From bb4f71197ea3d6f7d7163c6cea6d65071cf67ae2 Mon Sep 17 00:00:00 2001 From: Andre Marianiello Date: Tue, 12 Mar 2024 22:18:44 -0400 Subject: [PATCH] Update osbuild/image to v0.51.0 Extend user customizations to include an expiration date. This allows users to be configured to require password change on first login. --- go.mod | 2 +- go.sum | 4 +- internal/blueprint/customizations.go | 1 + internal/blueprint/customizations_test.go | 36 +++-------- .../images/pkg/blueprint/customizations.go | 1 + .../images/pkg/customizations/users/users.go | 1 + .../osbuild/images/pkg/distro/distro.go | 13 ++++ .../images/pkg/distro/fedora/distro.go | 34 ++++++++-- .../images/pkg/distro/fedora/images.go | 32 +++++++--- .../images/pkg/distro/fedora/imagetype.go | 15 +++++ .../pkg/distro/fedora/partition_tables.go | 14 +++-- .../images/pkg/distro/fedora/version.go | 1 + .../osbuild/images/pkg/distro/rhel7/distro.go | 8 +++ .../images/pkg/distro/rhel7/imagetype.go | 17 +++++ .../images/pkg/distro/rhel8/bare_metal.go | 1 + .../osbuild/images/pkg/distro/rhel8/distro.go | 11 +++- .../osbuild/images/pkg/distro/rhel8/edge.go | 2 + .../osbuild/images/pkg/distro/rhel8/images.go | 20 ++++-- .../images/pkg/distro/rhel8/imagetype.go | 28 +++++++++ .../pkg/distro/rhel8/partition_tables.go | 62 ++++++++++++++----- .../images/pkg/distro/rhel9/bare_metal.go | 1 + .../osbuild/images/pkg/distro/rhel9/distro.go | 13 ++-- .../osbuild/images/pkg/distro/rhel9/edge.go | 2 + .../osbuild/images/pkg/distro/rhel9/images.go | 28 +++++++-- .../images/pkg/distro/rhel9/imagetype.go | 48 ++++++++++---- .../images/pkg/distro/test_distro/distro.go | 12 ++++ .../osbuild/images/pkg/dnfjson/dnfjson.go | 8 +++ .../pkg/image/anaconda_container_installer.go | 32 ++++------ .../pkg/image/anaconda_live_installer.go | 30 ++++----- .../pkg/image/anaconda_ostree_installer.go | 32 ++++------ .../pkg/image/anaconda_tar_installer.go | 32 ++++------ .../osbuild/images/pkg/image/ostree_disk.go | 3 + .../images/pkg/manifest/anaconda_installer.go | 7 ++- .../images/pkg/manifest/ostree_deployment.go | 50 +++++++++++++++ .../osbuild/images/pkg/osbuild/curl_source.go | 4 ++ .../pkg/osbuild/systemd_unit_create_stage.go | 61 ++++++++++++++++++ .../osbuild/images/pkg/osbuild/users_stage.go | 2 + .../osbuild/images/pkg/policies/policies.go | 16 ++--- .../osbuild/images/pkg/rpmmd/repository.go | 11 +++- vendor/modules.txt | 2 +- 40 files changed, 518 insertions(+), 179 deletions(-) create mode 100644 vendor/github.com/osbuild/images/pkg/osbuild/systemd_unit_create_stage.go diff --git a/go.mod b/go.mod index 57e53a3c93f..ecac8f6bc4b 100644 --- a/go.mod +++ b/go.mod @@ -36,7 +36,7 @@ require ( github.com/labstack/gommon v0.4.2 github.com/openshift-online/ocm-sdk-go v0.1.398 github.com/oracle/oci-go-sdk/v54 v54.0.0 - github.com/osbuild/images v0.47.0 + github.com/osbuild/images v0.51.0 github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20231117174845-e969a9dc3cd1 github.com/osbuild/pulp-client v0.1.0 github.com/prometheus/client_golang v1.18.0 diff --git a/go.sum b/go.sum index 88f0a18cb85..598e161357d 100644 --- a/go.sum +++ b/go.sum @@ -501,8 +501,8 @@ github.com/openshift-online/ocm-sdk-go v0.1.398 h1:6C1mDcPxzG4jSduOaWixTTI5gSEO+ github.com/openshift-online/ocm-sdk-go v0.1.398/go.mod h1:tke8vKcE7eHKyRbkJv6qo4ljo919zhx04uyQTcgF5cQ= github.com/oracle/oci-go-sdk/v54 v54.0.0 h1:CDLjeSejv2aDpElAJrhKpi6zvT/zhZCZuXchUUZ+LS4= github.com/oracle/oci-go-sdk/v54 v54.0.0/go.mod h1:+t+yvcFGVp+3ZnztnyxqXfQDsMlq8U25faBLa+mqCMc= -github.com/osbuild/images v0.47.0 h1:wk0LDcQyTXOb5br8dxBcsgxTDRNnx3N2U0MKXvfN+2g= -github.com/osbuild/images v0.47.0/go.mod h1:eM/J8+hEUH0jrwcy3DtE6SDg+bRMWFZIf5d+YDyhoDY= +github.com/osbuild/images v0.51.0 h1:JXqq596RgNlI0DzRmInHEKhXS71umwArp6BVgziOvFE= +github.com/osbuild/images v0.51.0/go.mod h1:eM/J8+hEUH0jrwcy3DtE6SDg+bRMWFZIf5d+YDyhoDY= github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20231117174845-e969a9dc3cd1 h1:UFEJIcPa46W8gtWgOYzriRKYyy1t6SWL0BI7fPTuVvc= github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20231117174845-e969a9dc3cd1/go.mod h1:z+WA+dX6qMwc7fqY5jCzESDIlg4WR2sBQezxsoXv9Ik= github.com/osbuild/pulp-client v0.1.0 h1:L0C4ezBJGTamN3BKdv+rKLuq/WxXJbsFwz/Hj7aEmJ8= diff --git a/internal/blueprint/customizations.go b/internal/blueprint/customizations.go index 6a565fc6202..df01411f6eb 100644 --- a/internal/blueprint/customizations.go +++ b/internal/blueprint/customizations.go @@ -74,6 +74,7 @@ type UserCustomization struct { Groups []string `json:"groups,omitempty" toml:"groups,omitempty"` UID *int `json:"uid,omitempty" toml:"uid,omitempty"` GID *int `json:"gid,omitempty" toml:"gid,omitempty"` + ExpireDate *int `json:"expiredate,omitempty" toml:"expiredate,omitempty"` } type GroupCustomization struct { diff --git a/internal/blueprint/customizations_test.go b/internal/blueprint/customizations_test.go index 8cf49f29406..c6684da512b 100644 --- a/internal/blueprint/customizations_test.go +++ b/internal/blueprint/customizations_test.go @@ -20,7 +20,7 @@ func TestCheckAllowed(t *testing.T) { GID := 321 expectedUsers := []UserCustomization{ - UserCustomization{ + { Name: "John", Description: &Desc, Password: &Pass, @@ -33,7 +33,7 @@ func TestCheckAllowed(t *testing.T) { }, } - var expectedHostname = "Hostname" + expectedHostname := "Hostname" x := Customizations{Hostname: &expectedHostname, User: expectedUsers} @@ -50,8 +50,7 @@ func TestCheckAllowed(t *testing.T) { } func TestGetHostname(t *testing.T) { - - var expectedHostname = "Hostname" + expectedHostname := "Hostname" TestCustomizations := Customizations{ Hostname: &expectedHostname, @@ -59,11 +58,9 @@ func TestGetHostname(t *testing.T) { retHostname := TestCustomizations.GetHostname() assert.Equal(t, &expectedHostname, retHostname) - } func TestGetKernel(t *testing.T) { - expectedKernel := KernelCustomization{ Append: "--test", Name: "kernel", @@ -79,9 +76,8 @@ func TestGetKernel(t *testing.T) { } func TestSSHKey(t *testing.T) { - expectedSSHKeys := []SSHKeyCustomization{ - SSHKeyCustomization{ + { User: "test-user", Key: "test-key", }, @@ -95,11 +91,9 @@ func TestSSHKey(t *testing.T) { assert.Equal(t, expectedSSHKeys[0].User, retUser) assert.Equal(t, expectedSSHKeys[0].Key, retKey) - } func TestGetUsers(t *testing.T) { - Desc := "Test descritpion" Pass := "testpass" Key := "testkey" @@ -110,9 +104,10 @@ func TestGetUsers(t *testing.T) { } UID := 123 GID := 321 + ExpireDate := 12345 expectedUsers := []UserCustomization{ - UserCustomization{ + { Name: "John", Description: &Desc, Password: &Pass, @@ -122,6 +117,7 @@ func TestGetUsers(t *testing.T) { Groups: Groups, UID: &UID, GID: &GID, + ExpireDate: &ExpireDate, }, } @@ -135,10 +131,9 @@ func TestGetUsers(t *testing.T) { } func TestGetGroups(t *testing.T) { - GID := 1234 expectedGroups := []GroupCustomization{ - GroupCustomization{ + { Name: "TestGroup", GID: &GID, }, @@ -154,7 +149,6 @@ func TestGetGroups(t *testing.T) { } func TestGetTimezoneSettings(t *testing.T) { - expectedTimezone := "testZONE" expectedNTPServers := []string{ "server", @@ -173,11 +167,9 @@ func TestGetTimezoneSettings(t *testing.T) { assert.Equal(t, expectedTimezone, *retTimezone) assert.Equal(t, expectedNTPServers, retNTPServers) - } func TestGetPrimaryLocale(t *testing.T) { - expectedLanguages := []string{ "enUS", } @@ -199,7 +191,6 @@ func TestGetPrimaryLocale(t *testing.T) { } func TestGetFirewall(t *testing.T) { - expectedPorts := []string{"22", "9090"} expectedServices := FirewallServicesCustomization{ @@ -224,7 +215,6 @@ func TestGetFirewall(t *testing.T) { } func TestGetServices(t *testing.T) { - expectedServices := ServicesCustomization{ Enabled: []string{"cockpit", "osbuild-composer"}, Disabled: []string{"sshd", "ftp"}, @@ -250,12 +240,10 @@ func TestError(t *testing.T) { retError := expectedError.Error() assert.Equal(t, expectedError.Message, retError) - } // This tests calling all the functions on a Blueprint with no Customizations func TestNoCustomizationsInBlueprint(t *testing.T) { - TestBP := Blueprint{} assert.Nil(t, TestBP.Customizations.GetHostname()) @@ -276,8 +264,7 @@ func TestNoCustomizationsInBlueprint(t *testing.T) { // This tests additional scenarios where GetPrimaryLocale() returns nil values func TestNilGetPrimaryLocale(t *testing.T) { - - //Case empty Customization + // Case empty Customization TestCustomizationsEmpty := Customizations{} retLanguage, retKeyboard := TestCustomizationsEmpty.GetPrimaryLocale() @@ -285,7 +272,7 @@ func TestNilGetPrimaryLocale(t *testing.T) { assert.Nil(t, retLanguage) assert.Nil(t, retKeyboard) - //Case empty Languages + // Case empty Languages expectedKeyboard := "en" expectedLocaleCustomization := LocaleCustomization{ Keyboard: &expectedKeyboard, @@ -299,12 +286,10 @@ func TestNilGetPrimaryLocale(t *testing.T) { assert.Nil(t, retLanguage) assert.Equal(t, expectedKeyboard, *retKeyboard) - } // This tests additional scenario where GetTimezoneSEtting() returns nil values func TestNilGetTimezoneSettings(t *testing.T) { - TestCustomizationsEmpty := Customizations{} retTimezone, retNTPServers := TestCustomizationsEmpty.GetTimezoneSettings() @@ -314,7 +299,6 @@ func TestNilGetTimezoneSettings(t *testing.T) { } func TestGetOpenSCAPConfig(t *testing.T) { - expectedOscap := OpenSCAPCustomization{ DataStream: "test-data-stream.xml", ProfileID: "test_profile", diff --git a/vendor/github.com/osbuild/images/pkg/blueprint/customizations.go b/vendor/github.com/osbuild/images/pkg/blueprint/customizations.go index 7750bb5c560..880f8ee39ef 100644 --- a/vendor/github.com/osbuild/images/pkg/blueprint/customizations.go +++ b/vendor/github.com/osbuild/images/pkg/blueprint/customizations.go @@ -72,6 +72,7 @@ type UserCustomization struct { Groups []string `json:"groups,omitempty" toml:"groups,omitempty"` UID *int `json:"uid,omitempty" toml:"uid,omitempty"` GID *int `json:"gid,omitempty" toml:"gid,omitempty"` + ExpireDate *int `json:"expiredate,omitempty" toml:"expiredate,omitempty"` } type GroupCustomization struct { diff --git a/vendor/github.com/osbuild/images/pkg/customizations/users/users.go b/vendor/github.com/osbuild/images/pkg/customizations/users/users.go index 02f39d089c7..a88b2c3ae60 100644 --- a/vendor/github.com/osbuild/images/pkg/customizations/users/users.go +++ b/vendor/github.com/osbuild/images/pkg/customizations/users/users.go @@ -12,6 +12,7 @@ type User struct { Groups []string UID *int GID *int + ExpireDate *int } type Group struct { diff --git a/vendor/github.com/osbuild/images/pkg/distro/distro.go b/vendor/github.com/osbuild/images/pkg/distro/distro.go index 1de084cb163..f44642d9a79 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/distro.go +++ b/vendor/github.com/osbuild/images/pkg/distro/distro.go @@ -45,10 +45,19 @@ type Distro interface { // files on the host system and required for the subscription support. Releasever() string + // Returns the OS version of the distro, which may contain minor versions + // if the distro supports them. This is used in various places where the + // minor version of the distro is needed to determine the correct + // configuration. + OsVersion() string + // Returns the module platform id of the distro. This is used by DNF // for modularity support. ModulePlatformID() string + // Returns the product name of the distro. + Product() string + // Returns the ostree reference template OSTreeRef() string @@ -96,6 +105,10 @@ type ImageType interface { // Returns the default OSTree ref for the image type. OSTreeRef() string + // Returns the ISO Label for the image type. Returns an error if the image + // type is not an ISO. + ISOLabel() (string, error) + // Returns the proper image size for a given output format. If the input size // is 0 the default value for the format will be returned. Size(size uint64) uint64 diff --git a/vendor/github.com/osbuild/images/pkg/distro/fedora/distro.go b/vendor/github.com/osbuild/images/pkg/distro/fedora/distro.go index db5fad67e2c..52eaead69ea 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/fedora/distro.go +++ b/vendor/github.com/osbuild/images/pkg/distro/fedora/distro.go @@ -86,10 +86,12 @@ var ( osPkgsKey: minimalrpmPackageSet, installerPkgsKey: imageInstallerPackageSet, }, - bootable: true, - bootISO: true, - rpmOstree: false, - image: imageInstallerImage, + bootable: true, + bootISO: true, + rpmOstree: false, + image: imageInstallerImage, + // We don't know the variant of the OS pipeline being installed + isoLabel: getISOLabelFunc("Unknown"), buildPipelines: []string{"build"}, payloadPipelines: []string{"anaconda-tree", "rootfs-image", "efiboot-tree", "os", "bootiso-tree", "bootiso"}, exports: []string{"bootiso"}, @@ -107,6 +109,7 @@ var ( bootISO: true, rpmOstree: false, image: liveInstallerImage, + isoLabel: getISOLabelFunc("Workstation"), buildPipelines: []string{"build"}, payloadPipelines: []string{"anaconda-tree", "rootfs-image", "efiboot-tree", "bootiso-tree", "bootiso"}, exports: []string{"bootiso"}, @@ -183,6 +186,7 @@ var ( rpmOstree: true, bootISO: true, image: iotInstallerImage, + isoLabel: getISOLabelFunc("IoT"), buildPipelines: []string{"build"}, payloadPipelines: []string{"anaconda-tree", "rootfs-image", "efiboot-tree", "bootiso-tree", "bootiso"}, exports: []string{"bootiso"}, @@ -203,6 +207,7 @@ var ( bootable: true, bootISO: true, image: iotSimplifiedInstallerImage, + isoLabel: getISOLabelFunc("IoT"), buildPipelines: []string{"build"}, payloadPipelines: []string{"ostree-deployment", "image", "xz", "coi-tree", "efiboot-tree", "bootiso-tree", "bootiso"}, exports: []string{"bootiso"}, @@ -377,6 +382,10 @@ var ( // NOTE: temporary workaround for a bug in initial-setup that // requires a kickstart file in the root directory. Files: []*fsnode.File{initialSetupKickstart()}, + Grub2Config: &osbuild.GRUB2Config{ + // Overwrite the default Grub2 timeout value. + Timeout: 5, + }, }, rpmOstree: false, kernelOptions: defaultKernelOptions, @@ -408,6 +417,15 @@ var defaultDistroImageConfig = &distro.ImageConfig{ Locale: common.ToPtr("en_US"), } +func getISOLabelFunc(variant string) isoLabelFunc { + const ISO_LABEL = "%s-%s-%s-%s" + + return func(t *imageType) string { + return fmt.Sprintf(ISO_LABEL, t.Arch().Distro().Product(), t.Arch().Distro().OsVersion(), variant, t.Arch().Name()) + } + +} + func getDistro(version int) distribution { return distribution{ name: fmt.Sprintf("fedora-%d", version), @@ -429,6 +447,14 @@ func (d *distribution) Releasever() string { return d.releaseVersion } +func (d *distribution) OsVersion() string { + return d.releaseVersion +} + +func (d *distribution) Product() string { + return d.product +} + func (d *distribution) ModulePlatformID() string { return d.modulePlatformID } diff --git a/vendor/github.com/osbuild/images/pkg/distro/fedora/images.go b/vendor/github.com/osbuild/images/pkg/distro/fedora/images.go index 13b1f4c0c70..9f1fbd2f94f 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/fedora/images.go +++ b/vendor/github.com/osbuild/images/pkg/distro/fedora/images.go @@ -22,8 +22,6 @@ import ( "github.com/osbuild/images/pkg/rpmmd" ) -const ISO_LABEL = "%s-%s-%s-%s" - // HELPERS func osCustomizations( @@ -333,7 +331,13 @@ func liveInstallerImage(workload workload.Workload, img.Variant = "Workstation" img.OSVersion = d.osVersion img.Release = fmt.Sprintf("%s %s", d.product, d.osVersion) - img.ISOLabel = fmt.Sprintf(ISO_LABEL, img.Product, img.OSVersion, img.Variant, img.Platform.GetArch()) + img.Preview = common.VersionGreaterThanOrEqual(img.OSVersion, VERSION_BRANCHED) + + var err error + img.ISOLabel, err = t.ISOLabel() + if err != nil { + return nil, err + } img.Filename = t.Filename() @@ -388,8 +392,13 @@ func imageInstallerImage(workload workload.Workload, img.OSVersion = d.osVersion img.Release = fmt.Sprintf("%s %s", d.product, d.osVersion) - // We don't know the variant of the OS pipeline being installed - img.ISOLabel = fmt.Sprintf(ISO_LABEL, img.Product, img.OSVersion, img.Variant, img.Platform.GetArch()) + img.Preview = common.VersionGreaterThanOrEqual(img.OSVersion, VERSION_BRANCHED) + + var err error + img.ISOLabel, err = t.ISOLabel() + if err != nil { + return nil, err + } img.Filename = t.Filename() @@ -553,7 +562,12 @@ func iotInstallerImage(workload workload.Workload, img.Remote = "fedora-iot" img.OSVersion = d.osVersion img.Release = fmt.Sprintf("%s %s", d.product, d.osVersion) - img.ISOLabel = fmt.Sprintf(ISO_LABEL, img.Product, img.OSVersion, img.Variant, img.Platform.GetArch()) + img.Preview = common.VersionGreaterThanOrEqual(img.OSVersion, VERSION_BRANCHED) + + img.ISOLabel, err = t.ISOLabel() + if err != nil { + return nil, err + } img.Filename = t.Filename() @@ -708,7 +722,11 @@ func iotSimplifiedInstallerImage(workload workload.Workload, img.Variant = "IoT" img.OSName = "fedora" img.OSVersion = d.osVersion - img.ISOLabel = fmt.Sprintf(ISO_LABEL, img.Product, img.OSVersion, img.Variant, img.Platform.GetArch()) + + img.ISOLabel, err = t.ISOLabel() + if err != nil { + return nil, err + } return img, nil } diff --git a/vendor/github.com/osbuild/images/pkg/distro/fedora/imagetype.go b/vendor/github.com/osbuild/images/pkg/distro/fedora/imagetype.go index 7bdd9f5409b..6880f611f8a 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/fedora/imagetype.go +++ b/vendor/github.com/osbuild/images/pkg/distro/fedora/imagetype.go @@ -25,6 +25,8 @@ type imageFunc func(workload workload.Workload, t *imageType, bp *blueprint.Blue type packageSetFunc func(t *imageType) rpmmd.PackageSet +type isoLabelFunc func(t *imageType) string + type imageType struct { arch *architecture platform platform.Platform @@ -43,6 +45,7 @@ type imageType struct { payloadPipelines []string exports []string image imageFunc + isoLabel isoLabelFunc // bootISO: installable ISO bootISO bool @@ -79,6 +82,18 @@ func (t *imageType) OSTreeRef() string { return "" } +func (t *imageType) ISOLabel() (string, error) { + if !t.bootISO { + return "", fmt.Errorf("image type %q is not an ISO", t.name) + } + + if t.isoLabel != nil { + return t.isoLabel(t), nil + } + + return "", nil +} + func (t *imageType) Size(size uint64) uint64 { // Microsoft Azure requires vhd images to be rounded up to the nearest MB if t.name == "vhd" && size%common.MebiByte != 0 { diff --git a/vendor/github.com/osbuild/images/pkg/distro/fedora/partition_tables.go b/vendor/github.com/osbuild/images/pkg/distro/fedora/partition_tables.go index 8cda36bca81..be47fd26083 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/fedora/partition_tables.go +++ b/vendor/github.com/osbuild/images/pkg/distro/fedora/partition_tables.go @@ -190,7 +190,7 @@ var minimalrawPartitionTables = distro.BasePartitionTableMap{ }, }, { - Size: 500 * common.MebiByte, + Size: 1 * common.GibiByte, Type: disk.XBootLDRPartitionGUID, UUID: disk.FilesystemDataUUID, Payload: &disk.Filesystem{ @@ -237,7 +237,7 @@ var minimalrawPartitionTables = distro.BasePartitionTableMap{ }, }, { - Size: 500 * common.MebiByte, + Size: 1 * common.GibiByte, Type: "83", Payload: &disk.Filesystem{ Type: "ext4", @@ -266,8 +266,9 @@ var minimalrawPartitionTables = distro.BasePartitionTableMap{ var iotBasePartitionTables = distro.BasePartitionTableMap{ arch.ARCH_X86_64.String(): disk.PartitionTable{ - UUID: "D209C89E-EA5E-4FBD-B161-B461CCE297E0", - Type: "gpt", + UUID: "D209C89E-EA5E-4FBD-B161-B461CCE297E0", + Type: "gpt", + StartOffset: 8 * common.MebiByte, Partitions: []disk.Partition{ { Size: 501 * common.MebiByte, @@ -312,8 +313,9 @@ var iotBasePartitionTables = distro.BasePartitionTableMap{ }, }, arch.ARCH_AARCH64.String(): disk.PartitionTable{ - UUID: "0xc1748067", - Type: "dos", + UUID: "0xc1748067", + Type: "dos", + StartOffset: 8 * common.MebiByte, Partitions: []disk.Partition{ { Size: 501 * common.MebiByte, diff --git a/vendor/github.com/osbuild/images/pkg/distro/fedora/version.go b/vendor/github.com/osbuild/images/pkg/distro/fedora/version.go index 1ee04b5f724..edc47cc7a9e 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/fedora/version.go +++ b/vendor/github.com/osbuild/images/pkg/distro/fedora/version.go @@ -1,3 +1,4 @@ package fedora +const VERSION_BRANCHED = "40" const VERSION_RAWHIDE = "41" diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel7/distro.go b/vendor/github.com/osbuild/images/pkg/distro/rhel7/distro.go index 7e10fa259a6..fe332717646 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel7/distro.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel7/distro.go @@ -70,6 +70,14 @@ func (d *distribution) Releasever() string { return d.releaseVersion } +func (d *distribution) OsVersion() string { + return d.osVersion +} + +func (d *distribution) Product() string { + return d.product +} + func (d *distribution) ModulePlatformID() string { return d.modulePlatformID } diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel7/imagetype.go b/vendor/github.com/osbuild/images/pkg/distro/rhel7/imagetype.go index fb2a9bb9643..14d49f442ec 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel7/imagetype.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel7/imagetype.go @@ -22,6 +22,8 @@ type packageSetFunc func(t *imageType) rpmmd.PackageSet type imageFunc func(workload workload.Workload, t *imageType, customizations *blueprint.Customizations, options distro.ImageOptions, packageSets map[string]rpmmd.PackageSet, containers []container.SourceSpec, rng *rand.Rand) (image.ImageKind, error) +type isoLabelFunc func(t *imageType) string + type imageType struct { arch *architecture platform platform.Platform @@ -41,7 +43,10 @@ type imageType struct { payloadPipelines []string exports []string image imageFunc + isoLabel isoLabelFunc + // bootISO: installable ISO + bootISO bool // bootable image bootable bool // List of valid arches for the image type @@ -69,6 +74,18 @@ func (t *imageType) OSTreeRef() string { return "" } +func (t *imageType) ISOLabel() (string, error) { + if !t.bootISO { + return "", fmt.Errorf("image type %q is not an ISO", t.name) + } + + if t.isoLabel != nil { + return t.isoLabel(t), nil + } + + return "", nil +} + func (t *imageType) Size(size uint64) uint64 { if size == 0 { size = t.defaultSize diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel8/bare_metal.go b/vendor/github.com/osbuild/images/pkg/distro/rhel8/bare_metal.go index 05c54e58067..c707ead5f9a 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel8/bare_metal.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel8/bare_metal.go @@ -20,6 +20,7 @@ func imageInstaller() imageType { bootISO: true, bootable: true, image: imageInstallerImage, + isoLabel: distroISOLabelFunc, buildPipelines: []string{"build"}, payloadPipelines: []string{"anaconda-tree", "rootfs-image", "efiboot-tree", "os", "bootiso-tree", "bootiso"}, exports: []string{"bootiso"}, diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel8/distro.go b/vendor/github.com/osbuild/images/pkg/distro/rhel8/distro.go index f6b337e0aa7..1859cb5a558 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel8/distro.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel8/distro.go @@ -45,7 +45,6 @@ type distribution struct { modulePlatformID string vendor string ostreeRefTmpl string - isolabelTmpl string runner runner.Runner arches map[string]distro.Arch defaultImageConfig *distro.ImageConfig @@ -77,6 +76,14 @@ func (d *distribution) Releasever() string { return d.releaseVersion } +func (d *distribution) OsVersion() string { + return d.osVersion +} + +func (d *distribution) Product() string { + return d.product +} + func (d *distribution) ModulePlatformID() string { return d.modulePlatformID } @@ -135,7 +142,6 @@ func newDistro(name string, minor int) *distribution { modulePlatformID: "platform:el8", vendor: "redhat", ostreeRefTmpl: "rhel/8/%s/edge", - isolabelTmpl: fmt.Sprintf("RHEL-8-%d-0-BaseOS-%%s", minor), runner: &runner.RHEL{Major: uint64(8), Minor: uint64(minor)}, defaultImageConfig: defaultDistroImageConfig, } @@ -148,7 +154,6 @@ func newDistro(name string, minor int) *distribution { modulePlatformID: "platform:el8", vendor: "centos", ostreeRefTmpl: "centos/8/%s/edge", - isolabelTmpl: "CentOS-Stream-8-%s-dvd", runner: &runner.CentOS{Version: uint64(8)}, defaultImageConfig: defaultDistroImageConfig, } diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel8/edge.go b/vendor/github.com/osbuild/images/pkg/distro/rhel8/edge.go index dbd3851fd38..ccfea419ba0 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel8/edge.