From e4896c4ec79a0ce55592d62a49dd8cf0c79dfe1b8942bd2e778ac4a37bf89453 Mon Sep 17 00:00:00 2001 From: Ignaz Forster Date: Thu, 25 Jul 2024 13:14:37 +0000 Subject: [PATCH 1/3] - Apply (temporary) upstream patch from fedora-coreos-config for compatibility with systemd 256. OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=125 --- .gitattributes | 23 + .gitignore | 1 + 0001-ignore-missing-qemu-blockdev.patch | 36 + ...allow-multiple-mounts-of-same-device.patch | 78 + ...Move-the-GPT-header-on-resized-disks.patch | 30 + ...isks.service-before-systemd-fsck-roo.patch | 34 + README.SUSE | 41 + _service | 14 + _servicedata | 6 + ignition-2.19.0.tar.xz | 3 + ignition-enable-network.service | 23 + ignition-enable-network.sh | 18 + ignition-kargs-helper | 79 + ignition-mount-initrd-fstab.service | 20 + ignition-remove-reconfig_system.service | 21 + ignition-rmcfg-suse.conf | 9 + ignition-setup-user.service | 21 + ignition-setup-user.sh | 39 + ignition-suse-generator | 53 + ignition-touch-selinux-autorelabel.conf | 2 + ignition-umount-initrd-fstab.service | 12 + ignition-userconfig-timeout-arm.conf | 2 + ignition-userconfig-timeout.conf | 2 + ignition.changes | 1592 +++++++++++++++++ ignition.spec | 141 ++ module-setup.sh | 52 + 26 files changed, 2352 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 0001-ignore-missing-qemu-blockdev.patch create mode 100644 0002-allow-multiple-mounts-of-same-device.patch create mode 100644 0003-Move-the-GPT-header-on-resized-disks.patch create mode 100644 0004-Order-ignition-disks.service-before-systemd-fsck-roo.patch create mode 100644 README.SUSE create mode 100644 _service create mode 100644 _servicedata create mode 100644 ignition-2.19.0.tar.xz create mode 100644 ignition-enable-network.service create mode 100644 ignition-enable-network.sh create mode 100644 ignition-kargs-helper create mode 100644 ignition-mount-initrd-fstab.service create mode 100644 ignition-remove-reconfig_system.service create mode 100644 ignition-rmcfg-suse.conf create mode 100644 ignition-setup-user.service create mode 100644 ignition-setup-user.sh create mode 100644 ignition-suse-generator create mode 100644 ignition-touch-selinux-autorelabel.conf create mode 100644 ignition-umount-initrd-fstab.service create mode 100644 ignition-userconfig-timeout-arm.conf create mode 100644 ignition-userconfig-timeout.conf create mode 100644 ignition.changes create mode 100644 ignition.spec create mode 100644 module-setup.sh diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/0001-ignore-missing-qemu-blockdev.patch b/0001-ignore-missing-qemu-blockdev.patch new file mode 100644 index 0000000..6323207 --- /dev/null +++ b/0001-ignore-missing-qemu-blockdev.patch @@ -0,0 +1,36 @@ +From: Ignaz Forster +Date: Thu, 9 Feb 2023 16:05:27 +0100 +Upstream: Ticket opened [gh#coreos/ignition#1556] + + Continue with empty config on missing QEMU device + + The two QEMU provider implementations (fwcfg for platforms with + native support and blockdev for the others) have slightly different + behaviour: If fwcfg doesn't contain any configuration, it will just + skip ("QEMU firmware config was not found. Ignoring..."). The blockdev + provider would error out if it can't read the configuration. + + Change the behavior of the blockdev provider to match the fwcfg one + and continue with an empty configuration if the device is not there. + +diff --git a/internal/providers/qemu/qemu_blockdev.go b/internal/providers/qemu/qemu_blockdev.go +index 911eb973..11739f3e 100644 +--- a/internal/providers/qemu/qemu_blockdev.go ++++ b/internal/providers/qemu/qemu_blockdev.go +@@ -22,7 +22,6 @@ package qemu + + import ( + "bytes" +- "fmt" + "os" + "os/exec" + "time" +@@ -83,7 +83,7 @@ func fetchConfigFromBlockDevice(logger *log.Logger) ([]byte, error) { + return nil, err + } + case <-time.After(blockDeviceTimeout): +- return nil, fmt.Errorf("timed out after %v waiting for block device %q to appear", blockDeviceTimeout, ignitionBlockDevicePath) ++ logger.Info("timed out after %v waiting for block device %q to appear. Ignoring...", blockDeviceTimeout, ignitionBlockDevicePath) + } + + return bytes.TrimRight(data, "\x00"), nil diff --git a/0002-allow-multiple-mounts-of-same-device.patch b/0002-allow-multiple-mounts-of-same-device.patch new file mode 100644 index 0000000..46af785 --- /dev/null +++ b/0002-allow-multiple-mounts-of-same-device.patch @@ -0,0 +1,78 @@ +From: Ignaz Forster +Date: Wed Jan 14 17:57:52 2020 +0100 +Upstream: Ticket opened [gh#coreos/ignition#890] + + Implement poor man's solution for mounting a device multiple times, + e.g. to mount several subvolumes from a Btrfs device or bind mounting + the device to multiple places, by also adding the path to the key. + +Index: ignition-2.16.2/config/v3_1/types/filesystem.go +=================================================================== +--- ignition-2.16.2.orig/config/v3_1/types/filesystem.go ++++ ignition-2.16.2/config/v3_1/types/filesystem.go +@@ -23,6 +23,9 @@ import ( + ) + + func (f Filesystem) Key() string { ++ if (f.Path != nil) { ++ return f.Device + *f.Path ++ } + return f.Device + } + +Index: ignition-2.16.2/config/v3_2/types/filesystem.go +=================================================================== +--- ignition-2.16.2.orig/config/v3_2/types/filesystem.go ++++ ignition-2.16.2/config/v3_2/types/filesystem.go +@@ -23,6 +23,9 @@ import ( + ) + + func (f Filesystem) Key() string { ++ if (f.Path != nil) { ++ return f.Device + *f.Path ++ } + return f.Device + } + +Index: ignition-2.16.2/config/v3_3/types/filesystem.go +=================================================================== +--- ignition-2.16.2.orig/config/v3_3/types/filesystem.go ++++ ignition-2.16.2/config/v3_3/types/filesystem.go +@@ -23,6 +23,9 @@ import ( + ) + + func (f Filesystem) Key() string { ++ if (f.Path != nil) { ++ return f.Device + *f.Path ++ } + return f.Device + } + +Index: ignition-2.16.2/config/v3_4/types/filesystem.go +=================================================================== +--- ignition-2.16.2.orig/config/v3_4/types/filesystem.go ++++ ignition-2.16.2/config/v3_4/types/filesystem.go +@@ -23,6 +23,9 @@ import ( + ) + + func (f Filesystem) Key() string { ++ if (f.Path != nil) { ++ return f.Device + *f.Path ++ } + return f.Device + } + +Index: ignition-2.16.2/config/v3_5_experimental/types/filesystem.go +=================================================================== +--- ignition-2.16.2.orig/config/v3_5_experimental/types/filesystem.go ++++ ignition-2.16.2/config/v3_5_experimental/types/filesystem.go +@@ -23,6 +23,9 @@ import ( + ) + + func (f Filesystem) Key() string { ++ if (f.Path != nil) { ++ return f.Device + *f.Path ++ } + return f.Device + } + diff --git a/0003-Move-the-GPT-header-on-resized-disks.patch b/0003-Move-the-GPT-header-on-resized-disks.patch new file mode 100644 index 0000000..87e2b1b --- /dev/null +++ b/0003-Move-the-GPT-header-on-resized-disks.patch @@ -0,0 +1,30 @@ +From: Ignaz Forster +Date: Tue, 22 Aug 2023 16:13:07 +0200 +Subject: [PATCH] Move GTP header to the end on resized disk images + +Fedora CoreOS is handling the GPT move by putting flags into the disk's +GUID (see also [gh#coreos/ignition#839]) and then adjusting the root disk +in +https://github.com/coreos/fedora-coreos-config/blob/testing-devel/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh. +We are not using the CoreOS Assembler and have no reason to change the +UUID, so introducing a dracut service just to possibly move the GPT seems +like overkill. Just do so when creating new partitions. +--- + internal/sgdisk/sgdisk.go | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/internal/sgdisk/sgdisk.go b/internal/sgdisk/sgdisk.go +index 29915809..9be5a9e6 100644 +--- a/internal/sgdisk/sgdisk.go ++++ b/internal/sgdisk/sgdisk.go +@@ -138,6 +138,7 @@ func (op Operation) buildOptions() []string { + } + + for _, p := range op.parts { ++ opts = append(opts, "--move-second-header") + opts = append(opts, fmt.Sprintf("--new=%d:%s:+%s", p.Number, partitionGetStart(p), partitionGetSize(p))) + if p.Label != nil { + opts = append(opts, fmt.Sprintf("--change-name=%d:%s", p.Number, *p.Label)) +-- +2.41.0 + diff --git a/0004-Order-ignition-disks.service-before-systemd-fsck-roo.patch b/0004-Order-ignition-disks.service-before-systemd-fsck-roo.patch new file mode 100644 index 0000000..673b587 --- /dev/null +++ b/0004-Order-ignition-disks.service-before-systemd-fsck-roo.patch @@ -0,0 +1,34 @@ +From: Fabian Vogt +Date: Thu, 17 Aug 2023 13:51:24 +0200 +Subject: [PATCH] Order ignition-disks.service before systemd-fsck-root.service + +firstboot-detect.service needs initrd-root-device.target but has to be before +any ignition units, so ignition units can't use +Before=initrd-root-device.target. Use systemd-fsck-root.service and +dracut-pre-mount.service instead, which fits the comment above more anyway. +--- + dracut/30ignition/ignition-disks.service | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: ignition-2.16.2/dracut/30ignition/ignition-disks.service +=================================================================== +--- ignition-2.16.2.orig/dracut/30ignition/ignition-disks.service ++++ ignition-2.16.2/dracut/30ignition/ignition-disks.service +@@ -9,7 +9,7 @@ Before=ignition-complete.target + After=ignition-fetch.service + Before=ignition-mount.service + +-# This stage runs between `basic.target` and `initrd-root-device.target`, ++# This stage runs between `basic.target` and `systemd-fsck-root.service`, + # see https://www.freedesktop.org/software/systemd/man/bootup.html + # Make sure to run before the file system checks, as sgdisk will trigger + # udev events, potentially resulting in race conditions due to disappearing +@@ -18,7 +18,7 @@ Before=ignition-mount.service + # Note that CL runs this before `local-fs-pre.target` to allow for configs that + # completely wipe the rootfs. Though we're not there yet. But we still run + # before `sysroot.mount` on principle. +-Before=initrd-root-device.target ++Before=systemd-fsck-root.service dracut-pre-mount.service + Before=sysroot.mount + + OnFailure=emergency.target diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..cf5dded --- /dev/null +++ b/README.SUSE @@ -0,0 +1,41 @@ +Changes for openSUSE / SLE: + +* ignition-mount-initrd-fstab.service / ignition-umount-initrd-fstab.service: + Upstream Ignition will only mount partitions or subvolumes explicitly + mentioned in the Ignition configuration. A default SUSE system, however, + is split over several subvolumes, and most users won't want to define + all the partitions again. On the other hand a lot of core functionality (e.g. + configuring a SSH certificate for the root user or adding a configuration + file) requires access to those subvolumes. + For better usability in addition to Ignition's own mount / umount stage all + files systems tagged for being mounted in the initrd ("x-initrd.mount" mount + flag) will automatically be mounted / umounted. +* ignition-setup-user.service / ignition-setup-user.sh: + The user configuration can be stored on a device with the label "ignition" + (e.g. by attaching a USB flash drive with that name) instead of using the + platform specific configuration storage mechanism. +* ignition-userconfig-timeout*.conf: + Set timeout for Ignition device so boot will just continue if no physical + Ignition configuration device is attached (e.g. when using platform + specific configuration). +* ignition-rmcfg-suse.conf: + Adapt systemd service to match our own packaging: We do not support + ConditionFirstBoot, and additionally support auto-detection of the platform + (see ignition-suse-generator), so the detection whether the stage should be + called has to be done via shell script. +* ignition-touch-selinux-autorelabel.conf: + Trigger SELinux autorelabel after Ignition runs; Ignition would support + SELinux itself, however this is a compile time option, so it can't be + used here. +* ignition-suse-generator: + Replaces the upstream generator by making use of firstboot.target provided + by combustion and hooking up the services provided by this module. + Additionally it will try to autodect the platform if it is not set on the + kernel command line. +* ignition-enable-network.service / ignition-enable-network.sh: + Ignition supports detection whether the configuration requires networking + to avoid having to boot with networking enabled even when it isn't + necessary; the actual implementation to start the network is left to the + distribution. +* ignition-kargs-helper: + Distribution specific helper script to implement kernel argument support. diff --git a/_service b/_service new file mode 100644 index 0000000..030e5f5 --- /dev/null +++ b/_service @@ -0,0 +1,14 @@ + + + 2.19.0 + v2.19.0 + https://github.com/coreos/ignition + git + enable + + + xz + *.tar + + + diff --git a/_servicedata b/_servicedata new file mode 100644 index 0000000..f71a333 --- /dev/null +++ b/_servicedata @@ -0,0 +1,6 @@ + + + https://github.com/coreos/ignition + 09c99e0305adc1377b87964a39ad2d009aec9b12 + + \ No newline at end of file diff --git a/ignition-2.19.0.tar.xz b/ignition-2.19.0.tar.xz new file mode 100644 index 0000000..ddaa47d --- /dev/null +++ b/ignition-2.19.