From 54cd3ebbe31f5b0735452d1b9a78e7760b485653 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 16 Apr 2024 17:11:36 -0400 Subject: [PATCH 1/6] c9s: Just use production compose I noticed we weren't getting updates and I think the core problem here is renovate was only triggering on the devel compose. But we just "floated" to whatever was found in the production compose as a base. Also we had a random copr. Drop that stuff, and just pin on the production compose. --- c9s-devel-compose.repo | 35 ----------------------------------- c9s.repo | 8 ++++---- centos-stream-9.yaml | 12 ------------ copr-walters-fasttracks.repo | 10 ---------- renovate.json | 6 +++--- 5 files changed, 7 insertions(+), 64 deletions(-) delete mode 100644 c9s-devel-compose.repo delete mode 100644 copr-walters-fasttracks.repo diff --git a/c9s-devel-compose.repo b/c9s-devel-compose.repo deleted file mode 100644 index c7062e53..00000000 --- a/c9s-devel-compose.repo +++ /dev/null @@ -1,35 +0,0 @@ -[baseos-devel] -name=CentOS Stream 9 development - BaseOS -baseurl=https://composes.stream.centos.org/development/CentOS-Stream-9-20240304.d.0/compose/BaseOS/$basearch/os -gpgcheck=0 -repo_gpgcheck=0 -enabled=1 -gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Testing -priority=1000 - -[appstream-devel] -name=CentOS Stream 9 development - AppStream -baseurl=https://composes.stream.centos.org/development/CentOS-Stream-9-20240304.d.0/compose/AppStream/$basearch/os -gpgcheck=0 -repo_gpgcheck=0 -enabled=1 -gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Testing -priority=1000 - -[nfv-devel] -name=CentOS Stream 9 development - NFV -baseurl=https://composes.stream.centos.org/development/CentOS-Stream-9-20240304.d.0/compose/NFV/$basearch/os -gpgcheck=0 -repo_gpgcheck=0 -enabled=1 -gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Testing -priority=1000 - -[rt-devel] -name=CentOS Stream 9 development - RT -baseurl=https://composes.stream.centos.org/development/CentOS-Stream-9-20240304.d.0/compose/RT/$basearch/os -gpgcheck=0 -repo_gpgcheck=0 -enabled=1 -gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Testing -priority=1000 diff --git a/c9s.repo b/c9s.repo index 0becf9c2..67e8ab89 100644 --- a/c9s.repo +++ b/c9s.repo @@ -1,6 +1,6 @@ [baseos] name=CentOS Stream 9 - BaseOS -baseurl=http://mirror.stream.centos.org/9-stream/BaseOS/$basearch/os +baseurl=https://composes.stream.centos.org/production/CentOS-Stream-9-20240415.0/compose/BaseOS/$basearch/os gpgcheck=1 repo_gpgcheck=0 enabled=1 @@ -8,7 +8,7 @@ gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Officia [appstream] name=CentOS Stream 9 - AppStream -baseurl=http://mirror.stream.centos.org/9-stream/AppStream/$basearch/os +baseurl=https://composes.stream.centos.org/production/CentOS-Stream-9-20240415.0/compose/AppStream/$basearch/os gpgcheck=1 repo_gpgcheck=0 enabled=1 @@ -16,7 +16,7 @@ gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Officia [nfv] name=CentOS Stream 9 - NFV -baseurl=http://mirror.stream.centos.org/9-stream/NFV/$basearch/os +baseurl=https://composes.stream.centos.org/production/CentOS-Stream-9-20240415.0/compose/NFV/$basearch/os gpgcheck=1 repo_gpgcheck=0 enabled=1 @@ -24,7 +24,7 @@ gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Officia [rt] name=CentOS Stream 9 - RT -baseurl=http://mirror.stream.centos.org/9-stream/RT/$basearch/os +baseurl=https://composes.stream.centos.org/production/CentOS-Stream-9-20240415.0/compose/RT/$basearch/os gpgcheck=1 repo_gpgcheck=0 enabled=1 diff --git a/centos-stream-9.yaml b/centos-stream-9.yaml index