forked from sig_ostree/ostree-config
poc rocky 8
This commit is contained in:
commit
9d39f70686
22 changed files with 664 additions and 0 deletions
4
.gitignore
vendored
Normal file
4
.gitignore
vendored
Normal file
|
@ -0,0 +1,4 @@
|
|||
.idea
|
||||
build/repo
|
||||
build/images
|
||||
build/cache
|
2
LICENSE
Normal file
2
LICENSE
Normal file
|
@ -0,0 +1,2 @@
|
|||
https://rockylinux.org/licensing
|
||||
BSD-3
|
16
README.md
Normal file
16
README.md
Normal file
|
@ -0,0 +1,16 @@
|
|||
# Rocky Linux OSTree
|
||||
|
||||
This repository contains the configuration files needed to spin Rocky Linux using rpm-ostree.
|
||||
|
||||
## Project Structure
|
||||
- `manifest.$releasever-$rltype.yaml` - These files represent the entry point for a given release config.
|
||||
- `manifests/rocky-common.yaml` - Default configuration for rpm-ostree and rocky common to all variants.
|
||||
- `manifests/arch` - These files contain configuration specific to the named architecture, x86_64, aarch64, aarch64-pi. Note these should be explicitly included by top level manifests.
|
||||
- `manifests/dnf-groups` - Contains lists of packages organized by containing dnf group, e.g., @Core, @Standard, etc. This is not a comprehensive list and my not be the best approach.
|
||||
- `build` - Contains instructions and scripts to build both the server-side tree and an installation ISO. See the `build/README.md` for build instructions.
|
||||
- `kickstarts` - Anaconda kickstart files that can be used with any anaconda installer image.
|
||||
|
||||
For details on these manifests, A.K.A. Treefiles, see: [Treefile Reference](https://coreos.github.io/rpm-ostree/treefile/)
|
||||
|
||||
|
||||
|
75
build/Makefile
Normal file
75
build/Makefile
Normal file
|
@ -0,0 +1,75 @@
|
|||
RELEASE_VER_MAJOR = 8
|
||||
RELEASE_VER_MINOR = 7
|
||||
ARCH = $(shell uname -m)
|
||||
RELEASE_NAME = rocky-linux-ostree-$(ARCH)-$(RELEASE_VER_MAJOR).$(RELEASE_VER_MINOR)
|
||||
DEFAULT_OSTREE_REMOTE = https://dl.rockylinux.org/pub/sig/$(RELEASE_VER_MAJOR)/ostree/$(ARCH)/standard/
|
||||
MOCK_CONFIG = rocky-$(RELEASE_VER_MAJOR)-$(ARCH)
|
||||
|
||||
|
||||
.PHONY: all
|
||||
all: init tree iso
|
||||
|
||||
.PHONY: clean
|
||||
clean:
|
||||
rm -rf ./repo ./cache
|
||||
|
||||
.PHONY: init
|
||||
init: clean
|
||||
mkdir -p ./{repo,cache,images}
|
||||
ostree --repo=./repo init --mode=archive
|
||||
|
||||
.PHONY: mirror
|
||||
mirror: init
|
||||
ostree --repo=./repo remote add rockylinux --set=gpg-verify=false $(DEFAULT_OSTREE_REMOTE) && \
|
||||
ostree --repo=./repo pull --mirror rockylinux rockylinux/$(RELEASE_VER_MAJOR)/$(ARCH)/minimal/devel && \
|
||||
ostree --repo=./repo summary --update
|
||||
|
||||
.PHONY: tree
|
||||
tree:
|
||||
rpm-ostree compose tree --repo=./repo --cachedir=./cache --unified-core ../manifest.8-minimal.yaml && \
|
||||
ostree summary --repo=./repo --update
|
||||
|
||||
.PHONY: iso
|
||||
iso:
|
||||
mock -r $(MOCK_CONFIG) --clean
|
||||
mock -r $(MOCK_CONFIG) --init
|
||||
mock -r $(MOCK_CONFIG) --install lorax ostree
|
||||
mock -r $(MOCK_CONFIG) --copyin $$(pwd)/repo /builddir/repo
|
||||
mock -r $(MOCK_CONFIG) --copyin $$(pwd)/lorax-templates /builddir/lorax-templates
