Live image stuff

manifest.yaml

@@ -1,13 +1,19 @@
-ref: rocky/${basearch}/ostree
+ref: rocky/${basearch}/ostree/${stream}
 rojig:
   name: rocky-ostree
-  summary: "Rocky Linux Ostree"
+  summary: "Rocky Linux OSTree ${stream}"
   license: MIT
+
+add-commit-metadata:
+  rocky-core.stream: ${stream}
+
 packages:
   - rocky-release
 
 releasever: 8
 
+recommends: false
+
 variables:
   stream: testing
   prod: false

manifests/rocky-ostree-base.yaml

@@ -34,8 +34,106 @@ units:
   - getty@tty1.service
 
 
+# Integration with bootupd
+packages:
+  - bootupd
+
+postprocess:
+  - |
+    #!/bin/bash
+    set -xeuo pipefail
+    # Until we have https://github.com/coreos/rpm-ostree/pull/2275
+    mkdir -p /run
+    # Transforms /usr/lib/ostree-boot into a bootupd-compatible update payload
+    /usr/bin/bootupctl backend generate-update-metadata /
+
+
+
+# This minimal base starts just from: kernel + systemd + rpm-ostree + bootloader.
+# The intent of this is to inherit from this if you are doing something highly
+# custom that e.g. might not involve Ignition or podman, but you do want
+# rpm-ostree.
+# We expect most people though using coreos-assembler to inherit from
+# fedora-coreos-base.yaml.
+packages:
+ # Kernel + systemd.
+ - kernel systemd
+ # linux-firmware now a recommends so let's explicitly include it
+ # https://gitlab.com/cki-project/kernel-ark/-/commit/32271d0cd9bd52d386eb35497c4876a8f041f70b
+ # https://src.fedoraproject.org/rpms/kernel/c/f55c3e9ed8605ff28cb9a922efbab1055947e213?branch=rawhide
+ - linux-firmware
+ # rpm-ostree
+ - rpm-ostree nss-altfiles
+
+# bootloader
+packages-aarch64:
+  - grub2-efi-aa64 efibootmgr shim
+  # firmware updates
+  - fwupd
+packages-ppc64le:
+  - grub2 ostree-grub2
+  # firmware updates
+  - fwupd
+packages-s390x:
+  # On Fedora, this is provided by s390utils-core. on RHEL, this is for now
+  # provided by s390utils-base, but soon will be -core too.
+  - /usr/sbin/zipl
+  # for Secure Execution
+  - veritysetup
 packages-x86_64:
   - grub2 grub2-efi-x64 efibootmgr shim
   - microcode_ctl
   # firmware updates
   - fwupd
+
+postprocess:
+  # See: https://github.com/coreos/fedora-coreos-tracker/issues/1253
+  #      https://bugzilla.redhat.com/show_bug.cgi?id=2112857
+  #      https://github.com/coreos/rpm-ostree/issues/3918
+  # Temporary workaround to remove the SetGID binary from liblockfile that is
+  # pulled by the s390utils but not needed for /usr/sbin/zipl.
+  - |
+    #!/usr/bin/env bash
+    set -xeuo pipefail
+    rm -f /usr/bin/dotlockfile
+exclude-packages:
+  # Exclude kernel-debug-core to make sure that it doesn't somehow get
+  # chosen as the package to satisfy the `kernel-core` dependency from
+  # the kernel package.
+  - kernel-debug-core
+
+
+# Modern defaults we want
+boot-location: modules
+tmp-is-dir: true
+
+# Required by Ignition, and makes the system not compatible with Anaconda
+machineid-compat: false
+
+packages:
+  - ignition
+  - dracut-network
+  # for encryption
+  - clevis clevis-luks clevis-dracut clevis-systemd
+
+remove-from-packages:
+  # We don't want systemd-firstboot.service. It conceptually conflicts with
+  # Ignition.  We also inject runtime bits to disable it in systemd-firstboot.service.d/fcos-disable.conf
+  # to make it easier to use systemd builds from git.
+  - [systemd, /usr/bin/systemd-firstboot,
+              /usr/lib/systemd/system/systemd-firstboot.service,
+              /usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service]
+  # We don't want auto-generated mount units. See also
+  # https://github.com/systemd/systemd/issues/13099
+  - [systemd-udev, /usr/lib/systemd/system-generators/systemd-gpt-auto-generator]
+
+postprocess:
+  # Undo RPM scripts enabling units; we want the presets to be canonical
+  # https://github.com/projectatomic/rpm-ostree/issues/1803
+  - |
+    #!/usr/bin/env bash
+    set -xeuo pipefail
+    rm -rf /etc/systemd/system/*
+    systemctl preset-all
+    rm -rf /etc/systemd/user/*
+    systemctl --user --global preset-all