include: - manifest-tier-0.yaml - bootable-rpm-ostree.yaml - dnf.yaml - firmware.yaml - networking-tools.yaml - system-configuration.yaml - user-experience.yaml - fwupd.yaml - persistent-journal.yaml packages: # Include and set the default editor - nano - fuse-overlayfs slirp4netns # support for old style CNI networks and name resolution for # podman containers with CNI networks # https://github.com/coreos/fedora-coreos-tracker/issues/519 # https://github.com/coreos/fedora-coreos-tracker/issues/1128#issuecomment-1071338097 - containernetworking-plugins podman-plugins dnsmasq # For podman v4 netavark gets pulled in but it only recommends # aardvark-dns (which provides name resolution based on container # names). This functionality was previously provided by dnsname from # podman-plugins in the podman v3 stack. # See https://github.com/containers/netavark/pull/217 - aardvark-dns # Since we need `containernetworking-plugins` installed to continue # to support CNI networks we need to also explicitly install # `netavark` so we get both of them installed since both of them # provide `container-network-stack`. # https://github.com/coreos/fedora-coreos-tracker/issues/1128#issuecomment-1071458717 - netavark # Minimal NFS client - nfs-utils-coreos # Additional firewall support; we aren't including these in RHCOS or they # don't exist in RHEL - iptables-nft iptables-services - WALinuxAgent-udev # Allow communication between sudo and SSSD # for caching sudo rules by SSSD. # https://github.com/coreos/fedora-coreos-tracker/issues/445 - libsss_sudo # SSSD; we only ship a subset of the backends - sssd-client sssd-ad sssd-ipa sssd-krb5 sssd-ldap # Used by admins interactively - attr - openssl - lsof # Provides terminal tools like clear, reset, tput, and tset - ncurses # Improved MOTD experience - console-login-helper-messages-motdgen # i18n - kbd # zram-generator (but not zram-generator-defaults) for F33 change # https://github.com/coreos/fedora-coreos-tracker/issues/509 - zram-generator # resolved was broken out to its own package in rawhide/f35 - systemd-resolved # Include the qemu-user-static-x86 package on aarch64 and s390x FCOS images # to allow access to the large inventory of containers only built for x86_64. # https://github.com/coreos/fedora-coreos-tracker/issues/1237 packages-x86_64: - irqbalance packages-ppc64le: - irqbalance - librtas - powerpc-utils-core - ppc64-diag-rtas packages-aarch64: - irqbalance - qemu-user-static-x86 packages-s390x: - qemu-user-static-x86 postprocess: # Undo RPM scripts enabling units; we want the presets to be canonical # https://github.com/projectatomic/rpm-ostree/issues/1803 - | #!/usr/bin/env bash set -xeuo pipefail rm -rf /etc/systemd/system/* systemctl preset-all rm -rf /etc/systemd/user/* systemctl --user --global preset-all # Default to iptables-nft. Otherwise, legacy wins. We can drop this once/if we # remove iptables-legacy. This is needed because alternatives don't work # https://github.com/coreos/fedora-coreos-tracker/issues/677 # https://github.com/coreos/fedora-coreos-tracker/issues/676 - | #!/usr/bin/env bash set -xeuo pipefail ln -sf /usr/sbin/ip6tables-nft /etc/alternatives/ip6tables ln -sf /usr/sbin/ip6tables-nft-restore /etc/alternatives/ip6tables-restore ln -sf /usr/sbin/ip6tables-nft-save /etc/alternatives/ip6tables-save ln -sf /usr/sbin/iptables-nft /etc/alternatives/iptables ln -sf /usr/sbin/iptables-nft-restore /etc/alternatives/iptables-restore ln -sf /usr/sbin/iptables-nft-save /etc/alternatives/iptables-save # See: https://github.com/coreos/fedora-coreos-tracker/issues/1253 # https://bugzilla.redhat.com/show_bug.cgi?id=2112857 # https://github.com/coreos/rpm-ostree/issues/3918 # Temporary workaround to remove the SetGID binary from liblockfile that is # pulled by the s390utils but not needed for /usr/sbin/zipl. - | #!/usr/bin/env bash set -xeuo pipefail rm -f /usr/bin/dotlockfile # Things we don't expect to ship on the host. We currently # have recommends: false so these could only come in via # hard requirement, in which case the build will fail. exclude-packages: - perl - perl-interpreter - nodejs - grubby - cowsay # Just in case # Let's make sure initscripts doesn't get pulled back in # https://github.com/coreos/fedora-coreos-tracker/issues/220#issuecomment-611566254 - initscripts # For (datacenter/cloud oriented) servers, we want to see the details by default. # https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/HSMISZ3ETWQ4ETVLWZQJ55ARZT27AAV3/ - plymouth # Do not use legacy ifcfg config format in NetworkManager # See https://github.com/coreos/fedora-coreos-config/pull/1991 - NetworkManager-initscripts-ifcfg-rh