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel8/edge.go @@ -105,6 +105,7 @@ func edgeInstallerImgType(rd distribution) imageType { rpmOstree: true, bootISO: true, image: edgeInstallerImage, + isoLabel: distroISOLabelFunc, buildPipelines: []string{"build"}, payloadPipelines: []string{"anaconda-tree", "rootfs-image", "efiboot-tree", "bootiso-tree", "bootiso"}, exports: []string{"bootiso"}, @@ -136,6 +137,7 @@ func edgeSimplifiedInstallerImgType(rd distribution) imageType { bootable: true, bootISO: true, image: edgeSimplifiedInstallerImage, + isoLabel: distroISOLabelFunc, buildPipelines: []string{"build"}, payloadPipelines: []string{"ostree-deployment", "image", "xz", "coi-tree", "efiboot-tree", "bootiso-tree", "bootiso"}, exports: []string{"bootiso"}, diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel8/images.go b/vendor/github.com/osbuild/images/pkg/distro/rhel8/images.go index e2551200153..9f7b66b8dd1 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel8/images.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel8/images.go @@ -342,9 +342,13 @@ func imageInstallerImage(workload workload.Workload, // put the kickstart file in the root of the iso img.ISORootKickstart = true - d := t.arch.distro + var err error + img.ISOLabel, err = t.ISOLabel() + if err != nil { + return nil, err + } - img.ISOLabelTmpl = d.isolabelTmpl + d := t.arch.distro img.Product = d.product img.OSName = "redhat" img.OSVersion = d.osVersion @@ -461,7 +465,11 @@ func edgeInstallerImage(workload workload.Workload, img.AdditionalAnacondaModules = []string{"org.fedoraproject.Anaconda.Modules.Users"} } - img.ISOLabelTmpl = d.isolabelTmpl + img.ISOLabel, err = t.ISOLabel() + if err != nil { + return nil, err + } + img.Product = d.product img.Variant = "edge" img.OSName = "rhel" @@ -585,8 +593,12 @@ func edgeSimplifiedInstallerImage(workload workload.Workload, } } + img.ISOLabel, err = t.ISOLabel() + if err != nil { + return nil, err + } + d := t.arch.distro - img.ISOLabelTmpl = d.isolabelTmpl img.Product = d.product img.Variant = "edge" img.OSName = "redhat" diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel8/imagetype.go b/vendor/github.com/osbuild/images/pkg/distro/rhel8/imagetype.go index e907cf6128b..0480f074f56 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel8/imagetype.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel8/imagetype.go @@ -46,6 +46,8 @@ type imageFunc func(workload workload.Workload, t *imageType, customizations *bl type packageSetFunc func(t *imageType) rpmmd.PackageSet +type isoLabelFunc func(t *imageType) string + type imageType struct { arch *architecture platform platform.Platform @@ -64,6 +66,7 @@ type imageType struct { payloadPipelines []string exports []string image imageFunc + isoLabel isoLabelFunc // bootISO: installable ISO bootISO bool @@ -99,6 +102,18 @@ func (t *imageType) OSTreeRef() string { return "" } +func (t *imageType) ISOLabel() (string, error) { + if !t.bootISO { + return "", fmt.Errorf("image type %q is not an ISO", t.name) + } + + if t.isoLabel != nil { + return t.isoLabel(t), nil + } + + return "", nil +} + func (t *imageType) Size(size uint64) uint64 { // Microsoft Azure requires vhd images to be rounded up to the nearest MB if t.name == "vhd" && size%common.MebiByte != 0 { @@ -274,6 +289,19 @@ func (t *imageType) Manifest(bp *blueprint.Blueprint, return &mf, warnings, err } +func distroISOLabelFunc(t *imageType) string { + const RHEL_ISO_LABEL = "RHEL-8-%s-0-BaseOS-%s" + const CS_ISO_LABEL = "CentOS-Stream-8-%s-dvd" + + if t.arch.distro.isRHEL() { + minor := strings.Split(t.Arch().Distro().OsVersion(), ".")[1] + return fmt.Sprintf(RHEL_ISO_LABEL, minor, t.Arch().Name()) + } else { + return fmt.Sprintf(CS_ISO_LABEL, t.Arch().Name()) + } + +} + // checkOptions checks the validity and compatibility of options and customizations for the image type. // Returns ([]string, error) where []string, if non-nil, will hold any generated warnings (e.g. deprecation notices). func (t *imageType) checkOptions(bp *blueprint.Blueprint, options distro.ImageOptions) ([]string, error) { diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel8/partition_tables.go b/vendor/github.com/osbuild/images/pkg/distro/rhel8/partition_tables.go index 62a912aece6..2a1e182d7c4 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel8/partition_tables.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel8/partition_tables.go @@ -259,8 +259,47 @@ func getEc2PartitionTables(osVersion string, isRHEL bool) distro.BasePartitionTa aarch64BootSize = 1 * common.GibiByte } - return distro.BasePartitionTableMap{ - arch.ARCH_X86_64.String(): disk.PartitionTable{ + x86PartitionTable := disk.PartitionTable{ + UUID: "D209C89E-EA5E-4FBD-B161-B461CCE297E0", + Type: "gpt", + Partitions: []disk.Partition{ + { + Size: 1 * common.MebiByte, + Bootable: true, + Type: disk.BIOSBootPartitionGUID, + UUID: disk.BIOSBootPartitionUUID, + }, + { + Size: 200 * common.MebiByte, + Type: disk.EFISystemPartitionGUID, + UUID: disk.EFISystemPartitionUUID, + Payload: &disk.Filesystem{ + Type: "vfat", + UUID: disk.EFIFilesystemUUID, + Mountpoint: "/boot/efi", + FSTabOptions: "defaults,uid=0,gid=0,umask=077,shortname=winnt", + FSTabFreq: 0, + FSTabPassNo: 2, + }, + }, + { + Size: 2 * common.GibiByte, + Type: disk.FilesystemDataGUID, + UUID: disk.RootPartitionUUID, + Payload: &disk.Filesystem{ + Type: "xfs", + Label: "root", + Mountpoint: "/", + FSTabOptions: "defaults", + FSTabFreq: 0, + FSTabPassNo: 0, + }, + }, + }, + } + // RHEL EC2 x86_64 images prior to 8.9 support only BIOS boot + if common.VersionLessThan(osVersion, "8.9") && isRHEL { + x86PartitionTable = disk.PartitionTable{ UUID: "D209C89E-EA5E-4FBD-B161-B461CCE297E0", Type: "gpt", Partitions: []disk.Partition{ @@ -270,19 +309,6 @@ func getEc2PartitionTables(osVersion string, isRHEL bool) distro.BasePartitionTa Type: disk.BIOSBootPartitionGUID, UUID: disk.BIOSBootPartitionUUID, }, - { - Size: 200 * common.MebiByte, - Type: disk.EFISystemPartitionGUID, - UUID: disk.EFISystemPartitionUUID, - Payload: &disk.Filesystem{ - Type: "vfat", - UUID: disk.EFIFilesystemUUID, - Mountpoint: "/boot/efi", - FSTabOptions: "defaults,uid=0,gid=0,umask=077,shortname=winnt", - FSTabFreq: 0, - FSTabPassNo: 2, - }, - }, { Size: 2 * common.GibiByte, Type: disk.FilesystemDataGUID, @@ -297,7 +323,11 @@ func getEc2PartitionTables(osVersion string, isRHEL bool) distro.BasePartitionTa }, }, }, - }, + } + } + + return distro.BasePartitionTableMap{ + arch.ARCH_X86_64.String(): x86PartitionTable, arch.ARCH_AARCH64.String(): disk.PartitionTable{ UUID: "D209C89E-EA5E-4FBD-B161-B461CCE297E0", Type: "gpt", diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel9/bare_metal.go b/vendor/github.com/osbuild/images/pkg/distro/rhel9/bare_metal.go index 005561dfc21..1d25990b4c9 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel9/bare_metal.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel9/bare_metal.go @@ -39,6 +39,7 @@ var ( bootISO: true, bootable: true, image: imageInstallerImage, + isoLabel: distroISOLabelFunc, buildPipelines: []string{"build"}, payloadPipelines: []string{"anaconda-tree", "rootfs-image", "efiboot-tree", "os", "bootiso-tree", "bootiso"}, exports: []string{"bootiso"}, diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel9/distro.go b/vendor/github.com/osbuild/images/pkg/distro/rhel9/distro.go index e9485942ffd..9fef7342dd5 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel9/distro.