Initial import of descriptions

This commit is contained in:
Neal Gompa 2023-10-14 15:21:23 -04:00
parent 14e2f2a0e1
commit 838cd9b2ee
18 changed files with 554 additions and 0 deletions

1
Fedora-Linux.kiwi Symbolic link
View File

@ -0,0 +1 @@
config.xml

View File

@ -6,6 +6,23 @@ The `rawhide` branch is used for Fedora Rawhide images and each release branch i
All changes should be made via the PR workflow.
## Image variants
* Cloud Edition (image type: `oem`, image profiles: `Cloud-OpenStack`/`Cloud-AmazonEC2`/`Cloud-Azure`/`Cloud-GCE`)
* Workstation Edition (image type: `iso`, image profiles: `Workstation-Live`)
* KDE Spin (image type: `iso`, image profiles: `KDE-Live`)
## Image build quickstart
Set up your development environment and run the image build (substitute `<image_type>` and `<image_profile>` for the appropriate settings):
```bash
# Install kiwi
[]$ sudo dnf --assumeyes install kiwi
# Run the image build
[]$ sudo ./kiwi-build --image-type=<image_type> --image-profile=<image_profile> --output-dir ./outdir
```
## Licensing
This is free software: you can redistribute it and/or modify

22
components/boot.xml Normal file
View File

@ -0,0 +1,22 @@
<image>
<profiles>
<profile name="BootCore" description="Boot core packages"/>
</profiles>
<packages type="image" patternType="plusRecommended" profiles="BootCore">
<package name="grub2-efi-aa64" arch="aarch64"/>
<package name="grub2-efi-aa64-modules" arch="aarch64"/>
<package name="grub2-efi-x64" arch="x86_64"/>
<package name="grub2-efi-x64-modules" arch="x86_64"/>
<package name="grub2-pc" arch="x86_64"/>
<package name="grub2-pc-modules" arch="x86_64"/>
<package name="shim-signed-aa64" arch="aarch64"/>
<package name="shim-signed-x64" arch="x86_64"/>
<package name="kernel-core"/>
<package name="systemd-oomd-defaults"/>
<package name="systemd-resolved"/>
</packages>
<packages type="iso" patternType="plusRecommended" profiles="BootCore">
<package name="grub2-efi-aa64-cdboot" arch="aarch64"/>
<package name="grub2-efi-x64-cdboot" arch="x86_64"/>
</packages>
</image>

View File

@ -0,0 +1,37 @@
<image>
<profiles>
<profile name="DesktopCommon" description="Common desktop packages"/>
<profile name="GNOME-Desktop" description="GNOME Desktop">
<requires profile="DesktopCommon"/>
</profile>
<profile name="KDE-Desktop" description="KDE Plasma Desktop">
<requires profile="DesktopCommon"/>
</profile>
</profiles>
<packages type="image" patternType="plusRecommended" profiles="DesktopCommon">
<namedCollection name="internet-browser"/>
<namedCollection name="fonts"/>
<namedCollection name="multimedia"/>
<namedCollection name="networkmanager-submodules"/>
<namedCollection name="office-suite"/>
<namedCollection name="hardware-support"/>
<namedCollection name="print-client"/>
<namedCollection name="guest-desktop-agents"/>
<namedCollection name="standard"/>
</packages>
<packages type="image" patternType="plusRecommended" profiles="GNOME-Desktop">
<namedCollection name="workstation-product-environment"/>
<package name="fedora-release-workstation"/>
</packages>
<packages type="image" patternType="plusRecommended" profiles="KDE-Desktop">
<namedCollection name="kde-desktop-environment"/>
<namedCollection name="kde-apps"/>
<namedCollection name="kde-media"/>
<package name="fuse"/>
<package name="fedora-release-kde"/>
<package name="kde-l10n"/>
<ignore name="@admin-tools"/>
<ignore name="gnome-disk-utility"/>
<ignore name="system-config-printer"/>
</packages>
</image>