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0c656c0057a044750bdb71879b15fc8a9a1cbb24ab70436510b0e4babeead5dd +size 2959560 diff --git a/ignition-enable-network.service b/ignition-enable-network.service new file mode 100644 index 0000000..83d7af3 --- /dev/null +++ b/ignition-enable-network.service @@ -0,0 +1,23 @@ +[Unit] +Description=Start network if needed +ConditionPathExists=/etc/initrd-release +DefaultDependencies=false +After=basic.target + +# Triggering conditions for cases where we need network +ConditionPathExists=|/run/ignition/neednet + +# Creates /run/ignition/neednet +After=ignition-fetch-offline.service +# Needs networking +Before=ignition-fetch.service + +# See hack in coreos-enable-network, as well as coreos-copy-firstboot-network.service; +# adapted for SUSE / wicked use +After=dracut-cmdline.service +Before=dracut-initqueue.service nm-initrd.service + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/sbin/ignition-enable-network diff --git a/ignition-enable-network.sh b/ignition-enable-network.sh new file mode 100644 index 0000000..dad9cce --- /dev/null +++ b/ignition-enable-network.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +. /lib/dracut-lib.sh + +if [ -f /run/ignition/neednet ] && ! getargbool 0 'rd.neednet'; then + echo "rd.neednet=1" > /etc/cmdline.d/40-ignition-neednet.conf + + # Re-trigger generation of network rules and apply them + if [ -e /lib/dracut/hooks/pre-udev/60-net-genrules.sh ]; then + # Wicked + . /lib/dracut/hooks/pre-udev/60-net-genrules.sh + udevadm control --reload + udevadm trigger --subsystem-match net --action add + else + # NetworkManager + . /lib/dracut/hooks/cmdline/99-nm-config.sh + fi +fi diff --git a/ignition-kargs-helper b/ignition-kargs-helper new file mode 100644 index 0000000..44551ee --- /dev/null +++ b/ignition-kargs-helper @@ -0,0 +1,79 @@ +#!/bin/bash +# Based on Ignition's examples/ignition-kargs-helper + +set -euxo pipefail + +grubcfg="/sysroot/etc/default/grub" + +# Mount root file system. Note that we mount /boot but we don't unmount it +# because we are run in a systemd unit with MountFlags=slave so it is unmounted +# for us. +. /dracut-state.sh +mount "${root#block:}" "${NEWROOT}" +# Also mount x-initrd.mount flagged mounts to get the current /etc state +awk '$4 ~ /x-initrd.mount/ { system("findmnt /sysroot" $2 " >/dev/null || mount -t " $3 " -o " $4 " " $1 " /sysroot" $2) }' /sysroot/etc/fstab + +orig_kernelopts="$(grep GRUB_CMDLINE_LINUX_DEFAULT "${grubcfg}")" +orig_kernelopts="${orig_kernelopts#*=}" +# trim the leading and trailing quote +orig_kernelopts="${orig_kernelopts:1:-1}" + +# add leading and trailing whitespace to allow for easy sed replacements +kernelopts=" $orig_kernelopts " + +while [[ $# -gt 0 ]] +do + key="$1" + + case $key in + --should-exist) + arg="$2" + # don't repeat the arg + if [[ ! "${kernelopts[*]}" =~ " ${arg} " ]]; then + kernelopts="$kernelopts$arg " + fi + shift 2 + ;; + --should-not-exist) + kernelopts="$(echo "$kernelopts" | sed "s| $2 | |g")" + shift 2 + ;; + *) + echo "Unknown option" + exit 1 + ;; + esac +done + +# trim the leading and trailing whitespace +kernelopts="$(echo "$kernelopts" | sed -e 's,^[[:space:]]*,,' -e 's,[[:space:]]*$,,')" + +# only apply the changes & reboot if changes have been made +if [[ "$kernelopts" != "$orig_kernelopts" ]]; then + combustiondir="/run/combustion/mount/combustion" + # The Combustion script may be located on an external device; if so the + # device is guaranteed to mounted here already: + # combustion-prepare: Before=dracutinitqueue.service + # ignition-fetch: After=basic.target + # Unmount the device, as the new Combustion script will be put at the + # same location below. + if findmnt "${combustiondir}"/.. >/dev/null; then + umount "${combustiondir}"/.. + fi + mkdir -p "${combustiondir}" + # escape escapes to survive the multiple shell invocations + kernelopts="${kernelopts//\\/\\\\\\\\}" + kernelopts="${kernelopts//$/\\\$}" + cat << EOF > "${combustiondir}/script" +sed -i "s|^\(GRUB_CMDLINE_LINUX_DEFAULT=\).*|\1\"$kernelopts\"|" /etc/default/grub +/usr/sbin/grub2-mkconfig > /boot/grub2/grub.cfg +EOF + SYSTEMD_OFFLINE=1 combustion + + # Reset health-checker to prevent an unintended rollback + echo "Clearing GRUB flag" + chroot /sysroot grub2-editenv - set health_checker_flag=0 || true + + systemctl reboot --force +fi + diff --git a/ignition-mount-initrd-fstab.service b/ignition-mount-initrd-fstab.service new file mode 100644 index 0000000..c6c9cba --- /dev/null +++ b/ignition-mount-initrd-fstab.service @@ -0,0 +1,20 @@ +[Unit] +Description=Mount initrd fstab entries for Ignition +DefaultDependencies=false +Before=ignition-complete.target + +# Make sure ExecStop= runs before we switch root +Before=initrd-switch-root.target + +After=initrd-root-fs.target +After=ignition-remount-sysroot.service + +# Run only after Ignition's mount stage - mount points configured by Ignition +# itself will be skipped below, just mount the rest. +Requires=ignition-mount.service +After=ignition-mount.service +Before=ignition-files.service + +[Service] +Type=oneshot +ExecStart=/bin/sh -e -c 'eval $(awk '"'"'$4 ~ /x-initrd.mount/ && $1 !~ /^#/ {print "if ! findmnt /sysroot" $2 " >/dev/null; then mount -t " $3 " -o " $4 " " $1 " /sysroot" $2 "; fi;" }'"'"' /sysroot/etc/fstab)' diff --git a/ignition-remove-reconfig_system.service b/ignition-remove-reconfig_system.service new file mode 100644 index 0000000..a33c48c --- /dev/null +++ b/ignition-remove-reconfig_system.service @@ -0,0 +1,21 @@ +[Unit] +Description=Disable firstboot wizard if ignition ran + +# Make sure ignition completed +After=ignition-complete.target +# Don't race with combustion +After=combustion.service + +# Make sure /sysroot/etc and var are available +After=initrd-parse-etc.service +RequiresMountsFor=/sysroot/etc +RequiresMountsFor=/sysroot/var + +ConditionPathExists=/sysroot/etc/.ignition-result.json +ConditionPathExists=/sysroot/var/lib/YaST2/reconfig_system + +[Service] +Type=oneshot +RemainAfterExit=yes +# Use grep to avoid pulling in jq +ExecStart=/bin/sh -ec 'if grep -q "\\"userConfigProvided\\":.*true" /sysroot/etc/.ignition-result.json; then rm /sysroot/var/lib/YaST2/reconfig_system; fi' diff --git a/ignition-rmcfg-suse.conf b/ignition-rmcfg-suse.conf new file mode 100644 index 0000000..77f3aa4 --- /dev/null +++ b/ignition-rmcfg-suse.conf @@ -0,0 +1,9 @@ +[Unit] +ConditionFirstBoot= +ConditionKernelCommandLine= +ConditionKernelCommandLine=|ignition.firstboot + +[Service] +ExecStart= +ExecStart=/bin/bash -c 'if [ "${PLATFORM_ID}" = virtualbox -o "${PLATFORM_ID}" = vmware ]; then /usr/sbin/ignition-rmcfg --platform=${PLATFORM_ID}; fi' + diff --git a/ignition-setup-user.service b/ignition-setup-user.service new file mode 100644 index 0000000..c960952 --- /dev/null +++ b/ignition-setup-user.service @@ -0,0 +1,21 @@ +[Unit] +Description=Ignition User Config Setup +Documentation=https://build.opensuse.org/package/view_file/devel:kubic:ignition/ignition/README.SUSE?expand=1 +ConditionPathExists=/etc/initrd-release +DefaultDependencies=false + +# We run before config fetch because we may copy in new/different configs +# for Ignition to consume. +Before=ignition-fetch-offline.service + +OnFailure=emergency.target +OnFailureJobMode=isolate + +Wants=dev-disk-by\x2dlabel-ignition.device +After=dev-disk-by\x2dlabel-ignition.device + +[Service] +Type=oneshot +RemainAfterExit=yes +MountFlags=slave +ExecStart=/usr/sbin/ignition-setup-user diff --git a/ignition-setup-user.sh b/ignition-setup-user.sh new file mode 100644 index 0000000..5d29700 --- /dev/null +++ b/ignition-setup-user.sh @@ -0,0 +1,39 @@ +#!/bin/bash +set -euo pipefail + +copy_file_if_exists() { + src="${1}"; dst="${2}" + if [ -f "${src}" ]; then + echo "Copying ${src} to ${dst}" + cp "${src}" "${dst}" + else + echo "File ${src} does not exist.. Skipping copy" + fi +} + +destination=/usr/lib/ignition +mkdir -p $destination + +# systemd v256 now runs the initrd with ProtectSystem=yes, which makes /usr +# read-only. Just remount it rw until we have: +# https://github.com/coreos/ignition/issues/1891 +if [ ! -w /usr ]; then + mount -o rw,remount /usr +fi + +if command -v is-live-image >/dev/null && is-live-image; then + # Live image. If the user has supplied a config.ign via an appended + # initrd, put it in the right place. + copy_file_if_exists "/config.ign" "${destination}/user.ign" +else + # We will support a user embedded config in the boot partition + # under $bootmnt/ignition/config.ign. Note that we mount /boot + # but we don't unmount boot because we are run in a systemd unit + # with MountFlags=slave so it is unmounted for us. + bootmnt=/mnt/boot_partition + mkdir -p $bootmnt + if [ -e /dev/disk/by-label/ignition ]; then + mount /dev/disk/by-label/ignition $bootmnt + fi + copy_file_if_exists "${bootmnt}/ignition/config.ign" "${destination}/user.ign" +fi diff --git a/ignition-suse-generator b/ignition-suse-generator new file mode 100644 index 0000000..94f4ede --- /dev/null +++ b/ignition-suse-generator @@ -0,0 +1,53 @@ +#!/bin/bash +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- +# ex: ts=8 sw=4 sts=4 et filetype=sh + +set -e + +# Generators don't have logging right now +# https://github.com/systemd/systemd/issues/15638 +exec 1>/dev/kmsg; exec 2>&1 + +UNIT_DIR="${1:-/tmp}" + +cmdline=( $( /run/ignition.env + +. /run/ignition.env + +add_requires ignition-mount-initrd-fstab.service ignition-files.service +add_requires ignition-umount-initrd-fstab.service ignition-files.service +add_requires ignition-enable-network.service ignition-fetch.service + +if [ -z "${PLATFORM_ID}" ]; then + platform="$(systemd-detect-virt || true)" + case "${platform}" in + *vmware*) platform="vmware" ;; + *oracle*) platform="virtualbox" ;; + *kvm*|*qemu*) platform="qemu" ;; + *) platform="metal" ;; + esac + echo "PLATFORM_ID=${platform}" > /run/ignition.env +fi diff --git a/ignition-touch-selinux-autorelabel.conf b/ignition-touch-selinux-autorelabel.conf new file mode 100644 index 0000000..737513d --- /dev/null +++ b/ignition-touch-selinux-autorelabel.conf @@ -0,0 +1,2 @@ +[Service] +ExecStart=/bin/sh -c 'if [ -e /sysroot/etc/selinux/.relabelled ]; then >> /sysroot/etc/selinux/.autorelabel; fi' diff --git a/ignition-umount-initrd-fstab.service b/ignition-umount-initrd-fstab.service new file mode 100644 index 0000000..8d87ac8 --- /dev/null +++ b/ignition-umount-initrd-fstab.service @@ -0,0 +1,12 @@ +[Unit] +Description=Unmount initrd fstab entries for Ignition +DefaultDependencies=false +Before=ignition-complete.target +After=ignition-files.service +# Make sure not to unmount the real sysroot-*.mount units +Before=initrd-parse-etc.service + +[Service] +Type=oneshot +ExecStart=/bin/sh -e -c 'if [ -f /sysroot/etc/systemd/system-preset/20-ignition.preset ]; then while read line; do systemctl --root=/sysroot $line; done < /sysroot/etc/systemd/system-preset/20-ignition.preset; fi' +ExecStart=/bin/sh -e -c 'eval $(awk '"'"'$4 ~ /x-initrd.mount/ && $1 !~ /^#/ {print "if findmnt /sysroot" $2 " >/dev/null; then umount -R /sysroot" $2 "; fi;" }'"'"' /sysroot/etc/fstab)' diff --git a/ignition-userconfig-timeout-arm.conf b/ignition-userconfig-timeout-arm.conf new file mode 100644 index 0000000..6225c66 --- /dev/null +++ b/ignition-userconfig-timeout-arm.conf @@ -0,0 +1,2 @@ +[Unit] +JobTimeoutSec=20 diff --git a/ignition-userconfig-timeout.conf b/ignition-userconfig-timeout.conf new file mode 100644 index 0000000..837f44c --- /dev/null +++ b/ignition-userconfig-timeout.conf @@ -0,0 +1,2 @@ +[Unit] +JobTimeoutSec=10 diff --git a/ignition.changes b/ignition.changes new file mode 100644 index 0000000..9e23e5f --- /dev/null +++ b/ignition.changes @@ -0,0 +1,1592 @@ +------------------------------------------------------------------- +Thu Jul 25 13:11:44 UTC 2024 - Ignaz Forster + +- Apply (temporary) upstream patch from fedora-coreos-config for + compatibility with systemd 256. + +------------------------------------------------------------------- +Mon Jun 10 14:24:04 UTC 2024 - iforster@suse.com + +- Update to version 2.19.0: + * Support LUKS encryption using IBM CEX secure keys on s390x + * providers: add "akamai" provider +- Adding %check section +- Build scripts are executable by themselves now, remove explicit + Bash call + +------------------------------------------------------------------- +Fri Mar 08 11:49:12 UTC 2024 - iforster@suse.com + +- Update to version 2.18.0: + * NEWS: update 2.18.0 + * azure: retry HTTP requests on codes 404, 410, and 429 + * docs: add missing scaleway link + * providers: add scaleway + * resource/url: customize local address (port) + * stages/files: filter out non-existent paths before relabeling + * docs/release-notes: tweak dracut module change + * Bump minimum Go version to 1.20 + * dracut: Don't include the ignition module by default + * ci: cancel previous build on PR update + * Sync repo templates ⚙ + * Update build(deps) +- Remove because included in upstream now: + 0005-dracut-Don-t-include-the-ignition-module-by-default.patch +- Increased required Go version + +------------------------------------------------------------------- +Fri Mar 1 12:53:50 UTC 2024 - Fabian Vogt + +- module-setup.sh: Use $dracutsysrootdir + +------------------------------------------------------------------- +Fri Nov 24 13:20:31 UTC 2023 - iforster@suse.com + +- Update to version 2.17.0: + * NEWS: update 2.17.0 + * packit: add initial support + * Bump minimum Go version to 1.19 + * Add vsock modules into ramdisk + * Sync repo templates ⚙ + * providers/applehv: Add Apple Hypervisor + * tests/blackbox: allow skipping critical logging check + * stages/disks: retry `sgdisk --zap-all` invocation + * Add optionally-installed grub2 code + * internal/exec/stages/disks: prevent races with udev + * providers/hetzner: add support for Hetzner Cloud + * docs: expand development docs and rationale + * doc/development: list the test frameworks + * docs/development: improve formatting of blackbox section + * build(deps): updated dependencies +- Increased required Go version +- Removed Changelog part of + 0005-dracut-Don-t-include-the-ignition-module-by-default.patch - + the information is part of the patch description already and + conflicts with the upstream Changelog. + +------------------------------------------------------------------- +Wed Sep 6 15:29:10 UTC 2023 - Fabian Vogt + +- Amend patch to fix race condition with kiwi: + * 0005-dracut-Don-t-include-the-ignition-module-by-default.patch + +------------------------------------------------------------------- +Fri Aug 25 13:19:15 UTC 2023 - Ignaz Forster + +- Patch file cleanup: + * Improve description of + 0003-Move-the-GPT-header-on-resized-disks.patch + * Rename + 0001-Order-ignition-disks.service-before-systemd-fsck-roo.patch + to + 0004-Order-ignition-disks.service-before-systemd-fsck-roo.patch + * Rename + 0001-dracut-Don-t-include-the-ignition-module-by-default.patch + to + 0005-dracut-Don-t-include-the-ignition-module-by-default.patch + +------------------------------------------------------------------- +Wed Aug 23 13:47:34 UTC 2023 - Fabian Vogt + +- Omit ignition module in initrds for already configured systems: + * Add 0001-dracut-Don-t-include-the-ignition-module-by-default.patch + * Edit module-setup.sh +- Add explicit dep on combustion in module-setup.sh +- Replace ignition-dracut-grub2 with combustion's firstboot.target: + * Add 0001-Order-ignition-disks.service-before-systemd-fsck-roo.patch + * Edit ignition-suse-generator + * Edit ignition-umount-initrd-fstab.service + * Edit module-setup.sh + * Drop 02_ignition_firstboot + * Drop ignition-firstboot-complete.service + * Adjust README.SUSE +- Edit ignition-umount-initrd-fstab.service to not rely on combustion + units forcing proper order + +------------------------------------------------------------------- +Wed Aug 23 13:33:29 UTC 2023 - Ignaz Forster + +- Fix segmentation fault if filesystem section of Ignition JSON + doesn't contain path entry +- Add 0003-Move-the-GPT-header-on-resized-disks.patch to make it + possible to create partitions on resized disk images +- Add dm and crypt modules as dependencies to make it possible to + configure a luks device +- Fix patch file metadata in 0001-ignore-missing-qemu-blockdev.patch + and 0002-allow-multiple-mounts-of-same-device.patch + +------------------------------------------------------------------- +Thu Jul 13 20:08:51 UTC 2023 - iforster@suse.com + +- Update to version 2.16.2: + * dracut: make hv_utils module optional + * Fix build on 32-bit systems + * Doc updates + * build(deps) updates + * providers/qemu: read modprobe path from distro package + * Add support for Hyper-V platform + * internal/exec: don't relabel a mountpoint that already exists + * internal/exec/util: check if unit exists before disabling + * Dockerfile.validate: update to Fedora 38 + * generate: simplify build of doc generator + * platform: allow provider fetch to save files to write from files stage + * templates: update CI ratchet procedure for Butane spec stabilization + * go.mod: add deep-copy package + * providers: rename noop to metal + * platform: drop function pointer indirection for fetch method + * providers: add Config wrapper structs for cmdline and system providers + * internal: empty out providers base package + * internal: move provider registrations out of platforms package + * templates/stabilize-checklist: disable tests using exp Butane config + * providers/vmware: rename some structs + * internal: move stage registration into a separate package + * platform: avoid needless function pointer indirection in methods + * tests: port to xfsprogs 5.19+ + * test: ShellCheck fixes + +------------------------------------------------------------------- +Thu Mar 9 17:55:16 UTC 2023 - Ignaz Forster + +- Add `dasd_mod.dasd=autodetect` to kernel command line parameters + (for Ignition device support on S/390) [boo#1207903] + +------------------------------------------------------------------- +Mon Feb 27 13:09:37 UTC 2023 - iforster@suse.com + +- Update to version 2.15.0: + * Features + * Support offline Tang provisioning via pre-shared advertisement (3.4.0) + * Allow enabling discard passthrough on LUKS devices (3.4.0) + * Allow specifying arbitrary LUKS open options (3.4.0) + * Ship aarch64 macOS ignition-validate binary in GitHub release artifacts + * Changes + * Mark the 3.4.0 config spec as stable + * No longer accept configs with version 3.4.0-experimental + * Create new 3.5.0-experimental config spec from 3.4.0 + * Fail if files/links/dirs conflict with systemd units or dropins + * Warn if template for enabled systemd instance unit has no Install section + * Warn if filesystem overwrites partitioned disk + * Warn if wipeTable overwrites a filesystem that would otherwise be reused + * Warn if user/group specified for hard link + * Install ignition-apply in /usr/libexec + * Allow distros to add Ignition command-line arguments from a unit drop-in + * Convert NEWS to Markdown and move to docs site + * Require Go 1.18+ + * Bug fixes + * Don't overwrite LUKS1 volume when storage.luks.wipeVolume is false + * Request network when custom Clevis config has needsNetwork set + * Fix creating LUKS volume with custom Clevis config that uses TPM2 + * Avoid logging spurious error when a LUKS volume wasn't previously formatted + * Fix version string in ignition-validate release container + * Fix reproducibility of systemd preset file in ignition-apply output + * Document that user/group fields aren't applied to hard links + * Clarify spec docs for files/directories/links group fields +- Modified 0002-allow-multiple-mounts-of-same-device.patch to add + new Ignition spec version +- Add 0001-ignore-missing-qemu-blockdev.patch [bsc#1207679] to + support booting without configuration device on s390x. +- Move all /usr/libexec contents to %sbindir + +------------------------------------------------------------------- +Tue Aug 2 11:28:11 UTC 2022 - Fabian Vogt + +- ignition-enable-network.sh: Use /lib/dracut/hooks directly + instead of the usr-merged location which isn't available everywhere + (bsc#1201957) + +------------------------------------------------------------------- +Wed May 18 12:37:46 UTC 2022 - iforster@suse.com + +- Update to version 2.14.0: + * NEWS: update v2.14.0 + * docs/operator-notes: add section on provisioning secrets + * Dockerfile.validate: build with Fedora 36 + * internal/resource: fix gs:// fetches in GCE without a service account + * docs/operator-notes: document supported S3 URL formats + * internal/resource: fix S3 access point object ARNs + * exec/util: fix infinite loop in Depth() if -root is relative + * Add ignition-delete-config.service and ignition-rmcfg symlink + * providers/virtualbox: support deleting Ignition configs + * providers/virtualbox: add comment referencing VirtualBox source + * providers/virtualbox: add define for GUEST_PROP_FN_GET_PROP + * providers/virtualbox: add helper to set up hypervisor connection + * providers/vmware: support deleting Ignition configs + * main: add ignition-rmcfg multicall binary + * go.mod: add github.com/beevik/etree + * providers/vmware: switch to internal copy of OVF parser + * internal/resource: fix bucket field in error message + * internal/resource: derive AWS region hint from ARN partition field + * internal/resource: simplify test + * internal/resource: fix minor nits + * provider/azure: try to fetch userdata from IMDS + * providers/vmware: convert OVF tests to testify + * providers/vmware: drop vmw-ovflib docs + * providers/vmware: add verbatim copy of vmw-ovflib + * providers/vmware: add constants for guestinfo and OVF property names + * providers/virtualbox: fix reading properties with flags + * internal/resource: support S3 access point URLs +- Update fixes CVE from [bsc#1199524]; this introduces a new + service "ignition-delete-config.service" +- Add ignition-rmcfg-suse.conf dropin to adapt to SUSE environment +- Use fixed paths in spec file for hardcoded installation paths + +------------------------------------------------------------------- +Fri Apr 8 13:47:56 UTC 2022 - Ignaz Forster + +- Use /bin/sh instead of /usr/bin/sh (for backwards compatibility + with SLE Micro 5.1) [bsc#1196679] + +------------------------------------------------------------------- +Tue Apr 5 14:57:20 UTC 2022 - Ignaz Forster + +- ignition-mount-initrd-fstab.service: + - Don't ignore errors in loops + - Unmount mount points recursively - a new submount may have + appeared + - Split umount part into own service file: +- ignition-umount-initrd-fstab.service: + - Unmounts the additional mounts as soon as they are not + required for Ignition any more; the ExecStop operation is + running quite late in initrd and may unmount essential mount + points flagged with "x-initrd.mount" (e.g. when storing /usr on + a separate mount point). In theory this will also affect + Ignition itself, but it hasn't been reported as a problem so + far. + +------------------------------------------------------------------- +Mon Apr 4 17:23:10 UTC 2022 - Ignaz Forster + +- Don't include non-MarkDown files in documentation + +------------------------------------------------------------------- +Fri Mar 25 09:59:53 UTC 2022 - Ignaz Forster + +- Add ignition-touch-selinux-autorelabel.conf: + Trigger SELinux autorelabel after Ignition runs; Ignition would + support SELinux itself, however this is a compile time option, so + it can't be used here. +- Filter commented lines in ignition-mount-initrd-fstab.service + +------------------------------------------------------------------- +Fri Mar 4 10:46:21 UTC 2022 - Fabian Vogt + +- Remove /var/lib/YaST2/reconfig_system if a config was provided: + * ignition-remove-reconfig_system.service + +------------------------------------------------------------------- +Fri Mar 4 10:23:10 UTC 2022 - Fabian Vogt + +- Add support for NetworkManager in dracut: + * ignition-enable-network.service, ignition-enable-network.sh + +------------------------------------------------------------------- +Wed Dec 01 09:36:14 UTC 2021 - iforster@suse.com + +- Update to version 2.13.0: + * news: add notes for 2.13.0 + * config/v3_4_exp: noProxy entries cannot be null + * config/v3_4_exp: mark ignition.version as required + * docs/supported-platforms: add some description about Nutanix + * providers/nutanix: add Nutanix platform + * tests: use umountPath as a thin wrapper around umountPartition + * internal/providers: refactor handling of unmounting the mount path + * tests: address gostatic-check warning + * tests: Add base64 decoding test + * Dockerfile.validate: build with Fedora 35 + * go.mod: update dataurl to 1.0.0 + * ci: give blackbox tests two hours to run + * tests/filesystem: fix umountPartition retry loop + * templates: skip vendoring the new version in favor of dependabot + * go.mod: update vcontext + * providers/virtualbox: read config from /Ignition/Config guest property + * stages/filesystems: use mkfs.fat instead of mkfs.vfat + * docs/supported-platforms: switch to Afterburn docs URL + * docs/supported-platforms: drop reference to platform-specific agents + * test: ensure all platforms are documented + * docs/supported-platforms: add missing platforms + * stages/files: rename `relabelDirsForFile` and add docstring + * stages/files: make variable name follow Go convention + * docs/supported-platforms: update platform names and URLs + * docs/supported-platforms: sort by platform ID + * docs/supported-platforms: add platform IDs + * docs: Remove default layout from front matter + * docs: Do not convert -- & --- to en/em-dash + * internal/*: change the location of Ignition report + * internal/exec/util: rename FindFirstMissingDirForFile and tweak docs + * providers/qemu: start reporting progress reading fw_cfg after 10 s + * providers/qemu: optimize fw_cfg read size + * ci: use coreos-ci-lib helper for kola testiso + * *: gofmt 1.17 + * workflows: bump Go and golangci-lint + * config: update versions in comments +- Removed obsolete ignition-rpmlintrc + +------------------------------------------------------------------- +Mon Aug 23 14:22:10 UTC 2021 - Ignaz Forster + +- Make sure to create /boot/writable (may not be present in some + images) + +------------------------------------------------------------------- +Thu Aug 12 17:42:59 UTC 2021 - Ignaz Forster + +- is-live-image doesn't exist on *SUSE, and our live images don't + use Ignition, so just add the Ignition device dependency to the + service file directly. + +------------------------------------------------------------------- +Mon Aug 09 08:51:52 UTC 2021 - iforster@suse.com + +- Update to version 2.12.0: + * news: add notes for 2.12.0 + * stages/files: add previousReport to result report + * tests: fix linter warning + * workflows: limit permissions to reading repo contents + * workflows: bump linter version + * go.mod: revendor + * Drop EOL Go versions + * internal/distro: drop DiskByIDDir + * providers/azure: add support for azure gen2 VMs [bsc#1196679] + * stages/mount: correctly relabel the root of a fresh ext4 filesystem + * exec: fix