tier-x -> packages-recommended.txt

That's basically all this is...plus a default
inheritance from the base image.

Signed-off-by: Colin Walters <walters@verbum.org>

Containerfile

@@ -0,0 +1,35 @@
+# This generates the default base image.
+
+# This is a local reference by default because we haven't shipped this image yet.
+FROM localhost/fedora-bootc:base as rootfs
+# Drop this into /usr/share/doc, so that other things can parse it
+COPY packages-recommended.txt /usr/share/doc/fedora-bootc/packages-recommended.txt
+RUN <<EORUN
+set -xeuo pipefail
+grep -E -v '^#' /usr/share/doc/fedora-bootc/packages-recommended.txt | xargs dnf -y install
+
+# Ensure we regenerate the initramfs with new content
+# https://docs.fedoraproject.org/en-US/bootc/initramfs/
+kver=$(cd /usr/lib/modules && echo *); dracut -vf /usr/lib/modules/$kver/initramfs.img $kver
+
+dnf clean all
+rm -vf /var/log/dnf*
+bootc container lint
+EORUN
+
+# This image just needs rpm-ostree in the end that has
+# https://github.com/coreos/rpm-ostree/issues/5221
+FROM registry.gitlab.com/fedora/bootc/base-images-dev/fedora-bootc-dev:rawhide as builder
+RUN --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared \
+    --mount=from=rootfs,dst=/rootfs <<EORUN
+set -xeuo pipefail
+rm /buildcontext/out.oci -rf
+rpm-ostree experimental compose build-chunked-oci --bootc --format-version=1 \
+           --rootfs=/rootfs --output /buildcontext/out.oci
+EORUN
+
+FROM oci:./out.oci
+# Need to reference builder here to force ordering. But since we have to run
+# something anyway, we might as well cleanup after ourselves.
+RUN --mount=type=bind,from=builder,src=.,target=/var/tmp \
+    --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared rm /buildcontext/out.oci -rf

Containerfile.base

@@ -23,10 +23,11 @@ RUN --mount=type=cache,target=/workdir \
     --mount=type=bind,from=repos,src=/,dst=/repos <<EORUN
 set -xeuo pipefail
 # Synchronize the dnf/rpm configs from the repos container.
-for x in /etc/dnf /etc/yum.repos.d /etc/pki/rpm-gpg; do
+for x in etc/dnf etc/yum.repos.d etc/pki/rpm-gpg; do
-  rm -vf "$x" && cp -a /repos/$x $x
+  rm -rf /"$x" && cp -a /repos/${x} /$x
 done
-cp - /repos/etc/dnf/vars /etc/dnf/vars
+# And copy to the workdir; TODO fix this in rpm-ostree
+cp /etc/yum.repos.d/*.repo .
 rpm-ostree compose image --image-config fedora-bootc-config.json \
     --cachedir=/workdir --format=ociarchive --initialize ${MANIFEST} \
     --source-root=/repos /buildcontext/out.ociarchive

README.md

@@ -64,11 +64,9 @@ to support smaller custom images. For more on this, see
   and curation around a package set that we can all agree is the rough minimum
   necessary for a usable system. It's not meant to be used as is, but layered
   upon.
-- **tier-x**: This content set is the shared base used by all image-based
+- **packages-recommended.txt**: This content set is the shared base used by all image-based
   Fedora variants (IoT, Atomic Desktops, and CoreOS).
   Changes to this tier may be done without accounting for external users.
-  To build this, pass `--build-arg=MANIFEST=fedora-tier-x.yaml` to the build
-  command above.
 
 **tier-1** inherits from **tier-x** and **tier-x** in turn inherit from **tier-0**.
 

fedora-tier-x.yaml

@@ -1,8 +0,0 @@
-metadata:
-  name: fedora-boot-tier-x
-  summary: Fedora Bootable Tier X
-
-include:
-  - fedora-generic.yaml
-  - tier-x/manifest.yaml
-  - tier-x/kernel.yaml

packages-recommended.txt

@@ -0,0 +1,45 @@
+# This file is simply a list of packages recommended to be used by default.
+# You can process this via e.g.
+# grep -E -v '^#' packages-recommended.txt | xargs dnf -y install
+
+# Used by admins interactively
+attr
+bash-completion
+hostname
+iproute
+jq
+less
+vim-minimal
+# deps of bootc, but let's be explicit. e.g. even if bootc drops the skopeo
+# dep, we still want it
+podman skopeo
+# crun recommends but doesn't require criu and criu-libs. We want them for
+# checkpoint/restore. https://github.com/coreos/fedora-coreos-tracker/issues/1370
+crun criu criu-libs
+# storage
+cryptsetup
+lvm2
+tar
+# zram-generator (but not zram-generator-defaults) for F33 change
+# https://github.com/coreos/fedora-coreos-tracker/issues/509
+zram-generator
+# networking
+iptables-nft
+NetworkManager
+openssh-clients
+openssh-server
+systemd-resolved
+# linux-firmware now a recommends so let's explicitly include it
+# https://gitlab.com/cki-project/kernel-ark/-/commit/32271d0cd9bd52d386eb35497c4876a8f041f70b
+# https://src.fedoraproject.org/rpms/kernel/c/f55c3e9ed8605ff28cb9a922efbab1055947e213?branch=rawhide
+linux-firmware
+# security
+polkit
+sudo
+# Allow for configuring different timezones
+tzdata
+# rpm-ostree
+rpm-ostree nss-altfiles
+# firmware updates
+# If you're using linux-firmware, you probably also want fwupd
+fwupd

tier-x/kernel.yaml

@@ -1 +0,0 @@
-../tier-0/kernel.yaml

tier-x/manifest.yaml

@@ -1,45 +0,0 @@
-include:
-  - ../tier-0/manifest.yaml
-
-packages:
-  # Used by admins interactively
-  - attr
-  - bash-completion
-  - hostname
-  - iproute
-  - jq
-  - less
-  - vim-minimal
-  # deps of bootc, but let's be explicit. e.g. even if bootc drops the skopeo
-  # dep, we still want it
-  - podman skopeo
-  # crun recommends but doesn't require criu and criu-libs. We want them for
-  # checkpoint/restore. https://github.com/coreos/fedora-coreos-tracker/issues/1370
-  - crun criu criu-libs
-  # storage
-  - cryptsetup
-  - lvm2
-  - tar
-  # zram-generator (but not zram-generator-defaults) for F33 change
-  # https://github.com/coreos/fedora-coreos-tracker/issues/509
-  - zram-generator
-  # networking
-  - iptables-nft
-  - NetworkManager
-  - openssh-clients
-  - openssh-server
-  - systemd-resolved
-  # linux-firmware now a recommends so let's explicitly include it
-  # https://gitlab.com/cki-project/kernel-ark/-/commit/32271d0cd9bd52d386eb35497c4876a8f041f70b
-  # https://src.fedoraproject.org/rpms/kernel/c/f55c3e9ed8605ff28cb9a922efbab1055947e213?branch=rawhide
-  - linux-firmware
-  # security
-  - polkit
-  - sudo
-  # Allow for configuring different timezones
-  - tzdata
-  # rpm-ostree
-  - rpm-ostree nss-altfiles
-  # firmware updates
-  # If you're using linux-firmware, you probably also want fwupd
-  - fwupd