|
||||
mock -r $(MOCK_CONFIG) --enable-network --chroot "cd /builddir && \
|
||||
lorax --product='Rocky Linux OSTree' \
|
||||
--version=$(RELEASE_VER_MAJOR) \
|
||||
--release=$$(date +%Y%m%d) \
|
||||
--variant=R$(RELEASE_VER_MAJOR) \
|
||||
--skip-branding \
|
||||
--installpkgs rocky-release* \
|
||||
--installpkgs rocky-logos-$(RELEASE_VER_MAJOR)* \
|
||||
--installpkgs ostree* \
|
||||
--source=https://dl.rockylinux.org/pub/rocky/$(RELEASE_VER_MAJOR)/BaseOS/$(ARCH)/os/ \
|
||||
--source=https://dl.rockylinux.org/pub/rocky/$(RELEASE_VER_MAJOR)/AppStream/$(ARCH)/os/ \
|
||||
--nomacboot \
|
||||
--volid=$(RELEASE_NAME) \
|
||||
--add-template=/builddir/lorax-templates/lorax-configure-repo.tmpl \
|
||||
--add-template=/builddir/lorax-templates/lorax-embed-repo.tmpl \
|
||||
--add-template-var=ostree_install_repo=file:///builddir/repo \
|
||||
--add-template-var=remote_url=$(DEFAULT_OSTREE_REMOTE) \
|
||||
--add-template-var=default_ref=rockylinux/$(RELEASE_VER_MAJOR)/$(ARCH)/minimal/devel \
|
||||
--logfile=/builddir/lorax.log \
|
||||
--tmp=/builddir/tmp \
|
||||
--rootfs-size=8 \
|
||||
/builddir/completed-iso"
|
||||
mock -r $(MOCK_CONFIG) --copyout /builddir/completed-iso/images/boot.iso $$(pwd)/images/$(RELEASE_NAME).iso
|
||||
|
||||
|
||||
.PHONY: test-server
|
||||
test-server:
|
||||
podman stop ostree-test-server --ignore && \
|
||||
podman rm ostree-test-server --ignore && \
|
||||
podman run -d \
|
||||
--name=ostree-test-server \
|
||||
-p 9001:80 \
|
||||
-v ./repo:/usr/share/nginx/repo \
|
||||
-v ./nginx.conf:/etc/nginx/nginx.conf \
|
||||
--security-opt label=disable \
|
||||
nginx
|
||||
|
59
build/README.md
Normal file
59
build/README.md
Normal file
|
@ -0,0 +1,59 @@
|
|||
## How to Build
|
||||
|
||||
### Notes on Building
|
||||
- At the moment this config is built manually using the commands below. The end goal will be to incorporate this
|
||||
into [Empanadas](https://github.com/rocky-linux/sig-core-toolkit). That being said the build tools provided here should
|
||||
be considered a proof of concept at best, and will most likely be removed in the future.
|
||||
- Depending on your setup, you may need to run the following commands as root.
|
||||
|
||||
### Tree & ISO
|
||||
```
|
||||
make
|
||||
```
|
||||
Composes an ostree commit based on the current config, updates the local repo, then creates an installation ISO which embeds the
|
||||
local repo. For more control continue reading.
|
||||
|
||||
### Tree Composition
|
||||
```
|
||||
make init
|
||||
```
|
||||
Sanitizes the build env and creates an empty ostree repo. This step is only needed if you want to start
|
||||
fresh. If you wish to build commits on top of existing rocky ostree create a mirror. See `make mirror`.
|
||||
|
||||
```
|
||||
make mirror
|
||||
```
|
||||
Sanitizes the build env and mirror the ostree from the rockylinux.org remote. This is useful when you want a known working
|
||||
starting point to commit on top of.
|
||||
|
||||
```
|
||||
make tree
|
||||
```
|
||||
Composes a new tree commit based on the current manifest(s). At the moment, this is hardcoded to compose `../manifest.8-minimal.yaml`.