permissions for mountpoints in home dirs + * tests: drop os.ModeDir requirement in mode of output directories + * examples: reboot with --force + * exec/util: add blkid API to query block devices based on FSTYPE + * stages/files: use IntToPtr() in createCrypttabEntries() + * stages/files: write result report to /var/lib/ignition + * engine: persist fetched config summaries in State + * stages/disks: use State to persist keyfiles for files stage + * *: add general mechanism for persisting state between stages + * main: drop -clear-cache flag + * engine: don't hardcode neednet path + * fetch-offline: return ErrNeedNet if we need net + * engine: switch Engine.logReport() to pointer receiver + * engine: fix incorrect error in log message + * dracut: drop ignition-setup-user.service + * dracut: drop reference to ignition-setup-base.service + * providers/gcp: access GCP metadata service by IP address + * Remove ignition-firstboot-complete.service + * OWNERS: remove + * internal/exec/util: drop device argument from cResultToErr() + * docs/config*: document storage.luks.clevis.threshold default + * ci: disable spec bump external test workaround + * docs: Add Ignition release / Spec version table + * templates: update example releng signing ticket + * templates: don't update %gotest lines +* Provide ignition-firstboot-complete.service (removed by upstream + due to correctly being considered distro spcific), based on the + old upstream version; removed all non-SUSE specific stuff and + integrated our own changes +* Removed change-ignition-firstboot-path.conf (changes are + integrated into ignition-firstboot-complete.service now). +* Provide ignition-setup-user.service (removed by upstream due + to correctly being considered distro spcific), based on the old + upstream version. +* Renamed ignition-setup-user-suse.sh to ignition-setup-user.sh +* Adapted ignition-generator-suse and module-setup.sh to use the + custom ignition-setup-user.service (no overriding of parts of the + service file necessary any more). +* Synced ignition-kargs-helper script with upstream example +* Raising minimum Go version to 1.15 as required by upstream + +------------------------------------------------------------------- +Wed Jul 28 09:16:19 UTC 2021 - Thorsten Kukuk + +- Include vfat and nls kernel modules into initrd so that we can + read the ignition configuration from USB drives [bsc#1184202] + +------------------------------------------------------------------- +Wed Jul 21 14:33:48 UTC 2021 - Ignaz Forster + +- Ignore error return code if no virtualization environment + detected. [bsc#1188479] + This makes it possible to use Ignition also on bare metal (e.g. + when dumping images directly to disk) without adding a + ignition.platform.id parameter. + +------------------------------------------------------------------- +Thu Jul 8 10:47:50 UTC 2021 - Ignaz Forster + +- If a Combustion device was mounted, then unmount it in + ignition-kargs-helper - the replacement script will be put on + the same location + +------------------------------------------------------------------- +Wed Jul 07 16:39:04 UTC 2021 - iforster@suse.com + +- Update to version 2.11.0: + * news: add notes for 2.11.0 + * Upgraded docs + * config/*: return report from previous parser when chaining + * config/*: re-order testcases by version + * tree: update for stable v3.3.0 and new v3.4.0-experimental + * config/v3_4_experimental: adapt for experimental + * config/v3_4_experimental: copy from config/v3_3 + * config/v3_3: adapt for stabilization + * config/v3_3_experimental: rename to config/v3_3 + * config/v3_3_exp: pointerify ClevisCustom Config and Pin + * config/v3_3_exp: pointerify Raid.Level + * config/v3_3_exp: pointerify LinkEmbedded1.Target + * stages/disks: simplify a check + * config/v3_1/translate: don't point to field from input struct + * config/v3_3_exp: drop devices from schema "required" field + * config/*: validate that storage.raid.devices is non-empty + * config/*/types: add RAID validation tests + * config/shared/errors: fix ErrSparesUnsupportedForLevel message + * config: fix comment + * *: formally bump Go to 1.13 + * platform: add powervs platform + * internal/providers/*stack: drop dead timeout code + * stages/disks: improve error reporting for LUKS device reuse + * ignition-setup-user.service: drop Before=multipathd.service + * Dockerfile: build ignition-validate container using Fedora + * workflows: test on Go 1.16 + * tests/*: verify deletion of block device w/o creating a FS + * *: allow erasing block device without creating a filesystem + * *: rename other projects' master branches to main + * *: rename master branch to main + * config/*: add export functions for parsing any config version < N + * config/*: refactor config.go's Parse() to use GetConfigVersion + * config/* : minor cleanup +- Refreshed to match new Ignition spec + * 0002-allow-multiple-mounts-of-same-device.patch + +------------------------------------------------------------------- +Wed Jul 7 16:05:49 UTC 2021 - Ignaz Forster + +- Implement missing ignition-kargs-helper script for kernel + argument support + +------------------------------------------------------------------- +Mon May 31 14:57:06 UTC 2021 - rpm@fthiessen.de + +- Update to version 2.10.1: + * Breaking Changes: + * Rename Custom struct to ClevisCustom + * Embed Clevis and ClevisCustom structs in parents + * Always include interior nodes in merge transcript + * Add kernel argument support + * Fix fetching userdata on AWS when IMDSv1 is disabled + * Fix creating Tang-based LUKS volumes before network is up + * Document storage.filesystems.wipeFilesystem default + * Fix file mode of ignition-kargs-helper script +- Fix Go dependency, 1.13+ is required + +------------------------------------------------------------------- +Wed Mar 31 16:03:16 UTC 2021 - hello@anthonyrabbito.com + +- Update to version 2.9.0: + * news: add notes for 2.9.0 + * internal/providers: Run platform Init function before fetching config + * internal/providers/aws: fix panic when an IMDSv2 token is present + * internal/resource/http: re-order initial backoff ramping + * internal/providers/util: drop dead code + * ci: move Travis jobs to GitHub actions + * *: fix errcheck warnings + * internal/log: drop the error return to appease golanci-lint + * internal/providers/packet: fix ineffassign warning + * internal/exec/stages/files: fix the EntrySort test + * internal: support IMDSv2 for AWS metadata service + * config/*: require filesystems.format with wipeFilesystem or mountOptions + * docs: make storage.filesystems.path field optional + * aws: Log if we fail to determine the EC2 region + * docs: move systemd.units.name uniqueness constraint to units + * *: fix gosimple warnings + * *: fix deadcode warnings + * *: fix staticcheck warnings + * config/*: fix nil deref on partitions with no number or label + * config: add specs newer than 3.0 to TestConfigStructure + * news: add notes for 2.8.1 + * config/merge: support struct pointers + * test: drop stale comment + * tests: Remove unused checkOnStrings + * news: add notes for 2.8.0 + * config: deprecate MergeStruct() + * config/merge: allow obtaining a transcript of merge operations + * config/merge: access field name as fieldMeta.Name + * config/merge: test primitive list items in slice case 1 + * config/merge: fix typo + * config/merge: fix comments and add a couple more + * config/util: remove stray print when parsing invalid JSON + * vendor: update vcontext + * docs/development: update dep list for blackbox tests + * tests/positive: Add tests for masking and unmasking units + * units: add support for unmasking systemd units + * release-checklist: minor updates to the release instructions + * tests/positive/general: add test for merging multiple base configs + * tests/positive/general: update base config reference + * docs/development: update spec stabilization to avoid CI breakage + * release-checklist: drop download_ignition.sh + * providers/system: support .d directory for base config fragments + * docs/migrating-configs: spell out Google Cloud Storage + * release-checklist: update packaging section + +------------------------------------------------------------------- +Tue Nov 3 14:40:58 UTC 2020 - Franck Bui + +- Replace '%service_del_postun -n' with '%service_del_postun_without_restart' + + '-n' is deprecated and will be removed in the future. + +------------------------------------------------------------------- +Mon Oct 19 15:39:37 UTC 2020 - iforster@suse.de + +- Update to version 2.7.0: + * news: add notes for 2.7.0 + * docs: stabilize spec + * gomod: bump go.opencensus.io to v0.22.5 + * docs: add section to spec stabilization for failing external tests + * news: fix error in 2.3.0 changelog + * tests: update for spec stabilization + * internal: update for new experimental spec + * config/v3_3_experimental: create new experimental package + * config/v3_2_experimental: mark stable + * interal/providers/*stack: drop timeout for config fetch + * internal/providers/*stack: exit early if all configs error out + * internal/providers/*stack: make ErrNotFound authoritative + * doc: add clevis custom documentation + * internal/exec/stages: add clevis custom support + * config: add custom options for clevis devices + * fetch-offline: immediately return ErrNeedNet on OpenStack + * ci: unfreeze kernel + * tests/*: add test for resizing an existing partition + * docs/*: add resize partition info + * stages/disks: support resizing an existing partition + * config: add resize to schema + * README: Minor changes for consistency + * test: Use alternative marker for testing ignition config examples + * docs: Convert and improve formatting for INI sections + * docs: Add spec ordering instructions for new stable releases + * docs: Add ToC for some long pages + * docs: Rename Migrating ... to Upgrading Configs + * docs: Fix link in Development page + * docs: Add specs reference page + * docs: Add index page inspired from README + * docs: Add Config Validation example from README + * docs: Add Jekyll front matter for existing pages + * docs: Add Jekyll and theme config + * internal: fix S3 region detection + * docs: Follow-up for doc->docs renaming + * docs: Rename doc to docs for GitHub Pages support + * docs/getting-started: tiny cleanups + * README: drop stray link target + * doc: drop references to Container Linux + * doc/development: drop section on running blackbox tests on CL + * doc: add gs url scheme for bare metal platform + * fetch: don't run if fetch-offline fetched a config + * doc: fix LUKS indentation for configuration-v3_2_experimental docs + * doc: Add shouldExist for users and groups + * engine: fix logging interactions with fetch-offline + * AzureStack: fix unfortunate typo of iso9660 + * *: add wipeVolume LUKS field + * types: Use "path" instead of "path/filepath" + * Add support for building 32 bit ARM version + * Install Dracut modules with correct permissions + * Add support for building 32 bit x86 version + * doc: add LUKS examples & operator notes + * internal/stages/disks: allow LUKS device re-use + * internal: use device aliases for LUKS + * tests: fix partition.number0 partition size specification + * blkid: drop some unsafe pointer casts + * blkid: fix invalid pointer cast in DumpDisk() + * {sgdisk,blkid}: use int64 for sector counts + * sgdisk: stop putting sector counts in MiB fields + * README: note that spec2x is unmaintained + * release-checklist: drop support for Ignition 0.x + * release-checklist: minor updates +- Remove upstreamed patches + * 0001-fix-install-permissions.patch + * 0003-fix-i386-build.patch + * ignition-fix-arm32-installation.patch +- Refreshed to match new Ignition spec + * 0002-allow-multiple-mounts-of-same-device.patch + +------------------------------------------------------------------- +Fri Sep 18 06:33:02 UTC 2020 - Ignaz Forster + +- Retrigger udev when requesting networking on demand + +------------------------------------------------------------------- +Fri Sep 4 12:07:21 UTC 2020 - Fabian Vogt + +- 02_ignition_firstboot, ignition-enable-network.sh: Drop ip=dhcp, + it's the default anyway and avoids a delay on boot (boo#1173402) +- 02_ignition_firstboot: Drop rd.neednet=1, both ignition and + combustion enable it themselves when necessary + +------------------------------------------------------------------- +Thu Sep 3 15:04:30 UTC 2020 - Ignaz Forster + +- Change virtualization detection from virt-what to + systemd-detect-virt; this avoids a dependency to a hardcoded + libexec path in module-setup.sh (which broke during the recent + migration to /usr/libexec) + +------------------------------------------------------------------- +Tue Aug 18 11:56:54 UTC 2020 - Guillaume GARDET + +- Add patch to fix install on %arm: + * ignition-fix-arm32-installation.patch + +------------------------------------------------------------------- +Wed Aug 12 09:27:01 UTC 2020 - Ignaz Forster + +- Fixed "ignition presets not applied" (boo#1172510) +- Refresh 0001-fix-install-permissions.patch to match pull request + +------------------------------------------------------------------- +Sun Aug 09 22:06:51 UTC 2020 - kukuk@suse.de + +- Update to version 2.6.0: + * news: add notes for 2.6.0 + * travis: test container build + * README: always run latest release of ignition-validate container + * release-checklist: update Quay release tag + * build_releases: