ALP-pool/python-kiwi
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sync from SUSE:ALP:Source:Standard:1.0 python-kiwi revision d1408ae36a7b8bcc929b0693fdcdd3e8

Browse Source
This commit is contained in:
Adrian Schröter
2025-06-20 16:02:43 +02:00
parent 275523c511
commit 490801cca2
5 changed files with 935 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

904
python-kiwi.changes
View File

@@ -1,3 +1,895 @@
-------------------------------------------------------------------
Thu May 15 14:37:57 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Bump version: 10.2.21 → 10.2.22
-------------------------------------------------------------------
Thu May 15 09:45:14 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Apply security context on writable root only
Make sure to perform setfiles only on a writable target. In case
of a read-only root it is expected that the security context set
by kiwi in an earlier stage is complete. As there is no way to
modify data when root is read-only, there is also no way to change
the security context of any file such that we skip setfiles
in this case. Should there be a read-only system that has writable
partitions such as /boot and their content changes while the rest
of the root system is read-only it is in the responsibility of
the author of the image description to call setfiles only on
the affected and still writable files via a custom disk.sh
script. Along with the fix the respective integration test was
modified to enable selinux such that this change is actually
integration tested. This Fixes #2805
-------------------------------------------------------------------
Thu May 15 01:48:37 CEST 2025 - areif-dev <aj@ajreifsnyder.com>
- Docs: fix typo in users.rst
-------------------------------------------------------------------
Wed May 14 18:27:36 CEST 2025 - areif-dev <aj@ajreifsnyder.com>
- Docs: minor punctuation and grammar fixes
-------------------------------------------------------------------
Wed May 14 18:18:18 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Give test-image-overlayroot enough space
-------------------------------------------------------------------
Wed May 14 12:37:20 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Allow ext2/ext3 as valid build target
stat reports the value 'ext2/ext3' which is a valid target
-------------------------------------------------------------------
Wed May 14 11:10:48 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Added check_target_dir_on_unsupported_filesystem
Add runtime check to make sure the selected target directory
for the image and/or the image rootfs lives on a filesystem
that provides all required features like extended permissions,
ACLs or xattrs.
-------------------------------------------------------------------
Tue May 13 11:31:05 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fix rd.kiwi.oem.luks.reencrypt_randompass workflow
When requesting a new random key prior reencryption, make
sure that this new key is referenced in the current in
memory initrd crypttab such that all subsequent
tasks e.g. luks resize have permissions to complete while
inside of this initrd instance
-------------------------------------------------------------------
Mon May 12 16:07:12 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Add support for new tarball-based WSL format
With the new image="wsl" type one can build a WSL container
image that uses the new tarball format. This Fixes #2678
-------------------------------------------------------------------
Mon May 12 09:36:42 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Update SL-Micro build test
For details see: https://build.opensuse.org/request/show/1272418
-------------------------------------------------------------------
Mon May 12 09:27:57 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Required read-only-root-fs for SL-Micro test build
Changes from the SL-Micro team requires adaptions to the
integration test description
-------------------------------------------------------------------
Mon May 12 09:13:41 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Delete fstab.script from SL-Micro test build
This was only needed when /var was an extra partition, but
it's a volume with copy-on-write disabled for some time
-------------------------------------------------------------------
Mon May 12 08:49:44 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Add systemd-resolved to TW integration tests
For some reason it's not longer part of the systemd standard
installation
-------------------------------------------------------------------
Fri May 09 11:43:48 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Bump version: 10.2.20 → 10.2.21
-------------------------------------------------------------------
Thu May 08 21:53:34 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Add dkms to test-image-embedded integration test
-------------------------------------------------------------------
Thu May 08 19:16:09 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fixed access issue to etc/kernel for sdboot
In case of an overlayroot setup we have to make sure
that etc/kernel is writable. This is done by a bind
mount of the ESP
-------------------------------------------------------------------
Thu May 08 17:16:30 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Update test-image-overlayroot
Add another build using grub instead of systemd-boot and use
btrfs as write partition instead of xfs. Please note this test
requires a boot partition because grub cannot read from erofs
and unlike systemd-boot grub does not read all boot data from
the ESP.
