poc rocky 8
This commit is contained in:
commit
9d39f70686
4
.gitignore
vendored
Normal file
4
.gitignore
vendored
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
.idea
|
||||||
|
build/repo
|
||||||
|
build/images
|
||||||
|
build/cache
|
16
README.md
Normal file
16
README.md
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
# Rocky Linux OSTree
|
||||||
|
|
||||||
|
This repository contains the configuration files needed to spin Rocky Linux using rpm-ostree.
|
||||||
|
|
||||||
|
## Project Structure
|
||||||
|
- `manifest.$releasever-$rltype.yaml` - These files represent the entry point for a given release config.
|
||||||
|
- `manifests/rocky-common.yaml` - Default configuration for rpm-ostree and rocky common to all variants.
|
||||||
|
- `manifests/arch` - These files contain configuration specific to the named architecture, x86_64, aarch64, aarch64-pi. Note these should be explicitly included by top level manifests.
|
||||||
|
- `manifests/dnf-groups` - Contains lists of packages organized by containing dnf group, e.g., @Core, @Standard, etc. This is not a comprehensive list and my not be the best approach.
|
||||||
|
- `build` - Contains instructions and scripts to build both the server-side tree and an installation ISO. See the `build/README.md` for build instructions.
|
||||||
|
- `kickstarts` - Anaconda kickstart files that can be used with any anaconda installer image.
|
||||||
|
|
||||||
|
For details on these manifests, A.K.A. Treefiles, see: [Treefile Reference](https://coreos.github.io/rpm-ostree/treefile/)
|
||||||
|
|
||||||
|
|
||||||
|
|
75
build/Makefile
Normal file
75
build/Makefile
Normal file
@ -0,0 +1,75 @@
|
|||||||
|
RELEASE_VER_MAJOR = 8
|
||||||
|
RELEASE_VER_MINOR = 7
|
||||||
|
ARCH = $(shell uname -m)
|
||||||
|
RELEASE_NAME = rocky-linux-ostree-$(ARCH)-$(RELEASE_VER_MAJOR).$(RELEASE_VER_MINOR)
|
||||||
|
DEFAULT_OSTREE_REMOTE = https://dl.rockylinux.org/pub/sig/$(RELEASE_VER_MAJOR)/ostree/$(ARCH)/standard/
|
||||||
|
MOCK_CONFIG = rocky-$(RELEASE_VER_MAJOR)-$(ARCH)
|
||||||
|
|
||||||
|
|
||||||
|
.PHONY: all
|
||||||
|
all: init tree iso
|
||||||
|
|
||||||
|
.PHONY: clean
|
||||||
|
clean:
|
||||||
|
rm -rf ./repo ./cache
|
||||||
|
|
||||||
|
.PHONY: init
|
||||||
|
init: clean
|
||||||
|
mkdir -p ./{repo,cache,images}
|
||||||
|
ostree --repo=./repo init --mode=archive
|
||||||
|
|
||||||
|
.PHONY: mirror
|
||||||
|
mirror: init
|
||||||
|
ostree --repo=./repo remote add rockylinux --set=gpg-verify=false $(DEFAULT_OSTREE_REMOTE) && \
|
||||||
|
ostree --repo=./repo pull --mirror rockylinux rockylinux/$(RELEASE_VER_MAJOR)/$(ARCH)/minimal/devel && \
|
||||||
|
ostree --repo=./repo summary --update
|
||||||
|
|
||||||
|
.PHONY: tree
|
||||||
|
tree:
|
||||||
|
rpm-ostree compose tree --repo=./repo --cachedir=./cache --unified-core ../manifest.8-minimal.yaml && \
|
||||||
|
ostree summary --repo=./repo --update
|
||||||
|
|
||||||
|
.PHONY: iso
|
||||||
|
iso:
|
||||||
|
mock -r $(MOCK_CONFIG) --clean
|
||||||
|
mock -r $(MOCK_CONFIG) --init
|
||||||
|
mock -r $(MOCK_CONFIG) --install lorax ostree
|
||||||
|
mock -r $(MOCK_CONFIG) --copyin $$(pwd)/repo /builddir/repo
|
||||||
|
mock -r $(MOCK_CONFIG) --copyin $$(pwd)/lorax-templates /builddir/lorax-templates
|
||||||
|
mock -r $(MOCK_CONFIG) --enable-network --chroot "cd /builddir && \
|
||||||
|
lorax --product='Rocky Linux OSTree' \
|
||||||
|
--version=$(RELEASE_VER_MAJOR) \
|
||||||