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel9/distro.go @@ -47,7 +47,6 @@ type distribution struct { modulePlatformID string vendor string ostreeRefTmpl string - isolabelTmpl string runner runner.Runner arches map[string]distro.Arch defaultImageConfig *distro.ImageConfig @@ -79,6 +78,14 @@ func (d *distribution) Releasever() string { return d.releaseVersion } +func (d *distribution) OsVersion() string { + return d.osVersion +} + +func (d *distribution) Product() string { + return d.product +} + func (d *distribution) ModulePlatformID() string { return d.modulePlatformID } @@ -137,7 +144,6 @@ func newDistro(name string, major, minor int) *distribution { modulePlatformID: "platform:el9", vendor: "redhat", ostreeRefTmpl: "rhel/9/%s/edge", - isolabelTmpl: fmt.Sprintf("RHEL-9-%d-0-BaseOS-%%s", minor), runner: &runner.RHEL{Major: uint64(9), Minor: uint64(minor)}, defaultImageConfig: defaultDistroImageConfig, } @@ -150,7 +156,6 @@ func newDistro(name string, major, minor int) *distribution { modulePlatformID: "platform:el10", vendor: "redhat", ostreeRefTmpl: "rhel/10/%s/edge", - isolabelTmpl: fmt.Sprintf("RHEL-10-%d-0-BaseOS-%%s", minor), runner: &runner.RHEL{Major: uint64(10), Minor: uint64(minor)}, defaultImageConfig: defaultDistroImageConfig, } @@ -163,7 +168,6 @@ func newDistro(name string, major, minor int) *distribution { modulePlatformID: "platform:el9", vendor: "centos", ostreeRefTmpl: "centos/9/%s/edge", - isolabelTmpl: "CentOS-Stream-9-BaseOS-%s", runner: &runner.CentOS{Version: uint64(9)}, defaultImageConfig: defaultDistroImageConfig, } @@ -176,7 +180,6 @@ func newDistro(name string, major, minor int) *distribution { modulePlatformID: "platform:el10", vendor: "centos", ostreeRefTmpl: "centos/10/%s/edge", - isolabelTmpl: "CentOS-Stream-10-BaseOS-%s", runner: &runner.CentOS{Version: uint64(10)}, defaultImageConfig: defaultDistroImageConfig, } diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel9/edge.go b/vendor/github.com/osbuild/images/pkg/distro/rhel9/edge.go index f08c570a3cd..40fd8248bf6 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel9/edge.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel9/edge.go @@ -103,6 +103,7 @@ var ( rpmOstree: true, bootISO: true, image: edgeInstallerImage, + isoLabel: distroISOLabelFunc, buildPipelines: []string{"build"}, payloadPipelines: []string{"anaconda-tree", "rootfs-image", "efiboot-tree", "bootiso-tree", "bootiso"}, exports: []string{"bootiso"}, @@ -131,6 +132,7 @@ var ( bootable: true, bootISO: true, image: edgeSimplifiedInstallerImage, + isoLabel: distroISOLabelFunc, buildPipelines: []string{"build"}, payloadPipelines: []string{"ostree-deployment", "image", "xz", "coi-tree", "efiboot-tree", "bootiso-tree", "bootiso"}, exports: []string{"bootiso"}, diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel9/images.go b/vendor/github.com/osbuild/images/pkg/distro/rhel9/images.go index 33632ce3b3d..50fd9622d21 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel9/images.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel9/images.go @@ -414,7 +414,11 @@ func edgeInstallerImage(workload workload.Workload, img.AdditionalAnacondaModules = []string{"org.fedoraproject.Anaconda.Modules.Users"} } - img.ISOLabelTmpl = d.isolabelTmpl + img.ISOLabel, err = t.ISOLabel() + if err != nil { + return nil, err + } + img.Product = d.product img.Variant = "edge" img.OSName = "rhel" @@ -490,6 +494,10 @@ func edgeRawImage(workload workload.Workload, img.Filename = t.Filename() img.Compression = t.compression + for _, fs := range customizations.GetFilesystems() { + img.CustomFilesystems = append(img.CustomFilesystems, fs.Mountpoint) + } + return img, nil } @@ -546,6 +554,10 @@ func edgeSimplifiedInstallerImage(workload workload.Workload, rawImg.Filename = t.Filename() + for _, fs := range customizations.GetFilesystems() { + rawImg.CustomFilesystems = append(rawImg.CustomFilesystems, fs.Mountpoint) + } + // 92+ only if kopts := customizations.GetKernel(); kopts != nil && kopts.Append != "" { rawImg.KernelOptionsAppend = append(rawImg.KernelOptionsAppend, kopts.Append) @@ -570,8 +582,12 @@ func edgeSimplifiedInstallerImage(workload workload.Workload, } } + img.ISOLabel, err = t.ISOLabel() + if err != nil { + return nil, err + } + d := t.arch.distro - img.ISOLabelTmpl = d.isolabelTmpl img.Product = d.product img.Variant = "edge" img.OSName = "redhat" @@ -616,9 +632,13 @@ func imageInstallerImage(workload workload.Workload, // put the kickstart file in the root of the iso img.ISORootKickstart = true - d := t.arch.distro + var err error + img.ISOLabel, err = t.ISOLabel() + if err != nil { + return nil, err + } - img.ISOLabelTmpl = d.isolabelTmpl + d := t.arch.distro img.Product = d.product img.OSName = "redhat" img.OSVersion = d.osVersion diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel9/imagetype.go b/vendor/github.com/osbuild/images/pkg/distro/rhel9/imagetype.go index c1bb8ad76b2..99c6da59504 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel9/imagetype.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel9/imagetype.go @@ -51,6 +51,8 @@ type packageSetFunc func(t *imageType) rpmmd.PackageSet type basePartitionTableFunc func(t *imageType) (disk.PartitionTable, bool) +type isoLabelFunc func(t *imageType) string + type imageType struct { arch *architecture platform platform.Platform @@ -69,6 +71,7 @@ type imageType struct { payloadPipelines []string exports []string image imageFunc + isoLabel isoLabelFunc // bootISO: installable ISO bootISO bool @@ -104,6 +107,18 @@ func (t *imageType) OSTreeRef() string { return "" } +func (t *imageType) ISOLabel() (string, error) { + if !t.bootISO { + return "", fmt.Errorf("image type %q is not an ISO", t.name) + } + + if t.isoLabel != nil { + return t.isoLabel(t), nil + } + + return "", nil +} + func (t *imageType) Size(size uint64) uint64 { // Microsoft Azure requires vhd images to be rounded up to the nearest MB if t.name == "vhd" && size%common.MebiByte != 0 { @@ -167,12 +182,7 @@ func (t *imageType) getPartitionTable( partitioningMode := options.PartitioningMode if t.rpmOstree { // Edge supports only LVM, force it. - // Raw is not supported, return an error if it is requested // TODO Need a central location for logic like this - if partitioningMode == disk.RawPartitioningMode { - return nil, fmt.Errorf("partitioning mode raw not supported for %s on %s", t.Name(), t.arch.Name()) - } - partitioningMode = disk.LVMPartitioningMode } @@ -283,6 +293,18 @@ func (t *imageType) Manifest(bp *blueprint.Blueprint, return &mf, warnings, err } +func distroISOLabelFunc(t *imageType) string { + const RHEL_ISO_LABEL = "RHEL-%s-%s-0-BaseOS-%s" + const CS_ISO_LABEL = "CentOS-Stream-%s-BaseOS-%s" + + if t.arch.distro.isRHEL() { + osVer := strings.Split(t.Arch().Distro().OsVersion(), ".") + return fmt.Sprintf(RHEL_ISO_LABEL, osVer[0], osVer[1], t.Arch().Name()) + } else { + return fmt.Sprintf(CS_ISO_LABEL, t.Arch().Distro().Releasever(), t.Arch().Name()) + } +} + // checkOptions checks the validity and compatibility of options and customizations for the image type. // Returns ([]string, error) where []string, if non-nil, will hold any generated warnings (e.g. deprecation notices). func (t *imageType) checkOptions(bp *blueprint.Blueprint, options distro.ImageOptions) ([]string, error) { @@ -320,7 +342,7 @@ func (t *imageType) checkOptions(bp *blueprint.Blueprint, options distro.ImageOp } if t.name == "edge-simplified-installer" { - allowed := []string{"InstallationDevice", "FDO", "Ignition", "Kernel", "User", "Group", "FIPS"} + allowed := []string{"InstallationDevice", "FDO", "Ignition", "Kernel", "User", "Group", "FIPS", "Filesystem"} if err := customizations.CheckAllowed(allowed...); err != nil { return warnings, fmt.Errorf(distro.UnsupportedCustomizationError, t.name, strings.Join(allowed, ", ")) } @@ -370,8 +392,7 @@ func (t *imageType) checkOptions(bp *blueprint.Blueprint, options distro.ImageOp if options.OSTree == nil || options.OSTree.URL == "" { return warnings, fmt.Errorf("%q images require specifying a URL from which to retrieve the OSTree commit", t.name) } - - allowed := []string{"Ignition", "Kernel", "User", "Group", "FIPS"} + allowed := []string{"Ignition", "Kernel", "User", "Group", "FIPS", "Filesystem"} if err := customizations.CheckAllowed(allowed...); err != nil { return warnings, fmt.Errorf(distro.UnsupportedCustomizationError, t.name, strings.Join(allowed, ", ")) } @@ -398,9 +419,14 @@ func (t *imageType) checkOptions(bp *blueprint.Blueprint, options distro.ImageOp } mountpoints := customizations.GetFilesystems() - - if mountpoints != nil && t.rpmOstree { - return warnings, fmt.Errorf("Custom mountpoints are not supported for ostree types") + if mountpoints != nil && t.rpmOstree && (t.name == "edge-container" || t.name == "edge-commit") { + return warnings, fmt.Errorf("Custom mountpoints are not supported for edge-container and edge-commit") + } else if mountpoints != nil && t.rpmOstree && !