Classic sed invocation footgun. Doing `-ie` actually binds the `e` to
`-i` which tells sed to backup the original with a suffix of `e`.
This gets rid of `/usr/lib/tmpfiles.d/provision.confe`.
systemd-tmpfiles ignores files that don't have `.conf` so the stray file
had no effect.
These are all included in tier-x or tier-0 already.
Though it does drop bsdtar. This isn't really well-known enough to
belong here. It's included in FCOS because we use it in our scripts,
but it's not a requirement for any tier-1 logic AFAIK and I would be
surprised if users expected it there.
We want tier-1 to be another consumer of tier-x, kind of like its own
top-level Fedora variant. That way, tier-1 is now a strict superset of
tier-x, just like the other variants.
- Make very clear that tier-1 is the default image
- Link to our issue tracker for supportable base image customization
- Note use of `--build-arg=MANIFEST`.
etc.
Signed-off-by: Colin Walters <walters@verbum.org>
Let's at least verify tier-0 and tier-x can build fine. Ideally in the
future we actually run some tests on the resulting image, though let's
wait until this CI is migrated to Konflux before doing that.
tier-1 is more opinionated and automatic updates by default is
definitely a very strong opinion.
This makes it easier to inherit from tier-0 without having to undo that
knob if it's not desirable.
Prep for !48.
One of the main goals of the bootable containers initiative in Fedora
is to have all the image-based Fedora variants share a common base onto
which we can maintain CI, develop features, fix bugs, etc...
While I believe in the long-term, we should try to have literal
derivation from a base image, this is not currently desirable for
various reasons. Instead, for now we can share things at the manifest
level by having this repo be a submodule in the every variant's repo.
Currently, tier-0 is much smaller than it needs to be for sharing
purposes. Crucially, it doesn't include NetworkManager. At the same
time, tier-1 is much too large as a shared target. As a first step, we
should try to match variants where they currently are and not force them
to ship many more packages than they currently do.
For this purpose, I'm proposing a new tier: tier-x. The "x" stands for
"cross-variant". This tier is composed of tier-0 + a set of packages
that is currently in common to all the involved variants. The most
notable additions are NetworkManager, openssh, and rpm-ostree.
The intention then is to have every Fedora variant `include` this tier
and have it become the point of collaboration between variants. E.g. new
packages/bug fixes/temporary workarounds relevant to all variants likely
should land in this tier instead of in the downstreams. CI of course
will also be an important discussion point.
We only ship iptables-nft, so there's no need to explicitly
override the symlinks anymore. To enforce this remains the case, add
`iptables-legacy` to the exclusion list.
As per the comment, currently we're pulling in iptables-legacy because
for some reason the `iptables` Provides is fulfilled by that instead of
iptables-nft. Explicitly name the latter to avoid this.
Note in tier-1 we do pull iptables-nft only because it's explicitly
named there.
Instead of re-symlinking every tier-0 manifest, just include the tier-0
manifest directly. That way, rpm-ostree will already know to resolve its
manifests within the tier-0 directory.
Currently, there is both dnf and dnf5 in Fedora. dnf5 provides `dnf`,
but matching a package name is stronger and so requesting `dnf` here
still pulls in the legacy one.
This notably drops out Python from tier 0.
Fedora 41 appears to require the inclusion of `systemd-cryptsetup` in
the initrd in order to unlock LUKS devices at boot.
See: #17
Signed-off-by: Micah Abbott <miabbott@redhat.com>
It's supported on all architectures now, even if it's
a no-op mostly on s390x today.
But specifically this will ensure we pull in zipl on s390x,
which *is* needed.
Signed-off-by: Colin Walters <walters@verbum.org>
Jonathan Lebon
Colin Walters (Red Hat)
Colin Walters
Joseph Marrero Corchado
Micah Abbott
Liora Milbaum
Platform Engineering Bot