From 535cea41554e6c0535371fc195507a0a354813ef Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mon, 13 Jan 2025 09:21:26 -0500 Subject: [PATCH] Split out postprocess-conf.yaml Prep for working on custom base images. We want to support operating on rootfs that may not have been generated by rpm-ostree. Split this out as something that can gets passed separately to `rpm-ostree compose postprocess/commit`. --- tier-0/manifest.yaml | 31 ++----------------------------- tier-0/ostree.yaml | 3 --- tier-0/postprocess-conf.yaml | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 36 insertions(+), 32 deletions(-) create mode 100644 tier-0/postprocess-conf.yaml diff --git a/tier-0/manifest.yaml b/tier-0/manifest.yaml index f4baec4..4892eb1 100644 --- a/tier-0/manifest.yaml +++ b/tier-0/manifest.yaml @@ -1,40 +1,12 @@ edition: "2024" -# https://github.com/CentOS/centos-bootc/issues/167 -machineid-compat: true + # Be minimal recommends: false -ignore-removed-users: - - root -ignore-removed-groups: - - root -etc-group-members: - - wheel - - sudo - - systemd-journal - - adm - # Default to `bash` in our container, the same as other containers we ship. container-cmd: - /sbin/init -# Note that the default for c9s+ is sqlite; we can't rely on rpm being -# in the target (it isn't in tier-0!) so turn this to host here. This -# does break the "hermetic build" aspect a bit. Maybe eventually -# what we should do is special case this and actually install RPM temporarily -# and then remove it... -rpmdb: host - -check-passwd: - type: "file" - filename: "passwd" -check-groups: - type: "file" - filename: "group" - -automatic-version-prefix: "${releasever}." -mutate-os-release: "${releasever}" - remove-from-packages: # Generally we expect other tools to do this (e.g. Ignition or cloud-init) - [systemd, /usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service] @@ -43,6 +15,7 @@ remove-from-packages: - [systemd-udev, /usr/lib/systemd/system-generators/systemd-gpt-auto-generator] include: + - postprocess-conf.yaml - bootc.yaml - bootupd.yaml - ostree.yaml diff --git a/tier-0/ostree.yaml b/tier-0/ostree.yaml index 6f30861..af49580 100644 --- a/tier-0/ostree.yaml +++ b/tier-0/ostree.yaml @@ -1,9 +1,6 @@ packages: - ostree nss-altfiles -# We want content lifecycled with the image -opt-usrlocal: "root" - postprocess: # Set up default root config - | diff --git a/tier-0/postprocess-conf.yaml b/tier-0/postprocess-conf.yaml new file mode 100644 index 0000000..d11f4ee --- /dev/null +++ b/tier-0/postprocess-conf.yaml @@ -0,0 +1,34 @@ +# This file configures things relevant to `rpm-ostree compose postprocess`. + +# We want content lifecycled with the image +opt-usrlocal: "root" + +# https://github.com/CentOS/centos-bootc/issues/167 +machineid-compat: true + +# Note that the default for c9s+ is sqlite; we can't rely on rpm being +# in the target (it isn't in tier-0!) so turn this to host here. This +# does break the "hermetic build" aspect a bit. Maybe eventually +# what we should do is special case this and actually install RPM temporarily +# and then remove it... +rpmdb: host + +ignore-removed-users: + - root +ignore-removed-groups: + - root +etc-group-members: + - wheel + - sudo + - systemd-journal + - adm + +check-passwd: + type: "file" + filename: "passwd" +check-groups: + type: "file" + filename: "group" + +automatic-version-prefix: "${releasever}." +mutate-os-release: "${releasever}"