diff --git a/PKGBUILD b/PKGBUILD index 029a336..94f3cbf 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -3,7 +3,7 @@ pkgname=('python-kiwi' 'kiwi-man-pages' 'dracut-kiwi-lib' 'dracut-kiwi-oem-repart' 'dracut-kiwi-oem-dump' 'dracut-kiwi-live' 'dracut-kiwi-overlay') arch=(x86_64) -pkgver=10.2.12 +pkgver=10.2.22 pkgrel=0 pkgdesc="KIWI - Appliance Builder Next Generation" url="https://github.com/SUSE/kiwi/tarball/master" @@ -12,7 +12,7 @@ makedepends=(make gcc python-build python-docopt python-installer python-lxml py provides=(kiwi-ng kiwi) source=("${pkgname}.tar.gz") changelog="${pkgname}.changes" -md5sums=('db16017d9f5ffa00eb04895a7180058d') +md5sums=('ae11c8704e18ece163e446822d6ffb4a') build() { diff --git a/kiwi-revert-bls-default-for-suse.patch b/kiwi-revert-bls-default-for-suse.patch index 4a5c403..842060f 100644 --- a/kiwi-revert-bls-default-for-suse.patch +++ b/kiwi-revert-bls-default-for-suse.patch @@ -1,25 +1,15 @@ -From b0d850842b0c8d4c98f0486f66ffd7c6e8f1a685 Mon Sep 17 00:00:00 2001 -From: Neal Gompa -Date: Thu, 2 May 2024 06:23:45 -0400 -Subject: [PATCH] Revert "kiwi/bootloader: restore backward compatibility for - grub2 with bls" - -For the time being, SUSE distributions cannot handle KIWI's default to use -BLS with GRUB2. Until they catch up, revert this. - -This reverts commit 155d969d7752d92c90c69044bdd69be70f0a1c24. ---- - kiwi/xml_state.py | 2 +- - test/unit/bootloader/config/grub2_test.py | 4 ---- - 2 files changed, 1 insertion(+), 5 deletions(-) +restore backward compatibility for grub2 with bls. +For the time being, SUSE distributions cannot handle KIWI's +default (True) to use BLS with GRUB2. Until they catch up, the +kiwi default is set to: False diff --git a/kiwi/xml_state.py b/kiwi/xml_state.py -index eb39163cd..8c3fd45f3 100644 +index 7653be284..1e72cca22 100644 --- a/kiwi/xml_state.py +++ b/kiwi/xml_state.py -@@ -1009,7 +1009,7 @@ class XMLState: +@@ -1176,7 +1176,7 @@ class XMLState: bootloader = self.get_build_type_bootloader_section() - if bootloader: + if bootloader and bootloader.get_bls() is not None: return bootloader.get_bls() - return True + return False @@ -27,10 +17,10 @@ index eb39163cd..8c3fd45f3 100644 def get_build_type_bootloader_console(self) -> List[str]: """ diff --git a/test/unit/bootloader/config/grub2_test.py b/test/unit/bootloader/config/grub2_test.py -index e9189a609..d81d76ec7 100644 +index b40362941..a2dd3106d 100644 --- a/test/unit/bootloader/config/grub2_test.py +++ b/test/unit/bootloader/config/grub2_test.py -@@ -600,7 +600,6 @@ class TestBootLoaderConfigGrub2: +@@ -629,7 +629,6 @@ class TestBootLoaderConfigGrub2: 'GRUB_BACKGROUND': '/boot/grub2/themes/openSUSE/background.png', 'GRUB_CMDLINE_LINUX_DEFAULT': '"some-cmdline"', 'GRUB_DISTRIBUTOR': '"Bob"', @@ -38,7 +28,15 @@ index e9189a609..d81d76ec7 100644 'GRUB_ENABLE_CRYPTODISK': 'y', 'GRUB_GFXMODE': '800x600', 'GRUB_SERIAL_COMMAND': '"serial --speed=38400"', -@@ -643,7 +642,6 @@ class TestBootLoaderConfigGrub2: +@@ -677,7 +676,6 @@ class TestBootLoaderConfigGrub2: + 'GRUB_BACKGROUND': '/boot/grub2/themes/openSUSE/background.png', + 'GRUB_CMDLINE_LINUX_DEFAULT': '"some-cmdline"', + 'GRUB_DISTRIBUTOR': '"Bob"', +- 'GRUB_ENABLE_BLSCFG': 'true', + 'GRUB_ENABLE_CRYPTODISK': 'y', + 'GRUB_GFXMODE': '800x600', + 'GRUB_SERIAL_COMMAND': '"serial --speed=38400"', +@@ -720,7 +718,6 @@ class TestBootLoaderConfigGrub2: call('GRUB_CMDLINE_LINUX', '"root=LABEL=some-label"'), call('GRUB_DISABLE_LINUX_UUID', 'true'), call('GRUB_DISTRIBUTOR', '"Bob"'), @@ -46,7 +44,7 @@ index e9189a609..d81d76ec7 100644 call('GRUB_ENABLE_CRYPTODISK', 'y'), call('GRUB_ENABLE_LINUX_LABEL', 'true'), call('GRUB_GFXMODE', '800x600'), -@@ -688,7 +686,6 @@ class TestBootLoaderConfigGrub2: +@@ -765,7 +762,6 @@ class TestBootLoaderConfigGrub2: call('GRUB_DISABLE_LINUX_PARTUUID', 'false'), call('GRUB_DISABLE_LINUX_UUID', 'true'), call('GRUB_DISTRIBUTOR', '"Bob"'), @@ -54,7 +52,7 @@ index e9189a609..d81d76ec7 100644 call('GRUB_ENABLE_CRYPTODISK', 'y'), call('GRUB_GFXMODE', '800x600'), call( -@@ -732,7 +729,6 @@ class TestBootLoaderConfigGrub2: +@@ -809,7 +805,6 @@ class TestBootLoaderConfigGrub2: call('GRUB_CMDLINE_LINUX_DEFAULT', '"abcd console=tty0"'), call('GRUB_DISABLE_LINUX_UUID', 'true'), call('GRUB_DISTRIBUTOR', '"Bob"'), @@ -62,6 +60,3 @@ index e9189a609..d81d76ec7 100644 call('GRUB_ENABLE_CRYPTODISK', 'y'), call('GRUB_ENABLE_LINUX_LABEL', 'true'), call('GRUB_GFXMODE', '800x600'), --- -2.44.0 - diff --git a/python-kiwi.changes b/python-kiwi.changes index abc1237..717006c 100644 --- a/python-kiwi.changes +++ b/python-kiwi.changes @@ -1,3 +1,895 @@ +------------------------------------------------------------------- +Thu May 15 14:37:57 CEST 2025 - Marcus Schäfer + +- Bump version: 10.2.21 → 10.2.22 + +------------------------------------------------------------------- +Thu May 15 09:45:14 CEST 2025 - Marcus Schäfer + +- Apply security context on writable root only + + Make sure to perform setfiles only on a writable target. In case + of a read-only root it is expected that the security context set + by kiwi in an earlier stage is complete. As there is no way to + modify data when root is read-only, there is also no way to change + the security context of any file such that we skip setfiles + in this case. Should there be a read-only system that has writable + partitions such as /boot and their content changes while the rest + of the root system is read-only it is in the responsibility of + the author of the image description to call setfiles only on + the affected and still writable files via a custom disk.sh + script. Along with the fix the respective integration test was + modified to enable selinux such that this change is actually + integration tested. This Fixes #2805 + +------------------------------------------------------------------- +Thu May 15 01:48:37 CEST 2025 - areif-dev + +- Docs: fix typo in users.rst + +------------------------------------------------------------------- +Wed May 14 18:27:36 CEST 2025 - areif-dev + +- Docs: minor punctuation and grammar fixes + +------------------------------------------------------------------- +Wed May 14 18:18:18 CEST 2025 - Marcus Schäfer + +- Give test-image-overlayroot enough space + +------------------------------------------------------------------- +Wed May 14 12:37:20 CEST 2025 - Marcus Schäfer + +- Allow ext2/ext3 as valid build target + + stat reports the value 'ext2/ext3' which is a valid target + +------------------------------------------------------------------- +Wed May 14 11:10:48 CEST 2025 - Marcus Schäfer + +- Added check_target_dir_on_unsupported_filesystem + + Add runtime check to make sure the selected target directory + for the image and/or the image rootfs lives on a filesystem + that provides all required features like extended permissions, + ACLs or xattrs. + +------------------------------------------------------------------- +Tue May 13 11:31:05 CEST 2025 - Marcus Schäfer + +- Fix rd.kiwi.oem.luks.reencrypt_randompass workflow + + When requesting a new random key prior reencryption, make + sure that this new key is referenced in the current in + memory initrd crypttab such that all subsequent + tasks e.g. luks resize have permissions to complete while + inside of this initrd instance + +------------------------------------------------------------------- +Mon May 12 16:07:12 CEST 2025 - Marcus Schäfer + +- Add support for new tarball-based WSL format + + With the new image="wsl" type one can build a WSL container + image that uses the new tarball format. This Fixes #2678 + +------------------------------------------------------------------- +Mon May 12 09:36:42 CEST 2025 - Marcus Schäfer + +- Update SL-Micro build test + + For details see: https://build.opensuse.org/request/show/1272418 + +------------------------------------------------------------------- +Mon May 12 09:27:57 CEST 2025 - Marcus Schäfer + +- Required read-only-root-fs for SL-Micro test build + + Changes from the SL-Micro team requires adaptions to the + integration test description + +------------------------------------------------------------------- +Mon May 12 09:13:41 CEST 2025 - Marcus Schäfer + +- Delete fstab.script from SL-Micro test build + + This was only needed when /var was an extra partition, but + it's a volume with copy-on-write disabled for some time + +------------------------------------------------------------------- +Mon May 12 08:49:44 CEST 2025 - Marcus Schäfer + +- Add systemd-resolved to TW integration tests + + For some reason it's not longer part of the systemd standard + installation + +------------------------------------------------------------------- +Fri May 09 11:43:48 CEST 2025 - Marcus Schäfer + +- Bump version: 10.2.20 → 10.2.21 + +------------------------------------------------------------------- +Thu May 08 21:53:34 CEST 2025 - Marcus Schäfer + +- Add dkms to test-image-embedded integration test + +------------------------------------------------------------------- +Thu May 08 19:16:09 CEST 2025 - Marcus Schäfer + +- Fixed access issue to etc/kernel for sdboot + + In case of an overlayroot setup we have to make sure + that etc/kernel is writable. This is done by a bind + mount of the ESP + +------------------------------------------------------------------- +Thu May 08 17:16:30 CEST 2025 - Marcus Schäfer + +- Update test-image-overlayroot + + Add another build using grub instead of systemd-boot and use + btrfs as write partition instead of xfs. Please note this test + requires a boot partition because grub cannot read from erofs + and unlike systemd-boot grub does not read all boot data from + the ESP. + +------------------------------------------------------------------- +Thu May 08 17:13:27 CEST 2025 - Marcus Schäfer + +- Fixed get_volume_management + + If a volume capable filesystem like btrfs is requested, there + must also be a volume definition available to report that + the volume management is actively used. Just the request of + the filesystem