Skip to content

Commit

Permalink
add fedora's scripts to our manifest
Browse files Browse the repository at this point in the history
  • Loading branch information
korewaChino committed Oct 6, 2024
1 parent 9bf1863 commit eba82d7
Show file tree
Hide file tree
Showing 5 changed files with 173 additions and 34 deletions.
3 changes: 2 additions & 1 deletion base-standalone/.dockerignore
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
*.tar*
*.ociarchive
*.ociarchive
.gitignore
3 changes: 2 additions & 1 deletion base-standalone/.gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@
/cache
*.tar
*.auth.json
images/
images/
*.ociarchive
44 changes: 44 additions & 0 deletions base-standalone/common/bootc-generic-growpart
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
#!/bin/bash
set -eu

backing_device=$(findmnt -vno SOURCE /sysroot)
echo "Backing device: ${backing_device}"

# Handling devicemapper targets is a whole other thing
case $backing_device in
/dev/mapper/*) echo "Not growing $backing_device"; exit 0 ;;
esac

syspath=/sys/class/block/$(basename "${backing_device}")
if ! test -d "${syspath}"; then
echo "failed to find backing device ${syspath}"; exit 1
fi



# Note that we expect that the rootfs is on a partition
partition=$(cat "${syspath}"/partition)

# Walk up to find the parent blockdev
parentpath=$(dirname "$(realpath "${syspath}")")
devmajmin=$(cat "${parentpath}"/dev)
parent="/dev/block/${devmajmin}"

# Grow the partition
tmpf=$(mktemp)
# Ignore errors because growpart exits 1 if nothing changed;
# we need to check the output for NOCHANGE:
if ! /usr/bin/growpart "${parent}" "${partition}" > "${tmpf}"; then
cat "${tmpf}"
if grep -qEe '^NOCHANGE: ' "${tmpf}"; then
exit 0
fi
echo "growpart failed"
exit 1
fi
cat "${tmpf}"
# Now, temporarily remount the sysroot writable in our mount namespace
mount -o remount,rw /sysroot
# And defer to systemd's growfs wrapper which handles dispatching on
# the target filesystem type.
/usr/lib/systemd/systemd-growfs /sysroot
20 changes: 20 additions & 0 deletions base-standalone/common/bootc-generic-growpart.service
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
[Unit]
Description=Bootc Fallback Root Filesystem Grow
Documentation=https://gitlab.com/fedora/bootc/docs
# For now we skip bare metal cases, and we also have nothing to do
# for containers.
ConditionVirtualization=vm
# This helps verify that we're running in a bootc/ostree based target.
ConditionPathIsMountPoint=/sysroot
# We want to run before any e.g. large container images might be pulled.
DefaultDependencies=no
Requires=sysinit.target
After=sysinit.target
Before=basic.target

[Service]
ExecStart=/usr/libexec/bootc-generic-growpart
# So we can temporarily remount the sysroot writable
MountFlags=slave
# Just to auto-cleanup our temporary files
PrivateTmp=yes
137 changes: 105 additions & 32 deletions base-standalone/common/common.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
boot-location: modules
selinux: true
cliwrap: true
cliwrap: false
readonly-executables: true
tmp-is-dir: true

Expand All @@ -20,9 +20,7 @@ default_target: graphical.target
groups:
- id: core
blacklist:
- dnf
- dnf-plugins-core
- yum
- grubby
- grubby-deprecated
- initial-setup
Expand Down Expand Up @@ -80,6 +78,8 @@ packages:
- vim # Let's install VIM anyway
- nano
- nano-default-editor
- dnf
- dnf-plugins-core
# Boot (TODO: Switch to systemd-boot)
#systemd-boot may be a bit tricky -jr
- bootupd
Expand All @@ -89,13 +89,46 @@ packages:
- rpmfusion-nonfree-release
- plocate
- ostree-grub2
- bootc
# Additional file compression/decompression
- bzip2 zstd
# Improved MOTD experience
- console-login-helper-messages-issuegen
- console-login-helper-messages-profile
# kdump support
# https://github.com/coreos/fedora-coreos-tracker/issues/622
- kexec-tools
# Container tooling
- toolbox
- distrobox
# nvme-cli for managing nvme disks
- nvme-cli
# Used by admins interactively
- lsof
# stuff for managing the system
- zram-generator
- htop
- btop
# Additional firewall support; we aren't including these in RHCOS or they
# don't exist in RHEL
- iptables-services
- WALinuxAgent-udev
- libsss_sudo
# SSSD; we only ship a subset of the backends
- sssd-client sssd-ad sssd-ipa sssd-krb5 sssd-ldap
# Used by admins interactively
- openssl
# Provides terminal tools like clear, reset, tput, and tset
- ncurses




