Classic sed invocation footgun. Doing `-ie` actually binds the `e` to
`-i` which tells sed to backup the original with a suffix of `e`.
This gets rid of `/usr/lib/tmpfiles.d/provision.confe`.
systemd-tmpfiles ignores files that don't have `.conf` so the stray file
had no effect.
tier-1 is more opinionated and automatic updates by default is
definitely a very strong opinion.
This makes it easier to inherit from tier-0 without having to undo that
knob if it's not desirable.
Prep for !48.
As per the comment, currently we're pulling in iptables-legacy because
for some reason the `iptables` Provides is fulfilled by that instead of
iptables-nft. Explicitly name the latter to avoid this.
Note in tier-1 we do pull iptables-nft only because it's explicitly
named there.
Currently, there is both dnf and dnf5 in Fedora. dnf5 provides `dnf`,
but matching a package name is stronger and so requesting `dnf` here
still pulls in the legacy one.
This notably drops out Python from tier 0.
Fedora 41 appears to require the inclusion of `systemd-cryptsetup` in
the initrd in order to unlock LUKS devices at boot.
See: #17
Signed-off-by: Micah Abbott <miabbott@redhat.com>
It's supported on all architectures now, even if it's
a no-op mostly on s390x today.
But specifically this will ensure we pull in zipl on s390x,
which *is* needed.
Signed-off-by: Colin Walters <walters@verbum.org>
This is the opposite workaround for
https://github.com/ostreedev/ostree-rs-ext/issues/612
However, we still need to finally make `/opt` a directory
to complete this, which currently wants changes in rpm-ostree.
(Or, we could tweak our build process to inject as a container
afterwards)
This partially reverts commit 7977ead6e4 and
effectively migrates the change from 8f5be09371
and 14ab1c5847
to here.
Signed-off-by: Colin Walters <walters@verbum.org>
This ensures that systemd's creation of `/root` works instead
of falling back to what we have in
`/usr/lib/tmpfiles.d/rpm-ostree-0-integration.conf` for
`d /var/roothome 0700 root root -` which in turn ensures
that both the credential values as well as bootc's injection
of a tmpfiles.d snippet for root SSH key works.
https://github.com/containers/bootc/issues/358
Signed-off-by: Colin Walters <walters@verbum.org>
The systemd firstboot process does several things, but notably
it runs a preset process. This means that basically a plain
`RUN systemctl enable foo` won't work unless you *also* write
a preset file for it, and no one will know to do that.
Today it's built as a module for Fedora derivatives, but
it's a relatively small kmod.
In particular I want to be able to use a virtiofs root as
a bootstrap mechanism to generate disk images in a situation
where we can't do nested containers, but we do have `/dev/kvm` -
which is the setup we have in e.g. OpenShift Prow on `build02`
with nested virt.
bootc isn't in C9S yet, but it is in the -dev images. Add
the install config unconditionally so that `bootc install`
works in the `centos-bootc-dev` image.
Just a small fix, adding a missing redirection so that
'01-bootc-nohostonly.conf' is not created empty.
Since dracut's default is 'hostonly=no' this fix has
no impact on the initramfs contents.
Signed-off-by: German Maglione <gmaglione@redhat.com>
Jonathan Lebon
Jonathan Lebon
Colin Walters (Red Hat)
Joseph Marrero Corchado
Colin Walters
Micah Abbott
Paul Whalen
Michael Vogt
Daniel J Walsh
German Maglione
Liora Milbaum