Add pre-commit to update release manifest

Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
(cherry picked from commit c3f1be5640)
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>

.gitea/workflows/trigger_devel.yaml

@@ -1,31 +0,0 @@
-name: Trigger Devel Packages
-on:
-  # NOTE (fdegir): Cron is set to run midday every weekday
-  schedule:
-    - cron: "0 12 * * 1-5
-
-jobs:
-  sync-pr-project:
-    name: "Trigger source services for devel packages that changed"
-    runs-on: tumbleweed
-    steps:
-      - name: Setup OSC
-        run: |
-          mkdir -p ~/.config/osc
-          cat >~/.config/osc/oscrc <<'EOF'
-          [general]
-          apiurl = https://api.opensuse.org
-
-          [https://api.opensuse.org]
-          user=${{ vars.OBS_USERNAME }}
-          pass=${{ secrets.OBS_PASSWORD }}
-          EOF
-    # Waiting on PR to get merged for support in upstream action/checkout action
-      - uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
-        name: Checkout repository
-        with:
-          object-format: 'sha256'
-          ref: 'devel'
-      - name: "Trigger packages"
-        run: |
-          python3 .obs/trigger_package.py

.obs/common.py

@@ -1,3 +1,3 @@
-PROJECT = "isv:SUSE:Edge:3.3"
+PROJECT = "isv:SUSE:Edge:3.2"
 REPOSITORY = "https://src.opensuse.org/suse-edge/Factory"
-BRANCH = "3.3"
+BRANCH = "3.2"

.obs/manifest-check.py

@@ -8,7 +8,7 @@ import sys
 yaml = ruamel.yaml.YAML()
 
 def get_chart_version(chart_name: str) -> str:
-    with open(f"./{chart_name}-chart/Chart.yaml") as f:
+    with open(f"./{chart_name}/Chart.yaml") as f:
         chart = yaml.load(f)
         return chart["version"]
 
@@ -17,7 +17,7 @@ def get_charts(chart):
         # Not a locally managed chart
         return {}
 
-    chart_name = chart["chart"][len("%%CHART_REPO%%/%%CHART_PREFIX%%"):]
+    chart_name = chart["chart"][len("%%CHART_REPO%%/%%IMG_PREFIX%%"):]
     charts = { chart_name: chart["version"] }
     for child_chart in chart.get("dependencyCharts", []) + chart.get("addonCharts", []):
         charts.update(get_charts(child_chart))
@@ -39,7 +39,7 @@ def check_charts(fix: bool) -> bool:
         expected_version = get_chart_version(chart)
         if expected_version != charts[chart]:
             success = False
-            to_fix[f'%%CHART_REPO%%/%%CHART_PREFIX%%{chart}'] = expected_version
+            to_fix[f'%%CHART_REPO%%/%%IMG_PREFIX%%{chart}'] = expected_version
             print(f"{chart}: Expected: {expected_version}, Got: {charts[chart]}")
     if fix and not success:
         fix_charts(to_fix)

.obs/render_meta.py

@@ -8,7 +8,6 @@ def render(base_project, subproject, internal, scm_url=None):
     context = {
         "base_project": subproject == "",
         "title": f"SUSE Edge {version} {subproject}".rstrip(),
-        "ironic_base": "ISV:SUSE:Edge:Ironic" if internal else "Cloud:OpenStack",
     }
     if subproject == "ToTest":
         context["project"] = f"{base_project}:ToTest"

_config

@@ -23,7 +23,6 @@ Macros:
 Macros:
 %img_repo registry.suse.com/edge
 %chart_repo oci://registry.suse.com/edge
-%chart_prefix charts/
 %manifest_repo registry.suse.com/edge
 %support_level l3
 :Macros
@@ -41,7 +40,6 @@ Macros:
 %img_repo %(echo %{registry_url}:%{_project}:images | tr ":" "/" | tr '[:upper:]' '[:lower:]')
 %manifest_repo %(echo %{registry_url}:%{_project}:test_manifest_images | tr ":" "/" | tr '[:upper:]' '[:lower:]')
 %chart_repo oci://%(echo %{registry_url}:%{_project}:charts | tr ":" "/" | tr '[:upper:]' '[:lower:]')
-%chart_prefix %(echo "")
 :Macros
 %endif
 
@@ -60,7 +58,6 @@ BuildFlags: onlybuild:release-manifest-image
     BuildFlags: excludebuild:endpoint-copier-operator-image
     BuildFlags: excludebuild:ironic-image
     BuildFlags: excludebuild:ironic-ipa-downloader-image
-    BuildFlags: excludebuild:kubectl-image
     BuildFlags: excludebuild:kube-rbac-proxy-image
     BuildFlags: excludebuild:metallb-controller-image
     BuildFlags: excludebuild:metallb-speaker-image
@@ -72,9 +69,8 @@ BuildFlags: onlybuild:release-manifest-image
     BuildFlags: onlybuild:baremetal-operator
     BuildFlags: onlybuild:baremetal-operator-image
     BuildFlags: onlybuild:ca-certificates-suse
-    BuildFlags: onlybuild:container-build-checks
+    BuildFlags: onlybuild:cosign
     BuildFlags: onlybuild:crudini
-    BuildFlags: onlybuild:edge-build-checks
     BuildFlags: onlybuild:edge-image-builder
     BuildFlags: onlybuild:edge-image-builder-image
     BuildFlags: onlybuild:endpoint-copier-operator
@@ -85,15 +81,12 @@ BuildFlags: onlybuild:release-manifest-image
     BuildFlags: onlybuild:ironic-image
     BuildFlags: onlybuild:ironic-ipa-downloader-image
     BuildFlags: onlybuild:ironic-ipa-ramdisk
-    BuildFlags: onlybuild:kubectl
-    BuildFlags: onlybuild:kubectl-image
     BuildFlags: onlybuild:kube-rbac-proxy
     BuildFlags: onlybuild:kube-rbac-proxy-image
     BuildFlags: onlybuild:metallb
     BuildFlags: onlybuild:metallb-controller-image
     BuildFlags: onlybuild:metallb-speaker-image
     BuildFlags: onlybuild:nm-configurator
-    BuildFlags: onlybuild:shim-noarch
   %endif
 %endif
 
@@ -108,18 +101,9 @@ BuildFlags: onlybuild:release-manifest-image
 
     # Publish multi-arch container images only once all archs have been built
     PublishFlags: archsync
-    
-    # skopeo and umoci are used by build scripts to list packages
-    Substitute: system-packages:podman podman buildah createrepo_c release-compare skopeo umoci
 %endif
 
-%if "%_repository" == "images"
-    # skopeo and umoci are used by build scripts to list packages
-    Substitute: system-packages:podman podman buildah createrepo_c release-compare edge-build-checks skopeo umoci
-
-%endif
-
-%if "%_repository" == "images_16.0"
+%if "%_repository" == "images_6.0"
     Prefer: container:sles15-image
     Type: docker
     BuildEngine: podman
@@ -127,8 +111,6 @@ BuildFlags: onlybuild:release-manifest-image
     Patterntype: none
     BuildFlags: dockerarg:SLE_VERSION=16.0
     BuildFlags: onlybuild:kiwi-builder-image
-    
-    Substitute: system-packages:podman podman buildah createrepo_c release-compare skopeo umoci
 
     # Publish multi-arch container images only once all archs have been built
     PublishFlags: archsync
@@ -140,16 +122,13 @@ BuildFlags: onlybuild:release-manifest-image
       BuildFlags: excludebuild:endpoint-copier-operator-image
       BuildFlags: excludebuild:ironic-image
       BuildFlags: excludebuild:ironic-ipa-downloader-image
-      BuildFlags: excludebuild:kubectl-image
       BuildFlags: excludebuild:kube-rbac-proxy-image
       BuildFlags: excludebuild:metallb-controller-image
       BuildFlags: excludebuild:metallb-speaker-image
     %endif
 
 %else
-    %if "%{sub %{reverse %_project} 1 7}" != "%{reverse :ToTest}" && "%{sub %{reverse %_project} 1 9}" != "%{reverse :Snapshot}"
-      BuildFlags: excludebuild:kiwi-builder-image
-    %endif
+    BuildFlags: excludebuild:kiwi-builder-image
 %endif
 
 
@@ -159,17 +138,11 @@ BuildFlags: onlybuild:release-manifest-image
     Repotype: helm
     Patterntype: none
     Required: perl-YAML-LibYAML
-
-    # include edge-build-checks here
-    Support: edge-build-checks
 %endif
 
 %if "%_repository" == "standard"
     # for build openstack-ironic-image
     BuildFlags: allowrootforbuild
-
-    # ironic-ipa-ramdisk are noarch packages that need to be availble to both archs
-    ExportFilter: ^ironic-ipa-ramdisk-.*\.noarch\.rpm$ aarch64 x86_64
 %endif
 
 # Enable reproducible builds

_meta

@@ -23,9 +23,6 @@
     <disable/>
     <enable repository="charts"/>
     <enable repository="test_manifest_images"/>
-    {%- if for_release %}
-    <enable repository="releasecharts"/>
-    {%- endif %}
   </build>
   <publish>
     <disable repository="phantomcharts"/>
@@ -34,16 +31,15 @@
     <arch>x86_64</arch>
   </repository>
 {%- endif %}
-{%- for repository in ["images", "images_16.0", "test_manifest_images"] %}
+{%- for repository in ["images", "images_6.0", "test_manifest_images"] %}
   <repository name="{{ repository }}">
     {%- if release_project is defined and repository != "test_manifest_images" %}
     <releasetarget project="{{ release_project }}" repository="images" trigger="manual"/>
     {%- endif %}
     <path project="SUSE:Registry" repository="standard"/>
-    {%- if repository == "images_16.0" %}
+    {%- if repository == "images_6.0" %}
       <path project="SUSE:CA" repository="16.0"/>
-      <path project="SUSE:SLFO:Products:SLES:16.0" repository="standard"/>
-      <path project="SUSE:SLFO:Main:Build" repository="standard"/>
+      <path project="SUSE:ALP:Products:Marble:6.0" repository="standard"/>
     {%- else %}
       <path project="SUSE:CA" repository="SLE_15_SP6"/>
       <path project="{{ project }}" repository="standard"/>
@@ -56,7 +52,7 @@
     {%- if release_project is defined and not for_release %}
     <releasetarget project="{{ release_project }}" repository="standard" trigger="manual"/>
     {%- endif %}
-    <path project="{{ ironic_base }}:2024.2" repository="15.6"/>
+    <path project="Cloud:OpenStack:2024.2" repository="15.6"/>
     <path project="SUSE:SLE-15-SP6:Update" repository="standard"/>
     <arch>x86_64</arch>
     <arch>aarch64</arch>

akri-chart/Chart.yaml

@@ -1,5 +1,5 @@
-#!BuildTag: %%CHART_PREFIX%%akri:%%CHART_MAJOR%%.0.0_up0.12.20
-#!BuildTag: %%CHART_PREFIX%%akri:%%CHART_MAJOR%%.0.0_up0.12.20-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%akri-chart:%%CHART_MAJOR%%.0.0_up0.12.20
+#!BuildTag: %%IMG_PREFIX%%akri-chart:%%CHART_MAJOR%%.0.0_up0.12.20-%RELEASE%
 annotations:
   catalog.cattle.io/display-name: Akri
 apiVersion: v2

akri-chart/_service

@@ -9,8 +9,8 @@
   </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Chart.yaml</param>
-    <param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
-    <param name="var">CHART_PREFIX</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
     <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
     <param name="var">CHART_MAJOR</param>
   </service>

akri-chart/values.yaml

@@ -853,7 +853,7 @@ webhookConfiguration:
     pullPolicy: Always
   certImage:
     # reference is the webhook-certgen image reference
-    reference: registry.rancher.com/rancher/mirrored-ingress-nginx-kube-webhook-certgen
+    reference: registry.k8s.io/ingress-nginx/kube-webhook-certgen
     # tag is the webhook-certgen image tag
     tag: v1.1.1
     # pullPolicy is the webhook-certgen pull policy

akri-dashboard-extension-chart/Chart.yaml

@@ -1,22 +1,21 @@
-#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.2
-#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.1
-#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.1-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0
+#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1
+#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1-%RELEASE%
 annotations:
   catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Akri
+  catalog.cattle.io/kube-version: ">= v1.26.0-0"
   catalog.cattle.io/namespace: cattle-ui-plugin-system
   catalog.cattle.io/os: linux
   catalog.cattle.io/permits-os: linux, windows
+  catalog.cattle.io/rancher-version: ">= 2.10.0-0"
   catalog.cattle.io/scope: management
   catalog.cattle.io/ui-component: plugins
-  catalog.cattle.io/display-name: Akri
-  catalog.cattle.io/rancher-version: '>= 2.11.0-0'
-  catalog.cattle.io/ui-extensions-version: '>= 3.0.2 < 4.0.0'
-  catalog.cattle.io/kube-version: '>= v1.26.0-0'
+  catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
 apiVersion: v2
-appVersion: 303.0.2+up1.3.1
+appVersion: 302.0.0+up1.2.1
 description: 'SUSE Edge: Akri extension for Rancher Dashboard'
 name: akri-dashboard-extension
 type: application
-version: "%%CHART_MAJOR%%.0.2+up1.3.1"
-icon: >-
-  https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg
+version: "%%CHART_MAJOR%%.0.0+up1.2.1"
+icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg

akri-dashboard-extension-chart/_service

@@ -9,8 +9,8 @@
   </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Chart.yaml</param>
-    <param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
-    <param name="var">CHART_PREFIX</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
     <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
     <param name="var">CHART_MAJOR</param>
   </service>

akri-dashboard-extension-chart/templates/cr.yaml

@@ -8,7 +8,7 @@ spec:
   plugin:
     name: {{ include "extension-server.fullname" . }}
     version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
-    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/303.0.2+up1.3.1
+    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/302.0.0+up1.2.1
     noCache: {{ .Values.plugin.noCache }}
     noAuth: {{ .Values.plugin.noAuth }}
-    metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}
+    metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

akri-dashboard-extension-chart/values.yaml

@@ -7,6 +7,6 @@ plugin:
   noAuth: false
   metadata:
     catalog.cattle.io/display-name: Akri
-    catalog.cattle.io/rancher-version: ">= 2.11.0-0"
-    catalog.cattle.io/ui-extensions-version: ">= 3.0.2 < 4.0.0"
+    catalog.cattle.io/rancher-version: ">= 2.10.0-0"
+    catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
     catalog.cattle.io/kube-version: ">= v1.26.0-0"

baremetal-operator-image/Dockerfile

@@ -1,13 +1,13 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1
-#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%
+#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%-%RELEASE%
 #!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
 COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends baremetal-operator inotify-tools procps iproute2 bind-utils vim shadow; zypper -n clean; rm -rf /var/log/*
+RUN zypper --installroot /installroot --non-interactive install --no-recommends baremetal-operator iproute2 bind-utils vim shadow; zypper -n clean; rm -rf /var/log/*
 
 FROM micro AS final
 # Define labels according to https://en.opensuse.org/Building_derived_containers
@@ -19,7 +19,7 @@ LABEL org.opencontainers.image.version="%%baremetal-operator_version%%"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -29,8 +29,6 @@ LABEL com.suse.release-stage="released"
 # endlabelprefix
 
 COPY --from=base /installroot /
-COPY bmo-run /usr/bin/bmo-run
-RUN chmod +x /usr/bin/bmo-run
 RUN groupadd -r -g 11000 bmo
 RUN useradd -u 11000 -g 11000 bmo
-ENTRYPOINT [ "/usr/bin/bmo-run" ]
+ENTRYPOINT [ "/usr/bin/baremetal-operator" ]

baremetal-operator-image/bmo-run

@@ -1,12 +0,0 @@
-#!/bin/bash
-export RESTART_CONTAINER_CERTIFICATE_UPDATED=${RESTART_CONTAINER_CERTIFICATE_UPDATED:-"false"}
-export IRONIC_CACERT_FILE=${IRONIC_CACERT_FILE:-"/opt/metal3/certs/ca/tls.crt"}
-
-if [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
-    # shellcheck disable=SC2034
-    inotifywait -m -e delete_self "${IRONIC_CACERT_FILE}" | while read -r file event; do
-        kill $(pgrep baremetal-opera)
-    done &
-fi
-
-exec /usr/bin/baremetal-operator $@

baremetal-operator/_service

@@ -2,7 +2,7 @@
  <service name="obs_scm">
     <param name="url">https://github.com/metal3-io/baremetal-operator</param>
     <param name="scm">git</param>
-    <param name="revision">v0.9.1</param>
+    <param name="revision">v0.8.0</param>
     <param name="version">_auto_</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>

baremetal-operator/baremetal-operator.spec

@@ -17,14 +17,14 @@
 
 
 Name:           baremetal-operator
-Version:        0.9.1
-Release:        0
+Version:        0.8.0
+Release:        0.8.0
 Summary:        Implements a Kubernetes API for managing bare metal hosts
 License:        Apache-2.0
 URL:            https://github.com/metal3-io/baremetal-operator
 Source:         baremetal-operator-%{version}.tar
 Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.23
+BuildRequires:  golang(API) = 1.22
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
 

cdi-chart/Chart.yaml

@@ -1,9 +1,9 @@
-#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.5.0
-#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.5.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%cdi-chart:%%CHART_MAJOR%%.0.0_up0.4.0
+#!BuildTag: %%IMG_PREFIX%%cdi-chart:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
 apiVersion: v2
-appVersion: 1.61.0
+appVersion: 1.60.1
 description: A Helm chart for Containerized Data Importer (CDI)
 icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
 name: cdi
 type: application
-version: "%%CHART_MAJOR%%.0.0+up0.5.0"
+version: "%%CHART_MAJOR%%.0.0+up0.4.0"

cdi-chart/_service

@@ -2,8 +2,8 @@
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Chart.yaml</param>
-    <param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
-    <param name="var">CHART_PREFIX</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
     <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
     <param name="var">CHART_MAJOR</param>
   </service>

cdi-chart/crds/cdi.yaml

@@ -5079,4 +5079,4 @@ spec:
           type: object
       served: true
       storage: true
-      subresources: {}
+      subresources: {}

cdi-chart/templates/NOTES.txt

@@ -1,2 +1,2 @@
 Verify that all CDI components are installed correctly:
-  kubectl get all -n {{ .Release.Namespace }}
+  kubectl get all -n {{ .Release.Namespace }}

cdi-chart/templates/_helpers.tpl

@@ -59,4 +59,4 @@ Create the name of the service account to use
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
-{{- end }}
+{{- end }}