|
--release=$$(date +%Y%m%d) \
|
||||||
|
--variant=R$(RELEASE_VER_MAJOR) \
|
||||||
|
--skip-branding \
|
||||||
|
--installpkgs rocky-release* \
|
||||||
|
--installpkgs rocky-logos-$(RELEASE_VER_MAJOR)* \
|
||||||
|
--installpkgs ostree* \
|
||||||
|
--source=https://dl.rockylinux.org/pub/rocky/$(RELEASE_VER_MAJOR)/BaseOS/$(ARCH)/os/ \
|
||||||
|
--source=https://dl.rockylinux.org/pub/rocky/$(RELEASE_VER_MAJOR)/AppStream/$(ARCH)/os/ \
|
||||||
|
--nomacboot \
|
||||||
|
--volid=$(RELEASE_NAME) \
|
||||||
|
--add-template=/builddir/lorax-templates/lorax-configure-repo.tmpl \
|
||||||
|
--add-template=/builddir/lorax-templates/lorax-embed-repo.tmpl \
|
||||||
|
--add-template-var=ostree_install_repo=file:///builddir/repo \
|
||||||
|
--add-template-var=remote_url=$(DEFAULT_OSTREE_REMOTE) \
|
||||||
|
--add-template-var=default_ref=rockylinux/$(RELEASE_VER_MAJOR)/$(ARCH)/minimal/devel \
|
||||||
|
--logfile=/builddir/lorax.log \
|
||||||
|
--tmp=/builddir/tmp \
|
||||||
|
--rootfs-size=8 \
|
||||||
|
/builddir/completed-iso"
|
||||||
|
mock -r $(MOCK_CONFIG) --copyout /builddir/completed-iso/images/boot.iso $$(pwd)/images/$(RELEASE_NAME).iso
|
||||||
|
|
||||||
|
|
||||||
|
.PHONY: test-server
|
||||||
|
test-server:
|
||||||
|
podman stop ostree-test-server --ignore && \
|
||||||
|
podman rm ostree-test-server --ignore && \
|
||||||
|
podman run -d \
|
||||||
|
--name=ostree-test-server \
|
||||||
|
-p 9001:80 \
|
||||||
|
-v ./repo:/usr/share/nginx/repo \
|
||||||
|
-v ./nginx.conf:/etc/nginx/nginx.conf \
|
||||||
|
--security-opt label=disable \
|
||||||
|
nginx
|
||||||
|
|
59
build/README.md
Normal file
59
build/README.md
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
## How to Build
|
||||||
|
|
||||||
|
### Notes on Building
|
||||||
|
- At the moment this config is built manually using the commands below. The end goal will be to incorporate this
|
||||||
|
into [Empanadas](https://github.com/rocky-linux/sig-core-toolkit). That being said the build tools provided here should
|
||||||
|
be considered a proof of concept at best, and will most likely be removed in the future.
|
||||||
|
- Depending on your setup, you may need to run the following commands as root.
|
||||||
|
|
||||||
|
### Tree & ISO
|
||||||
|
```
|
||||||
|
make
|
||||||
|
```
|
||||||
|
Composes an ostree commit based on the current config, updates the local repo, then creates an installation ISO which embeds the
|
||||||
|
local repo. For more control continue reading.
|
||||||
|
|
||||||
|
### Tree Composition
|
||||||
|
```
|
||||||
|
make init
|
||||||
|
```
|
||||||
|
Sanitizes the build env and creates an empty ostree repo. This step is only needed if you want to start
|
||||||
|
fresh. If you wish to build commits on top of existing rocky ostree create a mirror. See `make mirror`.
|
||||||
|
|
||||||
|
```
|
||||||
|
make mirror
|
||||||
|
```
|
||||||
|
Sanitizes the build env and mirror the ostree from the rockylinux.org remote. This is useful when you want a known working
|
||||||
|
starting point to commit on top of.
|
||||||
|
|
||||||
|
```
|
||||||
|
make tree
|
||||||
|
```
|
||||||
|
Composes a new tree commit based on the current manifest(s). At the moment, this is hardcoded to compose `../manifest.8-minimal.yaml`.
|
||||||
|
|
||||||
|
### Installer ISO
|
||||||
|
```
|
||||||
|
make iso
|
||||||
|
```
|
||||||
|
Creates an installation ISO of the current local tree in `./repo`.