specialize for container build + * Revert "build_releases: drop script" + * ci: use faster compression for buildextend-live + * cloudstack|openstack: propagate ErrNeedNet + * internal/config: allow Ignition generated key-files for all devices + * dracut/30ignition: Add packages to delete users/groups + * tests/positive: Add test for deleting users + * tests/stubs: Add blackbox testing stub for userdel and groupdel + * config: add ShouldExist to schema + * passwd: allow removing the existing users/groups + * Revert "ci: skip rootfs.uuid test while ratcheting ignition-dracut merge" + * ci: drop cosa compress call +- Add 0001-fix-install-permissions.patch: Fix permissions of installed files +- Add 0003-fix-i386-build.patch: Fix build on 32 Bit x86 machines + +------------------------------------------------------------------- +Tue Jul 28 11:16:55 UTC 2020 - kukuk@suse.de + +- Update to version 2.5.0: + Merge of ignition-dracut into ignition; CoreOS specific files have been + removed (they can be found as part of + https://github.com/coreos/fedora-coreos-config now for reference) + * news: add notes for 2.5.0 + * ci: skip rootfs.uuid test while ratcheting ignition-dracut merge + * stages/disks: get filesystem info via device alias + * dracut: remove CoreOS specific modules + * Clean-up post-merge files. + * ci: build metal4k image before live image + * 30ignition: move conditional network startup out of ignition-dracut + * tests/kola: move blackbox tests to its own dir + * build_releases: drop script + * templates: update checklist for current process + * dracut/30ignition: fix typo in udev rule + * dracut/30ignition: add Ignition LUKS + * make: install systemd unit as non-executable + * 30ignition: make var in dracut_func local + * Add new ignition-fetch-offline.service + * ci: test with git master of coreos/ignition + * 30ignition: GPT setup: wait for 'boot' labeled partition + * 30ignition: add wipefs to the initramfs + * Remove OnFailure= from targets, put in services + * ignition-setup-user.service: run before multipathd + * 30ignition: clean up Ignition stages ordering + * coreos-teardown-initramfs: propagate the automatic multipath conf + * 99emergency-timeout: Dump all failed services + * 30ignition: drop hard requirement on qemu_fw_cfg + * 99emergency-timeout: improve readability of Ignition failure message + * 99emergency-timeout: also check ignition-fetch.service for failure + * coreos-teardown-initramfs-network: don't run when emergency.target + * dracut: add logging to systemd generator + * coreos-teardown-initramfs-network: also propagate hostname + * coreos-teardown-initramfs-network: support coreos.no_persist_ip karg + * coreos-teardown-initramfs-network: consider ifcfg files in real root for RHCOS + * coreos-teardown-initramfs-network: also skip local loopback interface + * coreos-teardown-initramfs-network: do SELinux relabel on copied files + * coreos-teardown-initramfs-network: order ExecStop after other ignition units + * coreos-teardown-initramfs-network: remove After=ignition-files.service + * Add ignition-virtio-dump-journal.service + * Add `basename` dependency to dracut module + * coreos-teardown-initramfs-network: enable the service statically + * coreos-teardown-initramfs-network: simplify networking takedown + * coreos-teardown-initramfs-network: take down routes too + * coreos-teardown-initramfs-network: take down teams as well + * coreos-teardown-initramfs-network: remove state files on switch + * coreos-teardown-initramfs-network: also propagate initramfs networking if desired + * coreos-teardown-initramfs-network: refactor into more functions + * add coreos-teardown-initramfs-network.service + * Declare external applications as optional + * Remove obsolete dependencies + * Hook up to CoreOS CI + * Add ignition-diskful-subsequent.target + * Makefile: Remove grub/ install bits + * Make setfiles optional + * dracut: add some bins for s390x zVM instalation + * README.md: add details about the branches here + * units: add ConditionPathExists=/etc/initrd-release everywhere + * Add ConditionPathExists=/etc/initrd-release to targets + * 30ignition: add setfiles + * 30ignition/ignition-setup-user: mount /boot partition ro + * firstboot-complete: tell zipl to run + * coreos-gpt-setup: workaround old lsblk not having PTUUID + * Add `ignition-subsequent.target` for non-Ignition boots + * ignition-firstboot-complete.service: Run as part of basic.target + * Run ignition-disks earlier to avoid race condition + * 30ignition: update ignition-complete.target OnFailure comment + * dracut: Add an ignition-fetch.service + * 30ignition: drop OnFailure handler from ignition-diskful.target + * 30ignition: fix sequencing of target dependencies + * Add RemainAfterExit=yes to systemd units of Type=oneshot + * Makefile: New file implementing `make install` + * 30ignition: move coreos-gpt-setup RemainAfterExit to correct section + * 30ignition: on live images, read config.ign from custom initrd + * 30ignition: make ignition-diskful a dependency of ignition-complete + * 30ignition: fix double slash in ignition-setup-* dest paths + * systemd: don't try to mark live boots complete + * 30ignition: conditionally enable units requiring a boot disk + * README.md: fix download link + * update-bootengine: drop file + * dracut/30ignition: localize some variables + * ignition: fix correct device path when randomizing UUID + * dracut/30ignition: fix typo in module_setup + * ignition: split ignition-setup into base and user + * dracut/30ignition: scramble disk uuid on 1st boot + * grub: drop 02_ignition_firstboot + * dracut: add 99emergency-timeout + * 30ignition: drop CoreOS specific bits + * dracut/30ignition: link to RHBZ in ignition-complete + * dracut/30ignition: add OnFailure= for ExecStop= services + * dracut/30ignition: order ExecStop= units before initrd-switch-root.target + * dracut/30ignition: re-order directives in remount-sysroot + * dracut/30ignition: add missing Before= for mount unit + * dracut/30ignition: order ignition-complete.target before initrd.target + * module_setup: include cdrom rules for openstack + * dracut: add CoreOS integration services + * dracut/30ignition: Add mount stage and drop OSTree-specific bits + * dracut/30ignition: Explicitly add OnFailure=emergency.target + * 30ignition: ignore coreos.randomize_disk_guid + * 30ignition: drop check for coreos.oem.id + * grub: support overriding network kcmdline args + * README.md: update documentation + * 02_ignition_firstboot: Enable networking if Ignition will run + * dracut/30ignition: expect ignition binary in module directory + * dracut/30ignition: add ignition-complete.target + * dracut/30ignition: split out ignition-setup.service + * dracut/30ignition: Only write ignition-setup.service on first boot + * grub: find boot partition and use it directly + * module-setup.sh: Check for module qemu_fw_cfg not build-in, so it works out of box on all arches + * dracut/30ignition: general hack cleanups + * dracut: adapt for s/oem/platform in Ignition + * ignition-setup: don't perform umount, rely on systemd + * ignition-setup: rename copy function + * services: fixup unit deps to more match CL + * ignition-setup: use MountFlags=slave for systemd unit + * ignition-setup: changes from code review + * ignition-setup: mount/unmount boot to grab user.ign + * dracut: add /usr/sbin/ignition-setup to initramfs + * generator: try to get ignition-setup to run on boot + * generator: RemainAfterExit=yes for ignition-setup + * ignition-setup: support boot or platform base/user configs + * ignition-setup: remove support for default configs + * Remove the check for OEM partition, not used + * Always check for boot, needs to exist + * Replace OEM with boot + * Add ability to parse config.ign file on boot + * journal: add clarifying comment for context + * Remount /sysroot rw (#38) + * ignition-firstboot-complete.service: Remount /boot rw + * Rename `coreos.firstboot` kernel cmdline arg to `ignition.firstboot` to make options more distribution neutral. Update dracut/README.txt to take into account recent changes. + * 30ignition: only instmods if module available + * remove ignition-remount-sysroot.service files + * ignition: run files stage at original CL ordering + * ignition-disks.service: drop Requires=network.target + * ignition-ask-var-mount.service: use RemainAfterExit=yes + * module-setup.sh: explicitly install qemu_fw_cfg + * module-setup: Make mkfs.btrfs optional + * 30ignition: add support for ignition-disks + * journal: Don't log to console AND kmsg + * dracut/ignition: remove CL-legacy udev references + * coreos-firstboot-complete: RemainAfterExit=yes + * change the default level of messages send to kmsg + * Add Journald forward to kernel log buffer option + * fixup! Rework how we run Ignition on first boot + * Rework how we run Ignition on first boot + * Drop 'auto-detect' hacks in generator + * Make ignition work on classic systems + * ignition-generator: add hack for openstack support + * Add ignition-ask-var-mount.service + * no disks for now - boot systemd unit ordering issue + * Run ignition-files after ostree-prepare-root.service + * Prefix remount-sysroot.service with "ignition-" + * README.txt: fix rpm-ostree instruction + * update README + * add back in forwarding journal to console + * get rid of usr-generator module + * For now let's assume ec2 if we are running on xen + * module-setup: update module-setup so deps are pulled in + * module-setup: order install list alphabetically + * README: Note instructions are for classic systems + * ignition-quench.clc: add the source for ignition-quench.ign + * add ignition disks stage + * only run Ignition on first boot + * module-setup.sh should install the binaries Ignition depends on + * reset to 863a8f6 + * Try to fix problem + * Revert "use /etc/machine-id to detect firstboot" + * use /etc/machine-id to detect firstboot + * Make it so we will only run once + * Add README that shows people how to use this + * Hack dracut to just do ignition-files. + * remove extra sauce + * dracut: drop obsolete comment + * 99start-root: drop DEVLINKS from mdadm invocation + * update CoC and legalese + * dracut: ignore Azure SR-IOV VF interface + * dracut: correctly sequence disk-uuid@ before ignition-setup + * dracut: copy Ignition base configs into system dir + * dracut: fix comment + * dracut: consolidate Oracle OCI network units + * dracut: add module to start iSCSI root disk + * dracut: add network units for Oracle OCI + * dracut: move IP/link teardown from a drop-in to a separate unit + * dracut: switch to using gpt partition types + * dracut: add module to assemble root raid array + * update-bootengine: enable terminfo module + * dracut: fail verity-setup.service if verity setup fails + * dracut: update some comments in usr-generator + * dracut: disable systemd-fsck@.service for /usr + * dracut: prevent dev-mapper-usr.device from timing out + * dracut: Move chmod into coreos-overlay with the others + * dracut: Run coreos-static-network before ignition-files + * dracut: add mkswap for ignition-disks + * update-bootengine: take out multipath again with 045 + * dracut: Have ignition depend on the upstream qemu module + * dracut: use coreos-metadata to configure Packet networking on first boot + * dracut: on ec2, disable systemd-networkd if ignition fails + * update-bootengine: Drop amd64-generic from usage text + * dracut: Drop support for diskless amd64-generic + * dracut: disable networkd by default + * dracut: conditionally enable coreos-digitalocean-network.service + * dracut/30ignition: add mkfs.vfat + * Revert "add sysusers to the initramfs" + * add sysusers to the initramfs + * dracut: Don't prompt twice upon reaching a dracut breakpoint + * dracut: Don't instantly reboot upon reaching a dracut breakpoint + * dracut: Unmount /sysroot/boot more carefully + * dracut: teach ignition-generator about kvm + * dracut: Delete /boot/coreos/first_boot after automatic Ignition run + * dracut: Add comment + * Revert "dracut: Use ConditionKernelCommandLine in Ignition units" + * Revert "dracut: Run ignition-files whenever /etc/machine-id doesn't exist" + * Revert "dracut: Randomize disk GUID only after ignition-disks succeeds" + * dracut: Confirm entering emergency shell, reboot otherwise + * dracut: Randomize disk GUID only after ignition-disks succeeds + * dracut: Run ignition-files whenever /etc/machine-id doesn't exist + * dracut: Use ConditionKernelCommandLine in Ignition units + * dracut: Eliminate ignition.target + * dracut: Migrate Ignition unit files from coreos-overlay + * diskless-generator: Fix root directory mode 1777 on tmpfs + * dracut: add qemu detection to ignition generator + * dracut: support initramfs network configuration via cmdline + * verity-generator: use BindsTo for device dependencies + * verity-generator: fix race with disk modification jobs + * dracut: enable coreos-digitalocean-network.service + * dracut: add digitalocean network config + * dracut: include cdrom_id rules + * dracut: install qemu_fw_cfg lkm in ignition module + * dracut: build onto the upstream systemd-networkd module + * dracut: change pxe network config condition + * dracut: set ClientIdentifier=mac for the PXE OEM + * update-bootengine: add -k to usage message + * dracut: install kernel network modules + * update-bootengine: add support for bundling kernel modules + * dracut: include ca-certs bundle + * setup-root: fix ordering with /sysroot/usr mount + * dracut: enable DHCPv6 + * dracut: make gpt headers valid before randomizing + * dracut: add forward-to-console option to journald + * dracut: run tmpfilesd with etc-shadow config + * dracut: explicitly order disk-uuid before systemd-fsck-root + * dracut: read guid to randomize in disk-uuid from kernel paramater + * dracut: require disk-uuid.service on coreos.randomize_disk_guid=1 + * dracut: use ignition-generator to require disk-uuid.service + * dracut: parse coreos.oem.id for ignition + * setup-root: fix ordering between selinux-base.conf and libsemanage.conf + * dracut: add mkfs.xfs to ignition + * initrd-setup-root: check selinux tmpfiles configs before using them + * update-bootengine: use the native ldconfig + * dracut: apply etc.conf in initrd-setup-root + * dracut: remove link-local addr from network config + * dracut: remove junk from zz-default.network + * dracut: remove Ignition udev trigger + * dracut: use inst_simple instead of inst + * dracut: swap ignition.force for coreos.first_boot + * dracut: add mkfs dependencies for Ignition + * dracut: use idiomatic method for installing rules + * bootengine: apply baselayout-home.conf in initrd-setup-root + * bootengine: fully populate the initrd shadow db from baselayout + * bootengine: initialize /sysroot/etc shadowdb files from baselayout + * bootengine: convert initrd-setup-root to a standalone shell script + * bootengine: convert setup-root to a standalone systemd service + * bootengine: rename 80setup-root to 99setup-root + * Set up selinux tmpfiles before performing root pivot + * dracut: set DefaultDependencies=no for initrd-systemd-resolved + * dracut: add ignition systemd generator + * dracut: add useradd, usermod, groupadd to ignition module. + * dracut: udevadm settle after writing the disk GUID + * dracut: take down all interfaces before switchroot + * dracut: discard 99-default.link from 02systemd-networkd module + * dracut: add ordering on disk-uuid.service + * dracut: add Ignition + * dracut: add systemd-networkd to the initramfs. + * dracut: remove disk-uuid's dependence on Ignition + * dracut: fix typo in disk-uuid.service + * disk-uuid: add service for generating GPT UUID + * verity-generator: disable default dependencies + * verity-generator: add service generator for veritysetup + * diskless-generator: make a real mount unit when using btrfs as rootfstype + * dracut: don't explicitly remount /sysroot rw + * setup-root: remove call to ldconfig + * gptprio: remove kexec based implementation + * diskless-generator: check value of mount.usr= and usr= + * systemd: don't initialize machine-id, do initialize ld.so.conf + * Explicitly supply the ACPI RSDP address to kexec on efi systems + * update-bootengine: always run ldconfig in chroots before dracut + * gptprio: retry mount if it fails the first time + * systemd: add module to disable network device renaming + * fix(update-bootengine): Exclude unnecessary dracut modules. + * add(diskless-btrfs): Experiment for diskless btrfs instead of tmpfs + * add(remount-sysroot.service): If needed remount root as rw + * fix(99dracut-root): Replace 99fstab with an even more stupid hack. + * add(10diskless-generator): Add generator for squashfs and tmpfs mounts. + * fix(10usr-generator): Typo fixes + * add(10usr-generator): Move usr=/dev/foo handling to a systemd generator + * fix(80setup-root): Add missing -E flag to grep. + * remove(80squashfs): Replaced by using fstab instead. + * add(99fstab): New module to satisfy dracut without root= + * fix(80setup-root): Handle initrd OEMs + * fix(80setup-root): Silence "machine-id: No such file" error message + * cleanup(80setup-root): Remove ${BOOTENGINE_ROOT_DIR} var + * remove(80usrgptprio): Replaced by new gptprio and setup-root modules + * add(80setup-root): Move fs setup logic to new module + * fix(80gptprio): Gut most of gptprio, make it work for root and usr + * feat(80usrgptprio) add ability for unique /etc/machine-id files + * remove(80resize): Drop resize module + * fix(80resize): Don't resize until after kexec + * fix(80usrgptprio): Add special x-initrd.mount option to /sysroot/usr + * add(resize): New dracut module to resize ROOT before mounting. + * fix(update-bootengine): Include fsck in bootengine. + * fix(80squashfs): Split hook into separate parse and mount hooks. + * fix(80usrgptprio): Add basic support for plain block devices + * fix(80usrgptprio): Update usr= option, not root= + * fix(80usrgptprio): Support kernels in both /usr/boot and /boot + * fix(80usrgptprio): Fix normal test case. Enable 80usrgptprio testing. + * fix(80usrgptprio): Fix mount-fail test case. + * fix(80usrgptprio): Fix kexec-fail test case. + * fix(80usrgptprio): Fix fail-kernel test case. + * fix(80usrgptprio): Fix backup/setup of symlinks root filesystem. + * fix(80usrgptprio): Fix fail-everything test case. + * fix(80usrgptprio): Do not run without usr=gptprio + * fix(80usrgptprio): Convert test case to same spacing as module code. + * feat(80usrgptprio): initial commit + * fix(gptprio): Fix fallback path when using systemd. + * fix(parse-gptprio.sh): Fix up log message. + * add(journald): New module for journald configuration + * fix(gptprio): Add best-effort support for unloading modules before kexec + * fix(gptprio): Switch to falling back on kernel/kexec failures. + * fix(tests): Rework the test suite, make false positives harder. + * cleanup(gptprio): Move our verbose command logging into a common function + * fix(gptprio): Drop case translation, cgpt next now uses lower case + * fix(update-bootengine): Silence setlocale errors + * fix(update-bootengine): Fix terrible typo that broke namespace creation. + * feat(dracut/80squashfs): make oem of unlimited size + * feat(parse-squashfs): add in support for custom OEMs + * feat(squashfs): initial commit of squashfs root support + * fix(update-bootengine): Compare namespaces via mountinfo. + * License project under BSD-2 license + * fix(module-setup): Use dracut_install which aborts on errors. + * Add(update-bootengine): Move code for running dracut out of ebuild. + * fix(dracut): use lower on PARTUUID + * fix(dracut): umount the root fs + * feat(tests): refactor and add tests + * feat(dracut): add debuggging output + * feat(pre-mount-gptprio): die if the kexec returns + * fix(dracut) mount boot filesystem as ro so it's not dirty when it boots + * feat(dracut) add proper support for cgpt + * feat(dracut): get everything working + * Initial commit +- Dropped 0003-Disable-resetting-UUID.patch (upstream moved the + functionality into the CoreOS configuration. +- Added ignition-enable-network.sh / + ignition-enable-network.service: + Implemented ignition-fetch-offline feature to only start + networking if required + +------------------------------------------------------------------- +Mon Jul 20 06:53:08 UTC 2020 - iforster@suse.de + +- Update to version 2.4.1: + * news: add notes for 2.4.1 + * ci: also run testiso + * engine: fix provider config precedence + * news: fix typo + * files: don't relabel homedir symlinks themselves + * stages/files: set LUKS keyfile directory to 0700 + * util/user_group_lookup: handle more error codes +- Update to version 2.4.0: + * news: add notes for 2.4.0 + * doc: add Azure Stack to platform list + * doc: drop production-users + * doc: update link for systemd drop-ins + * doc: update supported platform links + * fetch-offline: signal networking for Tang-pinned LUKS devices + * doc: add LUKS fields to configuration document + * internal: add LUKS support + * config: add LUKS to schema + * units: empty dropins should be written to disk + * internal/resource/http: clear CA compression on rewrite + * internal/exec/engine: write empty cache config when not provided + * AzureStack: add new target platform + * CONTRIBUTING: drop mailing list and IRC references + * MAINTAINERS: drop file + * Azure: allow for either udf or iso9660 config volume + * files: don't run `setfiles` with `-i` + * files: relabel the systemd preset directory + * exec/util: factor function for resolving symlinks + * passwd: don't auto-prefix user homedir + * internal/util/url: don't require networking for empty schemes + * docs: Add gs scheme + * config/types: Add validation for gcs urls + * internal/resource: Support gcs urls in Ignition config + * vendor: Add GCS module and its dependencies + * ci: change --blacklist-test to --denylist-test + * ci: also run gofmt and unit tests + * fetch-offline: new stage for conditional networking + * ci: move comment about kernel closer to `curl` + * tests: add test for creating a deeper hard link to the file + * stages/files: fix hard links to files that are deeper than the hard link + * doc/configuration-*: clarify references to `source` + * stages/disks: run wipefs before creating filesystem + * stages/disks: warn if libblkid finds multiple filesystem signatures + * exec/util: merge filesystem lookup functions + * tests: add positive test for reusing ambivalent filesystem + * tests: specify type when mounting filesystem + * tests: add canned ZFS image + * tests: only mount partitions if we need to + * ci: test with latest ignition-dracut + * providers/aws: change metadata version from 2009-04-04 to 2019-10-01 + * Add CA bundle reference in the docs + * Moving tls public/private keys into a separate package + * Update AWS for IMDSv2 + * Add cabundle tests + * config/*: drop warning on unset file/dir mode + * Add support for CA bundles for fetching the ignition config Fixes https://github.com/coreos/ignition/issues/931 + * ci: Freeze kernel at 5.6.7 due to loop regression breaking blackbox test + +------------------------------------------------------------------- +Mon May 11 07:09:28 UTC 2020 - kukuk@suse.de + +- Update to version 2.3.0: + * news: add notes for 2.3.0 + * config/v3_2_experimental: update all copyright dates + * doc/configuration-*: update for new spec + * tests: stabilize spec 3.1.0 + * *: update for new experimental spec + * config/v3_2_experimental: set up package + * config/v3_2_experimental: copy from config/v3_1 + * config/v3_1_experimental: mark stable + * doc/development: update spec stabilization instructions + * config: rename function for clarity + * tests: bump invalid 2.x experimental version to match spec2x branch + * config/v3_1_experimental: add some missing version tests + * config/v3_1/translate: fix package name + * doc/migrating-configs: update for 3.1.0 + * resource/url: allow compression in data URLs + * doc/migrating-configs: mention spec 2.4.0 + * validate: accept any supported config version + * exec: drop validate.go + * doc/migrating-configs: put newest version first + * Add SHA-256 reference in the docs + * Add SHA-256 support for file verification + * ci: run blackbox tests in CoreOS CI + * Send ssh_authorized keys info into the journald log + * Update go-systemd with the systemd module + * Send a message to the systemd journal if a user config is provided + * tests: add positive tests for resource compression + * spec: unify resource fetching type + * doc: clarify wording of files.*.verification.hash + * vendor: refresh after gomod changes + * gomod: update to go-systemd v22 + * stages: fix package names + * providers/packet: override Accept header fetching instance metadata + * resource/url: allow caller-specified headers to override defaults + * Allow to specify HTTP headers for fetching configs and files + +------------------------------------------------------------------- +Wed Mar 25 10:11:53 UTC 2020 - kukuk@suse.de + +- Update to version 2.2.1: + * news: add notes for 2.2.1 + * providers/qemu: fix default to fwcfg + * doc/development: remember to bump Accept header during spec bumps +- Remove 0001-Support-more-architectures.patch: + Patch added upstream + +------------------------------------------------------------------- +Tue Mar 24 12:58:48 UTC 2020 - Ignaz Forster + +- Add 0001-Support-more-architectures.patch: + Allow builing on i586 (and other architectures) again + +------------------------------------------------------------------- +Tue Mar 24 07:45:25 UTC 2020 - kukuk@suse.de + +- Update to version 2.2.0: + * news: add notes for 2.2.0 + * Fix ignition config for the instantiated unit test + * Fix enabling systemd instantiated services + * providers/qemu: support Ignition block device on s390x and ppc64le + * blkid: Explicitly use C int variable for numParts + * tests: don't panic after failing to run Ignition + * platform: sort providers + * ci: migrate to new coreos-ci project + * OWNERS: add OWNERS file + * Add Exoscale provider + * docs: minor fixes to platforms page + * ci: hook up to CoreOS CI + * providers/vultr: Add Vultr provider + * Throw error if SSH keys could not be written + * stages/files: don't relabel /home and /root symlinks +- Drop 0001-Throw-error-if-SSH-keys-could-not-be-written.patch +- Added explicit Recommends for helper applications + [boo#1167289] + +------------------------------------------------------------------- +Tue Jan 21 16:25:25 UTC 2020 - Ignaz Forster + +- Do not use SSH keys fragments, those are not supported by + openSUSE. [boo#1161265] + +------------------------------------------------------------------- +Tue Jan 14 17:05:19 UTC 2020 - Ignaz Forster + +- Add 0002-allow-multiple-mounts-of-same-device.patch: + Allow mounting a device multiple times, e.g. to mount several + subvolumes from a Btrfs device or bind mounting the device to + multiple places, by also adding the path to the key. + [Workaround for gh#coreos/ignition#890] + +------------------------------------------------------------------- +Wed Jan 8 17:47:30 UTC 2020 - Ignaz Forster + +- Add 0001-Throw-error-if-SSH-keys-could-not-be-written.patch: + Don't silently ignore if the SSH key could not be written + [boo#1159232] + +------------------------------------------------------------------- +Mon Dec 23 09:16:22 UTC 2019 - iforster@suse.de + +- Update to version 2.1.1: + * stages/files: don't relabel /home and /root symlinks + * tests/filesystems: fix error handling + * blackbox tests: don't swallow errors + * log: use os.ProcessState.ExitCode instead of unix + * travis: bump min go to 1.12 + * news: add notes for 2.1.1 + * readme: fix links, add validation container docs + * Dockerfile: add dockerfile for ignition-validate + * news: add news for v2.1.0 + * README.md: add details about dracut and branches here + * doc/operator-notes: simplify SELinux section + * mount: also relabel mount points + * util: factor out FindFirstMissingDirForFile function + * files: perform relabeling from initrd + * doc/examples: Make example file path valid + * Rework fetch/resource to automatically append required headers + +------------------------------------------------------------------- +Wed Nov 20 10:29:29 UTC 2019 - iforster@suse.de + +- Update to version 2.0.1+git20191112.a924dd7: + * tests: remove unused partitions, dead code + * internal,tests: abolish syscall package + * vendor: include golang.org/x/sys/unix + * providers: add ibmcloud +- turn off SELinux by default + +------------------------------------------------------------------- +Thu Nov 07 17:45:13 UTC 2019 - kukuk@suse.de + +- Update to version 2.0.1+git20191106.809f44a: + * Add test cases for file system mount options + * Add translator for Filesystem struct + * Document file system mount options + * Implement file system mount options + * providers: add initial zVM hypervisor support + * travis: test on arm, use new ubuntu, cleanup + * config/v3_1_exp/types: validate http(s) proxies + * tests: remove unused stub for id + * distro: turn on SELinux by default + * Add filesystem mount options to schema + * files/passwd: don't shell out to id + * files/passwd: clean up repetitive code + * providers/aliyun: Add aliyun + * release-checklist: mention mantle cl branch for 0.x.y releases + * config/v3*: don't warn on unset mode if appending + +------------------------------------------------------------------- +Fri Sep 27 11:17:00 UTC 2019 - kukuk@suse.de + +- Update to version 2.0.1+git20190925.641ec6a: + * selinux: use /run/systemd/relabel-extra.d for etc + * resource/url: Don't use a tmpfile in FetchToBuffer + * resource/url: use only needed ifaces in fetchFrom* + * resource/url: make FetchFrom* private + * Add a `fetch` stage + * build: Add `make install` + * tests: fix bb tests for size/start 0 + * Continue on empty GPT partition label + * files/selinux: deglob user/group related paths + * stages/files: relabel masking symlinks for systemd + * engine: Write `/run/ignition.json` atomically + * vendor: Add github.com/google/renameio + * stages/filesystems: drop stray debug print + * doc/supported-platforms: mention qemu version requirements + * Source build file correctly + * resource/url: update schema version in Accept header + * fix check path mount +- Drop 0001-Continue-on-empty-GPT-partition-label.patch: Added + upstream + +------------------------------------------------------------------- +Mon Sep 02 16:34:22 UTC 2019 - iforster@suse.de + +- Update to version 2.0.1+git20190802.d523754: + * main: log stage at startup +- Add 0001-Continue-on-empty-GPT-partition-label.patch + +------------------------------------------------------------------- +Fri Jul 26 08:36:17 UTC 2019 - kukuk@suse.de + +- Update to version 2.0.1+git20190725.10b85d1: + * release-checklist: add step to submit to bodhi + * news: add news for v2.0.1 + * config/v*: run Node.Validate() as well + * doc/getting-started: rm online validator section + * providers/aws: get region after getting config. + * providers: allow FetchConfig to mutate the fetcher + * release-checklist: fix for new website and jenkins + +------------------------------------------------------------------- +Thu Jun 6 15:32:37 CEST 2019 - kukuk@suse.de + +- Update to version 2.0.0+git20190603.0c1da80: + * news: update for v2.0.0 + * build*: use --always with git describe + * vendor: switch to coreos/vcontext + * config/validate: add tests for duplicate checking + * build: export GOFLAGS so they get used + * config/validate: add test for validation + * config/validate: check for unused keys + * internal/util/docs: update to use new validation + * internal: update to use new validation code + * config/validate: replace old validation with vcontext + * config/v3*: update to use new validation functions + * vendor: add vcontext + * internal: create dev aliases in /run/ignition/ instead of / + * Update hostname example + * tests/*: rename bb tests + * release-checklist: split out 0.x and 2.x+ bits + +------------------------------------------------------------------- +Thu May 02 09:14:07 UTC 2019 - kukuk@suse.de + +- Update to version 2.0.0~beta+git20190429.1eeb201: + * build_releases: update for using go mod + * news: add news for v2.0.0-beta + * doc: mv spec 3.1.0 -> 3.1.0-experimental + * contributing.md: add pointer to development guide + * doc/operator-notes: add section on config merging + * test: turn on docs checking + * doc/migrating-configs.md: update for spec 3.0.0 + * doc/development.md: update doc for spec 3.0.0 + * doc/getting-started.md: update for spec 3.0.0 + * doc/examples.md: update for spec 3.0.0 + +------------------------------------------------------------------- +Thu Apr 25 07:40:40 UTC 2019 - kukuk@suse.de + +- Update to version 0.30.0+git20190424.9212ea6: + * doc: add docs for existing link behavior + * tests: add test for matching links + * tests: fix test runner to link in the correct root + * stages/files: do not fail if links are correct + * tests/positive: test hardlinking to symlinks + * tests/validator: use os.Lstat() not os.Stat() + * config/*/types/storage: fail on hardlinked dirs + +------------------------------------------------------------------- +Tue Apr 23 07:39:41 UTC 2019 - kukuk@suse.de + +- Update to version 0.30.0+git20190417.ccc74c4: + * doc/config-v3_*: Add notes about uniqueness + +------------------------------------------------------------------- +Mon Apr 15 11:32:53 UTC 2019 - kukuk@suse.de + +- Update to version 0.30.0+git20190411.205ae79: + * providers/vmware: update for new vmware library + * vendor: update to use vmware libraries + * tests: update code for google's uuid package + * vendor: switch to github.com/google/uuid + * vendor: bump go-semver to latest + * vendor: update aws-sdk-go to latest tag + * doc: Document new proxy configuration options + * vendor: Add golang.org/x/net/http/httpproxy dep + * tests: Initial positive/negative tests + * engine: Update http client based on proxy config + * schema: Add proxy config and properties + * *: bump import path + * platform: drop "pxe" + * doc: add documentation for 3.1.0-experimental spec + * tests: turn on 3.1.0-experimental tests + * *: switch to using 3.1.0-experimental everywhere + * tests: don't fail on 3.1.0-experimental + * config: add v3.1.0-experimental spec + * tests/runner: use generic parse + * providers/util: use generic parse + * internal/engine: use generic parse + * tests: add test for directory correction + * doc/spec-3_0: clarify behavior with overwrite + * stages/file: fail if relabeling and no restorecon + * stages/files: allow directory matching + * config/v3_0/types: add files verification tests + * config/v3_0/types/file: add more validation + * config/helpers: make StrToPtr strict + * doc/spec-3_0: clarify overwrite behavior + * stages/files: refactor overwrite handling + * config/v3_0: disallow overwrite and nil source + * config: validate fs entries dont use symlinks + * platform: drop compat alias for "ec2" platform ID + * config/shared/errors: drop unused errors + * doc/spec-v3_0: remove deprecated size and start + * tests: add test for file conflicts + * stages/files: check that files dont conflict + * config: remove partition start and size + * internal: don't use partitions.{size,start} + * tests: change partitioning bb to use MiB + * build_blackbox_tests: fix for go mod + * stages/files: fix unit relabeling to exclude DestDir + * Fix configspec link to remove `-experimental` + * doc/spec-v3_0: update to not be -experimental + * tag_release: allow -suffixes on tags + * doc/spec-v3_0: remove docs on removed field + * doc: drop -experimental from spec filename + * news: add news for 2.0.0-alpha + * tests/positive/general: use hashes from server + * tests: make servers generate their own hashes + * *: stablize spec 3.0.0 + * stages/files: fix relabel path to be relative to sysroot + * tests: add bb test for invalid merged configs + * exec/engine: validate merged config before use + * tests/blackbox: make runner print config + * config/types: call IgnoreDuplicates correctly + * config: test to ensure config type is valid + * config/types: de-pointer config.ignition.replace + * config/merge: add tests + * config: replace config appending with merging + * config/v3_0_exp: rename config.append to merge + * config: rework schema for better merging + * *: rename ec2 -> aws and gce -> gcp + * stages/files: Also relabel subuid/subgid files + * doc/config-spec: drop passwd.users.create + * config: drop passwd.users.create + * config/validate: allow dups on some fields + * config/validate_test: add tests for detecting dups + * doc/config-v3_0_exp: add doc for new append logic + * config/v3_0_exp: reject duplicate partition labels + * config/v3_0_exp: require partition label or number + * config/validate: validate no duplicates exist + * config/v3_0_exp/types: implement Key() for types + * tests/files: add test appending to existing file + * tests: apply mode/owner in bb test runner input + * config/v3_0_exp/types: rework storage.files.append + * config: refactor + * *: use config/ver instead of internal/config + * config: move json schema to be with its types + * test: don't validate docs + * tests/negative/files: add ForceFileCreationNoOverwrite + * *: default file.overwrite config option to false + * tests/positive/passwd: add test UseAuthorizedKeysFile + * tests/*: expose env vars through Test.Env + * internal/*: drop merging authorized_keys.d into authorized_keys + * vendor: switch to go modules + * MAINTAINERS: update + +------------------------------------------------------------------- +Mon Mar 18 17:36:58 UTC 2019 - Ignaz Forster + +- Copy binary to dracut module directory as required by + https://github.com/coreos/ignition-dracut/commit/b11553f9e2b530fbbb5a2504bc72b364829c879c + +------------------------------------------------------------------- +Mon Mar 04 14:10:54 UTC 2019 - kukuk@suse.de + +- Update to version 0.30.0+git20190301.2ce015b: + * tests: add test ensuring correct ordering of nodes + * tests: move failing tests to negative + * stages/files: sort entries by resolved depth + * Fix function comments based on best practices from Effective Go + * tests: add bb test for mounting with sylminks + * stages/mount: fail if mount paths involve symlinks + * internal/exec/util: make SplitPath public + * config/translate: add unit tests + * config/translate: add reflection based translator + * internal/distro: use relative paths + * exec/util/passwd: rename authorized_keys.d fragment to "ignition" + +------------------------------------------------------------------- +Wed Feb 27 13:52:29 UTC 2019 - kukuk@suse.de + +- Update to version 0.30.0+git20190225.7de027b: + * oem: add metal oem + * internal/exec: use nonzero default file permissions + * *: drop OEM terminology + * tests: drop OEMLookaside type + * *: drop OEM URI support + * tests/validator: show formatted os.FileMode in validateMode error + * doc/configuration-v3_0_exp: update with fs changes + * tests: refactor bb tests, add mount/umount stages + * exec/stages: add mount and umount stages + * tests/*: update bb tests for new fs semantics + * exec/*: rework files and filesystems + * validate/report: add helpers to cut verbosity + * engine: log configs on failure and fetched urls + * engine: clear highlights before logging reports + * internal/exec: log hashes of configs not configs + +------------------------------------------------------------------- +Tue Feb 19 15:12:40 UTC 2019 - kukuk@suse.de + +- Update to version 0.30.0+git20190215.cc767cc: + * vendor: remove unused dependency go4.org + * config: replace go4's errorutil with own impl + +------------------------------------------------------------------- +Fri Feb 15 12:15:58 UTC 2019 - kukuk@suse.de + +- Update to version 0.30.0+git20190206.aad24ad: + * doc/development: add note to run individual blackbox tests + * tests/types: add comments on some members of Test + * internal/*: drop support for default.ign config files + +------------------------------------------------------------------- +Wed Jan 30 14:16:05 UTC 2019 - kukuk@suse.de + +- Update to version 0.30.0+git20190124.fd1e703: + * docs: fix stale link to config 2.x + +------------------------------------------------------------------- +Mon Jan 14 11:39:00 UTC 2019 - kukuk@suse.de + +- Update to version 0.30.0+git20190111.96f8aae: + * Replace cobra with built-in flag + * *: drop networkd section + * travis: bump min go version to 1.10.x + +------------------------------------------------------------------- +Fri Jan 11 13:25:29 UTC 2019 - kukuk@suse.de + +- Update to version 0.30.0+git20190110.5a28cac: + * docs: remove config 2.x, add config 3.0.0 spec doc + * config/*: drop cloudinit support + * config: rip out all v1, v2.x configs + * tests: update all versions to 3.0.0-experimental + * config: replace v2_4 with v3_0_exp + * types/v2_4_exp: rename to 3_0_exp + * tests/timeouts: fix concurrency panic + * internal/oem: drop vagrant-virtualbox + * internal/oem: drop noop OEMs + * Rename `coreos.config.