No description

Find a file

Christian Kellner 7e2bb524a4 devices: add custom udev rule inhibitor mechanism Certain udev rules for block devices are problematic for osbuild. One prominent example is LVM2 related rules that would trigger a scan and auto-activation of logical volumes. This rules are triggered for new block devices or when the backing file of an loop devices changes. The rules will lead to a `lvm pvscan --cache --activate ay` via the `lvm2-pvscan@.service` systemd service. This will auto-activate all LVM2 logical volumes and thus interfering with our own device handling in `devices/ org.osbuild.lvm2.lv`, where we only want to activate a single logical volume. Also, if the lvm2 devices get activated after the manual metadata change done in `org.osbuild.lvm2.metadata` the volume group names might conflict which results in all lvm2 based tooling to be very, ver sad and also said stage to hang since the loopback device can not be detached since the activate logical volumes keep it open. To work-around this we therefore implement a udev rule inhibition mechanism: on the osbuild side a lock file is created via the new class called `UdevInhibitor` in `utils/udev.py`. A custom set of udev rules in `10-osbuild-inhibitor.rules` is then acting on the existence of that lock file and if present will opt-out of certain further processing. See the udev rules file for more details. In fact, we want this custom inhibition mechanism, for all block devices that are under osbuild's control, since these rules are there to provide automatisms and integrations with the host, something we never want. NB: this should not affect the detection of devices, since lvm2 does do a scan of devices when we call `lvdisplay` in `lvm2.lv`. The call chain as of lvm2 git rev f773040: _lvdisplay_single [tools/lvdisplay.c process_each_lv [tools/toollib.c lvmcache_label_scan [lib/cache/lvmcache.c label_scan [ibidem, here is the device detection! lvdisplay_full [lib/display/display.c		2021-12-09 00:44:21 +00:00
.devcontainer	devcontainer: include packit, boto3 & more tools	2021-08-17 10:42:03 +02:00
.github	[skip ci] ci: remove automerge again	2021-12-08 23:02:27 +01:00
assemblers	assembler/ostree.commit: fix copying of links	2021-07-16 10:32:12 +02:00
data	devices: add custom udev rule inhibitor mechanism	2021-12-09 00:44:21 +00:00
devices	devices/loopback: remove extra "'" from print	2021-10-13 17:10:09 +02:00
docs	docs: add --export option to the osbuild man page	2021-07-14 14:35:30 +02:00
inputs	inputs/ostree.checkout: don't overwrite refs	2021-08-24 01:21:03 +02:00
mounts	mounts/ostree.deployment: initialize fields	2021-12-03 17:09:33 +00:00
osbuild	devices: add custom udev rule inhibitor mechanism	2021-12-09 00:44:21 +00:00
runners	runners: add rhel7 runner	2021-10-30 00:54:09 +01:00
schemas	schema/v2: make mount source and target optional	2021-10-30 15:32:44 +01:00
schutzbot	schutzbot: drop send_webhook.py script	2021-12-02 12:03:51 +00:00
selinux	docs: document osbuild and selinux integration	2021-10-01 11:02:32 +02:00
sources	sources: port to host services	2021-09-22 00:00:20 +02:00
stages	stages: add new org.osbuild.crypttab stage	2021-12-09 00:44:21 +00:00
test	devices: add custom udev rule inhibitor mechanism	2021-12-09 00:44:21 +00:00
tools	osbuild-mpp: ConstructorError was undefined	2021-12-02 17:33:46 +01:00
.editorconfig	editorconfig: include markdown specifications	2020-10-23 16:29:50 +02:00
.gitignore	gitignore: Ignore generated man pages	2021-11-26 19:39:42 +00:00
.gitlab-ci.yml	tests: enable testing on aarch64 RHEL	2021-11-29 14:46:09 +01:00
.packit.yaml	packit: enable copr builds for CS9 on main	2021-11-18 19:46:46 +01:00
.travis.yml	ci: move test_boot to github-actions	2020-05-13 22:00:27 +02:00
LICENSE	Revert "Fill in the license template"	2019-11-18 12:23:10 +01:00
Makefile	make: require clean git for make make	2021-12-08 14:22:12 +01:00
osbuild.spec	devices: add custom udev rule inhibitor mechanism	2021-12-09 00:44:21 +00:00
README.md	Switch to simple upstream releases	2021-10-19 11:21:54 +02:00
requirements.txt	Makefile: use pytest for nicer output	2020-12-04 18:24:48 +01:00
samples	samples: replace with symlink to test data	2021-07-12 18:44:50 +02:00
setup.cfg	setup: disable new pylint warnings	2021-11-19 00:19:05 +00:00
setup.py	Post release version bump	2021-12-01 13:18:53 +00:00

README.md

OSBuild

Build-Pipelines for Operating System Artifacts

OSBuild is a pipeline-based build system for operating system artifacts. It defines a universal pipeline description and a build system to execute them, producing artifacts like operating system images, working towards an image build pipeline that is more comprehensible, reproducible, and extendable.

See the osbuild(1) man-page for details on how to run osbuild, the definition of the pipeline description, and more.

Project

Website: https://www.osbuild.org
Bug Tracker: https://github.com/osbuild/osbuild/issues
IRC: #osbuild on Libera.Chat
Changelog: https://github.com/osbuild/osbuild/releases

Contributing

Please refer to the developer guide to learn about our workflow, code style and more.

Requirements

The requirements for this project are:

bubblewrap >= 0.4.0
python >= 3.7

Additionally, the built-in stages require:

bash >= 5.0
coreutils >= 8.31
curl >= 7.68
qemu-img >= 4.2.0
rpm >= 4.15
tar >= 1.32
util-linux >= 235

At build-time, the following software is required:

python-docutils >= 0.13
pkg-config >= 0.29

Testing requires additional software:

pytest

Install

Installing osbuild requires to not only install the osbuild module, but also additional artifacts such as tools (i.e: osbuild-mpp) sources, stages, schemas and SELinux policies.

For this reason, doing an installation from source is not trivial and the easier way to install it is to create the set of RPMs that contain all these components.

This can be done with the rpm make target, i.e:

make rpm

A set of RPMs will be created in the ./rpmbuild/RPMS/noarch/ directory and can be installed in the system using the distribution package manager, i.e:

sudo dnf install ./rpmbuild/RPMS/noarch/*.rpm

Repository:

web: https://github.com/osbuild/osbuild
https: https://github.com/osbuild/osbuild.git
ssh: git@github.com:osbuild/osbuild.git

License:

Apache-2.0
See LICENSE file for details.