From 5892c56ad633d26b19d9744095c10c9d9652808c Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 15 Sep 2023 17:05:55 -0400 Subject: [PATCH 1/2] manifests: Move kernel into fedora-coreos-base This is prep for rebasing on [sagano](https://gitlab.com/cgwalters-playground/sagano) where I hit on the issue that to build images with `kernel-rt`, we need to clearly separate the `kernel` package from userspace stuff (`systemd`, `rpm-ostree`) etc. Note that we'll need to make the same change in RHCOS - until we rebase both on sagano. --- manifests/bootable-rpm-ostree.yaml | 5 ++--- manifests/fedora-coreos-base.yaml | 2 ++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/manifests/bootable-rpm-ostree.yaml b/manifests/bootable-rpm-ostree.yaml index fdb9c8b07..9d5faddbe 100644 --- a/manifests/bootable-rpm-ostree.yaml +++ b/manifests/bootable-rpm-ostree.yaml @@ -1,12 +1,11 @@ -# This minimal base starts just from: kernel + systemd + rpm-ostree + bootloader. +# This minimal base is the userspace: systemd + rpm-ostree + bootloader. # The intent of this is to inherit from this if you are doing something highly # custom that e.g. might not involve Ignition or podman, but you do want # rpm-ostree. # We expect most people though using coreos-assembler to inherit from # fedora-coreos-base.yaml. packages: - # Kernel + systemd. - - kernel systemd + - systemd # linux-firmware now a recommends so let's explicitly include it # https://gitlab.com/cki-project/kernel-ark/-/commit/32271d0cd9bd52d386eb35497c4876a8f041f70b # https://src.fedoraproject.org/rpms/kernel/c/f55c3e9ed8605ff28cb9a922efbab1055947e213?branch=rawhide diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index d48601af1..db339bce6 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -96,6 +96,8 @@ postprocess: # available in RHCOS or not desired in RHCOS). All other packages should go # into one of the sub-manifests listed at the top. packages: + # We use the default kernel package, but note c9s may differ + - kernel # Security - polkit # Containers From 06d27db27ec96dc3274960a076d8e911f2431cc6 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 15 Sep 2023 16:56:49 -0400 Subject: [PATCH 2/2] manifests: Inherit from Project sagano Fedora CoreOS predates the time of bootable containers. As such, it's actually pretty large (relatively speaking). Project Sagano is a fresh take on more minimal base images. At the same time, we want to de-duplicate efforts. With this, CoreOS cherry picks a few manifests from the Sagano "tier-0" and "tier-1". There's *definitely* more we can share between the two, but this is a notable starting point. --- .gitmodules | 3 +++ manifests/bootable-rpm-ostree.yaml | 38 +----------------------------- manifests/bootupd.yaml | 14 +---------- manifests/fedora-coreos-base.yaml | 4 ++-- manifests/fedora-coreos.yaml | 3 --- manifests/firmware.yaml | 1 + manifests/grub2-removals.yaml | 9 +------ sagano | 1 + 8 files changed, 10 insertions(+), 63 deletions(-) create mode 100644 .gitmodules mode change 100644 => 120000 manifests/bootable-rpm-ostree.yaml mode change 100644 => 120000 manifests/bootupd.yaml create mode 120000 manifests/firmware.yaml mode change 100644 => 120000 manifests/grub2-removals.yaml create mode 160000 sagano diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 000000000..3c639b282 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "sagano"] + path = sagano + url = https://gitlab.com/CentOS/cloud/sagano diff --git a/manifests/bootable-rpm-ostree.yaml b/manifests/bootable-rpm-ostree.yaml deleted file mode 100644 index 9d5faddbe..000000000 --- a/manifests/bootable-rpm-ostree.