-
Notifications
You must be signed in to change notification settings - Fork 200
Expand file tree
/
Copy pathprovision-derived.sh
More file actions
executable file
·201 lines (185 loc) · 6.98 KB
/
provision-derived.sh
File metadata and controls
executable file
·201 lines (185 loc) · 6.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
#!/bin/bash
set -xeu
# I'm a big fan of nushell for interactive use, and I want to support
# using it in our test suite because it's better than bash. First,
# enable EPEL to get it.
cloudinit=0
case ${1:-} in
cloudinit) cloudinit=1 ;;
"") ;;
*) echo "Unhandled flag: ${1:-}" 1>&2; exit 1 ;;
esac
# Ensure this is pre-created
mkdir -p -m 0700 /var/roothome
mkdir -p ~/.config/nushell
echo '$env.config = { show_banner: false, }' > ~/.config/nushell/config.nu
touch ~/.config/nushell/env.nu
# We don't want openh264
rm -f "/etc/yum.repos.d/fedora-cisco-openh264.repo"
. /usr/lib/os-release
case "${ID}-${VERSION_ID}" in
"centos-9")
dnf config-manager --set-enabled crb
dnf -y install epel-release epel-next-release
dnf -y install nu
;;
"rhel-9."*)
dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
dnf -y install nu
;;
"centos-10"|"rhel-10."*)
# nu is not available in CS10
td=$(mktemp -d)
cd $td
curl -kL "https://github.com/nushell/nushell/releases/download/0.103.0/nu-0.103.0-$(uname -m)-unknown-linux-gnu.tar.gz" --output nu.tar.gz
mkdir -p nu && tar zvxf nu.tar.gz --strip-components=1 -C nu
mv nu/nu /usr/bin/nu
rm -rf nu nu.tar.gz
cd -
rm -rf "${td}"
;;
"fedora-"*)
dnf -y install nu
;;
esac
# Extra packages we install
grep -Ev -e '^#' packages.txt | xargs dnf install --allowerasing -y
# Cloud bits
cat <<KARGEOF >> /usr/lib/bootc/kargs.d/20-console.toml
kargs = ["console=ttyS0,115200n8"]
KARGEOF
if test $cloudinit = 1; then
dnf -y install cloud-init
ln -s ../cloud-init.target /usr/lib/systemd/system/default.target.wants
# Allow root SSH login for testing with bcvk/tmt
mkdir -p /etc/cloud/cloud.cfg.d
cat > /etc/cloud/cloud.cfg.d/80-enable-root.cfg <<'CLOUDEOF'
# Enable root login for testing
disable_root: false
# In image mode, the host root filesystem is mounted at /sysroot, not /
# That is the one we should attempt to resize, not what is mounted at /
growpart:
mode: auto
devices: ["/sysroot"]
resize_rootfs: false
CLOUDEOF
fi
# Temporary: update bootupd from @CoreOS/continuous copr until
# base images include a version supporting --filesystem
. /usr/lib/os-release
case $ID in
fedora) copr_distro="fedora" ;;
*) copr_distro="centos-stream" ;;
esac
# Update bootc from rhcontainerbot copr; the new bootupd
# requires a newer bootc than what ships in some base images.
cat >/etc/yum.repos.d/rhcontainerbot-bootc.repo <<REPOEOF
[copr:copr.fedorainfracloud.org:rhcontainerbot:bootc]
name=Copr repo for bootc owned by rhcontainerbot
baseurl=https://download.copr.fedorainfracloud.org/results/rhcontainerbot/bootc/${copr_distro}-\$releasever-\$basearch/
type=rpm-md
skip_if_unavailable=True
gpgcheck=1
gpgkey=https://download.copr.fedorainfracloud.org/results/rhcontainerbot/bootc/pubkey.gpg
repo_gpgcheck=0
enabled=1
enabled_metadata=1
REPOEOF
dnf -y update bootc
rm -f /etc/yum.repos.d/rhcontainerbot-bootc.repo
cat >/etc/yum.repos.d/coreos-continuous.repo <<REPOEOF
[copr:copr.fedorainfracloud.org:group_CoreOS:continuous]
name=Copr repo for continuous owned by @CoreOS
baseurl=https://download.copr.fedorainfracloud.org/results/@CoreOS/continuous/${copr_distro}-\$releasever-\$basearch/
type=rpm-md
skip_if_unavailable=True
gpgcheck=1
gpgkey=https://download.copr.fedorainfracloud.org/results/@CoreOS/continuous/pubkey.gpg
repo_gpgcheck=0
enabled=1
enabled_metadata=1
REPOEOF
# This unfortunately has "older" versions with higher NEVRA:
#
# # dnf --disablerepo=* --enablerepo=copr:copr.fedorainfracloud.org:group_CoreOS:continuous repoquery bootupd 2> /dev/null