cdi-chart/templates/_hooks.tpl

@@ -44,4 +44,4 @@
 {{/* CRD uninstalling hook name */}}
 {{- define "cdi.crdUninstallHook.name" -}}
 {{ include "cdi.fullname" . }}-crd-uninstall
-{{- end }}
+{{- end }}

cdi-chart/templates/cdi-operator.yaml

@@ -606,7 +606,17 @@ spec:
         prometheus.cdi.kubevirt.io: "true"
     spec:
       affinity:
-{{- .Values.deployment.affinity | toYaml | nindent 8 }}
+        podAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - podAffinityTerm:
+                labelSelector:
+                  matchExpressions:
+                    - key: cdi.kubevirt.io
+                      operator: In
+                      values:
+                        - cdi-operator
+                topologyKey: kubernetes.io/hostname
+              weight: 1
       containers:
         - env:
             - name: DEPLOY_CLUSTER_RESOURCES
@@ -640,7 +650,9 @@ spec:
               name: metrics
               protocol: TCP
           resources:
-{{- .Values.deployment.resources | toYaml | nindent 12 }}
+            requests:
+              cpu: 100m
+              memory: 150Mi
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:
@@ -649,8 +661,6 @@ spec:
             runAsNonRoot: true
             seccompProfile:
               type: RuntimeDefault
-          terminationMessagePath: /dev/termination-log
-          terminationMessagePolicy: File
       nodeSelector:
         kubernetes.io/os: linux
       securityContext:
@@ -658,4 +668,4 @@ spec:
       serviceAccountName: cdi-operator
       tolerations:
         - key: CriticalAddonsOnly
-          operator: Exists
+          operator: Exists

cdi-chart/templates/cdi-uninstall-hooks.yaml

@@ -66,4 +66,4 @@ spec:
             - deployments/cdi-apiserver
             - deployments/cdi-deployment
             - deployments/cdi-uploadproxy
-            - --timeout=60s
+            - --timeout=60s

cdi-chart/templates/cdi.yaml

@@ -18,4 +18,4 @@ spec:
   {{- with .Values.cdi.workload }}
   workload:
   {{- toYaml . | nindent 4 }}
-  {{- end }}
+  {{- end }}

cdi-chart/templates/crd-uninstall-hooks.yaml

@@ -52,4 +52,4 @@ spec:
             - customresourcedefinitions
             - cdis.cdi.kubevirt.io
           securityContext:
-            {{- toYaml .Values.hookSecurityContext | nindent 12 }}
+            {{- toYaml .Values.hookSecurityContext | nindent 12 }}

cdi-chart/templates/crd-upgrade-hooks.yaml

@@ -77,4 +77,4 @@ spec:
             name: cdi-crd-manifest
             items:
               - key: crd
-                path: crd.yaml
+                path: crd.yaml

cdi-chart/templates/namespace-hooks.yaml

@@ -53,4 +53,4 @@ spec:
             - label
             - namespace
             - {{ .Release.Namespace }}
-            - cdi.kubevirt.io=
+            - cdi.kubevirt.io=

cdi-chart/values.yaml

@@ -1,5 +1,5 @@
 deployment:
-  version: 1.61.0-150600.3.12.1
+  version: 1.60.1-150600.3.9.1
   operatorImage: registry.suse.com/suse/sles/15.6/cdi-operator
   controllerImage: registry.suse.com/suse/sles/15.6/cdi-controller
   importerImage: registry.suse.com/suse/sles/15.6/cdi-importer
@@ -8,22 +8,6 @@ deployment:
   uploadserverImage: registry.suse.com/suse/sles/15.6/cdi-uploadserver
   uploadproxyImage: registry.suse.com/suse/sles/15.6/cdi-uploadproxy
   pullPolicy: IfNotPresent
-  affinity:
-    podAffinity:
-      preferredDuringSchedulingIgnoredDuringExecution:
-        - podAffinityTerm:
-            labelSelector:
-              matchExpressions:
-                - key: cdi.kubevirt.io
-                  operator: In
-                  values:
-                    - cdi-operator
-            topologyKey: kubernetes.io/hostname
-          weight: 1
-  resources:
-    requests:
-      cpu: 100m
-      memory: 150Mi
 
 cdi:
   config:
@@ -41,7 +25,7 @@ cdi:
     nodeSelector:
       kubernetes.io/os: linux
 
-hookImage: registry.rancher.com/rancher/kubectl:v1.30.10
+hookImage: rancher/kubectl:v1.30.2
 hookRestartPolicy: OnFailure
 hookSecurityContext:
   seccompProfile:
@@ -51,4 +35,4 @@ hookSecurityContext:
   allowPrivilegeEscalation: false
   capabilities:
     drop:
-      - ALL
+      - ALL

container-build-checks/.gitattributes

@@ -1,23 +0,0 @@
-## Default LFS
-*.7z filter=lfs diff=lfs merge=lfs -text
-*.bsp filter=lfs diff=lfs merge=lfs -text
-*.bz2 filter=lfs diff=lfs merge=lfs -text
-*.gem filter=lfs diff=lfs merge=lfs -text
-*.gz filter=lfs diff=lfs merge=lfs -text
-*.jar filter=lfs diff=lfs merge=lfs -text
-*.lz filter=lfs diff=lfs merge=lfs -text
-*.lzma filter=lfs diff=lfs merge=lfs -text
-*.obscpio filter=lfs diff=lfs merge=lfs -text
-*.oxt filter=lfs diff=lfs merge=lfs -text
-*.pdf filter=lfs diff=lfs merge=lfs -text
-*.png filter=lfs diff=lfs merge=lfs -text
-*.rpm filter=lfs diff=lfs merge=lfs -text
-*.tbz filter=lfs diff=lfs merge=lfs -text
-*.tbz2 filter=lfs diff=lfs merge=lfs -text
-*.tgz filter=lfs diff=lfs merge=lfs -text
-*.ttf filter=lfs diff=lfs merge=lfs -text
-*.txz filter=lfs diff=lfs merge=lfs -text
-*.whl filter=lfs diff=lfs merge=lfs -text
-*.xz filter=lfs diff=lfs merge=lfs -text
-*.zip filter=lfs diff=lfs merge=lfs -text
-*.zst filter=lfs diff=lfs merge=lfs -text

container-build-checks/0001-Allow-slash-prefixes-in-registry.patch

@@ -1,39 +0,0 @@
-From 982cfa8500250c9704448880a779ade06cc8f976 Mon Sep 17 00:00:00 2001
-From: Nicolas Belouin <nicolas.belouin@suse.com>
-Date: Thu, 3 Apr 2025 16:53:49 +0200
-Subject: [PATCH] Allow slash prefixes in registry
-
-Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
----
- container-build-checks.py | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/container-build-checks.py b/container-build-checks.py
-index b8c873c..d862f33 100755
---- a/container-build-checks.py
-+++ b/container-build-checks.py
-@@ -82,13 +82,17 @@ def verify_reference(image, result, value):
-         return
- 
-     (registry, repo, tag) = reference_match.groups()
--    allowed_registries: list[str] = config["General"].getlist("Registry")
--    if len(allowed_registries) and registry not in allowed_registries:
-+    raw_allowed_registries: list[str] = config["General"].getlist("Registry")
-+    allowed_registries: dict[str, str] = {v[0]: v[2] for v in map(lambda a: a.partition("/"), raw_allowed_registries)}
-+
-+    if len(allowed_registries) and (registry not in allowed_registries.keys() or not repo.startswith(allowed_registries[registry])):
-         result.warn(
-             f"The org.opensuse.reference label ({value}) does not use an "
--            f"allowed registry: {','.join(allowed_registries)}")
-+            f"allowed registry: {','.join(raw_allowed_registries)}")
-+
-+    prefix = allowed_registries[registry]
- 
--    if f"{repo}:{tag}" not in image.containerinfo["tags"]:
-+    if f"{repo[len(prefix)+1:]}:{tag}" not in image.containerinfo["tags"]:
-         tags = ", ".join(image.containerinfo["tags"])
-         result.warn(f"The org.opensuse.reference label ({value}) does not refer to an existing tag ({tags})")
-     elif "release" in image.containerinfo and image.containerinfo["release"] not in tag:
--- 
-2.49.0
-

container-build-checks/SUSE.conf

@@ -1,4 +0,0 @@
-[General]
-Vendor=com.suse
-Registry=registry.suse.com
-Registry+=dp.apps.rancher.io

container-build-checks/_service

@@ -1,15 +0,0 @@
-<services>
-  <service mode="manual" name="obs_scm">
-    <param name="url">https://github.com/openSUSE/container-build-checks.git</param>
-    <param name="scm">git</param>
-    <param name="changesgenerate">enable</param>
-  </service>
-  <service mode="manual" name="set_version" />
-  <service mode="buildtime" name="tar">
-    <param name="obsinfo">container-build-checks.obsinfo</param>
-  </service>
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">xz</param>
-  </service>
-</services>

container-build-checks/_servicedata

@@ -1,4 +0,0 @@
-<servicedata>
-<service name="tar_scm">
-                <param name="url">https://github.com/openSUSE/container-build-checks.git</param>
-              <param name="changesrevision">412e7f60c08221a549b0f00dfcc4bee7694193ab</param></service></servicedata>

container-build-checks/container-build-checks.changes

@@ -1,101 +0,0 @@
--------------------------------------------------------------------
-Mon Aug 12 11:33:57 UTC 2024 - Fabian Vogt <fvogt@suse.com>
-
-- Update to version 1723452932.412e7f6:
-  * add test for missing substitutions
-  * Reject labels that are missing a substitution
-
--------------------------------------------------------------------
-Mon Jul 22 13:43:57 UTC 2024 - Dirk Müller <dmueller@suse.com>
-
-- update SUSE.conf: allow dp.rancher.apps.io
-
--------------------------------------------------------------------
-Mon Jul 22 13:08:23 UTC 2024 - Fabian Vogt <fvogt@suse.com>
-
-- Switch _service to mode="manual"
-- Update to version 1721653643.19092fe:
-  * Use generic name for the python setup step
-  * Allow specifying more than one registry
-  * Use Pathlib for resolving containerinfo
-  * Switch to test Python 3.11
-
--------------------------------------------------------------------
-Fri Apr 28 09:23:53 UTC 2023 - Fabian Vogt <fvogt@suse.com>
-
-- Update to version 1682595397.5ce6d2f:
-  * Handle OCI style images as well
-  * Makefile: Add missing dependency of broken-derived on proper-base
-  * GitHub workflow: Update action versions
-  * GitHub workflow: Test python 3.6 and 3.10
-
--------------------------------------------------------------------
-Mon Aug  8 11:37:19 UTC 2022 - Fabian Vogt <fvogt@suse.com>
-
-- Make the URL point to GitHub
-
--------------------------------------------------------------------
-Thu Jul  7 13:42:05 UTC 2022 - Fabian Vogt <fvogt@suse.com>
-
-- openSUSE.conf: Allow bci/* as prefix
-
--------------------------------------------------------------------
-Wed Apr 20 14:26:26 UTC 2022 - Fabian Vogt <fvogt@suse.com>
-
-- Update to version 1650464301.a198cf9:
-  * Detect and treat local builds specially
-
--------------------------------------------------------------------
-Mon Mar  7 09:23:46 UTC 2022 - Silvio Moioli <moio@suse.com>
-
-- Adding Uyuni prefix for https://www.uyuni-project.org/
-
--------------------------------------------------------------------
-Thu Feb 03 07:44:23 UTC 2022 - fvogt@suse.com
-
-- Update to version 1643874076.3d0e13c:
-  * Avoid crash on local builds
-
--------------------------------------------------------------------
-Tue Dec 14 13:49:12 UTC 2021 - fvogt@suse.com
-
-- Update to version 1639489705.a4c5a3ab2a75:
-  * Don't error out when the release field is empty
-  * Add simple gitpod configuration
-
--------------------------------------------------------------------
-Tue Jun  1 09:06:12 UTC 2021 - Fabian Vogt <fvogt@suse.com>
-
-- Drop obsolete Requires: grep jq
-
--------------------------------------------------------------------
-Fri May 28 13:57:34 UTC 2021 - Fabian Vogt <fvogt@suse.com>
-
-- Update to version 1622209785.4616f4f:
-  * README.md: Point badge to new location
-
--------------------------------------------------------------------
-Fri May 28 12:47:42 UTC 2021 - Fabian Vogt <fvogt@suse.com>
-
-- Update to version 1622204213.c8ecb9f:
-  * Add options to allow and block specific tags
-
--------------------------------------------------------------------
-Thu May 27 15:09:59 UTC 2021 - Fabian Vogt <fvogt@suse.com>
-
-- Update to version 1622127842.b548dd8:
-  * Update README.md
-  * Add README.md
-  * Add broken-derived test
-  * Verify prefix of the image specific label prefix
-  * Add some comments in the Makefile
-  * Always check the tag used in org.opensuse.reference
-  * Add github workflow
-  * Use bash explicitly
-  * Make lint
-  * Less noise in Makefile
-
--------------------------------------------------------------------
-Fri Apr 30 10:04:09 UTC 2021 - Fabian Vogt <fvogt@suse.com>
-
-- Initial commit

container-build-checks/container-build-checks.obsinfo

@@ -1,4 +0,0 @@
-name: container-build-checks
-version: 1723452932.412e7f6
-mtime: 1723452932
-commit: 412e7f60c08221a549b0f00dfcc4bee7694193ab

container-build-checks/container-build-checks.spec

@@ -1,95 +0,0 @@
-#
-# spec file for package container-build-checks
-#
-# Copyright (c) 2024 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-Name:           container-build-checks
-Version:        1723452932.412e7f6
-Release:        0
-Summary:        Scripts to validate built container images
-License:        GPL-2.0-or-later
-Group:          Development/Tools/Building
-URL:            https://github.com/openSUSE/container-build-checks
-Patch0:         0001-Allow-slash-prefixes-in-registry.patch
-Source0:        %{name}-%{version}.tar.xz
-Source1:        openSUSE.conf
-Source2:        SUSE.conf
-Requires:       %{name}-vendor
-BuildArch:      noarch
-
-%package vendor-openSUSE
-Summary:        openSUSE configuration for %{name}
-Group:          Development/Tools/Building
-Requires:       %{name} = %{version}
-Provides:       %{name}-vendor
-Conflicts:      %{name}-vendor
-
-%description vendor-openSUSE
-openSUSE configuration for %{name}
-
-%package vendor-SUSE
-Summary:        SUSE configuration for %{name}
-Group:          Development/Tools/Building
-Requires:       %{name} = %{version}
-Provides:       %{name}-vendor
-Conflicts:      %{name}-vendor
-
-%description vendor-SUSE
-SUSE configuration for %{name}
-
-%package strict
-Summary:        Strict configuration for %{name}
-Group:          Development/Tools/Building
-
-%description strict
-Strict configuration for %{name}
-
-%description
-This tool checks that built container images conform to the openSUSE container
-image policies (https://en.opensuse.org/Building_derived_containers).
-
-%prep
-%autosetup -p1
-
-%build
-%make_build
-
-%install
-%make_install
-
-mkdir -p %{buildroot}%{_datadir}/container-build-checks/
-install -m0644 %{SOURCE1} %{buildroot}%{_datadir}/container-build-checks/openSUSE.conf
-install -m0644 %{SOURCE2} %{buildroot}%{_datadir}/container-build-checks/SUSE.conf
-echo -e "[General]\nFatalWarnings=true" > %{buildroot}%{_datadir}/container-build-checks/strict.conf
-
-%files
-#%doc README
-%license LICENSE
-%dir %{_datadir}/container-build-checks
-%dir %{_prefix}/lib/build/
-%dir %{_prefix}/lib/build/post-build-checks/
-%{_prefix}/lib/build/post-build-checks/container-build-checks
-
-%files vendor-openSUSE
-%{_datadir}/container-build-checks/openSUSE.conf
-
-%files vendor-SUSE
-%{_datadir}/container-build-checks/SUSE.conf
-
-%files strict
-%{_datadir}/container-build-checks/strict.conf
-
-%changelog

container-build-checks/openSUSE.conf

@@ -1,10 +0,0 @@
-[General]
-Vendor=org.opensuse
-Registry=registry.opensuse.org
-
-[Tags]
-# To avoid conflicts with other stuff on the registry and
-# avoid ambiguities with images on other registries.
-Allowed+=opensuse/*,kubic/*,kubevirt/*,uyuni/*,bci/*
-# Those are images, not available as namespaces
-Blocked+=opensuse/tumbleweed/*,opensuse/leap/*

cosign/_service

@@ -0,0 +1,18 @@
+<services>
+  <service name="obs_scm">
+    <param name="url">https://github.com/rancher-government-carbide/cosign.git</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="scm">git</param>
+    <param name="exclude">.get</param>
+    <param name="revision">v2.2.3+carbide.2</param>
+    <param name="versionrewrite-pattern">v(.*)</param>
+    <param name="changesgenerate">enable</param>
+  </service>
+  <service mode="buildtime" name="tar">
+    <param name="obsinfo">cosign.obsinfo</param>
+  </service>
+  <service mode="buildtime" name="set_version" />
+  <service name="go_modules">
+     <param name="compression">gz</param>
+  </service>
+</services>

cosign/cosign.spec

@@ -0,0 +1,55 @@
+#
+# spec file for package cosign-rgs
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+%define project https://github.com/hauler-dev/cosign
+%define revision 49542360ffb5de63f9d2f5856b658651d5538e40 
+
+Name:           cosign
+Version:        0
+Release:        0
+Summary:        Container Signing, Verification and Storage in an OCI registry
+License:        Apache-2.0
+URL:            https://github.com/rancher-government-carbide/cosign
+Source:         cosign-%{version}.tar
+Source1:        vendor.tar.gz         
+BuildRequires:  golang-packaging
+
+%description
+
+%prep
+%setup -q -a1 -n cosign-%{version}
+
+%build
+%goprep %{project}
+
+DATE_FMT="+%%Y-%%m-%%dT%%H:%%M:%%SZ"
+BUILD_DATE=$(date -u -d "@${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u -r "${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u "${DATE_FMT}")
+
+CLI_PKG=sigs.k8s.io/release-utils/version
+CLI_LDFLAGS="-X ${CLI_PKG}.gitVersion=%{version} -X ${CLI_PKG}.gitCommit=%{revision} -X ${CLI_PKG}.gitTreeState=release -X ${CLI_PKG}.buildDate=${BUILD_DATE}"
+
+CGO_ENABLED=0 go build -mod=vendor -buildmode=pie -trimpath -ldflags "${CLI_LDFLAGS}" -o cosign ./cmd/cosign
+
+%install
+install -D -m 0755 cosign %{buildroot}%{_bindir}/cosign
+
+%files
+%license LICENSE
+%doc *.md
+%{_bindir}/cosign
+
+%changelog

