Add base container definitions

This adds the definitions for building the container tarballs for
the base container, the minimal base container, and the toolbox
container.
This commit is contained in:
Neal Gompa 2024-01-07 22:16:11 -05:00
parent e6896b13c2
commit d27e4c3f6c
7 changed files with 263 additions and 13 deletions

View File

@ -10,6 +10,8 @@ All changes should be made via the PR workflow.
* Base Cloud Edition for clouds (image type: `oem`, image profiles: `Cloud-Base-Generic`/`Cloud-Base-AmazonEC2`/`Cloud-Base-Azure`/`Cloud-Base-GCE`) * Base Cloud Edition for clouds (image type: `oem`, image profiles: `Cloud-Base-Generic`/`Cloud-Base-AmazonEC2`/`Cloud-Base-Azure`/`Cloud-Base-GCE`)
* Base Cloud Edition for Vagrant (image type: `oem`, image profiles: `Cloud-Base-Vagrant-libvirt`/`Cloud-Base-Vagrant-VirtualBox`) * Base Cloud Edition for Vagrant (image type: `oem`, image profiles: `Cloud-Base-Vagrant-libvirt`/`Cloud-Base-Vagrant-VirtualBox`)
* Base Container (image type: `tbz`, image profiles `Container-Base-Generic-Minimal`/`Container-Base-Generic`)
* Toolbox Container (image type: `tbz`, image profiles `Container-Toolbox`)
* KDE Spin (image type: `iso`, image profiles: `KDE-Live`) * KDE Spin (image type: `iso`, image profiles: `KDE-Live`)
* Workstation Edition (image type: `iso`, image profiles: `Workstation-Live`) * Workstation Edition (image type: `iso`, image profiles: `Workstation-Live`)

View File

@ -16,8 +16,10 @@ echo "Configure image: [$kiwi_iname]-[$kiwi_profiles]..."
#====================================== #======================================
# Set SELinux booleans # Set SELinux booleans
#-------------------------------------- #--------------------------------------
if [[ "$kiwi_profiles" != *"Container"* ]]; then
## Fixes KDE Plasma, see rhbz#2058657 ## Fixes KDE Plasma, see rhbz#2058657
setsebool -P selinuxuser_execmod 1 setsebool -P selinuxuser_execmod 1
fi
#====================================== #======================================
# Clear machine specific configuration # Clear machine specific configuration
@ -31,6 +33,7 @@ rm -f /var/lib/systemd/random-seed
#====================================== #======================================
# Configure grub correctly # Configure grub correctly
#-------------------------------------- #--------------------------------------
if [[ "$kiwi_profiles" != *"Container"* ]]; then
## Works around issues with grub-bls ## Works around issues with grub-bls
## See: https://github.com/OSInside/kiwi/issues/2198 ## See: https://github.com/OSInside/kiwi/issues/2198
echo "GRUB_DEFAULT=saved" >> /etc/default/grub echo "GRUB_DEFAULT=saved" >> /etc/default/grub
@ -38,6 +41,7 @@ echo "GRUB_DEFAULT=saved" >> /etc/default/grub
echo "GRUB_DISABLE_SUBMENU=true" >> /etc/default/grub echo "GRUB_DISABLE_SUBMENU=true" >> /etc/default/grub
## Disable recovery entries to match Fedora ## Disable recovery entries to match Fedora
echo "GRUB_DISABLE_RECOVERY=true" >> /etc/default/grub echo "GRUB_DISABLE_RECOVERY=true" >> /etc/default/grub
fi
#====================================== #======================================
# Delete & lock the root user password # Delete & lock the root user password
@ -64,11 +68,13 @@ fi
#====================================== #======================================
# Setup default target # Setup default target
#-------------------------------------- #--------------------------------------
if [[ "$kiwi_profiles" != *"Container"* ]]; then
if [[ "$kiwi_profiles" == *"GNOME"* ]] || [[ "$kiwi_profiles" == *"KDE"* ]]; then if [[ "$kiwi_profiles" == *"GNOME"* ]] || [[ "$kiwi_profiles" == *"KDE"* ]]; then
systemctl set-default graphical.target systemctl set-default graphical.target
else else
systemctl set-default multi-user.target systemctl set-default multi-user.target
fi fi
fi
#====================================== #======================================
# Setup default customizations # Setup default customizations
@ -118,4 +124,72 @@ chmod 600 /root/.ssh/authorized_keys
chown -R root:root /root/.ssh chown -R root:root /root/.ssh
fi fi
if [[ "$kiwi_profiles" == *"Container"* ]]; then
# Set install langs macro so that new rpms that get installed will
# only install langs that we limit it to.
LANG="en_US"
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
# https://bugzilla.redhat.com/show_bug.cgi?id=1727489
echo 'LANG="C.UTF-8"' > /etc/locale.conf
# https://bugzilla.redhat.com/show_bug.cgi?id=1400682
echo "Import RPM GPG key"
releasever=$(rpm --eval '%{?fedora}')
# When building ELN containers, we don't have the %{fedora} macro
if [ -z $releasever ]; then
releasever=eln
fi
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-primary
echo "# fstab intentionally empty for containers" > /etc/fstab
# Remove machine-id on pre generated images
rm -f /etc/machine-id
touch /etc/machine-id
echo "# resolv placeholder" > /etc/resolv.conf
chmod 644 /etc/resolv.conf
# Remove extraneous files
rm -rf /tmp/*
# https://pagure.io/atomic-wg/issue/308
printf "tsflags=nodocs\n" >>/etc/dnf/dnf.conf
if [[ "$kiwi_profiles" == *"Base-Generic-Minimal"* ]]; then
# remove some random help txt files
rm -fv /usr/share/gnupg/help*.txt
# Pruning random things
rm /usr/lib/rpm/rpm.daily
rm -rfv /usr/lib64/nss/unsupported-tools/ # unsupported
# Statically linked crap
rm -fv /usr/sbin/{glibc_post_upgrade.x86_64,sln}
ln /usr/bin/ln usr/sbin/sln
# Remove some dnf info
rm -rfv /var/lib/dnf
# don't need icons
rm -rfv /usr/share/icons/*
#some random not-that-useful binaries
rm -fv /usr/bin/pinky
# we lose presets by removing /usr/lib/systemd but we do not care
rm -rfv /usr/lib/systemd
fi
if [[ "$kiwi_profiles" == *"Toolbox"* ]]; then
# Remove macros.image-language-conf file
rm -f /etc/rpm/macros.image-language-conf
# Remove 'tsflags=nodocs' line from dnf.conf
sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
fi
fi
exit 0 exit 0