-------------------------------------------------------------------
Thu May 08 17:13:27 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fixed get_volume_management
If a volume capable filesystem like btrfs is requested, there
must also be a volume definition available to report that
the volume management is actively used. Just the request of
the filesystem can also mean it's being used without volumes
like it could be the case for an overlayroot setup that
requests btrfs as write partition.
-------------------------------------------------------------------
Thu May 08 12:01:55 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Update test-image-overlayroot
Move to systemd-boot as bootloader, activate secure boot
and drop the extra boot partition. Use XFS for the write
space
-------------------------------------------------------------------
Thu May 08 12:01:14 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Allow initrd updates on read-only devices
Move initrd to ESP for boot loaders that reads data
from there
-------------------------------------------------------------------
Thu May 08 11:06:45 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fix ordering issue for device assignment
wrong assignment of a boot partition in overlayroot setup
without boot partition
-------------------------------------------------------------------
Wed May 07 23:29:02 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Add kiwi-settings package for TW
de-blacklist erofs to allow building integration tests
with this filesystem
-------------------------------------------------------------------
Wed May 07 23:01:58 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Switch to dracut-kiwi-verity
So far no luck with the systemd verity generator. This
commit adds the parsing of /etc/veritytab in the existing
kiwi-verity dracut module and uses it in the overlayroot
integration test.
-------------------------------------------------------------------
Wed May 07 18:30:07 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Update test-image-overlayroot integration test
Switch to erofs for overlay testing. Additionally split the build
into two profiles. The first one just builds a simple overlayroot
oem disk based on erofs. The second one adds a veritysetup layer
and configures the systemd-veritysetup-generator for use in dracut.
This Fixes #2799
-------------------------------------------------------------------
Wed May 07 18:21:50 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Add documentation for new attribute
Add details how to use the new overlayroot_readonly_filesystem attribute
-------------------------------------------------------------------
Wed May 07 18:11:45 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Add support for selecting the overlay read-only fs
Add new overlayroot_readonly_filesystem attribute which allows
to select for either squashfs or erofs as the read-only filesystem
in an OEM overlay disk setup.
-------------------------------------------------------------------
Wed May 07 16:40:22 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fixed root setup for verity overlay disk
When building an image with overlayroot set to true and
activated verity data, the root= parameter must be
set to root=overlay:MAPPER=verityroot instead of the standard
overlay:PARTUUID mapping.
-------------------------------------------------------------------
Wed May 07 16:32:27 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Make sure the verity record has a superblock
-------------------------------------------------------------------
Wed May 07 15:48:12 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Drop distro specific runtime check
The check_efi_mode_for_disk_overlay_correctly_setup exists because
shim-install does not work on read-only devices. However, shim-install
is a SUSE only tool that runs a SUSE specific secure boot setup.
For other secure boot processes this runtime check is not useful.
As runtime checks aims to be generally useful, this one gets
dropped.
-------------------------------------------------------------------
Tue May 06 09:15:55 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fix root clone size setup
If the root_clone attribute is specified without providing a
fixed size for the system, kiwi estimates the size needed for
the root part and assigns the rest to the clone. This leads to
different partition sizes for the root clones. As per definition
of a clone the expectation is that the size is the same, this
commit changes the behavior such that the calculated size for
the system is applied to the origin root and all its clones.
As a consequence this can leave unpartitioned space free in
the image. This Fixes #2463
-------------------------------------------------------------------
Mon May 05 10:19:10 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Bump version: 10.2.19 → 10.2.20
-------------------------------------------------------------------
Fri May 02 15:25:47 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fix reencryption master key passphrase
Make sure to use the correct passphrase for the master
key such that it can be decrypted with the same credentials
as before. The credentials reset is a subsequent task
after reencryption.
