diff --git a/.gitignore b/.gitignore index f101bc3..836e00a 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/osbuild-27.3.tar.gz +SOURCES/osbuild-35.tar.gz diff --git a/.osbuild.metadata b/.osbuild.metadata index b605d7a..a21aebf 100644 --- a/.osbuild.metadata +++ b/.osbuild.metadata @@ -1 +1 @@ -4cf2b90685fb283a0f7972a5be48ab1bdb94376b SOURCES/osbuild-27.3.tar.gz +e7c0228039b6cbab841af199cbe2558254362526 SOURCES/osbuild-35.tar.gz diff --git a/SOURCES/0001-util-rhsm-Check-if-repositories-is-None-before-itera.patch b/SOURCES/0001-util-rhsm-Check-if-repositories-is-None-before-itera.patch deleted file mode 100644 index 5c6313d..0000000 --- a/SOURCES/0001-util-rhsm-Check-if-repositories-is-None-before-itera.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 815bc8d1bf8f0811d7583ffeebfad463cb481354 Mon Sep 17 00:00:00 2001 -From: Sanne Raymaekers -Date: Fri, 3 Sep 2021 19:27:10 +0200 -Subject: [PATCH] util/rhsm: Check if repositories is None before iterating - -When `get_fallback_rhsm_secrets` was used, `Subscriptions.repositories` -was None, and `get_secrets` never returned the fallback secrets. - -So check if `repositories` is None before -iterating over it, otherwise return the fallback secrets. ---- - osbuild/util/rhsm.py | 15 ++++++++------- - 1 file changed, 8 insertions(+), 7 deletions(-) - -diff --git a/osbuild/util/rhsm.py b/osbuild/util/rhsm.py -index 21a2d50..3ab1729 100644 ---- a/osbuild/util/rhsm.py -+++ b/osbuild/util/rhsm.py -@@ -93,13 +93,14 @@ class Subscriptions: - - def get_secrets(self, url): - # Try to find a matching URL from redhat.repo file first -- for parameters in self.repositories.values(): -- if parameters["matchurl"].match(url) is not None: -- return { -- "ssl_ca_cert": parameters["sslcacert"], -- "ssl_client_key": parameters["sslclientkey"], -- "ssl_client_cert": parameters["sslclientcert"] -- } -+ if self.repositories is not None: -+ for parameters in self.repositories.values(): -+ if parameters["matchurl"].match(url) is not None: -+ return { -+ "ssl_ca_cert": parameters["sslcacert"], -+ "ssl_client_key": parameters["sslclientkey"], -+ "ssl_client_cert": parameters["sslclientcert"] -+ } - - # In case there is no matching URL, try the fallback - if self.secrets: --- -2.21.1 (Apple Git-122.3) - diff --git a/SOURCES/ostree-bootloader-backend.patch b/SOURCES/ostree-bootloader-backend.patch new file mode 100644 index 0000000..5287463 --- /dev/null +++ b/SOURCES/ostree-bootloader-backend.patch @@ -0,0 +1,75 @@ +From 7ec305a343c48444678416bc187cd7c2ab54e26d Mon Sep 17 00:00:00 2001 +From: Christian Kellner +Date: Thu, 9 Sep 2021 11:03:12 +0200 +Subject: [PATCH 1/2] ostree.config: add `bootloader` config option + +Ability to set the bootloader backend that OSTree should use. NB: +normally this should be set to `none` since in modern distros and +bootloaders the BLS is used and the BLS snippets are generated on +`none` but none of the of the specific bootloader tools are run, +like `grub2-mkconfig` for grub. + +Update the fedora image manifest to use that config setting. +--- + stages/org.osbuild.ostree.config | 8 ++++++++ + test/data/manifests/fedora-ostree-image.json | 3 ++- + test/data/manifests/fedora-ostree-image.mpp.json | 3 ++- + 3 files changed, 12 insertions(+), 2 deletions(-) + +diff --git a/stages/org.osbuild.ostree.config