can also mean it's being used without volumes + like it could be the case for an overlayroot setup that + requests btrfs as write partition. + +------------------------------------------------------------------- +Thu May 08 12:01:55 CEST 2025 - Marcus Schäfer + +- Update test-image-overlayroot + + Move to systemd-boot as bootloader, activate secure boot + and drop the extra boot partition. Use XFS for the write + space + +------------------------------------------------------------------- +Thu May 08 12:01:14 CEST 2025 - Marcus Schäfer + +- Allow initrd updates on read-only devices + + Move initrd to ESP for boot loaders that reads data + from there + +------------------------------------------------------------------- +Thu May 08 11:06:45 CEST 2025 - Marcus Schäfer + +- Fix ordering issue for device assignment + + wrong assignment of a boot partition in overlayroot setup + without boot partition + +------------------------------------------------------------------- +Wed May 07 23:29:02 CEST 2025 - Marcus Schäfer + +- Add kiwi-settings package for TW + + de-blacklist erofs to allow building integration tests + with this filesystem + +------------------------------------------------------------------- +Wed May 07 23:01:58 CEST 2025 - Marcus Schäfer + +- Switch to dracut-kiwi-verity + + So far no luck with the systemd verity generator. This + commit adds the parsing of /etc/veritytab in the existing + kiwi-verity dracut module and uses it in the overlayroot + integration test. + +------------------------------------------------------------------- +Wed May 07 18:30:07 CEST 2025 - Marcus Schäfer + +- Update test-image-overlayroot integration test + + Switch to erofs for overlay testing. Additionally split the build + into two profiles. The first one just builds a simple overlayroot + oem disk based on erofs. The second one adds a veritysetup layer + and configures the systemd-veritysetup-generator for use in dracut. + This Fixes #2799 + +------------------------------------------------------------------- +Wed May 07 18:21:50 CEST 2025 - Marcus Schäfer + +- Add documentation for new attribute + + Add details how to use the new overlayroot_readonly_filesystem attribute + +------------------------------------------------------------------- +Wed May 07 18:11:45 CEST 2025 - Marcus Schäfer + +- Add support for selecting the overlay read-only fs + + Add new overlayroot_readonly_filesystem attribute which allows + to select for either squashfs or erofs as the read-only filesystem + in an OEM overlay disk setup. + +------------------------------------------------------------------- +Wed May 07 16:40:22 CEST 2025 - Marcus Schäfer + +- Fixed root setup for verity overlay disk + + When building an image with overlayroot set to true and + activated verity data, the root= parameter must be + set to root=overlay:MAPPER=verityroot instead of the standard + overlay:PARTUUID mapping. + +------------------------------------------------------------------- +Wed May 07 16:32:27 CEST 2025 - Marcus Schäfer + +- Make sure the verity record has a superblock + +------------------------------------------------------------------- +Wed May 07 15:48:12 CEST 2025 - Marcus Schäfer + +- Drop distro specific runtime check + + The check_efi_mode_for_disk_overlay_correctly_setup exists because + shim-install does not work on read-only devices. However, shim-install + is a SUSE only tool that runs a SUSE specific secure boot setup. + For other secure boot processes this runtime check is not useful. + As runtime checks aims to be generally useful, this one gets + dropped. + +------------------------------------------------------------------- +Tue May 06 09:15:55 CEST 2025 - Marcus Schäfer + +- Fix root clone size setup + + If the root_clone attribute is specified without providing a + fixed size for the system, kiwi estimates the size needed for + the root part and assigns the rest to the clone. This leads to + different partition sizes for the root clones. As per definition + of a clone the expectation is that the size is the same, this + commit changes the behavior such that the calculated size for + the system is applied to the origin root and all its clones. + As a consequence this can leave unpartitioned space free in + the image. This Fixes #2463 + +------------------------------------------------------------------- +Mon May 05 10:19:10 CEST 2025 - Marcus Schäfer + +- Bump version: 10.2.19 → 10.2.20 + +------------------------------------------------------------------- +Fri May 02 15:25:47 CEST 2025 - Marcus Schäfer + +- Fix reencryption master key passphrase + + Make sure to use the correct passphrase for the master + key such that it can be decrypted with the same credentials + as before. The credentials reset is a subsequent task + after reencryption. + +------------------------------------------------------------------- +Thu May 01 20:40:39 CEST 2025 - Marcus Schäfer + +- Bump version: 10.2.18 → 10.2.19 + +------------------------------------------------------------------- +Wed Apr 30 15:39:00 CEST 2025 - Marcus Schäfer + +- Fixed targettype setup in zipl.conf + + The special targettype set to GPT still indicates SCSI for + the zipl.conf but tells kiwi to create a GPT disk layout + +------------------------------------------------------------------- +Wed Apr 30 15:02:06 CEST 2025 - Marcus Schäfer + +- Fixed s390 integration test + + targettype attribute in wrong section + +------------------------------------------------------------------- +Wed Apr 30 12:34:27 CEST 2025 - Marcus Schäfer + +- Add support for GPT targettype on s390 + + Allow to build s390 images using GPT instead of the old DOS + partition table. zipl has added support to read from GPT. + This Fixes #2694 + +------------------------------------------------------------------- +Wed Apr 30 12:12:51 CEST 2025 - Marcus Schäfer + +- Add --no-compress option to bundler + + Allow to skip the compression for bundle files marked + to become compressed. This Fixes #2736 + +------------------------------------------------------------------- +Wed Apr 30 11:13:51 CEST 2025 - Steve Traylen + +- Rawhide (F43) has removed basesystem package + + The basesystem package was retired with rawhide (F43). + + https://src.fedoraproject.org/rpms/filesystem/pull-request/20 + +------------------------------------------------------------------- +Wed Apr 30 09:54:28 CEST 2025 - Steve Traylen + +- rawhide install shadow-utils for usermod + + Using `kiwi-ng` version 10.2.18 (EL9) + + Currently with: + + ``` + sudo kiwi-ng system build \ + --description kiwi/build-tests/x86/fedora/test-image-docker + --set-repo http://ftp.fau.de/fedora/linux/development/rawhide/Everything/x86_64/os/ \ + --target-dir /tmp/myimage1 + ``` + + This fails with: + + ``` + [ INFO ]: 09:46:38 | Setting up user root + [ INFO ]: 09:46:38 | --> Modifying user: root + [ INFO ]: 09:46:38 | --> Primary group for user root: root + [ ERROR ]: 09:46:38 | KiwiCommandError: chroot: stderr: /sbin/chroot: failed to run command ‘usermod’: No such file or directory + ``` + + Install the package `shadow-utils` to provide `usermod`. + +------------------------------------------------------------------- +Wed Apr 30 09:22:07 CEST 2025 - Marcus Schäfer + +- Fixed default bls value setup + + Fixed get_build_type_bootloader_bls behavior in case the bls + attribute is not set. In this case get_bls() returns a None value + which was returned. However in this case the attribute value + should not be taken into account and the method defined default + value for bls should be returned. This Fixes #2542 + +------------------------------------------------------------------- +Mon Apr 28 16:48:09 CEST 2025 - Marcus Schäfer + +- Bump version: 10.2.17 → 10.2.18 + +------------------------------------------------------------------- +Mon Apr 28 09:57:01 CEST 2025 - Marcus Schäfer + +- Fix setup of use_disk_password for random secret + + When using luks="random" in combination with use_disk_password="true" + the resulting cryptomount call in grub is wrong. This commit fixes it + +------------------------------------------------------------------- +Sun Apr 27 23:14:23 CEST 2025 - Neal Gompa + +- Drop copying GRUB2 modules to /boot with Secure Boot UEFI images + + Copying the modules creates a situation where future updates + applied to a running system can cause GRUB to crash due to mixed + modules and GRUB EFI binaries. + + It is not needed anyway since GRUB EFI binaries for Secure Boot have + all modules compiled into the binaries. + + Fixes: https://github.com/OSInside/kiwi/issues/2790 + +------------------------------------------------------------------- +Sun Apr 27 20:56:41 CEST 2025 - Marcus Schäfer + +- Make sure editbootinstall runs offline + + editbootinstall expects the system to be umounted + +------------------------------------------------------------------- +Sun Apr 27 20:16:20 CEST 2025 - Marcus Schäfer + +- Make sure post sync actions are in scope + +------------------------------------------------------------------- +Sun Apr 27 20:00:52 CEST 2025 - Marcus Schäfer + +- Follow up fix for overlayroot builds for EFI path + + Only perform the boot overlay if there is an extra boot partition + +------------------------------------------------------------------- +Sun Apr 27 19:34:13 CEST 2025 - Marcus Schäfer + +- Only remove entries from exclude list if present + +------------------------------------------------------------------- +Sun Apr 27 19:14:19 CEST 2025 - Marcus Schäfer + +- Fix overlayroot builds for EFI path + + make sure to keep boot/efi mountpoint directories + in the read-only area as they can't be created later + +------------------------------------------------------------------- +Sun Apr 27 18:04:27 CEST 2025 - Neal Gompa + +- doc: overview: Add list of supported Linux distributions + + These are the Linux distributions that are developed and actively + tested for with the latest kiwi releases. + + This should offer greater clarity