diff --git a/go.mod b/go.mod index 535c027000..ce77cb8dd6 100644 --- a/go.mod +++ b/go.mod @@ -36,7 +36,7 @@ require ( github.com/labstack/gommon v0.4.2 github.com/openshift-online/ocm-sdk-go v0.1.420 github.com/oracle/oci-go-sdk/v54 v54.0.0 - github.com/osbuild/images v0.63.0 + github.com/osbuild/images v0.65.0 github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20231117174845-e969a9dc3cd1 github.com/osbuild/pulp-client v0.1.0 github.com/prometheus/client_golang v1.19.1 diff --git a/go.sum b/go.sum index d5a2f08aca..1ab0bfbf06 100644 --- a/go.sum +++ b/go.sum @@ -500,8 +500,8 @@ github.com/openshift-online/ocm-sdk-go v0.1.420 h1:zC/TboLemC09T5qxSdF5IZR20wnn4 github.com/openshift-online/ocm-sdk-go v0.1.420/go.mod h1:CiAu2jwl3ITKOxkeV0Qnhzv4gs35AmpIzVABQLtcI2Y= github.com/oracle/oci-go-sdk/v54 v54.0.0 h1:CDLjeSejv2aDpElAJrhKpi6zvT/zhZCZuXchUUZ+LS4= github.com/oracle/oci-go-sdk/v54 v54.0.0/go.mod h1:+t+yvcFGVp+3ZnztnyxqXfQDsMlq8U25faBLa+mqCMc= -github.com/osbuild/images v0.63.0 h1:tk75nDV78Pbi+RBXCclHYQbzzJeqJDsCMVmDCWRhLcM= -github.com/osbuild/images v0.63.0/go.mod h1:kkiJNrd0XkVfwBxrJ8wWt6/d0+Eb+tG+zZVnw/xXE/8= +github.com/osbuild/images v0.65.0 h1:Vq6r5YQJvTYiznBPma8sHffNyPl0rx1i6hwMN+AbrIA= +github.com/osbuild/images v0.65.0/go.mod h1:kkiJNrd0XkVfwBxrJ8wWt6/d0+Eb+tG+zZVnw/xXE/8= github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20231117174845-e969a9dc3cd1 h1:UFEJIcPa46W8gtWgOYzriRKYyy1t6SWL0BI7fPTuVvc= github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20231117174845-e969a9dc3cd1/go.mod h1:z+WA+dX6qMwc7fqY5jCzESDIlg4WR2sBQezxsoXv9Ik= github.com/osbuild/pulp-client v0.1.0 h1:L0C4ezBJGTamN3BKdv+rKLuq/WxXJbsFwz/Hj7aEmJ8= diff --git a/vendor/github.com/osbuild/images/internal/common/helpers.go b/vendor/github.com/osbuild/images/internal/common/helpers.go index 865b88c36b..0b1f3662b8 100644 --- a/vendor/github.com/osbuild/images/internal/common/helpers.go +++ b/vendor/github.com/osbuild/images/internal/common/helpers.go @@ -1,8 +1,10 @@ package common import ( + "bytes" "fmt" "io" + "os/exec" "regexp" "sort" "strconv" @@ -84,3 +86,26 @@ type nopSeekCloser struct { } func (nopSeekCloser) Close() error { return nil } + +// MountUnitNameFor returns the escaped name of the mount unit for a given +// mountpoint by calling: +// +// systemd-escape --path --suffix=mount "mountpoint" +func MountUnitNameFor(mountpoint string) (string, error) { + cmd := exec.Command("systemd-escape", "--path", "--suffix=mount", mountpoint) + stdout, err := cmd.Output() + if err != nil { + return "", fmt.Errorf("systemd-escape call failed: %s", ExecError(err)) + } + return strings.TrimSpace(string(stdout)), nil +} + +// ExecError handles the error from an exec.Command().Output() call. It returns +// a formatted error that includes StdErr when the error is of type +// exec.ExitError. +func ExecError(err error) error { + if err, ok := err.(*exec.ExitError); ok { + return fmt.Errorf("%s [%w]", bytes.TrimSpace(err.Stderr), err) + } + return err +} diff --git a/vendor/github.com/osbuild/images/pkg/distro/fedora/distro.go b/vendor/github.com/osbuild/images/pkg/distro/fedora/distro.go index 4218e926ea..16bbac5b8a 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/fedora/distro.go +++ b/vendor/github.com/osbuild/images/pkg/distro/fedora/distro.go @@ -872,7 +872,6 @@ func newDistro(version int) distro.Distro { minimalrawImgType, ) - // iot simplified installer was introduced in F38 x86_64.addImageTypes( &platform.X86{ BasePlatform: platform.BasePlatform{ @@ -921,62 +920,59 @@ func newDistro(version int) distro.Distro { iotSimplifiedInstallerImgType, ) - if common.VersionGreaterThanOrEqual(rd.Releasever(), "39") { - // bootc was introduced in F39 - x86_64.addImageTypes( - &platform.X86{ - BasePlatform: platform.BasePlatform{ - FirmwarePackages: []string{ - "biosdevname", - "iwlwifi-dvm-firmware", - "iwlwifi-mvm-firmware", - "microcode_ctl", - }, + x86_64.addImageTypes( + &platform.X86{ + BasePlatform: platform.BasePlatform{ + FirmwarePackages: []string{ + "biosdevname", + "iwlwifi-dvm-firmware", + "iwlwifi-mvm-firmware", + "microcode_ctl", }, - BIOS: true, - UEFIVendor: "fedora", }, - iotBootableContainer, - ) - aarch64.addImageTypes( - &platform.Aarch64{ - BasePlatform: platform.BasePlatform{ - FirmwarePackages: []string{ - "arm-image-installer", - "bcm283x-firmware", - "brcmfmac-firmware", - "iwlwifi-mvm-firmware", - "realtek-firmware", - "uboot-images-armv8", - }, + BIOS: true, + UEFIVendor: "fedora", + }, + iotBootableContainer, + ) + aarch64.addImageTypes( + &platform.Aarch64{ + BasePlatform: platform.BasePlatform{ + FirmwarePackages: []string{ + "arm-image-installer", + "bcm283x-firmware", + "brcmfmac-firmware", + "iwlwifi-mvm-firmware", + "realtek-firmware", + "uboot-images-armv8", }, - UEFIVendor: "fedora", }, - iotBootableContainer, - ) - - ppc64le.addImageTypes( - &platform.PPC64LE{ - BIOS: true, - BasePlatform: platform.BasePlatform{ - ImageFormat: platform.FORMAT_QCOW2, - QCOW2Compat: "1.1", - }, + UEFIVendor: "fedora", + }, + iotBootableContainer, + ) + + ppc64le.addImageTypes( + &platform.PPC64LE{ + BIOS: true, + BasePlatform: platform.BasePlatform{ + ImageFormat: platform.FORMAT_QCOW2, + QCOW2Compat: "1.1", }, - iotBootableContainer, - ) - - s390x.addImageTypes( - &platform.S390X{ - Zipl: true, - BasePlatform: platform.BasePlatform{ - ImageFormat: platform.FORMAT_QCOW2, - QCOW2Compat: "1.1", - }, + }, + iotBootableContainer, + ) + + s390x.addImageTypes( + &platform.S390X{ + Zipl: true, + BasePlatform: platform.BasePlatform{ + ImageFormat: platform.FORMAT_QCOW2, + QCOW2Compat: "1.1", }, - iotBootableContainer, - ) - } + }, + iotBootableContainer, + ) ppc64le.addImageTypes( &platform.PPC64LE{ diff --git a/vendor/github.com/osbuild/images/pkg/distro/fedora/package_sets.go b/vendor/github.com/osbuild/images/pkg/distro/fedora/package_sets.go index 5503c5858e..bc9bd56960 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/fedora/package_sets.go +++ b/vendor/github.com/osbuild/images/pkg/distro/fedora/package_sets.go @@ -474,14 +474,6 @@ func anacondaPackageSet(t *imageType) rpmmd.PackageSet { }, }) - if common.VersionLessThan(t.arch.distro.osVersion, "39") { - ps = ps.Append(rpmmd.PackageSet{ - Include: []string{ - "lklug-fonts", // orphaned, unavailable in F39 - }, - }) - } - switch t.Arch().Name() { case arch.ARCH_X86_64.String(): ps = ps.Append(rpmmd.PackageSet{ @@ -627,14 +619,6 @@ func containerPackageSet(t *imageType) rpmmd.PackageSet { }, } - if common.VersionLessThan(t.arch.distro.osVersion, "39") { - ps = ps.Append(rpmmd.PackageSet{ - Include: []string{ - "fedora-repos-modular", - }, - }) - } - return ps } @@ -705,7 +689,8 @@ func iotSimplifiedInstallerPackageSet(t *imageType) rpmmd.PackageSet { "shadow-utils", // includes passwd }, }) - } else if common.VersionLessThan(t.arch.distro.osVersion, "40") { + } else { + // F39 only ps = ps.Append(rpmmd.PackageSet{ Include: []string{ "passwd", diff --git a/vendor/github.com/osbuild/images/pkg/distro/fedora/partition_tables.go b/vendor/github.com/osbuild/images/pkg/distro/fedora/partition_tables.go index be47fd2608..d76b0083b9 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/fedora/partition_tables.go +++ b/vendor/github.com/osbuild/images/pkg/distro/fedora/partition_tables.go @@ -431,13 +431,13 @@ var iotSimplifiedInstallerPartitionTables = distro.BasePartitionTableMap{ }, }, arch.ARCH_AARCH64.String(): disk.PartitionTable{ - UUID: "0xc1748067", - Type: "dos", + UUID: "D209C89E-EA5E-4FBD-B161-B461CCE297E0", + Type: "gpt", Partitions: []disk.Partition{ { - Size: 501 * common.MebiByte, - Type: "06", - Bootable: true, + Size: 501 * common.MebiByte, + Type: disk.EFISystemPartitionGUID, + UUID: disk.EFISystemPartitionUUID, Payload: &disk.Filesystem{ Type: "vfat", UUID: disk.EFIFilesystemUUID, diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/azure.go b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/azure.go index b078de050b..46b02e655d 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/azure.