edge-build-checks/10-helm-lint

@@ -1,12 +0,0 @@
-#!/bin/bash
-
-HELM="/usr/bin/helm"
-TOPDIR=/usr/src/packages/HELM
-failed=0
-
-if [ -x $HELM ]; then
-    $HELM lint "$TOPDIR"/*.tgz
-    failed=$?
-fi
-
-exit $failed

edge-build-checks/20-helm-images

@@ -1,159 +0,0 @@
-#!/usr/bin/python3
-import os
-import glob
-import subprocess
-import yaml
-import sys
-import pprint
-
-AUTHORIZED_REPOS = [
-    "registry.suse.com/suse/sles/",
-    "registry.suse.com/rancher",
-    "registry.rancher.com",
-]
-
-EXTRA_CONFIG = None
-
-class CheckResult:
-    """Class to track count of issues"""
-
-    def __init__(self):
-        self.hints = 0
-        self.warnings = 0
-        self.errors = 0
-
-    def hint(self, msg):
-        print(f"Hint: {msg}")
-        self.hints += 1
-
-    def warn(self, msg):
-        print(f"Warning: {msg}")
-        self.warnings += 1
-
-    def error(self, msg):
-        print(f"Error: {msg}")
-        self.errors += 1
-
-
-def tarballs():
-    """Return a list of .helminfo files to check."""
-    if "BUILD_ROOT" not in os.environ:
-        # Not running in an OBS build container
-        return glob.glob("*.tgz")
-
-    # Running in an OBS build container
-    buildroot = os.environ["BUILD_ROOT"]
-    topdir = "/usr/src/packages"
-    if os.path.isdir(buildroot + "/.build.packages"):
-        topdir = "/.build.packages"
-    if os.path.islink(buildroot + "/.build.packages"):
-        topdir = "/" + os.readlink(buildroot + "/.build.packages")
-
-    return glob.glob(f"{buildroot}{topdir}/HELM/*.tgz")
-
-def get_extra_config():
-    global EXTRA_CONFIG
-    if EXTRA_CONFIG is not None:
-        return EXTRA_CONFIG
-    
-    if "BUILD_ROOT" not in os.environ:
-        file_path = "./.checks_helm.yaml"
-    else:
-        buildroot = os.environ["BUILD_ROOT"]
-        topdir = "/usr/src/packages"
-        file_path = f"{buildroot}{topdir}/SOURCES/.checks_helm.yaml"
-    try:
-        with open(file_path) as config_file:
-            EXTRA_CONFIG = yaml.safe_load(config_file)
-            if EXTRA_CONFIG is None:  # No document in stream
-                EXTRA_CONFIG = {}
-    except OSError:
-        EXTRA_CONFIG = {}
-    return EXTRA_CONFIG
-
-def get_extra_params():
-    config = get_extra_config()
-    args = []
-    for api in config.get('extra_apis', []):
-        args.extend(['-a', api])
-    return args
-
-def is_exception(image):
-    config = get_extra_config()
-    exceptions = config.get('image_exceptions', [])
-    (namespace, _, _) = image.partition(':')
-    return namespace in exceptions
-
-def get_template(tarball_path):
-    raw_templates = subprocess.check_output(
-        [
-            "helm",
-            "template",
-            tarball_path,
-        ] + get_extra_params()
-    ).decode()
-    return yaml.safe_load_all(raw_templates)
-
-
-def extract_key(key, var):
-    if hasattr(var, "items"):  # hasattr(var,'items') for python 3
-        for k, v in var.items():  # var.items() for python 3
-            if k == key:
-                yield v
-            if isinstance(v, dict):
-                for result in extract_key(key, v):
-                    yield result
-            elif isinstance(v, list):
-                for d in v:
-                    for result in extract_key(key, d):
-                        yield result
-
-
-def check_template(result, template):
-    if template["kind"] not in [
-        "Pod",
-        "Deployment",
-        "StatefulSet",
-        "DaemonSet",
-        "ReplicaSet",
-        "Job",
-        "CronJob",
-    ]:
-        return
-    for image in extract_key("image", template):
-        if not image.startswith(tuple(AUTHORIZED_REPOS)) and not is_exception(image):
-            result.error(f"{image} is not from authorized source")
-    pass
-
-
-def main():
-    result = CheckResult()
-    img_repo = subprocess.check_output(
-        [
-            "rpm",
-            "--macros=/root/.rpmmacros",
-            "-E",
-            "%{?img_repo}",
-        ]
-    ).strip()
-    if img_repo:
-        result.hint(f"Adding '{img_repo.decode()}' to authorized repo")
-        AUTHORIZED_REPOS.append(img_repo.decode())
-    else:
-        result.warn("img_repo macro not defined, will not add extra authorized repo")
-    for tarball in tarballs():
-        print(f"Looking at {tarball}")
-        for template in get_template(tarball):
-            if template:  # Exclude empty templates
-                check_template(result, template)
-
-    ret = 0
-    if result.errors > 0:
-        print("Fatal errors found.")
-        ret = 1
-
-    sys.exit(ret)
-
-
-if __name__ == "__main__":
-    main()

edge-build-checks/20-helm-tags

@@ -1,92 +0,0 @@
-#!/usr/bin/python3
-import json
-import os
-import glob
-import sys
-import re
-
-
-class CheckResult:
-    """Class to track count of issues"""
-
-    def __init__(self):
-        self.hints = 0
-        self.warnings = 0
-        self.errors = 0
-
-    def hint(self, msg):
-        print(f"Hint: {msg}")
-        self.hints += 1
-
-    def warn(self, msg):
-        print(f"Warning: {msg}")
-        self.warnings += 1
-
-    def error(self, msg):
-        print(f"Error: {msg}")
-        self.errors += 1
-
-
-TAG_RE = re.compile(r"(.*\/)?([^:]+):([^:]+)")
-
-
-def check_tags(helminfo, result):
-    release_tag_found = False
-    version_tag_found = False
-    for tag in helminfo["tags"]:
-        (tag_prefix, tag_name, tag_version) = TAG_RE.fullmatch(tag).groups()
-        if tag_name != helminfo.get("name"):
-            result.warn(
-                f"Tag ({tag}) doesn't use the chart name ({helminfo.get('name')})"
-            )
-        if "release" in helminfo and helminfo["release"] in tag_version:
-            release_tag_found = True
-        if tag_version.replace("_", "+") == helminfo["version"]:
-            version_tag_found = True
-    if not release_tag_found:
-        result.error(
-            "None of the tags are unique to a specific build of the image.\n"
-            + "Make sure that at least one tag contains the release."
-        )
-    if not version_tag_found:
-        result.error(
-            "None of the tags is the equivalent of the chart's version.\n"
-            + "Make sure that one of the tag is the chart version."
-        )
-
-
-def helminfos():
-    """Return a list of .helminfo files to check."""
-    if "BUILD_ROOT" not in os.environ:
-        # Not running in an OBS build container
-        return glob.glob("*.helminfo")
-
-    # Running in an OBS build container
-    buildroot = os.environ["BUILD_ROOT"]
-    topdir = "/usr/src/packages"
-    if os.path.isdir(buildroot + "/.build.packages"):
-        topdir = "/.build.packages"
-    if os.path.islink(buildroot + "/.build.packages"):
-        topdir = "/" + os.readlink(buildroot + "/.build.packages")
-
-    return glob.glob(f"{buildroot}{topdir}/HELM/*.helminfo")
-
-
-def main():
-    result = CheckResult()
-    for helminfo in helminfos():
-        print(f"Looking at {helminfo}")
-        with open(helminfo, "rb") as cifile:
-            ci_dict = json.load(cifile)
-            check_tags(ci_dict, result)
-
-    ret = 0
-    if result.errors > 0:
-        print("Fatal errors found.")
-        ret = 1
-
-    sys.exit(ret)
-
-
-if __name__ == "__main__":
-    main()

edge-build-checks/COPYING

@@ -1,340 +0,0 @@
-		    GNU GENERAL PUBLIC LICENSE
-		       Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
-                       59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-			    Preamble
-
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users.  This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it.  (Some other Free Software Foundation software is covered by
-the GNU Library General Public License instead.)  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-
-  To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have.  You must make sure that they, too, receive or can get the
-source code.  And you must show them these terms so they know their
-rights.
-
-  We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
-  Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software.  If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
-  Finally, any free program is threatened constantly by software
-patents.  We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary.  To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-		    GNU GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-  0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License.  The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language.  (Hereinafter, translation is included without limitation in
-the term "modification".)  Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
-  1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
-  2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
-    a) You must cause the modified files to carry prominent notices
-    stating that you changed the files and the date of any change.
-
-    b) You must cause any work that you distribute or publish, that in
-    whole or in part contains or is derived from the Program or any
-    part thereof, to be licensed as a whole at no charge to all third
-    parties under the terms of this License.
-
-    c) If the modified program normally reads commands interactively
-    when run, you must cause it, when started running for such
-    interactive use in the most ordinary way, to print or display an
-    announcement including an appropriate copyright notice and a
-    notice that there is no warranty (or else, saying that you provide
-    a warranty) and that users may redistribute the program under
-    these conditions, and telling the user how to view a copy of this
-    License.  (Exception: if the Program itself is interactive but
-    does not normally print such an announcement, your work based on
-    the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
-  3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
-    a) Accompany it with the complete corresponding machine-readable
-    source code, which must be distributed under the terms of Sections
-    1 and 2 above on a medium customarily used for software interchange; or,
-
-    b) Accompany it with a written offer, valid for at least three
-    years, to give any third party, for a charge no more than your
-    cost of physically performing source distribution, a complete
-    machine-readable copy of the corresponding source code, to be
-    distributed under the terms of Sections 1 and 2 above on a medium
-    customarily used for software interchange; or,
-
-    c) Accompany it with the information you received as to the offer
-    to distribute corresponding source code.  (This alternative is
-    allowed only for noncommercial distribution and only if you
-    received the program in object code or executable form with such
-    an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it.  For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable.  However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
-  4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License.  Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
-  5. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Program or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
-  6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
-  7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
-  8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded.  In such case, this License incorporates
-the limitation as if written in the body of this License.
-
-  9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number.  If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation.  If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
-  10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission.  For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this.  Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
-			    NO WARRANTY
-
-  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
-  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
-		     END OF TERMS AND CONDITIONS
-
-	    How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
-    Gnomovision version 69, Copyright (C) year name of author
-    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary.  Here is a sample; alter the names:
-
-  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
-  `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
-  <signature of Ty Coon>, 1 April 1989
-  Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs.  If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Library General
-Public License instead of this License.

edge-build-checks/SUSE-Edge.conf

@@ -1,6 +0,0 @@
-[General]
-Vendor=com.suse
-Registry=%%IMG_REPO%%
-
-[Tags]
-Allowed=%%IMG_PREFIX%%*

edge-build-checks/_service

@@ -1,9 +0,0 @@
-<services>
-  <service name="replace_using_env" mode="buildtime">
-    <param name="file">SUSE-Edge.conf</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
-    <param name="var">IMG_PREFIX</param>
-    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
-    <param name="var">IMG_REPO</param>
-  </service>
-</services>

edge-build-checks/edge-build-checks.spec

@@ -1,59 +0,0 @@
-#
-# spec file for package edge-build-checks
-#
-# Copyright (c) 2024 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-Name:           edge-build-checks
-Summary:        post checks for build after charts and images are created
-License:        GPL-2.0-or-later
-Group:          Development/Tools/Building
-Version:        0.0.1
-Release:        0
-Source0:        COPYING
-Source1:        20-helm-images
-Source2:        10-helm-lint
-Source3:        SUSE-Edge.conf
-Source4:        20-helm-tags
-BuildArch:      noarch
-Requires:       container-build-checks
-Requires:       python3-PyYAML
-Provides:       container-build-checks-vendor
-
-%description
-some scripts to check for problems in edge related helm charts and images after their creation
-in OBS.
-
-%prep
-cp %{SOURCE0} .
-
-%build
-%define _lto_cflags %{nil}
-# nothing to do
-
-%install
-install -d $RPM_BUILD_ROOT/usr/lib/build/post-build-checks
-install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/build/post-build-checks
-install -m 755 %{SOURCE2} $RPM_BUILD_ROOT/usr/lib/build/post-build-checks
-install -m 755 %{SOURCE4} $RPM_BUILD_ROOT/usr/lib/build/post-build-checks
-install -d %{buildroot}%{_datadir}/container-build-checks
-install -m 644 %{SOURCE3} %{buildroot}%{_datadir}/container-build-checks/SUSE-Edge.conf
-
-%files
-%license COPYING
-%{_datadir}/container-build-checks
-/usr/lib/build
-
-%changelog

edge-image-builder-image/Dockerfile

@@ -1,5 +1,5 @@
-#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.1
-#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.1-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.1.1
+#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.1.1-%RELEASE%
 #!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION
@@ -15,11 +15,11 @@ RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE edge-image-builder Container Image"
 LABEL org.opencontainers.image.description="edge-image-builder based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="1.2.1"
+LABEL org.opencontainers.image.version="1.1.1"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.2.1-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.1.1-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

edge-image-builder-image/_service

@@ -7,8 +7,8 @@
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
     <param name="var">IMG_REPO</param>
     <param name="file">artifacts.yaml</param>
-    <param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
-    <param name="var">CHART_PREFIX</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
     <param name="eval">CHART_REPO=$(rpm --macros=/root/.rpmmacros -E %chart_repo)</param>
     <param name="var">CHART_REPO</param>
     <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
@@ -17,3 +17,4 @@
     <param name="var">CHART_MAJOR</param>
   </service>
 </services>
+

edge-image-builder-image/artifacts.yaml

@@ -1,10 +1,10 @@
 metallb:
-  chart: metallb
-  repository: "%%CHART_REPO%%/%%CHART_PREFIX%%"
-  version: "%%CHART_MAJOR%%.0.0+up0.14.9"
+  chart: metallb-chart
+  repository: "%%CHART_REPO%%/%%IMG_PREFIX%%"
+  version: "%%CHART_MAJOR%%.0.1+up0.14.9"
 endpoint-copier-operator:
-  chart: endpoint-copier-operator
-  repository: "%%CHART_REPO%%/%%CHART_PREFIX%%"
+  chart: endpoint-copier-operator-chart
+  repository: "%%CHART_REPO%%/%%IMG_PREFIX%%"
   version: "%%CHART_MAJOR%%.0.0+up0.2.1"
 kubernetes:
   k3s:

edge-image-builder/_service

@@ -3,9 +3,9 @@
     <param name="url">https://github.com/suse-edge/edge-image-builder.git</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v1.2.1</param>
+    <param name="revision">v1.1.1</param>
     <!-- Uncomment and set this For Pre-Release Version -->
-    <!-- <param name="version">1.2.0~rc1</param> -->
+    <!-- <param name="version">1.1.1~rc0</param> -->
     <!-- Uncomment and this for regular version -->
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(\d+).(\d+).(\d+)</param>

edge-image-builder/edge-image-builder.spec

@@ -17,14 +17,14 @@
 
 
 Name:           edge-image-builder
-Version:        1.2.1
+Version:        1.1.1
 Release:        0
 Summary:        Edge Image Builder
 License:        Apache-2.0
 URL:            https://github.com/suse-edge/edge-image-builder
 Source:         edge-image-builder-%{version}.tar
 Source1:        vendor.tar.gz
-BuildRequires:  golang(API) go1.24
+BuildRequires:  golang(API) go1.22
 BuildRequires:  golang-packaging
 BuildRequires:  gpgme-devel
 BuildRequires:  device-mapper-devel

endpoint-copier-operator-chart/Chart.yaml

@@ -1,5 +1,5 @@
-#!BuildTag: %%CHART_PREFIX%%endpoint-copier-operator:%%CHART_MAJOR%%.0.0_up0.2.1
-#!BuildTag: %%CHART_PREFIX%%endpoint-copier-operator:%%CHART_MAJOR%%.0.0_up0.2.1-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:%%CHART_MAJOR%%.0.0_up0.2.1
+#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:%%CHART_MAJOR%%.0.0_up0.2.1-%RELEASE%
 apiVersion: v2
 appVersion: v0.2.0
 description: A Helm chart for Kubernetes

endpoint-copier-operator-chart/_service

@@ -9,8 +9,8 @@
   </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Chart.yaml</param>
-    <param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
-    <param name="var">CHART_PREFIX</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
     <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
     <param name="var">CHART_MAJOR</param>
   </service>

frr-image/Dockerfile

@@ -1,7 +1,7 @@
 # SPDX-License-Identifier: MIT
-#!BuildTag: %%IMG_PREFIX%%frr:8.5.6
-#!BuildTag: %%IMG_PREFIX%%frr:8.5.6-%RELEASE%
-#!BuildVersion: 15.6
+#!BuildTag: %%IMG_PREFIX%%frr:8.4
+#!BuildTag: %%IMG_PREFIX%%frr:8.4-%RELEASE%
+#!BuildVersion: 15.5
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -15,11 +15,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="FRR Container Image"
 LABEL org.opencontainers.image.description="frr based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="8.5.6"
+LABEL org.opencontainers.image.version="8.4"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr:8.5.6-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr:8.4-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

frr-k8s/_service

@@ -2,7 +2,7 @@
  <service name="obs_scm">
     <param name="url">https://github.com/metallb/frr-k8s</param>
     <param name="scm">git</param>
-    <param name="revision">v0.0.16</param>
+    <param name="revision">v0.0.14</param>
     <param name="version">_auto_</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>

frr-k8s/frr-k8s.spec

@@ -17,8 +17,8 @@
 
 
 Name:           frr-k8s
-Version:        0.0.16
-Release:        0.0.16
+Version:        0.0.14
+Release:        0.0.14
 Summary:        A kubernetes based daemonset that exposes a subset of the FRR API in a kubernetes compliant manner.
 License:        Apache-2.0
 URL:            https://github.com/metallb/frr-k8s

hauler/_service

@@ -4,7 +4,7 @@
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="scm">git</param>
     <param name="exclude">.get</param>
-    <param name="revision">v1.2.1</param>
+    <param name="revision">v1.0.7</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>
   </service>
@@ -15,13 +15,4 @@
   <service name="go_modules">
      <param name="compression">gz</param>
   </service>
-  <service mode="buildtime" name="replace_using_env">
-    <param name="file">hauler.spec</param>
-    <param name="var">SOURCE_COMMIT</param>
-    <param name="eval">
-      SOURCE_COMMIT=$(grep commit hauler.obsinfo | cut -d" " -f2)
-    </param>
-    <param name="verbose">1</param>
-  </service>
-  <service mode="buildtime" name="set_version" />
 </services>

hauler/hauler.spec

@@ -18,7 +18,7 @@
 %define project github.com/hauler-dev/hauler
 
 Name:           hauler
-Version:        1.2.1
+Version:        1.0.7
 Release:        0
 Summary:        Airgap Swiss Army Knife
 License:        Apache-2.0
@@ -26,6 +26,7 @@ URL:            https://github.com/hauler-dev/hauler
 Source:         hauler-%{version}.tar
 Source1:        vendor.tar.gz
 BuildRequires:  golang-packaging
+BuildRequires:  cosign
 
