The sbin/bin merge happened in Fedora so it's now /usr/bin/zipl
in rawhide. While we're in here just name the package now since
the transient issue where it was coming from two different
packages upstream and downstream has settled. We can use s390utils-core
everywhere.
We will have a better way to make derived container images
that doesn't require having dnf in the base image.
Prep for more minimal and custom images.
Signed-off-by: Colin Walters <walters@verbum.org>
Prep for working on custom base images. We want to support
operating on rootfs that may not have been generated by
rpm-ostree.
Split this out as something that can gets passed separately
to `rpm-ostree compose postprocess/commit`.
bootc has a Rust create https://github.com/containers/bootc/pull/775
to replace gdisk which has been removed by c10s and RHEL-10
Signed-off-by: Xiaofeng Wang <xiaofwan@redhat.com>
Starting sssd-2.10 that is shipped in F41+ and C10S,
home dir for 'sssd' service user is set to '/run/sssd'
Take a note that it's not the case yet for sssd-2.9-
that is currently shipped in C9S.
dnf5 is currently in Fedora only, but this manifest is shared with
CentOS Stream and RHEL. Instead of requesting `dnf5`, request
`/usr/bin/dnf` instead. This will pull in dnf5 on Fedora, but dnf(4)
elsewhere.
We should be able to simplify this back to just `dnf` eventually once
dnf v4 is out of Fedora.
Classic sed invocation footgun. Doing `-ie` actually binds the `e` to
`-i` which tells sed to backup the original with a suffix of `e`.
This gets rid of `/usr/lib/tmpfiles.d/provision.confe`.
systemd-tmpfiles ignores files that don't have `.conf` so the stray file
had no effect.
tier-1 is more opinionated and automatic updates by default is
definitely a very strong opinion.
This makes it easier to inherit from tier-0 without having to undo that
knob if it's not desirable.
Prep for !48.
As per the comment, currently we're pulling in iptables-legacy because
for some reason the `iptables` Provides is fulfilled by that instead of
iptables-nft. Explicitly name the latter to avoid this.
Note in tier-1 we do pull iptables-nft only because it's explicitly
named there.
Currently, there is both dnf and dnf5 in Fedora. dnf5 provides `dnf`,
but matching a package name is stronger and so requesting `dnf` here
still pulls in the legacy one.
This notably drops out Python from tier 0.
Fedora 41 appears to require the inclusion of `systemd-cryptsetup` in
the initrd in order to unlock LUKS devices at boot.
See: #17
Signed-off-by: Micah Abbott <miabbott@redhat.com>
It's supported on all architectures now, even if it's
a no-op mostly on s390x today.
But specifically this will ensure we pull in zipl on s390x,
which *is* needed.
Signed-off-by: Colin Walters <walters@verbum.org>
This is the opposite workaround for
https://github.com/ostreedev/ostree-rs-ext/issues/612
However, we still need to finally make `/opt` a directory
to complete this, which currently wants changes in rpm-ostree.
(Or, we could tweak our build process to inject as a container
afterwards)
This partially reverts commit 7977ead6e4 and
effectively migrates the change from 8f5be09371
and 14ab1c5847
to here.
Signed-off-by: Colin Walters <walters@verbum.org>
This ensures that systemd's creation of `/root` works instead
of falling back to what we have in
`/usr/lib/tmpfiles.d/rpm-ostree-0-integration.conf` for
`d /var/roothome 0700 root root -` which in turn ensures
that both the credential values as well as bootc's injection
of a tmpfiles.d snippet for root SSH key works.
https://github.com/containers/bootc/issues/358
Signed-off-by: Colin Walters <walters@verbum.org>
The systemd firstboot process does several things, but notably
it runs a preset process. This means that basically a plain
`RUN systemctl enable foo` won't work unless you *also* write
a preset file for it, and no one will know to do that.
Today it's built as a module for Fedora derivatives, but
it's a relatively small kmod.
In particular I want to be able to use a virtiofs root as
a bootstrap mechanism to generate disk images in a situation
where we can't do nested containers, but we do have `/dev/kvm` -
which is the setup we have in e.g. OpenShift Prow on `build02`
with nested virt.
Colin Walters (Red Hat)
Dusty Mabe
Colin Walters
Xiaofeng Wang
Alexey Tikhonov
Jonathan Lebon
Jonathan Lebon
Joseph Marrero Corchado
Micah Abbott
Paul Whalen
Michael Vogt
Daniel J Walsh