# bootupd-0:0.2.32.45.gb483a63-1.fc45.x86_64
# bootupd-0:202501200321.0.2.25.65.ge296f82-1.fc42.src
# bootupd-0:202501200321.0.2.25.65.ge296f82-1.fc42.x86_64
# bootupd-0:202501210627.0.2.25.67.gefe41b6-1.fc42.src
#
# So we need to be more selective, but also be dynamic to grab newer
# versions
#
# The subscription-manager plugin needs to be disabled because it
# likes to write warnings to stdout which corrupts the NEVRA output
# we're going for here...
bootupd_nevra=$(dnf --disableplugin=subscription-manager --disablerepo=* --enablerepo=copr:copr.fedorainfracloud.org:group_CoreOS:continuous repoquery --latest-limit 1 --arch "$(uname -m)" "bootupd-0.2.*")
dnf -y install ${bootupd_nevra}
rm -f /etc/yum.repos.d/coreos-continuous.repo
dnf clean all
# Stock extra cleaning of logs and caches in general (mostly dnf)
rm /var/log/* /var/cache /var/lib/{dnf,rpm-state,rhsm} -rf
# And clean root's homedir
rm /var/roothome/.config -rf
cat >/usr/lib/tmpfiles.d/bootc-cloud-init.conf <<'EOF'
d /var/lib/cloud 0755 root root - -
EOF
# Fast track tmpfiles.d content from the base image, xref
# https://gitlab.com/fedora/bootc/base-images/-/merge_requests/92
if test '!' -f /usr/lib/tmpfiles.d/bootc-base-rpmstate.conf; then
cat >/usr/lib/tmpfiles.d/bootc-base-rpmstate.conf <<'EOF'
# Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=771713
d /var/lib/rpm-state 0755 - - -
EOF
fi
if ! grep -q -r var/roothome/buildinfo /usr/lib/tmpfiles.d; then
cat > /usr/lib/tmpfiles.d/bootc-contentsets.conf <<'EOF'
# Workaround for https://github.com/konflux-ci/build-tasks-dockerfiles/pull/243
d /var/roothome/buildinfo 0755 - - -
d /var/roothome/buildinfo/content_manifests 0755 - - -
# Note we don't actually try to recreate the content; this just makes the linter ignore it
f /var/roothome/buildinfo/content_manifests/content-sets.json 0644 - - -
EOF
fi
# And add missing sysusers.d entries
if ! grep -q -r sudo /usr/lib/sysusers.d; then
cat >/usr/lib/sysusers.d/bootc-sudo-workaround.conf <<'EOF'
g sudo 16
EOF
fi
# dhcpcd
if rpm -q dhcpcd &>/dev/null; then
if ! grep -q -r dhcpcd /usr/lib/sysusers.d; then
cat >/usr/lib/sysusers.d/bootc-dhcpcd-workaround.conf <<'EOF'
u dhcpcd - 'Minimalistic DHCP client' /var/lib/dhcpcd
EOF
fi
cat >/usr/lib/tmpfiles.d/bootc-dhcpd.conf <<'EOF'
d /var/lib/dhcpcd 0755 root dhcpcd - -
EOF
rm -rf /var/lib/dhcpcd
fi
# dhclient
if test -d /var/lib/dhclient; then
cat >/usr/lib/tmpfiles.d/bootc-dhclient.conf <<'EOF'
d /var/lib/dhclient 0755 root root - -
EOF
rm -rf /var/lib/dhclient
fi
# The following configs are skipped when SKIP_CONFIGS=1, which is used
# for testing bootc install on Fedora CoreOS where these would conflict.
if test -z "${SKIP_CONFIGS:-}"; then
# For test-22-logically-bound-install
install -D -m 0644 -t /usr/share/containers/systemd/ lbi/*
for x in curl.container curl-base.image podman.image; do
ln -s /usr/share/containers/systemd/$x /usr/lib/bootc/bound-images.d/$x
done
# Add some testing kargs into our dev builds
install -D -t /usr/lib/bootc/kargs.d test-kargs/*
# Also copy in some default install configs we use for testing
install -D -t /usr/lib/bootc/install/ install-test-configs/*
# Install os-image-map.json for tests that need to select OS-matched images
install -D -m 0644 os-image-map.json /usr/share/bootc/os-image-map.json
else
echo "SKIP_CONFIGS is set, skipping LBIs, test kargs, and install configs"
fi