|
||||||
|
|
||||||
|
#### Notes
|
||||||
|
1. The resulting ISO embeds the newest tree commit (depth 0). Currently, this is hardcoded to the `.../minimal/devel` ref.
|
||||||
|
2. The resulting ISO is a standard anaconda installer which will require the user to config users, network, etc. The "special sauce"
|
||||||
|
is the embedded kickstart file that calls `ostreesetup ...`. See `/lorax-templates/lorax-configure-repo.tmpl` or `kickstarts/rockylinux-8-x86_64-minimal-devel.ks` .
|
||||||
|
|
||||||
|
### Host Local Repo Server
|
||||||
|
```
|
||||||
|
make test-server
|
||||||
|
```
|
||||||
|
Deploys a nginx container to host `./repo` for testing purposes.
|
||||||
|
|
||||||
|
Note that you will need to manually add a remote to your ostree installation for this test server. This can be done like so:
|
||||||
|
```
|
||||||
|
ostree remote add --no-gpg-verify test-server http://your.ip.address.here:9001/
|
||||||
|
```
|
||||||
|
|
||||||
|
From there you can rebase your installation to the test server like so:
|
||||||
|
```
|
||||||
|
rpm-ostree rebase --remote test-server -b rockylinux/8/x86_64/minimal/devel
|
||||||
|
```
|
8
build/lorax-templates/lorax-configure-repo.tmpl
Normal file
8
build/lorax-templates/lorax-configure-repo.tmpl
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
<%page args="default_ref, remote_url"/>
|
||||||
|
append usr/share/anaconda/interactive-defaults.ks "ostreesetup --nogpg --osname=rockylinux --remote=rockylinux --url=file:///ostree/repo --ref=${default_ref}"
|
||||||
|
append usr/share/anaconda/interactive-defaults.ks "firewall --use-system-defaults"
|
||||||
|
|
||||||
|
append usr/share/anaconda/interactive-defaults.ks "%post --erroronfail"
|
||||||
|
append usr/share/anaconda/interactive-defaults.ks "ostree remote delete rockylinux"
|
||||||
|
append usr/share/anaconda/interactive-defaults.ks "ostree remote add --no-gpg-verify rockylinux ${remote_url}"
|
||||||
|
append usr/share/anaconda/interactive-defaults.ks "%end"
|
9
build/lorax-templates/lorax-embed-repo.tmpl
Normal file
9
build/lorax-templates/lorax-embed-repo.tmpl
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
<%page args="root, ostree_install_repo, default_ref"/>
|
||||||
|
runcmd mkdir ${root}/ostree
|
||||||
|
runcmd ostree --repo=${root}/ostree/repo init --mode=bare
|
||||||
|
runcmd ostree --repo=${root}/ostree/repo remote add rockylinux --set=gpg-verify=false ${ostree_install_repo}
|
||||||
|
runcmd ostree --repo=${root}/ostree/repo pull --mirror rockylinux ${default_ref}
|
||||||
|
runcmd ostree --repo=${root}/ostree/repo summary --update
|
||||||
|
runcmd chroot ${root} ls /etc/anaconda/product.d/
|
||||||
|
runcmd chroot ${root} sed -i '/Subscription/d' /etc/anaconda/product.d/rhel.conf
|
||||||
|
runcmd chroot ${root} sed -i 's/efi_dir = redhat/efi_dir = rocky/' /etc/anaconda/product.d/rhel.conf
|
27
build/nginx.conf
Normal file
27
build/nginx.conf
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
user nginx;
|
||||||
|
worker_processes auto;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/error.log notice;
|
||||||
|
pid /var/run/nginx.pid;
|
||||||
|
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
http {
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
root /usr/share/nginx/repo;
|
||||||
|
autoindex on;
|
||||||
|
sendfile on;
|
||||||
|
tcp_nopush on;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
6
kickstarts/rockylinux-8-x86_64-minimal-devel.ks
Normal file
6
kickstarts/rockylinux-8-x86_64-minimal-devel.ks
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
ostreesetup --nogpg --osname=rockylinux --remote=rockylinux --url=https://dl.rockylinux.org/pub/sig/8/ostree/x86_64/standard/ --ref=rockylinux/8/x86_64/minimal/devel