-------------------------------------------------------------------
Thu May 01 20:40:39 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Bump version: 10.2.18 → 10.2.19
-------------------------------------------------------------------
Wed Apr 30 15:39:00 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fixed targettype setup in zipl.conf
The special targettype set to GPT still indicates SCSI for
the zipl.conf but tells kiwi to create a GPT disk layout
-------------------------------------------------------------------
Wed Apr 30 15:02:06 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fixed s390 integration test
targettype attribute in wrong section
-------------------------------------------------------------------
Wed Apr 30 12:34:27 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Add support for GPT targettype on s390
Allow to build s390 images using GPT instead of the old DOS
partition table. zipl has added support to read from GPT.
This Fixes #2694
-------------------------------------------------------------------
Wed Apr 30 12:12:51 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Add --no-compress option to bundler
Allow to skip the compression for bundle files marked
to become compressed. This Fixes #2736
-------------------------------------------------------------------
Wed Apr 30 11:13:51 CEST 2025 - Steve Traylen <straylen@stevekiwi.cern.ch>
- Rawhide (F43) has removed basesystem package
The basesystem package was retired with rawhide (F43).
https://src.fedoraproject.org/rpms/filesystem/pull-request/20
-------------------------------------------------------------------
Wed Apr 30 09:54:28 CEST 2025 - Steve Traylen <steve.traylen@cern.ch>
- rawhide install shadow-utils for usermod
Using `kiwi-ng` version 10.2.18 (EL9)
Currently with:
```
sudo kiwi-ng system build \
--description kiwi/build-tests/x86/fedora/test-image-docker
--set-repo http://ftp.fau.de/fedora/linux/development/rawhide/Everything/x86_64/os/ \
--target-dir /tmp/myimage1
```
This fails with:
```
[ INFO ]: 09:46:38 | Setting up user root
[ INFO ]: 09:46:38 | --> Modifying user: root
[ INFO ]: 09:46:38 | --> Primary group for user root: root
[ ERROR ]: 09:46:38 | KiwiCommandError: chroot: stderr: /sbin/chroot: failed to run command usermod: No such file or directory
```
Install the package `shadow-utils` to provide `usermod`.
-------------------------------------------------------------------
Wed Apr 30 09:22:07 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fixed default bls value setup
Fixed get_build_type_bootloader_bls behavior in case the bls
attribute is not set. In this case get_bls() returns a None value
which was returned. However in this case the attribute value
should not be taken into account and the method defined default
value for bls should be returned. This Fixes #2542
-------------------------------------------------------------------
Mon Apr 28 16:48:09 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Bump version: 10.2.17 → 10.2.18
-------------------------------------------------------------------
Mon Apr 28 09:57:01 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fix setup of use_disk_password for random secret
When using luks="random" in combination with use_disk_password="true"
the resulting cryptomount call in grub is wrong. This commit fixes it
-------------------------------------------------------------------
Sun Apr 27 23:14:23 CEST 2025 - Neal Gompa <ngompa@velocitylimitless.com>
- Drop copying GRUB2 modules to /boot with Secure Boot UEFI images
Copying the modules creates a situation where future updates
applied to a running system can cause GRUB to crash due to mixed
modules and GRUB EFI binaries.
It is not needed anyway since GRUB EFI binaries for Secure Boot have
all modules compiled into the binaries.