 %description
 
@@ -37,18 +38,10 @@ BuildRequires:  golang-packaging
 
 tar -xf %{SOURCE1}
 
-MODULE=hauler.dev/go/hauler
-%define buildtime %(date +%%Y-%%m-%%dT%%H:%%M:%%S%%z)
-%define buildcommit %%SOURCE_COMMIT%%
+mkdir cmd/hauler/binaries
+cp `which cosign` cmd/hauler/binaries/cosign-linux-%{go_arch}
 
-
-go build \
--mod=vendor \
--buildmode=pie \
--o hauler \
--ldflags \
-"-X $MODULE/internal/version.gitVersion=v%{version} -X $MODULE/internal/version.gitCommit=%{buildcommit} -X $MODULE/internal/version.buildDate=%{buildtime}" \
-./cmd/hauler
+go build -mod=vendor -buildmode=pie -o hauler ./cmd/hauler
 
 %install
 

ironic-image/Dockerfile

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.4
-#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.4-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.3
+#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.3-%RELEASE%
 #!BuildVersion: 15.6
 
 ARG SLE_VERSION
@@ -8,8 +8,14 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
 
-RUN zypper -n in --no-recommends shim-x86_64 shim-aarch64 grub2-x86_64-efi grub2-arm64-efi dosfstools mtools
-
+#!ArchExclusiveLine: x86_64
+RUN if [ "$(uname -m)" = "x86_64" ];then \
+      zypper -n  in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*; \
+    fi
+#!ArchExclusiveLine: aarch64
+RUN if [ "$(uname -m)" = "aarch64" ];then \
+      zypper -n rm kubic-locale-archive-2.31-10.36.noarch openssl-1_1-1.1.1l-150500.17.37.1.aarch64; zypper -n in --no-recommends gcc git make xz-devel openssl-3 mokutil shim dosfstools mtools glibc glibc-extra grub2 grub2-arm64-efi; zypper -n clean; rm -rf /var/log/* ;\
+    fi
 WORKDIR /tmp
 COPY prepare-efi.sh /bin/
 RUN set -euo pipefail; chmod +x /bin/prepare-efi.sh
@@ -40,8 +46,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opencontainers.image.version="26.1.2.4"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.4-%RELEASE%"
+LABEL org.opencontainers.image.version="26.1.2.3"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.3-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -82,8 +88,7 @@ RUN if [ "$(uname -m)" = "aarch64" ]; then\
      cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\
     fi
     
-COPY --from=base /tmp/esp-x86_64.img /tmp/uefi_esp-x86_64.img
-COPY --from=base /tmp/esp-aarch64.img /tmp/uefi_esp-arm64.img
+COPY --from=base /tmp/esp.img /tmp/uefi_esp.img
 
 COPY ironic.conf.j2 /etc/ironic/
 COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 ipxe_config.template /tmp/

ironic-image/configure-ironic.sh

@@ -68,7 +68,7 @@ if [[ -n "$IRONIC_EXTERNAL_IP" ]]; then
     fi
 fi
 
-IMAGE_CACHE_PREFIX="/shared/html/images/ironic-python-agent-${DEPLOY_ARCHITECTURE}"
+IMAGE_CACHE_PREFIX=/shared/html/images/ironic-python-agent
 if [[ -f "${IMAGE_CACHE_PREFIX}.kernel" ]] && [[ -f "${IMAGE_CACHE_PREFIX}.initramfs" ]]; then
     export IRONIC_DEFAULT_KERNEL="${IMAGE_CACHE_PREFIX}.kernel"
     export IRONIC_DEFAULT_RAMDISK="${IMAGE_CACHE_PREFIX}.initramfs"

ironic-image/inspector.ipxe.j2

@@ -5,6 +5,6 @@ echo In inspector.ipxe
 imgfree
 # NOTE(dtantsur): keep inspection kernel params in [mdns]params in
 # ironic-inspector-image and configuration in configure-ironic.sh
-kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent-${buildarch}.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
-initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent-${buildarch}.initramfs || goto retry_boot
+kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
+initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.initramfs || goto retry_boot
 boot

ironic-image/ironic.conf.j2

@@ -83,7 +83,7 @@ send_sensor_data = {{ env.SEND_SENSOR_DATA }}
 # Power state is checked every 60 seconds and BMC activity should
 # be avoided more often than once every sixty seconds.
 send_sensor_data_interval = 160
-bootloader = {{ env.IRONIC_BOOT_BASE_URL }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img
+bootloader = {{ env.IRONIC_BOOT_BASE_URL }}/uefi_esp.img
 verify_step_priority_override = management.clear_job_queue:90
 # We don't use this feature, and it creates an additional load on the database
 node_history = False

ironic-image/prepare-efi.sh

@@ -2,26 +2,41 @@
 
 set -euxo pipefail
 
-declare -A efi_arch=(
-  ["x86_64"]="X64"
-  ["aarch64"]="AA64"
-  )
+ARCH=$(uname -m)
+DEST=${2:-/tmp/esp.img}
+OS=${1:-sles}
 
-for arch in "${!efi_arch[@]}"; do
-  
-  DEST=/tmp/esp-${arch}.img
+if [ $ARCH = "aarch64" ]; then
+  BOOTEFI=BOOTAA64.EFI
+  GRUBEFI=grubaa64.efi
+else
+  BOOTEFI=BOOTX64.efi
+  GRUBEFI=grubx64.efi
+fi
 
-  dd bs=1024 count=6400 if=/dev/zero of=$DEST
-  mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST
-
-  mmd -i $DEST EFI
-  mmd -i $DEST EFI/BOOT
-
-  mcopy -i $DEST -v /usr/share/efi/${arch}/shim.efi ::EFI/BOOT/BOOT${efi_arch[$arch]}.EFI
-  mcopy -i $DEST -v /usr/share/efi/${arch}/grub.efi ::EFI/BOOT/GRUB.EFI
-
-  mdir -i $DEST ::EFI/BOOT;
-done
+dd bs=1024 count=6400 if=/dev/zero of=$DEST
+mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST
 
+mkdir -p /boot/efi/EFI/BOOT
+mkdir -p /boot/efi/EFI/$OS
+if [ $ARCH = "aarch64" ]; then
+  cp -L /usr/share/efi/aarch64/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
+  cp -L /usr/share/efi/aarch64/grub.efi /boot/efi/EFI/BOOT/grub.efi
+  cp /usr/share/grub2/arm64-efi/grub.efi /boot/efi/EFI/$OS/grubaa64.efi
+else
+  cp -L /usr/lib64/efi/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
+  #cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/$GRUBEFI
+  cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/grub.efi
+fi
 
+mmd -i $DEST EFI
+mmd -i $DEST EFI/BOOT
+mcopy -i $DEST -v /boot/efi/EFI/BOOT/$BOOTEFI ::EFI/BOOT
+if [ $ARCH = "aarch64" ]; then
+  mcopy -i $DEST -v /boot/efi/EFI/BOOT/grub.efi ::EFI/BOOT
+  mcopy -i $DEST -v /boot/efi/EFI/$OS/$GRUBEFI ::EFI/BOOT
+else
+  mcopy -i $DEST -v /boot/efi/EFI/$OS/grub.efi ::EFI/BOOT
+fi 
+mdir -i $DEST ::EFI/BOOT;
 

ironic-image/runhttpd

@@ -39,7 +39,7 @@ export INSPECTOR_EXTRA_ARGS
 
 # Copy files to shared mount
 render_j2_config /tmp/inspector.ipxe.j2 /shared/html/inspector.ipxe
-cp /tmp/uefi_esp*.img /shared/html/
+cp /tmp/uefi_esp.img /shared/html/uefi_esp.img
 
 # Render the core httpd config
 render_j2_config /etc/httpd/conf/httpd.conf.j2 /etc/httpd/conf/httpd.conf

ironic-ipa-downloader-image/Dockerfile

@@ -1,14 +1,22 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.7
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.7-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.1
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.1-%RELEASE%
+#!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
 COPY --from=micro / /installroot/
 RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
-RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 ironic-ipa-ramdisk-aarch64 tar gawk curl xz zstd shadow cpio findutils
-
+#!ArchExclusiveLine: x86_64
+RUN if [ "$(uname -m)" = "x86_64" ];then \
+  zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
+  fi
+#!ArchExclusiveLine: aarch64
+RUN if [ "$(uname -m)" = "aarch64" ];then \
+  zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
+  fi
+#RUN zypper --installroot /installroot --non-interactive install --no-recommends sles-release;
 RUN cp /usr/bin/getopt /installroot/
 
 FROM micro AS final
@@ -18,11 +26,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
 LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="3.0.6"
+LABEL org.opencontainers.image.version="3.0.1"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.7-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.1-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -33,9 +41,8 @@ LABEL com.suse.release-stage="released"
 
 COPY --from=base /installroot /
 RUN cp /getopt /usr/bin/
-RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
+RUN cp /srv/tftpboot/openstack-ironic-image/initrd.xz /tmp
 RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
-RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
 # configure non-root user
 COPY configure-nonroot.sh /bin/
 RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh

ironic-ipa-downloader-image/Dockerfile.aarch64

@@ -1,45 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.7
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.7-%RELEASE%
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
-
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
-COPY --from=micro / /installroot/
-RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
-RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 tar gawk curl xz zstd shadow cpio findutils
-
-RUN cp /usr/bin/getopt /installroot/
-
-FROM micro AS final
-
-# Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.ironic
-LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
-LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="3.0.6"
-LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.7-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-COPY --from=base /installroot /
-RUN cp /getopt /usr/bin/
-RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
-RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
-RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
-# configure non-root user
-COPY configure-nonroot.sh /bin/
-RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh
-RUN set -euo pipefail; /bin/configure-nonroot.sh && rm -f /bin/configure-nonroot.sh
-COPY get-resource.sh /usr/local/bin/get-resource.sh
-
-RUN set -euo pipefail; chmod +x /usr/local/bin/get-resource.sh

ironic-ipa-downloader-image/Dockerfile.x86_64

@@ -1,45 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.7
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.7-%RELEASE%
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
-
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
-COPY --from=micro / /installroot/
-RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
-RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 tar gawk curl xz zstd shadow cpio findutils
-
-RUN cp /usr/bin/getopt /installroot/
-
-FROM micro AS final
-
-# Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.ironic
-LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
-LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="3.0.6"
-LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.7-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-COPY --from=base /installroot /
-RUN cp /getopt /usr/bin/
-RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
-RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
-RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
-# configure non-root user
-COPY configure-nonroot.sh /bin/
-RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh
-RUN set -euo pipefail; /bin/configure-nonroot.sh && rm -f /bin/configure-nonroot.sh
-COPY get-resource.sh /usr/local/bin/get-resource.sh
-
-RUN set -euo pipefail; chmod +x /usr/local/bin/get-resource.sh

ironic-ipa-downloader-image/_multibuild

@@ -1,4 +0,0 @@
-<multibuild>
-  <flavor>x86_64</flavor>
-  <flavor>aarch64</flavor>
-</multibuild>

ironic-ipa-downloader-image/_service

@@ -2,8 +2,6 @@
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
   <service mode="buildtime" name="docker_label_helper"/>
   <service name="replace_using_env" mode="buildtime">
-    <param name="file">Dockerfile.aarch64</param>
-    <param name="file">Dockerfile.x86_64</param>
     <param name="file">Dockerfile</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>

ironic-ipa-downloader-image/get-resource.sh

@@ -6,37 +6,12 @@ export http_proxy=${http_proxy:-$HTTP_PROXY}
 export https_proxy=${https_proxy:-$HTTPS_PROXY}
 export no_proxy=${no_proxy:-$NO_PROXY}
 
-if [ -d "/tmp/ironic-certificates" ]; then
-  sha256sum /tmp/ironic-certificates/* > /tmp/certificates.sha256
-  if cmp "/shared/certificates.sha256" "/tmp/certificates.sha256"; then
-    CERTS_CHANGED=0
-  else
-    CERTS_CHANGED=1
-  fi
-fi
-
 # Which image should we use
 if [ -z "${IPA_BASEURI}" ]; then
-  if cmp "/shared/images.sha256" "/tmp/images.sha256"; then
-    if [ "${CERTS_CHANGED:-0}" = "0" ]; then
-      # everything is the same exit early
-      exit 0
-    fi
-  fi
-  IMAGE_CHANGED=1
-  # SLES BASED IPA - ironic-ipa-ramdisk-x86_64 and ironic-ipa-ramdisk-aarch64 packages
+  # SLES BASED IPA - ironic-ipa-ramdisk-x86_64 package
   mkdir -p /shared/html/images
-  if [ -f /tmp/initrd-x86_64.zst ]; then
-    cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
-    cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
-  fi
-  # Use arm64 as destination for iPXE compatibility
-  if [ -f /tmp/initrd-aarch64.zst ]; then
-    cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
-    cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
-  fi
-
-  cp /tmp/images.sha256 /shared/images.sha256
+  cp /tmp/initrd.xz /shared/html/images/ironic-python-agent.initramfs
+  cp /tmp/openstack-ironic-image*.kernel /shared/html/images/ironic-python-agent.kernel
 else
   FILENAME=ironic-python-agent
   FILENAME_EXT=.tar
@@ -50,56 +25,47 @@ else
   # If we have a CACHEURL and nothing has yet been downloaded
   # get header info from the cache
   ls -l
-  if [ -n "$CACHEURL" ] && [ ! -e $FFILENAME.headers ] ; then
+  if [ -n "$CACHEURL" -a ! -e $FFILENAME.headers ] ; then
       curl -g --verbose --fail -O "$CACHEURL/$FFILENAME.headers" || true
   fi
   
   # Download the most recent version of IPA
   if [ -e $FFILENAME.headers ] ; then
       ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\r")
-      cd "$TMPDIR"
-      curl -g --verbose --dump-header $FFILENAME.headers -O "$IPA_BASEURI/$FFILENAME" --header "If-None-Match: $ETAG" || cp /shared/html/images/$FFILENAME.headers .
+      cd $TMPDIR
+      curl -g --verbose --dump-header $FFILENAME.headers -O $IPA_BASEURI/$FFILENAME --header "If-None-Match: $ETAG" || cp /shared/html/images/$FFILENAME.headers .
       # curl didn't download anything because we have the ETag already
       # but we don't have it in the images directory
       # Its in the cache, go get it
       ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r")
-      if [ ! -s $FFILENAME ] && [ ! -e "/shared/html/images/$FILENAME-$ETAG/$FFILENAME" ] ; then
+      if [ ! -s $FFILENAME -a ! -e /shared/html/images/$FILENAME-$ETAG/$FFILENAME ] ; then
           mv /shared/html/images/$FFILENAME.headers .
           curl -g --verbose -O "$CACHEURL/$FILENAME-$ETAG/$FFILENAME"
       fi
   else
-      cd "$TMPDIR"
-      curl -g --verbose --dump-header $FFILENAME.headers -O "$IPA_BASEURI/$FFILENAME"
+      cd $TMPDIR
+      curl -g --verbose --dump-header $FFILENAME.headers -O $IPA_BASEURI/$FFILENAME
   fi
   
   if [ -s $FFILENAME ] ; then
       tar -xf $FFILENAME
-      xz -d -c -k --fast $FILENAME.initramfs | zstd -c > $FILENAME.initramfs.zstd
-      mv $FILENAME.initramfs.zstd $FILENAME.initramfs
-      ARCH=$(file -b ${FILENAME}.kernel | cut -d ' ' -f 3)
-      if [ "$ARCH" = "x86" ]; then
-        ARCH="x86_64"
-      fi
+  
       ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r")
       cd -
-      chmod 755 "$TMPDIR"
-      mv "$TMPDIR" "$FILENAME-$ETAG"
-      ln -sf "$FILENAME-$ETAG/$FFILENAME.headers" "$FFILENAME.headers"
-      ln -sf "$FILENAME-$ETAG/$FILENAME.initramfs" "$FILENAME-${ARCH,,}.initramfs"
-      ln -sf "$FILENAME-$ETAG/$FILENAME.kernel" "$FILENAME-${ARCH,,}.kernel"
-      
-      IMAGE_CHANGED=1
+      chmod 755 $TMPDIR
+      mv $TMPDIR $FILENAME-$ETAG
+      ln -sf $FILENAME-$ETAG/$FFILENAME.headers $FFILENAME.headers
+      ln -sf $FILENAME-$ETAG/$FILENAME.initramfs $FILENAME.initramfs
+      ln -sf $FILENAME-$ETAG/$FILENAME.kernel $FILENAME.kernel
   else
-      rm -rf "$TMPDIR"
+      rm -rf $TMPDIR
   fi
 fi
 
-if [ "${CERTS_CHANGED:-0}" = "1" ] || [ "${IMAGE_CHANGED:-0}" = "1" ]; then
+if [ -d "/tmp/ironic-certificates" ]; then
   mkdir -p /tmp/ca/tmp-initrd && cd /tmp/ca/tmp-initrd
+  xz -d -c -k --fast /shared/html/images/ironic-python-agent.initramfs | fakeroot -s ../initrd.fakeroot cpio -i
   mkdir -p etc/ironic-python-agent.d/ca-certs
   cp /tmp/ironic-certificates/* etc/ironic-python-agent.d/ca-certs/
-  for initramfs in /shared/html/images/ironic-python-agent-*.initramfs; do
-    find . | cpio -o -H newc --reproducible | zstd -c >> "${initramfs}"
-  done
-  cp /tmp/certificates.sha256 /shared/certificates.sha256
+  find . | fakeroot -i ../initrd.fakeroot cpio -o -H newc | xz --check=crc32 --x86 --lzma2 --fast > /shared/html/images/ironic-python-agent.initramfs
 fi

ironic-ipa-ramdisk/config.sh

@@ -13,6 +13,11 @@ echo "Configure image: [$kiwi_iname]..."
 #------------------------------------------
 baseSetupBuildDay
 