|
||||||
|
|
||||||
|
%post --erroronfail
|
||||||
|
rm -f /etc/ostree/remotes.d/rockylinux.conf
|
||||||
|
ostree remote add --no-gpg-verify rockylinux https://dl.rockylinux.org/pub/sig/8/ostree/x86_64/standard/
|
||||||
|
%end
|
31
manifest.8-minimal.yaml
Normal file
31
manifest.8-minimal.yaml
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
variables:
|
||||||
|
rltype: minimal
|
||||||
|
stream: devel
|
||||||
|
prod: false
|
||||||
|
|
||||||
|
releasever: 8
|
||||||
|
|
||||||
|
repovars:
|
||||||
|
rltype: ${rltype}
|
||||||
|
|
||||||
|
include:
|
||||||
|
- manifests/rocky-common.yaml
|
||||||
|
- manifests/fixes.yaml
|
||||||
|
- manifests/dnf-groups/Minimal_Install.yaml
|
||||||
|
|
||||||
|
arch-include:
|
||||||
|
x86_64: manifests/arch/x86_64.yaml
|
||||||
|
aarch64: manifests/arch/aarch64.yaml
|
||||||
|
|
||||||
|
exclude-packages:
|
||||||
|
- plymouth #mainly for debugging
|
||||||
|
|
||||||
|
postprocess:
|
||||||
|
- |
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
set -xeuo pipefail
|
||||||
|
|
||||||
|
# Disable services
|
||||||
|
systemctl disable rdisc.service
|
||||||
|
systemctl disable sshd.service
|
||||||
|
systemctl disable sssd-nss.socket
|
17
manifests/arch/aarch64.yaml
Normal file
17
manifests/arch/aarch64.yaml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
# Anything specific to making aarch64 work
|
||||||
|
packages:
|
||||||
|
- grub2-efi
|
||||||
|
- ostree-grub2
|
||||||
|
- efibootmgr
|
||||||
|
- shim
|
||||||
|
|
||||||
|
# The following packages are specified in a repo specific way.
|
||||||
|
# This prevents us from needing to use repo config priorities.
|
||||||
|
# Note: This is not necessary for "normal" packages, but will become useful for SIG packages,
|
||||||
|
# such as raspberry pi kernel. Doing it now sets a standard and documents the approach.
|
||||||
|
repo-packages:
|
||||||
|
packages:
|
||||||
|
- kernel
|
||||||
|
- kernel-modules
|
||||||
|
- kernel-modules-extra
|
||||||
|
repo: baseos
|
22
manifests/arch/x86_64.yaml
Normal file
22
manifests/arch/x86_64.yaml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
# Anything specific to making x86_64 work
|
||||||
|
packages:
|
||||||
|
- grub2-efi-ia32
|
||||||
|
- grub2-efi-x64
|
||||||
|
- grub2-pc
|
||||||
|
- ostree-grub2
|
||||||
|
- efibootmgr
|
||||||
|
- shim-ia32
|
||||||
|
- shim-x64
|
||||||
|
- microcode_ctl
|
||||||
|
- mcelog
|
||||||
|
|
||||||
|
# The following packages are specified in a repo specific way.
|
||||||
|
# This prevents us from needing to use repo config priorities.
|
||||||
|
# Note: This is not necessary for "normal" packages, but will become useful for SIG packages,
|
||||||
|
# such as raspberry pi kernel. Doing it now sets a standard and documents the approach.
|
||||||
|
repo-packages:
|
||||||
|
- packages:
|
||||||
|
- kernel
|
||||||
|
- kernel-modules
|
||||||
|
- kernel-modules-extra
|
||||||
|
repo: baseos
|
87
manifests/dnf-groups/Core.yaml
Normal file
87
manifests/dnf-groups/Core.yaml
Normal file
@ -0,0 +1,87 @@
|
|||||||
|
# Packages from @Core
|
||||||
|
#
|
||||||
|
# Exclusions:
|
||||||
|
# dnf - Replaced by rpm-ostree
|
||||||
|
# yum - Replaced by rpm-ostree
|
||||||
|
# dnf-plugins-core - Removed since we don't install dnf
|
||||||
|
# plymouth - Removed because rpm-ostree compose can't seem to find it
|
||||||
|
|
||||||
|
packages:
|
||||||
|
# Mandatory
|
||||||
|
- NetworkManager
|
||||||
|
- audit
|
||||||
|
- basesystem
|
||||||
|
- bash
|
||||||
|
- coreutils
|
||||||
|
# - cronie
|
||||||
|
- curl
|
||||||
|
- e2fsprogs
|
||||||
|
- filesystem
|
||||||
|