about what we're able to support + as an upstream project. + +------------------------------------------------------------------- +Sun Apr 27 16:23:39 CEST 2025 - Marcus Schäfer + +- Fixed mount of image system for volume managers + + The ImageSystem.mount() method implemented its own handling + for mounting the volumes of a volume manager based system. + First and foremost this duplicates code that already exists + in the respective VolumeManager implementation and second + the code behaved wrong in case of btrfs when there is no + default subvolume configured + +------------------------------------------------------------------- +Sun Apr 27 14:05:43 CEST 2025 - Marcus Schäfer + +- Handle grub fix functions less strict + + If called on full read-only systems, log the information + that the files can't be modified but do not fail. On + such systems the expectation is that no fix code must + be applied and as such the fix function can be considered + an optional step. + +------------------------------------------------------------------- +Fri Apr 25 13:55:56 CEST 2025 - Marcus Schäfer + +- Fixed root setup for encrypted overlay disk + + When building an image with overlayroot set to true and + activated luks encryption, the root= parameter must be + set to root=overlay:MAPPER=luks instead of the standard + overlay:PARTUUID mapping. This Fixes #2776 + +------------------------------------------------------------------- +Fri Apr 25 12:52:12 CEST 2025 - Marcus Schäfer + +- Change suffix for package manager config files + + Use .config instead of .conf for the temporary package + manager config files. Reason for this change is a bug in + dracut which reads and executes all /*.conf files from + the system. This Fixes #2780 + +------------------------------------------------------------------- +Fri Apr 25 10:15:49 CEST 2025 - Marcus Schäfer + +- Set security context after root sync + + On selinux enabled image builds we call setfiles initially + after the root tree is complete and after each script invocation + that might change the system. However the security context + also applies to mount points e.g volumes which only exists + at the time when the root tree gets synced to the actual image + binary. Thus this commit also calls setfiles on the mounted + root tree after data sync. This Fixes rh#2333743 + +------------------------------------------------------------------- +Fri Apr 25 09:22:13 CEST 2025 - Marcus Schäfer + +- Fix broken doc link + + Rephrase chapter pointing to a documentation side at VMware. + They are constantly changing their documentation URLs that + I'm tired of fixing this. This Fixes #2782 + +------------------------------------------------------------------- +Tue Apr 22 16:03:39 CEST 2025 - Marcus Schäfer + +- Bump version: 10.2.16 → 10.2.17 + +------------------------------------------------------------------- +Tue Apr 22 14:53:39 CEST 2025 - Marcus Schäfer + +- Fix key slot selection for luks reencrypt + + Depending on the type setup for a luks encrypted image, there + might be one or two key slots available. When kiwi is requested + to perform the reencryption process at least one key-slot and + the proper keyfile/passphrase must be provided. This commit + stores the information about the key-slot number for which + a decryption information exists in the initrd. In addition to + the code change also the corresponding integration test image + was updated. + +------------------------------------------------------------------- +Tue Apr 22 09:42:00 CEST 2025 - Marcus Schäfer + +- Fixed test-image-gce integration test + + python3-gcemetadata was renamed to python-gcemetadata + +------------------------------------------------------------------- +Mon Apr 21 20:39:16 CEST 2025 - Marcus Schäfer + +- Fixed integration test builds for TW + + Request dracut explicitly when needed + +------------------------------------------------------------------- +Wed Apr 16 21:59:30 CEST 2025 - Neal Gompa + +- Add support for filtering out files from the ESP image for GRUB + + Prior to this change, KIWI blindly synced the ESP directory into the + embedded ESP image. Depending on the distribution and packages included + for the created image, this can have undesirable side-effects. + + For image builds that need some more fine-grained control over the + creation of the embedded ESP image (particularly for ISO images), + this change introduces the ability to inject an exclusion list + similar to what is used to filter out files for the root filesystem. + + Fixes: https://github.com/OSInside/kiwi/issues/2008 + Fixes: https://github.com/OSInside/kiwi/issues/2777 + +------------------------------------------------------------------- +Sun Apr 13 18:12:22 CEST 2025 - Neal Gompa + +- Fix bundle extension for container types + + When building result files that use container types like oci or docker, + kiwi creates them as archive tarballs with an extension prefix to + indicate the special nature of the archive. However, the