View File

@ -0,0 +1,30 @@
<image>
<profiles>
<profile name="LiveInstall" description="Live Install ISO">
<requires profile="BootCore"/>
</profile>
</profiles>
<preferences profiles="LiveInstall">
<type image="iso" publisher="Fedora Project" volid="Fedora_Linux" primary="true" flags="dmsquash" firmware="uefi" kernelcmdline="quiet rhgb" mediacheck="false">
<bootloader name="grub2" grub_template="grub.cfg.iso-template" console="console" timeout="10"/>
</type>
</preferences>
<packages type="iso" patternType="plusRecommended" profiles="LiveInstall">
<!-- The point of a live image is to install -->
<namedCollection name="anaconda-tools"/>
<package name="anaconda"/>
<package name="anaconda-install-env-deps"/>
<package name="anaconda-live"/>
<!-- Need this for SVG release note images -->
<package name="aajohan-comfortaa-fonts"/>
<package name="dracut-live"/>
<package name="glibc-all-langpacks"/>
<package name="kernel"/>
<package name="kernel-modules"/>
<package name="kernel-modules-extra"/>
<package name="livesys-scripts"/>
<package name="btrfs-progs"/>
<package name="udisks2-btrfs"/>
<ignore name="gfs2-utils"/>
</packages>
</image>

6
components/users.xml Normal file
View File

@ -0,0 +1,6 @@
<image>
<users profiles="Cloud-Azure,Cloud-AmazonEC2,Cloud-GCE,Cloud-OpenStack,LiveInstall">
<!-- The password here does not matter, it will be erased in config.sh -->
<user name="root" groups="root" password="linux" home="/root" pwdformat="plain" />
</users>
</image>

121
config.sh Executable file
View File

@ -0,0 +1,121 @@
#!/bin/bash
set -euxo pipefail
#======================================
# Functions...
#--------------------------------------
test -f /.kconfig && . /.kconfig
test -f /.profile && . /.profile
#======================================
# Greeting...
#--------------------------------------
echo "Configure image: [$kiwi_iname]-[$kiwi_profiles]..."
#======================================
# Set SELinux booleans
#--------------------------------------
## Fixes KDE Plasma, see rhbz#2058657
setsebool -P selinuxuser_execmod 1
#======================================
# Clear machine specific configuration
#--------------------------------------
## Clear machine-id on pre generated images
rm -f /etc/machine-id
echo 'uninitialized' > /etc/machine-id
## remove random seed, the newly installed instance should make its own
rm -f /var/lib/systemd/random-seed
#======================================
# Configure grub correctly
#--------------------------------------
## Works around issues with grub-bls
## See: https://github.com/OSInside/kiwi/issues/2198
echo "GRUB_DEFAULT=saved" >> /etc/default/grub
## Disable submenus to match Fedora
echo "GRUB_DISABLE_SUBMENU=true" >> /etc/default/grub
## Disable recovery entries to match Fedora
echo "GRUB_DISABLE_RECOVERY=true" >> /etc/default/grub
#======================================
# Delete & lock the root user password
#--------------------------------------
if [[ "$kiwi_profiles" == *"Cloud"* ]] || [[ "$kiwi_profiles" == *"Live"* ]]; then
passwd -d root
passwd -l root
fi
#======================================
# Setup default services
#--------------------------------------
if [[ "$kiwi_profiles" == *"Live"* ]]; then
## Configure livesys session
if [[ "$kiwi_profiles" == *"GNOME"* ]]; then
echo 'livesys_session="gnome"' > /etc/sysconfig/livesys
fi
if [[ "$kiwi_profiles" == *"KDE"* ]]; then
echo 'livesys_session="kde"' > /etc/sysconfig/livesys
fi
fi
#======================================
# Setup default target
#--------------------------------------
if [[ "$kiwi_profiles" == *"GNOME"* ]] || [[ "$kiwi_profiles" == *"KDE"* ]]; then
systemctl set-default graphical.target
else
systemctl set-default multi-user.target
fi
#======================================
# Setup default customizations
#--------------------------------------
if [[ "$kiwi_profiles" == *"Azure"* ]]; then
cat > /etc/ssh/sshd_config.d/50-client-alive-interval.conf << EOF
ClientAliveInterval 120
EOF
cat >> /etc/chrony.conf << EOF
# Azure's virtual time source:
# https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync#check-for-ptp-clock-source
refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 offset 0
EOF
fi
if [[ "$kiwi_profiles" == *"GCE"* ]]; then
cat <<EOF > /etc/NetworkManager/conf.d/gcp-mtu.conf
# In GCP it is recommended to use 1460 as the MTU.
# Set it to 1460 for all connections.
# https://cloud.google.com/network-connectivity/docs/vpn/concepts/mtu-considerations
[connection]
ethernet.mtu = 1460
EOF
fi
if [[ "$kiwi_profiles" == *"Vagrant"* ]]; then
sed -e 's/.*UseDNS.*/UseDNS no/' -i /etc/ssh/sshd_config
mkdir -m 0700 -p ~vagrant/.ssh
cat > ~vagrant/.ssh/authorized_keys << EOKEYS
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
EOKEYS
chmod 600 ~vagrant/.ssh/authorized_keys
chown -R vagrant:vagrant ~vagrant/.ssh/
cat > /etc/ssh/sshd_config.d/10-vagrant-insecure-rsa-key.conf <<EOF
# For now the vagrant insecure key is an rsa key
# https://github.com/hashicorp/vagrant/issues/11783
PubkeyAcceptedKeyTypes=+ssh-rsa
EOF
# Further suggestion from @purpleidea (James Shubin) - extend key to root users as well
mkdir -m 0700 -p /root/.ssh
cp /home/vagrant/.ssh/authorized_keys /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
chown -R root:root /root/.ssh
fi
exit 0