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/azure.go @@ -256,10 +256,14 @@ func azureRhuiPackageSet(t *rhel.ImageType) rpmmd.PackageSet { // Includes the common azure package set, the common SAP packages, and // the azure rhui sap package. func azureSapPackageSet(t *rhel.ImageType) rpmmd.PackageSet { + rhuiPkg := "rhui-azure-rhel8-sap-ha" + if t.Arch().Distro().OsVersion() == "8.10" { + rhuiPkg = "rhui-azure-rhel8-base-sap-ha" + } return rpmmd.PackageSet{ Include: []string{ "firewalld", - "rhui-azure-rhel8-sap-ha", + rhuiPkg, }, }.Append(azureCommonPackageSet(t)).Append(SapPackageSet(t)) } diff --git a/vendor/github.com/osbuild/images/pkg/dnfjson/dnfjson.go b/vendor/github.com/osbuild/images/pkg/dnfjson/dnfjson.go index a0cabf4194..efef35c9af 100644 --- a/vendor/github.com/osbuild/images/pkg/dnfjson/dnfjson.go +++ b/vendor/github.com/osbuild/images/pkg/dnfjson/dnfjson.go @@ -460,10 +460,12 @@ func (s *Solver) makeDepsolveRequest(pkgSets []rpmmd.PackageSet) (*Request, map[ if err != nil { return nil, nil, err } + args := arguments{ - Repos: dnfRepoMap, - RootDir: s.rootDir, - Transactions: transactions, + Repos: dnfRepoMap, + RootDir: s.rootDir, + Transactions: transactions, + OptionalMetadata: s.optionalMetadataForDistro(), } req := Request{ @@ -479,6 +481,20 @@ func (s *Solver) makeDepsolveRequest(pkgSets []rpmmd.PackageSet) (*Request, map[ return &req, rhsmMap, nil } +func (s *Solver) optionalMetadataForDistro() []string { + // filelist repo metadata is required when using newer versions of libdnf + // with old repositories or packages that specify dependencies on files. + // EL10+ and Fedora 40+ packaging guidelines prohibit depending on + // filepaths so filelist downloads are disabled by default and are not + // required when depsolving for those distros. Explicitly enable the option + // for older distro versions in case we are using a newer libdnf. + switch s.modulePlatformID { + case "platform:f39", "platform:el7", "platform:el8", "platform:el9": + return []string{"filelists"} + } + return nil +} + // Helper function for creating a dump request payload func (s *Solver) makeDumpRequest(repos []rpmmd.RepoConfig) (*Request, error) { dnfRepos, err := s.reposFromRPMMD(repos) @@ -640,6 +656,9 @@ type arguments struct { // Load repository configurations, gpg keys, and vars from an os-root-like // tree. RootDir string `json:"root_dir"` + + // Optional metadata to download for the repositories + OptionalMetadata []string `json:"optional-metadata,omitempty"` } type searchArgs struct { diff --git a/vendor/github.com/osbuild/images/pkg/manifest/ostree_deployment.go b/vendor/github.com/osbuild/images/pkg/manifest/ostree_deployment.go index 368d6385fa..1aa76bf1e5 100644 --- a/vendor/github.com/osbuild/images/pkg/manifest/ostree_deployment.go +++ b/vendor/github.com/osbuild/images/pkg/manifest/ostree_deployment.go @@ -513,17 +513,32 @@ func createMountpointService(serviceName string, mountpoints []string) *osbuild. } unit := osbuild.Unit{ Description: "Ensure custom filesystem mountpoints exist", - DefaultDependencies: false, + DefaultDependencies: common.ToPtr(false), // Default dependencies would interfere with our custom order (before mountpoints) ConditionPathIsDirectory: conditionPathIsDirectory, + After: []string{"ostree-remount.service"}, } service := osbuild.Service{ Type: osbuild.Oneshot, - RemainAfterExit: true, - //compatibility with composefs, will