Fixes: https://github.com/OSInside/kiwi/issues/2790
-------------------------------------------------------------------
Sun Apr 27 20:56:41 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Make sure editbootinstall runs offline
editbootinstall expects the system to be umounted
-------------------------------------------------------------------
Sun Apr 27 20:16:20 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Make sure post sync actions are in scope
-------------------------------------------------------------------
Sun Apr 27 20:00:52 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Follow up fix for overlayroot builds for EFI path
Only perform the boot overlay if there is an extra boot partition
-------------------------------------------------------------------
Sun Apr 27 19:34:13 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Only remove entries from exclude list if present
-------------------------------------------------------------------
Sun Apr 27 19:14:19 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fix overlayroot builds for EFI path
make sure to keep boot/efi mountpoint directories
in the read-only area as they can't be created later
-------------------------------------------------------------------
Sun Apr 27 18:04:27 CEST 2025 - Neal Gompa <ngompa@velocitylimitless.com>
- doc: overview: Add list of supported Linux distributions
These are the Linux distributions that are developed and actively
tested for with the latest kiwi releases.
This should offer greater clarity about what we're able to support
as an upstream project.
-------------------------------------------------------------------
Sun Apr 27 16:23:39 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fixed mount of image system for volume managers
The ImageSystem.mount() method implemented its own handling
for mounting the volumes of a volume manager based system.
First and foremost this duplicates code that already exists
in the respective VolumeManager implementation and second
the code behaved wrong in case of btrfs when there is no
default subvolume configured
-------------------------------------------------------------------
Sun Apr 27 14:05:43 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Handle grub fix functions less strict
If called on full read-only systems, log the information
that the files can't be modified but do not fail. On
such systems the expectation is that no fix code must
be applied and as such the fix function can be considered
an optional step.
-------------------------------------------------------------------
Fri Apr 25 13:55:56 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fixed root setup for encrypted overlay disk
When building an image with overlayroot set to true and
activated luks encryption, the root= parameter must be
set to root=overlay:MAPPER=luks instead of the standard
overlay:PARTUUID mapping. This Fixes #2776
-------------------------------------------------------------------
Fri Apr 25 12:52:12 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Change suffix for package manager config files
Use .config instead of .conf for the temporary package
manager config files. Reason for this change is a bug in
dracut which reads and executes all /*.conf files from
the system. This Fixes #2780
-------------------------------------------------------------------
Fri Apr 25 10:15:49 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Set security context after root sync
On selinux enabled image builds we call setfiles initially
after the root tree is complete and after each script invocation
that might change the system. However the security context
also applies to mount points e.g volumes which only exists
at the time when the root tree gets synced to the actual image
binary. Thus this commit also calls setfiles on the mounted
root tree after data sync. This Fixes rh#2333743
-------------------------------------------------------------------
Fri Apr 25 09:22:13 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fix broken doc link
Rephrase chapter pointing to a documentation side at VMware.
They are constantly changing their documentation URLs that
I'm tired of fixing this. This Fixes #2782
-------------------------------------------------------------------
Tue Apr 22 16:03:39 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Bump version: 10.2.16 → 10.2.17
-------------------------------------------------------------------
Tue Apr 22 14:53:39 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fix key slot selection for luks reencrypt
Depending on the type setup for a luks encrypted image, there
might be one or two key slots available. When kiwi is requested
to perform the reencryption process at least one key-slot and
the proper keyfile/passphrase must be provided. This commit
stores the information about the key-slot number for which
a decryption information exists in the initrd. In addition to
the code change also the corresponding integration test image
was updated.
-------------------------------------------------------------------
Tue Apr 22 09:42:00 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fixed test-image-gce integration test
python3-gcemetadata was renamed to python-gcemetadata
-------------------------------------------------------------------
Mon Apr 21 20:39:16 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fixed integration test builds for TW
Request dracut explicitly when needed
-------------------------------------------------------------------
Wed Apr 16 21:59:30 CEST 2025 - Neal Gompa <ngompa@velocitylimitless.com>
- Add support for filtering out files from the ESP image for GRUB
Prior to this change, KIWI blindly synced the ESP directory into the
embedded ESP image. Depending on the distribution and packages included
for the created image, this can have undesirable side-effects.