packages-x86_64:
- mcelog
- microcode_ctl
- cmospwd
- intel-media-driver
- intel-media-driver
# For some reason, adding in this kmod causes the build to fail with rpmdb corruption
# - broadcom-wl
- grub2-pc
Expand All @@ -115,38 +148,78 @@ exclude-packages:
- generic-release
- grub2-ppc64le
- vim-default-editor # Because we use nano-default-editor, GNU nano is the default editor
- perl
- perl-interpreter
- nodejs
- grubby
- cowsay # Just in case
# Let's make sure initscripts doesn't get pulled back in
# https://github.com/coreos/fedora-coreos-tracker/issues/220#issuecomment-611566254
- initscripts
# Do not use legacy ifcfg config format in NetworkManager
# See https://github.com/coreos/fedora-coreos-config/pull/1991
- NetworkManager-initscripts-ifcfg-rh
# Let's not have both legacy and nft versions in the image. Users are free to
# also layer legacy themselves if they want.
- iptables-legacy


postprocess:
- |
#!/usr/bin/env bash
set -euo pipefail
target=/usr/lib/systemd/system/default.target.wants
mkdir -p $target
set -x
ln -s ../bootc-fetch-apply-updates.timer $target
# Undo RPM scripts enabling units; we want the presets to be canonical
# https://github.com/projectatomic/rpm-ostree/issues/1803
- |
#!/usr/bin/env bash
set -xeuo pipefail
rm -rf /etc/systemd/system/*
systemctl preset-all
rm -rf /etc/systemd/user/*
systemctl --user --global preset-all
# See: https://github.com/coreos/fedora-coreos-tracker/issues/1253
# https://bugzilla.redhat.com/show_bug.cgi?id=2112857
# https://github.com/coreos/rpm-ostree/issues/3918
# Temporary workaround to remove the SetGID binary from liblockfile that is
# pulled by the s390utils but not needed for /usr/sbin/zipl.
- |
#!/usr/bin/env bash
set -xeuo pipefail
rm -f /usr/bin/dotlockfile
- |
#!/bin/bash
set -euo pipefail
mkdir -p /usr/lib/systemd/system/local-fs.target.wants
ln -s ../bootc-generic-growpart.service /usr/lib/systemd/system/local-fs.target.wants/bootc-generic-growpart.service
# Taken from https://github.com/coreos/fedora-coreos-config/blob/aa4373201f415baff85701f7f96ab0583931af6c/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf#L5
# Hardcode persistent journal by default. journald has this "auto" behaviour
# that only makes logs persistent if `/var/log/journal` exists, which it won't
# on first boot because `/var` isn't fully populated. We should be able to get
# rid of this once we move to sysusers and create the dir in the initrd.
- | #!/bin/bash
mkdir -p /usr/lib/systemd/journald.conf.d/
cat >/usr/lib/systemd/journald.conf.d/10-centos-bootc-persistent.conf << EOF
[Journal]
Storage=persistent
EOF
- |
#!/usr/bin/env bash
mkdir -p /usr/lib/dracut/dracut.conf.d
cat > /usr/lib/dracut/dracut.conf.d/30-bootc-tier-1.conf << 'EOF'
add_dracutmodules+=" lvm crypt fips "
EOF
add-files:
- - bootc-generic-growpart
- /usr/libexec/bootc-generic-growpart
- - bootc-generic-growpart.service
- /usr/lib/systemd/system/bootc-generic-growpart.service


# Work around https://bugzilla.redhat.com/show_bug.cgi?id=1265295
# From https://github.com/coreos/fedora-coreos-config/blob/testing-devel/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf
install -dm0755 /usr/lib/systemd/journald.conf.d/
echo -e "[Journal]\nStorage=persistent" > /usr/lib/systemd/journald.conf.d/10-persistent.conf
# See: https://src.fedoraproject.org/rpms/glibc/pull-request/4
# Basically that program handles deleting old shared library directories
# mid-transaction, which never applies to rpm-ostree. This is structured as a
# loop/glob to avoid hardcoding (or trying to match) the architecture.
for x in /usr/sbin/glibc_post_upgrade.*; do
if test -f ${x}; then
ln -srf /usr/bin/true ${x}
fi
done
# Remove loader directory causing issues in Anaconda in unified core mode
# Will be obsolete once we start using bootupd
rm -rf /usr/lib/ostree-boot/loader
# # Undo RPM scripts enabling units; we want the presets to be canonical
# # https://github.com/projectatomic/rpm-ostree/issues/1803
# rm -rf /etc/systemd/system/*
# systemctl preset-all
# rm -rf /etc/systemd/user/*
# systemctl --user --global preset-all
# Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2218006
systemctl enable nfs-client.target
postprocess-script: "postprocess.sh"

0 comments on commit eba82d7

Please sign in to comment.