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# This minimal base is the userspace: systemd + rpm-ostree + bootloader. -# The intent of this is to inherit from this if you are doing something highly -# custom that e.g. might not involve Ignition or podman, but you do want -# rpm-ostree. -# We expect most people though using coreos-assembler to inherit from -# fedora-coreos-base.yaml. -packages: - - systemd - # linux-firmware now a recommends so let's explicitly include it - # https://gitlab.com/cki-project/kernel-ark/-/commit/32271d0cd9bd52d386eb35497c4876a8f041f70b - # https://src.fedoraproject.org/rpms/kernel/c/f55c3e9ed8605ff28cb9a922efbab1055947e213?branch=rawhide - - linux-firmware - # rpm-ostree - - rpm-ostree nss-altfiles - # firmware updates - - fwupd - -# bootloader -packages-aarch64: - - grub2-efi-aa64 efibootmgr shim -packages-ppc64le: - - grub2 ostree-grub2 -packages-s390x: - # On Fedora, this is provided by s390utils-core. on RHEL, this is for now - # provided by s390utils-base, but soon will be -core too. - - /usr/sbin/zipl - # for Secure Execution - - veritysetup -packages-x86_64: - - grub2 grub2-efi-x64 efibootmgr shim - - microcode_ctl - -exclude-packages: - # Exclude kernel-debug-core to make sure that it doesn't somehow get - # chosen as the package to satisfy the `kernel-core` dependency from - # the kernel package. - - kernel-debug-core diff --git a/manifests/bootable-rpm-ostree.yaml b/manifests/bootable-rpm-ostree.yaml new file mode 120000 index 000000000..a4e308ddf --- /dev/null +++ b/manifests/bootable-rpm-ostree.yaml @@ -0,0 +1 @@ +../sagano/tier-1/bootable-rpm-ostree.yaml \ No newline at end of file diff --git a/manifests/bootupd.yaml b/manifests/bootupd.yaml deleted file mode 100644 index ca8c5de64..000000000 --- a/manifests/bootupd.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# Integration with https://github.com/coreos/bootupd -# xref https://github.com/coreos/fedora-coreos-tracker/issues/510 -packages: - - bootupd - -postprocess: - - | - #!/bin/bash - set -xeuo pipefail - # Until we have https://github.com/coreos/rpm-ostree/pull/2275 - mkdir -p /run - # Transforms /usr/lib/ostree-boot into a bootupd-compatible update payload - /usr/bin/bootupctl backend generate-update-metadata / diff --git a/manifests/bootupd.yaml b/manifests/bootupd.yaml new file mode 120000 index 000000000..9a24a3cb1 --- /dev/null +++ b/manifests/bootupd.yaml @@ -0,0 +1 @@ +../sagano/tier-0/bootupd.yaml \ No newline at end of file diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index db339bce6..dd57a4d54 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -3,6 +3,8 @@ # core functionality. include: + - kernel.yaml + - firmware.yaml - system-configuration.yaml - ignition-and-ostree.yaml - file-transfer.yaml @@ -96,8 +98,6 @@ postprocess: # available in RHCOS or not desired in RHCOS). All other packages should go # into one of the sub-manifests listed at the top. packages: - # We use the default kernel package, but note c9s may differ - - kernel # Security - polkit # Containers diff --git a/manifests/fedora-coreos.yaml b/manifests/fedora-coreos.yaml index 2115a986d..dc9379610 100644 --- a/manifests/fedora-coreos.yaml +++ b/manifests/fedora-coreos.yaml @@ -20,9 +20,6 @@ conditional-include: - if: basearch == "aarch64" # Fixup for kdump on aarch64 AWS instances include: kdump-aarch64-aws-workaround.yaml - - if: basearch != "s390x" - # And remove some cruft from grub2 - include: grub2-removals.yaml - if: basearch == "ppc64le" # Need OSTree autopruning on ppc64le (because kernels aren't compressed) # until we increase the size of /boot. diff --git a/manifests/firmware.yaml b/manifests/firmware.yaml new file mode 120000 index 000000000..921e7a23a --- /dev/null +++ b/manifests/firmware.yaml @@ -0,0 +1 @@ +../sagano/tier-1/firmware.yaml \ No newline at end of file diff --git a/manifests/grub2-removals.yaml b/manifests/grub2-removals.yaml deleted file mode 100644 index f4800ddd1..000000000 --- a/manifests/grub2-removals.yaml +++ /dev/null @@ -1,8 +0,0 @@ -remove-from-packages: - # The grub bits are mainly designed for desktops, and IMO haven't seen - # enough testing in concert with ostree. At some point we'll flesh out - # the full plan in https://github.com/coreos/fedora-coreos-tracker/issues/47 - - [grub2-tools, /etc/grub.d/08_fallback_counting, - /etc/grub.d/10_reset_boot_success, - /etc/grub.d/12_menu_auto_hide, - /usr/lib/systemd/.*] diff --git a/manifests/grub2-removals.yaml b/manifests/grub2-removals.yaml new file mode 120000 index 000000000..9d3d52a3d --- /dev/null +++ b/manifests/grub2-removals.yaml @@ -0,0 +1 @@ +../sagano/tier-0/grub2-removals.yaml \ No newline at end of file diff --git a/sagano b/sagano new file mode 160000 index 000000000..901c1fd70 --- /dev/null +++ b/sagano @@ -0,0 +1 @@ +Subproject commit 901c1fd70462ec93016dae882aa5c6ba7e38d1d4