29
config.xml Normal file
View File

@ -0,0 +1,29 @@
<?xml version="1.0" encoding="utf-8"?>
<image schemaversion="7.4" name="Fedora-Linux">
<description type="system">
<author>Fedora Project Contributors</author>
<contact>devel@lists.fedoraproject.org</contact>
<specification>Fedora Linux</specification>
</description>
<preferences>
<version>0.0.0</version>
<packagemanager>dnf</packagemanager>
<locale>en_US</locale>
<keytable>us</keytable>
<timezone>UTC</timezone>
<release-version>rawhide</release-version>
</preferences>
<include from="this://./repositories/core.xml"/>
<include from="this://./components/boot.xml"/>
<include from="this://./components/desktop-environments.xml"/>
<include from="this://./components/liveinstall.xml"/>
<include from="this://./components/users.xml"/>
<include from="this://./platforms/cloud.xml"/>
<include from="this://./platforms/vagrant.xml"/>
<include from="this://./platforms/workstation.xml"/>
<packages type="bootstrap">
<package name="basesystem"/>
<package name="filesystem"/>
</packages>
</image>

44
grub.cfg.iso-template Normal file
View File

@ -0,0 +1,44 @@
# Inspired by the config used for lorax-built live media
set default=${default_boot}
if [ "$$grub_platform" == "efi" ]; then
function load_video {
insmod efi_gop
insmod efi_uga
insmod video_bochs
insmod video_cirrus
insmod all_video
}
set basicgfx="nomodeset"
else
function load_video {
insmod all_video
}
set basicgfx="nomodeset vga=791"
fi
load_video
set gfxpayload=keep
insmod gzio
insmod part_gpt
insmod ext2
terminal_input console
terminal_output ${terminal_setup}
set timeout=${boot_timeout}
set timeout_style=${boot_timeout_style}
search ${search_params}
menuentry "Start ${title}" --class fedora --class gnu-linux --class gnu --class os {
linux ($$root)${bootpath}/${kernel_file} ${boot_options}
initrd ($$root)${bootpath}/${initrd_file}
}
submenu "Troubleshooting -->" {
menuentry "Start ${title} in basic graphics mode" --class fedora --class gnu-linux --class gnu --class os {
linux ($$root)${bootpath}/${kernel_file} ${boot_options} $${basicgfx}
initrd ($$root)${bootpath}/${initrd_file}
}
}