*` options to `ignition.config.*` to make options more distribution neutral + +------------------------------------------------------------------- +Wed Dec 19 14:09:12 UTC 2018 - kukuk@suse.de + +- Update to version 0.30.0+git20181218.641adcb: + * readme: add note about branching + * release-checklist: correctly select GPG subkey ID + * release-checklist: bump Fedora specfile + * release-checklist: fix tag_release script name + * news: add news for 0.30.0 + * doc/development: add "kind/release" label to release issues + * test: skip backward compat tests with -test.short + * tests/partitioning: add minversion to complex mb + * tests: add -list flag to blackbox tests + * stages/filesystems: parallelize creation + * tests: add test for multiple data filesystems + * internal/exec: increase default config fetch timeout + +------------------------------------------------------------------- +Wed Dec 12 15:53:36 UTC 2018 - kukuk@suse.de + +- Update to version 0.29.1+git20181206.b1ab0b2: + * news: add news for 0.29.1 + * tests: add bb test for symlink resolution + * exec/util: use Lstat() for existance checks + * exec/util: don't follow links for last path elem + * internal/resource: use earlyrand + * internal: add earlyrand + * news: add news for 0.29.0 + * doc/migrating-configs: make link to doc relative + * docs: update migrating config guide for 2.3.0 + * docs: add config spec for 2.4.0, update 2.3.0 + * tests: update to include 2.4.0-experimental + * *: switch packages to use new experimental package + * config/v2_4_experimental: add package + * config/v2_3: update version to not be experimental + * config/v2_3: change package statements to v2_3 + * config/2_3: move 2.3.0-exp to 2.3.0 + * schema: use mebibytes not megabytes for partitions + * schema: fix incorrect case + * docs/operator-notes: add notes about symlinks + * tests: add bb tests for symlink resolution + * internal/exec: fix util.JoinPath symlink handling + * vendor: sync after glide updates + * glide: update go-systemd to v18 + * glide: pin transitive deps for aws-sdk-go + * tests/validator: be more verbose about links + * internal/providers/packet: don't send success to packet from Ignition + * resource: add support for ?versionId on s3:// URL download + * config/v2.1+/link: allow relative paths for target + +------------------------------------------------------------------- +Tue Oct 16 14:06:49 UTC 2018 - kukuk@suse.de + +- Update to version 0.28.0+git20181016.7785e61: + * release-checklist: move to .github and drop front matter + * stages/files: relabel files before systemd-sysctl + * blkid: Compile with -Werror=implicit-function-declaration + * config: Clarify semantics around certs + * stages/disks: fix extraneous udevadm settle + * glide: switch to tags where we can + * stages/files: relabel /var/home and /var/roothome + * tests: don't run files stage if disks failed + * glide.*: remove subpackages + * Revert "doc/development: update blackbox test instructions to low parallelism" + * tests: workaround umount issues + * docs/config-v2_3-exp: add sizeMB/startMB fields + * tests: new tests for size-mb and start-mb + * config/types/partition*: deprecate size/start + * internal: updates for size-mb and start-mb + * schema: add size-mb and start-mb to partitions + * internal/*: fix go-vet formatting errors + * build: clean before building + * travis: bump go versions + * doc/development: update blackbox test instructions to low parallelism + * tests: refactor handling of root partition + * tests: cleanup tests to use defer more + * tests: cleanup extraneous testing.T's + * tests: add a cancelation mechanism + * build_blackbox_tests: only compile top level tests + * release-checklist: explicitly merge the docs PR + * config/*/append*: remove unused code + +------------------------------------------------------------------- +Thu Sep 6 17:11:56 CEST 2018 - kukuk@suse.de + +- Initial version (0.28.0) + diff --git a/ignition.spec b/ignition.spec new file mode 100644 index 0000000..306edd6 --- /dev/null +++ b/ignition.spec @@ -0,0 +1,141 @@ +# +# spec file for package ignition +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: ignition +Version: 2.19.0 +Release: 0 +Summary: First boot installer and configuration tool +License: Apache-2.0 +Group: System/Management +URL: https://github.com/coreos/ignition +Source: %{name}-%{version}.tar.xz +Source1: ignition-mount-initrd-fstab.service +Source2: ignition-umount-initrd-fstab.service +Source3: ignition-suse-generator +Source4: module-setup.sh +Source7: README.SUSE +Source8: ignition-setup-user.sh +Source9: ignition-setup-user.service +Source10: ignition-enable-network.service +Source11: ignition-enable-network.sh +Source12: ignition-kargs-helper +Source13: ignition-remove-reconfig_system.service +Source14: ignition-touch-selinux-autorelabel.conf +Source15: ignition-rmcfg-suse.conf +Source20: ignition-userconfig-timeout.conf +Source21: ignition-userconfig-timeout-arm.conf +Patch1: 0001-ignore-missing-qemu-blockdev.patch +Patch2: 0002-allow-multiple-mounts-of-same-device.patch +Patch3: 0003-Move-the-GPT-header-on-resized-disks.patch +Patch4: 0004-Order-ignition-disks.service-before-systemd-fsck-roo.patch +BuildRequires: dracut +BuildRequires: libblkid-devel +BuildRequires: systemd-rpm-macros +BuildRequires: update-bootloader-rpm-macros +BuildRequires: golang(API) >= 1.20 +# combustion provides firstboot.target and ignition-kargs-helper calls combustion +Requires: combustion >= 1.2 +Requires: dracut +Recommends: %{_sbindir}/groupadd +Recommends: %{_sbindir}/sgdisk +Recommends: %{_sbindir}/useradd +Recommends: %{_sbindir}/usermod +Recommends: /sbin/mkfs.btrfs +Recommends: /sbin/mkfs.ext4 +Recommends: /sbin/mkfs.vfat +Recommends: /sbin/mkfs.xfs +Recommends: /sbin/mkswap +Recommends: /sbin/udevadm +Suggests: /sbin/mdadm +Provides: ignition-dracut = 0.0+git20200722.98ed51d +Obsoletes: ignition-dracut < 0.0+git20200722.98ed51d +# Not provided because the mechanism is different +Obsoletes: ignition-dracut-grub2 < %{version}-%{release} +%{update_bootloader_requires} + +%description +Ignition is an utility to manipulate disks and configuration files +during the initramfs. This includes partitioning disks, formatting +partitions, writing files (regular files, systemd units, etc.), and +creating users. +On first boot, Ignition reads its configuration from a source of truth +(remote URL, network metadata service, hypervisor bridge, etc.) and +applies the configuration. + +%prep +%autosetup -p1 + +mkdir -p dracut/30ignition-microos grub systemd_suse/ignition-delete-config.service.d +chmod +x %{SOURCE3} %{SOURCE4} %{SOURCE8} %{SOURCE12} +cp %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE8} %{SOURCE9} %{SOURCE10} %{SOURCE11} %{SOURCE13} %{SOURCE14} dracut/30ignition-microos/ +%ifarch aarch64 %{arm} +cp %{SOURCE21} dracut/30ignition-microos/ignition-userconfig-timeout.conf +%else +cp %{SOURCE20} dracut/30ignition-microos/ignition-userconfig-timeout.conf +%endif +cp %{SOURCE15} systemd_suse/ignition-delete-config.service.d/ +cp %{SOURCE7} . +cp %{SOURCE12} dracut/30ignition/ignition-kargs-helper.sh + +%build +sed -i -e 's|go build -ldflags|go build -buildmode=pie -ldflags|g' build +VERSION=%{version} GLDFLAGS='-X github.com/coreos/ignition/v2/internal/distro.selinuxRelabel=false -X github.com/coreos/ignition/v2/internal/distro.writeAuthorizedKeysFragment=false ' ./build + +%check +VERSION=%{version} ./build_blackbox_tests + +%install +make -o all install DESTDIR=%{buildroot} + +install -d %{buildroot}%{_sysconfdir}/grub.d +install -d %{buildroot}%{_unitdir}/ignition-delete-config.service.d +install -p -m 0644 systemd_suse/ignition-delete-config.service.d/* %{buildroot}%{_prefix}/lib/systemd/system/ignition-delete-config.service.d +install -d %{buildroot}%{_sbindir}/ +mv %{buildroot}/usr/libexec/* %{buildroot}/%{_sbindir}/ +rmdir %{buildroot}/usr/libexec + +%pre +%service_add_pre ignition-delete-config.service + +%post +%{?regenerate_initrd_post} +%service_add_post ignition-delete-config.service + +%preun +%service_del_preun ignition-delete-config.service + +%postun +%service_del_postun_without_restart ignition-delete-config.service + +%posttrans +%{?regenerate_initrd_posttrans} + +%files +%license LICENSE +%doc README.md README.SUSE docs/*.md +# Paths are hardcoded in the Makefile +/usr/lib/dracut/modules.d/30ignition +/usr/lib/dracut/modules.d/30ignition-microos +/usr/bin/ignition-validate +/usr/lib/systemd/system/ignition-delete-config.service +%{_sbindir}/ignition-apply +%{_sbindir}/ignition-rmcfg +%dir %{_unitdir}/ignition-delete-config.service.d +%{_unitdir}/ignition-delete-config.service.d/ignition-rmcfg-suse.conf + +%changelog diff --git a/module-setup.sh b/module-setup.sh new file mode 100644 index 0000000..7d6402c --- /dev/null +++ b/module-setup.sh @@ -0,0 +1,52 @@ +#!/bin/bash +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- +# ex: ts=8 sw=4 sts=4 et filetype=sh + +check() { + # Omit if building for this already configured system + if [[ $hostonly ]] && [ -e "${dracutsysrootdir}/etc/machine-id" ]; then + return 255 + fi + return 0 +} + +depends() { + echo combustion crypt dm firstboot ignition +} + +install_ignition_unit() { + local unit="$1"; shift + local target="${1:-ignition-complete.target}"; shift + local instantiated="${1:-$unit}"; shift + inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" + # note we `|| exit 1` here so we error out if e.g. the units are missing + # see https://github.com/coreos/fedora-coreos-config/issues/799 + systemctl -q --root="$initdir" add-requires "$target" "$instantiated" || exit 1 +} + +install() { + inst_simple "$moddir/ignition-enable-network.service" \ + "$systemdsystemunitdir/ignition-enable-network.service" + inst_simple "$moddir/ignition-mount-initrd-fstab.service" \ + "$systemdsystemunitdir/ignition-mount-initrd-fstab.service" + inst_simple "$moddir/ignition-umount-initrd-fstab.service" \ + "$systemdsystemunitdir/ignition-umount-initrd-fstab.service" + inst_simple "$moddir/ignition-userconfig-timeout.conf" \ + "$systemdsystemunitdir/dev-disk-by\x2dlabel-ignition.device.d/ignition-userconfig-timeout.conf" + inst_simple "$moddir/ignition-touch-selinux-autorelabel.conf" \ + "$systemdsystemunitdir/ignition-files.service.d/ignition-touch-selinux-autorelabel.conf" + inst_simple "$moddir/ignition-suse-generator" \ + "/etc/systemd/system-generators/ignition-generator" + inst_script "$moddir/ignition-enable-network.sh" \ + "/usr/sbin/ignition-enable-network" + inst_script "$moddir/ignition-setup-user.sh" \ + "/usr/sbin/ignition-setup-user" + inst_multiple awk systemd-detect-virt cryptsetup + install_ignition_unit ignition-remove-reconfig_system.service initrd.target + install_ignition_unit ignition-setup-user.service +} + +installkernel() { + # Make sure we can read configuration from ISO image and vfat formated USB drives + hostonly='' instmods iso9660 vfat =fs/nls +} From e5bafd3cb33442b56039e533d35d26a6d85c946e17073fe3d76ad3fe91cc3507 Mon Sep 17 00:00:00 2001 From: Ignaz Forster Date: Mon, 29 Jul 2024 12:00:48 +0000 Subject: [PATCH 2/3] Fix order - *first* remount, *then* create directory. It seems upstream got that wrong... OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=126 --- ignition-setup-user.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ignition-setup-user.sh b/ignition-setup-user.sh index 5d29700..db25c0c 100644 --- a/ignition-setup-user.sh +++ b/ignition-setup-user.sh @@ -11,9 +11,6 @@ copy_file_if_exists() { fi } -destination=/usr/lib/ignition -mkdir -p $destination - # systemd v256 now runs the initrd with ProtectSystem=yes, which makes /usr # read-only. Just remount it rw until we have: # https://github.com/coreos/ignition/issues/1891 @@ -21,6 +18,9 @@ if [ ! -w /usr ]; then mount -o rw,remount /usr fi +destination=/usr/lib/ignition +mkdir -p $destination + if command -v is-live-image >/dev/null && is-live-image; then # Live image. If the user has supplied a config.ign via an appended # initrd, put it in the right place. From d15c1e0f61810e7e0019bdfe0401203754cfb8277ed8e2eb8d7b6f3202178fa2 Mon Sep 17 00:00:00 2001 From: Ignaz Forster Date: Mon, 29 Jul 2024 12:02:33 +0000 Subject: [PATCH 3/3] OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=127 --- ignition.changes | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ignition.changes b/ignition.changes index 9e23e5f..60b8646 100644 --- a/ignition.changes +++ b/ignition.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Jul 29 12:01:10 UTC 2024 - Ignaz Forster + +- Fix order of previous change - *first* remount rw, *then* create + directory. + ------------------------------------------------------------------- Thu Jul 25 13:11:44 UTC 2024 - Ignaz Forster