d378478c..751dbe58 100644 --- a/centos-stream-9.yaml +++ b/centos-stream-9.yaml @@ -5,15 +5,3 @@ variables: repos: - baseos - appstream - # And pull in the devel composes optionally to faster track things; - # TODO make a container that tracks this too - - baseos-devel - - appstream-devel - # ONLY things here to be faster than the devel composes - - copr-fedora-bootc-fasttracks - -repo-packages: - - repo: appstream-devel - packages: - - bootc - - bootupd diff --git a/copr-walters-fasttracks.repo b/copr-walters-fasttracks.repo deleted file mode 100644 index 20233225..00000000 --- a/copr-walters-fasttracks.repo +++ /dev/null @@ -1,10 +0,0 @@ -[copr-fedora-bootc-fasttracks] -name=Copr repo for fedora-bootc-fasttracks owned by walters -baseurl=https://download.copr.fedorainfracloud.org/results/walters/fedora-bootc-fasttracks/centos-stream-9-$basearch/ -type=rpm-md -skip_if_unavailable=True -gpgcheck=1 -gpgkey=https://download.copr.fedorainfracloud.org/results/walters/fedora-bootc-fasttracks/pubkey.gpg -repo_gpgcheck=0 -enabled=1 -enabled_metadata=1 diff --git a/renovate.json b/renovate.json index 09edc9cd..c707360a 100644 --- a/renovate.json +++ b/renovate.json @@ -5,7 +5,7 @@ ], "customDatasources": { "c9s-compose": { - "defaultRegistryUrlTemplate": "https://composes.stream.centos.org/development/", + "defaultRegistryUrlTemplate": "https://composes.stream.centos.org/production/", "format": "html" } }, @@ -13,11 +13,11 @@ { "customType": "regex", "fileMatch": [ - "c9s-devel-compose.repo", + "c9s.repo", "centos-bootc-config.json" ], "matchStrings": [ - "https://composes.stream.centos.org/development/(?.*)/compose/(.*)", + "https://composes.stream.centos.org/production/(?.*)/compose/(.*)", "\"redhat.compose-id\": \"(?.*)\"" ], "datasourceTemplate": "custom.c9s-compose", From 7d361eae2231b644efcfd05c8a7ba929d86e4a27 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 16 Apr 2024 17:30:07 -0400 Subject: [PATCH 2/6] fedora.repo: Drop trailing whitespace The precommit is a bit annoying. Signed-off-by: Colin Walters --- fedora.repo | 1 - 1 file changed, 1 deletion(-) diff --git a/fedora.repo b/fedora.repo index 6450124a..373d78ca 100644 --- a/fedora.repo +++ b/fedora.repo @@ -100,4 +100,3 @@ type=rpm gpgcheck=1 gpgkey=file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-$releasever-primary skip_if_unavailable=False - From eb71457f6f3a80ac6c0f14b1e4c050fe9022b8ac Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 18 Apr 2024 16:17:04 -0400 Subject: [PATCH 3/6] build: Rename centos-bootc.yaml to centos-stream-9-tier-1.yaml When we went back to the "one big image" model we simplified things to just `centos-bootc.yaml`. But since stream10 is here, and I think we do want to revisit having smaller images, let's rename it back. Signed-off-by: Colin Walters --- .tekton/centos-bootc-pull-request.yaml | 2 +- .tekton/centos-bootc-push.yaml | 2 +- Containerfile.centos-stream9 | 2 +- centos-bootc.yaml => centos-stream-9-tier1.yaml | 0 4 files changed, 3 insertions(+), 3 deletions(-) rename centos-bootc.yaml => centos-stream-9-tier1.yaml (100%) diff --git a/.tekton/centos-bootc-pull-request.yaml b/.tekton/centos-bootc-pull-request.yaml index 29305cb3..c9e8c0e3 100644 --- a/.tekton/centos-bootc-pull-request.yaml +++ b/.tekton/centos-bootc-pull-request.yaml @@ -19,7 +19,7 @@ metadata: spec: params: - name: image-file - value: centos-bootc.yaml + value: centos-stream-9-tier1.yaml - name: git-url value: "{{repo_url}}" - name: output-image diff --git a/.tekton/centos-bootc-push.yaml b/.tekton/centos-bootc-push.yaml