require transient rootfs to be enabled too. - ExecStartPre: []string{"/bin/sh -c \"if [ -z \"$(grep -Uq composefs /run/ostree-booted)\" ]; then chattr -i /; fi\""}, - ExecStopPost: []string{"/bin/sh -c \"if [ -z \"$(grep -Uq composefs /run/ostree-booted)\" ]; then chattr +i /; fi\""}, - ExecStart: []string{"mkdir -p " + strings.Join(mountpoints[:], " ")}, + RemainAfterExit: false, + // compatibility with composefs, will require transient rootfs to be enabled too. + ExecStartPre: []string{"/bin/sh -c \"if grep -Uq composefs /run/ostree-booted; then chattr -i /; fi\""}, + ExecStopPost: []string{"/bin/sh -c \"if grep -Uq composefs /run/ostree-booted; then chattr +i /; fi\""}, + ExecStart: []string{"mkdir -p " + strings.Join(mountpoints, " ")}, + } + + // For every mountpoint we want to ensure, we need to set a Before order on + // the mount unit itself so that our mkdir runs before any of them are + // mounted + befores := make([]string, len(mountpoints)) + for idx, mp := range mountpoints { + before, err := common.MountUnitNameFor(mp) + if err != nil { + panic(err) + } + befores[idx] = before } + unit.Before = befores + install := osbuild.Install{ WantedBy: []string{"local-fs.target"}, } diff --git a/vendor/github.com/osbuild/images/pkg/osbuild/systemd_unit_create_stage.go b/vendor/github.com/osbuild/images/pkg/osbuild/systemd_unit_create_stage.go index 109205c7ee..8b0c39f31b 100644 --- a/vendor/github.com/osbuild/images/pkg/osbuild/systemd_unit_create_stage.go +++ b/vendor/github.com/osbuild/images/pkg/osbuild/systemd_unit_create_stage.go @@ -23,12 +23,13 @@ const ( type Unit struct { Description string `json:"Description,omitempty"` - DefaultDependencies bool `json:"DefaultDependencies,omitempty"` + DefaultDependencies *bool `json:"DefaultDependencies,omitempty"` ConditionPathExists []string `json:"ConditionPathExists,omitempty"` ConditionPathIsDirectory []string `json:"ConditionPathIsDirectory,omitempty"` Requires []string `json:"Requires,omitempty"` Wants []string `json:"Wants,omitempty"` After []string `json:"After,omitempty"` + Before []string `json:"Before,omitempty"` } type Service struct { diff --git a/vendor/github.com/osbuild/images/pkg/policies/policies.go b/vendor/github.com/osbuild/images/pkg/policies/policies.go index 5257589a63..52d2093eea 100644 --- a/vendor/github.com/osbuild/images/pkg/policies/policies.go +++ b/vendor/github.com/osbuild/images/pkg/policies/policies.go @@ -85,14 +85,18 @@ var CustomFilesPolicies = pathpolicy.NewPathPolicies(map[string]pathpolicy.PathP // MountpointPolicies for ostree var OstreeMountpointPolicies = pathpolicy.NewPathPolicies(map[string]pathpolicy.PathPolicy{ "/": {}, - "/ostree": {Deny: true}, - "/home": {Deny: true}, + "/home": {Deny: true}, // symlink to var/home + "/mnt": {Deny: true}, // symlink to var/mnt + "/opt": {Deny: true}, // symlink to var/opt + "/ostree": {Deny: true}, // symlink to sysroot/ostree + "/root": {Deny: true}, // symlink to var/roothome + "/srv": {Deny: true}, // symlink to var/srv "/var/home": {Deny: true}, + "/var/mnt": {Deny: true}, "/var/opt": {Deny: true}, - "/var/srv": {Deny: true}, "/var/roothome": {Deny: true}, + "/var/srv": {Deny: true}, "/var/usrlocal": {Deny: true}, - "/var/mnt": {Deny: true}, }) // CustomDirectoriesPolicies for ostree diff --git a/vendor/modules.txt b/vendor/modules.txt index 383426e1ff..6446dd5ac6 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -865,7 +865,7 @@ github.com/oracle/oci-go-sdk/v54/identity github.com/oracle/oci-go-sdk/v54/objectstorage github.com/oracle/oci-go-sdk/v54/objectstorage/transfer github.com/oracle/oci-go-sdk/v54/workrequests -# github.com/osbuild/images v0.63.0 +# github.com/osbuild/images v0.65.0 ## explicit; go 1.20 github.com/osbuild/images/internal/common github.com/osbuild/images/internal/environment