b/stages/org.osbuild.ostree.config +index 5dc378c..4bd25c4 100755 +--- a/stages/org.osbuild.ostree.config ++++ b/stages/org.osbuild.ostree.config +@@ -5,6 +5,9 @@ Change OSTree configuration + Change the configuration for an OSTree repository. + Currently only the following values are supported: + - `sysroot.readonly` ++ - `sysroot.bootloader` ++ ++See `ostree.repo-config(5)` for more information. + """ + + import os +@@ -32,6 +35,11 @@ SCHEMA = """ + "additionalProperties": false, + "description": "Options concerning the sysroot", + "properties": { ++ "bootloader": { ++ "description": "Configure the bootloader that OSTree uses (use 'none' for BLS).", ++ "type": "string", ++ "enum": ["none", "auto", "grub2", "syslinux", "uboot", "zipl"] ++ }, + "readonly": { + "description": "Read only sysroot and boot", + "type": "boolean" +diff --git a/test/data/manifests/fedora-ostree-image.json b/test/data/manifests/fedora-ostree-image.json +index 2562dab..2e6e716 100644 +--- a/test/data/manifests/fedora-ostree-image.json ++++ b/test/data/manifests/fedora-ostree-image.json +@@ -870,7 +870,8 @@ + "repo": "/ostree/repo", + "config": { + "sysroot": { +- "readonly": true ++ "readonly": true, ++ "bootloader": "none" + } + } + } +diff --git a/test/data/manifests/fedora-ostree-image.mpp.json b/test/data/manifests/fedora-ostree-image.mpp.json +index bab2eb4..689cbf0 100644 +--- a/test/data/manifests/fedora-ostree-image.mpp.json ++++ b/test/data/manifests/fedora-ostree-image.mpp.json +@@ -282,7 +282,8 @@ + "repo": "/ostree/repo", + "config": { + "sysroot": { +- "readonly": true ++ "readonly": true, ++ "bootloader": "none" + } + } + } +-- +2.31.1 + diff --git a/SOURCES/qemu-fix-compat-option.patch b/SOURCES/qemu-fix-compat-option.patch new file mode 100644 index 0000000..36797a4 --- /dev/null +++ b/SOURCES/qemu-fix-compat-option.patch @@ -0,0 +1,29 @@ +From 21ad9fa3992ba0f28750b5808cebdacdde104e08 Mon Sep 17 00:00:00 2001 +From: Christian Kellner +Date: Wed, 22 Sep 2021 10:30:52 +0000 +Subject: [PATCH] stages/qemu: fix 'compat' option + +The option got renamed to `compat` (and moved into the `qemu` +object) when the stage was extracted from the `qemu` assembler; +but the code, taken from the assembler, still used the old +`qcow2_compat` name for the option. Fix this. +--- + stages/org.osbuild.qemu | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/stages/org.osbuild.qemu b/stages/org.osbuild.qemu +index bfefac3..cb6b3a8 100755 +--- a/stages/org.osbuild.qemu ++++ b/stages/org.osbuild.qemu +@@ -126,7 +126,7 @@ SCHEMA_2 = r""" + + def qcow2_arguments(options): + argv = ["-c"] +- compat = options.get("qcow2_compat") ++ compat = options.get("compat") + + if compat: + argv += ["-o", f"compat={compat}"] +-- +2.32.0 + diff --git a/SOURCES/rhsm-none-check.patch b/SOURCES/rhsm-none-check.patch new file mode 100644 index 0000000..883a1a6 --- /dev/null +++ b/SOURCES/rhsm-none-check.patch @@ -0,0 +1,43 @@ +From e1311c029501fac714e42c63e6f75ab5ea608924 Mon Sep 17 00:00:00 2001 +From: Sanne Raymaekers +Date: Fri, 3 Sep 2021 19:27:10 +0200 +Subject: [PATCH 1/2] util/rhsm: Check if repositories is None before iterating + +When `get_fallback_rhsm_secrets` was used, `Subscriptions.repositories` +was None, and `get_secrets` never returned the fallback secrets. + +So check if `repositories` is None before +iterating