+#======================================
+# Mount system filesystems
+#--------------------------------------
+#baseMount
+
 #==========================================
 # remove unneded kernel files
 #------------------------------------------
@@ -34,8 +39,12 @@ suseImportBuildKey
 #--------------------------------------
 baseInsertService openstack-ironic-python-agent
 baseInsertService suse-ironic-image-setup
+baseInsertService suse-network-setup
 baseInsertService sshd
 baseInsertService NetworkManager
+#suseInsertService sshd
+#suseInsertService openstack-ironic-python-agent
+#suseInsertService suse-ironic-image-setup
 
 echo 'DEFAULT_TIMEZONE="UTC"' >> /etc/sysconfig/clock
 baseUpdateSysConfig /etc/sysconfig/clock HWCLOCK "-u"
@@ -55,7 +64,42 @@ sed -E 's/^(ExecStart=.*\/agetty).*(--noclear.*)/\1 \2 --autologin root/' /usr/l
 #------------------------------------------
 echo 'tmpfs /tmp tmpfs size=3G 0 0' >> /etc/fstab
 
+#==========================================
+# remove package docs and manuals
+#------------------------------------------
+#baseStripDocs
+#baseStripMans
+#baseStripInfos
+
+#======================================
+# only basic version of vim is
+# installed; no syntax highlighting
+#--------------------------------------
+sed -i -e's/^syntax on/" syntax on/' /etc/vimrc
+
+#======================================
+# Remove yast if not in use
+#--------------------------------------
+#suseRemoveYaST
+
+#======================================
+# Remove package manager
+#--------------------------------------
+#suseStripPackager
+
+#rm -f usr/lib/perl5/*/*/auto/Encode/??/??.so # 9MB
+
+#======================================
+# Umount kernel filesystems
+#--------------------------------------
+#baseCleanMount
+
 ln -s /sbin/init /init
 
+#==========================================
+# umount
+#------------------------------------------
+umount /proc >/dev/null 2>&1
+
 exit 0
 

ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<image schemaversion="7.4" name="openstack-ironic-image">
+<image schemaversion="7.4" name="openstack-ironic-image-301">
     <description type="system">
         <author>Cloud developers</author>
         <contact>cloud-devel@suse.de</contact>
@@ -12,7 +12,6 @@
         <locale>en_US</locale>
         <packagemanager>zypper</packagemanager>
         <rpm-check-signatures>false</rpm-check-signatures>
-        <rpm-excludedocs>true</rpm-excludedocs>
         <timezone>UTC</timezone>
         <version>1.0.0</version> 
     </preferences>	
@@ -103,25 +102,64 @@
         <package name="libxcb-render0"/>
         <package name="libxcb-shm0"/>
         <package name="libxcb1"/>
-        <package name="kernel-firmware-amdgpu"/>
-        <package name="kernel-firmware-ath10k"/>
-        <package name="kernel-firmware-ath11k"/>
-        <package name="kernel-firmware-ath12k"/>
-        <package name="kernel-firmware-atheros"/>
-        <package name="kernel-firmware-bluetooth"/>
-        <package name="kernel-firmware-brcm"/>
-        <package name="kernel-firmware-i915"/>
-        <package name="kernel-firmware-iwlwifi"/>
-        <package name="kernel-firmware-media"/>
-        <package name="kernel-firmware-nvidia"/>
-        <package name="kernel-firmware-qcom"/>
-        <package name="kernel-firmware-radeon"/>
-        <package name="kernel-firmware-realtek"/>
-        <package name="kernel-firmware-sound"/>
-        <package name="kernel-firmware-ti"/>
-        <package name="kernel-firmware-ueagle"/>
+        <package name="plymouth"/>
+        <package name="plymouth-branding-SLE"/>
     </packages>
 
+    <packages type="image">
+        <package name="checkmedia"/>
+        <package name="plymouth-branding-SLE"/>
+        <package name="plymouth-dracut"/>
+        <package name="plymouth-theme-bgrt"/>
+        <package name="grub2-branding-SLE"/>
+        <package name="iputils"/>
+        <package name="vim"/>
+        <package name="grub2"/>
+        <package name="grub2-x86_64-efi" arch="x86_64"/>
+        <package name="grub2-arm64-efi" arch="aarch64"/>
+        <package name="grub2-i386-pc" arch="x86_64"/>
+        <package name="syslinux" arch="x86_64"/>
+        <package name="lvm2"/>
+        <package name="plymouth"/>
+        <package name="fontconfig"/>
+        <package name="fonts-config"/>
+        <package name="openssh"/>
+        <package name="iproute2"/>
+        <package name="which"/>
+        <package name="kernel-firmware"/>
+        <package name="kernel-default"/>
+        <package name="NetworkManager"/>
+        <package name="nm-configurator"/>
+        <package name="timezone"/>
+        <package name="haveged"/>
+        <!-- ironic-python-agent specific -->
+        <package name="openstack-ironic-python-agent"/>
+        <package name="hdparm"/>
+        <package name="qemu-tools"/>
+        <package name="python311-proliantutils"/>
+        <package name="lshw"/>
+        <package name="dmidecode"/>
+        <package name="efibootmgr"/>
+        <package name="gptfdisk"/>
+        <package name="open-iscsi"/>
+        <package name="hwinfo"/>
+        <package name="ipmitool"/>
+        <package name="iputils"/>
+        <package name="lvm2"/>
+        <package name="net-tools"/>
+        <package name="ntp"/>
+        <package name="parted"/>
+        <package name="psmisc"/>
+        <package name="timezone"/>
+        <package name="which"/>
+        <package name="kbd"/>
+    </packages>
+
+    <packages type="kis">
+        <package name="dracut-kiwi-oem-repart"/>
+        <package name="dracut-kiwi-oem-dump"/>
+    </packages> 
+
     <packages type="bootstrap">
         <package name="glibc-locale"/>
         <package name="udev"/>
@@ -129,50 +167,5 @@
         <package name="cracklib-dict-full"/>
         <package name="ca-certificates"/>
         <package name="sles-release"/>
-
-        <package name="checkmedia"/>
-        <package name="fontconfig"/>
-        <package name="fonts-config"/>
-        <package name="grub2-arm64-efi" arch="aarch64"/>
-        <package name="grub2-branding-SLE"/>
-        <package name="grub2-i386-pc" arch="x86_64"/>
-        <package name="grub2-x86_64-efi" arch="x86_64"/>
-        <package name="grub2"/>
-        <package name="iproute2"/>
-        <package name="iputils"/>
-        <package name="kernel-default"/>
-        <package name="kernel-firmware-all"/>
-        <package name="lvm2"/>
-        <package name="NetworkManager"/>
-        <package name="nm-configurator"/>
-        <package name="openssh"/>
-        <package name="timezone"/>
-        <package name="which"/>
-        <!-- ironic-python-agent specific -->
-        <package name="dmidecode"/>
-        <package name="efibootmgr"/>
-        <package name="gptfdisk"/>
-        <package name="hdparm"/>
-        <package name="hwinfo"/>
-        <package name="ipmitool"/>
-        <package name="iputils"/>
-        <package name="kbd"/>
-        <package name="lshw"/>
-        <package name="lvm2"/>
-        <package name="net-tools"/>
-        <package name="ntp"/>
-        <package name="open-iscsi"/>
-        <package name="openstack-ironic-python-agent"/>
-        <package name="parted"/>
-        <package name="psmisc"/>
-        <package name="python311-proliantutils"/>
-        <package name="qemu-tools"/>
-        <package name="timezone"/>
-        <package name="which"/>
     </packages>
-
-    <packages type="kis">
-        <package name="dracut-kiwi-oem-repart"/>
-        <package name="dracut-kiwi-oem-dump"/>
-    </packages> 
 </image>

ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec

@@ -19,7 +19,7 @@
 
 
 Name:           ironic-ipa-ramdisk
-Version:        3.0.7
+Version:        3.0.1
 Release:        0
 Summary:        Kernel and ramdisk image for OpenStack Ironic
 License:        SUSE-EULA
@@ -27,7 +27,7 @@ Group:          System/Management
 URL:            https://github.com/SUSE-Cloud/
 Source0:        config.sh
 Source10:       ironic-ipa-ramdisk.kiwi
-Source20:       root
+Source20:       root.tar.bz2
 
 BuildRequires:  -post-build-checks
 BuildRequires:  bash
@@ -38,7 +38,7 @@ BuildArch:      noarch
 
 BuildRequires:  checkmedia
 BuildRequires:  acl
-BuildRequires:  ca-certificates-mozilla-prebuilt
+BuildRequires:  ca-certificates
 BuildRequires:  cracklib-dict-full
 BuildRequires:  cron
 BuildRequires:  dbus-1
@@ -62,7 +62,7 @@ BuildRequires:  ipmitool
 BuildRequires:  iproute2
 BuildRequires:  iputils
 BuildRequires:  kernel-default
-BuildRequires:  kernel-firmware-all
+BuildRequires:  kernel-firmware
 BuildRequires:  lvm2
 BuildRequires:  net-tools
 BuildRequires:  ntp
@@ -123,13 +123,13 @@ Kernel and ramdisk image for use with Metal3
 For %{_arch}
 
 %prep
-mkdir -p /tmp/openstack-ironic-image/build /tmp/openstack-ironic-image/img
+mkdir -p /tmp/openstack-ironic-image/build /tmp/openstack-ironic-image/root /tmp/openstack-ironic-image/img
 
 cp -a %{SOURCE0} /tmp/openstack-ironic-image/config.sh
 
 cp -a %{SOURCE10} /tmp/openstack-ironic-image/config.kiwi
 
-cp -ar %{SOURCE20} /tmp/openstack-ironic-image/root
+tar -xC /tmp/openstack-ironic-image/root -f %{SOURCE20}
 
 %build
 if ! which kiwi; then
@@ -148,8 +148,10 @@ TDIR=`mktemp -d /tmp/openstack-ironic-image.XXXXX`
 cd /tmp/openstack-ironic-image/img/build/image-root 
 find . | cpio --create --format=newc --quiet > $TDIR/initrdtmp
 cd $TDIR
-zstd initrdtmp -o initrd-%{_arch}.zst
-INITRD=`ls *.zst | head -1`
+gzip -9 -f initrdtmp
+INITRDGZ=`ls *.gz | head -1`
+gzip -cd $INITRDGZ | xz --check=crc32 -c9 > initrd.xz
+INITRD=`ls *.xz | head -1`
 
 ls /tmp/openstack-ironic-image/img/openstack-ironic-image*
 KERNEL=`ls /tmp/openstack-ironic-image/img/openstack-ironic-image*default*kernel | head -1`

ironic-ipa-ramdisk/root/etc/NetworkManager/conf.d/00-main.conf

@@ -1,24 +0,0 @@
-# WARNING: This file has been modified by the diskimage-builder
-# dhcp-all-interfaces element as this machine is likely running
-# a ramdisk or needs to attempt auto-configuration on all interfaces.
-[main]
-# This makes sense even with dhcp on all interfaces in the event
-# that the configuration has been or is being supplied via external means.
-ignore-carrier=*
-# Use dhclient as was done previously to the Centos8/RHEL8 RPM defaults.
-# This is because dhclient shuts the interface down after a retry attempt
-# which allows the link state to reset with some switches, which may be
-# important for the ramdisk to recover networking.
-dhcp=dhclient
-
-[connection]
-# Keep retrying, this is important for this important espescialy for
-# ramdisks in environments where varying switch configurations may
-# cause traffic to be blocked or intermittent connectivity failures
-# such as those at an edge site may cause issues.
-autoconnect-retries=-1
-# Set the timeout. Diskimage-builder dhcp-all-interfaces has a 30
-# second default. NetworkManager, by default, is 45 seconds.
-# In some cases where ramdisks are in use, 60 seconds is advisable.
-ipv4.dhcp-timeout=30
-ipv6.dhcp-timeout=30

ironic-ipa-ramdisk/root/etc/ironic-python-agent.conf.d

@@ -1 +0,0 @@
-ironic-python-agent/ironic-python-agent.conf.d

ironic-ipa-ramdisk/root/etc/issue

@@ -1 +0,0 @@
-SUSE Ironic Python Agent Ramdisk - terminal \l

ironic-ipa-ramdisk/root/etc/sysctl.d/98-rp_filter.conf

@@ -1,2 +0,0 @@
-# avoid problems with multiple network interfaces
-net.ipv4.conf.all.rp_filter=0

ironic-ipa-ramdisk/root/etc/systemd/system/NetworkManager.service.d/nmc.conf

@@ -1,7 +0,0 @@
-[Unit]
-#WantsMountsFor=/mnt/ipa
-After=mnt-ipa.mount
-Wants=mnt-ipa.mount
-
-[Service]
-ExecStartPre=-/usr/local/bin/suse-network-setup.sh

ironic-ipa-ramdisk/root/etc/systemd/system/mnt-ipa.mount

@@ -1,7 +0,0 @@
-[Unit]
-Description=config-2 rom consumed by IPA for networking configuration
-
-[Mount]
-What=/dev/ipa
-Where=/mnt/ipa
-TimeoutSec=30

ironic-ipa-ramdisk/root/etc/systemd/system/suse-ironic-image-setup.service

@@ -1,12 +0,0 @@
-[Unit]
-Description=Setup ironic-python-agent image
-After=getty.target
-
-[Service]
-Type=oneshot
-ExecStart=/usr/local/bin/suse-ironic-image-setup.sh
-StandardOutput=journal+console
-RemainAfterExit=true
-
-[Install]
-WantedBy=multi-user.target

ironic-ipa-ramdisk/root/etc/systemd/system/systemd-udevd.service.d/ordering.conf

@@ -1,3 +0,0 @@
-[Unit]
-Before=local-fs.target
-WantedBy=local-fs.target

ironic-ipa-ramdisk/root/etc/udev/rules.d/61-config2.rules

@@ -1 +0,0 @@
-ACTION=="add|change", SUBSYSTEM=="block", ENV{ID_FS_LABEL}=="config-2", ENV{ID_FS_PUBLISHER_ID}=="?*", PROGRAM="/usr/local/bin/suse-test-config-2.sh", SYMLINK+="ipa"

ironic-ipa-ramdisk/root/usr/local/bin/suse-ironic-image-setup.sh

@@ -1,52 +0,0 @@
-#!/bin/sh
-PARAMS=$(</proc/cmdline)
-# find vfloppy device (based on IPA code)
-VMEDIA_DEVICE=$(find /dev/disk/by-label -iname ir-vfd-dev)
-# read params from vmedia and prepend them to params from kernel cmdline
-if [[ -b "$VMEDIA_DEVICE" ]]; then
-  VMEDIA_MOUNT=$(mktemp -d)
-  if mount -o loop $VMEDIA_DEVICE $VMEDIA_MOUNT; then
-    # parameters.txt has one param per line, reformat to match cmdline
-    VMEDIA_PARAMS=$(cat $VMEDIA_MOUNT/parameters.txt | tr '\n' ' ')
-    umount $VMEDIA_MOUNT
-    PARAMS="$VMEDIA_PARAMS $PARAMS"
-  fi
-  rmdir $VMEDIA_MOUNT
-fi
-
-# resize /tmp
-if [[ $PARAMS =~ suse.tmpsize=([^ ]+) ]]; then
-  echo "Resizing /tmp to ${BASH_REMATCH[1]}..."
-  mount -o remount,size=${BASH_REMATCH[1]} /tmp
-fi
-# deploy authorized sshkey from kernel command line
-if [[ $PARAMS =~ sshkey=\"([^\"]+)\" ]]; then
-  echo "Adding authorized SSH key..."
-  (umask 077 ; mkdir -p /root/.ssh)
-  echo "${BASH_REMATCH[1]}" >> /root/.ssh/authorized_keys
-fi
-# Inject certs
-if [[ $PARAMS =~ tls.enabled=(true|True) ]]; then
-  cp /etc/ironic-python-agent.d/ca-certs/* /etc/pki/trust/anchors/
-  cp /etc/ironic-python-agent.d/ca-certs/* /usr/share/pki/trust/anchors/
-  update-ca-certificates
-fi
-# autologin root on given console (default tty1) if suse.autologin or coreos.autologin is enabled
-if [[ $PARAMS =~ (suse|coreos)\.autologin=?([^ ]*) ]]; then
-  tty="${BASH_REMATCH[2]:-tty1}"
-  echo "Enabling autologin on $tty..."
-  systemctl stop getty@$tty
-  systemctl disable getty@$tty
-  systemctl start autologin@$tty
-fi
-
-# Append to /etc/hosts
-# hosts.append=1.2.3.4_foo,4.5.6.7_foo2
-if [[ $PARAMS =~ hosts.append=([^ ]+) ]]; then
-  HOSTS=${BASH_REMATCH[1]}
-  echo "Appending to hosts ${HOSTS}..."
-  for h in ${HOSTS/,/ }; do
-    echo "${h/_/ }" >> /etc/hosts
-  done
-  cat /etc/hosts
-fi

ironic-ipa-ramdisk/root/usr/local/bin/suse-network-setup.sh

@@ -1,24 +0,0 @@
-#!/bin/bash
-
-set -eux
-
-# Inspired by/based on glean-early.sh
-# https://opendev.org/opendev/glean/src/branch/master/glean/init/glean-early.sh
-
-# NOTE(TheJulia): We care about iso images, and would expect lower case as a
-# result. In the case of VFAT partitions, they would be upper case.
-
-PATH=/bin:/usr/bin:/sbin:/usr/sbin
-NETWORK_DATA_FILE="/mnt/ipa/openstack/latest/network_data.json"
-
-
-if [ ! -f "${NETWORK_DATA_FILE}" ]; then
-	echo "No network_data.json found, skipping network configuration"
-	exit 1
-fi
-
-mkdir -p /tmp/nmc/{desired,generated}
-cp ${NETWORK_DATA_FILE} /tmp/nmc/desired/_all.yaml
-
-nmc generate --config-dir /tmp/nmc/desired --output-dir /tmp/nmc/generated
-nmc apply --config-dir /tmp/nmc/generated

ironic-ipa-ramdisk/root/usr/local/bin/suse-test-config-2.sh

@@ -1,23 +0,0 @@
-#!/bin/bash
-
-set -eux
-
-PATH=/bin:/usr/bin:/sbin:/usr/sbin
-
-# Transform the ID from the drive being considered to lower case
-device_publisher_id=$(echo ${ID_FS_PUBLISHER_ID} | tr '[A-Z]' '[a-z]')
-
-# Retrieve the publisher ID from the command line and convert to lower case
-cmdline_publisher_id=""
-if grep -q "ir_pub_id" /proc/cmdline; then
-    cmdline_publisher_id=$(cat /proc/cmdline | sed -e 's/^.*ir_pub_id=//' -e 's/ .*$//')
-fi
-
-# Is this the filesystem we are looking for?
-if [[ "${cmdline_publisher_id}" == "${device_publisher_id}" ]]; then
-	# It is the device we are looking for, return success
-	exit 0
-else
-	# Not a match, return failure
-	exit 1
-fi

kiwi-builder-image/Dockerfile

@@ -1,21 +1,20 @@
-#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.12.0-%RELEASE%
-#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.12.0
+#!BuildTag: %%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.1-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.1
 