|
||||
|
||||
### Installer ISO
|
||||
```
|
||||
make iso
|
||||
```
|
||||
Creates an installation ISO of the current local tree in `./repo`.
|
||||
|
||||
#### Notes
|
||||
1. The resulting ISO embeds the newest tree commit (depth 0). Currently, this is hardcoded to the `.../minimal/devel` ref.
|
||||
2. The resulting ISO is a standard anaconda installer which will require the user to config users, network, etc. The "special sauce"
|
||||
is the embedded kickstart file that calls `ostreesetup ...`. See `/lorax-templates/lorax-configure-repo.tmpl` or `kickstarts/rockylinux-8-x86_64-minimal-devel.ks` .
|
||||
|
||||
### Host Local Repo Server
|
||||
```
|
||||
make test-server
|
||||
```
|
||||
Deploys a nginx container to host `./repo` for testing purposes.
|
||||
|
||||
Note that you will need to manually add a remote to your ostree installation for this test server. This can be done like so:
|
||||
```
|
||||
ostree remote add --no-gpg-verify test-server http://your.ip.address.here:9001/
|
||||
```
|
||||
|
||||
From there you can rebase your installation to the test server like so:
|
||||
```
|
||||
rpm-ostree rebase --remote test-server -b rockylinux/8/x86_64/minimal/devel
|
||||
```
|
8
build/lorax-templates/lorax-configure-repo.tmpl
Normal file
8
build/lorax-templates/lorax-configure-repo.tmpl
Normal file
|
@ -0,0 +1,8 @@
|
|||
<%page args="default_ref, remote_url"/>
|
||||
append usr/share/anaconda/interactive-defaults.ks "ostreesetup --nogpg --osname=rockylinux --remote=rockylinux --url=file:///ostree/repo --ref=${default_ref}"
|
||||
append usr/share/anaconda/interactive-defaults.ks "firewall --use-system-defaults"
|
||||
|
||||
append usr/share/anaconda/interactive-defaults.ks "%post --erroronfail"
|
||||
append usr/share/anaconda/interactive-defaults.ks "ostree remote delete rockylinux"
|
||||
append usr/share/anaconda/interactive-defaults.ks "ostree remote add --no-gpg-verify rockylinux ${remote_url}"
|
||||
append usr/share/anaconda/interactive-defaults.ks "%end"
|
9
build/lorax-templates/lorax-embed-repo.tmpl
Normal file
9
build/lorax-templates/lorax-embed-repo.tmpl
Normal file
|
@ -0,0 +1,9 @@
|
|||
<%page args="root, ostree_install_repo, default_ref"/>
|
||||
runcmd mkdir ${root}/ostree
|
||||
runcmd ostree --repo=${root}/ostree/repo init --mode=bare
|
||||
runcmd ostree --repo=${root}/ostree/repo remote add rockylinux --set=gpg-verify=false ${ostree_install_repo}
|
||||
runcmd ostree --repo=${root}/ostree/repo pull --mirror rockylinux ${default_ref}
|
||||
runcmd ostree --repo=${root}/ostree/repo summary --update
|
||||
runcmd chroot ${root} ls /etc/anaconda/product.d/
|
||||
runcmd chroot ${root} sed -i '/Subscription/d' /etc/anaconda/product.d/rhel.conf
|
||||