bundler + code does not retain the prefix, which results in the wrong file + extension for these archives. + + This change adds exceptions for these types and refactors the + exception handling to unify it with the Vagrant image filename + handling, which operates similarly. + + Fixes: https://github.com/OSInside/kiwi/issues/2628 + +------------------------------------------------------------------- +Fri Apr 11 10:47:44 CEST 2025 - Marcus Schäfer + +- Update LOADER_TYPE setup for grub + + If the bootloader attribute: bls is set to true, make sure + the LOADER_TYPE changes to grub2-bls. This is related to + Issue #2773 + +------------------------------------------------------------------- +Thu Apr 10 12:05:13 CEST 2025 - Marcus Schäfer + +- Fix Agama PXE build + + A bootloader setup is needed to create config.bootoptions + Even though a ramdisk deployment does not require a bootloader + setup we need it because part of the setup is the root device + reference which is still needed to pivot root into the + system + +------------------------------------------------------------------- +Thu Apr 10 11:41:21 CEST 2025 - Marcus Schäfer + +- Fix firmware setting for Agama PXE image + +------------------------------------------------------------------- +Thu Apr 10 11:34:06 CEST 2025 - Marcus Schäfer + +- Added obs BUILD_FLAVOR for agama + + Required for multibuild (multiple profiles) build + +------------------------------------------------------------------- +Thu Apr 10 09:14:53 CEST 2025 - Marcus Schäfer + +- Update Agama integration test + + Split the build into two profiles ISO and PXE to differentiate + the build results into a small Agama for remote installations + and a standard Agama for iso based installations + +------------------------------------------------------------------- +Wed Apr 09 17:04:48 CEST 2025 - Marcus Schäfer + +- Prevent loading unused data in oem deployment + + In case rd.kiwi.ramdisk is used as part of a remote deployment + setup, it's not needed to load the system kernel and initrd + because it's not used as kexec is not called with the system + deployed into memory. For ramdisk deployments the system is + booted using the currently active kernel and initrd and as + such we can avoid loading an extra kernel and initrd for + booting the system via kexec. + +------------------------------------------------------------------- +Wed Apr 09 16:38:23 CEST 2025 - Marcus Schäfer + +- Update Agama integration test + + Make use of in the Agama integration test + +------------------------------------------------------------------- +Wed Apr 09 16:31:04 CEST 2025 - Marcus Schäfer + +- Added element + + So far it was only possible to specify the size of the ramdisk + via the kernel commandline option: ramdisk_size. In a remote + deployment it was therefore required to carry this size as a + mandatory information to the deployment server. With this commit + we allow to specify the size for the ramdisk to be configured as + part of the image configuration which makes this information + also available inside of the initrd. If provided the ramdisk_size + kernel commandline option still takes precedence over the + setting to avoid any behavior change and to + still allow dynamic overrides of the ramdisk size. + +------------------------------------------------------------------- +Tue Apr 08 20:04:58 CEST 2025 - Marcus Schäfer + +- reinstall bootstrap packs in image phase for apt + + Due to the special bootstrap process, the packages unpacked + during bootstrap are not properly listed in the apt index. + Therefore the bootstrap packages are added to the install + phase which causes an install of this packages again to + fix the apt index and provide a consistent system from + an apt perspective. This Fixes #2768 + +------------------------------------------------------------------- +Mon Apr 07 12:24:43 CEST 2025 - Marcus Schäfer + +- Fixed restore of keyfile after reencryption + + When kiwi runs the reencryption it also restores an eventual + existing keyfile. However if the option rd.kiwi.oem.luks.reencrypt_randompass + is specified no former keyfile should be restored. The purpose + of reencrypt_randompass is to make sure only this in memory + passphrase can access the luks pool such that tooling at boot + time gets the opportunity to work with the luks pool for e.g. + setting up a TPM key or set a passphrase only known to the user. + +------------------------------------------------------------------- +Fri Apr 04 10:04:07 CEST 2025 - Marcus Schäfer + +- Update dracut kiwi-lib module setup + + Make sure all tools used in code are requested for inclusion + +------------------------------------------------------------------- +Fri Apr 04 00:23:13 CEST 2025 - Rüdiger Oertel + +- keep /usr/bin/sha256sum + + dropping md5sum was okay, but now we need + the current tool to verify the checksum + +------------------------------------------------------------------- +Thu Apr 03 11:58:03 CEST 2025 - Marcus