
|
|
- root=live:/rootfs.img
|
|
inputs:
|
|
kernel:
|
|
type: org.osbuild.files
|
|
origin: org.osbuild.pipeline
|
|
references:
|
|
name:tree:
|
|
file:
|
|
mpp-format-string: /boot/vmlinuz-{rpms['tree']['kernel'].evra}
|
|
initrd:
|
|
type: org.osbuild.files
|
|
origin: org.osbuild.pipeline
|
|
references:
|
|
name:initrd:
|
|
file:
|
|
mpp-format-string: /initramfs.img
|
|
osrel:
|
|
type: org.osbuild.files
|
|
origin: org.osbuild.pipeline
|
|
references:
|
|
name:tree:
|
|
file:
|
|
mpp-format-string: /etc/os-release
|