64
kiwi-build Executable file
View File

@ -0,0 +1,64 @@
#!/bin/bash
# Simple wrapper to call kiwi properly for image builds
# Author: Neal Gompa <ngompa@fedoraproject.org>
set -eu -o pipefail
kiwibuildsh="$(basename "$0")"
usage() {
echo >&2 "usage: $kiwibuildsh --output-dir=DIR --image-type=TYPE --image-profile=PROFILE [--debug]"
echo >&2 " eg: $kiwibuildsh --output-dir=/var/tmp/work --image-type=oem --image-profile=cloud --debug"
echo >&2 " eg: $kiwibuildsh --output-dir=/var/tmp/work --image-type=oem --image-profile=cloud"
exit 255
}
optTemp=$(getopt --options '+o:,t:,p:,d,h' --longoptions 'output-dir:,image-type:,image-profile:,debug,help' --name "$kiwibuildsh" -- "$@")
eval set -- "$optTemp"
unset optTemp
output_dir=
image_type=
image_profile=
debug=
while true; do
case "$1" in
-o|--output-dir) output_dir="$2" ; shift 2 ;;
-t|--image-type) image_type="$2" ; shift 2 ;;
-p|--image-profile) image_profile="$2" ; shift 2 ;;
-d|--debug) debug="--debug" ; shift ;;
-h|--help) usage ;;
--) shift ; break ;;
esac
done
if [ -z "$output_dir" ] || [ -z "$image_type" ] || [ -z "$image_profile" ]; then
echo "Options not set!"
usage
fi
if [ -e "/sys/fs/selinux/enforce" ]; then
# Disable SELinux enforcement during the image build if it's enforcing
selinux_enforcing="$(cat /sys/fs/selinux/enforce)"
if [ "$selinux_enforcing" = "1" ]; then
setenforce 0
fi
fi
pushd kiwi-desc
set +e
kiwi-ng ${debug} --type="${image_type}" --profile="${image_profile}" --color-output system build --description "./" --target-dir "${output_dir}"
kiwi_status=$?
set -e
popd
if [ -e "/sys/fs/selinux/enforce" ]; then
# Re-enable SELinux enforcement now that image build is done
if [ "$selinux_enforcing" = "1" ]; then
setenforce 1
fi
fi
exit $kiwi_status