Schäfer + +- Restrict keyfile permissions + + For reencrypt in combination with rd.kiwi.oem.luks.reencrypt_randompass + make sure that the temporary random pass keyfile has 0400 root + owned access permissions set + +------------------------------------------------------------------- +Wed Apr 02 14:12:05 CEST 2025 - Neal Gompa + +- package: Add kiwi-image:oci Provides to -systemdeps-containers + + This allows the Open Build Service to correctly resolve dependencies + when building OCI images. + +------------------------------------------------------------------- +Wed Apr 02 11:09:45 CEST 2025 - Marcus Schäfer + +- Better logging which kiwi file is read + + Improve the log message that tells about reading the + kiwi config file to actually show the file path that + is read in. This is especially an issue if more than + one kiwi file is read in during the build process. + +------------------------------------------------------------------- +Wed Apr 02 10:56:02 CEST 2025 - Rüdiger Oertel + +- also keep the ts binary, might be needed to provide timestamped logfiles + +------------------------------------------------------------------- +Tue Apr 01 15:10:12 CEST 2025 - Marcus Schäfer + +- Update documentation + + Add information about new apk (Alpine) support + +------------------------------------------------------------------- +Mon Mar 31 21:52:03 CEST 2025 - Marcus Schäfer + +- Add support for Alpine + + Add apk repository and package manager support and provide + an integration test build for the Alpine distribution + +------------------------------------------------------------------- +Mon Mar 31 16:22:10 CEST 2025 - Marcus Schäfer + +- Fix F824 flake check for global assignments + +------------------------------------------------------------------- +Mon Mar 31 16:09:11 CEST 2025 - Marcus Schäfer + +- Use metalink repos for local test builds + +------------------------------------------------------------------- +Sat Mar 29 15:46:07 CET 2025 - Neal Gompa + +- schema: Allow C as a valid locale + + It should be permitted to set the "C.UTF-8" locale for minimal images + that are not preloaded with locales. The "C.UTF-8" locale has been + supported in Linux distributions for many years. + +------------------------------------------------------------------- +Tue Mar 25 13:13:00 CET 2025 - Marcus Schäfer + +- Bump version: 10.2.15 → 10.2.16 + +------------------------------------------------------------------- +Tue Mar 25 11:35:09 CET 2025 - Marcus Schäfer + +- Support sourcetype setting on the commandline + + Allow to specifiy the sourcetype(metalink|baseurl|mirrorlist) + also on the commandline via --set-repo/--add-repo options. So + far this was only possible as part of the kiwi description file + +------------------------------------------------------------------- +Tue Mar 25 08:40:22 CET 2025 - Marcus Schäfer + +- Bump version: 10.2.14 → 10.2.15 + +------------------------------------------------------------------- +Tue Mar 25 08:39:18 CET 2025 - Marcus Schäfer + +- Fix gh-pages deployment + + poetry install was not called, thus sphinx was not present + +------------------------------------------------------------------- +Tue Mar 25 08:30:11 CET 2025 - Marcus Schäfer + +- Bump version: 10.2.13 → 10.2.14 + +------------------------------------------------------------------- +Mon Mar 24 19:10:07 CET 2025 - Marcus Schäfer + +- Drop use of travis-sphinx + + According to the documentation of peaceiris/actions-gh-pages + the sphinx-build output can be directly consumed to publish + to github pages + +------------------------------------------------------------------- +Mon Mar 24 18:22:59 CET 2025 - Marcus Schäfer + +- Allow stderr data in CommandProcess + + Enhance poll_show_progress() method to allow polling on + stderr data too. The new parameter with_stderr is used + together with the dnf5 package manager. dnf5 has changed + in a way that a lot of useful information during the + install of packages is printed to stderr. From my perspective + a clear regression to former behavior but we can fix this + in kiwi to poll on both channels. This Fixes #2748 + +------------------------------------------------------------------- +Mon Mar 24 15:06:02 CET 2025 - Marcus Schäfer + +- Support arch attribute for section + + Allow to setup users per arch. This Fixes #2737 + +------------------------------------------------------------------- +Mon Mar 24 09:35:57 CET 2025 - Marcus Schäfer + +- Add Debian_12_update repo for testing with typer + + Even though we will add support for the typer Cli with kiwi-11 + I want our integration test images to be able to build with the + open PR #2751. Debian 12 is the only target in the support matrix + which uses a too old veryion of typer. Therefore to be able to + test this target I built a newer version of typer in an update + repo for Debian 12 and added it to the integration test + description + +------------------------------------------------------------------- +Fri Mar 21 21:18:08 