View File

@ -20,6 +20,7 @@
<include from="this://./components/liveinstall.xml"/> <include from="this://./components/liveinstall.xml"/>
<include from="this://./components/users.xml"/> <include from="this://./components/users.xml"/>
<include from="this://./platforms/cloud.xml"/> <include from="this://./platforms/cloud.xml"/>
<include from="this://./platforms/container.xml"/>
<include from="this://./platforms/vagrant.xml"/> <include from="this://./platforms/vagrant.xml"/>
<include from="this://./platforms/workstation.xml"/> <include from="this://./platforms/workstation.xml"/>
<packages type="bootstrap"> <packages type="bootstrap">

149
platforms/container.xml Normal file
View File

@ -0,0 +1,149 @@
<image>
<profiles>
<profile name="ContainerCore" description="Container core packages">
</profile>
<profile name="Container-Base-Generic-Minimal" description="Generic Minimal Base Container Image">
<requires profile="ContainerCore"/>
</profile>
<profile name="Container-Base-Generic" description="Generic Base Container Image">
<requires profile="ContainerCore"/>
</profile>
<profile name="Container-Toolbox" description="Toolbox Container Image">
<requires profile="ContainerCore"/>
</profile>
</profiles>
<preferences profiles="Container-Base-Generic-Minimal,Container-Base-Generic">
<type image="tbz"/>
<timezone>Etc/UTC</timezone>
<locale>en_US</locale>
<rpm-locale-filtering>true</rpm-locale-filtering>
<rpm-excludedocs>true</rpm-excludedocs>
</preferences>
<preferences profiles="Container-Toolbox">
<type image="tbz"/>
<timezone>Etc/UTC</timezone>
<locale>en_US</locale>
<rpm-locale-filtering>false</rpm-locale-filtering>
<rpm-excludedocs>false</rpm-excludedocs>
</preferences>
<packages type="bootstrap" profiles="ContainerCore">
<ignore name="dosfstools"/>
<ignore name="e2fsprogs"/>
<ignore name="fuse-libs"/>
<ignore name="gnupg2-smime"/>
<ignore name="libss"/> <!-- used by e2fsprogs -->
<ignore name="kernel"/>
<ignore name="*-firmware"/>
<ignore name="geolite2-city"/>
<ignore name="geolite2-country"/>
<ignore name="pinentry"/>
<ignore name="shared-mime-info"/>
<ignore name="pinentry"/>
<ignore name="trousers"/>
<ignore name="xkeyboard-config"/>
<ignore name="grubby"/>
<ignore name="langpacks-en_GB"/>
<!-- https://bugzilla.redhat.com/show_bug.cgi?id=1951111 -->
<ignore name="util-linux"/>
<ignore name="sssd-client"/>
<package name="fedora-release-container"/>
<package name="bash"/>
<package name="coreutils"/>
<package name="rpm"/>
</packages>
<packages type="bootstrap" profiles="Container-Base-Generic-Minimal">
<ignore name="glibc-langpack-en"/>
<ignore name="langpacks-en"/>
<ignore name="tzdata"/>
<package name="microdnf"/>
<package name="glibc-minimal-langpack"/>
</packages>
<packages type="bootstrap" profiles="Container-Base-Generic">
<ignore name="glibc-langpack-en"/>
<ignore name="langpacks-en"/>
<package name="rootfiles"/>
<package name="tar"/> <!-- https://bugzilla.redhat.com/show_bug.cgi?id=1409920 -->
<package name="vim-minimal"/>
<package name="dnf"/>