- firewalld
|
||||||
|
- glibc
|
||||||
|
# - grubby
|
||||||
|
- hostname
|
||||||
|
# - initscripts
|
||||||
|
- iproute
|
||||||
|
- iprutils
|
||||||
|
- iputils
|
||||||
|
# - irqbalance
|
||||||
|
- kbd
|
||||||
|
# - kexec-tools
|
||||||
|
- less
|
||||||
|
- man-db
|
||||||
|
- ncurses
|
||||||
|
- openssh-clients
|
||||||
|
- openssh-server
|
||||||
|
# - parted
|
||||||
|
- passwd
|
||||||
|
- policycoreutils
|
||||||
|
- procps-ng
|
||||||
|
- rootfiles
|
||||||
|
# - rsyslog
|
||||||
|
- selinux-policy-targeted
|
||||||
|
- setup
|
||||||
|
- shadow-utils
|
||||||
|
- sssd-common
|
||||||
|
# - sssd-kcm
|
||||||
|
- sudo
|
||||||
|
- systemd
|
||||||
|
# - tuned
|
||||||
|
- util-linux
|
||||||
|
- vim-minimal
|
||||||
|
# - xfsprogs
|
||||||
|
# Default
|
||||||
|
# - NetworkManager-team
|
||||||
|
# - NetworkManager-tui
|
||||||
|
# - authselect
|
||||||
|
# - biosdevname
|
||||||
|
# - dracut-config-rescue
|
||||||
|
# - iwl100-firmware
|
||||||
|
# - iwl1000-firmware
|
||||||
|
# - iwl105-firmware
|
||||||
|
# - iwl135-firmware
|
||||||
|
# - iwl2000-firmware
|
||||||
|
# - iwl2030-firmware
|
||||||
|
# - iwl3160-firmware
|
||||||
|
# - iwl5000-firmware
|
||||||
|
# - iwl5150-firmware
|
||||||
|
# - iwl6000-firmware
|
||||||
|
# - iwl6000g2a-firmware
|
||||||
|
# - iwl6050-firmware
|
||||||
|
# - iwl7260-firmware
|
||||||
|
# - kernel-tools
|
||||||
|
# - libsysfs
|
||||||
|
- linux-firmware
|
||||||
|
# - lshw
|
||||||
|
# - lsscsi
|
||||||
|
# - microcode_ctl
|
||||||
|
- prefixdevname
|
||||||
|
# - sg3_utils
|
||||||
|
# - sg3_utils-libs
|
||||||
|
# Optional
|
||||||
|
# - dracut-config-generic
|
||||||
|
# - dracut-network
|
||||||
|
# - initial-setup
|
||||||
|
# - rdma-core
|
||||||
|
# - selinux-policy-mls
|
||||||
|
# - tboot
|
7
manifests/dnf-groups/Guest_Agents.yaml
Normal file
7
manifests/dnf-groups/Guest_Agents.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
# Packages from @Guest Agents
|
||||||
|
|
||||||
|
packages:
|
||||||
|
# Mandatory
|
||||||
|
# - hyperv-daemons
|
||||||
|
# - open-vm-tools
|
||||||
|
# - qemu-guest-agent # rpm-ostree compose tree has a hard time finding this (yes I triple checked my repo settings)
|
9
manifests/dnf-groups/Minimal_Install.yaml
Normal file
9
manifests/dnf-groups/Minimal_Install.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# Packages from @Minimal Install
|
||||||
|
#
|
||||||
|
# Exclusions:
|
||||||
|
# see included manifests
|
||||||
|
|
||||||
|
include:
|
||||||
|
- Core.yaml
|
||||||
|
- Standard.yaml
|
||||||
|
- Guest_Agents.yaml
|
12
manifests/dnf-groups/README.md
Normal file
12
manifests/dnf-groups/README.md
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
# dnf-groups
|
||||||
|
These manifest files are organized so that each file represents a DNF group and lists the packages from that group.
|
||||||
|
This may seem unnecessary, and in the end it doesn't really matter, but when thinking about rocky ostree in terms of
|
||||||
|
a rocky minimal clone it is helpful. Note that at the moment only mandatory and default packages from these groups are
|
||||||
|
included.
|
||||||
|
|
||||||
|
### Note About Excluded Packages
|
||||||
|
You will notice that a handful packages are commented out. Some of which have corresponding comments that explain why
|
||||||
|
they are excluded. If something is excluded without a comment it was most likely because it fell into the category of
|
||||||
|
"when its included rpm-ostree freaks out or the produced build is broken". In some cases these packages should be
|
||||||
|
included and warrant further investigation, however, others will probably be left out in the end regardless.
