We want tier-1 to be another consumer of tier-x, kind of like its own
top-level Fedora variant. That way, tier-1 is now a strict superset of
tier-x, just like the other variants.
tier-1 is more opinionated and automatic updates by default is
definitely a very strong opinion.
This makes it easier to inherit from tier-0 without having to undo that
knob if it's not desirable.
Prep for !48.
We only ship iptables-nft, so there's no need to explicitly
override the symlinks anymore. To enforce this remains the case, add
`iptables-legacy` to the exclusion list.
Instead of re-symlinking every tier-0 manifest, just include the tier-0
manifest directly. That way, rpm-ostree will already know to resolve its
manifests within the tier-0 directory.
I don't entirely remember what happened here when forking from
CoreOS, but we definitely want toolbox and lsof at least, just
looking at the differences.
While we're here I did readd sos, but in another section.
Signed-off-by: Colin Walters <walters@verbum.org>
This service is a backfill for lack of a better option
as a baseline to run in cloud/virt environments:
- Without cloud-init
- Even with cloud-init, as it doesn't yet support growing
on ostree/composefs
Signed-off-by: Colin Walters <walters@verbum.org>
The `nfs-utils-coreos` package was created to not depend on
Python mainly, but we are way deep into many other packages
that do at this point.
There's some other package that `Requires: nfs-utils` that
this should fix.
Right now we have an "allowlist" effectively for our dracut modules
because we specify a configuration in `/usr/lib/dracut/dracut.conf.d`
which seems to turn off autodetection.
Add in lvm which we definitely want to support.
Signed-off-by: Colin Walters <walters@verbum.org>
We were missing `container-selinux`...oops. Fix that. While
we're here..
- Fully re-enable `recommends: true` - this is not a small image,
and so let's not try to override things.
- Drop out the old-style compat networking packages for podman,
since this is a new image
Part of the aim of this project is to make `dnf` "Just work"
in a bootable container native host.
There's some details to work through, but tier-1 is already
large, and this doesn't add much more.
This is basically just:
- kernel
- systemd
- selinux-policy-targeted
- bootc
Notably it doesn't have `rpm-ostree` or `rpm`, or many other things.
It also doesn't even have `linux-firmware`.
And no `openssh`!
It's almost certain that you need to derive from this, but
it should be a suitable starting point.
TODO: Add something like
```
$ dnf-system-bootstrap
Installing packaging tools from quay.io/fedora/fedora-boot-dnf@sha256:abcd...)
# This would be basically all the packages not in tier-0 that
# are enough to give `dnf install`
$ dnf install cowsay
# Install critical stuff
$ dnf system-bootstrap remove
# Remove everything that we added for the package system, that isn't
# a dependency of what the user wants!
```
(In theory we could make this work with multi-stage builds, but
it's a little hard)
Jonathan Lebon
Colin Walters (Red Hat)
Paul Whalen
Colin Walters