-# Base image version, should match the tag above
 ARG KIWIVERSION="10.2.12"
 FROM registry.suse.com/bci/kiwi:${KIWIVERSION}
 ARG KIWIVERSION
 
 # Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.kiwi
+# labelprefix=com.suse.application.akri
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Kiwi Builder Container Image"
 LABEL org.opencontainers.image.description="kiwi-builder based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="${KIWIVERSION}"
+LABEL org.opencontainers.image.version="%%kiwi_version%%"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:${KIWIVERSION}.0-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.1-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -24,6 +23,9 @@ LABEL com.suse.image-type="application"
 LABEL com.suse.release-stage="released"
 # endlabelprefix
 
+# help the build service understand the need for python3-kiwi
+RUN zypper -n install -d -D python3-kiwi; [ "%%kiwi_version%%" = "${KIWIVERSION}" ] || { echo "expected kiwi version ${KIWIVERSION}: version mismatch"; exit 1; }
+
 # Copy build script into image and make it executable
 ADD build-image.sh /usr/bin/build-image
 RUN chmod a+x /usr/bin/build-image
@@ -33,4 +35,3 @@ RUN mkdir -p /micro-sdk/defs
 ADD SL-Micro.kiwi /micro-sdk/defs
 ADD SL-Micro.kiwi.4096 /micro-sdk/defs
 ADD config.sh /micro-sdk/defs
-ADD editbootinstall_rpi.sh /micro-sdk/defs

kiwi-builder-image/README

@@ -2,13 +2,13 @@
 Kiwi SDK Image Instructions
 ###########################
 
-Please ensure that you're running this on a registered SUSE Linux Micro 6.1 system, and make sure that SELinux is disabled:
+Please ensure that you're running this on a registered SLE Micro 6.0 system, and make sure that SELinux is disabled:
 
 # setenforce 0
 
 Next, download the podman image:
 
-# podman pull %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0
+# podman pull %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1
 
 Make a local output directory (where the images will reside):
 
@@ -16,40 +16,40 @@ Make a local output directory (where the images will reside):
 
 Then, to build a standard "Base" image, run the following in podman:
 
-# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image
 
 To build a "Base" SelfInstall ISO, you can add additional flags, for example:
 
-# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image -p Base-SelfInstall
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image -p Base-SelfInstall
 
 Then, to build a standard "Default" image, run the following in podman:
 
-# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image -p Default
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image -p Default
 
 To build a "Default" SelfInstall ISO, you can add additional flags, for example:
 
-# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image -p Default-SelfInstall
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image -p Default-SelfInstall
 
 To build an image with a RealTime kernel, e.g. a RAW disk image ("Default"), use the following:
 
-# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image -p Base-RT
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image -p Base-RT
 
 To build an image that supports a large block/sectorsize (4096), use the "-b" flag, for example:
 
-# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image -p Default-SelfInstall -b
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image -p Default-SelfInstall -b
 
 # mkdir mydefs/
 # cp /path/to/SL-Micro.kiwi mydefs/
 # cp /path/to/config.sh mydefs/
-# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -v ./mydefs/:/micro-sdk/defs/ -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -v ./mydefs/:/micro-sdk/defs/ -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image
 
 All output will be in the local $(pwd)/output directory, for example:
 
 # ls -1 output/
-SL-Micro.x86_64-6.1.changes
-SL-Micro.x86_64-6.1.packages
-SL-Micro.x86_64-6.1.raw
-SL-Micro.x86_64-6.1.verified
+SL-Micro.x86_64-6.0.changes
+SL-Micro.x86_64-6.0.packages
+SL-Micro.x86_64-6.0.raw
+SL-Micro.x86_64-6.0.verified
 build
 kiwi.result
 kiwi.result.json

kiwi-builder-image/SL-Micro.kiwi

@@ -30,21 +30,9 @@
         <profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
             <requires profile="bootloader"/>
         </profile>
-        <profile name="aarch64" description="Raw disk for aarch64 - uEFI" arch="aarch64">
-            <requires profile="bootloader"/>
-        </profile>
         <profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
             <requires profile="bootloader"/>
         </profile>
-        <profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
-            <requires profile="bootloader"/>
-        </profile>
-        <profile name="aarch64-rt-rpi" description="Raw disk for aarch64 with RT kernel on Raspberry Pi" arch="aarch64">
-            <requires profile="bootloader"/>
-        </profile>
-        <profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
-            <requires profile="bootloader"/>
-        </profile>
         <profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
             <requires profile="bootloader"/>
         </profile>
@@ -75,21 +63,6 @@
         <profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
             <requires profile="bootloader"/>
         </profile>
-        <profile name="s390-fcp" description="Raw disk for s390 - SCSI" arch="s390x">
-            <requires profile="bootloader"/>
-        </profile>
-        <profile name="ppc64le-512ss" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
-            <requires profile="bootloader"/>
-        </profile>
-        <profile name="ppc64le-4096ss" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
-            <requires profile="bootloader"/>
-        </profile>
-        <profile name="ppc64le-512ss-self_install" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
-            <requires profile="bootloader"/>
-        </profile>
-        <profile name="ppc64le-4096ss-self_install" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
-            <requires profile="bootloader"/>
-        </profile>
         <!-- Images (flavor + platform) -->
         <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
             <requires profile="full"/>
@@ -151,18 +124,10 @@
             <requires profile="self_install"/>
         </profile>
         <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
-            <requires profile="full"/>
-            <requires profile="aarch64"/>
-        </profile>
-        <profile name="Default-RPi" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
             <requires profile="full"/>
             <requires profile="rpi"/>
         </profile>
         <profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
-            <requires profile="container-host"/>
-            <requires profile="aarch64"/>
-        </profile>
-        <profile name="Base-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
             <requires profile="container-host"/>
             <requires profile="rpi"/>
         </profile>
@@ -175,19 +140,6 @@
             <requires profile="x86-rt-self_install"/>
             <requires profile="self_install"/>
         </profile>
-        <profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
-            <requires profile="container-host"/>
-            <requires profile="aarch64-rt"/>
-        </profile>
-        <profile name="Base-RT-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
-            <requires profile="container-host"/>
-            <requires profile="aarch64-rt-rpi"/>
-        </profile>
-        <profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
-            <requires profile="container-host"/>
-            <requires profile="aarch64-rt-self_install"/>
-            <requires profile="self_install"/>
-        </profile>
         <profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
             <requires profile="full"/>
             <requires profile="s390-kvm"/>
@@ -212,14 +164,6 @@
             <requires profile="container-host"/>
             <requires profile="s390-fba"/>
         </profile>
-        <profile name="Default-fcp" description="SL Micro with Podman and KVM as raw image for zFCP on System z" arch="s390x">
-            <requires profile="full"/>
-            <requires profile="s390-fcp"/>
-        </profile>
-        <profile name="Base-fcp" description="SL Micro with Podman as raw image for zFCP on System z" arch="s390x">
-            <requires profile="container-host"/>
-            <requires profile="s390-fcp"/>
-        </profile>
         <profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
             <requires profile="full"/>
             <requires profile="x86-legacy"/>
@@ -240,47 +184,10 @@
 	    <requires profile="container-host"/>
 	    <requires profile="aarch64-qcow"/>
         </profile>
-
-	<profile name="Base-512" description="SL Micro with Podman as raw image for ppc64le with 512b sector size" arch="ppc64le">
-            <requires profile="container-host"/>
-            <requires profile="ppc64le-512ss"/>
-        </profile>
-	<profile name="Base-4096" description="SL Micro with Podman as raw image for ppc64le with 4096b sector size" arch="ppc64le">
-            <requires profile="container-host"/>
-            <requires profile="ppc64le-4096ss"/>
-        </profile>
-	<profile name="Base-512-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
-            <requires profile="container-host"/>
-            <requires profile="ppc64le-512ss-self_install"/>
-            <requires profile="self_install"/>
-        </profile>
-	<profile name="Base-4096-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
-            <requires profile="container-host"/>
-            <requires profile="ppc64le-4096ss-self_install"/>
-            <requires profile="self_install"/>
-        </profile>
-	<profile name="Default-512" description="SL Micro with Podman and KVM as raw image for ppc64le with 512b sector size" arch="ppc64le">
-            <requires profile="full"/>
-            <requires profile="ppc64le-512ss"/>
-        </profile>
-	<profile name="Default-4096" description="SL Micro with Podman and KVM as raw image for ppc64le with 4096b sector size" arch="ppc64le">
-            <requires profile="full"/>
-            <requires profile="ppc64le-4096ss"/>
-        </profile>
-	<profile name="Default-512-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
-            <requires profile="full"/>
-            <requires profile="ppc64le-512ss-self_install"/>
-            <requires profile="self_install"/>
-        </profile>
-	<profile name="Default-4096-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
-            <requires profile="full"/>
-            <requires profile="ppc64le-4096ss-self_install"/>
-            <requires profile="self_install"/>
-        </profile>
     </profiles>
 
     <preferences profiles="x86-encrypted,x86-rt-encrypted">
-        <version>6.1</version>
+        <version>6.0</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -291,7 +198,7 @@
             initrd_system="dracut"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -304,7 +211,7 @@
 	    luks_pbkdf="pbkdf2"
         >
             <luksformat>
-                <option name="--cipher" value="aes-xts-plain64"/>
+                <option name="--cipher" value="aes"/>
             </luksformat>
             <bootloader name="grub2" console="gfxterm" use_disk_password="true" />
             <systemdisk>
@@ -323,7 +230,7 @@
         </type>
     </preferences>
     <preferences profiles="x86,x86-rt">
-        <version>6.1</version>
+        <version>6.0</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -334,7 +241,7 @@
             initrd_system="dracut"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -359,7 +266,7 @@
     </preferences>
 
     <preferences profiles="x86-self_install,x86-rt-self_install">
-        <version>6.1</version>
+        <version>6.0</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -369,12 +276,11 @@
             image="oem"
             initrd_system="dracut"
             installiso="true"
-            installpxe="true"
             filesystem="btrfs"
             installboot="install"
             install_continue_on_timeout="false"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -398,8 +304,8 @@
         </type>
     </preferences>
 
-    <preferences profiles="rpi,aarch64-rt-rpi">
-        <version>6.1</version>
+    <preferences profiles="rpi">
+        <version>6.0</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -414,11 +320,11 @@
             install_continue_on_timeout="false"
             fsmountoptions="noatime"
             firmware="uefi"
-            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
+            kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
             bootpartition="false"
             devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
-            efipartsize="128"
+            efipartsize="128"     
             editbootinstall="editbootinstall_rpi.sh"
             btrfs_root_is_readonly_snapshot="true"
             btrfs_quota_groups="false"
@@ -438,9 +344,8 @@
             </systemdisk>
         </type>
     </preferences>
-
-    <preferences profiles="aarch64,aarch64-rt">
-        <version>6.1</version>
+    <preferences profiles="aarch64-self_install">
+        <version>6.0</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -453,49 +358,9 @@
             filesystem="btrfs"
             installboot="install"
             install_continue_on_timeout="false"
-            fsmountoptions="noatime"
             firmware="uefi"
-            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
-            bootpartition="false"
-            devicepersistency="by-uuid"
-            btrfs_root_is_snapshot="true"
-            efipartsize="128"
-            btrfs_root_is_readonly_snapshot="true"
-            btrfs_quota_groups="false"
-            disk_start_sector="4096"
-        >
-            <bootloader name="grub2" console="gfxterm" timeout="3" />
-            <systemdisk>
-                <volume name="home"/>
-                <volume name="root"/>
-                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
-                <volume name="opt"/>
-                <volume name="srv"/>
-                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
-                <volume name="boot/writable"/>
-                <volume name="usr/local"/>
-                <volume name="var" copy_on_write="false"/>
-            </systemdisk>
-        </type>
-    </preferences>
-    <preferences profiles="aarch64-self_install,aarch64-rt-self_install">
-        <version>6.1</version>
-        <packagemanager>zypper</packagemanager>
-        <bootsplash-theme>SLE</bootsplash-theme>
-        <bootloader-theme>SLE</bootloader-theme>
-        <rpm-excludedocs>true</rpm-excludedocs>
-        <locale>en_US</locale>
-        <type
-            image="oem"
-            initrd_system="dracut"
-            installiso="true"
-            installpxe="true"
-            filesystem="btrfs"
-            installboot="install"
-            install_continue_on_timeout="false"
-            firmware="uefi"
-            efipartsize="128"
-            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
+            efipartsize="128"     
+	    kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -520,22 +385,22 @@
     </preferences>
 
     <preferences profiles="s390-kvm">
-        <version>6.1</version>
+        <version>6.0</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
         <rpm-excludedocs>true</rpm-excludedocs>
         <locale>en_US</locale>
-        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
+
         <type
             image="oem"
             filesystem="btrfs"
             bootpartition="true"
             bootpartsize="300"
-            bootfilesystem="ext4"
+            bootfilesystem="ext2"
         initrd_system="dracut"
         format="qcow2"
-            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
+            kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
         devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
             btrfs_root_is_readonly_snapshot="true"
@@ -558,7 +423,7 @@
 
 
     <preferences profiles="s390-dasd">
-        <version>6.1</version>
+        <version>6.0</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -569,9 +434,9 @@
           filesystem="btrfs"
           bootpartition="true"
           bootpartsize="300"
-          bootfilesystem="ext4"
+          bootfilesystem="ext2"
           initrd_system="dracut"
-          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
           devicepersistency="by-uuid"
           target_blocksize="4096"
           btrfs_root_is_snapshot="true"
@@ -596,7 +461,7 @@
 
 
     <preferences profiles="s390-fba">
-        <version>6.1</version>
+        <version>6.0</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -607,9 +472,9 @@
           filesystem="btrfs"
           bootpartition="true"
           bootpartsize="300"
-          bootfilesystem="ext4"
+          bootfilesystem="ext2"
           initrd_system="dracut"
-          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
           devicepersistency="by-uuid"
           btrfs_root_is_snapshot="true"
           btrfs_root_is_readonly_snapshot="true"
@@ -630,47 +495,9 @@
         </type>
     </preferences>
 
-    <preferences profiles="s390-fcp">
-        <version>6.1</version>
-        <packagemanager>zypper</packagemanager>
-        <bootsplash-theme>SLE</bootsplash-theme>
-        <bootloader-theme>SLE</bootloader-theme>
-        <rpm-excludedocs>true</rpm-excludedocs>
-        <locale>en_US</locale>
-        <type
-          image="oem"
-          filesystem="btrfs"
-          installpxe="true"
-          bootpartition="true"
-          bootpartsize="300"
-          bootfilesystem="ext4"
-          initrd_system="dracut"
-          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
-          devicepersistency="by-uuid"
-          btrfs_root_is_snapshot="true"
-          btrfs_root_is_readonly_snapshot="true"
-          btrfs_quota_groups="true"
-        >
-            <oemconfig>
-                <oem-multipath-scan>true</oem-multipath-scan>
-            </oemconfig>
-            <bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="SCSI"/>
-            <systemdisk>
-                <volume name="home"/>
-                <volume name="root"/>
-                <volume name="opt"/>
-                <volume name="srv"/>
-                <volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
-                <volume name="boot/writable"/>
-                <volume name="usr/local"/>
-                <volume name="var" copy_on_write="false"/>
-            </systemdisk>
-            <size unit="G">5</size>
-        </type>
-    </preferences>
 
     <preferences profiles="x86-vmware">
-        <version>6.1</version>
+        <version>6.0</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -705,7 +532,7 @@
         </type>
     </preferences>
     <preferences profiles="x86-qcow">
-        <version>6.1</version>
+        <version>6.0</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -716,7 +543,7 @@
             format="qcow2"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -740,9 +567,9 @@
             <size unit="G">32</size>
         </type>
     </preferences>
-
+ 
     <preferences profiles="aarch64-qcow">
-        <version>6.1</version>
+        <version>6.0</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -753,8 +580,8 @@
             format="qcow2"
             filesystem="btrfs"
             firmware="uefi"
-            efipartsize="128"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
+            efipartsize="128"     
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -765,7 +592,7 @@
             <systemdisk>
                 <volume name="home"/>
                 <volume name="root"/>
-                <volume name="opt"/>
+ 		<volume name="opt"/>
                 <volume name="srv"/>
                 <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
                 <volume name="boot/writable"/>
@@ -776,161 +603,6 @@
         </type>
     </preferences>
 