101
platforms/cloud.xml Normal file
View File

@ -0,0 +1,101 @@
<image>
<profiles>
<profile name="CloudCore" description="Cloud spin core packages">
<requires profile="BootCore"/>
</profile>
<profile name="Cloud-Azure" description="Azure Guest Image">
<requires profile="CloudCore"/>
</profile>
<profile name="Cloud-AmazonEC2" description="Amazon EC2 HVM Guest Image">
<requires profile="CloudCore"/>
</profile>
<profile name="Cloud-GCE" description="GCE Guest Image">
<requires profile="CloudCore"/>
</profile>
<profile name="Cloud-OpenStack" description="OpenStack Guest Image">
<requires profile="CloudCore"/>
</profile>
</profiles>
<preferences profiles="Cloud-Azure">
<type image="oem" filesystem="btrfs" kernelcmdline="no_timer_check net.ifnames=0 console=tty1 console=ttyS0,115200n8" devicepersistency="by-uuid" formatoptions="force_size" format="vhd-fixed" bootpartition="true" bootpartsize="1000" bootfilesystem="ext4" efipartsize="100" firmware="uefi" fsmountoptions="compress=zstd:1" btrfs_root_is_subvolume="true" btrfs_set_default_volume="false" rootfs_label="fedora">
<bootloader name="grub2" console="serial" timeout="0"/>
<systemdisk>
<volume name="@root=root"/>
<volume name="home" parent="/"/>
<volume name="var" parent="/"/>
</systemdisk>
<size unit="G">5</size>
<oemconfig>
<oem-resize>false</oem-resize>
</oemconfig>
</type>
</preferences>
<preferences profiles="Cloud-AmazonEC2">
<type image="oem" filesystem="btrfs" kernelcmdline="no_timer_check net.ifnames=0 console=tty1 console=ttyS0,115200n8" devicepersistency="by-uuid" bootpartition="true" bootpartsize="1000" bootfilesystem="ext4" efipartsize="100" firmware="uefi" fsmountoptions="compress=zstd:1" btrfs_root_is_subvolume="true" btrfs_set_default_volume="false" rootfs_label="fedora">
<bootloader name="grub2" timeout="0"/>
<size unit="G">5</size>
<systemdisk>
<volume name="@root=root"/>
<volume name="home" parent="/"/>
<volume name="var" parent="/"/>
</systemdisk>
<oemconfig>
<oem-resize>false</oem-resize>
</oemconfig>
</type>
</preferences>
<preferences profiles="Cloud-GCE">
<type image="oem" filesystem="btrfs" kernelcmdline="no_timer_check net.ifnames=0 console=ttyS0,38400n8d" devicepersistency="by-uuid" bootpartition="true" bootpartsize="1000" bootfilesystem="ext4" efipartsize="100" format="gce" firmware="uefi" fsmountoptions="compress=zstd:1" btrfs_root_is_subvolume="true" btrfs_set_default_volume="false" rootfs_label="fedora">
<bootloader name="grub2" timeout="0"/>
<size unit="G">5</size>
<systemdisk>
<volume name="@root=root"/>
<volume name="home" parent="/"/>
<volume name="var" parent="/"/>
</systemdisk>
<oemconfig>
<oem-resize>false</oem-resize>
</oemconfig>
</type>
</preferences>
<preferences profiles="Cloud-OpenStack">
<type image="oem" filesystem="btrfs" kernelcmdline="no_timer_check net.ifnames=0 console=tty1 console=ttyS0,115200n8" devicepersistency="by-uuid" bootpartition="true" bootpartsize="1000" bootfilesystem="ext4" efipartsize="100" firmware="uefi" format="qcow2" fsmountoptions="compress=zstd:1" btrfs_root_is_subvolume="true" btrfs_set_default_volume="false" rootfs_label="fedora">
<bootloader name="grub2" timeout="0"/>
<size unit="G">5</size>
<systemdisk>
<volume name="@root=root"/>
<volume name="home" parent="/"/>
<volume name="var" parent="/"/>
</systemdisk>
<oemconfig>
<oem-resize>false</oem-resize>
</oemconfig>
</type>
</preferences>
<packages type="image" patternType="plusRecommended" profiles="CloudCore">
<namedCollection name="cloud-server-environment"/>
<ignore name="dracut-config-rescue"/>
<ignore name="firewalld"/>
<ignore name="kernel"/>
<ignore name="*-firmware"/>
<ignore name="geolite2-city"/>
<ignore name="geolite2-country"/>
<ignore name="plymouth"/>
<package name="python3-dnf-plugin-tracer"/>
<package name="glibc-langpack-en"/>
</packages>
<packages type="image" patternType="plusRecommended" profiles="Cloud-Azure">
<package name="WALinuxAgent"/>
</packages>
<packages type="image" patternType="plusRecommended" profiles="Cloud-GCE">
<package name="google-compute-engine-guest-configs"/>
<package name="google-compute-engine-oslogin"/>
<package name="google-guest-agent"/>
</packages>
<packages type="image" patternType="plusRecommended" profiles="Cloud-OpenStack">
<package name="qemu-guest-agent"/>
</packages>
<packages type="uninstall" profiles="Cloud-GCE">
<package name="cloud-init"/>
</packages>
</image>