runcmd chroot ${root} sed -i 's/efi_dir = redhat/efi_dir = rocky/' /etc/anaconda/product.d/rhel.conf
|
27
build/nginx.conf
Normal file
27
build/nginx.conf
Normal file
|
@ -0,0 +1,27 @@
|
|||
user nginx;
|
||||
worker_processes auto;
|
||||
|
||||
error_log /var/log/nginx/error.log notice;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
|
||||
http {
|
||||
default_type application/octet-stream;
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
|
||||
location / {
|
||||
root /usr/share/nginx/repo;
|
||||
autoindex on;
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
6
kickstarts/rockylinux-8-x86_64-minimal-devel.ks
Normal file
6
kickstarts/rockylinux-8-x86_64-minimal-devel.ks
Normal file
|
@ -0,0 +1,6 @@
|
|||
ostreesetup --nogpg --osname=rockylinux --remote=rockylinux --url=https://dl.rockylinux.org/pub/sig/8/ostree/x86_64/standard/ --ref=rockylinux/8/x86_64/minimal/devel
|
||||
|
||||
%post --erroronfail
|
||||
rm -f /etc/ostree/remotes.d/rockylinux.conf
|
||||
ostree remote add --no-gpg-verify rockylinux https://dl.rockylinux.org/pub/sig/8/ostree/x86_64/standard/
|
||||
%end
|
31
manifest.8-minimal.yaml
Normal file
31
manifest.8-minimal.yaml
Normal file
|
@ -0,0 +1,31 @@
|
|||
variables:
|
||||
rltype: minimal
|
||||
stream: devel
|
||||
prod: false
|
||||
|
||||
releasever: 8
|
||||
|
||||
repovars:
|
||||
rltype: ${rltype}
|
||||
|
||||
include:
|
||||
- manifests/rocky-common.yaml
|
||||
- manifests/fixes.yaml
|
||||
- manifests/dnf-groups/Minimal_Install.yaml
|
||||
|
||||
arch-include:
|
||||
x86_64: manifests/arch/x86_64.yaml
|
||||
aarch64: manifests/arch/aarch64.yaml
|
||||
|
||||
exclude-packages:
|
||||
- plymouth #mainly for debugging
|
||||
|
||||
postprocess:
|
||||
- |
|
||||
#!/usr/bin/env bash
|
||||
set -xeuo pipefail
|
||||
|
||||
# Disable services
|
||||
systemctl disable rdisc.service
|
||||
systemctl disable sshd.service
|
||||
systemctl disable sssd-nss.socket
|
17
manifests/arch/aarch64.yaml
Normal file
17
manifests/arch/aarch64.yaml
Normal file
|
@ -0,0 +1,17 @@
|
|||
# Anything specific to making aarch64 work
|
||||
packages:
|
||||
- grub2-efi
|
||||
- ostree-grub2
|
||||
- efibootmgr
|
||||
- shim
|
||||
|
||||
# The following packages are specified in a repo specific way.
|
||||
# This prevents us from needing to use repo config priorities.
|
||||
# Note: This is not necessary for "normal" packages, but will become useful for SIG packages,
|
||||
# such as raspberry pi kernel. Doing it now sets a standard and documents the approach.
|
||||
repo-packages:
|
||||
packages:
|
||||
- kernel
|
||||
- kernel-modules
|
||||
- kernel-modules-extra
|
||||
repo: baseos
|
22
manifests/arch/x86_64.yaml
Normal file
22
manifests/arch/x86_64.yaml
Normal file
|
@ -0,0 +1,22 @@
|
|||
# Anything specific to making x86_64 work
|
||||
packages:
|
||||
- grub2-efi-ia32
|
||||
- grub2-efi-x64
|
||||
- grub2-pc
|
||||
- ostree-grub2
|
||||
- efibootmgr
|
||||
- shim-ia32
|
||||
- shim-x64
|
||||
- microcode_ctl
|
||||
- mcelog
|
||||
|
||||
# The following packages are specified in a repo specific way.
|
||||
# This prevents us from needing to use repo config priorities.
|
||||
# Note: This is not necessary for "normal" packages, but will become useful for SIG packages,
|
||||
# such as raspberry pi kernel. Doing it now sets a standard and documents the approach.
|
||||
repo-packages:
|
||||
- packages:
|
||||
- kernel
|
||||
- kernel-modules
|
||||
- kernel-modules-extra
|
||||
repo: baseos
|
87
manifests/dnf-groups/Core.yaml
Normal file
87
manifests/dnf-groups/Core.yaml
Normal file
|
@ -0,0 +1,87 @@
|
|||
# Packages from @Core
|
||||
#
|
||||
# Exclusions:
|
||||
# dnf - Replaced by rpm-ostree
|
||||
# yum - Replaced by rpm-ostree
|
||||
# dnf-plugins-core - Removed since we don't install dnf
|
||||
# plymouth - Removed because rpm-ostree compose can't seem to find it
|
||||
|
||||
packages:
|
||||
# Mandatory
|
||||
- NetworkManager
|
||||
- audit
|
||||
- basesystem
|
||||
- bash
|
||||
- coreutils
|
||||
# - cronie
|
||||
- curl
|
||||
- e2fsprogs
|
||||
- filesystem
|
||||
- firewalld
|
||||
- glibc
|
||||
# - grubby
|
||||
- hostname
|
||||
# - initscripts
|
||||
- iproute
|
||||
- iprutils
|
||||
- iputils
|
||||
# - irqbalance
|
||||
- kbd
|
||||
# - kexec-tools
|
||||
- less
|
||||
- man-db
|
||||
- ncurses
|
||||
- openssh-clients
|
||||
- openssh-server
|
||||
# - parted
|
||||
- passwd
|
||||
- policycoreutils
|
||||
- procps-ng
|
||||
- rootfiles
|
||||
# - rsyslog
|
||||
- selinux-policy-targeted
|
||||
- setup
|
||||
- shadow-utils
|
||||
- sssd-common
|
||||
# - sssd-kcm
|
||||
- sudo
|
||||
- systemd
|
||||
# - tuned
|
||||
- util-linux
|
||||
- vim-minimal
|
||||
# - xfsprogs
|
||||
# Default
|
||||
# - NetworkManager-team
|
||||
# - NetworkManager-tui
|
||||
# - authselect
|
||||
# - biosdevname
|
||||
# - dracut-config-rescue
|
||||
# - iwl100-firmware
|
||||
# - iwl1000-firmware
|
||||
# - iwl105-firmware
|
||||
# - iwl135-firmware
|
||||
# - iwl2000-firmware
|
||||
# - iwl2030-firmware
|
||||
# - iwl3160-firmware
|
||||
# - iwl5000-firmware
|
||||
# - iwl5150-firmware
|
||||
# - iwl6000-firmware
|
||||
# - iwl6000g2a-firmware
|
||||
# - iwl6050-firmware
|
||||
# - iwl7260-firmware
|
||||
# - kernel-tools
|
||||
# - libsysfs
|
||||
- linux-firmware
|
||||
# - lshw
|
||||
# - lsscsi
|
||||
# - microcode_ctl
|
||||
- prefixdevname
|
||||
# - sg3_utils
|
||||
# - sg3_utils-libs
|
||||
# Optional
|
||||
# - dracut-config-generic
|
||||
# - dracut-network
|
||||
# - initial-setup
|
||||
# - rdma-core
|
||||
# - selinux-policy-mls
|
||||
# - tboot
|
7
manifests/dnf-groups/Guest_Agents.yaml
Normal file
7
manifests/dnf-groups/Guest_Agents.yaml
Normal file
|
@ -0,0 +1,7 @@
|
|||
# Packages from @Guest Agents
|
||||
|
||||
packages:
|
||||
# Mandatory
|
||||
# - hyperv-daemons
|
||||
# - open-vm-tools
|
||||
# - qemu-guest-agent # rpm-ostree compose tree has a hard time finding this (yes I triple checked my repo settings)
|
9
manifests/dnf-groups/Minimal_Install.yaml
Normal file
9
manifests/dnf-groups/Minimal_Install.yaml
Normal file
|
@ -0,0 +1,9 @@
|
|||
# Packages from @Minimal Install
|
||||
#
|
||||
# Exclusions:
|
||||
# see included manifests
|
||||
|
||||
include:
|
||||
- Core.yaml
|
||||
- Standard.yaml
|
||||
- Guest_Agents.yaml
|
12
manifests/dnf-groups/README.md
Normal file
12
manifests/dnf-groups/README.md
Normal file
|
@ -0,0 +1,12 @@
|
|||
# dnf-groups
|
||||
These manifest files are organized so that each file represents a DNF group and lists the packages from that group.
|
||||
This may seem unnecessary, and in the end it doesn't really matter, but when thinking about rocky ostree in terms of
|
||||
a rocky minimal clone it is helpful. Note that at the moment only mandatory and default packages from these groups are
|
||||
included.