index f40de21e..4db955a4 100644 --- a/.tekton/centos-bootc-push.yaml +++ b/.tekton/centos-bootc-push.yaml @@ -19,7 +19,7 @@ metadata: spec: params: - name: image-file - value: centos-bootc.yaml + value: centos-stream-9-tier1.yaml - name: git-url value: "{{repo_url}}" - name: output-image diff --git a/Containerfile.centos-stream9 b/Containerfile.centos-stream9 index 556bced2..4bdf46b4 100644 --- a/Containerfile.centos-stream9 +++ b/Containerfile.centos-stream9 @@ -26,7 +26,7 @@ FROM quay.io/centos/centos:stream9 as repos FROM quay.io/centos-bootc/bootc-image-builder:latest as builder -ARG MANIFEST=centos-bootc.yaml +ARG MANIFEST=centos-stream-9-tier1.yaml # XXX: we should just make sure our in-tree c9s repo points to the c9s paths and doesn't require vars to avoid these steps entirely COPY --from=repos /etc/dnf/vars /etc/dnf/vars COPY --from=repos /etc/yum.repos.d/centos.repo c9s.repo diff --git a/centos-bootc.yaml b/centos-stream-9-tier1.yaml similarity index 100% rename from centos-bootc.yaml rename to centos-stream-9-tier1.yaml From cfafc9e78a0c9cbdb016113edd6a5dd35d87ab8b Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 18 Apr 2024 17:08:07 -0400 Subject: [PATCH 4/6] Only set default filesystem to XFS in CentOS Fedora default filesystem is a messier situation. This makes it easier to inherit Fedora builds. Signed-off-by: Colin Walters --- centos-stream-10.yaml | 5 ++--- centos-stream-9.yaml | 5 ++--- centos-stream-common.yaml | 14 ++++++++++++++ tier-0/bootc-config.yaml | 10 ---------- tier-0/manifest.yaml | 1 - 5 files changed, 18 insertions(+), 17 deletions(-) create mode 100644 centos-stream-common.yaml diff --git a/centos-stream-10.yaml b/centos-stream-10.yaml index 124acb86..899ed3ee 100644 --- a/centos-stream-10.yaml +++ b/centos-stream-10.yaml @@ -2,6 +2,5 @@ releasever: stream10 variables: distro: "stream10" -repos: - - baseos - - appstream +include: + - centos-stream-common.yaml diff --git a/centos-stream-9.yaml b/centos-stream-9.yaml index 751dbe58..744f8733 100644 --- a/centos-stream-9.yaml +++ b/centos-stream-9.yaml @@ -2,6 +2,5 @@ releasever: stream9 variables: distro: "stream9" -repos: - - baseos - - appstream +include: + - centos-stream-common.yaml diff --git a/centos-stream-common.yaml b/centos-stream-common.yaml new file mode 100644 index 00000000..16c09812 --- /dev/null +++ b/centos-stream-common.yaml @@ -0,0 +1,14 @@ +repos: + - baseos + - appstream + +# Configuration for bootc +postprocess: + # XFS is our default filesystem + - | + #!/usr/bin/env bash + mkdir -p /usr/lib/bootc/install/ + cat > /usr/lib/bootc/install/20-rhel.toml << EOF + [install] + root-fs-type = "xfs" + EOF diff --git a/tier-0/bootc-config.yaml b/tier-0/bootc-config.yaml index f885d915..e69de29b 100644 --- a/tier-0/bootc-config.yaml +++ b/tier-0/bootc-config.yaml @@ -1,10 +0,0 @@ -# Configuration for bootc -postprocess: - # XFS is our default filesystem - - | - #!/usr/bin/env bash - mkdir -p /usr/lib/bootc/install/ - cat > /usr/lib/bootc/install/20-rhel.toml << EOF - [install] - root-fs-type = "xfs" - EOF diff --git a/tier-0/manifest.yaml b/tier-0/manifest.yaml index 007f6d7e..8da4235b 100644 --- a/tier-0/manifest.yaml +++ b/tier-0/manifest.yaml @@ -51,7 +51,6 @@ remove-from-packages: include: - bootc.yaml - ostree.yaml - - bootc-config.yaml - initramfs.yaml - autoupdates.yaml - basic-fixes.yaml From 77ec4be7278473a09ef1b4dd346c3b71d0b6b64d Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 18 Apr 2024 17:35:51 -0400 Subject: [PATCH 5/6] Add Containerfile.fedora-40 Let's build this