For image builds that need some more fine-grained control over the
creation of the embedded ESP image (particularly for ISO images),
this change introduces the ability to inject an exclusion list
similar to what is used to filter out files for the root filesystem.
Fixes: https://github.com/OSInside/kiwi/issues/2008
Fixes: https://github.com/OSInside/kiwi/issues/2777
-------------------------------------------------------------------
Sun Apr 13 18:12:22 CEST 2025 - Neal Gompa <ngompa@velocitylimitless.com>
- Fix bundle extension for container types
When building result files that use container types like oci or docker,
kiwi creates them as archive tarballs with an extension prefix to
indicate the special nature of the archive. However, the bundler
code does not retain the prefix, which results in the wrong file
extension for these archives.
This change adds exceptions for these types and refactors the
exception handling to unify it with the Vagrant image filename
handling, which operates similarly.
Fixes: https://github.com/OSInside/kiwi/issues/2628
-------------------------------------------------------------------
Fri Apr 11 10:47:44 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Update LOADER_TYPE setup for grub
If the bootloader attribute: bls is set to true, make sure
the LOADER_TYPE changes to grub2-bls. This is related to
Issue #2773
-------------------------------------------------------------------
Thu Apr 10 12:05:13 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fix Agama PXE build
A bootloader setup is needed to create config.bootoptions
Even though a ramdisk deployment does not require a bootloader
setup we need it because part of the setup is the root device
reference which is still needed to pivot root into the
system
-------------------------------------------------------------------
Thu Apr 10 11:41:21 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fix firmware setting for Agama PXE image
-------------------------------------------------------------------
Thu Apr 10 11:34:06 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Added obs BUILD_FLAVOR for agama
Required for multibuild (multiple profiles) build
-------------------------------------------------------------------
Thu Apr 10 09:14:53 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Update Agama integration test
Split the build into two profiles ISO and PXE to differentiate
the build results into a small Agama for remote installations
and a standard Agama for iso based installations
-------------------------------------------------------------------
Wed Apr 09 17:04:48 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Prevent loading unused data in oem deployment
In case rd.kiwi.ramdisk is used as part of a remote deployment
setup, it's not needed to load the system kernel and initrd
because it's not used as kexec is not called with the system
deployed into memory. For ramdisk deployments the system is
booted using the currently active kernel and initrd and as
such we can avoid loading an extra kernel and initrd for
booting the system via kexec.
-------------------------------------------------------------------
Wed Apr 09 16:38:23 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Update Agama integration test
Make use of <oem-ramdisk-size> in the Agama integration test
-------------------------------------------------------------------
Wed Apr 09 16:31:04 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Added <oem-ramdisk-size> element
So far it was only possible to specify the size of the ramdisk
via the kernel commandline option: ramdisk_size. In a remote
deployment it was therefore required to carry this size as a
mandatory information to the deployment server. With this commit
we allow to specify the size for the ramdisk to be configured as
part of the image configuration which makes this information
also available inside of the initrd. If provided the ramdisk_size
kernel commandline option still takes precedence over the
<oem-ramdisk-size> setting to avoid any behavior change and to
still allow dynamic overrides of the ramdisk size.
-------------------------------------------------------------------
Tue Apr 08 20:04:58 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- reinstall bootstrap packs in image phase for apt
Due to the special bootstrap process, the packages unpacked
during bootstrap are not properly listed in the apt index.
Therefore the bootstrap packages are added to the install
phase which causes an install of this packages again to
fix the apt index and provide a consistent system from
an apt perspective. This Fixes #2768
-------------------------------------------------------------------
Mon Apr 07 12:24:43 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fixed restore of keyfile after reencryption
When kiwi runs the reencryption it also restores an eventual
existing keyfile. However if the option rd.kiwi.oem.luks.reencrypt_randompass
is specified no former keyfile should be restored. The purpose
of reencrypt_randompass is to make sure only this in memory
passphrase can access the luks pool such that tooling at boot
time gets the opportunity to work with the luks pool for e.g.
setting up a TPM key or set a passphrase only known to the user.