-    <preferences profiles="ppc64le-512ss">
-        <version>6.1</version>
-        <packagemanager>zypper</packagemanager>
-        <bootsplash-theme>SLE</bootsplash-theme>
-        <bootloader-theme>SLE</bootloader-theme>
-        <rpm-excludedocs>true</rpm-excludedocs>
-        <locale>en_US</locale>
-        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
-        <type
-            image="oem"
-            filesystem="btrfs"
-            firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
-            bootpartition="false"
-            bootkernel="custom"
-            devicepersistency="by-uuid"
-            btrfs_root_is_snapshot="true"
-            btrfs_root_is_readonly_snapshot="true"
-            btrfs_quota_groups="true"
-        >
-            <systemdisk>
-                <volume name="home"/>
-                <volume name="root"/>
-		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
-                <volume name="opt"/>
-                <volume name="srv"/>
-                <volume name="boot/grub2/powerpc-ieee1275"/>
-                <volume name="boot/writable"/>
-		<volume name="usr/local"/>
-		<volume name="var" copy_on_write="false"/>
-            </systemdisk>
-        </type>
-    </preferences>
-    <preferences profiles="ppc64le-4096ss">
-        <version>6.1</version>
-        <packagemanager>zypper</packagemanager>
-        <bootsplash-theme>SLE</bootsplash-theme>
-        <bootloader-theme>SLE</bootloader-theme>
-        <rpm-excludedocs>true</rpm-excludedocs>
-        <locale>en_US</locale>
-        <!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
-             disk_start_sector="256" -->
-        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
-        <type
-            image="oem"
-            target_blocksize="4096"
-            filesystem="btrfs"
-            firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
-            bootpartition="false"
-            bootkernel="custom"
-            devicepersistency="by-uuid"
-            btrfs_root_is_snapshot="true"
-            btrfs_root_is_readonly_snapshot="true"
-            btrfs_quota_groups="true"
-        >
-            <systemdisk>
-                <volume name="home"/>
-                <volume name="root"/>
-		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
-                <volume name="opt"/>
-                <volume name="srv"/>
-                <volume name="boot/grub2/powerpc-ieee1275"/>
-                <volume name="boot/writable"/>
-		<volume name="usr/local"/>
-		<volume name="var" copy_on_write="false"/>
-            </systemdisk>
-        </type>
-    </preferences>
-
-    <preferences profiles="ppc64le-512ss-self_install">
-        <version>6.1</version>
-        <packagemanager>zypper</packagemanager>
-        <bootsplash-theme>SLE</bootsplash-theme>
-        <bootloader-theme>SLE</bootloader-theme>
-        <rpm-excludedocs>true</rpm-excludedocs>
-        <locale>en_US</locale>
-        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
-        <type
-            image="oem"
-            installiso="true"
-            installpxe="true"
-            filesystem="btrfs"
-            firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=metal"
-            bootpartition="false"
-            bootkernel="custom"
-            devicepersistency="by-uuid"
-            btrfs_root_is_snapshot="true"
-            btrfs_root_is_readonly_snapshot="true"
-            btrfs_quota_groups="true"
-        >
-            <installmedia>
-                <initrd action="omit">
-                    <dracut module="drm"/>
-                </initrd>
-            </installmedia>
-            <systemdisk>
-                <volume name="home"/>
-                <volume name="root"/>
-		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
-                <volume name="opt"/>
-                <volume name="srv"/>
-                <volume name="boot/grub2/powerpc-ieee1275"/>
-                <volume name="boot/writable"/>
-		<volume name="usr/local"/>
-		<volume name="var" copy_on_write="false"/>
-            </systemdisk>
-        </type>
-    </preferences>
-    <preferences profiles="ppc64le-4096ss-self_install">
-        <version>6.1</version>
-        <packagemanager>zypper</packagemanager>
-        <bootsplash-theme>SLE</bootsplash-theme>
-        <bootloader-theme>SLE</bootloader-theme>
-        <rpm-excludedocs>true</rpm-excludedocs>
-        <locale>en_US</locale>
-        <!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
-             disk_start_sector="256" -->
-        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
-        <type
-            image="oem"
-            installiso="true"
-            installpxe="true"
-            target_blocksize="4096"
-            filesystem="btrfs"
-            firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
-            bootpartition="false"
-            bootkernel="custom"
-            devicepersistency="by-uuid"
-            btrfs_root_is_snapshot="true"
-            btrfs_root_is_readonly_snapshot="true"
-            btrfs_quota_groups="true"
-        >
-            <installmedia>
-                <initrd action="omit">
-                    <dracut module="drm"/>
-                </initrd>
-            </installmedia>
-            <systemdisk>
-                <volume name="home"/>
-                <volume name="root"/>
-		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
-                <volume name="opt"/>
-                <volume name="srv"/>
-                <volume name="boot/grub2/powerpc-ieee1275"/>
-                <volume name="boot/writable"/>
-		<volume name="usr/local"/>
-		<volume name="var" copy_on_write="false"/>
-            </systemdisk>
-        </type>
-    </preferences>
-
-
    <repository type="rpm-md" >
         <source path='obsrepositories:/'/>
     </repository>
@@ -944,12 +616,11 @@
 	<package name="patterns-base-kvm_host"/>
 	<package name="lzop"/>
         <namedCollection name="container_runtime_podman"/>
-        <package name="patterns-container-runtime_podman"/>
+        <package name="patterns-container-runtime_podman"/> 
         <namedCollection name="cockpit"/>
         <package name="patterns-base-cockpit"/>
         <namedCollection name="selinux"/>
         <package name="patterns-base-selinux"/>
-        <package name="policycoreutils-python-utils"/>
         <package name="suseconnect-ng"/>
         <package name="SL-Micro-release"/>
         <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -957,6 +628,7 @@
         <package name="firewalld"/>
         <package name="wpa_supplicant" arch="x86_64,aarch64"/>
 	<package name="libpwquality-tools"/>
+        <!-- <package name="k3s-install"/> -->
     </packages>
 
     <packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
@@ -975,10 +647,11 @@
         <namedCollection name="base_transactional"/>
         <package name="patterns-base-transactional"/>
         <namedCollection name="container_runtime_podman"/>
-        <package name="patterns-container-runtime_podman"/>
+        <package name="patterns-container-runtime_podman"/> 
+        <namedCollection name="cockpit"/>
+        <package name="patterns-base-cockpit"/>
         <namedCollection name="selinux"/>
         <package name="patterns-base-selinux"/>
-        <package name="policycoreutils-python-utils"/>
         <package name="suseconnect-ng"/>
         <package name="SL-Micro-release"/>
         <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -1030,7 +703,7 @@
         <package name="NetworkManager"/>
         <package name="NetworkManager-branding-SLE"/>
 	<package name="ModemManager"/>
-	<!-- FIXME does not build without control file which is obsolete
+	<!-- FIXME does not build without control file which is obsolete 
 	<package name="live-add-yast-repos"/> -->
 	<package name="parted"/> <!-- seems missing to deploy the image -->
     </packages>
@@ -1040,8 +713,7 @@
         <package name="grub2-x86_64-efi" arch="x86_64"/>
         <package name="grub2-arm64-efi" arch="aarch64"/>
         <package name="grub2-s390x-emu" arch="s390x"/>
-        <package name="grub2-powerpc-ieee1275" arch="ppc64le"/>
-        <package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64,ppc64le"/>
+        <package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
         <package name="grub2-snapper-plugin"/>
         <package name="shim" arch="x86_64,aarch64"/>
 	<package name="mokutil" arch="x86_64,aarch64"/>
@@ -1049,46 +721,46 @@
 	    <package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
     </packages>
     <!-- rpi kernel-default-base does not provide all necessary drivers -->
-    <packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
+    <packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
         <package name="kernel-default"/>
         <package name="kernel-firmware-all"/>
     </packages>
-    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
+    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
         <package name="kernel-rt"/>
-        <package name="kernel-firmware-all"/>
-	<!-- FIXME intentionally removed from ALP code stream
-        <package name="cpuset"/> -->
+	<package name="kernel-firmware-all"/>
+	<!-- FIXME intentionally removed from ALP code stream 
+	<package name="cpuset"/> -->
     </packages>
-    <packages type="image" profiles="s390-kvm,s390-dasd,s390-fba,s390-fcp">
-        <package name="dracut-kiwi-oem-dump"/>
+    <!-- makes the image build, but also include kernel-default
+    <packages type="image" profiles="x86-rt-encrypted">
+        <package name="kernel-default-extra"/>
+    </packages> -->
+    <packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
         <package name="dracut-kiwi-oem-repart"/>
         <package name="blog"/>
     </packages>
-    <!-- FCP is usually used multipathed. -->
-    <packages type="image" profiles="s390-fcp">
-        <package name="multipath-tools"/>
-    </packages>
-    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
+    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
         <package name="dracut-kiwi-oem-repart"/>
         <package name="dracut-kiwi-oem-dump"/>
     </packages>
-    <packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
+    <packages type="image" profiles="rpi,aarch64-self_install">
         <package name="raspberrypi-firmware" arch="aarch64"/>
         <package name="raspberrypi-firmware-config" arch="aarch64"/>
         <package name="raspberrypi-firmware-dt" arch="aarch64"/>
         <package name="u-boot-rpiarm64" arch="aarch64"/>
-    </packages>
-    <packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
         <package name="dracut-kiwi-oem-repart"/>
         <package name="bcm43xx-firmware"/>
+        <package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
         <package name="wireless-regdb"/>
         <package name="wireless-tools"/>
         <package name="wpa_supplicant"/>
         <package name="grub2-arm64-efi"/>
+        <!-- kernel-default-base does not have all required drivers -->
+        <package name="kernel-default"/>
     </packages>
     <packages type="bootstrap">
-        <package name="filesystem"/>
         <package name="coreutils"/>
+        <package name="filesystem"/>
         <package name="ca-certificates"/>
         <package name="ca-certificates-mozilla"/>
     </packages>
@@ -1102,14 +774,4 @@
     <packages type="image" profiles="x86-qcow,aarch64-qcow">
         <package name="qemu-guest-agent"/>
     </packages>
-
-    <!-- jsc#PED-8599 -->
-    <packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096">
-        <package name="usbguard"/>
-    </packages>
-
-    <!-- jsc#PED-8788 -->
-    <packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-self_install">
-        <package name="stalld"/>
-    </packages>
 </image>

kiwi-builder-image/SL-Micro.kiwi.4096

@@ -30,21 +30,9 @@
         <profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
             <requires profile="bootloader"/>
         </profile>
-        <profile name="aarch64" description="Raw disk for aarch64 - uEFI" arch="aarch64">
-            <requires profile="bootloader"/>
-        </profile>
         <profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
             <requires profile="bootloader"/>
         </profile>
-        <profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
-            <requires profile="bootloader"/>
-        </profile>
-        <profile name="aarch64-rt-rpi" description="Raw disk for aarch64 with RT kernel on Raspberry Pi" arch="aarch64">
-            <requires profile="bootloader"/>
-        </profile>
-        <profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
-            <requires profile="bootloader"/>
-        </profile>
         <profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
             <requires profile="bootloader"/>
         </profile>
@@ -75,21 +63,6 @@
         <profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
             <requires profile="bootloader"/>
         </profile>
-        <profile name="s390-fcp" description="Raw disk for s390 - SCSI" arch="s390x">
-            <requires profile="bootloader"/>
-        </profile>
-        <profile name="ppc64le-512ss" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
-            <requires profile="bootloader"/>
-        </profile>
-        <profile name="ppc64le-4096ss" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
-            <requires profile="bootloader"/>
-        </profile>
-        <profile name="ppc64le-512ss-self_install" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
-            <requires profile="bootloader"/>
-        </profile>
-        <profile name="ppc64le-4096ss-self_install" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
-            <requires profile="bootloader"/>
-        </profile>
         <!-- Images (flavor + platform) -->
         <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
             <requires profile="full"/>
@@ -151,18 +124,10 @@
             <requires profile="self_install"/>
         </profile>
         <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
-            <requires profile="full"/>
-            <requires profile="aarch64"/>
-        </profile>
-        <profile name="Default-RPi" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
             <requires profile="full"/>
             <requires profile="rpi"/>
         </profile>
         <profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
-            <requires profile="container-host"/>
-            <requires profile="aarch64"/>
-        </profile>
-        <profile name="Base-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
             <requires profile="container-host"/>
             <requires profile="rpi"/>
         </profile>
@@ -175,19 +140,6 @@
             <requires profile="x86-rt-self_install"/>
             <requires profile="self_install"/>
         </profile>
-        <profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
-            <requires profile="container-host"/>
-            <requires profile="aarch64-rt"/>
-        </profile>
-        <profile name="Base-RT-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
-            <requires profile="container-host"/>
-            <requires profile="aarch64-rt-rpi"/>
-        </profile>
-        <profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
-            <requires profile="container-host"/>
-            <requires profile="aarch64-rt-self_install"/>
-            <requires profile="self_install"/>
-        </profile>
         <profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
             <requires profile="full"/>
             <requires profile="s390-kvm"/>
@@ -212,14 +164,6 @@
             <requires profile="container-host"/>
             <requires profile="s390-fba"/>
         </profile>
-        <profile name="Default-fcp" description="SL Micro with Podman and KVM as raw image for zFCP on System z" arch="s390x">
-            <requires profile="full"/>
-            <requires profile="s390-fcp"/>
-        </profile>
-        <profile name="Base-fcp" description="SL Micro with Podman as raw image for zFCP on System z" arch="s390x">
-            <requires profile="container-host"/>
-            <requires profile="s390-fcp"/>
-        </profile>
         <profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
             <requires profile="full"/>
             <requires profile="x86-legacy"/>
@@ -240,47 +184,10 @@
 	    <requires profile="container-host"/>
 	    <requires profile="aarch64-qcow"/>
         </profile>
-
-	<profile name="Base-512" description="SL Micro with Podman as raw image for ppc64le with 512b sector size" arch="ppc64le">
-            <requires profile="container-host"/>
-            <requires profile="ppc64le-512ss"/>
-        </profile>
-	<profile name="Base-4096" description="SL Micro with Podman as raw image for ppc64le with 4096b sector size" arch="ppc64le">
-            <requires profile="container-host"/>
-            <requires profile="ppc64le-4096ss"/>
-        </profile>
-	<profile name="Base-512-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
-            <requires profile="container-host"/>
-            <requires profile="ppc64le-512ss-self_install"/>
-            <requires profile="self_install"/>
-        </profile>
-	<profile name="Base-4096-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
-            <requires profile="container-host"/>
-            <requires profile="ppc64le-4096ss-self_install"/>
-            <requires profile="self_install"/>
-        </profile>
-	<profile name="Default-512" description="SL Micro with Podman and KVM as raw image for ppc64le with 512b sector size" arch="ppc64le">
-            <requires profile="full"/>
-            <requires profile="ppc64le-512ss"/>
-        </profile>
-	<profile name="Default-4096" description="SL Micro with Podman and KVM as raw image for ppc64le with 4096b sector size" arch="ppc64le">
-            <requires profile="full"/>
-            <requires profile="ppc64le-4096ss"/>
-        </profile>
-	<profile name="Default-512-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
-            <requires profile="full"/>
-            <requires profile="ppc64le-512ss-self_install"/>
-            <requires profile="self_install"/>
-        </profile>
-	<profile name="Default-4096-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
-            <requires profile="full"/>
-            <requires profile="ppc64le-4096ss-self_install"/>
-            <requires profile="self_install"/>
-        </profile>
     </profiles>
 
     <preferences profiles="x86-encrypted,x86-rt-encrypted">
-        <version>6.1</version>
+        <version>6.0</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -291,7 +198,7 @@
             initrd_system="dracut"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -306,7 +213,7 @@
             efipartsize="200"
         >
             <luksformat>
-                <option name="--cipher" value="aes-xts-plain64"/>
+                <option name="--cipher" value="aes"/>
             </luksformat>
             <bootloader name="grub2" console="gfxterm" use_disk_password="true" />
             <systemdisk>
@@ -325,7 +232,7 @@
         </type>
     </preferences>
     <preferences profiles="x86,x86-rt">
-        <version>6.1</version>
+        <version>6.0</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -336,7 +243,7 @@
             initrd_system="dracut"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -363,7 +270,7 @@
     </preferences>
 
     <preferences profiles="x86-self_install,x86-rt-self_install">
-        <version>6.1</version>
+        <version>6.0</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -373,12 +280,11 @@
             image="oem"
             initrd_system="dracut"
             installiso="true"
-            installpxe="true"
             filesystem="btrfs"
             installboot="install"
             install_continue_on_timeout="false"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -404,8 +310,8 @@
         </type>
     </preferences>
 
-    <preferences profiles="rpi,aarch64-rt-rpi">
-        <version>6.1</version>
+    <preferences profiles="rpi">
+        <version>6.0</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -420,7 +326,7 @@
             install_continue_on_timeout="false"
             fsmountoptions="noatime"
             firmware="uefi"
-            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
+            kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
             bootpartition="false"
             devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
@@ -444,9 +350,8 @@
             </systemdisk>
         </type>
     </preferences>
-
-    <preferences profiles="aarch64,aarch64-rt">
-        <version>6.1</version>
+    <preferences profiles="aarch64-self_install">
+        <version>6.0</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -459,49 +364,9 @@
             filesystem="btrfs"
             installboot="install"
             install_continue_on_timeout="false"
-            fsmountoptions="noatime"
-            firmware="uefi"
-            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
-            bootpartition="false"
-            devicepersistency="by-uuid"
-            btrfs_root_is_snapshot="true"
-            efipartsize="128"
-            btrfs_root_is_readonly_snapshot="true"
-            btrfs_quota_groups="false"
-            disk_start_sector="4096"
-        >
-            <bootloader name="grub2" console="gfxterm" timeout="3" />
-            <systemdisk>
-                <volume name="home"/>
-                <volume name="root"/>
-                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
-                <volume name="opt"/>
-                <volume name="srv"/>
-                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
-                <volume name="boot/writable"/>
-                <volume name="usr/local"/>
-                <volume name="var" copy_on_write="false"/>
-            </systemdisk>
-        </type>
-    </preferences>
-    <preferences profiles="aarch64-self_install,aarch64-rt-self_install">
-        <version>6.1</version>
-        <packagemanager>zypper</packagemanager>
-        <bootsplash-theme>SLE</bootsplash-theme>
-        <bootloader-theme>SLE</bootloader-theme>
-        <rpm-excludedocs>true</rpm-excludedocs>
-        <locale>en_US</locale>
-        <type
-            image="oem"
-            initrd_system="dracut"
-            installiso="true"
-            installpxe="true"
-            filesystem="btrfs"
-            installboot="install"
-            install_continue_on_timeout="false"
             firmware="uefi"
             efipartsize="128"
-            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
+	    kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -526,22 +391,22 @@
     </preferences>
 
     <preferences profiles="s390-kvm">
-        <version>6.1</version>
+        <version>6.0</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
         <rpm-excludedocs>true</rpm-excludedocs>
         <locale>en_US</locale>
-        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
+
         <type
             image="oem"
             filesystem="btrfs"
             bootpartition="true"
             bootpartsize="300"
-            bootfilesystem="ext4"
+            bootfilesystem="ext2"
         initrd_system="dracut"
         format="qcow2"
-            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
+            kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
         devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
             btrfs_root_is_readonly_snapshot="true"
@@ -564,7 +429,7 @@
 
 
     <preferences profiles="s390-dasd">
-        <version>6.1</version>
+        <version>6.0</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -575,9 +440,9 @@
           filesystem="btrfs"
           bootpartition="true"
           bootpartsize="300"
-          bootfilesystem="ext4"
+          bootfilesystem="ext2"
           initrd_system="dracut"
-          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
           devicepersistency="by-uuid"
           target_blocksize="4096"
           btrfs_root_is_snapshot="true"
@@ -602,7 +467,7 @@
 
 
     <preferences profiles="s390-fba">
-        <version>6.1</version>
+        <version>6.0</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -613,9 +478,9 @@
           filesystem="btrfs"
           bootpartition="true"
           bootpartsize="300"
-          bootfilesystem="ext4"
+          bootfilesystem="ext2"
           initrd_system="dracut"
-          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
           devicepersistency="by-uuid"
           btrfs_root_is_snapshot="true"
           btrfs_root_is_readonly_snapshot="true"
@@ -636,47 +501,9 @@
         </type>
     </preferences>
 