CET 2025 - Marcus Schäfer + +- Fixed python3_sitelib for debbuild in OBS + +------------------------------------------------------------------- +Fri Mar 21 08:46:32 CET 2025 - Marcus Schäfer + +- Fixed test-image-agama + + Service setup-systemd-proxy-env.path no longer exists + +------------------------------------------------------------------- +Wed Mar 12 10:22:46 CET 2025 - Marcus Schäfer + +- Explicitly request shadow-utils + + Make sure shadow-utils gets installed for rawhide + integration tests + +------------------------------------------------------------------- +Wed Mar 12 09:12:36 CET 2025 - Marcus Schäfer + +- Drop test-image-suse-on-dnf test + + This was just a "can this work" test but has no real + relevance for users since nobody would use dnf to build + a suse image, there is also no help when it does not + work. So let's drop this test build + +------------------------------------------------------------------- +Thu Mar 06 11:32:25 CET 2025 - Marcus Schäfer + +- distutils sysconfig is deprecated + + Move to sysconfig module + +------------------------------------------------------------------- +Tue Mar 04 11:01:21 CET 2025 - Marcus Schäfer + +- Make integration tests to build outside of OBS + + Update and extend all integration tests such that they also + build outside of the Open Build Service. Along with the changes + on the descriptions a simple build-tests.sh script was added + to drive the build process. The build is based on the kiwi + boxbuild plugin in container mode to build the tests + from a given build-tests directory. A new chapter to document + how to Build the Build Tests is also provided and referenced + on the github main page. + +------------------------------------------------------------------- +Mon Mar 03 12:28:03 CET 2025 - Marcus Schäfer + +- Add rd.kiwi.oem.luks.reencrypt_randompass + + For OEM LUKS2 encrypted disk images in combination + with rd.kiwi.oem.luks.reencrypt. Reset insecure built time + passphrase with a random onetime passphrase + +------------------------------------------------------------------- +Mon Mar 03 09:40:13 CET 2025 - Marcus Schäfer + +- Bump version: 10.2.12 → 10.2.13 + +------------------------------------------------------------------- +Fri Feb 28 09:56:15 CET 2025 - Marcus Schäfer + +- Lookup CHRP loader instead of using a static name + + On ppc the CHRP loader name can vary between distributions. + This commit adds a search method to lookup different ELF + loader names. In addition an integration test image for + Fedora was added. This Fixes #2741 + ------------------------------------------------------------------- Wed Feb 26 17:39:37 CET 2025 - Marcus Schäfer @@ -418,6 +1310,11 @@ Tue Dec 10 19:14:52 CET 2024 - Neal Gompa This is a partial revert of commit daf1323c5ded7e4e7783205f5e30457b40eb322f. +------------------------------------------------------------------- +Mon Dec 09 11:04:03 CET 2024 - Marcus Schäfer + +- Fixed unit test + ------------------------------------------------------------------- Sun Dec 08 20:35:42 CET 2024 - Marcus Schäfer @@ -436,6 +1333,13 @@ Tue Dec 03 14:56:47 CET 2024 - Marcus Schäfer - Update STYLEROOT to SUSE 2022 +------------------------------------------------------------------- +Mon Dec 02 18:24:00 CET 2024 - John Paul Adrian Glaubitz + +- Add support for loongarch64 + + This Fixes #2684 + ------------------------------------------------------------------- Mon Dec 02 14:57:30 CET 2024 - Marcus Schäfer diff --git a/python-kiwi.spec b/python-kiwi.spec index 53c58ea..c719308 100644 --- a/python-kiwi.spec +++ b/python-kiwi.spec @@ -29,7 +29,11 @@ %endif %if %{undefined python3_sitelib} +%if "%{_vendor}" == "debbuild" %global python3_sitelib %(%{__python3} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())") +%else +%global python3_sitelib %(%{__python3} -c "import sysconfig; print(sysconfig.get_path('platlib'))") +%endif %endif %if %{undefined python3_version} @@ -52,7 +56,7 @@ %endif Name: python-kiwi -Version: 10.2.12 +Version: 10.2.22 Provides: kiwi-schema = 8.1 Release: 0 Url: https://github.com/OSInside/kiwi @@ -183,6 +187,7 @@ Provides: kiwi-image-docker-requires = %{version}-%{release} Obsoletes: kiwi-image-docker-requires < %{version}-%{release} %if "%{_vendor}" != "debbuild" Provides: kiwi-image:docker +Provides: kiwi-image:oci %endif %if 0%{?suse_version} Requires: umoci @@ -202,6 +207,7 @@ Provides: kiwi-image-wsl-requires = %{version}-%{release} Obsoletes: kiwi-image-wsl-requires < %{version}-%{release} %if "%{_vendor}" != "debbuild" Provides: kiwi-image:appx +Provides: kiwi-image:wsl %endif %if 0%{?suse_version} Requires: fb-util-for-appx diff --git a/python-kiwi.tar.gz b/python-kiwi.tar.gz index 8088f5e..70140ec 100644 --- a/python-kiwi.tar.gz +++ b/python-kiwi.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:af5616b257f0c0542b3944b55beaa8edf12a3936eb6f8b371f85a0ae39b1def1 -size 1056389 +oid sha256:853a1a8ca38f77f86365421a9e61f55b29abaff774e9c5b69964326b90cb4953 +size 1068042