(t.name == "edge-container" || t.name == "edge-commit") { + //customization allowed for edge-raw-image,edge-ami,edge-vsphere,edge-simplified-installer + err := blueprint.CheckMountpointsPolicy(mountpoints, policies.OstreeMountpointPolicies) + if err != nil { + return warnings, err + } } err := blueprint.CheckMountpointsPolicy(mountpoints, policies.MountpointPolicies) diff --git a/vendor/github.com/osbuild/images/pkg/distro/test_distro/distro.go b/vendor/github.com/osbuild/images/pkg/distro/test_distro/distro.go index 9b319dc500c..7d95235774c 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/test_distro/distro.go +++ b/vendor/github.com/osbuild/images/pkg/distro/test_distro/distro.go @@ -82,6 +82,14 @@ func (d *TestDistro) Releasever() string { return d.releasever } +func (d *TestDistro) OsVersion() string { + return d.releasever +} + +func (d *TestDistro) Product() string { + return d.name +} + func (d *TestDistro) ModulePlatformID() string { return d.modulePlatformID } @@ -182,6 +190,10 @@ func (t *TestImageType) OSTreeRef() string { return "" } +func (t *TestImageType) ISOLabel() (string, error) { + return "", nil +} + func (t *TestImageType) Size(size uint64) uint64 { if size == 0 { size = 1073741824 diff --git a/vendor/github.com/osbuild/images/pkg/dnfjson/dnfjson.go b/vendor/github.com/osbuild/images/pkg/dnfjson/dnfjson.go index 71bac57dfb4..23b4c060f1f 100644 --- a/vendor/github.com/osbuild/images/pkg/dnfjson/dnfjson.go +++ b/vendor/github.com/osbuild/images/pkg/dnfjson/dnfjson.go @@ -298,6 +298,9 @@ func (s *Solver) reposFromRPMMD(rpmRepos []rpmmd.RepoConfig) ([]repoConfig, erro MirrorList: rr.MirrorList, GPGKeys: rr.GPGKeys, MetadataExpire: rr.MetadataExpire, + SSLCACert: rr.SSLCACert, + SSLClientKey: rr.SSLClientKey, + SSLClientCert: rr.SSLClientCert, repoHash: rr.Hash(), } if rr.ModuleHotfixes != nil { @@ -502,8 +505,13 @@ func (pkgs packageSpecs) toRPMMD(repos map[string]rpmmd.RepoConfig) []rpmmd.Pack if repo.IgnoreSSL != nil { rpmDependencies[i].IgnoreSSL = *repo.IgnoreSSL } + + // The ssl secrets will also be set if rhsm is true, + // which should take priority. if repo.RHSM { rpmDependencies[i].Secrets = "org.osbuild.rhsm" + } else if repo.SSLClientKey != "" { + rpmDependencies[i].Secrets = "org.osbuild.mtls" } } return rpmDependencies diff --git a/vendor/github.com/osbuild/images/pkg/image/anaconda_container_installer.go b/vendor/github.com/osbuild/images/pkg/image/anaconda_container_installer.go index bdb8ddf218e..87bc8bc645f 100644 --- a/vendor/github.com/osbuild/images/pkg/image/anaconda_container_installer.go +++ b/vendor/github.com/osbuild/images/pkg/image/anaconda_container_installer.go @@ -25,14 +25,14 @@ type AnacondaContainerInstaller struct { SquashfsCompression string - ISOLabel string - ISOLabelTmpl string - Product string - Variant string - OSName string - Ref string - OSVersion string - Release string + ISOLabel string + Product string + Variant string + OSName string + Ref string + OSVersion string + Release string + Preview bool ContainerSource container.SourceSpec @@ -67,6 +67,7 @@ func (img *AnacondaContainerInstaller) InstantiateManifest(m *manifest.Manifest, "kernel", img.Product, img.OSVersion, + img.Preview, ) // This is only built with ELN for now @@ -90,25 +91,16 @@ func (img *AnacondaContainerInstaller) InstantiateManifest(m *manifest.Manifest, } anacondaPipeline.AdditionalDrivers = img.AdditionalDrivers - var isoLabel string - - if len(img.ISOLabel) > 0 { - isoLabel = img.ISOLabel - } else { - // TODO: replace isoLabelTmpl with more high-level properties - isoLabel = fmt.Sprintf(img.ISOLabelTmpl, img.Platform.GetArch()) - } - rootfsImagePipeline := manifest.NewISORootfsImg(buildPipeline, anacondaPipeline) rootfsImagePipeline.Size = 4 * common.GibiByte bootTreePipeline := manifest.NewEFIBootTree(buildPipeline, img.Product, img.OSVersion) bootTreePipeline.Platform = img.Platform bootTreePipeline.UEFIVendor = img.Platform.GetUEFIVendor() - bootTreePipeline.ISOLabel = isoLabel + bootTreePipeline.ISOLabel = img.ISOLabel kspath := osbuild.KickstartPathOSBuild - bootTreePipeline.KernelOpts = []string{fmt.Sprintf("inst.stage2=hd:LABEL=%s", isoLabel), fmt.Sprintf("inst.ks=hd:LABEL=%s:%s", isoLabel, kspath)} + bootTreePipeline.KernelOpts = []string{fmt.Sprintf("inst.stage2=hd:LABEL=%s", img.ISOLabel), fmt.Sprintf("inst.ks=hd:LABEL=%s:%s", img.ISOLabel, kspath)} if img.FIPS { bootTreePipeline.KernelOpts = append(bootTreePipeline.KernelOpts, "fips=1") } @@ -135,7 +127,7 @@ func (img *AnacondaContainerInstaller) InstantiateManifest(m *manifest.Manifest, isoTreePipeline.KernelOpts = append(isoTreePipeline.KernelOpts, "fips=1") } - isoPipeline := manifest.NewISO(buildPipeline, isoTreePipeline, isoLabel) + isoPipeline := manifest.NewISO(buildPipeline, isoTreePipeline, img.ISOLabel) isoPipeline.SetFilename(img.Filename) isoPipeline.ISOLinux = isoLinuxEnabled artifact := isoPipeline.Export() diff --git a/vendor/github.com/osbuild/images/pkg/image/anaconda_live_installer.go b/vendor/github.com/osbuild/images/pkg/image/anaconda_live_installer.go index 7b1180e0aa2..3743d8c3c01 100644 --- a/vendor/github.com/osbuild/images/pkg/image/anaconda_live_installer.go +++ b/vendor/github.com/osbuild/images/pkg/image/anaconda_live_installer.go @@ -23,13 +23,13 @@ type AnacondaLiveInstaller struct { ExtraBasePackages rpmmd.PackageSet - ISOLabel string - ISOLabelTmpl string - Product string - Variant string - OSName string - OSVersion string - Release string + ISOLabel string + Product string + Variant string + OSName string + OSVersion string + Release string + Preview bool Filename string @@ -57,6 +57,7 @@ func (img *AnacondaLiveInstaller) InstantiateManifest(m *manifest.Manifest, "kernel", img.Product, img.OSVersion, + img.Preview, ) livePipeline.ExtraPackages = img.ExtraBasePackages.Include @@ -67,25 +68,16 @@ func (img *AnacondaLiveInstaller) InstantiateManifest(m *manifest.Manifest, livePipeline.Checkpoint() - var isoLabel string - - if len(img.ISOLabel) > 0 { - isoLabel = img.ISOLabel - } else { - // TODO: replace isoLabelTmpl with more high-level properties - isoLabel = fmt.Sprintf(img.ISOLabelTmpl, img.Platform.GetArch()) - } - rootfsImagePipeline := manifest.NewISORootfsImg(buildPipeline, livePipeline) rootfsImagePipeline.Size = 8 * common.GibiByte bootTreePipeline := manifest.NewEFIBootTree(buildPipeline, img.Product, img.OSVersion) bootTreePipeline.Platform = img.Platform bootTreePipeline.UEFIVendor = img.Platform.GetUEFIVendor() - bootTreePipeline.ISOLabel = isoLabel + bootTreePipeline.ISOLabel = img.ISOLabel kernelOpts := []string{ - fmt.Sprintf("root=live:CDLABEL=%s", isoLabel), + fmt.Sprintf("root=live:CDLABEL=%s", img.ISOLabel), "rd.live.image", "quiet", "rhgb", @@ -106,7 +98,7 @@ func (img *AnacondaLiveInstaller) InstantiateManifest(m *manifest.Manifest, isoTreePipeline.KernelOpts = kernelOpts isoTreePipeline.ISOLinux = isoLinuxEnabled - isoPipeline := manifest.NewISO(buildPipeline, isoTreePipeline, isoLabel) + isoPipeline := manifest.NewISO(buildPipeline, isoTreePipeline, img.ISOLabel) isoPipeline.SetFilename(img.Filename) isoPipeline.ISOLinux = isoLinuxEnabled diff --git a/vendor/github.com/osbuild/images/pkg/image/anaconda_ostree_installer.go b/vendor/github.com/osbuild/images/pkg/image/anaconda_ostree_installer.go index 7786844b3d9..26d9a65cdef 100644 --- a/vendor/github.com/osbuild/images/pkg/image/anaconda_ostree_installer.go +++ b/vendor/github.com/osbuild/images/pkg/image/anaconda_ostree_installer.go @@ -36,14 +36,14 @@ type AnacondaOSTreeInstaller struct { SquashfsCompression string - ISOLabel string - ISOLabelTmpl string - Product string - Variant string - OSName string - OSVersion string - Release string - Remote string + ISOLabel string + Product string + Variant string + OSName string + OSVersion string + Release string + Preview bool + Remote string Commit ostree.SourceSpec @@ -77,6 +77,7 @@ func (img *AnacondaOSTreeInstaller) InstantiateManifest(m *manifest.Manifest, "kernel", img.Product, img.OSVersion, + img.Preview, ) anacondaPipeline.ExtraPackages = img.ExtraBasePackages.Include anacondaPipeline.ExcludePackages = img.ExtraBasePackages.Exclude @@ -96,25 +97,16 @@ func (img *AnacondaOSTreeInstaller) InstantiateManifest(m *manifest.Manifest, } anacondaPipeline.AdditionalDrivers = img.AdditionalDrivers - var isoLabel string - - if len(img.ISOLabel) > 0 { - isoLabel = img.ISOLabel - } else { - // TODO: replace isoLabelTmpl with more high-level properties - isoLabel = fmt.Sprintf(img.ISOLabelTmpl, img.Platform.GetArch()) - } - rootfsImagePipeline := manifest.NewISORootfsImg(buildPipeline, anacondaPipeline) rootfsImagePipeline.Size = 4 * common.GibiByte bootTreePipeline := manifest.NewEFIBootTree(buildPipeline, img.Product, img.OSVersion) bootTreePipeline.Platform = img.Platform bootTreePipeline.UEFIVendor = img.Platform.GetUEFIVendor() - bootTreePipeline.ISOLabel = isoLabel + bootTreePipeline.ISOLabel = img.ISOLabel kspath := osbuild.KickstartPathOSBuild - bootTreePipeline.KernelOpts = []string{fmt.Sprintf("inst.stage2=hd:LABEL=%s", isoLabel), fmt.Sprintf("inst.ks=hd:LABEL=%s:%s", isoLabel, kspath)} + bootTreePipeline.KernelOpts = []string{fmt.Sprintf("inst.stage2=hd:LABEL=%s", img.ISOLabel), fmt.Sprintf("inst.ks=hd:LABEL=%s:%s", img.ISOLabel, kspath)} if img.FIPS { bootTreePipeline.KernelOpts = append(bootTreePipeline.KernelOpts, "fips=1") } @@ -146,7 +138,7 @@ func (img *AnacondaOSTreeInstaller) InstantiateManifest(m *manifest.Manifest, isoTreePipeline.KernelOpts = append(isoTreePipeline.KernelOpts, "fips=1") } - isoPipeline := manifest.NewISO(buildPipeline, isoTreePipeline, isoLabel) + isoPipeline := manifest.NewISO(buildPipeline, isoTreePipeline, img.ISOLabel) isoPipeline.SetFilename(img.Filename) isoPipeline.ISOLinux = isoLinuxEnabled artifact := isoPipeline.Export() diff --git a/vendor/github.com/osbuild/images/pkg/image/anaconda_tar_installer.go b/vendor/github.com/osbuild/images/pkg/image/anaconda_tar_installer.go index c1f7905d21c..62e6d6fa2c1 100644 --- a/vendor/github.com/osbuild/images/pkg/image/anaconda_tar_installer.go +++ b/vendor/github.com/osbuild/images/pkg/image/anaconda_tar_installer.go @@ -67,13 +67,13 @@ type AnacondaTarInstaller struct { SquashfsCompression string - ISOLabel string - ISOLabelTmpl string - Product string - Variant string - OSName string - OSVersion string - Release string + ISOLabel string + Product string + Variant string + OSName string + OSVersion string + Release string + Preview bool Filename string @@ -110,6 +110,7 @@ func (img *AnacondaTarInstaller) InstantiateManifest(m *manifest.Manifest, "kernel", img.Product, img.OSVersion, + img.Preview, ) anacondaPipeline.ExtraPackages = img.ExtraBasePackages.Include @@ -138,27 +139,18 @@ func (img *AnacondaTarInstaller) InstantiateManifest(m *manifest.Manifest, anacondaPipeline.Checkpoint() - var isoLabel string - - if len(img.ISOLabel) > 0 { - isoLabel = img.ISOLabel - } else { - // TODO: replace isoLabelTmpl with more high-level properties - isoLabel = fmt.Sprintf(img.ISOLabelTmpl, img.Platform.GetArch()) - } - rootfsImagePipeline := manifest.NewISORootfsImg(buildPipeline, anacondaPipeline) rootfsImagePipeline.Size = 5 * common.GibiByte bootTreePipeline := manifest.NewEFIBootTree(buildPipeline, img.Product, img.OSVersion) bootTreePipeline.Platform = img.Platform bootTreePipeline.UEFIVendor = img.Platform.GetUEFIVendor() - bootTreePipeline.ISOLabel = isoLabel + bootTreePipeline.ISOLabel = img.ISOLabel kspath := osbuild.KickstartPathOSBuild - kernelOpts := []string{fmt.Sprintf("inst.stage2=hd:LABEL=%s", isoLabel)} + kernelOpts := []string{fmt.Sprintf("inst.stage2=hd:LABEL=%s", img.ISOLabel)} if img.ISORootKickstart { - kernelOpts = append(kernelOpts, fmt.Sprintf("inst.ks=hd:LABEL=%s:%s", isoLabel, kspath)) + kernelOpts = append(kernelOpts, fmt.Sprintf("inst.ks=hd:LABEL=%s:%s", img.ISOLabel, kspath)) } if img.OSCustomizations.FIPS { kernelOpts = append(kernelOpts, "fips=1") @@ -206,7 +198,7 @@ func (img *AnacondaTarInstaller) InstantiateManifest(m *manifest.Manifest, isoTreePipeline.ISOLinux = isoLinuxEnabled - isoPipeline := manifest.NewISO(buildPipeline, isoTreePipeline, isoLabel) + isoPipeline := manifest.NewISO(buildPipeline, isoTreePipeline, img.ISOLabel) isoPipeline.SetFilename(img.Filename) isoPipeline.ISOLinux = isoLinuxEnabled diff --git a/vendor/github.com/osbuild/images/pkg/image/ostree_disk.go b/vendor/github.com/osbuild/images/pkg/image/ostree_disk.go index 99ed5a4d009..2228d56477b 100644 --- a/vendor/github.com/osbuild/images/pkg/image/ostree_disk.go +++ b/vendor/github.com/osbuild/images/pkg/image/ostree_disk.go @@ -57,6 +57,8 @@ type OSTreeDiskImage struct { // Container buildable tweaks the buildroot to be container friendly, // i.e. to not rely on an installed osbuild-selinux ContainerBuildable bool + + CustomFilesystems []string } func NewOSTreeDiskImageFromCommit(commit ostree.SourceSpec) *OSTreeDiskImage { @@ -107,6 +109,7 @@ func baseRawOstreeImage(img *OSTreeDiskImage, buildPipeline manifest.Build, opts osPipeline.IgnitionPlatform = img.IgnitionPlatform osPipeline.LockRoot = img.LockRoot osPipeline.UseBootupd = opts.useBootupd + osPipeline.CustomFileSystems = img.CustomFilesystems // other image types (e.g. live) pass the workload to the pipeline. if img.Workload != nil { diff --git a/vendor/github.com/osbuild/images/pkg/manifest/anaconda_installer.go b/vendor/github.com/osbuild/images/pkg/manifest/anaconda_installer.go index 4df436f2b18..8342316f1fb 100644 --- a/vendor/github.com/osbuild/images/pkg/manifest/anaconda_installer.go +++ b/vendor/github.com/osbuild/images/pkg/manifest/anaconda_installer.go @@ -60,6 +60,7 @@ type AnacondaInstaller struct { kernelVer string product string version string + preview bool // Interactive defaults is a kickstart stage that can be provided, it // will be written to /usr/share/anaconda/interactive-defaults @@ -84,7 +85,8 @@ func NewAnacondaInstaller(installerType AnacondaInstallerType, repos []rpmmd.RepoConfig, kernelName, product, - version string) *AnacondaInstaller { + version string, + preview bool) *AnacondaInstaller { name := "anaconda-tree" p := &AnacondaInstaller{ Base: NewBase(name, buildPipeline), @@ -94,6 +96,7 @@ func NewAnacondaInstaller(installerType AnacondaInstallerType, kernelName: kernelName, product: product, version: version, + preview: preview, } buildPipeline.addDependent(p) return p @@ -208,7 +211,7 @@ func (p *AnacondaInstaller) serialize() osbuild.Pipeline { Product: p.product, Variant: p.Variant, Version: p.version, - Final: true, + Final: !p.preview, })) pipeline.AddStage(osbuild.NewLocaleStage(&osbuild.LocaleStageOptions{Language: "en_US.UTF-8"})) diff --git a/vendor/github.com/osbuild/images/pkg/manifest/ostree_deployment.go b/vendor/github.com/osbuild/images/pkg/manifest/ostree_deployment.go index 3e3afb97f11..e871cb5079a 100644 --- a/vendor/github.com/osbuild/images/pkg/manifest/ostree_deployment.go +++ b/vendor/github.com/osbuild/images/pkg/manifest/ostree_deployment.go @@ -74,6 +74,8 @@ type OSTreeDeployment struct { // Use bootupd instead of grub2 as the bootloader UseBootupd bool + + CustomFileSystems []string } // NewOSTreeCommitDeployment creates a pipeline for an ostree deployment from a @@ -353,6 +355,19 @@ func (p *OSTreeDeployment) serialize() osbuild.Pipeline { }, })) + // This will create a custom systemd unit that create + // mountpoints if its not present.This will safeguard + // any ostree deployment which has custom filesystem + // during ostree upgrade. + // issue # https://github.com/osbuild/images/issues/352 + if len(p.CustomFileSystems) != 0 { + serviceName := "osbuild-ostree-mountpoints.service" + stageOption := osbuild.NewSystemdUnitCreateStageOptions(createMountpointService(serviceName, p.CustomFileSystems)) + stageOption.MountOSTree(p.osName, ref, 0) + pipeline.AddStage(stageOption) + p.EnabledServices = append(p.EnabledServices, serviceName) + } + // We enable / disable services below using the systemd stage, but its effect // may be overridden by systemd which may reset enabled / disabled services on // firstboot (which happend on F37+). This behavior, if available, is triggered @@ -481,3 +496,38 @@ func (p *OSTreeDeployment) getInline() []string { return inlineData } + +// Creates systemd unit stage by ingesting the servicename and mount-points +func createMountpointService(serviceName string, mountpoints []string) *osbuild.SystemdUnitCreateStageOptions { + var conditionPathIsDirectory []string + for _, mountpoint := range mountpoints { + conditionPathIsDirectory = append(conditionPathIsDirectory, "|!"