This is the opposite workaround for
https://github.com/ostreedev/ostree-rs-ext/issues/612
However, we still need to finally make `/opt` a directory
to complete this, which currently wants changes in rpm-ostree.
(Or, we could tweak our build process to inject as a container
afterwards)
This partially reverts commit 7977ead6e4 and
effectively migrates the change from 8f5be09371
and 14ab1c5847
to here.
Signed-off-by: Colin Walters <walters@verbum.org>
This ensures that systemd's creation of `/root` works instead
of falling back to what we have in
`/usr/lib/tmpfiles.d/rpm-ostree-0-integration.conf` for
`d /var/roothome 0700 root root -` which in turn ensures
that both the credential values as well as bootc's injection
of a tmpfiles.d snippet for root SSH key works.
https://github.com/containers/bootc/issues/358
Signed-off-by: Colin Walters <walters@verbum.org>
The systemd firstboot process does several things, but notably
it runs a preset process. This means that basically a plain
`RUN systemctl enable foo` won't work unless you *also* write
a preset file for it, and no one will know to do that.
Today it's built as a module for Fedora derivatives, but
it's a relatively small kmod.
In particular I want to be able to use a virtiofs root as
a bootstrap mechanism to generate disk images in a situation
where we can't do nested containers, but we do have `/dev/kvm` -
which is the setup we have in e.g. OpenShift Prow on `build02`
with nested virt.
bootc isn't in C9S yet, but it is in the -dev images. Add
the install config unconditionally so that `bootc install`
works in the `centos-bootc-dev` image.
Just a small fix, adding a missing redirection so that
'01-bootc-nohostonly.conf' is not created empty.
Since dracut's default is 'hostonly=no' this fix has
no impact on the initramfs contents.
Signed-off-by: German Maglione <gmaglione@redhat.com>
This is basically just:
- kernel
- systemd
- selinux-policy-targeted
- bootc
Notably it doesn't have `rpm-ostree` or `rpm`, or many other things.
It also doesn't even have `linux-firmware`.
And no `openssh`!
It's almost certain that you need to derive from this, but
it should be a suitable starting point.
TODO: Add something like
```
$ dnf-system-bootstrap
Installing packaging tools from quay.io/fedora/fedora-boot-dnf@sha256:abcd...)
# This would be basically all the packages not in tier-0 that
# are enough to give `dnf install`
$ dnf install cowsay
# Install critical stuff
$ dnf system-bootstrap remove
# Remove everything that we added for the package system, that isn't
# a dependency of what the user wants!
```
(In theory we could make this work with multi-stage builds, but
it's a little hard)
Michael Vogt
Colin Walters
Daniel J Walsh
German Maglione
Liora Milbaum