-------------------------------------------------------------------
Fri Apr 04 10:04:07 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Update dracut kiwi-lib module setup
Make sure all tools used in code are requested for inclusion
-------------------------------------------------------------------
Fri Apr 04 00:23:13 CEST 2025 - Rüdiger Oertel <ro@suse.de>
- keep /usr/bin/sha256sum
dropping md5sum was okay, but now we need
the current tool to verify the checksum
-------------------------------------------------------------------
Thu Apr 03 11:58:03 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Restrict keyfile permissions
For reencrypt in combination with rd.kiwi.oem.luks.reencrypt_randompass
make sure that the temporary random pass keyfile has 0400 root
owned access permissions set
-------------------------------------------------------------------
Wed Apr 02 14:12:05 CEST 2025 - Neal Gompa <neal@gompa.dev>
- package: Add kiwi-image:oci Provides to -systemdeps-containers
This allows the Open Build Service to correctly resolve dependencies
when building OCI images.
-------------------------------------------------------------------
Wed Apr 02 11:09:45 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Better logging which kiwi file is read
Improve the log message that tells about reading the
kiwi config file to actually show the file path that
is read in. This is especially an issue if more than
one kiwi file is read in during the build process.
-------------------------------------------------------------------
Wed Apr 02 10:56:02 CEST 2025 - Rüdiger Oertel <ro@suse.de>
- also keep the ts binary, might be needed to provide timestamped logfiles
-------------------------------------------------------------------
Tue Apr 01 15:10:12 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Update documentation
Add information about new apk (Alpine) support
-------------------------------------------------------------------
Mon Mar 31 21:52:03 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Add support for Alpine
Add apk repository and package manager support and provide
an integration test build for the Alpine distribution
-------------------------------------------------------------------
Mon Mar 31 16:22:10 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fix F824 flake check for global assignments
-------------------------------------------------------------------
Mon Mar 31 16:09:11 CEST 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Use metalink repos for local test builds
-------------------------------------------------------------------
Sat Mar 29 15:46:07 CET 2025 - Neal Gompa <ngompa@velocitylimitless.com>
- schema: Allow C as a valid locale
It should be permitted to set the "C.UTF-8" locale for minimal images
that are not preloaded with locales. The "C.UTF-8" locale has been
supported in Linux distributions for many years.
-------------------------------------------------------------------
Tue Mar 25 13:13:00 CET 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Bump version: 10.2.15 → 10.2.16
-------------------------------------------------------------------
Tue Mar 25 11:35:09 CET 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Support sourcetype setting on the commandline
Allow to specifiy the sourcetype(metalink|baseurl|mirrorlist)
also on the commandline via --set-repo/--add-repo options. So
far this was only possible as part of the kiwi description file
-------------------------------------------------------------------
Tue Mar 25 08:40:22 CET 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Bump version: 10.2.14 → 10.2.15
-------------------------------------------------------------------
Tue Mar 25 08:39:18 CET 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fix gh-pages deployment
poetry install was not called, thus sphinx was not present
-------------------------------------------------------------------
Tue Mar 25 08:30:11 CET 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Bump version: 10.2.13 → 10.2.14
-------------------------------------------------------------------
Mon Mar 24 19:10:07 CET 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Drop use of travis-sphinx
According to the documentation of peaceiris/actions-gh-pages
the sphinx-build output can be directly consumed to publish
to github pages
-------------------------------------------------------------------
Mon Mar 24 18:22:59 CET 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Allow stderr data in CommandProcess
Enhance poll_show_progress() method to allow polling on
stderr data too. The new parameter with_stderr is used
together with the dnf5 package manager. dnf5 has changed
in a way that a lot of useful information during the
install of packages is printed to stderr. From my perspective