|
||||||
|
|
97
manifests/dnf-groups/Standard.yaml
Normal file
97
manifests/dnf-groups/Standard.yaml
Normal file
@ -0,0 +1,97 @@
|
|||||||
|
# Packages from @Standard
|
||||||
|
#
|
||||||
|
# Exclusions:
|
||||||
|
# kpatch-dnf - Removed since we don't install dnf
|
||||||
|
# plymouth - Removed because rpm-ostree compose can't seem to find it
|
||||||
|
#
|
||||||
|
# Exlusions due to %post issues: See https://bugzilla.redhat.com/show_bug.cgi?id=1352154#c6 & https://ostreedev.github.io/ostree/adapting-existing/
|
||||||
|
# kmod-kvdo
|
||||||
|
# vdo (installs kmod-kvdo)
|
||||||
|
# psacct
|
||||||
|
|
||||||
|
packages:
|
||||||
|
# Mandatory
|
||||||
|
- acl
|
||||||
|
# - at
|
||||||
|
- attr
|
||||||
|
- bc
|
||||||
|
- cpio
|
||||||
|
# - crontabs
|
||||||
|
# - cyrus-sasl-plain
|
||||||
|
# - dbus
|
||||||
|
# - ed
|
||||||
|
- file
|
||||||
|
- iptstate
|
||||||
|
# - irqbalance
|
||||||
|
# - kpatch
|
||||||
|
- logrotate
|
||||||
|
- lsof
|
||||||
|
- mcelog
|
||||||
|
# - microcode_ctl
|
||||||
|
# - net-tools
|
||||||
|
- pciutils
|
||||||
|
- quota
|
||||||
|
- rocky-release
|
||||||
|
# - rsyslog-gnutls
|
||||||
|
# - rsyslog-gssapi
|
||||||
|
# - rsyslog-relp
|
||||||
|
- sudo
|
||||||
|
# - symlinks
|
||||||
|
- systemd-udev
|
||||||
|
- tar
|
||||||
|
- tree
|
||||||
|
# - util-linux-user
|
||||||
|
# Default
|
||||||
|
- bash-completion
|
||||||
|
# - blktrace
|
||||||
|
# - bpftool
|
||||||
|
- bzip2
|
||||||
|
- chrony
|
||||||
|
# - cockpit
|
||||||
|
- cryptsetup
|
||||||
|
# - dos2unix
|
||||||
|
# - dosfstools
|
||||||
|
- ethtool
|
||||||
|
# - fprintd-pam
|
||||||
|
- gnupg2
|
||||||
|
# - ledmon
|
||||||
|
# - libstoragemgmt
|
||||||
|
- lvm2
|
||||||
|
# - mailcap
|
||||||
|
- man-pages
|
||||||
|
- mdadm
|
||||||
|
# - mlocate
|
||||||
|
- mtr
|
||||||
|
- nano
|
||||||
|
# - nmap-ncat
|
||||||
|
# - nvme-cli
|
||||||
|
# - pinfo
|
||||||
|
# - plymouth
|
||||||
|
- realmd
|
||||||
|
- rsync
|
||||||
|
# - smartmontools
|
||||||
|
- sos
|
||||||
|
- sssd
|
||||||
|
# - strace
|
||||||
|
# - tcpdump
|
||||||
|
# - teamd
|
||||||
|
- time
|
||||||
|
- unzip
|
||||||
|
- usbutils
|
||||||
|
# - vim-enhanced
|
||||||
|
# - virt-what
|
||||||
|
- wget
|
||||||
|
- which
|
||||||
|
# - xfsdump
|
||||||
|
- zip
|
||||||
|
# Optional
|
||||||
|
# - cifs-utils
|
||||||
|
# - cockpit-doc
|
||||||
|
# - fwupd
|
||||||
|
# - fwupdate
|
||||||
|
# - ima-evm-utils
|
||||||
|
# - nfs-utils
|
||||||
|
# - nvmetcli
|
||||||
|
# - traceroute
|
||||||
|
# - vdo-support
|
||||||
|
# - zsh
|
30
manifests/fixes.yaml
Normal file
30
manifests/fixes.yaml
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
# Any workarounds should go here.
|
||||||
|
# Please include an explanation of any workaround you implement. Hint: Links are great. :)
|