again. --- .github/workflows/build-image.yml | 2 ++ Containerfile.fedora-40 | 40 +++++++++++++++++++++++++++++++ fedora-bootc.yaml | 4 ++-- 3 files changed, 44 insertions(+), 2 deletions(-) create mode 100644 Containerfile.fedora-40 diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml index fab2fc9d..b1450bf2 100644 --- a/.github/workflows/build-image.yml +++ b/.github/workflows/build-image.yml @@ -18,6 +18,8 @@ jobs: version: stream9 - os: centos version: stream10 + - os: fedora + version: 40 steps: - name: Update podman diff --git a/Containerfile.fedora-40 b/Containerfile.fedora-40 new file mode 100644 index 00000000..840fd8d4 --- /dev/null +++ b/Containerfile.fedora-40 @@ -0,0 +1,40 @@ +# This container build uses some special features of podman that allow +# a process executing as part of a container build to generate a new container +# image "from scratch". +# +# This container build uses nested containerization, so you must build with e.g. +# podman build --security-opt=label=disable --cap-add=all --device /dev/fuse <...> +# +# # Why are we doing this? +# +# Today this base image build process uses rpm-ostree. There is a lot of things that +# rpm-ostree does when generating a container image...but important parts include: +# +# - auto-updating labels in the container metadata +# - Generating "chunked" content-addressed reproducible image layers (notice +# how there are ~60 layers in the generated image) +# +# The latter bit in particular is currently impossible to do from Containerfile. +# A future goal is adding some support for this in a way that can be honored by +# buildah (xref https://github.com/containers/podman/discussions/12605) +# +# # Why does this build process require additional privileges? +# +# Because it's generating a base image and uses containerbuildcontextization features itself. +# In the future some of this can be lifted. + +FROM quay.io/fedora/fedora:40 as repos + +FROM quay.io/centos-bootc/bootc-image-builder:latest as builder +ARG MANIFEST=fedora-bootc.yaml +COPY --from=repos /etc/dnf/vars /etc/dnf/vars +COPY --from=repos /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-* /etc/pki/rpm-gpg +COPY . /src +RUN rm -vf /src/*.repo +COPY --from=repos /etc/yum.repos.d/*.repo /src +RUN --mount=type=cache,target=/workdir --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared rpm-ostree compose image --cachedir=/workdir --format=ociarchive --initialize /src/${MANIFEST} /buildcontext/out.ociarchive + +FROM oci-archive:./out.ociarchive +# Need to reference builder here to force ordering. But since we have to run +# something anyway, we might as well cleanup after ourselves. +RUN --mount=type=bind,from=builder,src=.,target=/var/tmp --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared rm /buildcontext/out.ociarchive diff --git a/fedora-bootc.yaml b/fedora-bootc.yaml index e4cabcd0..bef362d6 100644 --- a/fedora-bootc.yaml +++ b/fedora-bootc.yaml @@ -3,8 +3,8 @@ variables: distro: "fedora" repos: - - fedora-devel - - fedora-updates + - fedora + - updates metadata: name: fedora-boot-tier1 From 203ce2a72f30588698d3ae8a077bc723125fabd8 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 19 Apr 2024 07:31:50 -0400 Subject: [PATCH 6/6] build: Pass --image-config Oops. --- Containerfile.centos-stream10 | 5 +++-- Containerfile.centos-stream9 | 3 ++- Containerfile.fedora-40 | 3 ++- fedora-bootc-config.json | 9 +++++++++ 4 files changed, 16 insertions(+), 4 deletions(-) create mode 100644 fedora-bootc-config.json diff --git a/Containerfile.centos-stream10 b/Containerfile.centos-stream10 