diff --git a/SOURCES/ostree-bootloader-backend.patch b/SOURCES/ostree-bootloader-backend.patch new file mode 100644 index 0000000..5287463 --- /dev/null +++ b/SOURCES/ostree-bootloader-backend.patch @@ -0,0 +1,75 @@ +From 7ec305a343c48444678416bc187cd7c2ab54e26d Mon Sep 17 00:00:00 2001 +From: Christian Kellner +Date: Thu, 9 Sep 2021 11:03:12 +0200 +Subject: [PATCH 1/2] ostree.config: add `bootloader` config option + +Ability to set the bootloader backend that OSTree should use. NB: +normally this should be set to `none` since in modern distros and +bootloaders the BLS is used and the BLS snippets are generated on +`none` but none of the of the specific bootloader tools are run, +like `grub2-mkconfig` for grub. + +Update the fedora image manifest to use that config setting. +--- + stages/org.osbuild.ostree.config | 8 ++++++++ + test/data/manifests/fedora-ostree-image.json | 3 ++- + test/data/manifests/fedora-ostree-image.mpp.json | 3 ++- + 3 files changed, 12 insertions(+), 2 deletions(-) + +diff --git a/stages/org.osbuild.ostree.config b/stages/org.osbuild.ostree.config +index 5dc378c..4bd25c4 100755 +--- a/stages/org.osbuild.ostree.config ++++ b/stages/org.osbuild.ostree.config +@@ -5,6 +5,9 @@ Change OSTree configuration + Change the configuration for an OSTree repository. + Currently only the following values are supported: + - `sysroot.readonly` ++ - `sysroot.bootloader` ++ ++See `ostree.repo-config(5)` for more information. + """ + + import os +@@ -32,6 +35,11 @@ SCHEMA = """ + "additionalProperties": false, + "description": "Options concerning the sysroot", + "properties": { ++ "bootloader": { ++ "description": "Configure the bootloader that OSTree uses (use 'none' for BLS).", ++ "type": "string", ++ "enum": ["none", "auto", "grub2", "syslinux", "uboot", "zipl"] ++ }, + "readonly": { + "description": "Read only sysroot and boot", + "type": "boolean" +diff --git a/test/data/manifests/fedora-ostree-image.json b/test/data/manifests/fedora-ostree-image.json +index 2562dab..2e6e716 100644 +--- a/test/data/manifests/fedora-ostree-image.json ++++ b/test/data/manifests/fedora-ostree-image.json +@@ -870,7 +870,8 @@ + "repo": "/ostree/repo", + "config": { + "sysroot": { +- "readonly": true ++ "readonly": true, ++ "bootloader": "none" + } + } + } +diff --git a/test/data/manifests/fedora-ostree-image.mpp.json b/test/data/manifests/fedora-ostree-image.mpp.json +index bab2eb4..689cbf0 100644 +--- a/test/data/manifests/fedora-ostree-image.mpp.json ++++ b/test/data/manifests/fedora-ostree-image.mpp.json +@@ -282,7 +282,8 @@ + "repo": "/ostree/repo", + "config": { + "sysroot": { +- "readonly": true ++ "readonly": true, ++ "bootloader": "none" + } + } + } +-- +2.31.1 + diff --git a/SOURCES/rhsm-none-check.patch b/SOURCES/rhsm-none-check.patch new file mode 100644 index 0000000..883a1a6 --- /dev/null +++ b/SOURCES/rhsm-none-check.patch @@ -0,0 +1,43 @@ +From e1311c029501fac714e42c63e6f75ab5ea608924 Mon Sep 17 00:00:00 2001 +From: Sanne Raymaekers +Date: Fri, 3 Sep 2021 19:27:10 +0200 +Subject: [PATCH 1/2] util/rhsm: Check if repositories is None before iterating + +When `get_fallback_rhsm_secrets` was used, `Subscriptions.repositories` +was None, and `get_secrets` never returned the fallback secrets. + +So check if `repositories` is None before +iterating over it, otherwise return the fallback secrets. +--- + osbuild/util/rhsm.py | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) + +diff --git a/osbuild/util/rhsm.py b/osbuild/util/rhsm.py +index 21a2d50..3ab1729 100644 +--- a/osbuild/util/rhsm.py ++++ b/osbuild/util/rhsm.py +@@ -93,13 +93,14 @@ class Subscriptions: + + def get_secrets(self, url): + # Try to find a matching URL from redhat.repo file first +- for parameters in self.repositories.values(): +- if parameters["matchurl"].match(url) is not None: +- return { +- "ssl_ca_cert": parameters["sslcacert"], +- "ssl_client_key": parameters["sslclientkey"], +- "ssl_client_cert": parameters["sslclientcert"] +- } ++ if self.repositories is not None: ++ for parameters in self.repositories.values(): ++ if parameters["matchurl"].match(url) is not None: ++ return { ++ "ssl_ca_cert": parameters["sslcacert"], ++ "ssl_client_key": parameters["sslclientkey"], ++ "ssl_client_cert": parameters["sslclientcert"] ++ } + + # In case there is no matching URL, try the fallback + if self.secrets: +-- +2.31.1 + diff --git a/SPECS/osbuild.spec b/SPECS/osbuild.spec index ec3c42f..b8113b6 100644 --- a/SPECS/osbuild.spec +++ b/SPECS/osbuild.spec @@ -9,12 +9,18 @@ Version: 35 %global pkgdir %{_prefix}/lib/%{pypi_name} Name: %{pypi_name} -Release: 1%{?dist} +Release: 2%{?dist} License: ASL 2.0 URL: %{forgeurl} Source0: %{forgesource} + +# https://github.com/osbuild/osbuild/pull/806 +Patch0: ostree-bootloader-backend.patch +# https://github.com/osbuild/osbuild/pull/795 +Patch1: rhsm-none-check.patch + BuildArch: noarch Summary: A build system for OS images @@ -100,6 +106,8 @@ manifests and osbuild. %prep %forgesetup +%patch0 -p1 +%patch1 -p1 %build %py3_build @@ -206,6 +214,12 @@ fi %{_bindir}/osbuild-mpp %changelog +* Tue Sep 14 2021 Christian Kellner - 35-2 +- Include patch for ostree.config stage to support the selection of + the bootloader backend. +- Include patch to fix a potential crash in the detection of rhsm + secrets when 'redhat.repo' is missing. + * Sun Aug 29 2021 Tom Gundersen - 35-1 - Upstream release 35