||||||
|
|
||||||
|
packages:
|
||||||
|
- nss-altfiles # see: https://github.com/osbuild/osbuild-composer/issues/1763
|
||||||
|
|
||||||
|
postprocess:
|
||||||
|
- |
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
set -xeuo pipefail
|
||||||
|
|
||||||
|
#TODO: Make this an overlay like fedora-coreos - see https://github.com/coreos/fedora-coreos-config/blob/testing-devel/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf
|
||||||
|
# Work around https://bugzilla.redhat.com/show_bug.cgi?id=1265295
|
||||||
|
# From https://github.com/coreos/fedora-coreos-config/blob/testing-devel/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf
|
||||||
|
install -dm0755 /usr/lib/systemd/journald.conf.d/
|
||||||
|
echo -e "[Journal]\nStorage=persistent" > /usr/lib/systemd/journald.conf.d/10-persistent.conf
|
||||||
|
|
||||||
|
# See: https://src.fedoraproject.org/rpms/glibc/pull-request/4
|
||||||
|
# Basically that program handles deleting old shared library directories
|
||||||
|
# mid-transaction, which never applies to rpm-ostree. This is structured as a
|
||||||
|
# loop/glob to avoid hardcoding (or trying to match) the architecture.
|
||||||
|
for x in /usr/sbin/glibc_post_upgrade.*; do
|
||||||
|
if test -f ${x}; then
|
||||||
|
ln -srf /usr/bin/true ${x}
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
# THIS IS ONLY NEEDED FOR 8.6 AND LOWER
|
||||||
|
# Workaround for https://github.com/coreos/rpm-ostree/pull/3623 which is not included until rpm-ostree v2022.08
|
||||||
|
# sed -i 's/InaccessiblePaths=/InaccessiblePaths=-/g' /usr/lib/systemd/system/rpm-ostreed.service
|
44
manifests/group
Normal file
44
manifests/group
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
root:x:0:
|
||||||
|
bin:x:1:
|
||||||
|
daemon:x:2:
|
||||||
|
sys:x:3:
|
||||||
|
adm:x:4:
|
||||||
|
tty:x:5:
|
||||||
|
disk:x:6:
|
||||||
|
lp:x:7:
|
||||||
|
mem:x:8:
|
||||||
|
kmem:x:9:
|
||||||
|
wheel:x:10:
|
||||||
|
cdrom:x:11:
|
||||||
|
mail:x:12:
|
||||||
|
man:x:15:
|
||||||
|
dialout:x:18:
|
||||||
|
floppy:x:19:
|
||||||
|
games:x:20:
|
||||||
|
tape:x:33:
|
||||||
|
video:x:39:
|
||||||
|
ftp:x:50:
|
||||||
|
lock:x:54:
|
||||||
|
audio:x:63:
|
||||||
|
users:x:100:
|
||||||
|
nobody:x:65534:
|
||||||
|
dbus:x:81:
|
||||||
|
utmp:x:22:
|
||||||
|
utempter:x:35:
|
||||||
|
input:x:999:
|
||||||
|
kvm:x:36:
|
||||||
|
render:x:998:
|
||||||
|
systemd-journal:x:190:
|
||||||
|
systemd-coredump:x:997:
|
||||||
|
systemd-resolve:x:193:
|
||||||
|
cgred:x:996:
|
||||||
|
polkitd:x:995:
|
||||||
|
ssh_keys:x:994:
|
||||||
|
rpc:x:32:
|
||||||
|
sssd:x:993:
|
||||||
|
printadmin:x:992:
|
||||||
|
rpcuser:x:29:
|
||||||
|
chrony:x:991:
|
||||||
|
sshd:x:74:
|
||||||
|
docker:x:990:
|
||||||
|
banana:x:3076:
|
22
manifests/passwd
Normal file
22
manifests/passwd
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
root:x:0:0:root:/root:/bin/bash
|
||||||
|
bin:x:1:1:bin:/bin:/sbin/nologin
|
||||||
|
daemon:x:2:2:daemon:/sbin:/sbin/nologin
|
||||||
|
adm:x:3:4:adm:/var/adm:/sbin/nologin
|
||||||
|
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
|
||||||
|
sync:x:5:0:sync:/sbin:/bin/sync
|
||||||
|
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
|
||||||
|
halt:x:7:0:halt:/sbin:/sbin/halt
|
||||||
|
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
|
||||||
|
operator:x:11:0:operator:/root:/sbin/nologin
|
||||||
|
games:x:12:100:games:/usr/games:/sbin/nologin
|
||||||
|
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
|
||||||
|
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin
|
||||||
|
dbus:x:81:81:System message bus:/:/sbin/nologin
|
||||||
|
systemd-coredump:x:999:997:systemd Core Dumper:/:/sbin/nologin
|
||||||
|
systemd-resolve:x:193:193:systemd Resolver:/:/sbin/nologin
|
||||||
|
polkitd:x:998:995:User for polkitd:/:/sbin/nologin
|
||||||
|
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
|
||||||
|
sssd:x:997:993:User for sssd:/:/sbin/nologin
|
||||||
|
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
|
||||||
|
chrony:x:996:991::/var/lib/chrony:/sbin/nologin
|
||||||
|
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
|
47
manifests/rocky-common.yaml
Normal file
47
manifests/rocky-common.yaml
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
# Common rpm-ostree compose settings belong here.
|
||||||
|
ref: rockylinux/${releasever}/${basearch}/${rltype}/${stream}
|
||||||
|
|
||||||
|
rojig:
|
||||||
|
name: rocky-ostree-config
|
||||||
|
summary: "Rocky Linux OSTree ${releasever}-${rltype}-${stream}"
|
||||||
|
license: MIT
|
||||||
|
|
||||||
|
repos:
|
||||||
|
- baseos
|
||||||
|
- appstream
|
||||||
|
|
||||||
|
automatic_version_prefix: "${releasever}/${rltype}/${stream} <date:%Y.%m>"
|
||||||
|
boot-location: modules
|
||||||
|
cliwrap: true
|
||||||
|
default_target: multi-user.target
|
||||||
|
documentation: false
|
||||||
|
mutate-os-release: "${releasever}-${rltype}-${stream}"
|
||||||
|
readonly-executables: true
|
||||||
|
selinux: true
|
||||||
|
tmp-is-dir: true
|
||||||
|
recommends: false
|
||||||
|
etc-group-members:
|
||||||
|
- wheel
|
||||||
|
|
||||||
|
ignore-removed-users:
|
||||||
|
- root
|
||||||
|
ignore-removed-groups:
|
||||||
|
- root
|
||||||
|
|
||||||
|
check-passwd:
|
||||||
|
type: file
|
||||||
|
filename: passwd
|
||||||
|
check-groups:
|
||||||
|
type: file
|
||||||
|
filename: group
|
||||||
|
|
||||||
|
units:
|
||||||
|
- getty@tty1.service
|
||||||
|
|
||||||
|
# Packages required by Rocky OSTree
|
||||||
|
packages:
|
||||||
|
- rocky-gpg-keys
|
||||||
|
- rocky-release
|
||||||
|
- rocky-repos
|
||||||
|
- rocky-logos
|
||||||
|
- rpm-ostree
|
33
rocky.repo
Normal file
33
rocky.repo
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
[baseos]
|
||||||
|
name=Rocky Linux $releasever - BaseOS
|
||||||
|
#mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=BaseOS-$releasever
|
||||||
|
baseurl=https://dl.rockylinux.org/pub/rocky/$releasever/BaseOS/$basearch/os/
|
||||||
|
gpgcheck=0
|
||||||
|
enabled=1
|
||||||
|
countme=1
|
||||||
|
|
||||||
|
[appstream]
|
||||||
|
name=Rocky Linux $releasever - AppStream
|
||||||
|
#mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=AppStream-$releasever
|
||||||
|
baseurl=https://dl.rockylinux.org/pub/rocky/$releasever/AppStream/$basearch/os/
|
||||||
|
gpgcheck=0
|
||||||
|
enabled=1
|
||||||
|
countme=1
|
||||||
|
|
||||||
|
[altarch-common]
|
||||||
|
name=Rocky Linux $releasever - Raspberry Pi
|
||||||
|
#mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=AppStream-$releasever
|
||||||
|
baseurl=https://dl.rockylinux.org/pub/sig/$releasever/altarch/aarch64/altarch-common/
|
||||||
|
gpgcheck=0
|
||||||
|
enabled=1
|
||||||
|
countme=1
|
||||||
|
|
||||||
|
[altarch-rockyrpi]
|
||||||
|
name=Rocky Linux $releasever - Raspberry Pi
|
||||||
|
#mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=AppStream-$releasever
|
||||||
|
baseurl=https://dl.rockylinux.org/pub/sig/$releasever/altarch/aarch64/altarch-rockyrpi/
|
||||||
|
gpgcheck=0
|
||||||
|
enabled=1
|
||||||
|
countme=1
|
||||||
|
|
||||||
|
#TODO: Define the rest
|
Loading…
Reference in New Issue
Block a user