|
||||
|
||||
### Note About Excluded Packages
|
||||
You will notice that a handful packages are commented out. Some of which have corresponding comments that explain why
|
||||
they are excluded. If something is excluded without a comment it was most likely because it fell into the category of
|
||||
"when its included rpm-ostree freaks out or the produced build is broken". In some cases these packages should be
|
||||
included and warrant further investigation, however, others will probably be left out in the end regardless.
|
||||
|
97
manifests/dnf-groups/Standard.yaml
Normal file
97
manifests/dnf-groups/Standard.yaml
Normal file
|
@ -0,0 +1,97 @@
|
|||
# Packages from @Standard
|
||||
#
|
||||
# Exclusions:
|
||||
# kpatch-dnf - Removed since we don't install dnf
|
||||
# plymouth - Removed because rpm-ostree compose can't seem to find it
|
||||
#
|
||||
# Exlusions due to %post issues: See https://bugzilla.redhat.com/show_bug.cgi?id=1352154#c6 & https://ostreedev.github.io/ostree/adapting-existing/
|
||||
# kmod-kvdo
|
||||
# vdo (installs kmod-kvdo)
|
||||
# psacct
|
||||
|
||||
packages:
|
||||
# Mandatory
|
||||
- acl
|
||||
# - at
|
||||
- attr
|
||||
- bc
|
||||
- cpio
|
||||
# - crontabs
|
||||
# - cyrus-sasl-plain
|
||||
# - dbus
|
||||
# - ed
|
||||
- file
|
||||
- iptstate
|
||||
# - irqbalance
|
||||
# - kpatch
|
||||
- logrotate
|
||||
- lsof
|
||||
- mcelog
|
||||
# - microcode_ctl
|
||||
# - net-tools
|
||||
- pciutils
|
||||
- quota
|
||||
- rocky-release
|
||||
# - rsyslog-gnutls
|
||||
# - rsyslog-gssapi
|
||||
# - rsyslog-relp
|
||||
- sudo
|
||||
# - symlinks
|
||||
- systemd-udev
|
||||
- tar
|
||||
- tree
|
||||
# - util-linux-user
|
||||
# Default
|
||||
- bash-completion
|
||||
# - blktrace
|
||||
# - bpftool
|
||||
- bzip2
|
||||
- chrony
|
||||
# - cockpit
|
||||
- cryptsetup
|
||||
# - dos2unix
|
||||
# - dosfstools
|
||||
- ethtool
|
||||
# - fprintd-pam
|
||||
- gnupg2
|
||||
# - ledmon
|
||||
# - libstoragemgmt
|
||||
- lvm2
|
||||
# - mailcap
|
||||
- man-pages
|
||||
- mdadm
|
||||
# - mlocate
|
||||
- mtr
|
||||
- nano
|
||||
# - nmap-ncat
|
||||
# - nvme-cli
|
||||
# - pinfo
|
||||
# - plymouth
|
||||
- realmd
|
||||
- rsync
|
||||
# - smartmontools
|
||||
- sos
|
||||
- sssd
|
||||
# - strace
|
||||
# - tcpdump
|
||||
# - teamd
|
||||
- time
|
||||
- unzip
|
||||
- usbutils
|
||||
# - vim-enhanced
|
||||
# - virt-what
|
||||
- wget
|
||||
- which
|
||||
# - xfsdump
|
||||
- zip
|
||||
# Optional
|
||||
# - cifs-utils
|
||||
# - cockpit-doc
|
||||
# - fwupd
|
||||
# - fwupdate
|
||||
# - ima-evm-utils
|
||||
# - nfs-utils
|
||||
# - nvmetcli
|
||||
# - traceroute
|
||||
# - vdo-support
|
||||