over it, otherwise return the fallback secrets. +--- + osbuild/util/rhsm.py | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) + +diff --git a/osbuild/util/rhsm.py b/osbuild/util/rhsm.py +index 21a2d50..3ab1729 100644 +--- a/osbuild/util/rhsm.py ++++ b/osbuild/util/rhsm.py +@@ -93,13 +93,14 @@ class Subscriptions: + + def get_secrets(self, url): + # Try to find a matching URL from redhat.repo file first +- for parameters in self.repositories.values(): +- if parameters["matchurl"].match(url) is not None: +- return { +- "ssl_ca_cert": parameters["sslcacert"], +- "ssl_client_key": parameters["sslclientkey"], +- "ssl_client_cert": parameters["sslclientcert"] +- } ++ if self.repositories is not None: ++ for parameters in self.repositories.values(): ++ if parameters["matchurl"].match(url) is not None: ++ return { ++ "ssl_ca_cert": parameters["sslcacert"], ++ "ssl_client_key": parameters["sslclientkey"], ++ "ssl_client_cert": parameters["sslclientcert"] ++ } + + # In case there is no matching URL, try the fallback + if self.secrets: +-- +2.31.1 + diff --git a/SPECS/osbuild.spec b/SPECS/osbuild.spec index a946585..c08551d 100644 --- a/SPECS/osbuild.spec +++ b/SPECS/osbuild.spec @@ -1,7 +1,7 @@ %global forgeurl https://github.com/osbuild/osbuild %global selinuxtype targeted -Version: 27.3 +Version: 35 %forgemeta @@ -9,13 +9,20 @@ Version: 27.3 %global pkgdir %{_prefix}/lib/%{pypi_name} Name: %{pypi_name} -Release: 2%{?dist} +Release: 3%{?dist} License: ASL 2.0 URL: %{forgeurl} Source0: %{forgesource} -Patch0: 0001-util-rhsm-Check-if-repositories-is-None-before-itera.patch + +# https://github.com/osbuild/osbuild/pull/806 +Patch0: ostree-bootloader-backend.patch +# https://github.com/osbuild/osbuild/pull/795 +Patch1: rhsm-none-check.patch +# https://github.com/osbuild/osbuild/pull/819 +Patch2: qemu-fix-compat-option.patch + BuildArch: noarch Summary: A build system for OS images @@ -91,9 +98,19 @@ Contains the necessary SELinux policies that allows osbuild to use labels unknown to the host inside the containers it uses to build OS artifacts. +%package tools +Summary: Extra tools and utilities +Requires: %{name} = %{version}-%{release} + +%description tools +Contains additional tools and utilities for development of +manifests and osbuild. + %prep %forgesetup %patch0 -p1 +%patch1 -p1 +%patch2 -p1 %build %py3_build @@ -121,15 +138,21 @@ install -p -m 0755 $(find runners -type f -or -type l) %{buildroot}%{pkgdir}/run mkdir -p %{buildroot}%{pkgdir}/sources install -p -m 0755 $(find sources -type f) %{buildroot}%{pkgdir}/sources +mkdir -p %{buildroot}%{pkgdir}/devices +install -p -m 0755 $(find devices -type f) %{buildroot}%{pkgdir}/devices + mkdir -p %{buildroot}%{pkgdir}/inputs install -p -m 0755 $(find inputs -type f) %{buildroot}%{pkgdir}/inputs +mkdir -p %{buildroot}%{pkgdir}/mounts +install -p -m 0755 $(find mounts -type f) %{buildroot}%{pkgdir}/mounts + # mount point for bind mounting the osbuild library mkdir -p %{buildroot}%{pkgdir}/osbuild # schemata mkdir -p %{buildroot}%{_datadir}/osbuild/schemas -install -p -m 0755 $(find schemas/*.json) %{buildroot}%{_datadir}/osbuild/schemas +install -p -m 0644 $(find schemas/*.json) %{buildroot}%{_datadir}/osbuild/schemas ln -s %{_datadir}/osbuild/schemas %{buildroot}%{pkgdir}/schemas # documentation @@ -139,8 +162,8 @@ install -p -m 0644 -t %{buildroot}%{_mandir}/man1/ docs/*.1 install -p -m 0644 -t %{buildroot}%{_mandir}/man5/ docs/*.5 # SELinux -install -D -m 644 -t %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype} %{name}.pp.bz2 -install -D -m 644 -t %{buildroot}%{_mandir}/man8 selinux/%{name}_selinux.8 +install -D -m 0644 -t %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype} %{name}.pp.bz2 +install -D -m 0644 -t %{buildroot}%{_mandir}/man8 selinux/%{name}_selinux.8 %check exit 0 @@ -155,9 +178,10 @@ exit 0 %{_datadir}/osbuild/schemas %{pkgdir} # the following files are in the ostree sub-package -%exclude %{pkgdir}/assemblers/org.osbuild.ostree.commit -%exclude %{pkgdir}/sources/org.osbuild.ostree -%exclude %{pkgdir}/stages/org.osbuild.ostree +%exclude %{pkgdir}/assemblers/org.osbuild.ostree* +%exclude %{pkgdir}/inputs/org.osbuild.ostree* +%exclude %{pkgdir}/sources/org.osbuild.ostree* +%exclude %{pkgdir}/stages/org.osbuild.ostree* %exclude %{pkgdir}/stages/org.osbuild.rpm-ostree %files -n python3-%{pypi_name} @@ -167,9 +191,10 @@ exit 0 %{python3_sitelib}/%{pypi_name}/ %files ostree -%{pkgdir}/assemblers/org.osbuild.ostree.commit -%{pkgdir}/sources/org.osbuild.ostree -%{pkgdir}/stages/org.osbuild.ostree +%{pkgdir}/assemblers/org.osbuild.ostree* +%{pkgdir}/inputs/org.osbuild.ostree* +%{pkgdir}/sources/org.osbuild.ostree* +%{pkgdir}/stages/org.osbuild.ostree* %{pkgdir}/stages/org.osbuild.rpm-ostree %files selinux @@ -188,28 +213,43 @@ fi %posttrans selinux %selinux_relabel_post -s %{selinuxtype} +%files tools +%{_bindir}/osbuild-mpp %changelog -* Tue Sep 07 2021 Martin Sehnoutka - 27.3-2 -- Patch a bug in the RHSM util module - -* Tue Aug 24 2021 Martin Sehnoutka - 27.3-1 -- Upstream release 27.3 -- New algorithm for getting RHSM secrets from the host system - which supports multiple entitlements at the same time. - -* Thu Apr 8 2021 Christian Kellner - 27.2-1 -- Upstream release 27.2. -- Support for explicitly selecting the qcow2 version. - -* Thu Apr 1 2021 Achilleas Koutsou - 27.1-1 -- Upstream release 27.1 -- Bug fixes related to OCI archive generation. - -* Tue Mar 16 2021 Christian Kellner - 27-1 -- Upstream release 27 -- Various bug fixes related to the new container and installer - stages introdcued in version 25 and 26. +* Fri Sep 24 2021 Ondřej Budai - 35-3 +- Include patch for qemu stage to fix the compat option that was + just ignored before. + +* Tue Sep 14 2021 Christian Kellner - 35-2 +- Include patch for ostree.config stage to support the selection of + the bootloader backend. +- Include patch to fix a potential crash in the detection of rhsm + secrets when 'redhat.repo' is missing. + +* Sun Aug 29 2021 Tom Gundersen - 35-1 +- Upstream release 35 + +* Sun Aug 29 2021 Tom Gundersen - 34-1 +- Upstream release 34 + +* Wed Aug 25 2021 Tom Gundersen - 33-1 +- Upstream release 33 + +* Tue Aug 24 2021 Tom Gundersen - 32-1 +- Upstream release 32 + +* Mon Aug 23 2021 Tom Gundersen - 31-1 +- Upstream release 31 + +* Fri Jul 23 2021 Christian Kellner - 30-1 +- Upstream release 30 +- Ship osbuild-mpp in new tools sub-package. +- Remove executable bit from schemata files. + +* Tue Apr 27 2021 Achilleas Koutsou - 28-1 +- Upstream release 28 +- Includes fixes and feature additions for multiple stages. * Fri Feb 19 2021 Christian Kellner - 26-1 - Upstream release 26