34
platforms/vagrant.xml Normal file
View File

@ -0,0 +1,34 @@
<image>
<profiles>
<profile name="Vagrant" description="Vagrant guest image">
<requires profile="CloudCore"/>
</profile>
</profiles>
<preferences profiles="Vagrant">
<type image="oem" filesystem="btrfs" kernelcmdline="no_timer_check console=tty1 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0" devicepersistency="by-uuid" bootpartition="true" bootpartsize="1000" bootfilesystem="ext4" efipartsize="100" firmware="uefi" format="vagrant" fsmountoptions="compress=zstd:1" btrfs_root_is_subvolume="true" btrfs_set_default_volume="false" rootfs_label="fedora">
<bootloader name="grub2" console="serial" timeout="1"/>
<size unit="G">5</size>
<systemdisk>
<volume name="@root=root"/>
<volume name="home" parent="/"/>
<volume name="var" parent="/"/>
</systemdisk>
<oemconfig>
<oem-resize>false</oem-resize>
</oemconfig>
</type>
</preferences>
<users profiles="Vagrant">
<!-- Standard password for the vagrant user, used by all images -->
<user name="vagrant" groups="vagrant" password="vagrant" home="/home/vagrant" pwdformat="plain" />
<user password="$1$wYJUgpM5$RXMMeASDc035eX.NbYWFl0" home="/root" name="root" groups="root"/>
</users>
<packages type="image" patternType="plusRecommended" profiles="Vagrant">
<package name="dnf-yum"/>
<package name="rsync"/>
<package name="fuse-sshfs"/>
<package name="gdisk"/>
<package name="glibc-langpack-en"/>
<package name="qemu-guest-agent"/>
</packages>
</image>

12
platforms/workstation.xml Normal file
View File

@ -0,0 +1,12 @@
<image>
<profiles>
<profile name="Workstation-Live" description="Workstation Edition Live DVD">
<requires profile="GNOME-Desktop"/>
<requires profile="LiveInstall"/>
</profile>
<profile name="KDE-Live" description="KDE Plasma Spin Live DVD">
<requires profile="KDE-Desktop"/>
<requires profile="LiveInstall"/>
</profile>
</profiles>
</image>

View File

@ -0,0 +1,12 @@
<image>
<repository type="rpm-md" alias="fedora" sourcetype="metalink">
<source path="https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&amp;arch=$basearch">
<signing key="file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-$releasever-primary"/>
</source>
</repository>
<repository type="rpm-md" alias="updates" sourcetype="metalink">
<source path="https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&amp;arch=$basearch">
<signing key="file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-$releasever-primary"/>
</source>
</repository>
</image>

View File

@ -0,0 +1,7 @@
<image>
<repository type="rpm-md" alias="rawhide" sourcetype="metalink">
<source path="https://mirrors.fedoraproject.org/metalink?repo=rawhide&amp;arch=$basearch">
<signing key="file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-rawhide-primary"/>
</source>
</repository>
</image>

1
repositories/core.xml Symbolic link
View File

@ -0,0 +1 @@
core-rawhide.xml

10
root/etc/fstab.script Executable file
View File

@ -0,0 +1,10 @@
#!/bin/sh
# Set ESP mount options to match what Fedora does
# https://github.com/OSInside/kiwi/issues/2201
gawk -i inplace '$2 == "/boot/efi" { $4 = $4",umask=0077,shortname=winnt" } { print $0 }' /etc/fstab
# Run selinux relabel at the right time
# https://github.com/OSInside/kiwi/issues/2192
# https://github.com/OSInside/kiwi/pull/2282#issuecomment-1514399308
setfiles -F -p -c /etc/selinux/targeted/policy/policy.* -e /proc -e /sys -e /dev /etc/selinux/targeted/contexts/files/file_contexts /

View File

@ -0,0 +1,6 @@
# UPDATEDEFAULT specifies if kernel-install should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel-core