# - zsh
|
30
manifests/fixes.yaml
Normal file
30
manifests/fixes.yaml
Normal file
|
@ -0,0 +1,30 @@
|
|||
# Any workarounds should go here.
|
||||
# Please include an explanation of any workaround you implement. Hint: Links are great. :)
|
||||
|
||||
packages:
|
||||
- nss-altfiles # see: https://github.com/osbuild/osbuild-composer/issues/1763
|
||||
|
||||
postprocess:
|
||||
- |
|
||||
#!/usr/bin/env bash
|
||||
set -xeuo pipefail
|
||||
|
||||
#TODO: Make this an overlay like fedora-coreos - see https://github.com/coreos/fedora-coreos-config/blob/testing-devel/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf
|
||||
# Work around https://bugzilla.redhat.com/show_bug.cgi?id=1265295
|
||||
# From https://github.com/coreos/fedora-coreos-config/blob/testing-devel/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf
|
||||
install -dm0755 /usr/lib/systemd/journald.conf.d/
|
||||
echo -e "[Journal]\nStorage=persistent" > /usr/lib/systemd/journald.conf.d/10-persistent.conf
|
||||
|
||||
# See: https://src.fedoraproject.org/rpms/glibc/pull-request/4
|
||||
# Basically that program handles deleting old shared library directories
|
||||
# mid-transaction, which never applies to rpm-ostree. This is structured as a
|
||||
# loop/glob to avoid hardcoding (or trying to match) the architecture.
|
||||
for x in /usr/sbin/glibc_post_upgrade.*; do
|
||||
if test -f ${x}; then
|
||||
ln -srf /usr/bin/true ${x}
|
||||
fi
|
||||
done
|
||||
|
||||
# THIS IS ONLY NEEDED FOR 8.6 AND LOWER
|
||||
# Workaround for https://github.com/coreos/rpm-ostree/pull/3623 which is not included until rpm-ostree v2022.08
|
||||
# sed -i 's/InaccessiblePaths=/InaccessiblePaths=-/g' /usr/lib/systemd/system/rpm-ostreed.service
|
44
manifests/group
Normal file
44
manifests/group
Normal file
|
@ -0,0 +1,44 @@
|
|||
root:x:0:
|
||||
bin:x:1:
|
||||
daemon:x:2:
|
||||
sys:x:3:
|
||||
adm:x:4:
|
||||
tty:x:5:
|
||||
disk:x:6:
|
||||
lp:x:7:
|
||||
mem:x:8:
|
||||
kmem:x:9:
|
||||
wheel:x:10:
|
||||
cdrom:x:11:
|
||||
mail:x:12:
|
||||
man:x:15:
|
||||
dialout:x:18:
|
||||
floppy:x:19:
|
||||
games:x:20:
|
||||
tape:x:33:
|
||||
video:x:39:
|
||||
ftp:x:50:
|
||||
lock:x:54:
|
||||
audio:x:63:
|
||||
users:x:100:
|
||||
nobody:x:65534:
|
||||
dbus:x:81:
|
||||
utmp:x:22:
|
||||
utempter:x:35:
|
||||
input:x:999:
|
||||
kvm:x:36:
|
||||
render:x:998:
|
||||
systemd-journal:x:190:
|
||||
systemd-coredump:x:997:
|
||||
systemd-resolve:x:193:
|
||||
cgred:x:996:
|
||||
polkitd:x:995:
|
||||
ssh_keys:x:994:
|
||||
rpc:x:32:
|
||||
sssd:x:993:
|
||||
printadmin:x:992:
|
||||
rpcuser:x:29:
|
||||
chrony:x:991:
|
||||
sshd:x:74:
|
||||
docker:x:990:
|
||||
banana:x:3076:
|
22
manifests/passwd
Normal file
22
manifests/passwd
Normal file
|
@ -0,0 +1,22 @@
|
|||
root:x:0:0:root:/root:/bin/bash
|
||||
bin:x:1:1:bin:/bin:/sbin/nologin
|
||||
daemon:x:2:2:daemon:/sbin:/sbin/nologin
|
||||
adm:x:3:4:adm:/var/adm:/sbin/nologin
|
||||
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
|
||||
sync:x:5:0:sync:/sbin:/bin/sync
|
||||
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
|
||||
halt:x:7:0:halt:/sbin:/sbin/halt
|
||||
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
|
||||
operator:x:11:0:operator:/root:/sbin/nologin
|
||||
games:x:12:100:games:/usr/games:/sbin/nologin
|
||||
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
|
||||
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin
|
||||
dbus:x:81:81:System message bus:/:/sbin/nologin
|
||||
systemd-coredump:x:999:997:systemd Core Dumper:/:/sbin/nologin
|
||||
systemd-resolve:x:193:193:systemd Resolver:/:/sbin/nologin
|
||||
polkitd:x:998:995:User for polkitd:/:/sbin/nologin
|
||||
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
|
||||
sssd:x:997:993:User for sssd:/:/sbin/nologin
|
||||
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
|
||||
chrony:x:996:991::/var/lib/chrony:/sbin/nologin
|
||||
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
|
47
manifests/rocky-common.yaml
Normal file
47
manifests/rocky-common.yaml
Normal file
|
@ -0,0 +1,47 @@
|
|||
# Common rpm-ostree compose settings belong here.
|
||||
ref: rockylinux/${releasever}/${basearch}/${rltype}/${stream}
|
||||
|
||||
rojig:
|
||||
name: rocky-ostree-config
|
||||
summary: "Rocky Linux OSTree ${releasever}-${rltype}-${stream}"
|
||||
license: MIT
|
||||
|
||||
repos:
|
||||
- baseos
|
||||
- appstream
|
||||
|
||||
automatic_version_prefix: "${releasever}/${rltype}/${stream} <date:%Y.%m>"
|
||||
boot-location: modules
|
||||
cliwrap: true
|
||||
default_target: multi-user.target
|
||||
documentation: false
|
||||
mutate-os-release: "${releasever}-${rltype}-${stream}"
|
||||
readonly-executables: true
|
||||
selinux: true
|
||||
tmp-is-dir: true
|
||||
recommends: false
|
||||
etc-group-members:
|
||||
- wheel
|
||||
|
||||
ignore-removed-users:
|
||||
- root
|
||||
ignore-removed-groups:
|
||||
- root
|
||||
|
||||
check-passwd:
|
||||
type: file
|
||||
filename: passwd
|
||||
check-groups:
|
||||
type: file
|
||||
filename: group
|
||||
|
||||
units:
|
||||
- getty@tty1.service
|
||||
|
||||
# Packages required by Rocky OSTree
|
||||
packages:
|
||||
- rocky-gpg-keys
|
||||
- rocky-release
|
||||
- rocky-repos
|
||||
- rocky-logos
|
||||
- rpm-ostree
|
33
rocky.repo
Normal file
33
rocky.repo
Normal file
|
@ -0,0 +1,33 @@
|
|||
[baseos]
|
||||
name=Rocky Linux $releasever - BaseOS
|
||||
#mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=BaseOS-$releasever
|
||||
baseurl=https://dl.rockylinux.org/pub/rocky/$releasever/BaseOS/$basearch/os/
|
||||
gpgcheck=0
|
||||
enabled=1
|
||||
countme=1
|
||||
|
||||
[appstream]
|
||||
name=Rocky Linux $releasever - AppStream
|
||||
#mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=AppStream-$releasever
|
||||
baseurl=https://dl.rockylinux.org/pub/rocky/$releasever/AppStream/$basearch/os/
|
||||
gpgcheck=0
|
||||
enabled=1
|
||||
countme=1
|
||||
|
||||
[altarch-common]
|
||||
name=Rocky Linux $releasever - Raspberry Pi
|
||||
#mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=AppStream-$releasever
|
||||
baseurl=https://dl.rockylinux.org/pub/sig/$releasever/altarch/aarch64/altarch-common/
|
||||
gpgcheck=0
|
||||
enabled=1
|
||||
countme=1
|
||||
|
||||
[altarch-rockyrpi]
|
||||
name=Rocky Linux $releasever - Raspberry Pi
|
||||
#mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=AppStream-$releasever
|
||||
baseurl=https://dl.rockylinux.org/pub/sig/$releasever/altarch/aarch64/altarch-rockyrpi/
|
||||
gpgcheck=0
|
||||
enabled=1
|
||||
countme=1
|
||||
|
||||
#TODO: Define the rest
|
Loading…
Reference in a new issue