+mountpoint) + } + unit := osbuild.Unit{ + Description: "Ensure custom filesystem mountpoints exist", + DefaultDependencies: false, + ConditionPathIsDirectory: conditionPathIsDirectory, + } + service := osbuild.Service{ + Type: osbuild.Oneshot, + RemainAfterExit: true, + //compatibility with composefs, will require transient rootfs to be enabled too. + ExecStartPre: []string{"/bin/sh -c \"if [ -z \"$(grep -Uq composefs /run/ostree-booted)\" ]; then chattr -i /; fi\""}, + ExecStopPost: []string{"/bin/sh -c \"if [ -z \"$(grep -Uq composefs /run/ostree-booted)\" ]; then chattr +i /; fi\""}, + ExecStart: []string{"mkdir -p " + strings.Join(mountpoints[:], " ")}, + } + install := osbuild.Install{ + WantedBy: []string{"local-fs.target"}, + } + options := osbuild.SystemdUnitCreateStageOptions{ + Filename: serviceName, + UnitPath: osbuild.Etc, + UnitType: osbuild.System, + Config: osbuild.SystemdServiceUnit{ + Unit: &unit, + Service: &service, + Install: &install, + }, + } + return &options +} diff --git a/vendor/github.com/osbuild/images/pkg/osbuild/curl_source.go b/vendor/github.com/osbuild/images/pkg/osbuild/curl_source.go index 1a0658060cb..e6eeec939ff 100644 --- a/vendor/github.com/osbuild/images/pkg/osbuild/curl_source.go +++ b/vendor/github.com/osbuild/images/pkg/osbuild/curl_source.go @@ -39,6 +39,10 @@ func NewCurlPackageItem(pkg rpmmd.PackageSpec) (CurlSourceItem, error) { item.Secrets = &URLSecrets{ Name: "org.osbuild.rhsm", } + } else if pkg.Secrets == "org.osbuild.mtls" { + item.Secrets = &URLSecrets{ + Name: "org.osbuild.mtls", + } } item.Insecure = pkg.IgnoreSSL return item, nil diff --git a/vendor/github.com/osbuild/images/pkg/osbuild/systemd_unit_create_stage.go b/vendor/github.com/osbuild/images/pkg/osbuild/systemd_unit_create_stage.go new file mode 100644 index 00000000000..19eea44b803 --- /dev/null +++ b/vendor/github.com/osbuild/images/pkg/osbuild/systemd_unit_create_stage.go @@ -0,0 +1,61 @@ +package osbuild + +type serviceType string +type unitPath string + +const ( + Simple serviceType = "simple" + Exec serviceType = "exec" + Forking serviceType = "forking" + Oneshot serviceType = "oneshot" + Dbus serviceType = "dbus" + Notify serviceType = "notify" + NotifyReloadservice serviceType = "notify-reload" + Idle serviceType = "idle" + Etc unitPath = "etc" + Usr unitPath = "usr" +) + +type Unit struct { + Description string `json:"Description,omitempty"` + DefaultDependencies bool `json:"DefaultDependencies,omitempty"` + ConditionPathExists []string `json:"ConditionPathExists,omitempty"` + ConditionPathIsDirectory []string `json:"ConditionPathIsDirectory,omitempty"` + Requires []string `json:"Requires,omitempty"` + Wants []string `json:"Wants,omitempty"` +} + +type Service struct { + Type serviceType `json:"Type,omitempty"` + RemainAfterExit bool `json:"RemainAfterExit,omitempty"` + ExecStartPre []string `json:"ExecStartPre,omitempty"` + ExecStopPost []string `json:"ExecStopPost,omitempty"` + ExecStart []string `json:"ExecStart,omitempty"` +} + +type Install struct { + RequiredBy []string `json:"RequiredBy,omitempty"` + WantedBy []string `json:"WantedBy,omitempty"` +} + +type SystemdServiceUnit struct { + Unit *Unit `json:"Unit"` + Service *Service `json:"Service"` + Install *Install `json:"Install"` +} + +type SystemdUnitCreateStageOptions struct { + Filename string `json:"filename"` + UnitType unitType `json:"unit-type,omitempty"` // unitType defined in ./systemd_unit_stage.go + UnitPath unitPath `json:"unit-path,omitempty"` + Config SystemdServiceUnit `json:"config"` +} + +func (SystemdUnitCreateStageOptions) isStageOptions() {} + +func NewSystemdUnitCreateStageOptions(options *SystemdUnitCreateStageOptions) *Stage { + return &Stage{ + Type: "org.osbuild.systemd.unit.create", + Options: options, + } +} diff --git a/vendor/github.com/osbuild/images/pkg/osbuild/users_stage.go b/vendor/github.com/osbuild/images/pkg/osbuild/users_stage.go index d86538374cf..bd71664ed8c 100644 --- a/vendor/github.com/osbuild/images/pkg/osbuild/users_stage.go +++ b/vendor/github.com/osbuild/images/pkg/osbuild/users_stage.go @@ -20,6 +20,7 @@ type UsersStageOptionsUser struct { Shell *string `json:"shell,omitempty"` Password *string `json:"password,omitempty"` Key *string `json:"key,omitempty"` + ExpireDate *int `json:"expiredate,omitempty"` } func NewUsersStage(options *UsersStageOptions) *Stage { @@ -60,6 +61,7 @@ func NewUsersStageOptions(userCustomizations []users.User, omitKey bool) (*Users Shell: uc.Shell, Password: uc.Password, Key: nil, + ExpireDate: uc.ExpireDate, } if !omitKey { user.Key = uc.Key diff --git a/vendor/github.com/osbuild/images/pkg/policies/policies.go b/vendor/github.com/osbuild/images/pkg/policies/policies.go index 5b40783a1dd..7d15955715a 100644 --- a/vendor/github.com/osbuild/images/pkg/policies/policies.go +++ b/vendor/github.com/osbuild/images/pkg/policies/policies.go @@ -42,13 +42,15 @@ var CustomDirectoriesPolicies = pathpolicy.NewPathPolicies(map[string]pathpolicy // CustomFilesPolicies is a set of default policies for custom files var CustomFilesPolicies = pathpolicy.NewPathPolicies(map[string]pathpolicy.PathPolicy{ - "/": {Deny: true}, - "/etc": {}, - "/root": {}, - "/etc/fstab": {Deny: true}, - "/etc/shadow": {Deny: true}, - "/etc/passwd": {Deny: true}, - "/etc/group": {Deny: true}, + "/": {Deny: true}, + "/etc": {}, + "/root": {}, + "/usr/local/bin": {}, + "/usr/local/sbin": {}, + "/etc/fstab": {Deny: true}, + "/etc/shadow": {Deny: true}, + "/etc/passwd": {Deny: true}, + "/etc/group": {Deny: true}, }) // MountpointPolicies for ostree diff --git a/vendor/github.com/osbuild/images/pkg/rpmmd/repository.go b/vendor/github.com/osbuild/images/pkg/rpmmd/repository.go index 64591a2e536..bdf5dbf900f 100644 --- a/vendor/github.com/osbuild/images/pkg/rpmmd/repository.go +++ b/vendor/github.com/osbuild/images/pkg/rpmmd/repository.go @@ -47,6 +47,12 @@ type RepoConfig struct { Enabled *bool `json:"enabled,omitempty"` ImageTypeTags []string `json:"image_type_tags,omitempty"` PackageSets []string `json:"package_sets,omitempty"` + + // These fields are only filled out by the worker during the + // depsolve job for certain baseurls. + SSLCACert string `json:"sslcacert,omitempty"` + SSLClientKey string `json:"sslclientkey,omitempty"` + SSLClientCert string `json:"sslclientcert,omitempty"` } // Hash calculates an ID string that uniquely represents a repository @@ -74,7 +80,10 @@ func (r *RepoConfig) Hash() string { bpts(r.IgnoreSSL)+ r.MetadataExpire+ bts(r.RHSM)+ - bpts(r.ModuleHotfixes)))) + bpts(r.ModuleHotfixes)+ + r.SSLCACert+ + r.SSLClientKey+ + r.SSLClientCert))) } type DistrosRepoConfigs map[string]map[string][]RepoConfig diff --git a/vendor/modules.txt b/vendor/modules.txt index 20b09a764f9..0d303098345 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -846,7 +846,7 @@ github.com/oracle/oci-go-sdk/v54/identity github.com/oracle/oci-go-sdk/v54/objectstorage github.com/oracle/oci-go-sdk/v54/objectstorage/transfer github.com/oracle/oci-go-sdk/v54/workrequests -# github.com/osbuild/images v0.47.0 +# github.com/osbuild/images v0.51.0 ## explicit; go 1.19 github.com/osbuild/images/internal/common github.com/osbuild/images/internal/environment