-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for arbitrary kickstart file injection into ISOs (HMS-3879) #631
Commits on May 13, 2024
-
customizations: new subpackage: kickstart
New package for internal kickstart customizations. Adds support for user kickstart file contents. We will also use it to move other kickstart related options as a single struct across pipeline generation code.
Configuration menu - View commit details
-
Copy full SHA for 92a6bab - Browse repository at this point
Copy the full SHA 92a6babView commit details -
image: drop osname from the live installer
The osname property is only relevant for ostree installers.
Configuration menu - View commit details
-
Copy full SHA for 253e80c - Browse repository at this point
Copy the full SHA 253e80cView commit details -
manifest: use kickstart.Options on AnacondaInstallerISOTree
Remove all the kickstart-related properties from AnacondaInstallerISOTree and add the new kickstart.Options struct. Panic if it's not set and any of the stages require it, for example to set the path of the file when a kickstart file is required for the specific payload. This commit has no effect on generated manifests.
Configuration menu - View commit details
-
Copy full SHA for 4b6b255 - Browse repository at this point
Copy the full SHA 4b6b255View commit details -
manifest: use kickstart.Options on AnacondaInstaller
Remove the Users and Groups properties from AnacondaInstaller and add the new kickstart.Options struct. Name it InteractiveDefaultsKickstart to make it clear that it's not the same kind of kickstart file that we create in the AnacondaInstallerISOTree but it only serves to set options in the interactive default kickstart file. It currently only supports Users and Groups. This commit has no effect on generated manifests.
Configuration menu - View commit details
-
Copy full SHA for 2690871 - Browse repository at this point
Copy the full SHA 2690871View commit details -
blueprint: support user kickstart injection
Adds a new blueprint customization [installer.kickstart.contents] that will allow users to inject their own kickstart file into the ISO.
Configuration menu - View commit details
-
Copy full SHA for 2926433 - Browse repository at this point
Copy the full SHA 2926433View commit details -
distro: wire up the user kickstart customization
Pass the user kickstart customization from the blueprint options into the pipeline generators and append it to any hardcoded kickstart bits that we might be including ourselves. Just like with other injected kickstart parts, like the %post section we add for sudoers, the user's kickstart file, when specified, will be added to an iso as osbuild.ks and the kickstart file created by osbuild will be renamed to osbuilld-base.ks and run using an %include added to the top of the osbuild.ks file.
Configuration menu - View commit details
-
Copy full SHA for e4b362f - Browse repository at this point
Copy the full SHA e4b362fView commit details -
manifest: calculate raw kickstart test file content hash in test
Instead of a static content hash for the raw kickstart file when testing, calculate it on the fly using a hardcoded blob for the sudobits and add any extra content that the user might have supplied so we can test the user injected content as well.
Configuration menu - View commit details
-
Copy full SHA for c4a4df0 - Browse repository at this point
Copy the full SHA c4a4df0View commit details -
manifest: check len(SudoNopasswd) in test instead of true/false
Check the input instead of passing true/false for every test.
Configuration menu - View commit details
-
Copy full SHA for 2063ca6 - Browse repository at this point
Copy the full SHA 2063ca6View commit details -
test: add a config that uses a user kickstart file
The user kickstart contents is identical to the contents added when the sudo-nopasswd options are enabled, so this configuration produces the same manifest as the unattended-iso configuration.
Configuration menu - View commit details
-
Copy full SHA for 9c4407d - Browse repository at this point
Copy the full SHA 9c4407dView commit details -
blueprint: custom kickstart incompatible with installer customizations
Error out at the blueprint processing if the user includes a custom kickstart and also includes installer customizations.
Configuration menu - View commit details
-
Copy full SHA for 0f9092d - Browse repository at this point
Copy the full SHA 0f9092dView commit details -
distro: ostree users and groups incompatible with kickstart contents
User and Group customizations are incompatible with kickstart contents for ostree Anaconda installers only. When building an ostree Anaconda installer (edge-installer or iot-installer), users and groups are created using kickstart commands. When the user adds their own kickstart file contents, we want to remove any ambiguity or confusion by not allowing any other customization that would affect the kickstart file.
Configuration menu - View commit details
-
Copy full SHA for 755d379 - Browse repository at this point
Copy the full SHA 755d379View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1df77c8 - Browse repository at this point
Copy the full SHA 1df77c8View commit details -
manifest: restrict kickstart options for bootc container installer
Do not allow or add any kickstart options to the bootc container installer ISO when a user kickstart is included. The only line that we add is the ostree container installation line in its own kickstart. The user kickstart file is then added separately and it %includes our own.
Configuration menu - View commit details
-
Copy full SHA for 4efb219 - Browse repository at this point
Copy the full SHA 4efb219View commit details -
manifest: restrict kickstart options for anaconda installers
Do not allow or add any kickstart options to the tar payload installer (image-installer) or the ostree installer (edge/iot-installer). The only line that we add is the installation line in its own kickstart. The user kickstart file is then added separately and it %includes our own.
Configuration menu - View commit details
-
Copy full SHA for 23211db - Browse repository at this point
Copy the full SHA 23211dbView commit details -
manifest: update kickstart tests
1. Kickstart tests now check if the pipeline serialization panic()s when unsupported options are combined. 2. When "extra" kickstart content is defined (user kickstart file), the pre-defined hardcoded kickstart bits aren't added to the checksum calculation.
Configuration menu - View commit details
-
Copy full SHA for 35d623e - Browse repository at this point
Copy the full SHA 35d623eView commit details -
test: update config to match new rules
Unattended + kickstart.contents is no longer allowed, so set unattended to false.
Configuration menu - View commit details
-
Copy full SHA for c10a539 - Browse repository at this point
Copy the full SHA c10a539View commit details
Commits on May 14, 2024
-
customizations: function for kickstart customization initialisation
Initialise kickstart customizations for an image with the common options from the blueprint customizations. The kickstart options are initialised with Users, Groups, the Unattended and SudoNopasswd installer options, and the custom kickstart content. Other options (Language, Keyboard, Timezone, and payload options) must be set separately, since they aren't based solely on the blueprint customizations and interact with other configs, like image config or the ostree payload options. Co-authored-by: Michael Vogt <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4d64e67 - Browse repository at this point
Copy the full SHA 4d64e67View commit details -
distro: flip the installer customization check order
Co-authored-by: Michael Vogt <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3beb9c9 - Browse repository at this point
Copy the full SHA 3beb9c9View commit details -
customizations/kickstart: unify option validation
Validate kickstart options in a Validate() function so unify option compatibility handling. The function is called from the kickstart.New() initialiser, but we also call it before stage creation to make sure everything is valid right before stage creation. Co-authored-by: Michael Vogt <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for df3bdb4 - Browse repository at this point
Copy the full SHA df3bdb4View commit details