index e80a854d..1524953e 100644 --- a/Containerfile.centos-stream10 +++ b/Containerfile.centos-stream10 @@ -12,8 +12,9 @@ COPY --from=repos /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial /etc/pki/rpm-gpg # rpm-ostree doesn't honor /etc/dnf/vars right now RUN for n in $(ls /etc/dnf/vars); do v=$(cat /etc/dnf/vars/$n); sed -ie s,\$${n},$v, c10s.repo; done RUN --mount=type=cache,target=/workdir --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared \ - cp -a /buildcontext /src && rm -vf /src/*.repo && cp -a c10s.repo /src && ls -al /src &&\ - rpm-ostree compose image --cachedir=/workdir --format=ociarchive --initialize /src/${MANIFEST} /buildcontext/out.ociarchive + cp -a /buildcontext /src && rm -vf /src/*.repo && cp -a c10s.repo /src && ls -al /src && \ + rpm-ostree compose image --image-config /buildcontext/centos-bootc-config.json \ + --cachedir=/workdir --format=ociarchive --initialize /src/${MANIFEST} /buildcontext/out.ociarchive FROM oci-archive:./out.ociarchive # Need to reference builder here to force ordering. But since we have to run diff --git a/Containerfile.centos-stream9 b/Containerfile.centos-stream9 index 4bdf46b4..8ca6fcad 100644 --- a/Containerfile.centos-stream9 +++ b/Containerfile.centos-stream9 @@ -33,7 +33,8 @@ COPY --from=repos /etc/yum.repos.d/centos.repo c9s.repo COPY --from=repos /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial /etc/pki/rpm-gpg # rpm-ostree doesn't honor /etc/dnf/vars right now RUN for n in $(ls /etc/dnf/vars); do v=$(cat /etc/dnf/vars/$n); sed -ie s,\$${n},$v, c9s.repo; done -RUN --mount=type=cache,target=/workdir --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared rpm-ostree compose image --cachedir=/workdir --format=ociarchive --initialize /buildcontext/${MANIFEST} /buildcontext/out.ociarchive +RUN --mount=type=cache,target=/workdir --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared \ + rpm-ostree compose image --image-config /buildcontext/centos-bootc-config.json --cachedir=/workdir --format=ociarchive --initialize /buildcontext/${MANIFEST} /buildcontext/out.ociarchive FROM oci-archive:./out.ociarchive # Need to reference builder here to force ordering. But since we have to run diff --git a/Containerfile.fedora-40 b/Containerfile.fedora-40 index 840fd8d4..bf17e0fa 100644 --- a/Containerfile.fedora-40 +++ b/Containerfile.fedora-40 @@ -32,7 +32,8 @@ COPY --from=repos /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-* /etc/pki/rpm-gpg COPY . /src RUN rm -vf /src/*.repo COPY --from=repos /etc/yum.repos.d/*.repo /src -RUN --mount=type=cache,target=/workdir --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared rpm-ostree compose image --cachedir=/workdir --format=ociarchive --initialize /src/${MANIFEST} /buildcontext/out.ociarchive +RUN --mount=type=cache,target=/workdir --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared rpm-ostree compose image \ + --image-config /buildcontext/fedora-bootc-config.json --cachedir=/workdir --format=ociarchive --initialize /src/${MANIFEST} /buildcontext/out.ociarchive FROM oci-archive:./out.ociarchive # Need to reference builder here to force ordering. But since we have to run diff --git a/fedora-bootc-config.json b/fedora-bootc-config.json new file mode 100644 index 00000000..f5429f9b --- /dev/null +++ b/fedora-bootc-config.json @@ -0,0 +1,9 @@ +{ + "Labels": { + "containers.bootc": "1", + "bootc.diskimage-builder": "quay.io/centos-bootc/bootc-image-builder", + "redhat.id": "fedora", + "redhat.version-id": "40" + }, + "StopSignal": "SIGRTMIN+3" +}