-    <preferences profiles="s390-fcp">
-        <version>6.1</version>
-        <packagemanager>zypper</packagemanager>
-        <bootsplash-theme>SLE</bootsplash-theme>
-        <bootloader-theme>SLE</bootloader-theme>
-        <rpm-excludedocs>true</rpm-excludedocs>
-        <locale>en_US</locale>
-        <type
-          image="oem"
-          filesystem="btrfs"
-          installpxe="true"
-          bootpartition="true"
-          bootpartsize="300"
-          bootfilesystem="ext4"
-          initrd_system="dracut"
-          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
-          devicepersistency="by-uuid"
-          btrfs_root_is_snapshot="true"
-          btrfs_root_is_readonly_snapshot="true"
-          btrfs_quota_groups="true"
-        >
-            <oemconfig>
-                <oem-multipath-scan>true</oem-multipath-scan>
-            </oemconfig>
-            <bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="SCSI"/>
-            <systemdisk>
-                <volume name="home"/>
-                <volume name="root"/>
-                <volume name="opt"/>
-                <volume name="srv"/>
-                <volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
-                <volume name="boot/writable"/>
-                <volume name="usr/local"/>
-                <volume name="var" copy_on_write="false"/>
-            </systemdisk>
-            <size unit="G">5</size>
-        </type>
-    </preferences>
 
     <preferences profiles="x86-vmware">
-        <version>6.1</version>
+        <version>6.0</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -711,7 +538,7 @@
         </type>
     </preferences>
     <preferences profiles="x86-qcow">
-        <version>6.1</version>
+        <version>6.0</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -722,7 +549,7 @@
             format="qcow2"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -750,7 +577,7 @@
     </preferences>
 
     <preferences profiles="aarch64-qcow">
-        <version>6.1</version>
+        <version>6.0</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -762,7 +589,7 @@
             filesystem="btrfs"
             firmware="uefi"
             efipartsize="128"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -773,7 +600,7 @@
             <systemdisk>
                 <volume name="home"/>
                 <volume name="root"/>
-                <volume name="opt"/>
+ 		<volume name="opt"/>
                 <volume name="srv"/>
                 <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
                 <volume name="boot/writable"/>
@@ -784,161 +611,6 @@
         </type>
     </preferences>
 
-    <preferences profiles="ppc64le-512ss">
-        <version>6.1</version>
-        <packagemanager>zypper</packagemanager>
-        <bootsplash-theme>SLE</bootsplash-theme>
-        <bootloader-theme>SLE</bootloader-theme>
-        <rpm-excludedocs>true</rpm-excludedocs>
-        <locale>en_US</locale>
-        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
-        <type
-            image="oem"
-            filesystem="btrfs"
-            firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
-            bootpartition="false"
-            bootkernel="custom"
-            devicepersistency="by-uuid"
-            btrfs_root_is_snapshot="true"
-            btrfs_root_is_readonly_snapshot="true"
-            btrfs_quota_groups="true"
-        >
-            <systemdisk>
-                <volume name="home"/>
-                <volume name="root"/>
-		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
-                <volume name="opt"/>
-                <volume name="srv"/>
-                <volume name="boot/grub2/powerpc-ieee1275"/>
-                <volume name="boot/writable"/>
-		<volume name="usr/local"/>
-		<volume name="var" copy_on_write="false"/>
-            </systemdisk>
-        </type>
-    </preferences>
-    <preferences profiles="ppc64le-4096ss">
-        <version>6.1</version>
-        <packagemanager>zypper</packagemanager>
-        <bootsplash-theme>SLE</bootsplash-theme>
-        <bootloader-theme>SLE</bootloader-theme>
-        <rpm-excludedocs>true</rpm-excludedocs>
-        <locale>en_US</locale>
-        <!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
-             disk_start_sector="256" -->
-        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
-        <type
-            image="oem"
-            target_blocksize="4096"
-            filesystem="btrfs"
-            firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
-            bootpartition="false"
-            bootkernel="custom"
-            devicepersistency="by-uuid"
-            btrfs_root_is_snapshot="true"
-            btrfs_root_is_readonly_snapshot="true"
-            btrfs_quota_groups="true"
-        >
-            <systemdisk>
-                <volume name="home"/>
-                <volume name="root"/>
-		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
-                <volume name="opt"/>
-                <volume name="srv"/>
-                <volume name="boot/grub2/powerpc-ieee1275"/>
-                <volume name="boot/writable"/>
-		<volume name="usr/local"/>
-		<volume name="var" copy_on_write="false"/>
-            </systemdisk>
-        </type>
-    </preferences>
-
-    <preferences profiles="ppc64le-512ss-self_install">
-        <version>6.1</version>
-        <packagemanager>zypper</packagemanager>
-        <bootsplash-theme>SLE</bootsplash-theme>
-        <bootloader-theme>SLE</bootloader-theme>
-        <rpm-excludedocs>true</rpm-excludedocs>
-        <locale>en_US</locale>
-        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
-        <type
-            image="oem"
-            installiso="true"
-            installpxe="true"
-            filesystem="btrfs"
-            firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=metal"
-            bootpartition="false"
-            bootkernel="custom"
-            devicepersistency="by-uuid"
-            btrfs_root_is_snapshot="true"
-            btrfs_root_is_readonly_snapshot="true"
-            btrfs_quota_groups="true"
-        >
-            <installmedia>
-                <initrd action="omit">
-                    <dracut module="drm"/>
-                </initrd>
-            </installmedia>
-            <systemdisk>
-                <volume name="home"/>
-                <volume name="root"/>
-		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
-                <volume name="opt"/>
-                <volume name="srv"/>
-                <volume name="boot/grub2/powerpc-ieee1275"/>
-                <volume name="boot/writable"/>
-		<volume name="usr/local"/>
-		<volume name="var" copy_on_write="false"/>
-            </systemdisk>
-        </type>
-    </preferences>
-    <preferences profiles="ppc64le-4096ss-self_install">
-        <version>6.1</version>
-        <packagemanager>zypper</packagemanager>
-        <bootsplash-theme>SLE</bootsplash-theme>
-        <bootloader-theme>SLE</bootloader-theme>
-        <rpm-excludedocs>true</rpm-excludedocs>
-        <locale>en_US</locale>
-        <!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
-             disk_start_sector="256" -->
-        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
-        <type
-            image="oem"
-            installiso="true"
-            installpxe="true"
-            target_blocksize="4096"
-            filesystem="btrfs"
-            firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
-            bootpartition="false"
-            bootkernel="custom"
-            devicepersistency="by-uuid"
-            btrfs_root_is_snapshot="true"
-            btrfs_root_is_readonly_snapshot="true"
-            btrfs_quota_groups="true"
-        >
-            <installmedia>
-                <initrd action="omit">
-                    <dracut module="drm"/>
-                </initrd>
-            </installmedia>
-            <systemdisk>
-                <volume name="home"/>
-                <volume name="root"/>
-		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
-                <volume name="opt"/>
-                <volume name="srv"/>
-                <volume name="boot/grub2/powerpc-ieee1275"/>
-                <volume name="boot/writable"/>
-		<volume name="usr/local"/>
-		<volume name="var" copy_on_write="false"/>
-            </systemdisk>
-        </type>
-    </preferences>
-
-
    <repository type="rpm-md" >
         <source path='obsrepositories:/'/>
     </repository>
@@ -957,7 +629,6 @@
         <package name="patterns-base-cockpit"/>
         <namedCollection name="selinux"/>
         <package name="patterns-base-selinux"/>
-        <package name="policycoreutils-python-utils"/>
         <package name="suseconnect-ng"/>
         <package name="SL-Micro-release"/>
         <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -984,9 +655,10 @@
         <package name="patterns-base-transactional"/>
         <namedCollection name="container_runtime_podman"/>
         <package name="patterns-container-runtime_podman"/>
+        <namedCollection name="cockpit"/>
+        <package name="patterns-base-cockpit"/>
         <namedCollection name="selinux"/>
         <package name="patterns-base-selinux"/>
-        <package name="policycoreutils-python-utils"/>
         <package name="suseconnect-ng"/>
         <package name="SL-Micro-release"/>
         <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -1048,8 +720,7 @@
         <package name="grub2-x86_64-efi" arch="x86_64"/>
         <package name="grub2-arm64-efi" arch="aarch64"/>
         <package name="grub2-s390x-emu" arch="s390x"/>
-        <package name="grub2-powerpc-ieee1275" arch="ppc64le"/>
-        <package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64,ppc64le"/>
+        <package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
         <package name="grub2-snapper-plugin"/>
         <package name="shim" arch="x86_64,aarch64"/>
 	<package name="mokutil" arch="x86_64,aarch64"/>
@@ -1057,46 +728,46 @@
 	    <package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
     </packages>
     <!-- rpi kernel-default-base does not provide all necessary drivers -->
-    <packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
+    <packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
         <package name="kernel-default"/>
         <package name="kernel-firmware-all"/>
     </packages>
-    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
+    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
         <package name="kernel-rt"/>
-        <package name="kernel-firmware-all"/>
+	<package name="kernel-firmware-all"/>
 	<!-- FIXME intentionally removed from ALP code stream
-        <package name="cpuset"/> -->
+	<package name="cpuset"/> -->
     </packages>
-    <packages type="image" profiles="s390-kvm,s390-dasd,s390-fba,s390-fcp">
-        <package name="dracut-kiwi-oem-dump"/>
+    <!-- makes the image build, but also include kernel-default
+    <packages type="image" profiles="x86-rt-encrypted">
+        <package name="kernel-default-extra"/>
+    </packages> -->
+    <packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
         <package name="dracut-kiwi-oem-repart"/>
         <package name="blog"/>
     </packages>
-    <!-- FCP is usually used multipathed. -->
-    <packages type="image" profiles="s390-fcp">
-        <package name="multipath-tools"/>
-    </packages>
-    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
+    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
         <package name="dracut-kiwi-oem-repart"/>
         <package name="dracut-kiwi-oem-dump"/>
     </packages>
-    <packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
+    <packages type="image" profiles="rpi,aarch64-self_install">
         <package name="raspberrypi-firmware" arch="aarch64"/>
         <package name="raspberrypi-firmware-config" arch="aarch64"/>
         <package name="raspberrypi-firmware-dt" arch="aarch64"/>
         <package name="u-boot-rpiarm64" arch="aarch64"/>
-    </packages>
-    <packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
         <package name="dracut-kiwi-oem-repart"/>
         <package name="bcm43xx-firmware"/>
+        <package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
         <package name="wireless-regdb"/>
         <package name="wireless-tools"/>
         <package name="wpa_supplicant"/>
         <package name="grub2-arm64-efi"/>
+        <!-- kernel-default-base does not have all required drivers -->
+        <package name="kernel-default"/>
     </packages>
     <packages type="bootstrap">
-        <package name="filesystem"/>
         <package name="coreutils"/>
+        <package name="filesystem"/>
         <package name="ca-certificates"/>
         <package name="ca-certificates-mozilla"/>
     </packages>
@@ -1110,14 +781,4 @@
     <packages type="image" profiles="x86-qcow,aarch64-qcow">
         <package name="qemu-guest-agent"/>
     </packages>
-
-    <!-- jsc#PED-8599 -->
-    <packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096">
-        <package name="usbguard"/>
-    </packages>
-
-    <!-- jsc#PED-8788 -->
-    <packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-self_install">
-        <package name="stalld"/>
-    </packages>
-</image>
+</image>

kiwi-builder-image/_service

@@ -1,9 +1,14 @@
 <services>
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
-  <service name="docker_label_helper" mode="buildtime"/>
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">README</param>
+    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
+    <param name="var">IMG_REPO</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
+  </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Dockerfile</param>
-    <param name="file">README</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
@@ -11,4 +16,14 @@
     <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
     <param name="var">SUPPORT_LEVEL</param>
   </service>
+  <service mode="buildtime" name="replace_using_package_version">
+    <param name="file">Dockerfile</param>
+    <param name="regex">%%kiwi_version%%</param>
+    <param name="package">python3-kiwi</param>
+  </service>
+  <service mode="buildtime" name="replace_using_package_version">
+    <param name="file">README</param>
+    <param name="regex">%%kiwi_version%%</param>
+    <param name="package">python3-kiwi</param>
+  </service>
 </services>

kiwi-builder-image/build-image.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -27,22 +27,19 @@ LARGEBLOCK=false
 # Print usage
 usage(){
   cat <<-EOF
-  =====================================
-  SUSE Linux Micro 6.1 Kiwi SDK Builder
-  =====================================
+  ==============================
+  SLE Micro 6.0 Kiwi SDK Builder
+  ==============================
 
   Usage: ${0} [-p <profile>] [-b]
 
   Profile Options (-p):
-  * Default: RAW Disk Image with default packages (incl. Podman & KVM)
-  * Default-SelfInstall: SelfInstall ISO with default packages
-  * Default-RPi: RAW Disk Image for Raspberry Pi (aarch64 only with MBR)
-  * Base: RAW Disk Image with reduced package set (no KVM)
-  * Base-SelfInstall: SelfInstall ISO with reduced packages
-  * Base-RT: RAW Disk Image with reduced packages and kernel-rt
-  * Base-RT-SelfInstall: SelfInstall ISO with reduced packages and kernel-rt
-  * Base-RT-RPi: RAW Disk image for Raspberry Pi with kernel-rt (aarch64 only with MBR)
-  * Base-RPi: RAW Disk Image for Raspberry Pi with reduced packages (aarch64 only with MBR)
+  * Base: RAW Disk Image with podman
+  * Base-SelfInstall: SelfInstall ISO with podman
+  * Default: RAW Disk Image with podman and kvm
+  * Default-SelfInstall: SelfInstall ISO with podman and kvm
+  * Base-RT: RAW Disk Image with kernel-rt
+  * Base-RT-SelfInstall: SelfInstall ISO with kernel-rt
 
   4096 Blocksize (-b): If specified, use a 4096 blocksize (rather than 512) when generating the image.
 

kiwi-builder-image/config.sh

@@ -35,6 +35,14 @@ mkdir /var/lib/misc/reconfig_system
 #--------------------------------------
 echo "Configure image: [$kiwi_iname]-[$kiwi_profiles]..."
 
+#======================================
+# This is a workaround - someone,
+# somewhere needs to load the xts crypto
+# module, otherwise luksOpen will fail while
+# creating the image.
+#--------------------------------------
+modprobe xts || true
+
 #======================================
 # add missing fonts
 #--------------------------------------
@@ -131,6 +139,9 @@ for i in /usr/lib/rpm/gnupg/keys/gpg-pubkey*asc; do
     rpm --import $i || true
 done
 
+# Temporary workaround for bsc#1212187
+echo "techpreview.ZYPP_MEDIANETWORK=1" >> /etc/zypp/zypp.conf
+
 #======================================
 # Enable kubelet if installed
 #--------------------------------------
@@ -159,18 +170,8 @@ if [ "${kiwi_btrfs_root_is_snapshot-false}" = 'true' ]; then
 	sed -i'' 's/^NUMBER_LIMIT_IMPORTANT=.*$/NUMBER_LIMIT_IMPORTANT="4-10"/g' /etc/snapper/configs/root
 fi
 
-# Enable multipathd for MP images
-if [ "${kiwi_oemmultipath_scan-false}" = 'true' ]; then
-        systemctl enable multipathd.service
-fi
-
-# On those s390 targets the console is not capable of running jeos-firstboot,
-# use systemd-firstboot as minimal alternative.
-if [[ "$kiwi_profiles" =~ s390-(dasd|fba|fcp) ]]; then
-	systemctl enable systemd-firstboot
-	# Enable prompting for the root password
-	echo 'root:!unprovisioned' | chpasswd -e
-elif rpm -q --whatprovides jeos-firstboot >/dev/null; then
+# Enable jeos-firstboot if installed, disabled by combustion/ignition
+if rpm -q --whatprovides jeos-firstboot >/dev/null; then
         mkdir -p /var/lib/YaST2
         touch /var/lib/YaST2/reconfig_system
         systemctl enable jeos-firstboot.service
@@ -280,7 +281,7 @@ if [[ "$kiwi_profiles" == *"RaspberryPi"* ]]; then
 		options smsc95xx turbo_mode=N
 	EOF
 
-	cat > /etc/sysctl.d/50-rpi3.conf <<-EOF
+	cat > /usr/lib/sysctl.d/50-rpi3.conf <<-EOF
 		# Avoid running out of DMA pages for smsc95xx (bsc#1012449)
 		vm.min_free_kbytes = 2048
 	EOF

kiwi-builder-image/editbootinstall_rpi.sh

@@ -1,47 +0,0 @@
-#!/bin/bash
-set -euxo pipefail
-
-diskname=$1
-devname="$2"
-
-loopname="${devname%*p?}"
-loopdev=/dev/${loopname#/dev/*}
-
-if [ ! -f $loopdev ]; then loopdev=/dev/${loopdev#/dev/mapper/}; fi
-
-#==========================================
-# copy Raspberry Pi firmware to EFI partition
-#------------------------------------------
-echo "RPi EFI system, installing firmware on ESP"
-mkdir -p ./mnt-pi
-mount ${loopname}p1 ./mnt-pi
-( cd boot/vc; tar c . ) | ( cd ./mnt-pi/; tar x )
-umount ./mnt-pi
-rmdir ./mnt-pi
-
-#==========================================
-# Change partition label type to MBR
-#------------------------------------------
-#
-# The target system doesn't support GPT, so let's move it to
-# MBR partition layout instead.
-#
-# Also make sure to set the ESP partition to type 0xc so that
-# broken firmware (Rpi) detects it as FAT.
-#
-# Use tabs, "<<-" strips tabs, but no other whitespace!
-cat > gdisk.tmp <<-'EOF'
-		x
-		r
-		g
-		t
-		1
-		c
-		w
-		y
-	EOF
-dd if=$loopdev of=mbrid.bin bs=1 skip=440 count=4
-gdisk $loopdev < gdisk.tmp
-dd of=$loopdev if=mbrid.bin bs=1 seek=440 count=4
-rm -f mbrid.bin
-rm -f gdisk.tmp

kubectl-image/Dockerfile

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4
-#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.30.3
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.30.3-%RELEASE%
 #!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -16,11 +16,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE kubectl image"
 LABEL org.opencontainers.image.description="kubectl on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="1.32.4"
+LABEL org.opencontainers.image.version="1.30.3"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.30.3-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

kubectl/kubectl.spec

@@ -1,7 +1,7 @@
 %global debug_package %{nil}
 
 Name: kubectl
-Version: 1.32.4
+Version: 1.30.3
 Release: 0
 Summary: Command-line utility for interacting with a Kubernetes cluster
 
@@ -12,7 +12,7 @@ Group: admin
 Packager: Kubernetes Authors <dev@kubernetes.io>
 License: Apache-2.0
 URL: https://kubernetes.io
-Source0: %{name}_%{version}.orig.tar.gz
+Source0: kubectl_%{version}.orig.tar.gz
 
 %description
 %{summary}.