Minimize base image.

tier-1: add f42 treefile after branching

See merge request fedora/bootc/base-images!87

Containerfile

@@ -23,10 +23,10 @@
 # Because it's generating a base image and uses containerization features itself.
 # In the future some of this can be lifted.
 
-FROM quay.io/fedora/fedora:rawhide as repos
+FROM quay.io/fedora/fedora:41 as repos
 
 # BOOTSTRAPPING: This can be any image that has rpm-ostree and selinux-policy-targeted.
-FROM quay.io/fedora/fedora:rawhide as builder
+FROM quay.io/fedora/fedora:41 as builder
 RUN dnf -y install rpm-ostree selinux-policy-targeted
 ARG MANIFEST=fedora-bootc.yaml
 COPY --from=repos /etc/dnf/vars /etc/dnf/vars

build.sh

@@ -0,0 +1,5 @@
+podman build \
+       --security-opt=label=disable \
+       --cap-add=all \
+       --device /dev/fuse \
+       -t localhost/fedora-bootc .

fedora-42.yaml

@@ -0,0 +1,6 @@
+# NB: This treefile is used by the legacy pungi path only to build tier-1. It
+# will be removed in the future.
+releasever: 42
+repos:
+  - fedora-devel
+include: fedora-bootc.yaml

fedora-generic.yaml

@@ -5,3 +5,5 @@ variables:
 packages:
   # https://gitlab.com/fedora/bootc/base-images/-/issues/12
   - fedora-repos-archive
+  # Not in RHEL10
+  - systemd-resolved

tier-0/bootupd.yaml

@@ -26,3 +26,8 @@ postprocess:
     set -xeuo pipefail
     # Transforms /usr/lib/ostree-boot into a bootupd-compatible update payload
     /usr/bin/bootupctl backend generate-update-metadata
+  - |
+    #!/bin/bash
+    # Workaround for https://issues.redhat.com/browse/RHEL-78104
+    set -xeuo pipefail
+    rm -vrf /usr/lib/ostree-boot/loader

tier-0/kernel-install.yaml

@@ -4,13 +4,10 @@ postprocess:
     #!/usr/bin/env bash
     set -xeuo pipefail
     source /usr/lib/os-release
-    # Check if the ID is Fedora and VERSION_ID is 42 or higher
-    if [[ "$ID" == "fedora" && "$VERSION_ID" -ge 42 ]]; then
-        echo -e "# kernel-install will not try to run dracut and allow rpm-ostree to\n\
+    echo -e "# kernel-install will not try to run dracut and allow rpm-ostree to\n\
     # take over. Rpm-ostree will use this to know that it is responsible\n\
     # to run dracut and ensure that there is only one kernel in the image\n\
     layout=ostree" | tee /usr/lib/kernel/install.conf > /dev/null
-    fi
     # By default dnf keeps multiple versions of the kernel, with this
     # configuration we tell dnf to treat the kernel as everything else.
     # https://dnf.readthedocs.io/en/latest/conf_ref.html#main-options

tier-1/coreos-user-experience.yaml

@@ -3,15 +3,8 @@
 packages:
   # Additional file compression/decompression
   - bzip2 zstd
-  # Improved MOTD experience
-  - console-login-helper-messages-issuegen
-  - console-login-helper-messages-profile
   # kdump support
   # https://github.com/coreos/fedora-coreos-tracker/issues/622
   - kexec-tools
-  # Container tooling
-  - toolbox
   # nvme-cli for managing nvme disks
   - nvme-cli
-  # Used by admins interactively
-  - lsof

tier-1/manifest.yaml

@@ -3,28 +3,18 @@ recommends: true
 
 include:
   - ../tier-x/manifest.yaml
-  - autoupdates.yaml
   - networking-tools.yaml
   - system-configuration.yaml
   - coreos-user-experience.yaml
   - persistent-journal.yaml
   - initramfs-full.yaml
-  - generic-growfs.yaml
 
 packages:
-  # Include and set the default editor
-  - nano
   - nfs-utils
   # Additional firewall support; we aren't including these in RHCOS or they
   # don't exist in RHEL
   - iptables-services
   - WALinuxAgent-udev
-  # Allow communication between sudo and SSSD
-  # for caching sudo rules by SSSD.
-  # https://github.com/coreos/fedora-coreos-tracker/issues/445
-  - libsss_sudo
-  # SSSD; we only ship a subset of the backends
-  - sssd-client sssd-ad sssd-ipa sssd-krb5 sssd-ldap
   # Used by admins interactively
   - openssl
   # Provides terminal tools like clear, reset, tput, and tset
@@ -34,19 +24,10 @@ packages:
   # zram-generator (but not zram-generator-defaults) for F33 change
   # https://github.com/coreos/fedora-coreos-tracker/issues/509
   - zram-generator
-  # This one is in Python so isn't in FCOS, but we can safely add it here.
-  - sos
 
 # These are random architecture-specific packages
-packages-x86_64:
-  - irqbalance
-packages-ppc64le:
-  - irqbalance
-  - librtas
-  - powerpc-utils-core
-  - ppc64-diag-rtas
-packages-aarch64:
-  - irqbalance
+packages-x86_64: []
+packages-aarch64: []
 
 postprocess:
   # Undo RPM scripts enabling units; we want the presets to be canonical

tier-1/system-configuration.yaml

@@ -3,9 +3,6 @@
 packages:
   # Explicit dep for RHEL >= 10
   - crypto-policies-scripts
-  # Configuring SSH keys, cloud provider check-in, etc
-  # TODO: needs Ignition kargs
-  # - afterburn afterburn-dracut
   # NTP support
   - chrony
   # Storage configuration/management
@@ -25,6 +22,3 @@ packages:
   # /etc/logrotate.d to work. Really, this is a legacy thing, but if we don't
   # have it then people's disks will slowly fill up with logs.
   - logrotate
-  # Boost starving threads
-  # https://github.com/coreos/fedora-coreos-tracker/issues/753
-  - stalld

tier-x/manifest.yaml

@@ -28,7 +28,6 @@ packages:
   - NetworkManager
   - openssh-clients
   - openssh-server
-  - systemd-resolved
   # linux-firmware now a recommends so let's explicitly include it
   # https://gitlab.com/cki-project/kernel-ark/-/commit/32271d0cd9bd52d386eb35497c4876a8f041f70b
   # https://src.fedoraproject.org/rpms/kernel/c/f55c3e9ed8605ff28cb9a922efbab1055947e213?branch=rawhide