<package name="dnf-yum"/> <!-- https://pagure.io/fesco/issue/1312#comment-30991 -->
<package name="glibc-minimal-langpack"/>
<package name="tzdata"/>
</packages>
<packages type="image" patternType="plusRecommended" profiles="Container-Toolbox">
<!-- This is a weak dep of systemd, we do not want this in the container;
see: https://github.com/containers/toolbox/issues/1410 -->
<ignore name="systemd-resolved"/>
<package name="acl"/>
<package name="bash"/>
<package name="bash-completion"/>
<package name="bc"/>
<package name="bzip2"/>
<package name="coreutils-common"/>
<package name="curl"/>
<package name="default-editor"/>
<package name="diffutils"/>
<package name="dnf"/>
<package name="dnf-yum"/> <!-- https://pagure.io/fesco/issue/1312#comment-30991 -->
<package name="dnf-plugins-core"/>
<package name="findutils"/>
<package name="flatpak-spawn"/>
<package name="fpaste"/>
<package name="gawk"/>
<package name="git"/>
<package name="glibc-all-langpacks"/>
<package name="gnupg2"/>
<package name="gnupg2-smime"/>
<package name="grep"/>
<package name="gvfs-client"/>
<package name="gzip"/>
<package name="hostname"/>
<package name="iproute"/>
<package name="iputils"/>
<package name="keyutils"/>
<package name="krb5-libs"/>
<package name="less"/>
<package name="libcap"/>
<package name="lsof"/>
<package name="man-db"/>
<package name="man-pages"/>
<package name="mesa-dri-drivers"/>
<package name="mesa-va-drivers"/>
<package name="mesa-vulkan-drivers"/>
<package name="mtr"/>
<package name="nss-mdns"/>
<package name="openssh-clients"/>
<package name="openssl"/>
<package name="p11-kit"/>
<package name="pam"/>
<package name="passwd"/>
<package name="pigz"/>
<package name="procps-ng"/>
<package name="psmisc"/>
<package name="python3"/>
<package name="rootfiles"/>
<package name="rsync"/>
<package name="sed"/>
<package name="shadow-utils"/>
<package name="sudo"/>
<package name="tar"/> <!-- https://bugzilla.redhat.com/show_bug.cgi?id=1409920 -->
<package name="tcpdump"/>
<package name="time"/>
<package name="traceroute"/>
<package name="tree"/>
<package name="tzdata"/>
<package name="unzip"/>
<package name="util-linux"/>
<package name="util-linux-core"/>
<package name="vim-enhanced"/>
<package name="vte-profile"/>
<package name="vulkan-loader"/>
<package name="wget"/>
<package name="which"/>
<package name="whois"/>
<package name="words"/>
<package name="xorg-x11-xauth"/>
<package name="xz"/>
<package name="zip"/>
<package name="zstd"/>
</packages>
</image>

View File

@ -0,0 +1,8 @@
summary: Build Minimal Generic base container image
discover:
how: fmf
environment:
image_type: tbz
image_profile: Container-Base-Generic-Minimal
execute:
how: tmt

View File

@ -0,0 +1,8 @@
summary: Build Generic base container image
discover:
how: fmf
environment:
image_type: tbz
image_profile: Container-Base-Generic
execute:
how: tmt

View File

@ -0,0 +1,8 @@
summary: Build Toolbox container image
discover:
how: fmf
environment:
image_type: tbz
image_profile: Container-Toolbox
execute:
how: tmt