a clear regression to former behavior but we can fix this
in kiwi to poll on both channels. This Fixes #2748
-------------------------------------------------------------------
Mon Mar 24 15:06:02 CET 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Support arch attribute for <users> section
Allow to setup users per arch. This Fixes #2737
-------------------------------------------------------------------
Mon Mar 24 09:35:57 CET 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Add Debian_12_update repo for testing with typer
Even though we will add support for the typer Cli with kiwi-11
I want our integration test images to be able to build with the
open PR #2751. Debian 12 is the only target in the support matrix
which uses a too old veryion of typer. Therefore to be able to
test this target I built a newer version of typer in an update
repo for Debian 12 and added it to the integration test
description
-------------------------------------------------------------------
Fri Mar 21 21:18:08 CET 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fixed python3_sitelib for debbuild in OBS
-------------------------------------------------------------------
Fri Mar 21 08:46:32 CET 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fixed test-image-agama
Service setup-systemd-proxy-env.path no longer exists
-------------------------------------------------------------------
Wed Mar 12 10:22:46 CET 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Explicitly request shadow-utils
Make sure shadow-utils gets installed for rawhide
integration tests
-------------------------------------------------------------------
Wed Mar 12 09:12:36 CET 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Drop test-image-suse-on-dnf test
This was just a "can this work" test but has no real
relevance for users since nobody would use dnf to build
a suse image, there is also no help when it does not
work. So let's drop this test build
-------------------------------------------------------------------
Thu Mar 06 11:32:25 CET 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- distutils sysconfig is deprecated
Move to sysconfig module
-------------------------------------------------------------------
Tue Mar 04 11:01:21 CET 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Make integration tests to build outside of OBS
Update and extend all integration tests such that they also
build outside of the Open Build Service. Along with the changes
on the descriptions a simple build-tests.sh script was added
to drive the build process. The build is based on the kiwi
boxbuild plugin in container mode to build the tests
from a given build-tests directory. A new chapter to document
how to Build the Build Tests is also provided and referenced
on the github main page.
-------------------------------------------------------------------
Mon Mar 03 12:28:03 CET 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Add rd.kiwi.oem.luks.reencrypt_randompass
For OEM LUKS2 encrypted disk images in combination
with rd.kiwi.oem.luks.reencrypt. Reset insecure built time
passphrase with a random onetime passphrase
-------------------------------------------------------------------
Mon Mar 03 09:40:13 CET 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Bump version: 10.2.12 → 10.2.13
-------------------------------------------------------------------
Fri Feb 28 09:56:15 CET 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Lookup CHRP loader instead of using a static name
On ppc the CHRP loader name can vary between distributions.
This commit adds a search method to lookup different ELF
loader names. In addition an integration test image for
Fedora was added. This Fixes #2741
-------------------------------------------------------------------
Wed Feb 26 17:39:37 CET 2025 - Marcus Schäfer <marcus.schaefer@gmail.com>
@@ -418,6 +1310,11 @@ Tue Dec 10 19:14:52 CET 2024 - Neal Gompa <ngompa@velocitylimitless.com>
This is a partial revert of commit daf1323c5ded7e4e7783205f5e30457b40eb322f.
-------------------------------------------------------------------
Mon Dec 09 11:04:03 CET 2024 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Fixed unit test
-------------------------------------------------------------------
Sun Dec 08 20:35:42 CET 2024 - Marcus Schäfer <marcus.schaefer@gmail.com>
@@ -436,6 +1333,13 @@ Tue Dec 03 14:56:47 CET 2024 - Marcus Schäfer <marcus.schaefer@gmail.com>
- Update STYLEROOT to SUSE 2022
-------------------------------------------------------------------
Mon Dec 02 18:24:00 CET 2024 - John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
- Add support for loongarch64
This Fixes #2684
-------------------------------------------------------------------
Mon Dec 02 14:57:30 CET 2024 - Marcus Schäfer <marcus.schaefer@gmail.com>